> Any user or application can't replace a privileged system server- they can replace a shared library.
In my view, "privileged system servers" should only exist inasmuch as they are necessary to be an arbiter of resources or a router of hardware messages.
Take memory: at some level, something has to have authority over which of several competing processes will get ownership of memory pages. And when a page fault occurs for some virtual memory page, there has to be some way of dispatching this to the code that can handle it without triggering a page fault itself.
Both of these cases require centralized, privileged processes by nature.
Anything else that does not similarly require centralized privileged processes are better handled as shared library, I agree.
I'm not sure I see what parts of the "traditional microkernel organization" mandate privileged system servers for things. I haven't looked at L4 in a while, but as I recall the only server that is inherently privileged is a pager, which must be privileged for the two reasons I mentioned before.
Yes. I don't know much about how servers are typically done today, but from the research I've read server processes are used for things like file systems, the network stack, virtual memory swapping, or other abstractions on top of the hardware, in addition to L4's user space drivers. However, these servers don't have the right domain-specific knowledge.
For example, when the kernel (or a server) needs to revoke some physical memory from a process, it doesn't have the information it needs to do this well- LRU-page-to-disk is not always the best pattern. A database application could instead discard an index page if regenerating it is faster than loading it from disk- this is faster and more power efficient.
When the kernel needs to allocate disk space to a file system, it doesn't know the expected usage of that space as well as the application often can. Databases, web servers, version control, etc, all know (or can profile) their file system usage (for that matter, the file system itself is sometimes suboptimal)- "this web page will also send these js, css, and image files" for example, so letting the application choose the disk blocks out of the available ones can bring massive performance improvements.
The same applies to network packet merging, file copy operations, scheduling of threads in an application, using the virtual memory system for things like garbage collection and persistent storage, etc.
In my view, "privileged system servers" should only exist inasmuch as they are necessary to be an arbiter of resources or a router of hardware messages.
Take memory: at some level, something has to have authority over which of several competing processes will get ownership of memory pages. And when a page fault occurs for some virtual memory page, there has to be some way of dispatching this to the code that can handle it without triggering a page fault itself.
Both of these cases require centralized, privileged processes by nature.
Anything else that does not similarly require centralized privileged processes are better handled as shared library, I agree.
I'm not sure I see what parts of the "traditional microkernel organization" mandate privileged system servers for things. I haven't looked at L4 in a while, but as I recall the only server that is inherently privileged is a pager, which must be privileged for the two reasons I mentioned before.