- In order to get it working with Travis on Ubuntu 18.04 had to use "proposed" repository with 5.3 GCP kernel headers
- Issue with incorrect interceptor library filename can be solved as I described in a comment to SonarQube issue on community forum
- Analysis gave me some recommendations around MISRA compliance, cool!
- Plenty of "smells" are useless, of course, but still worth to review
Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts
Saturday, November 23, 2019
SonarQube / SonarCloud for kernel module static analysis
SonarCloud (online version of SonarQube) can be used for static code analysis of C code of kernel modules. It also has a nice and simple integration with GitHub and Travis CI, although there are some known issues . I have successfully used it with my FL2000 DRM dongle driver pet project, some interesting results:
Wednesday, January 16, 2019
802.11ad trick in Ubuntu
Found cool article (actually, a bug) to make it working
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1753431
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1753431
Tuesday, January 31, 2017
Automate DKMS modules signing in Linux
Some time ago I have managed to sign DKMS Nvidia modules with generated keys and upload those to UEFI. Of course, I had to sign modules every time they've been rebuilt, i.e. when kernel or nvidia driver gets updated. So after few kernel updates I have decided to automate the task via postinst.d hook.
#!/bin/sh
DKMS_DIR=/lib/modules/$1/updates/dkms
KEYS_DIR=/opt/sign
SIGN_CMD=/usr/src/linux-headers-$1/scripts/sign-file
for file in $DKMS_DIR/*.ko
do
$SIGN_CMD sha256 $KEYS_DIR/MOK.priv $KEYS_DIR/MOK.der "$file" > /dev/null 2>&1
done
exit 0
Tuesday, June 21, 2016
Module signing in Linux
Got xUbuntu 16.04 installed alongside with Windows 10 on UEFI with Secure Boot enabled and had to get 3rd party GPU drivers running so found this nice answer here.
Resources: Detailed website article for Fedora and Ubuntu implementation of module signing.
One addition for the security-conscious: the private key MOK.priv generated by openssl -nodes as above is not protected by a password. Thus in principle, a rogue program could use it to sign a compromised module or even taint the bootloader, as your signing key now sits in hardware storage as a trusted key. A more secure solution is to omit the -nodes option. In step 1 openssl will then ask for a password to protect the private key. Before step 2, when signing, set the KBUILD_SIGN_PIN environment variable to the password you specified in step 1.
Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. If you'd want to keep Secure Boot and also run these modules, then the next logical step is to sign those modules.
So let's try it.
So let's try it.
- Create signing keys
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=descriptive name/" - Sign the module
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der /path/to/module - Register the keys to Secure Boot
sudo mokutil --import MOK.der
Supply a password for later use after reboot - Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.
Resources: Detailed website article for Fedora and Ubuntu implementation of module signing.
One addition for the security-conscious: the private key MOK.priv generated by openssl -nodes as above is not protected by a password. Thus in principle, a rogue program could use it to sign a compromised module or even taint the bootloader, as your signing key now sits in hardware storage as a trusted key. A more secure solution is to omit the -nodes option. In step 1 openssl will then ask for a password to protect the private key. Before step 2, when signing, set the KBUILD_SIGN_PIN environment variable to the password you specified in step 1.
Wednesday, January 14, 2015
Enabling A2DP Bluetooth speakers for PulseAudio in xUbuntu 14.04
A little bit of masochism Linux-style
1. change settings in audio.conf:
SCORouting=PCMDisabled=Socket
2. enable Bluetooth in PulseAudio
sudo apt-get install pulseaudio-module-bluetooth
pulseaudio -k
pactl load-module module-bluetooth-device
pactl load-module module-switch-on-connect
3. PROFIT!
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1181106
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725610
1. change settings in audio.conf:
SCORouting=PCMDisabled=Socket
2. enable Bluetooth in PulseAudio
sudo apt-get install pulseaudio-module-bluetooth
pulseaudio -k
pactl load-module module-bluetooth-device
pactl load-module module-switch-on-connect
3. PROFIT!
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1181106
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725610
Monday, November 26, 2012
Sparse is dead?
Just noticed that Linux kenel sparse tool is not maintained well anymore. It has two repositories actually:
Update: sparse cannot even handle arrays of boolean, what a shame...
- on kernel.org http://git.kernel.org/?p=devel/sparse/sparse.git
- and on github.com https://github.com/chrisforbes/sparse
Update: sparse cannot even handle arrays of boolean, what a shame...
Sunday, November 18, 2012
Conky GUI on xUbuntu 12.04 and Oracle JDK 1.7
Recently I have found a nice tool to replace Gnome Screenlets on my XFCE desktop and provide all sorts of technical details - memory usage, CPU usage, IO load, network stats, etc. - Conky. It is highly flexible and provides a Lua interface and also whatever you can imagine for this kind of tool. More info on the project page or on the Wikipedia; you can find there good examples of config files, different tweaks and additional software.
Unfortunately, there is no GUI to write conky configuration scripts except Conky GUI which does not seem to be maintained anymore. Last thing was done in May 2012 when project has been moved to Github. The .deb package from the website didn't worked for me so I have decided to build my own version. It turned out that some minor fixes were needed to run it with Oracle JDK 1.7 and new JUnit, patches can be found here.
UPDATE: Amazing samples of Conky configuration!
Unfortunately, there is no GUI to write conky configuration scripts except Conky GUI which does not seem to be maintained anymore. Last thing was done in May 2012 when project has been moved to Github. The .deb package from the website didn't worked for me so I have decided to build my own version. It turned out that some minor fixes were needed to run it with Oracle JDK 1.7 and new JUnit, patches can be found here.
UPDATE: Amazing samples of Conky configuration!
Tuesday, July 10, 2012
socat
While playing with Android libsensors virtual HW access I have decided not to torture my PandaBoard with soldering additional serial port (note it has only one with console connected to it by default) and use some sort of a virtual serial port instead connected to real HW over the network:
After googling a while I have found a nice tool 'socat' that allows to... well, it can do almost everything, checkout on the project website: http://www.dest-unreach.org/socat/
It only turned out that Android build script has a minor bug in it I had to fix (see below 'android_termios_shift_fix.patch') and also there is a problem with PTYs support. By default openpty() and other related functions are absent in Bionic library, while Linux kernel configuration used in Android implements UNIX98 PTYs. In order to get my small system working I have ported openpty() function from uClibc which seemed to be quite enough for socat to get it working. The 'enable_android_pty.patch' adds an 'openpty.c' file to the build and modifies Android build script to perform following changes when it is invoked:
- enable HAVE_OPENPTY and HAVE_GRANTPT features in config.h
- add openpty.c to the Makefile
Actually this is a quick-n-dirty solution: it produces a warning for openpty() since no pty.h header exist, the port itself is a license violation, etc., but I don't really care at the moment - the whole 'socat_buildscript_for_android.sh' distributed with socat is a dirty hack.
So I've got everything working and I can also capture and analyze packets going trough serial port with Wireshark by just writing a simple dissector! sweeeeet...
Patches are available here.
Socat is used on host (sandbox) with following command:
socat tcp-l:54321,reuseaddr,fork /dev/ttyS0,raw,b115200,echo=0
and on panda with:
socat pty,link=/dev/ttyS0,raw,echo=0 tcp:sandbox:54321
After googling a while I have found a nice tool 'socat' that allows to... well, it can do almost everything, checkout on the project website: http://www.dest-unreach.org/socat/
It only turned out that Android build script has a minor bug in it I had to fix (see below 'android_termios_shift_fix.patch') and also there is a problem with PTYs support. By default openpty() and other related functions are absent in Bionic library, while Linux kernel configuration used in Android implements UNIX98 PTYs. In order to get my small system working I have ported openpty() function from uClibc which seemed to be quite enough for socat to get it working. The 'enable_android_pty.patch' adds an 'openpty.c' file to the build and modifies Android build script to perform following changes when it is invoked:
- enable HAVE_OPENPTY and HAVE_GRANTPT features in config.h
- add openpty.c to the Makefile
Actually this is a quick-n-dirty solution: it produces a warning for openpty() since no pty.h header exist, the port itself is a license violation, etc., but I don't really care at the moment - the whole 'socat_buildscript_for_android.sh' distributed with socat is a dirty hack.
So I've got everything working and I can also capture and analyze packets going trough serial port with Wireshark by just writing a simple dissector! sweeeeet...
Patches are available here.
Socat is used on host (sandbox) with following command:
socat tcp-l:54321,reuseaddr,fork /dev/ttyS0,raw,b115200,echo=0
and on panda with:
socat pty,link=/dev/ttyS0,raw,echo=0 tcp:sandbox:54321
Wednesday, October 26, 2011
KS2011: Patch review (by LWN.net)
I have read an interesting article by Jonathan Corbet on the "patch review" session on 2011 Kernel Summit. Needless to say, patch review process in both open-source and proprietary projects is a very interesting and challenging topic, especially when it goes to a big software systems with thousands people working on them. While reading the article I have found a point not really relevant to the review process, but very interesting from the prioritization POV
As one might imagine, the discussion became rather unfocused and fragmented for a while. It came back together when Linus took the microphone and stated that, simply, code that actually is used is the code that is actually worth something. The Android code is certainly being used; the in-kernel code aimed at the same problems is just a vague idea that is worthless in comparison. We should, he said, consider merging suspend blockers as a real option. Even if it truly is crap, we've had crap in the kernel before. The code does not get any better out of tree. Alan Cox agreed that it is probably a good idea to merge that code. The interface is important and has a lot of users; getting the code merged is the best way to fix the implementation. Ingo also agreed, saying that when code has millions of users, we have to say "yes" to it.This is a really interesting statement, I do fully support it. It does not neglect the need to improve code quality with time - it only sets priority. It is really weird that so many people (including really good software engineers) do not understand this...
Friday, June 24, 2011
kernel development using Eclipse (OMAP4 pandaboard + 2.6.35 + Android)
Working with kernel sources
Just found out that guys in my team are using all different editors for kernel code debugging - and all not very effective enough... Of course the best solution IMHO is till gvim + ctags, but if you wish something more fancy :) you can go with Eclipse - so I've tried to set it up on my fresh Ubuntu 11.04 x64
1. Download and install toolchain
For the reasons unknown I have decided to use Linaro toolchain for my games. According to Linaro HOWTO this is as simple as entering one command for natty:
sudo apt-get install gcc-arm-linux-gnueabi
of course, I have all my Ubuntu build tools preinstalled.
2. Download the kernel sources
Since I am going to use OMAP4 pandaboard with 2.6.35 kernel on Android - I am following instructions on OMAPpedia wiki to pull the kernel:
git clone git://git.omapzoom.org/kernel/omap.git kernel
git checkout -b p-android-omap-2.6.35_local remotes/origin/p-android-omap-2.6.35
Before building the kernel with latest Linaro toolchain I need to apply a patch that resolves binutils architecture issues with 2.6.35 kernel.
diff --git a/arch/arm/mach-omap2/Makefile b/arch/arm/mach-omap2/Makefile
index 884eb1f..6854066 100644
--- a/arch/arm/mach-omap2/Makefile
+++ b/arch/arm/mach-omap2/Makefile
@@ -30,8 +30,10 @@ obj-$(CONFIG_HOTPLUG_CPU) += omap-hotplug.o
obj-$(CONFIG_ARCH_OMAP4) += omap44xx-smc.o omap4-common.o \
omap4-wakeupgen.o
-AFLAGS_omap44xx-smc.o :=-Wa,-march=armv7-a
-
+plus_sec := $(call as-instr,.arch_extension sec,+sec)
+AFLAGS_omap-headsmp.o :=-Wa,-march=armv7-a$(plus_sec)
+AFLAGS_omap44xx-smc.o :=-Wa,-march=armv7-a$(plus_sec)
+
# Functions loaded to SRAM
obj-$(CONFIG_ARCH_OMAP2420) += sram242x.o
obj-$(CONFIG_ARCH_OMAP2430) += sram243x.o
@@ -69,6 +71,7 @@ obj-$(CONFIG_OMAP_SMARTREFLEX_CLASS1P5) += smartreflex-class1p5.o
AFLAGS_sleep24xx.o :=-Wa,-march=armv6
AFLAGS_sleep34xx.o :=-Wa,-march=armv7-a
+AFLAGS_sleep44xx.o :=-Wa,-march=armv7-a$(plus_sec)
ifeq ($(CONFIG_PM_VERBOSE),y)
CFLAGS_pm_bus.o += -DDEBUG
diff --git a/security/smc/omap4/Makefile b/security/smc/omap4/Makefile
index af345a1..af545a2 100644
--- a/security/smc/omap4/Makefile
+++ b/security/smc/omap4/Makefile
@@ -38,4 +38,7 @@ tf_driver-objs += tf_comm_mshield.o
tf_driver-objs += tf_device_mshield.o
tf_driver-objs += bridge_pub2sec.o
+plus_sec := $(call as-instr,.arch_extension sec,+sec)
+AFLAGS_bridge_pub2sec.o :=-Wa,-march=armv7-a$(plus_sec)
+
obj-$(CONFIG_SECURITY_MIDDLEWARE_COMPONENT) += tf_driver.o
This was already fixed on the latest kernels, refer to this thread for details. If you are using CodeSourcery toolchain referred in OMAPpedia wiki - you don't need it.
Compile the kernel with pandaboard defconfig (as per latest available L27.12.1-P2 release notes) with modified toolchain
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- distclean
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- android_4430_defconfig
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- uImage
Later we will need to follow full instructions - patches, folders, environment variables, but to start working with kernel this should be pretty enough.
3. Download and install Eclipse
I prefer not to use one that is supplied with Ubuntu so I am just downloading Eclipse IDE for C/C++ Linux Developers 64-bit from eclipse.org. Prefer to keep it in the opt folder usually...
cd /opt
sudo mkdir eclipse
sudo chmod a+rwx eclipse
tar -xvzf ~/Downloads/eclipse-linuxtools-indigo-incubation-linux-gtk-x86_64.tar.gz
There is an ugly bug in the latest eclipse when it crashes during index rebuilding so I had to use a workaround offered by Marc-Andre Laperle with adding
-XX:-UseCompressedOops
to eclipse.ini file. Probably I will also need to increase the maximum memory usage limitations later.
4. Configuring Eclipse to work with Linux kernel
Some time ago I used to use one python script to generate kernel symbols for the .project file, but today I have found a very nice article on how to correctly index kernel with Eclipse on the eclipse.org wiki. My customizations:
Just found out that guys in my team are using all different editors for kernel code debugging - and all not very effective enough... Of course the best solution IMHO is till gvim + ctags, but if you wish something more fancy :) you can go with Eclipse - so I've tried to set it up on my fresh Ubuntu 11.04 x64
1. Download and install toolchain
For the reasons unknown I have decided to use Linaro toolchain for my games. According to Linaro HOWTO this is as simple as entering one command for natty:
sudo apt-get install gcc-arm-linux-gnueabi
of course, I have all my Ubuntu build tools preinstalled.
2. Download the kernel sources
Since I am going to use OMAP4 pandaboard with 2.6.35 kernel on Android - I am following instructions on OMAPpedia wiki to pull the kernel:
git clone git://git.omapzoom.org/kernel/omap.git kernel
git checkout -b p-android-omap-2.6.35_local remotes/origin/p-android-omap-2.6.35
Before building the kernel with latest Linaro toolchain I need to apply a patch that resolves binutils architecture issues with 2.6.35 kernel.
diff --git a/arch/arm/mach-omap2/Makefile b/arch/arm/mach-omap2/Makefile
index 884eb1f..6854066 100644
--- a/arch/arm/mach-omap2/Makefile
+++ b/arch/arm/mach-omap2/Makefile
@@ -30,8 +30,10 @@ obj-$(CONFIG_HOTPLUG_CPU) += omap-hotplug.o
obj-$(CONFIG_ARCH_OMAP4) += omap44xx-smc.o omap4-common.o \
omap4-wakeupgen.o
-AFLAGS_omap44xx-smc.o :=-Wa,-march=armv7-a
-
+plus_sec := $(call as-instr,.arch_extension sec,+sec)
+AFLAGS_omap-headsmp.o :=-Wa,-march=armv7-a$(plus_sec)
+AFLAGS_omap44xx-smc.o :=-Wa,-march=armv7-a$(plus_sec)
+
# Functions loaded to SRAM
obj-$(CONFIG_ARCH_OMAP2420) += sram242x.o
obj-$(CONFIG_ARCH_OMAP2430) += sram243x.o
@@ -69,6 +71,7 @@ obj-$(CONFIG_OMAP_SMARTREFLEX_CLASS1P5) += smartreflex-class1p5.o
AFLAGS_sleep24xx.o :=-Wa,-march=armv6
AFLAGS_sleep34xx.o :=-Wa,-march=armv7-a
+AFLAGS_sleep44xx.o :=-Wa,-march=armv7-a$(plus_sec)
ifeq ($(CONFIG_PM_VERBOSE),y)
CFLAGS_pm_bus.o += -DDEBUG
diff --git a/security/smc/omap4/Makefile b/security/smc/omap4/Makefile
index af345a1..af545a2 100644
--- a/security/smc/omap4/Makefile
+++ b/security/smc/omap4/Makefile
@@ -38,4 +38,7 @@ tf_driver-objs += tf_comm_mshield.o
tf_driver-objs += tf_device_mshield.o
tf_driver-objs += bridge_pub2sec.o
+plus_sec := $(call as-instr,.arch_extension sec,+sec)
+AFLAGS_bridge_pub2sec.o :=-Wa,-march=armv7-a$(plus_sec)
+
obj-$(CONFIG_SECURITY_MIDDLEWARE_COMPONENT) += tf_driver.o
This was already fixed on the latest kernels, refer to this thread for details. If you are using CodeSourcery toolchain referred in OMAPpedia wiki - you don't need it.
Compile the kernel with pandaboard defconfig (as per latest available L27.12.1-P2 release notes) with modified toolchain
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- distclean
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- android_4430_defconfig
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- uImage
Later we will need to follow full instructions - patches, folders, environment variables, but to start working with kernel this should be pretty enough.
3. Download and install Eclipse
I prefer not to use one that is supplied with Ubuntu so I am just downloading Eclipse IDE for C/C++ Linux Developers 64-bit from eclipse.org. Prefer to keep it in the opt folder usually...
cd /opt
sudo mkdir eclipse
sudo chmod a+rwx eclipse
tar -xvzf ~/Downloads/eclipse-linuxtools-indigo-incubation-linux-gtk-x86_64.tar.gz
There is an ugly bug in the latest eclipse when it crashes during index rebuilding so I had to use a workaround offered by Marc-Andre Laperle with adding
-XX:-UseCompressedOops
to eclipse.ini file. Probably I will also need to increase the maximum memory usage limitations later.
4. Configuring Eclipse to work with Linux kernel
Some time ago I used to use one python script to generate kernel symbols for the .project file, but today I have found a very nice article on how to correctly index kernel with Eclipse on the eclipse.org wiki. My customizations:
- Step 14: since we are doing cross compilation, I need to add custom build variables in the corresponding menu of the C/C++ Build options. Add ARCH with value arm and CROSS_COMPILE with value arm-linux-gnueabi- to all configurations. Maybe I will need to add some compiler options later here, but for now it is quite enough
- Step 15: use arm-linux-gnueabi-gcc for compiler command
- Step 25: here I have arch/arm/include, also I had to add arch/arm/plat-omap/include and arch/arm/mach-omap2/include
- Step 33: here I have everything except arch/arm
- Additionally in C/C++ Build options I am setting Build target in the Behavior tab to uImage and Build command in the Builder Settings tab to make ARCH=${ARCH} CROSS_COMPILE=${CROSS_COMPILE}
- In the end you will need to clean and rebuild from Eclipse to get the list of issues
Sunday, November 29, 2009
802.11s Mesh Networking
FreeBSD 8.0 recently announced has updated 802.11s Mesh Networking implementation to D3.03. Still not clear if it can interoperate with Linux's implementation. Anyone tested it?
Sunday, December 7, 2008
wireless performance
QNX has adopted 802.11 wireless stack (as a part of the whole networking stack) from the NetBSD sources. Since 802.11n is not yet supported by the NetBSD so it is worth to implement support. It would be interesting to measure its performance and compare with the Linux wireless stack. Of course, the OSes are totally different but still from the POV of a RG or video bridge it would be interesting to compare the performance in terms of maximum throughput and pps.
So I need to:
So I need to:
- choose a HW platform for the tests (I guess PXA dongle with 32MB of RAM should be OK)
- make a QNX 6.4 BSP for it using already existing BSPs
- make a Linux BSP for it using preferably E-CLFS with some latest kernel
- compare performance in general (ethernet routing/bridging)
- make a clean ethernet-like MTLK Linux driver
- make a clean ethernet-like MTLK QNX driver
- compare performance again
Subscribe to:
Posts (Atom)