计算机系信息处理实验室 Lecture 3 System Mechanisms (1) xlanchen@03/11/2005

计算机系•信息处理实验室

Lecture 3 System Mechanisms (1)

xlanchen@03/11/2005

xlanchen@03/11/2005 Understanding the Inside of Windows2000

2计算机系信息处理实验室

Contents

Trap dispatching

The executive object manager

Synchronization

System worker threads

Local procedure calls (LPCs)



Trap dispatching Interrupt & exception

Divert the processor to code outside the normal flow of control

Trap: A processor's mechanism for

1.Capturing an executing thread when an exception or an interrupt occurs

2.Transferring control to a fixed location in the operating system



Trap handler

a function specific to a particular interrupt or exception



Interrupts vs. exceptions

Either hardware or software can generate exceptions and interrupts

Interrupt An asynchronous event that is unrelated to what the processor is executing

can occur at any time

I/O devices, processor clocks, …

can be enabled (turned on) or disabled (turned off)



Interrupts vs. exceptions

ExceptionA synchronous condition that results from the execution of a particular instruction

Can be reproduced

Memory access violations, certain debugger instructions, divide-by-zero errors,…

Additionally: System service calls



Stop and continue, how?

Trap frame

Created by the processor on the kernel stack of the interrupted thread

Used to store the execution state of the thread

Usually a subset of a thread's complete context



Trap dispatching

Front-end trap handling functions

Perform general trap handling tasks before and after transferring control to other functions that field the trap

Example:

The kernel hardware interrupt trap handler

The general system service trap handler

Unexpected trap handler (KeBugCheckEx)



Trap dispatching

Interrupt dispatching

Exception dispatching

System service call dispatching



Interrupt Dispatching

I/O control methods?

Polling, interrupt, DMA

Interrupt-driven device

Allow the operating system to get the maximum use out of the processor by overlapping central processing with I/O operations

Example: pointing devices, printers, keyboards, disk drives, and network cards



Interrupt time line for a single process doing output

Transferring

Transfer done I/O request

User process

executing

I/O interrupt

processing

CPU

I/O

device

idle

I/O request Transfer done



Interrupt dispatching

Interrupt trap handlers

For device interrupt

--|----> External routine, ISR | (Provided by device drivers) | |---> Internal kernel routine (Provided by kernel)



Hardware Interrupt Processing

On x86 systems

IRQinterrupt request interrupt number

IDTinterrupt dispatch table

filled at system boot time

OS8259M

8259S

device

CPU



EXPERIMENT

Viewing the IDT



Hardware Interrupt Processing

PIC: Programmable Interrupt Controller

i8259A for uniprocessor systems (IBM PC)

<=15

APIC: Advanced Programmable Interrupt Controller

i82489 for multiprocessor systems

Most new computers

<=256



EXPERIMENT

Viewing the PIC



IRQL (Interrupt request levels)

Windows 2000 own interrupt priority scheme

Interrupt numbers IRQL

Using IRQL

Raise & lower



EXPERIMENT

Viewing the IRQL



Lazy IRQL: a performance optimization

Accessing a PIC is relatively slow

Lazy IRQL

The changing of the interrupt mask is delayed until a lower-priority interrupt occurs

the lower-priority interrupt is postponed until the IRQL is lowered



Mapping interrupts to IRQLs

HAL function

HalpGetSystemInterruptVector

On a uniprocessor system

IRQL for Device = 27- interrupt vector



Important restriction

Can't wait on an object at DPC/dispatch level or above

Only nonpaged memory can be accessed at IRQL DPC/dispatch level or higher

If violated, the system crashes with an IRQL_NOT_LESS_OR_EQUAL crash code.



Interrupt objects

Contains the information about a device ISR, including

the address of the ISR,

the IRQL,

the entry in the kernel's IDT



Software interrupts

Including:

Initiating thread dispatching

Non-time-critical interrupt processing

Handling timer expiration

Asynchronously executing a procedure in the context of a particular thread

Supporting asynchronous I/O operations



DPCInterrupt routines should exit asap and some knl activity easier when current code has unwound

NT uses DPC to schedule non-immediate code, e.g.I/O drivers queue DPCs to complete I/O

Knl uses DPC to handle timer expiration

Knl uses DPC to reschedule when thread quantum expires

Adding DPC to DPC queue causes dispatch/DPC interrupt

Dispatch/DPC has low IRQL – deferred if IRQL higher

Limits soft real-time capability of NT



Delivering a DPC



EXPERIMENT

Monitoring Interrupt and DPC Activity



APC (Asynchronous procedure call) interrupts

a way for user programs and system code to execute in the context of a particular user thread

run at an IRQL less than 2

An APC routine can acquire resources (objects), wait on object handles, incur page faults, and call system services



Kernel mode vs. user mode

Thread

Kernel mode

User mode

Kernel mode APC

Executive & device driver

User mode APC

Win32 APIs: ReadFileEx, WriteFileEx, and QueueUserAPC



Exception Dispatching

Structured exception handling

allows applications to gain control when exceptions occur

The application can fix the condition and return, or declare back to the system that the exception isn't recognized

The system should continue searching for an exception handler that might process the exception.



X86Interrupt Number Exception

0 Divide Error

1 DEBUG TRAP

2 NMI/NPX Error

3 Breakpoint

4 Overflow

5 BOUND/Print Screen

6 Invalid Opcode

7 Opcode7NPX Not Available

8 Double Exception

9 NPX Segment Overrun

A Invalid Task State Segment (TSS)

B Segment Not Present

C Stack Fault

D DGeneral Protection

E EPage Fault

F Intel Reserved

10 Floating Point

11 Alignment Check



Exception dispatcher

To find an exception handler that can "dispose of" the exception

Some exceptions transparently are handled by kernel

A few exceptions are allowed to filter back, untouched, to user mode

kernel-mode exceptions

If unhandled, are considered fatal operating system errors



Dispatching an exception



EXPERIMENT

Viewing the Real User Start Address for Win32 Threads



EXPERIMENT Unhandled Exceptions



System Service Dispatching

On X86

int 0x2e

NtWriteFile:

mov eax,0x0E;mov ebx,esp; int 0x2E;ret 0x2C;



System service exceptions



System service number to system service translation



System service dispatching



EXPERIMENT

Viewing System Service Activity

Documents

计算机系 信息处理实验室 Lecture 3 System Mechanisms (1) xlanchen@03/11/2005

计算机系信息处理实验室 Lecture 3 System Mechanisms (1) xlanchen@03/11/2005