Changeset 104858 in vbox

Timestamp:

Jun 5, 2024 6:10:20 PM (8 months ago)

Author:

vboxsync

Message:

VMM/IEM: Optimize executable memory allocation on macOS by removing the need for calling RTMemProtect() to switch between RW and RX memory, bugref:10555.

On macOS it is impossible to have memory allocated RWX which is the reason for the current RTMemProtect() trickery which induces additional overhead. However the mach
VM API allows remapping the physical memory backed by a virtual address into another region which can have different protection flags. This allows having a virtual
memory region with readable/writeable permissions and a second region with readable/executable permissions both backed by the same physical memory.
A profiling build before this optimization took 76 ticks on average (taken before any memory pruning started to take place because the maximum amount of executable
memory was reached) when allocating executable memory, which translates to 3166.7ns given the 24MHz frequency of CNTVCT_EL0 used as the time source.
With the optimization in place the average is now 15 ticks, or 625ns.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veExecMem.cpp (modified) (24 diffs)
• VMMAll/IEMAllN8veRecompiler.cpp (modified) (3 diffs)
• include/IEMInternal.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veExecMem.cpp

@@ -72 +72 @@
 # if defined(RT_OS_DARWIN)
 #  include <libkern/OSCacheControl.h>
+#  include <mach/mach.h>
+#  include <mach/mach_vm.h>
 #  define IEMNATIVE_USE_LIBUNWIND
 extern "C" void  __register_frame(const void *pvFde);
@@ -220 +222 @@
     /** Hint were to start searching for free space in the allocation bitmap. */
     uint32_t                idxFreeHint;
-    /** Pointer to the chunk. */
-    void                   *pvChunk;
+    /** Pointer to the readable/writeable view of the memory chunk. */
+    void                   *pvChunkRw;
+    /** Pointer to the readable/executable view of the memory chunk. */
+    void                   *pvChunkRx;
 #ifdef IN_RING3
     /**
@@ -412 +416 @@
      */
     uint64_t            cbPruned = 0;
-    uint8_t * const     pbChunk  = (uint8_t *)pExecMemAllocator->aChunks[idxChunk].pvChunk;
+    uint8_t * const     pbChunk  = (uint8_t *)pExecMemAllocator->aChunks[idxChunk].pvChunkRx;
     while (offChunk < offPruneEnd)
     {
@@ -427 +431 @@
             AssertPtr(pTb);
 
-            /* We now have to check that this isn't a old freed header, given
-               that we don't invalidate the header upon free because of darwin
-               restrictions on executable memory (iemExecMemAllocatorFree).
-               This relies upon iemTbAllocatorFreeInner resetting TB members. */
-            if (   pTb->Native.paInstructions == (PIEMNATIVEINSTR)(pHdr + 1)
-                && (pTb->fFlags & IEMTB_F_TYPE_MASK) == IEMTB_F_TYPE_NATIVE)
-            {
-                uint32_t const cbBlock = RT_ALIGN_32(pTb->Native.cInstructions * sizeof(IEMNATIVEINSTR) + sizeof(*pHdr),
-                                                     IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SIZE);
-                AssertBreakStmt(offChunk + cbBlock <= cbChunk, offChunk += IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SIZE); /* paranoia */
-
-                iemTbAllocatorFree(pVCpu, pTb);
-
-                cbPruned += cbBlock;
-                offChunk += cbBlock;
-            }
-            else
-                offChunk += IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SIZE;
+            uint32_t const cbBlock = RT_ALIGN_32(pTb->Native.cInstructions * sizeof(IEMNATIVEINSTR) + sizeof(*pHdr),
+                                                 IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SIZE);
+            AssertBreakStmt(offChunk + cbBlock <= cbChunk, offChunk += IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SIZE); /* paranoia */
+
+            iemTbAllocatorFree(pVCpu, pTb);
+
+            cbPruned += cbBlock;
+            offChunk += cbBlock;
         }
         else
@@ -466 +460 @@
  */
 static void *iemExecMemAllocatorAllocInChunkInt(PIEMEXECMEMALLOCATOR pExecMemAllocator, uint64_t *pbmAlloc, uint32_t idxFirst,
-                                                uint32_t cToScan, uint32_t cReqUnits, uint32_t idxChunk, PIEMTB pTb)
+                                                uint32_t cToScan, uint32_t cReqUnits, uint32_t idxChunk, PIEMTB pTb, void **ppvExec)
 {
     /*
@@ -500 +494 @@
             pExecMemAllocator->idxChunkHint  = idxChunk;
 
-            void * const pvMem = (uint8_t *)pChunk->pvChunk
-                               + ((idxFirst + (uint32_t)iBit) << IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SHIFT);
-#ifdef RT_OS_DARWIN
-            /*
-             * Sucks, but RTMEM_PROT_EXEC and RTMEM_PROT_WRITE are mutually exclusive
-             * on darwin.  So, we mark the pages returned as read+write after alloc and
-             * expect the caller to call iemExecMemAllocatorReadyForUse when done
-             * writing to the allocation.
-             *
-             * See also https://developer.apple.com/documentation/apple-silicon/porting-just-in-time-compilers-to-apple-silicon
-             * for details.
-             */
-            /** @todo detect if this is necessary... it wasn't required on 10.15 or
-             *        whatever older version it was. */
-            int rc = RTMemProtect(pvMem, cbReq, RTMEM_PROT_WRITE | RTMEM_PROT_READ);
-            AssertRC(rc);
-#endif
+            void * const pvMemRw = (uint8_t *)pChunk->pvChunkRw
+                                 + ((idxFirst + (uint32_t)iBit) << IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SHIFT);
 
             /*
@@ -522 +501 @@
              */
 # ifdef IEMEXECMEM_ALT_SUB_WITH_ALLOC_HEADER
-            PIEMEXECMEMALLOCHDR const pHdr = (PIEMEXECMEMALLOCHDR)pvMem;
+            PIEMEXECMEMALLOCHDR const pHdr = (PIEMEXECMEMALLOCHDR)pvMemRw;
             pHdr->uMagic   = IEMEXECMEMALLOCHDR_MAGIC;
             pHdr->idxChunk = idxChunk;
             pHdr->pTb      = pTb;
+
+            if (ppvExec)
+                *ppvExec = (uint8_t *)pChunk->pvChunkRx
+                         + ((idxFirst + (uint32_t)iBit) << IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SHIFT)
+                         + sizeof(*pHdr);
+
             return pHdr + 1;
 #else
+            if (ppvExec)
+                *ppvExec = (uint8_t *)pChunk->pvChunkRx
+                         + ((idxFirst + (uint32_t)iBit) << IEMEXECMEM_ALT_SUB_ALLOC_UNIT_SHIFT);
+
             RT_NOREF(pTb);
             return pvMem;
@@ -540 +529 @@
 
 static void *
-iemExecMemAllocatorAllocInChunk(PIEMEXECMEMALLOCATOR pExecMemAllocator, uint32_t idxChunk, uint32_t cbReq, PIEMTB pTb)
+iemExecMemAllocatorAllocInChunk(PIEMEXECMEMALLOCATOR pExecMemAllocator, uint32_t idxChunk, uint32_t cbReq, PIEMTB pTb, void **ppvExec)
 {
     /*
@@ -559 +548 @@
             void *pvRet = iemExecMemAllocatorAllocInChunkInt(pExecMemAllocator, pbmAlloc, idxHint,
                                                              pExecMemAllocator->cUnitsPerChunk - idxHint,
-                                                             cReqUnits, idxChunk, pTb);
+                                                             cReqUnits, idxChunk, pTb, ppvExec);
             if (pvRet)
                 return pvRet;
@@ -565 +554 @@
         return iemExecMemAllocatorAllocInChunkInt(pExecMemAllocator, pbmAlloc, 0,
                                                   RT_MIN(pExecMemAllocator->cUnitsPerChunk, RT_ALIGN_32(idxHint + cReqUnits, 64)),
-                                                  cReqUnits, idxChunk, pTb);
+                                                  cReqUnits, idxChunk, pTb, ppvExec);
     }
     return NULL;
@@ -574 +563 @@
  * Allocates @a cbReq bytes of executable memory.
  *
- * @returns Pointer to the memory, NULL if out of memory or other problem
+ * @returns Pointer to the readable/writeable memory, NULL if out of memory or other problem
  *          encountered.
  * @param   pVCpu   The cross context virtual CPU structure of the calling
@@ -580 +569 @@
  * @param   cbReq   How many bytes are required.
  * @param   pTb     The translation block that will be using the allocation.
- */
-DECLHIDDEN(void *) iemExecMemAllocatorAlloc(PVMCPU pVCpu, uint32_t cbReq, PIEMTB pTb) RT_NOEXCEPT
+ * @param   ppvExec Where to return the pointer to executable view of the allocated memory, optional.
+ */
+DECLHIDDEN(void *) iemExecMemAllocatorAlloc(PVMCPU pVCpu, uint32_t cbReq, PIEMTB pTb, void **ppvExec) RT_NOEXCEPT
 {
     PIEMEXECMEMALLOCATOR pExecMemAllocator = pVCpu->iem.s.pExecMemAllocatorR3;
@@ -596 +586 @@
             for (uint32_t idxChunk = idxChunkHint; idxChunk < cChunks; idxChunk++)
             {
-                void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb);
+                void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb, ppvExec);
                 if (pvRet)
                 {
@@ -605 +595 @@
             for (uint32_t idxChunk = 0; idxChunk < idxChunkHint; idxChunk++)
             {
-                void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb);
+                void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb, ppvExec);
                 if (pvRet)
                 {
@@ -623 +613 @@
 
             uint32_t const idxChunk = pExecMemAllocator->cChunks - 1;
-            void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb);
+            void *pvRet = iemExecMemAllocatorAllocInChunk(pExecMemAllocator, idxChunk, cbReq, pTb, ppvExec);
             if (pvRet)
             {
@@ -655 +645 @@
 
 
-/** This is a hook that we may need later for changing memory protection back
- *  to readonly+exec */
+/** This is a hook to ensure the instruction cache is properly flushed before the code in the memory
+ * given by @a pv and @a cb is executed */
 DECLHIDDEN(void) iemExecMemAllocatorReadyForUse(PVMCPUCC pVCpu, void *pv, size_t cb) RT_NOEXCEPT
 {
 #ifdef RT_OS_DARWIN
-    /* See iemExecMemAllocatorAllocInChunkInt for the explanation. */
-    int rc = RTMemProtect(pv, cb, RTMEM_PROT_EXEC | RTMEM_PROT_READ);
-    AssertRC(rc); RT_NOREF(pVCpu);
-
     /*
      * Flush the instruction cache:
@@ -670 +656 @@
     /* sys_dcache_flush(pv, cb); - not necessary */
     sys_icache_invalidate(pv, cb);
+    RT_NOREF(pVCpu);
 #elif defined(RT_OS_LINUX)
     RT_NOREF(pVCpu);
@@ -724 +711 @@
 #endif
     {
-        uintptr_t const offChunk = (uintptr_t)pv - (uintptr_t)pExecMemAllocator->aChunks[idxChunk].pvChunk;
+        uintptr_t const offChunk = (uintptr_t)pv - (uintptr_t)pExecMemAllocator->aChunks[idxChunk].pvChunkRx;
         fFound = offChunk < cbChunk;
         if (fFound)
@@ -738 +725 @@
             ASMBitClearRange(pbmAlloc, idxFirst, idxFirst + cReqUnits);
 
-#if 0 /*def IEMEXECMEM_ALT_SUB_WITH_ALLOC_HEADER - not necessary, we'll validate the header in the pruning code. */
-# ifdef RT_OS_DARWIN
-            int rc = RTMemProtect(pHdr, sizeof(*pHdr), RTMEM_PROT_WRITE | RTMEM_PROT_READ);
-            AssertRC(rc); RT_NOREF(pVCpu);
-# endif
-            pHdr->uMagic    = 0;
-            pHdr->idxChunk  = 0;
-            pHdr->pTb       = NULL;
-# ifdef RT_OS_DARWIN
-            rc = RTMemProtect(pHdr, sizeof(*pHdr), RTMEM_PROT_EXEC | RTMEM_PROT_READ);
-            AssertRC(rc); RT_NOREF(pVCpu);
-# endif
+            /* Invalidate the header using the writeable memory view. */
+            pHdr = (PIEMEXECMEMALLOCHDR)((uintptr_t)pExecMemAllocator->aChunks[idxChunk].pvChunkRw + offChunk);
+#ifdef IEMEXECMEM_ALT_SUB_WITH_ALLOC_HEADER
+            pHdr->uMagic   = 0;
+            pHdr->idxChunk = 0;
+            pHdr->pTb      = NULL;
 #endif
             pExecMemAllocator->aChunks[idxChunk].cFreeUnits  += cReqUnits;
@@ -1404 +1385 @@
     AssertLogRelReturn(pvChunk, VERR_NO_EXEC_MEMORY);
 
+#ifdef RT_OS_DARWIN
+    /*
+     * Because it is impossible to have a RWX memory allocation on macOS try to remap the memory
+     * chunk readable/executable somewhere else so we can save us the hassle of switching between
+     * protections when exeuctable memory is allocated.
+     */
+    mach_port_t       hPortTask    = mach_task_self();
+    mach_vm_address_t AddrChunk    = (mach_vm_address_t)pvChunk;
+    mach_vm_address_t AddrRemapped = 0;
+    vm_prot_t ProtCur, ProtMax;
+    kern_return_t krc = mach_vm_remap(hPortTask, &AddrRemapped, pExecMemAllocator->cbChunk, 0,
+                                      VM_FLAGS_ANYWHERE | VM_FLAGS_RETURN_DATA_ADDR,
+                                      hPortTask, AddrChunk, FALSE, &ProtCur, &ProtMax,
+                                      VM_INHERIT_NONE);
+    if (krc != KERN_SUCCESS)
+    {
+        RTMemPageFree(pvChunk, pExecMemAllocator->cbChunk);
+        AssertLogRelFailed();
+        return VERR_NO_EXEC_MEMORY;
+    }
+
+    krc = mach_vm_protect(mach_task_self(), AddrRemapped, pExecMemAllocator->cbChunk, FALSE, VM_PROT_READ | VM_PROT_EXECUTE);
+    if (krc != KERN_SUCCESS)
+    {
+        krc = mach_vm_deallocate(hPortTask, AddrRemapped, pExecMemAllocator->cbChunk);
+        Assert(krc == KERN_SUCCESS);
+        RTMemPageFree(pvChunk, pExecMemAllocator->cbChunk);
+        AssertLogRelFailed();
+        return VERR_NO_EXEC_MEMORY;
+    }
+
+    void *pvChunkRx = (void *)AddrRemapped;
+#else
+    void *pvChunkRx = pvChunk;
+#endif
+
     /*
      * Add the chunk.
@@ -1410 +1427 @@
      * memory from the chunk when using the alternative sub-allocator.
      */
-    pExecMemAllocator->aChunks[idxChunk].pvChunk      = pvChunk;
+    pExecMemAllocator->aChunks[idxChunk].pvChunkRw    = pvChunk;
+    pExecMemAllocator->aChunks[idxChunk].pvChunkRx    = pvChunkRx;
 #ifdef IN_RING3
     pExecMemAllocator->aChunks[idxChunk].pvUnwindInfo = NULL;
@@ -1430 +1448 @@
      * (This sets pvUnwindInfo.)
      */
-    int rc = iemExecMemAllocatorInitAndRegisterUnwindInfoForChunk(pVCpu, pExecMemAllocator, pvChunk, idxChunk);
+    int rc = iemExecMemAllocatorInitAndRegisterUnwindInfoForChunk(pVCpu, pExecMemAllocator, pvChunkRx, idxChunk);
     if (RT_SUCCESS(rc))
     { /* likely */ }
@@ -1441 +1459 @@
         memset(&pExecMemAllocator->pbmAlloc[pExecMemAllocator->cBitmapElementsPerChunk * idxChunk],
                0xff, sizeof(pExecMemAllocator->pbmAlloc[0]) * pExecMemAllocator->cBitmapElementsPerChunk);
-        pExecMemAllocator->aChunks[idxChunk].pvChunk    = NULL;
+        pExecMemAllocator->aChunks[idxChunk].pvChunkRw  = NULL;
         pExecMemAllocator->aChunks[idxChunk].cFreeUnits = 0;
+
+#ifdef RT_OS_DARWIN
+        krc = mach_vm_deallocate(mach_task_self(), (mach_vm_address_t)pExecMemAllocator->aChunks[idxChunk].pvChunkRx,
+                                 pExecMemAllocator->cbChunk);
+        Assert(krc == KERN_SUCCESS);
+#endif
 
         RTMemPageFree(pvChunk, pExecMemAllocator->cbChunk);
@@ -1540 +1564 @@
         pExecMemAllocator->aChunks[i].cFreeUnits   = 0;
         pExecMemAllocator->aChunks[i].idxFreeHint  = 0;
-        pExecMemAllocator->aChunks[i].pvChunk      = NULL;
+        pExecMemAllocator->aChunks[i].pvChunkRw    = NULL;
 #ifdef IN_RING0
         pExecMemAllocator->aChunks[i].hMemObj      = NIL_RTR0MEMOBJ;

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -9707 +9707 @@
         iemTbAllocatorProcessDelayedFrees(pVCpu, pVCpu->iem.s.pTbAllocatorR3);
 
-    PIEMNATIVEINSTR const paFinalInstrBuf = (PIEMNATIVEINSTR)iemExecMemAllocatorAlloc(pVCpu, off * sizeof(IEMNATIVEINSTR), pTb);
+    PIEMNATIVEINSTR paFinalInstrBufRx = NULL;
+    PIEMNATIVEINSTR const paFinalInstrBuf = (PIEMNATIVEINSTR)iemExecMemAllocatorAlloc(pVCpu, off * sizeof(IEMNATIVEINSTR), pTb, (void **)&paFinalInstrBufRx);
     AssertReturn(paFinalInstrBuf, pTb);
     memcpy(paFinalInstrBuf, pReNative->pInstrBuf, off * sizeof(paFinalInstrBuf[0]));
@@ -9768 +9769 @@
     }
 
-    iemExecMemAllocatorReadyForUse(pVCpu, paFinalInstrBuf, off * sizeof(IEMNATIVEINSTR));
+    iemExecMemAllocatorReadyForUse(pVCpu, paFinalInstrBufRx, off * sizeof(IEMNATIVEINSTR));
     STAM_REL_PROFILE_ADD_PERIOD(&pVCpu->iem.s.StatTbNativeCode, off * sizeof(IEMNATIVEINSTR));
 
@@ -9775 +9776 @@
      */
     RTMemFree(pTb->Thrd.paCalls);
-    pTb->Native.paInstructions  = paFinalInstrBuf;
+    pTb->Native.paInstructions  = paFinalInstrBufRx;
     pTb->Native.cInstructions   = off;
     pTb->fFlags                 = (pTb->fFlags & ~IEMTB_F_TYPE_MASK) | IEMTB_F_TYPE_NATIVE;

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -6253 +6253 @@
 DECLHIDDEN(void)    iemNativeDisassembleTb(PCIEMTB pTb, PCDBGFINFOHLP pHlp) RT_NOEXCEPT;
 int                 iemExecMemAllocatorInit(PVMCPU pVCpu, uint64_t cbMax, uint64_t cbInitial, uint32_t cbChunk) RT_NOEXCEPT;
-DECLHIDDEN(void *)  iemExecMemAllocatorAlloc(PVMCPU pVCpu, uint32_t cbReq, PIEMTB pTb) RT_NOEXCEPT;
+DECLHIDDEN(void *)  iemExecMemAllocatorAlloc(PVMCPU pVCpu, uint32_t cbReq, PIEMTB pTb, void **ppvExec) RT_NOEXCEPT;
 DECLHIDDEN(void)    iemExecMemAllocatorReadyForUse(PVMCPUCC pVCpu, void *pv, size_t cb) RT_NOEXCEPT;
 void                iemExecMemAllocatorFree(PVMCPU pVCpu, void *pv, size_t cb) RT_NOEXCEPT;