summaryrefslogtreecommitdiffstats
path: root/doc/manual/en_US/user_Technical.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual/en_US/user_Technical.xml')
-rw-r--r--doc/manual/en_US/user_Technical.xml1362
1 files changed, 1362 insertions, 0 deletions
diff --git a/doc/manual/en_US/user_Technical.xml b/doc/manual/en_US/user_Technical.xml
new file mode 100644
index 00000000..f90b4cc8
--- /dev/null
+++ b/doc/manual/en_US/user_Technical.xml
@@ -0,0 +1,1362 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
+<!ENTITY % all.entities SYSTEM "all-entities.ent">
+%all.entities;
+]>
+<chapter id="TechnicalBackground">
+
+ <title>Technical Background</title>
+
+ <para>
+ This chapter provides additional information for readers who are
+ familiar with computer architecture and technology and wish to find
+ out more about how &product-name; works <emphasis>under the
+ hood</emphasis>. The contents of this chapter are not required
+ reading in order to use &product-name; successfully.
+ </para>
+
+ <sect1 id="vboxconfigdata">
+
+ <title>Where &product-name; Stores its Files</title>
+
+ <para>
+ In &product-name;, a virtual machine and its settings are
+ described in a virtual machine settings file in XML format. In
+ addition, most virtual machine have one or more virtual hard
+ disks, which are typically represented by disk images, such as
+ those in VDI format. Where all these files are stored depends on
+ which version of &product-name; created the machine.
+ </para>
+
+ <sect2 id="vboxconfigdata-post-version-four">
+
+ <title>Machines Created by &product-name; Version 4.0 or Later</title>
+
+ <para>
+ By default, each virtual machine has one directory on your host
+ computer where all the files of that machine are stored: the XML
+ settings file, with a <computeroutput>.vbox</computeroutput>
+ file extension, and its disk images.
+ </para>
+
+ <para>
+ By default, this <emphasis>machine folder</emphasis> is placed
+ in a common folder called <computeroutput>VirtualBox
+ VMs</computeroutput>, which &product-name; creates in the
+ current system user's home directory. The location of this home
+ directory depends on the conventions of the host operating
+ system, as follows:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ On Windows, this is the location returned by the
+ <computeroutput>SHGetFolderPath</computeroutput> function of
+ the Windows system library Shell32.dll, asking for the user
+ profile. On very old Windows versions which do not have this
+ function or where it unexpectedly returns an error, there is
+ a fallback based on environment variables. First,
+ <computeroutput>%USERPROFILE%</computeroutput> is checked.
+ If it does not exist then an attempt with
+ <computeroutput>%HOMEDRIVE%%HOMEPATH%</computeroutput> is
+ made. A typical location is
+ <computeroutput>C:\Users\username</computeroutput>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ On Linux, Mac OS X, and Oracle Solaris, this is generally
+ taken from the environment variable
+ <computeroutput>$HOME</computeroutput>, except for the user
+ <computeroutput>root</computeroutput> where it is taken from
+ the account database. This is a workaround for the frequent
+ trouble caused by users using &product-name; in combination
+ with the tool <computeroutput>sudo</computeroutput> which by
+ default does not reset the environment variable
+ <computeroutput>$HOME</computeroutput>. A typical location
+ on Linux and Oracle Solaris is
+ <computeroutput>/home/username</computeroutput> and on Mac
+ OS X <computeroutput>/Users/username</computeroutput>.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ For simplicity, we will abbreviate the location of the home
+ directory as <computeroutput>$HOME</computeroutput>. Using that
+ convention, the common folder for all virtual machines is
+ <computeroutput>$HOME/VirtualBox VMs</computeroutput>.
+ </para>
+
+ <para>
+ As an example, when you create a virtual machine called "Example
+ VM", &product-name; creates the following:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ A machine folder <computeroutput>$HOME/VirtualBox
+ VMs/Example VM/</computeroutput>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In the machine folder, a settings file:
+ <computeroutput>Example VM.vbox</computeroutput>
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In the machine folder, a virtual disk image:
+ <computeroutput>Example VM.vdi</computeroutput>.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ This is the default layout if you use the
+ <emphasis role="bold">Create New Virtual Machine</emphasis>
+ wizard described in <xref linkend="gui-createvm" />. Once you
+ start working with the VM, additional files are added. Log files
+ are in a subfolder called <computeroutput>Logs</computeroutput>,
+ and if you have taken snapshots, they are in a
+ <computeroutput>Snapshots</computeroutput> subfolder. For each
+ VM, you can change the location of its snapshots folder in the
+ VM settings.
+ </para>
+
+ <para>
+ You can change the default machine folder by selecting
+ <emphasis role="bold">Preferences</emphasis> from the
+ <emphasis role="bold">File</emphasis> menu in the &product-name;
+ main window. Then, in the displayed window, click on the
+ <emphasis role="bold">General</emphasis> tab. Alternatively, use
+ <command>VBoxManage setproperty machinefolder</command>. See
+ <xref linkend="vboxmanage-setproperty" />.
+ </para>
+
+ </sect2>
+
+ <sect2 id="vboxconfigdata-pre-version-four">
+
+ <title>Machines Created by &product-name; Versions Before 4.0</title>
+
+ <para>
+ If you have upgraded to &product-name; 4.0 from an earlier
+ version of &product-name;, you probably have settings files and
+ disks in the earlier file system layout.
+ </para>
+
+ <para>
+ Before version 4.0, &product-name; separated the machine
+ settings files from virtual disk images. The machine settings
+ files had an <computeroutput>.xml</computeroutput> file
+ extension and resided in a folder called
+ <computeroutput>Machines</computeroutput> under the global
+ &product-name; configuration directory. See
+ <xref linkend="vboxconfigdata-global"/>. On Linux, for example,
+ this was the hidden directory
+ <computeroutput>$HOME/.VirtualBox/Machines</computeroutput>. The
+ default hard disks folder was called
+ <computeroutput>HardDisks</computeroutput> and was also located
+ in the <computeroutput>.VirtualBox</computeroutput> folder. Both
+ locations could be changed by the user in the global
+ preferences. The concept of a default hard disk folder was
+ abandoned with &product-name; 4.0, since disk images now reside
+ in each machine's folder by default.
+ </para>
+
+ <para>
+ The old layout had the following severe disadvantages:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ It was very difficult to move a virtual machine from one
+ host to another because the files involved did not reside in
+ the same folder. In addition, the virtual media of all
+ machines were registered with a global registry in the
+ central &product-name; settings file,
+ <computeroutput>$HOME/.VirtualBox/VirtualBox.xml</computeroutput>.
+ </para>
+
+ <para>
+ To move a machine to another host, it was therefore not
+ enough to move the XML settings file and the disk images,
+ which were in different locations, but the hard disk entries
+ from the global media registry XML had to be meticulously
+ copied as well. This was close to impossible if the machine
+ had snapshots and therefore differencing images.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Storing virtual disk images, which can grow very large,
+ under the hidden
+ <computeroutput>.VirtualBox</computeroutput> directory, at
+ least on Linux and Oracle Solaris hosts, made many users
+ wonder where their disk space had gone.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Whereas new VMs created with &product-name; 4.0 or later will
+ conform to the new layout, for maximum compatibility, old VMs
+ are <emphasis>not</emphasis> converted to the new layout.
+ Otherwise machine settings would be irrevocably broken if a user
+ downgraded from 4.0 back to an older version of &product-name;.
+ </para>
+
+ </sect2>
+
+ <sect2 id="vboxconfigdata-global">
+
+ <title>Global Configuration Data</title>
+
+ <para>
+ In addition to the files of the virtual machines, &product-name;
+ maintains global configuration data in the following directory:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">Linux and Oracle Solaris:</emphasis>
+ <computeroutput>$HOME/.config/VirtualBox</computeroutput>.
+ </para>
+
+ <para>
+ <computeroutput>$HOME/.VirtualBox</computeroutput> is used
+ if it exists, for compatibility with legacy versions before
+ &product-name; 4.3.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">Windows:</emphasis>
+ <computeroutput>$HOME/.VirtualBox</computeroutput>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">Mac OS X:</emphasis>
+ <computeroutput>$HOME/Library/VirtualBox</computeroutput>.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ &product-name; creates this configuration directory
+ automatically, if necessary. Optionally, you can specify an
+ alternate configuration directory by setting the
+ <computeroutput>VBOX_USER_HOME</computeroutput> environment
+ variable, or additionally on Linux or Oracle Solaris by using
+ the standard <computeroutput>XDG_CONFIG_HOME</computeroutput>
+ variable. Since the global
+ <computeroutput>VirtualBox.xml</computeroutput> settings file
+ points to all other configuration files, this enables switching
+ between several &product-name; configurations.
+ </para>
+
+ <para>
+ Most importantly, in this directory, &product-name; stores its
+ global settings file, another XML file called
+ <computeroutput>VirtualBox.xml</computeroutput>. This includes
+ global configuration options and the list of registered virtual
+ machines with pointers to their XML settings files. Neither the
+ location of this file nor its directory has changed with
+ &product-name; 4.0.
+ </para>
+
+ <para>
+ Before &product-name; 4.0, all virtual media, such as disk image
+ files, were also contained in a global registry in this settings
+ file. For compatibility, this media registry still exists if you
+ upgrade &product-name; and there are media from machines which
+ were created with a version before 4.0. If you have no such
+ machines, then there will be no global media registry. With
+ &product-name; 4.0, each machine XML file has its own media
+ registry.
+ </para>
+
+ <para>
+ Also before &product-name; 4.0, the default
+ <computeroutput>Machines</computeroutput> folder and the default
+ <computeroutput>HardDisks</computeroutput> folder resided under
+ the &product-name; configuration directory, such as
+ <computeroutput>$HOME/.VirtualBox/Machines</computeroutput> on
+ Linux. If you are upgrading from an &product-name; version
+ before 4.0, files in these directories are not automatically
+ moved in order not to break backwards compatibility.
+ </para>
+
+ </sect2>
+
+ <sect2 id="vboxconfigdata-summary-version-four">
+
+ <title>Summary of 4.0 Configuration Changes</title>
+
+ <para>
+ The following table gives a brief overview of the configuration
+ changes between legacy versions and version 4.0 or later.
+ </para>
+
+ <table id="table-version4-config-changes" tabstyle="oracle-all">
+ <title>Configuration Changes in Version 4.0 or Above</title>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry><para>
+ <emphasis role="bold">Setting</emphasis>
+ </para></entry>
+ <entry><para>
+ <emphasis role="bold">Before 4.0</emphasis>
+ </para></entry>
+ <entry><para>
+ <emphasis role="bold">4.0 or above</emphasis>
+ </para></entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><para>
+ Default machines folder
+ </para></entry>
+ <entry><para>
+ <computeroutput>$HOME/.VirtualBox/Machines</computeroutput>
+ </para></entry>
+ <entry><para>
+ <computeroutput>$HOME/VirtualBox VMs</computeroutput>
+ </para></entry>
+ </row>
+ <row>
+ <entry><para>
+ Default disk image location
+ </para></entry>
+ <entry><para>
+ <computeroutput>$HOME/.VirtualBox/HardDisks</computeroutput>
+ </para></entry>
+ <entry><para>
+ In each machine's folder
+ </para></entry>
+ </row>
+ <row>
+ <entry><para>
+ Machine settings file extension
+ </para></entry>
+ <entry><para>
+ <computeroutput>.xml</computeroutput>
+ </para></entry>
+ <entry><para>
+ <computeroutput>.vbox</computeroutput>
+ </para></entry>
+ </row>
+ <row>
+ <entry><para>
+ Media registry
+ </para></entry>
+ <entry><para>
+ Global <computeroutput>VirtualBox.xml</computeroutput>
+ file
+ </para></entry>
+ <entry><para>
+ Each machine settings file
+ </para></entry>
+ </row>
+ <row>
+ <entry><para>
+ Media registration
+ </para></entry>
+ <entry><para>
+ Explicit open/close required
+ </para></entry>
+ <entry><para>
+ Automatic on attach
+ </para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ </sect2>
+
+ <sect2 id="vboxconfigdata-XML-files">
+
+ <title>&product-name; XML Files</title>
+
+ <para>
+ &product-name; uses XML for both the machine settings files and
+ the global configuration file,
+ <computeroutput>VirtualBox.xml</computeroutput>.
+ </para>
+
+ <para>
+ All &product-name; XML files are versioned. When a new settings
+ file is created, for example because a new virtual machine is
+ created, &product-name; automatically uses the settings format
+ of the current &product-name; version. These files may not be
+ readable if you downgrade to an earlier version of
+ &product-name;. However, when &product-name; encounters a
+ settings file from an earlier version, such as after upgrading
+ &product-name;, it attempts to preserve the settings format as
+ much as possible. It will only silently upgrade the settings
+ format if the current settings cannot be expressed in the old
+ format, for example because you enabled a feature that was not
+ present in an earlier version of &product-name;.
+ </para>
+
+ <para>
+ As an example, before &product-name; 3.1, it was only possible
+ to enable or disable a single DVD drive in a virtual machine. If
+ it was enabled, then it would always be visible as the secondary
+ master of the IDE controller. With &product-name; 3.1, DVD
+ drives can be attached to arbitrary slots of arbitrary
+ controllers, so they could be the secondary slave of an IDE
+ controller or in a SATA slot. If you have a machine settings
+ file from an earlier version and upgrade &product-name; to 3.1
+ and then move the DVD drive from its default position, this
+ cannot be expressed in the old settings format; the XML machine
+ file would get written in the new format, and a backup file of
+ the old format would be kept.
+ </para>
+
+ <para>
+ In such cases, &product-name; backs up the old settings file in
+ the virtual machine's configuration directory. If you need to go
+ back to the earlier version of &product-name;, then you will
+ need to manually copy these backup files back.
+ </para>
+
+ <para>
+ We intentionally do not document the specifications of the
+ &product-name; XML files, as we must reserve the right to modify
+ them in the future. We therefore strongly suggest that you do
+ not edit these files manually. &product-name; provides complete
+ access to its configuration data through its the
+ <command>VBoxManage</command> command line tool, see
+ <xref linkend="vboxmanage" /> and its API, see
+ <xref linkend="VirtualBoxAPI" />.
+ </para>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="technical-components">
+
+ <title>&product-name; Executables and Components</title>
+
+ <para>
+ &product-name; was designed to be modular and flexible. When the
+ &product-name; graphical user interface (GUI) is opened and a VM
+ is started, at least the following three processes are running:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ <computeroutput>VBoxSVC</computeroutput>, the &product-name;
+ service process which always runs in the background. This
+ process is started automatically by the first &product-name;
+ client process and exits a short time after the last client
+ exits. The first &product-name; service can be the GUI,
+ <computeroutput>VBoxManage</computeroutput>,
+ <computeroutput>VBoxHeadless</computeroutput>, the web service
+ amongst others. The service is responsible for bookkeeping,
+ maintaining the state of all VMs, and for providing
+ communication between &product-name; components. This
+ communication is implemented using COM/XPCOM.
+ </para>
+
+ <note>
+ <para>
+ When we refer to <emphasis>clients</emphasis> here, we mean
+ the local clients of a particular
+ <computeroutput>VBoxSVC</computeroutput> server process, not
+ clients in a network. &product-name; employs its own
+ client/server design to allow its processes to cooperate,
+ but all these processes run under the same user account on
+ the host operating system, and this is totally transparent
+ to the user.
+ </para>
+ </note>
+ </listitem>
+
+ <listitem>
+ <para>
+ The GUI process,
+ <computeroutput>VirtualBoxVM</computeroutput>, a client
+ application based on the cross-platform Qt library. When
+ started without the <computeroutput>--startvm</computeroutput>
+ option, this application acts as the VirtualBox Manager,
+ displaying the VMs and their settings. It then communicates
+ settings and state changes to
+ <computeroutput>VBoxSVC</computeroutput> and also reflects
+ changes effected through other means, such as the
+ <command>VBoxManage</command> command.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ If the <computeroutput>VirtualBoxVM</computeroutput> client
+ application is started with the
+ <computeroutput>--startvm</computeroutput> argument, it loads
+ the VMM library which includes the actual hypervisor and then
+ runs a virtual machine and provides the input and output for
+ the guest.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Any &product-name; front-end, or client, will communicate with the
+ service process and can both control and reflect the current
+ state. For example, either the VM selector or the VM window or
+ VBoxManage can be used to pause the running VM, and other
+ components will always reflect the changed state.
+ </para>
+
+ <para>
+ The &product-name; GUI application is only one of several
+ available front ends, or clients. The complete list shipped with
+ &product-name; is as follows:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ <computeroutput>VirtualBoxVM</computeroutput>: The Qt front
+ end implementing the VirtualBox Manager and running VMs.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <computeroutput>VBoxManage</computeroutput>: A less
+ user-friendly but more powerful alternative. See
+ <xref linkend="vboxmanage" />.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <computeroutput>VBoxHeadless</computeroutput>: A VM front end
+ which does not directly provide any video output and keyboard
+ or mouse input, but enables redirection through the VirtualBox
+ Remote Desktop Extension. See <xref linkend="vboxheadless" />.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <computeroutput>vboxwebsrv</computeroutput>: The
+ &product-name; web service process which enables control of an
+ &product-name; host remotely. This is described in detail in
+ the &product-name; Software Development Kit (SDK) reference.
+ See <xref linkend="VirtualBoxAPI" />.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The &product-name; Python shell: A Python alternative to
+ <computeroutput>VBoxManage</computeroutput>. This is also
+ described in the SDK reference.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Internally, &product-name; consists of many more or less separate
+ components. You may encounter these when analyzing &product-name;
+ internal error messages or log files. These include the following:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ IPRT: A portable runtime library which abstracts file access,
+ threading, and string manipulation. Whenever &product-name;
+ accesses host operating features, it does so through this
+ library for cross-platform portability.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ VMM (Virtual Machine Monitor): The heart of the hypervisor.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ EM (Execution Manager): Controls execution of guest code.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ REM (Recompiled Execution Monitor): Provides software
+ emulation of CPU instructions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ TRPM (Trap Manager): Intercepts and processes guest traps and
+ exceptions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ HM (Hardware Acceleration Manager): Provides support for VT-x
+ and AMD-V.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ GIM (Guest Interface Manager): Provides support for various
+ paravirtualization interfaces to the guest.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ PDM (Pluggable Device Manager): An abstract interface between
+ the VMM and emulated devices which separates device
+ implementations from VMM internals and makes it easy to add
+ new emulated devices. Through PDM, third-party developers can
+ add new virtual devices to &product-name; without having to
+ change &product-name; itself.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ PGM (Page Manager): A component that controls guest paging.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ PATM (Patch Manager): Patches guest code to improve and speed
+ up software virtualization.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ TM (Time Manager): Handles timers and all aspects of time
+ inside guests.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ CFGM (Configuration Manager): Provides a tree structure which
+ holds configuration settings for the VM and all emulated
+ devices.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ SSM (Saved State Manager): Saves and loads VM state.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ VUSB (Virtual USB): A USB layer which separates emulated USB
+ controllers from the controllers on the host and from USB
+ devices. This component also enables remote USB.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ DBGF (Debug Facility): A built-in VM debugger.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ &product-name; emulates a number of devices to provide the
+ hardware environment that various guests need. Most of these
+ are standard devices found in many PC compatible machines and
+ widely supported by guest operating systems. For network and
+ storage devices in particular, there are several options for
+ the emulated devices to access the underlying hardware. These
+ devices are managed by PDM.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Guest Additions for various guest operating systems. This is
+ code that is installed from within a virtual machine. See
+ <xref linkend="guestadditions" />.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The "Main" component is special. It ties all the above bits
+ together and is the only public API that &product-name;
+ provides. All the client processes listed above use only this
+ API and never access the hypervisor components directly. As a
+ result, third-party applications that use the &product-name;
+ Main API can rely on the fact that it is always well-tested
+ and that all capabilities of &product-name; are fully exposed.
+ It is this API that is described in the &product-name; SDK.
+ See <xref linkend="VirtualBoxAPI" />.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="hwvirt">
+
+ <title>Hardware vs. Software Virtualization</title>
+
+ <para>
+ &product-name; enables software in the virtual machine to run
+ directly on the processor of the host, but an array of complex
+ techniques is employed to intercept operations that would
+ interfere with your host. Whenever the guest attempts to do
+ something that could be harmful to your computer and its data,
+ &product-name; steps in and takes action. In particular, for lots
+ of hardware that the guest believes to be accessing,
+ &product-name; simulates a certain "virtual" environment according
+ to how you have configured a virtual machine. For example, when
+ the guest attempts to access a hard disk, &product-name; redirects
+ these requests to whatever you have configured to be the virtual
+ machine's virtual hard disk. This is normally an image file on
+ your host.
+ </para>
+
+ <para>
+ Unfortunately, the x86 platform was never designed to be
+ virtualized. Detecting situations in which &product-name; needs to
+ take control over the guest code that is executing, as described
+ above, is difficult. There are two ways in which to achieve this:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Since 2006, Intel and AMD processors have had support for
+ so-called <emphasis>hardware virtualization</emphasis>. This
+ means that these processors can help &product-name; to
+ intercept potentially dangerous operations that a guest
+ operating system may be attempting and also makes it easier to
+ present virtual hardware to a virtual machine.
+ </para>
+
+ <para>
+ These hardware features differ between Intel and AMD
+ processors. Intel named its technology >VT-x. AMD calls theirs
+ AMD-V. The Intel and AMD support for virtualization is very
+ different in detail, but not very different in principle.
+ </para>
+
+ <note>
+ <para>
+ On many systems, the hardware virtualization features first
+ need to be enabled in the BIOS before &product-name; can use
+ them.
+ </para>
+ </note>
+ </listitem>
+
+ <listitem>
+ <para>
+ As opposed to other virtualization software, for many usage
+ scenarios, &product-name; does not
+ <emphasis>require</emphasis> hardware virtualization features
+ to be present. Through sophisticated techniques,
+ &product-name; virtualizes many guest operating systems
+ entirely in <emphasis>software</emphasis>. This means that you
+ can run virtual machines even on older processors which do not
+ support hardware virtualization.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Even though &product-name; does not always require hardware
+ virtualization, enabling it is <emphasis>required</emphasis> in
+ the following scenarios:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Certain rare guest operating systems like OS/2 make use of
+ very esoteric processor instructions that are not supported
+ with our software virtualization. For virtual machines that
+ are configured to contain such an operating system, hardware
+ virtualization is enabled automatically.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ &product-name;'s 64-bit guest support, added with version 2.0,
+ and multiprocessing (SMP), added with version 3.0, both
+ require hardware virtualization to be enabled. This is not
+ much of a limitation since the vast majority of today's 64-bit
+ and multicore CPUs ship with hardware virtualization anyway.
+ The exceptions to this rule are older Intel Celeron and AMD
+ Opteron CPUs, for example.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <warning>
+ <para>
+ Do not run other hypervisors, either open source or commercial
+ virtualization products, together with &product-name;. While
+ several hypervisors can normally be
+ <emphasis>installed</emphasis> in parallel, do not attempt to
+ <emphasis>run</emphasis> several virtual machines from competing
+ hypervisors at the same time. &product-name; cannot track what
+ another hypervisor is currently attempting to do on the same
+ host, and especially if several products attempt to use hardware
+ virtualization features such as VT-x, this can crash the entire
+ host. Also, within &product-name;, you can mix software and
+ hardware virtualization when running multiple VMs. In certain
+ cases a small performance penalty will be unavoidable when
+ mixing VT-x and software virtualization VMs. We recommend not
+ mixing virtualization modes if maximum performance and low
+ overhead are essential. This does <emphasis>not</emphasis> apply
+ to AMD-V.
+ </para>
+ </warning>
+
+ </sect1>
+
+ <sect1 id="gimproviders">
+
+ <title>Paravirtualization Providers</title>
+
+ <para>
+ &product-name; enables the exposure of a paravirtualization
+ interface, to facilitate accurate and efficient execution of
+ software within a virtual machine. These interfaces require the
+ guest operating system to recognize their presence and make use of
+ them in order to leverage the benefits of communicating with the
+ &product-name; hypervisor.
+ </para>
+
+ <para>
+ Most modern mainstream guest operating systems, including Windows
+ and Linux, ship with support for one or more paravirtualization
+ interfaces. Hence, there is typically no need to install
+ additional software in the guest to take advantage of this
+ feature.
+ </para>
+
+ <para>
+ Exposing a paravirtualization provider to the guest operating
+ system does not rely on the choice of host platforms. For example,
+ the <emphasis>Hyper-V</emphasis> paravirtualization provider can
+ be used for VMs to run on any host platform supported by
+ &product-name; and not just Windows.
+ </para>
+
+ <para>
+ &product-name; provides the following interfaces:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">Minimal</emphasis>: Announces the
+ presence of a virtualized environment. Additionally, reports
+ the TSC and APIC frequency to the guest operating system. This
+ provider is mandatory for running any Mac OS X guests.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">KVM</emphasis>: Presents a Linux KVM
+ hypervisor interface which is recognized by Linux kernels
+ version 2.6.25 or later. &product-name;'s implementation
+ currently supports paravirtualized clocks and SMP spinlocks.
+ This provider is recommended for Linux guests.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <emphasis role="bold">Hyper-V</emphasis>: Presents a Microsoft
+ Hyper-V hypervisor interface which is recognized by Windows 7
+ and newer operating systems. &product-name;'s implementation
+ currently supports paravirtualized clocks, APIC frequency
+ reporting, guest debugging, guest crash reporting and relaxed
+ timer checks. This provider is recommended for Windows guests.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="swvirt-details">
+
+ <title>Details About Software Virtualization</title>
+
+ <para>
+ Implementing virtualization on x86 CPUs with no hardware
+ virtualization support is an extraordinarily complex task because
+ the CPU architecture was not designed to be virtualized. The
+ problems can usually be solved, but at the cost of reduced
+ performance. Thus, there is a constant clash between
+ virtualization performance and accuracy.
+ </para>
+
+ <para>
+ The x86 instruction set was originally designed in the 1970s and
+ underwent significant changes with the addition of protected mode
+ in the 1980s with the 286 CPU architecture and then again with the
+ Intel 386 and its 32-bit architecture. Whereas the 386 did have
+ limited virtualization support for real mode operation with V86
+ mode, as used by the "DOS Box" of Windows 3.x and OS/2 2.x, no
+ support was provided for virtualizing the entire architecture.
+ </para>
+
+ <para>
+ In theory, software virtualization is not overly complex. There
+ are four privilege levels, called <emphasis>rings</emphasis>,
+ provided by the hardware. Typically only two rings are used: ring
+ 0 for kernel mode and ring 3 for user mode. Additionally, one
+ needs to differentiate between <emphasis>host context</emphasis>
+ and <emphasis>guest context</emphasis>.
+ </para>
+
+ <para>
+ In host context, everything is as if no hypervisor was active.
+ This might be the active mode if another application on your host
+ has been scheduled CPU time. In that case, there is a host ring 3
+ mode and a host ring 0 mode. The hypervisor is not involved.
+ </para>
+
+ <para>
+ In guest context, however, a virtual machine is active. So long as
+ the guest code is running in ring 3, this is not much of a problem
+ since a hypervisor can set up the page tables properly and run
+ that code natively on the processor. The problems mostly lie in
+ how to intercept what the guest's kernel does.
+ </para>
+
+ <para>
+ There are several possible solutions to these problems. One
+ approach is full software emulation, usually involving
+ recompilation. That is, all code to be run by the guest is
+ analyzed, transformed into a form which will not allow the guest
+ to either modify or see the true state of the CPU, and only then
+ executed. This process is obviously highly complex and costly in
+ terms of performance. &product-name; contains a recompiler based
+ on QEMU which can be used for pure software emulation, but the
+ recompiler is only activated in special situations, described
+ below.
+ </para>
+
+ <para>
+ Another possible solution is paravirtualization, in which only
+ specially modified guest OSes are allowed to run. This way, most
+ of the hardware access is abstracted and any functions which would
+ normally access the hardware or privileged CPU state are passed on
+ to the hypervisor instead. Paravirtualization can achieve good
+ functionality and performance on standard x86 CPUs, but it can
+ only work if the guest OS can actually be modified, which is
+ obviously not always the case.
+ </para>
+
+ <para>
+ &product-name; chooses a different approach. When starting a
+ virtual machine, through its ring-0 support kernel driver,
+ &product-name; has set up the host system so that it can run most
+ of the guest code natively, but it has inserted itself at the
+ "bottom" of the picture. It can then assume control when needed.
+ If a privileged instruction is executed, the guest traps, in
+ particular because an I/O register was accessed and a device needs
+ to be virtualized, or external interrupts occur. &product-name;
+ may then handle this and either route a request to a virtual
+ device or possibly delegate handling such things to the guest or
+ host OS. In guest context, &product-name; can therefore be in one
+ of three states:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Guest ring 3 code is run unmodified, at full speed, as much as
+ possible. The number of faults will generally be low, unless
+ the guest allows port I/O from ring 3. This is something we
+ cannot do as we do not want the guest to be able to access
+ real ports. This is also referred to as <emphasis>raw
+ mode</emphasis>, as the guest ring-3 code runs unmodified.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ For guest code in ring 0, &product-name; employs a clever
+ trick. It actually reconfigures the guest so that its ring-0
+ code is run in ring 1 instead, which is normally not used in
+ x86 operating systems). As a result, when guest ring-0 code,
+ actually running n ring 1, such as a guest device driver
+ attempts to write to an I/O register or execute a privileged
+ instruction, the &product-name; hypervisor in the "real" ring
+ 0 can take over.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The hypervisor (VMM) can be active. Every time a fault occurs,
+ &product-name; looks at the offending instruction and can
+ relegate it to a virtual device or the host OS or the guest OS
+ or run it in the recompiler.
+ </para>
+
+ <para>
+ In particular, the recompiler is used when guest code disables
+ interrupts and &product-name; cannot figure out when they will
+ be switched back on. In these situations, &product-name;
+ actually analyzes the guest code using its own disassembler.
+ Also, certain privileged instructions such as LIDT need to be
+ handled specially. Finally, any real-mode or protected-mode
+ code, such as BIOS code, a DOS guest, or any operating system
+ startup, is run in the recompiler entirely.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Unfortunately this only works to a degree. Among others, the
+ following situations require special handling:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Running ring 0 code in ring 1 causes a lot of additional
+ instruction faults, as ring 1 is not allowed to execute any
+ privileged instructions, of which guest's ring-0 contains
+ plenty. With each of these faults, the VMM must step in and
+ emulate the code to achieve the desired behavior. While this
+ works, emulating thousands of these faults is very expensive
+ and severely hurts the performance of the virtualized guest.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ There are certain flaws in the implementation of ring 1 in the
+ x86 architecture that were never fixed. Certain instructions
+ that <emphasis>should</emphasis> trap in ring 1 do not. This
+ affects, for example, the LGDT/SGDT, LIDT/SIDT, or POPF/PUSHF
+ instruction pairs. Whereas the "load" operation is privileged
+ and can therefore be trapped, the "store" instruction always
+ succeed. If the guest is allowed to execute these, it will see
+ the true state of the CPU, not the virtualized state. The
+ CPUID instruction also has the same problem.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ A hypervisor typically needs to reserve some portion of the
+ guest's address space, both linear address space and
+ selectors, for its own use. This is not entirely transparent
+ to the guest OS and may cause clashes.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The SYSENTER instruction, used for system calls, executed by
+ an application running in a guest OS always transitions to
+ ring 0. But that is where the hypervisor runs, not the guest
+ OS. In this case, the hypervisor must trap and emulate the
+ instruction even when it is not desirable.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ The CPU segment registers contain a "hidden" descriptor cache
+ which is not software-accessible. The hypervisor cannot read,
+ save, or restore this state, but the guest OS may use it.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Some resources must, and can, be trapped by the hypervisor,
+ but the access is so frequent that this creates a significant
+ performance overhead. An example is the TPR (Task Priority)
+ register in 32-bit mode. Accesses to this register must be
+ trapped by the hypervisor. But certain guest operating
+ systems, notably Windows and Oracle Solaris, write this
+ register very often, which adversely affects virtualization
+ performance.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ To fix these performance and security issues, &product-name;
+ contains a Code Scanning and Analysis Manager (CSAM), which
+ disassembles guest code, and the Patch Manager (PATM), which can
+ replace it at runtime.
+ </para>
+
+ <para>
+ Before executing ring 0 code, CSAM scans it recursively to
+ discover problematic instructions. PATM then performs
+ <emphasis>in-situ </emphasis>patching. It replaces the instruction
+ with a jump to hypervisor memory where an integrated code
+ generator has placed a more suitable implementation. In reality,
+ this is a very complex task as there are lots of odd situations to
+ be discovered and handled correctly. So, with its current
+ complexity, one could argue that PATM is an advanced
+ <emphasis>in-situ</emphasis> recompiler.
+ </para>
+
+ <para>
+ In addition, every time a fault occurs, &product-name; analyzes
+ the offending code to determine if it is possible to patch it in
+ order to prevent it from causing more faults in the future. This
+ approach works well in practice and dramatically improves software
+ virtualization performance.
+ </para>
+
+ </sect1>
+
+ <sect1 id="hwvirt-details">
+
+ <title>Details About Hardware Virtualization</title>
+
+ <para>
+ With Intel VT-x, there are two distinct modes of CPU operation:
+ VMX root mode and non-root mode.
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ In root mode, the CPU operates much like older generations of
+ processors without VT-x support. There are four privilege
+ levels, called rings, and the same instruction set is
+ supported, with the addition of several virtualization
+ specific instruction. Root mode is what a host operating
+ system without virtualization uses, and it is also used by a
+ hypervisor when virtualization is active.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In non-root mode, CPU operation is significantly different.
+ There are still four privilege rings and the same instruction
+ set, but a new structure called VMCS (Virtual Machine Control
+ Structure) now controls the CPU operation and determines how
+ certain instructions behave. Non-root mode is where guest
+ systems run.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>
+ Switching from root mode to non-root mode is called "VM entry",
+ the switch back is "VM exit". The VMCS includes a guest and host
+ state area which is saved/restored at VM entry and exit. Most
+ importantly, the VMCS controls which guest operations will cause
+ VM exits.
+ </para>
+
+ <para>
+ The VMCS provides fairly fine-grained control over what the guests
+ can and cannot do. For example, a hypervisor can allow a guest to
+ write certain bits in shadowed control registers, but not others.
+ This enables efficient virtualization in cases where guests can be
+ allowed to write control bits without disrupting the hypervisor,
+ while preventing them from altering control bits over which the
+ hypervisor needs to retain full control. The VMCS also provides
+ control over interrupt delivery and exceptions.
+ </para>
+
+ <para>
+ Whenever an instruction or event causes a VM exit, the VMCS
+ contains information about the exit reason, often with
+ accompanying detail. For example, if a write to the CR0 register
+ causes an exit, the offending instruction is recorded, along with
+ the fact that a write access to a control register caused the
+ exit, and information about source and destination register. Thus
+ the hypervisor can efficiently handle the condition without
+ needing advanced techniques such as CSAM and PATM described above.
+ </para>
+
+ <para>
+ VT-x inherently avoids several of the problems which software
+ virtualization faces. The guest has its own completely separate
+ address space not shared with the hypervisor, which eliminates
+ potential clashes. Additionally, guest OS kernel code runs at
+ privilege ring 0 in VMX non-root mode, obviating the problems by
+ running ring 0 code at less privileged levels. For example the
+ SYSENTER instruction can transition to ring 0 without causing
+ problems. Naturally, even at ring 0 in VMX non-root mode, any I/O
+ access by guest code still causes a VM exit, allowing for device
+ emulation.
+ </para>
+
+ <para>
+ The biggest difference between VT-x and AMD-V is that AMD-V
+ provides a more complete virtualization environment. VT-x requires
+ the VMX non-root code to run with paging enabled, which precludes
+ hardware virtualization of real-mode code and non-paged
+ protected-mode software. This typically only includes firmware and
+ OS loaders, but nevertheless complicates VT-x hypervisor
+ implementation. AMD-V does not have this restriction.
+ </para>
+
+ <para>
+ Of course hardware virtualization is not perfect. Compared to
+ software virtualization, the overhead of VM exits is relatively
+ high. This causes problems for devices whose emulation requires
+ high number of traps. One example is the VGA device in 16-color
+ modes, where not only every I/O port access but also every access
+ to the framebuffer memory must be trapped.
+ </para>
+
+ </sect1>
+
+ <sect1 id="nestedpaging">
+
+ <title>Nested Paging and VPIDs</title>
+
+ <para>
+ In addition to normal hardware virtualization, your processor may
+ also support the following additional sophisticated techniques:
+ </para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Nested paging implements some memory management in hardware,
+ which can greatly accelerate hardware virtualization since
+ these tasks no longer need to be performed by the
+ virtualization software.
+ </para>
+
+ <para>
+ With nested paging, the hardware provides another level of
+ indirection when translating linear to physical addresses.
+ Page tables function as before, but linear addresses are now
+ translated to "guest physical" addresses first and not
+ physical addresses directly. A new set of paging registers now
+ exists under the traditional paging mechanism and translates
+ from guest physical addresses to host physical addresses,
+ which are used to access memory.
+ </para>
+
+ <para>
+ Nested paging eliminates the overhead caused by VM exits and
+ page table accesses. In essence, with nested page tables the
+ guest can handle paging without intervention from the
+ hypervisor. Nested paging thus significantly improves
+ virtualization performance.
+ </para>
+
+ <para>
+ On AMD processors, nested paging has been available starting
+ with the Barcelona (K10) architecture. They now call it rapid
+ virtualization indexing (RVI). Intel added support for nested
+ paging, which they call extended page tables (EPT), with their
+ Core i7 (Nehalem) processors.
+ </para>
+
+ <para>
+ If nested paging is enabled, the &product-name; hypervisor can
+ also use <emphasis>large pages</emphasis> to reduce TLB usage
+ and overhead. This can yield a performance improvement of up
+ to 5%. To enable this feature for a VM, you use the
+ <computeroutput>VBoxManage modifyvm
+ --largepages</computeroutput> command. See
+ <xref linkend="vboxmanage-modifyvm" />.
+ </para>
+
+ <para>
+ If you have an Intel CPU with EPT, please consult
+ <xref linkend="sec-rec-cve-2018-3646" /> for security concerns
+ regarding EPT.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ On Intel CPUs, a hardware feature called Virtual Processor
+ Identifiers (VPIDs) can greatly accelerate context switching
+ by reducing the need for expensive flushing of the processor's
+ Translation Lookaside Buffers (TLBs).
+ </para>
+
+ <para>
+ To enable these features for a VM, you use the
+ <computeroutput>VBoxManage modifyvm --vtxvpid</computeroutput>
+ and <computeroutput>--largepages</computeroutput> commands.
+ See <xref linkend="vboxmanage-modifyvm" />.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+
+</chapter>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 00:35:41 +0000