User: Password:
|
|
Subscribe / Log in / New account

MINIX 3.2.1 released

MINIX 3.2.1 released

Posted Feb 23, 2013 15:47 UTC (Sat) by ibukanov (subscriber, #3942)
In reply to: MINIX 3.2.1 released by mabshoff
Parent article: MINIX 3.2.1 released

> Today's main problem for toy and research OSes is hardware support, so I see the potential tendency of them running well on hypervisors just like on the IBM 390 decades ago. But once you do that you kind of miss the point of running an alternative OS in the first place,

With IOMMU visualization like Intel's Vt-d one can run a toy OS against a single piece of real hardware like a network card while the rest will be provided by a hypervisor. That can bear very useful results like isolation of increasingly complex network drivers and protocols behind a hardened special-purpose OS. This reduces the attack surface against other software running in the hypervisor.


(Log in to post comments)

MINIX 3.2.1 released

Posted Feb 23, 2013 22:56 UTC (Sat) by mabshoff (guest, #86444) [Link]

> With IOMMU visualization like Intel's Vt-d one can run a toy OS against a single piece of real hardware like a network card while the rest will be provided by a hypervisor.

Absolutely, but given that the Hurd does currently not have any USB support (At least it did not have it toward the end of 2012 even though I think that a USB DDEKit is being worked on also by the Minix folks) the IOMMU support for something like Hurd or Minix seems unlikely.

> That can bear very useful results like isolation of increasingly complex network drivers and protocols behind a hardened special-purpose OS. This reduces the attack surface against other software running in the hypervisor.

Yeah, I still think that if you took some of the ideas/goals from the Hurd and tried to implement them on top of the Linux kernel they would have gotten much further along, but then you would have had to compromise. These days there are plenty of userspace driver infrastructure bits in the Linux kernel. I cannot imagine that the theoretical advantage of the Hurd microkernel design will even pay off because most of the interesting bits can likely be done with the Linux kernel and no one should care about the boring driver bits, but the cool stuff.

Cheers,

Michael

MINIX 3.2.1 released

Posted Feb 23, 2013 23:17 UTC (Sat) by ibukanov (subscriber, #3942) [Link]

> IOMMU support for something like Hurd or Minix seems unlikely.

I meant running Minix or other toy/research OS under a hypervisor like XEN or KVM that supports IOMMU so Minix could manage a piece of the real hardware like a network card. Such OS can implement complex network protocols or WIFI drivers isolating the rest of the system from bugs there.

I hope such setups would be more widespread allowing once again small teams or even a single person to try new OS ideas against latest hardware.

MINIX 3.2.1 released

Posted Feb 23, 2013 23:41 UTC (Sat) by mabshoff (guest, #86444) [Link]

> I meant running Minix or other toy/research OS under a hypervisor like XEN or KVM that supports IOMMU so Minix could manage a piece of the real hardware like a network card. Such OS can implement complex network protocols or WIFI drivers isolating the rest of the system from bugs there.

Ok, got your point. That certainly makes sense and if for example you think about VFIO coming from the Cisco folks it does not take much imagination why those folks were motivated to do that work since instead of porting their various routing OSes to various hardware platforms just take Linux with KVM and hand control of the networking hardware to the routing OS. That sidesteps the whole GPL issue and isolates the routing OS from the boring hardware bits.

> I hope such setups would be more widespread allowing once again small teams or even a single person to try new OS ideas against latest hardware.

I think it is already happening. I would be hard pressed to name a OS that does not run on VMWare, i.e. Haiku, the Hurd and Minix all run on top of it. Even OS/2 Warp and later is a supported configuration, but I might have thought about some earlier OS/2 releases which IIRC did some strange things in ring 2, but I am too tired to research it at this time.

I am not sure about the quality of those OSes running on top of say VMWare since I recall strange stability issues with FreeBSD 8.3 on some ESXi targets for example, but that is a different problem. Jump five years ahead and I cannot imagine anything but the various hypervisors being a mandatory target platform for any research OS out there. IIRC last year's linux.conf.au had a session about using Linux as the L4sec boot loader for example for some ARM target. That just sounds like an insane thing to do unless you think about what it would take to write all those drivers for L4sec I assume :p.

Cheers,

Michael


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds