| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="nestedpaging">
|
|---|
| 4 | <title>Nested Paging and VPIDs</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p>
|
|---|
| 8 | In addition to normal hardware virtualization, your processor may
|
|---|
| 9 | also support the following additional sophisticated techniques:
|
|---|
| 10 | </p>
|
|---|
| 11 | <ul>
|
|---|
| 12 | <li>
|
|---|
| 13 | <p>
|
|---|
| 14 | Nested paging implements some memory management in hardware,
|
|---|
| 15 | which can greatly accelerate hardware virtualization since
|
|---|
| 16 | these tasks no longer need to be performed by the
|
|---|
| 17 | virtualization software.
|
|---|
| 18 | </p>
|
|---|
| 19 | <p>
|
|---|
| 20 | With nested paging, the hardware provides another level of
|
|---|
| 21 | indirection when translating linear to physical addresses.
|
|---|
| 22 | Page tables function as before, but linear addresses are now
|
|---|
| 23 | translated to "guest physical" addresses first and not
|
|---|
| 24 | physical addresses directly. A new set of paging registers now
|
|---|
| 25 | exists under the traditional paging mechanism and translates
|
|---|
| 26 | from guest physical addresses to host physical addresses,
|
|---|
| 27 | which are used to access memory.
|
|---|
| 28 | </p>
|
|---|
| 29 | <p>
|
|---|
| 30 | Nested paging eliminates the overhead caused by VM exits and
|
|---|
| 31 | page table accesses. In essence, with nested page tables the
|
|---|
| 32 | guest can handle paging without intervention from the
|
|---|
| 33 | hypervisor. Nested paging thus significantly improves
|
|---|
| 34 | virtualization performance.
|
|---|
| 35 | </p>
|
|---|
| 36 | <p>
|
|---|
| 37 | On AMD processors, nested paging has been available starting
|
|---|
| 38 | with the Barcelona (K10) architecture. They now call it rapid
|
|---|
| 39 | virtualization indexing (RVI). Intel added support for nested
|
|---|
| 40 | paging, which they call extended page tables (EPT), with their
|
|---|
| 41 | Core i7 (Nehalem) processors.
|
|---|
| 42 | </p>
|
|---|
| 43 | <p> If nested paging is enabled, the <ph conkeyref="vbox-conkeyref-phrases/product-name"/> hypervisor can also use <i>large
|
|---|
| 44 | pages</i> to reduce TLB usage and overhead. This can yield a performance improvement of
|
|---|
| 45 | up to 5%. To enable this feature for a VM, you use the <userinput>VBoxManage modifyvm
|
|---|
| 46 | --large-pages</userinput> command. See <xref href="vboxmanage-modifyvm.dita">VBoxManage
|
|---|
| 47 | modifyvm</xref>. </p>
|
|---|
| 48 | <p>
|
|---|
| 49 | If you have an Intel CPU with EPT, please consult
|
|---|
| 50 | <xref href="sec-rec-cve-2018-3646.dita#sec-rec-cve-2018-3646"/> for security concerns
|
|---|
| 51 | regarding EPT.
|
|---|
| 52 | </p>
|
|---|
| 53 | </li>
|
|---|
| 54 | <li>
|
|---|
| 55 | <p>
|
|---|
| 56 | On Intel CPUs, a hardware feature called Virtual Processor
|
|---|
| 57 | Identifiers (VPIDs) can greatly accelerate context switching
|
|---|
| 58 | by reducing the need for expensive flushing of the processor's
|
|---|
| 59 | Translation Lookaside Buffers (TLBs).
|
|---|
| 60 | </p>
|
|---|
| 61 | <p> To enable these features for a VM, you use the <userinput>VBoxManage modifyvm
|
|---|
| 62 | --vtx-vpid</userinput> and <userinput>VBoxManage modifyvm --large-pages</userinput>
|
|---|
| 63 | commands. See <xref href="vboxmanage-modifyvm.dita">VBoxManage modifyvm</xref>. </p>
|
|---|
| 64 | </li>
|
|---|
| 65 | </ul>
|
|---|
| 66 | </body>
|
|---|
| 67 |
|
|---|
| 68 | </topic>
|
|---|
