July 13, 2008
Muddying waters
In a recent article our competitors, tell the story of the two OSes (Linux and RTOS) and argue that a system virtual machine is the right approach to make this work on a single (DSP) core. However, they really are pulling wool over the readers' eyes.
While in the introduction they pretend to be talking about system virtual machines, later on it becomes clear that the setup they are describing runs at least the RTOS and all code running on top of it in privileged mode (and most likely the Linux kernel too, at least this is what some of the text, as well as their Figure 2 seems to imply). A "virtualizer" switches between the Linux and RTOS environments on interrupts.
This is clearly not "system virtualization". In system virtualization, according to the definition accepted since the '70's, the hypervisor is in control of all system resources, and virtualizes them for the virtual machines, which are fully isolated from each other. By implication, all guest operating systems inside virtual machines are running de-privileged. Our competitor's "virtualizer" clearly violates this. All that is virtualized there are interrupts, not the complete system. The effect is that all guest OSes, plus all code running on the RTOS, must be trusted.
Why are they doing this? Well, the article argues that it is needed to meet performance requirements, including "sub-10 microsecond switch time". OKL4 easily achieves "sub-10 microsecond switch time" without any shortcuts that undermine security.
Another interesting point in that article is that it argues that running Linux and RTOS side-by-side makes the RTOS code "free from the constraints of the GPL". This implies that the "virtualizer" encapsulates the GPL. Does it? Given that Linux, RTOS and virtualizer are all linked together and run in a flat address space, this certainly seems an adventorous claim. It seems at least as dodgy as the use of binary drivers for circumventing the GPL, which open-source guru Bruce Perens considers "legally ambiguous". If I was concerned about isolating my proprietary IP from GPL code, I wouldn't want to rely on such dubious means.
So, why would anyone buy that system?
Posted by Gernot Heiser on July 13 at 07:50 PM
About Gernot Heiser:
Gernot Heiser, Chief Technology Officer, never thought he would be in the business world. Prior to NICTA's creation in 2003, Dr Heiser was a full-time faculty member at the University of New South Wales. However, this die-hard academic couldn’t pass up the opportunity to see the commercialization of this research. Gernot still loves teaching, almost as much as he loves good wine and good food. And anyone will tell you that Gernot knows his wine.