Lecture02 Small PDF

Lecture Capture
IN2011 n Audio and Data Projector content is

Networks and Operating Systems being captured for this session (I hope!)
l Note: no video is being recorded
n Recordings will be made available in the
Session 2 Echo360 block for this module in
Moodle within a few days of the lecture
System Calls, Services and
System Boot
IN2011 Nets & Ops Session 2 2
Overview Protection
n Protection n An OS provides various forms of

n Dual-mode: user-mode vs kernel-mode protection, including:
l prevent one process from accessing a resource
n System Calls (eg memory) allocated to another
n OS Services (brief overview) l prevent some processes from denying CPU-time
to others
n OS and Kernel structure l prevent file permission controls from being
subverted (eg by direct access to disk controller)
n System Boot
l ...others?
IN2011 Nets & Ops Session 2 3 IN2011 Nets & Ops Session 2 4
Thought Experiment Dual Mode Operation
n Suppose we have a line-printer device n Dual-mode CPU operation allows OS

l To print a line of text we place it in memory and to implement protection mechanisms
write its address into a specified register with hardware support
n What can happen if arbitrary programs n user mode and kernel mode
are allowed to access the device l mode bit provided by hardware
directly? l allows CPU to distinguish when system is running
user code or kernel code
n Can we devise a scheme to manage the l some CPU instructions/registers/memory locations
are privileged: the CPU will only execute/access
printer properly? them when in kernel mode
1
CPU modes in practice Meltdown
n The details of how mode-based protection n Meltdown is fundamentally a failure of the

works in a real architecture can be quite kernel-mode check on Intel chips
complicated n During speculative instruction execution, the
n Example: how things work for Intel x86 check can happen concurrently with an illegal
memory fetch, allowing the fetch to proceed
http://duartes.org/gustavo/blog/post/cpu-rings-
l The permission violation is detected, and the memory fetch
privilege-and-protection
result is erased, but…
(not examinable) l … by then it has affected the cache, allowing information to
be leaked via covert timing channels
How the OS uses dual-modes System Calls
n The system-call/interrupts framework n System calls allow user processes to

ensures that: request the kernel to carry out privileged
operations on their behalf
l kernel code (in particular, interrupt handlers)
runs in kernel mode
l everything else runs in user mode
n System calls and Interrupts cause switch
to kernel mode, return from call switches Software interrupt
back to user mode
Key Types of System Calls System calls: example sequence
n Process control n Demo: cat contents of a file to screen

n File manipulation l trace with strace
l http://www.kernel.org/doc/man-
n Device manipulation pages/online/pages/man2/syscalls.2.html
n Information maintenance
n Communications
n Protection
2
System Call APIs System Call Implementation
n System calls are usually accessed via a n A small integer number is associated
high-level Application Program Interface with each system call
(API) rather than directly l System-call interface maintains a table of
l Common APIs: Win32 API for Windows; POSIX privileged (ie kernel) code locations, indexed
API for POSIX-based systems (including virtually according to these numbers
all versions of UNIX, Linux, and Mac OS X); Java n The system call interface invokes the
API for the Java virtual machine (JVM)
intended system call code in the OS
n Why use APIs rather than direct system kernel and returns the status of the
calls? system call and any return values
System Call Parameter Passing Parameter Passing via Table
n Three general methods used to pass

parameters to the OS
l Simplest: pass the parameters in registers
4 In some cases, may be more parameters than registers
l Parameters stored in a block, or table, in memory,
and address of block passed as a parameter in a
register
l Parameters pushed onto the stack by the program
and popped off the stack by the operating system
API Example OS Services

n The ReadFile() function in the Win32 API
n User interface
l Varies between Command-Line (CLI), GUI, Batch
n Program execution
l load a program into memory and run it; end
execution
n A description of the parameters: n I/O operations

l HANDLE file—the file to be read
l LPVOID buffer—a buffer where the data will be read into and written from n File-system:
l DWORD bytesToRead—the number of bytes to be read into the buffer
l LPDWORD bytesRead—the number of bytes read during the last read l read, write, create, delete, search, list file info,
l LPOVERLAPPED ovl—indicates if overlapped (asynchronous) I/O is being permission management
used
3
A Layered View OS Services (Cont)
n Communications (inter-process)
l via shared memory or through message passing
n Error detection
l Errors may occur in the CPU and memory
hardware, in I/O devices, in user programs
l For each type of error, OS should take appropriate
action to ensure system integrity and to limit
consequences
OS Services (Cont) OS Services (cont)
n Another set of OS functions exists for n Protection and security

ensuring the efficient operation of the l Protection involves ensuring that all access to
system resources is controlled and preventing
system itself via resource sharing concurrent processes from interefering with each
l Resource allocation - When multiple other
users or multiple jobs running concurrently, l Security of the system from outsiders requires
resources must be allocated to each of user authentication, extends to defending external
them I/O devices from invalid access attempts
l Accounting - To keep track of which users n If a system is to be protected and
use how much and what kinds of computer secure, precautions must be instituted
resources throughout it. A chain is only as strong
as its weakest link.
Operating System Design OS Design (Cont)
n Internal structure of different Operating n Important principle to separate

Systems can vary widely Policy: What will be done?
n Start by defining goals Mechanism: How to do it?
l User goals – operating system should be
n Mechanisms determine how to do
convenient to use, easy to learn, reliable, safe,
and fast something, policies decide what must
l System goals – operating system should be easy be done
to design, implement, and maintain, as well as l The separation of policy from mechanism is a very
flexible, reliable, error-free, and efficient important principle, it allows maximum flexibility if
policy decisions are to be changed later
4
Layered Structure MS-DOS Layer Structure (Bad!)
Violation of
layering!
Protection
not enforced
Traditional UNIX System Structure UNIX
n Limited by hardware functionality, the

original UNIX operating system had
limited structuring:
l Systems programs
l The kernel
4 Everything below the system-call interface and above the
physical hardware
4 Provides the file system, CPU scheduling, memory
management, and other operating-system functions; a
large number of functions for one level
Microkernel System Structure Modules
n Moves as much as possible from the n Most modern operating systems

kernel into “user” space implement kernel modules
l Communication takes place between user l Uses object-oriented approach
modules using message passing l Each core component is separate
n Benefits: l Each talks to the others over known interfaces
l Easier to extend; Easier to port; More reliable; l Each is loadable as needed within the kernel
More secure
n Overall, similar to layers but with more
n Detriments: flexibility
l Performance overhead of user space to kernel
space communication
5
System Boot Linux Boot on x86
n Operating system must be made

available to the hardware (CPU,
memory), so that it can be executed
l Small piece of code – bootstrap loader, locates
the kernel, loads it into memory, and starts it
l Sometimes two-step process where boot block at
fixed location loads bootstrap loader
l When power initialized on system, execution starts
at a fixed memory location http://duartes.org/gustavo/blog/post/how-computers-boot-up
4 Firmware is used to hold initial boot code
Hardware Initialisation on x86 MBR on x86
n Power on n Master Boot Record (MBR)

l hardware initialisation (OS not yet involved) l BIOS looks on boot device (eg first 512 bytes of disk
l one CPU chosen to run BIOS sector) for MBR containing a tiny chunk of code
4 CPU in “real mode” (unprotected) at this point l The MBR itself is generic but it is used to load an
l BIOS loaded from firmware and executed OS-specific boot-loader
4 Linux: use Grub to create and install a new MBR
n BIOS (Basic Input/Output System)
n BIOS loads MBR code into memory and
l Power-On-Self-Test (POST): hardware tests
jumps into it
l If POST ok, BIOS looks for a “boot device”
l MBR code finds the “boot-loader” on disk (Grub, in
4 configurable: CD drive, USB, hard disk, network interface
our case) and jumps into that
Grub Bootstrapping the Linux Kernel

n Grub (if so configured) presents user
n CPU is still in "real mode" (unprotected)
with a menu offering a choice of OS
l not necessarily Linux! n After early stages of bootstrap, the code
instructs CPU to switch to protected
n Grub reads kernel image from file
(dual-mode) operation
l /boot/vmlinuz-3.16.0-4-586 in our case
l the “z” indicates a compressed image n Bootstrap code then decompresses the
kernel-image
n The contents of this file are copied into
l and jumps in to it!
memory
l now the kernel is up and running
l Grub jumps in to “bootstrap” code which is now in
memory
6
Linux Kernel Initialisation Kernel Parameters
n Kernel has a lot of work to do before it is n The behaviour of the kernel at start up is
ready for normal business configurable by setting various kernel
l in particular, initialising the file system (using initrd)
parameters
l we will gloss over the details n Examples in the GRUB menu entries:
n At the very end of initialisation, the kernel l ro mount root file system read-only (init
may remount it read-write later)
runs /sbin/init (but see next slide)
l quiet suppress lots of boot-time messages
l init consults /etc/inittab to determine which
user-mode processes (services) it should start l init=file run file instead of /sbin/init
l networking, mail system, X-windows, etc
What you should do now…
n Labs
n Preparation for Session 3
l see Moodle
IN2011 Nets & Ops Session 1 39

Lecture02 Small PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Lecture02 Small PDF

Caricato da

Copyright:

Formati disponibili

Lecture Capture

IN2011 n Audio and Data Projector content is

IN2011 Nets & Ops Session 2 2

n Protection n An OS provides various forms of

Thought Experiment Dual Mode Operation

n Suppose we have a line-printer device n Dual-mode CPU operation allows OS

n The details of how mode-based protection n Meltdown is fundamentally a failure of the

How the OS uses dual-modes System Calls

n The system-call/interrupts framework n System calls allow user processes to

Key Types of System Calls System calls: example sequence

n Process control n Demo: cat contents of a file to screen

System Call Parameter Passing Parameter Passing via Table

n Three general methods used to pass

API Example OS Services

n A description of the parameters: n I/O operations

OS Services (Cont) OS Services (cont)

n Another set of OS functions exists for n Protection and security

Operating System Design OS Design (Cont)

n Internal structure of different Operating n Important principle to separate

Traditional UNIX System Structure UNIX

n Limited by hardware functionality, the

Microkernel System Structure Modules

n Moves as much as possible from the n Most modern operating systems

n Operating system must be made

Hardware Initialisation on x86 MBR on x86

n Power on n Master Boot Record (MBR)

Grub Bootstrapping the Linux Kernel

What you should do now…

IN2011 Nets & Ops Session 1 39

Potrebbero piacerti anche