1. Field of the Invention
This invention relates to virtualization and the use of virtual machines in processors and computer systems and, more particularly, to virtualizing real mode execution.
2. Description of the Related Art
Virtualization has been used in computer systems for a variety of different purposes. For example, virtualization may be used to execute privileged software in a “container” to prevent the privileged software from directly accessing and/or making changes to at least some of the physical machine state without first being permitted to do so by a virtual machine manager that controls the virtual machine. Such a container may prevent “buggy” or malicious software from causing problems on the physical machine. Additionally, virtualization may be used to permit two or more privileged programs to execute on the same physical machine concurrently. The privileged programs may be prevented from interfering with each other since access to the physical machine is controlled. Privileged programs may include operating systems, and may also include other software which expects to have full control of the hardware on which the software is executing. In another example, virtualization may be used to execute a privileged program on hardware that differs from the hardware expected by the privileged program.
Generally, virtualization of a processor or computer system may include providing one or more privileged programs with access to a virtual machine (the container mentioned above) over which the privileged program has full control, but the control of the physical machine is retained by the virtual machine manager. The virtual machine may include a processor (or processors), memory, and various peripheral devices that the privileged program expects to find in the machine on which it is executing. Each privileged program (and related software in some cases, such as the applications that execute on an operating system) may be referred to herein as a guest. Virtualization may be implemented in software (e.g. the virtual machine manager (VMM) mentioned above) without any specific hardware virtualization support in the physical machine on which the VMM and its virtual machines execute. However, virtualization may be simplified and/or achieve higher performance if some hardware support is provided.
Typically, memory is virtualized in a virtual machine using address translation mechanisms, such as paging translation mechanisms. By translating addresses generated by guests executing in a virtual machine, the physical memory pages actually accessed by the virtual machine may be controlled. The guest itself may include page tables that it generates for the portions of the program that execute in a mode in which paging is enabled. However, the VMM overrides the guest's page tables with its own page tables to control the physical memory accessed by the virtual machine. In this manner, guests may be prevented from accessing (and particularly updating) pages allocated to other guests or to the VMM.
Many processor instruction set architectures support a “real mode” in which paging is not used. If the guest were permitted to execute in real mode, the paging mechanisms could not be used to control memory accessed by the guest. However, in some cases, operation of the processor as defined in the instruction set architecture may differ in real mode as compared to various other modes in which paging is enabled. For example, in the x86 instruction set architecture, certain instructions operate differently, some of the flags set during instruction execution differ, privilege level protections mechanisms are disabled, and operation of the segment registers in address generation differs in real mode as compared to modes in which paging is enabled (which are also modes in which protection is enabled). Programs, or code sequences within programs, that are written to run in real mode may depend on these other differences. Thus, the programs/code sequences may not merely be run in a mode in which paging is enabled. The x86 instruction set also defines a virtual 8086 mode (v86). The v86 mode resembles real mode operation while running in a protected mode (optionally with page enabled), but does not fully duplicate real mode operation. Thus, v86 mode cannot always be used for programs/code sequences that are to execute in real mode.