1. Technical Field
The present invention is directed to an apparatus and method for securing resources shared by multiple operating systems. In particular, the present invention is directed to an apparatus and method for use with multiple concurrently running operating systems for preventing access to resources based on a unique resource/operating system identifier.
2. Description of Related Art
The ability to run computer applications in a variety of operating systems using the same device has long been desired. To this end, computer software has been developed in which a single computer may be switched between operating systems. However, when switching from one operating system to another, this software requires that the computer be shut down and rebooted in the new operating system.
Recently, computer software has been developed that allows a single computer to concurrently run multiple operating systems. This computer software is known as VMware(trademark). VMware(trademark) facilitates the concurrent running of multiple operating systems by establishing virtual devices for each operating system, as described, for example in xe2x80x9cVirtual Microsoft: VMware 1.0 for Linux,xe2x80x9d Linux Magazine, October 1999, available at www.vmware.com. Each virtual device is created as virtual disk files which virtualize such computer devices as IDE disk drives and ATAPI CD-ROM drives. In short, a virtual computer is created for each operating system.
A problem arises, however, when operating systems are being run concurrently. Specifically, each virtual device has access to all of the resources of the actual physical device. Thus, operations carried out in one operating system may unintentionally affect operations that are being carried out in another operating system. Applications that are being run in one operating system on a first virtual device may alter data that is essential to the proper functioning of another application concurrently being run in another operating system on another virtual device.
Thus, there is a need for new technology to provide a mechanism by which shared resources may be secured in a multiple operating system environment.
The invention provides an apparatus and method for securing system resources in a concurrent multiple operating system environment. When a client device or application requests access to system resources the request is received by the apparatus which then determines if the resources requested are currently being used by another client or application. This determination may be made by consulting a resource state data structure in memory which maintains a reserved or locked state of each of the system resources.
If the system resource is not currently locked or reserved by another client or application, the apparatus assigns a unique identifier that the client or application is to use and provides access to the system resources. The unique identifier identifies which resource is accessible by the client or application. The apparatus stores the unique identifier in the resource state data structure and uses it whenever a request for access to the system resources is sent by a client or application. The unique identifier may be included, for example, in header information of the request message sent from the client or application.
Based on the unique identifier sent by the client or application, the apparatus searches the resource state data structure for the resource requested and compares the unique identifier sent by the client or application with the unique identifier stored in the resource state data structure in association with the requested resource. If the two unique identifiers are the same, the client/application is provided with access to the requested resource. If the unique identifiers are different, the client/application is denied access to the requested resources.
If the client/application sends the correct unique identifier, the request is received by a corresponding virtual device of the apparatus which then forwards the request to the requested resource and hence, the client/application is provided access to the system resources through the virtual device.
When the client/application has completed all operations with regard to the system resource, the client/application sends a release message to the apparatus indicating that the lock or reservation on the resource is no longer necessary. In response, the apparatus removes the lock or reservation and places the resource in an unlocked or unreserved state in the resource state data structure.