Date: Mon, 1 Sep 2014 17:30:32 -0400 (EDT) From: Garrett Wollman <wollman@hergotha.csail.mit.edu> To: jkh@mail.turbofuzz.com Cc: freebsd-arch@freebsd.org Subject: Re: script(2) [was: [CFT/review] new sendfile(2)] Message-ID: <201409012130.s81LUWCs009135@hergotha.csail.mit.edu> References: <20140529102054.GX50679@FreeBSD.org> <20140729232404.GF43962@funkthat.com> <20140831165022.GE7693@FreeBSD.org> <540382E2.3040004@freebsd.org> <2770.1409522711@critter.freebsd.dk> <A18F2D00-8B24-4886-BB0A-C50A88FBAFB2@mail.turbofuzz.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <A18F2D00-8B24-4886-BB0A-C50A88FBAFB2@mail.turbofuzz.com>, Jordan writes: >Having seen this pattern used for several kernel-related things in a few >of my former lives, I think this idea has a lot of merit, though I’d be >careful not to conceptualize it purely (or only) as an “engine for >off-loading work to in order to avoid the kernel/userland boundary cost” >since I think the concept has a much broader application than that. [and more good stuff] This is all heading down the road of Exokernel. Except that Exokernel did it with proof-carrying native code.[1] Once they had that (and a few other related pieces), they could use kernel code to define only the bare minimum security properties and push everything else into libraries -- network, filesystems, and so on -- without taking the huge performance hit of the pure Mach-style implementation with privilege-management servers and message-passing and stuff.[2] Other similar systems (of which I think BPF was the first, and certainly one of the first to be widely deployed) avoid the need for a rigorous proof of safety by deliberately limiting the computational power of their virtual machines. -GAWollman [1] If I remember correctly. It's been a long time. I should ask Frans, but it's a holiday so neither of us are in the office. [2] Once every decade or so, the concept of a "library operating system" comes back into vogue before being steamrolled by the market. This time around it might have more staying power, because manycore is here and monolithic operating systems do not scale nicely on 512-core processors.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409012130.s81LUWCs009135>