ECS150 FQ20
March 27, 2020
Kernel Abstraction
Lecture Notes 2
• Protection – Isolation of potentially misbehaving applications/users
• Reliability – The OS does exactly what it is supposed to do
• Security – Computer’s operation cannot be compromised by attacker
• Privacy – Data is only accessible to authorized users
• Fair Resource Allocation – Putting limits on the amount of resources allocated to single application
• OS Kernel – Lowest level of software running on system (has full access to hardware)
• Process – The execution of an application program
Process Abstraction
• Executable Image – Sequence of machine instructions stored in a file
• Execution Stack (or Stack) – Automatically allocated variables “Local Variables”
• Heap – Dynamically allocated variables
• Data Section – “Global Variables” and constants
• Text Section – The instructions of process
• Process Control Block – Stores all information OS needs about a process
• Process vs. Program – A process is a running “instance” of a static program
• Process vs. Thread – A process is an instance of a single program with one or more
threads running
Stack
Heap
Data
Text
Dual Mode Operation
• Dual Mode (or Multimode) – Multiple modes of CPU operation
• Kernel Mode (Supervisor, System or Privileged Mode) – Allowed to use all
instructions/access all of memory
• User Mode – Limited access to memory/instructions (usually virtually mapped memory)
This content is protected and may not be shared, uploaded, or distributed. Lecture Notes 2
1 of 4
ECS150 FQ20 March 27, 2020
• Privileged Instructions – Potentially unsafe instructions prohibited in user mode
• Change Privilege Level – Changes the permissible instructions
• Adjust Memory Boundaries – Changes allowed memory locations
• Enable/Disable Interrupts – Allows or disallows CPU interruption
• Memory Protection – All memory accesses outside of processes valid region are prohibited
• Base and Bound – Registers that provide base and limit of allowed memory accesses
• Expandable Heap and Stack – Base & Bound can be used for each allowing growth
• Memory Sharing – Sharing of code or data between processes (not possible with Base
& Bound only systems)
• Physical Memory Addresses – Program instructions use relative addresses to base of
program, translation from base register is needed to get correct physical address
• Memory Fragmentation – Memory is broken up into used and free spaces (free spaces
are fragmented and not contiguous)
• Virtual Address – Address that the process uses, is mapped to a physical address
through hardware
• Timer Interrupts – Mechanism for kernel to periodically regain control
• Hardware Timer – Hardware clock/counter that will interrupt the CPU at an interval Types of Mode Transfer
• User to Kernel Mode – Transfer from user to the kernel
• Trap (or Exception) – A synchronous transfer from user mode to kernel mode
• Interrupt – Asynchronous signal to CPU that external event has occurred
• Polling – Continuous loop of checking I/O devices for completion
• Processor Exception – Hardware event caused by user program behavior
• System Call – Procedure provided by kernel that user calls
• Kernel to User Mode – Transfer from kernel to user
• New Process – After program is loaded into memory, process begins with transfer
from kernel
• Resume after ISR – Return after a interrupt, exception, or system call
• Switch to different process – Kernel does the switch between processes
• User-level upcall – Asynchronous notification to process
This content is protected and may not be shared, uploaded, or distributed. Lecture Notes 2
2 of 4
ECS150 FQ20 March 27, 2020
System Call Interrupt User Mode Kenel Mode User Mode
Interrupt
RTI
Kenel Mode
System Call
System Call Return
Execute System Call
Interrupt Service Routine
Implementing Safe Mode Transfer
• Limited entry into the kernel – All entry points to kernel must be setup by kernel
• Atomic changes to processor state – Mode, Program Counter, Stack, Memory Protection
change must be atomic
• Transparent, restartable execution – Must be able to restart user process at any instruction
if interrupted
• Interrupt Vector Table – Array of pointers to first instruction of interrupt handlers
• Interrupt Handler – Procedure called by kernel to handle the interrupt
• Interrupt Stack – Separate memory stack for running Interrupt Handler
• Reliability – User stack may have insufficient space
• Security – User could potentially change kernel’s state if user stack used
• Two Stacks Per Process – User stack and kernel interrupt stack per process (more flexible
than single interrupt stack)
• Interrupt Masking – Deferring or ignoring of interrupts
• Interrupt Disable – An instruction that defers all interrupts
• Interrupt Enable – An instruction that enables processing of all unmasked interrupts
• Hardware Support for Saving/Restoring – Stack Pointer might be saved automatically,
and Program Counter is pushed on stack, other registers may be stored
x86 Mode Transfer
1. Mask Interrupts – Disable interrupts so don’t get interrupted while switching mode
2. Save ESP, EFLAGS, EIP – Save the stack pointer, CPU flags, and instruction pointer
3. Switch onto the kernel interrupt stack – Stack pointers are switched
4. Push ESP, EFLAGS, EIP on new stack – Have the return state locally available
5. Optionally save error code – Store exception error codes if any
6. Invoke the interrupt handler – Finally invoke the handler once all state has been stored
Implementing Secure System Calls
• Calling Convention – System call naming, argument passing, and passing return values
• Pair of stubs – Pair of procedures that mediate between two environments
This content is protected and may not be shared, uploaded, or distributed. Lecture Notes 2
3 of 4
ECS150 FQ20 March 27, 2020
• Locate system call arguments – Arguments are in user memory, not kernel’s
• Validate parameters – Must protect against malicious attacks
• Copy before check – Copy from user into kernel memory before checking
• Time of check vs. Time of use attack – User changes arguments after being checked if no copy before check is used
• Copy back results – Stub must copy kernel results back into user memory Starting a New Process
1. Allocate and initialize the process control block
2. Allocate memory for process
3. Copy the program into the newly allocated memory
4. Allocate a user-level stack for user-level execution
5. Allocate a kernel-level stack for handling system calls, interrupts and exceptions
6. Copy arguments into user memory
7. Transfer control to user mode
Implementing Upcalls
• Upcall – Asynchronous notification to process (signal on *NIX or asynchronous events on Windows)
• Preemptive user-level threads – User timers might be used to preempt threads
• Asynchronous I/O notification – Allows for work to be completed while I/O not complete
• Interprocess communication – Notifies process that event needs immediate attention
• User-level exception handling – Allow graceful exit in case of exceptions
• User-level resource allocation – Allows for adapting process to resources available
• Types of signals – A limited number of events that process can be notified about
• Signal Handlers – Procedure that processes the signal event
• Signal Stack – A separate stack for signal handlers
• Signal Masking – Deferring signal processing
• Processor State – Information such as stack pointer, program counter, registers etc.
This content is protected and may not be shared, uploaded, or distributed. Lecture Notes 2
4 of 4