MODERN SYSTEMS: EXTENSIBLE KERNELS AND CONTAINERS

Similar documents
Extensible Kernels: Exokernel and SPIN

MICROKERNELS: MACH AND L4

Exokernel: An Operating System Architecture for Application Level Resource Management

Xen and the Art of Virtualization

VIRTUALIZATION: IBM VM/370 AND XEN

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

OS Extensibility: Spin, Exo-kernel and L4

OS Extensibility: SPIN and Exokernels. Robert Grimm New York University

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

The Exokernel Or, How I Learned to Stop Worrying and Hate Operating System Abstractions. Dawson Engler, M. Frans Kaashoek, et al

Virtualisation: Jails and Unikernels

Xen and the Art of Virtualization

Unikernels. No OS? No problem! Kevin Sapper ABSTRACT

LightVMs vs. Unikernels

Exokernel Engler, Kaashoek etc. advantage: fault isolation slow (kernel crossings)

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

Operating System Kernels

OS DESIGN PATTERNS II. CS124 Operating Systems Fall , Lecture 4

The performance of the native Windows 10 Docker application with integrated Unikernel libraries

Mach External pager. IPC Costs. Why the difference? Example of IPC Performance. First generation microkernels were slow Mach, Chorus, Amoeba

Operating System Structure

Supporting Isolation for Fault and Power Management with Fully Virtualized Memory Systems

Modern systems: multicore issues

Operating System Structure

Kernel Support for Paravirtualized Guest OS

Disco. CS380L: Mike Dahlin. September 13, This week: Disco and Exokernel. One lesson: If at first you don t succeed, try try again.

Dynamic Translator-Based Virtualization

Xen and the Art of Virtualiza2on

Cute Tricks with Virtual Memory

Extensibility, Safety, and Performance in the Spin Operating System

Today s Papers. Virtual Machines Background. Why Virtualize? EECS 262a Advanced Topics in Computer Systems Lecture 19

An Analysis of HPC Benchmarks in Virtual Machine Environments

Live Virtual Machine Migration with Efficient Working Set Prediction

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

Operating System Structure

SPIN Operating System

Xen is not just paravirtualization

Operating Systems Structure. Otto J. Anshus

Advanced Systems Security: Virtual Machine Systems

Real Time and Embedded Systems. by Dr. Lesley Shannon Course Website:

6.828: OS/Language Co-design. Adam Belay

Extensibility, Safety and Performance in the SPIN Operating System

Is Virtualization Killing SSI Research? Jérôme Gallard Kerrighed Summit Paris February 2008

Staff. Advanced Operating Systems. Why are you here? What can you expect?

Syscalls, exceptions, and interrupts, oh my!

Advanced Systems Security: Virtual Machine Systems

Advanced Operating Systems. COMP9242 Introduction

We ve seen lots of examples of virtualization. This is another: a virtual machine monitor. A VMM virtualizes an entire hardware machine.

The Performance of µ-kernel-based Systems

Advanced Operating Systems. COMP9242 Introduction

Staff. Advanced Operating Systems. Why are you here? What can you expect?

Seminar HPC Trends Winter Term 2017/2018 New Operating System Concepts for High Performance Computing

Xkvisor. responds to syscalls from that user process via the syscall redirection mechanism.

OS concepts and structure. q OS components & interconnects q Structuring OSs q Next time: Processes

CS533 Concepts of Operating Systems. Jonathan Walpole

Authors : Ruslan Nikolaev Godmar Back Presented in SOSP 13 on Nov 3-6, 2013

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Java. Measurement of Virtualization Overhead in a Java Application Server. Kazuaki Takahashi 1 and Hitoshi Oi 1. J2EE SPECjAppServer2004

Introduction to Functional Programming in OCaml

Initial Evaluation of a User-Level Device Driver Framework

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

The Future of Virtualization

Introduction: Context Switch

CSE 120 Principles of Operating Systems

Anne Bracy CS 3410 Computer Science Cornell University

COS 318: Operating Systems

International Journal of Scientific & Engineering Research, Volume 7, Issue 11, November-2016 ISSN

Reducing Hit Times. Critical Influence on cycle-time or CPI. small is always faster and can be put on chip

The Virtualization Reality

Lecture 4: Extensibility (and finishing virtual machines) CSC 469H1F Fall 2006 Angela Demke Brown

Anne Bracy CS 3410 Computer Science Cornell University

Operating Systems Structure and Processes Lars Ailo Bongo Spring 2017 (using slides by Otto J. Anshus University of Tromsø/Oslo)

MODELING OF CPU USAGE FOR VIRTUALIZED APPLICATION

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Hakim Weatherspoon CS 3410 Computer Science Cornell University

Virtualization and memory hierarchy

VMMS: DISCO AND XEN CS6410. Ken Birman

Services in the Virtualization Plane. Andrew Warfield Adjunct Professor, UBC Technical Director, Citrix Systems

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Virtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.

Lec 22: Interrupts. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements

Background: Operating Systems

XOmB: an Exokernel for Modern 64-bit, Multicore Hardware

Advanced Operating Systems (CS 202) Virtualization

Unikernels? Thomas [Twitter]

Java Without the Jitter

16 Sharing Main Memory Segmentation and Paging

Eraser: Dynamic Data Race Detection

Operating Systems. Operating System Structure. Lecture 2 Michael O Boyle

AVM: Application-Level Virtual Memory. Dawson R. Engler Sandeep K. Gupta M. Frans Kaashoek. fengler, skgupta,

64-bit ARM Unikernels on ukvm

The Exokernel Operating System Architecture. Dawson R. Engler

INFLUENTIAL OS RESEARCH

L4/Darwin: Evolving UNIX. Charles Gray Research Engineer, National ICT Australia

Distributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1

Keywords: disk throughput, virtual machine, I/O scheduling, performance evaluation

Virtual Memory. CS 3410 Computer System Organization & Programming

CHAPTER 16 - VIRTUAL MACHINES

CS 550 Operating Systems Spring Introduction to Virtual Machines

CSCE 410/611: Virtualization

Transcription:

1 MODERN SYSTEMS: EXTENSIBLE KERNELS AND CONTAINERS CS6410 Hakim Weatherspoon

Motivation 2 Monolithic Kernels just aren't good enough? Conventional virtual memory isn't what userspace programs need (Appel + Li '91) Application-level control of caching gives 45% speedup (Cao et al '94) Application-specific VM increases performance (Krueger '93, Harty + Cheriton '92) Filesystems for databases (Stonebraker '81) And more...

Motivation 3 Lots of problems

Motivation 4 Lots of problems Lots of design opportunities!

Motivation 5 Extensibility Security Performance Can we have all 3 in a single OS? From Stefan Savage s SOSP 95 presentation

Context for these papers 1990 s Researchers (mostly) were doing special purpose OS hacks Commercial market complaining that OS imposed big overheads on them OS research community began to ask what the best way to facilitate customization might be. In the spirit of the Flux OS toolkit 2010 s containers: single-purpose appliances Unikernels: ( sealable ) single-address space Compile time specialized

Motivation 7 1988-1995: lots of innovation in OS development Mach 3, the first true microkernel SPIN, Exokernel, Nemesis, Scout, SPACE, Chorus, Vino, Amoeba, etc... And even more design papers

Motivation 8 Exploring new spaces Distributed computing Secure computing Extensible kernels (exokernel, unikernel) Virtual machines (exokernel) New languages (spin) New memory management (exokernel, unikernel)

Exokernel Dawson R. Engler, M. Frans Kaashoek and James O Toole Jr. Engler s Master s Thesis. Follow-up publications on 1997 and 2002. Kaashoek later worked on Corey.

Exokernels - Motivation 11 Existing Systems offer fixed high-level abstractions which is bad Hurt app performance (generalization eg: LRU) Hide information (eg: page fault) Limit functionality (infrequent changes cool ideas don t make it through)

Motivation (cont.) 12 Separate protection from management, mgmt in user space Apps should use domain specific knowledge to influence OS services Small and simple kernel adaptable and maintainable

Exokernel 13 Kernel only multiplexes hardware resources (Aegis) Higher-level abstractions in Library OS (ExOS) Secure binding, Visible resource revocation, Abort Apps link with the LibOS of their choice

OS Component Layout 14 Exokernel

Exokernel main ideas Kernel Resource sharing, not policies Library Operating System Responsible for the abstractions IPC VM Scheduling Networking

Lib OS and the Exokernel 16 Lib OS (untrusted) can implement traditional OS abstractions (compatibility) Efficient (Lib OS in user space) Apps link with Lib OS of their choice Kernel allows LibOS to manage resources, protects LibOss

Exokernel vs Microkenels vs VM Exokernel defines only a low-level interface. A microkernel also runs almost everything on user-level, but has fixed abstractions. A VM emulates the whole machine, doesn t provide direct access.

Design 19 Application-level resource management Exports hardware resources Multiplexes access between processes Separates policy from management avoid resource management!

What problems do we solve? 20 High-level abstractions hurt application performance Hide information Limit functionality Existing monolithic kernels Encourage stable (archaic) interfaces Difficult to extend with modern techniques

How do we solve them: Design 21 Secure bindings Downloading code Visible resource revocation The abort protocol

How do we solve them: Design 22 Secure bindings Downloading code Visible resource revocation The abort protocol

Secure bindings 23 Decouples authorization from use Authorize once, at bind time Use transferable capabilities to check access Cache bindings in-kernel to decrease binding frequency Example: huge software-based TLB

How do we solve them: Design 24 Secure bindings Downloading code Visible resource revocation The abort protocol

Downloading code 25 Userspace application produces kernel space code Access checks at download time Code is verified before being run, with JIT for speed

How do we solve them: Design 26 Secure bindings Downloading code Visible resource revocation The abort protocol

Visible resource revocation 27 Revocation traditionally invisible (or transparent) Expensive: have to save entire state Try visible instead! Save only the state you need Kernel gives you a few microseconds to do it

How do we solve them: Design 28 Secure bindings Downloading code Visible resource revocation The abort protocol

29 Revocation: kernel asks process for resource relinquish page 5 please Process tracks state and returns resource Abort: kernel demands resource page 5 in 50 microseconds Takes resource by force Invalidates credentials and bindings. Notifies library operating system

Exokernel DEC MIPS Aegis: actual exokernel Processor Physical memory TLB Exceptions, Interrupts ExOS: library operating system Processes, IPC, Virtual Memory, Network protocols

Microbenchmark results

ExOS Virtual Memory 32 + Fast Sys call. - Half the time in look-up (vector). Repeated access to Aegis STLB and ExOS PageTable

Perspective Extensible kernels are actually fast. End-to-end arguments. Efficient implementations. Extensibility without loss of security or performance Exokernels Safely export machine resources Decouple protection from management

Containers Grouping of processes Provide isolation between groups Containers cannot customize operating systems Isn t this similar to the problem exokernels tried to solve? Container Container Container MySQL Web Server MySQL Web Server Web Server OS Hypervisor

Unikernel: Library Operating Systems for the Cloud Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Ralraj Singh, ThomasGazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft University of Cambridge, University of Nottingham, Citrix Systems Ltd, OCamlPro SAS In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems pg. 461 472. Unikernel slides from Shannon Joyner

Unikernel = EXOKERNEL + CONTAINERs Run one application per virtual machine One process per application Everything compiled into a VM image Unikernel, Figure 1 Do not compile unused code

Unikernel Run directly on top of standard hypervisor Can run multiple unikernels on the same hypervisor Unikernel Application OS Unikernel Application OS Unikernel Application OS Hypervisor

Mirage Produces unikernels Compiles OCaml code to Xen VM image 4 main components Text + Data segment Foreign Grants Minor Heap Major Heap Unikernel, Figure 2

Text and Data OCaml Runtime PVBoot Initializes VM Unikernel, Figure 2

HEAP Minor Heap Short lived values in VM Fast Major Heap Long lived values Unikernel, Figure 2

Foreign Grants Used for VM communication Write data to a grant table Exchange table between VM address spaces Unikernel, Figure 2

ApACHE BENCHMARK Mirage unikernel improvements result in better performance than having multiple cores Unikernel, Figure 2

Exokernel versus Unikernel Exokernel All applications on same system Poor isolation Unikernel Single application per system Better isolation

Next Time Read and write review: The Origin of the VM/370 Time-Sharing System, R. J. Creasy, In IBM Journal of Research and Development, 25(5):483-490, September 1981. Xen and the Art of Virtualization, Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield. 19th ACM symposium on Operating systems principles (SOSP), October 2003, page 164--177.

Next Time MP1 part 2 due Friday Project Survey Paper proposals due next week Presentation schedule Check website for updated schedule

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback