introducing kernel agnostic genode executables
play

Introducing kernel-agnostic Genode executables Norman Feske < - PowerPoint PPT Presentation

Jul 13, 2023 •359 likes •1.28k views

Introducing kernel-agnostic Genode executables Norman Feske < norman.feske@genode-labs.com > Outline 1. Kernel diversity - Whats the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of

  1. Introducing kernel-agnostic Genode executables Norman Feske < norman.feske@genode-labs.com >

  2. Outline 1. Kernel diversity - What’s the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of IPC Virtual-memory management Custom tooling 3. From a uniform API to binary compatibility 4. Future prospects Introducing kernel-agnostic Genode executables 2

  3. Outline 1. Kernel diversity - What’s the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of IPC Virtual-memory management Custom tooling 3. From a uniform API to binary compatibility 4. Future prospects Introducing kernel-agnostic Genode executables 3

  4. Despair-driven development Introducing kernel-agnostic Genode executables 4

  5. Despair-driven development 2003: Security came into focus of the L4 community Capability-based security → new kernel generation Genode started as the designated user land of NOVA Introducing kernel-agnostic Genode executables 4

  6. Despair-driven development 2003: Security came into focus of the L4 community Capability-based security → new kernel generation Genode started as the designated user land of NOVA Problem: NOVA did not exist How to build a user land for a non-existing kernel? Planning in terms of interim solutions Weak assumptions about the kernel Introducing kernel-agnostic Genode executables 4

  7. Despair-driven development 2003: Security came into focus of the L4 community Capability-based security → new kernel generation Genode started as the designated user land of NOVA Problem: NOVA did not exist How to build a user land for a non-existing kernel? Planning in terms of interim solutions Weak assumptions about the kernel Approach: Target two existing kernels at once Opposite ends of a spectrum: Linux and L4/Fiasco If it works on those, it should be portable to NOVA Introducing kernel-agnostic Genode executables 4

  8. Reassuring experiences Introducing kernel-agnostic Genode executables 5

  9. Reassuring experiences Boosting our development ◮ Quick development-test cycle on GNU/Linux ◮ Debugging via GDB, strace ◮ Kernel debugger on L4/Fiasco Introducing kernel-agnostic Genode executables 5

  10. Reassuring experiences Boosting our development ◮ Quick development-test cycle on GNU/Linux ◮ Debugging via GDB, strace ◮ Kernel debugger on L4/Fiasco Stressing the robustness of our code Different kernels expose subtle problems Introducing kernel-agnostic Genode executables 5

  11. Reassuring experiences Boosting our development ◮ Quick development-test cycle on GNU/Linux ◮ Debugging via GDB, strace ◮ Kernel debugger on L4/Fiasco Stressing the robustness of our code Different kernels expose subtle problems Cross-correlating bugs and performance problems Introducing kernel-agnostic Genode executables 5

  12. Reassuring experiences Boosting our development ◮ Quick development-test cycle on GNU/Linux ◮ Debugging via GDB, strace ◮ Kernel debugger on L4/Fiasco Stressing the robustness of our code Different kernels expose subtle problems Cross-correlating bugs and performance problems Getting clarity of application-level requirements Introducing kernel-agnostic Genode executables 5

  13. Benefiting from a high diversity of kernels Kernels differ in many respects: Hardware-platform support Leveraged hardware features Virtualization, IOMMU, SMP, TrustZone Performance, security, scheduling Implementation, License Community Introducing kernel-agnostic Genode executables 6

  14. Maintenance burden Surprisingly little kernel-specific code! Repository Source lines of code repos/ 254,367 repos/base/ 23,282 repos/base-fiasco/ 1,563 repos/base-foc/ 3,264 repos/base-linux/ 3,582 repos/base-nova/ 5,711 repos/base-okl4/ 1,958 repos/base-pistachio/ 1,869 repos/base-sel4/ 3,300 repos/base-hw/ 14,751 → manageable Introducing kernel-agnostic Genode executables 7

  15. Emergence of a vision What POSIX is for monolithic OSes, Genode may become for microkernel-based OSes. → Deliberate cultivation of cross-kernel interoperability Introducing kernel-agnostic Genode executables 8

  16. Outline 1. Kernel diversity - What’s the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of IPC Virtual-memory management Custom tooling 3. From a uniform API to binary compatibility 4. Future prospects Introducing kernel-agnostic Genode executables 9

  17. Overcoming prevalent assumptions Introducing kernel-agnostic Genode executables 10

  18. Overcoming prevalent assumptions Application requirements are rather mysterious Preoccupation with scalability and performance concerns POSIX (?) Thread-local storage (?) Introducing kernel-agnostic Genode executables 10

  19. Overcoming prevalent assumptions Application requirements are rather mysterious Preoccupation with scalability and performance concerns POSIX (?) Thread-local storage (?) We disregarded those premises (liberating!) Introducing kernel-agnostic Genode executables 10

  20. Overcoming prevalent assumptions Application requirements are rather mysterious Preoccupation with scalability and performance concerns POSIX (?) Thread-local storage (?) We disregarded those premises (liberating!) ...to be considered later. Introducing kernel-agnostic Genode executables 10

  21. Holistic architecture Clean-slate design Introducing kernel-agnostic Genode executables 11

  22. Hiding the construction of components Traditional: Tight user-kernel interplay Introducing kernel-agnostic Genode executables 12

  23. Hiding the construction of components Traditional: Tight user-kernel interplay Interesting at application level: Defining the executable to load → ROM dataspace Exercising control over the new protection domain → Parent-child RPC interface Introducing kernel-agnostic Genode executables 12

  24. Hiding the construction of components Traditional: Tight user-kernel interplay Interesting at application level: Defining the executable to load → ROM dataspace Exercising control over the new protection domain → Parent-child RPC interface Approach: Satisfy those requirements, hide “loading” mechanics Introducing kernel-agnostic Genode executables 12

  25. Outline 1. Kernel diversity - What’s the appeal? 2. Bridging the gap between kernels Notion of components Raising the level of abstraction of IPC Virtual-memory management Custom tooling 3. From a uniform API to binary compatibility 4. Future prospects Introducing kernel-agnostic Genode executables 13

  26. Traditional: IPC involves kernel details Microkernel IPC ridden with technicalities and jargon thread IDs, task IDs, portals, message registers, message tags, message dopes, message-buffer layouts, UTCBs, MTDs, hot spots, CRDs, receive windows, badges, reply capabilities, flex pages, string items, timeouts, short IPC vs. long IPC Introducing kernel-agnostic Genode executables 14

  27. Traditional: IPC involves kernel details Microkernel IPC ridden with technicalities and jargon thread IDs, task IDs, portals, message registers, message tags, message dopes, message-buffer layouts, UTCBs, MTDs, hot spots, CRDs, receive windows, badges, reply capabilities, flex pages, string items, timeouts, short IPC vs. long IPC IDL compilers supposedly hide those details. Introducing kernel-agnostic Genode executables 14

  28. Traditional: IPC involves kernel details Microkernel IPC ridden with technicalities and jargon thread IDs, task IDs, portals, message registers, message tags, message dopes, message-buffer layouts, UTCBs, MTDs, hot spots, CRDs, receive windows, badges, reply capabilities, flex pages, string items, timeouts, short IPC vs. long IPC IDL compilers supposedly hide those details. But they don’t. Introducing kernel-agnostic Genode executables 14

  29. IPC from the application’s perspective Introducing kernel-agnostic Genode executables 15

  30. IPC from the application’s perspective Genode’s API level: Consistent and simple nomenclature (client, server, session, RPC object, capability) Synchronous RPC in the strictest sense (RPC stub code generated by C++ templates, no IDL) Introducing kernel-agnostic Genode executables 15

  31. IPC from the application’s perspective Genode’s API level: Consistent and simple nomenclature (client, server, session, RPC object, capability) Synchronous RPC in the strictest sense (RPC stub code generated by C++ templates, no IDL) Capabilities instead of global name spaces (lifetime managed as C++ smart pointer) Introducing kernel-agnostic Genode executables 15

  32. IPC from the application’s perspective Genode’s API level: Consistent and simple nomenclature (client, server, session, RPC object, capability) Synchronous RPC in the strictest sense (RPC stub code generated by C++ templates, no IDL) Capabilities instead of global name spaces (lifetime managed as C++ smart pointer) Asynchronous notifications without payload (like interrupts) Introducing kernel-agnostic Genode executables 15

Recommend

Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17

Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17

Dual Execution and Comparison For Genode Components Performance Penalty And Challenges FOSDEM Micro-kernel Devroom, 04/02/17 Parfait T okponnon Marc Lobelle mahoukpego.tokponnon@uclouvain.be marc.lobelle@uclouvain.be Outline 2

406 views • 29 slides
A kernel in a library Genodes custom kernel approach Martin Stein &lt;

A kernel in a library Genodes custom kernel approach Martin Stein &lt;

A kernel in a library Genodes custom kernel approach Martin Stein &lt; martin.stein@genode-labs.com &gt; Outline 1. Motivation 2. Overview 3. Scheduling 4. Capabilities 5. Communication A kernel in a library Genodes custom kernel

798 views • 45 slides
Genode - OS Security By Design Dr.-Ing. Norman Feske &lt; norman.feske@genode-labs.com &gt;

Genode - OS Security By Design Dr.-Ing. Norman Feske &lt; norman.feske@genode-labs.com &gt;

Genode - OS Security By Design Dr.-Ing. Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Introduction 2. Architectural Principles 3. Showcases 4. Current Topics Genode - OS Security By Design 2 Outline 1. Introduction 2.

920 views • 33 slides
Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske &lt;

Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske &lt;

Microkernel-based Systems Summer School 2013: Genode OS Framework Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Why do we need another operating system? 2. Genode entering the picture 3. Architectural Principles 4. Core -

1.28k views • 99 slides
Introducing a radically componentized GUI architecture Norman Feske &lt;

Introducing a radically componentized GUI architecture Norman Feske &lt;

Introducing a radically componentized GUI architecture Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Starting point 2. Ingredients 3. Challenges and solutions 4. Next steps Introducing a radically componentized GUI

426 views • 38 slides
Reaching puberty: How Genode is becoming a general-purpose OS Norman Feske &lt;

Reaching puberty: How Genode is becoming a general-purpose OS Norman Feske &lt;

Reaching puberty: How Genode is becoming a general-purpose OS Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Background 2. Noux runtime for Unix software 3. Challenges of dynamic system composition 4. Fundamental features 5.

618 views • 42 slides
Live-sculpting a Genode-based operating system Norman Feske &lt; norman.feske@genode-labs.com

Live-sculpting a Genode-based operating system Norman Feske &lt; norman.feske@genode-labs.com

Live-sculpting a Genode-based operating system Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Base system 2. Storage, networking 3. Extending the system 4. Road Map for 2018 Live-sculpting a Genode-based operating system 2

534 views • 32 slides
mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc &amp; Julien

mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc &amp; Julien

mikro - Introducing a C ++ Mikro Kernel Victor Aperc &amp; Julien Freche Introduction Kernel types mikro - Introducing a C ++ Mikro Kernel mikro Low level C ++ Design Victor Aperc &amp; Julien Freche considerations Features and

642 views • 49 slides
Genode as general-purpose OS progress report and demonstration Norman Feske &lt;

Genode as general-purpose OS progress report and demonstration Norman Feske &lt;

Genode as general-purpose OS progress report and demonstration Norman Feske &lt; norman.feske@genode-labs.com &gt; Outline 1. Introduction 2. The long way towards general-purpose computing Fundamentals Functionality Resource utilization

739 views • 39 slides
MANA for MPI MPI-Agnostic Network-Agnostic Transparent Checkpointing Rohan Garg, *Gregory Price,

MANA for MPI MPI-Agnostic Network-Agnostic Transparent Checkpointing Rohan Garg, *Gregory Price,

MANA for MPI MPI-Agnostic Network-Agnostic Transparent Checkpointing Rohan Garg, *Gregory Price, and Gene Cooperman Northeastern University Why checkpoint, and why transparently? Whether for maintenance, analysis, time-sharing, load balancing,

778 views • 40 slides
Compiler CS 449 Executables and gcc Object Linking Preprocessed C source files source

Compiler CS 449 Executables and gcc Object Linking Preprocessed C source files source

Compiler CS 449 Executables and gcc Object Linking Preprocessed C source files source Executable .c cpp cc1 .o ld Preprocessor Compiler Linker Jonathan Misurda jmisurda@cs.pitt.edu Executables Older Executable Formats What

302 views • 3 slides
Process Control processes and executables job control ps and kill top at

Process Control processes and executables job control ps and kill top at

Process Control processes and executables job control ps and kill top at cron, crontab, and calendar Processes vs. Executables A process is a program that is executing in memory. An executable is a program that

533 views • 20 slides
LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt,

LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt,

LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt, Andreas Straub, Goran Piskachev injections grow on trees 1 SHOTGUN UNPARSER SHOTGUN UNPARSER 1 if (recursive || print_dir_name) 2 { 3 if

640 views • 27 slides
1 Directory &amp; File Structure code/filesys/ Holds implementation of both stub and

1 Directory &amp; File Structure code/filesys/ Holds implementation of both stub and

Nachos Tutorial Courtesy: University of Waterloo Outline Directory &amp; File Structure Threads &amp; Synchronization Unix vs. Kernel vs. User Programs MIPS Simulator &amp; Nachos Address Spaces &amp; Executables

228 views • 10 slides
A Brief Survey through Genodes ARMv8 Playground Stefan Kalkowski &lt;

A Brief Survey through Genodes ARMv8 Playground Stefan Kalkowski &lt;

A Brief Survey through Genodes ARMv8 Playground Stefan Kalkowski &lt; stefan.kalkowski@genode-labs.com &gt; Outline 1. Introduction 2. Genode Embedded Prospects Kiosk System IoT Gateway Industry control system 3. Roadmap 2020 A Brief

685 views • 14 slides
Pool-based Agnostic Pool-based Agnostic Experiment Design Experiment Design in Linear

Pool-based Agnostic Pool-based Agnostic Experiment Design Experiment Design in Linear

ECML2008 Sep. 15-19, 2008 Pool-based Agnostic Pool-based Agnostic Experiment Design Experiment Design in Linear Regression in Linear Regression Masashi Sugiyama (Tokyo Tech.) Shinichi Nakajima (Nikon) 2 Linear Regression Linear

437 views • 25 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher &lt;

Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher &lt;

Microkernel virtualization under one roof - dare the impossible - Alexander Bttcher &lt; alexander.boettcher@genode-labs.com &gt; Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion

941 views • 55 slides
1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice

Machine Learning Class Notes 9-25-12 Prof. David Sontag 1 Kernel methods &amp; optimization One example of a kernel that is frequently used in practice and which allows for highly non-linear discriminant functions is the Gaussian kernel,

241 views • 5 slides
Task-Agnostic Dynamics Priors for Deep Reinforcement Learning Yilun Du 1 , Karthik Narasimhan 2

Task-Agnostic Dynamics Priors for Deep Reinforcement Learning Yilun Du 1 , Karthik Narasimhan 2

Task-Agnostic Dynamics Priors for Deep Reinforcement Learning Yilun Du 1 , Karthik Narasimhan 2 1 MIT, 2 Princeton Key Questions t t+1 Can we learn physics in a task-agnostic fashion? Does it help sample efficiency of RL? Can we

555 views • 14 slides
Analyzing Memory Accesses in x86 Executables Gogul Balakrishnan Thomas Reps University of

Analyzing Memory Accesses in x86 Executables Gogul Balakrishnan Thomas Reps University of

Analyzing Memory Accesses in x86 Executables Gogul Balakrishnan Thomas Reps University of Wisconsin Motivation Basic infrastructure for language-based security buffer-overrun detection information-flow vulnerabilities . . .

931 views • 39 slides
PRACTICAL CONTROL FLOW INTEGRITY &amp; RANDOMIZATION FOR BINARY EXECUTABLES Christos Tselas,

PRACTICAL CONTROL FLOW INTEGRITY &amp; RANDOMIZATION FOR BINARY EXECUTABLES Christos Tselas,

PRACTICAL CONTROL FLOW INTEGRITY &amp; RANDOMIZATION FOR BINARY EXECUTABLES Christos Tselas, AM:875 Elisjana Ymeralli, AM:801 Ioanna Ramoutsaki, AM: 812 Vasilis Glabedakis, AM: 2921 cs-457 Department: Computer Science, University of Crete

584 views • 42 slides
CS485/685 Lecture 16: March 1, 2012 Agnostic Learning [BDSS] Chapters 2, 3 CS485/685 (c) 2012 P.

CS485/685 Lecture 16: March 1, 2012 Agnostic Learning [BDSS] Chapters 2, 3 CS485/685 (c) 2012 P.

01/03/2012 CS485/685 Lecture 16: March 1, 2012 Agnostic Learning [BDSS] Chapters 2, 3 CS485/685 (c) 2012 P. Poupart 1 Agnostic PAC Learning Definition: A learner that doesnt assume that contains an error free hypothesis and that simply

82 views • 7 slides
PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair

PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair

PE-Miner : Mining Structural Information to Detect Malicious Executables in Realtime M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza, Muddassar Farooq RAID,2009

881 views • 36 slides

More recommend