Download Monolithic, Mikrokernel and Exokernel

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Mobile operating system wikipedia , lookup

RSTS/E wikipedia , lookup

CP/M wikipedia , lookup

Unix wikipedia , lookup

Copland (operating system) wikipedia , lookup

Berkeley Software Distribution wikipedia , lookup

Plan 9 from Bell Labs wikipedia , lookup

Linux kernel wikipedia , lookup

Unix security wikipedia , lookup

Process management (computing) wikipedia , lookup

DNIX wikipedia , lookup

Paging wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed operating system wikipedia , lookup

Spring (operating system) wikipedia , lookup

Kernel (operating system) wikipedia , lookup

Transcript 
Structural variants
Monolithic, Mikrokernel and Exokernel
5.12.2005
OS kernel: a definition
•
•
Quick and dirty definition:
•
•
mandatory part of the OS
common to all applications
•
•
•
security
managability
enables a uniform execution environment
Responsible for
OS-kernel: a definition
•
An operating system kernel provides
•
•
•
•
•
virtualization of hardware resources
isolation of individual tasks and applications
common platform-independent abstractions
secure access to hardware devices
access control and policy enforcement
Virtualization
•
Present logical resources not physical entities
•
•
•
•
manage isolated access by multiple users
lock physical entities at the kernel level
expose “virtual” resources based on the capabilities
of the physical devices
hide the fact that physical resources are scarce and
may only be controlled by a single owner
multiplex access to hardware resources
enforce access conditions and permissions
•
•
Virtualization: CPU
•
Virtualization of CPU resources
•
•
Execution is continuous
starting of the current program counter
controlled by the program’s instructions
restricted to the current address space
However
different applications will execute in different spaces
a context switch requires heightened privileges
•
•
•
•
•
•
potential security problem!
Virtualization: CPU
•
•
Provide multiple “virtual” CPUs
•
•
•
use time-division to provide individual timeslices
periodically take a scheduling decision
execute the context switch from a trusted
environment to avoid privilege escalation
OS kernel implementation
•
•
provides exception (and IRQ) handlers
runs in supervisor mode
Virtualization: CPU
•
•
Implementation details
•
•
•
a task list with
memory context
execution context: area for “register spillage”
an exception handler for a periodic (timer) interrupt
a scheduling algorithm
•
•
Every process seems a dedicated “virtual” CPU
Virtualization: I/O
•
Ethernet
•
•
Background
Dedicated, serial transmission medium
Transmits frames from memory buffers to the
transmission medium
Problem
Central instance needed
•
•
•
•
•
to classify incoming packets
to distribute packets to individual applications
Abstraction
•
Abstraction
•
•
Definition
reduce and manage complexity
factor out details to focus on few concepts
Example: block-devices in UNIX
Provision of a common interface
Hides the details of various devices and media
e.g.: Flash media vs. a hard-disk
•
•
•
•
OS kernel variants
•
Three major strategies to implement an operating
system kernel
•
•
•
•
•
Monolithic kernels
Microkernel systems
Pure microkernel designs
Hybrid microkernel designs
Exokernel approach
•
•
All have different advantages an drawbacks
There is no single “silver bullet”
Monolithic kernels
•
The OS kernel is a single (monolithic) structure
•
•
•
executing entirely in supervisor mode
process management
memory management
drivers for hardware
provides a set of system calls to interface with
operating system services
may use modules to optimize resource utilization
•
•
•
Monolithic kernels
•
Typical examples
•
•
Traditional UNIX kernels (System V and BSD flavours)
FreeBSD
Solaris
Linux (see www.kernel.org for source code)
•
•
Monolithic kernels
•
•
•
Advantages
•
•
Efficiently using function calls between kernel modules
Requires a low number of context switches
•
•
Limitations in robustness
No fault or privilege isolation
•
In widespread use before MMUs became common
Drawbacks
History
Monolithic kernels
•
Summary
•
•
easy to design and develop
hard to evolve without risking growing pains
Microkernel designs
•
Design goals
•
•
use a very simple abstraction over hardware
thread management
address spaces
interprocess communication
reduce the functionality in supervisor mode
move specific drivers to user-space
isolate individual network services in a separate
context
•
•
•
•
•
Microkernel designs
•
Examples
•
•
•
•
•
•
•
•
AIX
AmigaOS
Amoeba
Chorus
Mach
Minix (remember Tannenbaum vs. Torvalds?)
QNX
Symbian OS
Microkernel designs
•
Overall architecture
•
•
•
OS consists of a kernel and “servers”
“Servers” provide high-level functionality
external pager
device drivers
communication is performed using IPC/RPC
potential performance problem
context switches are expensive
•
•
•
•
Using an external pager
the software technology advantages
ous:
abstractions than the typical Unix primitives. In addition to the new mechanisms, providing an API compatible with Unix or another conventional operating
system was a sine qua non; hence implementing Unix
on top of the new systems was a natural consequence.
Therefore, the microkernel idea became widely
accepted by operating-system designers for two completely different reasons: (1) general flexibility and
power and (2) the fact that microkernels offered a
technique for preserving Unix compatibility while
permitting development of novel operating systems.
Many academic projects took this path, including
Amoeba [19], Choices [4], Ra [1], and V [7]; some
even moved to commercial use, particularly Chorus
[11], L3 [15], and Mach [10], which became the flag-
pplication program interfaces (APIs),
le systems, and perhaps even different
ating system strategies can coexist in one
ey are implemented as competing or
ng servers.
m becomes more flexible and extensible.
more easily and effectively adapted to
are or new applications. Only selected
ed to be modified or added to the sysrticular, the impact of such modificabe restricted to a subset of the system, so
rocesses are not affected. Furthermore,
ons do not require buildkernel; they can be made
online.
can use the mechanisms
Application
by the microkernel, such as
ding and IPC.
function is as isolated as
page
plication malfunction.
fault resume
antages also hold for
ers.
crokernel interface
more modular system struc-
•
•
A page-fault is handled by an external pager
The RPC to the pager appears to originate from
the faulting process
ernel can be more easily
d and should be less prone
ndencies between the varif the system can be restrict-
Pager
RPC
Microkernel
Figure 1. Page fault processing
Fast IPC
•
•
Issues in IPC
•
•
context switch overheads
additional processing for policy enforcement
•
Reduce additional processing
Policy enforcement is not part of the kernel
Visibility provides security at the kernel level
Reduce context switch overheads
No intermediate switch to kernel mode
The L4 approach
•
•
•
•
Benefit of microkernels
•
Essential to trusted computing concepts
•
•
•
•
Provides a small, controlled operating system core
Controls the hardware and resources
Holds initial ownership of all resources
Delegates individual resources to trusted processes
Isolates privileges and resources
Can provide service level guarantees
•
•
L4: a microkernel
•
Small number of mechanisms
•
•
•
Address spaces
Creating address spaces
Mapping pages into address spaces
Revoking mappings
Scheduling
Yielding the current time-slice to a specific thread
Interprocess communication
Performing message transfer to specific threads
•
•
•
•
•
L4: a microkernel
•
Small number of mechanisms (continued)
•
IPC protocols for specific functions
external pager (pagefault handling)
interrupt notification
preemption notification
exception notification
•
•
•
•
L4: Security
•
•
Selective address space manipulation (system
partitioning) provides as a framework for security
Memory permissions reflect process permissions
kernel. Memory managers can easily
be stacked; the initial memory server
Application
address spaces (described in
maps or grants parts of the physical
Application
the next Application
section), threads,
memory to memory server 1 and
and IPC—implements only
B
memory server 2. Now we have two
seven system calls, and needs
Application
coexisting main-memory managers. receive (‘map,’ virt. addr. in B)
Pager 2 only 12 Kbytes of code.
A pager may be integrated with a
Across-address-space IPC
on
Driver
map IPC
memory manager or use a memorya 486-DX50 takes 5 µs for an
send (‘map,’
virt. addr.
in A)
Pager 1
8-byte argument and 18 µs
managing
server.
Pagers
use the
Driver
for 512 bytes. The corremicrokernel’s A grant, map, and
sponding Mach numbers are
demap primitives. The remaining
µs (8
Mem server 1
Mem115
server
2 bytes) and 172 µs
interfaces, pager-client, pager-memo(512 bytes). With 2 x 5 µs,
ry server,
and pager-device
are
the basic L4-RPC is twice as
Figure
5. Recursively
constructed driver,
address spaces
completely based on IPC and are
) as a conventional Unix
Initial space (physical memoryfast
system call. It remains unknown whether
L4’soutside spaces
on top of the
initial space, the microkernel prodefined
the kernel.
Pagers
abstractions, despite being substantially
more
flexivides three operations:
grant, map, and demap.
can be
used
to implement
traditional
3
ble than the abstractions of the first generation, are
The owner of an address space can grant any of its
paged
virtual
memory
and file/dataflexible and powerful enough for all types of operpages to another space, provided the recipient
Figure 6. A maps page by IPC to B
base mapping, asagrees.
well as The
unpaged
res-page is removed from the
ating systems.
granted
Microkernel designs
•
Summary
•
•
Hard to design the component interfaces
Provides long-term security and reliability benefits
Hybrid kernels
•
•
•
The other approach to optimizing IPC
•
•
Optimize performance, reduce latency
Don’t focus on IPC
•
•
typically the pager
frequently other OS services
•
•
MacOS X: XNU
Windows NT and later
Moves non-essential functionality into the kernel
Examples
Exokernels
•
•
A special case of microkernels
•
•
Reduction of mechanisms in supervisor space
Moves all abstractions to user-space
Limited to virtualization
Exposes the hardware to user-space programs
•
•
Currently available as research prototypes only
Exokernel design
•
Kernel mechanisms
•
•
similar to those of L4 in many respects
control of processor access
control of address spaces
different in controlling all functionality from the kernel
primitives for different devices and device classes
e.g., block devices, network devices, ...
not designed for user-space device drivers
•
•
•
•
Recommended Reading
•
•
•
Engler D.R., Kaashock M.F., O’Toole J. Jr
Exokernel: An Operating System Architecture for
Application-Level Resource Management
Engler D.R., Kaashock M.F.
Exterminate all Operating System Abstractions
Engler D.R., Kaashock M.F., O’Toole J. Jr
The Operating System as a Secure Programmable
Machine
Recommended Reading
•
•
Bershad B. N.
The Increasing Irrelevance of IPC Performance for
Microkernel-Based Operating Systems
Rashid R., et al.
Mach: A System Software Kernel
Recommended Reading
•
•
•
Liedtke J.
On μ-Kernel Construction
Liedtke J.
Improving IPC by Kernel Design
Härtig H., Hohmuth M., Liedtke J., et al.
The Performance of μ-Kernel-based systems
Recommended Reading
•
•
Härtig H., Hohmuth M., Wolter J.
Taming Linux
LeVasseur J., Uhlig V., Stoess J., Götz S.
Unmodified Device Driver Reuse and Improved
System Dependability via Virtual Machines
Related documents
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION Third
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION Third
Microkernel Systems
Microkernel Systems
OS imp structures
OS imp structures
L03_Processes
L03_Processes
03-os-design
03-os-design
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
[Lecture 1, part 3] Kernel interaction with the hardware: Interrupt
[Lecture 1, part 3] Kernel interaction with the hardware: Interrupt
Chapter 2 Operating System Overview
Chapter 2 Operating System Overview
Unit OS2: Operating Systems Principles
Unit OS2: Operating Systems Principles
Tutorial 2: Question 1: The services and functions provided by an
Tutorial 2: Question 1: The services and functions provided by an
Operating Systems CMPSC 473
Operating Systems CMPSC 473
Homework 1 Solutions
Homework 1 Solutions
Lecture Overview Operating System Components
Lecture Overview Operating System Components
ppt
ppt
Operating Systems Operating System Component and Structure
Operating Systems Operating System Component and Structure
Operating System
Operating System
ppt - Computer Science
ppt - Computer Science
Document
Document