Assignment 3, due Feb 9

Part of the homework for 22C:169, Spring 2007
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Background: There are two ways that a system with an MMU can be configured to allow pointers to be passed from a program to a system call.

    First, if the operating system shares the address space with the running program, so pointers require no translation and the system may use them directly.

    Second, if the application is entitled to use of its entire address space, pointers passed to the system must be translated and for use, the object pointed to must be specially addressed.

    a) Explain why, with the first system, if the operating system forgets to properly check a pointer, the user might be able to attack the operating system. (1 point)

    b) Explain why the second system is inherently somewhat more resistant to error on the part of system programmers. (1 point)

  2. Background: A thunk is a subroutine passed to another subroutine in order to facilitate passing a parameter. Thus, instead of passing the value i we pass a parameterless function geti() that returns the value of i, and instead of passing the address of i so that the system can change the value of i, we pass seti(v) that sets i to v. Microsoft makes extensive use of thunks in some of its system calls in order to avoid passing pointer parameters. The thunk, when called by the system, operates in the user's domain.

    Recall that when a trap occurs, all registers (including the PC) of the program that was running at the time are saved. The system may modify these registers arbitrarily before returning to the user program. Assume, for the purpose of this problem, that there is no sharing of memory address space between the user and the system domains.

    a) Explain, in some detail, how the system can call a thunk, once the system knows the address of the user's thunk. (1 point)

    b) Propose a mechanism by which the thunk, once called, could return to the operating system. Keep in mind that the thunk itself is entirely normal user code. (Your answer to part b may solve this problem, in which case you need to make it clear that you understand how it does; if it doesn't, this is the point at which you can work on this issue.) (1 point)

  3. A Problem: Given that the user passes buf, a pointer to a buffer, and len, the length of that buffer in bytes, write code for a system call using make_system_pointer and safe_bytes to set all of the bytes of the user's buffer to zero. (1 point)