MODEST LKM
suite INSTALL & USE doc file.
1.
Requisites 2.
Compiling MODEST suite 2.1. Modify kernel source code
2.2. Compile & install new kernel image.
2.3. Compile module (kmodest)
2.4. Compile user space control utility (umodest)
2.5. Compile process tester (fakeproc)
2.6. Creating device file
2.7. Cleaning up sources & binaries.
3.
Installing MODEST suite 3.1. Install device driver (kmodest)
3.2. Autoload at start up.
3.3. Install user space utils.
3.4. Install manpages.
4.
Using MODEST suite 4.1. Gathering fd[] array for a given process
4.2. Remapping all sys_write() I/O calls to another fd.
4.3. Writting all sys_write() I/O syscalls on another fd at the same time.
4.4. Important issues and comments.
5. Access to kmodest device driver from your own code !
6. MODEST suite contents
7. Where to go from here
First at all, my LKM was developed on a Virtual Machine running Debian Etch/32, with stableç
kernel 2.6.18.
In order to compile , load LKM and use it, you could do with:
- Linux kernel
2.6.18.1 source code (linux-source-2.6.18.tar.bz2). On Debian GNU systems,
you can get it simply typing - as root -:
apt-get install linux-source-2.6.18
Or, instead of this, you can download it from here:
<
http://www.eu.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.bz2>
- binutils, gcc, as (the gnu assembler included on binutils package) for compiling.
- Optionally, gdb and strace if you want to debug or inspect how my LKM works.
- A kernel image version 2.6.18 32 bits running on your system and the current configuration
file on /boot/config-2.6.18 or something similar.
I would like to say that this is an experimental devel , so it's perfectly possible to find bugs causing
crashes (KERNEL OOPS, segmentation fault, and so on). I suggest you to use a virtual machine for
testing purposses before using it.
To conclude, my first release of MODEST suite can only work at 100% with static binaries. If you need to
use "-d" or F_DUPFD ioctl() syscall, don't forget to compile your program using -static compiler's flag.
The "-c" arg works perfectly with static or shared binaries.
2. Compiling MODEST suite
2.1. Modify kernel source code
MODEST runs calling a lot of api kernel calls, but some of them must be exported using
EXPORT_SYMBOL(); C macro. Here is a list showing what functions must be exported and where you
can find them.
kernel c api on file
------------ -----------------------
get_files_struct() kernel/exit.c
sys_kill() kernel/signal.c
do_fsync() kernel/buffer.c
You can add these EXPORT_SYMBOL() macros on each file for any given function and then
recompile kernel image - see below - or you can run my patch file inside kernel source code
directory.
If you decide to add code by your own hand, add this code on each file just after end's
body function like that:
EXPORT_SYMBOL(function_name);
I.E: EXPORT_SYMBOL(sys_kill);
If you prefer to run my patch, follow these steps:
- Copy my patch file where you like and run patch command:
patch -p0 < /path/to/my/patch_file
To do that, kernel code to be patched must be at /usr/src/linux-2.6.18
You can find my patch on directort patch/
2.2. Compile & install new kernel image.
After patching kernel source code, you must recompile it and reinstall it. To do that:
- Load your current configuration file:
cp /boot/config-2.6.18... /usr/src/linux-2.6.18/.config
- In order to avoid problems with your current kernel, edit Makefile and
add this in line EXTRA_VERSION:
EXTRA_VERSION = -kmodest
- Inside kernel source directory, run:
make bzImage && make modules
- Install new modules :
make modules_install
- Install new kernel image on /boot:
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.18-kmodest
- Copy new system map file:
cp System.map /boot/System.map-2.6.18-kmodest
- If you need an initrd image, run :
mkinitrd[.yard] -o /boot/initrd-2.6.18-kmodest 2.6.18-kmodest
. Edit your lilo.conf or /boot/grub/menu.lst to add the new kernel and initrd
and reboot your system to boot up this new kernel.
2.3. Compile module (kmodest)
Enter on directory containing MODEST source code /path/to/modest/src/ and run ( as root ):
make modules
After a bit, you can find module called kmodest.ko compiled.
Probably you need to edit Makefile first and modify variable KERNELDIR according to
your linux box.
For example, if you kernel source code is on /usr/src/linux-2.6.18, you have to add:
KERNELDIR := /usr/src/linux-2.6.18
2.4. Compile user space control utility (umodest)
Enter on directory containing MODEST source code /path/to/modest/src/ and run ( as root ):
make umodest
After a bit, you can find umodest binary file compiled on bin/umodest.
Don't forget to edit (if need it) variable KERNELDIR as above.
2.5. Compile process tester (fakeproc)
Enter on directory containing MODEST source code /path/to/modest/src/ and run ( as root ):
After a bit, test process can be found compiled on file bin/fakeproc.
Alternatively, you can run :
make all
on directory source to compile all files (kmodest.ko, fakeproc and umodest )
Notice that only static process can "receive" a "-d" command from my LKM. On shared programs
my own syscall_handler will not work, and modest can't do anything over them!
To understand why, refer to my future technical article describing theory and architecture
design of my LKM piece of code.
2.6. Creating device file
To avoid problems with udev, umodest.c - the user-space utility program -, tries to open
device driver on /dev/.static/dev/modest.
If you don't use udev, then you must modify umodest.h header file before compiling it and
edit this #define:
#define _DRV_NAME "/dev/.static/dev/modest"
Finally, you must create by hand the device file (on /dev or on /dev/.static/dev):
cd /dev/.static/dev or cd /dev (if you're not using udev)
mknod modest c 231 0
Please assign rights to it if you prefer to use MODEST as a normal user - no root!.
2.7. Cleaning up sources & binaries.
Enter on directory containing MODEST source code /path/to/modest/src/ and run ( as root ):
make clean
All object files, binary files on bin/ and LKM will be deleted. Now, sources are ready to go
somewhere !!
3. Installing MODEST suite
3.1. Install device driver (kmodest)
kmodest.ko can be copied to /lib/modules/2.6.18-kmodest/ to avoid loading using insmod with
full - or relative - path.
After that, you must run - as root -:
depmod -ae
in order to add dependency information on file /lib/modules/2.6.18-kmodest/modules.dep for
kmodest.ko kernel module.
3.2. Autoload at start up
After install by hand the LKM, you can add this line on /etc/modules - for Debian or debian based
systems -:
kmodest
Everytime system starts up, kmodest will be loaded automatically.
3.3. Install user-space utilities.
umodest and fakeproc can be installed copying on /bin, /usr/bin or /usr/local/bin directories or
whereever you prefer !! Only remember to put directory where user utility "umodest" is on in
your PATH environment variable.
Only umodest is important to control and use my LKM "kmodest", so you don't need to copy fakeproc.
3.4. Install manpages
On MODEST source directory, simply type :
make install-man
All manpages stored inside man/ directory will be copied on right directories automatically.
4. Using MODEST suite
4.1. Gathering fd[] array for a given process
You can retrieve a brief information about opened files for any running process using
my LKM. Normally, it will be the first action before re-calling umodest with -c or -d
args.
Suposse a running process with PID 2234:
umodest -p 2234 -i
umodest will be read from char device driver kmodest (on /dev/.static/dev/modest) and
prints output to stdout:
(...)
=> 2: Short name: 3 (I-node: 5)
uid: 0 (root), gid: 0
=> 3: Short name: fakeproc.out (I-node: 114626)
uid: 0 (root), gid: 0
(..)
The first number is the fd , that is, the index inside the fdtable for process. Please
refer to my article for more details.
4.2. Remapping all sys_write() I/O calls to another fd.
If you want to remap all I/O sys_write() system call on an opened file for the same process
(PID 2234), you need to choose what file descriptor will be redirected and where. Be carefully;
any sys_write() will be ONLY on new destination, not on the old one so process will lost changes
on its own output file.
Suposse you want to remap all I/O sys_write() calls to a new file, placed on a new filesystem
due to low space on disk. To do that, you can type:
umodest -p 2234 -c 4 /path/to/new/fs/new_file
Where "4" is the file descriptor for the file "output.out", obtained calling umodest user-space
utility program with "-i". Now, process with PID 2234 won't write over output.out, and all
sys_write() will be on new path.
When the disk-low-space issue be fixed, you can stop process sending SIGSTOP signal with kill:
kill -s SIGSTOP 2234
Then "cat" all data written over new file on the old one, exit umodest with q + RETURN.
4.3. Writting all sys_write() I/O syscalls on another fd at the same time.
Finally, MODEST can connect all I/O sys_write() calls to a new descriptor, at the same time. With
this technique, original output file for a given process will continue writing and user won't
lost data.
Suposse you want to peep for a bit output from process with PID 2234 over its file output.out. You
can connect all I/O sys_write() call to any opened virtual console such as /dev/pts/5:
umodest -p 2234 -c 4 /dev/pts/5
Process with PID 2234 will continue writing over its output file, as usual, but, at the meantime,
you can watch its output on console !
4.4. Important issues and comments.
MODEST suite is 100% experimental. It seems to be stable, but don't use directly on cpu-peak
processes running for a long time in order to avoid segfaults and KERNEL OOPS conditions; testing
on a Virtual Machine for the first time is the best option.
My first version of MODEST only can intercept sys_write(); using my own system_call handler with
static binaries. It means that "-c" will work on static and shared binaries, but "-d" not.
After sending ioctl() syscall to char driver kmodest, umodest will wait for an user input via
scanf(); standard C library call. In order to maintain stability over the whole system and the
process remapped (or reconnected), umodest process can't be killed !!! When you decided to restore
original fdtable array on affected process, simply type "q + RETURN" and umodest will send a last
ioctl command to char device driver in order to call do_restore_task();.
So it's very clear that, if umodest user-process abnormally dies, there are a lot of possibilities
to obtain KERNEL OOPS message and segfault from process remapped or reconnected.
At the moment, my first release of MODEST suite do not call do_restore_task() on cleanup module
function, so it's possible to obtain a new KERNEL OOPS or segfault from process affected while
running umodest with "-c" or "-d" and unloading the kernel module with:
rmmod kmodest
All these problems will be fixed on new relase.
5. Access to kmodest device driver from your own code !
MODEST is composed by:
- An LKM (kmodest.ko)
- An user-space utility to deal with it (umodest)
If you check umodest.c and umodest.h source and header files, respectivelly, you'll wonder
that it's a piece of cake! All I/O between my user-space utility and device driver is based on
ioctl() system calls commands, sending requests and waiting for a responses.
So, if you need to add kmodest functionality in your own code, refer to my kmodest ioctl
reference documentation or use modest.c and umodest.c comments - extensive and auto-explanatory
I think -
6. MODEST suite contents.
Structure for package tar-bzipped :
debug - Straced files and dissasembled ones.
doc - Documentation, how to install, and so on.
patch - My kernel patch for 2.6.18.
shots - Screenshots of MODEST in action.
src - The sources of umodest, kmodest and fakeproc.
videos - Videos showing MODEST in action.
man - The manpages.
7. Where to go from here
http://membres.lycos.fr/hellonnet00http://sf.net/projects/kmodesttoni.castillo@fa.upc.edu
