There are some queries regarding image based competition on kaggle. Let's say after creating a baseline model for objectDetection/imageClassification/poseEstimation or any other problem. Now the point is how to improve that model.

1. Do I need an understanding of Image processing or should I focus on model hyper parameter.
2. If image processing is required then should I go for image understanding using Fourier transform and all. And if I do then how can I apply these concept in high level kernels.
3. If I go for some processing library then can anyone provide some resources where I can get some understanding regarding that.
4. And If I focus on model hyper parameter tuning than any advice is preferred as it will take a lot of time just to check if some parameter are working or not.

I would be grateful for any type of advice or tips that you can provide.

As I keep running into the term kobject again and again, I finally want to understand what a kobject is good for.
I read some texts that explain what kobject, ktype and kset are. It is quite hard to understand and unfortunately I still don't even see why I would use it at all.

Do you know a good place in Linux code to see how kobjects are used for which purpose?
Understanding why Code X uses a kobject to do Y with Z would be a great help to have a look into said code and understand how this is done.

To clarify my expectation. I do not expect somebody to write code examples for me. I am looking through code files in order to find a hint not only how to create a kobject, but also a practical use that shows why this happens.
I found how-to examples, but I am still missing a this is when kobjects are really handy example.

I'm trying to get PIMAGE_NT_HEADERS64 from KernelBase by using RtlImageNtHeader but I keep getting KMODE_EXCEPTION_NOT_HANDLED bsod error message whenever I run the driver. (PS I have already checked and GetKernelBase is not returning nullptr & that GetKernelBase is not causing the BSOD)

How I get KernelBase:

PVOID GetKernelBase(OUT PULONG pSize)
{
    NTSTATUS status = STATUS_SUCCESS;
    ULONG bytes = 0;
    PRTL_PROCESS_MODULES pMods = NULL;
    PVOID checkPtr = NULL;
    UNICODE_STRING routineName;
    PVOID g_KernelBase = nullptr;
    ULONG g_KernelSize;

    RtlUnicodeStringInit(&routineName, L"NtOpenFile");

    checkPtr = MmGetSystemRoutineAddress(&routineName);
    if (checkPtr == NULL)
        return NULL;

    // Protect from UserMode AV
    status = ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS::SystemModuleInformation, 0, bytes, &bytes);
    if (bytes == 0)
    {
        DbgPrint("BlackBone: %s: Invalid SystemModuleInformation size\n", __FUNCTION__);
        return NULL;
    }

    pMods = (PRTL_PROCESS_MODULES)ExAllocatePoolWithTag(NonPagedPool, bytes, BB_POOL_TAG);
    RtlZeroMemory(pMods, bytes);

    status = ZwQuerySystemInformation(SystemModuleInformation, pMods, bytes, &bytes);

    if (NT_SUCCESS(status))
    {
        PRTL_PROCESS_MODULE_INFORMATION pMod = pMods->Modules;

        for (ULONG i = 0; i < pMods->NumberOfModules; i++)
        {
            // System routine is inside module
            if (checkPtr >= pMod[i].ImageBase &&
                checkPtr < (PVOID)((PUCHAR)pMod[i].ImageBase + pMod[i].ImageSize))
            {
                g_KernelBase = pMod[i].ImageBase;
                g_KernelSize = pMod[i].ImageSize;
                if (pSize)
                    * pSize = g_KernelSize;
                DbgPrint("KernelBase found! Size: " + g_KernelSize);
                break;
            }
        }
    }

    if (pMods)
        ExFreePoolWithTag(pMods, BB_POOL_TAG);

    return g_KernelBase;
}

How I use RtlImageNtHeader:

PULONG pSize = NULL;
PVOID base = GetKernelBase(pSize);
PIMAGE_NT_HEADERS64 pHdr = RtlImageNtHeader(base); // causing crash

Thanks in advance

I'd like to call my app from my driver when an interesting event happens in the Windows kernel. I need to be able to pass at least 4 bytes of data back to user mode. How to achieve this? These events might happen quite, but not too, often, so I don't want to build a queue system and use IOCTLs.

I was thinking of something like the driver gets loaded, the user mode app registers its callback using IOCTL and kernel keeps calling that callback when events happen and finally the user mode client unregisters the callback and no more data is send to user mode. Is this possible?

I'm new to kernel programming, so after a day of googling I decided to ask here. I've noticed that there isn't much discussion about the kernel and drivers. And even less proper docs.

When I try to compile link.ld, [below], it throws an error.

;link.ld
OUTPUT_FORMAT(elf32-i386)
ENTRY(start)
SECTIONS
    {
        . = 0x100000
        .text : { *(.text) }
        .data : { *(.data) }
        .bss  : { *(.bss) }
    }

The error is:

ld:link.ld:6: syntax error.

Please help.

kernel.c:

/*
*  kernel.c
*/
void kmain(void)
{
    const char *str = "my first kernel";
    char *vidptr = (char*)0xb8000;  //video mem begins here.
    unsigned int i = 0;
    unsigned int j = 0;

    /* this loops clears the screen
    * there are 25 lines each of 80 columns; each element takes 2 bytes */
    while(j < 80 * 25 * 2) {
        /* blank character */
        vidptr[j] = '';
        /* attribute-byte - light grey on black screen */
        vidptr[j+1] = 0x07;         
        j = j + 2;
    }

    j = 0;

    /* this loop writes the string to video memory */
    while(str[j] != '\0') {
        /* the character's ascii */
        vidptr[i] = str[j];
        /* attribute-byte: give character black bg and light grey fg */
        vidptr[i+1] = 0x07;
        ++j;
        i = i + 2;
    }
    return;
}

kernel.asm:

;;kernel.asm

;nasm directive - 32 bit
bits 32
section .text
        ;multiboot spec
        align 4
        dd 0x1BADB002            ;magic
        dd 0x00                  ;flags
        dd - (0x1BADB002 + 0x00) ;checksum. m+f+c should be zero

global start
extern kmain            ;kmain is defined in the c file

start:
  cli           ;block interrupts
  mov esp, stack_space  ;set stack pointer
  call kmain
  hlt           ;halt the CPU

section .bss
resb 8192       ;8KB for stack
stack_space:

I have no clue what happens, I have checked and double-checked. kernel.c and kernel.asm compile without issue. Please post fixed code below, I am very frustrated. I run the command:

ld -m elf_i386 -T link.ld -o kernel kasm.o kc.o

I'm trying to understand what I need to do in order to map a user's page to kernel space.

Now, I know that the user memory can already be accessed from the kernel using get_user and put_user. This is not what I'm after. In my scenario, the user's page has r/o permissions and I want to write to it. I have not tried (and maybe I should) writing to it, since I guess it would result in a page fault.

As far as I can tell, what I need to do is this:

1. Find the physical address of the user page
2. Find (and reserve) a virtual address in the kernel space
3. Add a PTE under the kernel's PGD (current->mm->pgd???) that points to said physical address with desired permissions

So my question is actually twofold - are my intuition and steps correct, and how do I implement those steps?

I couldn't find anything about this error so i thought I'd ask:

I am training a SVM (supper vector machine) on the mnist dataset containing pixel values of hand written images in greyscale (1 value per pixel). To do this i am using the e1071 library in R. There are three main ways of training an SVM using the e1071 library, "linear", "radial" and "polynomial". When i tried "linear", tuning for the cost function i get sensible results, excellent results actually, i was very happy with them. But when i try "radial" and predict on my test dataset i get the following confusion matrix:

          Reference
Prediction    0    1    2    3    4    5    6    7    8    9
         0    0 3621    0    0    0    0    0    0    0    0
         1    0 4149    0    0    0    0    0    0    0    0
         2    0 3666    0    0    0    0    0    0    0    0
         3    0 3833    0    0    0    0    0    0    0    0
         4    0 3593    0    0    0    0    0    0    0    0
         5    0 3352    0    0    0    0    0    0    0    0
         6    0 3648    0    0    0    0    0    0    0    0
         7    0 3905    0    0    0    0    0    0    0    0
         8    0 3568    0    0    0    0    0    0    0    0
         9    0 3665    0    0    0    0    0    0    0    0

I've tried to mess around with it and I've tried tuning it, but i can't get it to classify any image as anything other than a 1 using the radial kernel. Any idea why?

• The other libraries are in there because i was working on other machine learning techniques at the same time, I'm new to the field and following a course at the university where all these libraries are used, so I'm not completely sure which i can turn off.
• The reduced dataset is simply the original mnist dataset resampled to be 14 by 14 pixels instead of the original 28 by 28 pixels to allow me to finish the assignment before the deadline (tomorrow :P).
• I'm asking not to finish the course with a passing grade (i get that easily using a linear model), but because I'm stumped as to what might produce this weird error.

This is my code for the linear model:

library(nnet)
library(caret)
library(plyr)
library(dplyr)
library(e1071)
library(OpenImageR)
library(glmnet)

set.seed(200)
mnist.dat <- read.csv("reduced.csv")

# Data preparation --------------------------------------------------------


#set minimum contrast by filtering pixels that average below a pre determined value
mnist.dat <- mnist.dat[, colSums(mnist.dat != 0) > 0] 

#sample dataset into training, testing and validation datasets
index <- sample(nrow(mnist.dat), 5000)
samples <- mnist.dat[index, ]
last_test <- mnist.dat[-index, ]
samples$label <- as.factor(samples$label)
last_test$label <- as.factor(last_test$label)
label.index <- which(names(mnist.dat)=="label")


# svm, cost tuning, 5 folds -----------------------------------------------

mnist.svm.tune <- tune(
  svm, 
  samples[,-label.index], 
  samples$label, 
  kernel = "linear", 
  ranges = list(cost=c(
    1*10^-6:9
  )
  )
)

mnist.svm <- svm(
  samples[,-label.index], 
  samples$label,
  kernel = "linear",
  scale = FALSE,
  cross = 5,
  cost = mnist.svm.tune[["best.parameters"]][["cost"]]
)

mnist.svm.cm <- confusionMatrix(
  last_test[,label.index],
  predict(
    mnist.svm, 
    last_test[,-label.index]
  )
)

Which produces this much more sensible confusion matrix:

              Reference
Prediction    0    1    2    3    4    5    6    7    8    9
         0 3514    0   13    1   12   25   20    3   26    7
         1    0 4066   20   16    5    5    4    4   22    7
         2   30   22 3264   40   67   15   57   65   87   19
         3   18   22   83 3321    8  180   20   35  110   36
         4    6   14   17    0 3334    4   33   15   11  159
         5   30   43   26  112   43 2890   66   16   96   30
         6   31   10   29    1   37   43 3481    0   16    0
         7   13   39   52    6   55   18    2 3573   23  124
         8    8   75   36   68   18   99   39   18 3142   65
         9   15   24   15   46  171   21    0  116   40 3217

And this is the code i used to generate the SVM with the radial kernel that produced the confusion matrix at the top of this post:

test.svm <- svm(samples$label ~ ., data = samples[,-174], kernel = "radial", gamma = 0.1, cost = 1)

I tried tuning it:

test.svm.tune <- tune.svm(samples$label ~ ., data = samples[,-174], gamma = 10^(-5:-1), cost = 10^(-3:1))

Which resulted in the following error:

Error in model.frame.default(formula, data) : 
  variable lengths differ (found for 'V7')

This is obviously not the case, i checked manually, V7 is the same length as all the others. This seems obvious to me since the linear model did not produce this error.

I tried again, thinking maybe i should specify radial:

test.svm.tune <- tune.svm(samples$label ~ ., data = samples[,-174], kernel = "radial", gamma = 10^(-5:-1), cost = 10^(-3:1))

But i get the same error, logical because "radial" is the default setting. If anyone can point out what I'm doing wrong, it would be a great weight being lifted off my mind, so thank you in advance!

I need to read SQL Server database files opened by server (with exclusive access I guess). After some research I figured that there are two options: with Volume Shadowcopy Service or kernel mode driver. So I implemented first option, but there are issues: it works as backup, it waits for some time to get access and database files can be greater than 1TB. So I'm trying to read files with kernel mode driver, but whatever option I trying with

  TraceEvents(TRACE_LEVEL_VERBOSE, DBG_INIT, "Absolute Filename %wZ", &absFileName);
  InitializeObjectAttributes(&fileAttributes, &absFileName, 
    OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 
    NULL,
    NULL
  );

  status = ZwCreateFile(
    &devExt->FileHandle,
    SYNCHRONIZE | FILE_READ_DATA,
    &fileAttributes,
    &ioStatus,
    NULL,
    FILE_ATTRIBUTE_NORMAL,
    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
    FILE_OPEN,
    FILE_SYNCHRONOUS_IO_NONALERT,
    NULL,
    0
  );

  if (!NT_SUCCESS(status)) {
    TraceEvents(TRACE_LEVEL_ERROR, DBG_INIT, "ZwCreateFile failed with status %!STATUS!", status);
    devExt->FileHandle = NULL;
  }

or

  status = ZwOpenFile(
    &devExt->FileHandle,
    SYNCHRONIZE | FILE_READ_DATA,
    &fileAttributes,
    &ioStatus,
    FILE_SHARE_READ,
    FILE_SYNCHRONOUS_IO_NONALERT
  );

I have error ZwCreateFile failed with status 0xc0000043(STATUS_SHARING_VIOLATION). Is it even possible to read such files from driver. If I restricted to ordinal access rules even in driver then how antiviruses able to read such files. Anything can open something in exclusive mode and block access. Driver based on Microsoft's example Windows-driver-samples\general\ioctl\kmdf\.

Are there any major differences between the Metal Shader Language on iOS and Mac? I'm trying to port my Metal cifilters from iOS, and they seem to look completely different

When I try to compile link.ld, [below], it throws an error.

;link.ld
OUTPUT_FORMAT(elf32-i386)
ENTRY(start)
SECTIONS
    {
        . = 0x100000
        .text : { *(.text) }
        .data : { *(.data) }
        .bss  : { *(.bss) }
    }

The error is:

ld:link.ld:6: syntax error.

Please help.

kernel.c:

/*
*  kernel.c
*/
void kmain(void)
{
    const char *str = "my first kernel";
    char *vidptr = (char*)0xb8000;  //video mem begins here.
    unsigned int i = 0;
    unsigned int j = 0;

    /* this loops clears the screen
    * there are 25 lines each of 80 columns; each element takes 2 bytes */
    while(j < 80 * 25 * 2) {
        /* blank character */
        vidptr[j] = '';
        /* attribute-byte - light grey on black screen */
        vidptr[j+1] = 0x07;         
        j = j + 2;
    }

    j = 0;

    /* this loop writes the string to video memory */
    while(str[j] != '\0') {
        /* the character's ascii */
        vidptr[i] = str[j];
        /* attribute-byte: give character black bg and light grey fg */
        vidptr[i+1] = 0x07;
        ++j;
        i = i + 2;
    }
    return;
}

kernel.asm:

;;kernel.asm

;nasm directive - 32 bit
bits 32
section .text
        ;multiboot spec
        align 4
        dd 0x1BADB002            ;magic
        dd 0x00                  ;flags
        dd - (0x1BADB002 + 0x00) ;checksum. m+f+c should be zero

global start
extern kmain            ;kmain is defined in the c file

start:
  cli           ;block interrupts
  mov esp, stack_space  ;set stack pointer
  call kmain
  hlt           ;halt the CPU

section .bss
resb 8192       ;8KB for stack
stack_space:

I have no clue what happens, I have checked and double-checked. kernel.c and kernel.asm compile without issue. Please post fixed code below, I am very frustrated. I run the command:

ld -m elf_i386 -T link.ld -o kernel kasm.o kc.o

enter image description here Kernel error, not able to run any code

I've got 2 experimental environment: CentOS 6.8 and Ubuntu 16.04 Both run inside Virtualbox VM.

On CentOS I installed

yum install kernel-devel kernel-debug

On Ubuntu I installed:

sudo apt-get install linux-headers-$(uname -r)
sudo apt-get install fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge

On both systems I can run this successfully:

stap -ve 'probe begin { log("hello world") exit() }'

I tried this .stp script from systemtap guide:

#!/usr/bin/stap
probe begin
{
    log("begin probe")
}
probe syscall.open
{
    printf("%s(%d) open (%s)\n",execname(),pid(),argstr)
}
probe timer.ms(4000)#4s later
{
    exit()
}
probe end
{
    log("end probe")
}

chmod +x ... the script and run as root user. Both systems report errors like:

./test2.stp -v
Pass 1: parsed user script and 124 library script(s) using 217780virt/45168res/3204shr/42664data kb, in 210usr/20sys/238real ms.
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/syscalls2.stp:197:24
        source: probe __syscall.open = kernel.function("sys_open").call
                                       ^

semantic error: missing x86_64 kernel/module debuginfo [man warning::debuginfo] under '/lib/modules/2.6.32-642.el6.x86_64/build'

semantic error: while resolving probe point: identifier '__syscall' at :177:47
        source: probe syscall.open = __syscall.compat_open ?, __syscall.open
                                                              ^

semantic error: no match

semantic error: while resolving probe point: identifier 'syscall' at ./test2.stp:6:7
        source: probe syscall.open
                      ^

semantic error: no match

Pass 2: analyzed script: 3 probe(s), 6 function(s), 0 embed(s), 0 global(s) using 230172virt/57516res/5204shr/52952data kb, in 120usr/150sys/270real ms.
Pass 2: analysis failed.  [man error::pass2]

What's this error about? Is it an installation problem? Is there a syntax error in my script?

Thanks a lot.

Using a linux-kernel compiled as it is described here, I'm trying to make a led blinking following this wiki: Linux GPIO Driver. I'm working with a Zybo-board of Xilinx.

I enabled the kernel options:

CONFIG_GPIO_SYSFS=y
CONFIG_SYSFS=y
CONFIG_GPIO_XILINX=y

I checked that I have mounted in /sys the SysFs

I want to configure the pin 7 of the MIO port because it is attached to the led LD4 in the board. So I used this expression:

echo 7 > /sys/class/gpio/export

And I always obtain this error:

export_store: invalid GPIO 7
ash: write error: Invalid argument

I have also tried to export the values 145 (138+7) because of the explanation I found here: forum_link and 86 because this guy got the things working basic_example. But I always obtained the same error.

Could you give me some help? Maybe a I have to use other offset? Or is it more related with permission configuration??

I don't know Error. in VM. not debug information There should be mouse output Don't know why, I run in a virtual machine, enter image description here

Code form Video :Windows Driver Development Tutorial 9 - Mouse Filter Driver https://www.youtube.com/watch?v=PppMoZvW6L4&list=PLZ4EgN7ZCzJyUT-FmgHsW4e9BxfP-VMuo&index=9

#include <ntddk.h>

typedef struct{
    PDEVICE_OBJECT LowerKbdDevice;
}DEVICE_EXTENSION, *PDEVICE_EXTENSION;
// 提供一个Unload函数只是为了

typedef struct _MOUSE_INPUT_DATA {
    USHORT UnitId;
    USHORT Flags;
    union {
        ULONG Buttons;
        struct {
            USHORT ButtonFlags;
            USHORT ButtonData;
        };
    };
    ULONG  RawButtons;
    LONG   LastX;
    LONG   LastY;
    ULONG  ExtraInformation;
} MOUSE_INPUT_DATA, *PMOUSE_INPUT_DATA;

PDEVICE_OBJECT myKbdDevice = NULL;
ULONG pendingkey = 0;


NTSTATUS MyAttachDevice(PDRIVER_OBJECT DriverObject){
    NTSTATUS status;
    UNICODE_STRING TargetDevice = RTL_CONSTANT_STRING(L"\\Device\\PointerClass0");//   
    status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), NULL, FILE_DEVICE_MOUSE, 0, FALSE, &myKbdDevice);
    if (!NT_SUCCESS(status)){
        return status;
    }
    myKbdDevice->Flags |= DO_BUFFERED_IO;
    myKbdDevice->Flags &= ~DO_DEVICE_INITIALIZING;

    RtlZeroMemory(myKbdDevice->DeviceExtension, sizeof(DEVICE_EXTENSION));
    status = IoAttachDevice(myKbdDevice, &TargetDevice, &((PDEVICE_EXTENSION)myKbdDevice->DeviceExtension)->LowerKbdDevice);
    if (!NT_SUCCESS(status)){
        IoDeleteDevice(myKbdDevice);
        return status;
    }

    return STATUS_SUCCESS;
}




VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
    // 但是实际上我们什么都不做，只打印一句话:
    LARGE_INTEGER interval = { 0 };
    PDEVICE_OBJECT DeviceObject = DriverObject->DeviceObject;
    interval.QuadPart = -10 * 1000 * 1000;
    IoDetachDevice(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice);

    while (pendingkey){
        KeDelayExecutionThread(KernelMode, FALSE, &interval);
    }

    IoDeleteDevice(myKbdDevice);
    DbgPrint("goodbye");//按一下就拆卸了，
}


NTSTATUS DispatchPass(PDEVICE_OBJECT DeviceObject, PIRP Irp){

    IoCopyCurrentIrpStackLocationToNext(Irp);
    return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice, Irp);
    //return STATUS_SUCCESS;
}
NTSTATUS ReadComplete(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context){

    CHAR* keyflag[4] = { "KeyDown", "KeyUp", "E0", "E1" };


    PMOUSE_INPUT_DATA Keys = (PMOUSE_INPUT_DATA)Irp->AssociatedIrp.SystemBuffer;

    int structnum = Irp->IoStatus.Information / sizeof(MOUSE_INPUT_DATA);
    int i;
    if (Irp->IoStatus.Status == STATUS_SUCCESS){

        for (i = 0; i < structnum; i++){
            KdPrint(("Code: %x ", Keys->ButtonFlags));
        }
    }


    if (Irp->PendingReturned){
        IoMarkIrpPending(Irp);
    }
    pendingkey--;
    return Irp->IoStatus.Status;

}


NTSTATUS DispatchRead(PDEVICE_OBJECT DeviceObject, PIRP Irp){

    IoCopyCurrentIrpStackLocationToNext(Irp);
    IoSetCompletionRoutine(Irp, ReadComplete, NULL, TRUE, TRUE, TRUE);

    pendingkey++;


    return IoCallDriver(((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->LowerKbdDevice, Irp);
    //return STATUS_SUCCESS;
}




// DriverEntry，入口函数。相当于main。
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
    NTSTATUS status;
    int i;

    DbgPrint("first: Hello, my salary!");
    // 设置一个卸载函数便于这个函数能退出。
    DriverObject->DriverUnload = DriverUnload;


    for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++){
        DriverObject->MajorFunction[i] = DispatchPass;
    }

    DriverObject->MajorFunction[IRP_MJ_READ] = DispatchRead;

    status = MyAttachDevice(DriverObject);
    if (!NT_SUCCESS(status)){
        KdPrint(("失败了"));
    }
    else{
        KdPrint(("成功了"));
    }






    return STATUS_SUCCESS;
}

There are four options inside PointerClass0 PointerClass1 PointerClass2 PointerClass3

PointerClass2 PointerClass3 using bluescreen

enter image description here

I used /proc/$pid/maps and /proc/$pid/pagemap to find the PFN (page frame number). Now I copy all the physical memory using this command : dd if=/dev/mem of=mem.txt, how can I find the searched PFN in the mem.txt?

I downloaded a package written for Python 2 that works fine except for one specific function call that frequently (but not always) kills the kernel. I found the package at https://pypi.org/project/weighted-levenshtein/, and copied and pasted the usage example at that link. Everything works except certain uses of dam_lev.

I've spent an hour trying to isolate which uses of dam_lev kill the kernel and which uses don't, but it's inconsistent. Sometimes the function call print(dam_lev('BANANA', 'ABNANA')) will kill it, sometimes not. Sometimes the simpler call (with default transpose costs) will run fine while the following will kill it:

transpose_costs = np.ones((128, 128), dtype=np.float64)

transpose_costs[ord('B'), ord('A')] = 0.75

print(dam_lev('BANANA', 'ABNANA', transpose_costs=transpose_costs))

Sometimes the entire usage example will run fine, but as I try to continue through pieces of the usage example that just ran moments before, the kernel will die again. The error thrown is "Kernel Restarting: The kernel appears to have died. It will restart automatically." (And then the kernel won't restart other than manually.)

Just now as I'm working through different examples, the kernel died when I ran the single line from weighted_levenshtein import lev, osa, dam_lev.

The pypi.org link says this package should work in Python 2 and Python 3, but the documentation at https://weighted-levenshtein.readthedocs.io/en/master/ says Python 3 is untested. I'm running Python 3 in Jupyter, in the Firefox browser, and I just installed Visual Studio C++ Build Tools before running pip install weighted-levenshtein. Did something about numpy or ordinals change between version 2 and 3? And why would this result in inconsistent killing of the kernel, especially when the regular lev has never thrown an error? Any help would be appreciated.

The original code in Linux kernel is:

static inline void __raw_spin_lock_irq(raw_spinlock_t *lock)
{
    local_irq_disable();
    preempt_disable();
    spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);
    LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
}

I think there is no execution path can preempt current path after local IRQ is disabled.

Because all common hard IRQs are disabled, there should be no softirq occur and also no tick to kick schedule wheel. I think current path is safe. So why there is a preempt_disable()?

I'm trying to extract the ELF kernel image from Samsung S9 zImage.

All the information I could find is outdated and didn't work for me.

Here's what I tried:

$ binwalk ./zImage

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
109488        0x1ABB0         SHA256 hash constants, little endian
13107320      0xC80078        Linux kernel version "4.9.59 (fuzz@fuzzy) (gcc version 4.9.x 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Mon Dec 2 21:23:06 AEDT 2019"
13135872      0xC87000        ELF, 64-bit LSB shared object, version 1 (SYSV)
13155800      0xC8BDD8        gzip compressed data, maximum compression, from Unix, NULL date (1970-01-01 00:00:00)
13468623      0xCD83CF        Private key in DER format (PKCS header length: 4, sequence length: 2345
13522696      0xCE5708        LZO compressed data
13524096      0xCE5C80        CRC32 polynomial table, little endian
13956632      0xD4F618        CRC32 polynomial table, little endian
15232073      0xE86C49        eCos RTOS string reference: "ecos_booster_init"
15232097      0xE86C61        eCos RTOS string reference: "ecos_booster_request_pm_qos"
15232129      0xE86C81        eCos RTOS string reference: "ecos_booster_start"
15232153      0xE86C99        eCos RTOS string reference: "ecos_booster_stop"
16398151      0xFA3747        Boot section Start 0x43434342 End 0x72
16398155      0xFA374B        Boot section Start 0x72 End 0x0
16564344      0xFCC078        YAFFS filesystem
16783528      0x10018A8       SHA256 hash constants, little endian
16921164      0x102324C       Unix path: /home/euleyskiy/Perforce/SRK_EULEYSKIY_SEC_DEV3/DEV/Solution/SecurityDev3/SURC/FIVE/DEV/trusted_app/arch/tbase/stack_protector.c
16924308      0x1023E94       Unix path: /home/vm-user/Workspace/MCD_MSL_DEV_IMAKARCHUK_Ubuntu/DEV/Solution/SecurityDev/SubTG/Multibuild/DEV/libgpapi_crypto/src/storage.
16924740      0x1024044       Unix path: /home/vm-user/Workspace/MCD_MSL_DEV_IMAKARCHUK_Ubuntu/DEV/Solution/SecurityDev/SubTG/Multibuild/DEV/libgpapi_crypto/src/crypto_r
16926392      0x10246B8       Unix path: /home/euleyskiy/Perforce/SRK_EULEYSKIY_SEC_DEV3/DEV/Solution/SecurityDev/SubTG/Multibuild/DEV/multibuild/source/gp-api/prop/src/
16926828      0x102486C       Unix path: /home/euleyskiy/Perforce/SRK_EULEYSKIY_SEC_DEV3/DEV/Solution/SecurityDev/SubTG/Multibuild/DEV/multibuild/source/gp-api/persisten
16969177      0x102EDD9       Unix path: /../../crypto/cipher/cipher.c
16970721      0x102F3E1       Unix path: /../../crypto/bn/add.c
16974228      0x1030194       Base64 standard index table
17937463      0x111B437       mcrypt 2.2 encrypted data, mode: CBC, keymode: 8bit
17944943      0x111D16F       Unix path: /arch/arm64/include/asm/mmu_context.h
17955348      0x111FA14       Unix path: /arch/arm64/include/asm/pgtable.h
17959554      0x1120A82       Unix path: /include/trace/events/sched.h
18001357      0x112ADCD       Unix path: /proc/sys/kernel/hung_task_timeout_secs" disables this message.
18013859      0x112DEA3       Unix path: /arch/arm64/include/asm/pgalloc.h
18167662      0x115376E       xz compressed data
...

According to various sources the image is the LZOP part (LZO at offset 13522696):

$ dd if=./zImage of=out.lzop bs=13522696 skip=1
$ file out.lzop
out.lzop: lzop compressed data - version 0.000, os: MS-DOS
$ lzop -d out.lzop
lzop: out.lzop: header corrupted

I'm struggling to compile the Linux kernel for usage in AOSP with KASAN & KCOV enabled. I then intend to flash it to a Pixel 2 XL (taimen) and use syzkaller to fuzz it.

This is what I did:

1. Build unmodified kernel (works)

My reference: https://source.android.com/setup/build/building-kernels

• Determine branch... android-msm-wahoo-4.4-pie-qpr2
• $ repo init -u https://android.googlesource.com/kernel/manifest -b android-msm-wahoo-4.4-pie-qpr2
• $ repo sync -j8 -c
• $ build/build.sh -j8
• Connect phone via USB
• $ adb reboot bootloader
• $ fastboot boot out/android-msm-wahoo-4.4/dist/Image.lz4-dtb (Works fine)

2. Build kernel with KASAN & KCOV (fails)

• To change kernel config symbols, edit POST_DEFCONFIG_CMDS in build/build.config
  • Copy from https://source.android.com/setup/build/building-kernels#customize-config
  • Modify as needed, use -d to disable, -e to enable a config option
  • Result:

POST_DEFCONFIG_CMDS="check_defconfig && update_debug_config"
function update_debug_config() {
    ${KERNEL_DIR}/scripts/config --file ${OUT_DIR}/.config \
         -d CONFIG_KERNEL_LZ4 \
         -e CONFIG_KASAN \
         -e CONFIG_KASAN_INLINE \
         -e CONFIG_KCOV \
         -e CONFIG_SLUB \
         -e CONFIG_SLUB_DEBUG \
         --set-val FRAME_WARN 0
    (cd ${OUT_DIR} && \
     make O=${OUT_DIR} $archsubarch CC=${CC} CROSS_COMPILE=${CROSS_COMPILE} olddefconfig)
}

• $ build/build.sh -j8

But after CHK include/generated/compile.h I get many undefined reference errors to various asan-symbols, e.g. undefined reference to __asan_alloca_poison.

I did some research and read about adding -fsantitize=address and -shared-libasan (or -shared-libsan) to CFLAGS AND LDFLAGS. I did that (for which I had to hard-code it into build/build.sh, isn't there a more convenient way?), but to no avail:

I ended up with aarch64-linux-android-ld: -f may not be used without -shared.

So I tried reading up on ld's -shared flag and adding it to LDFLAGS (more like a guess really). Resulted in aarch64-linux-android-ld: -r and -shared may not be used together.

Really don't know where to go from here and what's going wrong in general?

Any help really appreciated!

Update: Using gcc instead of clang seemed to resolve the issue, but caused the touchscreen on the phone to be unusable (not responding). I am looking into the reasons...

How can i change the value of a variable by doing the page walk using ioct function. any video reference for that. PGD table, PT table and then changing the value of the given variable. I am using the kernel programming to achieve this and expecting to have some video lectures that can help me doing this.