Abstract: Methods, systems, and computer program products are included for collecting kernel data in a protected kernel environment. A method includes allocating a first portion of a memory for a first kernel and reserving a second portion of the memory for a second kernel. The second kernel is stored in the second portion of the memory. A hypervisor is provided a memory address corresponding to the second portion of the memory. The hypervisor disables write and execute access privileges corresponding to the second portion of the memory. After a crash occurs corresponding to the first kernel, the second kernel is attempted to be executed. The hypervisor detects the attempted execution of the second kernel. The hypervisor enables execute access privileges corresponding to the second portion of the memory. After the execute access privileges are enabled, the second kernel is executed to collect data corresponding to the first kernel.

Abstract: A hypervisor configures a page table entry in a host page table to map an address associated with memory-mapped input-output (MMIO) for a virtual device of a guest of the hypervisor to an input/output (I/O) instruction. The address is marked in the page table entry as a hypervisor exit entry, and the page table entry to cause an exit to the hypervisor responsive to the guest attempting to access the address. Responsive to detecting an exit to the hypervisor caused by the guest attempting to access the address, the hypervisor receives the I/O instruction mapped to the address that caused the exit. The hypervisor then executes the I/O instruction on behalf of the guest.

Abstract: Methods, systems, and computer program products for executing a protected function are provided. A computer-implemented method may include storing a first virtual machine function instruction as the last instruction on the first trampoline page that is executable to configure access privileges according to a trampoline view, storing a page table setup instruction on the second trampoline page, and storing a second virtual machine function instruction as a last instruction on the second trampoline page that is executable to configure access privileges according to a protected view.

Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes providing, by a hypervisor, a virtual machine that includes a guest operating system. The code module and a signature corresponding to the code module are sent by the guest operating system to the hypervisor. One or more relocations are applied to the code module. The hypervisor verifies the signature corresponding to the code module. After verifying the signature, the hypervisor allows the guest operating system to execute the code module.

Abstract: An example method for host virtual address reservation comprises: reserving a host virtual address range within a virtual address space of a computer system; associating a first virtual memory device with a first guest physical address range a virtual machine running on the computer system; associating a second virtual memory device with a second guest physical address range of the virtual machine; mapping a first guest physical address of the first guest physical address range to a first host virtual address of the host virtual address range, wherein the first host virtual address is identified by an offset with respect to the first guest physical address; mapping a second guest physical address of the second guest physical address range to a second host virtual address of the host virtual address range, wherein the second host virtual address is identified by the offset with respect to the second guest physical address.

Abstract: An example method for secure virtual machine access to a protected virtual machine function includes storing a first virtual machine function instruction, which is executable to configure access privileges of a guest according to a trampoline view, as a last instruction on a first trampoline page. The method also includes storing a clear interrupt flag instruction as a first instruction on a second trampoline page. The method further includes storing a second virtual machine function instruction, which is executable to configure access privileges of the guest according to a protected view, as a last instruction on the second trampoline page. The method also includes in response to detecting an extended page fault violation while the trampoline view is active, clearing the interrupt flag of the guest and entering execution on an instruction following the clear interrupt flag instruction on the second trampoline page.

Abstract: A system, methods, and apparatus for using hypervisor trapping for protection against interrupts in virtual machine functions are disclosed. A system includes memory, one or more physical processors, a virtual machine executing on the one or more physical processors, and a hypervisor executing on the one or more physical processors. The hypervisor reads an interrupt data structure on the virtual machine. The hypervisor determines whether the interrupt data structure points to an alternate page view. Responsive to determining that the interrupt data structure points to an alternate page view, the hypervisor disables a virtual machine function.

Abstract: Methods, systems, and computer program products are included for performing module unloading in a protected kernel environment. A method includes loading a module into a kernel, the module including an exit function. The kernel provides, to a hypervisor, a memory location corresponding to the exit function of the module. A kernel protection feature is activated. After activating the kernel protection feature, the hypervisor detects an attempt to execute the exit function. The hypervisor determines that the attempt to execute the exit function corresponds to the memory location provided to the hypervisor. Based on the determining, the hypervisor allows execution of the exit function.

Abstract: A method performed by a physical computing system includes detecting an interrupt signal sent to a virtual processor being managed by the hypervisor, creating a map between the virtual processor and an Input/Output (I/O) thread associated with the interrupt signal, determining that the virtual processor is idle, finding the I/O thread associated with the idle virtual processor based on the map, and moving the I/O thread associated with the idle virtual processor up in a processing queue, the processing queue being for processes to be executed on a physical processor.

Abstract: Systems and methods for guest page table validation by virtual machine (VM) functions. An example method comprises: storing a first VM function invocation instruction in a first memory page executable from a default memory view of a VM, wherein executing the first VM function invocation instruction switches a page table pointer to a trampoline memory view of the VM; configuring a write access permission, from the trampoline memory view, to a page table comprised by a VM page table hierarchy; storing a second VM function invocation instruction in a second memory page executable from the trampoline memory view, wherein executing the second VM function invocation instruction switches the page table pointer to an alternative memory view of the VM; storing, in the second memory page, validation instructions to validate the VM page table hierarchy; and storing protected instructions within a third memory page executable from the alternative memory view.

Abstract: An example method of providing a dirty bitmap to an application includes receiving a request for a snapshot of an internal dirty bitmap. The internal dirty bitmap indicates whether a guest has updated one or more pages in guest memory since a previously received request for a snapshot of the internal dirty bitmap. The method also includes copying a set of bits of the internal dirty bitmap into a shared dirty bitmap, which is accessible by the hypervisor and application. The method further includes for each bit of the set of bits having a first value, setting the respective bit to a second value. The method also includes invalidating all cache lines in a set of pages corresponding to one or more bits having the first value in the shared dirty bitmap. The method further includes after invalidating the cache lines, providing the shared dirty bitmap to the application.

Abstract: A system and method for ballooning with assigned devices includes inflating a memory balloon, determining whether a first memory page is locked based on information associated with the first memory page, when the first memory page is locked unlocking the first memory page and removing first memory addresses associated with the first memory page from management by an input/output memory management unit (IOMMU), and reallocating the first memory page. The first memory page is associated with a first assigned device.

Abstract: Systems and methods for delivering certain types of interrupts to virtual machines executing privileged virtual machine functions. An example method may comprise: receiving, by a hypervisor being executed by a processing device of a host computer system, a request to send an interrupt to a virtual central processing unit (vCPU) of a virtual machine; responsive to detecting that the vCPU is executing a virtual machine (VM) function, monitoring the vCPU for completion of the VM function; and responsive to detecting that execution of the VM function is complete, delivering the interrupt to the vCPU.

Abstract: Systems and methods are disclosed for securing an application running on a guest. An example method includes detecting, by a guest running on a virtual machine, that a set of physical memory pages is allocated to an application. The virtual machine runs on a hypervisor, and the application runs on the guest. During runtime, the guest may send a request to the hypervisor to set the set of physical memory pages to an executable-by-user mode in the hypervisor's page tables.

Abstract: A method includes, with a hypervisor, receiving a first request from a guest'to write a first piece of data to a first memory location within a kernel code page. The method further includes determining that the first request triggers a violation based on a kernel protection mechanism, and in response to determining that the first request triggers the violation, determining that the first piece of data includes a breakpoint. The method further includes, in response to determining that the first piece of data includes the breakpoint, copying a second piece of data currently stored at the first memory location to a second memory location within non-guest writeable memory and overwriting the first memory location with the first piece of data.

Abstract: Methods, systems, and computer program products are included for performing module unloading in a protected kernel environment. A method includes loading a module into a kernel, the module including an exit function. The kernel provides, to a hypervisor, a memory location corresponding to the exit function of the module. A kernel protection feature is activated. After activating the kernel protection feature, the hypervisor detects an attempt to execute the exit function. The hypervisor determines that the attempt to execute the exit function corresponds to the memory location provided to the hypervisor. Based on the determining, the hypervisor allows execution of the exit function.

Abstract: Methods, systems, and computer program products are included for collecting kernel data in a protected kernel environment. A method includes allocating a first portion of a memory for a first kernel and reserving a second portion of the memory for a second kernel. The second kernel is stored in the second portion of the memory. A hypervisor is provided a memory address corresponding to the second portion of the memory. The hypervisor disables write and execute access privileges corresponding to the second portion of the memory. After a crash occurs corresponding to the first kernel, the second kernel is attempted to be executed. The hypervisor detects the attempted execution of the second kernel. The hypervisor enables execute access privileges corresponding to the second portion of the memory. After the execute access privileges are enabled, the second kernel is executed to collect data corresponding to the first kernel.

Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes verifying, by a guest, a digital signature of a code module stored in an initial guest memory buffer. The guest copies the verified code module stored at the initial guest memory buffer into a target guest memory buffer and applies, using one or more symbol entries, one or more relocations to the verified code module stored at the target guest memory buffer. The guest sends a request to a hypervisor to set the target guest memory buffer to a write-protect mode. In response to a determination that first content stored in the initial guest memory buffer corresponds to second content stored in the target guest memory buffer, the guest sends a request to the hypervisor to set the target guest memory buffer to an executable mode.

Abstract: Methods, systems, and computer program products are included for performing tracing in a protected kernel environment. A method includes scanning at least a portion of a kernel to locate one or more instructions. The locations of the one or more instructions are provided to a hypervisor. The one or more instructions are replaced with one or more other instructions. After replacing the one or more instructions, a kernel protection feature is activated. After activating the kernel protection feature, they hypervisor detects an attempted modification of the kernel. The hypervisor determines that the attempted modification corresponds to the at least one location provided to the hypervisor and that the attempted modification corresponds to an authorized code variant. The hypervisor modifies the kernel to include the authorized code variant at the at least one location.

Abstract: Methods, systems, and computer program products are included for providing one or more additional kernels kernel in a protected kernel environment. A method includes providing, by a hypervisor, a virtual machine that includes a first kernel. A first portion of memory of the virtual machine is allocated for the first kernel and a second portion of memory of the virtual machine is allocated for a second kernel. The virtual machine executes the first kernel. The hypervisor disables access privileges corresponding to the second portion of memory. Execution is transitioned from the first kernel to the second kernel by clearing memory corresponding to the first kernel, enabling access privileges corresponding to the second portion of the memory, and executing the second kernel on the virtual machine.