L4Re Operating System Framework – Interface and Usage Documentation
Loading...
Searching...
No Matches
Introduction

The intention of this section is to provide a short overview about the L4Re Operating System Framework.

The general structure of a microkernel-based system will be introduced and the principal functionality of the servers in the basic environment outlined.

L4Re Microkernel

The L4Re Microkernel is the lowest-level component of software running in an L4Re-based system. The microkernel is the only component that runs in privileged processor mode. It does not include complex services such as program loading, device drivers, or file systems; those are implemented in user-level programs on top of it (a basic set of these services and abstractions is provided by the L4 Runtime Environment).

Microkernel services are implemented in kernel objects. Tasks hold references to kernel objects in their respective "object space", which is a kernel-protected table. These references are called capabilities. System calls to the microkernel are function invocations on kernel objects through the corresponding capabilities. These can be thought of as function invocations on object references in an object-oriented programming environment. Furthermore, if a task owns a capability, it may grant other tasks the same (or fewer) rights on this object by passing the capability from its own to the other task's object space.

From a design perspective, capabilities are a concept that enables flexibility in the system structure. A thread that invokes an object through a capability does not need to care about where this object is implemented. In fact, it is possible to implement all objects either in the kernel or in a user-level server and replace one implementation with the other transparently for clients.

Communication

The basic communication mechanism in L4-based systems is called "Inter Process Communication (IPC)". It is always synchronous, i.e. both communication partners need to actively rendezvous for IPC. In addition to transmitting arbitrary data between threads, IPC is also used to resolve hardware exceptions, faults and for virtual memory management.

Kernel Objects

The following list gives a short overview of the kernel objects provided by the L4Re Microkernel:

  • Task A task comprises a memory address space (represented by the task's page table), an object space (holding the kernel protected capabilities), and on x86 an IO-port address space.
  • Thread A thread is bound to a task and executes code. Multiple threads can coexist in one task and are scheduled by the microkernel's scheduler.
  • Factory A factory is used by applications to create new kernel objects. Access to a factory is required to create any new kernel object. Factories can control and restrict object creation.
  • IPC Gate An IPC gate is used to create a secure communication channel between different tasks. It embeds a label (kernel protected payload) that securely identifies the gate through which a message is received. The gate label is not visible to and cannot be altered by the sender.
  • IRQ IRQ objects provide access to hardware interrupts. Additionally, programs can create new virtual interrupt objects and trigger them. This allows to implement a signaling mechanism. The receiver cannot decide whether the interrupt is a physical or virtual one.
  • Vcon Provides access to the in-kernel debugging console (input and output). There is only one such object in the kernel and it is only available, if the kernel is built with debugging enabled. This object is typically interposed through a user-level service or without debugging in the kernel can be completely based on user-level services.
  • Scheduler Implements scheduling policy and assignment of threads to CPUs, including CPU statistics.

L4Re System Structure

The system has a multi-tier architecture consisting of the following layers depicted in the figure below:

  • Microkernel The microkernel is the component at the lowest level of the software stack. It is the only piece of software that is running in the privileged mode of the processor.
  • Tasks Tasks are the basic containers (address spaces) in which system services and applications are executed. They run in the processor's deprivileged user mode.
Basic Structure of an L4Re based system

In terms of functionality, the system is structured as follows:

  • Microkernel The kernel provides primitives to execute programs in tasks, to enforce isolation among them, and to provide means of secure communication in order to let them cooperate. As the kernel is the most privileged, security-critical software component in the system, it is a general design goal to make it as small as possible in order to reduce its attack surface. It provides only a minimal set of mechanisms that are necessary to support applications.
  • Runtime Environment The small kernel offers a concise set of interfaces, but these are not necessarily suited for building applications directly on top of it. The L4Re Runtime Environment aims at providing more convenient abstractions for application development. It comprises low-level software components that interface directly with the microkernel. The root pager sigma0 and the root task Moe are the most basic components of the L4Re Runtime Environment. Other services (e.g., for device enumeration) use interfaces provided by them.
  • Applications Applications run on top of the system and use services provided by the runtime environment – or by other applications. There may be several types of applications in the system and even virtual machine monitors and device drivers are considered applications in the terminology used in this document. They are running alongside other applications on the system.

Lending terminology from the distributed systems area, applications offering services to other applications are usually called servers, whereas applications using those services are named clients. Being in both roles is also common, for instance, a file system server may be viewed as a server with respect to clients using the file system, while the server itself may also act as a client of a hard disk driver.

L4Re Runtime Environment

The L4Re Runtime Environment provides a basic set of services and abstractions, which are useful to implement and run user-level applications on top of the L4Re Microkernel. They form the L4Re Operating System Framework.

The L4Re Operating System Framework consists of a set of libraries and servers. L4Re follows an object-oriented design. Server interfaces are object-oriented, and the implementation is also object-oriented.

A minimal L4Re-based application needs 3 components to be booted beforehand: the L4Re Microkernel, the root pager (Sigma0), and the root task (Moe). The Sigma0 root pager initially owns all system resources, but is usually used only to resolve page faults for the Moe root task. Moe provides the essential services to normal user applications such as an initial program loader, a region-map service for virtual memory management, and a memory (data space) allocator.