SlideShare a Scribd company logo

Kernel bug hunting

Andrea Righi
Andrea Righi

Debugging is an essential part of Linux kernel development. In user-space we have the support of the kernel and many debugging tools, tracking down a kernel bug, instead, can be very difficult if you don't know the proper methodologies. This talk will cover some techniques to understand how the kernel works, hunt down and fix kernel bugs in order to become a better kernel developer.

1 of 31
Download to read offline
Kernel bug hunting Modena, 27 November 2019 Andrea Righi andrea.righi@canonical.com www.canonical.com twitter: @arighi
Linux kernel is complex ● 25.590.567 lines of code right now find -type f -name '*.[chS]' -exec wc -l {} ; | awk 'BEGIN{sum=0}{sum+=$1}END{print sum}' ● 229 patches last week week git log --oneline v5.4-rc7..v5.4-rc8 | wc -l ● 195 files changed, 3398 insertions(+), 4081 deletions(-) git diff --stat v5.4-rc7..v5.4-rc8 | tail -1
https://www.linuxcounter.net/statistics/kernel
Kernel bugs ● Kernel panic ● Fatal error, system becomes unusable ● Kernel oops ● Non-fatal error, some functionalities can be compromised ● Wrong result ● Fatal error from user’s perspective ● Security vulnerability ● Side-channel attack, data leakage, … ● Performance regression ● Everything is correct, but slower...
Debugging techniques ● blinking LED ● printk() / dump_stack() ● procfs ● SysReq key (Documentation/admin-guide/sysrq.rst) ● debugger (i.e., kgdb, …) ● virtualization ● profiling / tracing
Kernel debugging hands-on ● Virtualization can help to track down kernel bugs ● virtme ● Run the kernel inside a qemu/kvm instance, virtualizing the running system ● Generate crash dump ● Analyze system data offline (after the crash) ● crash test kernel module ● https://github.com/arighi/crashtest ● Simple scripts to speed up kernel development (wrappers around virtme/qemu/crash): ● https://github.com/arighi/kernel-crash-tools
Profiling vs tracing
Profiling vs tracing ● Profiling ● Create a periodic timed interrupt that collects the current program counter, function address and the entire stack back trace ● Tracing ● Record times and invocations of specific events
Profiling example: perf top
Tracing example: strace ● strace(1): system call tracer in Linux ● It uses the ptrace() system call that pauses the target process for each syscall so that the debugger can read the state ● And it’s doing this twice: when the syscall begins and when it ends!
strace overhead ### Regular execution ### $ dd if=/dev/zero of=/dev/null bs=1 count=500k 512000+0 records in 512000+0 records out 512000 bytes (512 kB, 500 KiB) copied, 0,501455 s, 1.0 MB/s ### Strace execution (tracing a syscall that is never called) ### $ strace -e trace=accept dd if=/dev/zero of=/dev/null bs=1 count=500k 512000+0 records in 512000+0 records out 512000 bytes (512 kB, 500 KiB) copied, 44.0216 s, 11,6 kB/s +++ exited with 0 +++
Tracing kernel functions: kprobe
eBPF
eBPF history ● Initially it was BPF: Berkeley Packet Filter ● It has its roots in BSD in the very early 1990’s ● Originally designed as a mechanism for fast filtering network packets ● 3.15: Linux introduced eBPF: extended Berkeley Packet Filter ● More efficient / more generic than the original BPF ● 3.18: eBPF VM exposed to user-space ● 4.9: eBPF programs can be attached to perf_events ● 4.10: eBPF programs can be attached to cgroups ● 4.15: eBPF LSM hooks
eBPF features ● Highly efficient VM that lives in the kernel ● Inject safe sanboxed bytecode into the kernel ● Attach code to kernel functions / events ● In-kernel JIT compiler ● Dynamically translate eBPF bytecode into native opcodes ● eBPF makes kernel programmable without having to cross kernel/user-space boundaries ● Access in-kernel data structures directly without the risk of crashing, hanging or breaking the kernel in any way
eBPF as a VM ● Example assembly of a simple eBPF filter ● Load 16-bit quantity from offset 12 in the packet to the accumulator (ethernet type) ● Compare the value to see if the packet is an IP packet ● If the packet is IP, return TRUE (packet is accepted) ● otherwise return 0 (packet is rejected) ● Only 4 VM instructions to filter IP packets! ldh [12] jeq #ETHERTYPE_IP, l1, l2 l1: ret #TRUE l2: ret #0
eBPF use cases
How many eBPF programs are running in your laptop? ● Run this: ls -la /proc/*/fd | grep bpf-prog | wc -l
Flame graphs ● CPU flame graphs ● x-axis sample population ● y-axis ● stack depth ● Wider boxes = More samples = More CPU time = More overhead! Flame Graph Search s.. sun/nio/ch/SocketChannel.. org/mozi.. org.. io.. d.. tcp_v4_rcv i.. org.. vfs_write io/netty/channel/AbstractChannelHandlerContext:.fireChannelRead JavaCalls::call_virtual o.. ip_q.. org/mozi.. tcp_sen.. cpu.. org/.. [unknown] io/netty/channel/AbstractCha.. JavaCalls::call_virtual org/mozilla/javascript/gen/file__root_vert_x_2_1_.. ip.. io/netty/channel/nio/AbstractNioByteChannel$NioByteUnsafe:.read io/netty/channel/nio/Abstr.. t.. s.. o.. JavaCalls::call_helper Interpreter ip_.. __do_softirq ip_local_out ep_p.. org/mozilla/javas.. s.. org/mozilla/javascript/gen/file__root_vert_x_2_1_5_sys_mods_io.. system_ca.. s.. _.. [unkn.. __.. sta.. sun.. _.. tcp_transmit_skb do_softirq org/m.. __.. JavaThread::thread_main_inner io/netty/channel/ChannelDupl.. io/netty/channel/DefaultCha.. java ip_rcv_fi.. t.. G.. o.. tcp_v4_.. __tcp.. do_sync_write v.. x.. call_stub ip_finish_out.. net_rx_act.. io/netty/channel/ChannelOut.. wrk tcp_write_xmit ip_.. loc.. syste.. i.. aeProcessEvents system_call_fastpath org.. do.. local_bh_en.. or.. swapper org/mozilla/javascript/gen/file__root_vert_x_2_1_5.. JavaThread::run sun/nio/ch/FileDispatch.. [.. __tcp_push_pendi.. tc.. sun/re.. tcp_.. tcp_w.. process_ba.. io/ne.. [.. inet_se.. ip..or.. thread_entry Interpreter org/vertx/java/core/http/impl/DefaultHttpServer$ServerHandler:.doM.. tcp_rcv.. vfs_write ip_queue_xmit sock_aio.. aeMain _.. org/vertx/java/core/net/impl/VertxHandler:.channelRead org/moz.. __netif_r.. __netif_r.. io/netty/channel/AbstractCh.. do_softirq_.. org/mozilla/javascript/gen/file__root_vert_x_2_1_5_sys_mods_io_.. io/netty/channel/nio/NioEventLoop:.processSelectedKeys org/mozilla/javas.. Interpreter so.. _.. [unknown] io/netty/channel/AbstractCh.. or.. io/netty/channel/AbstractChannelHandlerContext:.fireChannelRead ip_local_.. __.. org/vertx/java/core/net/impl.. io/.. sock_aio_write ip_rcv tcp_sendmsg e.. do.. thread_main ip_.. io.. ip_output io/netty/channel/nio/NioEventLoop:.processSelectedKeysOptimized java_start org/vertx/java/core/http/impl/ServerConnection:.handleRequests.. pr.. socke.. sys_e.. org/moz.. or.. io/netty/channel/AbstractCha.. io/netty/handler/codec/ByteToMessageDecoder:.channelRead x.. io/netty/channel/AbstractCha.. h.. start_thread ne.. inet_sendmsg start_thread r.. ip_local_.. org/mozilla/javas.. o.. sys_write socket_wri.. i.. io/netty/handler/codec/ByteT.. org/.. do_sync_.. sys_write
BCC tracing tools ● BPF Compiler Collection https://github.com/iovisor/bcc ● Front-end to eBPF ● BCC makes eBPF programs easier to write ● Include C wrapper around LLVM ● Python ● Lua ● C++ ● C helper libs ● Lots of pre-defined tools available
Example #1: trace exec() ● Intercept all the processes executed in the system
Example #2: keylogger ● Identify where and how keyboard characters are received and processed by the kernel
Example #3: ping ● Identify where ICMP packets (ECHO_REQUEST / ECHO_REPLY) are received and processed by the kernel
Example #4: task wait / wakeup ● Determine the stack trace of a sleeping process and the stack trace of the process that wakes up a sleeping process
Is tracing safe?
eBPF: performance overhead - use case #1 ● user-space deamon using an eBPF program attached to a function (via kprobe) ● kernel is updated, function doesn’t exist anymore ● daemon starts to use an older/slower non-BPF method ● 5% performance regression
eBPF: performance overhead - use case #2 ● kernel function mapped to a 2MB huge page ● eBPF program attached to that function (via kprobe) ● setting the kprobe causes the function to be remapped to a regular 4KB page ● increased TLB misses ● 2% performance regression
eBPF: compile once, run everywhere? ● … not exactly! :-( ● eBPF programs are compiled on the target system immediately before they are loaded ● Linux headers are needed to understand kernel data structures ● structure randomization is a problem ● BTF (BPF type format) has been created ● kernel data description embedded in the kernel (no longer any need to ship kernel headers around!)
Conclusion ● Virtualization is your friend to speed up kernel development ● Real-time tracing can be an effective way to study and understand how the kernel works ● Kernel development can be challenging... but fun! :)
References ● Brendan Gregg blog ● http://brendangregg.com/blog/ ● BCC tools ● https://github.com/iovisor/bcc ● virtme ● https://github.com/amluto/virtme ● crashtest ● https://github.com/arighi/crashtest ● kernel-crash-tools ● https://github.com/arighi/kernel-crash-tools
Thank you Andrea Righi andrea.righi@canonical.com www.canonical.com twitter: @arighi
Ad

Recommended

Kernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel Proc Connector and Containers
Kernel Proc Connector and Containers
Kernel TLV
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance Tools
Kernel TLV
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux Kernel
SeongJae Park
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
Kernel TLV
 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
OpenEBS
 
Andrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profitAndrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profit
linuxlab_conf
 
p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4p4alu: Arithmetic Logic Unit in P4
p4alu: Arithmetic Logic Unit in P4
Kentaro Ebisawa
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
Kernel TLV
 
RxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance ResultsRxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance Results
Brendan Gregg
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
Kernel TLV
 
Spying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profitSpying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profit
Andrea Righi
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
linuxlab_conf
 
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxingKernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Anne Nicolas
 
Senior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster ComputingSenior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster Computing
Ralph Walker II
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at Facebook
Anne Nicolas
 
Twisted Introduction
Twisted IntroductionTwisted Introduction
Twisted Introduction
cyli
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
Linux Container Basics
Linux Container BasicsLinux Container Basics
Linux Container Basics
Michael Kehoe
 
FBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversFBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp servers
Angelo Failla
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
Matthew Ahrens
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Kernel TLV
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
Michael Hudson-Doyle
 
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Igalia
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
SeongJae Park
 
An Introduction to Twisted
An Introduction to TwistedAn Introduction to Twisted
An Introduction to Twisted
sdsern
 
All of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) WrongAll of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) Wrong
ice799
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and tools
Stefano Salsano
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
Ad

More Related Content

What's hot (20)

The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
Kernel TLV
 
RxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance ResultsRxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance Results
Brendan Gregg
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
Kernel TLV
 
Spying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profitSpying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profit
Andrea Righi
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
linuxlab_conf
 
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxingKernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Anne Nicolas
 
Senior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster ComputingSenior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster Computing
Ralph Walker II
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at Facebook
Anne Nicolas
 
Twisted Introduction
Twisted IntroductionTwisted Introduction
Twisted Introduction
cyli
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
Linux Container Basics
Linux Container BasicsLinux Container Basics
Linux Container Basics
Michael Kehoe
 
FBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversFBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp servers
Angelo Failla
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
Matthew Ahrens
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Kernel TLV
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
Michael Hudson-Doyle
 
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Igalia
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
SeongJae Park
 
An Introduction to Twisted
An Introduction to TwistedAn Introduction to Twisted
An Introduction to Twisted
sdsern
 
All of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) WrongAll of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) Wrong
ice799
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
Kernel TLV
 
RxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance ResultsRxNetty vs Tomcat Performance Results
RxNetty vs Tomcat Performance Results
Brendan Gregg
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
Kernel TLV
 
Spying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profitSpying on the Linux kernel for fun and profit
Spying on the Linux kernel for fun and profit
Andrea Righi
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
linuxlab_conf
 
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxingKernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Anne Nicolas
 
Senior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster ComputingSenior Design: Raspberry Pi Cluster Computing
Senior Design: Raspberry Pi Cluster Computing
Ralph Walker II
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at Facebook
Anne Nicolas
 
Twisted Introduction
Twisted IntroductionTwisted Introduction
Twisted Introduction
cyli
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
ScyllaDB
 
Linux Container Basics
Linux Container BasicsLinux Container Basics
Linux Container Basics
Michael Kehoe
 
FBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp serversFBTFTP: an opensource framework to build dynamic tftp servers
FBTFTP: an opensource framework to build dynamic tftp servers
Angelo Failla
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
Matthew Ahrens
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Kernel TLV
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
Michael Hudson-Doyle
 
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Snabb Switch: Riding the HPC wave to simpler, better network appliances (FOSD...
Igalia
 
Brief introduction to kselftest
Brief introduction to kselftestBrief introduction to kselftest
Brief introduction to kselftest
SeongJae Park
 
An Introduction to Twisted
An Introduction to TwistedAn Introduction to Twisted
An Introduction to Twisted
sdsern
 
All of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) WrongAll of Your Network Monitoring is (probably) Wrong
All of Your Network Monitoring is (probably) Wrong
ice799
 

Similar to Kernel bug hunting (20)

Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and tools
Stefano Salsano
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!
Ray Jenkins
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
Michael Kehoe
 
The Open Source Ecosystem for eBPF in Kubernetes
The Open Source Ecosystem for eBPF in KubernetesThe Open Source Ecosystem for eBPF in Kubernetes
The Open Source Ecosystem for eBPF in Kubernetes
All Things Open
 
Not breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABINot breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABI
Alison Chaiken
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
GlobalLogic Ukraine
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
Jace Liang
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!
Affan Syed
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-review
abinaya m
 
story_of_bpf-1.pdf
story_of_bpf-1.pdfstory_of_bpf-1.pdf
story_of_bpf-1.pdf
hegikip775
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System Workshop
Quey-Liang Kao
 
Efficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native EnvironmentsEfficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native Environments
Gergely Szabó
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
DEF CON 27 - JEFF DILEO - evil e bpf in depth
DEF CON 27 - JEFF DILEO - evil e bpf in depthDEF CON 27 - JEFF DILEO - evil e bpf in depth
DEF CON 27 - JEFF DILEO - evil e bpf in depth
Felipe Prado
 
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
Angelo Failla
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPF
RogerColl2
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF Superpowers
Docker, Inc.
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kevin Lynch
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and tools
Stefano Salsano
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPF
Alex Maestretti
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!
Ray Jenkins
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
Michael Kehoe
 
The Open Source Ecosystem for eBPF in Kubernetes
The Open Source Ecosystem for eBPF in KubernetesThe Open Source Ecosystem for eBPF in Kubernetes
The Open Source Ecosystem for eBPF in Kubernetes
All Things Open
 
Not breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABINot breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABI
Alison Chaiken
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
GlobalLogic Ukraine
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
Jace Liang
 
ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!ebpf and IO Visor: The What, how, and what next!
ebpf and IO Visor: The What, how, and what next!
Affan Syed
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-review
abinaya m
 
story_of_bpf-1.pdf
story_of_bpf-1.pdfstory_of_bpf-1.pdf
story_of_bpf-1.pdf
hegikip775
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System Workshop
Quey-Liang Kao
 
Efficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native EnvironmentsEfficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native Environments
Gergely Szabó
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
DEF CON 27 - JEFF DILEO - evil e bpf in depth
DEF CON 27 - JEFF DILEO - evil e bpf in depthDEF CON 27 - JEFF DILEO - evil e bpf in depth
DEF CON 27 - JEFF DILEO - evil e bpf in depth
Felipe Prado
 
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
Angelo Failla
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPF
RogerColl2
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF Superpowers
Docker, Inc.
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kevin Lynch
 
Ad

More from Andrea Righi (6)

Eco-friendly Linux kernel development
Eco-friendly Linux kernel developmentEco-friendly Linux kernel development
Eco-friendly Linux kernel development
Andrea Righi
 
Linux kernel bug hunting
Linux kernel bug huntingLinux kernel bug hunting
Linux kernel bug hunting
Andrea Righi
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloud
Andrea Righi
 
Understand and optimize Linux I/O
Understand and optimize Linux I/OUnderstand and optimize Linux I/O
Understand and optimize Linux I/O
Andrea Righi
 
Debugging linux
Debugging linuxDebugging linux
Debugging linux
Andrea Righi
 
Linux boot-time
Linux boot-timeLinux boot-time
Linux boot-time
Andrea Righi
 
Eco-friendly Linux kernel development
Eco-friendly Linux kernel developmentEco-friendly Linux kernel development
Eco-friendly Linux kernel development
Andrea Righi
 
Linux kernel bug hunting
Linux kernel bug huntingLinux kernel bug hunting
Linux kernel bug hunting
Andrea Righi
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloud
Andrea Righi
 
Understand and optimize Linux I/O
Understand and optimize Linux I/OUnderstand and optimize Linux I/O
Understand and optimize Linux I/O
Andrea Righi
 
Debugging linux
Debugging linuxDebugging linux
Debugging linux
Andrea Righi
 
Linux boot-time
Linux boot-timeLinux boot-time
Linux boot-time
Andrea Righi
 
Ad

Recently uploaded (20)

TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 

Kernel bug hunting

  • 1. Kernel bug hunting Modena, 27 November 2019 Andrea Righi [email protected] www.canonical.com twitter: @arighi
  • 2. Linux kernel is complex ● 25.590.567 lines of code right now find -type f -name '*.[chS]' -exec wc -l {} ; | awk 'BEGIN{sum=0}{sum+=$1}END{print sum}' ● 229 patches last week week git log --oneline v5.4-rc7..v5.4-rc8 | wc -l ● 195 files changed, 3398 insertions(+), 4081 deletions(-) git diff --stat v5.4-rc7..v5.4-rc8 | tail -1
  • 4. Kernel bugs ● Kernel panic ● Fatal error, system becomes unusable ● Kernel oops ● Non-fatal error, some functionalities can be compromised ● Wrong result ● Fatal error from user’s perspective ● Security vulnerability ● Side-channel attack, data leakage, … ● Performance regression ● Everything is correct, but slower...
  • 5. Debugging techniques ● blinking LED ● printk() / dump_stack() ● procfs ● SysReq key (Documentation/admin-guide/sysrq.rst) ● debugger (i.e., kgdb, …) ● virtualization ● profiling / tracing
  • 6. Kernel debugging hands-on ● Virtualization can help to track down kernel bugs ● virtme ● Run the kernel inside a qemu/kvm instance, virtualizing the running system ● Generate crash dump ● Analyze system data offline (after the crash) ● crash test kernel module ● https://github.com/arighi/crashtest ● Simple scripts to speed up kernel development (wrappers around virtme/qemu/crash): ● https://github.com/arighi/kernel-crash-tools
  • 8. Profiling vs tracing ● Profiling ● Create a periodic timed interrupt that collects the current program counter, function address and the entire stack back trace ● Tracing ● Record times and invocations of specific events
  • 10. Tracing example: strace ● strace(1): system call tracer in Linux ● It uses the ptrace() system call that pauses the target process for each syscall so that the debugger can read the state ● And it’s doing this twice: when the syscall begins and when it ends!
  • 11. strace overhead ### Regular execution ### $ dd if=/dev/zero of=/dev/null bs=1 count=500k 512000+0 records in 512000+0 records out 512000 bytes (512 kB, 500 KiB) copied, 0,501455 s, 1.0 MB/s ### Strace execution (tracing a syscall that is never called) ### $ strace -e trace=accept dd if=/dev/zero of=/dev/null bs=1 count=500k 512000+0 records in 512000+0 records out 512000 bytes (512 kB, 500 KiB) copied, 44.0216 s, 11,6 kB/s +++ exited with 0 +++
  • 13. eBPF
  • 14. eBPF history ● Initially it was BPF: Berkeley Packet Filter ● It has its roots in BSD in the very early 1990’s ● Originally designed as a mechanism for fast filtering network packets ● 3.15: Linux introduced eBPF: extended Berkeley Packet Filter ● More efficient / more generic than the original BPF ● 3.18: eBPF VM exposed to user-space ● 4.9: eBPF programs can be attached to perf_events ● 4.10: eBPF programs can be attached to cgroups ● 4.15: eBPF LSM hooks
  • 15. eBPF features ● Highly efficient VM that lives in the kernel ● Inject safe sanboxed bytecode into the kernel ● Attach code to kernel functions / events ● In-kernel JIT compiler ● Dynamically translate eBPF bytecode into native opcodes ● eBPF makes kernel programmable without having to cross kernel/user-space boundaries ● Access in-kernel data structures directly without the risk of crashing, hanging or breaking the kernel in any way
  • 16. eBPF as a VM ● Example assembly of a simple eBPF filter ● Load 16-bit quantity from offset 12 in the packet to the accumulator (ethernet type) ● Compare the value to see if the packet is an IP packet ● If the packet is IP, return TRUE (packet is accepted) ● otherwise return 0 (packet is rejected) ● Only 4 VM instructions to filter IP packets! ldh [12] jeq #ETHERTYPE_IP, l1, l2 l1: ret #TRUE l2: ret #0
  • 18. How many eBPF programs are running in your laptop? ● Run this: ls -la /proc/*/fd | grep bpf-prog | wc -l
  • 19. Flame graphs ● CPU flame graphs ● x-axis sample population ● y-axis ● stack depth ● Wider boxes = More samples = More CPU time = More overhead! Flame Graph Search s.. sun/nio/ch/SocketChannel.. org/mozi.. org.. io.. d.. tcp_v4_rcv i.. org.. vfs_write io/netty/channel/AbstractChannelHandlerContext:.fireChannelRead JavaCalls::call_virtual o.. ip_q.. org/mozi.. tcp_sen.. cpu.. org/.. [unknown] io/netty/channel/AbstractCha.. JavaCalls::call_virtual org/mozilla/javascript/gen/file__root_vert_x_2_1_.. ip.. io/netty/channel/nio/AbstractNioByteChannel$NioByteUnsafe:.read io/netty/channel/nio/Abstr.. t.. s.. o.. JavaCalls::call_helper Interpreter ip_.. __do_softirq ip_local_out ep_p.. org/mozilla/javas.. s.. org/mozilla/javascript/gen/file__root_vert_x_2_1_5_sys_mods_io.. system_ca.. s.. _.. [unkn.. __.. sta.. sun.. _.. tcp_transmit_skb do_softirq org/m.. __.. JavaThread::thread_main_inner io/netty/channel/ChannelDupl.. io/netty/channel/DefaultCha.. java ip_rcv_fi.. t.. G.. o.. tcp_v4_.. __tcp.. do_sync_write v.. x.. call_stub ip_finish_out.. net_rx_act.. io/netty/channel/ChannelOut.. wrk tcp_write_xmit ip_.. loc.. syste.. i.. aeProcessEvents system_call_fastpath org.. do.. local_bh_en.. or.. swapper org/mozilla/javascript/gen/file__root_vert_x_2_1_5.. JavaThread::run sun/nio/ch/FileDispatch.. [.. __tcp_push_pendi.. tc.. sun/re.. tcp_.. tcp_w.. process_ba.. io/ne.. [.. inet_se.. ip..or.. thread_entry Interpreter org/vertx/java/core/http/impl/DefaultHttpServer$ServerHandler:.doM.. tcp_rcv.. vfs_write ip_queue_xmit sock_aio.. aeMain _.. org/vertx/java/core/net/impl/VertxHandler:.channelRead org/moz.. __netif_r.. __netif_r.. io/netty/channel/AbstractCh.. do_softirq_.. org/mozilla/javascript/gen/file__root_vert_x_2_1_5_sys_mods_io_.. io/netty/channel/nio/NioEventLoop:.processSelectedKeys org/mozilla/javas.. Interpreter so.. _.. [unknown] io/netty/channel/AbstractCh.. or.. io/netty/channel/AbstractChannelHandlerContext:.fireChannelRead ip_local_.. __.. org/vertx/java/core/net/impl.. io/.. sock_aio_write ip_rcv tcp_sendmsg e.. do.. thread_main ip_.. io.. ip_output io/netty/channel/nio/NioEventLoop:.processSelectedKeysOptimized java_start org/vertx/java/core/http/impl/ServerConnection:.handleRequests.. pr.. socke.. sys_e.. org/moz.. or.. io/netty/channel/AbstractCha.. io/netty/handler/codec/ByteToMessageDecoder:.channelRead x.. io/netty/channel/AbstractCha.. h.. start_thread ne.. inet_sendmsg start_thread r.. ip_local_.. org/mozilla/javas.. o.. sys_write socket_wri.. i.. io/netty/handler/codec/ByteT.. org/.. do_sync_.. sys_write
  • 20. BCC tracing tools ● BPF Compiler Collection https://github.com/iovisor/bcc ● Front-end to eBPF ● BCC makes eBPF programs easier to write ● Include C wrapper around LLVM ● Python ● Lua ● C++ ● C helper libs ● Lots of pre-defined tools available
  • 21. Example #1: trace exec() ● Intercept all the processes executed in the system
  • 22. Example #2: keylogger ● Identify where and how keyboard characters are received and processed by the kernel
  • 23. Example #3: ping ● Identify where ICMP packets (ECHO_REQUEST / ECHO_REPLY) are received and processed by the kernel
  • 24. Example #4: task wait / wakeup ● Determine the stack trace of a sleeping process and the stack trace of the process that wakes up a sleeping process
  • 26. eBPF: performance overhead - use case #1 ● user-space deamon using an eBPF program attached to a function (via kprobe) ● kernel is updated, function doesn’t exist anymore ● daemon starts to use an older/slower non-BPF method ● 5% performance regression
  • 27. eBPF: performance overhead - use case #2 ● kernel function mapped to a 2MB huge page ● eBPF program attached to that function (via kprobe) ● setting the kprobe causes the function to be remapped to a regular 4KB page ● increased TLB misses ● 2% performance regression
  • 28. eBPF: compile once, run everywhere? ● … not exactly! :-( ● eBPF programs are compiled on the target system immediately before they are loaded ● Linux headers are needed to understand kernel data structures ● structure randomization is a problem ● BTF (BPF type format) has been created ● kernel data description embedded in the kernel (no longer any need to ship kernel headers around!)
  • 29. Conclusion ● Virtualization is your friend to speed up kernel development ● Real-time tracing can be an effective way to study and understand how the kernel works ● Kernel development can be challenging... but fun! :)
  • 30. References ● Brendan Gregg blog ● http://brendangregg.com/blog/ ● BCC tools ● https://github.com/iovisor/bcc ● virtme ● https://github.com/amluto/virtme ● crashtest ● https://github.com/arighi/crashtest ● kernel-crash-tools ● https://github.com/arighi/kernel-crash-tools