/
Exokernel Exokernel

Exokernel - PowerPoint Presentation

min-jolicoeur
min-jolicoeur . @min-jolicoeur
Follow
380 views
Uploaded On 2018-01-05

Exokernel - PPT Presentation

An Operating System Architecture for ApplicationLevel Resource Management Dawson Engler Frans Kaashoek James OToole MIT Laboratory for Computer Science Function of Traditional Kernel ID: 619878

tlb exokernel page hardware exokernel tlb hardware page kernel code system resource environment aegis mapping capability access disk database

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Exokernel" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Exokernel: An Operating System Architecture for Application-Level Resource Management

Dawson

Engler

,

Frans

Kaashoek

, James O’Toole

MIT Laboratory for Computer ScienceSlide2

Function of Traditional Kernel

Provides abstraction(s) of the hardware

Processes

Virtual Memory

File System

Provides Protection

Hardware

Kernel Itself

Users From Each OtherSlide3

Motivation: A Database

I/O Abstraction: Cooked I/O

Operating System buffers I/O

Database Requirement

Cannot tell a Database user that transaction has committed until log pages have hit the

surface of the disk

Database may need to sequence writes

Database better at predicting future I/OSlide4
Slide5

The Ever Shrinking Kernel

Linux Windows –

VM,FS..

MicroKernels

Fewer Abstractions

:

rm

FS

Mach

L4

Virtual Machines (VMM is between OS and hardware) --

Virtualization

DISCO

Xen

ExoKernel --

Multiplexing

Aegis

XOKSlide6

Exokernel Architecture

Request Revoke

EnvironmentsSlide7

Securely Expose Hardware

Hardware:

Disks, Physical Memory, TLB, Frame Buffer, Network Access

Less Tangible Resources:

CPU Time Slices

Interrupts, Exceptions, Cross Domain Calls

DMA

Privileged Instructions

Exokernel

Exports (

readonly

):Freelists, cached

TLB entries, disk arm positionsSlide8

Exokernel Functions

Resource Allocation (

Inter

-environment)

Grant (or not) Resource Requests (

Policy <-

SysAd

)

Process Release (

Dealloc

) Requests

Revoke ResourcesVisible Revocation (May get to chose which to free)

Abort Note: Usually some resources exempt: page table memTrack Resource Ownership

Guard all resource usage or binding pointsSlide9

Resource Allocation

Allocation (

almost always explicit

)

Alloc system call

Deallocation

Dealloc

System Call

Visible Revocation

E.g.: Loss of the CPU when time slices expires:

Library OS

must save required processor state

Abort Protocol Break all existing secure bindingsLibrary OS gets a Repossession Exception – includes a Repossession VectorSlide10

Secure Bindings

Break up protection into bind and access

Can be implemented in:

Hardware

TLB

Frame Buffer Ownership Tag

Software

STLB

Downloading Code into ExoKernel

Dynamic Packet FilterSlide11

Examples

Physical Page

Bind: Get

Exokernel

to Load Mapping into TLB

Page allocation

Exokernel

grants self-authenticating capability (R/W)

LibOS

stores capability in Page Table

Passes Capability, Mapping on TLB write request

Access: LibOS/Application code uses TLB

Network AccessBind: Download DPF (Dynamic Packet Filter)Access: Exokernel

Runs DPF on every incoming pkt Sends packets to correct EnvironmentSlide12

0

1

2

3

4

5

2

5

freelist

RW

2

5

freelist

R only

Virtual

Physical

CAP

TLB

v

STLB

ExoKernel

Library OS

MIPs

Hardware

Miss

17

2

Check

Req Alloc 2

2

m = malloc (3000);

emacs

strcpy

(m, “The Ever Shrinking Kernel”);

.

.

.Slide13

Downloading Code

Advantages:

Avoid Kernel Crossing

Executed when environment is not scheduled

Allowed because execution time is bounded

Specification

High Level Language

Individual DPF code can be merged

Safety by Language

C

Application Specific Handlers

Dynamic Message VectoringMessage Initiation

Protection: SFI (Sandboxing), Infinite Loop??Slide14

TLB Miss in Aegis

Aegis checks if mapping is in STLB. If so, load into TLB.

If the virtual address is one of the pinned pages, Aegis loads the mapping into the TLB.

Environment checks its page tables for segmentation fault. If not, use page tables to get physical page and associated capability.

Aegis checks the capability. If valid, loads mapping into TLB.

Control returned to the environment.Slide15

Protected Control Transfer

Two Properties

 Use Registers to Pass

Msg

Operation is Atomic

No overwrite of environment-visible registers

Acall

Donate remainder of

Current

Timeslice

Scall

Donate all

timeslicesSlide16

Micro benchmarksSlide17

IPC Performance ExOS vs. UltrixSlide18

Performance Summary

Microbenchmarks

: 10X

Cheetah web server (XOK) 8XSlide19

Persistent Storage

Disk Block Shadowing

Disk Block tag

Low level metadata language

Untrusted

Deterministic FunctionSlide20
Slide21

Persistent storage

ExOS

Library OS

XOK

Disk

emacs

PhD

Thesis

crash

ExOS

Library OSSlide22

Conclusions

Microbenchmarks

and #Kernel Crossings not critical

Power (E.g. downloaded code) is critical factor

Top Down vs. Bottom Up

Encourages Innovation

Writing an OS is like writing a compiler

Operating System is

Untrusted

Untrusted

Code Evolves Faster than TrustedSlide23

… and Caveats

Hardware Specific:

MIPs vs. 486

Persistent Storage is Complex

MultiCPU

and

scaleability

??

Are all of the DISCO tricks available here??Slide24

Additional References

Application Performance and Flexibility on

Exokernel

Systems,

Frans

Kaashoek

, Dawson

Engler

, Gregory Ganger et al

Pdos.csail.mit.edu/

exo/exo-slides/sld001.htmSlide25
Slide26
Slide27
Slide28
Slide29
Slide30

Overriding Abstractions

OS Extensions

How to

o

verride generic abstractions implemented in protected kernel, with better application specific abstractions in user space

Even if possible, won’t be efficient