Sensitive instructions: instructions perform I/O, change MMU settings, ect. Privileged instructions: instructions that TRAP if executed in user mode

A machine is virtualizable if sensitive instructions $\subseteq$ privileged instructions.

Hypervisor: a software layer that enables multiple operating systems to run concurrently on a single physical machine by managing their access to the underlying hardware resources.

There are two types of hypervisors:

  • Type 1 hypervisor: runs directly on the hardware
  • Type 2 hypervisor: uses the services from the host operating system

Type 1 hypervisors have generally better performance because they have less overhead.

Full virtualization: completely virtualizes the underlying hardware where the operating systems interacts with.

Paravirtualization: modifies operating system by replacing privileged instructions with hypercalls (like syscalls to hypervisor)

Protection rings: x64 has 4 protection rings, Ring 0 allows everything (OS), Ring 3 least privileged (user processes)

Memory virtualization: for each virtual machine the hypervisor needs to create a shadow page table that maps virtual pages of the VM to the actual pages the hypervisor gave it

VM Exit a situation in which the hypervisor regains control, this is expensive and avoided

Nested page tables provide hardware support for memory virtualization