fbpx
Wikipedia

x86 virtualization

January 07, 2023

x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.

In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both Intel (VT-x) and AMD (AMD-V) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits.[1] Greater hardware support, which allowed substantial speed improvements, came with later processor models.

Software-based virtualization

The following discussion focuses only on virtualization of the x86 architecture protected mode.

In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower privilege such as ring 3.[citation needed] In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited access to hardware, just like any other application of the host OS. One approach used in x86 software-based virtualization to overcome this limitation is called ring deprivileging, which involves running the guest OS at a ring higher (lesser privileged) than 0.[2]

Three techniques made virtualization of protected mode possible:

  • Binary translation is used to rewrite in terms of ring 3 instructions certain ring 0 instructions, such as POPF, that would otherwise fail silently or behave differently when executed above ring 0,[3][4]: 3  making the classic trap-and-emulate virtualization impossible.[4]: 1 [5] To improve performance, the translated basic blocks need to be cached in a coherent way that detects code patching (used in VxDs for instance), the reuse of pages by the guest OS, or even self-modifying code.[6]
  • A number of key data structures used by a processor need to be shadowed. Because most operating systems use paged virtual memory, and granting the guest OS direct access to the MMU would mean loss of control by the virtualization manager, some of the work of the x86 MMU needs to be duplicated in software for the guest OS using a technique known as shadow page tables.[7]: 5 [4]: 2  This involves denying the guest OS any access to the actual page table entries by trapping access attempts and emulating them instead in software. The x86 architecture uses hidden state to store segment descriptors in the processor, so once the segment descriptors have been loaded into the processor, the memory from which they have been loaded may be overwritten and there is no way to get the descriptors back from the processor. Shadow descriptor tables must therefore be used to track changes made to the descriptor tables by the guest OS.[5]
  • I/O device emulation: Unsupported devices on the guest OS must be emulated by a device emulator that runs in the host OS.[8]

These techniques incur some performance overhead due to lack of MMU virtualization support, as compared to a VM running on a natively virtualizable architecture such as the IBM System/370.[4]: 10 [9]: 17 and 21 

On traditional mainframes, the classic type 1 hypervisor was self-standing and did not depend on any operating system or run any user applications itself. In contrast, the first x86 virtualization products were aimed at workstation computers, and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that ran under the host OS (type 2 hypervisor).[8]

There has been some controversy whether the x86 architecture with no hardware assistance is virtualizable as described by Popek and Goldberg. VMware researchers pointed out in a 2006 ASPLOS paper that the above techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg, albeit not by the classic trap-and-emulate technique.[4]: 2–3 

A different route was taken by other systems like Denali, L4, and Xen, known as paravirtualization, which involves porting operating systems to run on the resulting virtual machine, which does not implement the parts of the actual x86 instruction set that are hard to virtualize. The paravirtualized I/O has significant performance benefits as demonstrated in the original SOSP'03 Xen paper.[10]

The initial version of x86-64 (AMD64) did not allow for a software-only full virtualization due to the lack of segmentation support in long mode, which made the protection of the hypervisor's memory impossible, in particular, the protection of the trap handler that runs in the guest kernel address space.[11][12]: 11 and 20  Revision D and later 64-bit AMD processors (as a rule of thumb, those manufactured in 90 nm or less) added basic support for segmentation in long mode, making it possible to run 64-bit guests in 64-bit hosts via binary translation. Intel did not add segmentation support to its x86-64 implementation (Intel 64), making 64-bit software-only virtualization impossible on Intel CPUs, but Intel VT-x support makes 64-bit hardware assisted virtualization possible on the Intel platform.[13][14]: 4 

On some platforms, it is possible to run a 64-bit guest on a 32-bit host OS if the underlying processor is 64-bit and supports the necessary virtualization extensions.

Hardware-assisted virtualization

Main article: Hardware-assisted virtualization

In 2005 and 2006, Intel and AMD (working independently) created new processor extensions to the x86 architecture. The first generation of x86 hardware virtualization addressed the issue of privileged instructions. The issue of low performance of virtualized system memory was addressed with MMU virtualization that was added to the chipset later.

Central processing unit

Virtual 8086 mode

Main article: Virtual 8086 mode

Based on painful experiences with the 80286 protected mode, which by itself was not suitable enough to run concurrent DOS applications well, Intel introduced the virtual 8086 mode in their 80386 chip, which offered virtualized 8086 processors on the 386 and later chips. Hardware support for virtualizing the protected mode itself, however, became available 20 years later.[15]

AMD virtualization (AMD-V)

 
AMD Phenom Die

AMD developed its first generation virtualization extensions under the code name "Pacifica", and initially published them as AMD Secure Virtual Machine (SVM),[16] but later marketed them under the trademark AMD Virtualization, abbreviated AMD-V.

On May 23, 2006, AMD released the Athlon 64 ("Orleans"), the Athlon 64 X2 ("Windsor") and the Athlon 64 FX ("Windsor") as the first AMD processors to support this technology.

AMD-V capability also features on the Athlon 64 and Athlon 64 X2 family of processors with revisions "F" or "G" on socket AM2, Turion 64 X2, and Opteron 2nd generation[17] and third-generation,[18] Phenom and Phenom II processors. The APU Fusion processors support AMD-V. AMD-V is not supported by any Socket 939 processors. The only Sempron processors which support it are APUs and Huron, Regor, Sargas desktop CPUs.

AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and Phenom II CPUs, support a second generation hardware virtualization technology called Rapid Virtualization Indexing (formerly known as Nested Page Tables during its development), later adopted by Intel as Extended Page Tables (EPT).

As of 2019, all Zen-based AMD processors support AMD-V.

The CPU flag for AMD-V is "svm". This may be checked in BSD derivatives via dmesg or sysctl and in Linux via /proc/cpuinfo.[19] Instructions in AMD-V include VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, INVLPGA, SKINIT, and STGI.

With some motherboards, users must enable AMD SVM feature in the BIOS setup before applications can make use of it.[20]

Intel virtualization (VT-x)

"Intel VT-x" redirects here. For the Itanium virtualization extensions, see Intel VT-i.
 
Intel Core i7 (Bloomfield) CPU

Previously codenamed "Vanderpool", VT-x represents Intel's technology for virtualization on the x86 platform. On November 13, 2005, Intel released two models of Pentium 4 (Model 662 and 672) as the first Intel processors to support VT-x. The CPU flag for VT-x capability is "vmx"; in Linux, this can be checked via /proc/cpuinfo, or in macOS via sysctl machdep.cpu.features.[19]

"VMX" stands for Virtual Machine Extensions, which adds 13 new instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON, INVEPT, INVVPID, and VMFUNC.[21] These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.

As of 2015, almost all newer server, desktop and mobile Intel processors support VT-x, with some of the Intel Atom processors as the primary exception.[22] With some motherboards, users must enable Intel's VT-x feature in the BIOS setup before applications can make use of it.[23]

Intel started to include Extended Page Tables (EPT),[24] a technology for page-table virtualization,[25] since the Nehalem architecture,[26][27] released in 2008. In 2010, Westmere added support for launching the logical processor directly in real mode – a feature called "unrestricted guest", which requires EPT to work.[28][29]

Since the Haswell microarchitecture (announced in 2013), Intel started to include VMCS shadowing as a technology that accelerates nested virtualization of VMMs.[30] The virtual machine control structure (VMCS) is a data structure in memory that exists exactly once per VM, while it is managed by the VMM. With every change of the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the VM's virtual processor.[31] As soon as more than one VMM or nested VMMs are used, a problem appears in a way similar to what required shadow page table management to be invented, as described above. In such cases, VMCS needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there is no hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware support for VMCS shadowing.[32]

VIA virtualization (VIA VT)

VIA Nano 3000 Series Processors and higher support VIA VT virtualization technology compatible with Intel VT-x.[33] EPT is present in Zhaoxin ZX-C, a descendant of VIA QuadCore-E & Eden X4 similar to Nano C4350AL.[34]

Interrupt virtualization (AMD AVIC and Intel APICv)

In 2012, AMD announced their Advanced Virtual Interrupt Controller (AVIC) targeting interrupt overhead reduction in virtualization environments.[35] This technology, as announced, does not support x2APIC.[36] In 2016, AVIC is available on the AMD family 15h models 6Xh (Carrizo) processors and newer.[37]

Also in 2012, Intel announced a similar technology for interrupt and APIC virtualization, which did not have a brand name at its announcement time.[38] Later, it was branded as APIC virtualization (APICv)[39] and it became commercially available in the Ivy Bridge EP series of Intel CPUs, which is sold as Xeon E5-26xx v2 (launched in late 2013) and as Xeon E5-46xx v2 (launched in early 2014).[40]

Graphics processing unit

Graphics virtualization is not part of the x86 architecture. Intel Graphics Virtualization Technology (GVT) provides graphics virtualization as part of more recent Gen graphics architectures. Although AMD APUs implement the x86-64 instruction set, they implement AMD's own graphics architectures (TeraScale, GCN and RDNA) which do not support graphics virtualization.[citation needed] Larrabee was the only graphics microarchitecture based on x86, but it likely did not include support for graphics virtualization.

Chipset

Main article: I/O virtualization

Memory and I/O virtualization is performed by the chipset.[41] Typically these features must be enabled by the BIOS, which must be able to support them and also be set to use them.

I/O MMU virtualization (AMD-Vi and Intel VT-d)

See also: Input–output memory management unit § Virtualization
 
A Linux kernel log showing AMD-Vi information

An input/output memory management unit (IOMMU) allows guest virtual machines to directly use peripheral devices, such as Ethernet, accelerated graphics cards, and hard-drive controllers, through DMA and interrupt remapping. This is sometimes called PCI passthrough.[42]

An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than the operating system's memory address space, by using memory address translation. At the same time, an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware from compromising memory security.

Both AMD and Intel have released their IOMMU specifications:

  • AMD's I/O Virtualization Technology, "AMD-Vi", originally called "IOMMU"[43]
  • Intel's "Virtualization Technology for Directed I/O" (VT-d),[44] included in most high-end (but not all) newer Intel processors since the Core 2 architecture.[45]

In addition to the CPU support, both motherboard chipset and system firmware (BIOS or UEFI) need to fully support the IOMMU I/O virtualization functionality for it to be usable. Only the PCI or PCI Express devices supporting function level reset (FLR) can be virtualized this way, as it is required for reassigning various device functions between virtual machines.[46][47] If a device to be assigned does not support Message Signaled Interrupts (MSI), it must not share interrupt lines with other devices for the assignment to be possible.[48] All conventional PCI devices routed behind a PCI/PCI-X-to-PCI Express bridge can be assigned to a guest virtual machine only all at once; PCI Express devices have no such restriction.

Network virtualization (VT-c)

  • Intel's "Virtualization Technology for Connectivity" (VT-c).[49]
PCI-SIG Single Root I/O Virtualization (SR-IOV)
Main article: Single-root input/output virtualization

PCI-SIG Single Root I/O Virtualization (SR-IOV) provides a set of general (non-x86 specific) I/O virtualization methods based on PCI Express (PCIe) native hardware, as standardized by PCI-SIG:[50]

  • Address translation services (ATS) supports native IOV across PCI Express via address translation. It requires support for new transactions to configure such translations.
  • Single-root IOV (SR-IOV or SRIOV) supports native IOV in existing single-root complex PCI Express topologies. It requires support for new device capabilities to configure multiple virtualized configuration spaces.[51]
  • Multi-root IOV (MR-IOV) supports native IOV in new topologies (for example, blade servers) by building on SR-IOV to provide multiple root complexes which share a common PCI Express hierarchy.

In SR-IOV, the most common of these, a host VMM configures supported devices to create and allocate virtual "shadows" of their configuration spaces so that virtual machine guests can directly configure and access such "shadow" device resources.[52] With SR-IOV enabled, virtualized network interfaces are directly accessible to the guests,[53] avoiding involvement of the VMM and resulting in high overall performance;[51] for example, SR-IOV achieves over 95% of the bare metal network bandwidth in NASA's virtualized datacenter[54] and in the Amazon Public Cloud.[55][56]

See also

References

  1. ^ A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams and Ole Agesen, VMware, ASPLOS’06 October 21–25, 2006, San Jose, California, USA 2010-08-20 at the Wayback Machine"Surprisingly, we find that the first-generation hardware support rarely offers performance advantages over existing software techniques. We ascribe this situation to high VMM/guest transition costs and a rigid programming model that leaves little room for software flexibility in managing either the frequency or cost of these transitions.
  2. ^ "Intel Virtualization Technology Processor Virtualization Extensions and Intel Trusted execution Technology" (PDF). Intel.com. 2007. (PDF) from the original on 2015-05-21. Retrieved 2016-12-12.
  3. ^ "USENIX Technical Program - Abstract - Security Symposium - 2000". Usenix.org. 2002-01-29. from the original on 2010-06-10. Retrieved 2010-05-02.
  4. ^ a b c d e "A Comparison of Software and Hardware Techniques for x86 Virtualization" (PDF). VMware. (PDF) from the original on 20 August 2010. Retrieved 8 September 2010.
  5. ^ a b U.S. Patent 6,397,242
  6. ^ U.S. Patent 6,704,925
  7. ^ "Virtualization: architectural considerations and other evaluation criteria" (PDF). VMware. (PDF) from the original on 6 February 2011. Retrieved 8 September 2010.
  8. ^ a b U.S. Patent 6,496,847
  9. ^ "VMware and Hardware Assist Technology" (PDF). (PDF) from the original on 2011-07-17. Retrieved 2010-09-08.
  10. ^ "Xen and the Art of Virtualization" (PDF). (PDF) from the original on 2014-09-29.
  11. ^ "How retiring segmentation in AMD64 long mode broke VMware". Pagetable.com. 2006-11-09. from the original on 2011-07-18. Retrieved 2010-05-02.
  12. ^ "VMware and CPU Virtualization Technology" (PDF). VMware. (PDF) from the original on 2011-07-17. Retrieved 2010-09-08.
  13. ^ "VMware KB: Hardware and firmware requirements for 64bit guest operating systems". Kb.vmware.com. from the original on 2010-04-19. Retrieved 2010-05-02.
  14. ^ (PDF). Archived from the original (PDF) on 2010-01-05. Retrieved 2010-05-02.
  15. ^ Yager, Tom (2004-11-05). "Sending software to do hardware's job | Hardware - InfoWorld". Images.infoworld.com. from the original on 2014-10-18. Retrieved 2014-01-08.
  16. ^ "33047_SecureVirtualMachineManual_3-0.book" (PDF). (PDF) from the original on 2012-03-05. Retrieved 2010-05-02.
  17. ^ . amd.com. Archived from the original on April 15, 2009. Retrieved 2012-02-04.
  18. ^ . amd.com. Archived from the original on April 16, 2009. Retrieved 2012-02-04.
  19. ^ a b To see if your processor supports hardware virtualization 2012-11-25 at the Wayback Machine Intel 2012.
  20. ^ Inc, QNAP Systems. "How to enable Intel VTx and AMD SVM? | QNAP". QNAP Systems, Inc. - Network Attached Storage (NAS). Retrieved 2020-12-23.
  21. ^ INTEL (October 2019). "Intel® 64 and IA-32 Architectures Software Developer's Manual". intel.com. Intel Corporation. Retrieved 2020-01-04.
  22. ^ "Intel Virtualization Technology List". Ark.intel.com. Archived from the original on 2010-10-27. Retrieved 2010-05-02.
  23. ^ . Microsoft. Archived from the original on 2010-09-06. Retrieved 2010-09-08.
  24. ^ Neiger, Gil; A. Santoni; F. Leung; D. Rodgers; R. Uhlig (2006). (PDF). Intel Technology Journal. Intel. 10 (3): 167–178. doi:10.1535/itj.1003.01. Archived from the original (PDF) on 2012-09-25. Retrieved 2008-07-06.
  25. ^ Gillespie, Matt (2007-11-12). "Best Practices for Paravirtualization Enhancements from Intel Virtualization Technology: EPT and VT-d". Intel Software Network. Intel. from the original on 2008-12-26. Retrieved 2008-07-06.
  26. ^ "First the Tick, Now the Tock: Next Generation Intel Microarchitecture (Nehalem)" (PDF) (Press release). Intel. (PDF) from the original on 2009-01-26. Retrieved 2008-07-06.
  27. ^ "Technology Brief: Intel Microarchitecture Nehalem Virtualization Technology" (PDF). Intel. 2009-03-25. (PDF) from the original on 2011-06-07. Retrieved 2009-11-03.
  28. ^ [1] "Intel added unrestricted guest mode on Westmere micro-architecture and later Intel CPUs, it uses EPT to translate guest physical address access to host physical address. With this mode, VMEnter without enable paging is allowed."
  29. ^ "If the “unrestricted guest” VM-execution control is 1, the “enable EPT” VM-execution control must also be 1"
  30. ^ "4th-Gen Intel Core vPro Processors with Intel VMCS Shadowing" (PDF). Intel. 2013. Retrieved 2014-12-16.
  31. ^ Understanding Intel Virtualization Technology (VT). September 8, 2014, at the Wayback Machine Retrieved 2014-09-01
  32. ^ The 'what, where and why' of VMCS shadowing. 2014-09-03 at the Wayback Machine Retrieved 2014-09-01
  33. ^ VIA Introduces New VIA Nano 3000 Series Processors January 22, 2013, at the Wayback Machine
  34. ^ "Notebook Solution: Kaixian ZX-C Processor + VX11PH Chipset" (PDF).
  35. ^ Wei Huang, Introduction of AMD Advanced Virtual Interrupt Controller 2014-07-14 at the Wayback Machine, XenSummit 2012
  36. ^ Jörg Rödel (August 2012). "Next-generation Interrupt Virtualization for KVM" (PDF). AMD. (PDF) from the original on 2016-03-04. Retrieved 2014-07-12.
  37. ^ "[Xen-devel] [RFC PATCH 0/9] Introduce AMD SVM AVIC". www.mail-archive.com. from the original on 2 February 2017. Retrieved 4 May 2018.
  38. ^ Jun Nakajimaa (2012-12-13). "Reviewing Unused and New Features for Interrupt/APIC Virtualization" (PDF). Intel. (PDF) from the original on 2015-04-21. Retrieved 2014-07-12.
  39. ^ Khang Nguyen (2013-12-17). "APIC Virtualization Performance Testing and Iozone". software.intel.com. from the original on 2014-07-14. Retrieved 2014-07-12.
  40. ^ "Product Brief Intel Xeon Processor E5-4600 v2 Product Family" (PDF). Intel. 2014-03-14. (PDF) from the original on 2014-07-14. Retrieved 2014-07-12.
  41. ^ "Intel platform hardware support for I/O virtualization". Intel.com. 2006-08-10. from the original on 2007-01-20. Retrieved 2012-02-04.
  42. ^ "Linux virtualization and PCI passthrough". IBM. from the original on 1 November 2009. Retrieved 10 November 2010.
  43. ^ "AMD I/O Virtualization Technology (IOMMU) Specification Revision 1.26" (PDF). (PDF) from the original on 2011-01-24. Retrieved 2011-05-24.
  44. ^ "Intel Virtualization Technology for Directed I/O (VT-d) Architecture Specification". from the original on 2013-04-03. Retrieved 2012-02-04.
  45. ^ "Intel Virtualization Technology for Directed I/O (VT-d) Supported CPU List". Ark.intel.com. Archived from the original on 2010-10-27. Retrieved 2012-02-04.
  46. ^ "PCI-SIG Engineering Change Notice: Function Level Reset (FLR)" (PDF). pcisig.com. 2006-06-27. (PDF) from the original on 2016-03-04. Retrieved 2014-01-10.
  47. ^ "Xen VT-d". xen.org. 2013-06-06. from the original on 2014-02-09. Retrieved 2014-01-10.
  48. ^ "How to assign devices with VT-d in KVM". linux-kvm.org. 2014-04-23. from the original on 2015-03-10. Retrieved 2015-03-05.
  49. ^ "Intel Virtualization Technology for Connectivity (VT-c)" (PDF). Intel.com. (PDF) from the original on 2016-02-22. Retrieved 2018-02-14.
  50. ^ "PCI-SIG I/O Virtualization (IOV) Specifications". Pcisig.com. 2011-03-31. from the original on 2012-01-15. Retrieved 2012-02-04.
  51. ^ a b "Intel Look Inside: Intel Ethernet" (PDF). Intel. November 27, 2014. p. 104. (PDF) from the original on March 4, 2016. Retrieved March 26, 2015.
  52. ^ Yaozu Dong, Zhao Yu, Greg Rose (2008). "SR-IOV Networking in Xen: Architecture, Design and Implementation". usenix.org. USENIX. from the original on 2014-01-09. Retrieved 2014-01-10.{{cite web}}: CS1 maint: uses authors parameter (link)
  53. ^ Patrick Kutch; Brian Johnson; Greg Rose (September 2011). "An Introduction to Intel Flexible Port Partitioning Using SR-IOV Technology" (PDF). Intel. (PDF) from the original on August 7, 2015. Retrieved September 24, 2015.
  54. ^ "NASA's Flexible Cloud Fabric: Moving Cluster Applications to the Cloud" (PDF). Intel. (PDF) from the original on 2012-12-22. Retrieved 2014-01-08.
  55. ^ "Enhanced Networking in the AWS Cloud". Scalable Logic. 2013-12-31. Archived from the original on 2014-01-09. Retrieved 2014-01-08.
  56. ^ "Enhanced Networking in the AWS Cloud - Part 2". Scalable Logic. 2013-12-31. Archived from the original on 2014-01-10. Retrieved 2014-01-08.

External links

  • Everything You Need to Know About the Intel Virtualization Technology Archived at ghostarchive.org at 10 May 2022
  • A special course at the University of San Francisco on Intel EM64T and VT Extensions (2007)
  • 2 day open source & open access class on writing a VT-x VMM

January 07, 2023
virtualization, hardware, assisted, virtualization, capabilities, late, 1990s, achieved, complex, software, techniques, necessary, compensate, processor, lack, hardware, assisted, virtualization, capabilities, while, attaining, reasonable, performance, 2005, 2. x86 virtualization is the use of hardware assisted virtualization capabilities on an x86 x86 64 CPU In the late 1990s x86 virtualization was achieved by complex software techniques necessary to compensate for the processor s lack of hardware assisted virtualization capabilities while attaining reasonable performance In 2005 and 2006 both Intel VT x and AMD AMD V introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits 1 Greater hardware support which allowed substantial speed improvements came with later processor models Contents 1 Software based virtualization 2 Hardware assisted virtualization 2 1 Central processing unit 2 1 1 Virtual 8086 mode 2 1 2 AMD virtualization AMD V 2 1 3 Intel virtualization VT x 2 1 4 VIA virtualization VIA VT 2 1 5 Interrupt virtualization AMD AVIC and Intel APICv 2 2 Graphics processing unit 2 3 Chipset 2 3 1 I O MMU virtualization AMD Vi and Intel VT d 2 3 2 Network virtualization VT c 2 3 2 1 PCI SIG Single Root I O Virtualization SR IOV 3 See also 4 References 5 External linksSoftware based virtualization EditThe following discussion focuses only on virtualization of the x86 architecture protected mode In protected mode the operating system kernel runs at a higher privilege such as ring 0 and applications at a lower privilege such as ring 3 citation needed In software based virtualization a host OS has direct access to hardware while the guest OSs have limited access to hardware just like any other application of the host OS One approach used in x86 software based virtualization to overcome this limitation is called ring deprivileging which involves running the guest OS at a ring higher lesser privileged than 0 2 Three techniques made virtualization of protected mode possible Binary translation is used to rewrite in terms of ring 3 instructions certain ring 0 instructions such as POPF that would otherwise fail silently or behave differently when executed above ring 0 3 4 3 making the classic trap and emulate virtualization impossible 4 1 5 To improve performance the translated basic blocks need to be cached in a coherent way that detects code patching used in VxDs for instance the reuse of pages by the guest OS or even self modifying code 6 A number of key data structures used by a processor need to be shadowed Because most operating systems use paged virtual memory and granting the guest OS direct access to the MMU would mean loss of control by the virtualization manager some of the work of the x86 MMU needs to be duplicated in software for the guest OS using a technique known as shadow page tables 7 5 4 2 This involves denying the guest OS any access to the actual page table entries by trapping access attempts and emulating them instead in software The x86 architecture uses hidden state to store segment descriptors in the processor so once the segment descriptors have been loaded into the processor the memory from which they have been loaded may be overwritten and there is no way to get the descriptors back from the processor Shadow descriptor tables must therefore be used to track changes made to the descriptor tables by the guest OS 5 I O device emulation Unsupported devices on the guest OS must be emulated by a device emulator that runs in the host OS 8 These techniques incur some performance overhead due to lack of MMU virtualization support as compared to a VM running on a natively virtualizable architecture such as the IBM System 370 4 10 9 17 and 21 On traditional mainframes the classic type 1 hypervisor was self standing and did not depend on any operating system or run any user applications itself In contrast the first x86 virtualization products were aimed at workstation computers and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that ran under the host OS type 2 hypervisor 8 There has been some controversy whether the x86 architecture with no hardware assistance is virtualizable as described by Popek and Goldberg VMware researchers pointed out in a 2006 ASPLOS paper that the above techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg albeit not by the classic trap and emulate technique 4 2 3 A different route was taken by other systems like Denali L4 and Xen known as paravirtualization which involves porting operating systems to run on the resulting virtual machine which does not implement the parts of the actual x86 instruction set that are hard to virtualize The paravirtualized I O has significant performance benefits as demonstrated in the original SOSP 03 Xen paper 10 The initial version of x86 64 AMD64 did not allow for a software only full virtualization due to the lack of segmentation support in long mode which made the protection of the hypervisor s memory impossible in particular the protection of the trap handler that runs in the guest kernel address space 11 12 11 and 20 Revision D and later 64 bit AMD processors as a rule of thumb those manufactured in 90 nm or less added basic support for segmentation in long mode making it possible to run 64 bit guests in 64 bit hosts via binary translation Intel did not add segmentation support to its x86 64 implementation Intel 64 making 64 bit software only virtualization impossible on Intel CPUs but Intel VT x support makes 64 bit hardware assisted virtualization possible on the Intel platform 13 14 4 On some platforms it is possible to run a 64 bit guest on a 32 bit host OS if the underlying processor is 64 bit and supports the necessary virtualization extensions Hardware assisted virtualization EditMain article Hardware assisted virtualization In 2005 and 2006 Intel and AMD working independently created new processor extensions to the x86 architecture The first generation of x86 hardware virtualization addressed the issue of privileged instructions The issue of low performance of virtualized system memory was addressed with MMU virtualization that was added to the chipset later Central processing unit Edit Virtual 8086 mode Edit Main article Virtual 8086 mode Based on painful experiences with the 80286 protected mode which by itself was not suitable enough to run concurrent DOS applications well Intel introduced the virtual 8086 mode in their 80386 chip which offered virtualized 8086 processors on the 386 and later chips Hardware support for virtualizing the protected mode itself however became available 20 years later 15 AMD virtualization AMD V Edit AMD Phenom Die AMD developed its first generation virtualization extensions under the code name Pacifica and initially published them as AMD Secure Virtual Machine SVM 16 but later marketed them under the trademark AMD Virtualization abbreviated AMD V On May 23 2006 AMD released the Athlon 64 Orleans the Athlon 64 X2 Windsor and the Athlon 64 FX Windsor as the first AMD processors to support this technology AMD V capability also features on the Athlon 64 and Athlon 64 X2 family of processors with revisions F or G on socket AM2 Turion 64 X2 and Opteron 2nd generation 17 and third generation 18 Phenom and Phenom II processors The APU Fusion processors support AMD V AMD V is not supported by any Socket 939 processors The only Sempron processors which support it are APUs and Huron Regor Sargas desktop CPUs AMD Opteron CPUs beginning with the Family 0x10 Barcelona line and Phenom II CPUs support a second generation hardware virtualization technology called Rapid Virtualization Indexing formerly known as Nested Page Tables during its development later adopted by Intel as Extended Page Tables EPT As of 2019 all Zen based AMD processors support AMD V The CPU flag for AMD V is svm This may be checked in BSD derivatives via dmesg or sysctl and in Linux via proc a href Cpuinfo html class mw redirect title Cpuinfo cpuinfo a 19 Instructions in AMD V include VMRUN VMLOAD VMSAVE CLGI VMMCALL INVLPGA SKINIT and STGI With some motherboards users must enable AMD SVM feature in the BIOS setup before applications can make use of it 20 Intel virtualization VT x Edit Intel VT x redirects here For the Itanium virtualization extensions see Intel VT i Intel Core i7 Bloomfield CPU Previously codenamed Vanderpool VT x represents Intel s technology for virtualization on the x86 platform On November 13 2005 Intel released two models of Pentium 4 Model 662 and 672 as the first Intel processors to support VT x The CPU flag for VT x capability is vmx in Linux this can be checked via proc cpuinfo or in macOS via sysctl machdep cpu features 19 VMX stands for Virtual Machine Extensions which adds 13 new instructions VMPTRLD VMPTRST VMCLEAR VMREAD VMWRITE VMCALL VMLAUNCH VMRESUME VMXOFF VMXON INVEPT INVVPID and VMFUNC 21 These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege ring 0 but the host OS remains protected As of 2015 update almost all newer server desktop and mobile Intel processors support VT x with some of the Intel Atom processors as the primary exception 22 With some motherboards users must enable Intel s VT x feature in the BIOS setup before applications can make use of it 23 Intel started to include Extended Page Tables EPT 24 a technology for page table virtualization 25 since the Nehalem architecture 26 27 released in 2008 In 2010 Westmere added support for launching the logical processor directly in real mode a feature called unrestricted guest which requires EPT to work 28 29 Since the Haswell microarchitecture announced in 2013 Intel started to include VMCS shadowing as a technology that accelerates nested virtualization of VMMs 30 The virtual machine control structure VMCS is a data structure in memory that exists exactly once per VM while it is managed by the VMM With every change of the execution context between different VMs the VMCS is restored for the current VM defining the state of the VM s virtual processor 31 As soon as more than one VMM or nested VMMs are used a problem appears in a way similar to what required shadow page table management to be invented as described above In such cases VMCS needs to be shadowed multiple times in case of nesting and partially implemented in software in case there is no hardware support by the processor To make shadow VMCS handling more efficient Intel implemented hardware support for VMCS shadowing 32 VIA virtualization VIA VT Edit VIA Nano 3000 Series Processors and higher support VIA VT virtualization technology compatible with Intel VT x 33 EPT is present in Zhaoxin ZX C a descendant of VIA QuadCore E amp Eden X4 similar to Nano C4350AL 34 Interrupt virtualization AMD AVIC and Intel APICv Edit In 2012 AMD announced their Advanced Virtual Interrupt Controller AVIC targeting interrupt overhead reduction in virtualization environments 35 This technology as announced does not support x2APIC 36 In 2016 AVIC is available on the AMD family 15h models 6Xh Carrizo processors and newer 37 Also in 2012 Intel announced a similar technology for interrupt and APIC virtualization which did not have a brand name at its announcement time 38 Later it was branded as APIC virtualization APICv 39 and it became commercially available in the Ivy Bridge EP series of Intel CPUs which is sold as Xeon E5 26xx v2 launched in late 2013 and as Xeon E5 46xx v2 launched in early 2014 40 Graphics processing unit Edit Graphics virtualization is not part of the x86 architecture Intel Graphics Virtualization Technology GVT provides graphics virtualization as part of more recent Gen graphics architectures Although AMD APUs implement the x86 64 instruction set they implement AMD s own graphics architectures TeraScale GCN and RDNA which do not support graphics virtualization citation needed Larrabee was the only graphics microarchitecture based on x86 but it likely did not include support for graphics virtualization Chipset Edit Main article I O virtualization Memory and I O virtualization is performed by the chipset 41 Typically these features must be enabled by the BIOS which must be able to support them and also be set to use them I O MMU virtualization AMD Vi and Intel VT d Edit See also Input output memory management unit Virtualization A Linux kernel log showing AMD Vi information An input output memory management unit IOMMU allows guest virtual machines to directly use peripheral devices such as Ethernet accelerated graphics cards and hard drive controllers through DMA and interrupt remapping This is sometimes called PCI passthrough 42 An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than the operating system s memory address space by using memory address translation At the same time an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware from compromising memory security Both AMD and Intel have released their IOMMU specifications AMD s I O Virtualization Technology AMD Vi originally called IOMMU 43 Intel s Virtualization Technology for Directed I O VT d 44 included in most high end but not all newer Intel processors since the Core 2 architecture 45 In addition to the CPU support both motherboard chipset and system firmware BIOS or UEFI need to fully support the IOMMU I O virtualization functionality for it to be usable Only the PCI or PCI Express devices supporting function level reset FLR can be virtualized this way as it is required for reassigning various device functions between virtual machines 46 47 If a device to be assigned does not support Message Signaled Interrupts MSI it must not share interrupt lines with other devices for the assignment to be possible 48 All conventional PCI devices routed behind a PCI PCI X to PCI Express bridge can be assigned to a guest virtual machine only all at once PCI Express devices have no such restriction Network virtualization VT c Edit Intel s Virtualization Technology for Connectivity VT c 49 PCI SIG Single Root I O Virtualization SR IOV Edit Main article Single root input output virtualization PCI SIG Single Root I O Virtualization SR IOV provides a set of general non x86 specific I O virtualization methods based on PCI Express PCIe native hardware as standardized by PCI SIG 50 Address translation services ATS supports native IOV across PCI Express via address translation It requires support for new transactions to configure such translations Single root IOV SR IOV or SRIOV supports native IOV in existing single root complex PCI Express topologies It requires support for new device capabilities to configure multiple virtualized configuration spaces 51 Multi root IOV MR IOV supports native IOV in new topologies for example blade servers by building on SR IOV to provide multiple root complexes which share a common PCI Express hierarchy In SR IOV the most common of these a host VMM configures supported devices to create and allocate virtual shadows of their configuration spaces so that virtual machine guests can directly configure and access such shadow device resources 52 With SR IOV enabled virtualized network interfaces are directly accessible to the guests 53 avoiding involvement of the VMM and resulting in high overall performance 51 for example SR IOV achieves over 95 of the bare metal network bandwidth in NASA s virtualized datacenter 54 and in the Amazon Public Cloud 55 56 See also EditComparison of application virtualization software Comparison of platform virtualization software Hardware assisted virtualization Hypervisor I O virtualization Network virtualization OS level virtualization Timeline of virtualization development Virtual machine List of IOMMU supporting hardware Second Level Address Translation SLAT Message Signaled Interrupts MSI References Edit A Comparison of Software and Hardware Techniques for x86 Virtualization Keith Adams and Ole Agesen VMware ASPLOS 06 October 21 25 2006 San Jose California USA Archived 2010 08 20 at the Wayback Machine Surprisingly we find that the first generation hardware support rarely offers performance advantages over existing software techniques We ascribe this situation to high VMM guest transition costs and a rigid programming model that leaves little room for software flexibility in managing either the frequency or cost of these transitions Intel Virtualization Technology Processor Virtualization Extensions and Intel Trusted execution Technology PDF Intel com 2007 Archived PDF from the original on 2015 05 21 Retrieved 2016 12 12 USENIX Technical Program Abstract Security Symposium 2000 Usenix org 2002 01 29 Archived from the original on 2010 06 10 Retrieved 2010 05 02 a b c d e A Comparison of Software and Hardware Techniques for x86 Virtualization PDF VMware Archived PDF from the original on 20 August 2010 Retrieved 8 September 2010 a b U S Patent 6 397 242 U S Patent 6 704 925 Virtualization architectural considerations and other evaluation criteria PDF VMware Archived PDF from the original on 6 February 2011 Retrieved 8 September 2010 a b U S Patent 6 496 847 VMware and Hardware Assist Technology PDF Archived PDF from the original on 2011 07 17 Retrieved 2010 09 08 Xen and the Art of Virtualization PDF Archived PDF from the original on 2014 09 29 How retiring segmentation in AMD64 long mode broke VMware Pagetable com 2006 11 09 Archived from the original on 2011 07 18 Retrieved 2010 05 02 VMware and CPU Virtualization Technology PDF VMware Archived PDF from the original on 2011 07 17 Retrieved 2010 09 08 VMware KB Hardware and firmware requirements for 64bit guest operating systems Kb vmware com Archived from the original on 2010 04 19 Retrieved 2010 05 02 Software and Hardware Techniques for x86 Virtualization PDF Archived from the original PDF on 2010 01 05 Retrieved 2010 05 02 Yager Tom 2004 11 05 Sending software to do hardware s job Hardware InfoWorld Images infoworld com Archived from the original on 2014 10 18 Retrieved 2014 01 08 33047 SecureVirtualMachineManual 3 0 book PDF Archived PDF from the original on 2012 03 05 Retrieved 2010 05 02 What are the main differences between Second Generation AMD Opteron processors and first generation AMD Opteron processors amd com Archived from the original on April 15 2009 Retrieved 2012 02 04 What virtualization enhancements do Quad Core AMD Opteron processors feature amd com Archived from the original on April 16 2009 Retrieved 2012 02 04 a b To see if your processor supports hardware virtualization Archived 2012 11 25 at the Wayback Machine Intel 2012 Inc QNAP Systems How to enable Intel VTx and AMD SVM QNAP QNAP Systems Inc Network Attached Storage NAS Retrieved 2020 12 23 INTEL October 2019 Intel 64 and IA 32 Architectures Software Developer s Manual intel com Intel Corporation Retrieved 2020 01 04 Intel Virtualization Technology List Ark intel com Archived from the original on 2010 10 27 Retrieved 2010 05 02 Windows Virtual PC Configure BIOS Microsoft Archived from the original on 2010 09 06 Retrieved 2010 09 08 Neiger Gil A Santoni F Leung D Rodgers R Uhlig 2006 Intel Virtualization Technology Hardware Support for Efficient Processor Virtualization PDF Intel Technology Journal Intel 10 3 167 178 doi 10 1535 itj 1003 01 Archived from the original PDF on 2012 09 25 Retrieved 2008 07 06 Gillespie Matt 2007 11 12 Best Practices for Paravirtualization Enhancements from Intel Virtualization Technology EPT and VT d Intel Software Network Intel Archived from the original on 2008 12 26 Retrieved 2008 07 06 First the Tick Now the Tock Next Generation Intel Microarchitecture Nehalem PDF Press release Intel Archived PDF from the original on 2009 01 26 Retrieved 2008 07 06 Technology Brief Intel Microarchitecture Nehalem Virtualization Technology PDF Intel 2009 03 25 Archived PDF from the original on 2011 06 07 Retrieved 2009 11 03 1 Intel added unrestricted guest mode on Westmere micro architecture and later Intel CPUs it uses EPT to translate guest physical address access to host physical address With this mode VMEnter without enable paging is allowed 2 If the unrestricted guest VM execution control is 1 the enable EPT VM execution control must also be 1 4th Gen Intel Core vPro Processors with Intel VMCS Shadowing PDF Intel 2013 Retrieved 2014 12 16 Understanding Intel Virtualization Technology VT Archived September 8 2014 at the Wayback Machine Retrieved 2014 09 01 The what where and why of VMCS shadowing Archived 2014 09 03 at the Wayback Machine Retrieved 2014 09 01 VIA Introduces New VIA Nano 3000 Series Processors Archived January 22 2013 at the Wayback Machine Notebook Solution Kaixian ZX C Processor VX11PH Chipset PDF Wei Huang Introduction of AMD Advanced Virtual Interrupt Controller Archived 2014 07 14 at the Wayback Machine XenSummit 2012 Jorg Rodel August 2012 Next generation Interrupt Virtualization for KVM PDF AMD Archived PDF from the original on 2016 03 04 Retrieved 2014 07 12 Xen devel RFC PATCH 0 9 Introduce AMD SVM AVIC www mail archive com Archived from the original on 2 February 2017 Retrieved 4 May 2018 Jun Nakajimaa 2012 12 13 Reviewing Unused and New Features for Interrupt APIC Virtualization PDF Intel Archived PDF from the original on 2015 04 21 Retrieved 2014 07 12 Khang Nguyen 2013 12 17 APIC Virtualization Performance Testing and Iozone software intel com Archived from the original on 2014 07 14 Retrieved 2014 07 12 Product Brief Intel Xeon Processor E5 4600 v2 Product Family PDF Intel 2014 03 14 Archived PDF from the original on 2014 07 14 Retrieved 2014 07 12 Intel platform hardware support for I O virtualization Intel com 2006 08 10 Archived from the original on 2007 01 20 Retrieved 2012 02 04 Linux virtualization and PCI passthrough IBM Archived from the original on 1 November 2009 Retrieved 10 November 2010 AMD I O Virtualization Technology IOMMU Specification Revision 1 26 PDF Archived PDF from the original on 2011 01 24 Retrieved 2011 05 24 Intel Virtualization Technology for Directed I O VT d Architecture Specification Archived from the original on 2013 04 03 Retrieved 2012 02 04 Intel Virtualization Technology for Directed I O VT d Supported CPU List Ark intel com Archived from the original on 2010 10 27 Retrieved 2012 02 04 PCI SIG Engineering Change Notice Function Level Reset FLR PDF pcisig com 2006 06 27 Archived PDF from the original on 2016 03 04 Retrieved 2014 01 10 Xen VT d xen org 2013 06 06 Archived from the original on 2014 02 09 Retrieved 2014 01 10 How to assign devices with VT d in KVM linux kvm org 2014 04 23 Archived from the original on 2015 03 10 Retrieved 2015 03 05 Intel Virtualization Technology for Connectivity VT c PDF Intel com Archived PDF from the original on 2016 02 22 Retrieved 2018 02 14 PCI SIG I O Virtualization IOV Specifications Pcisig com 2011 03 31 Archived from the original on 2012 01 15 Retrieved 2012 02 04 a b Intel Look Inside Intel Ethernet PDF Intel November 27 2014 p 104 Archived PDF from the original on March 4 2016 Retrieved March 26 2015 Yaozu Dong Zhao Yu Greg Rose 2008 SR IOV Networking in Xen Architecture Design and Implementation usenix org USENIX Archived from the original on 2014 01 09 Retrieved 2014 01 10 a href Template Cite web html title Template Cite web cite web a CS1 maint uses authors parameter link Patrick Kutch Brian Johnson Greg Rose September 2011 An Introduction to Intel Flexible Port Partitioning Using SR IOV Technology PDF Intel Archived PDF from the original on August 7 2015 Retrieved September 24 2015 NASA s Flexible Cloud Fabric Moving Cluster Applications to the Cloud PDF Intel Archived PDF from the original on 2012 12 22 Retrieved 2014 01 08 Enhanced Networking in the AWS Cloud Scalable Logic 2013 12 31 Archived from the original on 2014 01 09 Retrieved 2014 01 08 Enhanced Networking in the AWS Cloud Part 2 Scalable Logic 2013 12 31 Archived from the original on 2014 01 10 Retrieved 2014 01 08 External links EditEverything You Need to Know About the Intel Virtualization Technology Archived at ghostarchive org at 10 May 2022 A special course at the University of San Francisco on Intel EM64T and VT Extensions 2007 2 day open source amp open access class on writing a VT x VMM Retrieved from https en wikipedia org w index php title X86 virtualization amp oldid 1120646014, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.