2009

Improvingthereliabilityofcommodityoperating
systems

Despite decades of research in extensible operating system technology,

extensionssuchasdevicedriversremainasignificantcauseofsystemfailures.In
Windows XP, for example, drivers account for 85% of recently reported failures.
ThisarticledescribesNooks,areliabilitysubsystemthatseekstogreatlyenhance
operating system (OS) reliability by isolating the OS from driver failures. The
Nooks approach is practical: rather than guaranteeing complete fault tolerance
throughanew(andincompatible)OSordriverarchitecture,ourgoalistoprevent
thevastmajorityofdrivercausedcrasheswithlittleornochangetotheexisting
driver and system code. Nooks isolates drivers within lightweight protection
domainsinsidethekerneladdressspace,where hardwareandsoftwareprevent
them from corrupting the kernel. Nooks also tracks a drivers use of kernel
resourcestofacilitateautomaticcleanupduringrecovery.Toprovetheviabilityof
ourapproach,weimplementedNooksintheLinuxoperatingsystemandusedit
to faultisolate several device drivers. Our results show that Nooks offers a
substantial increase in the reliability of operating systems, catching and quickly
recoveringfrommanyfaultsthatwouldotherwisecrashthesystem.Underawide
rangeandnumberoffaultconditions,weshowthatNooksrecoversautomatically
from 99% of the faults that otherwise cause Linux to crash. While Nooks was
designed for drivers, our techniques generalize to other kernel extensions. We
demonstratethisbyisolatingakernelmodefilesystemandaninkernelInternet
service.Overall,becauseNookssupportsexistingClanguageextensions,runsona
commodityoperatingsystemandhardware,andenablesautomatedrecovery,it
represents a substantial step beyond the specialized architectures and typesafe
languagesrequiredbypreviouseffortsdirectedatsafeextensibility.

AmirSamanMemaripour
ShahidBeheshtiUniversity
5/7/2009

3..............................................................................................................................................................
4...............................................................................................................................................................
7..................................................................................................................................................Nooks
(2.1 8....................................................................................................................................................
(2.2 9....................................................................................................................................................
(2.2.1 10.........................................................................................................................................
(2.2.2 10.....................................................................................................................................
(2.2.3 11....................................................................................................................................
(2.2.4 11.............................................................................................................................................
13............................................................................................................................................Nooks
(3.1 15...............................................................................................................................
(3.2 18...........................................................................................................................................
(3.3 19..............................................................................................................................................
(3.3.1 21.........................................................................................................................
(3.4 22..........................................................................................................................................
(3.5 23....................................................................................................................................................
(3.6 25...................................................................................................................................
(3.7 26.................................................................................................................................
27......................................................................................................................................................

extension driver
. driver XP %85
.
1 Nooks driver
. Nooks
driver
driver Nooks . driver
2 3
. driver 4 .
Nooks
devicedriver . Nooks

driver . Nooks %99
crash .
Nooks driver extension
. kernelmode 5
. Nooks extension C

typesafe extension .

Reliabilitysubsystem
Lightweightprotectiondomains
3
Kerneladdressspace
4
Automaticcleanup
5
inkernelInternetservice
2

Nooks
extension ) devicedriver (6 7
. extension 8
crash . extension Nooks
extension 9
Nooks . extension
. 10
.
.
: .
)
( .
11
.
: 12 ) (modules ) (drivers
.
. devicedriver extension
. %70
extension . driver 35000 120000 XP .

Loadablefilesystems
Commoditykernels
8
Corrupt
9
Kernelmode
10
Trapped
11
Unmanagedsystems
12
extensions
7

extension
13 .
: . driver %85
XP . devicedriver 7
. 14
.
extension .
extension .

driver extension . extension
. 15
. 16
.
. 20
driver extension 17
typesafe .
Nooks 2
Nooks . extension
extension
. extension 18 .
C .

13

Organization
Core
15
Backwardcompatibility
16
Robustness
17
Userlevelextensions
18
Todaysplatforms
14

.
driver extension .
Nooks extension
devicedriver 19 .
20 extension Nooks
extension %99 . Nooks
21 . extension
22 . driver
extension
. extension
23 13 .

.
Nooks .
. .
Nooks .

.

19

Kernelwebserver
Automaticfaultinjection
21
Manually
22
Applications
23
Sourcecode
20

Nooks
Nooks :
) (1 .
. extension
.
) (2 . extension
.
extension
. extension
. 24 25
26 .
extension .
SPIN JVM extension .
Nooks extension
.
.
driver .
extension
. driver
1 driver
28 . .

24

Unprotected
Safe
26
Designspace
27
JavaVirtualMachine
28
SystemPageTable
25

.
) ( ) 29
30( . .
. 3
.
. driver
.

(2.1
Nooks :
) (1 : extension .
extension .
) (2 : extension
.
) (3 : extension
.
.
31 .
Nooks .

29

Virtualization
Isolation
31
Capabilitybased
30

1 Nooks extension .

(2.2
32 extension .
extension .

.
(33NIM) Nooks . 1 . NIM
. NIM
Nooks . .
NIM extension . NIM
extension extension extension Nooks
. extension
.

OperatingSystemreliabilitylayer
NooksIsolationManager

32
33

34 35 NIM
.
(2.2.1
Nooks extension extension .
extension Nook .
.
.
. .
extension .
36 extension
. .
. (37XPC) extension
extension .
) (38LRPC ) (39PPC .
LRPC PPC 40 XPC
) extension (.
(2.2.2
Nooks extension 41 Nooks . 42
(1) : extension XPC

34

Interposition
ObjectTracing
36
SystemCalls
37
ExtensionProcedureCall
38
LightweightRemoteProcedureCall
39
ProtectedProcedureCall
40
Distrustfulpeers
41
Transparentlyintegration
42
Interpositioncode
35

10

) (2 extension ) Nooks (
.
NIM extension 43
. RPC
) ( . Nooks extension .
extension API extension 44 .
45extension .
(2.2.3
NIM extension .
) (1 extension (2)
) (3 extension
. extension .
46 extension extension
.

47

. 48 extension
.
(2.2.4
Nooks extension .
extension ) (
Nooks .
extension .
.

43

Wrapperstub
KernelsextensionAPI
45
Extensionsfunctionentrypoint
46
Copy
47
Synchronize
48
Accessibility
44

11

extension Nooks .
.
extension
Nooks .
Nooks .
Nooks .
extension
. extension . Nooks
extension .

12

Nooks
Nooks 2.4.18 49x86 .
Nooks extension 50 .
Nooks
XP 51 . 700 extension 650
52extension . extension
. 18
.
extension .
53
. C .
extension extension extension 54
. 55 extension
. extension
56 . Nooks
extension .

49

Intelx86
Loadablemodules
51
Solaris
52
Extensionentryfunction
53
Genericinterface
54
Exportedkernelroutines
55
Global
56
Inlinefunctions
50

13

2 ) Nooks( extension .

2 Nooks . extension Nooks

: devicedriver driver . extension
Nooks . extension
. extension 2
.
NIM .

x86 . extension
.
.

14

1882

1454

extension

770
14396
1136

924
2074

22266

1 Nooks

1 Nooks . 22000 .
2.4 2.4 57 30
.
. WindowsServer2003
50 . Nooks extension
.
Nooks
. .
Nooks .

(3.1
Nooks ) (1
) (2 (XPC) extension extension.
3 58 extension
. .
. extension

Usermodefacilities
Lightweightkernelprotectiondomain

57
58

15

.
59 .

extension Nooks
. 60 heap
61 extension / 62
socket / extension .
Nooks .
Nooks . Nooks
extension
extension .
. x86 TLB 63 .
x86 TLB 64

59

Singleaddressspace
Private
61
Poolofstacks
62
MemorymappedphysicalI/Oregions
63
Flush
64
Miss
60

16

. TLB MIPS Alpha

IA64 PARISC . Nooks
65 66 67
- 68 .
Nooks ) (DMA .
x86 . Nooks
driver .
XPC Nooks extension .
extension extension
. 3.3 .
XPC Nooks nooks_driver_call (1) :
extension ) nooks_kernel_call (2 extension .
.
. 69 )
( .
.
XPC TLB .
70 XPC
. XPC .
driver driver .
extension .

65

Kerneltasks
Scheduling
67
Datacopying
68
Kerneluserremoteprocedurecalls(RPCs)
69
Transferroutines
70
Deferredcall
66

17

.
. : extension
extension .
extension
XPC Nooks . extension
extension .
71 extension .
XPC extension .
.
extension
. Nooks
. 72 .
extension .
) ( .

. ) x86 73 (
.

(3.2
extension Nooks Nooks .
extension/ .

74

extension/ extension .

71

Atomic
Pagedirectorypointer
73
Segmentregister
74
Procedurecallinterfaces
72

18

. 75
extension . extension
. extension
extension .
extension extension .
Nooks .
extension ) ( .
extension . extension
.
. Nooks XPC .
76 extension .
extension XPC . softnet_data
device .

(3.3
Nooks extension . :
extension . extension
extension . XPC
.
.
. 4 . extension
XPC ) (... .
.

Standardmoduleloader
Shadowcopy

75
76

19

extension .
XPC extension .

4 extension

.
. heap
extension XPC . extension
77 78 .
.
extension
. 4 XPC
extension .
.
79 80 .
XPC .
extension ) C (
.

77

Marshalling
Unmarshaling
79
Wrapperentrycode
80
Headerfiles
78

20

. -
extension . .
extension
. 81
.
82 extension driver
.
(3.3.1
extension 8 Nooks : driver ) sb
(es1371 driver ) 3c59x e1000 pcnet32 (3c90x ) (VFAT
).(kHTTPd

5 extension

Threads
Metacompilation

81
82

21

1 Nooks 14 Nooks
. 248 463
. driver .
5 ) (extension extension
. extension .
extension . 44 ) 31 13 (extension
driver pcnet32 27 driver . 39
driver . 159 114
extension kHTTPd VFAT .

(3.4
extension . Nooks
extension .
XPC .
hash . extension
extension .
extension .
83 extension
84 .
extension . . XPC
extension . XPC
. extension
. .
. extension timer .

)Garbagecollection(GC
Danglingreferences

83
84

22

extension add_timer timer

. Nooks
.
. Nooks
extension . Nooks
.
extension .
Nooks inodes PCI devices tasklets
.
extension .
43 . 85
.

(3.5
Nooks . extension
. 86 .
Nooks ) (87
. Nooks
extension .
) (extension
. .
devicedriver extension

85

Uniquetypeidentifier
Usermodeagent
87
Livelock
86

23

device .
.

extension extension .
extension . extension
extension . diskdriver
.
driver
extension . driver 88 .
driver . driver
driver .
extension
.
.
extension extension
. extension
.
) ( .
. Nooks
extension device . device
. device
.

Reboot

88

24

device . Nooks .
extension .
extension Nooks
.
Nooks XPC .
.
extension extension .
extension .
extension . extension
. devicedriver
driver ) (IRQs driver .

(3.6
2 Nooks . Nooks
. extension
. Nooks extension .
Nooks . extension Nooks
extension
.
.
extension
. devicedriver
extension .

25

.
extension
.
.

(3.7
Nooks extension
. 89 Nooks .
extension . Nooks
extension . extension ) (XPC
.
Nooks
extension . extension
.
extension .
extension 13 ) (kHTTPd
.

Errant

89

26

extension Nooks .
extension Nooks .
extension extension .
Nooks 90 extension
. Nooks 0 60
Nooks 99
.
) (1 Nooks
extension (2) driver )(3
extension .
Nooks
. extension
. Nooks
. extension
91 .
devicedriver extension XPC
. .
.
device .

Backwardsynchronization
Bottleneckpotential

90
91

27