Hacker News new | ask | show | jobs
by sorbits 2520 days ago
> Did this advantage play out in practice? If your filesystem module goes down then every module that talks to the file system module needs to gracefully handle the failure or it will still effectively crash the system.

If the file system process crashes then in theory the OS would simply relaunch it.

But your core services should be stable, it’s more about extensions, for example you may want to have virtual file systems (ftp, sshfs, etc.), which until FUSE wasn’t possible in the non-microkernel world.

As for how it played out in practice: I think microkernels lost early on because of performance and things like FUSE were created to allow the most obvious extension mechanisms for the otherwise non-extendable monolithic kernels.
1 comments
jandrese 2520 days ago
That's the theory yes, but I was asking about real life. Did those early microkernel systems actually deliver?

Also, for anything stateful, like a filesystem, simply relaunching it may not be sufficient. You need to make sure it hasn't lost any data in the crash and possibly rewind some state changes in related modules.

link
sorbits 2520 days ago
> That's the theory yes, but I was asking about real life. Did those early microkernel systems actually deliver?

According to Wikipedia “[MINIX] can also withstand driver crashes. In many cases it can automatically restart drivers without affecting running processes. In this way, MINIX is self-healing and can be used in applications demanding high reliability”.

While this kernel was originally written to teach kernel design, all Intel chipsets post-2015 are running MINIX 3 internally as the software component of the Intel Management Engine.

Another widely deployed microkernel is L4, I assume this has similar capabilities, as it also puts most things in user space and is used for mission critical stuff.

> Also, for anything stateful, like a filesystem, simply relaunching it may not be sufficient.

True, but simply rebooting when the kernel process crashes due to buggy driver code won’t be sufficient either :)

FYI when Apple introduced extended attributes their AFP (network file system) did have a bug that made the kernel (and thus entire machine) crash for certain edge cases involving extended attributes.

In that case, had their AFP file system been a user space process, I may still have lost data, but it would have saved me from dozens of reboots.

link