Virtualization
Sensitive instructions: instructions perform I/O, change MMU settings, ect. Privileged instructions: instructions that TRAP if executed in user mode
A machine is virtualizable if sensitive instructions $\subseteq$ privileged instructions.
Hypervisor: a software layer that enables multiple operating systems to run concurrently on a single physical machine by managing their access to the underlying hardware resources.
There are two types of hypervisors:
- Type 1 hypervisor: runs directly on the hardware
- Type 2 hypervisor: uses the services from the host operating system
Type 1 hypervisors have generally better performance because they have less overhead.
Full virtualization: completely virtualizes the underlying hardware where the operating systems interacts with.
Paravirtualization: modifies operating system by replacing privileged instructions with hypercalls (like syscalls to hypervisor)
Protection rings: x64 has 4 protection rings, Ring 0 allows everything (OS), Ring 3 least privileged (user processes)
Memory virtualization: for each virtual machine the hypervisor needs to create a shadow page table that maps virtual pages of the VM to the actual pages the hypervisor gave it
VM Exit a situation in which the hypervisor regains control, this is expensive and avoided
Nested page tables provide hardware support for memory virtualization