Assignment 3, due Feb 12

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

1. Background: Consider the problem of implementing the Unix/Linux read(int d,void*buf,size_t nbytes) system call. You can get documentation on this system call with the man 2 read command.

   Assume that the following parameter passing convention is used. Prior to the control transfer, the three parameters are pushed on the stack. The SP register points to the stack top.

   Assume you are on a machine with a memory management unit that creates a paged virtual address space. Each page of the virtual address space may be currently mapped to some page frame in RAM or not, and may be marked read-only or read-write. The MMU is turned on for user programs and turned off during execution of system calls.

   After the trap that transfers control to the system, the system can easily access the caller's SP register -- it is in the block of saved registers pointed to by the (global) kernel variable current_user. Specifically current_user->SP is the saved stack pointer.

   a) What addresses must the operating system check in order to make sure that it does not attempt to access memory that the user should not access in the process of accessing the parameters and other user memory read or manipulated by the read command. (1.0 points)

   b) Suppose the system failed to correctly check the above addresses. For each address (or category of addresses) you identified above, what kinds of damage would you expect to result from failure to check that address. (1.0 points)

2. Background: Suppose you are working on a computer with a paged virtual address space where the following macros are available for interpreting fields of a virtual address va of type void *:
   • PAGESIZE -- the size of a page, in bytes.
   • PAGENUM(va) -- returns the integer page number.
   • ADDRINPAGE(va) -- returns the integer address within the page.

   Also, suppose the page table pagetab entries have fields that are accessible using the following macros:

   • RIGHTS(pagetab[i]) -- the access rights of an entry.
   • FRAME(pagetab[i]) -- the page frame of an entry.

   If the access rights on a page are ar you can test for the presence of an access right with:

   • ar & READ -- true (nonzero) if the page is readable.
   • ar & WRITE -- true (nonzero) if the page is writable.

   Finally, to construct a physical address (of type void *) from an integer frame number f and an integer address in page i, the following is defined:

   • PA(f,i) -- make physical address.

   Where it matters, assume that the push operation decrements the stack pointer and that the stack pointer always points to the first byte of the topmost item on the stack. Where it matters, assume parameters are pushed on the user's stack in their order in the parameter list. Assume that in your system code, sp is the user's stack pointer, a variable of type void * holding a virtual address.

   a) Write C code for the function checkaddress(va,length,rights), when given a virtal address va (of type void *), the length of a block of memory, and the required access rights, either calls fault() (which will not return) or returns the physical address (of type void *). (1.0 points)

   b) Assume that you are writing part of the read() kernel call on a machine where kernel code runs with the MMU turned off. Write a code fragment, using the checkaddress() function as appropriate, to check that the user's buffer exists and is writable. Make worst-case assumptions about how malicious the user code might be, and assume that, to begin with, the top two items on the stack are the user's parameters buf and len. (1.0 points)

3. Background: Assume a machine where the memory management unit remains on during the execution of kernel calls. Assume that the virtual address space of the kernel is not the same as the virtual address space of the user. Instead, there are two page tables, user_pagetab and system_pagetab. Both of these page tables are mapped into the system's virtual address space so the system may directly manipulate them. Assume all the same tools for manipulating virtual and physical addresses as were assumed for the previous question. Assume, further, that virtual address temp in the system address space is the address of a page that is currently unused for any purpose. Assume that all addresses are treated as being of type void *.

   A Problem: Write code for make_system_address(temp, user_address) that will map the page containing the user's address into the system address space with the same access rights as the user had to that page and then return a pointer to the same byte that the user's pointer referred to. (1.0 points)