Download [handout

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts
no text concepts found
Transcript 
Process Management
Context Switch
Summary
Process Management
Context Switch
Summary
Context Switch
Summary
Outline
CS 6V81-05: System Security and Malicious Code Analysis
Kernel Process Management
Zhiqiang Lin
1
Process Management
2
Context Switch
3
Summary
Department of Computer Science
University of Texas at Dallas
February 22nd , 2012
Outline
1
Process Management
2
Context Switch
3
Summary
Process Management
Process Management
Context Switch
Summary
Process Management
Process Management
Context Switch
Summary
Process Creation
A process is a program in execution
A process contains
Address space (e.g. read-only code, global data, heap,
stack, etc)
PC, $sp
Opened file handles
Parent process creates children processes, which, in turn
creates other processes, forming a tree of processes
Resource sharing
Parent and children share all resources
Children share subset of parent’s resources
Parent and child share no resources
A process needs certain resources, including CPU time,
memory, files, and I/O devices
The OS is responsible for the following activities for
process management
Execution
Parent and children execute concurrently
Parent waits until children terminate
Process creation and deletion
Process suspension and resumption
Provision of mechanisms for:
process synchronization
process communication
Process Management
Context Switch
Processes Tree on a UNIX System
Summary
Process Management
Context Switch
Process Creation (Cont.)
Address space
Child duplicate of parent
Child has a program loaded into it
UNIX examples
fork system call creates new process
exec system call used after a fork to replace the process’
memory space with a new program
Summary
Process Management
Context Switch
Summary
C Program Forking Separate Process
Context Switch
Context Switch
Summary
Process Termination
Process executes last statement and asks the operating
system to decide it (exit)
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int pid;
/* fork another process */
pid = fork();
if (pid < 0) { /* error occurred */
fprintf(stderr, "Fork Failed");
exit(-1);
}
else if (pid == 0) { /* child process */
execlp("/bin/ls","ls",NULL);
}
else { /* parent process */
/* parent will wait for the child to complete */
wait(NULL);
printf("Child Complete");
exit(0);
}
}
Process Management
Process Management
Output data from child to parent (via wait)
Process’ resources are deallocated by operating system
Parent may terminate execution of children processes
(abort)
Child has exceeded allocated resources
Task assigned to child is no longer required
If parent is exiting
Some operating system do not allow child to continue if its
parent terminates
–All children terminated - cascading termination
Summary
Process State
As a process executes, it changes state
new: The process is being created
ready: The process is waiting to be assigned to a process
running: Instructions are being executed
waiting: The process is waiting for some event (e.g. I/O) to
occur
terminated: The process has finished execution
Process Management
Diagram of Process State
Context Switch
Summary
Process Management
Context Switch
Summary
Process Control Block (PCB)
Process Management
Context Switch
Summary
task_struct
Every process under Linux is dynamically allocated a
task_struct, which contains all relevant information about a
process.
General
Information associated with each process
Process state
Program counter
CPU registers (for context switch)
CPU scheduling information (e.g. priority)
Memory-management information (e.g. page table,
segment table)
Accounting information (PID, user time, constraint)
I/O status information (list of I/O devices allocated, list of
open files etc.)
Process State, PID, Program name
Parent, youngest child, next sibling, previous sibling
Process Times (start_time, utime, stime, cutime, cstime)
Scheduling algorithm, priority, nice value, errno
Owner: UID, EUID, SUID, FSUID, GID, EGID, SGID, FSGID
Files
files: Information on all files opened by the process.
fs_struct: corresponding file system information
Memory (mm_struct): Information about the memory
(vma_struct, pgd) used by a process.
IPC / Synchronization
Pointers to acquired Semaphores
Bitmask of received Signals and associated Signal handlers
Process Management
Context Switch
The Linux process descriptor
Summary
...
Process Management
Context Switch
task_struct
struct task_struct {
[0] volatile long int state;
[4] struct thread_info *thread_info;
[8] atomic_t usage;
[12] long unsigned int flags;
[16] long unsigned int ptrace;
[20] int lock_depth;
[24] int load_weight;
[28] int prio;
[32] int static_prio;
[36] int normal_prio;
[40] struct list_head run_list;
[48] struct prio_array *array;
[52] short unsigned int ioprio;
[56] unsigned int btrace_seq;
[60] long unsigned int sleep_avg;
[64] long long unsigned int timestamp;
[72] long long unsigned int last_ran;
[80] long long unsigned int sched_time;
[88] enum sleep_type sleep_type;
[92] long unsigned int policy;
Summary
Process Management
Context Switch
Summary
task_struct
Context Switch
Summary
task_struct
struct task_struct {
[196] struct task_struct *real_parent;
[200] struct task_struct *parent;
[204] struct list_head children;
[212] struct list_head sibling;
[220] struct task_struct *group_leader;
[224] struct pid_link pids[3];
[260] struct list_head thread_group;
[268] struct completion *vfork_done;
[272] int *set_child_tid;
[276] int *clear_child_tid;
[280] long unsigned int rt_priority;
[284] cputime_t utime;
[288] cputime_t stime;
[292] long unsigned int nvcsw;
[296] long unsigned int nivcsw;
[300] struct timespec start_time;
[308] long unsigned int min_flt;
[312] long unsigned int maj_flt;
[316] cputime_t it_prof_expires;
[320] cputime_t it_virt_expires;
struct task_struct {
[96] cpumask_t cpus_allowed;
[100] unsigned int time_slice;
[104] unsigned int first_time_slice;
[108] struct sched_info sched_info;
[128] struct list_head tasks;
[136] struct list_head ptrace_children;
[144] struct list_head ptrace_list;
[152] struct mm_struct *mm;
[156] struct mm_struct *active_mm;
[160] struct linux_binfmt *binfmt;
[164] long int exit_state;
[168] int exit_code;
[172] int exit_signal;
[176] int pdeath_signal;
[180] long unsigned int personality;
[184] unsigned int did_exec : 1;
[188] pid_t pid;
[192] pid_t tgid;
Process Management
Process Management
Context Switch
task_struct
struct task_struct {
[324] long long unsigned int it_sched_expires;
[332] struct list_head cpu_timers[3];
[356] uid_t uid;
[360] uid_t euid;
[364] uid_t suid;
[368] uid_t fsuid;
[372] gid_t gid;
[376] gid_t egid;
[380] gid_t sgid;
[384] gid_t fsgid;
[388] struct group_info *group_info;
[392] kernel_cap_t cap_effective;
[396] kernel_cap_t cap_inheritable;
[400] kernel_cap_t cap_permitted;
[404] unsigned int keep_capabilities : 1;
[408] struct user_struct *user;
[412] struct key *request_key_auth;
[416] struct key *thread_keyring;
[420] unsigned char jit_keyring;
Summary
Process Management
Context Switch
task_struct
struct task_struct {
[424] int oomkilladj;
[428] char comm[16];
[444] int link_count;
[448] int total_link_count;
[452] struct sysv_sem sysvsem;
[464] struct thread_struct thread;
[1120] struct fs_struct *fs;
[1124] struct files_struct *files;
[1128] struct namespace *namespace;
[1132] struct signal_struct *signal;
[1136] struct sighand_struct *sighand;
[1140] sigset_t blocked;
[1148] sigset_t real_blocked;
[1156] sigset_t saved_sigmask;
[1164] struct sigpending pending;
[1180] long unsigned int sas_ss_sp;
[1184] size_t sas_ss_size;
[1188] int (*notifier)(void *);
[1192] void *notifier_data;
[1196] sigset_t *notifier_mask;
Summary
Process Management
Context Switch
Summary
task_struct
Context Switch
task_struct
struct task_struct {
[1200] void *security;
[1204] struct audit_context *audit_context;
[1208] seccomp_t seccomp;
[1208] u32 parent_exec_id;
[1212] u32 self_exec_id;
[1216] spinlock_t alloc_lock;
[1232] spinlock_t pi_lock;
[1248] struct plist_head pi_waiters;
[1264] struct rt_mutex_waiter *pi_blocked_on;
[1268] void *journal_info;
[1272] struct reclaim_state *reclaim_state;
[1276] struct backing_dev_info *backing_dev_info;
[1280] struct io_context *io_context;
[1284] long unsigned int ptrace_message;
[1288] siginfo_t *last_siginfo;
[1292] wait_queue_t *io_wait;
[1296] u64 rchar;
[1304] u64 wchar;
[1312] u64 syscr;
[1320] u64 syscw;
}
Process Management
Process Management
Context Switch
struct task_struct {
[1328] u64 acct_rss_mem1;
[1336] u64 acct_vm_mem1;
[1344] clock_t acct_stimexpd;
[1348] struct cpuset *cpuset;
[1352] nodemask_t mems_allowed;
[1356] int cpuset_mems_generation;
[1360] int cpuset_mem_spread_rotor;
[1364] struct robust_list_head *robust_list;
[1368] struct list_head pi_state_list;
[1376] struct futex_pi_state *pi_state_cache;
[1380] atomic_t fs_excl;
[1384] struct rcu_head rcu;
[1392] struct pipe_inode_info *splice_pipe;
[1396] struct task_delay_info *delays;
}
SIZE: 1408
Summary
Outline
thread_info
struct thread_info {
[0] struct task_struct *task;
[4] struct exec_domain *exec_domain;
[8] long unsigned int flags;
[12] long unsigned int status;
[16] __u32 cpu;
[20] int preempt_count;
[24] mm_segment_t addr_limit;
[28] void *sysenter_return;
[32] struct restart_block restart_block;
[52] long unsigned int previous_esp;
[56] __u8 supervisor_stack[0];
}
SIZE: 56
1
Process Management
2
Context Switch
3
Summary
Summary
Process Management
Context Switch
Summary
CPU Switch
Process Management
Context Switch
Summary
CPU Switch From Process to Process
Context switches are one of the key techniques to allow multiple
processes to share a single CPU. Basically, it is a procedure of
storing and restoring the context state (including CPU registers,
CR3, etc.) of a process (or a kernel thread) such that execution
can be resumed from the same point at a later time.
Process Management
Context Switch
Single and Multithreaded Processes
Summary
Process Management
Context Switch
Summary
When to happen a context switch
A context switch could happen in a variety of cases in
Linux/UNIX including:
1
(I) Arbitrary places, when an asynchronous interrupt
happens (could be timer) and the process has used its
CPU time slice (preempted)
2
(II) When a process voluntarily relinquishes their time in the
CPU (e.g., invoking sleep, waitpid or exit system call)
3
(III) When a system call is about to return
4
(IV) Other system call subroutine places (besides system
call return point), in which the kernel pro-actively checks
whether a context switch is needed
5
(V) In exception (e.g., page fault) handler
6
(VI) When a system call gets blocked
Process Management
Context Switch
Summary
When it happens a context switch (System Call)
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
c10b798b
c10b7885
c10c3dfb
c10c2fe1
c10c2c4b
c10c252c
c10c228a
c147bedc
c147b621
Process Management
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
Summary
When it happens a context switch (System Call)
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
c10bd884
c10bd244
c119a3bc
c147bedc
c147b621
c1025ce4
Context Switch
Summary
When it happens a context switch (System Call)
sys_open 1054 /fs/open.c
do_sys_open 1032 /fs/open.c
do_filp_open 1671 /fs/namei.c
do_path_lookup 1079 /fs/namei.c
path_walk 1019 /fs/namei.c
__link_path_walk 839 /fs/namei.c
do_follow_link 660 /fs/namei.c
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c
Context Switch
Process Management
sys_fstat64 381 /fs/stat.c
cp_new_stat64 322 /fs/stat.c
copy_to_user 853 /arch/x86/lib/usercopy_32.c
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c
switch_mm 35 /arch/x86/include/asm/mmu_context.h
c1005b52
c10a73ca
c10a6fcb
c10a667d
c10a5c3a
c147bedc
c147b621
c1025ce4
Process Management
sys_mmap2 30 /arch/x86/kernel/sys_i386_32.c
do_mmap_pgoff 912 /mm/mmap.c
mmap_region 1123 /mm/mmap.c
do_munmap 1893 /mm/mmap.c
remove_vma 230 /mm/mmap.c
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c
switch_mm 35 /arch/x86/include/asm/mmu_context.h
Context Switch
Summary
When it happens a context switch (Interrupt Service)
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
c147e875
c10a28c5
c10a1136
c108f4c3
c108efab
c147bedc
c147b621
c1025ce4
do_page_fault 947 /arch/x86/mm/fault.c
handle_mm_fault 2991 /mm/memory.c
__do_fault 2702 /mm/memory.c
filemap_fault 1499 /mm/filemap.c
lock_page 314 /include/linux/pagemap.h
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c push
switch_mm 35 /arch/x86/include/asm/mmu_context.h
Process Management
Context Switch
Summary
When it happens a context switch (Other places)
Process Management
Context Switch
Summary
Summary of Context Switch
sysenter/int 0x80
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
c1020d00
c10a6141
c147bedc
c147b621
c1025ce4
arch_setup_additional_pages 314 /arch/x86/vdso/vdso32-setup.c
install_special_mapping 2302 /mm/mmap.c
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c
switch_mm 35 /arch/x86/include/asm/mmu_context.h
Interrupt
Handler
...................
fb8f000
fb8f000
fb8f000
fb8f000
fb8f000
c1020d00
c10a6141
c147bedc
c147b621
c1025ce4
arch_setup_additional_pages 314 /arch/x86/vdso/vdso32-setup.c
install_special_mapping 2302 /mm/mmap.c
_cond_resched 6689 /kernel/sched.c
schedule 5413 /kernel/sched.c
switch_mm 35 /arch/x86/include/asm/mmu_context.h
Exception
Handler
Syscall Service
Routine
Context
Switch
sysexit/iretd
Process Management
Context Switch
Summary
System calls of getpid
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
execve("./getpid", ["./getpid"], [/* 38 vars */]) = 0
brk(0)
= 0x83b8000
access("/etc/ld.so.nohwcap", F_OK)
= -1 ENOENT
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, ..., -1, 0) = 0x4001d000
access("/etc/ld.so.preload", R_OK)
= -1 ENOENT
open("/etc/ld.so.cache", O_RDONLY)
= 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=50205, ...}) = 0
mmap2(NULL, 50205, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4001f000
close(3)
= 0
access("/etc/ld.so.nohwcap", F_OK)
= -1 ENOENT
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\340g\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1425800, ...}) = 0
mmap2(NULL, 1431152, PROT_READ|PROT_EXEC, ..., 3, 0) = 0x4002c000
mmap2(0x40184000, 12288, PROT_READ|PROT_WRITE, ..., 3, 0x158) = 0x40184000
mmap2(0x40187000, 9840, PROT_READ|PROT_WRITE, ..., -1, 0) = 0x40187000
close(3)
= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, ..., -1, 0) = 0x4018a000
set_thread_area({entry_number:-1 -> 6,...}) = 0
mprotect(0x40184000, 8192, PROT_READ)
= 0
mprotect(0x4001b000, 4096, PROT_READ)
= 0
munmap(0x4001f000, 50205)
= 0
getpid()
= 13849
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, ..., -1, 0) = 0x4001f000
write(1, "pid=13849\n", 10)
= 10
exit_group(0)
= ?
Process Management
Context Switch
Summary
Context switch Profile of getpid
Case-VI: Syscall Blocked
Case-V: Exception Handler
Case-IV: Other Places in Syscall
Case-III: Syscall Return
Case-II: Voluntarily Relinquishing
Case-I: Arbitrary Places
0
20
40
60
80
100
120
Outline
Process Management
Summary
1
Process Management
2
Context Switch
3
Summary
Context Switch
Summary
Related documents