2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
23 #include <linux/kvm_host.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
29 #include <linux/swap.h>
30 #include <linux/hugetlb.h>
31 #include <linux/compiler.h>
34 #include <asm/cmpxchg.h>
38 * When setting this variable to true it enables Two-Dimensional-Paging
39 * where the hardware walks 2 page tables:
40 * 1. the guest-virtual to guest-physical
41 * 2. while doing 1. it walks guest-physical to host-physical
42 * If the hardware supports that we don't need to do shadow paging.
44 bool tdp_enabled = false;
51 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
53 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
58 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
59 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
63 #define pgprintk(x...) do { } while (0)
64 #define rmap_printk(x...) do { } while (0)
68 #if defined(MMU_DEBUG) || defined(AUDIT)
70 module_param(dbg, bool, 0644);
74 #define ASSERT(x) do { } while (0)
78 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
79 __FILE__, __LINE__, #x); \
83 #define PT_FIRST_AVAIL_BITS_SHIFT 9
84 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
86 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
88 #define PT64_LEVEL_BITS 9
90 #define PT64_LEVEL_SHIFT(level) \
91 (PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS)
93 #define PT64_LEVEL_MASK(level) \
94 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
96 #define PT64_INDEX(address, level)\
97 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
100 #define PT32_LEVEL_BITS 10
102 #define PT32_LEVEL_SHIFT(level) \
103 (PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS)
105 #define PT32_LEVEL_MASK(level) \
106 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
108 #define PT32_INDEX(address, level)\
109 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
112 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
113 #define PT64_DIR_BASE_ADDR_MASK \
114 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
116 #define PT32_BASE_ADDR_MASK PAGE_MASK
117 #define PT32_DIR_BASE_ADDR_MASK \
118 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
120 #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK \
123 #define PFERR_PRESENT_MASK (1U << 0)
124 #define PFERR_WRITE_MASK (1U << 1)
125 #define PFERR_USER_MASK (1U << 2)
126 #define PFERR_FETCH_MASK (1U << 4)
128 #define PT_DIRECTORY_LEVEL 2
129 #define PT_PAGE_TABLE_LEVEL 1
133 #define ACC_EXEC_MASK 1
134 #define ACC_WRITE_MASK PT_WRITABLE_MASK
135 #define ACC_USER_MASK PT_USER_MASK
136 #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
138 #define SHADOW_PT_INDEX(addr, level) PT64_INDEX(addr, level)
140 struct kvm_rmap_desc {
141 u64 *shadow_ptes[RMAP_EXT];
142 struct kvm_rmap_desc *more;
145 struct kvm_shadow_walk {
146 int (*entry)(struct kvm_shadow_walk *walk, struct kvm_vcpu *vcpu,
147 u64 addr, u64 *spte, int level);
150 struct kvm_unsync_walk {
151 int (*entry) (struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk);
154 typedef int (*mmu_parent_walk_fn) (struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp);
156 static struct kmem_cache *pte_chain_cache;
157 static struct kmem_cache *rmap_desc_cache;
158 static struct kmem_cache *mmu_page_header_cache;
160 static u64 __read_mostly shadow_trap_nonpresent_pte;
161 static u64 __read_mostly shadow_notrap_nonpresent_pte;
162 static u64 __read_mostly shadow_base_present_pte;
163 static u64 __read_mostly shadow_nx_mask;
164 static u64 __read_mostly shadow_x_mask; /* mutual exclusive with nx_mask */
165 static u64 __read_mostly shadow_user_mask;
166 static u64 __read_mostly shadow_accessed_mask;
167 static u64 __read_mostly shadow_dirty_mask;
169 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
171 shadow_trap_nonpresent_pte = trap_pte;
172 shadow_notrap_nonpresent_pte = notrap_pte;
174 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
176 void kvm_mmu_set_base_ptes(u64 base_pte)
178 shadow_base_present_pte = base_pte;
180 EXPORT_SYMBOL_GPL(kvm_mmu_set_base_ptes);
182 void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask,
183 u64 dirty_mask, u64 nx_mask, u64 x_mask)
185 shadow_user_mask = user_mask;
186 shadow_accessed_mask = accessed_mask;
187 shadow_dirty_mask = dirty_mask;
188 shadow_nx_mask = nx_mask;
189 shadow_x_mask = x_mask;
191 EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes);
193 static int is_write_protection(struct kvm_vcpu *vcpu)
195 return vcpu->arch.cr0 & X86_CR0_WP;
198 static int is_cpuid_PSE36(void)
203 static int is_nx(struct kvm_vcpu *vcpu)
205 return vcpu->arch.shadow_efer & EFER_NX;
208 static int is_present_pte(unsigned long pte)
210 return pte & PT_PRESENT_MASK;
213 static int is_shadow_present_pte(u64 pte)
215 return pte != shadow_trap_nonpresent_pte
216 && pte != shadow_notrap_nonpresent_pte;
219 static int is_large_pte(u64 pte)
221 return pte & PT_PAGE_SIZE_MASK;
224 static int is_writeble_pte(unsigned long pte)
226 return pte & PT_WRITABLE_MASK;
229 static int is_dirty_pte(unsigned long pte)
231 return pte & shadow_dirty_mask;
234 static int is_rmap_pte(u64 pte)
236 return is_shadow_present_pte(pte);
239 static pfn_t spte_to_pfn(u64 pte)
241 return (pte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
244 static gfn_t pse36_gfn_delta(u32 gpte)
246 int shift = 32 - PT32_DIR_PSE36_SHIFT - PAGE_SHIFT;
248 return (gpte & PT32_DIR_PSE36_MASK) << shift;
251 static void set_shadow_pte(u64 *sptep, u64 spte)
254 set_64bit((unsigned long *)sptep, spte);
256 set_64bit((unsigned long long *)sptep, spte);
260 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
261 struct kmem_cache *base_cache, int min)
265 if (cache->nobjs >= min)
267 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
268 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
271 cache->objects[cache->nobjs++] = obj;
276 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
279 kfree(mc->objects[--mc->nobjs]);
282 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
287 if (cache->nobjs >= min)
289 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
290 page = alloc_page(GFP_KERNEL);
293 set_page_private(page, 0);
294 cache->objects[cache->nobjs++] = page_address(page);
299 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
302 free_page((unsigned long)mc->objects[--mc->nobjs]);
305 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
309 r = mmu_topup_memory_cache(&vcpu->arch.mmu_pte_chain_cache,
313 r = mmu_topup_memory_cache(&vcpu->arch.mmu_rmap_desc_cache,
317 r = mmu_topup_memory_cache_page(&vcpu->arch.mmu_page_cache, 8);
320 r = mmu_topup_memory_cache(&vcpu->arch.mmu_page_header_cache,
321 mmu_page_header_cache, 4);
326 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
328 mmu_free_memory_cache(&vcpu->arch.mmu_pte_chain_cache);
329 mmu_free_memory_cache(&vcpu->arch.mmu_rmap_desc_cache);
330 mmu_free_memory_cache_page(&vcpu->arch.mmu_page_cache);
331 mmu_free_memory_cache(&vcpu->arch.mmu_page_header_cache);
334 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
340 p = mc->objects[--mc->nobjs];
345 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
347 return mmu_memory_cache_alloc(&vcpu->arch.mmu_pte_chain_cache,
348 sizeof(struct kvm_pte_chain));
351 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
356 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
358 return mmu_memory_cache_alloc(&vcpu->arch.mmu_rmap_desc_cache,
359 sizeof(struct kvm_rmap_desc));
362 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
368 * Return the pointer to the largepage write count for a given
369 * gfn, handling slots that are not large page aligned.
371 static int *slot_largepage_idx(gfn_t gfn, struct kvm_memory_slot *slot)
375 idx = (gfn / KVM_PAGES_PER_HPAGE) -
376 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
377 return &slot->lpage_info[idx].write_count;
380 static void account_shadowed(struct kvm *kvm, gfn_t gfn)
384 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
388 static void unaccount_shadowed(struct kvm *kvm, gfn_t gfn)
392 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
394 WARN_ON(*write_count < 0);
397 static int has_wrprotected_page(struct kvm *kvm, gfn_t gfn)
399 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
403 largepage_idx = slot_largepage_idx(gfn, slot);
404 return *largepage_idx;
410 static int host_largepage_backed(struct kvm *kvm, gfn_t gfn)
412 struct vm_area_struct *vma;
416 addr = gfn_to_hva(kvm, gfn);
417 if (kvm_is_error_hva(addr))
420 down_read(¤t->mm->mmap_sem);
421 vma = find_vma(current->mm, addr);
422 if (vma && is_vm_hugetlb_page(vma))
424 up_read(¤t->mm->mmap_sem);
429 static int is_largepage_backed(struct kvm_vcpu *vcpu, gfn_t large_gfn)
431 struct kvm_memory_slot *slot;
433 if (has_wrprotected_page(vcpu->kvm, large_gfn))
436 if (!host_largepage_backed(vcpu->kvm, large_gfn))
439 slot = gfn_to_memslot(vcpu->kvm, large_gfn);
440 if (slot && slot->dirty_bitmap)
447 * Take gfn and return the reverse mapping to it.
448 * Note: gfn must be unaliased before this function get called
451 static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage)
453 struct kvm_memory_slot *slot;
456 slot = gfn_to_memslot(kvm, gfn);
458 return &slot->rmap[gfn - slot->base_gfn];
460 idx = (gfn / KVM_PAGES_PER_HPAGE) -
461 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
463 return &slot->lpage_info[idx].rmap_pde;
467 * Reverse mapping data structures:
469 * If rmapp bit zero is zero, then rmapp point to the shadw page table entry
470 * that points to page_address(page).
472 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
473 * containing more mappings.
475 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
477 struct kvm_mmu_page *sp;
478 struct kvm_rmap_desc *desc;
479 unsigned long *rmapp;
482 if (!is_rmap_pte(*spte))
484 gfn = unalias_gfn(vcpu->kvm, gfn);
485 sp = page_header(__pa(spte));
486 sp->gfns[spte - sp->spt] = gfn;
487 rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
489 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
490 *rmapp = (unsigned long)spte;
491 } else if (!(*rmapp & 1)) {
492 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
493 desc = mmu_alloc_rmap_desc(vcpu);
494 desc->shadow_ptes[0] = (u64 *)*rmapp;
495 desc->shadow_ptes[1] = spte;
496 *rmapp = (unsigned long)desc | 1;
498 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
499 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
500 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
502 if (desc->shadow_ptes[RMAP_EXT-1]) {
503 desc->more = mmu_alloc_rmap_desc(vcpu);
506 for (i = 0; desc->shadow_ptes[i]; ++i)
508 desc->shadow_ptes[i] = spte;
512 static void rmap_desc_remove_entry(unsigned long *rmapp,
513 struct kvm_rmap_desc *desc,
515 struct kvm_rmap_desc *prev_desc)
519 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
521 desc->shadow_ptes[i] = desc->shadow_ptes[j];
522 desc->shadow_ptes[j] = NULL;
525 if (!prev_desc && !desc->more)
526 *rmapp = (unsigned long)desc->shadow_ptes[0];
529 prev_desc->more = desc->more;
531 *rmapp = (unsigned long)desc->more | 1;
532 mmu_free_rmap_desc(desc);
535 static void rmap_remove(struct kvm *kvm, u64 *spte)
537 struct kvm_rmap_desc *desc;
538 struct kvm_rmap_desc *prev_desc;
539 struct kvm_mmu_page *sp;
541 unsigned long *rmapp;
544 if (!is_rmap_pte(*spte))
546 sp = page_header(__pa(spte));
547 pfn = spte_to_pfn(*spte);
548 if (*spte & shadow_accessed_mask)
549 kvm_set_pfn_accessed(pfn);
550 if (is_writeble_pte(*spte))
551 kvm_release_pfn_dirty(pfn);
553 kvm_release_pfn_clean(pfn);
554 rmapp = gfn_to_rmap(kvm, sp->gfns[spte - sp->spt], is_large_pte(*spte));
556 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
558 } else if (!(*rmapp & 1)) {
559 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
560 if ((u64 *)*rmapp != spte) {
561 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
567 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
568 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
571 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
572 if (desc->shadow_ptes[i] == spte) {
573 rmap_desc_remove_entry(rmapp,
585 static u64 *rmap_next(struct kvm *kvm, unsigned long *rmapp, u64 *spte)
587 struct kvm_rmap_desc *desc;
588 struct kvm_rmap_desc *prev_desc;
594 else if (!(*rmapp & 1)) {
596 return (u64 *)*rmapp;
599 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
603 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i) {
604 if (prev_spte == spte)
605 return desc->shadow_ptes[i];
606 prev_spte = desc->shadow_ptes[i];
613 static void rmap_write_protect(struct kvm *kvm, u64 gfn)
615 unsigned long *rmapp;
617 int write_protected = 0;
619 gfn = unalias_gfn(kvm, gfn);
620 rmapp = gfn_to_rmap(kvm, gfn, 0);
622 spte = rmap_next(kvm, rmapp, NULL);
625 BUG_ON(!(*spte & PT_PRESENT_MASK));
626 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
627 if (is_writeble_pte(*spte)) {
628 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
631 spte = rmap_next(kvm, rmapp, spte);
633 if (write_protected) {
636 spte = rmap_next(kvm, rmapp, NULL);
637 pfn = spte_to_pfn(*spte);
638 kvm_set_pfn_dirty(pfn);
641 /* check for huge page mappings */
642 rmapp = gfn_to_rmap(kvm, gfn, 1);
643 spte = rmap_next(kvm, rmapp, NULL);
646 BUG_ON(!(*spte & PT_PRESENT_MASK));
647 BUG_ON((*spte & (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK)) != (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK));
648 pgprintk("rmap_write_protect(large): spte %p %llx %lld\n", spte, *spte, gfn);
649 if (is_writeble_pte(*spte)) {
650 rmap_remove(kvm, spte);
652 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
656 spte = rmap_next(kvm, rmapp, spte);
660 kvm_flush_remote_tlbs(kvm);
663 static int kvm_unmap_rmapp(struct kvm *kvm, unsigned long *rmapp)
666 int need_tlb_flush = 0;
668 while ((spte = rmap_next(kvm, rmapp, NULL))) {
669 BUG_ON(!(*spte & PT_PRESENT_MASK));
670 rmap_printk("kvm_rmap_unmap_hva: spte %p %llx\n", spte, *spte);
671 rmap_remove(kvm, spte);
672 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
675 return need_tlb_flush;
678 static int kvm_handle_hva(struct kvm *kvm, unsigned long hva,
679 int (*handler)(struct kvm *kvm, unsigned long *rmapp))
685 * If mmap_sem isn't taken, we can look the memslots with only
686 * the mmu_lock by skipping over the slots with userspace_addr == 0.
688 for (i = 0; i < kvm->nmemslots; i++) {
689 struct kvm_memory_slot *memslot = &kvm->memslots[i];
690 unsigned long start = memslot->userspace_addr;
693 /* mmu_lock protects userspace_addr */
697 end = start + (memslot->npages << PAGE_SHIFT);
698 if (hva >= start && hva < end) {
699 gfn_t gfn_offset = (hva - start) >> PAGE_SHIFT;
700 retval |= handler(kvm, &memslot->rmap[gfn_offset]);
701 retval |= handler(kvm,
702 &memslot->lpage_info[
704 KVM_PAGES_PER_HPAGE].rmap_pde);
711 int kvm_unmap_hva(struct kvm *kvm, unsigned long hva)
713 return kvm_handle_hva(kvm, hva, kvm_unmap_rmapp);
716 static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp)
721 /* always return old for EPT */
722 if (!shadow_accessed_mask)
725 spte = rmap_next(kvm, rmapp, NULL);
729 BUG_ON(!(_spte & PT_PRESENT_MASK));
730 _young = _spte & PT_ACCESSED_MASK;
733 clear_bit(PT_ACCESSED_SHIFT, (unsigned long *)spte);
735 spte = rmap_next(kvm, rmapp, spte);
740 int kvm_age_hva(struct kvm *kvm, unsigned long hva)
742 return kvm_handle_hva(kvm, hva, kvm_age_rmapp);
746 static int is_empty_shadow_page(u64 *spt)
751 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
752 if (is_shadow_present_pte(*pos)) {
753 printk(KERN_ERR "%s: %p %llx\n", __func__,
761 static void kvm_mmu_free_page(struct kvm *kvm, struct kvm_mmu_page *sp)
763 ASSERT(is_empty_shadow_page(sp->spt));
765 __free_page(virt_to_page(sp->spt));
766 __free_page(virt_to_page(sp->gfns));
768 ++kvm->arch.n_free_mmu_pages;
771 static unsigned kvm_page_table_hashfn(gfn_t gfn)
773 return gfn & ((1 << KVM_MMU_HASH_SHIFT) - 1);
776 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
779 struct kvm_mmu_page *sp;
781 sp = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_header_cache, sizeof *sp);
782 sp->spt = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
783 sp->gfns = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
784 set_page_private(virt_to_page(sp->spt), (unsigned long)sp);
785 list_add(&sp->link, &vcpu->kvm->arch.active_mmu_pages);
786 ASSERT(is_empty_shadow_page(sp->spt));
789 sp->parent_pte = parent_pte;
790 --vcpu->kvm->arch.n_free_mmu_pages;
794 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
795 struct kvm_mmu_page *sp, u64 *parent_pte)
797 struct kvm_pte_chain *pte_chain;
798 struct hlist_node *node;
803 if (!sp->multimapped) {
804 u64 *old = sp->parent_pte;
807 sp->parent_pte = parent_pte;
811 pte_chain = mmu_alloc_pte_chain(vcpu);
812 INIT_HLIST_HEAD(&sp->parent_ptes);
813 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
814 pte_chain->parent_ptes[0] = old;
816 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link) {
817 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
819 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
820 if (!pte_chain->parent_ptes[i]) {
821 pte_chain->parent_ptes[i] = parent_pte;
825 pte_chain = mmu_alloc_pte_chain(vcpu);
827 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
828 pte_chain->parent_ptes[0] = parent_pte;
831 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
834 struct kvm_pte_chain *pte_chain;
835 struct hlist_node *node;
838 if (!sp->multimapped) {
839 BUG_ON(sp->parent_pte != parent_pte);
840 sp->parent_pte = NULL;
843 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
844 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
845 if (!pte_chain->parent_ptes[i])
847 if (pte_chain->parent_ptes[i] != parent_pte)
849 while (i + 1 < NR_PTE_CHAIN_ENTRIES
850 && pte_chain->parent_ptes[i + 1]) {
851 pte_chain->parent_ptes[i]
852 = pte_chain->parent_ptes[i + 1];
855 pte_chain->parent_ptes[i] = NULL;
857 hlist_del(&pte_chain->link);
858 mmu_free_pte_chain(pte_chain);
859 if (hlist_empty(&sp->parent_ptes)) {
861 sp->parent_pte = NULL;
870 static void mmu_parent_walk(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
871 mmu_parent_walk_fn fn)
873 struct kvm_pte_chain *pte_chain;
874 struct hlist_node *node;
875 struct kvm_mmu_page *parent_sp;
878 if (!sp->multimapped && sp->parent_pte) {
879 parent_sp = page_header(__pa(sp->parent_pte));
881 mmu_parent_walk(vcpu, parent_sp, fn);
884 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
885 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
886 if (!pte_chain->parent_ptes[i])
888 parent_sp = page_header(__pa(pte_chain->parent_ptes[i]));
890 mmu_parent_walk(vcpu, parent_sp, fn);
894 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
895 struct kvm_mmu_page *sp)
899 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
900 sp->spt[i] = shadow_trap_nonpresent_pte;
903 static int nonpaging_sync_page(struct kvm_vcpu *vcpu,
904 struct kvm_mmu_page *sp)
909 static void nonpaging_invlpg(struct kvm_vcpu *vcpu, gva_t gva)
913 static int mmu_unsync_walk(struct kvm_mmu_page *sp,
914 struct kvm_unsync_walk *walker)
918 if (!sp->unsync_children)
921 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
922 u64 ent = sp->spt[i];
924 if (is_shadow_present_pte(ent)) {
925 struct kvm_mmu_page *child;
926 child = page_header(ent & PT64_BASE_ADDR_MASK);
928 if (child->unsync_children) {
929 ret = mmu_unsync_walk(child, walker);
935 ret = walker->entry(child, walker);
942 if (i == PT64_ENT_PER_PAGE)
943 sp->unsync_children = 0;
948 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
951 struct hlist_head *bucket;
952 struct kvm_mmu_page *sp;
953 struct hlist_node *node;
955 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
956 index = kvm_page_table_hashfn(gfn);
957 bucket = &kvm->arch.mmu_page_hash[index];
958 hlist_for_each_entry(sp, node, bucket, hash_link)
959 if (sp->gfn == gfn && !sp->role.metaphysical
960 && !sp->role.invalid) {
961 pgprintk("%s: found role %x\n",
962 __func__, sp->role.word);
968 static void kvm_unlink_unsync_page(struct kvm *kvm, struct kvm_mmu_page *sp)
970 WARN_ON(!sp->unsync);
972 --kvm->stat.mmu_unsync;
975 static int kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp);
977 static int kvm_sync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
979 if (sp->role.glevels != vcpu->arch.mmu.root_level) {
980 kvm_mmu_zap_page(vcpu->kvm, sp);
984 rmap_write_protect(vcpu->kvm, sp->gfn);
985 if (vcpu->arch.mmu.sync_page(vcpu, sp)) {
986 kvm_mmu_zap_page(vcpu->kvm, sp);
990 kvm_mmu_flush_tlb(vcpu);
991 kvm_unlink_unsync_page(vcpu->kvm, sp);
996 struct kvm_vcpu *vcpu;
997 struct kvm_unsync_walk walker;
1000 static int mmu_sync_fn(struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk)
1002 struct sync_walker *sync_walk = container_of(walk, struct sync_walker,
1004 struct kvm_vcpu *vcpu = sync_walk->vcpu;
1006 kvm_sync_page(vcpu, sp);
1007 return (need_resched() || spin_needbreak(&vcpu->kvm->mmu_lock));
1010 static void mmu_sync_children(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
1012 struct sync_walker walker = {
1013 .walker = { .entry = mmu_sync_fn, },
1017 while (mmu_unsync_walk(sp, &walker.walker))
1018 cond_resched_lock(&vcpu->kvm->mmu_lock);
1021 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
1029 union kvm_mmu_page_role role;
1032 struct hlist_head *bucket;
1033 struct kvm_mmu_page *sp;
1034 struct hlist_node *node, *tmp;
1037 role.glevels = vcpu->arch.mmu.root_level;
1039 role.metaphysical = metaphysical;
1040 role.access = access;
1041 if (vcpu->arch.mmu.root_level <= PT32_ROOT_LEVEL) {
1042 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
1043 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
1044 role.quadrant = quadrant;
1046 pgprintk("%s: looking gfn %lx role %x\n", __func__,
1048 index = kvm_page_table_hashfn(gfn);
1049 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
1050 hlist_for_each_entry_safe(sp, node, tmp, bucket, hash_link)
1051 if (sp->gfn == gfn) {
1053 if (kvm_sync_page(vcpu, sp))
1056 if (sp->role.word != role.word)
1059 if (sp->unsync_children)
1060 set_bit(KVM_REQ_MMU_SYNC, &vcpu->requests);
1062 mmu_page_add_parent_pte(vcpu, sp, parent_pte);
1063 pgprintk("%s: found\n", __func__);
1066 ++vcpu->kvm->stat.mmu_cache_miss;
1067 sp = kvm_mmu_alloc_page(vcpu, parent_pte);
1070 pgprintk("%s: adding gfn %lx role %x\n", __func__, gfn, role.word);
1073 hlist_add_head(&sp->hash_link, bucket);
1074 if (!metaphysical) {
1075 rmap_write_protect(vcpu->kvm, gfn);
1076 account_shadowed(vcpu->kvm, gfn);
1078 if (shadow_trap_nonpresent_pte != shadow_notrap_nonpresent_pte)
1079 vcpu->arch.mmu.prefetch_page(vcpu, sp);
1081 nonpaging_prefetch_page(vcpu, sp);
1085 static int walk_shadow(struct kvm_shadow_walk *walker,
1086 struct kvm_vcpu *vcpu, u64 addr)
1094 shadow_addr = vcpu->arch.mmu.root_hpa;
1095 level = vcpu->arch.mmu.shadow_root_level;
1096 if (level == PT32E_ROOT_LEVEL) {
1097 shadow_addr = vcpu->arch.mmu.pae_root[(addr >> 30) & 3];
1098 shadow_addr &= PT64_BASE_ADDR_MASK;
1102 while (level >= PT_PAGE_TABLE_LEVEL) {
1103 index = SHADOW_PT_INDEX(addr, level);
1104 sptep = ((u64 *)__va(shadow_addr)) + index;
1105 r = walker->entry(walker, vcpu, addr, sptep, level);
1108 shadow_addr = *sptep & PT64_BASE_ADDR_MASK;
1114 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
1115 struct kvm_mmu_page *sp)
1123 if (sp->role.level == PT_PAGE_TABLE_LEVEL) {
1124 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1125 if (is_shadow_present_pte(pt[i]))
1126 rmap_remove(kvm, &pt[i]);
1127 pt[i] = shadow_trap_nonpresent_pte;
1132 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1135 if (is_shadow_present_pte(ent)) {
1136 if (!is_large_pte(ent)) {
1137 ent &= PT64_BASE_ADDR_MASK;
1138 mmu_page_remove_parent_pte(page_header(ent),
1142 rmap_remove(kvm, &pt[i]);
1145 pt[i] = shadow_trap_nonpresent_pte;
1149 static void kvm_mmu_put_page(struct kvm_mmu_page *sp, u64 *parent_pte)
1151 mmu_page_remove_parent_pte(sp, parent_pte);
1154 static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
1158 for (i = 0; i < KVM_MAX_VCPUS; ++i)
1160 kvm->vcpus[i]->arch.last_pte_updated = NULL;
1163 static void kvm_mmu_unlink_parents(struct kvm *kvm, struct kvm_mmu_page *sp)
1167 while (sp->multimapped || sp->parent_pte) {
1168 if (!sp->multimapped)
1169 parent_pte = sp->parent_pte;
1171 struct kvm_pte_chain *chain;
1173 chain = container_of(sp->parent_ptes.first,
1174 struct kvm_pte_chain, link);
1175 parent_pte = chain->parent_ptes[0];
1177 BUG_ON(!parent_pte);
1178 kvm_mmu_put_page(sp, parent_pte);
1179 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
1184 struct kvm_unsync_walk walker;
1189 static int mmu_zap_fn(struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk)
1191 struct zap_walker *zap_walk = container_of(walk, struct zap_walker,
1193 kvm_mmu_zap_page(zap_walk->kvm, sp);
1194 zap_walk->zapped = 1;
1198 static int mmu_zap_unsync_children(struct kvm *kvm, struct kvm_mmu_page *sp)
1200 struct zap_walker walker = {
1201 .walker = { .entry = mmu_zap_fn, },
1206 if (sp->role.level == PT_PAGE_TABLE_LEVEL)
1208 mmu_unsync_walk(sp, &walker.walker);
1209 return walker.zapped;
1212 static int kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
1215 ++kvm->stat.mmu_shadow_zapped;
1216 ret = mmu_zap_unsync_children(kvm, sp);
1217 kvm_mmu_page_unlink_children(kvm, sp);
1218 kvm_mmu_unlink_parents(kvm, sp);
1219 kvm_flush_remote_tlbs(kvm);
1220 if (!sp->role.invalid && !sp->role.metaphysical)
1221 unaccount_shadowed(kvm, sp->gfn);
1223 kvm_unlink_unsync_page(kvm, sp);
1224 if (!sp->root_count) {
1225 hlist_del(&sp->hash_link);
1226 kvm_mmu_free_page(kvm, sp);
1228 sp->role.invalid = 1;
1229 list_move(&sp->link, &kvm->arch.active_mmu_pages);
1230 kvm_reload_remote_mmus(kvm);
1232 kvm_mmu_reset_last_pte_updated(kvm);
1237 * Changing the number of mmu pages allocated to the vm
1238 * Note: if kvm_nr_mmu_pages is too small, you will get dead lock
1240 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
1243 * If we set the number of mmu pages to be smaller be than the
1244 * number of actived pages , we must to free some mmu pages before we
1248 if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >
1250 int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
1251 - kvm->arch.n_free_mmu_pages;
1253 while (n_used_mmu_pages > kvm_nr_mmu_pages) {
1254 struct kvm_mmu_page *page;
1256 page = container_of(kvm->arch.active_mmu_pages.prev,
1257 struct kvm_mmu_page, link);
1258 kvm_mmu_zap_page(kvm, page);
1261 kvm->arch.n_free_mmu_pages = 0;
1264 kvm->arch.n_free_mmu_pages += kvm_nr_mmu_pages
1265 - kvm->arch.n_alloc_mmu_pages;
1267 kvm->arch.n_alloc_mmu_pages = kvm_nr_mmu_pages;
1270 static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
1273 struct hlist_head *bucket;
1274 struct kvm_mmu_page *sp;
1275 struct hlist_node *node, *n;
1278 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
1280 index = kvm_page_table_hashfn(gfn);
1281 bucket = &kvm->arch.mmu_page_hash[index];
1282 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link)
1283 if (sp->gfn == gfn && !sp->role.metaphysical) {
1284 pgprintk("%s: gfn %lx role %x\n", __func__, gfn,
1287 if (kvm_mmu_zap_page(kvm, sp))
1293 static void mmu_unshadow(struct kvm *kvm, gfn_t gfn)
1295 struct kvm_mmu_page *sp;
1297 while ((sp = kvm_mmu_lookup_page(kvm, gfn)) != NULL) {
1298 pgprintk("%s: zap %lx %x\n", __func__, gfn, sp->role.word);
1299 kvm_mmu_zap_page(kvm, sp);
1303 static void page_header_update_slot(struct kvm *kvm, void *pte, gfn_t gfn)
1305 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gfn));
1306 struct kvm_mmu_page *sp = page_header(__pa(pte));
1308 __set_bit(slot, &sp->slot_bitmap);
1311 static void mmu_convert_notrap(struct kvm_mmu_page *sp)
1316 if (shadow_trap_nonpresent_pte == shadow_notrap_nonpresent_pte)
1319 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1320 if (pt[i] == shadow_notrap_nonpresent_pte)
1321 set_shadow_pte(&pt[i], shadow_trap_nonpresent_pte);
1325 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
1329 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1331 if (gpa == UNMAPPED_GVA)
1334 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1339 static int unsync_walk_fn(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
1341 sp->unsync_children = 1;
1345 static int kvm_unsync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
1348 struct hlist_head *bucket;
1349 struct kvm_mmu_page *s;
1350 struct hlist_node *node, *n;
1352 index = kvm_page_table_hashfn(sp->gfn);
1353 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
1354 /* don't unsync if pagetable is shadowed with multiple roles */
1355 hlist_for_each_entry_safe(s, node, n, bucket, hash_link) {
1356 if (s->gfn != sp->gfn || s->role.metaphysical)
1358 if (s->role.word != sp->role.word)
1361 mmu_parent_walk(vcpu, sp, unsync_walk_fn);
1362 ++vcpu->kvm->stat.mmu_unsync;
1364 mmu_convert_notrap(sp);
1368 static int mmu_need_write_protect(struct kvm_vcpu *vcpu, gfn_t gfn,
1371 struct kvm_mmu_page *shadow;
1373 shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
1375 if (shadow->role.level != PT_PAGE_TABLE_LEVEL)
1380 return kvm_unsync_page(vcpu, shadow);
1386 static int set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
1387 unsigned pte_access, int user_fault,
1388 int write_fault, int dirty, int largepage,
1389 gfn_t gfn, pfn_t pfn, bool speculative,
1395 * We don't set the accessed bit, since we sometimes want to see
1396 * whether the guest actually used the pte (in order to detect
1399 spte = shadow_base_present_pte | shadow_dirty_mask;
1401 spte |= shadow_accessed_mask;
1403 pte_access &= ~ACC_WRITE_MASK;
1404 if (pte_access & ACC_EXEC_MASK)
1405 spte |= shadow_x_mask;
1407 spte |= shadow_nx_mask;
1408 if (pte_access & ACC_USER_MASK)
1409 spte |= shadow_user_mask;
1411 spte |= PT_PAGE_SIZE_MASK;
1413 spte |= (u64)pfn << PAGE_SHIFT;
1415 if ((pte_access & ACC_WRITE_MASK)
1416 || (write_fault && !is_write_protection(vcpu) && !user_fault)) {
1418 if (largepage && has_wrprotected_page(vcpu->kvm, gfn)) {
1420 spte = shadow_trap_nonpresent_pte;
1424 spte |= PT_WRITABLE_MASK;
1426 if (mmu_need_write_protect(vcpu, gfn, can_unsync)) {
1427 pgprintk("%s: found shadow page for %lx, marking ro\n",
1430 pte_access &= ~ACC_WRITE_MASK;
1431 if (is_writeble_pte(spte))
1432 spte &= ~PT_WRITABLE_MASK;
1436 if (pte_access & ACC_WRITE_MASK)
1437 mark_page_dirty(vcpu->kvm, gfn);
1440 set_shadow_pte(shadow_pte, spte);
1444 static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
1445 unsigned pt_access, unsigned pte_access,
1446 int user_fault, int write_fault, int dirty,
1447 int *ptwrite, int largepage, gfn_t gfn,
1448 pfn_t pfn, bool speculative)
1450 int was_rmapped = 0;
1451 int was_writeble = is_writeble_pte(*shadow_pte);
1453 pgprintk("%s: spte %llx access %x write_fault %d"
1454 " user_fault %d gfn %lx\n",
1455 __func__, *shadow_pte, pt_access,
1456 write_fault, user_fault, gfn);
1458 if (is_rmap_pte(*shadow_pte)) {
1460 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
1461 * the parent of the now unreachable PTE.
1463 if (largepage && !is_large_pte(*shadow_pte)) {
1464 struct kvm_mmu_page *child;
1465 u64 pte = *shadow_pte;
1467 child = page_header(pte & PT64_BASE_ADDR_MASK);
1468 mmu_page_remove_parent_pte(child, shadow_pte);
1469 } else if (pfn != spte_to_pfn(*shadow_pte)) {
1470 pgprintk("hfn old %lx new %lx\n",
1471 spte_to_pfn(*shadow_pte), pfn);
1472 rmap_remove(vcpu->kvm, shadow_pte);
1475 was_rmapped = is_large_pte(*shadow_pte);
1480 if (set_spte(vcpu, shadow_pte, pte_access, user_fault, write_fault,
1481 dirty, largepage, gfn, pfn, speculative, true)) {
1484 kvm_x86_ops->tlb_flush(vcpu);
1487 pgprintk("%s: setting spte %llx\n", __func__, *shadow_pte);
1488 pgprintk("instantiating %s PTE (%s) at %ld (%llx) addr %p\n",
1489 is_large_pte(*shadow_pte)? "2MB" : "4kB",
1490 is_present_pte(*shadow_pte)?"RW":"R", gfn,
1491 *shadow_pte, shadow_pte);
1492 if (!was_rmapped && is_large_pte(*shadow_pte))
1493 ++vcpu->kvm->stat.lpages;
1495 page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
1497 rmap_add(vcpu, shadow_pte, gfn, largepage);
1498 if (!is_rmap_pte(*shadow_pte))
1499 kvm_release_pfn_clean(pfn);
1502 kvm_release_pfn_dirty(pfn);
1504 kvm_release_pfn_clean(pfn);
1507 vcpu->arch.last_pte_updated = shadow_pte;
1508 vcpu->arch.last_pte_gfn = gfn;
1512 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
1516 struct direct_shadow_walk {
1517 struct kvm_shadow_walk walker;
1524 static int direct_map_entry(struct kvm_shadow_walk *_walk,
1525 struct kvm_vcpu *vcpu,
1526 u64 addr, u64 *sptep, int level)
1528 struct direct_shadow_walk *walk =
1529 container_of(_walk, struct direct_shadow_walk, walker);
1530 struct kvm_mmu_page *sp;
1532 gfn_t gfn = addr >> PAGE_SHIFT;
1534 if (level == PT_PAGE_TABLE_LEVEL
1535 || (walk->largepage && level == PT_DIRECTORY_LEVEL)) {
1536 mmu_set_spte(vcpu, sptep, ACC_ALL, ACC_ALL,
1537 0, walk->write, 1, &walk->pt_write,
1538 walk->largepage, gfn, walk->pfn, false);
1539 ++vcpu->stat.pf_fixed;
1543 if (*sptep == shadow_trap_nonpresent_pte) {
1544 pseudo_gfn = (addr & PT64_DIR_BASE_ADDR_MASK) >> PAGE_SHIFT;
1545 sp = kvm_mmu_get_page(vcpu, pseudo_gfn, (gva_t)addr, level - 1,
1548 pgprintk("nonpaging_map: ENOMEM\n");
1549 kvm_release_pfn_clean(walk->pfn);
1553 set_shadow_pte(sptep,
1555 | PT_PRESENT_MASK | PT_WRITABLE_MASK
1556 | shadow_user_mask | shadow_x_mask);
1561 static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
1562 int largepage, gfn_t gfn, pfn_t pfn)
1565 struct direct_shadow_walk walker = {
1566 .walker = { .entry = direct_map_entry, },
1568 .largepage = largepage,
1573 r = walk_shadow(&walker.walker, vcpu, gfn << PAGE_SHIFT);
1576 return walker.pt_write;
1579 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
1584 unsigned long mmu_seq;
1586 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1587 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1591 mmu_seq = vcpu->kvm->mmu_notifier_seq;
1593 pfn = gfn_to_pfn(vcpu->kvm, gfn);
1596 if (is_error_pfn(pfn)) {
1597 kvm_release_pfn_clean(pfn);
1601 spin_lock(&vcpu->kvm->mmu_lock);
1602 if (mmu_notifier_retry(vcpu, mmu_seq))
1604 kvm_mmu_free_some_pages(vcpu);
1605 r = __direct_map(vcpu, v, write, largepage, gfn, pfn);
1606 spin_unlock(&vcpu->kvm->mmu_lock);
1612 spin_unlock(&vcpu->kvm->mmu_lock);
1613 kvm_release_pfn_clean(pfn);
1618 static void mmu_free_roots(struct kvm_vcpu *vcpu)
1621 struct kvm_mmu_page *sp;
1623 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
1625 spin_lock(&vcpu->kvm->mmu_lock);
1626 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1627 hpa_t root = vcpu->arch.mmu.root_hpa;
1629 sp = page_header(root);
1631 if (!sp->root_count && sp->role.invalid)
1632 kvm_mmu_zap_page(vcpu->kvm, sp);
1633 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1634 spin_unlock(&vcpu->kvm->mmu_lock);
1637 for (i = 0; i < 4; ++i) {
1638 hpa_t root = vcpu->arch.mmu.pae_root[i];
1641 root &= PT64_BASE_ADDR_MASK;
1642 sp = page_header(root);
1644 if (!sp->root_count && sp->role.invalid)
1645 kvm_mmu_zap_page(vcpu->kvm, sp);
1647 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1649 spin_unlock(&vcpu->kvm->mmu_lock);
1650 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1653 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
1657 struct kvm_mmu_page *sp;
1658 int metaphysical = 0;
1660 root_gfn = vcpu->arch.cr3 >> PAGE_SHIFT;
1662 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1663 hpa_t root = vcpu->arch.mmu.root_hpa;
1665 ASSERT(!VALID_PAGE(root));
1668 sp = kvm_mmu_get_page(vcpu, root_gfn, 0,
1669 PT64_ROOT_LEVEL, metaphysical,
1671 root = __pa(sp->spt);
1673 vcpu->arch.mmu.root_hpa = root;
1676 metaphysical = !is_paging(vcpu);
1679 for (i = 0; i < 4; ++i) {
1680 hpa_t root = vcpu->arch.mmu.pae_root[i];
1682 ASSERT(!VALID_PAGE(root));
1683 if (vcpu->arch.mmu.root_level == PT32E_ROOT_LEVEL) {
1684 if (!is_present_pte(vcpu->arch.pdptrs[i])) {
1685 vcpu->arch.mmu.pae_root[i] = 0;
1688 root_gfn = vcpu->arch.pdptrs[i] >> PAGE_SHIFT;
1689 } else if (vcpu->arch.mmu.root_level == 0)
1691 sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
1692 PT32_ROOT_LEVEL, metaphysical,
1694 root = __pa(sp->spt);
1696 vcpu->arch.mmu.pae_root[i] = root | PT_PRESENT_MASK;
1698 vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
1701 static void mmu_sync_roots(struct kvm_vcpu *vcpu)
1704 struct kvm_mmu_page *sp;
1706 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
1708 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1709 hpa_t root = vcpu->arch.mmu.root_hpa;
1710 sp = page_header(root);
1711 mmu_sync_children(vcpu, sp);
1714 for (i = 0; i < 4; ++i) {
1715 hpa_t root = vcpu->arch.mmu.pae_root[i];
1718 root &= PT64_BASE_ADDR_MASK;
1719 sp = page_header(root);
1720 mmu_sync_children(vcpu, sp);
1725 void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
1727 spin_lock(&vcpu->kvm->mmu_lock);
1728 mmu_sync_roots(vcpu);
1729 spin_unlock(&vcpu->kvm->mmu_lock);
1732 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
1737 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
1743 pgprintk("%s: gva %lx error %x\n", __func__, gva, error_code);
1744 r = mmu_topup_memory_caches(vcpu);
1749 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1751 gfn = gva >> PAGE_SHIFT;
1753 return nonpaging_map(vcpu, gva & PAGE_MASK,
1754 error_code & PFERR_WRITE_MASK, gfn);
1757 static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
1763 gfn_t gfn = gpa >> PAGE_SHIFT;
1764 unsigned long mmu_seq;
1767 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1769 r = mmu_topup_memory_caches(vcpu);
1773 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1774 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1777 mmu_seq = vcpu->kvm->mmu_notifier_seq;
1779 pfn = gfn_to_pfn(vcpu->kvm, gfn);
1780 if (is_error_pfn(pfn)) {
1781 kvm_release_pfn_clean(pfn);
1784 spin_lock(&vcpu->kvm->mmu_lock);
1785 if (mmu_notifier_retry(vcpu, mmu_seq))
1787 kvm_mmu_free_some_pages(vcpu);
1788 r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
1789 largepage, gfn, pfn);
1790 spin_unlock(&vcpu->kvm->mmu_lock);
1795 spin_unlock(&vcpu->kvm->mmu_lock);
1796 kvm_release_pfn_clean(pfn);
1800 static void nonpaging_free(struct kvm_vcpu *vcpu)
1802 mmu_free_roots(vcpu);
1805 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
1807 struct kvm_mmu *context = &vcpu->arch.mmu;
1809 context->new_cr3 = nonpaging_new_cr3;
1810 context->page_fault = nonpaging_page_fault;
1811 context->gva_to_gpa = nonpaging_gva_to_gpa;
1812 context->free = nonpaging_free;
1813 context->prefetch_page = nonpaging_prefetch_page;
1814 context->sync_page = nonpaging_sync_page;
1815 context->invlpg = nonpaging_invlpg;
1816 context->root_level = 0;
1817 context->shadow_root_level = PT32E_ROOT_LEVEL;
1818 context->root_hpa = INVALID_PAGE;
1822 void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
1824 ++vcpu->stat.tlb_flush;
1825 kvm_x86_ops->tlb_flush(vcpu);
1828 static void paging_new_cr3(struct kvm_vcpu *vcpu)
1830 pgprintk("%s: cr3 %lx\n", __func__, vcpu->arch.cr3);
1831 mmu_free_roots(vcpu);
1834 static void inject_page_fault(struct kvm_vcpu *vcpu,
1838 kvm_inject_page_fault(vcpu, addr, err_code);
1841 static void paging_free(struct kvm_vcpu *vcpu)
1843 nonpaging_free(vcpu);
1847 #include "paging_tmpl.h"
1851 #include "paging_tmpl.h"
1854 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1856 struct kvm_mmu *context = &vcpu->arch.mmu;
1858 ASSERT(is_pae(vcpu));
1859 context->new_cr3 = paging_new_cr3;
1860 context->page_fault = paging64_page_fault;
1861 context->gva_to_gpa = paging64_gva_to_gpa;
1862 context->prefetch_page = paging64_prefetch_page;
1863 context->sync_page = paging64_sync_page;
1864 context->invlpg = paging64_invlpg;
1865 context->free = paging_free;
1866 context->root_level = level;
1867 context->shadow_root_level = level;
1868 context->root_hpa = INVALID_PAGE;
1872 static int paging64_init_context(struct kvm_vcpu *vcpu)
1874 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1877 static int paging32_init_context(struct kvm_vcpu *vcpu)
1879 struct kvm_mmu *context = &vcpu->arch.mmu;
1881 context->new_cr3 = paging_new_cr3;
1882 context->page_fault = paging32_page_fault;
1883 context->gva_to_gpa = paging32_gva_to_gpa;
1884 context->free = paging_free;
1885 context->prefetch_page = paging32_prefetch_page;
1886 context->sync_page = paging32_sync_page;
1887 context->invlpg = paging32_invlpg;
1888 context->root_level = PT32_ROOT_LEVEL;
1889 context->shadow_root_level = PT32E_ROOT_LEVEL;
1890 context->root_hpa = INVALID_PAGE;
1894 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1896 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1899 static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
1901 struct kvm_mmu *context = &vcpu->arch.mmu;
1903 context->new_cr3 = nonpaging_new_cr3;
1904 context->page_fault = tdp_page_fault;
1905 context->free = nonpaging_free;
1906 context->prefetch_page = nonpaging_prefetch_page;
1907 context->sync_page = nonpaging_sync_page;
1908 context->invlpg = nonpaging_invlpg;
1909 context->shadow_root_level = kvm_x86_ops->get_tdp_level();
1910 context->root_hpa = INVALID_PAGE;
1912 if (!is_paging(vcpu)) {
1913 context->gva_to_gpa = nonpaging_gva_to_gpa;
1914 context->root_level = 0;
1915 } else if (is_long_mode(vcpu)) {
1916 context->gva_to_gpa = paging64_gva_to_gpa;
1917 context->root_level = PT64_ROOT_LEVEL;
1918 } else if (is_pae(vcpu)) {
1919 context->gva_to_gpa = paging64_gva_to_gpa;
1920 context->root_level = PT32E_ROOT_LEVEL;
1922 context->gva_to_gpa = paging32_gva_to_gpa;
1923 context->root_level = PT32_ROOT_LEVEL;
1929 static int init_kvm_softmmu(struct kvm_vcpu *vcpu)
1932 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1934 if (!is_paging(vcpu))
1935 return nonpaging_init_context(vcpu);
1936 else if (is_long_mode(vcpu))
1937 return paging64_init_context(vcpu);
1938 else if (is_pae(vcpu))
1939 return paging32E_init_context(vcpu);
1941 return paging32_init_context(vcpu);
1944 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1946 vcpu->arch.update_pte.pfn = bad_pfn;
1949 return init_kvm_tdp_mmu(vcpu);
1951 return init_kvm_softmmu(vcpu);
1954 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1957 if (VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
1958 vcpu->arch.mmu.free(vcpu);
1959 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1963 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1965 destroy_kvm_mmu(vcpu);
1966 return init_kvm_mmu(vcpu);
1968 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
1970 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1974 r = mmu_topup_memory_caches(vcpu);
1977 spin_lock(&vcpu->kvm->mmu_lock);
1978 kvm_mmu_free_some_pages(vcpu);
1979 mmu_alloc_roots(vcpu);
1980 mmu_sync_roots(vcpu);
1981 spin_unlock(&vcpu->kvm->mmu_lock);
1982 kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
1983 kvm_mmu_flush_tlb(vcpu);
1987 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1989 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1991 mmu_free_roots(vcpu);
1994 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1995 struct kvm_mmu_page *sp,
1999 struct kvm_mmu_page *child;
2002 if (is_shadow_present_pte(pte)) {
2003 if (sp->role.level == PT_PAGE_TABLE_LEVEL ||
2005 rmap_remove(vcpu->kvm, spte);
2007 child = page_header(pte & PT64_BASE_ADDR_MASK);
2008 mmu_page_remove_parent_pte(child, spte);
2011 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
2012 if (is_large_pte(pte))
2013 --vcpu->kvm->stat.lpages;
2016 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
2017 struct kvm_mmu_page *sp,
2021 if (sp->role.level != PT_PAGE_TABLE_LEVEL) {
2022 if (!vcpu->arch.update_pte.largepage ||
2023 sp->role.glevels == PT32_ROOT_LEVEL) {
2024 ++vcpu->kvm->stat.mmu_pde_zapped;
2029 ++vcpu->kvm->stat.mmu_pte_updated;
2030 if (sp->role.glevels == PT32_ROOT_LEVEL)
2031 paging32_update_pte(vcpu, sp, spte, new);
2033 paging64_update_pte(vcpu, sp, spte, new);
2036 static bool need_remote_flush(u64 old, u64 new)
2038 if (!is_shadow_present_pte(old))
2040 if (!is_shadow_present_pte(new))
2042 if ((old ^ new) & PT64_BASE_ADDR_MASK)
2044 old ^= PT64_NX_MASK;
2045 new ^= PT64_NX_MASK;
2046 return (old & ~new & PT64_PERM_MASK) != 0;
2049 static void mmu_pte_write_flush_tlb(struct kvm_vcpu *vcpu, u64 old, u64 new)
2051 if (need_remote_flush(old, new))
2052 kvm_flush_remote_tlbs(vcpu->kvm);
2054 kvm_mmu_flush_tlb(vcpu);
2057 static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
2059 u64 *spte = vcpu->arch.last_pte_updated;
2061 return !!(spte && (*spte & shadow_accessed_mask));
2064 static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
2065 const u8 *new, int bytes)
2072 vcpu->arch.update_pte.largepage = 0;
2074 if (bytes != 4 && bytes != 8)
2078 * Assume that the pte write on a page table of the same type
2079 * as the current vcpu paging mode. This is nearly always true
2080 * (might be false while changing modes). Note it is verified later
2084 /* Handle a 32-bit guest writing two halves of a 64-bit gpte */
2085 if ((bytes == 4) && (gpa % 4 == 0)) {
2086 r = kvm_read_guest(vcpu->kvm, gpa & ~(u64)7, &gpte, 8);
2089 memcpy((void *)&gpte + (gpa % 8), new, 4);
2090 } else if ((bytes == 8) && (gpa % 8 == 0)) {
2091 memcpy((void *)&gpte, new, 8);
2094 if ((bytes == 4) && (gpa % 4 == 0))
2095 memcpy((void *)&gpte, new, 4);
2097 if (!is_present_pte(gpte))
2099 gfn = (gpte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
2101 if (is_large_pte(gpte) && is_largepage_backed(vcpu, gfn)) {
2102 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
2103 vcpu->arch.update_pte.largepage = 1;
2105 vcpu->arch.update_pte.mmu_seq = vcpu->kvm->mmu_notifier_seq;
2107 pfn = gfn_to_pfn(vcpu->kvm, gfn);
2109 if (is_error_pfn(pfn)) {
2110 kvm_release_pfn_clean(pfn);
2113 vcpu->arch.update_pte.gfn = gfn;
2114 vcpu->arch.update_pte.pfn = pfn;
2117 static void kvm_mmu_access_page(struct kvm_vcpu *vcpu, gfn_t gfn)
2119 u64 *spte = vcpu->arch.last_pte_updated;
2122 && vcpu->arch.last_pte_gfn == gfn
2123 && shadow_accessed_mask
2124 && !(*spte & shadow_accessed_mask)
2125 && is_shadow_present_pte(*spte))
2126 set_bit(PT_ACCESSED_SHIFT, (unsigned long *)spte);
2129 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
2130 const u8 *new, int bytes)
2132 gfn_t gfn = gpa >> PAGE_SHIFT;
2133 struct kvm_mmu_page *sp;
2134 struct hlist_node *node, *n;
2135 struct hlist_head *bucket;
2139 unsigned offset = offset_in_page(gpa);
2141 unsigned page_offset;
2142 unsigned misaligned;
2149 pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
2150 mmu_guess_page_from_pte_write(vcpu, gpa, new, bytes);
2151 spin_lock(&vcpu->kvm->mmu_lock);
2152 kvm_mmu_access_page(vcpu, gfn);
2153 kvm_mmu_free_some_pages(vcpu);
2154 ++vcpu->kvm->stat.mmu_pte_write;
2155 kvm_mmu_audit(vcpu, "pre pte write");
2156 if (gfn == vcpu->arch.last_pt_write_gfn
2157 && !last_updated_pte_accessed(vcpu)) {
2158 ++vcpu->arch.last_pt_write_count;
2159 if (vcpu->arch.last_pt_write_count >= 3)
2162 vcpu->arch.last_pt_write_gfn = gfn;
2163 vcpu->arch.last_pt_write_count = 1;
2164 vcpu->arch.last_pte_updated = NULL;
2166 index = kvm_page_table_hashfn(gfn);
2167 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
2168 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link) {
2169 if (sp->gfn != gfn || sp->role.metaphysical || sp->role.invalid)
2171 pte_size = sp->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
2172 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
2173 misaligned |= bytes < 4;
2174 if (misaligned || flooded) {
2176 * Misaligned accesses are too much trouble to fix
2177 * up; also, they usually indicate a page is not used
2180 * If we're seeing too many writes to a page,
2181 * it may no longer be a page table, or we may be
2182 * forking, in which case it is better to unmap the
2185 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
2186 gpa, bytes, sp->role.word);
2187 if (kvm_mmu_zap_page(vcpu->kvm, sp))
2189 ++vcpu->kvm->stat.mmu_flooded;
2192 page_offset = offset;
2193 level = sp->role.level;
2195 if (sp->role.glevels == PT32_ROOT_LEVEL) {
2196 page_offset <<= 1; /* 32->64 */
2198 * A 32-bit pde maps 4MB while the shadow pdes map
2199 * only 2MB. So we need to double the offset again
2200 * and zap two pdes instead of one.
2202 if (level == PT32_ROOT_LEVEL) {
2203 page_offset &= ~7; /* kill rounding error */
2207 quadrant = page_offset >> PAGE_SHIFT;
2208 page_offset &= ~PAGE_MASK;
2209 if (quadrant != sp->role.quadrant)
2212 spte = &sp->spt[page_offset / sizeof(*spte)];
2213 if ((gpa & (pte_size - 1)) || (bytes < pte_size)) {
2215 r = kvm_read_guest_atomic(vcpu->kvm,
2216 gpa & ~(u64)(pte_size - 1),
2218 new = (const void *)&gentry;
2224 mmu_pte_write_zap_pte(vcpu, sp, spte);
2226 mmu_pte_write_new_pte(vcpu, sp, spte, new);
2227 mmu_pte_write_flush_tlb(vcpu, entry, *spte);
2231 kvm_mmu_audit(vcpu, "post pte write");
2232 spin_unlock(&vcpu->kvm->mmu_lock);
2233 if (!is_error_pfn(vcpu->arch.update_pte.pfn)) {
2234 kvm_release_pfn_clean(vcpu->arch.update_pte.pfn);
2235 vcpu->arch.update_pte.pfn = bad_pfn;
2239 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
2244 gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
2246 spin_lock(&vcpu->kvm->mmu_lock);
2247 r = kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
2248 spin_unlock(&vcpu->kvm->mmu_lock);
2251 EXPORT_SYMBOL_GPL(kvm_mmu_unprotect_page_virt);
2253 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
2255 while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
2256 struct kvm_mmu_page *sp;
2258 sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
2259 struct kvm_mmu_page, link);
2260 kvm_mmu_zap_page(vcpu->kvm, sp);
2261 ++vcpu->kvm->stat.mmu_recycled;
2265 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
2268 enum emulation_result er;
2270 r = vcpu->arch.mmu.page_fault(vcpu, cr2, error_code);
2279 r = mmu_topup_memory_caches(vcpu);
2283 er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
2288 case EMULATE_DO_MMIO:
2289 ++vcpu->stat.mmio_exits;
2292 kvm_report_emulation_failure(vcpu, "pagetable");
2300 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
2302 void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva)
2304 spin_lock(&vcpu->kvm->mmu_lock);
2305 vcpu->arch.mmu.invlpg(vcpu, gva);
2306 spin_unlock(&vcpu->kvm->mmu_lock);
2307 kvm_mmu_flush_tlb(vcpu);
2308 ++vcpu->stat.invlpg;
2310 EXPORT_SYMBOL_GPL(kvm_mmu_invlpg);
2312 void kvm_enable_tdp(void)
2316 EXPORT_SYMBOL_GPL(kvm_enable_tdp);
2318 void kvm_disable_tdp(void)
2320 tdp_enabled = false;
2322 EXPORT_SYMBOL_GPL(kvm_disable_tdp);
2324 static void free_mmu_pages(struct kvm_vcpu *vcpu)
2326 struct kvm_mmu_page *sp;
2328 while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
2329 sp = container_of(vcpu->kvm->arch.active_mmu_pages.next,
2330 struct kvm_mmu_page, link);
2331 kvm_mmu_zap_page(vcpu->kvm, sp);
2334 free_page((unsigned long)vcpu->arch.mmu.pae_root);
2337 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
2344 if (vcpu->kvm->arch.n_requested_mmu_pages)
2345 vcpu->kvm->arch.n_free_mmu_pages =
2346 vcpu->kvm->arch.n_requested_mmu_pages;
2348 vcpu->kvm->arch.n_free_mmu_pages =
2349 vcpu->kvm->arch.n_alloc_mmu_pages;
2351 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
2352 * Therefore we need to allocate shadow page tables in the first
2353 * 4GB of memory, which happens to fit the DMA32 zone.
2355 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
2358 vcpu->arch.mmu.pae_root = page_address(page);
2359 for (i = 0; i < 4; ++i)
2360 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
2365 free_mmu_pages(vcpu);
2369 int kvm_mmu_create(struct kvm_vcpu *vcpu)
2372 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
2374 return alloc_mmu_pages(vcpu);
2377 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
2380 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
2382 return init_kvm_mmu(vcpu);
2385 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
2389 destroy_kvm_mmu(vcpu);
2390 free_mmu_pages(vcpu);
2391 mmu_free_memory_caches(vcpu);
2394 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
2396 struct kvm_mmu_page *sp;
2398 spin_lock(&kvm->mmu_lock);
2399 list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
2403 if (!test_bit(slot, &sp->slot_bitmap))
2407 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
2409 if (pt[i] & PT_WRITABLE_MASK)
2410 pt[i] &= ~PT_WRITABLE_MASK;
2412 kvm_flush_remote_tlbs(kvm);
2413 spin_unlock(&kvm->mmu_lock);
2416 void kvm_mmu_zap_all(struct kvm *kvm)
2418 struct kvm_mmu_page *sp, *node;
2420 spin_lock(&kvm->mmu_lock);
2421 list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link)
2422 if (kvm_mmu_zap_page(kvm, sp))
2423 node = container_of(kvm->arch.active_mmu_pages.next,
2424 struct kvm_mmu_page, link);
2425 spin_unlock(&kvm->mmu_lock);
2427 kvm_flush_remote_tlbs(kvm);
2430 static void kvm_mmu_remove_one_alloc_mmu_page(struct kvm *kvm)
2432 struct kvm_mmu_page *page;
2434 page = container_of(kvm->arch.active_mmu_pages.prev,
2435 struct kvm_mmu_page, link);
2436 kvm_mmu_zap_page(kvm, page);
2439 static int mmu_shrink(int nr_to_scan, gfp_t gfp_mask)
2442 struct kvm *kvm_freed = NULL;
2443 int cache_count = 0;
2445 spin_lock(&kvm_lock);
2447 list_for_each_entry(kvm, &vm_list, vm_list) {
2450 if (!down_read_trylock(&kvm->slots_lock))
2452 spin_lock(&kvm->mmu_lock);
2453 npages = kvm->arch.n_alloc_mmu_pages -
2454 kvm->arch.n_free_mmu_pages;
2455 cache_count += npages;
2456 if (!kvm_freed && nr_to_scan > 0 && npages > 0) {
2457 kvm_mmu_remove_one_alloc_mmu_page(kvm);
2463 spin_unlock(&kvm->mmu_lock);
2464 up_read(&kvm->slots_lock);
2467 list_move_tail(&kvm_freed->vm_list, &vm_list);
2469 spin_unlock(&kvm_lock);
2474 static struct shrinker mmu_shrinker = {
2475 .shrink = mmu_shrink,
2476 .seeks = DEFAULT_SEEKS * 10,
2479 static void mmu_destroy_caches(void)
2481 if (pte_chain_cache)
2482 kmem_cache_destroy(pte_chain_cache);
2483 if (rmap_desc_cache)
2484 kmem_cache_destroy(rmap_desc_cache);
2485 if (mmu_page_header_cache)
2486 kmem_cache_destroy(mmu_page_header_cache);
2489 void kvm_mmu_module_exit(void)
2491 mmu_destroy_caches();
2492 unregister_shrinker(&mmu_shrinker);
2495 int kvm_mmu_module_init(void)
2497 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
2498 sizeof(struct kvm_pte_chain),
2500 if (!pte_chain_cache)
2502 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
2503 sizeof(struct kvm_rmap_desc),
2505 if (!rmap_desc_cache)
2508 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
2509 sizeof(struct kvm_mmu_page),
2511 if (!mmu_page_header_cache)
2514 register_shrinker(&mmu_shrinker);
2519 mmu_destroy_caches();
2524 * Caculate mmu pages needed for kvm.
2526 unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
2529 unsigned int nr_mmu_pages;
2530 unsigned int nr_pages = 0;
2532 for (i = 0; i < kvm->nmemslots; i++)
2533 nr_pages += kvm->memslots[i].npages;
2535 nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
2536 nr_mmu_pages = max(nr_mmu_pages,
2537 (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
2539 return nr_mmu_pages;
2542 static void *pv_mmu_peek_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2545 if (len > buffer->len)
2550 static void *pv_mmu_read_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2555 ret = pv_mmu_peek_buffer(buffer, len);
2560 buffer->processed += len;
2564 static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu,
2565 gpa_t addr, gpa_t value)
2570 if (!is_long_mode(vcpu) && !is_pae(vcpu))
2573 r = mmu_topup_memory_caches(vcpu);
2577 if (!emulator_write_phys(vcpu, addr, &value, bytes))
2583 static int kvm_pv_mmu_flush_tlb(struct kvm_vcpu *vcpu)
2585 kvm_x86_ops->tlb_flush(vcpu);
2589 static int kvm_pv_mmu_release_pt(struct kvm_vcpu *vcpu, gpa_t addr)
2591 spin_lock(&vcpu->kvm->mmu_lock);
2592 mmu_unshadow(vcpu->kvm, addr >> PAGE_SHIFT);
2593 spin_unlock(&vcpu->kvm->mmu_lock);
2597 static int kvm_pv_mmu_op_one(struct kvm_vcpu *vcpu,
2598 struct kvm_pv_mmu_op_buffer *buffer)
2600 struct kvm_mmu_op_header *header;
2602 header = pv_mmu_peek_buffer(buffer, sizeof *header);
2605 switch (header->op) {
2606 case KVM_MMU_OP_WRITE_PTE: {
2607 struct kvm_mmu_op_write_pte *wpte;
2609 wpte = pv_mmu_read_buffer(buffer, sizeof *wpte);
2612 return kvm_pv_mmu_write(vcpu, wpte->pte_phys,
2615 case KVM_MMU_OP_FLUSH_TLB: {
2616 struct kvm_mmu_op_flush_tlb *ftlb;
2618 ftlb = pv_mmu_read_buffer(buffer, sizeof *ftlb);
2621 return kvm_pv_mmu_flush_tlb(vcpu);
2623 case KVM_MMU_OP_RELEASE_PT: {
2624 struct kvm_mmu_op_release_pt *rpt;
2626 rpt = pv_mmu_read_buffer(buffer, sizeof *rpt);
2629 return kvm_pv_mmu_release_pt(vcpu, rpt->pt_phys);
2635 int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
2636 gpa_t addr, unsigned long *ret)
2639 struct kvm_pv_mmu_op_buffer *buffer = &vcpu->arch.mmu_op_buffer;
2641 buffer->ptr = buffer->buf;
2642 buffer->len = min_t(unsigned long, bytes, sizeof buffer->buf);
2643 buffer->processed = 0;
2645 r = kvm_read_guest(vcpu->kvm, addr, buffer->buf, buffer->len);
2649 while (buffer->len) {
2650 r = kvm_pv_mmu_op_one(vcpu, buffer);
2659 *ret = buffer->processed;
2665 static const char *audit_msg;
2667 static gva_t canonicalize(gva_t gva)
2669 #ifdef CONFIG_X86_64
2670 gva = (long long)(gva << 16) >> 16;
2675 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
2676 gva_t va, int level)
2678 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
2680 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
2682 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
2685 if (ent == shadow_trap_nonpresent_pte)
2688 va = canonicalize(va);
2690 if (ent == shadow_notrap_nonpresent_pte)
2691 printk(KERN_ERR "audit: (%s) nontrapping pte"
2692 " in nonleaf level: levels %d gva %lx"
2693 " level %d pte %llx\n", audit_msg,
2694 vcpu->arch.mmu.root_level, va, level, ent);
2696 audit_mappings_page(vcpu, ent, va, level - 1);
2698 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, va);
2699 hpa_t hpa = (hpa_t)gpa_to_pfn(vcpu, gpa) << PAGE_SHIFT;
2701 if (is_shadow_present_pte(ent)
2702 && (ent & PT64_BASE_ADDR_MASK) != hpa)
2703 printk(KERN_ERR "xx audit error: (%s) levels %d"
2704 " gva %lx gpa %llx hpa %llx ent %llx %d\n",
2705 audit_msg, vcpu->arch.mmu.root_level,
2707 is_shadow_present_pte(ent));
2708 else if (ent == shadow_notrap_nonpresent_pte
2709 && !is_error_hpa(hpa))
2710 printk(KERN_ERR "audit: (%s) notrap shadow,"
2711 " valid guest gva %lx\n", audit_msg, va);
2712 kvm_release_pfn_clean(pfn);
2718 static void audit_mappings(struct kvm_vcpu *vcpu)
2722 if (vcpu->arch.mmu.root_level == 4)
2723 audit_mappings_page(vcpu, vcpu->arch.mmu.root_hpa, 0, 4);
2725 for (i = 0; i < 4; ++i)
2726 if (vcpu->arch.mmu.pae_root[i] & PT_PRESENT_MASK)
2727 audit_mappings_page(vcpu,
2728 vcpu->arch.mmu.pae_root[i],
2733 static int count_rmaps(struct kvm_vcpu *vcpu)
2738 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
2739 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
2740 struct kvm_rmap_desc *d;
2742 for (j = 0; j < m->npages; ++j) {
2743 unsigned long *rmapp = &m->rmap[j];
2747 if (!(*rmapp & 1)) {
2751 d = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
2753 for (k = 0; k < RMAP_EXT; ++k)
2754 if (d->shadow_ptes[k])
2765 static int count_writable_mappings(struct kvm_vcpu *vcpu)
2768 struct kvm_mmu_page *sp;
2771 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2774 if (sp->role.level != PT_PAGE_TABLE_LEVEL)
2777 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
2780 if (!(ent & PT_PRESENT_MASK))
2782 if (!(ent & PT_WRITABLE_MASK))
2790 static void audit_rmap(struct kvm_vcpu *vcpu)
2792 int n_rmap = count_rmaps(vcpu);
2793 int n_actual = count_writable_mappings(vcpu);
2795 if (n_rmap != n_actual)
2796 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
2797 __func__, audit_msg, n_rmap, n_actual);
2800 static void audit_write_protection(struct kvm_vcpu *vcpu)
2802 struct kvm_mmu_page *sp;
2803 struct kvm_memory_slot *slot;
2804 unsigned long *rmapp;
2807 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2808 if (sp->role.metaphysical)
2811 slot = gfn_to_memslot(vcpu->kvm, sp->gfn);
2812 gfn = unalias_gfn(vcpu->kvm, sp->gfn);
2813 rmapp = &slot->rmap[gfn - slot->base_gfn];
2815 printk(KERN_ERR "%s: (%s) shadow page has writable"
2816 " mappings: gfn %lx role %x\n",
2817 __func__, audit_msg, sp->gfn,
2822 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
2829 audit_write_protection(vcpu);
2830 audit_mappings(vcpu);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob