Operating System Boot Process

Questions and Answers

What does BIOS stand for?

Basic Input/Output System

What does POST stand for in the context of the boot process?

Power-On Self-Test

What is the role of the bootloader (e.g., GRUB) in the Linux boot process?

It's a small program that loads the operating system (specifically the kernel, like /boot/vmlinuz) into memory and then transfers control to it.

What are the initial responsibilities of the Linux kernel after being loaded by the bootloader?

Initializing core hardware components, setting up memory management (including virtual memory), initializing process management, and mounting the root filesystem.

What is typically the first user-space process started by the Linux kernel?

systemd (or older init systems like SysVinit or Upstart)

What are the two main operating contexts or 'spaces' in a Linux system?

User Space and Kernel Space

In Linux, almost everything, including hardware devices and network sockets, is represented as a file.

True (A)

Name the 7 kinds of files recognized by Linux.

regular file, directory, symbolic link, character device, block device, FIFO (named pipe), and socket.

What is the purpose of the /etc/ directory in the Linux file hierarchy?

It contains host-specific system-wide configuration files.

What kernel data structure holds information about a specific thread or process?

struct task_struct

What kernel data structure, pointed to by task_struct, manages the file descriptors for a process?

struct files_struct

What kernel data structure represents an open file instance?

struct file

What is the purpose of the file_operations structure (often called fops)?

It holds pointers to the functions (methods) that implement the standard file operations (like read, write, open, close, ioctl) for a specific file type or device.

What is the purpose of the struct cred in the Linux kernel?

It holds the security credentials of a task or process, including user IDs (UID, EUID, SUID, FSUID), group IDs (GID, EGID, SGID, FSGID), and capabilities.

In Linux file permissions, what do the numeric values 4, 2, and 1 represent?

4 represents read (r), 2 represents write (w), and 1 represents execute (x).

What is the primary role of Process Management within the Linux kernel?

Allocating CPU time to processes (scheduling), managing process states (running, sleeping, stopped), creating and terminating processes, and handling inter-process communication and synchronization.

What is a Loadable Kernel Module (LKM)?

An object file containing code that can extend the running kernel's functionality. They can be loaded and unloaded on demand without rebooting.

What is the primary difference in function between a CPU and a GPU?

A CPU is designed for general-purpose sequential task execution, while a GPU is highly specialized for parallel computations, excelling at tasks like graphics rendering and large-scale data processing.

What commands are typically used to load and unload Linux kernel modules?

insmod (or modprobe) is used to load modules, and rmmod is used to unload them.

What kernel C API functions are used to safely transfer data between kernel space and user space?

copy_to_user() and copy_from_user().

What are the primary kernel functions for dynamic memory allocation and deallocation?

kmalloc() for allocation and kfree() for deallocation.

What kernel function is used to print messages that can typically be viewed with the dmesg command?

printk()

What does ioctl stand for and what is its general purpose in device drivers?

Input/Output Control. It provides a way to send device-specific commands and receive device-specific information between user space and a kernel module/driver, beyond simple read/write operations.

Flashcards

What does BIOS or UEFI do?

Initializes hardware, checks function correctly (POST), and looks for a bootable device.

What is a bootloader?

A small program that loads the OS into memory and initializes it.

What happens during Kernel init?

Kernel initialization, setting up memory management, processes, and devices.

What does systemd do?

Manages system services and daemons, launches services, mounts filesystems, and sets up the user environment.

How many kind of files exists?

7 kind of files: regular, directory, link, character device, block device, fifo and socket

What is a file descriptor (fd)?

A unique identifier for an open file, used by a process to access the file.

What does process management do?

Allocates CPU time, manages process states, and handles synchronization.

What does memory management do?

Manages system memory, implements virtual memory.

What do device drivers do?

Enables communication between the OS and hardware devices.

What does the CPU execute?

Instructions, Operating system, running applications, and handling various system-level processes

What does the GPU accelerate?

Originally designed to accelerate graphics rendering

What do Kernel modules allow?

Kernel modules allow functionality to be added to or removed from the kernel

What are LKMs?

Loadable Kernel Modules

What are insmod and rmmod?

Commands to insert and remove kernel modules, respectively.

What are module_init and module_exit?

module_init is initializing and module_exit is exiting

What are file_operations (fops)?

These functions define how the kernel interacts with a device or file.

What are Copy_to_user and Copy_from_user?

Copy_to_user is copying to user and Copy_from_user is copying from user

What are Kmalloc and kfree?

Kmalloc is allocating and kfree is freeing

Study Notes

Boot Process

• BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) are stored in ROM
• BIOS/UEFI initializes hardware: CPU, RAM, Storage
• BIOS/UEFI ensures hardware functions correctly using POST (Power-On Self-Test)
• BIOS/UEFI looks for a bootable device
• Bootloader (usually GRUB) is a small program that loads the OS into memory
• GRUB loads the kernel from /boot and initializes it into memory
• Kernel initializes memory management, processes, and devices
• The first user-space process, systemd, is started
• Systemd manages system services and daemons
• Systemd reads config files to launch services, mount filesystems, and set up the user environment
• Mount the root filesystem, then start system services based on the default target
• Startup scripts are executed

Monolithic Kernel

• The OS is a Monolithic Kernel
• User Space contains Applications
• Kernel Space contains: VFS, System call, IPC, File System, Scheduler, Virtual Memory, Device Drivers, Dispatcher, and Hardware

Lab 0x00: Know Your Machine

• Use i3 or sway
• Use Alacritty, oh-my-zsh, vim, and other tools
• Navigate into your file system

Linux File Structure

• Key concepts are Linux File Hierarchy, File descriptor (fd), Task/threads/Process, and Uid/Permissions
• Everything is treated as a file
• Seven file types exist: regular, directory, link, character device, block device, fifo, and socket
• New entries appear in the open file descriptor table using functions like: open, openat, create, open2
• File descriptors can be copied using: dup, dup2, fcntl.

Core Structs

• Every process has a per-thread struct task_struct
• This struct has a pointer to files_struct, containing an array of pointers to file structs
• Files_struct contains file flags and current position information
• Entries across running threads constitute the open file descriptor table

Virtual Function Table

• Achieves genericity
• Composed of function pointers
• A well-known Virtual Function Table is struct file_operations
• Since everything is a file but of different types, operations, often called f_ops, differ
• This allows kernel code to handle files independently by their type, promoting code factorization

Credentials (creds)

• Includes user ID, group ID, capabilities, and security information

File Permissions

• Permissions are represented by read (r), write (w), and execute (x), with numerical values of 4, 2, and 1 respectively

Lab 0x01: Linux Kernel Env

• Download Linux and Busybox
• Compile both
• Create your file hierarchy
• Emulate with QEMU!

Linux Kernel

• Process Management allocates CPU time, manages process states, and handles synchronization
• Memory Management handles system memory, implementing virtual memory
• File System Management provides a file system interface, managing file access permissions
• Device Drivers enable communication between the OS and hardware

CPU vs GPU

• CPU executes instructions, manages operating system processes, and handles system-level processes
• GPU accelerates graphics rendering and has evolved into a highly parallel processor for large data amounts
• GPUs Excel at parallelizable tasks like rendering graphics and processing images
• Both CPUs and GPUs have different protection mechanisms, which can lead to interesting exploitation opportunities

Kernel Modules

• Allow functionality to be added to or removed from the kernel
• Two types: Loadable Kernel Modules (LKMs) and Built-in Kernel modules
• Use Insmod to insert a module and rmmod to remove a module
• /dev contains device files representing hardware devices

init and exit

• module_init and module_exit are used in kernel modules
• File_operations (fops) contains pointers to functions that implement operations on files and devices
• Supported system calls: Open, Release, Write, Read, and ioctl

User space

• Functions to handle copying from and to user space: Copy_to_user / Copy_from_user
• Functions to manage memory: Kmalloc / kfree, memcpy and Printk

Lab 0x02: Dev LKM

• Develop a Linux Kernel Module and interact with it through a user script
• Main tasks: Implement Read/write operations, IOCTLs, use Kmalloc/kfree, and analyze the binary in IDA