Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.

Abstract: A combined data processing unit (DPU) and server solution with DPU operating system (OS) integration is described. A DPU OS is executed on a DPU or other computing device, where the DPU OS exercises secure calls provided by a DPU's trusted firmware component, that may be invoked by DPU OS components to abstract DPU vendor-specific and server vendor-specific integration details. An invocation of one of the secure calls made on the DPU to communicate with its associated server computing device is identified. In an instance in which the one of the secure calls is invoked, the secure call invoked is translated into a call or request specific to an architecture of the server computing device and the call is performed, which may include sending a signal to the server computing device in a format interpretable by the server computing device.

Abstract: Disclosed are various embodiments for various approaches for implementing trust domains to provide boundaries between PCIe devices connected to the same PCIe switch. A first trust identifier can be assigned to a first virtual machine hosted by the computing device. The first trust identifier can also be assigned to a first PCIe device assigned to the first virtual machine. Later, it can be determined that a second PCIe device connected to the PCIe switch is assigned a second trust identifier assigned to a second virtual machine. An Address Control Services (ACS) direct translated bit for peer-to-peer memory requests in the PCIe switch can be disabled in response to a determination that the second PCIe device is associated with the second trust identifier assigned to the second virtual machine.

Abstract: Disclosed are various examples of providing efficient bit compression for direct mapping of physical memory addresses. In some examples, a hypervisor operating system component generates a mask of used address space bits indicated by memory map entries for a computing device. A longest range of unused address space bits is identified using the mask. The memory map entries are transformed to omit the longest range of unused address space bits.

Abstract: Boot failure protection on smartNICs and other computing devices is described. During a power-on stage of a booting process for a computing device, a boot loading environment is directed to install an application programming interface (API) able to be invoked to control operation of a hardware-implemented watchdog. During an operating system loading stage of the booting process, the application programming interface is invoked to enable the hardware-implemented watchdog. During an operating system hand-off stage of the booting process, a last watchdog refresh of the hardware-implemented watchdog is performed, and execution of the boot loading environment is handed off to a kernel boot loader of an operating system. The application programming interface may not be accessible after the hand off to the kernel boot loader.

Abstract: Disclosed are various examples of hosting a data processing unit (DPU) management operating system using an operating system software stack of a preinstalled DPU operating system. The preinstalled DPU operating system of the DPU is leveraged to provide a virtual machine environment. A DPU management operating system is executed within the virtual machine environment of the preinstalled DPU operating system. A third-party DPU function or a management service function is provided using the DPU hardware resources accessed through the DPU management operating system and the virtual machine environment.

Abstract: Disclosed are various examples of lifecycle and recovery management for virtualized data processing unit (DPU) management operating systems. A DPU device executes a DPU management hypervisor that communicates with a management service over a network. The DPU management hypervisor virtualizes DPU hardware resources and passes control of the virtualized DPU hardware resources to a DPU management operating system (OS) virtual machine (VM). The DPU management hypervisor maintains control of a management network interface card (NIC) of the DPU device.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system (OS). A host device boots a host provisioning image, which executes a host provisioning agent. The host provisioning agent launches a server component that serves a DPU management OS. A provisioning command is transmitted to a DPU device installed to the host device. The server component transmits the DPU management OS from the host device to the DPU device. A host OS is executed once an indication that the DPU device is executing on the DPU management OS is received.

Abstract: Disclosed are various examples of loading management hypervisors from a system control processor. In some examples, a host device executes a first stage bootloader of a management hypervisor from a system control processor. The first stage bootloader loads management hypervisor data and firmware instructions into a main processor memory of a main processor, and initializes the main processor to execute the firmware instructions. The system then jumps to a second stage bootloader that configures and launches the management hypervisor using the management hypervisor data.

Abstract: Disclosed are various examples of loading management hypervisors from user space. In some examples, a host device executes a first stage bootloader of a management hypervisor from within a host operating system. The first stage bootloader loads management hypervisor data and handoff instructions into a memory of the host device, and invokes a kernel execute call of the host operating system. The handoff instructions invoke a second stage bootloader that configures and launches the management hypervisor using the management hypervisor data.

Abstract: Disclosed are various embodiments for various approaches for implementing trust domains to provide boundaries between PCIe devices connected to the same PCIe switch. A first trust identifier can be assigned to a first virtual machine hosted by the computing device. The first trust identifier can also be assigned to a first PCIe device assigned to the first virtual machine. Later, it can be determined that a second PCIe device connected to the PCIe switch is assigned a second trust identifier assigned to a second virtual machine. An Address Control Services (ACS) direct translated bit for peer-to-peer memory requests in the PCIe switch can be disabled in response to a determination that the second PCIe device is associated with the second trust identifier assigned to the second virtual machine.

Abstract: A hardware-assisted paravirtualized hardware watchdog is described that is used to detect and recover from computer malfunctions. A computing device determines that a hardware-implemented watchdog of the computing device does not comply with predetermined watchdog criteria, where the hardware-implemented watchdog is configured to send a reset signal when a first predetermined amount of time elapses without receipt of a first refresh signal. If the hardware-implemented watchdog does not comply with the predetermined watchdog criteria, a runtime watchdog service is initialized using a second predetermined amount of time. The runtime watchdog service is directed to periodically send the refresh signal to the hardware-implemented watchdog before an expiration of the first predetermined amount of time that causes the hardware-implemented watchdog to expire.

Abstract: Disclosed are various examples of providing provide efficient waiting for detection of memory value updates for Advanced RISC Machines (ARM) architectures. An ARM processor component instructs a memory agent to perform a processing action, and executes a waiting function. The waiting function ensures that the processing action is completed by the memory agent. The waiting function performs an exclusive load at a memory location, and a wait for event (WFE) instruction that causes the ARM processor component to wait in a low-power mode for an event register to be set. Once the event register is set, the waiting function completes and a second processing action is executed by the ARM processor component.

Abstract: A combined data processing unit (DPU) and server solution with DPU operating system (OS) integration is described. A DPU OS is executed on a DPU or other computing device, where the DPU OS exercises secure calls provided by a DPU's trusted firmware component, that may be invoked by DPU OS components to abstract DPU vendor-specific and server vendor-specific integration details. An invocation of one of the secure calls made on the DPU to communicate with its associated server computing device is identified. In an instance in which the one of the secure calls is invoked, the secure call invoked is translated into a call or request specific to an architecture of the server computing device and the call is performed, which may include sending a signal to the server computing device in a format interpretable by the server computing device.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system using a capsule. A management hypervisor installer executed on a host device receives a listing DPU device from a baseboard management controller (BMC). A preinstalled DPU management operating system image is identified for a DPU device from the listing, and is wrapped with a capsule that specifies the capsule as a DPU management operating system image capsule. A server component provides the DPU management operating system image capsule at a particular URI, and the URI is transmitted to the BMC.

Abstract: Disclosed are various embodiments for various approaches for implementing trust domains to provide boundaries between PCIe devices connected to the same PCIe switch. A first trust identifier can be assigned to a first virtual machine hosted by the computing device. The first trust identifier can also be assigned to a first PCIe device assigned to the first virtual machine. Later, it can be determined that a second PCIe device connected to the PCIe switch is assigned a second trust identifier assigned to a second virtual machine. An Address Control Services (ACS) direct translated bit for peer-to-peer memory requests in the PCIe switch can be disabled in response to a determination that the second PCIe device is associated with the second trust identifier assigned to the second virtual machine.

Abstract: Disclosed are various examples of providing efficient bit compression for direct mapping of physical memory addresses. In some examples, a hypervisor operating system component generates a mask of used address space bits indicated by memory map entries for a computing device. A longest range of unused address space bits is identified using the mask. The memory map entries are transformed to omit the longest range of unused address space bits.

Abstract: Boot failure protection on smartNICs and other computing devices is described. During a power-on stage of a booting process for a computing device, a boot loading environment is directed to install an application programming interface (API) able to be invoked to control operation of a hardware-implemented watchdog. During an operating system loading stage of the booting process, the application programming interface is invoked to enable the hardware-implemented watchdog. During an operating system hand-off stage of the booting process, a last watchdog refresh of the hardware-implemented watchdog is performed, and execution of the boot loading environment is handed off to a kernel boot loader of an operating system. The application programming interface may not be accessible after the hand off to the kernel boot loader.

Abstract: A hardware-assisted paravirtualized hardware watchdog is described that is used to detect and recover from computer malfunctions. A computing device determines that a hardware-implemented watchdog of the computing device does not comply with predetermined watchdog criteria, where the hardware-implemented watchdog is configured to send a reset signal when a first predetermined amount of time elapses without receipt of a first refresh signal. If the hardware-implemented watchdog does not comply with the predetermined watchdog criteria, a runtime watchdog service is initialized using a second predetermined amount of time. The runtime watchdog service is directed to periodically send the refresh signal to the hardware-implemented watchdog before an expiration of the first predetermined amount of time that causes the hardware-implemented watchdog to expire.

Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.