To avoid the issues surrounding the non-trappable privileged instructions, CPU manufacturers have added virtualization capabilities to modern CPUs. These CPUs still need to behave exactly like their older counterparts, to ensure backward-compatibility with existing applications, so the behavior of the non-trappable privileged instructions is identical on these newer units. However, a new set of instructions, which were not previously available, provides for a special virtual machine mode of operation. This mode provides extra levels of I/O and memory protection, and allows the special instructions to be detected and handled externally by the CPU in conjunction with a suitably written hyper visor VMM.
The first revision of this instruction set provided basic support for virtualizing the non-trappable privileged instructions, and the supporting instructions required to interface the hardware support to VMMs written to make use of it.
CPUs with first generation hardware virtualization support are not capable of nesting VMMs in a way that allows the nested VMM to also take advantage of the hardware virtualization capabilities. This means that when using CPUs with first generation hardware virtualization, only the outermost VMM can benefit from the hardware acceleration. While this may not initially seem to be a problem, some modes of operation are not possible without hardware virtualization support, meaning those modes will not be available in a nested-VMM configuration.
Furthermore, some computer manufacturers intentionally disable hardware virtualization support in their PCs, even if the hardware is capable of supporting it.6 The second revision of this hardware support, present in only the newest CPUs at the time of this writing, does allow virtualization of the hardware virtualization instructions, allowing for some degree of nested VMM capabilities.
Limitations and Challenges
Performance There will always be some level of performance overhead associated with hyper visor VMMs. As CPUs evolve to include more hardware support for virtualization, the areas of performance impact will shift from the VMM to the emulated hardware instead, which can still result in a non-trivial impact.
VM inside another VM As mentioned before, unless one uses extremely new hardware it is not possible to run a hardware-accelerated VM inside another hardware-accelerated VM.
No hardware assist Especially important in a virtual desktop solution, one must consider the millions of PCs in the field that could be used as host PCs that do not have even the first generation of virtualization support.7