Fundamentals of Information Security system design 11th week 20135334 Zhao Yanglin

Eighth. Abnormal control Flow

• Smoothing: means that the instructions are contiguous in memory.
• Mutation: A non-contiguous occurrence, usually caused by instructions such as jumps, calls, and returns.

exceptions are a form of exception control flow that is implemented by hardware and operating systems . In simple terms, it is the mutation in the control flow .

• Event: A state change that may or may not be related directly to the execution of the current instruction.

• How to handle Exceptions:

8.1 Exception Handling

• Exception number: A unique, non-negative integer assigned by the system for each type of exception.
• Exception table: When the system starts, the operating system initializes a bar transition so that the entry k contains the address of the handler for the exception K.

The exception number is the index to the exception table, and the starting address of the exception table is placed in the exception table base register.

Category of exception

• Fault instruction: Execution of current instruction causes exception
• Interrupt handlers: Exception handlers for hardware interrupts.

(1) Interrupt

• Occurs asynchronously
• The result of a signal from an I/O device outside the processor
• Return to next instruction

(2) Traps

• Traps are intentional exceptions.
• Is the result of executing an instruction
• The most important use-- system call

(3) fault

• caused by an error condition and may be corrected by the fault handler
• The result is either re-executing the instruction (that is, returning the current instruction address) or terminating
• Typical example: Missing pages Exception

(4) Termination

• Is the result of unrecoverable fatal error
• Usually a few hardware errors

(1) LINUX/IA32 failure and termination

• Division error/Floating-point Exception exception 0 terminating program
• General Protection Fault/segment fault Exception 13 terminating the program
• Page fault 14 returns the current address
• Machine Check Exception 18 Terminate program

(2) LINUX/IA32 system call

Each system call has a unique integer number that corresponds to the offset from a jump table in the kernel.

8.2 Process

Each program in the system is running in the context of a process.

context: consists of the state required for the program to run correctly.

The key abstraction that a process provides to an application:

• A separate logical control flow: Exclusive use of the processor a private address space: Exclusive use of the memory system

1. Logical Control Flow

• A series of program counter PC values, respectively, that correspond to instructions in the executable target file containing the sub-program, or the instructions contained in a shared object that is dynamically linked to the program at run time, the sequence of this PC value is called the logical control flow .
• The process uses the processor in turn. Each process executes its part of the stream, then is preempted and then turns to other processes. However, a process can provide an illusion to each program as if it were using the processor exclusively.

2. Concurrent Streams

• The execution of one logical stream overlaps with another stream in time. run concurrently with the two streams that are not independent of the same processor.
• Concurrency: Execution of multiple streams concurrency
• Multitasking: a process and other processes running in turn (also called time shards)
• Time slices: Each time period a process executes as part of its control flow
• Parallel two streams run concurrently on different processor cores or computers. Parallel flow parallel running, parallel execution.

Private address space

User mode and kernel mode

The only way the process changes from user mode to kernel mode is through exceptions --interrupts, failures, or a system call.

Context Switches

• The operating system kernel uses context switches to achieve multitasking with this higher-level exception control flow. The context-switching mechanism is based on the lower-level exception mechanism.

Context switching mechanism

1. Save the context of the current process

2. Restore the context in which a previously preempted process was saved

3. Pass control to this newly restored process.

Possible reasons for context switching:

• The kernel performs system tuning on behalf of the user
• Interrupt

Process Control each process has a unique positive process ID (PID). 1. The process is always in one of the following three states

• Run
• STOP: Suspended and not scheduled

• Terminate: Stop forever. Reason:

  1.收到信号，默认行为为终止进程2.从主程序返回3.调用exit函数

2. Create a process

The parent process creates a new run child process by calling the fork function.

The fork function is called only once, but is returned two times: the parent process returns the PID of the child process, and the child process returns 0. If failure returns-1.

Call the fork function n times, producing 2 of the n-th process.

3. Terminating the process

The exit function terminates the process with the status exit state.

Iii. recycling of sub-processes

The process terminates and is also reclaimed by the parent process, otherwise it is in a zombie state.

If the parent process is not reclaimed, the kernel schedules the init process to reclaim them. The PID of the Init process is 1.

A process can wait for its child process to terminate or stop by calling the Waitpid function.

The child process PID is returned successfully, and if Wnohang returns 0, the other error returns-1.

1. Judging the members of the waiting set--pid

• Pid>0: Wait set is a separate subprocess, process ID equals PID
• Pid=-1: The Wait collection is made up of all the child processes of the parent process
• Other.

2. Modify the default behavior--options

Check the exit status of the reclaimed child process--statuswait function

Successfully returned the child process PID, error returned-1

Four, let the process hibernate sleep function

The sleep function suspends a process for a specified period of time.

The return value is the number of seconds left to hibernate if it returns to 0.

Pause function

Let the calling function hibernate until the process receives a signal.

V. Load and run the program--execve function

#include <unistd.h>int execve(const char *filename, const char *argv[], const char *envp[]);成功不返回，失败返回-1.

The EXECVE function is called once and never returned.

• FileName: Executable target file
• argv: Parameter list
• ENVP: Environment List

Getnev function

Searches for the string "Name=value" in the environment array, returns a pointer to value if found, otherwise returns NULL.

Setenv and UNSETENV functions

If the environment array contains a string of "Name=oldvalue", Unsetenv will delete it, SETENV will replace oldvalue with NewValue, only if the overwrite is nonzero.

If name does not exist, Setenv writes "Name=newvalue" into the array.

The difference between the ※fork function and the EXECVE function

• The fork function is to create a new child process , a copy of the parent process, run the same program in the new child process, the parent process and the child process have the same file table, but the different PID

• The EXECVE function loads and runs a new program in the context of the current process, overwrites the address space of the current process, but does not create a new process , has the same PID, and inherits the file descriptor.

Signal

Two steps to pass a signal to the destination process: send a signal and receive a signal.

Send signal Reason:

1.内核检测到一个系统事件2.一个进程调用了kill函数，显式的要求内核发送一个信号给目的进程。

Receive signal: 1.忽略 2.终止 3.执行信号处理程序，捕获信号Send signal--based on Process Group 1. Process Group

• Each process belongs to only one process group.
• Process group ID: positive integer
• A child process and his parent process belong to the same process group.
• View Process Group Id:getpgrp
• Modify a process group: Setpgid

2. Send a signal using the/bin/kill program

The/bin/kill program can send arbitrary signals to other processes in the form of:

/bin/kill -n mn是信号，m是进程或进程组

When n>0, send signal N to process M

When n<0, causes the signal |n| to be sent to all processes in the process group m.

3. Send a signal from the keyboard 4. Send a signal using the Kill function

The process sends a signal to other processes by calling the kill function.

5. Send a signal using the alarm function

Signal Introduction

Signal is an inter-process communication method, which is applied to the processing of asynchronous events , in essence, soft interrupts.

Signal life cycle

Signal generation, signal registration, signal cancellation, signal processing

(1) Signal generation-four types

• The user generates-CTRL+C.

Stty-a to see which keys can generate a signal

• Hardware generation-except for 0 errors
• Process generates-kill instructions
• Kernel Generation-Alarm timeout

Signal processing-three methods

• Perform the default action
• Ignore signal
• Capture signal: Perform signal processing function, switch to user state.

Snapping: Signal functions

Ignore signal: sig_ign

Default action: SIG_DFL

Non-local jump

Calling Environment: program counter, stack pointer, general purpose register

The LONGJMP function resumes the calling environment from the env buffer and then triggers a return from the setjmp call that was last initialized with Env. The setjmp is then returned with a non-zero return value of retval.

The SETJMP function is called only once, but returns multiple times;

The LONGJMP function is called once but never returned.

Tools for manipulating processes

• STRACE: Prints a running program and traces of every system call that his subroutine calls
• PS: Lists the processes in the current system, including zombie processes
• TOP: Print out information about the current process resource usage
• PMAP: Display memory mappings for a process

Summarize

Spents: 6 hours

Feelings: Learning, the first according to the teacher to provide key learning, process switching and other related knowledge associated with the operating system, this is relatively easy to accept, other books on the knowledge points difficult to understand, watching video, video too long, see slightly impetuous. Lay aside for a while to see, learn a little tired. But there is still a harvest, learning to know the difference between array pointers, pointer arrays, function pointers, pointer functions.

Fundamentals of Information Security system design 11th week 20135334 Zhao Yanglin