公开(公告)号：US11755496B1

公开(公告)日：2023-09-12

申请号：US17547888

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Peter Barry ,  Adi Habusha ,  Martin Pohlack

IPC: G06F12/1009 ,  G06F12/0882 ,  G06F12/06 ,  G06F12/02

CPC classification number: G06F12/1009 ,  G06F12/0238 ,  G06F12/0646 ,  G06F12/0882 ,  G06F2212/7201

Abstract: A computer system and methods are disclosed for mitigating side-channel attacks using memory aliasing. The computer system includes a memory, a memory controller and a cache. Responsive to determining to share a memory location among processes, the address of the memory may be aliased to another address within the same address space, with the address and aliased address assigned to respective ones of the processes. The memory controller manages the address space according to an aliasing region and a non-aliasing region, with addresses corresponding to the non-aliasing region being passed through to the memory. Addresses corresponding to the aliasing region are translated by the memory controller to match corresponding non-aliased memory addresses allowing aliased and non-aliased addresses to access same memory locations. A cache may cache accesses to memory addresses, including the non-aliased and aliased addresses, with different cache locations for selected according to the respective addresses of memory.

公开(公告)号：US11900152B1

公开(公告)日：2024-02-13

申请号：US17218015

申请日：2021-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Marc Brooker ,  David Nasi ,  Trishika Pattabiraman ,  Holly Mesrobian ,  Mikhail Danilov ,  Peter Barry ,  Peter Martin McDonnell

IPC: G06F3/00 ,  G06F9/48 ,  G06F8/71 ,  G06F11/34 ,  G06F16/18 ,  G06F11/30 ,  G06F8/65

CPC classification number: G06F9/4843 ,  G06F8/65 ,  G06F8/71 ,  G06F11/3034 ,  G06F11/3409 ,  G06F16/1873

Abstract: Systems and methods are described for providing updating of disk images supporting serverless code execution and controlled deployment of updated disk images. A disk image can be defined as a set of layers that represent a file system include code of a serverless function and other data used by the code. A function owner can designate one layer as containing software or other data subject to update. When a new version of the layer is obtained at a serverless compute system, the system can generate a new disk image containing the updated layer. The system can then gradually transition the function to the new disk image, by dividing calls to the function among two versions of the function—one using the prior disk image, and one using the new disk image. Performance data gained from the new version of the function can be used to control the gradual transition.

公开(公告)号：US11635919B1

公开(公告)日：2023-04-25

申请号：US17491252

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Peter Barry ,  Filippo Sironi

IPC: G06F3/06 ,  G06F12/1045 ,  G06F12/0882

Abstract: A computing device including executable processes may determine that a future likelihood of access for virtual memory pages of an executable process are below a threshold likelihood of access based on an execution status of the executable process or a tracking of memory accesses to the virtual memory pages of the executable process. Responsive to this determination, memory pages found to store contents matching that of memory pages mapped to other processes may be unmapped from the process and released for reuse by the computing device. The virtual memory pages may then be marked as being shared with the similar memory pages mapped to the other processes. At a later time, the memory pages of the process may be configured to be non-shared, the configuring including either copying respective shared pages to non-shared pages or enabling a processor exception on access to the memory pages.