Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and receiving an inbound TCP segment with the streamer.

Abstract: An RNIC implementation that performs direct data placement to memory where all segments of a particular connection are aligned, or moves data through reassembly buffers where all segments of a particular connection are non-aligned. The type of connection that cuts-through without accessing the reassembly buffers is referred to as a “Fast” connection because it is highly likely to be aligned, while the other type is referred to as a “Slow” connection. When a consumer establishes a connection, it specifies a connection type. The connection type can change from Fast to Slow and back. The invention reduces memory bandwidth, latency, error recovery using TCP retransmit and provides for a “graceful recovery” from an empty receive queue. The implementation also may conduct CRC validation for a majority of inbound DDP segments in the Fast connection before sending a TCP acknowledgement (Ack) confirming segment reception.

Abstract: A method for generating a storage policy, the method includes: receiving a storage system target function; and generating, by a machine learning entity, the storage policy in response to: (a) a set of file-related storage operation requests, (b) a state of the storage system before responding to the set of file-related storage operation requests, and (c) the storage system target function. A method for evaluating a storage policy, the method includes: simulating an application of the storage policy by the storage system during a first period, in response to a set of file-related storage operation requests that was provided to the storage system during the first period, to provide a simulation result; wherein the first period starts before the simulating.

Abstract: A mechanism enabling a processor in a multiprocessor complex to function as a coprocessor to execute a specific function. The method includes a mechanism for activating a coprocessor to function as a coprocessor as well as a mechanism to execute a coprocessor request on the system. The present invention also provides a mechanism for efficient processor to processor communication for processors coupled to a common bus. Overall system performance is enhanced by significantly reducing the use of hardware interrupts for processor to processor communication.

Abstract: A mechanism for speculative packet transmission including a credit-based flow control interconnect device to initiate speculative transmission of a Transaction Layer Packet if the number of available flow control (FC) credits is insufficient for completing the transmission. The sending device initiates a speculative transmission of packets to the receiving device even though the packet for transmission requires a number of FC credits greater than the available FC credits. If the additional FC credits required to complete the packet transmission become available to the sending device before the transmission is completed, the packets are then fully transmitted by the sending device. Otherwise, if the additional FC credits required do not become available prior to completion of the transmission, then the sending device aborts the transmission without utilization of the FC credits. The sending device may initiate speculative packet transmission only if a particular minimal amount of FC credits is available.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A network acceleration architecture for use with TCP, iSCSI and/or RDMA over TCP, including a hardware acceleration engine adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, a software protocol processor adapted for carrying out TCP implementation, and an asynchronous dual-queue interface for exchanging information between the hardware acceleration engine and the software protocol processor, wherein the hardware acceleration engine and the software protocol processor are adapted to operate asynchronously and independently of one another.

Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.

Abstract: Techniques for maintaining connectivity between a remote application stored on a remote device and an application being executed in a system environment, wherein the system environment is migrated from a first device to a second device, are provided. A first connection between the remote application stored on the remote device and the application being executed in the system environment stored on the first device is established via a first communication over a first negotiation channel. The first negotiation channel connects a first socket layer interface linked to the application being executed in the system environment to a second socket layer interface linked to the remote application. The first connection between the remote application and the application being executed in the system environment is disconnected for migration of the system environment from the first device to the second device. Disconnecting the first connection is coordinated via the first negotiation channel.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and/or RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and transmitting a TCP segment with the streamer.

Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame as long as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.

Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame al song as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.

Abstract: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.

Abstract: A computer program product is provided. The product including a computer readable storage medium including computer readable program code for controlling access to computer memory.

Abstract: A novel and useful mechanism enabling a processor in a multiprocessor complex to function as a coprocessor to execute a specific function. The method includes a mechanism for activating a coprocessor to function as a coprocessor as well as a mechanism to execute a coprocessor request on the system. The present invention also provides a mechanism for efficient processor to processor communication for processors coupled to a common bus. Overall system performance is enhanced by significantly reducing the use of hardware interrupts for processor to processor communication.

Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

Abstract: A system and method for maintaining ordering in completion and retransmit operations in an RDMA environment. A system is provided for handling a completion process in an remote data memory access (RDMA) environment having a RequestOut channel and a ResponseOut channel, comprising: a descriptor list for each channel, wherein each descriptor list includes a message descriptor for each message in the channel; an update mechanism for updating a message length field in the message descriptor with a sequence number of a last byte in the message whenever a channel swap occurs between the RequestOut channel and the ResponseOut channel; an acknowledgement (Ack) completion system that examines values in a completion context and compares a sequence number of a next to complete message with a last acknowledged sequence number to determine if the message should be completed; and a read request completion system that performs completion of a read request.

Abstract: A system and method of implementing asynchronous completion notification in an RDMA (remote data memory access) network interface card (RNIC). The method includes the steps of: storing a first CQE number of a most recent CQE placed into the CQ; storing a second CQE number of a most recent CQE retrieved from the CQ; issuing a request for completion notification; packaging the second CQE number with the request; and processing the request, wherein the processing step compares the first CQE number with the second CQE number to determine whether asynchronous completion notification should be immediately performed.

Abstract: Device, system and method of speculative packet transmission. For example, an apparatus for speculative packet transmission includes: a credit-based flow control interconnect device to initiate speculative transmission of a Transaction Layer Packet if a number of available flow control credits is insufficient for completing the transmission.