Skip to main content.
Google custom search

The Anykernel and Rump Kernels

About (top)

The unique anykernel capability of NetBSD allows existing kernel drivers to run in a multitude of configurations: monolithic kernel, microkernel, exokernel and others. The feasibility of constructing an anykernel is verified by the production quality implementation for NetBSD.

When a driver is not run as part of the monolithic kernel, e.g. as a microkernel style server, it is hosted in a rump kernel. A rump kernel is an ultralightweight virtualized kernel residing on top of high-level hypervisor. Instead of a low-level hypercall API typically seen with operating systems with operations such as "modify page table", the rump kernel hypercall API provides high-level operations such as "run this code in a thread". The high-level hypercall API avoids duplication between the hypervisor and rump kernel and keeps the runtime footprint per rump kernel very small. Currently, a number of POSIX operating systems are supported as hypervisors, with other interfaces such as embedded systems and firmwares planned for the future.

An anykernel is not an implementation of a kernel driver or subsystem. It is an architecture for kernel implementation. Other concepts on the same level include the division of code into MD/MI component or kernel architecture changes necessary for supporting finegrained SMP locking. However, specific drivers to archive hosting a rump kernel in userspace have been implemented. A good example is a file system driver which allows the rump kernel to access the file system namespace of the host.

Use cases for rump kernels include:

  • virtualization: every rump kernel has its own instance of state. Furthermore, the functionality offered by multiple rump kernels running on the same host does not need to be equal. For example, multiple different networking stacks optimized for different purposes are possible.
  • security: when hosted on a POSIX system, a rump kernel runs in its own instance in a userspace process. For example, it is well-known that all operating systems are vulnerable to untrusted file system images. Unlike on other operating systems, on NetBSD it is possible to mount untrusted ones, such as those on a USB stick, with an isolated server. This isolates attacks and prevents kernel compromises.
  • easy prototyping and development: kernel code can be developed as a normal userspace application. Once development is finished, the code can simply be complied into the kernel.
  • safe testing: kernel code can be tested on any host without risk of the test host being affected

Some features offered by the implementation in NetBSD include:

  • full transparent isolation of the C namespace via symbol renaming: This means that the kernel printf() routine and the and libc printf routine can coexist in the same process without conflict.
  • microkernel style servers providing seamless integration: Support is available for file systems and device drivers.
  • kernel ABI support on i386 and amd64: kernel module binaries can be linked and loaded into a rump kernel. this means it is possible to run untrusted kernel binaries safely.
  • highly componentized: a rump kernel instance is made up of the rump kernel base and an independent selection of components. For example, a rump kernel acting as a router does not need file system support. This means that rump kernel virtualization is highly scalable.

Further Reading (top)

Dissertation
Articles, Tutorials & Howtos
Conference publications
  • "Environmental Independence: BSD Kernel TCP/IP in Userspace" describes networking in rump kernels. The paper and video presentation are available. Presented at AsiaBSDCon 2009.
  • "Kernel Development in Userspace - The Rump Approach" describes doing kernel development with rump kernels. The paper and slides are available. Presented at BSDCan 2009.
  • "Rump File Systems: Kernel Code Reborn" describes kernel file system code and its uses in userspace. The paper and slides are available. Presented at the 2009 USENIX Annual Technical Conference.
  • "Fs-utils: File Systems Access Tools for Userland" describes fs-utils, an mtools-like utility kit which uses rump kernel file systems as a backend. The paper is available. Presented at EuroBSDCon 2009.
  • "Rump Device Drivers: Shine On You Kernel Diamond" describes device driver and USB. The paper and video presentation are available. Presented at AsiaBSDCon 2010.
Manual pages

The manpages provide the usual type of information. Start from rump.3 and follow the cross-references in "SEE ALSO".

Foreign Platforms

Availability (top)

Rump kernels were first introduced as a prototype in NetBSD 5.0. A stable version with numerous new features and improvements was shipped with NetBSD 6.0.

Source Code (top)

All of the source code is available from the NetBSD source tree and can be obtained with the usual methods.

You can also browse the source code history online. Code for rump kernels is found from all parts of the source tree (cf. discussion in "About"). Some examples of where to look include src/lib, src/usr.bin and src/sys/rump.