Modern requirements for a computer may require that it be utilized to run several operating environments at once. In a typical embodiment, a single logically partitioned computer can run a plurality of operating environments in a corresponding plurality of logical partitions. Each operating environment, or operating system, resides in its own logical partition, with each logical partition allocated a part of a processor, an entire processor, or multiple processors of the computer. Additionally, a portion of the computer's memory, one or more devices connected to the computer, and/or other resources of the computer are generally allocated to the logical partitions. From the perspective of each operating system, therefore, the operating system configured on each logical partition operates as if it were running on a separate physical machine having the processor and memory resources to which the logical partition has been allocated. All the logical partitions are under the control of a partition manager. The partition manager is typically a part of the computer firmware and manages the allocation of resources to the operating environments and logical partitions.
Modern requirements for a computer may also require that it be continuously available for extended periods of time. Computers for critical platform implementations are generally configured with a number of identical devices that may be used for the same purpose, such as to access networks, storage devices, workstations, or other resources. However, the computer is generally configured to have only one device be an active device at any given time. In this environment, the active device is normally designated as a “primary device,” while the other identical devices are configured as “backup devices” and generally remain idle. Typically, the backup devices have the ability to take the place of the primary device (i.e., take the primary role) some future point should the primary device be taken offline.
Some devices used in primary-backup groups are expected to perform direct access memory (“DMA”) operations on memory resources in a computer, e.g., to read and/or write from and to the main or system memory of a computer. In order to utilize backup and primary devices, unique Input/Output (“I/O”) translation tables are typically created for each device. These I/O translation tables typically provide mapping from virtual memory addresses visible to the backup and secondary devices to physical memory addresses of the computer. Additionally, the I/O translation tables typically contain one entry (and generally more than one entry) for each device. As such, these tables typically take up significant amounts of space in memory and waste computer resources, as only the I/O translation table associated with a primary device is used for receiving DMA operation requests, mapping memory for the DMA operations, and maintaining entries about each DMA operation at any given time.
Furthermore, complex routines are conventionally required to change the role of a device from a primary device to a backup device, or vice-versa. Generally, for a device to change roles the following must occur: the I/O translations in a translation table of a primary device are unmapped, the I/O translations in a translation table of a backup device are also unmapped, the I/O translations from the translation table of the primary device are mapped into the translation table of the backup device, and the I/O translations from the translation table of the backup device are mapped into the translation table of the primary device. This complex role change normally requires that the computer halt operations while it changes the roles of a primary and backup device, leading to unacceptable downtime and loss of processing capabilities.
In a logically partitioned computer configured with multiple identical devices the problems with primary and backup devices are compounded. For each logical partition, at least one device is configured as a primary device while other devices are configured as backup devices. As such, each logical partition generally controls I/O translation tables for each device (primary or backup) connected to, or in communication with, the logically partitioned computer. Having these multiple I/O tables typically limits the amount of logical memory configured for each logical partition and impairs the operation of software configured on the logical partitions. For example, when a logically partitioned computer with three logical partitions is configured with one-hundred devices, that logical partition typically controls one-hundred I/O translation tables, while other I/O translation tables corresponding to other devices are controlled by other logical partitions.
Additionally, switching roles of primary and backup devices in a logically partitioned computer is generally difficult, as role changes may be replicated throughout the logical partitions configured on the logically partitioned computer, increasing the resources required to change roles of the devices. Thus, to change roles of a primary device and backup device configured a first and second logical partition, respectively, of a logically partitioned computer, control of the I/O translation table of the primary device is released by the first logical partition, control of the I/O translation table of the backup device is released by the second logical partition, the I/O translation table of the primary device is typically modified, the I/O translation table of the backup device is typically modified, control of the new primary device is established by the second logical partition, and control of the new backup device is established by the first logical partition. These modifications are generally replicated to the respective I/O translation tables in the separate logical partitions configured on the logically partitioned computers.
When the devices are capable of DMA operations, there is a strong risk of errant DMA operations that may corrupt memory resources of a computer. This risk is further intensified for logically partitioned computers due to their use of logical memory. For example, conventional logical partitions access various portions of physical memory and utilize them as logical memory. However, the actual address of the physical memory and the address of the logical memory accessed by the conventional logical partitions are typically different. For example, a conventional logical partition may view its logical memory as having addresses 1 through 100. In reality, this logical memory may be mapped to physical memory addresses 1334 to 1384 and 1527 to 1577. Thus, a DMA operation from a DMA device configured to access a logical memory that is errant or malicious generally corrupts the entire memory of the logically partitioned computer, as the DMA operation may access a physical memory address that it should not have access to.
Furthermore, preventing malicious devices from performing DMA operations is generally extremely difficult, if not impossible. For example, if a primary device is compromised or becomes faulty, it typically remains associated with an I/O translation table that allows the device to perform DMA operations. Thus, the memory of the computer can be compromised and/or otherwise vulnerable to faulty or malicious DMA operations.
Consequently, there is a continuing need for improving the management of memory resources of logically partitioned and other types of computers so as to minimize the resources required to implement primary and backup devices, minimize the complexity and downtime of changing the roles of primary and backup devices, and prevent DMA operations by compromised or faulty devices.