From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Avi Kivity <avi@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm@vger.kernel.org
Subject: Re: [PATCH 4/5] KVM: MMU: Optimize pte permission checks
Date: Thu, 13 Sep 2012 20:09:39 +0800 [thread overview]
Message-ID: <5051CD03.2080206@linux.vnet.ibm.com> (raw)
In-Reply-To: <1347460194-11807-5-git-send-email-avi@redhat.com>
On 09/12/2012 10:29 PM, Avi Kivity wrote:
> walk_addr_generic() permission checks are a maze of branchy code, which is
> performed four times per lookup. It depends on the type of access, efer.nxe,
> cr0.wp, cr4.smep, and in the near future, cr4.smap.
>
> Optimize this away by precalculating all variants and storing them in a
> bitmap. The bitmap is recalculated when rarely-changing variables change
> (cr0, cr4) and is indexed by the often-changing variables (page fault error
> code, pte access permissions).
Really graceful!
>
> The result is short, branch-free code.
>
> Signed-off-by: Avi Kivity <avi@redhat.com>
> +static void update_permission_bitmask(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu)
> +{
> + unsigned bit, byte, pfec;
> + u8 map;
> + bool fault, x, w, u, wf, uf, ff, smep;
> +
> + smep = kvm_read_cr4_bits(vcpu, X86_CR4_SMEP);
> + for (byte = 0; byte < ARRAY_SIZE(mmu->permissions); ++byte) {
> + pfec = byte << 1;
> + map = 0;
> + wf = pfec & PFERR_WRITE_MASK;
> + uf = pfec & PFERR_USER_MASK;
> + ff = pfec & PFERR_FETCH_MASK;
> + for (bit = 0; bit < 8; ++bit) {
> + x = bit & ACC_EXEC_MASK;
> + w = bit & ACC_WRITE_MASK;
> + u = bit & ACC_USER_MASK;
> +
> + /* Not really needed: !nx will cause pte.nx to fault */
> + x |= !mmu->nx;
> + /* Allow supervisor writes if !cr0.wp */
> + w |= !is_write_protection(vcpu) && !uf;
> + /* Disallow supervisor fetches if cr4.smep */
> + x &= !(smep && !uf);
In the case of smep, supervisor mode can fetch the memory if pte.u == 0,
so, it should be x &= !(smep && !uf && u)?
> @@ -3672,20 +3672,18 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
> gpa_t *gpa, struct x86_exception *exception,
> bool write)
> {
> - u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
> + u32 access = ((kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0)
> + | (write ? PFERR_WRITE_MASK : 0);
> + u8 bit = vcpu->arch.access;
>
> - if (vcpu_match_mmio_gva(vcpu, gva) &&
> - check_write_user_access(vcpu, write, access,
> - vcpu->arch.access)) {
> + if (vcpu_match_mmio_gva(vcpu, gva)
> + && ((vcpu->arch.walk_mmu->permissions[access >> 1] >> bit) & 1)) {
!((vcpu->arch.walk_mmu->permissions[access >> 1] >> bit) & 1) ?
It is better introducing a function to do the permission check?
next prev parent reply other threads:[~2012-09-13 12:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 14:29 [PATCH 0/5] Optimize page table walk Avi Kivity
2012-09-12 14:29 ` [PATCH 1/5] KVM: MMU: Push clean gpte write protection out of gpte_access() Avi Kivity
2012-09-13 11:29 ` Xiao Guangrong
2012-09-12 14:29 ` [PATCH 2/5] KVM: MMU: Optimize gpte_access() slightly Avi Kivity
2012-09-13 11:36 ` Xiao Guangrong
2012-09-12 14:29 ` [PATCH 3/5] KVM: MMU: Move gpte_access() out of paging_tmpl.h Avi Kivity
2012-09-13 11:48 ` Xiao Guangrong
2012-09-13 11:50 ` Avi Kivity
2012-09-12 14:29 ` [PATCH 4/5] KVM: MMU: Optimize pte permission checks Avi Kivity
2012-09-13 12:09 ` Xiao Guangrong [this message]
2012-09-13 12:15 ` Avi Kivity
2012-09-13 12:41 ` Xiao Guangrong
2012-09-13 13:35 ` Avi Kivity
2012-09-12 14:29 ` [PATCH 5/5] KVM: MMU: Simplify walk_addr_generic() loop Avi Kivity
2012-09-12 17:49 ` [PATCH 6/5] KVM: MMU: Optimize is_last_gpte() Avi Kivity
2012-09-12 18:03 ` Avi Kivity
2012-09-13 9:47 ` Avi Kivity
2012-09-13 13:39 ` Xiao Guangrong
2012-09-16 11:53 ` Avi Kivity
2012-09-12 22:20 ` [PATCH 0/5] Optimize page table walk Marcelo Tosatti
2012-09-13 8:25 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5051CD03.2080206@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.