Documentation Index
Fetch the complete documentation index at: https://resources.devweekends.com/llms.txt
Use this file to discover all available pages before exploring further.
Operating Systems Mastery
A comprehensive curriculum designed for engineers targeting senior/staff roles at top tech companies. This course goes beyond textbook theory — it covers real-world OS internals, Linux kernel concepts, modern OS features, and the deep technical knowledge expected in FAANG interviews.Course Duration: 14-18 weeks (self-paced)
Target Outcome: Senior Software Engineer / Systems Engineer / SRE
Prerequisites: C/C++ familiarity, basic systems programming
Primary Focus: Linux (with universal OS concepts)
Total Modules: 20 comprehensive modules
Target Outcome: Senior Software Engineer / Systems Engineer / SRE
Prerequisites: C/C++ familiarity, basic systems programming
Primary Focus: Linux (with universal OS concepts)
Total Modules: 20 comprehensive modules
Getting Started: Roadmap & Prerequisites
Before diving into the deep internals, treat this as a from-zero path:- If you know almost nothing about OS:
- Start with: OS Architecture & Fundamentals → Process Management → Memory Management.
- Then take: Virtual Memory → Synchronization → Deadlocks.
- Finally: File Systems → I/O Systems → Networking → Security.
- If you’re an application engineer (already using Linux daily):
- Skim: OS Architecture diagrams and terminology.
- Go deep on: Processes, Threads, Scheduling, Virtual Memory, File Systems, I/O.
- Optional advanced modules: Containers/Virtualization, eBPF, RTOS.
- If you’re targeting kernel/systems roles:
- Do every module in order.
- For each topic, read the OS chapter, then the Linux Internals and Case Studies sections.
- Programming: Comfortable in C (pointers, structs, function pointers, basic Makefiles). C++/Rust familiarity helps but isn’t required.
- Math / CS:
- Big-O notation and basic probability (for scheduling and performance).
- Basic digital logic (what a register is, what a bus is).
- Linux basics:
- Can navigate with
cd,ls,cat,less. - Can run
ps,top,strace,lsofwhen asked.
- Can navigate with
Concept Map: How the Modules Connect
Use this mental model whenever you feel lost:- CPU & ISA (
cpu-architectures.mdx)- Defines registers, privilege levels, and syscall instructions.
- The Scheduler, Process Management, and Synchronization chapters assume this hardware.
- OS Fundamentals (
os-fundamentals.mdx)- Defines Kernel vs User space, system call interface, and protection boundary.
- Every later chapter is “inside” this kernel box.
- Processes / Threads / Scheduling
- Explain who runs on the CPU and when.
- They rely on Virtual Memory and Synchronization to isolate and coordinate work.
- Memory Management / Virtual Memory
- Explain where each process lives in RAM and how the MMU + page tables make isolation real.
- Feed directly into File Systems, I/O, and Security (KPTI, ASLR).
- File Systems / I/O Systems / Storage Stack / Device Drivers
- Explain how bytes at rest (disks, SSDs, NVM) are exposed as files, and how drivers + DMA actually move data.
- Networking / IPC
- Explain how processes talk to each other and to the network, on top of the same scheduler + memory + I/O foundations.
- Security / Containers / Virtualization / eBPF / RTOS
- Advanced modules that compose the fundamentals to enforce isolation, observability, and real-time guarantees.
Why This Course?
Senior Interview Ready
Deep system design discussions, OS internals, and trade-off analysis expected at L5+
Linux Kernel Focus
Real implementation details from the world’s most deployed OS kernel
Production Systems
Understand how OS concepts impact application performance at scale
Modern Tech Coverage
Containers, io_uring, eBPF, modern schedulers — what’s actually used today
Course Structure
The curriculum is organized into 7 tracks progressing from foundational concepts to production expertise:Track 0: Foundations
Understanding the big picture before diving into details.Module: OS Architecture & Fundamentals
Module: OS Architecture & Fundamentals
Duration: 4-6 hours | New ModuleThe essential foundation for understanding operating systems.
- Operating System Architecture (Layered Model)
- User Space vs Kernel Space
- Core Purposes: Abstraction, Multiplexing, Isolation
- Controlled Sharing and Security
- Inside the Kernel: Major Subsystems
- System Call Interface
- Why Operating Systems Exist
Module: CPU Architectures & ISAs
Module: CPU Architectures & ISAs
Duration: 4-6 hours | New ModuleUnderstanding the hardware foundation of operating systems.
- Instruction Set Architectures (ISAs)
- x86-64: CISC architecture, privilege rings, system calls
- ARM: RISC architecture, exception levels, mobile dominance
- RISC-V: Open-source ISA, modular design, future potential
- Architecture-specific OS considerations
- Context switching and calling conventions
- Memory ordering models
Module: xv6 Teaching Operating System
Module: xv6 Teaching Operating System
Duration: 8-12 hours | New ModuleLearn OS internals by studying and modifying a real, simple operating system.
- What is xv6 and why it’s perfect for learning
- Complete boot sequence walkthrough
- System call mechanism (fork, exec, open, etc.)
- Process management and scheduling
- Virtual memory implementation
- File system internals
- Hands-on labs and debugging with GDB
- xv6 + RISC-V + QEMU integration
Track 1: System Startup
Understanding how a computer boots — from power-on to user space.Module: Boot Process
Module: Boot Process
Duration: 6-8 hours | New ModuleThe complete boot sequence from firmware to user space.
- BIOS vs UEFI: Legacy and modern firmware
- POST (Power-On Self-Test) and hardware initialization
- MBR vs GPT partitioning schemes
- Bootloaders: GRUB2 deep dive
- Kernel loading and decompression
- initramfs and early userspace
- Init systems: systemd architecture
- Boot security: Secure Boot, measured boot
Track 2: Fundamentals
Master the core abstractions that every senior engineer must understand deeply.Module 1: Process Management
Module 1: Process Management
Duration: 8-10 hoursUnderstanding how programs become processes.
- Process lifecycle: creation, execution, termination
- Process Control Block (PCB) — what the kernel tracks
- fork(), exec(), wait() — the Unix process model
- Context switching — what really happens under the hood
- Process states and transitions
- Orphan and zombie processes — causes and handling
Module 2: Threads & Concurrency
Module 2: Threads & Concurrency
Duration: 10-12 hoursMulti-threading models and implementation.
- User threads vs kernel threads
- Threading models: 1:1, M:N, M:1
- Thread lifecycle and thread-local storage
- POSIX threads (pthreads) deep dive
- Thread pools and work stealing
- Green threads and coroutines (Go, Rust models)
Module 3: CPU Scheduling
Module 3: CPU Scheduling
Duration: 8-10 hoursHow the OS decides what runs and when.
- Scheduling criteria: throughput, latency, fairness
- FCFS, SJF, Priority, Round Robin algorithms
- Multi-level Feedback Queues (MLFQ)
- Completely Fair Scheduler (CFS) in Linux
- Real-time scheduling: Rate Monotonic, EDF
- CPU affinity and NUMA considerations
Track 3: Memory & Storage
The two most critical resources that define system performance.Module 4: Memory Management
Module 4: Memory Management
Duration: 10-12 hoursPhysical memory allocation and management.
- Memory hierarchy and access patterns
- Contiguous allocation and fragmentation
- Buddy system allocator
- Slab allocator for kernel objects
- Memory protection mechanisms
- OOM killer and memory pressure
Module 5: Virtual Memory Deep Dive
Module 5: Virtual Memory Deep Dive
Duration: 12-14 hoursThe abstraction that makes modern computing possible.
- Address spaces and memory mapping
- Paging: page tables, multi-level page tables
- Translation Lookaside Buffer (TLB) — crucial for performance
- Page replacement: LRU, Clock, Second Chance, Working Set
- Demand paging and copy-on-write (COW)
- Memory-mapped files and shared memory
- Huge pages and their impact on performance
Track 4: Concurrency & I/O
Critical topics that separate senior from junior engineers.Module 6: Synchronization Primitives
Module 6: Synchronization Primitives
Duration: 12-14 hoursBuilding correct concurrent programs.
- Race conditions and critical sections
- Mutual exclusion: Peterson’s, Dekker’s algorithms
- Hardware support: test-and-set, compare-and-swap
- Spinlocks: when to use, implementation details
- Mutexes and condition variables
- Semaphores: binary and counting
- Read-write locks and their variants
- Lock-free data structures introduction
Module 7: Deadlocks
Module 7: Deadlocks
Duration: 6-8 hoursDetection, prevention, and recovery.
- Deadlock conditions: mutual exclusion, hold-and-wait, no preemption, circular wait
- Resource allocation graphs
- Deadlock prevention strategies
- Deadlock avoidance: Banker’s algorithm
- Deadlock detection algorithms
- Recovery strategies
- Livelock and starvation
- Priority inversion and priority inheritance
Module 8: Inter-Process Communication
Module 8: Inter-Process Communication
Duration: 10-12 hoursHow processes share data and coordinate.
- Pipes: anonymous and named (FIFOs)
- Message queues: POSIX and System V
- Shared memory: mmap, shmget
- Signals: synchronous vs asynchronous
- Sockets: Unix domain and network
- Memory-mapped files for IPC
- D-Bus and modern IPC
- Performance comparison of IPC mechanisms
Module 9: File Systems Internals
Module 9: File Systems Internals
Duration: 10-12 hoursHow data is organized and persisted.
- File system layout: superblock, inodes, data blocks
- Directory implementation: linear, hash, B-tree
- Allocation strategies: contiguous, linked, indexed
- ext4 deep dive: extents, journaling, delayed allocation
- VFS (Virtual File System) layer in Linux
- Journaling and crash recovery
- Modern file systems: XFS, Btrfs, ZFS
Module 10: I/O Systems & Drivers
Module 10: I/O Systems & Drivers
Duration: 8-10 hoursBridging hardware and software.
- I/O hardware: controllers, buses, DMA
- Programmed I/O vs interrupt-driven vs DMA
- Block and character devices
- I/O scheduling: NOOP, CFQ, Deadline, BFQ
- Buffer cache and page cache
- Device driver architecture
- Modern storage: NVMe, io_uring
Track 5: Networking
Understanding the kernel network stack — essential for distributed systems.Module: Network Stack Internals
Module: Network Stack Internals
Duration: 10-12 hours | New ModuleHow the kernel handles network I/O.
- Socket API internals and socket buffers (sk_buff)
- TCP/IP stack implementation in Linux
- Packet flow: from NIC to application
- Network namespaces and virtual networking
- Connection handling and backlog
- Zero-copy networking techniques
- XDP (eXpress Data Path) for high performance
- Network performance tuning
Track 6: Advanced & Production
Real-world OS knowledge for production systems.Module: Containers & Virtualization
Module: Containers & Virtualization
Duration: 10-12 hours | New ModuleThe foundation of modern cloud infrastructure.
- Linux namespaces: all 8 types explained
- Control groups (cgroups) v1 and v2
- Container runtimes: containerd, runc
- Docker internals: layered filesystem, networking
- Hypervisors: Type 1 vs Type 2
- KVM and hardware virtualization (VT-x/AMD-V)
- Paravirtualization vs full virtualization
- Container security and isolation
Module: Linux Kernel Architecture
Module: Linux Kernel Architecture
Duration: 12-14 hoursUnderstanding the world’s most important OS kernel.
- Kernel architecture: monolithic with modules
- Kernel address space layout
- Process management in Linux: task_struct
- Kernel threading: kthreads, workqueues
- Memory management: slab allocator, buddy system
- Kernel synchronization: spinlocks, RCU, seqlocks
- Kernel modules: writing and loading
- System calls and the syscall table
Module: Modern OS Features
Module: Modern OS Features
Duration: 8-10 hours | New ModuleCutting-edge kernel features you need to know.
- io_uring: modern async I/O interface
- eBPF: programmable kernel extensions
- Modern schedulers: CFS, EEVDF
- Pressure Stall Information (PSI)
- Transparent Huge Pages (THP)
- Memory tiering and NUMA balancing
- Kernel bypass techniques
- Future directions in OS design
Module: Debugging & Performance
Module: Debugging & Performance
Duration: 10-12 hours | New ModuleTools and techniques for production systems.
- GDB: advanced debugging techniques
- strace/ltrace for system call tracing
- perf: CPU profiling and analysis
- Flame graphs and performance visualization
- ftrace and function tracing
- bpftrace for dynamic tracing
- Memory debugging: valgrind, ASan
- Kernel debugging techniques
Module: OS Security & Protection
Module: OS Security & Protection
Duration: 8-10 hoursSecurity from the OS perspective.
- Protection rings and privilege levels
- Access control: DAC, MAC, RBAC
- Capabilities and least privilege
- Address Space Layout Randomization (ASLR)
- Stack canaries and buffer overflow prevention
- Secure boot and chain of trust
- SELinux and AppArmor
- Spectre, Meltdown, and hardware vulnerabilities
Capstone
Senior Interview Preparation
Senior Interview Preparation
Duration: 6-8 hoursPutting it all together for interviews.
- Common OS interview question patterns
- System design with OS considerations
- Debugging scenarios and walkthroughs
- Trade-off discussions framework
- Real interview experiences and solutions
- Mock interview problems with solutions
- Study plan and prioritization guide
Real-World Case Studies
Real-World Case Studies
Duration: 4-6 hoursLearning from production systems.
- Linux kernel evolution case studies
- Container orchestration internals
- Database OS interactions
- High-performance networking
- Production debugging stories
Learning Path Recommendations
Quick Prep (3-4 weeks)
Focus on Processes, Threads, Memory, Synchronization, and Deadlocks — core concepts for most interviews.
Comprehensive (8-10 weeks)
Complete Tracks 2-4 plus Security for solid theoretical and practical understanding.
Expert Track (14-18 weeks)
Full course including boot process, containers, networking, modern features, and debugging.
Reading Plan by Weeks
A structured week-by-week schedule to master OS internals:| Week | Track | Modules | Focus |
|---|---|---|---|
| 1 | Foundations | OS Fundamentals, CPU Architectures | Build mental model of kernel vs user space |
| 2 | Fundamentals | Process Management | fork/exec/wait, PCB, context switching |
| 3 | Fundamentals | Threads & Concurrency | Threading models, pthreads, goroutines |
| 4 | Fundamentals | CPU Scheduling | MLFQ, CFS, real-time scheduling |
| 5 | Memory | Memory Management | Buddy allocator, slab, fragmentation |
| 6 | Memory | Virtual Memory | Page tables, TLB, demand paging |
| 7 | Concurrency | Synchronization | Mutexes, semaphores, lock-free structures |
| 8 | Concurrency | Deadlocks, IPC | Detection, prevention, pipes, shared memory |
| 9 | I/O | File Systems | VFS, inodes, journaling, ext4/XFS |
| 10 | I/O | I/O Systems | DMA, block devices, io_uring |
| 11 | Networking | Network Stack | sk_buff, TCP/IP, socket internals |
| 12 | Advanced | Containers & Virtualization | Namespaces, cgroups, KVM |
| 13 | Advanced | Security | ASLR, capabilities, seccomp, Spectre |
| 14 | Advanced | Boot Process, Debugging | UEFI, perf, eBPF, flame graphs |
| 15-16 | Capstone | Interview Prep, Case Studies | Mock problems, real-world scenarios |
Accelerated 4-Week Plan (Interview Prep)
| Week | Daily Focus (2-3 hrs) | Weekend Deep Dive |
|---|---|---|
| 1 | Processes, Threads | Context switching internals, fork vs clone |
| 2 | Virtual Memory, Synchronization | Page tables, mutex implementation |
| 3 | File Systems, I/O | VFS walk, io_uring vs epoll |
| 4 | Containers, Security | Namespaces + cgroups lab, Spectre overview |
Interview Topics by Company Type
| Company Type | Key Focus Areas |
|---|---|
| FAANG | Virtual memory, scheduling, concurrency, containers, system calls |
| Systems/Infra | Linux internals, file systems, I/O, networking, performance |
| Cloud/Container | Namespaces, cgroups, virtualization, networking, security |
| Database Companies | Buffer management, I/O, concurrency control, file systems |
| Embedded | Boot process, real-time scheduling, memory constraints, drivers |
| Security | OS security, isolation, Secure Boot, vulnerability mitigation |
New in This Course
Boot Process Deep Dive
From BIOS/UEFI to systemd — understand the complete boot sequence
Containers & Virtualization
Namespaces, cgroups, Docker internals, KVM — foundation of cloud
Network Stack Internals
Socket buffers, TCP/IP in kernel, XDP — essential for distributed systems
Modern OS Features
io_uring, eBPF, modern schedulers — cutting-edge kernel features
Debugging & Performance
GDB, perf, bpftrace, flame graphs — production debugging skills
Prerequisites & Setup
What Makes This Course Different
This isn’t a rehash of OS textbooks. We focus on:
- Interview-relevant depth: What senior engineers actually get asked
- Linux-specific implementation: Real code, not abstract theory
- Production perspective: How these concepts impact real systems
- Modern coverage: Containers, eBPF, io_uring — not just legacy concepts
- Trade-off discussions: The nuanced thinking senior roles require
Production Caveats: Where OS Knowledge Becomes a Force Multiplier
Most engineers can talk about processes, memory, and syscalls in the abstract. The senior engineer is the one who has seen these abstractions break under production load and knows which assumptions are dangerous.Senior Interview Questions: OS Mental Model
Walk me through what happens between pressing the power button and seeing a login prompt. Go as deep as you reasonably can.
Walk me through what happens between pressing the power button and seeing a login prompt. Go as deep as you reasonably can.
What does the operating system guarantee that user code cannot do for itself? Be specific.
What does the operating system guarantee that user code cannot do for itself? Be specific.
Strong Answer Framework:Common Wrong Answers:
- Address-space isolation. Two processes cannot read each other’s memory. The MMU enforces this through page tables — only the kernel can write
CR3(x86) orTTBR0_EL1(ARM). User code can ask for shared memory viammap(MAP_SHARED), but the kernel decides what is shared. Without this guarantee, a malicious npm package could read your SSH keys directly out ofsshd’s heap. - Privilege separation for hardware access. Direct I/O port access (
IN/OUTon x86), MSR writes, interrupt management, and DMA programming are all kernel-only. A misbehaving program cannot reprogram the IOMMU to DMA over the kernel image. User code that wants hardware access goes through drivers, which the kernel mediates. - Preemption guarantee. The OS guarantees that no user thread can monopolize a CPU forever. Even an infinite loop will be preempted by the timer interrupt. User code cannot disable interrupts (the
CLIinstruction faults in ring 3). Without this, one bad goroutine would freeze the whole machine. - Resource accounting and enforcement. Memory limits via cgroups, file descriptor limits via
RLIMIT_NOFILE, CPU shares via the scheduler. User code can ask for resources but cannot bypass the limits. The kernel is the bookkeeper. - Atomic system-wide operations. Things like creating a file (
open(O_CREAT | O_EXCL)), advisory locks (flock), and signal delivery require atomicity across all processes. Only the kernel can hold the global locks needed to make these atomic.
Senior follow-up: If a user-space program absolutely needs hardware access (think DPDK), how does it get it without breaking the OS guarantees? VFIO (Virtual Function I/O) lets the kernel hand a hardware device to a specific user-space process via the IOMMU. The IOMMU enforces that the user-space DMA can only target pages the process owns, so the kernel guarantees are preserved at hardware level. DPDK and SPDK both use this. The cost is that the device is dedicated to that process — the kernel cannot use it.
Senior follow-up: What happens when these guarantees fail? Spectre and Meltdown were exactly this: speculative execution leaked data across the kernel-user boundary, breaking the address-space isolation guarantee. The fix (KPTI) cost real performance but restored the guarantee. The lesson: the guarantees are not free, and when hardware bugs break them, the patch always costs throughput.
Senior follow-up: Where does the OS deliberately not provide a guarantee, and why? Real-time deadlines. Stock Linux makes no hard guarantee about scheduling latency — a high-priority task can be delayed by kernel work (interrupt handling, RCU grace periods). For hard real-time, you need
PREEMPT_RT (mainline since 6.12 in 2024) or a separate RTOS. The general-purpose kernel optimizes throughput over worst-case latency.- “The OS prevents bugs in your application.” No. It prevents your bugs from corrupting other applications. The OS cannot stop you from leaking memory, deadlocking, or computing the wrong answer.
- “The OS guarantees fairness.” Only by policy, not by definition. A process with
nice -n -20will starve everything else under theCFSscheduler. The OS provides mechanisms; fairness is a configurable outcome.
- Tanenbaum and Bos, Modern Operating Systems, 4th ed., chapter 1 (Introduction) for the philosophical framing.
- Linux kernel
Documentation/admin-guide/cgroup-v2.rst— how resource accounting actually works. - “The Tragedy of
mmap” by Andy Kohlbecker — a deep dive on where OS abstractions leak.
A new engineer says: 'Why would I ever care about the OS? I just write Python.' Convince them in three minutes.
A new engineer says: 'Why would I ever care about the OS? I just write Python.' Convince them in three minutes.
Strong Answer Framework:Common Wrong Answers:
- Your Python code is a thin wrapper over syscalls. Every
open, everyrequests.get, everytime.sleepis a syscall. When your service is slow, the cause is usually syscall behavior you do not understand: page cache misses, lock contention in the kernel, TCP backoff, or the GIL fighting the scheduler. You cannot debug what you cannot see. - Production failures look like OS failures. “The service is slow” really means: high syscall latency (storage), high context-switch rate (too many threads), high softirq time (network), or page cache thrashing (memory pressure). When you call SRE at 3am, they will speak in OS terms — iowait, load average, page faults, OOM kills. If you do not speak that language, you cannot help.
- The OS is the source of weird behavior. “Why does my process get killed at 2am?” — because someone else on the host triggered the OOM killer. “Why does my code work in dev but timeout in prod?” — because dev is a single tenant and prod has noisy neighbors. “Why does this script run faster the second time?” — page cache. None of these answers live in your application code.
- OS knowledge is leverage. Replacing
requestswithhttpxin async mode can 10x throughput because of how the kernel handles non-blocking I/O. Switching frommultiprocessingto threading can be a regression if your work is CPU-bound (GIL) or a win if it is I/O-bound (concurrent syscalls). These are OS-level decisions disguised as Python decisions. - Career impact. L4 engineers know the framework. L5 engineers know the language. L6+ engineers know the OS. Promotion conversations at FAANG tilt heavily toward “can you debug below your stack.” Saying “I just write Python” is a ceiling on your career.
Senior follow-up: What if the engineer says “I use Kubernetes, the OS is abstracted away”? Kubernetes is the opposite of abstraction — it is OS configuration as code. Liveness probes are syscall behavior. CPU limits map to cgroup CPU quotas. Memory limits trigger the OOM killer. Pod restarts happen when the kernel decides a process is unhealthy. Knowing K8s without knowing the OS is like knowing a car’s dashboard without knowing what a transmission does.
Senior follow-up: What is the smallest piece of OS knowledge that delivers the biggest payoff for an application engineer? Understanding the page cache. It explains why databases are fast (working set in cache) or slow (cold start, evicted by other tenants), why
dd benchmarks lie (writing to cache, not disk), and why memory pressure causes mysterious latency spikes (cache thrashing). Five concepts — page cache, dirty pages, fsync, mmap, drop_caches — explain 80% of storage performance puzzles.Senior follow-up: Where would you start someone who is convinced? Brendan Gregg’s “USE method” (Utilization, Saturation, Errors). It is a checklist for diagnosing any system — CPU, memory, network, disk — using OS-level metrics. Memorize it, run it on a production service, and you will find issues your team has been ignoring for months.
- “You should learn it because it is fundamental.” True but unmotivating. Engineers learn what helps them ship; abstract appeals to fundamentals do not change behavior.
- “The OS is too complex, just trust the abstraction.” This is how you produce engineers who cannot debug production. Abstractions are leak-proof at the spec level and leaky at the operational level.
- Brendan Gregg, Systems Performance, 2nd ed. — the practitioner’s guide to OS observability.
- Jay Kreps, “The Log: What every software engineer should know about real-time data’s unifying abstraction” — shows how OS concepts (write-ahead logs, immutable structures) shape distributed systems design.
- Julia Evans’s “How to be a wizard programmer” zines — accessible entry points into OS-level thinking.
Interview Deep-Dive
If you had to explain to a system design interviewer how OS concepts directly impact application architecture, what are the top three OS mechanisms that every backend engineer must understand and why?
If you had to explain to a system design interviewer how OS concepts directly impact application architecture, what are the top three OS mechanisms that every backend engineer must understand and why?
Strong Answer:The three OS mechanisms that most directly impact application architecture are virtual memory, process/thread scheduling, and the I/O model. Every backend architecture decision — from choosing thread pools vs async I/O to sizing database buffer pools — ultimately bottoms out in one of these.
- Virtual memory and the page cache: When your application calls
read()on a file, the kernel first checks the page cache (an LRU cache of disk pages in RAM). If the data is cached, the read completes in microseconds. If not, it blocks for milliseconds while the disk is accessed. This means your application’s I/O performance is fundamentally determined by whether its working set fits in the page cache. A database with a 50GB dataset on a server with 64GB RAM will be fast because most reads hit the cache. The same database on a 16GB server will thrash. Understanding this lets you make informed decisions about instance sizing, buffer pool configuration, and whether to use mmap vs explicit read. - Scheduling and context switch cost: If your web server spawns 10,000 threads for 10,000 concurrent connections, the scheduler spends more time context-switching between threads than doing useful work. Each switch costs 5-50 microseconds of direct overhead plus cache/TLB pollution. This is why the industry moved to event-driven architectures (epoll + non-blocking I/O in Nginx) and M:N threading models (Go goroutines). The right number of kernel threads is approximately equal to the number of CPU cores. Everything beyond that should be user-space multiplexing.
- I/O models and syscall overhead: The choice between blocking I/O, non-blocking I/O with epoll, and io_uring determines your application’s throughput ceiling. At 100K requests per second, if each request requires 5 syscalls, you are making 500K syscalls/second — consuming 50-100ms of CPU time per second just on mode switches. io_uring batches these, epoll amortizes notification costs, and the vDSO eliminates timing syscalls entirely. Knowing which I/O model to use for your workload is the difference between a service that handles 10K RPS on 4 cores and one that handles 100K RPS on the same hardware.
A candidate says they know OS fundamentals. What single question would you ask to quickly gauge whether they have surface-level knowledge or deep understanding?
A candidate says they know OS fundamentals. What single question would you ask to quickly gauge whether they have surface-level knowledge or deep understanding?
Strong Answer:My go-to question is: “Walk me through what happens from the moment you type
ls in a bash terminal and press Enter, until the output appears on screen. Go as deep as you can.”This single question spans every major OS concept:- Shell parsing: bash reads the input, tokenizes it, and looks up the command in PATH.
- Process creation: bash calls
fork()to create a child process. This tests understanding of COW, page table duplication, and file descriptor inheritance. - Program loading: The child calls
execve("/bin/ls", ...). This tests understanding of the ELF loader, dynamic linking, the VFS layer resolving the path, and the kernel replacing the address space. - System calls:
lscallsgetdents64()to read directory entries, thenwrite()to output them. Each syscall crosses the user/kernel boundary via the SYSCALL instruction. - File system: The kernel resolves the directory path through the VFS, looks up inodes, reads directory entries from the page cache or disk.
- Scheduling: The child process is scheduled onto a CPU core. The parent (bash) blocks in
wait4(). - Memory management: As
lsruns, demand paging faults in code pages from the ELF binary and shared library pages from libc. - I/O and terminal: The
write()syscall goes through the TTY layer, the terminal emulator reads it, and the GPU renders characters on screen. - Process termination:
lscallsexit(), the kernel cleans up, sends SIGCHLD to bash, bash’swait4()returns, and bash prints the next prompt.
execve loads the ls binary, it reads the ELF header and finds the .interp section pointing to the dynamic linker (/lib64/ld-linux-x86-64.so.2). The kernel loads both the binary and the linker. The linker then resolves all shared library dependencies (libc, libpthread, etc.), maps their .text and .data sections via mmap(), and performs symbol relocation. This is called “lazy binding” by default — symbols are resolved on first call via the PLT (Procedure Linkage Table). The performance impact: first invocation of any library function takes a few extra microseconds for resolution. For short-lived commands like ls, dynamic linking overhead is a significant fraction of total runtime. This is why tools like musl or static linking are used for performance-critical CLI tools, and why ld.so.cache exists to speed up library lookup.Compare how containers and virtual machines provide isolation from an OS kernel perspective. Where does each approach have security blind spots?
Compare how containers and virtual machines provide isolation from an OS kernel perspective. Where does each approach have security blind spots?
Strong Answer:This gets at the fundamental difference between namespace-based isolation and hypervisor-based isolation.Containers (namespaces + cgroups):
- Isolation is provided by the kernel itself. Linux namespaces create isolated views: PID namespace (separate process tree), mount namespace (separate filesystem tree), network namespace (separate network stack), UTS namespace (separate hostname), IPC namespace (separate shared memory/semaphores), user namespace (separate UID mapping), cgroup namespace (separate cgroup view), time namespace (separate boot/monotonic clocks).
- Cgroups enforce resource limits: CPU quota, memory limit, I/O bandwidth, PID count.
- All containers share the same kernel. Syscalls from any container are handled by the same kernel code.
- Each VM runs its own kernel on virtualized hardware. The hypervisor (Type 1: KVM/Xen, Type 2: VirtualBox) uses hardware features (Intel VT-x, AMD-V) to run guest kernels in a restricted execution mode. The guest kernel thinks it is running on real hardware, but privileged operations trap to the hypervisor.
- Memory isolation is enforced by EPT/NPT (Extended/Nested Page Tables) in hardware — the guest cannot address host physical memory at all.
- I/O is either emulated (slow but flexible) or paravirtualized (virtio drivers that know they are in a VM).
- Containers: The shared kernel is the Achilles’ heel. A kernel vulnerability (e.g., a bug in
cgrouphandling,overlayfs, orio_uring) can be exploited from inside a container to escape to the host. The syscall surface is huge — a container can invoke any of 300+ syscalls unless seccomp restricts them. Spectre-class attacks can leak data between containers sharing CPU resources. Mitigations exist (seccomp profiles, AppArmor/SELinux, user namespaces) but they reduce the attack surface, they do not eliminate it. - VMs: The attack surface is the hypervisor and the virtual device emulation. QEMU’s device emulation code has had numerous CVEs (VENOM: a floppy driver bug that allowed VM escape). The guest kernel can probe the virtual hardware and find bugs. Hardware-level attacks (row hammer, side-channel attacks on shared CPU caches) can cross VM boundaries on the same physical host. The mitigation is hardware partitioning (dedicated cores, cache partitioning via Intel CAT) at the cost of density.