sched_aps_security_parms

Структура, используемая для установки параметров безопасности адаптивного планировщика

Прототип:

#include <sys/sched_aps.h>
#include <sys/neutrino.h>
                                       
typedef struct {
    _Uint32t        sec_flags;
} sched_aps_security_parms;

Описание:

Структура используется в функции SchedCtl() в сочетании с командой SCHED_APS_ADD_SECURITY для определения параметров безопасности адаптивного планировщика.

Структура включает следующие поля:

sec_flags
Security. A set of SCHED_APS_SEC_* flags, as both input and output parameters. Set this member to 0 if you want to get the current security flags. The adaptive partitioning scheduler lets you dynamically create and modify the partitions in your system.
Note: We recommend that you set up your partition environment at boot time, and then lock all parameters:
  • in a program, by using the SCHED_APS_SEC_LOCK_PARTITIONS flag
  • from the command line, by using the aps modify command
However you might need to modify a partition at runtime. In this case, you can use the security options described below.

When ОСРВ starts, it sets the security option to SCHED_APS_SEC_OFF. We recommend that you immediately set it to SCHED_APS_SEC_RECOMMENDED. In code, do this: 

sched_aps_security_parms    p;
                                       
APS_INIT_DATA( &p );
p.sec_flags = SCHED_APS_SEC_RECOMMENDED;
SchedCtl( SCHED_APS_ADD_SECURITY, &p, sizeof( p ) );

These are the basic security options:

SCHED_APS_SEC_RECOMMENDED
Only root from the System partition may create partitions or change parameters. This arranges a 2-level hierarchy of partitions: the System partition and its children. Only root, running in the System partition, may join its own thread to partitions. The percentage budgets must not be zero.
SCHED_APS_SEC_FLEXIBLE
Only root in the System partition can change scheduling parameters or change critical budgets. But root running in any partition can create subpartitions, join threads into its own subpartitions and modify subpartitions. This lets applications create their own local subpartitions out of their own budgets. The percentage budgets must not be zero.
SCHED_APS_SEC_BASIC
Only root in the System partition may change overall scheduling parameters and set critical budgets.
Unless you're testing the partitioning and want to change all parameters without needing to restart, you should set at least SCHED_APS_SEC_BASIC. In general, SCHED_APS_SEC_RECOMMENDED is more secure than SCHED_APS_SEC_FLEXIBLE, which is more secure than SCHED_APS_SEC_BASIC. All three allow partitions to be created and modified. After setting up partitions, use SCHED_APS_SEC_LOCK_PARTITIONS to prevent further unauthorized changes. For example: 

sched_aps_security_parms    p;
                                       
APS_INIT_DATA( &p );
p.sec_flags = SCHED_APS_SEC_LOCK_PARTITIONS;
SchedCtl( SCHED_APS_ADD_SECURITY, &p, sizeof( p ) );

SCHED_APS_SEC_RECOMMENDED, SCHED_APS_SEC_FLEXIBLE, and SCHED_APS_SEC_BASIC are composed of the flags defined below (but it's usually more convenient for you to use the compound options):

SCHED_APS_SEC_ROOT0_OVERALL
You must be root running in the System partition in order to change the overall scheduling parameters, such as the averaging window size.
SCHED_APS_SEC_ROOT_MAKES_PARTITIONS
You must be root in order to create or modify partitions. Applies to the SCHED_APS_CREATE_PARTITION, SCHED_APS_MODIFY_PARTITION, and SCHED_APS_ATTACH_EVENTS commands.
SCHED_APS_SEC_SYS_MAKES_PARTITIONS
You must be running in the System partition in order to create or modify partitions. This applies to same commands as SCHED_APS_SEC_ROOT_MAKES_PARTITIONS. Attaching events, with SCHED_APS_ATTACH_EVENTS, is considered to be modifying the partition.
SCHED_APS_SEC_PARENT_MODIFIES
Allows partitions to be modified (SCHED_APS_MODIFY_PARTITION), but you must be running in the parent partition of the partition being modified. “Modify” means to change a partition's percentage or critical budget or attach events with the SCHED_APS_ATTACH_EVENTS command.
SCHED_APS_SEC_NONZERO_BUDGETS
A partition may not be created with, or modified to have, a zero budget. Unless you know that all your partitions need to run only in response to client requests, i.e. receipt of messages, you should set this option.
SCHED_APS_SEC_ROOT_MAKES_CRITICAL
You have to be root in order to create a nonzero critical budget or change an existing critical budget.
SCHED_APS_SEC_SYS_MAKES_CRITICAL
You must be running in the System partition to create a nonzero critical budget or change an existing critical budget.
SCHED_APS_SEC_ROOT_JOINS
You must be root in order to join a thread to a partition.
SCHED_APS_SEC_SYS_JOINS
You must be running in the System partition in order to join a thread.
SCHED_APS_SEC_PARENT_JOINS
You must be running in the parent partition of the partition you wish to join to.
SCHED_APS_SEC_JOIN_SELF_ONLY
The caller of the SCHED_APS_JOIN_PARTITION command must specify 0 for the pid and tid. In other words, a process may join only itself to a partition.
SCHED_APS_SEC_PARTITIONS_LOCKED
Prevent further changes to any partition's budget, or overall scheduling parameters, such as the window size. Set this after you've set up your partitions. Once you've locked the partitions, you can still use the SCHED_APS_JOIN_PARTITION and SCHED_APS_ATTACH_EVENTS commands.

Классификация:

ЗОСРВ «Нейтрино»

Тематические ссылки:

SchedCtl()




Предыдущий раздел: Описание API системной библиотеки