Processes and the Kernel Jeff Chase Duke University - PowerPoint PPT Presentation

Processes ¡and ¡the ¡Kernel ¡ ¡ Jeff ¡Chase ¡ Duke ¡University ¡

OS Platform: A Model Applications /services. May interact and serve one another. API Libraries/frameworks : packaged code used by multiple applications API Protection boundary OS platform : same for all applications on a system E,g,, classical OS kernel OS mediates access to shared resources. That requires protection and isolation. [RAD Lab]

Operating Systems: The Classical View Each process Programs has a private run as data data virtual address independent space and one processes. or more threads. Protected ...and upcalls (e.g., signals) system calls Protected OS Threads kernel enter the mediates kernel for access to OS shared services. resources. The kernel code and data are protected from untrusted processes.

Isolation and Sharing Android Security Architecture [http://developer.android.com/guide/topics/security/permissions.html] “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or emails), reading or writing another application's files, performing network access, keeping the device awake, and so on. Because each Android application operates in a process sandbox , applications must explicitly share resources and data. They do this by declaring the permissions they need for additional capabilities not provided by the basic sandbox. Applications statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.”

Running a program Process code (“text”) with virtual constants memory initialized data sections segments data mapped file regions Program When a program launches, the OS initializes a process with a virtual memory to store the running program’s code and data. Typically it sets up the segments by memory- mapping sections of the executable file.

What ’ s in an Object File or Executable? Header “ magic number ” indicates type of file/image. header program instructions Section table an array text p of (offset, len, startVA) immutable data (constants) idata data “ hello\n ” sections writable global/static data wdata j, s symbol j, s ,p,sbuf Used by linker; may be int j = 327; table char* s = “ hello\n ” ; removed after final link char sbuf[512]; step and strip. Also relocation includes info for debugger. int p() { records int k = 0; j = write(1, s, 6); return(j); }

Building and running a program chase:lab1> make gcc -I. -Wall -lm -DNDEBUG -c dmm.c … gcc -I. -Wall -lm -DNDEBUG -o test_basic test_basic.c dmm.o gcc -I. -Wall -lm -DNDEBUG -o test_coalesce test_coalesce.c dmm.o gcc -I. -Wall -lm -DNDEBUG -o test_stress1 test_stress1.c dmm.o gcc -I. -Wall -lm -DNDEBUG -o test_stress2 test_stress2.c dmm.o chase:lab1> chase:lab1> ./test_basic calling malloc(10) call to dmalloc() failed chase:lab1>

The Birth of a Program (C/Ux) myprogram.c myprogram.o int j; object assembler data char* s = “ hello\n ” ; file int p() { j = write(1, s, 6); data data data return(j); } libraries linker … .. and other p: object store this store that files or push archives jsr _write compiler ret etc. program data myprogram.s myprogram header files (executable file)

Memory segments: a view from C • Globals: – Fixed-size segment globals – Writable by user program – May have initial values text • Text (instructions) – Fixed-size segment heap RCX – Executable x PC/RIP y SP/RBP – Not writable stack registers • Heap and stack CPU core segments – Variable-size segments – Writable – Zero-filled on demand

Linux x86-64 VAS layout Example: the details aren’t 0x400000 important. text r-x 0x600000 idata r-- 0x601000 Program data rw- 0x1299000 rw- [anon] heap N 0x2ba976c30000 lib high addresses r-x lib r-x libc.so 0x7fff1373b000 shared library 64K rw- [anon] stack 0x7fff1375c000

Today • The operating system kernel! User processes/ – What is it? segments – Where is it? user space – How do we get there? – How is it protected? kernel space kernel – How does it control resources? – How does it control access to data? – How does it keep control?

Precap: the kernel • Today, all “real” operating systems have protected kernels. • The kernel resides in a well-known file: the machine automatically loads it into memory and starts it ( boot ) on power-on/reset. • The kernel is (mostly) a library of service procedures shared by all user programs, but the kernel is protected : • User code cannot access internal kernel data structures directly. • User code can invoke the kernel only at well-defined entry points ( system calls ). • Kernel code is “just like” user code, but the kernel is privileged : • The kernel has direct access to all machine functions, and defines the handler entry points for CPU events: trap, fault, interrupt. • Once booted, the kernel acts as one big event handler.

The kernel VAS 0x0 • The kernel is just a program: a collection of modules and their state. • E.g., it may be written in C and compiled/ user space linked a little differently. – E.g., linked with –static option: no dynamic libs • At runtime, kernel code and data reside in a protected range of virtual addresses. – The range ( kernel space ) is “part of” every VAS. – VPN->PFN translations for kernel space are global . • (Details vary by machine and OS configuration) kernel kernel code space – Access to kernel space is denied for user programs. kernel – Portions of kernel space may be non-pageable and/ data or direct-mapped to machine memory. high

Example: Windows/IA32 User spaces one per VAS occupies “low half” of Alternative VAS (2GB) configuration allows user spaces larger than 2GB kernel space high-order kernel bit set in space virtual address two highest bits are set (0xc00..)

Windows IA-32 (Kernel space) The point is: There are lots of different regions within kernel space to meet internal OS needs. - page tables for various VAS - page table for kernel space itself - file block cache - internal data structures The details aren’t important.

CPU mode: user and kernel CPU core The current mode of a CPU core is represented by a field in a protected register. We consider only two possible values: user mode or kernel mode (also called protected U/K mode mode or supervisor mode ). R0 If the core is in protected mode then it can: Rn - access kernel space x PC - access certain control registers registers - execute certain special instructions If software attempts to do any of these things when the core is in user mode, then the core raises a CPU exception (a fault ).

x86 control registers The details aren’t important. See [en.wikipedia.org/wiki/Control_register]

Entering the kernel • Suppose a CPU core is running user code in user user mode: space – The user program controls the core. – The core goes where the program code takes it … – … as determined by its register state ( context ) and the values encountered in memory. Safe • How does the OS get control back? How control transfer does the core switch to kernel mode? – CPU exception: trap, fault, interrupt • On an exception, the CPU transitions to kernel mode and resets the PC and SP registers. kernel kernel code space – Set the PC to execute a pre-designated handler routine for that exception type. kernel data – Set the SP to a pre-designated kernel stack .

Exceptions and interrupts (“trap, fault, interrupt”) intentional unintentional happens every time contributing factors trap: system call fault synchronous open, close, read, invalid or protected caused by an write, fork, exec, exit, address or opcode, page instruction wait, kill, etc. fault, overflow, etc. asynchronous “ software interrupt ” interrupt caused by software requests an caused by an external interrupt to be delivered some other event: I/O op completed, at a later time event clock tick, power fail, etc. Usage note : some sources say that exceptions only occur as a result of executing an instruction, and so interrupts are not exceptions. But they are all examples of exceptional changes in control flow due to an event.

Entry to the kernel Every entry to the kernel is the result of a trap , fault , or interrupt . The core switches to kernel mode and transfers control to a handler routine. syscall trap/return fault/return OS kernel code and data for system calls (files, process fork/ exit/wait, pipes, binder IPC, low-level thread support, etc.) and virtual memory management (page faults, etc.) I/O completions timer ticks interrupt/return The handler accesses the core register context to read the details of the exception (trap, fault, or interrupt). It may call other kernel routines.