VMware Cloud Community
AWo
Immortal
Immortal

Why Intel-VT/AMD-V for 64 Bit guests?

From the ESX 3.5 Supported Guest Operating Systems:

"There are specific hardware requirements for 64-bit guest operating system support. For AMD Opteron-based systems, the processors must be Opteron Rev E and later. For Intel Xeon-based systems, the processors must include support for Intel Virtualization Technology (VT). Many servers that include CPUs with VT support might ship with VT disabled by default, and VT must be enabled manually. If your CPUs support VT but you do not see this option in the BIOS, contact your vendor to request a BIOS version that lets you enable VT support."

I think I know what Intel-VT and AMD-V is for. But I do not know why running 64 Bit guests require VT technologie? I thought 64 Bit should be independent from VT.

Can someone explain the relationship, please?

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Tags (6)
Reply
0 Kudos
10 Replies
daniel_uk
Hot Shot
Hot Shot

My high level answer is it enables use of binary translation code in the VMM.

Probably completely wrong but thats how I see it!

Dan

Reply
0 Kudos
AWo
Immortal
Immortal

As far as I know binary translation is used since VMware started, so this should work even without VT.

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
daniel_uk
Hot Shot
Hot Shot

maybe this helps...

Reply
0 Kudos
AWo
Immortal
Immortal

From my understanding reading your document and the VMWorld 2008 session, I refer to: "Architectural comparison of virtualization technologies" http://mylearn.vmware.com/courseware/17567/TA08.PPT ...

...Binary translation is used for protecting the CPU from code which are a threat for virtualization (like power the CPU off). Other instructions are run on the CPU directly.

...VT and V is needed to let the guest OS run in the privileged Ring 0 again (what is not the case for virtualizations without VT/V) and the hypervisor will run in the "new" and most privilged level ring -1

Without VT/V the hypervisor runs in ring 0 and the guest OS runs in the not privileged Ring 3).

By using VT/V non modified guest OS kernels (not knowing that they are virtualized and thereby executing dangerous code) can run in the privileged Ring 0 again and VT/V takes care about the instructions, which are harmful.

But why does 64 Bit need the hypervisor in ring -1? Does that mean there's no Binary Translation for 64 Bit available?

AWo

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
mreferre
Champion
Champion

The simplest way to see this is that AMD-V and Intel-VT are generally meant to provide a different way to virtualize an unmodified guest. This is alternative to what VMware does with Binary Translation. In the long run these should even provide better performance.

However Intel removed some basic protection features for 64-bit operations in the new processors so while VMware could be use independently from these features..... they do require Intel-VT for 64-bit guests to provide the same level of protection. It's interesting to notice that this is specific to Intel ... as you can create 64-bit guests on AMD processors WITHOUT AMD-V (granted your opteron is at a certain revision .... that I don't remember right now).

Massimo.

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
ksc
VMware Employee
VMware Employee

Exactly right. To fill in terms (so any interested parties can go Google...)

Running 64-bit binary translation requires "segment truncation" support. Modern OSes don't even use segments anymore, so both AMD and Intel removed segments from their x86-64 specs. Turns out VMware's binary translation technology does use segments ... AMD added limited (but good enough) support early on (RevC Opterons did not have it, RevD and later do) specifically for VMware; Intel does not support the segment truncation feature, so on Intel VT is necessary instead.

Either VT/SVM or segment truncation can be used to protect the VMM from being overwritten by the Guest OS, but at least one of these technologies is required. (We have internal builds that run without protection, but they are used for benchmarks only and are unsafe for real-world use).

Saad3000
Contributor
Contributor

Dear All,

Quick question: Will Vmware Server 2 run "Windows Server 2008 64bit guest os" on Server 2008 64bit Host, without the option of VT in BIOS or the support of VT? knowing that my Intel CPU is a raw 64bit support.

      • Note that I have tried it with Vmware Workstation 7 and Windows 2008 Server 64bit did not install as a guest os.

So I wanted to check with you guys if Vmware Server 2 does support running 64bit guest o/s without the need of VT unlike Workstation 7.

Regards,

Saad

Reply
0 Kudos
AWo
Immortal
Immortal

Welcome to the forums!

Please don't ask in already answered threads. Otherwise you might never get an answer.

Regarding your question: Intel-VT must be enabled to run any 64 bit guest under all VMware products.


AWo
VCP / VMware vEXPERT 2009

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos
DheereshLodhi
Enthusiast
Enthusiast

Intel and AMD are creating methods in which a virtual

Ring 0 (commonly called Ring -1) can be presented to the guest for direct

process execution through the VMM. ESX 3 cannot take advantage of this

functionality at this point. Instead, the VMM must send the instructions to the

VMkernel to execute the instruction and return it to the guest. The VMM virtualizes

this process to make the guest think that it is running in an actual Protection

Ring 0. Due to the fact that the instructions must be virtualized and

executed within the VMkernel there is virtualization overhead associated with

these calls. The amount of overhead varies depending on the type of instruction

and the overall workload being processed by the VMkernel. You can tell

how often a guest operating system needs to run in Virtualization Mode by capturing

the total percentage of Kernel or System Mode Process utilization.

50

Figure 2- 6: Processing Rings

Fortunately for us, the VMM responsible for running each virtual machine

knows when an instruction requires Virtualization Mode and has the capability

to properly move itself into the proper execution mode. When the requirement

for Virtualization Mode has been met, the VMM will move itself back into direct

execution mode.

Hardware Virtualization Enhancements

As mentioned earlier Intel and AMD have new processors on the market that

have virtualization enhancements integrated into the processors themselves. At

this point in time VMware ESX 3.0 does support some of the functionality, but

not all. As an example, in order to run a 64-bit guest operating system ESX

requires the use of a virtualization enhanced processor. This allows the

VMkernel, which is a 32-bit kernel to run 64-bit instructions for the 64-bit

guest. Alternatively, ESX 3 does not have the capability to present a virtual

Ring 0 to the guest operating system for Direct Execution Mode processing of

Kernel Mode Processes.

Reply
0 Kudos
AWo
Immortal
Immortal

No, no VMware product will run a 64 bit guest without VT enabled.


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
Reply
0 Kudos