[v6,07/25] target/riscv: Reduce overhead of MSTATUS_SUM change

From: Fei Wu <fei2.wu@intel.com>

Kernel needs to access user mode memory e.g. during syscalls, the window
is usually opened up for a very limited time through MSTATUS.SUM, the
overhead is too much if tlb_flush() gets called for every SUM change.

This patch creates a separate MMU index for S+SUM, so that it's not
necessary to flush tlb anymore when SUM changes. This is similar to how
ARM handles Privileged Access Never (PAN).

Result of 'pipe 10' from unixbench boosts from 223656 to 1705006. Many
other syscalls benefit a lot from this too.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Fei Wu <fei2.wu@intel.com>
Message-Id: <20230324054154.414846-3-fei2.wu@intel.com>
---
 target/riscv/cpu.h                      |  2 --
 target/riscv/internals.h                | 14 ++++++++++++++
 target/riscv/cpu_helper.c               | 17 +++++++++++++++--
 target/riscv/csr.c                      |  3 +--
 target/riscv/op_helper.c                |  5 +++--
 target/riscv/insn_trans/trans_rvh.c.inc |  4 ++--
 6 files changed, 35 insertions(+), 10 deletions(-)

On 2023/3/25 18:54, Richard Henderson wrote:
> From: Fei Wu <fei2.wu@intel.com>
>
> Kernel needs to access user mode memory e.g. during syscalls, the window
> is usually opened up for a very limited time through MSTATUS.SUM, the
> overhead is too much if tlb_flush() gets called for every SUM change.
>
> This patch creates a separate MMU index for S+SUM, so that it's not
> necessary to flush tlb anymore when SUM changes. This is similar to how
> ARM handles Privileged Access Never (PAN).
>
> Result of 'pipe 10' from unixbench boosts from 223656 to 1705006. Many
> other syscalls benefit a lot from this too.
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: Fei Wu <fei2.wu@intel.com>
> Message-Id: <20230324054154.414846-3-fei2.wu@intel.com>
> ---
>   target/riscv/cpu.h                      |  2 --
>   target/riscv/internals.h                | 14 ++++++++++++++
>   target/riscv/cpu_helper.c               | 17 +++++++++++++++--
>   target/riscv/csr.c                      |  3 +--
>   target/riscv/op_helper.c                |  5 +++--
>   target/riscv/insn_trans/trans_rvh.c.inc |  4 ++--
>   6 files changed, 35 insertions(+), 10 deletions(-)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 3e59dbb3fd..5e589db106 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -631,8 +631,6 @@ G_NORETURN void riscv_raise_exception(CPURISCVState *env,
>   target_ulong riscv_cpu_get_fflags(CPURISCVState *env);
>   void riscv_cpu_set_fflags(CPURISCVState *env, target_ulong);
>   
> -#define TB_FLAGS_PRIV_HYP_ACCESS_MASK   (1 << 2)
> -
>   #include "exec/cpu-all.h"
>   
>   FIELD(TB_FLAGS, MEM_IDX, 0, 3)
> diff --git a/target/riscv/internals.h b/target/riscv/internals.h
> index 5620fbffb6..b55152a7dc 100644
> --- a/target/riscv/internals.h
> +++ b/target/riscv/internals.h
> @@ -21,6 +21,20 @@
>   
>   #include "hw/registerfields.h"
>   
> +/*
> + * The current MMU Modes are:
> + *  - U                 0b000
> + *  - S                 0b001
> + *  - S+SUM             0b010
> + *  - M                 0b011
> + *  - HLV/HLVX/HSV adds 0b100

Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>

Zhiwei

> + */
> +#define MMUIdx_U            0
> +#define MMUIdx_S            1
> +#define MMUIdx_S_SUM        2
> +#define MMUIdx_M            3
> +#define MMU_HYP_ACCESS_BIT  (1 << 2)
> +
>   /* share data between vector helpers and decode code */
>   FIELD(VDATA, VM, 0, 1)
>   FIELD(VDATA, LMUL, 1, 3)
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index 5753126c7a..052fdd2d9d 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -21,6 +21,7 @@
>   #include "qemu/log.h"
>   #include "qemu/main-loop.h"
>   #include "cpu.h"
> +#include "internals.h"
>   #include "pmu.h"
>   #include "exec/exec-all.h"
>   #include "instmap.h"
> @@ -36,7 +37,19 @@ int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
>   #ifdef CONFIG_USER_ONLY
>       return 0;
>   #else
> -    return env->priv;
> +    if (ifetch) {
> +        return env->priv;
> +    }
> +
> +    /* All priv -> mmu_idx mapping are here */
> +    int mode = env->priv;
> +    if (mode == PRV_M && get_field(env->mstatus, MSTATUS_MPRV)) {
> +        mode = get_field(env->mstatus, MSTATUS_MPP);
> +    }
> +    if (mode == PRV_S && get_field(env->mstatus, MSTATUS_SUM)) {
> +        return MMUIdx_S_SUM;
> +    }
> +    return mode;
>   #endif
>   }
>   
> @@ -600,7 +613,7 @@ void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable)
>   
>   bool riscv_cpu_two_stage_lookup(int mmu_idx)
>   {
> -    return mmu_idx & TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    return mmu_idx & MMU_HYP_ACCESS_BIT;
>   }
>   
>   int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint64_t interrupts)
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index abea7b749e..b79758a606 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -1246,8 +1246,7 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno,
>       RISCVMXL xl = riscv_cpu_mxl(env);
>   
>       /* flush tlb on mstatus fields that affect VM */
> -    if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP | MSTATUS_MPV |
> -            MSTATUS_MPRV | MSTATUS_SUM)) {
> +    if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPV)) {
>           tlb_flush(env_cpu(env));
>       }
>       mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
> diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
> index 84ee018f7d..962a061228 100644
> --- a/target/riscv/op_helper.c
> +++ b/target/riscv/op_helper.c
> @@ -20,6 +20,7 @@
>   
>   #include "qemu/osdep.h"
>   #include "cpu.h"
> +#include "internals.h"
>   #include "qemu/main-loop.h"
>   #include "exec/exec-all.h"
>   #include "exec/helper-proto.h"
> @@ -428,14 +429,14 @@ void helper_hyp_gvma_tlb_flush(CPURISCVState *env)
>   
>   target_ulong helper_hyp_hlvx_hu(CPURISCVState *env, target_ulong address)
>   {
> -    int mmu_idx = cpu_mmu_index(env, true) | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    int mmu_idx = cpu_mmu_index(env, true) | MMU_HYP_ACCESS_BIT;
>   
>       return cpu_lduw_mmuidx_ra(env, address, mmu_idx, GETPC());
>   }
>   
>   target_ulong helper_hyp_hlvx_wu(CPURISCVState *env, target_ulong address)
>   {
> -    int mmu_idx = cpu_mmu_index(env, true) | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    int mmu_idx = cpu_mmu_index(env, true) | MMU_HYP_ACCESS_BIT;
>   
>       return cpu_ldl_mmuidx_ra(env, address, mmu_idx, GETPC());
>   }
> diff --git a/target/riscv/insn_trans/trans_rvh.c.inc b/target/riscv/insn_trans/trans_rvh.c.inc
> index 9248b48c36..15842f4282 100644
> --- a/target/riscv/insn_trans/trans_rvh.c.inc
> +++ b/target/riscv/insn_trans/trans_rvh.c.inc
> @@ -40,7 +40,7 @@ static bool do_hlv(DisasContext *ctx, arg_r2 *a, MemOp mop)
>       if (check_access(ctx)) {
>           TCGv dest = dest_gpr(ctx, a->rd);
>           TCGv addr = get_gpr(ctx, a->rs1, EXT_NONE);
> -        int mem_idx = ctx->mem_idx | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +        int mem_idx = ctx->mem_idx | MMU_HYP_ACCESS_BIT;
>           tcg_gen_qemu_ld_tl(dest, addr, mem_idx, mop);
>           gen_set_gpr(ctx, a->rd, dest);
>       }
> @@ -87,7 +87,7 @@ static bool do_hsv(DisasContext *ctx, arg_r2_s *a, MemOp mop)
>       if (check_access(ctx)) {
>           TCGv addr = get_gpr(ctx, a->rs1, EXT_NONE);
>           TCGv data = get_gpr(ctx, a->rs2, EXT_NONE);
> -        int mem_idx = ctx->mem_idx | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +        int mem_idx = ctx->mem_idx | MMU_HYP_ACCESS_BIT;
>           tcg_gen_qemu_st_tl(data, addr, mem_idx, mop);
>       }
>       return true;

On Sat, Mar 25, 2023 at 9:57 PM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> From: Fei Wu <fei2.wu@intel.com>
>
> Kernel needs to access user mode memory e.g. during syscalls, the window
> is usually opened up for a very limited time through MSTATUS.SUM, the
> overhead is too much if tlb_flush() gets called for every SUM change.
>
> This patch creates a separate MMU index for S+SUM, so that it's not
> necessary to flush tlb anymore when SUM changes. This is similar to how
> ARM handles Privileged Access Never (PAN).
>
> Result of 'pipe 10' from unixbench boosts from 223656 to 1705006. Many
> other syscalls benefit a lot from this too.
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: Fei Wu <fei2.wu@intel.com>
> Message-Id: <20230324054154.414846-3-fei2.wu@intel.com>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Alistair

> ---
>  target/riscv/cpu.h                      |  2 --
>  target/riscv/internals.h                | 14 ++++++++++++++
>  target/riscv/cpu_helper.c               | 17 +++++++++++++++--
>  target/riscv/csr.c                      |  3 +--
>  target/riscv/op_helper.c                |  5 +++--
>  target/riscv/insn_trans/trans_rvh.c.inc |  4 ++--
>  6 files changed, 35 insertions(+), 10 deletions(-)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 3e59dbb3fd..5e589db106 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -631,8 +631,6 @@ G_NORETURN void riscv_raise_exception(CPURISCVState *env,
>  target_ulong riscv_cpu_get_fflags(CPURISCVState *env);
>  void riscv_cpu_set_fflags(CPURISCVState *env, target_ulong);
>
> -#define TB_FLAGS_PRIV_HYP_ACCESS_MASK   (1 << 2)
> -
>  #include "exec/cpu-all.h"
>
>  FIELD(TB_FLAGS, MEM_IDX, 0, 3)
> diff --git a/target/riscv/internals.h b/target/riscv/internals.h
> index 5620fbffb6..b55152a7dc 100644
> --- a/target/riscv/internals.h
> +++ b/target/riscv/internals.h
> @@ -21,6 +21,20 @@
>
>  #include "hw/registerfields.h"
>
> +/*
> + * The current MMU Modes are:
> + *  - U                 0b000
> + *  - S                 0b001
> + *  - S+SUM             0b010
> + *  - M                 0b011
> + *  - HLV/HLVX/HSV adds 0b100
> + */
> +#define MMUIdx_U            0
> +#define MMUIdx_S            1
> +#define MMUIdx_S_SUM        2
> +#define MMUIdx_M            3
> +#define MMU_HYP_ACCESS_BIT  (1 << 2)
> +
>  /* share data between vector helpers and decode code */
>  FIELD(VDATA, VM, 0, 1)
>  FIELD(VDATA, LMUL, 1, 3)
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index 5753126c7a..052fdd2d9d 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -21,6 +21,7 @@
>  #include "qemu/log.h"
>  #include "qemu/main-loop.h"
>  #include "cpu.h"
> +#include "internals.h"
>  #include "pmu.h"
>  #include "exec/exec-all.h"
>  #include "instmap.h"
> @@ -36,7 +37,19 @@ int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
>  #ifdef CONFIG_USER_ONLY
>      return 0;
>  #else
> -    return env->priv;
> +    if (ifetch) {
> +        return env->priv;
> +    }
> +
> +    /* All priv -> mmu_idx mapping are here */
> +    int mode = env->priv;
> +    if (mode == PRV_M && get_field(env->mstatus, MSTATUS_MPRV)) {
> +        mode = get_field(env->mstatus, MSTATUS_MPP);
> +    }
> +    if (mode == PRV_S && get_field(env->mstatus, MSTATUS_SUM)) {
> +        return MMUIdx_S_SUM;
> +    }
> +    return mode;
>  #endif
>  }
>
> @@ -600,7 +613,7 @@ void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable)
>
>  bool riscv_cpu_two_stage_lookup(int mmu_idx)
>  {
> -    return mmu_idx & TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    return mmu_idx & MMU_HYP_ACCESS_BIT;
>  }
>
>  int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint64_t interrupts)
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index abea7b749e..b79758a606 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -1246,8 +1246,7 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno,
>      RISCVMXL xl = riscv_cpu_mxl(env);
>
>      /* flush tlb on mstatus fields that affect VM */
> -    if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP | MSTATUS_MPV |
> -            MSTATUS_MPRV | MSTATUS_SUM)) {
> +    if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPV)) {
>          tlb_flush(env_cpu(env));
>      }
>      mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
> diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
> index 84ee018f7d..962a061228 100644
> --- a/target/riscv/op_helper.c
> +++ b/target/riscv/op_helper.c
> @@ -20,6 +20,7 @@
>
>  #include "qemu/osdep.h"
>  #include "cpu.h"
> +#include "internals.h"
>  #include "qemu/main-loop.h"
>  #include "exec/exec-all.h"
>  #include "exec/helper-proto.h"
> @@ -428,14 +429,14 @@ void helper_hyp_gvma_tlb_flush(CPURISCVState *env)
>
>  target_ulong helper_hyp_hlvx_hu(CPURISCVState *env, target_ulong address)
>  {
> -    int mmu_idx = cpu_mmu_index(env, true) | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    int mmu_idx = cpu_mmu_index(env, true) | MMU_HYP_ACCESS_BIT;
>
>      return cpu_lduw_mmuidx_ra(env, address, mmu_idx, GETPC());
>  }
>
>  target_ulong helper_hyp_hlvx_wu(CPURISCVState *env, target_ulong address)
>  {
> -    int mmu_idx = cpu_mmu_index(env, true) | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +    int mmu_idx = cpu_mmu_index(env, true) | MMU_HYP_ACCESS_BIT;
>
>      return cpu_ldl_mmuidx_ra(env, address, mmu_idx, GETPC());
>  }
> diff --git a/target/riscv/insn_trans/trans_rvh.c.inc b/target/riscv/insn_trans/trans_rvh.c.inc
> index 9248b48c36..15842f4282 100644
> --- a/target/riscv/insn_trans/trans_rvh.c.inc
> +++ b/target/riscv/insn_trans/trans_rvh.c.inc
> @@ -40,7 +40,7 @@ static bool do_hlv(DisasContext *ctx, arg_r2 *a, MemOp mop)
>      if (check_access(ctx)) {
>          TCGv dest = dest_gpr(ctx, a->rd);
>          TCGv addr = get_gpr(ctx, a->rs1, EXT_NONE);
> -        int mem_idx = ctx->mem_idx | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +        int mem_idx = ctx->mem_idx | MMU_HYP_ACCESS_BIT;
>          tcg_gen_qemu_ld_tl(dest, addr, mem_idx, mop);
>          gen_set_gpr(ctx, a->rd, dest);
>      }
> @@ -87,7 +87,7 @@ static bool do_hsv(DisasContext *ctx, arg_r2_s *a, MemOp mop)
>      if (check_access(ctx)) {
>          TCGv addr = get_gpr(ctx, a->rs1, EXT_NONE);
>          TCGv data = get_gpr(ctx, a->rs2, EXT_NONE);
> -        int mem_idx = ctx->mem_idx | TB_FLAGS_PRIV_HYP_ACCESS_MASK;
> +        int mem_idx = ctx->mem_idx | MMU_HYP_ACCESS_BIT;
>          tcg_gen_qemu_st_tl(data, addr, mem_idx, mop);
>      }
>      return true;
> --
> 2.34.1
>
>