类似ASID, ASID用以区分不同进程的地址空间,切换时不用刷新TLB。VPID用来区分不同的虚拟处理器地址空间,虚拟机切换时不用刷新TLB。
VMM为每个VMCS分配一个唯一的VPID,在VMCS中将Enable VPID置1就可以启用该功能。
硬件支持的情况下,当VM ENTRY (optionally)时,EPT被激活。EPT模式CPU同时控制两个页表,一个是Guest常规意义上的页表,该页表维护 logical page numbers (LPNs) to physical page numbers (PPNs)的映射。另一个是VMM maintains a mapping of PPNs to machine page numbers (MPNs),称为extended page tables。When EPT active, EPT base pointer (loaded on VM entry from VMCS) points to extended page tables。当VM exit事件发生时,EPT deactivated。
见Performance Evaluation of Intel EPT Hardware Assist - VMware
因此当EPT模式address translation时,实际要遍历两个页表,注意是从guest的CR3开始地址转换。如下简图:
实际情况要复杂一些,因为guest page table(GPT)和EPT可能是多层的,每遍历GPT的一层都可能要遍历一次EPT,所以GPT是m层,EPT是n层,遍历最大次数大约是m*n(假定TLB MISS)。下面是来自2009 虚拟化技术全国高校师资研讨班的详细示意图:
这也就是为什么huge page对VM的作用更加明显的原因,可以参看下面的链接:
Transparent Hugepage
TLB
EPT模式下TLB的管理相对复杂,详见INTEL Manual 25.3 CACHING TRANSLATION INFORMATION。分为三类Cache:Linear mappings(LPN->PPN), Guest-physical mappings(PPN->MFN), Combined mappings(LPN->MFN)
后两者的内容(部分)来自EPT。可以是使用指令INVEPT/INVVPID来 invalidates entries in the TLBs and paging-structure caches that were derived from extended page tables (EPT), or based on a Virtual-Processor Identifier (VPID).
参考资料:
TLBs, Paging-Structure Caches, and Their Invalidation Application Note 不包含虚拟机相关内容,现在已经是Intel Manual的一部分,但是整合在一起看起来方便一些。
参考资料
Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3B: System Programming Guide, Part 2 :chapter 25 VMX SUPPORT FOR ADDRESS TRANSLATION
Intel® Virtualization Technology Processor Virtualization Extensions and Intel® Trusted
execution Technology
EPT-Induced VM Exits
见Intel Manual,Accesses using guest-physical addresses may cause VM exits due to EPT misconfigurations and EPT violations. An EPT misconfiguration occurs when, in the course of translation a guest-physical address, the logical processor encounters an EPT paging-structure entry that contains an unsupported value. An EPT violation occurs when there is no EPT misconfiguration but the EPT paging-structure entries disallow an access using the guest-physical address. 其中EPT violations发生的一个情况就是Translation of the guest-physical address encounters an EPT paging-structure entry that is not present,基于此可以动态创建EPT.
此外,guest的 page faults 应该先于对应的EPT violations发生,因为EPT是根据guest的page table建立起来的。
EPT in Xen 4.1.2
标志位SECONDARY_EXEC_ENABLE_VPID用以控制VPID是否打开
/* VPID was disabled: now enabled. */
curr->arch.hvm_vmx.secondary_exec_control|= SECONDARY_EXEC_ENABLE_VPID;
construct_vmcs有如下代码
if ( cpu_has_vmx_vpid )
__vmwrite(VIRTUAL_PROCESSOR_ID, v->arch.hvm_vcpu.asid);
asid的分配在文件xen-4.1.2/xen/arch/x86/hvm/asid.c文件中.
EPT
设置见
readmsr(curr_vcpu->arch.hvm_vmx.secondary_exec_control |=
SECONDARY_EXEC_ENABLE_EPT)
__vmwrite(EPT_POINTER, d->arch.hvm_domain.vmx.ept_control.eptp)
ept表项对应的数据结构是ept_entry_t。hap_set_allocation为ept页表建立page pool,使用的函数为hap_alloc.
EPT的建立完全类似demand paging机制,触发EPT Violation时建立,相应的处理函数是
ept_handle_violation=>hvm_hap_nested_page_fault,有代码如下,注释里面的PoD是populate-on-demand的意思。
/* Spurious fault? PoD and log-dirty also take this path. */
if ( p2m_is_ram(p2mt) )
{
/*
* Page log dirty is always done with order 0. If this mfn resides in
* a large page, we do not change other pages type within that large
* page.
*/
paging_mark_dirty(v->domain, mfn_x(mfn));
p2m_change_type(p2m, gfn, p2m_ram_logdirty, p2m_ram_rw);
return 1;
}
EPT in KvmEPT的设置在vmx_set_cr3函数中。EPT是动态创建的,利用 EPT Violation VM Exit,见tdp_page_fault函数。
ept_sync_*函数封装了invept指令。
VPID activated if new “enable VPID”control bit is set in VMCS
New 16-bit virtual-processor-ID field (VPID) field in VMCS
–VMM allocates unique value for each guest OS
–VMM uses VPID of 0×0000, no guest can have this VPID;
Cached linear translations are tagged with VPID value.
位图vmx_vpid_bitmap管理VPID资源。
Extending KVM with new Intel® Virtualization technology
http://www.mjmwired.net/kernel/Documentation/kvm/mmu.txt
原文网址:http://blog.chinaunix.net/uid-1858380-id-3205061.html