MP 1
MP 1
MP 1
In this machine problem, you will modify the Linux real-time clock (RTC) driver to toggle characters on the text-mode
video console from one ASCII character to another, with a user-settable toggle rate. This will serve a dual purpose:
first, it will be an exercise in writing x86 assembly, allowing you to gain experience with the x86 ISA. Second, it will
provide an introduction into how drivers accomplish tasks inside the Linux kernel.
MP1 Assignment
You will add four new ioctls to the existing RTC driver, as well as a tasklet that will update the text-mode video
screen on every RTC interrupt.
Your code will reside in mp1.S, a GNU-style assembly file. Assembly files with a capital-S extension (.S) are prepro-
cessed using the standard C preprocessor before being assembled, so things like #include and #define are OK to
use. Your code must be implemented using GNU x86 assembly.
Please be aware that the preprocessor will catch anything that looks like a directive and may prevent your code from
assembling. Use of # to denote comments is problematic, especially for those who like to begin comments with “if.”
The assembler accepts both C-style /* comments */ and C++-style // comments.
on char and back, with toggle rates determined by on length and off length. A pointer to the first element in the
linked list (the head of the list) is defined in the mp1.S file as a global variable, mp1 list head. mp1 list head is
initialized to NULL (the value it holds is zero) to indicate that there are currently no blinking locations on the screen.
The tail element of the list will have its next field equal to NULL to indicate that it is the last element. A diagram
of this singly-linked list layout for a three-item list is shown on the following page. Example memory addresses of
structures and variables are shown in parentheses.
mp1_list_head (0x804a1b0)
0x804b008
MP1 Tasklet
The first function you need to write is called mp1 rtc tasklet. The tasklet must update the state of the game. Its
C prototype is:
void mp1 rtc tasklet (unsigned long);
Every time an RTC interrupt is generated, mp1 rtc tasklet will be called. Your tasklet will walk down the
mp1 list head list, examining each mp1 blink struct structure. The function first decrements the countdown
field of the structure. If the countdown field has reached zero after the decrement, the tasklet will examine the
status field. If this field is equal to 1, that location currently has the on char character; if this field is 0, that loca-
tion currently has the off char character. The tasklet should put the opposite character (i.e. interchange the status
between on/off) out to video memory with a call to mp1 poke. For information on how to draw to the screen, see the
“Text-Mode Video” section. Finally, the tasklet updates the countdown field by copying the value from the opposite
length field to countdown. For example, if the character was currently off and you just turned it on, copy on length
to countdown. In this way, the toggle rate for each character is controlled by the length fields. The tasklet then must
move on to the next list element. The function returns when it reaches the end of the list.
MP1 Ioctls
The next function you must write is called mp1 ioctl. Its C prototype is:
This function serves as a “dispatcher” function. It uses the cmd argument to determine which of the next four functions
to jump to. The table below gives a brief summary of cmd values, the corresponding core function, and a brief descrip-
tion of what that core function does. Each of the core functions are described in the section entitled “Core Functions.”
Note that you must check this cmd value; if it is an invalid command, return -1.
(previous stack)
Core Functions
You must implement each of the following four functions in assembly in the mp1.S file.
Note: A common task across these four ioctls is searching a linked list for a specific element that matches a particular
location. You must implement a separate function that performs a linked list search, and call this function from the
mp1 ioctl remove, mp1 ioctl find, and mp1 ioctl sync core functions. Designing the interface to this function
(in other words, what parameter(s) is/are passed to it, what value(s) is/are returned from it, and so forth) is up to you.
int mp1 ioctl add(unsigned long arg)
The add ioctl takes as its argument a user-level pointer to a mp1 blink struct structure. First, dynamically
allocate memory using the mp1 malloc function to store a copy of the structure. Copy the entire mp1 blink struct
from the user-space structure to the newly-allocated memory (use mp1 copy from user). Then set the countdown
field to be equal to the on length field, and set the status field to 1. Then insert this structure at the head of the
linked list using the mp1 list head pointer. Finally, make a call to mp1 poke with the correct register parameters
to immediately display the character on the text-mode video screen. This effectively turns the location “on.” After
countdown RTC interrupts have elapsed, your mp1 rtc tasklet will turn the location “off.” This function should
return 0 if a successful add was performed.
Your function must handle errors. If there is a memory allocation error (in which case mp1 malloc returns NULL),
return -1. Remember the semantics of mp1 copy from user. If it could not copy all the bytes requested, it will return
the number of bytes it was not able to copy. If this function returns anything other than 0, the copy has failed, and the
function should return -1. If the location is outside the valid range of 0 to 80*25-1, this function should return -1.
Finally, your error handling must prevent memory leaks. If you have allocated any memory using mp1 malloc, and
you find that there is an error condition, you must free the memory using mp1 free.
int mp1 ioctl remove(unsigned long arg)
The remove ioctl takes an integer location as its parameter. Traverse the mp1 list head list, looking for an element
whose location field matches the argument given to this function. If there is such an element, remove it from the
linked list and free its memory with a call to mp1 free, and return 0. If there is no element whose location matches,
return -1.
int mp1 ioctl find(unsigned long arg)
The find ioctl takes a pointer to a mp1 blink struct, like add. The only parameter it is concerned with as an input
is the location parameter, but you must validate that the pointer refers to a valid structure before reading from the struc-
ture. After extracting the location parameter from the user-level structure, search the mp1 list head list for an ele-
ment that matches the location. Then copy the entire element, which is a
mp1 blink struct, to the user-level structure pointed to by the parameter that was passed in (use mp1 copy to user).
In this way it uses the parameter as both an input and an output. If there is no matching location in the list, return -1,
otherwise return 0. Similar error conditions apply to this function as in the previous two.
int mp1 ioctl sync(unsigned long arg)
The sync ioctl’s unsigned long argument is really two two-byte unsigned short integers, packed into one
four-byte argument. The first integer is stored in the upper 16 bits of arg, and the second integer is stored in the lower
16 bits. You must extract these two integers from the single argument.
The sync ioctl synchronizes two existing locations on the screen. The first integer represents the location of the first
blinking character, and the second integer represents the location of the second blinking character that will become
4
synchronized with the first. Search the mp1 list head list, looking for elements with locations that match the two
integers, respectively. Then copy the timing information (the on length, off length, countdown, and status
fields) from the first element to the second element. After copying these fields, call mp1 poke to immediately update
the display using the correct character (that is, either the on char or the off char, depending on status) to the
screen for the second location. This function should return 0 on success, and -1 on failure. Similar failure cases apply.
Synchronization Constraints
The code (both user-level and kernel) for MP1 allows the tasklet to execute in the middle of any of the ioctls, so you
must be careful to order the updates properly in some of the operations. Since the tasklet does not modify the list, the
main constraint is that any ioctl that modifies the list does so in a way that never leaves the list in an unusable state.
In particular, mp1 ioctl add must fill in the newly allocated structure, including the next field, before changing the
head of the list to point to the new structure. Similarly, mp1 ioctl remove must remove the element from the list
before freeing it; copying the structure’s next pointer into a register is not sufficient, since the tasklet could try to read
the structure after the call to mp1 free. Updates in the other calls can not lead to major problems.
1. IOCTL dispatcher - There won’t be any output when this is finished. This is just to set up the calls to the core
functions.
2. ADD - An ASCII picture of a fish should appear if this is working correctly
3. Tasklet - The ASCII fish should blink between the two frames
4. FIND/SYNC - An I/M should appear after a few seconds and the “I/M” blinks should sync up with the rest of
the fish background after some time.
5. REMOVE - After the “I/M” have synced with the rest of the fish background, the “M” will be removed and so
the blinking will stop and the “I” will be left over
5
Getting Started
Be sure that your development environment is set up from MP0. In particular, have the base Linux kernel compiled
and running on your test machine. Begin MP1 by following these steps:
• We have created a Git repository for you to use for this project. The repository is available at
https://gitlab.engr.illinois.edu/ece391 sp23/mp1 <YOUR NETID>
and can be accessed from anywhere.
• Access to your Git repositories will be provisioned shortly after the MP is released. Watch your @illinois.edu
email for an invitation from Gitlab.
• To use Git on a lab computer, you’ll have to use Git Bash on Windows, not the VM. You are free to download
other Git tools as you wish, but this documentation assumes you are using Git Bash. To launch Git Bash,
click the Start button in Windows, type in git bash, then click on the search result that says Git Bash.
• Run the following commands to make sure the line endings are set to LF (Unix style):
git config --global core.autocrlf input
git config --global core.eol lf
• Switch the path in git-bash into your Z: drive by running the command: cd /z
• If you do NOT have a ssh-key configured, clone your git repo in Z: drive by running the command (it will
prompt you for your NETID and AD password):
git clone https://gitlab.engr.illinois.edu/ece391 sp23/mp1 <YOUR NETID>.git mp1
If you do have a ssh-key configured, clone your git repo in Z: drive by running the command:
git clone git@gitlab.engr.illinois.edu:ece391 sp23/mp1 <YOUR NETID>.git mp1
Be sure to use your repository as you work on this MP. You can use it to copy your code from your development ma-
chine to the test machine, but it’s also a good idea to commit occasionally so that you protect yourself from accidental
loss. Preventable losses due to unfortunate events, including disk loss, will not be met with sympathy.
6
Testing
Due to the critical nature of writing kernel code, it is better to test and debug as much as possible outside the kernel.
For example, let’s say that a new piece of code has a bug in it where it fails to check the validity of a pointer passed in
to it before using it. Now, say a NULL pointer is passed in and the code attempts to dereference this NULL pointer.
When running in user space, Linux catches this attempt to dereference an invalid memory location and sends a signal,1
SEGV, to the program. The program then terminates harmlessly with a “Segmentation fault” error. However, if this
same code were run inside the kernel, the kernel would crash, and the only recourse would be to restart the machine.
In addition, debugging kernel code requires the setup you developed in MP0—two machines, connected via a virtual
TCP connection, with one running the test kernel and the other running a debugger. In user space, all that’s necessary
is a debugger. The development cycle (write-compile-test-debug) in user space is much faster.
For these reasons, we have developed a user-level test harness for you to test your implementation of the additional
ioctls and tasklet. This test harness compiles and runs your code as a user-level program, allowing for a much faster
development cycle, as well as protecting your test machine from crashing. Using the user-level test harness, you can
iron out most of the bugs in your code from user space before integrating them into the kernel’s RTC driver. The
functionality is nearly identical to the functionality available if your code were running inside the kernel.
The current harness tests some of the functionality for all the ioctls, but it is not an exhaustive test. It is up to you to
ensure that all the functionality works as specified, as your code will be graded with a complete set of tests.
Note: For this assignment, a test harness is provided to you that can test some of the functionality of your code prior
to integration with the actual Linux kernel. Future assignments will place progressively more responsibility on you,
the student, for developing test methods. What this means is that a complete test harness will not be provided for every
MP, and it will be up to you to design and implement effective testing methods for your code. We encourage you to
look over how the user-level test harness works for this MP, as its design may be of use to you in future MPs. This
test harness is fully functional, and uses some advanced programming techniques to achieve a complete simulation
of how your code will execute inside the Linux kernel. You need not understand all of these techniques; however,
understanding the important ideas is useful. Questions on Piazza as to how this test harness works are welcome as
well.
Running the user-level test program: To run the user-level test program, follow these steps:
You can also type su -c "gdb utest" to run gdb on the user-level test harness to debug your code. Debugging
the kernel code will be difficult. Use the disas (disassemble) command on mp1 rtc tasklet or mp1 ioctl to see
the start of your code (feel free to add more globally visible symbols), then use explicit addresses to see the rest of
it. Be sure to start any disassembly with the starting byte of an instruction rather than an address in the middle of
an instruction. With non-function symbols (such as those in your assembly code), and with addresses, you need an
asterisk when identifying a breakpoint. For example, break *mp1 ioctl or break *0x12345678.
The test code changes the display location to the start of video memory. If you do not see a prompt after the code
finishes (correctly or otherwise), pressing the Enter key will usually return the display to normal. Note also that
gdb will return the display to its usual location, after which you will not be able to see any of the animation (while
debugging).
Note: When running the user test under gdb, the debugger stops your program whenever a signal (such as SIGUSR1
or SIGALRM) occurs. To turn off this behavior and make it easier to debug your program, type the following com-
mands in gdb:
handle SIGUSR1 noprint
handle SIGALRM noprint
Testing your code in the kernel: Once you are confident that your code is working, you need to build it in the kernel.
• If you logged in as root to test, log out and back in again as user. If you have not already done so, commit your
changes to the MP1 sources.
• Type cp /workdir/mp1/mp1.S /workdir/source/linux-2.6.22.5/drivers/char to copy your
mp1.S file to your kernel source directory.
• Type cd ∼/build to change to the Linux build directory.
• Type make to build the kernel with your changes. If you have applied the mp1.diff file as described in the
“Getting Started” section of this handout, the kernel will build and link properly.
• Follow the procedure described in MP0, “Preparing Your Environment,” to install your new kernel onto the test
virtual machine and run it. We suggest that you execute the test kernel under gdb when debugging.
• In the test machine, navigate to your mp1 directory using the command cd /workdir/mp1, then type make
clean and make.
• Type su -c ./ktest to execute the kernel test program as root (you will need to type root’s password).
The semantics of mp1 copy to user and mp1 copy from user are similar to those of memcpy, for those of you
familiar with it. These functions take two pointers to memory areas, or buffers, to and from, and a length n. Each
function copies n bytes from the from buffer to the to buffer. As can be inferred from their names, mp1 copy to user
copies data from a kernel buffer to a user-level buffer, and mp1 copy from user copies data from a user-level buffer
to the kernel. All user- to kernel- address translations are taken care of by these functions. Each of these functions
returns the number of bytes that could not be copied, which should be 0. Bad user-level pointers can cause return
values greater than zero. For example, if you pass a NULL pointer in as the user-level parameter to one of these
functions (such as the to parameter in mp1 copy to user), it checks the pointer and memory area, sees that it points
to an invalid buffer, and returns n, since it could not copy any data.
You’ll need these functions in any of the core functions which take pointers to user-level structures. Each ioctl takes
an “arg” parameter, so you will need to look at the documentation for each ioctl to figure out which ones are actually
pointers to user-level structures.
One final important note: When copying data to a buffer in the kernel, you should not use statically-allocated global
buffers. In multiprocessor systems, for example, multiple calls to your ioctl functions may be going on at the same
time. Using a statically-allocated storage area, like a global variable, is a bad idea because the separate calls to the
ioctl would be contending for using this same storage area. You should use either local variables on the stack or
dynamically-allocated memory. Refer to the Course Notes for information on allocating local variables on the stack.
The section below has information on dynamic memory allocation in the Linux kernel.
8
mp1 malloc takes a parameter specifying the number of bytes of memory to allocate. It returns a void*, called a
“void pointer,” which is the memory address of the newly-allocated memory.
mp1 free takes a pointer to a block of memory that was allocated with mp1 malloc() and releases that memory back
to the system. It does not return anything.
Text-Mode Video
Each character on the text display comprises two bytes in memory. The low byte contains the ASCII value for the
character to be display. The high byte is an attribute byte, which holds information about the color of that particular
character on the screen.
The screen is divided into rows and columns, with the upper-left character position referred to as row 0, column 0.
Each row is 80 characters wide, and there are 25 rows. The screen is stored linearly in video memory, with each
successive row stored directly after the one above it. For example, row 1, column 0 immediately follows row 0,
column 79 in memory, row 2, column 0 immediately follows row 1, column 79, and so forth. Thus, to write a pixel at
row 12, column 15 on the screen, you first need to calculate the row offset: row 12 × 80 characters per row × 2 bytes
per character = 1920. Then, add the column offset: column 15 × 2 bytes per character = 30. So, row 12 column 15 on
the screen is 1920 + 30 = 1950 bytes from the start of video memory.
mp1 poke: Due to Linux’s virtualization of the screen buffer and of video memory, the start of video memory is
not a constant, so writing to video memory is somewhat more complicated than using a mov instruction. To simplify
things for this MP, a function has been defined called mp1 poke. This function, defined in assembly in mp1.S, takes
care of finding the starting address of video memory and writing a single byte to an offset from that starting address.
mp1 poke does not make use of the C calling convention discussed in the Course Notes. Instead, to use mp1 poke,
make a function call with the following parameters:
Jump Tables
You must use a jump table to perform the “dispatching” operation in mp1 ioctl. A jump table is a table in memory
containing the addresses of functions (called function pointers). Each function pointer is a 32-bit memory address,
just like any other pointer. The memory addresses that you want to put in the jump table are the labels of the start of
each function. Let’s say you have three functions in an assembly (.S) file, with labels function0, function1, and
function2 as the names of each. You can define a jump table as follows:
function0:
# function 0 body
function1:
# function 1 body
function2:
# function 2 body
jump_table:
.long function0, function1, function2
The jump table provides an easy way to access those three functions. If you view the jump table as a C-style array of
pointers:
void* jump_table[3];
jump table[0] (in other words, the memory location at jump table + 0 bytes) holds the address of function0,
jump table[1] (at jump table + 4 bytes) holds the address of function1, and jump table[2] (at jump table
+ 8 bytes) holds the address of function2. In these examples, the number inside the brackets is the “index” into the
jump table.
In this MP, the cmd parameter should serve as the index into the jump table, and you should be able to easily jump to
each of the five core functions by creating a table similar to that shown above.
RTC Overview
A computer’s real-time clock can generate interrupts at a settable frequency. Real programs running on Linux can
make use of this device to perform timing-critical functionality. For example, a Tetris-style video game may need to
update the positions of the falling blocks every 500 milliseconds (ms). Using the RTC, the game might set up the RTC
to generate interrupts every 500 ms. Using the standard file operations above, the game can then know exactly when
500 ms has elapsed, and update its internal state accordingly.
We now use the RTC driver to illustrate how the standard file operations given above map to a real device. The
RTC driver uses the open and close operations as initialization and cleanup mechanisms for certain internal data
structures and setup routines. Once open’ed, four bytes of data become available to be read from /dev/rtc on every
RTC interrupt. Programs can use the read or poll file operations to wait for these four bytes of data to become
available, thus effectively waiting for the next RTC interrupt to be generated. The ioctl operation handles many
other functions: setting the interrupt rate, turning RTC interrupts on and off, setting alarms, and so forth.
The important concept to glean from this discussion is that drivers provide a uniform file-like interface to the outside
world via their device file and the standard set of file operations described above. The internals of actually managing
the device itself are left to the driver, and are not visible to normal programs. For example, in the RTC driver, no
program is able to directly gain control of the RTC, manage its interrupts, and so forth. Changing the frequency is
accomplished via an ioctl, and determining when an interrupt has been generated is done by waiting for the four
bytes of data to become available to be read using read or poll.
Ioctl Functions
An ioctl call from a user-mode program looks like the following:
ioctl(int file descriptor, int IOCTL COMMAND, unsigned long data argument);
The file descriptor parameter is returned from a call to open on a particular file, in this case /dev/rtc. It is
simply a number used by a program to reference a particular file that the program has opened. The program then
passes this file descriptor to other functions like ioctl, indicating that it is /dev/rtc that the program wishes to
operate upon.
The IOCTL COMMAND parameter is the particular ioctl operation to be performed on the device. It is shown in caps
because all ioctl operations are defined as constants in the header file for each device driver. All that is needed for a
program to do is select the proper predefined ioctl command and pass that command to the ioctl call.
Finally, the data argument parameter is an arbitrary value passed to the ioctl. It can be a numeric value or a
pointer to a more complex structure used by the ioctl. The MP1 testing code passes pointers to special structures
that contain all the data necessary for your RTC driver to perform the new ioctls described below.
Tasklets
Interrupt handlers themselves should be as short as possible to allow the operating system to perform other time-critical
tasks. Remember, when an interrupt occurs, control is immediately handed to the operating system so it can service
the device. All other tasks are blocked while the interrupt handler is executing. A tasklet is a way for an interrupt
handler to defer work until after the kernel has finished processing time-critical tasks and is about to return to a user
program. Normally, the interrupt handler does urgent work with the device, and then schedules a tasklet to run later
to do the heavier I/O or computation that takes much longer. The operating system can enable all interrupts while the
tasklet is executing. The main reason for deferring this sort of work is to allow other interrupts to occur while this
non-critical work is being done. This improves the responsiveness of the system.
In MP1, the RTC hardware interrupt handler schedules your tasklet (mp1 rtc tasklet) to run. When the kernel is
about to return from the interrupt, it calls your tasklet, which then can update the text-mode video screen, yet allow
other interrupts to occur.
11
• Give meaningful and descriptive (but not too long) names to your variables, labels, constants, functions, and
files. Be consistent in your naming conventions.
• Do NOT use magic numbers (any number that appears in your code without a comment or meaningful symbolic
name). -1, 0, and 1 are usually OK when used in obvious ways.
• Keep programs and functions relatively short. Don’t write spaghetti code that jumps back and forth everywhere.
Create helper functions instead and make it easy to follow the flow of the program. Note that helper functions
must obey the C calling convention.
• Use comments to explain the interfaces to all functions or subroutines, lengthy segments of code, and any non-
obvious line of code. However, do NOT overdo it. Too many comments is just as bad as too little. Use comments
to explain why, not what.
Handin
Handin will consist of a demonstration in the 391 Lab. During the demo, a TA will check the functionality of your
MP, review your code, and ask some basic questions to test your understanding of the code.
Important Things to Note:
• Regardless of your assigned demo day, the deadline is the same for everyone!
• Once the deadline hits, your GitLab write access to the project will be revoked and you will not be able to push
to your repositories.
• You are free to develop your own system of code organization, but we will STRICTLY use only the master
branch for grading, and will only make use of your mp1.S file.