[comp.os.vms] internals

WARNOCK@prism.clemson.EDU (Todd Warnock) (06/28/87)

It's my understanding that ANYONE can issue a CHMK instruction successfully.
(not to be confused with a successful call to the similar system service...)
Exactly what is the difference in the two ?  What actually requires the
CHMKNL privilege ?

Thanks !

Todd Warnock
VAX Systems
Clemson University
Clemson, South Carolina 29634-2803

ARPA:	Warnock@Prism.Clemson.EDU
BITnet:	Warnock@Clemson
CSnet:	Warnock@Clemson.CSnet

ted@blia.UUCP (06/29/87)

In article <8706281911.AA23198@ucbvax.Berkeley.EDU>, WARNOCK@prism.clemson.EDU (Todd Warnock) writes:
> It's my understanding that ANYONE can issue a CHMK instruction successfully.
> (not to be confused with a successful call to the similar system service...)
> Exactly what is the difference in the two ?  What actually requires the
> CHMKNL privilege ?

The CHMK instruction is used by a system service call to signal the VMS
executive that kernal mode work is required. Executing this instruction
causes the processor to change to kernal mode (switching stacks) and call
the CHMK dispatch routine. This code checks the one word code in the CHMK
instruction and dispatches to the corresponding kernal mode routine for that
system service.

The flow of control for a typical system service is as follows:

   Address space containing the code
Mode |	Action
---- --	-------------------------------------------------------------------
user P0	User program call system service routine (SYS$xxxxx).

user S0 User mode portion does initial checking of arguments and if the
	requested service can be done in user mode, does so and returns to
	the caller. Otherwise, executes CHMK instruction with code value for
	desired kernal mode routine.

krnl S0	CHMK dispatcher checks code word on CHMK instruction and calls the
	corresponding executive routine.

krnl S0	Executive CAREFULLY checks arguments and user privileges (since the
	user code could have executed CHMK instruction directly, bypassing
	checks in step 2 above). If these are valid, does the desired work
	(typically reading and modifying system data structures). Afterwards,
	returns to the user mode caller.

On the other hand, the Change Mode to Kernal system service does a CHMK
instruction to dispatch to the executive routine. This routine verifies that
the user has CHMKNL privilege and if so, calls the specified user routine
in kernal mode.

Thus the CHMK instruction gives carefully controlled access to routines in
the executive to complete execution of system service calls. No privilege is
required. The Change Mode to Kernal system service does a CHMK which
effectively calls a routine that calls the user subroutine in kernal mode.
The intermediate routine verifies that the user has CHMKNL privilege.

Hope this explains everything. Small details in the above may be wrong; I
don't have the internals book or the fiche handy at the moment.

-- 
Ted Marshall       ...!ucbvax!mtxinu!blia!ted <or> mtxinu!blia!ted@Berkeley.EDU
Britton Lee, Inc., 14600 Winchester Blvd, Los Gatos, Ca 95030     (408)378-7000
The opinions expressed above are those of the poster and not his employer.

jon@gaia.UUCP (Jonathan Corbet) (07/01/87)

WARNOCK@prism.clemson.EDU (Todd Warnock):
>It's my understanding that ANYONE can issue a CHMK instruction successfully.
>(not to be confused with a successful call to the similar system service...)
>Exactly what is the difference in the two ?  What actually requires the
>CHMKNL privilege ?

It is true that anyone can successfully execute a CHMK instruction.  The
important thing to remember is that successful execution of that instruction
causes a trap to the system CHMK handler.  Thus there is no way for any
old user to just execute a CHMK and actually be running in kernel mode --
they lose control of the processor when the instruction executes.

Thus, the existence of sys$cmkrnl, which will call a given user routine
(assuming the existence of CMKRNL [or, actually, CMEXEC] privilege) after
the trap to the CHMK handler.

jon
-- 
Jonathan Corbet
{seismo | hplabs | gatech}!hao!gaia!jon
{ucbvax | allegra | cbosgd}!nbires!gaia!jon

LEICHTER-JERRY@YALE.ARPA (07/11/87)

    It's my understanding that ANYONE can issue a CHMK instruction successful-
    ly. (not to be confused with a successful call to the similar system ser-
    vice...) Exactly what is the difference in the two ?  What actually re-
    quires the CHMKNL privilege ?

Yes, anyone can issue a CHMK instruction successfully.  The effect it to
transfer to an entry point whose address is controlled by kernel-mode
software:  CHMK is a "system call".  The CHMK instruction accepts a single
word argument, which is available to the code pointed to by the CHMK vector
entry (the change mode to kernel dispatcher); the argument is used to deter-
mine which particular system call you are making.  If you look at what is "at"
the address that something like SYS$SETEF points to, you'll find (mainly) a
CHMK instruction.  (Sometimes there is a small amount of additional code - for
example, something like SYS$QIOW implements the "W" (wait) in user mode within
the code at SYS$QIOW.)  (That's an over-simplification....)  Some system calls
are actually implemented by EXEC mode code, rather than KERNEL; they use a
CHME instruction.  CLI callbacks use a CHMS (since CLI's run in supervisor
mode).  There's a CHMU instruction, too - programs can set the entry point for
the change mode to user vector if they want (with the $DCLCMH system service).
I don't know of any real uses for this facility for CHMU - CLI's use it to
set up their CHMS dispatchers.

The $CMKRNL SERVICE, on the other hand, is just one of the many possible sys-
tem calls that can be made through CHMK mechanism.  It takes a single argument
that is the address of a procedure entry mask.  If the process has the CMKRNL
privilege, the code for $CMKRNL will call the indicated procedure, leaving the
process in kernel mode.  The $CMEXEC service is similar, but uses CMEXEC
privilege and calls the procedure in EXEC, rather than KERNEL, mode.

							-- Jerry
-------