CSE 5343/7343 Fall 2006 Case Studies Comparing Windows XP and Linux Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Copyright Notice © 2000-2005 David A. Solomon and Mark Russinovich These materials are part of the Windows Operating System Internals Curriculum Development Kit, developed by David A. Solomon and Mark E. Russinovich with Andreas Polze Microsoft has licensed these materials from David Solomon Expert Seminars, Inc. for distribution to academic organizations solely for use in academic environments (and not for commercial use) 2 Background Architecture Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Linus and Linux In 1991 Linus Torvalds took a college computer science course that used the Minix operating system Minix is a “toy” UNIX-like OS written by Andrew Tanenbaum as a learning workbench Linus wanted to make MINIX more usable, but Tanenbaum wanted to keep it ultra-simple Linus went in his own direction and began working on Linux In October 1991 he announced Linux v0.02 In March 1994 he released Linux v1.0 4 Windows and Linux Both Linux and Windows are based on foundations developed in the mid-1970s 1970 1980 1990 2000 1970 1980 1990 2000 5 Comparing the Architectures Both Linux and Windows are monolithic All core operating system services run in a shared address space in kernel-mode All core operating system services are part of a single module Linux: vmlinuz Windows: ntoskrnl.exe Windowing is handled differently: Windows has a kernel-mode Windowing subsystem Linux has a user-mode X-Windowing system 6 Kernel Architectures Application Windows User Mode Kernel Mode Win32 Windowing Device Drivers System Services Process Management, Memory Management, I/O Management, etc. Application Hardware Dependent Code Linux X-Windows User Mode Kernel Mode System Services Process Management, Memory Management, I/O Management, etc. Device Drivers Hardware Dependent Code 7 Linux Kernel Linux is a monolithic but modular system All kernel subsystems form a single piece of code with no protection between them Modularity is supported in two ways: Compile-time options Most kernel components can be built as a dynamically loadable kernel module (DLKM) DLKMs Built separately from the main kernel Loaded into the kernel at runtime and on demand (infrequently used components take up kernel memory only when needed) Kernel modules can be upgraded incrementally Support for minimal kernels that automatically adapt to the machine and load only those kernel components that are used 8 Windows Kernel Windows is a monolithic but modular system No protection among pieces of kernel code and drivers Support for Modularity is somewhat weak: Windows Drivers allow for dynamic extension of kernel functionality Windows XP Embedded has special tools / packaging rules that allow coarse-grained configuration of the OS Windows Drivers are dynamically loadable kernel modules Significant amount of code run as drivers (including network stacks such as TCP/IP and many services) Built independently from the kernel Can be loaded on-demand Dependencies among drivers can be specified 9 Comparing Portability Both Linux and Windows kernels are portable Mainly written in C Have been ported to a range of processor architectures Windows i486, MIPS, PowerPC, Alpha, IA-64, x86-64 Only x86-64 and IA-64 currently supported > 64MB memory required Linux Alpha, ARM, ARM26, CRIS, H8300, i386, IA-64, M68000, MIPS, PA-RISC, PowerPC, S/390, SuperH, SPARC, VAX, v850, x86-64 DLKMs allow for minimal kernels for microcontrollers > 4MB memory required 10 Comparing Layering, APIs, Complexity Windows Kernel exports about 250 system calls (accessed via ntdll.dll) Layered Windows/POSIX subsystems Rich Windows API (17 500 functions on top of native APIs) Linux Kernel supports about 200 different system calls Layered BSD, Unix Sys V, POSIX shared system libraries Compact APIs (1742 functions in Single Unix Specification Version 3; not including X Window APIs) 11 Comparing Architectures Processes and scheduling SMP support Memory management I/O File Caching Security 12 Process Management Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Process Management Windows Process Address space, handle table, statistics and at least one thread No inherent parent/child relationship Threads Basic scheduling unit Fibers - cooperative usermode threads Linux Process is called a Task Basic Address space, handle table, statistics Parent/child relationship Basic scheduling unit Threads No threads per-se Tasks can act like Windows threads by sharing handle table, PID and address space PThreads – cooperative user-mode threads 14 Scheduling Priorities Windows Two scheduling classes 31 “Real time” (fixed) priority 16-31 Dynamic - priority 1-15 Fixed Higher priorities are favored Priorities of dynamic threads get boosted on wakeups Thread priorities are never lowered 16 15 Dynamic I/O 0 Windows 15 Scheduling Priorities Windows Two scheduling classes “Real time” (fixed) priority 16-31 Dynamic - priority 1-15 Higher priorities are favored Priorities of dynamic threads get boosted on wakeups Thread priorities are never lowered Linux Has 3 scheduling classes: Normal – priority 100-139 Fixed Round Robin – priority 0-99 Fixed FIFO – priority 0-99 Lower priorities are favored Priorities of normal threads go up (decay) as they use CPU Priorities of interactive threads go down (boost) 16 Scheduling Priorities (cont) 31 0 Fixed Fixed FIFO Fixed Round-Robin 16 15 Dynamic I/O 99 100 I/O Normal CPU 0 Windows 140 Linux 17 Linux Scheduling Details Most threads use a dynamic priority policy Normal class - similar to the classic UNIX scheduler A newly created thread starts with a base priority Threads that block frequently (I/O bound) will have their priority gradually increased Threads that always exhaust their time slice (CPU bound) will have their priority gradually decreased “Nice value” sets a thread’s base priority Larger values = less priority, lower values = higher priority Valid nice values are in the range of -20 to +20 Nonprivileged users can only specify positive nice value Dynamic priority policy threads have static priority zero Execute only when there are no runnable real-time threads 18 Real-Time Scheduling on Linux Linux supports two static priority scheduling policies: Round-robin and FIFO (first in, first out) Selected with the sched-setscheduler( ) system call Use static priority values in the range of 1 to 99 Executed strictly in order of decreasing static priority FIFO policy lets a thread run to completion Thread needs to indicate completion by calling the sched-yield( ) Round-robin lets threads run for up to one time slice Then switches to the next thread with the same static priority RT threads can easily starve lower-prio threads from executing Root privileges or the CAP-SYS-NICE capability are required for the selection of a real-time scheduling policy Long running system calls can cause priority-inversion Same as in Windows; but cmp. rtLinux 19 Windows Scheduling Details Most threads run in variable priority levels Priorities 1-15; A newly created thread starts with a base priority Threads that complete I/O operations experience priority boosts (but never higher than 15) A thread’s priority will never be below base priority The Windows API function SetThreadPriority() sets the priority value for a specified thread This value, together with the priority class of the thread's process, determines the thread's base priority level Windows will dynamically adjust priorities for non-realtime threads 20 Real-Time Scheduling on Windows Windows supports static round-robin scheduling policy for threads with priorities in real-time range (16-31) Threads run for up to one quantum Quantum is reset to full turn on preemption Priorities never get boosted RT threads can starve important system services Such as CSRSS.EXE SeIncreaseBasePriorityPrivilege required to elevate a thread’s priority into real-time range (this privilege is assigned to members of Administrators group) System calls and DPC/APC handling can cause priority inversion 21 Scheduling Timeslices Linux Windows The thread timeslice (quantum) is 10ms-120ms The thread quantum is 10ms-200ms Default is 100ms When quanta can vary, has one of 2 values Varies across entire range based on priority, which is based on interactivity level Reentrant and preemptible Reentrant and preemptible Fixed: 120ms 20ms Background Foreground: 60ms 200ms 10ms 100ms 22 Kernel Reentrancy Mark Russinovich’s April 1999 Windows NT Magazine article, “Linux and the Enterprise”, pointed out that much of the Linux 2.2 was not reentrant cpu 1 Non-reentrant Reentrant cpu 2 cpu 1 cpu 2 Ingo Molnar stated in rebuttal: Time Saved “his example is a clear red herring.” A month later he made all major paths reentrant 23 Kernel Preemptibility A preemptible kernel is more responsive to high-priority tasks Through the base release of v2.4 Linux was only cooperatively preemptible There are well-defined safe places where a thread running in the kernel can be preempted The kernel is preemptible in v2.4 patches and v2.6 Windows NT has always been preemptible 24 Scheduling The Linux 2.4 scheduler is O(n) If there are 10 active tasks, it scans 10 of them in a list in order to decide which should execute next This means long scans and long durations under the scheduler lock Ready List 103 112 112 101 Highest Priority Task 25 Scheduling Linux 2.6 has a revamped scheduler that’s O(1) from Ingo Molnar that: Calculates a task’s priority at the time it makes scheduling decision Has per-CPU ready queues where the tasks are pre-sorted by priority Highest-priority Non-empty Queue 101 103 112 112 26 Scheduling Windows NT has always had an O(1) scheduler based on pre-sorted thread priority queues Server 2003 introduced per-CPU ready queues Linux load balances queues Windows does not Not seen as an issue in performance testing by Microsoft Applications where it might be an issue are expected to use affinity 27 Zero-Copy Sendfile Linux 2.2 introduced Sendfile to efficiently send file data over a socket I pointed out that the initial implementation incurred a copy operation, even if the file data was cached Linux 2.4 introduced zero-copy Sendfile Windows NT pioneered zero-copy file sending with TransmitFile, the Sendfile equivalent, in Windows NT 4 File Data Buffer 1-Copy Network Network Adapter Driver Buffer File Data Buffer Network 0-Copy Network Network Driver 28 Wake-one Socket Semantics Linux 2.2 kernel had the thundering herd or overscheduling problem In a network server application there are typically several threads waiting for a new connection In v2.2 when a new connection came in all the waiters would race to get it Ingo Molnar’s response: 5/2/99: “here he again forgets to _prove_ that overscheduling happens in Linux.” 5/7/99: “as of 2.3.1 my wake-one implementation and waitqueues rewrite went in” In Linux 2.4 only one thread wakes up to claim the new connection Windows NT has always had wake-1 semantics 29 Light-Weight Synchronization Linux 2.6 introduces Futexes There’s only a transition to kernel-mode when there’s contention Windows has always had CriticalSections Same behavior Futexes go further: Allow for prioritization of waits Works interprocess as well 30 Memory Management Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Virtual Memory Management Windows 32-bit versions split usermode/kernel-mode from 2GB/2GB to 3GB/1GB Demand-paged virtual memory 32 or 64-bits Copy-on-write Shared memory Memory mapped files 0 Linux Splits user-mode/kernel-mode from 1GB/3GB to 3GB/1GB 2.6 has “4/4 split” option where kernel has its own address space Demand-paged virtual memory 32-bits and/or 64-bits Copy-on-write Shared memory Memory mapped files User 0 2GB User System 4GB 3GB System 4GB 32 Physical Memory Management Windows Per-process working sets Working set tuner adjust sets according to memory needs using the “clock” algorithm No “swapper” Linux Global working set management uses “clock” algorithm No “swapper” (the working set trimmer code is called the swap daemon, however) LRU Process Reused Page LRU LRU Other Process Reused Page 33 I/O Management Windows Centered around the file object Layered driver architecture throughout driver types Most I/O supports asynchronous operation Internal interrupt request level (IRQL) controls interruptability Interrupts are split between an Interrupt Service Routine (ISR) and a Deferred Procedure Call (DPC) Supports plug-and-play Linux Centered around the vnode No layered I/O model Most I/O is synchronous Only sockets and direct disk I/O support asynchronous I/O Internal interrupt request level (IRQL) controls interruptability Interrupts are split between an ISR and soft IRQ or tasklet Supports plug-and-play IRQL Masked 34 I/O & File System Management Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze File Caching Linux Windows Single global common cache Single global common cache Virtual file cache Virtual file cache Caching is at file vs. disk block level Caching is at file vs. disk block level Files are memory mapped into kernel memory Files are memory mapped into kernel memory Cache allows for zero-copy file serving Cache allows for zero-copy file serving File Cache File Cache File System Driver File System Driver Disk Driver Disk Driver 36 Monitoring - Linux procfs Linux supports a number of special filesystems Like special files, they are of a more dynamic nature and tend to have side effects when accessed Prime example is procfs (mounted at /proc) provides access to and control over various aspects of Linux (I.e.; scheduling and memory management) /proc/meminfo contains detailed statistics on the current memory usage of Linux Content changes as memory usage changes over time Services for Unix implements procfs on Windows 37 I/O Processing Linux 2.2 had the notion of bottom halves (BH) for lowpriority interrupt processing Fixed number of BHs Only one BH of a given type could be active on a SMP Linux 2.4 introduced tasklets, which are non-preemptible procedures called with interrupts enabled Tasklets are the equivalent of Windows Deferred Procedure Calls (DPCs) 38 Asynchronous I/O Linux 2.2 only supported asynchronous I/O on socket connect operations and tty’s Linux 2.6 adds asynchronous I/O for direct-disk access AIO model includes efficient management of asynchronous I/O Also added alternate epoll model Useful for database servers managing their database on a dedicated raw partition Database servers that manage a file-based database suffer from synchronous I/O Windows I/O is inherently asynchronous Windows has had completion ports since NT 3.5 More advanced form of AIO 39 Security Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Security Windows Very flexible security model based on Access Control Lists Users are defined with Privileges Member groups Security can be applied to any Object Manager object Files, processes, synchronization objects, … Supports auditing Linux Two models: Standard UNIX model Access Control Lists (SELinux) Users are defined with: Capabilities (privileges) Member groups Security is implemented on an object-by-object basis Has no built-in auditing support Version 2.6 includes Linux Security Module framework for add-on security models 41 A Look at the Future The kernel architectures are fundamentally similar There are differences in the details Linux implementation is adopting more of the good ideas used in Windows For the next 2-4 years Windows has and will maintain an edge Linux is still behind on the cutting edge of performance tricks Large performance team and lab at Microsoft has direct ties into the kernel developers As time goes on the technological gap will narrow Open Source Development Labs (OSDL) will feed performance test results to the kernel team IBM and other vendors have Linux technology centers Squeezing performance out of the OS gets much harder as the OS gets more tuned 42 Linux Technology Unknowns Linux kernel forking RedHat has already done it: Red Hat Enterprise Server v3.0 is Linux 2.4 with some Linux 2.6 features Backward compatibility philosophy Linus Torvalds makes decisions on kernel APIs and architecture based on technical reasons, not business reasons 43 Further Reading Transaction Processing Council: www.tpc.org SPEC: www.spec.org NT vs Linux benchmarks: www.kegel.com/nt-linuxbenchmarks.html The C10K problem: http://www.kegel.com/c10k.html Linus Torvald’s home: http://www.osdl.org/ Linux Kernel Archives: http://www.kernel.org/ Linux history: http://www.firstmonday.dk/issues/issue5_11/moon/ Veritest Netbench result: http://www.veritest.com/clients/reports/microsoft/ms_netbench.pdf Mark Russinovich’s 1999 article, “Linux and the Enterprise”: http://www.winntmag.com/Articles/Index.cfm?ArticleID=5048 The Open Group's Single UNIX Specification: http://www.unix.org/version3/ 44