CPU Virtualization

The Challenge 

CPU usually offers several levels of privilege for operating systems and applications to manage access to computer hardware, e.g. X86 has 4 rings. Virtualizing  CPU architectures requires placing a virtualization layer, running most privileged level, to create and manage the virtual machines. Some sensitive instructions have different semantics when they are not executed in most privileged level. Trapping and translating these critical and privileged instruction at runtime was a challenge.

Solutions

Full virtualization

Full virtualization uses a combination binary translation and direct execution.  Binary translation translates kernel code and replaces nonvirtualizable instructions on the fly with new sequences of instructions that have the intended effect on virtual hardware. User level code is directly executed. 

Full virtualization requires no modification of guest OS. It simplifies migration and portability.

Examples: VMWare, Windows virtual server

Paravirtualization

With paravirtualization, guest OS kernel is modified to replace nonvirtualizable instructions to hypercalls that communicates directly with virtualization layer, hypervisor. The hypervisor also provides hypercall interfaces for other critical kernel operations.

Paravirtualization does not support unmodified guest OS kernel and thus provides poor compatibility and portability. Support and maintainability is also an issue in production environment as it needs deeps kernel modification. 

Examples: Xen

Hardware assisted virtualization

CPU vendor also supports running privileged instructions with a new CPU privilege mode - hypervisor mode. Privileged and sensitive instructions are set to automatically trap to the hypervisor. 

Examples: Intel-VT,  AMD-V, arm-VHE

References

https://www.vmware.com/techpapers/2007/understanding-full-virtualization-paravirtualizat-1008.html