24C3: Inside the Mac OS X Kernel

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

debunking Mac OS myths because there are quite a few buzzwords associated with Mac OS 10 that are not or not intell like is it Unix or Mark or whatever like for example Paul theod writes on the Mac this kernel is called Mark and it's based on Rock Solid Unix technology well let's talk about that and a company named Apple states with its stable open source core based on free BSD 5 it is stable right and yet another Apple quote Unix based the question is if it is UNIX why haven't they been sued by the by the SEO Mr jobs must know better right he says leopard is 64bit top to bottom I guess it all depends on how you define bottom and this is my favorite obsolete micral Dooms Mac OS 10 to lag Linux imp performance this article goes into length pointing out why micr kernels are inherently slower micr kernel micr krel well so far with the bus wordss to clarify them we'll first have a brief look at the history of the operating system in 1984 Apple introduced Macintosh it it ran on a machine with 128k of Ram uh 68k CPU and it ran off floppies and it did not support multitasking 10 years later later System 7 was now running on power PC and it finally supported multitasking but it was not really powerpc native because large chunks were still emulated 68k code and multitasking has only been redit and it was only Cooperative so there was still no memory protection from an architectural perspective System 7 couldn't even keep up with Windows 95 the same year Apple decided to do it like Microsoft had done it with Windows NT they decided to write a new operating system from scratch but with the same API so that the old applications could run unmodified this project was called cand and it looked like that but it slipped and slipped and slipped and it finally got cancelled in 1996 because at that time Apple had realized that this project was going nowhere and that it would probably never be released they had handed out a few previous to developers but there was no consumer product so Apple looked for an operating system to buy there's something not really working oh sorry so Apple looked like I said for an operating system to buy and they had a closer look at two operating systems of the time one was was Steve Jobs Next Step Steve Jobs was the former head of McIntosh development and he had left Apple in 1985 and then he founded the company NeXT here's a screenshot of Next Step from around 1995 option number two was B the company B was founded by job successor to Macos development called he was called sh G and sha G had also left Apple in 1991 and here's a screenshot of BOS also from 1995 Apple talked to G about buying BOS But ultimately they decided on buying next next step became the next operating system and Steve Jobs was the new CEO so what about next the mission of the company was not to compete with apple but to design more high-end computers that were targeted at the education Market with its own operating system that would fit well into the typical University infrastructure one interesting fact about next step is that Tim burn Lee developed the first web browser on a next machine and probably more important the level editor for Doom was developed on Next Step but let's look at the history of The Next Step operating system like I just said next was founded in 1985 and next step one was quite a powerful operating system with a uni space it supported PR emptive multitasking had memory protection a display postcript GUI and it ran on 68k Hardware so it was definitely more advanced than the Macintosh released 5 years earlier one other significant release was 3.1 because next opened it to other CPU architectures i386 PA risk and Spark sunspark when Apple acquired next step in 1996 it was ported to power PC and they added some core classic Mac OS Technologies like the HFS file system QuickTime toolbox which is the GOI Library iTunes and sadly finder they also added a VMware like virtual machine monitor called classic to run the old Mac OS and its applications on the new operating system but they didn't release a product just a preview for develop us under the name raps mac o 10 the desktop mac o 10 was not released until 2001 in 2005 the i386 port was revived with the introduction of the Intel based Max the final version was released in 2006 but they had handed out the developers preview in 2005 well let's look at the architecture of Mac OS 10 and we start with a kernel which is called X and u X and U stands for X is not Unix and so much for meos 10 being Unix but more on this layer the kernel consists of three major parts that are Mark BSD and Theo kit Mark was originally a research project at Carnegie melon University the CMU started in 1985 Mark is the microc project so let's first look at the difference between a monolithic kernel and a micro kernel untraditional monolithic kernels like Unix BSD Linux other components running kernel mode like the file system framework security components user mode interface the network stack and device drivers and besides those the besides those things the parts that really need to be in C mode also running chome mode I'm a microcel the Curel user boundary is moved moved down so only the really necessary Parts run in Cur mode again the scheduler memory manager the interprocess communication and low-level Hardware access components like the file system or networking are each implemented in their own address spaces in user mode micel curs have the advantage that a crash in a driver some file system logic or and network protocol does not have to necessarily bring the system down the whole system in many cases the faulty component can just be restarted just like a user application a similar Advantage applies to the security vulnerabilities in a component if malicious code runs in the context of a network driver it doesn't have full control over the system and in addition dividing the kernel into components makes it more maintainable because it was simpler CMU decided not to rewrite their own set of user mode components so they decided to reuse BSD kernel code base here's BSD and they ripped out the components that were already implemented by Mark and ran the rest in user space as a single server on the next two slides I'll demonstrate how communication between a users process and the BSD server works on a micr kernel for comparison let's first look on a monolithic kernel here's a task in user mode that makes a system call to for example write and this is not much more than a function call because um it is a cur user switch but the address space stays the same and the curl function does its job and returns to the user in the same way on a micronel the konel does not have an implementation for write write is implemented in the BSD server so the program has to send a message with a request to the BSD server using IPC it calls the IPC function in the kernel the kernel then switches address baces to the bstd server the message get get delivered to the BSD server the BSD server performs the function returns to the kernel and the kernel switches address spaces again and returns to the user the problem with this design is that address bace switches invalidate the tlb the Translate translation licite buffer which is the cach for virtual memory mapping and consequently virtual to address bace lookups become lower after a switch until the tlb is repopulated so all in all this leads to Performance problems because of this performance loss the CMU decided to move the kernel user boundary up so that BSD and Mark are both run in KL mode this is referred to as collocation consequently Mac OS 10 does not have a micr kernel design because since Next Step One the combination of Mark which is the actual micr kernel and BSD running craw mode the question you might ask now is isn't this just like a monolithic kernel well it is but this combination has has its advantages too like there's a clean separation of machine management and BSD compatibility parts of the kernel it makes the kernel more more tidy and well abstracted and Mark had many improvements too especially over the BSD equivalence of its components for example the memory management of Mark is better than the BS BSD one until BSD copied it then talking about Mark let's talk about the jobs or tasks of the mark code on the left side of the picture you see physical address space and Mark manages mapping from virtual address spaces to physical addresses these address spaces are called tasks and marked as the memory management these tasks are policy free which means add spaces are just a set of pages there's no user ID no working directory no command line or Associated terminal or environment verbus or practically all the other fields that you get by typing PS on a Unix like system Mac all sorry Mark allows one or more threads per task and it does scheduling Mark also my computer is slow sorry Mark also does sending sends messages between tasks they does IPC neither the memory management nor scheduling are really worth having a look at but IPC is a distinguishing feature to other Kels so we talk about Mark IPC a task can have any number of ports and there are sender and receiver ports the blue ones are cender ports and the red ones are receiver ports Mark messages get sent asynchronously so the recipient can be busy and doesn't have to accept the message immediately because the colonel buffers them which means it puts them into a queue puts them into a queue and here's another message send and put into the queue if the recipient then wants to pick up a message the oldest one gets picked up first and the next one um the most common use case for IPC on a microcel is the RPC which is the remote procedure call a function call across add spaces for example a call from an application to the bstd server unfortunately it's pretty complicated to use mock IPC for RPC and that's what the mark interface generator or short mck is for make simplifies RPC for example if main wants to call Funk which is in another address space mck generates funk in the first task which looks exactly like funk in the second task but it just combines the arguments into a message and sends it to the other to the other task the other task then receives the message decodes it and calls the local Funk the return value will be sent in an analog in in an analog way so effectively a function in task one just call a function in task two the blue code is generated by MC from an interface definition file now let's look at BS how BSD interacts with Mach like we said Mach consists of the components memory manager scheduler and the interrupt or execution Handler for low-level Hardware management these components use the concepts of Mark task mark threat Mark exceptions and Mark message then BD sits right on top of these Concepts and extends a mark task into a BSD process by adding contexts like the command line working directory and so on as well as extending a mark thread into a posic thread and it also converts Mark exceptions into BSD signals ESD also adds extra components like the virtual file system BSD sockets implementation and the slev infrastructure on top of all this there's a CIS call interface yeah it exports the CIS call interface exports standard Unix CIS call functions like open Fork to use a land a sorry sorry what is wrong with that um okay Mark message Api gets exported to user and directory so there are basically two CIS call interfaces one to BSD and one to Mark the CIS call Handler distinguishes between those by looking at the CIS call number and positive numbers get routed to PSD because these numbers are compatible with the standard call numbering of BD and negative numbers call into the mark apis applications should never make CIS calls directly but always go through lip C because Apple doesn't guarantee a stable CIS call interface and this is the reason why Mac OS 10 does not allow static binaries that is executables then contain a copy of lipy in their binary such a such a St such a St itic binary might not work on later versions of Mac OS if the cisal interfaces change of course the third component of Aon use the io kit which is the driver infrastructure I'll first demonstrate how driver development traditionally works on systems like Windows or Linux if you want to create a new driver you usually take the closest match you duplicate the C file and you make the respective changes to the new file this creates a lot of duplicate code and it will always duplicate the bugs too and it makes overall maintainability harder a simple solution or rather workaround for this is to unify the C files and mark the differences with if def or if tests at runtime obviously neither solution is very readable and runtime ifs even have a performance impact so this is how the IID does it it solves the problem by using object orientation and a subset of C++ Pro programming language a generic driver is then used as a base class and a more specific driver inherits all the code from this class and overwrites all the functions that need a different implementation the oit offers many more and Powerful modern features but I'm not a driver person so let's move on to the CeX um IO drivers are a special form of Cs which are kernel extensions a c is practically anything that loads into the kernel at run time it's just like the Linux kernel modeles and C can also contain contain a file system driver or network protocols or it just provides random functionality if the kernel provides the necessary interface to hook into this is a picture of some CS that are stored in system Library extensions like for example as you can see the Apple eyesight CeX or apple ABD keyboard cext or apple airpod CeX and so on this is the MS file system CeX which is the fat file system driver as you can see a CeX isn't just a simple file but it's actually a directory that contains next to the actual binary a few other files like for example the info pist this file just like the others contains meta information about the CeX like the versions of the application binary interface of the X and U components that it requires this example requires at least eight of pstd version eight of BD Mark and unsupported and version nine of lip Kern lip Kern is another small component of X and U that provides various utility functions like C++ base objects data types or Atomic functions and unsupported puts together all functions for which Apple doesn't guarantee compatibility in future versions of MEC OS that's why it's called unsupported now let's move on to booting booting of Mac OS is very different to booting a PC so let's look at that first on a PC booing Works through the firmware called bias the basic input output system which is an Ancient 16k K bit firmware that can only address one mag of memory which you can see on the right side the only thing that bios does is read the first sector the master boot record into the lower 30k of RAM and jumps to it so the buyas does not know about partitions partition types or file systems so the boot sector is completely on its own to find partitions and the files inside the file system that are required for booing booting on Mac is quite different the Intel Mac firmware is called EFI the extensible firmware interface whereas power PC based Macs used open firmware it's a different system but it has basically the same set of features in contrast to bias EFI is 32bit code and it understands the EFI partitioning scheme called GPT it also understands the old Apple partition Mac APM used in power PC Macs and it can read HFS it detects which partitions are bootable by actually looking into the file system if you hold down the option key while turning on a Mac IFI will present a boot picker which shows all bootable partitions connected to the machine EFI then reads the boot loader file from the selected boot file system and executes it the um the driver kernel extensions the Cs like I just said are loaded by going through all the objects in system Library extensions and they're matched against the detected Hardware in not in case neither the kernel nor the hardware nor the set of drivers on dis has changed since the last boot the kernel cache gets loaded instead which is the kernel and a set of necessary Texs that were pre-linked into a flat image it's also interesting to know that the kernel file is called mark kernel but of course it's X and U and not Mark if you look at the file type of an executable like this kernel file or a library you will see that instead of virtually every other Unix like system Mac S10 does not use l but Ma o for example the lip system is a four-way Universal ma o file which means it contains code for all four supported architectures one advantage of that is that no separate directories for 32 and 64-bit libraries are needed as on Linux or on Windows and this goes even further every single file every single binary on a leopard disc even the kernel runs on power PC and Intel so the same hard disk can be used to boot computers with totally incompatible CPU architectures the kernel function great binary is responsible for choosing the most suitable binary image in one mark oile So if on a 64-bit system there's a 32bit and a 64-bit Parn file it'll choose 64-bit of course and on an Intel system it would choose Intel over power PC but if there's only a power PC image on an Intel system it will choose this one and invoke Retta Retta is a compatibility solution which is licensed by transitive that allows running power PC code on Intel Hardware there are two basic ways of constructing something like Retta and I'll first show you how it's not done in curl mode we have aent U sitting on top of the hardware and lip system sits right on top of the kernel interface and on top of that there are several libraries resetter could use all the native i386 versions of these libraries sit in the address bace of the power PC application and translate all its instructions on the Fly and interface the application to the library a problem is that power PC is Big andian while Intel is little Indian so Retta would have to translate all the data that is passed between the ultic code and the native Library so it's not done like that because the interface between an application and the hundreds of libraries that it might probably use is very Broad and Retta would have to know about all the data structures that are passed between these interfaces instead it loads and translates the application and all the libraries that are needed that are required by the application it loads it down to lip system so it only needs to bite swapping between lip system and the chronal interface which consists of not more than a few hundred calls in total so it's a lot EAS iier to get right the downside of this of course is it's slower like for example if a power PC application uses the QuickTime Library the movie decoder will run in a translated fashion although it will be available natively on the system you can make your own experiments and run the power PC version of a universal B binary explicitly by running user lip exec oah translate and you'll see it's slower talking about Intel and power PC let's look at the different architectures next step or Macos 10 have been available for like I said they started off as a 68k operating system and it was ported to i386 and P risk and Spark and ported to power PC by Apple and although i386 version has always existed and it was actually released as a part of Darwin it hasn't been part of a consumer product until 2006 with the introduction of the Intel Max so um no i386 next step or Mac OS 10 was available between 1997 and 2006 just the open source staring pods not a product the Intel kernel of Macos 10 has two interesting features that distinguishes it from other operating systems one of them is the split of virtual Adder space into the user and kernel part on most other operating systems like Linux user mode occupies the lower 3 gig and kernel mode the top one gig so when the kernel switches between tasks it replaces the lower 3 gig with pages of another user this is called the 31 switch instead meos 10 on Intel uses a 44 switch so both the kernel and the user get four gig each consequently only either can be mapped at a time and a tiny switcher that is constantly mapped into the very top of the address space replaces the complete page table to switch between the kernel and the user address bace this design has been chosen to be able to map more devices including large graphic cards into the kernel address space and it has an additional Advantage it provides user tasks with four instead of 3 gig the downside of that is that two address base switches that are necessary for a CIS call including the tlb flushes aren't that great for performance again another property of the OS 10 kernel that isn't done in any other operating system is how support for 64-bit is implemented while Xenu supports 64-bit user applications in the respective 64-bit address space the kernel itself is 32-bit code and it resides in the lower 4 gig of the huge 64bit address space the picture is not really accurate but it's simplified to get my point across it is supported by a tiny amount of 64 code that sits at the top of the address space which manages interrupts and switches between tasks and threads the animation illustrates a switch from the kernel to a 32bit user back to the kernel then to a 64-bit user this is probably not the cleanest design because the kernel cannot directly access the native address range and cannot make use of the EXT set of wider registers that are available to 64-bit code an advantage is that a single kernel init image can be used on both 32bit and 64-bit machines plus the porting effort was minimized and existing 32-bit drivers can be used UNM modified and besides power PC in i386 arm is another act architecture that X and you runs on since the iPhones released in 2007 although there is a big hype around the iPhone there's not much special about its version of Mac OS it's just another port to another architecture but the iPhone uses a custom boot loader and it does not support real CS um it always uses a kernel cache because it doesn't support extra Hardware what's sad about the armp part is that the changes required for this architecture are not open source but large part of mecos 10 are Apple calls this open source parts of os 10 Darwin Darwin includes the kernel many drivers Unix text mode userland and many libraries which so Darin is everything but the GUI and its support libraries they release a new source drop with every minor release of s like 1050 or 1051 this is a part of the list of the packages that can be downloaded from Apple's open source website you'll notice that some of the packages are Apple's own code like X and U and some are modified versions of common open source software like Zip Pearl curl and so on Apple Source is licensed Under The Apple public Source license the apsl which is a BSD style license and it's compatible with Suns ddl which allows the integration of sun code like d trce and ZFS but Darwin is not a typical open source project there used to be the open Darwin community that worked on the darn Source but interest in this has faded and today basically only apple is working on the o 10 Source the picture shows the lovely Darin mascot hexley the platus although there is no hobby as Community working on the source it doesn't mean being open source doesn't doesn't serve a purpose it does the source is useful to C Developers for debugging and governmental and research institutions and third party vendors they often worked on modified versions of MEC OS for example the mandatory access control F FR framework which is integrated into leopard have been developed by a third party now that we've talked about some major distinguishing properties of meos let me tell you my eight favorite distinguishing features number eight is D trce from Sun so it isn't a unique Mac OS feature it was later ported to Apple which is no problem because like I just said the cddl is compatible with the apsl nevertheless D Trace is very useful kernel feature it is a framework for getting statistics data from the kernel with near zero speed impact on a a running system drace can just rewrite some kernel code to put code in there that does extra logging and when the measurements are finished the code can be removed again traditional Al the user either had to compile a special kernel with login code in it or always have this login code enabled and suffer from the performance hit the TR is very useful to get information about for example which thisis calls does an application and how often the number of me memory allocations and frees for a driver those two are pretty obvious cases a very obscure case is how often often does great binary decide to run the 64-bit part of an executable for example number seven the kernel cache Linux has a similar system with its initial Ram diss the in it Rd which are mounted before the actual root file system and they contain a script that loads a set of drivers that also comes on this Ram disk but it's just not as nice because the first boots from a tinyy installation in the ram dis including a shell because you have to execute the scripts and throws away the ram dis and then Boots the real route this is a hack because neither the kernel nor the boot loader really support the concept of a colonel cache on Mac it is a suppored concept and the boot loader just loads a single file number six is the separation between Mach BSD and the io kit Unix was the big mess as ten B called it because every function inside the kernel could call every other function and there was no strict layering BSD and Linux coped this design and Al Macos does not have the advantages of a micr kernel the kernel is still strictly divided into three distinct Parts the iokit for example forms its complete own world and it only interacts with Mark through a Nar and strict interface number five is the pic confirmance maos 10 was enhanced to pass the posic conformance test from the open group so in contrast to Linux it may carry the Unix trademark but only since leopard governmental customers want that and fine by me number four the mark message Api all Unix like systems have the standard Unix means of IPC like sockets signals and shared memory but none of them is as powerful as Mark messaging because Mark messaging handles Security in queing and if necessary even data conversion but it is not a feature provided by some library but it's handled directly by the kernel unlike Corone Linux number three is the io kit the io kit is a modern objectoriented driver infrastructure that supports inheritance driver stacking for example CD ROM sits on top of IDE which sits on top of PCI and it supports automatic matching and loading number two is the stable CeX ABI on Linux a driver module typically even doesn't load into the next revision of the kernel while this has the advantage that Linux can change change the driver APA at any time it makes it extremely hard for third parties to provide the user with drivers on Mac OS the driver APA is typically compatible with several major releases so that you can a lot like on Windows just download a driver binary from the Hardware window and number one which is my personal favorite the desktop OS 10 runs in two completely different Hardware architectures or four if you also can the 64-bit versions nevertheless it comes on one single install DVD and an installed system can boot on any of the sub of any of the supported architectures and third party applications that you download also run automatically on all systems this is unlike Linux vsd and BSD which require a different installer or installer CD even for 32 and 64-bit versions of Intel and they don't allow a 64-bit machine to boot uh sorry a 64-bit installation to boot on a 32-bit machine to conclude my talk let's revisit the passwords again and clarify the relation to Mac OS Mark the Mac OS 10 kernel is not Mark the meos 10 kernel is X and u x and U consists of Mark BSD and Theo kit the os10 kernel is not a micro kernel the mark code base can be used as a micro kernel xnu itself is a monolithic kernel BSD and most drivers are in kernel mode free BSD kernel the Mac OS 10 kernel is not based on the FreeBSD kernel X andu contains some FreeBSD code xmu is it's not written C++ the io kit is written in embedded C++ Mark and BSD are written in C the Mac OS 10 kernel is not 64bit it supports 64-bit userland applications the kernel code is 32bit with tiny 64-bit parts for user support the Mac OS 10 kernel and most of the Unix bits are open source but there is no life Repository some code is missing but it can be compiled into a working system Mac OS 10 is UNIX but only since leopard because it passed the posix confirmance test and it now may use the Unix trademark but it does not contain AT&T Unix code but meos 10 is awesome thank you very much

Info

Channel: Christiaan008

Views: 69,845

Rating: undefined out of 5

Keywords: mac, kernel, os, bsd

Id: -7GMHB3Plc8

Channel Id: undefined

Length: 42min 5sec (2525 seconds)

Published: Sat Feb 26 2011