I hesitated for a long time and finally put on several important concepts. Some people may say that I am only responsible for dropping new terms, but not explaining them. I am so sorry, I have to check if I have time.
As a virtual technology of chip-converted ed, Intel vt can improve virtualization efficiency and security at the same time. The VT Technology on ia32 is called VT-X, while the VT technology on the itanium platform is called VT-I. In addition, the CPU in the ia32 architecture can run 64-bit virtual machines.
In the figure below, I directly reference others. VT-x extends the ia32 operationVmx root operation and vmx non-root operationThe vmx root operation is not very different from the traditional ia32. It is used by vmm/hypervisor, while vmx non-root operation is an ia32 environment under vmm control. Both parts support all privileges levels, so that virtual machines in vmx non-root operation can fully utilize privileges 0, and the master and slave operating systems are effectively separated. In the figure, the yellow line is root operation, and the yellow line is non-root operation.
In this way, the vmm does not need to simulate and run the ring0 commands, and the ring aliasing problem is well solved, greatly improving the running efficiency. This design solves the issue of ring compression and ensures the security. It's a matter of fact. Every time I see this design, I can't help but scream.
it is not enough to increase the CPU computing speed for the performance improvement of virtual machines. Transferring data to the cpu I/O system is the real bottleneck of the system performance. Currently, virtual machines are mainly used to simulate I/O devices and additional software interfaces. The simulated I/O device means that the vmm simulates a complete I/O device, so that the virtual machine can directly use the real driver Program , complete functions (Virtual PC simulates the real S3 ViRGE 3D graphics card). If you think about the disadvantages, you will know that it affects performance. The additional software interface refers to a series of device interfaces provided by the vmm software, which improves the virtualization efficiency but reduces the compatibility. I have seen a saying that this is similar to DirectX technology in windows.
The appearance of such a situation means that there must be a superhero who will save us from the fire. He is the intel virtualization technology for directed I/O (Intel VT-d) in the previous lecture ). I wanted to give up the last lecture and then I want to give up. This is a good story. Like the CPU solution, Intel VT-D technology is a hardware-aided virtualization technology based on the North Bridge Chip/MCH. Direct DMA memory access and IRQ interrupt requests are key issues for data exchange between I/O devices and virtual machines. Traditional I/O Memory Management Units (I/O Memory Management Unit) centrally manages traditional DMA and other special DMA (including AGP Gart and TPT ), it is easy to implement but difficult to isolate devices only by using memory addresses. VT-D implements multiple DMA protection regions through DMA remapping to achieve DMA virtualization. In terms of interruption, there are two methods to interrupt control routing and direct message interruption through DMA write requests. Because the target memory address needs to be embedded in the DMA request, this architecture needs to access all memory addresses and cannot be isolated. The interrupt-remapping architecture of VT-D uses a Message ID instead of a memory address when writing a DMA request. A table can be used to differentiate Virtual Machine regions by ID. Direct I/O device allocation and I/O device sharing replace the traditional technology. In direct I/O device allocation, physical devices are directly allocated to virtual machines. Drivers and hardware devices in the virtual machines communicate directly. In this way, the vmm does not need to run the driver, but hardware support is required to isolate and protect hardware resources for the specified virtual machine only and multiple I/O container partitions are allocated to multiple virtual machines. I/O device sharing requires devices to support multiple functional interfaces. Each interface can be assigned to a virtual machine separately. This model can undoubtedly provide very high virtualization performance.
Finally, I had a hard time talking about these contents. I don't know if you are even more confused after reading them. :) Mail me if you have any questions. In addition, I will not explain these tangled technical issues in the following sections, focusing on the specific application of virtualization technology.