reverse debugging of kernel failures
play

Reverse Debugging of Kernel Failures in Deployed Systems Xinyang - PowerPoint PPT Presentation

Feb 09, 2023 •380 likes •593 views

Reverse Debugging of Kernel Failures in Deployed Systems Xinyang Ge, Ben Niu and Weidong Cui Microsoft Research USENIX Annual Technical Conference, 2020 What happened before the crash? REPT: Reverse Execution with Processor Trace REPT:

  1. Reverse Debugging of Kernel Failures in Deployed Systems Xinyang Ge, Ben Niu and Weidong Cui Microsoft Research USENIX Annual Technical Conference, 2020

  2. What happened before the crash?

  4. REPT: Reverse Execution with Processor Trace

  5. REPT: Reverse Execution with Processor Trace • A practical reverse debugging solution for user- mode failures [OSDI’18] • Online hardware tracing (e.g., Intel Processor Trace) • Log the control flow with timestamps • Low runtime overhead (1-5%) • No data! • Offline binary analysis • Recovers data flow from the control flow How to make REPT support the kernel?

  6. How REPT works? USER KERNEL

  7. How REPT works? USER KERNEL

  8. How REPT works? USER KERNEL

  9. How REPT works? USER KERNEL

  10. How REPT works? rax=?,rbx=? add rax,rbx rax=3,rbx=1 USER KERNEL

  11. How REPT works? rax=2 ,rbx=1 add rax,rbx rax=3,rbx=1 USER KERNEL

  12. Can we simply inverse the tracing?

  13. Can we simply inverse the tracing? • There are too many processes/threads on a system • High memory overhead for tracing • Hardware events must be emulated in addition to CPU instructions • Interrupts • Exceptions • System calls

  14. Here comes Kernel REPT…

  15. USER KERNEL context switch … is irreversible, and we log it in software.

  16. USER KERNEL syscalls interrupts/ exceptions

  17. Kernel Stack Interrupt Descriptor Table SS INTERRUPT GATE 0 RSP INTERRUPT GATE 1 RFLAGS INTERRUPT GATE 2 CS RIP Error Code Stack Pointer INTERRUPT GATE N USER KERNEL syscalls interrupts/ exceptions Different events can have different architectural effects

  18. That’s it?

  19. Automated Analyses • A common bug pattern: missing undo operations • EnterCriticalRegion vs LeaveCriticalRegion • Root-Cause Analysis • Scan the kernel execution trace to find missing undo operations • Proactive Bug Detector • Sanitize the kernel execution based on specified invariants • 17 new bugs found and fixed!

  20. Demo

  21. Conclusion • Debugging production kernel failures is hard • REPT now supports the reverse debugging of the kernel • Per-core control flow tracing in hardware • Context switch logging in software • Recovers data flow via CPU instruction and hardware event emulation • REPT enables automated analysis beyond reverse debugging • Root-cause analysis • Sanitizing analysis

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris Kasikci 2 , Ben Niu 1 , Upamanyu Sharma 2 , Ruoyu Wang 3 , and Insu Yun 4 Microsoft Research 1 University of Michigan 2 Arizona State University 3 Georgia

700 views • 31 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging

Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging

Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging Step in Kernel Development Post-Mortem Crash Analysis Live Inspection Performance Analysis Userland Debugging Wait, Userland

216 views • 10 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May 17, 2008 John Baldwin jhb@FreeBSD.org Introduction Introduction Existing Documentation DDB kgdb Debugging Strategies 2 Existing

640 views • 26 slides
Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019 http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematjcs and physics faculty of mathematjcs and physics Vlastimil Babka vbabka@suse.cz

1.6k views • 62 slides
Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures Baris Kasikci, Benjamin Schubert, Cristiano Pereira, Gilles Pokam, George Candea Debugging In-Production Software Failures Today 2 Debugging

937 views • 93 slides
The Kernel Abstrac/on Debugging as Engineering Much of your

The Kernel Abstrac/on Debugging as Engineering Much of your

The Kernel Abstrac/on Debugging as Engineering Much of your /me in this course will be spent debugging In industry, 50% of soBware dev is

883 views • 50 slides
Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis

Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis

Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis Introduction Limited to Windows, and aimed at IA32: Outline of protected mode and the kernel Attack vectors Useful tools Examples

672 views • 36 slides
Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut

Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut

Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut Akgul Advisor: Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology March 2004 Outline Background

885 views • 60 slides
WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond

WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond

WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond Department of Computer Science University of Southern California Web Applications It takes users only 50 ms to form opinion about your website

329 views • 12 slides
Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support

Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support

Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support for user debugging What is ptrace? What is wrong with ptrace? What we do about it? How do we support the next generation of tracing

352 views • 21 slides
Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho (IIJ/WIDE) Bill Owens (NYSERNet) 1 The Problem It is desirable to send data in the fewest number of packets possible Path MTU Discovery

339 views • 19 slides
A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro

A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro

A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro Orso Georgia Institute of Technology This work was supported in part by NSF awards CCF-0541080 and CCR-0205422 to Georgia Tech. 1 3 Field

1.1k views • 80 slides
Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of

Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of

Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology November 2002 Background Detect an Determine error the bug location(s) Run

263 views • 23 slides
Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique Martinet CEA January 9, 2020 CEA | January 9, 2020 | PAGE 1/75 Introduction 1 Foreword Hands on setup Crash 2 3 Perf SystemTap 4 eBPF:

1.43k views • 85 slides
CS3000: Algorithms & Data Jonathan Ullman Lecture 10: Graphs Graph Traversals: DFS

CS3000: Algorithms & Data Jonathan Ullman Lecture 10: Graphs Graph Traversals: DFS

CS3000: Algorithms & Data Jonathan Ullman Lecture 10: Graphs Graph Traversals: DFS Topological Sort Feb 19, 2020 Whats Next Whats Next Graph Algorithms: Graphs: Key Definitions, Properties, Representations

934 views • 58 slides
SE SECTIO CTION N 3 GR GRAPHS & TES APHS & TESTIN TING Slides by Andrew and Anny

SE SECTIO CTION N 3 GR GRAPHS & TES APHS & TESTIN TING Slides by Andrew and Anny

SE SECTIO CTION N 3 GR GRAPHS & TES APHS & TESTIN TING Slides by Andrew and Anny with material from Vinod Rathnam, Alex Mariakakis, Krysta Yousoufian, Mike Ernst, Kellen Donohue Agenda Graphs Testing Graph = collection of

388 views • 23 slides
First Results from the CMD-3 Detector Simon Eidelman Budker Institute of Nuclear Physics SB RAS

First Results from the CMD-3 Detector Simon Eidelman Budker Institute of Nuclear Physics SB RAS

EPS11, Grenoble July 21-27, 2011 First Results from the CMD-3 Detector Simon Eidelman Budker Institute of Nuclear Physics SB RAS and Novosibirsk State University, Novosibirsk, Russia Outline 1. Motivation 2. Experiment 3. First results 4.

489 views • 21 slides
L1B Quality Assessment Discussion T. Pagano Tuesday, February 12, 2002 1 6/24/03 AIRS L1B QA

L1B Quality Assessment Discussion T. Pagano Tuesday, February 12, 2002 1 6/24/03 AIRS L1B QA

L1B Quality Assessment Discussion T. Pagano Tuesday, February 12, 2002 1 6/24/03 AIRS L1B QA OVERVIEW Types of data in L1B QA Files Data passed from L1A intended for L2 use (e.g. geolocation) Validated using earth scene

266 views • 9 slides
1 The problem Enabling users of an interactive system to cancel the effect of the last command

1 The problem Enabling users of an interactive system to cancel the effect of the last command

Chair of Softw are Engineering Einfhrung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer October 2006 February 2007 Lecture 21: Undo/ Redo 2 Further reference Chapter 21 of my Object-Oriented Software

274 views • 12 slides
Unfolding band structure into a conceptual Brillouin zone Chi-Cheng Lee Institute for Solid State

Unfolding band structure into a conceptual Brillouin zone Chi-Cheng Lee Institute for Solid State

Unfolding band structure into a conceptual Brillouin zone Chi-Cheng Lee Institute for Solid State Physics, The University of Tokyo, Japan Summer School on First-Principles Calculations in ISSP (ISS2018), July 4, 2018 cclee.physics@gmail.com

2.5k views • 46 slides
Constraint satisfaction Unfolding a recurrent network into a feedforward one t=3 t=2 t=1

Constraint satisfaction Unfolding a recurrent network into a feedforward one t=3 t=2 t=1

Constraint satisfaction Unfolding a recurrent network into a feedforward one t=3 t=2 t=1 Units represent hypotheses about parts of a problem Weights code constraints on how hypotheses can combine (i.e., the degree to which they are

690 views • 3 slides
Holography, Unfolding and Higher-Spin Theories M.A.Vasiliev Lebedev Institute, Moscow ESI

Holography, Unfolding and Higher-Spin Theories M.A.Vasiliev Lebedev Institute, Moscow ESI

Holography, Unfolding and Higher-Spin Theories M.A.Vasiliev Lebedev Institute, Moscow ESI Workshop on Higher Spin Gravity Vienna, April 17, 2012 HS theory Higher derivatives in interactions (1983) , Berends, Burgers, van Dam

479 views • 37 slides

More recommend