1 / 33

CSC 660: Advanced OS

CSC 660: Advanced OS. Microkernels. Topics. What is a microkernel? Mach and L4 Microkernel IPC Microkernel Memory Management Userspace Device Drivers Nooks Exokernels. What is a Microkernel?. Kernel with minimal features Address spaces Interprocess communication (IPC) Scheduling

tannar
Download Presentation

CSC 660: Advanced OS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 660: Advanced OS Microkernels CSC 660: Advanced Operating Systems

  2. Topics • What is a microkernel? • Mach and L4 • Microkernel IPC • Microkernel Memory Management • Userspace Device Drivers • Nooks • Exokernels CSC 660: Advanced Operating Systems

  3. What is a Microkernel? Kernel with minimal features Address spaces Interprocess communication (IPC) Scheduling Other OS features run as user-space servers. Device drivers Filesystem Pager CSC 660: Advanced Operating Systems

  4. Example Microkernel Architecture: MINIX 3 CSC 660: Advanced Operating Systems

  5. Microkernel Philosophy A concept is tolerated inside the microkernel only if moving it outside the kernel, i.e., permitting competing implementations would prevent the implementation of the systems' required functionality. - Jochen Liedtke CSC 660: Advanced Operating Systems

  6. Why use Microkernels? Flexibility: can implement competing versions of key OS features, like filesystem or paging, for best performance with applications. Safety: server malfunction restricted to that server (even drivers), not affecting rest of OS. Modularity: fewer interdepencies and a smaller trusted computing base (TCB). CSC 660: Advanced Operating Systems

  7. Mach First generation microkernel. Runs OS personality on top of microkernel. Core Abstractions Tasks and Threads (kernel provides scheduling) Messages (instead of system calls) Memory Objects (allow userspace paging) CSC 660: Advanced Operating Systems

  8. Mach Abstractions Task: unit of execution consisting of an address space, ports, and threads. Thread: basic unit of execution, shares address space, ports with other threads in task. Port: communication channel used to send messages between tasks. Tasks must have correct port rights to send message to a task. Message: basic unit of communication consisting of a typed set of data objects. Memory Object: source of memory tasks can map into their address space; includes files and pipes. CSC 660: Advanced Operating Systems

  9. Mach Threads and Messages • Threads have multiple ports with different port rights. • Send messages to ports instead of system calls. • Task must have port rights to send message to port. CSC 660: Advanced Operating Systems

  10. Mach Innovations Message passing instead of system calls. Provide uniform interface to kernel. Can extend messages w/o recompiling kernel. Userspace paging Different tasks can use different pagers. Multiprocessor / distributed OS. Ports can reside on system across network. Message passing works identically across network as on local system with NetMsgServer forwarding messages across network. CSC 660: Advanced Operating Systems

  11. Mach Performance System calls take 5-6X as long as UNIX. Message Passing Uses pointers, copy-on-write, and memory mapping to avoid unnecessary copies. Port rights checks are expensive. Paging Pageout kernel thread determines system paging policy (which pages are paged out to disk.) Pager servers handle actual writing. CSC 660: Advanced Operating Systems

  12. L4 Microkernel • Second generation microkernel. • Faster • IPC is about 10X faster than Mach. • IPC security checks moved to user space processes if needed. • Smaller • L4 is 12KB. Compare to Mach 3 (330KB) • Memory management policy moved entirely to userspace. CSC 660: Advanced Operating Systems

  13. Microkernel IPC Uniform way to handle kernel interactions. IPC Mechanisms Registers Direct copy Memory mapping Most performance critical component. All interactions require 2 IPCs: request, response. Hand-off scheduling: CPU control may be transferred with message so recipient can respond without waiting to be rescheduled. CSC 660: Advanced Operating Systems

  14. Handle Interrupts as IPC Microkernel captures interrupts. Doesn’t handle. Forwards interrupts to process as IPC. CSC 660: Advanced Operating Systems

  15. Microkernel Paging Microkernel forwards page fault to a pager server. Kernel or server decides which pages need to be written to disk in low memory situations. Pager server handles writing pages to disk. CSC 660: Advanced Operating Systems

  16. Recursive Address Spaces (L4) • Initial address space controlled by first process. • Controls all available memory. • Other address spaces empty at boot. • Other processes obtain memory pages from first or from their other processes that got pages from first. • Why is memory manager flexibility useful? • Different applications: real-time, multimedia, disk cache. CSC 660: Advanced Operating Systems

  17. Constructing Address Spaces grant: remove page from your address space and give to another consenting process. map: share page with another process. demap: remove page from all other processes that received it directly or indirectly from demapper. CSC 660: Advanced Operating Systems

  18. User Space Device Driver How do they work? Receive interrupts as IPC. I/O ports mapped to user address space. Advantages Device drivers have 3-7X bugs as kernel code. User space driver bugs don’t reduce reliability. User space driver bugs don’t reduce security. CSC 660: Advanced Operating Systems

  19. User Space Device Driver driver thread: wait for (msg, sender) if sender = my hw interrupt read/write i/o ports reset hw interrupt else pass end CSC 660: Advanced Operating Systems

  20. Nooks Problem: Most kernel bugs in device drivers. Drivers written by less experienced programmers. Drivers are tested less than core kernel code. Solution: Lightweight protection domains. Kernel-mode env w/ restricted mem write access. Isolate drivers from kernel code. CSC 660: Advanced Operating Systems

  21. Nooks Goals • Isolation: Isolate kernel from extension failures. • Recovery: Automatic recovery after extension failure so applications can continue execution. • Backwards compatibility: Extensions should not have to be rewritten to use Nooks. CSC 660: Advanced Operating Systems

  22. Nooks Architecture CSC 660: Advanced Operating Systems

  23. Exokernels Problem with traditional OS Most resource management decisions made once in a global fashion. Exokernel solution • Let programmers make resource management decisions when they write their applications. • Allows experimentation. • Allows for high performance for applications that don’t fit OS assumptions, e.g. RDBMS. CSC 660: Advanced Operating Systems

  24. What makes Exokernels Different? • Separate security from abstraction. • ex: Protect disk blocks not files. • Exokernel securely multiplexes hardware. • Move abstractions into userspace libraries called library operating systems (libOSes.) • Exokernels vs Microkernels • Microkernel concerned with implementing kernel in user space rather than kernel space. • Exokernel concerned with separating security from abstraction to give applications control. CSC 660: Advanced Operating Systems

  25. Applications on an Exokernel CSC 660: Advanced Operating Systems

  26. Exokernel Tasks • Tracking ownership of resources. • Performing access control by guarding all usage or binding points. • Revoking access to resources. CSC 660: Advanced Operating Systems

  27. Resource Revocation Invisible revocation • Most OSes deallocate memory, CPU without informating application. Visible revocation • Exokernels visibly request that a resource be returned to the kernel. • Ex: Exokernel informs app that CPU is revoked at end of time slice, and app responds by saving required processor state. • If application does not return resource, exokernel will take it from the application. CSC 660: Advanced Operating Systems

  28. Exokernel Performance Aegis/ExOS vs Ultrix performance System calls 10X faster. IPC 10-20+X faster. Virtual memory1-5X faster. CSC 660: Advanced Operating Systems

  29. Cheetah Web Server Exokernel web server performance features: • Transmits data directly from page cache w/o copying. • Colocates hyperlinked files within filesystem. • Network stack tuned to reduce packets by 20%. CSC 660: Advanced Operating Systems

  30. Exokernel Portability Apps that directly use exokernel aren’t portable to different architectures. Exokernel tied closely to hardware. Library operating systems can provide portability for other applications. LibOSes can provide POSIX interface. Can run multiple LibOSes on exokernel. CSC 660: Advanced Operating Systems

  31. Microkernels in Use Mach Underlying microkernel for UNIX systems. Examples: Mac OS X, MkLinux, NeXTStep QNX POSIX-compliant real-time OS for embedded sys. Fits on a single floppy. Underlying microkernel for Cisco IOS XR. Symbian Microkernel OS for cell phones. CSC 660: Advanced Operating Systems

  32. Key Points • Microkernel provides minimal features • Address spaces • IPC • Scheduling • Microkernel advantages • Flexibility • Safety • Modularity • Early microkernels were slow, but flexible memory/disk policies can allow for superior application performance. • Exokernels focus on separation of protection from abstraction instead of focusing on user/kernel divide. CSC 660: Advanced Operating Systems

  33. References • Dawson R. Engler, M. Frans Kaashoek, James O'Toole Jr., “Exokernel: An Operating System Architecture for Application-Level Resource Management,” Proc 15thSymposium on Operating Systems Principles (SOSP), December 1995. • David Golub, Randall Dean, Alessandro Forin, Richard Rashid, “UNIX as an Application Program,” Proceedings of the Summer 1990 USENIX Conference, pages 87-95, June 1990. • Per Brinch Hansen. “The Nucleus of a Multiprogramming System,” Communications of the ACM 13(4):238-241, http://brinch-hansen.net/papers/1970a.pdf, April 1970. • Hermann Härtig, Michael Hohmuth, Jochen Liedtke, Sebastian Schönberg, “The performance of μ-kernel-based systems”. Proc. 16th ACM symposium on Operating Systems Principles (SOSP), 1997. • Jochen Liedtke. “On µ-Kernel Construction,” Proc. 15th ACM Symposium on Operating System Principles (SOSP), December 1995 • Jochen Liedtke, “Towards Real Microkernels,” Communications of the ACM, 39(9):70-77, September 1996. • Avi Silberchatz et. al., Operating System Concepts, 7th edition, http://codex.cs.yale.edu/avi/os-book/os7/online-dir/Mach.pdf, 2004. • Michael M. Swift, Brian N. Bershad, and Henry M. Levy, “Improving the Reliability of Commodity Operating Systems,” Proc. 19th ACM Symposium on Operating System Principles (SOSP), Oct. 2003. • Andrew S. Tanenbaum, Modern Operating Systems, 3rd edition, Prentice-Hall, 2005. • Andrew S. Tanenbaum, J. Herder, and H. Bos. “Can We Make Operating Systems Reliable and Secure?” IEEE Computer, May 2006. • Andrew S. Tanenbaum, J. Herder, and H. Bos. “A Lightweight Method for Building Reliable Operating Systems Despite Unreliable Device Drivers,” TR IR-CS-018, http://www.minix3.org/doc/reliable-os.pdf, 2006. • Andrew S. Tannenbaum, “Tanenbaum-Torvalds Debate: Part II,” http://www.cs.vu.nl/~ast/reliable-os/, 2006. CSC 660: Advanced Operating Systems

More Related