2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
19 #include <linux/types.h>
20 #include <linux/string.h>
23 #include <linux/highmem.h>
24 #include <linux/module.h>
34 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
36 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
41 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
42 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
46 #define pgprintk(x...) do { } while (0)
47 #define rmap_printk(x...) do { } while (0)
51 #if defined(MMU_DEBUG) || defined(AUDIT)
57 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
58 __FILE__, __LINE__, #x); \
61 #define PT64_PT_BITS 9
62 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
63 #define PT32_PT_BITS 10
64 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
66 #define PT_WRITABLE_SHIFT 1
68 #define PT_PRESENT_MASK (1ULL << 0)
69 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
70 #define PT_USER_MASK (1ULL << 2)
71 #define PT_PWT_MASK (1ULL << 3)
72 #define PT_PCD_MASK (1ULL << 4)
73 #define PT_ACCESSED_MASK (1ULL << 5)
74 #define PT_DIRTY_MASK (1ULL << 6)
75 #define PT_PAGE_SIZE_MASK (1ULL << 7)
76 #define PT_PAT_MASK (1ULL << 7)
77 #define PT_GLOBAL_MASK (1ULL << 8)
78 #define PT64_NX_MASK (1ULL << 63)
80 #define PT_PAT_SHIFT 7
81 #define PT_DIR_PAT_SHIFT 12
82 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
84 #define PT32_DIR_PSE36_SIZE 4
85 #define PT32_DIR_PSE36_SHIFT 13
86 #define PT32_DIR_PSE36_MASK (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
89 #define PT32_PTE_COPY_MASK \
90 (PT_PRESENT_MASK | PT_ACCESSED_MASK | PT_DIRTY_MASK | PT_GLOBAL_MASK)
92 #define PT64_PTE_COPY_MASK (PT64_NX_MASK | PT32_PTE_COPY_MASK)
94 #define PT_FIRST_AVAIL_BITS_SHIFT 9
95 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
97 #define PT_SHADOW_PS_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
98 #define PT_SHADOW_IO_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
100 #define PT_SHADOW_WRITABLE_SHIFT (PT_FIRST_AVAIL_BITS_SHIFT + 1)
101 #define PT_SHADOW_WRITABLE_MASK (1ULL << PT_SHADOW_WRITABLE_SHIFT)
103 #define PT_SHADOW_USER_SHIFT (PT_SHADOW_WRITABLE_SHIFT + 1)
104 #define PT_SHADOW_USER_MASK (1ULL << (PT_SHADOW_USER_SHIFT))
106 #define PT_SHADOW_BITS_OFFSET (PT_SHADOW_WRITABLE_SHIFT - PT_WRITABLE_SHIFT)
108 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
110 #define PT64_LEVEL_BITS 9
112 #define PT64_LEVEL_SHIFT(level) \
113 ( PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS )
115 #define PT64_LEVEL_MASK(level) \
116 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
118 #define PT64_INDEX(address, level)\
119 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
122 #define PT32_LEVEL_BITS 10
124 #define PT32_LEVEL_SHIFT(level) \
125 ( PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS )
127 #define PT32_LEVEL_MASK(level) \
128 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
130 #define PT32_INDEX(address, level)\
131 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
134 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & PAGE_MASK)
135 #define PT64_DIR_BASE_ADDR_MASK \
136 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
138 #define PT32_BASE_ADDR_MASK PAGE_MASK
139 #define PT32_DIR_BASE_ADDR_MASK \
140 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
143 #define PFERR_PRESENT_MASK (1U << 0)
144 #define PFERR_WRITE_MASK (1U << 1)
145 #define PFERR_USER_MASK (1U << 2)
147 #define PT64_ROOT_LEVEL 4
148 #define PT32_ROOT_LEVEL 2
149 #define PT32E_ROOT_LEVEL 3
151 #define PT_DIRECTORY_LEVEL 2
152 #define PT_PAGE_TABLE_LEVEL 1
156 struct kvm_rmap_desc {
157 u64 *shadow_ptes[RMAP_EXT];
158 struct kvm_rmap_desc *more;
161 static int is_write_protection(struct kvm_vcpu *vcpu)
163 return vcpu->cr0 & CR0_WP_MASK;
166 static int is_cpuid_PSE36(void)
171 static int is_present_pte(unsigned long pte)
173 return pte & PT_PRESENT_MASK;
176 static int is_writeble_pte(unsigned long pte)
178 return pte & PT_WRITABLE_MASK;
181 static int is_io_pte(unsigned long pte)
183 return pte & PT_SHADOW_IO_MARK;
186 static int is_rmap_pte(u64 pte)
188 return (pte & (PT_WRITABLE_MASK | PT_PRESENT_MASK))
189 == (PT_WRITABLE_MASK | PT_PRESENT_MASK);
192 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
193 size_t objsize, int min)
197 if (cache->nobjs >= min)
199 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
200 obj = kzalloc(objsize, GFP_NOWAIT);
203 cache->objects[cache->nobjs++] = obj;
208 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
211 kfree(mc->objects[--mc->nobjs]);
214 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
218 r = mmu_topup_memory_cache(&vcpu->mmu_pte_chain_cache,
219 sizeof(struct kvm_pte_chain), 4);
222 r = mmu_topup_memory_cache(&vcpu->mmu_rmap_desc_cache,
223 sizeof(struct kvm_rmap_desc), 1);
228 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
230 mmu_free_memory_cache(&vcpu->mmu_pte_chain_cache);
231 mmu_free_memory_cache(&vcpu->mmu_rmap_desc_cache);
234 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
240 p = mc->objects[--mc->nobjs];
245 static void mmu_memory_cache_free(struct kvm_mmu_memory_cache *mc, void *obj)
247 if (mc->nobjs < KVM_NR_MEM_OBJS)
248 mc->objects[mc->nobjs++] = obj;
253 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
255 return mmu_memory_cache_alloc(&vcpu->mmu_pte_chain_cache,
256 sizeof(struct kvm_pte_chain));
259 static void mmu_free_pte_chain(struct kvm_vcpu *vcpu,
260 struct kvm_pte_chain *pc)
262 mmu_memory_cache_free(&vcpu->mmu_pte_chain_cache, pc);
265 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
267 return mmu_memory_cache_alloc(&vcpu->mmu_rmap_desc_cache,
268 sizeof(struct kvm_rmap_desc));
271 static void mmu_free_rmap_desc(struct kvm_vcpu *vcpu,
272 struct kvm_rmap_desc *rd)
274 mmu_memory_cache_free(&vcpu->mmu_rmap_desc_cache, rd);
278 * Reverse mapping data structures:
280 * If page->private bit zero is zero, then page->private points to the
281 * shadow page table entry that points to page_address(page).
283 * If page->private bit zero is one, (then page->private & ~1) points
284 * to a struct kvm_rmap_desc containing more mappings.
286 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte)
289 struct kvm_rmap_desc *desc;
292 if (!is_rmap_pte(*spte))
294 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
295 if (!page->private) {
296 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
297 page->private = (unsigned long)spte;
298 } else if (!(page->private & 1)) {
299 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
300 desc = mmu_alloc_rmap_desc(vcpu);
301 desc->shadow_ptes[0] = (u64 *)page->private;
302 desc->shadow_ptes[1] = spte;
303 page->private = (unsigned long)desc | 1;
305 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
306 desc = (struct kvm_rmap_desc *)(page->private & ~1ul);
307 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
309 if (desc->shadow_ptes[RMAP_EXT-1]) {
310 desc->more = mmu_alloc_rmap_desc(vcpu);
313 for (i = 0; desc->shadow_ptes[i]; ++i)
315 desc->shadow_ptes[i] = spte;
319 static void rmap_desc_remove_entry(struct kvm_vcpu *vcpu,
321 struct kvm_rmap_desc *desc,
323 struct kvm_rmap_desc *prev_desc)
327 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
329 desc->shadow_ptes[i] = desc->shadow_ptes[j];
330 desc->shadow_ptes[j] = 0;
333 if (!prev_desc && !desc->more)
334 page->private = (unsigned long)desc->shadow_ptes[0];
337 prev_desc->more = desc->more;
339 page->private = (unsigned long)desc->more | 1;
340 mmu_free_rmap_desc(vcpu, desc);
343 static void rmap_remove(struct kvm_vcpu *vcpu, u64 *spte)
346 struct kvm_rmap_desc *desc;
347 struct kvm_rmap_desc *prev_desc;
350 if (!is_rmap_pte(*spte))
352 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
353 if (!page->private) {
354 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
356 } else if (!(page->private & 1)) {
357 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
358 if ((u64 *)page->private != spte) {
359 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
365 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
366 desc = (struct kvm_rmap_desc *)(page->private & ~1ul);
369 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
370 if (desc->shadow_ptes[i] == spte) {
371 rmap_desc_remove_entry(vcpu, page,
383 static void rmap_write_protect(struct kvm_vcpu *vcpu, u64 gfn)
385 struct kvm *kvm = vcpu->kvm;
387 struct kvm_memory_slot *slot;
388 struct kvm_rmap_desc *desc;
391 slot = gfn_to_memslot(kvm, gfn);
393 page = gfn_to_page(slot, gfn);
395 while (page->private) {
396 if (!(page->private & 1))
397 spte = (u64 *)page->private;
399 desc = (struct kvm_rmap_desc *)(page->private & ~1ul);
400 spte = desc->shadow_ptes[0];
403 BUG_ON((*spte & PT64_BASE_ADDR_MASK) !=
404 page_to_pfn(page) << PAGE_SHIFT);
405 BUG_ON(!(*spte & PT_PRESENT_MASK));
406 BUG_ON(!(*spte & PT_WRITABLE_MASK));
407 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
408 rmap_remove(vcpu, spte);
409 kvm_arch_ops->tlb_flush(vcpu);
410 *spte &= ~(u64)PT_WRITABLE_MASK;
414 static int is_empty_shadow_page(hpa_t page_hpa)
419 for (pos = __va(page_hpa), end = pos + PAGE_SIZE / sizeof(u64);
422 printk(KERN_ERR "%s: %p %llx\n", __FUNCTION__,
429 static void kvm_mmu_free_page(struct kvm_vcpu *vcpu, hpa_t page_hpa)
431 struct kvm_mmu_page *page_head = page_header(page_hpa);
433 ASSERT(is_empty_shadow_page(page_hpa));
434 list_del(&page_head->link);
435 page_head->page_hpa = page_hpa;
436 list_add(&page_head->link, &vcpu->free_pages);
437 ++vcpu->kvm->n_free_mmu_pages;
440 static unsigned kvm_page_table_hashfn(gfn_t gfn)
445 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
448 struct kvm_mmu_page *page;
450 if (list_empty(&vcpu->free_pages))
453 page = list_entry(vcpu->free_pages.next, struct kvm_mmu_page, link);
454 list_del(&page->link);
455 list_add(&page->link, &vcpu->kvm->active_mmu_pages);
456 ASSERT(is_empty_shadow_page(page->page_hpa));
457 page->slot_bitmap = 0;
459 page->multimapped = 0;
460 page->parent_pte = parent_pte;
461 --vcpu->kvm->n_free_mmu_pages;
465 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
466 struct kvm_mmu_page *page, u64 *parent_pte)
468 struct kvm_pte_chain *pte_chain;
469 struct hlist_node *node;
474 if (!page->multimapped) {
475 u64 *old = page->parent_pte;
478 page->parent_pte = parent_pte;
481 page->multimapped = 1;
482 pte_chain = mmu_alloc_pte_chain(vcpu);
483 INIT_HLIST_HEAD(&page->parent_ptes);
484 hlist_add_head(&pte_chain->link, &page->parent_ptes);
485 pte_chain->parent_ptes[0] = old;
487 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link) {
488 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
490 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
491 if (!pte_chain->parent_ptes[i]) {
492 pte_chain->parent_ptes[i] = parent_pte;
496 pte_chain = mmu_alloc_pte_chain(vcpu);
498 hlist_add_head(&pte_chain->link, &page->parent_ptes);
499 pte_chain->parent_ptes[0] = parent_pte;
502 static void mmu_page_remove_parent_pte(struct kvm_vcpu *vcpu,
503 struct kvm_mmu_page *page,
506 struct kvm_pte_chain *pte_chain;
507 struct hlist_node *node;
510 if (!page->multimapped) {
511 BUG_ON(page->parent_pte != parent_pte);
512 page->parent_pte = NULL;
515 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link)
516 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
517 if (!pte_chain->parent_ptes[i])
519 if (pte_chain->parent_ptes[i] != parent_pte)
521 while (i + 1 < NR_PTE_CHAIN_ENTRIES
522 && pte_chain->parent_ptes[i + 1]) {
523 pte_chain->parent_ptes[i]
524 = pte_chain->parent_ptes[i + 1];
527 pte_chain->parent_ptes[i] = NULL;
529 hlist_del(&pte_chain->link);
530 mmu_free_pte_chain(vcpu, pte_chain);
531 if (hlist_empty(&page->parent_ptes)) {
532 page->multimapped = 0;
533 page->parent_pte = NULL;
541 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm_vcpu *vcpu,
545 struct hlist_head *bucket;
546 struct kvm_mmu_page *page;
547 struct hlist_node *node;
549 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
550 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
551 bucket = &vcpu->kvm->mmu_page_hash[index];
552 hlist_for_each_entry(page, node, bucket, hash_link)
553 if (page->gfn == gfn && !page->role.metaphysical) {
554 pgprintk("%s: found role %x\n",
555 __FUNCTION__, page->role.word);
561 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
568 union kvm_mmu_page_role role;
571 struct hlist_head *bucket;
572 struct kvm_mmu_page *page;
573 struct hlist_node *node;
576 role.glevels = vcpu->mmu.root_level;
578 role.metaphysical = metaphysical;
579 if (vcpu->mmu.root_level <= PT32_ROOT_LEVEL) {
580 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
581 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
582 role.quadrant = quadrant;
584 pgprintk("%s: looking gfn %lx role %x\n", __FUNCTION__,
586 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
587 bucket = &vcpu->kvm->mmu_page_hash[index];
588 hlist_for_each_entry(page, node, bucket, hash_link)
589 if (page->gfn == gfn && page->role.word == role.word) {
590 mmu_page_add_parent_pte(vcpu, page, parent_pte);
591 pgprintk("%s: found\n", __FUNCTION__);
594 page = kvm_mmu_alloc_page(vcpu, parent_pte);
597 pgprintk("%s: adding gfn %lx role %x\n", __FUNCTION__, gfn, role.word);
600 hlist_add_head(&page->hash_link, bucket);
602 rmap_write_protect(vcpu, gfn);
606 static void kvm_mmu_page_unlink_children(struct kvm_vcpu *vcpu,
607 struct kvm_mmu_page *page)
613 pt = __va(page->page_hpa);
615 if (page->role.level == PT_PAGE_TABLE_LEVEL) {
616 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
617 if (pt[i] & PT_PRESENT_MASK)
618 rmap_remove(vcpu, &pt[i]);
621 kvm_arch_ops->tlb_flush(vcpu);
625 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
629 if (!(ent & PT_PRESENT_MASK))
631 ent &= PT64_BASE_ADDR_MASK;
632 mmu_page_remove_parent_pte(vcpu, page_header(ent), &pt[i]);
636 static void kvm_mmu_put_page(struct kvm_vcpu *vcpu,
637 struct kvm_mmu_page *page,
640 mmu_page_remove_parent_pte(vcpu, page, parent_pte);
643 static void kvm_mmu_zap_page(struct kvm_vcpu *vcpu,
644 struct kvm_mmu_page *page)
648 while (page->multimapped || page->parent_pte) {
649 if (!page->multimapped)
650 parent_pte = page->parent_pte;
652 struct kvm_pte_chain *chain;
654 chain = container_of(page->parent_ptes.first,
655 struct kvm_pte_chain, link);
656 parent_pte = chain->parent_ptes[0];
659 kvm_mmu_put_page(vcpu, page, parent_pte);
662 kvm_mmu_page_unlink_children(vcpu, page);
663 if (!page->root_count) {
664 hlist_del(&page->hash_link);
665 kvm_mmu_free_page(vcpu, page->page_hpa);
667 list_del(&page->link);
668 list_add(&page->link, &vcpu->kvm->active_mmu_pages);
672 static int kvm_mmu_unprotect_page(struct kvm_vcpu *vcpu, gfn_t gfn)
675 struct hlist_head *bucket;
676 struct kvm_mmu_page *page;
677 struct hlist_node *node, *n;
680 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
682 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
683 bucket = &vcpu->kvm->mmu_page_hash[index];
684 hlist_for_each_entry_safe(page, node, n, bucket, hash_link)
685 if (page->gfn == gfn && !page->role.metaphysical) {
686 pgprintk("%s: gfn %lx role %x\n", __FUNCTION__, gfn,
688 kvm_mmu_zap_page(vcpu, page);
694 static void page_header_update_slot(struct kvm *kvm, void *pte, gpa_t gpa)
696 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gpa >> PAGE_SHIFT));
697 struct kvm_mmu_page *page_head = page_header(__pa(pte));
699 __set_bit(slot, &page_head->slot_bitmap);
702 hpa_t safe_gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
704 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
706 return is_error_hpa(hpa) ? bad_page_address | (gpa & ~PAGE_MASK): hpa;
709 hpa_t gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
711 struct kvm_memory_slot *slot;
714 ASSERT((gpa & HPA_ERR_MASK) == 0);
715 slot = gfn_to_memslot(vcpu->kvm, gpa >> PAGE_SHIFT);
717 return gpa | HPA_ERR_MASK;
718 page = gfn_to_page(slot, gpa >> PAGE_SHIFT);
719 return ((hpa_t)page_to_pfn(page) << PAGE_SHIFT)
720 | (gpa & (PAGE_SIZE-1));
723 hpa_t gva_to_hpa(struct kvm_vcpu *vcpu, gva_t gva)
725 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
727 if (gpa == UNMAPPED_GVA)
729 return gpa_to_hpa(vcpu, gpa);
732 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
736 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, hpa_t p)
738 int level = PT32E_ROOT_LEVEL;
739 hpa_t table_addr = vcpu->mmu.root_hpa;
742 u32 index = PT64_INDEX(v, level);
746 ASSERT(VALID_PAGE(table_addr));
747 table = __va(table_addr);
751 if (is_present_pte(pte) && is_writeble_pte(pte))
753 mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT);
754 page_header_update_slot(vcpu->kvm, table, v);
755 table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK |
757 rmap_add(vcpu, &table[index]);
761 if (table[index] == 0) {
762 struct kvm_mmu_page *new_table;
765 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
767 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
771 pgprintk("nonpaging_map: ENOMEM\n");
775 table[index] = new_table->page_hpa | PT_PRESENT_MASK
776 | PT_WRITABLE_MASK | PT_USER_MASK;
778 table_addr = table[index] & PT64_BASE_ADDR_MASK;
782 static void mmu_free_roots(struct kvm_vcpu *vcpu)
785 struct kvm_mmu_page *page;
788 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
789 hpa_t root = vcpu->mmu.root_hpa;
791 ASSERT(VALID_PAGE(root));
792 page = page_header(root);
794 vcpu->mmu.root_hpa = INVALID_PAGE;
798 for (i = 0; i < 4; ++i) {
799 hpa_t root = vcpu->mmu.pae_root[i];
801 ASSERT(VALID_PAGE(root));
802 root &= PT64_BASE_ADDR_MASK;
803 page = page_header(root);
805 vcpu->mmu.pae_root[i] = INVALID_PAGE;
807 vcpu->mmu.root_hpa = INVALID_PAGE;
810 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
814 struct kvm_mmu_page *page;
816 root_gfn = vcpu->cr3 >> PAGE_SHIFT;
819 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
820 hpa_t root = vcpu->mmu.root_hpa;
822 ASSERT(!VALID_PAGE(root));
823 page = kvm_mmu_get_page(vcpu, root_gfn, 0,
824 PT64_ROOT_LEVEL, 0, NULL);
825 root = page->page_hpa;
827 vcpu->mmu.root_hpa = root;
831 for (i = 0; i < 4; ++i) {
832 hpa_t root = vcpu->mmu.pae_root[i];
834 ASSERT(!VALID_PAGE(root));
835 if (vcpu->mmu.root_level == PT32E_ROOT_LEVEL)
836 root_gfn = vcpu->pdptrs[i] >> PAGE_SHIFT;
837 else if (vcpu->mmu.root_level == 0)
839 page = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
840 PT32_ROOT_LEVEL, !is_paging(vcpu),
842 root = page->page_hpa;
844 vcpu->mmu.pae_root[i] = root | PT_PRESENT_MASK;
846 vcpu->mmu.root_hpa = __pa(vcpu->mmu.pae_root);
849 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
854 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
861 r = mmu_topup_memory_caches(vcpu);
866 ASSERT(VALID_PAGE(vcpu->mmu.root_hpa));
869 paddr = gpa_to_hpa(vcpu , addr & PT64_BASE_ADDR_MASK);
871 if (is_error_hpa(paddr))
874 return nonpaging_map(vcpu, addr & PAGE_MASK, paddr);
877 static void nonpaging_free(struct kvm_vcpu *vcpu)
879 mmu_free_roots(vcpu);
882 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
884 struct kvm_mmu *context = &vcpu->mmu;
886 context->new_cr3 = nonpaging_new_cr3;
887 context->page_fault = nonpaging_page_fault;
888 context->gva_to_gpa = nonpaging_gva_to_gpa;
889 context->free = nonpaging_free;
890 context->root_level = 0;
891 context->shadow_root_level = PT32E_ROOT_LEVEL;
892 mmu_alloc_roots(vcpu);
893 ASSERT(VALID_PAGE(context->root_hpa));
894 kvm_arch_ops->set_cr3(vcpu, context->root_hpa);
898 static void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
900 ++kvm_stat.tlb_flush;
901 kvm_arch_ops->tlb_flush(vcpu);
904 static void paging_new_cr3(struct kvm_vcpu *vcpu)
906 pgprintk("%s: cr3 %lx\n", __FUNCTION__, vcpu->cr3);
907 mmu_free_roots(vcpu);
908 if (unlikely(vcpu->kvm->n_free_mmu_pages < KVM_MIN_FREE_MMU_PAGES))
909 kvm_mmu_free_some_pages(vcpu);
910 mmu_alloc_roots(vcpu);
911 kvm_mmu_flush_tlb(vcpu);
912 kvm_arch_ops->set_cr3(vcpu, vcpu->mmu.root_hpa);
915 static void mark_pagetable_nonglobal(void *shadow_pte)
917 page_header(__pa(shadow_pte))->global = 0;
920 static inline void set_pte_common(struct kvm_vcpu *vcpu,
929 *shadow_pte |= access_bits << PT_SHADOW_BITS_OFFSET;
931 access_bits &= ~PT_WRITABLE_MASK;
933 paddr = gpa_to_hpa(vcpu, gaddr & PT64_BASE_ADDR_MASK);
935 *shadow_pte |= access_bits;
937 if (!(*shadow_pte & PT_GLOBAL_MASK))
938 mark_pagetable_nonglobal(shadow_pte);
940 if (is_error_hpa(paddr)) {
941 *shadow_pte |= gaddr;
942 *shadow_pte |= PT_SHADOW_IO_MARK;
943 *shadow_pte &= ~PT_PRESENT_MASK;
947 *shadow_pte |= paddr;
949 if (access_bits & PT_WRITABLE_MASK) {
950 struct kvm_mmu_page *shadow;
952 shadow = kvm_mmu_lookup_page(vcpu, gfn);
954 pgprintk("%s: found shadow page for %lx, marking ro\n",
956 access_bits &= ~PT_WRITABLE_MASK;
957 if (is_writeble_pte(*shadow_pte)) {
958 *shadow_pte &= ~PT_WRITABLE_MASK;
959 kvm_arch_ops->tlb_flush(vcpu);
964 if (access_bits & PT_WRITABLE_MASK)
965 mark_page_dirty(vcpu->kvm, gaddr >> PAGE_SHIFT);
967 page_header_update_slot(vcpu->kvm, shadow_pte, gaddr);
968 rmap_add(vcpu, shadow_pte);
971 static void inject_page_fault(struct kvm_vcpu *vcpu,
975 kvm_arch_ops->inject_page_fault(vcpu, addr, err_code);
978 static inline int fix_read_pf(u64 *shadow_ent)
980 if ((*shadow_ent & PT_SHADOW_USER_MASK) &&
981 !(*shadow_ent & PT_USER_MASK)) {
983 * If supervisor write protect is disabled, we shadow kernel
984 * pages as user pages so we can trap the write access.
986 *shadow_ent |= PT_USER_MASK;
987 *shadow_ent &= ~PT_WRITABLE_MASK;
995 static int may_access(u64 pte, int write, int user)
998 if (user && !(pte & PT_USER_MASK))
1000 if (write && !(pte & PT_WRITABLE_MASK))
1005 static void paging_free(struct kvm_vcpu *vcpu)
1007 nonpaging_free(vcpu);
1011 #include "paging_tmpl.h"
1015 #include "paging_tmpl.h"
1018 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1020 struct kvm_mmu *context = &vcpu->mmu;
1022 ASSERT(is_pae(vcpu));
1023 context->new_cr3 = paging_new_cr3;
1024 context->page_fault = paging64_page_fault;
1025 context->gva_to_gpa = paging64_gva_to_gpa;
1026 context->free = paging_free;
1027 context->root_level = level;
1028 context->shadow_root_level = level;
1029 mmu_alloc_roots(vcpu);
1030 ASSERT(VALID_PAGE(context->root_hpa));
1031 kvm_arch_ops->set_cr3(vcpu, context->root_hpa |
1032 (vcpu->cr3 & (CR3_PCD_MASK | CR3_WPT_MASK)));
1036 static int paging64_init_context(struct kvm_vcpu *vcpu)
1038 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1041 static int paging32_init_context(struct kvm_vcpu *vcpu)
1043 struct kvm_mmu *context = &vcpu->mmu;
1045 context->new_cr3 = paging_new_cr3;
1046 context->page_fault = paging32_page_fault;
1047 context->gva_to_gpa = paging32_gva_to_gpa;
1048 context->free = paging_free;
1049 context->root_level = PT32_ROOT_LEVEL;
1050 context->shadow_root_level = PT32E_ROOT_LEVEL;
1051 mmu_alloc_roots(vcpu);
1052 ASSERT(VALID_PAGE(context->root_hpa));
1053 kvm_arch_ops->set_cr3(vcpu, context->root_hpa |
1054 (vcpu->cr3 & (CR3_PCD_MASK | CR3_WPT_MASK)));
1058 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1060 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1063 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1066 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1068 if (!is_paging(vcpu))
1069 return nonpaging_init_context(vcpu);
1070 else if (is_long_mode(vcpu))
1071 return paging64_init_context(vcpu);
1072 else if (is_pae(vcpu))
1073 return paging32E_init_context(vcpu);
1075 return paging32_init_context(vcpu);
1078 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1081 if (VALID_PAGE(vcpu->mmu.root_hpa)) {
1082 vcpu->mmu.free(vcpu);
1083 vcpu->mmu.root_hpa = INVALID_PAGE;
1087 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1091 destroy_kvm_mmu(vcpu);
1092 r = init_kvm_mmu(vcpu);
1095 r = mmu_topup_memory_caches(vcpu);
1100 void kvm_mmu_pre_write(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes)
1102 gfn_t gfn = gpa >> PAGE_SHIFT;
1103 struct kvm_mmu_page *page;
1104 struct kvm_mmu_page *child;
1105 struct hlist_node *node, *n;
1106 struct hlist_head *bucket;
1110 unsigned offset = offset_in_page(gpa);
1112 unsigned page_offset;
1113 unsigned misaligned;
1117 pgprintk("%s: gpa %llx bytes %d\n", __FUNCTION__, gpa, bytes);
1118 if (gfn == vcpu->last_pt_write_gfn) {
1119 ++vcpu->last_pt_write_count;
1120 if (vcpu->last_pt_write_count >= 3)
1123 vcpu->last_pt_write_gfn = gfn;
1124 vcpu->last_pt_write_count = 1;
1126 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
1127 bucket = &vcpu->kvm->mmu_page_hash[index];
1128 hlist_for_each_entry_safe(page, node, n, bucket, hash_link) {
1129 if (page->gfn != gfn || page->role.metaphysical)
1131 pte_size = page->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1132 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1133 if (misaligned || flooded) {
1135 * Misaligned accesses are too much trouble to fix
1136 * up; also, they usually indicate a page is not used
1139 * If we're seeing too many writes to a page,
1140 * it may no longer be a page table, or we may be
1141 * forking, in which case it is better to unmap the
1144 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1145 gpa, bytes, page->role.word);
1146 kvm_mmu_zap_page(vcpu, page);
1149 page_offset = offset;
1150 level = page->role.level;
1151 if (page->role.glevels == PT32_ROOT_LEVEL) {
1152 page_offset <<= 1; /* 32->64 */
1153 page_offset &= ~PAGE_MASK;
1155 spte = __va(page->page_hpa);
1156 spte += page_offset / sizeof(*spte);
1158 if (is_present_pte(pte)) {
1159 if (level == PT_PAGE_TABLE_LEVEL)
1160 rmap_remove(vcpu, spte);
1162 child = page_header(pte & PT64_BASE_ADDR_MASK);
1163 mmu_page_remove_parent_pte(vcpu, child, spte);
1170 void kvm_mmu_post_write(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes)
1174 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1176 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
1178 return kvm_mmu_unprotect_page(vcpu, gpa >> PAGE_SHIFT);
1181 void kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1183 while (vcpu->kvm->n_free_mmu_pages < KVM_REFILL_PAGES) {
1184 struct kvm_mmu_page *page;
1186 page = container_of(vcpu->kvm->active_mmu_pages.prev,
1187 struct kvm_mmu_page, link);
1188 kvm_mmu_zap_page(vcpu, page);
1191 EXPORT_SYMBOL_GPL(kvm_mmu_free_some_pages);
1193 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1195 struct kvm_mmu_page *page;
1197 while (!list_empty(&vcpu->kvm->active_mmu_pages)) {
1198 page = container_of(vcpu->kvm->active_mmu_pages.next,
1199 struct kvm_mmu_page, link);
1200 kvm_mmu_zap_page(vcpu, page);
1202 while (!list_empty(&vcpu->free_pages)) {
1203 page = list_entry(vcpu->free_pages.next,
1204 struct kvm_mmu_page, link);
1205 list_del(&page->link);
1206 __free_page(pfn_to_page(page->page_hpa >> PAGE_SHIFT));
1207 page->page_hpa = INVALID_PAGE;
1209 free_page((unsigned long)vcpu->mmu.pae_root);
1212 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1219 for (i = 0; i < KVM_NUM_MMU_PAGES; i++) {
1220 struct kvm_mmu_page *page_header = &vcpu->page_header_buf[i];
1222 INIT_LIST_HEAD(&page_header->link);
1223 if ((page = alloc_page(GFP_KERNEL)) == NULL)
1225 page->private = (unsigned long)page_header;
1226 page_header->page_hpa = (hpa_t)page_to_pfn(page) << PAGE_SHIFT;
1227 memset(__va(page_header->page_hpa), 0, PAGE_SIZE);
1228 list_add(&page_header->link, &vcpu->free_pages);
1229 ++vcpu->kvm->n_free_mmu_pages;
1233 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1234 * Therefore we need to allocate shadow page tables in the first
1235 * 4GB of memory, which happens to fit the DMA32 zone.
1237 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1240 vcpu->mmu.pae_root = page_address(page);
1241 for (i = 0; i < 4; ++i)
1242 vcpu->mmu.pae_root[i] = INVALID_PAGE;
1247 free_mmu_pages(vcpu);
1251 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1254 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1255 ASSERT(list_empty(&vcpu->free_pages));
1257 return alloc_mmu_pages(vcpu);
1260 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1263 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1264 ASSERT(!list_empty(&vcpu->free_pages));
1266 return init_kvm_mmu(vcpu);
1269 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1273 destroy_kvm_mmu(vcpu);
1274 free_mmu_pages(vcpu);
1275 mmu_free_memory_caches(vcpu);
1278 void kvm_mmu_slot_remove_write_access(struct kvm_vcpu *vcpu, int slot)
1280 struct kvm *kvm = vcpu->kvm;
1281 struct kvm_mmu_page *page;
1283 list_for_each_entry(page, &kvm->active_mmu_pages, link) {
1287 if (!test_bit(slot, &page->slot_bitmap))
1290 pt = __va(page->page_hpa);
1291 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1293 if (pt[i] & PT_WRITABLE_MASK) {
1294 rmap_remove(vcpu, &pt[i]);
1295 pt[i] &= ~PT_WRITABLE_MASK;
1302 static const char *audit_msg;
1304 static gva_t canonicalize(gva_t gva)
1306 #ifdef CONFIG_X86_64
1307 gva = (long long)(gva << 16) >> 16;
1312 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
1313 gva_t va, int level)
1315 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
1317 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
1319 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
1322 if (!ent & PT_PRESENT_MASK)
1325 va = canonicalize(va);
1327 audit_mappings_page(vcpu, ent, va, level - 1);
1329 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, va);
1330 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
1332 if ((ent & PT_PRESENT_MASK)
1333 && (ent & PT64_BASE_ADDR_MASK) != hpa)
1334 printk(KERN_ERR "audit error: (%s) levels %d"
1335 " gva %lx gpa %llx hpa %llx ent %llx\n",
1336 audit_msg, vcpu->mmu.root_level,
1342 static void audit_mappings(struct kvm_vcpu *vcpu)
1346 if (vcpu->mmu.root_level == 4)
1347 audit_mappings_page(vcpu, vcpu->mmu.root_hpa, 0, 4);
1349 for (i = 0; i < 4; ++i)
1350 if (vcpu->mmu.pae_root[i] & PT_PRESENT_MASK)
1351 audit_mappings_page(vcpu,
1352 vcpu->mmu.pae_root[i],
1357 static int count_rmaps(struct kvm_vcpu *vcpu)
1362 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
1363 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
1364 struct kvm_rmap_desc *d;
1366 for (j = 0; j < m->npages; ++j) {
1367 struct page *page = m->phys_mem[j];
1371 if (!(page->private & 1)) {
1375 d = (struct kvm_rmap_desc *)(page->private & ~1ul);
1377 for (k = 0; k < RMAP_EXT; ++k)
1378 if (d->shadow_ptes[k])
1389 static int count_writable_mappings(struct kvm_vcpu *vcpu)
1392 struct kvm_mmu_page *page;
1395 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1396 u64 *pt = __va(page->page_hpa);
1398 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1401 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1404 if (!(ent & PT_PRESENT_MASK))
1406 if (!(ent & PT_WRITABLE_MASK))
1414 static void audit_rmap(struct kvm_vcpu *vcpu)
1416 int n_rmap = count_rmaps(vcpu);
1417 int n_actual = count_writable_mappings(vcpu);
1419 if (n_rmap != n_actual)
1420 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
1421 __FUNCTION__, audit_msg, n_rmap, n_actual);
1424 static void audit_write_protection(struct kvm_vcpu *vcpu)
1426 struct kvm_mmu_page *page;
1428 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1432 if (page->role.metaphysical)
1435 hfn = gpa_to_hpa(vcpu, (gpa_t)page->gfn << PAGE_SHIFT)
1437 pg = pfn_to_page(hfn);
1439 printk(KERN_ERR "%s: (%s) shadow page has writable"
1440 " mappings: gfn %lx role %x\n",
1441 __FUNCTION__, audit_msg, page->gfn,
1446 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
1453 audit_write_protection(vcpu);
1454 audit_mappings(vcpu);
projects / linux-2.6 / blob