Quartz 4

Hardware-Assisted Virtualization

3 min read

Hardware-assisted virtualization refers to virtualization techniques that leverage special processor features designed specifically to support virtual machines. These hardware extensions were introduced to overcome the limitations of x86 architecture that made it difficult to efficiently virtualize according to Popek and Goldberg’s Theorem.

Background

The classic x86 architecture contained about 17 “critical instructions” (sensitive but not privileged) that prevented efficient virtualization. To address this issue, both Intel and AMD independently developed hardware virtualization extensions:

  • Intel VT-x (Intel Virtualization Technology for x86)
  • AMD-V (AMD Virtualization)

These technologies were introduced in 2005-2006 and have since evolved to include more advanced features.

IA-32:

Core Concepts

CPU Virtualization Extensions

The primary innovation in hardware-assisted virtualization is the introduction of new CPU modes:

  • Root Mode: Where the VMM/hypervisor runs
  • Non-root Mode: Where guest OSes run (called “guest mode”)

This creates a higher privilege level for the hypervisor than even Ring 0, allowing guest OSes to run in their expected privilege rings while still being controlled by the hypervisor.

The transitions between these modes are:

  • VM Entry: Transition from root mode to non-root mode
  • VM Exit: Transition from non-root mode to root mode

VMM Control Structures

The CPU maintains control structures for each virtual machine:

  • Intel VMCS (Virtual Machine Control Structure)
  • AMD VMCB (Virtual Machine Control Block)

These structures contain:

  • Guest state (register values, control registers, etc.)
  • Host state (to be restored on VM Exit)
  • Execution controls (what events cause VM Exits)
  • Exit information (why a VM Exit occurred)

Key Mechanisms

  1. Control Registers:

    • Special CPU registers that determine VM Exit conditions
    • Allow fine-grained control over which events trap to the hypervisor

  2. Extended Page Tables / Nested Page Tables:

    • Intel EPT / AMD NPT
    • Hardware support for two-level address translation
    • Eliminates shadow page table overhead

  3. Tagged TLBs:

    • Associate TLB entries with specific address spaces
    • Avoid TLB flushes on context switches between VMs

  4. IOMMU (I/O Memory Management Unit):

    • Intel VT-d / AMD-Vi
    • Provides DMA remapping and interrupt remapping
    • Enables safe direct device assignment to VMs

Memory Virtualization Extensions

One significant advancement in hardware-assisted virtualization is the support for nested paging:

Extended Page Tables (EPT) / Nested Page Tables (NPT)

  • Hardware manages two levels of address translation:
    • Guest Virtual Address → Guest Physical Address
    • Guest Physical Address → Host Physical Address
  • Translation performed in hardware rather than software
  • Significantly reduces VMM interventions for memory operations
  • Eliminates the need for shadow page tables

I/O Virtualization Extensions

Hardware-assisted I/O virtualization focuses on enabling direct device assignment:

IOMMU (I/O Memory Management Unit)

  • Allows VMs to directly access hardware devices
  • Provides memory protection from DMA operations
  • Handles interrupt routing to appropriate VMs
  • Enables SR-IOV (Single Root I/O Virtualization)

Performance Benefits

Hardware-assisted virtualization offers several performance advantages:

  1. Reduced VMM intervention:

    • Critical instructions automatically trap to the hypervisor
    • No need for binary translation

  2. Efficient memory management:

    • Hardware-accelerated address translation
    • No overhead of shadow page tables

  3. Direct I/O access:

    • Near-native I/O performance
    • Reduced overhead for I/O-intensive workloads

  4. Lower context switching cost:

    • Hardware-assisted state transitions between host and guest

Examples of Hardware-Assisted Virtualization

Several hypervisors leverage these hardware extensions:

  • KVM (Kernel-based Virtual Machine)
  • Microsoft Hyper-V
  • VMware ESXi (in addition to other techniques)
  • Xen (when running unmodified guests)

Advantages and Disadvantages

Advantages

  • Unmodified guest OSes can run efficiently
  • Significantly better performance than pure software virtualization
  • Near-native performance for many workloads
  • Simplified hypervisor implementation

Disadvantages

  • Requires specific hardware support
  • Different implementations between CPU vendors
  • Older hardware lacks these extensions
  • Still some overhead compared to native execution

Graph View

Backlinks