Windows Kernel - H2HC

Kernel Pure ConceptKernel can be thought of asthe bridge betweenapplication and the actualdata processing done at thehardware level

Kernel Basic FacilitiesProcess ManagementMemory ManagementDevice ManagementSystem Calls

Kernel Design DecisionsDesign Decisions from 60’s, 70’s and 80’sDesign build to an inocence and secure worldCPU design decisions share the same idea

Kernel Design DecisionsMicrokernelRun most of the operatingsystem services in userspace as servers, aiming toimprove maintainability andmodularity of the operatingsystem.

Kernel Design DecisionsHybrid KernelHybrid kernels are acompromise between themonolithic and microkerneldesigns. This impliesrunning some services (suchas the network stack or thefilesystem) in kernel spaceto reduce the performanceoverhead of a traditionalmicrokernel, but still runningkernel code (such as devicedrivers) as servers in userspace.

HybridKernel in Real WorldWindows: 88,5 %Mac OS: 6,8%MonolithicLinux: 4,2%source: www.w3schools.orgMicrokernelQNX is the only viable commercialmicrokernel; most used in airports and SpaceShuttle.

Windows KernelStarted in 1988, led by David Cutler from Digital6 guys from Digital, 1 guy from Microsoft.3 years of development, from scratchInspired in DEC VMS, DEC RSX-11 and PRISMThe idea was to have a common code base witha custom Hardware Abstraction Layer (HAL) foreach platform (Have you seen this ? )Windows NT 3.1 was initially developed usingnon-x86 development systems and then portedto the x86 architecture

Windows KernelMain Design Goals:Hardware and software portability: (Intel IA-32,MIPS R3000/R4000 and Alpha, with PowerPC,Itanium and AMD64), and a private version toSun SPARC architecture.Reliability: Nothing should be able to crash theOS. Anything that crashes the OS is a bugCompatibility: DOS, Win16, Win32, OS/2, POSIXapplications

Windows Kernelin Windows NT 3.x, several I/O driversubsystems, such as video and printing, wereuser-mode subsystems.In Windows NT 4, the video, server and printerspooler subsystems were integrated into thekernel.In Windows 7 and 2008 R2, many subsystemswas integrated into the kernel (UAC, TPM)

Windows KernelWindows NT's kernel mode code furtherdistinguishes between the "kernel", whoseprimary purpose is to implement processor andarchitecture dependent functions, and the"executive".Both the kernel and the executive are linkedtogether into the single loaded modulentoskrnl.exe;From outside this module there is little distinctionbetween the kernel and the executive. Routinesfrom each are directly accessible, as for examplefrom kernel-mode device drivers.

Windows KernelWhile the x86 architecture supports four differentprivilege levels (numbered 0 to 3), only the twoextreme privilege levels are used.Usermode programs are run with CPL 3, and thekernel runs with CPL 0. These two levels are oftenreferred to as "ring 3" and "ring 0", respectively.Design decision to achieve code portability toRISC platforms, that only support two privilegelevelsThe original Multics system had eight rings, butmany modern systems have fewer.

Windows KernelEffective use of ring architecture requires closecooperation between hardware and the operatingsystem (the Apple advantage ??)Operating systems designed to work on multiplehardware platforms may make only limited use ofrings if they are not present on every supportedplatform.Often the security model is simplified to "kernel"and "user" even if hardware provides finergranularity through rings.More security ? Build your hardware and OS(Microsoft future ? Apple first vision ?)

WindowsKernel

UserModeWindows ArchitectureEnvironmentSubsystemsSystem Processes Services ApplicationsServiceControl Mgr.LSASSWinLogonSession ManagerSvcHost.ExeWinMgt.ExeSpoolSv.ExeServices.ExeTask ManagerExplorerUserApplicationSubsystem DLLsPOSIXWindows DLLsOS/2WindowsSystemThreadsNTDLL.DLLKernelModeSystem Service DispatcherI/O Mgr(kernel mode callable interfaces)WindowsUSER,GDIDevice &File Sys.DriversFileSystemCacheObjectMgr.Plug andPlay Mgr.PowerMgr.SecurityReferenceMonitorVirtualMemoryProcesses&ThreadsConfigurationMgr(registry)LocalProcedureCallGraphicsDriversKernelHardware Abstraction Layer (HAL)hardware interfaces (buses, I/O devices, interrupts,interval timers, DMA, memory cache control, etc., etc.)

Architecture of WindowsusermodeNT API stubs (wrap sysenter) -- system library (ntdll.dll)NTOSkernellayerTrap/Exception/Interrupt DispatchCPU mgmt: scheduling, synchr,ISRs/DPCs/APCskernelmodeDriversDevices, Filters,Volumes,Networking,GraphicsProcs/Threads IPCVirtualglueMemoryCaching Mgr I/ONTOS executive layerObjectMgrSecurityRegistryHardware Abstraction Layer (HAL): BIOS/chipset detailsfirmware/hardwareCPU, MMU, APIC, BIOS/ACPI, Copyright Microsoft memory, devicesCorporation

Windows Vista KernelChangesAlgorithms, scalability, code maintainabilityCPU timing: Uses Time Stamp Counter (TSC)●Interrupts not charged to threads●Timing and quanta are more accurateCommunicationI/O●●●ALPC: Advanced Lightweight Procedure CallsKernel-mode RPCNew TCP/IP stack (integrated IPv4 and IPv6)●●Remove a context switch from I/O Completion PortsI/O cancellation improvementsMemory management●Address space randomization (DLLs, stacks)

Windows Vista KernelChangesMany improvements in a era with slow machines(Intel Core Duo / Core 2 Duo was very expensise)Modern software in old machines = noresponsivenessOther mistakes, sure...,but it’s an evolution

Windows 7 KernelFirst general “public” revision of Windows KernelImprovements on performance (big mistake inVista); What matters is responsiveness !Kernel Dispacher Lock was replaced by “morecomplex symbolic system of semantics that letsthreads execute in a more parallel, efficientfashion".Previous Windows Kernel don’t understand thenew global reality: Multi Core

Windows 7 KernelCurrent Windows Kernel systems have a globaldispatcher lock which essentially stop all cores toprevent objects from being accessed by morethan one core.Windows 7/2008 Server will use processor groupswhere threads will be assigned to groups ofcores.Windows 7 / 2008 can use 256 cores

00000000 00000000 00000000 00000111 =thread can be distributed across the first threeprocessorsWindows 7 Kernel00000000 00000000 00000000 00000000 =thread can run on all processors (affinity isbasically off)00000000 00000000 00000000 00000001 =thread runs only on the first processor00000000 00000000 00000000 00000010 =thread runs only on the second processor00000000 00000000 00000000 00000100 =thread runs only on the third processor

Windows 7 Kernel ChangesMinWin●●●Change how Windows is builtLots of DLL refactoringAPI Sets (virtual DLLs)Working-set management●●SecurityRunaway processes quickly start reusing ownpagesBreak up kernel working-set into multipleworking-sets– System cache, paged pool, pageable systemcode●Better UAC, new account types, less BitLockerblockers

MinWinMinWin is first step at creating architecturalpartitionsCan be built, booted and tested separately from therest of the systemHigher layers can evolve independentlyAn engineering process improvement, not amicrokernel NT!MinWin was defined as set of componentsrequired to boot and access network

Kernel FutureMany-core challengeNew driving force in software innovation:– Amdahl’s Law (1) overtakes Moore’s Law ashigh-order bitHeterogeneous cores?OS ScalabilityLoosely –coupled OS: mem + cpu + services?Energy efficiencyShrink-wrap and Freeze-dry applications?Hypervisor/Kernel/Runtime relationshipsMove kernel scheduling (cpu/memory) into runtimes?

Thank you Weber Resswww.WeberRess.com@WeberRess