From: Sean Christopherson <seanjc@google.com>
To: harry harry <hiharryharryharry@gmail.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>,
kvm@vger.kernel.org, qemu-devel@nongnu.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
stefanha@redhat.com, mathieu.tarral@protonmail.com
Subject: Re: About two-dimensional page translation (e.g., Intel EPT) and shadow page table in Linux QEMU/KVM
Date: Thu, 15 Jul 2021 22:24:22 +0000 [thread overview]
Message-ID: <YPC1lgV5dZC0CyG0@google.com> (raw)
In-Reply-To: <CA+-xGqOkH-hU1guGx=t-qtjsRdO92oX+8HhcO1eXnCigMc+NPw@mail.gmail.com>
On Thu, Jul 15, 2021, harry harry wrote:
> Hi Sean,
>
> > No, each vCPU has its own MMU instance, where an "MMU instance" is (mostly) a KVM
> > construct. Per-vCPU MMU instances are necessary because each vCPU has its own
> > relevant state, e.g. CR0, CR4, EFER, etc..., that affects the MMU instance in
> > some way. E.g. the MMU instance is used to walk guest page tables when
> > translating GVA->GPA for emulation, so per-vCPU MMUs are necessary even when
> > using TDP.
> >
> > However, shadow/TDP PTEs are shared between compatible MMU instances. E.g. in
> > the common case where all vCPUs in a VM use identical settings, there will
> > effectively be a single set of TDP page tables shared by all vCPUs.
>
> What do you mean by "MMU instance"? Do you mean VMCS? MMU is hardware.
No, an MMU is not a hardware-exclusive term, e.g. a software emulator will have
an MMU to emulate the MMU of the target hardware.
The terminology we use in KVM is roughly that a KVM MMU is KVM's presentation of
a hardware MMU to the guest. E.g. when shadow paging is used, there is both the
hardware MMU that is stuffed with KVM's shadow PTEs, and the KVM MMU that models
the guest's MMU (the guest thinks its configuring a hardware MMU, but in reality
KVM is intercepting (some) guest PTE modifications). When TDP (EPT) is used, the
hardware MMU has two parts: the TDP PTEs that are controlled by KVM, and the IA32
PTEs that are controlled by the guest. And there's still a KVM MMU for the guest;
the KVM MMU in that case knows how to connfigure the TDP PTEs in hardware _and_
walk the guest IA32 PTEs, e.g. to handle memory accesses during emulation.
Even more fun, when nested TDP is used, there is a KVM MMU for L1, a KVM MMU for
L1's EPT for L2, a KVM MMU for L2 (L2's legacy page tables), and the hardware MMU.
> Could you please share me the code of the MMU instance in KVM? Thanks!
struct kvm_mmu, and generally speaking everything under arch/x86/kvm/mmu/.
next prev parent reply other threads:[~2021-07-15 22:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-11 20:13 About two-dimensional page translation (e.g., Intel EPT) and shadow page table in Linux QEMU/KVM harry harry
2021-07-12 9:49 ` Maxim Levitsky
2021-07-12 13:02 ` harry harry
2021-07-12 13:11 ` Maxim Levitsky
2021-07-12 14:56 ` Sean Christopherson
2021-07-14 5:30 ` harry harry
2021-07-14 17:47 ` Sean Christopherson
2021-07-15 5:49 ` harry harry
2021-07-15 22:24 ` Sean Christopherson [this message]
2021-07-16 3:20 ` harry harry
2021-07-21 21:00 ` Sean Christopherson
2021-07-28 19:00 ` harry harry
2021-07-28 20:01 ` Sean Christopherson
2021-08-05 19:42 ` harry harry
2021-07-14 5:22 ` harry harry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YPC1lgV5dZC0CyG0@google.com \
--to=seanjc@google.com \
--cc=hiharryharryharry@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=mathieu.tarral@protonmail.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sean.j.christopherson@intel.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).