Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
benefits and drawbacks of syscall hooks/netdev0...
Search
Hajime Tazaki
July 19, 2024
Technology
290
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
benefits and drawbacks of syscall hooks/netdev0x18-zpoline
https://netdevconf.info/0x18/sessions/talk/benefits-and-drawbacks-of-syscall-hooks.html
Hajime Tazaki
July 19, 2024
More Decks by Hajime Tazaki
See All by Hajime Tazaki
improving debuggability of nommu code with UML - Linux netdev conference 0x1a
thehajime
0
19
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
350
kernel offload with complete host kernel functionalities/netdev0x17-kernel-offload
thehajime
0
260
ライブラリOSを利用したコンテナランタイムの設計と実装/stairlab-seminar-23-ukontainer
thehajime
0
200
How to Design a Library OS for Practical Containers?/vee21-ukontainer
thehajime
0
800
containerd port to darwin - Toward Running Linux containers on macOS/fosdem21-darwin-containerd-ctr-devroom
thehajime
0
1.6k
Linux Container with Alternate Linux Kernel (Library)/container-runtime-meetup-202008-lkl
thehajime
2
2k
Linux Kernel Library - A Library Version of Linux Kernel/lkl-fosdem2020-uk-devroom
thehajime
0
1.2k
Is reimplementation of network stack a good idea or not? - Linux netdev 0x13 #netdevconf /linux-netdev-0x13-lkl
thehajime
1
380
Other Decks in Technology
See All in Technology
ループエンジニアリングでE2Eテストを実践
noriyukitakei
0
320
CSに"SLO"は要らない、経営層に"99.9%"は伝わらない - SREを全社に"翻訳"する3原則
cscengineer
PRO
1
4.1k
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
390
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
2.9k
ADDF - ループエンジニアリングするフレームワークを作ったら/I Didn't Set Out to Build Loop Engineering, But ADDF Did
fruitriin
0
100
Empower GenAI with Agile - あなたのアジャイルが生成AIのバフになる仕組み
hageyahhoo
1
150
AI駆動開発におけるQAエンジニアの役割事例 〜AI駆動開発の現場から〜
kobayashiyorimitsu
0
420
AI Driven AI Governance
pict3
0
300
ruby.wasmとPicoRuby.wasmに対応した仮想DOMライブラリを作ってる話 #kaigieffect_kaigi
sue445
PRO
0
110
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
2
3k
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
850
Foxgloveについて 実際にExtensionを開発して公開するまでの話 / About Foxglove: The Story of Developing and Releasing an Extension
ry0_ka
0
190
Featured
See All Featured
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
380
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Designing for Performance
lara
611
70k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
310
RailsConf 2023
tenderlove
30
1.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
360
Rails Girls Zürich Keynote
gr2m
96
14k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
320
What's in a price? How to price your products and services
michaelherold
247
13k
Automating Front-end Workflow
addyosmani
1370
210k
Transcript
benefits and drawbacks of syscall benefits and drawbacks of syscall
hooks hooks 1
introduction introduction 2
what is syscall and why syscall hook ? what is
syscall and why syscall hook ? 3
recap: how syscall works ? recap: how syscall works ?
4
change the behavior of syscall ? change the behavior of
syscall ? 5
change the behavior of syscall ? change the behavior of
syscall ? 5
variants variants 6
ptrace ptrace 7
SUD (syscall user dispatch) SUD (syscall user dispatch) 8
LD_PRELOAD LD_PRELOAD 9
binary rewriting binary rewriting syscall/sysenter 10
binary rewriting (cont'd) binary rewriting (cont'd) syscall jmp 0xdeadbeef syscall
0f 05 jmp 0xdeafbeef e9 de ad be af mov sysno %rax; syscall callq ${addr of handler} 11
summary of existing syscall hooks summary of existing syscall hooks
12
%rax zpoline zpoline syscall callq *%rax 13
zpoline: how it works zpoline: how it works callq *%rax
syscall nop nop callq *%rax %rax $ echo 0 > "/proc/sys/vm/mmap_min_addr" 14
zpoline: how it behaves zpoline: how it behaves 15
zpoline how it behaves (cont'd) zpoline how it behaves (cont'd)
16
zpoline: benefits zpoline: benefits 17
There ain't no such things as a free lunch There
ain't no such things as a free lunch. . 18
pitfalls of syscall hooks pitfalls of syscall hooks 19
handling two universes in partial hooks handling two universes in
partial hooks int hooked_select(pollfds[], nfds_t, int) { int host_fd = host_poll(); int user_fd = user_poll(); return (merge {host,user}_fd) } 20
Summary Summary 21
Backups Backups 22
How zpoline is started ? How zpoline is started ?
syscall callq *%rax main() 23
libc replacement libc replacement 24
platform support platform support 25
null access termination null access termination mprotect(2) 26
References References 27