From: Junaid Shahid <junaids@google.com>
To: kvm@vger.kernel.org
Cc: andreslc@google.com, pfeiner@google.com, pbonzini@redhat.com,
guangrong.xiao@linux.intel.com
Subject: [PATCH v2 5/5] kvm: x86: mmu: Update documentation for fast page fault mechanism
Date: Tue, 8 Nov 2016 15:00:30 -0800 [thread overview]
Message-ID: <1478646030-101103-6-git-send-email-junaids@google.com> (raw)
In-Reply-To: <1478646030-101103-1-git-send-email-junaids@google.com>
Add a brief description of the lockless access tracking mechanism
to the documentation of fast page faults in locking.txt.
Signed-off-by: Junaid Shahid <junaids@google.com>
---
Documentation/virtual/kvm/locking.txt | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/Documentation/virtual/kvm/locking.txt b/Documentation/virtual/kvm/locking.txt
index f2491a8..e7a1f7c 100644
--- a/Documentation/virtual/kvm/locking.txt
+++ b/Documentation/virtual/kvm/locking.txt
@@ -12,9 +12,16 @@ KVM Lock Overview
Fast page fault:
Fast page fault is the fast path which fixes the guest page fault out of
-the mmu-lock on x86. Currently, the page fault can be fast only if the
-shadow page table is present and it is caused by write-protect, that means
-we just need change the W bit of the spte.
+the mmu-lock on x86. Currently, the page fault can be fast in one of the
+following two cases:
+
+1. Access Tracking: The SPTE is not present, but it is marked for access
+tracking i.e. the VMX_EPT_TRACK_ACCESS mask is set. That means we need to
+restore the saved RWX bits. This is described in more detail later below.
+
+2. Write-Protection: The SPTE is present and the fault is
+caused by write-protect. That means we just need to change the W bit of the
+spte.
What we use to avoid all the race is the SPTE_HOST_WRITEABLE bit and
SPTE_MMU_WRITEABLE bit on the spte:
@@ -24,7 +31,8 @@ SPTE_MMU_WRITEABLE bit on the spte:
page write-protection.
On fast page fault path, we will use cmpxchg to atomically set the spte W
-bit if spte.SPTE_HOST_WRITEABLE = 1 and spte.SPTE_WRITE_PROTECT = 1, this
+bit if spte.SPTE_HOST_WRITEABLE = 1 and spte.SPTE_WRITE_PROTECT = 1, or
+restore the saved RWX bits if VMX_EPT_TRACK_ACCESS mask is set, or both. This
is safe because whenever changing these bits can be detected by cmpxchg.
But we need carefully check these cases:
@@ -128,6 +136,17 @@ Since the spte is "volatile" if it can be updated out of mmu-lock, we always
atomically update the spte, the race caused by fast page fault can be avoided,
See the comments in spte_has_volatile_bits() and mmu_spte_update().
+Lockless Access Tracking:
+
+This is used for Intel CPUs that are using EPT but do not support the EPT A/D
+bits. In this case, when the KVM MMU notifier is called to track accesses to a
+page (via kvm_mmu_notifier_clear_flush_young), it marks the PTE as not-present
+by clearing the RWX bits in the PTE and storing the original bits in some
+unused/ignored bits. In addition, the VMX_EPT_TRACK_ACCESS mask is also set on
+the PTE (also using unused/ignored bits). When the VM tries to access the page
+later on, a fault is generated and the fast page fault mechanism described
+above is used to atomically restore the PTE to its original state.
+
3. Reference
------------
--
2.8.0.rc3.226.g39d4020
next prev parent reply other threads:[~2016-11-08 23:00 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-27 2:19 [PATCH 0/4] Lockless Access Tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-10-27 2:19 ` [PATCH 1/4] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-11-02 18:03 ` Paolo Bonzini
2016-11-02 21:40 ` Junaid Shahid
2016-10-27 2:19 ` [PATCH 2/4] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-10-27 2:19 ` [PATCH 3/4] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-10-27 2:19 ` [PATCH 4/4] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-11-02 18:01 ` Paolo Bonzini
2016-11-02 21:42 ` Junaid Shahid
2016-11-08 23:00 ` [PATCH v2 0/5] Lockless Access Tracking " Junaid Shahid
2016-11-08 23:00 ` [PATCH v2 1/5] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-11-21 13:06 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 2/5] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-11-21 13:07 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 3/5] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-11-21 13:13 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 4/5] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-11-21 14:42 ` Paolo Bonzini
2016-11-24 3:50 ` Junaid Shahid
2016-11-25 9:45 ` Paolo Bonzini
2016-11-29 2:43 ` Junaid Shahid
2016-11-29 8:09 ` Paolo Bonzini
2016-11-30 0:59 ` Junaid Shahid
2016-11-30 11:09 ` Paolo Bonzini
2016-12-01 22:54 ` Junaid Shahid
2016-12-02 8:33 ` Paolo Bonzini
2016-12-05 22:57 ` Junaid Shahid
2016-11-08 23:00 ` Junaid Shahid [this message]
2016-12-07 0:46 ` [PATCH v3 0/8] Lockless Access Tracking " Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 1/8] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-12-15 6:50 ` Xiao Guangrong
2016-12-15 23:06 ` Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 2/8] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-12-15 6:51 ` Xiao Guangrong
2016-12-07 0:46 ` [PATCH v3 3/8] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-12-15 7:20 ` Xiao Guangrong
2016-12-15 23:36 ` Junaid Shahid
2016-12-16 13:13 ` Xiao Guangrong
2016-12-17 0:36 ` Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 4/8] kvm: x86: mmu: Refactor accessed/dirty checks in mmu_spte_update/clear Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 5/8] kvm: x86: mmu: Introduce a no-tracking version of mmu_spte_update Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 6/8] kvm: x86: mmu: Do not use bit 63 for tracking special SPTEs Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 7/8] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-12-14 16:28 ` Paolo Bonzini
2016-12-14 22:36 ` Junaid Shahid
2016-12-14 23:35 ` Paolo Bonzini
2016-12-16 13:04 ` Xiao Guangrong
2016-12-16 15:23 ` Paolo Bonzini
2016-12-17 0:01 ` Junaid Shahid
2016-12-21 9:49 ` Xiao Guangrong
2016-12-21 18:00 ` Paolo Bonzini
2016-12-17 2:04 ` Junaid Shahid
2016-12-17 14:19 ` Paolo Bonzini
2016-12-20 3:36 ` Junaid Shahid
2016-12-20 9:01 ` Paolo Bonzini
2016-12-07 0:46 ` [PATCH v3 8/8] kvm: x86: mmu: Update documentation for fast page fault mechanism Junaid Shahid
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1478646030-101103-6-git-send-email-junaids@google.com \
--to=junaids@google.com \
--cc=andreslc@google.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=pfeiner@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.