Changes between Version 17 and Version 18 of VirtualBox architecture

Timestamp:

Nov 16, 2006 6:00:55 PM (18 years ago)

Author:

jose

Comment:

--

VirtualBox architecture

@@ -1 @@
-= The VirtualBox architecture =
+= The !VirtualBox architecture =
 
 [wiki:"Virtualization"] is, by nature, extraordinarily complex, especially so on x86 hardware. Understanding the !VirtualBox source code therefore requires, at least for some components, a great deal of understanding about the details of the x86 architecture as well as great knowledge about the implementations of the host and guest platforms involved.
@@ -7 +7 @@
 == The !VirtualBox processes: a bird's eye view ==
 
-When you start the !VirtualBox graphical user interface (GUI), at least one extra process gets started along the way -- the !VirtualBox "service", normally dubbed `VBoxSVC`. 
+When you start the !VirtualBox graphical user interface (GUI), at least one extra process gets started along the way -- the !VirtualBox "service" process `VBoxSVC`. 
 
 Once you start a virtual machine (VM) from the GUI, you have two windows (the main window and the VM), but three processes running. Looking at your system from Task Manager (on Windows) or some system monitor (on Linux), you will see these:
@@ -17 +17 @@
 (On Linux, there's another daemon process called `VBoxXPCOMIPCD` which is necessary for our XPCOM implementation to work. We will ignore this for now; see [wiki:"COM-XPCOM interoperability"] for details.)
 
-To the host operating system (OS), the VM that runs "inside" the second window looks like just another Qt process. !VirtualBox is very well behaved in that respect: it pretty much takes over control over a large part of your computer, executing a complete OS with its own set of guest processes, drivers, and devices inside this VM process, but the host OS does not notice much of this. Whatever the VM does, it's just another process in your host OS.
+To the host operating system (OS), the VM that runs "inside" the second window looks like an ordinary program. !VirtualBox is very well behaved in that respect: it pretty much takes over control over a large part of your computer, executing a complete OS with its own set of guest processes, drivers, and devices inside this VM process, but the host OS does not notice much of this. Whatever the VM does, it's just another process in your host OS.
 
 We therefore have two sorts of encapsulation in place with the various !VirtualBox files and processes:
@@ -35 +35 @@
  * A "plain" GUI based on [http://www.libsdl.org/index.php SDL], with fewer fancy features than the Qt GUI. This is useful for business use as well as testing during development. To control the VMs, you will then use `VBoxManage`.
 
- * An Remote Desktop Protocol (RDP) server, which is console-only and produces no graphical output on the host, but allows remote computers to connect to it. This is especially useful for enterprises who want to consolidate their client PCs onto just a few servers. The client PCs are then merely displaying RDP data produced by the various RDP server processes on a few big servers, which virtualize the "real" client PCs. (The RDP server is not part of !VirtualBox OSE, but is available with the full version; see the [wiki:"Editions"] page for details.)
+ * A Remote Desktop Protocol (RDP) server, which is console-only and produces no graphical output on the host, but allows remote computers to connect to it. This is especially useful for enterprises who want to consolidate their client PCs onto just a few servers. The client PCs are then merely displaying RDP data produced by the various RDP server processes on a few big servers, which virtualize the "real" client PCs. (The RDP server is not part of !VirtualBox OSE, but is available with the full version; see the [wiki:"Editions"] page for details.)
 
 == Inside a virtual machine ==
@@ -49 +49 @@
     * for any real-mode code (e.g. BIOS code, a DOS guest, or any operating system startup).
  3. Your CPU  can be '''running guest ring-3 code natively''' (within the ring-3 host VM process). With !VirtualBox, we call this "raw ring 3". This is, of course, the most efficient way to run the guest, and hopefully we don't leave this mode too often. The more we do, the slower the VM is compared to a native OS, because all context switches are very expensive.
- 4. Your CPU  can be '''running guest ring-0 code natively.''' Here is where things get hairy: The guest only ''thinks'' it's running ring-0 code, but !VirtualBox has patched the guest OS to instead enter ring 1 (which is normally unused with x86 operating systems). 
+ 4. Your CPU  can be '''running guest ring-0 code natively.''' Here is where things get hairy: The guest only ''thinks'' it's running ring-0 code, but !VirtualBox has fooled the guest OS to instead enter ring 1 (which is normally unused with x86 operating systems). 
 
 Also, in the !VirtualBox source code, you will find lots of references to "host context" or "guest context". Essentially, these mean:
 
- * '''Host context (HC)''' means that the host OS is in control of everything including virtual memory. In the !VirtualBox sources, the term "HC" will normally refer to the host's ring-3 context only. We only use host ring-0 (R0) context with our new Intel VMX (Vanderpool) support, which we'll leave out of the picture for now (but see below).
+ * '''Host context (HC)''' means that the host OS is in control of everything including virtual memory. In the !VirtualBox sources, the term "HC" will normally refer to the host's ring-3 context only. We only use host ring-0 (R0) context with our new Intel VT-x (Vanderpool) support, which we'll leave out of the picture for now (but see below).
 
  * '''Guest context (GC)''' means that !VirtualBox has set up CPU & memory exactly the way the guest expects, but has inserted itself at the "bottom" of the picture, so that !VirtualBox gains control ''first'' for any privileged instructions executed, guest trap or external interrupts, before !VirtualBox may then possibly delegate handling such things to the host OS. So, in the guest context, we have 
@@ -68 +68 @@
  * when switching from host ring-3 to guest context;
 
- * enable or disable Vanderpool etc. support.
+ * enable or disable VT-x etc. support.
 
-Most importantly, the host's ring-0 driver does ''not'' mess with your OS's scheduling or process management. The entire guest OS, including its own hundereds of processes, is only scheduled when the host OS gives the VM process a timeslice. 
+Most importantly, the host's ring-0 driver does ''not'' mess with your OS's scheduling or process management. The entire guest OS, including its own hundreds of processes, is only scheduled when the host OS gives the VM process a timeslice. 
 
 
-== Intel VMX ("Vanderpool") support == 
+== Intel VT-x ("Vanderpool") support == 
 
-With its latest processors, Intel has introduced hardware virtualization support, which they call "Vanderpool", "IVT", "VT-x", or "VMX" (for "virtual machine extensions"). We use the term "VMX". A thorough explanation of this architecture can be found on [http://www.intel.com/technology/itj/2006/v10i3/1-hardware/5-architecture.htm Intel's pages], but as a summary, with these extensions, a processor always operates in one of the following two modes:
+With its latest processors, Intel has introduced hardware virtualization support, which they call "Vanderpool", "IVT", "VT-x", or "VMX" (for "virtual machine extensions"). As we started out rather early on this, we internally use the term "VMX". A thorough explanation of this architecture can be found on [http://www.intel.com/technology/itj/2006/v10i3/1-hardware/5-architecture.htm Intel's pages], but as a summary, with these extensions, a processor always operates in one of the following two modes:
 
  * In '''root mode''', its behavior is very similar to the standard mode of operation (without VMX), and this is the context that a virtual machine monitor (VMM) runs in.
  * The '''non-root mode''' (or guest context, if you want) is designed for running a virtual machine. 
 
-One notable novelty is that all four privilege levels (rings) are supported in either mode, so guest software can theoretically run at any of them. VMX then defines transitions from root to non-root mode (and vice versa) and calls these "VM entry" and "VM exit". 
+One notable novelty is that all four privilege levels (rings) are supported in either mode, so guest software can theoretically run at any of them. VT-x then defines transitions from root to non-root mode (and vice versa) and calls these "VM entry" and "VM exit". 
 
 In non-root mode, the processor will automatically cause VM exits for certain privileged instructions and events. For some of these instructions, it is even configurable whether VM exits should occur. 
 
-Since, however, nearly all operating systems in use today only make use of ring-0 and ring-3, and since a lot of operations in non-root mode are very expensive, !VirtualBox does not use VMX exactly as intended by Intel. Instead, we make partial use of it -- only where it makes sense and where it helps us to improve performance. So, as said above, our hypervisor, on non-VMX machines, lives in ring 0 of the guest context, below the guest ring-0 code that is actually run in ring 1. When VMX is enabled, the hypervisor can safely live in ring 0 ''host'' context and gets activated automatically by use of the new VM exits.
+Since, however, nearly all operating systems in use today only make use of ring-0 and ring-3, and since a lot of operations in non-root mode are very expensive, !VirtualBox does not use VT-x exactly as intended by Intel. Instead, we make partial use of it -- only where it makes sense and where it helps us to improve performance. So, as said above, our hypervisor, on non-VT-x machines, lives in ring 0 of the guest context, below the guest ring-0 code that is actually run in ring 1. When VT-x is enabled, the hypervisor can safely live in ring 0 ''host'' context and gets activated automatically by use of the new VM exits.
 
-
+So far, we don't support AMD's equivalent to VT-x (called SVM) yet but this is work in process. As you have read above, VT-x support is not of high practical importance and therefore it's not our top priority.