摘要 |
A system, method and computer program product for sharing memory between fault-isolated cells of a computer system. A page of memory is exported from an exporting cell to an importing cell by selectively opening a hole in a fire-wall that otherwise fault-isolates the exporting cell and the importing cell. The fire-wall opening permits the importing cell to access a specific page of memory in the exporting cell. Access to other memory cells is still prevented by the fire-wall. When a page of memory is exported, a record of the export is generated in the exporting cell. Export records are used to determine whether a requesting cell is permitted to access a requested page of memory and to terminate memory exports in a controlled fashion. When a page of memory is imported, an import record and a proxy page frame data structure are generated in the importing cell. Import records are used to access pages of memory in other cells and to terminate imports in a controlled fashion. Proxy page frame data records are used to maintain fault isolation between cells and to ensure that kernel data is never shared between cells.
|