ARM Ltd recently unveiled the virtualization capabilities in ARMv7-A, and they are impressive. Taking a step back though, here’s what impresses me the most: these guys jumped in with both feet.
Consider for a moment the very measured approach Intel took with their virtualization extensions to the x86 architecture. They started by adding privilege modes beyond the traditional “ring” model. A later implementation added nested MMU support, allowing guests to directly manipulate their page tables without host software intervention. A later implementation added an IOMMU, allowing direct guest access to IO devices without sacrificing isolation.
In contrast, ARM is doing all of these, and more, in their very first foray into hardware virtualization.
If you talk to me long enough, you’ll undoubtedly hear me say something about priorities and engineering tradeoffs. In the real world, real sacrifices must be made to do almost anything new, and adding virtualization support to hardware is another good example. Numerous projects have demonstrated that one can virtualize the ARM architecture without hardware support, and in those cases the engineering tradeoffs boil down to performance vs isolation vs code changes. ARM is dramatically simplifying that equation, and while it’s great for us software people, they’re paying a price in hardware: design complexity, die size and cost, power consumption, and the all-important verification process. Improving the software comes at a steep cost elsewhere in the ecosystem, hoping for a net benefit to the overall system.
Of course, having the hardware capabilities is just the start; you also need software to drive it. That’s where it starts to get fun for me…