Frequently Asked Question

What does hardware-assisted virtualisation (Intel VT-x, AMD-V) actually do?

Pure software virtualisation is hard because the x86 architecture, before 2005, had privileged instructions that were difficult or impossible to trap cleanly from a guest. Early hypervisors got around this with binary translation (VMware) or paravirtualisation (Xen), rewriting or modifying the guest to avoid the awkward instructions, both of which were complex and slow. Intel VT-x (2005) and AMD's AMD-V (2006) solved this in silicon by adding a new CPU mode: non-root mode, where the guest runs, alongside the familiar root mode where the hypervisor runs.

Inside non-root mode the CPU traps the previously awkward instructions cleanly into the hypervisor through a control structure (the VMCS on Intel, the VMCB on AMD). Later extensions added hardware support for nested page tables (Intel EPT, AMD RVI, 2008) so the hypervisor no longer has to shadow page tables in software, and for passing through devices safely via the IOMMU (VT-d / AMD-Vi). These features together are what makes KVM, Hyper-V, VMware ESXi, and similar Type-1 hypervisors practical on x86. Check whether your CPU supports them with grep -E 'vmx|svm' /proc/cpuinfo; vmx means Intel VT-x, svm means AMD-V.