1. Field
The present disclosure relates to the resource management of virtual machine(s) using hardware address mapping, and, more specifically, to facilitate direct access to devices from virtual machines, utilizing control of hardware address translation facilities.
2. Background Information
The virtualization of machine resources has been of significant interest for some time; however, with processors becoming more diverse and complex, such as processors that are deeply pipelined/super pipelined, hyper-threaded, on-chip multi-processing capable, and processors having Explicitly Parallel Instruction Computing (EPIC) architecture, and with larger instruction and data caches, virtualization of machine resources is becoming an even greater interest.
Many attempts have been made to make virtualization more efficient. For example, some vendors offer software products that have a virtual machine system that permits a machine to be virtualized, such that the underlying hardware resources of the machine appears as one or more independently operating virtual machines (VM). Typically, a Virtual Machine Monitor (VMM) may be a thin layer of software running on a computer and presenting to other software an abstraction of one or more VMs. Each VM, on the other hand, may function as a self-contained platform, running its own operating system (OS), or a copy of the OS, and/or a software application. Software executing within a VM is collectively referred to as “guest software”. Some commercial solutions that provide software VMs include VMware, Inc. (VMware) of Palo Alto, Calif. and VirtualPC by Microsoft Corp. of Redmond, Wash.
Typical software based virtualization solutions utilize the privilege level protections in common processor hardware by running the entire guest software (e.g. OS and applications) at a lower privilege level, and virtualizes guest attempts to execute privileged operations by trapping to the VMM and emulating guest execution through the VMM software. However, typical operating systems expect to utilize these privilege levels to protect OS kernel from user-mode applications. For example, the Intel IA-32 processor architecture defines four privilege levels, specified as ring 0 to ring 3 in decreasing order of privilege.
Processor hardware support for virtualization, such as matter disclosed in previously filed patent application Ser. No. 09/752,134, titled “New Processor Mode For Limiting The Operation Of Guest Software Running On A Virtual Machine Supported By A Virtual Machine Monitor,” by Neiger, et al., improves upon the software only virtualization solutions, through additional processor operation modes to differentiate between guest and VMM execution. Additionally it may allow flexible control of guest operations than what is offered by the coarse-grained ring based privilege levels. These additional processor operating modes for virtualization may preserve the typical ring-based processor hardware privilege levels for use by both guest and VMM software.
Typically, input/output I/O devices in the system are managed by the VMM in either one of two modes: shared mode or dedicated mode. In this context an I/O device is any device that facilitates the transfer of data to or from the core of a computer system. Examples of I/O devices may include, but are not limited to: keyboards, pointing devices, graphics adapters, network interface controllers, memory devices, hard disks, diskettes, and writable media. However, other devices are within the scope of the disclosed subject matter.
In shared mode, each VM may typically see and interact with a set of virtual devices. The VMM is typically responsible for emulating these virtual devices and mapping the virtual devices to physical devices in the system. The virtual device emulation is typically used to allow a plurality of virtual machines to share a physical device in, for example, a substantially simultaneous or time-multiplexed fashion. For example, each VM may be exposed a virtual network interface controller (NIC) device by the VMM, and the VMM may map virtual NICs from multiple VMs to a physical NIC in the system, thereby allowing these virtual machines to share the same network connection.
In dedicated mode, a VMM may assign certain physical devices in the platform for exclusive use by a specific virtual machine. I/O device assignment to VMs is typically done to improve performance. Device assignment to VMs is typically done indirectly through the VMM, such that, the VM to which a physical device is assigned is exposed to a virtual device, and the virtual device emulation in the VMM may be optimized to utilize the knowledge that the underlying physical device is assigned for exclusive use for the VM. This kind of VM I/O device assignment has inherent limits (such as reduced performance) since the guest software access to the assigned device is indirectly through the VMM. In addition to performance limitations, software emulated virtual devices also negatively impacts functionality and robustness. Since the software emulated virtual devices are often simpler devices with limited capabilities, any additional capabilities provided by the underlying physical device will not be available to the VM. The extra capabilities offered by the physical device may also be lost due to the virtualization and device emulation overheads. Since virtual device emulation requires the device drivers for the physical devices to be running as part of the privileged VMM software, it also reduces overall system robustness, as errors in any of these drivers can crash the entire system including all the VMs.