How Long Will Apple Keep the MACH Microkernel?
The subject of kernels is normally both too technical, and too boring, for your average user. However I feel that in light of recent events this issue should be examined. So, to help everyone out, I am going to try and explain (briefly) what the big fuss is all about and why you should care. First though, we need to start with some definitions.
What is a kernel?
The easy answer is a kernel is the core of any operating system. DOS, Windows, UNIX, OS X and Linux all have some type of kernel. The implementations change but the basic concept remains the same. A kernel interfaces directly with the system’s hardware and is the lowest level of software. There are two types of kernels, micro-kernels and monolithic-kernels.
What is the difference between a micro and monolithic kernel?
There are two main schools of thought on the issue of which type of kernel is “best”. The first group (to which Apple belongs) advocates a micro-kernel system. The second (to which Unix and Linux belong) favor monolithic-kernels. These differing approaches can be likened to two different kings in two different cities.
The first king is very reclusive and sits in a small castle with high walls and a few top advisors. The king tells the advisors what to do and they go outside of the small (but well defended) castle and issue orders to the knights, merchants and common-folk. The king never leaves his castle and since only his most trusted advisors are allowed in the king is very safe from attack. However, because each advisor has to pass through several guard points (with a full cavity search at each stop) it can sometimes take a little while before the king’s orders can go out or news can come in.
The second king is much different. He doesn’t really live in a castle so much as it is a large mansion with beautiful grounds. Strongly defended walls encompass the entire city instead of just the castle. This makes the king and the populace very secure from outside attacks. And since this king is very friendly he goes throughout his city meeting and talking with all of his subjects. Any command he, or his many trusted aides, give are instantly obeyed. This makes his city very efficient. However, should any enemy agents manage to penetrate the outer walls, then they can quite easily assassinate the beloved king. In which case order breaks down and the entire city riots.
Which should be used?
A micro-kernel is highly portable, easily scalable and very secure. This security comes at the price of speed though. The monolithic kernel isn’t as secure, but is always faster. Micro-kernels tend to be slower (from 50% in the worst case to only 10% in the best case) than the more integrated monolithic kernel. So, it ultimately comes down to which is more important, security and stability, or speed?
Why should I care?
As I mentioned previously, Apple currently uses the Mach micro-kernel. This is a result of Jobs turning NextStep into OS X and in the process keeping what was under the hood. However a big proponent of the Mach kernel, Avie Tevanian, is no longer with Apple. As a result Apple might switch to the same monolithic kernel that most Linux distros use. This would be a tremendous change in the way OS X operates. If Apple does make the switch then they will enjoy a nice boost in speed. It is possible that when 10.6 or 10.7 comes around then Jobs will announce the change. I don’t think they would have enough time to squeeze it into 10.5, but I could be wrong. That would be just like Jobs to announce a kernel change along with a new chip from Intel that would drastically boost OS X’s speed. It could happen sooner than we think.
Comments
Nice article. Complete lack of research however.
xnu is not a microkernel, hence the entire premise of this article is wrong…with respect to its subject, the MacOS X kernel.
-K
Nice comment. Semi-complete lack of research however.
OS X is built on XNU. XNU, a hybrid kernel, is built on top of Mach (a micro-kernel) along with the FreeBSD 5 kernel (a monolithic-kernel). However to remove server bottle necks Apple could ditch this hybrid approach and go with a straight monolithic approach.
-J
Going with the monolithic kernel could make OS X easier to hack, which would be very bad news given how the competition with Windows is heating up. Any perceived weakness will be exploited by Microsoft (black ops or not) if their market share becomes threatened.
J,
Wikipedia is *hardly* authoritative in this regard
It uses mach message passing techniques for the hardware extraction (mostly for historical reasons), but is in fact built and run monolithic; the userspace “servers” of a true mach system that add the extra level of abstraction do not exist in OSX/xnu.
xnu is more like “FreeBSD kernel with mach process/message passing semantics” and is certainly not a microkernel, such as the OSF kernel or the HURD kernel
So yeah, let’s go with semi-complete
-K
MacOSX comes in two ‘flavors’: for common users and for servers. The servers have the same technological design as the regular version, but seemed to be ‘tuned’ differently (insert car-engine analogy here).
Speed might be more important for servers and these are often in the hands of people with more in-depth knowlegde about the inner workings of the machines (and thus about security issues). Perhaps monolithic kernels become an option or a feature in servers before the regular version makes the same switch.
With the references to Avie Tevanian, I wonder what causes what: Avie leaving causes a move or the desire for the move causes Avie to leave? It there is a move at all.
I woudn’t be supprised if it turned out internally Apple is having OSX running on top of various distro’s (they ran on different processors for some time, too, remember?). Wasn’t the choise for FreeBSD because of licensing?
We’ll see. I for one am mostly interested in the MacOSX user experience. A lot of ‘speed’ comes from this UI, anyway.
There is another issue, although a bit off-topic: plug&play;.
A lot of hardware, things connected through USB, need their own driver. The reason is that a device tells the OS what it is, such as
- humaninterface device/keyboard or
- capture device/camera or
- sound device/combo (e.g. a headset specifying both an input and an output part)
and for most of the categories will the OS have a standard driver.
However, a lot of devices simply say
- vendor-specific/vendor-specific
and this is when the OS can only access the device when it has it’s own driver.
Why is this important? Well, creating a driver is complex and if a vendor isn’t capable of following specifications for a certain category, why would he be able to follow specification on how to create a driver?
A driver has a lot of privileges to access part of the hardware or run at times that the OS is less protected and this makes it a target for attacks: if a hacker knows the vulnerabilities of a popular devices’ driver it can use this knowlegde for attacking a machine.
Needless to say: I have little trust in devices that come with their own drivers, but if I do need them, I’d rather have a kernel that is more protective. Otherwise the speed would help malware more then it does help me.
(The fact that someone is paranoid, does not mean that this person has no enemies)
As others have pointed out, Xnu, which is MacOS X’s kernel, is not a micro-kernel today. However, it uses Mach as its process and memory system, so suffers from the slowdown of a microkernel. On the other hand, it puts the entirety of BSD in kernel space, so suffers from all the monolithic kernel’s security and stability problems. In short, the kernel of MacOS X is currently one of its weakest, most problematic aspects, and going in either direction would probably be vastly preferable to where we are now (which is to say, a kernel that lags far behind everyone else in performance while offering no perceivable benefits in exchange.)
I like MacOS X a lot, but the kernel is not a shining example of its good design.
About the only thing I know about the OS X kernel is that it is the Mach kernel (but apparently I’m even mistaken on that). My questions:
“Going with the monolithic kernel could make OS X easier to hack, which would be very bad news given how the competition with Windows is heating up. Any perceived weakness will be exploited by Microsoft (black ops or not) if their market share becomes threatened.”
How so? And why would Microsoft hack it themselves, aren’t they making money off Mac users? Besides, would there be a security flaw large enough to make any of us switch to Windows?
“A driver has a lot of privileges to access part of the hardware or run at times that the OS is less protected and this makes it a target for attacks: if a hacker knows the vulnerabilities of a popular devices’ driver it can use this knowlegde for attacking a machine.”
So is the monolithic kernal archictechture inherently different enough that device drivers pose a serious security problem?
Finally, is there any way to test speed and stability in different kernel types without rebuilding OS X with another kernel?
I’m just wondering how much of OS X’s security is reliant on the kernel (or, more specifically, which type of kernel they use) and how much of it is built into the rest of the operating system.
Microkernels offer more than just a speed/security tradeoff.
In the monolithic kingdom, everyone deals with the king directly, so everyone has to obey the king’s law. And since the king does have to deal with everyone, his laws have to be of the ‘one size fits all with (hopefully) minimal inconvenience’ variety.
The microkernel kingdom, OTOH, has ‘castle law’ and ‘local law’. Castle law sets the rules for how the ministers interact with the king. It only exists inside the castle, and the people are free to ignore it. Local law sets the rules for how the people interact with the ministers. That only exists outside the castle, and the king is free to ignore it.
This arrangement makes each minister a translator between Local law and Castle law. It gives the ministers enough power to divide the country up into states, each with its own body of law.
Now, it’s true that having to translate from Local law to Castle law and back again seems like a waste of effort if you only have one minister/state in the kingdom, but it starts to look pretty good if you want to diversify.
In practical terms, the minister/states are operating systems. A microkernel can run several different operating systems at the same time, just the way a modern operating system can run several different programs at the same time.
The buzzword for this is ‘virtualization’.
With a microkernel, even a semi-monolithic one like OS X’s, it’s fairly easy to set things up so you can run OS X, Windows, and Linux all at the same time, with complete integration for things like cut-and-paste from one operating system to another.
A Windows program will use the standard Windows ‘cut’ rules, but then Windows itself will use the microkernel’s rules to send that data ‘inside the castle’. Then an OS X program can use the OS X ‘paste’ rules, and OS X will pull the information ‘out of the castle’. Niether the Windows program nor the OS X program need to know or care that the data passed from one operating system to another, and it only takes a relatively small amount of tweaking at the OS level to make it all work.
Think ‘Classic’ or ‘X-windows environment’.
Better still, if Gnome, KDE, or anyone else wants to join the party, they only need to learn how to talk to the microkernel, and they automatically get full integration with every other OS on the machine.
That flexibility more than outweighs the loss of speed from microkernel overhead, especially when you consider how much time the CPU spends sitting idle as it waits for the user to press the next key.
There’s another item that was not properly researched before writing this article: the Linux kernel’s license.
The Linux kernel is licensed under the terms of the GNU General Public License, which explicitly forbids directly linking GPL-licensed code with non-free code.
Apple simply cannot use the Linux kernel for Mac OS X because there is no way any proprietary code (think drivers and kernel extensions) can be loaded by the kernel. This applies not only to third-party drivers and extensions, but to Apple’s also.
Legal issues aside, it would be a tremendous amount of work for Apple to yank out XNU and insert the Linux kernel in its place. I would think that that time would be better spent working on performance improvements for XNU, which really is not very slow anyways. Not slow enough to warrant a switch to the Linux kernel, at the least.
Lovely post. Keep up the great work
I just wanted to point out something those of you attending WWDC will see.
Apple is going to change it’s kernel or at least the layer that interacts with the hardware. It’s going to be a version of Xen. Apple’s move is because of it’s plan to take advantage of virtualization built into the intel chipset. There is big changes coming to 10.5, and they are really, really good.