TechEd 2004 – Session: Mark Russinovich “Linux and Windows Kernel Comparison”

(this Time in “my-version-of-english”)

After talking about his backgrounds Mark Russinovich started the Session, formerly known as “Linux

and Windows Kernel Comparison” and now known as “Windows and Linux: A Tale of two Kernels”.

Here are my notes from the Session:

  • Linux´ history starts in early before Linus Torvalds developed his Linux
    because of the big number of unix derivates the market fragmented

  • 1991 Linus took a college computer science course that used Minix

  • Minix was developed by Andrew Tanenbaum who used Minix as learning workbench

  • Tanenbaum didn´t allow Linus to extend Minix to make it more usable

  • Linus went in his own direction and started working on Linux (Oct 91 Linux 0.02, Mar 94 Linux 1.0)

  • Bill Gates wanted a UNIX rival – the all known Microsoft<>IBM and Windows 3.x and OS/2 story

  • unexpectedly Windows became a hugh success so Microsoft did his own way without IBM


  • both Linux and Windows are monolithic architectures (all core operating system services run in a shared address space in kernel-mode and all system services are part of a single module

  • Windows has a Kernel-mode Windowing subsystem, Linux has X11 user-mode Windowing system

Process Management

  • Windows:

    • Process is a container with address space, handle table, statistics and at least one thread

    • no inherent parent/child relationship

    • Threads are basic sheduling units

    • Fibers are user-mode Threads

  • Linux:

    • Process is called Task, holds basic address space, handle table and statistics

    • there is a parent/child relationship

    • basic scheduling unit

    • no threads per-se, tasks can act like Windows threads by sharing handle table, PID and adress space, PThreads


  • Windows:

    • Two scheduling classes: “Real time” (fixed) priority 16-31

    • “Dynamic” priority 1-15

    • Higher priorities are favored, dynamic priority threads get boosted on wakeups, thread priorities are never lowered

    • Windows thread timeslice is 10ms to 120ms, can vary

    • Reentrang and preemptible

  • Linux:

    • Three scheduling classes: “Normal” (100-139)

    • “Fixed Round Robin” (0-100)

    • “Fixed FIFO” (0-100)

    • Lower priorities are favored, priorities of normal threads go up (decay) as they use CPU, Priorities of interactive threads go down

    • Linux thread timeslice is 10ms-200ms

    • Default is 100ms, varies across entire range based on priority and interactivity level

Multiprocessor Support

  • Windows:

    • up to 32 CPUs on 32 bit and 64 CPUs on 64 bit

    • NUMA is supported

    • Hyperthreading is supported (physical CPUs are favored)

  • Linux:

    • no upper CPU limit (set at kernel build time via kernel constant)

    • Supports NUMA (Scheduler favors a node the thread last run on)

    • Memory Manager is not NUMA aware,

    • Supports Hyperthreading (favors physical CPUs)

Virtual Memory Management

  • Windows splits user-mode/kernel-mode from 2GB/2GB to 3GB/1GB

  • Linux splits user-mode/kernel-mode from 1GB/3GB to 3GB/1GB, 2.6 has “4/4 split” option where kernel mode has its own 4 GB address space

Physical Memory Management

  • Windows:

    • Per-process working sets

  • Linux:

    • global working sets

I/O Management

  • Windows:

    • centered around file object

    • layered driver architecture

    • most i/o operations support asynchronous operations

    • interrupts are split between Interrupt Service Routine and Deferred Procedure Call

    • Supports PnP

    • internal interrupt request level controls interruptability

  • Linux:

    • centered around the inode

    • no layered i/o model

    • most i/o is synchronous

    • only sockets and direct disk i/o support asynchronous i/o

File Caching

  • Windows:

    • single global common cache, Virtual File Cache

  • Linux:

    • almost identical to windows beside the fact that Linux uses user and virtual file cache which can cause inconsistencies between the two caches


  • Windows:

    • Security model based on ACL

    • Users are defines with privileges, member groups

    • security can be appliad to any object manager object (files, processes…)

    • Supports auditing out of the box

  • Linux:

    • two models: Standard Unix Model, ACL (SELinux)

    • Users are defined with privileges and member groups

    • security is implemented on an object-by-object basis

    • no built in auditing support

    • Kernel 2.6 adds Security Module Framework for add-on security modules

After that direct comparrison he talked about the additions that where made to linux to improve performance. For example Linux was only cooperative preemptible till 2.4 and is now preemtible in patches of 2.4 and out-of-the box 2.6. On the other Hand Windows from NT and up is preemtible.

  • Linux introduced per-CPU kernel memory buffers; Windows introduced per-CPU buffers in an NT4 Servicepack in 1997

  • the Linux 2.4 scheduler is O(n), Linux 2.4 patches have a revamped scheulder that´s O(1)

  • Windows from NT and up always had an O(1) scheduler based on pre-sorted thread priority queues

  • Windows Server 2003 introduced per-CPU ready queues

  • Linux load balances queues

  • Windows does not (was not seen as an issue in performance testing by Microsoft)

  • Linux 2.2 introduced SendFile API to send file data over a socket, Linux 2.4 introduced zero-copy Sendfile

  • Windows from NT and up pioneered zero-copy file sending with TransmitFile in Windows NT4

However. The talk was focused on an in-depth comparison of the Windows and Linux internals, and as far as i could see both platforms have their problems 😉 ( unexpected was that conclusion ?!)