Microkernel?

By: dmcq (dmcq.delete@this.fano.co.uk), March 18, 2021 4:09 pm
Room: Moderated Discussions
dmcq (dmcq.delete@this.fano.co.uk) on March 18, 2021 10:59 am wrote:
> Adrian (a.delete@this.acm.org) on March 18, 2021 8:35 am wrote:
> > dmcq (dmcq.delete@this.fano.co.uk) on March 18, 2021 6:30 am wrote:
> > > Adrian (a.delete@this.acm.org) on March 18, 2021 4:12 am wrote:
> > > > Michael S (already5chosen.delete@this.yahoo.com) on March 18, 2021 3:32 am wrote:
> > > > > NvaxPlus (anon.delete.delete@this.this.example.com) on March 17, 2021 11:48 am wrote:
> > > > > > Linus Torvalds (torvalds.delete@this.linux-foundation.org) on March 16, 2021 7:25 pm wrote:
> > > > > > > Why is this even a discussion any more? Microkernels failed.
> > > > > > > Give them up. You want a monolithic kernel. End of story.
> > > > > > >
> > > > > >
> > > > > > What possible, useful sense is this true? There are billions
> > > > > > and billions of devices running L4. Stop trafficking
> > > > > > in tropes that were stale 20 years ago. Exactly nothing about microkernels notionally implies share-nothing
> > > > > > message passing between address space isolated processes
> > > > > > as the sole "IPC" (taken broadly) mechanism. In fact,
> > > > > > most don't even work that way. Amazingly, kernel development has actually progressed since Mach.
> > > > > >
> > > > >
> > > > > Is L4 in Qualcomm modems really used as microkernel, with all services running in separate
> > > > > HW-protected memory domains and with each service having at least one thread of its own?
> > > >
> > > >
> > > > I have no idea what Qualcomm does, but I also doubt very much that those small microcontrollers
> > > > have any other kind of memory protection except for the kernel and maybe not even that.
> > > >
> > > > Your doubt is extremely relevant, because in the absence of multiple separate HW-protected memory
> > > > domains there is no difference in the security properties of a microkernel and of a monolithic
> > > > kernel, so the claim that there are billions of devices running microkernels would be false.
> > > >
> > > > However, without HW-memory protection, i.e. without paging and/or segmentation, and likely also without
> > > > caches, the context switches would be very fast so there will also be no differences in performance
> > > > between a kernel structured like a microkernel and a kernel structured as a monolithic kernel.
> > > >
> > > >
> > > > My guess is that the choice of L4 in Qualcomm devices has nothing to do with the fact that
> > > > on CPUs with memory protection it is possible to use L4 as the base of a microkernel, but
> > > > everything to do with the fact that L4 is a small and bug-free kernel (formally proved) and
> > > > for the reduced needs of an embedded microcontroller only relatively little code must be
> > > > added to the kernel, so the additional custom code can hopefully be also bug-free.
> > >
> > > 32 bit embedded controllers don't normally have virtual memory or caches - but they do typically
> > > have quite good memory protection with each task being able to access a number of protection domains
> > > or segments at a time. Just because you have a hardware address doesn't mean you can access it.
> >
> >
> > There are microcontrollers with memory protection like you say, but those are typically
> > at the higher-end of such MCUs, e.g. many Cortex-R models, in the case of ARM.
> >
> > I have no idea which are the features implemented by the Qualcomm MCUs on which L4
> > is used, but I would expect them to be low-end MCUs, comparable with an ARM Cortex-M0+
> > or at most with a Cortex-M3, because that was the level of complexity in the baseband
> > processors used in some competitor's LTE modem, with which I was familiar.
> >
> > So I think that it is unlikely that the Qualcomm baseband processor has memory protection.
> >
> > In such an embedded CPU, memory protection would be pretty useless anyway,
> > because it will never run any unknown, possibly hostile, program.
> >
> > The only purpose of memory protection would be to guard against incompetent
> > programmers and inadequate testing of the software.
> >
> > When a chip is intended to be produced for hundreds of millions
> > of devices and it will run just a fixed application,
> > the right choice is to use minimal hardware and to spend
> > enough resources for the validation of the software,
> > in order to guarantee already at compile-time that illegal memory accesses will never be done.
> >
> > So for such an application the distinction between monolithic kernels and microkernels is not relevant,
> > because the entire application will be monolithic, including the kernel and all "user" threads, even when
> > the kernel is L4 and even when there is some kind of a message-passing interface between the threads.
>
> Hmm, on looking round it seems you're closer to right than me. Practically all the Corte-M3's one
> can buy as chips have a memory protection unit - however most actual systems in use don't actualy
> use it! Arm have revised the implementation for ARMv8 to be more flexible and easier to use but
> I guess the reason for not using it is as you say, most implementors don't see the point.

By the way you might be interested in this from IEEE Spectrum if you haven't seen it before
The U.S. Government Finally Gets Serious About IoT Security
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
x86 - why unite when you can fragment?anonymou52021/03/12 06:16 PM
  x86 - why unite when you can fragment?Linus Torvalds2021/03/13 01:18 PM
    x86 - why unite when you can fragment?Jon Masters2021/03/13 07:25 PM
      x86 - why unite when you can fragment?Jon Masters2021/03/13 07:44 PM
        x86 - why unite when you can fragment?Yuhong Bao2021/03/13 08:49 PM
        x86 - why unite when you can fragment?tt2021/03/20 09:30 AM
    x86 - why unite when you can fragment?Andrey2021/03/14 04:15 PM
      x86 - why unite when you can fragment?Linus Torvalds2021/03/14 04:58 PM
        x86 - why unite when you can fragment?anonymou52021/03/14 05:31 PM
          x86 - why unite when you can fragment?anon22021/03/14 08:07 PM
        Microkernel?Anon2021/03/14 11:49 PM
          Microkernel?none2021/03/15 12:37 AM
            Microkernel?Anon2021/03/15 01:56 AM
          Microkernel?anon22021/03/15 01:58 AM
            Microkernel?Simon Farnsworth2021/03/15 03:12 AM
              Microkernel?anon22021/03/15 04:53 AM
                Microkernel?Simon Farnsworth2021/03/15 06:56 AM
                  Microkernel?iz2021/03/15 08:10 AM
                    Microkernel?Anon2021/03/15 09:05 AM
                      Microkernel?iz2021/03/16 01:25 AM
                        Microkernel?Andrey2021/03/16 02:54 AM
                          Microkernel?iz2021/03/16 08:36 AM
                            Microkernel?Andrey2021/03/16 10:06 AM
                              Microkernel?anonymou52021/03/16 11:44 AM
                              Microkernel?iz2021/03/21 02:58 AM
                                Microkernel?Andrey2021/03/21 09:34 AM
                  Microkernel?anon22021/03/15 08:31 AM
                    Microkernel?Simon Farnsworth2021/03/16 04:42 AM
            Microkernel?Gabriele Svelto2021/03/15 03:21 AM
              Microkernel?anon22021/03/15 04:56 AM
                Microkernel?Gabriele Svelto2021/03/15 10:41 AM
                  Microkernel?anon22021/03/15 08:00 PM
                    Microkernel?Gabriele Svelto2021/03/16 07:23 AM
                      Microkernel?anon22021/03/16 05:13 PM
                        Microkernel?anon22021/03/16 05:16 PM
                    Microkernel?Gian-Carlo Pascutto2021/03/16 01:40 PM
                      Microkernel?anon22021/03/16 05:53 PM
                        Microkernel?Linus Torvalds2021/03/16 07:25 PM
                          Microkernel?Doug S2021/03/17 09:30 AM
                            Microkernel?Linus Torvalds2021/03/17 10:30 AM
                              Microkernel?Brendan2021/03/17 10:56 PM
                                Microkernel?Michael S2021/03/18 03:47 AM
                                  Microkernel?Brendan2021/03/18 09:07 AM
                              Microkernel?Jose2021/03/18 09:35 AM
                            Microkernel?zArchJon2021/03/18 05:42 PM
                          TransputerRichardC2021/03/17 09:47 AM
                          Microkernel?dmcq2021/03/17 11:15 AM
                            Microkernel?Linus Torvalds2021/03/17 11:59 AM
                              Microkernel?dmcq2021/03/17 12:38 PM
                              Microkernel?Adrian2021/03/17 01:00 PM
                              Microkernel?Ana R. Riano2021/03/18 04:33 AM
                              Microkernel?2021/04/30 04:52 PM
                          Microkernel?NvaxPlus2021/03/17 11:48 AM
                            Microkernel?Michael S2021/03/18 03:32 AM
                              Microkernel?Adrian2021/03/18 04:12 AM
                                Microkernel?dmcq2021/03/18 06:30 AM
                                  Microkernel?dmcq2021/03/18 06:55 AM
                                  Microkernel?Adrian2021/03/18 08:35 AM
                                    Microkernel?---2021/03/18 09:49 AM
                                    Microkernel?dmcq2021/03/18 10:59 AM
                                      Microkernel?dmcq2021/03/18 04:09 PM
                              Microkernel?---2021/03/18 09:27 AM
                          Microkernel?Kalle A. Sandström2021/03/20 06:34 AM
                            Microkernel?---2021/03/20 08:35 AM
                            Microkernel?anon22021/03/21 05:29 PM
            Microkernel?dmcq2021/03/15 04:06 AM
              Microkernel?anon22021/03/15 04:59 AM
                Microkernel?dmcq2021/03/15 11:51 AM
                  Microkernel?anon22021/03/15 08:31 PM
                    Microkernel?dmcq2021/03/16 09:17 AM
                      Microkernel?Jukka Larja2021/03/16 11:22 AM
                        Microkernel?dmcq2021/03/16 04:06 PM
                          Microkernel?Jukka Larja2021/03/17 03:42 AM
                            Microkernel?dmcq2021/03/17 07:00 AM
                      Microkernel?anon22021/03/16 05:26 PM
                    Microkernel?---2021/03/16 10:07 AM
            Microkernel?-.-2021/03/15 08:15 PM
              Microkernel?anon22021/03/15 09:18 PM
                Microkernel?Foo_2021/03/16 03:37 AM
                  Read the thread (NT)anon22021/03/16 05:27 PM
                    Already did (NT)Foo_2021/03/17 02:55 AM
                      Already didanon22021/03/17 03:46 AM
                        Already didEtienne Lorrain2021/03/18 02:31 AM
                Microkernel?-.-2021/03/17 05:04 AM
                  Microkernel?Gabriele Svelto2021/03/17 08:53 AM
                    Microkernel?-.-2021/03/17 02:43 PM
              Microkernel?dmcq2021/03/16 08:40 AM
        x86 - why unite when you can fragment?Konrad Schwarz2021/03/17 10:19 AM
    x86 - why unite when you can fragment?anonon2021/03/15 07:37 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?