Search

US-12619384-B2 - Data storage device and method for access control based on a stream identifier of a virtual function

US12619384B2US 12619384 B2US12619384 B2US 12619384B2US-12619384-B2

Abstract

A data storage device with access control based on stream identifier for virtual environment is provided. In one embodiment, a method is provided that is performed in a host in communication with a data storage device comprising a memory. The method comprises identifying an available submission queue; deleting the submission queue; recreating the submission queue; assigning the virtual machine to a virtual function; assigning the recreated submission queue with the virtual function; and informing the data storage device that the recreated submission queue is attached to a stream identifier, wherein the stream identifier is associated with a virtual machine. Other embodiments are provided.

Inventors

  • Leeladhar Agarwal

Assignees

  • SanDisk Technologies, Inc.

Dates

Publication Date
20260505
Application Date
20240502

Claims (19)

  1. 1 . A data storage device comprising: a memory comprising a plurality of logical addresses, wherein a namespace is associated with a subset of the plurality of logical addresses; and one or more processors, individually or in combination, configured to: store data outside of the namespace, wherein storage of updates to the data is not limited to the subset of the plurality of logical addresses; receive notification that a stream identifier associated with the data is attached to a submission queue that was recreated from a deleted available submission queue; retrieve a read request from the submission queue, wherein the read request was written into the submission queue by a virtual function assigned to the submission queue and assigned to a virtual machine accessing the data; determine if the read request is associated with the stream identifier; in response to determining that the read request is associated with the stream identifier, process the read request; and in response to determining that the read request is not associated with the stream identifier, provide a message indicating that the read request will not be processed.
  2. 2 . The data storage device of claim 1 , wherein assigning the submission queue to the virtual function provides access control without using single-root input/output virtualization (SR-IOV).
  3. 3 . The data storage device of claim 1 , wherein assigning the submission queue to the virtual function provides access control without using the namespace.
  4. 4 . The data storage device of claim 1 , wherein the submission queue was recreated by an administrative virtual machine.
  5. 5 . The data storage device of claim 1 , wherein the one or more processors, individually or in combination, are further configured to receive a notification that the recreated submission queue was detached from the virtual machine.
  6. 6 . The data storage device of claim 1 , wherein the particular stream identifier is associated with a gaming application.
  7. 7 . The data storage device of claim 1 , wherein the stream identifier is associated with an automotive application.
  8. 8 . The data storage device of claim 1 , wherein the one or more processors are part of a controller.
  9. 9 . The data storage device of claim 1 , wherein the memory comprises a three-dimensional memory.
  10. 10 . A data storage device comprising: a memory comprising a plurality of logical addresses, wherein a namespace is associated with a subset of the plurality of logical addresses; and means for: storing data outside of the namespace, wherein storage of updates to the data is not limited to the subset of the plurality of logical addresses; receiving notification that a stream identifier associated with the data is attached to a submission queue that was recreated from a deleted available submission queue; retrieving a read request from the submission queue, wherein the read request was written into the submission queue by a virtual function assigned to the submission queue and assigned to a virtual machine accessing the data; determining if the read request is associated with the stream identifier; in response to determining that the read request is associated with the stream identifier, processing the read request; and in response to determining that the read request is not associated with the stream identifier, providing a message indicating that the read request will not be processed.
  11. 11 . A method comprising: performing in a data storage device comprising a memory comprising a plurality of logical addresses, wherein a namespace is associated with a subset of the plurality of logical addresses: storing data outside of the namespace, wherein storage of updates to the data is not limited to the subset of the plurality of logical addresses; receiving notification that a stream identifier associated with the data is attached to a submission queue that was recreated from a deleted available submission queue; retrieving a read request from the submission queue, wherein the read request was written into the submission queue by a virtual function assigned to the submission queue and assigned to a virtual machine accessing the data; determining if the read request is associated with the stream identifier; in response to determining that the read request is associated with the stream identifier, processing the read request; and in response to determining that the read request is not associated with the stream identifier, providing a message indicating that the read request will not be processed.
  12. 12 . The method of claim 11 , wherein assigning the submission queue to the virtual function provides access control without using single-root input/output virtualization (SR-IOV).
  13. 13 . The method of claim 11 , wherein assigning the submission queue to the virtual function provides access control without using the namespace.
  14. 14 . The method of claim 11 , wherein the submission queue was recreated by an administrative virtual machine.
  15. 15 . The method of claim 11 , further comprising receiving a notification that the recreated submission queue was detached from the virtual machine.
  16. 16 . The method of claim 11 , wherein the particular stream identifier is associated with a gaming application.
  17. 17 . The method of claim 11 , wherein the particular stream identifier is associated with an automotive application.
  18. 18 . The method of claim 11 , wherein the method is performed in a controller of the data storage device.
  19. 19 . The method of claim 11 , wherein the memory comprises a three-dimensional memory.

Description

BACKGROUND A single-root input/output virtualization (SR-IOV) interface is an extension to the Peripheral Component Interconnect Express (PCIe) specification and introduces the concept of physical functions (PF) and virtual functions. An SR-IOV access control feature is based on a namespace, and virtual function attachment is done to a namespace. A namespace refers to a collection of logical block addresses (LBAs) accessible to host software, and a namespace ID is an identifier used to provide access to a namespace. Virtual environmental isolation is achieved by namespace, where the administrative virtual machine attaches a virtual function to the namespace associated with a virtual machine. A virtual machine can read and write to the logical space assigned at the time of creating the namespace. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1A is a block diagram of a data storage device of an embodiment. FIG. 1B is a block diagram illustrating a storage module of an embodiment. FIG. 1C is a block diagram illustrating a hierarchical storage system of an embodiment. FIG. 2A is a block diagram illustrating components of the controller of the data storage device illustrated in FIG. 1A according to an embodiment. FIG. 2B is a block diagram illustrating components of the data storage device illustrated in FIG. 1A according to an embodiment. FIG. 3 is a block diagram of a host and a data storage device of an embodiment. FIG. 4 is an illustration of an architecture of an embodiment. FIG. 5 is a flow chart of an attach method of an embodiment. FIG. 6 is a flow chart of a detach method of an embodiment. DETAILED DESCRIPTION The following embodiments generally relate to a data storage device and method for access control based on a stream identifier of a virtual function. In one embodiment, a data storage device is provided comprising a memory and one or more processors. The one or more processors, individually or in combination, are configured to: retrieve a read request from a submission queue, wherein the submission queue was recreated from an available submission queue and assigned to a virtual function that is assigned to a virtual machine associated with a particular stream identifier; determine if the read request is associated with the particular stream identifier; in response to determining that the read request is associated with the particular stream identifier, process the read request; and in response to determining that the read request is not associated with the particular stream identifier, provide a message indicating that the read request will not be processed. In some embodiments, assigning the submission queue to the virtual function provides access control without using single-root input/output virtualization (SR-IOV). In some embodiments, assigning the submission queue to the virtual function provides access control without using a namespace. In some embodiments, the submission queue was recreated by an administrative virtual machine. In some embodiments, the one or more processors, individually or in combination, are further configured to receive a notification that the recreated submission queue was detached from the virtual machine. In some embodiments, the particular stream identifier is associated with a gaming application. In some embodiments, the particular stream identifier is associated with an automotive application. In some embodiments, the one or more processors are part of a controller. In some embodiments, the memory comprises a three-dimensional memory. In another embodiment, a method is provided that is performed in a host in communication with a data storage device comprising a memory. The method comprises identifying an available submission queue; deleting the submission queue; recreating the submission queue; assigning the virtual machine to a virtual function; assigning the recreated submission queue with the virtual function; and informing the data storage device that the recreated submission queue is attached to a stream identifier, wherein the stream identifier is associated with a virtual machine. In some embodiments, the method provides access control without using single-root input/output virtualization (SR-IOV). In some embodiments, the method provides access control without using a namespace. In some embodiments, the method is performed by an administrative virtual machine. In some embodiments, the method further comprises detaching the recreated submission queue from the virtual machine. In some embodiments, the method further comprises informing the data storage device that the recreated submission queue is detached from the virtual machine; and using the recreated submission queue for another application. In some embodiments, the stream identifier is associated with a gaming application. In some embodiments, the stream identifier is associate with an automotive application. In some embodiments, the method is performed in one or more processors, individually or in combinati