user_Technical.xml revision 4eea45d3b93e3072b78a0e8aa76cffd391cb1fe8
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The contents of this chapter are not required to use VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync successfully. The following is provided as additional information for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync readers who are more familiar with computer architecture and technology and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync wish to find out more about how VirtualBox works "under the hood".</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>In VirtualBox, a virtual machine and its settings are described in a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync virtual machine settings file in XML format. In addition, most virtual
abdb98ae42a6b42354fba512d217870de3f51666vboxsync machine have one or more virtual hard disks, which are typically
abdb98ae42a6b42354fba512d217870de3f51666vboxsync represented by disk images (e.g. in VDI format). Where all these files are
abdb98ae42a6b42354fba512d217870de3f51666vboxsync stored depends on which version of VirtualBox created the machine.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <title>Machines created by VirtualBox version 4.0 or later</title>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Starting with version 4.0, by default, each virtual machine has
abdb98ae42a6b42354fba512d217870de3f51666vboxsync one directory on your host computer where all the files of that machine
abdb98ae42a6b42354fba512d217870de3f51666vboxsync are stored -- the XML settings file (with a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>.vbox</computeroutput> file extension) and its disk
abdb98ae42a6b42354fba512d217870de3f51666vboxsync images.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>By default, this "machine folder" is placed in a common folder
abdb98ae42a6b42354fba512d217870de3f51666vboxsync called "VirtualBox VMs", which VirtualBox creates in the current system
abdb98ae42a6b42354fba512d217870de3f51666vboxsync user's home directory. The location of this home directory depends on
abdb98ae42a6b42354fba512d217870de3f51666vboxsync the conventions of the host operating system:</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <itemizedlist>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>On Windows, this is
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>%HOMEDRIVE%%HOMEPATH%</computeroutput>; typically
abdb98ae42a6b42354fba512d217870de3f51666vboxsync something like <computeroutput>C:\Documents and
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>On Mac OS X, this is
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>/Users/username</computeroutput>.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>On Linux and Solaris, this is
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>/home/username</computeroutput>.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </itemizedlist>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>For simplicity, we will abbreviate this as
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>$HOME</computeroutput> below. Using that convention, the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync common folder for all virtual machines is
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>$HOME/VirtualBox VMs</computeroutput>.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>As an example, when you create a virtual machine called "Example
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VM", you will find that VirtualBox creates<orderedlist>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>the folder <computeroutput>$HOME/VirtualBox VMs/Example
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>the virtual disk image <computeroutput>Example
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>This is the default layout if you use the "Create new virtual
abdb98ae42a6b42354fba512d217870de3f51666vboxsync machine" wizard as described in <xref linkend="gui-createvm" />. Once
abdb98ae42a6b42354fba512d217870de3f51666vboxsync you start working with the VM, additional files will show up: you will
abdb98ae42a6b42354fba512d217870de3f51666vboxsync find log files in a subfolder called
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>Logs</computeroutput>, and once you have taken
abdb98ae42a6b42354fba512d217870de3f51666vboxsync snapshots, they will appear in a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>Snapshots</computeroutput> subfolder. For each VM, you
abdb98ae42a6b42354fba512d217870de3f51666vboxsync can change the location of its snapsnots folder in the VM
abdb98ae42a6b42354fba512d217870de3f51666vboxsync settings.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>You can change the default machine folder by selecting
abdb98ae42a6b42354fba512d217870de3f51666vboxsync "Preferences" from the "File" menu in the VirtualBox main window. Then,
abdb98ae42a6b42354fba512d217870de3f51666vboxsync in the window that pops up, click on the "General" tab. Alternatively,
abdb98ae42a6b42354fba512d217870de3f51666vboxsync use <computeroutput>VBoxManage setproperty
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <title>Machines created by VirtualBox versions before 4.0</title>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>If you have upgraded to VirtualBox 4.0 from an earlier version of
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox, you probably have settings files and disks in the earlier
abdb98ae42a6b42354fba512d217870de3f51666vboxsync file system layout.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Before version 4.0, VirtualBox separated the machine settings
abdb98ae42a6b42354fba512d217870de3f51666vboxsync files from virtual disk images. The machine settings files had an
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>.xml</computeroutput> file extension and resided in a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync folder called "Machines" under the global VirtualBox configuration
abdb98ae42a6b42354fba512d217870de3f51666vboxsync directory (see the next section). So, for example, on Linux, this was
abdb98ae42a6b42354fba512d217870de3f51666vboxsync the hidden <computeroutput>$HOME/.VirtualBox/Machines</computeroutput>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync directory. The default hard disks folder was called "HardDisks" and
abdb98ae42a6b42354fba512d217870de3f51666vboxsync resided in the <computeroutput>.VirtualBox</computeroutput> folder as
abdb98ae42a6b42354fba512d217870de3f51666vboxsync well. Both locations could be changed by the user in the global
abdb98ae42a6b42354fba512d217870de3f51666vboxsync preferences. (The concept of a "default hard disk folder" has been
abdb98ae42a6b42354fba512d217870de3f51666vboxsync abandoned with VirtualBox 4.0, since disk images now reside in each
abdb98ae42a6b42354fba512d217870de3f51666vboxsync machine's folder by default.)</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>The old layout had several severe disadvantages.<orderedlist>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>It was very difficult to move a virtual machine from one
abdb98ae42a6b42354fba512d217870de3f51666vboxsync host to another because the files involved did not reside in the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync same folder. In addition, the virtual media of all machines were
abdb98ae42a6b42354fba512d217870de3f51666vboxsync registered with a global registry in the central VirtualBox
abdb98ae42a6b42354fba512d217870de3f51666vboxsync settings file
abdb98ae42a6b42354fba512d217870de3f51666vboxsync (<computeroutput>$HOME/.VirtualBox/VirtualBox.xml</computeroutput>).</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>To move a machine to another host, it was therefore not
abdb98ae42a6b42354fba512d217870de3f51666vboxsync enough to move the XML settings file and the disk images (which
abdb98ae42a6b42354fba512d217870de3f51666vboxsync were in different locations), but the hard disk entries from the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync global media registry XML had to be meticulously copied as well,
abdb98ae42a6b42354fba512d217870de3f51666vboxsync which was close to impossible if the machine had snapshots and
abdb98ae42a6b42354fba512d217870de3f51666vboxsync therefore differencing images.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Storing virtual disk images, which can grow very large,
abdb98ae42a6b42354fba512d217870de3f51666vboxsync under the hidden <computeroutput>.VirtualBox</computeroutput>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync directory (at least on Linux and Solaris hosts) made many users
abdb98ae42a6b42354fba512d217870de3f51666vboxsync wonder where their disk space had gone.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </listitem>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Whereas new VMs created with VirtualBox 4.0 or later will conform
abdb98ae42a6b42354fba512d217870de3f51666vboxsync to the new layout, for maximum compatibility, old VMs are
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <emphasis>not</emphasis> converted to the new layout. Otherwise machine
abdb98ae42a6b42354fba512d217870de3f51666vboxsync settings would be irrevocably broken if a user downgraded from 4.0 back
abdb98ae42a6b42354fba512d217870de3f51666vboxsync to an older version of VirtualBox.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>In addition to the files of the virtual machines, VirtualBox
44385c60e28857348aa65ea1a9fc58a41cb0754evboxsync maintains global configuration data. On Linux and Solaris as of VirtualBox 4.3, this
44385c60e28857348aa65ea1a9fc58a41cb0754evboxsync is in the hidden directory <computeroutput>$HOME/.config/VirtualBox</computeroutput>, although <computeroutput>$HOME/.VirtualBox</computeroutput> will be used if it exists for compatibility with earlier versions; on Windows (and on Linux and Solaris with VirtualBox 4.2 and earlier) this is in <computeroutput>$HOME/.VirtualBox</computeroutput>; on a Mac it resides in
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>$HOME/Library/VirtualBox</computeroutput>.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>VirtualBox creates this configuration directory automatically if
abdb98ae42a6b42354fba512d217870de3f51666vboxsync necessary. Optionally, you can supply an alternate configuration
abdb98ae42a6b42354fba512d217870de3f51666vboxsync directory by setting the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput><literal>VBOX_USER_HOME</literal></computeroutput>
44385c60e28857348aa65ea1a9fc58a41cb0754evboxsync environment variable, or additionally on Linux or Solaris by using the standard <computeroutput><literal>XDG_CONFIG_HOME</literal></computeroutput> variable. (Since the global
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>VirtualBox.xml</computeroutput> settings file points to
abdb98ae42a6b42354fba512d217870de3f51666vboxsync all other configuration files, this allows for switching between several
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox configurations entirely.)</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Most importantly, in this directory, VirtualBox stores its global
abdb98ae42a6b42354fba512d217870de3f51666vboxsync settings file, another XML file called
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>VirtualBox.xml</computeroutput>. This includes global
abdb98ae42a6b42354fba512d217870de3f51666vboxsync configuration options and the list of registered virtual machines with
abdb98ae42a6b42354fba512d217870de3f51666vboxsync pointers to their XML settings files. (Neither the location of this file
abdb98ae42a6b42354fba512d217870de3f51666vboxsync nor its directory has changed with VirtualBox 4.0.)</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Before VirtualBox 4.0, all virtual media (disk image files) were
abdb98ae42a6b42354fba512d217870de3f51666vboxsync also contained in a global registry in this settings file. For
abdb98ae42a6b42354fba512d217870de3f51666vboxsync compatibility, this media registry still exists if you upgrade
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox and there are media from machines which were created with a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync version before 4.0. If you have no such machines, then there will be no
abdb98ae42a6b42354fba512d217870de3f51666vboxsync global media registry; with VirtualBox 4.0, each machine XML file has
abdb98ae42a6b42354fba512d217870de3f51666vboxsync its own media registry.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>Also before VirtualBox 4.0, the default "Machines" folder and the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync default "HardDisks" folder resided under the VirtualBox configuration
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>$HOME/.VirtualBox/Machines</computeroutput> on Linux).
abdb98ae42a6b42354fba512d217870de3f51666vboxsync If you are upgrading from a VirtualBox version before 4.0, files in
abdb98ae42a6b42354fba512d217870de3f51666vboxsync these directories are not automatically moved in order not to break
abdb98ae42a6b42354fba512d217870de3f51666vboxsync backwards compatibility.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <title>Summary of 4.0 configuration changes</title>
6c87e6c0339810607dc8ac00c14c61819831bf40vboxsync <para>The following table gives a brief overview of the configuration
6c87e6c0339810607dc8ac00c14c61819831bf40vboxsync changes between older versions and version 4.0 or above:</para>
6c87e6c0339810607dc8ac00c14c61819831bf40vboxsync <title>Configuration changes in version 4.0 or above</title>
6c87e6c0339810607dc8ac00c14c61819831bf40vboxsync <entry><emphasis role="bold">Setting</emphasis></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><emphasis role="bold">Before 4.0</emphasis></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><emphasis role="bold">4.0 or above</emphasis></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><computeroutput>$HOME/.VirtualBox/Machines</computeroutput></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><computeroutput>$HOME/.VirtualBox/HardDisks</computeroutput></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><computeroutput>.xml</computeroutput></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry><computeroutput>.vbox</computeroutput></entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <entry>Global <computeroutput>VirtualBox.xml</computeroutput>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync file</entry>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>VirtualBox uses XML for both the machine settings files and the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync global configuration file,
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <computeroutput>VirtualBox.xml</computeroutput>.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>All VirtualBox XML files are versioned. When a new settings file
abdb98ae42a6b42354fba512d217870de3f51666vboxsync is created (e.g. because a new virtual machine is created), VirtualBox
abdb98ae42a6b42354fba512d217870de3f51666vboxsync automatically uses the settings format of the current VirtualBox
abdb98ae42a6b42354fba512d217870de3f51666vboxsync version. These files may not be readable if you downgrade to an earlier
abdb98ae42a6b42354fba512d217870de3f51666vboxsync version of VirtualBox. However, when VirtualBox encounters a settings
abdb98ae42a6b42354fba512d217870de3f51666vboxsync file from an earlier version (e.g. after upgrading VirtualBox), it
abdb98ae42a6b42354fba512d217870de3f51666vboxsync attempts to preserve the settings format as much as possible. It will
abdb98ae42a6b42354fba512d217870de3f51666vboxsync only silently upgrade the settings format if the current settings cannot
abdb98ae42a6b42354fba512d217870de3f51666vboxsync be expressed in the old format, for example because you enabled a
abdb98ae42a6b42354fba512d217870de3f51666vboxsync feature that was not present in an earlier version of
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox.<footnote>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>As an example, before VirtualBox 3.1, it was only possible to
abdb98ae42a6b42354fba512d217870de3f51666vboxsync enable or disable a single DVD drive in a virtual machine. If it was
abdb98ae42a6b42354fba512d217870de3f51666vboxsync enabled, then it would always be visible as the secondary master of
abdb98ae42a6b42354fba512d217870de3f51666vboxsync the IDE controller. With VirtualBox 3.1, DVD drives can be attached
abdb98ae42a6b42354fba512d217870de3f51666vboxsync to arbitrary slots of arbitrary controllers, so they could be the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync secondary slave of an IDE controller or in a SATA slot. If you have
abdb98ae42a6b42354fba512d217870de3f51666vboxsync a machine settings file from an earlier version and upgrade
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox to 3.1 and then move the DVD drive from its default
abdb98ae42a6b42354fba512d217870de3f51666vboxsync position, this cannot be expressed in the old settings format; the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync XML machine file would get written in the new format, and a backup
abdb98ae42a6b42354fba512d217870de3f51666vboxsync file of the old format would be kept.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync </footnote> In such cases, VirtualBox backs up the old settings file
abdb98ae42a6b42354fba512d217870de3f51666vboxsync in the virtual machine's configuration directory. If you need to go back
abdb98ae42a6b42354fba512d217870de3f51666vboxsync to the earlier version of VirtualBox, then you will need to manually
abdb98ae42a6b42354fba512d217870de3f51666vboxsync copy these backup files back.</para>
abdb98ae42a6b42354fba512d217870de3f51666vboxsync <para>We intentionally do not document the specifications of the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync VirtualBox XML files, as we must reserve the right to modify them in the
abdb98ae42a6b42354fba512d217870de3f51666vboxsync future. We therefore strongly suggest that you do not edit these files
abdb98ae42a6b42354fba512d217870de3f51666vboxsync manually. VirtualBox provides complete access to its configuration data
abdb98ae42a6b42354fba512d217870de3f51666vboxsync through its the <computeroutput>VBoxManage</computeroutput> command line
abdb98ae42a6b42354fba512d217870de3f51666vboxsync tool (see <xref linkend="vboxmanage" />) and its API (see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>VirtualBox executables and components</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox was designed to be modular and flexible. When the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox graphical user interface (GUI) is opened and a VM is started,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync at least three processes are running:<orderedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><computeroutput>VBoxSVC</computeroutput>, the VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync service process which always runs in the background. This process is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync started automatically by the first VirtualBox client process (the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>VBoxHeadless</computeroutput>, the web service or
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync others) and exits a short time after the last client exits. The
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync service is responsible for bookkeeping, maintaining the state of all
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VMs, and for providing communication between VirtualBox components.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync This communication is implemented via COM/XPCOM.<note>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>When we refer to "clients" here, we mean the local clients
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync of a particular <computeroutput>VBoxSVC</computeroutput> server
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync process, not clients in a network. VirtualBox employs its own
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync client/server design to allow its processes to cooperate, but
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync all these processes run under the same user account on the host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync operating system, and this is totally transparent to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync user.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The GUI process, <computeroutput>VirtualBox</computeroutput>,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync a client application based on the cross-platform Qt library. When
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync started without the <computeroutput>--startvm</computeroutput>
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync option, this application acts as the VirtualBox manager, displaying
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync the VMs and their settings. It then communicates settings and state
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync changes to <computeroutput>VBoxSVC</computeroutput> and also
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync reflects changes effected through other means, e.g.,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>VBoxManage</computeroutput>.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>If the <computeroutput>VirtualBox</computeroutput> client
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync application is started with the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>--startvm</computeroutput> argument, it loads the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VMM library which includes the actual hypervisor and then runs a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtual machine and provides the input and output for the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Any VirtualBox front-end (client) will communicate with the service
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync process and can both control and reflect the current state. For example,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync either the VM selector or the VM window or VBoxManage can be used to pause
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the running VM, and other components will always reflect the changed
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync state.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The VirtualBox GUI application is only one of several available
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync front ends (clients). The complete list shipped with VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is:<orderedlist>
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync <para><computeroutput>VirtualBox</computeroutput>, the Qt front end
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync implementing the manager and running VMs;</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><computeroutput>VBoxManage</computeroutput>, a less
5a4c0239fb40e75ff03c2842bfc549705ea55335vboxsync user-friendly but more powerful alternative, described in <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><computeroutput>VBoxSDL</computeroutput>, a simple graphical
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync front end based on the SDL library; see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><computeroutput>VBoxHeadless</computeroutput>, a VM front end
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which does not directly provide any video output and keyboard/mouse
4791a729647f035b6561d292c9f848dd1fc797a9vboxsync input, but allows redirection via VirtualBox Remote Desktop Extension;
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para><computeroutput>vboxwebsrv</computeroutput>, the VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync web service process which allows for controlling a VirtualBox host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync remotely. This is described in detail in the VirtualBox Software
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Development Kit (SDK) reference; please see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The VirtualBox Python shell, a Python alternative to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VBoxManage. This is also described in the SDK reference.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Internally, VirtualBox consists of many more or less separate
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync components. You may encounter these when analyzing VirtualBox internal
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync error messages or log files. These include:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>IPRT, a portable runtime library which abstracts file access,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync threading, string manipulation, etc. Whenever VirtualBox accesses host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync operating features, it does so through this library for cross-platform
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync portability.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VMM (Virtual Machine Monitor), the heart of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>EM (Execution Manager), controls execution of guest code.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>REM (Recompiled Execution Monitor), provides software emulation
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync of CPU instructions.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>TRPM (Trap Manager), intercepts and processes guest traps and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync exceptions.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>HWACCM (Hardware Acceleration Manager), provides support for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VT-x and AMD-V.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>PDM (Pluggable Device Manager), an abstract interface between
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the VMM and emulated devices which separates device implementations
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync from VMM internals and makes it easy to add new emulated devices.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Through PDM, third-party developers can add new virtual devices to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox without having to change VirtualBox itself.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>PGM (Page Manager), a component controlling guest paging.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>PATM (Patch Manager), patches guest code to improve and speed up
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software virtualization.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>TM (Time Manager), handles timers and all aspects of time inside
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guests.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>CFGM (Configuration Manager), provides a tree structure which
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync holds configuration settings for the VM and all emulated
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync devices.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>SSM (Saved State Manager), saves and loads VM state.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VUSB (Virtual USB), a USB layer which separates emulated USB
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync controllers from the controllers on the host and from USB devices;
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync this also enables remote USB.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
2fd102c735f033f993d09bed168c367a464212d0vboxsync <para>DBGF (Debug Facility), a built-in VM debugger.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox emulates a number of devices to provide the hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync environment that various guests need. Most of these are standard
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync devices found in many PC compatible machines and widely supported by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest operating systems. For network and storage devices in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync particular, there are several options for the emulated devices to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync access the underlying hardware. These devices are managed by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync PDM.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Guest Additions for various guest operating systems. This is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync code that is installed from within a virtual machine; see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The "Main" component is special: it ties all the above bits
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync together and is the only public API that VirtualBox provides. All the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync client processes listed above use only this API and never access the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor components directly. As a result, third-party applications
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync that use the VirtualBox Main API can rely on the fact that it is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync always well-tested and that all capabilities of VirtualBox are fully
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync exposed. It is this API that is described in the VirtualBox SDK
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync mentioned above (again, see <xref linkend="VirtualBoxAPI" />).</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>Hardware vs. software virtualization</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox allows software in the virtual machine to run directly on
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the processor of the host, but an array of complex techniques is employed
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to intercept operations that would interfere with your host. Whenever the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest attempts to do something that could be harmful to your computer and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync its data, VirtualBox steps in and takes action. In particular, for lots of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hardware that the guest believes to be accessing, VirtualBox simulates a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync certain "virtual" environment according to how you have configured a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtual machine. For example, when the guest attempts to access a hard
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync disk, VirtualBox redirects these requests to whatever you have configured
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to be the virtual machine's virtual hard disk -- normally, an image file
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync on your host.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Unfortunately, the x86 platform was never designed to be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualized. Detecting situations in which VirtualBox needs to take
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync control over the guest code that is executing, as described above, is
2fd102c735f033f993d09bed168c367a464212d0vboxsync difficult. There are two ways in which to achieve this:<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Since 2006, Intel and AMD processors have had support for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization"</emphasis>. This means that these processors can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync help VirtualBox to intercept potentially dangerous operations that a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest operating system may be attempting and also makes it easier to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync present virtual hardware to a virtual machine.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>These hardware features differ between Intel and AMD
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync processors. Intel named its technology <emphasis
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync role="bold">VT-x</emphasis>; AMD calls theirs <emphasis
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync role="bold">AMD-V</emphasis>. The Intel and AMD support for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization is very different in detail, but not very different
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync in principle.<note>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On many systems, the hardware virtualization features
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync first need to be enabled in the BIOS before VirtualBox can use
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync them.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>As opposed to other virtualization software, for many usage
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync scenarios, VirtualBox does not <emphasis>require</emphasis> hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization features to be present. Through sophisticated
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync techniques, VirtualBox virtualizes many guest operating systems
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync entirely in <emphasis role="bold">software</emphasis>. This means
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync that you can run virtual machines even on older processors which do
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync not support hardware virtualization.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Even though VirtualBox does not always require hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization, enabling it is <emphasis>required</emphasis> in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync following scenarios:<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Certain rare guest operating systems like OS/2 make use of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync very esoteric processor instructions that are not supported with our
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software virtualization. For virtual machines that are configured to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync contain such an operating system, hardware virtualization is enabled
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync automatically.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox's 64-bit guest support (added with version 2.0) and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync multiprocessing (SMP, added with version 3.0) both require hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization to be enabled. (This is not much of a limitation
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync since the vast majority of today's 64-bit and multicore CPUs ship
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with hardware virtualization anyway; the exceptions to this rule are
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync e.g. older Intel Celeron and AMD Opteron CPUs.)</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Do not run other hypervisors (open-source or commercial
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization products) together with VirtualBox! While several
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisors can normally be <emphasis>installed</emphasis> in parallel,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync do not attempt to <emphasis>run</emphasis> several virtual machines from
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync competing hypervisors at the same time. VirtualBox cannot track what
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync another hypervisor is currently attempting to do on the same host, and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync especially if several products attempt to use hardware virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync features such as VT-x, this can crash the entire host. Also, within
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox, you can mix software and hardware virtualization when
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync running multiple VMs. In certain cases a small performance penalty will
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync be unavoidable when mixing VT-x and software virtualization VMs. We
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync recommend not mixing virtualization modes if maximum performance and low
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync overhead are essential. This does <emphasis>not</emphasis> apply to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync AMD-V.</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para>VirtualBox allows exposing a paravirtualization interface to
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync facilitate accurate and efficient execution of software within a
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync virtual machine. These interfaces require the guest operating system
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync to recognize their presence and make use of them in order to leverage
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync the benefits of communicating with the VirtualBox hypervisor.</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para>Most mainstream, modern operating systems, including Windows and
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync Linux, support one or more paravirtualization interfaces without
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync needing the installation of additional software.</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para>VirtualBox provides the following interfaces:</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <itemizedlist>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para><emphasis role="bold">Minimal</emphasis>: Announces the
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync presence of a virtualized environment, additionally reports the
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync TSC and APIC frequency to the guest operating system. This provider
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync is mandatory for running any Mac OS X guests.</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync </listitem>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para><emphasis role="bold">KVM</emphasis>: Presents a Linux KVM
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync hypervisor interface which is recognized by Linux kernels starting
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync with version 2.6.25. VirtualBox's implementation currently supports
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync paravirtualized clocks and SMP spinlocks. This provider is
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync recommended for Linux guests.</para>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync </listitem>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync <para><emphasis role="bold">Hyper-V</emphasis>: Presents a Microsoft
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync Hyper-V hypervisor interface which is recognized by Windows 7 and newer
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync operating systems. VirtualBox's implementation currently supports
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync paravirtualized clocks, APIC frequency reporting and relaxed timer
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync checks. This provider is recommended for Windows and FreeBSD guests.
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync </listitem>
cab4e5aaf7aa192617e3056b7d0e24d5a5e86138vboxsync </itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>Details about software virtualization</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Implementing virtualization on x86 CPUs with no hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization support is an extraordinarily complex task because the CPU
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync architecture was not designed to be virtualized. The problems can usually
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync be solved, but at the cost of reduced performance. Thus, there is a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync constant clash between virtualization performance and accuracy.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The x86 instruction set was originally designed in the 1970s and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync underwent significant changes with the addition of protected mode in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync 1980s with the 286 CPU architecture and then again with the Intel 386 and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync its 32-bit architecture. Whereas the 386 did have limited virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync support for real mode operation (V86 mode, as used by the "DOS Box" of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Windows 3.x and OS/2 2.x), no support was provided for virtualizing the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync entire architecture.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In theory, software virtualization is not overly complex. In
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync addition to the four privilege levels ("rings") provided by the hardware
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (of which typically only two are used: ring 0 for kernel mode and ring 3
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for user mode), one needs to differentiate between "host context" and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync "guest context".</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In "host context", everything is as if no hypervisor was active.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync This might be the active mode if another application on your host has been
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync scheduled CPU time; in that case, there is a host ring 3 mode and a host
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ring 0 mode. The hypervisor is not involved.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In "guest context", however, a virtual machine is active. So long as
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the guest code is running in ring 3, this is not much of a problem since a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor can set up the page tables properly and run that code natively
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync on the processor. The problems mostly lie in how to intercept what the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest's kernel does.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>There are several possible solutions to these problems. One approach
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is full software emulation, usually involving recompilation. That is, all
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync code to be run by the guest is analyzed, transformed into a form which
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync will not allow the guest to either modify or see the true state of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync CPU, and only then executed. This process is obviously highly complex and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync costly in terms of performance. (VirtualBox contains a recompiler based on
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync QEMU which can be used for pure software emulation, but the recompiler is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync only activated in special situations, described below.)</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Another possible solution is paravirtualization, in which only
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync specially modified guest OSes are allowed to run. This way, most of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hardware access is abstracted and any functions which would normally
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync access the hardware or privileged CPU state are passed on to the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor instead. Paravirtualization can achieve good functionality and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance on standard x86 CPUs, but it can only work if the guest OS can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync actually be modified, which is obviously not always the case.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox chooses a different approach. When starting a virtual
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync machine, through its ring-0 support kernel driver, VirtualBox has set up
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the host system so that it can run most of the guest code natively, but it
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync has inserted itself at the "bottom" of the picture. It can then assume
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync control when needed -- if a privileged instruction is executed, the guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync traps (in particular because an I/O register was accessed and a device
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync needs to be virtualized) or external interrupts occur. VirtualBox may then
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync handle this and either route a request to a virtual device or possibly
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync delegate handling such things to the guest or host OS. In guest context,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox can therefore be in one of three states:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Guest ring 3 code is run unmodified, at full speed, as much as
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync possible. The number of faults will generally be low (unless the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest allows port I/O from ring 3, something we cannot do as we
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync don't want the guest to be able to access real ports). This is also
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync referred to as "raw mode", as the guest ring-3 code runs
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync unmodified.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>For guest code in ring 0, VirtualBox employs a nasty trick: it
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync actually reconfigures the guest so that its ring-0 code is run in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ring 1 instead (which is normally not used in x86 operating
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync systems). As a result, when guest ring-0 code (actually running in
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ring 1) such as a guest device driver attempts to write to an I/O
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync register or execute a privileged instruction, the VirtualBox
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor in "real" ring 0 can take over.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The hypervisor (VMM) can be active. Every time a fault occurs,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync VirtualBox looks at the offending instruction and can relegate it to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync a virtual device or the host OS or the guest OS or run it in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync recompiler.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In particular, the recompiler is used when guest code disables
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync interrupts and VirtualBox cannot figure out when they will be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync switched back on (in these situations, VirtualBox actually analyzes
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the guest code using its own disassembler). Also, certain privileged
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync instructions such as LIDT need to be handled specially. Finally, any
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync real-mode or protected-mode code (e.g. BIOS code, a DOS guest, or
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync any operating system startup) is run in the recompiler
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync entirely.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Unfortunately this only works to a degree. Among others, the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync following situations require special handling:</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Running ring 0 code in ring 1 causes a lot of additional
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync instruction faults, as ring 1 is not allowed to execute any
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync privileged instructions (of which guest's ring-0 contains plenty).
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync With each of these faults, the VMM must step in and emulate the code
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to achieve the desired behavior. While this works, emulating
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync thousands of these faults is very expensive and severely hurts the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance of the virtualized guest.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>There are certain flaws in the implementation of ring 1 in the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync x86 architecture that were never fixed. Certain instructions that
4eea45d3b93e3072b78a0e8aa76cffd391cb1fe8vboxsync <emphasis>should</emphasis> trap in ring 1 don't. This affect, for
4eea45d3b93e3072b78a0e8aa76cffd391cb1fe8vboxsync example, the LGDT/SGDT, LIDT/SIDT, or POPF/PUSHF instruction pairs.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Whereas the "load" operation is privileged and can therefore be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync trapped, the "store" instruction always succeed. If the guest is
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync allowed to execute these, it will see the true state of the CPU, not
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync the virtualized state. The CPUID instruction also has the same
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync problem.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>A hypervisor typically needs to reserve some portion of the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync guest's address space (both linear address space and selectors) for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync its own use. This is not entirely transparent to the guest OS and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync may cause clashes.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The SYSENTER instruction (used for system calls) executed by
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync an application running in a guest OS always transitions to ring 0.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync But that is where the hypervisor runs, not the guest OS. In this
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync case, the hypervisor must trap and emulate the instruction even when
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync it is not desirable.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The CPU segment registers contain a "hidden" descriptor cache
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which is not software-accessible. The hypervisor cannot read, save,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync or restore this state, but the guest OS may use it.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Some resources must (and can) be trapped by the hypervisor,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync but the access is so frequent that this creates a significant
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance overhead. An example is the TPR (Task Priority) register
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync in 32-bit mode. Accesses to this register must be trapped by the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor, but certain guest operating systems (notably Windows and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Solaris) write this register very often, which adversely affects
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization performance.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To fix these performance and security issues, VirtualBox contains a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Code Scanning and Analysis Manager (CSAM), which disassembles guest code,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync and the Patch Manager (PATM), which can replace it at runtime.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Before executing ring 0 code, CSAM scans it recursively to discover
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync problematic instructions. PATM then performs <emphasis>in-situ
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </emphasis>patching, i.e. it replaces the instruction with a jump to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor memory where an integrated code generator has placed a more
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync suitable implementation. In reality, this is a very complex task as there
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync are lots of odd situations to be discovered and handled correctly. So,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync with its current complexity, one could argue that PATM is an advanced
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In addition, every time a fault occurs, VirtualBox analyzes the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync offending code to determine if it is possible to patch it in order to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync prevent it from causing more faults in the future. This approach works
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync well in practice and dramatically improves software virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <title>Details about hardware virtualization</title>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>With Intel VT-x, there are two distinct modes of CPU operation: VMX
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync root mode and non-root mode.<itemizedlist>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In root mode, the CPU operates much like older generations of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync processors without VT-x support. There are four privilege levels
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ("rings"), and the same instruction set is supported, with the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync addition of several virtualization specific instruction. Root mode
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is what a host operating system without virtualization uses, and it
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync is also used by a hypervisor when virtualization is active.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In non-root mode, CPU operation is significantly different.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync There are still four privilege rings and the same instruction set,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync but a new structure called VMCS (Virtual Machine Control Structure)
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync now controls the CPU operation and determines how certain
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync instructions behave. Non-root mode is where guest systems
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync run.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Switching from root mode to non-root mode is called "VM entry", the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync switch back is "VM exit". The VMCS includes a guest and host state area
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which is saved/restored at VM entry and exit. Most importantly, the VMCS
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync controls which guest operations will cause VM exits.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The VMCS provides fairly fine-grained control over what the guests
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync can and can't do. For example, a hypervisor can allow a guest to write
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync certain bits in shadowed control registers, but not others. This enables
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync efficient virtualization in cases where guests can be allowed to write
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync control bits without disrupting the hypervisor, while preventing them from
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync altering control bits over which the hypervisor needs to retain full
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync control. The VMCS also provides control over interrupt delivery and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync exceptions.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Whenever an instruction or event causes a VM exit, the VMCS contains
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync information about the exit reason, often with accompanying detail. For
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync example, if a write to the CR0 register causes an exit, the offending
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync instruction is recorded, along with the fact that a write access to a
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync control register caused the exit, and information about source and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync destination register. Thus the hypervisor can efficiently handle the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync condition without needing advanced techniques such as CSAM and PATM
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync described above.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VT-x inherently avoids several of the problems which software
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync virtualization faces. The guest has its own completely separate address
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync space not shared with the hypervisor, which eliminates potential clashes.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync Additionally, guest OS kernel code runs at privilege ring 0 in VMX
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync non-root mode, obviating the problems by running ring 0 code at less
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync privileged levels. For example the SYSENTER instruction can transition to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync ring 0 without causing problems. Naturally, even at ring 0 in VMX non-root
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync mode, any I/O access by guest code still causes a VM exit, allowing for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync device emulation.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>The biggest difference between VT-x and AMD-V is that AMD-V provides
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync a more complete virtualization environment. VT-x requires the VMX non-root
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync code to run with paging enabled, which precludes hardware virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync of real-mode code and non-paged protected-mode software. This typically
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync only includes firmware and OS loaders, but nevertheless complicates VT-x
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync hypervisor implementation. AMD-V does not have this restriction.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Of course hardware virtualization is not perfect. Compared to
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software virtualization, the overhead of VM exits is relatively high. This
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync causes problems for devices whose emulation requires high number of traps.
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync One example is the VGA device in 16-color modes, where not only every I/O
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync port access but also every access to the framebuffer memory must be
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync trapped.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>In addition to "plain" hardware virtualization, your processor may
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync also support additional sophisticated techniques:<footnote>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>VirtualBox 2.0 added support for AMD's nested paging; support
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync for Intel's EPT and VPIDs was added with version 2.1.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>A newer feature called <emphasis role="bold">"nested
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync paging"</emphasis> implements some memory management in hardware,
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync which can greatly accelerate hardware virtualization since these
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync tasks no longer need to be performed by the virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync software.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>With nested paging, the hardware provides another level of
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync indirection when translating linear to physical addresses. Page
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync tables function as before, but linear addresses are now translated
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to "guest physical" addresses first and not physical addresses
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync directly. A new set of paging registers now exists under the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync traditional paging mechanism and translates from guest physical
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync addresses to host physical addresses, which are used to access
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync memory.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>Nested paging eliminates the overhead caused by VM exits and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync page table accesses. In essence, with nested page tables the guest
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync can handle paging without intervention from the hypervisor. Nested
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync paging thus significantly improves virtualization
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync performance.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On AMD processors, nested paging has been available starting
4c5cdd8a734c6a396ef09e1635ba31dd46ea7222vboxsync with the Barcelona (K10) architecture -- they call it now "rapid
1d0049b6dc1c4a05faff5a538e2c5b9855d1b5f2vboxsync virtualization indexing" (RVI). Intel added support for nested
1d0049b6dc1c4a05faff5a538e2c5b9855d1b5f2vboxsync paging, which they call "extended page tables" (EPT), with their
1d0049b6dc1c4a05faff5a538e2c5b9855d1b5f2vboxsync Core i7 (Nehalem) processors.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>If nested paging is enabled, the VirtualBox hypervisor can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync also use <emphasis role="bold">large pages</emphasis> to reduce TLB
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync usage and overhead. This can yield a performance improvement of up
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync to 5%. To enable this feature for a VM, you need to use the
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>VBoxManage modifyvm
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </computeroutput><computeroutput>--largepages</computeroutput>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync command; see <xref linkend="vboxmanage-modifyvm" />.</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>On Intel CPUs, another hardware feature called <emphasis
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync role="bold">"Virtual Processor Identifiers" (VPIDs)</emphasis> can
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync greatly accelerate context switching by reducing the need for
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync expensive flushing of the processor's Translation Lookaside Buffers
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync (TLBs).</para>
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <para>To enable these features for a VM, you need to use the
982035bf8335d8574617c575021d0afae4331dcdvboxsync <computeroutput>VBoxManage modifyvm --vtxvpid</computeroutput> and
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync <computeroutput>--largepages</computeroutput> commands; see <xref
febf3f1de573e25fb134b8453a22b0732b4c52e2vboxsync </listitem>