Kernels.html (4718B)
1 <?xml version="1.0" encoding="UTF-8"?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 <html><head><link rel="stylesheet" href="sitewide.css"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="exporter-version" content="Evernote Mac 7.6 (457297)"/><meta name="altitude" content="-0.2267845571041107"/><meta name="author" content="Alex Balgavy"/><meta name="created" content="2018-11-01 13:43:06 +0000"/><meta name="latitude" content="52.33450351828412"/><meta name="longitude" content="4.866719213400291"/><meta name="source" content="desktop.mac"/><meta name="updated" content="2018-12-03 15:33:19 +0000"/><title>Kernels</title></head><body><div>the type of kernel that you use, and the OS architecture, depends on the application</div><div><br/></div><div><span style="font-size: 21px; font-weight: bold;">Monolithic kernels</span></div><ul><li><div>main program invokes syscall</div></li><li><div>kernel is underlying monolithic block:</div></li><ul><li><div>service procedures carry out syscalls</div></li><li><div>utility procedures help implement service procedures</div><div><img src="Kernels.resources/screenshot_1.png" height="245" width="545"/></div></li></ul><li><div>separate applications and OS using privilege levels into user and kernel</div></li><ul><li><div>on x86, 4 privilege levels (but in practice mostly 2 are used)</div></li><li><div>this is supported by the hardware directly</div></li><li><div>if only goal is to separate untrustworthy apps from lower level shit, you only need 2 separate levels</div></li><li><div>if you include more levels, there’s a cost associated with switching between levels, so why do it if it’s not needed</div><div><img src="Kernels.resources/screenshot_2.png" height="481" width="573"/></div></li></ul></ul><div><br/></div><div><span style="font-size: 21px; font-weight: bold;">Virtualisation</span></div><ul><li><div>originally to separate multiprogramming from extended machine</div></li><li><div>N independent system call interfaces</div><div><img src="Kernels.resources/screenshot.png" height="162" width="553"/></div></li><li><div>Virtual machine monitor (VMM/Hypervisor) emulates hardware</div></li><li><div>types:</div></li><ul><li><div>1: VMM runs on bare metal (like Xen)</div><div><img src="Kernels.resources/screenshot_5.png" height="198" width="123"/></div></li><li><div>2: VMM hosted on OS (like QEMU)</div><div><img src="Kernels.resources/screenshot_6.png" height="206" width="184"/></div></li><li><div>Hybrid: VMM inside OS (like KVM)</div></li></ul></ul><div><br/></div><h2>Exokernel</h2><ul><li><div>separate resource control from extended machine</div></li><li><div>unlike VMM/Hypervisor, it: 4 </div></li><ul><li><div>does not emulate hardware. only resource manager</div></li><li><div>only provides <span style="font-style: italic;">safe</span> low-level resource sharing</div></li><li><div>service procedures are offered as library linked directly to application -- "Library OS"</div></li></ul><li><div>different library OSes for different programs, allows application-level specialisation</div></li></ul><div><br/></div><h2>Client/server model (microkernel)</h2><ul><li><div>organise service procedures in programs running in separate processes (system services/drivers)</div></li><li><div>high level of isolation</div></li><li><div>processes communicate via message passing</div></li><li><div>calls rely on the same mechanism (message passing)</div></li><li><div>messaging is implemented in microkernel (minimal kernel)</div></li><li><div>principle of least privilege -- isolate every service in its own domain (address space, process, etc.)</div></li><li><div>this is more secure, but lower performance (always a tradeoff). have to switch between modes and shit</div></li></ul><div><br/></div><div style="margin-left: 40px;"><img src="Kernels.resources/screenshot_4.png" height="158" width="536"/></div><h2><br/></h2><h2>Microvisor<br/></h2><ul><li><div>combination of hypervisor and microkernel</div></li><li><div>different OS architectures have different design points, people look at convergence and tradeoffs</div></li></ul><div style="margin-left: 40px;"><br/></div><div style="margin-left: 40px;"><img src="Kernels.resources/screenshot_3.png" height="348" width="328"/></div><div><br/></div><h2>Unikernel</h2><ul><li><div>"single simple application implementing whatever in the cloud, in most efficient way"</div></li><li><div>squash application and OS kernel into one thing, don't need all of the other stuff like process management</div></li><li><div>gets rid of all of the overhead</div></li></ul><div><br/></div></body></html>