2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
23 #include <linux/types.h>
24 #include <linux/string.h>
26 #include <linux/highmem.h>
27 #include <linux/module.h>
30 #include <asm/cmpxchg.h>
37 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
39 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
44 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
45 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
49 #define pgprintk(x...) do { } while (0)
50 #define rmap_printk(x...) do { } while (0)
54 #if defined(MMU_DEBUG) || defined(AUDIT)
59 #define ASSERT(x) do { } while (0)
63 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
64 __FILE__, __LINE__, #x); \
68 #define PT64_PT_BITS 9
69 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
70 #define PT32_PT_BITS 10
71 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
73 #define PT_WRITABLE_SHIFT 1
75 #define PT_PRESENT_MASK (1ULL << 0)
76 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
77 #define PT_USER_MASK (1ULL << 2)
78 #define PT_PWT_MASK (1ULL << 3)
79 #define PT_PCD_MASK (1ULL << 4)
80 #define PT_ACCESSED_MASK (1ULL << 5)
81 #define PT_DIRTY_MASK (1ULL << 6)
82 #define PT_PAGE_SIZE_MASK (1ULL << 7)
83 #define PT_PAT_MASK (1ULL << 7)
84 #define PT_GLOBAL_MASK (1ULL << 8)
85 #define PT64_NX_MASK (1ULL << 63)
87 #define PT_PAT_SHIFT 7
88 #define PT_DIR_PAT_SHIFT 12
89 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
91 #define PT32_DIR_PSE36_SIZE 4
92 #define PT32_DIR_PSE36_SHIFT 13
93 #define PT32_DIR_PSE36_MASK (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
96 #define PT_FIRST_AVAIL_BITS_SHIFT 9
97 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
99 #define PT_SHADOW_IO_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
101 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
103 #define PT64_LEVEL_BITS 9
105 #define PT64_LEVEL_SHIFT(level) \
106 ( PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS )
108 #define PT64_LEVEL_MASK(level) \
109 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
111 #define PT64_INDEX(address, level)\
112 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
115 #define PT32_LEVEL_BITS 10
117 #define PT32_LEVEL_SHIFT(level) \
118 ( PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS )
120 #define PT32_LEVEL_MASK(level) \
121 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
123 #define PT32_INDEX(address, level)\
124 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
127 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
128 #define PT64_DIR_BASE_ADDR_MASK \
129 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
131 #define PT32_BASE_ADDR_MASK PAGE_MASK
132 #define PT32_DIR_BASE_ADDR_MASK \
133 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
136 #define PFERR_PRESENT_MASK (1U << 0)
137 #define PFERR_WRITE_MASK (1U << 1)
138 #define PFERR_USER_MASK (1U << 2)
139 #define PFERR_FETCH_MASK (1U << 4)
141 #define PT64_ROOT_LEVEL 4
142 #define PT32_ROOT_LEVEL 2
143 #define PT32E_ROOT_LEVEL 3
145 #define PT_DIRECTORY_LEVEL 2
146 #define PT_PAGE_TABLE_LEVEL 1
150 struct kvm_rmap_desc {
151 u64 *shadow_ptes[RMAP_EXT];
152 struct kvm_rmap_desc *more;
155 static struct kmem_cache *pte_chain_cache;
156 static struct kmem_cache *rmap_desc_cache;
157 static struct kmem_cache *mmu_page_header_cache;
159 static int is_write_protection(struct kvm_vcpu *vcpu)
161 return vcpu->cr0 & X86_CR0_WP;
164 static int is_cpuid_PSE36(void)
169 static int is_nx(struct kvm_vcpu *vcpu)
171 return vcpu->shadow_efer & EFER_NX;
174 static int is_present_pte(unsigned long pte)
176 return pte & PT_PRESENT_MASK;
179 static int is_writeble_pte(unsigned long pte)
181 return pte & PT_WRITABLE_MASK;
184 static int is_io_pte(unsigned long pte)
186 return pte & PT_SHADOW_IO_MARK;
189 static int is_rmap_pte(u64 pte)
191 return (pte & (PT_WRITABLE_MASK | PT_PRESENT_MASK))
192 == (PT_WRITABLE_MASK | PT_PRESENT_MASK);
195 static void set_shadow_pte(u64 *sptep, u64 spte)
198 set_64bit((unsigned long *)sptep, spte);
200 set_64bit((unsigned long long *)sptep, spte);
204 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
205 struct kmem_cache *base_cache, int min)
209 if (cache->nobjs >= min)
211 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
212 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
215 cache->objects[cache->nobjs++] = obj;
220 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
223 kfree(mc->objects[--mc->nobjs]);
226 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
231 if (cache->nobjs >= min)
233 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
234 page = alloc_page(GFP_KERNEL);
237 set_page_private(page, 0);
238 cache->objects[cache->nobjs++] = page_address(page);
243 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
246 free_page((unsigned long)mc->objects[--mc->nobjs]);
249 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
253 kvm_mmu_free_some_pages(vcpu);
254 r = mmu_topup_memory_cache(&vcpu->mmu_pte_chain_cache,
258 r = mmu_topup_memory_cache(&vcpu->mmu_rmap_desc_cache,
262 r = mmu_topup_memory_cache_page(&vcpu->mmu_page_cache, 4);
265 r = mmu_topup_memory_cache(&vcpu->mmu_page_header_cache,
266 mmu_page_header_cache, 4);
271 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
273 mmu_free_memory_cache(&vcpu->mmu_pte_chain_cache);
274 mmu_free_memory_cache(&vcpu->mmu_rmap_desc_cache);
275 mmu_free_memory_cache_page(&vcpu->mmu_page_cache);
276 mmu_free_memory_cache(&vcpu->mmu_page_header_cache);
279 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
285 p = mc->objects[--mc->nobjs];
290 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
292 return mmu_memory_cache_alloc(&vcpu->mmu_pte_chain_cache,
293 sizeof(struct kvm_pte_chain));
296 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
301 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
303 return mmu_memory_cache_alloc(&vcpu->mmu_rmap_desc_cache,
304 sizeof(struct kvm_rmap_desc));
307 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
313 * Reverse mapping data structures:
315 * If page->private bit zero is zero, then page->private points to the
316 * shadow page table entry that points to page_address(page).
318 * If page->private bit zero is one, (then page->private & ~1) points
319 * to a struct kvm_rmap_desc containing more mappings.
321 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte)
324 struct kvm_rmap_desc *desc;
327 if (!is_rmap_pte(*spte))
329 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
330 if (!page_private(page)) {
331 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
332 set_page_private(page,(unsigned long)spte);
333 } else if (!(page_private(page) & 1)) {
334 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
335 desc = mmu_alloc_rmap_desc(vcpu);
336 desc->shadow_ptes[0] = (u64 *)page_private(page);
337 desc->shadow_ptes[1] = spte;
338 set_page_private(page,(unsigned long)desc | 1);
340 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
341 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
342 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
344 if (desc->shadow_ptes[RMAP_EXT-1]) {
345 desc->more = mmu_alloc_rmap_desc(vcpu);
348 for (i = 0; desc->shadow_ptes[i]; ++i)
350 desc->shadow_ptes[i] = spte;
354 static void rmap_desc_remove_entry(struct page *page,
355 struct kvm_rmap_desc *desc,
357 struct kvm_rmap_desc *prev_desc)
361 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
363 desc->shadow_ptes[i] = desc->shadow_ptes[j];
364 desc->shadow_ptes[j] = NULL;
367 if (!prev_desc && !desc->more)
368 set_page_private(page,(unsigned long)desc->shadow_ptes[0]);
371 prev_desc->more = desc->more;
373 set_page_private(page,(unsigned long)desc->more | 1);
374 mmu_free_rmap_desc(desc);
377 static void rmap_remove(u64 *spte)
380 struct kvm_rmap_desc *desc;
381 struct kvm_rmap_desc *prev_desc;
384 if (!is_rmap_pte(*spte))
386 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
387 if (!page_private(page)) {
388 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
390 } else if (!(page_private(page) & 1)) {
391 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
392 if ((u64 *)page_private(page) != spte) {
393 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
397 set_page_private(page,0);
399 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
400 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
403 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
404 if (desc->shadow_ptes[i] == spte) {
405 rmap_desc_remove_entry(page,
417 static void rmap_write_protect(struct kvm_vcpu *vcpu, u64 gfn)
419 struct kvm *kvm = vcpu->kvm;
421 struct kvm_rmap_desc *desc;
424 page = gfn_to_page(kvm, gfn);
427 while (page_private(page)) {
428 if (!(page_private(page) & 1))
429 spte = (u64 *)page_private(page);
431 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
432 spte = desc->shadow_ptes[0];
435 BUG_ON((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT
436 != page_to_pfn(page));
437 BUG_ON(!(*spte & PT_PRESENT_MASK));
438 BUG_ON(!(*spte & PT_WRITABLE_MASK));
439 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
441 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
442 kvm_flush_remote_tlbs(vcpu->kvm);
447 static int is_empty_shadow_page(u64 *spt)
452 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
454 printk(KERN_ERR "%s: %p %llx\n", __FUNCTION__,
462 static void kvm_mmu_free_page(struct kvm *kvm,
463 struct kvm_mmu_page *page_head)
465 ASSERT(is_empty_shadow_page(page_head->spt));
466 list_del(&page_head->link);
467 __free_page(virt_to_page(page_head->spt));
469 ++kvm->n_free_mmu_pages;
472 static unsigned kvm_page_table_hashfn(gfn_t gfn)
477 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
480 struct kvm_mmu_page *page;
482 if (!vcpu->kvm->n_free_mmu_pages)
485 page = mmu_memory_cache_alloc(&vcpu->mmu_page_header_cache,
487 page->spt = mmu_memory_cache_alloc(&vcpu->mmu_page_cache, PAGE_SIZE);
488 set_page_private(virt_to_page(page->spt), (unsigned long)page);
489 list_add(&page->link, &vcpu->kvm->active_mmu_pages);
490 ASSERT(is_empty_shadow_page(page->spt));
491 page->slot_bitmap = 0;
492 page->multimapped = 0;
493 page->parent_pte = parent_pte;
494 --vcpu->kvm->n_free_mmu_pages;
498 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
499 struct kvm_mmu_page *page, u64 *parent_pte)
501 struct kvm_pte_chain *pte_chain;
502 struct hlist_node *node;
507 if (!page->multimapped) {
508 u64 *old = page->parent_pte;
511 page->parent_pte = parent_pte;
514 page->multimapped = 1;
515 pte_chain = mmu_alloc_pte_chain(vcpu);
516 INIT_HLIST_HEAD(&page->parent_ptes);
517 hlist_add_head(&pte_chain->link, &page->parent_ptes);
518 pte_chain->parent_ptes[0] = old;
520 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link) {
521 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
523 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
524 if (!pte_chain->parent_ptes[i]) {
525 pte_chain->parent_ptes[i] = parent_pte;
529 pte_chain = mmu_alloc_pte_chain(vcpu);
531 hlist_add_head(&pte_chain->link, &page->parent_ptes);
532 pte_chain->parent_ptes[0] = parent_pte;
535 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *page,
538 struct kvm_pte_chain *pte_chain;
539 struct hlist_node *node;
542 if (!page->multimapped) {
543 BUG_ON(page->parent_pte != parent_pte);
544 page->parent_pte = NULL;
547 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link)
548 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
549 if (!pte_chain->parent_ptes[i])
551 if (pte_chain->parent_ptes[i] != parent_pte)
553 while (i + 1 < NR_PTE_CHAIN_ENTRIES
554 && pte_chain->parent_ptes[i + 1]) {
555 pte_chain->parent_ptes[i]
556 = pte_chain->parent_ptes[i + 1];
559 pte_chain->parent_ptes[i] = NULL;
561 hlist_del(&pte_chain->link);
562 mmu_free_pte_chain(pte_chain);
563 if (hlist_empty(&page->parent_ptes)) {
564 page->multimapped = 0;
565 page->parent_pte = NULL;
573 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm_vcpu *vcpu,
577 struct hlist_head *bucket;
578 struct kvm_mmu_page *page;
579 struct hlist_node *node;
581 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
582 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
583 bucket = &vcpu->kvm->mmu_page_hash[index];
584 hlist_for_each_entry(page, node, bucket, hash_link)
585 if (page->gfn == gfn && !page->role.metaphysical) {
586 pgprintk("%s: found role %x\n",
587 __FUNCTION__, page->role.word);
593 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
598 unsigned hugepage_access,
601 union kvm_mmu_page_role role;
604 struct hlist_head *bucket;
605 struct kvm_mmu_page *page;
606 struct hlist_node *node;
609 role.glevels = vcpu->mmu.root_level;
611 role.metaphysical = metaphysical;
612 role.hugepage_access = hugepage_access;
613 if (vcpu->mmu.root_level <= PT32_ROOT_LEVEL) {
614 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
615 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
616 role.quadrant = quadrant;
618 pgprintk("%s: looking gfn %lx role %x\n", __FUNCTION__,
620 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
621 bucket = &vcpu->kvm->mmu_page_hash[index];
622 hlist_for_each_entry(page, node, bucket, hash_link)
623 if (page->gfn == gfn && page->role.word == role.word) {
624 mmu_page_add_parent_pte(vcpu, page, parent_pte);
625 pgprintk("%s: found\n", __FUNCTION__);
628 page = kvm_mmu_alloc_page(vcpu, parent_pte);
631 pgprintk("%s: adding gfn %lx role %x\n", __FUNCTION__, gfn, role.word);
634 hlist_add_head(&page->hash_link, bucket);
636 rmap_write_protect(vcpu, gfn);
640 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
641 struct kvm_mmu_page *page)
649 if (page->role.level == PT_PAGE_TABLE_LEVEL) {
650 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
651 if (pt[i] & PT_PRESENT_MASK)
655 kvm_flush_remote_tlbs(kvm);
659 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
663 if (!(ent & PT_PRESENT_MASK))
665 ent &= PT64_BASE_ADDR_MASK;
666 mmu_page_remove_parent_pte(page_header(ent), &pt[i]);
668 kvm_flush_remote_tlbs(kvm);
671 static void kvm_mmu_put_page(struct kvm_mmu_page *page,
674 mmu_page_remove_parent_pte(page, parent_pte);
677 static void kvm_mmu_zap_page(struct kvm *kvm,
678 struct kvm_mmu_page *page)
682 while (page->multimapped || page->parent_pte) {
683 if (!page->multimapped)
684 parent_pte = page->parent_pte;
686 struct kvm_pte_chain *chain;
688 chain = container_of(page->parent_ptes.first,
689 struct kvm_pte_chain, link);
690 parent_pte = chain->parent_ptes[0];
693 kvm_mmu_put_page(page, parent_pte);
694 set_shadow_pte(parent_pte, 0);
696 kvm_mmu_page_unlink_children(kvm, page);
697 if (!page->root_count) {
698 hlist_del(&page->hash_link);
699 kvm_mmu_free_page(kvm, page);
701 list_move(&page->link, &kvm->active_mmu_pages);
704 static int kvm_mmu_unprotect_page(struct kvm_vcpu *vcpu, gfn_t gfn)
707 struct hlist_head *bucket;
708 struct kvm_mmu_page *page;
709 struct hlist_node *node, *n;
712 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
714 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
715 bucket = &vcpu->kvm->mmu_page_hash[index];
716 hlist_for_each_entry_safe(page, node, n, bucket, hash_link)
717 if (page->gfn == gfn && !page->role.metaphysical) {
718 pgprintk("%s: gfn %lx role %x\n", __FUNCTION__, gfn,
720 kvm_mmu_zap_page(vcpu->kvm, page);
726 static void mmu_unshadow(struct kvm_vcpu *vcpu, gfn_t gfn)
728 struct kvm_mmu_page *page;
730 while ((page = kvm_mmu_lookup_page(vcpu, gfn)) != NULL) {
731 pgprintk("%s: zap %lx %x\n",
732 __FUNCTION__, gfn, page->role.word);
733 kvm_mmu_zap_page(vcpu->kvm, page);
737 static void page_header_update_slot(struct kvm *kvm, void *pte, gpa_t gpa)
739 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gpa >> PAGE_SHIFT));
740 struct kvm_mmu_page *page_head = page_header(__pa(pte));
742 __set_bit(slot, &page_head->slot_bitmap);
745 hpa_t safe_gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
747 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
749 return is_error_hpa(hpa) ? bad_page_address | (gpa & ~PAGE_MASK): hpa;
752 hpa_t gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
756 ASSERT((gpa & HPA_ERR_MASK) == 0);
757 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
759 return gpa | HPA_ERR_MASK;
760 return ((hpa_t)page_to_pfn(page) << PAGE_SHIFT)
761 | (gpa & (PAGE_SIZE-1));
764 hpa_t gva_to_hpa(struct kvm_vcpu *vcpu, gva_t gva)
766 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
768 if (gpa == UNMAPPED_GVA)
770 return gpa_to_hpa(vcpu, gpa);
773 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
775 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
777 if (gpa == UNMAPPED_GVA)
779 return pfn_to_page(gpa_to_hpa(vcpu, gpa) >> PAGE_SHIFT);
782 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
786 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, hpa_t p)
788 int level = PT32E_ROOT_LEVEL;
789 hpa_t table_addr = vcpu->mmu.root_hpa;
792 u32 index = PT64_INDEX(v, level);
796 ASSERT(VALID_PAGE(table_addr));
797 table = __va(table_addr);
801 if (is_present_pte(pte) && is_writeble_pte(pte))
803 mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT);
804 page_header_update_slot(vcpu->kvm, table, v);
805 table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK |
807 rmap_add(vcpu, &table[index]);
811 if (table[index] == 0) {
812 struct kvm_mmu_page *new_table;
815 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
817 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
819 1, 0, &table[index]);
821 pgprintk("nonpaging_map: ENOMEM\n");
825 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
826 | PT_WRITABLE_MASK | PT_USER_MASK;
828 table_addr = table[index] & PT64_BASE_ADDR_MASK;
832 static void mmu_free_roots(struct kvm_vcpu *vcpu)
835 struct kvm_mmu_page *page;
837 if (!VALID_PAGE(vcpu->mmu.root_hpa))
840 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
841 hpa_t root = vcpu->mmu.root_hpa;
843 page = page_header(root);
845 vcpu->mmu.root_hpa = INVALID_PAGE;
849 for (i = 0; i < 4; ++i) {
850 hpa_t root = vcpu->mmu.pae_root[i];
853 root &= PT64_BASE_ADDR_MASK;
854 page = page_header(root);
857 vcpu->mmu.pae_root[i] = INVALID_PAGE;
859 vcpu->mmu.root_hpa = INVALID_PAGE;
862 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
866 struct kvm_mmu_page *page;
868 root_gfn = vcpu->cr3 >> PAGE_SHIFT;
871 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
872 hpa_t root = vcpu->mmu.root_hpa;
874 ASSERT(!VALID_PAGE(root));
875 page = kvm_mmu_get_page(vcpu, root_gfn, 0,
876 PT64_ROOT_LEVEL, 0, 0, NULL);
877 root = __pa(page->spt);
879 vcpu->mmu.root_hpa = root;
883 for (i = 0; i < 4; ++i) {
884 hpa_t root = vcpu->mmu.pae_root[i];
886 ASSERT(!VALID_PAGE(root));
887 if (vcpu->mmu.root_level == PT32E_ROOT_LEVEL) {
888 if (!is_present_pte(vcpu->pdptrs[i])) {
889 vcpu->mmu.pae_root[i] = 0;
892 root_gfn = vcpu->pdptrs[i] >> PAGE_SHIFT;
893 } else if (vcpu->mmu.root_level == 0)
895 page = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
896 PT32_ROOT_LEVEL, !is_paging(vcpu),
898 root = __pa(page->spt);
900 vcpu->mmu.pae_root[i] = root | PT_PRESENT_MASK;
902 vcpu->mmu.root_hpa = __pa(vcpu->mmu.pae_root);
905 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
910 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
917 r = mmu_topup_memory_caches(vcpu);
922 ASSERT(VALID_PAGE(vcpu->mmu.root_hpa));
925 paddr = gpa_to_hpa(vcpu , addr & PT64_BASE_ADDR_MASK);
927 if (is_error_hpa(paddr))
930 return nonpaging_map(vcpu, addr & PAGE_MASK, paddr);
933 static void nonpaging_free(struct kvm_vcpu *vcpu)
935 mmu_free_roots(vcpu);
938 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
940 struct kvm_mmu *context = &vcpu->mmu;
942 context->new_cr3 = nonpaging_new_cr3;
943 context->page_fault = nonpaging_page_fault;
944 context->gva_to_gpa = nonpaging_gva_to_gpa;
945 context->free = nonpaging_free;
946 context->root_level = 0;
947 context->shadow_root_level = PT32E_ROOT_LEVEL;
948 context->root_hpa = INVALID_PAGE;
952 static void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
954 ++vcpu->stat.tlb_flush;
955 kvm_x86_ops->tlb_flush(vcpu);
958 static void paging_new_cr3(struct kvm_vcpu *vcpu)
960 pgprintk("%s: cr3 %lx\n", __FUNCTION__, vcpu->cr3);
961 mmu_free_roots(vcpu);
964 static void inject_page_fault(struct kvm_vcpu *vcpu,
968 kvm_x86_ops->inject_page_fault(vcpu, addr, err_code);
971 static void paging_free(struct kvm_vcpu *vcpu)
973 nonpaging_free(vcpu);
977 #include "paging_tmpl.h"
981 #include "paging_tmpl.h"
984 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
986 struct kvm_mmu *context = &vcpu->mmu;
988 ASSERT(is_pae(vcpu));
989 context->new_cr3 = paging_new_cr3;
990 context->page_fault = paging64_page_fault;
991 context->gva_to_gpa = paging64_gva_to_gpa;
992 context->free = paging_free;
993 context->root_level = level;
994 context->shadow_root_level = level;
995 context->root_hpa = INVALID_PAGE;
999 static int paging64_init_context(struct kvm_vcpu *vcpu)
1001 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1004 static int paging32_init_context(struct kvm_vcpu *vcpu)
1006 struct kvm_mmu *context = &vcpu->mmu;
1008 context->new_cr3 = paging_new_cr3;
1009 context->page_fault = paging32_page_fault;
1010 context->gva_to_gpa = paging32_gva_to_gpa;
1011 context->free = paging_free;
1012 context->root_level = PT32_ROOT_LEVEL;
1013 context->shadow_root_level = PT32E_ROOT_LEVEL;
1014 context->root_hpa = INVALID_PAGE;
1018 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1020 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1023 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1026 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1028 if (!is_paging(vcpu))
1029 return nonpaging_init_context(vcpu);
1030 else if (is_long_mode(vcpu))
1031 return paging64_init_context(vcpu);
1032 else if (is_pae(vcpu))
1033 return paging32E_init_context(vcpu);
1035 return paging32_init_context(vcpu);
1038 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1041 if (VALID_PAGE(vcpu->mmu.root_hpa)) {
1042 vcpu->mmu.free(vcpu);
1043 vcpu->mmu.root_hpa = INVALID_PAGE;
1047 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1049 destroy_kvm_mmu(vcpu);
1050 return init_kvm_mmu(vcpu);
1053 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1057 mutex_lock(&vcpu->kvm->lock);
1058 r = mmu_topup_memory_caches(vcpu);
1061 mmu_alloc_roots(vcpu);
1062 kvm_x86_ops->set_cr3(vcpu, vcpu->mmu.root_hpa);
1063 kvm_mmu_flush_tlb(vcpu);
1065 mutex_unlock(&vcpu->kvm->lock);
1068 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1070 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1072 mmu_free_roots(vcpu);
1075 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1076 struct kvm_mmu_page *page,
1080 struct kvm_mmu_page *child;
1083 if (is_present_pte(pte)) {
1084 if (page->role.level == PT_PAGE_TABLE_LEVEL)
1087 child = page_header(pte & PT64_BASE_ADDR_MASK);
1088 mmu_page_remove_parent_pte(child, spte);
1092 kvm_flush_remote_tlbs(vcpu->kvm);
1095 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1096 struct kvm_mmu_page *page,
1098 const void *new, int bytes)
1100 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1103 if (page->role.glevels == PT32_ROOT_LEVEL)
1104 paging32_update_pte(vcpu, page, spte, new, bytes);
1106 paging64_update_pte(vcpu, page, spte, new, bytes);
1109 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1110 const u8 *new, int bytes)
1112 gfn_t gfn = gpa >> PAGE_SHIFT;
1113 struct kvm_mmu_page *page;
1114 struct hlist_node *node, *n;
1115 struct hlist_head *bucket;
1118 unsigned offset = offset_in_page(gpa);
1120 unsigned page_offset;
1121 unsigned misaligned;
1127 pgprintk("%s: gpa %llx bytes %d\n", __FUNCTION__, gpa, bytes);
1128 if (gfn == vcpu->last_pt_write_gfn) {
1129 ++vcpu->last_pt_write_count;
1130 if (vcpu->last_pt_write_count >= 3)
1133 vcpu->last_pt_write_gfn = gfn;
1134 vcpu->last_pt_write_count = 1;
1136 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
1137 bucket = &vcpu->kvm->mmu_page_hash[index];
1138 hlist_for_each_entry_safe(page, node, n, bucket, hash_link) {
1139 if (page->gfn != gfn || page->role.metaphysical)
1141 pte_size = page->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1142 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1143 misaligned |= bytes < 4;
1144 if (misaligned || flooded) {
1146 * Misaligned accesses are too much trouble to fix
1147 * up; also, they usually indicate a page is not used
1150 * If we're seeing too many writes to a page,
1151 * it may no longer be a page table, or we may be
1152 * forking, in which case it is better to unmap the
1155 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1156 gpa, bytes, page->role.word);
1157 kvm_mmu_zap_page(vcpu->kvm, page);
1160 page_offset = offset;
1161 level = page->role.level;
1163 if (page->role.glevels == PT32_ROOT_LEVEL) {
1164 page_offset <<= 1; /* 32->64 */
1166 * A 32-bit pde maps 4MB while the shadow pdes map
1167 * only 2MB. So we need to double the offset again
1168 * and zap two pdes instead of one.
1170 if (level == PT32_ROOT_LEVEL) {
1171 page_offset &= ~7; /* kill rounding error */
1175 quadrant = page_offset >> PAGE_SHIFT;
1176 page_offset &= ~PAGE_MASK;
1177 if (quadrant != page->role.quadrant)
1180 spte = &page->spt[page_offset / sizeof(*spte)];
1182 mmu_pte_write_zap_pte(vcpu, page, spte);
1183 mmu_pte_write_new_pte(vcpu, page, spte, new, bytes);
1189 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1191 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
1193 return kvm_mmu_unprotect_page(vcpu, gpa >> PAGE_SHIFT);
1196 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1198 while (vcpu->kvm->n_free_mmu_pages < KVM_REFILL_PAGES) {
1199 struct kvm_mmu_page *page;
1201 page = container_of(vcpu->kvm->active_mmu_pages.prev,
1202 struct kvm_mmu_page, link);
1203 kvm_mmu_zap_page(vcpu->kvm, page);
1207 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1209 struct kvm_mmu_page *page;
1211 while (!list_empty(&vcpu->kvm->active_mmu_pages)) {
1212 page = container_of(vcpu->kvm->active_mmu_pages.next,
1213 struct kvm_mmu_page, link);
1214 kvm_mmu_zap_page(vcpu->kvm, page);
1216 free_page((unsigned long)vcpu->mmu.pae_root);
1219 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1226 vcpu->kvm->n_free_mmu_pages = KVM_NUM_MMU_PAGES;
1229 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1230 * Therefore we need to allocate shadow page tables in the first
1231 * 4GB of memory, which happens to fit the DMA32 zone.
1233 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1236 vcpu->mmu.pae_root = page_address(page);
1237 for (i = 0; i < 4; ++i)
1238 vcpu->mmu.pae_root[i] = INVALID_PAGE;
1243 free_mmu_pages(vcpu);
1247 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1250 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1252 return alloc_mmu_pages(vcpu);
1255 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1258 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1260 return init_kvm_mmu(vcpu);
1263 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1267 destroy_kvm_mmu(vcpu);
1268 free_mmu_pages(vcpu);
1269 mmu_free_memory_caches(vcpu);
1272 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
1274 struct kvm_mmu_page *page;
1276 list_for_each_entry(page, &kvm->active_mmu_pages, link) {
1280 if (!test_bit(slot, &page->slot_bitmap))
1284 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1286 if (pt[i] & PT_WRITABLE_MASK) {
1287 rmap_remove(&pt[i]);
1288 pt[i] &= ~PT_WRITABLE_MASK;
1293 void kvm_mmu_zap_all(struct kvm *kvm)
1295 struct kvm_mmu_page *page, *node;
1297 list_for_each_entry_safe(page, node, &kvm->active_mmu_pages, link)
1298 kvm_mmu_zap_page(kvm, page);
1300 kvm_flush_remote_tlbs(kvm);
1303 void kvm_mmu_module_exit(void)
1305 if (pte_chain_cache)
1306 kmem_cache_destroy(pte_chain_cache);
1307 if (rmap_desc_cache)
1308 kmem_cache_destroy(rmap_desc_cache);
1309 if (mmu_page_header_cache)
1310 kmem_cache_destroy(mmu_page_header_cache);
1313 int kvm_mmu_module_init(void)
1315 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1316 sizeof(struct kvm_pte_chain),
1318 if (!pte_chain_cache)
1320 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
1321 sizeof(struct kvm_rmap_desc),
1323 if (!rmap_desc_cache)
1326 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
1327 sizeof(struct kvm_mmu_page),
1329 if (!mmu_page_header_cache)
1335 kvm_mmu_module_exit();
1341 static const char *audit_msg;
1343 static gva_t canonicalize(gva_t gva)
1345 #ifdef CONFIG_X86_64
1346 gva = (long long)(gva << 16) >> 16;
1351 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
1352 gva_t va, int level)
1354 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
1356 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
1358 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
1361 if (!(ent & PT_PRESENT_MASK))
1364 va = canonicalize(va);
1366 audit_mappings_page(vcpu, ent, va, level - 1);
1368 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, va);
1369 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
1371 if ((ent & PT_PRESENT_MASK)
1372 && (ent & PT64_BASE_ADDR_MASK) != hpa)
1373 printk(KERN_ERR "audit error: (%s) levels %d"
1374 " gva %lx gpa %llx hpa %llx ent %llx\n",
1375 audit_msg, vcpu->mmu.root_level,
1381 static void audit_mappings(struct kvm_vcpu *vcpu)
1385 if (vcpu->mmu.root_level == 4)
1386 audit_mappings_page(vcpu, vcpu->mmu.root_hpa, 0, 4);
1388 for (i = 0; i < 4; ++i)
1389 if (vcpu->mmu.pae_root[i] & PT_PRESENT_MASK)
1390 audit_mappings_page(vcpu,
1391 vcpu->mmu.pae_root[i],
1396 static int count_rmaps(struct kvm_vcpu *vcpu)
1401 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
1402 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
1403 struct kvm_rmap_desc *d;
1405 for (j = 0; j < m->npages; ++j) {
1406 struct page *page = m->phys_mem[j];
1410 if (!(page->private & 1)) {
1414 d = (struct kvm_rmap_desc *)(page->private & ~1ul);
1416 for (k = 0; k < RMAP_EXT; ++k)
1417 if (d->shadow_ptes[k])
1428 static int count_writable_mappings(struct kvm_vcpu *vcpu)
1431 struct kvm_mmu_page *page;
1434 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1435 u64 *pt = page->spt;
1437 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1440 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1443 if (!(ent & PT_PRESENT_MASK))
1445 if (!(ent & PT_WRITABLE_MASK))
1453 static void audit_rmap(struct kvm_vcpu *vcpu)
1455 int n_rmap = count_rmaps(vcpu);
1456 int n_actual = count_writable_mappings(vcpu);
1458 if (n_rmap != n_actual)
1459 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
1460 __FUNCTION__, audit_msg, n_rmap, n_actual);
1463 static void audit_write_protection(struct kvm_vcpu *vcpu)
1465 struct kvm_mmu_page *page;
1467 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1471 if (page->role.metaphysical)
1474 hfn = gpa_to_hpa(vcpu, (gpa_t)page->gfn << PAGE_SHIFT)
1476 pg = pfn_to_page(hfn);
1478 printk(KERN_ERR "%s: (%s) shadow page has writable"
1479 " mappings: gfn %lx role %x\n",
1480 __FUNCTION__, audit_msg, page->gfn,
1485 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
1492 audit_write_protection(vcpu);
1493 audit_mappings(vcpu);
git.openpandora.org / pandora-kernel.git / blob