What does vmx, svm CPU flags mean?

Before installing a hypervisor or a 64bit Guest OS in a virtualized environment, many HOW-TOs and tutorials will ask us to run this command to check for hardware virtualization support in the CPU.

grep -E ‘vmx|svm’ /proc/cpuinfo to check for HW virtualization support

$ grep -E ‘vmx|svm’ /proc/cpuinfo 
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
            cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext 
            fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc
            extd_apicid aperfmperf pni monitor ssse3 cx16 popcnt lahf_lm cmp_legacy
            svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch ibs skinit
            wdt arat cpb hw_pstate npt lbrv svm_lock nrip_save pausefilter

I personally prefer

grep —color -E ‘vmx|svm’ /proc/cpuinfo

to highlight the search pattern vmx and svm in a different color.

My CPU is AMD, hence svm flag is present. On Intel CPU, it would be vmx. Both denotes the virtualization extensions in their respective CPU’s.

Fine. What do they stand for? What do they mean?

SVM stands for Secure Virtual Machine. When AMD published their virtualization extension it was called SVM but later marketed as AMD-V. SVM is the set of CPU instructions that provides the virtualization instruction.

Intel calls it VT-x. VMX stands for Virtual Machine Extensions. (Intel) Processor support for virtualization is provided by a form of processor operation called VMX operation. This is not to be confused with the VMware terminology which stands for Virtual Machine Executable, a component of an ESX virtual machine that takes care of I/O, user interfaces, snapshot managers, and remote console.

Both VMX and SVM are CPU features but how does the CPU advertises these features? How does the OS query the presence of such features?

If a CPU supports these features, certain register in the CPU are set. On Intel CPUs, the 5th bit of ECX registers denotes the CPU support for VMX. A value of 1 indicates that the processor supports this technology. I am not sure for AMD because I started writing this article more than a year ago and left it to dust.

Before software attempt to use these features, it must check for their presence. Let us see how this is done in code.

static inline int cpu_has_vmx(void)
 {
      unsigned long ecx = cpuid_ecx(1);
      return test_bit(5, &ecx); /* CPUID.1:ECX.VMX[bit 5] -> VT */
 }

The above KVM code checks for VMX in the CPU. It calls a function cpuid_ecx() and assigns the output to a variable ecx. Then it calls another function test_bit to check for the 5th bit in ecx.

This is how the function cpuid_ecx looks like

    static inline unsigned int cpuid_ecx(unsigned int op)
     {
            unsigned int eax, ebx, ecx, edx;

            cpuid(op, &eax, &ebx, &ecx, &edx);

            return ecx;
     }

Internally it calls cpuid() which takes a bunch of other registers as a parameter. Finally the function returns just the ecx which has the VMX bit.

cpuid() is a Linux system call to query the CPU. See man cpuid. If I understand correctly it in turn calls the x86 instruction CPUID which provides CPU features and type. CPUID is not available prior to Pentium 4.

The test_bit function checks if a bit is set.

On the other hand, the code to check SVM is a little different. It directly calls cpuid.

static inline int cpu_has_svm(const char **msg)
 {
        uint32_t eax, ebx, ecx, edx;

        if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) {
              if (msg)
                   *msg = “not amd”;
              return 0;
        }

        cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
        if (eax < SVM_CPUID_FUNC) {
              if (msg)
                   *msg = “can’t execute cpuid_8000000a”;
               return 0;
        }

        cpuid(0x80000001, &eax, &ebx, &ecx, &edx);
        if (!(ecx & (1 << SVM_CPUID_FEATURE_SHIFT))) {
                if (msg)
                     *msg = “svm not available”;
                return 0;
         }
 return 1;
 }
Advertisements

3 thoughts on “What does vmx, svm CPU flags mean?

  1. Hello.
    Found your post, goo3gling for an issue with nested virtualization.
    I run CEntOS 7.3 with qemu-kvm-ev-2.6.0-27.1.el7.x86_64 on AMD A4-5000 APU with Radeon(TM) HD Graphics

    I launch successfully VMs on which I have replicated “host CPU”

    Trying to start a VM inside the VMs fails.

    The error I get is:

    has_svm: can’t execute cpuid_8000000a
    kvm: no hardware support

    However the VCPUs have all the flags as the host CPU (including svm).

    What is your opinion on possible root causes?

    Thank you

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s