Misplaced Pages

VMX

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.

#358641

44-640: VMX may refer to: Computing [ edit ] Virtual Machine Extensions, instructions on processors with x86 virtualization AltiVec , a floating point and integer SIMD instruction set called VMX by IBM vMX 3D, an Ethernet router in the Juniper MX-Series by Juniper Networks .vmx, a filename extension for virtual machine configuration files used by VMware Other uses [ edit ] Vintage motocross VMX (TalkTalk) , an on-demand music television service VMX (Voice Message Exchange),

88-618: A voicemail company VMX (streaming service) , also known as Vivamax, an online streaming service in the Philippines Topics referred to by the same term [REDACTED] This disambiguation page lists articles associated with the title VMX . If an internal link led you here, you may wish to change the link to point directly to the intended article. Retrieved from " https://en.wikipedia.org/w/index.php?title=VMX&oldid=1253383653 " Category : Disambiguation pages Hidden categories: Short description

132-461: A VMM it is sufficient that all instructions that could affect the correct functioning of the VMM (sensitive instructions) always trap and pass control to the VMM. This guarantees the resource control property. Non-privileged instructions must instead be executed natively (i.e., efficiently). The holding of the equivalence property also follows. This theorem also provides a simple technique for implementing

176-438: A VMM, called trap-and-emulate virtualization , more recently called classic virtualization : because all sensitive instructions behave nicely, all the VMM has to do is trap and emulate every one of the sensitive instructions. A related problem is that of deriving sufficient conditions for recursive virtualization, that is, the conditions under which a VMM that can run on a copy of itself can be built. Popek and Goldberg present

220-414: A classification of some instructions of an ISA into 3 different groups: The main result of Popek and Goldberg's analysis can then be expressed as follows. Theorem 1 . For any conventional third-generation computer , an effective VMM may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. Intuitively, the theorem states that to build

264-447: A processor that operates in either system or user mode, and has access to linear, uniformly addressable memory. It is assumed that a subset of the instruction set is available only when in system mode and that memory is addressed relative to a relocation register. I/O and interrupts are not modelled. To derive their virtualization theorems, which give sufficient (but not necessary) conditions for virtualization, Popek and Goldberg introduce

308-604: A technology for page-table virtualization, since the Nehalem architecture, released in 2008. In 2010, Westmere added support for launching the logical processor directly in real mode  – a feature called "unrestricted guest", which requires EPT to work. Since the Haswell microarchitecture (announced in 2013), Intel started to include VMCS shadowing as a technology that accelerates nested virtualization of VMMs. The virtual machine control structure (VMCS)

352-861: A theorem with different sufficiency conditions. Theorem 3 . A hybrid VMM may be constructed for any third generation machine in which the set of user sensitive instructions are a subset of the set of privileged instructions: The conditions for ISA virtualization expressed in Theorem 1 may be relaxed at the expense of the efficiency property. VMMs for non-virtualizable ISAs (in the Popek and Goldberg's sense) have routinely been built. The virtualization of such architectures requires correct handling of critical instructions , i.e., sensitive but unprivileged instructions. One approach, known as patching , adopts techniques commonly used in dynamic recompilation : critical instructions are discovered at run-time and replaced with

396-402: A trap into the VMM. Various mechanisms, such as the caching of emulation code or hardware assists , have been proposed to make the patching process more efficient. A different approach is that of paravirtualization , which requires guest operating systems to be modified ( ported ) before running in the virtual environment. This section presents some relevant architectures and how they relate to

440-585: A virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected. As of 2015 , almost all newer server, desktop and mobile Intel processors support VT-x, with some of the Intel Atom processors as the primary exception. With some motherboards , users must enable Intel's VT-x feature in the BIOS setup before applications can make use of it. Intel started to include Extended Page Tables (EPT),

484-578: Is "svm". This may be checked in BSD derivatives via dmesg or sysctl and in Linux via /proc/ cpuinfo . Instructions in AMD-V include VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, INVLPGA, SKINIT, and STGI. With some motherboards , users must enable AMD SVM feature in the BIOS setup before applications can make use of it. Previously codenamed "Vanderpool", VT-x represents Intel's technology for virtualization on

SECTION 10

#1732783819359

528-655: Is a data structure in memory that exists exactly once per VM, while it is managed by the VMM. With every change of the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the VM's virtual processor. As soon as more than one VMM or nested VMMs are used, a problem appears in a way similar to what required shadow page table management to be invented, as described above . In such cases, VMCS needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there

572-615: Is available on the AMD family 15h models 6Xh (Carrizo) processors and newer. Also in 2012, Intel announced a similar technology for interrupt and APIC virtualization, which did not have a brand name at its announcement time. Later, it was branded as APIC virtualization ( APICv ) and it became commercially available in the Ivy Bridge EP series of Intel CPUs, which is sold as Xeon E5-26xx v2 (launched in late 2013) and as Xeon E5-46xx v2 (launched in early 2014). Graphics virtualization

616-469: Is called ring deprivileging , which involves running the guest OS at a ring higher (lesser privileged) than 0. Three techniques made virtualization of protected mode possible: These techniques incur some performance overhead due to lack of MMU virtualization support, as compared to a VM running on a natively virtualizable architecture such as the IBM System/370 . On traditional mainframes,

660-710: Is different from Wikidata All article disambiguation pages All disambiguation pages X86 virtualization In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both Intel ( VT-x ) and AMD ( AMD-V ) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits. Greater hardware support, which allowed substantial speed improvements, came with later processor models. The following discussion focuses only on virtualization of

704-654: Is no hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware support for VMCS shadowing. VIA Nano 3000 Series Processors and higher support VIA VT virtualization technology compatible with Intel VT-x. EPT is present in Zhaoxin ZX-C, a descendant of VIA QuadCore-E & Eden X4 similar to Nano C4350AL . In 2012, AMD announced their Advanced Virtual Interrupt Controller ( AVIC ) targeting interrupt overhead reduction in virtualization environments. This technology, as announced, does not support x2APIC . In 2016, AVIC

748-522: Is not part of the x86 architecture. Intel Graphics Virtualization Technology (GVT) provides graphics virtualization as part of more recent Gen graphics architectures. Although AMD APUs implement the x86-64 instruction set, they implement AMD's own graphics architectures ( TeraScale , GCN and RDNA ) which do not support graphics virtualization. Larrabee was the only graphics microarchitecture based on x86, but it likely did not include support for graphics virtualization. Memory and I/O virtualization

792-594: Is not supported by any Socket 939 processors. The only Sempron processors which support it are APUs and Huron , Regor , Sargas desktop CPUs. AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and Phenom II CPUs, support a second generation hardware virtualization technology called Rapid Virtualization Indexing (formerly known as Nested Page Tables during its development), later adopted by Intel as Extended Page Tables (EPT). As of 2019, all Zen -based AMD processors support AMD-V. The CPU flag for AMD-V

836-659: Is performed by the chipset . Typically these features must be enabled by the BIOS, which must be able to support them and also be set to use them. An input/output memory management unit (IOMMU) allows guest virtual machines to directly use peripheral devices, such as Ethernet, accelerated graphics cards, and hard-drive controllers, through DMA and interrupt remapping. This is sometimes called PCI passthrough . An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than

880-535: Is sensitive because it allows access to the entire status register, which includes not only the condition codes but also the user/supervisor bit, interrupt level, and trace control. In most later family members, starting with the MC68010 , the MOVE from SR instruction was made privileged, and a new MOVE from CCR instruction was provided to allow access to the condition code register only. The IA-32 instruction set of

924-440: Is the piece of software that provides the abstraction of a virtual machine. There are three properties of interest when analyzing the environment created by a VMM: In the terminology of Popek and Goldberg, a VMM must present all three properties. In the terminology used in the reference book of Smith and Nair (2005), VMMs are typically assumed to satisfy the equivalence and resource control properties, and those additionally meeting

SECTION 20

#1732783819359

968-459: Is virtualizable as described by Popek and Goldberg . VMware researchers pointed out in a 2006 ASPLOS paper that the above techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg, albeit not by the classic trap-and-emulate technique. A different route was taken by other systems like Denali , L4 , and Xen , known as paravirtualization , which involves porting operating systems to run on

1012-489: Is what distinguishes a VMM from the more general class of hardware emulation software. Unfortunately, even on an architecture that meets Popek and Goldberg's requirements, the performance of a virtual machine can differ significantly from the actual hardware. Early experiments performed on the System/370 (which meets the formal requirements of Theorem 1) showed that performance of a virtual machine could be as low as 21% of

1056-594: The Pentium processor contains 18 sensitive, unprivileged instructions. They can be categorized in two groups: The introduction of the AMD-V and Intel VT-x instruction sets in 2005 allows x86 processors to meet the Popek and Goldberg virtualization requirements. The effort needed to support virtualization on the IA-64 architecture is described in a 2000 article by Magenheimer and Christian. A "hyperprivileged" mode for

1100-706: The UltraSPARC architecture was specified in UltraSPARC Architecture 2005 .' It defines a sun4v platform which is a super-set of the sun4u platform, but is still compliant to the SPARC v9 Level-1 specification. All sensitive instructions in the PowerPC instruction set are privileged. The efficiency requirement in Popek and Goldberg's definition of a VMM concerns only the execution of non-privileged instructions, which must execute natively. This

1144-622: The bare metal network bandwidth in NASA 's virtualized datacenter and in the Amazon Public Cloud . Popek and Goldberg virtualization requirements The Popek and Goldberg virtualization requirements are a set of conditions sufficient for a computer architecture to support system virtualization efficiently. They were introduced by Gerald J. Popek and Robert P. Goldberg in their 1974 article "Formal Requirements for Virtualizable Third Generation Architectures". Even though

1188-507: The IOMMU I/O virtualization functionality for it to be usable. Only the PCI or PCI Express devices supporting function level reset (FLR) can be virtualized this way, as it is required for reassigning various device functions between virtual machines. If a device to be assigned does not support Message Signaled Interrupts (MSI), it must not share interrupt lines with other devices for

1232-524: The Intel platform. On some platforms, it is possible to run a 64-bit guest on a 32-bit host OS if the underlying processor is 64-bit and supports the necessary virtualization extensions. In 2005 and 2006, Intel and AMD (working independently) created new processor extensions to the x86 architecture. The first generation of x86 hardware virtualization addressed the issue of privileged instructions. The issue of low performance of virtualized system memory

1276-432: The assignment to be possible. All conventional PCI devices routed behind a PCI/ PCI-X -to-PCI Express bridge can be assigned to a guest virtual machine only all at once; PCI Express devices have no such restriction. PCI-SIG Single Root I/O Virtualization (SR-IOV) provides a set of general (non-x86 specific) I/O virtualization methods based on PCI Express (PCIe) native hardware, as standardized by PCI-SIG: In SR-IOV,

1320-440: The classic type 1 hypervisor was self-standing and did not depend on any operating system or run any user applications itself. In contrast, the first x86 virtualization products were aimed at workstation computers, and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that ran under the host OS (type 2 hypervisor). There has been some controversy whether the x86 architecture with no hardware assistance

1364-757: The code name "Pacifica", and initially published them as AMD Secure Virtual Machine (SVM), but later marketed them under the trademark AMD Virtualization , abbreviated AMD-V . On May 23, 2006, AMD released the Athlon 64 ( "Orleans" ), the Athlon 64 X2 ( "Windsor" ) and the Athlon 64 FX ( "Windsor" ) as the first AMD processors to support this technology. AMD-V capability also features on the Athlon 64 and Athlon 64 X2 family of processors with revisions "F" or "G" on socket AM2 , Turion 64 X2 , and Opteron 2nd generation and third-generation, Phenom and Phenom II processors. The APU Fusion processors support AMD-V. AMD-V

VMX - Misplaced Pages Continue

1408-488: The following (sufficient) conditions. Theorem 2 . A conventional third-generation computer is recursively virtualizable if: Some architectures, like the non-hardware-assisted x86 , do not meet these conditions, so they cannot be virtualized in the classic way. But architectures can still be fully virtualized (in the x86 case meaning at the CPU and MMU level) by using different techniques like binary translation, which replaces

1452-443: The most common of these, a host VMM configures supported devices to create and allocate virtual "shadows" of their configuration spaces so that virtual machine guests can directly configure and access such "shadow" device resources. With SR-IOV enabled, virtualized network interfaces are directly accessible to the guests, avoiding involvement of the VMM and resulting in high overall performance; for example, SR-IOV achieves over 95% of

1496-472: The native machine in some benchmarks. The cost of trapping and emulating privileged instructions in the VMM can be significant. This led the IBM engineers to introduce a number of hardware assists , which roughly doubled the performance of the System/370 virtual machines. Assists were added in several stages. In the end, there were over 100 assists on the late models System/370. One of the main driving factors for

1540-417: The operating system's memory address space, by using memory address translation. At the same time, an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware from compromising memory security . Both AMD and Intel have released their IOMMU specifications: In addition to the CPU support, both motherboard chipset and system firmware ( BIOS or UEFI ) need to fully support

1584-473: The performance property are called efficient VMMs . Popek and Goldberg describe the characteristics that the instruction set architecture (ISA) of the physical machine must possess in order to run VMMs which possess the above properties. Their analysis derives such characteristics using a model of "third generation architectures" (e.g., IBM 360, Honeywell 6000, DEC PDP-10) that is nevertheless general enough to be extended to modern machines. This model includes

1628-620: The protection of the hypervisor's memory impossible, in particular, the protection of the trap handler that runs in the guest kernel address space. Revision D and later 64-bit AMD processors (as a rule of thumb, those manufactured in 90 nm or less) added basic support for segmentation in long mode, making it possible to run 64-bit guests in 64-bit hosts via binary translation. Intel did not add segmentation support to its x86-64 implementation ( Intel 64 ), making 64-bit software-only virtualization impossible on Intel CPUs, but Intel VT-x support makes 64-bit hardware assisted virtualization possible on

1672-498: The requirements are derived under simplifying assumptions, they still represent a convenient way of determining whether a computer architecture supports efficient virtualization and provide guidelines for the design of virtualized computer architectures. System virtual machines are capable of virtualizing a full set of hardware resources, including a processor (or processors), memory and storage resources and peripheral devices. A virtual machine monitor (VMM, also called hypervisor )

1716-408: The resulting virtual machine, which does not implement the parts of the actual x86 instruction set that are hard to virtualize. The paravirtualized I/O has significant performance benefits as demonstrated in the original SOSP '03 Xen paper. The initial version of x86-64 ( AMD64 ) did not allow for a software-only full virtualization due to the lack of segmentation support in long mode , which made

1760-506: The sensitive instructions that do not generate traps, which are sometimes called critical instructions. This additional processing however makes the VMM less efficient in theory, but hardware traps have non-negligible performance cost as well. A well-tuned caching binary translation system may achieve comparable performance, and it does in the case of x86 binary translation relative to first generation x86 hardware assist, which merely made sensitive instructions trappable. Effectively this gives

1804-510: The virtualization requirements. The PDP-10 architecture has a few instructions which are sensitive (alter or query the processor's mode) but not privileged. These instructions save or restore the condition codes containing USER or IOT bits: All sensitive instructions in the System/370 are privileged: it satisfies the virtualization requirements. The Motorola MC68000 has a single unprivileged sensitive instruction: This instruction

VMX - Misplaced Pages Continue

1848-444: The x86 architecture protected mode . In protected mode the operating system kernel runs at a higher privilege such as ring 0, and applications at a lower privilege such as ring 3. In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited access to hardware, just like any other application of the host OS. One approach used in x86 software-based virtualization to overcome this limitation

1892-590: The x86 platform. On November 13, 2005, Intel released two models of Pentium 4 (Model 662 and 672) as the first Intel processors to support VT-x. The CPU flag for VT-x capability is "vmx"; in Linux, this can be checked via /proc/cpuinfo , or in macOS via sysctl machdep.cpu.features . "VMX" stands for Virtual Machine Extensions, which adds 13 new instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON, INVEPT, INVVPID, and VMFUNC. These instructions permit entering and exiting

1936-538: Was addressed with MMU virtualization that was added to the chipset later. Because the Intel 80286 could not run concurrent DOS applications well by itself in protected mode, Intel introduced the virtual 8086 mode in their 80386 chip, which offered virtualized 8086 processors on the 386 and later chips. Hardware support for virtualizing the protected mode itself, however, became available 20 years later. AMD developed its first generation virtualization extensions under

#358641