Systems and methods for providing shared virtual memory addressing support for a host system are disclosed. In one embodiment, a graphics processor includes processing resources to perform graphics operations. A memory management unit (MMU) is coupled to the processing resources. The MMU to support a first virtual address size for managing allocation of non-shared virtual memory and to support a second virtual address size for managing allocation of shared virtual memory that is shared between the graphics processor and a host.

A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Examples include a method of live migrating a virtual device by creating a virtual device in a virtual machine, creating first and second interfaces for the virtual device, transferring data over the first interface, detecting a disconnection of the virtual device from the virtual machine, switching data transfers for the virtual device from the first interface to the second interface, detecting a reconnection of the virtual device to the virtual machine, and switching data transfers for the virtual device from the second interface to the first interface.

A system is provided to perform secure operations. The system includes an I/O subsystem, a memory subsystem and processors. The processors are operative to execute processes in trusted execution environments (TEEs) and rich execution environments (REEs). Each of the TEEs and the REEs is identified by a corresponding access identifier (AID) and protected by a corresponding system resource protection unit (SRPU). The corresponding SRPU of a TEE includes instructions, when executed by a corresponding processor, cause the corresponding processor to control access to the TEE using a data structure including allowed AIDs and pointers to memory locations accessible by the allowed AIDs.

One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.

An example method of managing storage for a containerized application executing in a virtualized computing system having a cluster of hosts and a virtualization layer executing thereon, is described. The method includes receiving, at a supervisor container orchestrator, a request for a first persistent volume lifecycle operation from a guest container orchestrator, the supervisor container orchestrator being part of an orchestration control plane integrated with the virtualization layer and configured to manage a guest cluster and virtual machines (VMs), supported by the virtualization layer, in which the guest cluster executes, the guest container orchestrator being part of the guest cluster; and sending, in response to the first persistent volume lifecycle operation, a request for a second persistent volume lifecycle operation from the supervisor container orchestrator to a storage provider of the virtualized computing system to cause the storage provider to perform an operation on a storage volume.

A virtual machine deployment method, a virtual machine live migration method, a VMM upgrading method, a server, and a computer-readable storage medium are disclosed. The virtual machine deployment method includes: establishing mapping between a host virtual address (HVA) space for a post-upgrading virtual machine and a host physical address (HPA) space for a pre-upgrading virtual machine according to a mapping relationship between a HVA space for the pre-upgrading virtual machine and the HPA space for the pre-upgrading virtual machine. The post-upgrading virtual machine is deployed on a post-upgrading virtual machine monitor (VMM), and the post-upgrading virtual machine is identical in memory configuration with the pre-upgrading virtual machine running on a pre-upgrading VMM (S110).

In one embodiment, a system for managing communication connections in a virtualization environment includes a plurality of host machines implementing a virtualization environment, wherein each of the host machines includes a hypervisor, at least one user virtual machine (user VM), and a distributed file server that includes file server virtual machines (FSVMs) and associated local storage devices. Each FSVM and associated local storage device are local to a corresponding one of the host machines, and the FSVMs conduct I/O transactions with their associated local storage devices based on I/O requests received from the user VMs. Each of the user VMs on each host machine sends each of its respective I/O requests to an FSVM that is selected by one or more of the FSVMs for each I/O request based on a lookup table that maps a storage item referenced by the I/O request to the selected one of the FSVMs.

Techniques are described for sharing prepopulated container image caches among container execution environments to improve the performance of container launches. The container images used to prepopulate such a cache at a computing device supporting one or more container execution environments can include various container images that are used as the basis for a wide range of user-created containers such as, for example, container images representing popular operating system distributions, database servers, web-application frameworks, and so forth. Existing systems typically obtain these container images as needed at runtime when launching containers (for example, from a container registry or other external source), often incurring significant overhead in the container launch process. The use of a prepopulated container image cache can significantly improve the performance of container launches by making such commonly used container images available to container execution environments running at a computing device ahead of time.

An example method of managing memory in a computer system implementing non-uniform memory access (NUMA) by a plurality of sockets each having a processor component and a memory component is described. The method includes replicating page tables for an application executing on a first socket of the plurality of sockets across each of the plurality of sockets; associating metadata for pages of the memory storing the replicated page tables in each of the plurality of sockets; and updating the replicated page tables using the metadata to locate the pages of the memory that store the replicated page tables.