Hybrid kernel

A hybrid kernel is a kernel architecture based on combining aspects of microkernel and monolithic kernel architectures used in computer operating systems. The category is controversial due to the similarity to monolithic kernel; the term has been dismissed by some as simple marketing. The traditional kernel categories are monolithic kernels and microkernels (with nanokernels and exokernels seen as more extreme versions of microkernels).



The idea behind this category is to have a kernel structure similar to a microkernel, but implemented in terms of a monolithic kernel. In contrast to a microkernel, all (or nearly all) operating system services are in kernel space. While there is no performance overhead for message passing and context switching between kernel and user mode, as in monolithic kernels, there are no performance benefits of having services in user space, as in microkernels.

NT kernel
The best known example of a hybrid kernel is the Microsoft NT kernel that powers Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7. NT-based Windows is classified as a hybrid kernel (or a macrokernel ) rather than a monolithic kernel because the emulation subsystems run in user-mode server processes, rather than in kernel mode as on a monolithic kernel, and further because of the large number of design goals which resemble design goals of Mach (in particular the separation of OS personalities from a general kernel design). Conversely, the reason NT is not a microkernel system is because most of the system components run in the same address space as the kernel, as would be the case with a monolithic design (in a traditional monolithic design, there would not be a microkernel per se, but the kernel would implement broadly similar functionality to NT's microkernel and kernel-mode subsystems).

Description
The Windows NT design included many of the same objectives as Mach, the archetypal microkernel system, one of the most important being its structure as a collection of modules that communicate via well-known interfaces, with a small microkernel limited to core functions such as first-level interrupt handling, thread scheduling and synchronization primitives. This allows for the possibility of using either direct procedure calls or interprocess communication (IPC) to communicate between modules, and hence for the potential location of modules in different address spaces (for example in either kernel space or server processes). Other design goals shared with Mach included support for diverse architectures, a kernel with abstractions general enough to allow multiple operating system personalities to be implemented on top of it and an object-oriented organisation.

The reason NT is not a micro-kernel system is that nearly all of the subsystems providing system services, including the entire Executive, run in kernel mode (in the same address space as the microkernel itself), rather than in user-mode server processes, as would be the case with a microkernel design. This is an attribute NT shares with early versions of Mach, as well as all commercial systems based on Mach, and stems from the superior performance offered by using direct procedure calls in a single memory space, rather than IPC, for communication amongst subsystems.

In describing NT, the list of which subsystems do not run in kernel mode is far shorter than the list of those that do. The user-mode subsystems on NT include one or more emulation subsystems, each of which provides an operating system personality to applications, the Session Manager Subsystem (smss.exe), which starts the emulation subsystems during system startup and the Local Security Authority Subsystem Service (lsass.exe), which enforces security on the system. The subsystems are not written to a particular OS personality, but rather to the native NT API (or Native API).

The primary operating system personality on Windows is the Windows API, which is always present. The emulation subsystem which implements the Windows personality is called the Client/Server Runtime Subsystem (csrss.exe). On versions of NT prior to 4.0, this subsystem process also contained the window manager, graphics device interface and graphics device drivers. For performance reasons, however, in version 4.0 and later, these modules (which are often implemented in user mode even on monolithic systems, especially those designed without internal graphics support) run as a kernel-mode subsystem.

As of 2007, one other operating system personality, UNIX, is offered as an optionally installed system component on certain versions of Windows Vista and Windows Server 2003 R2. The associated subsystem process is the Subsystem for UNIX-Based Applications (psxss.exe), which was formerly part of a Windows add-on called Windows Services for Unix. An OS/2 subsystem (os2ss.exe) was supported in older versions of Windows NT, as was a very limited POSIX subsystem (psxss.exe). The POSIX subsystem was supplanted by the UNIX subsystem, hence the identical executable name.

Applications that run on NT are written to one of the OS personalities (usually the Windows API), and not to the native NT API for which documentation is not publicly available (with the exception of routines used in device driver development). An OS personality is implemented via a set of user-mode DLLs (see Dynamic-link library), which are mapped into application processes' address spaces as required, together with an emulation subsystem server process (as described previously). Applications access system services by calling into the OS personality DLLs mapped into their address spaces, which in turn call into the NT run-time library (ntdll.dll), also mapped into the process address space. The NT run-time library services these requests by trapping into kernel mode to either call kernel-mode Executive routines or make Local Procedure Calls (LPCs) to the appropriate user-mode subsystem server processes, which in turn use the NT API to communicate with application processes, the kernel-mode subsystems and each other.

Description
One of the main design goals is to represent all resources as files and use a single communication protocol for both local and remote resources. The Plan 9 kernel uses both in-kernel (kernel mode) but more commonly user mode servers. Communication with user mode servers — fileservers — uses 9P. Kernel mode examples are device drivers, network interfaces (ethernet), networking (IP stack), environment, and /proc. Examples of user mode are mailboxes, serial-console multiplexor, spam filter, CD interpreter, foreign filesystems and tapes, backup system, and the window system. Because the interface to ‘in-kernel’ and ‘user space’ file servers is the same this also means that components can be moved to (or reimplemented in) either user mode or the kernel without making any changes to the system; for example there have been implementations of the IP stack and graphics systems as both user programs and in the kernel, and they can even coexist in the same running system thanks to the use of namespaces.

Classification
Due to the extensive use of user mode fileservers together with some in-kernel systems, this is a simpler candidate for inclusion as a hybrid kernel.

Implementations

 * BeOS kernel
 * Haiku kernel
 * Syllable
 * BSD-based
 * DragonFly BSD (first non-Mach BSD OS to use a hybrid kernel, concepts inspired by AmigaOS)
 * XNU kernel (core of Darwin, used in Mac OS X)
 * NetWare kernel
 * Plan 9 kernel
 * Inferno kernel
 * NT kernel (used in Windows NT 3.1, Windows NT 3.5, Windows NT 4.0, Windows 2000, Windows Server 2003, Windows XP, Windows Vista, Windows Server 2008, Windows 7)
 * ReactOS kernel