Thursday, March 21, 2019

pagetable adventures in linux x86_64

i'm teaching CS 149 (Operating Systems) this semester. it is one of my favorite classes! we are currently covering virtual memory and page tables. i'm using the operating systems: three easy pieces book which covers the topic well; however, after my lecture on it, i felt that the students needed a way to see the page tables in action; i wanted to let them look at the page tables of a process in real time. it would allow them to see the data structures involved, walk through the resolution, and get the final mapping. turns out, doing it was a bit harder than i anticipated.

accessing the top level page table

we are using x86_64 linux which has a 4 level page table. philipp oppermann has an amazing explanation of x86_64 page tables. i highly recommend checking it out!

the first step to accessing the top level page table is reading the CR3 CPU register. unfortunately, reading CR3 is a privileged operation. fortunately, allan cruse from the university of san francisco wrote a kernel module for exposing CR3 through /proc/cr3. it needed a bit of adapting to make it work with x86_64 and the new /proc interface, but i got it implemented: https://github.com/breed/virt2phys/blob/master/kernel-module/cr3.c.

with the information from CR3 we can get the address in physical memory of the top page table for the current process. the top page table is 4K in size and contains 512 entries of addresses to the next level page tables. our next task is reading these tables from physical memory.

give me a physical page!


in the good old days, there was this intriguing file in /dev called /dev/mem. when i first started using linux and before i completely understood virtual memory, that file remained a half understood mystery. i did learn that you could sometimes recover emails and editing sessions that you prematurely canceled by grepping it, but i never actually had a need to use it in a program.

it turns out /dev/mem isn't mysterious at all! it allows you to access physical memory as if it was a file. (technically it is a character device, but UNIX allows character devices to be interacted with as if they were files :) ) you simply open() /dev/mem, lseek() to the offset in the physical memory that you want to access, and then access the physical memory with read() or write().

/dev/mem is perfect for what we need to do! tragically, /dev/mem has effectively been disabled in recent kernels. it is a huge security hole! you can recompile the kernel to enable it, but i didn't want to require students to do that to examine page tables.

so i went the more difficult route of expanding the kernel module to also expose /proc/page_reader. this file allows you to lseek() to the physical page you want to read and then read its contents.

putting it all together


now that we have access to CR3 and physical pages, we can chop up the virtual address into its 5 components: the 4 9-bit indexes into the 4 levels of page tables and the 12-bit offset into the 4K page.

here is an example run of the pagetable program in https://github.com/breed/virt2phys/blob/master/pagetables.c. (we run it with sudo and we insmod the cr3.ko module before we run it.)

CR3 is 6F1D0006
data(): addr 000015010D00D000 -> 02A 004 068 00D 000
Need to resolved entry 02A in 000000006F1D0000
PAGE TABLE for 000000006F1D0000 (non zero entries):
  02A 8000000078173067
  0AB 800000007915a067
  0FE 800000006f228067
  0FF 800000006f7b0067
  136 0000000075f60067
  170 000000007d144067
  1B0 00000000702e2067
  1F6 000000007f73d067
  1FC 000000007ff3a067
  1FE 0000000075d1c067
  1FF 000000007580e067
Got PTE 8000000078173067
Need to resolved entry 004 in 0000000078173000
PAGE TABLE for 0000000078173000 (non zero entries):
  004 000000006f6ff067
Got PTE 000000006F6FF067
Need to resolved entry 068 in 000000006F6FF000
PAGE TABLE for 000000006F6FF000 (non zero entries):
  068 0000000076762067
Got PTE 0000000076762067
Need to resolved entry 00D in 0000000076762000
PAGE TABLE for 0000000076762000 (non zero entries):
  00D 80000000479ec867
Got PTE 80000000479EC867
data(): virt 000015010D00D000 -> phys 00000000479EC000
------------------
here we see the address 0x15010d00d000 breaks up into 4 9-bit indexes 0x2a, 0x4, 0x68, and 0xd. CR3 is pointing at 6f1d0000 (the low 12-bits are used for flags), so our top level page table is stored in the physical address 6f1d0000. we grab the 4K of data stored at 6f1d0000. now we need to find the 0x2ath (0 based) page table entry in that 4K of data. each page table entry is a 64-bit integer, so we can cast the page table data to a int64_t *pte and then look at pte[0x2a] which is 8000000078173067.

the top bit of 8000000078173067 (8) is the NX bit; it means that we are mapping memory that does not contain executable code. (there is that security again!) the the page table entry's bottom 12-bits are flags, so we need to mask those off to get the physical address, which is 78173000, for the 2nd level page table. we are going to do this page retrieval and indexed look up three more times until we finally get the physical address of the page that holds the data. we then use the 12-bit offset, which is 0, in this case, to get the offset into that page to find the exact bytes that we are looking for.

conclusion

virtual memory and page table resolution is a fascinating bit of black magic that makes our life as a programmer pretty awesome! peeking behind the curtains can help you understand what is really happening when you run your code. in the next post i'll delve deep into the real magic involving COWs and demand paging.

Monday, January 7, 2019

Samsung S9 ruined by Samsung customer care

tl;dr I got my S9. Loved it. It broke. Samsung couldn't fix it. Left me without a phone for over 2 months before offering to exchange it. Hopeful ending.

The S9 is a marvel


I was leaving Facebook and for the first time in a long time I needed to buy my own phone. I narrowed the choice down to a Pixel 3 or Samsung S9. I had owned the original Pixel and really liked it. I had previously owned an S6 Edge, and while the curved edge looked cool. I found the experience with the curved edge to be subpar.

In the end the choice was pretty easy:

  1. I wanted Samsung pay. The ability to work with swipe readers is pretty cool!
  2. The S9 had a bigger battery.
  3. It has a microSD card slot!
  4. I respected Samsung as a company. I had worked with their QA and I knew that they made sure their products were going to work well.
On July 12, 2018 I received my new S9. It was a beautiful phone. I loved the design of the phone and the software. (I did turn off Bixby...) I always ended up holding it gently in my palm like a beautiful piece of art.

I am a klutz


Three days later my phone was cracked. Not to point fingers, but my gentle holding combined with vigorous gesturing by my amazing wife resulted in the phone flying through the air and hitting the ground. It was the first and last time it hit the ground.

The phone continued to work fine apart from the ugly crack. We were traveling, so there wasn't anything to do until we got home a week later.

ubreakifix to the rescue


Fortunately, my Costco Citicard had buyer protection, and after traveling I was able to get the screen fixed at the Samsung authorized shop, ubreakifix. They did a great job and the phone was as good as new.

Something was not right


I used the phone a lot! I bought a case to prevent further injury since my phone is such an essential part of my life. We don't have a home phone, and my work number is forwarded to my cell phone.

Occasionally I would notice that my phone had rebooted. I thought perhaps it was an automatic software update, but soon it started happening multiple times a day. Finally, it became unusable: every time the phone went to sleep it would power itself off.

Early experience with Samsung customer care

I contacted customer care near the end of October. They suggested that I do more and more destructive data resets of the phone. Clearly they believed that an app was doing it. Sadly, I agree it is possible on Android, although even if the OS doesn't prevent an app from taking down a phone, it should at least detect it. I don't know if Samsung's tweak of Android can do such detection, but customer care was clearly shooting in the dark.

I found that doing a factory reset would make the phone work long enough to believe that the problem was resolved, but after a day of use the problem would come back. So, on October 25th I sent it in. I had to mail it to the service repair center in Texas, which was a huge pain since this is my only phone. I asked for a loaner or exchange or something, but they said I didn't qualify. So off it went. I was sad, but hoping to get a working phone back.

The first repair


I was informed on October 30th that they started working on the phone. On the 31st I was informed they my repaired phone was coming back to me. The root cause: "No problem found". I knew that was impossible. I guessed (correctly it turns out) that since I had to do a factory reset on the phone before I sent it in that  they ran through standard diagnostics, and when everything passed, they sent the phone back.

I went online an begged them not to send the phone back and instead look deeper. Here are some key excerpts from the chat session (User is me):

AGENT_NAME (Samsung Agent)(10-31-2018 01:37:04 AM)
I see that your phone repair has been completed and an UPS label is created. The scheduled delivery date will be updated once it is picked up by the UPS team.
AGENT_NAME (Samsung Agent)(10-31-2018 01:37:14 AM)
Here is the return tracking number: UPSTRACKING.
User (10-31-2018 01:37:40 AM)
please DO NOT SEND THE PHONE BACK!!!! IT DOES NOT WORK! giving me a USB cable will not fix the problem.
User (10-31-2018 01:38:16 AM)
if it is too late to stop the shipment can you please send another box for me to send the phone back to you? i cant use a phone that is continually powering itself off.
AGENT_NAME (Samsung Agent)(10-31-2018 01:38:59 AM)
I see that your phone software is updated and passed all the functional testing at our service center.
AGENT_NAME (Samsung Agent)(10-31-2018 01:39:14 AM)
Rest assured, the device would meet your expectations once you received it.
User (10-31-2018 01:40:09 AM)
the phone software was already uptodate. if it still powers off, what do i do?
AGENT_NAME (Samsung Agent)(10-31-2018 01:40:15 AM)
Our technicians has examined and performed functional testing for the long period of time and it is certified to be fully functional by our experts and it will work as good as a new one.
User (10-31-2018 01:40:21 AM)
according to the tech it is marked as no problem found.
User (10-31-2018 01:41:16 AM)
so if the phone is still experiencing the problem, what do i do?
AGENT_NAME (Samsung Agent)(10-31-2018 01:41:25 AM)
As per the ticket status, they did every testing on your phone and updated the phone software again to make sure it is working fine.

...

 

User (10-31-2018 01:44:07 AM)
i guess there is no other option that wait to escalate. so when it starts powering off again, should i take a video and then get back on this chat with the ticket number?
AGENT_NAME (Samsung Agent)(10-31-2018 01:44:35 AM)
I understand how crucial to have the phone with you. I can assure you that the device you would receive is fully functional and you'd be able to use your device as you were able to before.
AGENT_NAME (Samsung Agent)(10-31-2018 01:45:30 AM)
Yes, you wouldn't have to start over if you come back to us with the chat id again.
User (10-31-2018 01:45:30 AM)
i'm sure i will be. it's just the continual powering off is really impossible. i miss so many calls and alarms.
AGENT_NAME (Samsung Agent)(10-31-2018 01:46:05 AM)
You will not experience any powering off issues again.
AGENT_NAME (Samsung Agent)(10-31-2018 01:46:15 AM)
Rest assured!

...

 

Clearly the agent had full faith in the repair center. The "Rest assured!" phrase has come to echo in my mind as I continued my decent into the hell that is Samsung customer service over the next couple of weeks.

Escalation


Needless to say the problem wasn't fixed. I held out some hope, but by the 2nd day after I got the phone back it was again powering itself off. I contacted customer support again and sure enough I got "escalated". That sounds like a good thing, but what actually happens is that I needed to call back multiple times (they need 2-3 business days to evaluate your request) and wait on the phone a LONG time just to find out that I need to send the phone back into repair. By now my phone hasn't worked for almost 3 weeks! Fortunately, when I was told to send the phone back again the service agent happened to mention that I could have walked the phone into ubreakifix to get it repaired. (Why wasn't I told that in the first place?!? I had explained how much I needed the phone for my day-to-day work.)

ubreakifix again


I made another trip to ubreakifix. The phone would power itself off all the time, so it was easy for them to see what was going on. They said that there must be something fundamentally wrong with the phone, but they thought that perhaps the battery replacement that was done when the screen was replaced might be causing the problem. (Evidently Samsung wants them to replace the battery every time the screen is changed, even if the phone is just a couple of weeks old...) They replaced the battery, and it looked like the problem was fixed. They kept it a couple of days just to make sure, and tragically, the problem started happening for them again. They told me that I would have to send it to Samsung repair.

Second trip to Samsung repair


I was skeptical that Samsung repair was going to do anything if I sent it in again, so I spent a few hours on a weekend to get a repro of the problem. I figured out that just by setting up Samsung Pay with fingerprints would cause the problem to happen. I called customer service so that I could make sure that repair saw the problem instead of resetting the phone. I even made a video:


They told me the repair center would reset the phone because they refuse to accept passwords for screen locks. I tried to explain that resetting the phone would make the problem go away for a few hours and they probably would send the phone back to me with no problem found again. Evidently, that wasn't enough to convince them to disregard the no screen lock password rule.

So I spent another couple of hours to create a repro without a screen lock. I made sure that customer care noted the steps in the ticket and I included detailed written instructions to repro the problem with the S9 when I sent it back.

After a week the phone was back. This time they had actually replaced some connector components. I pulled the phone out of the box and went through the repro I sent them. Here is a video of that:

Obviously, the problem was not only not fixed, but they didn't even try to repro the problem! When I called customer support, I complained that they didn't even verify the problem was fixed. They told me that the repair center had a policy of throwing away any extra instructions that arrive with the phone.

Third trip to Samsung repair

By now it is almost 2 months without a working phone. Again my issue was escalated, and again I was told to send the phone in. I literally begged them to do an exchange, but they said I did not qualify. I pointed out that I live in California and we have lemon laws here, but again I was told that only two trips to Samsung repair doesn't qualify for an exchange (the ubreakifix trip didn't count).

I sent it in again.

Pixel 3


This whole time I had been using my wife's old iPhone 6. It's an okay phone, but I wasn't used to the interface; it didn't work with android auto in my car; it didn't have all the apps I wanted; and it was a bit clunky. It was clear that the phone wasn't going to be fixed, so I bought a Pixel 3. I love it!

Still broken


For the third repair, they replaced the motherboard. By the time I got it back, I had been happily using my Pixel 3 for a week. Even then, there was something inside of me hoping that the phone would work. It didn't. Here is the unbox video:

 All they had to do was to try to setup Samsung Pay with fingerprints.

Request for refund


I called support again. This time I asked for a refund. I pointed out that I had gone over 2 months without a working phone, so I had purchased a replacement in the meantime. They said that they would put in a request to the escalation group that handles refunds and exchanges, but refunds are rare. (A representative on a later call to support said they never do refunds.) After waiting the requisite 5 business days I called back. I was transferred to the escalation group who told me that the request had been put in as an exchange, so they could only decided if I deserved an exchange or if I could send the phone back in for repair again. They would not do a refund. I had to wait 2 business days for a decision. Amazingly, I got a response on the 2nd day!

We've successfully received a request [4149092620] for the exchange of your current model SM-G960UZKAXAA, 354267096707101.

Please return the above referenced product to our facility using the UPS return label that will be sent to you via e-mail. Once your product is received at our facility, evaluated, and it is confirmed that the unit is in a warrantable condition with no physical damage your replacement un it will be shipped. An e-mail containing the exchange information and tracking number of the shipment will be sent to you at that time.
This is the answer I was looking for about a month ago! However, I now have a new phone. I don't need an exchange; I need a refund.

Help from twitter


I did appeal to Samsung support via twitter. I suspect the motherboard replacement on the 3rd trip in was due to their insistence. They did also offer to refund me $552.49 if I sent the phone back to them. I had received $200 off because I sent an iPhone in when I bought the S9. I pointed out that I felt that I needed $752.49 since I had to pay full price for the Pixel 3. I no longer had a phone I could do an exchange with. I also said I would accept $552.49 and the phone I sent in as a refund. They would not agree to either deal.

The calls

Here is a partial record of calls I made. I only included the longer calls. There were many other short calls. I also don't have the records of the initial calls since they were not made on my phone. (They want you to call from another phone so that they can ask you to reset/reboot your S9.)

10/24/2018 9:15 AM 4
10/25/2018 8:10 AM 17
11/03/2018 3:54 PM 63
11/04/2018 1:27 PM 37
11/16/18 9:14 AM 8
11/19/18 7:51 AM 9
11/26/18 5:25 PM 13
11/27/18 7:46 PM 6
11/27/18 9:35 AM 34
11/28/2018 08:06 AM 149
11/29/2018 02:28 PM 6
12/04/2018 06:35 PM 23
12/05/2018 05:13 PM 8
12/12/2018 7:20 AM 13
12/19/2018 1:27 PM 38
01/03/2019 09:48 AM 20

This is about 7.5 hours on the phone just to tell them over and over "My phone powers itself off. It wasn't fixed. Please send me a new one."

Conclusion


There is something very wrong with Samsung customer service!

  • They consider the need to send a phone to repair 3 times to not be an exceptional situation worthy of an exchange.
  • They don't repro problems in repair! I'm pretty sure the problem lies with the finger print reader, but Samsung repair seemed content the flail and let me do the testing.
  • I bought the phone directly from Samsung, yet every time I sent the phone in, and many times that I interacted with support, I had to send PDF of the receipt!?!
  • They spoke of the possibility of a refund many times, but it appears from my experience and comments from support, that they don't do refunds.
My Apple fan friends have made fun of me like crazy! They keep pointing out that if it was Apple, I could have walked into an Apple store and walked out with a working iPhone. It's true.

Samsung has a much better phone, but with customer service like what I experienced, it's clear why Apple is the better brand.

Samsung, please be the amazing company you could be! Fix your customer service.

If anyone else has any ideas for getting a refund, I'm all ears!


** UPDATE 1 **


This morning, 1/8/2019, I received an email saying I would get a refund! I called to get the amount that they would be refunding me and was told $552.49. I explained that I sent an iPhone in as an exchange, and I would either like that iPhone back or be refunded $752.49. The exchange person, Edgar, agree to $752.49! (Yay!) I requested an email confirming the amount, and he said it would send it 5 minutes after hanging up. I never received the email. (That call lasted 20 mins.)

Two hours later I called to find out what happened. The support person repeatedly said that they don't agree to the refund amount until they get the phone. I pointed out that Edgar had given me an amount and I was just trying to get the email confirmation he promised. She called exchange since I was "upset". (I'm not sure why requesting support to comply with their promises is being upset...) And after a long wait she said that the email was already sent. When I asked when, she said that it would arrive in 5 mins. I requested she wait to make sure. The email did arrive:

Hi , I did see were you were offered a refund ! Yes it looks like you once you send in your device your refund will be issued !

When I pointed out that the refund amount was not in the email, she reiterated that they will not know the amount of the refund until I sent the device in.

She said someone would call me this evening. I pointed out that I really just need a refund amount in writing, but she said that that would only happen after the call and that I should just wait by the phone.

I have a feeling support doesn't realize that our lives don't revolve around them. I don't understand why I have to do everything by phone anyway. That adds another 32 minutes of phone calls for today, bringing the total to 52 mins.

** UPDATE 2 **


Hey, it's all resolved! I was able to get a confirmed refund, and I even talked with the Vice President of Customer Care about my experience. I'm super happy this is on Samsung's radar. I have hope that my next customer service experience will be better. (I recently installed a SmartThings hub and some sensors. I was trying to avoid Samsung due to this experience, but it looks like the best solution out there... So now I'm even more deeply invested in Samsung.)