The kernel is a fundamental part of any Operating System, acting as the bridge between software and hardware. It’s responsible for managing the system’s resources, allowing applications to interact with hardware without needing to know the intricate details of the hardware itself.

Key Functions of the Kernel

Process Management

  • Scheduling: The kernel decides which process runs at any given time and for how long.
  • Context Switching: Switching the CPU from one process to another.
  • Inter-process communication (IPC): Allowing processes to communicate and synchronize with each other.

Memory Management

  • Allocation/Deallocation: Allocates and deallocates memory space as needed by processes.
  • Virtual Memory: Extends physical memory(RAM) onto the disk(Storage), allowing more processes to run concurrently.

File System Management

  • File Access: Manages file reading, writing, and permissions.
  • Organization: Maintains the file system structure, such as directories and file paths.

Device Management

  • Drivers: Interfaces with device drivers to control hardware devices.
  • Input/Output: Manages the input and output operations for hardware components.

Security and Access Control

  • User Permissions: Enforces security policies and user permissions to ensure only authorized access to resources.
  • System Calls: Provides a controlled interface for applications to request services from the kernel.

How the Kernel Operates

  • Mode of Operation: The CPU operates in two modes – user mode and kernel mode. Applications run in user mode, which has restricted access to system resources and Kernel runs in kernel mode, with full access to hardware.
  • System Calls: Applications interact with the kernel via system calls, which are predefined functions provided by the kernel.
  • Kernel Space vs User Space: Kernel space is reserved for running the kernel, its extensions, and most device drivers. User space is where user applications run.

What the Kernel stores

Process Information: Stores process control blocks (PCBs) containing process state, program counter, CPU registers, memory management information, and I/O status information.

Memory Information: Maintains information about memory allocation and management, including the virtual memory table.

Device Information: Contains device descriptors, drivers, and management information for connected hardware.

File System Information: Manages the file system structures, such as the superblock, inodes, and file descriptors.

What are File Descriptors

A file descriptor is a low-level handle that is used to access files and other I7O resources like pipes and sockets. It’s an integer that uniquely identifies an open file within a process. When a program opens a file, the operating system returns a file descriptor that the program can use to read from or write to the file.

Standard File Descriptors:

‘0’: Standard input (stdin)

‘1’:Standard output (stdout)

‘2’:Standard error (stderr)

What are Device Descriptors

These are similar to file descriptors but are used to handle input/output operations for hardware devices (e.g. keyboards, disks, network interfaces). In Unix-like systems, devices are often treated as files, and thus device descriptors are used in the same way as file descriptors.

  • Device Files: Special files found in the ‘/dev’ directory in unix-like systems that represent hardware devices.
  • Operations: Just like files, devices can be opened, read, written, and closed using descriptors.

Virtual Memory Table

This is a data structure used by the operating system to manage virtual memory. The table maps virtual addresses to physical addresses, allowing the system to keep track of where data is stored in RAM and on the disk.

Key Components:

Page Table

  • Pages and Frames: Virtual memory is divided into blocks called pages, and physical memory is divided into blocks called frames. The page table maps each virtual page to a physical frame.
  • Entries: Each entry in the page table corresponds to a virtual page and contains the physical frame number where the page is stored, along with status bits (e.g. present, modified, accessed). Entries use Access Control bits that specify rwx permissions for each page.

Translation Lookaside Buffer (TLB)

The TLB is a special cache used to speed up the translation of virtual addresses to physical addresses. It stores the most frequently accessed page table entries. The CPU checks the TLB first, if the entry is found, it uses the physical address directly (TLB hit). If not, it consults the page table (TLB miss).

Swap Space

The Swap Space is a part of the disk used to extend physical memory. Pages that are not currently needed can be swapped out to this space.

When a process tries to access a page that is not in RAM, a page fault occurs, the operating system then loads the page from the swap space into a free frame in RAM and updates the page table.

Previous articleDifference between Proxy and Gateway
Next articleRisk, Vulnerability and Threats
Joao Silva
I’m Joao Silva, an Incident Response Analyst who loves everything about cybersecurity. I enjoy tackling practical challenges on platforms like TryHackMe and HackTheBox, and I’m always learning more through industry certifications. My main skills are spotting security risks, analyzing threats, and doing digital forensics. I keep up with the latest technologies and cyber threats to ensure strong security measures. In my spare time, I work on projects to improve server security and automate monitoring. I also like to share my knowledge by publishing content on my website to help others learn. I’m dedicated to protecting data and maintaining system integrity in our constantly changing digital world.

LEAVE A REPLY

Please enter your comment!
Please enter your name here