A Linux in unikernel clothing

Unikernels leverage library OS architectures to run isolated workloads on the cloud. They have garnered attention in part due to their promised performance characteristics such as small image size, fast boot time, low memory footprint and application performance. However, those that aimed at generality fall short of the application compatibility, robustness and, more importantly, community that is available for Linux. In this paper, we describe and evaluate Lupine Linux, a standard Linux system that---through kernel configuration specialization and system call overhead elimination---achieves unikernel-like performance, in fact outperforming at least one reference unikernel in all of the above dimensions. At the same time, Lupine can run any application (since it is Linux) when faced with more general workloads, whereas many unikernels simply crash. We demonstrate a graceful degradation of unikernel-like performance properties.

[1]  Don Marti,et al.  OSv - Optimizing the Operating System for Virtual Machines , 2014, USENIX Annual Technical Conference.

[2]  Wolfgang Schröder-Preikschat,et al.  Static Analysis of Variability in System Software: The 90, 000 #ifdefs Issue , 2014, USENIX Annual Technical Conference.

[3]  Paul Emmerich,et al.  User Space Network Drivers , 2019, 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[4]  Akinori Yonezawa,et al.  Kernel Mode Linux: Toward an Operating System Protected by a Type Theory , 2003, ASIAN.

[5]  Chandra Krintz,et al.  Linux kernel special-ization for scientific application performance , 2005 .

[6]  Paal E. Engelstad,et al.  IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[7]  Christina Delimitrou,et al.  X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers , 2019, ASPLOS.

[8]  Dan Williams,et al.  Say Goodbye to Virtualization for a Safer Cloud , 2018, HotCloud.

[9]  Wolfgang Schröder-Preikschat,et al.  Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring , 2013, NDSS.

[10]  Justin Cormack,et al.  The rump kernel : A tool for driver development and a toolkit for applications , 2015 .

[11]  Mayur Naik,et al.  Effective Program Debloating via Reinforcement Learning , 2018, CCS.

[12]  Somesh Jha,et al.  Cimplifier: automatically debloating containers , 2017, ESEC/SIGSOFT FSE.

[13]  Michael Stumm,et al.  An analysis of performance evolution of Linux's core operations , 2019, SOSP.

[14]  Schröder-PreikschatWolfgang,et al.  Efficient extraction and analysis of preprocessor-based variability , 2010 .

[15]  Wolfgang Schröder-Preikschat,et al.  A robust approach for variability extraction from the Linux build system , 2012, SPLC '12.

[16]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[17]  HowellJon,et al.  Rethinking the library OS from the top down , 2011 .

[18]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[19]  Donald E. Porter,et al.  Rethinking the library OS from the top down , 2011, ASPLOS XVI.

[20]  Zhendong Su,et al.  Perses: Syntax-Guided Program Reduction , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[21]  Dan Williams,et al.  Unikernels as Processes , 2018, SoCC.

[22]  Richard Jones,et al.  Unikernels: The Next Stage of Linux's Dominance , 2019, HotOS.

[23]  Hashim Sharif,et al.  Trimmer: Application Specialization for Code Debloating , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[24]  Jim-Min Lin,et al.  Linux kernel customization for embedded systems by using call graph approach , 2003, ASP-DAC '03.

[25]  Rüdiger Kapitza,et al.  EsseOS: Haskell-based tailored services for the cloud , 2013, ARM '13.

[26]  Florian Schmidt,et al.  My VM is Lighter (and Safer) than your Container , 2017, SOSP.

[27]  Donald E. Porter,et al.  Cooperation and security isolation of library OSes for multi-process applications , 2014, EuroSys '14.

[28]  Wei-Tsong Lee,et al.  An Application-Oriented Linux Kernel Customization for Embedded Systems , 2004, J. Inf. Sci. Eng..

[29]  Christian Dietrich,et al.  Configuration coverage in the analysis of large-scale system software , 2011, PLOS '11.

[30]  Tianyin Xu,et al.  Set the Configuration for the Heart of the OS , 2020, Proc. ACM Meas. Anal. Comput. Syst..

[31]  Wolfgang Schröder-Preikschat,et al.  Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability , 2012, HotDep.

[32]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[33]  Peng Liu,et al.  JRed: Program Customization and Bloatware Mitigation Based on Static Analysis , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[34]  Binoy Ravindran,et al.  A binary-compatible unikernel , 2019, VEE.

[35]  Chenxiong Qian,et al.  RAZOR: A Framework for Post-deployment Software Debloating , 2019, USENIX Security Symposium.

[36]  Rakesh Bobba,et al.  MultiK: A Framework for Orchestrating Multiple Specialized Kernels , 2019, ArXiv.

[37]  Paul Emmerich,et al.  Writing User Space Network Drivers , 2019, ArXiv.

[38]  Wolfgang Schröder-Preikschat,et al.  Efficient extraction and analysis of preprocessor-based variability , 2010, GPCE '10.

[39]  Han Dong,et al.  EbbRT: A Framework for Building Per-Application Library Operating Systems , 2016, OSDI.

[40]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[41]  Dan Williams,et al.  Unikernel Monitors: Extending Minimalism Outside of the Box , 2016, HotCloud.

[42]  Lok-Kwong Yan,et al.  Debloating Software through Piece-Wise Compilation and Loading , 2018, USENIX Security Symposium.

[43]  Olivier Barais,et al.  Learning Very Large Configuration Spaces: What Matters for Linux Kernel Sizes , 2019 .

[44]  Nicolae Tapus,et al.  LKL: The Linux kernel library , 2010, 9th RoEduNet IEEE International Conference.

[45]  Dan Williams,et al.  Will Serverless End the Dominance of Linux in the Cloud? , 2017, HotOS.

[46]  Guru Venkataramani,et al.  TOSS: Tailoring Online Server Systems through Binary Feature Customization , 2018 .

[47]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.