|                                                                                                                                    | Copyright Notice                                                                                                                                                                                                                |
|------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CS 410/510<br><sup>10011010</sup><br><sup>101111</sup><br><sup>101111</sup><br><sup>101101</sup> Languages & Low-Level Programming | • These slides are distributed under the Creative Commons<br>Attribution 3.0 License                                                                                                                                            |
|                                                                                                                                    | • You are free:                                                                                                                                                                                                                 |
| Mark P Jones                                                                                                                       | • to share—to copy, distribute and transmit the work                                                                                                                                                                            |
| Portland State University                                                                                                          | • to remix—to adapt the work                                                                                                                                                                                                    |
|                                                                                                                                    | • under the following conditions:                                                                                                                                                                                               |
| Fall 2018                                                                                                                          | <ul> <li>Attribution: You must attribute the work (but not in any way that<br/>suggests that the author endorses you or your use of the work) as<br/>follows: "Courtesy of Mark P. Jones, Portland State University"</li> </ul> |
| Week 5: Case Study - The L4 Microkernel                                                                                            | follows. Courtesy of Hark Ljones, For dand state oniversity                                                                                                                                                                     |
| 1                                                                                                                                  | The complete license text can be found at<br>http://creativecommons.org/licenses/by/3.0/legalcode<br>2                                                                                                                          |
|                                                                                                                                    |                                                                                                                                                                                                                                 |

| From ad-hoc to generic                                                                                                        |         |
|-------------------------------------------------------------------------------------------------------------------------------|---------|
| <ul> <li>So far, we've been building bare-metal applications in an ad-<br/>hoc manner</li> </ul>                              |         |
| • which would be reasonable in a custom embedded system                                                                       |         |
| <ul> <li> but what if we want a more generic, reusable foundation<br/>for building and deploying computer systems?</li> </ul> | Why L4? |
| • (also known as an "operating system" 😀 )                                                                                    |         |
| • Let's take a look at L4 as an initial case study                                                                            |         |
|                                                                                                                               |         |
|                                                                                                                               |         |
|                                                                                                                               |         |
| 3                                                                                                                             | 4       |

רר



#### Approaches to Kernel Design

- In a **monolithic kernel**, all OS code runs in kernel mode
  - improves performance; reduces reliability
- A **microkernel** design aims to minimize the amount of code that runs in kernel mode (the "*trusted computing base*" or TCB) and implement as much functionality as it can in "*user level servers*"
  - A microkernel must abstract physical memory, CPU (threads), and interrupts/exceptions
  - A microkernel must also provide (efficient) mechanisms for communication and synchronization
  - A microkernel should be "policy free"

# Microkernel design: L4

- $\bullet$  L4 is a "second generation"  $\mu\text{-kernel}$  design, originally designed by Jochen Liedtke
- $\bullet$  Designed to show that  $\mu\text{-kernel}$  based systems are usable in practice with good performance
- Minimalist philosophy: If it can be implemented outside the kernel, it doesn't belong inside

# Why pick L4?

- L4 is industrially and technically relevant
  - Multiple working implementations (Pistachio, Fiasco, OKL4, etc...)
  - Multiple supported architectures (ia32, arm, powerpc, mips, sparc,  $\ldots)$
  - Already used in a variety of domains, including real-time, security, virtual machines & monitors, etc...
  - Open Kernel Labs spin-off from NICTA & UNSW
  - Commercial use by Qualcomm and others ...

#### Why pick L4?

• L4 is industrially and technically relevant

#### • L4 is small enough to be tractable

- Original implementation ~ 12K executable
- Recent/portable/flexible implementations ~ 10-20 KLOC C++
- Much easier to implement that a full POSIX OS, for example!

#### Why pick L4?

- L4 is industrially and technically relevant
- L4 is small enough to be tractable
- L4 is real enough to be interesting
  - For example, we can run multiple, separated instances of Linux (specifically: L4Linux, Wombat) on top of an L4  $\mu\text{-kernel}$
  - Use somebody else's POSIX layer rather than build our own!
  - Detailed specification documents are available

# Why pick L4?

- L4 is industrially and technically relevant
- L4 is small enough to be tractable
- L4 is real enough to be interesting
- L4 is a good **representative** of the target domain and a good tool for exposing core research challenges
  - Threads, address spaces, IPC, preemption, interrupts, etc... are core  $\mu\text{-}$  kernel concepts, regardless of API details
  - It should be possible to retarget to a different API or  $\mu\text{-kernel}$  design

# Why pick L4?

п

- L4 is industrially and technically relevant
- L4 is small enough to be **tractable**
- L4 is real enough to be interesting
- L4 is a good **representative** of the target domain and a good tool for exposing core research challenges
- L4 is "not invented here"
  - We're not in the business of OS design and implementation
  - Leverage the insights and expertise of the OS community so that we can focus on our own research goals
  - A credibility boost, showing that our methods apply to other people's problems (we can't change the OS design to make our lives easier ...)



### Evolution of L4 - Case Study I











| How to find the KIP                                                                                                                                                                          |  |  |  |  |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| Option 1: Design protocol                                                                                                                                                                    |  |  |  |  |
| <ul> <li>User code assumes a predetermined KIP address</li> </ul>                                                                                                                            |  |  |  |  |
| • Option 2: "Slow system call" a "virtual" instruction                                                                                                                                       |  |  |  |  |
| <ul> <li>User code executes the illegal instruction LOCK NOP</li> </ul>                                                                                                                      |  |  |  |  |
| <ul> <li>This triggers an illegal opcode exception, which enters the<br/>kernel</li> </ul>                                                                                                   |  |  |  |  |
| <ul> <li>The kernel checks for this exception, loads the kip address<br/>in to the context registers, and returns to user mode</li> </ul>                                                    |  |  |  |  |
| $-$ EAX $-$ KernelInterface $\rightarrow$ EAXbase address $-$ ECXECXAPI Version $-$ EDXEDXAPI Version $-$ EDIEDXAPI Flags $-$ EDIEDIEDI $-$ EDXEDXEDI $-$ EDXEBXEBX $-$ EBPEBP $-$ ESPESPESP |  |  |  |  |
|                                                                                                                                                                                              |  |  |  |  |

#### What are the gaps for?

|                       | 01                   |                    |                                     |            |
|-----------------------|----------------------|--------------------|-------------------------------------|------------|
| ~                     | SCHEDULE SC          | THREADSWITCH SC    | Reserved                            | +F0 / +1E0 |
| EXCHANGEREGISTERS SC  | UNMAP SC             | LIPC SC            | IPC SC                              | +E0 / +1C0 |
| MEMORYCONTROL pSC     | PROCESSORCONTROL pSC | THREADCONTROL pSC  | SPACECONTROL pSC                    | +D0 / +1A0 |
| ProcessorInfo         | PageInfo             | ThreadInfo         | ClockInfo                           | +C0 / +180 |
| ProcDescPtr           | BootInfo             | ~                  |                                     | +B0 / +160 |
| KipAreaInfo           | UtcbInfo             | VirtualRegInfo     | ~                                   | +A0 / +140 |
|                       | ~                    | ~                  |                                     | +90 / +120 |
|                       | ~                    | ~                  |                                     | +80 / +100 |
|                       | ~                    | ~                  |                                     | +70 / +E0  |
|                       | ~                    | ~                  |                                     | +60 / +C0  |
| Kdebug.config1        | Kdebug.config0       | MemoryInfo         | ~                                   | +50/ +A0   |
| root server.high      | root server.low      | root server.IP     | root server.SP                      | +40 / +80  |
| $\sigma_1$ .high      | $\sigma_1$ low       | σ <sub>1</sub> .IP | $\sigma_1.SP$                       | +30 / +60  |
| $\sigma_0.{\rm high}$ | $\sigma_0$ low       | $\sigma_0.IP$      | $\sigma_0.\text{SP}$                | +20 / +40  |
| Kdebug.high           | Kdebug.low           | Kdebug.entry       | Kdebug.init                         | +10 / +20  |
| KernDescPtr           | API Flags            | API Version        | 0 <sub>(0/32)</sub> 'K' 230 '4' 'L' | +0         |
| +C / +18              | +8 / +10             | +4 / +8            | +0                                  |            |

| What's in the UTCB area?                                                                                                                                                                                                                                                                                                                                                           | UTCB Layout (IA32)                                                                                                                                                                                                                             | MR 63 (32)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | +252                                                                                                                                 |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>Every user thread has a User Thread Control Block (UTCB), which is a block of memory that the thread uses for communication with the kernel.</li> <li>The UTCB contains: <ul> <li>Message registers (MRs)</li> <li>Thread control registers (TCRs)</li> </ul> </li> <li>All UTCBs for a given address space are grouped in a single block called the UTCB area</li> </ul> | <ul> <li>64 Message "registers"<br/>named MR<sub>0</sub>, MR<sub>1</sub>,, MR<sub>63</sub></li> <li>Miscellaneous other fields: <ul> <li>ErrorCode</li> <li>ExceptionHandler</li> <li>Pager</li> <li>Acceptor</li> <li></li> </ul> </li> </ul> | :<br>MR 4 (32)<br>MR 3 (32)<br>MR 2 (except for mg receive) (32)<br>MR 4 (except for mg receive) (32)<br>^(22)<br>^(23)<br>PreemptedIP (32)<br>PreemptedIP | +16<br>+12<br>+8<br>← UTCB address +4<br>← UTCB address<br>-16<br>-20<br>-24<br>-28<br>-32<br>-32<br>-36<br>-40<br>-44<br>-48<br>-52 |
| <ul> <li>Example: If UTCBs are 512 bytes long, then an address space<br/>with a 4KB UTCB area can support at most 8 threads</li> </ul>                                                                                                                                                                                                                                             | • UTCB address points to the <u>middle</u> of the UTCB                                                                                                                                                                                         | Acceptor (23)<br>Acceptor (23)<br>NotifyBila (22)<br>NotifyBila (22)<br>MyGloballd (22)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | -60<br>-64<br>-68<br>-72<br>26                                                                                                       |

| Trust, and UTCBs                                                                                                                                                   | UTCB addresses and local thread ids                                                                                                                                                |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| • User processes can read and write whatever values they like<br>in the UTCB (and in the UTCBs of other threads in the same<br>address space)                      | <ul> <li>Every UTCB must be 64-byte aligned, so the lower 6 bits in<br/>any UTCB address will be zero</li> <li>Within a given address space, UTCB addresses are used as</li> </ul> |
| • Protected thread parameters (e.g., priority) must be stored in a separate TCB data structure that is only accessible to the kernel                               | local thread ID local id/64 (26/58) 000000                                                                                                                                         |
| <ul> <li>Any data that is read from the UTCB cannot be trusted and<br/>must be validated by the kernel, as necessary, before use</li> </ul>                        | • Other thread ids must have a nonzero value in their least significant 6 bits                                                                                                     |
| • Mappings for the UTCB area must be created by the kernel<br>(otherwise user space code could cause the kernel to page<br>fault by reading from an unmapped UTCB) |                                                                                                                                                                                    |
| 27                                                                                                                                                                 | 28                                                                                                                                                                                 |
|                                                                                                                                                                    |                                                                                                                                                                                    |

# How to find the UTCB

- Option I: Design Protocol
  - User code assumes a predetermined UTCB address
- Option 2: The UTCB pointer
  - At boot time, the kernel creates a 4 byte, read only segment in the GDT for a specific kernelspace address and loads a corresponding segment selector in %gs
  - The kernel stores the UTCB address of the current thread in that location
  - $\bullet$  User code can read the UTCB address from gs:0

## Configuring an address space

- The addresses of the KIP and the UTCB can be set when a new address space is created:
- First, create a new thread in a new address space (we'll see how this is done soon)
- Now use the (privileged) SpaceControl system call:

| SpaceSpecifier          | EAX | $-$ Space Control $\rightarrow$ | EAX | result  |
|-------------------------|-----|---------------------------------|-----|---------|
| control                 | ECX | -                               | ECX | control |
| KernelInterfacePageArea | EDX |                                 | EDX | $\sim$  |
| UtcbArea                | ESI | call SpaceControl               | ESI | $\sim$  |
| -                       | EDI |                                 | EDI | $\sim$  |
| -                       | EBX |                                 | EBX | $\sim$  |
| -                       | EBP |                                 | EBP | $\sim$  |
| -                       | ESP |                                 | ESP | =       |
|                         |     |                                 |     |         |

• Threads cannot be activated (made runnable) until the associated address space has been configured in this way

|         | • User programs cai |                                      | Т                                                   | ead ids |
|---------|---------------------|--------------------------------------|-----------------------------------------------------|---------|
| Threads | global interrupt ID | thread no (18/32)<br>intr no (18/32) | version <sub>(14/32)</sub> ≠0 (mod 64)<br>1 (14/32) | ]       |
| Theads  | local thread ID     | local id/64 (26/58)                  | 000000                                              | ]       |
|         | nilthread           | 0 (32/64                             | )                                                   | ]       |
|         | anythread           | -1 (32/6                             | 4)                                                  | ]       |
|         | anylocalthread      | -1 (26/58)                           | 000000                                              | ]       |
| 31      |                     |                                      |                                                     | 32      |



| ThreadControl                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Exception handlers, pagers, and schedulers                                                                                                                                                                                                                                                                                                                                                                                                                                           |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>New threads are created using the (privileged) ThreadControl system call:         <ul> <li>dest EAX Pager ECX Scheduler EDX SpaceSpecifier ESI UtcbLocation EDI - EBP - ESP</li> <li>call ThreadControl EBI - EBP - ESP</li> </ul> </li> <li>If dest does not exist then the new thread is created in the same address space as SpaceSpecifier</li> <li>If SpaceSpecifier=dest, then a new address space is created</li> <li>The UTCBLocation must be within the UTCB area</li> <li>If dest exists and SpaceSpecifier is nilthread, then the thread is deleted</li> </ul> | <ul> <li>Every thread has three associated threads</li> <li>thread t</li> <li>ExceptionHandler</li> <li>Pager</li> <li>Scheduler</li> <li>The exception handler is responsible for dealing with any exceptions that t generates (specified in UTCB)</li> <li>The pager is responsible for dealing with any page faults that t generates (specified in UTCB)</li> <li>The scheduler is responsible for setting the priority and timeslice for t (hidden inside kernel TCB)</li> </ul> |

#### Schedule

• If s is the scheduler thread for t, then s can set t's scheduling parameters using the Schedule system call:

rem total

| dest               | EAX | $-$ Schedule $\rightarrow$ | EAX | result  |
|--------------------|-----|----------------------------|-----|---------|
| prio               | ECX |                            | ECX | $\sim$  |
| processor control  | EDX |                            | EDX | $\sim$  |
| preemption control | ESI | call Schedule              | ESI | $\sim$  |
| ts len             | EDI |                            | EDI | rem ts  |
| total quantum      | EBX |                            | EBX | rem tot |
| -                  | EBP |                            | EBP | $\sim$  |
| -                  | ESP |                            | ESP | =       |
|                    |     |                            |     |         |

- The specified priority cannot be higher than the scheduler's own priority
- ts is the timeslice: how long does the thread run before the kernel will switch to another thread
- quantum specifies a limit on the total time that a thread can run before it is suspended

# ThreadSwitch

• A thread can give up any remaining part of its timeslice to another thread using the ThreadSwitch system call:



• If dest is nilthread, then the caller still yields the CPU and the kernel determines which thread will run next ...

| ExchangeR         | egisters                                                                 |     |   |
|-------------------|--------------------------------------------------------------------------|-----|---|
|                   | read or write parameters of another thread<br>angeRegisters system call: |     |   |
| F<br>UserDefinedF | $\begin{array}{c c c c c c c c c c c c c c c c c c c $                   | IPC |   |
|                   | e in the same address space as the caller                                |     |   |
|                   | cts of an ExchangeRegisters call are specified by e control word:        |     |   |
| control           | from (18/32) 0 (3/19) r dh p u f i s S R H                               |     |   |
|                   | 39                                                                       |     | 4 |

37

| IPC - Interprocess Communication                                                                                                                                                                                                                                                                                                  | Why combine send and receive phases?                                                                                                                                                                                                                                                                                                                                  |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| • IPC is a fundamental system call for communication between threads in L4                                                                                                                                                                                                                                                        | <ul> <li>The combination of send and receive phases in a single<br/>system call:</li> </ul>                                                                                                                                                                                                                                                                           |
| • A typical use of IPC proceeds as follows:                                                                                                                                                                                                                                                                                       | <ul> <li>requires only one system call instead of separate send and<br/>receive system calls</li> </ul>                                                                                                                                                                                                                                                               |
| <ul> <li>Load the message registers in the UTCB with a message to send</li> <li>Invoke the IPC system call, which has two phases: <ul> <li>Send the message register values to a specified thread</li> <li>Receive new message register values from a thread</li> </ul> </li> <li>Resume thread that initiated the IPC</li> </ul> | <ul> <li>receive system calls</li> <li>accomplishes both send and receive actions with only a single transition in to kernel mode</li> <li>matches common communication idioms: <ul> <li>RPC: Send a request to a thread and wait for its reply</li> <li>Server: Send response to a previous request and then wait for a new request to arrive</li> </ul> </li> </ul> |

٦Г

# Synchronization and blocking

- Communication between threads requires a sender and a receiver
  - If either party is not ready, then the communication blocks
- Some versions of L4 allow an IPC call to specify timeout periods, after which a blocked IPC call will be aborted.
  - In practice, it is hard to come up with a good methodology for picking sensible timeout values
- Other versions of L4 support only two possible timeout options: 0 (non blocking) and  $\infty$  (blocking)

# Specifics

| to              | EAX | $-$ Ipc $\rightarrow$ | EAX | from   |
|-----------------|-----|-----------------------|-----|--------|
| -               | ECX |                       | ECX | $\sim$ |
| FromSpecifier   | EDX |                       | EDX | $\sim$ |
| MR <sub>0</sub> | ESI | call Ipc              | ESI | $MR_0$ |
| UTCB            | EDI |                       | EDI | =      |
| -               | EBX |                       | EBX | $MR_1$ |
| -               | EBP |                       | EBP | $MR_2$ |
| -               | ESP |                       | ESP | ≡      |

- Some message registers passed in CPU registers
- "to" can be nilthread, if there is no send phase
- "FromSpecified" can be:
  - nilthread, if there is no receive phase
  - anythread, if it is a server that will accept requests from any other thread

| Message tags                                                                                                                                                                                                                               | Example: Interrupt handlers                                                                                                                                                                                                      |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>The value in MR<sub>0</sub> provides a message tag that describes the</li></ul>                                                                                                                                                   | <ul> <li>When a hardware interrupt occurs, the kernel sends an IPC</li></ul>                                                                                                                                                     |
| structure of the message in the remaining message registers:                                                                                                                                                                               | message from the interrupt thread to its pager with the tag:                                                                                                                                                                     |
| <ul> <li>MsgTag [MRo] label (16/45) flags (4) t (6) u (6)</li> <li>label can be used to send/receive a 16 bit data value</li> <li>u is the number of untyped words (uninterpreted 32 bit word values) sent in message registers</li> </ul> | From Interrupt Thread $-1_{(12/44)}$ $0_{(4)}$ $t = 0_{(6)}$ $u = 0_{(6)}$ $MR_0$ • When the pager has finished handling the error, it sends an IPC message back to the interrupt thread to reenable the corresponding interrupt |
| • t is the number of typed-item words (MapItem, GrantItem;                                                                                                                                                                                 | To Interrupt Thread                                                                                                                                                                                                              |
| we'll talk about these soon)                                                                                                                                                                                                               | $0_{(16/48)} \qquad 0_{(4)}  t = 0_{(6)}  u = 0_{(6)}  MR_0$ 46                                                                                                                                                                  |

43

#### Example: Thread start

• When a new thread is constructed, it waits for a message from its pager before starting:

| From Pager | Initial SP (32/64) |         |               |               | MR 2 |
|------------|--------------------|---------|---------------|---------------|------|
|            | Initial II         | (32/64) |               |               | MR 1 |
|            | 0 (16/48)          | 0 (4)   | $t = 0_{(6)}$ | $u = 2_{(6)}$ | MR   |

• When a newly created thread receives a message of this form, the kernel loads the specified esp and eip values from the message in to the thread's context and marks the thread as being runnable ...

# Example: Exception handling

• When a thread generates an exception, the kernel sends a message to the associated exception handler

|               | EAX      | (32)                |               |                |
|---------------|----------|---------------------|---------------|----------------|
|               | ECX      | (32)                |               |                |
|               | EDX      | (32)                |               |                |
|               | EBN      | (32)                |               |                |
|               | ESP      | (32)                |               |                |
|               | EBF      | (32)                |               |                |
|               | ESI      | (32)                |               |                |
|               | EDI      | (32)                |               |                |
|               | ErrorC   | nde <sub>(32)</sub> |               |                |
|               | Exceptio | nNo <sub>(32)</sub> |               |                |
|               | EFLA     | GS (32)             |               |                |
|               | EIP      | (32)                |               |                |
| -4/-5 (12/44) | 0 (4)    | 0 (4)               | $t = 0_{(6)}$ | $u = 12_{(6)}$ |

• If it chooses to resume the thread that generated the exception, it responds with a message of essentially the same format (possibly having updated registers in the process)





#### Typed items in IPC messages Page faults • An IPC message can contain multiple "typed items" (either • When a thread triggers a page fault, the kernel translates that Mapltem or Grantltem values), that will create mappings in event into an IPC to the thread's pager: the receiver based on mappings in the sender To Pager faulting user-level IP (32/64) MR 2 • The receiver sets an "acceptor" fpage in its UTCB to specify fault address (32/64) MR 1 where newly received mappings should be received $0 \, r \, w \, x$ $0_{(4)}$ $t = 0_{(6)}$ $u = 2_{(6)}$ MR<sub>0</sub> $-2_{(12/44)}$ • To receive anywhere, set the acceptor to "complete" • The pager can respond by sending back a reply with a new mapping ... that also restarts the faulting thread: • To receive nowhere, set the acceptor to "nilpage" From Pager MapItem / GrantItem MR 1,2 $0_{(16/48)}$ 0 (4) $t = 2_{(6)}$ $u = 0_{(6)}$ MR o 53 54





