Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What...
Transcript of Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What...
![Page 1: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/1.jpg)
From L3 to seL4 What Have We Learnt in 20 Years of L4
Microkernels?Kevin Elphinstone and Gernot Heiser
Presented by: Yuzhong Wen
![Page 2: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/2.jpg)
What is L4?- Invented by Jochen Liedtke- A family of microkernels
- Active: seL4, NOVA, OKL4, Fiasco.OC- Deactive: L4Ka::Pistachio, NICTA::Pistachio-embedded, L4Ka::
Hazelnut, L4/Alpha, L4/MIPS...- Widely used
- Real-time systems- Resource limited systems- Security related systems
![Page 3: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/3.jpg)
What is L4?- Invented by Jochen Liedtke- A family of microkernels
- Active: seL4, NOVA, OKL4, Fiasco.OC- Deactive: L4Ka::Pistachio, NICTA::Pistachio-embedded, L4Ka::
Hazelnut, L4/Alpha, L4/MIPS...- Widely used
- Real-time systems- Resource limited systems- Security related systems
Verification
![Page 4: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/4.jpg)
What is L4?-
![Page 5: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/5.jpg)
What is L4?- System design
- The kernel is “micro”- Device drivers, network stack are in userspace
![Page 6: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/6.jpg)
What is L4?- System design
- The kernel is “micro”- Device drivers, network stack are in userspace
Minimality
High performance IPC
![Page 7: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/7.jpg)
What is L4?- Beyond the kernel
- OS layer as userspace process
![Page 8: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/8.jpg)
The problem?- IPC design- Hardware resource management- Process management- Programmability
![Page 9: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/9.jpg)
IPC design
![Page 10: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/10.jpg)
Synchronous IPC- Synchronous IPC
- Essential for L4 implementation- Not flexible for handling interrupts- Not scalable
- Synchronous + Asynchronous IPC- Asynchronous endpoints- Violate minimality!
- Pure asynchronous
![Page 11: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/11.jpg)
Synchronous IPC- Synchronous IPC
- Essential for L4 implementation- Not flexible for handling interrupts- Not scalable
- Synchronous + Asynchronous IPC- Asynchronous endpoints- Violate minimality!
- Pure asynchronous
From synchronous to asynchronous
![Page 12: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/12.jpg)
IPC message structure- In register messages(short message)
- Physical register based messages- Limited by architecture
- Virtual message registers- Fixed size- Flexible
![Page 13: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/13.jpg)
IPC message structure- In register messages(short message)
- Physical register based messages- Limited by architecture
- Virtual message registers- Fixed size- Flexible
From physical to virtual
![Page 14: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/14.jpg)
IPC message structure- Long IPC
- Triggers massive page faults- Rarely used (mainly used by legacy POSIX interface)- Hard to do verification- Violate minimality!
Abandon Long IPC
![Page 15: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/15.jpg)
IPC destination- Thread ID as destination
- Expose one thread’s internal to another- Unflexible
- IPC endpoint as destination- Asynchronous Endpoints- Synchronous Endpoints - Better management
From Thread ID to IPC endpoint
![Page 16: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/16.jpg)
IPC timeout- Blocking IPC
- Suffers from DOS attack
- IPC timeout- Doesn’t help at all
- No timeout at all!- A flag to indicate using polling or blocking
Abandon timeout
![Page 17: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/17.jpg)
Communication Control- “Chief and clans”
- Provides access control- Overhead in inter-clan communication
- Capability control- Access control based on kernel objects
Abandon chief and clans
![Page 18: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/18.jpg)
Hardware resource management
![Page 19: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/19.jpg)
Resource management- Recursive page mappings
- Flexible page mapping between threads- Map from virtual pages- Map from physical frames
memory(frame)
page
page
![Page 20: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/20.jpg)
Page mapping- Recursive page mappings
- Flexible page mapping between threads- Map from virtual pages- Map from physical frames
memory(frame)
page
page
Retain the mapping from pages
Map from physical frames
![Page 21: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/21.jpg)
Kernel memory- Allocate objects directly from free memory
- Not safe- Hidden from userspace
- Allocate objects from untyped objects- Untyped objects are well controlled- All objects are controlled by capabilities
User-level memory control
![Page 22: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/22.jpg)
Time (clock source)- Time multiplexing
- The key of scheduling- Has to be done in kernel- Violate minimality!
Unsolved (may be removed from kernel)
![Page 23: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/23.jpg)
Multicore- Biglock
- Bad scalability- Multikernel
- One kernel one core
Unsolved (concurrency is hard to verify)
![Page 24: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/24.jpg)
Process management
![Page 25: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/25.jpg)
TCB management- Virtual TCB array
- Indexed by thread id- Each thread(TCB) has a kernel stack- Easy to find the stack from TCB- Large memory overhead- Large cache footprint TCB TCB TCB TCB
STACK
STACK
STACK
STACK
![Page 26: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/26.jpg)
TCB management- Virtual TCB array
- Indexed by thread id- Each thread(TCB) has a kernel stack- Easy to find the stack from TCB- Large memory overhead- Large cache footprint
- Single physically-allocated stack- Few IPC performance overhead
Abandon Virtual TCB array
![Page 27: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/27.jpg)
Scheduling- Lazy scheduling
![Page 28: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/28.jpg)
Scheduling- Lazy scheduling
- Just put the blocking thread back into runnable queue- Performance is bad on real-time systems
- Benno scheduling- Every thread on the queue is
runnable
From lazy scheduling to Benno scheduling
![Page 29: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/29.jpg)
Programmability
![Page 30: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/30.jpg)
Programmability- Language
- Assembler- Hard to maintain
- C++- No good compiler- Can’t be verified
- Calling convention- Hard to port or verify without good calling convention
Abandon assembler and C++
Abandon non-standard calling conventions
![Page 31: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/31.jpg)
Programmability- No portability!?
- L4 was coded to directly talk to hardware- Portability
- Glue layer for different architecture
Introduce glue layer for portability
![Page 32: Microkernels? We Learnt in 20 Years of L4 From L3 to seL4 What …courses.cs.vt.edu/cs5204/fall14-butt/lectures/L4.pdf · 2014. 11. 5. · From L3 to seL4 What Have We Learnt in 20](https://reader035.fdocuments.in/reader035/viewer/2022071409/610161635a3616361f63fda0/html5/thumbnails/32.jpg)
Thanks!