March 10, Linux Live Patching. Adrien schischi Schildknecht. Why? Who? How? When? (consistency model) Conclusion

Similar documents
Live Patching: The long road from Kernel to User Space. João Moreira Toolchain Engineer - SUSE Labs

Obstacles & Solutions for Livepatch Support on ARM64 Architecture

Rebootless Kernel Updates

Elivepatch Flexible distributed Linux Kernel live patching. Alice Ferrazzi

Reboot adieu! Online Linux kernel patching. Udo Seidel

Live Kernel Patching status update. Jiri Kosina SUSE Labs

Elivepatch Flexible distributed Linux Kernel live patching. Alice Ferrazzi Takanori Suzuki

kpatch Have your security and eat it too!

Reboot Reloaded. Patching the Linux Kernel Online. Vojtěch Pavlík. Dr. Udo Seidel. Director SUSE Labs SUSE

Kernels and Locking. Luca Abeni

Rebootless kernel updates

Scalability Efforts for Kprobes

Kprobes Presentation Overview

SOEN228, Winter Revision 1.2 Date: October 25,

Overhead Evaluation about Kprobes and Djprobe (Direct Jump Probe)

Syscalls, exceptions, and interrupts, oh my!

Kernel Critical Sections

The Kernel Abstraction

12. Interrupts and Programmable Multilevel Interrupt Controller

Assembly Language. Assembly language for x86 compatible processors using GNU/Linux operating system

Università Ca Foscari Venezia

Control-flow Enforcement Technology H.J. Lu. Intel November, 2018

FUT92715 Solve the Paradox SUSE Linux Enterprise Live Patching Roadmap

Using kgdb and the kgdb Internals

Porting Linux to x86-64

Anne Bracy CS 3410 Computer Science Cornell University

An Implementation Of Multiprocessor Linux

2006/7/22. NTT Data Intellilink Corporation Fernando Luis Vázquez Cao. Copyright(C)2006 NTT Data Intellilink Corporation

ECE 598 Advanced Operating Systems Lecture 11

Ftrace Kernel Hooks: More than just tracing. Presenter: Steven Rostedt Red Hat

Lecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay

CS 550 Operating Systems Spring System Call

Hakim Weatherspoon CS 3410 Computer Science Cornell University

CSE 509: Computer Security

Bypassing SEHOP. Stéfan Le Berre Damien Cauquil

Interrupts, Fork, I/O Basics

Keeping customer data safe in EC2 a deep dive. Martin Pohlack Amazon Web Services

CSCE Operating Systems Interrupts, Exceptions, and Signals. Qiang Zeng, Ph.D. Fall 2018

Low-Level Essentials for Understanding Security Problems Aurélien Francillon

Computer architecture. A simplified model

200 points total. Start early! Update March 27: Problem 2 updated, Problem 8 is now a study problem.

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology

Processes. Dr. Yingwu Zhu

Assembly basics CS 2XA3. Term I, 2017/18

Newbie s Guide to AVR Interrupts

ARM Cortex core microcontrollers

W4118: PC Hardware and x86. Junfeng Yang

Subverting the Linux Kernel Linux Kernel Rootkits 101

The Kernel Abstraction. Chapter 2 OSPP Part I

Mechanisms for entering the system

Operating Systems Synchronization and Signals

Timers 1 / 46. Jiffies. Potent and Evil Magic

Buffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.

Operating Systems: Virtual Machines & Exceptions

Traps and Faults. Review: Mode and Space

Our Simulation Equivalent: -- readmemb( "os.bin" ) -- PC <== x0200

x86 architecture et similia

CSC369 Lecture 2. Larry Zhang

CSC369 Lecture 2. Larry Zhang, September 21, 2015

System Wide Tracing User Need

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Lec 22: Interrupts. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements

Review: Program Execution. Memory program code program data program stack containing procedure activation records

Review: Program Execution. Memory program code program data program stack containing procedure activiation records

Mechanic v. Surgeon (photos from istockphoto.com)

Page 1. Last Time. Today. Embedded Compilers. Compiler Requirements. What We Get. What We Want

Smashing the Buffer. Miroslav Štampar

19: I/O Devices: Clocks, Power Management

kguard++: Improving the Performance of kguard with Low-latency Code Inflation

Is stack overflow still a problem?

Hardware OS & OS- Application interface

[537] Virtual Machines. Tyler Harter

Threads and Concurrency

CPU Structure and Function

Return-orientated Programming

Anne Bracy CS 3410 Computer Science Cornell University

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 09, SPRING 2013

Review: Program Execution. Memory program code program data program stack containing procedure activation records

Threads and Concurrency

RAS Enhancement Activities for Mission-Critical Linux Systems

ECE 598 Advanced Operating Systems Lecture 10

Processes (Intro) Yannis Smaragdakis, U. Athens

by Marina Cholakyan, Hyduke Noshadi, Sepehr Sahba and Young Cha

CS 31: Intro to Systems Processes. Kevin Webb Swarthmore College March 31, 2016

Overview. This Lecture. Interrupts and exceptions Source: ULK ch 4, ELDD ch1, ch2 & ch4. COSC440 Lecture 3: Interrupts 1

Anne Bracy CS 3410 Computer Science Cornell University

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

Virtual Memory Paging

The OS and Multitasking: An Example

Anne Bracy CS 3410 Computer Science Cornell University

Protection. OS central role. Fundamental to other OS goals. OS kernel. isolation of misbehaving applications. Relaibility Security Privacy fairness

Operating Systems Engineering Recitation #3 (part 2): Interrupt and Exception Handling on the x86. (heavily) based on MIT 6.

CS 550 Operating Systems Spring Interrupt

How to hold onto things in a multiprocessor world

CS333 Project 1 Test Report Your Name Here

ECE 471 Embedded Systems Lecture 8

CS 5460/6460 Operating Systems

Chapter 8: Main Memory

CMSC 412 Project #3 Threads & Synchronization Due March 17 th, 2017, at 5:00pm

CSE 451 Autumn Final Solutions mean 77.53, median 79, stdev 12.03

Transcription:

March 10, 2015

Section 1

Why Goal: apply a binary patch to kernel on-line. is done without shutdown quick response to a small but critical issue the goal is not to avoid downtime Limitations: simple changes changes in data structure layout

Section 2

Similar projects kexec CRIU

Live patching project (Suse) kpatch (Red Hat) ksplice (Oracle)

Section 3

Ftrace Insert a jmp at the beginning of all the functions gcc -pg -mfentry (add 5 bytes, that call mcount) mcount = 13% overhead Store each trampoline location in a section " mcount_loc" scripts/recordmcount use the linker to merge them all into vmlinux At boot: foreach entries in " mcount_loc", replace jmp with 5 NOP Set the call to mcount only if needed insert INT3 and its handler at NOP[0] insert addr at NOP[1-4] insert jmp at NOP[0] send NMI IPI to flush the instruction decoders ftrace_calller invokes the hooks

Ftrace Insert a jmp at the beginning of all the functions gcc -pg -mfentry (add 5 bytes, that call mcount) mcount = 13% overhead Store each trampoline location in a section " mcount_loc" scripts/recordmcount use the linker to merge them all into vmlinux At boot: foreach entries in " mcount_loc", replace jmp with 5 NOP Set the call to mcount only if needed insert INT3 and its handler at NOP[0] insert addr at NOP[1-4] insert jmp at NOP[0] send NMI IPI to flush the instruction decoders ftrace_calller invokes the hooks

Ftrace Insert a jmp at the beginning of all the functions gcc -pg -mfentry (add 5 bytes, that call mcount) mcount = 13% overhead Store each trampoline location in a section " mcount_loc" scripts/recordmcount use the linker to merge them all into vmlinux At boot: foreach entries in " mcount_loc", replace jmp with 5 NOP Set the call to mcount only if needed insert INT3 and its handler at NOP[0] insert addr at NOP[1-4] insert jmp at NOP[0] send NMI IPI to flush the instruction decoders ftrace_calller invokes the hooks

Ftrace Insert a jmp at the beginning of all the functions gcc -pg -mfentry (add 5 bytes, that call mcount) mcount = 13% overhead Store each trampoline location in a section " mcount_loc" scripts/recordmcount use the linker to merge them all into vmlinux At boot: foreach entries in " mcount_loc", replace jmp with 5 NOP Set the call to mcount only if needed insert INT3 and its handler at NOP[0] insert addr at NOP[1-4] insert jmp at NOP[0] send NMI IPI to flush the instruction decoders ftrace_calller invokes the hooks

Section 4

Subsection 1

new functions must be applied at once old function must not be executed after switching to the new one no threads runs on old functions no threads sleeps on them

Subsection 2

ksplice and kpatch_v1 add ftrace entry stop_machine() stop running processes disable interrupts Safeness check walk through the threads and check the stack enable the hook

ksplice and kpatch_v1 + safe + simple - stop_machine() stops all processes a while ( 40ms) - fail to upgrade non-quiescient kernel function (schedule)

Subsection 3

Functions can be called while patching. atomic reference counter inc at function entry dec_if_pos at function exit Active safeness check at context switch check stack entries safely sleeping tasks can be checked safely

+ get rid of stop_machine() - kretprobe has no error notification - not incremental (big patch has many functions)

Why relying on the stack may be hazardous How Linux retrieve the stack entries (return addresses): get an address on the stack (local variable) while (valid_stack_ptr(addr)) ++addr check if pointer is in.text section use frame pointer if available ret address lies just above a frame pointer the frame pointer chain broke in some rarely used assembler code

Subsection 4

Reality check trampoline: a per-thread flag is set on each kernel entry/exit set a trampoline which monitor kernel entry/exit and redirect to the old/new function remove the trampoline and set the new function when all the processes have changed their universe at least once

- all processes must wake up or execute a syscall - sometimes requires a signal to be sent - kernel thread never leave the kernel + does not rely on the stack entries

Section 5

Dazed and confused Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback