Abstract: In various embodiments, a computing system includes, for example, a plurality of processing units that share access to a system cache. A cache management application receives, for example, resource savings information for each processing unit. The resource savings information indicates, for example, amounts of a resource (e.g., power) that are saved when different units of the system cache are allocated to a processing unit. The cache management application determines, for example, the number of units of system cache to allocate to each processing unit based on the received resource savings information.

Abstract: Systems and methods are provided for efficiently configuring an execution environment for an on-demand code execution system to handle a single request (or session) for a single user. Once the session or request is complete, the execution environment is reset, such as by having the hardware processor state, memory, and storage reset. In particular, prior to the execution of code, state of the execution environment of the host computing device is retrieved, such as hardware processor(s), memory, and/or storage state. Moreover, during execution of the code instructions, intermediate state can be gathered. Following the execution of the code, the execution environment is reset based on the saved state related to the hardware processor(s), memory, and/or storage. A subsequent code execution securely occurs in the execution environment and the execution environment is reset again, and so forth.

Abstract: A failure analysis system identifies a root cause of a failure (or other health issue) in a virtualized computing environment and provides a recommendation for remediation. The failure analysis system uses a model-based reasoning (MBR) approach that involves building a model describing the relationships/dependencies of elements in the various layers of the virtualized computing environment, and the model is used by an inference engine to generate facts and rules for reasoning to identify an element in the virtualized computing environment that is causing the failure. Then, then the failure analysis system uses a decision tree analysis (DTA) approach to perform a deep diagnosis of the element, by traversing a decision tree that was generated by combining the rules for reasoning provided by the MBR approach, in conjunction with examining data collected by health monitors. The result of the DTA approach is then used to generate the recommendation for remediation.

Abstract: A technique is introduced for applying multi-level caching to deploy various types of physical memory to service captured memory calls from an application. The various types of physical memory can include local volatile memory (e.g., dynamic random-access memory), local persistent memory, and/or remote persistent memory. In an example embodiment, a user-space page fault notification mechanism is used to defer assignment of actual physical memory resources until a memory buffer is accessed by the application. After populating a selected physical memory in response to an initial user-space page fault notification, page access information can be monitored to determine which pages continues to be accessed and which pages are inactive to identify candidates for eviction.

Abstract: Techniques for computer memory management are disclosed herein. In one embodiment, a method includes in response to receiving a request for allocation of memory, determining whether the request is for allocation from a first memory region or a second memory region of the physical memory. The first memory region has first memory subregions of a first size and the second memory region having second memory subregions of a second size larger than the first size of the first memory region. The method further includes in response to determining that the request for allocation of memory is for allocation from the first or second memory region, allocating a portion of the first or second multiple memory subregions of the first or second memory region, respectively, in response to the request.

Abstract: To increase the speed with which a Second Layer Address Table (SLAT) is traversed, memory having the same access permissions is contiguously arranged such that one or more hierarchical levels of the SLAT need not be referenced, thereby resulting in more efficient SLAT traversal. “Slabs” of memory are established whose memory range is sufficiently large that reference to a hierarchically lower level table can be skipped and a hierarchically higher level table's entries can directly identify relevant memory addresses. Such slabs are aligned to avoid smaller intermediate memory ranges. The loading of code or data into memory is performed based on a next available memory location within a slab having equivalent access permissions, or, if such a slab is not available, or if an existing slab does not have a sufficient quantity of available memory remaining, a new slab with the proper access permissions is established.

Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.

Abstract: At a first compute instance run on a virtualization host, a local instance scaling manager is launched. The scaling manager determines, based on metrics collected at the host, that a triggering condition for redistributing one or more types of resources of the first compute instance has been met. The scaling manager causes virtualization management components to allocate a subset of the first compute instance's resources to a second compute instance at the host.

Abstract: Systems and methods for encryption support for virtual machines. An example method may comprise maintaining, by a virtual machine running on a host computer system, a list of free memory pages, wherein each entry in the list references a set of memory pages that are contiguous in a guest address space; receiving, from a hypervisor of the host computer system, a request for guest memory to be made available to the hypervisor, wherein the request comprises a minimum size of guest memory requested and a maximum size of guest memory; and responsive to identifying, in the list of free memory pages, a set of contiguous guest memory pages that is greater than or equal to the minimum size of memory requested, and less than or equal to the maximum size of memory requested, releasing the set of contiguous guest memory pages to the hypervisor.

Abstract: Techniques for reducing unsafe memory access, particularly when interacting with native libraries, are disclosed. The system may receive a memory address. The system may determine that the received memory address is not associated with an existing memory segment. The system selects a particular memory segment, of a plurality of memory segments. The memory segment may have a length of zero and a size corresponding to a size of a native heap. The system may return a reference to the particular memory segment.

Abstract: A computing system running a host operating system and a virtual machine (VM). The computing system includes at least one device that is directly assigned to the VM. The computing system is configured to execute one or more first VM components and one or more second VM components. The one or more first VM components are configured to manage the one or more second VM components via one or more identification pointers. While the one or more second VM components remain loaded in a system memory, and the directly assigned device remains attached to the VM and remains configured to communicate with the one or more second VM component, the one or more first VM components are shut down and restored.

Abstract: Virtual memory space may be saved in a clone environment by leveraging the similarity of the data signatures in swap files when a chain of virtual machines (VMs) includes clones spawned from a common parent and executing common applications. Deduplication is performed across the chain, rather than merely within each VM. Examples include generating a common deduplication identifier (ID) for the chain; generating a logical addressing table linked to the deduplication ID, for each of the VMs in the chain; and generating a hash table for the chain. Examples further include, based at least on a swap out request, generating a hash value for a block of memory to be written to a storage medium; and based at least on finding the hash value within the hash table, updating the logical addressing table to indicate a location of a prior-existing duplicate of the block on the storage medium.

Abstract: Exemplary methods, apparatuses, and systems include a memory controller detecting that an asynchronous power loss event has occurred. Upon determining that a write operation is in progress to a first type of non-volatile memory element, the memory controller cancels the write operation and retrieves data associated with the write operation. The memory controller sends a request for a second physical address pointing to a second type of non-volatile memory element. Upon receiving a second physical address corresponding to a logical address, the memory controller stores the data at the second physical address.

Abstract: Apparatus and method for managing metadata in a data storage device, such as a solid-state drive (SSD). In some embodiments, a non-volatile memory (NVM) includes a population of semiconductor memory dies. The dies are connected a number of parallel channels such that less than all of the semiconductor dies are connected to each channel. A controller circuit apportions the semiconductor memory dies into a plurality of die sets, with each die set configured to store user data blocks associated with a different user. A separate set of map data is generated to describe user data blocks stored to each die set. The controller circuit stores the respective sets of map data in the associated die sets so that no die set stores map data associated with a different die set. The die sets may be arranged in accordance with the NVMe (Non-Volatile Memory Express) specification.

Abstract: Systems and methods for virtual machine memory migration by storage are provided. A method includes receiving a request to migrate a virtual machine from a source host to a destination host. The method further includes mapping, by the source host, a memory of the virtual machine to a storage device accessible over a network by the source host and by the destination host. The method further includes caching, by the source host, a portion of a state of the virtual machine. The method further includes issuing a synchronization command to synchronize the portion of the state of the virtual machine with the storage device. Responsive to determining that a time period to complete the synchronization command is below a threshold time period, the method further includes stopping the virtual machine on the source host. The method further includes starting the virtual machine on the destination host.

Abstract: A system for provisioning an elastic computing infrastructure is provided. The system includes a memory and at least one processor coupled to the memory. The system also includes a management component executed by the at least one processor and configured to instantiate an objective object having a resource collection and instructions that specify processing performed by the objective object, the resource collection identifying at least one resource object that controls a capacity of at least one resource provided by at least one computer system, the capacity being sufficient for processing to be performed at a predetermined performance level.

Abstract: A computer implemented method of converting a serialized virtual machine (VM) for a source virtualized computing environment, the serialized VM being stored in a data file having also metadata for instantiating the serialized VM in the source environment, the method including supplementing the data file with a software adapter including a plurality of executable disk image converters, each disk image converter being suitable for converting the serialized VM between disparate virtualized computing environments; a plurality of metadata mappings, each metadata mapping defining how the metadata is converted between disparate virtual computing environments; and executable code for effecting a conversion by executing an appropriate disk image converter and performing an appropriate metadata conversion to convert the data file for a target virtualized computing environment, such that the supplemented data file is operable to self-convert between the source virtualized computing environment and the target virtualized

Abstract: A balloon memory fragmentation reduction system includes a memory, at least one processor in communication with the memory, a guest operating system (OS) including a device driver, and a hypervisor executing on the at least one processor. The hypervisor is configured to record an amount of memory allocated by the device driver of the guest OS, locate a contiguous region of guest memory addresses according to the amount of memory allocated by the device driver, reserve the contiguous region of guest memory addresses, and notify the guest OS that the contiguous region of guest memory addresses is reserved.

Abstract: As part of a compute instance migration, a compute instance which was executing at a first server begins execution at a second server before at least some state information of the compute instance has reached the second server. In response to a determination that a particular page of state information is not present at the second server, a migration manager running at one or more offload cards of the second server causes the particular page to be transferred to the second server via a network channel set up between the offload cards of both servers, and stores the page into main memory of the second server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for distributing content items. In one aspect, a method includes receiving user interaction data specifying user interactions with a publisher resource. A heat map specifying levels of user interaction with various portions of the publisher resource is created. Content item slot performance information specifying one or more performance measures for content items presented in various candidate content item slot locations are identified. One of the candidate content item slot locations is selected based on the heat map and the one or more performance measures. Data that cause presentation of suggestion information that identify the one candidate content item slot location as a suggested content item slot location are generated and output.

Abstract: A method for performing access management in a memory device, the associated memory device and the controller thereof, and the associated electronic device are provided. The method may include: receiving a host command and a logical address from a host device; performing a checking operation to obtain a checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device; reading the target data and associated metadata from the NV memory, wherein a latest version of the L2P table is available in the RAM when reading the target data from the NV memory is performed; and checking whether a recorded logical address within the metadata and the logical address received from the host device are equivalent to each other, to control whether to send the target data to the host device.

Abstract: An illustrative file indexing approach enhances what was previously possible with hypervisor-free live browsing of virtual machine (VM) block-level backup copies. Capabilities are described for indexing files discovered in VM block-level backup copies, including file content. The illustrative file indexing functionality activates a live-browse session to discover files present within VM block-level backup copies and indexes file names and directory structures as created by an original source VM, resulting in an illustrative file index. The illustrative file indexing functionality optionally indexes file contents within VM block-level backup copies, resulting in an illustrative content index. The file index and content index are retained in persistent data structure(s) stored apart from the VM block-level backup copies. The indexes are searchable without mounting or live-browsing the VM block-level backup copies. In some embodiments the file index and the content index are consolidated.

Abstract: Systems and methods for memory management for virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor which manages a Level 2 virtual machine having encrypted memory pages. The Level 1 hypervisor may generate a shadow page table where each shadow page table entry of the plurality of shadow page table entries maps a Level 2 guest virtual address of a Level 2 address space associated with the Level 2 virtual machine to a corresponding Level 1 guest physical address of a Level 1 address space associated with the Level 1 virtual machine. The Level 0 hypervisor may generate a Level 0 page table comprising a plurality of Level 0 page table entries that maps a Level 1 guest physical address to a corresponding Level 0 host physical address.

Abstract: Systems and methods for free memory hinting by virtual machines. An example method comprises: identifying, by a virtual machine running on a host computer system, a first memory page referenced by a free memory list maintained by the virtual machine; identifying a second memory page residing in a hinting buffer associated with the virtual machine; moving the second memory page to the free memory list; disassociating the first memory page from the free memory list; and notifying the host computer system of an identifier of the first memory page.

Abstract: In response to failure of a data storage drive, data previously stored on the failed drive is rebuilt on a replacement data storage drive by executing drive rebuild jobs on a first set of processor cores. While the data previously stored on the failed data storage drive is being rebuilt, a second set of processor cores is used to process host I/O (Input/Output) requests. The host I/O requests processed by the second set of processor cores may be a first set of host I/O requests processed during the data rebuild. When a current total number of outstanding host I/O requests exceeds a threshold maximum number of outstanding host I/O requests, at least one processor core in the first set of processor cores may be used to process a second set of host I/O requests while the data previously stored on the failed data storage drive is being rebuilt.

Abstract: Methods, systems, and computer program products are included for de-duplicating one or more memory pages. A method includes receiving, by a hypervisor, a list of read-only memory page hints from a guest running on a virtual machine. The list of read-only memory page hints specifies a first memory page marked as writeable. The method also includes determining whether the first memory page matches a second memory page. In response to a determination that the first memory page matches the second memory page, the hypervisor may deduplicate the first and second memory pages.

Abstract: Methods and devices for connecting a mobile device with different data storage devices located either locally or remotely are provided. The device may apply one or more rules to create a hierarchical virtualization of the several data storage devices. The virtualization may then be provided to the user as a single, hierarchical file system. Further, a monitoring system may monitor the file system to determine if any new applications have been installed or if applications are currently being executed. If a connection is made to a secure network, the system may provide the information derived from the monitoring to the secure network. The secure network can then analyze the information to determine if any of the applications should be uninstalled from the device or should be stopped while the device is connected to the network.

Abstract: An arena-based memory management system is disclosed. In response to a call to reclaim memory storing a group of objects allocated in an arena, an object not in use of the group of objects allocated in the arena is collected. A live object of the plurality of objects is copied from the arena to a heap.

Abstract: An external processing system includes a port to exchange signals with a router. The external processing system also includes a processor to receive, from the router via the port, information representing an operating system and a hypervisor in response to the external processing system being connected to the router via the port. The processor instantiates the operating system and the hypervisor based on the received information. The router includes a port allocated to an external processing system and configured to exchange signals with the external processing system. The router also includes a controller to provide, to the external processing system via the port, information representing the operating system and the hypervisor in response to the external processing system being connected to the external processing system via the port.

Abstract: At a virtualization host which includes an instance partitioning controller, a set of resources is allocated to a compute instance by a virtualization manager. The first compute instance does not include another virtualization manager. In response to a communication from the controller, the virtualization manager allocates a subset of the resources to a child compute instance launched at the virtualization host. An application is executed within the child compute instance.

Abstract: Live process migration in response to real-time performance-based metrics is disclosed. At least one performance metric value that quantifies a performance metric of a first computing device is obtained. It is determined that the at least one performance metric value has an undesirable value. The initiation of a live migration of a process executing on the first computing device to a second computing device is caused based on determining that the at least one performance metric value has the undesirable value.

Abstract: Aspects of the disclosure provide for mechanisms for memory protection of virtual machines in a computer system. A first host page table and a second host page table is generated by a processing device running a hypervisor in view of a guest page table associated with a virtual machine. The first host page table includes a first mapping corresponding to a privileged page of a guest memory and a second mapping corresponding to an unprivileged page of the guest memory. The second host page table includes a third mapping corresponding to the unprivileged page of the guest memory. The first host page table is associated with the virtual machine. In response to detecting a transition from a first guest mode to a second guest mode by the virtual machine, the virtual machine is associated with the second page table.

Abstract: A system and methods for alternate user communication routing are described. Unauthorized users are identified and alternate treatments are provided in order to deter unauthorized access and create opportunities for data collection. The use of a varied set of alternate treatments provides an enhanced view of unauthorized user behavior and an increased ability to track future unauthorized user actions by recording various user identity/communication characteristics specific to known unauthorized users. Alternate treatments may be provided randomly based on a set of alternate treatments previously provided to a specific user, or may be varied based on an identified group of unauthorized users presumed to be acting in concert.

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

Abstract: Systems and methods for supporting asynchronous management of unencrypted memory pages of a virtual machine (VM) are disclosed. In one implementation, a processing device may receive, at a destination hypervisor of a host machine as part of a migration process of a VM, two copies of a memory page of the VM, the two copies comprising: a decrypted copy of the memory page, and an unencrypted copy of the memory page. The processing device may also cause the VM to execute a VM resume code, wherein executing the VM resume code comprises: determining whether the memory page is unencrypted based on a page table of the VM. Responsive to determining that the memory page is unencrypted, the processing device may copy the unencrypted copy of the memory page to a guest memory address.

Abstract: An aspect includes determining, via a processor, context attributes of a storage. Data address translation (DAT) tables are created, via the processor, to map virtual addresses to real addresses within the storage. When detecting, via the processor, that a context attribute of the storage has changed, and the DAT tables are updated based at least in part on the changed context attributes of the storage.

Abstract: A method for executing a virtualized application on a computing system that includes a user-space and a kernel-space is disclosed. The method includes executing an application in the user-space, executing a user-level virtualization layer in the user-space, the user-level virtualization layer including a set of rules, performing, via the user-level virtualization layer, user-level hooking of events that are generated by the executing application according to the set of rules to identify events of interest, and determining whether to allow or block a function corresponding to an event that is identified as an event of interest based on the set of rules in the user-level virtualization layer.

Abstract: Various embodiments are generally directed to virtualized systems. A first guest memory page may be identified based at least in part on a number of accesses to a page table entry for the first guest memory page in a page table by an application executing in a virtual machine (VM) on the processor, the first guest memory page corresponding to a first byte-addressable memory. The execution of the VM and the application on the processor may be paused. The first guest memory page may be migrated to a target memory page in a second byte-addressable memory, the target memory page comprising one of a target host memory page and a target guest memory page, the second byte-addressable memory having an access speed faster than an access speed of the first byte-addressable memory.

Abstract: Improved techniques for dynamically responding to a fluctuating workload. Resources are reactively scaled for memory-intensive applications and automatically adapted to in response to workload changes without requiring pre-specified thresholds. A miss ratio curve (MRC) is generated for an application based on application runtime statistics. This MRC is then modeled as a hyperbola. An area on the hyperbola is identified as satisfying a flatten threshold. A resource allocation threshold is then established based on the identified area. This resource allocation threshold indicates how many resources are to be provisioned for the application. The resources are scaled using a resource scaling policy that is based on the resource allocation threshold.

Abstract: Direct access to host memory for guests is disclosed. For example, a system includes a processor, a host memory, a filesystem daemon, a guest including a storage controller, and a filesystem queue accessible to the filesystem daemon and the storage controller. The storage controller receives a file retrieval request associated with a file stored in the host memory and forwards the file retrieval request to the filesystem daemon by adding the file retrieval request to the filesystem queue. The filesystem daemon retrieves the file retrieval request from the filesystem queue, determines a host memory address (HMA) associated with the file, and causes the HMA to be mapped to a guest memory address (GMA). The guest accesses the file in the host memory with the GMA, and later terminates access to the file, where the filesystem daemon is then configured cause the GMA to be unmapped.

Abstract: Embodiments disclose a system and method for reducing virtual address translation latency in a wide execution engine that implements virtual memory. One example method describes a method comprising receiving a wavefront, classifying the wavefront into a subset based on classification criteria selected to reduce virtual address translation latency associated with a memory support structure, and scheduling the wavefront for processing based on the classifying.

Abstract: A controller may include a memory configured to store a map update list in which information of map segments whose mapping information is to be updated is registered The controller may also include an unmap module. The unmap module may, in response to receiving an unmap command, generate a list information bitmap indicating map segments which are already registered in the map update list, check, using the generate list information bitmap, whether one or more unmap target map segments corresponding to the unmap command overlap the map segments registered in the map update list, using the generate list information bitmap, and selectively register the one or more unmap target map segments into the map update list according to the check result.

Abstract: Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor.

Abstract: Aspects of the disclosure provide for mechanisms for securing virtual machines in a computer system. A method of the disclosure includes: receiving a first resource request initiated by an application running on a virtual machine during initialization of the application; allocating, by a hypervisor, a resource to the application in view of the first resource; and in response to receiving a message indicating completion of the initialization of the application, blocking, by the hypervisor, at least one hypercall initiated by the virtual machine. The completion of the initialization of the application may correspond to initiation of execution of the application using the allocated resource.

Abstract: A virtual disk file, represented by a virtual disk that is offline, is scanned to obtain a binary signature indicating the virtual disk as being an MBR or GPT partitioned disk type. A disk signature is obtained for the MBR partitioned disk. A volume GUID is obtained for the GPT partitioned disk. Partitions on the virtual disk are identified. A system registry hive file is located. The system registry hive file is read to obtain a drive letter and one or more other values associated with the drive letter. A correlation is performed of the disk signature or volume GUID against the one or more other values associated with the drive letter. Based on the correlation, the drive letter is mapped to an identified partition.

Abstract: A computer system includes a translation lookaside buffer (TLB) data cache and a processor. The TLB data cache includes a hierarchical configuration comprising a first TLB array, a second TLB array, a third TLB array, and a fourth TLB array. The processor is configured to receive a first address for translation to a second address, and determine whether translation should be performed using a hierarchical page table or a hashed page table. The processor also determines (using a first portion of the first address) whether the first array stores a mapping of the first portion of the first address in response to determining that the translation should be performed using the hashed page table, and retrieving the second address from the third TLB array or the fourth TLB array in response to determining that the first TLB array stores the mapping of the first portion of the first address.

Abstract: Availability against hardware failure and availability against maintenance are implemented without using dedicated systems. A system is provided, including: a first host computer to execute a first virtual machine for running a first application; and a second host computer to execute a second virtual machine for running a second application, wherein in a redundant operation mode, the second host computer mirrors an executable image of the first virtual machine to an executable image of the second virtual machine while stopping the execution of the second virtual machine, and in a multi-operation mode, the second host computer mirrors an internal state of the first application to an internal state of the second application while executing the second virtual machine in parallel with the first virtual machine.

Abstract: There is provided a method and system with an improved bitmap access control method of file virtualization for large files in sandbox. The process divides a large file to pieces clusters by fixed byte counts, building a mapping relationship between logical view of sandboxed file and physical shadow file on disk. Thus, there is no need to copy an entire file when a file is modified and waste the user's disk storage.

Abstract: Instead of transferring a large original file, such as a virtual-machine image file, from a source system to a target system, the original file is encoded to define a recipe file that is transferred. The recipe is then decoded to yield a duplicate of the original file on the target system. Encoding involves identifying standard blocks in the original file and including standard-block identifiers for the standard blocks in the recipe in lieu of the original blocks. Decoding involves an exchange with a standard-block identifier server system, which provides standard blocks in response to received standard-block identifiers.

Abstract: Methods and apparatus for memory allocation and reallocation in networking stack infrastructures. Unlike prior art monolithic networking stacks, the exemplary networking stack architecture described hereinafter includes various components that span multiple domains (both in-kernel, and non-kernel). For example, unlike traditional “socket” based communication, disclosed embodiments can transfer data directly between the kernel and user space domains. A user space networking stack is disclosed that enables extensible, cross-platform-capable, user space control of the networking protocol stack functionality. The user space networking stack facilitates tighter integration between the protocol layers (including TLS) and the application or daemon. Exemplary systems can support multiple networking protocol stack instances (including an in-kernel traditional network stack). Due to this disclosed architecture, physical memory allocations (and deallocations) may be more flexibly implemented.