Description

InfoScale installations on Red Hat Enterprise Linux (RHEL) 7 and SUSE Linux Enterprise Server (SLES) 12 now contain the VRTSveki package.
 
VRTSveki is a new package that is used for Intermodule Communication (IMC) infrastructure on Linux. 
 
We use veki, on RHEL 7 and SLES 12, to do dynamic symbol lookups. Normal, static references to symbols are easy, but introduce dependencies. However, we have some modules that need to optionally use services that are provided by other modules without introducing dependencies. For example, both Cluster Volume Manager (CVM) and Cluster File System (CFS) need to be able to send messages using Low Latency Transport (LLT)/Global Atomic Broadcast (GAB), but can’t have a hard dependency, or else we would require the installation of Veritas Cluster Server (VCS) just to use Volume Manager (VxVM) and File System (VxFS), even in a non-cluster environment. By using veki, the vxio and vxfs kernel modules can check to see if the GAB service is available and attach to it, by accessing symbols through veki. The veki module is really just a way to have a simple lookup table, by name and version, to find a data structure. It’s a trivial piece of code that replaces the techniques we were using in older releases to do symbol lookups by name.
 
In much older releases, we used the intermodule facility provided by the Linux kernel. Starting with RHEL 5, that functionality was removed from the kernel. For a variety of reasons, we then introduced a solution that took advantage of some public API capabilities in procfs. That became an impractical solution starting with RHEL 7. The veki code is ported from InfoScale on AIX, where it has been an essential part of our stack for many years.  
 
Many of our kernel modules have a dependency on veki on RHEL 7 and SLES 12. If you run on RHEL 6 or SLES 11, you won’t find this new module, even in InfoScale 7.3.
 
In terms of security implications, it shouldn’t have any meaningful impact on security. There is no user-space API to veki, and the kernel API is simple and robust, leaving little room for problems. It’s basically a single function exported from the module that allows looking-up a table, by name and version. The API to register more tables is accessed by querying the initial table, but it is also very simple.
 

How to understand the use of VRTSveki