1. Technical Field
The present invention relates generally to the field of computer systems and, more specifically to a system, method, and computer program product for prohibiting unauthorized access to a protected region of memory.
2. Description of Related Art
A logical partitioning option (LPAR) within a data processing system (platform) allows multiple copies of a single operating system (OS) or multiple heterogeneous operating systems to be simultaneously run on a single data processing system hardware platform. A partition, within which an operating system image runs, may be assigned a non-overlapping subset of the platform's hardware resources. In some implementations, a percentage of system resources is assigned such that system resources are essentially time-sliced across partitions. These platform allocable resources include one or more architecturally distinct processors with their interrupt management area, regions of system memory, and input/output (I/O) adapter bus slots. The partition's resources are represented by its own resources list typically created and maintained by the systems underlying firmware and available to the OS image.
Each distinct OS or image of an OS running within the platform is protected from each other such that software errors on one logical partition can not affect the correct operation of any of the other partitions. At a given time, this is provided by allocating a disjoint set of platform resources to be directly managed by each OS image and by providing mechanisms for ensuring that the various images can not control any resources that have not been allocated to it. Furthermore, software errors in the control of an operating system's allocated resources are prevented from affecting the resources of any other image. Thus at a given time, each image of the OS, or each different OS, directly controls a distinct set of allocable resources within the platform.
Many logically partitioned systems make use of a hypervisor. A hypervisor is a layer of privileged software between the hardware and logical partitions that manages and enforces partition protection boundaries. The hypervisor is also referred to as partition management firmware. The hypervisor is responsible for configuring, servicing, and running multiple logical systems on the same physical hardware. The hypervisor is typically responsible for allocating resources to a partition, installing an operating system in a partition, starting and stopping the operating system in a partition, dumping main storage of a partition, communicating between partitions, and providing other functions. In order to implement these functions, a hypervisor also has to implement its own low level operations like main storage management, synchronization primitives, I/O facilities, heap management, and other functions.
Accessing hypervisor functions included in the hypervisor code can change the functionality of the hypervisor code. Therefore, because the hypervisor supports all partitions, changing the functionality of the hypervisor will affect the entire system's stability.
Therefore, a need exists for a method, system, and product for prohibiting unauthorized access to a protected region of memory, such as the region where the hypervisor is stored, in order to protect a software routine stored in the protected region.