tolerating hardware device failures in software
play

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew - PowerPoint PPT Presentation

Mar 09, 2023 •323 likes •779 views

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

  1. Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison

  2. Current state of OS-hardware interaction • Many device drivers assume device perfection » Common Linux network driver: 3c59x .c While (ioread16(ioaddr + Wn7_MasterStatus)) & 0x8000) ; HANG! Hardware dependence bug: Device malfunction can crash the system 10/12/2009 Tolerating Hardware Device Failures in Software

  3. Current state of OS-hardware interaction • Hardware dependence bugs across driver classes void hptitop_iop_request_callback(...) { arg= readl(...); ... if (readl(&req->result) == IOP_SUCCESS) { arg->result = HPT_IOCTL_OK; } } Highpoint SCSI driver(hptiop.c) *Code simplified for presentation purposes 10/12/2009 Tolerating Hardware Device Failures in Software

  4. How do the hardware bugs manifest? • Drivers often trust hardware to always work correctly » Drivers use device data in critical control and data paths » Drivers do not report device malfunctions to system log » Drivers do not detect or recover from device failures 10/12/2009 Tolerating Hardware Device Failures in Software

  5. An example: Windows servers • Transient hardware failures caused 8% of all crashes and 9% of all unplanned reboots [1] » Systems work fine after reboots » Vendors report returned device was faultless • Existing solution is hand-coded hardened driver: » Crashes reduced from 8% to 3% • Driver isolation systems not yet deployed [1] Fault resilient drivers for Longhorn server, May 2004. Microsoft Corp. 10/12/2009 Tolerating Hardware Device Failures in Software

  6. Carburizer • Goal: Tolerate hardware device failures in software through hardware failure detection and recovery • Static analysis tool - analyze and insert code to: » Detect and fix hardware dependence bugs » Detect and generate missing error reporting information • Runtime » Handle interrupt failures » Transparently recover from failures 10/12/2009 Tolerating Hardware Device Failures in Software

  7. Outline • Background • Hardening drivers • Reporting errors • Runtime fault tolerance • Cost of carburizing • Conclusion 10/12/2009 Tolerating Hardware Device Failures in Software

  8. Hardware unreliability • Sources of hardware misbehavior: » Device wear-out, insufficient burn-in » Bridging faults » Electromagnetic radiation » Firmware bugs • Result of misbehavior: » Corrupted/stuck-at inputs » Timing errors/unpredictable DMA » Interrupt storms/missing interrupts 10/12/2009 Tolerating Hardware Device Failures in Software

  9. Vendor recommendations for driver developers Recommendation Summary Recommended by Intel Sun MS Linux    Validation Input validation    Read once& CRC data   DMA protection    Infinite polling Timing  Stuck interrupt Goal: Automatically implement as many recommendations as  Lost request possible in commodity drivers  Avoid excess delay in OS   Unexpected events    Report all failures Reporting   Recovery Handle all failures   Cleanup correctly    Do not crash on failure     Wrap I/O memory access 10/12/2009 Tolerating Hardware Device Failures in Software

  10. Carburizer architecture Compile-time components Run-time components OS Kernel Kernel Interface Carburizer If (c==0) { . print (“Driver Carburizer init”); Compiler } If (c==0) { . . . print (“Driver Runtime init”); Hardened } . . Driver Binary Driver Faulty Hardware 10/12/2009 Tolerating Hardware Device Failures in Software

  11. Outline • Background • Hardening drivers » Finding sensitive code » Repairing code • Reporting errors • Runtime fault tolerance • Cost of carburizing • Conclusion 10/12/2009 Tolerating Hardware Device Failures in Software

  12. Hardening drivers • Goal: Remove hardware dependence bugs » Find driver code that uses data from device » Ensure driver performs validity checks • Carburizer detects and fixes hardware bugs from » Infinite polling » Unsafe static/dynamic array reference » Unsafe pointer dereferences » System panic calls 10/12/2009 Tolerating Hardware Device Failures in Software

  13. Hardening drivers • Finding sensitive code » First pass: Identify tainted variables 10/12/2009 Tolerating Hardware Device Failures in Software

  14. Finding sensitive code First pass: Identify tainted variables Tainted int test () { Variables a = readl(); a b = inb(); b c = b; c d = c + 2; d return d; test() } e int set() { e = test(); } 10/12/2009 Tolerating Hardware Device Failures in Software

  15. Detecting risky uses of tainted variables • Finding sensitive code » Second pass: Identify risky uses of tainted variables • Example: Infinite polling » Driver waiting for device to enter particular state » Solution: Detect loops where all terminating conditions depend on tainted variables 10/12/2009 Tolerating Hardware Device Failures in Software

  16. Example: Infinite polling Finding sensitive code static int amd8111e_read_phy(………) { ... reg_val = readl(mmio + PHY_ACCESS); while (reg_val & PHY_CMD_ACTIVE) reg_val = readl(mmio + PHY_ACCESS) . } AMD 8111e network driver(amd8111e.c) 10/12/2009 Tolerating Hardware Device Failures in Software

  17. Not all bugs are obvious while (DAC960_PD_StatusAvailableP(ControllerBaseAddress)) { DAC960_V1_CommandIdentifier_T CommandIdentifier= DAC960_PD_ReadStatusCommandIdentifier (ControllerBaseAddress); DAC960_Command_T *Command = Controller ->Commands [CommandIdentifier-1]; DAC960_V1_CommandMailbox_T *CommandMailbox = &Command->V1.CommandMailbox; DAC960_V1_CommandOpcode_T CommandOpcode=CommandMailbox->Common.CommandOpcode; Command->V1.CommandStatus =DAC960_PD_ReadStatusRegister(ControllerBaseAddress); DAC960_PD_AcknowledgeInterrupt(ControllerBaseAddress); DAC960_PD_AcknowledgeStatus(ControllerBaseAddress); switch (CommandOpcode) { case DAC960_V1_Enquiry_Old: DAC960_P_To_PD_TranslateReadWriteCommand(CommandMailbox); … } DAC960 Raid Controller(DAC960.c) 10/12/2009 Tolerating Hardware Device Failures in Software

  18. Detecting risky uses of tainted variables • Example II: Unsafe array accesses » Tainted variables used as array index into static or dynamic arrays » Tainted variables used as pointers 10/12/2009 Tolerating Hardware Device Failures in Software

  19. Example: Unsafe array accesses Unsafe array accesses static void __init attach_pas_card(...) { if ((pas_model = pas_read(0xFF88))) { ... sprintf(temp, “%s rev %d”, pas_model_names[(int) pas_model], pas_read(0x2789)); ... } Pro Audio Sound driver (pas2_card.c) 10/12/2009 Tolerating Hardware Device Failures in Software

  20. Analysis results over the Linux kernel • Analyzed drivers in 2.6.18.8 Linux kernel » 6300 driver source files » 2.8 million lines of code » 37 minutes to analyze and compile code • Additional analyses to detect existing validation code 10/12/2009 Tolerating Hardware Device Failures in Software

  21. Analysis results over the Linux kernel Driver class Infinite Static array Dynamic Panic calls polling array net 117 2 21 2 scsi 298 31 22 121 sound 64 1 0 2 video 174 0 22 22 other 381 9 57 32 Total 860 43 89 179 • Found 992 bugs in driver code Many cases of poorly written drivers with hardware dependence bugs • False positive rate: 7.4% (manual sampling of 190 bugs) 10/12/2009 Tolerating Hardware Device Failures in Software

  22. Repairing drivers • Hardware dependence bugs difficult to test • Carburizer automatically generates repair code » Inserts timeout code for infinite loops » Inserts checks for unsafe array/pointer references » Replaces calls to panic() with recovery service » Triggers generic recovery service on device failure 10/12/2009 Tolerating Hardware Device Failures in Software

  23. Carburizer automatically fixes infinite loops timeout = rdstcll(start) + (cpu/khz/HZ)*2; reg_val = readl(mmio + PHY_ACCESS); while (reg_val & PHY_CMD_ACTIVE) { reg_val = readl(mmio + PHY_ACCESS); if (_cur < timeout) rdstcll(_cur); else Timeout code __recover_driver(); added } AMD 8111e network driver(amd8111e.c) *Code simplified for presentation purposes 10/12/2009 Tolerating Hardware Device Failures in Software

  24. Carburizer automatically adds bounds checks static void __init attach_pas_card(...) { Array bounds check added if ((pas_model = pas_read(0xFF88))) { ... if ((pas_model< 0)) || (pas_model>= 5)) __recover_driver(); . sprintf(temp, “%s rev %d”, pas_model_names[(int) pas_model], pas_read(0x2789)); } Pro Audio Sound driver (pas2_card.c) *Code simplified for presentation purposes 10/12/2009 Tolerating Hardware Device Failures in Software

  25. Runtime fault recovery Driver-Kernel • Low cost transparent recovery Interface » Based on shadow drivers » Records state of driver Taps Shadow Driver » Transparent restart and state replay on failure • Independent of any isolation Device Driver mechanism (like Nooks) Device 10/12/2009 Tolerating Hardware Device Failures in Software

Recommend

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer,

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer,

TOLERATING BUSINESS FAILURES IN HOSTED APPLICATIONS Jean-Sbastien Lgar Dutch T. Meyer, Mark Spear, Alexandru Totolici, Sara Bainbridge, Kalan MacRow, Robert Sumi, Quinlan Jung, Dennis Tjandra, David Williams-King, William Aiello, Andrew

567 views • 29 slides
Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Hardware and Device Drivers Device virtualization Device drivers and security Bjrn

Outline Faculty of Computer Science Institute for System Architecture, Operating Systems Group What's so different about device drivers? Hardware access Writing device drivers on L4 Reuse of legacy drivers Hardware and Device

619 views • 12 slides
Tolerating Application Failures with LegoSDN Balakrishnan Chandrasekaran Theophilus Benson Duke

Tolerating Application Failures with LegoSDN Balakrishnan Chandrasekaran Theophilus Benson Duke

Tolerating Application Failures with LegoSDN Balakrishnan Chandrasekaran Theophilus Benson Duke University Quality of Code In C, I never learned to use the debugger, so I used to never make mistakes I went millions and millions

540 views • 32 slides
uRADMonitor KIT1 Product Manual v1.0 / 2016 HARDWARE: 1.1.103 SOFTWARE: 115 DEVICE ID:

uRADMonitor KIT1 Product Manual v1.0 / 2016 HARDWARE: 1.1.103 SOFTWARE: 115 DEVICE ID:

uRADMonitor KIT1 Product Manual v1.0 / 2016 HARDWARE: 1.1.103 SOFTWARE: 115 DEVICE ID: _____________ QC ENGINEER: ______________ DATE: ________________ Congratulations on purchasing this excellent radiation dosimeter! You The uRADMonitor

421 views • 10 slides
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex;

1.63k views • 95 slides
MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability Clustering &amp; disasters Geographical Redundancy power failures network failures Clustering Technologies hardware failures software failures

593 views • 47 slides
Embedded Device Generation Turning Software into Hardware Rohit Ramesh and Prabal Dutta

Embedded Device Generation Turning Software into Hardware Rohit Ramesh and Prabal Dutta

Embedded Device Generation Turning Software into Hardware Rohit Ramesh and Prabal Dutta Speakers Notes : - Im Rohit Ramesh, a PhD Student as the University of Michigan - Ive been working on Embedded Device Generation with Prof.

736 views • 52 slides
How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What

How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What

How to develop Device Drivers for Linux OS? Presented from: Rashid Siddiqui For: Bin Tang What is a device driver? Software that handles or manages a hardware controller for a particular device! What is a Controller? Is a piece of hardware

624 views • 31 slides
Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin

Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin

Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology G oteborg, Sweden June 29, 2009 Introduction

432 views • 13 slides
Hardware Model and Software Validation for AcoustiGLASS (Autonomous Wearable Alert Device based

Hardware Model and Software Validation for AcoustiGLASS (Autonomous Wearable Alert Device based

Hardware Model and Software Validation for AcoustiGLASS (Autonomous Wearable Alert Device based on Sound Pattern Recognition) Kei Kojima March 2016 OBJECTIVE &amp; DESIGN CRITERIA The objective is to build an autonomous hearing glass

644 views • 16 slides
Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware and Device Drivers Bjrn Dbel Dresden, 2007-11-13 Outline What's so different about device drivers? Hardware access Writing device

634 views • 45 slides
software and hardware for the Internet of Things. Choose hardware Design hardware Design

software and hardware for the Internet of Things. Choose hardware Design hardware Design

Zeidman Technologies has created a fundamentally new way to develop embedded software and hardware for the Internet of Things. Choose hardware Design hardware Design software Initial hardware choices determine Integrate functionality and

185 views • 15 slides
How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to

How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to

How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to engineer on a large scale. Nevertheless, there is an insatiable demand for sizeable, well-engineered software. Dr. James A. Bednar We continue to

69 views • 6 slides
Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk http://www.inf.ed.ac.uk/teaching/courses/sapm/ Original slides: Dr James A. Bednar &amp; Dr David Robertson, changes by Dr Massimo Felici, Mr Conrad Hughes, me SAPM Spring 2010: Failures

771 views • 27 slides
What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei

What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei

What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei Xu Mo Moti tivati tion: n: E Evolving ng F Failur ure Mo Mode del Failures in data centers are common and costly - Violate service

870 views • 48 slides
Error detection Storage device failures and correction and mitigation - I Sector/page failure

Error detection Storage device failures and correction and mitigation - I Sector/page failure

Error detection Storage device failures and correction and mitigation - I Sector/page failure (i.e., Partial failure) Data lost, rest of device operates correctly A layered approach Permanent (e.g. due to scratches) or transient (e.g., due to

233 views • 6 slides
Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device

Hardware to Drive New Device Sales Brian Larsen Senior Program Manager Windows 10 Device Programs Windows Engineering Guidance Focused on documenting guidance to build products that deliver best in class user experience WEG Hardware

790 views • 55 slides
Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device

Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device

Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device Driver? Hardware Functionality A device driver is the software that bridges Device Driver the two. 2 Focus of This Presentation

1.08k views • 93 slides
via Hardware Performance Counter s Joy Arulraj, Po-Chun Chang, Guoliang Jin and Shan Lu

via Hardware Performance Counter s Joy Arulraj, Po-Chun Chang, Guoliang Jin and Shan Lu

Production-Run Software Failure Diagnosis via Hardware Performance Counter s Joy Arulraj, Po-Chun Chang, Guoliang Jin and Shan Lu Motivation Software inevitably fails on production machines These failures are widespread and expensive

1.18k views • 33 slides
Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2007: Failures 1 How Software Projects Fail

380 views • 21 slides
U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com Agenda Dream Team Creating U:Kit a smart device that is open source software and open source hardware. and created with/for

173 views • 16 slides
Whats new? Calibration Hardware IAEA Acquisition software Hardware and Software Upgrade for

Whats new? Calibration Hardware IAEA Acquisition software Hardware and Software Upgrade for

Hardware and Software Upgrade for the Solution Measurement and Monitor System at Rokkasho Reprocessing Plant R.Plenteda, A.Alessandrello, M.Frankl, W.Deringer, M.Lang, M.Cronholm, K.Baird, D.Breban, C.Creusot International Atomic Energy Agency

705 views • 17 slides
Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2012: Failures 1 Recall: Criteria for success For

565 views • 22 slides
Predicting intermittent network device failures based on network metrics from multiple data

Predicting intermittent network device failures based on network metrics from multiple data

Predicting intermittent network device failures based on network metrics from multiple data sources Supervisors: Authors: P. Boers H.P.M. van Doorn M. Kaat C.H.J. Kuipers SURFnet University of Amsterdam Tuesday 3 juli RP91 1 I

468 views • 30 slides

More recommend