Memory Protection ability to avoid unwanted memory accesses - PowerPoint PPT Presentation

Requirements � Relocation – ability to change process image position Memory � Protection – ability to avoid unwanted memory accesses management � Sharing – ability to share memory portions among processes � Logical organization – structure of process image � Physical organization – structure of the physical memory hierarchy Terms Relocation: program loading � Frame – A fixed-length block of main memory. � Page load address process binary linker loader compiler .o executable image – A fixed-length block of data that resides in secondary memory. sources Compiling/ Loading Linking Assembling � May temporarily be copied into a frame of main memory. Development � Segment Memory – A variable-length block of data that resides in secondary memory. � Segmentation – A whole segment may temporarily be copied into a an available region of main memory. � Combined segmentation and paging – A segment may be divided into pages which can be individually copied into main memory.

Relocation: addressing requirements Relocation: binding � Static – compile time load address branch, function call � absolute code code – binary executable contains absolute addresses � Binding data reference � load address must be known at compile time increasing address values � if load address changes, program must be recompiled – translation of references to memory addresses – load time � e.g. data � relocatable code – call strlen � call 0x1084700 – binary executable contains relative addresses – mov R0, errno � mov R0, 0x2007100 � e.g. offset from program counter (PC+0x10fe) stack pointer � loader translates relative addresses to absolute addresses (static relocation) stack � Dynamic – run time process image � relocatable code – binary executable contains relative addresses � CPU manages relative addresses � process image can be moved during execution (dynamic reloocation) Relocation: binding Relocation: binding 0x3070000 start 0x2000000 main main 0x3072000 start+0x1000 0x2001000 call myfunc call 0x307f000 call myfunc call +0xdf00 call 0x200f000 start+0x1100 0x2001100 linking linking loading program.o program.o 0x307f000 start + 0xf000 0x200f000 load address: 0x2000000 myfunc myfunc executable executable process image load address: 0x3070000 (fixed) module.o module.o Compile time binding Load time binding

Relocation: binding Linking start 0x2000000 � Static main start+0x1000 0x2001000 call myfunc call +0xdf00 call +0xdf00 start+0x1100 0x2001100 – modules and libraries are linked into an executable binary linking loading � Dynamic program.o start + 0xf000 0x200f000 load address: – modules and static libraries are linked into an executable binary 0x2000000 myfunc – dynamic libraries are inserted only as a reference executable process image � loaded at load time or at run time when needed module.o Run time binding Loading Memory partitioning � Static � Fixed partitioning – the whole executable is loaded into memory – Main memory is divided into a number of static partitions. � Dynamic 1.Same size for all partitions 2.Different partition sizes – code is loaded only when needed – A process may be loaded into a partition of equal or greater size. – Simple to implement; little operating system overhead – Inefficient use of memory due to fragmentation � internal (space wasted into a partition) � external (partitions available cannot accommodate processes) – Maximum number of active processes is fixed.

Fixed partitioning: examples Fixed partitioning: process assignment 2 MB � A queue for each partition 4 MB 8 MB long-term scheduling – assign a process to the smallest 6 MB (big enough) partition 8 MB 8 MB – non-optimal � queue i non-empty 8 MB 12 MB � queue i+1 empty new processes 8 MB 16 MB 8 MB 8 MB 8 MB 8 MB Fixed partitioning Fixed partitioning equal-size partitions (of 8 MB each) unequal-size partitions Fixed partitioning: process assignment Memory partitioning � Dynamic partitioning An unique queue (which policy?) � – First-came first-served (FCFS) – Partitions are created dynamically � simple � Each process matches exactly partition size � non-optimal memory usage – No internal fragmentation – Best-fit � Efficient use of main memory. new – Best-available-fit processes � choose the first job that fits – Need for compaction into partition � To avoid external fragmentation.

Dynamic partitioning: Dynamic partitioning: example process assignment � Best-fit process 1 8 MB process 1 8 MB process 1 8 MB – choose the partition with closest size to the request process 3 8 MB – small fragments residual process 2 16 MB 16 MB � First-fit process 5 12 MB – choose the first partition large enough process 3 8 MB process 3 8 MB � Next-fit process 4 6 MB 6 MB process 6 20 MB – similar to first-fit, but start searching from the last allocation process 5 12 MB process 5 12 MB 2 MB process 6: 20 MB Relocation: memory addresses Relocation: MMU � Logical (or virtual) address Limit Base – address generated by CPU � Physical address logical physical + address address – address sent to physical memory >= MMU CPU Memory Translation logical address physical address error MMU (trap to OS) usually a component of the CPU

Memory partitioning Buddy system: example evolution 1 MB block 1 MB � Buddy system 100 KB request A=128 KB 128 KB 256 KB 512 KB – memory: set of blocks of size S i =2 k (L≤k≤U) 240 KB request A=128 KB 128 KB B=256 KB 512 KB 64 KB request A=128 KB B=256 KB 512 KB C=64 KB 64 KB � usually 2 U = memory size 256 KB request A=128 KB 64 KB B=256 KB D=256 KB 256 KB C=64 KB – request: size=R release B A=128 KB 64 KB 256 KB D=256 KB 256 KB C=64 KB � looks for B i : best fit block (size = S=2 U ) release A 128 KB 64 KB 256 KB D=256 KB 256 KB C=64 KB 1. if 2 U-1 < R ≤ 2 U , allocate block 75 KB request E=128 KB 64 KB 256 KB D=256 KB 256 KB C=64 KB 2. else split block in two sub-blocks of size 2 U-1 each release C E=128 KB 256 KB D=256 KB 256 KB 128 KB 3. select one of the new blocks and repeat from step 1 release E – release block of size 2 k 512 KB D=256 KB 256 KB release D 1 MB � if there are two adjacent blocks with same size, merge them Buddy system: tree view Memory partitioning 1 MB � Segmentation – Process images are divided into a number of segments. 512 KB � splitting is handled by programmer (or compiler). 256 KB – Load process � load segments into dynamic partitions. � Segments may be not contiguous. 128 KB – No internal fragmentation. 64 KB – Improved memory utilization. � Protection A=128 KB 64 KB 256 KB D=256 KB 256 KB C=64 KB � Sharing if two buddies are leaf nodes: – External fragmentation. at least one is allocated – Logical address to physical address translation. otherwise: merge them

Segmentation: example Segmentation: addresses translation Dynamic � Logical address Data OS maintains the list of free (heap) partitions – <segment, offset> Dynamic Code-1 Data Code-1 � Translated through the process “ Segment Table ” (main prg) (heap) Static Static logical address Data Data segment offset Stack Code-2 (library) seg-0 limit seg-0 other info seg-0 base Code-2 seg-1 limit seg-1 other info seg-1 base physical + Process image seg-2 limit seg-2 base seg-2 other info address seg-3 limit seg-3 other info seg-3 base (logical address space) Stack Segment table Physical memory Segmentation: Segmentation: protection and sharing segment table example (IA-32) Code 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Code Code D A / V BASE 31:24 G L LIMIT 19:16 P DPL B TYPE BASE 23:16 Data Segment table B L Data (private) Data (private) 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Segment table (private) Sdata Sdata BASE 15:0 LIMIT 15:0 (shared) (shared) Sdata L: 64-bit code segment (shared) LCode LCode 64-bits AVL: available for system software (library) (library) BASE: base address segment descriptor-0 LCode D/B: default operation size (16 (0) or 32 (1) bit) (library) segment descriptor-1 DPL: descriptor privilege level Process A segment descriptor-2 Data G: granularity segment descriptor-3 � A process cannot access to a segment (private) LIMIT: segment size (bytes if G=0, 4KB pages if G=1) Process B not pointed by its segment table P: present � Access to data/code segments can be S: type (0=system; 1=code or data) Code restricted to valid operations TYPE: segment type (data, code, stack, read/write, ...) segment descriptor-n � Shared segments have identical entries in Segment table different segment tables