Operating System (OS)
Basics
- It's a program that controls the execution of other programs running on the system acting as a layer of abstraction b/w the hardware and the program doing all the heavy lifting (hiding hardware complexity)
- The OS can be categorised based on different methodologies. The most common ones are: usage type (how the system is used) and design type.
Classification of OS'es on the basis of usage
<aside>
π Batch
</aside>
There is no direct interaction b/w the OS and the end-user, instead each user prepares his job on an offline device (punch-cards etc) and submit to the computer operator. Similar jobs are grouped and run together as batches, and fed to the OS by the operator.
<aside>
π Time Sharing
</aside>
For systems where many users access the common hardware, there could be a need to time share the limited resources
<aside>
π Network
</aside>
A network OS runs on a server and provides the server capability to manage data, users, groups, security and stuff
<aside>
π Realtime
</aside>
In cases when we need fine-grained time precision, execution and responsiveness, such as military automated weaponry, robots, air traffic control, ICS etc.
<aside>
π Distributed
</aside>
For hardware that is distributed physically and a single OS need to coordinate their access and distribute data processing jobs among all those processors, all having their own physical memory, and also ensuring communication b/w processors.
Classification of OS'es on the basis of design and supported features
<aside>
π Monolithic (Non-Modular) OS
</aside>
- The βentireβ OS runs in a high-privilege kernel space and acts as a supervisor for other programs
- Monolithic architecture stands for having a single codebase and a single data layer. Every function is tightly coupled with one another
- Every functionality is melded into a single binary that runs in a single address space.
- Larger in size, hard to maintain, hard to debug and more memory requirements
<aside>
π Modular Monolith OS
</aside>
- This technique is an intermediary ground b/w the other two. A monolith is designed with an emphasis on interchangeable (and potentially reusable) modules.
- Both modular and non-modular monoliths have a single deployment unit, while microservices can be deployed independently of each other.
- A Modular OS has basic services and API already a part of it and the functionality can be augmented by adding new modules dynamically (plug-and-play)
- Modules are easier to maintain and can be upgraded independent to the OS kernel because these are loaded dynamically, and it's less resource intensive
<aside>
π Microkernel (Microservices Based)
</aside>
-
Microservices architecture involves smaller applications deployed independently as loosely coupled services which communicate with each other over APIs
-
The previously monolithic OS features are broken down into smaller parts that run either in the kernel mode or usermode, and each service is independent of each other
-
Very small in size, and easy to maintain
What is the need of an Operating System
Consider an application which would play an audio file from the file system and another application that needs to create a file and write to the disk
- One approach is to not have an OS, and let the application run directly on the hardware w/o any abstraction. In this case, the programmer must code the application logic, and also the low-level code to interact with the hardware. This would take a lot of development efforts, also the application may not be able to handle a specific hardware platform at all. Also we will not be able to run multiple applications simultaneously
- Another approach is to have an intermediary ground to facilitate all the interaction with the hardware and handle all the low level intricacies, and basically provide abstraction for the music application.
The Kernel
Basics
Memory resident part of the OS that acts as an interface b/w the hardware and the programs, and these services include:
- Filesystem Management
- Hardware Management
- Interrupt Control
- Memory Management
- Inter-Process Communication Management
- Process and Thread management
Runs in a protected area of the memory (kernel-space / ring zero) whereas the user-actions are performed in another part of the memory (user-space / ring-3)
Protection Rings
<aside>
π What are Protection Rings
</aside>
Virtualization and Protection Rings (Welcome to Ring -1) Part I
Virtualization and Protection Rings (Welcome to Ring -1) Part II
- Protection Rings are a mechanism provided by x86 family CPUs to protect data from faults and security risks and these are generally hardware enforced by the CPU itself that provides different CPU modes at the firmware level viz. these rings are different levels in which code can execute
- Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory.
- Special gates between rings are provided to allow an outer ring to access an inner ringβs resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended fofr programs in another. For example, spyware running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers
- Ring -1 is HyperVisor Mode
- Ring -2 is SMM (System Management Mode), only available for Intel x86 and x86_64 and resides in SMMRAM which can be only accessed by a SMI (System Management Interrupt)
<aside>
π Kernel Mode (Ring 0)
</aside>
- In Ring 0, the executing code has complete and unrestricted access to the underlying hardware.
- It can execute any CPU instruction and reference any memory address. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system.
- The Kernel relies on hardware level protection implemented in the CPU, by which it tries to safeguard its own critical data from accidental/ deliberate manipulation by user-level processes.
<aside>
π What happens when a less-privileged program tries to execute privileged instructions
</aside>
If something running in a less-privileged execution mode tries executing privileged instructions, the hardware traps to the OS which is done by redirecting the execution flow through the IVT and the IVT pointing to the OS, once execution flow transfers to the OS, the OS kills the program.