a binary compatible unikernel
play

A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan - PowerPoint PPT Presentation

Apr 17, 2023 •644 likes •1.02k views

A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan Lankes + , Changwoo Min*, Binoy Ravidnran* *Virginia Tech, + RWTH Aachen University VEE19 - 04/14/2019 Unikernels Presentation Full-fledged Virtual Machine Linux

  1. A Binary Compatible Unikernel Pierre Olivier*, Daniel Chiba*, Stefan Lankes + , Changwoo Min*, Binoy Ravidnran* *Virginia Tech, + RWTH Aachen University VEE’19 - 04/14/2019

  2. Unikernels Presentation Full-fledged Virtual Machine Linux distribution Application Libraries Linux OS interface used Kernel Hypervisor Hardware 2/11

  3. Unikernels Presentation Full-fledged Virtual Machine Legend : Linux Useful software distribution Software bloat Application Libraries Linux OS interface used Kernel Hypervisor Hardware 2/11

  4. Unikernels Presentation Full-fledged Virtual Machine Legend : Linux Useful software distribution Software bloat Application Unikernel Libraries Application Libraries Linux OS interface used Kernel OS Layer Hypervisor Hardware 2/11

  5. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor 3/11

  6. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed 3/11

  7. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation 3/11

  8. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation ◮ Per-application tailored kernel ◮ LibOS/Exokernel model 3/11

  9. Unikernels Presentation (2) Unikernel: application + dependencies + thin OS compiled as a static binary running on top of a hypervisor ◮ single-* ◮ Single purpose: run 1 application ◮ Single process ◮ Single binary and single address space for application + kernel ◮ No user/kernel protection needed ◮ Lightweight virtualization, alternative to containers ◮ Security advantage: small attack surface and high isolation ◮ Per-application tailored kernel ◮ LibOS/Exokernel model ◮ Reduced OS noise, increased performance ◮ Low system call latency ◮ App + kernel in ring 0, system calls are function calls 3/11

  10. Unikernels The Issue ◮ Unikernels have plenty of benefits to bring ◮ Unikernels have plenty of application domains ◮ They are very popular in academia . . . ◮ . . . but why (nearly) nobody uses them in the industry? 4/11

  11. Unikernels The Issue ◮ Unikernels have plenty of benefits to bring ◮ Unikernels have plenty of application domains ◮ They are very popular in academia . . . ◮ . . . but why (nearly) nobody uses them in the industry? Because it is hard to port existing applications! 4/11

  12. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src 5/11

  13. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available 5/11

  14. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language 5/11

  15. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features 5/11

  16. Unikernels The Issue: Porting to Unikernels Application Execution src Build Unikernel (compile, binary Unikernel & link, etc.) libraries src ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel 5/11

  17. Unikernels The Issue: Porting to Unikernels Application Execution src Unikernel Build binary Unikernel & (compile, libraries src link, etc.) ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel ◮ Complex build toolchains 5/11

  18. Unikernels The Issue: Porting to Unikernels ◮ Proprietary software → source code not available ◮ Incompatible language ◮ Unsupported features ◮ Porting is hard, needs knowledge about both application and unikernel ◮ Complex build toolchains HermiTux Solution ◮ A unikernel binary-compatible with Linux ◮ For x86-64 for now 5/11

  19. Unikernels Overview ◮ Linux ABI convention: 6/11

  20. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout 6/11

  21. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout ◮ Syscalls 6/11

  22. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack layout ◮ Syscalls ◮ Kernel adapted Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  23. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Single-address space VM layout Guest ◮ Syscalls ◮ Kernel adapted Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  24. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest ◮ Syscalls App. ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  25. Unikernels Overview ◮ Linux ABI convention: ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  26. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack Native layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore Host: Linux kernel KVM 6/11

  27. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM support for 80+ syscalls 6/11

  28. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM Debug, profile support for 80+ syscalls 6/11

  29. Unikernels Overview ◮ Linux ABI convention: Init. stack and jump to entry point ◮ ELF loader convention ◮ Load-time Stack handler Native Syscall layout Linux Guest Hermitux ◮ Syscalls App. kernel ◮ Kernel adapted Load Host Hypervisor: uHyve from HermitCore ◮ Complete/partial Host: Linux kernel KVM Debug, profile support for 80+ syscalls ◮ How to maintain unikernel benefits without access to the application sources? ◮ Fast system calls and modularity 6/11

  30. Unikernels Fast Syscalls with Libc Substitution ◮ HermiTux’s syscall handler is invoked by the syscall instruction ◮ Reintroduce high latency for system calls due to the world switch 7/11

  31. Unikernels Fast Syscalls with Libc Substitution ◮ HermiTux’s syscall handler is invoked by the syscall instruction ◮ Reintroduce high latency for system calls due to the world switch ◮ For dynamically compiled programs: ◮ At runtime load a unikernel-aware Libc ◮ Making for system calls (fast) function calls directly into the kernel ◮ Automatically transformed version of Musl Libc with Coccinelle “unikernelized” Semantic patch Patch LibC Coccinelle Musl LibC (80 LoC) (4400 LoC) 7/11

  32. Unikernels Fast Syscalls with Binary Rewriting ◮ What about static binaries? ◮ (Statically) binary-rewrite syscall instructions to direct jumps to the syscall implementation ◮ Problem: syscall is 2 bytes long and any call / jmp instruction will be larger Syscall binary rewriting … (5 bytes) (5 bytes) j m p 0 x 2 0 0 0 4 2 j m p 0 x 2 0 0 0 4 2 … (1 byte) (1 byte) n o p n o p mov $0, %rax (read) (1 byte) (1 byte) n n o o p p (2 bytes) s y s c a l l mov $3, %rdi i (5 bytes) m o v $ 2 , % e s … mov $3, %rdi Rewritten code Snippet … mov %r10, %rcx Original code callq 0x200457 (read) mov $2, %esi jmp 0x400aac 8/11

Recommend

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 3 / 18 ~$ whoami Unikernel

640 views • 31 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code

About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code

About AROS - AROS is a open source rewrite of Amiga OS 3.1 - APL licence - Source Code compatible (binary compatible on 68k) - Ported on Multiple Architectures (68k,PPC,ARM,x86/64) - Available as Native and Hosted (linux, windows) - ARIX (in

581 views • 8 slides
A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + +

A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + +

A Linux in Unikernel Clothing Hsuan-Chi Kuo + , Dan Williams*, Ricardo Koller* and Sibin Mohan + + University of Illinois at Urbana-Champaign *IBM Research Lupine Unikernels are great BUT : Unikernels lack full Linux Support App Hermitux:

531 views • 16 slides
HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens

HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens

HermitCore A Unikernel for Extreme Scale Computing Stefan Lankes 1 , Simon Pickartz 1 , Jens Breitbart 2 1 RWTH Aachen University, Germany 2 Technische Universitt Mnchen, Germany Agenda Motivation OS Architectures HermitCore Design

648 views • 38 slides
OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define

OPES and E2E Encryption Should OPES be compatible with end-to- end encryption? Define compatible Define the trust model Discuss pro and con Decide, spec, implement Goal: combine confidentiality with services, if

470 views • 11 slides
Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April

Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April

Department of Defense Compatible Use Program American Planning Association 2016 National Conference Phoenix, AZ April 2, 2016 Compatible Use Compatible Use Strategic Planning Joint Land Use Study: Planning to Implementation Challenges and

1.02k views • 84 slides
The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number is a number expressed in the binary numeral system, or base-2 numeral system, which represents numeric values using two different symbols: typically

485 views • 19 slides
uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research

uniprof: Transparent Unikernel Performance Profiling & Debugging Florian Schmidt, Research Scientist, NEC Europe Ltd. Unikernels? Faster, smaller, better! 2 Unikernels? Faster, smaller, better! clip arts: clipproject.info Unikernels

1.14k views • 71 slides
LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary to decimal conversions and vice versa IEEE 754 Floating point representations Binary Arithmetic Decimal representation of binary numbers

1.66k views • 118 slides
Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those that dont. What is binary? You and I write numbers like this: twelve is 12, sixty eight is 68, and one hundred is 100 Binary is a number

525 views • 26 slides
Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers

Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers

75 and 25 make 100 6 and 4 make 10 Com Compatible patible Pairs Pair Compatible Pairs for addition and subtraction are numbers which go together to make nice numbers. The tasks in this booklet get students accustomed to looking for

371 views • 9 slides
A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal

A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal

A Quick Review Decimal to binary Binary to decimal Binary to hexadecimal Hexadecimal to binary Hexadecimal to Decimal Binary addition Binary subtraction Binary shift Decimal to Binary 146d = ????????b 146/2

91 views • 7 slides
Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents

Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents

Binary Numbers Calculate your age Binary & decimal differences In binary 1 represents on Fun Facts Why 10 digits? Because and the 0 represents off people typically have 10 fingers and 10 toes, making it easy for counting! 2

119 views • 10 slides
Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next

Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next

Binary Tree Iterators and Properties Displayable Binary Trees Displayable Binary Trees (next assignment) DE DEPARTMENT OF OF COM OMPUTER S SCIENCE & & SO SOFTW TWARE RE E ENGINEERI RING PI PICN CNIC SA SATU TURD RDAY

709 views • 41 slides
Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non-

Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non-

Compatible Schemes Compatible Finite Element Discretizations of Onno Bokhove Geometric Systems Introduction Non- Autonomous Systems Onno Bokhove NCP time flux Spatial NCP? School of Mathematics, University of Leeds with Elena Gagarina,

499 views • 37 slides
Binary Search Trees A binary search tree is a binary tree T such that - each internal node

Binary Search Trees A binary search tree is a binary tree T such that - each internal node

AVL T REES Binary Search Trees AVL Trees AVL Trees 1 Binary Search Trees A binary search tree is a binary tree T such that - each internal node stores an item (k, e) of a dictionary. - keys stored at nodes in the left subtree of

547 views • 26 slides
Binary trees Binary trees David Morgan Binary trees Binary trees elements have up to 2

Binary trees Binary trees David Morgan Binary trees Binary trees elements have up to 2

Binary trees Binary trees David Morgan Binary trees Binary trees elements have up to 2 child elements left child sorts less, right more, than parent tree has a depth tree has a balance, comparing depths of its left and right

305 views • 5 slides
A need t to push for orward t the d development of c compatible joi oints b between d

A need t to push for orward t the d development of c compatible joi oints b between d

TGEG19, Technologies for Global Energy Grid A need t to push for orward t the d development of c compatible joi oints b between d different cable ma manuf ufactur urers An obs bser ervation: n: t the d demand nd for offs

396 views • 7 slides
Negative Numbers and Binary operations Eric McCreath Binary Addition Adding binary numbers is

Negative Numbers and Binary operations Eric McCreath Binary Addition Adding binary numbers is

Negative Numbers and Binary operations Eric McCreath Binary Addition Adding binary numbers is very similar to how you would add large decimal numbers in primary school It involves positioning the numbers such that the columns line up in their

562 views • 10 slides
Binary Trees Parts of a binary tree A binary tree is composed of zero or more nodes Each

Binary Trees Parts of a binary tree A binary tree is composed of zero or more nodes Each

Binary Trees Parts of a binary tree A binary tree is composed of zero or more nodes Each node contains: A value (some sort of data item) A reference or pointer to a left child (may be null ), and A reference or pointer to a

653 views • 14 slides
Binary Numbers 723 Binary Numbers 723 = 7x100 + 2x10 + 3x1 Binary Numbers 723 = 7x100 + 2x10 +

Binary Numbers 723 Binary Numbers 723 = 7x100 + 2x10 + 3x1 Binary Numbers 723 = 7x100 + 2x10 +

Binary Numbers 723 Binary Numbers 723 = 7x100 + 2x10 + 3x1 Binary Numbers 723 = 7x100 + 2x10 + 3x1 = 7x10 2 + 2x10 1 + 3x10 0 Binary Numbers 5349 = 5x10 3 + 3x10 2 + 4x10 1 + 9x10 0 Binary Numbers Why base 10? Binary Numbers 257 (base 8)

1.23k views • 75 slides
Finding compatible circuits in eulerian digraphs James Carraher University of Nebraska

Finding compatible circuits in eulerian digraphs James Carraher University of Nebraska

Finding compatible circuits in eulerian digraphs James Carraher University of Nebraska Lincoln s-jcarrah1@math.unl.edu Joint Work with Stephen Hartke June 13, 2013 James Carraher (UNL) Finding compatible circuits in eulerian digraphs

620 views • 46 slides
Extending Binary Linear Classification One-Versus-All Classification (OVA) } In the presence of

Extending Binary Linear Classification One-Versus-All Classification (OVA) } In the presence of

Binary and Other Classification } We will generally discuss binary classifiers, which divide data into one of two classes } Linear classifiers as presented in last lecture are inherently binary, defining the classes based on two regions,

336 views • 7 slides

More recommend