sargx digital garden

Linux

4 min read

Kernel

Processes

Virtual Memory

Namespaces

Cgroups

eBPF

ELF

FileSystem & File Descriptors

Network

Debug - Observability

Logging - Incident Response

Linux Security

Page Cache

Syscalls

Init-Systemd

https://distrosea.com/

Common linux raw shipped files:

  • vmlinuz - the compressed Linux kernel, sometimes it’s called bzImage, we can extract it into the actual kernel ELF file called vmlinux.
  • initramfs.cpio.gz - the Linux file system that is compressed with cpio and gzip, directories such as /bin/etc, … are stored in this file, also the vulnearable kernel module is likely to be included in the file system as well. For other challenges, this file might come in some other compression schemes.

[BOOK] Linux Internals:

https://github.com/0xAX/linux-insides/blob/master/SUMMARY.md

http://books.gigatux.nl/mirror/kerneldevelopment/0672327201/toc.html

https://www.linuxfromscratch.org/lfs/view/stable/

[BOOK] Linux Kernel Teaching:

https://linux-kernel-labs.github.io/refs/heads/master/

Interactive map of Linux kernel:

https://makelinux.github.io/kernel/map/

image/svg+xml Linux kernel map Constantine Shulyupin © 2007–2022 Constantine Shulyupin www.MakeLinux.net/kernel/map virtual logical electronics I/O memory CPU HI char devices HI subsystems address families sockets access protocols network interfaces networking Virtual File System block devices storage virtual memory memory access logical memory Page Allocator memory threads processes Scheduler interrupts core CPU specific processing generic HW access system run system functionalities layers interfaces core Linux kernel map logicalfile systems abstract devicesand HID class drivers HI peripheralsdevice drivers 2.6 networkdevice drivers devicecontrol storagedrivers physical memoryoperations device accessand bus drivers user spaceinterfaces hardwareinterfaces files & directoriesaccess user peripherals storage controllers network controllers human interfaces synchronization Device Model swap networkstorage memorymapping security bridges debugging page cache socketsplice sys_init_module timer_interrupt jiffies_64 do_timer tick_periodic context_switch alloc_file registers RAM MMU I/O ports I/O mem keyboard mouse audio graphics card SCSI SATA DMA Ethernet Wi-Fi APIC physically mapped memory system files copy_from_user © 2007–2022 Costa Shulyupin www.MakeLinux.net/kernel/map sys_write sys_open sys_execve linux_binfmt vfs_read task_struct usb_driver sys_socketcall socket interrupt sys_fork schedule do_IRQ rq kmalloc kmem_cache vmalloc vmlist page do_page_fault outw cdev /sysfs /dev readw /proc cdev_add oss mousedev kbd i8042_driver psmouse atkbd_drv tty console snd_fops video_fops console_fops vga_con pt_regs __get_free_pages vm_struct sys_mmap /proc/self/maps timer_list do_softirq tasklet_struct request_queue setup_irq init_scsi ext4_file_operations gendisk block_device_operations sys_sync sys_nanosleep schedule_timeout sysfs_ops mm_struct module cdev_map request_region proto_ops socket_file_ops /proc/net/protocols proto tcp_prot inet_stream_ops inet_dgram_ops udp_prot inet_family_ops __sock_create ip_rcv net_device alloc_netdev_mq ieee80211_alloc_hw file_operations sys_syslog aic94xx_init usb_hcd ehci_irq usb_hcd_irq usb_submit_urb ehci_urb_enqueue usb_hcd_giveback_urb pci_driver start_kernel init/main.c run_init_process do_initcalls sys_reboot do_mmap_pgoff sys_brk arch/x86/ irq_desc setup_timer process_timeout activate_task sys_clone sys_vfork file vm_area_struct inode fs/exec.c address_space ip_queue_xmit dev_queue_xmit netif_rx ether_setup ieee80211_xmit ieee80211_rx sd_fops scsi_device scsi_driver sys_socket linux/syscalls.h linux/uaccess.h pci_read pci_write ioremap request_mem_region kernel_power_off kernel_restart writew inw inet_create vfs_write ipw2100_pci_init_one zd1201_probe unix_family_ops sys_mount load_module ext4_get_sb file_system_type get_sb super_block __alloc_pages die /proc/interrupts cli sti switch_to system_call trap_init sys_read do_path_lookup vfs_create kernel/sched.c drivers/net/ show_regs block/ drivers/ drivers/input/ sound/ drivers/media/ init/ kernel/ include/asm/ mm/slob.c /proc/slabinfo ac97_driver usb_storage_driver bus_type device device_driver probe class device_create driver_register drivers/base/ kobject security/ linux/security.h selinux_ops security_ops security_socket_create security_inode_create pci_register_driver ahci_pci_driver libata Scsi_Host may_open create_workqueue alloc_skb alsa inode_operations ramfs_fs_type iscsi_tcp_transport smb_fs_type cifs_file_ops nfs_file_operations sk_buff mm/mmap.c vma_link start_thread find_vma_prepare virt_to_page fb_ops pci_request_regions fb_fops cdev_add register_chrdev kset msleep do_fork kernel_thread current thread_info semaphore workqueue_struct work_struct kthread_create wake_up atomic_t mutex add_timer down_interruptible kswapd do_swap_page fs/ mm/ kernel/ net/ kmem_cache_alloc kernel/ mousedev_handler input_fops get_page_from_freelist wakeup_kswapd try_to_free_pages zone drivers/media/video/ video_device NF_HOOK nf_hooks tcp_transmit_skb drivers,registers and interrupts tcp_sendmsg tcp_recvmsg udp_sendmsg udp_recvmsg netif_receive_skb linux/netdevice.h ip_output System Call Interface /dev/mem mem_fops mmap_mem sock_ioctl dev_ioctl linux/device.h linux/kobject.h device_type driver_init arch/x86/mm/ sys_signal ++ request_irq sys_times sys_time sys_gettimeofday sys_futex system callsand system files cross-functionalmodules sys_mprotect sys_pivot_root mount_root kernel/signal.c sys_kill shm_vm_ops sys_shmctl sys_shmat sys_newfstat sys_select sys_chroot kvm_dev_ioctl kvm camera interruptcontroller USBcontroller PCIcontroller uvc_driver sys_ioctl register_netdev lock_kernel kernel_flag do_sigaction sys_pipe sys_fsync vfs_fsync bdi_writeback_thread do_writepages fget fd sys_sysfs file_systems sys_flock sys_mkdir sys_inotify_init sys_chdir vfs_getattr vfs_fstat sys_epoll_create kmem_cache_alloc inode_permission notify_change inode_setattr sys_chmod sys_readv iovec sys_poll sys_tee sys_sysinfo sys_swapon swap_info sys_msync do_mmap up mutex_unlock mutex_lock_interruptible pgd_t pmd_t pte_t setup_arch mm_init kmem_cache_init vm_stat sys_capset x86_init zonelist kfree __free_pages __free_one_page security_capset handle_sysrq printk log_buf kgdb_breakpoint sys_ptrace oprofile_init oprofile_start register_kprobe kernel_param native_init_IRQ set_intr_gate schedule_work tasklet_action softirq_init module_param bus_register mem_init vmalloc_init /sys/class/ kobject_uevent_init kobject_uevent fsnotify sys_fanotify_init drm_driver out_of_memory vfree . . sys_chown fsnotify_change fanotify_handle_event /proc/meminfo totalram_pages num_physpages INIT_WORK queue_work usb_stor_host_template scsi_host_alloc sys_getdents ext4_readdir generic_file_aio_read free_list free_area NR_FREE_PAGES /proc/net/ tcp4_seq_show sg_proc_seq_show_dev rt_cache_seq_show sys_connect sys_accept sys_bind sys_listen sys_sendmsg sys_recvmsg sys_setsockopt sock_sendpage sock_splice_read sys_sendfile do_splice_direct sys_splice e1000_xmit_frame e1000_intr usbnet_probe netif_carrier_on ip_route_input udp_rcv tcp_v4_rcv ip_local_deliver ip_push_pending_frames functionsimplementations boot, shutdownpower management hibernate machine_ops early_trap_init inet_init udp_sendpage tcp_sendpage tcp_splice_read spin_unlock_irqrestore spin_lock_irqsave wait_event wait_for_completion complete owner run_timer_softirq si_meminfo si_swapinfo sys_mincore ACPI mm/slub.c mm/slab.c

🌱 Back to Garden

15 items under this folder.