cse 351 week 8
play

CSE 351: Week 8 Tom Bergan, TA 1 Today What happens when a - PowerPoint PPT Presentation

CSE 351: Week 8 Tom Bergan, TA 1 Today What happens when a program starts running? Address spaces Virtual memory 2 Lets start a program $ ./bufbomb -u tbergan Goal: execute main() in ./bufbomb int main(int argc, char


  1. CSE 351: Week 8 Tom Bergan, TA 1

  2. Today • What happens when a program starts running? • Address spaces • Virtual memory 2

  3. Let’s start a program $ ./bufbomb -u tbergan Goal: execute main() in ./bufbomb int main(int argc, char *argv[]) { ... } Where argc = 3 argv[0] = “./bufbomb” argv[1] = “-u” argv[2] = “tbergan” The shell executes this code: execl(“./bufbomb”, “-u”, “tbergan”, NULL); How does exec() work? 3

  4. What happens on exec()? Memory stack bufbomb code 0 2 64 -1 The Stack Steps to exec: “tbergan” 1. Load program executable 2. Copy the args into memory Args get copied “-u” 3. Setup the registers onto the stack 4. Jump to main() “./bufbomb” Registers argv[2] Goal: execute main() in ./bufbomb argc = 3 %rdi int main(int argc, char *argv[]) { argv[1] ... argv[] = · %rsi argv[0] } Where %rsp argc = 3 argv[0] = “./bufbomb” argv[1] = “-u” argv[2] = “tbergan” 4

  5. Each process has its own address space here is a pointer p: 0x0041ab8fe023ecd5 p1 address space 0 2 64 -1 NOT the same p2 address space 0 2 64 -1 5

  6. Address spaces are virtual here is a pointer p: 0x0041ab8fe023ecd5 p1 address space 0 2 64 -1 NOT the same physical memory 0 2 64 -1 6

  7. Virtual Address Spaces here is a pointer p: physical 0x0041ab8fe023ecd5 memory p1 address space 0 2 64 -1 page table physical address virtual address 7

  8. Virtual Address Spaces P 1 address space stack code heap physical 0 2 64 -1 memory page table page table P 2 address space stack code heap 0 2 64 -1 8

  9. Virtual address translation virtual physical memory memory page table Virtual Physical physical memory is Page # Page # address divided into pages 2 5 virtual address Step 1: translate the page # Step 2: translate the offset 9

  10. Virtual address translation virtual address 0x0041ab8fe023ecd5 virtual page # offset 0041ab8fe023e cd5 page table Virtual Physical Page # Page # page table 0x0041ab... 0x5230a... physical address physical page # offset 5230abeab44cf cd5 10

  11. Virtual address translation virtual physical memory memory 5230abeab44cf cd5 page table 5230abeab44cf 000 Virtual Physical Page # Page # 0x0041ab... 0x5230a... 0041ab8fe023e cd5 0041ab8fe023e 000 11

  12. Virtual Address Spaces P 1 address space stack code heap physical 0 2 64 -1 memory page table Do you ever want to share memory across processes? page table P 2 address space stack code heap 0 2 64 -1 12

  13. Virtual Address Spaces P 1 address space stack code shared lib heap physical 0 2 64 -1 memory page table Do you ever want to share memory across processes? - yes! shared libraries! page table P 2 address space stack code shared lib heap 0 2 64 -1 13

  14. Shared Libraries P 1 address space stack code shared lib heap physical 0 2 64 -1 memory A shared library: - think printf(): *.so on linux, *.dll on windows - share code pages in multiple address spaces (saves space!) Problem: can’t let P 2 overwrite to P 1 ’s code! - solution: map pages read-only P 2 address space stack code shared lib heap 0 2 64 -1 14

  15. Shared Libraries P 1 address space stack code shared lib heap physical 0 2 64 -1 memory page table Virtual Physical Protection Address Address Bits pages mapped read-only 0x0041ab... ✘ writable page table Virtual Physical Protection Address Address Bits 0x07eff... ✘ writable P 2 address space stack code shared lib heap 0 2 64 -1 15

  16. Page table protection bits (partial list) • writable bit - is the page writable? - when unset, the page is read-only Why would you want this? - protect code pages (don’t accidentally overwrite) - read-only data (e.g. constant strings literals: “xyz”) • executable bit - is the page executable? - when unset, code on the page cannot be executed Why would you want this? - protect non-code pages (e.g. prevents buffer overflow exploits) - read-only data (e.g. constant strings literals: “xyz”) 16

  17. Shared Libraries Shared libraries are loaded at runtime New steps to start a program: 1. Load program executable 1a. Load shared libraries 2. Copy the args into memory 3. Setup the registers 4. Jump to main() 17

  18. Shared Libraries P 1 address space stack code shared lib heap 0 2 64 -1 ⋮ ⋮ 0x3FC memcpy: 0x0A0 call foo How do we know the address of ⋮ ⋮ memcpy? 0x105 foo: call memcpy - it depends on where the lib was loaded ⋮ - solution: jump table ⋮ 0xB05 memcpy: ⋮ P 2 address space stack code shared lib heap 0 2 64 -1 18

  19. Shared Libraries P 1 address space stack code heap 0 2 64 -1 ⋮ 0x0A0 call foo ⋮ 0x105 foo: call * jumpTable[42] Library call indirects through jump table ⋮ jumpTable = { [0] = ? Jump table initially empty [1] = ? ⋮ [42] = ? ⋮ } 19

  20. Shared Libraries P 1 address space stack code shared lib heap 0 2 64 -1 ⋮ ⋮ 0x3FC memcpy: 0x0A0 call foo ⋮ ⋮ 0x105 foo: call * jumpTable[42] ⋮ jumpTable = { [0] = ? Jump table fixed when library is loaded [1] = ? - by a program called a loader ⋮ [42] = &memcpy, ⋮ 0x3FC } 20

Recommend


More recommend