Hardware virtualization alization: the nuts and bolts/EPT/vpid

Hardware virtualization alization

Http://www.anandtech.com/show/2480

Very good!

In fact, it seems that there are some errors, such as explaining the EPT page. Confuse EPT with vpid.

EPT

Memory is a very important system resource. The physical address understood by the client operating system is only the client physical address (guest physical address), not the final host physical address (host physical address ). When a page exception occurs in a client (Virtual Machine), vmm needs to know the cause of the page exception. The reason is that the guest process attempts to access an address without permission or the client linear address (guest linear address) the physical address of the client has not been translated into the physical address of the host. The common solution is that vmm constructs a shadow page table for each process page table of the client, maintains the ing between the client linear address and the host physical address.
The physical memory address of the Shadow page table stored in the CR 3 register. Vmm also maintains a global ing table between the client physical address and the host physical address. When a page error occurs, the client linear address is always used. vmm checks the reason for the current page table set by the client operating system first. If the page table item has been created, that is, the corresponding client physical address exists, note that the ing to the host physical address has not yet been established, vmm allocates a page of physical memory to update the shadow page table and ing table; otherwise, vmm returns to the client operating system, it handles the exception by itself. Vmm must also set the physical address area of the page table used by the client operating system to read-only. VM exit can occur when it updates its own page table.
Vmm ensures the consistency between the two page tables. Due to frequent page defects, the construction and maintenance of the Shadow page table significantly reduces the performance of virtual machines.

Intel proposed extended page tables (EPT) technology to solve this problem. Vmm maintains a global EPT ing table from the physical address of the client to the physical address of the host for each client operating system, which is called the EPT page table. The EPT page table has the same structure as the normal page table. vmm stores its physical address in vmcs to notify the memory management unit (MMU ). The EPT page table is enabled only in vmx non-root mode. Once the client linear address is used to access the memory, MMU uses the current page table of the client operating system and the EPT page table to obtain the final host physical address. With
EPT technology: when the client operating system sets the Register to switch the page table, no VM exit is required; vmm does not need to write a page table that protects its management, if the corresponding page table item cannot be found in the EPT page table, the VM exit notification is automatically sent to vmm for processing. Figure 1 shows how the processor translates the linear address in the 32-bit client operating system into the physical address of the host. EPT significantly reduces the number of VM exits and simplifies the design of vmm. Research shows that the EPT technology improves the performance of general testing programs by up to 48%; for some memory-intensive small testing programs, the performance is improved by up to 600%.

Figure 1. 32-bit client linear address translation into host physical address
 

When translating the client's linear address, MMU hardware had to jump back and forth between two page tables. Assume that the page table of the client operating system has m-level and the EPT page table has n-level. It can be estimated that a maximum of M * n + m + n page table (memory) accesses are required. If both the client operating system and the vmm are 64-bit, both m and n are 4, and the upper limit is 24, the performance of the virtual machine may be greatly affected. However, if vmm uses 2 m or a larger physical page, although this does not reduce the number of N, it can increase the hit rate of the translation back-aid buffer (translation lookaside buffer, TLB, this reduces access to page tables.

The solution proposed by AMD is rapid virtualization indexing, formerly known as nested page tables. This technology is very similar to EPT and will not be described here.

1: There is a pointer in vmcs called extended-page-Table pointer (eptp), so obviously each vmcs has an EPT

Vmcs-> VM-EXECUTION control fields-> extended-page-Table pointer (eptp)

Point to the EPT table. This table stores EPT paging struc-tures (GPA --> hPa ).

2: EPT is stored in the guest address space and can be operated under VM non-root without VM exit.

3: At this time, Guest OS has two page tables, one common () and the other (EPT. Level 2 search, which can be found without VM exit.

4: of course, if the EPT ing is not found in EPT, it still requires VM exit.

Formats of eptp and EPT paging-structure entries

28.2.1 EPT overviewif cr0.pg = 1, the translation of a linear address to a physical address requires multiple translations of guest-phys-
Ical addresses using EPT. Assume, for example, that cr4.pae = cr4.pse = 0. The translation of a 32-bit linear
Address then operates as follows:
• Bits 31: 22 of the linear address select an entry in the guest page directory located at the guest-physical
Address in cr3. the guest-physical address of the guest page-directory entry (PVDF) is translated through EPT
To determine the guest P' s physical address.
• Bits 21:12 of the linear address select an entry in the guest page table located at the guest-physical address in
The guest PVDF. the guest-physical address of the guest page-table entry (PTE) is translated through EPT
Determine the guest PTE's physical address.
• Bits 11: 0 of the linear address is the offset in the page frame located at the guest-physical address in the guest
Pte. the guest-physical address determined by this offset is translated through EPT to determine the physical
Address to which the original linear address translates.
In addition to translating a guest-physical address to a physical address, EPT specifies the privileges that software
Is allowed when accessing the address. Attempts at disallowed accesses are called EPT violations and cause
VM exits.