Scribd
Upload
55 views25 pages

Limited Direct Execution in OS

The document discusses how operating systems provide limited direct execution of processes while maintaining efficiency. It explains that the OS cannot enforce limits on a running process alone and requires hardware support. Specifically, the CPU's ability to run in different privilege modes (user vs kernel) allows the OS to restrict privileged operations to kernel mode only. When a process performs a privileged operation in user mode, the CPU generates a fault that the OS can handle by gaining control through registered interrupt handlers. This allows the OS to multiplex resources securely and enforce access limits on processes.

Uploaded by

PK Tricks
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views25 pages

Limited Direct Execution in OS

The document discusses how operating systems provide limited direct execution of processes while maintaining efficiency. It explains that the OS cannot enforce limits on a running process alone and requires hardware support. Specifically, the CPU's ability to run in different privilege modes (user vs kernel) allows the OS to restrict privileged operations to kernel mode only. When a process performs a privileged operation in user mode, the CPU generates a fault that the OS can handle by gaining control through registered interrupt handlers. This allows the OS to multiplex resources securely and enforce access limits on processes.

Uploaded by

PK Tricks
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CS330: Operating Systems

Limited direct execution


Recap: virtual view of resources
- Process
- Each running process thinks that it owns the CPU
Recap: virtual view of resources
- Process
- Each running process thinks that it owns the CPU
- Address space
- Each process feels like it has a huge address space
Recap: virtual view of resources
- Process
- Each running process thinks that it owns the CPU
- Address space
- Each process feels like it has a huge address space
- File system tree
- The user feels like operating on the files directly
Recap: virtual view of resources
- Process
- Each running process thinks that it owns the CPU
- Address space
- Each process feels like it has a huge address space
- File system tree
- The user feels like operating on the files directly
- What are the OS responsibilities in providing the above virtual notions?
Recap: virtual view of resources
- Process
- Each running process thinks that it owns the CPU
- Address space
- Each process feels like it has a huge address space
- File system tree
- The user feels like operating on the files directly
- What are the OS responsibilities in providing the above virtual notions?
- The OS performs multiplexing of physical resources efficiently
- Maintains mapping of virtual view to physical resource
Resource Multiplexing: Efficiency/performance

- Resource virtualization should not add excessive overheads


- Efficient when programs use the resources directly, no OS mediation
- Example: when a process is scheduled on a CPU, it should execute
without OS intervention
- What is the catch?
Resource Multiplexing: Efficiency/performance

- Resource virtualization should not add excessive overheads


- Efficient when programs use the resources directly, no OS mediation
- Example: when a process is scheduled on a CPU, it should execute
without OS intervention
- What is the catch?
- Loss of control e.g., process running an infinite loop on a CPU
- Isolation issues e.g., process accessing/changing OS data structures
Resource Multiplexing: Efficiency/performance

- Resource virtualization should not add excessive overheads


- Efficient when programs use the resources directly, no OS mediation
- Example: when a process is scheduled on a CPU, it should execute
without OS intervention
- What is the catch?
- Loss of control e.g., process running an infinite loop on a CPU
- Isolation issues e.g., process accessing/changing OS data structures

Conclusion: Some limits to direct access must be enforced.


Limited direct execution

- Can the OS enforce limits to an executing process by itself?


A process in execution
I want to take control of the
Process (a.out)
CPU from this process which is Register state (R1, R2, PC)
executing an infinite loop, but Memory state
Other states
how?
OS
Code
Fetch
PC
I want to restrict this process Store
Reg (R1) Data
accessing memory of other
Reg (R2) Load
processes, but how?
Monitoring each memory
CPU Memory
access is not efficient!
A process in execution
I want to take control of the
Process (a.out)
CPU from this process which is Register state (R1, R2, PC)
executing an infinite loop, but Memory state
Other states
how?
OS
Help me! Fetch Code
PC
I want to restrict this process Store
Reg (R1) Data
accessing memory of other
Reg (R2) Load
processes, but how?
Monitoring each memory
CPU Memory
access is not efficient!
Limited direct execution

- Can the OS enforce limits to an executing process by itself?


- No, the OS can not enforce limits by itself and still achieve efficiency
- OS requires support from hardware!
Limited direct execution

- Can the OS enforce limits to an executing process?


- No, the OS can not enforce limits by itself and still achieve efficiency
- OS requires support from hardware!
- What kind of support is needed from the hardware?
Hardware support: Privilege levels
Hey OS! You can use my support for
different privilege levels. Using this
you can restrict some operations by the
user process!

OS
Help me! Privilege

CPU
Hardware support: Privilege levels
Hey OS! You can use my support for
different privilege levels. Using this
you can restrict some operations by the
Cool! Tell me more about it! user process!

OS
Privilege

CPU
Hardware support: Privilege levels
Hey OS! You can use my support for
different privilege levels. Using this
you can restrict some operations by the
Cool! Tell me more about it! user process!

OS
Privilege

CPU
- CPU can execute in two modes: user-mode and kernel-mode
- Some operations are allowed only from kernel-mode (privileged OPs)
- If executed from user mode, hardware will notify the OS by raising a
fault/trap
Hardware support: Privilege levels
Good. I will run the user Hey OS! You can use my support for
process in user-mode. Hang different privilege levels. Using this
on! The user process you can restrict some operations by the
requires to invoke my user process!
services. How can the user
OS change the mode?
Privilege

CPU
Hardware support: Privilege levels
Good. I will run the user Hey OS! You can use my support for
process in user-mode. Hang different privilege levels. Using this
on! The user process you can restrict some operations by the
requires to invoke my user process!
services. How can the user
OS change the mode?
Privilege

CPU
- From user-mode, privilege level of CPU can not be changed directly
- The hardware provides entry instructions from the user-mode which
causes a mode switch
- The OS can define the handler for different entry gates
Hardware support: Privilege levels
Okay. You said that if the Hey OS! You can use my support for
process does some mischief different privilege levels. Using this
from the user mode, you you can restrict some operations by the
will notify me. That means, I user process!
can define handlers for
OS faults and exceptions too.
Privilege

CPU
Hardware support: Privilege levels
Okay. You said that if the Hey OS! You can use my support for
process does some mischief different privilege levels. Using this
from the user mode, you you can restrict some operations by the
will notify me. That means, I user process!
can define handlers for
OS faults and exceptions too.
Privilege

CPU

- The OS can register the handlers for faults and exceptions


- The OS can also register handlers for device interrupts
- Registration of handlers is privileged!
Hardware support: Privilege levels
Now I get it! I can get the Hey OS! You can use my support for
control of CPU by different privilege levels. Using this
registering an interrupt you can restrict some operations by the
handler for the periodic user process!
timer device. Let me devise
OS a strategy for LDE now!
Privilege

CPU
Hardware support: Privilege levels
Now I get it! I can get the Hey OS! You can use my support for
control of CPU by different privilege levels. Using this
registering an interrupt you can restrict some operations by the
handler for the periodic user process!
timer device. Let me devise
OS a strategy for LDE now!
Privilege

CPU
- After the boot, the OS needs to configure the handlers for system calls,
exceptions/faults and interrupts
Hardware support: Privilege levels
Now I get it! I can get the Hey OS! You can use my support for
control of CPU by different privilege levels. Using this
registering an interrupt you can restrict some operations by the
handler for the periodic user process!
timer device. Let me devise
OS a strategy for LDE now!
Privilege

CPU
- After the boot, the OS needs to configure the handlers for system calls,
exceptions/faults and interrupts
- The handler code is invoked by the OS when user-mode process invokes
a system call or an exception or an external interrupt
Limited direct execution

- Can the OS enforce limits to an executing process?


- No, the OS can not enforce limits by itself and still achieve efficiency
- OS requires support from hardware!
- What kind of support is needed from the hardware?
- CPU privilege levels: user-mode vs. kernel-mode
- Switching between modes, entry points and handlers

You might also like