Linux and Windows(a side-by-side presentation)

CS2/456 Operating Systems

December 4, 2008

Computer Science Dept.University of Rochester

From UNIX to Linux

● 1969: Ken Thompson and Dennis Ritchie write UNIX for DEC PDP-7

● 1971: UNIX 1 is released

● 1977: BSD 1 is released

● 1985: The GNU manifesto is published in the March 1985 issue of Dr. Dobb's Journal. The GNU project starts a year and a half later

● 1991: Linux is introduced by Linus Torvalds, a student in Finland, as a Minix “clone”

● 1994: Linux 1.0 TCP/IP stack, BSD sockets, extra hardware support

● 1996: Linux 2.0 Support for DEC Alpha 64bit, multi-processor architectures

● 2001: Linux 2.4 IA64 and other architectures, better SMP support, PnP

● 2003: Linux 2.6 preemptive kernel, 64-bit memory, journaling FS – still adding new features/platforms (ex. IBM Cell)

From MS-DOS to Windows Vista

Comparing Lines of Code

The lines reported in the table above are just “hints” of complexity

Development vectors

Windows• MS-DOS compatibility• Principle of extensive

interface, mixing low and high level functions

• Allow different subsystems (Win32, POSIX)

• Commercial software– closed-source

Linux• UNIX compatibility• Principle of simple,

small building blocks• Posix compliant• Free software– build collaboratively

GNU/Linux Structure● kernel (Linux):

– OS code that runs on privileged mode, highly modular

● system (GNU):

– essential system components, run in user mode

– compilers, system libraries ● distribution (GNU/Linux):

– extra system-installation and management utilities

– pre-compiled and ready-to-install tools & packages

– ex. RedHat/Fedora, SUSE, Debian, Ubuntu

Linux kernel core components

Linux API● The Linux kernel API is its system calls

– more than 300 currently– easily expandable by the kernel programmer

● GlibC offers wrappers to the system calls● In UNIX “everything” is a file; the file descriptor

is a core user-exposed kernel data structure● In Linux A thread is a "context of execution"

(COE); only one process/thread table and one scheduler is needed.– clone / fork

Windows Structure● executive (completely hardware-

independent)

– process management, memory management, file system, ...

● kernel (in Windows 2000 jargon)

– more machine-dependent stuff at a higher-level than HAL (such as context switches)

– some basic system functionalities such as scheduling

● HAL

– Device registers/addresses, interrupts, DMA, timers, spin-locks, BIOS/EFI

● windows versions (ex. Pro, Home, etc)

– differ on exposed kernel mode functionality

Windows user/kernel core components

Windows kernel● Never paged out, never preempted● Responsible for

– thread scheduling (soft realtime guarantee)– interrupt/exception handling– low level processors sync– failure recovery

● “Object-oriented”– dispatcher objects (events, mutants, mutexes,

semaphores, threads and timers) – control objects (asynchronous procedure calls,

interrupts, power notify/status, process/profile objects)

Windows NT Object Manager

● Provides underlying NT namespace ● Unifies kernel data structure referencing ● Unifies user-mode referencing via handles ● Simplifies resource charging ● Central facility for security protection ● Other namespaces ‘mount’ on OB nodes ● Provides device & I/O support

Windows Executive Objects

● used for all services and entities● similar to Linux file descriptors, only more functional● manipulated by a standard set of methods

– OPEN: Create/Open/Dup/Inherit handle – CLOSE: Called when each handle closed – DELETE: Called on last dereference – PARSE: Called looking up objects by name – SECURITY: Usually SeDefaultObjectMethod – QUERYNAME: Return object-specific name

Standard NT namespace objects

Windows Executive Object Handle

Windows object Structure● Windows object structure

Windows handle table structure

● From 512 to 16M handles

Linux open/create file example

● User level: glibc call fopen( ... ) will return the FILE * “handle”

● The libc function will call the kernel API open(...)

● open should do the name resolution through the virtual file system– ex. in ext2 recursive path resolution through

directories and inodes– lock, create file on device, unlock– lseek

● Of course, this is a simplistic description

I/O and object manager steps for creating/opening a file and getting back a file handle.

Windows open/create file example

Processes and Threads in Windows Vista

• Job is a “batch process” of Windows (sharing quota, other limits)• Process is the resource holding data structure• Threads are schedul-able• Fiber is the “user-level” thread concept of Windows

Basic process environment differences

Windows• search path in library• CWD=user string• Argument parsing by

program• GUI-oriented:

processes attached to window

• process can “sudo” using a token with users credentials

Linux• explicit search path• CWD=kernel concept• Argument parsing at

cmd line• X-Server is a user-level

process, not all processes have windows

• setuid bit

Linux Scheduling

● Per-CPU “run-queues”● 140 priorities● 1-100: Real-time tasks – RTS

– using FIFO or RoundRobin policy ● 100-140: Normal tasks – CFS (“Completely

Fair”)– RB-tree based on wait_runtime– increase/decrease according to “time run”– the left-most task of the RB-tree preempts the task

with lower wait_runtime

Windows Schedulingkernel scheduler triggered:● On blocking on a semaphore,

mutex, event, I/O, etc.● On signaling an object (e.g.,

thread does an up on a semaphore or causes an event to be signaled).

● The quantum expires.● An I/O operation completes.● A timed wait expires.

Linux virtual address space

A memory mapped file example

Linux memory allocation● static (drivers reserve a

contiguous area of memory during system boot time) or dynamic (via the page allocator) memory allocation

● in pages, groups of pages, and small blocks of memory, or slabs inside the kernel

● buddy-heap algorithm to keep track of available physical pages

● additional mechanisms for mem-mapped virtual memory

● four-level page tables

Page replacement algorithm

Windows virtual address space● The white areas are private per

process● The shaded areas are shared

among all processes● Pluralism of virtual address

manipulating functions in Win API

– file mapping object the analogue of memmap

– protection also manageable through the API

● Super-fetch pre-paging

Two different processes A and B

Windows Memory Allocation● “working set”-based page replacement algorithm.

– Every process has a memory page working set size, adjustable according to its page fault behavior

● Space reclamation (focus on processes who have more pages than their working set sizes):– The system scans through memory pages periodically– Maintain an un-reference counter for each page

● the number of scans that show it un-referenced since last time it was referenced

– Reclaim pages with highest un-reference counts

Windows page-replacement

The various page lists and the transitions among them according to events

Linux File System(s)● Virtual FS is the interface to many different FSs supported by

the kernel– Key concepts: Super-block, Dentry, iNode, File

● Most commonly used: EXT3– Journaled EXT2

● NFS for networkedenvironments

● Linux supportsunified buffer/pagecache

Ex. Remove file voliminuous from EXT2 FS

Windows File System(s)● Volume : sth like a logical disk partition. ● FAT32 – a standard still in use (ex. portable devices)

– centralized table holding info about file areas, free or unusable areas, and where each file is stored on the disk

● NTFS– Journaled– Not a simple byte stream, as in UNIX, but a structured object

consisting of attributes/value pairs.– May occupy a portions of a disk, an entire disk, or span

across several disks.– Disk allocation unit is a cluster. Its size is tradeoff between

management overhead and internal fragmentation.

Linux /proc● Does not store data

– its contents are computed on demand according to user file I/O requests.

● When data is read from one of these files, /proc collects the appropriate information, formats it into text form and places it into the requesting process’s read buffer

● /proc can act as a limited configuration utility– ex. edit how often write-back occurs, or perform per-process

configuration operations● not unique to Linux

The infamous Windows Registry● A special “directory structure”, acting as a configuration /

information database– centralized replacement of “x-” ini files– Supports symbolic links

● Created/Deleted through Win32 API call, but can be edited manually (regedit)

● Transactional for fail-safety reasons● Conceptually similar to sysfs / procfs

– provides functionality such as file associations– provides information such as process / machine utilization

● Split into a number of logical sections, or "hives", named by their Windows API definitions, which all begin "HKEY"

The infamous Windows Registry (2)● HKEY_CLASSES_ROOT (HKCR) for registered applications (ex. file

associations)● HKEY_CURRENT_USER for settings specific to the logged-in user● HKEY_LOCAL_MACHINE (HKLM) for settings general to all PC

users● HKEY_USERS (HKU) contains sub-keys corresponding to the

HKEY_CURRENT_USER keys for each user profile actively loaded● HKEY_CURRENT_CONFIG contains information gathered at runtime● HKEY_PERFORMANCE_DATA provides runtime information into

performance data provided by either the NT kernel itself or other programs

Security in Linux● Principle of small, robust reusable components of UNIX● The familiar file access modes● Security-Enhanced Linux (SELinux)

– Multilevel security– U.S. Dept. of Defense style mandatory access controls

● Built-in advanced networking support– netfilter is a set of hooks inside the Linux kernel that allows

kernel modules to register callback functions with the network stack.

– iptables is a generic table structure for the definition of rulesets.

● Linux is built by humans also ...

Security in Windows Vista (1)

Security properties inherited from the original security design of NT: small, robust reusable components

● Secure login with anti-spoofing measures.● Discretionary access controls● Privileged access controls● Address space protection per process● New pages must be zeroed before being mapped in● Security auditing

Process access token:

Security in Windows Vista (2)

Process access token:● Unique Security ID for every Windows user● Default Access Control Lists● access token given at winlogon

– can be changed (impersonation; used for sharing)● Security descriptor

– per object capability control– ex. open file, get the start with create process file

descriptor

An example security descriptor for a file.

Security in Windows Vista (3)

The principal Win32 API functions for security.

Security API Calls

● Resources for these slides material include (but are not limited to):– Modern Operating Systems, by Andrew S. Tanenbaum– Operating System Concepts, by Avi Silberschatz, Peter Baer Galvin and

Greg Gagne– Windows Internals, by Mark Russinovich, David A. Solomon and Alex

Ionescu– Anatomy of the Linux kernel article at IBM, by M. Tim Jones– Windows Kernel Internals presentation by Dave Probert– Kai Shen's Windows and Linux presentations for the same class– Wikipedia

● These slides are intended for the sole purpose of instruction of Operating Systems at the University of Rochester

All copyrighted materials belong to their respective authors.

Disclaimer