Browse Prior Art Database

Trap-Based Kernel Instrumentation Technique

IP.com Disclosure Number: IPCOM000115945D
Original Publication Date: 1995-Jul-01
Included in the Prior Art Database: 2005-Mar-30
Document File: 4 page(s) / 144K

Publishing Venue

IBM

Related People

Fortin, MR: AUTHOR

Abstract

Disclosed is a technique which allows for the instrumentation of kernel code that may run with address translation off. The technique allows for the instrumentation of larger portion of the kernel than previous techniques.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 37% of the total text.

Trap-Based Kernel Instrumentation Technique

      Disclosed is a technique which allows for the instrumentation
of kernel code that may run with address translation off.  The
technique allows for the instrumentation of larger portion of the
kernel than previous techniques.

      Until this time, it has not been possible to use software to
fully instrument a running kernel on the newest RISC System/6000*
systems.  In particular, it has not been possible to instrument those
regions of the kernel that run with address translation turned off.
The new systems may encounter page overflow faults on any page,
including pinned pages.  As a result, portions of the AIX* kernel
must be able to run with address translation turned off.  (When
address translation is turned off, virtual addresses cannot be used,
only real addresses can be used).

      These regions are difficult to instrument using normal
techniques because the instrumentation code and required data must
also be accessible with address translation turned off.  The AIX
kernel has a kernel patch area and a kernel trace area with known
real addresses that match their virtual addresses.  Until now, the
small size of the two kernel areas, totaling 3 Kilobytes, has been
insufficient for large scale instrumentation of kernel routines,
including those that may run with address translation turned off.

      This disclosure details a new technique for instrumenting
kernel routines, including those that run with address translation
turned off.  To instrument a routine in the kernel, instructions
within the routine are replaced with "trap" instructions.

      In the POWER* and PowerPC* architectures, trap instructions
have the following syntax:
  POWER:     t       TO,rA,rB
  PowerPC:   tw      TO,rA,rB where TO is a five bit field.
Together,
   the contents of rA, the contents of rB, and the TO bit filed,
   determine if the system trap handler should be invoked.  In the
   following, let 'a' equal the contents of rA and let 'b' equal the
   contents of rB.
  if ( a < b ) & TO(0)  then TRAP  /* a less than b*/
  if ( a > b ) & TO(1)  then TRAP  /* a greater than b */
  if ( a = b ) & TO(2)  then TRAP  /* a equals b */
  if ( a <U b ) & TO(3)  then TRAP /* a logically less than b */
  if ( a >U b ) & TO(4)  then TRAP /* a logically greater than b */

      Both, the syntax and the semantics of the trap instruction are
important.  This technique seeks to exploit the richness of the trap
instruction.  The goal is to force the trap to occur at all entry and
exit points of kernel routines.  To do this, the "1st" instruction of
all kernel routines is replaced with a trap instruction and the
"return" instructions of all kernel routines are replaced with trap
instructions.  The specific syntax of the trap instruction is used to
uniquely identify replaced instructions.

      In past kernel instrumentation techniques, when an i...