Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
benefits and drawbacks of syscall hooks/netdev0...
Search
Hajime Tazaki
July 19, 2024
Technology
0
220
benefits and drawbacks of syscall hooks/netdev0x18-zpoline
https://netdevconf.info/0x18/sessions/talk/benefits-and-drawbacks-of-syscall-hooks.html
Hajime Tazaki
July 19, 2024
Tweet
Share
More Decks by Hajime Tazaki
See All by Hajime Tazaki
kernel offload with complete host kernel functionalities/netdev0x17-kernel-offload
thehajime
0
200
ライブラリOSを利用したコンテナランタイムの設計と実装/stairlab-seminar-23-ukontainer
thehajime
0
150
How to Design a Library OS for Practical Containers?/vee21-ukontainer
thehajime
0
700
containerd port to darwin - Toward Running Linux containers on macOS/fosdem21-darwin-containerd-ctr-devroom
thehajime
0
1.5k
Linux Container with Alternate Linux Kernel (Library)/container-runtime-meetup-202008-lkl
thehajime
2
1.8k
Linux Kernel Library - A Library Version of Linux Kernel/lkl-fosdem2020-uk-devroom
thehajime
0
1.1k
Is reimplementation of network stack a good idea or not? - Linux netdev 0x13 #netdevconf /linux-netdev-0x13-lkl
thehajime
1
320
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
thehajime
0
2.1k
Network stack personality in Android phone - netdev 2.2
thehajime
0
1.2k
Other Decks in Technology
See All in Technology
セキュアな社内Dify運用と外部連携の両立 ~AIによるAPIリスク評価~
zozotech
PRO
0
120
VS CodeとGitHub Copilotで爆速開発!アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave
yamachu
3
460
セキュアなAI活用のためのLiteLLMの可能性
tk3fftk
1
330
Deep Security Conference 2025:生成AI時代のセキュリティ監視 /dsc2025-genai-secmon
mizutani
4
2.9k
Figma Dev Mode MCP Serverを用いたUI開発
zoothezoo
0
230
LIXIL基幹システム刷新に立ち向かう技術的アプローチについて
tsukuha
1
380
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
23
6.3k
QuickSight SPICE の効果的な運用戦略~S3 + Athena 構成での実践ノウハウ~/quicksight-spice-s3-athena-best-practices
emiki
0
290
microCMSではじめるAIライティング
himaratsu
0
150
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
120
CDK Vibe Coding Fes
tomoki10
1
630
ビジネス職が分析も担う事業部制組織でのデータ活用の仕組みづくり / Enabling Data Analytics in Business-Led Divisional Organizations
zaimy
1
390
Featured
See All Featured
4 Signs Your Business is Dying
shpigford
184
22k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
282
13k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Code Review Best Practice
trishagee
69
19k
Fireside Chat
paigeccino
37
3.5k
Speed Design
sergeychernyshev
32
1k
Transcript
benefits and drawbacks of syscall benefits and drawbacks of syscall
hooks hooks 1
introduction introduction 2
what is syscall and why syscall hook ? what is
syscall and why syscall hook ? 3
recap: how syscall works ? recap: how syscall works ?
4
change the behavior of syscall ? change the behavior of
syscall ? 5
change the behavior of syscall ? change the behavior of
syscall ? 5
variants variants 6
ptrace ptrace 7
SUD (syscall user dispatch) SUD (syscall user dispatch) 8
LD_PRELOAD LD_PRELOAD 9
binary rewriting binary rewriting syscall/sysenter 10
binary rewriting (cont'd) binary rewriting (cont'd) syscall jmp 0xdeadbeef syscall
0f 05 jmp 0xdeafbeef e9 de ad be af mov sysno %rax; syscall callq ${addr of handler} 11
summary of existing syscall hooks summary of existing syscall hooks
12
%rax zpoline zpoline syscall callq *%rax 13
zpoline: how it works zpoline: how it works callq *%rax
syscall nop nop callq *%rax %rax $ echo 0 > "/proc/sys/vm/mmap_min_addr" 14
zpoline: how it behaves zpoline: how it behaves 15
zpoline how it behaves (cont'd) zpoline how it behaves (cont'd)
16
zpoline: benefits zpoline: benefits 17
There ain't no such things as a free lunch There
ain't no such things as a free lunch. . 18
pitfalls of syscall hooks pitfalls of syscall hooks 19
handling two universes in partial hooks handling two universes in
partial hooks int hooked_select(pollfds[], nfds_t, int) { int host_fd = host_poll(); int user_fd = user_poll(); return (merge {host,user}_fd) } 20
Summary Summary 21
Backups Backups 22
How zpoline is started ? How zpoline is started ?
syscall callq *%rax main() 23
libc replacement libc replacement 24
platform support platform support 25
null access termination null access termination mprotect(2) 26
References References 27