sam4kever wondered how kmalloc() worked? of course you have, and luckily for you i've just finished a questionably long post diving into the kernels slab allocator! 🤓
i also demo a little tool i've been working on here, that i hope to share, to help visualise heap exploitation techniques :) gif explanation at the end of the post
am i masterdon noob, should i have hashtagged my posts 😬
gradius@sam4k Mastodon doesn't do any sort of algorithmic recommendations, and there isn't native text-searching (intentionally so). If you want your content to surface past just the local timeline or boosts, you'll want to include relevant hashtags, since those are searchable.
@gradius thank you for the heads up, will take that into account going forward 😅
Lorenzo Stoakes@sam4k incredible work :) ebpf is super useful.
lj·rk@sam4k Oh, this reminds me, I should try getting to work the demo of the original UNIX v6 slab allocator. I've written the blog post and all but didn't get around debugging it.
@ljrk sound like fun! i'll have to check that post out :)
@sam4k As I said, missing the demo unfortunately, but everything else is here:
https://ljrk.codeberg.page/unixv6-alloc.html
If you have any questions/comments, please hit me up :)
bsmaaldersA reference to http://www.usenix.org/publications/library/proceedings/bos94/full_papers/bonwick.ps might be appropriate.
- Bart
@bsmaalders thank you for the suggestion!
I've added a brief paragraph and reference to the end of the slab introduction :)
Cool, thanks! I worked at Sun at the time, and sat down the hall from Jeff. He went on later to be part of the core team for ZFS.
Quentin Minster Picavet@sam4k Thanks for sharing, it's a great post!
I'm eager to try out `slxbtrace` now. 😁
A while ago I did attempt to trace operations on a kmalloc cache using eBPF, but ended up getting a lot of interference from what I suspected was my own instrumentation, so I gave up. 😕
Have you experienced similar issues with `slxbtrace`?
@laomaiweng thank you, I'm glad you liked it!
I'll hopefully have some time to get it into a shareable state soon 😅
For slxbtrace, I used the bcc tools Python front-end to write the bpf programs (great documentation and surprisingly quick to get into!).
At the moment I'm using the kmem:kmalloc and kmem:free tracepoints as hooks; filtering on gfp_flags and size for the cache I want.
With this setup I haven't noticed any issues with interference; hope that helps a bit?!
@sam4k Oh nice, I was using bpftrace directly, didn't know there was a Python frontend.
I think I was using those tracepoints too, I'll perhaps give it another go in a few weeks.
Or use slxbtrace if it's been published by then. 😛
snowytrees 
@sam4k linternals is the series I didn’t realize I needed. Been trying to learn the vm subsystem and been having difficult finding recent info. Thanks for this!
@snowytrees awesome, i'm glad its helpful :)
i've got a couple of posts on the vm subsystem and plan to do a deeper dive at some point!
@sam4k while you are here, as someone who is knowledgeable about it, is Gorman’s understanding the vmm still useful to read nowadays if I am trying to write a kernel module?
@snowytrees from what I can see, that paper is based on the 2.6 kernel which is a tad old!
Personally, i would look for more modern resources. A lot of the fundamentals and concepts may be similar, but it's a time investment enough to get into this so imo you might as well learn contemporary implementations where possible; especially if you're looking to write a kernel module.
That said, of course resources can be few and far between and depends on how you learn :)
I found "Linux Kernel Programming: A comprehensive guide to kernel internals, writing kernel modules, and kernel synchronization" a nice read/reference. It's based on the 5.x kernel and was published in 2021, it doesn't go into deep detail but imo provides enough information for you to be able to probe other resources/source for additional detail.
@sam4k That is extremely helpful thanks! and now the journey begins :)
@snowytrees @sam4k I am writing a book on the whole mm subsystem specifically (targeting linux 6.0) however, it won't be out for another year and a half :)
I wrote a couple sets of (incomplete) notes on mm, nothing on slab there though.
https://github.com/lorenzo-stoakes/linux-mm-notes
https://github.com/lorenzo-stoakes/linux-vm-notes
Incredible post @sam4k !
@snowytrees @sam4k ljs.io/book.html has more on it
@ljs I am lookin forward to it! Notably the book already shows up on in search, found it when I was researching mm :) Those notes also are still very useful thanks.
@snowytrees Thanks very much :) Sorry I don't mean to detract from @sam4k 's excellent post and work (bpftrace is really useful), just wanted to mention in case you weren't aware!
@ljs @snowytrees no need to apologise - love to see these kinds of discussions and knowledge sharing :) Thank you for the kind words and sharing your work, I look forward to the finished book!