Information Technology Reference
In-Depth Information
drivers enabled (
Linux-SD
). Figure 8 shows the
performance of Linux-SD relative to Linux-Native
either in wall clock time or throughput, depending
on the benchmark. Figure 9 shows CPU utilization
measured during benchmark execution (which
is only accurate to a few percent). These figures
show that Nooks achieves 97% and 100% of the
performance of native Linux for these tests.
The primary performance difference is in the
CPU utilization of the benchmarks. As the isola-
tion services are primarily imposed at the point
of the XPC, the rate of XPCs offers a telling
performance indicator. Thus, the benchmarks fall
into two broad categories characterized by the rate
of XPCs: low frequency (a hundred to thousands
XPCs per second), and high frequency (tens of
thousands of XPCs per second).
The sound and storage driver benchmarks
exhibit low XPC rates; between 300 and 1000 per
second. At this low rate, the additional CPU utili-
zation is negligible. For the many low-bandwidth
devices in a system, such as keyboards, mice,
Bluetooth devices, modems, and sound cards,
Nooks offers improved reliability with almost no
performance cost.
The network send and receive benchmarks are
examples of high XPC-frequency applications.
Network receive performance was measured with
the
netperf
performance tool, where the receiving
node used an isolated Ethernet driver to receive
a stream of 32KB TCP messages using a 256KB
buffer. The machine is bandwidth, not CPU lim-
ited, and hence there is no reduction in throughput.
However, overall CPU utilization increase of 7
percentage points for receiving packets and 29
percentage points for sending packets.
The added cost comes from two factors: execut-
ing more code, to implement Nooks isolation, and
executing existing code more slowly.A single XPC
may take thousands of cycles, because it must copy
data between the kernel and the driver as well as
change the page table. This causes both kernel and
driver code to execute more slowly, because the
x86 architecture must flush the TLB after the page
table changes, leading to subsequent TLB misses.
In addition, the additional code and data copying
puts pressure on the processor caches, leading to
more misses and lower performance.
Performance Summary
This section used a small set of benchmarks to
quantify the performance cost of Nooks. Nooks
imposed a performance penalty of less than
3%, although CPU utilization doubled for some
workloads. The rate of XPCs is a key factor in
the performance impact, as XPCs impose a high
burden, due to cost of flushing the x86 TLB in the
current implementation. The performance costs
of Nooks' isolation services depend as well on
the CPU utilization imposed by the workload. If
the CPU is saturated, the additional cost can be
significant, because there is no spare capacity to
absorb Nooks overhead.
Summary of Nooks and
Shadow Drivers
Overall, Nooks provides a substantial reliability
improvement at low cost for common drivers.
The results demonstrate that: (1) the performance
overhead of Nooks during normal operation is
small for many drivers and moderate for other
extensions, (2) applications and the OS survived
driver failures that otherwise would have caused
the OS, application, or both to fail. Overall, Nooks
and shadow drivers prevented 99% of system
crashes, with an average performance cost of
1% for drivers.
driVer fault tolerance
in commercial SyStemS
While Nooks remains a research project, several
commercial operating systems provide run-time
mechanisms to isolate the kernel from driver
failures. These mechanisms can be categorized
into two major categories: user-mode drivers to
Search WWH ::
Custom Search