Microkernel-based Operating Systems - Introduction Bjoern Doebel - - PDF document

microkernel based operating systems introduction
SMART_READER_LITE
LIVE PREVIEW

Microkernel-based Operating Systems - Introduction Bjoern Doebel - - PDF document

Oct 31, 2023 195 likes •340 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Microkernel-based Operating Systems - Introduction Bjoern Doebel Dresden, Oct 9 th 2007 Lecture Goals Provide deeper understanding of OS mechanisms

slide-1
SLIDE 1

Faculty of Computer Science Institute for System Architecture, Operating Systems Group

Microkernel-based Operating Systems - Introduction

Dresden, Oct 9th 2007 Bjoern Doebel

TU Dresden, 2007-10-09 MOS - Introduction Slide 2 von 36

Lecture Goals

  • Provide deeper understanding of OS

mechanisms

  • Illustrate alternative design concepts
  • Promote OS research at TU Dresden
  • Make you all enthusiastic about OS

development in general and microkernels in special

TU Dresden, 2007-10-09 MOS - Introduction Slide 3 von 36

Administration - Lecture

  • Lecture every Tuesday, 1:00 PM, INF/E08

– First exception: No lecture next week. – Lecturers: Carsten Weinhold, Michael Roitzsch, Stefan Kalkowski, Marcus Völp, Björn Döbel

  • Slides: http://www.tudos.org -> Teaching ->

Microkernel-based Operating Systems

  • Subscribe to our mailing list:

http://os.inf.tu-dresden.de/mailman/listinfo/mos2007

  • This lecture is not: Microkernel construction

(in summer term)

slide-2
SLIDE 2

TU Dresden, 2007-10-09 MOS - Introduction Slide 4 von 36

Administration - Exercises

  • Exercises will be roughly bi-weekly,

Wednesday, 2:50 PM, INF/E09

  • Practical exercises in the computer pool
  • Paper reading exercises

– Read a paper beforehand. – Sum it up and prepare 3 questions. – We expect you to actively participate in discussion.

  • First exercise will be paper reading on

Oct 24th: Per Brinch-Hansen “The nucleus of a multiprogramming system”

TU Dresden, 2007-10-09 MOS - Introduction Slide 5 von 36

Complex lab

  • In parallel to this lecture there is a complex

lab.

  • Groups of 2-3 students.
  • Build several components of an OS (memory

server, keyboard driver, binary loader, ...)

  • “Komplexpraktikum” for (Media) Computer

Science students

  • “Internship” for Computational Engineering
  • starts on Wednesday, Oct 10th

TU Dresden, 2007-10-09 MOS - Introduction Slide 6 von 36

Monolithic Operating Systems

Hardware

File Systems Processes Device Drivers Network Stacks Scheduling

... Kernel mode

Applications

User mode

slide-3
SLIDE 3

TU Dresden, 2007-10-09 MOS - Introduction Slide 7 von 36

What's the problem?

  • All system components run in privileged

mode.

  • No isolation of components possible.

– Faulty driver crashes the whole system. – More then 2/3 of today's systems are drivers.

  • No enforcement of good system design

– can directly access all kernel data structures

  • Size and inflexibility

– Not suitable for embedded systems. – Difficult to replace single components.

  • Increasing complexity becomes more and

more difficult to manage.

TU Dresden, 2007-10-09 MOS - Introduction Slide 8 von 36

One vision - microkernels

  • Minimal OS kernel

– less error prone – small Trusted Computing Base – suitable for verification

  • System services implemented as user-level

servers

– flexible and extensible

  • Protection between individual components

– systems get more

  • secure – inter-component protection
  • safe – crashing component does not

(necessarily...) crash the whole system

TU Dresden, 2007-10-09 MOS - Introduction Slide 9 von 36

One vision – microkernels (2)

  • Servers may implement multiple OS

personalities

  • Servers may be configured to suit the target

system (small embedded systems, desktop PCs, SMP systems, ...)

  • Enforce reasonable system design

– Well-defined interfaces between components – No access to components besides these interfaces – Improved maintainability

slide-4
SLIDE 4

TU Dresden, 2007-10-09 MOS - Introduction Slide 10 von 36

Examples

  • QNX kernel only

contains

– IPC – Scheduling – IRQ redirection

  • LynxOS

– “separation kernel” – combine secure and real-time components

QNX µkernel

File system Process Manager Device manager Network stack

Hardware LynxOS Separation Kernel (Microkernel) System Services Partitions Security Policy App A App B App A System Services System Services

TU Dresden, 2007-10-09 MOS - Introduction Slide 11 von 36

The mother of all microkernels

  • Mach – developed at CMU

– designed as simple, extensible “communication kernel” – “ports” for communication channels and memory objects

  • Foundation for several real systems

– Single Server Unix (BSD4.3 on Mach) – MkLinux (OSF) – IBM Workplace OS – Mac OS X

  • Shortcomings

– performance – drivers still in the kernel

TU Dresden, 2007-10-09 MOS - Introduction Slide 12 von 36

Mac OS X

Hardware

Mach BSD Drivers, I/O kit Core services JVM Application services JRE Quartz Window Manager Quick Time AWT, Swing App Environments BSD Cocoa Carbon

Kernel User space

slide-5
SLIDE 5

TU Dresden, 2007-10-09 MOS - Introduction Slide 13 von 36

IBM Workplace OS

  • Main goals:

– multiple OS personalities – run on multiple HW architectures

ARM PPC x86 MIPS Alpha Mach microkernel OS base services Files Network Processes Power ... Windows Personality Unix Personality OS/2 Personality Win Apps Unix Apps OS/2 Apps

TU Dresden, 2007-10-09 MOS - Introduction Slide 14 von 36

IBM Workplace OS (2)

  • Never finished
  • Failure causes:

– Underestimated difficulties in creating OS personalities – Management errors, forced divisions to adopt new system without having a system – “Second System Effect”: too many fancy features – Too slow

  • Conclusion: Microkernel worked, but system

atop the microkernel did not

TU Dresden, 2007-10-09 MOS - Introduction Slide 15 von 36

Lessons learned

  • OS personalities did not work
  • Flexibility – but monolithic kernels became

flexible, too (Linux kernel modules)

  • Better design – but monolithic kernels also

improved (restricted symbol access, layered architectures)

  • Maintainability – still very complex
  • Performance matters a lot
slide-6
SLIDE 6

TU Dresden, 2007-10-09 MOS - Introduction Slide 16 von 36

Proved advantages

  • Subsystem protection / isolation
  • Code size

– Fiasco kernel: < 15,000 lines of code – Minimal application: (boot loader + “hello world”): ~6,000 loc – Linux kernel (2.6.5, i386): 3.2 million loc (drivers: 1.9 million)

  • Customizable

– Tailored memory management / scheduling / … algorithms – Adaptable to embedded / real-time / secure / … systems

TU Dresden, 2007-10-09 MOS - Introduction Slide 17 von 36

Challenges

  • We need fast and efficient kernels

– covered in the “Microkernel construction” lecture in the summer term

  • We need fast and efficient OS services

– Memory and resource management – Synchronization – Device Drivers – File systems – Communication interfaces – subject of this lecture

TU Dresden, 2007-10-09 MOS - Introduction Slide 18 von 36

Who's out there?

  • Minix @ FU Amsterdam (Tanenbaum)
  • Singularity @ MS Research
  • Eros/CoyotOS @ Johns Hopkins University
  • The L4 Microkernel Family

– L4Ka::Hazelnut/Pistacchio – Uni Karlsruhe,

  • Univ. of New South Wales (Sydney)

– OKL4 – Open Kernel Labs – SeL4 – UNSW – Fiasco – TU Dresden – P4 – Sysgo AG

slide-7
SLIDE 7

TU Dresden, 2007-10-09 MOS - Introduction Slide 19 von 36

The L4 microkernel

  • Originally developed by Jochen Liedtke at IBM

and GMD

  • 2nd generation microkernel
  • Several kernel ABI versions:

– L4.Fiasco: current stable version (Fiasco) – L4.X0: experimental, legacy (Fiasco, Hazelnut) – L4.X2, L4.V4: experimental / stable new API (Pistachio, Fiasco) – L4.sec: experimental capability support (Fiasco) – L4.v2: original Liedtke-compatible ABI version, now deprecated

TU Dresden, 2007-10-09 MOS - Introduction Slide 20 von 36

L4 concepts

  • Jochen Liedtke: “A microkernel does no real

work.”

– kernel provides inevitable mechanisms – kernel does not enforce policies

  • But what is inevitable?

– Abstractions

  • Threads
  • Address spaces (tasks)

– Mechanisms

  • Communication
  • Mapping
  • Scheduling

TU Dresden, 2007-10-09 MOS - Introduction Slide 21 von 36

L4 – Recursive Address spaces

Physical Memory Pager 1 Pager 2 Pager 3

Application Application Application

slide-8
SLIDE 8

TU Dresden, 2007-10-09 MOS - Introduction Slide 22 von 36

L4 - Threads

  • Thread ::= Unit of Execution
  • Unique Thread ID
  • Properties managed by L4:

– Instruction Pointer (EIP) – Stack (ESP) – Registers

  • User-level applications need to

– allocate stack memory – provide memory for application binary – find entry point – ...

  • 1 Address space can contain up to 128

threads

Code Data Stack Stack Threads Address Space

TU Dresden, 2007-10-09 MOS - Introduction Slide 23 von 36

L4 - Communication

  • Synchronous inter-process communication

(IPC) between threads

– agreement between partners necessary – timeouts – no in-kernel buffering – efficient implementation necessary

  • IPC flavors:

– send – receive_from (closed wait) – receive (open wait) – call (send and receive_from) – reply and wait (send and receive)

TU Dresden, 2007-10-09 MOS - Introduction Slide 24 von 36

L4 IPC – Message types

  • short (register-only) IPC
  • fast – no memory access

Thread A Thread B

send(…) receive(…) EBX EDX EBX EDX

slide-9
SLIDE 9

TU Dresden, 2007-10-09 MOS - Introduction Slide 25 von 36

L4 IPC – Message types

  • Direct long IPC – more than 2 words at a time
  • Words are directly copied:

Thread A Thread B

send(msg,…) receive(msg, …)

copy

TU Dresden, 2007-10-09 MOS - Introduction Slide 26 von 36

L4 IPC – Message types

  • Indirect Long IPC (String IPC)
  • Words in message buffer point to external

memory areas that are copied

Thread A Thread B

send(msg,…) receive(msg, …)

copy

TU Dresden, 2007-10-09 MOS - Introduction Slide 27 von 36

L4 - Mappings

  • Threads can map pages from their address

space to other address spaces.

  • This is achieved by adding a Flexpage

descriptor to the IPC message buffer.

  • Flexpages describe mapping

– location and size of memory area – receiver's rights (read-only, read-writable) – type (memory, IO, communication capability)

slide-10
SLIDE 10

TU Dresden, 2007-10-09 MOS - Introduction Slide 28 von 36

L4 – Hardware Interrupts

  • Special Thread ID to receive HW interrupts

from the kernel

  • Exaclty one thread can listen to exactly one

interrupt – multiplexing in userspace necessary.

  • I/O Memory and I/O ports are manages using

flexpages. Kernel User-space device driver

IRQ ipc_recv (irq_id, ...)

TU Dresden, 2007-10-09 MOS - Introduction Slide 29 von 36

System Calls in L4.Fiasco

  • Address spaces

– l4_task_new – create/delete tasks

  • Threads

– l4_thread_ex_regs – create/modify threads – l4_thread_schedule – setup scheduling parameters – l4_thread_switch – switch to another thread

  • IPC

– l4_ipc – perform IPC – l4_fpage_unmap – revoke flexpage mapping – l4_nchief – find next chief

TU Dresden, 2007-10-09 MOS - Introduction Slide 30 von 36

L4Linux

  • Linux kernel runs as a user-space application
  • n top of Fiasco
  • Linux processes run as L4 tasks
  • Linux system calls are mapped to L4 IPC

L4 Microkernel L4Linux Kernel Server Linux Kernel init sh Interrupt- Threads Pager lxdoom

User mode Kernel mode

slide-11
SLIDE 11

TU Dresden, 2007-10-09 MOS - Introduction Slide 31 von 36

DROPS

L4 Microkernel L4Linux Privileged Mode User Mode Resource Management Non-Real-Time World Real-Time World SCSI/IDE Driver Network Driver Display Driver Real-Time Filesystem Real-Time Protocol

TU Dresden, 2007-10-09 MOS - Introduction Slide 32 von 36

Virtual machines

  • Isolate not only processes, but also complete

Operating Systems (compartments)

  • “Server consolidation”

L4 Microkernel (L4)Linux Privileged Mode User Mode (L4)Linux Virtualization Layer (L4)Linux Web Server Domain 1 Database Server Web Server Domain 2

TU Dresden, 2007-10-09 MOS - Introduction Slide 33 von 36

Bastei

  • Disadvantages of existing systems

(microkernels as well as monoliths):

– global naming – resource management and revokation difficult – hard to get security policies right

  • Bastei := C++-based OS framework

developed here in Dresden

– recursive system design – capabilities – stacked security policies

Bastei::Core Parent 1 Parent 2

Child Child Child Child Child

slide-12
SLIDE 12

TU Dresden, 2007-10-09 MOS - Introduction Slide 34 von 36

Design alternatives

  • Hardware isolation

– x86 privilege rings, privileged instructions

  • Software isolation

– N. Wirth's Oberon language and OS since 1980s – Singularity from MS Research written in a dialect of C# (since 2000s)

  • Exokernels

– build OS interface into a library and link it to single applications (library OS)

TU Dresden, 2007-10-09 MOS - Introduction Slide 35 von 36

Lecture outline

  • Basic mechanisms and concepts

– Memory management – Tasks, Threads, Synchronization – Communication

  • Building real systems

– What are resources and how to manage them? – How to build a secure system? – How to build a real-time system? – How to reuse existing code (Linux, standard system libraries, device drivers)? – How to improve robustness and safety?

TU Dresden, 2007-10-09 MOS - Introduction Slide 36 von 36

Outlook

  • Next lecture:

– “Tasks, Threads and Synchronization”

  • n Oct 23rd
  • Next exercise:

– Oct 24th – Read P. Brinch-Hansen: “The nucleus of a multiprogramming System” – Prepare questions for discussion – Download available from the website