Saturday 25 March 2017

What happens when a program is executed in Linux?

1. Shell forks and execs the new process. Shell waits for the completion of the process using wait4() unless forked process is a daemon (is a session leader and kills the parent and continues with the child after exec)
2. fork() actually creates clone of the shell process itself. This address space is overwritten by exec call.  Exec call starts off by reading the first few pages of the executable from the disk. This operation involves file system, block layer, page cache and the device driver (if backend is disk, then disk device driver).
3.  Kernel needs to be compiled with different binary file handlers. Some handlers present in Linux kernel are ELF, a.out, script  etc.  Header of the executable says what kind of executable it is.  If kernel is compiled with the right kind of binary format handler, then the read data is handed over to the handler.
4. For example, if handler is an ELF handler, then the header has the location of the text in the file. Few pages of the text are read from disk  (basically mmapped) along with all the directly linked libraries.  Now the process is ready to start as its text and required libraries are in memory. Rest of the text is read using demand paging when needed.


examples:

strace ./a.out
execve("./a.out", ["./a.out"], [/* 45 vars */]) = 0
brk(0)                                  = 0x1056000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff4ce4a9000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=88130, ...}) = 0
mmap(NULL, 88130, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff4ce493000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P \2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ff4cdec4000
mprotect(0x7ff4ce07e000, 2097152, PROT_NONE) = 0
mmap(0x7ff4ce27e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7ff4ce27e000
mmap(0x7ff4ce284000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ff4ce284000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff4ce492000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff4ce490000
arch_prctl(ARCH_SET_FS, 0x7ff4ce490740) = 0
mprotect(0x7ff4ce27e000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7ff4ce4ab000, 4096, PROT_READ) = 0
munmap(0x7ff4ce493000, 88130)           = 0
exit_group(4195565)                     = ?
+++ exited with 237 +++ 


Implementation of execve

•      The entry point of the system call is the architecture-dependent sys_execve function. This function quickly delegates its work to the system-independent do_execve routine.
•      int do_execve(char * filename, char __user *__user *argv, char __user *__user *envp,struct pt_regs * regs)
•      Filename
•      * argv  (ex: ls –l /usr/bin/)
•      *envp :environment of the program
•      The notation is slightly clumsy because argv and envp are arrays of pointers, and both the pointer to the array itself as well as all pointers in the array are located in the userspace portion of the virtual address space.
the code flow diagram for do_execve
•      bprm_init then handles several administrative tasks
–     mm_alloc generates a new instance of mm_struct to manage the process address space.
–     init_new_context is an architecture-specific function that initializes the instance.
–     __bprm_mm_init sets up an initial stack.
•      prepare_binprm is used to supply a number of parent process values (above all, the effective UID and GID)
•      search_binary_handler is used at the end of do_execve to find a suitable binary format for the particular file.
•      Binary format handler performs the following actions:
–     It releases all resources used by the old process.
–     It maps the application into virtual address space.
–     The instruction pointer of the process and some other architecture-specific registers are set so that the main function of the program is executed when the scheduler selects the process.
Interpreting Binary Formats
<binfmts.h>
struct linux_binfmt
struct linux_binfmt * next;
struct module *module;
int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
int (*load_shlib)(struct file *);
int (*core_dump)(long signr, struct pt_regs * regs, struct file * file);
unsigned long min_coredump; /* minimal dump size */
};
1.       load_binary to load normal programs.
1.       load_shlib to load a shared library, that is, a dynamic library.
1.       core_dump to write a core dump if there is a program error.
Exiting Processes
•      Processes must terminate with the exit system call.
•      The entry point for this call is the sys_exit function that requires an error code as its parameter in order to exit the process.
•      Its implementation is not particularly interesting because it immediately delegates its work to do_exit.

call flow:
                                              do_execve()     //./fs/exec.c
                                                    |
                                    do_execve_common(filename, argv, envp, regs); 
                                                   |
                                                    --->file = open_exec(filename);
                                                    ---> sched_exec();
                                      bprm_mm_init(bprm) 
                                                 |
                                       bprm->mm = mm = mm_alloc();
                                                                         |
                                                                         --->alloctae_mm()
                                                                        ---->mm_init(mm,current)
                                                                                 |
                                                                                mm_alloc_pgd(mm)
                                                                                  |
                                                                                 --->pgd_alloc()

                                            |
                                   init_new_context(current, mm);  //Arch specific -->arch/arm/mm/context.c
                                            |
                                   __bprm_mm_init(bprm);
                                            |
                                           ---> insert_vm_struct(mm, vma)
                                     |
                                   prepare_binprm(bprm);
                   |
                  search_binary_handler(bprm,regs);     //./fs/exec.c

Monday 13 March 2017

How to uses the INCBIN in ARM

The INCBIN directive includes a file within the file being assembled. The file is included as it is, without being assembled.

Syntax

INCBIN filename
where:
filename
is the name of the file to be included in the assembly.The assembler accepts pathnames in either UNIX or MS-DOS format.

Usage

You can use INCBIN to include executable files, literals, or any arbitrary data. The contents of the file are added to the current ELF section, byte for byte, without being interpreted in any way. Assembly continues at the line following the INCBIN directive.
By default the assembler searches the current place for included files. The current place is the directory where the calling file is located. Use the -i assembler command-line option to add directories to the search path. File names and directory names containing spaces must not be enclosed in double quotes ( " " ).

Example

        AREA    Example, CODE, READONLY
        INCBIN  file1.dat               ; includes file1 if it
                                        ; exists in the 
                                        ; current place.
        INCBIN  c:\project\file2.txt    ; includes file2

Thursday 2 March 2017

Memory Allocation/Segmentation in C/C++

segment

Description
Codetext segment Often referred to as the text segment, this is the area in which the executable instructions reside.  For example, Linux/Unix arranges things so that multiple running instances of the same program share their code if possible.  Only one copy of the instructions for the same program resides in memory at any time.  The portion of the executable file containing the text segment is the text section.
Initialized data – data segment Statically allocated and global data that are initialized with nonzero values live in the data segment.  Each process running the same program has its own data segment.  The portion of the executable file containing the data segment is the data section.
Uninitialized data – bss segment BSS stands for ‘Block Started by Symbol’.  Global and statically allocated data that initialized to zero by default are kept in what is called the BSS area of the process.  Each process running the same program has its own BSS area.  When running, the BSS data are placed in the data segment.  In the executable file, they are stored in the BSS section.  For Linux/Unix the format of an executable, only variables that are initialized to a nonzero value occupy space in the executable’s disk file.
Heap The heap is where dynamic memory (obtained by malloc(), calloc(), realloc() and new for C++) comes from.  Everything on a heap is anonymous, thus you can only access parts of it through a pointer. As memory is allocated on the heap, the process’s address space grows.  Although it is possible to give memory back to the system and shrink a process’s address space, this is almost never done because it will be allocated to other process again.   Freed memory (free() and delete) goes back to the heap, creating what is called holes.   It is typical for the heap to grow upward.  This means that successive items that are added to the heap are added at addresses that are numerically greater than previous items.  It is also typical for the heap to start immediately after the BSS area of the data segment.  The end of the heap is marked by a pointer known as the break. You cannot reference past the break. You can, however, move the break pointer (via brk() and sbrk() system calls) to a new position to increase the amount of heap memory available.
Stack The stack segment is where local (automatic) variables are allocated.  In C program, local variables are all variables declared inside the opening left curly brace of a function body including the main() or other left curly brace that aren’t defined as static.  The data is popped up or pushed into the stack following the Last In First Out (LIFO) rule.  The stack holds local variables, temporary information, function parameters, return address and the like.  When a function is called, a stack frame (or a procedure activation record) is created and PUSHed onto the top of the stack. This stack frame contains information such as the address from which the function was called and where to jump back to when the function is finished (return address), parameters, local variables, and any other information needed by the invoked function. The order of the information may vary by system and compiler.  When a function returns, the stack frame is POPped from the stack.  Typically the stack grows downward, meaning that items deeper in the call chain are at numerically lower addresses and toward the heap.

Example code:
#include <iostream>
using namespace std;
int f1;         //bss (where is data(variable&constant) stored)
int f2=0;       //bss
int f3=1;       //data
static int f4 = 0;    //bss
static int f5 = 1;    //data
int main ()
{
int a[2];       //stack
int b1;          //stack
int b2 = 0;     //stack
int b3 = 1;     //stack
char b5[]= “abc”;      //stack
static int c[2];      //uninitialized static, bss (initialized to 0 by default)
static int d1;         //uninitialized static, bss (initialized to 0 by default)
static int d2 = 0;     //zero initialization = uninitialized, bss
static int d3 = 1;     //nonzero init, data
static int d4 = 1;     //nonzero init, data
const int e1 = 0;      //stack
const int e2 = 1;      //stack
char *p1 = “abc”;      //p1: stack, *p1 (“abc”): data
char *p2 = “abcd”;      //p2: stack, *p2 (“abcd”): data
static int *p3 = &b1;  //p3:bss
static int *p4;  //p4:bss, *p4: 0;
int *p5 = NULL; //p5: stack, *p5: 0
static int *p6 = NULL; //p6:bss, 0
int *p7;               //p7: stack,
static char * p8 = “abc”;    //p8:data, *p8 (“abc”): data, same as *p1
int b4 = 1;
static int * p9 = &b4; //p9:bss
d1 = 1;    //d1: bss
int *p10 = (int*)malloc(sizeof(int));   //p10: stack, *p10:heap
*p10 = 1;
static char *p11 = (char*)malloc(sizeof(char)); //p11: bss, *p11:heap
*p11 = ‘a’;
printf(“Local variables:\n\n”);
printf(“int a[0]: %d (stack)\n”,a);
printf(“int a[1]: %d (stack)\n”,a+1);
printf(“int b1: %d (stack)\n”,&b1);
printf(“int b2=0: %d (stack)\n”,&b2);
printf(“int b3=1: %d (stack)\n”,&b3);
printf(“char b5[]=\”abc\”: %d (*b5 \”abc\”, stack)\n”,b5);
printf(“const int e1=0: %d (stack)\n”,&e1);
printf(“const int e2=1: %d (stack)\n”,&e2);
printf(“char * p1=\”abc\”: %d (p1, stack)\n”,&p1);
printf(“char * p2=\”abc\”: %d (p2, stack)\n”,&p2);
printf(“int * p5 = NULL: %d (p5, stack)\n”,&p5);
printf(“int * p7: %d (p7, stack)\n”,&p7);
printf(“\n”);
printf(“int *p10 = (int *)malloc(int): %d (p10,stack)\n”,&p10);
printf(“\n”);
printf(“static int c[0]: %d (bss)\n”,c);
printf(“static int c[1]: %d (bss)\n”,c+1);
printf(“static int d1: %d (bss)\n”,&d1);
printf(“static int d2=0: %d (bss)\n”,&d2);
printf(“static int * p3 = &b1: %d (p3, bss)\n”,&p3);
printf(“static int * p4: %d (p4, bss)\n”,&p4);
printf(“static int * p6 = NULL: %d (p6, bss)\n”,&p6);
printf(“static int * p9 = &b4, b4=1: %d (p9, bss)\n”,&p9);
printf(“d1 = 1: %d (bss)\n”,&d1);
printf(“static int *p11 = (int*)malloc(int): %d (p11,bss)\n”,&p11);
printf(“\n”);
printf(“static int d3=1: %d (data)\n”,&d3);
printf(“static int d4=1: %d (data)\n”,&d4);
printf(“\n”);
printf(“static char * p8 = \”abc\”: %d (p8, data)\n”,&p8);
printf(“char * p1=\”abc\”: %d (*p1 \”abc\”, data)\n”,p1);
printf(“static char * p8 = \”abc\”: %d (*p8 \”abc\”, data)\n”,p8);
printf(“char * p2=\”abcd\”: %d (*p2 \”abcd\”, data)\n”,p2);
printf(“\n”);
printf(“static int * p4: %d (*p4, 0)\n”,p4);
printf(“int * p5 = NULL: %d (*p5, 0)\n”,p5);
printf(“\nHeap:\n”);
printf(“int *p10 = (int *)malloc(int): %d (*p10:1,Heap)\n”,p10);
printf(“static char *p11 = (int*)malloc(int): %d (*p11:’a’,Heap)\n”,p11);
printf(“\n\nGlobal variables:\n”);
printf(“int f1: %d (bss)\n”,&f1);
printf(“int f2=0: %d (bss)\n”,&f2);
printf(“static int f4: %d (bss)\n”,&f4);
printf(“\n”);
printf(“int f3=1: %d (data)\n”,&f3);
printf(“static int f5=1: %d (data)\n”,&f5);
system(“pause”);
return 0;
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%
Result:
Local variables:
int a[0]: 2359152 (stack)
int a[1]: 2359156 (stack)
int b1: 2359148 (stack)
int b2=0: 2359144 (stack)
int b3=1: 2359140 (stack)
char b5[]=”abc”: 2359136 (*b5 “abc”, stack)
const int e1=0: 2359132 (stack)
const int e2=1: 2359128 (stack)
char * p1=”abc”: 2359124 (p1, stack)
char * p2=”abc”: 2359120 (p2, stack)
int * p5 = NULL: 2359116 (p5, stack)
int * p7: 2359112 (p7, stack)
int *p10 = (int *)malloc(int): 2359104 (p10,stack)
static int c[0]: 4468840 (bss)
static int c[1]: 4468844 (bss)
static int d1: 4468856 (bss)
static int d2=0: 4468872 (bss)
static int * p3 = &b1: 4468888 (p3, bss)
static int * p4: 4468904 (p4, bss)
static int * p6 = NULL: 4468920 (p6, bss)
static int * p9 = &b4, b4=1: 4468936 (p9, bss)
d1 = 1: 4468856 (bss)
static int *p11 = (int*)malloc(int): 4468952 (p11,bss)
static int d3=1: 4452360 (data)
static int d4=1: 4452364 (data)
static char * p8 = “abc”: 4452368 (p8, data)
char * p1=”abc”: 4456448 (*p1 “abc”, data)
static char * p8 = “abc”: 4456448 (*p8 “abc”, data)
char * p2=”abcd”: 4456452 (*p2 “abcd”, data)
static int * p4: 0 (*p4, 0)
int * p5 = NULL: 0 (*p5, 0)
Heap:
int *p10 = (int *)malloc(int): 212064 (*p10:1,Heap)
static char *p11 = (int*)malloc(int): 212168 (*p10:’a’,Heap)
Global variables:
int f1: 4468752 (bss)
int f2=0: 4468756 (bss)
static int f4: 4468776 (bss)
int f3=1: 4452352 (data)
static int f5=1: 4452356 (data)