WARNOCK@prism.clemson.EDU (Todd Warnock) (06/28/87)
It's my understanding that ANYONE can issue a CHMK instruction successfully. (not to be confused with a successful call to the similar system service...) Exactly what is the difference in the two ? What actually requires the CHMKNL privilege ? Thanks ! Todd Warnock VAX Systems Clemson University Clemson, South Carolina 29634-2803 ARPA: Warnock@Prism.Clemson.EDU BITnet: Warnock@Clemson CSnet: Warnock@Clemson.CSnet
ted@blia.UUCP (06/29/87)
In article <8706281911.AA23198@ucbvax.Berkeley.EDU>, WARNOCK@prism.clemson.EDU (Todd Warnock) writes: > It's my understanding that ANYONE can issue a CHMK instruction successfully. > (not to be confused with a successful call to the similar system service...) > Exactly what is the difference in the two ? What actually requires the > CHMKNL privilege ? The CHMK instruction is used by a system service call to signal the VMS executive that kernal mode work is required. Executing this instruction causes the processor to change to kernal mode (switching stacks) and call the CHMK dispatch routine. This code checks the one word code in the CHMK instruction and dispatches to the corresponding kernal mode routine for that system service. The flow of control for a typical system service is as follows: Address space containing the code Mode | Action ---- -- ------------------------------------------------------------------- user P0 User program call system service routine (SYS$xxxxx). user S0 User mode portion does initial checking of arguments and if the requested service can be done in user mode, does so and returns to the caller. Otherwise, executes CHMK instruction with code value for desired kernal mode routine. krnl S0 CHMK dispatcher checks code word on CHMK instruction and calls the corresponding executive routine. krnl S0 Executive CAREFULLY checks arguments and user privileges (since the user code could have executed CHMK instruction directly, bypassing checks in step 2 above). If these are valid, does the desired work (typically reading and modifying system data structures). Afterwards, returns to the user mode caller. On the other hand, the Change Mode to Kernal system service does a CHMK instruction to dispatch to the executive routine. This routine verifies that the user has CHMKNL privilege and if so, calls the specified user routine in kernal mode. Thus the CHMK instruction gives carefully controlled access to routines in the executive to complete execution of system service calls. No privilege is required. The Change Mode to Kernal system service does a CHMK which effectively calls a routine that calls the user subroutine in kernal mode. The intermediate routine verifies that the user has CHMKNL privilege. Hope this explains everything. Small details in the above may be wrong; I don't have the internals book or the fiche handy at the moment. -- Ted Marshall ...!ucbvax!mtxinu!blia!ted <or> mtxinu!blia!ted@Berkeley.EDU Britton Lee, Inc., 14600 Winchester Blvd, Los Gatos, Ca 95030 (408)378-7000 The opinions expressed above are those of the poster and not his employer.
jon@gaia.UUCP (Jonathan Corbet) (07/01/87)
WARNOCK@prism.clemson.EDU (Todd Warnock): >It's my understanding that ANYONE can issue a CHMK instruction successfully. >(not to be confused with a successful call to the similar system service...) >Exactly what is the difference in the two ? What actually requires the >CHMKNL privilege ? It is true that anyone can successfully execute a CHMK instruction. The important thing to remember is that successful execution of that instruction causes a trap to the system CHMK handler. Thus there is no way for any old user to just execute a CHMK and actually be running in kernel mode -- they lose control of the processor when the instruction executes. Thus, the existence of sys$cmkrnl, which will call a given user routine (assuming the existence of CMKRNL [or, actually, CMEXEC] privilege) after the trap to the CHMK handler. jon -- Jonathan Corbet {seismo | hplabs | gatech}!hao!gaia!jon {ucbvax | allegra | cbosgd}!nbires!gaia!jon
LEICHTER-JERRY@YALE.ARPA (07/11/87)
It's my understanding that ANYONE can issue a CHMK instruction successful- ly. (not to be confused with a successful call to the similar system ser- vice...) Exactly what is the difference in the two ? What actually re- quires the CHMKNL privilege ? Yes, anyone can issue a CHMK instruction successfully. The effect it to transfer to an entry point whose address is controlled by kernel-mode software: CHMK is a "system call". The CHMK instruction accepts a single word argument, which is available to the code pointed to by the CHMK vector entry (the change mode to kernel dispatcher); the argument is used to deter- mine which particular system call you are making. If you look at what is "at" the address that something like SYS$SETEF points to, you'll find (mainly) a CHMK instruction. (Sometimes there is a small amount of additional code - for example, something like SYS$QIOW implements the "W" (wait) in user mode within the code at SYS$QIOW.) (That's an over-simplification....) Some system calls are actually implemented by EXEC mode code, rather than KERNEL; they use a CHME instruction. CLI callbacks use a CHMS (since CLI's run in supervisor mode). There's a CHMU instruction, too - programs can set the entry point for the change mode to user vector if they want (with the $DCLCMH system service). I don't know of any real uses for this facility for CHMU - CLI's use it to set up their CHMS dispatchers. The $CMKRNL SERVICE, on the other hand, is just one of the many possible sys- tem calls that can be made through CHMK mechanism. It takes a single argument that is the address of a procedure entry mask. If the process has the CMKRNL privilege, the code for $CMKRNL will call the indicated procedure, leaving the process in kernel mode. The $CMEXEC service is similar, but uses CMEXEC privilege and calls the procedure in EXEC, rather than KERNEL, mode. -- Jerry -------