Page 275 - DCAP103_Principle of operating system
P. 275
Principles of Operating Systems
Notes Since the register that determines where the next instruction comes from is different in kernel
mode than in user mode, the next instruction comes from the kernel’s memory location after the
location of the instruction which the kernel used to return to user mode after the last kernel call.
This instruction is typically the beginning of a routine which determines the nature of the request
from the state of the user’s registers and memory, and either processes the request or denies it.
A similar process occurs whenever the system clock signals to the kernel that it’s time to switch
to another user’s turn to execute programs in a timesharing environment. In this case, the kernel
typically saves the values of the old user’s registers in the kernel’s memory space, restores the
register values associated with the new user from kernel space, and returns to user mode. Thus,
the next user continues wherever they left off, and the last user waits to regain access to the system.
The astute reader will see several problems that remain to be resolved. In particular, the memory
of the machine must be protected in some manner or the state information of one domain could
be altered or examined by writing or reading its memory from another domain. Similarly, state
information in peripheral devices may be exploited in this manner unless some additional
protection is provided. Finally, information may be exchanged between domains by differing
usage of shared facilities.
Because of the prominent position of memory in the fetching of instructions and data and the
storage of control state information for the kernel and user domains, it presents a problem
that must be addressed by hardware in order to afford efficient processing under most current
architectures. Memory is generally protected through the use of a technique called ‘memory
mapping’. Memory mapping involves the use of a special set of control registers that translate
memory locations specified by a user into physical memory locations in M. Thus a given user
might access a memory location numbered 125, which the ‘translation buffer’ maps into physical
location 2978. If the kernel assures that the memory maps of different users don’t have overlaps
in physical memory locations, we are guaranteed that they don’t share state information, and
thus we maintain the separation mechanism. Similarly, shared memory can be implemented
with this mechanism for controlled communication. In most practical systems, memory mapping
is done on a page by page basis (i.e. in 1000 word groups) so that the size of the memory map
needn’t be enormous or expensive.
All I/O is generally performed by kernel mode instructions so the kernel can enforce protection of
I/O resources. In the case of terminal I/O, the user may have an interface that is nearly identical
to the kernel’s instructions, while for shared devices such as disks and printers, the kernel may
abstract the physical characteristics of the device completely, and leave the user with a purely
logical abstraction such as a file system.
The logical extension of the two state machine (i.e. kernel and user mode) is the use of machines
with numerous states, each with an increasing level of control. In general, a two state machine
is much simpler to implement. Because complexity increases the likelihood of errors, and all
protection relevant instructions are likely to be equally critical to system wide protection, this
is usually the way implementations are performed. If multiple logical protection ‘rings’ are
desired, they can be implemented with a two state machine in which certain domains are treated
differently than others by the kernel, rather than by providing a multitude of control registers
and classes of instructions in hardware.
268 LOVELY PROFESSIONAL UNIVERSITY
