One idea for the virtualization framework is what is called Full Virtualization. In full virtualization the idea is to leave the operating system pretty much untouched so you can run the unchanged binary of the operating system on top of the hypervisor. This is called full virtualization because the operating system is completely untouched. Nothing has been changed. Not even a single line of code is modified in these operating systems in order to run on the hypervisor simultaneously.

The Trap and Emulate Strategy

We have to be a little bit clever to get this to work, however. Operating systems running on top of the hypervisor are run as user-level processes. They are not running at the same level of privilege as a Linux operating system that is running on bare metal. But if the operating system code is unchanged, it doesn’t know that it does not have the privilege for doing certain things that it would do normally on bare metal hardware. In other words, when the operating system executes some privileged instructions, meaning they have to be in a privileged mode or kernel mode to run on bare metal in order to execute those instructions, those instructions will create a trap that goes into the hypervisor and the hypervisor will then emulate the intended functionality of the operating system. This is what is called the trap and emulate strategy.

Essentially, each operating system thinks it is running on bare metal, and therefore it does exactly what it would have done on a bare-metal processor. This means that it will try to execute certain privileged instructions thinking it has the right privilege. But it does not have the right privilege, because it is run as a user-level process on top of the hypervisor. Therefore, when they try to do something that requires a high level of privilege than the user level, it will result in a trap into the hypervisor, and the hypervisor will then emulate the intended functionality of the particular operating system.

Issues with the Trap and Emulate Strategy

There are some thorny issues with this trap and emulate strategy of full virtualization. That is in some architectures, some privilege instructions may fail silently. What that means is, you would think that the instruction actually succeeded, but it did not, and you may never know about it.

How to Get Around This Problem

In fully virtualized systems, the hypervisor will resort to a binary translation strategy. It knows what are the things that might fail silently in the architecture. It looks for those gotchas in each of these individual binaries of the unmodified guest operating systems and through binary editing strategy they will ensure that those instructions are dealt with carefully. So that if those instructions fail silently, the hypervisor can catch it and take the appropriate action.

This was a problem in early instances of Intel architecture. Both Intel and AMD have since started adding virtualization support to the hardware so that such problems don’t exist anymore. But in the early going, when virtualization technology was first experimented with, in the late 90’s and the early 2000s, this was a problem that virtualization technology had to overcome in order to make sure that you can run operating systems as unchanged binaries on a fully virtualized hypervisor. Full virtualization is the technology that is employed in the VMware system.