Commit 727e4a4e authored by Ticki's avatar Ticki

Kernel design chapter

parent 7b705cd3
......@@ -41,10 +41,10 @@
- [Stitching it all together](./design/url_scheme_resource/
- ["Everything is a URL"](./design/url_scheme_resource/
- [An example](./design/url_scheme_resource/
- [The kernel]()
- [Microkernels]()
- [Advantages of microkernels]()
- [Disadvantages of microkernels]()
- [The kernel](./design/kernel/
- [Microkernels](./design/kernel/
- [Advantages of microkernels](./design/kernel/
- [Disadvantages of microkernels](./design/kernel/
- [Performance of microkernels]()
- [Syscalls]()
- [Linux compatibility]()
Advantages of microkernels
Arguably, there are quite a lot advantages (and disadvantages too!) of microkernels. These will briefly be discussed here:
Modularity and customizability
Monolithic kernels are, well, monolithic. They do not allow as fine-grained control as microkernels. This is due to many essential components are "hard-coded" into the kernel, and thus requires modifications to the kernel itself.
Microkernels are very modular by nature. You can replace, reload, modify, change, and remove modules, on runtime, without even touching the kernel.
Modern monolithic kernels tries to solve this issue, using kernel modules, but do often still require the system to reboot.
Microkernels are undoubtedly _a lot_ more secure than monolithic kernels. The minimality principle of microkernels is a direct consequence of the principle of least privilege, according to which all components should have only the privileges absolutely needed to provide the needed functionality.
The vast majority of security-critical bugs in monolithic kernels stems from drivers running unrestricted in kernel mode, without any form of protection.
In other words: **drivers can do whatever, without restrictions, when running in ring 0**.
Less crashes
Monolithic kernels are, when compared to microkernels, relatively crash-prone. Simple logic bugs can result in a crashed driver, which will, for a kernel space driver, crash the whole system.
In Linux, this is often seen by errors with drivers dereferencing bad pointers, ultimately resulting in kernel panics.
Disadvantages of microkernels
The kernel of Redox
The kernel of Redox largely derives from the concept of microkernels, particularly with inspiration from L4, Mach, and Minix. This chapter will discuss the design of the Redox kernel.
As noted previously, Redox' kernel is a microkernel. Microkernels stands out in their design by providing minimal abstractions in kernel space. Microkernels do have, in contrary to monolithic kernel, great emphasis on userspace.
The philosophy of microkernels is essentially, that any components, which can run in user space, should run in user space. Kernel space should only be utilized for the most essential components, that is: system calls, process separation, resource management, IPC, thread management, and so on.
The kernel's main task is to act as a medium for communication and segregation of processes. The kernel should provide minimal abstraction over the hardware (that is, drivers which can, should run in user mode).
Microkernels are more secure and less prone to crashes than monolithic kernel. This is due to drivers and other abstraction being less privileged, and thus cannot do damage to the system. Furthermore, microkernels are extremely maintainable, due to their small code size, this can potentially reduce the number of bugs in the kernel.
As anything else, microkernels do also have disadvantages. We will discuss these later.
Versus monolithic kernels
Monolithic kernels provides a lot more abstractions than microkernels.
![An illustration](
The above illustration (from WikiMedia, by Wooptoo) shows how they differ.
A note on the current state
Currently, Redox has a 16,000 lines kernel. We would like to move certain things to userspace to get an even smaller kernel. For comparison, Minix has a 6,000 lines kernel.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment