CSE 153 Design of Operating Systems Winter 18

Slides:



Advertisements
Similar presentations
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
Advertisements

Lecture 2: Architectural (hardware) Support for Operating Systems
Exceptional Control Flow Processes Today. Control Flow Processors do only one thing: From startup to shutdown, a CPU simply reads and executes (interprets)
The Kernel Abstraction. Challenge: Protection How do we execute code with restricted privileges? – Either because the code is buggy or if it might be.
Chapter 6 Limited Direct Execution
CS 153 Design of Operating Systems Spring 2015 Lecture 3: Intro and Architectural Support for Operating Systems.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.
OS Spring’03 Introduction Operating Systems Spring 2003.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
OS Spring’04 Introduction Operating Systems Spring 2004.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
What are Exception and Interrupts? MIPS terminology Exception: any unexpected change in the internal control flow – Invoking an operating system service.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
Protection and the Kernel: Mode, Space, and Context.
Traps and Faults. Review: Mode and Space data user mode kernel mode A B C “kernel space”
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Operating Systems Lecture 7 OS Potpourri Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software.
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.
Exceptional Control Flow Topics Exceptions except1.ppt CS 105 “Tour of the Black Holes of Computing”
CE Operating Systems Lecture 2 Low level hardware support for operating systems.
Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.
CE Operating Systems Lecture 2 Low level hardware support for operating systems.
Chapter 6 Limited Direct Execution Chien-Chung Shen CIS/UD
Of Privilege, Traps, Interrupts & Exceptions Prof. Sirer CS 316 Cornell University.
University of Washington Roadmap 1 car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Car c = new Car(); c.setMiles(100);
Introduction to Operating Systems Concepts
Computer System Structures Interrupts
Exceptional Control Flow
Introduction to Operating Systems
Introduction to Operating Systems
Chapter 2: Computer-System Structures(Hardware)
Interrupts and exceptions
Chapter 2: Computer-System Structures
Interrupts and signals
Operating Systems CMPSC 473
Exceptional Control Flow
Protection and OS Structure
Exceptional Control Flow
Anton Burtsev February, 2017
Mechanism: Limited Direct Execution
Exceptional Control Flow
Overview of today’s lecture
Exceptional Control Flow
CSE451 Operating Systems Winter 2011
CSE 120 Principles of Operating
Module 2: Computer-System Structures
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Exceptions Control Flow
Architectural Support for OS
CSE 451: Operating Systems Autumn 2004 Module 2 Architectural Support for Operating Systems Hank Levy 1.
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
Module 2: Computer-System Structures
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
CSE 451: Operating Systems Winter 2007 Module 2 Architectural Support for Operating Systems Brian Bershad 562 Allen Center 1.
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
Architectural Support for OS
CSE 451: Operating Systems Winter 2004 Module 2 Architectural Support for Operating Systems Ed Lazowska 570 Allen Center 1.
CSE 153 Design of Operating Systems Winter 2019
Chapter 2: Computer-System Structures
Chapter 2: Computer-System Structures
Module 2: Computer-System Structures
Steve Gribble (for Hank Levy)
Module 2: Computer-System Structures
Operating Systems Structure
Interrupts and System Calls
Presentation transcript:

CSE 153 Design of Operating Systems Winter 18 Lecture 3: OS model and Architectural Support

Last time/Today Historic evolution of Operating Systems (and computing!) Today: We start our journey in exploring Operating Systems Try to answer questions such as: What is the OS? What does it need to do? How/When does the OS run? How do programs interact with it? How is this supported by CPUs?

Some questions to get you thinking What is the OS? Software? Is the OS always executing? If not, how do we make sure it gets to run? How do we prevent user programs from directly manipulating hardware?

Sleeping Beauty Model Answer: Sleeping beauty model Technically known as controlled direct execution OS runs in response to “events”; we support the switch in hardware Only the OS can manipulate hardware or critical system state Most of the time the OS is sleeping Good! Less overhead Good! Applications are running directly on the hardware We want the OS to be out of the picture unless it is needed. Programs run directly on the hardware. When an event occurs (including a request to the OS), the hardware supports a switch to the OS. OS is the sleeping beauty To make sure that the OS only can access protected state (e.g., hardware devices and OS data structures) the architecture should also support (at least) two modes of execution. Some operations are only valid in privileged mode. The switch to the OS is accompanied with a mode switch to privileged mode. Switch back to user program also switches mode back to unprivileged mode.

What do we need from the architecture/CPU? Manipulating privileged machine state Protected instructions Manipulate device registers, TLB entries, etc. Controlling access Generating and handling “events” Interrupts, exceptions, system calls, etc. Respond to external events CPU requires software intervention to handle fault or trap Other stuff Mechanisms to handle concurrency, Isolation, virtualization …

Types of Arch Support Manipulating privileged machine state Protected instructions Manipulate device registers, TLB entries, etc. Controlling access Generating and handling “events” Interrupts, exceptions, system calls, etc. Respond to external events CPU requires software intervention to handle fault or trap Other stuff Interrupts, atomic instructions, isolation

Protected Instructions OS must have exclusive access to hardware and critical data structures Only the operating system can Directly access I/O devices (disks, printers, etc.) Security, fairness (why?) Manipulate memory management state Page table pointers, page protection, TLB management, etc. Manipulate protected control registers Kernel mode, interrupt level Halt instruction (why?)

Privilege mode Hardware restricts privileged instructions to OS Q: How does the HW know if the executed program is OS? HW must support (at least) two execution modes: OS (kernel) mode and user mode Mode kept in a status bit in a protected control register User programs execute in user mode OS executes in kernel mode (OS == “kernel”) CPU checks mode bit when protected instruction executes Attempts to execute in user mode trap to OS X86: ring0 (kernel), ring1&2 (rarely used), ring3 (app) ARM: EL0 (app), EL1 (kernel), EL2 (hypervisor), EL3 (SM)

Switching back and forth Going from higher privilege to lower privilege Easy: can directly modify the mode register to drop privilege But how do we escalate privilege? Special instructions to change mode System calls (int 0x80, syscall, svc) Saves context and invokes designated handler You jump to the privileged code; you cannot execute your own OS checks your syscall request and honors it only if safe Or, some kind of event happens in the system Also, hypercalls to ask the hypervisor for services (vmcall, hvc) if virtualization is implemented. Secure monitor call to go to secure monitor mode. FYI/Beyond the scope of today’s class

Types of Arch Support Manipulating privileged machine state Protected instructions Manipulate device registers, TLB entries, etc. Controlling access Generating and handling “events” Interrupts, exceptions, system calls, etc. Respond to external events CPU requires software intervention to handle fault or trap Other stuff

Review: Computer Organization Events are supported by the hardware by automatically trapping to the OS. When an event occurs (e.g., fault like a divide by 0, or a hardware interrupt), we stop the fetch->decode->execute cycle, mode switch to OS, save state and trap to the start of the interrupt handling routine

Events An event is an “unnatural” change in control flow Events immediately stop current execution Changes mode, context (machine state), or both The kernel defines a handler for each event type Event handlers always execute in kernel mode The specific types of events are defined by the machine Once the system is booted, OS is one big event handler all entry to the kernel occurs as the result of an event

Handling events – Interrupt vector table

Categorizing Events Two kinds of events: synchronous and asynchronous Sync events are caused by executing instructions Example? Async events are caused by an external event Asynchronous events CPU ticks Synchronous events

Categorizing Events Two kinds of events: synchronous and asynchronous Sync events are caused by executing instructions Async events are caused by an external event Two reasons for events: unexpected and deliberate Unexpected events are, well, unexpected Example? Deliberate events are scheduled by OS or application Why would this be useful?

Categorizing Events This gives us a convenient table: Terms may be slightly different by OS and architecture E.g., POSIX signals, asynch system traps, async or deferred procedure calls Unexpected Deliberate Synchronous fault syscall trap Asynchronous interrupt signal

Faults Hardware detects and reports “exceptional” conditions Page fault, memory access violation (unaligned, permission, not mapped, bounds…), illegal instruction, divide by zero Upon exception, hardware “faults” (verb) Must save state (PC, regs, mode, etc.) so that the faulting process can be restarted Invokes registered handler

Handling Faults Some faults are handled by “fixing” the exceptional condition and returning to the faulting context Page faults cause the OS to place the missing page into memory Fault handler resets PC of faulting context to re-execute instruction that caused the page fault

Handling Faults The kernel may handle unrecoverable faults by killing the user process Program fault with no registered handler Halt process, write process state to file, destroy process In Unix, the default action for many signals (e.g., SIGSEGV) What about faults in the kernel? Dereference NULL, divide by zero, undefined instruction These faults considered fatal, operating system crashes Unix panic, Windows “Blue screen of death” Kernel is halted, state dumped to a core file, machine locked up

Categorizing Events Unexpected Deliberate Synchronous fault syscall trap Asynchronous interrupt signal

System Calls For a user program to do something “privileged” (e.g., I/O) it must call an OS procedure Known as crossing the protection boundary, or a protected procedure call Hardware provides a system call instruction that: Causes an exception, which invokes a kernel handler Passes a parameter determining the system routine to call Saves caller state (PC, regs, mode) so it can be restored Why save mode? Returning from system call restores this state

System Call emacs: read() Trap to kernel mode, save state User mode Restore state, return to user level, resume execution Trap handler Find read handler read() kernel routine

Another view 0xFFFFFFFF Kernel Stack SP2 1G PC2 Kernel Code 0xC0000000 Address Space User Stack 3G SP1 User Code PC1 0x00000000

System Call Questions There are hundreds of syscalls. How do we let the kernel know which one we intend to invoke? Before issuing int $0x80 or sysenter, set %eax/%rax with the syscall number System calls are like function calls, but how to pass parameters? Just like calling convention in syscalls, typically passed through %ebx, %ecx, %edx, %esi, %edi, %ebp

More questions How to reference kernel objects (e.g., files, sockets)? Naming problem – an integer mapped to a unique object int fd = open(“file”); read(fd, buffer); Why can’t we reference the kernel objects by memory address?

System calls in xv6 Look at trap.h and trap.c Interrupt handlers are initialized in two arrays (idt and vectors) Tvinit() function does the initialization Syscalls have a single trap handler (T_SYSCALL, 64) Trap() handles all exceptions, including system calls If the exception is a system call, it calls syscall() Keep digging from there to understand how system calls are supported You will be adding a new system call in Lab 1

Categorizing Events Interrupts signal asynchronous events Unexpected Deliberate Synchronous fault syscall trap Asynchronous interrupt software interrupt Interrupts signal asynchronous events I/O hardware interrupts Software and hardware timers

Timer The key to a timesharing OS The fallback mechanism by which the OS reclaims control Timer is set to generate an interrupt after a period of time Setting timer is a privileged instruction When timer expires, generates an interrupt Handled by the OS, forcing a switch from the user program Basis for OS scheduler (more later…) Also used for time-based functions (e.g., sleep()) Prevents infinite loops OS can always regain control from erroneous or malicious programs that try to hog CPU

I/O using Interrupts Interrupts are the basis for asynchronous I/O OS initiates I/O Device operates independently of rest of machine Device sends an interrupt signal to CPU when done OS maintains a vector table containing a list of addresses of kernel routines to handle various events CPU looks up kernel address indexed by interrupt number, context switches to routine

I/O Example 1. Ethernet receives packet, writes packet into memory 2. Ethernet signals an interrupt 3. CPU stops current operation, switches to kernel mode, saves machine state (PC, mode, etc.) on kernel stack 4. CPU reads address from vector table indexed by interrupt number, branches to address (Ethernet device driver) 5. Ethernet device driver processes packet (reads device registers to find packet in memory) 6. Upon completion, restores saved state from stack

Interrupt Questions Interrupts halt the execution of a process and transfer control (execution) to the operating system Can the OS be interrupted? (Consider why there might be different interrupt levels) Interrupts are used by devices to have the OS do stuff What is an alternative approach to using interrupts? What are the drawbacks of that approach?

Memory Isolation OS must be able to protect programs from each other OS must protect itself from user programs OS may or may not protect user programs from itself Memory management unit (MMU) Hardware unit provides memory protection mechanisms Virtual memory Segmentation Manipulating memory management hardware uses protected (privileged) operations

Example memory protection

Summary Protection System calls Exceptions Interrupts User/kernel modes Protected instructions System calls Used by user-level processes to access OS functions Access what is “in” the OS Exceptions Unexpected event during execution (e.g., divide by zero) Interrupts Timer, I/O

Next Time… Processes Project: Continue to get familiar with the environment In particular, Chapter 0 Read the system call/interrupt chapter in the xv6 book (Chapter 3) If you have time, work through at least some of the booting sequence tutorial Read appendix A and B in xv6 book Ask questions on Piazza