History
• Virtual Machine concept introduced by IBM in late 1960s.
• It was difficult for Intel x86 to virtualize because it was not satisfying the constraints
Different techniques before Virtualization Support by Hardware• Binary Translation
• Paravirtualization or OS assisted virtualization
Hardware Support – Bird’s-eye View
• In 2006, Intel introduced VT-x
Hardware
OS
User Applications
VMM
Hardware Support – Bird’s-eye View
• In 2006, Intel introduced VT-x
Hardware
OS
User Applications
VMMVMX Root Mode
VMX Non-Root Mode
VT-x Operating Modes
• Set of processor operations called VMX operations
• Two kinds of VMX operation
VT-x Operating Modes
• Set of processor operations called VMX operations
• Two kinds of VMX operation• VMX root operation
• Fully privileged, generally for VMM
VT-x Operating Modes
• Set of processor operations called VMX operations
• Two kinds of VMX operation• VMX root operation
• Fully privileged, generally for VMM
• VMX non-root operation• Not fully privileged, generally for guest
• Reduces the privilege of guest software developed to operate in ring 0
VM Entry and Exit
• Two types of transitions• VM entry
• Transition from VM root operation to VM non root operation
• Loads guest state from VMCS
• Stores VMM state to VMCS
VM Entry and Exit
• Two types of transitions• VM entry
• Transition from VM root operation to VM non root operation
• Loads guest state from VMCS
• Stores VMM state to VMCS
• VM exit• Transition from VM non-root operation to VM root operation
• Stores guest state to VMCS
• Loads VMM state from VMCS
VM Entry and Exit
Guest 0 Guest 1
VMMVMXON VMXOFF
VM EntryVM Exit VM Exit
Picture: Copied from Intel Manual Sept 2014
Virtual Machine Control Structure
• Control Structures stored in memory
• One VMCS active per virtual processor at a time
Virtual Machine Control Structure
• Control Structures stored in memory
• One VMCS active per virtual processor at a time
• Stores guest state, host state, VMX controls and VM-exit information
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
• Exceptions
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
• Exceptions
• Triple Faults
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
• Exceptions
• Triple Faults
• External Interrupts
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
• Exceptions
• Triple Faults
• External Interrupts
• Non-Maskable Interrupts
VM Exits in VMX Non-Root Operation
• Some instructions cause VM-exit unconditionally• e.g. CPUID, INVD, XSETBV, INVEPT, VMCLEAR, VMLAUNCH, etc.
• Some instructions cause VM-exit conditionally based on VM-execution control settings in VMCS• e.g. HLT, INVLPG, MONITOR, VMREAD, etc.
• Exceptions
• Triple Faults
• External Interrupts
• Non-Maskable Interruptsand more…