Process

 Fork: clone()
 Execve(), CoW
 Ready, running, terminated, waiting
 Signal vs interrupt

The exec() system call executes a new file in the current process context. It blanks the process's
current page table, discarding all existing mappings, and replaces them with a fresh page table
containing a small number of new mappings, including an executable mmap() of the new file
passed to the exec() call, a small amount of administrative space containing the environment
variables and command line arguments passed into the new program, a new process stack, and
so on.

System call
 Call C system call function
 Push arguments into registers or stack, put sys call number on rax 64-bit
 Calls interrupt (syscall in x64) to trap into kernel mode ring=0
 Call system call handler
 Returns by calling iret

Memory
 VMA vs PMA
o 1. Simplifies memory management
o 2. Use main memory efficiently
o 3. Protects memory corruptions
 Page table
o Maps a page to physical page
 TLB
o Translates VMA to PMA
o Given a 32-bit memory address, last 12 bits are offset. First 20 bits are VPN.
o Use VPN to index into page table, add the offset to the base of the PPN
 Multi-level page: can swap page tables disk
 Lazy allocation
o 1. Creates a record in the page table entry without allocating a physical page
o 2. Virtual pages with no associated physical page will have the read, write, and
execute bits disabled in their page table entries
o 3. Zeroes a free physical page, updates PTE, reset permission bits, and resume

Filesystem
 Dentry
 /foo/file are three dentries (/, /foo, /foo/file)
 A Unix file is stored on data blocks and inode (metadata only)
DNS:
 Web browser -> stub resolver -> ISP resolver -> root name server -> top-level domain
name server -> authoritative name server

TLS
 ClientHello (version, cipher suite, client random)
 ServerHello (version, cipher suite, server random, certificate, DH parameters)
o G^a mod p = A
 Client decrypts and checks the signature of the response from server, as well as
checking validity of the certificate
o Responds with G^b mod p = B
 Each derives working keys
 Each sends FINISH message

TLS 1.3
 ClientHello + keyshare
 ServerHello + keyshare
 Finish

HTTP 2
 Request multiplexing
 Header compression
 Binary protocol
 HTTP/2 Server Push

HTTP 3
 UQIC
o Sends independent data stream over a single UDP connection
o Always perform over HTTPS

ICMP
 Error reporting, communicates between host and router

Ping
 Uses ICMP echo request/echo reply to calculate round trip time

Traceroute
 Use TTL field in IP packet to identify every router
o For each iteration, set x = previous round + 1.

TCP
 Source IP, source port, destination IP, destination port
 Go to FB.com
 Look into DNS cache. Choose DNS server 8.8.8.8
 UDP datagram now consists of source_port = local, dest_port = 53
 IP packet sets dest_ip = 8.8.8.8
 Routing table indicates to route IP packet to router (default gateway of the local
network)
 Needs MAC address so ARP request is sent and router responds back with its MAC
address
 Ethernet frame
 Router receives the frame, unpack it, replaces source_ip and port with its own public IP
and port. Record (PROTOCOL, SOURCE_IP:PORT, DEST_IP:PORT) in the NAT table.
 Sends the frame to the Internet
TCP handshake
 SYNC – sends x
 SYNC + ACK – sends x+1 and y
 ACK – sends x+1 and y + 1

TCP Close Connection

This Photo by Unknown Author is licensed under CC BY-

Boot Process
 BIOS: do POST (hardware self-test)
 MBR: stage 1 of loader. Master boot record, it contains some program code and the disk
partition table details in order to load kernel later on.
 Kernel loader: stage 2 of loader. Load kernel into main memory, typically use GRUB v2.
/boot/grub2/grub.cfg. Kernel image names always starts with vmlinuz.
  Init: now it’s done by systemd.

ls command
 Shell argument expansion
o Glob * is expanded to a list of files matching the patterns in the CWD
 Each process has cwd (/proc/pid/cwd)
 Resolve the path of the executable
o Alias in local bash config file
o Looks at PATH env variable
 Calls fork()
 Calls execv()
 Runs the child
 Calls stat (and lstat)
 Writes to stdout
 Exit
 Parent wait()
 Can use debugfs to look at inode

ACID
 Atomicity: "All or none." In an ACID system, a transaction eithers succeed as a whole or
none. Another name is "adorability".
 Isolation: Two transactions do not interfere with one or another (think of two people
ordering in a restaurant; as long as they don't fight, they can get their food).
 Durability: Changes made to the system persist.
 Consistency: Changes made to the system is valid if the transaction satisfied constraints
imposed by the system (e.g FK, uniqueness, cascade). Applying AID, the system remains
unchanged and unaffected when CREATE TABLE IF NOT EXISTS statement is executed (or
errors out without IF NOT EXISTS).

CAP Theorem
 Consistency: This condition states that read should return the latest data from the
system.
 Availability: Every non-failing node returns a response for all read and write requests in
a reasonable amount of time.