IBM 10 SP1 EAL4 Server User Manual


 
hardware address of the memory. This translation is done by the hypervisor, which keeps a logical partition
unaware of the existence of other logical partitions.
5.5.2.2.1 Address Translation on LPARs
On System p systems running with logical partitions, the effective address, the virtual address, and the
physical address format and meaning are identical to those of System p systems running in native mode. The
kernel creates and translates them from one another using the same mechanisms described in Section 5.5.2.2.
Access control by Block Address Translation and Page Address Translation, described in Section 5.5.2.2, and
are performed here as well.
The Block Address Translation and Page Address Translation mechanisms provide System p logical
partitions with the same block and page level memory protection capabilities, granular to no-access, read
access, and read-write access. These capabilities allow the majority of the kernel code to remain common
between System p native mode and System p LPAR mode.
5.5.2.2.2 Hypervisor
The hypervisor program is stored in a system flash module in the server hardware. During system
initialization, the hypervisor is loaded into the first physical address region of system memory. The
hypervisor program is trusted to create partition environments, and is the only program that can directly
access special processor registers and translation table entries. Partition programs have no way to access the
hypervisor instructions or data, other than through controlled hypervisor service calls that are part of the
processor architecture. These protections allow the hypervisor to perform its duties in a simple and rigorous
manner, resulting in the confinement of each operating system to a very tight, inescapable box.
Because the hypervisor is accessible only through the kernel mode, no specific access control is performed
when the kernel interacts with the hypervisor. The kernel does provide an RTAS system call to authorized
programs for interacting with the hardware. Run time abstraction services (RTAS) is a firmware interface
that shields the operating system from details of the hardware. The RTAS ensures that the calling process
possesses the CAP_SYS_ADMIN capability.
5.5.2.2.3 Real mode addressing
Each operating system image requires a range of memory that can be accessed in real addressing mode. In
this mode, no virtual address translation is performed, and addresses start at address 0. Operating systems
typically use this address range for startup kernel code, fixed kernel structures, and interrupt vectors. Since
multiple partitions cannot be allowed to share the same memory range at physical address 0, each partition
must have its own real mode addressing range.
As each partition is started, the hypervisor assigns that partition a unique real mode address offset and range
value, and then sets these offset and range values into registers in each processor in the partition. These
values map to a physical memory address range that has been exclusively assigned to that partition.
When partition programs access instructions and data in real addressing mode, the hardware automatically
adds the real mode offset value to each address before accessing physical memory. In this way, each logical
partition programming model appears to have access to physical address 0, even though addresses are being
transparently redirected to another address range. Hardware logic prevents modification of these registers by
operating system code running in the partitions. Any attempt to access a real address outside the assigned
range results in an addressing exception interrupt, which is handled by the operating system exception handler
in the partition.
96