x86 and xv6
play

x86 and xv6 CS 450: Operating Systems Michael Saelee - PowerPoint PPT Presentation

Nov 17, 2023 •271 likes •1.06k views

x86 and xv6 CS 450: Operating Systems Michael Saelee <saelee@iit.edu> To work on an OS kernel, we must be intimately familiar with the underlying ISA, hardware, and system conventions - x86 ISA - PC architecture - Unix, GCC, ELF, etc.

  1. x86 and xv6 CS 450: Operating Systems Michael Saelee <saelee@iit.edu>

  2. To work on an OS kernel, we must be intimately familiar with the underlying ISA, hardware, and system conventions - x86 ISA - PC architecture - Unix, GCC, ELF, etc.

  3. § x86 ISA

  4. - Intel IA-32 Software Developer’s Manuals (linked on course website) are comprehensive references - Volume 1: Architectural Overview (e.g., regs, addressing) - Volume 2: Instruction Set Reference - Volume 3: Systems Programming Guide (e.g., mechanisms that let operating system control/configure hardware) - (Majority of diagrams in slides are from these manuals)

  5. x86 Family of ISAs - Started with Intel’s 8086 16-bit CPU in 1978 - Followed by 80186, 80286, 80386, 80486 (then Pentium …) - 80386 introduced 32-bit addressing (“IA-32” architecture) - CISC-style ISA - Large instruction set, complex addressing modes

  6. Backwards Compatibility - “x86” implies backwards compatibility all the way to 8086 - All x86 CPUs boot into 16-bit “real address mode” (aka “real mode”) - Supported CPUs can switch into 32-bit “Protected Mode” - i.e., we need to understand real mode to write an OS!

  7. Instruction Set Overview - Arithmetic: add , sub , and , etc. - Moving data: mov , push , pop , etc. - Control flow: jmp , call , ret , etc. - I/O: in , out - Privileged: int , iret , hlt , etc.

  8. Instruction formats: - 0 operands, e.g., ret - 1 operand, e.g., pushl %ebp - 2 operands — OP SRC, DST — e.g., movl $0xa, %eax - Operands may be immediate values (constants), registers, memory addresses

  9. NB: we’ll be using AT&T syntax for x86 assembly - output by GCC/GAS - Constants are prefixed with $ , Register names with % - Instruction suffixes ( b =8-bit, w =16-bit, l =32-bit, etc.) used to indicate operand sizes - not the same as official Intel syntax! (output by NASM)

  10. • • • • • • • • General-Purpose Registers 16-bit 32-bit 31 16 15 8 7 0 AH AL AX EAX BH BL BX EBX CH CL CX ECX DH DL DX EDX BP EBP SI ESI DI EDI SP ESP Figure 3-5. Alternate General-Purpose Register Names • EAX — Accumulator for operands and results data • EBX — Pointer to data in the DS segment • ECX — Counter for string and loop operations • EDX — I/O pointer • ESI — Pointer to data in the segment pointed to by the DS register; source pointer for string operations • EDI — Pointer to data (or destination) in the segment pointed to by the ES register; destination pointer for string operations • ESP — Stack pointer (in the SS segment) • EBP — Pointer to data on the stack (in the SS segment) As shown in Figure 3-5, the lower 16 bits of the general-purpose registers map directly to the register set found in

  11. EFLAGS register used for conditional operations E.g., if last operation resulted in zero/nonzero/neg/etc. movl $0, %eax .L0: for (i=0; i<10; i++); addl $1, %eax cmpl $10, %eax # 10-eax jne .L0 # jump if ZF ≠ 0

  12. 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 12 11 10 9 13 8 7 6 5 4 3 2 1 0 I V V A N O O D I T S Z P C I V R A I I 0 0 0 0 0 0 0 0 0 1 0 0 0 0 F D C F T F F F F F F F F M P P F L X ID Flag (ID) X Virtual Interrupt Pending (VIP) X Virtual Interrupt Flag (VIF) X Alignment Check / Access Control (AC) X Virtual-8086 Mode (VM) X Resume Flag (RF) X Nested Task (NT) X I/O Privilege Level (IOPL) S Overflow Flag (OF) C Direction Flag (DF) X Interrupt Enable Flag (IF) X Trap Flag (TF) S Sign Flag (SF) S Zero Flag (ZF) S Auxiliary Carry Flag (AF) S Parity Flag (PF) S Carry Flag (CF) S Indicates a Status Flag C Indicates a Control Flag X Indicates a System Flag Reserved bit positions. DO NOT USE. Always set to values previously read. Figure 3-8. EFLAGS Register (only bottom 16-bits in real mode)

  13. IP (16-bit) / EIP (32-bit) is instruction pointer register (PC elsewhere) - always points to next instruction; automatically incremented - change explicitly with jump, call, ret, etc.

  14. Addressing modes: - Direct : movl 0x401000, %eax ≈ eax = *(uint32_t *)(0x401000) - Indirect : movl (%ebx), %eax ≈ eax = *(uint32_t *)ebx

  15. Addressing modes (continued): - Base-Displacement : movl 8(%ebx), %eax ≈ eax = *(uint32_t *)(ebx + 8) - Indexed & Scaled : movl (%ebx, %ecx, 4), %eax ≈ eax = *(uint32_t *)(ebx + ecx*4)

  16. 16-bit addressing modes: 32-bit addressing modes: (Courtesy WikiMedia Commons)

  17. Real mode addressing - 8086 has 16-bit registers, but 20-bit physical addresses - Use one of four 16-bit segment registers: CS, DS, SS, ES - Shift left by 4 bits (i.e., × 16) to obtain a segment base address - Add to virtual address to obtain physical address

  18. Real mode addressing - Code and Stack accesses using IP , SP , and BP automatically use CS (code segment) and SS (stack segment) values - e.g., if IP= 0x4000 and CS= 0x1100 , CS:IP refers to absolute address 0x1100 × 16 + 0x4000 = 0x15000 - Can be confusing and unwieldy (especially if data straddles segments)

  19. Protected mode addressing - Full 32-bit addresses stored in registers - Segment registers (expanded to CS, DS, SS, ES, FS, GS, and still all 16-bit) no longer hold base addresses, but selectors - Selectors are used to load segment descriptors from a descriptor table which describe location/size/status/etc. of segments

  20. 15 0 31(63) 0 Logical Seg. Selector Offset (Effective Address) Address Descriptor Table Base Address Segment + Descriptor 31(63) 0 Linear Address Figure 3-5. Logical Address to Linear Address Translation 15 3 2 1 0 T Index RPL I Table Indicator 0 = GDT 1 = LDT Requested Privilege Level (RPL)

  21. Segmentation - Recall: segmentation allows virtual addresses to be translated using segment base addresses - Segment descriptors also allow for access control (e.g., restricted access to certain segments) - Mapping from segmented to linear address can be simple/ flat or arbitrarily complex!

  22. Linear Address Space (or Physical Memory) Segment FFFFFFFFH Code Registers CS Code- and Data-Segment Descriptors Not Present SS DS Access Limit Data and Stack Base Address 0 ES FS GS Figure 3-2. Flat Model

  23. Segment Linear Address Space Descriptors (or Physical Memory) Segment Access Limit FFFFFFFFH Registers Code Base Address CS Not Present ES Memory I/O SS Access Limit Base Address DS Data and Stack FS GS 0 Figure 3-3. Protected Flat Model

  24. Segment Linear Address Space Segment Descriptors (or Physical Memory) Registers Access Limit CS Base Address Stack Access Limit SS Base Address Access Limit DS Base Address Code Access Limit ES Base Address Data Access Limit FS Base Address Data Access Limit GS Base Address Data Access Limit Base Address Access Limit Base Address Data Access Limit Base Address Access Limit Base Address Figure 3-4. Multi-Segment Model

  25. Segment Descriptor Tables - Kernel is responsible for maintaining descriptor tables on a system wide (via Global Descriptor Table) or task-specific (via Local Descriptor Table) basis - Part of growing list of kernel data structures!

  26. 15 0 31(63) 0 Logical Seg. Selector Offset (Effective Address) Address Descriptor Table Base Address Segment + Descriptor 31(63) 0 Linear Address 15 3 2 1 0 T Index RPL I Table Indicator 0 = GDT 1 = LDT Requested Privilege Level (RPL) Figure 3-6. Segment Selector Global Local Descriptor Descriptor Table (GDT) Table (LDT) T I TI = 0 TI = 1 Segment Selector 56 56 48 48 40 40 32 32 24 24 16 16 8 8 First Descriptor in GDT is Not Used 0 0 GDTR Register LDTR Register Limit Limit Base Address Base Address Seg. Sel. Figure 3-10. Global and Local Descriptor Tables

  27. 31 24 23 22 21 20 19 16 15 14 13 12 11 0 8 7 Seg. D A D Limit 4 Base 31:24 Type Base 23:16 G L P S / V P 19:16 B L L 31 16 15 0 Base Address 15:00 Segment Limit 15:00 0 L — 64-bit code segment (IA-32e mode only) AVL — Available for use by system software BASE — Segment base address D/B — Default operation size (0 = 16-bit segment; 1 = 32-bit segment) DPL — Descriptor privilege level G — Granularity LIMIT — Segment Limit P — Segment present S — Descriptor type (0 = system; 1 = code or data) TYPE — Segment type Figure 3-8. Segment Descriptor

  28. CS and CPL - Bottom 2 bits of CS indicate the CPL (current privilege level) - Recall: 0 = highest, 3 = lowest — used to guard access to privileged/restricted instructions and memory - CS segment selector cannot be manipulated directly (why?) - Loaded from descriptor DPL (when switching segments)

  29. xv6 and Segmentation - xv6 mostly uses a flat model, so segmentation setup is simple - But segmentation descriptors are very similar to those used in interrupt descriptor tables (IDTs) - Used for carrying out interrupts and enforcing privilege level (CPL) policies — coming later

  30. Paging - Recall: paging allows for more granular mapping of linear address spaces onto physical memory - Fixed sized pages mapped from linear to physical address space - We will use support for 2-level paging for 32-bit addresses: - 1K page directory entries → 1K page tables (each) - 4KB pages

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interrupts, Exceptions, and System Calls Chester Rebeiro IIT Madras OS &amp; Events OS is

Interrupts, Exceptions, and System Calls Chester Rebeiro IIT Madras OS &amp; Events OS is

Interrupts, Exceptions, and System Calls Chester Rebeiro IIT Madras OS &amp; Events OS is event driven i.e. executes only when there is an interrupt, trap, or system call OS 0 3 Privilege level 1 3 User process 1 User process 2

910 views • 64 slides
Pentium 4 Architecture Breakdown Key differences from the PIII Using the P4s

Pentium 4 Architecture Breakdown Key differences from the PIII Using the P4s

Arrian Mehis , Performance Engineer, Workstations Ramesh Radhakrishnan, Performance Engineer, Servers Dell Computer Corporation Pentium 4 Architecture Breakdown Key differences from the PIII Using the P4s performance enhancing

726 views • 44 slides
R EVIEW OF C HAPTER 2 H OW TO D EVELOP A VB A PPLICATION Design the Interface for the user

R EVIEW OF C HAPTER 2 H OW TO D EVELOP A VB A PPLICATION Design the Interface for the user

R EVIEW OF C HAPTER 2 H OW TO D EVELOP A VB A PPLICATION Design the Interface for the user Literally draw the GUI Drag buttons/text boxes/etc onto form Determine which events the controls on the window should recognize Write the

1.28k views • 93 slides
Evaluation CS 197 | Stanford University | Michael Bernstein Administrivia Evaluation plan

Evaluation CS 197 | Stanford University | Michael Bernstein Administrivia Evaluation plan

Evaluation CS 197 | Stanford University | Michael Bernstein Administrivia Evaluation plan assignment going live today, due in Week 8 (Details on the assignment page.) Reminder: project reports through week 8, evaluation plan due week 8, draft

678 views • 35 slides
Advanced Material Rendering Micha Drobot Visual Technical Director Reality Pump Advanced

Advanced Material Rendering Micha Drobot Visual Technical Director Reality Pump Advanced

Advanced Material Rendering Micha Drobot Visual Technical Director Reality Pump Advanced Materials State of material rendering Several techniques from the old toolbox Diffuse + Specular + Normal + Phong Parallax Fur /

1.46k views • 113 slides
Sound File Formats Raw data has samples (interleaved w/stereo) Need way to parse raw

Sound File Formats Raw data has samples (interleaved w/stereo) Need way to parse raw

The Game Development Process Audio Creation Topics Computer Audio Technology Music Guidelines Audio Process Guidelines 1 Digital Audio Sound produced by variations in air pressure Can take any continuous value Analog

267 views • 26 slides
Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline

Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline

Dirk Eddelbuettel DSC 2017 July 3, 2017 Ketchum Trading; Debian and R Projects 1/23 Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline Some Notes about Rcpp, ever so briefly about testing

1.31k views • 23 slides
TOS Arno Puder 1 Objectives Introduce the x86 interrupt handling model Explain the

TOS Arno Puder 1 Objectives Introduce the x86 interrupt handling model Explain the

TOS Arno Puder 1 Objectives Introduce the x86 interrupt handling model Explain the functionality of the Interrupt Controller Explain how TOS handles interrupts 2 Review: Segmentation All x86 memory references go through

537 views • 27 slides
Rapidmind Background on GPGPU GPU Tutorial Goal: 3-D image -&gt; 2-D image 2 main stages:

Rapidmind Background on GPGPU GPU Tutorial Goal: 3-D image -&gt; 2-D image 2 main stages:

Rapidmind Background on GPGPU GPU Tutorial Goal: 3-D image -&gt; 2-D image 2 main stages: Convert 3-D coordinates to 2-D windows Vertex processing Fill in 2-D windows Fragment processing GPU Hardware Pipeline Graphics

751 views • 63 slides
Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide

Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide

Multi-Party Computation: Second year Eduardo Soria Vzquez October 11, 2017 A Year in a slide 1. Conferences attended : 1. Flagship: TCC 2016-B, Eurocrypt 2017. 2. Domain-specific: TPMPC. 3. Smaller Meetings: ECRYPT collaborative writing

351 views • 32 slides
ProxySQL hand-on Ren Canna Ren Canna ProxySQL ProxySQL Frankfurt, 5 th Nov 2018

ProxySQL hand-on Ren Canna Ren Canna ProxySQL ProxySQL Frankfurt, 5 th Nov 2018

ProxySQL hand-on Ren Canna Ren Canna ProxySQL ProxySQL Frankfurt, 5 th Nov 2018 Frankfurt, 5 th Nov 2018 A bit about ProxySQL LLC We provide services to help build, support We provide services to help build, support as well as

1.5k views • 121 slides
Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Self Introduction Linux Kernel developer at Oracle Working in kernel security engineering group

659 views • 46 slides
Interrupts and System Next Thursdays class has a reading assignment Lab 1 due Friday

Interrupts and System Next Thursdays class has a reading assignment Lab 1 due Friday

9/7/12 Housekeeping Welcome TA Amit Arya Office Hours posted Interrupts and System Next Thursdays class has a reading assignment Lab 1 due Friday Calls All students should have VMs at this point Email Don

520 views • 9 slides
CS 333 Introduction to Operating Systems Class 16 Secondary Storage Management Jonathan

CS 333 Introduction to Operating Systems Class 16 Secondary Storage Management Jonathan

CS 333 Introduction to Operating Systems Class 16 Secondary Storage Management Jonathan Walpole Computer Science Portland State University Disks Disk geometry Disk head, surfaces, tracks, sectors Comparison of (old) disk

672 views • 63 slides
Intoduction to Python - Part 2 Marco Chiarandini Department of Mathematics &amp; Computer Science

Intoduction to Python - Part 2 Marco Chiarandini Department of Mathematics &amp; Computer Science

DM545 Linear and Integer Programming Intoduction to Python - Part 2 Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark [ Based on booklet Python Essentials ] Exception Handling File Input and

743 views • 52 slides
PAST Scalable Ethernet for Data Centers Brent Stephens , Alan Cox , Wes Felter , Colin

PAST Scalable Ethernet for Data Centers Brent Stephens , Alan Cox , Wes Felter , Colin

PAST Scalable Ethernet for Data Centers Brent Stephens , Alan Cox , Wes Felter , Colin Dixon , and John Carter Rice University IBM Research December 11th, 2012 Brent Stephens PAST: Scalable Ethernet for Data Centers

752 views • 53 slides
Lecture 7 - GPU Ray Tracing (1) Welcome! , = (, )

Lecture 7 - GPU Ray Tracing (1) Welcome! , = (, )

INFOMAGR Advanced Graphics Jacco Bikker - November 2019 - February 2020 Lecture 7 - GPU Ray Tracing (1) Welcome! , = (, ) , + , , ,

520 views • 50 slides
Chapter 9 Polymorphism Chapter Scope The role of polymorphism Dynamic binding Using

Chapter 9 Polymorphism Chapter Scope The role of polymorphism Dynamic binding Using

Chapter 9 Polymorphism Chapter Scope The role of polymorphism Dynamic binding Using inheritance for polymorphism Exploring Java interfaces in more detail Using interfaces for polymorphism Polymorphic design Java

898 views • 46 slides
LAW-MWE-CxG 2018 Shared task poster boosters 1. DEEP-BGT AT PARSEME SHARED TASK 2018:

LAW-MWE-CxG 2018 Shared task poster boosters 1. DEEP-BGT AT PARSEME SHARED TASK 2018:

LAW-MWE-CxG 2018 Shared task poster boosters 1. DEEP-BGT AT PARSEME SHARED TASK 2018: BIDIRECTIONAL LSTM- CRF MODEL FOR VERBAL MULTIWORD EXPRESSION IDENTIFICATION, Gzde Berk, Berna Erden and Tunga Gungor 2. GBD-NER AT PARSEME SHARED TASK

555 views • 14 slides
Innovations in HCI Cornell .Distinction in Paradigm Shifting, or something to that effect A

Innovations in HCI Cornell .Distinction in Paradigm Shifting, or something to that effect A

Innovations in HCI Cornell .Distinction in Paradigm Shifting, or something to that effect A Paid Advertisement from some of your advisors Working Alone Isolation Creativity Memory Capacity What If. Machine Learning

261 views • 12 slides
Farming Decision Support by ICT Presentation at Agriculture WG The 30th APAN Meeting, 9-13,

Farming Decision Support by ICT Presentation at Agriculture WG The 30th APAN Meeting, 9-13,

Farming Decision Support by ICT Presentation at Agriculture WG The 30th APAN Meeting, 9-13, August 2010, Melia Hotel, Hanoi, Vietnam NANSEKI, Teruaki Professor, Kyushu University, Japan nanseki@agr.kyushu-u.ac.jp 1 Speech outline 1.

623 views • 25 slides
aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

Ein Blick in die Hexenkche der Exploit Entwickler aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies https://www.bee-itsecurity.at // Page 2 27/03/2018 // Exploit Development for Dummies

613 views • 48 slides
Methods for recording neuronal activity Prof. Tom Otis t.otis@ucl.ac.uk From animal

Methods for recording neuronal activity Prof. Tom Otis t.otis@ucl.ac.uk From animal

5 October 2020 Methods for recording neuronal activity Prof. Tom Otis t.otis@ucl.ac.uk From animal electricity to how nerves work Galvani, 1780 Galvani, 1791 Helmholtzs measurements of nerve conduction velocity Devices to measure

541 views • 40 slides
Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a re-operation Detection can be difficult and remote from the initial operation The sponge must be removed Primary problem is faulty OR

570 views • 26 slides

More recommend