VirtualBox

source: vbox/trunk/doc/manual/en_US/user_Technical.xml@ 86692

Last change on this file since 86692 was 82350, checked in by vboxsync, 5 years ago

manual: integrate 6.1 drop #10 with minimal manual adjustments (frontmatter for preface and eliminated trailing whitespace)

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 33.2 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
4<!ENTITY % all.entities SYSTEM "all-entities.ent">
5%all.entities;
6]>
7<chapter id="TechnicalBackground">
8
9 <title>Technical Background</title>
10
11 <para>
12 This chapter provides additional information for readers who are
13 familiar with computer architecture and technology and wish to find
14 out more about how &product-name; works <emphasis>under the
15 hood</emphasis>. The contents of this chapter are not required
16 reading in order to use &product-name; successfully.
17 </para>
18
19 <sect1 id="vboxconfigdata">
20
21 <title>Where &product-name; Stores its Files</title>
22
23 <para>
24 In &product-name;, a virtual machine and its settings are
25 described in a virtual machine settings file in XML format. In
26 addition, most virtual machines have one or more virtual hard
27 disks. These are typically represented by disk images, such as
28 those in VDI format. The location of these files may vary,
29 depending on the host operating system. See
30 <xref linkend="vboxconfigdata-machine-folder"/>.
31 </para>
32
33 <para>
34 Global configuration data for &product-name; is maintained in
35 another location on the host. See
36 <xref linkend="vboxconfigdata-global"/>.
37 </para>
38
39 <sect2 id="vboxconfigdata-machine-folder">
40
41 <title>The Machine Folder</title>
42
43 <para>
44 By default, each virtual machine has a directory on your host
45 computer where all the files of that machine are stored: the XML
46 settings file, with a <filename>.vbox</filename> file extension,
47 and its disk images. This is called the <emphasis>machine
48 folder</emphasis>.
49 </para>
50
51 <para>
52 By default, this machine folder is located in a common folder
53 called <filename>VirtualBox VMs</filename>, which &product-name;
54 creates in the current system user's home directory. The
55 location of this home directory depends on the conventions of
56 the host operating system, as follows:
57 </para>
58
59 <itemizedlist>
60
61 <listitem>
62 <para>
63 On Windows, this is the location returned by the
64 <literal>SHGetFolderPath</literal> function of the Windows
65 system library Shell32.dll, asking for the user profile. A
66 typical location is
67 <filename>C:\Users\<replaceable>username</replaceable></filename>.
68 </para>
69 </listitem>
70
71 <listitem>
72 <para>
73 On Linux, Mac OS X, and Oracle Solaris, this is generally
74 taken from the environment variable
75 <filename>$HOME</filename>, except for the user
76 <literal>root</literal> where it is taken from the account
77 database. This is a workaround for the frequent trouble
78 caused by users using &product-name; in combination with the
79 tool <command>sudo</command>, which by default does not
80 reset the environment variable <filename>$HOME</filename>.
81 </para>
82
83 <para>
84 A typical location on Linux and Oracle Solaris is
85 <filename>/home/<replaceable>username</replaceable></filename>
86 and on Mac OS X is
87 <filename>/Users/<replaceable>username</replaceable></filename>.
88 </para>
89 </listitem>
90
91 </itemizedlist>
92
93 <para>
94 For simplicity, we abbreviate the location of the home directory
95 as <filename>$HOME</filename>. Using that convention, the common
96 folder for all virtual machines is <filename>$HOME/VirtualBox
97 VMs</filename>.
98 </para>
99
100 <para>
101 As an example, when you create a virtual machine called "Example
102 VM", &product-name; creates the following:
103 </para>
104
105 <itemizedlist>
106
107 <listitem>
108 <para>
109 A machine folder: <filename>$HOME/VirtualBox VMs/Example
110 VM/</filename>
111 </para>
112 </listitem>
113
114 <listitem>
115 <para>
116 In the machine folder, a settings file: <filename>Example
117 VM.vbox</filename>
118 </para>
119 </listitem>
120
121 <listitem>
122 <para>
123 In the machine folder, a virtual disk image:
124 <filename>Example VM.vdi</filename>.
125 </para>
126 </listitem>
127
128 </itemizedlist>
129
130 <para>
131 This is the default layout if you use the
132 <emphasis role="bold">Create New Virtual Machine</emphasis>
133 wizard described in <xref linkend="gui-createvm" />. Once you
134 start working with the VM, additional files are added. Log files
135 are in a subfolder called <filename>Logs</filename>, and if you
136 have taken snapshots, they are in a
137 <filename>Snapshots</filename> subfolder. For each VM, you can
138 change the location of its snapshots folder in the VM settings.
139 </para>
140
141 <para>
142 You can change the default machine folder by selecting
143 <emphasis role="bold">Preferences</emphasis> from the
144 <emphasis role="bold">File</emphasis> menu in the &product-name;
145 main window. Then, in the displayed window, click on the
146 <emphasis role="bold">General</emphasis> tab. Alternatively, use
147 the <command>VBoxManage setproperty machinefolder</command>
148 command. See <xref linkend="vboxmanage-setproperty" />.
149 </para>
150
151 </sect2>
152
153 <sect2 id="vboxconfigdata-global">
154
155 <title>Global Settings</title>
156
157 <para>
158 In addition to the files for the virtual machines,
159 &product-name; maintains global configuration data in the
160 following directory:
161 </para>
162
163 <itemizedlist>
164
165 <listitem>
166 <para>
167 <emphasis role="bold">Linux and Oracle Solaris:</emphasis>
168 <filename>$HOME/.config/VirtualBox</filename>.
169 </para>
170 </listitem>
171
172 <listitem>
173 <para>
174 <emphasis role="bold">Windows:</emphasis>
175 <filename>$HOME/.VirtualBox</filename>.
176 </para>
177 </listitem>
178
179 <listitem>
180 <para>
181 <emphasis role="bold">Mac OS X:</emphasis>
182 <filename>$HOME/Library/VirtualBox</filename>.
183 </para>
184 </listitem>
185
186 </itemizedlist>
187
188 <para>
189 &product-name; creates this configuration directory
190 automatically, if necessary. You can specify an alternate
191 configuration directory by either setting the
192 <literal>VBOX_USER_HOME</literal> environment variable, or on
193 Linux or Oracle Solaris by using the standard
194 <literal>XDG_CONFIG_HOME</literal> variable. Since the global
195 <filename>VirtualBox.xml</filename> settings file points to all
196 other configuration files, this enables switching between
197 several &product-name; configurations.
198 </para>
199
200 <para>
201 In this configuration directory, &product-name; stores its
202 global settings file, an XML file called
203 <filename>VirtualBox.xml</filename>. This file includes global
204 configuration options and a list of registered virtual machines
205 with pointers to their XML settings files.
206 </para>
207
208 </sect2>
209
210 <sect2 id="vboxconfigdata-summary-locations">
211
212 <title>Summary of Configuration Data Locations</title>
213
214 <para>
215 The following table gives a brief overview of the configuration
216 data locations on an &product-name; host.
217 </para>
218
219 <table id="table-config-summary" tabstyle="oracle-all">
220 <title>Configuration File Locations</title>
221 <tgroup cols="2">
222 <thead>
223 <row>
224 <entry><para>
225 <emphasis role="bold">Setting</emphasis>
226 </para></entry>
227 <entry><para>
228 <emphasis role="bold">Location</emphasis>
229 </para></entry>
230 </row>
231 </thead>
232 <tbody>
233 <row>
234 <entry><para>
235 Default machines folder
236 </para></entry>
237 <entry><para>
238 <filename>$HOME/VirtualBox VMs</filename>
239 </para></entry>
240 </row>
241 <row>
242 <entry><para>
243 Default disk image location
244 </para></entry>
245 <entry><para>
246 In each machine's folder
247 </para></entry>
248 </row>
249 <row>
250 <entry><para>
251 Machine settings file extension
252 </para></entry>
253 <entry><para>
254 <filename>.vbox</filename>
255 </para></entry>
256 </row>
257 <row>
258 <entry><para>
259 Media registry
260 </para></entry>
261 <entry><para>
262 Each machine settings file
263 </para>
264
265
266
267 <para>
268 Media registration is done automatically when a
269 storage medium is attached to a VM
270 </para></entry>
271 </row>
272 </tbody>
273 </tgroup>
274 </table>
275
276 </sect2>
277
278 <sect2 id="vboxconfigdata-XML-files">
279
280 <title>&product-name; XML Files</title>
281
282 <para>
283 &product-name; uses XML for both the machine settings files and
284 the global configuration file,
285 <filename>VirtualBox.xml</filename>.
286 </para>
287
288 <para>
289 All &product-name; XML files are versioned. When a new settings
290 file is created, for example because a new virtual machine is
291 created, &product-name; automatically uses the settings format
292 of the current &product-name; version. These files may not be
293 readable if you downgrade to an earlier version of
294 &product-name;. However, when &product-name; encounters a
295 settings file from an earlier version, such as after upgrading
296 &product-name;, it attempts to preserve the settings format as
297 much as possible. It will only silently upgrade the settings
298 format if the current settings cannot be expressed in the old
299 format, for example because you enabled a feature that was not
300 present in an earlier version of &product-name;.
301 </para>
302
303 <para>
304 In such cases, &product-name; backs up the old settings file in
305 the virtual machine's configuration directory. If you need to go
306 back to the earlier version of &product-name;, then you will
307 need to manually copy these backup files back.
308 </para>
309
310 <para>
311 We intentionally do not document the specifications of the
312 &product-name; XML files, as we must reserve the right to modify
313 them in the future. We therefore strongly suggest that you do
314 not edit these files manually. &product-name; provides complete
315 access to its configuration data through its the
316 <command>VBoxManage</command> command line tool, see
317 <xref linkend="vboxmanage" /> and its API, see
318 <xref linkend="VirtualBoxAPI" />.
319 </para>
320
321 </sect2>
322
323 </sect1>
324
325 <sect1 id="technical-components">
326
327 <title>&product-name; Executables and Components</title>
328
329 <para>
330 &product-name; was designed to be modular and flexible. When the
331 &product-name; graphical user interface (GUI) is opened and a VM
332 is started, at least the following three processes are running:
333 </para>
334
335 <itemizedlist>
336
337 <listitem>
338 <para>
339 <command>VBoxSVC</command>, the &product-name; service process
340 which always runs in the background. This process is started
341 automatically by the first &product-name; client process and
342 exits a short time after the last client exits. The first
343 &product-name; service can be the GUI,
344 <command>VBoxManage</command>,
345 <command>VBoxHeadless</command>, the web service amongst
346 others. The service is responsible for bookkeeping,
347 maintaining the state of all VMs, and for providing
348 communication between &product-name; components. This
349 communication is implemented using COM/XPCOM.
350 </para>
351
352 <note>
353 <para>
354 When we refer to <emphasis>clients</emphasis> here, we mean
355 the local clients of a particular <command>VBoxSVC</command>
356 server process, not clients in a network. &product-name;
357 employs its own client/server design to allow its processes
358 to cooperate, but all these processes run under the same
359 user account on the host operating system, and this is
360 totally transparent to the user.
361 </para>
362 </note>
363 </listitem>
364
365 <listitem>
366 <para>
367 The GUI process, <command>VirtualBoxVM</command>, a client
368 application based on the cross-platform Qt library. When
369 started without the <option>--startvm</option> option, this
370 application acts as the VirtualBox Manager, displaying the VMs
371 and their settings. It then communicates settings and state
372 changes to <command>VBoxSVC</command> and also reflects
373 changes effected through other means, such as the
374 <command>VBoxManage</command> command.
375 </para>
376 </listitem>
377
378 <listitem>
379 <para>
380 If the <command>VirtualBoxVM</command> client application is
381 started with the <option>--startvm</option> argument, it loads
382 the VMM library which includes the actual hypervisor and then
383 runs a virtual machine and provides the input and output for
384 the guest.
385 </para>
386 </listitem>
387
388 </itemizedlist>
389
390 <para>
391 Any &product-name; front-end, or client, will communicate with the
392 service process and can both control and reflect the current
393 state. For example, either the VM selector or the VM window or
394 VBoxManage can be used to pause the running VM, and other
395 components will always reflect the changed state.
396 </para>
397
398 <para>
399 The &product-name; GUI application is only one of several
400 available front ends, or clients. The complete list shipped with
401 &product-name; is as follows:
402 </para>
403
404 <itemizedlist>
405
406 <listitem>
407 <para>
408 <command>VirtualBoxVM</command>: The Qt front end implementing
409 the VirtualBox Manager and running VMs.
410 </para>
411 </listitem>
412
413 <listitem>
414 <para>
415 <command>VBoxManage</command>: A less user-friendly but more
416 powerful alternative. See <xref linkend="vboxmanage" />.
417 </para>
418 </listitem>
419
420 <listitem>
421 <para>
422 <command>VBoxHeadless</command>: A VM front end which does not
423 directly provide any video output and keyboard or mouse input,
424 but enables redirection through the VirtualBox Remote Desktop
425 Extension. See <xref linkend="vboxheadless" />.
426 </para>
427 </listitem>
428
429 <listitem>
430 <para>
431 <command>vboxwebsrv</command>: The &product-name; web service
432 process which enables control of an &product-name; host
433 remotely. This is described in detail in the &product-name;
434 Software Development Kit (SDK) reference. See
435 <xref linkend="VirtualBoxAPI" />.
436 </para>
437 </listitem>
438
439 <listitem>
440 <para>
441 The &product-name; Python shell: A Python alternative to
442 <command>VBoxManage</command>. This is also described in the
443 SDK reference.
444 </para>
445 </listitem>
446
447 </itemizedlist>
448
449 <para>
450 Internally, &product-name; consists of many more or less separate
451 components. You may encounter these when analyzing &product-name;
452 internal error messages or log files. These include the following:
453 </para>
454
455 <itemizedlist>
456
457 <listitem>
458 <para>
459 IPRT: A portable runtime library which abstracts file access,
460 threading, and string manipulation. Whenever &product-name;
461 accesses host operating features, it does so through this
462 library for cross-platform portability.
463 </para>
464 </listitem>
465
466 <listitem>
467 <para>
468 VMM (Virtual Machine Monitor): The heart of the hypervisor.
469 </para>
470 </listitem>
471
472 <listitem>
473 <para>
474 EM (Execution Manager): Controls execution of guest code.
475 </para>
476 </listitem>
477
478 <listitem>
479 <para>
480 TRPM (Trap Manager): Intercepts and processes guest traps and
481 exceptions.
482 </para>
483 </listitem>
484
485 <listitem>
486 <para>
487 HM (Hardware Acceleration Manager): Provides support for VT-x
488 and AMD-V.
489 </para>
490 </listitem>
491
492 <listitem>
493 <para>
494 GIM (Guest Interface Manager): Provides support for various
495 paravirtualization interfaces to the guest.
496 </para>
497 </listitem>
498
499 <listitem>
500 <para>
501 PDM (Pluggable Device Manager): An abstract interface between
502 the VMM and emulated devices which separates device
503 implementations from VMM internals and makes it easy to add
504 new emulated devices. Through PDM, third-party developers can
505 add new virtual devices to &product-name; without having to
506 change &product-name; itself.
507 </para>
508 </listitem>
509
510 <listitem>
511 <para>
512 PGM (Page Manager): A component that controls guest paging.
513 </para>
514 </listitem>
515
516 <listitem>
517 <para>
518 TM (Time Manager): Handles timers and all aspects of time
519 inside guests.
520 </para>
521 </listitem>
522
523 <listitem>
524 <para>
525 CFGM (Configuration Manager): Provides a tree structure which
526 holds configuration settings for the VM and all emulated
527 devices.
528 </para>
529 </listitem>
530
531 <listitem>
532 <para>
533 SSM (Saved State Manager): Saves and loads VM state.
534 </para>
535 </listitem>
536
537 <listitem>
538 <para>
539 VUSB (Virtual USB): A USB layer which separates emulated USB
540 controllers from the controllers on the host and from USB
541 devices. This component also enables remote USB.
542 </para>
543 </listitem>
544
545 <listitem>
546 <para>
547 DBGF (Debug Facility): A built-in VM debugger.
548 </para>
549 </listitem>
550
551 <listitem>
552 <para>
553 &product-name; emulates a number of devices to provide the
554 hardware environment that various guests need. Most of these
555 are standard devices found in many PC compatible machines and
556 widely supported by guest operating systems. For network and
557 storage devices in particular, there are several options for
558 the emulated devices to access the underlying hardware. These
559 devices are managed by PDM.
560 </para>
561 </listitem>
562
563 <listitem>
564 <para>
565 Guest Additions for various guest operating systems. This is
566 code that is installed from within a virtual machine. See
567 <xref linkend="guestadditions" />.
568 </para>
569 </listitem>
570
571 <listitem>
572 <para>
573 The "Main" component is special. It ties all the above bits
574 together and is the only public API that &product-name;
575 provides. All the client processes listed above use only this
576 API and never access the hypervisor components directly. As a
577 result, third-party applications that use the &product-name;
578 Main API can rely on the fact that it is always well-tested
579 and that all capabilities of &product-name; are fully exposed.
580 It is this API that is described in the &product-name; SDK.
581 See <xref linkend="VirtualBoxAPI" />.
582 </para>
583 </listitem>
584
585 </itemizedlist>
586
587 </sect1>
588
589 <sect1 id="hwvirt">
590
591 <title>Hardware Virtualization</title>
592
593 <para>
594 &product-name; enables software in the virtual machine to run
595 directly on the processor of the host, but an array of complex
596 techniques is employed to intercept operations that would
597 interfere with your host. Whenever the guest attempts to do
598 something that could be harmful to your computer and its data,
599 &product-name; steps in and takes action. In particular, for lots
600 of hardware that the guest believes to be accessing,
601 &product-name; simulates a certain <emphasis>virtual</emphasis>
602 environment according to how you have configured a virtual
603 machine. For example, when the guest attempts to access a hard
604 disk, &product-name; redirects these requests to whatever you have
605 configured to be the virtual machine's virtual hard disk. This is
606 normally an image file on your host.
607 </para>
608
609 <para>
610 Unfortunately, the x86 platform was never designed to be
611 virtualized. Detecting situations in which &product-name; needs to
612 take control over the guest code that is executing, as described
613 above, is difficult. To achieve this, &product-name; uses
614 <emphasis>hardware virtualization</emphasis>.
615 </para>
616
617 <para>
618 Intel and AMD processors have support for hardware virtualization.
619 This means that these processors can help &product-name; to
620 intercept potentially dangerous operations that a guest operating
621 system may be attempting and also makes it easier to present
622 virtual hardware to a virtual machine.
623 </para>
624
625 <para>
626 These hardware features differ between Intel and AMD processors.
627 Intel named its technology VT-x, AMD calls theirs AMD-V. The Intel
628 and AMD support for virtualization is very different in detail,
629 but not very different in principle.
630 </para>
631
632 <note>
633 <para>
634 On many systems, the hardware virtualization features first need
635 to be enabled in the BIOS before &product-name; can use them.
636 </para>
637 </note>
638
639 <para>
640 Enabling hardware virtualization is <emphasis>required</emphasis>
641 in the following scenarios:
642 </para>
643
644 <itemizedlist>
645
646 <listitem>
647 <para>
648 Certain rare guest operating systems like OS/2 make use of
649 very esoteric processor instructions. For virtual machines
650 that are configured to use such an operating system, hardware
651 virtualization is enabled automatically.
652 </para>
653 </listitem>
654
655 <listitem>
656 <para>
657 &product-name;'s 64-bit guest and multiprocessing (SMP)
658 support both require hardware virtualization to be enabled.
659 This is not much of a limitation since the vast majority of
660 64-bit and multicore CPUs ship with hardware virtualization.
661 The exceptions to this rule are some legacy Intel and AMD
662 CPUs.
663 </para>
664 </listitem>
665
666 </itemizedlist>
667
668 <warning>
669 <para>
670 Do not run other hypervisors, either open source or commercial
671 virtualization products, together with &product-name;. While
672 several hypervisors can normally be
673 <emphasis>installed</emphasis> in parallel, do not attempt to
674 <emphasis>run</emphasis> several virtual machines from competing
675 hypervisors at the same time. &product-name; cannot track what
676 another hypervisor is currently attempting to do on the same
677 host, and especially if several products attempt to use hardware
678 virtualization features such as VT-x, this can crash the entire
679 host.
680 </para>
681 </warning>
682
683 <para>
684 See <xref linkend="hwvirt-details"/> for a technical discussion of
685 hardware virtualization.
686 </para>
687
688 </sect1>
689
690 <sect1 id="hwvirt-details">
691
692 <title>Details About Hardware Virtualization</title>
693
694 <para>
695 With Intel VT-x, there are two distinct modes of CPU operation:
696 VMX root mode and non-root mode.
697 </para>
698
699 <itemizedlist>
700
701 <listitem>
702 <para>
703 In root mode, the CPU operates much like older generations of
704 processors without VT-x support. There are four privilege
705 levels, called rings, and the same instruction set is
706 supported, with the addition of several virtualization
707 specific instruction. Root mode is what a host operating
708 system without virtualization uses, and it is also used by a
709 hypervisor when virtualization is active.
710 </para>
711 </listitem>
712
713 <listitem>
714 <para>
715 In non-root mode, CPU operation is significantly different.
716 There are still four privilege rings and the same instruction
717 set, but a new structure called VMCS (Virtual Machine Control
718 Structure) now controls the CPU operation and determines how
719 certain instructions behave. Non-root mode is where guest
720 systems run.
721 </para>
722 </listitem>
723
724 </itemizedlist>
725
726 <para>
727 Switching from root mode to non-root mode is called "VM entry",
728 the switch back is "VM exit". The VMCS includes a guest and host
729 state area which is saved/restored at VM entry and exit. Most
730 importantly, the VMCS controls which guest operations will cause
731 VM exits.
732 </para>
733
734 <para>
735 The VMCS provides fairly fine-grained control over what the guests
736 can and cannot do. For example, a hypervisor can allow a guest to
737 write certain bits in shadowed control registers, but not others.
738 This enables efficient virtualization in cases where guests can be
739 allowed to write control bits without disrupting the hypervisor,
740 while preventing them from altering control bits over which the
741 hypervisor needs to retain full control. The VMCS also provides
742 control over interrupt delivery and exceptions.
743 </para>
744
745 <para>
746 Whenever an instruction or event causes a VM exit, the VMCS
747 contains information about the exit reason, often with
748 accompanying detail. For example, if a write to the CR0 register
749 causes an exit, the offending instruction is recorded, along with
750 the fact that a write access to a control register caused the
751 exit, and information about source and destination register. Thus
752 the hypervisor can efficiently handle the condition without
753 needing advanced techniques such as CSAM and PATM described above.
754 </para>
755
756 <para>
757 VT-x inherently avoids several of the problems which software
758 virtualization faces. The guest has its own completely separate
759 address space not shared with the hypervisor, which eliminates
760 potential clashes. Additionally, guest OS kernel code runs at
761 privilege ring 0 in VMX non-root mode, obviating the problems by
762 running ring 0 code at less privileged levels. For example the
763 SYSENTER instruction can transition to ring 0 without causing
764 problems. Naturally, even at ring 0 in VMX non-root mode, any I/O
765 access by guest code still causes a VM exit, allowing for device
766 emulation.
767 </para>
768
769 <para>
770 The biggest difference between VT-x and AMD-V is that AMD-V
771 provides a more complete virtualization environment. VT-x requires
772 the VMX non-root code to run with paging enabled, which precludes
773 hardware virtualization of real-mode code and non-paged
774 protected-mode software. This typically only includes firmware and
775 OS loaders, but nevertheless complicates VT-x hypervisor
776 implementation. AMD-V does not have this restriction.
777 </para>
778
779 <para>
780 Of course hardware virtualization is not perfect. Compared to
781 software virtualization, the overhead of VM exits is relatively
782 high. This causes problems for devices whose emulation requires
783 high number of traps. One example is a VGA device in 16-color
784 mode, where not only every I/O port access but also every access
785 to the framebuffer memory must be trapped.
786 </para>
787
788 </sect1>
789
790 <sect1 id="gimproviders">
791
792 <title>Paravirtualization Providers</title>
793
794 <para>
795 &product-name; enables the exposure of a paravirtualization
796 interface, to facilitate accurate and efficient execution of
797 software within a virtual machine. These interfaces require the
798 guest operating system to recognize their presence and make use of
799 them in order to leverage the benefits of communicating with the
800 &product-name; hypervisor.
801 </para>
802
803 <para>
804 Most modern, mainstream guest operating systems, including Windows
805 and Linux, ship with support for one or more paravirtualization
806 interfaces. Hence, there is typically no need to install
807 additional software in the guest to take advantage of this
808 feature.
809 </para>
810
811 <para>
812 Exposing a paravirtualization provider to the guest operating
813 system does not rely on the choice of host platforms. For example,
814 the <emphasis>Hyper-V</emphasis> paravirtualization provider can
815 be used for VMs to run on any host platform supported by
816 &product-name; and not just Windows.
817 </para>
818
819 <para>
820 &product-name; provides the following interfaces:
821 </para>
822
823 <itemizedlist>
824
825 <listitem>
826 <para>
827 <emphasis role="bold">Minimal</emphasis>: Announces the
828 presence of a virtualized environment. Additionally, reports
829 the TSC and APIC frequency to the guest operating system. This
830 provider is mandatory for running any Mac OS X guests.
831 </para>
832 </listitem>
833
834 <listitem>
835 <para>
836 <emphasis role="bold">KVM</emphasis>: Presents a Linux KVM
837 hypervisor interface which is recognized by Linux kernels
838 version 2.6.25 or later. &product-name;'s implementation
839 currently supports paravirtualized clocks and SMP spinlocks.
840 This provider is recommended for Linux guests.
841 </para>
842 </listitem>
843
844 <listitem>
845 <para>
846 <emphasis role="bold">Hyper-V</emphasis>: Presents a Microsoft
847 Hyper-V hypervisor interface which is recognized by Windows 7
848 and newer operating systems. &product-name;'s implementation
849 currently supports paravirtualized clocks, APIC frequency
850 reporting, guest debugging, guest crash reporting and relaxed
851 timer checks. This provider is recommended for Windows guests.
852 </para>
853 </listitem>
854
855 </itemizedlist>
856
857 </sect1>
858
859 <sect1 id="nestedpaging">
860
861 <title>Nested Paging and VPIDs</title>
862
863 <para>
864 In addition to normal hardware virtualization, your processor may
865 also support the following additional sophisticated techniques:
866 </para>
867
868 <itemizedlist>
869
870 <listitem>
871 <para>
872 Nested paging implements some memory management in hardware,
873 which can greatly accelerate hardware virtualization since
874 these tasks no longer need to be performed by the
875 virtualization software.
876 </para>
877
878 <para>
879 With nested paging, the hardware provides another level of
880 indirection when translating linear to physical addresses.
881 Page tables function as before, but linear addresses are now
882 translated to "guest physical" addresses first and not
883 physical addresses directly. A new set of paging registers now
884 exists under the traditional paging mechanism and translates
885 from guest physical addresses to host physical addresses,
886 which are used to access memory.
887 </para>
888
889 <para>
890 Nested paging eliminates the overhead caused by VM exits and
891 page table accesses. In essence, with nested page tables the
892 guest can handle paging without intervention from the
893 hypervisor. Nested paging thus significantly improves
894 virtualization performance.
895 </para>
896
897 <para>
898 On AMD processors, nested paging has been available starting
899 with the Barcelona (K10) architecture. They now call it rapid
900 virtualization indexing (RVI). Intel added support for nested
901 paging, which they call extended page tables (EPT), with their
902 Core i7 (Nehalem) processors.
903 </para>
904
905 <para>
906 If nested paging is enabled, the &product-name; hypervisor can
907 also use <emphasis>large pages</emphasis> to reduce TLB usage
908 and overhead. This can yield a performance improvement of up
909 to 5%. To enable this feature for a VM, you use the
910 <command>VBoxManage modifyvm --largepages</command> command.
911 See <xref linkend="vboxmanage-modifyvm" />.
912 </para>
913
914 <para>
915 If you have an Intel CPU with EPT, please consult
916 <xref linkend="sec-rec-cve-2018-3646" /> for security concerns
917 regarding EPT.
918 </para>
919 </listitem>
920
921 <listitem>
922 <para>
923 On Intel CPUs, a hardware feature called Virtual Processor
924 Identifiers (VPIDs) can greatly accelerate context switching
925 by reducing the need for expensive flushing of the processor's
926 Translation Lookaside Buffers (TLBs).
927 </para>
928
929 <para>
930 To enable these features for a VM, you use the
931 <command>VBoxManage modifyvm --vtxvpid</command> and
932 <command>VBoxManage modifyvm --largepages</command> commands.
933 See <xref linkend="vboxmanage-modifyvm" />.
934 </para>
935 </listitem>
936
937 </itemizedlist>
938
939 </sect1>
940
941</chapter>
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette