Is there no difference between VMX root mode and non-VMX mode (when VMX is disabled or VMXOFFed) apart from -
i) certain values can't be loaded into certain CRs in VMX mode, and
ii) these new VMX operations are available in VMX mode.
If that is the case, the VMM has all the priviledges of the OS-kernel. So, in a scenario where the VMM installs on top of the OS-kernel (or as a module in it), the VMM can starve the other non-VM processes of the host OS
e.g. consider this sequence of events:
i) VMXON switches control to the VMM
ii) VMM launches VM1
iii) VM1 VM-exits
iv) VMM launches VM2
iv) VM2 Vm-exits
v) VMM resumes VM1
vi) VM1 VM-exits
vii) VMM resumes VM2
viii) VM2 Vm-exits
this could keep on repeating, what about the other host OS applications ? What if the VMM doesn't executes VMXOFF ?
Also, why the restrition on the 'values that can be loaded into the CRs' ?