A traditional computer operating system (OS) shares the resources of a single machine between multiple user programs or applications. The OS kernel controls all system resources, including execution time, access to instruction and data memory, I/O devices, and inter-process communication. The system resources typically include a microprocessor with at least two levels of privilege, a set of privileged machine-control instructions and registers, a virtual memory system using address translation, and an exception system.
Virtualization is a technique by which multiple operating systems share a single machine. Each “guest” operating system runs within a virtual machine (VM), which appears to have the same privileged instructions, registers and I/O devices as the real machine, but this appearance is an illusion managed by a piece of software known as a hypervisor. The hypervisor is in full control of machine resources at all times. Guest operating systems no longer have unrestricted access to machine resources—they are “de-privileged”. All operations performed by a guest must be explicitly permitted by the hypervisor.
The hypervisor is responsible for sharing system resources between multiple VMs, and maintaining the expected behavior of each VM. The hypervisor performs the same basic functions as the traditional OS kernel, except that the hypervisor's clients are full operating systems rather than user applications.
FIG. 1 illustrates a prior art virtualization system 100. The system 100 includes a first set of applications 102_1 through 102_N executing on a first operating system 104, and a second set of applications 106_1 through 106_N operating on a second operating system 108. A hypervisor 110 operates between the operating systems 104 and 108 and a set of hardware resources 112_1 through 112_N. In particular, the hypervisor 110 controls access to the hardware resources 112 while executing functions specified by the applications. The hardware resources 112 may be a central processing unit, a graphics processing unit, memory, input/output devices, and the like.
The traditional approach to virtualization for a microprocessor with two levels of privilege (e.g., user and kernel) is known as de-privileging. With de-privileging, a guest operating system kernel is executed in user mode instead of the expected kernel mode. Accesses to a privileged resource from the guest kernel results in an exception (trap) that is handled (emulated) by the hypervisor. This scheme is possible if all privileged operations result in exceptions when executed from user mode, and the full user-mode address space can be translated. The performance of such a trap-and-emulate system is limited by the many hypervisor exceptions that must be processed.
In view of the foregoing, it would be desirable to provide an improved microprocessor to efficiently execute virtualized guest operating systems under the control of a hypervisor. More particularly, it would be desirable to reduce hypervisor software processing operations through utilization of improved microprocessor virtualization resources that support virtual machine execution.