US 12,135,875 B2
I/O command control device and information storage device
Takeshi Ishihara, Yokohama Kanagawa (JP)
Assigned to KIOXIA CORPORATION, Tokyo (JP)
Filed by Kioxa Corporation, Tokyo (JP)
Filed on Dec. 10, 2021, as Appl. No. 17/548,104.
Claims priority of application No. 2021-146264 (JP), filed on Sep. 8, 2021.
Prior Publication US 2023/0072572 A1, Mar. 9, 2023
Int. Cl. G06F 3/06 (2006.01); G06F 12/14 (2006.01)
CPC G06F 3/061 (2013.01) [G06F 3/0659 (2013.01); G06F 3/0679 (2013.01); G06F 12/1408 (2013.01)] 15 Claims
OG exemplary drawing
 
1. An I/O command control device configured to connect to a storage device that divides a physical area into one or more logical areas and performs reading and writing of information based on an I/O command for each of the one or more logical areas, the physical area storing information to be read and information that is written,
the I/O command control device comprising:
I/O command interface circuitry configured to receive the I/O command from an external control entity;
control command interface circuitry configured to transmit a control command for controlling the storage device to the storage device, the control command being generated based on the I/O command;
a controller circuitry configured to:
receive the I/O command to which authorization information is appended, for each logical area that is an execution target of the I/O command via the I/O command interface circuitry, and extract the authorization information from the received I/O command, the authorization information indicating whether execution of the I/O command is permitted and being protected from modification performed by a sender of the I/O command;
verify, for each of the logical areas, whether the extracted authorization information is not modified and is issued from a known authorization server, and when the extracted authorization information is not modified and is issued from the known authorization server, verifies verify whether the received extracted authorization information permits execution of the I/O command;
permit or inhibit execution of the received I/O command or the control command generated from the received I/O command with respect to a logical area that is an execution target of the I/O command, in accordance with an authorization result indicating whether the received extracted authorization information permits execution of the I/O command;
acquire reliability base information that is used by the controller to verify whether the extracted authorization information is not modified and is issued from the known authorization server, and maintain and manage the acquired reliability base information; and
generate the control command based on the I/O command; and
storage circuitry configured to temporarily store data,
wherein the authorization information includes first identification information capable of identifying the I/O command that corresponds to the authorization information,
the controller circuitry is configured to:
extract the first identification information from the authorization information;
store the authorization result and the extracted first identification information in the storage circuitry in a state where the authorization result and the extracted first identification information are associated with each other;
generate second identification information capable of identifying the I/O command in accordance with the I/O command;
store the I/O command, a first logical area that is an execution target of the I/O command among the one or more logical areas, and the second identification information in the storage circuitry in a state where the I/O command, the first logical area, and the second identification information are associated with each other;
determine whether the first identification information matching the second identification information is stored in the storage circuitry;
when the first identification information matching the second identification information is stored in the storage circuitry and the authorization result associated with the first identification information permits execution of the I/O command, permit execution of the I/O command or the control command generated from the I/O command in the first logical area; and
when the first identification information matching the second identification information is not stored in the storage circuitry, or when the first identification information matching the second identification information is stored in the storage circuitry and the authorization result associated with the first identification information does not permit execution of the I/O command, inhibit execution of the I/O command or the control command generated from the I/O command in the first logical area.