当前位置:网站首页>Popular science: what does it mean to enter the kernel state?

Popular science: what does it mean to enter the kernel state?

2022-07-01 18:39:00 Zhu Xiaosi

Click on the above “ Zhu Xiaosi's blog ”, choice “ Set to star ”

The background to reply " book ", obtain

The background to reply “k8s”, Can claim k8s Information

If you don't want to see it for a long time, just look at the summary :

  1. Kernel mode , Or say CPU The privilege model of , yes CPU A working state of , It affects CPU Execution results of different instructions . The operating system follows CPU coordination , Set privilege mode and user mode , To prevent the application from operating beyond its authority

  2. The technology of virtual address space mapping is used to prevent applications from unauthorized access to memory , This is the combination of operating system software and hardware MMU Jointly realized . In user mode , The memory address accessed by the application is the virtual memory address , It will be mapped to the physical address specified by the operating system . This virtual memory address space is what you call user space .

  3. Kernel mode is an operating system concept , Although corresponding to CPU The privilege model of , But generally, if there is no operating system , Let's not talk about kernel mode , Directly speaking, it runs in CPU There should be nothing wrong with the privilege mode .

  4. Applications cannot freely enter the kernel state , It can only be accessed through the interface provided by the operating system , Or enter passively when the hardware interrupt comes

  5. Applications use hardware through operating system functions

Start with the most critical part of the problem : In the final analysis, why do we need protection mode ?

Start with the most basic theory of computer composition . Speaking of computers , from 「 The von Neumann system 」 Speak up , The most important is the five parts : Arithmetic unit 、 controller 、 Memory 、 input device 、 Output devices .

among , The arithmetic unit is stateless ; The controller cooperates with some registers , But the number of registers is very small , And it's usually easy to modify ; input device 、 The output device only acts when it receives instructions . At the end of the day , The running state of the whole computer is almost completely controlled by memory and a few registers .

in other words , If a program can be completely controlled 「 Physical memory 」, Then it can change the state of the computer at will , Include 「 Kill the entire operating system and turn yourself into an operating system ; Make yourself part of the operating system and so on 」. Generally speaking, the operating system must be unhappy .

In the early DOS Such an operating system , Run in real mode , This is the case : It actually turns the application loading to be executed into a part of the operating system , Then mix and run , Which paragraph is 「 User programs 」、 There is no clear boundary between which segment is the operating system : The user program exits and returns to the operating system ; The user program triggers a soft interrupt to the operating system , Return to the user program ; User programs can access most hardware devices by themselves ; User programs can even modify data belonging to the operating system at will . therefore , At that time, many viruses also directly connected themselves to the programs of the operating system , Once executed, it will always reside and become a part of the operating system . At that time in DOS There are many kinds of viruses in the world 、 multifarious .

There are already many problems in the case of single task , In multitasking mode , The problem is even more serious :

  1. Because multiple applications need to be loaded independently , If two applications insist on using the same memory address , Then there will be serious problems , The operating system must prevent this from happening

  2. External devices are generally stupid , It doesn't know the existence of multitasking , No matter who operates the external device, it responds the same . In this way, if multiple applications directly manipulate the hardware devices , There will be conflicts , It is possible that the data of one program is sent to another program, and so on

  3. The operating system must respond to hardware interrupts by itself , Switch task context through hardware interrupt , Let the right task continue at the right time . If the application changes the interrupt response program by itself , The entire operating system will crash

  4. The operating system must have the ability to clean up the resources used by a single application when it crashes , Ensure that it does not affect other applications ; This requires it to know clearly what resources are used by each application

This is just considering that the applications are good , To deal with malicious programs, we need stronger means .

But as we said before , Physical memory is the whole state of the whole computer , If the program has a way to read and write all physical memory and registers , Then any means of protection will not help .「 So limit the behavior of the application , There must be different states when the application and operating system execute , The core problem is to protect key registers and important physical memory 」.

Obviously, this goal must be matched by hardware , otherwise CPU How to distinguish the current operating system ( Open all capabilities ) Or apps ( Limit hazardous functions ) Well ? So if we don't consider the actual results , Only analyze how to solve this problem from the requirements , The following conclusions should be drawn :

  1. CPU There must be at least two different states : Operating system status and application status . In different states , The same instruction will produce different results , This ensures that certain tasks can only be performed by the operating system , Some only applications can execute .

  2. The operating system must have a way to cooperate CPU, Set which memory can be accessed , Which memory cannot be accessed ( Or it can only be accessed in the operating system state ), Inaccessible include the code area and data area of the operating system 、 Interrupt vector table, etc .

  3. Hardware devices cannot be accessed directly in the application state

  4. CPU You need to automatically switch to the operating system state when triggering an interrupt ( Otherwise, multi task switching cannot be performed )

  5. The operating system state can be freely switched to the application state ; The application state cannot be arbitrarily switched to the operating system state , But it also needs the ability to trigger the code entering the operating system and switch to the operating system state ( Otherwise, the operating system function cannot be called )

Now let's go back to reality CPU On the design of , Obviously practical CPU The designer's idea is similar to ours . Here we call it operating system state , In the concept of actual operating system, it is called kernel state , stay CPU It is called privilege mode in design ; We call it application state , In the concept of actual operating system, it is called user mode ,CPU It is called 「 User mode 」.

be aware , Kernel state is not a thing , There is no place to say ,「 It is CPU One of the two states of 」. If it's not for entering the kernel state , But rather 「 Switch 」 To kernel state , Maybe you don't have this misunderstanding . All blame intel Name the system call instruction sysenter, So everyone is used to saying “ Get into ” Kernel mode .

actually CPU It may be subdivided into more operation modes , Not just privilege and user modes , But operating systems need at least these two . Sometimes privilege and user mode do not refer to a real mode , But a kind of pattern , For example, several similar but slightly different operation modes are combined into privilege mode .

This privilege + The operation mode of user's multi-mode switching , It's called (x86)CPU Protection mode function of . The reason why the protection mode is also a mode , There are certain historical reasons , because intel CPU Every generation of products will try to be compatible with previous products , In the early CPU It starts in real mode , There is no such mode switching function , Later, CPU In order to be compatible with early CPU, It is also in real mode when starting , You need to boot the program to actively enter the protection mode , Then it has the ability of multi-mode switching . These are historical reasons and some details .

about CPU itself ,CPU I don't know which piece of code belongs to the application 、 Which piece of code belongs to the operating system , It has no ability to identify whether the currently executing code should have permission , Therefore, it is only responsible for following 「 The program logic 」 To execute : If you instruct yourself to enter user mode ,CPU Enter user mode , But when you go in , Only a specific method can return to the privileged mode . So it's not necessarily the operating system code to enter the privileged mode ,CPU There is no guarantee . however , We say that the , The goal of protected pattern design is to restrict the application code , If the application code enters privileged mode , This restriction is completely invalid , Therefore, various ingenious means will be used in the design of the operating system , coordination CPU The function of , Ensure that the application can only switch to the kernel mode by jumping to the operating system code , In this way, it indirectly ensures that the operating system is executed in the kernel state ( Including driving ) Code for .

Next, we discuss how to restrict memory access , This is also the most difficult part of this design . In comparison , It is easy to disable some command functions in user mode , It is nothing more than adding the corresponding combinational logic into the controller , Judge the current state , If the status is user mode, execution is refused 「 Privileged orders 」 nothing more . Memory reading and writing are different , The instructions are the same , Only the memory addresses accessed are different , At this time, some addresses are accessible , Some addresses cannot be accessed , The difference between access and not is only in the memory address . Need to know ,CPU It supports the use of register indirect addressing , Therefore, this illegal instruction cannot be found in the decoding stage , It must be found during execution ; meanwhile , Which addresses can I access , Which addresses cannot be accessed , Must be completely configurable , The operating system has great freedom . Last , This system must also have the most basic friendliness to the application , Don't make the application too hard to write .

Since it is necessary to be able to set whether each unit in the memory can be accessed , The size of memory is uncertain , The number of this setting is also uncertain , And it will be relatively large , Every inch of land is worth every inch of money (?) Of CPU Put so much in 、 Such a complex setting is very inappropriate , The only feasible solution is to manage memory by memory itself —— Use some memory to store the configuration of how other memory should be used . such , When actually accessing memory , Need ——「 First access the memory configuration in memory , Judge whether the memory to be accessed is allowed to be accessed according to the memory configuration , If access is not allowed, you need to trigger the interrupt of illegal operation , If you allow access, you can access normally ; meanwhile , The memory configuration in memory is also a part of memory , Therefore, the memory configuration in memory will also be managed by the memory configuration in memory 」.

Only from this mouthful level, we can know how complicated it is , Use memory to manage memory by yourself , It's like stepping on the ladder with your left foot and your right foot , A careless play off is a big deal . And in order to use the memory with configuration efficiently , You also need to use a lot of caching technology .

CPU In this paper, we introduce a new method called MMU Unit of , It may be modern CPU One of the most complex components . It can load configurations from memory in a specified format , This affects the characteristics of memory access in user mode . To facilitate process switching , This format often has complex data structures , It also supports a variety of configuration functions . In user mode , All memory accesses go through MMU, Thus, the access to memory is protected ; In privileged mode , Memory access bypasses MMU, Direct access to physical memory , So as to obtain complete permission .

In terms of specific design , The most direct idea is that both user mode and privilege mode use the same memory address , Just set which memory can be accessed in user mode , Which are not accessible . Is this feasible ? It's actually feasible , However, there are some defects :

  1. Before the protection mode appears , Compilers are designed for real mode , During the compilation process , Which memory address ranges are used 、 What data is placed in the memory , It is entirely up to the compiler to decide . Even after the protection mode appears , Parts of the operating system also need to be compiled in the same way . If the application compilation needs to abandon this set of logic , Change to all addresses assigned by the operating system , That existing 「 assembler 」 And compilers need to be rewritten , This price is unacceptable .

  2. Applications often need to use a large continuous memory space , For example, a series of algorithms involving arrays . If all memory space is dynamically allocated , Some programs may constantly apply for small pieces of space , Thus, the memory space is fragmented , There is no contiguous piece of memory . After these programs exit , The memory released is small 、 Discontinuous , The operating system can't let other applications use continuous slices of memory .

  3. There are hidden dangers in safety , Although the application cannot read other memory , But the application can know which memory has been used by other applications , So we can analyze some information from the allocation of memory addresses , For example, what other applications may be executed by the current operating system , What state these applications may be in, and so on . And maybe because CPU Realized bug As a result, the application can read data that should not be read in unexpected ways .

  4. Modern operating systems hope to support some advanced memory management methods , For example, virtual memory —— Temporarily put some unused memory on the disk , This can support more applications with less memory ; When writing copy —— Both applications use the same memory block , I hope to temporarily use the same physical memory address , But when one of them needs to be modified, copy it into two separate memory blocks , Saving memory .

modern MMU Virtual address space technology is usually used to solve this problem , That's what you said “ User space ”. In user mode , All memory access addresses are actually 「 Virtual address 」, It is different from the actual 「 Physical address 」 It doesn't correspond to . such , Even if two applications use the same address , They can also do not interfere with each other , We only need to map them to different physical addresses through technical means .MMU And the operating system realizes the mapping from virtual address to physical address through a data structure called page table , Generally speaking, in x86-64 In the system , Memory according to 4KB The size is divided into pages , Each address aligned page can be independently from any virtual address segment , Map to any physical memory address segment , The lower of the two starting addresses 12 All places are 0( That is, address alignment , When any virtual address is mapped to a physical address , The minimum 12 Bits don't need to move ). The structure of the page table can be reset every time before entering user mode , After switching processes like this , The page table has changed , The same virtual address will be mapped to different physical addresses , This achieves multiple goals at the same time :

  1. Applications have separate virtual address spaces

  2. The application can only access the mapped virtual address space , Unmapped physical addresses cannot be accessed ( Memory protection is realized )

  3. Page table and interrupt vector table , Of course, it will not be mapped

  4. part RISC(x86 yes CISC) On the structure of , Memory and external devices have a unified address space , Do not map the address of peripherals , This prevents access to peripherals

  5. Applications appear to have continuous memory , It does not need to be continuous in physical memory , Memory usage is very efficient

  6. Accessing certain pages in some ways can trigger an interruption of the operating system , The operating system can take this opportunity to modify the page table , This lays a foundation for the operating system to realize advanced memory management functions

Finally, let's talk about how applications access external devices . We say that the , In user mode, applications cannot directly access hardware devices , But if you can't use hardware devices at all , That would be too inconvenient . The trade-off between the two is , Applications use hardware through the operating system , That is, the application sends a request to the operating system , When the operating system processes the request, it forwards the request to the hardware , After the hardware responds , Then forward the request back to the application .

Many hardware uses interrupts and DMA To transmit signals or data . In this case , After the operating system starts to operate , There will be a period of idle time before the hardware operation is completed , At this time, the operating system can suspend the current application , First, execute other applications . When the hardware operation is completed , Will trigger an interrupt , Interrupt vector table in memory , The operating system is set in advance , Points to the operating system's own code ; meanwhile , This interruption will also immediately force CPU Enter privileged mode . At this time, the operating system will have the opportunity to process the data returned by the hardware , At the same time, according to the process priority , You can switch back the previously suspended process and resume execution .

Different hardware often has different interfaces , But the operating system will want to provide a unified interface to the application , This involves the problem of drive adaptation , The driver of the manufacturer can convert the general request into the request format recognized by its own hardware .

Protected mode does not mean that the ability of applications to access hardware is weakened , actually , The ability of an application to access hardware depends entirely on whether the operating system allows . Don't say is Windows PE, Actually any version Windows It allows a user program with the highest permission to directly read and write to the physical hard disk ( adopt CreateFileEx Of Windows API Can , It's like opening an ordinary file ), The only problem is Windows Rely on many disk files , If in the ordinary Windows Format the system disk during execution , The operating system will crash , and Windows PE The relatively small , You can load all the important things into memory , You can format the hard disk while keeping the operating system working properly .

author : Spirit sword

link :https://www.zhihu.com/question/306127044/answer/555327651

 Want to know more ? Scan the QR code below and follow my background reply " technology ", Join the technology group 
 The background to reply “k8s”, Can claim k8s Information 



【 Highlights 】
原网站
版权声明
 本文为[Zhu Xiaosi]所创,转载请带上原文链接,感谢
 https://yzsam.com/2022/02/202202152226551753.html 

            



            


        

        

        

    

    

        



        


边栏推荐





        


猜你喜欢

        



        


随机推荐