Jan Kiszka wrote:
> This is the second version of my segment type and register check. It
> reduces the impact on the translator code significantly, and it also
> fixes a bug of the "size" helper variant in the previous version.
> The idea of this patch is to generate calls to a check helper only in
> case the user requested this support via "-seg-checks". This feature
> remains off by default as most x86 OSes do not care about protection via
> segmentation anymore (and it was even removed from 64-bit modes by the
> CPU vendors). Moreover, checking the segment type and limit on every
> memory access is nothing that makes QEMU faster, so you will only want
> this if you are looking for very accurate emulation.
> On Fabrice's request I tried to find the conditions which allow enabling
> -seg-checks by default but kicking it out most of the time during code
> translation. That works for 64-bit mode, of course, but I still see no
> clear indication for the case that 32-bit guests are not interested in
> type checking specifically. If you see one, let me know.
Some 32-bit guests effectively disable segment range calculations
checks by setting the maximum limit and zero offset. Apparently, this
is faster on some real CPUs too.
Could type checking be done at translation time, including the segment
types in the translation cache key?
For guests like older Linux, with zero base and non-maximum limit in
user mode, could limit checking be done by the MMU TLB instead?