Upload
liana-pennywell
View
279
Download
10
Embed Size (px)
Citation preview
计算机系•信息处理实验室
Lecture 3 System Mechanisms (1)
xlanchen@03/11/2005
xlanchen@03/11/2005 Understanding the Inside of Windows2000
2计算机系信息处理实验室
Contents
Trap dispatching
The executive object manager
Synchronization
System worker threads
Local procedure calls (LPCs)
xlanchen@03/11/2005 Understanding the Inside of Windows2000
3计算机系信息处理实验室
Trap dispatching Interrupt & exception
Divert the processor to code outside the normal flow of control
Trap: A processor's mechanism for
1.Capturing an executing thread when an exception or an interrupt occurs
2.Transferring control to a fixed location in the operating system
xlanchen@03/11/2005 Understanding the Inside of Windows2000
4计算机系信息处理实验室
Trap handler
a function specific to a particular interrupt or exception
xlanchen@03/11/2005 Understanding the Inside of Windows2000
5计算机系信息处理实验室
Interrupts vs. exceptions
Either hardware or software can generate exceptions and interrupts
Interrupt An asynchronous event that is unrelated to what the processor is executing
can occur at any time
I/O devices, processor clocks, …
can be enabled (turned on) or disabled (turned off)
xlanchen@03/11/2005 Understanding the Inside of Windows2000
6计算机系信息处理实验室
Interrupts vs. exceptions
ExceptionA synchronous condition that results from the execution of a particular instruction
Can be reproduced
Memory access violations, certain debugger instructions, divide-by-zero errors,…
Additionally: System service calls
xlanchen@03/11/2005 Understanding the Inside of Windows2000
7计算机系信息处理实验室
Stop and continue, how?
Trap frame
Created by the processor on the kernel stack of the interrupted thread
Used to store the execution state of the thread
Usually a subset of a thread's complete context
xlanchen@03/11/2005 Understanding the Inside of Windows2000
8计算机系信息处理实验室
Trap dispatching
Front-end trap handling functions
Perform general trap handling tasks before and after transferring control to other functions that field the trap
Example:
The kernel hardware interrupt trap handler
The general system service trap handler
Unexpected trap handler (KeBugCheckEx)
xlanchen@03/11/2005 Understanding the Inside of Windows2000
9计算机系信息处理实验室
Trap dispatching
Interrupt dispatching
Exception dispatching
System service call dispatching
xlanchen@03/11/2005 Understanding the Inside of Windows2000
10计算机系信息处理实验室
Interrupt Dispatching
I/O control methods?
Polling, interrupt, DMA
Interrupt-driven device
Allow the operating system to get the maximum use out of the processor by overlapping central processing with I/O operations
Example: pointing devices, printers, keyboards, disk drives, and network cards
xlanchen@03/11/2005 Understanding the Inside of Windows2000
11计算机系信息处理实验室
Interrupt time line for a single process doing output
Transferring
Transfer done I/O request
User process
executing
I/O interrupt
processing
CPU
I/O
device
idle
I/O request Transfer done
xlanchen@03/11/2005 Understanding the Inside of Windows2000
12计算机系信息处理实验室
Interrupt dispatching
Interrupt trap handlers
For device interrupt
--|----> External routine, ISR | (Provided by device drivers) | |---> Internal kernel routine (Provided by kernel)
xlanchen@03/11/2005 Understanding the Inside of Windows2000
13计算机系信息处理实验室
Hardware Interrupt Processing
On x86 systems
IRQinterrupt request interrupt number
IDTinterrupt dispatch table
filled at system boot time
OS8259M
8259S
device
CPU
xlanchen@03/11/2005 Understanding the Inside of Windows2000
14计算机系信息处理实验室
EXPERIMENT
Viewing the IDT
xlanchen@03/11/2005 Understanding the Inside of Windows2000
15计算机系信息处理实验室
Hardware Interrupt Processing
PIC: Programmable Interrupt Controller
i8259A for uniprocessor systems (IBM PC)
<=15
APIC: Advanced Programmable Interrupt Controller
i82489 for multiprocessor systems
Most new computers
<=256
xlanchen@03/11/2005 Understanding the Inside of Windows2000
16计算机系信息处理实验室
EXPERIMENT
Viewing the PIC
xlanchen@03/11/2005 Understanding the Inside of Windows2000
17计算机系信息处理实验室
IRQL (Interrupt request levels)
Windows 2000 own interrupt priority scheme
Interrupt numbers IRQL
Using IRQL
Raise & lower
xlanchen@03/11/2005 Understanding the Inside of Windows2000
18计算机系信息处理实验室
EXPERIMENT
Viewing the IRQL
xlanchen@03/11/2005 Understanding the Inside of Windows2000
19计算机系信息处理实验室
Lazy IRQL: a performance optimization
Accessing a PIC is relatively slow
Lazy IRQL
The changing of the interrupt mask is delayed until a lower-priority interrupt occurs
the lower-priority interrupt is postponed until the IRQL is lowered
xlanchen@03/11/2005 Understanding the Inside of Windows2000
20计算机系信息处理实验室
Mapping interrupts to IRQLs
HAL function
HalpGetSystemInterruptVector
On a uniprocessor system
IRQL for Device = 27- interrupt vector
xlanchen@03/11/2005 Understanding the Inside of Windows2000
21计算机系信息处理实验室
Important restriction
Can't wait on an object at DPC/dispatch level or above
Only nonpaged memory can be accessed at IRQL DPC/dispatch level or higher
If violated, the system crashes with an IRQL_NOT_LESS_OR_EQUAL crash code.
xlanchen@03/11/2005 Understanding the Inside of Windows2000
22计算机系信息处理实验室
Interrupt objects
Contains the information about a device ISR, including
the address of the ISR,
the IRQL,
the entry in the kernel's IDT
xlanchen@03/11/2005 Understanding the Inside of Windows2000
23计算机系信息处理实验室
Software interrupts
Including:
Initiating thread dispatching
Non-time-critical interrupt processing
Handling timer expiration
Asynchronously executing a procedure in the context of a particular thread
Supporting asynchronous I/O operations
xlanchen@03/11/2005 Understanding the Inside of Windows2000
24计算机系信息处理实验室
DPCInterrupt routines should exit asap and some knl activity easier when current code has unwound
NT uses DPC to schedule non-immediate code, e.g.I/O drivers queue DPCs to complete I/O
Knl uses DPC to handle timer expiration
Knl uses DPC to reschedule when thread quantum expires
Adding DPC to DPC queue causes dispatch/DPC interrupt
Dispatch/DPC has low IRQL – deferred if IRQL higher
Limits soft real-time capability of NT
xlanchen@03/11/2005 Understanding the Inside of Windows2000
25计算机系信息处理实验室
Delivering a DPC
xlanchen@03/11/2005 Understanding the Inside of Windows2000
26计算机系信息处理实验室
EXPERIMENT
Monitoring Interrupt and DPC Activity
xlanchen@03/11/2005 Understanding the Inside of Windows2000
27计算机系信息处理实验室
APC (Asynchronous procedure call) interrupts
a way for user programs and system code to execute in the context of a particular user thread
run at an IRQL less than 2
An APC routine can acquire resources (objects), wait on object handles, incur page faults, and call system services
xlanchen@03/11/2005 Understanding the Inside of Windows2000
28计算机系信息处理实验室
Kernel mode vs. user mode
Thread
Kernel mode
User mode
Kernel mode APC
Executive & device driver
User mode APC
Win32 APIs: ReadFileEx, WriteFileEx, and QueueUserAPC
xlanchen@03/11/2005 Understanding the Inside of Windows2000
29计算机系信息处理实验室
Exception Dispatching
Structured exception handling
allows applications to gain control when exceptions occur
The application can fix the condition and return, or declare back to the system that the exception isn't recognized
The system should continue searching for an exception handler that might process the exception.
xlanchen@03/11/2005 Understanding the Inside of Windows2000
30计算机系信息处理实验室
X86Interrupt Number Exception
0 Divide Error
1 DEBUG TRAP
2 NMI/NPX Error
3 Breakpoint
4 Overflow
5 BOUND/Print Screen
6 Invalid Opcode
7 Opcode7NPX Not Available
8 Double Exception
9 NPX Segment Overrun
A Invalid Task State Segment (TSS)
B Segment Not Present
C Stack Fault
D DGeneral Protection
E EPage Fault
F Intel Reserved
10 Floating Point
11 Alignment Check
xlanchen@03/11/2005 Understanding the Inside of Windows2000
31计算机系信息处理实验室
Exception dispatcher
To find an exception handler that can "dispose of" the exception
Some exceptions transparently are handled by kernel
A few exceptions are allowed to filter back, untouched, to user mode
kernel-mode exceptions
If unhandled, are considered fatal operating system errors
xlanchen@03/11/2005 Understanding the Inside of Windows2000
32计算机系信息处理实验室
Dispatching an exception
xlanchen@03/11/2005 Understanding the Inside of Windows2000
33计算机系信息处理实验室
EXPERIMENT
Viewing the Real User Start Address for Win32 Threads
xlanchen@03/11/2005 Understanding the Inside of Windows2000
34计算机系信息处理实验室
EXPERIMENT Unhandled Exceptions
xlanchen@03/11/2005 Understanding the Inside of Windows2000
35计算机系信息处理实验室
System Service Dispatching
On X86
int 0x2e
NtWriteFile:
mov eax,0x0E;mov ebx,esp; int 0x2E;ret 0x2C;
xlanchen@03/11/2005 Understanding the Inside of Windows2000
36计算机系信息处理实验室
System service exceptions
xlanchen@03/11/2005 Understanding the Inside of Windows2000
37计算机系信息处理实验室
System service number to system service translation
xlanchen@03/11/2005 Understanding the Inside of Windows2000
38计算机系信息处理实验室
System service dispatching
xlanchen@03/11/2005 Understanding the Inside of Windows2000
39计算机系信息处理实验室
EXPERIMENT
Viewing System Service Activity