公开(公告)号：US09762502B1

公开(公告)日：2017-09-12

申请号：US14632449

申请日：2015-02-26

Applicant: Google Inc.

Inventor： Jeffrey Clifford Mogul ,  Jakov Seizovic ,  Yuhong Mao ,  Benjamin Charles Serebrin

IPC: G06F15/16 ,  H04L12/863 ,  H04L12/825

CPC classification number: H04L47/2441 ,  H04L45/745 ,  H04L47/32

Abstract: The present application describes a system and method for a virtual machine to classify a packet. Once the virtual machine (VM) classifies the packet, it bypasses a hypervisor to enqueue the packet directly on a hardware transmission queue. The NIC will then verify that the VM classified and enqueued the packet correctly. If the packet was classified properly, it is transmitted over the wire to its destination. In this regard, the system and method provides a technique for verifying that the VM is enqueuing packets properly, while improving performance by allowing high-rate flows to bypass the hypervisor.

公开(公告)号：US10693850B2

公开(公告)日：2020-06-23

申请号：US14708685

申请日：2015-05-11

Applicant: Google Inc.

Inventor： Benjamin Charles Serebrin

IPC: H04L29/06 ,  H04L9/08 ,  G06F9/455

Abstract: An example of a system and method implementing a live migration of a guest on a virtual machine of a host server to a target server is provided. For example, a host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receive token. The receive token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server.

公开(公告)号：US10540292B2

公开(公告)日：2020-01-21

申请号：US15616486

申请日：2017-06-07

Applicant: Google Inc.

Inventor： Eric Northup ,  Benjamin Charles Serebrin

IPC: G06F12/10 ,  G06F12/1027 ,  G06F12/1009

Abstract: Aspects of the disclosure relate to directing and tracking translation lookaside buffer (TLB) shootdowns within hardware. One or more processors, comprising one or more processor cores, may determine that a process executing on a processing core causes one or more virtual memory pages to become disassociated with one or more previously associated physical memory addresses. The processing core which is executing that process which caused the disassociation may generate a TLB shootdown request. The processing core may transmit the TLB shootdown request to the other cores. The TLB shootdown request may include identification information, a shootdown address indicating the disassociated virtual memory page or pages which need to be flushed from the respective TLBs of the other cores, and a notification address indicating where the other cores may acknowledge completion of the TLB shootdown request.

公开(公告)号：US10261700B1

公开(公告)日：2019-04-16

申请号：US15247632

申请日：2016-08-25

Applicant: GOOGLE INC.

Inventor： Benjamin Charles Serebrin ,  Trevor Bunker ,  Timothy Chen

IPC: G06F3/06 ,  G06F12/0802

Abstract: A method of accessing data in a non-volatile memory device is disclosed. The method includes serially receiving a command having an address in a virtual address space. When the address maps to the buffer in memory, the address may be matched to the address to one of a plurality of segments in buffer memory. Data may be moved from internal EEPROM/Flash memory to a segment of the plurality of segments of the buffer memory for an address range in the virtual address space that is likely to be read. A physical address may be generated within the buffer memory based on the address. Data may be fetched in the buffer memory based on the generated address and then a response for the command may be transmitted that includes the fetched data.

公开(公告)号：US10133497B1

公开(公告)日：2018-11-20

申请号：US15247199

申请日：2016-08-25

Applicant: GOOGLE INC.

Inventor： Benjamin Charles Serebrin ,  Timothy Chen ,  Scott Johnson

IPC: G06F3/06 ,  G06F21/52

Abstract: A method in a memory system having a security device and a serial external electrically erasable read-only memory (EEPROM) is disclosed. The method includes accepting N bits of a command prefix and matching the bits to command filtering rules. Upon matching the prefix to a command filtering rule, the method may perform a filter action associated with the matched rule. When the command prefix is for a destructive command prefix that can modify data in the EEPROM, the filter action may convert the command into a non-destructive command and inspect it for authentication. The converted command may be output to the external EEPROM without security processing in the security device and the external EEPROM may return read data without outputting. When the command prefix is for a non-destructive command prefix, the command may be allowed to pass through the external EEPROM unchanged without performing security processing in the security device.

公开(公告)号：US09697358B2

公开(公告)日：2017-07-04

申请号：US13917261

申请日：2013-06-13

Applicant: GOOGLE INC.

Inventor： Benjamin Charles Serebrin ,  Jonathan M. McCune

IPC: G06F21/57 ,  G06F21/64 ,  G06F9/445

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F21/64

Abstract: An apparatus includes an interface module, a controller, a key storage module, where the key storage module is configured to store a key, and a non-volatile storage module that is configured to store data. The non-volatile storage module has a first partition and a second partition, where the first partition is designated as a read-only storage area for the data and the second partition is designated as a write-only storage area for new data. The first partition is re-designated as the write-only storage area for other new data and the second partition is re-designated as the read-only storage area for the new data in response to the new data being written to the second partition with a signature and the controller verifying the signature using the key stored in the key storage module.