Overview of the OS CS 450 : Operating Systems Michael Saelee - - PowerPoint PPT Presentation

overview of the os
SMART_READER_LITE
LIVE PREVIEW

Overview of the OS CS 450 : Operating Systems Michael Saelee - - PowerPoint PPT Presentation

Mar 11, 2024 105 likes •496 views

Overview of the OS CS 450 : Operating Systems Michael Saelee <lee@iit.edu> 1 Computer Science Science Agenda - what is an operating system? - what are its main responsibilities? - how does it achieve them? - how is an operating

slide-1
SLIDE 1

Overview of the OS

CS 450 : Operating Systems Michael Saelee <lee@iit.edu>

1

slide-2
SLIDE 2

Computer Science Science

Agenda

  • what is an operating system?
  • what are its main responsibilities?
  • how does it achieve them?
  • how is an operating system organized?
  • what is an operating system kernel?

2

slide-3
SLIDE 3

Computer Science Science

§What is an OS?

3

slide-4
SLIDE 4

Computer Science Science

  • perating system

noun the software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.

New Oxford American Dictionary

4

slide-5
SLIDE 5

Computer Science Science

tasks & applications = running programs = Processes peripherals = I/O devices

5

slide-6
SLIDE 6

Computer Science Science

OS duties revolve around aiding and abetting user processes

  • setting up a consistent view of system

(e.g., virtual memory)

  • simplifying access to disparate devices

(e.g., open/close/read/write API)

6

slide-7
SLIDE 7

Computer Science Science

Problem: there’s never enough hardware to go around

  • OS multiplexes hardware (time/space)
  • must also isolate processes from each
  • ther (and the OS itself)

7

slide-8
SLIDE 8

Computer Science Science

primary OS services: isolation, h.w. abstraction and concurrency (and another, arising from first: interaction)

8

slide-9
SLIDE 9

Computer Science Science

How to enforce isolation? Two routes: software / hardware

9

slide-10
SLIDE 10

Computer Science Science

Is isolation possible solely via software? I.e., can you write a program (the OS) to execute other (user) programs, and guarantee separation & robustness without hardware support?

10

slide-11
SLIDE 11

Computer Science Science

Some software attack vectors:

  • address fabrication (e.g., integer-to-

address cast for cross-space pointers)

  • buffer overruns (e.g., on syscalls)
  • run-time errors (e.g., intentional/

accidental stack overflows)

11

slide-12
SLIDE 12

Computer Science Science

Software prevention mechanisms:

  • static verification (e.g., type-checking)

— programs must “pass” to be run

  • run-time tools (e.g., garbage collection,

exception handling)

12

slide-13
SLIDE 13

Computer Science Science

Is isolation possible solely via software?

  • maybe — but difficult/impractical
  • the popular approach (all commercial

OSes) is to rely on hardware support

13

slide-14
SLIDE 14

Computer Science Science

e.g., Intel x86 architecture provides a 2-bit current privilege level (CPL) flag

  • implements 4 protection ring levels

1 2 3 most to least privileged

14

slide-15
SLIDE 15

Computer Science Science

CPL=3 ➞ “user” mode CPL=0 ➞ “supervisor/kernel” mode

  • access to special instructions

& hardware

15

slide-16
SLIDE 16

Computer Science Science

How to modify CPL? Q: Ok to allow user to directly modify CPL before invoking OS? A: No! User can set CPL=0 and run arbitrary code before calling OS

16

slide-17
SLIDE 17

Computer Science Science

Q: What about combining CPL “set” instruction with “jump” instruction to force instruction pointer (eip) change? A: Bad! User can set CPL=0 and jump to user code to masquerade as OS.

17

slide-18
SLIDE 18

Computer Science Science

Q: What about combining CPL “set” instruction with “jump” instruction that must target OS codespace? A: Not good enough. User code may jump to delicate location in OS.

18

slide-19
SLIDE 19

Computer Science Science

Solution: x86 provides int instruction:

  • sets CPL=0
  • loads a pre-defined OS entry point

from interrupt descriptor table (IDT)

  • IDT base address can only be set when

CPL=0 (by privileged lidt instr)

19

slide-20
SLIDE 20

Computer Science Science

Privileged instruction & hardware access prevented, but how is memory protected?

  • Each segment/page of memory in x86

is associated with a minimum CPL

  • Only permit current process to access

its own segments/pages

20

slide-21
SLIDE 21

Computer Science Science

Finally, how can OS regain control from unruly user process? (E.g., running in tight loop, never executing int)

  • hardware sends periodic clock interrupt
  • preempts user; summons OS

21

slide-22
SLIDE 22

Computer Science Science

Isolation accomplished. How to achieve h.w. abstraction & concurrency?

22

slide-23
SLIDE 23

Computer Science Science

h.w. abstraction = user traps to OS (via int) with service request; OS carries

  • ut task and returns result — “syscall”

i.e., hardware (e.g., NIC) is exposed as a software stack (e.g., TCP/IP)

23

slide-24
SLIDE 24

Computer Science Science

concurrency = clock interrupt drives context switches and hardware multiplexing, carried

  • ut by OS scheduler (and others)

enables multitasking on limited hardware (compare to parallelism)

24

slide-25
SLIDE 25

Computer Science Science

Different approaches to multitasking:

  • cooperative: processes voluntarily control
  • preemptive: OS periodically interrupts
  • real-time: more stringent requirements

25

slide-26
SLIDE 26

Computer Science Science

§How is an OS organized?

26

slide-27
SLIDE 27

Computer Science Science

i.e., what are the top-level modules of an OS, and which must run in privileged mode (e.g., CPL=0)?

27

slide-28
SLIDE 28

Computer Science Science

some modules:

  • virtual memory
  • scheduler
  • device drivers
  • file system
  • IPC

28

slide-29
SLIDE 29

Computer Science Science

privileged modules constitute the “core”

  • f the operating system; i.e. the OS kernel

29

slide-30
SLIDE 30

Computer Science Science

traditional approach: all are privileged

  • i.e., entire “OS” runs in kernel mode
  • known as monolithic kernel
  • pros/cons?

30

slide-31
SLIDE 31

Computer Science Science

alternative approach: minimum privileged

  • i.e., have a “microkernel” with minimal

set of privileged services

  • everything else runs in user mode
  • microkernel relays requests
  • pros/cons?

31

slide-32
SLIDE 32

Computer Science Science

courtesy of Wikimedia Commons

32

slide-33
SLIDE 33

Computer Science Science

… suffice it to say that among the people who actually design operating systems, the debate is essentially over. Microkernels have won

  • Andrew Tanenbaum

(noted OS researcher)

33

slide-34
SLIDE 34

Computer Science Science

The whole “microkernels are simpler” argument is just bull, and it is clearly shown to be bull by the fact that whenever you compare the speed of development of a microkernel and a traditional kernel, the traditional kernel wins. By a huge amount, too.

  • Linus Torvalds

(chief architect, Linux)

34

slide-35
SLIDE 35

Computer Science Science

your opinion? ➞ assignment 1 (paper)

35

slide-36
SLIDE 36

Computer Science Science

Yet another route: why not just implement OS as a low-level library?

  • loss of isolation, but big efficiency gain

(and flexibility in using h.w. directly)

  • used by many embedded systems

36

slide-37
SLIDE 37

Computer Science Science

And finally, what about hosting multiple OSes on a single machine? (Useful/ feasible on large, multi-core machines)

  • hypervisors provide low-level virtual

machines to guest OSes

  • yet another layer of isolation!

37