Hi,
bharathm1 wrote:
Do you think there is any hope for fault tolerant monolithic kernels?
That really depends on what kinds of faults you're trying to tolerate. A driver fails to initialise because it can't allocate enough memory? Easy. A single bit flip (if there's no memory encryption)? Maybe. A CPU failing while holding kernel locks? No.
bharathm1 wrote:
I think ideas such as nooks where we isolate the address space of kernel drivers is a good line of research though it pushes some burden to driver programmers.
If drivers are isolated it's either a micro-kernel or a hybrid (and is no longer a monolithic); regardless of whether that isolation is implemented with the hardware's virtual memory management or if it's done in software only, and regardless of whether the driver is still in an area that would've been considered "kernel space".
bharathm1 wrote:
What are the main principles that the present monolithic kernels (eg. Linux) violating that made kernel terrible at fault tolerance?
The main principle that is missing is isolation (that would prevent it from being called a true monolithic kernel if it existed).
Linux is a special case - it maps all physical memory into kernel space (so any dodgy pointer anywhere in many millions of lines of code can corrupt anything that's in memory anywhere); so you can get all your hopes for fault tolerance and nail them to all your hopes for security, and glue on a few extra hopes (e.g. for decent NUMA optimisations), and then throw the that huge ball of hopes in the trash.
Cheers,
Brendan