Abstract: Systems and methods for virtual machine communication in a virtualized environment can include identifying an encrypted guest memory location of a virtual machine (VM), the encrypted guest memory location associated with a virtual device, and copying a first set of encrypted data from the encrypted guest memory location to hypervisor memory to create a copied set of encrypted data. They can also include comparing a second set of encrypted data from the encrypted guest memory location with the copied set of encrypted data, and responsive to detecting a difference between the second set of encrypted data and the copied set of encrypted data, requesting, unencrypted data comprising a request related to the virtual device.

Abstract: Systems and methods for accelerating hypercalls for nested virtual machines. An example method comprises: executing, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine (VM); receiving, by a Level 1 hypervisor managing a Level 2 VM, a first function component from a Level 2 hypervisor managing a Level 3 VM, wherein the first function component performs a first functionality associated with a hypercall issued by the Level 3 VM; generating, by the Level 1 hypervisor, a second function component that performs a second functionality associated with the hypercall issued by the Level 2 VM; and responsive to detecting the hypercall issued by the Level 3 VM, causing the Level 0 hypervisor to execute at least one of: the first function component or the second function component.

Abstract: Systems and methods for accelerating hypercalls for nested virtual machines. An example method may comprise executing, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine (VM). The Level 0 hypervisor receives a first function component from a Level 2 hypervisor managing a Level 3 VM, where the first function component performs a first functionality associated with a hypercall issued by the Level 3 VM; stores the first function component in a memory space associated with the Level 0 hypervisor; detects the hypercall issued by the Level 3 VM; and responsive to detecting the hypercall, executes the first function component to modify a VM context for the Level 3 VM.

Abstract: Systems and methods for accelerating hypercalls for nested virtual machines. An example method may comprise executing, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine (VM). The Level 0 hypervisor receives a first function component from a Level 2 hypervisor managing a Level 3 VM, where the first function component performs a first functionality associated with a hypercall issued by the Level 3 VM; stores the first function component in a memory space associated with the Level 0 hypervisor; detects the hypercall issued by the Level 3 VM; and responsive to detecting the hypercall, executes the first function component to modify a VM context for the Level 3 VM.

Abstract: Systems and methods for efficient migration for encrypted virtual machines (VMs) by active page copying are disclosed. An example method may include receiving a request to migrate a VM, identifying a first page of memory of the VM on the source host machine for migration, the first page of memory encrypted with a VM-specific encryption key, protecting the first page from access by the VM, executing a send command to modify the first page from encrypted with the guest-specific encryption key to encrypted with a migration key while the first page remains in place in the memory, allocating a second page in a buffer, copying contents of the first page to the second page, executing a receive command to modify the first page from encrypted with the migration key to encrypted with the guest-specific encryption key while the first page remains in place in the memory, and transmitting contents of the second page.

Abstract: Methods, systems, and computer program products are included for providing I/O state protections to a virtualized environment. An example method includes configuring, by a hypervisor, a processor to execute instructions corresponding to a guest of a virtual machine (VM). As part of a transition of operations from the VM to the hypervisor, the guest specifies a first register of the processor. The processor then provides the hypervisor with access to non-encrypted data stored in first register, while data stored in non-specified registers is maintained in the processor in an encrypted format. The hypervisor receives the non-encrypted data from the first register.

Abstract: Methods, systems, and computer program products are included for providing I/O state protections to a virtualized environment. An example method includes configuring, by a hypervisor, a processor to execute instructions corresponding to a guest of a virtual machine (VM). As part of a transition of operations from the VM to the hypervisor, the guest specifies a first register of the processor. The processor then provides the hypervisor with access to non-encrypted data stored in first register, while data stored in non-specified registers is maintained in the processor in an encrypted format. The hypervisor receives the non-encrypted data from the first register.

Abstract: Methods, systems, and computer program products are included for providing I/O state protections to a virtualized environment. An example method includes configuring, by a hypervisor, a processor to execute instructions corresponding to a guest of a virtual machine (VM). As part of a transition of operations from the VM to the hypervisor, the guest specifies a first register of the processor. The processor then provides the hypervisor with access to non-encrypted data stored in first register, while data stored in non-specified registers is maintained in the processor in an encrypted format. The hypervisor receives the non-encrypted data from the first register.

Abstract: Systems and methods for efficient migration for encrypted virtual machines (VMs) by active page copying are disclosed. An example method may include receiving a request to migrate a VM, identifying a first page of memory of the VM on the source host machine for migration, the first page of memory encrypted with a VM-specific encryption key, protecting the first page from access by the VM, executing a send command to modify the first page from encrypted with the guest-specific encryption key to encrypted with a migration key while the first page remains in place in the memory, allocating a second page in a buffer, copying contents of the first page to the second page, executing a receive command to modify the first page from encrypted with the migration key to encrypted with the guest-specific encryption key while the first page remains in place in the memory, and transmitting contents of the second page.

Abstract: Methods, systems, and computer program products for providing fair unidirectional multi-queue virtual machine migration are disclosed. A computer-implemented method may include maintaining a current scan identifier for each of a plurality of streams used to migrate a virtual machine from a first hypervisor to a second hypervisor, determining when a current scan identifier of a first stream and a current scan identifier of a second stream are associated with different memory states of the virtual machine, and adjusting processing of memory updates when the current scan identifiers are associated with different memory states of the virtual machine. The adjusting may be performed, for example, by pausing processing on each stream having a current scan identifier subsequent to the earliest current scan identifier determined for the streams, and processing memory updates on each stream having a current scan identifier matching the earliest current scan identifier.

Abstract: Methods, systems, and computer program products are included for providing I/O state protections to a virtualized environment. An example method includes configuring, by a hypervisor, a processor to execute instructions corresponding to a guest of a virtual machine (VM). As part of a transition of operations from the VM to the hypervisor, the guest specifies a first register of the processor. The processor then provides the hypervisor with access to non-encrypted data stored in first register, while data stored in non-specified registers is maintained in the processor in an encrypted format. The hypervisor receives the non-encrypted data from the first register.

Abstract: Methods, systems, and computer program products for non-blocking unidirectional multi-queue virtual machine migration are provided. A computer-implemented method may include maintaining information to track an association between a memory area in a virtual machine and a stream for a first stage of virtual machine migration, detecting one or more updates to the memory area during the first stage of migration, examining the information to identify the stream associated with the memory area for the first stage of migration, sending the updates to the memory area on the identified stream during the first stage of migration, modifying the information to associate the memory area with a new stream for a second stage of the migration, and sending updates to the memory area on the new stream during the second stage of migration.

Abstract: Systems and methods for virtual machine live migration. An example method may comprise: identifying, by a first computer system executing a virtual machine undergoing live migration to a second computer system, a plurality of stable memory pages comprised by an execution state of the virtual machine, wherein the plurality of stable memory pages comprises memory pages that have not been modified within a defined period of time; transmitting the plurality of stable memory pages to the second computer system; determining that an amount of memory comprised by a plurality of unstable memory pages is below a threshold value, wherein the plurality of unstable memory pages comprises memory pages that have been modified within the defined period of time; and transmitting the plurality of unstable memory pages to the second computer system.

Abstract: Methods, systems, and computer program products for providing fair unidirectional multi-queue virtual machine migration are disclosed. A computer-implemented method may include maintaining a current scan identifier for each of a plurality of streams used to migrate a virtual machine from a first hypervisor to a second hypervisor, determining when a current scan identifier of a first stream and a current scan identifier of a second stream are associated with different memory states of the virtual machine, and adjusting processing of memory updates when the current scan identifiers are associated with different memory states of the virtual machine. The adjusting may be performed, for example, by pausing processing on each stream having a current scan identifier subsequent to the earliest current scan identifier determined for the streams, and processing memory updates on each stream having a current scan identifier matching the earliest current scan identifier.

Abstract: Systems and methods for memory de-duplication in a virtual machine undergoing live migration.

Abstract: Systems and methods for memory de-duplication in a virtual machine undergoing live migration. An example method may comprise: determining a first identifier identifying a first physical memory range, the first physical memory range mapped to a first virtual memory range in a virtual address space of a first virtual machine undergoing live migration from a origin host computer system to a destination host computer system; determining a second identifier identifying a second physical memory range, the second physical memory range mapped to a second virtual memory range in a virtual address space of a second virtual machine undergoing live migration from the origin host computer system to the destination host computer system; determining that the first identifier and the second identifier identify the same physical memory range; and notifying the destination host computer system that the first virtual memory range and the second virtual memory range have identical contents.

Abstract: Methods, systems, and computer program products for providing fair unidirectional multi-queue virtual machine migration are disclosed. A computer-implemented method may include maintaining a current scan identifier for each of a plurality of streams used to migrate a virtual machine from a first hypervisor to a second hypervisor, determining when a current scan identifier of a first stream and a current scan identifier of a second stream are associated with different memory states of the virtual machine, and adjusting processing of memory updates when the current scan identifiers are associated with different memory states of the virtual machine. The adjusting may be performed, for example, by pausing processing on each stream having a current scan identifier subsequent to the earliest current scan identifier determined for the streams, and processing memory updates on each stream having a current scan identifier matching the earliest current scan identifier.

Abstract: An application associated with a virtual processor running on a physical processor reads a first value of a counter and a second value of the counter. The counter is indicative of a migration status of the virtual processor with respect to the physical processor. Responsive to determining that the first value of the counter does not equal the second value of the counter, the application ascertains whether a value of a hardware parameter associated with the physical processor has changed during a time interval. The migration status indicates a count of the number of times the virtual processor has migrated a first physical processor to a second physical processor. The application determines the validity of a value of a performance monitoring unit derived from the hardware parameter in view of the application ascertaining whether the value of the hardware parameter has changed during the time interval.

Abstract: An application associated with a processor reads a first value of a counter and a second value of the counter. The counter is indicative of a migration status of the application with respect to the processor. Responsive to determining that the first value of the counter does not equal the second value of the counter, the application ascertains whether a value of a hardware parameter associated with the processor has changed during a time interval. The migration status indicates a count of the number of times the application has migrated from one processor to another processor. The application determines the validity of a value of a performance monitoring unit derived from the hardware parameter in view of the application ascertaining whether the value of the hardware parameter has changed during the time interval.

Abstract: An application associated with a virtual processor running on a physical processor reads a first value of a counter and a second value of the counter. The counter is indicative of a migration status of the virtual processor with respect to the physical processor. Responsive to determining that the first value of the counter does not equal the second value of the counter, the application ascertains whether a value of a hardware parameter associated with the physical processor has changed during a time interval. The migration status indicates a count of the number of times the virtual processor has migrated a first physical processor to a second physical processor. The application determines the validity of a value of a performance monitoring unit derived from the hardware parameter in view of the application ascertaining whether the value of the hardware parameter has changed during the time interval.