Currently most operating systems support a variety of networking protocols, hardware, and applications for using them. This means that computers running dissimilar operating systems can participate in a common network for sharing resources such as computing, files, printers, and scanners using either wired or wireless connections. Networks can essentially allow a computer's operating system to access the resources of a remote computer to support the same functions as it could if those resources were connected directly to the local computer. This includes everything from simple communication, to using networked file systems or even sharing another computer's graphics or sound hardware. Some network services allow the resources of a computer to be accessed transparently, such as SSH which allows networked users direct access to a computer's command line interface.
Client/server networking involves program on a computer somewhere which connects via a network to another computer, called a server. Servers, usually running UNIX or Linux, offer (or host) various services to other network computers and users. These services are usually provided through ports or numbered access points beyond the server's network address. Each port number is usually associated with a maximum of one running program, which is responsible for handling requests to that port. A daemon, being a user program, can in turn access the local hardware resources of that computer by passing requests to the operating system kernel.
Many operating systems support one or more vendor-specific or open networking protocols as well, for example, SNA on IBM systems, DECnet on systems from Digital Equipment Corporation, and Microsoft-specific protocols on Windows. Specific protocols for specific tasks may also be supported such as NFS for file access. Protocols like ESound, or esd can be easily extended over the network to provide sound from local applications, on a remote system's sound hardware. Virtual3D allows a remote computer to control local 3D graphics hardware, enabling things like 3D games to be played over a network.
[edit] Security
Main article: computer security
A computer being secure depends on a number of technologies working properly. A modern operating system provides access to a number of resources, which are available to software running on the system, and to external devices like networks via the kernel.
The operating system must be capable of distinguishing between requesters which should be allowed to be processed, and others which should not be processed. While some systems may simply distinguish between "privileged" and "non-privileged", systems commonly have a form of requester identity, such as a user name. To establish identity there may be a process of authentication. Often a username must be quoted, and each username may have a password. Other methods of authentication, such as magnetic cards or biometric data, might be used instead. In some cases, especially connections from the network, resources may be accessed with no authentication at all.
In addition to the allow/disallow model of security, a system with a high level of security will also offer auditing options. These would allow tracking of requests for access to resources (such as, "who has been reading this file?").
Internal security, or security from an already running program is only possible if all possibly harmful requests must be carried out through interrupts to the operating system kernel. If programs can directly access hardware and resources, they cannot be secured. Microsoft Windows has been heavily criticized for many years for window's almost total inability to protect one running program from another, however since windows isn't generally used as a server it has been considered less of a problem. In recent years, Microsoft has added limited user accounts, and more secure logins. However most people still operate their computers using Administrator accounts, which negates any possible internal security improvements brought about by these changes.
Linux and UNIX both have two tier security, which limits any system-wide changes to the root user, a special user account on all UNIX-like systems. While the root user has unlimited permission to affect system changes, programs as a regular user are limited only in where they can save files, and what hardware they can access. This limits the damage that a regular user can do to the computer while still providing them with plenty of freedom to do everything but affect system-wide changes. The user's settings are stored in an area of the computer's file system called the user's home directory, which is also provided as a location where the user may store their work, similar to My Documents on a windows system. Should a user have to install software or make system-wide changes, they must enter the root password for the computer, which allows them to launch certain programs as the root user.
While users generally find regular user accounts on Linux installations provide plenty of freedom for day to day activities, the need to enter a password to install software has generated criticisms from many Windows users who are used to being able to change, delete, create, and rename files anywhere on the system at whim, while also making it extremely easy to accidentally delete important files, and for viruses to infect the operating system. Windows Vista has attempted to make improvements in this area, but has also generated criticism for its highly inquisitive approach, asking the user verify their desire to do many daily activities that would rarely or never compromise security.
External security involves a request from outside the computer, such as a login at a connected console or some kind of network connection. External requests are often passed through device drivers to the operating system's kernel, where they can be passed onto applications, or carried out directly. Security of operating systems has long been a concern because of highly sensitive data held on computers, both of a commercial and military nature. The United States Government Department of Defense (DoD) created the Trusted Computer System Evaluation Criteria (TCSEC) which is a standard that sets basic requirements for assessing the effectiveness of security. This became of vital importance to operating system makers, because the TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.
Network services include offerings such as file sharing, print services, email, web sites, and file transfer protocols (FTP), most of which can have compromised security. At the front line of security are hardware devices known as firewalls or intrusion detection/prevention systems. At the operating system level, there are a number of software firewalls available, as well as intrusion detection/prevention systems. Most modern operating systems include a software firewall, which is enabled by default. A software firewall can be configured to allow or deny network traffic to or from a service or application running on the operating system. Therefore, one can install and be running an insecure service, such as Telnet or FTP, and not have to be threatened by a security breach because the firewall would deny all traffic trying to connect to the service on that port.
An alternative strategy, and the only sandbox strategy available in systems that do not meet the Popek and Goldberg virtualization requirements, is the operating system not running user programs as native code, but instead either emulates a processor or provides a host for a p-code based system such as Java.
Internal security is especially relevant for multi-user systems; it allows each user of the system to have private files that the other users cannot tamper with or read. Internal security is also vital if auditing is to be of any use, since a program can potentially bypass the operating system, inclusive of bypassing auditing.
Friday, May 9, 2008
Disk Access and File Systems
Access to files stored on disks is a central feature of all operating systems. Computers store data on disks using files, which are structured in specific ways in order to allow for faster access, higher reliability, and to make better use out of the drive's available space. The specific way files are stored on a disk is called a file system, and enables files to have names and attributes. It also allows them to be stored in a hierarchy of directories or folders arranged in a directory tree.
Early operating systems generally supported a single type of disk drive and only one kind of file system. Early file systems were limited in their capacity, speed, and in the kinds of file names and directory structures they could use. These limitations often reflected limitations in the operating systems they were designed for, making it very difficult for an operating system to support more than one file system.
While many simpler operating systems support a limited range of options for accessing storage systems, more modern operating systems like UNIX and Linux support a technology known as a virtual file system or VFS. A modern operating system like UNIX supports a wide array of storage devices, regardless of their design or file systems to be accessed through a common application programming interface (API). This makes it unnecessary for programs to have any knowledge about the device they are accessing. A VFS allows the operating system to provide programs with access to an unlimited number of devices with an infinite variety of file systems installed on them through the use of specific device drivers and file system drivers.
A connected storage device such as a hard drive will be accessed through a device driver. The device driver understands the specific language of the drive and is able to translate that language into a standard language used by the operating system to access all disk drives. On UNIX this is the language of block devices.
When the kernel has an appropriate device driver in place, it can then access the contents of the disk drive in raw format, which may contain one or more file systems. A file system driver is used to translate the commands used to access each specific file system into a standard set of commands that the operating system can use to talk to all file systems. Programs can then deal with these file systems on the basis of filenames, and directories/folders, contained within a hierarchical structure. They can create, delete, open, and close files, as well as gathering various information about them, including access permissions, size, free space, and creation and modification dates.
Various differences between file systems make supporting all file systems difficult. Allowed characters in file names, case sensitivity, and the presence of various kinds of file attributes makes the implementation of a single interface for every file system a daunting task. Microsoft Windows presently supports only NTFS and FAT file systems, along with network file systems shared from other computers.
The visual representations of paths and filenames also differ under various platforms, although these are a more matter of preference and have little to do with the operating system's file system support. Unix demarcates its path components with a slash (/), a convention followed by operating systems that emulated it or at least its concept of hierarchical directories, such as Linux, Amiga OS and Mac OS X. MS-DOS also emulated this feature, but had already also adopted the CP/M convention of using slashes for additional options to commands, so instead MS-DOS used the backslash (\) as its component separator. Microsoft Windows continues with this convention; Japanese editions of Windows use ¥, and Korean editions use ₩.[1] Prior to Mac OS X, versions of Mac OS use a colon (:) for a path separator. RISC OS uses a period (.).
UNIX and Unix-like operating systems allow for any character in file names other than the slash (/) and NULL characters, but allowing line feed (LF) and other control characters, which makes supporting those file systems under Microsoft Windows very difficult. UNIX file names are case sensitive, which allows multiple files to be created with names that differ only in case. By contrast, Microsoft Windows file names are not case sensitive by default, although NTFS supports case sensitivity at the file system level. Windows also has a larger set of punctuation characters that are not allowed in file names, most of which have been inherited from limitations in its original FAT file system.
File systems may provide journaling, which provides safe recovery in the event of a system crash. A journaled file system writes some information twice: first to the journal, which is a log of file system operations, then to its proper place in the ordinary file system. Journaling is handled by the file system driver, and keeps track of each operation taking place that changes the contents of the disk. In the event of a crash, the system can recover to a consistent state by replaying a portion of the journal. Many UNIX file systems provide journaling including ReiserFS, JFS, and Ext3.
In contrast, non-journaled file systems typically need to be examined in their entirety by a utility such as fsck or chkdsk for any inconsistencies after an unclean shutdown. Soft updates is an alternative to journaling that avoids the redundant writes by carefully ordering the update operations. Log-structured file systems and ZFS also differ from traditional journaled file systems in that they avoid inconsistencies by always writing new copies of the data, eschewing in-place updates.
Many Linux distributions support some or all of ext2, ext3, ReiserFS, Reiser4, GFS, GFS2, OCFS, OCFS2, and NILFS. Linux also has full support for XFS and JFS, along with the FAT file systems, and NTFS.
Microsoft Windows includes support for FAT12, FAT16, FAT32, and NTFS. The NTFS file system is the most efficient and reliable of the four Windows file systems, although details of its design are not known. As of Windows Vista, NTFS is the only file system which the operating system can be installed on. Windows Embedded CE 6.0 introduced ExFAT, a file system suitable for flash drives.
Mac OS X supports HFS+ with journaling as its primary file system. It is derived from the Hierarchical File System of the earlier Mac OS. Mac OS X has facilities to read and write FAT16, FAT32, NTFS, UDF, and other file systems, but cannot be installed to them. Also, due to its UNIX heritage Mac OS X now supports virtually all the file systems supported by the UNIX VFS.
FAT file systems are commonly found on floppy discs, flash memory cards, digital cameras, and many other portable devices because of its relative simplicity. ISO 9660 and Universal Disk Format are two common formats that target Compact Discs and DVDs, respectively. Mount Rainier is a newer extension to UDF, supported by Linux 2.6 kernels and Windows Vista that facilitates rewriting to DVDs in the same fashion as has been possible with floppy disks.
Early operating systems generally supported a single type of disk drive and only one kind of file system. Early file systems were limited in their capacity, speed, and in the kinds of file names and directory structures they could use. These limitations often reflected limitations in the operating systems they were designed for, making it very difficult for an operating system to support more than one file system.
While many simpler operating systems support a limited range of options for accessing storage systems, more modern operating systems like UNIX and Linux support a technology known as a virtual file system or VFS. A modern operating system like UNIX supports a wide array of storage devices, regardless of their design or file systems to be accessed through a common application programming interface (API). This makes it unnecessary for programs to have any knowledge about the device they are accessing. A VFS allows the operating system to provide programs with access to an unlimited number of devices with an infinite variety of file systems installed on them through the use of specific device drivers and file system drivers.
A connected storage device such as a hard drive will be accessed through a device driver. The device driver understands the specific language of the drive and is able to translate that language into a standard language used by the operating system to access all disk drives. On UNIX this is the language of block devices.
When the kernel has an appropriate device driver in place, it can then access the contents of the disk drive in raw format, which may contain one or more file systems. A file system driver is used to translate the commands used to access each specific file system into a standard set of commands that the operating system can use to talk to all file systems. Programs can then deal with these file systems on the basis of filenames, and directories/folders, contained within a hierarchical structure. They can create, delete, open, and close files, as well as gathering various information about them, including access permissions, size, free space, and creation and modification dates.
Various differences between file systems make supporting all file systems difficult. Allowed characters in file names, case sensitivity, and the presence of various kinds of file attributes makes the implementation of a single interface for every file system a daunting task. Microsoft Windows presently supports only NTFS and FAT file systems, along with network file systems shared from other computers.
The visual representations of paths and filenames also differ under various platforms, although these are a more matter of preference and have little to do with the operating system's file system support. Unix demarcates its path components with a slash (/), a convention followed by operating systems that emulated it or at least its concept of hierarchical directories, such as Linux, Amiga OS and Mac OS X. MS-DOS also emulated this feature, but had already also adopted the CP/M convention of using slashes for additional options to commands, so instead MS-DOS used the backslash (\) as its component separator. Microsoft Windows continues with this convention; Japanese editions of Windows use ¥, and Korean editions use ₩.[1] Prior to Mac OS X, versions of Mac OS use a colon (:) for a path separator. RISC OS uses a period (.).
UNIX and Unix-like operating systems allow for any character in file names other than the slash (/) and NULL characters, but allowing line feed (LF) and other control characters, which makes supporting those file systems under Microsoft Windows very difficult. UNIX file names are case sensitive, which allows multiple files to be created with names that differ only in case. By contrast, Microsoft Windows file names are not case sensitive by default, although NTFS supports case sensitivity at the file system level. Windows also has a larger set of punctuation characters that are not allowed in file names, most of which have been inherited from limitations in its original FAT file system.
File systems may provide journaling, which provides safe recovery in the event of a system crash. A journaled file system writes some information twice: first to the journal, which is a log of file system operations, then to its proper place in the ordinary file system. Journaling is handled by the file system driver, and keeps track of each operation taking place that changes the contents of the disk. In the event of a crash, the system can recover to a consistent state by replaying a portion of the journal. Many UNIX file systems provide journaling including ReiserFS, JFS, and Ext3.
In contrast, non-journaled file systems typically need to be examined in their entirety by a utility such as fsck or chkdsk for any inconsistencies after an unclean shutdown. Soft updates is an alternative to journaling that avoids the redundant writes by carefully ordering the update operations. Log-structured file systems and ZFS also differ from traditional journaled file systems in that they avoid inconsistencies by always writing new copies of the data, eschewing in-place updates.
Many Linux distributions support some or all of ext2, ext3, ReiserFS, Reiser4, GFS, GFS2, OCFS, OCFS2, and NILFS. Linux also has full support for XFS and JFS, along with the FAT file systems, and NTFS.
Microsoft Windows includes support for FAT12, FAT16, FAT32, and NTFS. The NTFS file system is the most efficient and reliable of the four Windows file systems, although details of its design are not known. As of Windows Vista, NTFS is the only file system which the operating system can be installed on. Windows Embedded CE 6.0 introduced ExFAT, a file system suitable for flash drives.
Mac OS X supports HFS+ with journaling as its primary file system. It is derived from the Hierarchical File System of the earlier Mac OS. Mac OS X has facilities to read and write FAT16, FAT32, NTFS, UDF, and other file systems, but cannot be installed to them. Also, due to its UNIX heritage Mac OS X now supports virtually all the file systems supported by the UNIX VFS.
FAT file systems are commonly found on floppy discs, flash memory cards, digital cameras, and many other portable devices because of its relative simplicity. ISO 9660 and Universal Disk Format are two common formats that target Compact Discs and DVDs, respectively. Mount Rainier is a newer extension to UDF, supported by Linux 2.6 kernels and Windows Vista that facilitates rewriting to DVDs in the same fashion as has been possible with floppy disks.
Methods of Multitasking
Multitasking refers to the running of multiple independent computer programs on the same computer, giving the appearance that it is performing the tasks at the same time. Since most computers can do at most one or two things at one time, this is generally done via time sharing, which means that each program uses a share of the computer's time to execute.
An operating system kernel contains a piece of software called a scheduler which determines how much time each program will spend executing, and in which order execution control should be passed to programs. Control is passed to a process by the kernel, which allows the program access the CPU and memory. At a later time control is returned to the kernel through some mechanism, so that another program may be allowed to user the CPU. This so-called passing of control between the kernel and applications is called a context switch.
An early model which governed the allocation of time to programs was called cooperative multitasking. In this model, when control is passed to a program by the kernel, it may execute for as long as it wants before explicitly returning control to the kernel. This means that a malfunctioning program may prevent any other programs from using the CPU.
The philosophy governing preemptive multitasking is that of ensuring that all programs are given regular time on the CPU. This implies that all programs must be limited in how much time they are allowed to spend on the CPU without being interrupted. To accomplish this, modern operating system kernels make use of a timed interrupt. A protected mode timer is set by the kernel which triggers a return to supervisor mode after the specified time has elapsed. (See above sections on Interrupts and Dual Mode Operation.)
On many single user operating systems cooperative multitasking is perfectly adequate, as home computers generally run a small number of well tested programs. Windows 95 was the first version of Microsoft Windows for the home user market which included full preemptive multitasking capability, although older legacy 16bit applications from Windows 3.0 still ran cooperatively via the 16bit mutext in Windows 95.
Windows XP was the first version of Microsoft Windows for the home user market which included full preemptive multitasking capability, since is was the first version of Windows NT designed for the home user market. Windows NT was originally designed with preemptive multitaking as a core feature, but was initially designed for professional users and business consumers.
Early UNIX also did not provide preemptive multitasking, as it was not supported on the hardware. It did however provide cooperative multitasking as it was designed from minicomputer concepts that expected multiple users accessing the system via remote terminals. Later UNIX was redesigned and written in C so that it could be ported to other hardware easier, and this is when UNIX was first capable of preemptive multitasking based on the hardware available.
Windows Vista is the first mainstream operating system that extends the concepts of CPU preemptive multitasking to the video GPU. With the intoduction of the WDDM (Windows Display Driver Model) in Windows Vista, the operating system has preemptive control for scheduling GPU operations. This is how Windows Vista can easily manage a 3D desktop metaphor while allowing 3D applications to run concurrently on the screen at the same time, or multiple 3D application at the same time onscreen, without being held hostage to 3D applcation cooperative yielding.
The WDDM in Windows Vista is technically advanced; however, it also hurt Windows Vista because the drivers available at the time of release were freshly written from scratch by the GPU manufacturers, and had no application optimizations like drivers from the previous version of Windows. Windows Vista drivers also added many other features to work with the GPU multitasking concepts, and these were very new to deal with in terms of how to effectively use them from the GPU manufacturer's viewpoint. After several months of real user feedback and time to adapt to the new features of the WDDM, GPU manufacturers started providing drivers that were finally able to perform as well or better than drivers from the previous version of Windows, while still providing all the new features of the WDDM to Windows Vista and video dependant applications like games.
Prior to Windows Vista GPU multitasking was cooperative when it was available, as OpenGL and DirectX applications had to yield the 3D aspects of the GPU to the OS and other applications, which resulted in a significant reduction in 3D performance unless the 3D application was specfically written to constantly yield as some 3D desktop composer software does.
An operating system kernel contains a piece of software called a scheduler which determines how much time each program will spend executing, and in which order execution control should be passed to programs. Control is passed to a process by the kernel, which allows the program access the CPU and memory. At a later time control is returned to the kernel through some mechanism, so that another program may be allowed to user the CPU. This so-called passing of control between the kernel and applications is called a context switch.
An early model which governed the allocation of time to programs was called cooperative multitasking. In this model, when control is passed to a program by the kernel, it may execute for as long as it wants before explicitly returning control to the kernel. This means that a malfunctioning program may prevent any other programs from using the CPU.
The philosophy governing preemptive multitasking is that of ensuring that all programs are given regular time on the CPU. This implies that all programs must be limited in how much time they are allowed to spend on the CPU without being interrupted. To accomplish this, modern operating system kernels make use of a timed interrupt. A protected mode timer is set by the kernel which triggers a return to supervisor mode after the specified time has elapsed. (See above sections on Interrupts and Dual Mode Operation.)
On many single user operating systems cooperative multitasking is perfectly adequate, as home computers generally run a small number of well tested programs. Windows 95 was the first version of Microsoft Windows for the home user market which included full preemptive multitasking capability, although older legacy 16bit applications from Windows 3.0 still ran cooperatively via the 16bit mutext in Windows 95.
Windows XP was the first version of Microsoft Windows for the home user market which included full preemptive multitasking capability, since is was the first version of Windows NT designed for the home user market. Windows NT was originally designed with preemptive multitaking as a core feature, but was initially designed for professional users and business consumers.
Early UNIX also did not provide preemptive multitasking, as it was not supported on the hardware. It did however provide cooperative multitasking as it was designed from minicomputer concepts that expected multiple users accessing the system via remote terminals. Later UNIX was redesigned and written in C so that it could be ported to other hardware easier, and this is when UNIX was first capable of preemptive multitasking based on the hardware available.
Windows Vista is the first mainstream operating system that extends the concepts of CPU preemptive multitasking to the video GPU. With the intoduction of the WDDM (Windows Display Driver Model) in Windows Vista, the operating system has preemptive control for scheduling GPU operations. This is how Windows Vista can easily manage a 3D desktop metaphor while allowing 3D applications to run concurrently on the screen at the same time, or multiple 3D application at the same time onscreen, without being held hostage to 3D applcation cooperative yielding.
The WDDM in Windows Vista is technically advanced; however, it also hurt Windows Vista because the drivers available at the time of release were freshly written from scratch by the GPU manufacturers, and had no application optimizations like drivers from the previous version of Windows. Windows Vista drivers also added many other features to work with the GPU multitasking concepts, and these were very new to deal with in terms of how to effectively use them from the GPU manufacturer's viewpoint. After several months of real user feedback and time to adapt to the new features of the WDDM, GPU manufacturers started providing drivers that were finally able to perform as well or better than drivers from the previous version of Windows, while still providing all the new features of the WDDM to Windows Vista and video dependant applications like games.
Prior to Windows Vista GPU multitasking was cooperative when it was available, as OpenGL and DirectX applications had to yield the 3D aspects of the GPU to the OS and other applications, which resulted in a significant reduction in 3D performance unless the 3D application was specfically written to constantly yield as some 3D desktop composer software does.
Memory Management
Among other things, a multiprogramming operating system kernel must be responsible for managing all system memory which is currently in use by programs. This ensures that a program does not interfere with memory already used by another program. Since programs time share, each program must have independent access to memory.
Cooperative memory management, used by many early operating systems assumes that all programs make voluntary use of the kernel's memory manager, and do not exceed their allocated memory. This system of memory management is almost never seen anymore, since programs often contain bugs which can cause them to exceed their allocated memory. If a program fails it may cause memory used by one or more other programs to be affected or overwritten. Malicious programs, or viruses may purposefully alter another program's memory or may affect the operation of the operating system itself. With cooperative memory management it takes only one misbehaved program to crash the system.
Memory protection enables the kernel to limit a process' access to the computer's memory. Various methods of memory protection exist, including memory segmentation, and paging. All methods require some level of hardware support (such as the 80286 MMU) which doesn't exist in all computers.
In both segmentation and paging, certain protected mode registers specify to the CPU what memory address it should allow a running program to access. Attempts to access other addresses will trigger an interrupt which will cause the CPU to re-enter supervisor mode, placing the kernel in charge. This is called a segmentation violation or Seg-V for short, and since it is usually a sign of a misbehaving program, the kernel will generally kill the offending program, and report the error.
Windows 3.1-Me had some level of memory protection, but programs could easily circumvent the need to use it. Under Windows 9x all MS-DOS applications ran in supervisor mode, giving them almost unlimited control over the computer. A general protection fault would be produced indicating a segmentation violation had occurred, however the system would often crash anyway.
Cooperative memory management, used by many early operating systems assumes that all programs make voluntary use of the kernel's memory manager, and do not exceed their allocated memory. This system of memory management is almost never seen anymore, since programs often contain bugs which can cause them to exceed their allocated memory. If a program fails it may cause memory used by one or more other programs to be affected or overwritten. Malicious programs, or viruses may purposefully alter another program's memory or may affect the operation of the operating system itself. With cooperative memory management it takes only one misbehaved program to crash the system.
Memory protection enables the kernel to limit a process' access to the computer's memory. Various methods of memory protection exist, including memory segmentation, and paging. All methods require some level of hardware support (such as the 80286 MMU) which doesn't exist in all computers.
In both segmentation and paging, certain protected mode registers specify to the CPU what memory address it should allow a running program to access. Attempts to access other addresses will trigger an interrupt which will cause the CPU to re-enter supervisor mode, placing the kernel in charge. This is called a segmentation violation or Seg-V for short, and since it is usually a sign of a misbehaving program, the kernel will generally kill the offending program, and report the error.
Windows 3.1-Me had some level of memory protection, but programs could easily circumvent the need to use it. Under Windows 9x all MS-DOS applications ran in supervisor mode, giving them almost unlimited control over the computer. A general protection fault would be produced indicating a segmentation violation had occurred, however the system would often crash anyway.
Protected Mode, and Supervisor Mode Operation
Modern CPUs support something called dual mode operation. CPUs with this capability use two modes: protected mode and supervisor mode, which allow certain CPU functions to be controlled and affected only by the operating system kernel. Here, protected mode does not refer specifically to the 80286 (Intel's x86 16-bit microprocessor) CPU feature, although its general protected modes are generally very similar to it. CPUs might have other modes similar to 80286 protected mode as well, such as the virtual 8086 mode of the 80386 (Intel's x86 32-bit microprocessor or i386).
However, the term is used here more generally in operating system theory to refer to all modes which limit the capabilities of programs running in that mode, providing things like virtual memory addressing and limiting access to hardware in a manner determined by a program running in supervisor mode. Similar modes have existed in supercomputers, minicomputers, and mainframes as they are essential to fully supporting UNIX-like multi-user operating systems.
When a computer first starts up, it is automatically running in supervisor mode. The first few programs to run on the computer, being the BIOS, bootloader and the operating system have unlimited access to hardware. However when the operating system passes control to another program, it can place the CPU into protected mode.
In protected mode, programs may have access to a more limited set of the CPU's instructions. A user program may leave protected mode only by triggering an interrupt, causing control to be passed back to the kernel. In this way the operating system can maintain exclusive control over things like access to hardware, and memory.
The term "protected mode resource" generally refers to one or more CPU registers, which contain information that the running program isn't allowed to alter. Attempts to alter these resources generally causes a switch to supervisor mode
However, the term is used here more generally in operating system theory to refer to all modes which limit the capabilities of programs running in that mode, providing things like virtual memory addressing and limiting access to hardware in a manner determined by a program running in supervisor mode. Similar modes have existed in supercomputers, minicomputers, and mainframes as they are essential to fully supporting UNIX-like multi-user operating systems.
When a computer first starts up, it is automatically running in supervisor mode. The first few programs to run on the computer, being the BIOS, bootloader and the operating system have unlimited access to hardware. However when the operating system passes control to another program, it can place the CPU into protected mode.
In protected mode, programs may have access to a more limited set of the CPU's instructions. A user program may leave protected mode only by triggering an interrupt, causing control to be passed back to the kernel. In this way the operating system can maintain exclusive control over things like access to hardware, and memory.
The term "protected mode resource" generally refers to one or more CPU registers, which contain information that the running program isn't allowed to alter. Attempts to alter these resources generally causes a switch to supervisor mode
Interrupts
Interrupts are central to operating systems as they allow the operating system to deal with the unexpected activities of running programs and the world outside the computer. Interrupt-based programming is one of the most basic forms of time-sharing, being directly supported by most CPUs. Interrupts provide a computer with a way of automatically running specific code in response to events. Even very basic computers support hardware interrupts, and allow the programmer to specify code which may be run when that event takes place.
When an interrupt is received, the computer's hardware automatically suspends whatever program is currently running, and its registers and program counter are saved. This is analogous to placing a bookmark in a book when someone is interrupted by a phone call. This task requires no operating system as such, but only that the interrupt be configured at an earlier time.
In modern operating systems, interrupts are handled by the operating system's kernel. Interrupts may come from either the computer's hardware, or from the running program. When a hardware device triggers an interrupt, the operating system's kernel decides how to deal with this event, generally by running some processing code, or ignoring it. The processing of hardware interrupts is a task that is usually delegated to software called device drivers, which may be either part of the operating system's kernel, part of another program, or both. Device drivers may then relay information to a running program by various means.
A program may also trigger an interrupt to the operating system, which are very similar in function. If a program wishes to access hardware for example, it may interrupt the operating system's kernel, which causes control to be passed back to the kernel. The kernel may then process the request which may contain instructions to be passed onto hardware, or to a device driver. When a program wishes to allocate more memory, launch or communicate with another program, or signal that it no longer needs the CPU, it does so through interrupts.
When an interrupt is received, the computer's hardware automatically suspends whatever program is currently running, and its registers and program counter are saved. This is analogous to placing a bookmark in a book when someone is interrupted by a phone call. This task requires no operating system as such, but only that the interrupt be configured at an earlier time.
In modern operating systems, interrupts are handled by the operating system's kernel. Interrupts may come from either the computer's hardware, or from the running program. When a hardware device triggers an interrupt, the operating system's kernel decides how to deal with this event, generally by running some processing code, or ignoring it. The processing of hardware interrupts is a task that is usually delegated to software called device drivers, which may be either part of the operating system's kernel, part of another program, or both. Device drivers may then relay information to a running program by various means.
A program may also trigger an interrupt to the operating system, which are very similar in function. If a program wishes to access hardware for example, it may interrupt the operating system's kernel, which causes control to be passed back to the kernel. The kernel may then process the request which may contain instructions to be passed onto hardware, or to a device driver. When a program wishes to allocate more memory, launch or communicate with another program, or signal that it no longer needs the CPU, it does so through interrupts.
Program Execution
An operating system's most basic function is to support the running of programs by the users. On a multiprogramming operating system, running programs are commonly referred to as processes. Process management refers to the facilities provided by the operating system to support the creation, execution, and destruction of processes, and to facilitate various interactions, and limit others.
The operating system's kernel in conjunction with underlying hardware must support this functionality.
Executing a program involves the creation of a process by the operating system. The kernel creates a process by setting aside or allocating some memory, loading program code from a disk or another part of memory into the newly allocated space, and starting it running.
Operating system kernels store various information about running processes. This information might include:
A unique identifier, called a process identifier (PID).
A list of memory the program is using, or is allowed to access.
The PID of the program which requested its execution, or the parent process ID (PPID).
The filename and/or path from which the program was loaded.
A register file, containing the last values of all CPU registers.
A program counter, indicating the position in the program
The operating system's kernel in conjunction with underlying hardware must support this functionality.
Executing a program involves the creation of a process by the operating system. The kernel creates a process by setting aside or allocating some memory, loading program code from a disk or another part of memory into the newly allocated space, and starting it running.
Operating system kernels store various information about running processes. This information might include:
A unique identifier, called a process identifier (PID).
A list of memory the program is using, or is allowed to access.
The PID of the program which requested its execution, or the parent process ID (PPID).
The filename and/or path from which the program was loaded.
A register file, containing the last values of all CPU registers.
A program counter, indicating the position in the program
Subscribe to:
Posts (Atom)