use the notes as pointers to lectures/slides
lec12 – concurrency 1
**refer to lec22 p8-13
IPC mechanisms: messaging vs. shared memory
unnamed pipes vs. named pipes aka FIFOs (created with mknod/mkfifo)
**overhead of messaging: two factors
**mmap() – three ways of using it
whether we can coordinate interactions between processes
lack of atomicy / race condition (determined by timing) / critical section
mutual exclusion: sync/coordination mechanisms
lec13 – concurrency 2
sync/coordination mechanisms: mutex (lock), condition variable, semaphore
**refer to lec22 p8-13
2 consequences: corruption or deadlock
**Deadlocks (4 conditions)
lec14 – kernel modules 1
kernel modules vs. device drivers (relationship?)
**refer to lec23 p13
cost of kernel modules: stability and security
kernel module signing
lec15 – kernel modules 2
commands to deal with kernel modules: lsmod/insmod/rmmod
a skeleton kernel module
file operations for a device driver
why put_user()/get_user()/etc. are needed
kernel modules are kernel version-specific
lec16 – memory management 1
**refer to lec23 p12
in-process vs kernel memory management
malloc() -> the heap, mmap(), brk/sbrk() – user space
memory is managed/allocated in pages – storage is in blocks
MMU does the virtual-physical translation – hardware
CR3 -> the root table (page global directory)
PTEs: information about a physical page frame
**what’s in a PTE
lec17 – memory management 2
understand the page table walk
TLB: real cache (storing PTEs)
kernel space vs. physical memory
page cache: regular memory (caching anything from files/devices)
swapping or paging: to move memory pages to disk storage
page fault as a mechanism to signal page absence
page fault handler -> kernel code
**clock algorithm – LRU
**workflow on p12
OOM killer and low-memory killer
lec18 – containers 1
VMs – involves overhead in loading time and duplicate components
**primary building blocks: cgroups, namespaces and capabilities
additional building blocks for security enhancement
capabilities – more fine-grained
file capabilities vs. setuid
lec19 – containers 2
namespaces: different views of the same resources
cgroups: metering or control of quota (file system: cgroup to store policies)
building blocks + execution drivers + management tools = containers
k8s: orchestration
lec20 – security 1
threat model
integrity/confidentiality/availability
**cryptography vs. access control (be able to tell which is involved in a given mechanism)
symmetric vs. public crypto
vulnerability: software bug that allows an exploit
lec21 – security 2
reference monitor
**the three autentication factors
revisit past topics: crypto or access control?
lec22 – security 3
rootkit vs. ransomware vs. backdoors vs. keyloggers (relationship?)
lec23 – boot
firmware: BIOS/UEFI
Boot loader (GRUB)
The OS kernel -> kernel modules -> init -> login
tut5
logical size vs. physical size
tut6
Differences between:
Messaging: 3000pc-fifo
Shared mem: 3000pc-rendezvous
tut7
kernel data structures: task_struct, cred
tut8
kernel data structures: mm_struct
purposes of copy_from_user()/copy_to_user()/etc.
3000memview2: patterns of addresses
page cache
tut9
understanding of namespaces
overlay filesystem