By: Adrian (a.delete@this.acm.org), March 17, 2021 1:00 pm
Room: Moderated Discussions
Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 17, 2021 11:59 am wrote:
>
> The only way "IPC" is competitive is if you define IPC as
> "memory mapping your data structures in shared memory".
>
While I agree with most of what you said, using shared memory areas is a perfectly valid method for implementing IPC.
If IPC between a user process and a device driver is implemented using shared memory, that does not change in any way the fact that the isolation between them is implemented by the fact that the rest of the memory space is not shared, instead of relying on the supervisor/user distinction for isolation.
Also, if IPC is implemented by this method, it does not change in any way the defining characteristic of a microkernel system, that there exists isolation between any pair of device drivers and not only between all the devices drivers and any user process, like when using a monolithic OS.
So, a microkernel-based system can use shared-memory as the only or main method for doing IPC while still being microkernel-based and having different security properties in comparison with a system using a monolithic kernel.
It is true that using shared memory areas provides less isolation than a strictly message-based interface that copies messages into queues, but, exactly as you said, this is the method that can achieve the best performance so it is likely that it is the best choice for IPC in a practical microkernel-based system.
The advantage of having isolation between the device drivers is not negligible, because I have encountered too many cases, both on Linux and on Windows when some buggy device driver for some obscure piece of hardware caused panics and rebooting of the computer, even if with an ideal operating system I should have retained control of the display and keyboard and I should have been able to just unload the offending device driver.
>
> The only way "IPC" is competitive is if you define IPC as
> "memory mapping your data structures in shared memory".
>
While I agree with most of what you said, using shared memory areas is a perfectly valid method for implementing IPC.
If IPC between a user process and a device driver is implemented using shared memory, that does not change in any way the fact that the isolation between them is implemented by the fact that the rest of the memory space is not shared, instead of relying on the supervisor/user distinction for isolation.
Also, if IPC is implemented by this method, it does not change in any way the defining characteristic of a microkernel system, that there exists isolation between any pair of device drivers and not only between all the devices drivers and any user process, like when using a monolithic OS.
So, a microkernel-based system can use shared-memory as the only or main method for doing IPC while still being microkernel-based and having different security properties in comparison with a system using a monolithic kernel.
It is true that using shared memory areas provides less isolation than a strictly message-based interface that copies messages into queues, but, exactly as you said, this is the method that can achieve the best performance so it is likely that it is the best choice for IPC in a practical microkernel-based system.
The advantage of having isolation between the device drivers is not negligible, because I have encountered too many cases, both on Linux and on Windows when some buggy device driver for some obscure piece of hardware caused panics and rebooting of the computer, even if with an ideal operating system I should have retained control of the display and keyboard and I should have been able to just unload the offending device driver.
| Topic | Posted By | Date |
|---|---|---|
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/12 06:16 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/13 01:18 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:25 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:44 PM |
| x86 - why unite when you can fragment? | Yuhong Bao | 2021/03/13 08:49 PM |
| x86 - why unite when you can fragment? | tt | 2021/03/20 09:30 AM |
| x86 - why unite when you can fragment? | Andrey | 2021/03/14 04:15 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/14 04:58 PM |
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/14 05:31 PM |
| x86 - why unite when you can fragment? | anon2 | 2021/03/14 08:07 PM |
| Microkernel? | Anon | 2021/03/14 11:49 PM |
| Microkernel? | none | 2021/03/15 12:37 AM |
| Microkernel? | Anon | 2021/03/15 01:56 AM |
| Microkernel? | anon2 | 2021/03/15 01:58 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 03:12 AM |
| Microkernel? | anon2 | 2021/03/15 04:53 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 06:56 AM |
| Microkernel? | iz | 2021/03/15 08:10 AM |
| Microkernel? | Anon | 2021/03/15 09:05 AM |
| Microkernel? | iz | 2021/03/16 01:25 AM |
| Microkernel? | Andrey | 2021/03/16 02:54 AM |
| Microkernel? | iz | 2021/03/16 08:36 AM |
| Microkernel? | Andrey | 2021/03/16 10:06 AM |
| Microkernel? | anonymou5 | 2021/03/16 11:44 AM |
| Microkernel? | iz | 2021/03/21 02:58 AM |
| Microkernel? | Andrey | 2021/03/21 09:34 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 AM |
| Microkernel? | Simon Farnsworth | 2021/03/16 04:42 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 03:21 AM |
| Microkernel? | anon2 | 2021/03/15 04:56 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 10:41 AM |
| Microkernel? | anon2 | 2021/03/15 08:00 PM |
| Microkernel? | Gabriele Svelto | 2021/03/16 07:23 AM |
| Microkernel? | anon2 | 2021/03/16 05:13 PM |
| Microkernel? | anon2 | 2021/03/16 05:16 PM |
| Microkernel? | Gian-Carlo Pascutto | 2021/03/16 01:40 PM |
| Microkernel? | anon2 | 2021/03/16 05:53 PM |
| Microkernel? | Linus Torvalds | 2021/03/16 07:25 PM |
| Microkernel? | Doug S | 2021/03/17 09:30 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 10:30 AM |
| Microkernel? | Brendan | 2021/03/17 10:56 PM |
| Microkernel? | Michael S | 2021/03/18 03:47 AM |
| Microkernel? | Brendan | 2021/03/18 09:07 AM |
| Microkernel? | Jose | 2021/03/18 09:35 AM |
| Microkernel? | zArchJon | 2021/03/18 05:42 PM |
| Transputer | RichardC | 2021/03/17 09:47 AM |
| Microkernel? | dmcq | 2021/03/17 11:15 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 11:59 AM |
| Microkernel? | dmcq | 2021/03/17 12:38 PM |
| Microkernel? | Adrian | 2021/03/17 01:00 PM |
| Microkernel? | Ana R. Riano | 2021/03/18 04:33 AM |
| Microkernel? | ⚛ | 2021/04/30 04:52 PM |
| Microkernel? | NvaxPlus | 2021/03/17 11:48 AM |
| Microkernel? | Michael S | 2021/03/18 03:32 AM |
| Microkernel? | Adrian | 2021/03/18 04:12 AM |
| Microkernel? | dmcq | 2021/03/18 06:30 AM |
| Microkernel? | dmcq | 2021/03/18 06:55 AM |
| Microkernel? | Adrian | 2021/03/18 08:35 AM |
| Microkernel? | --- | 2021/03/18 09:49 AM |
| Microkernel? | dmcq | 2021/03/18 10:59 AM |
| Microkernel? | dmcq | 2021/03/18 04:09 PM |
| Microkernel? | --- | 2021/03/18 09:27 AM |
| Microkernel? | Kalle A. Sandström | 2021/03/20 06:34 AM |
| Microkernel? | --- | 2021/03/20 08:35 AM |
| Microkernel? | anon2 | 2021/03/21 05:29 PM |
| Microkernel? | dmcq | 2021/03/15 04:06 AM |
| Microkernel? | anon2 | 2021/03/15 04:59 AM |
| Microkernel? | dmcq | 2021/03/15 11:51 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 PM |
| Microkernel? | dmcq | 2021/03/16 09:17 AM |
| Microkernel? | Jukka Larja | 2021/03/16 11:22 AM |
| Microkernel? | dmcq | 2021/03/16 04:06 PM |
| Microkernel? | Jukka Larja | 2021/03/17 03:42 AM |
| Microkernel? | dmcq | 2021/03/17 07:00 AM |
| Microkernel? | anon2 | 2021/03/16 05:26 PM |
| Microkernel? | --- | 2021/03/16 10:07 AM |
| Microkernel? | -.- | 2021/03/15 08:15 PM |
| Microkernel? | anon2 | 2021/03/15 09:18 PM |
| Microkernel? | Foo_ | 2021/03/16 03:37 AM |
| Read the thread (NT) | anon2 | 2021/03/16 05:27 PM |
| Already did (NT) | Foo_ | 2021/03/17 02:55 AM |
| Already did | anon2 | 2021/03/17 03:46 AM |
| Already did | Etienne Lorrain | 2021/03/18 02:31 AM |
| Microkernel? | -.- | 2021/03/17 05:04 AM |
| Microkernel? | Gabriele Svelto | 2021/03/17 08:53 AM |
| Microkernel? | -.- | 2021/03/17 02:43 PM |
| Microkernel? | dmcq | 2021/03/16 08:40 AM |
| x86 - why unite when you can fragment? | Konrad Schwarz | 2021/03/17 10:19 AM |
| x86 - why unite when you can fragment? | anonon | 2021/03/15 07:37 AM |
