27 comments

[ 5.1 ms ] story [ 29.2 ms ] thread
Does this mean resiliency against kernel panics?
Sounds similar to CoLinux where you could run a "cooperative Linux" alongside Windows http://www.colinux.org/
IIRC, colinux is similar to user mode Linux, which boots a kernel in userland. That is, the kernel runs under windows as an application rather than alongside it.
How is this different from/similar to Barrelfish?
It would be interesting to see a detailed security assessment of this. Would it provide security improvements over docker?
If you want some security improvements, move from docker to podman rootless + distroless containers.

If you need more security/isolation, go to a VM or bare metal.

would this allow running both linux and bsd kernels?
"while sharing the underlying hardware resources"? At the risk of sounding too positive, my guess is that hell will freeze over before that will work reliably. Alternating access between the running kernels is probably the "easy" part (DMA and command queues solve a lot of this for free), but I'm thinking more of all the hardware that relies on state-keeping and serialization in the driver. There's no way that e.g. the average usb or bluetooth vendor has "multiple interleaved command sequences" in their test setup.

I think Linux will have to move to a microkernel architecture before this can work. Once you have separate "processes" for hardware drivers, running two userlands side-by-side should be a piece of cookie (at least compared to the earlier task of converting the rest of the kernel).

Will be interesting to see where this goes. I like the idea, but if I were to go in that direction, I would choose something like a Genode kernel to supervise multiple Linux kernels.

This is something that was actually implemented and used on multiple platforms, and generally requires careful development of all interacting OSes. Some resources that have to be multiplexed are handled through IPC between running kernels, otherwise resources were set to be exclusively owned.

This allowed cheap "logical partitioning" of machines without actually using a hypervisor or special hardware support.

Think "cloud providers"

Today, you can grab a physical NIC and create some number of virtual NICs. Same for GPUs.

I guess the idea is that you have some hardware, and each kernel (read "virtual machine") will get:

  - some dedicated CPU
  - some physical memory
  - some virtual NICs
  - some storage, maybe (if dedicated; if through network, then nothing to do here)
  - maybe a virtual GPU for the AI hype train
Every kernel will mostly think it owns real hardware, while in fact it only deals with part of it (all of this due to virtualized hardware support that can be found in many places)

This feature does not seem like a general-usage feature, which can be used in our laptop

What's preventing a compromised kernel on one core from hijacking the other cores? This doesn't seem like much of a security boundary
Insane idea, but very cool.
It’s not clear to me but do these kernels run directly on the hardware? If so how are they able to talk to each other, DMA? That could open up some security flaws, hopefully they thought through that
You used to also be able to get the opposite; one Linux kernel with a unified userspace distributed across a cluster.

https://sourceforge.net/projects/kerrighed/

That's cool! Similar is the idea of running a single large VM across multiple hosts. There have been several iterations of that idea, the latest being a presentation at this year's KVM Forum: GiantVM: A Many-to-one Virtualization System Built Atop the QEMU/KVM Hypervisor - Songtao Xue, Xiong Tianlei, Muliang Shou https://kvm-forum.qemu.org/2025/
I wonder if modern numa-aware software could take advantage of this if the Linux APIs report the correct topology.
This could open up ways to run Linux as a guest kernel of proper microkernel operating systems to aid with hardware compatibility.
There are various hardware singletons that need to be managed for this to work properly. This raises many questions.

Which of the kernel does the PCI enumeration, for instance, and how it is determined which kernel gets ownership over a PCI device? How about ACPI? Serial ports?

How does this architecture transfers ownership over RAM between each kernel, or is it a fixed configuration? How about NUMA-awareness? (Likely you would want to partition systems so that RAM is along with the CPUs of the same NUMA node).

Looks to me that one kernel would need to be have 'hypervisor'-like behavior in order to divvy up resources to other kernels. I think PVM (https://lwn.net/Articles/963718/) would be a preferred solution in this case, because the software stack of managing hypervisor resources can already be reused with it.

Could this be used to compile a new kernel? (Which could then be executed by the compiling kernel?)

Could the new kernel be genetically scored for effectiveness (security, performance, etc), and iterated upon automatically, by e.g. an AI?