Typical disk data storage and retrieval systems (disk systems) include a controller connected to one or more disk files. The controller may be a physically separate device or it may be integrated with the disk file in a single device. Integrated controller/disk file systems are sometimes called disk subsystems. The disk files contain the actual data storage hardware. A controller provides the external interface to one or more computers. The term disk system is used herein to refer to the combination of one or more disk files with one or more controllers whether they are in separate devices or integrated in a single device. Typically the computer is operating under the control of a multiprogramming operating system, such as any one of IBM's well-known MVS family of operating systems, which allows multiple programs (or tasks) to execute in an interleaved manner so that the disk system is, in effect, shared by multiple programs. Since multiple computers may be connected to a disk system, the sharing of the disk system can also occur between computers. To operate the disk system a program running on the computer sends commands and data to the controller. The connection between the controller and the computer allows for two-way communication so that the controller can also send status information and data to the computer. The status information returned by the controller includes return codes indicative of the success or failure of the commands. Typical disk systems have means for detecting errors in read and write actions as well as various other functions. A typical controller includes one or more microprocessors and one or more memory means into which a special software program, typically called microcode or firmware, is loaded. The actions taken by the controller in response to commands usually involve the microprocessor running or executing some pad of the microcode. The computer to which the controller is adapted to be connected typically includes a component or subsystem called a channel subsystem which interfaces to the controller. In a channel environment the commands sent to the controller may be called channel commands or channel command words (CCW). Channel commands are typically communicated to the controller in a list of connected commands which are called a channel command program or command chain (CCC). The channel commands in the channel program are said to be chained together. Typically a command chain has exclusive access to the disk system only while the chain is executing. A computer program seeking to access the disk system may have to send several command chains to achieve a desired result. The command chains from one program may be interleaved with chains from other programs by a single computer's operating system or by the different computers. When a program must execute a critical sequence of commands, i.e., a sequence of commands which must not be interleaved with similar commands from another program or computer, actions must be taken to limit access by other programs to the data that is being modified until the critical commands have completed successfully. In the case where a controller is connected to multiple computers, a special command may be used which causes the controller to RESERVE the designated disk file for the exclusive use of the requesting computer. This prevents other computers which are sharing the disk file from accessing the disk file until the release command is issued, but does not limit access by other programs running on the same computer. In order to limit disk access by other programs on the same computer, additional access limitation schemes must be used. Software locks and enqueuing are well known in the ad for this purpose, but have the inherent weakness that programs may bypass them and defeat the limitation. Since the software locks in the prior art are written in RAM or as user data on disk, any program having access to the RAM or disk may intentionally or inadvertently overwrite them destroying the effect of the lock.
In U.S. Pat. No. 4,128,874 erroneous data transfer from a computer is prevented by comparing a key value specified as pad of an output word with a predetermined lock value stored in hardware lock network. If the key value and lock value do not match, the data field of the output word is not sent to the output data lines of the digital computer.
In U.S. Pat. No. 4,725,946 the system checks the contents of a word of a semaphore to determine if the semaphore has been seized to either check the status of a resource or to change the semaphore to reflect a change in the availability of the resource. The contents of a second word of the first semaphore are checked when the check of the first word indicates that the first semaphore has not been seized to determine if the first resource is available to be used by a circuit in the computer system that is requesting access to the first resource. Data is stored in the first word indicating the semaphore has been seized. A location in the memory is addressed where the first word of the first semaphore is stored using the identity of the first resource. The first word has specific data written in it when the first semaphore has not been seized to determine the availability status of the first resource and when the first resource is available for use by any of the circuits. The presence of the first circuit identity in the first word prevents others of the circuits from checking the semaphore. Access to the first resource is granted by the first circuit when the check of the second word indicates that the first resource available for use.
In Yamagishi, et al., Great Britain patent number 2,188,177, several host data processors are provided with a communication unit interconnecting the processors. A file unit stores a common data resource shared by the processors, the resource being logically divided into groups associated with the respective hosts. A host is thus assigned to each group of the data resource as master of that group. A lock request to the common data resource is sent to a lock manager on the host which is the master of the data resource group to be locked, and exclusive control is performed.
In U.S. Pat. No. 4,471,163 a software protection system enables a single program lock to protect products emanating from different owners. The system controls the operation of a computer according to a particular program where a program lock interfaces with the computer. The operation is authorized in response only to a selected relation between a number in the program, a number in the lock, and a third number. The third number is a `key` supplied to the lock which bears a selected relation to both the program number and lock number. The system includes translation and memory devices and a correlation device. The use is to prevent computer programs from being copied or used without authorization.
In U.S. Pat. No. 4,574,350 a program controller for a resource-shared computer system has a hardware lock unit for limiting concurrent use of memory by processors. The arrangement includes means for determining the idle or busy status of the resource and means for granting a selected one of the requesting devices access to the idle resource. A lockable resource is prevented from being accessed by a device that is not a current owner and the current owner may be prevented from accessing the resource more than a predetermined number of times. The arrangement frees the rest of the system from having to run a software lock program and thus eliminate the overhead associated therewith.
In U.S. Pat. No. 4,380,798 a semaphore register includes ownership bits and has an internal ownership bit. The register is for use in a peripheral controller and includes a semaphore bit which when not set indicates the availability of a shared resource, an internal ownership bit which when set indicates ownership of the resource by a peripheral controller and an external ownership bit which when set indicates ownership of the resource by a host processor. If the semaphore is clear, upon receipt of a read signal from the peripheral controller, the semaphore bit and the internal ownership bit are set. Upon receipt of a read signal from the host processor, the semaphore bit and the external ownership bit are set.
R. E. Wagner in an article entitled Shared Resource Locking Controls (IBM Technical Disclosure Bulletin, 12-82, pp. 3762-3764) suggests, in high-level form, a logical lock which can be associated with a storage area or resource. "Structural information" associated with the logical lock is maintained by the users of the lock. The status of the lock indicates the state of the lock in terms of usage, such as free, held shared, or held exclusive. The locks are manipulated by two peripheral commands or CCWs named LOCK and UNLOCK and have identical format. The commands contain the address of a buffer area which contains what Wagner calls "the key field" which he defines as the LOCK identifier as well as the structural data in the case of an UNLOCK or the area into which the structural data is to be placed in the case of a LOCK. The execution of the LOCK command varies based on the current status of the requested lock. If the lock is available, execution of the LOCK command causes the lock to be set to the: requested state, the setting of the current owner, and the transfer of the structural data to the area specified by the command. If the lock is not available, execution of the LOCK command causes the request to be queued. When the lock becomes available, the queued requesters are serviced on a first-in first-out basis. The execution of the UNLOCK command causes the lock status to be changed to free for this given user. If the user freeing the lock had exclusive use of the lock, the associated structural data supplied by the freer replaces the structural data which had been previously associated with the lock.
The prior art does not provide any completely satisfactory way to store software locks on a disk system or to ensure that commands from different programs attempting to update the locks may not be inadvertently interleaved resulting in the loss of the integrity of the locks.