These are simple Linux kernel modules written for educational purposes, some of
which were written while answering/browsing StackOverflow questions on the
[linux-kernel]
tag.
See "Building" section below for build instructions.
Module | Description | Kernel (tested on) | SO question? |
---|---|---|---|
arm64/syscall_hijack.c |
Test syscall table hijacking on arm64 | 4.19 | 61247838 |
arm64/undef_instr.c |
Test kernel undefined instruction handler on arm64 | 4.19 | 61238959 |
cpufreq.c |
Get CPU frequency for currently online CPUs | 5.10 | 64111116 |
cpuinfo.c |
Get CPU core ID from current CPU ID | 5.10 | 61349444 |
datetime.c |
Get current date and time from kernel space taking into account time zone | 5.10 | - |
enum_pids.c |
Enumerate all the tasks that have a given PID as pid, tgid, pgid or sid | 5.10 | 67235938, 71204947 |
find_root_dev.c |
Find the device where root (/) is mounted and its name | 4.19 | 60878209 |
kallsyms.c |
Lookup and grep kallsyms from kernel space | 4.19, 5.4, 5.10, 5.18 | 70930059 |
page_table_walk.c |
Walk user/kernel page tables and dump entries given a virtual address | 5.10, 5.17, 6.12 | - |
read_implies_exec.c |
Restore old kernel read-implies-exec behavior via a kprobes hack | 6.12 | 79249161 |
reboot_notifier.c |
Test waiting for a critical job (kthread) to finish before poweroff/reboot | 5.10 | 64670766 |
task_bfs_dfs.c |
Iterate and dump a task's children tree using BFS or DFS | 5.10, 5.17, 6.8 | 19208487, 61201560 |
task_rss.c |
Calculare task RSS of all running tasks | 5.6, 5.10, 5.17 | 67224020 |
task_rss_from_pid.c |
Calculare task RSS given an userspace PID | 5.6, 5.10, 5.17 | 67224020 |
test_chardev.c |
Test character device kernel APIs | 5.8, 5.10 | - |
test_hashtable.c |
Test kernel hashtable API | 5.10 | 60870788 |
Modules should compile for Linux x86_64 kernel versions listed in the above
table. Since kernel compatibility varies, it is impossible to build
all modules at once with a simple make -j
. Specific modules can be built
specifying their name in ONLY=
:
make KDIR=path/to/kernel/dir ONLY='cpuinfo datetime'
Modules in the arm64
directory are ARM64-specific, so either use an ARM64
machine or cross-compile specifying your toolchain prefix:
make KDIR=path/to/kernel/dir CROSS_COMPILE=aarch64-linux-gnu-