SlideShare a Scribd company logo

L4 Microkernel :: Design Overview

National Cheng Kung University
National Cheng Kung University

(1) Myths of Microkernel (2) Characteristics of 2nd generation microkernel (3) Toward 3rd generation microkernel

Technology
1 of 74
Download to read offline
L4 Microkernel :: Design Overview Jim Huang ( 黃敬群 ) <jserv@0xlab.org> Developer, 0xlab July 17, 2012 / JuluOSDev June 11, 2012 / CSIE, CSIE
Rights to copy © Copyright 2012 0xlab http://0xlab.org/ contact@0xlab.org Attribution – ShareAlike 3.0 Corrections, suggestions, contributions and translations You are free are welcome! to copy, distribute, display, and perform the work to make derivative works Latest update: July 17, 2012 to make commercial use of the work Under the following conditions Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode
On μ-Kernel Construction Jochen Liedtke (1953-2001) 15th ACM Symposium on Operating System Principles (1995)
Use Case: Low-cost 3G Handset • Mobile Handsets – Major applications runs on Linux – 3G Modem software stack runs on RTOS domain • Virtualization in multimedia Devices – Reduces BOM (bill of materials) – Enables the Reusability of legacy code/applications – Reduces the system development time Hypervisor • Instrumentation, Automation – Run RTOS for Measurement and analysis – Run a GPOS for Graphical Interface
original mobile phone: with Virtualization: single chip two CPUs required • Evoke’s UI functionalities including the touch screen is owned by the Linux apps while video rendering uses a rendering engine running on BREW. • When a user requests a BREW app, Linux communciates with BREW in the other VM to start up the app. The BREW obtains access to the screen by using a frame buffer from a shared- memory mapping.
Agenda • Myths of Microkernel • Characteristics of 2nd generation microkernel – memory, thread, IPC management • Toward 3rd generation microkernel • Real-world Deployment
Myths of Microkernel
Definition of Kernel • The fundamental part of an Operating System. • Responsible for providing secure access to the machine’s hardware for various programs. • Responsible for deciding when and how long a program can use a certain hardware (multiplexing).
Monolithic vs. Microkernel
Monolithic vs. Microkernel Application Application Application Application User mode Supervisor mode System call : open_File Network Stack FS Monolithic kernel H/W management Device FS Driver User mode Thread Control Supervisor mode System call : open_File Driver Thread Control IPC Network stack H/W management Hardware Hardware
Hybrid Kernel • Combine the best of both worlds – Speed and simple design of a monolithic kernel – Modularity and stability of a microkernel • Still similar to a monolithic kernel – Disadvantages still apply here • Example: Windows NT, BeOS, DragonFlyBSD
Exokernel • Follows end-to-end principle – Extremely minimal – Fewest hardware abstractions as possible – Just allocates physical resources to apps • Old name(s): picokernel, nanokernel • Example: MIT Exokernel, Nemesis, ExOS
Kernel Comparison • Monolithic kernels – Advantages: performance – Disadvantages: difficult to debug and maintain • Microkernels – Advantages: more reliable and secure – Disadvantages: more overhead • Hybrid Kernels – Advantages: benefits of monolithic and microkernels – Disadvantages: same as monolithic kernels • Exokernels – Advantages: minimal and simple – Disadvantages: more work for application developers
Definition of Microkernel • A kernel technique that provides only the minimum OS services. – Address Spacing – Inter-process Communication (IPC) – Thread Management – Unique Identifiers • All other services are done at user space independently.
Microkernel Memory User Program Managers Device Drivers User Mode Address spacing Thread Unique Management Identifiers and IPC Microkernel Mode Hardware
Microkernel Advantage • A clear microkernel interface enforces a more modular system structure • Servers can use the mechanisms provided by the microkernel like any other user program. • So server malfunction is as isolated as any other user program’s malfunction • The system is more flexible and tailorable. Different strategies and APIs, implemented by different severs, can coexist in the system
3 Generations of Microkernel • Mach, Chorus (1985-1994) – replace pipes with IPC (more general) – improved stability (vs monolithic kernels) – poor performance • L3 & L4 (1990-2001) – Large improvements in IPC performance – Written in assembly, poor portability – only synchronus IPC (build async on top of sync) – very small kernel: more functions moved to userspace • seL4, Coyotos, Nova (2000-present) – platform independence – verification, security, multiple CPUs, etc.
1st Generation: Chorus Nucleus Supervisor Dispatches traps, interrupts, and exceptions delivered by hardware. Real Time Executive Controls allocation of processes and provides preemptive scheduling Virtual Memory Manager Manipulates VM hardware and memory resources. IPC Provides message Exchanging and Remote Procedure Calls (RPC).
1st Generation: CMU Mach Asynchronous IPC Threads Scheduling Memory management Resource access permissions Device drivers (in some variants) (All other functions are implemented outside kernel. ) API Size of Mach 3: 140 functions
Mach microkernel performance issues Checking resource access permissions on system calls. Single user machines do not need to do this. Cache misses Critical sections were too large. Asynchronus IPC Most calls only need synchronus IPC. Synchronous IPC can be faster than asynchronous. Asynchronous IPC can be built on top of synchronous. Virtual memory How to prevent key processes from being paged out?
2nd Generation: L4 • “Radical” approach • [Liedtke’93, Liedtke ‘95]: • Strict minimality • From-scratch design • Fast primitives
3rd Generation: seL4 • [Elphinstone et al 2007, Klein et al 2009] • Security-oriented design – capability-based access control – strong isolation • Hardware resources subject to user-defined policies – including kernel memory (no kernel heap) – except time – “Microhypervisor" concept • Designed for formal verification
Classical L4 microkernel functionality • Threads • Scheduling • Memory management • (All other functions are implemented outside kernel) • API size of L4: 7 functions – Compare to 140 functions for Mach3
L4 Mimnimality Principle • A concept is tolerated inside the microkernel only if moving it outside the kernel, i.e., permitting competing implementations, would prevent the implementation of the system's required functionality. • Fred Books on conceptual integrity [Mythical Man Month] – UNIX : Everything is a file – Mach : IPC generalizes files – L4 : Can it be put outside the kernel?
L4 Kernel size • Line of Code in OKL4 – ~9k LOC architecture-independent – 0.5–6k LOC architecture/platform-specific • Memory footprint kernel (not aggressively minimized): – Using gcc (poor code density on RISC/EPIC architectures) Architecture Version Text Total X86 L4Ka 52k 98k Itanium L4Ka 173k 417k ARM OKL4 48k 78k PPC-32 L4Ka 41k 135k PPC-64 L4Ka 60k 205k MIPS-64 NICTA 61k 100k 25
What properties do we expect from Kernel? Every system call terminates No exceptions thrown No arithmetic problems (e.g., overflow, divide by zero) No null pointer de-references No ill-typed pointer de-references No memory leaks No buffer overflows No unchecked user arguments Code injection attacks are impossible Well-formed data structures Correct book-keeping No two objects overlap in memory
Characteristics of second generation microkernel: memory, thread, IPC management
Threads Tasks • Represent unit of execution • Represent domain of protection and isolation – Execute user code (application) • Container for code, data and resources – Execute kernel code (system calls, page • Address space: capabilities + memory faults, interrupts, exceptions) pages • Subject to scheduling • management operations: – Quasi-parallel execution on one CPU – Map: share page with other address space – Parallel execution on multiple CPUs – Voluntarily switch to another thread – Grant: give page to other address possible space – Preemptive scheduling by the kernel – Unmap: revoke previously mapped according to certain parameters page • Associated with an address space – Executes code in one task at one point in time (Migration allows threads move to another task) – Several threads can execute in one task
L4 uniprocessor microkernel Thread Task's address space Abstraction and unit of execution Identified by thread ID Tread execution Consist of paths Instruction pointer Code Stack Data Registers, flags… Thread state L4 manages (preserve) only IP, SP and registers Stack
L4 uniprocessor micro kernel Thread switch Interrupt Code Code ▪ ▪ ▪ ▪ Stack Stack Thread A Thread B I P S P Flags CPU IP/SP/Flags.. IP/SP/Flags.. Kernel Code Kernel stack Kernel stack ▪ ▪ ▪ ▪ State State MicroKernel TCB A TCB B
L4 uniprocessor micro kernel Scheduling Scheduling implemented by kernel, based on priorities Timeslice donation
Address Space 3 management operations Map/Unmap Share/revoke page with other address space Grant give page to other address space Flush The owner of an address space can flush any of its pages. Grant Map Map Map Pager Pager User Address space
Recursive Address Space (abandoned by seL4)
Messages: Copy Data • Direct and indirect data copy • UTCB message (special area) • Special case: register-only message • Pagefaults during user-level memory access possible
Page Fault Handling • Page Faults are mapped to IPC – Pager is special thread that receives page faults – Page fault IPC cannot trigger another page fault • Kernel receives the flexpage from pager and inserts mapping into page table of application • Other faults normally terminate threads APP P1 P0 App Fault P1 touches its P0 maps own page and then P1 faults
Page Fault Handling APP's address space Pager's address space Data Pager Memory Pager Code Code Call( .., fault address, fault eip, .. ) Send( app_id, fpage(,,),… ) Micro Kernel Page-Fault handler
Messages: Map Reference • Used to transfer memory pages and capabilities • Kernel manipulates page tables • Used to implement the map/grant operations
Communications & Resource Control • Need to control who can send data to whom – Security and isolation – Access to resources • Approaches – IPC-redirection/introspection – Central vs. Distributed policy and mechanism – ACL-based vs. capability-based
Toward 3rd generation microkernel
Unsolved Problems in original L4 • L4 solved performance issue [Härtig et al, SOSP’97] – “... but left a number of security issues unsolved" • Problems addressed by seL4: ad-hoc approach to protection and resource management – Global thread name space → covert channels – Threads as IPC targets → insufficient encapsulation – Single kernel memory pool → DoS attacks – Insufficient delegation of authority → limited flexibility, performance
How seL4 solves problem by designs • Isolation: Memory management is user-level responsibility – Kernel never allocates memory (post-boot) – Kernel objects controlled by user-mode servers • Performance: Memory management is fully delegatable – Supports hierarchical system design – Enabled by capability-based access control • Realtime: “Incremental consistency” design pattern – Fast transitions between consistent states – Restartable operations with progress guarantee • Verification: No concurrency in the kernel – Interrupts never enabled in kernel – Interruption points to bound latencies – Clustered multikernel design for multicores
seL4 in the first sight • Formal verification – Functional correctness – Security/safety properties • No kernel heap: all memory left after boot is handed to userland – Resource manager can delegate to subsystems – Operations requiring memory explicitly provide memory to kernel • Result: strong isolation of subsystems and high performance – Operate within delegated resources – No interference
Move to Capability based design • Don't need global names (task/thread IDs) – Names (or IDs) are only valid within a task and have no meaning elsewhere • Kernel objects are referenced through local IDs, comparable to POSIX file descriptors or handles • Creating a new (kernel) object returns an index into a task-local table, where in turn the pointer to the object is stored • Kernel protects this capability table, therefore unforgeable
Capabilities
Capability space • In-kernel memory table with pointers to kernel objects • Sending a message to thread A merely requires the sender to have a capability to the portal cap • Sender does not know which thread/task will receive it • Receiver does not know who sent it (in general) • Separation of subsystems, combinable, independent
Capabilities • Kernel objects represent resources and communication channels • Capability – Reference to kernel object – Associated with access rights – Can be mapped from task to another task • Capability table is task-local data structure inside the kernel – Similar to page table – Valid entries contain capabilities • Capability handle is index number to reference entry into capability table – Similar to file handle of POSIX • Mapping capabilities establishes a new valid entry into the capability table
Importance of Capabilities • Everything is a file → Everything is a capability • Object capabilities – Tasks, threads, IPC portals, factories, semaphores – Handles/pointers to kernel objects, can be created, delegated and destroyed • Memory capabilities – Resembles virtual memory pages – Sending (mapping) a memory capability established shared memory between sender and receiver • IO capabilities – Abstraction for access to IO ports, delegating IO caps allows the receiving Task/Address space to access denoted IO ports
seL4 concpts • Capabilities (Caps) – mediate access • Kernel objects: – Threads (thread-control blocks, TCBs) – Address spaces (page table objects, PDs, Pts) – IPC endpoints (EPs, AsyncEPs) – Capability spaces (Cnodes) – Frames – Interrupt objects – Untyped memory • System calls – Send, Wait (and variants) – Yield
Revised IPC • OS services provided by (protected) user-level server processes – invoked by IPC • seL4 IPC uses a handshake through endpoints: – Transfer points without storage capacity – Message must be transferred instantly • One partner may have to block • Single copy user ➞ user by kernel • Two endpoint types: – Synchronous (Endpoint) – asynchronous (AsyncEP)
L4 Revisions
L4 History: V2 API Original version by Jochen Liedtke (GMD) » 93–95 “Version 2” API i486 assembler IPC 20 times faster than Mach [SOSP 93, 95] Proprietary code base (GMD) Other L4 V2 implementations: L4/MIPS64: assembler + C (UNSW) 95–97 Fastest kernel on single-issue CPU (100 cycles on MIPS R4600) Open source (GPL) L4/Alpha: PAL + C (Dresden/UNSW), 95–97 First released SMP version (UNSW) Open source (GPL) Fiasco (Pentium): C++ (Dresden), 97–99, ongoing development Open source (GPL) 53
L4 History: X.1 API Experimental “Version X” API Improved hardware abstraction Various experimental features (performance, security, generality) Portability experiments Implementations Pentium: assembler, Liedtke (IBM), 97–98 Proprietary Hazelnut (Pentium+ARM), C, Liedtke et al (Karlsruhe), 98– 99 Open source (GPL) 54
L4 History: X.2/V4 API “Version 4” (X.2) API, 02 Portability, API improvements L4Ka::Pistachio, C++ (plus assembler “fast path”) x86, PPC-32, Itanium (Karlsruhe), 02–03 Fastest ever kernel (36 cycles on Itanium, NICTA/UNSW) MIPS64, Alpha (NICTA/UNSW), 03 Same performance as V2 kernel (100 cycles single issue) ARM, PPC-64 (NICTA/UNSW), x86-64 (Karlsruhe), 03–04 Open source (BSD license) 55
Real-world Deployment: Virtualization drives performance improvements
L4Linux where virtualization comes from Linux source has two cleanly separated parts Architecture dependent Architecture independent In L4Linux Architecture dependent code is modified for L4 Architecture independent part is unchanged L4 not specifically modified to support Linux
L4Linux where virtualization comes from Linux kernel as L4 user service Runs as an L4 thread in a single L4 address space Creates L4 threads for its user processes Maps parts of its address space to user process threads (using L4 primitives) Acts as pager thread for its user threads Has its own logical page table Multiplexes its own single thread (to avoid having to change Linux source code)
L4Linux where virtualization comes from The statically linked and shared C libraries are modified Systems calls in the lib call the Linux kernel using IPC For unmodified native Linux applications, there is a “trampoline” The application traps Control bounces to a user-level exception handler The handler calls the modified shared library Binary compatible
Performance is not acceptable! L4Linux [Härtig et al., SOSP’97] 5–10% overhead on macro-BMs 6–7% overhead on kernel compile MkLinux (Linux on Mach): 27% overhead on kernel compile 17% overhead with Linux in kernel
NICTA L4 / OKL4 L4 implementations on embedded processors ARM, MIPS Wombat: portable virtualized Linux for embedded systems ARMv4/v5 thanks to fast context-switching tricks
LmBench shows near native performance with OKL4 3.0 on ARMv7 target NetPerf fully-loaded CPU and the throughput degradation of the virtualized is only 3% and 4%.
Codezero hypervisor • Optimized for latest ARM cores (Cortex-A9/A15) • L4 microkernel based design, written from scratch • Capability based dynamic resource management • Container oriented driver model: no modifications required for Linux
Micro-hypervisor • Microvisor – OKL4 4.0 • Research projects such as NOVA, Coyotos, and seL4 • Aided by virtualizable ISA • Microhypervisor • VMM – the “kernel” part – the “userland” part – provides isolation – CPU emulation – mechanisms, no policies – device emulation – enables safe access to virtualization features to userspace
Advantage of NOA architecture: Reduce TCB of each VM • Micro-hypervisor provides low-level protection domains – address spaces – virtual machines • VM exits are relayed to VMM as IPC with selective guest state • one VMM per guest in (root mode) userspace: – possibly specialized VMMs to reduce attack surface – only one generic VMM implemented
Adaptation/Optimizations
Learned from NICTA L4 Process-orientation wastes RAM Replaced by single-stack (event-driven) approach Virtual TCB array wastes VAS, TLB entries without performance benefits on modern hardware Capabilities are better than thread UIDs Provide uniform resource control model & avoid covert channels Also: IPC timeouts are useless Replaced by block/poll bit Virtualization is essential Re-think kernel abstractions
Generic parts in L4 Memory management Page-fault handling IPC Path Mapping database Base of the kernel debugger Most code of L4 abstractions Thread and address-space management
Processor-specific parts in L4 Basic data types Processor abstraction IRQ control, sleep-mode support Atomic operations Page tables Parts of L4 abstractions Switch of CPU and FPU state CPU specific optimizations
Hotspot in performance view Processor modes mapping to kernel mode and user mode, mode switches Processor state context switches MMU/TLB specific address-space/page-table code Caches specific cache-consistency handling Cache consistency must be maintained (critical for task switches) IRQ controller abstract controller interface
Generic optimizations Optimized data structures and code Minimize memory accesses Minimize cache and TLB footprint Minimize number of instructions for frequently used operations Optimizations often depend on knowledge of HW Cache size / associativity TLB size / features (e.g., supported page sizes) Available instructions in the ISA
http://0xlab.org

Recommended

Microkernel Evolution
Microkernel EvolutionMicrokernel Evolution
Microkernel EvolutionNational Cheng Kung University
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorNational Cheng Kung University
 
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsNational Cheng Kung University
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyAlexander Much
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 National Cheng Kung University
 
from Source to Binary: How GNU Toolchain Works
from Source to Binary: How GNU Toolchain Worksfrom Source to Binary: How GNU Toolchain Works
from Source to Binary: How GNU Toolchain WorksNational Cheng Kung University
 

Recommended

Microkernel Evolution
Microkernel EvolutionMicrokernel Evolution
Microkernel EvolutionNational Cheng Kung University
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorNational Cheng Kung University
 
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsNational Cheng Kung University
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyAlexander Much
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 National Cheng Kung University
 
from Source to Binary: How GNU Toolchain Works
from Source to Binary: How GNU Toolchain Worksfrom Source to Binary: How GNU Toolchain Works
from Source to Binary: How GNU Toolchain WorksNational Cheng Kung University
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
 
The Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPThe Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPGregor Schmidt
 
Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component PerformanceNational Cheng Kung University
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Stefano Stabellini
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory ManagementAnil Kumar Pugalia
 
Architecture Of The Linux Kernel
Architecture Of The Linux KernelArchitecture Of The Linux Kernel
Architecture Of The Linux KernelDominique Cimafranca
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Emertxe Information Technologies Pvt Ltd
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
Power Management from Linux Kernel to Android
Power Management from Linux Kernel to AndroidPower Management from Linux Kernel to Android
Power Management from Linux Kernel to AndroidNational Cheng Kung University
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse EngineeringNational Cheng Kung University
 
Learn C Programming Language by Using GDB
Learn C Programming Language by Using GDBLearn C Programming Language by Using GDB
Learn C Programming Language by Using GDBNational Cheng Kung University
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTNational Cheng Kung University
 
Hints for L4 Microkernel
Hints for L4 MicrokernelHints for L4 Microkernel
Hints for L4 MicrokernelNational Cheng Kung University
 

More Related Content

What's hot

Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
 
The Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPThe Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPGregor Schmidt
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Stefano Stabellini
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Chris Simmonds
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 

What's hot (20)

Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux Devices
 
The Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPThe Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEP
 
Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component Performance
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory Management
 
Architecture Of The Linux Kernel
Architecture Of The Linux KernelArchitecture Of The Linux Kernel
Architecture Of The Linux Kernel
 
Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5Embedded Linux Quick Start Guide v1.5
Embedded Linux Quick Start Guide v1.5
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)
 
Secure boot general
Secure boot generalSecure boot general
Secure boot general
 
Power Management from Linux Kernel to Android
Power Management from Linux Kernel to AndroidPower Management from Linux Kernel to Android
Power Management from Linux Kernel to Android
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture Overview
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
 
Practice of Android Reverse Engineering
Practice of Android Reverse EngineeringPractice of Android Reverse Engineering
Practice of Android Reverse Engineering
 
Learn C Programming Language by Using GDB
Learn C Programming Language by Using GDBLearn C Programming Language by Using GDB
Learn C Programming Language by Using GDB
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
 

Viewers also liked

Shorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation SystemsShorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation SystemsNational Cheng Kung University
 
Lecture notice about Embedded Operating System Design and Implementation
Lecture notice about Embedded Operating System Design and ImplementationLecture notice about Embedded Operating System Design and Implementation
Lecture notice about Embedded Operating System Design and ImplementationNational Cheng Kung University
 
10 - Architetture Software - More architectural styles
10 - Architetture Software - More architectural styles10 - Architetture Software - More architectural styles
10 - Architetture Software - More architectural stylesMajong DevJfu
 
Develop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsDevelop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsNational Cheng Kung University
 
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例National Cheng Kung University
 
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明National Cheng Kung University
 
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明National Cheng Kung University
 

Viewers also liked (20)

Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoT
 
Hints for L4 Microkernel
Hints for L4 MicrokernelHints for L4 Microkernel
Hints for L4 Microkernel
 
Shorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation SystemsShorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation Systems
 
Lecture notice about Embedded Operating System Design and Implementation
Lecture notice about Embedded Operating System Design and ImplementationLecture notice about Embedded Operating System Design and Implementation
Lecture notice about Embedded Operating System Design and Implementation
 
olibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linuxolibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linux
 
Implement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVMImplement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVM
 
10 - Architetture Software - More architectural styles
10 - Architetture Software - More architectural styles10 - Architetture Software - More architectural styles
10 - Architetture Software - More architectural styles
 
Embedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesEmbedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile Devices
 
Develop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsDevelop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM Boards
 
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例
LLVM 總是打開你的心:從電玩模擬器看編譯器應用實例
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android Internals
 
The Internals of "Hello World" Program
The Internals of "Hello World" ProgramThe Internals of "Hello World" Program
The Internals of "Hello World" Program
 
Priority Inversion on Mars
Priority Inversion on MarsPriority Inversion on Mars
Priority Inversion on Mars
 
Plan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIXPlan 9: Not (Only) A Better UNIX
Plan 9: Not (Only) A Better UNIX
 
Hardware Accelerated 2D Rendering for Android
Hardware Accelerated 2D Rendering for AndroidHardware Accelerated 2D Rendering for Android
Hardware Accelerated 2D Rendering for Android
 
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明
進階嵌入式作業系統設計與實做 (2015 年秋季 ) 課程說明
 
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明
給自己更好未來的 3 個練習:嵌入式作業系統設計、實做,與移植 (2015 年春季 ) 課程說明
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for Dummies
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System Architecture
 
Build Your Own Android Toolchain from scratch
Build Your Own Android Toolchain from scratchBuild Your Own Android Toolchain from scratch
Build Your Own Android Toolchain from scratch
 

Similar to L4 Microkernel :: Design Overview

Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...
Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...
Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...CSCJournals
 
Operating system 15 micro kernel based os
Operating system 15 micro kernel based osOperating system 15 micro kernel based os
Operating system 15 micro kernel based osVaibhav Khanna
 
Embedded Operating System-Kernel Features.pptx
Embedded Operating System-Kernel Features.pptxEmbedded Operating System-Kernel Features.pptx
Embedded Operating System-Kernel Features.pptxssuseradc877
 
Ok Labs Webinar Android Migration At The Speed Of Light
Ok Labs Webinar Android Migration At The Speed Of LightOk Labs Webinar Android Migration At The Speed Of Light
Ok Labs Webinar Android Migration At The Speed Of LightOpen Kernel Labs
 
Linux for embedded_systems
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systemsVandana Salve
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.Waqar Sheikh
 
introduction.pdf
introduction.pdfintroduction.pdf
introduction.pdfxiso
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesThe Linux Foundation
 

Similar to L4 Microkernel :: Design Overview (20)

Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...
Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...
Analysis of Practicality and Performance Evaluation for Monolithic Kernel and...
 
MIcrokernel
MIcrokernelMIcrokernel
MIcrokernel
 
2. microkernel new
2. microkernel new2. microkernel new
2. microkernel new
 
Operating system 15 micro kernel based os
Operating system 15 micro kernel based osOperating system 15 micro kernel based os
Operating system 15 micro kernel based os
 
Walking around linux kernel
Walking around linux kernelWalking around linux kernel
Walking around linux kernel
 
In a monolithic kerne1
In a monolithic kerne1In a monolithic kerne1
In a monolithic kerne1
 
In a monolithic kerne1
In a monolithic kerne1In a monolithic kerne1
In a monolithic kerne1
 
Embedded Operating System-Kernel Features.pptx
Embedded Operating System-Kernel Features.pptxEmbedded Operating System-Kernel Features.pptx
Embedded Operating System-Kernel Features.pptx
 
Sucet os module_2_notes
Sucet os module_2_notesSucet os module_2_notes
Sucet os module_2_notes
 
Ok Labs Webinar Android Migration At The Speed Of Light
Ok Labs Webinar Android Migration At The Speed Of LightOk Labs Webinar Android Migration At The Speed Of Light
Ok Labs Webinar Android Migration At The Speed Of Light
 
Linux for embedded_systems
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systems
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.Microx - A Unix like kernel for Embedded Systems written from scratch.
Microx - A Unix like kernel for Embedded Systems written from scratch.
 
Os file
Os fileOs file
Os file
 
introduction.pdf
introduction.pdfintroduction.pdf
introduction.pdf
 
Unikraft Landing Page Master Slides
Unikraft Landing Page Master SlidesUnikraft Landing Page Master Slides
Unikraft Landing Page Master Slides
 
Kernel (OS)
Kernel (OS)Kernel (OS)
Kernel (OS)
 
Kernel (computing)
Kernel (computing)Kernel (computing)
Kernel (computing)
 
Kernel (computing)
Kernel (computing)Kernel (computing)
Kernel (computing)
 

More from National Cheng Kung University

PyPy's approach to construct domain-specific language runtime
PyPy's approach to construct domain-specific language runtimePyPy's approach to construct domain-specific language runtime
PyPy's approach to construct domain-specific language runtimeNational Cheng Kung University
 
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明National Cheng Kung University
 
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學National Cheng Kung University
 
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明National Cheng Kung University
 

More from National Cheng Kung University (14)

PyPy's approach to construct domain-specific language runtime
PyPy's approach to construct domain-specific language runtimePyPy's approach to construct domain-specific language runtime
PyPy's approach to construct domain-specific language runtime
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
2016 年春季嵌入式作業系統課程說明
2016 年春季嵌入式作業系統課程說明2016 年春季嵌入式作業系統課程說明
2016 年春季嵌入式作業系統課程說明
 
Interpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratchInterpreter, Compiler, JIT from scratch
Interpreter, Compiler, JIT from scratch
 
How A Compiler Works: GNU Toolchain
How A Compiler Works: GNU ToolchainHow A Compiler Works: GNU Toolchain
How A Compiler Works: GNU Toolchain
 
從線上售票看作業系統設計議題
從線上售票看作業系統設計議題從線上售票看作業系統設計議題
從線上售票看作業系統設計議題
 
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明
進階嵌入式系統開發與實做 (2014 年秋季 ) 課程說明
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學
中輟生談教育: 完全用開放原始碼軟體進行 嵌入式系統教學
 
Open Source from Legend, Business, to Ecosystem
Open Source from Legend, Business, to EcosystemOpen Source from Legend, Business, to Ecosystem
Open Source from Legend, Business, to Ecosystem
 
Summer Project: Microkernel (2013)
Summer Project: Microkernel (2013)Summer Project: Microkernel (2013)
Summer Project: Microkernel (2013)
 
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明
進階嵌入式系統開發與實作 (2013 秋季班 ) 課程說明
 
Faults inside System Software
Faults inside System SoftwareFaults inside System Software
Faults inside System Software
 
Develop Your Own Operating System
Develop Your Own Operating SystemDevelop Your Own Operating System
Develop Your Own Operating System
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

L4 Microkernel :: Design Overview

  • 1. L4 Microkernel :: Design Overview Jim Huang ( 黃敬群 ) <jserv@0xlab.org> Developer, 0xlab July 17, 2012 / JuluOSDev June 11, 2012 / CSIE, CSIE
  • 2. Rights to copy © Copyright 2012 0xlab http://0xlab.org/ contact@0xlab.org Attribution – ShareAlike 3.0 Corrections, suggestions, contributions and translations You are free are welcome! to copy, distribute, display, and perform the work to make derivative works Latest update: July 17, 2012 to make commercial use of the work Under the following conditions Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode
  • 3. On μ-Kernel Construction Jochen Liedtke (1953-2001) 15th ACM Symposium on Operating System Principles (1995)
  • 4. Use Case: Low-cost 3G Handset • Mobile Handsets – Major applications runs on Linux – 3G Modem software stack runs on RTOS domain • Virtualization in multimedia Devices – Reduces BOM (bill of materials) – Enables the Reusability of legacy code/applications – Reduces the system development time Hypervisor • Instrumentation, Automation – Run RTOS for Measurement and analysis – Run a GPOS for Graphical Interface
  • 5. original mobile phone: with Virtualization: single chip two CPUs required • Evoke’s UI functionalities including the touch screen is owned by the Linux apps while video rendering uses a rendering engine running on BREW. • When a user requests a BREW app, Linux communciates with BREW in the other VM to start up the app. The BREW obtains access to the screen by using a frame buffer from a shared- memory mapping.
  • 6. Agenda • Myths of Microkernel • Characteristics of 2nd generation microkernel – memory, thread, IPC management • Toward 3rd generation microkernel • Real-world Deployment
  • 8. Definition of Kernel • The fundamental part of an Operating System. • Responsible for providing secure access to the machine’s hardware for various programs. • Responsible for deciding when and how long a program can use a certain hardware (multiplexing).
  • 10. Monolithic vs. Microkernel Application Application Application Application User mode Supervisor mode System call : open_File Network Stack FS Monolithic kernel H/W management Device FS Driver User mode Thread Control Supervisor mode System call : open_File Driver Thread Control IPC Network stack H/W management Hardware Hardware
  • 11. Hybrid Kernel • Combine the best of both worlds – Speed and simple design of a monolithic kernel – Modularity and stability of a microkernel • Still similar to a monolithic kernel – Disadvantages still apply here • Example: Windows NT, BeOS, DragonFlyBSD
  • 12. Exokernel • Follows end-to-end principle – Extremely minimal – Fewest hardware abstractions as possible – Just allocates physical resources to apps • Old name(s): picokernel, nanokernel • Example: MIT Exokernel, Nemesis, ExOS
  • 13. Kernel Comparison • Monolithic kernels – Advantages: performance – Disadvantages: difficult to debug and maintain • Microkernels – Advantages: more reliable and secure – Disadvantages: more overhead • Hybrid Kernels – Advantages: benefits of monolithic and microkernels – Disadvantages: same as monolithic kernels • Exokernels – Advantages: minimal and simple – Disadvantages: more work for application developers
  • 14. Definition of Microkernel • A kernel technique that provides only the minimum OS services. – Address Spacing – Inter-process Communication (IPC) – Thread Management – Unique Identifiers • All other services are done at user space independently.
  • 15. Microkernel Memory User Program Managers Device Drivers User Mode Address spacing Thread Unique Management Identifiers and IPC Microkernel Mode Hardware
  • 16. Microkernel Advantage • A clear microkernel interface enforces a more modular system structure • Servers can use the mechanisms provided by the microkernel like any other user program. • So server malfunction is as isolated as any other user program’s malfunction • The system is more flexible and tailorable. Different strategies and APIs, implemented by different severs, can coexist in the system
  • 17. 3 Generations of Microkernel • Mach, Chorus (1985-1994) – replace pipes with IPC (more general) – improved stability (vs monolithic kernels) – poor performance • L3 & L4 (1990-2001) – Large improvements in IPC performance – Written in assembly, poor portability – only synchronus IPC (build async on top of sync) – very small kernel: more functions moved to userspace • seL4, Coyotos, Nova (2000-present) – platform independence – verification, security, multiple CPUs, etc.
  • 18. 1st Generation: Chorus Nucleus Supervisor Dispatches traps, interrupts, and exceptions delivered by hardware. Real Time Executive Controls allocation of processes and provides preemptive scheduling Virtual Memory Manager Manipulates VM hardware and memory resources. IPC Provides message Exchanging and Remote Procedure Calls (RPC).
  • 19. 1st Generation: CMU Mach Asynchronous IPC Threads Scheduling Memory management Resource access permissions Device drivers (in some variants) (All other functions are implemented outside kernel. ) API Size of Mach 3: 140 functions
  • 20. Mach microkernel performance issues Checking resource access permissions on system calls. Single user machines do not need to do this. Cache misses Critical sections were too large. Asynchronus IPC Most calls only need synchronus IPC. Synchronous IPC can be faster than asynchronous. Asynchronous IPC can be built on top of synchronous. Virtual memory How to prevent key processes from being paged out?
  • 21. 2nd Generation: L4 • “Radical” approach • [Liedtke’93, Liedtke ‘95]: • Strict minimality • From-scratch design • Fast primitives
  • 22. 3rd Generation: seL4 • [Elphinstone et al 2007, Klein et al 2009] • Security-oriented design – capability-based access control – strong isolation • Hardware resources subject to user-defined policies – including kernel memory (no kernel heap) – except time – “Microhypervisor" concept • Designed for formal verification
  • 23. Classical L4 microkernel functionality • Threads • Scheduling • Memory management • (All other functions are implemented outside kernel) • API size of L4: 7 functions – Compare to 140 functions for Mach3
  • 24. L4 Mimnimality Principle • A concept is tolerated inside the microkernel only if moving it outside the kernel, i.e., permitting competing implementations, would prevent the implementation of the system's required functionality. • Fred Books on conceptual integrity [Mythical Man Month] – UNIX : Everything is a file – Mach : IPC generalizes files – L4 : Can it be put outside the kernel?
  • 25. L4 Kernel size • Line of Code in OKL4 – ~9k LOC architecture-independent – 0.5–6k LOC architecture/platform-specific • Memory footprint kernel (not aggressively minimized): – Using gcc (poor code density on RISC/EPIC architectures) Architecture Version Text Total X86 L4Ka 52k 98k Itanium L4Ka 173k 417k ARM OKL4 48k 78k PPC-32 L4Ka 41k 135k PPC-64 L4Ka 60k 205k MIPS-64 NICTA 61k 100k 25
  • 26. What properties do we expect from Kernel? Every system call terminates No exceptions thrown No arithmetic problems (e.g., overflow, divide by zero) No null pointer de-references No ill-typed pointer de-references No memory leaks No buffer overflows No unchecked user arguments Code injection attacks are impossible Well-formed data structures Correct book-keeping No two objects overlap in memory
  • 27. Characteristics of second generation microkernel: memory, thread, IPC management
  • 28.
  • 29. Threads Tasks • Represent unit of execution • Represent domain of protection and isolation – Execute user code (application) • Container for code, data and resources – Execute kernel code (system calls, page • Address space: capabilities + memory faults, interrupts, exceptions) pages • Subject to scheduling • management operations: – Quasi-parallel execution on one CPU – Map: share page with other address space – Parallel execution on multiple CPUs – Voluntarily switch to another thread – Grant: give page to other address possible space – Preemptive scheduling by the kernel – Unmap: revoke previously mapped according to certain parameters page • Associated with an address space – Executes code in one task at one point in time (Migration allows threads move to another task) – Several threads can execute in one task
  • 30. L4 uniprocessor microkernel Thread Task's address space Abstraction and unit of execution Identified by thread ID Tread execution Consist of paths Instruction pointer Code Stack Data Registers, flags… Thread state L4 manages (preserve) only IP, SP and registers Stack
  • 31. L4 uniprocessor micro kernel Thread switch Interrupt Code Code ▪ ▪ ▪ ▪ Stack Stack Thread A Thread B I P S P Flags CPU IP/SP/Flags.. IP/SP/Flags.. Kernel Code Kernel stack Kernel stack ▪ ▪ ▪ ▪ State State MicroKernel TCB A TCB B
  • 32. L4 uniprocessor micro kernel Scheduling Scheduling implemented by kernel, based on priorities Timeslice donation
  • 33. Address Space 3 management operations Map/Unmap Share/revoke page with other address space Grant give page to other address space Flush The owner of an address space can flush any of its pages. Grant Map Map Map Pager Pager User Address space
  • 34. Recursive Address Space (abandoned by seL4)
  • 35. Messages: Copy Data • Direct and indirect data copy • UTCB message (special area) • Special case: register-only message • Pagefaults during user-level memory access possible
  • 36. Page Fault Handling • Page Faults are mapped to IPC – Pager is special thread that receives page faults – Page fault IPC cannot trigger another page fault • Kernel receives the flexpage from pager and inserts mapping into page table of application • Other faults normally terminate threads APP P1 P0 App Fault P1 touches its P0 maps own page and then P1 faults
  • 37. Page Fault Handling APP's address space Pager's address space Data Pager Memory Pager Code Code Call( .., fault address, fault eip, .. ) Send( app_id, fpage(,,),… ) Micro Kernel Page-Fault handler
  • 38. Messages: Map Reference • Used to transfer memory pages and capabilities • Kernel manipulates page tables • Used to implement the map/grant operations
  • 39. Communications & Resource Control • Need to control who can send data to whom – Security and isolation – Access to resources • Approaches – IPC-redirection/introspection – Central vs. Distributed policy and mechanism – ACL-based vs. capability-based
  • 40. Toward 3rd generation microkernel
  • 41. Unsolved Problems in original L4 • L4 solved performance issue [Härtig et al, SOSP’97] – “... but left a number of security issues unsolved" • Problems addressed by seL4: ad-hoc approach to protection and resource management – Global thread name space → covert channels – Threads as IPC targets → insufficient encapsulation – Single kernel memory pool → DoS attacks – Insufficient delegation of authority → limited flexibility, performance
  • 42.
  • 43. How seL4 solves problem by designs • Isolation: Memory management is user-level responsibility – Kernel never allocates memory (post-boot) – Kernel objects controlled by user-mode servers • Performance: Memory management is fully delegatable – Supports hierarchical system design – Enabled by capability-based access control • Realtime: “Incremental consistency” design pattern – Fast transitions between consistent states – Restartable operations with progress guarantee • Verification: No concurrency in the kernel – Interrupts never enabled in kernel – Interruption points to bound latencies – Clustered multikernel design for multicores
  • 44. seL4 in the first sight • Formal verification – Functional correctness – Security/safety properties • No kernel heap: all memory left after boot is handed to userland – Resource manager can delegate to subsystems – Operations requiring memory explicitly provide memory to kernel • Result: strong isolation of subsystems and high performance – Operate within delegated resources – No interference
  • 45. Move to Capability based design • Don't need global names (task/thread IDs) – Names (or IDs) are only valid within a task and have no meaning elsewhere • Kernel objects are referenced through local IDs, comparable to POSIX file descriptors or handles • Creating a new (kernel) object returns an index into a task-local table, where in turn the pointer to the object is stored • Kernel protects this capability table, therefore unforgeable
  • 47. Capability space • In-kernel memory table with pointers to kernel objects • Sending a message to thread A merely requires the sender to have a capability to the portal cap • Sender does not know which thread/task will receive it • Receiver does not know who sent it (in general) • Separation of subsystems, combinable, independent
  • 48. Capabilities • Kernel objects represent resources and communication channels • Capability – Reference to kernel object – Associated with access rights – Can be mapped from task to another task • Capability table is task-local data structure inside the kernel – Similar to page table – Valid entries contain capabilities • Capability handle is index number to reference entry into capability table – Similar to file handle of POSIX • Mapping capabilities establishes a new valid entry into the capability table
  • 49. Importance of Capabilities • Everything is a file → Everything is a capability • Object capabilities – Tasks, threads, IPC portals, factories, semaphores – Handles/pointers to kernel objects, can be created, delegated and destroyed • Memory capabilities – Resembles virtual memory pages – Sending (mapping) a memory capability established shared memory between sender and receiver • IO capabilities – Abstraction for access to IO ports, delegating IO caps allows the receiving Task/Address space to access denoted IO ports
  • 50. seL4 concpts • Capabilities (Caps) – mediate access • Kernel objects: – Threads (thread-control blocks, TCBs) – Address spaces (page table objects, PDs, Pts) – IPC endpoints (EPs, AsyncEPs) – Capability spaces (Cnodes) – Frames – Interrupt objects – Untyped memory • System calls – Send, Wait (and variants) – Yield
  • 51. Revised IPC • OS services provided by (protected) user-level server processes – invoked by IPC • seL4 IPC uses a handshake through endpoints: – Transfer points without storage capacity – Message must be transferred instantly • One partner may have to block • Single copy user ➞ user by kernel • Two endpoint types: – Synchronous (Endpoint) – asynchronous (AsyncEP)
  • 53. L4 History: V2 API Original version by Jochen Liedtke (GMD) » 93–95 “Version 2” API i486 assembler IPC 20 times faster than Mach [SOSP 93, 95] Proprietary code base (GMD) Other L4 V2 implementations: L4/MIPS64: assembler + C (UNSW) 95–97 Fastest kernel on single-issue CPU (100 cycles on MIPS R4600) Open source (GPL) L4/Alpha: PAL + C (Dresden/UNSW), 95–97 First released SMP version (UNSW) Open source (GPL) Fiasco (Pentium): C++ (Dresden), 97–99, ongoing development Open source (GPL) 53
  • 54. L4 History: X.1 API Experimental “Version X” API Improved hardware abstraction Various experimental features (performance, security, generality) Portability experiments Implementations Pentium: assembler, Liedtke (IBM), 97–98 Proprietary Hazelnut (Pentium+ARM), C, Liedtke et al (Karlsruhe), 98– 99 Open source (GPL) 54
  • 55. L4 History: X.2/V4 API “Version 4” (X.2) API, 02 Portability, API improvements L4Ka::Pistachio, C++ (plus assembler “fast path”) x86, PPC-32, Itanium (Karlsruhe), 02–03 Fastest ever kernel (36 cycles on Itanium, NICTA/UNSW) MIPS64, Alpha (NICTA/UNSW), 03 Same performance as V2 kernel (100 cycles single issue) ARM, PPC-64 (NICTA/UNSW), x86-64 (Karlsruhe), 03–04 Open source (BSD license) 55
  • 57. L4Linux where virtualization comes from Linux source has two cleanly separated parts Architecture dependent Architecture independent In L4Linux Architecture dependent code is modified for L4 Architecture independent part is unchanged L4 not specifically modified to support Linux
  • 58. L4Linux where virtualization comes from Linux kernel as L4 user service Runs as an L4 thread in a single L4 address space Creates L4 threads for its user processes Maps parts of its address space to user process threads (using L4 primitives) Acts as pager thread for its user threads Has its own logical page table Multiplexes its own single thread (to avoid having to change Linux source code)
  • 59. L4Linux where virtualization comes from The statically linked and shared C libraries are modified Systems calls in the lib call the Linux kernel using IPC For unmodified native Linux applications, there is a “trampoline” The application traps Control bounces to a user-level exception handler The handler calls the modified shared library Binary compatible
  • 60. Performance is not acceptable! L4Linux [Härtig et al., SOSP’97] 5–10% overhead on macro-BMs 6–7% overhead on kernel compile MkLinux (Linux on Mach): 27% overhead on kernel compile 17% overhead with Linux in kernel
  • 61. NICTA L4 / OKL4 L4 implementations on embedded processors ARM, MIPS Wombat: portable virtualized Linux for embedded systems ARMv4/v5 thanks to fast context-switching tricks
  • 62. LmBench shows near native performance with OKL4 3.0 on ARMv7 target NetPerf fully-loaded CPU and the throughput degradation of the virtualized is only 3% and 4%.
  • 63. Codezero hypervisor • Optimized for latest ARM cores (Cortex-A9/A15) • L4 microkernel based design, written from scratch • Capability based dynamic resource management • Container oriented driver model: no modifications required for Linux
  • 64.
  • 65. Micro-hypervisor • Microvisor – OKL4 4.0 • Research projects such as NOVA, Coyotos, and seL4 • Aided by virtualizable ISA • Microhypervisor • VMM – the “kernel” part – the “userland” part – provides isolation – CPU emulation – mechanisms, no policies – device emulation – enables safe access to virtualization features to userspace
  • 66.
  • 67. Advantage of NOA architecture: Reduce TCB of each VM • Micro-hypervisor provides low-level protection domains – address spaces – virtual machines • VM exits are relayed to VMM as IPC with selective guest state • one VMM per guest in (root mode) userspace: – possibly specialized VMMs to reduce attack surface – only one generic VMM implemented
  • 69. Learned from NICTA L4 Process-orientation wastes RAM Replaced by single-stack (event-driven) approach Virtual TCB array wastes VAS, TLB entries without performance benefits on modern hardware Capabilities are better than thread UIDs Provide uniform resource control model & avoid covert channels Also: IPC timeouts are useless Replaced by block/poll bit Virtualization is essential Re-think kernel abstractions
  • 70. Generic parts in L4 Memory management Page-fault handling IPC Path Mapping database Base of the kernel debugger Most code of L4 abstractions Thread and address-space management
  • 71. Processor-specific parts in L4 Basic data types Processor abstraction IRQ control, sleep-mode support Atomic operations Page tables Parts of L4 abstractions Switch of CPU and FPU state CPU specific optimizations
  • 72. Hotspot in performance view Processor modes mapping to kernel mode and user mode, mode switches Processor state context switches MMU/TLB specific address-space/page-table code Caches specific cache-consistency handling Cache consistency must be maintained (critical for task switches) IRQ controller abstract controller interface
  • 73. Generic optimizations Optimized data structures and code Minimize memory accesses Minimize cache and TLB footprint Minimize number of instructions for frequently used operations Optimizations often depend on knowledge of HW Cache size / associativity TLB size / features (e.g., supported page sizes) Available instructions in the ISA