Entering
Ring
Naught
Plan for Today
Review (Exam 1 Questions)
Milestones in Computing
Building a Kernel
1
Reminder: PS4 (part 1) is out now. If...
No Exam 2, 30
Final
Instead, 2
Another
Assignment, 1
March 20-
21, 14
March 25-
27, 37
Near End of
Semester, 11
Took it
al...
No Exam 2, 30
Final
Instead, 2
Another
Assignment, 1
March 20-
21, 14
March 25-
27, 37
Near End of
Semester, 11
Took it
al...
Talk After Class Today!
4
Cyber War, Cyber Peace,
Stones, and Glass Houses
Gary McGraw, CTO Cigital
2:00 PM
Rice Hall 130
5
6
“What is significant about the bakery algorithm
is that it implements mutual exclusion without
relying on any lower-leve...
What are the
advantages/disadvantages of
hardware-based memory isolation
over software-based memory
isolation?
7
8
Hardware Memory Isolation
a[i] = x mem.rs
9
Hardware Memory Isolation
STR r0, [r1]
a[i] = x
compiler
assembler
rustc
as
0100101101011…
mem.rs
mem
10
Hardware Memory Isolation
STR r0, [r1]
a[i] = x
compiler
assembler
rustc
as
0100101101011…
mem.rs
mem
process
running c...
11
Hardware Memory Isolation
STR r0, [r1]
a[i] = x
WRITE 0x57283952, 0x413024
LogicalAddress
Segmentation
Unit
LinearAddre...
12
Hardware Memory Isolation
STR r0, [r1]
a[i] = x
WRITE 0x57283952, 0x413024
compiler
assembler
rustc
as
0100101101011…
m...
Hardware Memory Protection
13
Page
Table
+ L1 Index
14
15
Software-Based Memory Isolation?
STR r0, [r1]
a[i] = x
WRITE 0x57283952, 0x413024
compiler
assembler
rustc
as
010010110...
16
Software-Based Memory Isolation
…lots of code…
STR r0, [r1]
a[i] = x
WRITE 0x57283952, 0x413024
compiler
assembler
rust...
17
Software-Based Memory Isolation
…lots of code…
STR r0, [r1]
a[i] = x
WRITE 0x57283952, 0x413024
compiler
assembler
rust...
18
rustc -S oob.rsLtmp4:
…
movq $6, -40(%rbp)
movq -40(%rbp), %rcx
cmpq $4, %rcx
setae %dl
testb $1, %dl
movq %rdi, -48(%r...
19
Software-Based Memory Isolation
…lots of code…
STR r0, [r1]
a[i] = x
jne LBB0_2
compiler
assembler
rustc
0100101101011…...
20
Software-Based Memory Isolation
…lots of code…
STR r0, [r1]
a[i] = x
jne LBB0_2
compiler
assembler
rustc
0100101101011…...
21
Software-Based Memory Isolation
STR r0, [r1]
a[i] = x
jne LBB0_2
compiler
assembler
rustc
0100101101011…
mem.rs
mem
pro...
This is hard!
22
Which is more “expensive”?
Hardware-Based Memory Isolation
Transistors + wires
OS sets up page permissions, loads programs...
Entering the
Kernel
24
Photo: RDTaken
Hello World?
25
fn main() {
println("Hello?");
}
1. What’s the difference between a
programming language and an
operating system?
26
27
Image: flickr cc: Ruben Alexander
28
Which came first?
• Early programming languages did not run on
an Operating System
– Turing’s language, Church’s Lambda Ca...
Programming Language Operating System
30
Programming Language
• Mostly a precise way for
humans to describe programs
• Provides abstractions of
(abstract) machine ...
Kernel Programming in Rust
32
#[no_std];
fn main() {
println("Hello?");
}
Kernel Programming in Rust
33
#[no_std];
fn main() {
println("Hello?");
} > rustc hello.rs
hello.rs:4:5: 4:12 error: unres...
Printing is For The Weak!
34
#[no_std];
fn main() {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
}
Main is For The Weak!
35
#[no_std];
fn main() {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
}
> rustc oob1.rs
error: re...
36
#[no_std];
#[start]
fn main(_: int, _: **u8) -> int {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
}
37
#[no_std];
#[start]
fn main(_: int, _: **u8) -> int {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
}
gash> rustc oob2...
38
#[no_std];
#[start]
fn main(_: int, _: **u8) -> int {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
return 0;
}
39
rustc -S oob.rsLtmp4:
…
movq $6, -40(%rbp)
movq -40(%rbp), %rcx
cmpq $4, %rcx
setae %dl
testb $1, %dl
movq %rdi, -48(%r...
40
#[no_std];
#[start]
fn main(_: int, _: **u8) -> int {
let mut a = [0, 1, 2, 3];
let i = 6;
a[i] = 7;
return 0;
}
bash-3...
41
#[no_std];
extern "rust-intrinsic" { fn abort() -> !; }
#[no_mangle] pub extern fn rust_stack_exhausted() {
unsafe { ab...
42
#[no_std];
extern "rust-intrinsic" { fn abort() -> !; }
#[no_mangle] pub extern fn rust_stack_exhausted() {
unsafe { ab...
43
#[no_std];
extern "rust-intrinsic" { fn abort() -> !; }
#[no_mangle] pub extern fn rust_stack_exhausted() {
unsafe { ab...
IronKernel
44
Kevin Broderick, Alex Lamana, Zeming
Lin, John Stevans, Wil Thomason
Building a Kernel
45
#[no_std] Remove everything from Rust that depends on OS:
everything that uses system calls
rust-core...
// Copyright 2014 The Rust Project Developers. See the COPYRIGHT
// file at the top-level directory of this distribution a...
47
https://github.com/mozilla/rust/blob/master/src/libstd/option.rs
Almost all normal code relies on an underlying OS!
Building a Kernel
48
#[no_std] Remove everything from Rust that depends on OS:
everything that uses system calls
rust-core...
49
50
51
Building a Kernel
52
#[no_std] Remove everything from Rust that depends on OS:
everything that uses system calls
rust-core...
53
Photo: flickr cc:Randy OHC
Kernel Programming
54
Development Machine
(Ubuntu 64-bit x86 Linux)
editors, file
system, networ
k, compilers
Target Machi...
Kernel Programming
55
Development Machine
(Ubuntu 64-bit x86 Linux)
editors, file
system, networ
k,
cross-compilers
Target...
Kernel Programming
56
Development Machine
(Ubuntu 64-bit x86 Linux)
editors, file
system, networ
k,
cross-compilers
QEMU: ...
57
How the kernel is built:
> rustc --emit-llvm mod.rs
> llc -march=arm -mcpu=arm926ej-s mod.bc
> arm-none-eabi-as mod.as
...
58
How the kernel is built:
> rustc --emit-llvm mod.rs
> llc -march=arm -mcpu=arm926ej-s mod.bc
> arm-none-eabi-as mod.as
...
IronKernel Demo
59
60
*((addr + (i * 4)) as * mut u32) = val
61
Reminder: stay for
Gary McGraw talk!
Form PS4 Teams while you
are waiting for Gary’s talk!
A PS4 team can be
any 3 peop...
Upcoming SlideShare
Loading in...5
×

Kernel-Level Programming: Entering Ring Naught

3,750

Published on

University of Virginia
cs4414: Operating Systems
http://rust-class.org

Leslie Lamport wins the Turing Award!
Hardware-Based Memory Isolation
Software-Based Memory Isolation
Kernel-Level Programming
Which came first, programming languages or operating systems?
Programming without other programs
Kernel development
IronKernel


For embedded notes, see:
http://rust-class.org/class-14-entering-ring-naught.html

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,750
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Kernel-Level Programming: Entering Ring Naught

  1. 1. Entering Ring Naught
  2. 2. Plan for Today Review (Exam 1 Questions) Milestones in Computing Building a Kernel 1 Reminder: PS4 (part 1) is out now. If you want to have more time to work on your project idea instead of PS4, need to let me know this week. Everyone should have received an email with the recorded results for PS2, PS3, and Exam 1.
  3. 3. No Exam 2, 30 Final Instead, 2 Another Assignment, 1 March 20- 21, 14 March 25- 27, 37 Near End of Semester, 11 Took it already!, 1 Exam2 2
  4. 4. No Exam 2, 30 Final Instead, 2 Another Assignment, 1 March 20- 21, 14 March 25- 27, 37 Near End of Semester, 11 Took it already!, 1 Exam2 3 Exam 2 will be out March 25 and due March 27 (12:25pm)
  5. 5. Talk After Class Today! 4 Cyber War, Cyber Peace, Stones, and Glass Houses Gary McGraw, CTO Cigital 2:00 PM Rice Hall 130
  6. 6. 5
  7. 7. 6 “What is significant about the bakery algorithm is that it implements mutual exclusion without relying on any lower-level mutual exclusion. Assuming that reads and writes of a memory location are atomic actions, as previous mutual exclusion algorithms had done, is tantamount to assuming mutually exclusive access to the location. So a mutual exclusion algorithm that assumes atomic reads and writes is assuming lower-level mutual exclusion. Such an algorithm cannot really be said to solve the mutual exclusion problem. Before the bakery algorithm, people believed that the mutual exclusion problem was unsolvable--that you could implement mutual exclusion only by using lower-level mutual exclusion.”Communications of the ACM, August 1974 (2 pages) We will explore this next Tuesday!
  8. 8. What are the advantages/disadvantages of hardware-based memory isolation over software-based memory isolation? 7
  9. 9. 8 Hardware Memory Isolation a[i] = x mem.rs
  10. 10. 9 Hardware Memory Isolation STR r0, [r1] a[i] = x compiler assembler rustc as 0100101101011… mem.rs mem
  11. 11. 10 Hardware Memory Isolation STR r0, [r1] a[i] = x compiler assembler rustc as 0100101101011… mem.rs mem process running code gash> mem loader
  12. 12. 11 Hardware Memory Isolation STR r0, [r1] a[i] = x WRITE 0x57283952, 0x413024 LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory compiler assembler rustc as 0100101101011… mem.rs mem process running code gash> mem loader
  13. 13. 12 Hardware Memory Isolation STR r0, [r1] a[i] = x WRITE 0x57283952, 0x413024 compiler assembler rustc as 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory FAIL!
  14. 14. Hardware Memory Protection 13 Page Table + L1 Index
  15. 15. 14
  16. 16. 15 Software-Based Memory Isolation? STR r0, [r1] a[i] = x WRITE 0x57283952, 0x413024 compiler assembler rustc as 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory FAIL!
  17. 17. 16 Software-Based Memory Isolation …lots of code… STR r0, [r1] a[i] = x WRITE 0x57283952, 0x413024 compiler assembler rustc 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory
  18. 18. 17 Software-Based Memory Isolation …lots of code… STR r0, [r1] a[i] = x WRITE 0x57283952, 0x413024 compiler assembler rustc 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory fn main() { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; } > rustc oob.rs > ./oob task '<main>' failed at 'index out of bounds: the len is 4 but the index is 6', oob.rs:5
  19. 19. 18 rustc -S oob.rsLtmp4: … movq $6, -40(%rbp) movq -40(%rbp), %rcx cmpq $4, %rcx setae %dl testb $1, %dl movq %rdi, -48(%rbp) movq %rax, -56(%rbp) movq %rcx, -64(%rbp) jne LBB0_2 movq -56(%rbp), %rax movq -64(%rbp), %rcx movq $7, (%rax,%rcx,8) addq $64, %rsp popq %rbp ret LBB0_2: leaq _str1253(%rip), %rsi movabsq $5, %rdx movabsq $4, %r8 movq -64(%rbp), %rcx callq __ZN8unstable4lang17fail_bounds_check19h71a9f1 .cfi_endproc
  20. 20. 19 Software-Based Memory Isolation …lots of code… STR r0, [r1] a[i] = x jne LBB0_2 compiler assembler rustc 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory FAIL!
  21. 21. 20 Software-Based Memory Isolation …lots of code… STR r0, [r1] a[i] = x jne LBB0_2 compiler assembler rustc 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory FAIL! What if you aren’t starting with source code in a type-safe language?
  22. 22. 21 Software-Based Memory Isolation STR r0, [r1] a[i] = x jne LBB0_2 compiler assembler rustc 0100101101011… mem.rs mem process running code gash> mem loader LogicalAddress Segmentation Unit LinearAddress Paging Unit PhysicalAddress Memory FAIL!transformer / loader
  23. 23. This is hard! 22
  24. 24. Which is more “expensive”? Hardware-Based Memory Isolation Transistors + wires OS sets up page permissions, loads programs Software-Based Memory Isolation Trusted compiler/loader Statically safe: no runtime cost! 23
  25. 25. Entering the Kernel 24 Photo: RDTaken
  26. 26. Hello World? 25 fn main() { println("Hello?"); }
  27. 27. 1. What’s the difference between a programming language and an operating system? 26
  28. 28. 27 Image: flickr cc: Ruben Alexander
  29. 29. 28
  30. 30. Which came first? • Early programming languages did not run on an Operating System – Turing’s language, Church’s Lambda Calculus – IPL/Lisp, FLOW-MATIC, etc. • Early operating systems were not written in programming languages 29
  31. 31. Programming Language Operating System 30
  32. 32. Programming Language • Mostly a precise way for humans to describe programs • Provides abstractions of (abstract) machine resources • Associated programs like compilers translate into a program for machines to execute • Modern programming languages usually depend on an underlying OS Operating System • A program that runs on some hardware • Provides abstractions for (real) machine resources • Manages sharing of machine resources • Modern operating systems are mostly implemented in C (arguably a programming language) and assembly 31
  33. 33. Kernel Programming in Rust 32 #[no_std]; fn main() { println("Hello?"); }
  34. 34. Kernel Programming in Rust 33 #[no_std]; fn main() { println("Hello?"); } > rustc hello.rs hello.rs:4:5: 4:12 error: unresolved name `println`. hello.rs:4 println("Hello?"); ^~~~~~~ error: aborting due to previous error
  35. 35. Printing is For The Weak! 34 #[no_std]; fn main() { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; }
  36. 36. Main is For The Weak! 35 #[no_std]; fn main() { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; } > rustc oob1.rs error: requires `start` lang_item
  37. 37. 36 #[no_std]; #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; }
  38. 38. 37 #[no_std]; #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; } gash> rustc oob2.rs oob2.rs:4:1: 9:2 error: not all control paths return a value oob2.rs:4 fn main(_: int, _: **u8) -> int { oob2.rs:5 let mut a = [0, 1, 2, 3]; oob2.rs:6 let i = 6; oob2.rs:7 oob2.rs:8 a[i] = 7; oob2.rs:9 } error: aborting due to previous error
  39. 39. 38 #[no_std]; #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; return 0; }
  40. 40. 39 rustc -S oob.rsLtmp4: … movq $6, -40(%rbp) movq -40(%rbp), %rcx cmpq $4, %rcx setae %dl testb $1, %dl movq %rdi, -48(%rbp) movq %rax, -56(%rbp) movq %rcx, -64(%rbp) jne LBB0_2 movq -56(%rbp), %rax movq -64(%rbp), %rcx movq $7, (%rax,%rcx,8) addq $64, %rsp popq %rbp ret LBB0_2: leaq _str1253(%rip), %rsi movabsq $5, %rdx movabsq $4, %r8 movq -64(%rbp), %rcx callq __ZN8unstable4lang17fail_bounds_check19h71a9f1 .cfi_endproc
  41. 41. 40 #[no_std]; #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; return 0; } bash-3.2$ rustc oob3.rs oob3.rs:8:5: 8:8 error: requires `fail_bounds_check` lang_item oob3.rs:8 a[i] = 7; ^~~
  42. 42. 41 #[no_std]; extern "rust-intrinsic" { fn abort() -> !; } #[no_mangle] pub extern fn rust_stack_exhausted() { unsafe { abort() } } #[lang="fail_bounds_check"] pub fn fail_bounds_check(_: *i8, _: uint, _: uint, _: uint) { unsafe { abort() } } #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; return 0; }
  43. 43. 42 #[no_std]; extern "rust-intrinsic" { fn abort() -> !; } #[no_mangle] pub extern fn rust_stack_exhausted() { unsafe { abort() } } #[lang="fail_bounds_check"] pub fn fail_bounds_check(_: *i8, _: uint, _: uint, _: uint) { unsafe { abort() } } #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 6; a[i] = 7; return 0; } gash> rustc oob4.rs gash> ./oob4 Illegal instruction: 4
  44. 44. 43 #[no_std]; extern "rust-intrinsic" { fn abort() -> !; } #[no_mangle] pub extern fn rust_stack_exhausted() { unsafe { abort() } } #[lang="fail_bounds_check"] pub fn fail_bounds_check(_: *i8, _: uint, _: uint, _: uint) { unsafe { abort() } } #[start] fn main(_: int, _: **u8) -> int { let mut a = [0, 1, 2, 3]; let i = 2; a[i] = 7; return 0; } gash> rustc oob5.rs gash> ./oob5 gash>
  45. 45. IronKernel 44 Kevin Broderick, Alex Lamana, Zeming Lin, John Stevans, Wil Thomason
  46. 46. Building a Kernel 45 #[no_std] Remove everything from Rust that depends on OS: everything that uses system calls rust-core Library that doesn’t depend on OS.
  47. 47. // Copyright 2014 The Rust Project Developers. See the COPYRIGHT // file at the top-level directory of this distribution and at // http://rust-lang.org/COPYRIGHT. // // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your // option. This file may not be copied, modified, or distributed // except according to those terms. use fail::abort; use mem::replace; pub enum Option<T> { Some(T), None } impl<T> Option<T> { /// Returns true if the option contains a `Some` value pub fn is_some(&self) -> bool { match *self { Some(_) => true, None => false } } core/option.rs 46 /// Convert from `Option<T>` to `Option<&T>` pub fn as_ref<'a>(&'a self) -> Option<&'a T> { match *self { Some(ref x) => Some(x), None => None } } /// Convert from `Option<T>` to `Option<&mut T>` pub fn as_mut<'a>(&'a mut self) -> Option<&'a mut T> { match *self { Some(ref mut x) => Some(x), None => None } } /// Return the value in an `Option` or call `abort` if it is `None`. pub fn get(self) -> T { match self { Some(x) => x, None => abort() } } /// Maps an `Option<T>` to `Option<U>` by applying a function to a contained value. pub fn map<U>(self, f: |T| -> U) -> Option<U> { match self { Some(x) => Some(f(x)), None => None } } /// Applies a function to the contained value or returns a default. pub fn map_or<U>(self, def: U, f: |T| -> U) -> U { match self { None => def, Some(t) => f(t) } } /// Take the value out of the option, leaving a `None` in its place. #[inline(always)] pub fn take(&mut self) -> Option<T> { replace(self, None) } } Why does normal Option type need OS?
  48. 48. 47 https://github.com/mozilla/rust/blob/master/src/libstd/option.rs Almost all normal code relies on an underlying OS!
  49. 49. Building a Kernel 48 #[no_std] Remove everything from Rust that depends on OS: everything that uses system calls rust-core Library that doesn’t depend on OS. rustboot
  50. 50. 49
  51. 51. 50
  52. 52. 51
  53. 53. Building a Kernel 52 #[no_std] Remove everything from Rust that depends on OS: everything that uses system calls rust-core Library that doesn’t depend on OS. rustboot Boot! IronKernel 32-bit ARM OS kernel that can print text on the screen (in many colors!), handle keyboard input (as long as you don’t press any “dangerous” keys
  54. 54. 53 Photo: flickr cc:Randy OHC
  55. 55. Kernel Programming 54 Development Machine (Ubuntu 64-bit x86 Linux) editors, file system, networ k, compilers Target Machine (32-bit ARM)
  56. 56. Kernel Programming 55 Development Machine (Ubuntu 64-bit x86 Linux) editors, file system, networ k, cross-compilers Target Machine (32-bit ARM) ARM binary
  57. 57. Kernel Programming 56 Development Machine (Ubuntu 64-bit x86 Linux) editors, file system, networ k, cross-compilers QEMU: Emulator (32-bit ARM) ARM binary
  58. 58. 57 How the kernel is built: > rustc --emit-llvm mod.rs > llc -march=arm -mcpu=arm926ej-s mod.bc > arm-none-eabi-as mod.as > objcopy mod.o … mod.rs mod.bc mod.s mod.o kernel.bin rustc llc arm-none-eabi-as objcopyassembler naming convention: [processor]-[os]-[application binary interface]
  59. 59. 58 How the kernel is built: > rustc --emit-llvm mod.rs > llc -march=arm -mcpu=arm926ej-s mod.bc > arm-none-eabi-as mod.as > objcopy mod.o … mod.rs mod.bc mod.s mod.o kernel.bin rustc llc arm-none-eabi-as objcopyassembler naming convention: [processor]-[os]-[application binary interface] Easy way: make run
  60. 60. IronKernel Demo 59
  61. 61. 60 *((addr + (i * 4)) as * mut u32) = val
  62. 62. 61 Reminder: stay for Gary McGraw talk! Form PS4 Teams while you are waiting for Gary’s talk! A PS4 team can be any 3 people.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×