Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

x86 virtualization

From Wikipedia, the free encyclopedia
(Redirected fromAMD-V)
Hardware-assisted virtualization on x86/x86-64 CPUs

x86 virtualization is the use ofhardware-assisted virtualization capabilities on anx86/x86-64CPU.

In the late 1990s x86 virtualization was achieved by complexsoftware techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonableperformance. In 2005 and 2006, bothIntel (VT-x) andAMD (AMD-V) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits.[1] Greater hardware support, which allowed substantial speed improvements, came with later processor models.

Software-based virtualization

[edit]

The following discussion focuses only on virtualization of the x86 architectureprotected mode.

In protected mode the operating system kernel runs at a higher privilege such asring 0, and applications at a lower privilege such as ring 3.[citation needed] In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited access to hardware, just like any other application of the host OS. One approach used in x86 software-based virtualization to overcome this limitation is calledring deprivileging, which involves running the guest OS at a ring higher (lesser privileged) than 0.[2]

Three techniques made virtualization of protected mode possible:

  • Binary translation is used to rewrite certain ring 0 instructions in terms of ring 3 instructions, such asPOPF, that would otherwise fail silently or behave differently when executed above ring 0,[3][4]: 3  making the classictrap-and-emulate virtualization impossible.[4]: 1 [5] To improve performance, the translatedbasic blocks need to be cached in a coherent way that detectscode patching (used inVxDs for instance), the reuse of pages by the guest OS, or evenself-modifying code.[6]
  • A number of key data structures used by a processor need to beshadowed. Because most operating systems usepaged virtual memory, and granting the guest OS direct access to theMMU would mean loss of control by thevirtualization manager, some of the work of the x86 MMU needs to be duplicated in software for the guest OS using a technique known asshadow page tables.[7]: 5 [4]: 2  This involves denying the guest OS any access to the actual page table entries by trapping access attempts and emulating them instead in software. The x86 architecture uses hidden state to storesegment descriptors in the processor, so once the segment descriptors have been loaded into the processor, the memory from which they have been loaded may be overwritten and there is no way to get the descriptors back from the processor.Shadow descriptor tables must therefore be used to track changes made to the descriptor tables by the guest OS.[5]
  • I/O device emulation: Unsupported devices on the guest OS must be emulated by adevice emulator that runs in the host OS.[8]

These techniques incur some performance overhead due to lack of MMU virtualization support, as compared to a VM running on a natively virtualizable architecture such as theIBM System/370.[4]: 10 [9]: 17 and 21 

On traditional mainframes, the classictype 1 hypervisor was self-standing and did not depend on any operating system or run any user applications itself. In contrast, the first x86 virtualization products were aimed at workstation computers, and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that ran under the host OS (type 2 hypervisor).[8]

There has been some controversy whether the x86 architecture with no hardware assistance is virtualizable as described byPopek and Goldberg.VMware researchers pointed out in a 2006ASPLOS paper that the above techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg, albeit not by the classic trap-and-emulate technique.[4]: 2–3 

A different route was taken by other systems likeDenali,L4, andXen, known asparavirtualization, which involvesporting operating systems to run on the resulting virtual machine, which does not implement the parts of the actual x86 instruction set that are hard to virtualize. The paravirtualized I/O has significant performance benefits as demonstrated in the originalSOSP'03 Xen paper.[10]

The initial version ofx86-64 (AMD64) did not allow for a software-only full virtualization due to the lack of segmentation support inlong mode, which made the protection of the hypervisor's memory impossible, in particular, the protection of the trap handler that runs in the guest kernel address space.[11][12]: 11 and 20  Revision D and later 64-bit AMD processors (as a rule of thumb, those manufactured in 90 nm or less) added basic support for segmentation in long mode, making it possible to run 64-bit guests in 64-bit hosts via binary translation. Intel did not add segmentation support to its x86-64 implementation (Intel 64), making 64-bit software-only virtualization impossible on Intel CPUs, but Intel VT-x support makes 64-bit hardware assisted virtualization possible on the Intel platform.[13][14]: 4 

On some platforms, it is possible to run a 64-bit guest on a 32-bit host OS if the underlying processor is 64-bit and supports the necessary virtualization extensions.

Hardware-assisted virtualization

[edit]
Main article:Hardware-assisted virtualization

In 2005 and 2006,Intel andAMD (working independently) created newprocessor extensions to the x86 architecture. The first generation of x86 hardware virtualization addressed the issue of privileged instructions. The issue of low performance of virtualized system memory was addressed withMMU virtualization that was added to the chipset later.

Central processing unit

[edit]

Virtual 8086 mode

[edit]
Main article:Virtual 8086 mode

Because theIntel 80286 could not run concurrent DOS applications well by itself in protected mode, Intel introduced thevirtual 8086 mode in their80386 chip, which offered virtualized 8086 processors on the 386 and later chips. Hardware support for virtualizing the protected mode itself, however, became available 20 years later.[15]

AMD virtualization (AMD-V)

[edit]
AMD Phenom die

AMD developed its first generation virtualization extensions under the code name "Pacifica", and initially published them as AMD Secure Virtual Machine (SVM),[16] but later marketed them under the trademarkAMD Virtualization, abbreviatedAMD-V.

On May 23, 2006, AMD released the Athlon 64 ("Orleans"), the Athlon 64 X2 ("Windsor") and the Athlon 64 FX ("Windsor") as the first AMD processors to support this technology.

AMD-V capability also features on theAthlon 64 andAthlon 64 X2 family of processors with revisions "F" or "G" onsocket AM2,Turion 64 X2, andOpteron 2nd generation[17] and third-generation,[18]Phenom andPhenom II processors. TheAPU Fusion processors support AMD-V. AMD-V is not supported by any Socket 939 processors. The onlySempron processors which support it are APUs andHuron,Regor,Sargas desktop CPUs.

AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and Phenom II CPUs, support a second generation hardware virtualization technology calledRapid Virtualization Indexing (formerly known as Nested Page Tables during its development), later adopted by Intel asExtended Page Tables (EPT).

As of 2019, allZen-based AMD processors support AMD-V.

TheCPU flag for AMD-V is "svm". This may be checked inBSD derivatives viadmesg orsysctl and inLinux via/proc/cpuinfo.[19] Instructions in AMD-V include VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, INVLPGA, SKINIT, and STGI.

With somemotherboards, users must enable AMD SVM feature in theBIOS setup before applications can make use of it.[20]

Intel virtualization (VT-x)

[edit]
"Intel VT-x" redirects here. For the Itanium virtualization extensions, seeIntel VT-i.
Intel Core i7 (Bloomfield) CPU

Previously codenamed "Vanderpool", VT-x represents Intel's technology for virtualization on the x86 platform. On November 14, 2005, Intel released two models ofPentium 4 (Model 662 and 672) as the first Intel processors to support VT-x. The CPU flag for VT-x capability is "vmx"; in Linux, this can be checked via/proc/cpuinfo, or inmacOS viasysctl machdep.cpu.features.[19][21][22]

"VMX" stands for Virtual Machine Extensions, which adds 13 new instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON, INVEPT, INVVPID, and VMFUNC.[23] These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.

As of 2015[update], almost all newer server, desktop and mobile Intel processors support VT-x, with some of theIntel Atom processors as the primary exception.[24] With somemotherboards, users must enable Intel's VT-x feature in theBIOS setup before applications can make use of it.[25]

Intel started to includeExtended Page Tables (EPT),[26] a technology for page-table virtualization,[27] since theNehalem architecture,[28][29] released in 2008. In 2010,Westmere added support for launching the logical processor directly inreal mode – a feature called "unrestricted guest", which requires EPT to work.[30][31]

Since theHaswell microarchitecture (announced in 2013), Intel started to includeVMCS shadowing as a technology that acceleratesnested virtualization of VMMs.[32]Thevirtual machine control structure (VMCS) is adata structure in memory that exists exactly once per VM, while it is managed by the VMM. With every change of the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the VM's virtual processor.[33] As soon as more than one VMM or nested VMMs are used, a problem appears in a way similar to what required shadow page table management to be invented, as describedabove. In such cases, VMCS needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there is no hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware support for VMCS shadowing.[34]

VIA virtualization (VIA VT)

[edit]

VIA Nano 3000 Series Processors and higher support VIA VT virtualization technology compatible with Intel VT-x.[35] EPT is present inZhaoxin ZX-C, a descendant ofVIA QuadCore-E &Eden X4 similar to NanoC4350AL.[36]

Interrupt virtualization (AMD AVIC and Intel APICv)

[edit]

In 2012, AMD announced theirAdvanced Virtual Interrupt Controller (AVIC) targeting interrupt overhead reduction in virtualization environments.[37] This technology, as announced, does not supportx2APIC.[38]In 2016, AVIC is available on the AMD family 15h models 6Xh(Carrizo) processors and newer.[39]

Also in 2012, Intel announced a similar technology for interrupt andAPIC virtualization, which did not have a brand name at its announcement time.[40]Later, it was branded asAPIC virtualization (APICv)[41]and it became commercially available in theIvy Bridge EP series of Intel CPUs, which is sold as Xeon E5-26xx v2 (launched in late 2013) and as Xeon E5-46xx v2 (launched in early 2014).[42]

Graphics processing unit

[edit]

Graphics virtualization is not part of the x86 architecture. IntelGraphics Virtualization Technology (GVT) provides graphics virtualization as part of more recent Gen graphics architectures. AlthoughAMD APUs implement thex86-64 instruction set, they implement AMD's own graphics architectures (TeraScale,GCN andRDNA) which do not support graphics virtualization.[citation needed]Larrabee was the only graphicsmicroarchitecture based on x86, but it likely did not include support for graphics virtualization.

Chipset

[edit]
Main article:I/O virtualization

Memory and I/O virtualization is performed by thechipset.[43] Typically these features must be enabled by the BIOS, which must be able to support them and also be set to use them.

I/O MMU virtualization (AMD-Vi and Intel VT-d)

[edit]
See also:Input–output memory management unit § Virtualization
ALinux kernel log showing AMD-Vi information

An input/output memory management unit (IOMMU) allows guestvirtual machines to directly useperipheral devices, such as Ethernet, accelerated graphics cards, and hard-drive controllers, throughDMA andinterrupt remapping. This is sometimes calledPCI passthrough.[44]

An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than the operating system's memory address space, by using memory address translation. At the same time, an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware fromcompromising memory security.

Both AMD and Intel have released their IOMMU specifications:

  • AMD's I/O Virtualization Technology, "AMD-Vi", originally called "IOMMU"[45]
  • Intel's "Virtualization Technology for Directed I/O" (VT-d),[46] included in most high-end (but not all) newer Intel processors since the Core 2 architecture.[47]

In addition to the CPU support, bothmotherboardchipset and system firmware (BIOS orUEFI) need to fully support the IOMMU I/O virtualization functionality for it to be usable. Only thePCI orPCI Express devices supportingfunction level reset (FLR) can be virtualized this way, as it is required for reassigning variousdevice functions between virtual machines.[48][49] If a device to be assigned does not supportMessage Signaled Interrupts (MSI), it must not shareinterrupt lines with other devices for the assignment to be possible.[50]Allconventional PCI devices routed behind a PCI/PCI-X-to-PCI Express bridge can be assigned to a guest virtual machine only all at once; PCI Express devices have no such restriction.

Network virtualization (VT-c)

[edit]
  • Intel's "Virtualization Technology for Connectivity" (VT-c).[51]
PCI-SIG Single Root I/O Virtualization (SR-IOV)
[edit]
Main article:Single-root input/output virtualization

PCI-SIG Single Root I/O Virtualization (SR-IOV) provides a set of general (non-x86 specific) I/O virtualization methods based onPCI Express (PCIe) native hardware, as standardized by PCI-SIG:[52]

  • Address translation services (ATS) supports native IOV across PCI Express via address translation. It requires support for new transactions to configure such translations.
  • Single-root IOV (SR-IOV or SRIOV) supports native IOV in existing single-root complex PCI Express topologies. It requires support for new device capabilities to configure multiple virtualized configuration spaces.[53]
  • Multi-root IOV (MR-IOV) supports native IOV in new topologies (for example, blade servers) by building on SR-IOV to provide multiple root complexes which share a common PCI Express hierarchy.

In SR-IOV, the most common of these, a host VMM configures supported devices to create and allocate virtual "shadows" of their configuration spaces so that virtual machine guests can directly configure and access such "shadow" device resources.[54] With SR-IOV enabled, virtualized network interfaces are directly accessible to the guests,[55]avoiding involvement of the VMM and resulting in high overall performance;[53] for example, SR-IOV achieves over 95% of thebare metal network bandwidth inNASA's virtualized datacenter[56] and in theAmazon Public Cloud.[57][58]

See also

[edit]

References

[edit]
  1. ^A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams and Ole Agesen, VMware, ASPLOS’06 October 21–25, 2006, San Jose, California, USAArchived 2022-10-24 at theWayback Machine "Surprisingly, we find that the first-generation hardware support rarely offers performance advantages over existing software techniques. We ascribe this situation to high VMM/guest transition costs and a rigid programming model that leaves little room for software flexibility in managing either the frequency or cost of these transitions."
  2. ^"Intel Virtualization Technology Processor Virtualization Extensions and Intel Trusted execution Technology"(PDF). Intel.com. 2007.Archived(PDF) from the original on 2015-05-21. Retrieved2016-12-12.
  3. ^"USENIX Technical Program - Abstract - Security Symposium - 2000". Usenix.org. 2002-01-29.Archived from the original on 2010-06-10. Retrieved2010-05-02.
  4. ^abcde"A Comparison of Software and Hardware Techniques for x86 Virtualization"(PDF). VMware.Archived(PDF) from the original on 20 August 2010. Retrieved8 September 2010.
  5. ^abU.S. patent 6,397,242
  6. ^U.S. patent 6,704,925
  7. ^"Virtualization: architectural considerations and other evaluation criteria"(PDF). VMware.Archived(PDF) from the original on 6 February 2011. Retrieved8 September 2010.
  8. ^abU.S. patent 6,496,847
  9. ^"VMware and Hardware Assist Technology"(PDF).Archived(PDF) from the original on 2011-07-17. Retrieved2010-09-08.
  10. ^"Xen and the Art of Virtualization"(PDF).Archived(PDF) from the original on 2014-09-29.
  11. ^"How retiring segmentation in AMD64 long mode broke VMware". Pagetable.com. 2006-11-09.Archived from the original on 2011-07-18. Retrieved2010-05-02.
  12. ^"VMware and CPU Virtualization Technology"(PDF). VMware.Archived(PDF) from the original on 2011-07-17. Retrieved2010-09-08.
  13. ^"VMware KB: Hardware and firmware requirements for 64bit guest operating systems". Kb.vmware.com.Archived from the original on 2010-04-19. Retrieved2010-05-02.
  14. ^"Software and Hardware Techniques for x86 Virtualization"(PDF). Archived fromthe original(PDF) on 2010-01-05. Retrieved2010-05-02.
  15. ^Yager, Tom (2004-11-05)."Sending software to do hardware's job | Hardware - InfoWorld". Images.infoworld.com.Archived from the original on 2014-10-18. Retrieved2014-01-08.
  16. ^"33047_SecureVirtualMachineManual_3-0.book"(PDF).Archived(PDF) from the original on 2012-03-05. Retrieved2010-05-02.
  17. ^"What are the main differences between Second-Generation AMD Opteron processors and first-generation AMD Opteron processors?".amd.com. Archived fromthe original on April 15, 2009. Retrieved2012-02-04.
  18. ^"What virtualization enhancements do Quad-Core AMD Opteron processors feature?".amd.com. Archived fromthe original on April 16, 2009. Retrieved2012-02-04.
  19. ^abTo see if your processor supports hardware virtualizationArchived 2012-11-25 at theWayback Machine Intel 2012.
  20. ^"How to enable Intel VTx and AMD SVM?".Support. QNAP Systems, Inc. Archived fromthe original on 2018-03-07. Retrieved2020-12-23.
  21. ^https://www.cpu-world.com/CPUs/Pentium_4/Intel-Pentium%204%20662%203.6%20GHz%20-%20HH80547PG1042MH.html
  22. ^https://www.cpu-world.com/CPUs/Pentium_4/Intel-Pentium%204%20672%203.8%20GHz%20-%20HH80547PG1122MH.html
  23. ^INTEL (October 2019)."Intel® 64 and IA-32 Architectures Software Developer's Manual".intel.com. Intel Corporation. Retrieved2020-01-04.
  24. ^"Intel Virtualization Technology List". Ark.intel.com.Archived from the original on 2010-10-27. Retrieved2010-05-02.
  25. ^"Windows Virtual PC: Configure BIOS". Microsoft. Archived fromthe original on 2010-09-06. Retrieved2010-09-08.
  26. ^Neiger, Gil; A. Santoni; F. Leung; D. Rodgers; R. Uhlig (2006)."Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization"(PDF).Intel Technology Journal.10 (3). Intel:167–178.doi:10.1535/itj.1003.01. Archived fromthe original(PDF) on 2012-09-25. Retrieved2008-07-06.
  27. ^Gillespie, Matt (2007-11-12)."Best Practices for Paravirtualization Enhancements from Intel Virtualization Technology: EPT and VT-d".Intel Software Network. Intel.Archived from the original on 2008-12-26. Retrieved2008-07-06.
  28. ^"First the Tick, Now the Tock: Next Generation Intel Microarchitecture (Nehalem)"(PDF) (Press release). Intel.Archived(PDF) from the original on 2009-01-26. Retrieved2008-07-06.
  29. ^"Technology Brief: Intel Microarchitecture Nehalem Virtualization Technology"(PDF). Intel. 2009-03-25.Archived(PDF) from the original on 2011-06-07. Retrieved2009-11-03.
  30. ^[1] "Intel added unrestricted guest mode on Westmere micro-architecture and later Intel CPUs, it uses EPT to translate guest physical address access to host physical address. With this mode, VMEnter without enable paging is allowed."
  31. ^[2] "If the “unrestricted guest” VM-execution control is 1, the “enable EPT” VM-execution control must also be 1"
  32. ^"4th-Gen Intel Core vPro Processors with Intel VMCS Shadowing"(PDF).Intel. 2013. Retrieved2014-12-16.
  33. ^Understanding Intel Virtualization Technology (VT).Archived September 8, 2014, at theWayback Machine Retrieved 2014-09-01
  34. ^The 'what, where and why' of VMCS shadowing.Archived 2014-09-03 at theWayback Machine Retrieved 2014-09-01
  35. ^VIA Introduces New VIA Nano 3000 Series ProcessorsArchived January 22, 2013, at theWayback Machine
  36. ^"Notebook Solution: Kaixian ZX-C Processor + VX11PH Chipset"(PDF).
  37. ^Wei Huang,Introduction of AMD Advanced Virtual Interrupt ControllerArchived 2014-07-14 at theWayback Machine, XenSummit 2012
  38. ^Jörg Rödel (August 2012)."Next-generation Interrupt Virtualization for KVM"(PDF). AMD.Archived(PDF) from the original on 2016-03-04. Retrieved2014-07-12.
  39. ^"[Xen-devel] [RFC PATCH 0/9] Introduce AMD SVM AVIC".www.mail-archive.com.Archived from the original on 2 February 2017. Retrieved4 May 2018.
  40. ^Jun Nakajimaa (2012-12-13)."Reviewing Unused and New Features for Interrupt/APIC Virtualization"(PDF). Intel.Archived(PDF) from the original on 2015-04-21. Retrieved2014-07-12.
  41. ^Khang Nguyen (2013-12-17)."APIC Virtualization Performance Testing and Iozone".software.intel.com.Archived from the original on 2014-07-14. Retrieved2014-07-12.
  42. ^"Product Brief Intel Xeon Processor E5-4600 v2 Product Family"(PDF). Intel. 2014-03-14.Archived(PDF) from the original on 2014-07-14. Retrieved2014-07-12.
  43. ^"Intel platform hardware support for I/O virtualization". Intel.com. 2006-08-10.Archived from the original on 2007-01-20. Retrieved2012-02-04.
  44. ^"Linux virtualization and PCI passthrough". IBM. Archived fromthe original on 1 November 2009. Retrieved10 November 2010.
  45. ^"AMD I/O Virtualization Technology (IOMMU) Specification Revision 1.26"(PDF).Archived(PDF) from the original on 2011-01-24. Retrieved2011-05-24.
  46. ^"Intel Virtualization Technology for Directed I/O (VT-d) Architecture Specification". Archived fromthe original on 2013-04-03. Retrieved2012-02-04.
  47. ^"Intel Virtualization Technology for Directed I/O (VT-d) Supported CPU List". Ark.intel.com. Archived fromthe original on 2010-10-27. Retrieved2012-02-04.
  48. ^"PCI-SIG Engineering Change Notice: Function Level Reset (FLR)"(PDF).pcisig.com. 2006-06-27.Archived(PDF) from the original on 2016-03-04. Retrieved2014-01-10.
  49. ^"Xen VT-d".xen.org. 2013-06-06.Archived from the original on 2014-02-09. Retrieved2014-01-10.
  50. ^"How to assign devices with VT-d in KVM".linux-kvm.org. 2014-04-23.Archived from the original on 2015-03-10. Retrieved2015-03-05.
  51. ^"Intel Virtualization Technology for Connectivity (VT-c)"(PDF). Intel.com.Archived(PDF) from the original on 2016-02-22. Retrieved2018-02-14.
  52. ^"PCI-SIG I/O Virtualization (IOV) Specifications". Pcisig.com. 2011-03-31. Archived fromthe original on 2012-01-15. Retrieved2012-02-04.
  53. ^ab"Intel Look Inside: Intel Ethernet"(PDF).Intel. November 27, 2014. p. 104. Archived fromthe original(PDF) on March 4, 2016. RetrievedMarch 26, 2015.
  54. ^Yaozu Dong; Zhao Yu; Greg Rose (2008)."SR-IOV Networking in Xen: Architecture, Design and Implementation".usenix.org.USENIX.Archived from the original on 2014-01-09. Retrieved2014-01-10.
  55. ^Patrick Kutch; Brian Johnson; Greg Rose (September 2011)."An Introduction to Intel Flexible Port Partitioning Using SR-IOV Technology"(PDF).Intel. Archived fromthe original(PDF) on August 7, 2015. RetrievedSeptember 24, 2015.
  56. ^"NASA's Flexible Cloud Fabric: Moving Cluster Applications to the Cloud"(PDF).Intel. Archived fromthe original(PDF) on 2012-12-22. Retrieved2014-01-08.
  57. ^"Enhanced Networking in the AWS Cloud". Scalable Logic. 2013-12-31.Archived from the original on 2014-01-09. Retrieved2014-01-08.
  58. ^"Enhanced Networking in the AWS Cloud - Part 2". Scalable Logic. 2013-12-31.Archived from the original on 2014-01-10. Retrieved2014-01-08.

External links

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=X86_virtualization&oldid=1275849428#AMD_virtualization_(AMD-V)"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp