Traps and Faults. Review: Mode and Space data user mode kernel mode A B C “kernel space”

Slides:



Advertisements
Similar presentations
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
Advertisements

Exceptional Control Flow Processes Today. Control Flow Processors do only one thing: From startup to shutdown, a CPU simply reads and executes (interprets)
The Kernel Abstraction. Debugging as Engineering Much of your time in this course will be spent debugging – In industry, 50% of software dev is debugging.
The Kernel Abstraction. Challenge: Protection How do we execute code with restricted privileges? – Either because the code is buggy or if it might be.
Chapter 6 Limited Direct Execution
CS 153 Design of Operating Systems Spring 2015 Lecture 3: Intro and Architectural Support for Operating Systems.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.
Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:
OS Spring’03 Introduction Operating Systems Spring 2003.
1 Process Description and Control Chapter 3 = Why process? = What is a process? = How to represent processes? = How to control processes?
Process Description and Control A process is sometimes called a task, it is a program in execution.
OS Spring’04 Introduction Operating Systems Spring 2004.
What are Exception and Interrupts? MIPS terminology Exception: any unexpected change in the internal control flow – Invoking an operating system service.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
Protection and the Kernel: Mode, Space, and Context.
CSC 501 Lecture 2: Processes. Process Process is a running program a program in execution an “instantiation” of a program Program is a bunch of instructions.
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
Contact Information Office: 225 Neville Hall Office Hours: Monday and Wednesday 12:00-1:00 and by appointment.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
1 CS/COE0447 Computer Organization & Assembly Language Chapter 5 part 4 Exceptions.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Windows 2000 System Mechanisms Computing Department, Lancaster University, UK.
Operating Systems Lecture 7 OS Potpourri Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software.
1 CSE 451 Section 2: Interrupts, Syscalls, Virtual Machines, and Project 1.
NT Kernel CS Spring Overview Interrupts and Exceptions: Trap Handler Interrupt Request Levels and IRT DPC’s, and APC’s System Service Dispatching.
Interrupt driven I/O. MIPS RISC Exception Mechanism The processor operates in The processor operates in user mode user mode kernel mode kernel mode Access.
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Processes CS 6560: Operating Systems Design. 2 Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode.
Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.
Exceptional Control Flow Topics Exceptions except1.ppt CS 105 “Tour of the Black Holes of Computing”
CE Operating Systems Lecture 2 Low level hardware support for operating systems.
Concurrency, Processes, and System calls Benefits and issues of concurrency The basic concept of process System calls.
University of Washington Exceptional Control Flow The Hardware/Software Interface CSE351 Winter 2013.
Interrupt driven I/O Computer Organization and Assembly Language: Module 12.
Managing Processors Jeff Chase Duke University. The story so far: protected CPU mode user mode kernel mode kernel “top half” kernel “bottom half” (interrupt.
Processes, Protection and the Kernel: Mode, Space, and Context.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
Chapter 6 Limited Direct Execution Chien-Chung Shen CIS/UD
Of Privilege, Traps, Interrupts & Exceptions Prof. Sirer CS 316 Cornell University.
University of Washington Roadmap 1 car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Car c = new Car(); c.setMiles(100);
WORKING OF SCHEDULER IN OS
Exceptional Control Flow
Introduction to Operating Systems
Interrupts and exceptions
Exceptional Control Flow
Protection and OS Structure
Exceptional Control Flow
Protection of System Resources
Exceptional Control Flow
Exceptional Control Flow
Exceptional Control Flow: System Calls, Page Faults etc.
CSE 120 Principles of Operating
Structure of Processes
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
CSE 153 Design of Operating Systems Winter 18
Exceptions Control Flow
Architectural Support for OS
Operating Systems Lecture 3.
Process Control B.Ramamurthy 2/22/2019 B.Ramamurthy.
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
CSE 451: Operating Systems Winter 2007 Module 2 Architectural Support for Operating Systems Brian Bershad 562 Allen Center 1.
Unix Process Control B.Ramamurthy 4/11/2019 B.Ramamurthy.
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
Architectural Support for OS
Interrupts and System Calls
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Presentation transcript:

Traps and Faults

Review: Mode and Space data user mode kernel mode A B C “kernel space”

Review: the Role of Events A CPU event is an “unnatural” change in control flow. Like a procedure call, an event changes the PC. Also changes mode or context (current stack), or both. Events do not change the current space! The kernel defines a handler routine for each event type. Event handlers always execute in kernel mode. The specific types of events are defined by the machine. Once the system is booted, every entry to the kernel occurs as a result of an event. In some sense, the whole kernel is a big event handler.

Categorizing Events An interrupt is caused by an external event. device requests attention, timer expires, etc. An exception is caused by an executing instruction. CPU requires software intervention to handle a fault or trap. control flow event handler (e.g., ISR: Interrupt Service Routine) exception.cc AST: Asynchronous System Trap Also called a software interrupt or an Asynchronous or Deferred Procedure Call (APC or DPC) Note: different “cultures” may use some of these terms (e.g., trap, fault, exception, event, interrupt) slightly differently.

System Call Traps User code invokes kernel services by initiating system call traps. Programs in C, C++, etc. invoke system calls by linking to a standard library of procedures written in assembly language. the library defines a stub or wrapper routine for each syscall stub executes a special trap instruction (e.g., chmk or callsys) syscall arguments/results passed in registers or user stack read() in Unix libc.a library (executes in user mode): #define SYSCALL_READ 27# code for a read system call move arg0…argn, a0…an# syscall args in registers A0..AN move SYSCALL_READ, v0# syscall dispatch code in V0 callsys# kernel trap move r1, _errno# errno = return status return Alpha CPU architecture

“Bullet-Proofing” the Kernel System calls must be “safe” to protect the kernel from buggy or malicious user programs. 1. System calls enter the kernel at a well-known safe point. Enter at the kernel trap handler; control transfers to the “middle” of the kernel are not permitted. 2. The kernel validates all system call arguments before use. Kernel may reject a request if it is meaningless or if the user process has inadequate privilege for the requested operation. 3. All memory used by the system call handler is in kernel space, so it is protected from interference by user code. What stack does the system call execute on?

Kernel Stacks and System Call Handling data Processes execute user code on a user stack in the user portion of the process virtual address space. Each process has a second kernel stack in kernel space (the kernel portion of the address space). stack System calls run in kernel mode on the process kernel stack. syscall dispatch table System calls run in the process space, so copyin and copyout can access user memory. The syscall trap handler makes an indirect call through the system call dispatch table to the handler for the specific system call.

Example: Mechanics of an Alpha Syscall Trap 1. Machine saves return address and switches to kernel stack. save user SP, global pointer(GP), PC on kernel stack set kernel mode and transfer to a syscall trap handler (entSys) 2. Trap handler saves software state, and dispatches. save some/all registers/arguments on process kernel stack vector to syscall routine through sysent[v0: dispatchcode] 3. Trap handler returns to user mode. when syscall routine returns, restore user register state execute privileged return-from-syscall instruction (retsys) machine restores SP, GP, PC and sets user mode emerges at user instruction following the callsys

Safe Handling of Syscall Args/Results 1. Decode and validate by-value arguments. Process (stub) leaves arguments in registers or on the stack. 2. Validate by-reference (pointer) IN arguments. Validate user pointers and copy data into kernel memory with a special safe copy routine, e.g., copyin(). 3. Validate by-reference (pointer) OUT arguments. Copy OUT results into user memory with special safe copy routine, e.g., copyout(). 4. Set up registers with return value(s); return to user space. Stub may check to see if syscall failed, possibly raising a user program exception or storing the result in a variable.

Questions About System Call Handling 1. Why do we need special copyin and copyout routines? validate user addresses before using them 2. What would happen if the kernel did not save all registers? 3. Where should per-process kernel global variables reside? syscall arguments (consider size) and error code 4. What if the kernel executes a callsys instruction? What if user code executes a retsys instruction? 5. How to pass references to kernel objects as arguments or results to/from system calls? pointers? No: use integer object handles or descriptors (also sometimes called capabilities).

Kernel Object Handles Instances of kernel abstractions may be viewed as “objects” named by protected handles held by processes. Handles are obtained by create/open calls, subject to security policies that grant specific rights for each handle. Any process with a handle for an object may operate on the object using operations (system calls). Specific operations are defined by the object’s type. The handle is an integer index to a kernel table. port file etc. object handles user spacekernel Microsoft NT object handles Unix file descriptors Nachos FileID and SpaceID

Faults Faults are similar to system calls in some respects: Faults occur as a result of a process executing an instruction. Fault handlers execute on the process kernel stack; the fault handler may block (sleep) in the kernel. The completed fault handler may return to the faulted context. But faults are different from syscall traps in other respects: Syscalls are deliberate, but faults are “accidents”. divide-by-zero, dereference invalid pointer, memory page fault Not every execution of the faulting instruction results in a fault. may depend on memory state or register contents

Options for Handling a Fault (1) 1. Some faults are handled by “patching things up” and returning to the faulted context. Example: the kernel may resolve an address fault (virtual memory fault) by installing a new virtual-physical translation. The fault handler may adjust the saved PC to re-execute the faulting instruction after returning from the fault. 2. Some faults are handled by notifying the process that the fault occurred, so it may recover in its own way. Fault handler munges the saved user context (PC, SP) to transfer control to a registered user-mode handler on return from the fault. Example: Unix signals or Microsoft NT user-mode Asynchronous Procedure Calls (APCs).

Example: Unix Signals Unix systems can notify a user program of a fault with a signal. The system defines a fixed set of signal types (e.g., SIGSEGV, SIGBUS, etc.). A user program may choose to catch some signal types, using a syscall to specify a (user mode) signal handler procedure. system passes interrupted context to handler handler may munge and/or return to interrupted context Signals are also used for other forms of asynchronous event notifications. E.g., a process may request a SIGALARM after some interval has passed, or signal another process using the kill syscall or command.

Options for Handling a Fault (2) 3. The kernel may handle unrecoverable faults by killing the user process. Program fault with no registered user-mode handler? Destroy the process, release its resources, maybe write the memory image to a file, and find another ready process/thread to run. In Unix this is the default action for many signals (e.g., SEGV). 4. How to handle faults generated by the kernel itself? Kernel follows a bogus pointer? Divides by zero? Executes an instruction that is undefined or reserved to user mode? These are generally fatal operating system errors resulting in a system crash, e.g., panic()!

Thought Questions About Faults 1. How do you suppose ASSERT and panic are implemented? 2. Unix systems allow you to run a program “under a debugger”. How do you suppose that works? If the program crashes, the debugger regains control and allows you to examine/modify its memory and register values! 3. Some operating systems allow remote debugging. A remote machine may examine/modify a crashed system over the network. How? 4. How can a user-mode fault handler recover from a fault? How does it return to the faulted context? 5. How can a debugger restart a program that has stopped, e.g., due to a fault? How are breakpoints implemented? 6. What stack do signal handlers run on?

Architectural Foundations of OS Kernels One or more privileged execution modes (e.g., kernel mode) protected device control registers privileged instructions to control basic machine functions System call trap instruction and protected fault handling User processes safely enter the kernel to access shared OS services. Virtual memory mapping OS controls virtual-physical translations for each address space. Device interrupts to notify the kernel of I/O completion etc. Includes timer hardware and clock interrupts to periodically return control to the kernel as user code executes. Atomic instructions for coordination on multiprocessors

A Few More Points about Events The machine may actually be implemented by a combination of hardware and special pre-installed software (firmware). PAL (Privileged Architecture Library) on Alpha hides hardware details from even the OS kernel some instructions are really short PAL routines some special “machine registers” are really in PAL scratch memory, not CPU registers Events illustrate hardware/software tradeoffs: how much of the context should be saved on an event or switch, and by whom (hardware, PAL, or OS) goal: simple hardware and good performance in common cases