Day two of this series introduced x86 CPU architecture and the concept of four levels of privilege.
Keeping in mind that the operating system expects to be running at the most privileged level (0) and have complete control over the CPU,
what happens when a hypervisor is introduced?
Keeping in mind that the operating system expects to be running at the most privileged level (0) and have complete control over the CPU,
what happens when a hypervisor is introduced?
Day three will explore the following methods of virtualizing the x86 Platform:
- Binary Translation
- Paravirtualization
- Hardware Assisted Virtualization
Binary Translation
In this model, the VMM runs in level 0, while the operating system is relegated to a less privileged one. However, certain privileged CPU instructions can only be executed in level 0. Therefore, binary translation involves the hypervisor intercepting and replacing these privileged instructions with a different sequence of calls that results in the same outcome. CPU calls made by user applications are executed directly on the physical hardware, and the operating system may not be aware of the virtualization layer.
 |
| Flow of CPU calls using binary translation. |
Paravirtualization
As in binary translation, the VMM runs in level 0, and the operating system is relegated to a less privileged one. Privileged operating system instructions, or those that cannot be virtualized; however, are replaced in the operating system with special calls to the hypervisor. This requires an operating systems that support paravirtualization. CPU calls made by user applications are executed directly on the physical hardware. The operating system is aware of the virtualization layer and has been customized to support it.
 |
| Flow of CPU calls using paravirtualization. |
Hardware Assisted Virtualization
In this model, the operating system runs in a restricted ring 0, which is considered non-root when using hardware based extensions (VT-x or AMD-V). The VMM uses these extensions to run in a more privileged root level below ring 0. When the OS makes a restricted call, it is trapped and handled by the hypervisor. CPU calls made by user applications are executed directly on the physical hardware. The operating system may not be aware of the virtualization layer. Hardware that supports virtualization extensions is required. Binary translation is not needed. The operating system does not need to be customized to support virtualization.
 |
| Flow of CPU calls using hardware assisted virtualization. |
Keep on the lookout for day four, which will explore memory management and virtualization.
Be sure to follow me to receive updates when more posts in this series become available. If you like this article, please share it with others.
Keep on virtualizing!
No comments:
Post a Comment