Lecture: exokernel I

Exokernel: An Operating System Architecture for Application-Level Resource Management, SOSP 1995

Questions

• Suppose you are running two applications A and B on an exokernel. A first successfully allocates a physical page P. B then tries to allocate the same page P. How does the exokernel make sure the second allocation from B will fail? What if B tries to trick the kernel into deallocating P (which it doesn’t own)? Describe what kind of data structures the exokernel needs for bookkeeping.

• Suppose you are developing two mutually distrustful networked applications on an exokernel; there is only one network interface card (NIC). When the NIC receives a packet, how does the exokernel decide which application to deliver the packet to (i.e., demultiplexing)? In other words, can a malicious application hijack packets destined to the other application? What are the proposed & implemented solutions, as well as their pros and cons?

  As a comparison: consider two applications on Linux, both invoking and waiting on the recv(sockfd, ...) syscall with different sockets. Think how the Linux kernel associates network packets with sockets and applications, and whether an exokernel can do the same.

  On a side note: if you have done the JOS labs in your ugrad OS class, there is a related challenge problem in lab 6 (search for “multiple network servers”). This is just FYI; you don’t need to do the lab to understand the paper.

• Based on the performance evaluation of the paper, do you think applications can benefit from the exokernel architecture? If so, describe specifically which parts of the evaluation you find useful and convincing; otherwise, describe additional benchmarks you would like to see.

• Provide a list of questions you would like to discuss in class. Feel free to provide any comments on the paper and related topics (e.g., which parts you like and which parts you find confusing).

Overview

• discussions from last lecture’s app-level OS paper
  • feedback
    • monolithic kernel vs. microkernel is irrelevant in this context
    • app programmers don’t have to start from scratch: can reuse a common library
    • for paper questions: use your own words & be concise
  • cost of abstractions: information hiding, repeated work, etc.
  • common themes
    • upper level provides “hints” to lower level - examples?
    • lower level exposes more(?) control - example: exokernel
      • challenge: API design
      • how to provide multiplexing, protection with less information
• goals: performance, flexibility, extensiblity
  • through giving applications control over kernel as much as possible
  • but not too much: isolation & sharing, fairness, revocation
  • hard part: how?
    • how much can we improve on traditional OSes
    • why not just VMMs
• exokernel influence - research, production?
• background
  • virtual memory: MMU, hardware/software-managed TLB
  • syscalls/exceptions/interrupts/traps - see also Figure 1 in Hardware and Software Support for Efficient Exception Handling
  • self-authenticating capabilities - see Amoeba
• examples of application control
  • virtual memory, file systems, database, etc.
  • listed in intro - very good papers; will see some again later this quarter
• end-to-end design principles: expose lowest-level control (to only perform protection/multiplexing)
• secure binding - what does this mean?
  • hardware, software caching, code downloading
    • examples of each?
    • are they at the same level?
  • example: multiplex physical memory - how would you implement this
  • example: multiplex send/recv - discuss multiple solutions
  • example: multiplex CPU
  • how about disk?
  • DPF and ASH - how is this useful
• abort protocol - how does it work?