Editing X86 virtualization (section)

==== {{Anchor|Intel-VT-x|VMCS-SHADOWING}}Intel virtualization (VT-x) ====
{{Redirect|Intel VT-x|the Itanium virtualization extensions|Intel VT-i}}

<!--
  IOMMU stuff ("VT-d") belongs in [[IOMMU]] page or section
-->
[[File:Intel Core i7-940 bottom.jpg|thumb|right|[[List of Intel Core i7 microprocessors#"Bloomfield" (45 nm)|Intel Core i7]] (Bloomfield) CPU]]

Previously codenamed "Vanderpool", VT-x represents Intel's technology for virtualization on the x86 platform. On November 14, 2005, Intel released two models of [[Pentium 4]] (Model 662 and 672) as the first Intel processors to support VT-x. The CPU flag for VT-x capability is "vmx"; in Linux, this can be checked via <code>/proc/cpuinfo</code>, or in [[macOS]] via <code>sysctl machdep.cpu.features</code>.<ref name=cpuflag>[http://software.intel.com/en-us/blogs/2012/03/12/how-to-start-intel-hardware-assisted-virtualization-hypervisor-on-linux-to-speed-up-intel-android-x86-gingerbread-emulator To see if your processor supports hardware virtualization] {{webarchive |url=https://web.archive.org/web/20121125081532/http://software.intel.com/en-us/blogs/2012/03/12/how-to-start-intel-hardware-assisted-virtualization-hypervisor-on-linux-to-speed-up-intel-android-x86-gingerbread-emulator/ |date=2012-11-25}} Intel 2012.</ref><ref>https://www.cpu-world.com/CPUs/Pentium_4/Intel-Pentium%204%20662%203.6%20GHz%20-%20HH80547PG1042MH.html</ref><ref>https://www.cpu-world.com/CPUs/Pentium_4/Intel-Pentium%204%20672%203.8%20GHz%20-%20HH80547PG1122MH.html</ref>

"VMX" stands for Virtual Machine Extensions, which adds 13 new instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON, INVEPT, INVVPID, and VMFUNC.<ref>
{{cite web |url=http://software.intel.com/en-us/articles/intel-sdm |title=Intel® 64 and IA-32 Architectures Software Developer's Manual |last1=INTEL |date=October 2019 |website=intel.com |publisher=Intel Corporation |access-date=2020-01-04 }}</ref> These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.

{{As of|2015}}, almost all newer server, desktop and mobile Intel processors support VT-x, with some of the [[Intel Atom]] processors as the primary exception.<ref>{{cite web |url=http://ark.intel.com/VTList.aspx |title=Intel Virtualization Technology List |publisher=Ark.intel.com |access-date=2010-05-02 |url-status=live |archive-url=http://archive.wikiwix.com/cache/20101027065321/http://ark.intel.com/VTList.aspx |archive-date=2010-10-27}}</ref> With some [[motherboard]]s, users must enable Intel's VT-x feature in the [[BIOS]] setup before applications can make use of it.<ref>{{cite web |url=http://www.microsoft.com/windows/virtual-pc/support/configure-bios.aspx |title=Windows Virtual PC: Configure BIOS |publisher=Microsoft |access-date=2010-09-08 |url-status=dead |archive-url=https://web.archive.org/web/20100906162731/http://www.microsoft.com/windows/virtual-pc/support/configure-bios.aspx |archive-date=2010-09-06}}</ref>

Intel started to include [[Extended Page Table]]s (EPT),<ref>{{cite journal |last=Neiger |first=Gil |author2=A. Santoni |author3=F. Leung |author4=D. Rodgers |author5=R. Uhlig |title=Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization |journal=Intel Technology Journal |year=2006 |volume=10 |issue=3 |pages=167–178 |publisher=Intel |url=http://download.intel.com/technology/itj/2006/v10i3/v10-i3-art01.pdf |doi=10.1535/itj.1003.01 |access-date=2008-07-06 |url-status=dead |archive-url=https://web.archive.org/web/20120925205120/http://download.intel.com/technology/itj/2006/v10i3/v10-i3-art01.pdf |archive-date=2012-09-25}}</ref> a technology for page-table virtualization,<ref>{{cite web |last=Gillespie |first=Matt |title=Best Practices for Paravirtualization Enhancements from Intel Virtualization Technology: EPT and VT-d |work=Intel Software Network |publisher=Intel |date=2007-11-12 |url=http://software.intel.com/en-us/articles/best-practices-for-paravirtualization-enhancements-from-intel-virtualization-technology-ept-and-vt-d |access-date=2008-07-06 |url-status=live |archive-url=https://web.archive.org/web/20081226043414/http://software.intel.com/en-us/articles/best-practices-for-paravirtualization-enhancements-from-intel-virtualization-technology-ept-and-vt-d |archive-date=2008-12-26}}</ref> since the [[Nehalem (microarchitecture)|Nehalem]] architecture,<ref>{{cite press release |title=First the Tick, Now the Tock: Next Generation Intel Microarchitecture (Nehalem) |publisher=Intel |url=http://www.intel.com/pressroom/archive/reference/whitepaper_Nehalem.pdf |access-date=2008-07-06 |url-status=live |archive-url=https://web.archive.org/web/20090126145628/http://www.intel.com/pressroom/archive/reference/whitepaper_Nehalem.pdf |archive-date=2009-01-26}}</ref><ref>{{cite web |title=Technology Brief: Intel Microarchitecture Nehalem Virtualization Technology |publisher=Intel |date=2009-03-25 |url=http://download.intel.com/business/resources/briefs/xeon5500/xeon_5500_virtualization.pdf |access-date=2009-11-03 |url-status=live |archive-url=https://web.archive.org/web/20110607125400/http://download.intel.com/business/resources/briefs/xeon5500/xeon_5500_virtualization.pdf |archive-date=2011-06-07}}</ref> released in 2008. In 2010, [[Westmere (microarchitecture)|Westmere]] added support for launching the logical processor directly in [[real mode]]{{snd}} a feature called "unrestricted guest", which requires EPT to work.<ref>[http://2013.asiabsdcon.org/papers/abc2013-P5A-paper.pdf] "Intel added unrestricted guest mode on Westmere micro-architecture and later Intel CPUs, it uses EPT to translate guest physical address access to host physical address. With this mode, VMEnter without enable paging is allowed."</ref><ref>[https://web.archive.org/web/20130418014840/http://download.intel.com/products/processor/manual/326019.pdf] "If the “unrestricted guest” VM-execution control is 1, the “enable EPT” VM-execution control must also be 1"</ref>

Since the [[Haswell (microarchitecture)|Haswell]] microarchitecture (announced in 2013), Intel started to include ''VMCS shadowing'' as a technology that accelerates [[Virtualization#Nested virtualization|nested virtualization]] of VMMs.<ref>{{cite web | url = http://www-ssl.intel.com/content/dam/www/public/us/en/documents/white-papers/intel-vmcs-shadowing-paper.pdf | title = 4th-Gen Intel Core vPro Processors with Intel VMCS Shadowing | year = 2013 | access-date = 2014-12-16 | publisher = [[Intel]] }}</ref>
The ''virtual machine control structure'' (VMCS) is a [[data structure]] in memory that exists exactly once per VM, while it is managed by the VMM. With every change of the execution context between different VMs, the VMCS is restored for the current VM, defining the state of the VM's virtual processor.<ref>[http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWAR05015_WinHEC05.ppt Understanding Intel Virtualization Technology (VT).] {{webarchive |url=https://web.archive.org/web/20140908110038/http://download.microsoft.com/download/9/8/f/98f3fe47-dfc3-4e74-92a3-088782200fe7/TWAR05015_WinHEC05.ppt |date=September 8, 2014}} Retrieved 2014-09-01</ref> As soon as more than one VMM or nested VMMs are used, a problem appears in a way similar to what required shadow page table management to be invented, as described [[#SWBASED|above]]. In such cases, VMCS needs to be shadowed multiple times (in case of nesting) and partially implemented in software in case there is no hardware support by the processor. To make shadow VMCS handling more efficient, Intel implemented hardware support for VMCS shadowing.<ref>[http://searchservervirtualization.techtarget.com/feature/The-what-where-and-why-of-VMCS-shadowing The 'what, where and why' of VMCS shadowing.] {{webarchive |url=https://web.archive.org/web/20140903165257/http://searchservervirtualization.techtarget.com/feature/The-what-where-and-why-of-VMCS-shadowing |date=2014-09-03}} Retrieved 2014-09-01</ref>