Information Technology Reference
In-Depth Information
Figure 5. (a) A sample shadow driver operating in passive mode. (b) A sample shadow driver operating
in active mode.
Shadow Drivers
driver, and then (2) invokes the corresponding
shadow with the parameters and results of the
call, as shown in Figure 5(a). In active mode, a
tap always invokes the shadow driver, as shown
in Figure 5(b).
Each shadow driver is a single module written
with knowledge of the behavior (interface) of a
class of device drivers, allowing it to conceal a
driver failure and restart the driver after a failure.
A shadow driver, when passive, monitors com-
munication between the kernel and the driver. It
becomes active when a driver fails and then both
proxies requests for the driver and restores the
driver's state.
The Shadow Recovery Manager
The
shadow recovery manager
is responsible for
coordinating recovery with shadow drivers. The
Nooks Isolation Manager notifies the shadow
recovery manager that it has detected a failure
in a driver. The shadow recovery manager then
transitions the shadow driver to active mode and
closes the taps. In this way, requests for the driv-
er's services are redirected to the corresponding
shadow driver. The shadow recovery manager then
initiates the shadow driver's recovery sequence
to restore the driver. When recovery completes,
the shadow recovery manager returns the shadow
driver to passive-mode operation and re-opens its
taps so that the driver can resume service.
Passive-Mode Monitoring
In passive mode, a shadow driver monitors the
current state of a device driver by observing its
communication with the kernel. In order to return
the driver to its state at the time of failure, the
shadow records the inputs to the driver in a log.
These inputs are then replayed during recovery.
With no knowledge of how drivers operate, the
shadow would have to log all inputs to the driver.
However, because the shadow is implemented
with knowledge of the driver's interface, and
Search WWH ::
Custom Search