systematic testing of fault handling code in linux kernel
play

Systematic Testing of Fault Handling Code in Linux Kernel Alexey - PowerPoint PPT Presentation

Dec 21, 2023 •446 likes •910 views

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences Fault Handling Code 821 error =

  1. Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences

  2. Fault Handling Code 821 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 822 ip->i_d.di_size, newsize); 823 if (error) 824 return error; ... 852 tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_SIZE); 853 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0); 854 if (error) 855 goto out_trans_cancel; ... 925 out_unlock: 926 if (lock_flags) 927 xfs_iunlock(ip, lock_flags); 928 return error; 929 930 out_trans_abort: 931 commit_flags |= XFS_TRANS_ABORT; 932 out_trans_cancel: 933 xfs_trans_cancel(tp, commit_flags); 934 goto out_unlock;

  3. Fault Handling Code DOING WHAT YOU LIKE IS FREEDOM LIKING WHAT YOU DO IS HAPPINESS

  4. Fault Handling Code DOING WHAT YOU LIKE IS FREEDOM LIKING WHAT YOU DO IS HAPPINESS

  5. Fault Handling Code 821 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 822 ip->i_d.di_size, newsize); 823 if (error) 824 return error; ... 852 tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_SIZE); 853 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0); 854 if (error) 855 goto out_trans_cancel; ... 925 out_unlock: 926 if (lock_flags) 927 xfs_iunlock(ip, lock_flags); 928 return error; 929 930 out_trans_abort: 931 commit_flags |= XFS_TRANS_ABORT; 932 out_trans_cancel: 933 xfs_trans_cancel(tp, commit_flags); 934 goto out_unlock;

  6. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind

  7. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind ● Practically is not tested ● Is hard to test even if you want to

  8. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind ● Practically is not tested ● Is hard to test even if you want to ● Bugs seldom(never) occurs => low pressure to care

  9. Why do we care? ● It beats someone time to time ● Safety critical systems ● Certification authorities

  10. How to improve situation? ● Managed resources + No code, no problems – Limited scope ● Static analysis + Analyzes all paths at once – Detects prescribed set of consequences (mostly local) – False alarms ● Run-time testing + Detects even hidden consequences + Almost no false alarms – Tests are needed – Specific hardware may be needed (for drivers testing)

  11. Run-Time Testing of Fault Handling ● Manually targeted test cases + The highest quality – Expensive to develop and to maintain – Not scalable ● Random fault injection on top of existing tests + Cheap – Oracle problem – No any guarantee – When to finish?

  12. Systematic Approach ● Hypothesis: ● Existing test lead to deterministic control flow in kernel code ● Idea: ● Execute existing tests and collect all potential fault points in kernel code ● Systematically enumerate the points and inject faults there

  13. Experiments – Outline ● Target code ● Fault injection implementation ● Methodology ● Results

  14. Experiments – Target ● Target code: file system drivers ● Reasons: ● Failure handling is more important than in average ● Potential data loss, etc. ● Same tests for many drivers ● It does not require specific hardware ● Complex enough

  15. Linux File System Layers User Space Application sys_mount, sys_open, sys_read, ... VFS ioctl, Special Purpose: Block Based FS: Network FS: Pseudo FS: sysfs ext4, xfs, btrfs, tmpf s, ramfs, nfs, coda, gfs, proc, sysfs, jfs, ... ocfs, ... ... ... Direct I/O Buffer cache / Page cache network Block I/O layer - Optional stackable devices (md,dm,...) - I/O schedulers Block Driver Block Driver CD Disk

  16. File System Drivers - Size File System Driver Size, LoC JFS 18 KLOC 37 KLoC Ext4 with jbd2 XFS 69 KLoC BTRFS 82 KLoC F2FS 12 KLoC

  17. File System Driver – VFS Interface ● file_system_type ● super_operations ● export_operations ● inode_operations ~100 interfaces in total ● file_operations ● vm_operations ● address_space_operations ● dquot_operations ● quotactl_ops ● dentry_operations

  18. FS Driver – Userspace Interface File System Driver ioctl sysfs JFS 6 - Ext4 14 13 XFS 48 - BTRFS 57 -

  19. FS Driver – Partition Options File System Driver mount options mkfs options JFS 12 6 Ext4 50 ~30 XFS 37 ~30 BTRFS 36 8

  20. FS Driver – On-Disk State File System Hierarchy * File Size * File Attributes * File Fragmentation * File Content (holes,...)

  21. FS Driver – In-Memory State ● Page Cache State ● Buffers State ● Delayed Allocation ● ...

  22. Linux File System Layers User Space Application 100 interfaces sys_mount, sys_open, sys_read, ... 30-50 interfaces VFS ioctl, Special Purpose: Block Based FS: Network FS: Pseudo FS: sysfs tmpf s, ramfs, ext4, xfs, btrfs, nfs, coda, gfs, proc, sysfs, jfs, ... ocfs, ... ... ... VFS State* Direct I/O Buffer cache / Page cache network FS Driver State Block I/O layer - Optional stackable devices (md,dm,...) 30 mount opts - I/O schedulers 30 mkfs opts File System State Block Driver Block Driver CD Disk

  23. FS Driver – Fault Handling ● Memory Allocation Failures ● Disk Space Allocation Failures ● Read/Write Operation Failures

  24. Fault Injection - Implementation ● Based on KEDR framework * ● intercept requests for memory allocation/bio requests ● to collect information about potential fault points ● to inject faults ● also used to detect memory/resources leaks (*) http://linuxtesting.org/project/kedr

  25. KEDR Workflow http://linuxtesting.org/project/kedr

  26. Experiments – Tests ● 10 deterministic tests from xfstests * ● generic/ ● 001-003, 015, 018, 020, 053 ● ext4/ ● 002, 271, 306 ● Linux File System Verification ** tests ● 180 unit tests for FS-related syscalls / ioctls ● mount options iteration (*) git://oss.sgi.com/xfs/cmds/xfstests (**) http://linuxtesting.org/spruce

  27. Experiments – Oracle Problem ● Assertions in tests are disabled ● Kernel oops/bugs detection ● Kernel assertions, lockdep, memcheck, etc. ● KEDR Leak Checker

  28. Experiments – Methodology ● Collect source code coverage of FS driver on existing tests ● Collect source code coverage of FS driver on existing tests with fault simulation ● Measure an increment

  29. Methodology – The Problem ● If kernel crashes code, coverage results are unreliable

  30. Methodology – The Problem ● If kernel crashes code, coverage results are unreliable ● As a result ● Ext4 was analyzed only ● XFS, BTRF, JFS, F2FS, UbiFS, JFFS2 crashes and it is too labor and time consuming to collect reliable data

  31. Experiment Results

  32. Systematic Approach ● Hypothesis: ● Existing test lead to deterministic control flow in kernel code ● Idea: ● Execute existing tests and collect all potential fault points in kernel code ● Systematically enumerate the points and inject faults there

  33. Complete Enumeration Fault points Expected Time Xfstests (10 system tests) 270 327 2,5 years LFSV (180 unit tests*76 mount options) 488 791 7 months

  34. Possible Idea ● Unit test structure ● Preamble ● Main actions ● Checks ● Postamble ● What if account fault points inside main actions?

  35. Complete Enumeration Fault points Expected Time Xfstests (10 system tests) 270 327 2,5 years LFSV (180 unit tests) 488 791 7 months LFSV (180 unit tests) – main part only 9 226 1,5 hours ● that gives 311 new lines of code covered ● i.e. 18 seconds per line

  36. Another Idea ● Automatic filtering ● e.g. by Stack Trace of fault point

  37. LFSV Tests Increment Time Cost new lines min seconds/line LFSV without fault simulation - 110 - LFSV – main only – no filter 311 92 18 LFSV – main only – stack filter 266 2 0.45 LFSV – whole test – no filter unfeasible LFSV – whole test – stack filter 333 4 0.72

  38. Main-only vs. Whole + More scalable + 2-3 times more cost effective + Better coverage – Manual work => ● expensive ● error-prone ● unscalable

  39. Unit tests vs. System tests Increment Time Cost new lines min second/line LFSV – whole test – stack filter 333 4 0.72 LFSV – whole test – stackset filter 354 9 1.53 Xfstests – stack filter 423 90 13 Xfstests – stackset filter 451 237 31 + Better coverage + 10-30 times more cost effective

  40. Systematic vs. Random Increment Time Cost new lines min second/line Xfstests without fault simulation - 2 - Xfstests+random(p=0.01,repeat=200) 380 152 24 Xfstests+random(p=0.02,repeat=200) 373 116 19 Xfstests+random(p=0.05,repeat=200) 312 82 16 Xfstests+random(p=0.01,repeat=400) 451 350 47 Xfstests+stack filter 423 90 13 Xfstests+stackset filter 451 237 31

  41. Systematic vs. Random + Cover double faults + 2 times more cost effective – Unpredictable + Repeatable results – Nondeterministic – Requires more complex engine

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

586 views • 48 slides
Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016, Berlin Marcin Bis marcin@bis-linux.com +48 607 075 848 Training ( http://bis-linux.com ): Embedded Linux Yocto Linux Device Drivers Development

770 views • 50 slides
Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Did you care for purity of your Linux BSP Computer aided BSP kernel sanity check Yaminabe2 execution and trial result conclusion Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao Munakata Linux

682 views • 52 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen Roskilde University IETF 86, 12th March 2013 1 / 31 Outline Introduction Recent changes in the Linux kernel Testing methodology and best practices

689 views • 31 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection Memory Protection We share memory with Segmentation Fault devices, scheduler Preemption Sometimes no preemption Scheduling

377 views • 25 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is called a module A device driver is one kind of module Each module is made up of object code that can be dynamically linked to the running

388 views • 28 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a

TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a

TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a particular piece of hardware Interacting with hardware includes handling I/O and interrupts Linux kernel (2.6.x): 2.3 million lines of code in

565 views • 33 slides
A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel Developer SUSE Linux GmbH, jgross@suse.com Status Quo Standard Xen Virtualization Server dom0 HVM pv Net- Block- xenstore qemu backend backend

421 views • 23 slides
Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR.

Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR.

Hyperprior bayesian approach for inverse problems in imaging. Application to single shot HDR. Julie Delon with Cecilia Aguerrebere, Andr es Almansa, Yann Gousseau and Pablo Mus e 1 / 32 Teaser : what is High Dynamic Range Imaging (HDR) ?

1.02k views • 60 slides
Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of

Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of

Exact Camera Location Recovery by Least Unsquared Deviations Gilad Lerman University of Minnesota Joint work with Yunpeng Shi (University of Minnesota) and Teng Zhang (University of Central Florida) Gilad Lerman 1 / 23 Content 1 Introduction

489 views • 28 slides
Gesture Recognition: Hand Pose Estimation Adrian Spurr Ubiquitous Computing Seminar FS2014

Gesture Recognition: Hand Pose Estimation Adrian Spurr Ubiquitous Computing Seminar FS2014

Gesture Recognition: Hand Pose Estimation Adrian Spurr Ubiquitous Computing Seminar FS2014 27.05.2014 1 What is hand pose estimation? Input Computer-usable form 2 Augmented Reality Gaming PC Control Robot Control 3 3 Data glove

1.23k views • 69 slides
Recall Impcore concrete syntax Definitions and expressions: def ::= (define f (x1 ... xn) exp)

Recall Impcore concrete syntax Definitions and expressions: def ::= (define f (x1 ... xn) exp)

Recall Impcore concrete syntax Definitions and expressions: def ::= (define f (x1 ... xn) exp) ;; "true" defs | (val x exp) | exp | (use filename) ;; "extended" defs | (check-expect exp1 exp2) | (check-assert exp)

266 views • 14 slides
Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and Review Yu Huang University of Michigan Dec 11, 2019 Break Down the Title A standard workday of a software developer Problem Introduction and

1.5k views • 121 slides
A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis

A Code-Based Cryptosystem using GRS Codes Violetta Weger University of Zurich Master Thesis Presentation Seminar Coding Theory and Cryptography 07 December 2016 Violetta Weger Code-based Cryptosystem using GRS Codes Outline 1 Motivation 2

1.31k views • 61 slides
WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy

WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy

WBS 121.3.11 Cryogenics SC Acceleration Modules and Cryogenics Anindya Chakravarty and Arkadiy Klebaner In partnership with: India Institutes Fermilab Collaboration PIP-II Directors Review Istituto Nazionale di Fisica Nucleare Science and

388 views • 35 slides
Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12

Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12

Confirmed: 2D Final Exam: Thursday 18 th March 11:30-2:30 PM WLH 2005 Course Review 14 th March 10am WLH 2005 (TBC) Physics 2D Lecture Slides Lecture 27: Mar 8th Vivek Sharma UCSD Physics Quiz 8 16 14 12 Frequency 10 8 6 4 2 0 0 1

766 views • 13 slides

More recommend