#+title: Virtualization & Emulation
#+date: 2026-06-15 Mon
#+author: W. Kosior
#+email: wkosior@agh.edu.pl

* Hypervisors
- type 1
  - Xen
  - WMWare ESX
- type 2
  - QEMU
  - Bochs
  - VirtualBox
  - VMWare Workstation
- Hyper-V?
- KVM?

* KVM & Hyper-V
- hypervisor included in the kernel
  - Linux (KVM)
  - Windows kernel (Hyper-V)
- used as backend (QEMU, VMWare Workstation)
  - VirtualBox to drop custom kernel module
- sporadically with distinction (according to Wikipedia)
  - Virtual Machine Monitor (VMM) — userspace application
  - hypervisor — kernel part

* Virtualiation Approaches
- code interpretation
- binary compilation
- trapping privileged, state-changing instructions
  - guest code in non-privileged mode
  - emulated interrupts & IO
  - MMU → "shadow tables"
  - limitation: only compatible architectures
    - e.g., x86 / x86_64 on x86_64
  - problem: not all instructions trapped
    - x86 & ARM extensions
- paravirtualization

* Hardware-Assisted Virtualization
- what:
  - trap-and-emulate enablers (where needed)
    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
    - not needed: Power, RISC-V

* Hardware-Assisted Virtualization, Cont.
- what:
  - trap-and-emulate enablers (where needed)
    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
    - not needed: Power, RISC-V
  - hardware-virtualized privileged state (e.g., extra)
  - hardware-virtualized address translation (e.g., 2-level translation in ARM)
  - hardware-virtualized IO (e.g., Intel VT-d, AMD-V 2.0)
  - hardware-virtualized interrupts (e.g., Intel VT-x)
  - …

* Hardware-Assisted Virtualization, Cont…
- what:
  - trap-and-emulate enablers (where needed)
    - Intel VT-x, AMD-V, ARMv7-A Virtualization Extensions
    - not needed: Power, RISC-V
  - hardware-virtualized privileged state (e.g., extra)
  - hardware-virtualized address translation (e.g., 2-level translation in ARM)
  - hardware-virtualized IO (e.g., Intel VT-d, AMD-V 2.0)
  - hardware-virtualized interrupts (e.g., Intel VT-x)
  - …
- some support in major architectures
  - x86_64, ARM, Power, RISC-V
  - exceptions
    - e.g., Intel Atom

* Xen
# wget -O XenFuPandaWiki.png https://wiki.xenproject.org/resources/assets/XenFuPandaWiki.png?60ae8
[[./XenFuPandaWiki.png]]
- dom0
- domU

* Xen Virtualization Modes
- PV
- HVM
- PVH

* VM vs Container
- ?

* VM vs Container, Cont.
- ?
- Xen: 18 security advisories in 2026
- Linux: over 2k CVEs
- /(is that comparable?)/

* VM vs Container, Cont…
- ?
- Xen: 18 security advisories in 2026 (15 in 2025)
- Linux: over 2k CVEs in 2026
- /(is that comparable?)/
- combination: VM + unprivileged user account
  - defense in depth
    - unprivileged user (no root)
    - user mode (lockdown kernel module)
    - VM

* Qubes OS

* Qubes OS & Xen Architecture Support
- x86_64
- ARMv7 + Virtualization Extensions
- ARMv8

* Qubes OS & Xen Architecture Support, Cont.
- x86_64
- ARMv7 + Virtualization Extensions
- ARMv8
- 2025 — Xen RISC-V support

* Application-Level Emulation
- e.g., AArch64 on x86_64
- vice-versa
- QEMU User space emulator
- Rosetta2
- binfmt_misc