Protection and the Kernel: Mode, Space, and ContextChallenges for a “Classical” Protected OSProcesses and the KernelA First Look at Some Key ConceptsThe KernelThreads vs. ProcessesIntroduction to Virtual AddressingThe Virtual Address SpaceExample: Process and Kernel Address SpacesKernel ModeProtecting Entry to the KernelThread/Process States and TransitionsCPU Events: Interrupts and ExceptionsHandling Events, Part I: The Big PictureMode, Space, and ContextCommon Mode/Space/Context CombinationsSummary: Mode, Space, and ContextProtection and the Kernel:Protection and the Kernel:Mode, Space, and ContextMode, Space, and ContextChallenges for a “Classical” Protected OS Challenges for a “Classical” Protected OS What are the mechanisms that operating systems use to:•safely allocate physical resources (memory, storage, CPU) to multiple programs?•securely track and control resource usage?•isolate programs from the details of running on a shared machine?•protect one executing program’s storage from another?•prevent rogue programs from taking over the machine or impairing the functions of the operating system?•allow mutually distrusting programs to interact safely?•recover cleanly from user program failuresProcesses and the KernelProcesses and the Kerneldata dataprocesses in private virtual address spacessystem call traps...and upcalls (e.g., signals)shared kernel code and data in shared address spaceThreads or processes enter the kernel for services.The kernel sets up process execution contexts to “virtualize” the machine.CPU and devices force entry to the kernel to handle exceptional events.A First Look at Some Key ConceptsA First Look at Some Key ConceptskernelThe software component that controls the hardware directly, and implements the core privileged OS functions.Modern hardware has features that allow the OS kernel to protect itself from untrusted user code.threadAn executing stream of instructions and its CPU register context.virtual address spaceAn execution context for thread(s) that provides an independent name space for addressing some or all of physical memory.processAn execution of a program, consisting of a virtual address space, one or more threads, and some OS kernel state.The KernelThe Kernel•Today, all “real” operating systems have protected kernels.The kernel resides in a well-known file: the “machine” automatically loads it into memory (boots) on power-on/reset. Our “kernel” is called the executive in some systems (e.g., NT). •The kernel is (mostly) a library of service procedures shared by all user programs, but the kernel is protected: User code cannot access internal kernel data structures directly, and it can invoke the the kernel only at well-defined entry points (system calls).•Kernel code is like user code, but the kernel is privileged: The kernel has direct access to all hardware functions, and defines the machine entry points for interrupts and exceptions.Threads vs. ProcessesThreads vs. Processes1. The process is a kernel abstraction for an independent executing program.includes at least one “thread of control”also includes a private address space (VAS)- VAS requires OS kernel supportoften the unit of resource ownership in kernel- e.g., memory, open files, CPU usage2. Threads may share an address space.Threads have “context” just like vanilla processes.- thread context switch vs. process context switchEvery thread must exist within some process VAS.Processes may be “multithreaded” with thread primitives supported by a library or the kernel.datadataIntroduction to Virtual AddressingIntroduction to Virtual AddressingtextdataBSSuser stackargs/envkerneldatavirtualmemory(big)physicalmemory(small)virtual-to-physical translationsUser processes address memory through virtual addresses.The kernel and the machine collude to translate virtual addresses to physical addresses.The kernel controls the virtual-physical translations in effect for each space.The machine does not allow a user process to access memory unless the kernel “says it’s OK”.The specific mechanisms for implementing virtual address translation are machine-dependent: we will cover them later.The Virtual Address SpaceThe Virtual Address Space A typical process VAS space includes:•user regions in the lower halfV->P mappings specific to each processaccessible to user or kernel code•kernel regions in upper halfshared by all processesaccessible only to kernel code•Nachos: process virtual address space includes only user portions.mappings change on each process switchtextdataBSSuser stackargs/env0datakernel textandkernel data2n-12n-10x00xffffffffA VAS for a private address space system (e.g., Unix) executing on a typical 32-bit architecture.sbrk()jsrExample: Process and Kernel Address SpacesExample: Process and Kernel Address Spacesdata02n-1-12n-12n-1data0x7FFFFFFF0x800000000xFFFFFFFF0x0n-bit virtual address space32-bit virtual address spaceKernel ModeKernel Mode02ncode libraryOS dataOS code Program AdataData Program BDataregistersCPUR0RnPCmain memoryxxmodeCPU mode (a field in some status register) indicates whether the CPU is running in a user program or in the protected kernel.Some instructions or data accesses are only legal when the CPU is executing in kernel mode.physical address spaceProtecting Entry to the KernelProtecting Entry to the KernelProtected events and kernel mode are the architectural foundations of kernel-based OS (Unix, NT, etc).•The machine defines a small set of exceptional event types.•The machine defines what conditions raise each event.•The kernel installs handlers for each event at boot time.e.g., a table in kernel memory read by the machineThe machine transitions to kernel mode only on an exceptional event.The kernel defines the event handlers.Therefore the kernel chooses what code will execute in kernel mode, and when.userkernelinterrupt orexceptiontrap/returnThread/Process States and TransitionsThread/Process States and Transitionsrunning(user)running(kernel)readyblockedRunWakeupinterrupt,exceptionSleepYieldtrap/returnCPU Events: Interrupts and ExceptionsCPU Events: Interrupts and Exceptions•an “unnatural” change in control flow•an interrupt is caused by an external event device requests attention, timer expires, etc.•an exception is caused by an executing instructionCPU requires software intervention to handle a fault or trap.•the kernel defines a handler routine for each event