book

Professional Linux Kernel Architecture

Name: Professional Linux Kernel Architecture
Author: Wolfgang Mauerer
ISBN: 9780470343432

by Wolfgang Mauerer

October 2008

Beginner

1368 pages

43h 43m

English

Wrox

Read now

Unlock full access

Cover
Title Page
Copyright
About the Author
Credits
Acknowledgments
Introduction
What This Book Covers
Chapter 1: Introduction and Overview
1.1 Tasks of the Kernel1.2 Implementation Strategies1.3 Elements of the Kernel1.4 Why the Kernel Is Special1.5 Some Notes on Presentation1.6 Summary
Chapter 2: Process Management and Scheduling
2.1 Process Priorities2.2 Process Life Cycle2.3 Process Representation2.4 Process Management System Calls2.5 Implementation of the Scheduler2.6 The Completely Fair Scheduling Class2.7 The Real-Time Scheduling Class2.8 Scheduler Enhancements2.9 Summary
Chapter 3: Memory Management
3.1 Overview3.2 Organization in the (N)UMA Model3.3 Page Tables3.4 Initialization of Memory Management3.5 Management of Physical Memory3.6 The Slab Allocator3.7 Processor Cache and TLB Control3.8 Summary

Chapter 4: Virtual Process Memory
4.1 Introduction4.2 Virtual Process Address Space4.3 Principle of Memory Mappings4.4 Data Structures4.5 Operations on Regions4.6 Address Spaces4.7 Memory Mappings4.8 Reverse Mapping4.9 Managing the Heap4.10 Handling of Page Faults4.11 Correction of Userspace Page Faults4.12 Kernel Page Faults4.13 Copying Data between Kernel and Userspace4.14 Summary
Chapter 5: Locking and Interprocess Communication
5.1 Control Mechanisms5.2 Kernel Locking Mechanisms5.3 System V Interprocess Communication5.4 Other IPC Mechanisms5.5 Summary
Chapter 6: Device Drivers
6.1 I/O Architecture6.2 Access to Devices6.3 Association with the Filesystem6.4 Character Device Operations6.5 Block Device Operations6.6 Resource Reservation6.7 Bus Systems6.8 Summary
Chapter 7: Modules
7.1 Overview7.2 Using Modules7.3 Inserting and Deleting Modules7.4 Automation and Hotplugging7.5 Version Control7.6 Summary
Chapter 8: The Virtual Filesystem
8.1 Filesystem Types8.2 The Common File Model8.3 Structure of the VFS8.4 Working with VFS Objects8.5 Standard Functions8.6 Summary
Chapter 9: The Extended Filesystem Family
9.1 Introduction9.2 Second Extended Filesystem9.3 Third Extended Filesystem9.4 Summary
Chapter 10: Filesystems without Persistent Storage
10.1 The proc Filesystem10.2 Simple Filesystems10.3 Sysfs10.4 Summary
Chapter 11: Extended Attributes and Access Control Lists
11.1 Extended Attributes11.2 Access Control Lists11.3 Summary
Chapter 12: Networks
12.1 Linked Computers12.2 ISO/OSI and TCP/IP Reference Model12.3 Communication via Sockets12.4 The Layer Model of Network Implementation12.5 Networking Namespaces12.6 Socket Buffers12.7 Network Access Layer12.8 Network Layer12.9 Transport Layer12.10 Application Layer12.11 Networking from within the Kernel12.12 Summary
Chapter 13: System Calls
13.1 Basics of System Programming13.2 Available System Calls13.3 Implementation of System Calls13.4 Summary
Chapter 14: Kernel Activities
14.1 Interrupts14.2 Software Interrupts14.3 Tasklets14.4 Wait Queues and Completions14.5 Summary
Chapter 15: Time Management
15.1 Overview15.2 Implementation of Low-Resolution Timers15.3 Generic Time Subsystem15.4 High-Resolution Timers15.5 Dynamic Ticks15.6 Broadcast Mode15.7 Implementing Timer-Related System Calls15.8 Managing Process Times15.9 Summary
Chapter 16: Page and Buffer Cache
16.1 Structure of the Page Cache16.2 Structure of the Buffer Cache16.3 Address Spaces16.4 Implementation of the Page Cache16.5 Implementation of the Buffer Cache16.6 Summary
Chapter 17: Data Synchronization
17.1 Overview17.2 The pdflush Mechanism17.3 Starting a New Thread17.4 Thread Initialization17.5 Performing Actual Work17.6 Periodic Flushing17.7 Associated Data Structures17.8 Central Control17.9 Superblock Synchronization17.10 Inode Synchronization17.11 Congestion17.12 Forced Writeback17.13 Laptop Mode17.14 System Calls for Synchronization Control17.15 Full Synchronization17.16 Summary
Chapter 18: Page Reclaim and Swapping
18.1 Overview18.2 Page Reclaim and Swapping in the Linux Kernel18.3 Managing Swap Areas18.4 The Swap Cache18.5 Writing Data Back18.6 Page Reclaim18.7 The Swap Token18.8 Handling Swap-Page Faults18.9 Initiating Memory Reclaim18.10 Shrinking Other Caches18.11 Summary
Chapter 19: Auditing
19.1 Overview19.2 Audit Rules19.3 Implementation19.4 Summary
Appendix A: Architecture Specifics
A.1 OverviewA.2 Data TypesA.3 AlignmentA.4 Memory PagesA.5 System CallsA.6 String ProcessingA.7 Thread RepresentationA.8 Bit Operations and EndiannessA.9 Page TablesA.10 MiscellaneousA.11 Summary
Appendix B: Working with the Source Code
B.1 Organization of the Kernel SourcesB.2 Configuration with KconfigB.3 Compiling the Kernel with KbuildB.4 Useful ToolsB.5 Debugging and Analyzing the KernelB.6 User-Mode LinuxB.7 Summary
Appendix C: Notes on C
C.1 How the GNU C Compiler WorksC.2 Standard Data Structures and Techniques of the KernelC.3 Summary
Appendix D: System Startup
D.1 Architecture-Specific Setup on IA-32 SystemsD.2 High-Level InitializationD.3 Summary
Appendix E: The ELF Binary Format
E.1 Layout and StructureE.2 Data Structures in the KernelE.3 Summary
Appendix F: The Kernel Development Process
F.1 IntroductionF.2 Kernel Trees and the Structure of DevelopmentF.3 The Structure of PatchesF.4 Linux and AcademiaF.5 Summary
References
Advertisement

Content preview from Professional Linux Kernel Architecture

Chapter 19

Auditing

Developers working on the kernel often have a natural interest to watch and inspect what is going on inside the code. But they are not the only ones who would like to know what the kernel does. System administrators, for instance, might want to observe which decisions the kernel has taken and which actions were performed. This can be beneficial for a number of reasons, ranging from increased security to postmortem forensic investigation of things that went wrong. It could, for instance, be very interesting to not only observe that a wrong security decision caused by some misconfiguration was made by the kernel, but also to know which process or users took advantage of this. This chapter describes the methods provided by the kernel for this purpose.

19.1 Overview

Obviously, the surveillance needs of administrators differ considerably from those of developers. While programmers are usually interested in comparatively low-level information, administrators will tend to need a higher-level view: Which processes have opened network connections? Which users have started programs? When did the kernel grant or refuse certain privileges?1 To answer such questions, the kernel provides the audit subsystem.

While programmers will run their experiments on machines solely devoted to development, administrators face a different problem: The machines they have to monitor usually serve as production machines. This places two crucial constraints on the audit mechanism:

It must ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470343432

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Professional Linux Kernel Architecture

by Wolfgang Mauerer

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.