Академический Документы
Профессиональный Документы
Культура Документы
From Wikipedia, the free encyclopedia
In computing, x86 virtualization refers to hardware virtualization for the x86 architecture. It allows multiple
operating systems to simultaneously share x86 processor resources in a safe and efficient manner.
In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the
processor's lack of virtualization support while attaining reasonable performance. In 2006, both Intel (VTx) and
AMD (AMDV) introduced limited hardware virtualization support that allowed simpler virtualization software
but offered very little speed benefits.[1] Greater hardware support, which allowed substantial speed improvements,
came with later processor models.
Contents
1 Softwarebased virtualization
2 Hardwareassisted virtualization
2.1 Central processing unit
2.1.1 Virtual 8086 mode
2.1.2 AMD virtualization (AMDV)
2.1.3 Intel virtualization (VTx)
2.1.4 VIA virtualization (VIA VT)
2.1.5 Interrupt virtualization (AMD AVIC and Intel APICv)
2.2 Graphics processing unit
2.2.1 Graphics Virtualization Technology (Intel GVTd, GVTg and GVTs)
2.3 Chipset
2.3.1 I/O MMU virtualization (AMDVi and Intel VTd)
2.3.2 Network virtualization (VTc)
2.3.2.1 PCISIG Single Root I/O Virtualization (SRIOV)
3 See also
4 References
5 External links
Softwarebased virtualization
The following discussion focuses only on virtualization of the x86 architecture protected mode.
In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower
privilege such as ring 3. In softwarebased virtualization, a host OS has direct access to hardware while the guest
OSs have limited access to hardware, just like any other application of the host OS. One approach used in x86
softwarebased virtualization to overcome this limitation is called ring deprivileging, which involves running the
guest OS at a ring higher than 0.[2]
Three techniques made virtualization of protected mode possible:
Binary translation is used to rewrite in terms of ring 3 instructions certain ring 0 instructions, such as POPF,
that would otherwise fail silently or behave differently when executed above ring 0,[3][4]:3 making the classic
trapandemulate virtualization impossible.[4]:1[5] To improve performance, the translated basic blocks need
to be cached in a coherent way that detects code patching (used in VxDs for instance), the reuse of pages by
the guest OS, or even selfmodifying code.[6]
A number of key data structures used by a processor need to be shadowed. Because most operating systems
use paged virtual memory, and granting the guest OS direct access to the MMU would mean loss of control
by the virtualization manager, some of the work of the x86 MMU needs to be duplicated in software for the
guest OS using a technique known as shadow page tables.[7]:5[4]:2 This involves denying the guest OS any
access to the actual page table entries by trapping access attempts and emulating them instead in software.
The x86 architecture uses hidden state to store segment descriptors in the processor, so once the segment
descriptors have been loaded into the processor, the memory from which they have been loaded may be
overwritten and there is no way to get the descriptors back from the processor. Shadow descriptor tables
must therefore be used to track changes made to the descriptor tables by the guest OS.[5]
I/O device emulation: Unsupported devices on the guest OS must be emulated by a device emulator that runs
in the host OS.[8]
These techniques incur some performance overhead due to lack of MMU virtualization support, as compared to a
VM running on a natively virtualizable architecture such as the IBM System/370.[4]:10[9]:17 and 21
On traditional mainframes, the classic type 1 hypervisor was selfstanding and did not depend on any operating
system or run any user applications itself. In contrast, the first x86 virtualization products were aimed at
workstation computers, and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that
ran under the host OS (type 2 hypervisor).[8]
There has been some controversy whether the x86 architecture with no hardware assistance is virtualizable as
described by Popek and Goldberg. VMware researchers pointed out in a 2006 ASPLOS paper that the above
techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg,
albeit not by the classic trapandemulate technique.[4]:2–3
A different route was taken by other systems like Denali, L4, and Xen, known as paravirtualization, which
involves porting operating systems to run on the resulting virtual machine, which does not implement the parts of
the actual x86 instruction set that are hard to virtualize. The paravirtualized I/O has significant performance
benefits as demonstrated in the original SOSP'03 Xen paper.[10]
The initial version of x8664 (AMD64) did not allow for a softwareonly full virtualization due to the lack of
segmentation support in long mode, which made the protection of the hypervisor's memory impossible, in
particular, the protection of the trap handler that runs in the guest kernel address space.[11][12]:11 and 20 Revision D
and later 64bit AMD processors (as a rule of thumb, those manufactured in 90 nm or less) added basic support for
segmentation in long mode, making it possible to run 64bit guests in 64bit hosts via binary translation. Intel did
not add segmentation support to its x8664 implementation (Intel 64), making 64bit softwareonly virtualization
impossible on Intel CPUs, but Intel VTx support makes 64bit hardware assisted virtualization possible on the
Intel platform.[13][14]:4
On some platforms, it is possible to run a 64bit guest on a 32bit host OS if the underlying processor is 64bit and
supports the necessary virtualization extensions.
Hardwareassisted virtualization
In 2005 and 2006, Intel and AMD (working independently) created new processor extensions to the x86
architecture. The first generation of x86 hardware virtualization addressed the issue of privileged instructions. The
issue of low performance of virtualized system memory was addressed with MMU virtualization that was added to
the chipset later.
Central processing unit
Virtual 8086 mode
Based on painful experiences with the 80286 protected mode, which by itself was not suitable enough to run
concurrent MSDOS applications well, Intel introduced the virtual 8086 mode in their 80386 chip, which offered
virtualized 8086 processors on the 386 and later chips. Hardware support for virtualizing the protected mode itself,
however, became available 20 years later.[15]
AMD virtualization (AMDV)
AMD developed its first generation virtualization extensions under the code
name "Pacifica", and initially published them as AMD Secure Virtual
Machine (SVM),[16] but later marketed them under the trademark AMD
Virtualization, abbreviated AMDV.
On May 23, 2006, AMD released the Athlon 64 ("Orleans"), the Athlon 64
X2 ("Windsor") and the Athlon 64 FX ("Windsor") as the first AMD
processors to support this technology.
AMDV capability also features on the Athlon 64 and Athlon 64 X2 family
of processors with revisions "F" or "G" on socket AM2, Turion 64 X2, and
Opteron 2nd generation[17] and thirdgeneration,[18] Phenom and Phenom II
processors. The APU Fusion processors support AMDV. AMDV is not
supported by any Socket 939 processors. The only Sempron processors
which support it are Huron and Sargas. AMD Phenom CPU
AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and
Phenom II CPUs, support a second generation hardware virtualization technology called Rapid Virtualization
Indexing (formerly known as Nested Page Tables during its development), later adopted by Intel as Extended Page
Tables (EPT).
The CPU flag for AMDV is "svm". This may be checked in BSD derivatives via dmesg or sysctl and in Linux via
/proc/cpuinfo.[19]
Intel virtualization (VTx)
Previously codenamed "Vanderpool", VTx represents Intel's technology
for virtualization on the x86 platform. On November 13, 2005, Intel
released two models of Pentium 4 (Model 662 and 672) as the first Intel
processors to support VTx. The CPU flag for VTx capability is "vmx";
in Linux, this can be checked via /proc/cpuinfo, or in Mac OS X via
sysctl machdep.cpu.features.[19]
As of 2015, almost all newer server, desktop and mobile Intel processors
support VTx, with some of the Intel Atom processors as the primary
exception.[20] With some motherboards, users must enable Intel's VTx
feature in the BIOS setup before applications can make use of it.[21] Intel Core i7 (Bloomfield) CPU
Intel started to include Extended Page Tables (EPT),[22] a technology for pagetable virtualization,[23] since the
Nehalem architecture,[24][25] released in 2008. In 2010, Westmere added support for launching the logical
processor directly in real mode – a feature called "unrestricted guest", which requires EPT to work.[26][27]
Since the Haswell microarchitecture (announced in 2013), Intel started to include VMCS shadowing as a
technology that accelerates nested virtualization of VMMs.[28] The virtual machine control structure (VMCS) is a
data structure in memory that exists exactly once per VM, while it is managed by the VMM. With every change of
the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the
VM's virtual processor.[29] As soon as more than one VMM or nested VMMs are used, a problem appears in a way
similar to what required shadow page table management to be invented, as described above. In such cases, VMCS
needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there is no
hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware
support for VMCS shadowing.[30]
VIA virtualization (VIA VT)
VIA Nano 3000 Series Processors[31] and higher support a socalled VIA VT virtualization technology compatible
with Intel VT.
Interrupt virtualization (AMD AVIC and Intel APICv)
In 2012, AMD announced their Advanced Virtual Interrupt Controller (AVIC) targeting interrupt overhead
reduction in virtualization environments.[32] This technology has yet to materialize in hardware and (as announced)
does not support x2APIC.[33]
Also in 2012, Intel announced a similar technology for interrupt and APIC virtualization, which did not have a
brand name at its announcement time.[34] Later, it was branded as APIC virtualization (APICv)[35] and it became
commercially available in the Ivy Bridge EP series of Intel CPUs, which is sold as Xeon E526xx v2 (launched in
late 2013) and as Xeon E546xx v2 (launched in early 2014).[36]
Graphics processing unit
Graphics Virtualization Technology (Intel GVTd, GVTg and GVTs)
Graphics Virtualization Technology was introduced with Intel Iris Pro. Intel's integrated GPU can be either
dedicatedly assigned to a virtual machine (GVTd), shared between multiple virtual machines on a timesharing
basis while using native graphics driver (GVTg), or shared between multiple virtual machines by using a virtual
graphics driver (GVTs).[37]
Chipset
Memory and I/O virtualization is performed by the chipset.[38] Typically these features must be enabled by the
BIOS, which must be able to support them and also be set to use them.
I/O MMU virtualization (AMDVi and Intel VTd)
An input/output memory management unit (IOMMU) allows guest virtual machines to directly use peripheral
devices, such as Ethernet, accelerated graphics cards, and harddrive controllers, through DMA and interrupt
remapping. This is sometimes called PCI passthrough.[39]
An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to
communicate with peripheral devices whose memory address spaces are smaller than the operating system's
memory address space, by using memory address translation. At the same time, an IOMMU also allows operating
systems and hypervisors to prevent buggy or malicious hardware from compromising memory security.
Both AMD and Intel have released their IOMMU specifications:
AMD's I/O Virtualization Technology, "AMDVi", originally called "IOMMU".[40]
Intel's "Virtualization Technology for Directed I/O" (VTd),[41] included in most highend (but not all)
Nehalem and newer Intel processors.[42]
In addition to the CPU support, both motherboard chipset and system firmware (BIOS or UEFI) need to fully
support the IOMMU I/O virtualization functionality in order for it to be actually usable. Only the PCI or PCI
Express devices supporting function level reset (FLR) can be virtualized this way, as it is required for reassigning
various device functions between virtual machines.[43][44] If a device to be assigned does not support Message
Signaled Interrupts (MSI), it must not share interrupt lines with other devices for the assignment to be possible.[45]
All conventional PCI devices routed behind a PCI/PCIXtoPCI Express bridge can be assigned to a guest virtual
machine only all at once; PCI Express devices have no such restriction.
Network virtualization (VTc)
Intel's "Virtualization Technology for Connectivity" (VTc).[46]
PCISIG Single Root I/O Virtualization (SRIOV)
PCISIG Single Root I/O Virtualization (SRIOV) provides a set of general (nonx86 specific) I/O virtualization
methods based on PCI Express (PCIe) native hardware, as standardized by PCISIG:[47]
Address translation services (ATS) supports native IOV across PCI Express via address translation. It
requires support for new transactions to configure such translations.
Singleroot IOV (SRIOV or SRIOV) supports native IOV in existing singleroot complex PCI Express
topologies. It requires support for new device capabilities to configure multiple virtualized configuration
spaces.[48]
Multiroot IOV (MRIOV) supports native IOV in new topologies (for example, blade servers) by building on
SRIOV to provide multiple root complexes which share a common PCI Express hierarchy.
In SRIOV, the most common of these, a host VMM configures supported devices to create and allocate virtual
"shadows" of their configuration spaces so that virtual machine guests can directly configure and access such
"shadow" device resources.[49] With SRIOV enabled, virtualized network interfaces are directly accessible to the
guests,[50] avoiding involvement of the VMM and resulting in high overall performance;[48] for example, SRIOV
achieves over 95% of the bare metal network bandwidth in NASA's virtualized datacenter[51] and in the Amazon
Public Cloud.[52][53]
See also
Comparison of application virtual machines
Comparison of platform virtualization software
Hardwareassisted virtualization
Hypervisor
I/O virtualization
Network virtualization
Operating systemlevel virtualization
Timeline of virtualization development
Virtual machine
List of IOMMUsupporting hardware
Second Level Address Translation (SLAT)
Message Signaled Interrupts (MSI)
References
1. A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams and Ole Agesen, VMware,
ASPLOS’06 October 21–25, 2006, San Jose, California, USA
(http://www.vmware.com/pdf/asplos235_adams.pdf)"Surprisingly, we find that the firstgeneration hardware support
rarely offers performance advantages over existing software techniques. We ascribe this situation to high VMM/guest
transition costs and a rigid programming model that leaves little room for software flexibility in managing either the
frequency or cost of these transitions.
2. "Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization". Intel.com. 20060810.
Retrieved 20100502.
3. "USENIX Technical Program Abstract Security Symposium 2000". Usenix.org. 20020129. Retrieved 20100502.
4. "A Comparison of Software and Hardware Techniques for x86 Virtualization" (PDF). VMware. Retrieved 8 September
2010.
5. U.S. Patent 6,397,242 (https://www.google.com/patents/US6397242)
6. U.S. Patent 6,704,925 (https://www.google.com/patents/US6704925)
7. "Virtualization: architectural considerations and other evaluation criteria" (PDF). VMware. Retrieved 8 September 2010.
8. U.S. Patent 6,496,847 (https://www.google.com/patents/US6496847)
9. "VMware and Hardware Assist Technology" (PDF). Retrieved 20100908.
10. "Xen and the Art of Virtualization" (PDF).
11. "How retiring segmentation in AMD64 long mode broke VMware". Pagetable.com. 20061109. Retrieved 20100502.
12. "VMware and CPU Virtualization Technology" (PDF). VMware. Retrieved 20100908.
13. "VMware KB: Hardware and firmware requirements for 64bit guest operating systems". Kb.vmware.com. Retrieved
20100502.
14. "Software and Hardware Techniques for x86 Virtualization" (PDF). Retrieved 20100502.
15. Yager, Tom (20041105). "Sending software to do hardware's job | Hardware InfoWorld". Images.infoworld.com.
Retrieved 20140108.
16. "33047_SecureVirtualMachineManual_30.book" (PDF). Retrieved 20100502.
17. "What are the main differences between SecondGeneration AMD Opteron processors and firstgeneration AMD Opteron
processors?". amd.com. Archived from the original on April 15, 2009. Retrieved 20120204.
18. "What virtualization enhancements do QuadCore AMD Opteron processors feature?". amd.com. Archived from the
original on April 16, 2009. Retrieved 20120204.
19. To see if your processor supports hardware virtualization (http://software.intel.com/enus/blogs/2012/03/12/howtostarti
ntelhardwareassistedvirtualizationhypervisoronlinuxtospeedupintelandroidx86gingerbreademulator) Intel
2012.
20. "Intel Virtualization Technology List". Ark.intel.com. Retrieved 20100502.
21. "Windows Virtual PC: Configure BIOS". Microsoft. Retrieved 20100908.
22. Neiger, Gil; A. Santoni; F. Leung; D. Rodgers; R. Uhlig. "Intel Virtualization Technology: Hardware Support for
Efficient Processor Virtualization" (PDF). Intel Technology Journal (Intel) 10 (3): 167–178. doi:10.1535/itj.1003.01.
Retrieved 20080706.
23. Gillespie, Matt (20071112). "Best Practices for Paravirtualization Enhancements from Intel Virtualization Technology:
EPT and VTd". Intel Software Network. Intel. Retrieved 20080706.
24. "First the Tick, Now the Tock: Next Generation Intel Microarchitecture (Nehalem)" (PDF) (Press release). Intel. Retrieved
20080706.
25. "Technology Brief: Intel Microarchitecture Nehalem Virtualization Technology" (PDF). Intel. 20090325. Retrieved
20091103.
26. http://2013.asiabsdcon.org/papers/abc2013P5Apaper.pdf: "Intel added unrestricted guest mode on Westmere micro
architecture and later Intel CPUs, it uses EPT to translate guest physical address access to host physical address. With
this mode, VMEnter without enable paging is allowed."
27. http://download.intel.com/products/processor/manual/326019.pdf: "If the “unrestricted guest” VMexecution control is 1,
the “enable EPT” VMexecution control must also be 1"
28. "4thGen Intel Core vPro Processors with Intel VMCS Shadowing" (PDF). Intel. 2013. Retrieved 20141216.
29. Understanding Intel Virtualization Technology (VT). (http://download.microsoft.com/download/9/8/f/98f3fe47dfc34e74
92a3088782200fe7/TWAR05015_WinHEC05.ppt) Retrieved 20140901
30. The 'what, where and why' of VMCS shadowing. (http://searchservervirtualization.techtarget.com/feature/Thewhatwhere
andwhyofVMCSshadowing) Retrieved 20140901
31. VIA Introduces New VIA Nano 3000 Series Processors (http://www.via.com.tw/en/resources/pressroom/pressrelease.jsp?
press_release_no=4247)
32. Wei Huang, Introduction of AMD Advanced Virtual Interrupt Controller (http://www.slideshare.net/xen_com_mgr/introdu
ctionofamdvirtualinterruptcontroller), XenSummit 2012
33. Jörg Rödel (August 2012). "Nextgeneration Interrupt Virtualization for KVM" (PDF). AMD. Retrieved 20140712.
34. Jun Nakajimaa (20121213). "Reviewing Unused and New Features for Interrupt/APIC Virtualization" (PDF). Intel.
Retrieved 20140712.
35. Khang Nguyen (20131217). "APIC Virtualization Performance Testing and Iozone". software.intel.com. Retrieved
20140712.
36. "Product Brief Intel Xeon Processor E54600 v2 Product Family" (PDF). Intel. 20140314. Retrieved 20140712.
37. Sunil Jain (May 2014). "Intel Graphics Virtualization Update". Intel. Retrieved 20140511.
38. "Intel platform hardware support for I/O virtualization". Intel.com. 20060810. Retrieved 20120204.
39. "Linux virtualization and PCI passthrough". IBM. Retrieved 10 November 2010.
40. "AMD I/O Virtualization Technology (IOMMU) Specification Revision 1.26" (PDF). Retrieved 20110524.
41. "Intel Virtualization Technology for Directed I/O (VTd) Architecture Specification" (PDF). Retrieved 20120204.
42. "Intel Virtualization Technology for Directed I/O (VTd) Supported CPU List". Ark.intel.com. Retrieved 20120204.
43. "PCISIG Engineering Change Notice: Function Level Reset (FLR)" (PDF). pcisig.com. 20060627. Retrieved
20140110.
44. "Xen VTd". xen.org. 20130606. Retrieved 20140110.
45. "How to assign devices with VTd in KVM". linuxkvm.org. 20140423. Retrieved 20150305.
46. "Intel Virtualization Technology for Connectivity (VTc)". Intel.com. Retrieved 20140527.
47. "PCISIG I/O Virtualization (IOV) Specifications". Pcisig.com. 20110331. Retrieved 20120204.
48. "Intel Look Inside: Intel Ethernet" (PDF). Intel. November 27, 2014. p. 104. Retrieved March 26, 2015.
49. Yaozu Dong, Zhao Yu, Greg Rose (2008). "SRIOV Networking in Xen: Architecture, Design and Implementation".
usenix.org. USENIX. Retrieved 20140110.
50. Patrick Kutch; Brian Johnson; Greg Rose (September 2011). "An Introduction to Intel Flexible Port Partitioning Using
SRIOV Technology" (PDF). Intel. Retrieved September 24, 2015.
51. "NASA’s Flexible Cloud Fabric: Moving Cluster Applications to the Cloud" (PDF). Intel. Retrieved 20140108.
52. "Enhanced Networking in the AWS Cloud". Scalable Logic. 20131231. Retrieved 20140108.
53. "Enhanced Networking in the AWS Cloud Part 2". Scalable Logic. 20131231. Retrieved 20140108.
External links
Everything You Need to Know About the Intel Virtualization Technology (http://www.hardwaresecrets.com/
article/EverythingYouNeedtoKnowAbouttheIntelVirtualizationTechnology/263)
A special course at the University of San Francisco on Intel EM64T and VT Extensions (http://www.cs.usfc
a.edu/~cruse/cs686s07/) (2007)
2 day open source & open access class on writing a VTx VMM (http://opensecuritytraining.info/Advanced
X86VTX.html)
Retrieved from "https://en.wikipedia.org/w/index.php?title=X86_virtualization&oldid=726910265"
This page was last modified on 25 June 2016, at 07:28.
Text is available under the Creative Commons AttributionShareAlike License; additional terms may apply.
By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark
of the Wikimedia Foundation, Inc., a nonprofit organization.