High Velocity Kernel File Systems with Bento

High development velocity is critical for modern cloud systems. However, rapid development and release cycles have mostly skipped operating systems. Modifications to behavior in Linux, the most widely used server operating system in the cloud, must be done slowly to minimize risk of introducing bugs, be limited in scope, or be implemented in userspace with a potential performance penalty. We propose Bento, a framework for high velocity development of Linux kernel file systems. Bento is inspired by the recent availability of type-safe, non-garbage collected languages like Rust. It interposes a thin layer between kernel calls to the file system and file system calls back to the kernel, exposing alternative interfaces to enable kernel file systems written in safe Rust. Future work will provide support for online upgrades, userspace debugging, and composable filesystems. We evaluate Bento by using it to implement the xv6 file system and comparing against baselines written using the kernel VFS layer and FUSE. We find that the Bento filesystem achieves comparable performance to the VFS version and much better performance than the FUSE version. We also evaluate against ext4 on the macrobenchmarks and find that ext4 performs between 33% and 3.2x better than the Bento xv6 file system.

[1]  Yogen K. Dalal,et al.  Pilot: an operating system for a personal computer , 1980, CACM.

[2]  Miguel Castro,et al.  Fast byte-granularity software fault isolation , 2009, SOSP '09.

[3]  James R. Larus,et al.  Singularity: rethinking the software stack , 2007, OPSR.

[4]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[5]  Abutalib Aghayev,et al.  File systems unfit as distributed storage backends: lessons from 10 years of Ceph evolution , 2019, SOSP.

[6]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[7]  Amin Vahdat,et al.  Transparent Result Caching , 1997, USENIX Annual Technical Conference.

[8]  Cody Cutler,et al.  The benefits and costs of writing a POSIX kernel in a high-level language , 2018, OSDI.

[9]  Timothy Roscoe,et al.  Decoupling Cores, Kernels, and Operating Systems , 2014, OSDI.

[10]  Christopher Frost,et al.  Spanner: Google's Globally-Distributed Database , 2012, OSDI.

[11]  Cristiano Giuffrida,et al.  Safe and automatic live update for operating systems , 2013, ASPLOS '13.

[12]  Andrea C. Arpaci-Dusseau,et al.  File Systems as Processes , 2019, HotStorage.

[13]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[14]  Adrian Schüpbach,et al.  The multikernel: a new OS architecture for scalable multicore systems , 2009, SOSP '09.

[15]  Thomas E. Anderson,et al.  TAS: TCP Acceleration as an OS Service , 2019, EuroSys.

[16]  Jing Liu,et al.  I'm Not Dead Yet!: The Role of the Operating System in a Kernel-Bypass Era , 2019, HotOS.

[17]  Xi Wang,et al.  Software fault isolation with API integrity and multi-principal modules , 2011, SOSP.

[18]  Haibo Chen,et al.  Live updating operating systems using virtualization , 2006, VEE '06.

[19]  Philip Levis,et al.  Multiprogramming a 64kB Computer Safely and Efficiently , 2017, SOSP.

[20]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[21]  Mingshen Sun,et al.  Securing the Device Drivers of Your Embedded Systems: Framework and Prototype , 2019, ARES.

[22]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[23]  Amin Vahdat,et al.  Snap: a microkernel approach to host networking , 2019, SOSP.

[24]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[25]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[26]  Brian N. Bershad,et al.  User-level interprocess communication for shared memory multiprocessors , 1991, TOCS.

[27]  Ashish Bijlani,et al.  Extension Framework for File Systems in User space , 2019, USENIX Annual Technical Conference.

[28]  Jeffrey C. Mogul,et al.  Nines are Not Enough: Meaningful Metrics for Clouds , 2019, HotOS.

[29]  Adam Chlipala,et al.  Using Crash Hoare logic for certifying the FSCQ file system , 2015, USENIX Annual Technical Conference.

[30]  Erez Zadok,et al.  To FUSE or Not to FUSE: Performance of User-Space File Systems , 2017, FAST.

[31]  Pandian Raju,et al.  Finding Crash-Consistency Bugs with Bounded Black-Box Crash Testing , 2018, OSDI.

[32]  Nicolas Christin,et al.  Push-Button Verification of File Systems via Crash Refinement , 2016, USENIX Annual Technical Conference.

[33]  Kyung Dong Ryu,et al.  Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels , 2007, EuroSys '07.