the kernel
play

The Kernel wants to be your friend Boxing them in Buggy apps can - PowerPoint PPT Presentation

Jan 06, 2024 •463 likes •1.15k views

The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2 App 3 Buggy apps can crash OS Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

  1. The Kernel wants to be your friend

  2. Boxing them in Buggy apps can crash other apps App 1 App 2 App 3 Buggy apps can crash OS Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy of other apps managing resources, accessing I/O... Malicious apps can change the OS

  3. The Process An abstraction for protection the execution of an application program with restricted rights App 1 But there are tradeoffs (there always are tradeoffs!) OS Must not hinder functionality still efficient use of hardware enable safe communication

  4. The Process An abstraction for protection the execution of an application program with restricted rights App 1 But there are tradeoffs (there always are tradeoffs!) OS Must not hinder functionality still efficient use of hardware enable safe communication

  5. I know what you are thinking… Actually…

  6. Special Part of the OS all kernel is in the OS not all the OS is in the kernel (why not? robustness) widgets libraries, window managers etc

  7. Process: Getting to know you A process is a program during execution program is a static file process = executing program = program + execution state Header Code compiler Initialized data OS copy Source code Executable Image Physical memory Code Data Heap Stack Code Data Heap Stack

  8. Keeping track of a process Process Control A process has code Block OS must track program counter PC Stack Pointer Registers A process has a stack PID UID OS must track stack pointer Priority List of open files Process status OS stores state of process … in Process Control Block (PCB) Data (program instructions, stack & heap) resides in memory, metadata is in PCB

  9. How can the OS enforce restricted rights? Easy: kernel interprets each instruction! slow many instructions are safe: do we really need to involve the OS?

  10. How can the OS enforce restricted rights? Easy: kernel interprets each instruction! slow many instructions are safe: do we really need to involve the OS? Dual Mode Operation hardware to the rescue: use a mode bit in user mode, processor checks every instruction in kernel mode, unrestricted rights hardware to the rescue (again) to make checks efficient

  11. Efficient protection in dual mode operation Privileged instructions in user mode, no way to execute potentially unsafe instructions Memory protection in user mode, memory accesses outside a process’ memory region are prohibited Timer interrupts kernel must be able to periodically regain control from running process + Efficient mechanism for switching modes

  12. I. Privileged instructions Examples: Set mode bit; set accessible memory; disable interrupts; etc But how can an app do I/O then? system calls achieve access to kernel mode only at specific locations specified by OS Executing a privileged instruction while in user mode causes a processor exception.... ...which passes control to the kernel

  13. II. Memory Protection Step 1: Virtualize Memory Virtual address space: set of memory mapped segments addresses that process can “touch” DLL ’ s CPU works with virtual addresses Stack Physical address space: set of memory addresses supported by hardware Heap Virtual Initialized data address space Code

  14. II. Memory Protection Step 2: Address Translation Implement a function mapping into ⟨ pid, virtual address ⟩ physical address Virtual Physical p i Advantages: a486d9 protection relocation 5e3a07 data sharing multiplexing

  15. Protection At all times, the functions used by different processes map to disjoint ranges p i p j

  16. Relocation The range of the function used by a process can change over time p i

  17. Relocation The range of the function used by a process can change over time p i

  18. Data Sharing Map different virtual addresses of different processes to the same physical address p i 04d26a 5e3a07 p j 119af3

  19. Multiplexing Create illusion of almost infinite memory by changing domain (set of virtual addresses) that maps to a given range of physical addresses p i

  20. Multiplexing The domain (set of virtual addresses) that map to a given range of physical addresses can change over time p i

  21. Multiplexing The domain (set of virtual addresses) that map to a given range of physical addresses can change over time p i

  22. Multiplexing The domain (set of virtual addresses) that map to a given range of physical addresses can change over time p i

  23. Multiplexing The domain (set of virtual addresses) that map to a given range of physical addresses can change over time p i

  24. A simple mapping mechanism: Base & Bound MAX sys Memory Exception Logical Physical no 1500 p’ s physical addresses addresses CPU ≤ + address yes space 1000 1000 500 Bound Base Register Register 0

  25. On Base & Limit Contiguous Allocation: contiguous virtual addresses are mapped to contiguous physical addresses Protection is easy, but sharing is hard Two copies of emacs: want to share code, but have data and stack distinct... And there is more… Hard to relocate We want them as far as as possible in virtual address space, but...

  26. III. Timer Interrupts Hardware timer can be set to expire after specified delay (time or instructions) when it does, control is passed back to the kernel Other interrupts (e.g. I/O completion) also give control to kernel

  27. Crossing the line user process mode bit = 1 user process executing calls system call return from system call trap mode bit := 1 mode bit := 0 return kernel mode bit = 0 execute system call

  28. From user mode to kernel mode... Exceptions user program acts silly (e.g. division by zero) attempt to perform a privileged instruction sometime on purpose! (breakpoints) synchronous System calls/traps user program requests OS service Interrupts synchronous HW device requires OS service timer, I/O device, interprocessor asynchronous

  29. ...and viceversa Resume after exception, p interrupt or syscall restore PC, SP, registers; Switch to different process q toggle mode load PC, SP, registers from ’ s q PCB If new process toggles mode copy program in memory, set PC and SP User-level upcall toggle mode a sort of user-level interrupt handling

  30. Making the transition: Safe mode switch Common sequences of instructions to cross boundary, which provide: Limited entry entry point in the kernel set up by kernel Atomic changes to process state PC, SP, memory protection, mode Transparent restartable execution user program must be restarted exactly as it was before kernel got control

  31. Interrupt vector Processor Register Interrupt Vector 0 Hardware identifies why handleDivideByZero() { boundary is crossed ... } trap? interrupt (which 31 device)? 32 exception? Hardware selects entry handleTrap() { from interrupt vector ... 128 } Appropriate handler is invoked handleTimerInterrupt() { ... } 255

  32. Interrupt stack Stores execution context of interrupted process HW saves SP, PC Handler saves remaining registers Stores handler’ s local variables Pointed by privileged register One per process (or per thread!) Why not use the stack in user’ s space?

  33. Interrupt masking What if an interrupt occurs while running an interrupt handler? Disable interrupts via privileged instruction Overdramatic… it actually defers them Just use the current SP of Interrupt stack

  34. Mode switch on x86 User-level Registers Kernel Process Stack segment Offset Code Code Offset Code segment SS:ESP foo() { handler() { CS:EIP while(...) { pusha EFLAGS x = x+1; ... y = y-2 } Other } Registers: } EAX, EBX, ... Stack Interrupt Stack

  35. Mode switch on x86 User-level Registers Kernel Process Code Code SS:ESP SS:ESP foo() { handler() { CS:EIP CS:EIP while(...) { pusha EFLAGS EFLAGS x = x+1; ... y = y-2 } Other } Registers: } EAX, EBX, ... Stack Interrupt Stack 1. Disable interrupts 2. Save key registers 3. Switch onto the kernel interrupt stack

  36. Mode switch on x86 User-level Registers Kernel Process Code Code SS:ESP foo() { handler() { CS:EIP while(...) { pusha EFLAGS x = x+1; ... y = y-2 } Other SS:ESP } CS:EIP Registers: } EFLAGS EAX, EBX, ... Stack Interrupt Stack 1. Disable interrupts 2. Save key registers 3. Switch onto the kernel interrupt stack 4. Push key registers onto new stack

  37. Mode switch on x86 User-level Registers Kernel Process Code Code SS:ESP foo() { handler() { CS:EIP while(...) { pusha EFLAGS x = x+1; ... y = y-2 } Other } Registers: } EAX, EBX, ... Stack Interrupt Stack SS:ESP CS:EIP 1. Disable interrupts EFLAGS 2. Save key registers 3. Switch onto the kernel interrupt stack 4. Push key registers onto new stack

  38. Mode switch on x86 User-level Registers Kernel Process Code Code SS:ESP foo() { handler() { CS:EIP while(...) { pusha EFLAGS x = x+1; ... y = y-2 } Other } Registers: } EAX, EBX, ... Stack Interrupt Stack SS:ESP CS:EIP 1. Disable interrupts EFLAGS 2. Save key registers 3. Switch onto the kernel interrupt stack 4. Push key registers onto new stack 5. Save error code (optional)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
1 Kernel methods & optimization One example of a kernel that is frequently used in practice

1 Kernel methods & optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods & optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

240 views • 5 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Overview Preliminaries Kernel ridge regression Kernel -means clustering

476 views • 25 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, David Herrmann, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started

1.35k views • 111 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification Emille E. O. Ishida IAG University of Sao Paulo, Brazil In collaboration with Rafael S. De Souza (KASI) astro-ph/1201.6676 IAU General Assembly,

155 views • 14 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides
D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started around

1.27k views • 111 slides
Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick:

Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick:

Quadrature-based Features for Kernel Approximation Marina Munkhoeva , Yermek Kapushev, Evgeny Burnaev, Ivan Oseledets Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick: compute

1.01k views • 17 slides
TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include <kernel.h> WINDOW

TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include <kernel.h> WINDOW

TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include <kernel.h> WINDOW window_top = {0, 0, 80, 12, 0, 0, ' '}; WINDOW window_bottom = {0, 12, 80, 13, 0, 0, ' '}; void kernel_main() { for (int x = 0; x < 80 * 25 * 2; x++)

830 views • 7 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

Processes and the Kernel Processes and the Kernel The kernel sets processes up process in private data data execution Processes, Protection and the Kernel: Processes, Protection and the Kernel: virtual contexts to address

540 views • 9 slides
A kernel in a library Genodes custom kernel approach Martin Stein <

A kernel in a library Genodes custom kernel approach Martin Stein <

A kernel in a library Genodes custom kernel approach Martin Stein < martin.stein@genode-labs.com > Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genodes custom kernel

798 views • 45 slides
Hoare Logic and Model Checking Alan Mycroft Computer Laboratory, University of Cambridge, UK

Hoare Logic and Model Checking Alan Mycroft Computer Laboratory, University of Cambridge, UK

Hoare Logic and Model Checking Alan Mycroft Computer Laboratory, University of Cambridge, UK http://www.cl.cam.ac.uk/am21 CST Part II 2017/18 Acknowledgement: slides heavily based on those for Mike Gordons 2014/15 courses Alan Mycroft

1.43k views • 127 slides
CS3102 Theory of Computation www.cs.virginia.edu/~njb2b/cstheory/s2020 Warm up: Recall:

CS3102 Theory of Computation www.cs.virginia.edu/~njb2b/cstheory/s2020 Warm up: Recall:

CS3102 Theory of Computation www.cs.virginia.edu/~njb2b/cstheory/s2020 Warm up: Recall: , = 1 if (as a TM description, call it ) accepts , 0 otherwise Why would

259 views • 25 slides
Nonlinear wave interaction for broad-banded, open seas deterministic and stochastic theory

Nonlinear wave interaction for broad-banded, open seas deterministic and stochastic theory

Nonlinear wave interaction for broad-banded, open seas deterministic and stochastic theory Raphael Stuhlmeier (based on joint work with David Andrade and Michael Stiassnie) 11. March 2019 Structure of this talk: 1. Linear theory and the

973 views • 68 slides
Theories of pseudopotentials 1. OPW method 2. PK type pseudopotential 3. Norm-conserving

Theories of pseudopotentials 1. OPW method 2. PK type pseudopotential 3. Norm-conserving

Theories of pseudopotentials 1. OPW method 2. PK type pseudopotential 3. Norm-conserving pseudopotential by TM 4. Ultra-soft pseudopotential by Vanderbilt 5. MBK pseudopotential 6. Solving the 1D Dirac eq. 7. What we can do if we generate PPs

669 views • 37 slides
Model-view-controller View hierarchy

Model-view-controller View hierarchy

Model-view-controller View hierarchy Observer Fall 2004 6.831 UI Design and

436 views • 6 slides
Electronic System Level Design Modules & Hierarchy in SystemC Maziar Goudarzi Today

Electronic System Level Design Modules & Hierarchy in SystemC Maziar Goudarzi Today

Electronic System Level Design Modules & Hierarchy in SystemC Maziar Goudarzi Today Program Modules in SystemC Hierarchical Design in SystemC 2009 ESL Design 2 Why Modules? Advantages Building Block in Design Hierarchy

434 views • 29 slides
Creating MATLAB Scripts Top-down Program Design, Choose File> New> M-file from the menu

Creating MATLAB Scripts Top-down Program Design, Choose File> New> M-file from the menu

Creating MATLAB Scripts Top-down Program Design, Choose File> New> M-file from the menu Use the editor to write your program Relational and Logical Operators Document your program using comments that include Short note about

218 views • 3 slides
Updated Estimates of Californias Urban and Rural Methane Emissions Marc Fischer 1 , Seongeun

Updated Estimates of Californias Urban and Rural Methane Emissions Marc Fischer 1 , Seongeun

Updated Estimates of Californias Urban and Rural Methane Emissions Marc Fischer 1 , Seongeun Jeong 1 , Elena Novakovskaia 2 , Arlyn E. Andrews 3 , Laura Bianco 3,4 , Heather Graven 5 , Ying-Kuang Hsu 6 , Sally Newman 7 , Patrick Vaca 6 , Aaron

517 views • 12 slides

More recommend