G Xen and Nooks. Robert Grimm New York University

Similar documents
Nooks. Robert Grimm New York University

Improving the Reliability of Commodity Operating Systems. Mike Swift, Brian Bershad, Hank Levy University of Washington

Improving the Reliability of Commodity Operating Systems

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Advanced Operating Systems (CS 202) Virtualization

Background. IBM sold expensive mainframes to large organizations. Monitor sits between one or more OSes and HW

Initial Evaluation of a User-Level Device Driver Framework

0x1A Great Papers in Computer Security

The Kernel Abstraction

Xen and the Art of Virtualization

Xen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

COS 318: Operating Systems. Virtual Machine Monitors

Reducing downtimes by replugging device drivers

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Part 1: Introduction to device drivers Part 2: Overview of research on device driver reliability Part 3: Device drivers research at ERTOS

Virtualization. Pradipta De

IT 540 Operating Systems ECE519 Advanced Operating Systems

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Recovering Device Drivers

Virtualization, Xen and Denali

Xen and the Art of Virtualization

CSE 120 Principles of Operating Systems

Operating System Security

Machines and Virtualization. Systems and Networks Jeff Chase Spring 2006

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

CSE 120 Principles of Operating Systems

G Disco. Robert Grimm New York University

Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich

Embedded Systems Programming

OS Virtualization. Why Virtualize? Introduction. Virtualization Basics 12/10/2012. Motivation. Types of Virtualization.

Lightweight Remote Procedure Call. Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat

CS 5460/6460 Operating Systems

OS Extensibility: SPIN and Exokernels. Robert Grimm New York University

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

Exokernel: An Operating System Architecture for Application Level Resource Management

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Chapter 5 B. Large and Fast: Exploiting Memory Hierarchy

Processes. Johan Montelius KTH

Memory Protection. Machines and Virtualization. Architectural Foundations of OS Kernels. Memory and the CPU. Introduction to Virtual Addressing

A process. the stack

Portland State University ECE 587/687. Virtual Memory and Virtualization

CSCE 410/611: Virtualization!

CS370 Operating Systems

CS370 Operating Systems

CS 326: Operating Systems. Process Execution. Lecture 5

Virtual Machine Monitors (VMMs) are a hot topic in

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

VMMS: DISCO AND XEN CS6410. Ken Birman

CSCE 410/611: Virtualization

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst

DISCO and Virtualization

Virtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Cloud Computing Virtualization

CSE 153 Design of Operating Systems

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

COS 318: Operating Systems

COS 318: Operating Systems

Kernel Support for Paravirtualized Guest OS

Overshadow: Retrofitting Protection in Commodity Operating Systems

Xen and the Art of Virtualiza2on

CSC 5930/9010 Cloud S & P: Virtualization

Live Migration of Direct-Access Devices. Live Migration

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING UNIT I

CSE 153 Design of Operating Systems Fall 18

CS370 Operating Systems

Difference Engine: Harnessing Memory Redundancy in Virtual Machines (D. Gupta et all) Presented by: Konrad Go uchowski

Chapter 4: Threads. Operating System Concepts 9 th Edit9on

Increase KVM Performance/Density

references Virtualization services Topics Virtualization

System Virtual Machines

Background. IBM sold expensive mainframes to large organiza<ons. Monitor sits between one or more OSes and HW

Processes and Exceptions

VIRTUALIZATION: IBM VM/370 AND XEN

Chapter 4: Threads. Overview Multithreading Models Threading Issues Pthreads Windows XP Threads Linux Threads Java Threads. Operating System Concepts

CS370 Operating Systems

CHAPTER 16 - VIRTUAL MACHINES

Lecture 5: February 3

CSE 120 Principles of Operating Systems Spring 2017

SymCall: Symbiotic Virtualization Through VMM-to-Guest Upcalls

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

CSE 120 Principles of Operating Systems

I.-C. Lin, Assistant Professor. Textbook: Operating System Concepts 8ed CHAPTER 4: MULTITHREADED PROGRAMMING

Fast access ===> use map to find object. HW == SW ===> map is in HW or SW or combo. Extend range ===> longer, hierarchical names

Chapter 5 C. Virtual machines

Anne Bracy CS 3410 Computer Science Cornell University

The Kernel Abstrac/on

CS 550 Operating Systems Spring Introduction to Virtual Machines

CSE 120 Principles of Operating Systems

Distributed Systems Operation System Support

Virtual Virtual Memory

Move back and forth between memory and disk. Memory Hierarchy. Two Classes. Don t

Memory Management Ch. 3

OS: An Overview. ICS332 Operating Systems

OS concepts and structure. q OS components & interconnects q Structuring OSs q Next time: Processes

Lecture 2: Architectural Support for OSes

Transcription:

G22.3250-001 Xen and Nooks Robert Grimm New York University

Agenda! Altogether now: The three questions! The (gory) details of Xen! We already covered Disco, so let s focus on the details! Nooks! The grand tour

Altogether Now: The Three Questions! What is the problem?! What is new or different?! What are the contributions and limitations?

The (Gory) Details of Xen

The Details of Xen! Memory management! X86 has hardware-accessed page tables and TLB! Guest OS s responsible for managing page tables! CPU! Provide machine memory (from their reservations)! Have direct read-only access! Defer to Xen for updates! Guest OS s run in otherwise unused ring 1! Privileged instructions are processed by Xen! Fast exception handler does not require Xen interaction! Must execute outside ring 0

The Details of Xen (cont.)! Device I/O! Xen presents idealized device abstraction! Data is transferred through shared-memory buffer rings! Upcalls are delivered through event delivery mechanism

The Gory Details! Control transfer! Hypercalls: synchronous software traps to VMM! Events: asynchronous, possibly batched upcalls to VMs! Data transfer through I/O rings! Separate descriptors from actual data! Zero-copy transfer for data! Support batching and re-ordering

The Gory Details (cont.)! Virtual memory! Remember: Guest OS s manage page tables! Exposes names and allocation! Validated by types and reference counts! Page directory/table, local/global descriptor table, writable! Page directory and tables pinned! Cannot be swapped (why?)! Physical memory! Controlled through balloon driver! Pins pages, which are then returned to VMM! Mapped into machine memory! Xen publishes machine-to-physical mapping

Nooks

Nooks in One Slide! An isolation and recovery service! Manages kernel-space extensions! Targeted at commodity kernels! Implemented in Linux, should be easily portable to other OSs! Detects, removes, and restarts misbehaving extensions! But not malicious ones

Why Do We Need Safe Extensions for Commodity Kernels?! Cost of failures continues to rise! Downtime of mission-critical systems! Staffing for help-desk! Extensions are common-place! 70% of Linux code! 35,000 different drivers with 120,000 versions for Windows XP! Extensions are leading cause of failures! 85% of failures for Windows XP! 7 times more bugs in drivers than in rest of kernel for Linux

Why Not Use X?! Capabilities, segments! Need specialized hardware, no support for recovery! Micro-, pico-, exo-kernels! No support for recovery, some performance concerns! Transactions! Sloooooooooooooooooooowwwwwwwwww! Type-safe languages and runtimes! Not backwards compatible! Software fault isolation! No support for recovery

Why Not Use X? (cont.)! Virtual machines! Still have drivers in VMM!But lead us to important insight! Only virtualize interface between kernel and extensions! In other words, we don t need to be perfect, just good enough.

Nooks Architecture! Two principles! Design for fault resistance, not fault tolerance! Design for mistakes, not abuse! Three goals! Isolation! Recovery! Backward compatibility

Nooks Architecture: Four Functions! Isolation! Lightweight protection domains for extensions! Extension procedure call (XPC)! Interposition! Wrappers for all kernel extension crossings! Manage control and data flow! Object-tracking! List of kernel data structures modified by extension! Recovery! Removal, restarting of extensions

Nooks Implementation! Additional layer for Linux 2.4.18! Same privilege for all code (ring 0)! Memory protection through page tables Compared to 2.4 million lines in Linux kernel

Isolation! Lightweight protection domains! Private memory structures for each extension! Heap, stacks, memory-mapped I/O regions, buffers! Different page tables for kernel and each extension! XPC! Kernel can read and write all memory! Each extension can only write its own memory! Saves caller s context, finds stack, changes page tables! May be deferred! Amortize cost over several logical transfers

Interposition & Wrappers! How to interpose?! Bind extensions to wrappers instead of kernel functions! Explicitly interpose on extension initialization call! Replace function pointers with wrapped versions! What about kernel objects?! Some are read only " done! Some are written by extensions! Non-performance-critical updates through XPC! Performance-critical updates on shadow copy, synchronized through a deferred XPC on next regular XPC

More on Wrappers: What They Do, How to Write Them! Check parameters for validity! Implement call-by-value-result for kernel objects! Perform XPC! Skeleton generated by tool! Body written by hand

Even More on Wrappers: Code Sharing

Object Tracker! Currently supports 43 types! E.g., tasklets, PCI devices, inodes! Records addresses of all objects! Used for one XPC only: table attached to task structure! Used across several XPCs: hash table! Tracks object lifetimes! Single XPC call! Explicit allocation and deallocation! Semantics of object (e.g., timer data structure)

Recovery! Triggered by! Parameter validation, exceptions, signals! Performed by! Recovery manager! Cleans up after extension! User-mode agent! Determines recovery policy! Performed in several stages! Disable interrupts, unload extension, release resources, reload and restart extension, re-enable interrupts

Limitations! Extensions run in kernel mode! May execute privileged instructions! May loop forever (but Nooks detects livelock)! Parameter checking is incomplete! Recovery safe only for dynamically loaded extensions

Evaluation! The two eff s! Effectiveness (reliability)! Efficiency (performance)

Effectiveness But catches only few non-fatal failures Nooks prevents 99% of system crashes

Efficiency! XPC rate serves as performance indicator! Three broad categories

Efficiency (cont.)! There s more code to run! The code runs more slowly

Discussion! If only we had a software/tagged TLB! What about end-to-end benchmarking?! All/most drivers managed by Nooks! Typical application mix! Server/desktop environment! How many wrappers is enough wrappers?! Remember the code-sharing slide! How general is Nooks?! Only one communication pattern is supported! Kernel extension, but not between extensions! So, when should we use Nooks?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback