Difference between revisions of "Compel usage scenarios"

From CRIU
Jump to navigation Jump to search
(add usage scenarios)
(make it a bit more structured)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
This article is a collection of ideas of how [[compel]] can be used.
 
This article is a collection of ideas of how [[compel]] can be used.
 +
 +
== Run a new thread ==
  
 
One thing parasite code can do is call <code>clone()</code> and create a thread having access to main process' VM, FDT, FS, etc. The new thread can then do the following things:
 
One thing parasite code can do is call <code>clone()</code> and create a thread having access to main process' VM, FDT, FS, etc. The new thread can then do the following things:
Line 6: Line 8:
 
* Apply "logrotate" on the fly
 
* Apply "logrotate" on the fly
 
* Perform garbage collection
 
* Perform garbage collection
 +
** E.g. MADVISE_DONTNEED unneeded pages to reduce rss
 
* Catch SIGSEGV, do something with mappings and act upon "illegal" memory access
 
* Catch SIGSEGV, do something with mappings and act upon "illegal" memory access
 
** Remote swap for task
 
** Remote swap for task
 
** WSS detection
 
** WSS detection
 +
 +
== Do some work and unload ==
  
 
Another thing is to perform some activity on behalf of the victim and then just unload itself. With this, we can do:
 
Another thing is to perform some activity on behalf of the victim and then just unload itself. With this, we can do:

Latest revision as of 20:55, 4 March 2017

This article is a collection of ideas of how compel can be used.

Run a new thread[edit]

One thing parasite code can do is call clone() and create a thread having access to main process' VM, FDT, FS, etc. The new thread can then do the following things:

  • Check socket FDs to get stuck/closed by polling them
  • Apply "logrotate" on the fly
  • Perform garbage collection
    • E.g. MADVISE_DONTNEED unneeded pages to reduce rss
  • Catch SIGSEGV, do something with mappings and act upon "illegal" memory access
    • Remote swap for task
    • WSS detection

Do some work and unload[edit]

Another thing is to perform some activity on behalf of the victim and then just unload itself. With this, we can do:

  • Death detection. Open a pipe/socket and pass the other end outside. Once the victim dies, the pipe/socket will wake up.
  • Binary updates, e.g. live patching or libs relink
  • Tunneling. Replace an open socket with a unix one, and send the former socket to the caller.
    • Inject a socket spy
    • Pack/Unpack
    • Crypt/Decrypt
    • Analyze traffic
    • Perform traffic fanout (multiplex)
  • Similar thing for files on disks -- proxy via pipe(s)
    • Filter/split logs
  • Do "nohup" on the fly
  • Debug stuff by MSG_PEEKing sockets messages of tee+splice sockets
  • Re-connect sleeping sockets to other addresses (not 100% safe)
  • "Soft" restart of a service -- call execve() from it's context
  • Force entering into a container (except the PID namespace, probably)
  • Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
  • Remove leaks from e.g. malloc/free heap
  • Force reparent (PID change!)
    • Re-open all files to force daemonize