Information Technology Reference
In-Depth Information
in the first step of recovery, the shadow re-enables
them, e.g., enabling interrupt handling for the
device's interrupt line. In essence, the shadow
driver initializes the recovering driver by calling
and responding as the kernel would when the
driver starts normally.
has no call that sets the counter value, the shadow
driver must insert its “true” value into the return
argument list whenever the application reads the
counter to maintain the illusion that the driver
has not crashed. The shadow can do this because
it receives control (on its replicated call) before
the kernel returns to user space.
After resetting driver and connection state,
the shadow must handle requests that were either
outstanding when the driver crashed or arrived
while the driver was recovering. If a driver
crashes after submitting a request to a device
but before notifying the kernel that the request
has completed, the shadow cannot know whether
the device completed the request. As a result,
shadow drivers cannot guarantee exactly once
behavior and must rely on devices and higher
levels of software to absorb duplicate requests.
So, the shadow driver has two choices during
recovery: restart in-progress requests and risk
duplication, or cancel the request and risk lost
data. For some device classes, such as disks or
networks, duplication is acceptable. However,
other classes, such as printers, may not tolerate
duplicates. In these cases, the shadow driver can-
cels outstanding requests and returns an error to
the kernel or application in a manner consistent
with the driver interface.
After this final step, the driver has been re-
initialized, linked into the kernel, reloaded with
its pre-failure state, and is ready to process com-
mands. At this point, the shadow driver notifies
the shadow recovery manager, which sets the
taps to restore kernel-driver communication and
reestablish passive-mode monitoring.
Transferring State to the New Driver
The final recovery step restores the driver to the
state it was in at the time of the failure, permit-
ting it to respond to requests as if it had never
failed. Thus, any configuration that either the
kernel or an application had downloaded to the
driver must be restored. The shadow driver walks
its log and issues requests to the driver that to
restore its state.
The details of this final state transfer depend
on the device driver class. Some drivers are con-
nection oriented. For these, the state consists of
the state of the connections before the failure. The
shadow re-opens the connections and restores the
state of each active connection with configura-
tion calls. Other drivers are request oriented. For
these, the shadow restores the state of the driver
by replaying logged configuration operations and
then resubmits to the driver any requests that were
outstanding when the driver crashed.
As an example, to restart a sound-card driver,
the shadow driver resets the driver and all its
open connections back to their pre-failure state.
Specifically, the shadow scans its list of open
connections and calls the open function in the
driver to reopen each connection. The shadow
then walks its log of configuration commands
for each connection and replays commands that
set driver properties.
For some driver classes, the shadow can-
not completely transfer its state into the driver.
However, it may be possible to compensate in
other, perhaps less elegant, ways. For example,
a sound-card driver that is recording sound stores
the number of bytes it has recorded since the last
reset. After recovery, the sound-card driver ini-
tializes this counter to zero. Because the interface
Active-Mode Proxying of Kernel Requests
While a shadow driver is restoring a failed driver,
it is also acting as a proxy for the driver to conceal
the failure and recovery from applications and
the kernel. Thus, the shadow must respond to
any request for the driver's service in a way that
satisfies and does not corrupt the driver's caller.
The shadow's response depends on the driver's
Search WWH ::
Custom Search