2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
23 #include <linux/kvm_host.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
29 #include <linux/swap.h>
30 #include <linux/hugetlb.h>
31 #include <linux/compiler.h>
34 #include <asm/cmpxchg.h>
38 * When setting this variable to true it enables Two-Dimensional-Paging
39 * where the hardware walks 2 page tables:
40 * 1. the guest-virtual to guest-physical
41 * 2. while doing 1. it walks guest-physical to host-physical
42 * If the hardware supports that we don't need to do shadow paging.
44 bool tdp_enabled = false;
51 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
53 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
58 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
59 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
63 #define pgprintk(x...) do { } while (0)
64 #define rmap_printk(x...) do { } while (0)
68 #if defined(MMU_DEBUG) || defined(AUDIT)
73 #define ASSERT(x) do { } while (0)
77 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
78 __FILE__, __LINE__, #x); \
82 #define PT64_PT_BITS 9
83 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
84 #define PT32_PT_BITS 10
85 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
87 #define PT_WRITABLE_SHIFT 1
89 #define PT_PRESENT_MASK (1ULL << 0)
90 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
91 #define PT_USER_MASK (1ULL << 2)
92 #define PT_PWT_MASK (1ULL << 3)
93 #define PT_PCD_MASK (1ULL << 4)
94 #define PT_ACCESSED_MASK (1ULL << 5)
95 #define PT_DIRTY_MASK (1ULL << 6)
96 #define PT_PAGE_SIZE_MASK (1ULL << 7)
97 #define PT_PAT_MASK (1ULL << 7)
98 #define PT_GLOBAL_MASK (1ULL << 8)
99 #define PT64_NX_SHIFT 63
100 #define PT64_NX_MASK (1ULL << PT64_NX_SHIFT)
102 #define PT_PAT_SHIFT 7
103 #define PT_DIR_PAT_SHIFT 12
104 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
106 #define PT32_DIR_PSE36_SIZE 4
107 #define PT32_DIR_PSE36_SHIFT 13
108 #define PT32_DIR_PSE36_MASK \
109 (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
112 #define PT_FIRST_AVAIL_BITS_SHIFT 9
113 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
115 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
117 #define PT64_LEVEL_BITS 9
119 #define PT64_LEVEL_SHIFT(level) \
120 (PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS)
122 #define PT64_LEVEL_MASK(level) \
123 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
125 #define PT64_INDEX(address, level)\
126 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
129 #define PT32_LEVEL_BITS 10
131 #define PT32_LEVEL_SHIFT(level) \
132 (PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS)
134 #define PT32_LEVEL_MASK(level) \
135 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
137 #define PT32_INDEX(address, level)\
138 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
141 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
142 #define PT64_DIR_BASE_ADDR_MASK \
143 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
145 #define PT32_BASE_ADDR_MASK PAGE_MASK
146 #define PT32_DIR_BASE_ADDR_MASK \
147 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
149 #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK \
152 #define PFERR_PRESENT_MASK (1U << 0)
153 #define PFERR_WRITE_MASK (1U << 1)
154 #define PFERR_USER_MASK (1U << 2)
155 #define PFERR_FETCH_MASK (1U << 4)
157 #define PT64_ROOT_LEVEL 4
158 #define PT32_ROOT_LEVEL 2
159 #define PT32E_ROOT_LEVEL 3
161 #define PT_DIRECTORY_LEVEL 2
162 #define PT_PAGE_TABLE_LEVEL 1
166 #define ACC_EXEC_MASK 1
167 #define ACC_WRITE_MASK PT_WRITABLE_MASK
168 #define ACC_USER_MASK PT_USER_MASK
169 #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
171 struct kvm_pv_mmu_op_buffer {
175 char buf[512] __aligned(sizeof(long));
178 struct kvm_rmap_desc {
179 u64 *shadow_ptes[RMAP_EXT];
180 struct kvm_rmap_desc *more;
183 static struct kmem_cache *pte_chain_cache;
184 static struct kmem_cache *rmap_desc_cache;
185 static struct kmem_cache *mmu_page_header_cache;
187 static u64 __read_mostly shadow_trap_nonpresent_pte;
188 static u64 __read_mostly shadow_notrap_nonpresent_pte;
190 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
192 shadow_trap_nonpresent_pte = trap_pte;
193 shadow_notrap_nonpresent_pte = notrap_pte;
195 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
197 static int is_write_protection(struct kvm_vcpu *vcpu)
199 return vcpu->arch.cr0 & X86_CR0_WP;
202 static int is_cpuid_PSE36(void)
207 static int is_nx(struct kvm_vcpu *vcpu)
209 return vcpu->arch.shadow_efer & EFER_NX;
212 static int is_present_pte(unsigned long pte)
214 return pte & PT_PRESENT_MASK;
217 static int is_shadow_present_pte(u64 pte)
219 return pte != shadow_trap_nonpresent_pte
220 && pte != shadow_notrap_nonpresent_pte;
223 static int is_large_pte(u64 pte)
225 return pte & PT_PAGE_SIZE_MASK;
228 static int is_writeble_pte(unsigned long pte)
230 return pte & PT_WRITABLE_MASK;
233 static int is_dirty_pte(unsigned long pte)
235 return pte & PT_DIRTY_MASK;
238 static int is_rmap_pte(u64 pte)
240 return is_shadow_present_pte(pte);
243 static struct page *spte_to_page(u64 pte)
245 hfn_t hfn = (pte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
247 return pfn_to_page(hfn);
250 static gfn_t pse36_gfn_delta(u32 gpte)
252 int shift = 32 - PT32_DIR_PSE36_SHIFT - PAGE_SHIFT;
254 return (gpte & PT32_DIR_PSE36_MASK) << shift;
257 static void set_shadow_pte(u64 *sptep, u64 spte)
260 set_64bit((unsigned long *)sptep, spte);
262 set_64bit((unsigned long long *)sptep, spte);
266 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
267 struct kmem_cache *base_cache, int min)
271 if (cache->nobjs >= min)
273 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
274 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
277 cache->objects[cache->nobjs++] = obj;
282 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
285 kfree(mc->objects[--mc->nobjs]);
288 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
293 if (cache->nobjs >= min)
295 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
296 page = alloc_page(GFP_KERNEL);
299 set_page_private(page, 0);
300 cache->objects[cache->nobjs++] = page_address(page);
305 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
308 free_page((unsigned long)mc->objects[--mc->nobjs]);
311 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
315 r = mmu_topup_memory_cache(&vcpu->arch.mmu_pte_chain_cache,
319 r = mmu_topup_memory_cache(&vcpu->arch.mmu_rmap_desc_cache,
323 r = mmu_topup_memory_cache_page(&vcpu->arch.mmu_page_cache, 8);
326 r = mmu_topup_memory_cache(&vcpu->arch.mmu_page_header_cache,
327 mmu_page_header_cache, 4);
332 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
334 mmu_free_memory_cache(&vcpu->arch.mmu_pte_chain_cache);
335 mmu_free_memory_cache(&vcpu->arch.mmu_rmap_desc_cache);
336 mmu_free_memory_cache_page(&vcpu->arch.mmu_page_cache);
337 mmu_free_memory_cache(&vcpu->arch.mmu_page_header_cache);
340 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
346 p = mc->objects[--mc->nobjs];
351 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
353 return mmu_memory_cache_alloc(&vcpu->arch.mmu_pte_chain_cache,
354 sizeof(struct kvm_pte_chain));
357 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
362 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
364 return mmu_memory_cache_alloc(&vcpu->arch.mmu_rmap_desc_cache,
365 sizeof(struct kvm_rmap_desc));
368 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
374 * Return the pointer to the largepage write count for a given
375 * gfn, handling slots that are not large page aligned.
377 static int *slot_largepage_idx(gfn_t gfn, struct kvm_memory_slot *slot)
381 idx = (gfn / KVM_PAGES_PER_HPAGE) -
382 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
383 return &slot->lpage_info[idx].write_count;
386 static void account_shadowed(struct kvm *kvm, gfn_t gfn)
390 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
392 WARN_ON(*write_count > KVM_PAGES_PER_HPAGE);
395 static void unaccount_shadowed(struct kvm *kvm, gfn_t gfn)
399 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
401 WARN_ON(*write_count < 0);
404 static int has_wrprotected_page(struct kvm *kvm, gfn_t gfn)
406 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
410 largepage_idx = slot_largepage_idx(gfn, slot);
411 return *largepage_idx;
417 static int host_largepage_backed(struct kvm *kvm, gfn_t gfn)
419 struct vm_area_struct *vma;
422 addr = gfn_to_hva(kvm, gfn);
423 if (kvm_is_error_hva(addr))
426 vma = find_vma(current->mm, addr);
427 if (vma && is_vm_hugetlb_page(vma))
433 static int is_largepage_backed(struct kvm_vcpu *vcpu, gfn_t large_gfn)
435 struct kvm_memory_slot *slot;
437 if (has_wrprotected_page(vcpu->kvm, large_gfn))
440 if (!host_largepage_backed(vcpu->kvm, large_gfn))
443 slot = gfn_to_memslot(vcpu->kvm, large_gfn);
444 if (slot && slot->dirty_bitmap)
451 * Take gfn and return the reverse mapping to it.
452 * Note: gfn must be unaliased before this function get called
455 static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage)
457 struct kvm_memory_slot *slot;
460 slot = gfn_to_memslot(kvm, gfn);
462 return &slot->rmap[gfn - slot->base_gfn];
464 idx = (gfn / KVM_PAGES_PER_HPAGE) -
465 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
467 return &slot->lpage_info[idx].rmap_pde;
471 * Reverse mapping data structures:
473 * If rmapp bit zero is zero, then rmapp point to the shadw page table entry
474 * that points to page_address(page).
476 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
477 * containing more mappings.
479 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
481 struct kvm_mmu_page *sp;
482 struct kvm_rmap_desc *desc;
483 unsigned long *rmapp;
486 if (!is_rmap_pte(*spte))
488 gfn = unalias_gfn(vcpu->kvm, gfn);
489 sp = page_header(__pa(spte));
490 sp->gfns[spte - sp->spt] = gfn;
491 rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
493 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
494 *rmapp = (unsigned long)spte;
495 } else if (!(*rmapp & 1)) {
496 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
497 desc = mmu_alloc_rmap_desc(vcpu);
498 desc->shadow_ptes[0] = (u64 *)*rmapp;
499 desc->shadow_ptes[1] = spte;
500 *rmapp = (unsigned long)desc | 1;
502 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
503 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
504 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
506 if (desc->shadow_ptes[RMAP_EXT-1]) {
507 desc->more = mmu_alloc_rmap_desc(vcpu);
510 for (i = 0; desc->shadow_ptes[i]; ++i)
512 desc->shadow_ptes[i] = spte;
516 static void rmap_desc_remove_entry(unsigned long *rmapp,
517 struct kvm_rmap_desc *desc,
519 struct kvm_rmap_desc *prev_desc)
523 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
525 desc->shadow_ptes[i] = desc->shadow_ptes[j];
526 desc->shadow_ptes[j] = NULL;
529 if (!prev_desc && !desc->more)
530 *rmapp = (unsigned long)desc->shadow_ptes[0];
533 prev_desc->more = desc->more;
535 *rmapp = (unsigned long)desc->more | 1;
536 mmu_free_rmap_desc(desc);
539 static void rmap_remove(struct kvm *kvm, u64 *spte)
541 struct kvm_rmap_desc *desc;
542 struct kvm_rmap_desc *prev_desc;
543 struct kvm_mmu_page *sp;
545 unsigned long *rmapp;
548 if (!is_rmap_pte(*spte))
550 sp = page_header(__pa(spte));
551 page = spte_to_page(*spte);
552 mark_page_accessed(page);
553 if (is_writeble_pte(*spte))
554 kvm_release_page_dirty(page);
556 kvm_release_page_clean(page);
557 rmapp = gfn_to_rmap(kvm, sp->gfns[spte - sp->spt], is_large_pte(*spte));
559 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
561 } else if (!(*rmapp & 1)) {
562 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
563 if ((u64 *)*rmapp != spte) {
564 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
570 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
571 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
574 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
575 if (desc->shadow_ptes[i] == spte) {
576 rmap_desc_remove_entry(rmapp,
588 static u64 *rmap_next(struct kvm *kvm, unsigned long *rmapp, u64 *spte)
590 struct kvm_rmap_desc *desc;
591 struct kvm_rmap_desc *prev_desc;
597 else if (!(*rmapp & 1)) {
599 return (u64 *)*rmapp;
602 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
606 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i) {
607 if (prev_spte == spte)
608 return desc->shadow_ptes[i];
609 prev_spte = desc->shadow_ptes[i];
616 static void rmap_write_protect(struct kvm *kvm, u64 gfn)
618 unsigned long *rmapp;
620 int write_protected = 0;
622 gfn = unalias_gfn(kvm, gfn);
623 rmapp = gfn_to_rmap(kvm, gfn, 0);
625 spte = rmap_next(kvm, rmapp, NULL);
628 BUG_ON(!(*spte & PT_PRESENT_MASK));
629 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
630 if (is_writeble_pte(*spte)) {
631 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
634 spte = rmap_next(kvm, rmapp, spte);
636 if (write_protected) {
639 spte = rmap_next(kvm, rmapp, NULL);
640 page = spte_to_page(*spte);
644 /* check for huge page mappings */
645 rmapp = gfn_to_rmap(kvm, gfn, 1);
646 spte = rmap_next(kvm, rmapp, NULL);
649 BUG_ON(!(*spte & PT_PRESENT_MASK));
650 BUG_ON((*spte & (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK)) != (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK));
651 pgprintk("rmap_write_protect(large): spte %p %llx %lld\n", spte, *spte, gfn);
652 if (is_writeble_pte(*spte)) {
653 rmap_remove(kvm, spte);
655 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
658 spte = rmap_next(kvm, rmapp, spte);
662 kvm_flush_remote_tlbs(kvm);
664 account_shadowed(kvm, gfn);
668 static int is_empty_shadow_page(u64 *spt)
673 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
674 if (*pos != shadow_trap_nonpresent_pte) {
675 printk(KERN_ERR "%s: %p %llx\n", __func__,
683 static void kvm_mmu_free_page(struct kvm *kvm, struct kvm_mmu_page *sp)
685 ASSERT(is_empty_shadow_page(sp->spt));
687 __free_page(virt_to_page(sp->spt));
688 __free_page(virt_to_page(sp->gfns));
690 ++kvm->arch.n_free_mmu_pages;
693 static unsigned kvm_page_table_hashfn(gfn_t gfn)
695 return gfn & ((1 << KVM_MMU_HASH_SHIFT) - 1);
698 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
701 struct kvm_mmu_page *sp;
703 sp = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_header_cache, sizeof *sp);
704 sp->spt = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
705 sp->gfns = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
706 set_page_private(virt_to_page(sp->spt), (unsigned long)sp);
707 list_add(&sp->link, &vcpu->kvm->arch.active_mmu_pages);
708 ASSERT(is_empty_shadow_page(sp->spt));
711 sp->parent_pte = parent_pte;
712 --vcpu->kvm->arch.n_free_mmu_pages;
716 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
717 struct kvm_mmu_page *sp, u64 *parent_pte)
719 struct kvm_pte_chain *pte_chain;
720 struct hlist_node *node;
725 if (!sp->multimapped) {
726 u64 *old = sp->parent_pte;
729 sp->parent_pte = parent_pte;
733 pte_chain = mmu_alloc_pte_chain(vcpu);
734 INIT_HLIST_HEAD(&sp->parent_ptes);
735 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
736 pte_chain->parent_ptes[0] = old;
738 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link) {
739 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
741 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
742 if (!pte_chain->parent_ptes[i]) {
743 pte_chain->parent_ptes[i] = parent_pte;
747 pte_chain = mmu_alloc_pte_chain(vcpu);
749 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
750 pte_chain->parent_ptes[0] = parent_pte;
753 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
756 struct kvm_pte_chain *pte_chain;
757 struct hlist_node *node;
760 if (!sp->multimapped) {
761 BUG_ON(sp->parent_pte != parent_pte);
762 sp->parent_pte = NULL;
765 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
766 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
767 if (!pte_chain->parent_ptes[i])
769 if (pte_chain->parent_ptes[i] != parent_pte)
771 while (i + 1 < NR_PTE_CHAIN_ENTRIES
772 && pte_chain->parent_ptes[i + 1]) {
773 pte_chain->parent_ptes[i]
774 = pte_chain->parent_ptes[i + 1];
777 pte_chain->parent_ptes[i] = NULL;
779 hlist_del(&pte_chain->link);
780 mmu_free_pte_chain(pte_chain);
781 if (hlist_empty(&sp->parent_ptes)) {
783 sp->parent_pte = NULL;
791 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
794 struct hlist_head *bucket;
795 struct kvm_mmu_page *sp;
796 struct hlist_node *node;
798 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
799 index = kvm_page_table_hashfn(gfn);
800 bucket = &kvm->arch.mmu_page_hash[index];
801 hlist_for_each_entry(sp, node, bucket, hash_link)
802 if (sp->gfn == gfn && !sp->role.metaphysical
803 && !sp->role.invalid) {
804 pgprintk("%s: found role %x\n",
805 __func__, sp->role.word);
811 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
819 union kvm_mmu_page_role role;
822 struct hlist_head *bucket;
823 struct kvm_mmu_page *sp;
824 struct hlist_node *node;
827 role.glevels = vcpu->arch.mmu.root_level;
829 role.metaphysical = metaphysical;
830 role.access = access;
831 if (vcpu->arch.mmu.root_level <= PT32_ROOT_LEVEL) {
832 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
833 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
834 role.quadrant = quadrant;
836 pgprintk("%s: looking gfn %lx role %x\n", __func__,
838 index = kvm_page_table_hashfn(gfn);
839 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
840 hlist_for_each_entry(sp, node, bucket, hash_link)
841 if (sp->gfn == gfn && sp->role.word == role.word) {
842 mmu_page_add_parent_pte(vcpu, sp, parent_pte);
843 pgprintk("%s: found\n", __func__);
846 ++vcpu->kvm->stat.mmu_cache_miss;
847 sp = kvm_mmu_alloc_page(vcpu, parent_pte);
850 pgprintk("%s: adding gfn %lx role %x\n", __func__, gfn, role.word);
853 hlist_add_head(&sp->hash_link, bucket);
854 vcpu->arch.mmu.prefetch_page(vcpu, sp);
856 rmap_write_protect(vcpu->kvm, gfn);
860 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
861 struct kvm_mmu_page *sp)
869 if (sp->role.level == PT_PAGE_TABLE_LEVEL) {
870 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
871 if (is_shadow_present_pte(pt[i]))
872 rmap_remove(kvm, &pt[i]);
873 pt[i] = shadow_trap_nonpresent_pte;
875 kvm_flush_remote_tlbs(kvm);
879 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
882 if (is_shadow_present_pte(ent)) {
883 if (!is_large_pte(ent)) {
884 ent &= PT64_BASE_ADDR_MASK;
885 mmu_page_remove_parent_pte(page_header(ent),
889 rmap_remove(kvm, &pt[i]);
892 pt[i] = shadow_trap_nonpresent_pte;
894 kvm_flush_remote_tlbs(kvm);
897 static void kvm_mmu_put_page(struct kvm_mmu_page *sp, u64 *parent_pte)
899 mmu_page_remove_parent_pte(sp, parent_pte);
902 static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
906 for (i = 0; i < KVM_MAX_VCPUS; ++i)
908 kvm->vcpus[i]->arch.last_pte_updated = NULL;
911 static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
915 ++kvm->stat.mmu_shadow_zapped;
916 while (sp->multimapped || sp->parent_pte) {
917 if (!sp->multimapped)
918 parent_pte = sp->parent_pte;
920 struct kvm_pte_chain *chain;
922 chain = container_of(sp->parent_ptes.first,
923 struct kvm_pte_chain, link);
924 parent_pte = chain->parent_ptes[0];
927 kvm_mmu_put_page(sp, parent_pte);
928 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
930 kvm_mmu_page_unlink_children(kvm, sp);
931 if (!sp->root_count) {
932 if (!sp->role.metaphysical)
933 unaccount_shadowed(kvm, sp->gfn);
934 hlist_del(&sp->hash_link);
935 kvm_mmu_free_page(kvm, sp);
937 list_move(&sp->link, &kvm->arch.active_mmu_pages);
938 sp->role.invalid = 1;
939 kvm_reload_remote_mmus(kvm);
941 kvm_mmu_reset_last_pte_updated(kvm);
945 * Changing the number of mmu pages allocated to the vm
946 * Note: if kvm_nr_mmu_pages is too small, you will get dead lock
948 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
951 * If we set the number of mmu pages to be smaller be than the
952 * number of actived pages , we must to free some mmu pages before we
956 if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >
958 int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
959 - kvm->arch.n_free_mmu_pages;
961 while (n_used_mmu_pages > kvm_nr_mmu_pages) {
962 struct kvm_mmu_page *page;
964 page = container_of(kvm->arch.active_mmu_pages.prev,
965 struct kvm_mmu_page, link);
966 kvm_mmu_zap_page(kvm, page);
969 kvm->arch.n_free_mmu_pages = 0;
972 kvm->arch.n_free_mmu_pages += kvm_nr_mmu_pages
973 - kvm->arch.n_alloc_mmu_pages;
975 kvm->arch.n_alloc_mmu_pages = kvm_nr_mmu_pages;
978 static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
981 struct hlist_head *bucket;
982 struct kvm_mmu_page *sp;
983 struct hlist_node *node, *n;
986 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
988 index = kvm_page_table_hashfn(gfn);
989 bucket = &kvm->arch.mmu_page_hash[index];
990 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link)
991 if (sp->gfn == gfn && !sp->role.metaphysical) {
992 pgprintk("%s: gfn %lx role %x\n", __func__, gfn,
994 kvm_mmu_zap_page(kvm, sp);
1000 static void mmu_unshadow(struct kvm *kvm, gfn_t gfn)
1002 struct kvm_mmu_page *sp;
1004 while ((sp = kvm_mmu_lookup_page(kvm, gfn)) != NULL) {
1005 pgprintk("%s: zap %lx %x\n", __func__, gfn, sp->role.word);
1006 kvm_mmu_zap_page(kvm, sp);
1010 static void page_header_update_slot(struct kvm *kvm, void *pte, gfn_t gfn)
1012 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gfn));
1013 struct kvm_mmu_page *sp = page_header(__pa(pte));
1015 __set_bit(slot, &sp->slot_bitmap);
1018 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
1022 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1024 if (gpa == UNMAPPED_GVA)
1027 down_read(¤t->mm->mmap_sem);
1028 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1029 up_read(¤t->mm->mmap_sem);
1034 static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
1035 unsigned pt_access, unsigned pte_access,
1036 int user_fault, int write_fault, int dirty,
1037 int *ptwrite, int largepage, gfn_t gfn,
1038 struct page *page, bool speculative)
1041 int was_rmapped = 0;
1042 int was_writeble = is_writeble_pte(*shadow_pte);
1044 pgprintk("%s: spte %llx access %x write_fault %d"
1045 " user_fault %d gfn %lx\n",
1046 __func__, *shadow_pte, pt_access,
1047 write_fault, user_fault, gfn);
1049 if (is_rmap_pte(*shadow_pte)) {
1051 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
1052 * the parent of the now unreachable PTE.
1054 if (largepage && !is_large_pte(*shadow_pte)) {
1055 struct kvm_mmu_page *child;
1056 u64 pte = *shadow_pte;
1058 child = page_header(pte & PT64_BASE_ADDR_MASK);
1059 mmu_page_remove_parent_pte(child, shadow_pte);
1060 } else if (page != spte_to_page(*shadow_pte)) {
1061 pgprintk("hfn old %lx new %lx\n",
1062 page_to_pfn(spte_to_page(*shadow_pte)),
1064 rmap_remove(vcpu->kvm, shadow_pte);
1067 was_rmapped = is_large_pte(*shadow_pte);
1074 * We don't set the accessed bit, since we sometimes want to see
1075 * whether the guest actually used the pte (in order to detect
1078 spte = PT_PRESENT_MASK | PT_DIRTY_MASK;
1080 pte_access |= PT_ACCESSED_MASK;
1082 pte_access &= ~ACC_WRITE_MASK;
1083 if (!(pte_access & ACC_EXEC_MASK))
1084 spte |= PT64_NX_MASK;
1086 spte |= PT_PRESENT_MASK;
1087 if (pte_access & ACC_USER_MASK)
1088 spte |= PT_USER_MASK;
1090 spte |= PT_PAGE_SIZE_MASK;
1092 spte |= page_to_phys(page);
1094 if ((pte_access & ACC_WRITE_MASK)
1095 || (write_fault && !is_write_protection(vcpu) && !user_fault)) {
1096 struct kvm_mmu_page *shadow;
1098 spte |= PT_WRITABLE_MASK;
1100 mmu_unshadow(vcpu->kvm, gfn);
1104 shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
1106 (largepage && has_wrprotected_page(vcpu->kvm, gfn))) {
1107 pgprintk("%s: found shadow page for %lx, marking ro\n",
1109 pte_access &= ~ACC_WRITE_MASK;
1110 if (is_writeble_pte(spte)) {
1111 spte &= ~PT_WRITABLE_MASK;
1112 kvm_x86_ops->tlb_flush(vcpu);
1121 if (pte_access & ACC_WRITE_MASK)
1122 mark_page_dirty(vcpu->kvm, gfn);
1124 pgprintk("%s: setting spte %llx\n", __func__, spte);
1125 pgprintk("instantiating %s PTE (%s) at %d (%llx) addr %llx\n",
1126 (spte&PT_PAGE_SIZE_MASK)? "2MB" : "4kB",
1127 (spte&PT_WRITABLE_MASK)?"RW":"R", gfn, spte, shadow_pte);
1128 set_shadow_pte(shadow_pte, spte);
1129 if (!was_rmapped && (spte & PT_PAGE_SIZE_MASK)
1130 && (spte & PT_PRESENT_MASK))
1131 ++vcpu->kvm->stat.lpages;
1133 page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
1135 rmap_add(vcpu, shadow_pte, gfn, largepage);
1136 if (!is_rmap_pte(*shadow_pte))
1137 kvm_release_page_clean(page);
1140 kvm_release_page_dirty(page);
1142 kvm_release_page_clean(page);
1144 if (!ptwrite || !*ptwrite)
1145 vcpu->arch.last_pte_updated = shadow_pte;
1148 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
1152 static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
1153 int largepage, gfn_t gfn, struct page *page,
1156 hpa_t table_addr = vcpu->arch.mmu.root_hpa;
1160 u32 index = PT64_INDEX(v, level);
1163 ASSERT(VALID_PAGE(table_addr));
1164 table = __va(table_addr);
1167 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1168 0, write, 1, &pt_write, 0, gfn, page, false);
1172 if (largepage && level == 2) {
1173 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1174 0, write, 1, &pt_write, 1, gfn, page, false);
1178 if (table[index] == shadow_trap_nonpresent_pte) {
1179 struct kvm_mmu_page *new_table;
1182 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
1184 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
1186 1, ACC_ALL, &table[index]);
1188 pgprintk("nonpaging_map: ENOMEM\n");
1189 kvm_release_page_clean(page);
1193 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
1194 | PT_WRITABLE_MASK | PT_USER_MASK;
1196 table_addr = table[index] & PT64_BASE_ADDR_MASK;
1200 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
1207 down_read(¤t->mm->mmap_sem);
1208 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1209 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1213 page = gfn_to_page(vcpu->kvm, gfn);
1214 up_read(¤t->mm->mmap_sem);
1217 if (is_error_page(page)) {
1218 kvm_release_page_clean(page);
1222 spin_lock(&vcpu->kvm->mmu_lock);
1223 kvm_mmu_free_some_pages(vcpu);
1224 r = __direct_map(vcpu, v, write, largepage, gfn, page,
1226 spin_unlock(&vcpu->kvm->mmu_lock);
1233 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
1234 struct kvm_mmu_page *sp)
1238 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1239 sp->spt[i] = shadow_trap_nonpresent_pte;
1242 static void mmu_free_roots(struct kvm_vcpu *vcpu)
1245 struct kvm_mmu_page *sp;
1247 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
1249 spin_lock(&vcpu->kvm->mmu_lock);
1250 #ifdef CONFIG_X86_64
1251 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1252 hpa_t root = vcpu->arch.mmu.root_hpa;
1254 sp = page_header(root);
1256 if (!sp->root_count && sp->role.invalid)
1257 kvm_mmu_zap_page(vcpu->kvm, sp);
1258 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1259 spin_unlock(&vcpu->kvm->mmu_lock);
1263 for (i = 0; i < 4; ++i) {
1264 hpa_t root = vcpu->arch.mmu.pae_root[i];
1267 root &= PT64_BASE_ADDR_MASK;
1268 sp = page_header(root);
1270 if (!sp->root_count && sp->role.invalid)
1271 kvm_mmu_zap_page(vcpu->kvm, sp);
1273 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1275 spin_unlock(&vcpu->kvm->mmu_lock);
1276 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1279 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
1283 struct kvm_mmu_page *sp;
1284 int metaphysical = 0;
1286 root_gfn = vcpu->arch.cr3 >> PAGE_SHIFT;
1288 #ifdef CONFIG_X86_64
1289 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1290 hpa_t root = vcpu->arch.mmu.root_hpa;
1292 ASSERT(!VALID_PAGE(root));
1295 sp = kvm_mmu_get_page(vcpu, root_gfn, 0,
1296 PT64_ROOT_LEVEL, metaphysical,
1298 root = __pa(sp->spt);
1300 vcpu->arch.mmu.root_hpa = root;
1304 metaphysical = !is_paging(vcpu);
1307 for (i = 0; i < 4; ++i) {
1308 hpa_t root = vcpu->arch.mmu.pae_root[i];
1310 ASSERT(!VALID_PAGE(root));
1311 if (vcpu->arch.mmu.root_level == PT32E_ROOT_LEVEL) {
1312 if (!is_present_pte(vcpu->arch.pdptrs[i])) {
1313 vcpu->arch.mmu.pae_root[i] = 0;
1316 root_gfn = vcpu->arch.pdptrs[i] >> PAGE_SHIFT;
1317 } else if (vcpu->arch.mmu.root_level == 0)
1319 sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
1320 PT32_ROOT_LEVEL, metaphysical,
1322 root = __pa(sp->spt);
1324 vcpu->arch.mmu.pae_root[i] = root | PT_PRESENT_MASK;
1326 vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
1329 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
1334 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
1340 pgprintk("%s: gva %lx error %x\n", __func__, gva, error_code);
1341 r = mmu_topup_memory_caches(vcpu);
1346 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1348 gfn = gva >> PAGE_SHIFT;
1350 return nonpaging_map(vcpu, gva & PAGE_MASK,
1351 error_code & PFERR_WRITE_MASK, gfn);
1354 static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
1360 gfn_t gfn = gpa >> PAGE_SHIFT;
1363 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1365 r = mmu_topup_memory_caches(vcpu);
1369 down_read(¤t->mm->mmap_sem);
1370 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1371 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1374 page = gfn_to_page(vcpu->kvm, gfn);
1375 up_read(¤t->mm->mmap_sem);
1376 if (is_error_page(page)) {
1377 kvm_release_page_clean(page);
1380 spin_lock(&vcpu->kvm->mmu_lock);
1381 kvm_mmu_free_some_pages(vcpu);
1382 r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
1383 largepage, gfn, page, TDP_ROOT_LEVEL);
1384 spin_unlock(&vcpu->kvm->mmu_lock);
1389 static void nonpaging_free(struct kvm_vcpu *vcpu)
1391 mmu_free_roots(vcpu);
1394 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
1396 struct kvm_mmu *context = &vcpu->arch.mmu;
1398 context->new_cr3 = nonpaging_new_cr3;
1399 context->page_fault = nonpaging_page_fault;
1400 context->gva_to_gpa = nonpaging_gva_to_gpa;
1401 context->free = nonpaging_free;
1402 context->prefetch_page = nonpaging_prefetch_page;
1403 context->root_level = 0;
1404 context->shadow_root_level = PT32E_ROOT_LEVEL;
1405 context->root_hpa = INVALID_PAGE;
1409 void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
1411 ++vcpu->stat.tlb_flush;
1412 kvm_x86_ops->tlb_flush(vcpu);
1415 static void paging_new_cr3(struct kvm_vcpu *vcpu)
1417 pgprintk("%s: cr3 %lx\n", __func__, vcpu->arch.cr3);
1418 mmu_free_roots(vcpu);
1421 static void inject_page_fault(struct kvm_vcpu *vcpu,
1425 kvm_inject_page_fault(vcpu, addr, err_code);
1428 static void paging_free(struct kvm_vcpu *vcpu)
1430 nonpaging_free(vcpu);
1434 #include "paging_tmpl.h"
1438 #include "paging_tmpl.h"
1441 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1443 struct kvm_mmu *context = &vcpu->arch.mmu;
1445 ASSERT(is_pae(vcpu));
1446 context->new_cr3 = paging_new_cr3;
1447 context->page_fault = paging64_page_fault;
1448 context->gva_to_gpa = paging64_gva_to_gpa;
1449 context->prefetch_page = paging64_prefetch_page;
1450 context->free = paging_free;
1451 context->root_level = level;
1452 context->shadow_root_level = level;
1453 context->root_hpa = INVALID_PAGE;
1457 static int paging64_init_context(struct kvm_vcpu *vcpu)
1459 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1462 static int paging32_init_context(struct kvm_vcpu *vcpu)
1464 struct kvm_mmu *context = &vcpu->arch.mmu;
1466 context->new_cr3 = paging_new_cr3;
1467 context->page_fault = paging32_page_fault;
1468 context->gva_to_gpa = paging32_gva_to_gpa;
1469 context->free = paging_free;
1470 context->prefetch_page = paging32_prefetch_page;
1471 context->root_level = PT32_ROOT_LEVEL;
1472 context->shadow_root_level = PT32E_ROOT_LEVEL;
1473 context->root_hpa = INVALID_PAGE;
1477 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1479 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1482 static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
1484 struct kvm_mmu *context = &vcpu->arch.mmu;
1486 context->new_cr3 = nonpaging_new_cr3;
1487 context->page_fault = tdp_page_fault;
1488 context->free = nonpaging_free;
1489 context->prefetch_page = nonpaging_prefetch_page;
1490 context->shadow_root_level = TDP_ROOT_LEVEL;
1491 context->root_hpa = INVALID_PAGE;
1493 if (!is_paging(vcpu)) {
1494 context->gva_to_gpa = nonpaging_gva_to_gpa;
1495 context->root_level = 0;
1496 } else if (is_long_mode(vcpu)) {
1497 context->gva_to_gpa = paging64_gva_to_gpa;
1498 context->root_level = PT64_ROOT_LEVEL;
1499 } else if (is_pae(vcpu)) {
1500 context->gva_to_gpa = paging64_gva_to_gpa;
1501 context->root_level = PT32E_ROOT_LEVEL;
1503 context->gva_to_gpa = paging32_gva_to_gpa;
1504 context->root_level = PT32_ROOT_LEVEL;
1510 static int init_kvm_softmmu(struct kvm_vcpu *vcpu)
1513 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1515 if (!is_paging(vcpu))
1516 return nonpaging_init_context(vcpu);
1517 else if (is_long_mode(vcpu))
1518 return paging64_init_context(vcpu);
1519 else if (is_pae(vcpu))
1520 return paging32E_init_context(vcpu);
1522 return paging32_init_context(vcpu);
1525 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1528 return init_kvm_tdp_mmu(vcpu);
1530 return init_kvm_softmmu(vcpu);
1533 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1536 if (VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
1537 vcpu->arch.mmu.free(vcpu);
1538 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1542 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1544 destroy_kvm_mmu(vcpu);
1545 return init_kvm_mmu(vcpu);
1547 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
1549 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1553 r = mmu_topup_memory_caches(vcpu);
1556 spin_lock(&vcpu->kvm->mmu_lock);
1557 kvm_mmu_free_some_pages(vcpu);
1558 mmu_alloc_roots(vcpu);
1559 spin_unlock(&vcpu->kvm->mmu_lock);
1560 kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
1561 kvm_mmu_flush_tlb(vcpu);
1565 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1567 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1569 mmu_free_roots(vcpu);
1572 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1573 struct kvm_mmu_page *sp,
1577 struct kvm_mmu_page *child;
1580 if (is_shadow_present_pte(pte)) {
1581 if (sp->role.level == PT_PAGE_TABLE_LEVEL ||
1583 rmap_remove(vcpu->kvm, spte);
1585 child = page_header(pte & PT64_BASE_ADDR_MASK);
1586 mmu_page_remove_parent_pte(child, spte);
1589 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
1590 if (is_large_pte(pte))
1591 --vcpu->kvm->stat.lpages;
1594 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1595 struct kvm_mmu_page *sp,
1599 if ((sp->role.level != PT_PAGE_TABLE_LEVEL)
1600 && !vcpu->arch.update_pte.largepage) {
1601 ++vcpu->kvm->stat.mmu_pde_zapped;
1605 ++vcpu->kvm->stat.mmu_pte_updated;
1606 if (sp->role.glevels == PT32_ROOT_LEVEL)
1607 paging32_update_pte(vcpu, sp, spte, new);
1609 paging64_update_pte(vcpu, sp, spte, new);
1612 static bool need_remote_flush(u64 old, u64 new)
1614 if (!is_shadow_present_pte(old))
1616 if (!is_shadow_present_pte(new))
1618 if ((old ^ new) & PT64_BASE_ADDR_MASK)
1620 old ^= PT64_NX_MASK;
1621 new ^= PT64_NX_MASK;
1622 return (old & ~new & PT64_PERM_MASK) != 0;
1625 static void mmu_pte_write_flush_tlb(struct kvm_vcpu *vcpu, u64 old, u64 new)
1627 if (need_remote_flush(old, new))
1628 kvm_flush_remote_tlbs(vcpu->kvm);
1630 kvm_mmu_flush_tlb(vcpu);
1633 static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
1635 u64 *spte = vcpu->arch.last_pte_updated;
1637 return !!(spte && (*spte & PT_ACCESSED_MASK));
1640 static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1641 const u8 *new, int bytes)
1648 vcpu->arch.update_pte.largepage = 0;
1650 if (bytes != 4 && bytes != 8)
1654 * Assume that the pte write on a page table of the same type
1655 * as the current vcpu paging mode. This is nearly always true
1656 * (might be false while changing modes). Note it is verified later
1660 /* Handle a 32-bit guest writing two halves of a 64-bit gpte */
1661 if ((bytes == 4) && (gpa % 4 == 0)) {
1662 r = kvm_read_guest(vcpu->kvm, gpa & ~(u64)7, &gpte, 8);
1665 memcpy((void *)&gpte + (gpa % 8), new, 4);
1666 } else if ((bytes == 8) && (gpa % 8 == 0)) {
1667 memcpy((void *)&gpte, new, 8);
1670 if ((bytes == 4) && (gpa % 4 == 0))
1671 memcpy((void *)&gpte, new, 4);
1673 if (!is_present_pte(gpte))
1675 gfn = (gpte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
1677 down_read(¤t->mm->mmap_sem);
1678 if (is_large_pte(gpte) && is_largepage_backed(vcpu, gfn)) {
1679 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1680 vcpu->arch.update_pte.largepage = 1;
1682 page = gfn_to_page(vcpu->kvm, gfn);
1683 up_read(¤t->mm->mmap_sem);
1685 if (is_error_page(page)) {
1686 kvm_release_page_clean(page);
1689 vcpu->arch.update_pte.gfn = gfn;
1690 vcpu->arch.update_pte.page = page;
1693 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1694 const u8 *new, int bytes)
1696 gfn_t gfn = gpa >> PAGE_SHIFT;
1697 struct kvm_mmu_page *sp;
1698 struct hlist_node *node, *n;
1699 struct hlist_head *bucket;
1703 unsigned offset = offset_in_page(gpa);
1705 unsigned page_offset;
1706 unsigned misaligned;
1713 pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
1714 mmu_guess_page_from_pte_write(vcpu, gpa, new, bytes);
1715 spin_lock(&vcpu->kvm->mmu_lock);
1716 kvm_mmu_free_some_pages(vcpu);
1717 ++vcpu->kvm->stat.mmu_pte_write;
1718 kvm_mmu_audit(vcpu, "pre pte write");
1719 if (gfn == vcpu->arch.last_pt_write_gfn
1720 && !last_updated_pte_accessed(vcpu)) {
1721 ++vcpu->arch.last_pt_write_count;
1722 if (vcpu->arch.last_pt_write_count >= 3)
1725 vcpu->arch.last_pt_write_gfn = gfn;
1726 vcpu->arch.last_pt_write_count = 1;
1727 vcpu->arch.last_pte_updated = NULL;
1729 index = kvm_page_table_hashfn(gfn);
1730 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
1731 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link) {
1732 if (sp->gfn != gfn || sp->role.metaphysical)
1734 pte_size = sp->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1735 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1736 misaligned |= bytes < 4;
1737 if (misaligned || flooded) {
1739 * Misaligned accesses are too much trouble to fix
1740 * up; also, they usually indicate a page is not used
1743 * If we're seeing too many writes to a page,
1744 * it may no longer be a page table, or we may be
1745 * forking, in which case it is better to unmap the
1748 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1749 gpa, bytes, sp->role.word);
1750 kvm_mmu_zap_page(vcpu->kvm, sp);
1751 ++vcpu->kvm->stat.mmu_flooded;
1754 page_offset = offset;
1755 level = sp->role.level;
1757 if (sp->role.glevels == PT32_ROOT_LEVEL) {
1758 page_offset <<= 1; /* 32->64 */
1760 * A 32-bit pde maps 4MB while the shadow pdes map
1761 * only 2MB. So we need to double the offset again
1762 * and zap two pdes instead of one.
1764 if (level == PT32_ROOT_LEVEL) {
1765 page_offset &= ~7; /* kill rounding error */
1769 quadrant = page_offset >> PAGE_SHIFT;
1770 page_offset &= ~PAGE_MASK;
1771 if (quadrant != sp->role.quadrant)
1774 spte = &sp->spt[page_offset / sizeof(*spte)];
1775 if ((gpa & (pte_size - 1)) || (bytes < pte_size)) {
1777 r = kvm_read_guest_atomic(vcpu->kvm,
1778 gpa & ~(u64)(pte_size - 1),
1780 new = (const void *)&gentry;
1786 mmu_pte_write_zap_pte(vcpu, sp, spte);
1788 mmu_pte_write_new_pte(vcpu, sp, spte, new);
1789 mmu_pte_write_flush_tlb(vcpu, entry, *spte);
1793 kvm_mmu_audit(vcpu, "post pte write");
1794 spin_unlock(&vcpu->kvm->mmu_lock);
1795 if (vcpu->arch.update_pte.page) {
1796 kvm_release_page_clean(vcpu->arch.update_pte.page);
1797 vcpu->arch.update_pte.page = NULL;
1801 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1806 gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1808 spin_lock(&vcpu->kvm->mmu_lock);
1809 r = kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1810 spin_unlock(&vcpu->kvm->mmu_lock);
1814 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1816 while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
1817 struct kvm_mmu_page *sp;
1819 sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
1820 struct kvm_mmu_page, link);
1821 kvm_mmu_zap_page(vcpu->kvm, sp);
1822 ++vcpu->kvm->stat.mmu_recycled;
1826 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
1829 enum emulation_result er;
1831 r = vcpu->arch.mmu.page_fault(vcpu, cr2, error_code);
1840 r = mmu_topup_memory_caches(vcpu);
1844 er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
1849 case EMULATE_DO_MMIO:
1850 ++vcpu->stat.mmio_exits;
1853 kvm_report_emulation_failure(vcpu, "pagetable");
1861 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
1863 void kvm_enable_tdp(void)
1867 EXPORT_SYMBOL_GPL(kvm_enable_tdp);
1869 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1871 struct kvm_mmu_page *sp;
1873 while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
1874 sp = container_of(vcpu->kvm->arch.active_mmu_pages.next,
1875 struct kvm_mmu_page, link);
1876 kvm_mmu_zap_page(vcpu->kvm, sp);
1878 free_page((unsigned long)vcpu->arch.mmu.pae_root);
1881 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1888 if (vcpu->kvm->arch.n_requested_mmu_pages)
1889 vcpu->kvm->arch.n_free_mmu_pages =
1890 vcpu->kvm->arch.n_requested_mmu_pages;
1892 vcpu->kvm->arch.n_free_mmu_pages =
1893 vcpu->kvm->arch.n_alloc_mmu_pages;
1895 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1896 * Therefore we need to allocate shadow page tables in the first
1897 * 4GB of memory, which happens to fit the DMA32 zone.
1899 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1902 vcpu->arch.mmu.pae_root = page_address(page);
1903 for (i = 0; i < 4; ++i)
1904 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1909 free_mmu_pages(vcpu);
1913 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1916 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1918 return alloc_mmu_pages(vcpu);
1921 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1924 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1926 return init_kvm_mmu(vcpu);
1929 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1933 destroy_kvm_mmu(vcpu);
1934 free_mmu_pages(vcpu);
1935 mmu_free_memory_caches(vcpu);
1938 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
1940 struct kvm_mmu_page *sp;
1942 list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
1946 if (!test_bit(slot, &sp->slot_bitmap))
1950 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1952 if (pt[i] & PT_WRITABLE_MASK)
1953 pt[i] &= ~PT_WRITABLE_MASK;
1957 void kvm_mmu_zap_all(struct kvm *kvm)
1959 struct kvm_mmu_page *sp, *node;
1961 spin_lock(&kvm->mmu_lock);
1962 list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link)
1963 kvm_mmu_zap_page(kvm, sp);
1964 spin_unlock(&kvm->mmu_lock);
1966 kvm_flush_remote_tlbs(kvm);
1969 void kvm_mmu_module_exit(void)
1971 if (pte_chain_cache)
1972 kmem_cache_destroy(pte_chain_cache);
1973 if (rmap_desc_cache)
1974 kmem_cache_destroy(rmap_desc_cache);
1975 if (mmu_page_header_cache)
1976 kmem_cache_destroy(mmu_page_header_cache);
1979 int kvm_mmu_module_init(void)
1981 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1982 sizeof(struct kvm_pte_chain),
1984 if (!pte_chain_cache)
1986 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
1987 sizeof(struct kvm_rmap_desc),
1989 if (!rmap_desc_cache)
1992 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
1993 sizeof(struct kvm_mmu_page),
1995 if (!mmu_page_header_cache)
2001 kvm_mmu_module_exit();
2006 * Caculate mmu pages needed for kvm.
2008 unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
2011 unsigned int nr_mmu_pages;
2012 unsigned int nr_pages = 0;
2014 for (i = 0; i < kvm->nmemslots; i++)
2015 nr_pages += kvm->memslots[i].npages;
2017 nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
2018 nr_mmu_pages = max(nr_mmu_pages,
2019 (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
2021 return nr_mmu_pages;
2024 static void *pv_mmu_peek_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2027 if (len > buffer->len)
2032 static void *pv_mmu_read_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2037 ret = pv_mmu_peek_buffer(buffer, len);
2042 buffer->processed += len;
2046 static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu,
2047 gpa_t addr, gpa_t value)
2052 if (!is_long_mode(vcpu) && !is_pae(vcpu))
2055 r = mmu_topup_memory_caches(vcpu);
2059 if (!emulator_write_phys(vcpu, addr, &value, bytes))
2065 static int kvm_pv_mmu_flush_tlb(struct kvm_vcpu *vcpu)
2067 kvm_x86_ops->tlb_flush(vcpu);
2071 static int kvm_pv_mmu_release_pt(struct kvm_vcpu *vcpu, gpa_t addr)
2073 spin_lock(&vcpu->kvm->mmu_lock);
2074 mmu_unshadow(vcpu->kvm, addr >> PAGE_SHIFT);
2075 spin_unlock(&vcpu->kvm->mmu_lock);
2079 static int kvm_pv_mmu_op_one(struct kvm_vcpu *vcpu,
2080 struct kvm_pv_mmu_op_buffer *buffer)
2082 struct kvm_mmu_op_header *header;
2084 header = pv_mmu_peek_buffer(buffer, sizeof *header);
2087 switch (header->op) {
2088 case KVM_MMU_OP_WRITE_PTE: {
2089 struct kvm_mmu_op_write_pte *wpte;
2091 wpte = pv_mmu_read_buffer(buffer, sizeof *wpte);
2094 return kvm_pv_mmu_write(vcpu, wpte->pte_phys,
2097 case KVM_MMU_OP_FLUSH_TLB: {
2098 struct kvm_mmu_op_flush_tlb *ftlb;
2100 ftlb = pv_mmu_read_buffer(buffer, sizeof *ftlb);
2103 return kvm_pv_mmu_flush_tlb(vcpu);
2105 case KVM_MMU_OP_RELEASE_PT: {
2106 struct kvm_mmu_op_release_pt *rpt;
2108 rpt = pv_mmu_read_buffer(buffer, sizeof *rpt);
2111 return kvm_pv_mmu_release_pt(vcpu, rpt->pt_phys);
2117 int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
2118 gpa_t addr, unsigned long *ret)
2121 struct kvm_pv_mmu_op_buffer buffer;
2123 down_read(¤t->mm->mmap_sem);
2125 buffer.ptr = buffer.buf;
2126 buffer.len = min_t(unsigned long, bytes, sizeof buffer.buf);
2127 buffer.processed = 0;
2129 r = kvm_read_guest(vcpu->kvm, addr, buffer.buf, buffer.len);
2133 while (buffer.len) {
2134 r = kvm_pv_mmu_op_one(vcpu, &buffer);
2143 *ret = buffer.processed;
2144 up_read(¤t->mm->mmap_sem);
2150 static const char *audit_msg;
2152 static gva_t canonicalize(gva_t gva)
2154 #ifdef CONFIG_X86_64
2155 gva = (long long)(gva << 16) >> 16;
2160 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
2161 gva_t va, int level)
2163 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
2165 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
2167 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
2170 if (ent == shadow_trap_nonpresent_pte)
2173 va = canonicalize(va);
2175 if (ent == shadow_notrap_nonpresent_pte)
2176 printk(KERN_ERR "audit: (%s) nontrapping pte"
2177 " in nonleaf level: levels %d gva %lx"
2178 " level %d pte %llx\n", audit_msg,
2179 vcpu->arch.mmu.root_level, va, level, ent);
2181 audit_mappings_page(vcpu, ent, va, level - 1);
2183 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, va);
2184 struct page *page = gpa_to_page(vcpu, gpa);
2185 hpa_t hpa = page_to_phys(page);
2187 if (is_shadow_present_pte(ent)
2188 && (ent & PT64_BASE_ADDR_MASK) != hpa)
2189 printk(KERN_ERR "xx audit error: (%s) levels %d"
2190 " gva %lx gpa %llx hpa %llx ent %llx %d\n",
2191 audit_msg, vcpu->arch.mmu.root_level,
2193 is_shadow_present_pte(ent));
2194 else if (ent == shadow_notrap_nonpresent_pte
2195 && !is_error_hpa(hpa))
2196 printk(KERN_ERR "audit: (%s) notrap shadow,"
2197 " valid guest gva %lx\n", audit_msg, va);
2198 kvm_release_page_clean(page);
2204 static void audit_mappings(struct kvm_vcpu *vcpu)
2208 if (vcpu->arch.mmu.root_level == 4)
2209 audit_mappings_page(vcpu, vcpu->arch.mmu.root_hpa, 0, 4);
2211 for (i = 0; i < 4; ++i)
2212 if (vcpu->arch.mmu.pae_root[i] & PT_PRESENT_MASK)
2213 audit_mappings_page(vcpu,
2214 vcpu->arch.mmu.pae_root[i],
2219 static int count_rmaps(struct kvm_vcpu *vcpu)
2224 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
2225 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
2226 struct kvm_rmap_desc *d;
2228 for (j = 0; j < m->npages; ++j) {
2229 unsigned long *rmapp = &m->rmap[j];
2233 if (!(*rmapp & 1)) {
2237 d = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
2239 for (k = 0; k < RMAP_EXT; ++k)
2240 if (d->shadow_ptes[k])
2251 static int count_writable_mappings(struct kvm_vcpu *vcpu)
2254 struct kvm_mmu_page *sp;
2257 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2260 if (sp->role.level != PT_PAGE_TABLE_LEVEL)
2263 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
2266 if (!(ent & PT_PRESENT_MASK))
2268 if (!(ent & PT_WRITABLE_MASK))
2276 static void audit_rmap(struct kvm_vcpu *vcpu)
2278 int n_rmap = count_rmaps(vcpu);
2279 int n_actual = count_writable_mappings(vcpu);
2281 if (n_rmap != n_actual)
2282 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
2283 __func__, audit_msg, n_rmap, n_actual);
2286 static void audit_write_protection(struct kvm_vcpu *vcpu)
2288 struct kvm_mmu_page *sp;
2289 struct kvm_memory_slot *slot;
2290 unsigned long *rmapp;
2293 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2294 if (sp->role.metaphysical)
2297 slot = gfn_to_memslot(vcpu->kvm, sp->gfn);
2298 gfn = unalias_gfn(vcpu->kvm, sp->gfn);
2299 rmapp = &slot->rmap[gfn - slot->base_gfn];
2301 printk(KERN_ERR "%s: (%s) shadow page has writable"
2302 " mappings: gfn %lx role %x\n",
2303 __func__, audit_msg, sp->gfn,
2308 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
2315 audit_write_protection(vcpu);
2316 audit_mappings(vcpu);
git.openpandora.org / pandora-kernel.git / blob