system call tracing overhead
play

System call tracing overhead Jrg Zinke Potsdam University - PowerPoint PPT Presentation

Mar 13, 2023 •374 likes •893 views

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Dresden, 2009/10/29 Outline Introduction 1 2 System call Related work 3 Ptrace 4 Systrace 5 6

  1. System call tracing overhead Jörg Zinke Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Dresden, 2009/10/29

  2. Outline Introduction 1 2 System call Related work 3 Ptrace 4 Systrace 5 6 Performance test Conclusion and future work 7 Jörg Zinke (Potsdam University) System call tracing overhead Frame 2 of 31

  3. Introduction Introduction system call tracing is a common used technique for debuggers or applications which enforce security policies for debugging purposes the tracing is often done step-by-step or in conjunction with breakpoints for enforcing security policies usually the interception of system calls is required → modify, forbid or allow system calls Jörg Zinke (Potsdam University) System call tracing overhead Frame 3 of 31

  4. Introduction Introduction system call tracing is a common used technique for debuggers or applications which enforce security policies for debugging purposes the tracing is often done step-by-step or in conjunction with breakpoints for enforcing security policies usually the interception of system calls is required → modify, forbid or allow system calls Jörg Zinke (Potsdam University) System call tracing overhead Frame 3 of 31

  5. Introduction Overview Overview system call interception requires at least a kernel based implementation and an user space process to trace usually, there is another process which triggers the tracing and does some actions before and maybe after the system call in addition the triggering requires some kind of registration at the kernel implementation, at least the PID of the application to trace is required commonly, kernel implementations provide mechanisms for reading processor registers → gives the possibility to modify arguments or even modify the data pointed to by arguments Jörg Zinke (Potsdam University) System call tracing overhead Frame 4 of 31

  6. Introduction Overview Overview system call interception requires at least a kernel based implementation and an user space process to trace usually, there is another process which triggers the tracing and does some actions before and maybe after the system call in addition the triggering requires some kind of registration at the kernel implementation, at least the PID of the application to trace is required commonly, kernel implementations provide mechanisms for reading processor registers → gives the possibility to modify arguments or even modify the data pointed to by arguments Jörg Zinke (Potsdam University) System call tracing overhead Frame 4 of 31

  7. Introduction Overview Overhead intercepting system calls involves additional overhead additional overhead can be ignored for the purpose of debugging but should be considered for security enforcing applications and other kind of applications → determine the additional overhead through measurements Jörg Zinke (Potsdam University) System call tracing overhead Frame 5 of 31

  8. Introduction Overview Overhead intercepting system calls involves additional overhead additional overhead can be ignored for the purpose of debugging but should be considered for security enforcing applications and other kind of applications → determine the additional overhead through measurements Jörg Zinke (Potsdam University) System call tracing overhead Frame 5 of 31

  9. Introduction Background Background: server load balancing → trace socket system calls of processes on backend servers to determine useful metrics and values for load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 6 of 31

  10. Introduction Background Background: server load balancing → trace socket system calls of processes on backend servers to determine useful metrics and values for load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 6 of 31

  11. System call System call interface between operating system kernel and user space programs is defined by a set of system calls [Tan01] system calls vary from OS to OS but concepts tend to be similar system calls transfers the control to the OS similar to a function call which enters the kernel → system calls are a universal and fundamental mechanism Jörg Zinke (Potsdam University) System call tracing overhead Frame 7 of 31

  12. System call System call interface between operating system kernel and user space programs is defined by a set of system calls [Tan01] system calls vary from OS to OS but concepts tend to be similar system calls transfers the control to the OS similar to a function call which enters the kernel → system calls are a universal and fundamental mechanism Jörg Zinke (Potsdam University) System call tracing overhead Frame 7 of 31

  13. System call System call implementation System call implementation system call tracing implementations are usually use system calls too, for registering of PIDs from user space implementing a system call requires control transfer, often done through interrupts or traps modern architectures provide SYSCALL/SYSRET or SYSENTER/SYSEXIT instructions for fast control transfer [BC05] system call implementations have to take care about restricted rights and access control → e.g. open() has to check whether the file permissions and the owner match the issuing process Jörg Zinke (Potsdam University) System call tracing overhead Frame 8 of 31

  14. System call System call implementation System call implementation system call tracing implementations are usually use system calls too, for registering of PIDs from user space implementing a system call requires control transfer, often done through interrupts or traps modern architectures provide SYSCALL/SYSRET or SYSENTER/SYSEXIT instructions for fast control transfer [BC05] system call implementations have to take care about restricted rights and access control → e.g. open() has to check whether the file permissions and the owner match the issuing process Jörg Zinke (Potsdam University) System call tracing overhead Frame 8 of 31

  15. System call System call interception System call interception Three approaches for system call interception mentioned in [Pet97]: 1 kernel based system call interception implemented through a modified system kernel 2 using a modified system library to replace the default system calls (maybe using shared libraries and preload mechanisms) 3 using a trace process and a debugging interface like ptrace or systrace for system call interception of applications Jörg Zinke (Potsdam University) System call tracing overhead Frame 9 of 31

  16. System call Focus Focus → focus on stable implementations of the third approach in standard kernels on Linux and OpenBSD, namely ptrace and systrace → microbenchmarks to determine overhead, issued through context switches between traced process and application → kernel tracer like ktrace are out of scope caused by background of server load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 10 of 31

  17. System call Focus Focus → focus on stable implementations of the third approach in standard kernels on Linux and OpenBSD, namely ptrace and systrace → microbenchmarks to determine overhead, issued through context switches between traced process and application → kernel tracer like ktrace are out of scope caused by background of server load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 10 of 31

  18. System call Focus Focus → focus on stable implementations of the third approach in standard kernels on Linux and OpenBSD, namely ptrace and systrace → microbenchmarks to determine overhead, issued through context switches between traced process and application → kernel tracer like ktrace are out of scope caused by background of server load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 10 of 31

  19. System call Focus Focus → focus on stable implementations of the third approach in standard kernels on Linux and OpenBSD, namely ptrace and systrace → microbenchmarks to determine overhead, issued through context switches between traced process and application → kernel tracer like ktrace are out of scope caused by background of server load balancing Jörg Zinke (Potsdam University) System call tracing overhead Frame 10 of 31

  20. Related work Usage of system call tracing Debugging applications using system call tracing well known GDB ftrace based on frysk DTrace on Solaris strace based on ptrace truss (FreeBSD/SunOS/System V) → various commonly used applications for debugging and tracing other processes are available Jörg Zinke (Potsdam University) System call tracing overhead Frame 11 of 31

  21. Related work Usage of system call tracing Debugging applications using system call tracing well known GDB ftrace based on frysk DTrace on Solaris strace based on ptrace truss (FreeBSD/SunOS/System V) → various commonly used applications for debugging and tracing other processes are available Jörg Zinke (Potsdam University) System call tracing overhead Frame 11 of 31

  22. Related work Usage of system call tracing Security applications using system call tracing AppArmor SELinux grsecurity systrace → various commonly used applications to limit application access and achieve Mandatory Access Control (MAC) are available Jörg Zinke (Potsdam University) System call tracing overhead Frame 12 of 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
File System Performance File System Performance Memory mapped files - Avoid system call overhead

File System Performance File System Performance Memory mapped files - Avoid system call overhead

CS510 Operating System Foundations Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek overhead

742 views • 61 slides
Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi hirzel@colorado.edu trishulc@microsoft.com FDDO4 December 2001 Austin, Texas Low-overhead temporal profiling Low overhead Intended

628 views • 17 slides
System call tracing Ron Minnich Fifth IWP9 With thanks to Russ Cox, Jim McKie, and Noah Evans

System call tracing Ron Minnich Fifth IWP9 With thanks to Russ Cox, Jim McKie, and Noah Evans

Motivation Broken date Broken Troff Just use acid, right? How it works Comparing ratrace and strace Performance Summary System call tracing Ron Minnich Fifth IWP9 With thanks to Russ Cox, Jim McKie, and Noah Evans Ron Minnich System

194 views • 18 slides
Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and

Fine-Grained Power Modeling for Smartphones Using System Call Tracing Based on paper and presentation by: Abhinav Pathak, Y. Charlie Hu, Ming Zhang Paramvir Bahl, Yi-Min Wang Damian Rodziewicz Fine-Grained Power Modeling for Smartphones

701 views • 33 slides
CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek

998 views • 61 slides
Fine Grained Power Modeling For Smartphones Using System Call Tracing Abhinav Pathak Ming Zhang

Fine Grained Power Modeling For Smartphones Using System Call Tracing Abhinav Pathak Ming Zhang

Fine Grained Power Modeling For Smartphones Using System Call Tracing Abhinav Pathak Ming Zhang Y. Charlie Hu Paramvir Bahl Yi-Min Wang 1 Smartphone is Energy Constrained Energy: One of the most critical issues in smartphones

475 views • 24 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek Philipp Lengauer 2015-11-05 Configuration Hell OpenJDK 8 681 VM parameters (1300+ including tracing and debugging flags) ~ 10 205 configurations

329 views • 14 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt

Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt

Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt Karnapke, and Helge Parzyjegla | SYSTOR 2017 | Haifa 2017-05-22 Motivation Tracing and profiling is crucial to system software development State

683 views • 8 slides
Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II Overview Last lecture Ray tracing I Basic ray tracing What is possible? Recursive ray tracing algorithm Intersection

873 views • 84 slides
Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows Acceleration Data Structures Antialiasing (getting rid of jaggies) for Ray Tracing Glossy reflection Motion blur Depth of field (focus)

940 views • 10 slides
Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Graphics (INFOGR), 2018-19, Block IV, lecture 1 Deb Panja Today: Vectors and vector algebra Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why vectors? you need to shoot a lot of such rays!

594 views • 47 slides
Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Shadows

Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Shadows

Acceleration Data Structures for Ray Tracing Most slides are taken from Fredo Durand Shadows one shadow ray per intersection per point light source no shadow rays one shadow ray Soft Shadows multiple shadow rays to sample area light

660 views • 52 slides
Slide 1 ___________________________________ 8.1 Re sponsibility Ac c ounting o De c e ntr a

Slide 1 ___________________________________ 8.1 Re sponsibility Ac c ounting o De c e ntr a

Slide 1 ___________________________________ 8.1 Re sponsibility Ac c ounting o De c e ntr a lization within or g anizations ___________________________________ o Adva ntag e s o T op mana g e me nt re lie ve d of da y-to da y ac tivitie s

693 views • 5 slides
Investigating System Performance for DevOps Using Kernel Tracing jeremie.galarneau@efficios.com

Investigating System Performance for DevOps Using Kernel Tracing jeremie.galarneau@efficios.com

LinuxCon North America 2016 LinuxCon North America 2016 Investigating System Performance for DevOps Using Kernel Tracing jeremie.galarneau@efficios.com @LeGalarneau Presenter Presenter Jrmie Galarneau EfficiOS Inc. Head

629 views • 38 slides
CS510 Software Engineering Program Profiling Asst. Prof. Mathias Payer Department of Computer

CS510 Software Engineering Program Profiling Asst. Prof. Mathias Payer Department of Computer

CS510 Software Engineering Program Profiling Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE Spring 2015 Definition of

570 views • 28 slides
Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder

Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder

Profiling and Analysis Tools Advanced Parallel Programming WHATS THE PROBLEM? Why do we need tools? Reminder Techniques for finding performance problems in a large code: Manual investigation, looking at the code and machine

612 views • 21 slides
eleven factors within the designers control choice of material cost of failure

eleven factors within the designers control choice of material cost of failure

A RCHITECTURAL S TRUCTURES : Design F ORM, B EHAVIOR, AND D ESIGN A RCH 331 factors out of the designers control D R. A NNE N ICHOLS loads S UMMER 2018 occurrence lecture eleven factors within the designers control

407 views • 17 slides
Outline Outline Review of PSP Levels Overview Selecting Verification Methods Design

Outline Outline Review of PSP Levels Overview Selecting Verification Methods Design

Outline Outline Review of PSP Levels Overview Selecting Verification Methods Design Verification Design Standards Design Verification Verification Methods Approaches State Machines Program Tracing Program Correctness

499 views • 3 slides
The MySQL Query Optimizer Explained Through Optimizer Trace ystein Grvlen Senior Staff

The MySQL Query Optimizer Explained Through Optimizer Trace ystein Grvlen Senior Staff

The MySQL Query Optimizer Explained Through Optimizer Trace ystein Grvlen Senior Staff Engineer Alibaba Cloud 1 MySQL Query Optimizer JOIN SELECT a, b FROM t1, t2, t3 Query Table JOIN WHERE t1.a = t2.b scan Optimizer AND t2.b =

675 views • 55 slides

More recommend