Matt Weir. Our Original Goal To create a data logging system across the kernel with accurate timing that will monitor data as it moves up and down the.

Slides:



Advertisements
Similar presentations
11-Jun-14 The assert statement. 2 About the assert statement The purpose of the assert statement is to give you a way to catch program errors early The.
Advertisements

RollCall is a feature recently added to ControlSoft It allows you to have groups of devices checked periodically to see if they are working. The results.
EFRONT V4 EXTENSIONS ARCHITECTURE. The goal  To offer more flexibility to 3 rd party users to modify eFront functionality  To further extend eFront.
As you come in…  Sign in (in back) and pick up  Badge  Name Card – write your first name LARGELY on back  Log in:  Launch/Start Alice  Any questions?
CPIT 102 CPIT 102 CHAPTER 1 COLLABORATING on DOCUMENTS.
{ Dominion - Test Plan Version 1 – 22 nd Apr Aravind Palanisami.
Ch. 1: Scientific Investigations
Test-Taking Strategies
Important concepts in software engineering The tools to make it easy to apply common sense!
What’s in a device driver?. Role of the OS Protect data and resources (file permissions, etc.) Provide isolation (virtual memory, etc.) Abstract away.
CSC1016 Coursework Clarification Derek Mortimer March 2010.
CSC Timers Since this is a microcontroller it mainly finds itself in embedded devices Quite often embedded devices need to synchronize events The.
Mrs. Chapman. Tabs (Block Categories) Commands Available to use Script Area where you type your code Sprite Stage All sprites in this project.
Debugging CPSC 315 – Programming Studio Fall 2008.
22-Jun-15 Threads and Multithreading. 2 Multiprocessing Modern operating systems are multiprocessing Appear to do more than one thing at a time Three.
Updating an installation with Windows® Embedded Developer Update. Windows and Microsoft are registered trademarks, All rights reversed. KRAK LLC © 2011.
EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,
Get up to speed A new file format One more big change in the new version of Word: an improved file format. What does that mean to you? The new file format.
Operating System Program 5 I/O System DMA Device Driver.
Real-time Systems Lab, Computer Science and Engineering, ASU Linux Input Systems (ESP – Fall 2014) Computer Science & Engineering Department Arizona State.
CS1550 Assignment 5 Multiprogramming Implementation notes Matt Craven.
1 Conditions Logical Expressions Selection Control Structures Chapter 5.
A Comparative Study of the Linux and Windows Device Driver Architectures with a focus on IEEE1394 (high speed serial bus) drivers Melekam Tsegaye
CSC Intro. to Computing Lecture 13: PALGO. Announcements Midterm is in one week  Time to start reviewing  We will do more review in class Tuesday.
Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.
MENTORING ACCORDING TO THE PRACTICE OF CENTRAS Constantza Mamaia 2- 3 June 2011.
Data Base Systems Some Thoughts. Ethics Guide–Nobody Said I Shouldn’t Kelly make a backup copy of his company’s database on CD and took it home and installed.
C++ crash course Class 8 statements, sort, flight times program.
Current Assignments Homework 2 is available and is due in three days (June 19th). Project 1 due in 6 days (June 23 rd ) Write a binomial root solver using.
1 The Guardian Kernel Module Sarah Diesburg, Louis Brooks June 5, 2006.
Making Python Pretty!. How to Use This Presentation… Download a copy of this presentation to your ‘Computing’ folder. Follow the code examples, and put.
Medians and blobs Prof. Ramin Zabih
Kernel Locking Techniques by Robert Love presented by Scott Price.
Week 8 - Wednesday.  What did we talk about last time?  Level order traversal  BST delete  2-3 trees.
COSC 2007 Data Structures II Chapter 13 Advanced Implementation of Tables IV.
Dean Anderson Polk County, Oregon GIS in Action 2014 Modifying Open Source Software (A Case Study)
12 CVS Mauro Jaskelioff (originally by Gail Hopkins)
London Connected Systems User Group – Feb “Instrument and Diagnose your BizTalk Solution in an efficient Way” Saravana Kumar BizTalk Server MVP.
CIS Intro to JAVA Lecture Notes Set July-05 GUI Programming –TextField Action Listeners, JEditorPane action listeners, HTML in a JEditorPane,
T Project Review WellIT I2 Iteration
Lecture 7 Conditional Scripting and Importing/Exporting.
U.S. History Group Project.  In the remaining weeks of school, you, the students, will be put in the position of teacher. You will be broken up into.
Review Please turn in your homework and practicals Packages, installation, rpm command Apache – Quick and easy way to set up a web server to play around.
January 9, 2001 Router Plugins (Crossbow) 1 Washington WASHINGTON UNIVERSITY IN ST LOUIS Exercises.
Introduction to Computing Systems and Programming Programming.
1 Advanced.Net Debugging Using Visual Studio, R# and OzCode IT Week, Summer 2015.
Your current Moodle 1.9 Minimum Requirements Ability to do a TEST RUN! Upgrading Moodle to Version 2 By Ramzan Jabbar Doncaster College for the Deaf By.
This I Believe Essay Writer’s Workshop: Introductions, Juicy Details, & Conclusions 8 th ELA St. Joseph School.
Mind Mapping Software: Uses and Benefits for Education.
By: Antonio Vazquez.  As far as this year goes, there were a lot of struggles that I had this year, I can’t really explain why, they just occurred. 
FOP: Multi-Screen Apps
Operating System Kernel Compilation
Essentials of UrbanCode Deploy v6.1 QQ147
Jonathan Walpole Computer Science Portland State University
Lecture 25 More Synchronized Data and Producer/Consumer Relationship
Thursday, June 2, 2016 ESL Level 3 Week 15.
Lab: ssh, scp, gdb, valgrind
Fast Action Links extension A love letter to CiviCRM
Introduction to Events
Sentinel logic, flags, break Taken from notes by Dr. Neil Moore
Download LX0-104 Exam Dumps Questions & Answers - LX0-104 Braindumps Dumps4download
Operating System Kernel Compilation
Sentinel logic, flags, break Taken from notes by Dr. Neil Moore
CSCE 315 – Programming Studio, Fall 2017 Tanzir Ahmed
An Introduction to VEX IQ Programming with Modkit
ECS15 while.
Why Threads Are A Bad Idea (for most purposes)
Why Threads Are A Bad Idea (for most purposes)
Why Threads Are A Bad Idea (for most purposes)
Presentation transcript:

Matt Weir

Our Original Goal To create a data logging system across the kernel with accurate timing that will monitor data as it moves up and down the data path.

The Feasibility of that Goal

The Current Goal Produce a framework that will assist in tracing the control flow of read/write operations in the Linux kernel using kernel markers

A Brief History of the Project

Week of May 26th 3rd Week of Class Created our group Decided upon our basic goals Did research on previous efforts into this field

Question: Has this been done before? Answer: Yes Understanding and Visualizing Full Systems with Data Flow Tomography

Week of June 2nd 4th Week of Class Talked to Dr. Wang and various graduate students to try and figure out how file IO works in Linux This is a generalization from my own imperfect ability to fully follow the conversations but... – There’s a lot of mystery about how the current version of Linux really works. Started playing around with printk

First Experience using prink Jun 2 12:20:30 device85 kernel: DATATAGGING: Someone called kmalloc (message repeated times) Not so bad

Second Experience using prink Decided to add a timestamp Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at Jun 2 12:20:30 device85 kernel: DATATAGGING: "Someone called kmalloc at

Size of the Log File

In Defense of printk When I added them to multiple functions, it does show the control flow Can grep through the log file to get a smaller snapshot of what is going on No noticeable performance issues from the user standpoint They work

That being said… It is hard to manage a large number of them Adding/removing printks is time consuming They require an external structure to turn them “on/off” during run time – Didn’t even think of this option until I was using markers When inserting them make sure you don’t add one right after an “if” statement that doesn’t use {}

Week of June 9th 5th Week of Class Decided to move from printk to markers Upgraded my kernel version to so that we would be using the same code Dr. Baker walked through the control flow of read statements with us Figured out how to implement markers and designed some basic test cases

Markers Added very recently to the Linux kernel In the creator’s own words – “It makes sense to offer an instrumentation set of the most relevant events occurring in the Linux kernel that can have the smallest performance cost possible when not active while not requiring a reboot of a production system to activate”

Adding Marker Support In menuconfig – General->Activate markers

The Marker Structure The Marker – A hook in the code to call a function in an attached probe The Probe – A function that can be attached to markers The Manager – A kernel module that manages/arms and disarms probes

Friday Night Started to worry since all we had was glorified prink’s Decided to have a few drinks…

Came up with an Idea Focus on the marker management kernel module Modify the marker code to support finer grained logging Try to trace the control flow in read/write statements

PirateAcorn The management kernel module that I wrote

PirateAcorn (continued) Acorn – Counter Intelligence term: Slang for someone who is performing traffic analysis Pirate – Because they are way cooler than ninjas

PirateAcorn (continued) Manages all the probes via ioctl commands – Breaks up the probes into read and write groups – Can enable them individually or at the same time – Supports the ability to have additional groups added to it – Can turn off monitoring for certain threads, such as other logging programs – Can be set to monitor a specific thread or all threads

Registering Probes

Arming the Probes

The Probe Function

Modification to marker.c Needed to add support so it would only fire if the marker was called by a thread that is being logged Didn’t want to put the check in the probe function since that was called only after the marker fires Instead made a quick function that checks to see if a marker should fire

The Marker Check Code

The Marker Code

Adding Markers For the most part I concentrated on mapping the VFS layer and the File system

Finding the current PID Most of the time it was easy – current->pid But in some cases I wasn’t allowed to reference current – seq_read() in linux/fs/seq_file.c – Called by vfs_read() as file->f_op->read

Possible Solutions Just print out all calls to seq_read(), and filter them out when processing the log file Don’t bother to log seq_read() at all Implement a binary value in marker.c that is set true when a previous marker is allowed to fire, and false when a marker is denied Create a wrapper function Include the PID value in a structure that is already being passed to it

Well what values are passed to it? File->f_op->read(file, buf, count, pos) – Count and pos are integer values – Buf is the buffer from the user, really don’t want to mess with that – What about file?

The File Structure

Yes it’s a Bad Idea But what would happen if I added a PID field?

Answer: PIRATEACORN: sys_read_start: Pid=3055 Time= PIRATEACORN: vfs_read_start: Pid=3055 Time= PIRATEACORN: vfs_read_fop_read: Pid=3055 Time= PIRATEACORN: seq_read_start: Pid=3055 Time= PIRATEACORN: sys_read_end: Pid=3055 Time= Yes, though I can see possible issues with this implementation, the biggest being multiple threads accessing the same file

The Mystery Call This one still has me stumped For several threads, such as metacity I hit a roadblock when I trace their read control flow

The Mystery Call (continued) The current control flow goes – sys_read_start – vfs_read_start – vfs_read_fop_aioread – do_sync_read_start – do_sync_read_forloop – do_sync_read_end – sys_read_end

The Mystery Call (continued) I loose the trace in the following call in do_sync_read – Filp->f_op->aio_read(&kiocb, &iov, 1, kiocb.ki_pos) This means there is a aio_read function associated with an f_op that I don’t know about

It Should be Pretty Easy to Track that Down…

My Current Guess There is an non standard kernel module that is installed and has its own aio_read handler Metacity is the gnome window manger – I can see it doing some funky stuff When adding markers I found lots of similar examples where the control flow didn’t go as I thought it would

QUESTIONS / COMMENTS?