

### **Microkernel Construction** I.4 – IPC Functionality & Interface

Lecture Summer Term 2017 Wednesday 15:45-17:15 R 131, 50.34 (INFO)

#### Jens Kehne | Marius Hillenbrand Operating Systems Group, Department of Computer Science





### **IPC Primitives**



# Send to

(a specified thread)

## Receive from

(a specified thread)

## Receive

(from any thread)

# Two threads communicate

- No interference from other threads
- Other threads block until it's their turn
- Problem
  - How to communicate with a thread unknown a priori

(e.g., a server's clients)

### **IPC Primitives**



# Send to

(a specified thread)

### Receive from

(a specified thread)

## Receive

(from any thread)

# Call

(send to, receive from specified thread)

# Send to & Receive (from)

(send to, receive from any/specified thread)

### Scenario

- A client thread sends a message to a server expecting a response
- The server replies expecting the client thread to be ready to receive

### Problem

The client might be preempted between the send to and receive from

### **IPC Primitives**



# Send to

(a specified thread)

# Receive from

(a specified thread)

# Receive

(from any thread)

# Call

(send to, receive from specified thread)

# Send to & Receive (from)

(send to, receive from any/specified thread)

# Send async to

(a specified thread)

# Scenario

- Thread A wants to notify thread B of an event (e.g., interrupt)
- Thread B does not need to process the event right away
- Problem
  - With synchronous IPC, thread A has to block until thread B is ready



### **Message Types**

# Registers

- Short messages, avoid memory during IPC
- Guaranteed to avoid user-level page faults during IPC

# Strings (optional)

- In-memory messages copied from sender to receiver
- May incur user-level page faults during copy operation

# Mappings (optional)

- Messages that map pages from sender to receiver
- Can map other resources too (e.g., capabilities)



# Operations

- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Send async

- Message Types
  - Registers
  - Strings
  - Mappings

### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender endpoint

### **Ideally Encoded in Registers**



Parameters in registers whenever possible
 Make frequent operations simple and fast





### Send and Receive Encoding

O (Nil ID) is a reserved thread ID
 Define -1 as a wildcard thread ID



Why Use a Single Call Instead of Many?



- The implementation of the individual send and receive is very similar to the combined send and receive
  - We can use the same code
    - We reduce cache footprint of the code
    - We make applications more likely to be in cache
- L4 only implements combined "send to A and receive from B" syscall
  - A may but need not be equal to B
  - A or B may be 0 to avoid a send or receive phase
    - A == B == 0 is just a costly no-operation

### **IPC endpoints**



- How do we specify the destination of an IPC message?Idea 1: Use thread ID
- Problem: Must specify exactly one receiver



11





### Idea 2: Decouple IPC endpoints from threads





### **IPC** gates

13

17.05.2017



### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- IPC syscall Receive string size for each string
  - Send timeout
  - Receive timeout
  - Send xfer timeout
  - Receive xfer timeout
  - IPC result code
  - Sender endpoint

#### **Message Transfer**



# Assume that 64 extra registers are available

- **Name them MR\_0 \dots MR\_{63} (message register 0 ... 63)**
- Only used message registers are transferred during IPC (see MR<sub>0</sub>)

### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender endpoint

#### **Message Construction**



- Messages are stored in registers (MR<sub>0</sub>... MR<sub>63</sub>)
- First register (MR<sub>0</sub>) acts as message tag
- Subsequent registers contain
  - Untyped words (u)
  - Typed words (t) (e.g., map item, string item)



#### **Message Construction**



- Messages are stored in registers (MR<sub>0</sub>... MR<sub>63</sub>)
- First register (MR<sub>0</sub>) acts as message tag
- Subsequent registers contain
  - Untyped words (u)
  - Typed words (t) (e.g., map item, string item)



Message

### **Message Construction**



- Typed items occupy one or more words
- Four common item types
  - Map item (2 words)
  - Grant item (2 words)
  - String item (2+ words)
  - Capability (2 words)
- Typed items can have arbitrary order



#### **Map and Grant Items**





### **String Items**



Up to 4 MB (per string)

- Compound strings supported
  - Allows scatter-gather
- Incorporates cacheability hints
  - Reduce cache pollution for long copy operations



### **String Items**





### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender endpoint

### **String Reception**



# Assume that 34 extra registers are available

- **Name them**  $BR_0 \dots BR_{33}$  (buffer register 0 ... 33)
- Buffer registers specify
  - Receive strings
  - Receive window for mappings



#### **Receiving Messages**

- Receiver buffers are specified in registers (BR<sub>0</sub> ... BR<sub>33</sub>)
- First BR (BR<sub>0</sub>) contains "Acceptor"
  - May specify receive window (if not nil-fpage)
  - May indicate presence of receive strings/buffers (if s-bit set)

Acceptor 000s BR<sub>0</sub>

#### **Receiving Messages**





### **Receiving asynchronous messages**



- Kernel must buffer asynchronous messages
- Assume that 1 extra register is available
- Limit message payload to 1 register (MR<sub>1</sub>)
  ORed to receive register
- Two ways to receive:
  - Synchronously (block on specific bit mask)
  - Asynchronously (read register)

### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender endpoint



### Problem

### How to we deal with threads that are

- Uncooperative
- Malfunctioning
- Malicious?

How to prevent an IPC operation from never completing?



### Timeouts (v2, vX.0)

snd timeout, rcv timeout



# Timeouts (v2, vX.0)

- snd timeout, rcv timeout
- snd-pf
  - specified by sender

### Attack through receiver's pager





## Timeouts (v2, vX.0)

- snd timeout, rcv timeout
- snd-pf / rcv-pf
  - specified by receiver

### Attack through sender's pager





# Timeouts (vX.2, v4)

snd timeout, rcv timeout, xfer timeout snd, xfer timeout rcv



#### (specified by the partner thread)

### **Timeout Issues**



- What timeout values are typical or necessary?
- How do we encode timeouts to minimize space needed to specify all four values?

 $m_{(10)}$ 

e(5)

# Timeout values

- $\infty$  (infinite)
  - Client waiting for a (trusted) server
- 0 (zero)
  - Server responding to a client
  - Polling
  - Specific time
    - 🗖 🗖 1 us 610 h (log)

2<sup>e</sup>m µs

#### **Timeout Issues**





### Timeouts



Send and receive timeouts are the important ones

- Xfer timeouts only needed during string transfer
- Store xfer timeouts in predefined memory location



### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination endpoint
- Source endpoint
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender endpoint

### **IPC Result**



Error conditions are exceptional



- Not common case
- No need to optimize for error handling
- Bit in received message tag indicates error
  - Fast check
- Exact error code store in predefined memory location

#### 17.05.2017

39

### **Thread ID as sender endpoint**

Sender's thread ID stored in register

#### **Sender Registers**

| EAX | destination       |
|-----|-------------------|
| ECX | snd/rcv timeouts  |
| EDX | receive specifier |
| EBX |                   |
| EBP |                   |
| ESI |                   |
| EDI |                   |

#### **Receiver Registers**





#### Capability as sender endpoint





Operating Systems Group Department of Computer Science

### **IPC Parameters**



- Send to
- Receive from
- Receive
- Call
- Send to & Receive
- Send to & Receive from
- Destination thread ID
- Source thread ID
- Send registers
- Receive registers
- Number of map pages
- Page range for each map page
- Number of send strings
- Send string start for each string
- Send string size for each string

- Receive window for mappings
- Number of receive strings
- Receive string start for each string
- Receive string size for each string
- Send timeout
- Receive timeout
- Send xfer timeout
- Receive xfer timeout
- IPC result code
- Sender thread ID

### **Virtual Registers**



- What about message and buffer registers?
  - Most architectures do not have 64+34 spare registers

What about predefined memory locations?
 Must be thread local



### What are Virtual Registers?

- Virtual registers are backed by either
  - Physical registers, or
  - Non-pageable memory
- UTCBs hold the memory backed registers
  - UTCBs are known in user and kernel space
  - UTCBs are thread local
  - UTCBs cannot be paged
    - No page faults
    - Registers always accessible



Operating Systems Group

**Physical Registers** 

kernel during context switch

Department of Computer Science

#### **Operating Systems Group Department of Computer Science**

#### Jens Kehne, Marius Hillenbrand - Microkernel Construction, SS 2017

snd/rcv timeouts ECX receive specifier EDX **MR**₁ EBX MR<sub>2</sub> EBP MR<sub>0</sub> FSI **UTCB** EDI

Sender Registers

destination

EAX

45

17.05.2017

**Receiver Registers** 

from

**MR**₁

MR<sub>2</sub>

**MR**<sub>0</sub>

**UTCB** 



#### Message Registers and UTCB



### **Free Up Registers for Temporary Values**



Kernel needs registers for temporary values
 MR<sub>0</sub>, MR<sub>1</sub> and MR<sub>2</sub> are the only values that the kernel may not need

#### **Sender Registers**



#### Receiver Registers



### **Free Up Registers for Temporary Values**



- Sysexit instruction requires
  - ECX = user IP
  - EDX = user SP

#### **Sender Registers**

| EAX | destination       |
|-----|-------------------|
| ECX | snd/rcv timeouts  |
| EDX | receive specifier |
| EBX | MR <sub>1</sub>   |
| EBP | MR <sub>2</sub>   |
| ESI | MR <sub>0</sub>   |
| EDI | UTCB              |
|     |                   |

#### **Receiver Registers**



## **IPC Register Encoding**



Parameters in registers whenever possible
 Make frequent operations simple and fast







# Karlsruhe Institute of Technology

# Summary

- IPC has many parameters
  - Operation (send, receive, combinations)
  - Communication partners
  - Actual message to transfer
- IPC Timeouts required
  - Handle malfunctioning / uncooperative threads
  - Encode as short as possible
- Compact encoding of IPC operation
  - Send and receive specifier
  - Nilthread == no operation

Operating Systems Group Department of Computer Science

# Summary (2)



Message construction in virtual Message Registers

- Untyped words
- String items / compound Strings
- Map/Grant items
- Encoding virtual registers
  - Backed by memory in UTCB
  - In physical registers whenever possible
- Receive Buffers in virtual Buffer Registers
  - Acceptor
  - Receive Strings