DOC PREVIEW
CORNELL CS 614 - Extensible Kernels

This preview shows page 1-2-17-18-19-36-37 out of 37 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Extensible KernelsOS Kernel TypesMotivationsApproachesExokernel: OverviewExokernel: OS Component LayoutA Motivating ExampleThe Reality …If Exokernel is Used…Exokernel: Design PrincipleExokernel: Secure BindingsSecure BindingsSecure Bindings via Downloading CodeMore on ASHsIssues in Resource RevocationExperiment: Aegis & ExOSProcedure and System CallsProtected Control TransfersExOS: IPC, VMASH: ScalabilityConclusionSome IssuesSPIN: an Extensible OSTraditional OSesSPIN StructureThe Protection ModelThe Extension ModelCore ServicesCore Services: Memory ManagementCore Services: Thread ManagementPerformance I: CompetitorsPerformance II: MicrobenchmarksVM primitivesPerformance III: NetworkingEnd-to-End PerformanceIssues in SPINSlide 37Extensible KernelsMingsheng HongOS Kernel TypesMonolithic KernelsMicrokernels–Flexible (?)–Module Design–Reliable–SecureExtensible Kernels–Can be customized (extended, specialized, replaced)More functionalityBetter performanceMotivationsProblems in traditional OS kernels–Implementation cannot be modifiedLRU as general page replacement strategy–Hide information of machine resourcesNot always appropriate in achieving high performance–database on top of file system–Provide a unified interface (overly general)Trade-offs for different applications–page table structureApproachesExokernel: safely expose machine resources –Higher-level abstractions are implemented in applications–The concept of Library OS–Safety ensured by secure bindingsSPIN: use kernel extensions to safely extend/change OS services/implementations–Event-driven model to customize services–Efficiency preserved–Safety ensured by PL facilitiesExokernel: OverviewAn extension of RISC philosophyKernel provides minimum services–Hardware resource protectionAllocationRevocationSharingTracking of ownership–Resource usage arbitrationIncluding an abort protocolLibOS as powerful as traditional OSExokernel: OS Component LayoutExokernelA Motivating Example*This example is borrowed from MIT websiteThe Reality …If Exokernel is Used…Exokernel: Design PrincipleTo separate protection from management–Can protect resources without understanding themWhen knowledge of resource is required–Can leave decisions to applications by downloading code–Another level of indirection without sacrificing performanceExokernel: Secure BindingsWhy?–Library OSes are untrustedHow?–Hardware mechanismTLB entry–Software cachingSTLB–Downloading application codeSecure BindingsMultiplexing physical memory–Records capabilities: ownership, R/W permissions (authorization at bind time)–Checks capabilities(authentication at access time)–Enables resource sharing (How?)Secure Bindings via Downloading CodeMultiplexing the network–Uses Application-specific Safe Handlers (ASHs)–PerformanceEliminate kernel crossingsDecouple latency-critical operations from process scheduling–SafetyCan be verified and trustedMore on ASHsAn ASH can serve as a–Packet filter–Computation unitchecksumming–Message initiator–Control initiatorIssues in Resource RevocationVisible deallocation of resource–So that library OS has a chance to reacte.g. when physical page “5” is deallocated–But could be less efficientCan combine invisible revocationLibrary OS can be prepared for such occasionsBut when application does not cooperate…–Abort Protocol – imperative revocatione.g. cpu time sliceNeed to leave some resource for each libOS–Guaranteed mappingExperiment: Aegis & ExOSAegis: an exokernel on MIPS-based DECstation–Xok: another exokernel for Intel x86 computersExOS: the corresponding library OS–Virtual memory, IPC are managed at application level–Can be extendedPerformance compared with: UltrixProcedure and System CallsProtected Control TransfersSuggested reasons (?)–Kernal crossing–TLB flushExOS: IPC, VMASH: ScalabilityConclusionSecurely multiplexes hardware resources, to achieve more flexibility & efficiency–OS primitives–High level abstractions: VM, IPC–Implementation can be customized (libOS)Some IssuesExokernel–PortabilityLibrary OS–Too much code in user space?–Not easy to customize?OSKit, SPIN–Should provide a standard interface?–SecuritySPIN: an Extensible OSUses language features to make a system–ExtensibleDynamic linking & later binding–SafeType safe language–EfficientIn kernel spaceModula-3 features: memory safe; interfacesTraditional OSes*This picture is borrowed from Univ. of Washington websiteSPIN Structure*This picture is borrowed from Univ. of Washington websiteThe Protection ModelPointers as capabilities–Types not forgeable–Determined at compile-time => efficient–Externalized when passed across domainsAn object is safe if–Verified by the compiler–Or asserted so by the kernel (objected implemented in other languages)The Extension ModelEvents and handlerseventhandlersP1P2P3Execution of handlers can be•Synchronous/ asynchronous•Bounded in time•Ordered/unorderedpredicatesCore ServicesServices that cannot be safely implemented by extensionsSimple functionalityFine grained controlCore Services: Memory ManagementManage memory and processor resources–MM interfacesStorage: allocate, deallocate, reclaimNaming : allocate, deallocateTranslation: add/remove/examine mapping–ExceptionsPageNotPresentBadAddressProtectionFault–Address space model can be defined on top of the primitivesCore Services: Thread ManagementThread Management–Strand interfaceblock/unblockcheckpoint/resume–Global and application-specific schedulers–Thread model can be defined on top of the primitivesCore services are t rusted–Extensions should be fault-isolatedPerformance I: CompetitorsDEC OSF/1: monolithic kernelMach 3.0: microkernelSPIN: extensible kernelPerformance II: MicrobenchmarksIPCThread managementVM primitives•Kernel crossings•Overhead in demultiplexing exception (?)Performance III: NetworkingLatency and bandwidthPacket forwardingEnd-to-End PerformanceNetworked Video SystemA dilemma in web server buffer management-- hybrid cache policyIssues in SPINScalability of the event/handler modelHow to prioritize handlers?–Throughput vs. fairnessExtensibility limited by interfacesConclusionTwo methods to make OS more flexible &


View Full Document

CORNELL CS 614 - Extensible Kernels

Documents in this Course
Load more
Download Extensible Kernels
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Extensible Kernels and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Extensible Kernels 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?