The UNIX Time-Sharing System Landon Cox February 10, 2016.

Slides:



Advertisements
Similar presentations
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
Advertisements

Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.
1 Processes Professor Jennifer Rexford
1 Processes and Pipes COS 217 Professor Jennifer Rexford.
11/15/2005Comp 120 Fall November Seven Classes to Go! Questions! VM and Making Programs Go.
Processes CSCI 444/544 Operating Systems Fall 2008.
Introduction to Kernel
Memory Management 2010.
Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.
Process in Unix, Linux and Windows CS-3013 C-term Processes in Unix, Linux, and Windows CS-3013 Operating Systems (Slides include materials from.
1 Process Description and Control Chapter 3 = Why process? = What is a process? = How to represent processes? = How to control processes?
Process Description and Control A process is sometimes called a task, it is a program in execution.
Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.
Processes in Unix, Linux, and Windows CS-502 Fall Processes in Unix, Linux, and Windows CS502 Operating Systems (Slides include materials from Operating.
Phones OFF Please Processes Parminder Singh Kang Home:
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
System Calls 1.
Process in Unix, Linux, and Windows CS-3013 A-term Processes in Unix, Linux, and Windows CS-3013 Operating Systems (Slides include materials from.
UNIX! Landon Cox September 3, Dealing with complexity How do you reduce the complexity of large programs? Break functionality into modules Goal.
RjpSystem Level Programming Operating Systems 1 Having fun withy the Unix Operating System Praxis Week 7 Rob Pooley.
CSC 322 Operating Systems Concepts Lecture - 4: by Ahmed Mumtaz Mustehsan Special Thanks To: Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
CS 153 Design of Operating Systems Spring 2015 Lecture 17: Paging.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Background: Operating Systems Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Hands On UNIX II Dorcas Muthoni. Processes A running instance of a program is called a "process" Identified by a numeric process id (pid)‏  unique while.
Processes Introduction to Operating Systems: Module 3.
Processes CS 6560: Operating Systems Design. 2 Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode.
Operating Systems Process Creation
UNIX Unit 1- Architecture of Unix - By Pratima.
1 Software. 2 What is software ► Software is the term that we use for all the programs and data on a computer system. ► Two types of software ► Program.
Processes and Virtual Memory
Process Description and Control Chapter 3. Source Modified slides from Missouri U. of Science and Tech.
1 Process Description and Control Chapter 3. 2 Process A program in execution An instance of a program running on a computer The entity that can be assigned.
Sharing and protection in Multics Landon Cox February 5, 2016.
What is a Process ? A program in execution.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Concepts and Structures. Main difficulties with OS design synchronization ensure a program waiting for an I/O device receives the signal mutual exclusion.
Implementing Remote Procedure Call Landon Cox February 12, 2016.
WHY AN OPERATING SYSTEM (OS) OS interacts with hardware and manages programs. Programs not expected to know which hardware they will run on. Must be possible.
Information Flow Control for Standard OS Abstractions Landon Cox April 6, 2016.
Lecture 5 Page 1 CS 111 Online Process Creation Processes get created (and destroyed) all the time in a typical computer Some by explicit user command.
Chapter 3 The Programming Interface Chien-Chung Shen CIS/UD
Introduction to Kernel
Protecting Memory What is there to protect in memory?
Process Creation Processes get created (and destroyed) all the time in a typical computer Some by explicit user command Some by invocation from other running.
The UNIX Time-Sharing System
Processes in Unix, Linux, and Windows
Processes in Unix, Linux, and Windows
Lecture Topics: 11/1 General Operating System Concepts Processes
Chapter 2: Operating-System Structures
CSE 451: Operating Systems Winter 2003 Lecture 4 Processes
Unix Process Control B.Ramamurthy 4/11/2019 B.Ramamurthy.
Processes in Unix, Linux, and Windows
Processes in Unix and Windows
Authorization and Identity
CS510 Operating System Foundations
Process Description and Control in Unix
CSE 153 Design of Operating Systems Winter 2019
Process Description and Control in Unix
Chapter 2: Operating-System Structures
Chapter 1: Introduction CSS503 Systems Programming
Isolation Enforced by the Operating System
The UNIX Time Sharing System
Presentation transcript:

The UNIX Time-Sharing System Landon Cox February 10, 2016

Multics Multi-user operating system Primary goal was to allow efficient, safe sharing btw users Central data abstraction in Multics A segment All data was contained within a segment No distinction between files and memory Accessed through loads/stores in memory Think of a segment as an mmapped region of memory

Unix Also a multi-user operating system In many ways a response to the complexity of Multics Primary goals were “simplicity, elegance, and ease of use” What is the central data abstraction in Unix? A file As in Multics, hierarchical namespace Mapped human-readable names to data objects Three kinds of files Ordinary files Directories “Special files”

Files in Unix How are files read and written? Via explicit read/write system calls Requires passing a buffer between process, kernel In what way is this better than Multics segments? Much narrower interface Don’t have to worry about stray loads/stores Clean separation of ephemeral and persistent state What is the downside compared to segments? Requires extra copying Kernel makes copy of a buffer in its own address spaces

Data-sharing tradeoffs Protection Efficiency Share by value Spend time creating copies Spend memory holding copies Changes to copies are local Corruption can be contained Share by reference One copy of shared data Only copy reference Changes to copies are global Corruption visible to all

Data-sharing tradeoffs Protection Efficiency Share by value Share by reference int P(int a){…} void C(int x){ int y=P(x); } How to share by reference, value?

Data-sharing tradeoffs Protection Efficiency Share by value Share by reference What was the default sharing mode for Multics? Share by reference (via segments)

Data-sharing tradeoffs Protection Efficiency Share by value Share by reference Unix’s approach is very different By default, share by value; Support share by reference when needed

UNIX philosophy OS by programmers for programmers Support high-level languages (C and scripting) Make interactivity a first-order concern (via shell) Allow rapid prototyping How should you program for a UNIX system? Write programs with limited features Do one thing and do it well Support easy composition of programs Make data easy to understand Store data in plaintext (not binary formats) Communicate via text streams Thompson and Ritchie Turing Award ‘83

UNIX philosophy Proces sC Proces sP Kernel ? What is the core abstraction? Communication via files

UNIX philosophy Proces sC Proces sP Kernel What is the interface? Open: get a file reference (descriptor) Read/Write: get/put data Close: stop communicating Open: get a file reference (descriptor) Read/Write: get/put data Close: stop communicating File

UNIX philosophy Proces sC Proces sP Kernel Why is this safer than procedure calls? Interface is narrower Access file in a few well-defined ways Kernel ensures things run smoothly Interface is narrower Access file in a few well-defined ways Kernel ensures things run smoothly File

UNIX philosophy Proces sC Proces sP Kernel How do we transfer control to kernel? Special system call instruction CPU pauses process, runs kernel Kernel schedules other process Special system call instruction CPU pauses process, runs kernel Kernel schedules other process File

UNIX philosophy Proces sC Proces sP Kernel Key insight: Interface can be used for lots of things Persistent storage (i.e., “real” files) Devices, temporary channels (i.e., pipes) File

UNIX philosophy Proces sC Proces sP Kernel Two questions (1)How do processes start running? (2)How do we control access to files? File

UNIX philosophy Proces sC Proces sP Kernel Two questions (1)How do processes start running? File

UNIX philosophy Proces sC Proces sP Kernel Maybe P is already running? Could just rely on kernel to start processes File

UNIX philosophy Proces sC Proces sP Kernel File What might we call such a process? Basically what a server is A process C wants to talk to process someone else launched Basically what a server is A process C wants to talk to process someone else launched

UNIX philosophy Proces sC Proces sP Kernel All processes shouldn’t be servers Want to launch processes on demand C needs primitives to create P File

UNIX shell Shell Kernel Program that runs other programs Interactive (accepts user commands) Essentially just a line interpreter Allows easy composition of programs

UNIX shell How does a UNIX process interact with a user? Via standard in (fd 0) and standard out (fd 1) These are the default input and output for a program Establishes well-known data entry and exit points for a program How do UNIX processes communicate with each other? Mostly communicate with each other via pipes Pipes allow programs to be chained together Shell and OS can connect one process’s stdout to another’s stdin Why do we need pipes when we have files? Pipes create unnamed temporary buffers between processes Communication between programs is often ephemeral OS knows to garbage collect resources associated with pipe on exit Consistent with UNIX philosophy of simplifying programmers’ lives

UNIX shell Pipes simplify naming Program always receives input on fd 0 Program always emits output on fd 1 Program doesn’t care what is on the other end of fd Shell/OS handle input/output connections How do pipes simplify synchronization? Pipe accessed via read system call Read can block in kernel until data is ready Or can poll, checking to see if read returns enough data

How kernel starts a process 1. Allocates process control block (bookkeeping data structure) 2. Reads program code from disk 3. Stores program code in memory (could be demand-loaded too) 4. Initializes machine registers for new process 5. Initializes translator data for new address space E.g., page table and PTBR Virtual addresses of code segment point to correct physical locations 6. Sets processor mode bit to “user” 7. Jumps to start of program Need hardware support

Creating processes Through what commands does UNIX create processes? Fork: create copy child process Exec: initialize address space with new program What’s the problem of creating an exact copy process? Child needs to do something different than parent i.e., child needs to know that it is the child How does child know it is child? Pass in return point Parent returns from fork call, child jumps into other region of code Fork works slightly differently now

Fork Child can’t be an exact copy Is distinguished by one variable (the return value of fork) if (fork () == 0) { /* child */ execute new program } else { /* parent */ carry on }

Creating processes Why make a complete copy of parent? Sometimes you want a copy of the parent Separating fork/exec provides flexibility Allows child to inherit some kernel state E.g., open files, stdin, stdout Very useful for shell How do we efficiently copy an address space? Use “copy on write” Make copy of page table, set pages to read-only Only make physical copies of pages on write fault

Copy on write Physical memory Parent memory Child memory What happens if parent writes to a page?

Copy on write Child memory Have to create a copy of pre-write page for the child. Physical memory Parent memory

Alternative approach Windows CreateProcess Combines the work of fork and exec UNIX’s approach Supports arbitrary sharing between parent and child Window’s approach Supports sharing of most common data via params

Shells (bash, explorer, finder) Shells are normal programs Though they look like part of the OS How would you write one? while (1) { print prompt (“crocus% “) ask for input (cin) // e.g., “ls /tmp” first word of input is command // e.g., ls fork a copy of the current process (shell) if (child) { redirect output to a file if requested (or a pipe) exec new program (e.g., with argument “/tmp”) } else { wait for child to finish or can run child in background and ask for another command } }

UNIX philosophy Proces sC Proces sP Kernel Two questions (1)How do processes start running? (2)How do we control access to files? File

UNIX philosophy Proces sC Proces sP Kernel Two questions (1)How do processes start running? (2)How do we control access to files? File

Access control Where is most trusted code located? In the operating system kernel What are the primary responsibilities of a UNIX kernel? Managing the file system Launching/scheduling processes Managing memory How do processes invoke the kernel? Via system calls Hardware shepherds transition from user process to kernel Processor knows when it is running kernel code Represents this through protection rings or mode bit

Access control How does kernel know if system call is allowed? Looks at user id (uid) of process making the call Looks at resources accessed by call (e.g., file or pipe) Checks access-control policy associated with resource Decides if policy allows uid to access resources How is a uid normally assigned to a process? On fork, child inherits parent’s uid

MOO accounting problem Multi-player game called Moo Want to maintain high score in a file Should players be able to update score? Yes Do we trust users to write file directly? No, they could lie about their score High score Game client (uid y) Game client (uid y) Game client (uid x) “x’s score = 10” “y’s score = 11”

MOO accounting problem Multi-player game called Moo Want to maintain high score in a file Could have a trusted process update scores Is this good enough? High score Game client (uid y) Game client (uid y) Game client (uid x) Game server “x’s score = 10” “y’s score = 11” “x:10 y:11”

MOO accounting problem Multi-player game called Moo Want to maintain high score in a file Could have a trusted process update scores Is this good enough? Can’t be sure that reported score is genuine Need to ensure score was computed correctly High score Game client (uid y) Game client (uid y) Game client (uid x) Game server “x’s score = 100” “y’s score = 11” “x:100 y:11”

Access control Sometimes simple inheritance of uids is insufficient Tasks involving management of “user id” state Logging in (login) Changing passwords (passwd) Where have we put management code before? Put it in the kernel (e.g., file system and page table code) Why not put login, passwd, etc inside the kernel? This functionality doesn’t really require interaction w/ hardware Would like to keep kernel as small as possible How are “trusted” user-space processes identified? Run as super user or root (uid 0) Like a software kernel mode If a process runs under uid 0, then it has more privileges

Access control Why does login need to run as root? Needs to check username/password correctness Needs to fork/exec process under another uid Why does passwd need to run as root? Needs to modify password database (file) Database is shared by all users What makes passwd particularly tricky? Easy to allow process to shed privileges (e.g., login) passwd requires an escalation of privileges How does UNIX handle this? Executable files can have their setuid bit set If setuid bit is set, process inherits uid of image file’s owner on exec

MOO accounting problem Multi-player game called Moo Want to maintain high score in a file How does setuid solve our problem? Game executable is owned by trusted entity Game cannot be modified by normal users Users can run executable though High-score is also owned by trusted entity This is a form of trustworthy computing Only trusted code can update score Root ownership ensures code integrity Untrusted users can invoke trusted code High score (uid moo) High score (uid moo) Game client (uid moo) Game client (uid moo) Game client (uid moo) Game client (uid moo) Shell (uid y) Shell (uid y) Shell (uid x) Shell (uid x) “fork/exec game” “fork/exec game” “x’s score = 10” “y’s score = 11”

Summary of UNIX Share-by-copy is easier for programmers Everything looks like a file Standardize interface (open, read/write, close) Standardize entry/exit points (stdin, stdout) Read in copy, work on copy, copy out results Try to make share-by-copy more efficient Use copy-on-write whenever possible Next time Sharing across machines (RPC, code offload)