# **Translation Pass-Through for Near-Native** Paging Performance in VMs



<u>Shai Bergman<sup>\*</sup></u>, Mark Silberstein<sup>\*</sup>, Takahiro Shinagawa<sup>§</sup>,

Peter Pietzuch<sup>+</sup>, Lluis Vilanova<sup>+</sup>

shaiberg1@tx.technion.ac.il



# **Background: Virtual Machines**

- Used in the cloud for:
- Consolidation of resources -> Efficiency
- Isolation -> Security
- Resource provisioning -> Flexibility

Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

### A compute resource that runs programs in its own virtual environment



VMs improve resource utilization, reducing hardware costs and energy consumption.



# **Background: Virtual Machine Overheads**

### However, virtualization comes at a cost:

Isolation requirements + VM abstractions impact performance



### Memory translation overheads alone cause workload performance slowdown of up to 2.4X\*

Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23



\*GUPS: The HPC Challenge (HPCC) Benchmark Suite





# **Background: Bare Metal Memory Translation**



### 4 memory accesses for translation





# **Background: VM Memory Translation**



- Applications within VMs utilize Guest Virtual Addresses (GVA).
- VMs maintain their own Guest Physical Address space (GPA).
- Memory is eventually accessed utilizing Host Physical Addresses (HPA).



## **Problem: VM Memory Translation – Nested Paging**



### **Hypervisor maintains NPT**

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

- Up to 24 page walk accesses + No hypervisor intervention per update





# **Problem: VM Memory Translation – Shadow Paging**



### Hypervisor virtualizes changes to SPT

### + Up to 4 page walk accesses

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

- Hypervisor intervention per update 7





- VM Memory Translation Challenges Both translation and management are important Current solutions optimize one at the expense of the other Nested paging:
- Translation: up to 24 page walk accesses on TLB miss
- + Management: no hypervisor intervention per update

Shadow paging:

- + Translation: up to 4 page walk accesses

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

Management: hypervisor intervention per page table update (VMEXITs)

Our main goal: efficient translation and management in virtualized systems







# **Translation Pass-Through: Design Goals**

- Self-managed, direct guest VM to host memory translation
  For native performance for translation and management
- 2. Efficiently maintain protection between VMs
  > Without hypervisor intervention on page table updates
- 3. Ease of integration and maintenanceFor fast adoption and backwards compatibility



### 1. Self-managed, Direct Guest VM to Host Memory Translation

Guest VM directly manages and translates GVA->HPA



Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

**Translation**:

- Guest managed page tables
- Translate directly to HPA
- Utilized directly by MMU







# 2. Maintain Protection Between VMs



Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

### **Translation:**

- Guest managed page tables
- Translate directly to HPA
- Utilized directly by MMU





### **Proposed Hardware: Physical Page Tags VM 1 VM 2** d VM pages b e C С С e

**Physical Memory** 

**0x0** 

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23





### **Proposed Hardware: Physical Page Tags VM 1** VM 2 ..... C е VM pages b С C С C e \*\*\*\*\*\* **Physical Memory** d b e e $\mathbf{D}$ C e C

**0x0** 

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23







# **Proposed Hardware: Physical Page Tags** Hardware is available today (with minor modifications) Other mechanisms that could also be used

# **O** rm PMP Physical page tag checks can overlap memory translation

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

## 2. Maintain Protection Between VMs Hypervisor assigns MMU tags to VMs and HPAs



### **Decouple translation and isolation**

Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

**Translation**:

- Guest managed page tables
- Translate directly to HPA
- Utilized directly by MMU

**Isolation**:

- Hypervisor managed Page Tags
- Enforce inter-VM isolation.

Overlap page table traversal and tag lookup











<u>Uses NPT by default</u>
 For backwards compat.
 (e.g., boot)





- <u>Uses NPT by default</u>
  For backwards compat.
  (e.g., boot)
- <u>Dual page tables</u> for native translation performance & hypervisor fallback





lest OS

<u>D</u>

Σ

Hypervisor

ЫM

- Uses NPT by default For backwards compat. (e.g., boot)
- Dual page tables for native translation performance & hypervisor fallback
- TPT construction for guest-managed GVA->HPA page tables [\[\overline{2}|\]





## **TPT Evaluation: Setup**

**Configurations:** 

- Native
- VM + Shadow Paging
- VM + NPT (nested paging)
- TPT-opt (full tag-check overlap)
- TPT-naïve (no tag-check overlap)



TPT-opt TPT-naive NPT



### kcbench spawns processes and constructs new page tables TPT has no page table manipulation overheads due to self-managed page tables





### PR access pattern causes high TLB miss rates TPT has no translation overheads due to pass-though translations









# **TPT Evaluation: memcached** Serving Facebook ETC workload 750 99p Latency [us] 500 250

150

### Memcached tail latency is very sensitive to TLB misses **TPT** with translation and tag checking overlap matches native performance

Translation Pass-Through for Near-Native Paging Performance in VMs. USENIX ATC 23

100

0





### Conclusions

- Virtualization has high memory management overheads
  - Due to translation <-> isolation coupling
  - Worse with larger data sets and address spaces (e.g., 5-level pg. table)
- TPT eliminates translation and page table management overheads
  - VM address translation in parallel with inter-VM isolation via tagging
  - Supported with minor software changes + backwards compat. (e.g., boot)
  - Hardware support is almost all there (e.g., AMD SEV-SNP)



Thank you! **Questions?** 

github.com/acsl-technion/TPT





