We have presented the design, implementation, and evaluation of a novel framework for safe deployment of application-specific code into an OS kernel. The mechanism is based on three key technologies: hardware fault isolation, dynamic code generation, and dynamic linking. HFI relies on commonly available hardware features, and offers low-overhead isolation. Our dynamic code generation is based on E-code, a DCG package developed at Georgia Tech. Using DCG, plugins may be comprised of user-defined code, thereby enabling arbitrary application-specific specializations of the kernel services with which they are associated. Dynamic linking enforces a narrow kernel/plugin interface, provides logical isolation between extensible system-level entities, and eliminates kernel namespace pollution.
Micro-benchmarks evaluating kernel plugins show the base cost of
plugin invocation to be between 0.45 
and 0.62 . Plugin
code generation, linking, and unlinking costs are 4 
, 3.1
and 1.6 , respectively, for the sample image-transcoding plugin
used in this paper. In general, code generation cost depends on code
size, and both linking and unlinking costs can be improved further by
optimization of the symbol tables currently used in the plugin
facility. More importantly, macro-benchmarks and experimental results
from a realistic sample application showcase performance advantages
offered to end-user applications using kernel plugins in lieu of
specializations implemented at user level.
In its current state, the plugin facility fully implements hardware fault isolation, dynamic code generation, dynamic linking, and plugin preemption based on hardware system timers. Planned future work and improvements include tighter integration of code generation and isolation, further performance characterization, exploration of inter-plugin memory protection, implementation of a fault recovery and continuation mechanism, porting the system to Intel's 64-bit Itanium 2 architecture, and optimization of the implementation bottlenecks.