Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers."— Presentation transcript:

1 Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers

2 What are the big problems? Performance? –Solved by Intel Functionality? –Solved by Microsoft Scalability? –Solved by Akamai Reliability? –Solved by Boeing, NASA

3 Reliability is the problem When do my parents call me? –When their computer crashes. Reliability is getting better! –Computers now execute 100x more cycles between crashes than 10 years ago But that was on a 486-33… But I now have three computers in my office and two at home… But my computers are on 24x7 so I can check the weather faster…

4 Windows 2000 Failure Analysis. Device drivers 16% Core NT 43% Other third- party drivers 16% Anti-virus 12% 12% HardwareFailure13% Source: Brendan Murphy, Sample from PSS Incidents: NT4 Drivers for HCL HW 7% Drivers for NonHCL HW 20% HW Failure 22% Anti-Virus 4% System Config 34% Other 3rd Party Kernel code 11% MSInternalCode 2% Other IFSDrivers 0% Windows 2000

5 Drivers are the culprit! 32% of NT 4 faults, 27% of W2k faults –Microsoft knows how to fix bugs Drivers are the bulk of the code in the kernel –Accounts for largest portion of source code –Accounts for large portion of runtime code Hardware failures make things worse

6 Why are drivers hard? Not written by software companies Challenging programming environment Absolute correctness required Complex asynchronous device protocols

7 What can we do about it? There have been past projects on isolating code: –Multics –Microkernels – Mach, L4, Fluke –Extensible kernels – Spin, Exokernel, Vino –Safe code – SFI, Java Why not isolate drivers?

8 Goals Preserve investment in existing OS –Don’t require rewrite of large portions of kernel Preserve investments in existing drivers –Allow existing drivers to execute safely with just recompilation Allow different isolation techniques for different drivers, depending on needs –SFI for low-latency –VM protection for high-throughput

9 Why is this feasible? Drivers: –Have a limited interface to kernel –Have limited dependencies from other code –Are designed to be loaded/unloaded independently –Make few performance-critical calls-backs into kernel

10 How hard is this? What makes it hard? –Shared state between drivers and kernel –Weak processors What makes it easy? –Read only parameters –Void functions

11 Architecture

12 Optimizations Defer as much work as possible –Timers are only manipulated when already context switching –Packets are only received when context switching Provide local resource pools –Local pool of socket buffers, stacks, local heaps

13 Implementation Implemented in Linux 2.4.10 –147 call into kernel –10 interfaces to drivers File operations, VM operations, network device operations, timers, interrupts … 103 calls into drivers Duplicated kernel page table grants drivers read- only access to kernel memory Lowered privileg level prevents drivers from deadlocking

14 Wrapping and Protection Protection domain switch when calling into drivers –Identify all calls to/from kernel –Implement wrapper functions for all calls Grant drivers read-only access to kernel memory Trap privileged instructions when running at with lowered privileges

15 Hacks for evaluation Don’t run with separate page table –Just flush TLB instead Don’t run with lowered privileges –Just trap to kernel at appropriate times

16 Evaluation Test platform: Blackbox machines –1.7 GHz P4 –1 GB sdram –Intel PRO/1000 gigabit Ethernet NIC 200 microsecond round trip time Configurations –Isolate performance impact of wrapping calls, flushing TLB, trapping to kernel

17

18

19

20

21 Ongoing / Future work Create page table structure for safe drivers on IA-32 Allow recovery of drivers without full restart –Hardware is idempotent… –Rather than rebooting driver, just retry request

22 Conclusions Operating systems should remove their dependence on driver safety Processors are fast enough spend a little performance on isolation Existing operating systems can be extended to run existing driver code safely

Download ppt "Nooks: an architecture for safe device drivers Mike Swift, The Wild and Crazy Guy, Hank Levy and Susan Eggers."

Similar presentations

Nooks: Safe Device Drivers with Lightweight Kernel Protection Domains Mike Swift, Steve Martin Hank Levy, Susan Eggers, Brian Bershad University of Washington.

Nooks: Safe Device Drivers with Lightweight Kernel Protection Domains Mike Swift, Steve Martin Hank Levy, Susan Eggers, Brian Bershad University of Washington.
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
OS Components and Structure

OS Components and Structure
Compaq Enterprise Technical Symposium 2001 OpenVMS on the Itanium TM Processor Family Clair Grant OpenVMS Engineering Clair Grant OpenVMS Engineering.

Compaq Enterprise Technical Symposium 2001 OpenVMS on the Itanium TM Processor Family Clair Grant OpenVMS Engineering Clair Grant OpenVMS Engineering.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.

Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
1/21/2008CSCI 315 Operating Systems Design1 Operating System Structures Notice: The slides for this lecture have been largely based on those accompanying.

1/21/2008CSCI 315 Operating Systems Design1 Operating System Structures Notice: The slides for this lecture have been largely based on those accompanying.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,

Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.

1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.
Microkernels: Mach and L4

Microkernels: Mach and L4
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
G22.3250-001 Robert Grimm New York University Xen and Nooks.

G Robert Grimm New York University Xen and Nooks.
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”

Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.

Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.

CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.
CSE 451: Operating Systems Winter 2012 Module 18 Virtual Machines Mark Zbikowski and Gary Kimura.

CSE 451: Operating Systems Winter 2012 Module 18 Virtual Machines Mark Zbikowski and Gary Kimura.

Similar presentations

Ads by Google