Embed Size (px)
DESCRIPTION
NT Kernel. CS 470 -- Spring 2002. Overview. Interrupts and Exceptions: Trap Handler Interrupt Request Levels and IRT DPC’s, and APC’s System Service Dispatching Exception Dispatching Dispatcher Objects Example: Reading a file. Interrupts vs Exceptions. - PowerPoint PPT Presentation
Citation preview
NT Kernel
CS 470 -- Spring 2002
Overview
• Interrupts and Exceptions: Trap Handler
• Interrupt Request Levels and IRT
• DPC’s, and APC’s
• System Service Dispatching
• Exception Dispatching
• Dispatcher Objects
• Example: Reading a file
Interrupts vs Exceptions• An interrupt is an asynchronous
event, one that occurs at a time unrelated to what the processor is executing: I/O device interrupts, clocks, timers, etc. They usually can be enabled or disabled.
• An exception is a synchronous event, one that results from the execution of an instruction: memory access violations, debugger instructions, divide-by-zero, etc.
Interrupt & Exception Handling
• Wide variety of hardware supported
• The kernel provides a uniform interface by transferring control to the trap handler.
• The trap handler fills TrapFrame field in _KTHREAD with the execution state of the thread and transfers control to an appropriate kernel or executive module for handling the condition.
Interrupt & Exception Dispatching
InterruptDispatcher
System Service Dispatcher
InterruptService
Routines
SystemServices
ExceptionDispatcher Exception
Handlers
VM ManagerPager
Interrupt
System Service Call
Hard/SoftwareExceptions
Virtual AddressExceptions
Trap Handler
Interrupt Request Levels
• Each processor runs at a particular interrupt request level (IRQL)
• Threads running in kernel mode can change their current processor’s IRQL.
• Each type of interrupt is associated with a particular IRQL.
• Only interrupts at IRQL greater than that of a processor are enabled for that processor.
NT Defined IRQL’s
• High Level• Power Level• Interprocessor
Interrupt Level• Clock Levels• Device Levels n to 1• Dispatch/DPC Level• APC Level• Low Level
Machine check or bus error
Power failure (not used)
Work request from another processor
Clock, kernel profiler
I/O Device levels
Thread dispatching & DPC’s
Asynchronous proc. calls
Normal Thread Execution
IRQL Types of Interrupts
Interrupt Dispatch Table
• One IDT per processor
• One entry for each IRQL
• An entry is a list of interrupt objects which were connected by device drivers
• When an interrupt occurs, it is mapped to an IRQL and so to an entry in the table.
• Each interrupt object specifies an ISR to handle the interrupt. So several devices can interrupt at the same level.
Software Interrupt Uses• To initiate thread dispatching: For
synchronization, kernel runs at DPC level; it requests a dispatch interrupt which will not be serviced until it lowers IRQL.
• Handle timer expiration
• Asynchronously execute a procedure in the context of a particular thread. For example, asynchronous I/O is done this way.
Deferred Procedure Calls
• Handlers can issue deferred procedure calls for non-time critical operations. Timers and the clock interrupt are handled this way.
• These are DPC objects which are ly queued per processor, and a DPC interrupt is requested. When IRQL below DPC level, they are executed.
Asynchronous Procedure Calls• APC objects are queued on a per thread
queue and an APC level interrupt is requested.
• Executes only in a specified thread.• Kernel mode APC’s require no permission,
but user mode APC’s execute only if the target thread has declared itself to be alertable (using e.g. WaitForSingleObjectEx or SleepEx)
• Asynchronous I/O uses this method.
KTHREADDispatcher Header
User & kernel times
System service tableThread scheduling info
Trap frame
Synchronization info
Pending APC list
Object Wait List
TEB
Thread Local storage
Kernel stack info
System Service Dispatching
• Uses SYSCALL or INT 0x2e to trap to kernel mode.
• _KTHREAD SystemTable field specifies up to four System Service Dispatch Tables, 1K entries per table
• Arguments are copied to kernel mode stack to protect them.
• Flexible: expansion or modification by changing table entries.
Exception Dispatching
• Save trap frame and exception record
• LPC to debugger port
• Check Frame based handlers
• LPC to debugger port
• LPC to exception port (monitored by environment subsystem -- e.g. POSIX signals sent this way)
• Kernel Default handler -- terminates process -- DrWtsn32.exe
Exception Types
• ACCESS_VIOLATION• DATATYPE_MISALIGNMENT• BREAKPOINT• SINGLE_STEP• ARRAY_BOUNDS_EXCEEDED• FLT_DENORMAL_OPERAND• FLT_DIVIDE_BY_ZERO• FLT_INEXACT_RESULT• FLT_INVALID_OPERATION• FLT_OVERFLOW• FLT_STACK_CHECK
• FLT_UNDERFLOW• INT_DIVIDE_BY_ZERO• INT_OVERFLOW• PRIV_INSTRUCTION• IN_PAGE_ERROR• ILLEGAL_INSTRUCTION• NONCONTINUABLE_EXCEPTION• STACK_OVERFLOW• INVALID_DISPOSITION• GUARD_PAGE• INVALID_HANDLE
Example: Read.cvoid main(void) {
HANDLE hFile;
char buffer[256];
DWORD numRead;
if ((hFile = CreateFile(“foo.bar”, ...)
!=INVALID_HANDLE_VALUE) {
if(!ReadFile(hFile, buffer, 256,
&numRead, NULL)){ ...} }}
Tracking the Read (1 of 2)
• ReadFile called from main
• NtReadFile called from ReadFile
• Trap handler: System Service Dispatch Table I/O Manager Device Driver
• Device Driver: queues read job
• Interrupt Trap handler: IDT Device Driver ISR: Queue DPC
Tracking the Read (2 of 2)
• IRQL drops DPC starts disk read
• Interrupt Trap handler: IDT Device Driver ISR ISR queues DPC
• IRQL drops DPC checks status, etc.
• DPC queues Kernel APC
• IRQL drops, Thread runs APC runs,copies data to user buffer
• NtRead returns, ReadFile returns.
