Managing Kernel Memory Resources from User Level
نویسندگان
چکیده
In order to implement abstractions like threads or address spaces, operating system kernels need to maintain the corresponding metadata. This metadata is usually stored in kernel memory, i.e. in a region of physical memory that is reserved for kernel use. As the amount of available kernel memory is limited, its allocation must be controlled carefully; otherwise, applications can run a denial-of-service attack against the kernel by consuming all of its resources. Some operating system kernels have addressed this problem by providing powerful management policies. However, with a single global policy, it is difficult to accommodate multiple domains with different requirements at the same time. Also, existing solutions allow only limited control over kernel memory; for example, it is often not possible to reduce an allocation, except by killing the task that currently holds it. This makes it difficult to respond to changing load situations or suspected denial-of-service attacks. In this thesis, we present a new scheme which uses paged virtual memory to control kernel memory resources from user level. Memory can be preempted from the kernel and restored later; any kernel metadata affected by this is converted into an external representation, which can be safely exported. To demonstrate our approach, we apply it to an existing kernel, the L4 microkernel. We also present an experimental implementation.
منابع مشابه
Implementing Self-Managing Protection Domains in Charm
We believe that the engineering of mobile or persistent processes is hindered in many systems by the amount of coupling between user-level and the kernel. This coupling usually takes the form of user level data structures containing opaque references to kernel data structures. In this paper we show how self-managing protection domains may be constructed that support a modern object-oriented app...
متن کاملUser-Level Management of Kernel Memory
Kernel memory is a resource that must be managed carefully in order to ensure the efficiency and safety of the system. The use of an inappropriate management policy can weaken the isolation between subsystems, lead to suboptimal performance, and even make the kernel vulnerable to denial-of-service attacks. Yet, many existing kernels use only a single built-in policy, which is always a compromis...
متن کاملMagazines and Vmem: Extending the Slab Allocator to Many CPUs and Arbitrary Resources
The slab allocator [Bonwick94] provides efficient object caching but has two significant limitations: its global locking doesn’t scale to many CPUs, and the allocator can’t manage resources other than kernel memory. To provide scalability we introduce a per−processor caching scheme called the magazine layer that provides linear scaling to any number of CPUs. To support more general resource all...
متن کاملOS Experimentation and a User Community Coexist Under the DUnX Kernel
The class of NUMA (nonuniform memory access time) shared memory architectures is becoming increasingly important with the desire for larger scale multiprocessors. In such machines, the placement and movement of code and data are crucial to performance. The operating system can play a role in managing placement through the policies and mechanisms of the virtual memory subsystem. An implementatio...
متن کاملPriority IO Scheduling in the Cloud
Current state of the art runtime systems, built for managing cloud environments, almost always assume resource sharing among multiple users and applications. In large part, these runtime systems rely on functionalities of the node-local operating systems to divide the local resources among the applications that share a node. While OSes usually achieve good resource sharing by creating distinct ...
متن کامل