Hardware Reference
In-Depth Information
virtualization gives system administrators the ability to place multiple virtual
machines on the same physical server and to move running virtual machines be-
tween servers to better distribute the total load. Virtual machines also give server
administrators fine-grained control over I/O device access. For example, the band-
width of a virtualized network port could be partitioned based on users' service
levels. For individual users, virtualization offers the ability to run multiple operat-
ing systems simultaneously.
To implement virtualization in hardware, all instructions in the architecture
must only access the resources of the current virtual machine. For most instruc-
tions, this is a trivial requirement. For example, arithmetic instruction need only
access the register file, which can be virtualized by copying a virtual machine's
registers into the host processor register file at virtual machine context switches.
Virtualizing memory access instructions (e.g., loads and stores) is slightly
more challenging, as these instructions must only access physical memory allo-
cated to the currently executing virtual machine. Typically, a processor supporting
hardware virtualization will provide an additional page-mapping facility that maps
virtual machine physical memory pages to host machine physical memory pages.
Finally, I/O instructions (including memory-mapped I/O) must not directly access
physical I/O devices, since many virtualization policies partition access to I/O de-
vices. This fine-grained I/O control is typically implemented with interrupts to the
hypervisor any time a virtual machine attempts to access an I/O device. The hyper-
visor can then implement the I/O resource access policy of its own choosing. Typi-
cally, some set of I/O devices is supported and the operating systems running in the
virtual machines, called
guest operating systems
are expected to use these sup-
ported devices.
Hardware virtualization on the Core i7 is supported by the virtual machine ex-
tensions (VMX), a combination of instruction, memory, and interrupt extensions
that allow the efficient management of virtual machines. With VMX, memory vir-
tualization is implemented with the
EPT
(
Extended Page Table
) system that is
enabled with hardware virtualization. The EPT translates virtual machine physical
page addresses to host physical addresses. The EPT implements this mapping with
an additional multilevel page table structure that is traversed during a virtual ma-
chine TLB miss. The hypervisor maintains this table, and in doing so it can imple-
ment any physical memory sharing policy desired.
Virtualization of I/O operations, for both memory-mapped I/O and I/O instruc-
tions, is implemented through extended interrupt support defined in the
VMCS
(
Virtual-Machine Control Structure
) A hypervisor interrupt is invoked anytime a
virtual machine accesses an I/O device. Once the interrupt is received by the hyper-
visor, it can implement the I/O operation in software using the policies necessary
to allow sharing of the I/O device among virtual machines.
