Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel

Published byElizabeth Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel"— Presentation transcript:

1

2 Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel chitturs@microsoft.com

3 Agenda NT Service Definition & Example Optimization Opportunities for Services Optimization Techniques Optimization Opportunities Using Windows Task Scheduler Summary

4 NT Service Runs independent of a user interactively logging on Two basic types User-mode Win32 service Conforms to Win32 service programming model Often works with device driver counterpart Kernel driver service Loaded and unloaded by I/O manager or PnP manager Poor design significantly impacts user experience Blaster virus exploited RPCSS service costing billions worldwide Common causes of performance and reliability problems Hangs in boot, logon, device install, shutdown, etc. Focus of talk – Win32 service

5 A Windows Service: Portable Device Enumerator Service Enables applications to transfer and synchronize content on removable mass storage devices Monitors volume device arrivals and removals SERVICE_CONTROL_DEVICEEVENT FILE_DEVICE_DISK and FILE_REMOVABLE_MEDIA Installs/uninstalls UMDF driver Enforces Group Policy on removable storage devices Security settings Refreshes connections to Bluetooth media transfer protocol (MTP) devices Load/unload driver stack on device availability

6 Optimization Opportunities

7 Impact on Performance Internal study conducted for next release of Windows Contributions of 49 non-critical services File I/O = 47,286 Copy on Write (COW) pages = 4,656 Pages = 15,967 Registry operations = 38,508 Threads = 367 Significant performance impact in several core scenarios Logon/logoff Device install/removal Hibernate/resume Boot/shutdown Battery life

8 Impact on Security & Reliability Security Common increased attack surface causes Run in high privilege (like LocalSystem) Exposed to network Common elevation of privilege causes Impersonation of high privilege users (like administrators) Weak authentication and object ACLs Blaster virus exploited this in RPCSS service in Windows XP Reliability Bit rot (memory leaks) Crashes and hangs

9 Optimization Techniques

10 Service Startup Auto start directly impacts Time-to-Desktop Enter SERVICE_RUNNING state very quickly Recommendations given for Windows services Image Load < 300ms, enter running < 200ms Postpone heavy duty initialization after running No checkpointing unless progress is really being made Disables Service Control Manager (SCM) hang detection logic Dedicated thread checkpointing top cause of boot hangs Start accepting external requests only when actually ready Setting SERVICE_ACCEPT_STOP, etc. Registering RPC interfaces Manual or delayed auto instead of auto start Call StartServiceCtrlDispatcher API very quickly

11 SCM Trigger Support (Next Windows Release) Allows moving from always running to infrequently running Trigger types Dropped when event arrives & at boot (if applicable) Device interface class arrival Can trigger on hardware IDs and compatible IDs Domain join and leave Group policy Machine policy and User policy changes First IP address arrival/last IP address leave Custom event tracing for Windows (ETW) events Kernel mode and user mode Using EventWrite API

12 Trigger-Based Startup and Shutdown Hardware device arrival trigger IP trigger Custom trigger Domain trigger Group Policy (GP) trigger Service Control Manager (SCM) Service 1 (Subscribed to start on Device Arrival trigger) Service 2 (Subscribed to start on Doman Join, Stop on Domain Un-join and Start on GP trigger)

13 Portable Device Service Triggers C:>sc qtriggerinfo wpdbusenum [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: wpdbusenum START SERVICE DEVICE INTERFACE ARRIVAL : 53f56307-b6bf-11d0-94f2-00a0c91efb8b [INTERFACE CLASS GUID – DISK CLASS] DATA : USBSTOR\GenDisk [REMOVABLE VOLUME Hardware ID] START SERVICE DEVICE INTERFACE ARRIVAL : c1e9bc6d-1dae-421a-9369-cc7ff0d6e359 [INTERFACE CLASS GUID – BTH MTP CLASS] START SERVICE CUSTOM : bd2f4252-5e1e-49fc-9a30-f3978ad89ee2 [GROUP POLICY PROVIDER UUID] DATA : e6 ca 9f 65 db 5b a9 4d b1 ff ca 2a 17 8d 46 e0 [MACHINE POLICY] START SERVICE CUSTOM : bd2f4252-5e1e-49fc-9a30-f3978ad89ee2 [GROUP POLICY PROVIDER UUID] DATA : c8 46 fb 54 89 f0 4c 46 b1 fd 59 d1 b6 2c 3b 50 [USER POLICY]

14 Security Run in low privilege LocalService/NetworkService instead of LocalSystem Permanently remove dangerous privileges E.g., SeImpersonatePrivilege Express service required privileges SCM strips unused ones Sc qprivs C:\>sc qprivs wpdbusenum [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: wpdbusenum PRIVILEGES : SeAuditPrivilege : SeChangeNotifyPrivilege : SeCreateGlobalPrivilege : SeCreatePermanentPrivilege : SeImpersonatePrivilege

15 More on Security Use service-specific SIDs Hash of unique service name ACL objects using service SID Driver authenticates user mode service using service SID in caller token Low privilege/high privilege split If applicable, run high privilege code in different service or task not exposed to network C:\>sc showsid wpdbusenum NAME: wpdbusenum SERVICE SID: S-1-5-80-113310567- 2163499630-2787090463-221477905- 209227094

16 Resource Usage Delay load DLLs or dynamically load/unload DLLs Use NT thread pool instead of parking threads Use NT handles for short stints unless frequently used E.g., Close thread handle from CreateThread after API returns Optimize API calls E.g., open root registry key once instead of repeated opens/closes Don’t have large globals in DLLs to reduce COW pages Use share process for multiple services

17 Periodic Activity Even once in 20 minutes is impactful Significant effect on battery life Keeps pages tied up in memory Reduces Terminal Server (TS) scalability Interferes with user activity Recommendations Event driven design E.g., NotifyServiceStatusChange instead of polling Scheduled tasks to offload periodic activity With run only on idle settings (discussed later)

18 Shutdown Service shutdown Directly impacts machine shutdown Don’t set SERVICE_ACCEPT_SHUTDOWN For own process services Eliminate actions like freeing memory 200 ms stop time recommended maximum Self-stop after couple of minutes of no activity An example of “activity” – RPC requests Clients not be aware of service stop Handle race conditions unique to service design

19 Control Handler No blocking calls inside E.g., WaitForSingleObject, CreateFile, RPCs Impacts core scenarios Logon, device installs, machine shutdown, etc. Make code lock free if possible Run work items in thread pool Follow MSDN guidelines for Control Handler specific return codes SERVICE_CONTROL_STOP Call SetServiceStatus (SERVICE_STOP_PENDING) Post stop work to thread pool Order is important!

20 Optimization Opportunities Using Scheduled Tasks

21 Windows Task Scheduler Tasks Consider use Typically for short-lived scenarios Not much OS services needed Typically used in less complex scenarios Lower development, testing and maintenance costs “Free form” programming model Can be a plain EXE or COM server Supported triggers Boot, Logon, Clock based, Crimson event, Idle Managed by Task Scheduler service

22 Scheduled Task Attributes Accounts LocalService, NetworkService, LocalSystem Interactive user (elevated or non-elevated) Any user account allowing batch logons Supports useful settings Do not run on battery power Run only when the machine is idle Run only if network is available Single instance or multi- instance Priority – process, page, IO

23 Example from Windows \Microsoft\Windows\Bluetooth\UninstallDeviceTask Invoked by Bluetooth Support Service (bthserv) when user wants to uninstall device using CPL applet Allows non-administrator users to unpair Bluetooth devices Bluetooth Support Service runs as LocalService Small amount of high privileged code isolated inside task As opposed to running the bthserv as LocalSystem

24 Summary Impact of services on user experience is significant Performance, security, energy efficiency, reliability Use suggested optimizing techniques Quick startup, shutdown, control processing Resource usage conservation Trigger start services Stop on idle Run in low privilege Choose tasks for applicable scenarios

25 Resources Services in Windows Vista http://www.microsoft.com/whdc/system/vista/Vista_Services.mspx Diagnosing service failures Windows Server 2003 Managing System Services http://www.microsoft.com/downloads/details.aspx?FamilyID=a70b06cb -b0f2-4800-997b-2a27ce8fcdc2&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=a70b06cb -b0f2-4800-997b-2a27ce8fcdc2&displaylang=en Scheduled tasks Task Scheduler documentation on MSDN http://msdn.microsoft.com/en-us/library/aa383614.aspx http://msdn.microsoft.com/en-us/library/aa383614.aspx Windows Vista Task Scheduler on Microsoft TechNet http://technet.microsoft.com/en-us/appcompat/aa906020.aspx http://technet.microsoft.com/en-us/appcompat/aa906020.aspx

26 Appendix

27 Service Control Manager (SCM) & Services SCM API clients Service Control Manager (services.exe) HKLM\System\ CCC\Services Svchost –k netsvcs spoolsv.exe (Print spooler) LRPCRPC/TCP (Vista+) RPC/NP (legacy) Start, stop, device event, other controls Hosts 20+ services InoRt.exe (Inoculan RT monitoring) Per service process channel

28 Boot & Shutdown Service boot sequence Follows load order Each group must be running or stopped before moving on Services not in load order are started last Service dependencies honored during startup Manual start allowed only after auto start completes Service shutdown sequence Bounded by 20 sec (default) Service dependencies not honored SERVICE_CONTROL_SHUTDOWN delivered Only if SERVICE_ACCEPT_SHUTDOWN is set

29 Notifications & Commands Service notifications to interested subscribers Device arrival & removal Power events Session state change events System time change (next release of Windows) Trigger event (next release of Windows) Service commands to interested subscribers Stop, shutdown, pause, continue, preshutdown // Registering for stop, power and session events SERVICE_STATUS ServiceStatus = { 0 }; // Set the service type, controls accepted and // state ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_POWEREVENT | SERVICE_ACCEPT_SESSIONCHANGE; ServiceStatus.dwCurrentState = SERVICE_RUNNING; // RegisterServiceCtrlHandlerEx API returns the // StatusHandle SetServiceStatus(StatusHandle, &ServiceStatus);

30 Key Service Settings Performance impactful Start type Service type Dependencies Delayed auto start flag Load order group Security impactful Service account Required privileges Service sid type Security descriptor Reliability impactful Failure actions Use only SCM APIs, sc.exe or services snapin to edit settings C:\>sc qc wpdbusenum SERVICE_NAME: wpdbusenum TYPE : WIN32_SHARE_PROCESS START_TYPE : DEMAND_START ERROR_CONTROL : NORMAL BINARY_PATH_NAME : D:\Windows\system32\svchost.exe –k LocalSystemNetworkRestricted LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Portable Device Enumerator Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem

Download ppt "Building Efficient Device Services Chittur Subbaraman Principal Software Design Engineer Windows Kernel"

Similar presentations

Advanced Troubleshooting with Debug Diagnostics on IIS 6

Advanced Troubleshooting with Debug Diagnostics on IIS 6
Microsoft Windows NT Embedded 4.0

Microsoft Windows NT Embedded 4.0
Optimizing Device Drivers For Terminal Servers Plug And Play Device Redirection Framework Gaurav Daga Program Manager Windows Terminal Server Microsoft.

Optimizing Device Drivers For Terminal Servers Plug And Play Device Redirection Framework Gaurav Daga Program Manager Windows Terminal Server Microsoft.
 Vikram Singh Program Manager Microsoft Corporation PC19.

 Vikram Singh Program Manager Microsoft Corporation PC19.
© Microsoft Corporation1 Windows Kernel Internals Windows Service Processes David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.

© Microsoft Corporation1 Windows Kernel Internals Windows Service Processes David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei

© Neeraj Suri EU-NSF ICT March 2006 Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Zoltán Micskei
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
1.1 Installing Windows Server 2008 Windows Server 2008 Editions Windows Server 2008 Installation Requirements X64 Installation Considerations Preparing.

1.1 Installing Windows Server 2008 Windows Server 2008 Editions Windows Server 2008 Installation Requirements X64 Installation Considerations Preparing.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Chapter 1 and 2 Computer System and Operating System Overview

Chapter 1 and 2 Computer System and Operating System Overview
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 2: Managing Hardware Devices.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 2: Managing Hardware Devices.
Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.

Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Operating Systems.

Operating Systems.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Similar presentations

Ads by Google