Systems and methods of tracking page state changes are provided. An input/output is communicatively coupled to a host having a memory. The I/O device receives a command from the host to monitor page state changes in a region of the memory allocated to a process. The I/O device, bypassing a CPU of the host, modifies data stored in the region based on a request, for example, received from a client device via a computer network. The I/O device records the modification to a bitmap by setting a bit in the bitmap that corresponds to a location of the data in the memory. The I/O device transfers contents of the bitmap to the CPU, wherein the CPU completes the live migration by copying sections of the first region indicated by the bitmap to a second region of memory. In some implementations, the process can be a virtual machine, a user space application, or a container.

Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client application, first shared memory in a guest virtual address space of the client application; creating a guest application shared memory channel between the client application and the filesystem server upon request by the client application to a driver in the VM, the driver in communication with the filesystem server, the guest application shared memory channel using the first shared memory; sending authentication information associated with the client application to the filesystem server to create cached authentication information at the filesystem server; and submitting a command in the guest application shared memory channel from the client application to the filesystem server, the command including the authentication information.

A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.

An example memory array page table walk can include using an array of memory cells configured to store a page table. The page table walk can include using sensing circuitry coupled to the array. The page table walk can include using a controller coupled to the array. The controller can be configured to operate the sensing circuitry to determine a physical address of a portion of data by accessing the page table in the array of memory cells. The controller can be configured to operate the sensing circuitry to cause storing of the portion of data in a buffer.

Systems and methods for memory management for nested virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor, wherein the Level 1 hypervisor manages a Level 2 virtual machine, wherein the Level 2 virtual machine is associated with a Peripheral Component Interconnect (PCI) device; generating, by the Level 0 hypervisor, a Level 1 page table by combining records from the guest page table with records from a host page table maintained by the Level 0 hypervisor; generating a Level 2 page table comprising a plurality of Level 2 page table entries; and causing a device driver of the Level 2 virtual machine to use the Level 2 page table for second level address translation.

An embodiment of an integrated circuit comprises circuitry to share page tables associated with a page between a processor memory management unit (MMU) and an input/output memory management unit (IOMMU), store a page table entry in the memory associated with the page, and separately control access to the page from a processor and from a direct memory access (DMA) request based on one or more fields of the stored page table entry. Other embodiments are disclosed and claimed.

Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.

Operating system deactivation of write protection for a storage block is provided absent quiescing of processors in a multi-processor computing environment. The process includes receiving an address translation protection exception interrupt resulting from an attempted write access by a processor to a storage block, and determining by the operating system whether write protection for the storage block is active. Based on write protection for the storage block not being active, the operating system issues an instruction to clear or modify translation lookaside buffer entries of the processor associated with the storage block, absent waiting for an action by another processor of multiple processors of the computing environment, to facilitate write access to the storage block proceeding at the processor.

A virtualized system is provided. The virtualized system includes: a memory device; a processor configured to provide a virtualization environment; a direct memory access device configured to perform a function of direct memory access to the memory device; and a memory management circuit configured to manage a core access of the processor to the memory device and a direct access of the direct memory access device to the memory device. The processor is further configured to provide: a plurality of guest operating systems that run independently from each other on a plurality of virtual machines of the virtualization environment; and a hypervisor configured to control the plurality of virtual machines in the virtualization environment and control the memory management circuit to block the direct access when a target guest operating system controlling the direct memory access device, among the plurality of guest operating systems is rebooted.

In one set of embodiments, a hypervisor of a host system can determine that a delta between local and remote memory access latencies for each of a subset of NUMA nodes of the host system is less than a threshold. In response, the hypervisor can enable page sharing across the subset of NUMA nodes, where enabling page sharing comprises associating the subset of NUMA nodes with a single page sharing table, and where the single page sharing table holds entries identifying host physical memory pages of the host system that are shared by virtual machines (VMs) placed on the subset of NUMA nodes.