Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows...
-
Upload
elizabeth-sherman -
Category
Documents
-
view
218 -
download
0
Transcript of Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows...
![Page 1: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/1.jpg)
![Page 2: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/2.jpg)
Building Efficient Device Services
Chittur SubbaramanPrincipal Software Design EngineerWindows [email protected]
![Page 3: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/3.jpg)
Agenda
• NT Service Definition & Example• Optimization Opportunities for Services• Optimization Techniques• Optimization Opportunities Using Windows Task Scheduler • Summary
![Page 4: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/4.jpg)
NT Service
• Runs independent of a user interactively logging on• Two basic types
• User-mode Win32 service• Conforms to Win32 service programming model• Often works with device driver counterpart
• Kernel driver service• Loaded and unloaded by I/O manager or PnP manager
• Poor design significantly impacts user experience• Blaster virus exploited RPCSS service costing billions
worldwide• Common causes of performance and reliability problems
• Hangs in boot, logon, device install, shutdown, etc.
• Focus of talk – Win32 service
![Page 5: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/5.jpg)
A Windows Service: Portable Device Enumerator Service
• Enables applications to transfer and synchronize content on removable mass storage devices• Monitors volume device arrivals and removals
• SERVICE_CONTROL_DEVICEEVENT• FILE_DEVICE_DISK and FILE_REMOVABLE_MEDIA • Installs/uninstalls UMDF driver
• Enforces Group Policy on removable storage devices• Security settings
• Refreshes connections to Bluetooth media transfer protocol (MTP) devices• Load/unload driver stack on device availability
![Page 6: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/6.jpg)
Optimization Opportunities
![Page 7: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/7.jpg)
Impact on Performance
• Internal study conducted for next release of Windows• Contributions of 49 non-critical services
• File I/O = 47,286• Copy on Write (COW) pages = 4,656• Pages = 15,967• Registry operations = 38,508• Threads = 367
• Significant performance impact in several core scenarios• Logon/logoff• Device install/removal• Hibernate/resume• Boot/shutdown• Battery life
![Page 8: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/8.jpg)
Impact on Security & Reliability
• Security• Common increased attack surface causes
• Run in high privilege (like LocalSystem)• Exposed to network
• Common elevation of privilege causes• Impersonation of high privilege users (like administrators)• Weak authentication and object ACLs
• Blaster virus exploited this in RPCSS service in Windows XP
• Reliability• Bit rot (memory leaks)• Crashes and hangs
![Page 9: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/9.jpg)
Optimization Techniques
![Page 10: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/10.jpg)
Service Startup
• Auto start directly impacts Time-to-Desktop • Enter SERVICE_RUNNING state very quickly
• Recommendations given for Windows services• Image Load < 300ms, enter running < 200ms
• Postpone heavy duty initialization after running• No checkpointing unless progress is really being made
• Disables Service Control Manager (SCM) hang detection logic• Dedicated thread checkpointing top cause of boot hangs
• Start accepting external requests only when actually ready• Setting SERVICE_ACCEPT_STOP, etc.• Registering RPC interfaces
• Manual or delayed auto instead of auto start• Call StartServiceCtrlDispatcher API very quickly
![Page 11: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/11.jpg)
SCM Trigger Support (Next Windows Release)
• Allows moving from always running to infrequently running• Trigger types
• Dropped when event arrives & at boot (if applicable)• Device interface class arrival
• Can trigger on hardware IDs and compatible IDs• Domain join and leave• Group policy
• Machine policy and User policy changes• First IP address arrival/last IP address leave• Custom event tracing for Windows (ETW) events
• Kernel mode and user mode• Using EventWrite API
![Page 12: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/12.jpg)
Trigger-Based Startup and Shutdown
Hardware device arrival trigger
IP trigger
Custom trigger
Domain trigger
Group Policy (GP) trigger
Service Control Manager (SCM)
Service 1(Subscribed to start
on Device Arrival trigger)
Service 2(Subscribed to start
on Doman Join, Stop on Domain Un-join and Start
on GP trigger)
![Page 13: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/13.jpg)
Portable Device Service Triggers
C:>sc qtriggerinfo wpdbusenum[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: wpdbusenum START SERVICE DEVICE INTERFACE ARRIVAL : 53f56307-b6bf-11d0-94f2-00a0c91efb8b [INTERFACE CLASS GUID – DISK CLASS] DATA : USBSTOR\GenDisk [REMOVABLE VOLUME Hardware ID]
START SERVICE DEVICE INTERFACE ARRIVAL : c1e9bc6d-1dae-421a-9369-cc7ff0d6e359 [INTERFACE CLASS GUID – BTH MTP CLASS]
START SERVICE CUSTOM : bd2f4252-5e1e-49fc-9a30-f3978ad89ee2 [GROUP POLICY PROVIDER UUID] DATA : e6 ca 9f 65 db 5b a9 4d b1 ff ca 2a 17 8d 46 e0 [MACHINE POLICY]
START SERVICE CUSTOM : bd2f4252-5e1e-49fc-9a30-f3978ad89ee2 [GROUP POLICY PROVIDER UUID] DATA : c8 46 fb 54 89 f0 4c 46 b1 fd 59 d1 b6 2c 3b 50 [USER POLICY]
![Page 14: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/14.jpg)
Security
• Run in low privilege• LocalService/
NetworkService instead of LocalSystem
• Permanently remove dangerous privileges• E.g.,
SeImpersonatePrivilege• Express service required
privileges• SCM strips unused ones• Sc qprivs <service
name>
C:\>sc qprivs wpdbusenum
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: wpdbusenum PRIVILEGES : SeAuditPrivilege : SeChangeNotifyPrivilege : SeCreateGlobalPrivilege : SeCreatePermanentPrivilege : SeImpersonatePrivilege
![Page 15: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/15.jpg)
More on Security
• Use service-specific SIDs• Hash of unique service
name• ACL objects using service
SID• Driver authenticates user
mode service using service SID in caller token
• Low privilege/high privilege split• If applicable, run high
privilege code in different service or task not exposed to network
C:\>sc showsid wpdbusenum
NAME: wpdbusenumSERVICE SID: S-1-5-80-113310567-2163499630-2787090463-221477905-209227094
![Page 16: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/16.jpg)
Resource Usage
• Delay load DLLs or dynamically load/unload DLLs• Use NT thread pool instead of parking threads• Use NT handles for short stints unless frequently used
• E.g., Close thread handle from CreateThread after API returns
• Optimize API calls• E.g., open root registry key once instead of repeated
opens/closes
• Don’t have large globals in DLLs to reduce COW pages• Use share process for multiple services
![Page 17: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/17.jpg)
Periodic Activity
• Even once in 20 minutes is impactful• Significant effect on battery life• Keeps pages tied up in memory• Reduces Terminal Server (TS) scalability• Interferes with user activity
• Recommendations• Event driven design
• E.g., NotifyServiceStatusChange instead of polling• Scheduled tasks to offload periodic activity
• With run only on idle settings (discussed later)
![Page 18: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/18.jpg)
Shutdown
• Service shutdown• Directly impacts machine shutdown
• Don’t set SERVICE_ACCEPT_SHUTDOWN• For own process services
• Eliminate actions like freeing memory• 200 ms stop time recommended maximum
• Self-stop after couple of minutes of no activity• An example of “activity” – RPC requests
• Clients not be aware of service stop• Handle race conditions unique to service design
![Page 19: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/19.jpg)
Control Handler
• No blocking calls inside• E.g., WaitForSingleObject, CreateFile, RPCs• Impacts core scenarios
• Logon, device installs, machine shutdown, etc.• Make code lock free if possible
• Run work items in thread pool• Follow MSDN guidelines for Control Handler specific return
codes• SERVICE_CONTROL_STOP
• Call SetServiceStatus (SERVICE_STOP_PENDING)• Post stop work to thread pool• Order is important!
![Page 20: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/20.jpg)
Optimization Opportunities Using Scheduled Tasks
![Page 21: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/21.jpg)
Windows Task Scheduler Tasks
• Consider use• Typically for short-lived scenarios• Not much OS services needed• Typically used in less complex scenarios
• Lower development, testing and maintenance costs
• “Free form” programming model• Can be a plain EXE or COM server
• Supported triggers• Boot, Logon, Clock based, Crimson event, Idle
• Managed by Task Scheduler service
![Page 22: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/22.jpg)
Scheduled Task Attributes
• Accounts• LocalService,
NetworkService, LocalSystem
• Interactive user (elevated or non-elevated)
• Any user account allowing batch logons
• Supports useful settings• Do not run on battery
power• Run only when the
machine is idle• Run only if network is
available• Single instance or multi-
instance• Priority – process, page, IO
![Page 23: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/23.jpg)
Example from Windows
• \Microsoft\Windows\Bluetooth\UninstallDeviceTask• Invoked by Bluetooth Support Service (bthserv) when user
wants to uninstall device using CPL applet• Allows non-administrator users to unpair Bluetooth devices• Bluetooth Support Service runs as LocalService• Small amount of high privileged code isolated inside task
• As opposed to running the bthserv as LocalSystem
![Page 24: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/24.jpg)
Summary
• Impact of services on user experience is significant• Performance, security, energy efficiency, reliability
• Use suggested optimizing techniques• Quick startup, shutdown, control processing• Resource usage conservation• Trigger start services• Stop on idle
• Run in low privilege• Choose tasks for applicable scenarios
![Page 25: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/25.jpg)
Resources
• Services in Windows Vista• http://www.microsoft.com/whdc/system/vista/Vista_Services.m
spx
• Diagnosing service failures• Windows Server 2003 Managing System Services
http://www.microsoft.com/downloads/details.aspx?FamilyID=a70b06cb-b0f2-4800-997b-2a27ce8fcdc2&displaylang=en
• Scheduled tasks • Task Scheduler documentation on MSDN
http://msdn.microsoft.com/en-us/library/aa383614.aspx• Windows Vista Task Scheduler on Microsoft TechNet
http://technet.microsoft.com/en-us/appcompat/aa906020.aspx
![Page 26: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/26.jpg)
Appendix
![Page 27: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/27.jpg)
Service Control Manager (SCM) & Services
SCM API clients
Service Control Manager (services.exe)
HKLM\System\CCC\Services
Svchost –knetsvcs
spoolsv.exe(Print spooler)
LRPC RPC/TCP (Vista+) RPC/NP (legacy)
Start, stop,device event,other controls
Hosts 20+ services
InoRt.exe(Inoculan RTmonitoring)
Per service process channel
![Page 28: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/28.jpg)
Boot & Shutdown
• Service boot sequence• Follows load order
• Each group must be running or stopped before moving on• Services not in load order are started last• Service dependencies honored during startup• Manual start allowed only after auto start completes
• Service shutdown sequence• Bounded by 20 sec (default)• Service dependencies not honored• SERVICE_CONTROL_SHUTDOWN delivered
• Only if SERVICE_ACCEPT_SHUTDOWN is set
![Page 29: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/29.jpg)
Notifications & Commands
• Service notifications to interested subscribers• Device arrival & removal• Power events• Session state change
events• System time change
(next release of Windows)
• Trigger event (next release of Windows)
• Service commands to interested subscribers• Stop, shutdown, pause,
continue, preshutdown
// Registering for stop, power and session eventsSERVICE_STATUS ServiceStatus = { 0 }; // Set the service type, controls accepted and// stateServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_POWEREVENT | SERVICE_ACCEPT_SESSIONCHANGE;
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
// RegisterServiceCtrlHandlerEx API returns the // StatusHandleSetServiceStatus(StatusHandle, &ServiceStatus);
![Page 30: Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com.](https://reader035.fdocuments.us/reader035/viewer/2022062802/56649ea35503460f94ba82a0/html5/thumbnails/30.jpg)
Key Service Settings
• Performance impactful• Start type• Service type• Dependencies• Delayed auto start flag• Load order group
• Security impactful• Service account• Required privileges• Service sid type• Security descriptor
• Reliability impactful• Failure actions
• Use only SCM APIs, sc.exe or services snapin to edit settings
C:\>sc qc wpdbusenum
SERVICE_NAME: wpdbusenum TYPE : WIN32_SHARE_PROCESS START_TYPE : DEMAND_START ERROR_CONTROL : NORMAL BINARY_PATH_NAME : D:\Windows\system32\svchost.exe –k LocalSystemNetworkRestricted
LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Portable Device Enumerator Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem