Techniques for on-the-fly adaptation of remembered set data structures are disclosed. Operations include initiating execution of an application thread and a garbage collection process for a heap memory including a first plurality of logical partitions, wherein each logical partition of the first plurality of logical partitions is associated with a remembered set data structure. While the application thread and the garbage collection process are executing, the system determines a set of characteristics. Based on the set of characteristics meeting threshold criteria for adjusting a first remembered set data structure corresponding to a first logical partition, the system identifies a first remembered set configuration corresponding to the first remembered set data structure, creates a replacement remembered set data structure based on the first remembered set configuration, and associates the replacement remembered set data structure with the first logical partition.

A virtual compute instance is migrated between hosts using remote direct memory access (RDMA). The hosts are equipped with RDMA-enabled network interface controllers for carrying out RDMA operations between them. Upon failure of a first host and copying of page tables of the virtual compute instance to the first host's memory, a first RDMA operation is performed to transfer the page tables from the first host's memory to the second host's memory. Then, second RDMA operations are performed to transfer data pages of the virtual compute instance from the first host's memory to the second host's memory, with references to memory locations of the data pages specified in the page tables. The page tables of the virtual compute instance are reconstructed to reference memory locations of the data pages in the second host's memory and stored therein.

Systems and methods for memory management for virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor which manages a Level 2 virtual machine. The Level 1 hypervisor may detecting execution of an operation that prevents modification to a set of entries in a Level 2 page table and generate a shadow page table where each shadow page table entry of the plurality of shadow page table entries maps a Level 2 guest virtual address of a Level 2 address space associated with the Level 2 virtual machine to a corresponding Level 1 guest physical address of a Level 1 address space associated with the Level 1 virtual machine. The Level 0 hypervisor may generate a Level 0 page table.

An electronic device includes one or more processors and a cache that stores data entries. The electronic device transmits a request for translation of a first address to the cache. In accordance with a determination that the request is not satisfied by the data entries in the cache, the electronic device transmits the request to memory that is distinct from the cache, and receives data including a second address corresponding to the first address. In accordance with a determination that the data does not satisfy cache promotion criteria, the electronic device replaces an entry at a first priority level in the cache with the data. In accordance with a determination that the data satisfies the cache promotion criteria, the electronic device replaces an entry at a second priority level that is a higher priority level than the first priority level in the cache with the data including the second address.

Embodiments of apparatuses, methods, and systems for unified address translation for virtualization of input/output devices are described. In an embodiment, an apparatus includes first circuitry to use at least an identifier of a device to locate a context entry and second circuitry to use at least a process address space identifier (PASID) to locate a PASID-entry. The context entry is to include at least one of a page-table pointer to a page-table translation structure and a PASID. The PASID-entry is to include at least one of a first-level page-table pointer to a first-level translation structure and a second-level page-table pointer to a second-level translation structure. The PASID is to be supplied by the device. At least one of the apparatus, the context entry, and the PASID entry is to include one or more control fields to indicate whether the first-level page-table pointer or the second-level page-table pointer is to be used.

Systems and methods of tracking page state changes are provided. An input/output is communicatively coupled to a host having a memory. The I/O device receives a command from the host to monitor page state changes in a region of the memory allocated to a process. The I/O device, bypassing a CPU of the host, modifies data stored in the region based on a request, for example, received from a client device via a computer network. The I/O device records the modification to a bitmap by setting a bit in the bitmap that corresponds to a location of the data in the memory. The I/O device transfers contents of the bitmap to the CPU, wherein the CPU completes the live migration by copying sections of the first region indicated by the bitmap to a second region of memory. In some implementations, the process can be a virtual machine, a user space application, or a container.

Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client application, first shared memory in a guest virtual address space of the client application; creating a guest application shared memory channel between the client application and the filesystem server upon request by the client application to a driver in the VM, the driver in communication with the filesystem server, the guest application shared memory channel using the first shared memory; sending authentication information associated with the client application to the filesystem server to create cached authentication information at the filesystem server; and submitting a command in the guest application shared memory channel from the client application to the filesystem server, the command including the authentication information.

Methods, systems, and apparatuses provide support for multiple address spaces in order to facilitate data movement. One apparatus includes an input/output memory management unit (IOMMU) comprising: a plurality of memory-mapped input/output (MMIO) registers that map memory address spaces belonging to the IOMMU and at least a second IOMMU; and hardware control logic operative to: synchronize the plurality of MMIO registers of the at least the second IOMMU; receive, from a peripheral component endpoint coupled to the IOMMU, a direct memory access (DMA) request, the DMA request to a memory address space belonging to the at least the second IOMMU; access the plurality of MMIO registers of the IOMMU based on context data of the DMA request; and access, from the IOMMU, a function assigned to the memory address space belonging to the at least the second IOMMU based on the accessed plurality of MMIO registers.

A system includes a memory and a processor. The memory is in communication with the processor and configured to initialize a secure interface configured to provide access to a virtual machine (VM) from a device, where the VM is associated with a level of security. A buffer is allocated and associated with the secure interface, where the level of security of the VM indicates whether the device has access to guest memory of the VM via the buffer. The buffer is then provided to the device. Inputs/outputs (I/Os) are sent between the device and the VM using the secure interface.

A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.