[Tech] Adding virtualization hardware support to Sargantana processor

The Sargantana processor will have hardware support for virtualized environments, meeting the specification of RISC-V Privileged Architecture. This allows virtualized environments, such as virtual machines, run more efficiently.

 

At a practical level, it means that a new execution mode (hypervisor) is added which virtualizes the usual execution modes (virtual-user and virtual-supervisor).

To add this support to the Sargantana processor, certain changes must be made to the core, in particular:

 

Set of hardware registers The core already has control and state registers (CSRs) to track and control the usual execution modes (user, supervisor and machine). The extension requires the modification of some of these to enable the virtualization mode and also  the addition of new CSRs for the new mode (hypervisor) and for the new virtualized modes (user-virtual and supervisor-virtual).

 

modes d'execució
Image 1: Execution modes available with the hypervisor extension disabled and enabled.

 

 

Interrupts and exceptions management: By default, all the interrupts and exceptions are handled by the machine mode, which can perform the treatment or invoke a routine of the higher level. Given that this treatment can be slow, there is a hardware mechanism that allows the treatment to be delegated to a higher level (avoiding the intermediate jumps). With the new hypervisor mode, you need to add a new level of delegation and add a whole set of new exceptions specific to the virtualized environments.


 

Imatge 2: Delegació hardware d'interrupcions i excepcions amb l'extensió d'hipervisor desactivada i activada.
Image 2: Hardware delegation of interruptions and exceptions with the hypervisor extension disabled and enabled.

 

Address space management Support for virtualized environments needs tobe added in the module that is responsible to protect and translate virtual addresses to physical addresses. In these environments all physical addresses are also virtualized and therefore two translations are required: 1) translate a virtual address to a physical address within the virtualized environment (virtual physical address) and 2)~translate this virtual physical address to obtain the real physical address inside the machine. It is necessary to keep in mind that this second phase of translation does not only affect the virtual physical address resulting from the first phase, but also all the intermediate structures (page tables) used in the translation itself.
 

Imatge 3: Mecanisme de traducció d'adreces en un entorn sense virtualitzar i en un amb la virtualització activada
Image 3: Address translation mechanism in a non-virtualized environment and in one with virtualization enabled.

 

New instructions The hypervisor specification also includes new instructions to manage the memory of environments virtualized.

 

Apart from processor modifications, new test programs must also be made that take into account the verification of these virtualized environments and that the implemented modifications do not affect the normal operation of the processor in non-virtualized environments. 

 

 

References
[1] RISC-V Fundation. RISC-V Privileged Architecture, version 20210915-Public-Review-draftn, https://github.com/riscv/riscv-isa-manual/releases/tag/riscv-privileged-20210915-public-review