A computer system consists of many hardware components, such as, for example, a CPU, RAM, disks, keyboard, monitor, serial ports, and etc. Some others are slightly more abstract but equally interesting to the running of an OS, such as interrupts, PCI bus, etc.
When there is only one OS running in the system, the OS sees, owns and manages all the hardware components in the system.
In recent years, people are putting more than one operating system (OS) on the same computer. In enterprise server arena, such a feature would allow one server to be put into one VM and leads much better manageability. In software development, it enables developers to quickly test out software portability on various OSes and various versions of the same OS. Even in personal computing, people are using multiple OSes for supporting different applications and for testing out new OS versions, or even testing downloaded software. On embedded devices such as smartphones, people can have two OSes for different purposes: one for private usage and one for business.
The predominant technique for multi-OS is virtual machine (VM) technology, which was originally developed by IBM for mainframe computers. Recently, there is renewed interests in VM technology, including new products and research projects such as VMW. They offer good security and isolation. However, they typically do suffer from performance loss. One study shows VM techniques can slow down the application anywhere from 10% to 80% depending on the application.
Additionally, implementation and porting of VM technology are complex. For example, in order to support guest OSes well, all underlying devices need to be virtualized one way or the other in order for access by the guest OS. With a growing list of new hardware coming out everyday, this restriction may limit the applicability of VM-based approaches.
Simple solutions exist that do not have these problems for the application scenarios that do not require multiple OSes running concurrently. There are multi-boot solutions such as GRUB from GNU.org and BootMagic from PowerQuest (Symantec). There are also some hardware swapping and manual selection schemes that let one to choose different booting devices and effectively enable multiple OSes running on the same computer. Unfortunately, the slow and cumbersome switching process limits the scope of its application.
OS switching is another alternative for supporting multiple OSes. Operating System (OS) switching is a technique that enables multiple operating system (OSes) to run concurrently on the same computer. In one embodiment, each OS owns a portion of the system memory and storage and takes turns running. In one embodiment, switching from one OS to another is achieved through modifying suspend/resume functions in the power management module.
When multiple OSes run concurrently, one fundamental question is how each hardware component is exported to each OS. Three fundamentally different techniques exist: exclusive partition, time multiplexing, and abstraction. In exclusive partition, a hardware component belongs to one OS exclusively and it is never accessed by any other OSes in the system. For example, memory can be split into two halves, where each of the two OSes owns one half. For another example, the Ethernet controller can be assigned to one OS, while other OSes either don't access Ethernet or access it indirectly through talking to the owner OS. In time multiplexing, at any time, one OS owns the hardware component and manages it exclusively. From time to time, however, the ownership may switch from one OS to another. The CPU is typically shared this way. In Abstraction, an OS does not see and manage the real hardware component; instead it accesses the hardware through another layer of software. Virtualization is a special form of abstraction, where the interface of the abstraction software looks like a traditional device instead of typical functional call interface.
A multi-OS solution can use a combination of the above techniques. Even for the same hardware component, it is possible to combine different techniques. For example, an Ethernet controller can exclusively belong to one OS. If an application in this OS implements virtual Ethernet controllers and exports them to other OSes, then other OSes, can indirectly access the Ethernet controller through the abstract interface of the virtual Ethernet controllers.
VM-based multi-OS solutions employ abstraction, or virtualization, for managing most hardware components. Multi-boot solutions, on the other hand, use time multiplexing for the whole system through rebooting.
An example of an OS switching technique is described in U.S. Patent Application No. 20010018717A1, entitled “Computer System, Operating System Switching System, Operating System Mounting Method, Operating System Switching Method, Storage Medium, and Program Transmission Apparatus,” filed Aug. 30, 2001, where multiple OSes are supported without attempting to virtualize any hardware components.
Existing OS switching solutions such as described in U.S. Application No. 20010018717A1 do not offer strong isolation between multiple OSes. One problem with the OS switching is a lack of strong isolation and protection among OSes, which are exhibited in a lack of memory isolation and a lack of forced control transfer. More specifically, with respect to a lack of memory isolation, all OSes share the same physical memory. When an OS kernel runs in the privilege mode, it is capable of modify any memory contents, including those belonging to other OSes and an OS switcher. If it does so, either due to bugs or malicious viruses, other OSes and even the whole system will crash. Also, with respect to the lack of forced control transfer, the implementation described above relies on the current active OS giving up CPU and enters OS switcher in order to perform an OS switching. Potentially a buggy or maliciously hacked OS may never enter the OS switcher. As a result, other OSes are effectively suspended forever unless the whole system is shutdown and reboots. Thus, these implementations of OS switching have security holes, mainly due to lack of memory isolation and force control transfer.