The Genode project has released version 11.11 of their OS framework, which allows the construction of spezialized operating systems out of building blocks including 8 different kernels, plenty of device drivers, and an increasing number of system services.
With the current release, the project explored various opportunities to combine Genode’s architecture with virtualization techniques ranging from faithful virtualization of x86 hardware, over running Android on a paravirtualized Linux kernel, to custom designed OS-level virtualization and application-level virtualization approaches. The latter variant is particularly interesting because it paved the way to Genode’s new support for user-level debugging via GDB.
With the initial port of the Vancouver virtual machine monitor (VMM), the project embraces the world of faithful virtualization. Vancouver implements a virtual x86 PC and is specifically developed for the use with the NOVA hypervisor and hardware-supported virtualization (VTX or SVM). The single property that sets NOVA/Vancouver apart from the crowd of virtualization products such as KVM, Xen, VirtualBox, and VMware is its microkernel-aided design. In contrast to those traditional solutions that implement the virtual machine monitor in the hypervisor, the Vancouver VMM runs entirely in user space. Only the basic mechanisms for reflecting virtualization events to the user space remain in the hypervisor, for which the NOVA developers consequently coined the term microhypervisor.
On NOVA, each virtual machine has a dedicated instance of a Vancouver virtual machine monitor, each instance being isolated from each other via protection mechanisms as known from microkernels. This way, a problem in one virtual machine or VMM cannot affect any other part of the system. The trusted computing base critical for maintaining the isolation between virtual machines is orders of magnitude smaller compared to traditional approaches. This sounds good but isn’t putting the VMM into user space hurting the performance? The answer is actually: No! According to a paper by the authors of NOVA/Vancouver, the performance of their solution blows existing virtualization solutions out of the water. Long story, short: NOVA/Vancouver is an amazing technology, which will now become integrated with Genode. Even though the initial adaptation of Vancouver to Genode is still at an early stage, it already shows how well Vancouver fits into the framework’s architecture.
The second new feature of Genode 11.11 is the integration of L4Android running on the Fiasco.OC kernel. L4Android is based on the paravirtualized Linux kernel called L4Linux with the Android patch set applied. This enables one or multiple instances of the unmodified Android user land to be executed as nodes of Genode’s process tree. To tightly integrate L4Android with the component framework, L4Linux has been enhanced with several so-called stub drivers that act as Linux device drivers but use Genode interfaces as back ends instead of real devices. New stub drivers have been added for accessing block devices, UARTs, network cards, and pointer devices. L4Android is supported for both x86_32 and ARM platforms on the Fiasco.OC kernel.
Noux is Genode’s own take to OS-level virtualization. In contrast to faithful virtualization or paravirtualization, this work aims as executing individual UNIX applications without the overhead of running and managing a complete Guest OS. With the current release, Noux has become able to execute software as complex as VIM natively without the need to change any source code. For its developers, the ability to run GNU software without manual porting labour represents the path towards an OS that is suitable as development environment.
Finally, the project introduces a new form of virtualization called application-level virtualization. This approach facilitates the most fundamental property of Genode’s architecture, which is the sandboxed execution of each program. Combined with capability-based security, this architecture makes it possible to virtualize the environment of each process in the system in arbitrary ways. One particularly useful application of this methodology is to let a user-level debugger transparently intercept the interaction of a process with its environment. The new GDB monitor is the implementation of this idea. It is able to provide a fully featured debugging solution for user-level components including the support for single stepping, break points, source-level debugging, and backtraces. Thanks to the approach to implement the debugging facility using application-level virtualization, this facility requires no special debugging interfaces in the underlying platform, which could potentially short-circuit security policies.
In addition to the results of the virtualization-related work, the version 11.11 comes with new device drivers, a new free-standing tool chain, a new IPC implementation for Linux, and updates of several base platforms.
As usual, the complete coverage of all the improvements is detailed in the project’s release notes.
I like the idea of the hypervisor being a micro kernel. The hypervisor should be tiny. But I did not get the part about Noux, is that the hypervisor? It seems that it can even run VIM? Then it is not a tiny hypervisor?
There is a similar project called SmartOS. It is KVM, Solaris kernel and Containers, ZFS, DTrace and nothing else, basically. This way Solaris can act as backend and provide ZFS. Each guest runs in a container, so if a guest is hacked, he will only be in a container, which is safe.
SmartOS claims to give much higher performance than running bare metal. For instance, WinXP 32 bit only has access to 3.5GB RAM and can not use 10GBit Nic. But Solaris can use 16GB RAM as ZFS cache and use 10GBit NIC.
http://www.theregister.co.uk/2011/08/15/kvm_hypervisor_ported_to_so…
“With I/O-bound database workloads, he says, the SmartOS KVM is five to tens times faster than bare metal Windows and Linux (meaning no virtualization), and if you’re running something like the Java Virtual Machine or PHP atop an existing bare metal hypervisor and move to SmartOS, he says, you’ll see ten to fifty times better performance – though he acknowledges this too will vary depending on workload.”
Yeah, but then who would run a 32bit copy of a 10 year old OS as their VM host? It’s as pointless a comparison as comparing Win3.1 to OS X.
Anyhow, apples and oranges aside, SmartOS does look a great project, so I’m going to give this a test drive now. Thanks for the recommendation
Edited 2011-12-01 11:09 UTC
True. But consider other 32bit OSes, such as… latest Linux for instance.
Youre welcome. :o)
It’s still a pointless comparison as it’s not comparing like for like.
It’s a classic case of comparing two unrelated products to skew the statistics their favour.
To clear up the confusion about NOVA and Noux a bit:
NOVA is the microkernelized hypervisor and represents one of options to use as base platform for Genode.
Noux is a user-level component that offers the UNIX system-call API as RPC service. It can be used on top of any of Genode’s base platforms. For example, you could run Noux side by side with virtual machines (running in the Vancouver VMM) on top of the NOVA hypervisor. But you could also run it atop a normal Linux OS (another possible base platform). In fact, using Noux, you can execute VIM natively on (almost) all of the microkernels supported by Genode.
The Figure at http://genode.org/documentation/release-notes/11.11#section-3 illustrates the role of Noux. In this figure, the hypervisor/kernel is not displayed. It would sit underneath core.
love this project, great work guys.
Hey, thanks for the nice words
Genode is the future for OSes. It is not just great work, it is fantastic.
So, well coded. Those who would like to learn C++ to a better level and to understand how exactly C++ constructs are used do read the genode code.
I’m a great fan of the genode project.I would love to contribute.
You are indeed more than welcome! Actually, the time to start getting involved couldn’t be better because the project is currently planning to open its development process.
Even though the Genode source code is released at regular intervals accompanied with the documentation about what has happened (release notes), until now, most of technical discussions, issue tracking, planning, and revision management was done internally at our company. Over the next three months we are going to change that with the goal to make the project more approachable to people outside the company.
So if you are interested in getting involved, please don’t be shy! Joining the mailing list is possibly a good start. For meeting in person, I’d like mention that the Genode project will participate in a devroom specifically dedicated to microkernel-based OSes at FOSDEM 2012. See https://lists.fosdem.org/pipermail/microkernel-devroom/2011-November…