Locking Access To Data Storage Shared By A Plurality Of Compute Nodes

Methods, apparatuses, and computer program products are provided for locking access to data storage shared by a plurality of compute nodes. Embodiments include maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; and conveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage. 1. A method for locking access to data storage shared by a plurality of compute nodes , the method comprising:maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; andconveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage.2. The method of claim 1 , further comprising:receiving, by the compute node from a requesting compute node, a request for access to the data storage;in response to receiving the request for access to the data storage, transmitting, by the compute node, an acknowledgment indicating that the compute node has the mutual-exclusion lock on the data storage.3. The method of claim 2 , wherein the requesting compute node transmits the request for access to the plurality of compute nodes and only the compute node with the mutual-exclusion lock transmits the acknowledgment to the requesting compute node.4. The ...

Extensible access control list framework

Flash memory management

Flash memory management

Disclosed aspects include managing the access of flash memory by a computer system. A physical memory address space which includes a flash memory portion is established. The flash memory portion may correspond to an input/output memory range. An access request may be detected with respect to the physical memory address space. Using a load-store technique to process the access request, the flash memory portion of the physical memory address space may be accessed.

Flash memory management

The application aims to combine the advantages of using flash memory as a new tier of memory between DRAM and a magnetic spinning disk, and the load-store model of flash memory, without incurring the drawbacks of either method. It works by providing direct access to flash memory through a physical address space. The method 300 begins by first establishing a physical memory address, which includes a flash memory portion 310. It then detects, with respect to the physical memory address space, an access request 330. Finally, it then accesses, using a load-store technique, the flash memory portion of the physical address space 370. The load portion of the load-store technique works by copying a set of target data from the flash memory into a register, the store portion works by copying the target data from the register into the flash memory. The CPUs can also access the flash memory directly via a field-programmable gate array adapter.

Enhanced Mechanisms for Granting Access to Shared Resources

Mechanisms are provided, in a data processing system comprising a plurality of nodes, each node being a computing device, for controlling access to a critical section of code. These mechanisms send, by a sender node of the data processing system, an access request for requesting access to the critical section of code. The critical section of code is a portion of code that accesses a shared resource. The mechanisms receive, in the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request. Each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response. The mechanisms control, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes. 110-. (canceled)11. A computer program product comprising a computer readable storage medium having a computer readable program stored therein , wherein the computer readable program , when executed in a sender node of a data processing system , causes the sender node to:send an access request for requesting access to the critical section of code, wherein the critical section of code is a portion of code that accesses a shared resource;receive, from a plurality of receiver nodes in the data processing system, responses to the access request, wherein each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response; andcontrol access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes.12. The computer program product of claim 11 , wherein the access request is sent by the sender node to receiver nodes claim 11 , in the plurality of nodes claim 11 , that are viewable by the sender node as being members of a cluster of nodes.13. The computer program product ...

DOMAIN-BASED ISOLATION AND ACCESS CONTROL ON DYNAMIC OBJECTS

A technique for performing domain-based access control for granular isolation on a data processing system includes assigning, using the data processing system, one or more first domain tags to a dynamic object that is created by a first process that is executing on the data processing system. The technique also includes assigning, using the data processing system, one or more second domain tags to a second process that is executing on the data processing system. The first and second domain tags are evaluated, using the data processing system, according to one or more enforced rules to determine whether to grant or deny the second process access to data associated with the dynamic object.

Clustering support across geographical boundaries

An approach is presented that provides computer clustering support across geographical boundaries. Inter-node communications are managed in a cluster by having each node operate at the network device driver (NDD) level within the kernel. Multiple types of NDD are utilized (Ethernet, SAN, DISK etc.) to provide redundancy so that nodes can reliably exchange heartbeat. To align with this architecture, for remote nodes, a pseudo NDD is used over Transmission Control Protocol (TCP) based communication interface to work along side other NDDs. Thus, the same packet which is sprayed over the NDDs pertaining to local nodes can be sprayed over the TCPSOCK NDD interface for remote nodes. Nodes (local or remote) receive the same packet and reassemble and process it in the same manner.

Virtualization of file system encryption

A computer implemented method, apparatus, and computer program product for using a virtual file system to encrypt files. The process registers a plurality of file systems on a data processing system with the virtual file system. The virtual file system is enabled to encrypt files without intervention from any file system in the plurality of file systems. The virtual file system identifies whether a file on a given file system is an encrypted file using a map file associated with the given file system. In response to identifying the file as an encrypted file, the virtual file system encrypts all data written to the file in accordance with encryption specifications in the map file.

Extensible access control list framework

Methods, systems, and products for governing access to objects on a filesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, thereby enabling governing of access to objects on a filesystem according to an associated definition of an ACL type; and accepting definitions of ACL types. The associated definition may comprise a kernel extension.

FLASH MEMORY MANAGEMENT

Disclosed aspects include managing the access of flash memory by a computer system. A physical memory address space which includes a flash memory portion is established. The flash memory portion may correspond to an input/output memory range. An access request may be detected with respect to the physical memory address space. Using a load-store technique to process the access request, the flash memory portion of the physical memory address space may be accessed. 1. A system for accessing flash memory , the system comprising:a memory having a set of computer readable computer instructions, anda processor for executing the set of computer readable instructions, the set of computer readable instructions including:establishing a physical memory address space which includes a flash memory portion;detecting, with respect to the physical memory address space, an access request;maintaining an adapter cache to facilitate an interface with respect to the flash memory portion of the physical memory address space; andaccessing, using a load-store technique to process the access request using the adapter cache, the flash memory portion of the physical memory address space.2. The system of claim 1 , wherein the access request includes a physical address which directly addresses the flash memory portion of the physical memory address space claim 1 , and wherein the flash memory portion corresponds to an input-output memory range claim 1 , and further comprising:accessing, using the physical address of the access request, the input-output memory range that corresponds to one or more storage cells of the flash memory portion of the physical memory address space.3. The system of claim 1 , wherein the access request claim 1 , with respect to the flash memory claim 1 , is processed without a virtual memory manager file cache.4. The system of claim 1 , wherein the access request claim 1 , with respect to the flash memory claim 1 , is processed without a Least Recently Used (LRU) logic ...

Domain-based isolation and access control on dynamic objects

A technique for performing domain-based access control for granular isolation on a data processing system includes assigning, using the data processing system, one or more first domain tags to a dynamic object that is created by a first process that is executing on the data processing system. The technique also includes assigning, using the data processing system, one or more second domain tags to a second process that is executing on the data processing system. The first and second domain tags are evaluated, using the data processing system, according to one or more enforced rules to determine whether to grant or deny the second process access to data associated with the dynamic object.

Clustering Support Across Geographical Boundaries

An approach is presented that provides computer clustering support across geographical boundaries. Inter-node communications are managed in a cluster by having each node operate at the network device driver (NDD) level within the kernel. Multiple types of NDD are utilized (Ethernet, SAN, DISK etc.) to provide redundancy so that nodes can reliably exchange heartbeat. To align with this architecture, for remote nodes, a pseudo NDD is used over Transmission Control Protocol (TCP) based communication interface to work along side other NDDs. Thus, the same packet which is sprayed over the NDDs pertaining to local nodes can be sprayed over the TCPSOCK NDD interface for remote nodes. Nodes (local or remote) receive the same packet and reassemble and process it in the same manner. 1. (canceled)2. (canceled)3. (canceled)4. (canceled)5. (canceled)6. (canceled)7. (canceled)8. (canceled)9. An information handling system comprising:one or more processors;a memory coupled to at least one of the processors;a network interface that connects the information handling system to a computer network; creating a plurality of network device drivers (NDDs), wherein each of the NDDs corresponds to a node in the cluster, and wherein each of the NDDs is stored in the memory;', 'including a Transmission Control Protocol (TCP) based interface in a first set of the created NDDs, wherein each of the first set of created NDDs correspond to a remote node included in the cluster; and', 'including an existing interface in a second set of the created NDDs, wherein each of the second set of NDDs correspond to a local node included in the cluster., 'a set of instructions stored in the memory and executed by at least one of the processors to manage inter-node communications in a cluster wherein the set of instructions perform actions of10. The information handling system of further comprising:storing the NDDs in a Driver Layer; andsending a plurality of packets to a second node in the cluster by ...

HIGH EFFICIENCY COMPILATION FRAMEWORK

A method and system for reducing processing overhead during execution of a code block in a high efficiency compilation framework. The method identifies second code blocks within the code block and separates them out from the first code block during compilation. Further, during compilation, the system converts the second code blocks to kernel program modules, in a form recognizable by the system kernel. The compilation is followed by execution of the first code block, with the compiled object code of the first code block being executed in user mode and the kernel program modules being executed in kernel mode.

Method and apparatus for threaded background function support

The present invention provides a computer implemented method and apparatus for a built-in function of a shell to execute in a thread of an interactive shell process. The data processing system receives a request to execute the built-in function. The data processing system determines that the request includes a thread creating indicator. The data processing system schedules a thread to execute the built-in function, in response to a determination that the request includes the thread creating indicator, wherein the thread is controlled by the interactive shell process and shares an environment of the interactive shell process. The data processing system declares a variable based on at least one instruction of the built-in function. Finally, the data processing system may access the variable.

Managing Memory

Methods, systems, and products for managing memory. In one general embodiment, the method includes assigning an isolated virtual heap in a global kernel heap of a global operating system environment to each of a plurality of isolated virtual operating system environments operating in a global operating system environment; and in response to an invocation of kernel heap memory allocation from one of the isolated virtual operating system environments, dynamically allocating memory to the invoking isolated virtual operating system environment from the virtual kernel heap assigned to the invoking isolated virtual operating system environment. The method may also include running the plurality of isolated virtual operating system environments in the global operating system environment. The plurality of isolated virtual operating system environments may share a single common kernel. The isolated virtual operating system environments may run under the same operating system image.

PARTITION FILE SYSTEM FOR VIRTUAL MACHINE MEMORY MANAGEMENT

A virtual machine of an information handling system (IHS) initializes an operating system to provide partition file system memory management during application execution. The operating system employs multiple partitions that include one or more applications for execution within the virtual machine. A file system tool identifies write operations to a global file system and generates local and common file system information. The file system tool populates the local file systems that include delta local file systems and differential file systems with write operation data. The file system tool may generate stackable common delta file system information to store write operation data common to two or more partitions that employ executing applications. The file system tool may combine or separate stackable common delta file system information to provide improvements in virtual machine memory utilization.

VIRTUALIZATION OF FILE SYSTEM ENCRYPTION

A computer implemented method, apparatus, and computer program product for using a virtual file system to encrypt files. The process registers a plurality of file systems on a data processing system with the virtual file system. The virtual file system is enabled to encrypt files without intervention from any file system in the plurality of file systems. The virtual file system identifies whether a file on a given file system is an encrypted file using a map file associated with the given file system. In response to identifying the file as an encrypted file, the virtual file system encrypts all data written to the file in accordance with encryption specifications in the map file.

System and computer program product for dynamically resizing file systems

Methods ( 100 ), systems ( 300 ) and computer program products are disclosed for uninterrupted execution of an application program ( 110 ). The method ( 100 ) comprises: receiving a write operation call to a native file system from an application program ( 110 ) being executed on an operating system; and dynamically allocating ( 120, 122 ) free data blocks to the native file system from at least one other file system in a group of file systems until completion of execution of the application program ( 110 ) thereby completing the write operation call. The group of file systems is configured to allow sharing of free data blocks amongst the group of file systems.

Clustering support across geographical boundaries

An approach is presented that provides computer clustering support across geographical boundaries. Inter-node communications are managed in a cluster by having each node operate at the network device driver (NDD) level within the kernel. Multiple types of NDD are utilized (Ethernet, SAN, DISK etc.) to provide redundancy so that nodes can reliably exchange heartbeat. To align with this architecture, for remote nodes, a pseudo NDD is used over Transmission Control Protocol (TCP) based communication interface to work along side other NDDs. Thus, the same packet which is sprayed over the NDDs pertaining to local nodes can be sprayed over the TCPSOCK NDD interface for remote nodes. Nodes (local or remote) receive the same packet and reassemble and process it in the same manner.

Enhanced Mechanisms for Granting Access to Shared Resources

Mechanisms are provided, in a data processing system comprising a plurality of nodes, each node being a computing device, for controlling access to a critical section of code. These mechanisms send, by a sender node of the data processing system, an access request for requesting access to the critical section of code. The critical section of code is a portion of code that accesses a shared resource. The mechanisms receive, in the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request. Each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response. The mechanisms control, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes. 1. A method , in a data processing system comprising a plurality of nodes , each node being a computing device , for controlling access to a critical section of code , the method comprising:sending, by a sender node of the data processing system, an access request for requesting access to the critical section of code, wherein the critical section of code is a portion of code that accesses a shared resource;receiving, by the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request, wherein each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response; andcontrolling, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes.2. The method of claim 1 , wherein the access request is sent by the sender node to receiver nodes claim 1 , in the plurality of nodes claim 1 , that are viewable by the sender node as being members of a cluster of nodes.3. The method of claim 2 , further ...

Flash memory management

Disclosed aspects include managing the access of flash memory by a computer system. A physical memory address space which includes a flash memory portion is established. The flash memory portion may correspond to an input/output memory range. An access request may be detected with respect to the physical memory address space. Using a load-store technique to process the access request, the flash memory portion of the physical memory address space may be accessed.

FLASH MEMORY MANAGEMENT

Disclosed aspects include managing the access of flash memory by a computer system. A physical memory address space which includes a flash memory portion is established. The flash memory portion may correspond to an input/output memory range. An access request may be detected with respect to the physical memory address space. Using a load-store technique to process the access request, the flash memory portion of the physical memory address space may be accessed. 1. A computer-implemented method for accessing flash memory , the method comprising:establishing a physical memory address space which includes a flash memory portion;detecting, with respect to the physical memory address space, an access request;maintaining an adapter cache to facilitate an interface with respect to the flash memory portion of the physical memory address space; andaccessing, using a load-store technique to process the access request using the adapter cache, the flash memory portion of the physical memory address space.2. The method of claim 1 , wherein the access request includes a physical address which directly addresses the flash memory portion of the physical memory address space claim 1 , and wherein the flash memory portion corresponds to an input-output memory range and further comprising:accessing, using the physical address of the access request, the input-output memory range that corresponds to one or more storage cells of the flash memory portion of the physical memory address space.3. The method of claim 1 , wherein the access request claim 1 , with respect to the flash memory claim 1 , is processed without a virtual memory manager file cache.4. The method of claim 1 , wherein the access request claim 1 , with respect to the flash memory claim 1 , is processed without a Least Recently Used (LRU) logic of an operating system.5. The method of claim 1 , further comprising:maintaining, using a field-programmable gate array adapter, the adapter cache to use cache storage to maintain ...

Reconciliation of asymmetric topology in a clustered environment

Provided are techniques for the orderly shutdown of a node within a cluster in the event of asymmetric topology maps, comprising receiving, at a first node, a plurality of heartbeats, each heartbeat corresponding to a particular, corresponding other node in the cluster and comprising information on a topological map corresponding to each particular other node's view of the cluster generating, by the first node, a topological map of the cluster based upon the information comprising the heartbeats; comparing the topological map of the cluster and the topological maps corresponding to each node; in response to a determination that the topological maps of the duster and each node are not in agreement, determining the connectivity of the first node with respect to the cluster and in respond to a determination that the first node has the lowest connectivity within the cluster, shutting down the first node.

Providing programming support to debuggers

System, and computer program product for providing programming support to a debugger are disclosed. The debugger executes at least one debugger programming statement which modifies at least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.

Partition file system for virtual machine memory management

A virtual machine of an information handling system (IHS) initializes an operating system to provide partition file system memory management during application execution. The operating system employs multiple partitions that include one or more applications for execution within the virtual machine. A file system tool identifies write operations to a global file system and generates local and common file system information. The file system tool populates the local file systems that include delta local file systems and differential file systems with write operation data. The file system tool may generate stackable common delta file system information to store write operation data common to two or more partitions that employ executing applications. The file system tool may combine or separate stackable common delta file system information to provide improvements in virtual machine memory utilization.

Mathematical definition of roles and authorizations in RBAC system

A process, apparatus and program product create a new role in a Role Based Access Control (RBAC) system by using mathematical operators with either one or more authorizations, or one or more existing roles, or a combination thereof.

VIRTUALIZING COHERENT HARDWARE ACCELERATORS

An approach to virtualizing a coherent memory hardware accelerator is provided comprising creating a segment table for a client logical partition (LPAR), wherein a virtual address space is reserved in the segment table, receiving an Input/Output (I/O) request to use the coherent memory hardware accelerator, generating an I/O operation associated with the I/O request, wherein the I/O operation is passed to the coherent memory hardware accelerator, receiving a map request from the coherent memory hardware accelerator, creating an entry in the reserved virtual address space in the segment table, creating a hardware page table map request for mapping a memory address associated with the client LPAR and returning the reserved virtual address space to the coherent memory hardware accelerator, wherein the coherent memory hardware accelerator has remote direct memory access to memory associated with the client LPAR for performing an acceleration of one or more processes.

High efficiency compilation framework for streamlining the execution of compiled code

A method and system for reducing processing overhead during execution of a code block in a high efficiency compilation framework. The method identifies second code blocks within the code block and separates them out from the first code block during compilation. Further, during compilation, the system converts the second code blocks to kernel program modules, in a form recognizable by the system kernel. The compilation is followed by execution of the first code block, with the compiled object code of the first code block being executed in user mode and the kernel program modules being executed in kernel mode.

Providing Programming Support to Debuggers

Method, system, and computer program product for providing programming support to a debugger are disclosed. The method includes defining at least one debugger programming statement, and instructing the debugger to execute the at least one debugger programming statement which modifies a least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.

SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DYNAMICALLY RESIZING FILE SYSTEMS

Methods ( 100 ), systems ( 300 ) and computer program products are disclosed for uninterrupted execution of an application program ( 110 ). The method ( 100 ) comprises: receiving a write operation call to a native file system from an application program ( 110 ) being executed on an operating system; and dynamically allocating ( 120, 122 ) free data blocks to the native file system from at least one other file system in a group of file systems until completion of execution of the application program ( 110 ) thereby completing the write operation call. The group of file systems is configured to allow sharing of free data blocks amongst the group of file systems.

DOMAIN BASED USER MAPPING OF OBJECTS

According to one aspect of the present disclosure, a method and technique for domain based user mapping of objects is disclosed. The method includes: responsive to determining that an operation is being attempted on an object identified with an object identifier, determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the object based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on objects based on object identifiers and domain identifiers; responsive to determining that the operation on the object can proceed based on the domain isolation rules, accessing user mapping rules that map specified users allowed to perform a specified operation to a specified object; and determining whether the operation can proceed on the object by the user based on the user mapping rules. 1. A method , comprising:responsive to determining that an operation is being attempted on an object identified with an object identifier, determining a domain identifier associated with a user attempting the operation;determining whether the operation can proceed on the object based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on objects based on object identifiers and domain identifiers;responsive to determining that the operation on the object can proceed based on the domain isolation rules, accessing user mapping rules that map specified users allowed to perform a specified operation to a specified object; anddetermining whether the operation can proceed on the object by the user based on the user mapping rules.2. The method of claim 1 , further comprising:associating a user identifier with the user; andassociating the user identifier with the domain identifier.3. The method of claim 1 , further comprising:determining whether the user is mapped to the operation based on the ...

METHOD AND APPARATUS FOR THREADED BACKGROUND FUNCTION SUPPORT

The present invention provides a computer implemented method and apparatus for a built-in function of a shell to execute in a thread of an interactive shell process. The data processing system receives a request to execute the built-in function. The data processing system determines that the request includes a thread creating indicator. The data processing system schedules a thread to execute the built-in function, in response to a determination that the request includes the thread creating indicator, wherein the thread is controlled by the interactive shell process and shares an environment of the interactive shell process. The data processing system declares a variable based on at least one instruction of the built-in function. Finally, the data processing system may access the variable.

System and computer program product for dynamically resizing file systems

Methods (100), systems (300) and computer program products are disclosed for uninterrupted execution of an application program (110). The method (100) comprises: receiving a write operation call to a native file system from an application program (110) being executed on an operating system; and dynamically allocating (120, 122) free data blocks to the native file system from at least one other file system in a group of file systems until completion of execution of the application program (110) thereby completing the write operation call. The group of file systems is configured to allow sharing of free data blocks amongst the group of file systems.

Enhanced mechanisms for granting access to shared resources

Mechanisms are provided, in a data processing system comprising a plurality of nodes, each node being a computing device, for controlling access to a critical section of code. These mechanisms send, by a sender node of the data processing system, an access request for requesting access to the critical section of code. The critical section of code is a portion of code that accesses a shared resource. The mechanisms receive, in the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request. Each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response. The mechanisms control, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes.

Partition file system for virtual machine memory management

A virtual machine of an information handling system (IHS) initializes an operating system to provide partition file system memory management during application execution. The operating system employs multiple partitions that include one or more applications for execution within the virtual machine. A file system tool identifies write operations to a global file system and generates local and common file system information. The file system tool populates the local file systems that include delta local file systems and differential file systems with write operation data. The file system tool may generate stackable common delta file system information to store write operation data common to two or more partitions that employ executing applications. The file system tool may combine or separate stackable common delta file system information to provide improvements in virtual machine memory utilization.

Providing Programming Support to Debuggers

Method for providing programming support to a debugger are disclosed. The method includes defining at least one debugger programming statement, and instructing the debugger to execute the at least one debugger programming statement which modifies a least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.

Clustering Support Across Geographical Boundaries

An approach is presented that provides computer clustering support across geographical boundaries. Inter-node communications are managed in a cluster by having each node operate at the network device driver (NDD) level within the kernel. Multiple types of NDD are utilized (Ethernet, SAN, DISK etc.) to provide redundancy so that nodes can reliably exchange heartbeat. To align with this architecture, for remote nodes, a pseudo NDD is used over Transmission Control Protocol (TCP) based communication interface to work along side other NDDs. Thus, the same packet which is sprayed over the NDDs pertaining to local nodes can be sprayed over the TCPSOCK NDD interface for remote nodes. Nodes (local or remote) receive the same packet and reassemble and process it in the same manner.

Extensible Access Control List Framework

Methods, systems, and products for governing access to objects on a filesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, thereby enabling governing of access to objects on a filesystem according to an associated definition of an ACL type; and accepting definitions of ACL types. The associated definition may comprise a kernel extension.

VIRTUALIZING COHERENT HARDWARE ACCELERATORS

An approach to virtualizing a coherent memory hardware accelerator is provided comprising creating a segment table for a client logical partition (LPAR), wherein a virtual address space is reserved in the segment table, receiving an Input/Output (I/O) request to use the coherent memory hardware accelerator, generating an I/O operation associated with the I/O request, wherein the I/O operation is passed to the coherent memory hardware accelerator, receiving a map request from the coherent memory hardware accelerator, creating an entry in the reserved virtual address space in the segment table, creating a hardware page table map request for mapping a memory address associated with the client LPAR and returning the reserved virtual address space to the coherent memory hardware accelerator, wherein the coherent memory hardware accelerator has remote direct memory access to memory associated with the client LPAR for performing an acceleration of one or more processes.

METHOD FOR DYNAMICALLY RESIZING FILE SYSTEMS

Methods ( 100 ), systems ( 300 ) and computer program products are disclosed for uninterrupted execution of an application program ( 110 ). The method ( 100 ) comprises: receiving a write operation call to a native file system from an application program ( 110 ) being executed on an operating system; and dynamically allocating ( 120, 122 ) free data blocks to the native file system from at least one other file system in a group of file systems until completion of execution of the application program ( 110 ) thereby completing the write operation call. The group of file systems is configured to allow sharing of free data blocks amongst the group of file systems.

Providing programming support to debuggers

Method for providing programming support to a debugger are disclosed. The method includes defining at least one debugger programming statement, and instructing the debugger to execute the at least one debugger programming statement which modifies a least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.

Mathematical definition of roles and authorizations in RBAC system

A process, apparatus and program product create a new role in a Role Based Access Control (RBAC) system by using mathematical operators with either one or more authorizations, or one or more existing roles, or a combination thereof.

Virtualizing coherent hardware accelerators

An approach to virtualizing a coherent memory hardware accelerator is provided comprising creating a segment table for a client logical partition (LPAR), wherein a virtual address space is reserved in the segment table, receiving an Input/Output (I/O) request to use the coherent memory hardware accelerator, generating an I/O operation associated with the I/O request, wherein the I/O operation is passed to the coherent memory hardware accelerator, receiving a map request from the coherent memory hardware accelerator, creating an entry in the reserved virtual address space in the segment table, creating a hardware page table map request for mapping a memory address associated with the client LPAR and returning the reserved virtual address space to the coherent memory hardware accelerator, wherein the coherent memory hardware accelerator has remote direct memory access to memory associated with the client LPAR for performing an acceleration of one or more processes.

Managing memory

Methods, systems, and products for managing memory. In one general embodiment, the method includes assigning an isolated virtual heap in a global kernel heap of a global operating system environment to each of a plurality of isolated virtual operating system environments operating in a global operating system environment; and in response to an invocation of kernel heap memory allocation from one of the isolated virtual operating system environments, dynamically allocating memory to the invoking isolated virtual operating system environment from the virtual kernel heap assigned to the invoking isolated virtual operating system environment. The method may also include running the plurality of isolated virtual operating system environments in the global operating system environment. The plurality of isolated virtual operating system environments may share a single common kernel. The isolated virtual operating system environments may run under the same operating system image.

DOMAIN BASED RESOURCE ISOLATION IN MULTI-CORE SYSTEMS

Embodiments of the present invention provide a system, method, and program product for domain based resource isolation in multi-core systems. A computing device determines an operation being attempted on a workload request identified with a first domain identifier. The computing device determines a processor core identified with a second domain identifier. In response to determining that processor cores identified with the second domain identifier can service workload requests identified with the first domain identifier, the computing device deploys the workload request to the processor core for servicing. 1. A method comprising:determining, by a computing device, an operation being attempted on a workload request identified with a first domain identifier;determining a processor core identified with a second domain identifier;in response to determining that processor cores identified with the second domain identifier can service workload requests identified with the first domain identifier, deploying the workload request to the processor core for servicing.2. The method of claim 1 , wherein the second domain identifier groups processor cores according to a predetermined performance criteria.3. The method of claim 1 , wherein the second domain identifier groups processor cores according to type of application serviceable.4. The method of claim 1 , wherein the second domain identifier groups processor cores according to a predetermined power savings criteria.5. The method of claim 1 , wherein the operation is initiated by one of a application process claim 1 , an operating system process claim 1 , a tool process claim 1 , a command process claim 1 , and utility process.6. The method of claim 1 , wherein the step of determining that the processor cores identified with the second domain identifier can service the workload requests identified with the first domain identifier includes utilizing logic that dictates when the processor cores can service the workload requests ...

PARTITION FILE SYSTEM FOR VIRTUAL MACHINE MEMORY MANAGEMENT

A virtual machine of an information handling system (IHS) initializes an operating system to provide partition file system memory management during application execution. The operating system employs multiple partitions that include one or more applications for execution within the virtual machine. A file system tool identifies write operations to a global file system and generates local and common file system information. The file system tool populates the local file systems that include delta local file systems and differential file systems with write operation data. The file system tool may generate stackable common delta file system information to store write operation data common to two or more partitions that employ executing applications. The file system tool may combine or separate stackable common delta file system information to provide improvements in virtual machine memory utilization. 1. A method of operating a file system , comprising:loading an operating system into a system memory, the operating system including first and second partitions, the first and second partitions including first and second applications, respectively, the operating system including a global file system;initiating, by the first application, a first write operation to the global file system;intercepting, by the operating system, the first write operation to the global file system, thus providing a first intercepted write operation that includes first intercepted write data;generating, by the operating system, a first delta local file system (DLFS) in the first partition to store the first intercepted write data;testing, by a file system tool, to determine if the first intercepted write data is common between the first delta local file system (DLFS) in the first partition and a second delta local file system (DLFS) in the second partition, thus providing first common intercepted write data;generating, by the file system tool, a first common delta file system (CDFS) that stores ...

Enhanced mechanisms for granting access to shared resources

Mechanisms are provided, in a data processing system comprising a plurality of nodes, each node being a computing device, for controlling access to a critical section of code. These mechanisms send, by a sender node of the data processing system, an access request for requesting access to the critical section of code. The critical section of code is a portion of code that accesses a shared resource. The mechanisms receive, in the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request. Each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response. The mechanisms control, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes.

SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DYNAMICALLY RESIZING FILE SYSTEMS

Methods (100), systems (300) and computer program products are disclosed for uninterrupted execution of an application program (110). The method (100) comprises: receiving a write operation call to a native file system from an application program (110) being executed on an operating system; and dynamically allocating (120, 122) free data blocks to the native file system from at least one other file system in a group of file systems until completion of execution of the application program (110) thereby completing the write operation call. The group of file systems is configured to allow sharing of free data blocks amongst the group of file systems.

RECONSILIATION OF ASYMETRIC TOPOLOGY IN A CLUSTERED ENVIRONMENT

Provided are techniques for the orderly shutdown of a node within a cluster in the event of asymmetric topology maps, comprising receiving, at a first node, a plurality of heartbeats, each heartbeat corresponding to a particular, corresponding other node in the cluster and comprising information on a topological map corresponding to each particular other node's view of the cluster generating, by the first node, a topological map of the cluster based upon the information comprising the heartbeats; comparing the topological map of the cluster and the topological maps corresponding to each node; in response to a determination that the topological maps of the duster and each node are not in agreement, determining the connectivity of the first node with respect to the cluster and in respond to a determination that the first node has the lowest connectivity within the cluster, shutting down the first node. 1. A method , comprising;receiving, at a first node of a plurality of nodes in a cluster, a plurality of heartbeats, each heartbeat corresponding to a particular, corresponding other node in the cluster and comprising information on a topological map corresponding to each particular other node's view of the cluster;generating, by the first node, a topological map of the cluster based upon the information comprising the heartbeats;comparing the topological map of the cluster and the topological maps corresponding to each node;in response to a determination that the topological maps of the cluster and each node are not in agreement, determining the connectivity of the first node with respect to the cluster; andin response to a determination that the first node has the lowest connectivity within the cluster, shutting down the first node.2. The method of claim 1 , further comprising:detecting that connectivity of the first node and a connectivity corresponding to a second node of the plurality of nodes are equal and the lowest connectivity within the cluster; ...

Enhanced mechanisms for granting access to shared resources

Mechanisms are provided, in a data processing system comprising a plurality of nodes, each node being a computing device, for controlling access to a critical section of code. These mechanisms send, by a sender node of the data processing system, an access request for requesting access to the critical section of code. The critical section of code is a portion of code that accesses a shared resource. The mechanisms receive, in the sender node, from a plurality of receiver nodes in the data processing system, responses to the access request. Each response in the responses includes a number of active nodes perceived by a corresponding receiver node that transmitted the response. The mechanisms control, by the sender node, access to the critical section of code based on the number of active nodes identified in each of the responses received from the receiver nodes.

Extensible access control list framework

Methods, systems, and products for governing access to objects on a fϊlesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, thereby enabling governing of access to objects on a fϊlesystem according to an associated definition of an ACL type; and accepting definitions of ACL types. The associated definition may comprise a kernel extension.