architectures, microkernels, ipc, capabilities...jakub jermář, advanced operating systems,...
TRANSCRIPT
![Page 1: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/1.jpg)
http://d3s.mff.cuni.czhttp://d3s.mff.cuni.cz/aosy
Jakub Jermář
Architectures,Microkernels, IPC,
Capabilities
Architectures,Microkernels, IPC,
Capabilities
![Page 2: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/2.jpg)
2Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
AgendaAgenda
Kernel architectures
Microkernels
IPC
Capabilities
![Page 3: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/3.jpg)
3Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Recall: Common OS TaxonomyRecall: Common OS Taxonomy
Special-purpose operating systems
Real-time operating systems
Hypervisors (type 1)
...
General-purpose operating systems
Monolithic kernel
Single-server microkernel
Multiserver microkernel
Hybrid kernel (?)
![Page 4: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/4.jpg)
4Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Monolithic KernelMonolithic Kernel
hardware
monolithic kernel
application application application
privileged mode
unprivileged mode
memorymgmt scheduler IPC
devicedrivers
file systemdrivers
usermgmt
networkstack ...
![Page 5: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/5.jpg)
5Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Some Obvious IssuesSome Obvious Issues
Security
Applications trust all kernel components
Kernel components trust all other kernel components
Reliability
Kernel components are a single point of failure
Availability
Kernel components cannot be updated independently
Justifiability
Who says file systems, networking, device drivers, etc. belong to the kernel?
![Page 6: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/6.jpg)
6Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Some Obvious Issues (2)Some Obvious Issues (2)
Extensibility
How to extend the system without modifying the kernel
Too many communication mechanisms
Unix: pipes, files, shared memory, sockets, signals, System V IPC, System V shared memory, System V semaphores…
Kernel has many built-in policies
Software design principles
Interfaces between kernel components are usually implicit, not well-defined
![Page 7: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/7.jpg)
7Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Single-server MicrokernelSingle-server Microkernel
hardware
microkernel
application application application
privileged mode
unprivileged mode
memorymgmt scheduler IPC
system serverdevicedrivers
file systemdrivers
usermgmt
networkstack ...
![Page 8: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/8.jpg)
8Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
file systemdriver server
Multiserver MicrokernelMultiserver Microkernel
hardware
microkernel
application application application
privileged mode
unprivileged mode
memorymgmt scheduler IPC
namingserver
locationserver
device driverserver
device driverserver
device driverserver
file systemdriver serverfile system
driver server
devicemultiplexer
file systemmultiplexer
networkstack
securityserver
...
![Page 9: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/9.jpg)
9Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
ExamplesExamples
Monolithic kernel
Linux, Solaris (UTS), Windows, FreeBSD, NetBSD, OpenBSD, OpenVMS, MS-DOS, RISC OS
Microkernel (the microkernel on its own)
CMU Mach, GNU Mach, L4::Pistachio, Fiasco.OC, seL4
Single-server microkernel
CMU Mach (with 4.3BSD server), MkLinux, L4Linux
Multiserver microkernel
L4Re, HelenOS, MINIX 3, Genode, GNU/Hurd
![Page 10: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/10.jpg)
10Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
file systemdriver server
Multiserver Microkernel (reprise)Multiserver Microkernel (reprise)
hardware
microkernel
application application application
privileged mode
unprivileged mode
memorymgmt scheduler IPC
namingserver
locationserver
device driverserver
device driverserver
device driverserver
file systemdriver serverfile system
driver server
devicemultiplexer
file systemmultiplexer
networkstack
securityserver
...
![Page 11: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/11.jpg)
11Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Hypervisor (Type 1)Hypervisor (Type 1)
hardware
hypervisor
hyper-privilegedmodememory
mgmt scheduler comm
privileged mode
operating system
kernel
privileged mode
unprivileged mode
app app
app app
operating system
kernel
privileged mode
unprivileged mode
app app
app app
operating system
kernel
privileged mode
unprivileged mode
app app
app app
![Page 12: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/12.jpg)
12Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Common Cloud DeploymentCommon Cloud Deployment
hardware
hypervisor
hyper-privilegedmodememory
mgmt scheduler comm
privileged mode
operating system
kernel
privileged mode
unprivileged mode
app
operating system
kernel
privileged mode
unprivileged mode
app
operating system
kernel
privileged mode
unprivileged mode
app
![Page 13: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/13.jpg)
13Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
UnikernelUnikernel
hardware
hypervisor
hyper-privilegedmodememory
mgmt scheduler comm
privileged mode
unikernel
kernelcomponent
appcomponent
unikernel
kernelcomponent
appcomponent
unikernel
kernelcomponent
appcomponent
![Page 14: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/14.jpg)
14Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Unikernel (2)Unikernel (2)
Library operating system
Approach to building operating systems
Unikernel
Architecture
Binary artifact
![Page 15: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/15.jpg)
15Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Unikernel (3)Unikernel (3)
Library operating system
Payload (application) merged with the kernel
Kernel component acts as a library providing access to the hardware, threading, file systems, etc.
Only necessary functionality
Mostly static (single image), but there are dynamic variants
Code runs in privileged (less privileged) mode and single address space
No mode switches, address space switches
Syscalls can be replaced by function calls
Isolation/security provided by the underlying hypervisor (more privileged mode)
![Page 16: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/16.jpg)
16Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Unikernel (4)Unikernel (4)
Madhavapeddy, A., Scott, D., J.: Unikernels: Rise of the Virtual Library Operating System, ACM Queue, 2013
MirageOS
University of Cambridge, Docker
Clean-slate components written in OCaml
Used in Docker for Mac, VPNKit
![Page 17: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/17.jpg)
17Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Unikernel (5)Unikernel (5)
Porter, D., E., et al.: Rethinking the library OS from the top down, ASPLOS, 2011
Drawbridge
Microsoft Research (2011– ?)
Librarified Windows
Used in MSSQL Server for Linux (2016)
Kantee, A.: The Rise and Fall of the Operating System, ;login:, October 2015, Vol. 40, No. 5
Rumpkernel
Librarified NetBSD
Popular source of components for any kernels (NetBSD, rumprun, Hurd, Genode, …)
![Page 18: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/18.jpg)
18Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Future Hardware PredictionsFuture Hardware Predictions
More of
Complex interconnects & cache hierarchies
Cache-coherency protocols even more expensive
Diversity
Different cores together → same optimizations won’t work anymore
Heterogeneity
Multiple ISAs → can’t have a single-image OS
Less of / lack of
Cache coherency
Shared memory
![Page 19: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/19.jpg)
19Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Options for general purpose OS’sOptions for general purpose OS’s
Resign
Make it easy to build specialized OS’s
Unikernels
Redesign
Attack the problem from different angle
Multikernels
![Page 20: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/20.jpg)
20Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Implicit Message Passing in HardwareImplicit Message Passing in Hardware
Memory
Memory Shareddata
L2 Cache
CPU CPU
CPU CPU
L1 Cache L1 Cache
L2 Cache
L1 Cache L1 Cache
write
L2 Cache
CPU CPU
CPU CPU
L1 Cache L1 Cache
L2 Cache
L1 Cache L1 Cache
write
read
![Page 21: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/21.jpg)
21Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Multikernel Paradigm ShiftMultikernel Paradigm Shift
Inside the OS layer
Do not assume coherent shared-memory SMP
If available, use to optimize message passing
No implicit inter-core state sharing
Simple, single-threaded, event-driven code
Explicit inter-core communication via message passing
Global state replica maintained by distributed algorithms
![Page 22: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/22.jpg)
22Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
MultikernelMultikernel
CPU
kernel
application
privileged mode
unprivileged mode
serverserver
application
CPU
kernel
serverserver
application
CPU
kernel
serverserver
application
application
Statereplica
Statereplica
Statereplica
![Page 23: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/23.jpg)
23Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Multikernel (2)Multikernel (2)
Kernel-userspace boundary not characteristic of multikernels
Baumann, A., et al.: The Multikernel: A new OS architecture for scalable multicore systems, SOSP ‘09
Barrelfish
ETH Zürich, Microsoft Research
![Page 24: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/24.jpg)
24Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Inter-Process CommunicationInter-Process Communication
Sharing data between processes (tasks)
Crossing the process isolation in a managed and predictable way
Technically, any means of sharing data can be considered IPC (e.g. files, networking, middleware)
In monolithic systems, this usually works without usinga dedicated IPC mechanism
Crucial for microkernel systemsIn microkernel systems, even files and networking cannot be implemented without an IPC mechanism
![Page 25: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/25.jpg)
25Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Classical IPCClassical IPC
POSIX signals
Anonymous pipes
Named pipes
Sockets
POSIX shared memory
System V shared memory, IPC, semaphores
![Page 26: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/26.jpg)
26Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
CapabilitiesCapabilities
Capability
Object identifying an OS resource
Logical objects (open files, connections), typed memory areas (physical memory regions)
Capability reference
Local user space identification of a capability (file handles, virtual memory regions)
Operations with capabilities
Invoking a method with a capability referencePermissible methods defined by the capability itself
Give a capability to someone else
Revoke a previously given capability
![Page 27: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/27.jpg)
27Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Trivial Capability ExampleTrivial Capability Example
kernel space
user space
read(0, ...);
0 1 2 3 file descriptor table(capabilities)
file descriptor(capability reference)
vfs_file_t operating system resource(open file)
![Page 28: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/28.jpg)
28Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Trivial Capability Example (2)Trivial Capability Example (2)
kernel space
user space
struct msghdr msg;struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);// ...
memmove(CMSG_DATA(cmsg), &fd, sizeof(fd));sendmsg(socket, &msg, 0);
0 1 2 3
vfs_file_t
0 1 2 3
![Page 29: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/29.jpg)
29Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Trivial Capability Example (2)Trivial Capability Example (2)
kernel space
user space
struct msghdr msg;struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);// ...
memmove(CMSG_DATA(cmsg), &fd, sizeof(fd));sendmsg(socket, &msg, 0);
0 1 2 3
vfs_file_t
struct msghdr msg;struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);// ...
recvmsg(socket, &msg, 0);
int fd;memmove(&fd, CMSG_DATA(cmsg), sizeof(fd));
0 1 2 3 4
![Page 30: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/30.jpg)
30Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
L4 IPC Before CapabilitiesL4 IPC Before Capabilities
L4::PistachioL4_Msg_t msg;L4_MsgClear(&msg);L4_Set_MsgLabel(&msg, LABEL); // set user-defined label and flagsL4_Msg_AppendWord(&msg, 1); // append some dataL4_Msg_AppendWord(&msg, 2); // append some dataL4_MsgLoad(&msg); // load into message registers
L4_ThreadId_t dest_tid;L4_MsgTag_t tag;…tag = L4_Send(dest_id); // send the loaded message to dest_id
global ID
![Page 31: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/31.jpg)
31Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Issues with Global IDsIssues with Global IDs
Prevent unauthorized clients
Global ID can be guessed, even if officially unknown
Example: MINIX 3 communication control
Ordinary user processes allowed to communicate only with POSIX servers
Services and driver use policy configured in a file
Example: L4 v2 Chiefs and Clans
Threads can communicate with all threads in their own clan
Inter-clan communication must go through the chief threads
Permission checks
Failed checks can still DoS the server
Decide who can do what
Difficult to interpose
The global ID identifies the communication parties
![Page 32: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/32.jpg)
32Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Capabilities Trump Global IDsCapabilities Trump Global IDs
Prevent unauthorized clients
Only authorized clients have the capability
Permission checks
Possession of the capability is the authorization to access the resource
Can have different capabilities for different access modes to the same resource
Easy to interpose
All names are local
Communicating parties don’t know each other
![Page 33: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/33.jpg)
33Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
L4 IPC with capabilitiesL4 IPC with capabilities
Fiasco.OCl4_msg_regs_t *mr = l4_utcb_mr();mr->mr[0] = 1;mr->mr[1] = 2;
l4_cap_idx_t dest_cap; // destination objectl4_msgtag_t tag;…tag = l4_ipc_send(dest_cap, l4_utcb(), l4_msgtag(LABEL, 2, 0, 0), L4_IPC_NEVER);
local ID
![Page 34: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/34.jpg)
34Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC IPCFiasco.OC IPC
l4_msgtag_t l4_ipc(l4_cap_idx_t dest, l4_utcb_t *utcb, l4_umword_t flags, l4_umword_t slabel, l4_msgtag_t tag, l4_umword_t *rlabel, l4_timeout_t timeout);
SEND – Send to the specified destination
RECV – Receive from the specified destination
CALL (SEND | RECV) – Send, create reply capability and receive
WAIT (OPEN_WAIT | RECV) – Receive from any possible sender
SEND_AND_WAIT (SEND | OPEN_WAIT | RECV)
REPLY | SEND – Send to the reply capability
REPLY | SEND | RECV – Send to the reply capability and receive
REPLY_AND_WAIT (REPLY | SEND | OPEN_WAIT | RECV)
![Page 35: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/35.jpg)
35Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC Client/Server IPC ExampleFiasco.OC Client/Server IPC Example
l4_msg_regs_t *mr = l4_utcb_mr();int a = 1;int b = 1;
for (;;) { mr->mr[0] = a; mr->mr[1] = b;
l4_msgtag_t tag; tag = l4_ipc_call(server_cap, l4_utcb(), l4_msgtag(0, 2, 0, 0), L4_IPC_NEVER); … a = b; b = (int)mr->mr[0];}
l4_msgtag_t tag;l4_umword_t label;l4_msg_regs_t *mr = l4_utcb_mr();
tag = l4_ipc_wait(l4_utcb(), &label, L4_IPC_NEVER);for (;;) { … int a = mr->mr[0]; int b = mr->mr[1]; mr->mr[0] = (int)(a + b);
tag = l4_ipc_reply_and_wait(l4_utcb(), l4_msgtag(0, 1, 0, 0), &label, L4_IPC_NEVER);}
kernel space
user space
mr0mr1
UTCB clnt
…
mr0mr1
UTCB srv
…
![Page 36: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/36.jpg)
36Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC IPC (2)Fiasco.OC IPC (2)
l4_msgtag(label, words, items, flags)
Label
User-defined label, e.g. protocol number, error code
Words
Number of untyped words stored in the UTCB
Items
Number of typed items stored in the UTCBCapabilities, mappings
Flags
![Page 37: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/37.jpg)
37Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC IPC (3)Fiasco.OC IPC (3)
l4_umword_t slabel, *rlabel
Send label
User-defined label copied to the recipient
Used to hold sender thread ID before capabilities
Mostly zero these days
Receive label
User-defined label copied from the sender
Usually zero
Bound IPC Gates and attached IRQ objects modify the label Can be used e.g. to store a pointer to the server object
![Page 38: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/38.jpg)
38Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
IPC MarshallingIPC Marshalling
By hand
Interface Definition Language
IDL compiler generates client and server stubs from the interface description in IDL
Overkill for microkernels
Need just one language, one architecture
Advanced constructs not used in microkernels
IDL compiler often bigger than the microkernel
![Page 39: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/39.jpg)
39Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
IPC MarshallingIPC Marshalling
Stream-based IPCtemplate <typename T>Ipc_client &operator << (T value);
Ipc_client client(foo, &snd_buf, &rcv_buf);int result;client << OPCODE_BAR << 1 << IPC_CALL >> result;
C++11 IDL (parameter packs, ...)struct Foo : … { L4_INLINE_RPC(long, bar, (int, int &));};
L4::Cap<Foo> foo;int result;foo->bar(1, &result);
![Page 40: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/40.jpg)
40Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
L4Re Client/Server RPC ExampleL4Re Client/Server RPC Example
L4::Cap<Foo> foo;…int a;L4Re:chksys(foo->bar(42, a));
printf(“%d\n”, a);
struct Foo_srv : L4::Epiface_t<Foo_srv, Foo>{ long op_bar(Foo::Rights, int value, int &a) { a = 2 * value; return L4_EOK; }};
L4Re::Util::Registry_server<…> server;Foo_srv foo;L4Re::chkcap(server.registry()->register_obj(&foo, “name”)));server.loop();
kernel space
user space
struct Foo : L4::Kobject_t<Foo, L4::Kobject, 0xf00>{ L4_INLINE_RPC(long, bar, (int, int &)); typedef L4::Typeid::Rpcs<bar_t> Rpcs;};
0 1 2 3
L4::Ipc_gate
l4_ipc_call(0x3000)
label: &foo
server loopbind_thread(…, &foo)
foo
0 1 2
mr0mr1
UTCB clnt
…
mr0mr1
UTCB srv
…
clientclient server
![Page 41: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/41.jpg)
41Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC Object ModelFiasco.OC Object Model
Kernel objects
L4::Thread
L4::Task
L4::Ipc_gate
Object for implementing userspace objects
L4::Irq
L4::Semaphore
L4::Scheduler
L4::Factory
Creates new kernel objects subject to factory quota
L4::Vcon
![Page 42: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/42.jpg)
42Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Fiasco.OC Object Model (2)Fiasco.OC Object Model (2)
Capabilities
Typed by kernel/user object
Capability selectors / slots allocated in userspace
Like in seL4
Unlike in HelenOS, Mach, file descriptors
Mapped to kernel object upon object creation
Can be sent via IPC as a typed item
Can be mapped to a task via its capability
Syscall
Invocation of capability via IPC
![Page 43: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/43.jpg)
43Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
New Object Creation in L4Re / Fiasco.OCNew Object Creation in L4Re / Fiasco.OC
kernel space
user space
L4::Factory
0 1 2 3Task’s object space
4
factory1
![Page 44: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/44.jpg)
44Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
New Object Creation in L4Re / Fiasco.OCNew Object Creation in L4Re / Fiasco.OC
auto sem = L4Re::chkcap(L4Re::Util::make_unique_cap<L4::Semaphore>());
kernel space
user space
L4::Factory
0 1 2 3Task’s object space
4
Sem4
factory1
![Page 45: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/45.jpg)
45Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
New Object Creation in L4Re / Fiasco.OCNew Object Creation in L4Re / Fiasco.OC
auto sem = L4Re::chkcap(L4Re::Util::make_unique_cap<L4::Semaphore>());
kernel space
user space
L4::Factory
L4Re::chksys(L4Re::Env::env()->factory()->create(sem.get()));
L4::Semaphore0 1 2 3
Task’s object space
4
Sem4
factory1
![Page 46: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/46.jpg)
46Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
New Object Creation in L4Re / Fiasco.OCNew Object Creation in L4Re / Fiasco.OC
auto sem = L4Re::chkcap(L4Re::Util::make_unique_cap<L4::Semaphore>());
kernel space
user space
L4::Factory
sem->up();
L4Re::chksys(L4Re::Env::env()->factory()->create(sem.get()));
L4::Semaphore0 1 2 3
Task’s object space
4
Sem4
factory1
![Page 47: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/47.jpg)
47Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
Q&A
![Page 48: Architectures, Microkernels, IPC, Capabilities...Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures 6 Some Obvious Issues (2) Extensibility How to extend](https://reader033.vdocuments.net/reader033/viewer/2022041510/5e278618d454e97d344284e2/html5/thumbnails/48.jpg)
48Jakub Jermář, Advanced Operating Systems, February 28th 2019 Architectures
ReferencesReferences
● Madhavapeddy, A., Scott, D., J.: Unikernels: Rise of the Virtual Library Operating System, ACM Queue, 2013
● Porter, D., E., et al.: Rethinking the library OS from the top down, ASPLOS, 2011
● Kantee, A.: The Rise and Fall of the Operating System, ;login:, October 2015, Vol. 40, No. 5
● Baumann, A., et al.: The Multikernel: A new OS architecture for scalable multicore systems, SOSP ‘09
● L4hq.org: Kernel APIs, http://l4hq.org/kernels/
● Kuz, I.: L4 User Manual, API Version X.2, NICTA 2004
● L4Re Documentation: http://l4re.org/doc/
● Herder, J., N., et al.: Countering IPC Threats in Multiserver Operating Systems, IEEE PRDC 2008
● Heiser, G.,: From L3 to seL4: What have we learnt in 20 years of L4 microkernels?, Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, 2013
● Feske, N.,: A Case Study on the Cost and Benefit of Dynamic RPC Marshalling for Low-Level System Components, SIGOPS OSR Special Issue on Secure Small-Kernel Systems, July 2007
● Hartig, H., Hohmuth, M., Liedtke, J., Schoenberg, S., Wolter, J.,: The Performance of µ-Kernel-Based Systems. ACM SIGOPS Operating Systems Review. 31. 10.1145/269005.266660, 1997
● Golub, D., et. al.: Unix as an Application Program, USENIX 1990 Summer Conference