T 1701/15 (MANAGING USE OF STORAGE BY MULTIPLE PAGEABLE GUESTS OF A COMPUTING ENVIRONMENT/IBM) 11-01-2021
Download and more information:
MANAGING USE OF STORAGE BY MULTIPLE PAGEABLE GUESTS OF A COMPUTING ENVIRONMENT
Claims - clarity after amendment (yes)
Amendments - added subject-matter (no)
Appeal decision - remittal to the department of first instance (yes)
I. This appeal is against the decision of the examining division to refuse the European patent application No. 09714605.4 pursuant to Article 97(2) EPC on the grounds of lack of clarity (Article 84 EPC) and added subject-matter (Article 123(2) EPC).
II. In the statement setting out the grounds of appeal, the appellant requested that the decision under appeal be set aside and that a patent be granted on the basis of claims 1 to 6 of a new request filed as Annex A. Oral proceedings were not requested.
III. In a communication the Board set out its preliminary opinion that claim 1 of the new main request overcame the objections under Article 84 EPC and Article 123(2) EPC of the impugned decision, but that the amendments seemed to lead to further objections under Article 84 and 123(2) EPC.
IV. The appellant filed in response new claims 1 to 4 to replace previously filed claims 1 to 6 and description page 2 to replace pages 1a and 2.
V. Claim 1 reads as follows :
"1. A method for executing an instruction, the method comprising the steps of
obtaining a test protection machine instruction (900), the test protection machine instruction comprising an opcode field (902), a first operand (904, 906) and a second operand (908, 910); and
executing (1000), by a pageable guest managed by a host, the test protection machine instruction, to determine one or more host and guest level storage protection attributes for a location of storage, the location of storage specifying a first host frame of host main storage, and wherein the first operand designates a logical address for the location of storage and the second operand designates an access key for testing against a storage key for the location of storage, the executing comprising:
determining (1002) whether storing to the storage location is permitted by both host and guest and on a positive determination, completing (1004) by setting a first condition code that represents a storage protection attribute to the pageable guest that fetching and storing to the location of storage is permitted;
on a negative determination with respect to storing to the storage location, determining (1006) whether guest and host address translation is available;
on a negative determination as to availability of guest address translation, completing (1008) by setting a second condition code that represents a storage protection attribute to the pageable guest that translation is not available, and on a negative determination as to availability of host address translation, completing (1012) by executing a host interrupt;
on a positive determination with respect to availability of both guest and host address translation, determining (1014), with reference to permissions stored at host and guest translation tables, whether fetching from the storage location is permitted by both host and guest;
on a negative determination with respect to fetching from the storage location, completing (1016) by setting a third condition code that represents a storage protection attribute to the pageable guest that neither fetching from nor storing to the storage location is permitted;
on a positive determination with respect to fetching from the storage location, determining (1018) whether a host protection exception trap is enabled;
on a negative determination with respect to enabling of the host protection exception trap, completing (1020) by setting a fourth condition code that represents a storage protection attribute to the pageable guest that only fetching is permitted;
on a positive determination with respect to enabling of the host protection exception trap, determining (1022), with reference to the guest translation table, whether storing is permitted by the guest,
on a negative determination with respect to storing by the guest, completing (1024) by setting the fourth condition code,
on a positive determination with respect to storing by the guest, determining whether the host write protection is other than Dynamic Address Translation 'DAT';
on a positive determination with respect to host write protection being other than DAT, completing (1028) by setting the fourth condition code;
on a negative determination with respect to host write protection being other than DAT, intercepting (1030) execution of the test protection machine instruction, and in response to the step of intercepting, simulating, by a host dispatching the pageable guest, execution of the test protection machine instruction, the step of simulating comprising: determining (1040) whether the location of storage is part of a host copy-on-write scheme;
on a positive determination with respect to location of storage being part of a host copy-on-write scheme, completing (1044) by setting the first condition code representing to the pageable guest that storing to the location of storage is permitted, although host translation table entries for that location of storage remain unchanged; and
on a negative determination with respect to location of storage being part of a host copy-on-write scheme, completing (1042) by setting the fourth condition code."
1. The invention
1.1 The invention manages the use of storage by multiple pageable guests of a computing environment, as in the IBM z/Architecture. A pageable guest is, for example, a virtual machine V=V model, in which the absolute or real memory of the virtual machine is backed by host virtual memory, instead of real or absolute memory, see page 5, second paragraph of the original application. In these environments a portion of storge of a computing environment is typically shared among a plurality of processes executing within the environment. Storage protections are applied to provide data integrity.
1.2 In a pageable guest environment, where multiple guests share the same storage, this has the drawback that information relating to the protections becomes convoluted for the guests and/or the hosts executing the guests, see page 1, second to fourth paragraphs. There is a need for indicating whether a storage protection fault was due to host level protection or guest level protection.
1.3 The invention solves this problem of prior art systems by providing a capability that facilitates management of storage used by multiple pageable guests of a com-puting environment. A query instruction, called a Test Protection (TPROT) instruction, details the informa-tion regarding the area of storage indicated in the query, see page 4, second paragraph, and page 44, line 25, to page 55, line 25. It provides indications about the protections of the storage and allows distinctions to be made between host level and guest level protections.
1.4 When a program allocates a storage frame, it learns the attributes of the frame, i.e. whether it is resident/not write protected, by executing a TPROT query which returns a condition code, see page 45, first paragraph; page 46, lines 23 to 29, details possible return codes. However, when the program is executing interpretively as a guest under the control of a host supervisor, the return code may reflect the attributes from the frame from the viewpoint of the guest address translation tables, as well as the host translation tables. This may compromise the isolation provided by the hypervisor. Therefore, a copy-on-write (COW) scheme is used to reduce memory pressure by operation systems.
1.5 The invention inquires (Figure 10B: step 1040) whether the area in storage to be accessed is part of a host copy-on-write (COW) scheme, meaning that it cannot be written to, and provides a false return code indicating successful execution completion of the TRPOT instruction, although the translation tables are not updated to accommodate host copy-on-write (COW) scheme, see page 47, first paragraph. The approach has the advantage that the host does not need to change the state of its dynamic address translation (DAT) tables and the frame remains write-protected, see page 55, second paragraph.
2. Articles 84 and 123(2) EPC
2.1 In the impugned decision, point 2.1, claim 1 was objec-ted to under Article 123(2) EPC because the "testing of a location designated by the first operand for one or more storage protection exception conditions" could be interpreted in that the execution of a TPROT instruc-tion leads to an actual exception being issued for which there was no basis, page 45, lines 1 to 11, and page 51, lines 19 to 21 and page 52, lines 3 to 5.
2.2 At point 2.2, claim 1 was further objected to under Article 84 EPC because the address translation mechanism was unclear. It did not clearly define a two-level address translation scheme involving guest and host translation tables, see page 45, lines 1 to 11, it did not clearly indicate that the first operand of the TPROT instruction is actually the subject of address translation, page 48, line 10, and it did not clearly relate the failure to perform an address translation and the concept of exception, page 19, lines 10 to 12. Furthermore, the expression " ... although the location of storage remains write-protected" was inconsistent with the rest of claim 1 which referred to a "copy-on-write" protection scheme.
2.3 Claim 1 was substantially amended in appeal proceedings, based on pages 53 to 55 and Figures 10A and 10B of the application as filed. After additional objections by the Board, claim 1 was amended further including the incorporation of the features of claims 2 and 3. The Board is satisfied that claim 1 of the present request overcomes the objections.
3. Article 56 EPC
3.1 In an obiter dictum the division made a few general comments regarding lack of inventive step (Article 56 EPC) over D3, but did not clearly identify the distinguishing features nor did it draw a definitive conclusion.
3.2 The appellant argued, point 2.8 of the grounds, that D3 disclosed a test protection machine instruction (TPROT) which could be considered to indicate the protection of a location of storage. However, D3 did not disclose the details of its execution and in particular not the "determining (1040)" step as defined in claim 1.
3.3 The Board tends to agree that D3 does not disclose the details of the determining step (1040) which was further amended in appeal proceedings based on Figures 10A and 10B. While it seems that Test Protection instructions (TPROT) were known, see page 45, lines 3 and 4, of the application, where IBM System z processors use TPROT instructions and Sun Microsystems mincore() instructions, there is no written evidence on file to decide whether the distinguishing feature would be inventive or not.
In the Board's view these arguments cannot be convincingly dealt with without knowledge of the way TPROT instructions are normally built. Since a prior art search has not yet been performed on this matter it is thus necessary to remit the case to the examining division for carrying out an additional search and for continuing the substantive examination on the basis of the present main request and the results of the additional search.| |
For these reasons it is decided that:
1. The decision under the appeal is set aside.
2. The case is remitted to the department of first instance for further prosecution on the basis of claims 1 to 4 of the request filed with letter dated 5 November 2020.