systematic testing of fault handling code in linux kernel
play

Systematic Testing of Fault Handling Code in Linux Kernel Alexey - PowerPoint PPT Presentation

Dec 21, 2023 •446 likes •910 views

Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences Fault Handling Code 821 error =

  1. Systematic Testing of Fault Handling Code in Linux Kernel Alexey Khoroshilov Andrey Tsyvarev Institute for System Programming of the Russian Academy of Sciences

  2. Fault Handling Code 821 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 822 ip->i_d.di_size, newsize); 823 if (error) 824 return error; ... 852 tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_SIZE); 853 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0); 854 if (error) 855 goto out_trans_cancel; ... 925 out_unlock: 926 if (lock_flags) 927 xfs_iunlock(ip, lock_flags); 928 return error; 929 930 out_trans_abort: 931 commit_flags |= XFS_TRANS_ABORT; 932 out_trans_cancel: 933 xfs_trans_cancel(tp, commit_flags); 934 goto out_unlock;

  3. Fault Handling Code DOING WHAT YOU LIKE IS FREEDOM LIKING WHAT YOU DO IS HAPPINESS

  4. Fault Handling Code DOING WHAT YOU LIKE IS FREEDOM LIKING WHAT YOU DO IS HAPPINESS

  5. Fault Handling Code 821 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 822 ip->i_d.di_size, newsize); 823 if (error) 824 return error; ... 852 tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_SIZE); 853 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_itruncate, 0, 0); 854 if (error) 855 goto out_trans_cancel; ... 925 out_unlock: 926 if (lock_flags) 927 xfs_iunlock(ip, lock_flags); 928 return error; 929 930 out_trans_abort: 931 commit_flags |= XFS_TRANS_ABORT; 932 out_trans_cancel: 933 xfs_trans_cancel(tp, commit_flags); 934 goto out_unlock;

  6. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind

  7. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind ● Practically is not tested ● Is hard to test even if you want to

  8. Fault Handling Code ● Is not so fun ● Is really hard to keep all details in mind ● Practically is not tested ● Is hard to test even if you want to ● Bugs seldom(never) occurs => low pressure to care

  9. Why do we care? ● It beats someone time to time ● Safety critical systems ● Certification authorities

  10. How to improve situation? ● Managed resources + No code, no problems – Limited scope ● Static analysis + Analyzes all paths at once – Detects prescribed set of consequences (mostly local) – False alarms ● Run-time testing + Detects even hidden consequences + Almost no false alarms – Tests are needed – Specific hardware may be needed (for drivers testing)

  11. Run-Time Testing of Fault Handling ● Manually targeted test cases + The highest quality – Expensive to develop and to maintain – Not scalable ● Random fault injection on top of existing tests + Cheap – Oracle problem – No any guarantee – When to finish?

  12. Systematic Approach ● Hypothesis: ● Existing test lead to deterministic control flow in kernel code ● Idea: ● Execute existing tests and collect all potential fault points in kernel code ● Systematically enumerate the points and inject faults there

  13. Experiments – Outline ● Target code ● Fault injection implementation ● Methodology ● Results

  14. Experiments – Target ● Target code: file system drivers ● Reasons: ● Failure handling is more important than in average ● Potential data loss, etc. ● Same tests for many drivers ● It does not require specific hardware ● Complex enough

  15. Linux File System Layers User Space Application sys_mount, sys_open, sys_read, ... VFS ioctl, Special Purpose: Block Based FS: Network FS: Pseudo FS: sysfs ext4, xfs, btrfs, tmpf s, ramfs, nfs, coda, gfs, proc, sysfs, jfs, ... ocfs, ... ... ... Direct I/O Buffer cache / Page cache network Block I/O layer - Optional stackable devices (md,dm,...) - I/O schedulers Block Driver Block Driver CD Disk

  16. File System Drivers - Size File System Driver Size, LoC JFS 18 KLOC 37 KLoC Ext4 with jbd2 XFS 69 KLoC BTRFS 82 KLoC F2FS 12 KLoC

  17. File System Driver – VFS Interface ● file_system_type ● super_operations ● export_operations ● inode_operations ~100 interfaces in total ● file_operations ● vm_operations ● address_space_operations ● dquot_operations ● quotactl_ops ● dentry_operations

  18. FS Driver – Userspace Interface File System Driver ioctl sysfs JFS 6 - Ext4 14 13 XFS 48 - BTRFS 57 -

  19. FS Driver – Partition Options File System Driver mount options mkfs options JFS 12 6 Ext4 50 ~30 XFS 37 ~30 BTRFS 36 8

  20. FS Driver – On-Disk State File System Hierarchy * File Size * File Attributes * File Fragmentation * File Content (holes,...)

  21. FS Driver – In-Memory State ● Page Cache State ● Buffers State ● Delayed Allocation ● ...

  22. Linux File System Layers User Space Application 100 interfaces sys_mount, sys_open, sys_read, ... 30-50 interfaces VFS ioctl, Special Purpose: Block Based FS: Network FS: Pseudo FS: sysfs tmpf s, ramfs, ext4, xfs, btrfs, nfs, coda, gfs, proc, sysfs, jfs, ... ocfs, ... ... ... VFS State* Direct I/O Buffer cache / Page cache network FS Driver State Block I/O layer - Optional stackable devices (md,dm,...) 30 mount opts - I/O schedulers 30 mkfs opts File System State Block Driver Block Driver CD Disk

  23. FS Driver – Fault Handling ● Memory Allocation Failures ● Disk Space Allocation Failures ● Read/Write Operation Failures

  24. Fault Injection - Implementation ● Based on KEDR framework * ● intercept requests for memory allocation/bio requests ● to collect information about potential fault points ● to inject faults ● also used to detect memory/resources leaks (*) http://linuxtesting.org/project/kedr

  25. KEDR Workflow http://linuxtesting.org/project/kedr

  26. Experiments – Tests ● 10 deterministic tests from xfstests * ● generic/ ● 001-003, 015, 018, 020, 053 ● ext4/ ● 002, 271, 306 ● Linux File System Verification ** tests ● 180 unit tests for FS-related syscalls / ioctls ● mount options iteration (*) git://oss.sgi.com/xfs/cmds/xfstests (**) http://linuxtesting.org/spruce

  27. Experiments – Oracle Problem ● Assertions in tests are disabled ● Kernel oops/bugs detection ● Kernel assertions, lockdep, memcheck, etc. ● KEDR Leak Checker

  28. Experiments – Methodology ● Collect source code coverage of FS driver on existing tests ● Collect source code coverage of FS driver on existing tests with fault simulation ● Measure an increment

  29. Methodology – The Problem ● If kernel crashes code, coverage results are unreliable

  30. Methodology – The Problem ● If kernel crashes code, coverage results are unreliable ● As a result ● Ext4 was analyzed only ● XFS, BTRF, JFS, F2FS, UbiFS, JFFS2 crashes and it is too labor and time consuming to collect reliable data

  31. Experiment Results

  32. Systematic Approach ● Hypothesis: ● Existing test lead to deterministic control flow in kernel code ● Idea: ● Execute existing tests and collect all potential fault points in kernel code ● Systematically enumerate the points and inject faults there

  33. Complete Enumeration Fault points Expected Time Xfstests (10 system tests) 270 327 2,5 years LFSV (180 unit tests*76 mount options) 488 791 7 months

  34. Possible Idea ● Unit test structure ● Preamble ● Main actions ● Checks ● Postamble ● What if account fault points inside main actions?

  35. Complete Enumeration Fault points Expected Time Xfstests (10 system tests) 270 327 2,5 years LFSV (180 unit tests) 488 791 7 months LFSV (180 unit tests) – main part only 9 226 1,5 hours ● that gives 311 new lines of code covered ● i.e. 18 seconds per line

  36. Another Idea ● Automatic filtering ● e.g. by Stack Trace of fault point

  37. LFSV Tests Increment Time Cost new lines min seconds/line LFSV without fault simulation - 110 - LFSV – main only – no filter 311 92 18 LFSV – main only – stack filter 266 2 0.45 LFSV – whole test – no filter unfeasible LFSV – whole test – stack filter 333 4 0.72

  38. Main-only vs. Whole + More scalable + 2-3 times more cost effective + Better coverage – Manual work => ● expensive ● error-prone ● unscalable

  39. Unit tests vs. System tests Increment Time Cost new lines min second/line LFSV – whole test – stack filter 333 4 0.72 LFSV – whole test – stackset filter 354 9 1.53 Xfstests – stack filter 423 90 13 Xfstests – stackset filter 451 237 31 + Better coverage + 10-30 times more cost effective

  40. Systematic vs. Random Increment Time Cost new lines min second/line Xfstests without fault simulation - 2 - Xfstests+random(p=0.01,repeat=200) 380 152 24 Xfstests+random(p=0.02,repeat=200) 373 116 19 Xfstests+random(p=0.05,repeat=200) 312 82 16 Xfstests+random(p=0.01,repeat=400) 451 350 47 Xfstests+stack filter 423 90 13 Xfstests+stackset filter 451 237 31

  41. Systematic vs. Random + Cover double faults + 2 times more cost effective – Unpredictable + Repeatable results – Nondeterministic – Requires more complex engine

Recommend

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

586 views • 48 slides
Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016, Berlin Marcin Bis marcin@bis-linux.com +48 607 075 848 Training ( http://bis-linux.com ): Embedded Linux Yocto Linux Device Drivers Development

770 views • 50 slides
Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao

Did you care for purity of your Linux BSP Computer aided BSP kernel sanity check Yaminabe2 execution and trial result conclusion Digitalization of Kernel Diversion from the Upstream T o minimize local code modifications Hisao Munakata Linux

682 views • 52 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen Roskilde University IETF 86, 12th March 2013 1 / 31 Outline Introduction Recent changes in the Linux kernel Testing methodology and best practices

689 views • 31 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection

Linux Kernel Networking Raoul Rivas Kernel vs Application Programming No memory protection Memory Protection We share memory with Segmentation Fault devices, scheduler Preemption Sometimes no preemption Scheduling

377 views • 25 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is

Linux Device Drivers Modules A piece of code that can be added to the kernel at runtime is called a module A device driver is one kind of module Each module is made up of object code that can be dynamically linked to the running

388 views • 28 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a

TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a

TOS Arno Puder 1 Device Drivers Code that manages the details of interacting with a particular piece of hardware Interacting with hardware includes handling I/O and interrupts Linux kernel (2.6.x): 2.3 million lines of code in

565 views • 33 slides
A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel

A Fault Tolerant Virtualization Server Based on Xen Jrgen Gro Virtualization Kernel Developer SUSE Linux GmbH, jgross@suse.com Status Quo Standard Xen Virtualization Server dom0 HVM pv Net- Block- xenstore qemu backend backend

421 views • 23 slides
Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019 http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematjcs and physics faculty of mathematjcs and physics Vlastimil Babka vbabka@suse.cz

1.6k views • 62 slides
Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D.

Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D.

Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D. cl@linux.com Collaboration Summit, Napa Valley, 2014 Non Uniform Memory access in the Linux Kernel Memory is segmented into nodes so that

518 views • 12 slides
Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January The Linux of Things | #LCA2019 | @linuxconfau 2019 Christchurch, NZ Making C Less Dangerous in the Linux Kernel Linux Conf AU January 25,

505 views • 29 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
service in Linux Kernel Vikas Shivappa (vikas.shivappa@linux.intel.com) 1 Agenda Problem

service in Linux Kernel Vikas Shivappa (vikas.shivappa@linux.intel.com) 1 Agenda Problem

Introduction to Cache Quality of service in Linux Kernel Vikas Shivappa (vikas.shivappa@linux.intel.com) 1 Agenda Problem definition Existing techniques Why use Kernel QOS framework Intel Cache qos support Kernel

1.5k views • 32 slides
Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2. Kernel Modules Friedrich Schiller University Jena 3. Char Drivers Department of Mathematics and 4. Advanced Char Drivers Computer Science 5.

531 views • 12 slides

More recommend