Linux and Windows(a side-by-side presentation)
CS2/456 Operating Systems
December 4, 2008
Computer Science Dept.University of Rochester
From UNIX to Linux
● 1969: Ken Thompson and Dennis Ritchie write UNIX for DEC PDP-7
● 1971: UNIX 1 is released
● 1977: BSD 1 is released
● 1985: The GNU manifesto is published in the March 1985 issue of Dr. Dobb's Journal. The GNU project starts a year and a half later
● 1991: Linux is introduced by Linus Torvalds, a student in Finland, as a Minix “clone”
● 1994: Linux 1.0 TCP/IP stack, BSD sockets, extra hardware support
● 1996: Linux 2.0 Support for DEC Alpha 64bit, multi-processor architectures
● 2001: Linux 2.4 IA64 and other architectures, better SMP support, PnP
● 2003: Linux 2.6 preemptive kernel, 64-bit memory, journaling FS – still adding new features/platforms (ex. IBM Cell)
From MS-DOS to Windows Vista
Comparing Lines of Code
The lines reported in the table above are just “hints” of complexity
Development vectors
Windows• MS-DOS compatibility• Principle of extensive
interface, mixing low and high level functions
• Allow different subsystems (Win32, POSIX)
• Commercial software– closed-source
Linux• UNIX compatibility• Principle of simple,
small building blocks• Posix compliant• Free software– build collaboratively
GNU/Linux Structure● kernel (Linux):
– OS code that runs on privileged mode, highly modular
● system (GNU):
– essential system components, run in user mode
– compilers, system libraries ● distribution (GNU/Linux):
– extra system-installation and management utilities
– pre-compiled and ready-to-install tools & packages
– ex. RedHat/Fedora, SUSE, Debian, Ubuntu
Linux kernel core components
Linux API● The Linux kernel API is its system calls
– more than 300 currently– easily expandable by the kernel programmer
● GlibC offers wrappers to the system calls● In UNIX “everything” is a file; the file descriptor
is a core user-exposed kernel data structure● In Linux A thread is a "context of execution"
(COE); only one process/thread table and one scheduler is needed.– clone / fork
Windows Structure● executive (completely hardware-
independent)
– process management, memory management, file system, ...
● kernel (in Windows 2000 jargon)
– more machine-dependent stuff at a higher-level than HAL (such as context switches)
– some basic system functionalities such as scheduling
● HAL
– Device registers/addresses, interrupts, DMA, timers, spin-locks, BIOS/EFI
● windows versions (ex. Pro, Home, etc)
– differ on exposed kernel mode functionality
Windows user/kernel core components
Windows kernel● Never paged out, never preempted● Responsible for
– thread scheduling (soft realtime guarantee)– interrupt/exception handling– low level processors sync– failure recovery
● “Object-oriented”– dispatcher objects (events, mutants, mutexes,
semaphores, threads and timers) – control objects (asynchronous procedure calls,
interrupts, power notify/status, process/profile objects)
Windows NT Object Manager
● Provides underlying NT namespace ● Unifies kernel data structure referencing ● Unifies user-mode referencing via handles ● Simplifies resource charging ● Central facility for security protection ● Other namespaces ‘mount’ on OB nodes ● Provides device & I/O support
Windows Executive Objects
● used for all services and entities● similar to Linux file descriptors, only more functional● manipulated by a standard set of methods
– OPEN: Create/Open/Dup/Inherit handle – CLOSE: Called when each handle closed – DELETE: Called on last dereference – PARSE: Called looking up objects by name – SECURITY: Usually SeDefaultObjectMethod – QUERYNAME: Return object-specific name
Standard NT namespace objects
Windows Executive Object Handle
Windows object Structure● Windows object structure
Windows handle table structure
● From 512 to 16M handles
Linux open/create file example
● User level: glibc call fopen( ... ) will return the FILE * “handle”
● The libc function will call the kernel API open(...)
● open should do the name resolution through the virtual file system– ex. in ext2 recursive path resolution through
directories and inodes– lock, create file on device, unlock– lseek
● Of course, this is a simplistic description
I/O and object manager steps for creating/opening a file and getting back a file handle.
Windows open/create file example
Processes and Threads in Windows Vista
• Job is a “batch process” of Windows (sharing quota, other limits)• Process is the resource holding data structure• Threads are schedul-able• Fiber is the “user-level” thread concept of Windows
Basic process environment differences
Windows• search path in library• CWD=user string• Argument parsing by
program• GUI-oriented:
processes attached to window
• process can “sudo” using a token with users credentials
Linux• explicit search path• CWD=kernel concept• Argument parsing at
cmd line• X-Server is a user-level
process, not all processes have windows
• setuid bit
Linux Scheduling
● Per-CPU “run-queues”● 140 priorities● 1-100: Real-time tasks – RTS
– using FIFO or RoundRobin policy ● 100-140: Normal tasks – CFS (“Completely
Fair”)– RB-tree based on wait_runtime– increase/decrease according to “time run”– the left-most task of the RB-tree preempts the task
with lower wait_runtime
Windows Schedulingkernel scheduler triggered:● On blocking on a semaphore,
mutex, event, I/O, etc.● On signaling an object (e.g.,
thread does an up on a semaphore or causes an event to be signaled).
● The quantum expires.● An I/O operation completes.● A timed wait expires.
Linux virtual address space
A memory mapped file example
Linux memory allocation● static (drivers reserve a
contiguous area of memory during system boot time) or dynamic (via the page allocator) memory allocation
● in pages, groups of pages, and small blocks of memory, or slabs inside the kernel
● buddy-heap algorithm to keep track of available physical pages
● additional mechanisms for mem-mapped virtual memory
● four-level page tables
Page replacement algorithm
Windows virtual address space● The white areas are private per
process● The shaded areas are shared
among all processes● Pluralism of virtual address
manipulating functions in Win API
– file mapping object the analogue of memmap
– protection also manageable through the API
● Super-fetch pre-paging
Two different processes A and B
Windows Memory Allocation● “working set”-based page replacement algorithm.
– Every process has a memory page working set size, adjustable according to its page fault behavior
● Space reclamation (focus on processes who have more pages than their working set sizes):– The system scans through memory pages periodically– Maintain an un-reference counter for each page
● the number of scans that show it un-referenced since last time it was referenced
– Reclaim pages with highest un-reference counts
Windows page-replacement
The various page lists and the transitions among them according to events
Linux File System(s)● Virtual FS is the interface to many different FSs supported by
the kernel– Key concepts: Super-block, Dentry, iNode, File
● Most commonly used: EXT3– Journaled EXT2
● NFS for networkedenvironments
● Linux supportsunified buffer/pagecache
Ex. Remove file voliminuous from EXT2 FS
Windows File System(s)● Volume : sth like a logical disk partition. ● FAT32 – a standard still in use (ex. portable devices)
– centralized table holding info about file areas, free or unusable areas, and where each file is stored on the disk
● NTFS– Journaled– Not a simple byte stream, as in UNIX, but a structured object
consisting of attributes/value pairs.– May occupy a portions of a disk, an entire disk, or span
across several disks.– Disk allocation unit is a cluster. Its size is tradeoff between
management overhead and internal fragmentation.
Linux /proc● Does not store data
– its contents are computed on demand according to user file I/O requests.
● When data is read from one of these files, /proc collects the appropriate information, formats it into text form and places it into the requesting process’s read buffer
● /proc can act as a limited configuration utility– ex. edit how often write-back occurs, or perform per-process
configuration operations● not unique to Linux
The infamous Windows Registry● A special “directory structure”, acting as a configuration /
information database– centralized replacement of “x-” ini files– Supports symbolic links
● Created/Deleted through Win32 API call, but can be edited manually (regedit)
● Transactional for fail-safety reasons● Conceptually similar to sysfs / procfs
– provides functionality such as file associations– provides information such as process / machine utilization
● Split into a number of logical sections, or "hives", named by their Windows API definitions, which all begin "HKEY"
The infamous Windows Registry (2)● HKEY_CLASSES_ROOT (HKCR) for registered applications (ex. file
associations)● HKEY_CURRENT_USER for settings specific to the logged-in user● HKEY_LOCAL_MACHINE (HKLM) for settings general to all PC
users● HKEY_USERS (HKU) contains sub-keys corresponding to the
HKEY_CURRENT_USER keys for each user profile actively loaded● HKEY_CURRENT_CONFIG contains information gathered at runtime● HKEY_PERFORMANCE_DATA provides runtime information into
performance data provided by either the NT kernel itself or other programs
Security in Linux● Principle of small, robust reusable components of UNIX● The familiar file access modes● Security-Enhanced Linux (SELinux)
– Multilevel security– U.S. Dept. of Defense style mandatory access controls
● Built-in advanced networking support– netfilter is a set of hooks inside the Linux kernel that allows
kernel modules to register callback functions with the network stack.
– iptables is a generic table structure for the definition of rulesets.
● Linux is built by humans also ...
Security in Windows Vista (1)
Security properties inherited from the original security design of NT: small, robust reusable components
● Secure login with anti-spoofing measures.● Discretionary access controls● Privileged access controls● Address space protection per process● New pages must be zeroed before being mapped in● Security auditing
Process access token:
Security in Windows Vista (2)
Process access token:● Unique Security ID for every Windows user● Default Access Control Lists● access token given at winlogon
– can be changed (impersonation; used for sharing)● Security descriptor
– per object capability control– ex. open file, get the start with create process file
descriptor
An example security descriptor for a file.
Security in Windows Vista (3)
The principal Win32 API functions for security.
Security API Calls
● Resources for these slides material include (but are not limited to):– Modern Operating Systems, by Andrew S. Tanenbaum– Operating System Concepts, by Avi Silberschatz, Peter Baer Galvin and
Greg Gagne– Windows Internals, by Mark Russinovich, David A. Solomon and Alex
Ionescu– Anatomy of the Linux kernel article at IBM, by M. Tim Jones– Windows Kernel Internals presentation by Dave Probert– Kai Shen's Windows and Linux presentations for the same class– Wikipedia
● These slides are intended for the sole purpose of instruction of Operating Systems at the University of Rochester
All copyrighted materials belong to their respective authors.
Disclaimer