The Project

The LibrettOS project is exploring the design of operating systems at the intersection of three problem spaces: isolating core kernel components including device drivers and other subsystems for localization of security exploits and faults; bypassing system call and other layers for direct access to I/O devices for high performance; and supporting POSIX-compliant applications and legacy device drivers. While each of these spaces has been the subject of intensive focus in the OS literature, their intersection is relatively less studied and their practical value is often overlooked. For example, microkernel and multiserver OSes provide excellent isolation, but high performance often requires kernel bypass and exclusive access to device resources. Library OSes and kernel-bypass libraries such as DPDK and SPDK enable direct device access, but usually require specialized APIs and significant engineering effort for legacy applications.

Multiple OS models and dynamic switching

Multiple OS models coexisting in the same OS have a value proposition: applications can switch between different models, at run-time, for more effective resource utilization. This is particularly significant when using limited resources – e.g., modern 10 GbE Ethernet NICs often have limited SR-IOV interfaces. Thus, at low I/O loads, a multiserver OS model for device access can be performant; when I/O load increases, however, the library OS model may become necessary for desired performance.

Realization with rump kernels and Xen

Developing new, as well as continuously maintaining a large collection of device drivers is the key OS engineering effort in many production-use OSes.  Since code development in userspace is easier than that in kernelspace, device driver development in userspace can reduce OS engineering costs. This vision is realized in the concept of rump kernels, which enables NetBSD’s device drivers to run out-of-the-box in userspace. The LibrettOS project leverages rump kernels for its library OS and multiserver models, which enable NetBSD’s large suite of device drivers  (e.g., 10GbE, NVMe) to be immediately used in userland, with no specialized APIs. The project has added SMP support to rumprun and uses Xen as the underlying hypervisor in HVM mode for server isolation. The project has developed a network server that enables indirect network access, while also localizing potential security exploits and failures (to the server). TCP/IP stack instances run directly inside application address spaces.

LibrettOS’s design principles are general and can be realized in other hypervisor and device driver settings.