This is not the current version of the class.

Kernel 2: Virtual memory

Overview

In lecture, we discuss virtual memory.

Full lecture notes on kernelTextbook readings

Last time: Eve’s infinite loop attack

        if (n % 1024 == 0) {
            console_printf(0x0E00, "Hi, I'm Eve! #%u\n", n);
            while (true) {}
        }

Kernel solution: Timer interrupts

Implementing timer interrupts

void kernel_start(const char* command) {
    // initialize hardware
    init_hardware();
    init_timer(100);    // 100 Hz ***
void exception(regstate* regs) {
    ...
    switch (regs->reg_intno) {
    case INT_IRQ + IRQ_TIMER:
        // handle timer interrupt
        lapicstate::get().ack();    // reset timer
        schedule();                 // run a different process
}

Timer interrupts and CPU starvation

Eve attacks kernel memory

uint8_t* ip = (uint8_t*) 0x40ec1;   // address of `syscall` from `obj/kernel.sym`
ip[0] = 0xeb;
ip[1] = 0xfe;
(void) sys_getpid();

What happened?

Hardware support for isolation

Implementing hardware privilege checks

Plato’s cave

Plato’s cave

Pokémon grandpa

Pokémon grandpa

What is virtual memory?

CPU and memory

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Memory blocks are called pages

Pokémon grandpa 1

The CPU’s view of memory can change

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

A mapping controls the relationship between virtual and physical memory

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Kernel can see all of physical memory

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

No protection if Eve has same rights as kernel

Pokémon grandpa 1

So give Eve a different view of memory!

Pokémon grandpa 1

Protected control transfer changes view of memory

Pokémon grandpa 1

Pokémon grandpa 1

Pokémon grandpa 1

Managing page tables with vmiter

Virtual memory, abstractly

Faults

Virtual memory for kernel isolation

Virtual memory for process isolation

Virtual memory and kernel execution

x86-64 virtual memory: Addresses

x86-64 virtual memory: Pages

Why pages?

x86-64 virtual memory: Permissions and modes

Eve attacks kernel memory

uint8_t* ip = (uint8_t*) 0x4103c;
   // address of `syscall` from `obj/kernel.sym`
ip[0] = 0xeb;
ip[1] = 0xfe;
(void) sys_getpid();

Kernel fights back!

  1. Changes memory mapping function
  2. Handles the fault

x86-64 page table details

Eve strikes again