New Mechanisms for Fast System Calls

The performance of PCIe devices is constantly increasing for new hardware generations while the latency associated with issuing I/O requests to NVMe-based SSDs or RDMA network cards is likewise decreasing. Meanwhile the traditional communication channel between applications and devices stays nearly the same: It always goes through the kernel. Thus, the overhead of system call invocations and the associated request processing becomes significant for low-latency storage and network communication. To overcome this deficiency, many alternative approaches for controlling devices have been developed. Kernel-bypass frameworks like SPDK and DPDK present such alternatives. They reduce the latency of communicating between applications and devices by forgoing system calls and circumventing the kernel entirely. Unfortunately, these bypass techniques prevent the kernel from managing and supervising the access to peripheral devices. Hence, it can neither multiplex I/O requests between applications nor enforce security policies.

Considering these developments, this thesis strives to develop a new mechanism for fast system calls: the fastcall mechanism. This approach keeps the kernel in control of all connected devices and uses the same interface as system calls for service invocations. This thesis presents the design and implementation of a fast path through the kernel, which enables the new approach to construct low-latency kernel handlers. This includes the facilities needed for offering secure services in a limited kernel environment. The evaluation shows that the new mechanism itself introduces an overhead of only 24 ns. With this number, the novel approach is nearly 15 times faster than system calls, at least when common CPU vulnerability mitigations are active. Therefore, the new mechanism has the potential to enable secure, software-based, low-latency sharing of PCIe devices.

(Bachelor defense)