1

Linux Operating System

許 富 皓

Functionality of a Stack

2

3

A Linux Process Layout and Stack Operations

kernel address space

Libraries

heap

BSS

data

code

high address

low address

stack

main()

{ :

G(1);

}

void G(int a)

{

:

H(3);

}

void H(int c)

{

:

}

env, argv, argc

EIP

main

G

H

4

Explanation of BOAs (1)

b

return address add_g

address of G’s

frame point

C[0]

H’s stack

frame

G(int a)

{

H(3);

add_g:

}

H( int b)

{ char c[100];

int i=0;

while((c[i++]=getch())!=EOF)

{

}

}

C[99]

Input String: abc

c

b

a

G’s stack frame

0xabc

0xaba0xabb

i

ebp

esp

Address Translation

5

6

Address Translation

inside a CPU

Segmentation Unit

Paging Unit

7

Intel 80386 Data Flow

Segmentation

8

9

Translation of a Logical Address

OffsetSelector

10

Segment Selector Format

11

CPU Privilege Levels

The cs register includes a 2-bit field that specifies the Current Privilege Level (CPL) of the CPU. The value 0 denotes the highest privilege level,

while the value 3 denotes the lowest one. Linux uses only levels 0 and 3, which are

respectively called Kernel Mode and User Mode.

12

Segment Descriptors

13

Contents of GDT for Processor n

Linux’s GDT Linux’s GDT

per-CPU init_tss

n-1

default_ldt

14

Task State Segment

In Linux, each processor has only one TSS.

The virtual address space corresponding to each TSS is a small subset of the liner address space corresponding to the kernel data segment.

15

Task State Segment All the TSSs are sequentially stored in the per-CPU init_tss

variablestruct tss_struct { unsigned short back_link,__blh; unsigned long esp0; unsigned short ss0,__ss0h; unsigned long esp1; unsigned short ss1,__ss1h; unsigned long esp2; unsigned short ss2,__ss2h; unsigned long __cr3, eip,eflags; unsigned long eax,ecx,edx,ebx; unsigned long esp, ebp, esi, edi; unsigned short es, __esh, cs, __csh, ss, __ssh, ds, __dsh; unsigned short fs, __fsh, gs, __gsh, ldt, __ldth; unsigned short trace, bitmap; unsigned long io_bitmap[IO_BITMAP_LONGS + 1]; unsigned long io_bitmap_max; struct thread_struct *io_bitmap_owner; unsigned long __cacheline_filler[35]; unsigned long stack[64]; };

A TSS

16

Task State Segment

The TSS descriptor for the nth CPU The Base field: point to the nth component of the

per-CPU init_tss variable. G flag: 0 Limit field: 0xeb (each TSS segment is 236 bytes) DPL: 0

Paging

17

18

Paging by 80x86 Processors

19

:

process 1

process 2

virtual address spacephysical memory

low address

high address

I/O Port

20

21

I/O Ports [text book]

Each device connected to the I/O bus has its own set of I/O addresses, which are usually called I/O ports.

In the IBM PC architecture, the I/O address space provides up to 65,536 8-bit I/O ports. Two consecutive 8-bit ports may be regarded as a

single 16-bit port, which must start on an even address. Similarly, two consecutive 16-bit ports may be

regarded as a single 32-bit port, which must start on an address that is a multiple of 4.

22

I/O Related Instructions [text book]

Four special assembly language instructions called in, ins, out, and outs allow the CPU to read from and write into an I/O port.

While executing one of these instructions, the CPU selects the required I/O port and transfers the data between a CPU register and the port.

23

I/O Shared Memory [text book]

I/O ports may also be mapped into addresses of the physical address space.

The processor is then able to communicate with an I/O device by issuing assembly language instructions that operate directly on memory (for instance, mov, and, or, and so on).

Modern hardware devices are more suited to mapped I/O, because it is faster and can be combined with DMA.

Physical Address Layout

24

25

Physical Addresses Used by Kernel

The Linux kernel is installed in RAM starting from the physical address 0x00100000 --- i.e., from the second megabyte.

Why? Answer:

When a PC computer is turned on, before Linux is loaded into memory and takes the control of the system,

the hardware test hardware investigation OS booting and some hardware initialization work

are performed by BIOS at real mode, which has special memory requirements at fixed memory addresses.

26

The First Megabyte of RAM Is Not Available for Linux Kernel

To avoid loading the kernel into groups of noncontiguous page frames, Linux prefers to skip the first megabyte of RAM.

However, page frames not reserved by the PC architecture will be used by Linux to store dynamically assigned pages.

27

The First 768 Page Frames (3 MB) in Linux 2.6

The symbol _text, which corresponds to physical address 0x00100000, denotes the address of the first byte of kernel code.

The end of the kernel code is similarly identified by the symbol _etext. Kernel data is divided into two groups: initialized and uninitialized.

The initialized data starts right after _etext and ends at _edata. The uninitialized data follows and ends up at _end.

P.S.: The symbols appearing in the figure are not defined in Linux source code; they

are produced while compiling the kernel. You can find the linear address of these symbols in the file system.map,

which is created right after the kernel is compiled.

0x000a0000 640 K 0x000fffff 1M

0xC0000000 Virtual Address

Physical Address

28

Address Spaces for Different Modes Linear addresses from 0x00000000 to 0xbfffffff

can be addressed when the process is in either User or kernel Mode.

Linear addresses from 0xc0000000 to 0xffffffff can be addressed only when the process is in kernel mode.

Macro # define PAGE_OFFSET 0xc0000000

Signal

29

30

Signals

Linux uses signals to notify processes system events.

Each event has its own signal number, which is usually referred to by a symbolic constant such as SIGTERM.

31

Signal Notification Asynchronous notifications

For instance, a user can send the interrupt signal SIGINT to a foreground process by pressing the interrupt keycode (usually Ctrl-C) at the terminal.

Synchronous notificationsFor instance, the kernel sends the signal SIGSEGV to a process when it accesses a memory location at an invalid address.

32

Processes’ Responses to Signals

Ignore. Asynchronously execute a signal

handler.Signal SIGKILL and SIGSTOP can not

be directly handled by a process or ignored.

33

Kernel Default Actions to Signals When a process doesn’t define its

response to a signal, then kernel will utilize the default action of the signal to handle it.

Each signal has its own kernel default action.

34

Kernel Default Actions to Signals Terminate the process. Core dump and terminate the process Ignore Suspend Resume, if it was stopped.