Dr. Dobb's Journal - May 2008 - (Page 43)

d05gor_p3db 3/13/08 9:08 AM Page 43 To facilitate the implementation of the “indirect” system call API, eXtremeDB-KM provides a simple “interface compiler” utility. This utility is similar to that of a standard remote procedure call compiler, except it generates the user/kernel mode interface files instead of remote access stubs. Developers define the API for C functions that the user-mode applications use to access the kernel-mode database. The eXtremeDB-KM interface compiler generates interface files that implement the userto-kernel-mode interface through the generic ioctl function. In particular, the interface compiler generates stub files that should be linked with the user-mode applications and the kernel-mode stubs that are included into the kernel module (Figure 3). The generated files encapsulate the user-tokernel-mode transition and hide ioctl-based implementation details from kernel modules and user-mode applications. In contrast to other IDL implementations, the eXtremeDB-KM interface compiler accepts standard C header files to declare user-mode database access interfaces. The compiler recognizes a number of keywords in the form of comments to declare string, union, and array data types used as a part of the interface declaration. The IDL in Example 4 illustrates the concept. The interface compiler approach simplifies access to databases created in the context of a kernel module. The user-mode application code that implements database access is almost undistinguishable from that used by the kernel-mode application, with the exception of a simple initialization step (Example 5). There is no need for the user-mode application to serialize/deserialize function parameters, and similar technicalities. The application only needs to define and implement its database access interface, regardless of whether the interface is used inside or outside the kernel. The third component of our sample application—the filter module—intercepts calls to the filesystem and replaces standard file-access functions with its own, providing the user application with authorization to obtain the sought-after system resource. The implementation involves extern void *sys_call_table[]; typedef int (*syscall_t)(); extern extern extern extern extern extern int int int int int int my_open(); my_creat(); my_chmod(); my_chown(); my_unlink(); my_execve(); struct replace_syscall replace_syscall[]={ {INDEX_NR_open, __NR_open, (int(*)())0, my_open}, {INDEX_NR_creat, __NR_creat, (int(*)())0, my_creat}, {INDEX_NR_chmod, __NR_chmod, (int(*)())0, my_chmod}, {INDEX_NR_chown, __NR_chown, (int(*)())0, my_chown}, {INDEX_NR_unlink, __NR_unlink, (int(*)())0, my_unlink}, {INDEX_NR_execve, __NR_execve, (int(*)())0, my_execve}, {-1, -1, (int(*)())0, (int(*)())0} }; int nreplace_syscall = sizeof(replace_syscall)/sizeof(*replace_syscall)-1; void intercept_syscalls() { int i, f; for(i = 0; i < nreplace_syscall; i++) { f = replace_syscall[i].index; replace_syscall[i].original = sys_call_table[f]; sys_call_table[f] = replace_syscall[i].seos_syscall; } } Example 7: intercept_syscalls. asmlinkage int my_open(const char* fname, int fmode, int mode) { int access, rv; /* some processing */ rv = replace_syscall[INDEX_NR_open].original(fname, fmode, mode); return rv; } Example 8: my_open() example. registering the custom module’s file-access functions upon module initialization (Examples 6 and 7). In turn, these custom functions provide authentication. This is a standard technique used in numerous applications. However, the filter we present here benefits from using the database access API exposed by the eXtremeDB-KMbased database module to authenticate file access; see Example 8. Considerations Of course, not every application requiring high performance needs a kernel-mode database. There are potential drawbacks to the concept that should be balanced against the advantages of performance and predictability. One is portability. Although the bulk of eXtremeDB-KM’s code remains portable across platforms, it is less portable than the standard eXtremeDB. The particulars of kernel implementation differ from one UNIX platform to another, between Windows and Linux, and even from one OS kernel version to another, requiring different versions of the DBMS. Another concern is fault protection. There is less room for error in the OS kernel, compared to the user-mode environment, and database systems are complex. Most kernel applications, with the possible exception of filesystems, are simpler and less error-prone. Faults caused by improper use of the database engine could render the kernel unusable and lead to system crashes. This should be weighed when considering kernel-mode databases. However, in our experience, applications like the access-control system we present here do implement data management logic in the OS kernel, and it seems advantageous to rely on a proven off-the-shelf kernel-mode database, rather than writing code from scratch. Conclusion Kernel-mode database systems meet the data management needs of applications that must run at least partially in the OS kernel to accelerate overall system performance, yet need sophisticated data management functions. With the approach we’ve presented here, applications can take advantage of a full set of database features—including transaction processing, multithreaded data access, complicated querying using built-in indexing, data access API, and a high-level data definition language—while still providing the near-zero latency of a kernel-based software component. DDJ May 2008 l www.ddj.com l Dr. Dobb’s Journal 43 http://www.ddj.com

Table of Contents Feed for the Digital Edition of Dr. Dobb's Journal - May 2008

Dr. Dobb's Journal - May 2008 Contents Friday Night Fish Fry Alia Vox Developer Diaries Software Development Goes to the Movies Cat: A Functional Stack-Based Little Language Mojax: Mobile Ajax Framework Kernel-Mode Databases Getting Better Search Results Effective Concurrency The Agile Edge

Dr. Dobb's Journal - May 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.