SlideShare a Scribd company logo

Mmp hotos2003-slides

Download as PPT, PDF
M
MUHAMMAD UMAIR

The document discusses Mondriaan Memory Protection (MMP), a hardware mechanism that provides efficient word-level memory protection to enforce modularity in software. It aims to address issues with large, complex software failing too often by allowing fine-grained isolation of modules with narrow, irregular interfaces. MMP supports conventional instruction set architectures and binaries with low overhead, and provides a smaller trusted computing base than safe language alternatives.

1 of 29
Download to read offline
Emmett Witchel Krste Asanović MIT Lab for Computer Science Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection
HW Works, SW Doesn’t — Negative Hardware has a bozo cousin named Software. Hardware Software
Hardware cooperates with software. Each has their strengths. HW Works, SW Doesn’t — Positive Software Hardware
Hardware cooperates with software. Each has their strengths. HW Works, SW Doesn’t — Positive Hardware Software
Software is Growing, Becoming Modular Software complexity growing quickly. Faster processors, larger memories allow more complicated software. Linux kernel growing 200,000 lines/yr. Debian Linux supports 253 different kernel modules. A module is code + data, possibly loaded at runtime, to provide functionality. Modules have narrow interfaces. Not usually as narrow as an API, some internals are exposed. Enforced by programming convention. Code Data
Modular Software is Failing Big, complex software fails too often. Device drivers are a big problem. Big, complex software is hard to maintain. Dependencies are tough to track.
Safe Languages (More SW) Not Answer Safe languages are slow and use lots of memory. Restricts implementation to a single language. Ignores a large installed base of code. Can require analysis that is difficult to scale. Safe language compiler and run-time system is hard to verify. Especially as more performance is demanded from safe language. Doing it all in SW as dumb as doing it all in HW.
Both Hardware and Software Needed Modules have narrow, but irregular interfaces. HW should enforce SW convention without getting in the way. Module execution is finely interleaved. Protection hardware should be efficient and support a general programming model. New hardware is needed to support software to make fast, robust systems.
Current Hardware Broken Page based memory protection. A reasonable design point, but we need more. Capabilities have problems. Revocation difficult [System/38, M-machine]. Tagged pointers complicate machine. Requires new instructions. Different protection values for different domains via shared capability is hard. x86 segment facilities are broken capabilities. HW that does not nourish SW.
Mondriaan Memory Protection Efficient word-level protection HW. <0.7% space overhead, <0.6% extra memory references for coarse-grained use. <9% space overhead, <8% extra memory references for fine-grained use. [Witchel ASPLOS ‘02] Compatible with conventional ISAs and binaries. HW can change, if it’s backwards compatible. Let’s put those transistors to good use. [Engler ‘01] studied linux kernel bugs. Page protection can catch 45% (e.g., null). Fine-grained protection could catch 64% (e.g., range checking).
MMP In Action Kernel ide.o Kernel loader establishes initial permission regions Kernel calls mprotect(buf0, RO, 2); 1 2 Memory Addresses 0xC00… 0xFFF… No perm Read-write Read-only Execute-read Multiple protection domains mprotect(buf1, RW, 2); mprotect(printk, EX, 2); ide.o calls mprotect(req_q, RW, 1); mprotect(mod_init, EX, 1); nfs.o ipip.o 3 4
How Much Work to Use MMP? Do nothing. Your application will still work. Change the malloc library (any dynamic lib). You can add electric fences. Change the dynamic loader. You can have module isolation. Add vmware/dynamo-like runtime system. Many possibilities for fine-grained sharing. Change the program source. You can have and control fine-grained sharing.
Trusted Computing Base of MMP MMP hardware checks every load, store and instruction fetch. MMP memory supervisor (software) writes the permissions tables read by the hardware. Provides additional functionality and semantic guarantees. MMP TCB smaller than safe language.
Memory Supervisor One protection domain (PD) to rule them all. Writes MMP tables for other domains. Handles memory protection faults. Provides basic memory management for domain creation. Enforces some memory use policies. Memory supervisor is part of kernel. User/kernel distinction still exists. MMP Supervisor Core Kernel Memory Allocators Kernel Modules 0 1 2,..,N N+1,… Kernel Protection Domains (PD-IDs)
Memory Supervisor API Create and destroy protection domains. mmp_alloc_PD(user/kernel); mmp_free_PD(recursive); Allocate and free memory. mmp_alloc(n_bytes); mmp_free(ptr); Set permissions on memory (global PD-ID supported). mmp_set_perm(ptr, len, perm, PD-ID); Control memory ownership. mmp_mem_chown(ptr, length, PD-ID);
Managing Data Heap data is owned by PD. Permissions managed with supervisor API. E.g., mmp_set_perm(&buf, 256, read-only, consumer_PD-ID); Code is owned by PD. Execute permission used within a PD. Call gates are used for cross-domain calls, which cross protection domain boundaries. Stack is difficult to do fast. 1 2
Call and Return Gates Procedure entry is call gate, exit is return gate. Call gate data stored in permissions table. Return gate returns & restores original PD. call mi ret mi: PD K PD M Addr Space PD M R mov add jne xor push
Architectural Support for Gates Architecture uses protected storage, the cross-domain call stack, to implement gates. On call gate execution: Save current PD-ID and return address on cross-domain call stack. Transfer control to PD specified in the gate. On return gate execution: Check instruction RA = RA on top of cross-domain call stack, and fault if they are different. Transfer control to RA in PD specified by popping cross-domain call stack. PD M R
Are Gate Semantics Useful? Returns are paired with calls. Works for callbacks. Works for closures. Works for most implementations of exceptions (not setjmp/longjmp). Maybe need a call-only gate. To support continuations and more exception models. Allow cross-domain call stack to be paged out.
Stack Headache Threads cross PDs, and multiple threads allowed in one PD. So no single PD can own the stack. MMP for stack permissions work, but it is slow. Can copy stack parameters on entry/exit. Can add more hardware to make it efficient. Can exploit stack usage properties. How prevalent are writes to stack parameters?
Finding Modularity in the OS Let MMP enforce module boundaries already present in software. Defining proper trust relations between modules is a huge task. Not one I want to do by hand. Can we get 90% of the benefit from 5% of the effort?
Using Symbol Information Symbol import/export gives information about trust relations. Module that imports “printk” symbol will need permission to call printk. Data imports are trickier than code imports. E.g., code can follow a pointer out of a structure imported via symbol name. Do array names name the array or just one entry?
Measuring OS Modularity Is module interface narrow? Yes, according to symbol information. Measured the static data dependence between modules and the kernel. How often are module boundaries crossed? Often, at least in the boot. Measured dynamic calling pattern.
Size of Kernel Modules Modules are small and mostly code.
Number of Imported Call Gates 4,031 named entry points in kernel.
Size of Imported Data (KB) Kernel has 551KB of static data. Block devices import arrays of structures.
Measuring Cross-Domain Calls Instrumented bochs simulator to gather data about module interactions in Debian Linux 2.4.19. Enforce module boundaries: deal with module loader, deal with module version strings in text section, etc. 284,822 protection domain switches in the billion instruction boot. 3,353 instructions between domain switch. 97.5% switches to IDE disc driver. This is fine-grained interleaving.
Additional Applications Once you have fine-grained protection, exciting possibilities for system design become possible. Eliminate memory copying from syscalls. Provide specialized kernel entry points. Enable optimistic compiler optimizations. Implement C++ const.
Conclusion Hardware should help make software more reliable. Without getting in the way of the software programming model. MMP enables fast, robust, and extensible software systems. Previously it was pick two out of three.
Ad

Recommended

F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
National Cheng Kung University
 
Lec10. Memory and storage
Lec10. Memory and storageLec10. Memory and storage
Lec10. Memory and storage
AnzaDar3
 
Unit 1 four part pocessor and memory
Unit 1 four part pocessor and memoryUnit 1 four part pocessor and memory
Unit 1 four part pocessor and memory
Neha Kurale
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
Vasily Sartakov
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
Vasily Sartakov
 
Spring objectives
Spring objectivesSpring objectives
Spring objectives
Emertxe Information Technologies Pvt Ltd
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
Vasily Sartakov
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit
webuploader
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
Patrick Bellasi
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Arm based controller - basic bootcamp
Arm based controller - basic bootcampArm based controller - basic bootcamp
Arm based controller - basic bootcamp
Roy Messinger
 
Linux Network Management
Linux Network ManagementLinux Network Management
Linux Network Management
Anil Kumar Pugalia
 
Multiprocessor architecture and programming
Multiprocessor architecture and programmingMultiprocessor architecture and programming
Multiprocessor architecture and programming
Raul Goycoolea Seoane
 
Threads
ThreadsThreads
Threads
Anil Kumar Pugalia
 
Embedded Software Design
Embedded Software DesignEmbedded Software Design
Embedded Software Design
Anil Kumar Pugalia
 
Multi core-architecture
Multi core-architectureMulti core-architecture
Multi core-architecture
Piyush Mittal
 
Multicore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash PrajapatiMulticore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash Prajapati
Ankit Raj
 
L4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewL4 Microkernel :: Design Overview
L4 Microkernel :: Design Overview
National Cheng Kung University
 
Implementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applicationsImplementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applications
IOSR Journals
 
Embedded Storage Management
Embedded Storage ManagementEmbedded Storage Management
Embedded Storage Management
Anil Kumar Pugalia
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
Anil Kumar Pugalia
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoT
National Cheng Kung University
 
Mem hierarchy
Mem hierarchyMem hierarchy
Mem hierarchy
Vaibhav Bajaj
 
Multicore computers
Multicore computersMulticore computers
Multicore computers
Syed Zaid Irshad
 
Linux Porting
Linux PortingLinux Porting
Linux Porting
Anil Kumar Pugalia
 
Toolchain
ToolchainToolchain
Toolchain
Anil Kumar Pugalia
 
Embedded systemppt2343
Embedded systemppt2343Embedded systemppt2343
Embedded systemppt2343
Punumalli Sekhar Babu
 
Photo shoot
Photo shootPhoto shoot
Photo shoot
MUHAMMAD UMAIR
 
Presentation Of Sandra
Presentation Of SandraPresentation Of Sandra
Presentation Of Sandra
sandra jhoana
 
Ad

More Related Content

What's hot (20)

7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit
webuploader
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
Patrick Bellasi
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Arm based controller - basic bootcamp
Arm based controller - basic bootcampArm based controller - basic bootcamp
Arm based controller - basic bootcamp
Roy Messinger
 
Linux Network Management
Linux Network ManagementLinux Network Management
Linux Network Management
Anil Kumar Pugalia
 
Multiprocessor architecture and programming
Multiprocessor architecture and programmingMultiprocessor architecture and programming
Multiprocessor architecture and programming
Raul Goycoolea Seoane
 
Threads
ThreadsThreads
Threads
Anil Kumar Pugalia
 
Embedded Software Design
Embedded Software DesignEmbedded Software Design
Embedded Software Design
Anil Kumar Pugalia
 
Multi core-architecture
Multi core-architectureMulti core-architecture
Multi core-architecture
Piyush Mittal
 
Multicore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash PrajapatiMulticore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash Prajapati
Ankit Raj
 
L4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewL4 Microkernel :: Design Overview
L4 Microkernel :: Design Overview
National Cheng Kung University
 
Implementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applicationsImplementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applications
IOSR Journals
 
Embedded Storage Management
Embedded Storage ManagementEmbedded Storage Management
Embedded Storage Management
Anil Kumar Pugalia
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
Anil Kumar Pugalia
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoT
National Cheng Kung University
 
Mem hierarchy
Mem hierarchyMem hierarchy
Mem hierarchy
Vaibhav Bajaj
 
Multicore computers
Multicore computersMulticore computers
Multicore computers
Syed Zaid Irshad
 
Linux Porting
Linux PortingLinux Porting
Linux Porting
Anil Kumar Pugalia
 
Toolchain
ToolchainToolchain
Toolchain
Anil Kumar Pugalia
 
Embedded systemppt2343
Embedded systemppt2343Embedded systemppt2343
Embedded systemppt2343
Punumalli Sekhar Babu
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit
webuploader
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
Patrick Bellasi
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Arm based controller - basic bootcamp
Arm based controller - basic bootcampArm based controller - basic bootcamp
Arm based controller - basic bootcamp
Roy Messinger
 
Linux Network Management
Linux Network ManagementLinux Network Management
Linux Network Management
Anil Kumar Pugalia
 
Multiprocessor architecture and programming
Multiprocessor architecture and programmingMultiprocessor architecture and programming
Multiprocessor architecture and programming
Raul Goycoolea Seoane
 
Threads
ThreadsThreads
Threads
Anil Kumar Pugalia
 
Embedded Software Design
Embedded Software DesignEmbedded Software Design
Embedded Software Design
Anil Kumar Pugalia
 
Multi core-architecture
Multi core-architectureMulti core-architecture
Multi core-architecture
Piyush Mittal
 
Multicore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash PrajapatiMulticore processor by Ankit Raj and Akash Prajapati
Multicore processor by Ankit Raj and Akash Prajapati
Ankit Raj
 
L4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewL4 Microkernel :: Design Overview
L4 Microkernel :: Design Overview
National Cheng Kung University
 
Implementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applicationsImplementation of RISC-Based Architecture for Low power applications
Implementation of RISC-Based Architecture for Low power applications
IOSR Journals
 
Embedded Storage Management
Embedded Storage ManagementEmbedded Storage Management
Embedded Storage Management
Anil Kumar Pugalia
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
Anil Kumar Pugalia
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoT
National Cheng Kung University
 
Mem hierarchy
Mem hierarchyMem hierarchy
Mem hierarchy
Vaibhav Bajaj
 
Multicore computers
Multicore computersMulticore computers
Multicore computers
Syed Zaid Irshad
 
Linux Porting
Linux PortingLinux Porting
Linux Porting
Anil Kumar Pugalia
 
Toolchain
ToolchainToolchain
Toolchain
Anil Kumar Pugalia
 
Embedded systemppt2343
Embedded systemppt2343Embedded systemppt2343
Embedded systemppt2343
Punumalli Sekhar Babu
 

Viewers also liked (6)

Photo shoot
Photo shootPhoto shoot
Photo shoot
MUHAMMAD UMAIR
 
Presentation Of Sandra
Presentation Of SandraPresentation Of Sandra
Presentation Of Sandra
sandra jhoana
 
Green marketing
Green marketingGreen marketing
Green marketing
MUHAMMAD UMAIR
 
invert720 gallery
invert720 galleryinvert720 gallery
invert720 gallery
Justin_Armstrong
 
Seo uisstudenter261010-1
Seo uisstudenter261010-1Seo uisstudenter261010-1
Seo uisstudenter261010-1
Ingeborg Dirdal
 
Vevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Vevdronningen offentlig virksomhet i sosiale medier, bare enkeltVevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Vevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Ingeborg Dirdal
 
Photo shoot
Photo shootPhoto shoot
Photo shoot
MUHAMMAD UMAIR
 
Presentation Of Sandra
Presentation Of SandraPresentation Of Sandra
Presentation Of Sandra
sandra jhoana
 
Green marketing
Green marketingGreen marketing
Green marketing
MUHAMMAD UMAIR
 
invert720 gallery
invert720 galleryinvert720 gallery
invert720 gallery
Justin_Armstrong
 
Seo uisstudenter261010-1
Seo uisstudenter261010-1Seo uisstudenter261010-1
Seo uisstudenter261010-1
Ingeborg Dirdal
 
Vevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Vevdronningen offentlig virksomhet i sosiale medier, bare enkeltVevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Vevdronningen offentlig virksomhet i sosiale medier, bare enkelt
Ingeborg Dirdal
 
Ad

Similar to Mmp hotos2003-slides (20)

Oct2009
Oct2009Oct2009
Oct2009
guest81ab2b4
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
Walking around linux kernel
Walking around linux kernelWalking around linux kernel
Walking around linux kernel
Dharshana Kasun Warusavitharana
 
2337610
23376102337610
2337610
hantfhan
 
Software for embedded systems complete
Software for embedded systems completeSoftware for embedded systems complete
Software for embedded systems complete
Anand Kumar
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Benjim Thomas Mathew
 
What Have We Lost - A look at some historical techniques
What Have We Lost - A look at some historical techniquesWhat Have We Lost - A look at some historical techniques
What Have We Lost - A look at some historical techniques
LloydMoore
 
Os note
Os noteOs note
Os note
kaiderellachan
 
Embedded os
Embedded osEmbedded os
Embedded os
chian417
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
Diane Allen
 
Ijaprr vol1-2-13-60-64tejinder
Ijaprr vol1-2-13-60-64tejinderIjaprr vol1-2-13-60-64tejinder
Ijaprr vol1-2-13-60-64tejinder
ijaprr_editor
 
os
osos
os
lavanya lalu
 
4.Process.ppt
4.Process.ppt4.Process.ppt
4.Process.ppt
AkfeteAssefa
 
The Cell Processor
The Cell ProcessorThe Cell Processor
The Cell Processor
Heiko Joerg Schick
 
Bab 4
Bab 4Bab 4
Bab 4
n k
 
Interview Question of Aspdotnet
Interview Question of AspdotnetInterview Question of Aspdotnet
Interview Question of Aspdotnet
MohitKumar1985
 
Binary translation
Binary translationBinary translation
Binary translation
GFI Software
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
Emertxe Information Technologies Pvt Ltd
 
L05 parallel
L05 parallelL05 parallel
L05 parallel
MEPCO Schlenk Engineering College
 
Ecoz presentation
Ecoz presentationEcoz presentation
Ecoz presentation
Shehla Afzal Mawan
 
Oct2009
Oct2009Oct2009
Oct2009
guest81ab2b4
 
Evolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave ProbertEvolution of the Windows Kernel Architecture, by Dave Probert
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
Walking around linux kernel
Walking around linux kernelWalking around linux kernel
Walking around linux kernel
Dharshana Kasun Warusavitharana
 
2337610
23376102337610
2337610
hantfhan
 
Software for embedded systems complete
Software for embedded systems completeSoftware for embedded systems complete
Software for embedded systems complete
Anand Kumar
 
Embedded Systems
Embedded SystemsEmbedded Systems
Embedded Systems
Benjim Thomas Mathew
 
What Have We Lost - A look at some historical techniques
What Have We Lost - A look at some historical techniquesWhat Have We Lost - A look at some historical techniques
What Have We Lost - A look at some historical techniques
LloydMoore
 
Os note
Os noteOs note
Os note
kaiderellachan
 
Embedded os
Embedded osEmbedded os
Embedded os
chian417
 
Linux Assignment 3
Linux Assignment 3Linux Assignment 3
Linux Assignment 3
Diane Allen
 
Ijaprr vol1-2-13-60-64tejinder
Ijaprr vol1-2-13-60-64tejinderIjaprr vol1-2-13-60-64tejinder
Ijaprr vol1-2-13-60-64tejinder
ijaprr_editor
 
os
osos
os
lavanya lalu
 
4.Process.ppt
4.Process.ppt4.Process.ppt
4.Process.ppt
AkfeteAssefa
 
The Cell Processor
The Cell ProcessorThe Cell Processor
The Cell Processor
Heiko Joerg Schick
 
Bab 4
Bab 4Bab 4
Bab 4
n k
 
Interview Question of Aspdotnet
Interview Question of AspdotnetInterview Question of Aspdotnet
Interview Question of Aspdotnet
MohitKumar1985
 
Binary translation
Binary translationBinary translation
Binary translation
GFI Software
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
Emertxe Information Technologies Pvt Ltd
 
L05 parallel
L05 parallelL05 parallel
L05 parallel
MEPCO Schlenk Engineering College
 
Ecoz presentation
Ecoz presentationEcoz presentation
Ecoz presentation
Shehla Afzal Mawan
 
Ad

More from MUHAMMAD UMAIR (20)

MPH1.pptx
MPH1.pptxMPH1.pptx
MPH1.pptx
MUHAMMAD UMAIR
 
My Own Demography 2 Population Composition.pptx
My Own Demography 2 Population Composition.pptxMy Own Demography 2 Population Composition.pptx
My Own Demography 2 Population Composition.pptx
MUHAMMAD UMAIR
 
My Own Demography 3 Population Pyramid.pptx
My Own Demography 3 Population Pyramid.pptxMy Own Demography 3 Population Pyramid.pptx
My Own Demography 3 Population Pyramid.pptx
MUHAMMAD UMAIR
 
Demography 1 Introduction.pptx
Demography 1 Introduction.pptxDemography 1 Introduction.pptx
Demography 1 Introduction.pptx
MUHAMMAD UMAIR
 
My Own Demography 4 Demographic transition.pptx
My Own Demography 4 Demographic transition.pptxMy Own Demography 4 Demographic transition.pptx
My Own Demography 4 Demographic transition.pptx
MUHAMMAD UMAIR
 
Crescent Fibres
Crescent FibresCrescent Fibres
Crescent Fibres
MUHAMMAD UMAIR
 
Wind energy(Pakistan)
Wind energy(Pakistan)Wind energy(Pakistan)
Wind energy(Pakistan)
MUHAMMAD UMAIR
 
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
MUHAMMAD UMAIR
 
Site talk world_domination_jan_2011
Site talk world_domination_jan_2011Site talk world_domination_jan_2011
Site talk world_domination_jan_2011
MUHAMMAD UMAIR
 
Unaico business information_training
Unaico business information_trainingUnaico business information_training
Unaico business information_training
MUHAMMAD UMAIR
 
Why men die early
Why men die earlyWhy men die early
Why men die early
MUHAMMAD UMAIR
 
Unconditional love
Unconditional loveUnconditional love
Unconditional love
MUHAMMAD UMAIR
 
Tomorrow
TomorrowTomorrow
Tomorrow
MUHAMMAD UMAIR
 
Put mouse on nose
Put mouse on nosePut mouse on nose
Put mouse on nose
MUHAMMAD UMAIR
 
Luckier
LuckierLuckier
Luckier
MUHAMMAD UMAIR
 
Look into this
Look into thisLook into this
Look into this
MUHAMMAD UMAIR
 
Kids
KidsKids
Kids
MUHAMMAD UMAIR
 
Friendship
FriendshipFriendship
Friendship
MUHAMMAD UMAIR
 
Friends
FriendsFriends
Friends
MUHAMMAD UMAIR
 
Food[1]
Food[1]Food[1]
Food[1]
MUHAMMAD UMAIR
 
MPH1.pptx
MPH1.pptxMPH1.pptx
MPH1.pptx
MUHAMMAD UMAIR
 
My Own Demography 2 Population Composition.pptx
My Own Demography 2 Population Composition.pptxMy Own Demography 2 Population Composition.pptx
My Own Demography 2 Population Composition.pptx
MUHAMMAD UMAIR
 
My Own Demography 3 Population Pyramid.pptx
My Own Demography 3 Population Pyramid.pptxMy Own Demography 3 Population Pyramid.pptx
My Own Demography 3 Population Pyramid.pptx
MUHAMMAD UMAIR
 
Demography 1 Introduction.pptx
Demography 1 Introduction.pptxDemography 1 Introduction.pptx
Demography 1 Introduction.pptx
MUHAMMAD UMAIR
 
My Own Demography 4 Demographic transition.pptx
My Own Demography 4 Demographic transition.pptxMy Own Demography 4 Demographic transition.pptx
My Own Demography 4 Demographic transition.pptx
MUHAMMAD UMAIR
 
Crescent Fibres
Crescent FibresCrescent Fibres
Crescent Fibres
MUHAMMAD UMAIR
 
Wind energy(Pakistan)
Wind energy(Pakistan)Wind energy(Pakistan)
Wind energy(Pakistan)
MUHAMMAD UMAIR
 
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
OIL AND GAS DEVELOPMENT CORPORATION PAKISTAN(OGDCL)
MUHAMMAD UMAIR
 
Site talk world_domination_jan_2011
Site talk world_domination_jan_2011Site talk world_domination_jan_2011
Site talk world_domination_jan_2011
MUHAMMAD UMAIR
 
Unaico business information_training
Unaico business information_trainingUnaico business information_training
Unaico business information_training
MUHAMMAD UMAIR
 
Why men die early
Why men die earlyWhy men die early
Why men die early
MUHAMMAD UMAIR
 
Unconditional love
Unconditional loveUnconditional love
Unconditional love
MUHAMMAD UMAIR
 
Tomorrow
TomorrowTomorrow
Tomorrow
MUHAMMAD UMAIR
 
Put mouse on nose
Put mouse on nosePut mouse on nose
Put mouse on nose
MUHAMMAD UMAIR
 
Luckier
LuckierLuckier
Luckier
MUHAMMAD UMAIR
 
Look into this
Look into thisLook into this
Look into this
MUHAMMAD UMAIR
 
Kids
KidsKids
Kids
MUHAMMAD UMAIR
 
Friendship
FriendshipFriendship
Friendship
MUHAMMAD UMAIR
 
Friends
FriendsFriends
Friends
MUHAMMAD UMAIR
 
Food[1]
Food[1]Food[1]
Food[1]
MUHAMMAD UMAIR
 

Mmp hotos2003-slides

  • 1. Emmett Witchel Krste Asanović MIT Lab for Computer Science Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection
  • 2. HW Works, SW Doesn’t — Negative Hardware has a bozo cousin named Software. Hardware Software
  • 3. Hardware cooperates with software. Each has their strengths. HW Works, SW Doesn’t — Positive Software Hardware
  • 4. Hardware cooperates with software. Each has their strengths. HW Works, SW Doesn’t — Positive Hardware Software
  • 5. Software is Growing, Becoming Modular Software complexity growing quickly. Faster processors, larger memories allow more complicated software. Linux kernel growing 200,000 lines/yr. Debian Linux supports 253 different kernel modules. A module is code + data, possibly loaded at runtime, to provide functionality. Modules have narrow interfaces. Not usually as narrow as an API, some internals are exposed. Enforced by programming convention. Code Data
  • 6. Modular Software is Failing Big, complex software fails too often. Device drivers are a big problem. Big, complex software is hard to maintain. Dependencies are tough to track.
  • 7. Safe Languages (More SW) Not Answer Safe languages are slow and use lots of memory. Restricts implementation to a single language. Ignores a large installed base of code. Can require analysis that is difficult to scale. Safe language compiler and run-time system is hard to verify. Especially as more performance is demanded from safe language. Doing it all in SW as dumb as doing it all in HW.
  • 8. Both Hardware and Software Needed Modules have narrow, but irregular interfaces. HW should enforce SW convention without getting in the way. Module execution is finely interleaved. Protection hardware should be efficient and support a general programming model. New hardware is needed to support software to make fast, robust systems.
  • 9. Current Hardware Broken Page based memory protection. A reasonable design point, but we need more. Capabilities have problems. Revocation difficult [System/38, M-machine]. Tagged pointers complicate machine. Requires new instructions. Different protection values for different domains via shared capability is hard. x86 segment facilities are broken capabilities. HW that does not nourish SW.
  • 10. Mondriaan Memory Protection Efficient word-level protection HW. <0.7% space overhead, <0.6% extra memory references for coarse-grained use. <9% space overhead, <8% extra memory references for fine-grained use. [Witchel ASPLOS ‘02] Compatible with conventional ISAs and binaries. HW can change, if it’s backwards compatible. Let’s put those transistors to good use. [Engler ‘01] studied linux kernel bugs. Page protection can catch 45% (e.g., null). Fine-grained protection could catch 64% (e.g., range checking).
  • 11. MMP In Action Kernel ide.o Kernel loader establishes initial permission regions Kernel calls mprotect(buf0, RO, 2); 1 2 Memory Addresses 0xC00… 0xFFF… No perm Read-write Read-only Execute-read Multiple protection domains mprotect(buf1, RW, 2); mprotect(printk, EX, 2); ide.o calls mprotect(req_q, RW, 1); mprotect(mod_init, EX, 1); nfs.o ipip.o 3 4
  • 12. How Much Work to Use MMP? Do nothing. Your application will still work. Change the malloc library (any dynamic lib). You can add electric fences. Change the dynamic loader. You can have module isolation. Add vmware/dynamo-like runtime system. Many possibilities for fine-grained sharing. Change the program source. You can have and control fine-grained sharing.
  • 13. Trusted Computing Base of MMP MMP hardware checks every load, store and instruction fetch. MMP memory supervisor (software) writes the permissions tables read by the hardware. Provides additional functionality and semantic guarantees. MMP TCB smaller than safe language.
  • 14. Memory Supervisor One protection domain (PD) to rule them all. Writes MMP tables for other domains. Handles memory protection faults. Provides basic memory management for domain creation. Enforces some memory use policies. Memory supervisor is part of kernel. User/kernel distinction still exists. MMP Supervisor Core Kernel Memory Allocators Kernel Modules 0 1 2,..,N N+1,… Kernel Protection Domains (PD-IDs)
  • 15. Memory Supervisor API Create and destroy protection domains. mmp_alloc_PD(user/kernel); mmp_free_PD(recursive); Allocate and free memory. mmp_alloc(n_bytes); mmp_free(ptr); Set permissions on memory (global PD-ID supported). mmp_set_perm(ptr, len, perm, PD-ID); Control memory ownership. mmp_mem_chown(ptr, length, PD-ID);
  • 16. Managing Data Heap data is owned by PD. Permissions managed with supervisor API. E.g., mmp_set_perm(&buf, 256, read-only, consumer_PD-ID); Code is owned by PD. Execute permission used within a PD. Call gates are used for cross-domain calls, which cross protection domain boundaries. Stack is difficult to do fast. 1 2
  • 17. Call and Return Gates Procedure entry is call gate, exit is return gate. Call gate data stored in permissions table. Return gate returns & restores original PD. call mi ret mi: PD K PD M Addr Space PD M R mov add jne xor push
  • 18. Architectural Support for Gates Architecture uses protected storage, the cross-domain call stack, to implement gates. On call gate execution: Save current PD-ID and return address on cross-domain call stack. Transfer control to PD specified in the gate. On return gate execution: Check instruction RA = RA on top of cross-domain call stack, and fault if they are different. Transfer control to RA in PD specified by popping cross-domain call stack. PD M R
  • 19. Are Gate Semantics Useful? Returns are paired with calls. Works for callbacks. Works for closures. Works for most implementations of exceptions (not setjmp/longjmp). Maybe need a call-only gate. To support continuations and more exception models. Allow cross-domain call stack to be paged out.
  • 20. Stack Headache Threads cross PDs, and multiple threads allowed in one PD. So no single PD can own the stack. MMP for stack permissions work, but it is slow. Can copy stack parameters on entry/exit. Can add more hardware to make it efficient. Can exploit stack usage properties. How prevalent are writes to stack parameters?
  • 21. Finding Modularity in the OS Let MMP enforce module boundaries already present in software. Defining proper trust relations between modules is a huge task. Not one I want to do by hand. Can we get 90% of the benefit from 5% of the effort?
  • 22. Using Symbol Information Symbol import/export gives information about trust relations. Module that imports “printk” symbol will need permission to call printk. Data imports are trickier than code imports. E.g., code can follow a pointer out of a structure imported via symbol name. Do array names name the array or just one entry?
  • 23. Measuring OS Modularity Is module interface narrow? Yes, according to symbol information. Measured the static data dependence between modules and the kernel. How often are module boundaries crossed? Often, at least in the boot. Measured dynamic calling pattern.
  • 24. Size of Kernel Modules Modules are small and mostly code.
  • 25. Number of Imported Call Gates 4,031 named entry points in kernel.
  • 26. Size of Imported Data (KB) Kernel has 551KB of static data. Block devices import arrays of structures.
  • 27. Measuring Cross-Domain Calls Instrumented bochs simulator to gather data about module interactions in Debian Linux 2.4.19. Enforce module boundaries: deal with module loader, deal with module version strings in text section, etc. 284,822 protection domain switches in the billion instruction boot. 3,353 instructions between domain switch. 97.5% switches to IDE disc driver. This is fine-grained interleaving.
  • 28. Additional Applications Once you have fine-grained protection, exciting possibilities for system design become possible. Eliminate memory copying from syscalls. Provide specialized kernel entry points. Enable optimistic compiler optimizations. Implement C++ const.
  • 29. Conclusion Hardware should help make software more reliable. Without getting in the way of the software programming model. MMP enables fast, robust, and extensible software systems. Previously it was pick two out of three.