A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

The present disclosure relates to devices and methods for providing access to graphics or compute hardware acceleration to applications executing in a guest environment. The devices and methods may provide virtualization support to graphics or compute devices so that graphics or compute devices may be projected inside of a guest environment. The devices and methods may share the physical resources for graphics and compute hardware acceleration by coordinating the use of the graphics or compute hardware acceleration across a spectrum of devices, environments, or platforms.

An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications, to associate both (i) the hosted guest applications and (ii) a first subset of the electronic subsystems of the vehicle with a non-secured domain, to associate a second subset of the electronic subsystems of the vehicle with a secured domain, and to control communication traffic between the secured domain and the non-secured domain of the vehicle in accordance with a security policy.

Hot restart of a hypervisor by replacing a running first hypervisor by a second hypervisor with minimally perceptible downtime to guest partitions. A first hypervisor is executed on a computing system. The first hypervisor is configured to create one or more guest partitions. During the hot restart, a service partition is generated and initialized with a second hypervisor. At least a portion of runtime state of the first hypervisor is migrated and synchronized to the second hypervisor using inverse hypercalls. After the synchronization, the second hypervisor is devirtualized from the service partition to replace the first hypervisor. Devirtualizing includes transferring control of hardware resources from the first hypervisor to the second hypervisor, using the previously migrated and synchronized runtime state.

A virtual machine is dispatched and based on the dispatch, a determination is made as to whether a select area of memory expected to be accessible to the virtual machine and used in communication between the virtual machine and an operating system is accessible to the virtual machine. Based on determining that the select area of memory is inaccessible to the virtual machine, virtual machine execution is exited with a select interception code.

Image subunit based guest scheduling is disclosed. For example, a memory stores an image registry, which stores a plurality of reference entries each associated with subunits hosted on each node of a plurality of nodes. A scheduler executing on a processor manages deployment of guests to the plurality of nodes including a first node and a second node, where a first guest is associated with an image file that includes a first subunit and a second subunit. The image registry is queried for at least one node of the plurality of nodes hosting the first subunit and/or the second subunit and the first node is determined to host the first subunit. The first guest is scheduled to the first node based on the first node hosting the first subunit.

A processor may perform hypervisor operations including managing a virtual machine (VM), wherein the VM supports operation of a guest operating system and an application, managing a virtual trusted platform module (TPM), attaching the virtual TPM to the VM, and causing the virtual TPM to provide a session key to the application and a cloud storage application that controls data storage on one or more physical data storage device. A separate processor may perform cloud storage operations including receiving a session key from a virtual TPM and receiving first encrypted data from an application running in a VM. The operations may further include decrypting the first encrypted data using the session key, performing data reduction operations on the decrypted data to obtain compressed data, encrypting the compressed data using a storage encryption key to obtain second encrypted data, and causing the second encrypted data to be stored in data storage.

Techniques and mechanisms for a host passthrough to be performed based on the execution of a hardware identification instruction with a virtual machine (VM). In an embodiment, a hypervisor process sets a value of a control parameter corresponding to a resource of the VM. The control parameter indicates whether the VM resource is authorized to avail of a host passthrough functionality of a processor which executes the hypervisor process. The control parameter is evaluated, based on a central processing unit identification (CPUID) instruction of a guest operating system which is executed with the VM, to determine whether the CPUID instruction is to result in a host passthrough or a VM exit. In another embodiment, a shared memory resource is searched to determine whether execution of the CPUID instruction is to retrieve information without the use of either the host passthrough or the VM exit.

A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Aspects of the disclosure provide for implementing host address space identifiers for non-uniform memory access (NUMA) locality in virtual machines. A method of the disclosure includes determining, by a virtual machine (VM) executed by a processing device and managed by a hypervisor, that a memory page of the guest is to be moved from a first virtual non-uniform memory access (NUMA) node of the VM to a second virtual NUMA node of the VM. The method further includes updating, by the VM in a guest page table, upper bits of a guest physical address (GPA) of the memory page to include a host address space identifier (HASID) of the second virtual NUMA node, and causing an execution control to be transferred from the VM to the hypervisor due to a page fault resulting from attempting to access the updated GPA.