Protection and the Kernel: Mode, Space, and Context.

Slides:

Advertisements

Similar presentations

Threads, SMP, and Microkernels

Advertisements

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

The Kernel Abstraction. Challenge: Protection How do we execute code with restricted privileges? – Either because the code is buggy or if it might be.

Chapter 6 Limited Direct Execution

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

1 Operating Systems and Protection CS Goals of Today’s Lecture How multiple programs can run at once  Processes  Context switching  Process.

Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.

Introduction to Operating Systems – Windows process and thread management In this lecture we will cover Threads and processes in Windows Thread priority.

Introduction to Kernel

Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:

OS Spring’03 Introduction Operating Systems Spring 2003.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Process Description and Control Chapter 3 = Why process? = What is a process? = How to represent processes? = How to control processes?

Process Description and Control A process is sometimes called a task, it is a program in execution.

OS Spring’04 Introduction Operating Systems Spring 2004.

Operating System Organization

1 Threads Chapter 4 Reading: 4.1,4.4, Process Characteristics l Unit of resource ownership - process is allocated: n a virtual address space to.

1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.

CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

Chapter 8 Windows Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.

System Calls 1.

COP 4600 Operating Systems Spring 2011 Dan C. Marinescu Office: HEC 304 Office hours: Tu-Th 5:00-6:00 PM.

Traps and Faults. Review: Mode and Space data user mode kernel mode A B C “kernel space”

Implementing Processes. Review: Threads vs. Processes 1. The process is a kernel abstraction for an independent executing program. includes at least one.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.

Threads and Concurrency. A First Look at Some Key Concepts kernel The software component that controls the hardware directly, and implements the core.

Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.

The Structure of Processes (Chap 6 in the book “The Design of the UNIX Operating System”)

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

CPS 110/EE 153 Course Intro. The operating system (OS) is the interface between user applications and the hardware. An OS implements a sort of virtual.

Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.

Processes and Process Control 1. Processes and Process Control 2. Definitions of a Process 3. Systems state vs. Process State 4. A 2 State Process Model.

Interrupt driven I/O. MIPS RISC Exception Mechanism The processor operates in The processor operates in user mode user mode kernel mode kernel mode Access.

1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.

Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.

Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.

Introduction to Operating Systems and Concurrency.

Programs and Processes. The Virtual Address Space A typical process VAS space includes: user regions in the lower half V->P mappings specific to each.

Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.

Managing Processors Jeff Chase Duke University. The story so far: protected CPU mode user mode kernel mode kernel “top half” kernel “bottom half” (interrupt.

What is a Process ? A program in execution.

Operating Systems Unit 2: – Process Context switch Interrupt Interprocess communication – Thread Thread models Operating Systems.

CSCI/CMPE 4334 Operating Systems Review: Exam 1 1.

Chapter 6 Limited Direct Execution Chien-Chung Shen CIS/UD

Of Privilege, Traps, Interrupts & Exceptions Prof. Sirer CS 316 Cornell University.

1.1 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 1: Introduction What Operating Systems Do √ Computer-System Organization.

Introduction to Operating Systems Concepts

Introduction to Operating Systems

CS 3214 Computer Systems Lecture 9 Godmar Back.

Introduction to Kernel

Protection and OS Structure

CS 6560: Operating Systems Design

Intro to Processes CSSE 332 Operating Systems

Structure of Processes

CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

Lecture Topics: 11/1 General Operating System Concepts Processes

Architectural Support for OS

Threads Chapter 4.

Process Control B.Ramamurthy 2/22/2019 B.Ramamurthy.

CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.

CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.

Operating Systems: A Modern Perspective, Chapter 3

CSE 451: Operating Systems Winter 2007 Module 2 Architectural Support for Operating Systems Brian Bershad 562 Allen Center 1.

Unix Process Control B.Ramamurthy 4/11/2019 B.Ramamurthy.

CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.

Outline Operating System Organization Operating System Examples

Architectural Support for OS

Presentation transcript:

Protection and the Kernel: Mode, Space, and Context

Challenges for a “Classical” Protected OS What are the mechanisms that operating systems use to: safely allocate physical resources (memory, storage, CPU) to multiple programs? securely track and control resource usage? isolate programs from the details of running on a shared machine? protect one executing program’s storage from another? prevent rogue programs from taking over the machine or impairing the functions of the operating system? allow mutually distrusting programs to interact safely? recover cleanly from user program failures

Processes and the Kernel data processes in private virtual address spaces system call traps...and upcalls (e.g., signals) shared kernel code and data in shared address space Threads or processes enter the kernel for services. The kernel sets up process execution contexts to “virtualize” the machine. CPU and devices force entry to the kernel to handle exceptional events.

A First Look at Some Key Concepts kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern hardware has features that allow the OS kernel to protect itself from untrusted user code. thread An executing stream of instructions and its CPU register context. virtual address space An execution context for thread(s) that provides an independent name space for addressing some or all of physical memory. process An execution of a program, consisting of a virtual address space, one or more threads, and some OS kernel state.

The Kernel Today, all “real” operating systems have protected kernels. The kernel resides in a well-known file: the “machine” automatically loads it into memory (boots) on power-on/reset. Our “kernel” is called the executive in some systems (e.g., NT). The kernel is (mostly) a library of service procedures shared by all user programs, but the kernel is protected: User code cannot access internal kernel data structures directly, and it can invoke the the kernel only at well-defined entry points (system calls). Kernel code is like user code, but the kernel is privileged: The kernel has direct access to all hardware functions, and defines the machine entry points for interrupts and exceptions.

Threads vs. Processes 1. The process is a kernel abstraction for an independent executing program. includes at least one “thread of control” also includes a private address space (VAS) - VAS requires OS kernel support often the unit of resource ownership in kernel - e.g., memory, open files, CPU usage 2. Threads may share an address space. Threads have “context” just like vanilla processes. - thread context switch vs. process context switch Every thread must exist within some process VAS. Processes may be “multithreaded” with thread primitives supported by a library or the kernel. data

Introduction to Virtual Addressing text data BSS user stack args/env kernel data virtual memory (big) physical memory (small) virtual-to-physical translations User processes address memory through virtual addresses. The kernel and the machine collude to translate virtual addresses to physical addresses. The kernel controls the virtual-physical translations in effect for each space. The machine does not allow a user process to access memory unless the kernel “says it’s OK”. The specific mechanisms for implementing virtual address translation are machine-dependent: we will cover them later.

The Virtual Address Space A typical process VAS space includes: user regions in the lower half V->P mappings specific to each process accessible to user or kernel code kernel regions in upper half shared by all processes accessible only to kernel code Nachos: process virtual address space includes only user portions. mappings change on each process switch text data BSS user stack args/env 0 data kernel text and kernel data 2 n-1 0x0 0xffffffff A VAS for a private address space system (e.g., Unix) executing on a typical 32-bit architecture. sbrk() jsr

Example: Process and Kernel Address Spaces data 0 2 n n-1 data 0x7FFFFFFF 0x xFFFFFFFF 0x0 n-bit virtual address space 32-bit virtual address space

Kernel Mode 0 2n2n code library OS data OS code Program A data Data Program B Data registers CPU R0 Rn PC main memory x x mode CPU mode (a field in some status register) indicates whether the CPU is running in a user program or in the protected kernel. Some instructions or data accesses are only legal when the CPU is executing in kernel mode. physical address space

Protecting Entry to the Kernel Protected events and kernel mode are the architectural foundations of kernel-based OS (Unix, NT, etc). The machine defines a small set of exceptional event types. The machine defines what conditions raise each event. The kernel installs handlers for each event at boot time. e.g., a table in kernel memory read by the machine The machine transitions to kernel mode only on an exceptional event. The kernel defines the event handlers. Therefore the kernel chooses what code will execute in kernel mode, and when. user kernel interrupt or exception trap/return

Thread/Process States and Transitions running (user) running (kernel) readyblocked Run Wakeup interrupt, exception Sleep Yield trap/return

CPU Events: Interrupts and Exceptions an “unnatural” change in control flow an interrupt is caused by an external event device requests attention, timer expires, etc. an exception is caused by an executing instruction CPU requires software intervention to handle a fault or trap. the kernel defines a handler routine for each event type control flow event handler (e.g., ISR) exception.cc

Handling Events, Part I: The Big Picture 1. To deliver the event, the machine saves relevant state in temporary storage, then transfers control to the kernel. Set kernel mode and set PC := handler. 2. Kernel handler examines registers and saved machine state. What happened? What was the machine doing when it happened? How should the kernel respond? 3. Kernel responds to the condition. Execute kernel service, device control code, fault handlers, etc., modify machine state as needed. 4. Kernel restores saved context (registers) and resumes activity. 5. Specific events and mechanisms for saving, examining, or restoring context are machine-dependent.

Mode, Space, and Context At any time, the state of each processor is defined by: 1. mode: given by the mode bit Is the CPU executing in the protected kernel or a user program? 2. space: defined by V->P translations currently in effect What address space is the CPU running in? Once the system is booted, it always runs in some virtual address space. 3. context: given by register state and execution stream Is the CPU executing a thread/process, or an interrupt handler? Where is the stack? These are important because the mode/space/context determines the meaning and validity of key operations.

Common Mode/Space/Context Combinations 1. User code executes in a process/thread context in a process address space, in user mode. Can address only user code/data defined for the process, with no access to privileged instructions. 2. System services execute in a process/thread context in a process address space, in kernel mode. Can address kernel memory or user process code/data, with access to protected operations: may sleep in the kernel. 3. Interrupts execute in a system interrupt context in the address space of the interrupted process, in kernel mode. Can access kernel memory and use protected operations. no sleeping!

user process kernel process kernel interrupt text data BSS user stack args/env 0 data kernel text and kernel data 2 n-1 0x0 0xffffffff Summary: Mode, Space, and Context