RESOURCE MANAGEMENT MICHAEL ROITZSCH

Similar documents
RESOURCE MANAGEMENT MICHAEL ROITZSCH

RESOURCE MANAGEMENT MICHAEL ROITZSCH

Microkernel Construction

Björn Döbel. Microkernel-Based Operating Systems. Exercise 3: Virtualization

Microkernel-based Operating Systems - Introduction

Microkernel-based Operating Systems - Introduction

MICROKERNEL CONSTRUCTION 2014

Operating System Kernels

Microkernel-based Operating Systems - Introduction

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Introducing Genode. Norman Feske Genode Labs

PROBABILISTIC SCHEDULING MICHAEL ROITZSCH

Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW

Inter-Process Communication

Faculty of Computer Science, Operating Systems Group. The L4Re Microkernel. Adam Lackorzynski. July 2017

Real Time and Embedded Systems. by Dr. Lesley Shannon Course Website:

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Inter-Process Communication

THREADS ADMINISTRIVIA RECAP ALTERNATIVE 2 EXERCISES PAPER READING MICHAEL ROITZSCH 2

Microkernel Construction. Introduction. Michael Hohmuth. Lars Reuther. TU Dresden Operating Systems Group

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Memory. Björn Döbel. Dresden,

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Naming. Stefan Kalkowski. Dresden,

Inter-Process Communication

Facing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

OS Containers. Michal Sekletár November 06, 2016

Applications, services. Middleware. OS2 Processes, threads, Processes, threads, communication,... communication,... Platform

General-purpose computing with VirtualBox on Genode/NOVA. Norman Feske

Process Description and Control

SECURITY ARCHITECTURES CARSTEN WEINHOLD

Operating System Architecture. CS3026 Operating Systems Lecture 03

Windows 7 Overview. Windows 7. Objectives. The History of Windows. CS140M Fall Lake 1

Network stack virtualization for FreeBSD 7.0. Marko Zec

Operating system organizaton

Lecture 3: O/S Organization. plan: O/S organization processes isolation

OS Extensibility: SPIN and Exokernels. Robert Grimm New York University

A Userspace Packet Switch for Virtual Machines

Today: Protection! Protection!

OS Extensibility: Spin, Exo-kernel and L4

Operating Systems 2010/2011

Lecture 5: Process Description and Control Multithreading Basics in Interprocess communication Introduction to multiprocessors

Exokernel Engler, Kaashoek etc. advantage: fault isolation slow (kernel crossings)

Week 6: Capabilities Advanced Operating Systems ( L)

Developing a Multiserver Operating System. Jakub Jermář February 3, 2010 UINX.CZ

SPPEXA TEACHLET: GETTING STARTED WITH L4RE CARSTEN WEINHOLD

Practical Considerations for Multi- Level Schedulers. Benjamin

Today: Protection. Protection

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Complex Lab Operating Systems 2016 Winter Term.

This lecture is covered in Section 4.1 of the textbook.

Secure Architecture Principles

Operating Systems Overview. Chapter 2

1 System & Activities

EEE 435 Principles of Operating Systems

Operating System Structure

IO virtualization. Michael Kagan Mellanox Technologies

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

OS Security III: Sandbox and SFI

CS 416: Operating Systems Design April 22, 2015

Advanced Operating Systems (CS 202)

History of FreeBSD. FreeBSD Kernel Facilities

Process. Operating Systems (Fall/Winter 2018) Yajin Zhou ( Zhejiang University

Secure Architecture Principles

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Introduction: Context Switch

Sandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018

OS concepts and structure. q OS components & interconnects q Structuring OSs q Next time: Processes

Secure Architecture Principles

Operating System. Operating System Overview. Structure of a Computer System. Structure of a Computer System. Structure of a Computer System

Operating System Structure

Process Monitoring in Operating System Linux

CHAPTER 3 - PROCESS CONCEPT

Virtualization, Xen and Denali

Faculty of Computer Science Institute for System Architecture, Operating Systems Group LEGACY REUSE CARSTEN WEINHOLD

Operating Systems, Fall

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Today: Protection. Sermons in Computer Science. Domain Structure. Protection

Administrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.

CHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Master level: Operating systems, distributed systems, networking,

SECURITY ARCHITECTURES CARSTEN WEINHOLD

Operating Systems : Overview

ELEC 377 Operating Systems. Week 1 Class 2

Virtualization Overview NSRC

6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts

OS structure. Process management. Major OS components. CSE 451: Operating Systems Spring Module 3 Operating System Components and Structure

Chapter 2. Operating-System Structures

Operating System. Operating System Overview. Layers of Computer System. Operating System Objectives. Services Provided by the Operating System

Operating System Overview. Operating System

Chapter 3: Processes. Operating System Concepts 9 th Edition

The Exokernel Or, How I Learned to Stop Worrying and Hate Operating System Abstractions. Dawson Engler, M. Frans Kaashoek, et al

Secure Architecture Principles

Lecture 15 Designing Trusted Operating Systems

Embedded Linux Architecture

System Call. Preview. System Call. System Call. System Call 9/7/2018

Agenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2

L4.Sec Preliminary Microkernel Reference Manual

Problem Set: Processes

Exokernel: An Operating System Architecture for Application Level Resource Management

UI, Graphics & EFL. Carsten Haitzler Principal Engineer Samsung Electronics Korea Founder/Leader Enlightenment / EFL

Transcription:

Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group RESOURCE MANAGEMENT MICHAEL ROITZSCH

AGENDA done: time, drivers today: misc. resources architectures for resource management solutions for specific resources capabilities to manage resource access upcoming: applications, legacy support next week: exercise first in INF E069 2

KERNEL RESOURCES 3

PROBLEM kernel needs memory for its abstractions tasks: page tables threads: kernel-tcb capability tables IPC wait queues mapping database kernel memory is limited opens the possibility of DoS attacks 4

IDEA memory management policy should not be in the kernel account all memory to the application it is needed for (directly or indirectly) kernel provides memory control mechanism exception for bootstrapping: initial kernel memory is managed by kernel 5

SOLUTION untyped memory in sel4 all physical memory unused after bootstrap is represented by untyped memory capabilities can be granted, split or retyped restricted to powers of 2 (see flexpages) initial resource manager gets all (see σ0) user code decides how to use them 6

SOLUTION application retype UM to kernel objects TCB, endpoint, CNode, VNode, frame, interrupt all kernel bookkeeping for the object uses the underlying physical memory no implicit memory allocation by the kernel retyping and splitting is remembered in capability derivation tree revoking recursively destroys all derived capabilities and kernel objects 7

PRINCIPLE separate enforcement and management 8

ARCHITECTURES 9

SPECTRUM low-level resource abstractions explicit management high-level resource abstractions implicit management exokernel multiserver resource containers monolith 10

MONOLITHS enforcement and management implicitly tied to process abstraction isolation accounting process protection domain resource container resource containers were proposed to make resource management explicit bags of resources assigned to subsystems 11

EXOKERNEL Application Management Library OS Enforcement Exokernel 12

DESIGN provide primitives at the lowest possible level necessary for protection use physical names wherever possible resource management primitives: explicit allocation exposed revocation protected sharing ownership tracking 13

CONSEQUENCES each application can use its own library OS library OS es cannot trust each other no central management for global resources think of a file system kernel manages disk ownership with block granularity each library OS comes with its own filesystem implementation one partition per application? 14

SHARING invariants in shared resources must be maintained four mechanisms provided by the exokernel software regions for sub-page memory protection, allows to share state capabilities for access control critical sections wakeup predicates: code downloaded into the kernel for arbitrary checks 15

MULTISERVER Low-Level Resource Manager Higher-Level Resource Manager L4 Microkernel Application Client-Libs works on monolithic kernels too 16

LEVELS different abstraction levels for resources basic resources hardware compound resources memory, CPU, IO-ports, interrupts block device, framebuffer, network card file, GUI window, TCP session 17

HIERARCHIES applications can access resource on the abstraction level they need servers implementing a resource can use other, lower-level resources isolation allows managers to provide realtime guarantees for their specific resource DROPS: Dresden Real-time OPerating System 18

EXAMPLES 19

ANKH driver for physical wget network card built with DDE using lwip Linux 2.6 drivers provides multiple Ankh virtual network cards implements a simple virtual bridge 20

LWIP wget lwip light-weight IP Stack TCP/IP, UDP, ICMP Ankh 21

WGET wget lwip clients can use standard BSD socket interface Ankh 22

WINDHOEK IDE driver to access L4Re VFS hard disks includes disk request Filesystem scheduling based on DDE Windhoek provides block device ongoing work on USB block devices 23

FILESYSTEM L4Re VFS Filesystem no real one implemented yet we have a tmpfs using RAM as backing store Windhoek VPFS: securely reuse a Linux filesystem 24

L4RE VFS L4Re VFS hierarchical name space Filesystem connects subtrees to different backend servers Windhoek aka mounting 25

MAG Terminal multiplexes the frame buffer DOpE no virtual desktops, but window merging mag details in the legacy / security lectures 26

DOPE Terminal widget drawing server handles mouse and DOpE keyboard input can also operate on mag raw framebuffer real-time capable 27

TERMINAL DOpE client providing Terminal a terminal window VT100 emulation DOpE can support readline applications mag shell python 28

RESOURCE ACCESS 29

EXAMPLE Worker A Worker B Manager Service 30

GOOGLE CHROME separate processes chrome parent sandboxes for tabs implementation on Linux: glorious mix of chroot(), clone() and setuid() there must be a better way 31

TWO WORLDS POSIX POLA operations allowed by default nothing allowed by default some limited restrictions apply every right must be granted ambient authority explicit authority 32

L4RE L4Re the L4 Runtime Environment set of libraries and system services on top of the Fiasco.OC microkernel 33

CAPABILITIES Fiasco.OC and L4Re form an object-capability system actors in the system are objects objects have local state and behavior capabilities are references to objects any object interaction requires a capability unseparable and unforgeable combination of reference and access right 34

CAPABILITIES Task A Task B Capability Table 1 2 3 4 5 1 2 3 4 5 Capability Table A B C D E Fiasco.OC 35

HOW TO USE? invocation of any object requires a capability to that object no global names no sophisticated rights representation beyond capability ownership just four rights bits on objects C++ language integration capabilities passed as message payload 36

CAP TRANSFER Task A Task B X 37

CAP TRANSFER Task A Task B X 1 2 3 4 5 1 2 3 4 5 37

CAP TRANSFER Task A Task B X 1 2 3 4 5 1 2 3 4 5 37

EXAMPLE Worker A Worker B Manager Service 38

EXAMPLE Worker A Worker B Manager Service 38

EXAMPLE Worker A Worker B Manager Service 38

EXAMPLE Worker A Worker B Manager Service mag 39

MAG factory for new Manager framebuffer sessions session object backing store memory Factory S S mag view: visible rectangle on the backing store metadata, refresh method How does it appear on the screen? 40

MAG Factory S S mag hardware framebuffer is memory with side effect all memory is initially fb-drv mapped to the root task framebuffer driver moe find framebuffer memory wrap in FB-interface Memory same interface as mag s 41

INTERFACES virtualizable interfaces L4Re uses one interface per resource independent of the implementation servers can (re-)implement any interface the kernel is a special server: provides low-level objects that need CPU privileges minimal policy userland servers can augment 42

EXAMPLES Graphics pong Thread scheduling multithreaded application mag balancer fb-drv kernel 43

CONCLUSION all services provided as objects uniform access control with capabilities invocation is the only system call virtualizable: all interfaces can be interposed resource refinement and multiplexing transparent to clients 44

SUMMARY kernel resource management basic resource management concepts resource containers exokernel multiserver management details for specific resources object capabilities and virtualizable interfaces 45

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback