Systems utilize virtual machines (VMs) to allow the sharing of an underlying physical machine and its resources. The software layer providing virtualization to the VMs is referred to as a virtual machine monitor (VMM) or hypervisor. A VMM acts as a host to the VMs by operating in a super-privileged “root mode,” while the VMs run guest operating system (OS) and application software in a “non-root mode” at a normal privilege level. The VMM also presents system software executing on the VMs (e.g., OS and application software) with an abstraction of the physical machine.
The VMM is able to retain selective control of processor resources, physical memory, interrupt management and data input/output (I/O). One method the VMM utilizes to retain control is through a “trap-and-emulate” process. When an OS executed via a VM attempts to execute a privileged instruction that conflicts with another OS or the VMM itself (e.g., access a hardware resource), the VMM “traps” such attempts and “emulates” the effect of the instruction in a manner that does not interfere with the other OS and its own requirements. The emulation by the VMM may itself include privileged instructions which can access hardware resources.
Nested virtualization (also referred to as “layered virtualization”) refers to a root-mode VMM running a non-root mode VMM as a guest. The above described trap-and-emulate technique is applied to privileged instructions in the non-root mode VMM, which makes the number of traps for emulating one privileged instruction in an OS exaggerated exponentially in the nested environment. Frequent context switches due to multiple levels of trap-and-emulate greatly hurt overall system performance in such an environment.
Descriptions of certain details and implementations follow, including a description of the figures, which may depict some or all of the embodiments described below, as well as discussing other potential embodiments or implementations of the inventive concepts presented herein. An overview of embodiments of the invention is provided below, followed by a more detailed description with reference to the drawings.