a binary compatible unikernel
play

A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan - PowerPoint PPT Presentation

Apr 17, 2023 •644 likes •1.02k views

A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan Lankes + , Changwoo Min*, Binoy Ravidnran* *Virginia Tech, + RWTH Aachen University VEE19 - 04/14/2019 Unikernels Presentation Full-fledged Virtual Machine Linux

  1. A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan Lankes + , Changwoo Min*, Binoy Ravidnran* *Virginia Tech, + RWTH Aachen University VEE’19 - 04/14/2019

  2. Unikernels Presentation Full-fledged Virtual Machine Linux distribution Application Libraries Linux OS interface used Kernel Hypervisor Hardware 2/11

  3. Unikernels Presentation Full-fledged Virtual Machine Legend : Linux Useful software distribution Software bloat Application Libraries Linux OS interface used Kernel Hypervisor Hardware 2/11

  4. Unikernels Presentation Full-fledged Virtual Machine Legend : Linux Useful software distribution Software bloat Application Unikernel Libraries Application Libraries Linux OS interface used Kernel OS Layer Hypervisor Hardware 2/11

  5. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor 3/11

  6. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed 3/11

  7. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation 3/11

  8. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation ◮ Per-application tailored kernel ◮ LibOS/Exokernel model 3/11

  9. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation ◮ Per-application tailored kernel ◮ LibOS/Exokernel model ◮ Reduced OS noise, increased performance ◮ Low system call latency ◮ App + kernel in ring 0, system calls are function calls 3/11

  10. Unikernels The Issue ◮ Unikernels have plenty of benefits to bring ◮ Unikernels have plenty of application domains ◮ They are very popular in academia . . . ◮ . . . but why (nearly) nobody uses them in the industry? 4/11

  11. Unikernels The Issue ◮ Unikernels have plenty of benefits to bring ◮ Unikernels have plenty of application domains ◮ They are very popular in academia . . . ◮ . . . but why (nearly) nobody uses them in the industry? Because it is hard to port existing applications! 4/11

  12. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src 5/11

  13. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available 5/11

  14. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language 5/11

  15. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features 5/11

  16. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel 5/11

  17. Unikernels The Issue: Porting to Unikernels Application Execution src Unikernel Build binary Unikernel & (compile, libraries src link, etc.) ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel ◮ Complex build toolchains 5/11

  18. Unikernels The Issue: Porting to Unikernels ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel ◮ Complex build toolchains HermiTux Solution ◮ A unikernel binary-compatible with Linux ◮ For x86-64 for now 5/11

  19. Unikernels Overview ◮ Linux ABI convention: 6/11

  20. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout 6/11

  21. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout ◮ Syscalls 6/11

  22. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout ◮ Syscalls ◮ Kernel adapted Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  23. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Single-address space VM layout Guest ◮ Syscalls ◮ Kernel adapted Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  24. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest ◮ Syscalls App. ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  25. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  26. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  27. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM support for 80+ syscalls 6/11

  28. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM Debug, profile support for 80+ syscalls 6/11

  29. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM Debug, profile support for 80+ syscalls ◮ How to maintain unikernel benefits without access to the application sources? ◮ Fast system calls and modularity 6/11

  30. Unikernels Fast Syscalls with Libc Substitution ◮ HermiTux’s syscall handler is invoked by the syscall instruction ◮ Reintroduce high latency for system calls due to the world switch 7/11

  31. Unikernels Fast Syscalls with Libc Substitution ◮ HermiTux’s syscall handler is invoked by the syscall instruction ◮ Reintroduce high latency for system calls due to the world switch ◮ For dynamically compiled programs: ◮ At runtime load a unikernel-aware Libc ◮ Making for system calls (fast) function calls directly into the kernel ◮ Automatically transformed version of Musl Libc with Coccinelle “unikernelized” Semantic patch Patch LibC Coccinelle Musl LibC (80 LoC) (4400 LoC) 7/11

  32. Unikernels Fast Syscalls with Binary Rewriting ◮ What about static binaries? ◮ (Statically) binary-rewrite syscall instructions to direct jumps to the syscall implementation ◮ Problem: syscall is 2 bytes long and any call / jmp instruction will be larger Syscall binary rewriting … (5 bytes) (5 bytes) j m p 0 x 2 0 0 0 4 2 j m p 0 x 2 0 0 0 4 2 … (1 byte) (1 byte) n o p n o p mov $0, %rax (read) (1 byte) (1 byte) n n o o p p (2 bytes) s y s c a l l mov $3, %rdi i (5 bytes) m o v $ 2 , % e s … mov $3, %rdi Rewritten code Snippet … mov %r10, %rcx Original code callq 0x200457 (read) mov $2, %esi jmp 0x400aac 8/11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 3 / 18 ~$ whoami Unikernel

640 views • 31 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code

About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code

About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code compatible (binary compatible on 68k) - Ported on Multiple Architectures (68k,PPC,ARM,x86/64) - Available as Native and Hosted (linux, windows) - ARIX (in

581 views • 8 slides
A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + +

A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + +

A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + + University of Illinois at Urbana-Champaign *IBM Research Lupine Unikernels are great BUT : Unikernels lack full Linux Support App Hermitux:

531 views • 16 slides
HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens

HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens

HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens Breitbart 2 1 RWTH Aachen University, Germany 2 Technische Universitt Mnchen, Germany Agenda Motivation OS Architectures HermitCore Design

648 views • 38 slides
OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define compatible Define the trust model Discuss pro and con Decide, spec, implement Goal: combine confidentiality with services, if

470 views • 11 slides
Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April

Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April

Department of Defense Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April 2, 2016 Compatible Use Compatible Use Strategic Planning Joint Land Use Study: Planning to Implementation Challenges and

1.02k views • 84 slides
The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number is a number expressed in the binary numeral system, or base-2 numeral system, which represents numeric values using two different symbols: typically

485 views • 19 slides
uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research Scientist, NEC Europe Ltd. Unikernels? Faster, smaller, better! 2 Unikernels? Faster, smaller, better! clip arts: clipproject.info Unikernels

1.14k views • 71 slides
LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary to decimal conversions and vice versa IEEE 754 Floating point representations Binary Arithmetic Decimal representation of binary numbers

1.66k views • 118 slides
Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those that dont. What is binary? You and I write numbers like this: twelve is 12, sixty eight is 68, and one hundred is 100 Binary is a number

525 views • 26 slides
Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers

Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers

75 and 25 make 100 6 and 4 make 10 Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers which go together to make nice numbers. The tasks in this booklet get students accustomed to looking for

371 views • 9 slides
A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal

A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal

A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal Hexadecimal to binary Hexadecimal to Decimal Binary addition Binary subtraction Binary shift Decimal to Binary 146d = ????????b 146/2

91 views • 7 slides
Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents

Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents

Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents on Fun Facts Why 10 digits? Because and the 0 represents off people typically have 10 fingers and 10 toes, making it easy for counting! 2

119 views • 10 slides
Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next

Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next

Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next assignment) DE DEPARTMENT OF OF COM OMPUTER S SCIENCE & & SO SOFTW TWARE RE E ENGINEERI RING PI PICN CNIC SA SATU TURD RDAY

709 views • 41 slides
Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non-

Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non-

Compatible Schemes Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non- Autonomous Systems Onno Bokhove NCP time flux Spatial NCP? School of Mathematics, University of Leeds with Elena Gagarina,

499 views • 37 slides
Ensuring ABI stability in Fedora P r e s e n t e d b y , D o d j i S e k e t

Ensuring ABI stability in Fedora P r e s e n t e d b y , D o d j i S e k e t

Flock 2016 Ensuring ABI stability in Fedora P r e s e n t e d b y , D o d j i S e k e t e l i < d o d j i @f e d o r a p r o j e c t . o r g > S i n n y K u ma r i < s i n n

317 views • 16 slides
Device Tree as a stable ABI: a fairy tale? Thomas Petazzoni Free Electrons

Device Tree as a stable ABI: a fairy tale? Thomas Petazzoni Free Electrons

Embedded Linux Conference 2015 Device Tree as a stable ABI: a fairy tale? Thomas Petazzoni Free Electrons thomas.petazzoni@free-electrons.com Free Electrons - Embedded Linux, kernel, drivers and Android - Development, consulting, training and

546 views • 27 slides
Visual Design Simplicity, Gestalt Principles, Organization/Structure Many examples are from

Visual Design Simplicity, Gestalt Principles, Organization/Structure Many examples are from

Visual Design Simplicity, Gestalt Principles, Organization/Structure Many examples are from Universal Principles of Design , Lidwell, Holden, and Butler 1 CS 349 - Visual Design Why discuss visual design? You need to present the elements of

956 views • 48 slides
State-Based Testing Part B Error Identification Generating test cases for complex behaviour

State-Based Testing Part B Error Identification Generating test cases for complex behaviour

State-Based Testing Part B Error Identification Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter 7 Flattening the statechart

1.23k views • 73 slides
Slides for Drawbridge Jeff Chase Drawbridge op Down Ret ethinking

Slides for Drawbridge Jeff Chase Drawbridge op Down Ret ethinking

Slides for Drawbridge Jeff Chase Drawbridge op Down Ret ethinking hinking the he Libr Librar ary OS OS from om the he Top Operating Systems: The Classical View Each process Programs has a private run as data

571 views • 28 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: C4 Submission for 3/9, 3/15 open (sorry for the delay) Request for Informal Early Feedback forthcoming, probably on

544 views • 25 slides
EECS 373 Design of Microprocessor-Based Systems Branden Ghena University of Michigan Lecture 3:

EECS 373 Design of Microprocessor-Based Systems Branden Ghena University of Michigan Lecture 3:

EECS 373 Design of Microprocessor-Based Systems Branden Ghena University of Michigan Lecture 3: Assembly, Tools, and ABI September 9, 2014 Slides developed in part by Mark Brehob & Prabal Dutta 1 Announcements Im not Prabal

960 views • 26 slides
CS 111 Operating System Interfaces Jon Eyolfson BY-SA 4.0 1.1.0 April 3, 2019 You Wouldnt

CS 111 Operating System Interfaces Jon Eyolfson BY-SA 4.0 1.1.0 April 3, 2019 You Wouldnt

CS 111 Operating System Interfaces Jon Eyolfson BY-SA 4.0 1.1.0 April 3, 2019 You Wouldnt Write in Binary, Would You? 0x7F 0x45 0x4C 0x46 0x02 0x01 0x01 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x02 0x00 0x3E 0x00 0x01 0x00 0x00 0x00

896 views • 40 slides

More recommend