lectures.alex.balgavy.eu

Lecture notes from university.
git clone git://git.alex.balgavy.eu/lectures.alex.balgavy.eu.git
Log | Files | Refs | Submodules

index.md (2801B)

      1 +++
      2 title = 'Kernels'
      3 +++
      4 # Kernels
      5 the type of kernel that you use, and the OS architecture, depends on the application
      6 
      7 ## Monolithic kernels
      8 
      9 - main program invokes syscall
     10 - kernel is underlying monolithic block:
     11     - service procedures carry out syscalls
     12     - utility procedures help implement service procedures
     13 
     14 ![screenshot.png](0e624a52ade3b11abb07f9a24a963169.png)
     15 
     16 - separate applications and OS using privilege levels into user and kernel
     17     - on x86, 4 privilege levels (but in practice mostly 2 are used)
     18     - this is supported by the hardware directly
     19     - if only goal is to separate untrustworthy apps from lower level shit, you only need 2 separate levels
     20     - if you include more levels, there’s a cost associated with switching between levels, so why do it if it’s not needed
     21 
     22 ![screenshot.png](55b6743c4ad50038449a7386842f601b.png)
     23 
     24 ## Virtualisation
     25 
     26 - originally to separate multiprogramming from extended machine
     27 - N independent system call interfaces
     28 
     29 ![screenshot.png](4b168ee0b75e0b83e6a2836382ad2698.png)
     30 
     31 - Virtual machine monitor (VMM/Hypervisor) emulates hardware
     32 - types:
     33     - 1: VMM runs on bare metal (like Xen)
     34 
     35         ![screenshot.png](c4b6fb9769649f44cf95457e873af74d.png)
     36 
     37     - 2: VMM hosted on OS (like QEMU)
     38 
     39         ![screenshot.png](2b9ac9aed621fe6db99275ca232c4ac2.png)
     40 
     41     - Hybrid: VMM inside OS (like KVM)
     42 
     43 ## Exokernel
     44 
     45 - separate resource control from extended machine
     46 - unlike VMM/Hypervisor, it:
     47     - does not emulate hardware. only resource manager
     48     - only provides *safe* low-level resource sharing
     49     - service procedures are offered as library linked directly to application -- "Library OS"
     50 - different library OSes for different programs, allows application-level specialisation
     51 
     52 ## Client/server model (microkernel)
     53 
     54 - organise service procedures in programs running in separate processes (system services/drivers)
     55 - high level of isolation
     56 - processes communicate via message passing
     57 - calls rely on the same mechanism (message passing)
     58 - messaging is implemented in microkernel (minimal kernel)
     59 - principle of least privilege -- isolate every service in its own domain (address space, process, etc.)
     60 - this is more secure, but lower performance (always a tradeoff). have to switch between modes and shit
     61 
     62 ![screenshot.png](c67b727b70fbbe38dcdbbec5ab520c95.png)
     63 
     64 ## Microvisor
     65 
     66 - combination of hypervisor and microkernel
     67 - different OS architectures have different design points, people look at convergence and tradeoffs
     68 
     69 ![screenshot.png](d9c66553585d53ea07bf5a4bfc141b28.png)
     70 
     71 ## Unikernel
     72 
     73 - "single simple application implementing whatever in the cloud, in most efficient way"
     74 - squash application and OS kernel into one thing, don't need all of the other stuff like process management
     75 - gets rid of all of the overhead