Accessing hardware devices like files

An important role of the operating system is to allow the user applications to access hardware resources. It has to allow the user programs to use hardware while also ensuring that the applications have permissions to access it and don’t misuse them.

To simplify access to hardware, Unix, by design, exposes most of the hardware devices to userspace as device files, usually present under /dev directory. Applications can then access the hardware by invoking system calls like read or write on the device files associated with that device.

debugfs

debugfs is a pseudo-filesystem used for kernel debugging. It is usually mounted at /sys/kernel/debug. debugfs contains files that allow us to read debugging information.

By default, only the root user can cd into the /sys/kernel/debug directory.

To change it to allow the current user to cd into debugfs, we can remount it with uid set to the current user’s uid.

sudo umount /sys/kernel/debug
sudo mount -t debugfs none /sys/kernel/debug -o uid=`echo $UID`
cd /sys/kernel/debug

Creating debugfs entries

Creating debugfs files is similar to creating character device files. It is done by defining functions and storing pointers to these functions in a file_operations structure which is then passed to the kernel.

Character Devices, Major and Minor numbers

Based on granularity of access, there are two classes of devices:

1. Character devices are accessed as a stream of bytes. Eg: Keyboards
2. Block devices are accessed in blocks. For instance, hard disks transfer data in blocks of multiple bytes at a time.

The kernel uses major and minor numbers to identify the attached hardware devices. Major number usually tells us the type of device. Minor numbers are used to differentiate two or more devices with the same major number. Some minor numbers are reserved. The driver writer can choose to use a specific minor number for a device by reserving it, or allow the kernel to assign any free minor number. The meaning of major numbers and the list of reserved minor numbers can be found in Documentation/admin-guide/devices.txt.

Finding vulnerable dependencies

Safety-db is a database that keeps track of vulnerable python packages and version information. It is updated once a month. They also provide a tool called safety, that checks if the installed packages or packages in requirements.txt are identified as vulnerable using the safety-db.

• Install safety

  pip install safety
  

• Use safety to check all packages in the current virtual enviroment

  safety check
  

• Use safety to only check the dependencies listed in requirements.txt file

  safety check -r requirements.txt
  

Safety shows a list of python packages that have a known vulnerability.

In this post, I want to share what I learnt by doing task 5 of the Eudyptula challenge.

The Eudyptula Challenge is a set of 20 tasks designed to help people get started with Linux kernel development.

Task 5 of the challenge is to make a hello world kernel module get loaded automatically when a USB keyboard is plugged in.

Loadable kernel modules

Linux kernel allows us to load modules to the kernel while the kernel is running. Once loaded, the module’s code executes in kernel mode and can access all the kernel’s global symbols.