What is SAHF and LAHF and why do I need it to install vSphere 5.1?

Happened to look over the ESXi 5.1 documentation today (yeah, yeah, normally I just install and don’t RTFM) and noticed this in the Hardware Requirements section:

  • ESXi 5.1 will install and run only on servers with 64-bit x86 CPUs
  • ESXi 5.1 requires a host machine with at least two cores
  • ESXi 5.1 supports only LAHF and SAHF CPU instructions
  • ESXi 5.1 requires the NX/XD bit to be enabled for the CPU in the BIOS

Most of the requirements are fairly straightforward, the 64-bit CPU requirement has been there since vSphere 4 was introduced, but many people probably don’t know what NX/XD & LAHF/SAHF are. The NX/XD bit is a CPU feature called Never eXecute, hence the NX name. What the NX bit does is enable the ability to mark certain areas of memory as non-executable with a flag. When this happens the processor will then refuse to execute any code that resides in those areas of memory. Any attempt to execute code from a page that is marked as no execute will result in a memory access violation. This feature adds a layer of security to a computer by providing a protected area against malicious code such as viruses and buffer overflow attacks.

AMD first added the NX bit feature to their AMD64 processor line starting with the Opteron processor starting in 2003. So you may be wondering about the XD part, well that is simply Intel’s name for the same feature which they refer to as eXecute Disable. Intel introduced support for the XD bit shortly after AMD with their Pentium 4 Prescott processor in 2004. Both the NX bit and the XD bit have the exact same functionality just different names so you will often see it as referred to as NX/XD. This feature has been standard on most processors for years now so almost every server built since 2006 should have it. Support for NX/XD is typically enabled or disabled in the server BIOS and is typically found under Processor options and labeled as something like “Execute Disable Bit”, “NX Technology” or “XD Support”.

Many virtualization admins know what NX/XD is but LAHF & SAHF CPU instructions are a processor function that you have probably never heard of. LAHF stands for Load AH from Flags and SAHF stands for Store AH into Flags. LAHF & SAHF are used to load and store instructions for certain status flags. Instructions are basic commands composed of one or more symbols that that are passed to a CPU as input. These instructions related to LAHF & SAHF are used for virtualization and floating-point condition handling. You really don’t need to understand how they work as they are related to the core CPU architecture but if you want to understand them better you can read more about them here.

Support for LAHF and SAHF instructions appeared shortly after NX/XD was introduced. AMD introduced support for the instructions with their Athlon 64, Opteron and Turion 64 revision D processors in March 2005 and Intel introduced support for the instructions with the Pentium 4 G1 stepping in December 2005. So again most most servers built after 2006 should have CPUs that support LAHF/SAHF. Similar to NX/XD which can be enabled or disabled in the server BIOS, support for LAHF/SAHF is typically tied into the Virtualization Technology (VT) option in a server BIOS which is often referred to Intel VT or AMD-V which is their respective support for virtualization CPU technology. The option to enable this on a HP Proliant BIOS is shown below:

bios1

So how do you know if your server’s CPUs support NX/XD & LAHF/SAHF? As I said before if you’ve purchased a server in the last 5 or so years, it most likely will support it. If it doesn’t support it the ESXi installer will warn you when you install it as shown below:

bios31

Interesting enough though it will still let you install it despite not having the required CPU features. Prior versions of vSphere used to give you an error saying your CPU doesn’t support Long Mode and wouldn’t let you install it. If you do get the error above the first thing to check in that case is if you have those options enabled in the BIOS, if you don’t see those options in the BIOS then your CPU may not support them. You can check your specific CPU’s specifications on Intel’s or AMD‘s websites. You can also check VMware’s Hardware Compatibility List but be aware that there are many processor types/server models not on the HCL that will still work despite not being on the list, they just are not officially supported.

Another way to know if your CPU’s support the required features is to use VMware’s CPU Identification Utility which is a small little ISO that you can boot your host from and it will check the CPU hardware to see if it will support vSphere. I’ve mounted it using the iLO management on server and have also mounted it to a VM’s CD-ROM and booted from it and ran it. Since the CPU hardware is not emulated it can see what type of physical CPU the host is using and what features it supports. The output of the CPU ID tool is shown below, this server fully support all the required CPU features for vSphere:

bios21

So there you have it, now you know more about NX/XD & LAHF/SAHF than you probably wanted to know but at least you have an understanding of what they are when you read about the CPU requirements in the vSphere documentation. You probably won’t find any modern servers that don’t support it but often times our data centers become server graveyards and contain a lot of older hardware that keeps getting re-used until they finally die which may not support it. So knowing what to look for when it comes to CPU features is good to know.

Share This:

1 comment

    • Andrew Fidel on October 4, 2012 at 9:39 pm

    Almost every AMD64 processor since AMD-v was introduced has had the feature, but a few bad BIOS implementations have apparently disabled it and not had the option available for user configuration.

    Intel on the other hand is a whole nother ball of wax. Intel for whatever reason decided to use VT-x as a tiering mechanism and so many entry level desktop and many laptop processor’s lack the feature. There’s even at least one Xeon processor without it. For a fairly comprehensive list see:

    http://ark.intel.com/Products/VirtualizationTechnology

    It’s not likely to be an issue with production servers, but for labs or portable demo laptops it can be a serious stumbling block. It’s also a very large reason why Win7’s XP mode is less popular as a solution to IE6 legacy issues than it might otherwise be, very few standard corporate laptops had processors with VT-x capability.

Comments have been disabled.