| Rich Freeman on 22 Dec 2012 03:10:18 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] VMware Workstation 8/9, Player 4/5 & Ubuntu 12.04, (& 12.10) |
On Sat, Dec 22, 2012 at 1:20 AM, JP Vossen <jp@jpsdomain.org> wrote: >> From: "Eric H. Johnson"<ejohnson@camalytics.com> >> You don't happen to know if one can nest a VM other than VMWare? > > I don't sorry. I was actually kind of surprised that even VMware allowed > it, though it does seem new. I dunno, that just feel kinda "icky" to me. > :-) I do see how it can be quite useful in some special circumstances > though. Why not? If you virtualize a machine, why shouldn't it be able to do anything a regular machine can do, like run other virtual machines? But, I'd be surprised if anything other than qemu and VMWare could do these (and the former at significant cost). VMWare was around long before hardware virtualization support, and I would think that nested VMs would not benefit from hardware virtualization support. Most of the newer virtualization solutions require hardware support to work. Think of it this way - in the beginning of the x86 there was the application, and it was used to having bare metal access to the hardware. Then people realized that we should be able to run more than one of them, and thus protected mode was born. Thus OSes could virtualize the hardware and run multiple apps at once, but the OSes needed to run in protected mode, and thus they had bare metal access to the hardware. Then people realized that we should be able to run more than one of them, and thus virtualization support was born. Then hypervisors could virtualize the hardware and run multple OSes at once, but the hypervisors needed to have access to the virtualization extensions and thus they had bare metal access to the hardware. See a trend? I think part of the problem is that privilege levels just aren't well-designed (from a theoretical standpoint) on the x86. There shouldn't be an absolute number of privilege levels - it should simply be relative. So, one process would only be protected with respect to another, and it wouldn't be an absolute toggle. Of course, implementing that in hardware might be difficult. Right now we're at 4 levels of protection plus two of virtualization, and we only use 2 of the levels of protection in practice. If the x86 just allowed processes with a higher privilege level (relative) to selectively trap instructions at lower levels and virtualize memory/IO/interrupts/etc then you could have all the layers of virtualization you want. As an added bonus it would be perfect for creating rootkits as well. :) Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug