Abstract: Described herein are approaches to managing expandable resource reservations. In one approach, a method is described in which an attempt is made to change a resource reservation from a first amount to a second amount. The second amount is examined to determine whether it exceeds a reservation limit. The second amount is compared with available resources, and reserved.

Abstract: A host computer system is configured to present each of multiple resident contexts with an address space that may be mapped, at least in part, to corresponding portions of a host memory. The address space of a selected context is sampled, and, for each of a plurality of sampled portions of the address space of the selected context that are backed by a corresponding portion of host memory, a count of the number of portions of address spaces of any contexts that are backed by the same portion of the host memory is obtained. A metric is then computed as a function of the count. A decision about swapping out or reclaiming the allocation of the memory of the contexts is based on the metric. The metric is preferably a function of a mean (such as harmonic, geometric or arithmetic) or median of the counts for each context.

Abstract: A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM.

Abstract: Computer-executable instructions in a computer are verified dynamically, after they have been identified for submission for execution, but before they are actually executed. In particular, for at least one current instruction that has been identified for submission to the processor for execution, an identifying value, for example, a hash value, is determined for a current memory block that contains the current instruction. The identifying value of the current memory block is then compared with a set of reference values. If the identifying value satisfies a validation condition, then execution of the current instruction by the processor is allowed. If the validation condition is not satisfied, then a response is generated: In the common case, execution of the current instruction is not allowed, or some other predetermined measure is taken.

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Abstract: A system for increasing the efficiency of migrating, at least in part, a virtual machine from a source host to a destination host is described wherein the content of one or more portions of the address space of the virtual machine are each uniquely associated at the source host with a signature that may collide, absent disambiguation, with different content at the destination host. Code in both the source and destination hosts disambiguates the signature(s) so that each disambiguated signature may be uniquely associated with content at the destination host, and so that collisions with different content are avoided at the destination host. Logic is configured to determine whether the content uniquely associated with a disambiguated signature at the destination host is already present in the destination host memory, and, if so, to back one or more portions of the address space of the virtual machine having this content with one or more portions of the destination host memory already holding this content.

Abstract: A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.

Abstract: In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software.

Abstract: A computer system having a plurality of processor cores utilizes a device driver running in a driver virtual machine to handle I/O with the corresponding device for other virtual machines. A hypervisor in the computer system receives an interrupt from the corresponding device and identifies a virtual machine that best correlates to the received interrupt prior to forwarding the interrupt for handling by the driver virtual machine. The hypervisor then speculatively transmits a notification to the identified virtual machine to wake up and poll a memory shared between the identified virtual machine and the driver virtual machine. Once the driver virtual machine completes handling of the forwarded interrupt, it copies data made available by the corresponding device to the shared memory for access by the polling identified virtual machine.

Abstract: In a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.

Abstract: A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access.

Abstract: A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM.

Abstract: Methods and systems for managing distribution of host physical memory (HPM) among virtual machines (VMs) executing on a host via a hypervisor are presented, where each VM has guest system software including an operating system. A method includes an operation for reserving, by a balloon application executing in a first VM, a guest virtual memory (GVM) location in the first VM. The GVM location is mapped to a guest physical memory (GPM) location, which is mapped to a host physical memory (HPM) location. The balloon application is responsive to the hypervisor for reserving memory. Further, the method includes operations for writing a value to the reserved GVM location and for remapping a plurality of GPM locations containing the value to a single HPM location. The remapping is performed by a content-based page sharing component of the hypervisor.

Abstract: A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM.

Abstract: Memory assigned to a virtual machine is reclaimed. A resource reservation application running as a guest application on the virtual machine reserves a location in guest virtual memory. The corresponding physical memory can be reclaimed and allocated to another virtual machine. The resource reservation application allows detection of guest virtual memory page-out by the guest operating system. Measuring guest virtual memory page-out is useful for determining memory conditions inside the guest operating system. Given determined memory conditions, memory allocation and reclaiming can be used control memory conditions. Memory conditions in the virtual machine can be controlled with the objective of achieving some target memory conditions.

Abstract: Memory assigned to a virtual machine is reclaimed. A resource reservation application running as a guest application on the virtual machine reserves a location in guest virtual memory. The corresponding physical memory can be reclaimed and allocated to another virtual machine. The resource reservation application allows detection of guest virtual memory page-out by the guest operating system. Measuring guest virtual memory page-out is useful for determining memory conditions inside the guest operating system. Given determined memory conditions, memory allocation and reclaiming can be used control memory conditions. Memory conditions in the virtual machine can be controlled with the objective of achieving some target memory conditions.

Abstract: A swap space is provided for a host computer system, where the swap space includes a plurality of swap files with each individual swap file for swapping data only for a single corresponding virtual machine (VM). The per-VM swap space is used solely by the single, corresponding VM, such that only that particular VM's memory is allowed to be swapped out to the swap file.

Abstract: A swap space is provided for a host computer system, where the swap space includes a plurality of swap files with each individual swap file for swapping data only for a single corresponding virtual machine (VM). The per-VM swap space is used solely by the single, corresponding VM, such that only that particular VM's memory is allowed to be swapped out to the swap file.

Abstract: A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM.

Abstract: A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system.