公开(公告)号：US11200183B2

公开(公告)日：2021-12-14

申请号：US16493148

申请日：2017-03-31

Applicant: INTEL CORPORATION

Inventor： Sanjay Kumar ,  Rajesh M. Sankaran ,  Philip R. Lantz ,  Utkarsh Y. Kakaiya ,  Kun Tian

IPC: G06F13/28 ,  G06F13/24 ,  G06F9/455 ,  G06F9/48

Abstract: Implementations of the disclosure provide processing device comprising: an interrupt managing circuit to receive an interrupt message directed to an application container from an assignable interface (AI) of an input/output (I/O) device. The interrupt message comprises an address space identifier (ASID), an interrupt handle and a flag to distinguish the interrupt message from a direct memory access (DMA) message. Responsive to receiving the interrupt message, a data structure associated with the interrupt managing circuit is identified. An interrupt entry from the data structure is selected based on the interrupt handle. It is determined that the ASID associated with the interrupt message matches an ASID in the interrupt entry. Thereupon, an interrupt in the interrupt entry is forwarded to the application container.

公开(公告)号：US20210374087A1

公开(公告)日：2021-12-02

申请号：US17380712

申请日：2021-07-20

Applicant: Intel Corporation

Inventor： David A. Koufaty ,  Rajesh M. Sankaran ,  Utkarsh Y. Kakaiya

IPC: G06F13/42 ,  G06F13/40 ,  G06F9/50 ,  G06F9/54

Abstract: Techniques for increasing link efficiency are disclosed. In one embodiment, a device handle table is created at each end of a link. Device handle allocation messages can be used to associate a particular device handle with a particular domain identifier, such as a bus/device/function (BDF) identifier or a processor address space identifier (PASID). Once a device handle is allocated, messages can be sent between the two ends of the link that include the device handle. The device handle can be used to determine the domain identifier associated with the message. As the device handle can be fewer bits than the domain identifier, the link efficiency can be increased.

公开(公告)号：US11099880B2

公开(公告)日：2021-08-24

申请号：US16481441

申请日：2017-02-22

Applicant: INTEL CORPORATION

Inventor： Sanjay Kumar ,  Rajesh M. Sankaran ,  Gilbert Neiger ,  Philip R. Lantz ,  Jason W. Brandt ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya ,  Kun Tian

IPC: G06F9/455 ,  G06F12/1045 ,  G06F12/109 ,  G06F9/30

Abstract: A processing device comprises an address translation circuit to intercept a work request from an I/O device. The work request comprises a first ASID to map to a work queue. A second ASID of a host is allocated for the first ASID based on the work queue. The second ASID is allocated to at least one of: an ASID register for a dedicated work queue (DWQ) or an ASID translation table for a shared work queue (SWQ). Responsive to receiving a work submission from the SVM client to the I/O device, the first ASID of the application container is translated to the second ASID of the host machine for submission to the I/O device using at least one of: the ASID register for the DWQ or the ASID translation table for the SWQ based on the work queue associated with the I/O device.

公开(公告)号：US11055147B2

公开(公告)日：2021-07-06

申请号：US16351396

申请日：2019-03-12

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F9/50 ,  H04L12/58 ,  G06F15/76 ,  G06F15/17 ,  H04L29/08 ,  H04L29/12

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.

公开(公告)号：US10789370B2

公开(公告)日：2020-09-29

申请号：US15470270

申请日：2017-03-27

Applicant: INTEL CORPORATION

Inventor： Mohan K. Nair ,  Rajesh M. Sankaran ,  Utkarsh Y. Kakaiya ,  Zhenfu Chai ,  David M. Lee ,  Pratik M. Marolia

IPC: G06F9/4401 ,  G06F21/60 ,  G06F21/85 ,  G06F21/57 ,  G06F12/0815 ,  G06F13/42 ,  H04L29/06

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for extending a root complex to encompass an external component. A processor includes a processor core and root complex circuitry coupled to the processor core. The processor core is to execute a basic input/output system (BIOS) and an operating system (OS). The root complex circuitry includes a coherent interface port and a downstream port. The root complex circuitry is to couple to an external component via the downstream port and the coherent interface port. The BIOS, to extend a root complex beyond the root complex circuitry to encompass the external component, is to obfuscate the downstream port from the OS, define a virtual root bridge for the external component, and enable a security check at the external component to provide protection for the coherent interface port and the downstream port.

公开(公告)号：US10762244B2

公开(公告)日：2020-09-01

申请号：US16024022

申请日：2018-06-29

Applicant: INTEL CORPORATION

Inventor： Joshua Fender ,  Utkarsh Y. Kakaiya ,  Mohan Nair ,  Brian Morris ,  Pratik Marolia

IPC: G06F21/00 ,  G06F21/76 ,  H04L29/08 ,  G06F11/14 ,  G06F1/3206 ,  G06F21/54 ,  G06F1/324 ,  G06F21/74 ,  H04L29/06 ,  G06F1/20 ,  G06F1/3287

Abstract: Various embodiments are generally directed to securing systems that include hardware accelerators, such as FPGA-based accelerators, and privileged system components. Some embodiments may provide a security broker. In various embodiments, the security broker may provide interfaces between the hardware accelerator and the privileged component. Some embodiments may receive an instruction from the hardware accelerator targeting the privileged component, and validate the instruction based on a configuration. In some embodiments, upon determining the instruction is not validated, the instruction is restricted from further processing.

公开(公告)号：US10541687B2

公开(公告)日：2020-01-21

申请号：US15942919

申请日：2018-04-02

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Joshua D. Fender

IPC: G06F7/38 ,  H03K19/173

Abstract: A device includes a reconfigurable circuit and reconfiguration logic. The reconfiguration logic is to: receive, via a policy interface, a user policy and an image policy; receive a first reconfiguration image via a first configuration interface of a plurality of configuration interfaces; validate the first configuration interface based on the user policy; validate the first reconfiguration image based on the image policy; and in response to a determination that the first configuration interface and the first reconfiguration image are both valid, reconfigure the reconfigurable circuit using the first reconfiguration image.

公开(公告)号：US20190311123A1

公开(公告)日：2019-10-10

申请号：US16444053

申请日：2019-06-18

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  H04L9/08 ,  G06F9/455

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US20190146943A1

公开(公告)日：2019-05-16

申请号：US16232014

申请日：2018-12-25

Applicant: Intel Corporation

Inventor： Joshua David Fender ,  Utkarsh Y. Kakaiya

IPC: G06F13/40 ,  G06F8/61 ,  G06F17/50

Abstract: A method includes receiving at a management component of an FPGA a persona change request and issuing a request by the management component to a reconfigurable PR slot of the FPGA to change a first persona of a first circuit device of the FPGA to a second persona of a second circuit device of the FPGA. The management component, the reconfigurable PR slot, and the first and second circuit devices are configured in the FPGA core. The method includes switching by the reconfigurable PR slot the first persona to the second persona. The method includes issuing a request by the management component, a host re-enumeration of the reconfigurable PR slot, triggering by the host a re-enumeration component a re-enumeration of the reconfigurable PR slot, and exposing by the reconfigurable PR slot the second persona such that the host is reconfigured to recognize the second circuit device.

公开(公告)号：US10228981B2

公开(公告)日：2019-03-12

申请号：US15584979

申请日：2017-05-02

Applicant: Intel Corporation

Inventor： Utkarsh Y. Kakaiya ,  Rajesh Sankaran ,  Sanjay Kumar ,  Kun Tian ,  Philip Lantz

IPC: G06F3/06 ,  G06F9/50 ,  H04L29/08 ,  H04L12/24 ,  H04L12/58 ,  H04L29/12 ,  G06F15/17

Abstract: Techniques for scalable virtualization of an Input/Output (I/O) device are described. An electronic device composes a virtual device comprising one or more assignable interface (AI) instances of a plurality of AI instances of a hosting function exposed by the I/O device. The electronic device emulates device resources of the I/O device via the virtual device. The electronic device intercepts a request from the guest pertaining to the virtual device, and determines whether the request from the guest is a fast-path operation to be passed directly to one of the one or more AI instances of the I/O device or a slow-path operation that is to be at least partially serviced via software executed by the electronic device. For a slow-path operation, the electronic device services the request at least partially via the software executed by the electronic device.