1 / 25

CS533 Concepts of OS Class 16

CS533 Concepts of OS Class 16. ExoKernel by Constantia Tryman. Motivation for Exokernel. Problems with general purpose abstractions: overhead cost for features that are needed hide information from applications increase of complexity because of good performance problems

aolani
Download Presentation

CS533 Concepts of OS Class 16

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS533 Concepts of OSClass 16 ExoKernel by Constantia Tryman

  2. Motivation for Exokernel Problems with general purpose abstractions: • overhead cost for features that are needed • hide information from applications • increase of complexity because of good performance problems • limit functionality of applications: no efficiency and flexibility CS533 - Concepts of Operating Systems

  3. ExoKernel Overview • Separate resource protection and management • Securely multiplex hw resources to application-specific Library OS • Exo exports hw resources through: • Secure binding • Visible source revocation • Abort protocol CS533 - Concepts of Operating Systems

  4. Exokernel Architecture CS533 - Concepts of Operating Systems

  5. Functionalities • Library OS: • Implement own system objects and policies • Uses low-level exokernel interfaces • Implements higher-level abstractions • Can define special-purpose implementations for best performance and functionality • Can be specialized, extended, or replaced of abstractions • Exokernel: • Multiplexes and exports physical resources securely through low-level primitive CS533 - Concepts of Operating Systems

  6. Library OS • Simple implementation • Kernel crossings are small • Provide portability and compatibility • To reduce space by libraries  support for shared libraries and dynamic linking CS533 - Concepts of Operating Systems

  7. Exokernel Backward Compatibility • Binary emulation of OS and programs • Implementing its hardware abstraction layer on top of exokernel • re-implementing OS’s abstraction on top of exokernel CS533 - Concepts of Operating Systems

  8. Exokernel Design • Giving LOS freedom for management • Securely expose hardware • Expose allocation • Expose names • Expose revocation • Policy: control allocation and revocation of resources • By deciding allocation requests to grant, from which application to revoke resources • Enforce traditional partitioning strategies: quotas, reservation schemes CS533 - Concepts of Operating Systems

  9. Protection Tasks: • Tracking ownership of resources • Ensuring protection by guarding all resources usage and binding points • Revoking access to resources Techniques: • Secure bindings • Visible revocation • Abort protocol CS533 - Concepts of Operating Systems

  10. Secure Bindings 3 Approaches: • Hardware mechanism • Software caching • Downloading application code CS533 - Concepts of Operating Systems

  11. Hardware Mechanism • TLB entry: translation virtual-to-physical address • TLB fault – TLB load into kernel at bind time Used multiple time at access time • At low level protection • File Server • Can buffer data in memory pages • Grant access to authorized applications • Checking w/o info of authorization mechanism • Frame Buffer HW • Associate ownership tag at each pixel • Application can access frame buffer HW directly, since HW checks ownership tag when I/O loaded CS533 - Concepts of Operating Systems

  12. Software Caching • Large SW TLB • Cache address that are not in HW TLB CS533 - Concepts of Operating Systems

  13. Download code into Kernel • Invoked in every access/event to determine ownership and actions for kernel • Eliminate expensive kernel crossings • Execution without scheduling • Protection done by • type-safe language, • interpretation and • sandboxing • Ex: ASHs CS533 - Concepts of Operating Systems

  14. Multiplexing Physical Memory • When LOS allocate physical memory page, exo creates secure binding, checks capabilities • Reducing number of secure bindings by SW TLB • Exo: guards TLB loads and DMA capabilities • LOS: visible deallocation  flush TLB mappings queue DMA request • Example of HW mechanism and SW caching CS533 - Concepts of Operating Systems

  15. Multiplexing the Network • HW: virtual circuit in ATM to bind streams to applications • SW: message demultiplexing by packet filters • Example of downloading code CS533 - Concepts of Operating Systems

  16. Downloading Code • Application-specific Sage Handlers (ASHs) • Initiate message (roundtrip latency low) • Initiate control at message reception time • No waiting on message reception • No pre-bind buffer location for message • Xen? • Disco? CS533 - Concepts of Operating Systems

  17. Visible Resource Revocation • Invisible: deallocate resources without application involvement • Perform better when revocations occur frequently • Visible: requires interaction with LOS • LOS can avoid saving state and registers that are not live • LOS handle revocation for quick resource deallocation CS533 - Concepts of Operating Systems

  18. Abort Protocol • For failed LOS response to revocation requests • Kill LOS and associated applications (rejected) • Exokernel will break existing secure bindings to resources and inform LOS • Done by repossession vector CS533 - Concepts of Operating Systems

  19. Aegis and ExOS • Aegis • Exports processor, physical memory, TLB, exceptions, and interrupts • ExOS • Implements processes, virtual memory, user-level exceptions, interprocess abstractions, network protocols • Experimental Methodologies • Exokernel can be efficient • Low-level, secure multiplexing of hw resources implemented efficiently • Traditional OS abstraction implemented efficiently at appl • Applications can create special-purpose implementations of abstractions CS533 - Concepts of Operating Systems

  20. Aegis: Exokernel • Support set of primitive operations of privileged instructions (pseudo-instruction) • Efficient because: • Keep track of ownership is simple • Kernel provides little functionality: small and lean • Caching secure binding in SW TLB for efficient TLB misses • Downloading packet filters and dynamic code generation for efficient secure binding to network CS533 - Concepts of Operating Systems

  21. ExOS: Library OS • IPC: LRPC • Virtual memory • Remote communication: ASHs CS533 - Concepts of Operating Systems

  22. Protected Control Transfers • Is an efficient implementation of IPC abstractions • Steps: • Change PC to callee • Donate current time slice • Install required elements of callee’s processor context • Asynchronous: gives remainder current time slice • Synchronous: donate current time slice • Properties: • Atomic • No overwrite on application-visible registers by exokernel • No protection check • Single-threaded • Yield primitive: donate remainder current time slice to another CS533 - Concepts of Operating Systems

  23. ASHs Performance CS533 - Concepts of Operating Systems

  24. Extensibility ExOS • Extensible RPC: • tLRPC (trusted LRPC): trust server to save and restore callee-saved registers with no permissions • LRPC: saves general-purpose callee-saved registers • Single-threaded • Extensible Page-table Structures • Inverted page table for sparse address space • Extensible Schedulers • Yield primitive to donate remainder of current time slice by stride scheduling CS533 - Concepts of Operating Systems

  25. Conclusion • Exo securely multiplexes HW resources among appls • LOS implements higher-level abstractions and define special-purpose implementation for best performance and functionality • Simplicity and limited primitives allow for efficiency implementation • Exo primitives are fast, low-level secure multiplexing is efficient • Traditional OS abstraction implemented at appl-level • Applications can create special-purpose implementation of abstractions by modifying library CS533 - Concepts of Operating Systems

More Related