Results 1 -
7 of
7
Safe hardware access with the Xen virtual machine monitor
- In 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS
, 2004
"... The Xen virtual machine monitor allows multiple operating systems to execute concurrently on commodity x86 hardware, providing a solution for server consolidation and utility computing. In our initial design, Xen itself contained device-driver code and provided safe shared virtual device access. In ..."
Abstract
-
Cited by 138 (8 self)
- Add to MetaCart
(Show Context)
The Xen virtual machine monitor allows multiple operating systems to execute concurrently on commodity x86 hardware, providing a solution for server consolidation and utility computing. In our initial design, Xen itself contained device-driver code and provided safe shared virtual device access. In this paper we present our new Safe Hardware Interface, an isolation architecture used within the latest release of Xen which allows unmodified device drivers to be shared across isolated operating system instances, while protecting individual OSs, and the system as a whole, from driver failure. 1
Lazy Queueing and Direct Process Switch — Merit or Myths?
"... The L4 microkernel, like many first and second generation microkernels, was designed to maximise best-effort performance. One component of its functionality critical to overall system performance is its interprocess communication primitive. L4 uses two techniques to minimise communication costs: dir ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
The L4 microkernel, like many first and second generation microkernels, was designed to maximise best-effort performance. One component of its functionality critical to overall system performance is its interprocess communication primitive. L4 uses two techniques to minimise communication costs: direct process switching and lazy queue management. These techniques improve performance at the expense of real-time predictability of the scheduler. Now that L4 is being adopted in the embedded space, which features real-time requirements, we must determine if there is continued merit in using the optimisations. In this paper we quantitatively analyse the two optimisations using different kernel implementations and measure the performance improvements of the optimisations directly, and indirectly using the Re-aim benchmark suite. We find that the system-level performance improvements are marginal for this Unix-like workload. 1.
Fitting Linux Device Drivers into an Analyzable Scheduling Framework
, 2007
"... copyright of this collection is with National ICT Australia. ..."
(Show Context)
– Antoine de Saint-Exupéry [9]
"... It has been well established that most operating system crashes are due to bugs in device drivers. Because drivers are normally linked into the kernel address space, a buggy driver can wipe out kernel tables and bring the system crashing to a halt. We have greatly mitigated this problem by reducing ..."
Abstract
- Add to MetaCart
(Show Context)
It has been well established that most operating system crashes are due to bugs in device drivers. Because drivers are normally linked into the kernel address space, a buggy driver can wipe out kernel tables and bring the system crashing to a halt. We have greatly mitigated this problem by reducing the kernel to an absolute minimum and running each driver as a separate, unprivileged process in user space. In addition, we implemented a POSIX-conformant operating system as multiple user-mode processes. In this design, all that is left in kernel mode is a tiny kernel of under 3800 lines of executable code for catching interrupts, starting and stopping processes, and doing IPC. By moving nearly the entire operating system to multiple, protected user-mode processes we reduce the consequences of faults, since a driver failure no longer is fatal and does not require rebooting the computer. In fact, our system incorporates a reincarnation server that is designed to deal with such errors and often allows for full recovery, transparent to the application and without loss of data. To achieve maximum reliability, our design was guided by simplicity, modularity, least authorization, and fault tolerance. This paper discusses our lightweight approach and reports on its performance and reliability. It also compares our design to other proposals for protecting drivers using kernel wrapping and virtual machines.
The Design and Implementation of a Fully-Modular, Self-Healing, UNIX-Like Operating System
"... In this paper, we discuss the architecture of a fullymodular, self-healing operating system, which exploits the principle of least authority to provide reliability beyond that of most other operating systems. The system can be characterized as a minimal kernel with the entire operating system runnin ..."
Abstract
- Add to MetaCart
(Show Context)
In this paper, we discuss the architecture of a fullymodular, self-healing operating system, which exploits the principle of least authority to provide reliability beyond that of most other operating systems. The system can be characterized as a minimal kernel with the entire operating system running as a set of compartmentalized user-mode servers and drivers. By moving most of the code to unprivileged usermode processes and restricting the powers of each one, we gain proper fault isolation and limit the damage bugs can do. Moreover, the system has been designed to survive and automatically recover from failures in critical components, such as device drivers, transparent to applications and without user intervention. We used this design to develop a highly-reliable, opensource, POSIX-conformant member of the UNIX family, which is freely available and has been downloaded over 100,000 times in the past 3 months. 1
Self-stabilizing Device Drivers ⋆ (Extended Abstract)
"... Abstract. This work presents approaches for designing the input-output device management components of self-stabilizing operating systems. As an example, we demonstrate the non-stability of the ata standard protocol for storage devices. We state the requirements that an operating system and i/o devi ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. This work presents approaches for designing the input-output device management components of self-stabilizing operating systems. As an example, we demonstrate the non-stability of the ata standard protocol for storage devices. We state the requirements that an operating system and i/o devices should satisfy in order to become self-stabilizing. Then we suggest two solutions to satisfy these requirements. The first uses leases in order to guarantee progress from the i/o device side. The second assumes stabilization of the i/o device, and uses snapshots to perform consistency checks. By supplying an infrastructure for practical self-stabilizing systems, robust and dependable systems can be achieved.
Device driver reuse via virtual machines
, 2009
"... Device drivers constitute a significant portion of an operating system’s source code. The effort to develop a new driver set is a sobering hurdle to the pursuit of novel operating system ventures. A practical solution is to reuse drivers, but this can contradict design goals in a new operating syste ..."
Abstract
- Add to MetaCart
Device drivers constitute a significant portion of an operating system’s source code. The effort to develop a new driver set is a sobering hurdle to the pursuit of novel operating system ventures. A practical solution is to reuse drivers, but this can contradict design goals in a new operating system. We offer a new approach to device-driver reuse, with a focus on promoting novel operating-system construction, which insulates the new operating system from the invariants of the reused drivers, while also addressing development effort. Our solution runs the drivers along with their original operating systems inside virtual machines, with some minor reuse infrastructure added to the driver’s operating system to interface with the rest of the system. This approach turns the drivers into de-privileged applications of the new operating system, which separates their architectures and reduces cross-influences, and improves system dependability. Virtual machines help reuse drivers, but they also penalize performance. The known solution for improving virtual machine performance, para-virtualization, modifies the operating system to run on a hypervisor, which has an enormous cost:
