From: Junaid Shahid <junaids@google.com>
To: kvm@vger.kernel.org
Cc: andreslc@google.com, pfeiner@google.com, pbonzini@redhat.com,
guangrong.xiao@linux.intel.com
Subject: [PATCH v3 8/8] kvm: x86: mmu: Update documentation for fast page fault mechanism
Date: Tue, 6 Dec 2016 16:46:17 -0800 [thread overview]
Message-ID: <1481071577-40250-9-git-send-email-junaids@google.com> (raw)
In-Reply-To: <1481071577-40250-1-git-send-email-junaids@google.com>
Add a brief description of the lockless access tracking mechanism
to the documentation of fast page faults in locking.txt.
Signed-off-by: Junaid Shahid <junaids@google.com>
---
Documentation/virtual/kvm/locking.txt | 31 +++++++++++++++++++++++++++----
1 file changed, 27 insertions(+), 4 deletions(-)
diff --git a/Documentation/virtual/kvm/locking.txt b/Documentation/virtual/kvm/locking.txt
index e5dd9f4..51c435a 100644
--- a/Documentation/virtual/kvm/locking.txt
+++ b/Documentation/virtual/kvm/locking.txt
@@ -22,9 +22,16 @@ else is a leaf: no other lock is taken inside the critical sections.
Fast page fault:
Fast page fault is the fast path which fixes the guest page fault out of
-the mmu-lock on x86. Currently, the page fault can be fast only if the
-shadow page table is present and it is caused by write-protect, that means
-we just need change the W bit of the spte.
+the mmu-lock on x86. Currently, the page fault can be fast in one of the
+following two cases:
+
+1. Access Tracking: The SPTE is not present, but it is marked for access
+tracking i.e. the SPTE_SPECIAL_MASK is set. That means we need to
+restore the saved R/X bits. This is described in more detail later below.
+
+2. Write-Protection: The SPTE is present and the fault is
+caused by write-protect. That means we just need to change the W bit of the
+spte.
What we use to avoid all the race is the SPTE_HOST_WRITEABLE bit and
SPTE_MMU_WRITEABLE bit on the spte:
@@ -34,7 +41,8 @@ SPTE_MMU_WRITEABLE bit on the spte:
page write-protection.
On fast page fault path, we will use cmpxchg to atomically set the spte W
-bit if spte.SPTE_HOST_WRITEABLE = 1 and spte.SPTE_WRITE_PROTECT = 1, this
+bit if spte.SPTE_HOST_WRITEABLE = 1 and spte.SPTE_WRITE_PROTECT = 1, or
+restore the saved R/X bits if VMX_EPT_TRACK_ACCESS mask is set, or both. This
is safe because whenever changing these bits can be detected by cmpxchg.
But we need carefully check these cases:
@@ -138,6 +146,21 @@ Since the spte is "volatile" if it can be updated out of mmu-lock, we always
atomically update the spte, the race caused by fast page fault can be avoided,
See the comments in spte_has_volatile_bits() and mmu_spte_update().
+Lockless Access Tracking:
+
+This is used for Intel CPUs that are using EPT but do not support the EPT A/D
+bits. In this case, when the KVM MMU notifier is called to track accesses to a
+page (via kvm_mmu_notifier_clear_flush_young), it marks the PTE as not-present
+by clearing the RWX bits in the PTE and storing the original R & X bits in
+some unused/ignored bits. In addition, the SPTE_SPECIAL_MASK is also set on the
+PTE (using the ignored bit 62). When the VM tries to access the page later on,
+a fault is generated and the fast page fault mechanism described above is used
+to atomically restore the PTE to a Present state. The W bit is not saved when
+the PTE is marked for access tracking and during restoration to the Present
+state, the W bit is set depending on whether or not it was a write access. If
+it wasn't, then the W bit will remain clear until a write access happens, at
+which time it will be set using the Dirty tracking mechanism described above.
+
3. Reference
------------
--
2.8.0.rc3.226.g39d4020
prev parent reply other threads:[~2016-12-07 0:46 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-27 2:19 [PATCH 0/4] Lockless Access Tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-10-27 2:19 ` [PATCH 1/4] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-11-02 18:03 ` Paolo Bonzini
2016-11-02 21:40 ` Junaid Shahid
2016-10-27 2:19 ` [PATCH 2/4] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-10-27 2:19 ` [PATCH 3/4] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-10-27 2:19 ` [PATCH 4/4] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-11-02 18:01 ` Paolo Bonzini
2016-11-02 21:42 ` Junaid Shahid
2016-11-08 23:00 ` [PATCH v2 0/5] Lockless Access Tracking " Junaid Shahid
2016-11-08 23:00 ` [PATCH v2 1/5] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-11-21 13:06 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 2/5] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-11-21 13:07 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 3/5] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-11-21 13:13 ` Paolo Bonzini
2016-11-08 23:00 ` [PATCH v2 4/5] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-11-21 14:42 ` Paolo Bonzini
2016-11-24 3:50 ` Junaid Shahid
2016-11-25 9:45 ` Paolo Bonzini
2016-11-29 2:43 ` Junaid Shahid
2016-11-29 8:09 ` Paolo Bonzini
2016-11-30 0:59 ` Junaid Shahid
2016-11-30 11:09 ` Paolo Bonzini
2016-12-01 22:54 ` Junaid Shahid
2016-12-02 8:33 ` Paolo Bonzini
2016-12-05 22:57 ` Junaid Shahid
2016-11-08 23:00 ` [PATCH v2 5/5] kvm: x86: mmu: Update documentation for fast page fault mechanism Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 0/8] Lockless Access Tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 1/8] kvm: x86: mmu: Use symbolic constants for EPT Violation Exit Qualifications Junaid Shahid
2016-12-15 6:50 ` Xiao Guangrong
2016-12-15 23:06 ` Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 2/8] kvm: x86: mmu: Rename spte_is_locklessly_modifiable() Junaid Shahid
2016-12-15 6:51 ` Xiao Guangrong
2016-12-07 0:46 ` [PATCH v3 3/8] kvm: x86: mmu: Fast Page Fault path retries Junaid Shahid
2016-12-15 7:20 ` Xiao Guangrong
2016-12-15 23:36 ` Junaid Shahid
2016-12-16 13:13 ` Xiao Guangrong
2016-12-17 0:36 ` Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 4/8] kvm: x86: mmu: Refactor accessed/dirty checks in mmu_spte_update/clear Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 5/8] kvm: x86: mmu: Introduce a no-tracking version of mmu_spte_update Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 6/8] kvm: x86: mmu: Do not use bit 63 for tracking special SPTEs Junaid Shahid
2016-12-07 0:46 ` [PATCH v3 7/8] kvm: x86: mmu: Lockless access tracking for Intel CPUs without EPT A bits Junaid Shahid
2016-12-14 16:28 ` Paolo Bonzini
2016-12-14 22:36 ` Junaid Shahid
2016-12-14 23:35 ` Paolo Bonzini
2016-12-16 13:04 ` Xiao Guangrong
2016-12-16 15:23 ` Paolo Bonzini
2016-12-17 0:01 ` Junaid Shahid
2016-12-21 9:49 ` Xiao Guangrong
2016-12-21 18:00 ` Paolo Bonzini
2016-12-17 2:04 ` Junaid Shahid
2016-12-17 14:19 ` Paolo Bonzini
2016-12-20 3:36 ` Junaid Shahid
2016-12-20 9:01 ` Paolo Bonzini
2016-12-07 0:46 ` Junaid Shahid [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1481071577-40250-9-git-send-email-junaids@google.com \
--to=junaids@google.com \
--cc=andreslc@google.com \
--cc=guangrong.xiao@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=pfeiner@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).