Virtualization enables a single host machine with hardware and software support for virtualization to present multiple abstractions of the host, such that the underlying hardware of the host machine appears as one or more independently operating virtual machines. Each virtual machine may therefore function as a self-contained platform. Often, virtualization technology is used to allow multiple guest operating systems and/or other guest software to coexist and execute apparently simultaneously and apparently independently on multiple virtual machines while actually physically executing on the same hardware platform. A virtual machine may mimic the hardware of the host machine or alternatively present a different hardware abstraction altogether.
Virtualization systems may include a virtual machine monitor (VMM) which controls the host machine. The VMM provides guest software operating in a virtual machine with a set of resources (e.g., processors, memory, IO devices). The VMM may map some or all of the components of a physical host machine into the virtual machine, and may create fully virtual components, emulated in software in the VMM, which are included in the virtual machine (e.g., virtual IO devices). The VMM may thus be said to provide a “virtual bare machine” interface to guest software. The VMM uses facilities in a hardware virtualization architecture to provide services to a virtual machine and to provide protection from and between multiple virtual machines executing on the host machine.
As guest software executes in a virtual machine, certain instructions executed by the guest software (e.g., instructions accessing peripheral devices) would normally directly access hardware, were the guest software executing directly on a hardware platform. In a virtualization system supported by a VMM, these instructions may cause a transition to the VMM, referred to herein as a virtual machine exit. The VMM handles these instructions in software in a manner suitable for the host machine hardware and host machine peripheral devices consistent with the virtual machines on which the guest software is executing. Similarly, certain interrupts and exceptions generated in the host machine may need to be intercepted and managed by the VMM or adapted for the guest software by the VMM before being passed on to the guest software for servicing. The VMM then transitions control to the guest software and the virtual machine resumes operation. The transition from the VMM to the guest software is referred to herein as a virtual machine Entry.
As is well known, a process executing on a machine on most operating systems may use a virtual address space, which is an abstraction of the underlying physical memory system. As is known in the art, the term virtual when used in the context of memory management e.g. “virtual address,” “virtual address space,” “virtual memory address” or “virtual memory space,” refers to the well known technique of a processor based system, generally in conjunction with an operating system, presenting an abstraction of underlying physical memory to a process executing on a processor-based system. For example, a process may access a virtual, contiguous and linearized address space abstraction which is mapped to non-linear and non-contiguous physical memory by the underlying operating system. This use of virtual is distinguishable from the use of the same term used in the context virtualization, where virtual generally refers to an abstraction that simulates a physical machine e.g. “virtual machine,” “virtual bare machine,” “virtual hardware,” “virtual processor” or “virtual network interface.” The intended meaning of the term will be clear to one in the art based on the context in which it is used herein.
FIG. 1 shows a process executing on a processor-based system which incorporates a processor and a memory communicatively coupled to the processor by a bus. With reference to FIG. 1, when a process 105 references a memory location 110 in its virtual address space 115 (process virtual memory space), a reference to an actual address 140 in the physical memory 145 of the machine 125 (machine physical memory) is generated by memory management 130, which may be implemented in hardware (sometimes incorporated into the processor 120) and software (generally in the operating system of the machine). Memory management 130, among other functions maps a location in the virtual address space to a location in physical memory of the machine. As shown in FIG. 1, a process may have a different view of memory from the actual memory available in the physical machine. In the example depicted in FIG. 1, the process operates in a virtual address space from 0 to 1 MB which is actually mapped by the memory management hardware and software into a portion of the physical memory which itself has an address space from 10 to 11 MB; to compute a physical address from a process space address, an offset 135 may be added to the process virtual address. More complex mappings from process virtual memory space to physical memory are possible, for example, the physical memory corresponding to process virtual memory may be divided into parts such as pages and be interleaved with pages from other processes in physical memory.
Memory is customarily divided into pages, each page containing a known amount of data, varying across implementations, e.g. a page may contain 4096 bytes of memory. As memory locations are referenced by the executing process, they are translated into page references. In a typical machine, memory management maps a reference to a page in process virtual memory to a page in machine physical memory. In general, memory management may use a page table to specify the physical page location corresponding to a process space page location.
One aspect of managing guest software in a virtual machine environment is the management of memory. Handling memory management actions taken by the guest software executing in a virtual machine creates complexity for a controlling system such as a virtual machine monitor. Consider for example a system in which two virtual machines execute via virtualization on a host machine implemented on a 32-bit IA-32 Intel® Architecture platform (IA-32), which is described in the IA-32 Intel® Architecture Software Developer's Manual (IA-32 documentation). The IA-32 platform may include IA-32 page tables implemented as part of an IA-32 processor. Further, assume that each virtual machine itself presents an abstraction of an IA-32 machine to the guest software executing thereon. Guest software executing on each virtual machine my make references to a guest process virtual memory address, which in turn is translated by the guest machine's memory management system to a guest-physical memory address. However, guest-physical memory itself may be implemented by a further mapping in host-physical memory through a VMM and the virtualization subsystem in hardware on the host processor. Thus, references to guest memory by guest processes or the guest operating system, including for example references to guest IA-32 page table control registers, must then be intercepted by the VMM because they cannot be directly passed on to the host machine's IA-32 page table without further reprocessing, as the guest-physical memory does not, in fact, correspond directly to host-physical memory but is rather further remapped through the virtualization system of the host machine.