Lecture 13: Examples of Memory Management - PowerPoint PPT Presentation

lecture 13 examples of memory management n.
Skip this Video
Loading SlideShow in 5 Seconds..
Lecture 13: Examples of Memory Management PowerPoint Presentation
Download Presentation
Lecture 13: Examples of Memory Management

play fullscreen
1 / 35
Download Presentation
Lecture 13: Examples of Memory Management
Download Presentation

Lecture 13: Examples of Memory Management

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lecture 13:Examples of Memory Management

  2. MVS • Multiple Virtual Storage Operating System (IBM) • The byte index specifies one of 4KB within a page; the page index specifies one of 256 pages within a segment; the segment index identifies one of 2048 user-visible segments (231 bytes –2GB virtual storage) 0 11 12 31 19 20 Segment index Page index Byte index 0 31 25 26 27 28 I C Page table length Page table origin

  3. IBM System/370 • Uses a two-level memory structure and refers o the two levels as segments and pages • Page size: 2KB or 4KB • Segment size (fixed): 64KB or 1MB • 24 – bit address structure BUT

  4. SYSTEM 370/XA • XA: extended addressing • 31 – bit address scheme 0 11 12 31 19 20 Segment index Page index Byte index 0 31 25 26 27 28 I C Page table length Page table origin

  5. System 370/ESA • Latest version: Enterprise System Architecture 0 31 19 21 22 I P Page frame number Unreferenced interval count (UIC) Address space identifier Segment number Page number Available frame

  6. MVS Task 1 Task 2 Task 3 Task n MVS MVS address space structure 16KB MVS … 0

  7. MVS Task 1 Task 2 Task 3 Task n Task 1 Task 2 Task 3 Task n MVS MVS address space structure MVS/XA … 16KB … 0

  8. MVS Data Space M Task n Task 2 Task 1 Task n Task 3 Task 2 Task 3 Task 1 Data Space 1 Data Space 2 Data Space 3 MVS MVS address space structure … … 16KB … 0 MVS/ESA

  9. 370/ESA address translation Instruction Opcode R1 X2 B2 D2 Displacement Access Register General – Purpose Registers Address – Space Reference Base Address Index + Virtual address Segment-Table Designation Real address Access register Translation Dynamic Address Translation

  10. WINDOWS NT • Windows NT was designed to be implemented on a variety of processors. One of the most important platforms for Windows NT is the Intel 486. • Page size: 4KB

  11. Windows NT – Address Spaces • Unsegmented unpaged memory: The virtual address is the same as the physical address, which is useful in low complexity, high performance controller applications • Unsegmented paged memory: Memory is viewed as a paged linear address space. Protection and management of memory are done by paging • Segmented unpaged memory: Memory is viewed as a collection of logical address spaces. The advantages of this view over a paged approach is that it affords protection down to the level of a single byte if necessary. It guarantees that the translation table needed is on-chip when the segment is in memory. Hence the segmented unpaged memory results in predictable access times • Segmented paged memory: Segmentation is used to define logical memory partitions subject to access control and paging is used to manage the allocation of memory within partitions.

  12. The format of the virtual address includes the following fields: • Table indicator (TI): indicates whether the global segment table or a local segment table should be used for translation • Segment number: is the number of the segment. This serves as an index into the segment table • Offset: The offset of the address byte within the segment • Requested privilege level (RPL): The privilege level requested for this access

  13. TI Segment Offset Directory Offset Rpl Page 47 35 31 0 31 21 11 0 (a) Virtual Address (b) Linear Address Limit 19…16 Base 31…34 G 000 P Dp1 1 Type A Base 23…16 Segment Base 15 … 0 Segment Limit 15 … 0 (c) Segment table entry US RW Page table Address 31 … 12 00 D A 00 P Avail (d) Page table directory entry US RW Page Frame Address 31…12 00 D A 00 P Avail (e) Page table entry

  14. Segment Table entry

  15. Page table Directory Entry and Page Table Entry

  16. UNIX System V • Page table: one page table per process, with one entry for each page in virtual memory for that process • Disk block descriptor: associated with each page of a process is an entry in this table that describes the disk copy of the virtual page • Page frame data table: describes each frame of real memory and is indexed by frame number • Swap-use table: there is one swap use table for each swap device, with one entry for each page on the device

  17. Linux System • Allocating and freeing physical memory: pages, groups of pages and small blocks of memory • Handling virtual memory, which is memory mapped into the address space of running processes

  18. Linux system: Management of physical memory • Page allocator • Buddy-heap algorithm 8KB 8KB 16KB 4KB 8KB 4KB

  19. Linux system: Management of virtual memory • Maintaining the address space visible to each process • Creates pages of virtual memory on demand • Manages the loading of those pages from disk or their swapping back out to disk as required • Process address space: as a set of separate regions and as a set of pages

  20. Linux system: Management of virtual memory • Vm_area_struct • Policy algorithm • Paging mechanism • Pageout policy

  21. Linux system: Management of virtual memory (memory layout) Memory invisible to user mode code The ‘brk’ pointer Forbidden region

  22. WINDOWS 2000 Page directory … Page directory entry 1023 Page directory entry 0 Page table 0 … Page table entry 1023 Page table 1023 … Page table entry 1023 Page directory entry 0 Page directory entry 0 4K page 4K page 4K page 4K page

  23. WINDOWS 2000 – Page file page-table entry 31 0 Protection Page address T T P Page file

  24. WINDOWS 2000 – FILE I/O process I/O I/O manager Cache manager Cached I/O File system Noncached I/O VM manager Disk driver Page fault

  25. Security

  26. Security Violation • Intentional (malicious) • Unauthorised reading of data • Unauthorised modification of data • Unauthorised destruction of data • Accidental

  27. Security Attacks • System calls • try illegal system calls or legal system calls with illegal parameters • Breaking login process • start logging in and then reboot or break halfway • Memory information • many systems do not erase the space before allocation • Bad login program • write a login program that records other users authentication

  28. Security Flaws • Examples • Unix utility lpr: has an option to remove the file after it has been printed. In early versions it was possible for anyone to use lpr to print, and then have the system remove, the password file • link the core file to password file and force a core dump of SETUID program • mkdir foo

  29. Security Threats • Bacteria • program that consumes system resources by replicating itself • Logic Bomb • logic embedded in a program that checks for a certain set of conditions to be present on the system. When these conditions are met, it executes some function resulting in unauthorised actions • Trapdoor • Secret undocumented entry point into a program, used to grant access without normal methods of authentication

  30. Security Threats (ctd) • Trojan Horse • secret undocumented routine embedded within a useful program. Execution of the program results in execution of the secret routine • Virus • Code embedded within a program that causes of itself to be inserted in one or more other programs, and performs unwanted functions • Worm • program that can replicate itself and send a copies across network connections

  31. Windows NT Security • Access Control Scheme • governed by two entities • an access token is associated with each process • a security descriptor is associated with each object for which inter-process access is possible • Users log on to an NT system by name/password scheme authentication

  32. SID Group SIDs Privileges Default Owner Default ACL Access Token • Security ID (SID) • identifies the user uniquely across all the computer system • Group SIDs • list of groups to which the user belongs • Default ACL • initial list of protections applied to the object at its creation

  33. Flags Owner SACL DACL Security Descriptor • Flags • defines the type and contents of a security descriptor • System ACL (SACL) • specifies what kind of operations on the object should generate audit messages • Discretionary ACL (DACL) • Determines which users and groups can access this object for which operations

  34. ACL Header ACE Header Access Mask SID ACE Header Access Mask Access Control List (ACL)

  35. After March break.. % File: KA.tex % Author: Eleni Mangina <elenim@roach.dai.ed.ac.uk> % Created: Thu May 28 1998 \documentclass[a4paper,12pt]{article} \usepackage[dvips]{graphics} \usepackage{epsfig} % Use \includegraphics{*.eps} for pictures % Enlarge printing area a bit: \setlength{\textwidth}{16cm} \setlength{\oddsidemargin}{0cm} \setlength{\evensidemargin}{0cm} \setlength{\topmargin}{-0.94cm} \setlength{\textheight}{23cm} \begin{document} \begin{large} \bf Introduction \end{large} \paragraph{} Knowledge-based systems can be connected with the field of \newpage \begin{thebibliography}{XX} \bibitem{lamp} C.P. Yialouris, A.B. Sideridis. ``An Expert system for tomato diseases'', ELSEVIER, 1995. \bibitem{lamp} Chris. G. Panagopoulos. ``Tomato diseases'' Course notes for Phytopathology in Agricultural University of Athens, 1992. \end{thebibliography} \end{document}