Reputation: 163
how does a hypervisor knows that a privileged instruction happened inside a VM?
I've started reading about VMM and wondered to myself how does the hypervisor knows a privileged instruction (for ex, cpuid) happened inside a VM and not real OS ?
let's say I've executed cpuid, a trap will occur and a VMEXIT would happen, how does the hypevisor would know that the instruction happened inside my regular OS or inside a VM ?
Upvotes: 4
Views: 6514
Answers (2)
Reputation: 1713
First off, you are using the wrong terminology. When an OS runs on top of a hypervisor, the OS becomes the VM (virtual-machine) itself and the hypervisor is the VMM (=virtual machine monitor). A VM can also be called "guest". Thus: OS on top of hypervisor = VM = guest (these expressions mean the same thing).
Secondly, you tell the CPU that it's executing inside the VM from the moment you've executed VMLAUNCH or VMRESUME, assuming you're reading about Intel VMX. When for some reason the VM causes a hypervisor trap, we say that "a VM-exit occured" and the CPU knows it's no longer executing inside the VM. Thus:
- Between VMLAUNCH/VMRESUME executions and VM-exits we are in the VM and CPUID will trap (causing a VM-exit)
- Between VM-exits and VMLAUNCH/VMRESUME executions we are in the VMM (=hypervisor) and CPUID will NOT TRAP, since we already are in the hypervisor
Upvotes: 12
Reputation: 22469
Instructions that are privileged generate exceptions when executed in user mode. The exception is usually an undefined instruction exception. The hypervisor hooks this exception, inspects the executing instruction and then returns control to the VM. When the host OS calls the same instruction, it is in a supervisor or elevated privilege and usually no exception is generated when it executes the instruction. So generally, these issues are handled by the CPU.
However, if an instruction is not available on the processor (say floating point emulation), then the hypervisor may emulate for the VM and chain to the OS handler if not. Possibly it may even allow the OS to handle the emulation for both VMs and user tasks in the OS.
So generally, this question is unanswerable for a generic CPU. It depends on how the instruction is emulated in the VM. However, the best case is that the hypervisor does not emulate any OS instructions. Emulations will not only slow down the VMs, but the entire CPU, including user processes in the host OS.
Upvotes: 0
Related Questions
- How does Windows 10 task manager detect a virtual machine?
- How does process switch take place in full virtualized VM?
- In full virtualization context, what happens on guest OS system calls?
- Difference between Sensitive Instructions and Privileged Instructions
- How does a Hypervisor distinguish multiple VMs running on it and isolate them from the underlying h/w?
- How does Xen handle non-virtualizable instructions in user space code?
- how do VM's virtualize HW
- What is CPU kernel/privileged mode, and how is it guarded by the OS?
- How does a Hypervisor know a VM needs CPU time?
- The relation between privileged instructions, traps and system calls