0

A common x86 CPU has two different modes (here can we subdivide again into protection rings). One is the user mode and the other is the kernel mode.

The kernel mode has full access to the hardware. Basically you should be careful to execute something here.

For security reasons you choose the user mode for normal applications like a web server.

To call a kernel function, for example, an expensive context switch must take place.

Now to my question: Apart from the fact that it would be irresponsible to run a normal application in kernel mode, it would be possible in theory to run an application like a simple HTTP server in kernel mode.

However, the system would have to be perfect for this: The HTTP server is bug-free. This is basically not possible in practice. Also, the CPU could have a security hole, which makes this much more tragic.

Now we assume that the system would really be 100% perfect and we would run an application in kernel mode. Is this performance difference noticeable?

Has anyone tried this out and published benchmarks?

Robin Lindner
  • 515
  • 6
  • 13
  • For a modern system call, the cost of the low level system call itself (`syscall` and `sysret` instructions) is negligible (low tens of cycles) and overshadowed by the overhead that immediately follows it (instruction fetch miss, branch misprediction caused by a call table using the function number as index, correcting `gs` for safety, checking parameters properly because the caller isn't trusted, etc). Because of this; a naive approach (move a process to kernel space with the least effort) would have almost no noticeable performance difference. – Brendan Nov 06 '22 at 23:34
  • For highest performance difference, you'd need a lot more work (e.g. calling internal kernel functions directly). For max. performance you'd treat the kernel as a statically linked library and use whole program optimization to end up with something equivalent to a bootable application with no OS (see https://en.wikipedia.org/wiki/Unikernel ). – Brendan Nov 06 '22 at 23:38

1 Answers1

2

Yes, Linux had the TUX web server for a while. Years ago it maybe had some production usage, when CPUs were slower and security threats less severe. Only for serving static content. From Wikipedia, condensed:

The TUX web server is an unmaintained in-kernel web server for Linux licensed under the GNU General Public License (GPL). It was maintained by Ingo Molnár.
[...]

The main differences between TUX and other webservers include:

  • TUX runs partly within a customized version of the Linux kernel and partly as a userspace daemon. (Using the tux(2) system call)
  • With a capable network card, TUX enables scatter-gather DMA from the page cache directly to the network.
  • TUX is only able to serve static web pages.

Instead of user-space, presumably the daemon could be a "kernel thread", i.e. a schedulable task the runs in ring 0.

kHTTPd is I think the same thing? It says it can pass along requests for non-static content to a full web server like Apache. The site has some old benchmarks, like from a K6-2 at 350MHz, showing requests per second vs. concurrent requests, with Apache peaking at about 500 requests / sec (for a 1K file over a 100Mbit connection with apachebench). Zeus manages about 1900 req/s, but kHTTPd handled about 2300 req/s at best, with not-huge concurrency.

I'm sure you can google other benchmarks for Tux / kHTTPd now that you know what to search for.

Modern systems can come closer to saturating even 10Gbit network links with normal servers running in user-space, thanks to multi-core CPUs. So this idea has mostly been abandoned for web serving.

For local file-sharing, NFSd is still mostly done in-kernel.

https://en.wikipedia.org/wiki/In-kernel_web_server says there were actually implementations like that for multiple different OSes, including Solaris and HP-UX.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • I once read that some ASP.NET implementations (some version of IIS) run part of the HTTP stack on [http.sys](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/httpsys?view=aspnetcore-6.0) which, by the name, seems to be kernel mode. – Margaret Bloom Nov 07 '22 at 15:17
  • @MargaretBloom: Yeah, that's what https://en.wikipedia.org/wiki/In-kernel_web_server says, too. I didn't know how current that was, or how much work was done inside the kernel. I assumed it probably wasn't a huge amount, so didn't mention it, but maybe should have. – Peter Cordes Nov 07 '22 at 23:31