论文信息 - The SawMill multiserver approach

The SawMill multiserver approach

Multiserver systems, operating systems composed from a set of hardware-protected servers, initially generated significant interest in the early 1990's. If a monolithic operating system could be decomposed into a set of servers with well-defined interfaces and well-understood protection mechanisms, then the robustness and configurability of operating systems could be improved significantly. However, initial multiserver systems [4, 14] were hampered by poor performance and software engineering complexity. The Mach microkernel [10] base suffered from a number of performance problems (e.g., IPC), and a number of difficult problems must be solved to enable the construction of a system from orthogonal servers (e.g., unified buffer management, coherent security, flexible server interface design, etc.).In the meantime, a number of important research results have been generated that lead us to believe that a re-evaluation of multiserver system architectures is warranted. First, microkernel technology has vastly improved since Mach. L4 [13] and Exokernel [6] are two recent microkernels upon which efficient servers have been constructed (i.e., L4Linux for L4 [12] and ExOS for Exokernel [9]). In these systems, the servers are independent OSes, but we are encouraged that the kernel and server overheads, in particular context switches overheads, are minimized. Second, we have seen marked improvements in memory management approaches that enable zero-copy protocols (e.g., fbufs [5] and emulated copy [3]). Other advances include, improved kernel modularity [7], component model services [8], multiserver security protocols, etc. Note that we are not the only researchers who believe it is time to re-examine multiservers, as a multiserver system is also being constructed on the Pebble kernel [11].In addition, there is a greater need for multiserver architectures now. Consider the emergence of a variety of specialized, embedded systems. Traditionally, each embedded system includes a specialized operating system. Given the expected proliferation of such systems, the number of operating systems that must be built will increase significantly. Tools for configuring operating systems from existing servers will become increasingly more valuable, and adequate protection among servers will be necessary to guard valuable information that may be stored on such systems (e.g., private keys). This is exactly the motivation for multiserver systems.In this paper, we define the SawMill multiserver approach. This approach consists of: (1) an architecture upon which efficient and robust multiserver systems can be constructed and (2) a set of protocol design guidelines for solving key multiserver problems. First, the SawMill architecture consists of a set of user-level servers executing on the L4 microkernel and a set of services that enable these servers to obtain and manage resources locally. Second, the SawMill protocol design guidelines enable system designers to minimize the communication overheads introduced by protection boundaries between servers. We demonstrate the SawMill approach for two server systems derived from the Linux code base: (1) an Ext2 file system and (2) an IP network system.The remainder of the paper is structured as follows. In Section 2, we define the problems that must be solved in converting a monolithic operating system into a multiserver operating system. In Sections 3 and 4, we define the SawMill architecture and the protocol design approach, respectively. In Section 5, we demonstrate some of these guidelines in the file system and network system implementations. In Section 6, we examine the performance of the current SawMill Linux system.

[1] Eric Eide,et al. Flick: a flexible, optimizing IDL compiler , 1997, PLDI '97.

[2] Towards a New Strategy , 1984 .

[3] Robert Grimm,et al. Application performance and flexibility on exokernel systems , 1997, SOSP.

[4] Trent Jaeger,et al. The SawMill framework for VM diversity , 2001 .

[5] David D. Clark,et al. A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[6] Abraham Silberschatz,et al. The Pebble Component-Based Operating System , 1999, USENIX Annual Technical Conference, General Track.

[7] Jochen Liedtke,et al. The performance of μ-kernel-based systems , 1997, SOSP.

[8] José Carlos Brustoloni,et al. Effects of buffering semantics on I/O performance , 1996, OSDI '96.

[9] Jochen Liedtke,et al. On micro-kernel construction , 1995, SOSP.

[10] Jay Lepreau,et al. The Flux OSKit: a substrate for kernel and language research , 1997, SOSP.

[11] J. Liedtke. On -Kernel Construction , 1995 .

[12] Daniel P. Julin,et al. Mach-US: Unix On Generic OS Object Servers , 1995, USENIX.

[13] Larry L. Peterson,et al. Fbufs: a high-bandwidth cross-domain transfer facility , 1994, SOSP '93.

[14] Dawson R. Engler,et al. Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.