Operating Systems Interview Questions

A process is an independent program in execution with its own memory space, resources, and program counter. A thread is a lightweight unit of execution within a process, sharing the process's memory and resources but having its own stack and registers. Multiple threads in a process can run concurrently, sharing data easily but requiring synchronization. Process creation is heavier (fork), while thread creation is lightweight.

The kernel is the core component of an operating system that manages system resources and provides services to applications. Main functions include: process management (creation, scheduling, termination), memory management (allocation, virtual memory), device management (I/O operations via drivers), file system management, and providing system call interface. The kernel operates in privileged mode with direct hardware access.

CPU scheduling determines which process gets to use the CPU at any given time from the ready queue. It's necessary because multiple processes compete for limited CPU time, and efficient scheduling maximizes CPU utilization, throughput, and responsiveness. The scheduler decides when to switch processes (preemptive) or waits for processes to yield (non-preemptive). Key metrics include turnaround time, waiting time, and response time.

Virtual memory is a memory management technique that creates an illusion of a larger memory space than physically available by using disk storage as extension. Each process gets its own virtual address space, mapped to physical memory by the OS. Benefits include: running programs larger than physical RAM, memory isolation between processes, simplified memory allocation for programs, and efficient memory sharing. It uses paging or segmentation.

A deadlock is a situation where two or more processes are blocked forever, each waiting for resources held by the others. Four necessary conditions (Coffman conditions): Mutual Exclusion (resources are non-sharable), Hold and Wait (process holds resources while waiting for others), No Preemption (resources cannot be forcibly taken), Circular Wait (circular chain of processes waiting for each other). All four must hold for deadlock to occur.

Context switching is the process of saving the state of a currently running process and loading the state of another process to execute. The OS saves CPU registers, program counter, and memory mappings to the Process Control Block (PCB). Overhead includes: direct cost (saving/restoring state), indirect cost (cache and TLB invalidation, pipeline flush). Frequent context switches reduce efficiency, so modern schedulers balance responsiveness with overhead minimization.

A mutex (mutual exclusion) is a locking mechanism that allows only one thread to access a resource at a time - it has ownership (only the thread that locked can unlock). A semaphore is a signaling mechanism with a counter that allows multiple threads up to a limit - counting semaphore allows N concurrent accesses, binary semaphore acts like mutex but without ownership. Mutex is for exclusive access; semaphores are for resource counting and signaling.

The main process states are: New (process being created), Ready (waiting to be assigned to CPU), Running (currently executing on CPU), Waiting/Blocked (waiting for I/O or event), Terminated (finished execution). Transitions: New to Ready (admitted), Ready to Running (scheduler dispatch), Running to Ready (interrupt/preemption), Running to Waiting (I/O request), Waiting to Ready (I/O complete), Running to Terminated (exit).

Paging divides physical memory into fixed-size blocks called frames and logical memory into same-sized blocks called pages. When a process runs, its pages are loaded into available frames (not necessarily contiguous). The page table maps virtual page numbers to physical frame numbers. Benefits: eliminates external fragmentation, simplifies memory allocation. Page size is typically 4KB. Page table is stored in memory, with TLB caching frequent translations.

A system call is the interface between a user program and the operating system kernel, allowing programs to request privileged operations. When invoked, CPU switches from user mode to kernel mode. Categories include: Process control (fork, exec, exit), File management (open, read, write, close), Device management (ioctl), Information (getpid, time), Communication (pipe, socket). System calls provide controlled access to hardware and protected operations.

FCFS is the simplest CPU scheduling algorithm where processes are executed in arrival order using a FIFO queue. It's non-preemptive - once a process starts, it runs to completion. Advantages: simple, fair. Disadvantages: convoy effect (short processes stuck behind long ones), poor average waiting time, not suitable for interactive systems. Example: if P1(24ms), P2(3ms), P3(3ms) arrive together, average waiting = (0+24+27)/3 = 17ms vs optimal 3ms.

A file system organizes and manages how data is stored and retrieved on storage devices. Functions include: file naming and organization (directories, hierarchies), space management (allocation, free space tracking), metadata management (permissions, timestamps, ownership), data integrity (journaling, checksums), and providing access methods (sequential, random). Common file systems: ext4 (Linux), NTFS (Windows), APFS (macOS), ZFS (enterprise).

A race condition occurs when multiple threads/processes access shared data concurrently, and the final result depends on the timing of their execution. This leads to unpredictable behavior and bugs. Prevention methods: Mutual exclusion using locks/mutexes, Semaphores for resource counting, Atomic operations for simple operations, Proper synchronization with condition variables, Avoiding shared mutable state, Using thread-safe data structures. Critical sections must be protected.

Internal fragmentation occurs when allocated memory is larger than requested, wasting space within allocated blocks - common in fixed-size allocation like paging (if process needs 1KB but page is 4KB, 3KB is wasted). External fragmentation occurs when free memory is scattered in small blocks, unable to satisfy large requests despite sufficient total memory - common in variable-size allocation. Paging eliminates external fragmentation but may have internal.

An interrupt is a signal that temporarily halts normal program execution to handle an event requiring immediate attention. Types: Hardware interrupts (I/O completion, timer), Software interrupts (system calls), Exceptions (divide by zero, page fault). Handling: save current state, determine interrupt source via interrupt vector, execute Interrupt Service Routine (ISR), restore state, resume execution. Interrupts enable asynchronous I/O and multitasking.

Round Robin assigns each process a fixed time slice (quantum). Processes execute for their quantum or until completion/blocking, then move to queue end. It's preemptive and fair. Time quantum selection is crucial: too small increases context switch overhead, too large becomes FCFS. Typical values: 10-100ms. Response time is good for interactive systems. Average waiting time can be high but no starvation. Used as base for modern schedulers.

When page fault occurs and memory is full, page replacement chooses which page to evict. FIFO removes oldest page - simple but suffers Belady's anomaly (more frames can cause more faults). LRU removes least recently used page - good approximation of optimal, implemented with timestamps or stack. Optimal removes page needed furthest in future - theoretically best but requires future knowledge, used as benchmark. LRU is practical compromise.

Four approaches: Prevention (eliminate one of four conditions - e.g., order resources to prevent circular wait), Avoidance (dynamically check safety before allocation - Banker's algorithm), Detection and Recovery (allow deadlocks, detect via wait-for graph, recover by killing processes or preempting resources), Ignorance (Ostrich algorithm - do nothing, used in most desktop OS as deadlocks are rare). Trade-off between overhead and deadlock risk.

Classic synchronization problem: producers add items to bounded buffer, consumers remove them. Challenges: don't add to full buffer, don't remove from empty, ensure mutual exclusion. Solution uses semaphores: mutex (binary, for buffer access), empty (counting, initialized to buffer size), full (counting, initialized to 0). Producer: wait(empty), wait(mutex), add, signal(mutex), signal(full). Consumer: wait(full), wait(mutex), remove, signal(mutex), signal(empty).

TLB (Translation Lookaside Buffer) is a hardware cache of recent virtual-to-physical address translations. Without TLB, every memory access requires page table lookup (one or more memory accesses). TLB hit rate is typically >99% due to locality. TLB miss triggers page table walk. TLB is flushed on context switch (or uses ASIDs to avoid). Size is small (64-1024 entries) but critical for performance - TLB miss can cost 10-100 cycles.

Priority scheduling assigns priorities to processes; CPU is allocated to highest priority ready process. Can be preemptive (higher priority preempts running process) or non-preemptive. Starvation occurs when low-priority processes never execute because higher priority processes keep arriving. Solution: Aging - gradually increase priority of waiting processes. Priority can be static or dynamic. Unix nice values range -20 (highest) to 19 (lowest).

Multiple readers can read simultaneously (read-only, no conflicts), but writers need exclusive access. First readers-writers: readers preferred (writers may starve). Second: writers preferred (readers may starve). Fair solution: arrival-order access. Implementation uses semaphores/mutexes: read_count (readers currently reading), mutex (protects read_count), rw_mutex (write access). Reader: lock mutex, increment count, if first reader lock rw_mutex, unlock mutex, read, similar for exit.

fork() creates a new process by duplicating the calling process - child gets copy of parent's memory (copy-on-write optimization), file descriptors, but new PID. Returns child PID to parent, 0 to child. exec() family replaces current process image with new program - same PID but new code/data. Common pattern: fork() then exec() to run new program. Parent can wait() for child completion. This separation allows child to set up (redirects, pipes) before exec.

Demand paging loads pages into memory only when accessed (lazy loading), not at process start. On page fault: if page is in swap, load it; else it's a new access, allocate frame. Benefits: faster startup, less memory usage, run programs larger than RAM. Thrashing occurs when system spends more time handling page faults than executing - too many processes compete for limited frames. Solutions: working set model, page fault frequency control, swapping out processes.

FCFS: processes requests in order - fair but high seek time. SSTF (Shortest Seek Time First): selects nearest request - good throughput but may starve outer tracks. SCAN (elevator): moves head in one direction servicing requests, reverses at end - prevents starvation. C-SCAN (Circular SCAN): only services in one direction, jumps to beginning - more uniform wait times. Modern SSDs have near-zero seek time, making algorithm choice less critical.

IPC enables data exchange between processes. Mechanisms: Pipes (unidirectional byte stream, related processes), Named Pipes/FIFOs (unrelated processes), Message Queues (structured messages with priorities), Shared Memory (fastest, direct memory access, needs synchronization), Sockets (network or local communication), Signals (asynchronous notifications), Memory-mapped files (file as shared memory). Choice depends on data size, relationship between processes, and performance needs.

Contiguous: file stored in consecutive blocks - simple, fast sequential/random access, but external fragmentation and difficult growth. Linked: blocks form linked list - no external fragmentation, easy growth, but slow random access (must traverse), pointer overhead. Indexed: index block contains pointers to data blocks - efficient random access, no external fragmentation, but index overhead. Modern file systems use variations like extents (contiguous runs) or B-trees.

Condition variables allow threads to wait for specific conditions while holding a mutex. Operations: wait() atomically releases mutex and sleeps until signaled, reacquires mutex before returning; signal() wakes one waiting thread; broadcast() wakes all. Always use with mutex and check condition in while loop (spurious wakeups). Example: producer signals 'not empty' when adding, consumer waits on 'not empty' when buffer empty. Enables efficient waiting without polling.

Multilevel Queue: separate queues for different process types (foreground/background), each with own algorithm. Fixed priority between queues or time slicing. Processes stay in assigned queue. Multilevel Feedback Queue (MLFQ): processes can move between queues based on behavior. CPU-bound processes drop to lower priority; I/O-bound stay high. New processes start high. Addresses issue of unknown burst times. Used in most modern OS schedulers.

Segmentation divides memory into variable-sized segments based on logical units (code, data, stack). Each segment has base address and limit. Provides programmer-visible memory organization and protection per segment. Vs Paging: Paging uses fixed-size pages (invisible to programmer), segmentation uses variable-size segments (programmer visible). Segmentation can have external fragmentation; paging has internal. Some systems combine both (segmented paging) - each segment is paged.

Kernel mode (supervisor/privileged mode) allows unrestricted access to hardware, memory, and all CPU instructions. User mode restricts access to protect system stability - privileged instructions cause exceptions. Transition to kernel mode occurs via system calls, interrupts, or exceptions. This separation prevents user programs from crashing the system or accessing others' data. Hardware (CPU mode bit) enforces this protection. Hypervisor mode is even more privileged for virtualization.

Copy-on-write (COW) is an optimization that delays copying until modification. In fork(), instead of duplicating entire address space, parent and child share same physical pages marked read-only. When either writes, a page fault triggers copying of that page only. Benefits: fast fork() (just copy page tables), memory efficient (shared read-only data like code), enables efficient fork-exec pattern where child immediately replaces memory with exec().

Journaling file systems maintain a log (journal) of changes before writing to main file system. On crash, system replays/reverts journal entries to reach consistent state - much faster than full fsck. Types: Write-ahead logging (journal metadata only or full data), Log-structured (entire FS is log). Journaling adds write overhead but ensures consistency. Common journaling file systems: ext4, NTFS, XFS, ZFS. ZFS uses copy-on-write instead of traditional journaling.

Zombie process: child has terminated but parent hasn't read its exit status (via wait()). Entry remains in process table with exit code. Zombies consume PID resources. Fix: parent should wait() for children, or use signal handler for SIGCHLD. Orphan process: parent terminates before child. The init process (PID 1) adopts orphans and will wait() for them. Orphans continue normal execution; zombies are already dead but not reaped.

Spinlock busy-waits (spins) checking lock status, consuming CPU but avoiding context switch overhead. Mutex blocks the thread, triggering context switch. Use spinlock when: critical section is very short, multiprocessor system, lock hold time < context switch time. Use mutex when: longer critical sections, single processor (spinning wastes cycles), or when sleeping is acceptable. Hybrid adaptive mutexes spin briefly then sleep. Spinlocks shouldn't be used in user space on single core.

Banker's algorithm determines if resource allocation leaves system in safe state (sequence exists where all processes can complete). Data structures: Available (resources free), Max (maximum needs), Allocation (currently held), Need (Max-Allocation). Safety check: find process whose Need <= Available, simulate completion (Available += Allocation), repeat until all complete (safe) or stuck (unsafe). On request, tentatively allocate, check safety, grant if safe else wait. O(n^2*m) complexity.

Memory-mapped I/O maps device registers to memory addresses - same instructions for memory and I/O, full addressing modes, but consumes address space. Port-mapped I/O uses separate address space with special instructions (IN/OUT on x86) - doesn't use memory addresses, but limited instructions. Modern systems prefer memory-mapped: easier programming, cache coherency protocols apply, works with virtual memory. x86 supports both; ARM uses memory-mapped exclusively.

Inverted page table has one entry per physical frame (not per virtual page), containing process ID and virtual page number. Size is proportional to physical memory, not virtual space - important for 64-bit systems where virtual space is huge. Lookup requires searching/hashing by (PID, virtual page). Hash table implementation provides O(1) average lookup. Used in IA-64, PowerPC. TLB is crucial as table search is expensive. Hybrid approaches combine with traditional page tables.

CFS aims for ideal multitasking where each process gets equal CPU time. Uses red-black tree keyed by virtual runtime (vruntime). Process with smallest vruntime runs next. When running, vruntime increases; lower priority means faster increase. Sleeping processes don't accumulate vruntime, so they get priority when waking. No fixed timeslices - scheduling granularity based on number of runnable tasks. Achieves O(log n) scheduling decisions. Replaced O(1) scheduler in Linux 2.6.23.

Priority inversion occurs when high-priority task is blocked waiting for resource held by low-priority task, while medium-priority tasks run. Famous case: Mars Pathfinder. Solutions: Priority Inheritance Protocol (low task inherits high task's priority while holding shared resource), Priority Ceiling Protocol (task acquires ceiling priority of resource, preventing other tasks from preempting), Random boosting. Real-time systems must address this to meet deadlines.

Non-Uniform Memory Access (NUMA) architecture has memory physically distributed across processors - local memory is faster to access than remote. OS must: place processes near their memory (NUMA-aware scheduling), allocate memory from local node (first-touch or explicit policies), balance load while minimizing remote access (NUMA balancing), handle memory migration. Linux commands: numactl, /proc/meminfo shows NUMA stats. Critical for large multi-socket servers.

Five philosophers, five forks, each needs two adjacent forks to eat. Deadlock if all pick left fork simultaneously. Solutions: Allow at most 4 philosophers to sit (resource hierarchy), Pick up forks only if both available (all-or-nothing), Odd philosophers pick left first, even pick right (asymmetric), Use a waiter/arbitrator (centralized), Chandy/Misra solution (message-passing). Each demonstrates different deadlock prevention strategies applicable to real systems.

Type 1 (bare-metal) runs directly on hardware, acting as minimal OS: VMware ESXi, Xen, Hyper-V. Better performance, security, used in data centers. Type 2 (hosted) runs on host OS as application: VirtualBox, VMware Workstation, Parallels. Easier setup, uses host drivers, more overhead. Hybrid approaches exist: KVM is kernel module making Linux a Type 1. Para-virtualization requires guest OS modification for efficiency. Hardware virtualization extensions (VT-x, AMD-V) improve both.

RCU is a synchronization mechanism optimized for read-heavy workloads. Readers access data without locks (fast). Writers create modified copy, update pointer atomically, wait for all current readers to finish (grace period), then free old version. Readers are never blocked by writers. Used extensively in Linux kernel for routing tables, firewall rules. Challenges: determining grace period (quiescent state-based), memory overhead of keeping old versions. Provides excellent read scalability.

Hard real-time systems have absolute deadlines - missing causes system failure (pacemaker, anti-lock brakes). Use deterministic scheduling: Rate Monotonic (static priority by period), Earliest Deadline First (dynamic). Require worst-case analysis. Soft real-time has deadlines but degraded performance is acceptable (video streaming, games). Use priority scheduling with bounded latency. RTOS kernels minimize interrupt latency, avoid priority inversion, provide deterministic behavior. Linux RT-PREEMPT patch adds soft real-time.

Kernel bypass allows user-space applications to access hardware directly, avoiding kernel overhead (system calls, context switches, copying). Techniques: DPDK (Data Plane Development Kit) for networking - polls NICs in user space, achieves millions of packets/sec; RDMA (Remote Direct Memory Access) for zero-copy network transfers; SPDK for storage. Trade-offs: loses kernel protection/isolation, application must handle everything, dedicated cores/resources. Used in HFT, NFV, high-performance storage.

Memory models define how memory operations appear to execute across processors. Sequential consistency: all processors see same order, matches program order - simple but slow. TSO (Total Store Order, x86): reads may pass older writes to different addresses - allows store buffers. Relaxed (ARM, POWER): extensive reordering allowed - needs explicit barriers. Compilers also reorder. Understanding models is crucial for lock-free programming. Languages provide memory_order semantics to control this.

VMs virtualize hardware - each guest has full OS, hypervisor manages resources. Containers share host kernel, only virtualizing user space. Linux containers use: namespaces (isolate PID, network, mount, user), cgroups (limit CPU, memory, I/O), seccomp (syscall filtering), capabilities (fine-grained privileges). Containers are lighter (MB vs GB), start faster (ms vs s), but weaker isolation (shared kernel attack surface). Windows containers can use Hyper-V isolation for stronger boundaries.

Extended Berkeley Packet Filter (eBPF) allows running sandboxed programs in kernel space without modifying kernel or loading modules. Programs are verified for safety before execution. Use cases: networking (XDP for fast packet processing), security (syscall filtering), tracing (performance monitoring), observability. Programs attach to hooks (syscalls, network events, tracepoints). Maps share data between eBPF and user space. Tools: bpftrace, bcc, Cilium. Revolutionizes observability and networking.

Monolithic kernel (Linux, BSD): all OS services in kernel space - fast (no context switches between services), but large attack surface, any bug can crash system, harder to maintain. Microkernel (QNX, MINIX, seL4): minimal kernel with IPC, scheduling; services run in user space - more stable/secure (service crash doesn't crash system), easier to extend, but IPC overhead. Hybrid kernels (Windows NT, macOS XNU) combine approaches. Modern microkernels minimize IPC cost; seL4 is formally verified.