(lwn.net)

186 points ahlCVA | 5 comments | 19 Sep 25 15:29 UTC | HN request time: 0s | source

1. perching_aix ◴[19 Sep 25 19:33 UTC] No.45305508[source]▶

Does this mean resiliency against kernel panics?

replies(1): >>45307257 #

2. sedatk ◴[19 Sep 25 22:03 UTC] No.45307257[source]▶

>>45305508 (TP) #

> - Improved fault isolation between different workloads

Yes.

replies(1): >>45307371 #

3. ATechGuy ◴[19 Sep 25 22:15 UTC] No.45307371[source]▶

>>45307257 #

That's what the author is claiming. Practically, VM-level strong fault isolation cannot be achieved without isolation support from the hardware aka virtualization.

replies(1): >>45307618 #

4. eqvinox ◴[19 Sep 25 22:41 UTC] No.45307618{3}[source]▶

>>45307371 #

Hardware without something like SR-IOV is straight up going to be unshareable for the foreseeable future; things like ring buffers would need a whole bunch of coordination between kernels to share. SR-IOV (or equivalent) makes it workable, an IOMMU (or equivalent) then provides isolation.

replies(1): >>45308047 #

5. skissane ◴[19 Sep 25 23:30 UTC] No.45308047{4}[source]▶

>>45307618 #

You could have a “nanokernel” which owns the ring buffers and the other kernels act as its clients… or for a “primary kernel” which owns the ring buffers and exposes an API the other kernels could call. If different devices have different ring buffers, the “primary kernel” could be different for each one.

↑

Kernel: Introduce Multikernel Architecture Support