Looking at kmalloc() and the SLUB Memory Allocator

Recently I was asked to do some homework to prepare for an interview on Linux kernel internals, and I was given the following to analyse:

Specifically, we would like you to study and be able to discuss the code path that is exercised when a kernel caller allocates an object from the kernel memory allocator using a call of the form:

object = kmalloc(sizeof(*object), GFP_KERNEL);

For this discussion, assume that (a) sizeof(*object) is 128, (b) there is no process context associated with the allocation, and (c) we’re referencing an Ubuntu 4.4 series kernel, as found at

git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git

In addition, we will discuss the overall architecture of the SLUB allocator and memory management in the kernel, and the specifics of the slab_alloc_node() function in mm/slub.c.

I spent quite a lot of time, maybe 8-10 hours, studying how the SLUB memory allocator functions, and looking at the implementation of kmalloc(). It’s a pretty interesting process, and it is well worth writing up.

Let’s get started, and I will try to keep this simple.

More …

Revisiting TimeLock 1.2 and Vulnerability Writeup

I’m back again for my second bug bounty! Searching for bugs is actually pretty fun, especially when it comes with a generous reward in my favourite cryptocurrency, Bitcoin!

I was scrolling Reddit like usual, and u/cryptocomicon has returned with a new version of TimeLock! That’s great news.

reddit

If we remember back to last week, I solved the original TimeLock challenge, and wrote a detailed writeup.

u/cryptocomicon issued a new challenge:

I’m so confident in this technology that I’ve created a challenge LockBox file which holds the private key to an address with 0.02 BTC.

Please give it a try.

NOTE: This is going to be much harder than last time.

Much harder than last time? Sounds interesting.

Challenge accepted.

More …

Speaking at linux.conf.au 2019

I was lucky enough to be selected to speak at linux.conf.au 2019, which was held in Christchurch, at the University of Canterbury.

My talk, Maintaining the Unmaintainable: Picking up the Baton of a Secure Kernel Patchset is about my experience in attempting to forward port the last release of the grsecurity patchset to newer kernels, and my time maintaining a public release that targets Linux 4.9 LTS.

I put a lot of time into practising the talk at least once a day for about two weeks straight, and I am happy with how it turned out.

The talk has been uploaded to YouTube, so check it out below, and also have a look at the other talks - there was a lot of interesting talks by the open source community this year.

You can find a copy of the slides here.

More …

Analysis of TimeLock and Vulnerability Writeup

I have something exciting to share today, my first bug bounty! Hopefully the start of something great. It even came with a generous reward, in my favourite crypto currency, Bitcoin.

I was browsing Reddit as you do, and came across this post on r/bitcoin.

post

u/cryptocomicon has developed some encryption software which can be used to safely store secrets and release them to the world sometime in the future. The software can encrypt and store arbitrary files, and release them to trusted third parties when you are no longer around. Sounds good for passing on crypto currency wallets and passwords.

u/cryptocomicon issued a challenge:

“I’m so confident in this technology that I’ve created a challenge LockBox file which holds the private key to an address with 0.02 BTC.

Please give it a try.”

Challenge accepted.

More …

New Beginnings

 _   _      _ _        __        __         _     _ _ 
| | | | ___| | | ___   \ \      / /__  _ __| | __| | |
| |_| |/ _ \ | |/ _ \   \ \ /\ / / _ \| '__| |/ _` | |
|  _  |  __/ | | (_) |   \ V  V / (_) | |  | | (_| |_|
|_| |_|\___|_|_|\___/     \_/\_/ \___/|_|  |_|\__,_(_)
                                                      

Welcome to my blog. This has been a long time coming, but as with everything in life, nothing actually gets accomplished until you sit down, free from distractions and get to work.

I have always been interested in security. Its one of the primary reasons why I did a Computer Science degree at University.

A few years ago, when I was a second year, I decided to get serious about security, and I brought a collection of books, since security is very much a self taught field.

books

I started marking my way through them, starting with Practical Malware Analysis, until University started demanding literally every minute of life dedicated to study in order to keep my grades up.

So, I put my books away for a few years.

My passion for security never stopped though. I kept going to Kiwicon, New Zealands Hacker conference.

t-shirts

I got through my Honours degree, writing a thesis on Automatic Exploit Generation for Embedded Systems, which used symbolic execution to find some trivial buffer overflows and automatically output a basic proof of concept exploit.

From there I was a little lost in life, so I started a PhD.

During that time, I created my startup, Dapper Linux, a high security operating system designed with concepts such as multi level security, defence in depth, etc. It features a grsec kernel and flatpak sandboxed applications.

I’m coming to the end of my PhD now, and since Dapper Linux has not really taken off as much as I expected it to, I have come full circle back to my original passion: security.

It’s time to read my books and make a career out of infosec.

This blog will cover this journey and will contain writeups of problems mentioned in books, CTF competitions and other challenges out there on the internet.

I hope you find the posts interesting.

Matthew.