background image

Vol. 3C 23-1




This chapter describes the basics of virtual machine architecture and an overview of the virtual-machine extensions 
(VMX) that support virtualization of processor hardware for multiple software environments.
Information about VMX instructions is provided in Intel® 64 and IA-32 Architectures Software Developer’s Manual, 
Volume 2B
. Other 
aspects of VMX and system programming considerations are described in chapters of Intel® 64 
and IA-32 Architectures Software Developer’s Manual, Volume 3B



Virtual-machine extensions define processor-level support for virtual machines on IA-32 processors. Two principal 
classes of software are supported:


Virtual-machine monitors (VMM) â€” A VMM acts as a host and has full control of the processor(s) and other 
platform hardware. A VMM presents guest software (see next paragraph) with an abstraction of a virtual 
processor and allows it to execute directly on a logical processor. A VMM is able to retain selective control of 
processor resources, physical memory, interrupt management, and I/O.


Guest software — Each virtual machine (VM) is a guest software environment that supports a stack consisting 
of operating system (OS) and application software. Each operates independently of other virtual machines and 
uses on the same interface to processor(s), memory, storage, graphics, and I/O provided by a physical 
platform. The software stack acts as if it were running on a platform with no VMM. Software executing in a 
virtual machine must operate with reduced privilege so that the VMM can retain control of platform resources.



Processor support for virtualization is provided by a form of processor operation called VMX operation. There are 
two kinds of VMX operation: VMX root operation and VMX non-root operation. In general, a VMM will run in VMX 
root operation and guest software will run in VMX non-root operation. Transitions between VMX root operation and 
VMX non-root operation are called VMX transitions. There are two kinds of VMX transitions. Transitions into VMX 
non-root operation are called VM entries. Transitions from VMX non-root operation to VMX root operation are called 
VM exits.
Processor behavior in VMX root operation is very much as it is outside VMX operation. The principal differences are 
that a set of new instructions (the VMX instructions) is available and that the values that can be loaded into certain 
control registers are limited (see Section 23.8). 
Processor behavior in VMX non-root operation is restricted and modified to facilitate virtualization. Instead of their 
ordinary operation, certain instructions (including the new VMCALL instruction) and events cause VM exits to the 
VMM. Because these VM exits replace ordinary behavior, the functionality of software in VMX non-root operation is 
limited. It is this limitation that allows the VMM to retain control of processor resources.
There is no software-visible bit whose setting indicates whether a logical processor is in VMX non-root operation. 
This fact may allow a VMM to prevent guest software from determining that it is running in a virtual machine. 
Because VMX operation places restrictions even on software running with current privilege level (CPL) 0, guest 
software can run at the privilege level for which it was originally designed. This capability may simplify the devel-
opment of a VMM.