IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
added a protection gate for the interface) and the hardware keyset established by module<br />
configuration. Future calls to a configuration entry point can execute an explicit protection<br />
gate, but this requires logic in the module configuration point to differentiate the first and<br />
subsequent calls.<br />
When a new (key-safe) thread/k-proc is created, it starts execution at an initialization function<br />
passed to kthread_start()/initp(). For key-safe extensions, the kernel calls this entry point with<br />
a keyset that contains only the KKEY_PUBLIC kernel key. The k-thread/k-proc initialization<br />
function is an entry point, so it is the callee’s responsibility to add a protection gate if another<br />
keyset is required.<br />
In these two cases, the kernel is required to load the legacy keyset before calling an<br />
initialization function contained in a key-unsafe extension.<br />
Multiple page sizes<br />
Significant work has been done to exploit medium (64 K) and large (16 M) pages in the<br />
kernel. Medium pages continue to be usable with kernel keys. Kernel heaps can continue to<br />
be backed by medium-size pages when kernel keys are enabled. There will be a heap per<br />
hardware key, and that will increase the kernel’s working set. Code setting storage keys on all<br />
kernel memory must be aware of the page size.<br />
3.7.6 Example using kernel keys<br />
This example tries to load a kernel extension that has the ability to use kernel protection keys.<br />
It will provide a system call kkey_test() that will be called by user program myprog.c (shown in<br />
Example 3-24 on page 93). The make file for this program is shown in Example 3-21.<br />
Note: The kernel must be built using bosboot -aD to include the kernel debugger. Without<br />
this, you will not see the kernel printfs, and the dsi will not pop you into kdb, but will just<br />
take a dump.<br />
When system call kkey_test() is called with parameter=0, it tries to access private heap with<br />
KKEY_VMM in its protection gate (as shown in Example 3-28 on page 96).<br />
When system call kkey_test() is called with parameter>0, it tries to access private heap<br />
without KKEY_VMM in its protection gate (as shown in Example 3-29 on page 96).<br />
Example 3-21 Make file for kernel key example<br />
CC=/usr/vac/bin/cc<br />
LD=/usr/bin/ld<br />
LIB= -bI:kkey_set.exp<br />
UTIL=.<br />
all: myprog service kkey_set64<br />
kkey_set64: kkey_set.c kkey_set.exp<br />
$(CC) -q64 -D_KERNEL -D_KERNSYS -D_64BIT_KERNEL -D__64BIT__ -o kkey_set64.o -c<br />
kkey_set.c<br />
$(LD) -b64 -o kkey_set64 kkey_set64.o -e kkey_test_init -bE:kkey_set.exp<br />
-bI:/usr/lib/kernex.exp -lcsys<br />
service: service.c<br />
$(CC) -o service service.c<br />
90 <strong>IBM</strong> <strong>AIX</strong> <strong>Continuous</strong> <strong>Availability</strong> <strong>Features</strong>