20145216 Shi Yaoyao "Information Security System Design Basics" Study and summary in week 11th

20145216 Shi Yaoyao Information Security System Design Basics 11th weekly learning summary teaching material content summary chapter 8 abnormal Control Flow

• Smooth: indicates that commands in the memory are adjacent.
• Mutation: The occurrence of non-adjacent, usually caused by commands such as jump, call, and return. Abnormal control flow ECF: these mutations.

About ECF:

1. ECF is the basic mechanism used by the operating system to implement I/O, processes, and virtual memory 2. applications request services from the operating system by using an ECF form called a trap or system call. ECF is the basic mechanism for implementing concurrency in computer systems. 4. software exception mechanism-C ++ and Java include try, catch, and throw. The non-local jump in C is setjmp and longjmp.

Section 1 exception

An exception is a form of abnormal control flow, which is implemented by hardware and the operating system. In short, it is a sudden change in the control flow.

Event: status change, which may be directly related to or unrelated to the execution of the current command.

Exception Handling Method:

1. The processor detects an exception. 2. Call an indirect process through the exception table to reach the exception handling program. 3. After processing is completed: return the current command; return the next command; terminate

1. Exception Handling

• Exception number: A unique non-negative integer allocated for each type of exception.
• Exception table: when the system starts, the operating system will initialize a change so that the entry K contains the address of the exception K processing program.
• Link: The exception number is the index in the exception table. The starting address of the exception table is placed in the base address register of the exception table.

Exceptions are similar to process calls. The differences are as follows:

1. The return address for pushing the processor into the stack, which is the current instruction address or the next instruction address. 2. The processor also presses some additional processor states into the stack. 3. If you control a user program to the kernel, all the projects will be pushed to the kernel stack. 4. The exception handling program runs in kernel mode and has full access permissions to all system resources.

2. Exception category

• Fault command: An exception occurs when the current command is executed.
• Interrupt handler: An exception handler for hardware interruption.

(1) Interruption

• Asynchronous generation
• Result of signal from an I/O device outside the processor
• Returns the next command.

(2) traps

• Traps are intentional exceptions
• Is the result of executing a command
• The most important purpose-system call

(3) faults

• It is caused by an error and may be corrected by the fault handling program.
• The command is either re-executed (that is, the current command address is returned) or terminated.
• Typical Example: page missing exception

(4) Termination

• Is the result of an irreparable fatal error.
• Usually some hardware errors

3. Exceptions in Linux/ia32

There are 256 different exception types.

(1) Linux/ia32 faults and Termination

• Division Error/floating point exception 0 terminate Program
• General protection fault/segment fault exception 13 Termination procedure
• Page missing exception 14 returns the current address
• Machine check exception 18 terminate the program

(2) Linux/ia32 system call

Each system call has a unique integer number, corresponding to the offset from a jump table to the kernel.

Implementation Method of system call:

In ia32, system calls are provided through a trap command:

Int N; // n indicates the exception number.

All parameters called to Linux are passed through registers. The Convention is as follows:

• % Eax: contains the system call number
• % EBX, % ECx, % edX, % ESI, % EDI, % EBP: contains a maximum of six arbitrary Parameters
• % ESP: Stack pointer, not available

Section 2 Process

• Classic Process Definition: an instance of the program in execution.
• Every program in the system runs in the context of a process.
• Context: it consists of the States required for the program to run correctly.

• Key abstractions provided by processes to applications:

  An independent logical control flow: exclusive use of processor a private address space: exclusive use of Memory System

1. Logical Control Flow

(1) Meaning

The values of a series of program counters PC correspond to the commands that are included in the executable target file of the program, or the commands that are included in the shared object that is dynamically linked to the program at runtime, the sequence of Pc values is called logical control flow.

(2) Key Points

The process uses the processor in turn. Each process executes a part of its stream and is preemptible. However, a process can provide an illusion to every program, as if it is exclusively using a processor.

(3) Example of a logical flow

Exception Handling program, process, signal processing program, thread, Java Process

2. Concurrent streams

(1) Meaning

The execution time of a logical stream overlaps with that of another stream. It is irrelevant to whether it is on the same processor]

The two streams run concurrently.

(2) Concepts

• Concurrency: Concurrent execution of Multiple Streams
• Multi-task: A process and other processes run in turn (also called time slice)
• Time slice: each time period in which a process executes a part of its control flow

(3) parallel

Two streams run concurrently on different processor cores or computers.

Parallel stream execution and parallel execution.

3. Private address space

The illusion that a process provides a program is as if it exclusively uses the system address space. Generally, the memory byte associated with an address in the space cannot be read and written by other processes.

4. User Mode and Kernel Mode

Simply put, the difference between the user mode and the kernel mode lies in the user's permissions, which refer to the permissions on system resources.

The specific difference is whether there is a mode bit. If there is a mode, it is the kernel mode. You can execute all the commands in the instruction set and access any storage location in the system. If not, it is the user mode.

The only way for a process to change from user mode to kernel mode is through exceptions-interruptions, faults, or system calls.

Linux's smart mechanism-/proc file system, which outputs many kernel data structures into a hierarchical structure of text files that can be read by a user program.

5. Context switching

The operating system kernel uses context switching, a high-level form of abnormal control flow, to implement multiple tasks. Context switching is based on the underlying exception mechanism.

(1) Context: the State required by the kernel to restart a preemptible process.

Composed of the values of some objects:

• General purpose register
• Floating point register
• Program counters
• User Stack
• Status Register
• Kernel stack
• Kernel data structure: page table, progress table, and file table

(2) scheduler and Scheduler

At certain times of process execution, the kernel can decide to seize the current process and re-start a previously preemptible process. This decision is called scheduling and is handled by the code in the kernel called the scheduler.

(3) Context switching mechanism

1. Save the context of the current process

2. Restore the saved context of a previously preemptible Process

3. Pass the control to the newly recovered process.

(4) possible reasons for context switching:

• The kernel represents the time when the user executes the system call.
• Interrupted

Section 3 Handle System Call errors

This section mainly describes the content of appendix A, which has been learned in week 10.

Simply put, the system will use the error processing packaging function. The system-level functions are in lower case. Their packaging function names are written up, and the packaging function calls the basic function. If there is any problem, it will end, if there is no problem, it is the same as the basic function.

Section 4 Process Control

1. Obtain the process ID

Each process has a unique positive process ID (PID ).

# Include <sys/types. h> # include <unistd. h> pid_t getpid (void); returns the pidpidpid_t getppid (void) of the calling process; returns the PID of the parent process (the process that creates the calling process)

2. Create and terminate processes

1. The process is always in one of the following three States:

• Run
• Stop: suspended and not scheduled

• Stop: always stop. Cause:

  1. receive the signal. The default behavior is to terminate the process. 2. Return the result from the main program. 3. Call the exit function. 4. Create a process.

The parent process creates a new sub-process by calling the fork function. The fork function is defined as follows:

# Include <sys/types. h> # include <unistd. h> pid_t fork (void); the parent process returns the PID of the child process, and the child process returns 0. -1.

• Call once and return twice
• Concurrent execution. The kernel can execute commands in the logical control flow in any way.
• Similarities: User stack, local variable value, heap, global variable value, code
• Difference: private address space
• Shared File: The child process inherits all open files of the parent process.
• Call the fork function n times to generate 2 n ing processes.

3. Terminate the process

Exit function:

# Include <stdlib. h> void exit (INT status); the exit function terminates the process in the status exit state and has no return value.

3. Reclaim sub-Processes

After the process is terminated, it will be recycled by the parent process; otherwise, it will be frozen.

If the parent process does not have time to recycle them, the kernel will arrange the INIT process to recycle them. The pid of the init process is 1.

A process can wait for its child process to terminate or stop by calling the waitpid function. The waitpid function is defined as follows:

# Include <sys/types. h> # include <sys/Wait. h> pid_t waitpid (pid_t PID, int * status, int options); The child process PID is returned successfully. If wnohang is returned, 0 is returned. If other errors are returned,-1 is returned.

1. Determine the Members waiting for the set-PID

• PID> 0: The waiting set is a separate sub-process with the process ID equal to PID
• PID =-1: The waiting set is composed of all child processes of the parent process.
• Others

2. Modify the default behavior -- Options

Set to various combinations of constant wnohang and wuntraced:

3. Check the exit status of the recycled sub-process -- Status

Several macros that explain the status parameter are defined in the header file of Wait. H:

• Wifexited: If the sub-process calls exit or a normal termination is returned, the true result is returned.
• Wexitstatus: returns the exit status of a normally terminated sub-process. This status is defined only when wifexited returns true.
• Wifsignaled: If the sub-process is terminated because of an uncaptured signal, the returned result is true.
• Wtermsig: return the number of the signal that causes the sub-process to terminate. This status is defined only when wifsignaled returns true.
• Wifstopped: If the returned sub-process is currently stopped, the returned result is true.
• Wstopsig: Number of signals that cause the sub-process to stop. This status is defined only when wifstopped returns true.

4. error conditions

If no sub-process exists, waitpid returns-1 and errno is set to echild.

If a waitpid is interrupted by a signal,-1 is returned and errno is set to eintr.

5. Wait Functions

The wait function is a simple version of The waitpid function. Wait (& Status) is equivalent to waitpid (-1, & status, 0 ).

# Include <sys/types. h> # include <sys/Wait. H> pid_t wait (int * status); the child process PID is returned successfully, and-1 is returned when an error occurs.

4. Process sleep

1. Sleep Function

The sleep function suspends a process for a specified period of time. Definition:

# Include <unistd. h> unsigned int sleep (unsigned int SECs); The returned value is the number of seconds remaining for sleep. If so, 0 is returned.

2. Pause Function

# Include <unistd. h> int pause (void); sleep the called function until the process receives a signal and always returns-1.

5. Load and run the program-execve Function

# Include <unistd. h> int execve (const char * filename, const char * argv [], const char * envp []); If a success is not returned,-1 is returned for failure.

The execve function is called once and never returns.

• Filename: executable target file
• Argv: parameter list
• Envp: Environment list

Operation Environment array -- getnev Function

# Include <stdlib. h> char * getenv (const char * Name); If yes, it is a pointer to name. If no match exists, it is null.

Search for the string "name = value" in the Environment array. If yes, a pointer to value is returned. Otherwise, null is returned.

Operation Environment array -- setenv and unsetenv Functions

# Include <stdlib. h> int setenv (const char * Name, const char * newvalue, int overwrite); if 0 is returned successfully,-1 void unsetenv (const char * name) is returned; no return value

If the environment array contains a string of "name = oldvalue", unsetenv will delete it, And setenv will replace oldvalue with newvalue, which is valid only when overwrite is not zero.

If the name does not exist, setenv writes "name = newvalue" into the array.

The fork function differs from the execve function: the fork function creates a new sub-process and copies the parent process. It runs the same program in the new sub-process, the parent process and child process have the same file table, but different pidexecve functions load and run a new program in the context of the current process, which will overwrite the address space of the current process, however, no new process is created, and the same PID is used to inherit the file descriptor.

Section 5 Signal

1. Basic Concepts

A signal is a method of inter-process communication. It is applied to asynchronous event processing and is essentially Soft Interrupt at the software level.

2. Kill-l or man 7 signal -- View signal information

Each signal has a number and a macro definition name.

3. Signal Lifecycle

Signal Generation, signal registration, signal cancellation, and signal processing

(1) signal generation-Four Types

• The user generates -- Ctrl + C. Stty-a to check which buttons can generate signals

• Hardware generation -- zero Division Error

• Process generation -- kill command
• Kernel generation-alarm clock timeout

(2) Signal Processing-Three Methods

• Perform default operations
• Ignore Signal
• Capture signal: Execute the signal processing function to switch to the user State.

(3) Multi-Signal Processing

Solution:

1. recursion: Call the same processing function. 2. Ignore the second signal. 3. Block the second signal until the first processing is complete.

Section 6 non-local jump

• In C, the user-level exception control flow is provided through the setjmp and longjmp functions.
• The setjump function saves the current CALL Environment in the Env buffer for later use by longjmp and returns 0.
• Call environment: program counter, stack pointer, general purpose register
• The longjmp function restores the calling environment from the Env buffer, and then triggers a response from the last setjmp call to initialize the Env. Setjmp then returns the result with a non-zero return value retval.

Note:

The setjmp function is called only once, but multiple times are returned;

The longjmp function is called once, but never returned.

Section 7 Operating Process Tools

• Strace: Print traces of each system call of a running program and its subroutine calls.
• PS: list processes in the current system, including dead processes
• Top: prints information about the resource usage of the current process.
• Pmap: displays the memory ing of processes.

Code practice Exec

1.exe C1

• In exec1.c, execvp () searches for the file name that matches the parameter file from the directory indicated by the PATH environment variable, finds the file, executes the file, and passes the second parameter argv to the file to be executed.
• If the execution is successful, the function will not return. If the execution fails,-1 will be returned. The cause of the failure is stored in errno.
• The compilation result is as follows, and "*** man is done. Bye" is not returned"

2.exe C2

• If you change the Arglist [0] passed in by the execvp function to Arglist [1], the execvp function is not called successfully, and then the statement "*** LS is done. Bye" is printed.

3.exe C3

• In the function, execlp () searches for the file name that matches the parameter file from the directory indicated by the PATH environment variable, and then runs the file, then, the second and later parameters are used as the argv [0], argv [1]… The last parameter must end with a null pointer.

Fork

1. forkdemo1

• Print the process PID, and then call the fork function to generate the sub-process. After a second of hibernation, print the process ID again. Then, the parent process prints the sub-process PID, and the sub-process returns 0.

2. forkdemo2

• Two forks are called and a total of four sub-processes are generated. Therefore, four aftre outputs are printed.

3. forkdemo3

• Fork generates a sub-process. The parent process returns the sub-process PID, which is not 0. Therefore, the sub-process returns 0 if the parent process is output. Therefore, the sub-process is output.

4. forkdemo4

• Print the process PID first, and then fork creates the sub-process. The parent process returns the sub-process PID. Therefore, the parent is output, which is sleep for 10 seconds. The sub-process returns 0, so the child and the next sentence are output.

5. forkgdb

• The parent process prints two sentences first, then sleep for one second, and then prints one sentence. The child process first prints one sentence, then sleep for one second, and then prints two sentences. These two threads are concurrent, so we can see that the second when a thread is sleeping, the other thread is executing, and the threads are independent of each other.

Wait

1. waitdemo1

• Waitdemo1.c is used to stop a child process and return the child process PID.

2. waitdemo2

• Waitdemo2.c differs from 1 in the state differentiation of a sub-process and splits the state into three parts: exit, Sig, and core.

Env

1. Environ. c

• Run the following Environ. C code:

• The Code involves the getenv function and setenv function.
• The getenv function searches the environment array for the string "name = value ". If yes, a pointer to value is returned. Otherwise, null is returned.

• The setenv function is a function used to modify or add environment variables.

2. environvar. c

• The environvar. C code simply prints the environment variable table. The running result is as follows:

 

• Each program has an environment table, which is an array of character pointers. Each pointer contains an address of a C string ending with null.

• The global variable environ contains the address of the pointer array.

FIFO

• FIFO is a file type. You can check the value of the stmode member in the file stat structure to determine whether the file is a FIFO file. FIFO is used to transmit data using files in the process. It also has the pipe feature and can clear data when reading data.

1. consemer. c pipe write end

2. Producer. c pipeline read end

Pipe

1. pipedemo. c

• Who sends the output to stdout, and sort reads data from stdin. That is to say, the stdout of who is connected to stdin of sort.

• Result = pipe (INT array [2]); array [0] is the file descriptor of the read end, and array [1] is the file descriptor of the write end.

• Pipe calls get two "lowest available file descriptors" first, assign them to array [0] and array [1], and then connect these two file descriptors.

2. pipedemo2.c

• In the program, the data transmission streams from the keyboard to the process, from the process to the pipeline, from the pipeline to the process, and from the process back to the terminal are displayed.

Signal

1. sigactdemo. c

2. sigactdemo2.c

• Wait for seconds and then return; or sleep () returns 0 after the signal is interrupted and the signal processing function returns. Therefore, if you do not care about the return value, the pause () function is equivalent to sleep () for an indefinite period ().

Problems encountered during learning and Solutions

Problem: when using the/proc file system in a VM, the result shows that the permission is insufficient ,:

Solution: We learned from the last section that the input method is incorrect. We should enter the cat printing command and then connect to the following directory, for example:

Code hosting

Link: https://git.oschina.net/sjy519/linux-program-C/tree/master

Others (perception, thinking, etc., optional)

I learned abnormal control flow this week. When I learned the content in the teaching material, I felt very hard and really hard to understand. I may be able to read it several times to better understand it, however, after a period of time, I read the learned knowledge point again, and I felt very unfamiliar. I read the book for a long time and did not know how much knowledge I actually learned this week.

Learning progress bar

	Number of lines of code (Add/accumulate)	Blog volume (New/accumulated)	Learning time (Add/accumulate)	Important Growth
Target	3000 rows	30 articles	300 hours
WEEK 1	0/0	1/2	25/40	I learned basic Linux knowledge and core commands
Week 2	0/0	0/2	0/40
Week 3	300/300	3/5	40/80	Learned vim, GCC, and gdb commands; Learned Information Representation and Processing
Week 5	200/500	1/6	45/125	Learned the machine-level representation of the program
Week 6	150/650	1/7	40/165	Learned the processor architecture
Week 7	100/750	1/8	40/205	Learned the Memory Hierarchy
Week 8	46/796	2/10	40/245	Reviewed previous knowledge points
Week 9	124/920	1/11	40/285	I learned about system-level I/O.
Week 10	510/1430	3/14	32/317	Focuses on some commands
Monday 10	440/1870	3/17	35/352	Learned knowledge about abnormal Control Flow

20145216 Shi Yaoyao "Information Security System Design Basics" Study and summary in week 11th