1. Technical Field
The present invention relates generally to the field of computer architecture and, more specifically, to methods and systems for safekeeping distribution mechanism addressing.
2. Description of Related Art
This invention uses the super I/O chip, similar to that which is used in every PC and RS6000. These computer chips currently are multifunctional which means they have within their bounds or control multiple device functions that map to different places in memory. These chips may allow multiple operating system instances to run on the same hardware by using, for example, a logical partitioning option (LPAR).
A logical partitioning option (LPAR) within a data processing system (platform) allows multiple copies of a single operating system (OS) or multiple heterogeneous operating systems to be simultaneously run on a single data processing system platform. A partition, within which an operating system image runs, is assigned a non-overlapping sub-set of the platform""s resources. These platform allocable resources include one or more architecturally distinct processors with their interrupt management area, regions of system memory, and input/output (I/O) adapter bus slots. The partition""s resources are represented by its own open firmware device tree to the OS image.
Each distinct OS running within the platform is protected from each such that software errors on one logical partition do not affect the correct operation of any of the other partitions. This is provided by allocating a disjoint set of platform resources to be directly managed by each OS image and by providing mechanisms for ensuring that the various images can not control any resources that have not been allocated to it. Furthermore, separate resources allocated to an OS image do not themselves affect the resources of any other image.
LPAR typically does not allow more than one operating system instance to use the same piece of hardware. However, in some systems, device resources in a multifunctional device must be split between multiple logical partitions. To access each piece of hardware, control bits are used. These control bits are generally in address proximity to the devices themselves. An errant process could write over control bits and affect other operating systems negatively that expect to find hardware in a given location. Any image of an OS that is able to use that OS""s hardware and functions has the ability to tamper with the identification of the location of the hardware or functions. Thus, an errant operation from one image of an operating system could corrupt available functions by making them inaccessible to other images. Thus, each image of the OS (or each different OS) may directly access the distribution mechanism for a multifunctional system""s functions.
Currently, in both LPAR systems and non-partitioned systems, when a function is not locatable, it has become unusable to every image of an operating system. It is undesirable for an error in one operating system instance to cause an error in another operating system instance.
The only solution has been for the operating system to perform a complete shutdown of the system, and rely on a service processor to initialize and reallocate the addresses of functions to each operating system. The user is forced to wait through a reboot of the system each time any function""s addressing is corrupted. Such a requirement may not be terribly problematic for users with a simple configuration in which a reboot is relatively quick or for users in which having the system available at all times is not critical. However, for other users with complex configurations, such as, for example, multiple racks of serial storage architecture (SSA) or networked systems, a considerable amount of time will be spent rebooting the system just to replace or reinitialize functions"" addressing. Such expenditure of time may be very costly for those users. For example, if the system is a web server critical for taking internet sales orders for products, such as, for example, books or compact disks (CDs), each minute of time that the system is shut down to replace a bad I/O adapter may result in many thousands of dollars in lost sales. Therefore, a method and system for safeguarding the addressing of the functions allocated to each operating system without the need for powering down or rebooting the system would be desirable.
The present invention provides a method, system, and apparatus of secure programmable addressing by relocating functions within a multifunctional chip to be distributed across multiple logical partitions and maintaining security over the distribution mechanism. In one embodiment, this invention is used by a data processing system including a system processor connected to a plurality of operating system instances that are allocated individual system functions. Using logical partitioning, each operating system""s access is limited to its own partition. Address buses to system functions are manipulated to make the functions appear at appropriate memory locations expected by the operating systems. Accordingly, an inverter can be inserted on the address bus to change the address to a given distance in memory safe from operating system accessibility, for example, over a page boundary. The control areas for the functions are moved to a secure area of memory while the functions are remapped to the normal address ranges expected by the operating system in the respective logical partition.