From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Guangrong Subject: Re: [PATCH 08/11] KVM: MMU: use page track for non-leaf shadow pages Date: Thu, 17 Dec 2015 12:07:55 +0800 Message-ID: <5672351B.9090302@linux.intel.com> References: <1448907973-36066-1-git-send-email-guangrong.xiao@linux.intel.com> <1448907973-36066-9-git-send-email-guangrong.xiao@linux.intel.com> <566FC6B8.9010008@linux.intel.com> <566FD902.4040306@linux.intel.com> <567117F2.5070603@linux.intel.com> <5671234F.5010506@linux.intel.com> <5672217C.1000008@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: gleb@kernel.org, mtosatti@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org To: Kai Huang , pbonzini@redhat.com Return-path: In-Reply-To: <5672217C.1000008@linux.intel.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 12/17/2015 10:44 AM, Kai Huang wrote: > > > On 12/16/2015 04:39 PM, Xiao Guangrong wrote: >> >> >> On 12/16/2015 03:51 PM, Kai Huang wrote: >>> >>> >>> On 12/15/2015 05:10 PM, Xiao Guangrong wrote: >>>> >>>> >>>> On 12/15/2015 03:52 PM, Kai Huang wrote: >>>> >>>>>> static bool __mmu_gfn_lpage_is_disallowed(gfn_t gfn, int level, >>>>>> @@ -2140,12 +2150,18 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu, >>>>>> hlist_add_head(&sp->hash_link, >>>>>> &vcpu->kvm->arch.mmu_page_hash[kvm_page_table_hashfn(gfn)]); >>>>>> if (!direct) { >>>>>> - if (rmap_write_protect(vcpu, gfn)) >>>>>> + /* >>>>>> + * we should do write protection before syncing pages >>>>>> + * otherwise the content of the synced shadow page may >>>>>> + * be inconsistent with guest page table. >>>>>> + */ >>>>>> + account_shadowed(vcpu->kvm, sp); >>>>>> + >>>>>> + if (level == PT_PAGE_TABLE_LEVEL && >>>>>> + rmap_write_protect(vcpu, gfn)) >>>>>> kvm_flush_remote_tlbs(vcpu->kvm); >>>>> I think your modification is good but I am little bit confused here. In account_shadowed, if >>>>> sp->role.level > PT_PAGE_TABLE_LEVEL, the sp->gfn is write protected, and this is reasonable. >>>>> So why >>>>> write protecting the gfn of PT_PAGE_TABLE_LEVEL here? >>>> >>>> Because the shadow page will become 'sync' that means the shadow page will be synced >>>> with the page table in guest. So the shadow page need to be write-protected to avoid >>>> the guest page table is changed when we do the 'sync' thing. >>>> >>>> The shadow page need to be write-protected to avoid that guest page table is changed >>>> when we are syncing the shadow page table. See kvm_sync_pages() after doing >>>> rmap_write_protect(). >>> I see. So why are you treat PT_PAGE_TABLE_LEVEL gfn separately here? why this cannot be done in >>> account_shadowed, as you did for upper level sp? >> >> non-leaf shadow pages are keepking write-protected which page fault handler can not fix write >> access on it. And leaf shadow pages are not. > My point is the original code didn't separate the two cases so I am not sure why you need to > separate. Perhaps you want to make account_shadowed imply the non-leaf guest page table is > write-protected while leaf page table is not. That is why we get improvement after this patchset, we seep up the case for the write access happens on non-leaf page tables. ;)