Kernel (Operating System)

References

• Kernel (operating system) Wikipedia Article

Notes

The Kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware devices (e.g., I/O, memory, cryptography) via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources, e.g. CPU and cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup (after the bootloader). It handles the rest of the startup as well as memory, peripherals, and input/output requests from software, translating them into data-processing instructions for the central processing unit.

• The critical code of the kernel is loaded into an area of memory, protected from access by application software or other parts of the system, called the kernel space while the application programs use an area of memory called the user space.
• • This prevents slowness and malfunctioning applications
• The kernel is responsible for deciding which memory each process can use, and determining what to do when not enough memory is available.
• Kernel is responsible for synchronization and inter-process communication and context switching between threads.
• Kernel must allow processes to safely access memory as they require it. The first step in doing this is virtual addressing, which allows the kernel to make a given physical address appear to be another address, the virtual address. This allows every program to behave as if it is the only one running and thus prevents applications from crashing each other.
• • Demand Paging
  • • The kernel will write some data that appears to be in memory to disk when programs request to use more data than the system has available. This data can then be loaded back into memory when appropriate.
  • Virtual addressing allows the creation of virtual partitions of memory in two disjointed area, one being reserved for the kernel (kernel space) and the other for the applications (application space).
• A device driver is a computer program encapsulating, monitoring, and controlling a hardware device (via its Hardware/Software Interface) in behalf of the OS. It provides the operating system with an API, procedures and information about how to control and communication with a certain piece of hardware.
• • The design goal of a driver is abstraction; the function of the driver is to translate the OS-mandated abstract function calls (programming calls) into device-specific calls.
  • A kernel must maintain a list of available devices and must allow drivers to physically access the devices through some port or memory location.
• A System call is how a process requests a service form an operating system's kernel that it does not normally have permission to run. System calls provide the interface between and process and the operating system.
• • A system call is a mechanism that is used by the application program to request a service form the operating system.

Kernel Design Decisions

• An important consideration in the design of a kernel is the support it provides for protection from faults and from malicious behavior.
• Many kernels provide implementation of capabilities, objects that are provided to user code which allow limited access to an underlying object managed by the kernel.
• An efficient and simple way to provide hardware support of capabilities is to delegate to the memory management unit (MMU) the responsibility of checking access rights for every memory access, a mechanism called capability based addressing. Most commercial computer architecture lack such MMU support for capabilities.
• An important kernel design decision is the choice of the abstraction levels where the security mechanisms and policies should be implemented.
• Typical computer systems today use hardware enforced rules about what programs are allowed to access what data.
• An alternative approach is to use language-based protection system, which allows code to execute that has been produced by a trusted language compiler.

Kernel-wide Design Approaches

• The principle of separation of mechanism and policy is the substantial difference between the philosophy of micro and monolithic kernels. Here a mechanism is the support that allows the implementation of many different policies, while a policy is a particular mode of operation. Example:
• • Mechanism: User login attempts are routed to an authorization server.
  • Policy: Authorization server requires a password which is verified against stored passwords in a database.
• Monolithic Kernels
• • In a monolithic kernel, all OS services run along with the main kernel thread, thus also residing in the same memory,
  • Monolithic kernels, which have traditionally been used by Unix-like operating systems, contain all the operating system core functions and the device drivers. A monolithic kernel is one single program that contains all the code necessary to perform every kernel-related task.
  • Most work in the monolithic kernel is done via system calls.

• Microkernels
• • Microkernel is the term describing an approach to operating system design by which the functionality of the system is moved out of the traditional kernel, into a set of servers that communicate through a minimal kernel, leaving as little as possible in the system space and as much as possible in the user space.