Round 13 projects

Previous projects, from round 12 projects are available here. For each project, if you click on the proposer's name, you may find more information.

Coccinelle

Mentor:: Julia Lawall

Coccinelle is a program matching and transformation tool that has been extensively used for improving Linux kernel code. This project will involve using Coccinelle to address a security issue in the Linux kernel.

The Linux kernel contains many data structures whose contents never change once they are initialized, many of which contain function pointers. Such structures that are modifiable at run time constitute a security risk, because an attacker may be able to overwrite the field value with a pointer to malicious code, that will then be executed with full kernel privileges. The first goal of this project is to use Coccinelle to insert const annotations on such structures to prevent runtime modfications. Some structures, however, cannot be made const, because they are initialized in several steps. In these cases, it may be possible to annotate the structure as __ro_after_init, if all of the initializations can take place during the init phase. The second goal is to add __ro_after_init where they are needed. This may requiring adding __init annotations on some code that is actually only needed during the init phase.

More information about Coccinelle is available here, including a tutorial. For some Coccinelle small tasks, click on the mentor name.

IIO driver

Mentor:: Alison Schofield and Daniel Baluta

A driver allows applications to communicate and control hardware devices. Each development cycle, driver changes account for more than a half of the total Linux kernel code changes.

The goal of this project is to write a driver for a sensor using the Industrial I/O interface. In the first part of the project you will get familiar with the hardware and the IIO subsystem then implement raw readings from the device. After upstreaming the code you will enhance the driver with advanced features such as support for buffered readings, power management and interrupts. The exact device will be decided when the internship starts.

We will provide you the hardware setup necessary to test the driver. If you are interested in this project please consider solving the IIO tasks.

nftables

Mentor:: Pablo Neira Ayuso

nftables provides a replacement for the very popular {ip,ip6,arp,eb}tables tools. nftables reuses most of the Netfilter components such as the existing hooks, connection tracking system, NAT, userspace queueing, logging among many other features. So we have only replaced the packet classification framework. nftables comes with a new userspace utility nft and the low-level userspace library libnftnl. The goal will be to help finish the translation layer software that converts from the iptables syntax to nftables, complete some simple missing features and fixing bugs whenever possible.

If you are interested in this project please consider solving any of the following tasks:

• Request an account for the wiki.nftables.org page and help us improve the content.
• Provide an iptables to nft translation via the iptables-translate utility. You can give a try to the following extensions: icmp, icmp6, rt.
• Try to fix any of the existing nft bugs in bugzilla.netfilter.org.

For more information on nftables, please check: http://wiki.nftables.org

radix tree test suite

Mentors:: Rik van Riel and Matthew Wilcox

The radix tree test suite (found in tools/testing/radix-tree) is currently rather ad-hoc. It would benefit from someone sorting through it, looking for missing coverage (maybe use gcov), and adding tests to exercise the missing functionality. This project involves working primarily in user-space as the kernel code is pulled into userspace and compiled there.

We could also use performance tests (Konstantin Khlebnikov recently posted patches that adds one performance test)

The radix tree test suite was adapted from outside the kernel tree recently, and does not yet share much of the common test infrastructure, eg tools/include/

radix tree __alloc_fd

Mentors:: Rik van Riel and Matthew Wilcox

Currently sys_open() uses a linear search through a bitmap to find the first free file descriptor. This custom code could be replaced with the IDR interface. This replaces some custom code in the kernel with generic code (hopefully shrinking the size of the kernel), could result in some memory savings for processes with relatively few open files, and hopefully improve performance of workloads with very large numbers of open files.

If you think you may be interested in this project, here are some small tasks to start with:

• read how sys_open() currently finds the first open file descriptor, and allocates/resizes the file descriptor table
• understand the IDR API
• email Matthew and Rik a description of your findings, and a proposed project time line

If you have any questions, please email Matthew and Rik.

radix tree PID allocation

Mentors:: Rik van Riel and Matthew Wilcox

The PID allocator is a good match for the IDR API, but it currently uses its own custom allocator. Similar to the __alloc_fd project above, after understanding the IDR API, read how alloc_pid() works (paying particular attention to PID namespaces!) and come up with a project plan.