10 Replies Latest reply on Aug 10, 2010 12:00 AM by AWo

    Why Intel-VT/AMD-V for 64 Bit guests?

    AWo Guru

      From the ESX 3.5 Supported Guest Operating Systems:

       

      "There are specific hardware requirements for 64-bit guest operating system support. For AMD Opteron-based systems, the processors must be Opteron Rev E and later. For Intel Xeon-based systems, the processors must include support for Intel Virtualization Technology (VT). Many servers that include CPUs with VT support might ship with VT disabled by default, and VT must be enabled manually. If your CPUs support VT but you do not see this option in the BIOS, contact your vendor to request a BIOS version that lets you enable VT support."

       

      I think I know what Intel-VT and AMD-V is for. But I do not know why running 64 Bit guests require VT technologie? I thought 64 Bit should be independent from VT.

       

      Can someone explain the relationship, please?

       

      AWo

        • 1. Re: Why Intel-VT/AMD-V for 64 Bit guests?
          daniel_uk Expert

           

          My high level answer is it enables use of binary translation code in the VMM.

           

           

          Probably completely wrong but thats how I see it!

           

           

          Dan

           

           

          • 2. Re: Why Intel-VT/AMD-V for 64 Bit guests?
            AWo Guru

            As far as I know binary translation is used since VMware started, so this should work even without VT.

             

            AWo

            • 4. Re: Why Intel-VT/AMD-V for 64 Bit guests?
              AWo Guru

              From my understanding reading your document and the VMWorld 2008 session, I refer to: "Architectural comparison of virtualization technologies" http://mylearn.vmware.com/courseware/17567/TA08.PPT ...

               

              ...Binary translation is used for protecting the CPU from code which are a threat for virtualization (like power the CPU off). Other instructions are run on the CPU directly.

               

              ...VT and V is needed to let the guest OS run in the privileged Ring 0 again (what is not the case for virtualizations without VT/V) and the hypervisor will run in the "new" and most privilged level ring -1

              Without VT/V the hypervisor runs in ring 0 and the guest OS runs in the not privileged Ring 3).

              By using VT/V non modified guest OS kernels (not knowing that they are virtualized and thereby executing dangerous code) can run in the privileged Ring 0 again and VT/V takes care about the instructions, which are harmful.

               

              But why does 64 Bit need the hypervisor in ring -1? Does that mean there's no Binary Translation for 64 Bit available?

               

               

              AWo

              • 5. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                mreferre Virtuoso

                 

                The simplest way to see this is that AMD-V and Intel-VT are generally meant to provide a different way to virtualize an unmodified guest. This is alternative to what VMware does with Binary Translation. In the long run these should even provide better performance.

                 

                 

                However Intel removed some basic protection features for 64-bit operations in the new processors so while VMware could be use independently from these features..... they do require Intel-VT for 64-bit guests to provide the same level of protection. It's interesting to notice that this is specific to Intel ... as you can create 64-bit guests on AMD processors WITHOUT AMD-V (granted your opteron is at a certain revision .... that I don't remember right now).

                 

                 

                Massimo.

                 

                 

                1 person found this helpful
                • 6. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                  ksc Expert
                  VMware Employees

                  Exactly right.  To fill in terms (so any interested parties can go Google...)

                   

                  Running 64-bit binary translation requires "segment truncation" support.  Modern OSes don't even use segments anymore, so both AMD and Intel removed segments from their x86-64 specs.  Turns out VMware's binary translation technology does use segments ... AMD added limited (but good enough) support early on (RevC Opterons did not have it, RevD and later do) specifically for VMware; Intel does not support the segment truncation feature, so on Intel VT is necessary instead.

                   

                  Either VT/SVM or segment truncation can be used to protect the VMM from being overwritten by the Guest OS, but at least one of these technologies is required.  (We have internal builds that run without protection, but they are used for benchmarks only and are unsafe for real-world use).

                  1 person found this helpful
                  • 7. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                    Saad3000 Lurker

                     

                    Dear All,

                     

                     

                     

                     

                     

                     

                    Quick question: Will Vmware Server 2 run "Windows Server 2008 64bit guest os" on Server 2008 64bit Host, without the option of VT in BIOS or the support of VT? knowing that my Intel CPU is a raw 64bit support.

                     

                     

                        • Note that I have tried it with Vmware Workstation 7 and Windows 2008 Server 64bit did not install as a guest os.

                     

                     

                     

                     

                     

                    So I wanted to check with you guys if Vmware Server 2 does support running 64bit guest o/s without the need of VT unlike Workstation 7.

                     

                     

                     

                     

                     

                    Regards,

                     

                     

                    Saad

                     

                     

                     

                     

                     

                    • 8. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                      AWo Guru

                      Welcome to the forums!

                       

                      Please don't ask in already answered threads. Otherwise you might never get an answer.

                       

                      Regarding your question: Intel-VT must be enabled to run any 64 bit guest under all VMware products.

                       


                      AWo
                      VCP / VMware vEXPERT 2009

                      \[:o]===\[o:]

                      =Would you like to have this posting as a ringtone on your cell phone?=

                      =Send "Posting" to 911 for only $999999,99!=

                      • 9. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                        DheereshLodhi Enthusiast

                        Intel and AMD are creating methods in which a virtual

                        Ring 0 (commonly called Ring -1) can be presented to the guest for direct

                        process execution through the VMM. ESX 3 cannot take advantage of this

                        functionality at this point. Instead, the VMM must send the instructions to the

                        VMkernel to execute the instruction and return it to the guest. The VMM virtualizes

                        this process to make the guest think that it is running in an actual Protection

                        Ring 0. Due to the fact that the instructions must be virtualized and

                        executed within the VMkernel there is virtualization overhead associated with

                        these calls. The amount of overhead varies depending on the type of instruction

                        and the overall workload being processed by the VMkernel. You can tell

                        how often a guest operating system needs to run in Virtualization Mode by capturing

                        the total percentage of Kernel or System Mode Process utilization.

                        50

                        Figure 2- 6: Processing Rings

                        Fortunately for us, the VMM responsible for running each virtual machine

                        knows when an instruction requires Virtualization Mode and has the capability

                        to properly move itself into the proper execution mode. When the requirement

                        for Virtualization Mode has been met, the VMM will move itself back into direct

                        execution mode.

                        Hardware Virtualization Enhancements

                        As mentioned earlier Intel and AMD have new processors on the market that

                        have virtualization enhancements integrated into the processors themselves. At

                        this point in time VMware ESX 3.0 does support some of the functionality, but

                        not all. As an example, in order to run a 64-bit guest operating system ESX

                        requires the use of a virtualization enhanced processor. This allows the

                        VMkernel, which is a 32-bit kernel to run 64-bit instructions for the 64-bit

                        guest. Alternatively, ESX 3 does not have the capability to present a virtual

                        Ring 0 to the guest operating system for Direct Execution Mode processing of

                        Kernel Mode Processes.

                        • 10. Re: Why Intel-VT/AMD-V for 64 Bit guests?
                          AWo Guru

                          No, no VMware product will run a 64 bit guest without VT enabled.

                           


                          AWo

                          VCP 3 & 4

                          \[:o]===\[o:]

                          =Would you like to have this posting as a ringtone on your cell phone?=

                          =Send "Posting" to 911 for only $999999,99!=