inter-process communicationos.inf.tu-dresden.de/studium/kmb/ws2013/03-ipc.pdf · 2013-10-29...
TRANSCRIPT
![Page 1: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/1.jpg)
Faculty of Computer Science Institute for System Architecture, Operating Systems Group
Inter-Process Communication
Dresden, 2013-10-29
Björn Döbel
![Page 2: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/2.jpg)
Communication Slide 2 / 492013-10-29
So far...
• Microkernels as a design alternative– Flexibility– Security
• Case Study: Fiasco.OC– Mechanisms: Tasks, Threads, Communication– Capabilities to denote kernel objects
![Page 3: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/3.jpg)
Communication Slide 3 / 492013-10-29
Today
• Inter-Process Communication (IPC)– Purpose– Implementation– How to find a service?– Tool/Language support– Security – Who speaks to whom?– Shared memory
![Page 4: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/4.jpg)
Communication Slide 4 / 492013-10-29
Why do we need to Communicate?
• IPC is a fundamental mechanism in a µ-kernel-based system:– Exchange data– Synchronization– Sleep, timeout– Hardware / software interrupts– Grant access to resources (memory, I/O ports,
capabilities)– Exceptions
• Liedtke: “IPC performance is the master.”
![Page 5: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/5.jpg)
Communication Slide 5 / 492013-10-29
Exploring the Design Space
• Asynchronous IPC (e.g., Mach)– “Fire and forget”– In-kernel message buffering– Two problems:
• Data copied twice• DoS attack on kernel memory (never receive
data) – can use quotas, though
• Synchronous IPC (e.g., L4)– IPC partner blocks until other one gets ready– Direct copy between sender and receiver– E.g., Remote Procedure Call (RPC)
![Page 6: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/6.jpg)
Communication Slide 6 / 492013-10-29
L4 IPC - Basics
• Basic data types:– Bulk data– Memory references– Resource mappings (flexpages)
• Types– Send– Closed wait– Open wait– Call– Reply & wait
![Page 7: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/7.jpg)
Communication Slide 7 / 492013-10-29
L4 IPC – Advanced Features
• Timeouts– 0 (non-blocking IPC)– NEVER or specific value – block until partner
gets ready or timeout occurs– sleep() is implemented as IPC to NIL
(non-existing) thread with timeout
• Exceptions– Certain conditions need external interaction
• Page faults• L4Linux system calls• Virtualization faults (-> lectures on
virtualization)
![Page 8: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/8.jpg)
Communication Slide 8 / 492013-10-29
L4 IPC Flavors
• Why is there no broadcast?
Basics Special cases forclient/server IPC
S R send
S Rreceive from(closed wait)
Rreceive any(open wait)?
clie
nt
ser ve r
• call := send + recv from
• reply and wait :=send + recv any
?
![Page 9: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/9.jpg)
Communication Slide 9 / 492013-10-29
Break
Purpose
Implementation
Tool/Language support
Security
How to find a service?
Shared memory
![Page 10: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/10.jpg)
Communication Slide 10 / 492013-10-29
IPC Building Blocks – IPC Gate
• Referenced through a capability (local name)
• Created using factory object– Each L4Re task is assigned a factory object– Factory creates other objects (e.g., kernel objects)– Can enforce quotas / perform accounting / ...
• Bound to a thread (receiver)– IPC channels are uni-directional– Anyone with the gate capability may send, only bound
thread receives
• Add a label– A thread may receive from multiple gates– Label allows to identify where a message came from
![Page 11: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/11.jpg)
Communication Slide 11 / 492013-10-29
IPC Building Blocks – IPC Gate
• Receiving:– Receiver calls open wait.– Waits for message on any of its gates– Receive system call returns label of the used gate
(but not the sender's capability!)
• Replying– Receiver doesn't know sender.– Kernel provides implicit reply capability (per-thread)
• Valid until reply sent or next wait started.
![Page 12: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/12.jpg)
Communication Slide 12 / 492013-10-29
IPC Building Blocks – UTCB
• User-level Thread Control Block
• Set of “virtual” registers
• Message Registers– System call parameters– IPC: direct copy to receiver
• Buffer registers– Receive flexpage descriptors
• Thread Control Registers– Thread-private data– Preserved, not copied
MessageRegisters
BufferRegisters
Thread ControlRegisters
![Page 13: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/13.jpg)
Communication Slide 13 / 492013-10-29
IPC Building Blocks – Message Tag
• Protocol:– User-defined type of communication– Pre-defined system protocols (Page fault, IRQ, …)
• Flags– Special-purpose communication flags
• Items– Number of indirect items to copy
• Words– Number of direct items to copy
ProtocolFlags Items Words
31
15
16
12 6 0
![Page 14: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/14.jpg)
Communication Slide 14 / 492013-10-29
Direct vs. indirect copy
Sender AS
Receiver AS
Sender UTCB Receiver UTCBdirect
![Page 15: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/15.jpg)
Communication Slide 15 / 492013-10-29
Break
Purpose
Implementation
Tool/Language support
Security
How to find a service?
Shared memory
![Page 16: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/16.jpg)
Communication Slide 16 / 492013-10-29
Client-Server RPC Broken down
Client
Marshall dataAssign OpcodeIPC call
Unmarshall exception or reply
Server
IPC waitUnmarshall OpcodeUnmarshall DataExecute functionMarshall return value or
errorIPC replyGoto begin
![Page 17: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/17.jpg)
Communication Slide 17 / 492013-10-29
Writing IPC code Manually
/* Arguments: 1 integer parameter, 1 char array with size */int FOO_OP1_call(l4_cap_idx_t dest, int arg1, char *arg2, unsigned size) { int idx = 0; // index into message registers // opcode and first arg go into first 2 registers l4_utcb_mr()->mr[idx++] = OP1_opcode; l4_utcb_mr()->mr[idx++] = arg1;
// tricky: memcpy buffer into registers, adapt idx according // to size (XXX NO BOUNDS CHECK!!!) memcpy(&l4_utcb_mr()->mr[idx], arg2, size); idx += round_up(size / sizeof(int));
// create message tag (prototype, <idx> words, no bufs, no flags) l4_msgtag_t tag = l4_msg_tag(PROTO_FOO, idx, 0, 0); return l4_ipc_call(dest, l4_utcb(), tag, TIMEOUT_NEVER);}
![Page 18: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/18.jpg)
Communication Slide 18 / 492013-10-29
Writing IPC code Manually
• Now repeat the above steps for– N > 20 functions with
• varying parameters• varying argument size• complex use of send/receive flexpages• correct error checking• …
• Dull and error-prone!
![Page 19: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/19.jpg)
Communication Slide 19 / 492013-10-29
How About Some Automation?
• Specify the interface of server in Interface Definition Language (IDL)– High-level language
interface FOO { int OP1(int arg1, [size_is(arg2_size)] char *arg2, unsigned arg2_size);};
• Use IDL Compiler to generate IPC code– Automatic assignment of RPC opcodes– Generated marshalling/unmarshalling code– Built-in error handling– Client/server stub functions to fill in
• For L4: Dice – DROPS IDL Compiler
![Page 20: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/20.jpg)
Communication Slide 20 / 492013-10-29
IDL vs. Manual code
• Use of high-level language and IDL compiler makes things easier
• Additionally:– Type checking: generated code stubs make
sure that client sends the correct amount of data, having proper types
– IDL compiler can optimize code– Use IDL interfaces to generate
• Documentation• Unit tests• ...
![Page 21: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/21.jpg)
Communication Slide 21 / 492013-10-29
Using Fancy Language Features
• C++: streams
• Overload operator<< to access the UTCB– Copying of basic data types and arrays into
message registers– Dedicated objects representing flexpages
copied into buffer registers– Automatic updates of positions in buffer
• Do the reverse steps for operator>>
![Page 22: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/22.jpg)
Communication Slide 22 / 492013-10-29
Fancy Language Features - Client
int Foo::op1(l4_cap_idx_t dest, int arg1, char *arg2, unsigned arg2_size){ int res = 1; L4_ipc_iostream i(l4_utcb()); i << Foo::Op1 << arg1 << Buffer(arg2, arg2_size); int err = i.call(dest); if (!err) i >> result; return i;}
![Page 23: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/23.jpg)
Communication Slide 23 / 492013-10-29
Fancy Language Features - Server
int Foo::dispatch(L4_ipc_iostream& str, l4_msgtag_t tag) { // check for invalid invocations if (tag.label() != PROTO_FOO) return L4_ENOSYS;
int opcode, arg1, retval; Buffer argbuf(MAX_BUF_SIZE);
str >> opcode; switch(opcode) { case Foo::Op1: str >> arg1 >> argbuf; // do something clever, calculate retval str << retval; return L4_EOK; // .. more cases ..
}}
![Page 24: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/24.jpg)
Communication Slide 24 / 492013-10-29
Dynamic RPC Marshalling in Genode
• C++-based operating system framework
• Abstract from the underlying kernel– Runs on Linux, Fiasco.OC, OKL4, L4::Pistacchio, Nova,
CodeZero– IPC mechanisms differ (built-in mechanism in L4.Fiasco
vs. UDP sockets in Linux)
• Communication abstraction: IPC streams– Use C++ templates to allow writing arbitrary (primitively
serializable!) objects to IPC message buffer– Special values (Genode::IPC_CALL) lead to calls to
underlying system's mechanism
![Page 25: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/25.jpg)
Communication Slide 25 / 492013-10-29
DynRPC Summary
• C++ compiler can heavily optimize IPC path
• No automatic (un)marshalling– Use whatever serialization mechanism you like
• No builtin type checking– Developer needs to care about amount, type and order of
arguments
• Orthogonal to use of IDL compiler– Generate IPC stream code from C++ class definitions
(Prototype: Liasis IDL compiler by Stefan Kalkowski, 2008)
![Page 26: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/26.jpg)
Communication Slide 26 / 492013-10-29
Break
Purpose
Implementation
Tool/Language support
Security
How to find a service?
Shared memory
![Page 27: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/27.jpg)
Communication Slide 27 / 492013-10-29
IPC & Security
• Problem: How to control data flow?
• Crucial problem to solve when building real systems
• Many proposed solutions
![Page 28: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/28.jpg)
Communication Slide 28 / 492013-10-29
L4v2: Clans & Chiefs
• Tasks are owned by a chief.• Clan := set of tasks with the same chief• No IPC restrictions inside a clan• Inter-clan IPC redirected through chiefs• Performance issue
– One IPC transformed into three IPCs– Decisions are not cached.
CC
blue clangreen clan
![Page 29: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/29.jpg)
Communication Slide 29 / 492013-10-29
Mach: Ports
• Dedicated kernel objects• Applications hold send/recv rights for ports• Kernel checks whether task owns sufficient
rights before doing IPC
Mach kernel
client(withright)
server
server port
client(w/oright)
receive()
send()
send()
![Page 30: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/30.jpg)
Communication Slide 30 / 492013-10-29
L4/Fiasco: Reference Monitors
• New abstraction: communication is allowed if certain flexpage has been mapped to sender
• Every task gets a reference monitor assigned.
• Communication:– IPC right mapped?
• Yes: perform IPC• No: raise exception at reference monitor
– Reference monitor can answer exception IPC with a mapping and thereby allow IPC
• Fine-grained control• No per-IPC overhead, only exception in the beginning
![Page 31: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/31.jpg)
Communication Slide 31 / 492013-10-29
kernel
L4.Sec, L4Re: Dedicated Kernel Objects
• Idea:– Invoke IPC on a kernel-object (IPC gate)
-> endpoint (capability)– Kernel object mapped to a virtual address (local
name space)• task only knows object's local name
no information leaks through global names→
client AS server AS
endpointsend()
receive()
![Page 32: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/32.jpg)
Communication Slide 32 / 492013-10-29
Singularity
• Singularity– Research microkernel by MS Research– Written in a dialect of C# (Sing#)– Topic of a paper reading exercise
• All applications run in privileged mode.– No system call overhead – syscalls are real function
calls
• Enforce system safety at compile time.– Isolation completely realized using means of the
used programming language -> Language-Based Isolation
![Page 33: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/33.jpg)
Communication Slide 33 / 492013-10-29
IPC & Language-Based Isolation
• Singularity IPC is always performed through shared memory.
• Only certain objects can be transferred.– Allocated from a special memory pool
-> shared heap
Task A Task B
LocalHeap
LocalHeapShared Heap
owns
owns
owns
![Page 34: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/34.jpg)
Communication Slide 34 / 492013-10-29
IPC & Language-Based Isolation (2)
• Only one task may own objects in SH.• IPC := transfer ownership of an object in SH.• IPC protocols are specified by state machines
– contracts• Contracts are verified at compile-time
Task A Task B
LocalHeap
LocalHeapShared Heap
owns
owns
owns
![Page 35: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/35.jpg)
Communication Slide 35 / 492013-10-29
Break
• Mechanisms for controling information flow
– Special IPC control mechanism (traditional L4)
– Reuse other kernel mechanism (e.g., mapping of memory pages) for IPC control (L4.Fiasco)
– Special kernel objects for IPC (Mach, L4.Florence, L4Re)
– Static compile-time analysis of communication behavior (Singularity)
![Page 36: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/36.jpg)
Communication Slide 36 / 492013-10-29
Break
Purpose
Implementation
Tool/Language support
Security
How to find a service?
Shared memory
![Page 37: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/37.jpg)
Communication Slide 37 / 492013-10-29
How to find a service
• Need to get some kind of identification of service provider in order to perform IPC.– L4Re: need to get a capability mapped into my
local capability space
• Idea borrowed from the internet: translate human-readable-names into IDs.
• Need a name service provider.
![Page 38: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/38.jpg)
Communication Slide 38 / 492013-10-29
Global name service
Name service
ServiceClient
1. register(“service”)
2. query(“service”)
3... use
• Race condition: Evil app can register name before real one.• Information leak: Query name service for names and gain
information about running services contradicts resource →separation
→ Names are a resource and must be managed!
![Page 39: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/39.jpg)
Communication Slide 39 / 492013-10-29
Hierarchical naming
Parent
Client1 Service2 Client2Service1
libNS4. query(“service”)2. query(“service”)
ns/C1/ ns/C2/3. reply 5. reply
ns/S1
ns/S2
1. register(“service)
![Page 40: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/40.jpg)
Communication Slide 40 / 492013-10-29
Hierarchical Naming
• Race Condition– Parent controls name space and program
startup– Knows who is registering a service
• Information leak– Parent only provides name space content to
each application
• Problem: configuration can be a mess.
![Page 41: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/41.jpg)
Communication Slide 41 / 492013-10-29
Break
Purpose
Implementation
Tool/Language support
Security
How to find a service?
Shared memory
![Page 42: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/42.jpg)
Communication Slide 42 / 492013-10-29
Asynchronous IPC & Shared Memory
• Some applications need high throuput for a lot of data.– Sharing memory between tasks can provide
better performance
• Many workloads need asynchronous communication.– Fiasco.OC: IRQ kernel object
![Page 43: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/43.jpg)
Communication Slide 43 / 492013-10-29
Shared Memory
• Zero-copy communication– Producer writes data in place– Consumer reads data from the same physical
location• Kernel seldom involved
– At setup time: establish memory mapping (flexpage IPC + resolution of pagefaults)
– Synchronization only when necessary• Ergo: Shared mem communication is fast (if
the scenario allows it)– High throughput, large amount of data– Example: streaming media applications
![Page 44: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/44.jpg)
Communication Slide 44 / 492013-10-29
Producer Consumer
FIFO queuegenerate data (recv from network, keyboard events, ...)
process data
Example: Consumer-Producer Problem
• Shared buffer between consumer and producer
• Wake up notifications using IPC– If new data for consumer is ready– If free space for producer is available
![Page 45: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/45.jpg)
Communication Slide 45 / 492013-10-29
1st try: Consumer sets flag
• Consumer indicates “I am ready to receive.” using a flag (in shared memory) and waits for IPC.
• Producer sends notification IPC with infinite timeout.
• Evil consumer: sets flag, but doesn't wait• Producer remains blocked forever -> DoS
Producer Consumer
blocked in IPC
Flag: Consumerwaits
continues withprogram
![Page 46: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/46.jpg)
Communication Slide 46 / 492013-10-29
2nd try: Notify with zero Timeout
• Consumer flags “I am ready.”• Producer sends notification with timeout zero• Consumer in bad luck: sets flag and gets
interrupted right before waiting for IPC• Producer sends notification• Consumer is blocked forever
sends IPC not yet waiting
Producer Consumer
Flag: Consumerwaits
![Page 47: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/47.jpg)
Communication Slide 47 / 492013-10-29
The Problem: Atomicity
• Solution: set flag and enter wait state atomically• (Delayed preemption)• L4 IPC call is atomic
2. wakeup, timeout never
consumer in recv state1. IPC call
3. wakeup, timeout zero
ProducerConsumer
Synchronization Thread
Flag: Consumerwaits
![Page 48: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/48.jpg)
Communication Slide 48 / 492013-10-29
Further Reading
• L4 kernel manual: http://l4hq.org/docs/manuals/Ln-86-21.pdf
• Dice manual: http://os.inf.tu-dresden.de/dice/manual.pdf
• Genode Dynamic RPC Marshalling:N. Feske: “A case study on the cost and benefit of dynamic RPC marshalling for low-level system components”
• Singularity IPC:Faehndrich, Aiken et al.: “Language support for fast and reliable message-based communication in Singularity OS”
![Page 49: Inter-Process Communicationos.inf.tu-dresden.de/Studium/KMB/WS2013/03-IPC.pdf · 2013-10-29 Communication Slide 10 / 49 IPC Building Blocks – IPC Gate • Referenced through a capability](https://reader036.vdocument.in/reader036/viewer/2022070916/5fb6e345ad91d2782d2ac78e/html5/thumbnails/49.jpg)
Communication Slide 49 / 492013-10-29
Coming soon
• Next week:– Lecture: Memory– Practical Exercise (Tue, 2:50 PM, INF/E069)