Vol. 3C 23-1
CHAPTER 23
INTRODUCTION TO VIRTUAL MACHINE EXTENSIONS
23.1 OVERVIEW
This chapter describes the basics of virtual machine architecture and an overview of the virtual-machine extensions
(VMX) that support virtualization of processor hardware for multiple software environments.
Information about VMX instructions is provided in Intel® 64 and IA-32 Architectures Software Developer’s Manual,
Volume 2B. Other aspects of VMX and system programming considerations are described in chapters of Intel® 64
and IA-32 Architectures Software Developer’s Manual, Volume 3B.
23.2
VIRTUAL MACHINE ARCHITECTURE
Virtual-machine extensions define processor-level support for virtual machines on IA-32 processors. Two principal
classes of software are supported:
•
Virtual-machine monitors (VMM) — A VMM acts as a host and has full control of the processor(s) and other
platform hardware. A VMM presents guest software (see next paragraph) with an abstraction of a virtual
processor and allows it to execute directly on a logical processor. A VMM is able to retain selective control of
processor resources, physical memory, interrupt management, and I/O.
•
Guest software — Each virtual machine (VM) is a guest software environment that supports a stack consisting
of operating system (OS) and application software. Each operates independently of other virtual machines and
uses on the same interface to processor(s), memory, storage, graphics, and I/O provided by a physical
platform. The software stack acts as if it were running on a platform with no VMM. Software executing in a
virtual machine must operate with reduced privilege so that the VMM can retain control of platform resources.
23.3
INTRODUCTION TO VMX OPERATION
Processor support for virtualization is provided by a form of processor operation called VMX operation. There are
two kinds of VMX operation: VMX root operation and VMX non-root operation. In general, a VMM will run in VMX
root operation and guest software will run in VMX non-root operation. Transitions between VMX root operation and
VMX non-root operation are called VMX transitions. There are two kinds of VMX transitions. Transitions into VMX
non-root operation are called VM entries. Transitions from VMX non-root operation to VMX root operation are called
VM exits.
Processor behavior in VMX root operation is very much as it is outside VMX operation. The principal differences are
that a set of new instructions (the VMX instructions) is available and that the values that can be loaded into certain
control registers are limited (see Section 23.8).
Processor behavior in VMX non-root operation is restricted and modified to facilitate virtualization. Instead of their
ordinary operation, certain instructions (including the new VMCALL instruction) and events cause VM exits to the
VMM. Because these VM exits replace ordinary behavior, the functionality of software in VMX non-root operation is
limited. It is this limitation that allows the VMM to retain control of processor resources.
There is no software-visible bit whose setting indicates whether a logical processor is in VMX non-root operation.
This fact may allow a VMM to prevent guest software from determining that it is running in a virtual machine.
Because VMX operation places restrictions even on software running with current privilege level (CPL) 0, guest
software can run at the privilege level for which it was originally designed. This capability may simplify the devel-
opment of a VMM.