Tyler Harter - pages.cs.wisc.edu

[537] ProcessesTyler Harter

Thinking about systems• Abstractions

• Mechanisms

• Policies

Thinking about systems• Abstractions [TODAY: processes and virtual CPUs]

• Mechanisms!

• Policies


• Mechanisms [TODAY: exceptions and LDE]

• Policies


• Mechanisms [TODAY: exceptions and LDE]

• Policies [NEXT WEEK: CPU Scheduling]

What is a process?

What is a Process?Programs are code. Processes are running programs.

Java analogy: class => “program” object => “process”

What is in a Process?process

what things change as a program runs?



memory



CODE HEAP

… STACK

memory



CODE HEAP

… STACK

memoryregisters



CODE HEAP

… STACK

memoryEAX PC SP BP

registers



CODE HEAP

… STACK

memoryEAX PC SP BP

registers

FDsI/O

Peeking InsideProcesses share code, but each has its own “context”

CPU Instruction Pointer (aka Program Counter) Stack Pointer

Memory set of memory addresses (“address space”) cat /proc/<PID>/maps

Disk set of file despritors cat /proc/9506/fdinfo/*

Process Creation

Process Creation

!code static data Program

CPU Memory

Process Creation


CPU Memory

code static data

heap !

stack Process

Process Creation


CPU Memory

code static data

heap !

stack Process

PC

Process Creation


CPU Memory

code static data

heap !

stack Process

PC

Before, PC pointed at kernel code

Process Creation


CPU Memory

code static data

heap !

stack Process

PC

Now, CPU begins directly executing process code

Process Creation


CPU Memory

code static data

heap !

stack Process

PC

Challenge: how to prevent process from doing “kernel stuff”

Limited Direct Execution

GoalsMake processes fast

Don’t let them cause harm

Provide way to do sensitive things safely

Limited Direct ExecutionUsually let processes run with no OS involvement

Limit what processes can do

Offer privileged operations through well-defined channels with help of OS.

Limited Direct Execution

What to limit?General memory access

Disk I/O

Certain x86 instructions

How to limit?Need H/W support

Add additional execution mode to CPU

“user mode” — restricted, limited capabilities

“kernel mode” — not restricted

Processes start in user mode,OSes start in kernel mode.

LDE: Remaining challenges

(2) What if we want to run a different process?

time

…PA PB PC

Problem: how can OS switch processes (or do anything) if it’s not running?

(1) What if P wants to do something privileged?

Taking turns

OS

Hardware

Process

Taking turns

OS

Hardware

Process running

Taking turns

OS

Hardware

Process

running

Taking turns

OS

Hardware

Process running

Taking turns

OS

Hardware

Process running

when/how do we switch to OS?

Exceptions

Interrupt

OS

Hardware

Process

Interrupt

OS

Hardware

Process

key

Interrupt

OS

Hardware

Process

key

handler hardware “interrupt”

Interrupt

OS

Hardware

Process

System Call

OS

Hardware

Process

System Call

OS

Hardware

Process open

System Call

OS

Hardware

Process open

handler system call “trap”

System Call

OS

Hardware

Process

Exception Handling

ImplementationGoal: processes and H/W should be able to call functions in the OS


Functions should be: • at well-known locations • safe from processes

timer

keyboard

disk

network

system call

addresses

timer

keyboard

disk

network

system call

addresses

hard code handler addresses into CPU?

disk

network

system call

addresses

what if layout differs?

timer

keyboard

disk

network

system call

timer

keyboard

disk

network

system call

use array of function pointers (H/W knows where this is)

timer

keyboard

disk

network

system call


timer

keyboard

trap table

disk

network

system call


timer

keyboard

trap table

tick

disk

network

system call

How does H/W know where trap table is?

timer

keyboard

trap table

disk

network

system call

How does H/W know where trap table is? lidt instruction

timer

keyboard

trap table

disk

network

system call

timer

keyboard

trap table

disk

network

system call

how to handle variable number of system calls?

timer

keyboard

trap table

disk

network

system call

timer

keyboard

trap table

open

read

getpid

disk

network

system call

timer

keyboard

trap table

open

read

getpid

syscall table

disk

network

system call

timer

keyboard

trap table

open

read

getpid

syscall table

syscall


Functions should be: • at well-known locations • safe from processes

Safe TransfersOnly certain kernel functions should be callable

Privileges should escalate at the moment of the call • examples?


Privileges should escalate at the moment of the call • read/write disk • kill processes • access all memory • etc


Privileges should escalate at the moment of the call • read/write disk • kill processes • access all memory • etc

H/W support: use x86 int, instead of jmp or call!• escalate priority and call simultaneously

System Call Example

RAM

Process P

RAM

Process P

P can only see its own memory because of user mode (other areas, including kernel, are hidden)

RAM

Process P

P wants to call read()

RAM

Process P

movl $6, %eax; int $64

RAM

Process P

trap-table index


struct gatedesc idt[256] (trap.c)

RAM

Process P

static int (*syscalls[])(void) (syscall.c)

trap-table indexsyscall-table index


RAM

Process P



RAM

Process P


Kernel mode: we can do anything!


RAM

Process P


sysc

all


RAM

Process P


sysc

all

sys_

read


RAM

Process P


sysc

all

sys_

read

buf


#include "syscall.h" #include "traps.h" !#define SYSCALL(name) \ .globl name; \ name: \ movl $SYS_ ## name, %eax; \ int $T_SYSCALL; \ ret !SYSCALL(fork) SYSCALL(exit) SYSCALL(wait) SYSCALL(pipe) SYSCALL(read) SYSCALL(write) SYSCALL(close) SYSCALL(kill)

user/usys.S:

#include "syscall.h" #include "traps.h" !#define SYSCALL(name) \ .globl name; \ name: \ movl 6, %eax; \ int 64; \ ret !SYSCALL(fork) SYSCALL(exit) SYSCALL(wait) SYSCALL(pipe) SYSCALL(read) SYSCALL(write) SYSCALL(close) SYSCALL(kill)

user/usys.S:

Malicious Example

RAM

Process P

trap-table index syscall-table index

lidt example

RAM

Process P

trap-table index syscall-table index

P tries to call lidt!

lidt example

RAMtrap-table index syscall-table index

CPU warns OS, OS kills P

goodbye, P

lidt example


(2) What if we want to run a different process?

time

…PA PB PC




(2) What if we want to run a different process? Why?

time

…PA PB PC



Sharing the CPU

How do we share?

CPU?

Memory?

Disk?

How do we share?

CPU? (a: time sharing)

Memory? (a: space sharing)

Disk? (a: space sharing)

How do we share?

CPU? (a: time sharing) TODAY



How do we share?

CPU? (a: time sharing) TODAY



Goal: processes should not know they are sharing (each process will get its own virtual CPU)

What to do with processes that are not running?

A: store context in OS struct

Look in kernel/proc.h context (CPU registers) ofile (file descriptors) state (sleeping, running, etc)

A: store context in OS struct

Look in kernel/proc.h context (CPU registers) ofile (file descriptors) state (sleeping, running, etc)

What to do with processes that are not running?

State Transitions

Running Ready

Blocked

Scheduled

Descheduled

I/O: initiate I/O: done

State Transitions

Running Ready

Blocked

Scheduled

Descheduled


View process state with “ps xa”

Running Ready

Blocked

Scheduled

Descheduled


How to transition? (“mechanism”) When to transition? (“policy”)

Mechanism: Context Switch

Context SwitchProblem: when to switch process contexts?

Direct execution => OS can’t run while process runs

How can the OS do anything while it’s not running?



How can the OS do anything while it’s not running? A: it can’t



How can the OS do anything while it’s not running? A: it can’t

Solution: switch on interrupts. But which interrupt?

Cooperative ApproachSwitch contexts for syscall interrupt.

Provide special yield() system call.



P1



P1

yield() call



OS

yield() call



OS



OS

yield() return



P2

yield() return



P2



P2

yield() call



OS

yield() call



OS



OS

yield() return



P1

yield() return



P1



P1

Critiques?

Non-Cooperative ApproachSwitch contexts on timer interrupt

Set up before running any processes

H/W does not let processes prevent this

Process A…

Operating System Hardware Program

timer interruptsave regs(A) to k-stack(A)move to kernel modejump to trap handler

Process A…


Handle the trap Call switch() routine save regs(A) to proc-struct(A) restore regs(B) from proc-struct(B) switch to k-stack return-from-trap (into B)

timer interruptsave regs(A) to k-stack(A)move to kernel modejump to trap handler

Process A…


timer interruptsave regs(A) to k-stack(A)move to kernel modejump to trap handlerrestore regs(B) from k-stack(B) move to user mode jump to B’s IP

Process A…

Operating System Hardware ProgramHandle the trap Call switch() routine save regs(A) to proc-struct(A) restore regs(B) from proc-struct(B) switch to k-stack return-from-trap (into B)

timer interruptsave regs(A) to k-stack(A)move to kernel modejump to trap handlerrestore regs(B) from k-stack(B) move to user mode jump to B’s IP

Process A…Process B…

Operating System Hardware ProgramHandle the trap Call switch() routine save regs(A) to proc-struct(A) restore regs(B) from proc-struct(B) switch to k-stack return-from-trap (into B)

Preemptive Approach

P1

Preemptive Approach

P1

tick

Preemptive Approach

OS tick

Preemptive Approach

OS

Preemptive Approach

P2

Preemptive Approach

P2

tick

Preemptive Approach

OS tick

Preemptive Approach

OS

Preemptive Approach

P1

Preemptive Approach

P1

Is preemptive always better than cooperative?

Summary• Smooth context switching makes each process

think it has its own CPU (virtualization!)

• Limited direct execution makes processes fast

• Hardware provides a lot of OS support - limited direct execution - timer interrupts - automatic register saving

Tyler Harter - pages.cs.wisc.edu

Documents

Transcript of Tyler Harter - pages.cs.wisc.edu