Date: August 25, 2024
Topic: OS Design Principles and Protection Boundaries
Recall
Mechanisms and policies are optimized for common use-cases based on OS environment and workloads
Notes
Design Principles
Separation of mechanisms and policies
- Implement flexible mechanisms to support many policies (LRU, LFU, random)
- Need some mechanism to track the time when memory locations have been accessed (know when a page was last used / least frequently used)
Optimize for common cases
- Where will the OS be used?
- What will the user want to execute on that machine?
- What are the workload requirements?
Applications cannot directly access hardware due to the protection boundary
Protection Boundary
OS must have special privileges to have direct access to hardware
Privileged (kernel-level)
- As OS must have direct access, it operates in privileged mode
- Hardware access is only from kernel mode by OS kernel
Unprivileged (user-level)
- Applications operate here
Applications live on the user-level while hardware lives in the kernel-level.
User-kernel switch allows them to talk to each other through:
- Trap instructions
- System call interface
- Signals
Protection Boundary - User Kernel Switch
- Crossing from user level and kernel level is supported by hardware
Kernel Mode:
- A special bit is set in CPU, any instruction that directly manipulates hardware is permitted to execute
User Mode:
- The special bit is not set, instructions to perform privileged operations will be forbidden
- Executing such instructions will result in a trap (trap instructions)
- OS will have a chance to check what caused trap to occur
- Will then verify if it should run that access or terminate the process if it was trying to perform something illegal
- Interaction between applications and operating system can be via system call interface
- Applications can explicitly invoke if they want OS to perform certain service and to perform privileged access on their behalf
- E.g., open (file), send (socket), mmap (memory)
- Signals can be used to pass notifications into the applications
Performing user/kernel transitions have some overhead costs
Crossing the User/Kernel Protection Boundary
User/kernel Transitions:
- Hardware supported
- e.g., traps on illegal instructions or memory accesses requiring special privilege
- Involves a number of instructions
- e.g., ~50-100ns on a 2GHz machine running Linux
- Switches locality
<aside>
💡 User/kernel transitions are not cheap
</aside>
<aside>
📌 SUMMARY: Design principles are for the separation of mechanisms and policies, optimized for common use-cases. Boundaries are put in place to separate the user and kernel, but special bits may allow transitions which can be expensive
</aside>