Intel Virtualization (VT-x)
   HOME

TheInfoList



OR:

x86 virtualization is the use of
hardware-assisted virtualization In computing, hardware-assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. A full virtualization is used to emulate a c ...
capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-assisted virtualization capabilities while attaining reasonable performance. In 2005 and 2006, both
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
(
VT-x x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-as ...
) and
AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufactur ...
(
AMD-V x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-as ...
) introduced limited hardware virtualization support that allowed simpler virtualization software but offered very few speed benefits. Greater hardware support, which allowed substantial speed improvements, came with later processor models.


Software-based virtualization

The following discussion focuses only on virtualization of the x86 architecture
protected mode In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as virtual memory, paging and safe multi-tasking d ...
. In protected mode the operating system kernel runs at a higher privilege such as
ring Ring may refer to: * Ring (jewellery), a round band, usually made of metal, worn as ornamental jewelry * To make a sound with a bell, and the sound made by a bell :(hence) to initiate a telephone connection Arts, entertainment and media Film and ...
0, and applications at a lower privilege such as ring 3. In software-based virtualization, a host OS has direct access to hardware while the guest OSs have limited access to hardware, just like any other application of the host OS. One approach used in x86 software-based virtualization to overcome this limitation is called ''ring deprivileging'', which involves running the guest OS at a ring higher (lesser privileged) than 0. Three techniques made virtualization of protected mode possible: *
Binary translation In computing, binary translation is a form of binary recompilation where sequences of instructions are translated from a ''source'' instruction set to the ''target'' instruction set. In some cases such as instruction set simulation, the target ...
is used to rewrite in terms of ring 3 instructions certain ring 0 instructions, such as POPF, that would otherwise fail silently or behave differently when executed above ring 0, making the classic trap-and-emulate virtualization impossible. To improve performance, the translated
basic block In compiler construction, a basic block is a straight-line code sequence with no branches in except to the entry and no branches out except at the exit. This restricted form makes a basic block highly amenable to analysis. Compilers usually deco ...
s need to be cached in a coherent way that detects
code patching In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...
(used in
VxD VxD is the device driver model used in Microsoft Windows/386 2.x, the 386 enhanced mode of Windows 3.x, Windows 9x, and to some extent also by the Novell DOS 7, OpenDOS 7.01, and DR-DOS 7.02 (and higher) multitasker (TASKMGR). VxDs have acc ...
s for instance), the reuse of pages by the guest OS, or even
self-modifying code In computer science, self-modifying code (SMC) is code that alters its own instructions while it is executing – usually to reduce the instruction path length and improve performance or simply to reduce otherwise repetitively similar code, ...
. * A number of key data structures used by a processor need to be
shadowed ''Shadowed'', also known as ''The Gloved Hand'', is a 1946 American film noir crime film directed by John Sturges and starring Anita Louise, Lloyd Corrigan, and Robert Scott. Plot Salesman Fred J. Johnson manages to hit a hole-in-one as he p ...
. Because most operating systems use
paged virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very ...
, and granting the guest OS direct access to the MMU would mean loss of control by the virtualization manager, some of the work of the x86 MMU needs to be duplicated in software for the guest OS using a technique known as ''shadow page tables''. This involves denying the guest OS any access to the actual page table entries by trapping access attempts and emulating them instead in software. The x86 architecture uses hidden state to store
segment descriptor In memory addressing for Intel x86 computer architectures, segment descriptors are a part of the segmentation unit, used for translating a logical address to a linear address. Segment descriptors describe the memory segment referred to in the logic ...
s in the processor, so once the segment descriptors have been loaded into the processor, the memory from which they have been loaded may be overwritten and there is no way to get the descriptors back from the processor. ''Shadow descriptor tables'' must therefore be used to track changes made to the descriptor tables by the guest OS. * I/O device emulation: Unsupported devices on the guest OS must be emulated by a device emulator that runs in the host OS. These techniques incur some performance overhead due to lack of MMU virtualization support, as compared to a VM running on a natively virtualizable architecture such as the
IBM System/370 The IBM System/370 (S/370) is a model range of IBM mainframe computers announced on June 30, 1970, as the successors to the System/360 family. The series mostly maintains backward compatibility with the S/360, allowing an easy migration path f ...
. On traditional mainframes, the classic type 1 hypervisor was self-standing and did not depend on any operating system or run any user applications itself. In contrast, the first x86 virtualization products were aimed at workstation computers, and ran a guest OS inside a host OS by embedding the hypervisor in a kernel module that ran under the host OS (type 2 hypervisor). There has been some controversy whether the x86 architecture with no hardware assistance is virtualizable as described by Popek and Goldberg.
VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...
researchers pointed out in a 2006 ASPLOS paper that the above techniques made the x86 platform virtualizable in the sense of meeting the three criteria of Popek and Goldberg, albeit not by the classic trap-and-emulate technique. A different route was taken by other systems like
Denali Denali (; also known as Mount McKinley, its former official name) is the highest mountain peak in North America, with a summit elevation of above sea level. With a topographic prominence of and a topographic isolation of , Denali is the thir ...
, L4, and Xen, known as
paravirtualization In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface. The intent o ...
, which involves
porting In software engineering, porting is the process of adapting software for the purpose of achieving some form of execution in a computing environment that is different from the one that a given program (meant for such execution) was originally desi ...
operating systems to run on the resulting virtual machine, which does not implement the parts of the actual x86 instruction set that are hard to virtualize. The paravirtualized I/O has significant performance benefits as demonstrated in the original SOSP'03 Xen paper. The initial version of
x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
(
AMD64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
) did not allow for a software-only full virtualization due to the lack of segmentation support in
long mode In the x86-64 computer architecture, long mode is the mode where a 64-bit operating system can access 64-bit instructions and registers. 64-bit programs are run in a sub-mode called 64-bit mode, while 32-bit programs and 16-bit protected mode pr ...
, which made the protection of the hypervisor's memory impossible, in particular, the protection of the trap handler that runs in the guest kernel address space. Revision D and later 64-bit AMD processors (as a rule of thumb, those manufactured in 90 nm or less) added basic support for segmentation in long mode, making it possible to run 64-bit guests in 64-bit hosts via binary translation. Intel did not add segmentation support to its x86-64 implementation (
Intel 64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
), making 64-bit software-only virtualization impossible on Intel CPUs, but Intel VT-x support makes 64-bit hardware assisted virtualization possible on the Intel platform. On some platforms, it is possible to run a 64-bit guest on a 32-bit host OS if the underlying processor is 64-bit and supports the necessary virtualization extensions.


Hardware-assisted virtualization

In 2005 and 2006,
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
and
AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufactur ...
(working independently) created new processor extensions to the x86 architecture. The first generation of x86 hardware virtualization addressed the issue of privileged instructions. The issue of low performance of virtualized system memory was addressed with MMU virtualization that was added to the chipset later.


Central processing unit


Virtual 8086 mode

Based on painful experiences with the
80286 The Intel 80286 (also marketed as the iAPX 286 and often called Intel 286) is a 16-bit microprocessor that was introduced on February 1, 1982. It was the first 8086-based CPU with separate, non-multiplexed address and data buses and also the fi ...
protected mode, which by itself was not suitable enough to run concurrent
DOS DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicat ...
applications well, Intel introduced the
virtual 8086 mode In the 80386 microprocessor and later, virtual 8086 mode (also called virtual real mode, V86-mode, or VM86) allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is runnin ...
in their
80386 The Intel 386, originally released as 80386 and later renamed i386, is a 32-bit microprocessor introduced in 1985. The first versions had 275,000 transistors AMD developed its first generation virtualization extensions under the code name "Pacifica", and initially published them as AMD Secure Virtual Machine (SVM), but later marketed them under the trademark ''AMD Virtualization'', abbreviated ''AMD-V''. On May 23, 2006, AMD released the Athlon 64 ( "Orleans"), the Athlon 64 X2 ( "Windsor") and the Athlon 64 FX ( "Windsor") as the first AMD processors to support this technology. AMD-V capability also features on the
Athlon 64 The Athlon 64 is a ninth-generation, AMD64-architecture microprocessor produced by Advanced Micro Devices (AMD), released on September 23, 2003. It is the third processor to bear the name ''Athlon'', and the immediate successor to the Athlon XP. T ...
and
Athlon 64 X2 The Athlon 64 X2 is the first native dual-core desktop central processing unit (CPU) designed by Advanced Micro Devices (AMD). It was designed from scratch as native dual-core by using an already multi-CPU enabled Athlon 64, joining it with ano ...
family of processors with revisions "F" or "G" on
socket AM2 The Socket AM2, renamed from Socket M2 (to prevent using the same name as Cyrix MII processors), is a CPU socket designed by AMD for desktop processors, including the performance, mainstream and value segments. It was released on May 23, 2006, as ...
,
Turion 64 X2 AMD Turion is the brand name AMD applies to its x86-64 low-power consumption (''mobile'') processors codenamed ''K8L''. The Turion 64 and Turion 64 X2/Ultra processors compete with Intel's mobile processors, initially the ''Pentium M'' and the Int ...
, and
Opteron Opteron is AMD's x86 former server and workstation processor line, and was the first processor which supported the AMD64 instruction set architecture (known generically as x86-64 or AMD64). It was released on April 22, 2003, with the ''SledgeHa ...
2nd generation and third-generation,
Phenom Phenom may refer to: * AMD Phenom, the 64-bit AMD desktop processor line based on the K10 microarchitecture ** Phenom II, a family of AMD's multi-core 45 nm processors using the AMD K10 microarchitecture * Phenom (electron microscope), a fast elec ...
and
Phenom II Phenom II is a family of AMD's multi-core 45 nm processors using the AMD K10 microarchitecture, succeeding the original Phenom. Advanced Micro Devices released the Socket AM2+ version of Phenom II in December 2008, while Socket AM3 versions w ...
processors. The APU Fusion processors support AMD-V. AMD-V is not supported by any Socket 939 processors. The only
Sempron Sempron has been the marketing name used by AMD for several different budget desktop CPUs, using several different technologies and CPU socket formats. The Sempron replaced the AMD Duron processor and competed against Intel's Celeron series of pr ...
processors which support it are APUs and
Huron Huron may refer to: People * Wyandot people (or Wendat), indigenous to North America * Wyandot language, spoken by them * Huron-Wendat Nation, a Huron-Wendat First Nation with a community in Wendake, Quebec * Nottawaseppi Huron Band of Potawatomi ...
, Regor,
Sargas Theta Scorpii (θ Scorpii, abbreviated Theta Sco, θ Sco) is a binary star in the southern zodiac constellation of Scorpius. The apparent visual magnitude of this star is +1.87, making it readily visible to the naked eye and one of the brig ...
desktop CPUs. AMD Opteron CPUs beginning with the Family 0x10 Barcelona line, and Phenom II CPUs, support a second generation hardware virtualization technology called
Rapid Virtualization Indexing Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables. AMD has supported SLAT through ...
(formerly known as Nested Page Tables during its development), later adopted by Intel as
Extended Page Table Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables. AMD has supported SLAT throu ...
s (EPT). As of 2019, all
Zen Zen ( zh, t=禪, p=Chán; ja, text= 禅, translit=zen; ko, text=선, translit=Seon; vi, text=Thiền) is a school of Mahayana Buddhism that originated in China during the Tang dynasty, known as the Chan School (''Chánzong'' 禪宗), and ...
-based AMD processors support AMD-V. The CPU flag for AMD-V is "svm". This may be checked in BSD derivatives via
dmesg dmesg (''diagnostic messages'') is a command on most Unix-like operating systems that prints the message buffer of the kernel. The output includes messages produced by the device drivers. Command On many Unix-like systems, the boot process g ...
or
sysctl sysctl is a software utility of some Unix-like operating systems that reads and modifies the attributes of the system kernel such as its version number, maximum limits, and security settings. It is available both as a system call for compiled ...
and in
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
via /proc/
cpuinfo The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized metho ...
. Instructions in AMD-V include VMRUN, VMLOAD, VMSAVE, CLGI, VMMCALL, INVLPGA, SKINIT, and STGI. With some
motherboard A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
s, users must enable AMD SVM feature in the
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
setup before applications can make use of it.


Intel virtualization (VT-x)

Previously codenamed "Vanderpool", VT-x represents Intel's technology for virtualization on the x86 platform. On November 13, 2005, Intel released two models of
Pentium 4 Pentium 4 is a series of single-core CPUs for desktops, laptops and entry-level servers manufactured by Intel. The processors were shipped from November 20, 2000 until August 8, 2008. The production of Netburst processors was active from 2000 ...
(Model 662 and 672) as the first Intel processors to support VT-x. The CPU flag for VT-x capability is "vmx"; in Linux, this can be checked via /proc/cpuinfo, or in
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
via sysctl machdep.cpu.features.To see if your processor supports hardware virtualization
Intel 2012.
"VMX" stands for Virtual Machine Extensions, which adds 13 new instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON, INVEPT, INVVPID, and VMFUNC. These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected. , almost all newer server, desktop and mobile Intel processors support VT-x, with some of the
Intel Atom Intel Atom is the brand name for a line of IA-32 and x86-64 instruction set ultra-low-voltage processors by Intel Corporation designed to reduce electric consumption and power dissipation in comparison with ordinary processors of the Intel Cor ...
processors as the primary exception. With some
motherboard A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
s, users must enable Intel's VT-x feature in the
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
setup before applications can make use of it. Intel started to include
Extended Page Table Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables. AMD has supported SLAT throu ...
s (EPT), a technology for page-table virtualization, since the Nehalem architecture, released in 2008. In 2010, Westmere added support for launching the logical processor directly in
real mode Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. The mode gets its name from the fact that addresses in real mode always correspond to real locations in memory. Real mode is characterized by a 20-bit seg ...
a feature called "unrestricted guest", which requires EPT to work. Since the Haswell microarchitecture (announced in 2013), Intel started to include ''VMCS shadowing'' as a technology that accelerates
nested virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, sto ...
of VMMs. The ''virtual machine control structure'' (VMCS) is a
data structure In computer science, a data structure is a data organization, management, and storage format that is usually chosen for efficient access to data. More precisely, a data structure is a collection of data values, the relationships among them, a ...
in memory that exists exactly once per VM, while it is managed by the VMM. With every change of the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the VM's virtual processor. As soon as more than one VMM or nested VMMs are used, a problem appears in a way similar to what required shadow page table management to be invented, as described above. In such cases, VMCS needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there is no hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware support for VMCS shadowing.


VIA virtualization (VIA VT)

VIA Nano The VIA Nano (formerly Code name#Commercial code names in the computer industry, code-named VIA Isaiah) is a 64-bit CPU for personal computers. The VIA Nano was released by VIA Technologies in 2008 after five years of development by its CPU divi ...
3000 Series Processors and higher support VIA VT virtualization technology compatible with Intel VT-x. EPT is present in
Zhaoxin Zhaoxin (Shanghai Zhaoxin Semiconductor Co., Ltd.; , ) is a fabless semiconductor company, created in 2013 as a joint venture between VIA Technologies and the Shanghai Municipal Government. The company manufactures x86-compatible desktop and lap ...
ZX-C, a descendant of VIA QuadCore-E & Eden X4 similar to Nano C4350AL.


Interrupt virtualization (AMD AVIC and Intel APICv)

In 2012, AMD announced their ''Advanced Virtual Interrupt Controller'' (''AVIC'') targeting interrupt overhead reduction in virtualization environments. This technology, as announced, does not support
x2APIC X, or x, is the twenty-fourth and third-to-last letter in the Latin alphabet, used in the modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is ''"ex"'' (pronounced ), ...
. In 2016, AVIC is available on the AMD family 15h models 6Xh (Carrizo) processors and newer. Also in 2012, Intel announced a similar technology for interrupt and APIC virtualization, which did not have a brand name at its announcement time. Later, it was branded as ''APIC virtualization'' (''APICv'') and it became commercially available in the Ivy Bridge EP series of Intel CPUs, which is sold as Xeon E5-26xx v2 (launched in late 2013) and as Xeon E5-46xx v2 (launched in early 2014).


Graphics processing unit

Graphics virtualization is not part of the x86 architecture. Intel
Graphics Virtualization Technology Intel Graphics Technology (GT) is the collective name for a series of integrated graphics processors (IGPs) produced by Intel that are manufactured on the same package or die as the central processing unit (CPU). It was first introduced in 201 ...
(GVT) provides graphics virtualization as part of more recent Gen graphics architectures. Although AMD APUs implement the
x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mod ...
instruction set, they implement AMD's own graphics architectures ( TeraScale, GCN and RDNA) which do not support graphics virtualization. Larrabee was the only graphics
microarchitecture In computer engineering, microarchitecture, also called computer organization and sometimes abbreviated as µarch or uarch, is the way a given instruction set architecture (ISA) is implemented in a particular processor. A given ISA may be impl ...
based on x86, but it likely did not include support for graphics virtualization.


Chipset

Memory and I/O virtualization is performed by the
chipset In a computer system, a chipset is a set of electronic components An electronic component is any basic discrete device or physical entity in an electronic system used to affect electrons or their associated fields. Electronic components are ...
. Typically these features must be enabled by the BIOS, which must be able to support them and also be set to use them.


I/O MMU virtualization (AMD-Vi and Intel VT-d)

An input/output memory management unit (IOMMU) allows guest
virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
s to directly use
peripheral A peripheral or peripheral device is an auxiliary device used to put information into and get information out of a computer. The term ''peripheral device'' refers to all hardware components that are attached to a computer and are controlled by the ...
devices, such as Ethernet, accelerated graphics cards, and hard-drive controllers, through DMA and
interrupt In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted, ...
remapping. This is sometimes called ''PCI passthrough''. An IOMMU also allows operating systems to eliminate bounce buffers needed to allow themselves to communicate with peripheral devices whose memory address spaces are smaller than the operating system's memory address space, by using memory address translation. At the same time, an IOMMU also allows operating systems and hypervisors to prevent buggy or malicious hardware from compromising memory security. Both AMD and Intel have released their IOMMU specifications: * AMD's I/O Virtualization Technology, "AMD-Vi", originally called "IOMMU" * Intel's "Virtualization Technology for Directed I/O" (VT-d), included in most high-end (but not all) newer Intel processors since the Core 2 architecture. In addition to the CPU support, both
motherboard A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
chipset In a computer system, a chipset is a set of electronic components An electronic component is any basic discrete device or physical entity in an electronic system used to affect electrons or their associated fields. Electronic components are ...
and system firmware (
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
or
UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
) need to fully support the IOMMU I/O virtualization functionality for it to be usable. Only the
PCI PCI may refer to: Business and economics * Payment card industry, businesses associated with debit, credit, and other payment cards ** Payment Card Industry Data Security Standard, a set of security requirements for credit card processors * Pro ...
or
PCI Express PCI Express (Peripheral Component Interconnect Express), officially abbreviated as PCIe or PCI-e, is a high-speed serial computer expansion bus standard, designed to replace the older PCI, PCI-X and AGP bus standards. It is the common ...
devices supporting ''function level reset'' (FLR) can be virtualized this way, as it is required for reassigning various device functions between virtual machines. If a device to be assigned does not support
Message Signaled Interrupts Message Signalled Interrupts (MSI) are an alternative in-band method of signalling an interrupt, using special in-band messages to replace traditional out-of-band assertion of dedicated interrupt lines. While more complex to implement in a device, ...
(MSI), it must not share
interrupt In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted, ...
lines with other devices for the assignment to be possible. All
conventional PCI Peripheral Component Interconnect (PCI) is a local computer bus for attaching hardware devices in a computer and is part of the PCI Local Bus standard. The PCI bus supports the functions found on a processor bus but in a standardized format th ...
devices routed behind a PCI/
PCI-X PCI-X, short for Peripheral Component Interconnect eXtended, is a computer bus and expansion card standard that enhances the 32-bit PCI local bus for higher bandwidth demanded mostly by servers and workstations. It uses a modified protocol t ...
-to-PCI Express bridge can be assigned to a guest virtual machine only all at once; PCI Express devices have no such restriction.


Network virtualization (VT-c)

* Intel's "Virtualization Technology for Connectivity" (VT-c).


= PCI-SIG Single Root I/O Virtualization (SR-IOV)

= ''PCI-SIG Single Root I/O Virtualization (SR-IOV)'' provides a set of general (non-x86 specific) I/O virtualization methods based on
PCI Express PCI Express (Peripheral Component Interconnect Express), officially abbreviated as PCIe or PCI-e, is a high-speed serial computer expansion bus standard, designed to replace the older PCI, PCI-X and AGP bus standards. It is the common ...
(PCIe) native hardware, as standardized by PCI-SIG: * ''Address translation services (ATS)'' supports native IOV across PCI Express via address translation. It requires support for new transactions to configure such translations. * '' Single-root IOV (SR-IOV or SRIOV)'' supports native IOV in existing single-root complex PCI Express topologies. It requires support for new device capabilities to configure multiple virtualized configuration spaces. * ''Multi-root IOV (MR-IOV)'' supports native IOV in new topologies (for example, blade servers) by building on SR-IOV to provide multiple root complexes which share a common PCI Express hierarchy. In SR-IOV, the most common of these, a host VMM configures supported devices to create and allocate virtual "shadows" of their configuration spaces so that virtual machine guests can directly configure and access such "shadow" device resources. With SR-IOV enabled, virtualized network interfaces are directly accessible to the guests, avoiding involvement of the VMM and resulting in high overall performance; for example, SR-IOV achieves over 95% of the
bare metal In computer science, bare machine (or bare metal) refers to a computer executing instructions directly on logic hardware without an intervening operating system. Modern operating systems evolved through various stages, from elementary to the pre ...
network bandwidth in
NASA The National Aeronautics and Space Administration (NASA ) is an independent agency of the US federal government responsible for the civil space program, aeronautics research, and space research. NASA was established in 1958, succeeding t ...
's virtualized datacenter and in the Amazon Public Cloud.


See also

* Comparison of application virtualization software *
Comparison of platform virtualization software Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic i ...
*
Hardware-assisted virtualization In computing, hardware-assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. A full virtualization is used to emulate a c ...
*
Hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...
*
I/O virtualization In virtualization, input/output virtualization (I/O virtualization) is a methodology to simplify management, lower costs and improve performance of servers in enterprise environments. I/O virtualization environments are created by abstracting the ...
*
Network virtualization In computing, network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform vi ...
*
OS-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' ( LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), '' ...
*
Timeline of virtualization development The following is a timeline of virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a ''host'' simulates a ''guest'' by exposing virtual hardware devices, which may ...
*
Virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
*
List of IOMMU-supporting hardware This article contains a list of virtualization-capable IOMMU-supporting hardware. Intel based List of Intel and Intel-based hardware that supports VT-d (Intel Virtualization Technology for Directed I/O). CPUs Server The vast majority of In ...
*
Second Level Address Translation Second Level Address Translation (SLAT), also known as nested paging, is a hardware-assisted virtualization technology which makes it possible to avoid the overhead associated with software-managed shadow page tables. AMD has supported SLAT thro ...
(SLAT) *
Message Signaled Interrupts Message Signalled Interrupts (MSI) are an alternative in-band method of signalling an interrupt, using special in-band messages to replace traditional out-of-band assertion of dedicated interrupt lines. While more complex to implement in a device, ...
(MSI)


References


External links


Everything You Need to Know About the Intel Virtualization Technology
Archived a
ghostarchive.org
at 10 May 2022
A special course at the University of San Francisco on Intel EM64T and VT Extensions
(2007)

{{DEFAULTSORT:X86 Virtualization X86 architecture Hardware virtualization