Presented at
Summercon 2023,
July 15, 2023, 12:30 p.m.
(30 minutes)
In this talk, Jatin will be sharing learnings and tools built for investigating low frequency kernel crashes in FreeBSD and discuss how hardware features could be utilized for providing zero-cost triage information in production systems. This Heisenberg bug was initially assumed to be happening due to an interrupt stack corruption but turned out to be a CPU bug. Heisenberg bugs, known for their elusive and unpredictable nature, can be a challenge to identify and fix. Therefore, this bug was difficult to produce and hence remained a mystery for debug invariant FreeBSD builds where integrity checks are enabled throughout the kernel. In order to investigate the bug, Jatin built stack analyzer tools and configured Last Branch Record (LBR) on CPUs and integrated them into the FreeBSD kernel to get CPU control flow information during a page or general protection fault for zero cost overhead.
Frankly, we’re stunned that this whole thing fits inside of 30 minutes, so listen carefully — it’s gonna go by at light speed!
Presenters:
-
Jatin Kataria
Jatin Kataria is a security researcher focusing on defensive system technologies. His main security research interests are hardware security extensions, bootloaders, OS, system services, program and binary analyses. Playing both the role of cat and mouse, he tires of n-days easily and is always looking for new and exciting ELF shenanigans, caching complications, and the Fedex guy who lost his engagement ring.
Similar Presentations: