L4 Microkernel ::

Design Overview
Jim Huang ( ) <jserv@0xlab.org>
Developer, 0xlab
July 17, 2012 / Julu!Dev
June 11, 2012 / "!#$, "!#$
Rights to copy
Attribution ShareAlike 3.0
ou are !ree
%o &opy, 'i(%ribu%e, 'i(play, an' per)orm %*e +or,
%o ma,e 'eriva%ive +or,(
%o ma,e &ommer&ial u(e o) %*e +or,
"n#er the !ollowing con#itions
Attribution. -ou mu(% give %*e original au%*or &re'i%.
Share Alike. #) you al%er, %ran()orm, or buil' upon %*i( +or,, you may 'i(%ribu%e %*e
re(ul%ing +or, only un'er a li&en(e i'en%i&al %o %*i( one.
.or any reu(e or 'i(%ribu%ion, you mu(% ma,e &lear %o o%*er( %*e li&en(e %erm( o) %*i( +or,.
/ny o) %*e(e &on'i%ion( &an be +aive' i) you ge% permi((ion )rom %*e &opyrig*% *ol'er.
our !air use an# other rights are in no wa$ a!!ecte# b$ the above.
0i&en(e %ex%1 *%%p1//&rea%ive&ommon(.org/li&en(e(/by2(a/3.0/legal&o'e
"opyrig*% 2012 0%lab
*%%p1//0xlab.org/
&on%a&%@0xlab.org
"orre&%ion(, (ugge(%ion(, &on%ribu%ion( an' %ran(la%ion(
are +el&ome4
0a%e(% up'a%e1 July 17, 2012
On -Kernel Construction
Jochen Liedtke (1953-2001)
15
th
ACM Symposium on Ope!tin" System
#incip$es (1995)
Use Case: Low-cost 3G Handset
Mo%i$e &!ndsets
' 5a6or appli&a%ion( run( on 0inux
' 37 5o'em (o)%+are (%a&, run( on 89!
'omain
:ir%uali;a%ion in mul%ime'ia Devi&e(
' 8e'u&e( <5 (bill o) ma%erial()
' $nable( %*e 8eu(abili%y o) lega&y
&o'e/appli&a%ion(
' 8e'u&e( %*e (y(%em 'evelopmen% %ime
#n(%rumen%a%ion, /u%oma%ion
' 8un 89! )or 5ea(uremen% an'
analy(i(
' 8un a 7=! )or 7rap*i&al #n%er)a&e
Hypervisor
(ith )itu!$i*!tion+ sin"$e chip oi"in!$ mo%i$e phone+
t(o C#,s e-uied
./oke0s ,1 2unction!$ities inc$udin" the
touch sceen is o(ned %y the Linu3
!pps (hi$e /ideo endein" uses !
endein" en"ine unnin" on 45.67
6hen ! use e-uests ! 45.6 !pp8
Linu3 communci!tes (ith 45.6 in the
othe )M to st!t up the !pp7 9he
45.6 o%t!ins !ccess to the sceen %y
usin" ! 2!me %u22e 2om ! sh!ed-
memoy m!ppin"7
Agen#a
Myths of Microernel
Characteristics of !nd generation
"icroernel
' "e"ory# thread# $%C "anage"ent
&oward 3rd generation "icroernel
Real-world 'eploy"ent
Myths of Microernel
'efinition of Kernel
9he 2und!ment!$ p!t o2 !n Ope!tin" System7
5esponsi%$e 2o po/idin" secue !ccess to the m!chine0s h!d(!e 2o
/!ious po"!ms7
5esponsi%$e 2o decidin" (hen !nd ho( $on" ! po"!m c!n use ! cet!in
h!d(!e (mu$tip$e3in")7
Monolithic (s) Microernel
Application Application
User mode
Supervisor mode
Hardware
Monolithic kernel
FS
Network stack
Driver
hread !ontrol
H"# mana$ement
S%stem call & open'File
Application Application
User mode
Supervisor mode
Hardware
S%stem call & open'File
hread !ontrol
H"# mana$ement
()!
FS
Network
Stack
Device
Driver
Monolithic (s) Microernel
Hy*rid Kernel
Com%ine the %est o2 %oth (o$ds
'
!pee' an' (imple 'e(ign o) a monoli%*i& ,ernel
'
5o'ulari%y an' (%abili%y o) a mi&ro,ernel
!%ill (imilar %o a monoli%*i& ,ernel
' Di(a'van%age( (%ill apply *ere
$xample1 >in'o+( ?9, <e!, Dragon.ly<!D
+,oernel
:o$$o(s end-to-end pincip$e
' $x%remely minimal
'
.e+e(% *ar'+are ab(%ra&%ion( a( po((ible
' Ju(% allo&a%e( p*y(i&al re(our&e( %o app(
l' name(()1 pi&o,ernel, nano,ernel
$xample1 5#9 $xo,ernel, ?eme(i(, $x!
Kernel Co"parison
Mono$ithic kene$s
' /'van%age(1 per)orman&e
' Di(a'van%age(1 'i))i&ul% %o 'ebug an' main%ain
Microkernels
' A#vantages: &ore reliable an# secure
' Disa#vantages: &ore overhea#
Hybri' @ernel(
' /'van%age(1 bene)i%( o) monoli%*i& an' mi&ro,ernel(
' Di(a'van%age(1 (ame a( monoli%*i& ,ernel(
$xo,ernel(
' /'van%age(1 minimal an' (imple
' Di(a'van%age(1 more +or, )or appli&a%ion 'eveloper(
'efinition of Microernel
A kene$ techni-ue th!t po/ides on$y the minimum
OS se/ices7
' /''re(( !pa&ing
'
#n%er2pro&e(( "ommuni&a%ion (#=")
' 9*rea' 5anagemen%
'
AniBue #'en%i)ier(
/ll o%*er (ervi&e( are 'one a% u(er (pa&e
in'epen'en%ly.
Device Drivers
User Program
Memory
Managers
User Mode
Address spacing Thread
Management
and IPC
Unique
Identifiers
Microkernel Mode
Hardare
Microernel
Microernel -d(antage
A c$e! micokene$ inte2!ce en2oces ! moe
modu$! system stuctue
!erver( &an u(e %*e me&*ani(m( provi'e' by %*e
mi&ro,ernel li,e any o%*er u(er program.
!o (erver mal)un&%ion i( a( i(ola%e' a( any o%*er u(er
program0( mal)un&%ion
9*e (y(%em i( more )lexible an' %ailorable. Di))eren%
(%ra%egie( an' /=#(, implemen%e' by 'i))eren% (ever(,
&an &oexi(% in %*e (y(%em
3 Generations of Microernel
M!ch8 Chous (19;5-199<)
' ep$!ce pipes (ith 1#C (moe "ene!$)
' impo/ed st!%i$ity (/s mono$ithic kene$s)
' poo pe2om!nce
L3 = L< (1990-2001)
' L!"e impo/ements in 1#C pe2om!nce
' 6itten in !ssem%$y8 poo pot!%i$ity
' on$y synchonus 1#C (%ui$d !sync on top o2 sync)
' /ey sm!$$ kene$+ moe 2unctions mo/ed to usesp!ce
seL<8 Coyotos8 >o/! (2000-pesent)
' p$!t2om independence
' /ei2ic!tion8 secuity8 mu$tip$e C#,s8 etc7
!upervi(or
Di(pa%&*e( %rap(, in%errup%(, an' ex&ep%ion( 'elivere' by
*ar'+are.
8eal 9ime $xe&u%ive
"on%rol( allo&a%ion o) pro&e((e( an' provi'e( preemp%ive
(&*e'uling
:ir%ual 5emory 5anager
5anipula%e( :5 *ar'+are an' memory re(our&e(.
#="
=rovi'e( me((age $x&*anging an' 8emo%e =ro&e'ure "all(
(8=").
.st Generation: Chorus /ucleus
Asynchonous 1#C
9he!ds
Schedu$in"
Memoy m!n!"ement
5esouce !ccess pemissions
?e/ice di/es (in some /!i!nts)
(A$$ othe 2unctions !e imp$emented outside kene$7 )
A#1 Si*e o2 M!ch 3+ 1<0 2unctions
.st Generation: CMU Mach
Checkin" esouce !ccess pemissions on system
c!$$s7
Sin"$e use m!chines do not need to do this7
C!che misses
Citic!$ sections (ee too $!"e7
Asynchonus 1#C
Most c!$$s on$y need synchonus 1#C7
Synchonous 1#C c!n %e 2!ste th!n !synchonous7
Asynchonous 1#C c!n %e %ui$t on top o2 synchonous7
)itu!$ memoy
&o( to pe/ent key pocesses 2om %ein" p!"ed out@
Mach "icroernel perfor"ance issues
!nd Generation: L0
A5!dic!$B !ppo!ch
CLiedtke0938 Liedtke D95E+
Stict minim!$ity
:om-sc!tch desi"n
:!st pimiti/es
3rd Generation: seL0
C.$phinstone et !$ 200F8 G$ein et !$ 2009E
Secuity-oiented desi"n
' c!p!%i$ity-%!sed !ccess conto$
' ston" iso$!tion
&!d(!e esouces su%Hect to use-de2ined po$icies
' inc$udin" kene$ memoy (no kene$ he!p)
' e3cept time
' AMicohype/isoI concept
?esi"ned 2o 2om!$ /ei2ic!tion
Classical L0 "icroernel functionality
9he!ds
Schedu$in"
Memoy m!n!"ement
(A$$ othe 2unctions !e imp$emented outside kene$)
A#1 si*e o2 L<+ F 2unctions
' Comp!e to 1<0 2unctions 2o M!ch3
L0 Mi"ni"ality %rinciple
A concept is to$e!ted inside the micokene$ on$y i2
mo/in" it outside the kene$8 i.e.8 pemittin"
competin" imp$ement!tions8 (ou$d pe/ent the
imp$ement!tion o2 the systemJs e-uied 2unction!$ity7
:ed 4ooks on conceptual integrity CMythic!$ M!n
MonthE
' ,>1K + ./eythin" is ! 2i$e
' M!ch + 1#C "ene!$i*es 2i$es
' L< + C!n it %e put outside the kene$@
25
Architecture !ersion Te"t Total
K;L L<G! 52k 9;k
1t!nium L<G! 1F3k <1Fk
A5M OGL< <;k F;k
##C-32 L<G! <1k 135k
##C-L< L<G! L0k 205k
M1#S-L< >1C9A L1k 100k
Line o2 Code in OGL<
' CD, 0" ar&*i%e&%ure2in'epen'en%
' 0.EFG, 0" ar&*i%e&%ure/pla%)orm2(pe&i)i&
5emory )oo%prin% ,ernel (no% aggre((ively minimi;e')1
' A(ing g&& (poor &o'e 'en(i%y on 8#!"/$=#" ar&*i%e&%ure()
L0 Kernel si1e
./ey system c!$$ temin!tes
>o e3ceptions tho(n
>o !ithmetic po%$ems (e7"78 o/e2$o(8 di/ide %y *eo)
>o nu$$ pointe de-e2eences
>o i$$-typed pointe de-e2eences
>o memoy $e!ks
>o %u22e o/e2$o(s
>o unchecked use !"uments
Code inHection !tt!cks !e impossi%$e
6e$$-2omed d!t! stuctues
Coect %ook-keepin"
>o t(o o%Hects o/e$!p in memoy
2hat properties do we e,pect fro"
Kernel3
Characteristics of second
generation "icroernel:
"e"ory# thread# $%C "anage"ent
&ass
5epesent unit o2 e3ecution
' .3ecute use code (!pp$ic!tion)
' .3ecute kene$ code (system c!$$s8 p!"e
2!u$ts8 inteupts8 e3ceptions)
Su%Hect to schedu$in"
' Mu!si-p!!$$e$ e3ecution on one C#,
' #!!$$e$ e3ecution on mu$tip$e C#,s
' )o$unt!i$y s(itch to !nothe the!d
possi%$e
' #eempti/e schedu$in" %y the kene$
!ccodin" to cet!in p!!metes
Associ!ted (ith !n !ddess sp!ce
' .3ecutes code in one t!sk !t one point
in time
(Mi"!tion !$$o(s the!ds mo/e to
!nothe t!sk)
' Se/e!$ the!ds c!n e3ecute in one t!sk
&hreads
5epesent dom!in o2 potection !nd iso$!tion
Cont!ine 2o code8 d!t! !nd esouces
Addess sp!ce+ c!p!%i$ities N memoy
p!"es
m!n!"ement ope!tions+
' M!p+ sh!e p!"e (ith othe !ddess
sp!ce
' O!nt+ "i/e p!"e to othe !ddess
sp!ce
' ,nm!p+ e/oke pe/ious$y m!pped
p!"e
L0 uniprocessor "icroernel
9*rea'
/b(%ra&%ion an' uni% o)
exe&u%ion
#'en%i)ie' by %*rea' #D
"on(i(% o)
#n(%ru&%ion poin%er
!%a&,
8egi(%er(, )lag(H
9*rea' (%a%e
0I manage( (pre(erve) only
#=, != an' regi(%er(
ask*s
address space
!ode
read
e+ecution
paths
Data
Stack
L0 uniprocessor "icro ernel
9*rea' (+i%&*
Micro,ernel
,ernel stack ,ernel stack
-
-
-
-
State State
!ode
-
-
Stack
!ode
-
-
Stack
!)U
( )
S )
Fla$s
hread A
hread .
!. A !. .
(nterrupt
,ernel
!ode
1#PS#P:$!"s77 1#PS#P:$!"s77
L0 uniprocessor "icro ernel
!&*e'uling
!&*e'uling implemen%e' by ,ernel, ba(e' on
priori%ie(
9ime(li&e 'ona%ion
-ddress 4pace
3 managemen% opera%ion(
5ap/Anmap
!*are/revo,e page +i%* o%*er a''re(( (pa&e
7ran%
give page %o o%*er a''re(( (pa&e
.lu(*
9*e o+ner o) an a''re(( (pa&e &an flush any o) i%( page(.
)a$er )a$er User Address space
Map
Map
Map
/rant
Recursi(e -ddress 4pace
5a*andoned *y seL06
?iect !nd indiect d!t! copy
,9C4 mess!"e (speci!$ !e!)
Speci!$ c!se+ e"iste-on$y mess!"e
#!"e2!u$ts duin" use-$e/e$ memoy !ccess possi%$e
Messages: Copy 'ata
A))
)0
)1
App :!u$t
#1 touches its
o(n p!"e !nd
2!u$ts
#0 m!ps
then #1

#!"e :!u$ts !e m!pped to 1#C

'
#!"e is speci!$ the!d th!t ecei/es p!"e 2!u$ts
'
#!"e 2!u$t 1#C c!nnot ti""e !nothe p!"e 2!u$t

Gene$ ecei/es the 2$e3p!"e 2om p!"e !nd insets m!ppin"

into p!"e t!%$e o2 !pp$ic!tion

Othe 2!u$ts nom!$$y temin!te the!ds

%age 7ault Handling
A))*s address space
)a$er*s address space
Data
!ode
)a$er Memor%
)a$er !ode
Micro ,ernel
)a$e2Fault
handler
!all3 445 6ault address5 6ault eip5 44 7
Send3 app'id5 6pa$e355758 7
%age 7ault Handling
,sed to t!ns2e memoy p!"es !nd c!p!%i$ities
Gene$ m!nipu$!tes p!"e t!%$es
,sed to imp$ement the m!pP"!nt ope!tions
Messages: Map Reference
>eed to conto$ (ho c!n send d!t! to (hom
' Secuity !nd iso$!tion
' Access to esouces
Appo!ches
' 1#C-ediectionPintospection
' Cent!$ /s7 ?isti%uted po$icy !nd mech!nism
' ACL-%!sed /s7 c!p!%i$ity-%!sed
Co""unications 8 Resource Control
&oward 3rd generation "icroernel
Unsol(ed %ro*le"s in original L0
L< so$/ed pe2om!nce issue C&Qti" et !$8 SOS#09FE
' A777 %ut $e2t ! num%e o2 secuity issues unso$/edI
#o%$ems !ddessed %y seL<+ !d-hoc !ppo!ch to
potection !nd esouce m!n!"ement
' O$o%!$ the!d n!me sp!ce R co/et ch!nne$s
' 9he!ds !s 1#C t!"ets R insu22icient enc!psu$!tion
' Sin"$e kene$ memoy poo$ R ?oS !tt!cks
' 1nsu22icient de$e"!tion o2 !uthoity R $imited
2$e3i%i$ity8 pe2om!nce
How seL0 sol(es pro*le" *y designs
1so$!tion+ Memoy m!n!"ement is use-$e/e$ esponsi%i$ity
' Gene$ ne/e !$$oc!tes memoy (post-%oot)
' Gene$ o%Hects conto$$ed %y use-mode se/es
#e2om!nce+ Memoy m!n!"ement is 2u$$y de$e"!t!%$e
' Suppots hie!chic!$ system desi"n
' .n!%$ed %y c!p!%i$ity-%!sed !ccess conto$
5e!$time+ A1ncement!$ consistencyB desi"n p!tten
' :!st t!nsitions %et(een consistent st!tes
' 5est!t!%$e ope!tions (ith po"ess "u!!ntee
)ei2ic!tion+ >o concuency in the kene$
' 1nteupts ne/e en!%$ed in kene$
' 1nteuption points to %ound $!tencies
' C$usteed mu$tikene$ desi"n 2o mu$ticoes
seL0 in the first sight
:om!$ /ei2ic!tion
' .un&%ional &orre&%ne((
' !e&uri%y/(a)e%y proper%ie(
?o ,ernel *eap1 all memory le)% a)%er
boo% i( *an'e' %o u(erlan'
' 8e(our&e manager &an 'elega%e %o
(ub(y(%em(
' pera%ion( reBuiring memory
expli&i%ly provi'e memory %o ,ernel
8e(ul%1 (%rong i(ola%ion o) (ub(y(%em(
an' *ig* per)orman&e
' pera%e +i%*in 'elega%e' re(our&e(
' ?o in%er)eren&e
Mo(e to Capa*ility *ased design
?onJt need "$o%!$ n!mes (t!skPthe!d 1?s)
' ?ame( (or #D() are only vali' +i%*in a %a(, an' *ave
no meaning el(e+*ere
@ernel ob6e&%( are re)eren&e' %*roug* lo&al #D(,
&omparable %o =!#J )ile 'e(&rip%or( or *an'le(
"rea%ing a ne+ (,ernel) ob6e&% re%urn( an in'ex in%o a
%a(,2lo&al %able, +*ere in %urn %*e poin%er %o %*e ob6e&%
i( (%ore'
@ernel pro%e&%( %*i( &apabili%y %able, %*ere)ore
un)orgeable
Capa*ilities
Capa*ility space
#n2,ernel memory %able +i%* poin%er( %o ,ernel ob6e&%(
!en'ing a me((age %o %*rea' / merely reBuire( %*e
(en'er %o *ave a &apabili%y %o %*e por%al &ap
!en'er 'oe( no% ,no+ +*i&* %*rea'/%a(, +ill re&eive i%
8e&eiver 'oe( no% ,no+ +*o (en% i% (in general)
!epara%ion o) (ub(y(%em(, &ombinable, in'epen'en%
Capa*ilities
Gene$ o%Hects epesent esouces !nd communic!tion
ch!nne$s
C!p!%i$ity
' 5e2eence to kene$ o%Hect
' Associ!ted (ith !ccess i"hts
' C!n %e m!pped 2om t!sk to !nothe t!sk
C!p!%i$ity t!%$e is t!sk-$oc!$ d!t! stuctue inside the kene$
' Simi$! to p!"e t!%$e
' )!$id enties cont!in c!p!%i$ities
C!p!%i$ity h!nd$e is inde3 num%e to e2eence enty into
c!p!%i$ity t!%$e
' Simi$! to 2i$e h!nd$e o2 #OS1K
M!ppin" c!p!%i$ities est!%$ishes ! ne( /!$id enty into
the c!p!%i$ity t!%$e
$"portance of Capa*ilities
./eythin" is ! 2i$e R ./eythin" is ! c!p!%i$ity
b6e&% &apabili%ie(
' 9a(,(, %*rea'(, #=" por%al(, )a&%orie(, (emap*ore(
' Han'le(/poin%er( %o ,ernel ob6e&%(, &an be &rea%e',
'elega%e' an' 'e(%roye'
5emory &apabili%ie(
' 8e(emble( vir%ual memory page(
' !en'ing (mapping) a memory &apabili%y e(%abli(*e' (*are'
memory be%+een (en'er an' re&eiver
# &apabili%ie(
' /b(%ra&%ion )or a&&e(( %o # por%(, 'elega%ing # &ap( allo+(
%*e re&eiving 9a(,//''re(( (pa&e %o a&&e(( 'eno%e' #
por%(
seL0 concpts
C!p!%i$ities (C!ps)
' medi!te !ccess
Gene$ o%Hects+
' 9he!ds (the!d-conto$ %$ocks8 9C4s)
' Addess sp!ces (p!"e t!%$e o%Hects8 #?s8 #ts)
' 1#C endpoints (.#s8 Async.#s)
' C!p!%i$ity sp!ces (Cnodes)
' :!mes
' 1nteupt o%Hects
' ,ntyped memoy
System c!$$s
' Send8 6!it (!nd /!i!nts)
' Sie$d
Re(ised $%C
OS se/ices po/ided %y (potected) use-$e/e$ se/e
pocesses
' in/oked %y 1#C
seL< 1#C uses ! h!ndsh!ke thou"h endpoints+
' 9!ns2e points (ithout sto!"e c!p!city
' Mess!"e must %e t!ns2eed inst!nt$y
T One p!tne m!y h!/e to %$ock
T Sin"$e copy use use %y kene$
9(o endpoint types+
' Synchonous (.ndpoint)
' !synchonous (Async.#)
L0 Re(isions
L4 History: V2 API
riginal ver(ion by Jo&*en 0ie'%,e (75D) K D3FDE
L:er(ion 2M /=#
iING a((embler
#=" 20 %ime( )a(%er %*an 5a&* O!!= D3, DEP
=roprie%ary &o'e ba(e (75D)
%*er 0I :2 implemen%a%ion(1
0I/5#=!GI1 a((embler Q " (A?!>) DEFD7
.a(%e(% ,ernel on (ingle2i((ue "=A (100 &y&le( on 5#=! 8IG00)
pen (our&e (7=0)
0I//lp*a1 =/0 Q " (Dre('en/A?!>), DEFD7
.ir(% relea(e' !5= ver(ion (A?!>)
pen (our&e (7=0)
.ia(&o (=en%ium)1 "QQ (Dre('en), D7FDD, ongoing 'evelopmen%
pen (our&e (7=0)
53
L4 History: X.1 API
$xperimen%al L:er(ion JM /=#
#mprove' *ar'+are ab(%ra&%ion
:ariou( experimen%al )ea%ure( (per)orman&e, (e&uri%y,
generali%y)
=or%abili%y experimen%(
#mplemen%a%ion(
=en%ium1 a((embler, 0ie'%,e (#<5), D7FDN
=roprie%ary
Hazelnut (Pentium+ARM), C, Liedtke et al (Karlsruhe), 98
99
pen (our&e (7=0)
5<
L4 History: X.2/V4 API
L:er(ion IM (J.2) /=#, 02
=or%abili%y, /=# improvemen%(
0I@a11=i(%a&*io, "QQ (plu( a((embler L)a(% pa%*M)
xNG, =="232, #%anium (@arl(ru*e), 02F03
.a(%e(% ever ,ernel (3G &y&le( on #%anium, ?#"9//A?!>)
5#=!GI, /lp*a (?#"9//A?!>), 03
!ame per)orman&e a( :2 ,ernel (100 &y&le( (ingle i((ue)
/85, =="2GI (?#"9//A?!>), xNG2GI (@arl(ru*e), 03F0I
pen (our&e (<!D li&en(e)
55
Real-world 'eploy"ent:
9irtuali1ation dri(es perfor"ance
i"pro(e"ents
0inux (our&e *a( %+o &leanly (epara%e' par%(
/r&*i%e&%ure 'epen'en%
/r&*i%e&%ure in'epen'en%
#n 0I0inux
/r&*i%e&%ure 'epen'en% &o'e i( mo'i)ie' )or 0I
/r&*i%e&%ure in'epen'en% par% i( un&*ange'
0I no% (pe&i)i&ally mo'i)ie' %o (uppor% 0inux
L0Linu,
where (irtuali1ation co"es fro"
0inux ,ernel a( 0I u(er (ervi&e
8un( a( an 0I %*rea' in a (ingle 0I a''re(( (pa&e
"rea%e( 0I %*rea'( )or i%( u(er pro&e((e(
5ap( par%( o) i%( a''re(( (pa&e %o u(er pro&e(( %*rea'(
(u(ing 0I primi%ive()
/&%( a( pager %*rea' )or i%( u(er %*rea'(
Ha( i%( o+n logi&al page %able
5ul%iplexe( i%( o+n (ingle %*rea' (%o avoi' *aving %o
&*ange 0inux (our&e &o'e)
L0Linu,
where (irtuali1ation co"es fro"
9*e (%a%i&ally lin,e' an' (*are' " librarie( are
mo'i)ie'
!y(%em( &all( in %*e lib &all %*e 0inux ,ernel u(ing #="
.or unmo'i)ie' na%ive 0inux appli&a%ion(, %*ere i( a
L%rampolineM
9*e appli&a%ion %rap(
"on%rol boun&e( %o a u(er2level ex&ep%ion *an'ler
9*e *an'ler &all( %*e mo'i)ie' (*are' library
<inary &ompa%ible
L0Linu,
where (irtuali1ation co"es fro"
0I0inux OHRr%ig e% al., !!=SD7P
EF10T over*ea' on ma&ro2<5(
GF7T over*ea' on ,ernel &ompile
5,0inux (0inux on 5a&*)1
27T over*ea' on ,ernel &ompile
17T over*ea' +i%* 0inux in ,ernel
%erfor"ance is not accepta*le:
0I implemen%a%ion( on
embe''e' pro&e((or(
/85, 5#=!
>omba%1 por%able
vir%uali;e' 0inux )or
embe''e' (y(%em(
/85vI/vE %*an,( %o )a(%
&on%ex%2(+i%&*ing %ri&,(
/$C&- L0 ; OKL0
Lm4ench sho(s ne! n!ti/e
pe2om!nce (ith OGL< 370
on A5M/F t!"et
>et#e2
2u$$y-$o!ded C#, !nd the
thou"hput de"!d!tion o2 the
/itu!$i*ed is on$y 3U !nd <U7
Code1ero hyper(isor
Optimi*ed 2o $!test A5M coes (Cote3-A9PA15)
L< micokene$ %!sed desi"n8 (itten 2om sc!tch
C!p!%i$ity %!sed dyn!mic esouce m!n!"ement
Cont!ine oiented di/e mode$+ no modi2ic!tions
e-uied 2o Linu3
Micro-hyper(isor
Mico/iso ' OGL< <70
5ese!ch poHects such !s >O)A8 Coyotos8 !nd
seL<
Aided %y /itu!$i*!%$e 1SA
Micohype/iso
' the Akene$B p!t
' po/ides iso$!tion
' mech!nisms8 no po$icies
' en!%$es s!2e !ccess to
/itu!$i*!tion 2e!tues to
usesp!ce
)MM
' the Ause$!ndB p!t
' C#, emu$!tion
' de/ice emu$!tion
-d(antage of /O- architecture:
Reduce &C< of each 9M
5i&ro2*ypervi(or provi'e( lo+2level pro%e&%ion
'omain(
' a''re(( (pa&e(
'
vir%ual ma&*ine(
:5 exi%( are relaye' %o :55 a( #=" +i%* (ele&%ive
gue(% (%a%e
one :55 per gue(% in (roo% mo'e) u(er(pa&e1
'
po((ibly (pe&iali;e' :55( %o re'u&e a%%a&, (ur)a&e
' only one generi& :55 implemen%e'
-daptation;Opti"i1ations
=ro&e((2orien%a%ion +a(%e( 8/5
8epla&e' by (ingle2(%a&, (even%2'riven) approa&*
:ir%ual 9"< array +a(%e( :/!, 90< en%rie(
+i%*ou% per)orman&e bene)i%( on mo'ern *ar'+are
"apabili%ie( are be%%er %*an %*rea' A#D(
=rovi'e uni)orm re(our&e &on%rol mo'el U avoi'
&over% &*annel(
/l(o1 #=" %imeou%( are u(ele((
8epla&e' by blo&,/poll bi%
:ir%uali;a%ion i( e((en%ial
8e2%*in, ,ernel ab(%ra&%ion(
Learned fro" /$C&- L0
5emory managemen%
=age2)aul% *an'ling
#=" =a%*
5apping 'a%aba(e
<a(e o) %*e ,ernel 'ebugger
5o(% &o'e o) 0I ab(%ra&%ion(
9*rea' an' a''re((2(pa&e managemen%
Generic parts in L0
<a(i& 'a%a %ype(
=ro&e((or ab(%ra&%ion
#8V &on%rol, (leep2mo'e (uppor%
/%omi& opera%ion(
=age %able(
=ar%( o) 0I ab(%ra&%ion(
!+i%&* o) "=A an' .=A (%a%e
"=A (pe&i)i& op%imi;a%ion(
%rocessor-specific parts in L0
=ro&e((or mo'e(
mapping %o ,ernel mo'e an' u(er mo'e, mo'e (+i%&*e(
=ro&e((or (%a%e
&on%ex% (+i%&*e(
55A/90<
(pe&i)i& a''re((2(pa&e/page2%able &o'e
"a&*e(
(pe&i)i& &a&*e2&on(i(%en&y *an'ling
"a&*e &on(i(%en&y mu(% be main%aine' (&ri%i&al )or
%a(, (+i%&*e()
#8V &on%roller
ab(%ra&% &on%roller in%er)a&e
Hotspot in perfor"ance (iew
p%imi;e' 'a%a (%ru&%ure( an' &o'e
5inimi;e memory a&&e((e(
5inimi;e &a&*e an' 90< )oo%prin%
5inimi;e number o) in(%ru&%ion( )or )reBuen%ly u(e'
opera%ion(
p%imi;a%ion( o)%en 'epen' on ,no+le'ge o) H>
"a&*e (i;e / a((o&ia%ivi%y
90< (i;e / )ea%ure( (e.g., (uppor%e' page (i;e()
/vailable in(%ru&%ion( in %*e #!/
Generic opti"i1ations
*%%p1//0xlab.org