We will assign you a system call and give you a specially designed program. Your task is to trace invocations of that system call by the program within userspace and kernelspace and document your observations.
Strengthen understanding of the interaction between the kernel and userspace
Learn how to monitor a program's execution of system calls
Build awareness of, and basic familiarity with, the linux BPF subsystem via bpftrace
Gain experience with tracing based debugging
A cover letter following the submission procedures
Patch 1 adds a directory named E1
to your username
directory (username/E1
) with an unmodified copy of E1/questions.txt
Patch 2 adds two logs in your username/E1
directory named strace_user
and strace_root
Each log contains the full output from running strace
on the special program
strace_user
contains the output from running the program as an unpriveleged user
strace_root
contains the output from running as root using sudo
Patch 3 adds your username/E1/trace.bp
bpftrace
program and a file username/E1/trace.out
that shows the expected output of a successful trace of the special program making your system call
Patch 4 modifies username/E1/questions.txt
to answer each question
Patch 5 adds username/E1/log.txt
with the output from all the times you ran the program
Don't forget a cover letter
All email code patches are expected to pass checkpatch.pl
as described in the policies and procedures
Submit your patches to exercise1@COURSE_DOMAIN
Create an E1
directory in your username
directory
Copy the provided E1/questions.txt
file into your username/E1
Play with the provided program, either program_amd64
or program_arm64
depending on your architecture
Regardless of the location of the binary, the program will create a log.txt
file in the directory where the program is invoked
You will need this output for patch 5
Disassemble the appropriate binary using a tool like objdump -d <binary>
Identify the lines of code that prepare the arguments for your system call, specify the system call number, and invoke the kernel
Use this to answer question 0 for your architecture
Run strace
on the provided program
Locate the lines corresponding to call(s) to your system call in the output
Use this to answer question 1
Read the manual page for your system call (type man 2 [system call name]
e.g. man 2 execve
)
Analyze the disassembled binary to answer question 5
Find the system call definition within the kernel source
If you previously made a shallow (--depth=1
) local clone, pull the full history of the Linux kernel repository
git pull --unshallow
(this will take a little while to download)Run git blame
on the file containing the definition of the system call
Find the most recently modified line or lines in the system call handler
Use this to answer questions 7, 8, 9, and 10
Identify the probe you will use for tracing by searching for available probes that match your system call with sudo bpftrace -l
Write the bpf script that inserts a probe triggered by the program running your system call
The program prints the system call arguments, the kernelspace stack, and the userspace stack each time the system call is executed by the program
Ensure that the probe is only triggered on instances of the system call caused by running the provided program
Capture the necessary output, and create commits out of your changes as described above
Generate patches out of your commits
strace
man
cscope
git-blame
git-grep [ -n ]
bpftrace
and other BPF tooling
msg = (silence)
whoami = None
singularity v0.5 https://github.com/underground-software/singularity