Hardware Reference
In-Depth Information
FIGURE 2.28
Summary of 18 80x86 instructions that cause problems for virtualization
[
Robin and Irvine 2000
]
. The first five instructions of the top group allow a program in user
mode to read a control register, such as a descriptor table register, without causing a trap. The
pop flags instruction modifies a control register with sensitive information but fails silently
when in user mode. The protection checking of the segmented architecture of the 80x86 is the
downfall of the bottom group, as each of these instructions checks the privilege level implicitly
as part of instruction execution when reading a control register. The checking assumes that
the OS must be at the highest privilege level, which is not the case for guest VMs. Only the
MOVE
to segment register tries to modify control state, and protection checking foils it as well.
Virtual memory is also challenging. Because the 80x86 TLBs do not support process ID tags,
as do most RISC architectures, it is more expensive for the VMM and guest OSes to share the
TLB; each address space change typically requires a TLB lush.
Virtualizing I/O is also a challenge for the 80x86, in part because it both supports memory-
mapped I/O and has separate I/O instructions, but more importantly because there are a very
large number and variety of types of devices and device drivers of PCs for the VMM to handle.
Third-party vendors supply their own drivers, and they may not properly virtualize. One
solution for conventional VM implementations is to load real device drivers directly into the
VMM.
To simplify implementations of VMMs on the 80x86, both AMD and Intel have proposed
extensions to the architecture. Intel's VT-x provides a new execution mode for running VMs,
a architected definition of the VM state, instructions to swap VMs rapidly, and a large set
of parameters to select the circumstances where a VMM must be invoked. Altogether, VT-x
adds 11 new instructions for the 80x86. AMD's Secure Virtual Machine (SVM) provides simil-
ar functionality.
After turning on the mode that enables VT-x support (via the new
VMXON
instruction), VT-x of-
fers four privilege levels for the guest OS that are lower in priority than the original four (and
ix issues like the problem with the
POPF
instruction mentioned earlier). VT-x captures all the
states of a Virtual Machine in the Virtual Machine Control State (VMCS), and then provides
Search WWH ::
Custom Search