Association of memory access through protection attributes that are associated to an access control level on a PCI adapter that supports virtualization

US 7,966,616 B2
Filed: 03/25/2008
Issued: 06/21/2011
Est. Priority Date: 02/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method in a logical partitioned data processing system that includes a plurality of different logical partitions for dynamically sharing adapter resources among a plurality of operating system instances, wherein each one of the plurality of operating system instances is included in a different one of the plurality of different logical partitions, comprising:

locating, by a hypervisor, available resources in a peripheral computer interface input/output adapter, the available resources comprising resources that have not been allocated;

allocating, by the hypervisor, a first part of the available adapter resources in the adapter to a first one of the plurality of operating system instances;

allocating, by the hypervisor, a second part of the available adapter resources in the adapter to a second one of the plurality of operating system instances;

notifying the adapter, by the hypervisor, of the adapter resource allocation to the first one of the plurality of operating system instances;

updating, by the adapter, an internal structure of the adapter to reflect the allocation;

wherein a resource context of the internal structure of the adapter includes a plurality of fields, wherein each one of the plurality of fields defines a mapping of an address of the first part of the available adapter resources to a permitted accessing address range, and wherein each one of the plurality of fields includes an access permission attribute for the permitted accessing address range defined in the one of the plurality of fields;

wherein the access permission attribute identifies an allowed type of access;

wherein the resource context can only be accessed via an address space that has been allocated to the adapter, wherein the resource context is stored outside of the adapter; and

wherein the adapter is accessed using the address space.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for sharing adapter resources among multiple operating system instances. The present invention provides a mechanism for dynamically allocating virtualized I/O adapter resources. The present invention separates the operation of adapter resource allocation from adapter resource management. Protection attributes within the adapter resource context are used to allow the adapter to enforce access control over the adapter resources. The hypervisor allocates an available adapter resource to a given partition. The adapter is notified of the allocation, and the adapter updates its internal structure to reflect the allocation. The hypervisor may revoke ownership of and reassign adapter resources to another OS instance. In this manner, the allocation described above allows for the simple reassignment of resources from one partition to another.

82 Citations

View as Search Results

20 Claims

1. A method in a logical partitioned data processing system that includes a plurality of different logical partitions for dynamically sharing adapter resources among a plurality of operating system instances, wherein each one of the plurality of operating system instances is included in a different one of the plurality of different logical partitions, comprising:
- locating, by a hypervisor, available resources in a peripheral computer interface input/output adapter, the available resources comprising resources that have not been allocated;
  
  allocating, by the hypervisor, a first part of the available adapter resources in the adapter to a first one of the plurality of operating system instances;
  
  allocating, by the hypervisor, a second part of the available adapter resources in the adapter to a second one of the plurality of operating system instances;
  
  notifying the adapter, by the hypervisor, of the adapter resource allocation to the first one of the plurality of operating system instances;
  
  updating, by the adapter, an internal structure of the adapter to reflect the allocation;
  
  wherein a resource context of the internal structure of the adapter includes a plurality of fields, wherein each one of the plurality of fields defines a mapping of an address of the first part of the available adapter resources to a permitted accessing address range, and wherein each one of the plurality of fields includes an access permission attribute for the permitted accessing address range defined in the one of the plurality of fields;
  
  wherein the access permission attribute identifies an allowed type of access;
  
  wherein the resource context can only be accessed via an address space that has been allocated to the adapter, wherein the resource context is stored outside of the adapter; and
  
  wherein the adapter is accessed using the address space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the resource context is stored in system memory and is accessed via the address space.
  - 3. The method of claim 1, wherein the hypervisor uses a privileged access address range when the hypervisor accesses the adapter resources, a particular operating system instance uses an operating system instance access address range when the particular operating system instance accesses the adapter resources, and a particular application uses an application access address range when the particular application accesses the adapter resources.
  - 4. The method of claim 1, further comprising:
    - wherein the first operating system instance owns the first part of the adapter resources when the hypervisor allocates the first part of the available adapter resources in the adapter to the first operating system instance;
      
      revoking the first operating system instance'"'"'s ownership of the first part of the adapter resources; and
      
      reallocating the first part of the adapter resources to a third operating system instance.
  - 5. The method of claim 1, further comprising:
    - initializing the adapter resources, wherein a particular operating system instance is used to initialize the adapter resources.
  - 6. The method of claim 5, wherein the particular operating system instance performs the initialization using an operating system non-privileged access address range.
  - 7. The method of claim 1, wherein a privileged access address range included in the accessing address range corresponds to a hypervisor access level, an operating system instance non-privileged access address range included in the accessing address range corresponds to an operating system access level, and an application non-privileged range included in the accessing address range corresponds to an application access level.
  - 8. The method of claim 1, wherein the logical partitioned data processing system performs the allocation using a privileged access address range.
  - 9. The method of claim 1, wherein the access permission attribute identifies one of a read-only, a write-only, and a read-write permission.
  - 10. The method of claim 1, further comprising:
    - using adapter address mapping to identify a protection level of accessing software.
  - 11. The method of claim 1, further comprising:
    - implementing the mapping of the address of each available resource using PCI base registers of three PCI functions of the adapter, wherein;
      
      a privileged access address range is defined using a first PCI function, an operating system instance access address range is defined using a second PCI function, and an application access address range is defined using a third PCI function; and
      
      the hypervisor uses the privileged access address range when the hypervisor accesses the adapter resources, a particular operating system instance uses the operating system instance access address range when the particular operating system instance accesses the adapter resources, and a particular application uses the application access address range when the particular application accesses the adapter resources.

12. A logical partitioned data processing system that includes a plurality of different logical partitions for dynamically sharing adapter resources among a plurality of operating system instances, wherein each one of the plurality of operating system instances is included in a different one of the plurality of different logical partitions, comprising:
- a hypervisor, wherein the hypervisor is used to track allocated adapter resources and perform adapter resource allocation; and
  
  an adapter;
  
  wherein the hypervisor locates available resources in a peripheral computer interface input/output adapter, the available resources comprising resources that have not been allocated, allocates a first part of the available adapter resources in the adapter to a first operating system instance, allocates a second part of the available adapter resources in the adapter to a second one of the plurality of operating system instance, and notifies the adapter of the adapter resource allocation to the first operating system instance;
  
  wherein the adapter updates an internal structure of the adapter to reflect the allocation;
  
  wherein a resource context of the internal structure includes a plurality of fields, wherein each one of the plurality of fields defines a mapping of an address of the first part of the available adapter resources to a permitted accessing address range, and wherein each one of the plurality of fields includes an access permission attribute for the permitted accessing address range defined in the one of the plurality of fields, and wherein the access permission attribute identifies an allowed type of access;
  
  wherein the resource context can only be accessed via an address space that has been allocated to the adapter, wherein the resource context is stored outside of the adapter; and
  
  wherein the adapter is accessed using the address space.
- View Dependent Claims (13, 14, 15)
- - 13. The data processing system of claim 12, wherein the resource context is stored in system memory and is accessed via the address space.
  - 14. The data processing system of claim 12, wherein the first operating system owns the first part of the adapter resources when the hypervisor allocates the first part of the available adapter resources in the adapter to the first operating system instance, wherein the hypervisor revokes ownership of the allocated adapter resource;
    - and wherein the hypervisor reallocates the first part of the adapter resources to a third operating system instance.
  - 15. The data processing system of claim 12, wherein the hypervisor uses a privileged access address range when the hypervisor accesses the adapter resources, a particular operating system instance uses an operating system instance access address range when the particular operating system instance accesses the adapter resources, and a particular application uses an application access address range when the particular application accesses the adapter resources.

16. A computer program product, stored in a non-transitory computer readable medium, that includes a plurality of different logical partitions for dynamically sharing adapter resources among a plurality of operating system instances, wherein each one of the plurality of operating system instances is included in a different one of the plurality of different logical partitions, said computer program product comprising:
- first instructions for locating, by a hypervisor, available resources in a peripheral computer interface input/output adapter, the available resources comprising resources that have not been allocated;
  
  second instructions for allocating, by the hypervisor, a first part of the available adapter resources in the adapter to a first operating system instance;
  
  third instructions for allocating, by the hypervisor, a second part of the available adapter resources in the adapter to a second one of the plurality of operating system instance;
  
  fourth instructions for notifying the adapter, by the hypervisor, of the adapter resource allocation to the first operating system instance; and
  
  fifth instructions for updating, by the adapter, an internal structure of the adapter to reflect the allocation;
  
  wherein a resource context of the internal structure includes a plurality of fields, wherein each one of the plurality of fields defines a mapping of an address of the first part of the available adapter resources to a permitted accessing address range, and wherein each one of the plurality of fields includes an access permission attribute for the permitted accessing address range defined in the one of the plurality of fields, and wherein the access permission attribute identifies an allowed type of access;
  
  wherein the resource context can only be accessed via an address space that has been allocated to the adapter, wherein the resource context is stored outside of the adapter; and
  
  wherein the adapter is accessed using the address space.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the resource context is stored in system memory and is accessed via the address space.
  - 18. The computer program product of claim 16, further comprising:
    - wherein the first operating system instance owns the first part of the adapter resources when the hypervisor allocates the first part of the available adapter resources in the adapter to the first operating system instance;
      
      sixth instructions for revoking the first operating system instance'"'"'s ownership of the first part of the adapter resources; and
      
      seventh instructions for reallocating the first part of the adapter resources to a third operating system instance.
  - 19. The computer program product of claim 16, further comprising:
    - sixth instructions for initializing the adapter resources, wherein an operating system instance is used to initialize the adapter resources.
  - 20. The computer program product of claim 16, wherein the hypervisor uses a privileged access address range when the hypervisor accesses the adapter resources, a particular operating system instance uses an operating system instance access address range when the particular operating system instance accesses the adapter resources, and a particular application uses an application access address range when the particular application accesses the adapter resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kiel, Harvey Gene, Biran, Giora, Srikrishnan, Jaya, Recio, Renato John, Arndt, Richard Louis, Makhervaks, Vadim, Shalev, Leah
Primary Examiner(s)
An; Meng-Ai
Assistant Examiner(s)
ARCOS, CAROLINE H

Application Number

US12/054,578
Publication Number

US 20080168461A1
Time in Patent Office

1,183 Days
Field of Search

711/173, 370/409, 370/400, 710/1, 710/3, 710/8, 710/9, 710/28, 710/36, 718/100, 718/102, 718/104
US Class Current

718/104
CPC Class Codes

G06F 13/102 where the programme perform...

G06F 13/385 for adaptation of a particu...

Association of memory access through protection attributes that are associated to an access control level on a PCI adapter that supports virtualization

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Association of memory access through protection attributes that are associated to an access control level on a PCI adapter that supports virtualization

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links