Secure virtual machine memory allocation management via dedicated memory pools

摘要

Embodiments are disclosed for recycling memory from a memory pool dedicated to a virtual machine instance. For example, memory sub-pools can be pre-allocated to respective virtual machine instances. Memory scrubbing can be ordinarily performed to avoid data leakage between different customers. However, scrubbing can be inhibited when a given virtual machine reclaims memory previously released to the dedicated pool because the memory remains dedicated to the instance. Further features, such as partition and merge of sub-pools can be supported. Control of the features can be accomplished via API calls as part of a web service.

主权项

1. One or more non-transitory computer-readable storage media comprising computer-executable instructions causing a computing system to perform a method comprising:
managing a memory pool for allocation to virtual machine instances executing in a multi-customer hosting environment; assigning dedicated memory pools out of the memory pool for respective virtual machine instances executing in a multi-customer hosting environment; storing associations between the dedicated memory pools and respective of the virtual machine instances; within the memory pool, maintaining a memory pool for cross-virtual-machine-instance use; during deallocation of memory for a virtual machine instance, reclaiming the memory to the dedicated memory pool for the virtual machine instance; responsive to a ballooning memory allocation request from the virtual machine instance after the virtual machine instance is created, reallocating the memory that was deallocated and reclaimed to the dedicated memory pool to the virtual machine instance without scrubbing, wherein the memory that was deallocated is recycled within the dedicated memory pool and provided back to the virtual machine instance without scrubbing ordinarily performed before memory allocation; and before allocating memory reclaimed to the memory pool for cross-virtual-machine-instance use, scrubbing the memory reclaimed to the memory pool for cross-virtual-machine-instance use.