Transcript CMSC421
CMSC421 Chapter 22 Operating System Concepts Windows XP Windows XP Windows XP operating system is a 32/64- bit preemptive multitasking operating system for AMD K6/K7, Intel IA32/IA64 and later microprocessors. It is the successor to Windows NT/2000 and the replacement for Windows 95/98. History Many features are from NT/2000. Uses a client-server architecture (like Mach) to implement multiple operating system personalities, such as Win32 and POSIX. Comes in two versions, Personal and Professional. Design Principles Security Reliability Windows and POSIX Application Compatibility High Performance Extensibility Portability International Support Security Adherence to the design standards to receive U.S. Government C-2 security designation. Extensive code review and testing, plus use of sophisticated automatic analysis tools to investigate potential defects that might represent security vulnerabilities. Reliability Used extensive manual and automatic code review to identify over 63,000 lines in the source files that might contain issues not detected by testing. Extends driver verification to catch more subtle bugs, improves the facilities for catching programming errors in user-level code,. Reliability -- II Subjects third party applications, drivers and devices to a rigorous certification process. New facilities for monitoring the health of the PC including downloading fixes for problems before they are encountered by the users. Windows/ POSIX Application Compatibility Application compatibility is difficult to achieve because each application checks for a particular version of Windows, may have dependence on the quirks of the implementation of APIs. XP introduces a compatibility layer that falls between applications and the Win32 API. This layer makes XP look “bug-for-bug” compatible with previous versions of Windows. Windows/ POSIX Application Compatibility -- II Maintains support for running many 16-bit applications using a “thunking layer” that translates 16-bit API calls into equivalent 32-bit calls. 64-bit version provides a thunking layer that translates 32-bit API calls into native 64-bit calls. Windows/ POSIX Application Compatibility -- III POSIX support is a POSIX subsystem called Interix. Most available UNIX-compatible software compiles and runs under Interix without modification. High Performance Desktop systems are largely constrained by I/O performance. Servers, and large multi-threaded and multi-processor environments are often constrained by CPU. Locking and cacheline management are key to scalability. High Performance Techniques Asynchronous I/o Optimized protocols for networks Kernel-based graphics Sophisticated caching of file-system data. Memory management Synchronization algorithms Reducing code-path length in critical functions. High Performance Techniques -II Using better algorithms and per-processor data structures. Implementing more scalable locking protocols. Except while executing in the kernel dispatcher, threads in the subsystems of Windows XP can be preempted by higherpriority threads. Extensibility Used a layered architecture. Uses environmental subsystems to emulate different operating systems (DOS, Windows, POSIX). Uses loadable drivers in the I/O system. Uses RPCs for distributed processing. Portability Can be moved from one hardware architecture to another with relatively few changes. Majority of the system is written in C and C++. Processor-dependent code is isolated in DLL called hardware-abstraction layer (HAL). Portability -- II Only shipped on IA32 compatible platforms, it was also tested on DEC Alpha. “Maintaining portability is a matter of use it or loss it.” International Support Uses National Language Support API. Uses UNICODE as the native language character code. ASCII is converted to UNICODE. System text strings are kept in resource files that can be replaced to localize the system for different languages. Multiple locales can be used concurrently. System Components Hardware-Abstraction Layer Kernel Executive Logon process Security subsystem OS/2 applications OS/2 subsystem Win16 applications Win32 applications Win16 VDM MSDOS applications MSDOS VDM POSIX applications POSIX subsystem Authentication package Security account manager database I/O manager File system Cache manager Win32 subsystem executive Object manager Security reference monitor Process manager Plug and play manager Device drivers Network drivers kernel Hardware abstraction layer Hardware Windows XP block diagram Virtual memory manager Local procedure call facility Window manager Graphic device drivers Hardware Abstraction Layer HAL is the layer of software that hides hardware differences from upper levels of the operating system. HAL exports a virtual-machine interface that is used by the kernel dispatcher, the executive, and the device drivers. Only a single version of each device driver is required. Kernel Kernel Dispatcher Threads and Scheduling Implementation of Synchronization Primitives Software Interrupt: Async Proc Calls Software Interrupt: Deferred Proc Calls Exceptions and Interrupts Kernel -- II Is object oriented An object type is a system defined data type with a set of attributes and a set of methods. An object is an instance of an object type. The kernel performs its job by using a set of kernel objects whose attributes shore the kernel data, and whose methods perform the kernel activities. Kernel Dispatcher Provides the foundation for the executive and subsystems Most is never paged out Can not be preempted Kernel Dispatcher Responsibilities Thread scheduling Implementation of synch primitives Timer management Software interrupts Exception dispatching Threads and Scheduling Uses processes and threads for executable code. Process has a virtual memory address space and information to initialize each thread. Each thread is an executable unit dispatched by the kernel. Thread states Ready Standby running waiting transition terminated Priority scheme 32-level scheme Variable class (0 - 15) Real-time class (16 - 31) Uses a queue for each priority Implementation of Synchronization Primitives Dispatcher objects control dispatching and synchronization Event objects record an event occurrence Mutant provides mutex Semaphore object acts as a counter or a gate Thread object is the entity that is scheduled Timer objects keep track of time Asynchronous Procedure Call Break into an executing thread and call procedure. APCs are used to begin execution of a new thread, terminate processes, and deliver notification that an asynch I/O has completed. Queued to a specific thread Allow the system to execute both system and user code within a process’ context Deferred Procedure Call DPCs are used to postpone interrupt processing. Process timer expirations Preempt thread execution at end of scheduling quantum Exceptions and Interrupts Architecture-independent exceptions • • • • • • • memory-access violation integer and floating point divide by zero overflow or underflow illegal instruction data misalignment privileged instruction page read error, etc Exceptions Trap handlers deal with simple exceptions More elaborate handling is performed by the kernel’s exception dispatcher. If no handler is found, a system error occurs and results in a “blue screen of death” Exception handing is more complex for user-mode processes Exceptions -- II The interrupt dispatcher in the kernel handles interrupts by calling an Interrupt Service Routine (ISR) supplied by a device driver or a kernel trap handler routine. For portability, the interrupt dispatcher maps hardware interrupts into a standard set. Executive Provides a set of services that all environmental subsystems use: • • • • • • • • • Object manager Virtual memory manager Process manager Local procedure call facility I/O manager Security reference monitor Plug-and-play and security managers registry booting Object Manager A generic set of interfaces for managing the kernel-mode entities that is manipulated by user-mode programs. Examples: • • • • • semaphores mutexes events processes threads Handles Each process has an object table that track the objects used by the process User-mode code accesses these objects using an opaque value called a handle that is returned by many APIs. Object handles can be created by duplicating an existing handle, either from either the same or different process. Virtual Functions Objects are manipulated by a set of virtual functions with implementations provided by each object type: • query - gets object’s name • parse - search for an object given the object’s name • security - makes security checks on all object operations. Virtual Memory Manager The design of the VM Manager assumes that the underlying hardware supports virtual-to-physical mapping, a paging mechanism, transparent cache coherence on multiprocessor systems and allows multiple page-table entries to map to the same physical page frame. Virtual Memory Manager -- II On IA32 processors each process has a 4GB virtual address space. The upper 2GB are mostly identical for all processes, and are used by Windows XP in kernel mode to access the operating system code and data structures. Key areas that are not identical are page table self-map, hyperspace and session space. Page Table Self-map The hardware uses a process’s page tables using physical page-frame numbers. The VM manager maps the page tables into a single 4GB region in the process’ address space so they are accessed through virtual addresses. Hyperspace Hyperspace maps the current process’ working set information into the kernelmode address. Session Space Session space is used to share the win32 and other session-specific drivers between all the processes in the same terminalserver session rather than with all the processes in the system. Process Manager Provides services for creating, deleting, and using processes, threads, and jobs. It has no knowledge about parent-child relationships; left to environmental subsystems. Processes contain one or more threads. Processes can be collected together into job objects. Process Creation Once a new process is created, the initial thread is created and an APC (Async Procedure Call) is delivered to the thread to prompt the start of execution at the usermode image loader (ntdll.DLL). Also supports a UNIX fork( ) style of process creation. Local Procedure Call Facility XP uses a client-server model. Environmental subsystems are servers that implement particular operating system personalities. XP uses LPCs to pass requests and results (messages) between client and server processes within a single machine. I/O Manager Responsible for file-systems, device drivers, and network drivers. Works with VM to provide memory mapped I/O operations. Is fundamentally asynchronous. Device drivers are written according to the Windows Driver Model (WDM) specification. WDM Because of the richness of the WDM, it can be an excessive amount of work to write a full WDM device driver for each new hardware device. Cache Manager Centralized facility. Works with file-system and VM mangers. Caching in XP is based on files rather than raw blocks. Size of the cache changes dynamically. Cache Cache is divided into blocks of 256KB. Each block can hold a memory-mapped region (view) of a file. Each cache block is described by a virtualaddress control block (VACB) that stores the virtual address and file offset of the view. Security Reference Monitor Centralized management of system entities in the object manager enables the use of a uniform mechanism to perform run-time access validation and audit checks for every user-accessible entity in the system. Security Tokens The SRM is responsible for manipulating the privileges in security tokens. Special privileges are required to perform back or restore operations, overcome certain checks as an administrator, debug processes, etc. Restricted tokens used to restrict the damage of untrusted code. Logging The SRM is logging security audit events. A C2 rating requires the ability to detect and log all unauthorized attempts to access system resources. Plug-and-Play Managers Recognizes and adapts to changes in the hardware configuration. For PnP to work, both the device and driver must support the PnP standard. Must be able to change the interrupts dynamically. Must support dynamically configurable resources. Registry Configuration information is stored in an internal database -- the registry. Entries (hives) are for system information, default user preferences, software installation, and security. Used to boot the system. Booting Sequence • • • • • • • power on BIOS begins executing boot loader (NTLDR) determines boot device loads Hardware-Abstraction Library loads kernel and system hive loads drivers Booting -- II • Begins kernel execution • Creates 2 threads – system process for all internal worker threads – user-mode SMSS (similar to UNIX init process) • finishes initialization • creates WINLOGON • creates CSRSS (Win32 subsystem) Environmental Subsystem Is user-mode processes layered over the native windows XP exec servers to run programs developed for other Oss (16-bit Windows, DOS, and POSIX). Win32 calls the VM manager to load the executable code and return what type the application is. Environmental Subsystem - II Uses LPC subsystem to provide OS services to client processes. Since each subsystem is run as a separate user-mode process, a crash in one has no effect on other processes. The exception is in Win32, which provides all keyboard, mouse, and graphical display capabilities - If it fails, the system requires a reboot. MS-DOS Environment Virtual DOS Machine emulates Intel 486 instructions, emulates MS-DOS ROM DIOS and INT 21h software interrupt services and has virtual device drivers for the screen, keyboard, and communication ports. Some MSDOS programs fail because they require access to the disk hardware directly. 16-Bit Windows Environment VDM has Windows on Windows (WOW32) for Windows 3.1 software and emulates the kernel routines. Applications that rely on the internal structure of the 16-bit window manager may not work. Only one Win16 application can run at a time. 32-Bit Windows Env. On IA64 Requires a “thunking” layer to translate 32- bit Win32 calles into the corresponding 64bit calls. The implementation of 32-bit and 64-bit windows are essential the same, IA64 provides direction execution of IA32 instructions.-- higher level of compatibility.