The Requirements of I/O CS162 • So far in this course: Operating Systems and – We have learned how to manage CPU and memory Systems Programming Lecture 16 • What about I/O? – Without I/O, computers are useless (disembodied brains?) General I/O – But… thousands of devices, each slightly different » How can we standardize the interfaces to these devices? October 24th, 2016 – Devices unreliable: media failures and transmission errors Prof. Anthony D. Joseph » How can we make them reliable??? http://cs162.eecs.Berkeley.edu – Devices unpredictable and/or slow » How can we manage them if we don’t know what they will do or how they will perform? 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.2 OS Basics: I/O In a Picture Threads Read / Address Spaces Windows Write wires Processes Files Sockets Processor OS Hardware Virtualization Core I/O Software Controllers Hardware ISA Memory interrupts Secondary Read / DMA transfer Write Main Secondary Storage Core Processor Protection Memory Storage (Disk) Boundary (DRAM) OS (SSD) Ctrlr Networks storage • I/O devices you recognize are supported by I/O Controllers • Processors accesses them by reading and writing IO registers as if they were memory Displays – Write commands and arguments, read status and results Inputs 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.3 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.4 Operational Parameters for I/O Kernel Device Structure • Data granularity: Byte vs. Block The System Call Interface – Some devices provide single byte at a time (e.g., keyboard) – Others provide whole blocks (e.g., disks, networks, etc.) Process Memory Device Filesystems Networking Management Management Control • Access pattern: Sequential vs. Random Concurrency, Virtual Files and dirs: TTYs and Connectivity – Some devices must be accessed sequentially (e.g., tape) multitasking memory the VFS device access File System – Others can be accessed “randomly” (e.g., disk, cd, etc.) Types Network » Fixed overhead to start transfers Architecture Subsystem Memory Device Dependent – Some devices require continual monitoring Manager Control Code Block IF drivers – Others generate interrupts when they need service Devices • Transfer Mechanism: Programmed IO and DMA 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.5 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.6 The Goal of the I/O Subsystem Want Standard Interfaces to Devices • Block Devices: e.g. disk drives, tape drives, DVD-ROM • Provide Uniform Interfaces, Despite Wide Range of Different – Access blocks of data Devices – Commands include open(), read(), write(), seek() – This code works on many different devices: – Raw I/O or file-system access FILE%fd =%fopen("/dev/something", "rw"); – Memory-mapped file access possible for%(int i =%0;%i <%10;%i++)%{ • Character Devices: e.g. keyboards, mice, serial ports, some USB fprintf(fd,%"Count%%d\n",%i); devices } – Single characters at a time close(fd); – Commands include get(), put() – Why? Because code that controls devices (“device driver”) – Libraries layered on top allow line editing implements standard interface • Network Devices: e.g. Ethernet, Wireless, Bluetooth • We will try to get a flavor for what is involved in actually – Different enough from block/character to have own interface controlling devices in rest of lecture – Unix and Windows include socket interface – Can only scratch surface! » Separates network protocol from network operation » Includes select()%functionality – Usage: pipes, FIFOs, streams, queues, mailboxes 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.7 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.8 How Does User Deal with Timing? Chip-scale Features of 2011 x86 (SandyBridge) • Blocking Interface: “Wait” • Significant pieces: – When request data (e.g. read() system call), put process to sleep until data is ready – Four OOO cores » New Advanced Vector eXtensions (256-bit FP) – When write data (e.g. write() system call), put process to sleep until device is ready for data » Special purpose instructions: AES, Galois-Field mult • Non-blocking Interface: “Don’t Wait” » 4 µ-ops/cycle – Returns quickly from read or write request with count of bytes – Integrated GPU, System Agent (Mem, Fast I/O) successfully transferred – Shared L3 cache divided in 4 banks – Read may return nothing, write may write nothing – On-chip Ring bus network • Asynchronous Interface: “Tell Me Later” » High-BW access to L3 Cache – When request data, take pointer to user’s buffer, return immediately; • Integrated I/O later kernel fills buffer and notifies user – Integrated memory controller (IMC) – When send data, take pointer to user’s buffer, return immediately; later » Two independent channels of DDR3 DRAM kernel takes data and notifies user – High-speed PCI-Express (for Graphics cards) – DMI Connection to SouthBridge (PCH) 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.9 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.10 SandyBridge I/O: PCH Chip-scale Features of 2015 x86 (Sky Lake) • Platform Controller Hub • Significant pieces: – Used to be – Four OOO cores with deeper buffers “SouthBridge,” but no » New Intel MPX (Memory Protection Extensions) “NorthBridge” now » New Intel SGX (Software Guard Extensions) – Connected to processor » Issue up to 6 µ-ops/cycle with proprietary bus – Integrated GPU, System Agent (Mem, Fast I/O) » Direct Media Interface – Larger shared L3 cache with on-chip ring bus • Types of I/O on PCH: » 2 MB/core instead of 1.5 MB/core – USB, Ethernet » High-BW access to L3 Cache – Audio, BIOS support • Integrated I/O – More PCI Express (lower – Integrated memory controller (IMC) speed than on Processor) SandyBridge » Two independent channels of DDR3L/DDR4 DRAM – SATA (for Disks) System Configuration – High-speed PCI-Express (for Graphics cards) – DMI Connection to SouthBridge (PCH) 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.11 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.12 Sky Lake I/O: PCH Modern I/O Systems • Platform Controller Hub – Used to be “SouthBridge,” but no “NorthBridge” now – Connected to processor with proprietary bus » Direct Media Interface • Types of I/O on PCH: network – USB, Ethernet – Thunderbolt 3 – Audio, BIOS support – More PCI Express (lower Sky Lake speed than on Processor) System Configuration – SATA (for Disks) 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.13 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.14 Example Device-Transfer Rates in Mb/s Example: PCI Architecture (Sun Enterprise 6000) Memory RAM CPU Bus Host Bridge PCI #0 ISA Bridge PCI Bridge PCI #1 ISA PCI Slots USB SATA Controller Scanner Controller Controller Legacy Root Devices Hub Hard DVD Disk 10m ROM Hub Webcam • Device Rates vary over 12 orders of magnitude !!! – System better be able to handle this wide range Mouse Keyboard – Better not have high overhead/byte for fast devices! – Better not waste time waiting for slow devices 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.15 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.16 Administrivia Recall: Internet of Things Botnets • Hackers take over Internet of Things devices: • Midterm 2 TOMORROW on Tue 10/25 6:30-8PM – Mirai (233,000 infected IoT devices) and Bashlight (963,000) – All topics up to and including Lecture 15 • Responsible for 620 Gb/s attack against Brian Krebs’ website » Focus will be on Lectures 9 – 15 and associated readings – Largest Distributed Denial of Service attack ever!! » Projects 1 & 2, Homework 0 – 2 – Closed book with 2 pages of hand-written notes both sides • Followed a few days later by 1.1 Tb/s attack against French – Room assignments by last name: cloud and web hosting provider » 10 Evans (A – K), 1 LeConte (L – S), 60 Evans (T – Z) – Largest Distributed Denial of Service attack ever!! – Roughly 145,000 Internet attached cameras • IoT devices compromised using default and hardcoded passwords 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.17 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.18 Friday Oct 21 2016 IoT Attack Solutions? • Legislative? – Criminal charges – already exists but how to identify who is responsible? – Mandatory recall – how to identify white label devices? how to enforce? » Hangzhou Xiongmai Tech hardcoded passwords into camera boards (announced recall? on Monday 10/24) – Fines – who should be fined? – ISPs block users – huge customer support nightmare… • Technical? – Blocking IP addresses – attack used spoofed IP addresses – Create a “good” worm to patch vulnerable devices – how would users • IoT attack against DNS servers run by Dyn Corp gain access to their devices? Some devices have hardcoded passwords – 3 attack waves: 7:00 am ET, 12:00pm ET, (third attack blocked) • UL Label? – Mirai botnet spoofed (faked) 10Ms of IP addr (maybe 50k hosts) – Develop industry standards and best practices » TCP SYN floods to DNS servers port 53, also DNS prepend attack – Mandate thorough security testing of IoT devices – Affected Twitter, SoundCloud, Spotify, Reddit, Amazon, Netflix, PayPal, Airbnb, Reddit, Etsy, New York Times, 10k+ more sites … 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.19 10/24/16 Joseph CS162 ©UCB Fall 2016 Lec 16.20 How does the processor actually talk to the device? Processor Memory Bus Regular Memory CPU Bus Bus Adaptor Adaptor Device Address + Controller Other Devices Data Bus Hardware Interrupt or Buses Interface Controller Controller Interrupt Request read write Addressable • CPU interacts with a Controller control Memory – Contains a set of registers that status and/or can be read and written Registers Queues – May contain memory for request (port 0x20) Memory Mapped queues or bit-mapped images Region: 0x8f008020