Study Guide to Accompany Operating Systems Concepts 8

th
Ed by Silberschatz, Galvin and Gagne
By Andrew DeNicola, BU ECE Class of 2012
Figures Copyright !ohn "iley # $ons 2012
Ch.1 - Introduction
An OS is a program that acts as an intermediary between a user of a computer and the computer hardware
Goals: Execute user programs, mae the comp! system easy to use, utilize hardware efficiently
"omputer system: #ardware $ OS $ Applications $ %sers &$ ' (uses()
OS is:
*esource allocator: decides between conflicting re+uests for efficient and fair resource use
"ontrol program: controls execution of programs to prevent errors and improper use of computer
,ernel: the one program running at all times on the computer
-ootstrap program: loaded at power.up or reboot
Stored in *O/ or E0*O/ &nown as firmware), 1nitializes all aspects of system, loads OS ernel and starts
execution
12O and "0% can execute concurrently
3evice controllers inform "0% that it is finished w2 operation by causing an interrupt
1nterrupt transfers control to the interrupt service routine generally, through the interrupt vector, which
contains the addresses of all the service routines
1ncoming interrupts are disabled while another interrupt is being processed
4rap is a software generated interrupt caused by error or user re+uest
OS determines which type of interrupt has occurred by polling or the vectored interrupt system
System call: re+uest to the operating system to allow user to wait for 12O completion
3evice.status table: contains entry for each 12O device indicating its type, address, and state
OS indexes into the 12O device table to determine device status and to modify the table entry to include
interrupt
Storage structure:
/ain memory 5 random access, volatile
Secondary storage 5 extension of main memory 4hat provides large non.volatile storage
3is 5 divided into tracs which are subdivided into sectors! 3is controller determines logical interaction
between the device and the computer!
"aching 5 copying information into faster storage system
/ultiprocessor Systems: 1ncreased throughput, economy of
scale, increased reliability
"an be asymmetric or symmetric
"lustered systems 5 6ined multiprocessor systems
/ultiprogramming 5 0rovides efficiency via 7ob scheduling
8hen OS has to wait &ex: for 12O), switches to another 7ob
4imesharing 5 "0% switches 7obs so fre+uently that each user
can interact with each 7ob while it is running &interactive computing)
3ual.mode operation allows OS to protect itself and other system components 5 %ser mode and ernel mode
Some instructions are only executable in ernel mode, these are privileged
Single.threaded processes have one program counter, multi.threaded processes have one 0" per thread
0rotection 5 mechanism for controlling access of processes or users to resources defined by the OS
Security 5 defense of a system against attacs
%ser 13s &%13), one per user, and Group 13s, determine which users and groups of users have which privileges
Ch.2 OS Structures
%ser 1nterface &%1) 5 "an be "ommand.6ine &"61) or Graphics %ser 1nterface &G%1) or -atch
4hese allow for the user to interact with the system services via system calls &typically written in "2"99)
Other system services that a helpful to the user include: program execution, 12O operations, file.system
manipulation, communications, and error detection
Services that exist to ensure efficient OS operation are: resource allocation, accounting, protection and security
/ost system calls are accessed by Application 0rogram 1nterface &A01) such as 8in:;, 0OS1<, =ava
%sually there is a number associated with each system call
System call interface maintains a table indexed according to these numbers
0arameters may need to be passed to the OS during a system call, may be done by:
0assing in registers, address of parameter stored in a bloc, pushed onto the stac by the program and popped
off by the OS
-loc and stac methods do not limit the number
or length of parameters being passed
0rocess control system calls include: end, abort, load,
execute, create2terminate process, wait, allocate2free
memory
>ile management system calls include: create2delete
file, open2close file, read, write, get2set attributes
3evice management system calls: re+uest2release
device, read, write, logically attach2detach devices
1nformation maintenance system calls: get2set time,
get2set system data, get2set process2file2device attributes
"ommunications system calls: create2delete
communication connection, send2receive, transfer status information
OS 6ayered approach:
4he operating system is divided into a number of layers &levels), each built on top of lower layers! 4he bottom
layer &layer ?), is the hardware@ the highest &layer A) is the user interface
8ith modularity, layers are selected such that each uses functions &operations) and services of only lower.level
layers
Birtual machine: uses layered approach, treats hardware and the OS ernel as though they were all hardware!
#ost creates the illusion that a process has its own processor and own virtual memory
Each guest provided with a (virtual( copy of the underlying computer
Application failures can generate core dump file capturing memory of the process
Operating system failure can generate crash dump file containing ernel memory
Ch.3 Processes
0rocess contains a program counter, stac, and data section!
4ext section: program code itself
Stac: temporary data &function parameters, return addresses, local
variables)
3ata section: global variables
#eap: contains memory dynamically allocated during run.time
0rocess "ontrol -loc &0"-): contains information associated with each
process: process state, 0", "0% registers, scheduling information,
accounting information, 12O status information
4ypes of processes:
12O -ound: spends more time doing 12O than computations, many
short "0% bursts
"0% -ound: spends more time doing computations, few very
long "0% bursts
8hen "0% switches to another process, the system must save the
state of the old process &to 0"-) and load the saved state &from 0"-)
for the new process via a context switch
4ime of a context switch is dependent on hardware
0arent processes create children processes &form a tree)
013 allows for process management
0arents and children can share all2some2none resources
0arents can execute concurrently with children or wait until
children terminate
for&) system call creates new process
exec&) system call used after a for to replace the processes( memory space with a new program
"ooperating processes need interprocess communication &10"): shared memory or message passing
/essage passing may be blocing or non.blocing
-locing is considered synchronous
-locing send has the sender bloc until the message is received
-locing receive has the receiver bloc until a message is available
Aon.blocing is considered asynchronous
Aon.blocing send has the sender send the message and continue
Aon.blocing receive has the receiver receive a valid message or null
Ch.4 Threads
4hreads are fundamental unit of "0% utilization that forms the basis of multi.threaded computer systems
0rocess creation is heavy.weight while thread creation is light.weight
"an simplify code and increase efficiency
,ernels are generally multi.threaded
/ulti.threading models include: /any.to.One, One.to.One, /any.to./any
/any.to.One: /any user.level threads mapped to single ernel thread
One.to.One: Each user.level thread maps to ernel thread
/any.to./any: /any user.level threads mapped to many ernel threads
4hread library provides programmer with A01 for creating and managing threads
1ssues include: thread cancellation, signal handling &synchronous2asynchronous), handling thread.specific data, and
scheduler activations!
"ancellation:
Asynchronous cancellation terminates the target thread immediately
3eferred cancellation allows the target thread to periodically chec if it should be canceled
Signal handler processes signals generated by a particular event, delivered to a process, handled
Scheduler activations provide upcalls 5 a communication mechanism from the ernel to the thread library!
Allows application to maintain the correct number of ernel threads
Ch.5 CPU Scheduling
0rocess execution consists of a cycle of "0% execution and 12O wait
"0% scheduling decisions tae place when a process:
Switches from running to waiting &nonpreemptive)
Switches from running to ready &preemptive)
Switches from waiting to ready &preemptive)
4erminates &nonpreemptive)
4he dispatcher module gives control of the "0% to the process selected by the short.term scheduler
3ispatch latency. the time it taes for the dispatcher to stop one process and start another
Scheduling algorithms are chosen based on optimization criteria &ex: throughput, turnaround time, etc!)
>">S, S=>, Shortest.*emaining.4ime.>irst &preemptive S=>), *ound *obin, 0riority
3etermining length of next "0% burst: Exponential Averaging:
C! tn ' actual length of n
th
"0% burst
;! Dn9C ' predicted value for the next "0% burst
:! E, ? F E F C &commonly E set to C2;)
G! 3efine: Dn9C ' EHtn 9 &C.E)Dn
0riority Scheduling can result in starvation, which can be solved by
aging a process &as time progresses, increase the priority)
1n *ound *obin, small time +uantums can result in large amounts of
context switches
4ime +uantum should be chosen so that I?J of processes have
shorter burst times that the time +uantum
/ultilevel Kueues and /ultilevel >eedbac Kueues have multiple
process +ueues that have different priority levels
1n the >eedbac +ueue, priority is not fixed L 0rocesses can be promoted and demoted to different +ueues
>eedbac +ueues can have different scheduling algorithms at different levels
/ultiprocessor Scheduling is done in several different ways:
Asymmetric multiprocessing: only one processor accesses system data structures L no need to data share
Symmetric multiprocessing: each processor is self.scheduling &currently the most common method)
0rocessor affinity: a process running on one processor is more liely to continue to run on the same processor
&so that the processor(s memory still contains data specific to that specific process)
6ittle(s >ormula can help determine average wait time per process in any scheduling algorithm:
n ' M x 8
n ' avg +ueue length@ 8 ' avg waiting time in +ueue@ M ' average arrival rate into +ueue
Simulations are programmed models of a computer system with variable clocs
%sed to gather statistics indicating algorithm performance
*unning simulations is more accurate than +ueuing models &lie 6ittle(s 6aw)
Although more accurate, high cost and high ris
Ch.6 Process Snchroni!ation
*ace "ondition: several processes access and manipulate the same data concurrently, outcome depends on which
order each access taes place!
Each process has critical section of code, where it is manipulating data
4o solve critical section problem each process must as permission to enter critical section in entry section,
follow critical section with exit section and then execute the remainder section
Especially difficult to solve this problem in preemptive ernels
0eterson(s Solution: solution for two processes
4wo processes share two variables: int turn and Boolean flag[2]
turn: whose turn it is to enter the critical section
flag: indication of whether or not a process is ready to enter critical section
flag[i] = true indicates that process 0i is ready
Algorithm for process 0i:
do N
flagOiP ' 4*%E@
turn ' 7@
while &flagO7P QQ turn '' 7)
critical section
flagOiP ' >A6SE@
remainder section
R while &4*%E)@
/odern machines provide atomic hardware instructions: Atomic ' non.interruptable
Solution using 6ocs:
do N
ac+uire loc
critical section
release loc
remainder section
R while &4*%E)@
Solution using 4est.And.Set: Shared boolean variable loc, initialized to >A6SE
Solution using Swap: Shared bool variable loc initialized to >A6SE@ Each process has local bool variable ey
Semaphore: Synchronization tool that does not re+uire busy waiting
Standard operations: wait&) and signal&) S these are the only operations that can access semaphore S
"an have counting &unrestricted range) and binary &? or C) semaphores
3eadloc: 4wo or more processes are waiting indefinitely for an event that can be caused by only one of the waiting
processes &most OSes do not prevent or deal with deadlocs)
"an cause starvation and priority inversion &lower priority process holds loc needed by higher.priority
process)
boolean 4estAndSet &boolean Htarget)N
boolean rv ' Htarget@
Htarget ' 4*%E@T
return rv:
R
do N
while & 4estAndSet &Qloc ))
@ 22 do
nothing
22 critical section
loc ' >A6SE@
22 remainder section
R while &4*%E)@
void Swap &boolean Ha, boolean Hb)N
boolean temp ' Ha@
Ha ' Hb@
Hb ' temp:
R
do N
ey ' 4*%E@
while & ey '' 4*%E)
Swap &Qloc,
Qey )@
22 critical section
loc ' >A6SE@
22 remainder section
R while &4*%E)@
Ch.6 Process Snchroni!ation Continued
Other synchronization problems include -ounded.-uffer 0roblem and *eaders.8riters 0roblem
/onitor is a high.level abstraction that provides a convenient and effective mechanism for process synchronization

Only one process may be active within the monitor at a time

"an utilize condition variables to suspend a resume processes &ex: condition x, y@)

x!wait&) 5 a process that invoes the operation is suspended until x!signal&)

x!signal&) 5 resumes one of processes &if any) that invoed x!wait&)

"an be implemented with semaphores

Ch." #eadloc$s
3eadloc "haracteristics: deadloc can occur if these conditions hold simultaneously

/utual Exclusion: only one process at a time can use a resource

#old and 8ait: process holding one resource is waiting to ac+uire resource held by another process

Ao 0reemption: a resource can be released only be the process holding it after the process completed its tas

"ircular 8ait: set of waiting processes such that 0n.C is waiting for resource from 0n, and 0n is waiting for 0?

U3ining 0hilosophersV in deadloc

Ch.% &ain &e'or
"ache sits between main memory and "0% registers
-ase and limit registers define logical address space usable by a process
"ompiled code addresses bind to relocatable addresses
"an happen at three different stages
"ompile time: 1f memory location nown a priori, absolute code can be generated
6oad time: /ust generate relocatable code if memory location not nown at compile time
Execution time: -inding delayed until run time if the process can be moved during its execution
/emory./anagement %nit &//%) device that maps virtual to physical address
Simple scheme uses a relocation register which 7ust adds a base value to address
Swapping allows total physical memory space of processes to exceed physical
memory
3ef: process swapped out temporarily to bacing store then brought bac in
for continued execution
-acing store: fast dis large enough to accommodate copes of all memory images
*oll out, roll in: swapping variant for priority.based scheduling!
6ower priority process swapped out so that higher priority process can be
loaded
Solutions to 3ynamic Storage.Allocation 0roblem:
>irst.fit: allocate the first hole that is big enough
-est.fit: allocate the smallest hole that is big enough &must search entire list) L smallest leftover hole
8orst.fit: allocate the largest hole &search entire list) L largest leftover hole
External >ragmentation: total memory space exists to satisfy re+uest, but is not contiguous
*educed by compaction: relocate free memory to be together in one bloc
Only possible if relocation is dynamic
1nternal >ragmentation: allocated memory may be slightly larger than re+uested memory
0hysical memory divided into fixed.sized frames: size is power of ;, between WC; bytes and CX /-
6ogical memory divided into same sized blocs: pages
0age table used to translate logical to physical addresses
0age number &p): used as an index into a page table
0age offset &d): combined with base address to define the physical memory address
>ree.frame list is maintained to eep trac of which frames can be allocated
>or given logical address space ;
m
and page size ;
n
Ch.% &ain &e'or Continued
4ransition 6oo.aside -uffer &46-) is a "0% cache that memory management hardware uses to improve virtual
address translation speed
4ypically small 5 XG to C?;G entries
On 46- miss, value loaded to 46- for faster access next time
46- is associative 5 searched in parallel
Effective Access 4ime: EA4 ' &C 9 Y) E 9 &; 9 Y)&C 5 E)
Y ' time unit, E ' hit ratio
Balid and invalid bits can be used to protect memory
UBalidV if the associated page is in the process( logical address space, so it is a legal page
"an have multilevel page tables &paged page tables)
#ashed 0age 4ables: virtual page number hashed into page table
0age table has chain of elements hashing to the same location
Each element has &C) virtual page number, &;) value of mapped page frame, &:) a pointer to the next element
Search through the chain for virtual page number
Segment table 5 maps two.dimensional physical addresses
Entries protected with valid bits and r2w2x privileges
Paging with TLB
Page table example
Paging without TLB
Segmentation example
Ch.( )irtual &e'or
Birtual memory: separation of user logical memory and physical memory

Only part of program needs to be in memory for execution L logical address space Z physical address space

Allows address spaces to be shared by multiple processes L less swapping

Allows pages to be shared during for&), speeding process creation

0age fault results from the first time there is a reference to a specific page L traps the OS

/ust decide to abort if the reference is invalid, or if the desired page is 7ust not in memory yet

1f the latter: get empty frame, swap page into frame, reset tables to indicate page now in memory, set
validation bit, restart instruction that caused the page fault

1f an instruction accesses multiple pages near each other L less UpainV because of locality of reference
3emand 0aging only brings a page into memory when it is needed L less 12O and memory needed

6azy swapper 5 never swaps a page into memory unless page will be needed

"ould result in a lot of page.faults

0erformance: EA4 ' O&C.p)Hmemory access 9 pH&page fault overhead 9 swap page out 9 swap page in 9 restart
overhead)P@ where 0age >ault *ate ? p C

if p ' ?, no page faults@ if p ' C, every reference is a fault

"an optimize demand paging by loading entire process image to swap space at process load time
0ure 3emand 0aging: process starts with no pages in memory
"opy.on.8rite &"O8) allows both parent and child processes to initially share the same pages in memory

1f either process modifies a shared page, only then is the page copied
/odify &dirty) bit can be used to reduce overhead of page transfers L only modified pages written to dis
8hen a page is replaced, write to dis if it has been mared dirty and swap in desired page
0ages can be replaced using different algorithms: >1>O, 6*% &below)

Stac can be used to record the most recent page references &6*% is a UstacV algorithm)

Second chance algorithm uses a reference bit

1f C, decrement and leave in memory

1f ?, replace next page

>ixed page allocation: 0roportional allocation 5 Allocate according to size of process

si ' size of process 0i, S ' [si, m ' total number of frames, ai 5 allocation for 0i

ai ' &si2S)Hm
Global replacement: process selects a replacement frame from set of all frames

One process can tae frame from another

0rocess execution time can vary greatly

Greater throughput
6ocal replacement: each process selects from only its own set of allocated frames

/ore consistent performance

0ossible under.utilization of memory

0age.fault rate is very high if a process does not have UenoughV pages

4hrashing: a process is busy swapping pages in and out L minimal wor is actually being performed
/emory.mapped file 12O allows file 12O to be treated as routine memory access by mapping a dis bloc to a page
in memory
12O 1nterloc: 0ages must sometimes be loced into memory
Ch.1* +ile-Sste' Inter,ace
>ile 5 %niform logical view of information storage &no matter the medium)
/apped onto physical devices &usually nonvolatile)
Smallest allotment of nameable storage
4ypes: 3ata &numeric, character, binary), 0rogram, >ree form, Structured
Structure decided by OS and2or program2programmer
Attributes:
Aame: Only info in human.readable form
1dentifier: %ni+ue tag, identifies file within the file system
4ype, Size
6ocation: pointer to file location
4ime, date, user identification
>ile is an abstract data type
Operations: create, write, read, reposition within file, delete, truncate
Global table maintained containing process.independent open file information: open.file table
0er.process open file table contains pertinent info, plus pointer to entry in global open file table
Open file locing: mediates access to a file &shared or exclusive)
/andatory 5 access denied depending on locs held and re+uested
Advisory 5 process can find status of locs and decide what to do
>ile type can indicate internal file structure
Access /ethods: Se+uential access, direct access
Se+uential Access: tape model of a file
3irect Access: random access, relative access
3is can be subdivided into partitions@ diss or partitions can be *A13
protected against failure!
"an be used raw without a file.system or formatted with a file system
0artitions also nows as minidiss, slices
Bolume contains file system: also tracs file system(s info in device directory or volume table of contents
>ile system can be general or special.purpose! Some special purpose >S:
tmpfs 5 temporary file system in volatile memory
ob7fs 5 virtual file system that gives debuggers access to ernel symbols
ctfs 5 virtual file system that maintains info to manage which processes start when system boots
lofs 5 loop bac file system allows one file system to be accessed in place of another
procfs 5 virtual file system that presents information on all processes as a file system
3irectory is similar to symbol table 5 translating file names into their directory entries
Should be efficient, convenient to users, logical grouping
4ree structured is most popular 5 allows for grouping
"ommands for manipulating: remove 5 rm\file.nameZ @ mae new sub directory . mdir\dir.nameZ
"urrent directory: default location for activities 5 can also specify a path to perform activities in
Acyclic.graph directories adds ability to directly share directories between users
Acyclic can be guaranteed by: only allowing shared files, not shared sub directories@ garbage collection@
mechanism to chec whether new lins are O,
>ile system must be mounted before it can be accessed 5 ernel data structure eeps trac of mount points
1n a file sharing system %ser 13s and Group 13s help identify a user(s permissions
"lient.server allows multiple clients to mount remote file systems from servers 5 A>S &%A1<), "1>S &8indows)
"onsistency semantics specify how multiple users are to access a shared file simultaneously 5 similar to
synchronization algorithms from "h!]
One way of protection is "ontrolled Access: when file created, determine r2w2x access for users2groups
File-System Organization
Ch.11 +ile Sste' I'-le'entation
>ile system resides on secondary storage 5 diss@ file system is organized into layers L
>ile control bloc: storage structure consisting of information about a file &exist per.file)
3evice driver: controls the physical device@ manage 12O devices
>ile organization module: understands files, logical addresses, and physical blocs
4ranslates logical bloc number to physical bloc number
/anages free space, dis allocation
6ogical file system: manages metadata information 5 maintains file control blocs
-oot control bloc: contains info needed by system to boot OS from volume
Bolume control bloc: contains volume details@ ex: total ^ blocs, ^ free blocs, bloc size, free bloc pointers
*oot partition: contains OS@ mounted at boot time
>or all partitions, system is consistency checed at mount time
"hec metadata for correctness 5 only allow mount to occur if so
Birtual file systems provide ob7ect.oriented way of implementing file systems
3irectories can be implemented as 6inear 6ists or #ash 4ables
6inear list of file names with pointer to data blocs 5 simple but slow
#ash table 5 linear list with hash data structure 5 decreased search time
Good if entries are fixed size
"ollisions can occur in hash tables when two file names hash to same
location
"ontiguous allocation: each file occupies set of contiguous blocs
Simple, best performance in most cases@ problem 5 finding space for file, external fragmentation
Extent based file systems are modified contiguous allocation schemes 5 extent is allocated for file allocation
6ined Allocation: each file is a lined list of blocs 5 no external fragmentation
6ocating a bloc can tae many 12Os and dis sees
1ndexed Allocation: each file has its own index bloc&s) of pointers to its data blocs
Aeed index table@ can be random access@ dynamic access without external fragmentation but has overhead
-est methods: lined good for se+uential, not random@ contiguous good for se+uential and random
>ile system maintains free.space list to trac available blocs2clusters
-it vector or bit map &n blocs): bloc number calculation L &^bits2word)H&^ ?.value words)9&offset for C
st
bit)
Example: bloc size ' G,- ' ;C; bytes
dis size ' ;G? bytes &C terabyte)
n ' ;G?2;C; ' ;;I bits &or ;WX /-)
if clusters of G blocs .Z XG/- of memory
Space maps &used in _>S) divide device space into metaslab units and manages metaslabs
Each metaslab has associated space map
-uffer cache 5 separate section of main memory for fre+uently used blocs
Synchronous writes sometimes re+uested by apps or needed by OS 5 no buffering

Asynchronous writes are more common, buffer.able, faster

>ree.behind and read.ahead techni+ues to optimize se+uential access
0age cache caches pages rather than dis blocs using virtual memory techni+ues and addresses
/emory mapped 12O uses page cache while routine 12O through file system uses buffer &dis) cache
%nified buffer cache: uses same page cache to cache both memory.mapped pages and ordinary file system 12O to
avoid double caching
(a) open() (b) read()
Ch.12 &ass-Storage Sste's
/agnetic diss provide bul of secondary storage 5 rotate at X? to ;W? times per second
4ransfer rate: rate at which data flows between drive and computer
0ositioning time &random.access time) is time to move dis arm to desired cylinder &see time) and time for
desired sector to rotate under the dis head &rotational latency)
#ead crash: dis head maing contact with dis surface
3rive attached to computer(s 12O bus 5 E13E, A4A, SA4A, %S-, etc!
#ost controller uses bus to tal to dis controller
Access latency ' Average access time ' average see time 9 average latency &fast `Wms, slow `CG!Wms)
Average 12O time ' avg! access time 9 &amount to transfer 2 transfer rate) 9 controller overhead
Ex: to transfer a G,- bloc on a ];?? *0/ dis with a Wms average see time, CGb2sec transfer rate with a !
Cms controller overhead ' Wms 9 G!C]ms 9 G,- 2 CGb2sec 9 ?!Cms ' a!;]ms 9 !C;ms ' a!:ams
3is drives addressed as C.dimensional arrays of logical blocs
C.dimensional array is mapped into the sectors of the dis se+uentially
#ost.attached storage accessed through 12O ports taling to 12O buses
Storage area networ &SAA): many hosts attach to many storage units, common in large storage environments
Storage made available via 6%A masing from specific arrays to specific servers
Aetwor attached storage &AAS): storage made available over a networ rather than local connection
1n dis scheduling, want to minimize see time@ See time is proportional to see distance
-andwidth is &total number of bytes transferred) 2 &total time between first re+uest and completion of last transfer)
Sources of dis 12O re+uests: OS, system processes, user processes
OS maintains +ueue of re+uests, per dis or device
Several algorithms exist to schedule the servicing of dis 12O re+uests
>">S, SS4> &shortest see time first), S"AA, "S"AA, 6OO,, "6OO,
S"AA2elevator: arm starts at one end and moves towards other end servicing
re+uests as it goes, then reverses direction
"S"AA: instead of reversing direction, immediately goes bac to beginning
6OO,2"6OO,: Arm only goes as far as the last re+uest in each directions, then
reverses immediately
6ow level2physical formatting: dividing a dis into sectors that the dis controller can
read and write 5 usually WC; bytes of data
0artition: divide dis into one or more groups of cylinders, each treated as logical dis
6ogical formatting: Umaing a file systemV
1ncrease efficiency by grouping blocs into clusters . 3is 12O is performed on blocs
-oot bloc initializes system . bootstrap loader stored in boot bloc
Swap.space: virtual memory uses dis space as an extension of main memory
,ernel uses swap maps to trac swap space use
*A13: /ultiple dis drives provide reliability via redundancy 5 increases mean time to failure
3is striping uses group of diss as one storage unit
/irroring2shadowing &*A13 C) eeps duplicate of each dis
Striped mirrors &*A13 C9?) or mirrored striped &*A13 ?9C) provides high
performance2reliability
-loc interleaved parity &*A13 G, W, X) uses much less redundancy
Solaris _>S adds checsums of all data and metadata 5 detect if ob7ect is the right one and
whether it changed
4ertiary storage is usually built using removable media 5 can be 8O*/ or *ead.only, handled lie fixed diss
>ixed dis usually more reliable than removable dis or tape drive
/ain memory is much more expensive than dis storage
SC!
Ch.13 I.O Sste's
3evice drivers encapsulate device details 5 present uniform device access interface to 12O subsystem
0ort: connection point for device
-us: daisy chain or shared direct access
"ontroller &host adapter): electronics that operate port, bus, device 5 sometimes integrated
"ontains processor, microcode, private memory, bus controller
/emory.mapped 12O: device data and command registers mapped to processor
address space
Especially for large address spaces &graphics)
0olling for each byte of data 5 busy.wait for 12O from device
*easonable for fast devices, inefficient for slow ones
"an happen in : instruction cycles
"0% interrupt.re+uest line is triggered by 12O devices 5 interrupt handler
receives interrupts
#andler is masable to ignore or delay some interrupts
1nterrupt vector dispatches interrupt to correct handler 5 based on priority@
some nonmasable
1nterrupt chaining occurs if there is more than one device at the same
interrupt number
1nterrupt mechanism is also used for exceptions
3irect memory access is used to avoid programmed 12O for large data movement
*e+uires 3/A controller
-ypasses "0% to transfer data directly between 12O device and memory
3evice driver layer hides differences among 12O controllers from ernel
3evices vary in many dimensions: character stream2bloc, se+uential2random
access, synchronous2asynchronous, sharable2dedicated, speed, rw2ro2wo
-loc devices include dis drives: *aw 12O, 3irect 12O%
"ommands include read, write, see
"haracter devices include eyboards, mice, serial ports
"ommands include get&), put&)
Aetwor devices also have their own interface@ %A1< and 8indows A42ax2;??? include socet interface
Approaches include pipes, >1>Os, streams, +ueues, mailboxes
0rogrammable interval timer: used for timings, periodic interrupts
-locing 12O: process suspended until 12O completed 5 easy to use and understand, not always best method
Aonblocing 12O: 12O call returns as much as available 5 implemented via multi.threading, returns +uicly
Asynchronous: process runs while 12O executes 5 difficult to use, process signaled upon 12O completion
Spooling: hold output for a device 5 if device can only serve one re+uest at a time &ex: printer)
3evice *eservation: provides exclusive access to a device 5 must be careful of deadloc
,ernel eeps state info for 12O components, including open file tables, networ connections, character device states
"omplex data structures trac buffers, memory allocation, UdirtyV blocs
S4*EA/: full.duplex communication channel between user.level process and device in %A1<
Each module contains read +ueue and write +ueue
/essage passing used to communicate between +ueues 5 >low control option to indicate available or busy
Asynchronous internally, synchronous where user process communicates with stream head
12O is a ma7or factor in system performance 5 demand on "0%, context switching, data copying, networ traffic
Ch.14 Protection
0rinciple of least privilege: programs, users, systems should be given 7ust enough privileges to perform their tass
Access.right ' \ob7.name, rights.setZ w2 rights.set is subset of all valid operations performable on the ob7ect

3omain: set of access.rights

%A1< system consists of ; domains: user, supervisor

/%641"S domain implementation &domain rings) 5 if 7\i L 3i 37

Access matrix: rows represent domains, columns represent ob7ects

Access&i,7) is the set of operations that a process executing in 3omaini can

invoe on Ob7ect7

"an be expanded to dynamic protection

Access matrix design separates mechanism from policy

/echanism: OS provides access.matrix and rules 5 ensures matrix is only manipulated by authorized users

0olicy: %ser dictates policy 5 who can access what ob7ect and in what mode
Solaris C? uses role.based access control &*-A") to implement least privilege
*evocation of access rights

Access list: delete access rights from access list 5 simple, immediate

"apability list: re+uired to locate capability in system before capability can be revoed 5 reac+uisition, bac.
pointers, indirection, eys
6anguage.-ased 0rotection: allows high.level description of policies for the allocation and use of resources

"an provide software for protection enforcement when hardware.supported checing is unavailable
Ch.15 Securit
System secure when resources used and accessed as intended under all
circumstances
Attacs can be accidental or malicious
Easier to protect against accidental than malicious misuse
Security violation categories:
-reach of confidentiality 5 unauthorized reading of data
-reach of integrity 5 unauthorized modification of data
-reach of availability 5 unauthorized destruction of data
4heft of service 5 unauthorized use of resources
3enial of service 5 prevention of legitimate use
/ethods of violation:
/as+uerading 5 pretending to be an authorized user
/an.in.the.middle 5 intruder sits in data flow, mas+uerading as sender to
receiver and vice versa
Session hi7acing 5 intercept and already established session to bypass authentication
Effective security must occur at four levels: physical, human, operating system, networ
0rogram threats: tro7an horse &spyware, pop.up, etc!), trap door, logic bomb, stac and buffer overflow
Biruses: code fragment embedded in legitimate program@ self.replicating
Specific to "0% architecture, OS, applications
Birus dropper: inserts virus onto the system
8indows is the target for most attacs 5 most common, everyone is administrator
8orms: use spawn mechanism 5 standalone program
0ort scanning: automated attempt to connect to a range of ports on one or a range of 10 addresses
>re+uently launched from zombie systems to decrease traceability
3enial of service: overload targeted computer preventing it from doing useful wor
"ryptography: means to constrain potential senders and2or receivers 5 based on eys
Allows for confirmation of source, receipt by specified destination, trust relationship
Encryption: O, of eysP, O/ of messagesP, O" of ciphertextsP, function E:, to encrypt, function 3:, to decrypt
"an have symmetric and asymmetric &distributes public encryption ey, holds private decipher ey) encryption
Asymmetric is much more compute intensive 5 not used for bul data transaction
,eys can be stored on a ey ring
"an#in#the#middle attac$ # symmetric
Cryptography
Ch.15 Securit Continued
Authentication: constraining a set of potential senders of a message
#elps to prove that the message is unmodified
#ash functions are basis of authentication
"reates small, fixed.size bloc of data &message digest, hash value)
Symmetric encryption used in message.authentication code &/A")
Authenticators produced from authentication algorithm are digital signatures
Authentication re+uires fewer computations than encryption methods
3igital "ertificates: proof of who or what owns a public ey
3efense in depth: most common security theory 5 multiple layers of security
"an attempt to detect intrusion:
Signature.based: detect Ubad patternsV
Anomaly detection: spots differences from normal behavior
-oth can report false positives or false negatives
Auditing, accounting, and logging specific system or networ activity
>irewall: placed between trusted and untrusted hosts
6imits networ access between the two domains
"an be tunneled or spoofed
0ersonal firewall is software layer on given host
"an monitor2limit traffic to2from host
Application proxy firewall: %nderstands application protocol and can control them
System.call firewall: /onitors all important system calls and apply rules and restrictions to them