Traversing a VMA red-black tree in Linux

May 26, 2021 | kernel, Linux

void dfs(struct rb_node *node) { struct vm_area_struct *vma; vma = rb_entry(node, struct vm_area_struct, vm_rb); trace_printk(“VMA: [0x%px – 0x%px]”, (void *)vma->vm_start, (void *)vma->vm_end); if (node->rb_left) dfs(node->rb_left); if...

“parent” vs. “real_parent” in struct task_struct

Jan 21, 2021 | Linux, kernel

TL;DR: If process B is tracing process A using something like ptrace(), then B is the parent of A.  In that case, B is not necessarily the real_parent of A. If B creates A (e.g. using fork()) but terminates before A, then init (PID 1) now becomes both the parent...

How (not) to use checkpatch.pl with Python 2

Nov 25, 2020 | kernel

(Hint: Don’t) Today my checkpatch.pl complained all of a sudden: peilin@PWN:~/Desktop/linux_nextuser@computer$ scripts/checkpatch.pl —strict —codespell -f $FILETraceback (most recent call last):File “scripts/spdxcheck.py”, line 6, in...

Cross-compiling an m68k v5.9 Linux Kernel on x86-64 Ubuntu 20.04

Oct 25, 2020 | kernel

First, grab an m68k gcc: peilin@PWN:~/Desktop/linux_mainlineuser@computer$ sudo apt install gcc-m68k-linux-gnu Now you should have a whole bunch of stuff under your /usr/bin: peilin@PWN:~/Desktop/linux_mainlineuser@computer$ ls...

CSAW CTF Final Round 2015: StringIPC write-up

Jun 18, 2020 | kernel, write-up

Playing with vDSO! Each team was presented with unprivileged access to a Digital Ocean droplet running 64-bit Ubuntu 14.04.3 LTS.  The vulnerable kernel module StringIPC.ko was loaded on each system, and successful exploitation would allow for local...

0CTF 2018 Finals: Baby Kernel write-up

Jun 10, 2020 | kernel, write-up

Yes, indeed. It is yet another “baby” challenge… As its name suggests, this is a kernel PWN challenge. Only the vulnerable LKM and a QEMU startup script are provided, so the very first thing is to download a bzImage of the corresponding version, for...