hurd-l4/doc introduction.tex Makefile.am

commit-hurd
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
hurd-l4/doc introduction.tex Makefile.am

From:	Neal H. Walfield
Subject:	hurd-l4/doc introduction.tex Makefile.am
Date:	Sun, 07 Sep 2003 20:46:01 -0400
CVSROOT:        /cvsroot/hurd
Module name:    hurd-l4
Branch:         
Changes by:     Neal H. Walfield <address@hidden>       03/09/07 20:46:01

Modified files:
        doc            : introduction.tex Makefile.am 

Log message:
        Rework introduction.  Fix Makefile.am after last change (remove
        authorization.tex from list of dependencies).

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/hurd/hurd-l4/doc/introduction.tex.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/hurd/hurd-l4/doc/Makefile.am.diff?tr1=1.1&tr2=1.2&r1=text&r2=text

Patches:
Index: hurd-l4/doc/Makefile.am
diff -u hurd-l4/doc/Makefile.am:1.1 hurd-l4/doc/Makefile.am:1.2
--- hurd-l4/doc/Makefile.am:1.1 Sun Sep  7 17:49:30 2003
+++ hurd-l4/doc/Makefile.am     Sun Sep  7 20:46:01 2003
@@ -28,7 +28,6 @@
        ipc.tex \
        threads-tasks.tex \
        vmm.tex \
-       authentication.tex \
        posix.tex \
        debugging.tex \
        device-drivers.tex
Index: hurd-l4/doc/introduction.tex
diff -u hurd-l4/doc/introduction.tex:1.1 hurd-l4/doc/introduction.tex:1.2
--- hurd-l4/doc/introduction.tex:1.1    Sun Sep  7 17:49:29 2003
+++ hurd-l4/doc/introduction.tex        Sun Sep  7 20:46:01 2003
@@ -1,38 +1,90 @@
 \chapter{Introduction}
 
-The GNU Hurd is a multi-server operating system running on top of a
-microkernel (currently Mach variants).  The core motivation of the
-Hurd is the following:
+\section{Genesis}
+
+The GNU Hurd is a multi-user, time sharing, general purpose, network
+operating system.  The Hurd's existence is motivated by perceived
+design flaws in Unix and other operating systems: either the system is
+overly restrictive and does not allow the user to perform interesting
+operations without the intervention of the administrator (e.g. mount
+file systems) or the security policy is overly lax and users can harm
+each other and the system.  The Hurd emphasizes flexibility and
+security.  The fundamental philosophy is:
 
 \begin{quote}
-  \emph{The operating system should enable its users to share the
-    resources of the system without harming each other.}
+  \emph{The operating system should empower users while maintaining
+  strict system security.}
 \end{quote}
 
-The focus is on the user, the system should try to allow the user to
-do anything that is not harmful for other users.  Many operating
-systems either restrict what the user can do to be more secure, while
-others allow the user to do everything, but fail on protecting the
-users from each other effectively.
-
-The Hurd is designed to minimize the system code that the user is
-required to use, while allowing the user to use, ignore or replace the
-remaining system code, and this without harming other users.
+\noindent
+Speed, although very important, is secondary to correctness and
+security.  We have however reason to believe that we have identified
+important areas where the Hurd, due to its design, will not only be
+able to compete with traditional systems, but outperform them.
+
+In order to achieve this goal, a multi-server architecture has been
+embraced.  The initial prototype on the Hurd runs on a derivative of
+the Mach microkernel developed at Carnegie Mellon University in the
+1980s and early 1990s.  With this implementation, an authentication
+scheme similar to Kerberos was explored which separates the user
+identity from the process thereby allowing tasks to identify
+themselves not by an inherent attribute but using unforgeable identity
+tokens.  User space file systems and a user space virtual file system,
+VFS, allowed users to mount their own file systems including NFS and
+to create their own special file systems such as ftpfs without needing
+special permissions on the system and without harming other users.
+This was based on the observation that the only reason that users are
+not permitted to mount file systems in Unix is that it involves
+twiddling kernel data structures: with the VFS outside of the kernel,
+this was no longer an impedance.
+
+During this implementation, much was learned including: Mach did not
+remove enough policy from the kernel and as a result, its mechanisms
+were still too heavy-weight.  Mach moves what has now become POSIX
+from the Unix kernel into user space and only provides IPC, a
+scheduler, memory management and device drivers.  This design leaves
+the resource allocation and management schemes in the kernel while the
+resource utilization was moved completely into user space (e.g. file
+systems).  This made important information about resource utilization
+inaccessible to the allocation mechanisms and thus made smart
+implementations of resource managers extremely difficult and far less
+intelligent than their monolithic kernel counterparts.  In keeping
+with the Hurd philosophy of empowering the user, it was observed that
+many applications could profit if they could control how the resources
+they are using are managed, e.g. which pages are evicted when there is
+memory pressure.  This is not only an improvement over the Mach
+scheme, but also over a traditional Unix-like design: applications not
+only know how a resource is being used but also what its contents are.
+Unix knows how a frame of memory is allocated, e.g. to the block
+cache, but it does not know what its contents are nor the classes of
+data and the type of expected usage patterns of the data types
+contained therein.  This scheme should permit an application to make
+far more intelligent decisions than are possible with the superficial
+knowledge than a monolithic kernel has.
+
+The L4 microkernel makes implementing this philosophy possible: it
+aims to absolutely minimize the amount of policy in the microkernel
+while providing powerful \emph{foundational} mechanisms for
+inter-process communication, memory movement (mapping and granting of
+pages via address space manipulation) and task and thread creation and
+manipulation.
 
-So while the L4 microkernel tries to minimize the policy that the
+Thus, while the L4 microkernel tries to minimize the policy that the
 kernel enforces on the software running on it, the Hurd tries to
 minimize the policy that the operating system enforces on its users.
-Furthermore, the Hurd also aims to provide a POSIX compatible general
-purpose operating system.  However, this POSIX personality of the Hurd
-is provided for convenience only, and to make the Hurd useful.  Other
-personalities can be implemented and used by the users of the system
-along with the POSIX personality.  This default personality of the
-Hurd also provides some convenient features that allow the user to
-extend the system so that all POSIX compatible programs can take
-advantage of it.
-
-These notes are a moving target in the effort to find the best
-strategy to port the Hurd to the L4 microkernel.
+The Hurd also aims to provide a POSIX conformant, general purpose
+layer.  This POSIX personality of the Hurd, however, is provided for
+convenience only and to make the Hurd useful: many applications target
+a subset of POSIX.  Other personalities can be implemented and used in
+parallel.  This default personality of the Hurd is not sandboxed: it
+provides convenient features that allow the user to extend the system
+so that all POSIX compatible programs can take advantage of them.
+
+\section{Work In Progress}
+
+This manual is less a manual than a series of notes about the effort
+to document the current strategy to port the Hurd to the L4
+microkernel.
 
 \begin{comment}
   Remarks about the history of a certain feature and implementation
@@ -40,5 +92,30 @@
   just like this paragraph.  Because this is work in progress, there
   are naturally a lot of such comments.
 \end{comment}
+
+The port to L4 was set into action in the summer of 2002 when Neal
+H. Walfield went to the Universit\"at of Karlsruhe.  During that time,
+he worked with the L4 group and designed a basic IPC, Task and Thread
+API as well as doing extensive design work on the virtual memory
+manager.  He was aided greatly by discussions with Marcus Brinkmann,
+Uwe Dannowski, Kevin Elphinstone, Andreas Haeberlen, Wolfgang
+J\"ahrling, Joshua LeVasseur, Espen Skoglund, Volkmar Uhlig and Marcus
+V\"olp.
+
+A public release of L4 was made in May of 2003.  It was soon after
+this that Marcus Brinkmann began overhauling the proposed IPC system
+and identifying important flaws and scenarios that had been originally
+overlooked.  He also revised the fork and exec strategy and began
+extensive work on the rest of the system.
+
+Peter De Schrijver and Daniel Wagner started to design the device
+driver framework.
+
+Niels M\"uller was the first one to realize that the exec server can
+be eliminated and gave helpful input on several aspects of the task
+server and IPC design.
+
+During this process valuable input and discussion has come from many
+different corners including:
[Prev in Thread]
Current Thread
[Next in Thread]
hurd-l4/doc introduction.tex Makefile.am, Neal H. Walfield <=
Prev by Date: hurd-l4 ./README ./configure.ac ./Makefile.am w...
Next by Date: hurd-l4/laden ia32-cmain.c laden.c laden.h load...
Previous by thread: hurd-l4 ./README ./configure.ac ./Makefile.am w...
Next by thread: hurd-l4/laden ia32-cmain.c laden.c laden.h load...
Index(es):
- Date
- Thread