IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
To continue running in a key-protected environment, legacy kernel extensions receive special<br />
support from the kernel. Any extension converted to use keys is still in an environment with a<br />
mixture of key-aware and key-unsafe functions. A key-aware kernel extension might call a<br />
service that is in a key-unsafe kernel extension.<br />
When a key-unsafe function is called, the kernel must, in effect, transparently insert special<br />
glue code into the call stack between the calling function and the key-unsafe called function.<br />
This is done automatically, but it is worth understanding the mechanism because the inserted<br />
glue code is visible in stack callback traces.<br />
When legacy code is called, either directly by calling an exported function or indirectly by<br />
using a function pointer, the kernel must:<br />
1. Save the caller's current key access rights (held in the AMR).<br />
2. Save the caller's link register (LR).<br />
3. Replace the current AMR value with one granting broad data access rights.<br />
4. Proceed to call the key-unsafe function, with the link register set, so that the called<br />
function returns to the next step.<br />
5. Restore the original caller's AMR and LR values.<br />
6. Return to the original caller.<br />
The AMR update must be performed transparently, thus the new AMR stack had to be<br />
developed. The new resource is also called a context stack. The current context stack pointer<br />
is maintained in the active kmstsave structure, which holds the machine state for the thread<br />
or interrupt context. Use the mst kernel debugger command to display this information. The<br />
context stack is automatically pinned for key-unsafe kernel processes. The setjmpx and<br />
longjmpx kernel services maintain the AMR and the context stack pointer.<br />
When a context stack frame needs to be logically inserted between standard stack frames,<br />
the affected function (actually, the function's traceback table) is flagged with an indicator. The<br />
debugger recognizes this and is able to provide you with a complete display for the stack<br />
trace. The inserted routine is named hkey_legacy_gate. A similar mechanism is applied at<br />
many of the exported entry points into the kernel, where you might observe the use of<br />
kernel_add_gate and kernel_replace_gate.<br />
This processing adds overhead when an exported key-unsafe function is called, but only<br />
when the called function is external to the calling module. Exported functions are represented<br />
by function descriptors that are modified by the loader to enable the AMR changing service to<br />
front-end exported services. Intramodule calls do not rely on function descriptors for direct<br />
calls, and thus are not affected.<br />
All indirect function pointer calls in a key-aware kernel extension go through special<br />
kernel-resident glue code that performs the automatic AMR manipulations as described. If<br />
you call out this way to key-unsafe functions, the glue code recognizes the situation and takes<br />
care of it for you. Hence, a key-aware kernel extension must be compiled with the<br />
-q noinlglue option for glue code.<br />
Key-safe kernel extension<br />
A key-safe kernel extension manages its access to memory, respecting the boundaries of the<br />
kernel and user domains. It does not directly reference either kernel private data structures or<br />
user space addresses. It also does not attempt to protect its own private data (see<br />
“Key-protected kernel extension” on page 86). To become key-safe, the extension must<br />
explicitly select the existing memory domains which it intends to access. This protects the rest<br />
of the system from errors in the key-safe module.<br />
Chapter 3. <strong>AIX</strong> advanced continuous availability tools and features 85