From KVM Is Fast to Understanding Why
If you run Proxmox, you have used KVM without necessarily understanding what makes it different from running processes in containers or emulating a CPU in software. The answer is that modern CPUs have hardware-level support for virtualization built in. The CPU itself enforces isolation between the guest OS and the host, handles the common case of guest execution without hypervisor intervention, and only traps to the hypervisor when something genuinely privileged happens. Understanding this mechanism explains why a KVM virtual machine can run at near-native speed.
Type 1 vs Type 2 Hypervisors
A Type 1 hypervisor runs directly on hardware with no host OS underneath it. Proxmox, VMware ESXi, and Xen are Type 1 — the hypervisor is the OS. A Type 2 hypervisor runs as an application on top of a conventional OS. VirtualBox and the non-KVM version of
Hardware Virtualization Extensions
Intel VT-x and AMD-V add two new CPU execution modes. VMX root mode is where the hypervisor runs — it has full control over hardware. VMX non-root mode is where the guest OS runs — it appears to have a complete CPU with all rings, but certain operations a
VMENTER
VMEXIT
Nested Page Tables Eliminate Memory Translation Ov
A guest OS manages its own page tables mapping guest virtual addresses to guest physical addresses. But guest physical addresses are not real physical addresses — they are an intermediate layer that must be translated to host physical addresses. Without h
PCI Passthrough with the IOMMU
The IOMMU is a memory management unit for DMA-capable devices. Without an IOMMU, a device with DMA access can write to any physical memory address, bypassing all OS protections. With an IOMMU, the kernel configures per-device mappings so a device can only
Go Deeper: CPU Instruction Execution
Hardware virtualization works by trapping certain CPU instructions and redirecting them to the hypervisor. But to understand which instructions trigger a VMEXIT and why, you need to understand how a CPU executes instructions in the first place — the fetch-decode-execute cycle, pipelining, and what makes a CPU fast in the common case.
Understand How a CPU Executes Instructions
A conceptual walkthrough of the fetch-decode-execute cycle, pipelining, branch prediction, and out-of-order execution — the mechanisms that make modern CPUs fast and the source of an entire class of security vulnerabilities.
