Most input/output (I/O) devices are designed with the assumption that there exists one piece of trusted software that configures all of the I/O devices in the system. It is also typically assumed that those I/O devices are ultimately controlled by device drivers that are plug-in modules that abstract individual device differences. Furthermore, it is assumed that these drivers are all contained within a single kernel.
However, in the context of virtual machines, the above assumptions may no longer be valid. Each virtual machine typically contains its own operating system kernel, which may or may not be trusted by all the other kernels running in all the other virtual machines. Configuring and controlling the devices within a physical host typically involves some central authority that has the ability to enforce policies regarding how actions from one virtual machine may affect other virtual machines. In some systems, this central authority lies in a host operating system. In other systems the authority may lie in a hypervisor, and in yet others, the authority may lie with one of the virtual machines running on top of a hypervisor.
When building a virtualization system, one approach may be to maintain complete control of all I/O devices within the above described central authority. Thus when a virtual machine needs I/O services, the virtual machine may pass a request (directly or indirectly) to the central authority that controls the I/O. This approach may work but suffers from two problems. First, the I/O operates more slowly than it would compared with an operating system running on physical hardware rather than a virtual machine. Second, the range of I/O devices expressed to the virtual machines may be limited by the virtualization software. It would be desirable to assign each of the devices within a physical computer to one or more of the virtual machines running within it. In this way, the I/O would not suffer the performance penalty associated with indirection and any device which can be plugged into the computer may be used by a virtual machine without requiring that the virtualization layers completely understand its internal function.
Accordingly, other techniques are needed in the art to solve the above described problems.