reverse debugging of kernel failures
play

Reverse Debugging of Kernel Failures in Deployed Systems Xinyang - PowerPoint PPT Presentation

Feb 09, 2023 •380 likes •593 views

Reverse Debugging of Kernel Failures in Deployed Systems Xinyang Ge, Ben Niu and Weidong Cui Microsoft Research USENIX Annual Technical Conference, 2020 What happened before the crash? REPT: Reverse Execution with Processor Trace REPT:

  1. Reverse Debugging of Kernel Failures in Deployed Systems Xinyang Ge, Ben Niu and Weidong Cui Microsoft Research USENIX Annual Technical Conference, 2020

  2. What happened before the crash?

  4. REPT: Reverse Execution with Processor Trace

  5. REPT: Reverse Execution with Processor Trace • A practical reverse debugging solution for user- mode failures [OSDI’18] • Online hardware tracing (e.g., Intel Processor Trace) • Log the control flow with timestamps • Low runtime overhead (1-5%) • No data! • Offline binary analysis • Recovers data flow from the control flow How to make REPT support the kernel?

  6. How REPT works? USER KERNEL

  7. How REPT works? USER KERNEL

  8. How REPT works? USER KERNEL

  9. How REPT works? USER KERNEL

  10. How REPT works? rax=?,rbx=? add rax,rbx rax=3,rbx=1 USER KERNEL

  11. How REPT works? rax=2 ,rbx=1 add rax,rbx rax=3,rbx=1 USER KERNEL

  12. Can we simply inverse the tracing?

  13. Can we simply inverse the tracing? • There are too many processes/threads on a system • High memory overhead for tracing • Hardware events must be emulated in addition to CPU instructions • Interrupts • Exceptions • System calls

  14. Here comes Kernel REPT…

  15. USER KERNEL context switch … is irreversible, and we log it in software.

  16. USER KERNEL syscalls interrupts/ exceptions

  17. Kernel Stack Interrupt Descriptor Table SS INTERRUPT GATE 0 RSP INTERRUPT GATE 1 RFLAGS INTERRUPT GATE 2 CS RIP Error Code Stack Pointer INTERRUPT GATE N USER KERNEL syscalls interrupts/ exceptions Different events can have different architectural effects

  18. That’s it?

  19. Automated Analyses • A common bug pattern: missing undo operations • EnterCriticalRegion vs LeaveCriticalRegion • Root-Cause Analysis • Scan the kernel execution trace to find missing undo operations • Proactive Bug Detector • Sanitize the kernel execution based on specified invariants • 17 new bugs found and fixed!

  20. Demo

  21. Conclusion • Debugging production kernel failures is hard • REPT now supports the reverse debugging of the kernel • Per-core control flow tracing in hardware • Context switch logging in software • Recovers data flow via CPU instruction and hardware event emulation • REPT enables automated analysis beyond reverse debugging • Root-cause analysis • Sanitizing analysis

Recommend

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris

REPT: Reverse Debugging of Failures in Deployed Software Weidong Cui 1 , Xinyang Ge 1 , Baris Kasikci 2 , Ben Niu 1 , Upamanyu Sharma 2 , Ruoyu Wang 3 , and Insu Yun 4 Microsoft Research 1 University of Michigan 2 Arizona State University 3 Georgia

700 views • 31 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging

Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging

Kernel Debugging and Virtualization John Baldwin January 15, 2015 What is Kernel Debugging Step in Kernel Development Post-Mortem Crash Analysis Live Inspection Performance Analysis Userland Debugging Wait, Userland

216 views • 10 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May

Introduction to Debugging the Introduction to Debugging the FreeBSD Kernel FreeBSD Kernel May 17, 2008 John Baldwin jhb@FreeBSD.org Introduction Introduction Existing Documentation DDB kgdb Debugging Strategies 2 Existing

640 views • 26 slides
Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019 http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematjcs and physics faculty of mathematjcs and physics Vlastimil Babka vbabka@suse.cz

1.6k views • 62 slides
Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures Baris Kasikci, Benjamin Schubert, Cristiano Pereira, Gilles Pokam, George Candea Debugging In-Production Software Failures Today 2 Debugging

937 views • 93 slides
The Kernel Abstrac/on Debugging as Engineering Much of your

The Kernel Abstrac/on Debugging as Engineering Much of your

The Kernel Abstrac/on Debugging as Engineering Much of your /me in this course will be spent debugging In industry, 50% of soBware dev is

883 views • 50 slides
Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis

Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis

Attacking the Windows Kernel Below The Root Jonathan Lindsay, Reverse Engineer in extremis Introduction Limited to Windows, and aimed at IA32: Outline of protected mode and the kernel Attack vectors Useful tools Examples

672 views • 36 slides
Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut

Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut

Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut Akgul Advisor: Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology March 2004 Outline Background

885 views • 60 slides
WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond

WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond

WebSee: A Tool for Debugging HTML Presentation Failures Sonal Mahajan and William G. J. Halfond Department of Computer Science University of Southern California Web Applications It takes users only 50 ms to form opinion about your website

329 views • 12 slides
Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support

Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support

Kernel support for user debugging: ptrace, utrace, and what's next Roland McGrath Kernel support for user debugging What is ptrace? What is wrong with ptrace? What we do about it? How do we support the next generation of tracing

352 views • 21 slides
Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho (IIJ/WIDE) Bill Owens (NYSERNet) 1 The Problem It is desirable to send data in the fewest number of packets possible Path MTU Discovery

339 views • 19 slides
A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro

A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro

A Technique for Enabling and Supporting Debugging of Field Failures James Clause and Alessandro Orso Georgia Institute of Technology This work was supported in part by NSF awards CCF-0541080 and CCR-0205422 to Georgia Tech. 1 3 Field

1.1k views • 80 slides
Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of

Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of

Instruction-level Reverse Execution for Debugging Tankut Akgul and Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology November 2002 Background Detect an Determine error the bug location(s) Run

263 views • 23 slides
Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique Martinet CEA January 9, 2020 CEA | January 9, 2020 | PAGE 1/75 Introduction 1 Foreword Hands on setup Crash 2 3 Perf SystemTap 4 eBPF:

1.43k views • 85 slides
using Reverse Domination Bao Le, Hratch Mangassarian, Brian Keng, Andreas Veneris University of

using Reverse Domination Bao Le, Hratch Mangassarian, Brian Keng, Andreas Veneris University of

Propelling SAT-based Debugging using Reverse Domination Bao Le, Hratch Mangassarian, Brian Keng, Andreas Veneris University of Toronto Outline SAT-based Design Debugging Introduction Motivation and Previous Work Dominators and

1.94k views • 33 slides
Debugging Enterprise Kernels: A Real World Example Vlastimil Babka Linux Kernel Developer, SUSE

Debugging Enterprise Kernels: A Real World Example Vlastimil Babka Linux Kernel Developer, SUSE

Debugging Enterprise Kernels: A Real World Example Vlastimil Babka Linux Kernel Developer, SUSE Labs vbabka@suse.cz Enterprise Linux Distro (including Kernel) The software installation (e.g. ISO) itself is free (and open source, obviously)

933 views • 54 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides
Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Welcome to Advanced .NET Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production Challenges in debugging Production issues Production Environment Debugging Timeline Tools for .NET Debugging Review 3

622 views • 47 slides
Key Roll issue Roy Arends, Nominet UK 1 September 10th 19:38:11 2 2 kernel panic This

Key Roll issue Roy Arends, Nominet UK 1 September 10th 19:38:11 2 2 kernel panic This

Key Roll issue Roy Arends, Nominet UK 1 September 10th 19:38:11 2 2 kernel panic This was related to an HSM driver We were unable to reproduce the kernel panic Hardware failures happen That is why we over-provision 3 3 Critical, but

374 views • 15 slides
Kernel Crash Logging and Core Dump Cong Wang <amwang@redhat.com> Software Engineer Red Hat

Kernel Crash Logging and Core Dump Cong Wang <amwang@redhat.com> Software Engineer Red Hat

Kernel Crash Logging and Core Dump Cong Wang <amwang@redhat.com> Software Engineer Red Hat 1 Why we need these? We want to diagnose kernel failures Kernel logging messages may be lost in user-space We want to gather as much useful

666 views • 14 slides
Debugging OVS Jus.n Pe0t April 14, 2011 Main Components

Debugging OVS Jus.n Pe0t April 14, 2011 Main Components

Debugging OVS Jus.n Pe0t April 14, 2011 Main Components Control Cluster Off-box ovsdb-server ovs-vswitchd User Kernel Management Protocol

531 views • 20 slides

More recommend