KVM Virtualization

KVM (for Kernel-based Virtual Machine) is a fast growing open source full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module that provides the core virtualization infrastructure and a processor specific module. Using KVM virtualization, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. The kernel component of KVM is included in mainline Linux.

KVM virtualization development was started at Qumranet, a technology startup bought in 2008 by Red Hat. KVM is maintained by Avi Kivity and Marcelo Tosatti.

At the bottom of a KVM virtualization solution is the machine to be virtualized. This machine may or may not support KVM virtualization directly, which then requires support by the next layer, called the KVM hypervisor. The KVM hypervisor serves as an abstraction between the platform hardware and the operating systems. In some cases, the hypervisor is an operating system; in this case, it's called the host operating system, as shown in the left picture.

Above the hypervisor are the guest operating systems, also called virtual machines (VMs). These VMs are the isolated operating systems that view the underlying hardware platform as belonging to them. But in reality, the hypervisor provides them with this illusion.

A problem with KVM virtualization solutions in the past is that not all hardware supports virtualization cleanly. But nowadays most newer machines support virtualization (such as the Intel® VT and AMD SVM).

With KVM installed, you can start guest operating systems in user-space. Each guest operating system is a single process of the host operating system (or hypervisor). The left picture provides a view of virtualization with KVM. At the bottom is a hardware platform that is virtualization capable (currently, this means an Intel VT or AMD-SVM processor). Running on the bare hardware is the hypervisor (the Linux kernel with the KVM module). This hypervisor looks just like a regular Linux kernel on which you can run any other application. But this kernel can also support guest operating systems, loaded through the kvm utility. Finally, a guest operating system can support the same applications that the host operating system supports.

Recall that KVM is part of a virtualization solution. The processor provides the virtualization support directly (the ability to virtualize the processor for multiple operating systems). Memory is virtualized through kvm (which I discuss in the next section). Finally, I/O is virtualized through a lightly modified QEMU process (a copy of which executes with each guest operating system process).

KVM introduced a new process mode to Linux to the existing kernel and user modes. The new mode is called guest, and as the name suggests, it's used for execution of guest operating system code (or at least some of it). Recall that kernel mode represents the privileged mode for code execution, while user mode represents the non-privileged mode (for programs running outside the kernel). The modes of execution are then defined for different purposes based on what's running and for what purpose. Guest mode exists to execute guest operating system code but only for code that's non-I/O. Within guest mode are the standard two modes, so that a guest operating system runs in guest mode but supports the standard kernel and user modes for its kernel and user-space applications. The user mode of a guest operating system exists to perform I/O, which is independently managed.

Performing I/O from a guest operating system is provided with QEMU. QEMU is a platform virtualization solution that allows virtualization of an entire server environment (including disks, graphic adapters, and network devices). Any I/O requests a guest operating system makes are intercepted and routed to the user mode to be emulated by the QEMU process.

KVM provides virtualization of memory through the /dev/kvm device. Each guest operating system has its own address space that is mapped when the guest is instantiated. The physical memory that is mapped for the guest operating system is actually virtual memory mapped into the process. A set of shadow page tables is maintained to support the translation from guest physical addresses to host physical addresses. The processor also supports the memory translation process by tapping into the hypervisor (host kernel) when an unmapped memory location is accessed.

A wide variety of guest operating systems work with KVM virtualization, including many flavours of Linux, BSD, Solaris, and Windows Operating Systems. A modified version of Qemu can use KVM to run Mac OS X.