2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
19 #include <linux/types.h>
20 #include <linux/string.h>
23 #include <linux/highmem.h>
24 #include <linux/module.h>
25 #include <asm/cmpxchg.h>
35 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
37 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
42 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
43 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
47 #define pgprintk(x...) do { } while (0)
48 #define rmap_printk(x...) do { } while (0)
52 #if defined(MMU_DEBUG) || defined(AUDIT)
57 #define ASSERT(x) do { } while (0)
61 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
62 __FILE__, __LINE__, #x); \
66 #define PT64_PT_BITS 9
67 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
68 #define PT32_PT_BITS 10
69 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
71 #define PT_WRITABLE_SHIFT 1
73 #define PT_PRESENT_MASK (1ULL << 0)
74 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
75 #define PT_USER_MASK (1ULL << 2)
76 #define PT_PWT_MASK (1ULL << 3)
77 #define PT_PCD_MASK (1ULL << 4)
78 #define PT_ACCESSED_MASK (1ULL << 5)
79 #define PT_DIRTY_MASK (1ULL << 6)
80 #define PT_PAGE_SIZE_MASK (1ULL << 7)
81 #define PT_PAT_MASK (1ULL << 7)
82 #define PT_GLOBAL_MASK (1ULL << 8)
83 #define PT64_NX_MASK (1ULL << 63)
85 #define PT_PAT_SHIFT 7
86 #define PT_DIR_PAT_SHIFT 12
87 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
89 #define PT32_DIR_PSE36_SIZE 4
90 #define PT32_DIR_PSE36_SHIFT 13
91 #define PT32_DIR_PSE36_MASK (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
94 #define PT_FIRST_AVAIL_BITS_SHIFT 9
95 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
97 #define PT_SHADOW_PS_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
98 #define PT_SHADOW_IO_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
100 #define PT_SHADOW_WRITABLE_SHIFT (PT_FIRST_AVAIL_BITS_SHIFT + 1)
101 #define PT_SHADOW_WRITABLE_MASK (1ULL << PT_SHADOW_WRITABLE_SHIFT)
103 #define PT_SHADOW_USER_SHIFT (PT_SHADOW_WRITABLE_SHIFT + 1)
104 #define PT_SHADOW_USER_MASK (1ULL << (PT_SHADOW_USER_SHIFT))
106 #define PT_SHADOW_BITS_OFFSET (PT_SHADOW_WRITABLE_SHIFT - PT_WRITABLE_SHIFT)
108 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
110 #define PT64_LEVEL_BITS 9
112 #define PT64_LEVEL_SHIFT(level) \
113 ( PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS )
115 #define PT64_LEVEL_MASK(level) \
116 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
118 #define PT64_INDEX(address, level)\
119 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
122 #define PT32_LEVEL_BITS 10
124 #define PT32_LEVEL_SHIFT(level) \
125 ( PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS )
127 #define PT32_LEVEL_MASK(level) \
128 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
130 #define PT32_INDEX(address, level)\
131 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
134 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
135 #define PT64_DIR_BASE_ADDR_MASK \
136 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
138 #define PT32_BASE_ADDR_MASK PAGE_MASK
139 #define PT32_DIR_BASE_ADDR_MASK \
140 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
143 #define PFERR_PRESENT_MASK (1U << 0)
144 #define PFERR_WRITE_MASK (1U << 1)
145 #define PFERR_USER_MASK (1U << 2)
146 #define PFERR_FETCH_MASK (1U << 4)
148 #define PT64_ROOT_LEVEL 4
149 #define PT32_ROOT_LEVEL 2
150 #define PT32E_ROOT_LEVEL 3
152 #define PT_DIRECTORY_LEVEL 2
153 #define PT_PAGE_TABLE_LEVEL 1
157 struct kvm_rmap_desc {
158 u64 *shadow_ptes[RMAP_EXT];
159 struct kvm_rmap_desc *more;
162 static struct kmem_cache *pte_chain_cache;
163 static struct kmem_cache *rmap_desc_cache;
164 static struct kmem_cache *mmu_page_cache;
165 static struct kmem_cache *mmu_page_header_cache;
167 static int is_write_protection(struct kvm_vcpu *vcpu)
169 return vcpu->cr0 & CR0_WP_MASK;
172 static int is_cpuid_PSE36(void)
177 static int is_nx(struct kvm_vcpu *vcpu)
179 return vcpu->shadow_efer & EFER_NX;
182 static int is_present_pte(unsigned long pte)
184 return pte & PT_PRESENT_MASK;
187 static int is_writeble_pte(unsigned long pte)
189 return pte & PT_WRITABLE_MASK;
192 static int is_io_pte(unsigned long pte)
194 return pte & PT_SHADOW_IO_MARK;
197 static int is_rmap_pte(u64 pte)
199 return (pte & (PT_WRITABLE_MASK | PT_PRESENT_MASK))
200 == (PT_WRITABLE_MASK | PT_PRESENT_MASK);
203 static void set_shadow_pte(u64 *sptep, u64 spte)
206 set_64bit((unsigned long *)sptep, spte);
208 set_64bit((unsigned long long *)sptep, spte);
212 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
213 struct kmem_cache *base_cache, int min,
218 if (cache->nobjs >= min)
220 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
221 obj = kmem_cache_zalloc(base_cache, gfp_flags);
224 cache->objects[cache->nobjs++] = obj;
229 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
232 kfree(mc->objects[--mc->nobjs]);
235 static int __mmu_topup_memory_caches(struct kvm_vcpu *vcpu, gfp_t gfp_flags)
239 r = mmu_topup_memory_cache(&vcpu->mmu_pte_chain_cache,
240 pte_chain_cache, 4, gfp_flags);
243 r = mmu_topup_memory_cache(&vcpu->mmu_rmap_desc_cache,
244 rmap_desc_cache, 1, gfp_flags);
247 r = mmu_topup_memory_cache(&vcpu->mmu_page_cache,
248 mmu_page_cache, 4, gfp_flags);
251 r = mmu_topup_memory_cache(&vcpu->mmu_page_header_cache,
252 mmu_page_header_cache, 4, gfp_flags);
257 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
261 r = __mmu_topup_memory_caches(vcpu, GFP_NOWAIT);
263 spin_unlock(&vcpu->kvm->lock);
264 kvm_arch_ops->vcpu_put(vcpu);
265 r = __mmu_topup_memory_caches(vcpu, GFP_KERNEL);
266 kvm_arch_ops->vcpu_load(vcpu);
267 spin_lock(&vcpu->kvm->lock);
272 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
274 mmu_free_memory_cache(&vcpu->mmu_pte_chain_cache);
275 mmu_free_memory_cache(&vcpu->mmu_rmap_desc_cache);
276 mmu_free_memory_cache(&vcpu->mmu_page_cache);
277 mmu_free_memory_cache(&vcpu->mmu_page_header_cache);
280 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
286 p = mc->objects[--mc->nobjs];
291 static void mmu_memory_cache_free(struct kvm_mmu_memory_cache *mc, void *obj)
293 if (mc->nobjs < KVM_NR_MEM_OBJS)
294 mc->objects[mc->nobjs++] = obj;
299 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
301 return mmu_memory_cache_alloc(&vcpu->mmu_pte_chain_cache,
302 sizeof(struct kvm_pte_chain));
305 static void mmu_free_pte_chain(struct kvm_vcpu *vcpu,
306 struct kvm_pte_chain *pc)
308 mmu_memory_cache_free(&vcpu->mmu_pte_chain_cache, pc);
311 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
313 return mmu_memory_cache_alloc(&vcpu->mmu_rmap_desc_cache,
314 sizeof(struct kvm_rmap_desc));
317 static void mmu_free_rmap_desc(struct kvm_vcpu *vcpu,
318 struct kvm_rmap_desc *rd)
320 mmu_memory_cache_free(&vcpu->mmu_rmap_desc_cache, rd);
324 * Reverse mapping data structures:
326 * If page->private bit zero is zero, then page->private points to the
327 * shadow page table entry that points to page_address(page).
329 * If page->private bit zero is one, (then page->private & ~1) points
330 * to a struct kvm_rmap_desc containing more mappings.
332 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte)
335 struct kvm_rmap_desc *desc;
338 if (!is_rmap_pte(*spte))
340 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
341 if (!page_private(page)) {
342 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
343 set_page_private(page,(unsigned long)spte);
344 } else if (!(page_private(page) & 1)) {
345 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
346 desc = mmu_alloc_rmap_desc(vcpu);
347 desc->shadow_ptes[0] = (u64 *)page_private(page);
348 desc->shadow_ptes[1] = spte;
349 set_page_private(page,(unsigned long)desc | 1);
351 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
352 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
353 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
355 if (desc->shadow_ptes[RMAP_EXT-1]) {
356 desc->more = mmu_alloc_rmap_desc(vcpu);
359 for (i = 0; desc->shadow_ptes[i]; ++i)
361 desc->shadow_ptes[i] = spte;
365 static void rmap_desc_remove_entry(struct kvm_vcpu *vcpu,
367 struct kvm_rmap_desc *desc,
369 struct kvm_rmap_desc *prev_desc)
373 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
375 desc->shadow_ptes[i] = desc->shadow_ptes[j];
376 desc->shadow_ptes[j] = NULL;
379 if (!prev_desc && !desc->more)
380 set_page_private(page,(unsigned long)desc->shadow_ptes[0]);
383 prev_desc->more = desc->more;
385 set_page_private(page,(unsigned long)desc->more | 1);
386 mmu_free_rmap_desc(vcpu, desc);
389 static void rmap_remove(struct kvm_vcpu *vcpu, u64 *spte)
392 struct kvm_rmap_desc *desc;
393 struct kvm_rmap_desc *prev_desc;
396 if (!is_rmap_pte(*spte))
398 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
399 if (!page_private(page)) {
400 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
402 } else if (!(page_private(page) & 1)) {
403 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
404 if ((u64 *)page_private(page) != spte) {
405 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
409 set_page_private(page,0);
411 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
412 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
415 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
416 if (desc->shadow_ptes[i] == spte) {
417 rmap_desc_remove_entry(vcpu, page,
429 static void rmap_write_protect(struct kvm_vcpu *vcpu, u64 gfn)
431 struct kvm *kvm = vcpu->kvm;
433 struct kvm_rmap_desc *desc;
436 page = gfn_to_page(kvm, gfn);
439 while (page_private(page)) {
440 if (!(page_private(page) & 1))
441 spte = (u64 *)page_private(page);
443 desc = (struct kvm_rmap_desc *)(page_private(page) & ~1ul);
444 spte = desc->shadow_ptes[0];
447 BUG_ON((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT
448 != page_to_pfn(page));
449 BUG_ON(!(*spte & PT_PRESENT_MASK));
450 BUG_ON(!(*spte & PT_WRITABLE_MASK));
451 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
452 rmap_remove(vcpu, spte);
453 kvm_arch_ops->tlb_flush(vcpu);
454 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
459 static int is_empty_shadow_page(u64 *spt)
464 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
466 printk(KERN_ERR "%s: %p %llx\n", __FUNCTION__,
474 static void kvm_mmu_free_page(struct kvm_vcpu *vcpu,
475 struct kvm_mmu_page *page_head)
477 ASSERT(is_empty_shadow_page(page_head->spt));
478 list_del(&page_head->link);
479 mmu_memory_cache_free(&vcpu->mmu_page_cache, page_head->spt);
480 mmu_memory_cache_free(&vcpu->mmu_page_header_cache, page_head);
481 ++vcpu->kvm->n_free_mmu_pages;
484 static unsigned kvm_page_table_hashfn(gfn_t gfn)
489 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
492 struct kvm_mmu_page *page;
494 if (!vcpu->kvm->n_free_mmu_pages)
497 page = mmu_memory_cache_alloc(&vcpu->mmu_page_header_cache,
499 page->spt = mmu_memory_cache_alloc(&vcpu->mmu_page_cache, PAGE_SIZE);
500 set_page_private(virt_to_page(page->spt), (unsigned long)page);
501 list_add(&page->link, &vcpu->kvm->active_mmu_pages);
502 ASSERT(is_empty_shadow_page(page->spt));
503 page->slot_bitmap = 0;
504 page->multimapped = 0;
505 page->parent_pte = parent_pte;
506 --vcpu->kvm->n_free_mmu_pages;
510 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
511 struct kvm_mmu_page *page, u64 *parent_pte)
513 struct kvm_pte_chain *pte_chain;
514 struct hlist_node *node;
519 if (!page->multimapped) {
520 u64 *old = page->parent_pte;
523 page->parent_pte = parent_pte;
526 page->multimapped = 1;
527 pte_chain = mmu_alloc_pte_chain(vcpu);
528 INIT_HLIST_HEAD(&page->parent_ptes);
529 hlist_add_head(&pte_chain->link, &page->parent_ptes);
530 pte_chain->parent_ptes[0] = old;
532 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link) {
533 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
535 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
536 if (!pte_chain->parent_ptes[i]) {
537 pte_chain->parent_ptes[i] = parent_pte;
541 pte_chain = mmu_alloc_pte_chain(vcpu);
543 hlist_add_head(&pte_chain->link, &page->parent_ptes);
544 pte_chain->parent_ptes[0] = parent_pte;
547 static void mmu_page_remove_parent_pte(struct kvm_vcpu *vcpu,
548 struct kvm_mmu_page *page,
551 struct kvm_pte_chain *pte_chain;
552 struct hlist_node *node;
555 if (!page->multimapped) {
556 BUG_ON(page->parent_pte != parent_pte);
557 page->parent_pte = NULL;
560 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link)
561 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
562 if (!pte_chain->parent_ptes[i])
564 if (pte_chain->parent_ptes[i] != parent_pte)
566 while (i + 1 < NR_PTE_CHAIN_ENTRIES
567 && pte_chain->parent_ptes[i + 1]) {
568 pte_chain->parent_ptes[i]
569 = pte_chain->parent_ptes[i + 1];
572 pte_chain->parent_ptes[i] = NULL;
574 hlist_del(&pte_chain->link);
575 mmu_free_pte_chain(vcpu, pte_chain);
576 if (hlist_empty(&page->parent_ptes)) {
577 page->multimapped = 0;
578 page->parent_pte = NULL;
586 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm_vcpu *vcpu,
590 struct hlist_head *bucket;
591 struct kvm_mmu_page *page;
592 struct hlist_node *node;
594 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
595 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
596 bucket = &vcpu->kvm->mmu_page_hash[index];
597 hlist_for_each_entry(page, node, bucket, hash_link)
598 if (page->gfn == gfn && !page->role.metaphysical) {
599 pgprintk("%s: found role %x\n",
600 __FUNCTION__, page->role.word);
606 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
611 unsigned hugepage_access,
614 union kvm_mmu_page_role role;
617 struct hlist_head *bucket;
618 struct kvm_mmu_page *page;
619 struct hlist_node *node;
622 role.glevels = vcpu->mmu.root_level;
624 role.metaphysical = metaphysical;
625 role.hugepage_access = hugepage_access;
626 if (vcpu->mmu.root_level <= PT32_ROOT_LEVEL) {
627 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
628 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
629 role.quadrant = quadrant;
631 pgprintk("%s: looking gfn %lx role %x\n", __FUNCTION__,
633 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
634 bucket = &vcpu->kvm->mmu_page_hash[index];
635 hlist_for_each_entry(page, node, bucket, hash_link)
636 if (page->gfn == gfn && page->role.word == role.word) {
637 mmu_page_add_parent_pte(vcpu, page, parent_pte);
638 pgprintk("%s: found\n", __FUNCTION__);
641 page = kvm_mmu_alloc_page(vcpu, parent_pte);
644 pgprintk("%s: adding gfn %lx role %x\n", __FUNCTION__, gfn, role.word);
647 hlist_add_head(&page->hash_link, bucket);
649 rmap_write_protect(vcpu, gfn);
653 static void kvm_mmu_page_unlink_children(struct kvm_vcpu *vcpu,
654 struct kvm_mmu_page *page)
662 if (page->role.level == PT_PAGE_TABLE_LEVEL) {
663 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
664 if (pt[i] & PT_PRESENT_MASK)
665 rmap_remove(vcpu, &pt[i]);
668 kvm_arch_ops->tlb_flush(vcpu);
672 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
676 if (!(ent & PT_PRESENT_MASK))
678 ent &= PT64_BASE_ADDR_MASK;
679 mmu_page_remove_parent_pte(vcpu, page_header(ent), &pt[i]);
683 static void kvm_mmu_put_page(struct kvm_vcpu *vcpu,
684 struct kvm_mmu_page *page,
687 mmu_page_remove_parent_pte(vcpu, page, parent_pte);
690 static void kvm_mmu_zap_page(struct kvm_vcpu *vcpu,
691 struct kvm_mmu_page *page)
695 while (page->multimapped || page->parent_pte) {
696 if (!page->multimapped)
697 parent_pte = page->parent_pte;
699 struct kvm_pte_chain *chain;
701 chain = container_of(page->parent_ptes.first,
702 struct kvm_pte_chain, link);
703 parent_pte = chain->parent_ptes[0];
706 kvm_mmu_put_page(vcpu, page, parent_pte);
707 set_shadow_pte(parent_pte, 0);
709 kvm_mmu_page_unlink_children(vcpu, page);
710 if (!page->root_count) {
711 hlist_del(&page->hash_link);
712 kvm_mmu_free_page(vcpu, page);
714 list_move(&page->link, &vcpu->kvm->active_mmu_pages);
717 static int kvm_mmu_unprotect_page(struct kvm_vcpu *vcpu, gfn_t gfn)
720 struct hlist_head *bucket;
721 struct kvm_mmu_page *page;
722 struct hlist_node *node, *n;
725 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
727 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
728 bucket = &vcpu->kvm->mmu_page_hash[index];
729 hlist_for_each_entry_safe(page, node, n, bucket, hash_link)
730 if (page->gfn == gfn && !page->role.metaphysical) {
731 pgprintk("%s: gfn %lx role %x\n", __FUNCTION__, gfn,
733 kvm_mmu_zap_page(vcpu, page);
739 static void mmu_unshadow(struct kvm_vcpu *vcpu, gfn_t gfn)
741 struct kvm_mmu_page *page;
743 while ((page = kvm_mmu_lookup_page(vcpu, gfn)) != NULL) {
744 pgprintk("%s: zap %lx %x\n",
745 __FUNCTION__, gfn, page->role.word);
746 kvm_mmu_zap_page(vcpu, page);
750 static void page_header_update_slot(struct kvm *kvm, void *pte, gpa_t gpa)
752 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gpa >> PAGE_SHIFT));
753 struct kvm_mmu_page *page_head = page_header(__pa(pte));
755 __set_bit(slot, &page_head->slot_bitmap);
758 hpa_t safe_gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
760 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
762 return is_error_hpa(hpa) ? bad_page_address | (gpa & ~PAGE_MASK): hpa;
765 hpa_t gpa_to_hpa(struct kvm_vcpu *vcpu, gpa_t gpa)
769 ASSERT((gpa & HPA_ERR_MASK) == 0);
770 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
772 return gpa | HPA_ERR_MASK;
773 return ((hpa_t)page_to_pfn(page) << PAGE_SHIFT)
774 | (gpa & (PAGE_SIZE-1));
777 hpa_t gva_to_hpa(struct kvm_vcpu *vcpu, gva_t gva)
779 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
781 if (gpa == UNMAPPED_GVA)
783 return gpa_to_hpa(vcpu, gpa);
786 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
788 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
790 if (gpa == UNMAPPED_GVA)
792 return pfn_to_page(gpa_to_hpa(vcpu, gpa) >> PAGE_SHIFT);
795 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
799 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, hpa_t p)
801 int level = PT32E_ROOT_LEVEL;
802 hpa_t table_addr = vcpu->mmu.root_hpa;
805 u32 index = PT64_INDEX(v, level);
809 ASSERT(VALID_PAGE(table_addr));
810 table = __va(table_addr);
814 if (is_present_pte(pte) && is_writeble_pte(pte))
816 mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT);
817 page_header_update_slot(vcpu->kvm, table, v);
818 table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK |
820 rmap_add(vcpu, &table[index]);
824 if (table[index] == 0) {
825 struct kvm_mmu_page *new_table;
828 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
830 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
832 1, 0, &table[index]);
834 pgprintk("nonpaging_map: ENOMEM\n");
838 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
839 | PT_WRITABLE_MASK | PT_USER_MASK;
841 table_addr = table[index] & PT64_BASE_ADDR_MASK;
845 static void mmu_free_roots(struct kvm_vcpu *vcpu)
848 struct kvm_mmu_page *page;
851 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
852 hpa_t root = vcpu->mmu.root_hpa;
854 ASSERT(VALID_PAGE(root));
855 page = page_header(root);
857 vcpu->mmu.root_hpa = INVALID_PAGE;
861 for (i = 0; i < 4; ++i) {
862 hpa_t root = vcpu->mmu.pae_root[i];
865 ASSERT(VALID_PAGE(root));
866 root &= PT64_BASE_ADDR_MASK;
867 page = page_header(root);
870 vcpu->mmu.pae_root[i] = INVALID_PAGE;
872 vcpu->mmu.root_hpa = INVALID_PAGE;
875 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
879 struct kvm_mmu_page *page;
881 root_gfn = vcpu->cr3 >> PAGE_SHIFT;
884 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
885 hpa_t root = vcpu->mmu.root_hpa;
887 ASSERT(!VALID_PAGE(root));
888 page = kvm_mmu_get_page(vcpu, root_gfn, 0,
889 PT64_ROOT_LEVEL, 0, 0, NULL);
890 root = __pa(page->spt);
892 vcpu->mmu.root_hpa = root;
896 for (i = 0; i < 4; ++i) {
897 hpa_t root = vcpu->mmu.pae_root[i];
899 ASSERT(!VALID_PAGE(root));
900 if (vcpu->mmu.root_level == PT32E_ROOT_LEVEL) {
901 if (!is_present_pte(vcpu->pdptrs[i])) {
902 vcpu->mmu.pae_root[i] = 0;
905 root_gfn = vcpu->pdptrs[i] >> PAGE_SHIFT;
906 } else if (vcpu->mmu.root_level == 0)
908 page = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
909 PT32_ROOT_LEVEL, !is_paging(vcpu),
911 root = __pa(page->spt);
913 vcpu->mmu.pae_root[i] = root | PT_PRESENT_MASK;
915 vcpu->mmu.root_hpa = __pa(vcpu->mmu.pae_root);
918 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
923 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
930 r = mmu_topup_memory_caches(vcpu);
935 ASSERT(VALID_PAGE(vcpu->mmu.root_hpa));
938 paddr = gpa_to_hpa(vcpu , addr & PT64_BASE_ADDR_MASK);
940 if (is_error_hpa(paddr))
943 return nonpaging_map(vcpu, addr & PAGE_MASK, paddr);
946 static void nonpaging_free(struct kvm_vcpu *vcpu)
948 mmu_free_roots(vcpu);
951 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
953 struct kvm_mmu *context = &vcpu->mmu;
955 context->new_cr3 = nonpaging_new_cr3;
956 context->page_fault = nonpaging_page_fault;
957 context->gva_to_gpa = nonpaging_gva_to_gpa;
958 context->free = nonpaging_free;
959 context->root_level = 0;
960 context->shadow_root_level = PT32E_ROOT_LEVEL;
961 mmu_alloc_roots(vcpu);
962 ASSERT(VALID_PAGE(context->root_hpa));
963 kvm_arch_ops->set_cr3(vcpu, context->root_hpa);
967 static void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
969 ++vcpu->stat.tlb_flush;
970 kvm_arch_ops->tlb_flush(vcpu);
973 static void paging_new_cr3(struct kvm_vcpu *vcpu)
975 pgprintk("%s: cr3 %lx\n", __FUNCTION__, vcpu->cr3);
976 mmu_free_roots(vcpu);
977 if (unlikely(vcpu->kvm->n_free_mmu_pages < KVM_MIN_FREE_MMU_PAGES))
978 kvm_mmu_free_some_pages(vcpu);
979 mmu_alloc_roots(vcpu);
980 kvm_mmu_flush_tlb(vcpu);
981 kvm_arch_ops->set_cr3(vcpu, vcpu->mmu.root_hpa);
984 static void inject_page_fault(struct kvm_vcpu *vcpu,
988 kvm_arch_ops->inject_page_fault(vcpu, addr, err_code);
991 static void paging_free(struct kvm_vcpu *vcpu)
993 nonpaging_free(vcpu);
997 #include "paging_tmpl.h"
1001 #include "paging_tmpl.h"
1004 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1006 struct kvm_mmu *context = &vcpu->mmu;
1008 ASSERT(is_pae(vcpu));
1009 context->new_cr3 = paging_new_cr3;
1010 context->page_fault = paging64_page_fault;
1011 context->gva_to_gpa = paging64_gva_to_gpa;
1012 context->free = paging_free;
1013 context->root_level = level;
1014 context->shadow_root_level = level;
1015 mmu_alloc_roots(vcpu);
1016 ASSERT(VALID_PAGE(context->root_hpa));
1017 kvm_arch_ops->set_cr3(vcpu, context->root_hpa |
1018 (vcpu->cr3 & (CR3_PCD_MASK | CR3_WPT_MASK)));
1022 static int paging64_init_context(struct kvm_vcpu *vcpu)
1024 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1027 static int paging32_init_context(struct kvm_vcpu *vcpu)
1029 struct kvm_mmu *context = &vcpu->mmu;
1031 context->new_cr3 = paging_new_cr3;
1032 context->page_fault = paging32_page_fault;
1033 context->gva_to_gpa = paging32_gva_to_gpa;
1034 context->free = paging_free;
1035 context->root_level = PT32_ROOT_LEVEL;
1036 context->shadow_root_level = PT32E_ROOT_LEVEL;
1037 mmu_alloc_roots(vcpu);
1038 ASSERT(VALID_PAGE(context->root_hpa));
1039 kvm_arch_ops->set_cr3(vcpu, context->root_hpa |
1040 (vcpu->cr3 & (CR3_PCD_MASK | CR3_WPT_MASK)));
1044 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1046 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1049 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1052 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1054 mmu_topup_memory_caches(vcpu);
1055 if (!is_paging(vcpu))
1056 return nonpaging_init_context(vcpu);
1057 else if (is_long_mode(vcpu))
1058 return paging64_init_context(vcpu);
1059 else if (is_pae(vcpu))
1060 return paging32E_init_context(vcpu);
1062 return paging32_init_context(vcpu);
1065 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1068 if (VALID_PAGE(vcpu->mmu.root_hpa)) {
1069 vcpu->mmu.free(vcpu);
1070 vcpu->mmu.root_hpa = INVALID_PAGE;
1074 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1078 destroy_kvm_mmu(vcpu);
1079 r = init_kvm_mmu(vcpu);
1082 r = mmu_topup_memory_caches(vcpu);
1087 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1088 struct kvm_mmu_page *page,
1092 struct kvm_mmu_page *child;
1095 if (is_present_pte(pte)) {
1096 if (page->role.level == PT_PAGE_TABLE_LEVEL)
1097 rmap_remove(vcpu, spte);
1099 child = page_header(pte & PT64_BASE_ADDR_MASK);
1100 mmu_page_remove_parent_pte(vcpu, child, spte);
1106 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1107 struct kvm_mmu_page *page,
1109 const void *new, int bytes)
1111 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1114 if (page->role.glevels == PT32_ROOT_LEVEL)
1115 paging32_update_pte(vcpu, page, spte, new, bytes);
1117 paging64_update_pte(vcpu, page, spte, new, bytes);
1120 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1121 const u8 *old, const u8 *new, int bytes)
1123 gfn_t gfn = gpa >> PAGE_SHIFT;
1124 struct kvm_mmu_page *page;
1125 struct hlist_node *node, *n;
1126 struct hlist_head *bucket;
1129 unsigned offset = offset_in_page(gpa);
1131 unsigned page_offset;
1132 unsigned misaligned;
1138 pgprintk("%s: gpa %llx bytes %d\n", __FUNCTION__, gpa, bytes);
1139 if (gfn == vcpu->last_pt_write_gfn) {
1140 ++vcpu->last_pt_write_count;
1141 if (vcpu->last_pt_write_count >= 3)
1144 vcpu->last_pt_write_gfn = gfn;
1145 vcpu->last_pt_write_count = 1;
1147 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
1148 bucket = &vcpu->kvm->mmu_page_hash[index];
1149 hlist_for_each_entry_safe(page, node, n, bucket, hash_link) {
1150 if (page->gfn != gfn || page->role.metaphysical)
1152 pte_size = page->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1153 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1154 misaligned |= bytes < 4;
1155 if (misaligned || flooded) {
1157 * Misaligned accesses are too much trouble to fix
1158 * up; also, they usually indicate a page is not used
1161 * If we're seeing too many writes to a page,
1162 * it may no longer be a page table, or we may be
1163 * forking, in which case it is better to unmap the
1166 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1167 gpa, bytes, page->role.word);
1168 kvm_mmu_zap_page(vcpu, page);
1171 page_offset = offset;
1172 level = page->role.level;
1174 if (page->role.glevels == PT32_ROOT_LEVEL) {
1175 page_offset <<= 1; /* 32->64 */
1177 * A 32-bit pde maps 4MB while the shadow pdes map
1178 * only 2MB. So we need to double the offset again
1179 * and zap two pdes instead of one.
1181 if (level == PT32_ROOT_LEVEL) {
1182 page_offset &= ~7; /* kill rounding error */
1186 quadrant = page_offset >> PAGE_SHIFT;
1187 page_offset &= ~PAGE_MASK;
1188 if (quadrant != page->role.quadrant)
1191 spte = &page->spt[page_offset / sizeof(*spte)];
1193 mmu_pte_write_zap_pte(vcpu, page, spte);
1194 mmu_pte_write_new_pte(vcpu, page, spte, new, bytes);
1200 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1202 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
1204 return kvm_mmu_unprotect_page(vcpu, gpa >> PAGE_SHIFT);
1207 void kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1209 while (vcpu->kvm->n_free_mmu_pages < KVM_REFILL_PAGES) {
1210 struct kvm_mmu_page *page;
1212 page = container_of(vcpu->kvm->active_mmu_pages.prev,
1213 struct kvm_mmu_page, link);
1214 kvm_mmu_zap_page(vcpu, page);
1217 EXPORT_SYMBOL_GPL(kvm_mmu_free_some_pages);
1219 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1221 struct kvm_mmu_page *page;
1223 while (!list_empty(&vcpu->kvm->active_mmu_pages)) {
1224 page = container_of(vcpu->kvm->active_mmu_pages.next,
1225 struct kvm_mmu_page, link);
1226 kvm_mmu_zap_page(vcpu, page);
1228 free_page((unsigned long)vcpu->mmu.pae_root);
1231 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1238 vcpu->kvm->n_free_mmu_pages = KVM_NUM_MMU_PAGES;
1241 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1242 * Therefore we need to allocate shadow page tables in the first
1243 * 4GB of memory, which happens to fit the DMA32 zone.
1245 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1248 vcpu->mmu.pae_root = page_address(page);
1249 for (i = 0; i < 4; ++i)
1250 vcpu->mmu.pae_root[i] = INVALID_PAGE;
1255 free_mmu_pages(vcpu);
1259 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1262 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1264 return alloc_mmu_pages(vcpu);
1267 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1270 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1272 return init_kvm_mmu(vcpu);
1275 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1279 destroy_kvm_mmu(vcpu);
1280 free_mmu_pages(vcpu);
1281 mmu_free_memory_caches(vcpu);
1284 void kvm_mmu_slot_remove_write_access(struct kvm_vcpu *vcpu, int slot)
1286 struct kvm *kvm = vcpu->kvm;
1287 struct kvm_mmu_page *page;
1289 list_for_each_entry(page, &kvm->active_mmu_pages, link) {
1293 if (!test_bit(slot, &page->slot_bitmap))
1297 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1299 if (pt[i] & PT_WRITABLE_MASK) {
1300 rmap_remove(vcpu, &pt[i]);
1301 pt[i] &= ~PT_WRITABLE_MASK;
1306 void kvm_mmu_zap_all(struct kvm_vcpu *vcpu)
1308 destroy_kvm_mmu(vcpu);
1310 while (!list_empty(&vcpu->kvm->active_mmu_pages)) {
1311 struct kvm_mmu_page *page;
1313 page = container_of(vcpu->kvm->active_mmu_pages.next,
1314 struct kvm_mmu_page, link);
1315 kvm_mmu_zap_page(vcpu, page);
1318 mmu_free_memory_caches(vcpu);
1319 kvm_arch_ops->tlb_flush(vcpu);
1323 void kvm_mmu_module_exit(void)
1325 if (pte_chain_cache)
1326 kmem_cache_destroy(pte_chain_cache);
1327 if (rmap_desc_cache)
1328 kmem_cache_destroy(rmap_desc_cache);
1330 kmem_cache_destroy(mmu_page_cache);
1331 if (mmu_page_header_cache)
1332 kmem_cache_destroy(mmu_page_header_cache);
1335 int kvm_mmu_module_init(void)
1337 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1338 sizeof(struct kvm_pte_chain),
1340 if (!pte_chain_cache)
1342 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
1343 sizeof(struct kvm_rmap_desc),
1345 if (!rmap_desc_cache)
1348 mmu_page_cache = kmem_cache_create("kvm_mmu_page",
1350 PAGE_SIZE, 0, NULL, NULL);
1351 if (!mmu_page_cache)
1354 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
1355 sizeof(struct kvm_mmu_page),
1357 if (!mmu_page_header_cache)
1363 kvm_mmu_module_exit();
1369 static const char *audit_msg;
1371 static gva_t canonicalize(gva_t gva)
1373 #ifdef CONFIG_X86_64
1374 gva = (long long)(gva << 16) >> 16;
1379 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
1380 gva_t va, int level)
1382 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
1384 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
1386 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
1389 if (!(ent & PT_PRESENT_MASK))
1392 va = canonicalize(va);
1394 audit_mappings_page(vcpu, ent, va, level - 1);
1396 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, va);
1397 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
1399 if ((ent & PT_PRESENT_MASK)
1400 && (ent & PT64_BASE_ADDR_MASK) != hpa)
1401 printk(KERN_ERR "audit error: (%s) levels %d"
1402 " gva %lx gpa %llx hpa %llx ent %llx\n",
1403 audit_msg, vcpu->mmu.root_level,
1409 static void audit_mappings(struct kvm_vcpu *vcpu)
1413 if (vcpu->mmu.root_level == 4)
1414 audit_mappings_page(vcpu, vcpu->mmu.root_hpa, 0, 4);
1416 for (i = 0; i < 4; ++i)
1417 if (vcpu->mmu.pae_root[i] & PT_PRESENT_MASK)
1418 audit_mappings_page(vcpu,
1419 vcpu->mmu.pae_root[i],
1424 static int count_rmaps(struct kvm_vcpu *vcpu)
1429 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
1430 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
1431 struct kvm_rmap_desc *d;
1433 for (j = 0; j < m->npages; ++j) {
1434 struct page *page = m->phys_mem[j];
1438 if (!(page->private & 1)) {
1442 d = (struct kvm_rmap_desc *)(page->private & ~1ul);
1444 for (k = 0; k < RMAP_EXT; ++k)
1445 if (d->shadow_ptes[k])
1456 static int count_writable_mappings(struct kvm_vcpu *vcpu)
1459 struct kvm_mmu_page *page;
1462 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1463 u64 *pt = page->spt;
1465 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1468 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1471 if (!(ent & PT_PRESENT_MASK))
1473 if (!(ent & PT_WRITABLE_MASK))
1481 static void audit_rmap(struct kvm_vcpu *vcpu)
1483 int n_rmap = count_rmaps(vcpu);
1484 int n_actual = count_writable_mappings(vcpu);
1486 if (n_rmap != n_actual)
1487 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
1488 __FUNCTION__, audit_msg, n_rmap, n_actual);
1491 static void audit_write_protection(struct kvm_vcpu *vcpu)
1493 struct kvm_mmu_page *page;
1495 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1499 if (page->role.metaphysical)
1502 hfn = gpa_to_hpa(vcpu, (gpa_t)page->gfn << PAGE_SHIFT)
1504 pg = pfn_to_page(hfn);
1506 printk(KERN_ERR "%s: (%s) shadow page has writable"
1507 " mappings: gfn %lx role %x\n",
1508 __FUNCTION__, audit_msg, page->gfn,
1513 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
1520 audit_write_protection(vcpu);
1521 audit_mappings(vcpu);
projects / linux-2.6 / blob