Microkernel and Component-based OS

RedLeaf: Isolation and Communication in a Safe Operating System

<p>At least since the final Multics report in 1977, researchers identified the ability to isolate kernel subsystems as a critical mechanism for increasing the reliability and security of the kernel. Unfortunately, despite many attempts to introduce isolation to the kernel, modern systems remain monolithic. Historically, software and hardware mechanisms introduce a prohibitively high overhead for the isolation of subsystems with the tightest performance budgets. Today, however, the balance of isolation and performance is starting to change with the development of Rust, arguably, the first practical programming language that achieves safety without garbage collection.</p> <p>RedLeaf is a new operating system developed from scratch in Rust with the goal to explore the impact of language safety on operating system organization, and specifically on the ability to utilize fine-grained isolation and its benefits in the kernel. In contrast to commodity systems, RedLeaf does not rely on hardware address spaces for isolation and instead uses only type and memory safety of the Rust language. Departure from costly hardware isolation mechanisms allows us to explore the design space of systems that embrace lightweight fine-grained isolation of kernel subsystems. We develop a new abstraction of a language-based isolation domain that implements a unit of information hiding and isolation of faults. Domains can be dynamically loaded and cleanly terminated. Building on RedLeaf isolation mechanisms, we demonstrate the possibility to implement end-to-end zero-copy, fault isolation, and transparent recovery of device drivers.</p> <p>To evaluate the practicality of RedLeaf abstractions, we implemented a subset of the POSIX interface as a collection of RedLeaf domains. RedLeaf's isolation mechanisms allow us to support the transparent recovery of device drivers. To demonstrate that Rust and fine-grained isolation introduce a practically-acceptable overhead, we develop efficient versions of 10Gbps network and PCIe-attached solid state-disk NVMe device drivers that match the performance of carefully-optimized kernel-bypass device drivers used in modern network and storage processing frameworks.</p>

Additional information

Type devroom

More sessions

2/5/22
Microkernel and Component-based OS
D.microkernel
<p>Welcome talk and introduction to the Microkernel and Component-based OS devroom at FOSDEM 2022.</p>
2/5/22
Microkernel and Component-based OS
Julian Stecklina
D.microkernel
<p>Concurrent code is hard to get right, but at the same time also hard to test. It gets worse when hardware interaction is required. This leads to a comparatively poor culture of unit testing in kernel code, where both come together.</p> <p>In this talk, I’m going to highlight one particular method of unit testing the page table manipulation code in Hedron, a microkernel written in C++ specially geared towards virtualization workloads. This code safely modifies page tables that are ...
2/5/22
Microkernel and Component-based OS
Damien Zammit
D.microkernel
<p>GNU/Hurd is the original Free Software operating system started in the 1980s. Its microkernel design has been evolving over the years and the project has not quite hit mainstream use. I believe this is due to one main reason: the lack of drivers for peripherals and hardware. In this talk, I explain how NetBSD kernel drivers have been reused in a microkernel setting and demonstrate their use to boot up a GNU/Hurd system via a userspace rump disk driver, with a driverless Hurd kernel, gnumach. ...
2/5/22
Microkernel and Component-based OS
Norman Feske
D.microkernel
<p>Driven by the vision of a truly trustworthy smartphone, I dedicated the past year to bringing the component-based Genode OS to the Pinephone. The talk presents my experience story, touching on the hardware, booting, the porting of the kernel, component-architecture concerns, and device drivers.</p>
2/5/22
Microkernel and Component-based OS
Alexander van der Grinten
D.microkernel
<p>In this talk, we explore the design of Managarm's microkernel. Managarm is a pragmatic microkernel-based OS with a focus on asynchronous operations. The talk covers various aspects of the microkernel, such as its IPC model, resource management, and user space API. Managarm's microkernel employs a capability-based design to manage hardware resources. In contrast to current mainstream OSes, Managarm's system calls never block but report completion asynchronously whenever possible. This includes ...
2/5/22
Microkernel and Component-based OS
D.microkernel
<p>Unikernels are hard to debug? Unikernels cannot be easily administrated or monitored? While unikernels have the potential to revolutionize our infrastructures and take cloud computing into the next era, many worry that unikernels cannot be seamlessly integrated into today’s development and production workflows. At the Unikraft team, we are heavily working on addressing these concerns and changing the status quo. Although unikernels are monolithic bundles of only necessary kernel functions ...
2/5/22
Microkernel and Component-based OS
D.microkernel
<p>Serverless computing facilitates the use of resources without the burden of administering and maintaining infrastructure. The simplification of IaaS appears ideal (in theory) but providers and users are presented with several challenges: providers aim to reduce infrastructure maintenance overheads; users require isolation, flexibility and programming freedom.</p> <p>Serverless deployments are mostly backed by sandboxed containers. To enable programming freedom for users, providers allow the ...