From: Avi Kivity <avi@redhat.com>
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm@vger.kernel.org
Subject: Re: [PATCH 4/5] KVM: MMU: Optimize pte permission checks
Date: Thu, 13 Sep 2012 15:15:31 +0300 [thread overview]
Message-ID: <5051CE63.7040605@redhat.com> (raw)
In-Reply-To: <5051CD03.2080206@linux.vnet.ibm.com>
On 09/13/2012 03:09 PM, Xiao Guangrong wrote:
>>
>> The result is short, branch-free code.
>>
>> Signed-off-by: Avi Kivity <avi@redhat.com>
>
>> +static void update_permission_bitmask(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu)
>> +{
>> + unsigned bit, byte, pfec;
>> + u8 map;
>> + bool fault, x, w, u, wf, uf, ff, smep;
>> +
>> + smep = kvm_read_cr4_bits(vcpu, X86_CR4_SMEP);
>> + for (byte = 0; byte < ARRAY_SIZE(mmu->permissions); ++byte) {
>> + pfec = byte << 1;
>> + map = 0;
>> + wf = pfec & PFERR_WRITE_MASK;
>> + uf = pfec & PFERR_USER_MASK;
>> + ff = pfec & PFERR_FETCH_MASK;
>> + for (bit = 0; bit < 8; ++bit) {
>> + x = bit & ACC_EXEC_MASK;
>> + w = bit & ACC_WRITE_MASK;
>> + u = bit & ACC_USER_MASK;
>> +
>> + /* Not really needed: !nx will cause pte.nx to fault */
>> + x |= !mmu->nx;
>> + /* Allow supervisor writes if !cr0.wp */
>> + w |= !is_write_protection(vcpu) && !uf;
>> + /* Disallow supervisor fetches if cr4.smep */
>> + x &= !(smep && !uf);
>
> In the case of smep, supervisor mode can fetch the memory if pte.u == 0,
> so, it should be x &= !(smep && !uf && u)?
Good catch, will fix.
>
>> @@ -3672,20 +3672,18 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
>> gpa_t *gpa, struct x86_exception *exception,
>> bool write)
>> {
>> - u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0;
>> + u32 access = ((kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0)
>> + | (write ? PFERR_WRITE_MASK : 0);
>> + u8 bit = vcpu->arch.access;
>>
>> - if (vcpu_match_mmio_gva(vcpu, gva) &&
>> - check_write_user_access(vcpu, write, access,
>> - vcpu->arch.access)) {
>> + if (vcpu_match_mmio_gva(vcpu, gva)
>> + && ((vcpu->arch.walk_mmu->permissions[access >> 1] >> bit) & 1)) {
>
> !((vcpu->arch.walk_mmu->permissions[access >> 1] >> bit) & 1) ?
>
> It is better introducing a function to do the permission check?
>
Probably, I'll rethink it.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2012-09-13 12:16 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 14:29 [PATCH 0/5] Optimize page table walk Avi Kivity
2012-09-12 14:29 ` [PATCH 1/5] KVM: MMU: Push clean gpte write protection out of gpte_access() Avi Kivity
2012-09-13 11:29 ` Xiao Guangrong
2012-09-12 14:29 ` [PATCH 2/5] KVM: MMU: Optimize gpte_access() slightly Avi Kivity
2012-09-13 11:36 ` Xiao Guangrong
2012-09-12 14:29 ` [PATCH 3/5] KVM: MMU: Move gpte_access() out of paging_tmpl.h Avi Kivity
2012-09-13 11:48 ` Xiao Guangrong
2012-09-13 11:50 ` Avi Kivity
2012-09-12 14:29 ` [PATCH 4/5] KVM: MMU: Optimize pte permission checks Avi Kivity
2012-09-13 12:09 ` Xiao Guangrong
2012-09-13 12:15 ` Avi Kivity [this message]
2012-09-13 12:41 ` Xiao Guangrong
2012-09-13 13:35 ` Avi Kivity
2012-09-12 14:29 ` [PATCH 5/5] KVM: MMU: Simplify walk_addr_generic() loop Avi Kivity
2012-09-12 17:49 ` [PATCH 6/5] KVM: MMU: Optimize is_last_gpte() Avi Kivity
2012-09-12 18:03 ` Avi Kivity
2012-09-13 9:47 ` Avi Kivity
2012-09-13 13:39 ` Xiao Guangrong
2012-09-16 11:53 ` Avi Kivity
2012-09-12 22:20 ` [PATCH 0/5] Optimize page table walk Marcelo Tosatti
2012-09-13 8:25 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5051CE63.7040605@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=xiaoguangrong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.