L4 Overview

1
L4 Overview

• Slides derived from original slides by Jochen
  Liedtke

2
Mailing List

• Please join
• http//lists.ira.uka.de/mailman/listinfo/sdi

3
classic
specialized
thin
Security
classic OS
em- bedded app
native Java
highly-specialized component
RT MM
L4
L4
L4
HW
HW
HW
4
???-kernel does no real work. ?-Kernel?services
are only required to overcome ?-kernel
constraints. Therefore, ?-kernels have to be
infinitely fast! Minimality is the key!

• Threads
• Address Spaces
• Clans

IPC Mapping
5
Threads, Communication
6
Drivers at User Level
User
INTR ipc
Driver
Device

• IO ports part of the user address space
• interrupts messages from hardware

7
Nucleus Calls

• ipc
• nearest
• unmap
• switch
• schedule
• ex regs
• task

send, receive, call, reply wait map wait for
intr myself, chief id get/set timeslice, prio,
preempter,cpu time, status get/set instr pointer,
stack pointer, pager create
signal create/delete transfer creation right
13 K code
8
Fundamental Concepts

• Address Spaces
• Threads

• Communication IPC
• Identification uids
• AS construction ??

9
(I) Communication

• Ignoring Address Spaces

10
Data Types (I)

• Thread Id

11
Data Types (I)
chief(8)
task(8)
lthrd(6)
ver(10)

• Thread Id

12
Data Types (I)
chief(8)
task(8)
lthrd(6)
ver(10)

• Thread Id
• Task 1255
• Lthread 063
• Version

13
Data Types (I)
chief(8)
task(8)
lthrd(6)
ver(10)

• Thread Id
• Task 1255
• Lthread 0127
• Version
• nilthread
• irq n
• sigma0
• root

0
n1
4
2
0
4
4
0
14
Data Types (I)
chief(8)
task(8)
lthrd(6)
ver(10)

• Thread Id
• Task 1255
• Lthread 0127
• Version
• nilthread
• irq n
• sigma0
• root
• invalid id

0
n1
4
2
0
4
4
0
0xFFFFFFFF
15
In ltl4/l4.hgt

• typedef union
• struct
• unsigned version 10
• unsigned thread 6
• unsigned task 8
• unsigned chief 8
• id
• dword_t raw
• l4_threadid_t
• define L4_SIGMA0_ID ((l4_threadid_t) id
  1,0,2,4 )
• define L4_ROOT_TASK_ID ((l4_threadid_t) id
  1,0,4,4 )
• define L4_INTERRUPT(x) ((l4_threadid_t) raw
  x 1 )

16
Data Types (I)
EDI EBX EDX
dword 2
dword 1

• Message
• Register Message

dword 0
17
Data Types (I)
EDI EBX EDX
dword 2
dword 1

• Message
• Register Message
• Simple Message

dword 0
.
.
.
dword 3
32 24 16 12 8 4 0
dword 2
dword 1
dword 0
msg snd dope msg size dope
dwords(19)
0(5)
(8)
dwords(19)
0(5)
(8)
18
Data Types (I)
EDI EBX EDX
dword 2
dword 1

• Message
• Register Message
• Simple Message
• String Message

dword 0
.
.
part 0
.
.
.
dword 3
32 24 16 12 8 4 0
dword 2
dword 1
dword 0
msg snd dope msg size dope
dwords(19)
parts(5)
(8)
dwords(19)
parts(5)
(8)
19
Data Types (I)

• Message
• Register Message
• Simple Message
• String Message

.
.
snd addr
snd size
20
Data Types (I)

• Message
• Register Message
• Simple Message
• String Message

.
.
rcv addr
rcv size
snd addr
snd size
21
Data Types (I)

• Message
• Register Message
• Simple Message
• String Message

.
.
rcv addr
rcv size
snd addr
snd size
22
In ltl4/l4.hgt

• typedef union
• struct
• dword_t msg_deceited 1
• dword_t fpage_received 1
• dword_t msg_redirected 1
• dword_t src_inside 1
• dword_t error_code 4
• dword_t strings 5
• dword_t dwords 19
• md
• dword_t raw
• l4_msgdope_t
• typedef struct
• dword_t snd_size
• dword_t snd_str
• dword_t rcv_size
• dword_t rcv_str

23
Data Types (I)

• Timeouts
• snd timeout
• rcv timeout
• snd PF timeout
• rcv PF timeout

24
In ltl4/l4.hgt

• typedef struct
• unsigned rcv_exp4
• unsigned snd_exp4
• unsigned rcv_pfault4
• unsigned snd_pfault4
• unsigned snd_man8
• unsigned rcv_man8
• l4_timeout_struct_t
• typedef union
• dword_t raw
• l4_timeout_struct_t timeout
• l4_timeout_t
• define L4_IPC_NEVER ((l4_timeout_t) raw
  0)
• define L4_IPC_TIMEOUT_NULL ((l4_timeout_t)
  timeout 15, 15, 15, 15, 0, 0)
• define L4_IPC_TIMEOUT(snd_man, snd_exp, rcv_man,
  rcv_exp, snd_pflt, rcv_pflt)\
• ( (l4_timeout_t) \
• timeout rcv_exp, snd_exp, rcv_pflt,
  snd_pflt, snd_man, rcv_man

25
IPC

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

26
IPC

• Send

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

FFFFFFFF
dest
me
27
IPC

• Receive
• from dest

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

FFFFFFFF
dest
me
28
IPC

• Receive
• from anyone

• snd descriptor
• rcv descriptor open bit
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

FFFFFFFF
me
29
IPC

• Call

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

dest
me
30
IPC

• ReplyWait

• snd descriptor
• rcv descriptor open bit
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

dest
me
31
IPC

• Wait

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

FFFFFFFF
nilthread
32
IPC

• Send/Call/...
• short message

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

0
00
33
IPC

• Receive/Call/...
• long message

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

00
send message
34
IPC

• Receive/Call/...
• short message

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

0
00
35
IPC

• Send/Call/...
• long message

• snd descriptor
• rcv descriptor
• timeouts
• dest / source
• msg.w0
• msg.w1
• msg.w2

00
receive buffer
36
IPC C prototypes

• L4_INLINE int
• l4_ipc_call(l4_threadid_t dest,
• const void snd_msg,
• dword_t snd_dword0, dword_t snd_dword1,
  dword_t snd_dword2,
• void rcv_msg,
• dword_t rcv_dword0, dword_t rcv_dword1,
  dword_t rcv_dword2,
• l4_timeout_t timeout, l4_msgdope_t result)
• L4_INLINE int
• l4_ipc_reply_and_wait(l4_threadid_t dest,
• const void snd_msg,
• dword_t snd_dword0, dword_t snd_dword1,
• dword_t snd_dword2,
• l4_threadid_t src,
• void rcv_msg, dword_t rcv_dword0,
• dword_t rcv_dword1, dword_t rcv_dword2,
• l4_timeout_t timeout, l4_msgdope_t
  result)

37
IPC C Prototypes

• L4_INLINE int
• l4_ipc_send(l4_threadid_t dest,
• const void snd_msg,
• dword_t snd_dword0, dword_t snd_dword1,
  dword_t snd_dword2,
• l4_timeout_t timeout, l4_msgdope_t result)
• L4_INLINE int
• l4_ipc_wait(l4_threadid_t src,
• void rcv_msg,
• dword_t rcv_dword0, dword_t rcv_dword1,
  dword_t rcv_dword2,
• l4_timeout_t timeout, l4_msgdope_t result)
• L4_INLINE int
• l4_ipc_receive(l4_threadid_t src,
• void rcv_msg, dword_t rcv_dword0,
  dword_t rcv_dword1,
• dword_t rcv_dword2,
• l4_timeout_t timeout, l4_msgdope_t
  result)

38
Id myself

• id_nearest (nilthread)
• L4_INLINE l4_threadid_t l4_myself(void)

39
Threads
Code

• Code, data

Thread
Data
40
Thread
Code

• Abstraction and unit of execution
• Consists of
• Registers
• Current variables
• Instruction Pointer
• Next instruction to execute
• Stack
• Execution history of yet unreturned procedures
• One stack frame per procedure invocation

Thread Execution Path
Data
Stack
41
Thread
Code

• L4 provides 64 threads per task
• Conceptually, they are all running when the task
  starts
• Practically, they are not allocated nor scheduled
  until they are initialized.

Thread Execution Path
Data
Stack
42
thread_ex_regs
Code
Thread ID
Instr. Ptr
Thread Execution Path
Stack Ptr
Pager
Data
Stack
43
Thread
Code

• Note the microkernel only manages (preserves) the
  user-level IP and SP
• (and registers if preempted)
• The following is managed by user-level
  applications (This means you)
• User stack location, allocation, size,
  deallocation
• Thread allocation, deallocation
• Entry point

Thread Execution Path
Data
Stack
44
Be CAREFUL!!!!!
Code

• Stack corruption is a common problem
• Stack corruption is very difficult to
• diagnose
• debug

Thread Execution Path
Data
?????
Stack
45
C prototype

• L4_INLINE void
• l4_thread_ex_regs(l4_threadid_t destination,
  dword_t eip, dword_t esp,
• l4_threadid_t preempter, l4_threadid_t
  pager,
• dword_t old_eflags, dword_t old_eip,
  dword_t old_esp)

46
thread_switch

• thread_switch (dest)
• thread_switch (nilthread)
• L4_INLINE void l4_thread_switch(l4_threadid_t
  destination)

47
Example Code

• Sigma0
• Root Task
• Name server
• Log Server
• Pager
• Starts the initial task
• Test Task
• Uses name server to locate log server
• Prints two messages to the log

Test Client
Name Server
Simple Pager
Log Server
Sigma0
L4 Micro kernel
48
The Boot Sequence

• The boot block is loaded GRUB stage 1
• Stage 1 is a simple loader that fits into 512
  bytes
• Responsible for loading stage 2

Stage 1
0x7c00
Phys. Mem
49
The Boot Sequence

• Stage 2 is loaded by stage 1
• Stage 2 is a more complex loader that
• Understands various file system formats.
• Supports loading via network.
• Supports a menu provide a choice of load
  configurations menu.lst
• Approx 60Kb - 80Kb in size stack and heap.
• Supports ELF loading.

0x80000
Stage 2
Stage 2
0x8000
Stage 1
0x7c00
Phys. Mem
50
The Boot Sequence

• The kernel (rmgr) is ELF loaded at its linked
  address (just above 1Meg).
• Modules are appended after the kernel.
• Modules are loaded beginning on page boundaries.
• A multiboot header is generated based on the
  modules loaded.
• The kernel (rmgr) is started and passed a pointer
  the multiboot header.

Test client
Root task
l4kernel
rmgr
0x120000
0x80000
Stage 2
Stage 2
0x8000
Stage 1
0x7c00
Phys. Mem
51
The Boot Sequence

• The rmgr copies the multiboot info to its
  memory.
• It ELF loads
• the L4kernel (at 0x100000),
• Sigma0 (at 0x20000)
• and root task (at 0x200000).
• It finally starts the L4 kernel.

Root task
0x200000
test_client
root_task
sigma0
X86-kernel
rmgr
0x120000
X86-kernel
0x100000
0x80000
Stage 2
sigma0
0x20000
Stage 2
0x8000
Stage 1
0x7c00
Phys. Mem
52
The Boot Sequence
P Tables

• L4 starts.
• The kernel grabs some upper memory for page
  tables.
• L4 starts sigma0 and then starts the root task.

Root task
0x200000
Test client
Root task
l4kernel
rmgr
0x120000
X86-kernel
0x100000
sigma0
0x20000
Phys. Mem
53
The Memory Map

• Things to watch out for
• The initial set of modules should not go passed 2
  Meg mark.
• You can change this by linking the root task
  higher.
• The multi-boot header is still in the dead rmgr
  region.

P Tables
Root task
0x200000
Test client
Root task
l4kernel
rmgr
X86-kernel
0x100000
sigma0
0x20000
Phys. Mem