Language Selection

English French German Italian Portuguese Spanish

Fuzzing Rumpkernel Syscalls Part 1

Filed under
OS
Development
BSD

It has been a great opportunity to contribute to NetBSD as a part of Google Summer Of Code '20. The aim of the project I am working on is to setup a proper environment to fuzz the rumpkernel syscalls. This is the first report on the progress made so far.

Rumpkernels provide all the necessary components to run applications on baremetal without the necessity of an operating system. Simply put it is way to run kernel code in user space.

The main goal of rumpkernels in netbsd is to run,debug,examine and develop kernel drivers as easy as possible in the user space without having to run the entire kernel but run the exact same kernel code in userspace. This makes most of the components(drivers) easily portable to different environments.

Rump Kernels are constructed out of components, So the drivers are built as libraries and these libraries are linked to an interface(some application) that makes use of the libraries(drivers). So we need not build the entire monolithic kernel just the required parts of the kernel.

Read more

Fuzzing the NetBSD Network Stack and More

  • Fuzzing the NetBSD Network Stack in a Rumpkernel Environment Part 1

    The objective of this project is to fuzz the various protocols and layers of the network stack of NetBSD using rumpkernel. This project is being carried out as a part of GSoC 2020. This blog post is regarding the project, the concepts and tools involved, the objectives and the current progress and next steps.

  • Make system(3) and popen(3) use posix_spawn(3) internally Part 1

    This is my first report for the Google Summer of Code project I am working on for NetBSD.

    Prior work: In GSoC 2012 Charles Zhang added the posix_spawn syscall which according to its SF repository at the time (maybe even now, I have not looked very much into comparing all other systems and libcs + kernels) is an in-kernel implementation of posix_spawn which provides performance benefits compared to FreeBSD and other systems which had a userspace implementation.

    After 1 week of reading POSIX and writing code, 2 weeks of coding and another 1.5 weeks of bugfixes I have successfully implemented posix_spawn in usage in system(3) and popen(3) internally.

    The biggest challenge for me was to understand POSIX, to read the standard. I am used to reading more formal books, but I can't remember working with the posix standard directly before.

    The next part of my Google Summer of Code project will focus on similar rewrites of NetBSD's sh(1).

More Reports About GSoC-Sponsored NetBSD Work

  • GSoC Reports: Curses Library Automated Testing Part 1

    My GSoC project under NetBSD involves the development of test framework of curses library. Automated Test Framework (ATF) was introduced in 2007 but ATF cannot be used directly for curses testing for several reasons most important of them being curses has functions which do timed reads/writes which is hard to do with just piping characters to test applications. Also, stdin is not a tty device and behaves differently and may affect the results. A lot of work regarding this has been done and we have a separate test framework in place for testing curses.

    The aim of project is to build a robust test suite for the library and complete the SUSv2 specification. This includes writing tests for the remaining functions and enhancing the existing ones. Meanwhile, the support for complex character function has to be completed along with fixing some bugs, adding features and improving the test framework.

  • GSoC Reports: Extending the functionality of NetPGP Part 1

    NetPGP is a library and suite of tools implementing OpenPGP under a BSD license. As part of Google Summer of Code 2020, we are working to extend its functionality and work towards greater parity with similar tools. During the first phase, we have made the following contributions

    Added the Blowfish block cipher
    ECDSA key creation
    ECDSA signature and verification
    Symmetric file encryption/decryption
    S2K Iterated+Salt for symmetric encryption

Enhancing Syzkaller support for NetBSD, Part 1

  • Enhancing Syzkaller support for NetBSD, Part 1

    I have been working on the project - Enhance the Syzkaller support for NetBSD, as a part of GSoc’20. Past two months have given me quite an enriching experience, pushing me to comprehend more knowledge on fuzzers. This post would give a peek into the work which has been done so far.

Benchmarking NetBSD, first evaluation report

  • Benchmarking NetBSD, first evaluation report

    This report was written by Apurva Nandan as part of Google Summer of Code 2020.

    My GSoC project under NetBSD involves developing an automated regression and performance test framework for NetBSD that offers reproducible benchmarking results with detailed history and logs across various hardware & architectures.

    To achieve this performance testing framework, I am using the Phoronix Test Suite (PTS) which is an open-source, cross-platform automated testing/benchmarking software for Linux, Windows and BSD environments. It allows the creation of new tests using simple XML files and shell scripts and integrates with revision control systems for per-commit regression testing.

NetBSD Is Making Progress On Benchmarking

  • NetBSD Is Making Progress On Benchmarking For Performance/Regression Testing

    That work for automated benchmarking of NetBSD for GSoC 2020 is, of course, being done via the Phoronix Test Suite and Phoromatic. While the Phoronix Test Suite has been running on BSDs for years, my focus has primarily been on FreeBSD and DragonFlyBSD along with their derivatives.

    Student developer Apurva Nandan is working for the NetBSD project on making the Phoronix Test Suite in good shape for NetBSD, which primarily is about porting of existing test profiles to see that they run gracefully on NetBSD. While there are many BSD and Linux test profiles, adapting to NetBSD often comes down to build system differences or external dependencies not being available for different programs currently on NetBSD.

    Apurva last week wrote a GSoC status update on this initiative via the NetBSD blog. Progress is being made on getting more tests up and running on NetBSD. Great to see good progress is being made on getting more tests up and running and have previously let Apurva know already that those NetBSD improvements will be happily accepted upstream once complete.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Debian: Raphaël Hertzog (LTS Work), Jonathan Dowland (IkiWiki), and Ben Hutchings (Also LTS)

  • Raphaël Hertzog: Freexian’s report about Debian Long Term Support, May 2021

    In May, we again put aside 2100 EUR to fund Debian projects. There was no proposals for new projects received, thus we’re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding! We’re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article.

  • Jonathan Dowland: Opinionated IkiWiki v1

    It's been more than a year since I wrote about Opinionated IkiWiki, a pre-configured, containerized deployment of Ikiwiki with opinions. My intention was to make something that is easy to get up and running if you are more experienced with containers than IkiWiki.

  • Ben Hutchings: Debian LTS work, May 2021

    In May I was assigned 13.5 hours of work by Freexian's Debian LTS initiative and carried over 4.5 hours from earlier months. I worked 16 hours and will carry over the remainder. I finished reviewing the futex code in the PREEMPT_RT patchset for Linux 4.9, and identified several places where it had been mis-merged with the recent futex security fixes. I sent a patch for these upstream, which was accepted and applied in v4.9.268-rt180.

IBM/Red Hat/Fedora Leftovers

  • Javier Martinez Canillas: The curious case of the ghostly modalias

    I was finishing my morning coffee at the Fedora ARM mystery department when a user report came into my attention: the tpm_tis_spi driver was not working on a board that had a TPM device connected through SPI. There was no /dev/tpm0 character device present in the system, even when the driver was built as a module and the Device Tree (DT) passed to the kernel had a node with a "infineon,slb9670" compatible string.

  • What you need to know about WebSphere Hybrid Edition – IBM Developer

    IBM WebSphere Hybrid Edition is a bundle of IBM runtimes for enterprise and cloud-native Java workloads. WebSphere Hybrid Edition enables developers to flexibly deploy both WebSphere traditional runtimes and Liberty runtimes (including the open-source Open Liberty framework), depending on their needs while optimizing the use of WebSphere Network Deployment, WebSphere Application Server, and Liberty Core license entitlements. WebSphere Application Server traditional is a trusted application server for Java EE applications. Liberty is a fast, lightweight, and modular framework for cloud-native Java applications and microservices that are optimized for cloud and Kubernetes and supporting a wide spectrum of Java APIs, including the latest Eclipse MicroProfile and Jakarta EE API. With WebSphere Hybrid Edition, you can continue to run workloads on WebSphere Application Server traditional reliably, build new services on Liberty and deploy them to cloud, and modernize and refactor your legacy applications whenever you’re ready at your own pace. The choices are yours.

  • Understanding the CentOS 7 filesystem hierarchy - Linux Concept

    We can compare a filesystem to a refrigerator, or any other storage with multiple shelves that is used for storing different items. These shelves or compartments help us to organize grocery items in our refrigerator by certain characteristics, such as shape, size, type, and so on. The same analogy is applicable to a filesystem, which is the epitome of storing and organizing collections of data and files in human-usable form.

  • File encryption and decryption made easy with GPG | Enable Sysadmin

    GPG is a popular Linux encrypting tool. Find out how to use its power to keep private files private.

  • Molly de Blanc: Welcome Red Hat as a GUADEC Sponsor [Ed: IBM ('Red Hat') rewarding, financially, those who attacked Richard Stallman and the FSF with hate and defamation]

    “As one of the many active contributors within the vibrant GNOME community, Red Hat is very pleased to also be among the sponsors of this year’s GUADAC event,” said a representative from Red Hat. “Community is about connections, and as we move into a world that is waking up from decreased social contact, those connections are more important than ever. GNOME remains an incredible part of the open source ecosystem, and the conversations made at GUADEC amongst users and contributors are a big reason why GNOME continues to be successful! We are thrilled to be a part of these conversations and look forward to participating in the GUADEC 2021 online event.” Kristi Progri, lead organizer of GUADEC, says “On behalf of everyone at GUADEC organizing team, I would like to express our sincere gratitude for the generous sponsorship to GUADEC, We’re happy they’re joining us again at GUADEC to help build GNOME and show the community what they are working on.”

  • Red Hat Migration Toolkit for Virtualization Now Available

    Red Hat has announced the general availability of Red Hat’s migration toolkit for virtualization to help organizations accelerate open hybrid cloud strategies by making it easier to migrate existing workloads to modern infrastructure in a streamlined, wholesale manner. By bringing applications based on virtual machines (VMs) to Red Hat OpenShift, IT organizations can experience a smoother, more scalable modernization experience while mitigating potential risks and downtime.

  • Move virtual machines to OpenShift at-scale with Red Hat’s migration toolkit for virtualization

    Red Hat OpenShift, the industry’s leading enterprise Kubernetes platform, is used by enterprises across the globe that are looking to bring applications to market faster. The benefits of OpenShift can be extended to virtualized workloads through OpenShift Virtualization, OpenShift’s capability for Kubernetes-native virtualization, but first comes the hard part: How do you actually move your workloads to Kubernetes in the first place?

  • How open source is lowering barriers to higher education

    Stepping into the college experience is a whirlwind. For many people, it’s your first time away from home and one of the first times that you are tasked with managing your life on your own. There are a lot of details you need to figure out. Are you going to live on campus or off? What meal plan do you want to use? What do you want to choose as your major? What classes do you want to take? And likely most pressing, how are you going to afford everything you need? When talking about the cost of education, there is one thing that is an issue for every student: the cost of textbooks. Textbooks for a college course can cost upwards of $100 apiece and, depending on how many courses you are taking in a semester, that can add up very quickly. In fact, the College Board found that the average university student spends more than $1,200 on books each year. For students it can be hard to justify the steep costs of books, especially when it comes to courses outside your field of study.

  • Fedora Community Blog: Heroes of Fedora (HoF) – F34 Final

    Hello fellow testers, welcome to the Fedora Linux 34 Final installation of Heroes of Fedora! In this post, we’ll look at the stats concerning the testing of Fedora Linux 34 Final. The purpose of Heroes of Fedora is to provide a summation of testing activity on each milestone release of Fedora. Without community support, Fedora would not exist, so thank you to all who contributed to this release! Without further ado, let’s get started!

Sovereignty on a Federated System: problems we faced on GNOME’s Matrix instance

This post follows an introduction to Matrix with e-mails, where I explain that Matrix is a federated system. Federation can be either public or private. A public server can communicate with any other server, except the ones which are explicitely avoided. Meanwhile, a private server can only communicate with a selected list of other servers. Private federation is often deployed between entities that can trust each other, for example between universites. There often are processes to take back control of things when they derail on a server you don’t manage, because people on the remote server are contractually bound with you. But many organisations, and especially open source projets, deploy their instance in public federation. This means strangers from the Internet can interact with your server. Public federation comes with its own set of non-technical risks. In this post I’m going to guide you through the problems we faced on our GNOME Matrix instance. For each problem I’ll bring a solution. They will be consolidated at the end of the post in the form of a target we want to reach eventually, along with the acknowledgement of the limits of what we can do. Please note that these problems have more to do with careful planning and deployment than with the Matrix protocol itself. Read more

Security-Oriented Alpine Linux 3.14 Released with KDE Plasma 5.22, QEMU 6.0, and More

Five months in the works, Alpine Linux 3.14 is here as another big update for this security-oriented distribution, featuring the latest and greatest KDE Plasma 5.22 desktop environment series, along with the KDE Gear 21.04.2 software suite, for those who want to install the KDE Plasma desktop. But, Alpine Linux is a Linux distribution designed for servers, firewalls, routers, VPNs, etc., so it comes with major updates for packages needed for these type of setups. These include Lua 5.4.3, HAProxy 2.4.0, nginx 1.20.0, njs 0.5.3, Node.js 14.17.0, PostgreSQL 13.3, Python 3.9.5, QEMU 6.0.0, R 4.1.0, and Zabbix 5.4.1. Read more