Abstract: In one embodiment, a system includes a memory to store a work queue including work queue entry slots, a processing device to write work queue entries to the work queue in a consecutive and cyclic manner, and a network device including a network interface to share packet over a network, and packet processing circuitry to read the work queue entries from the work queue in a consecutive and cyclic manner, the work queue entries indicating work to be performed associated with the packets, dequeue respective ones of the work queue entries read from the work queue responsively to reading the respective work queue entries from the work queue, add the work queue entries to an execution database used to track execution of the work queue entries, and execute the work queue entries in the execution database.

Abstract: A network device includes a hardware pipeline to process a network packet to be encrypted. A portion of the hardware pipeline retrieves information from the network packet and generates a command based on the information. A block cipher circuit is coupled inline within the hardware pipeline. The hardware pipeline includes hardware engines coupled between the portion of the hardware pipeline and the block cipher circuit. The hardware engines parse and execute the command to determine a set of inputs and input the set of inputs and portions of the network packet to the block cipher circuit. The block cipher circuit encrypts a payload data of the network packet based on the set of inputs.

Abstract: A network adapter includes a network interface that communicates packets over a network, a host interface connected locally to a host processor and to a host memory, and processing circuitry, coupled between the network interface and the host interface, and is configured to receive in a common queue, via the host interface, (i) a processing work item specifying a source buffer in the host memory, a data processing operation, and a first address in the host memory, and (ii) an RDMA write work item specifying the first address, and a second address in a remote memory. In response to the processing work item, the processing circuitry reads data from the source buffer, applies the data processing operation, and stores the processed data in the first address. In response to the RDMA write work item the processing circuitry transmits the processed data, over the network, for storage in the second address.

Abstract: A computing system includes at least one peripheral bus, a peripheral device connected to the at least one peripheral bus, at least one memory, and first and second system components. The first system component is (i) associated with a first address space in the at least one memory and (ii) connected to the peripheral device via the at least one peripheral bus. The second system component is (i) associated with a second address space in the at least one memory and (ii) connected to the peripheral device via the at least one peripheral bus. The first system component is arranged to cause the peripheral device to access the second address space that is associated with the second system component.

Abstract: A communication system includes at least one send queue, containing send queue entries pointing to packets to be transmitted over a network by packet sending circuitry. A clock work queue contains clock queue entries to synchronize sending times of the packets pointed to by the send queue entries. At least one arming queue contains arming queue entries to arm the clock work queue at selected time intervals.

Abstract: Technologies for payload direct memory storing (PDMS) for out-of-order delivery of packets in remote direct memory access (RDMA) are described. A responder device includes an RDMA transport layer that can receive packets out of order and allow direct data placement of packet data in order. The responder device receives a first packet with a first packet number and first location information. The responder device stores first packet data to a first location according to the first location information. The responder device also receives a second packet and stores second packet data to a second location according to the second location information. A second packet number indicates that the first packet is received out of order. The first and second packet data are stored in order. The responder device can provide an indication that a message has arrived in response to determining that all packets of the message have arrived.

Abstract: In one embodiment, data communication apparatus includes packet processing circuitry to receive data from a memory responsively to a data transfer request, and cryptographically process the received data in units of data blocks using a block cipher so as to add corresponding cryptographically processed data blocks to a sequence of data packets, the sequence including respective ones of the cryptographically processed data blocks having block boundaries that are not aligned with payload boundaries of respective one of the packets, such that respective ones of the cryptographically processed data blocks are divided into two respective segments, which are contained in successive respective ones of the packets in the sequence, and a network interface which includes one or more ports for connection to a packet data network and is configured to send the sequence of data packets to a remote device over the packet data network via the one or more ports.

Abstract: In one embodiment, an apparatus includes a network interface to receive a sequence of data packets from a remote device responsively to a data transfer request, the received sequence including received data blocks, and packet processing circuitry to read cryptographic parameters from a memory in which the parameters were registered by a processing unit, the cryptographic parameters including an initial cryptographic key and initial value, compute a first cryptographic key responsively to the initial cryptographic key and initial value, cryptographically process a first block responsively to the first cryptographic key, compute an updated value responsively to the initial value and a size of the first block, compute a second cryptographic key responsively to the initial cryptographic key and the updated value, cryptographically process a second block of the received data blocks responsively to the second cryptographic key, and write the cryptographically processed first and second block to the memory.

Abstract: A timing system including timing circuitry which includes an arming queue, a clock work queue, and a clock completion queue. At least the clock work queue is to provide timing information, and the arming queue is to arm the clock work queue. Related apparatus and methods are also provided.

Abstract: An apparatus for cache management includes an interface and a processor. The interface is for communicating with a cache memory configured to store data items. The cache controller is configured to obtain a classification of the data items into a plurality of groups, to obtain respective target capacities for at least some of the groups, each target capacity defining a respective required size of a portion of the cache memory that is permitted to be occupied by the data items belonging to the group, and to cache new data items in the cache memory, or evict cached data items from the cache memory, in accordance with a policy that complies with the target capacities specified for the groups.

Abstract: A method for data transfer includes transmitting a sequence of data packets from a first computer over a network to a second computer in a single RDMA data transfer transaction. Upon receipt of a second packet in the sequence without previously having received the first packet, the second computer sends a NAK packet over the network to the first computer, indicating that the first packet was not received. A retransmission mode is selected responsively to the type of the transaction, such that when the transaction is of a first type, the first packet is retransmitted from the first computer to the second computer in response to the NAK packet without retransmitting the second packet, and when the transaction is of a second type, both the first and second packets are retransmitted from the first computer to the second computer in response to the NAK packet.

Abstract: A method includes receiving a network packet into a hardware pipeline of a network device; parsing and retrieving information of the network packet; determining, by the hardware pipeline, a packet-processing action to be performed by matching the information to a data structure of a set of flow data structures; sending, by the hardware pipeline, an action request to a programmable core, the action request being populated with data to trigger the programmable core to execute a hardware thread to perform a job, which is associated with the packet-processing action and that generates contextual data; retrieving the contextual data updated by the programmable core; and integrating the contextual data into performing the packet-processing action.

Abstract: A method using a memory and queue handling logic, including accessing a work control structure (WCS) configured “first-in-first-out” holding work control records (WCRs) each including a field defining work to be carried out and a completion indicator indicating whether the work has completed, and initially set to indicate that the work has not completed: upon fetching a work request (WR) for execution, pushing a WCR corresponding to the WR to the WCS, and: A) inspecting the WCR at a head of the WCS, B) when the completion indicator of the WCR at the head of the WCS indicates that the unit of work associated with the WCR at the head of the WCS has been completed, popping the WCR at the head of the WCS from the WCS, and reporting completion of the WCR at the head of the WCS to a host processor, and C) iteratively performing A, B, and C.

Abstract: A compute node includes a memory, a processor and a peripheral device. The memory is to store memory pages. The processor is to run software that accesses the memory, and to identify one or more first memory pages that are accessed by the software in the memory. The peripheral device is to directly access one or more second memory pages in the memory of the compute node using Direct Memory Access (DMA), and to notify the processor of the second memory pages that are accessed using DMA. The processor is further to maintain a data structure that tracks both (i) the first memory pages as identified by the processor and (ii) the second memory pages as notified by the peripheral device.

Abstract: A method including an executing entity, including fencing dependency circuitry, communicating with physical memory including a work queue (WQ) including a first controlling work request (WR), and a first dependent WR, the first dependent WR including a fencing indication indicating that the first dependent WR should not be executed until the first controlling WR has completed, the fencing dependency circuitry determining that the first dependent WR is ready for execution and checking, based on the fencing indication in the first dependent WR, whether the first controlling WR has completed, and the executing entity executing the first dependent WR only when the first controlling WR has completed. Related apparatus and methods are also provided.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A network device in a communication network includes a controller and processing circuitry. The controller is configured to manage execution of an operation whose execution depends on inputs from a group of one or more work-request initiators. The processing circuitry is configured to read one or more values, which are set by the work-request initiators in one or more memory locations that are accessible to the work-request initiators and to the network device, and to trigger execution of the operation in response to verifying that the one or more values read from the one or more memory locations indicate that the work-request initiators in the group have provided the respective inputs.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: Computing apparatus includes a host computer, including multiple non-uniform memory access (NUMA) nodes, including at least first and second NUMA nodes, which include first and second local memories and first and second host bus interfaces for connection to first and second peripheral component buses, respectively. A network interface controller (NIC) is to receive a definition of a memory region extending over respective first and second parts of the first and second local memories and to receive a memory mapping with respect to the memory region that is applicable to both the first and second local memories, and to apply the memory mapping in writing data to the memory region via first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions to the respective first and second parts of the first and second local memories in response to packets received through a network port.