Typical computer processors include hardware support for virtualization operations. Software virtualization includes transparently executing one or more guest operating systems from within a host operating system, hypervisor, or virtual machine monitor (VMM). Hardware virtualization features may include an extended privilege model, hardware-assisted support for virtual memory addressing, support for extended memory permissions, and other virtualization features.
Certain computing devices include a thin hypervisor to monitor or check integrity of the host operating system. However, computing systems including a thin hypervisor may have difficulty executing additionally hypervisors or VMMs, such as VMMs that are hosted by the host operating system, while still maintaining security. For example, hosted VMMs typically have privileged components in the host operating system that can potentially compromise security of the host operating system. Alternatively, to protect security assertions of the host operating system, a thin hypervisor may make hardware virtualization features unavailable to hosted VMMs and/or virtualize the hardware features for the hosted VMM and run the hosted VMM in a nested and/or deprivileged mode.
In systems with nested virtualization, the thin hypervisor virtualizes each virtual machine (VM) exit, which may cause a large number of additional VM exits between the thin hypervisor and the hosted VMM. Certain processors manufactured by Intel® Corporation include hardware features such as virtual machine control structure (VMCS) shadowing that may reduce the number of VM exits. However, in those embodiments the thin hypervisor still performs nested VM exit handling for each VM exit.