Generally, virtualization technology enables the abstraction (or virtualization) of computing resources by placing a software control program (e.g., a Virtual Machine Monitor “VMM” or hypervisor) between the operating system and the hardware. The hypervisor executes in privileged mode and may host multiple operating systems (called guest operating systems). Each guest operating system communicates with the hypervisor in the same manner it would communicate with the physical hardware, viewing the combination of the hypervisor and hardware as a single, virtual machine. This allows each guest operating system to operate under the illusion of having exclusive access to the processors, peripherals, memory and I/O.
Operating systems are responsible for partitioning the physical memory across multiple processes. In systems that include a guest operating system running on top of a virtual machine, the memory allocated by the guest operating system is not the true physical memory, but an intermediate physical memory. On such systems, the hypervisor is responsible for the actual allocation of the physical memory.
Most processors only support one stage of memory address space translation, and the hypervisor manages the relationship between virtual addresses (VA), intermediate physical addresses (IPA), and physical addresses (PA). This is generally achieved by the hypervisor maintaining its own translation tables (called shadow translation tables), which are derived by interpreting each of the guest operating system's translation tables. Specifically, the hypervisor ensures that all changes to the guest operating system's translation tables are reflected in the shadow structures, as well as enforces protection and redirecting access faults to the appropriate stage.
Unlike the single stage processors discussed above, ARM processor systems provide hardware assistance for both stages of memory translation (e.g., via ARM Virtualization Extensions such as System Memory Management Unit “SMMU”). For example, ARM processors include Virtualization Extensions that enable a two stage translation in which virtual addresses (VA) are translated to intermediate physical addresses (IPA) in the first stage (i.e., a first stage translation), and the intermediate physical addresses (IPA) are translated to physical addresses in the second stage (i.e., a second stage translation). This reduces the overheads associated with the hypervisor.