Overview of KVM and ARM64 Virtualization: Architecture, CPU, Memory, and I/O Virtualization

KVM (Kernel-based Virtual Machine) is a full‑virtualization solution that leverages hardware‑assisted virtualization features of the Linux kernel. It was originally developed by the Israeli startup Qumranet and merged into the Linux kernel starting with version 2.6.20. When the KVM module is loaded, the Linux kernel becomes a hypervisor, using the kernel’s services to manage hardware and providing high compatibility and extensibility.

Because KVM runs as a kernel module, it requires a user‑space component to interact with guests. This role is fulfilled by QEMU, a GPL‑licensed processor emulator written by Fabrice Bellard. QEMU implements CPU, memory, and I/O virtualization in user space and, when combined with KVM, offloads the heavy lifting of CPU and memory virtualization to the kernel while handling most I/O virtualization itself, achieving high efficiency.

For beginners, the kvm‑tool project provides a compact C‑based KVM virtualization tool that is easy to understand and fully supports Linux virtualization, making it a good entry point.

ARM64 Virtualization Support

ARM introduced hardware virtualization in the ARMv7‑A architecture and expanded it in ARMv8, which replaces the old privilege levels with a new Exception Level (EL) model. EL2 is reserved for the hypervisor and provides access to virtualization features such as Stage‑2 address translation, EL1/EL0 instruction and register access, and virtual exception injection.

CPU Virtualization

Before hardware virtualization, CPUs relied on binary translation (e.g., QEMU’s software virtualization) which is complex and inefficient. Hardware virtualization, as provided by KVM, enables the hypervisor to manage CPU state directly, improving performance.

Hypervisors may need to trap certain guest operations (e.g., power‑management instructions like WFI) to maintain isolation. By configuring traps (e.g., setting HCR_EL2.TWI), the hypervisor can intercept these instructions, schedule the guest VCPU, and prevent the host CPU from entering a low‑power state that would affect other guests.

Memory Virtualization

Memory virtualization provides each guest with a contiguous address space starting at 0 while isolating and scheduling memory across guests. ARM uses Stage‑2 translation, allowing the hypervisor to control the guest’s view of memory. The hypervisor maintains a Stage‑2 page table that maps the guest’s intermediate physical address (IPA) to real physical memory, while the guest OS controls a Stage‑1 page table that maps virtual addresses to IPA.

I/O Virtualization

I/O device virtualization differs from CPU and memory virtualization and can be realized through four main approaches:

Device emulation – the hypervisor forwards guest I/O requests to a user‑space emulator such as QEMU. This offers high compatibility but poor performance.

Front‑/back‑end driver interfaces – standards like virtio define a lightweight, privileged interface between the hypervisor and guest, improving performance at the cost of compatibility.

Device passthrough – a physical device is directly assigned to a guest, delivering near‑native performance but requiring hardware support and preventing sharing.

Shared device assignment – an extension of passthrough (e.g., SR‑IOV) that allows a single physical device to be partitioned and shared among multiple guests.

References:

《KVM实战：原理、进阶与性能调优》

https://segmentfault.com/a/1190000022797518

https://www.cnblogs.com/LoyenWang/