CSE 351: Week 8 Tom Bergan, TA 1 Today What happens when a - - PowerPoint PPT Presentation

cse 351 week 8
SMART_READER_LITE
LIVE PREVIEW

CSE 351: Week 8 Tom Bergan, TA 1 Today What happens when a - - PowerPoint PPT Presentation

Nov 21, 2023 10 likes •214 views

CSE 351: Week 8 Tom Bergan, TA 1 Today What happens when a program starts running? Address spaces Virtual memory 2 Lets start a program $ ./bufbomb -u tbergan Goal: execute main() in ./bufbomb int main(int argc, char

slide-1
SLIDE 1

CSE 351: Week 8

Tom Bergan, TA

1

slide-2
SLIDE 2

Today

  • What happens when a program starts running?
  • Address spaces
  • Virtual memory

2

slide-3
SLIDE 3

Let’s start a program

3

The shell executes this code: execl(“./bufbomb”, “-u”, “tbergan”, NULL); $ ./bufbomb -u tbergan Goal: execute main() in ./bufbomb

int main(int argc, char *argv[]) { ... }

Where

argc = 3 argv[0] = “./bufbomb” argv[1] = “-u” argv[2] = “tbergan”

How does exec() work?

slide-4
SLIDE 4

What happens on exec()?

4

Steps to exec:

  • 1. Load program executable
  • 2. Copy the args into memory
  • 3. Setup the registers
  • 4. Jump to main()

Memory

264-1

stack

bufbomb code

%rdi argc = 3

Registers

%rsp %rsi argv[] = ·

Args get copied

  • nto the stack

The Stack

“-u” “tbergan” “./bufbomb” argv[2] argv[1] argv[0] Goal: execute main() in ./bufbomb

int main(int argc, char *argv[]) { ... }

Where

argc = 3 argv[0] = “./bufbomb” argv[1] = “-u” argv[2] = “tbergan”

slide-5
SLIDE 5

5

here is a pointer

0x0041ab8fe023ecd5

p: p1 address space

264-1

p2 address space

264-1

Each process has its own address space

NOT the same

slide-6
SLIDE 6

6

here is a pointer

0x0041ab8fe023ecd5

p: p1 address space

264-1 264-1

Address spaces are virtual

NOT the same physical memory

slide-7
SLIDE 7

Virtual Address Spaces

7

here is a pointer

0x0041ab8fe023ecd5

p: p1 address space

264-1

physical memory

page table

virtual address physical address

slide-8
SLIDE 8

page table

Virtual Address Spaces

8

P1 address space

264-1

heap

physical memory

stack

P2 address space

264-1

heap stack page table code code

slide-9
SLIDE 9

Virtual address translation

9

page table

Virtual Page # Physical Page #

2 5

memory is divided into pages

Step 1: translate the page # Step 2: translate the offset virtual memory

virtual address

physical memory

physical address

slide-10
SLIDE 10

Virtual address translation

10

virtual address

0x0041ab8fe023ecd5

page table

Virtual Page # Physical Page #

0x0041ab... 0x5230a...

0041ab8fe023e cd5 5230abeab44cf cd5

physical address

virtual page #

  • ffset

physical page #

  • ffset

page table

slide-11
SLIDE 11

Virtual address translation

11

page table

Virtual Page # Physical Page #

0x0041ab... 0x5230a...

0041ab8fe023e cd5 5230abeab44cf cd5

virtual memory

5230abeab44cf 000 0041ab8fe023e 000

physical memory

slide-12
SLIDE 12

page table

Virtual Address Spaces

12

P1 address space

264-1

heap

physical memory

stack

P2 address space

264-1

heap stack page table code code

Do you ever want to share memory across processes?

slide-13
SLIDE 13

page table

Virtual Address Spaces

13

P1 address space

264-1

physical memory P2 address space

264-1

page table

Do you ever want to share memory across processes?

  • yes! shared libraries!

heap stack heap stack code code shared lib shared lib

slide-14
SLIDE 14

14

physical memory P2 address space

264-1 A shared library:

  • think printf(): *.so on linux, *.dll on windows
  • share code pages in multiple address spaces

(saves space!)

Problem: can’t let P2 overwrite to P1’s code!

  • solution: map pages read-only

heap stack code shared lib

P1 address space

264-1

heap stack code shared lib

Shared Libraries

slide-15
SLIDE 15

15

P1 address space

264-1

physical memory P2 address space

264-1

page table

Virtual Address Physical Address Protection Bits

0x0041ab...

✘ writable

pages mapped read-only

Virtual Address Physical Address Protection Bits

0x07eff...

✘ writable

page table

heap stack code shared lib heap stack code shared lib

Shared Libraries

slide-16
SLIDE 16

Page table protection bits

(partial list)

16

  • writable bit
  • is the page writable?
  • when unset, the page is read-only

Why would you want this?

  • protect code pages (don’t accidentally overwrite)
  • read-only data (e.g. constant strings literals: “xyz”)
  • executable bit
  • is the page executable?
  • when unset, code on the page cannot be executed

Why would you want this?

  • protect non-code pages (e.g. prevents buffer overflow exploits)
  • read-only data (e.g. constant strings literals: “xyz”)
slide-17
SLIDE 17

17

Shared Libraries

New steps to start a program:

  • 1. Load program executable
  • 1a. Load shared libraries
  • 2. Copy the args into memory
  • 3. Setup the registers
  • 4. Jump to main()

Shared libraries are loaded at runtime

slide-18
SLIDE 18

18

P1 address space

264-1

⋮ 0x3FC memcpy: ⋮ ⋮ 0x0A0 call foo ⋮ 0x105 foo: call memcpy ⋮

How do we know the address of memcpy?

  • it depends on where the lib was loaded
  • solution: jump table

P2 address space

264-1

⋮ 0xB05 memcpy: ⋮ heap stack code shared lib heap stack code shared lib

Shared Libraries

slide-19
SLIDE 19

19

P1 address space

264-1

⋮ 0x0A0 call foo ⋮ 0x105 foo: call *jumpTable[42] ⋮

Jump table initially empty Library call indirects through jump table

jumpTable = {

[0] = ? [1] = ?

⋮ [42] = ? ⋮ }

Shared Libraries

heap stack code

slide-20
SLIDE 20

20

P1 address space

264-1

⋮ 0x0A0 call foo ⋮ 0x105 foo: call *jumpTable[42] ⋮ jumpTable = {

[0] = ? [1] = ?

⋮ [42] = &memcpy, ⋮ 0x3FC } ⋮ 0x3FC memcpy: ⋮

Jump table fixed when library is loaded

  • by a program called a loader

Shared Libraries

heap stack code shared lib