Operating system Study Guide

📖 Core Concepts Operating System (OS) – System software that manages hardware & software resources, providing common services for programs. Kernel – Core part of the OS running with unrestricted privileges; enforces protection between applications and users. Process vs. Thread – A process has its own memory space; a thread shares a process’s memory but has its own execution context (PC, registers, stack). Virtual Memory – Abstraction that lets the kernel map each program’s logical address space to physical memory, using paging & swapping. Preemptive Multitasking – The kernel can interrupt a running thread to give CPU time to others, preventing any single thread from monopolizing the CPU. Interrupt – Signal (hardware or software) that diverts CPU execution to an interrupt service routine (ISR). Security Triad – Confidentiality, Integrity, Availability – goals of OS security. Real‑Time OS – Guarantees that tasks complete by a deadline (hard) or usually meet deadlines (soft). --- 📌 Must Remember Kernel Modes – User mode (restricted) vs. Kernel mode (full privileges). Memory Protection – Implemented via segmentation and paging; unauthorized accesses trigger a segmentation violation interrupt. Page Fault – Occurs when a process accesses a non‑resident page; kernel may allocate the page or swap it in. Context Switch – Save current thread’s state to its Thread Control Block; load next thread’s state. POSIX – Standard API that promotes portability across UNIX‑like systems. Least Authority – Grant each component only the privileges it needs. Address Space Layout Randomization (ASLR) – Randomizes memory locations to mitigate buffer‑overflow exploits. Hypervisor – OS that runs virtual machines; enables pausing, saving, and resuming VMs. Hard vs. Soft Real‑Time – Hard: missed deadline = system failure; Soft: occasional misses tolerated. --- 🔄 Key Processes Program Execution Kernel creates a process, allocates memory, sets priority, loads binary, starts execution. Interrupt Handling CPU receives interrupt → saves current state → jumps to ISR → ISR handles event → restores saved state → resumes previous thread. Page Fault Handling Fault → kernel checks if page is valid → allocates/free page frame → updates page tables → resumes process. Context Switching (Preemptive Multitasking) Scheduler decides next thread → saves current registers & PC → updates PCB/TCB → loads next thread’s registers & PC → resumes. Signal Delivery (Unix‑like) kill(pid, signal) → OS sends signal to target process → process’s signal handler runs asynchronously. --- 🔍 Key Comparisons Kernel Mode vs. User Mode Kernel: unrestricted hardware access, can manage memory, I/O. User: restricted, must request kernel services via system calls. Hard Real‑Time vs. Soft Real‑Time Hard: deadline must never be missed (e.g., avionics). Soft: occasional deadline misses tolerated (e.g., audio playback). Hypervisor vs. Standard OS Hypervisor: runs VMs, abstracts hardware for multiple guest OSes. Standard OS: runs directly on hardware, provides services to applications. Linux vs. Windows File Systems Linux: varied FS (ext4, XFS, etc.), uses inodes, supports many mount options. Windows: NTFS stores file metadata in a Master File Table (MFT). Embedded OS vs. General‑Purpose OS Embedded: minimal footprint, often real‑time, tailored to specific hardware. General‑Purpose: larger, supports wide range of applications, less deterministic timing. --- ⚠️ Common Misunderstandings “The OS isolates applications” → Isolation is logical; bugs (e.g., buffer overflows) can still break isolation if privilege separation is weak. Virtual memory = swapped out to disk → Only inactive pages may be swapped; most virtual memory stays in RAM with page tables mapping. Interrupts always pause the CPU → Only the current thread is paused; other CPUs (in SMP systems) keep running. All OSes have the same kernel architecture → Kernels differ (monolithic, microkernel, hybrid); the outline focuses on general concepts. POSIX guarantees full portability → POSIX eases porting but system‑call differences and library implementations can still require adjustments. --- 🧠 Mental Models / Intuition Kernel as a “traffic cop” – Think of the kernel directing cars (processes/threads) at an intersection (CPU) with signals (interrupts, scheduling). Virtual memory as a “hotel” – Physical RAM are rooms; pages are guests. The kernel swaps guests in/out of the lobby (disk) when rooms are full, but guests keep their room number (virtual address) unchanged. Process isolation like separate apartments – Each process has its own lock on its doors (memory protection); only the landlord (kernel) can grant a key to another apartment. Real‑time deadlines as train schedules – Hard real‑time = train must never be late; soft real‑time = occasional delay acceptable. --- 🚩 Exceptions & Edge Cases Memory‑Mapped I/O – Some devices appear as memory addresses; accesses bypass normal paging protections. Signal Handling Race Conditions – A signal may arrive just after a check but before a system call, leading to TOCTOU bugs. DMA (Direct Memory Access) – Devices can write/read RAM without CPU involvement; may violate cache coherency if not managed. Hypervisor Nested Virtualization – Running a VM inside another VM is possible but introduces performance and security complexities. Soft Real‑Time on Non‑Real‑Time OS – Using priority boosting or real‑time extensions on a general OS can improve latency but cannot guarantee strict deadlines. --- 📍 When to Use Which Choose a Hypervisor when you need to run multiple OS instances on the same hardware (testing, isolation, legacy support). Pick a Real‑Time OS for applications with strict timing requirements (industrial control, avionics). Use POSIX‑compliant APIs if you aim for cross‑platform portability (C, C++, Java). Select Interrupt‑Driven I/O for low‑latency user input (keyboard, mouse). Prefer DMA for high‑throughput block devices (disk, network cards) to offload CPU. Apply ASLR & CFI when hardening security‑sensitive services against memory‑corruption exploits. --- 👀 Patterns to Recognize “Page fault → kernel → allocate/swap → resume” – Appears in any virtual‑memory access failure. “Interrupt → ISR → signal → process handler” – Typical flow for hardware events (I/O completion). “Preemptive schedule → timer interrupt → context switch” – Regularly occurring in multitasking kernels. “Privilege escalation → kernel mode” – Any call that moves from user to kernel mode (system call) is a potential security boundary. “File path starting with ‘/’ → absolute path; otherwise relative – Recognize quickly in filesystem questions. --- 🗂️ Exam Traps Confusing “process” with “thread” – Remember only threads share a process’s address space; processes have separate memory. Assuming all OSes provide hard real‑time guarantees – Only explicitly designed RTOS do; general OSes give only best‑effort timing. Mixing up “kernel mode” with “user mode” privileges – System calls switch from user to kernel; user code never runs with kernel privileges directly. Thinking DMA eliminates need for interrupts – DMA still needs an interrupt to signal transfer completion. Believing POSIX eliminates all portability issues – API differences and system‑specific behavior (e.g., file‑system semantics) can still cause bugs. Treating “virtual memory” as infinite – It’s limited by physical RAM + swap space; out‑of‑memory conditions can still occur. ---