Abstract: Technology for performing data duplication on data that was previously consolidated (e.g., deduplicated or merged). An example method may involve receiving a request to modify a memory page; causing the data at a first storage location to be decrypted using location dependent cryptographic input and then encrypted using a location independent cryptographic input; copying the encrypted data of the memory page from the first storage location to a second storage location; causing the encrypted data at the first and second storage locations to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input; updating, by the supervisor, one of the references of the plurality of memory pages from pointing to the first storage location in the physical memory to pointing to the second storage location; and modifying the memory page by altering data in the physical memory.

Abstract: Systems and methods for performing data duplication on data that was previously consolidated (e.g., deduplicated or merged). An example method may comprise: receiving, by a processing device, a request to modify a storage block comprising data encrypted using a location dependent cryptographic input; causing the data of the storage block to be encrypted using a location independent cryptographic input corresponding to a first storage location; copying the data encrypted using the location independent cryptographic input from the first storage location to a second storage location; causing data at the second storage location to be encrypted using a location dependent cryptographic input corresponding to the second storage location; and updating a reference of the storage block from the first storage location to the second storage location.

Abstract: Systems and methods for batched storage hinting with fast guest storage allocation. An example method may involve: detecting, by a hypervisor, that storage has been released by a guest operating system and remains allocated to a virtual machine executing the guest operating system; accessing, by the hypervisor, one or more sets of storage blocks, wherein a set of the one or more sets comprises an identifier associated with the storage and is associated with the virtual machine; receiving, by a processing device executing the hypervisor, a request to allocate a storage block to the virtual machine; identifying, by the hypervisor, at least one storage block of the one or more sets that is associated with the virtual machine; and allocating the at least one storage block to the virtual machine.

Abstract: A system and method are disclosed for managing idle processors in virtualized systems. A hypervisor executing on a host comprising one or more physical processors receives an anticipated idle time for a physical processor of the one or more physical processors of the host from a guest operating system of a virtual machine executing on the host. In response to determining that a function of the anticipated idle time exceeds an exit time of a first power state of the physical processor, the physical processor is caused to be halted and placed in the first power state.

Abstract: Systems and methods for moving encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block stored by a storage device, wherein the storage block comprises encrypted content and is associated with a computing process; causing the encrypted content of the storage block to be decrypted using a first cryptographic input that is location dependent and encrypted using a second cryptographic input that is location independent; and copying the storage block comprising the encrypted content from a first location within the storage device to a second location within the storage device.

Abstract: Embodiments pertain generally to a method for providing subscription services in view of virtual machines. The method includes determining that a user is enrolled for a continuous availability service and determining, in view of the continuous availability service, that the service provider is to instantiate a virtual machine for the user to continue execution of operations executed on a client machine. The method further includes causing the virtual machine to be instantiated in view of the continuous availability service and causing the instantiated virtual machine to be configured to restore a state of the client machine that corresponds to a previous update of the client machine. The previous update may correspond to client activity data of the client machine.

Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing an operating system, an identification of a first storage block that has been released by a first virtual machine; tracking, by the operating system, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the operating system, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.

Abstract: Systems and methods for memory page hints that account for multiple page sizes. An example method may comprise: determining, by a processing device executing a guest operating system, that a memory page size of the guest operating system is different from a memory page size of a hypervisor; adding, by the guest operating system, a guest memory page released by the guest operating system to a set of guest memory pages; determining in view of the memory page size of the hypervisor that the set of guest memory pages fills a hypervisor memory page; and providing an indication to the hypervisor that the hypervisor memory page is available for reuse.

Abstract: Processes being executed by a host system and associated with a first address space layout may be identified. An indication of abnormal behavior from at least one of the processes that are being executed by the host system may be received. A request for a new process to be executed by the host system may be received. In response to the indication of the abnormal behavior and the request to provide the new process, a second address space layout may be generated for the new process that is different than the first address space layout. The new process may be generated in view of the second address space layout.

Abstract: Systems and methods for embedding emulation support for a hardware feature into a virtual machine to enhance the security of the hypervisor and host system. An example method may comprise: receiving, by a processing device executing a hypervisor, a message indicating a hardware feature is unavailable; determining, by the hypervisor, whether a virtual machine is capable of emulating the hardware feature; and causing, by the hypervisor, the virtual machine to emulate the hardware feature in response to determining the virtual machine is capable of emulating the hardware feature.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by the hypervisor, a first storage block and a second storage block, the first storage block being associated with a virtual machine; associating the second storage block with the virtual machine; and providing, by the hypervisor, an instruction for the virtual machine to copy content of the first storage block to the second storage block.

Abstract: Systems and methods for batched storage hinting with fast guest storage allocation. An example method may involve: detecting, by a hypervisor, that storage has been released by a guest operating system and remains allocated to a virtual machine executing the guest operating system; accessing, by the hypervisor, one or more sets of storage blocks, wherein a set of the one or more sets comprises an identifier associated with the storage and is associated with the virtual machine; receiving, by a processing device executing the hypervisor, a request to allocate a storage block to the virtual machine; identifying, by the hypervisor, at least one storage block of the one or more sets that is associated with the virtual machine; and allocating the at least one storage block to the virtual machine.

Abstract: Processes being executed by a host system and associated with a first address space layout may be identified. An indication of abnormal behavior from at least one of the processes that are being executed by the host system may be received. A request for a new process to be executed by the host system may be received. In response to the indication of the abnormal behavior and the request to provide the new process, a second address space layout may be generated for the new process that is different than the first address space layout. The new process may be generated in view of the second address space layout.

Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing an operating system, an identification of a first storage block that has been released by a first virtual machine; tracking, by the operating system, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the operating system, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.

Abstract: Systems and methods for batched storage hinting with fast guest storage allocation. An example method may involve: receiving, by a processing device executing a hypervisor, an indication of a plurality of storage blocks that have been released by a guest operating system and remain allocated to a virtual machine executing the guest operating system; adding, by the hypervisor, identifiers of the plurality of storage blocks to a set of storage block identifiers, wherein an identifier in the set is associated with the virtual machine; receiving a request to allocate storage to the virtual machine; analyzing, by the hypervisor, the set of storage block identifiers to identify a storage block associated with the virtual machine; and allocating the identified storage block to the virtual machine.

Abstract: Systems and methods for performing data deduplication one storage blocks while the data is encrypted. An example method may comprise: selecting a first storage block and a second storage block from a plurality of encrypted storage blocks, wherein the first storage block and the second storage block are encrypted using different cryptographic input; causing the first storage block and the second storage block to be decrypted and further encrypted using a common cryptographic input; determining that a cipher text of the first storage block and a cipher text of the second storage block are the same; and updating a reference to the first storage block to reference the second storage block in response to the determining that the cipher text of the first storage block and the cipher text of the second storage block are the same.

Abstract: Systems and methods for moving encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block stored by a storage device, wherein the storage block comprises encrypted content and is associated with a computing process; causing the encrypted content of the storage block to be decrypted using a first cryptographic input that is location dependent and encrypted using a second cryptographic input that is location independent; and copying the storage block comprising the encrypted content from a first location within the storage device to a second location within the storage device.

Abstract: Processes being executed by a host system may be identified. The processes may be associated with random numbers that are generated by a first type of random number generator operation. An indication of abnormal behavior from at least one of the processes that are being executed by the host system may be received. A request for a new process to be executed by the host system may be received. In response to the indication of the abnormal behavior and the request to provide the new process, a second random number may be generated by using a second type of random number generator operation that is different than the first type of random number generator operation. The second type of random number generator operation may use a system entropy value that is associated with the host system. The new process may be generated in view of the second random number.

Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing a hypervisor, an identification of a first storage block that has been released by a first virtual machine; tracking, by the hypervisor, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the hypervisor, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.

Abstract: Disclosed are systems and methods for determining task scores reflective of memory access statistics in NUMA systems. An example method may comprise: determining, by a processing device, a first memory access score of a task with respect to a first node of a Non-Uniform Memory Access (NUMA) system; adjusting the first memory access score using memory access scores of the task with respect to one or more nodes of the NUMA system; and migrating, in view of the adjusting, at least one of: the task or a memory page associated with the task.