harmonizing performance and isolation in microkernels
play

Harmonizing Performance and Isolation in Microkernels with Efficient - PowerPoint PPT Presentation

Mar 16, 2024 •103 likes •336 views

Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication Jinyu Gu , Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen Monolithic Kernel and Microkernel 2 Monolithic Kernel and

  1. Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication Jinyu Gu , Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen

  2. Monolithic Kernel and Microkernel 2

  3. Monolithic Kernel and Microkernel Microkernel’s philosophy: Moving most OS components into isolated user processes 3

  4. Benefits and Usages of Microkernel • Achieves good extensibility, security, and fault isolation • Succeeds in safety-critical scenarios (Airplane, Car) • For more general-purpose applications (Google Zircon) 4

  5. Expensive Communication Cost • Tradeoff: Performance and Isolation – Inter-process communication (IPC) overhead File Disk App System Driver Microkernel IPC 5

  6. IPC Overhead is Considerable IPC Cost Real Work in Servers 100% SQLite xv6FS Ramdisk 80% 60% 40% Microkernel 20% Zircon seL4 seL4 Direct cost: privilege switch, process switch, … w/ kpti w/o kpti Indirect cost: CPU internal structures pollution Evaluated on Dell PowerEdge R640 server with Intel Xeon Gold 6138 CPU 6

  7. Goal: Both Ends • Harmonize the tension between Performance and Isolation in microkernels – Reducing the IPC overhead – Maintaining the isolation guarantee 7

  8. New Hardware Brings Opportunities • PKU: Protection Key for Userspace (aka. MPK) – Assign each page one PKEY (i.e., memory domain ID) [0:15] – A new register PKRU stores read/write permission 8

  9. Efficient Intra-Process Isolation App Part • ERIM [Security’19] & Hodor [ATC’19] Library-1 – Based on Intel PKU Library-2 – Build isolate domains in the same process efficiently – Domain switch only takes 28 cycles (modify PKRU) 9

  10. Intra-Process Isolation + Microkernel System Servers Intel PKU App Drv … App FS MM Net Microkernel Process IPC Sched Hardware 10

  11. Design Choice #1 Isolate different system servers in a single process. Server-1 Isolated Server-2 App domains Server-3 … Just as traditional IPCs Microkernel 11

  12. Design Choice #2 Let’s get more aggressive! App-1 App-2 Drawbacks Server-1 Server-1 1. Update Server mapping is costly Server-2 Server-2 2. IPC connection is also costly Server-3 Server-3 3. Less flexibility for applications on address space and using PKU … … Microkernel 12

  13. An Observation on Intel PKU • A misleading name – Protection Key for Userspace • It still takes effect when in kernel (ring-0) – The “Userspace” means user-accessible memory – U/K bit in PTE 13

  14. UnderBridge: Sinking System Servers System Servers Intel PKU App Drv … App FS MM Net Intra-kernel isolation Microkernel Hardware 14

  15. Design Choice #3: UnderBridge • Build execution domains in the kernel page table User App App App Dom-0 Microkernel Kernel Dom-1 Dom-2 Dom-3 Server-1 Server-2 Server-3 15

  16. Execution Domain • Execution domain 0 is for the microkernel – Use memory domain 0 – Can access all the memory • Others own a private memory domain – A private MPK memory domain ID • Shared memory Dom-0 – Allocate a free Microkernel MPK memory domain ID Dom-1 Dom-2 Server-1 Server-2 16

  17. IPC Gate Dom-1 Dom-2 • Connect two servers Server-1 Server-2 – Generated by the microkernel – Resides in memory domain 0 (execute-only for servers) • Transfer control flow during IPC invocations – context switch and domain switch • Connect the microkernel and servers – System calls Dom-2 Dom-0 Server-2 Microkernel 17

  18. Server Migration • The number of execution domain is limited – Hardware only provides 16 memory domains – Time-multiplexing is expensive • Move servers between user and kernel space – Disjoint virtual memory regions – Runtime migration 18

  19. Privilege Deprivation • In-kernel servers have supervisor privilege – Can affect the whole system if compromised – CFI (with binary scanning) incurs runtime overhead – Binary rewriting only is infeasible • Prevent servers to execute privilege instructions – Add a tiny secure monitor in hypervisor mode – For instructions rarely execute: VMExits – For instructions that frequently required: Rewriting 19

  20. Other Designs and Implementations • IPC capability authentication • Seamless server migration • Privilege deprivation details 20

  21. Cross-server IPC Round-Trip Latency 8500 8151 8000 7500 5000 Cycles Cycles 4145 4000 3057 3000 2035 2000 1450 1000 437 109 24 0 Monolithic ChCore SkyBridge seL4 seL4 Fiasco.OC Fiasco.OC Zircon (UnderBridge) -KPTI -KPTI 21 Evaluated on Dell PowerEdge R640 server with Intel Xeon Gold 6138 CPU

  22. SQLite Throughput under YCSB-A 1 × ∼ 8 × Native w/ KPTI UnderBridge Native w/o KPTI Monolithic SkyBridge Monolithic w/o KPTI 10 8 Throughput 6 4 2 0 Zircon Fiasco.OC seL4 22 Evaluated on Dell PowerEdge R640 server with Intel Xeon Gold 6138 CPU

  23. Conclusion & Thanks! • UnderBridge – A redesign of the runtime structure of microkernel OSes for faster OS services – The efficient intra-kernel isolation mechanism may also be used to harden the isolation of monolithic kernels Q&A: gujinyu@sjtu.edu.cn 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MICROKERNELS KISHAN VARMA VAISHALI CHANANA AGENDA MONOLITHIC KERNELS VS MICROKERNELS

MICROKERNELS KISHAN VARMA VAISHALI CHANANA AGENDA MONOLITHIC KERNELS VS MICROKERNELS

MICROKERNELS KISHAN VARMA VAISHALI CHANANA AGENDA MONOLITHIC KERNELS VS MICROKERNELS FIRST GENERATION MICROKERNELS SECOND GENERATION MICROKERNELS EXOKERNEL AEGIS AN EXOKERNEL ExOS Smaller Kernel : Easily MONOLITHIC

276 views • 12 slides
Architectures, Architectures, Microkernels, IPC, Microkernels, IPC, Capabilities Capabilities

Architectures, Architectures, Microkernels, IPC, Microkernels, IPC, Capabilities Capabilities

Architectures, Architectures, Microkernels, IPC, Microkernels, IPC, Capabilities Capabilities http://d3s.mff.cuni.cz/aosy http://d3s.mff.cuni.cz Jakub Jerm jakub.jermar@kernkonzept.com Agenda Agenda Kernel architectures Microkernels

664 views • 48 slides
Microkernels John Criswell University of Rochester 1 Onwards to user-space! 2 Microkernels 3

Microkernels John Criswell University of Rochester 1 Onwards to user-space! 2 Microkernels 3

CSC 256/456: Operating Systems Microkernels John Criswell University of Rochester 1 Onwards to user-space! 2 Microkernels 3 Monolithic Kernel (aka Everything and the Kitchen Sink) Application Application Libraries Commands

225 views • 22 slides
CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3.

CPI 2 : CPU performance isolation for shared compute clusters 1. Xiao Zhang 2. Eric Tune 3. Robert Hagmann 4. Rohit Jnagal 5. Vrigo Gokhale 6. John Wilkes Class Presentation : Siddhartha Biswas 1 Abstract: 1. Performance isolation is

803 views • 26 slides
Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel

Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel

Improving HVM Domain Isolation and Performance Jun Nakajima - jun.nakajima@intel.com Daniel Stekloff dsteklof@us.ibm.com September 2006 Goals HVM Domain Isolation Move QEMU Device Model Out of Domain0 and Into Stub Domain Allow

263 views • 13 slides
Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional

Introduction to pixel track isolation The purpose of track isolation algorithm is an additional improvement of level-1 pixel trigger performance. Procedure of pixel track isolation Reconstructed pixel tracks using kinematic parameters

669 views • 27 slides
What Could Microkernels What Could Microkernels Learn from Monolithic Learn from Monolithic

What Could Microkernels What Could Microkernels Learn from Monolithic Learn from Monolithic

What Could Microkernels What Could Microkernels Learn from Monolithic Learn from Monolithic Kernels (and Vice Versa) Kernels (and Vice Versa) http://d3s.mff.cuni.cz http://d3s.mff.cuni.cz Martjn Dck decky@d3s.mff.cuni.cz CHARLES

528 views • 29 slides
M 3 : Taking Microkernels to the Next Level Nils Asmussen FOSDEM, 02/02/2020, Brussels About Me

M 3 : Taking Microkernels to the Next Level Nils Asmussen FOSDEM, 02/02/2020, Brussels About Me

barkhauseninstitut.org M 3 : Taking Microkernels to the Next Level Nils Asmussen FOSDEM, 02/02/2020, Brussels About Me Nils Asmussen PhD last year at the OS chair of the TU Dresden Low-level system programming and microkernels Worked on

714 views • 59 slides
Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable Isolation Dan Ports Kevin Grittner MIT Wisconsin Court System Saturday, May 21, 2011 1 Overview Serializable isolation makes it easier to reason

922 views • 60 slides
X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers Zhiming Shen Cornell University Joint work with Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, Christina Delimitrou, Robbert Van Renesse, Hakim

266 views • 26 slides
Performance isolation across virtual machines in Xen Diwaker Gupta , Lucy Cherkasova, Amin

Performance isolation across virtual machines in Xen Diwaker Gupta , Lucy Cherkasova, Amin

Performance isolation across virtual machines in Xen Diwaker Gupta , Lucy Cherkasova, Amin Vahdat Robert Gardner University of California, Hewlett-Packard Laboratories, Palo Alto & Fort Collins San Diego Middleware Software that

410 views • 38 slides
FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J.

FIT: A Distributed Database Performance Tradeoff Jose M. Faleiro, Yale University Daniel J. Abadi, Yale University Presented by Bojun Wang FAIRNESS THROUGHPUT ISOLATION 1 Isolation v.s. Throughput and Fairness Strong isolation

542 views • 20 slides
Debugging the Performance of Mavens Test Isolation: Experience Report Pengyu Nie 1 Ahmet Celik

Debugging the Performance of Mavens Test Isolation: Experience Report Pengyu Nie 1 Ahmet Celik

Debugging the Performance of Mavens Test Isolation: Experience Report Pengyu Nie 1 Ahmet Celik 2 Matthew Coley 3 Aleksandar Milicevic 4 Jonathan Bell 3 Milos Gligoric 1 1 The University of Texas at Austin 2 Facebook, Inc. 3 George Mason

849 views • 49 slides
Achieving Performance Isolation with Lightweight Co-Kernels Jiannan Ouyang , Brian Kocoloski, John

Achieving Performance Isolation with Lightweight Co-Kernels Jiannan Ouyang , Brian Kocoloski, John

Achieving Performance Isolation with Lightweight Co-Kernels Jiannan Ouyang , Brian Kocoloski, John Lange The Prognostic Lab @ University of Pittsburgh Kevin Pedretti Sandia National Laboratories HPDC 2015 HPC Architecture Traditional In Situ

280 views • 24 slides
ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating auxiliary isolation rooms (CDC) SCRUBBERS - 1 ea to serve patient room, and 1 for Airlock Typically deployed on supplied wheel platform

144 views • 3 slides
Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner

Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner

Performance Isolation in Xen Diwaker Gupta (UC San Diego) Lucy Cherkasova (HP Labs) Rob Gardner (HP Labs) Amin Vahdat (UC San Diego) Outline Background and Motivation Controlling aggregate CPU consumption QoS in the driver domain

564 views • 28 slides
Address Space Isolation in the Linux Kernel Mike Rapoport, James Bottomley

Address Space Isolation in the Linux Kernel Mike Rapoport, James Bottomley

Address Space Isolation in the Linux Kernel Mike Rapoport, James Bottomley <{rppt,jejb}@linux.ibm.com> This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No

448 views • 30 slides
Identification of differentially Overview of our method expressed genes Filtering of low

Identification of differentially Overview of our method expressed genes Filtering of low

Application: Classifiaton of Gastric Cancer Tumors from 17 patients with gastric carcinoma was collected for surgically resected stomachs 5 female (aged 45-80, median 70) Learning to Classify Cancer from 11 male (aged 49-93, median

195 views • 5 slides
Disclosures for Andrew D. Zelenetz, MD, PhD Research Support/P.I. Genentech/Roche, Gilead, MEI,

Disclosures for Andrew D. Zelenetz, MD, PhD Research Support/P.I. Genentech/Roche, Gilead, MEI,

Disclosures for Andrew D. Zelenetz, MD, PhD Research Support/P.I. Genentech/Roche, Gilead, MEI, BeiGene Employee None Celegene; Genentech/Roche; Gilead; BeiGene; Amgen; Consultant Novartis; Astra-Zeneca; Verastem Major Stockholder None

528 views • 17 slides
Discrete and Hybrid Methods in Systems Biology Oded Maler CNRS - VERIMAG Grenoble, France SFBT

Discrete and Hybrid Methods in Systems Biology Oded Maler CNRS - VERIMAG Grenoble, France SFBT

Discrete and Hybrid Methods in Systems Biology Oded Maler CNRS - VERIMAG Grenoble, France SFBT 2012 Preamble Je ne suis pas un biologist et je vais parler en anglais so theory is my strongest link to this school Preamble The

1.16k views • 78 slides
Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau

Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau

Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 1 File-System Availability Is Critical 2 File-System Availability Is Critical Main

1.76k views • 171 slides
Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1 How to securely approve transactions? Users perform sensitjve transactjonal operatjons Bank

760 views • 49 slides
& Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department

& Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department

PINPOINT: Efficient & Effective Resource Isolation for Mobile Security & Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department of Electrical Engineering & Computer Science Syracuse University,

1.36k views • 21 slides
Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder:

Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder:

W3C stuff 2014-05 Interim, Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder: RTCConfiguration parameter with three values: yes, ifconfigured, no. Originally included in support of

282 views • 11 slides

More recommend