ospp_chapter_2a

Introduction to Operating Systems

• Course: CPSC/ECE 3220 Fall 2024 Lecture Notes

• Content follows OSPP Chapter 2 – Part A, adapted by Mark Smotherman from Tom Anderson’s slides on the OSPP website.

Kernel

• Definition: The kernel is the lowest level of software running on a system.

• Its primary purpose is to implement protection against unauthorized access.

• The kernel is trusted fully and has access to all hardware resources.

Untrusted Code

• Important to restrict the privileges of untrusted code for security reasons.

  • Its access to hardware should be limited.

  • It should not modify the kernel or other crucial applications.

Challenge: Protection

• The challenge is executing code but restricting its privileges to mitigate risks from bugs or malicious intent.

• Examples of such code include:

  • A script running in a web browser.

  • A program downloaded from the Internet.

  • A program still in development or not fully tested.

Stages of a Program

1. Source File on Disk: Initial programming code written by the developer.

2. Executable File on Disk: Produced after compiling and linking the source code, containing machine instructions with a specified entry point and initialized data.

3. Memory Image: Developed after the program is loaded into memory, consisting of stacks, heaps, and uninitialized data areas to support execution.

Compiling and Loading a Program

• Process includes:

  1. Source Code: Written in languages like C/C++.

  2. Machine Instructions: Processed and executed according to system requirements.

  3. Data: Used during execution, which includes instructions for the heap and stack.

Steps in Compilation

• Steps recognized during compilation include:

  1. Preprocessing - Involves header files and macro expansions.

  2. Compilation - The core code is converted into a machine-readable format.

  3. Assembling - Assembly code is transformed into machine code.

  4. Linking - The assembler resolves definitions, leading to an executable format.

Linking and Loading Example

• An executable file comprises several sections:

  • .text section - Contains binary machine code.

  • .data section - Contains initialized data (read-write).

  • .rodata section - Holds initialized read-only data.

  • .bss section - Represents uninitialized data or static variables.

Main Points of Chapter 2

• Process Concept: Seen as the OS abstraction for executing programs with limited privileges.

• Dual-mode Operation: Differentiates between user mode (limited privileges) and kernel mode (full privileges).

• Safe Control Transfer: Method governing the transition from user mode to kernel mode and vice versa.

Process Abstraction

• Definition: A process is an instance of a program executing with limited rights.

• Thread: Execution sequence within a process, where multiple threads can exist per process.

• Address Space: Defines the valid range of addresses a process can access.

• Allocated Resources: Includes physical memory, files, and network connections accessible to the process.

• Capabilities: Permissions the process holds to make system calls and access objects.

Thought Experiment for Limited Privileges

• Concept: Execute program instructions in a controlled environment (simulator) checking for permission before execution to enhance security.

• To enhance speed, ideally, unprivileged code should run directly on the CPU.

Hardware Support: Dual-Mode Operation

• Kernel Mode: Full access to hardware, allowing any memory read/write, I/O device access, and disk operations.

• User Mode: Access restricted to permissions granted by the kernel.

• Mode Bit: Indicates the current mode of operation, stored in the processor status register.

Privileged Instructions

• Instructions exclusive to the kernel:

  • Modify mode bits in the processor status register.

  • Control memory accesses for user programs.

  • Facilitate commands for I/O devices.

  • Allow transitions into kernel code.

Non-Privileged (“Safe”) Instructions

• Instructions allowed in both user and kernel modes:

  • Basic arithmetic operations and control commands (e.g., load, store, branch).

  • Fundamental for both OS and applications.

Valid Instructions

• In User Mode: Only non-privileged instructions should execute.

• Kernel Mode: Both privileged and non-privileged instructions may execute without restrictions.

Invalid Instructions

• Attempting to execute privileged instructions in user mode results in stopping the application and notifying the OS.

• This is typically an error, but some instructions may be used intentionally to invoke the OS.

Question on Direct Access

• Given a simplistic example: Why should a "Hello world" program not write directly to the screen memory, requiring kernel involvement?

Simple Memory Protection

• Physical Memory Management: Mechanisms ensure the physical address generated is checked against limits to prevent unauthorized access.

Preview: A Better Approach

• Implement virtual addressing utilizing bounds and base registers for memory management.

Preview: Even Better Approaches!

• Challenges faced with memory management techniques:

  • Sharing memory between processes while avoiding fragmentation.

  • Solutions include paging and segmentation.

Test Program Example

• Code snippet provided to demonstrate how the OS operates with virtual addresses, utilizing static variables.

Script for Parallel Processes

• Demonstrates running processes in parallel, with expected output showcasing shared results.

Address Space Layout Randomization (ASLR)

• Concept: Randomizes placement of text, data, heap, and stack in a process's address space to enhance security against buffer overflow attacks.