Transcript sample PPT 2 - Virginia Tech

VirtuOS: an operating system with kernel virtualization
Ruslan Nikolaev, Godmar Back
Virginia Tech, Blacksburg
2. Related Work
1. Motivation
Problem: Lack of isolation
and protection for core
systems code in monolithic
OS.
• Well-known problem –
numerous studies &
experience have
indicated reliability
rd
problems, largely with 3
party code.
User
Processes
File
System
Monolithic
OS
TCP/IP
kernel
Ethernet
SATA
Kernel
Memory
Manager
Process
Manager
PCI
Existing Designs:
Rely on privilege separation and protection domains.
Examples: µ-Kernels, User-level
User
Processes
drivers and file systems, VMBased Isolation
File
TCP/IP
System
Challenge: provide isolation
while retaining performance &
Ethernet
SATA
compatibility.
Virtual
Guest OS 1 … Guest OS n
Machines
Memory
Manager
Process
Manager
PCI
Hypervisor
Approach: Decompose & Isolate Components.
µKernel OS
µKernel
4. Architecture: Primary & Service Domains
3. VirtuOS Design Characteristics
VirtuOS
Decomposition of vertical slices of a monolithic kernel into
service domains
Strong Isolation & Device Protection through hardwaresupported virtual machines
Separate Failure & Recovery of service domains
Transparent to kernel code
Compatible with POSIX application code
Good Performance due to fast interdomain communication
User
Processes
Storage
Domain
Primary
Domain
Memory
Manager
Process
Manager
Network
Domain
File System
TCP/IP
SATA
Ethernet
PCI
PCI
PCI
Hypervisor
5. VirtuOS Implementation Highlights
6. Experimental Results
• Direct system call handling by remote domains via system
call dispatch through shared memory request queues
• Integrated with user-level M:N threading to avoid
interdomain signaling cost
• Shared lock free request and ready queues for dispatch &
wakeup
• Supports all of POSIX (including polling & signals)
• Minimal changes to existing Linux system (<20KLoC)
Failure Recovery scenario demonstrates isolation. A program
using a storage domain is unaffected by the network domain’s
failure. Good Performance is retained for both multiprocess &
multithreaded workloads.
[Results are consistent with relative stddev < 2%.]
...
Resume
Shared
Regions
Ready
Queue
syscall-backend
Service Domain 1
Network domain
abruptly terminates
60
40
Network domain
Is restarted
20
storage
network
0
0
50
0
0
25
Time, s
Remote client
resumes transfer
Kernel
syscall-backend
syscall-frontend
syscall-xen
Hypervisor
Source Code available at:
people.cs.vt.edu/~rnikola
...
Kernel Worker
Thread n.k
Service Domain n
virtuosos_4K
linux_4K
280
210
140
70
virtuos
0
0
100
200
300
Number of Threads
400
100
125
150
virtuosos_8K
linux_8K
virtuosos_16K
linux_16K
4. FileIO/Sysbench
3. OLTP/Sysbench mySQL
350
75
Concurrency
Throughput, req/s
Request
Queue
Kernel Worker
Thread n.1
50
10 20 30 40 50 60 70 80
Remote client
starts transfer
…
100
Resume
/dev/syscall
Primary Domain
Kernel Worker
Thread 1.n
Throughput, req/s
User Process k
Local system call
M:N pthreads
Kernel Worker
Thread 1.1
2. Apache Throughput
Throughput, MB/s
libc-sclib
Request
Queue
Transfer Rate, MB/s
Dispatch
1. Failure Recovery
4000
3000
2000
1000
virtuos
0
0
100
200
300
Number of Threads
400