2

I am still confused regarding the mechanisms of virtualisation.

I understand why the x86 architecture is/was not by itself virtualisable and why other architectures are (and why the 68k architecture was except for the MC68000 itself etc.).

And then I read about Intel VT-x and AMD V which add virtualisation capabilities to x86.

However, the virtualised CPU appears to be a different CPU than the physical CPU; namely the physical CPU has VT-x while the virtual CPU does not.

While this is not a practical problem (no operating system one typically wants to run in a VM requires VT-x), it does make me wonder whether this constitutes real virtualisation.

The 80386 already had the ability to virtualise a CPU with fewer features than the 80386 itself, the virtual x86 mode. Is VT-x just another layer like that (ring -1, I suppose) or is it real virtualisation?

(What will happen if one wants to virtualise systems that use VT-x? Shouldn't true virtualisation allow for unlimited levels of virtualisation?)

Sorry for a dumb question. Or rather, sorry for a theoretical rather than practical question.

Update: I did this graphic to try to understand this all better:

http://www.netneurotic.net/bin/VMM.png

user9517
  • 114,104
  • 20
  • 206
  • 289
Andrew J. Brehm
  • 1,611
  • 7
  • 34
  • 57
  • Very interesting topic. And it seems like an answerable question, though it may require some more precise definition of terms like "real virtualization" - or maybe what advantages/benefits you would expect to see from real vs. fake/simulated virtualization? – Kara Marfia Jun 23 '09 at 15:27
  • By "real virtualisation" I mean a situation where the virtualised CPU is identical to the physical CPU. I am just trying to understand this. – Andrew J. Brehm Jun 23 '09 at 15:50
  • Note that one reason for a host system in Xen and Hyper-V is so that the host system's native drivers can be accessed by guests that know how to access them (and also to help the Hypervisor drive the system). At least this is what I read somewhere. – Andrew J. Brehm Jun 23 '09 at 16:17

3 Answers3

5

I understand why the x86 architecture is/was not by itself virtualisable.

That is not true at all. It is virtualisable via Binary translation or more commonly referred as Full virtualisation. You emulate every component of a traditionnal computer with a piece of software sitting on top of an OS.

And then I read about Intel VT-x and AMD V which add virtualisation capabilities to x86.

To be more correct, it adds extra virtualisation capabilities. To be precise, it adds processor extensions that allow processing of virtualisation queries faster. It also adds a -1 ring for 64-bits processor since the number of rings went down to 2 with AMD64.

You can virtualize on x86 using "Full virtualisation" (Virtual PC, VirtualBox) or Paravirtualisation (Xen, Hyper-V). The Intel VT/AMD-V allows you to accelerate virtualisation and do "Hardware Assisted Virtualisation".

I don't know what you mean by real virtualisation... any type of virtualisation is real, they enable you to have more then one OS on a single computer. That's what virtualisation is about.

I hope this was clear. Do not hesitate to comment if you want more info.

Edit : If you really want to know a lot more about this, get this book. It taught me everything.

Antoine Benkemoun
  • 7,314
  • 3
  • 41
  • 60
4

Can you explain how exactly Intel VT/AMD-V speeds up virtualisation?

They make the job of the hypervisor easier, by implementing on CPU techniques VMWare et. al. had to do in their binary translation software. For more details about this, Intel has some nice pages:

http://www.intel.com/technology/itj/2006/v10i3/1-hardware/6-vt-x-vt-i-solutions.htm

There are a couple of areas where it makes it easier. Per the above:

  • Address translation The memory space table presented to the operating system had to be artificially segmented on non-VT CPU's. which was done in software. The extensions allow the CPU to directly virtualize the memory space of a VM-guest by allowing multiple linear address spaces. Before these extensions, this was handled at the binary translation layer.
  • CPU privilege levels The extensions allow guests to actually run their code at the correct ring-layer. Before the extensions, code intending to be run in Ring 0 was actually run in Ring 1 or 3 with the fakery provided by the software binary translation layer. The extensions allow guests to run their code actually at their correct Ring level, while providing safe-guards about breaking out of their VM.
  • Interrupt virtualization By allowing VM-guests to handle their own interrupts, it allows the Hypervisor to not get involved with every single interrupt. This makes guests run faster.

These three things greatly simplify writing a hypervisor, and why the likes of KVM and Xen only supported 'full' virtualization on VT processors at first.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
0

VT-x and Pacifica accelerates virtualization. Emulated acceleration is an exercise in futility.

VT-x actually gives you some more functionality as well. VMware ESX cannot virtualize 64-bit guests without VT-x since EM64T/Intel64 does not support segmented memory which was necessary for VMware's binary translation. AMD64 Does support segmentation except in Opteron Rev C processors. AMD realized a mistake and fixed it while Intel chose not to.

shodanshok
  • 44,038
  • 6
  • 98
  • 162
Hans Malherbe
  • 725
  • 2
  • 9
  • 11