Safe Kernel Programming with Rust
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Network Test and Monitoring Tools
ajgillette.com Technical Note Network Test and Monitoring Tools Author: A.J.Gillette Date: December 6, 2012 Revision: 1.3 Table of Contents Network Test and Monitoring Tools................................................................................................................1 Introduction.............................................................................................................................................................3 Link Characterization ...........................................................................................................................................4 Summary.................................................................................................................................................................12 Appendix A: NUTTCP..........................................................................................................................................13 Installing NUTTCP ..........................................................................................................................................13 Using NUTTCP .................................................................................................................................................13 NUTTCP Examples..........................................................................................................................................14 Appendix B: IPERF................................................................................................................................................17 -
Institutionalizing Freebsd Isolated and Virtualized Hosts Using Bsdinstall(8), Zfs(8) and Nfsd(8)
Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) [email protected] @MichaelDexter BSDCan 2018 Jails and bhyve… FreeBSD’s had Isolation since 2000 and Virtualization since 2014 Why are they still strangers? Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) Integrating as first-class features Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) This example but this is not FreeBSD-exclusive Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) jail(8) and bhyve(8) “guests” Application Binary Interface vs. Instructions Set Architecture Institutionalizing FreeBSD Isolated and Virtualized Hosts Using bsdinstall(8), zfs(8) and nfsd(8) The FreeBSD installer The best file system/volume manager available The Network File System Broad Motivations Virtualization! Containers! Docker! Zones! Droplets! More more more! My Motivations 2003: Jails to mitigate “RPM Hell” 2011: “bhyve sounds interesting...” 2017: Mitigating Regression Hell 2018: OpenZFS EVERYWHERE A Tale of Two Regressions Listen up. Regression One FreeBSD Commit r324161 “MFV r323796: fix memory leak in [ZFS] g_bio zone introduced in r320452” Bug: r320452: June 28th, 2017 Fix: r324162: October 1st, 2017 3,710 Commits and 3 Months Later June 28th through October 1st BUT July 27th, FreeNAS MFC Slips into FreeNAS 11.1 Released December 13th Fixed in FreeNAS January 18th 3 Months in FreeBSD HEAD 36 Days -
Cloudstate: End-To-End WAN Monitoring for Cloud-Based Applications
CLOUD COMPUTING 2013 : The Fourth International Conference on Cloud Computing, GRIDs, and Virtualization CloudState: End-to-end WAN Monitoring for Cloud-based Applications Aaron McConnell, Gerard Parr, Sally McClean, Philip Morrow, Bryan Scotney School of Computing and Information Engineering University of Ulster Coleraine, Northern Ireland Email: [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Modern data centres are increasingly moving to- It is therefore necessary to have a periodic, automated wards more sophisticated cloud-based infrastructures, where means of measuring the state of the WAN link between servers are consolidated, backups are simplified and where any two addresses relevant to the successful delivery of an resources can be scaled up, across distributed cloud sites, if necessary. Placing applications and data stores across sites has application to end-users. This measurement should be taken a cost, in terms of the hosting at a given site, a cost in terms of periodically, with the time between polls being short enough the migration of application VMs and content across a network, that sudden changes in the quality of the WAN are observed, and a cost in terms of the quality of the end-to-end network but far enough part so as not to flood the network with link between the application and the end-user. This paper details monitoring traffic. Data collected from polls should also be a solution aimed at monitoring all relevant end-to-end network links between VMs, storage and end-users. -
Measure Wireless Network Performance Using Testing Tool Iperf
Measure wireless network performance using testing tool iPerf By Lisa Phifer, SearchNetworking.com Many companies are upgrading their wireless networks to 802.11n for better throughput, reach, and reliability, but getting a handle on your wireless LAN's ( WLAN 's) performance is important to ensure sufficient capacity and coverage. Here, we describe how to quantify network performance using iPerf, a simple, readily-available tool that measures TCP /UDP throughput, loss, and delay. Getting started iPerf was developed to simplify TCP performance tuning by making it easy to measure maximum throughput and bandwidth. When used with UDP, iPerf can also measure datagram loss and delay (aka jitter). iPerf can be run over any kind of IP network, including local Ethernet LANs, Internet access links, and Wi-Fi networks. To use iPerf, you must install two components: an iPerf server (which listens for incoming test requests) and an iPerf client (which launches test sessions). iPerf is available as open source or executable binaries for many operating systems, including Win32, Linux, FreeBSD, MacOS X, OpenBSD, and Solaris. A Win32 iPerf installer can be found at NLANR , while a Java GUI version (JPerf) is available from SourceForge . To measure Wi-Fi performance, you probably want to install iPerf on an Ethernet host upstream from the access point ( AP ) under test -- this will be your server. Next, install iPerf on one or more Wi-Fi laptops -- these will be your clients. This is representative of a typical application flow between Wi-Fi client and wired server. If your goal is to measure AP performance, place your iPerf server on the same LAN as the AP, connected by Fast or Gigabit Ethernet. -
Thread Scheduling in Multi-Core Operating Systems Redha Gouicem
Thread Scheduling in Multi-core Operating Systems Redha Gouicem To cite this version: Redha Gouicem. Thread Scheduling in Multi-core Operating Systems. Computer Science [cs]. Sor- bonne Université, 2020. English. tel-02977242 HAL Id: tel-02977242 https://hal.archives-ouvertes.fr/tel-02977242 Submitted on 24 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ph.D thesis in Computer Science Thread Scheduling in Multi-core Operating Systems How to Understand, Improve and Fix your Scheduler Redha GOUICEM Sorbonne Université Laboratoire d’Informatique de Paris 6 Inria Whisper Team PH.D.DEFENSE: 23 October 2020, Paris, France JURYMEMBERS: Mr. Pascal Felber, Full Professor, Université de Neuchâtel Reviewer Mr. Vivien Quéma, Full Professor, Grenoble INP (ENSIMAG) Reviewer Mr. Rachid Guerraoui, Full Professor, École Polytechnique Fédérale de Lausanne Examiner Ms. Karine Heydemann, Associate Professor, Sorbonne Université Examiner Mr. Etienne Rivière, Full Professor, University of Louvain Examiner Mr. Gilles Muller, Senior Research Scientist, Inria Advisor Mr. Julien Sopena, Associate Professor, Sorbonne Université Advisor ABSTRACT In this thesis, we address the problem of schedulers for multi-core architectures from several perspectives: design (simplicity and correct- ness), performance improvement and the development of application- specific schedulers. -
Performance Testing Tools Jan Bartoň 30/10/2003
CESNET technical report number 18/2003 Performance Testing Tools Jan Bartoň 30/10/2003 1 Abstract The report describes properties and abilities of software tools for performance testing. It also shows the tools comparison according to requirements for testing tools described in RFC 2544 (Benchmarking Terminology for Network Intercon- nection Devices). 2 Introduction This report is intended as a basic documentation for auxiliary utilities or pro- grams that have been made for the purposes of evaluating transfer performance between one or more PCs in the role of traffic generators and another one on the receiving side. Section 3 3 describes requirements for software testing tools according to RFC 2544. Available tools for performance testing are catalogued by this document in section 4 4. This section also shows the testing tools com- patibility with RFC 2544 and the evaluation of IPv6 support. The summary of supported requirements for testing tools and IPv6 support can be seen in section 5 5. 3 Requirements for software performance testing tools according to RFC-2544 3.1 User defined frame format Testing tool should be able to use test frame formats defined in RFC 2544 - Appendix C: Test Frame Formats. These exact frame formats should be used for specific protocol/media combination (ex. IP/Ethernet) and for testing other media combinations as a template. The frame size should be variable, so that we can determine a full characterization of the DUT (Device Under Test) performance. It might be useful to know the DUT performance under a number of conditions, so we need to place some special frames into a normal test frames stream (ex. -
Water Quality Monitoring System Operating Manual February 2002
Water Quality Monitoring System Operating Manual February 2002 (Revision A) Hydrolab Corporation 8700 Cameron Road, Suite 100 Austin, Texas 78754 USA (800)949-3766 or (512)832-8832 fax: (512)832-8839 www.hydrolab.com Quanta•G Display Operations Tree Calib Salin SpC TDS DO DO% ORP pH BP Depth 00:002 mg/L 100% YMDHM [Standard, Scale Factor, or BP] Calib Review Screen Store [Index#] Screen 1⇔2⇔32 [Index#] Clear ClearAll Screen Screen Review Screen Setup Circ Temp Salin/TDS Depth On Off °C °F PSS g/L m ft Setup Notes: 1. Pressing the Esc ∞ key always exits to the previous operation level except at the top level where it toggles the circulator on or off. 2. RTC calibration (Calib ! 00:00) and Screen 3 are only available if the RTC/PC-Dump option is installed. 3. If the RTC/PC-Dump option is installed, pressing and holding the Esc ∞ key down during power-up causes the Quanta Display to enter PC-Dump mode. Table of Contents 1 Introduction ...........................................................................................................................1 1.1 Foreword.........................................................................................................................1 1.2 Specifications..................................................................................................................1 1.3 Components ....................................................................................................................2 1.4 Assembly.........................................................................................................................3 -
Building a Virtualisation Appliance with Freebsd/Bhyve/Openzfs Jason Tubnor ICT Senior Security Lead Introduction
Building a virtualisation appliance with FreeBSD/bhyve/OpenZFS Jason Tubnor ICT Senior Security Lead Introduction Building an virtualisation appliance for use within a NGO/NFP Australian Health Sector About Me Latrobe Community Health Service (LCHS) Background Problem Concept Production Reiteration About Me 26 years of IT experience Introduced to Open Source in the mid 90’s Discovered OpenBSD in 2000 A user and advocate of OpenBSD and FreeBSD Life outside of computers: Ultra endurance gravel cycling Latrobe Community Health Service (LCHS) Originally a Gippsland based NFP/NGO health service ICT manages 900+ users Servicing 51 sites across Victoria, Australia Covering ~230,000km2 Roughly the size of Laos in Aisa or Minnesota in USA “Better health, Better lifestyles, Stronger communities” Background First half of 2016 awarded contract to provide NDIS services Mid 2016 – deployment of initial infrastructure MPLS connection L3 switch gear ESXi host running a Windows Server 2016 for printing services Background – cont. Staff number grew We hit capacity constraints on the managed MPLS network An offloading guest was added to the ESXi host VPN traffic could be offloaded from the main network Using cheaply available ISP internet connection Problem Taking stock of the lessons learned in the first phase We needed to come up with a reproducible device Device required to be durable in harsh conditions Budget constraints/cost savings Licensing model Phase 2 was already being negotiated so a solution was required quickly Concept bhyve [FreeBSD] was working extremely well in testing Excellent hardware support Liberally licensed OpenZFS Simplistic Small footprint for a type 2 hypervisor Hardware discovery phase FreeBSD Required virtualisation components in CPU Concept – cont. -
Bhyve - Improvements to Virtual Machine State Save and Restore
bhyve - Improvements to Virtual Machine State Save and Restore Darius Mihai Mihai Carabas, University POLITEHNICA of Bucharest University POLITEHNICA of Bucharest Splaiul Independent, ei 313, Bucharest, Romania, 060042 Splaiul Independent, ei 313, Bucharest, Romania, 060042 Email: [email protected] Email: [email protected] Abstract—As more complex tasks are delegated to distributed Regardless of their exact function, a periodic task is a routine servers, virtual machine hypervisors need to adapt and provide that will have to be called at (or as close as possible) a set features that allow redundancy and load balancing. One such interval. mechanism is the virtual machine save and restore through sys- sleep tem snapshots. A snapshot should allow the complete restoration For example, the basic Unix command can be used of the state that the virtual machine was in when the snapshot to perform an operation every N seconds if sleep $N is was created. Since the snapshot should encapsulate the entire called in a script loop. Since it is safe to assume that all state of the virtualized system, the guest system should not be modern processors have hardware timekeeping components able to differentiate between the moment a snapshot was created implemented, sleep will request from the operating system and the moment when the system was restored, regardless of how much real time has passed between the two events. This that a software timer (i.e., one that is implemented by the paper will present how the time management and block devices operating system as an abstraction [1]) to be set for N are saved and restored for bhyve, FreeBSD’s virtual machine seconds in the future and will yield the processor, without hypervisor. -
Wookey: USB Devices Strike Back
WooKey: USB Devices Strike Back Ryad Benadjila, Mathieu Renard, Philippe Trebuchet, Philippe Thierry, Arnauld Michelizza, Jérémy Lefaure [email protected] ANSSI Abstract. The USB bus has been a growing subject of research in recent years. In particular, securing the USB stack (and hence the USB hosts and devices) started to draw interest from the academic community since major exploitable flaws have been revealed by the BadUSB threat [41]. The work presented in this paper takes place in the design initiatives that have emerged to thwart such attacks. While some proposals have focused on the host side by enhancing the Operating System’s USB sub-module robustness [53, 54], or by adding a proxy between the host and the device [12, 37], we have chosen to focus our efforts on the de- vice side. More specifically, our work presents the WooKey platform: a custom STM32-based USB thumb drive with mass storage capabilities designed for user data encryption and protection, with a full-fledged set of in-depth security defenses. The device embeds a firmware with a secure DFU (Device Firmware Update) implementation featuring up-to-date cryptography, and uses an extractable authentication token. The runtime software security is built upon EwoK: a custom microkernel implementa- tion designed with advanced security paradigms in mind, such as memory confinement using the MPU (Memory Protection Unit) and the integra- tion of safe languages and formal methods for very sensitive modules. This microkernel comes along with MosEslie: a versatile and modular SDK that has been developed to easily integrate user applications in C, Ada and Rust. -
In PDF Format
Arranging Your Virtual Network on FreeBSD Michael Gmelin ([email protected]) January 2020 1 CONTENTS CONTENTS Contents Introduction 3 Document Conventions . .3 License . .3 Plain Jails 4 Plain Jails Using Inherited IP Configuration . .4 Plain Jails Using a Dedicated IP Address . .5 Plain Jails Using a VLAN IP Address . .6 Plain Jails Using a Loopback IP Address . .7 Adding Outbound NAT for Public Traffic . .7 Running a Service and Redirecting Traffic to It . .9 VNET Jails and bhyve VMs 10 VNET Jails Using sysutils/pot ............................. 10 VNET Jails Using sysutils/iocage ............................ 13 Managing Bridges . 13 Adding bhyve VMs and DHCP to the Mix . 16 Preventing Traffic Between VNET Jails/VMs . 17 Firewalling Inside VNET Jails/VMs . 20 VXLAN 22 VXLAN Example Overview . 22 Gateway Configuration . 24 Jailhost-a . 25 Network Configuration (jailhost-a) . 25 VM Configuration (jailhost-a) . 26 Jail Configuration (jailhost-a) . 27 Jailhost-b . 27 Network Configuration (jailhost-b) . 27 Plain Jail Configuration (jailhost-b) . 28 Network Switch Setup (jailhost-b) . 29 VNET Jail Configuration (jailhost-b) . 30 VM Configuration (jailhost-b) . 30 VXLAN Multicast Troubleshooting . 31 Conclusion and Further Reading 33 2020-01-08 (final) 2 CC BY 4.0 INTRODUCTION Introduction Modern FreeBSD offers a range of virtualization options, from the traditional jail environment sharing the network stack with the host operating system, over vnet jails, which allow each jail to have its own network stack, to bhyve virtual machines running their own kernels/operating systems. Depending on individual requirements, there are different ways to configure the virtual network. Jail and VM management tools can ease the process by abstracting away (at least some of) the underlying complexities. -
Rust and IPC on L4re”
Rust and Inter-Process Communication (IPC) on L4Re Implementing a Safe and Efficient IPC Abstraction Name Sebastian Humenda Supervisor Dr. Carsten Weinhold Supervising Professor Prof. Dr. rer. nat. Hermann Härtig Published at Technische Universität Dresden, Germany Date 11th of May 2019 Contents 1 Introduction 5 2 Fundamentals 8 2.1 L4Re . 8 2.2 Rust....................................... 11 2.2.1 Language Basics . 11 2.2.2 Ecosystem and Build Tools . 14 2.2.3 Macros . 15 3 Related Work 17 3.1 Rust RPC Libraries . 17 3.2 Rust on Other Microkernels . 18 3.3 L4Re IPC in Other Languages . 20 3.4 Discussion . 21 3.4.1 Remote Procedure Call Libraries . 21 3.4.2 IDL-based interface definition . 22 3.4.3 L4Re IPC Interfaces In Other Programming Languages . 23 4 L4Re and Rust Infrastructure Adaptation 24 4.1 Build System Adaptation . 25 4.1.1 Libraries . 26 4.1.2 Applications . 27 4.2 L4rust Libraries . 29 4.2.1 L4 Library Split . 29 4.2.2 Inlining vs. Reimplementing . 30 4.3 Rust Abstractions . 31 4.3.1 Error Handling . 31 4.3.2 Capabilities . 32 5 IPC Framework Implementation 35 5.1 A Brief Overview of the C++ Framework . 36 5.2 Rust Interface Definition . 37 5.2.1 Channel-based Communication . 37 5.2.2 Macro-based Interface Definition . 39 5.3 Data Serialisation . 43 2 5.4 Server Loop . 46 5.4.1 Vector-based Service Registration . 46 5.4.2 Pointer-based Service Registration . 48 5.5 Interface Export . 52 5.6 Implementation Tests .