Abstract: Systems, computer program products, and methods are described for secure data transmission. An example system includes a first end-point device, an intermediate device, and a second-end point device. The first end-point device determines the format requirements of the communication link between the first end-point device and the intermediate device, and the communication link intermediate device and the second end-point device. Based on the format requirements, the first end-point device configures the data packet for transmission, such that the data packet, when received at the intermediate device, is re-configured and routed to the second end-point device. When the second end-point device receives the data packet, it verifies the data packet to confirm that the packet has maintained its integrity throughout transit.

Abstract: Systems and methods herein are for a Non-Transparent Bridges (NTBs) that are scalable and configurable to use equally sized or spaced windows and a common lookup database for remapping writes without completions. The equally sized or spaced windows in the address space are addressable by a starting address and a size to support communication between host machines or endpoints. The common lookup database is to allow selection of one the windows associated with a mapping between address spaces of different domains and is also to accept remapping writes through the at least one NTB to modify the mapping without need for a completion to be returned to a source of the remapping writes.

Abstract: Systems and methods herein are for a Non-Transparent Bridges (NTBs) that are scalable and configurable to use equally sized or spaced windows and a common lookup database for remapping writes without completions. The equally sized or spaced windows in the address space are addressable by a starting address and a size to support communication between host machines or endpoints. The common lookup database is to allow selection of one the windows associated with a mapping between address spaces of different domains and is also to accept remapping writes through the at least one NTB to modify the mapping without need for a completion to be returned to a source of the remapping writes.

Abstract: Computing apparatus includes a host computer, including multiple non-uniform memory access (NUMA) nodes, including at least first and second NUMA nodes, which include first and second local memories and first and second host bus interfaces for connection to first and second peripheral component buses, respectively. A network interface controller (NIC) is to receive a definition of a memory region extending over respective first and second parts of the first and second local memories and to receive a memory mapping with respect to the memory region that is applicable to both the first and second local memories, and to apply the memory mapping in writing data to the memory region via first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions to the respective first and second parts of the first and second local memories in response to packets received through a network port.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: In one embodiment, a processing device includes a memory to store a plurality of memory pages having corresponding physical memory addresses in the memory, store an active multilevel page table (MPT) mapping virtual to physical memory addresses for corresponding allocated memory pages stored in the memory, and store a floating MPT at least partially mapping virtual to physical memory addresses for corresponding spare memory pages stored in the memory, the floating and active MPT using a common mapping scheme, and a processor to receive a request to add a virtual to physical address mapping for more memory pages of the plurality of memory pages to the active MPT, and in response to receiving the request, adjoin at least part of the floating MPT to the active MPT so that the active MPT provides the virtual to physical address mapping for at least some memory pages of the spare memory pages.

Abstract: In one embodiment, a processing device includes a memory to store a plurality of memory pages having corresponding physical memory addresses in the memory, store an active multilevel page table (MPT) mapping virtual to physical memory addresses for corresponding allocated memory pages stored in the memory, and store a floating MPT at least partially mapping virtual to physical memory addresses for corresponding spare memory pages stored in the memory, the floating and active MPT using a common mapping scheme, and a processor to receive a request to add a virtual to physical address mapping for more memory pages of the plurality of memory pages to the active MPT, and in response to receiving the request, adjoin at least part of the floating MPT to the active MPT so that the active MPT provides the virtual to physical address mapping for at least some memory pages of the spare memory pages.

Abstract: A communication system includes at least one send queue, containing send queue entries pointing to packets to be transmitted over a network by packet sending circuitry. A clock work queue contains clock queue entries to synchronize sending times of the packets pointed to by the send queue entries. At least one arming queue contains arming queue entries to arm the clock work queue at selected time intervals.

Abstract: Apparatus and method for improved network resource management are described herein. An example computing apparatus comprises a network adapter configured to: receive, via a network connection, a data packet from the communication network; determine, from the first memory block, a value of an extended portion of a local counter associated with the network connection in response to receiving the data packet; capture, from the second memory block, a value of a global counter; compare the value of the extended portion of the local counter with the value of the global counter; and in an instance in which the comparison identifies a mismatch: update the value of the extended portion of the local counter based on the value of the global counter; and set a current value of a bit indicating a status of the network connection, wherein the bit is associated with the plurality of bits.

Abstract: Apparatus and method for improved network resource management are described herein. An example computing apparatus comprises a network adapter configured to: receive, via a network connection, a data packet from the communication network; determine, from the first memory block, a value of an extended portion of a local counter associated with the network connection in response to receiving the data packet; capture, from the second memory block, a value of a global counter; compare the value of the extended portion of the local counter with the value of the global counter; and in an instance in which the comparison identifies a mismatch: update the value of the extended portion of the local counter based on the value of the global counter; and set a current value of a bit indicating a status of the network connection, wherein the bit is associated with the plurality of bits.

Abstract: In one embodiment, a system includes a memory to store a work queue including work queue entry slots, a processing device to write work queue entries to the work queue in a consecutive and cyclic manner, and a network device including a network interface to share packet over a network, and packet processing circuitry to read the work queue entries from the work queue in a consecutive and cyclic manner, the work queue entries indicating work to be performed associated with the packets, dequeue respective ones of the work queue entries read from the work queue responsively to reading the respective work queue entries from the work queue, add the work queue entries to an execution database used to track execution of the work queue entries, and execute the work queue entries in the execution database.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: Systems and methods are described herein for processing data packets. An example network adapter may include a network interface operatively coupled to a communication network and a packet processing circuitry operatively coupled to the network interface. The packet processing circuitry may receive, via the network interface, a message; retrieve, via a packet processing circuitry, a work queue element (WQE) index identifying a position of a WQE in a receive queue; determine that the message is associated with a small payload; process the message without consuming the WQE; receive, via the network interface, a subsequent message; and process the subsequent message using the WQE. In this way, the systems and methods describe herein reduce the latency in processing of the data packets.

Abstract: Systems and methods are described herein for processing data packets. An example network adapter may include a network interface operatively coupled to a communication network and packet processing circuitry operatively coupled to the network interface. The packet processing circuitry is configured to receive, via the network interface, a plurality of data packets associated with a message; determine, for each data packet, at least one corresponding reserved stride in a strided buffer; store each data packet in the at least one corresponding reserved stride; process the strided buffer upon storing the plurality of data packets in a corresponding plurality of reserved strides; and generate a completion notification indicating that the plurality of data packets in the strided buffer has been processed.

Abstract: In one embodiment, a first network device includes a host interface to receive messages from a host device, packet processing circuitry to send a batch of the messages to a second network device without waiting for an acknowledgement receipt from the second network device after sending each message, one message in the batch having a maximum message sequence number (MSN), receive a given acknowledgement receipt from the second network device indicating that all the messages in the batch have been received and including credit data indicating that there is no space in a receive work queue of the second network device for receiving an additional message, and send the additional message having an MSN greater than the maximum MSN to the second network device responsively to receiving the given acknowledgement receipt and based on the credit data indicating that there is no space in the receive work queue.

Abstract: An apparatus includes a memory and control circuitry. The control circuitry is configured to receive packets, which are en-route to undergo transport-layer processing in a network device in accordance with a transport protocol that requires arrival of the packets in a sequential order, to detect that one or more of the packets deviate from the sequential order, to buffer the one or more deviating packets in the memory, and, using the memory, to reorder the packets and provide the packets in the sequential order to the network device.

Abstract: A communication system includes at least one send queue, containing send queue entries pointing to packets to be transmitted over a network by packet sending circuitry. A clock work queue contains clock queue entries to synchronize sending times of the packets pointed to by the send queue entries. At least one arming queue contains arming queue entries to arm the clock work queue at selected time intervals.

Abstract: Apparatuses, systems, and techniques for dynamic memory allocation using a shared free list. A user tag is received, and a hashed user tag is generated. A first reference to an entry in a second data structure is identified in a first data structure using the hashed user tag. The entry includes multiple user tags. Responsive to determining that the multiple user tags do not include the user tag, a memory address is identified in a third data structure. The memory address is removed from the third data structure. Memory is allocated for a user context associated with the user tag at the memory address. The user tag is added to the second data structure.

Abstract: A network device includes one or more ports, match-action circuitry, and an action processor. The one or more ports are to exchange packets between the network device and a network. The match-action circuitry is to match at least some of the packets to one or more rules so as to set respective actions to be performed, at least one of the actions including a programmable action. The instruction processor is to perform the programmable action by running user-programmable software code. The instruction processor includes architectural registers, one or more of the architectural registers being accessible by the match-action circuitry, and the match-action circuitry is to write into the architectural registers information for performing the programmable action.

Abstract: An apparatus includes a memory and control circuitry. The control circuitry is configured to receive packets, which are en-route to undergo transport-layer processing in a network device in accordance with a transport protocol that requires arrival of the packets in a sequential order, to detect that one or more of the packets deviate from the sequential order, to buffer the one or more deviating packets in the memory, and, using the memory, to reorder the packets and provide the packets in the sequential order to the network device.