Protection and System Calls. Otto J. Anshus

Similar documents
COS 318: Operating Systems

COS 318: Operating Systems

9/19/18. COS 318: Operating Systems. Overview. Important Times. Hardware of A Typical Computer. Today CPU. I/O bus. Network

Mechanisms for entering the system

SYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14

COS 318: Operating Systems. Overview. Prof. Margaret Martonosi Computer Science Department Princeton University

COS 318: Operating Systems. Overview. Andy Bavier Computer Science Department Princeton University

IA32 Intel 32-bit Architecture

3. Process Management in xv6

COS 318: Operating Systems

CSE 153 Design of Operating Systems Fall 18

CSE 153 Design of Operating Systems

Low Level Programming Lecture 2. International Faculty of Engineerig, Technical University of Łódź

CSC369 Lecture 2. Larry Zhang

CS 537 Lecture 2 - Processes

W4118: interrupt and system call. Junfeng Yang

A process. the stack

Operating systems offer processes running in User Mode a set of interfaces to interact with hardware devices such as

Processes. Johan Montelius KTH

Processes (Intro) Yannis Smaragdakis, U. Athens

CSC369 Lecture 2. Larry Zhang, September 21, 2015

W4118: PC Hardware and x86. Junfeng Yang

Anne Bracy CS 3410 Computer Science Cornell University

Anne Bracy CS 3410 Computer Science Cornell University

Hardware OS & OS- Application interface

iapx Systems Electronic Computers M

Microkernel Construction

Tutorial 10 Protection Cont.

Syscalls, exceptions, and interrupts, oh my!

Operating Systems ECE344

6/17/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:

The Kernel Abstraction. Chapter 2 OSPP Part I

Chapter 2: The Microprocessor and its Architecture

CSE 120 Principles of Operating Systems

CSE 120 Principles of Operating Systems

Lecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay

Exceptions and Processes

Introduction to the Process David E. Culler CS162 Operating Systems and Systems Programming Lecture 2 Sept 3, 2014

Lec 22: Interrupts. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements

CS 5460/6460 Operating Systems

x86 architecture et similia

Microkernel Construction

CS 550 Operating Systems Spring Interrupt

Processes and Non-Preemptive Scheduling. Otto J. Anshus

Protection. OS central role. Fundamental to other OS goals. OS kernel. isolation of misbehaving applications. Relaibility Security Privacy fairness

Lecture Dependable Systems Practical Report Software Implemented Fault Injection. July 31, 2010

Lecture 2: Architectural Support for OSes

Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

The Kernel Abstraction

Sistemi in Tempo Reale

The x86 Architecture

+ Overview. Projects: Developing an OS Kernel for x86. ! Handling Intel Processor Exceptions: the Interrupt Descriptor Table (IDT)

Hakim Weatherspoon CS 3410 Computer Science Cornell University

Low-Level Essentials for Understanding Security Problems Aurélien Francillon

4. The Abstraction: The Process

The Process Abstraction. CMPU 334 Operating Systems Jason Waterman

IA32/Linux Virtual Memory Architecture

Multi-Process Systems: Memory (2) Memory & paging structures: free frames. Memory & paging structures. Physical memory

Processes and Tasks What comprises the state of a running program (a process or task)?

Address spaces and memory management

The Kernel Abstrac/on

OS lpr. www. nfsd gcc emacs ls 1/27/09. Process Management. CS 537 Lecture 3: Processes. Example OS in operation. Why Processes? Simplicity + Speed

CS 537 Lecture 2 Computer Architecture and Operating Systems. OS Tasks

Computer Systems II. First Two Major Computer System Evolution Steps

Modeling Page Replacement: Stack Algorithms. Design Issues for Paging Systems

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998

Chapter 8 & Chapter 9 Main Memory & Virtual Memory

Architectural Support for Operating Systems. Jinkyu Jeong ( Computer Systems Laboratory Sungkyunkwan University

Complex Instruction Set Computer (CISC)

Administrivia. Lab 1 due Friday 12pm. We give will give short extensions to groups that run into trouble. But us:

Exceptions. user mode. software should run in supervisor mode Certain features/privileges il are only allowed to code running in supervisor mode

For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to

Operating System Overview

Interrupts and System Calls

SYSC3601 Microprocessor Systems. Unit 2: The Intel 8086 Architecture and Programming Model

Processes. Process Management Chapter 3. When does a process gets created? When does a process gets terminated?

Architecture and OS. To do. q Architecture impact on OS q OS impact on architecture q Next time: OS components and structure

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Operating Systems and Protection CS 217

Operating Systems Structure. Otto J. Anshus

Introduction to IA-32. Jo, Heeseung

Interrupts & System Calls

UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.

CHAPTER 8 - MEMORY MANAGEMENT STRATEGIES

Process Description and Control. Chapter 3

INTRODUCTION TO IA-32. Jo, Heeseung

x86 assembly CS449 Fall 2017

What You Need to Know for Project Three. Dave Eckhardt Steve Muckle

PROTECTION CHAPTER 4 PROTECTION

Chapter 8: Main Memory

Protection. - Programmers typically assume machine has enough memory - Sum of sizes of all processes often greater than physical memory 1 / 36

x86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

CSCE Introduction to Computer Systems Spring 2019

Operating System Review

Lecture 4 CIS 341: COMPILERS

CHAPTER 8: MEMORY MANAGEMENT. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Motivation. Threads. Multithreaded Server Architecture. Thread of execution. Chapter 4

Computer architecture. A simplified model

Transcription:

Protection and System Calls Otto J. Anshus

Protection Issues CPU protection Prevent a user from using the CPU for too long Throughput of jobs, and response time to events (incl. user interactive response time) Memory protection Prevent users from modifying kernel code and data structures and each others code and data I/O protection Prevent users from performing illegal I/O s Question to ponder during the fast approaching long winter nights what is the difference between protection and security?

Typical Unix OS Structure Application C Assembler...have to Performance Libraries Portable OS Layer Machine-dependent layer System Call Interface Low-level system initialization and bootstrap Fault, trap, interrupt and exception handling Memory management: hardware address translation Low-level kernel/user-mode process context switching I/O device driver and device initialization code

What is a Process? Four segments Code/text: instructions Data: variables Stack Heap Why? Separate code and data Stack and heap grow toward each other NB: WE must figure out how to let the OS implement all of this and how to handle a running process Stack Layout by compiler Allocate at process creation (fork) Deallocate at process termination Heap Linker and loader specify the starting address Allocate/deallocate by library calls such as malloc() and free() called by application Data Compiler allocate statically Compiler specify names and symbolic references Linker translate references and relocate addresses Loader finally lay them out in memory

Registers Directly Used by User Level Processes In protected mode, there are 8 32-bit general-purpose registers for use: data registers EAX, the accumulator (32 bits (16 and AX (AH, AL))) EBX, the base register ECX, the counter register EDX, the data register address registers ESI, the source register EDI, the destination register ESP, the stack pointer register EBP, the stack base pointer register 5

Registers accessed by Kernel (cannot be directly accessed by user level processes) Registers used by OS Kernel changing the state of the processor: control registers CR0, CR1, CR2, CR3 test registers TR4, TR5, TR6, TR7 descriptor registers GDTR, the global descriptor table register (see below) LDTR, the local descriptor table register (see below) IDTR, the interrupt descriptor table register (see below) task register TR 6

User level vs. Kernel level Application Libraries Portable OS Layer User level Some instructions are not available any more Programs can be modified and substituted by user Kernel (a.k.a. supervisory or privileged) level All instructions are available Total control possible so OS should never ever give away to a user process the right to run at kernel level Machine-dependent layer

Architecture Support: Privileged Mode

Boot OS and Run It and User Level Processes Boot OS power on/start up code reads boot block from HD to memory and transfer control to boot block code boot block code reads OS from HD to memory OS is given control OS starting user program (first time) Read (already compiled and readied program) image from disk Initialize OS kernel data structures with info about the program ATOMICALLY DO {<Set privilege level user >; <Load instruction register from start of program>} % why atomically? Now we have a user level PROCESS running User level process requesting OS service Make a mark somewhere (memory, stack, registers) indicating which service is requested and where to find the parameters Execute instruction that is bound to trap in decode Still need mechanism that allows OS to preempt user process, OS needs to be activated independently of running program. That can only be achieved external to the running program s instruction stream.

What to Do When User Level Process is Trying to Execute an Illegal Instruction Instruction Stream Fetch instruction Decode instruction Fetch operands Execute Write back result Next instruction When decoding instruction, what to do if bit-pattern doesn t represent a (legal) instruction? Halt? (No, but why not?) Instead: Trap : fetch next instruction at predetermined address in memory. Make sure that you have placed your (OS) code there beforehand

Interrupts and Traps Application IS program being executed IS at least one process (with at least one thread each) Interrupts Raised by external events CPU resume from the interrupt handler in the kernel switch to next process iret instruction: returns by popping return address from stack, and enable interrupts (IA32 instruction set) Traps Internal events System calls (syscalls) Also return by iret OS Kernel

Interrupts and Exceptions Interrupt sources HW (by external devices) SW: INT n Exceptions (something unexpected or needing action happened) Program errors faults: save address (CS, EIP) of faulting instruction, fix fault, restart instruction Case: page fault, divide by zero traps: save address of instruction Case: debugger aborts: oops (no saving, not recoverable) Case: your first attempts at OS kernel code SW generated: INT 3 Machine-check exceptions See Intel doc Vol. 3 for details

Interrupts and Exceptions

Interrupts and Exceptions

Privileged Instruction Examples Memory address mapping Data cache flush and invalidation Invalidating TLB entries Loading and reading system registers Changing processor mode from kernel to user Changing the voltage and frequency of the processor Halting a processor Reset a processor I/O operations

IA32 Protection Rings No worries, we will use level 0 and 3

System Calls Operating System API Interface between a process and OS kernel Seen as a set of library functions Process management end, abort, load, execute, create, terminate, set, wait Memory management mmap & munmap, mprotect, mremap, msync, swapon & off, File management create, delete, open, close, R, W, seek Device management res, rel, R, W, seek, get & set atrib., mount, unmount Communication get ID s, open, close, send, receive

System Call Mechanism User code can be arbitrary User code cannot modify kernel memory Makes a system call with parameters The call mechanism switches code to kernel mode Execute system call Return with results User program call return entry User program Kernel in protected memory But HOW?

System Call Implementation Use an interrupt Hardware devices (keyboard, serial port, timer, disk, ) and software can request service using interrupts The CPU is interrupted...and a service handler routine is run when finished the CPU resumes from where it was interrupted (or somewhere else determined by the OS kernel)

OS Kernel: Interrupt/Trap/Exception Handler User Level code running Interrupts ON Kernel Level code running Interrupts OFF (simple) HW Device Interrupt System Call HW exceptions Entry point of Int Handler... Sys_call_table System Service dispatcher Interrupt service routines System services This is inside the Kernel SW exceptions Virtual address exceptions... Exception dispatcher Exception handlers VM manager s pager HW enforces this boundary, but we must use it correctly

Passing Parameters Pass by registers #registers #usable registers #parameters in syscall Pass by memory vector A register holds the address of a location in users memory Pass by stack Push: done by library Pop: done by Kernel REMEMBER: Kernel has access to callers address space, but not vice versa frame frame Top

The Stack Many stacks possible, but only one is current : the one in the segment referenced by the SS register Max size 4 gigabytes PUSH: write (--ESP); POP: read(esp++); When setting up a stack remember to align the stack pointer on 16 bit word or 32 bit double-word boundaries

Library Stubs for System Calls User Level Process calls: read( fd, buf, size); 32-255 available to user User Level Library int read( int fd, char * buf, int size) { move READ to R 0 move fd, buf, size to R 1, R 2, R 3 int $0x80 HW takes over and IP is set to OS Kernel User stack User memory Registers Registers } Returns here when work is done by kernel load result code from R result Could be an error code Win NT: 2E Kernel stack Kernel memory Linux: 80

int 0x80 A simplified Interrupt Handler System Call Entry Point in Kernel SW interrupt Assume passing parameters in registers EntryPoint inside OS Kernel: switch to kernel stack; save user context; if legal(r 0 ) call service; restore user context; switch to user stack; iret; Kernel Mode: Total control. All interrupts are disabled User stack Kernel stack User memory Registers Registers Kernel memory NB, black frame means KL... Change to user mode and return Puts results into buf Or: User stack Or: some register

int 0x80 System Call Entry Point SW interrupt Assume passing parameters in registers (EntryPoint:) switch to kernel stack; save all registers; if legal(r 0 ) call sys_call_table[r 0 ]; restore user registers; switch to user stack; iret; %next instr in user space app Save/Restore Context? If envoked code executes for a long time: should SCHEDULE or at least ENABLE interrupts (here or inside service routine). READ returns with result and handler must return them to user (Or SCHEDULE to run another process)

Polling instead of Interrupt? OS kernel could check a request queue of syscalls instead of using an interrupt? Waste CPU cycles checking All have to wait while the checks are being done When to check? Non-predictable Pulse every 10-100ms?» too long time But used for Servers Same valid for HW Interrupts vs. Polling However, spinning can give good performance (more later)

Design Issues for Syscall We used only one result reg, what if more results? In kernel and in called service: Use caller s stack or a special stack? Use a special stack Quality assurance Use a single entry or multiple entries? Simple is good? Then a single entry is simpler, easier to make robust Can kernel code call system calls? Yes, but should avoid the entry point mechanism

System calls vs. Library calls Division of labor (a.k.a. Separation of Concerns) Memory management example Kernel Allocates pages (w/hw protection) Allocates many pages (a big chunk) to library Big chunks, no small allocations Library Provides malloc/free for allocation and deallocation of memory Application use malloc/free to manage its own memory at fine granularity When no more memory, library asks kernel for a new chunk of pages

User process vs. kernel To go from User Level Process to Kernel syscalls using int To go from Kernel to User Level Process iret (with good stack) Kernel is all powerful Can write into user memory Can terminate, block and activate user processes

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback