1. Field of the Invention
The present invention relates to a virtual computer system for allowing a plurality of Operating Systems (OSs) to operate on a single computer, and particularly relates to a method for preventing a malfunction caused by an illegal access between OSs and handling error occurrence, and a computer system using the method.
2. Description of the Related Art
Logical partitioning is a technique for allowing a plurality of operating systems (hereinafter referred to as “OS”) to operate simultaneously on a single server. According to the logical partitioning, an administration program called a hypervisor allocates computer resources (including memory areas, IO devices, etc.) of a server to a plurality of logical partitions and allows an OS to operate in each logical partition in accordance with an instruction of a server administrator.
In the logical partitioning, the operation of an OS in one logical partition must not cause a halt or a malfunction in another OS in another logical partition. It is therefore necessary to secure isolation of each logical partition. The isolation means that an OS in one logical partition cannot gain access to any resource allocated to another logical partition.
PCI buses are used broadly as IO buses in PC servers typified by the IA-32 and IA64™ architectures proposed by Intel Corporation. Since the PCI buses are not designed in consideration of logical partitioning, there is a fear that access from an IO device makes it impossible to keep the isolation (hereinafter referred to as “isolation obstruction”). Specifically, the isolation cannot be secured at the time of a defect in an OS or failure in detecting an error by hardware due to a failure in an IO card. Therefore, in order to attain logical partitioning in a PC server, it has been a problem in the related art to secure isolation against access from IO devices.
Against the aforementioned problem, there is a known example disclosed in US2002/0010811A1 (hereinafter referred to as “known example 1”) in the related art. In the known example 1, a PCI-to-PCI bridge called a terminal bridge stores an address range accessible in a transaction issued from an IO device. According to the known example 1, when a destination address of a transaction is out of an accessible area, the received transaction is aborted. Thus, isolation is attained.