DOCSLIB.ORG

Microkernels Meet Recursive Virtual Machines

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microkernels Meet Recursive Virtual Machines Microkernels Meet Recursive Virtual Machines Bryan Ford Mike Hibler Jay Lepreau Patrick Tullmann Godmar Back Stephen Clawson Department of Computer Science, University of Utah Salt Lake City, UT 84112 [email protected] http://www.cs.utah.edu/projects/flux/ Abstract “vertically” by implementing OS functionality in stackable virtual machine monitors, each of which exports a virtual This paper describes a novel approach to providingmod- machine interface compatible with the machine interface ular and extensible operating system functionality and en- on which it runs. Traditionally, virtual machines have been capsulated environments based on a synthesis of micro- implemented on and export existing hardware architectures kernel and virtual machine concepts. We have developed so they can support “naive” operating systems (see Fig- a software-based virtualizable architecture called Fluke ure 1). For example, the most well-known virtual machine that allows recursive virtual machines (virtual machines system, VM/370 [28, 29], provides virtual memory and se- running on other virtual machines) to be implemented ef- curity between multiple concurrent virtual machines, all ficiently by a microkernel running on generic hardware. exporting the IBM S/370 hardware architecture. Further- A complete virtual machine interface is provided at each more, special virtualizable hardware architectures [22, 35] level; efficiency derives from needing to implement only have been proposed, whose design goal is to allow virtual new functionality at each level. This infrastructure allows machines to be stacked much more efficiently. common OS functionality, such as process management, demand paging, fault tolerance, and debugging support, to This paper presents a new approach to OS extensibil- be provided by cleanly modularized, independent, stack- ity which combines both microkernel and virtual machine able virtual machine monitors, implemented as user pro- concepts in one system. We have designed a “virtualiz- cesses. It can also provide uncommon or unique OS fea- able architecture” that does not attempt to emulate an ac- tures, including the above features specialized for particu- tual hardware architecture closely, but is instead designed lar applications’ needs, virtual machines transparently dis- along the lines of a traditional process model and is in- tributed cross-node, or security monitors that allow arbi- tended to be implemented in software by a microkernel. trary untrusted binaries to be executed safely. Our proto- The microkernel runs on the “raw” hardware platform and type implementation of this model indicates that it is prac- exports our software-based virtualizable architecture (see tical to modularize operating systems this way. Some types Figure 2), which we will refer to as a virtualizable pro- of virtual machine layers impose almost no overhead at all, cess or nested process architecture to avoid confusion with while others impose some overhead (typically 0–35%), but traditional hardware-based architectures. The virtual ma- only on certain classes of applications. chine monitors designed to run on this software architec- ture, which we call nesters, can efficiently create additional recursive virtual machines or nested processes in which ar- 1 Introduction bitrary applications or other nesters can run. Increasing operating system modularity and extensibil- Although the Fluke architecture does not closely fol- ity without excessively hurting performance is a topic of low a traditional virtual machine architecture, it is de- much ongoing research [5, 9, 18, 36, 40]. Microkernels [4, signed to preserve certain highly useful properties of re- 24] attempt to decompose operating systems “horizontally” cursive virtual machines. These properties are required to by moving traditional kernel functionality into servers run- different degrees by different nesters that take advantage ning in user mode. Recursive virtual machines [23], on of the model. For example, demand paging and check- the other hand, allow operating systems to be decomposed pointing nesters require access to and control over the pro- gram state contained in their children, grandchildren, and This research was supported in part by the Defense Advanced Re- so on, whereas process management and security monitor- search Projects Agency, monitored by the Department of the Army, under contract number DABT63–94–C–0058. The opinions and conclusions ing nesters primarily rely on being able to monitor and con- containedin this documentare those of the authors andshould not be inter- trol IPC-based communication across the boundary sur- preted as representing official views or policies of the U.S. Government. Application App App Nested Process Process Architecture Interface Process Process Checkpoint Operating Nester System Application Kernel App App Process Process Virtual Machine Demand Paging Application Debug Nester Nester Operating System Virtual Machine Kernel Monitor Process Mgmt Nester Virtual Machine Virtual Machine Hardware Virtual Machine Monitor Hardware Microkernel Interface Interface Bare Machine Bare Machine Figure 1: Traditional virtual machines based on hardware architec- Figure 2: Virtual machines based on an extended architecture imple- tures. Each shaded area is a separate virtual machine, and each virtual mented by a microkernel. The interface between the microkernel and the machine exports the same architecture as the base machine’s architecture. bare machineis a traditional hardware-basedmachine architecture, but the common interface between all the other layers in the system is a software- based nested process architecture. Each shaded area is a separate process. rounding the nested environment. Our microkernel’s API provides these properties effi- ciently in several ways. Address spaces are composed from nel and most do not allow control over physical memory other address spaces using hierarchical memory remapping management, just backing store. Similarly, multiuser se- primitives. For CPU resources, the kernel provides primi- curity mechanisms are not always needed, since most per- tives that support hierarchical scheduling. To allow IPC- sonal computers are dedicated to the use of a single per- based communication to short-circuit the hierarchy safely, son, and even process management and job control features the kernel provides a global capability model that supports may not be needed in single-applicationsystems such as the selective interposition on communication channels. On top proverbial “Internet appliance.” Our system demonstrates of the microkernel API, well-defined IPC interfaces pro- decomposed paging and POSIX process management by vide I/O and resource management functionalityat a higher implementing these traditional kernel functions as optional level than in traditional virtual machines. These higher- nesters which can be used only when needed, and only for level interfaces are more suited to the needs of modern ap- the parts of a system for which they are desired. plications: e.g., they provide file handles instead of device Increasing the scope of existing mechanisms: There I/O registers. are algorithms and software packages available for com- This nested process architecture can be used to apply mon operating systems to provide features such as dis- existing algorithms and techniques in more flexible ways. tributed shared memory (DSM) [10, 32], checkpoint- Some examples we demonstrate in this paper include the ing [11], and security against untrusted applications [52]. following: However, these systems only cleanly support applications Decomposing the kernel: Some features of traditional running in a single logical protection domain. In a nested operating systems are usually so tightly integrated into the process model, any process can create further nested sub- kernel that it is difficult to eliminate them in situations processes which are completely encapsulated within the in which they are not needed. A striking example is de- parent. This design allows DSM, checkpointing, security, mand paging. Although it is often possible to disable it and other mechanisms to be applied just as easily to multi- in particular situations on particular regions (e.g., using process applications or even complete operating environ- POSIX’s mlock()), all of the paging support is still in ments. Our system demonstrates this flexibility by provid- the kernel, occupying memory and increasing system over- ing a checkpointer, implemented as a nester, which can be head. Even systems that support “external pagers,” such as transparently applied to arbitrary domains such as a single Mach, contain considerable paging-related code in the ker- application, a multi-process user environment containing a process manager and multiple applications, or even the en- sections. tire system. Composing OS features: The mechanisms mentioned 2.1 Traditional Virtual Machines above are generally difficult or impossible to combine flex- ibly. One might be able to run an application and check- A virtual machine simulator, such as the Java inter- point it, or to run an untrusted application in a secure en- preter [25], is a program that runs on one hardware ar- vironment, but existing software mechanisms are insuffi- chitecture and implements in software a virtual machine cient to run a checkpointed, untrusted application without conforming to a completely different architecture. In con- implementing a new, specialized program designed to pro- trast, a virtual machine monitor or hypervisor, such
Load more

Recommended publications
  • A Bare Machine Sensor Application for an ARM Processor
    A Bare Machine Sensor Application for an ARM Processor Alexander Peter, Ramesh K. Karne and Alexander L. Wijesinha Department of Computer & Information Sciences Towson, MD 21252 [email protected], (rkarne, awijesinha)@towson.edu Abstract- Sensor devices that monitor environmental changes in In order to build a bare machine temperature sensor device temperature, sound, light, vibration and pressure usually run application, it requires several components as shown in Fig. 1. applications that require the support of a small operating system, A brief functional description of this application is as follows. lean kernel, or an embedded system. This paper presents a The application is loaded from the SD Card interface (Label 9) methodology for developing sensor device applications that can into memory using U-Boot. A temperature sensor (Label 1) is be directly run on the bare hardware without any need for middleware. Such bare sensor device applications only depend plugged into the ADB to monitor the current room on the underlying processor architecture, enabling them to run temperature with a sensing granularity of 900 microseconds. on a variety of devices. The methodology is used for developing, As the temperature changes, its value (Label 8) and a graphic designing, and implementing a temperature sensor application image (Label 7) is displayed on the LCD screen (Label 2). An that runs on an ARM processor. The same methodology can be output console is used to debug the inner working of the ADB used to build other bare machine sensor device applications for and temperature (Label 3). An LED light (Label 4) provides a ARM processors, and is easily extended to different processor visual indication of temperature sensor operation.
    [Show full text]
  • Operating Systems Privileged Instructions
    November 2, 1999 Operating Systems • Operating systems manage processes and resources • Processes are executing instances of programs may be the same or different programs process 1 process 2 process 3 code code code data data data SV SV SV state vector: information necessary to start, stop, and restart the process • State vector: registers, program counter, memory mgmt registers, etc. user-level processes assembly & high-level languages operating system, “kernel” machine language & system calls bare machine machine language Copyright 1997 Computer Science 217: Operating System Page 187 November 2, 1999 Privileged Instructions • Machines have two kinds of instructions 1. “normal” instructions, e.g., add, sub, etc. 2. “privileged” instructions, e.g., initiate I/O switch state vectors or contexts load/save from protected memory etc. • Operating systems hide privileged instructions and provide virtual instructions to access and manipulate virtual resources, e.g., I/O to and from disc files • Virtual instructions are system calls • Operating systems interpret virtual instructions Copyright 1997 Computer Science 217: Operating System Page 188 November 2, 1999 Processor Modes • Machine level typically has 2 modes, e.g., “user” mode and “kernel” mode • User mode processor executes “normal” instructions in the user’s program upon encountering a “privileged” instruction, processor switches to kernel mode, and the operating system performs a service • Kernel mode processor executes both normal and privileged instructions • User-to-kernel switch
    [Show full text]
  • MIPS: the Virtual Machine
    2 MIPS: The Virtual Machine Objectives After this lab you will know: • what are synthetic instructions • how synthetic instructions expand to sequences of native instructions • how MIPS addresses the memory Note: You can use PCSpim using the menu items instead of individual console commands. Familiarize yourself with PCSpim. Introduction MIPS is a ‘typical’ RISC architecture: it has a simple and regular instruction set, only one memory addressing mode (base plus displacement) and instructions are of fixed size (32 bit). Surprisingly, it is not very simple to write assembly programs for MIPS (and for any RISC machine for that matter). The reason is that programming is not supposed to be done in assembly language. The instruction sets of RISC machines have been designed such that: • they are good targets for compilers (thus simplifying the job of compiler writers) • they allow a very efficient implementation (pipelining) Pipelining means that several instructions are present in the CPU at any time, in various stages of execution. Because of this situation it is possible that some sequences of instructions just don’t work the way they are listed on paper. For instance Ex 1: lw $t0, 0($gp) # $t0 <- M[$gp + 0] add $t2, $t2, $t0 # $t2 <- $t2 + $t0 loads a word from memory in register $t0 and then adds it, in the next instruction, to register $t2. The prob- lem here is that, by the time the add instruction is ready to use register $t0, the value of $t0 has not changed yet. This is not to say that the load instruction (lw) has not completed.
    [Show full text]
  • Address Translation
    CS 152 Computer Architecture and Engineering Lecture 8 - Address Translation John Wawrzynek Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~johnw http://inst.eecs.berkeley.edu/~cs152 9/27/2016 CS152, Fall 2016 CS152 Administrivia § Lab 2 due Friday § PS 2 due Tuesday § Quiz 2 next Thursday! 9/27/2016 CS152, Fall 2016 2 Last time in Lecture 7 § 3 C’s of cache misses – Compulsory, Capacity, Conflict § Write policies – Write back, write-through, write-allocate, no write allocate § Multi-level cache hierarchies reduce miss penalty – 3 levels common in modern systems (some have 4!) – Can change design tradeoffs of L1 cache if known to have L2 § Prefetching: retrieve memory data before CPU request – Prefetching can waste bandwidth and cause cache pollution – Software vs hardware prefetching § Software memory hierarchy optimizations – Loop interchange, loop fusion, cache tiling 9/27/2016 CS152, Fall 2016 3 Bare Machine Physical Physical Address Inst. Address Data Decode PC Cache D E + M Cache W Physical Memory Controller Physical Address Address Physical Address Main Memory (DRAM) § In a bare machine, the only kind of address is a physical address 9/27/2016 CS152, Fall 2016 4 Absolute Addresses EDSAC, early 50’s § Only one program ran at a time, with unrestricted access to entire machine (RAM + I/O devices) § Addresses in a program depended upon where the program was to be loaded in memory § But it was more convenient for programmers to write location-independent subroutines How
    [Show full text]
  • A Lean USB File System for Bare Machine Applications
    A Lean USB File System for Bare Machine Applications Songjie Liang Ramesh K. Karne Alexander L. Wijesinha Department of Computer and Department of Computer and Department of Computer and Information Sciences Information Sciences Information Sciences Towson University Towson University Towson University Towson, Maryland, USA Towson, Maryland, USA Towson, Maryland, USA [email protected] [email protected] [email protected] Abstract USB file management systems for mass storage are and then describe the design of the bare file system, supported on many platforms and commonly used today by including disk map, root directory, sequencing operations, a variety of applications. These file systems vary depending tasks, and user interface. The file system runs on an Intel upon the underlying operating system and environment. We x86 based bare PC. For comparison purposes, essentially consider the design of a USB file system that is the same system, but with minimal system calls, was independent of any operating system or application implemented on a Linux OS. environment. Specifically, we describe the design and development of a lean USB file system for supporting bare The rest of the paper is organized as follows. Section II PC applications that run with no OS or kernel support of considers related work, and Section III describes the lean any kind, and give details of its architecture, design, and file management system. Section IV discusses architecture implementation. Our design leverages the design and issues, Section V narrates some design details, Section characteristics and inherent features of USB mass storage. VI shows implementation, Section VII outlines novel Bare machine USB file management systems enable features of our approach, Section VIII deals with functional computer applications to access mass storage at run-time operation and testing, and Section IX presents the without the operating system and environmental conclusion.
    [Show full text]
  • On Design and Implementation of an Embedded System for Neural-Machine Interface for Artificial Legs
    University of Rhode Island DigitalCommons@URI Open Access Dissertations 2013 On Design and Implementation of an Embedded System for Neural-Machine Interface for Artificial Legs Xiaorong Zhang University of Rhode Island, [email protected] Follow this and additional works at: https://digitalcommons.uri.edu/oa_diss Recommended Citation Zhang, Xiaorong, "On Design and Implementation of an Embedded System for Neural-Machine Interface for Artificial Legs" (2013). Open Access Dissertations. Paper 23. https://digitalcommons.uri.edu/oa_diss/23 This Dissertation is brought to you for free and open access by DigitalCommons@URI. It has been accepted for inclusion in Open Access Dissertations by an authorized administrator of DigitalCommons@URI. For more information, please contact [email protected]. ON DESIGN AND IMPLEMENTATION OF AN EMBEDDED SYSEM FOR NEURAL-MACHINE INTERFACE FOR ARTIFICIAL LEGS BY XIAORONG ZHANG A DISSERTATION SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY IN COMPUTER ENGINEERING UNIVERSITY OF RHODE ISLAND 2013 DOCTOR OF PHILOSOPHY DISSERTATION OF XIAORONG ZHANG APPROVED: Dissertation Committee: Major Professor Qing Yang He Huang Joan Peckham Nasser H. Zawia DEAN OF THE GRADUATE SCHOOL UNIVERSITY OF RHODE ISLAND 2013 ABSTRACT According to limb loss statistics, there are over one million leg amputees in the US whose lives are severely impacted by their conditions. In order to improve the quality of life of patients with leg amputations, neural activities have been studied by many researchers for intuitive prosthesis control. The neural signals collected from muscles are electromyographic (EMG) signals, which represent neuromuscular activities and are effective bioelectrical signals for expressing movement intent.
    [Show full text]
  • User|Mjs Guide
    Tivoli® Storage Manager FastBack for Bare Machine Recovery Version 6.1.1.0 Tivoli Storage Manager FastBack for Bare Machine Recovery User's Guide SC27-2308-05 Tivoli® Storage Manager FastBack for Bare Machine Recovery Version 6.1.1.0 Tivoli Storage Manager FastBack for Bare Machine Recovery User's Guide SC27-2308-05 Note Before using this information and the product it supports, read the information in “Notices” on page 35. This edition applies to version 6, release 1, modification 1 of IBM Tivoli Storage Manager FastBack for Bare Machine Recovery (product number 5724-U95) and to all subsequent releases and modifications until otherwise indicated in new editions. This edition replaces SC27-2308-04. © Copyright IBM Corporation 2008, 2010. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Preface ...............v Using the FastBack for Bare Machine Recovery CD Who should read this guide .........v for bare machine recovery on your Windows system 13 Publications ..............v Using the Any-to-Any Hardware Restore utility 16 Support information ............v Restoring a disk using the non-system disk restore 18 Getting technical training .........v Scenarios using Tivoli Storage Manager FastBack . 19 Searching knowledge bases ........v Using a single system for client and server ....20 Contacting IBM Software Support ......vi | Restoring from a Tivoli Storage Manager FastBack Conventions used in this information .....viii | repository located on a Tivoli Storage Manager Documentation changes ..........viii || server ................20 | Using Tivoli Storage Manager FastBack for Bare Chapter 1. Overview .........1 || Machine Recovery on your Linux system ....21 Supported environments ..........2 Access permissions ............5 Chapter 4.
    [Show full text]
  • Embedded Programming for Computer Scientists
    Embedded Programming for Computer Scientists Peter M. Maurer Dept. of Computer Science Baylor University Waco Texas, 76798-7356 here is to give a more broad-based view that will encompass most of Abstract – The past two decades have seen an explosion in the important issues. This will enable you to decide which topics are embedded programming technology. Embedded controllers are most important to you, so you can design your own course everywhere, in practically every electronic device. These effectively. controllers, which are essentially computers, have become The good news is that C has become the de-facto standard for increasingly complex, with a corresponding increasing in the embedded programming, and C++ is usually also available. complexity of their programming. Embedded programming is a Therefore the basic programming skills learned in an introductory tremendous opportunity for computer science students. Here we programming course will also be used in embedded programming. give an overview of the three levels of embedded programming, (One can also use assembly language, but it’s probably best to avoid bare machine, Real Time OS, and conventional OS. We also give this.) suggestions for projects at each level. The aim is to allow the There are three main levels of embedded programing. At Level reader to construct his or her own course in embedded 1, the programmer must write every line of code. There is no programming. operating system and essentially no C library. The program is boot- 1 Introduction strapped into the memory of a microcontroller, usually by burning it Imagine yourself teaching Introduction to Computer Science.
    [Show full text]
  • Eliminating the Operating System Via the Bare Machine Computing Paradigm
    FUTURE COMPUTING 2013 : The Fifth International Conference on Future Computational Technologies and Applications Eliminating the Operating System via the Bare Machine Computing Paradigm Uzo Okafor, Ramesh K. Karne, Alexander L. Wijesinha, and Patrick Appiah-Kubi Department of Computer and Information Sciences Towson University Towson, MD 21252 USA [email protected], {rkarne, awijesinha, appiahkubi}@towson.edu machine is not running any other code. It simply has Abstract - Computer applications typically run under the memory, processors and an I/O controller to communicate control of intermediary system software that is in the form of with the applications when needed. Instead of an OS or an operating system such as Windows or Linux, or a small kernel. The application could also be embedded within the kernel providing resources, an application suite manages operating system or kernel itself. This paradigm makes the hardware. This does not mean that the applications applications dependent on an intermediary software layer. An replicate OS functionality. Rather, applications only alternative approach is to eliminate this layer by writing contain code that is required for a given application suite. computer applications that can run directly on the hardware. An application suite is modeled as an Application Object This approach takes a small or tiny kernel to its extreme, (AO) [6] that carries its own application and execution eliminating the operating system, which results in a novel bare environment. For example, an AO may consist of a text machine computing paradigm. In this paper, we describe the processor/editor, a Webmail client, and a Web browser, and bare machine paradigm, and illustrate how to build self- bare interfaces to the hardware.
    [Show full text]
  • Operating System (IT413)
    آنستیتیوت تکنالوجی معلوماتی و مخابراتی ICTI Information Technology Department Operating System (IT413) 2017-1396 Chapter 4: Structure of Operating Systems Contents: Old Vs New Operating Systems Functions of an OS Structure of an Operating System Portability and Extensibility of Operating Systems Operating Systems with Monolithic Structure Layered Design of OS Kernel-based Operating System Micro-Kernel Operating Systems Architecture of Unix The Kernel of Linux The Kernel of Solaris Architecture of Windows Old Vs New Operating Systems: Early operating systems were tightly integrated with the architecture of specific computer system. This feature affected their portability. Modern operating systems implement the core of an operating system in the form of a kernel or a microkernel, and build the rest of the operating system by using the services offered by the core. This structure restricts architecture dependencies to the core of the operating system, hence portability of an operating system is determined by the properties of its kernel or microkernel. Extensibility of an OS is determined by the nature of services offered by the core. Functions of an OS: Structure of an Operating System: In determining how an operating system is to perform one of its functions, the OS designer needs to think at two distinct levels: 1. Policy: A policy is the guiding principle under which the operating system will perform the function. 2. Mechanism: A mechanism is a specific action needed to implement a policy. A policy decides what should be done, while a mechanism determines how something should be done and actually does it. A policy is implemented as a decision-making module that decides which mechanism modules to call under what conditions.
    [Show full text]
  • Virtual Machines Uses for Virtual Machines
    Virtual Machines Uses for Virtual Machines • Virtual machine technology, often just called There are several uses for virtual machines: virtualization, makes one computer behave as several • Running several operating systems simultaneously on computers by sharing the resources of a single the same desktop. computer between multiple virtual machines. → • Each of the virtual machines is able to run a complete May need to run both Unix and Windows programs. → operating system. Useful in program development for testing programs on different platforms. • This is an old idea originally used in the IBM VM370 → Some legacy applications my not work with the system, released in 1972. standard system libraries. • The VM370 system was running on big mainframe • Running several virtual servers on the same hardware computers that easily could support multiple virtual server. machines. → One big server running many virtual machines is less • As expensive mainframes were replaced by cheap expensive than many small servers. microprocessors, barely capable of running one → With virtual machines it is possible to hand out application at a time, the interest in virtualization complete administration rights of a specific virtual vanished. machine to a customer. • For many years the trend was to replace big expensive computers with many small inexpensive computers. • Today single microprocessors have at least two cores each and is more powerful than the supercomputers of yesterday, thus most programs only need a fraction of the CPU-cycles available in a single microprocessor. • Together with the discovery that small machines are expensive to administrate, if you have too many of them, this has created a renewed interest in virtualization.
    [Show full text]
  • Transformation Methodology of Binary Executables to Run on Bare Machines
    EPiC Series in Computing Volume 69, 2020, Pages 151{160 Proceedings of 35th International Confer- ence on Computers and Their Applications Transformation Methodology of Binary Executables to Run on Bare Machines N. Ordouie1, R. Almajed2, R. Karne1, A. Wijesinha1, J. Weymouth1, and N. Soundararajan1 1 Towson University, Towson, USA 2 American University in the Emirates, Dubai, UAE [email protected], [email protected], {rkarne, awijesinha, jweymouth, nsoundararajan}@towson.edu Abstract This paper identifies challenges involved in the transformation of binary executables to run on bare machines such as PCs. It also addresses why we want to transform binary executables to run on bare machines. Text processing applications such as “vi,” “word,” and “notepad” are chosen to illustrate the need for transformation because these editors are the most commonly used across many operating system platforms, including Windows and Linux. They have much functionality in common to provide a general text processing application. Why not consolidate these standard functions and develop a generic text processing application? How do you make these editors without any platform dependencies? Transforming these applications to run on bare PCs or bare machines by using source or a binary level transformation will address these challenges. A binary transformation methodology described here lays the groundwork for further research in this area and provides some insight into the transformation process. 1. Introduction As the operating systems (OS) have grown in size and complexity over the years, researchers have turned their attention to move some of the OS functionalities to applications and reduce the size of the OS, resulting in a lean operating system.
    [Show full text]