Lecture 2: OS organization

Preparation

• Read OSPP §2, The Kernel Abstraction.
• Skim the exokernel paper. The paper will give you a high-level idea of what you are building in JOS. Don’t worry if you don’t get the paper now. You’ll understand it pretty well by the end of this quarter.

Overview

• Previous lecture: how about implementing system calls as library functions
• Goal: process isolation & sharing
  • a process should not corrupt the memory of the kernel or another process
  • nor consume all the CPU time/memory
  • nor run arbitrary privileged instructions, etc.
• broader context: browsers, web servers

Process isolation

• memory keys
  • split memory into chunks and assign a “key” to each chunk
  • each process holds one or more keys
  • check (who? when?) if the process has the key to access the memory chunk
  • examples: IBM S/360, Intel’s MPK (Vol 3, §4.6.2, Protection Keys), SFI
• virtual memory
  • naming issue: hide physical memory addresses from programs
  • need to virtual-to-physical address translation (by what?)
    • use a safe language: e.g., write process in Java (any other example?)
    • virtual machine: e.g., can JOS in QEMU harm your laptop?
    • hardware: MMU (segmentation/paging) - segfaults if violated
• virtual CPUs
  • each process thinks it has a dedicated CPU
  • kernel runs processes in turn on physical CPUs: save/store state
    • example: take control back from a process that spins forever
    • clock interrupt & preempt
• privileged instructions
  • examples: change the address translation map, talk to I/O devices
  • x86 support: kernel/user mode flag
    • CPL: lower 2 bits of %cs
      • 0: kernel, privileged
      • 3: user, unprivileged
    • protection - including changing CPL
• how do unprivileged processes work
  • they cannot directly access files, network, etc.
  • the kernel can
  • can they simply jump into the kernel? no - CPL protection
  • system calls: controlled transfer
    • int instruction sets CPL to 0
    • set CPL to 3 before going back to user space
    • system calls often have simple parameters (why?)
• other isolation techniques: how about QEMU/Java

OS organization

• what to put below/above the system call interface
• monolithic kernel
  • big kernel (including file systems, network, etc.)
  • easy to develop applications
  • hard to isolate kernel components
• microkernel
  • kernel + user-space servers (e.g., file system, network)
  • applications talk to servers via IPCs
  • performance issues: IPCs may be slow
• exokernel (like JOS)
  • end-to-end arguments
  • kernel: expose low-level abstractions to applications
  • applications can often do a better job
  • library OS
• debate
  • example
  • most real-world kernels are mixed: Linux, OS X, Windows