IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
For any load/store, the CPU retrieves the memory key assigned to the targeted page during<br />
the translation process. The key number is used to select the bit pair in the AMR that defines<br />
if an access is permitted. A data storage interrupt results when this check fails.<br />
The AMR is a per-context register that can be updated efficiently. The TLB/ERAT contains<br />
storage key values for each virtual page. This allows AMR updates to be efficient, because<br />
they do not require TLB/ERAT invalidation. The POWER hardware enables a mechanism<br />
that software can use to efficiently change storage accessibility.<br />
Ideally, each storage key would correspond to a hardware key. However, due to the limited<br />
number of hardware keys with current Power Architecture, more than one kernel key is<br />
frequently mapped to a given hardware key. This key mapping or level of indirection may<br />
change in the future as architecture supports more hardware keys.<br />
Another advantage that indirection provides is that key assignments can be changed on a<br />
system to provide an exclusive software-to-hardware mapping for a select kernel key. This is<br />
an important feature for testing fine granularity keys. It could also be used as an SFDC tool.<br />
Kernel keys provide a formalized and abstracted API to map kernel memory classes to a<br />
limited number of hardware storage keys.<br />
For each kernel component, data object (virtual pages) accessibility is determined. Then<br />
component entry points and exit points may be wrapped with “protection gates”. Protection<br />
gates change the AMR as components are entered and exited, thus controlling what storage<br />
can be accessed by a component.<br />
At configuration time, the module initializes its kernel keyset to contain the keys required for<br />
its runtime execution. The kernel keyset is then converted to a hardware keyset. When the<br />
module is entered, the protection gates set the AMR to the required access authority<br />
efficiently by using a hardware keyset computed at configuration time.<br />
User keys work in application programs. The keys are a virtualization of the PowerPC storage<br />
hardware keys. Access rights can be added and removed from a user space AMR, and an<br />
user key can be assigned as appropriate to an application’s memory pages. Management<br />
and abstraction of user keys is left to application developers.<br />
3.7.2 System management support for storage keys<br />
You can use smitty skeyctl to disable (keys are enabled by default) Kernel keys, as shown<br />
in Example 3-18.<br />
Note: You may want to disable kernel keys if one of your kernel extensions is causing key<br />
protection errors but you need to be able to run the system even though the error has not<br />
been fixed.<br />
Example 3-18 Storage protection keys SMIT menu<br />
Storage Protection Keys<br />
Move cursor to desired item and press Enter.<br />
Change/Show Kernel Storage Protection Keys State<br />
F1=Help F2=Refresh F3=Cancel F8=Image<br />
F9=Shell F10=Exit Enter=Do<br />
Chapter 3. <strong>AIX</strong> advanced continuous availability tools and features 79