















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The solutions to the final exam of the CS 372H Introduction to Operating Systems: Honors course at The University of Texas at Austin, held in Spring 2011. The exam covers topics such as concurrency, I/O, networks, and security.
Typology: Exercises
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















Do not write in the boxes below.
I (xx/25) II (xx/20) III (xx/19) IV (xx/23) V (xx/13) Total (xx/100)
class GameBarrier { public: GameBarrier(); /* You will partially implement this / ~GameBarrier() {} void waitToPlay(); / You will implement this / void donePlaying(); / You will implement this / private: / this barrier can be in one of three states; note the ’state’ variable */ typedef enum {GAME_NOTREADY, GAME_FILLING, GAME_FILLED} state_t;
Mutex mutex; state_t state; /* INSERT MORE BELOW */
};
GameBarrier::GameBarrier() { state = GAME_NOTREADY: /* INITIALIZE ANY OTHER VARIABLES. */
}
void GameBarrier::waitToPlay() { /* YOU MUST FILL IN THIS FUNCTION */
}
void GameBarrier::donePlaying() { /* YOU MUST FILL IN THIS FUNCTION */
}
class ConsoleBarrier { public: ConsoleBarrier(); /* You will partially implement this / ~ConsoleBarrier() {} void waitAtConsole(); / You will implement this */
private: /* this barrier can be in one of two states; note the ’state’ variable */ typedef enum {CONSOLE_WAIT, CONSOLE_ALLOW} state_t;
Mutex mutex; state_t state; /* INSERT MORE BELOW */
};
ConsoleBarrier::ConsoleBarrier() { state = CONSOLE_WAIT; /* INITIALIZE ANY OTHER VARIABLES */
}
class GameBarrier {
..............
Cond cv; int num_waiters; int num_players; };
GameBarrier::GameBarrier() { state = GAME_NOTREADY:
num_waiters = 0; num_players = 0; }
void GameBarrier::waitToPlay() { mutex.acquire();
if (++num_waiters >= 4 && state == GAME_NOTREADY) { state = GAME_FILLING; cv.broadcast(&mutex); }
while (state != GAME_FILLING) { wait(&mutex, &cv); }
--num_waiters;
if (++num_players == 4) state = GAME_FILLED;
mutex.release(); }
void GameBarrier::donePlaying() { mutex.acquire();
if (--num_players = 0) { state = GAME_NOT_READY; if (num_waiters >= 4) { state = GAME_FILLING; cv.broadcast(&mutex); } }
mutex.release(); }
class ConsoleBarrier {
...............
Cond cv; int num;
};
ConsoleBarrier::ConsoleBarrier() { state = CONSOLE_WAIT; num = 0; }
void ConsoleBarrier::waitAtConsole() { mutex.acquire();
if (++num == 4) { state = CONSOLE_ALLOW; cv.broadcast(&mutex); }
while (state == CONSOLE_WAIT) { cv.wait(&mutex); }
if (--num == 0) { state = CONSOLE_WAIT; }
mutex.release(); }
should thus spin in a while loop.) This is true regardless of whether we have one or two threads, user-level or kernel-threads, signal or broadcast, sequential consistency or not, etc. Since a thread can wake at any time, even when not signaled, the code must check any required barrier conditions after waking from wait() and before proceeding.
A The transaction manager can apply an update to cell storage only after recording that update in its write-ahead log. B The transaction manager can record an update in its write-ahead log only after applying the update to cell storage. C The order doesn’t matter: the transaction manager can record an update in the log and in cell storage in any order, as long as it respects the invariant that COMMIT records are atomic.
A. It’s a write-ahead log. The whole concept of write-ahead logs is that one modifies cell storage only after logging the change.
Below, state the maximum file size, and explain briefly, for example by showing your work. You may express your answer as a sum of powers-of-two.
The data pointed to by the direct block pointers can be as large as 1024 · 8 bytes. There is a single indirect block pointer, and it can contain as many as 10244 pointers, each of which points to 1024 bytes of data. Thus, the total is:
1024 · 8 + 1024 (
Below, state the maximum number of files in a directory, and explain briefly, for example by showing your work. Again, you may express your answer as a sum of powers-of-two.
Directories are implemented as files. Also, each directory entry is 16 bytes (14 bytes for the file name and 2 bytes for the inode number, since there are 2^16 inodes). Thus, we take our answer to the previous question and divide by 16 bytes:
213 + 218 24
Since there are 2^16 inodes on the disk, our answer is min{ 216 , 16896} = 16896.
If we wanted to move to LFS (the log-structured file system), which of the items in the descrip- tion above would we have to modify, and why? Note that we are asking “which items” and “why”; we are not asking you to describe the exact changes required nor are we asking about other needed changes.
The only one that needs to change is the inode array, since, under LFS, inodes do not live in a fixed location on the disk.
A So the protocol can check that the network layer delivered the packet containing the application’s message to the correct endpoint. B Because it is the application layer that makes routing and forwarding decisions. C Because the network layer uses the application-layer header to route and forward the packet. D Because the sender’s link layer needs this field to decide which network protocol to use.
A is right: the application layer cannot depend on the layers below it. B is not right because it is not the application layer that makes forwarding decisions. C is not right because the network layer has its own header. D is not right because the link layer doesn’t decide on the network protocol. The above exercise is borrowed from J. H. Saltzer and M. F. Kaashoek, Principles of Computer System Design: An Introduction, Morgan Kaufmann, Burlington, MA, 2009. Chapter 7. Available online.
A None. They are there for Macintosh compatibility only. B A portion of the Ethernet address is used as the domain name of the computer using the card. C They provide routing information for packets destined to non-local subnets. D They are used as private keys in the Security Layer of the ISO protocol. E They provide addressing within each subnet for an Internet address resolution protocol. F They provide secure identification for warranty service.
E. The above exercise is borrowed from J. H. Saltzer and M. F. Kaashoek, Principles of Computer System Design: An Introduction, Morgan Kaufmann, Burlington, MA, 2009. Chapter 7. Available online.
What is the maximum number of 625-byte packets per second that A could in principle send into the wire? Explain your answer briefly (for example, by showing your work). You may make small approximations if needed.
109 bits/second * 1 byte/8 bits * 1 packet/625 bytes = 200, 000 packets/second.
Now, consider the above link and the following protocol, and assume that all packets are again 625 bytes. In the protocol, A sends 4000 packets into the network as quickly as it can and then waits for a one-byte ACK from B. Whenever A receives an ACK from B, A immediately sends another 4000 packets into the network. Meanwhile, B ACKs packet 1, packet 4001, packet 8001, etc. That is, B ACKs every 4000 packets starting with the first one in a burst by A.
What is the long-term throughput of this protocol, expressed as both (a) bits per second and (b) a percentage of the link’s bandwidth? Explain your answer briefly (for example, by showing your work). You may make small approximations if needed.
The bandwidth-delay product is 10^9 bits/second * 20 ms = 2.5 megabytes = 4000 packets of size 625 bytes. If A sent 4000 packets every 20 ms, it would fully use the link. However, from the protocol description, we know that the protocol sends 4000 packets every 40 ms (because the round-trip time is 40 ms, and that’s how long it takes for A to get B’s ACK). Thus, the throughput is one-half the link’s bandwidth, or 500 · 108 bits/second.
Is the above statement true or false? Justify your answer briefly below:
False. The point to the first phase of 2PC is to see whether all of the machines agree to the proposed transaction.
If they can successfully coordinate an attack, give a protocol that does so. If they cannot, then explain why not.
They can successfully coordinate. A sends a message at time X saying, “attack at X + 25 hours”. B is guaranteed to get the message in time for the attack, and A knows this. Hence both attack at the same time.
Circle the BEST answer below:
A Using an electron microscope to read the secret key out of the CPU. B Replacing the DRAM chips with modified DRAM chips that stored a copy of the secret key in an off-chip NVRAM. C Tapping a high-speed bus between ROM and the CPU to extract a secret key and the code in a secret boot block. D Mounting a dictionary attack on the Xbox’s password file. E Modifying the on-disk kernel image to cause a buffer overflow attack in the bootloader, overrid- ing the hardware-based protection of the secret key. F Installing read-write entries in the x86-visible page tables, allowing him to overwrite key kernel data structures.
C. Huang used inexpensive custom hardware to extract the electrical signals on the bus between the southbridge and northbridge.
What was the central thesis of this paper? Circle the BEST answer below:
A When developers don’t think carefully about their threat model, they can be surprised by attacks that subvert their abstractions. B The current Unix approach to access control is incoherent. C The current Unix approach to access control is coherent, but the coarse-grained notion of privi- lege in Unix creates many vulnerabilities. D An attacker who gains access to the kernel’s logging facility can subvert all of the access control in the file system. E None of the above.
E.
Circle True or False for each item below:
True / False After Thompson’s hacks, the source code for the C compiler, if examined, would contain a hint that the login program had been bugged.
True / False After Thompson’s hacks, the C compiler binary, if disassembled and examined, would contain a hint that the login program had been bugged.
The first is false; the second, true. Thompson’s hack was such that no trace of the bugged C compiler or the bugged login was visible from the source code. What allowed Thompson to pull off this hack is that he bugged the binary—and the hint of that would certainly be clear if someone were to disassemble the binary (there would be compiled code that, on matching a pattern in an input file, output a copy of its own logic and some logic to bug the login program).
Circle True or False for each item below:
True / False Assuming a normal and bug-free system, one needs to be logged in as the root user to use ping and passwd successfully.
True / False Assuming a normal and bug-free system, root needs to delegate its privileges (or a subset of those privileges) to ordinary users for them to use ping and passwd successfully.
The first is false; the second, true. Ordinary users can call ping and passwd. They must do so using root’s privileges because, under Unix’s security model, only a process with a real or effective ID of root can open a raw socket or write to the password file.
True / False To delegate its privileges to ordinary users as they run particular binaries, root sets the setuid bit on those binaries.
True.
What phenomenon undermines mandatory access controls? Circle the BEST answer:
A Two-factor authentication B Weak passwords C A program that has access to privileged information and, as a result of a bug that is not modeled by the specification, writes it to a world-readable file D Covert channels E Buffer overflow attacks on user-level programs