uprobes user space probes
play

Uprobes: User-Space Probes Jim Keniston: jkenisto@us.ibm.com Srikar - PowerPoint PPT Presentation

Jan 06, 2024 •457 likes •690 views

Uprobes: User-Space Probes Jim Keniston: jkenisto@us.ibm.com Srikar Dronamraju: srikar@linux.vnet.ibm.com April 15, 2010 Linux is a registered trademark of Linus Torvalds. Topics Overview What and why? Two versions of uprobes

  1. Uprobes: User-Space Probes Jim Keniston: jkenisto@us.ibm.com Srikar Dronamraju: srikar@linux.vnet.ibm.com April 15, 2010 Linux is a registered trademark of Linus Torvalds.

  2. Topics Overview ● What and why? ● Two versions of uprobes ● Features ● Uses ● Tie-ins to kprobes, utrace, SystemTap Utraceless uprobes gdbstub Q&A

  3. Overview: What and Why? What: ● kernel API, analogous to kprobes ● breakpoints for user apps, handled in kernel struct uprobe u; ... u.pid = 1234; u.vaddr = 0x080484a8; u.handler = my_callback; result = register_uprobe(&u);

  4. Overview: What and Why? Why? ● useful for dynamic, ad hoc instrumentation ● handlers have system-wide view: kernel and apps ● useful for multithreaded apps ● overcomes some limitations of ptrace: ● Uprobes incur lower overhead. ● “Who can probe whom” defined by uprobes client.

  5. Overview: Two Uprobes Versions ● Utrace-based – Exploits utrace's signal, clone, exec, exit, and quiesce callbacks – First fully functional uprobes prototype October 2006 – Ships as part of SystemTap runtime – Jan 2010 LKML review: uprobes maybe, NAK utrace ● Utrace-independent (AKA utraceless) – First LKML review March 2010 – Uses Roland's tracehooks – Threads run during breakpoint insertion – Stripped-down implementation

  6. Overview: Features ● no need to modify probed process's source or binary ● per-process ● All threads in process can (independently) hit probepoint. ● breakpoint probes (uprobes) and function-return probes (uretprobes) ● (Kernel) handler runs on probe hit. ● Handler runs in context of probed task. ● Handler can sleep – e.g., for kmalloc or paging.

  7. Overview: Uses ● Typical use is via an ad hoc instrumentation module, a la kprobes. ● SystemTap uses uprobes for user-space probing. ● trace-events code under review ● TODO: perf interface ● gdbstub for uprobes/utrace on back burner ● System-call interface possible: ● new system call API ● enhancements to ptrace ● Architectures supported: x86 (32- and 64-bit), powerpc, s390, ia64

  8. Tie-ins to Kprobes ● Kprobes-like API: [un]register_u [ret] probe() ● Probed instruction executed out of line (XOL): ● Leave breakpoint in place; execute copy of probed instruction... ● ... to avoid probe misses in multithreaded apps. ● Can be “boosted” to avoid 2 nd (single-step) trap. ● Single-stepping inline provided for jump-starting ports. ● Uprobes-specific complications: ● “Out of line” instruction copies must reside in probed process's address space. Ditto the return-probe trampoline. ● Solution: XOL vma ● Need to handle full instruction set (not just kernel instructions), guard against evil apps.

  9. Tie-ins to Utrace and SystemTap ● Utrace-based uprobes is packaged with the SystemTap runtime. – Probes C, C++ apps. – Exploits existing (DTrace) static probes to trace interpreted languages (Java, Python, tcl).

  10. 2010 Uprobes –= Utrace ● Result of Jan 2010 uprobes review and NAK of utrace ● Intercepts breakpoint and single-step traps before they become SIGTRAPs. ● Exploits Roland's tracehooks for process-lifetime events. ● Background page replacement = no need to quiesce threads for breakpoint insertion/removal

  11. 2010 Uprobes, cont. ● Slimmed down for LKML reviews: – x86 only – 1 uprobe per probepoint – limited number of uprobes per process – no function-return probes – no option to single-step inline – built-in only: no uprobes.ko version ● Also on TODO list: – perf interface: exploit symbol table, debuginfo – uprobes booster: eliminate the single-step trap – bulk registration/unregistration – u[ret]probe objects reusable immediately after registration? – See also Issues

  12. 2010 Uprobes: Issues ● Per-process vs. per-executable (global) probes – How to trace process right from exec? ● Interrupt-context option for handlers – Performance (?) vs. complexity ● XOL area – Currently, uprobes adds XOL vma. – Which of 47 slot-allocation algorithms? – Add XOL area to thread-local storage? – Emulate instructions? ● Re-integrate ubp, XOL layers?

  13. gdbstub for utrace/uprobes ● Idea from 2009 LF Collaboration Summit ● Talk gdb remote protocol through /proc/<pid>/gdb: – Z = set breakpoint, g = read registers, etc. ● gdbstub in kernel translates requests into calls to utrace/uprobes APIs. ● Alternative to ptrace ● Utrace-only prototype discussed briefly on LKML Nov- Dec 2009 ● Currently on back burner

  14. Legal Statement This work represents the view of the author and does not necessarily represent the view of IBM. IBM is a registered trademark of International Business Machines Corporation in the United States and/or other countries. Linux is a registered trademark of Linus Torvalds. Other company, product, and service names may be trademarks or service marks of others.

  15. Questions?

  16. Backup slides

  17. Single-stepping Inline ● Establish probepoint: – Replace original opcode with int3 ● Breakpoint trap: – Run user's handler – Replace int3 with original opcode – Single-step original instruction ● Single-step trap: – Replace original opcode with int3 – Continue at next instruction ● Doesn't work for multithreaded apps.

  18. Single-stepping Out of Line ● Establish probepoint: – Replace original opcode with int3 – Allocate XOL slot – Copy original instruction to XOL slot ● Breakpoint trap: – Run user's handler – Single-step instruction copy ● Single-step trap: – “Fix things up” – Continue at next instruction ● Works for multithreaded apps

  19. Boosted Probepoint ● Establish probepoint: – Replace original opcode with int3 – Allocate XOL slot – Copy original instruction to XOL slot – Append jump from XOL slot to next instruction ● Breakpoint trap: – Run user's handler – Continue at XOL slot ● Works for multithreaded apps ● No single-step trap

  20. Interrupt-context handlers – Handle bkpt trap as SIGTRAP: ~3 usec/hit – Handle bkpt trap earlier in process context: 1.0 usec/hit – Handle bkpt trap in interrupt context: 0.9 usec/hit

  21. History Spring 2006: Pre-utrace uprobes prototype skewered on LKML, soon discarded. ● “Probe per-process, not per-executable.” June 2006: Utrace first posted to LKML. Oct 2006: First working prototype (i386) of utrace-based uprobes Winter-Spring 2006-2007: More features, more architectures, more testing April 2007: Uprobes posted to LKML Utrace dropped from -mm tree.

  22. History, cont. Oct 2007: Uprobes tucked into SystemTap runtime. Summer 2008: SystemTap += DWARF-based probing of user apps; utrace revamped Winter 2008-2009: Uprobes refactored (instruction analysis, breakpoint innards, XOL, uprobes API) 2009: Utrace revamped again; ptrace re-implemented as utrace client, again. January 2010: Utrace-based uprobes on LKML March 2010: Utraceless uprobes on LKML

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2

User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2

User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2 Conference Netdev 1.2 Conference Oct 5-7, 2016; Tokyo, Japan User-space TCP Traditionally, TCP stack in kernel space A TCP stack in user space can

557 views • 24 slides
The z=0.89 molecular absorber toward PKS1830-211: molecules as cosmological probes Sbastien

The z=0.89 molecular absorber toward PKS1830-211: molecules as cosmological probes Sbastien

The z=0.89 molecular absorber toward PKS1830-211: molecules as cosmological probes Sbastien Muller Onsala Space Observatory, Sweden Cosmology for All Lund, 2013 Feb. 4 Interests of molecular absorption studies at z&gt;0 - Chemical

499 views • 18 slides
User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira

User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira

User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira (formerly at) SUSE Labs joao.moreira@lsc.ic.unicamp.br Software has bugs, and bugs have to be fixed + security issues + execution degradation + undefined

941 views • 46 slides
Bulk observables vs. hard probes bulk high- p T probes Only few particles with high transverse

Bulk observables vs. hard probes bulk high- p T probes Only few particles with high transverse

Bulk observables vs. hard probes bulk high- p T probes Only few particles with high transverse momenta (or containing heavy quarks), but their production mechanism is a priori better understood (perturbative QCD) can probe their environment

683 views • 30 slides
Recent flow results from LHC Soft probes, hard probes and their interplay You Zhou Niels

Recent flow results from LHC Soft probes, hard probes and their interplay You Zhou Niels

Recent flow results from LHC Soft probes, hard probes and their interplay You Zhou Niels Bohr Institute, University of Copenhagen You Zhou (NBI) @ COST workshop, Lund Anisotropic flow in Pb-Pb collisions Hydro: J. Noronha-Hostler etc,

663 views • 23 slides
Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building

Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building

Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building VI Movement VII Space Planning VIII Materiality IX Spaces I Introduction II User Analysis III Space Matrix IV Concept V Building VI

514 views • 38 slides
secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer &lt;mathias.payer@inf.ethz.ch&gt; 1 Mathias Payer: secuBT - User-Space Virtualization Motivation Virtualizing and encapsulating running programs is important:

693 views • 40 slides
LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel

LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel

Progress report meeting December 2015 LTTng presentation and update mathieu.desnoyers@efcios.com 1 LTTng features Kernel tracing Tracepoints System calls k[ret]probes User-space tracing C/C++ (tracef/tracelog)

527 views • 14 slides
Cosmological Probes of Cosmological Probes of Dark Matter Interactions Dark Matter Interactions

Cosmological Probes of Cosmological Probes of Dark Matter Interactions Dark Matter Interactions

Cosmological Probes of Cosmological Probes of Dark Matter Interactions Dark Matter Interactions Vera Gluscevic Vera Gluscevic Princeton / USC New Directions in the Search for Light Dark Matter Particles Fermilab/KICP (Jun 7, 2019) 1

627 views • 48 slides
Probes in holographic plasmas with unquenched quarks Liuba Mazzanti (University of Santiago de

Probes in holographic plasmas with unquenched quarks Liuba Mazzanti (University of Santiago de

Introduction D3/D7 plasma D7 probes End Probes in holographic plasmas with unquenched quarks Liuba Mazzanti (University of Santiago de Compostela) based on: A. Maga na, J. M as, LM, J. Tarr o [arXiv:1205.xxxx] University of

590 views • 30 slides
ECE 650 Systems Programming &amp; Engineering Spring 2018 User Space / Kernel Interaction Tyler

ECE 650 Systems Programming &amp; Engineering Spring 2018 User Space / Kernel Interaction Tyler

ECE 650 Systems Programming &amp; Engineering Spring 2018 User Space / Kernel Interaction Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Operating System Services User and other system programs GUI batch Command

346 views • 13 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
NetSlices: Scalable Mul/-Core Packet Processing in User-Space

NetSlices: Scalable Mul/-Core Packet Processing in User-Space

NetSlices: Scalable Mul/-Core Packet Processing in User-Space Tudor Marian, Ki Suh Lee, Hakim Weatherspoon Cornell University Presented by Ki Suh

543 views • 29 slides
The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G

The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G

The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G School of Media Sciences , Rochester Institute of Technology May 17 th , 2017 OUTLINE Introduction Topic Statement Theoretical basis

500 views • 30 slides
Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers Device Drivers User User space program User User level I/O software &amp; libraries Kernel space Device independent OS software Operating

765 views • 5 slides
Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences

Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences

Linux Plumbers Conference 2016 Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences mathieu.desnoyers@efcios.com What are Restartable Sequences (rseq) ? Idea originating from Paul Turner and Andrew Hunter (Google),

349 views • 24 slides
Dense Encoding for Video-to-Text Matching Jianfeng Dong 1 , Xirong Li 2 , Chaoxi Xu 2 , Jing Cao 2

Dense Encoding for Video-to-Text Matching Jianfeng Dong 1 , Xirong Li 2 , Chaoxi Xu 2 , Jing Cao 2

Dense Encoding for Video-to-Text Matching Jianfeng Dong 1 , Xirong Li 2 , Chaoxi Xu 2 , Jing Cao 2 , Xun Wang 1 , Gang Yang 2 1 Zhejiang Gongshang University 2 AI &amp; Media Computing Lab, Renmin University of China Video to Text (VTT) Task @

341 views • 18 slides
7. What Is Joint Action Shared Agency? butterfillS@ceu.hu butterfillS@ceu.hu Outline 1. The

7. What Is Joint Action Shared Agency? butterfillS@ceu.hu butterfillS@ceu.hu Outline 1. The

7. What Is Joint Action Shared Agency? butterfillS@ceu.hu butterfillS@ceu.hu Outline 1. The leading philosophical approach to shared agency 2. Limits of this approach 3. (Building blocks for) an alternative approach 4. Motor representation

1.15k views • 73 slides
Lecture 04: Understanding System Calls System calls are functions that user programs use to

Lecture 04: Understanding System Calls System calls are functions that user programs use to

Lecture 04: Understanding System Calls System calls are functions that user programs use to interact with the OS and request some core service be executed on their behalf. Examples of system calls we've already seen this quarter: open ,

108 views • 8 slides
Static instrumentation based on executable file formats About Romain Thomas - Security

Static instrumentation based on executable file formats About Romain Thomas - Security

Romain Thomas - rthomas@quarkslab.com Static instrumentation based on executable file formats About Romain Thomas - Security engineer at Quarkslab Working on various topics: Android, (de)obfuscation, software protection and reverse

1.04k views • 77 slides
Stephen Checkoway , Lucas Davi , Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel

Stephen Checkoway , Lucas Davi , Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel

Stephen Checkoway , Lucas Davi , Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy ACM CCS 2010, Chicago, USA System Security Lab Ruhr-University Bochum Ad hoc defense against code injection: W X DEP

525 views • 17 slides
Native Client: A sandbox for portable, untrusted x86 native code Bennet Yee, David Sehr, Gregory

Native Client: A sandbox for portable, untrusted x86 native code Bennet Yee, David Sehr, Gregory

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Native Client: A sandbox for portable, untrusted x86 native code Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki

170 views • 13 slides
Tail-Call Optimization Principles of Programming Languages Colorado School of Mines

Tail-Call Optimization Principles of Programming Languages Colorado School of Mines

Tail-Call Optimization Principles of Programming Languages Colorado School of Mines https://lambda.mines.edu CSCI-400 1 Recursion is a beautiful way to express many algorithms, as it typically makes our algorithm easier to prove. 2 Calling a

618 views • 16 slides
The Layers of Larcenys FFI Felix S Klock II pnkfelix@ccs.neu.edu Northeastern University 1

The Layers of Larcenys FFI Felix S Klock II pnkfelix@ccs.neu.edu Northeastern University 1

The Layers of Larcenys FFI Felix S Klock II pnkfelix@ccs.neu.edu Northeastern University 1 Larcenys Foreign Function Interface Larceny GC, compiler research FFI cannot constrain system design Experience report For implementors . .

1k views • 98 slides

More recommend