IBM AIX Continuous Availability Features - IBM Redbooks

More documents

Recommendations

Info

mode, storage keys are called user keys. A kernel extension may have to deal with both types of keys. A memory protection domain generally uses multiple storage protection keys to achieve additional protection. AIX Version 6.1 divides the system into four memory protection domains, as described here: Kernel public This term refers to kernel data that is available without restriction to the kernel and its extensions, such as stack, bss, data, and areas allocated from the kernel or pinned storage heaps. Kernel private This term refers to data that is largely private within the AIX kernel proper, such as the structures representing a process. Kernel extension This term refers to data that is used primarily by kernel extensions, such as file system buf structures. User This term refers to data in an application address space that might be using key protection to control access to its own data. One purpose of the various domains (except for kernel public) is to protect data in a domain from coding accidents in another domain. To a limited extent, you can also protect data within a domain from other subcomponents of that domain. When coding storage protection into a kernel extension, you can achieve some or all of the following RAS benefits: ► Protect data in user space from accidental overlay by your extension ► Respect private user key protection used by an application to protect its own private data ► Protect kernel private data from accidental overlay by your extension ► Protect your private kernel extension data from accidental overlay by the kernel, by other kernel extensions, and even by subcomponents of your own kernel extension Note: Storage protection keys are not meant to be used as a security mechanism. Keys are used following a set of voluntary protocols by which cooperating subsystem designers can better detect, and subsequently repair, programming errors. Design considerations The AIX 64-bit kernel makes extensive use of a large flat address space by design. It produces a significant performance advantage, but also adds Reliability, Accessibility and Serviceability (RAS) costs. Storage keys were introduced into PowerPC architecture to provide memory isolation while still permitting software to maintain a flat address space. Large 64-bit applications, such as DB2, use a global address space for similar reasons and also face issues with memory overlays. Storage keys allow an address space to be assigned context-specific protection. Access to the memory regions can be limited to prevent and catch illegal storage references. PowerPC hardware assigns protection keys to virtual pages. The keys are identifiers of a memory object class. These keys are kept in memory translation tables. They are also cached in translation look-aside buffers (TLBs) and in effect to real TLBs (ERATs). A new CPU special purpose register known as the Authority Mask Register (AMR) has been added to define the keyset that the CPU has access to. The AMR is implemented as a bit pairs vector indexed by key number, with distinct bits to control read and write access for each key. The key protection is in addition to the existing page protection mechanism. 78 IBM AIX Continuous Availability Features
For any load/store, the CPU retrieves the memory key assigned to the targeted page during the translation process. The key number is used to select the bit pair in the AMR that defines if an access is permitted. A data storage interrupt results when this check fails. The AMR is a per-context register that can be updated efficiently. The TLB/ERAT contains storage key values for each virtual page. This allows AMR updates to be efficient, because they do not require TLB/ERAT invalidation. The POWER hardware enables a mechanism that software can use to efficiently change storage accessibility. Ideally, each storage key would correspond to a hardware key. However, due to the limited number of hardware keys with current Power Architecture, more than one kernel key is frequently mapped to a given hardware key. This key mapping or level of indirection may change in the future as architecture supports more hardware keys. Another advantage that indirection provides is that key assignments can be changed on a system to provide an exclusive software-to-hardware mapping for a select kernel key. This is an important feature for testing fine granularity keys. It could also be used as an SFDC tool. Kernel keys provide a formalized and abstracted API to map kernel memory classes to a limited number of hardware storage keys. For each kernel component, data object (virtual pages) accessibility is determined. Then component entry points and exit points may be wrapped with “protection gates”. Protection gates change the AMR as components are entered and exited, thus controlling what storage can be accessed by a component. At configuration time, the module initializes its kernel keyset to contain the keys required for its runtime execution. The kernel keyset is then converted to a hardware keyset. When the module is entered, the protection gates set the AMR to the required access authority efficiently by using a hardware keyset computed at configuration time. User keys work in application programs. The keys are a virtualization of the PowerPC storage hardware keys. Access rights can be added and removed from a user space AMR, and an user key can be assigned as appropriate to an application’s memory pages. Management and abstraction of user keys is left to application developers. 3.7.2 System management support for storage keys You can use smitty skeyctl to disable (keys are enabled by default) Kernel keys, as shown in Example 3-18. Note: You may want to disable kernel keys if one of your kernel extensions is causing key protection errors but you need to be able to run the system even though the error has not been fixed. Example 3-18 Storage protection keys SMIT menu Storage Protection Keys Move cursor to desired item and press Enter. Change/Show Kernel Storage Protection Keys State F1=Help F2=Refresh F3=Cancel F8=Image F9=Shell F10=Exit Enter=Do Chapter 3. AIX advanced continuous availability tools and features 79
Page 1:
Front cover IBM AIX Continuous Avai
Page 4 and 5:
Note: Before using this information
Page 6 and 7:
2.3.7 Minidump . . . . . . . . . .
Page 8 and 9:
vi IBM AIX Continuous Availability
Page 10 and 11:
Trademarks The following terms are
Page 12 and 13:
Engineering degree in Computer Scie
Page 14 and 15:
Find out more about the residency p
Page 16 and 17:
1.1 Overview In May 2007, IBM intro
Page 18 and 19:
1.5 Continuous operations Continuou
Page 20 and 21:
1.6.2 Availability 1.6.3 Serviceabi
Page 22 and 23:
IBM has tried to enhance FFDC featu
Page 24 and 25:
10 IBM AIX Continuous Availability
Page 26 and 27:
2.1 System availability AIX is buil
Page 28 and 29:
On AIX 5.3, the only way to persist
Page 30 and 31:
When used on a standalone server (s
Page 32 and 33:
mirrored volume group on the client
Page 34 and 35:
2.2.1 Error checking Run-Time Error
Page 36 and 37:
The PowerPC hardware gives software
Page 38 and 39:
System dumps can also be user-initi
Page 40 and 41:
Live dumps are small dumps that do
Page 42 and 43: Trace is a valuable tool for observ
Page 44 and 45: Component Trace uses mechanisms sim
Page 46 and 47: 2.3.14 syslog To display the boot l
Page 48 and 49: Logging can be added to many of the
Page 50 and 51: compression: on path specification:
Page 52 and 53: 2.4.4 EtherChannel network traffic
Page 54 and 55: 2.4.6 2-Port Adapter-based Ethernet
Page 56 and 57: operations) without affecting produ
Page 58 and 59: Quorum A quorum is a vote of the nu
Page 60 and 61: 2.5.8 Journaled File System-related
Page 62 and 63: Fast I/O failure is controlled by a
Page 64 and 65: display its output in a format suit
Page 66 and 67: For more detailed information about
Page 68 and 69: 54 IBM AIX Continuous Availability
Page 70 and 71: 3.1 AIX Reliability, Availability,
Page 72 and 73: This means that traditional AIX sys
Page 74 and 75: used by IBM service personnel, so t
Page 76 and 77: also be used to obtain a snapshot o
Page 78 and 79: 3.5 Live dump and component dump Li
Page 80 and 81: lfs filesystem ._0 | NO | ON/3 | OF
Page 82 and 83: .vmker | YES | ON/3 | OFF/3 .vmpool
Page 84 and 85: The output of Start a Live Dump is
Page 86 and 87: Table 3-3 Concurrent update termino
Page 88 and 89: We tested the installation of an ef
Page 90 and 91: Setting efix state to: STABLE +----
Page 94 and 95: Example 3-19 shows the SMIT menu fo
Page 96 and 97: might share a given hardware key. M
Page 98 and 99: KKEY_UPUBLIC, KKEY_FILE_DATA KKEY_U
Page 100 and 101: Note: Kernel keys and keysets, whic
Page 102 and 103: extension key-aware is determining
Page 104 and 105: added a protection gate for the int
Page 106 and 107: } printf("hardware keyset after KER
Page 108 and 109: } param=atoi(*(argv+1)); printf("Te
Page 110 and 111: Load the kernel extension so that a
Page 112 and 113: 3 : 000000000000000A r4 : F10006C00
Page 114 and 115: 3.7.7 User mode protection keys Use
Page 116 and 117: ► The APIs provided by the system
Page 118 and 119: if (!strcmp(*(argv+1),"read")){ if
Page 120 and 121: strlen() at 0xd010da00 _doprnt(??,
Page 122 and 123: int pthread_attr_setukeyset_np (pth
Page 124 and 125: Machine State Save Area iar : 00000
Page 126 and 127: As a consequence, determining the r
Page 128 and 129: A Vue script or Vue program is a pr
Page 130 and 131: ► An optional predicate The predi
Page 132 and 133: 3. Interval probe manager The inter
Page 134 and 135: { int count; count = count +1; prin
Page 136 and 137: ► Errno names ► Signal names
Page 138 and 139: * will result in error out of read(
Page 140 and 141: This places a large part of the bur
Page 142 and 143:
Note: The frequency of checks made
Page 144 and 145:
Non-fragments 00000066 Promotions 0
Page 146 and 147:
immediately after the returned stor
Page 148 and 149:
This option should be used with car
Page 150 and 151:
3.9.6 KDB commands for XMDBG ► xm
Page 152 and 153:
Page 154 and 155:
Name AIX version Hardware required
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Online resources These Web sites ar
Page 162 and 163:
sysdumpdev 27 tprof 28 trace 28 trc
Page 164:
subsequent reboot 71, 133 SUE 18 Sy
show all

IBM AIX Continuous Availability Features - IBM Redbooks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?