Abstract: A method for detecting a ROP attack comprising processing of an object within a virtual machine managed by a virtual machine monitor (VMM), intercepting an attempted execution by the object of an instruction, the instruction stored on a page in memory that is accessed by the virtual machine, responsive to determining the page includes instructions corresponding to one of a predefined set of function calls, (i) inserting a first transition event into the memory at a starting address location of a function call, and (ii) setting a permission of the page to be execute only, and responsive to triggering the first transition event, halting, by the VMM, the processing of the object and analyzing, by logic within the VMM, content of last branch records associated with the virtual machine to determine whether the processing of the object displays characteristics of a ROP attack is shown.

Abstract: Circuitry comprises a translation lookaside buffer to store data representing memory address translations, each memory address translation being between an input memory address range defining a contiguous range of one or more input memory addresses in an input memory address space and a translated output memory address range defining a contiguous range of one or more output memory addresses in an output memory address space; in which the translation lookaside buffer comprises a plurality of memory elements to store one or more arrays each having a base input memory address, a base output memory address and a plurality of entries each mapping an n-bit offset to an m-bit offset, each entry representing a memory address translation of an input memory address range defined by the respective n-bit offset relative to the base input memory address to a translated output memory address range defined by the respective m-bit offset relative to the base output memory address; in which n and m are positive integers and n

Abstract: A computer system includes a translation lookaside buffer (TLB) data cache and a processor. The TLB data cache includes a hierarchical configuration comprising a first TLB array, a second TLB array, a third TLB array, and a fourth TLB array. The processor is configured to receive a first address for translation to a second address, and determine whether translation should be performed using a hierarchical page table or a hashed page table. The processor also determines (using a first portion of the first address) whether the first array stores a mapping of the first portion of the first address in response to determining that the translation should be performed using the hashed page table, and retrieving the second address from the third TLB array or the fourth TLB array in response to determining that the first TLB array stores the mapping of the first portion of the first address.

Abstract: A selection of a document that includes a command and a parameter is received, and a user is caused to be associated with a policy that grants permission to execute the document. A request is received, from a requestor, to execute the document, the request including a parameter value, and the requestor is determined to be the user associated with the policy. The user is validated to have access to a resource indicated by the parameter value, and the command is caused to be executed against the resource.

Abstract: Acquiring location information is presented, including acquiring disk location information for logical partitions, the logical partitions pertaining to a virtual machine, matching the disk location information corresponding to the logical partitions against location information for at least one virtual disk stored on a physical device, in the event that the disk location information matches the location information for the at least one virtual disk, determining the location information for the at least one virtual disk obtained by the matching to be the disk location information for the logical partitions in the physical device, and outputting the location information for the at least one virtual disk.

Abstract: Disclosed is a method that includes calculating, at a collector receiving a data flow and via a hashing algorithm, all possible hashes associated with at least one virtual attribute associated with the data flow to yield resultant hash values. Based on the resultant hash values, the method includes computing a multicast address group and multicasting the data flow to n leafs based on the multicast address group. At respective other collectors, the method includes filtering received sub-flows of the data flow based on the resultant hashes, wherein if a respective hash is owned by a collector, the respective collector accepts and saves the sub-flow in a local switch collector database. A scalable, distributed netflow is possible with the ability to respond to queries for fabric-level netflow statistics even on virtual constructs.

Abstract: A system and method include receiving, by a computing system, an initial container file of a container as input, such that the container is to be converted into a virtual machine and the initial container file is part of a plurality of container files associated with the container. The system and method also include parsing, by the computing system, the plurality of container files including the initial container file, generating, by the computing system, an ISO image from each of the parsed container files, and booting, by the computing system, the virtual machine using the ISO image from each of the parsed container files.

Abstract: An apparatus, system, and method provide remote management of a distributed computer system through a wireless communication link. A wireless server application utilizes a stateless protocol to communicate with a wireless client. An administrator uses the wireless client running on a portable device connected to a wireless server through the wireless communication link to access a network management application connected to the distributed computer network.

Abstract: Embodiments of apparatuses and methods for processing virtualization events in a layered virtualization architecture are disclosed. In one embodiment, an apparatus includes a hardware processor including event circuit to recognize a virtualization event, and evaluation circuit to determine whether to transfer control of the apparatus from a child guest to a parent guest in response to the virtualization event, wherein the child guest and the parent guest each include a bit per virtualization event to indicate whether the parent guest is to gain control when the virtualization event occurs.

Abstract: An example method of preserving a modification to an internal state of a computer system includes applying an overlay on a target container. The overlay includes a set of events corresponding to a first set of modifications to a computer system. The method also includes after applying the overlay, receiving a set of user requests corresponding to a second set of modifications to the computer system. The method further includes changing, based on the set of user requests, the third set of internal states of the computer system to the fourth set of internal states. The method also includes removing the overlay from the target container, while preserving the second set of modifications to the computer system.

Abstract: A method and system using face tracking and object tracking is disclosed. The method and system use face tracking, location, and/or recognition to enhance object tracking, and use object tracking and/or location to enhance face tracking.

Abstract: In a virtual computing environment, a system configured to switch between isolated virtual contexts. A system includes a physical processor. The physical processor includes an instruction set architecture. The instruction set architecture includes an instruction included in the instruction set architecture for the physical processor that when invoked indicates that a virtual processor implemented using the physical processor should switch directly from a first virtual machine context to a second virtual machine context. The first and second virtual machine contexts are isolated from each other.

Abstract: Systems and methods for copy and decrypt support for encrypted virtual machines are disclosed. An example method may include receiving, at a source host machine hosting a virtual machine (VM), a request to migrate the VM to a destination host machine, identifying a first page of memory of the VM on the source host machine for migration, write-protecting the first page, the first page of memory encrypted with a VM-specific encryption key, allocating a second page, executing a copy-and-reencrypt command using the first page and the second page as parameters for the copy-and-reencrypt command, the copy-and-reencrypt command to output the second page comprising contents of the first page re-encrypted with a migration key, and transmitting contents of the second page to the destination host machine.

Abstract: An image forming apparatus capable of preventing compatibility with an extension application from being impaired. The image forming apparatus installs an operation program of an extension application therein, and includes a VM (Virtual Machine) that executes a bytecoded program generated based on the operation program. The bytecoded program is generated by converting the operation program to bytecode. The operation program and the bytecoded program are written into a package, and the package is stored in a storage of the image forming apparatus.

Abstract: Apparatuses, methods and storage medium associated with computing that include usage and backup of persistent memory are disclosed herein. In embodiments, an apparatus for computing may comprise one or more processors and persistent memory to host operation of one or more virtual machines; and one or more page tables to store a plurality of mappings to map a plurality of virtual memory pages of a virtualization of the persistent memory of the one or more virtual machines to a plurality of physical memory pages of the persistent memory allocated to the one or more virtual machines. The apparatus may further include a memory manager to manage accesses of the persistent memory that includes a copy-on-write mechanism to service write instructions that address virtual memory pages mapped to physical memory pages that are marked as read-only. Other embodiments may be described and/or claimed.

Abstract: In one embodiment, a solid state drive (SSD) with power loss protection (PLP) includes a SSD controller, a secondary controller and a power circuit configured to supply power to the SSD from a power source during normal operation and backup power from a backup power source in response to a loss of power supplied by the power source. In the event of a loss of power, the secondary controller is configured to track the holdup time, or duration of time for which the primary controller can operate on backup power. In one embodiment, the holdup time tracked by the secondary controller is stored in a non-volatile memory in communication with the secondary controller.

Abstract: Various techniques for detection of malware using an instrumented virtual machine environment are disclosed. In some embodiments, detection of malware using an instrumented virtual machine environment includes instantiating a first virtual machine in the instrumented virtual machine environment, in which the first virtual machine is configured to support installation of two or more versions of a resource; installing a first version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the first version of the resource with a malware sample opened using the first version of the resource; and installing a second version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the second version of the resource with the malware sample opened using the second version of the resource.

Abstract: According to one or more embodiments of the disclosure, virtual replication of physical things for scale-out in an Internet of Things (IoT) integrated developer environment (IDE) is shown and described. In particular, in one embodiment, a computer operates an Internet of Things (IoT) integrated developer environment (IDE) that accesses one or more real-world physical devices within a computer network that are configured to participate with the IoT IDE. The IoT IDE may then virtually replicate the one or more real-world physical devices within the IoT IDE into a configuration of virtual devices within the IoT IDE, such that simulating an IoT application within the IoT IDE results in relaying input and/or output (I/O) messages between the IoT IDE and the one or more real-world physical devices, and virtually replicating those I/O messages according to the configuration of virtual devices within the IoT IDE.

Abstract: A power consumption optimization system includes a virtual machine (VM) provisioned on a host, a memory, a server, and a processor in communication with the memory. The processor causes the server to store a power consumption profile of the VM. The VM runs at a processor frequency state. Additionally, the processor causes the server to receive a request to lower a processor frequency for the VM from an original processor frequency state to a reduced processor frequency state. The request has request criteria indicating a time duration associated with the request. The server validates the request criteria and a requirement of another tenant on the host. Responsive to validating the request criteria and the requirement the other tenant on the host, the server confirms the request to lower the processor frequency. Additionally, the server lowers the processor frequency to the reduced processor frequency state during the time duration.

Abstract: Described herein is a method for allocating resources for rendering. The method can include assembling a plurality of render nodes. The render nodes can have their defined input(s) and output(s). From the assembled set of render nodes a schedule can be compiled. The compiled schedule for the plurality of rendering nodes can be based at least on the defined input(s) and output(s). Additionally, the plurality of rendering nodes can be scheduled such that more than one rendering algorithm can be carried out at a point in time. Within the compiling, a set of resource barriers can be defined. The set of resource barriers can include system resource barriers. These system resource barriers can be for processing the set of render nodes based on the created schedule.

Abstract: Techniques for configurable compute instance resets are described. A user can issue a request to securely reset one or more compute instances implemented within a service provider system. Each compute instance is reset to a previous point in time, such that any activity of the compute instance or effects thereof occurring since that point in time are completely eliminated. Each compute instance reset can include removing an existing volume of the compute instance, obtaining a volume, attaching the obtained volume to the compute instance, and rebooting the compute instance. Configuration data of the compute instance, such as an instance identifier or network addresses, can be maintained after the reset.

Abstract: Various computer peripheral cards, devices, systems, methods, and software are provided herein. In one example, a storage card insertable into a host system includes a plurality of storage device connectors in a stacked arrangement, each configured to mate with associated storage devices and carry Peripheral Component Interconnect Express (PCIe) signaling for the associated storage devices. The storage card also includes a PCIe switch circuit configured to communicatively couple the PCIe signaling of the plurality of storage device connectors and PCIe signaling of a host connector of the storage card, where the PCIe switch circuit is configured to receive storage operations over the PCIe signaling of the host connector of the storage card and transfer the storage operations for delivery over the PCIe signaling of selected ones of the plurality of storage device connectors.

Abstract: The present invention relates to a technology that performs: checking an integrity of a paravirtualization agent before executing the paravirtualization agent; protecting the paravirtualization agent by obstructing the modulation of a memory region to which the paravirtualization agent is allocated; when file input-output is generated in the paravirtualization agent, transmitting information associated with the generated file input-output to a host-based file system protection service to inquire about accessibility; determining an authority for access to the generated file input-output through a reasoning engine in the host-based file system protection service; and transmitting a result of the determination to the paravirtualization agent, and processing the generated file input-output, thereby protecting a file in a file system.

Abstract: Described herein is a method for allocating resources of a graphics processing unit (GPU). Methods as described herein can include assembling a plurality of work nodes having defined inputs and outputs, wherein at least one work node is a rendering work node and at least one work node is a compute work node. A schedule can be created for the plurality of work nodes based at least on the defined inputs and outputs, wherein the plurality of work nodes can be scheduled such that more than one GPU process can be carried out at a point in time. Additionally, the schedule can be created such that both render nodes and compute nodes can use the same GPU resources either simultaneously or at separate times. For example, the GPU does not need to be partitioned where certain resources are only for compute processes and others are reserved for rendering processes. A set of system resource barriers can be determined for processing the set of work nodes based on the created schedule.

Abstract: A host in a virtualization system pings one or more storage domains. When the host determines that a storage domain in inaccessible and later determines that the storage domain is once again accessible, the host may determine a set of virtual machines associated with the storage domain that are paused. The host may, then, resume at least one of those virtual machines.

Abstract: A method of managing a database including creating an initial counting bloom filter (CBF) instance having an array of counters and hash functions that map an inserted value to the array of counters, and designating the initial CBF instance as a current CBF instance, and sequentially inserting each value of a sample data set of a table column into the hash functions of the current CBF instance and incrementing counters of the array of counters to which the value is mapped. The method further includes, prior to inserting each value into the hash functions of the current CBF instance, when a number of counters of the array of counters having non-zero values is at least at a threshold level, designating the current CBF instance as an old CBF instance, creating a new CBF instance having an array of counters and hash functions that map an inserted value to the array counters, and designating the new CBF instance as the current CBF instance.

Abstract: Using stored information about the compilation environment during compilation of a code segment to improve performance of just-in-time compilers. A set of characteristic(s) of a compilation environment is measured during compilation of a code segment. Information that may be relevant to how the compilation is performed is derived from at least one of the measured characteristics and stored in a persistent storage device. Upon a subsequent request to compile that code segment, the information is retrieved and used to change compilation behavior. The set of characteristic(s) relate to at least either compilation backlog or peak memory usage. The changed compilation behavior involves at least adjusting the scheduling of the subsequent compilation request or adjusting the compiler optimization level.

Abstract: Standard nested virtualization allows a hypervisor to run other hypervisors as guests, i.e. a level-0 (L0) hypervisor can run multiple level-1 (L1) hypervisors, each of which can run multiple level-2 (L2) virtual machines (VMs), with each L2 VM is restricted to run on only one L1 hypervisor. Span provides a Multi-hypervisor VM in which a single VM can simultaneously run on multiple hypervisors, which permits a VM to benefit from different services provided by multiple hypervisors that co-exist on a single physical machine. Span allows (a) the memory footprint of the VM to be shared across two hypervisors, and (b) the responsibility for CPU and I/O scheduling to be distributed among the two hypervisors. Span VMs can achieve performance comparable to traditional (single-hypervisor) nested VMs for common benchmarks.

Abstract: Systems and methods for virtual machine based huge page balloon support are provided. A guest operating system (OS) receives a request from a hypervisor for guest memory to be made available to a host operating system (OS). The guest OS further receives a huge page size of a host page and a quantity of requested guest memory. The guest OS then allocates unused guest memory and transmits at least one address of the allocated guest memory to the hypervisor, where the allocated guest memory is a contiguous block of memory that is at least the size of the huge page size and aligned to the size of the huge page size.

Abstract: A migration system includes a memory, a physical processor, first and second hypervisors, first and second virtual machines, and first and second networking devices. The first hypervisor is located at a migration source location and the second hypervisor is located at a migration destination location. The first virtual machine includes a guest OS which includes a first agent. The second virtual machine includes the guest OS which includes a second agent. The first hypervisor is configured to request the guest OS executing on the first hypervisor to copy a configuration of the first networking device and to store the configuration in a place-holder networking device. The second hypervisor is configured to start the second virtual machine at a destination location, request the guest OS executing on the second virtual machine to copy the configuration from the place-holder networking device and to store the configuration in the second networking device.

Abstract: Systems, methods, and software described herein facilitate the allocation of large scale processing jobs to host computing systems. In one example, a method of operating an administration node to allocate processes to a plurality of host computing systems includes identifying a job process for a large scale processing environment (LSPE), and identifying a data repository associated with the job process. The method further includes obtaining data retrieval performance information related to the data repository and the host systems in the LSPE. The method also provides identifying a host system in the host systems for the job process based on the data retrieval performance information, and initiating a virtual node for the job process on the identified host system.

Abstract: Techniques are disclosed for maintaining high availability (HA) for virtual machines (VMs) running on host systems of a host cluster, where each host system executes a HA module in a plurality of HA modules and a storage module in a plurality of storage modules, where the host cluster aggregates, via the plurality of storage modules, locally-attached storage resources of the host systems to provide logical data store, and where persistent data for the VMs is stored across the locally-attached storage resources comprising the logical data store.

Abstract: A cloud-based storage server is interfaced with one or more storage devices that store shared content accessible over a network by two or more users. A virtual file system module is delivered to a user device associated with the users. The virtual file system module provides file access facilities that are not available by either the file system on the user device or the file system on the storage server. A virtual file system cache system manager allocates multiple local memory areas on a user device. The multiple local memory areas are managed differently under multiple cache regimes. The management of the cache regime spaces depend from a set of cache access response directives that serve to direct cache management operations pertaining to the movement of data blocks to and/or from the multiple cache regimes. One cache regime space stores shared data that can be used in an offline mode.

Abstract: A system and method for managing images in a cloud including providing a uniform image management interface for receiving from a user uniform image descriptions for building images in a cloud, and receiving a uniform image description for building an image from the user. The uniform image description is provided to an application to create a cloud-specific image description to provide to an image builder for building the image, and the uniform image description is stored in a local data store.

Abstract: In case of network isolation of a host executing one or more virtual machines, the state of the one of more virtual machines is saved using a variety of isolation response mechanisms. Isolation responses may include a live migration to another host using a shared storage system connected to both hosts, a virtual machine suspend and resume operation, and a snapshot reversion operation. The execution state of the virtual machine(s) running on the isolated host, which includes the state of the guest operating system and any running applications, are maintained in the other host, even after host isolation has occurred.

Abstract: Method, system, and computer program product for dynamic address translation for a virtual machine are disclosed. The method includes obtaining a memory portion from a memory space, in response to a request for building a shadow dynamic address translation table, wherein the memory space is allocated for at least one guest operation system and wherein the shadow dynamic address translation table includes a mapping between at least one guest logic memory address and at least one host physical memory address. The method further includes building the shadow dynamic address translation table and storing the shadow dynamic address translation table in the memory portion.

Abstract: Systems, methods, and computer programs are disclosed for detecting high-level functionality of an application executing on a computing device. One method comprises storing, in a secure memory on a computing device, a virtual address mapping table for an application. The virtual address mapping table comprises a plurality of virtual addresses in the application binary code mapped to corresponding target application functionalities. The application is registered with a high-level operating system (HLOS). During execution of the application binary code, the HLOS detects when one or more of the virtual addresses corresponding to the target application functionalities are executed based on the virtual address mapping table.

Abstract: A method of initializing a secondary processor pursuant to a soft reboot of system software comprises storing code to be executed by the secondary processor in memory, building first page tables to map the code into a first address space and second page tables to identically map the code into a second address space, fetching a first instruction of the code based on a first virtual address in the first address space and the first page tables, and executing the code beginning with the first instruction to switch from the first to the second page tables. The method further comprises, fetching a next instruction of the code using a second virtual address, which is identically mapped to a corresponding machine address, turning off a memory management unit of the secondary processor, and executing a waiting loop until a predetermined location in the physical memory changes in value.

Abstract: Embodiments relate to an intra-level privilege separation method for managing system software on an ARM processor, including dividing the system software into an inner domain and an outer domain having different privilege levels, determining whether to permit the access to a memory region of the inner domain based on the type of domain that is currently in control among the inner domain and the outer domain, setting the memory region of the inner domain outside of valid virtual address range when the outer domain is in control, and setting memory regions of the inner domain and the outer domain inside of valid virtual address range when the inner domain is in control.

Abstract: A method and apparatus for providing an operating system based on a lightweight hypervisor. An electronic device includes a hypervisor, an operating system monitor, and a virtualized operating system. The hypervisor enables the virtualized operating system and a physical machine to share the resources of the physical machine. If the virtualized operating system accesses the resource, the operating system monitor determines whether to allow the access to the resource. Also, the operating system monitor verifies the integrity of the virtualized operating system and determines whether a threat to the virtualized operating system exists.

Abstract: An information pushing method and apparatus, and a terminal and server are provided. The method includes: acquiring a key frame of a currently-played video; acquiring an characteristic value of the key frame according to picture information of the key frame; acquiring, according to the characteristic value of the key frame, pushing information corresponding to the characteristic value; and displaying the pushing information in a process of playing the currently-played video. After the key frame of the currently-played video is acquired, the characteristic value of the key frame is acquired according to the picture information of the key frame, and the pushing information corresponding to the characteristic value is acquired according to the characteristic value of the key frame, so as to display the pushing information in the process of playing the currently-played video.

Abstract: Systems and methods for discovering changes of network interface controller (NIC) names are disclosed. An example method may comprise receiving new network configuration data comprising first network interface controller (NIC) configuration data for a NIC device that is identified by a permanent identifier (ID), identifying the permanent ID of the NIC device in current network configuration data comprising second NIC configuration data for the NIC device, responsive to a first NIC name corresponding to the permanent ID in the new network configuration data being different than a second NIC name corresponding to the permanent ID in the current network configuration data, updating, by a processing device, the first NIC configuration data in the new network configuration data to be the same as the second NIC configuration data, and saving, by the processing device, the updated new network configuration data as the current network configuration data.

Abstract: Mail server migration. For each mailbox, a migration utility is started on a target server to get a list of message IDs that have already been migrated. The command “list-message-ids” is executed. The migration utility is started on the source server in a backup mode. The “backup” command is executed. Then, the migration utility is started on the target server in a restore mode. A “restore” command is executed. The migration utility on the source server provides mail messages to a standard output. The migration utility on the target server accepts mail messages on the standard input and restores them. An RPC agent transfers data via TCP once it gets it from the migration utility on the source server. The migration module receives data from the RPC agent and puts data to the standard input of the migration utility on the target server as soon as it receives it.

Abstract: An apparatus including a physical memory partitioned into areas, a flag storage unit to store flags wherein a flag is set as indicating an area being updated when storage information stored in the area is updated, the area being associated with the flag, and a processor. The processor executes a first process of recording, when any fault does not occur, storage information stored in a first area to a recording device, the first area being associated with a first flag indicating the first area being updated, a process of saving, in a saving device, the storage information stored in the first area, and clearing the first flag so as to indicate the first area not being updated, and a second process of recording, to the recording device, storage information stored in a second area associated with a second flag indicating being updated when the fault occurs.

Abstract: A virtual trusted platform module function implementation method is provided, the method is executed at an exception level EL3 of a processor that uses an ARM V8 architecture, and the method includes: generating, according to requirements of one or more VMs, one or more vTPM instances corresponding to each VM, and storing the generated one or more vTPM instances in preset secure space, where each vTPM instance has a dedicated instance communication queue for a VM corresponding to itself to use, and a physical address is allocated to each instance communication queue; and interacting with a VMM and the VM, so that the VM acquires a VM communication queue virtual address, in VM virtual address space, corresponding to a communication queue physical address of the vTPM instance, and the VM communicates with a vTPM instance communication queue by using the VM communication queue virtual address.

Abstract: A virtual machine cache provides for maintaining a working set of the cache during a transfer between virtual machine hosts. In response to a virtual machine transfer, the previous host of the virtual machine is configured to retain cache data of the virtual machine, which may include both cache metadata and data that has been admitted into the cache. The cache data may be transferred to the destination host via a network (or other communication mechanism). The destination host populates a virtual machine cache with the transferred cache data to thereby reconstruct the working state of the cache.

Abstract: A chat messaging service provided for a chat user is migrated. At a second chat server from a first chat server, static information associated with a chat user is received. At the second chat server from the first chat server, dynamic information associated with the chat user is received. At least a portion of the dynamic information is received after the chat user is indicated as being associated with the migration state. After the chat user is no longer indicated as being associated with the migration state, a chat message for the chat user is received at the second chat server.

Abstract: Methods, systems, computer-readable media, and apparatuses for performing, providing, managing, executing, and/or running a spatially-optimized simulation are presented. In one or more embodiments, the spatially-optimized simulation may comprise a plurality of worker modules performing the simulation, a plurality of entities being simulated among the plurality of worker modules, a plurality of bridge modules facilitating communication between workers and an administrative layer including a plurality of chunk modules, at least one receptionist module, and at least one oracle module. The spatially-optimized simulation may be configured to provide a distributed, persistent, fault-tolerate and spatially-optimized simulation environment. In some embodiments, load balancing and fault tolerance may be performed using transfer scores and/or tensile energies determined among the candidates for transferring simulation entities among workers.

Abstract: The systems described herein are configured to enhance the efficiency of memory in a host file system with respect to hosted virtual file systems. In situations when the hosted virtual file systems use smaller file block sizes than the file block sizes of the host file system. During storage of a file, a file block is assigned a block address and unmapping bits. The block address and unmapping bits are stored in a pointer block or other similar data structure associated with the file. Particularly, the block address is stored in a first address block and the unmapping bits are stored in at least one additional address block located in proximity to the block address, such that the unmap granularity of the file is not limited by the fixed size of address blocks in the system.

Abstract: Embodiments of an invention for virtualization exceptions are disclosed. In one embodiment, a processor includes instruction hardware, control logic, and execution hardware. The instruction hardware is to receive a plurality of instructions, including an instruction to enter a virtual machine. The control logic is to determine, in response to a privileged event occurring within the virtual machine, whether to generate a virtualization exception. The execution hardware is to generate a virtualization exception in response to the control logic determining to generate a virtualization exception.