Virtualization techniques used for CPU, memory, and I/O devices

Virtualization allows multiple virtual machines (VMs) to run simultaneously on a single physical machine by sharing CPU, memory, and I/O resources. To enable this, virtualization mechanisms must be implemented in the CPU, memory management unit (MMU), and I/O subsystems.

Hardware Support for Virtualization

Modern processors like Intel VT-x and AMD-V support hardware-assisted virtualization. These enable the VMM (Virtual Machine Monitor) to run in a higher privilege mode, allowing guest OSes to run unmodified.

  • Processors have at least two modes:
    User mode (unprivileged)
    Supervisor mode (privileged)
  • Sensitive instructions (like controlling devices or changing configurations) are trapped and handled by the VMM, ensuring system stability.

Example:
➤ Intel and AMD support hardware virtualization for x86/x86-64 systems.
➤ Tools: VMware Workstation, Xen, and KVM support this with technologies like VirtIO (paravirtualized devices).

CPU Virtualization

CPU virtualization enables multiple VMs to share the same physical CPU safely and efficiently.

Types of CPU Instructions:

  1. Privileged Instructions – Execute only in supervisor mode.
  2. Control-Sensitive Instructions – Modify system configurations.
  3. Behavior-Sensitive Instructions – Depend on current state/config.

Execution Flow:

  • Non-critical (user-level) instructions run directly on the CPU.
  • Critical instructions are trapped and emulated by the VMM.

Virtualization Challenge on x86 CPUs:

  • Some instructions (like SGDT, SMSW) are sensitive but unprivileged and can bypass the VMM, making x86 not fully virtualizable.

Hardware-Assisted CPU Virtualization

Intel and AMD introduced Ring -1 (privilege mode) to place the hypervisor below the OS.

  • OS continues to run in Ring 0 (supervisor)
  • Hypervisor traps all sensitive instructions at Ring -1

This removes the need for binary translation and supports unmodified OSes.

Memory Virtualization

Memory virtualization maps the virtual memory used by the guest OS to the actual machine memory.

Two-Level Address Mapping:

  1. Guest OS: Maps virtual memory ➝ physical memory
  2. VMM: Maps guest physical memory ➝ machine memory

This is called two-stage address translation, as shown below.

Shadow Page Tables:

  • Maintained by VMM to reflect guest’s page tables
  • High memory usage and overhead

Nested Paging (AMD Barcelona):

  • Hardware feature that assists the VMM by handling the two-level mapping, improving performance

I/O Virtualization

I/O virtualization enables multiple VMs to share physical I/O devices like disk, NIC, etc.

Three Methods:

  1. Full Device Emulation
    • Emulates real devices via software in VMM
    • Slow but widely compatible
  2. Paravirtualization (Split Driver Model)
    • Frontend driver in Domain U
    • Backend driver in Domain 0
    • Communicate using shared memory
    • Used in Xen
    • Better performance than full emulation
  3. Direct I/O Virtualization
    • VMs directly access I/O devices
    • High speed, but complex and risky (e.g., DMA issues)

Hardware-Assisted I/O Virtualization:

  • Intel VT-d remaps DMA and interrupts for each VM
  • Supports unmodified and virtualization-aware OSes

Self-Virtualized I/O (SV-IO):

  • Uses multi-core CPUs to virtualize I/O logic
  • Offers APIs for VM interaction
  • Defines VIFs (Virtual Interfaces) per device type
    ➤ Each VIF has message queues and unique IDs

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *