On x86 processors, when running in protected mode, there are four privilege levels. The operating system kernel executes in privilege level 0 (also called "supervisor mode") while applications execute in privilege level 3. Privilege levels 1 and 2 are not used. When the processor detects a privilege level violation, it generates a general-protection violation.
When using virtual machine extensions, there are two classes of software: VMM (Virtual Machine Monitor), also known as "hypervisor", and Guests, which are virtual machines. VMM acts as a host and has a full access to the hardware. Each Guest virtual machine operates independently of the others.
In the Xen project, running on x86 processors, the guest operating systems run in privilege level 1. The guest operating system code has been modified to support virtualization. There is no need to modify applications and they run in privilege level 3 as in the usual case. Naturally, many will prefer a situation where the guest operating system code does not need to be modified. As a result, hardware manufacturers like Intel and AMD have begun to develop processors with built-in virtualization extensions. With these processors, the guest