Transcript CS140 – Operating Systems Midterm Review

CS140 – Operating Systems
Final Review
Mar. 13th, 2009
Derrick Isaacson
1
Final Exam
• Wed. Mar. 18th
• 12:15 pm in Gates B01
• Open book, open notes (closed laptop)
– Bring printouts
– You won’t have time to learn the material but they
will likely help as a quick reference
• Will cover all lectures
2
Outline
1.
2.
3.
4.
5.
6.
7.
Virtual machines
Synchronization
Protection
Security
File systems
Network file systems
Networking
3
Virtual Machine Review
Difference between VM and VMM
Difference between Guest and Host OS
•Virtual
Machine
•Guest OS
•Host OS
•Virtual
Machine
Monitor/
Hypervisor
4
More Virtual Machine Review
• Virtual Memory – another layer of indirection
• Virtual Address – address used by process inside of
VM
• Physical Address – virtualized hardware address of VM
• Machine Address – true hardware address
• Page Tables – Guest OS keeps its own page tables like
always which now map from VA to PA
• VMM keeps a logical mapping from a VM’s PA to MA
• VMM combines Guest OS page tables with it’s own PA->MA
mapping, into the “shadow page table”.
• While running VM, the actual cr3 register points to the
shadow page directory.
5
Synchronization
Is there a cycle? Is there deadlock?
init(sema1,
init(sema2,
init(sema3,
init(sema4,
1);
1);
2);
3);
fun1 {
down(sema3);
Yes to cycle.
Yes to deadlock.
fun2 {
fun3 {
down(sema3);
down(sema1);
down(sema1);
…
down(sema2);
…
down(sema2);
down(sema3);
…
}
}
}
6
Synchronization 2
Is there a cycle? Is there deadlock?
init(sema1, 2);
init(sema2, 2);
fun1 {
down(sema2);
Yes to cycle.
No to deadlock.
fun2 {
fun3 {
fun4 {
down(sema1);
down(sema1);
down(sema2);
down(sema2);
…
down(sema1);
…
}
}
…
}
…
}
7
Synchronization - Deadlock
• Given limited resources A, B, C, D – can I have
deadlock in the following situations? Why/why
not?
– I always acquire resources in alphabetical order
• No - no circularity in request graph
– An “older” thread can steal a resource from a
“younger” one that holds it
• Yes, if 2 threads can have same timestamp
• No if timestamps unique – we have preemption
– I request all resources at startup
• No – no hold and wait
8
Protection
• ACLs versus Capabilities
– ACLs slice matrix by columns
– Capabilities slice along rows
• Security hole examples
– TOCTTOU
– Setuid
– ptrace
• Capability based systems never took off
– perceived complexity
– low performance because of more IPC
9
Security
• Bell-La Padula model
• Security level is (c, s) pair
– c = classification, s = category-set
– (c1, s1) dominates (c2, s2) iff c1 ≥ c2 and s2 ⊆ s1
– L1 dominates L2 sometimes written L1 ⊒ L2 or L2 ⊑ L1
• Examples - (S, O, A) for subject S, object O, and access mode A
– If current-level(S) = {top-secret, {Nuclear}} and level(O) =
{secret, {Crypto}}, can A include observation?
• No – level(S) must dominate level(O)
– If level(O1) = {secret, {Nuclear}} and level(O2) = {top-secret,
{Nuclear}}, is it possible for S to observe O1 and modify O2?
• Yes – level(O2) must dominate level(O1)
10
File systems 1 - FFS
• Why was FFS “fast”?
• Larger block size
• Lessen internal fragmentation by placing pieces of files in
fragments (for example ends of files)
• Clustering
•
•
•
•
Place sequential blocks in adjacent sectors
Keep inode in same cylinder as file data
Keep inodes for a dir in same cylinder group
Keep extra free space to help allocate near existing things
• Use bitmap for free blocks
• Keep in memory
• Easier to find contiguous blocks
11
File systems 2 – Ordered Updates
• Performance vs. consistency
• Must follow three rules in ordering updates:
1.
2.
3.
Never write pointer before initializing structure it points to
Never reuse a resource before nullifying all pointers to it
Never clear last pointer to live resource before setting new one
• Example - creating 1k file on FFS means you must:
•
•
•
•
•
write filename in directory block
write modification time in directory inode
initialize file inode
write file data block
write free map
• Problem:
• multiple inodes are stored in same disk block and multiple directory
entries are stored in same directory block
• develop cyclic dependencies
• Solution:
• soft updates
• maintain enough info in fs to rollback changes temporarily
12
File systems 3 – Journaling
• Also improvement over basic FFS
• Keep a write-ahead log
• writes are to a consecutive portion of disk
• multiple updates are very fast
• record a checkpoint when all log entries up to a
point have been processed – allows you to truncate
log
• XFS – journaling file system for huge disks
• break disk into a few GB allocation groups
• use B+ trees for everything (directories, inodes,
lookup tables)
13
Network File Systems
• Main points to remember
– Tradeoff between completely “stateless” systems (original
NFS) and stateful ones (NFS 4, AFS)
– Stateless servers require clients to poll server to find out
about changes
– Callbacks improve consistency and reduce server load, but
complicate server requirements and failure modes
– Leases are a hybrid of polling and callbacks
• Server promises to let a client know about changes
within a time period
• Failure modes simplified if lease time is less than crashreboot time
14
Networking
• Key concepts:
• IP – provides host to host communication
– Unreliable (messages may get lost, reordered, or retransmitted)
– No control over transmission rate (congestion control)
• TCP/UDP – provide process to process communication
– Layered on top of IP (IP gets message to the host, TCP/UDP gets it to
the process)
– UDP simple layer on IP so it inherits IP’s problems
– TCP a more complex layer on IP that provides reliability and congestion
control
• Sockets abstraction for communication
• The several layers used in common networking stacks could cause a lot of
copying as data is handed from one layer to next.
– mbuf libraries provide efficient, flexible data structures and utility
functions to help avoid these problems
15
Questions?
16