Syscalls , exceptions, and interrupts, …oh my! - PowerPoint Presentation

Syscalls, exceptions, and interrupts, …oh my! Hakim WeatherspoonCS 3410Computer ScienceCornell University [ Altinbuken , Weatherspoon, Bala , Bracy , McKee, and Sirer ]

Announcements P4-Buffer Overflow is due tomorrowDue Tuesday, April 16thC practice assignmentDue Friday, April 19thDue Friday, April 27th

How do we protect processes from one another?Skype should not crash Chrome.How do we protect the operating system (OS) from other processes? Chrome should not crash the computer!How does the CPU and OS (software) handle exceptional conditions? Division by 0, Page Fault, Syscall, etc.Outline for Today3

How do we protect processes from one another?Skype should not crash Chrome.How do we protect the operating system (OS) from other processes? Chrome should not crash the computer!How does the CPU and OS (software) handle exceptional conditions? Division by 0, Page Fault, Syscall, etc.Outline for Today4Operating SystemPrivileged ModeTraps, System calls, Exceptions, Interrupts

Operating System

6 Operating SystemManages all of the software and hardware on the computer.Many processes running at the same time, requiring resourcesCPU, Memory, Storage, etc.The Operating System multiplexes these resources amongst different processes, and isolates and protects processes from one another!

7 Operating SystemOperating System (OS) is a trusted mediator:Safe control transfer between processesIsolation (memory, registers) of processesP1P2 P3 P4 VM filesystem net driver driver untrusted disk netw card MMU CPU trusted software hardware OS

8 Outline for TodayHow do we protect processes from one another?Skype should not crash Chrome.How do we protect the operating system (OS) from other processes? Chrome should not crash the computer!How does the CPU and OS (software) handle exceptional conditions? Division by 0, Page Fault, Syscall, etc.Operating SystemPrivileged Mode Traps , System calls, Exceptions, Interrupts

Privileged (Kernel) Mode

10 One Brain, Many PersonalitiesYou are what you execute.Personalities:hailstone_recursiveMicrosoft WordMinecraftLinux  yes, this is just software like every other program that runs on the CPUAre they all equal? Brain

11 Trusted vs. UntrustedOnly trusted processes should access & change important thingsEditing TLB, Page Tables, OS code, OS sp, OS fp…If an untrusted process could change the OS’ sp/fp/gp/etc., OS would crash!

12 Privileged ModeCPU Mode Bit in Process Status RegisterMany bits about the current process Mode bit is just one of themMode bit: 0 = user mode = untrusted: “Privileged” instructions and registers are disabled by CPU1 = kernel mode = trusted All instructions and registers are enabled

13 Privileged Mode at StartupBoot sequenceload first sector of disk (containing OS code) to predetermined address in memoryMode  1; PC  predetermined address2. OS takes overinitializes devices, MMU, timers, etc.loads programs from disk, sets up page tables, etc.Mode  0; PC  program entry pointUser programs regularly yield control back to OS

14 Users need access to resourcesIf an untrusted process does not have privileges to use system resources, how can itUse the screen to print?Send message on the network?Allocate pages?Schedule processes?

15 System Call Examplesputc(): Print character to screenNeed to multiplex screen between competing processessend(): Send a packet on the networkNeed to manipulate the internals of a device sbrk(): Allocate a pageNeeds to update page tables & MMUsleep(): put current prog to sleep, wake otherNeed to update page table base register

16 System CallsSystem calls called executive calls (ecall) in RISC-VSystem call: Not just a function callDon’t let process jump just anywhere in OS codeOS can’t trust process’ registers (sp, fp, gp, etc.)ECALL instruction: safe transfer of control to OSRISC-V system call convention:Exception handler saves temp regs, saves ra, …but: a7 = system call number, which specifies the operation the application is requesting

17 User Application0xfffffffc 0x00000000 top bottom 0x7ffffffc 0x80000000 0x10000000 0x00400000 system reserved stack system reserved code (text) static data dynamic data (heap) .data .text User Mode Privileged (Kernel) Mode System Call Interface printf () printf.c Implementation of printf () syscall ! SYSCALL!

18 Libraries and WrappersCompilers do not emit SYSCALL instructionsCompiler doesn’t know OS interfaceLibraries implement standard API from system APIlibc (standard C library):getc()  ecallsbrk()  ecallwrite()  ecallgets()  getc()printf()  write()malloc()  sbrk () …

19 Invoking System Callschar *gets(char *buf) { while (...) { buf[i] = getc(); }}int getc() { asm("addi a 7 , 0, 4 "); asm (“ e call "); } 4 is number for getc syscall

Anatomy of a Process, v1 200xfffffffc0x00000000 0x7ffffffc 0x80000000 0x10000000 0x00400000 system reserved stack system reserved code (text) static data dynamic data (heap) ( user) gets (library) getc ??

21 Where does the OS live?In its own address space?Syscall has to switch to a different address spaceHard to support syscall arguments passed as pointers. . . So, NOPEIn the same address space as the user process?Protection bits prevent user code from writing kernelHigher part of virtual memoryLower part of physical memory. . . Yes, this is how we do it.

Anatomy of a Process 220xfffffffc0x00000000 top bottom 0x7ffffffc 0x80000000 0x10000000 0x00400000 system reserved stack system reserved code (text) static data dynamic data (heap) .data .text

23 0xfffffffc0x000000000x7ffffffc 0x80000000 0x10000000 0x00400000 stack system reserved code (text) static data dynamic data (heap) OS Heap OS Data OS Stack OS Text Full System Layout All kernel text & most data: At same v irtual a ddress in every address space OS is omnipresent, available to help user-level applications Typically in high memory

Full System Layout 24Virtual MemoryOS Text OS Data OS Heap OS Stack Physical Memory 0xfffffffc 0x00000000 0x7ffffffc 0x80000000 0x10000000 0x00400000 stack system reserved code (text) static data dynamic data (heap) OS Heap OS Data OS Stack OS Text 0x00...00

Anatomy of a Process, v2 250xfffffffc0x00000000 0x7ffffffc 0x80000000 0x10000000 0x00400000 system reserved stack system reserved code (text) static data dynamic data (heap) gets getc i mplementation of getc () syscall

26 Inside the ECALL instructionECALL is s SYSCALL in RISC-VECALL instruction does an atomic jump to a controlled location (i.e. RISC-V 0x8000 0180)Switches the sp to the kernel stackSaves the old (user) SP valueSaves the old (user) PC value (= return address)Saves the old privilege modeSets the new privilege mode to 1Sets the new PC to the kernel syscall handler

27 Inside the ECALL implementation Kernel system call handler carries out the desired system call Saves callee -save registers Examines the syscall ecall number Checks arguments for sanity Performs operation Stores result in a0 Restores callee -save registers Performs a “ supervisor exception return ” ( SRET ) instruction, which restores the privilege mode, SP and PC

28 TakeawayIt is necessary to have a privileged (kernel) mode to enable the Operating System (OS):provides isolation between processesprotects shared resourcesprovides safe control transfer

29 Outline for TodayHow do we protect processes from one another?Skype should not crash Chrome.How do we protect the operating system (OS) from other processes? Chrome should not crash the computer!How does the CPU and OS (software) handle exceptional conditions? Division by 0, Page Fault, Syscall, etc.Operating SystemPrivileged Mode Traps , System calls, Exceptions, Interrupts

30 Exceptional Control FlowAnything that isn’t a user program executing its own user-level instructions.System Calls:just one type of exceptional control flowProcess requesting a service from the OSIntentional – it’s in the executable!

31 Software ExceptionsTrapIntentionalExamples:System call (OS performs service)Breakpoint traps Privileged instructions Abort Unintentional Not recoverable Examples : Parity error Fault Unintentional but Possibly recoverable Examples : Division by zero Page fault One of many ontology / terminology trees.

32 TerminologyTrap: Any kind of a control transfer to the OSSyscall: Synchronous and planned, process-to-kernel transferECALL instruction in RISC-V (various on x86)Exception: Synchronous but unplanned, process-to-kernel transferexceptional events: div by zero, page fault, page protection err, …Interrupt: Asynchronous, device-initiated transfere.g. Network packet arrived, keyboard event, timer ticks

33 Hardware support for exceptionsSEPC registerSupervisor Exception Program Counter or SEPC32-bit register, holds addr of affected instructionSyscall case: Address of ECALLSCAUSE registerSupervisor Exception Cause Register or SCAUSERegister to hold the cause of the exceptionSyscall case: 8, SysSpecial instructions to load TLB Only do-able by kernel

Hardware support for exceptions 34 Write- Back Memory Instruction Fetch Execute Instruction Decode extend register file control alu memory d in d out addr PC memory new pc inst IF/ID ID/EX EX/MEM MEM/WB imm B A ctrl ctrl ctrl B D D M compute jump/branch targets +4 forward unit detect hazard Stack, Data, Code Stored in Memory x0 x1 x30 x31 Code Stored in Memory (also, data and stack) SEPC SCAUSE

35 Precise exceptions: Hardware guarantees(similar to a branch) Previous instructions complete Later instructions are flushed SEPC and SCAUSE register are set Jump to prearranged address in OS When you come back, restart instruction Disable exceptions while responding to one Otherwise can overwrite SEPC and SCAUSE Hardware support for exceptions

36 Exceptional Control FlowHardware interruptsAsynchronous= caused by events external to CPUSoftware exceptionsSynchronous = caused by CPU executing an instruction Maskable Can be turned off by CPU Example: alert from network device that a packet just arrived, clock notifying CPU of clock tick Unmaskable Cannot be ignored Example: alert from the power supply that electricity is about to go out AKA Exceptions

37 Interrupts & Unanticipated ExceptionsNo ECALL instruction. Hardware steps in:Saves PC of supervisor exception instruction (SEPC) Saves cause of the interrupt/privilege (Cause register)Switches the sp to the kernel stackSaves the old (user) SP valueSaves the old (user) PC valueSaves the old privilege modeSets the new privilege mode to 1 Sets the new PC to the kernel syscall hander interrupt/exception handler SYSCALL

38 Inside Interrupts & Unanticipated Exceptions Kernel system call handler carries out system call all Saves callee -save registers Examines the syscall number cause Checks arguments for sanity Performs operation Stores result in a0 Restores callee -save registers Performs a SRET instruction (restores the privilege mode, SP and PC) interrupt/exception handler handles event all

39 Address Translation: HW/SW Division of LaborVirtual  physical address translation!Hardwarehas a concept of operating in physical or virtual modehelps manage the TLBraises page faultskeeps Page Table Base Register (PTBR) and ProcessIDSoftware/OSmanages Page Table storagehandles Page Faultsupdates Dirty and Reference bits in the Page Tableskeeps TLB valid on context switch:Flush TLB when new process runs (x86)Store process id (MIPS)

40 Demand Paging on RISC-VTLB missTrap to kernelWalk Page TableFind page is invalidConvert virtual address to file + offsetAllocate page frameEvict page if neededInitiate disk block read into page frameDisk interrupt when DMA completeMark page as valid Load TLB entry Resume process at faulting instruction Execute instruction