a kernel in a library genode s custom kernel approach
play

A kernel in a library Genodes custom kernel approach Martin Stein - PowerPoint PPT Presentation

Mar 15, 2023 •345 likes •798 views

A kernel in a library Genodes custom kernel approach Martin Stein < martin.stein@genode-labs.com > Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genodes custom kernel

  1. A kernel in a library Genode’s custom kernel approach Martin Stein < martin.stein@genode-labs.com >

  2. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 2

  3. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 3

  4. Genode on third-party Kernels The impetus of diversity NOVA, Fiasco.OC, OKL4, L4ka::Pistachio, L4/Fiasco, Linux SeL4 A kernel in a library Genode’s custom kernel approach 4

  5. Genode on third-party Kernels The impetus of diversity NOVA, Fiasco.OC, OKL4, L4ka::Pistachio, L4/Fiasco, Linux SeL4 Flexibility in development and application A kernel in a library Genode’s custom kernel approach 4

  6. Genode on third-party Kernels The impetus of diversity NOVA, Fiasco.OC, OKL4, L4ka::Pistachio, L4/Fiasco, Linux SeL4 Flexibility in development and application Versatility in testing A kernel in a library Genode’s custom kernel approach 4

  7. Genode on third-party Kernels Kernel perspective Aim for comprehensive security concept A kernel in a library Genode’s custom kernel approach 5

  8. Genode on third-party Kernels Kernel perspective Aim for comprehensive security concept Self-contained unit that mistrusts all users A kernel in a library Genode’s custom kernel approach 5

  9. Genode on third-party Kernels Kernel perspective Aim for comprehensive security concept Self-contained unit that mistrusts all users Perspective of Genode’s Core Bring Kernel concept in line with Genode API A kernel in a library Genode’s custom kernel approach 5

  10. Genode on third-party Kernels Kernel perspective Aim for comprehensive security concept Self-contained unit that mistrusts all users Perspective of Genode’s Core Bring Kernel concept in line with Genode API Must be trusted anyway A kernel in a library Genode’s custom kernel approach 5

  11. Genode on third-party Kernels Drawbacks Concepts get bend in shape (Signals) A kernel in a library Genode’s custom kernel approach 6

  12. Genode on third-party Kernels Drawbacks Concepts get bend in shape (Signals) Work is done redundantly (memory management) A kernel in a library Genode’s custom kernel approach 6

  13. Genode on third-party Kernels Drawbacks Concepts get bend in shape (Signals) Work is done redundantly (memory management) Deficiencies get worked around (Capability delegation) A kernel in a library Genode’s custom kernel approach 6

  14. Creating a custom solution Idea Kernel that trusts Core and is designed for Core’s needs A kernel in a library Genode’s custom kernel approach 7

  15. Creating a custom solution Idea Kernel that trusts Core and is designed for Core’s needs Minimalistic library that enables Core to run as root domain A kernel in a library Genode’s custom kernel approach 7

  16. Creating a custom solution Idea Kernel that trusts Core and is designed for Core’s needs Minimalistic library that enables Core to run as root domain Run most critical code in the simplest manner A kernel in a library Genode’s custom kernel approach 7

  17. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 8

  18. Kernel tasks Exception vectors A kernel in a library Genode’s custom kernel approach 9

  19. Kernel tasks Exception vectors Scheduling A kernel in a library Genode’s custom kernel approach 9

  20. Kernel tasks Exception vectors Scheduling Controls interrupts A kernel in a library Genode’s custom kernel approach 9

  21. Kernel tasks Exception vectors Scheduling Controls interrupts Communication: IPC and Signals A kernel in a library Genode’s custom kernel approach 9

  22. Kernel tasks Exception vectors Scheduling Controls interrupts Communication: IPC and Signals Capabilities A kernel in a library Genode’s custom kernel approach 9

  23. Kernel tasks Exception vectors Scheduling Controls interrupts Communication: IPC and Signals Capabilities Cache and TLB maintenance A kernel in a library Genode’s custom kernel approach 9

  24. Kernel tasks Exception vectors Scheduling Controls interrupts Communication: IPC and Signals Capabilities Cache and TLB maintenance Virtualization A kernel in a library Genode’s custom kernel approach 9

  25. Kernel interface Threads, VMs PDs, Capabilities Communication, IRQs thread new/del obj new/del signal receiver new/del thread start pd new/del signal context new/del thread pause pd update irq new/del thread resume irq ack Core-only thread route event thread quota vm new/del vm run vm pause thread pause current update data region signal context kill thread resume local update instr region signal submit thread yield cap ack signal await Common cap delete signal ack msg send request msg send reply msg await request A kernel in a library Genode’s custom kernel approach 10

  26. Qualities All dynamic memory gets accounted → No exhaustion A kernel in a library Genode’s custom kernel approach 11

  27. Qualities All dynamic memory gets accounted → No exhaustion Modeled as state machine → Low complexity → Fast kernel passes A kernel in a library Genode’s custom kernel approach 11

  28. Trusted Computing Base A kernel in a library Genode’s custom kernel approach 12

  29. Trusted Computing Base A kernel in a library Genode’s custom kernel approach 13

  30. Hardware support ARMv7 ◮ Panda Board, i.MX53 QSB, USB Armory, Wand Board, Arndale, Odroid XU, Zynq, PBXA9 ◮ SMP, Virtualization, Trustzone, ... A kernel in a library Genode’s custom kernel approach 14

  31. Hardware support ARMv7 ◮ Panda Board, i.MX53 QSB, USB Armory, Wand Board, Arndale, Odroid XU, Zynq, PBXA9 ◮ SMP, Virtualization, Trustzone, ... x86 64 Bit, Raspberry Pi (ARMv6), RISC-V, Muen Separation Kernel A kernel in a library Genode’s custom kernel approach 14

  32. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 15

  33. Scheduling Absolute priorities A kernel in a library Genode’s custom kernel approach 16

  34. Scheduling Quota-bound priorities A kernel in a library Genode’s custom kernel approach 17

  35. Scheduling Quota-bound priorities A kernel in a library Genode’s custom kernel approach 18

  36. Scheduling Donation of CPU resources from parents to their children A kernel in a library Genode’s custom kernel approach 19

  37. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 20

  38. Capabilities Automatic creation or translation on IPC delegation A kernel in a library Genode’s custom kernel approach 21

  39. Capabilities Automatic creation or translation on IPC delegation No name diversity in a PD A kernel in a library Genode’s custom kernel approach 21

  40. Capabilities Automatic creation or translation on IPC delegation No name diversity in a PD Costs get accounted via PD session quota A kernel in a library Genode’s custom kernel approach 21

  41. Capabilities Collaborative lifetime management for Capabilities A kernel in a library Genode’s custom kernel approach 22

  42. Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genode’s custom kernel approach 23

  43. Communication IPC implicitely delegates CPU resources A kernel in a library Genode’s custom kernel approach 24

  44. Communication Collaborative lifetime management for Signals A kernel in a library Genode’s custom kernel approach 25

  45. Thank you! Genode OS Framework http://genode.org Genode Labs GmbH http://genode-labs.com Source code at GitHub http://github.com/genodelabs/genode A kernel in a library Genode’s custom kernel approach 26

Recommend

Introducing kernel-agnostic Genode executables Norman Feske &lt; norman.feske@genode-labs.com

Introducing kernel-agnostic Genode executables Norman Feske &lt; norman.feske@genode-labs.com

Introducing kernel-agnostic Genode executables Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Kernel diversity - Whats the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of

1.28k views • 90 slides
Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17

Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17

Dual Execution and Comparison For Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17 Parfait T okponnon Marc Lobelle mahoukpego.tokponnon@uclouvain.be marc.lobelle@uclouvain.be Outline 2

406 views • 29 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

241 views • 5 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Overview Preliminaries Kernel ridge regression Kernel -means clustering

476 views • 25 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel LinuxCon 2014, Tokyo, Japan May 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, David Herrmann, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started

1.35k views • 111 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification

Kernel PCA for SNe Kernel PCA for SNe photometric classification photometric classification Emille E. O. Ishida IAG University of Sao Paulo, Brazil In collaboration with Rafael S. De Souza (KASI) astro-ph/1201.6676 IAU General Assembly,

155 views • 14 slides
The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel

The Kernel (and Process) Abstraction Chapter 2-3 OSPP Part I Announcements Today: kernel Asynchrony Processes Protection Kernel The software component that controls the hardware directly and implements the core privileged OS

934 views • 62 slides
D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg

D-Bus in the Kernel FOSDEM 2014, Brussels, Belgium January 2014 D-Bus in the Kernel Who? Greg Kroah-Hartman, Daniel Mack, Lennart Poettering, Kay Sievers with help from Tejun Heo D-Bus in the Kernel Most newer OS designs started around

1.27k views • 111 slides
Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick:

Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick:

Quadrature-based Features for Kernel Approximation Marina Munkhoeva , Yermek Kapushev, Evgeny Burnaev, Ivan Oseledets Skoltech Skolkovo Institute of Science and Technology Kernel Methods Refresher Kernel trick: compute

1.01k views • 17 slides
TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include &lt;kernel.h&gt; WINDOW

TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include &lt;kernel.h&gt; WINDOW

TOS Arno Puder 1 Demo Kernel /* tos/kernel/main.c */ #include &lt;kernel.h&gt; WINDOW window_top = {0, 0, 80, 12, 0, 0, ' '}; WINDOW window_bottom = {0, 12, 80, 13, 0, 0, ' '}; void kernel_main() { for (int x = 0; x &lt; 80 * 25 * 2; x++)

830 views • 7 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

1 CPU Events: Interrupts and Exceptions CPU Events: Interrupts and Exceptions Protecting Entry

Processes and the Kernel Processes and the Kernel The kernel sets processes up process in private data data execution Processes, Protection and the Kernel: Processes, Protection and the Kernel: virtual contexts to address

540 views • 9 slides
Optimization for Kernel Methods S. Sathiya Keerthi Yahoo! Research, Burbank, CA, USA Kernel

Optimization for Kernel Methods S. Sathiya Keerthi Yahoo! Research, Burbank, CA, USA Kernel

Optimization for Kernel Methods S. Sathiya Keerthi Yahoo! Research, Burbank, CA, USA Kernel methods: Support Vector Machines (SVMs) Kernel Logistic Regression (KLR) Aim: To introduce a variety of optimization problems that arise in the

738 views • 59 slides
Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity Kernels in Different Applications M. Magdon-Ismail CSCI 4100/6100 recap: The Kernel Allows Us to Bypass Z -space Solve the QP 1

356 views • 12 slides
. . : =L distance functions Possible Euclidean . Manhattan - other .

. . : =L distance functions Possible Euclidean . Manhattan - other .

Midterm the Since Topics based Instance and classification ] learning NN . regression Kernel . mgohssien ... ] ' , margin than Peru &quot; learning , . .dyu, online approaches trick kernel kernel based ^ ,

345 views • 11 slides
Paper-Reading-Group Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege

Paper-Reading-Group Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege

Paper-Reading-Group Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, and Vikram Adve Nested Kernel - Motivation Monoliths have single

398 views • 17 slides
Kernel Learning with a Million Kernels Ashesh Jain SVN Vishwanathan IIT Delhi Purdue

Kernel Learning with a Million Kernels Ashesh Jain SVN Vishwanathan IIT Delhi Purdue

Kernel Learning with a Million Kernels Ashesh Jain SVN Vishwanathan IIT Delhi Purdue University Manik Varma Microsoft Research India Kernel Learning The objective in kernel learning is to jointly learn both SVM and kernel parameters

1.34k views • 38 slides
Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel

Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel

September 2016 BalCCon 2k16 Kernel Exploitation and Hardening Why we could have nice things! (using Split Kernel) Anil Kurmus kur@zurich.ibm.com IBM Research - Zurich Outline 1. Background Hardening Kernel Vulnerabilities Kernel

1.07k views • 39 slides
Alpaka An Abstraction Library for Parallel Kernel Acceleration Erik Zenker 1,2 , Benjamin

Alpaka An Abstraction Library for Parallel Kernel Acceleration Erik Zenker 1,2 , Benjamin

Alpaka An Abstraction Library for Parallel Kernel Acceleration Erik Zenker 1,2 , Benjamin Worpitz 1,2 , Ren Widera 1 ,Axel Huebl 1,2 , Guido Juckeland 1 , Andreas Knpfer 2 , Wolfgang E. Nagel 2 , Michael Bussmann 1 1 Helmholtz-Zentrum

556 views • 28 slides

More recommend