HYPERVISOR-ENFORCED ISOLATION OF ENTITIES WITHIN A SINGLE LOGICAL PARTITION'S VIRTUAL ADDRESS SPACE
First Claim
1. A method of controlling access to shared virtual address space within a data processing system, the method comprising:
- associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and
locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key.
1 Assignment
0 Petitions
Accused Products
Abstract
Access control to shared virtual address space within a single logical partition is provided. The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key. In one embodiment, the one entity is the single logical partition itself, and the another entity is a partition adjunct.
-
Citations
21 Claims
-
1. A method of controlling access to shared virtual address space within a data processing system, the method comprising:
-
associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of protecting memory employed by a partition adjunct, the method comprising:
-
instantiating by a hypervisor a partition adjunct within a data processing system employing virtual address space donated to the partition adjunct by a logical partition of the data processing system, and wherein the instantiating includes associating a memory protection key with the donated virtual address space of the logical partition which allows access to the donated virtual address space by the partition adjunct and prevents access to the donated virtual address space by the logical partition; and locking by the hypervisor the memory protection key from being modified by the logical partition. - View Dependent Claims (10, 11)
-
-
12. A data processing system comprising:
-
a hypervisor to associate a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and a locking mechanism set by the hypervisor to lock the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An article of manufacture comprising:
at least one computer-usable medium having computer-readable program code logic to define a method of controlling access to shared virtual address space within a data processing system, the computer-readable program code logic when executing on a processor performing; associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition'"'"'s virtual address space, the single logical partition'"'"'s virtual address space being shared by multiple entities, the memory protection key preventing access by one entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space, and allowing access by another entity of the multiple entities to the portion of the single logical partition'"'"'s virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity of the multiple entities sharing the single logical partition'"'"'s virtual address space, wherein the locking prevents the one entity from modifying the memory protection key and thereby gaining access to the portion of the single logical partition'"'"'s virtual address space with the associated memory protection key. - View Dependent Claims (18, 19, 20, 21)
Specification