gimli server process monitoring fault analysis agenda
play

Gimli: Server Process Monitoring & Fault Analysis Agenda - PowerPoint PPT Presentation

Jan 23, 2023 •190 likes •484 views

Gimli: Server Process Monitoring & Fault Analysis Agenda What problem does Gimli solve? How does it work? How can I leverage Gimli? Where can I get Gimli? How can I contribute to Gimli? 2 The Setting

  1. Gimli: Server Process Monitoring & Fault Analysis

  2. Agenda • What problem does Gimli solve? • How does it work? • How can I leverage Gimli? • Where can I get Gimli? • How can I contribute to Gimli? 2




  3. The Setting • You have software deployed in Production • Production: – has stability and/or downtime requirements – May prohibit gdb and interactive debugging tools for security purposes – May be at the other end of a VPN and/or be subject to draconian access policies 3




  4. The Problem • Your software is manifesting a crash/hang problem in Production • Can’t use gdb: – Takes too long to poke around – May not be able to run gdb • Getting a usable core file is hard: – Big server processes leave big cores – Can’t debug the core on the box – Can’t get the core back to your box • How can you effectively get a bead on the issue? 4




  5. Gimli – a solution in 2 parts • Monitor: supervises your target process – Optional watchdog support via heartbeat – If a fault is detected (crash, hang) invokes the analysis component, then re-spawns the target process • Glider (the analyzer): – Pstack on steroids – DWARF-3 assisted stack unwinding – Full backtrace and deep structure printing – Optional extension modules to augment trace • Runs on: Linux, Solaris, Darwin OS/X. – i386, x86_64/amd64. – Incomplete support for Solaris Sparc (mostly there!) 5




  6. The Gimli Monitor • A bit like “init”, but focused on a single process • Detaches from the terminal and establishes a new session • Spawns the child process and monitors: – Did the child exit abnormally (signalled)? – Did the child get STOP’d? – If the child opted in to hearbeat, did its heart stop beating? • If one of these conditions triggers, and the process is still running, the Glider is invoked • The process is then respawned (and throttled if respawning too fast) 6




  7. Monitor options • All options can be command line, environmental or in a config file • Watchdog interval – heart must beat at least once in this many seconds • Detach, setstid: alter daemonizing behavior • Trace-dir – where to record trace files • Pidfile – where to store pidfile • Uid, gid – setuid/setgid to the specified user before spawning the child • Respawn-frequency – brake on respawning to avoid hammering the system 7




  8. Heart beat • Monitor assumes that the child does not support heartbeat until it beats at least once • Two mechanisms for heart beat: – Simple: kill(getppid(), SIGUSR1) • Easy for scripts to implement – Shared Memory via libgimli: • hb = gimli_heartbeat_attach() • gimli_heartbeat_set(hb, GIMLI_HB_RUNNING); 8




  9. Effective Heart beat • Intended to issue one heart beat per iteration of the main loop in your app • If it stops ticking over at least once every watchdog interval (60 seconds by default), it is deemed to have hanged • Generally not good to heart beat inside utility functions; better to keep it at the higher level in the app to avoid false negatives • Exception to this rule might be an infrequent but long running function 9




  10. Trapping Faults • If you don’t install a signal handler, the Monitor won’t be able to trap a fault and generate a trace • libgimli provides a gimli_establish_signal_handlers() to set up suitable fault trapping • Handler: – Clears signal handler so a double fault will kill us – SIGSTOP’s self; monitor is notified via SIGCHLD – When it resumes, calls an application supplied shutdown hook – Sends the faulting signal to itself so that it terminates abnormally 10




  11. Tracing • When the Monitor decides that the child is dead, it initiates tracing • Creates a file named appname.pid.trc in the specified trace dir (default: /tmp) • Emits a header describing the reason for the fault and when it happened • Spawns Glider and has its output append to the trace file 11




  12. Trace Header This is a trace file generated by Gimli. Process: pid=6704 /path/to/faulty‐app Traced because: fault detected Time of trace: (1278702746) Fri Jul 9 15:12:26 2010 Invoking trace program: /opt/msys/gimli/bin/glider 12




  13. The Gimli Glider • Name comes from a combination of well known Dwarf and Elf fantasy literature and an incident in Manitoba where an aircraft ran out of fuel • Fundamental purpose is to get a stack trace of all threads in the target process in a human readable form • Uses DWARF-3 debugging information – gcc -gdwarf-2 -g3 • Extracts siginfo from signal trampolines to show more detail about the fault 13




  14. Example partial trace Thread 0 (LWP 6704) #0 0x00000035ad69a1a1 /lib64/libc‐2.5.so`nanosleep+41 #1 0x00000035ad699fc3 /lib64/libc‐2.5.so`sleep+93 #2 0x00002b029434bde6 /opt/msys/3rdParty/lib/perl5/5.10.0/x86_64‐linux‐thread‐ multi/CORE/libperl.so`Perl_pp_sleep+56 (pp_sys.c:4525) PerlInterpreter *my_perl = 0x6ff2010 (/opt/msys/3rdParty/bin/perl`0x6ff2010) [deref'ing my_perl] PerlInterpreter @ 0x6ff2010 = { SV **Istack_sp = 0x71938c8 (/opt/msys/3rdParty/bin/perl`0x71938c8) OP *Iop = 0x7cd8f30 (/opt/msys/3rdParty/bin/perl`0x7cd8f30) SV **Icurpad = 0x7019fc0 (/opt/msys/3rdParty/bin/perl`0x7019fc0) SV **Istack_base = 0x71938c0 (/opt/msys/3rdParty/bin/perl`0x71938c0) SV **Istack_max = 0x71958a8 (/opt/msys/3rdParty/bin/perl`0x71958a8) I32 *Iscopestack = 0x76331c0 (/opt/msys/3rdParty/bin/perl`0x76331c0) I32 Iscopestack_ix = 5 (0x5) I32 Iscopestack_max = 108 (0x6c) 14




  15. Glider vs pstack • Pstack is terse, does not include file:line info • Glider is verbose (full backtrace) • Glider is extensible 15




  16. Extending Glider • It is often necessary to get more than just a stack trace out of a faulting application • Want a readable snapshot of important datastructures like: – Circular log buffer – Stats – State machine dumps – Memory utilization • Glider provides an API for extracting this type of data from your process 16




  17. Gimli Modules • Gimli modules are shared objects that are loaded and executed by the glider process, not the target, faulting process • Glider examines the mapped objects in the target process and locates corresponding gimli modules. • Example: if I link against libfoo.so, gimli looks for a gimli_libfoo.so • If a module in the target has a “gimli_tracer_module_name” symbol, it is interpreted as the name of a module to load in the glider instead 17




  18. Glider Modules • Gimli modules export a function named “gimli_ana_init” which is invoked when the module is loaded into the Glider • It is expected to return a Gimli module structure that allows the module to hook into aspects of the tracing • When all the modules have been loaded, the trace begins • Can intercept each threads trace and each frame of the trace – Can either emit additional info or suppress the item • After the stack trace, modules have their generic tracing hook invoked to allow arbitrary other data to be emitted 18




  19. Glider API: libgimli_ana.h • Provides functions that: – resolve symbols – Reverse map an address to a symbol – Copy memory from the target process – Copy a string from the target process – Get source (file:line) information for an address – Examine DWARF parameter information for a named parameter in a given stack frame 19




  20. Extracting data from globals • Given the following global data in the target, how can I print it out in my Gimli module? char *my_str_ptr = “hello”; int my_int; char my_str[1024]; struct foo { int value; } my_foo; struct foo *my_foo_ptr = &my_foo; 20




  21. static void perform_trace(const struct gimli_ana_api *api, const char *object) { // First the string pointer char *s = api‐>get_string_symbol(object, “my_str_ptr”); printf(“%s\n”, s ? s : “null”); 21




  22. // Now the int. The 0 below means don’t deref int ival; if (api‐>copy_from_symbol(object, “my_int”, 0, &ival, sizeof(ival)) { printf(“my_int: %d\n”, ival); } 22




  23. // Now the string buffer char buf[1024]; if (api‐>copy_from_symbol(object, “my_str”, 0, &buf, sizeof(buf)) { printf(“my_str: %s\n”, buf); } 23




  24. // Now the foo struct; you need to #include its // definition, or re‐declare it here struct foo f; if (api‐>copy_from_symbol(object, “my_foo”, 0, &f, sizeof(f)) { printf(“foo.value: %d\n”, f.value); } if (api‐>copy_from_symbol(object, “my_foo_ptr”, 1, &f, sizeof(f)) { // 1 = deref once printf(“foo_ptr‐>value: %d\n”, f.value); } 24




  25. Making an address human readable // Some address I plucked from the target void *addr = ???; // What is the closest symbol? char buf[1024]; printf(“%p = %s\n”, addr, api‐>sym_name(addr, buf, sizeof(buf)); // Gives: 0x00000035ad699fc3 = /lib64/libc‐2.5.so`sleep+93 25




  26. File:line info // if it is code, what’s the file and line? int line; if (api‐>get_source_info(addr, buf, sizeof(buf), &line)) { printf(“%p => %s:%d\n”, addr, buf, line); } 26




Recommend

Batch Modeling and Process Monitoring Geir Rune Flten Agenda CAMO Batch analysis

Batch Modeling and Process Monitoring Geir Rune Flten Agenda CAMO Batch analysis

Batch Modeling and Process Monitoring Geir Rune Flten Agenda CAMO Batch analysis background Challenges CAMOs approach Example Alternative strategies Demo Next Steps We Develop Multivariate Data Analysis

683 views • 37 slides
CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

1 Tr n H i Anh Distributed System CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault tolerance 2. Process resilience 3. Reliable client-Server Communication 4. Reliable Group Communication 5.

966 views • 50 slides
Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan

Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan

Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan Leurent, Mara Naya-Plasencia, Lo Perrin, Andr Schrottenloher, Ferdinand Sibleyras Inria, France Context Gimli is a permutation proposed by

529 views • 7 slides
Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing

Mathieu Deous Julien Reveret Forensic analysis of a Linux web server 1 www.nbs-system.com Agenda Who are we ? Performing forensic analysis on a compromised web server What to search, where, how ? Logs but also dynamic analysis What

603 views • 28 slides
DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa,

DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa,

DB server limits (process/sessions) DB server limits (process/sessions) Carlos Fernando Gamboa, BNL Andrew Wong, TRIUMF WLCG Collaboration Workshop, CERN Geneva, April 2008. DB server limits (process/sessions) DB server limits

472 views • 21 slides
On the Use of Extents Material Balance Equations Energy Balance for Process Monitoring and

On the Use of Extents Material Balance Equations Energy Balance for Process Monitoring and

Extents for Process Monitoring Motivation Problem Statement System Description On the Use of Extents Material Balance Equations Energy Balance for Process Monitoring and Fault Diagnosis Equations Transformation to Vessel Extents

692 views • 19 slides
JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers Shivam Bhasin Temasek Labs @ NTU ASK 2018, Kolkata, India 15 Nov 2018 Table of Contents 1. Introduction to Fault Attacks 2. Persistent Fault Analysis (PFA) 3. PFA on Fault

588 views • 19 slides
Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation Matthieu Rivain Oberthur Technologies & Univ. of Luxembourg 04/24/09 | Session ID: CRYP-403 Session Classification: Agenda RSA and Fault Analysis A New

421 views • 27 slides
A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel Developer SUSE Linux GmbH, jgross@suse.com Status Quo Standard Xen Virtualization Server dom0 HVM pv Net- Block- xenstore qemu backend backend

421 views • 23 slides
Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010 May 03-06, 2010, Stellenbosch, South Africa Differential Fault Analysis of HC-128 Outline Fault analysis

374 views • 24 slides
JVM Web Application Metrics & Monitoring FOLIO @krrrr38 2 3 1. 2. 3. JVM Web

JVM Web Application Metrics & Monitoring FOLIO @krrrr38 2 3 1. 2. 3. JVM Web

JVM Web Application Metrics & Monitoring FOLIO @krrrr38 2 3 1. 2. 3. JVM Web Application 4 5 Metrics 6 Metrics JVM http JMX jcmd, jstat, ... 7 Metrics server/process pull /push 8 pull /push push server -(process)->

528 views • 36 slides
Monitoring your CSS Hardware Alan Lechtenberg University of Washington Can I Monitoring my CSS

Monitoring your CSS Hardware Alan Lechtenberg University of Washington Can I Monitoring my CSS

I Didnt Know You Could Do That Monitoring your CSS Hardware Alan Lechtenberg University of Washington Can I Monitoring my CSS Hardware? Youve licensed a CSS machine running on your Dell server. How will you know if the server is

122 views • 11 slides
Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent Monitoring Networks Networks Heterogeneous Intelligent Monitoring Jing Deng Department of Computer Science University of North Carolina at

335 views • 18 slides
INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE

INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE

INFRASTRUCTURE Fault Detection at Scale INFRASTRUCTURE Giacomo Bagnoli Production Engineer, PE Network Monitoring Monitoring the network How and what NetNORAD NFI Agenda TTLd Netsonar Lessons learned

554 views • 34 slides
Nonlinear Autoregressive with Exogenous Wathiq R Abed #UDT2019 Outline Aim of Fault

Nonlinear Autoregressive with Exogenous Wathiq R Abed #UDT2019 Outline Aim of Fault

Unmanned Marine Vehicles Motor Fault Classifier Based on Nonlinear Autoregressive with Exogenous Wathiq R Abed #UDT2019 Outline Aim of Fault diagnosis and condition monitoring Task Major Faults in electrical Machines Fault

274 views • 9 slides
Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Reliability Maintenance and Managing Risk Conference 2019 Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya Supportability Systems Engineer Northrop Grumman Alpana.Gangopadhyaya@ngc.com Phone Number

466 views • 18 slides
RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frdric Boniol, David Doose 5

RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frdric Boniol, David Doose 5

Introduction Fault Model Strategies Scheduling Analysis Performance Conclusions RTNS: Scheduling Analysis under Fault Bursts Florian Many, Frdric Boniol, David Doose 5 November 2010 RTNS: Scheduling Analysis under Fault Bursts 1 / 25

259 views • 21 slides
Effjcient Monitoring and Root Cause Analysis in Complex Systems Witek Bedyk Agenda

Effjcient Monitoring and Root Cause Analysis in Complex Systems Witek Bedyk Agenda

Effjcient Monitoring and Root Cause Analysis in Complex Systems Witek Bedyk Agenda Benefjts of robust monitoring Measurements vs. Alarms Importance of Alarms Correlation Effective Alerting Self-healing Why is

725 views • 34 slides
WP8 Monitoring seismicity and fluid activity near the fault using existing cabled and autonomous

WP8 Monitoring seismicity and fluid activity near the fault using existing cabled and autonomous

1 WP8 Monitoring seismicity and fluid activity near the fault using existing cabled and autonomous multiparameter seafloor instrumentation MARSITE KICK-OFF MEETING ISTANBUL, December, 19-20, 2012 WP8 Presentation 2 Objectives -To implement

433 views • 21 slides
Flow Modelling Across Faults SPE YP Technical Showcase Event 28 May 2013 Wahab Ahmed Agenda

Flow Modelling Across Faults SPE YP Technical Showcase Event 28 May 2013 Wahab Ahmed Agenda

Flow Modelling Across Faults SPE YP Technical Showcase Event 28 May 2013 Wahab Ahmed Agenda Faults-Introduction Fault Pattern Fault Zone Properties Fault Permeability, Fault Thickness Fault Transmissibility Multiplier

614 views • 28 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
San Andreas The Influence of Temperature, Sliding Velocity, and Rock Fault Analysis Composition

San Andreas The Influence of Temperature, Sliding Velocity, and Rock Fault Analysis Composition

San Andreas The Influence of Temperature, Sliding Velocity, and Rock Fault Analysis Composition at Depth On Fault Mechanics Background San Andreas Fault Observatory at Depth (SAFOD) Sample recovery of cores containing the two

410 views • 8 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides

More recommend