Abstract: A system and method are disclosed for managing idle processors in virtualized systems. A hypervisor executing on a host comprising one or more physical processors receives an anticipated idle time for a physical processor of the one or more physical processors of the host from a guest operating system of a virtual machine executing on the host. In response to determining that a function of the anticipated idle time exceeds an exit time of a first power state of the physical processor, the physical processor is caused to be halted and placed in the first power state.

Abstract: An identification of one or more memory pages that are associated with the guest operating system may be received by a hypervisor and from a guest operating system. The hypervisor may receive a request from the guest operating system to initiate a tracking operation for the one or more memory pages. The tracking operation may be initiated for the one or more memory pages in response to receiving the request from the guest operating system. Furthermore, the one or more memory pages may be freed in view of the tracking operation that has been initiated by the hypervisor.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block from a plurality of storage blocks comprising encrypted content, the storage block being associated with a computing process; restricting access of the computing process to the storage block; causing the storage block to be decrypted using a first cryptographic input and encrypted using a second cryptographic input; copying the storage block from a first location within the plurality of storage blocks to a second location within the plurality of storage blocks; and providing access of the computing process to the storage block at the second location.

Abstract: A system and method for idle processor management in virtualized systems are disclosed. In accordance with one embodiment, a guest operating system (OS) of a virtual machine estimates an idle time for a virtual central processing unit (CPU) of the virtual machine, where the virtual machine is executed by a CPU of a host computer system, and where the virtual CPU is mapped to the CPU. The guest OS also estimates a host latency time for the host computer system, where the host latency time is based on at least one of: a first power state of the CPU, a context switch associated with execution of the virtual machine by the CPU, or an idle state of a hypervisor executed by the CPU. When the idle time for the virtual CPU divided by a performance multiplier exceeds the host latency time, the virtual CPU is caused to halt.

Abstract: Systems and methods for directly updating the virtual machine memory by interrupt handlers. An example method may comprise: receiving, by a computer system, an interrupt triggered by a physical device; receiving, by an interrupt handling routine, a data frame from the physical device; identifying a virtual machine to receive the interrupt; and responsive to determining that an active memory context on the computer system matches a memory context of the virtual machine, writing, by the interrupt handling routine, the data frame into a memory of the virtual machine.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by the hypervisor, a first storage block and a second storage block, the first storage block being associated with a virtual machine; associating the second storage block with the virtual machine; and providing, by the hypervisor, an instruction for the virtual machine to copy content of the first storage block to the second storage block.

Abstract: An identification of one or more memory pages that are associated with the guest operating system may be received by a hypervisor and from a guest operating system. The hypervisor may receive a request from the guest operating system to initiate a tracking operation for the one or more memory pages. The tracking operation may be initiated for the one or more memory pages in response to receiving the request from the guest operating system.

Abstract: A system and method are disclosed for managing idle processors in virtualized systems. In accordance with one embodiment, a hypervisor executing on a host computer receives an anticipated idle time for a processor of the host computer system from a guest operating system of a virtual machine executing on the host computer system. When the anticipated idle time divided by a performance multiplier exceeds an exit time of a first power state of the processor, the processor is caused to be halted.

Abstract: Systems and methods for batched storage hinting with fast guest storage allocation. An example method may involve: receiving, by a processing device executing a hypervisor, an indication of a plurality of storage blocks that have been released by a guest operating system and remain allocated to a virtual machine executing the guest operating system; adding, by the hypervisor, identifiers of the plurality of storage blocks to a set of storage block identifiers, wherein an identifier in the set is associated with the virtual machine; receiving a request to allocate storage to the virtual machine; analyzing, by the hypervisor, the set of storage block identifiers to identify a storage block associated with the virtual machine; and allocating the identified storage block to the virtual machine.

Abstract: Processes being executed by a host system may be identified. The processes may be associated with random numbers that are generated by a first type of random number generator operation. An indication of abnormal behavior from at least one of the processes that are being executed by the host system may be received. A request for a new process to be executed by the host system may be received. In response to the indication of the abnormal behavior and the request to provide the new process, a second random number may be generated by using a second type of random number generator operation that is different than the first type of random number generator operation. The second type of random number generator operation may use a system entropy value that is associated with the host system. The new process may be generated in view of the second random number.

Abstract: Systems and methods for memory page hints that account for multiple page sizes. An example method may comprise: determining, by a processing device executing a guest operating system, that a memory page size of the guest operating system is different from a memory page size of a hypervisor; adding, by the guest operating system, a guest memory page released by the guest operating system to a set of guest memory pages; determining in view of the memory page size of the hypervisor that the set of guest memory pages fills a hypervisor memory page; and providing an indication to the hypervisor that the hypervisor memory page is available for reuse.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by the hypervisor, a first storage block and a second storage block, the first storage block being associated with a virtual machine; associating the second storage block with the virtual machine; providing, by the hypervisor, an instruction for the virtual machine to copy content of the first storage block to the second storage block; and enabling the virtual machine to access the content in the second storage block.

Abstract: Systems and methods for performing data duplication on data that was previously consolidated (e.g., deduplicated or merged). An example method may comprise: receiving, by a processing device, a request to modify a storage block comprising data encrypted using a location dependent cryptographic input; causing the data of the storage block to be encrypted using a location independent cryptographic input corresponding to a first storage location; copying the data encrypted using the location independent cryptographic input from the first storage location to a second storage location; causing data at the second storage location to be encrypted using a location dependent cryptographic input corresponding to the second storage location; and updating a reference of the storage block from the first storage location to the second storage location.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block from a plurality of storage blocks comprising encrypted content, the storage block being associated with a computing process; restricting access of the computing process to the storage block; causing the storage block to be decrypted using a first cryptographic input and encrypted using a second cryptographic input; copying the storage block from a first location within the plurality of storage blocks to a second location within the plurality of storage blocks; and providing access of the computing process to the storage block at the second location.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by the hypervisor, a first storage block and a second storage block, the first storage block being associated with a virtual machine; associating the second storage block with the virtual machine; providing, by the hypervisor, an instruction for the virtual machine to copy content of the first storage block to the second storage block; and enabling the virtual machine to access the content in the second storage block.

Abstract: Systems and methods for performing data deduplication one storage blocks while the data is encrypted. An example method may comprise: selecting a first storage block and a second storage block from a plurality of encrypted storage blocks, wherein the first storage block and the second storage block are encrypted using different cryptographic input; causing the first storage block and the second storage block to be decrypted and further encrypted using a common cryptographic input; determining that a cipher text of the first storage block and a cipher text of the second storage block are the same; and updating a reference to the first storage block to reference the second storage block in response to the determining that the cipher text of the first storage block and the cipher text of the second storage block are the same.

Abstract: Systems and methods for batching memory page hints that may enable a hypervisor to reuse a particular memory page without copying the particular memory page to and from swap space. An example method may comprise: releasing, by a processing device executing a virtual machine, memory pages in use by the virtual machine; adding the memory pages to a set of memory pages; determining, by the virtual machine, that the set of memory pages satisfies a threshold quantity; and responsive to the determining, notifying a hypervisor that the memory pages released by the virtual machine are available for reuse by the hypervisor without being copied to persistent storage.

Abstract: Selection of content for sharing is described. An indication of desired content to be shared between a first database and a second database is sent from the first database to the second database. The first database receives desired content corresponding to the indication and a relevancy determination corresponding to a threshold fraction of users that tag the desired content to a particular category. A first version of the desired content is identified in the first database. A second version of the desired content is received by the first database from the second database upon an identification, at the second database, of the second version of the desired content.

Abstract: Systems and methods for embedding emulation support for a hardware feature into a virtual machine to enhance the security of the hypervisor and host system. An example method may comprise: receiving, by a processing device executing a hypervisor, a message indicating a hardware feature is unavailable; determining, by the hypervisor, whether a virtual machine is capable of emulating the hardware feature; and causing, by the hypervisor, the virtual machine to emulate the hardware feature in response to determining the virtual machine is capable of emulating the hardware feature.

Abstract: Embodiments pertain generally to a method for providing subscription services in view of virtual machines. The method includes determining that a user is enrolled for a continuous availability service and determining, in view of the continuous availability service, that the service provider is to instantiate a virtual machine for the user to continue execution of operations executed on a client machine. The method further includes causing the virtual machine to be instantiated in view of the continuous availability service and causing the instantiated virtual machine to be configured to restore a state of the client machine that corresponds to a previous update of the client machine. The previous update may correspond to client activity data of the client machine.