NT Kernel CS Spring 2002

Overview Interrupts and Exceptions: Trap Handler Interrupt Request Levels and IRT DPC’s, and APC’s System Service Dispatching Exception Dispatching Dispatcher Objects Example: Reading a file

Interrupts vs Exceptions An interrupt is an asynchronous event, one that occurs at a time unrelated to what the processor is executing: I/O device interrupts, clocks, timers, etc. They usually can be enabled or disabled. An exception is a synchronous event, one that results from the execution of an instruction: memory access violations, debugger instructions, divide-by-zero, etc.

Interrupt & Exception Handling Wide variety of hardware supported The kernel provides a uniform interface by transferring control to the trap handler. The trap handler fills TrapFrame field in _KTHREAD with the execution state of the thread and transfers control to an appropriate kernel or executive module for handling the condition.

Interrupt & Exception Dispatching Interrupt Dispatcher System Service Dispatcher Interrupt Service Routines System Services Exception Dispatcher Exception Handlers VM Manager Pager Interrupt System Service Call Hard/Software Exceptions Virtual Address Exceptions Trap Handler

Interrupt Request Levels Each processor runs at a particular interrupt request level (IRQL) Threads running in kernel mode can change their current processor’s IRQL. Each type of interrupt is associated with a particular IRQL. Only interrupts at IRQL greater than that of a processor are enabled for that processor.

NT Defined IRQL’s High Level Power Level Interprocessor Interrupt Level Clock Levels Device Levels n to 1 Dispatch/DPC Level APC Level Low Level Machine check or bus error Power failure (not used) Work request from another processor Clock, kernel profiler I/O Device levels Thread dispatching & DPC’s Asynchronous proc. calls Normal Thread Execution IRQLTypes of Interrupts

Interrupt Dispatch Table One IDT per processor One entry for each IRQL An entry is a list of interrupt objects which were connected by device drivers When an interrupt occurs, it is mapped to an IRQL and so to an entry in the table. Each interrupt object specifies an ISR to handle the interrupt. So several devices can interrupt at the same level.

Software Interrupt Uses To initiate thread dispatching: For synchronization, kernel runs at DPC level; it requests a dispatch interrupt which will not be serviced until it lowers IRQL. Handle timer expiration Asynchronously execute a procedure in the context of a particular thread. For example, asynchronous I/O is done this way.

Deferred Procedure Calls Handlers can issue deferred procedure calls for non-time critical operations. Timers and the clock interrupt are handled this way. These are DPC objects which are ly queued per processor, and a DPC interrupt is requested. When IRQL below DPC level, they are executed.

Asynchronous Procedure Calls APC objects are queued on a per thread queue and an APC level interrupt is requested. Executes only in a specified thread. Kernel mode APC’s require no permission, but user mode APC’s execute only if the target thread has declared itself to be alertable (using e.g. WaitForSingleObjectEx or SleepEx) Asynchronous I/O uses this method.

KTHREAD Dispatcher Header User & kernel times System service table Thread scheduling info Trap frame Synchronization info Pending APC list Object Wait List TEB Thread Local storage Kernel stack info

System Service Dispatching Uses SYSCALL or INT 0x2e to trap to kernel mode. _KTHREAD SystemTable field specifies up to four System Service Dispatch Tables, 1K entries per table Arguments are copied to kernel mode stack to protect them. Flexible: expansion or modification by changing table entries.

Exception Dispatching Save trap frame and exception record LPC to debugger port Check Frame based handlers LPC to debugger port LPC to exception port (monitored by environment subsystem -- e.g. POSIX signals sent this way) Kernel Default handler -- terminates process -- DrWtsn32.exe

Exception Types ACCESS_VIOLATION DATATYPE_MISALIGNMENT BREAKPOINT SINGLE_STEP ARRAY_BOUNDS_EXCEEDED FLT_DENORMAL_OPERAND FLT_DIVIDE_BY_ZERO FLT_INEXACT_RESULT FLT_INVALID_OPERATION FLT_OVERFLOW FLT_STACK_CHECK FLT_UNDERFLOW INT_DIVIDE_BY_ZERO INT_OVERFLOW PRIV_INSTRUCTION IN_PAGE_ERROR ILLEGAL_INSTRUCTION NONCONTINUABLE_EXCEPTION STACK_OVERFLOW INVALID_DISPOSITION GUARD_PAGE INVALID_HANDLE

Example: Read.c void main(void) { HANDLE hFile; char buffer[256]; DWORD numRead; if ((hFile = CreateFile(“foo.bar”,...) !=INVALID_HANDLE_VALUE) { if(!ReadFile(hFile, buffer, 256, &numRead, NULL)){...} }}

Tracking the Read (1 of 2) ReadFile called from main NtReadFile called from ReadFile Trap handler: System Service Dispatch Table  I/O Manager  Device Driver Device Driver: queues read job Interrupt  Trap handler: IDT  Device Driver ISR: Queue DPC

Tracking the Read (2 of 2) IRQL drops DPC starts disk read Interrupt  Trap handler: IDT  Device Driver ISR  ISR queues DPC IRQL drops  DPC checks status, etc. DPC queues Kernel APC IRQL drops, Thread runs  APC runs,copies data to user buffer NtRead returns, ReadFile returns.