Method and apparatus for failure recovery in a multi-processor computer system

US 6,199,179 B1
Filed: 06/10/1998
Issued: 03/06/2001
Est. Priority Date: 06/10/1998
Status: Expired due to Term

First Claim

Patent Images

1. A computer system having a plurality of system resources including processors, memory and I/O circuitry, the computer system comprising:

an interconnection mechanism for electrically interconnecting the processors, memory and I/O circuitry so that each processor has electrical access to all of the memory and at least some of the I/O circuitry;

a software mechanism for dividing the system resources into a plurality of partitions;

at least one operating system instance running in each of two or more of the plurality of partitions; and

a failure recovery apparatus that detects the event of a system failure within a first operating system instance, and initiates a transfer of control of a processing resource from the first operating system instance to a second operating system instance.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multiple instances of operating systems execute cooperatively in a single multiprocessor computer wherein all processors and resources are electrically connected together. The single physical machine with multiple physical processors and resources is subdivided by software into multiple partitions, each with the ability to run a distinct copy, or instance, of an operating system. At different times, different operating system instances may be loaded on a given partition. Resources, such as CPUs and memory, can be dynamically assigned to different partitions and used by instances of operating systems running within the machine by modifying the configuration. The partitions themselves can also be changed without rebooting the system by modifying the configuration tree. The system makes use of a failure protocol that results in the transfer of processing resources controlled by an instance that experiences a failure to new destination instances on other partitions. For CPUs, destination instance IDs are stored in an array which is accessed upon occurrence of a failure to determine where the CPUs will be assigned. The secondary CPUs then dump their processing contexts, and each invoke a migration routine to transfer their control to the new instances. A destination instance may be a backup instance for the instance experiencing the failure, having no processing functions prior to the failure. Thus, the processing activities of the failed instance may be resumed quickly by the backup instance.

376 Citations

27 Claims

1. A computer system having a plurality of system resources including processors, memory and I/O circuitry, the computer system comprising:
- an interconnection mechanism for electrically interconnecting the processors, memory and I/O circuitry so that each processor has electrical access to all of the memory and at least some of the I/O circuitry;
  
  a software mechanism for dividing the system resources into a plurality of partitions;
  
  at least one operating system instance running in each of two or more of the plurality of partitions; and
  
  a failure recovery apparatus that detects the event of a system failure within a first operating system instance, and initiates a transfer of control of a processing resource from the first operating system instance to a second operating system instance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A computer system according to claim 1 wherein the transfer of control of the processing resource occurs without operator intervention.
  - 3. A computer system according to claim 1 wherein the second operating system instance has no processing duties prior to the failure within the first operating system instance, and serves as a backup to the first operating system instance to assume the processing duties of the first operating system instance after said failure occurs.
  - 4. A computer system according to claim 1 wherein the failure recovery apparatus further comprises an application notification system in which a specific application program that runs on the second operating system instance is given notification of the system failure.
  - 5. A computer system according to claim 1 wherein, upon said failure within the first operating system instance, control for a plurality of processing resources associated with the first operating system instance is transferred to the second operating system instance.
  - 6. A computer system according to claim 5 wherein control for a processing resource associated with the first operating system instance is transferred to a third operating system instance different from the second operating system instance.
  - 7. A computer system according to claim 5 wherein the resources for which control is being transferred from the first operating system instance include a plurality of processors, and wherein each processor has associated therewith a stored indication of the operating system instance to which control is to be transferred.
  - 8. A computer system according to claim 7 wherein each operating system instance maintains a set of said stored indication for the processors over which said each operating system instance has control.
  - 9. A computer system according to claim 7 wherein, following said failure, each processor for which control is being transferred initiates the steps necessary to transfer control of said each processor to a new operating system instance.
  - 10. A computer system according to claim 9 wherein each of the processors for which control is being transferred executes a predefined migration routine that results in the transfer of control.
  - 11. A computer system according to claim 10 further comprising an additional processor for which control is transferred from the first operating system instance to the second operating system instance, and which is in an inactive state in the first operating system instance when the failure occurs, the necessary indicia of control for the additional processor being modified by a primary processor of the first operating system instance as necessary to effect said transfer of control of the additional processor.
  - 12. A computer system according to claim 1 wherein prior to the transfer of control of the processing resource, the processing context of the processing resource is stored in system memory.
  - 13. A computer system according to claim 1 wherein said processing resource is a secondary processor in the control of the first operating system instance, and the first operating system instance also controls a primary processor which directs the transfer of memory controlled by the first operating system instance to a designated section of system memory.

14. A computer system having a plurality of system resources including processors, memory and I/O circuitry, the computer system comprising:
- an interconnection mechanism for electrically interconnecting the processors, memory and I/O circuitry so that each processor has electrical access to all of the memory and at least some of the I/O circuitry;
  
  a software mechanism for dividing the system resources into a plurality of partitions, each partition of the plurality of partitions having associated with it at least one processor;
  
  at least one operating system instance running in each of two or more of the plurality of partitions; and
  
  means for detecting a failure within a first operating system instance that controls a primary processor and at least one secondary processor, and for transferring control of said secondary processor from the first operating system instance to a second operating system instance.
- View Dependent Claims (15, 16, 17, 18)
- - 15. A computer system according to claim 14 wherein the second operating system instance has no processing duties prior to the failure within the first operating system instance, and serves as a backup to the first operating system instance to assume the processing duties of the first operating system instance after said failure occurs.
  - 16. A computer system according to claim 14 wherein control for a secondary processor associated with the first operating system instance is transferred to a third operating system instance different from the second operating system instance.
  - 17. A computer system according to claim 14 wherein said at least one secondary processor associated with the first operating system instance is associated with a stored indication of the operating system instance to which control is to be transferred.
  - 18. A computer system according to claim 14 wherein, following said failure, each processor for which control is being transferred initiates the changes necessary to transfer control to a new operating system instance.

19. In a computer system having a plurality of system resources including processors, memory and I/O circuitry, an interconnection mechanism for electrically interconnecting the processors, memory and I/O circuitry so that each processor has electrical access to all of the memory and at least some of the I/O circuitry, a software mechanism for dividing the system resources into a plurality of partitions, and at least one operating system instance running in each of two or more of the plurality of partitions, a method of responding to a detected failure within a first operating system instance, the method comprising:
- storing an indication of a destination operating system instance to which control of a first processing resource of the first operating system instance is to be transferred upon a failure within the first operating system instance;
  
  determining, upon the occurrence of said failure, the destination operating system instance for the first processing resource; and
  
  changing an indicia of control for the first processing resource to transfer control of the first processing resource from the first operating system instance to the destination operating system instance.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. A method according to claim 19 further comprising storing an processing context of the first processing resource prior to changing said indicia of control.
  - 21. A method according to claim 19 wherein one of the operating system instances of the computer system is a backup operating system instance for the first operating system instance, the backup operating system instance running in a backup partition and having no processing functions prior to the failure within the first operating system instance, and wherein changing the indicia of control for the first processing resource to transfer control of the first processing resource from the first operating system instance to the operating system destination instance comprises changing said indicia to transfer control of the first processing resource to the backup operating system instance.
  - 22. A method according to claim 19 wherein said changing of the indicia of control for the first processing resource comprises changing the indicia of control for the first processing resource without operator intervention.
  - 23. A method according to claim 19 wherein determining the destination operating system instance for the first processing resource and changing the indicia of control for the first processing resource makes use of the processing capabilities of the first processing resource.
  - 24. A method according to claim 19 further comprising storing an indication of a destination operating system instance for each of a plurality of processing resources associated with the first operating system instance prior to said failure, and determining, upon the occurrence of said failure, the destination operating system instance for each of the plurality of resources and changing the indicia of control for each of the plurality of resources to transfer control of each of the plurality of resources to the appropriate destination operating system instance.
  - 25. A method according to claim 24 wherein the method comprises transferring a first one of the plurality of resources to another destination operating system instance different from the destination operation system instance to which a second one of the plurality of resources is transferred.
  - 26. A method according to claim 19 further comprising transferring control of an idle processing resource associated with the first operating system instance to a destination operating system instance upon occurrence of said failure, the transfer of the idle resource occurring without any action by the idle resource.
  - 27. A method according to claim 19 further comprising a primary processor of the first operating system instance transferring the contents of memory controlled by the first operating system instance to a predetermined memory location prior to said failure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Bishop, Richard A., Kauffman, James R.
Primary Examiner(s)
Iqbal, Nadeem

Application Number

US09/095,266
Time in Patent Office

1,000 Days
Field of Search

714/26, 714/1-4, 714/5, 714/6, 714/7-13, 714/15, 714/16, 714/25, 714/31, 714/47, 714/48, 714/28, 714/29, 714/41, 395/551, 395/575, 395/600
US Class Current

714/26
CPC Class Codes

G06F 11/203   using migration

G06F 11/2041   with more than one idle spa...

G06F 11/2043   where the redundant compone...

G06F 9/5077   Logical partitioning of res...

Method and apparatus for failure recovery in a multi-processor computer system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

376 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for failure recovery in a multi-processor computer system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

376 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links