Operating systems: Principles and Practice, Thomas Anderson and Michael Dahlin 을 공부하며 요약 정리하는 노트입니다.

Chapter 2. The Kernel Abstraction

Central role of OS is protection, and it’s important to achieve goals such as 1. Reliability, 2. Security, 3. Privacy, 4. Fair resource allocation. This chapter focuses on how the OS protects the kernel (lowest level of sw running on the system) from untrusted applications. A process is an instance of a program, or abstraction of a machine.

2.1 The Process Abstraction

Review: Stack stores local variables, heap stores dynamically allocated memories. OS keeps track of process using ds called PCB - process control block which contains info like where it is stored on memory, where image is, what privilege it has .. etc.

2.2 Dual-Mode Operation

The need of dual-mode operation

  1. We need protection - an app should not harm the kernel nor other apps.
  2. We can check every instruction before it’s executed to guarantee safeness.
  3. But that’s too slow, so let’s trust the kernel and not check the kernel’s codes.

Def. of Dual-Mode Op.

CPU runs on two modes, user mode and kernel mode. User’s every instructions are monitored and user has less privilege. The kernel can run instructions on the CPU freely and has all the privilege.

Requirements of the dual-mode operation.

2.2.1 Privileged instructions

Instructions are divided into two groups: privileged and safe. Users can only run safe instructions while the kernel can run it all.

2.2.2 Memory protection

Reading other process’ memory breaks privacy; writing to other process’s memory raises security problem. An app can gain the kernel privilege too. Modern processors introduce concept of virtual address to ensure memory protection.

2.2.3 Timer Interrupts

To avoid a whole machine halting due to an app’s infinite loop etc, the kernel needs to regain control frequently. This is done by a device called hardware timer which after specified time or excecution of specified number of instructions, timer interrupts the CPU and transfers control to the kernel.