Protection matrixes in Minix
From Erights
(Difference between revisions)
(initial version) |
m (minor cleanup) |
||
| Line 1: | Line 1: | ||
== Minix structure == | == Minix structure == | ||
| - | [http://www.minix3.org Minix3] operating system provides classical UNIX-like environment. It provides usual UNIX system calls (fork, exec, exit, kill, open, read, write, etc.) From this point of view, we would have no reason it to prefer it over, say Linux or FreeBSD. | + | [http://www.minix3.org Minix3] operating system provides classical UNIX-like environment. It provides usual UNIX system calls (fork, exec, exit, kill, open, read, write, etc.) From this point of view, we would have no reason it to prefer it over, say, Linux or FreeBSD. |
| - | The goal of the Minix project is to improve the internal quality of the operating system implementation. Why and how | + | The goal of the Minix project is to improve the internal quality of the operating system implementation. Why and how is it done is described in the [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 Minix book]. |
The following figure captures the structure of the Minix operating system: | The following figure captures the structure of the Minix operating system: | ||
| Line 9: | Line 9: | ||
[[Image:Minix-structure.png]] | [[Image:Minix-structure.png]] | ||
| - | Processes in Layer 1 run in the | + | Processes in Layer 1 run in the kernel space. Processes in Layers 2, 3 and 4 run in the ''user space''. Ordinary user space processes run in Layer 4. Processes that together actually implement the UNIX-like services run in Layers 1, 2 and 3. |
'''Layer 1''' contains: | '''Layer 1''' contains: | ||
| - | * the '''KERNEL''' task (it implements the scheduler, it provides the inter-process communications | + | * the '''KERNEL''' task (it implements the scheduler, it provides the inter-process communications primitives used by other processes, it is hooked to IRQs, it enforces security policies defined by protection matrices described below, etc) |
| - | * the '''SYSTEM''' task provides various services to user space processes from layers 2 and 3 that must be performed in the kernel space (I/O operations and such). Minix | + | * the '''SYSTEM''' task provides various services to user space processes from layers 2 and 3 that must be performed in the kernel space (I/O operations and such). In Minix terminology, they are called "kernel calls". |
| - | * the ''' | + | * the '''CLOCK''' task is actually a device driver of the PIT (Programmable Interface Timer chip) that would be hard to move to user space so it runs in the kernel space. |
| - | Minix | + | In Minix terminology, processes running in '''Layer 1''' are called '''tasks'''. |
| - | '''Layer 2''' contains various processes that | + | '''Layer 2''' contains various processes that behave as device drivers ('''DRV'''). |
'''Layer 3''' contains various higher level subsystems: | '''Layer 3''' contains various higher level subsystems: | ||
| - | * | + | * The process manager ('''PM''') implements most of the UNIX services that are related to processes. |
| - | * | + | * The file system ('''FS''') implements most of the UNIX services that are related to files. |
| - | * | + | * The reincarnation server ('''RS''') periodically checks whether particular device drivers run. It restarts those that crashed (e.g. due to a segmentation fault). |
| - | * | + | * The data server ('''DS''') can be used by device drivers to store their internal state so that restart of the device driver does not disrupt the on-going services provided by this driver. |
* etc. | * etc. | ||
| - | + | Ordinary processes run in '''Layer 4'''. | |
The following section describe various examples of protection matrixes present internally within Minix. Each of them is enforced by the '''KERNEL''' task. | The following section describe various examples of protection matrixes present internally within Minix. Each of them is enforced by the '''KERNEL''' task. | ||
| Line 38: | Line 38: | ||
* notify | * notify | ||
* echo | * echo | ||
| - | The following protection matrix defines which ( | + | The following protection matrix defines which processes (grouped by layer) can use which particular IPC primitives. |
[[Image:Protection matrix concerned with Minix IPC primitives.png]] | [[Image:Protection matrix concerned with Minix IPC primitives.png]] | ||
| - | |||
| - | |||
== Protection matrix that defines which processes can talk to which other processes == | == Protection matrix that defines which processes can talk to which other processes == | ||
| Line 57: | Line 55: | ||
* '''INIT''' (the init process) | * '''INIT''' (the init process) | ||
* '''CLOCK''' (the clock driver) | * '''CLOCK''' (the clock driver) | ||
| - | The following matrix defines allwed interaction (via IPC primitives) among | + | The following matrix defines allwed interaction (via IPC primitives) among them. |
[[Image:Protection matrix concerned with communication between Minix layers.png]] | [[Image:Protection matrix concerned with communication between Minix layers.png]] | ||
| - | |||
| - | |||
== Protection matrix that defines which processes can use which "kernel calls" == | == Protection matrix that defines which processes can use which "kernel calls" == | ||
| - | Even though most of the Minix operating system is implemented | + | Even though most of the Minix operating system is implemented by a set of user-space processes, there are actions that cannot be done by user space processes. They were refactored to '''SYSTEM''' task which runs in the kernel space and, when these services are invoked, it performs them on behalf of the invoker. The '''SYSTEM''' task supports the following services: |
* <tt>sys_fork</tt> | * <tt>sys_fork</tt> | ||
* <tt>sys_exec</tt> | * <tt>sys_exec</tt> | ||
| Line 75: | Line 71: | ||
[[Image:Protection matrix concerned with kernel calls.png]] | [[Image:Protection matrix concerned with kernel calls.png]] | ||
| - | |||
| - | |||
Revision as of 16:12, 20 June 2009
Contents |
Minix structure
Minix3 operating system provides classical UNIX-like environment. It provides usual UNIX system calls (fork, exec, exit, kill, open, read, write, etc.) From this point of view, we would have no reason it to prefer it over, say, Linux or FreeBSD.
The goal of the Minix project is to improve the internal quality of the operating system implementation. Why and how is it done is described in the Minix book.
The following figure captures the structure of the Minix operating system:
Processes in Layer 1 run in the kernel space. Processes in Layers 2, 3 and 4 run in the user space. Ordinary user space processes run in Layer 4. Processes that together actually implement the UNIX-like services run in Layers 1, 2 and 3.
Layer 1 contains:
- the KERNEL task (it implements the scheduler, it provides the inter-process communications primitives used by other processes, it is hooked to IRQs, it enforces security policies defined by protection matrices described below, etc)
- the SYSTEM task provides various services to user space processes from layers 2 and 3 that must be performed in the kernel space (I/O operations and such). In Minix terminology, they are called "kernel calls".
- the CLOCK task is actually a device driver of the PIT (Programmable Interface Timer chip) that would be hard to move to user space so it runs in the kernel space.
In Minix terminology, processes running in Layer 1 are called tasks.
Layer 2 contains various processes that behave as device drivers (DRV).
Layer 3 contains various higher level subsystems:
- The process manager (PM) implements most of the UNIX services that are related to processes.
- The file system (FS) implements most of the UNIX services that are related to files.
- The reincarnation server (RS) periodically checks whether particular device drivers run. It restarts those that crashed (e.g. due to a segmentation fault).
- The data server (DS) can be used by device drivers to store their internal state so that restart of the device driver does not disrupt the on-going services provided by this driver.
- etc.
Ordinary processes run in Layer 4.
The following section describe various examples of protection matrixes present internally within Minix. Each of them is enforced by the KERNEL task.
Protection matrix that defines which processes can use which IPC mechanisms
The KERNEL task provides five different IPC primitives:
- send
- receive
- sendrec
- notify
- echo
The following protection matrix defines which processes (grouped by layer) can use which particular IPC primitives.
Protection matrix that defines which processes can talk to which other processes
The operating system is composed from multiple processes:
- SYSTEM (the system task)
- PM (the process manager)
- FS (the file system)
- RS (the reincarnation server)
- MEM (the memory driver)
- LOG (the logging driver)
- TTY (the terminal driver)
- DS (the data server)
- INIT (the init process)
- CLOCK (the clock driver)
The following matrix defines allwed interaction (via IPC primitives) among them.
Protection matrix that defines which processes can use which "kernel calls"
Even though most of the Minix operating system is implemented by a set of user-space processes, there are actions that cannot be done by user space processes. They were refactored to SYSTEM task which runs in the kernel space and, when these services are invoked, it performs them on behalf of the invoker. The SYSTEM task supports the following services:
- sys_fork
- sys_exec
- sys_exit
- sys_nice
- ...
The protection matrix defines which services of the SYSTEM task can be invoked by which processes.
