HYPERVISOR-ENFORCED ISOLATION OF ENTITIES WITHIN A SINGLE LOGICAL PARTITION'S VIRTUAL ADDRESS SPACE

US 20090037682A1
Filed: 04/28/2008
Published: 02/05/2009
Est. Priority Date: 08/02/2007
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to shared virtual address space within a data processing system, the method comprising:

associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and

locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control to shared virtual address space within a single logical partition is provided. The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key. In one embodiment, the one entity is the single logical partition itself, and the another entity is a partition adjunct.

Citations

21 Claims

1. A method of controlling access to shared virtual address space within a data processing system, the method comprising:
- associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and
  
  locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the associating comprises installing by the hypervisor a key value for the memory protection key in an authority mask register of memory management and address translation hardware of the data processing system, the installing being performed with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the key value allows access by the another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and denies access by the one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space.
  - 3. The method of claim 2, wherein the memory protection key is one memory protection key of a plurality of memory protection keys whose key values are installed by the hypervisor in the authority mask register with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, and wherein the locking comprises employing an authority mask override register to lock the key value of the one memory protection key in the authority mask register from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the one entity is allowed by the authority mask override register to modify at least one other key value in the authority mask register of at least one other memory protection key of the plurality of memory protection keys.
  - 4. The method of claim 3, wherein the locking further comprises employing hypervisor installed access values in the authority mask override register to allow the one entity to modify, or prevent the one entity from modifying, selected key values in the authority mask register, wherein only the hypervisor has authority to modify access values in the authority mask override register.
  - 5. The method of claim 4, wherein the locking further comprises preventing the one entity from modifying one or more key values in the authority mask register employing the following control logic responsive to a modify key value request of the one entity:
    - AMR=((RS) AND AMOR) OR (AMR AND NOT (AMOR));
      
      wherein;
      
      AMR=key values in the authority mask register;
      
      RS=values in a source register to be written into the authority mask register by the one entity;
      
      AND=a bitwise AND function;
      
      AMOR=access values in the authority mask override register set by the hypervisor;
      
      OR=a bitwise OR function;
      
      NOT (AMOR)=inverse of the access values in the AMOR register.
  - 6. The method of claim 5, wherein the logic control is implemented in hardware of the data processing system, and the one entity is the single logical partition, and the another entity is a partition adjunct sharing virtual address space of the single logical partition.
  - 7. The method of claim 1, wherein the single logical partition'"'"'s virtual address space is referenced in a virtual address to real address page table of the single logical partition, the virtual address to real address page table comprising a plurality of page table entries, at least one page table entry comprising one memory protection key and identifying the portion of the single logical partition'"'"'s virtual address space employed by the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, and wherein multiple other page table entries of the virtual address to real address page table comprise different memory protection keys, the different memory protection keys having key values associated therewith set forth in an authority mask register, the key values of the different memory protection keys being modifiable by the one entity of the multiple entities when the one entity is dispatched by the hypervisor and wherein the locking comprises preventing the one entity when dispatched from modifying a key value in the authority mask register for the memory protection key associated with the single logical partition'"'"'s virtual address space employed by the another entity of the multiple entities.
  - 8. The method of claim 1, wherein the one entity is the single logical partition, and the another entity is a partition adjunct sharing virtual address space of the single logical partition donated to the partition adjunct by the single logical partition.

9. A method of protecting memory employed by a partition adjunct, the method comprising:
- instantiating by a hypervisor a partition adjunct within a data processing system employing virtual address space donated to the partition adjunct by a logical partition of the data processing system, and wherein the instantiating includes associating a memory protection key with the donated virtual address space of the logical partition which allows access to the donated virtual address space by the partition adjunct and prevents access to the donated virtual address space by the logical partition; and
  
  locking by the hypervisor the memory protection key from being modified by the logical partition.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein the memory protection key is one memory protection key of a plurality of memory protection keys whose key values are installed by the hypervisor in the authority mask register with dispatching of the logical partition or the partition adjunct, and wherein the locking comprises employing an authority mask override register to lock a key value of the one memory protection key in the authority mask register from modification by the logical partition when dispatched, wherein the hypervisor installs access values into the authority mask override register with dispatching of the logical partition or dispatching of the partition adjunct.
  - 11. The method of claim 10, wherein the locking further comprises preventing the logical partition from modifying one or more key values in the authority mask register employing the following control logic responsive to a modify key value request of the logical partition:
    - AMR=((RS) AND AMOR) OR (AMR AND NOT (AMOR));
      
      wherein;
      
      AMR=key values in the authority mask register;
      
      RS=values in a source register to be written into the authority mask register by the one entity;
      
      AND=a bitwise AND function;
      
      AMOR=access values in the authority mask override register set by the hypervisor;
      
      OR=a bitwise OR function;
      
      NOT (AMOR)=inverse of the access values in the AMOR register.

12. A data processing system comprising:
- a hypervisor to associate a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and
  
  a locking mechanism set by the hypervisor to lock the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The data processing system of claim 12, wherein the hypervisor installs a key value for the memory protection key in an authority mask register of memory management and address translation hardware of the data processing system, the installing being performed with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the key value allows access by the another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and denies access by the one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space.
  - 14. The data processing system of claim 13, wherein the memory protection key is one memory protection key of a plurality of memory protection keys whose key values are installed by the hypervisor in the authority mask register with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, and wherein the locking mechanism comprises an authority mask override register to lock the key value of the one memory protection key in the authority mask register from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the one entity is allowed by the authority mask override register to modify at least one other key value of the authority mask register of at least one other memory protection key of the plurality of memory protection keys.
  - 15. The data processing system of claim 14, wherein the locking mechanism comprises hypervisor installed access values in the authority mask override register, the access values allowing the one entity to modify, or preventing the one entity from modifying, selected key values in the authority mask register, wherein only the hypervisor has authority to modify access values in the authority mask override register.
  - 16. The data processing system of claim 15, wherein the locking mechanism further comprises hardware logic control of the data processing system, wherein a modify key value request of the one entity is processed by the hardware logic control to determine whether the one entity is allowed to modify one or more key values in the authority mask register, the control logic comprising:
    - AMR=((RS) AND AMOR) OR (AMR AND NOT (AMR));
      
      wherein;
      
      AMR=key values in the authority mask register;
      
      RS=values in a source register to be written into the authority mask register by the one entity;
      
      AND=a bitwise AND function;
      
      AMOR=access values in the authority mask override register set by the hypervisor;
      
      OR=a bitwise OR function;
      
      NOT (AMOR)=inverse of the access values in the AMOR register.

17. An article of manufacture comprising:
- at least one computer-usable medium having computer-readable program code logic to define a method of controlling access to shared virtual address space within a data processing system, the computer-readable program code logic when executing on a processor performing;
  
  associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and
  
  locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The article of manufacture of claim 17, wherein the associating comprises installing by the hypervisor a key value for the memory protection key in an authority mask register of memory management and address translation hardware of the data processing system, the installing being performed with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the key value allows access by the another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and denies access by the one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space.
  - 19. The article of manufacture of claim 18, wherein the memory protection key is one memory protection key of a plurality of memory protection keys whose key values are installed by the hypervisor in the authority mask register with dispatching of the one entity or the another entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, and wherein the locking comprises employing an authority mask override register to lock the key value of the one memory protection key in the authority mask register from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the one entity is allowed by the authority mask override register to modify at least one other key value in the authority mask register of at least one other memory protection key of the plurality of memory protection keys.
  - 20. The article of manufacture of claim 19, wherein the locking further comprises employing hypervisor installed access values in the authority mask override register to allow the one entity to modify, or prevent the one entity from modifying, selected key values in the authority mask register, wherein only the hypervisor has authority to modify access values in the authority mask override register.
  - 21. The article of manufacture of claim 20, wherein the locking further comprises preventing the one entity from modifying one or more key values in the authority mask register employing the following logic control responsive to a modify key value request of the one entity:
    - AMR=((RS) AND AMOR) OR (AMR AND NOT (AMOR));
      
      wherein;
      
      AMR=key values in the authority mask register;
      
      RS=values in a source register to be written into the authority mask register by the one entity;
      
      AND=a bitwise AND function;
      
      AMOR=access values in the authority mask override register set by the hypervisor;
      
      OR=a bitwise OR function;
      
      NOT (AMOR)=inverse of the access values in the AMOR register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
KRIEGER, Orran Y., MAY, Cathy, OSTROWSKI, Michal, ARMSTRONG, William J., SWANBERG, Randal C.

Granted Patent

US 8,010,763 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/164
CPC Class Codes

G06F 12/1475   in a virtual system, e.g. w...

G06F 12/1491   in a hierarchical protectio...

G06F 2009/45583   Memory management, e.g. acc...

G06F 2009/45587   Isolation or security of vi...

G06F 2212/1056   Simplification

G06F 9/45558   Hypervisor-specific managem...

HYPERVISOR-ENFORCED ISOLATION OF ENTITIES WITHIN A SINGLE LOGICAL PARTITION'S VIRTUAL ADDRESS SPACE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

HYPERVISOR-ENFORCED ISOLATION OF ENTITIES WITHIN A SINGLE LOGICAL PARTITION'S VIRTUAL ADDRESS SPACE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links