user space live patching
play

User Space Live Patching Joo Moreira SUSE Labs User Space Live - PowerPoint PPT Presentation

Mar 18, 2023 •467 likes •941 views

User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira (formerly at) SUSE Labs joao.moreira@lsc.ic.unicamp.br Software has bugs, and bugs have to be fixed + security issues + execution degradation + undefined

  1. User Space Live Patching João Moreira SUSE Labs

  2. User Space Live Patching João Moreira (formerly at) SUSE Labs joao.moreira@lsc.ic.unicamp.br

  3. Software has bugs, and bugs have to be fixed + security issues + execution degradation + undefined behavior

  4. Fixing bugs + kill the process + replace the respective binary with a fixed version + restart the process + wait until process is ready + re-establish services

  5. Fixing bugs: downtime + kill the process + replace the respective binary with a fixed version + restart the process + wait until process is ready + re-establish services

  6. Downside of downtime + Some services may take very long to restart + Active connections will drop + Interruption of large computations

  7. Live Patching + Fixing bugs in live software without restart + Already a thing in the Linux kernel Libpulp + User Space Live Patching Library + Actually... not only a library, but a full framework

  8. Quiessence + Changes should not lead to inconsistent states + Patches must be applied atomically + Functions cannot be patched while running

  9. Kernel Consistency model + Execution boundary between user and kernel space + Hold new kernel threads and wait all others to finish + Safe to patch + Stack unwinding + Identify that to-be-patched functions are not running + Safe to patch

  10. ! ? Consistency model W O Kernel + Execution boundary between user and kernel space H + Hold new kernel threads and wait all others to finish + Safe to patch + Stack unwinding + Identify that to-be-patched functions are not running + Safe to patch

  11. ! ? Consistency model W libpulp to the O Kernel + Execution boundary between user and kernel space H + Hold new kernel threads and wait all others to finish + Safe to patch RESCUE!!1! + Stack unwinding + Identify that to-be-patched functions are not running + Safe to patch

  12. libpulp Consistency Model + Uses shared libs model to identify quiescent states + If lib was not entered, all its functions can be patched + Before patch is applied, check if library was entered

  13. ! ? W O libpulp Consistency Model H + Uses shared libs model to identify quiescent states + If lib was not entered, all its functions can be patched + Before patch is applied, check if library was entered

  14. For now, imagine that we... + can magically change the functions in a process + just need to ensure that these functions aren't running

  15. libpulp Consistency Model + Entry points to the library are its exported functions + Referenced in the ELF dynamic symbol table (.dynsym)

  16. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .trm entries - relocations are now resolved to .trm entry + .trm saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  17. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .ulp entries - relocations are now resolved to .ulp entry + .trm saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  18. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .ulp entries - relocations are now resolved to .ulp entry + .ulp saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  19. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .ulp entries - relocations are now resolved to .ulp entry + .ulp saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  20. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .ulp entries - relocations are now resolved to .ulp entry + .ulp saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  21. libpulp Consistency Model + Linker emits .ulp section with entries for exp. functions + .dynsym symbols modified to point to .ulp entries - relocations are now resolved to .ulp entry + .ulp saves function reference and jumps to ulp_entry + ulp_entry flags entrance, realigns stack, calls function + Function returns to ulp_entry + ulp_entry flags exit, restores return address, returns

  23. Thread-local Universes + We don't want to wait for all threads to leave the library + Some may never leave the library + libpulp keeps per-thread patching states, or universes

  24. Thread-local Universes + One global universe counter - Updated upon patching + Per-thread universe counters - Synchronized to the global universe in ulp_entry - When a patch is effectively applied to a thread

  25. Thread-local Universes + Functions are emitted with padding nops area

  26. Thread-local Universes + Nops modified into universe checker when patched

  27. Thread-local Universes + Libpulp keeps a list of patched functions + Each node contains another list of function versions + Universe checking routine selects which detour to take

  28. Thread-local Universes

  29. libpulp + Library that can be LD_PRELOAD'ed + Provides self-modifying capabilities + Keeps needed data structures + Activated from the outside, through ptrace

  30. libpulp + Library that can be LD_PRELOAD'ed + Provides self-modifying capabilities + Keeps needed data structures + Activated from the outside, through ptrace - This is the magic

  31. All Together Now! + P is running process that LD_PRELOAD'ed libpulp + P uses specially compiled libs + We need to fix function F in lib L , but we can't kill P + A ptrace-based tool called T (trigger) attaches to P

  32. All Together Now! + T stops P , parses its memory and saves its context + Redirects a thread to a patch_apply routine in libpulp + Redirects all other threads to a infinite loop routine + Restarts P

  33. All Together Now! + patch_apply: - Modifies the to-be-patched functions - Loads .so file with function replacements - Updates data structures and increments universe - Interrupts, returning the control to T + T restores the original context and restarts P

  34. All Together Now! + P calls F in L , which is being entered by the thread + Control-flow goes through ulp_entry + Thread-local universe counter is updated + F first runs the universe checking routine + New version of F is executed

  35. All Together Now! + P calls F in L , from a thread which was already in L + Control-flow goes through ulp_entry + Thread-local universe update is bypassed + F first runs the universe checking routine + Thread-local universe is obsolete + Previous version of F is executed

  36. The Trigger + Fully based on ptrace + Uses original binary to map all symbols within the process + Checks if libpulp was loaded into the process memory + Hijacks control-flow of threads to invoke libpulp routines

  37. Live patch anatomy + Two separate parts + Compiled .so file that contains replacement functions + Metadata file with data required for applying the patch - Names of functions that will be replaced - Names of replacement functions - Sanity check: dependencies, target build-ids

  38. Metadata Generation + There is also a packer tool + Gets patch description text file and all objects involved + Generates metadata and reverse patches automatically

  39. Stacked Patches + Multiple patches can be applied to the same process + Universe may be higher than the universes of available detours for given functions + Detour with higher universe below the compared universe is picked

  40. Unpatching + Unpacthing is similar to patching + Global universe is incremented + Doesn't load .so, only marks detours as inactive + Inactive detour picked if its universe matches exactly

  42. Overheads + ~2% for libpulp-prepared glibc on SPEC + Worst case scenario for a process with a patch-applied - Recursive fibonacci sequence computation - Similar to having all called functions patched - Up to 50x overhead

  43. github.com/SUSE/libpulp

  45. twitter.com/linuxdevbr instagram.com/linuxdevbr t.me/linuxdevbr

  46. User Space Live Patching João Moreira (formerly at) SUSE Labs joao.moreira@lsc.ic.unicamp.br

Recommend

Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Introduction Background information SNE Research Project 2 Kernel patching Evaluation Android patching from the MDM Proof of concept Android patching From a Mobile Device Management perspective Cedric Van Bockhaven cbockhaven@os3.nl

466 views • 20 slides
User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2

User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2

User Space TCP based on LKL H.K. Jerry Chu, Yuan Liu, Andreas Abel Google Inc. Netdev 1.2 Conference Netdev 1.2 Conference Oct 5-7, 2016; Tokyo, Japan User-space TCP Traditionally, TCP stack in kernel space A TCP stack in user space can

557 views • 24 slides
LIVE LEARN DANCE LIVE PROGRAM: MIXE D INCOME HOUSING + ART S SPACE

LIVE LEARN DANCE LIVE PROGRAM: MIXE D INCOME HOUSING + ART S SPACE

LIVE LEARN DANCE LIVE PROGRAM: MIXE D INCOME HOUSING + ART S SPACE Mixed-Use/Mixed-Income 405 total units 122 affordable units 14,000 sq ft of Art Space 255 seat Black Box Theater Arts Lane Public Art

269 views • 15 slides
Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology

Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology

Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology E-mail: geoffrey.patching@psy.lu.se The Bayes Factor The Bayes factor ( BF ) is the likelihood ratio of the evidences given the hypotheses ! # | % !

601 views • 13 slides
CRE AT I NG SPACE S F OR I NDI GE NOUS WOME N Who live with HI V/ AI DS Pre se nte

CRE AT I NG SPACE S F OR I NDI GE NOUS WOME N Who live with HI V/ AI DS Pre se nte

CRE AT I NG SPACE S F OR I NDI GE NOUS WOME N Who live with HI V/ AI DS Pre se nte r Disc lo sure De nise Baldwin , I DU Outre a c h Co o rdina to r, Oa ha s No re la tio nships with c o mme rc ia l inte re sts to de c la re

1.05k views • 56 slides
Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building

Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building

Cary St Library I Introduction II User Analysis III Space Matrix IV Concept V Building VI Movement VII Space Planning VIII Materiality IX Spaces I Introduction II User Analysis III Space Matrix IV Concept V Building VI

514 views • 38 slides
that it is not sufficient to preserve security in outer space. Via the UN General Assembly

that it is not sufficient to preserve security in outer space. Via the UN General Assembly

Prospects for Progress on Space Security Diplomacy Presentation by Paul Meyer Senior Fellow, The Simons Foundation Space Security Index side event Tracking Space Security: Are We Ready to Go Live? held during the United Nations General

229 views • 3 slides
secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer

secuBT Hacking the Hackers with User-Space Virtualization Mathias Payer <mathias.payer@inf.ethz.ch> 1 Mathias Payer: secuBT - User-Space Virtualization Motivation Virtualizing and encapsulating running programs is important:

693 views • 40 slides
Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of

Domains of Warfare Space Sp ace Cybe Cy ber- Air ir Sp Space ace Five Fi Domains of Doma of Warfar are Lan and Se Sea Joint M ultinational Combined Arms Live-Fire Exercise Camp Grayling-Alpena CRTC 2010-2018 NORTHERN

310 views • 4 slides
Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara

Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara

Filling the Gaps and Patching the Cracks Connected Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara Katz, RN, MSN President, BK Healthcare Consulting, LLC www.bkhealthconsulting.com Learning

596 views • 32 slides
User Interfaces for Live Programming Jun Kato https://junkato.jp Researcher, LIVE 2017

User Interfaces for Live Programming Jun Kato https://junkato.jp Researcher, LIVE 2017

User Interfaces for Live Programming Jun Kato https://junkato.jp Researcher, LIVE 2017 Keynote, 10/24/2017 Jun Kato junkato https://junkato.jp Research Topic Computer Science (Human-Computer Interaction, Programming Language) Phybots

918 views • 50 slides
T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST,

T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST,

T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST, Japan, and T EX Live Team October 2013 Tug 2013, Tokyo, Japan 1 Overview User mode Multi repository background operation mode setup, run

359 views • 32 slides
PATCHING LESSONS LEARNED: An Interesting Perspective WHO WE ARE - MISSION We ensure the success

PATCHING LESSONS LEARNED: An Interesting Perspective WHO WE ARE - MISSION We ensure the success

Cyber Security | Compliance | Industrial Computing PATCHING LESSONS LEARNED: An Interesting Perspective WHO WE ARE - MISSION We ensure the success of our customers by developing innovative technology solutions that optimize and protect

557 views • 37 slides
Metrictank: Building a new time series engine for GrafanaCloud PERCONA LIVE 2018 Raj Dutt /

Metrictank: Building a new time series engine for GrafanaCloud PERCONA LIVE 2018 Raj Dutt /

Metrictank: Building a new time series engine for GrafanaCloud PERCONA LIVE 2018 Raj Dutt / co-founder Grafana Labs dutt@grafana.com @nopzoraps Grafana everywhere CUSTOMER USER USER CUSTOMER USER CUSTOMER USER The Rise of Beautiful

485 views • 13 slides
ECE 650 Systems Programming & Engineering Spring 2018 User Space / Kernel Interaction Tyler

ECE 650 Systems Programming & Engineering Spring 2018 User Space / Kernel Interaction Tyler

ECE 650 Systems Programming & Engineering Spring 2018 User Space / Kernel Interaction Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Operating System Services User and other system programs GUI batch Command

346 views • 13 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
NetSlices: Scalable Mul/-Core Packet Processing in User-Space

NetSlices: Scalable Mul/-Core Packet Processing in User-Space

NetSlices: Scalable Mul/-Core Packet Processing in User-Space Tudor Marian, Ki Suh Lee, Hakim Weatherspoon Cornell University Presented by Ki Suh

543 views • 29 slides
The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G

The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G

The Impact of White Space on User Experience for Tablet Editions of Magazines FA N Y I C H E N G School of Media Sciences , Rochester Institute of Technology May 17 th , 2017 OUTLINE Introduction Topic Statement Theoretical basis

500 views • 30 slides
Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers

Abstraction via the OS Device Drivers Jonathan Misurda jmisurda@cs.pitt.edu Software Layers Device Drivers User User space program User User level I/O software & libraries Kernel space Device independent OS software Operating

765 views • 5 slides
Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences

Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences

Linux Plumbers Conference 2016 Enabling Fast Per-CPU User-Space Algorithms with Restartable Sequences mathieu.desnoyers@efcios.com What are Restartable Sequences (rseq) ? Idea originating from Paul Turner and Andrew Hunter (Google),

349 views • 24 slides
Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE Leibniz Supercomputing Centre Garching bei M unchen, Germany Potsdam, de-RSE Conference June 4, 2019 (@LRZ.de) 1 / 57 Description de-RSE@Potsdam,

854 views • 64 slides
An Analysis of Call-site Patching Without Strong Hardware Support for Self-Modifying-Code Tim

An Analysis of Call-site Patching Without Strong Hardware Support for Self-Modifying-Code Tim

An Analysis of Call-site Patching Without Strong Hardware Support for Self-Modifying-Code Tim Hartley, Foivos Zakkak, first.last@manchester.ac.uk Christos Kotselidis, Mikel Lujan MPLR19 2019-10-22 Call-Sites Direct branching Indirect

266 views • 15 slides
SWIM Tool for operational improvement Air Space User Perspective Topics Current

SWIM Tool for operational improvement Air Space User Perspective Topics Current

SWIM Tool for operational improvement Air Space User Perspective Topics Current Environment Opportunity of Benefit Impact to User environment Challenge for Step forward Needs for Success Topics Current Environment

402 views • 26 slides
TARDIS: Stable ISP Traffic Balancing in Space and Time Richard G. Clegg, Raul Landa, Jo ao

TARDIS: Stable ISP Traffic Balancing in Space and Time Richard G. Clegg, Raul Landa, Jo ao

User 1 Transit ISP 1 ISP internal User 2 network ... Transit ISP 2 ... User N Transit ISP M TARDIS: Stable ISP Traffic Balancing in Space and Time Richard G. Clegg, Raul Landa, Jo ao Taveira Ara ujo, Eleni Mykoniati,David Griffin,

329 views • 30 slides

More recommend