We ideally want full virtualization instead of [[Full vs Para virtualization|para]] virtualization. Hence, hardware changes have to be made. ### Intel virtualization extensions (hardware support) In addition to the three levels, intel added the concept of root v/s non-root modes. #### Processor operation modes - VMX root ([[VMM or Hypervisor|VMM]]) - VMX non-root (Guest) - VMX non-root restricts access to certain registers and privileged instructions even when guest OS in ring 0 - New instructions in root mode #### Transitions - VMEntry (from VMM to VM) - VMExit (from VM to VMM) #### VT-x Privilege Rings ![[attachments/Screenshot 2023-05-26 at 5.22.26 PM.png]] ## Address translation with VT-x - OS likes to manage logical to physical address mappings, but in this case it does not have control of the physical memory. - OS maps to a **guest physical address** in guest-physical address space. - VMM maps guest-physical to actual physical address with another paging structure called Extended page tables (EPT) ### Extended Page Tables![[attachments/Pasted image 20230528103350.png]] ![[attachments/Pasted image 20230528103412.png]]