Kernel and OS theory interview Questions

Don Burn wrote:

Sorry, if I came off harsh on this, everytime I have had these
questions asked it was from a weenie “that knew” that the X86 way was the
only way that anyone would build a processor. The best one on this was a
senior architect at a major chip firm who told me that I was wrong “No one
ever built a 1’s complement computer and if they did integer exceptions
would not have resulted in a negative zero” Of course the guy was probably
in diapers when much of the computer technology was invented.

Yes, indeed. Seymour Cray, certainly no slouch in the architecture
department, was a big proponent of 1’s complement. All of the Control
Data machines that Cray designed used it (1604, 6000, 7000, Cyber
70/170). The non-Cray designs did not (3000, Cyber 180)

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

> -----Original Message-----

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, March 10, 2008 6:36 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Kernel and OS theory interview Questions

I agree with you Tim about what is desirable; debugging, in
particular,
was the only thing I suggested testing, because it is an invariant,
because, these days, if you don’t know WinDbg then you can’t write
drivers.

It seems I can’t write drivers. Please don’t tell it to my manager. I’m
successfully pretending this ability to him for last 12 years

Seriously, Martin, do you think you need to know WinDbg to write an UMDF
driver?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

That is actually an interesting point. As a user mode debugger windbg is not
really best in breed, and is certainly not a requirement for debugging UMDF.

On Mon, Mar 10, 2008 at 3:14 PM, Michal Vodicka
wrote:

> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
> > Sent: Monday, March 10, 2008 6:36 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re:[ntdev] Kernel and OS theory interview Questions
> >
> > I agree with you Tim about what is desirable; debugging, in
> > particular,
> > was the only thing I suggested testing, because it is an invariant,
> > because, these days, if you don’t know WinDbg then you can’t write
> > drivers.
>
> It seems I can’t write drivers. Please don’t tell it to my manager. I’m
> successfully pretending this ability to him for last 12 years
>
> Seriously, Martin, do you think you need to know WinDbg to write an UMDF
> driver?
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http://www.upek.com]
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

–
Mark Roddy

This was not good. My bad.

You are totally correct about UMDF, and I don’t think that ever would
have crossed my mind.

Otherwise, what I was trying to say was a summary of what I said
earlier, that knowledge of debugging is the one thing that I see as a
mandatory for a driver dev, and in my head at the time was the idea that
since SoftICE is no more, that leaves only WinDbg as far as KD’s go, and
if you can’t use a debugger of some kind - DebugView should have been
included - then I have a hard time imagining that you have actually
written any drivers that work, at least as a working assumption, formed
during the course of an interview, which is always going to be hopeless
inadequate. If you walked through the door, Michal, I don’t think that
I need to tell you that I would be willing to bend the rules, as would
anyone else, but the thing is that I find people who say they know what
they are doing, who literally don’t really know how to setup a KD
connection, symbols and loader a driver, all the time.

That being said, easy, dude. I know how you use DebugView, and I don’t
use WinDbg for debugging per se either, although I do use it all the
time to look around, and we’ve talked about the how traces are
underappeciated a number of times, but we are very, very unusual, I
think, Michal, and I still think that this is the best common
denominator that there is for a problem, which most of us have said from
the get go is a losing proposition. I know it reads like a strong
statement, and it’s not a very good one at that, and I got a little
carried away in a rare effort to be brief, but just replace WinDbg with
‘a debugger’ and give it another go; that’s all I was trying to say.

mm

Michal Vodicka wrote:

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
> Sent: Monday, March 10, 2008 6:36 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Kernel and OS theory interview Questions
>
> I agree with you Tim about what is desirable; debugging, in
> particular,
> was the only thing I suggested testing, because it is an invariant,
> because, these days, if you don’t know WinDbg then you can’t write
> drivers.

It seems I can’t write drivers. Please don’t tell it to my manager. I’m
successfully pretending this ability to him for last 12 years

Seriously, Martin, do you think you need to know WinDbg to write an UMDF
driver?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

> Actually, there exist operating systems that *don’t* sleep the thread on a page fault

(in the sense of putting it in an inactive dispatcher queue anyway), but instead execute
the paging *in* the faulting thread, returning control to the location where the fault occurred
once the page is in memory.

Then it must be spinning in do-nothing loop after having written to disk registers until DMA gets completed and interrupt fires - it cannot really proceed to execution until page gets brought back to RAM, can it??? Furthermore, its disk driver,apparently, lacks elevator algorithm (or, probably, it has no disk driver at all and, instead, relies upon BIOS calls when doing disk IO). In other words, it seems to be, softly speaking, “not-so-efficient” OS…

Anton Bassov

> I agree with you Tim about what is desirable; debugging, in particular, was the only thing

I suggested testing, because it is an invariant, because, these days, if you don’t know
WinDbg then you can’t write drivers.

Well, I think “if you don’t know WinDbg then you can’t write drivers” is a bit of exaggeration. Just to give you an idea, Linux does not officially support kernel debugging at all, but still drivers for it get written somehow…

At the same time I understand your point perfectly well. IMHO, what you particularly need is the ability to analyze crash dumps - unless your bug is so obvious that it reveals itself on every run of your driver so that it can get caught with a simple breakpoint, crash dump seems to be the only source that can give you an idea what the problem may lie with…

Anton Bassov

> From: Martin O’Brien
>
> I agree with you Tim about what is desirable; debugging, in
particular,
> was the only thing I suggested testing, because it is an invariant,
> because, these days, if you don’t know WinDbg then you can’t write
> drivers…

Friends!

It is really strange position for me so tremulous relation for WinDbg.
I may understand it only for man, who worked inside VC only…

I have seen so many debuggers in my life that consider WinDbg is only as
one of tools, not more!
If you would ask me: “Do you know WinDbg?” my answer “a bit”.
You may start debugging with 5-10 WinDbg commands.
Everyone knows the part that he gets use to, 10-20 commands about.
Every time I need something new from WinDbg and go into help for
consultation. It is impossible keep in mind a lot of commands which used
occasionally only.

PS. It is so sadly, that SoftIce died…

Regards,
MichaelG.

Ok - based on the content of this thread - I have decided to go with
something straight-forward and simple for my next interview - read side
barriers:
http://blogs.msdn.com/itgoestoeleven/archive/2008/03/11/the-joys-of-compiler-and-processor-reordering-why-you-need-the-read-side-barrier.aspx

wrote in message news:xxxxx@ntdev…
> Wow… good thing I started my own company. I wouldn’t want to have to
> answer MOST of these questions. Sheeeeiiiit… ESPECIALLY Jon’s.
>
> Hey Jon: Is “I dunno, that looks silly, I don’t get it, what’s your
> point?” a good answer to your question about the DerefP function?
>
> P
>
>

Huh? Can you define support when it comes to Linux? I’ve been using
kdb on linux for 10 years.

xxxxx@hotmail.com wrote:

> I agree with you Tim about what is desirable; debugging, in particular, was the only thing
> I suggested testing, because it is an invariant, because, these days, if you don’t know
> WinDbg then you can’t write drivers.

Well, I think “if you don’t know WinDbg then you can’t write drivers” is a bit of exaggeration. Just to give you an idea, Linux does not officially support kernel debugging at all, but still drivers for it get written somehow…

At the same time I understand your point perfectly well. IMHO, what you particularly need is the ability to analyze crash dumps - unless your bug is so obvious that it reveals itself on every run of your driver so that it can get caught with a simple breakpoint, crash dump seems to be the only source that can give you an idea what the problem may lie with…

Anton Bassov

> Huh? Can you define support when it comes to Linux? I’ve been using kdb on linux for 10 years.

You overlooked the term “official” in my post - there is no *official* support for kernel-level debugging under Linux. Certainly, you can download a third-party kernel that supports debugging and build your driver against it. This is not the point - the point is that a third-party kernel that supports debugging had been developed somehow, and its evelopers, apparently, had no chance to use the debugger themselves. This is why I say that “if you don’t know WinDbg then you can’t write drivers.” is an exaggeration…

Anton Bassov

>write the code to manage a double-linked list.

I’d agree to that one:

InitializeListHead(&h);
InsertTailList(&h, &foo->Entry);

-scott

Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Joseph Vossen” wrote in message news:xxxxx@ntdev…
[snip]

>
> > Describe advanced Data structure implementation (B-tree, …), give O()
> > properties.
>
> THE LAST TIME A POTENTIAL CLIENT ASKED ME THIS CRAP, I POINTED OUT THAT
> WAS
> WHAT REFERENCE BOOKS WERE FOR, AND WALKED OUT. I did consult for them in
> the end, but upped my rates because they wasted my time with stupidity
> like
> above.

I was asked this very same thing during an interview, I gave the same
response that Don did and walked out of the interview…

[more snip]

> Ok - based on the content of this thread - I have decided to go with something

straight-forward and simple for my next interview - read side barriers:

Actually, I believe that this kind of thing *should* be asked at the interview -questions like that just indicate your ability to think logically and understand not-so-obvious details of a given problem, as well as your knowledge of hardware (and compiler) concepts. Therefore, I don’t see any problem with asking to provide a spinlock implementation in x86 assembly, lockless algorithm in C, etc whatsoever. If interviewee says “this is what reference books are for” and walks away when he hears a request like that … well, this is his choice…

Anton Bassov

Anton,

I find these good questions, but not for the original context of this
thread. I know people who do printer drivers (mainly user space) who have
no concept of most of these since they do not need them, yet they are really
good and fast on developing a user space printer driver.

On the splnlock implementation, that is a dangerous one as the many
discussions on this forum by people who champion “implement your own
spinlock” then do the most simple minded model. So even there, a question
should be more like " can you explian the conceptual model of a spinlock",
but even there as I stated before there are a number of classes of drivers
this is not appropirate for.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

wrote in message news:xxxxx@ntdev…
>> Ok - based on the content of this thread - I have decided to go with
>> something
>> straight-forward and simple for my next interview - read side barriers:
>
> Actually, I believe that this kind of thing should be asked at the
> interview -questions like that just indicate your ability to think
> logically and understand not-so-obvious details of a given problem, as
> well as your knowledge of hardware (and compiler) concepts. Therefore, I
> don’t see any problem with asking to provide a spinlock implementation in
> x86 assembly, lockless algorithm in C, etc whatsoever. If interviewee
> says “this is what reference books are for” and walks away when he hears a
> request like that … well, this is his choice…
>
> Anton Bassov
>
>

Matt,

When you first asked the question, I was annoyed because I thought it
would lead to people insisting “here are the N things all driver writers
should know”. Now as the discussion is winding down, I wanted to thank you
for bringing it up, since I believe the thread has shown clearly what is my
contention “there is no set of questions that all driver writers independant
of the class of drivers should know”.

Maybe Peter can pontificate on this using some of the thread to show
that even simple things like “how to use WinDBG” are not appropriate. I
still encounter way to many people who think there should be a first level
qualification process before you talk to someone for a driver position.
While experience is a decent qualifier, trying to generalize between driver
classes is a bad idea, and as this thread has shown Microsoft is making it
less likely with efforts such as UMDF that there is a common knowledge base
that driver writers need.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“Matt” wrote in message news:xxxxx@ntdev…
> This question just popped into mind and has little relevance to my life,
> but I’m still
> curious (perhaps it could yield new avenues for me and others to study).
> -----------------------------
>
> If you were looking to hire a developer and were a party to the interview
> process,
> what questions would you ask the interviewee regarding windows driver
> development
> along with OS theory questions?
>
> Of course the basics regarding paged vs non-paged pools, IRQL’s, and
> context. But what
> else, and specifically…
>
> I could careless about the type of driver (ndis, filesystem, wdm, NT…).
> What are some of the
> technical questions you guys have asked or been asked?
>
> Perhaps something along these lines would make a great article for Peter
> to Pontificate about.
>
> Matt
>
> P.S. - I really would like to hear something else than C vs C++.
>
>
>
>
>

Don,

I know people who do printer drivers (mainly user space) who have no concept of most of these
since they do not need them, yet they are really good and fast on developing a user space printer driver.

I speak *strictly* about hiring kernel-level developer here (and I believe this is what the OP asks about)…

On the splnlock implementation, that is a dangerous one as the many discussions on this
forum by people who champion “implement your own spinlock” then do the most simple minded model.

Exactly!!! This is the only reason why I would ask them such a question…

but even there as I stated before there are a number of classes of drivers this is not appropirate for

Well, in vast majority of cases you just don’t need to implement your own spinlocks, in the first place, unless you need some very special requirements ( for example, spinlock that may be acquired either exclusively or for shared access). Therefore, the question is of more theoretical nature. It is just interesting to check whether an interviewee is able to think logically and see various scenarios, which is very important when it comes to handling multithreaded/MP issues. I believe if you ask the interviewee to implement, say, a queued spinlock that may be acquired either exclusively or for shared access, you will get a good idea of what he is actually worth when it comes to writing multithreaded code…

Anton Bassov

> Then it must be spinning in do-nothing loop after having written to disk
registers

until DMA gets completed and interrupt fires - it cannot really proceed to
execution
until page gets brought back to RAM, can it???

Windows also executes the page fault path in the context of the faulting
thread, and the wait is for the page read IRP to complete, not for the full
fault resolution.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Don,

Thanks for your input, at least your are not making fun of my English.
You made it clear that driver work != Kernel work, which may not have been
obvious.

Although *I do concur* with most of the arguments in this thread.
Some companies, at least in my country, still uses debatable screening
questions -at least because of lack of time- knowingly taking the risk of
ruling out good people this way.

Far from perfect, the list I gave was gathered in the field from what people
asked me over the years (a very small subset) in the US&Europe for kernel
related jobs.
I found some of them useful from my small view of the world and wanted to
share with the group.

I used them as a guideline to fuel a discussion around os technology. (ex:
evolution of os architecture: os->micro k/subsystems->Vms?) when I happened
to do interviews.
This is not used to trick any candidate for sure but someone passionate
about this field will at least give some meaningful start of an answer to
some of them, if not for giving a clue for the level of coaching needed.

For what it seems a hideous data structure question, I certainly don’t ask
for a ‘Knuth’-full proof of a ‘name-your’-tree complexity, nor sample code
to design but some never heard of O() complexity nor can give at least the
name of advanced data structure, being old fashion, deciding of linear or
log implementation or just to know what is the property of an np-complete pb
is relevant, I think.

Have a good day.
Jerome.

“Don Burn” wrote in message news:xxxxx@ntdev…
> Jerome,
>
> As I stated in my earlier post, limiting things to non-driver
> specific means problems, see comments inline:
>
> “jchristatos” wrote in message
news:xxxxx@ntdev…
…

> > What is a windows subsystem? (Native vs Win32 ? why does it exist?) can
> > lead
> > to discussion with Virtual machines.
>
> What the h**k do virtual machine have to do with driver writing, sorry I

> > Recursion removal strategy (why is it bad in drivers)
>
> Sorry, a UMDF driver does not care, nor a user mode printer driver. So
you
> can’t go there unless you say you are driver specific.
>
> > memory access optimization (tiling…)
>
> Again, UMDF or mini-ports and some other things do not care it is hidden
> from them.
>
> > C compilation steps.
>
> Are you talking about BUILD or compiler / linker internals here? If BUILD
> maybe but be careful, since this has changed from rev to rev, and things
> like PreFast and SDV are not relavent to all drivers.
>
> > Security (token, SID…)
>
> Why, sorry this is specific to driver which can get at IRP’s
>
> > Cache Manager/VM interactions.
>
> I did not know that writing file systems which is where this is relavent
was
> required for all driver types.
>
> > Boot process description, Exec load process (what is the c-runtime,
> > pagefault handling),
>
> Again, you can be a good driver writer and probably not care.
>
> > Shared library (imports, rva…)
>
> Are we talking compilers/linker or driver here? Most driver writers have
no
> reason to know this?
>
> > Give your debugging strategies/support.(Bsod debug howto)
>
> This is highly dependant on driver type, again user mode has differing
> concens than kernel mode, which has differnces in the classes of driver.
>
> > Give 3 examples of filter drivers.
>
> Again, you are thinking WDM there are a heck of a lot of people who don’t
> need to deal with filters.
>
> > Give n links to internet/blog related sites.
>
> Good one, I do ask this, unfortunately I use to see if people think
certain
> sites are good, so I can appologize and say I have a meeting that will
make
> the interview short (to get rid of the loser). You may have a different
> view of those sites.
>
> > Describe advanced Data structure implementation (B-tree, …), give O()
> > properties.
>
> THE LAST TIME A POTENTIAL CLIENT ASKED ME THIS CRAP, I POINTED OUT THAT
WAS
> WHAT REFERENCE BOOKS WERE FOR, AND WALKED OUT. I did consult for them in
> the end, but upped my rates because they wasted my time with stupidity
like
> above.
>
> >
> > Should quickly give a grasp of the field by the candidate I guess, I
have
> > plenty more.
> >
>
> Sorry, what you are saying is these are relavent to your limited view of
> device drivers, the world is a lot broaded. This discussion did lead to
> one good question “What are some simple things that all driver writers no
> matter what their specialty should know?” If they try to answer the
> question with anything other than a description why this is impossible,
then
> you can probably say they are not an expert.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>

> Windows also executes the page fault path in the context of the faulting thread,

and the wait is for the page read IRP to complete, not for the full fault resolution.

How can it wait for the complete fault resolution if it is done in context of page fault handler??? Of course the only thing it can wait for is IRP completion…

Anton Bassov

I have several response to various post, but those can wait 'till I get
a little more sleep.

In the mean time, I’m curious why I haven’t heard security mentioned
once.

Let me once again open a broad but related question. Regarding the
underlying
question, what key points related to security would you guys ask about?

Matt

Matt,

Again in a driver agnostic maner it is basically impossible. Consider a
mini-port most if not all the security is taken care of for you, that is
different than a stock driver, and a heck of a lot different than a file
system. UMDF also handles most security considerations for you.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“Matt” wrote in message news:xxxxx@ntdev…
>I have several response to various post, but those can wait 'till I get
> a little more sleep.
>
> In the mean time, I’m curious why I haven’t heard security mentioned
> once.
>
> Let me once again open a broad but related question. Regarding the
> underlying
> question, what key points related to security would you guys ask about?
>
> Matt
>
>
>
>