Faculty of Computer Science, Operating Systems Group. The L4Re Microkernel. Adam Lackorzynski. July 2017

Similar documents
MICROKERNEL CONSTRUCTION 2014

Microkernel Construction

Microkernels and Portability. What is Portability wrt Operating Systems? Reuse of code for different platforms and processor architectures.

Fakultät Informatik Institut für Systemarchitektur, Betriebssysteme THE NOVA KERNEL API. Julian Stecklina

Björn Döbel. Microkernel-Based Operating Systems. Exercise 3: Virtualization

THREADS ADMINISTRIVIA RECAP ALTERNATIVE 2 EXERCISES PAPER READING MICHAEL ROITZSCH 2

Inter-Process Communication

Microkernel-based Operating Systems - Introduction

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Inter-Process Communication

Microkernel-based Operating Systems - Introduction

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Inter-Process Communication

Memory, IPC, and L4Re

Introduction. COMP9242 Advanced Operating Systems 2010/S2 Week 1

Microkernel Construction. Introduction. Michael Hohmuth. Lars Reuther. TU Dresden Operating Systems Group

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Memory. Björn Döbel. Dresden,

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Virtualization. Henning Schild. Dresden,

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

VIRTUALIZATION. Dresden, 2011/12/6. Julian Stecklina

Advanced Operating Systems (CS 202) Virtualization

I/O and virtualization

CS533 Concepts of Operating Systems. Jonathan Walpole

Microkernel-based Operating Systems - Introduction

CSCE Introduction to Computer Systems Spring 2019

The Performance of µ-kernel-based Systems

Chapter 5 C. Virtual machines

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Master s Thesis! Improvement of the Virtualization Support in the Fiasco.OC Microkernel! Julius Werner!

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Introduction. COMP /S2 Week Gernot Heiser UNSW/NICTA/OKL. Distributed under Creative Commons Attribution License 1

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Introduction Construction State of the Art. Virtualization. Bernhard Kauer OS Group TU Dresden Dresden,

Operating Systems 4/27/2015

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

3.1 Introduction. Computers perform operations concurrently

Four Components of a Computer System

µ-kernel Construction (12)

Hardware OS & OS- Application interface

Module 1: Virtualization. Types of Interfaces

RESOURCE MANAGEMENT MICHAEL ROITZSCH

Predictable Interrupt Management and Scheduling in the Composite Component-based System

TCBs and Address-Space Layouts Universität Karlsruhe, System Architecture Group

Facing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016

CSE 120 Principles of Operating Systems

Virtualization. Pradipta De

User-level Management of Kernel Memory

A Userspace Packet Switch for Virtual Machines

RESOURCE MANAGEMENT MICHAEL ROITZSCH

The Architecture of Virtual Machines Lecture for the Embedded Systems Course CSD, University of Crete (April 29, 2014)

Nested Virtualization Friendly KVM


AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Architectural Support for Operating Systems. Jinkyu Jeong ( Computer Systems Laboratory Sungkyunkwan University

CPSC 341 OS & Networks. Introduction. Dr. Yingwu Zhu

Overview. This Lecture. Interrupts and exceptions Source: ULK ch 4, ELDD ch1, ch2 & ch4. COSC440 Lecture 3: Interrupts 1

Task Scheduling of Real- Time Media Processing with Hardware-Assisted Virtualization Heikki Holopainen

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Nested Virtualization and Server Consolidation

Virtualization and memory hierarchy

Introduction to Operating Systems Prof. Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology, Madras

Advanced Systems Security: Virtual Machine Systems

Motivation. Threads. Multithreaded Server Architecture. Thread of execution. Chapter 4

Transplantation of VirtualBox to the NOVA microhypervisor. Norman Feske

Dynamic Translator-Based Virtualization

Architectural Support for Operating Systems. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Operating System. Operating System Overview. Structure of a Computer System. Structure of a Computer System. Structure of a Computer System

KVM for IA64. Anthony Xu

Part V. Process Management. Sadeghi, Cubaleska RUB Course Operating System Security Memory Management and Protection

Chapter 1: Introduction. Operating System Concepts 9 th Edit9on

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Threads, SMP, and Microkernels. Chapter 4

CHAPTER 16 - VIRTUAL MACHINES

The Multikernel: A new OS architecture for scalable multicore systems Baumann et al. Presentation: Mark Smith

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

Operating Systems. Operating System Structure. Lecture 2 Michael O Boyle

Embedded Systems Programming

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

L4 User Manual API Version X.2

Inter-Process Communication and Synchronization of Processes, Threads and Tasks: Lesson-1: PROCESS

KVM Weather Report. Amit Shah SCALE 14x

System Call. Preview. System Call. System Call. System Call 9/7/2018

Problem Set: Processes

General-purpose computing with VirtualBox on Genode/NOVA. Norman Feske

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

KVM Weather Report. Red Hat Author Gleb Natapov May 29, 2013

CHAPTER 8 - MEMORY MANAGEMENT STRATEGIES

MOS - VIRTUALIZATION. Tobias Stumpf, Marcus Hähnel WS 2015/16

Linux and Xen. Andrea Sarro. andrea.sarro(at)quadrics.it. Linux Kernel Hacking Free Course IV Edition

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Agenda Process Concept Process Scheduling Operations on Processes Interprocess Communication 3.2

OS DESIGN PATTERNS II. CS124 Operating Systems Fall , Lecture 4

Problem Set: Processes

Main Points of the Computer Organization and System Software Module

Micro VMMs and Nested Virtualization

VIRTUALIZATION. Dresden, 2013/12/3. Julian Stecklina

Chapter 8: Main Memory

Processes and Threads

Computer Systems A Programmer s Perspective 1 (Beta Draft)

Transcription:

Faculty of Computer Science, Operating Systems Group The L4Re Microkernel Adam Lackorzynski July 2017

2 Agenda Plan What is L4Re? History The L4Re Microkernel / Hypervisor Fiasco Interfaces SMP Virtualization...

3 L4Re L4Re is a microkernel-based operating system framework Provides building blocks build systems Security Safety Real-time Framework for building µapps Libraries and services, libc, pthread, libstdc++, program loading, POSIX subset, shared libraries, memory allocators,

4 L4Re & Fiasco Timeline ~1995+: Jochen Liedtke develops L4 microkernel New minimalistic approach; pure assembly; performance Interface: L4-v2 ~1996+: First application: L4Linux ~1997+: Development of Fiasco starts Original L4 kernel restrictive Modern C++-based design DROPS project (Dresden Real-time OPerating System) Fiasco is a real-time kernel Uni Karlsruhe: L4-x0, L4-x2/v4 interfaces L4Env L4 Environment Environment to run applications on the system

5 L4Re & Fiasco Timeline General shift from real-time to security All interfaces (v2 + x2/v4) not suited Global identifiers New interface: Capability-based naming Needs redesign of whole user-level framework and applications New: L4Re Capability-based run-time environment Kernel/user co-design Uniform & transparent service invocation L4Re developed & maintained by Kernkonzept

6

L4Re Microkernel Also called: L4Re Hypervisor Fiasco.OC Fiasco Continuously developed since 1997 Started as a single-processor kernel for x86-32 Initially on the Pentium-1 Followed by: ARM, 32bit Itanium IA64 ppc32, sparc MIPS: 32bit + 64bit (r2+r6, LE/BE) ARM, 64bit 7

8 L4Re Microkernel Today Capability-based access model Multi-processor Multi-architecture: ARM, MIPS, x86 (more WiP architectures) 32 & 64 bit Generic virtualization approach Paravirtualization Hardware-assisted virtualization: ARM VE, MIPS VZ, Intel VT, AMD SVM For most people it s a hypervisor

9 Objects and Capabilities Every accessible function is called through an object C++ object, derived from Kobject E.g. Thread and Task Each such object has a pointer A capability is such a pointer But protected by the kernel By an indirection through an array in kernel s address space Invocation is done with an integer indexing into the array Implemented with a sparse array

10 L4::Ipc_gate Crucial object: Communication channel (between tasks) One thread listens to messages Multiple threads can send to it Thread Thread Thread

11 IPC Inter-Process Communication Actually between threads UTCB User Thread Control Block Storage space to exchange data with the kernel Special memory that does not fault Capability invocation sending a message to an object Data transfered via the UTCB

12 Invoking / Calling the Kernel Thread UTCB capability Object LABEL MRs BRs TCRs TAG p i w f Message p i w f Opcode Parameters Operation

13 IPC TAG message descriptor Number of words Number of items Flags Protocol ID (type of payload) LABEL protected message payload Secure identification of a specific capability a message was sent through

14 UTCB Content MR BR message registers Untyped message data Message items (capabilities, memory pages, IO ports) buffer registers Receive buffers for capabilities, memory, IO-ports Absolute timeouts TCR thread control registers Error code User values

Communication IPC Sender Thread Receiver Thread UTCB capability IPC GATE LABEL UTCB MRs MRs BRs BRs TCRs TCRs LABEL LABEL TAG p i w f p i w f TAG 15

16 IPC Synchronous Sender waits until the receiver is ready to receive Blocking can be limited by a timeout Data-only IPC is atomic Mapping IPC can block (not atomic) Atomic send receive transition in call Reply can have a zero timeout

Asychronous IRQ Message Receiver Thread UTCB Device HW IRQ IRQ MRs User App trigger sys-call LABEL BRs TCRs LABEL p i w f TAG 17

Page-fault & Exception Message Receiver Thread Faulting Thread pager capability IPC GATE LABEL UTCB Page-fault message MRs Fault Address... p i w f BRs TCRs LABEL p i w f TAG 18

19 Passing on Resources Granting tasks access to resources Memory (including IO-memory) Capabilities (and as such other resource as interrupts) Access rights are sent via IPC Flexpages describing resources in the sender address space Are sent to the receiver Map & Unmap operations

L4 Virtual Memory Model 20

21 SMP Model Supports multi-processor on all supported architectures Model: Explicit migration by user-level Address spaces span over cores Transparent cross-core IPC Proxying, programming interface,... User-level can be restricted to where to migrate

22 Kernel Objects L4::Task / L4::VM L4::Thread / L4::vCPU L4::IPC_gate L4::IRQ L4::ICU L4::PFC L4::Vcon L4::Scheduler L4::Factory L4::Debugger

23 Tasks Passive protection domain No threads Memory protection (incl. x86 IO-ports) Adress space(s) Access control (kernel objects, IPC) Object space User-level managed Managed by sparse array Lock free access (using RCU)

24 Thread Executes in a task Access to virtual memory and capabilities of that task States: ready, running, blocked UTCB Active endpoint in synchronous IPC Needs scheduling parameters to run VCPU mode (later)

25 Factory Create (kernel) objects Limited by kernel-memory quota Secondary kernel memory also accounted: page tables, KU memory, FPU state buffers, mapping nodes,.. Generic interface User for kernel and user-level objects

26 IPC_gate Messages forwarded to a thread Including protected label for secure identification Fundamental primitive for user-level objects

27 IRQ Asynchronous signaling Signal forwarded as message to thread No payload Including protected label for identification Fundamental primitive for hardware IRQs and software signaling

28 ICU Interrupt controller abstraction Binds an IRQ object to a hardware IRQ pin / source IRQ object gets triggered by hardware interrupt Control parameters of IRQ pin / source Generic interface Also used for virtual IRQ sources (triggered by software)

29 Scheduler Manage CPUs and CPU time Bind thread to CPU Control scheduling parameters Gather statistics Generic interface Used to define resource management policies

30 Remaining Kernel objects PFC: Platform control: Enable/disable CPUs Suspend/resume Reset / Poweroff (depending on platform) Vcon: Console access Debugger: Access to in-kernel debugger

31 Virtualization Generic virtualization approach Paravirtualization Making an OS a native L4Re application, e.g. L4Linux Hardware-assisted virtualization Using CPU features: Intel VT-x, AMD SVM, ARM VE, MIPS VZ Based on concept of a vcpu

32 vcpu A vcpu is a unit of execution It s a thread with more features Every thread can be a vcpu Enhanced execution mode: Interrupt-style execution Events (incoming IPCs and exceptions) transition the execution to a user-defined entry point Virtual interrupt flag allows control Behaves like a thread with disabled virtual interrupts Virtual user mode A vcpu can temporarily switch a different task (address space) Returns to kernel task for any receiving event

33 vcpu State Area Entry information Entry-point program counter Entry stack pointer vcpu state Current mode Exception, page-fault, interrupt acceptance, FPU

34 vcpu State Area (2) State save area Entry cause code Complete CPU register state Saved vcpu state, saved version of the vcpu state IPC/IRQ receive state

35 vcpu User Processes with Separate L4 Tasks Kernel / Host Task User Task resume exit resume exit

36 Real CPU vs. vcpu Physical CPU vcpu Concurrency control Interrupt flag Virtual interrupt flag Control flow transfer Interrupt entry vector(s) Entry point State recovery Kernel stack or registers by CPU, mostly kept State-save area MMU Page-tables Host tasks Protection Modes: Kernel / User vcpu User / vcpu Kernel

37 Hardware-Assisted Virtualization Requires privileged instructions Implemented in the host kernel (hypervisor) using the vcpu execution model. State save area extended to hold x86: VMCB / VMCS (hardware defined data structures, see manuals) ARM / MIPS: kernel-mode state + interrupt controller state Gust memory for VM Hardware provides nested paging x86: L4::VM, a specialized L4::Task ARM / MIPS: L4::Task Maps guest physical memory to host memory

38 vcpu extended mode Extended mode: has hardware state vcpu-resume implements VM handling Plus sanity checking of provided values VMM can run with open and closed vcpu interrupts Open: VMM continues in entry upon VM-exit Closed: VMM continues after resume call upon VM-exit Nested paging vs. vtlb

39 L4Re and Virtualization Type-1 Hypervisor Microkernel has virtualization features Microhypervisor Split functionality: Hypervisor: privileged mode functionality (e.g. VM switching) VMM: user-level program providing the virtual platform for VMs

40 VMM Used with hardware-assisted virtualization VMM: Virtual Machine Monitor Typical model: One VMM per VM Application-specific VMM (simple vs. feature-rich) Multi-VM VMMs possible VMM is an untrusted user application VM Guest OS VM Guest OS VMM-A VMM-B Hypervisor

41 VMM Example uvmm uvmm: VMM for ARM and MIPS uvmm for x86 is WiP Small Uses VirtIO for guests VM Guest OS uvmm Hypervisor

42 VMM Example KVM/L4 Feature-full virtulization Runs Windows x86-based Uses L 4 Linux to run KVM & QEMU Used in production QEMU VM Guest OS L 4 Linux with KVM Hypervisor

43 Type Safety in the Kernel Use C++ to get type-safety in the kernel Kernel handles different kind of integer types, e.g. Physical addresses Virtual addresses Page-frame numbers Prevent that one can easily convert one into another I.e.: unsigned long phys, virt; virt = phys; This should not work Explicit types: Virt_addr, Phys_addr, V_pfn, Cpu_number, Cpu_phys_id,...

44 IO-MMUs Provides virtual memory for devices Needs page-table Kernel provides mechanisms User-level component manages the page-table (task) Uses standard mapping/unmapping mechanism

45 Scheduling Each cores run an independent scheduler Scheduling type selected at compile time Standard: Fixed-priority round-robin WFQ Further topics Scheduling contexts Flattening hierarchical scheduling VMs Budgets...

46 l4re.org kernkonzept.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback