The well-known "Formal Requirements for Virtualizable Third Generation Architectures" paper identified 17 problematic instructions on x86, the best example being POPF. The Intel Architecture Developer's Manual makes this understated observation:
The effect of the POPF/POPFD instructions on the EFLAGS register changes slightly, depending on the mode of operation of the processor.In other words, you won't get a trap when trying to modify supervisor state with the POPF instruction in user mode.
In the PowerPC KVM implementation, we relied on the fact that a privileged instruction would trap. This enabled us to execute the vast majority of guest kernel instructions natively in user mode, since we would get a trap and could emulate any supervisor-only instructions. Ultimately, even without hardware support, we didn't need a complicated dynamic instruction translation engine (see VMware). Hardware support became a question of acceleration, rather than a requirement.
A colleague recently mentioned that ARM has a similar problem with the CPS instruction. Sure enough, from the ARM Architecture Reference Manual:
Exceptions: None.That's disappointing, because I had assumed that ARM, following similar RISCish principles to PowerPC, would have ended up with the same behavior. It took Intel years to add the necessary architecture changes for virtualization (VMX), and there is still no solution other than VMware's for the non-VMX processors.
Notes
User mode: CPS has no effect in User mode.
From what I can tell, ARM TrustZone doesn't solve this problem... can anybody confirm?
