1. Technical Field
The present invention relates generally to the field of computer architecture and, more specifically, to methods and systems for managing resources among multiple operating system images within a logically partitioned data processing system.
2. Description of Related Art
A logical partitioning (LPAR) functionality within a data processing system (platform) allows multiple copies of a single operating system (OS) or multiple heterogeneous operating systems to be simultaneously run on a single data processing system platform. A partition, within which an operating system image runs, is assigned a non-overlapping sub-set of the platform""s resources. These platform allocable resources include one or more architecturally distinct processors with their interrupt management area, regions of system memory, and I/O adapter bus slots. The partition""s resources are represented by the platform""s firmware to the OS image.
Each distinct OS or image of an OS running within the platform is protected from other OS such that software errors on one logical partition can not affect the correct operation of any of the other partitions This is provided by allocating a disjoint set of platform resources to be directly managed by each OS image and by providing mechanisms for ensuring that the various images cannot control any resources that have not been allocated to them. Furthermore, software errors in the control of an OS""s allocated resources arc prevented from affecting the resources of any other image. Thus, each image of the OS (or each different OS) directly controls a distinct set of allocable resources within the platform.
One problem with standard computer systems is that the input/output (I/O) sub-systems are designed with several I/O adapters (IOAs) sharing a single I/O bus. An OS image contains device drivers that issue commands that directly control their IOA. One of these commands contains Direct Memory Access (DMA) addresses and lengths for the I/O operation being programmed. Errors in either the address or length parameters could send or fetch data to or from the memory allocated to another image. The results of such an error would be the corruption or theft of the data of another OS image within the data processing system. Such occurrence would be a violation of the requirements of a logically partitioned data processing system. Therefore, a method, system, and apparatus for preventing the I/O used by one OS image within the logically partitioned system from corrupting or fetching data belonging to another OS image within the system is desirable.
The foregoing problem may be exacerbated by the presence of a high number of I/O adapters in the system, which can make it even more difficult to determine which I/O adapter belongs to which LPAR partition, or, if adapters are in different partitions, to determine what address ranges are legitimate for each I/O adapter. It would, therefore, be further advantageous to devise such a method, system and apparatus which accommodates the use of a large number of I/O adapters, and which could utilize existing hardware to provide this functionality without significant added expense.
The foregoing objects are achieved in a method, system, and apparatus for preventing input/output (I/O) adapters used by an operating system (OS) image, in a logically partitioned data processing system, from fetching or corrupting data from a memory location allocated to another OS image within the data processing system. In one embodiment, the data processing system includes a plurality of logical partitions, a plurality of operating systems (OSs), a plurality of memory locations, a plurality of I/O adapters (IOAs), and a hypervisor. Each of operating system images is assigned to a different one of the logical partitions. Each of the memory locations and each of the input/output adapters is assigned to one of the logical partitions. The hypervisor prevents transmission of data between an input/output adapter in one of the logical partitions and memory locations assigned to other logical partitions during a direct memory access (DMA) operation by assigning each of the input/output adapters a range of I/O bus DMA addresses. When a request, from an OS image, to map some of its memory to for a DMA operation is received, the hypervisor checks that the memory address range and the I/O adapter are allocated to the requesting OS image and that the I/O bus DMA range is within the that allocated to the I/O adapter. If these checks are passed, the hypervisor performs the requested mapping; otherwise the request is rejected.
The invention further contemplates the use of terminal bridges to support multiple IOAs. In this embodiment, every terminal bridge has a plurality of sets of range registers, each associated with a respective one of the IOAs to which it is connected. An arbiter is provided which selects one of the input/output adapters to use the PCI bus. The terminal bridge can examine the grant signals from the arbiter to the IOAs, to determine which set of range registers is to be used.
The above as well as additional objectives, features, and advantages of the present invention will become apparent in the following detailed written description.