Optimization: Cached CR reads

Signed-off-by: Alexandro Sanchez Bach <asanchez@kryptoslogic.com>

Author: AlexAltea

core/cpu.c

@@ -186,29 +186,6 @@ void cpu_pmu_init(void *arg)
     pmu_info->cpuid_edx = cpuid_args.edx;
 }
 
-static void vmread_cr(struct vcpu_t *vcpu)
-{
-    struct vcpu_state_t *state = vcpu->state;
-    mword cr4, cr4_mask;
-
-    // Update only the bits the guest is allowed to change
-    // This must use the actual cr0 mask, not _cr0_mask.
-    mword cr0 = vmread(vcpu, GUEST_CR0);
-    mword cr0_mask = vmread(vcpu, VMX_CR0_MASK); // should cache this
-    hax_debug("vmread_cr cr0 %lx, cr0_mask %lx, state->_cr0 %llx\n", cr0,
-              cr0_mask, state->_cr0);
-    state->_cr0 = (cr0 & ~cr0_mask) | (state->_cr0 & cr0_mask);
-    hax_debug("vmread_cr, state->_cr0 %llx\n", state->_cr0);
-
-    // update CR3 only if guest is allowed to change it
-    if (!(vmx(vcpu, pcpu_ctls) & CR3_LOAD_EXITING))
-        state->_cr3 = vmread(vcpu, GUEST_CR3);
-
-    cr4 = vmread(vcpu, GUEST_CR4);
-    cr4_mask = vmread(vcpu, VMX_CR4_MASK); // should cache this
-    state->_cr4 = (cr4 & ~cr4_mask) | (state->_cr4 & cr4_mask);
-}
-
 vmx_result_t cpu_vmx_vmptrld(struct per_cpu_data *cpu_data, hax_paddr_t vmcs,
                              struct vcpu_t *vcpu)
 {
@@ -376,8 +353,6 @@ int cpu_vmx_execute(struct vcpu_t *vcpu, struct hax_tunnel *htun)
          */
         hax_handle_idt_vectoring(vcpu);
 
-        vmread_cr(vcpu);
-
         if (vcpu->nr_pending_intrs > 0 || hax_intr_is_blocked(vcpu))
             htun->ready_for_interrupt_injection = 0;
         else

core/include/vcpu.h

@@ -256,6 +256,9 @@ void hax_panic_vcpu(struct vcpu_t *v, char *fmt, ...);
 
 // Extension-specific operations
 
+mword vcpu_get_cr0(struct vcpu_t *vcpu);
+mword vcpu_get_cr3(struct vcpu_t *vcpu);
+mword vcpu_get_cr4(struct vcpu_t *vcpu);
 mword vcpu_get_rflags(struct vcpu_t *vcpu);
 mword vcpu_get_rsp(struct vcpu_t *vcpu);
 mword vcpu_get_rip(struct vcpu_t *vcpu);

core/include/vmx.h

@@ -315,8 +315,8 @@ typedef enum component_index_t component_index_t;
     COMP(0, 0, W_64, GUEST_PDPTE2)                           \
     COMP(0, 0, W_64, GUEST_PDPTE3)                           \
     /* Natural-width components */                           \
-    COMP(0, 0, W_UL, VMX_CR0_MASK)                           \
-    COMP(0, 0, W_UL, VMX_CR4_MASK)                           \
+    COMP(1, 0, W_UL, VMX_CR0_MASK)                           \
+    COMP(1, 0, W_UL, VMX_CR4_MASK)                           \
     COMP(0, 0, W_UL, VMX_CR0_READ_SHADOW)                    \
     COMP(0, 0, W_UL, VMX_CR4_READ_SHADOW)                    \
     COMP(0, 0, W_UL, VMX_CR3_TARGET_VAL_BASE)                \
@@ -341,9 +341,9 @@ typedef enum component_index_t component_index_t;
     COMP(1, 0, W_UL, GUEST_RIP)                              \
     COMP(1, 0, W_UL, GUEST_RFLAGS)                           \
     COMP(1, 0, W_UL, GUEST_RSP)                              \
-    COMP(0, 0, W_UL, GUEST_CR0)                              \
-    COMP(0, 0, W_UL, GUEST_CR3)                              \
-    COMP(0, 0, W_UL, GUEST_CR4)                              \
+    COMP(1, 0, W_UL, GUEST_CR0)                              \
+    COMP(1, 0, W_UL, GUEST_CR3)                              \
+    COMP(1, 0, W_UL, GUEST_CR4)                              \
     COMP(1, 0, W_UL, GUEST_ES_BASE)                          \
     COMP(1, 0, W_UL, GUEST_CS_BASE)                          \
     COMP(1, 0, W_UL, GUEST_SS_BASE)                          \

core/page_walker.c

@@ -569,9 +569,9 @@ uint32_t pw_perform_page_walk(
     uint64_t efer_value = vcpu->state->_efer;
     bool is_nxe = ((efer_value & IA32_EFER_XD) != 0);
     bool is_lme = ((efer_value & IA32_EFER_LME) != 0);
-    uint64_t cr0 = vcpu->state->_cr0;
-    uint64_t cr3 = vcpu->state->_cr3;
-    uint64_t cr4 = vcpu->state->_cr4;
+    uint64_t cr0 = vcpu_get_cr0(vcpu);
+    uint64_t cr3 = vcpu_get_cr3(vcpu);
+    uint64_t cr4 = vcpu_get_cr4(vcpu);
     bool is_wp = ((cr0 & CR0_WP) != 0);
     bool is_pae = ((cr4 & CR4_PAE) != 0);
     bool is_pse = ((cr4 & CR4_PSE) != 0);

core/vcpu.c

@@ -172,35 +172,28 @@ static inline void set_idt(struct vcpu_state_t *state, uint64_t base,
     state->_idt.limit = limit;
 }
 
-static uint64_t vcpu_read_cr(struct vcpu_state_t *state, uint32_t n)
+static uint64_t vcpu_read_cr(struct vcpu_t *vcpu, uint32_t n)
 {
     uint64_t val = 0;
 
     switch (n) {
-        case 0: {
-            val = state->_cr0;
-            break;
-        }
-        case 2: {
-            val = state->_cr2;
-            break;
-        }
-        case 3: {
-            val = state->_cr3;
-            break;
-        }
-        case 4: {
-            val = state->_cr4;
-            break;
-        }
-        default: {
-            hax_error("Unsupported CR%d access\n", n);
-            break;
-        }
+    case 0:
+        val = vcpu_get_cr0(vcpu);
+        break;
+    case 2:
+        val = vcpu->state->_cr2;
+        break;
+    case 3:
+        val = vcpu_get_cr3(vcpu);
+        break;
+    case 4:
+        val = vcpu_get_cr4(vcpu);
+        break;
+    default:
+        hax_error("Unsupported CR%d access\n", n);
+        break;
     }
-
     hax_debug("vcpu_read_cr cr %x val %llx\n", n, val);
-
     return val;
 }
 
@@ -1665,7 +1658,7 @@ int vcpu_execute(struct vcpu_t *vcpu)
     hax_mutex_lock(vcpu->tmutex);
     hax_debug("vcpu begin to run....\n");
     // QEMU will do realmode stuff for us
-    if (!hax->ug_enable_flag && !(vcpu->state->_cr0 & CR0_PE)) {
+    if (!hax->ug_enable_flag && !(vcpu_get_cr0(vcpu) & CR0_PE)) {
         htun->_exit_reason = 0;
         htun->_exit_status = HAX_EXIT_REALMODE;
         hax_debug("Guest is in realmode.\n");
@@ -1723,14 +1716,14 @@ int vcpu_vmexit_handler(struct vcpu_t *vcpu, exit_reason_t exit_reason,
 
 int vtlb_active(struct vcpu_t *vcpu)
 {
-    struct vcpu_state_t *state = vcpu->state;
     struct per_cpu_data *cpu_data = current_cpu_data();
+    uint64_t cr0 = vcpu_get_cr0(vcpu);
 
     if (hax->ug_enable_flag)
         return 0;
 
-    hax_debug("vtlb active: cr0, %llx\n", state->_cr0);
-    if ((state->_cr0 & CR0_PG) == 0)
+    hax_debug("vtlb active: cr0, %llx\n", cr0);
+    if ((cr0 & CR0_PG) == 0)
         return 1;
 
     if (config.disable_ept)
@@ -2099,6 +2092,7 @@ static int vcpu_emulate_insn(struct vcpu_t *vcpu)
     em_context_t *em_ctxt = &vcpu->emulate_ctxt;
     uint8_t instr[INSTR_MAX_LEN] = {0};
     uint32_t exit_instr_length = vmcs_read(vcpu, VM_EXIT_INFO_INSTRUCTION_LENGTH);
+    uint64_t cr0 = vcpu_get_cr0(vcpu);
     uint64_t rip = vcpu_get_rip(vcpu);
     segment_desc_t cs;
     uint64_t va;
@@ -2109,7 +2103,7 @@ static int vcpu_emulate_insn(struct vcpu_t *vcpu)
 
     // Detect guest mode
     cs.ar = vcpu_get_seg_ar(vcpu, SEG_CS);
-    if (!(vcpu->state->_cr0 & CR0_PE))
+    if (!(cr0 & CR0_PE))
         mode = EM_MODE_REAL;
     else if (cs.long_mode == 1)
         mode = EM_MODE_PROT64;
@@ -2794,11 +2788,14 @@ static int exit_cr_access(struct vcpu_t *vcpu, struct hax_tunnel *htun)
     bool is_ept_pae = false;
     preempt_flag flags;
     uint32_t vmcs_err = 0;
+    state->_cr0 = vcpu_get_cr0(vcpu);
+    state->_cr3 = vcpu_get_cr3(vcpu);
+    state->_cr4 = vcpu_get_cr4(vcpu);
 
     htun->_exit_reason = vmx(vcpu, exit_reason).basic_reason;
 
     cr = qual.cr.creg;
-    cr_ptr = vcpu_read_cr(state, cr);
+    cr_ptr = vcpu_read_cr(vcpu, cr);
 
     switch (qual.cr.type) {
         case 0: { // MOV CR <- GPR
@@ -3259,6 +3256,7 @@ static int handle_msr_read(struct vcpu_t *vcpu, uint32_t msr, uint64_t *val)
     int index, r = 0;
     struct vcpu_state_t *state = vcpu->state;
     struct gstate *gstate = &vcpu->gstate;
+    uint64_t cr0, cr4;
 
     switch (msr) {
         case IA32_TSC: {
@@ -3278,7 +3276,9 @@ static int handle_msr_read(struct vcpu_t *vcpu, uint32_t msr, uint64_t *val)
             break;
         }
         case IA32_EFER: {
-            if (!(state->_cr4 & CR4_PAE) && (state->_cr0 & CR0_PG)) {
+            cr0 = vcpu_get_cr0(vcpu);
+            cr4 = vcpu_get_cr4(vcpu);
+            if (!(cr4 & CR4_PAE) && (cr0 & CR0_PG)) {
                 r = 1;
             } else {
                 *val = state->_efer;
@@ -3462,8 +3462,9 @@ static int handle_msr_read(struct vcpu_t *vcpu, uint32_t msr, uint64_t *val)
 static void vmwrite_efer(struct vcpu_t *vcpu)
 {
     struct vcpu_state_t *state = vcpu->state;
+    uint64_t cr0 = vcpu_get_cr0(vcpu);
 
-    if ((state->_cr0 & CR0_PG) && (state->_efer & IA32_EFER_LME)) {
+    if ((state->_efer & IA32_EFER_LME) && (cr0 & CR0_PG)) {
         state->_efer |= IA32_EFER_LMA;
 
         vmwrite(vcpu, VMX_ENTRY_CONTROLS, vmread(vcpu, VMX_ENTRY_CONTROLS) |
@@ -3515,6 +3516,7 @@ static int handle_msr_write(struct vcpu_t *vcpu, uint32_t msr, uint64_t val)
     int index, r = 0;
     struct vcpu_state_t *state = vcpu->state;
     struct gstate *gstate = &vcpu->gstate;
+    uint64_t cr0, cr4;
 
     switch (msr) {
         case IA32_TSC: {
@@ -3539,10 +3541,12 @@ static int handle_msr_write(struct vcpu_t *vcpu, uint32_t msr, uint64_t val)
             break;
         }
         case IA32_EFER: {
+            cr0 = vcpu_get_cr0(vcpu);
+            cr4 = vcpu_get_cr4(vcpu);
             hax_info("Guest writing to EFER[%u]: 0x%x -> 0x%llx, _cr0=0x%llx,"
                      " _cr4=0x%llx\n", vcpu->vcpu_id, state->_efer, val,
-                     state->_cr0, state->_cr4);
-            if ((state->_cr0 & CR0_PG) && !(state->_cr4 & CR4_PAE)) {
+                     cr0, cr4);
+            if ((cr0 & CR0_PG) && !(cr4 & CR4_PAE)) {
                 state->_efer = 0;
             } else {
                 state->_efer = val;

core/vmx.c

@@ -327,6 +327,40 @@ void vcpu_vmcs_flush_cache_w(struct vcpu_t *vcpu)
     vcpu->vmx.vmcs_cache_w.dirty = 0;
 }
 
+mword vcpu_get_cr0(struct vcpu_t *vcpu)
+{
+    struct vcpu_state_t *state = vcpu->state;
+    mword cr0, cr0_mask;
+
+    // Update only the bits the guest is allowed to change
+    // This must use the actual cr0 mask, not _cr0_mask.
+    cr0 = vmcs_read(vcpu, GUEST_CR0);
+    cr0_mask = vmcs_read(vcpu, VMX_CR0_MASK); // should cache this
+    state->_cr0 = (cr0 & ~cr0_mask) | (state->_cr0 & cr0_mask);
+    return state->_cr0;
+}
+
+mword vcpu_get_cr3(struct vcpu_t *vcpu)
+{
+    struct vcpu_state_t *state = vcpu->state;
+
+    // update CR3 only if guest is allowed to change it
+    if (!(vmx(vcpu, pcpu_ctls) & CR3_LOAD_EXITING))
+        state->_cr3 = vmread(vcpu, GUEST_CR3);
+    return state->_cr3;
+}
+
+mword vcpu_get_cr4(struct vcpu_t *vcpu)
+{
+    struct vcpu_state_t *state = vcpu->state;
+    mword cr4, cr4_mask;
+
+    cr4 = vmread(vcpu, GUEST_CR4);
+    cr4_mask = vmread(vcpu, VMX_CR4_MASK); // should cache this
+    state->_cr4 = (cr4 & ~cr4_mask) | (state->_cr4 & cr4_mask);
+    return state->_cr4;
+}
+
 mword vcpu_get_rflags(struct vcpu_t *vcpu)
 {
     return vmcs_read(vcpu, GUEST_RFLAGS);

core/vtlb.c

@@ -1162,10 +1162,13 @@ uint vcpu_translate(struct vcpu_t *vcpu, hax_vaddr_t va, uint access, hax_paddr_
 
 pagemode_t vcpu_get_pagemode(struct vcpu_t *vcpu)
 {
-    if (!(vcpu->state->_cr0 & CR0_PG))
+    uint64_t cr0 = vcpu_get_cr0(vcpu);
+    uint64_t cr4 = vcpu_get_cr4(vcpu);
+
+    if (!(cr0 & CR0_PG))
         return PM_FLAT;
 
-    if (!(vcpu->state->_cr4 & CR4_PAE))
+    if (!(cr4 & CR4_PAE))
         return PM_2LVL;
 
     // Only support pure 32-bit paging. May support PAE paging in future.