Bring HVF round-trip floor band into the shim#61
Open
jserv wants to merge 1 commit into
Open
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This closes the per-call shim path: a diagnostic counter array so every fast-path bail is attributed, inline getpgid(0) / getsid(0) using two new identity slots, and a 256-byte urandom / getrandom inline copy with 4 KiB ring-wrap split. The bulk copy uses ldp/stp with a tbz-driven 1..15 byte tail; the ring lock uses LSE swpal; the slow-path refill runs arc4random_buf outside the lock; the second AT probe is skipped when buf and buf+len-1 share a host page. PGSID_PUBLISH reads (pgid, sid) under session_lock via a new proc_snapshot_pgsid so a concurrent setsid on a sibling vCPU cannot publish a torn pair. Measured (Apple M1, 100k iter): read(urandom, 1) 133 -> 100 ns (-25 %) read(urandom, 64) 224 -> 163 ns (-27 %) read(urandom, 256) 528 -> 355 ns (-33 %) getrandom(1) 128 -> 95 ns (-26 %) getrandom(256) 534 -> 366 ns (-31 %) CB_URANDOM_RING_WRAP is retained for ABI stability but stays at zero now that wrap is served inline; a non-zero reading flags a regression.
Max042004
reviewed
Jun 1, 2026
| * RESTORE_GPRS_KEEP_X0 reloads X1..X30 from the saved frame, so x29/x30 | ||
| * are safe choices on any fast path. | ||
| */ | ||
| .macro COUNTER_INC byte_off, tmp_addr, tmp_val |
Collaborator
There was a problem hiding this comment.
ELFUSE_SHIM_STATS gates only the dump. The COUNTER_INC expansion in shim.S reads no such flag. So even with ELFUSE_SHIM_STATS unset , every getpid/getuid/gettid still incrementing.
Second cost is that every host vCPU thread issues a non-atomic load-add-store to the same counter line causing cache-line ping-pong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This closes the per-call shim path: a diagnostic counter array so every fast-path bail is attributed, inline getpgid(0) / getsid(0) using two new identity slots, and a 256-byte urandom / getrandom inline copy with 4 KiB ring-wrap split. The bulk copy uses ldp/stp with a tbz-driven 1..15 byte tail; the ring lock uses LSE swpal; the slow-path refill runs arc4random_buf outside the lock; the second AT probe is skipped when buf and buf+len-1 share a host page. PGSID_PUBLISH reads (pgid, sid) under session_lock via a new proc_snapshot_pgsid so a concurrent setsid on a sibling vCPU cannot publish a torn pair.
Measured (Apple M1, 100k iter):
CB_URANDOM_RING_WRAP is retained for ABI stability but stays at zero now that wrap is served inline; a non-zero reading flags a regression.
Summary by cubic
Moves short getrandom/urandom and getpgid/getsid work into the EL1 shim to avoid HVF round-trips. Adds per-call counters and cuts 1–256 byte RNG calls by ~25–33% on Apple M1.
New Features
swpallock, slow-path refill outside the lock, and a skipped second AT probe when the buffer stays on one page.getrandomaccepts flags 0 andGRND_NONBLOCK; others fall back to the host.session_lockvia a new snapshot path, and republished on bootstrap, fork, exec, setsid, and setpgid.ELFUSE_SHIM_STATS, plus helper APIs to read/print them.Bug Fixes
tests/test-shim-urandom-wrap.c.CB_URANDOM_RING_WRAPfor ABI stability; it remains zero and now flags regressions if non-zero.Written for commit d79de9f. Summary will update on new commits.