lecture 13: examples of memory management mvs multiple virtual storage operating system (ibm) the...
Post on 21-Dec-2015
221 views
TRANSCRIPT
Lecture 13:Examples of Memory
Management
MVS
• Multiple Virtual Storage Operating System (IBM)
• The byte index specifies one of 4KB within a page; the page index specifies one of 256 pages within a segment; the segment index identifies one of 2048 user-visible segments (231 bytes –2GB virtual storage)
Segment index Page index Byte index
0 11 12 19 20 31
Page table originPage table length
0 25 26 27 28 31
I C
IBM System/370
• Uses a two-level memory structure and refers o the two levels as segments and pages
• Page size: 2KB or 4KB
• Segment size (fixed): 64KB or 1MB
• 24 – bit address structure BUT
SYSTEM 370/XA• XA: extended addressing
• 31 – bit address scheme
Segment index Page index Byte index
0 11 12 19 20 31
Page table originPage table length
0 25 26 27 28 31
I C
System 370/ESA
• Latest version: Enterprise System Architecture
Page frame number
0 19 21 22 31
I P
Address space identifier
Segment number Page number Available frameUnreferenced interval count (UIC)
MVS
MVS address space structure
Task 1 Task 2 Task 3 Task n…
MVSMVS
16KB
0
MVS
MVS address space structure
Task 1 Task 2 Task 3 Task n
…
MVS
MVS/XA
16KB
Task 1 Task 2 Task 3 Task n…
0
MVS address space structure
Data
Space
M
Task n
…
MVS/ESA
16KB
Task n…
0
Data
Space
3
Data
Space
2
Data
Space
1
MVS
Task 1 Task 2 Task 3
MVS
Task 1 Task 2 Task 3
…
370/ESA address translationInstruction
Opcode R1 X2 B2 D2
Displacement
Address – Space Reference
Access RegisterGeneral – Purpose Registers
Base Address
Index
Dynamic Address
Translation
Access register
Translation
Virtual address
Real address
Segment-Table Designation+
WINDOWS NT
• Windows NT was designed to be implemented on a variety of processors. One of the most important platforms for Windows NT is the Intel 486.
• Page size: 4KB
Windows NT – Address Spaces
• Unsegmented unpaged memory: The virtual address is the same as the physical address, which is useful in low complexity, high performance controller applications
• Unsegmented paged memory: Memory is viewed as a paged linear address space. Protection and management of memory are done by paging
• Segmented unpaged memory: Memory is viewed as a collection of logical address spaces. The advantages of this view over a paged approach is that it affords protection down to the level of a single byte if necessary. It guarantees that the translation table needed is on-chip when the segment is in memory. Hence the segmented unpaged memory results in predictable access times
• Segmented paged memory: Segmentation is used to define logical memory partitions subject to access control and paging is used to manage the allocation of memory within partitions.
The format of the virtual address includes the following fields:
• Table indicator (TI): indicates whether the global segment table or a local segment table should be used for translation
• Segment number: is the number of the segment. This serves as an index into the segment table
• Offset: The offset of the address byte within the segment
• Requested privilege level (RPL): The privilege level requested for this access
Segment Offset
(a) Virtual Address
Base 31…34 G 000 P Dp1 1 Type A Base 23…16
TI Rpl
Directory Offset
(b) Linear Address
Page
47 35 31 0 31 21 11 0
(c) Segment table entry
Limit 19…16
Segment Base 15 … 0 Segment Limit 15 … 0
Page table Address 31 … 12 00 D A 00 PAvail
(d) Page table directory entry
US
RW
Page Frame Address 31…12 00 D A 00 PAvail
(e) Page table entry
US
RW
Segment Table entry
Limit Defines the size of the segment. The processor interprets the limit field in one of two ways, depending on the granularity bit: in units of one byte, up to a limit of 1MB, or in units of 4KB, up to a limit of 4GB
Base Defines the starting address of the segment within the 4GB linear address space
Accessed bit (A) Set whenever the segment is accessed. An operating system that uses segmented non-paged memory may use this bit to monitor frequency of segment usage for memory management purposes. In a paged system, this bit is ignored
Type Distinguishes between various kinds of segments and indicates the access attributes
Descriptor privilege level
Specifies the privilege level of the segment referred to by this segment table entry
Segment present bit (P)
Used for non paged systems. It indicates whether the segment is present in main memory. For paged systems, this bit is always set to 1.
Granularity bit Indicates whether the Limit field is to be interpreted in units of 1 byte or 4KB
Page table Directory Entry and Page Table Entry
Page Frame Address Provides the physical address of the page in memory if the present bit is set. Because page frames are aligned on 4K boundaries, the bottom 12 bits are zero and only the top 20 bits are included in the entry
Page table address Provides the physical address of a page table in memory if the present bit is set
Present bit (P) Indicates whether the page table or page is in main memory
Accessed bit (A) This bit is set to 1 by the processor in both levels of page tables when a read or write operation to the corresponding page occurs
Dirty bit (D) This bit is set to 1 by the processor when a write operation to the corresponding page occurs
User/Supervisor bit Indicates whether the page is available only to the operating system (supervisor level) or is available to both operating system and applications (user level)
Read/Write bit Fir user-level pages, indicates whether the page is read-only access or read/write access for user-level programs
Available bits Available for systems programmer use
UNIX System V
• Page table: one page table per process, with one entry for each page in virtual memory for that process
• Disk block descriptor: associated with each page of a process is an entry in this table that describes the disk copy of the virtual page
• Page frame data table: describes each frame of real memory and is indexed by frame number
• Swap-use table: there is one swap use table for each swap device, with one entry for each page on the device
Linux System
• Allocating and freeing physical memory: pages, groups of pages and small blocks of memory
• Handling virtual memory, which is memory mapped into the address space of running processes
Linux system: Management of physical memory
• Page allocator
• Buddy-heap algorithm
16KB
8KB
8KB4KB
4KB
8KB
• Maintaining the address space visible to each process
• Creates pages of virtual memory on demand• Manages the loading of those pages from
disk or their swapping back out to disk as required
• Process address space: as a set of separate regions and as a set of pages
Linux system: Management of virtual memory
• Vm_area_struct
• Policy algorithm
• Paging mechanism
• Pageout policy
Linux system: Management of virtual memory
Linux system: Management of virtual memory (memory layout)
Kernel virtual memory
Stack
Memory-mapped region
Memory- mapped region
Memory mapped region
Run-time data
Uninitialised data
Initialised data
Program text
Memory invisible to user mode code
Forbidden region
The ‘brk’ pointer
WINDOWS 2000
Page directory entry 0
Page directory entry 1023
Page directory …
Page directory entry 0
Page table entry 1023
Page table 0
…
Page directory entry 0
Page table entry 1023
Page table 1023
…
4K page
4K page
4K page
4K page
WINDOWS 2000 – Page file page-table entry
031
Page address TT P
Protection
Page file
WINDOWS 2000 – FILE I/O
File system
Disk driver
Noncached I/O
process
I/O managerI/O
Cache manager
Cached I/O
VM manager Page fault
Security Violation
• Intentional (malicious)– Unauthorised reading of data– Unauthorised modification of data– Unauthorised destruction of data
• Accidental
Security Attacks• System calls
– try illegal system calls or legal system calls with illegal parameters
• Breaking login process– start logging in and then reboot or break halfway
• Memory information– many systems do not erase the space before allocation
• Bad login program– write a login program that records other users authentication
Security Flaws
• Examples– Unix utility lpr: has an option to remove the
file after it has been printed. In early versions it was possible for anyone to use lpr to print, and then have the system remove, the password file
– link the core file to password file and force a core dump of SETUID program
– mkdir foo
Security Threats• Bacteria
– program that consumes system resources by replicating itself
• Logic Bomb– logic embedded in a program that checks for a certain set
of conditions to be present on the system. When these conditions are met, it executes some function resulting in unauthorised actions
• Trapdoor– Secret undocumented entry point into a program, used to
grant access without normal methods of authentication
Security Threats (ctd)• Trojan Horse
– secret undocumented routine embedded within a useful program. Execution of the program results in execution of the secret routine
• Virus– Code embedded within a program that causes of itself to be
inserted in one or more other programs, and performs unwanted functions
• Worm– program that can replicate itself and send a copies across
network connections
Windows NT Security
• Access Control Scheme
– governed by two entities• an access token is associated with each process
• a security descriptor is associated with each object for which inter-process access is possible
– Users log on to an NT system by name/password scheme authentication
Access Token• Security ID (SID)
– identifies the user uniquely across all the computer system
• Group SIDs– list of groups to which the
user belongs
• Default ACL– initial list of protections
applied to the object at its creation
SID
Group SIDs
Privileges
Default Owner
Default ACL
Security Descriptor• Flags
– defines the type and contents of a security descriptor
• System ACL (SACL)– specifies what kind of operations
on the object should generate audit messages
• Discretionary ACL (DACL)– Determines which users and
groups can access this object for which operations
Flags
Owner
SACL
DACL
Access Control List (ACL)
ACL Header
ACE Header
Access Mask
SID
ACE Header
Access Mask
After March break..
% File: KA.tex% Author: Eleni Mangina <[email protected]>% Created: Thu May 28 1998\documentclass[a4paper,12pt]{article}\usepackage[dvips]{graphics}\usepackage{epsfig}% Use \includegraphics{*.eps} for pictures% Enlarge printing area a bit:\setlength{\textwidth}{16cm}\setlength{\oddsidemargin}{0cm}\setlength{\evensidemargin}{0cm}\setlength{\topmargin}{-0.94cm}\setlength{\textheight}{23cm}\begin{document}\begin{large}\bf Introduction\end{large}\paragraph{}Knowledge-based systems can be connected with the field of\newpage\begin{thebibliography}{XX}\bibitem{lamp} C.P. Yialouris, A.B. Sideridis. ``An Expert system for tomatodiseases'', ELSEVIER, 1995.\bibitem{lamp} Chris. G. Panagopoulos. ``Tomato diseases'' Course notes forPhytopathology in Agricultural University of Athens, 1992.\end{thebibliography}\end{document}