Architecture Support for Operating System Survivability and Efficient Bulk Memory Copying and Initialization

Abstract

Operating System (OS) is the fundamental layer that provides and mediates accesses to a computer system’s resources for user application programs. The ever increasing size and complexity of the OS code bring the inevitable increase in the number of security vulnerabilities that can be exploited by attackers. A successful security attack on the OS has a profound impact because the OS runs at the highest processor privilege level. An OS kernel crash can freeze the entire system, terminate all running processes, and cause a long period of system unavailability. Given the increasing trend of OS security faults and the dire consequences of successful OS kernel attacks, we strive to make the OS kernel survivable, i.e. able to keep normal system operation despite security faults.

This works makes several contributions. First, we propose an OS survivability scheme that consists of three inseparable components: (1) Security attack detection mechanism, (2) security fault isolation mechanism, and (3) recovery mechanism that resumes normal system operation. We analyze the underlying performance requirement for each of the components and propose simple but carefully-designed architecture support to reduce the performance overhead. When testing with real world security attacks, our survivability scheme automatically isolates the security faults from corrupting the kernel state or affecting other executing processes, recovers the kernel state and resumes execution.

Second, in order to overcome the performance overhead incurred by the checkpointing- based recovery mechanism that extensively uses bulk memory copying and initialization operations, we propose efficient architecture support for improving bulk memory copying and initialization performance. While many of the current systems rely on a loop of loads and stores, or use a single copying instruction to perform memory copying, in this work we demonstrate that the key to significantly improving the performance is removing pipeline and cache bottlenecks of the code that follows the copying instructions. We show that the bottlenecks arise due to (1) the pipeline clogged by the copying instruction, (2) lengthened critical path due to dependent instructions stalling while waiting for the copying to complete, and (3) the inability to specify (separately) the cacheability of the source and destination regions. We propose FastBCI, an architecture support that achieves the granularity efficiency of a bulk copying/initialization instruction, but without its pipeline and cache bottlenecks. When applied to OS kernel buffer management, we show that on average FastBCI achieves anywhere between 23% to 32% speedup ratios, which is roughly 3×–4× of an alternative scheme, and 1.5×–2× of a highly optimistic DMA; When applied to our OS survivability scheme, we show that an average of 1.0% performance overhead can be achieved by our survivability scheme.