2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
24 #include <linux/types.h>
25 #include <linux/string.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
31 #include <asm/cmpxchg.h>
38 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
40 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
45 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
46 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
50 #define pgprintk(x...) do { } while (0)
51 #define rmap_printk(x...) do { } while (0)
55 #if defined(MMU_DEBUG) || defined(AUDIT)
60 #define ASSERT(x) do { } while (0)
64 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
65 __FILE__, __LINE__, #x); \
69 #define PT64_PT_BITS 9
70 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
71 #define PT32_PT_BITS 10
72 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
74 #define PT_WRITABLE_SHIFT 1
76 #define PT_PRESENT_MASK (1ULL << 0)
77 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
78 #define PT_USER_MASK (1ULL << 2)
79 #define PT_PWT_MASK (1ULL << 3)
80 #define PT_PCD_MASK (1ULL << 4)
81 #define PT_ACCESSED_MASK (1ULL << 5)
82 #define PT_DIRTY_MASK (1ULL << 6)
83 #define PT_PAGE_SIZE_MASK (1ULL << 7)
84 #define PT_PAT_MASK (1ULL << 7)
85 #define PT_GLOBAL_MASK (1ULL << 8)
86 #define PT64_NX_MASK (1ULL << 63)
88 #define PT_PAT_SHIFT 7
89 #define PT_DIR_PAT_SHIFT 12
90 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
92 #define PT32_DIR_PSE36_SIZE 4
93 #define PT32_DIR_PSE36_SHIFT 13
94 #define PT32_DIR_PSE36_MASK \
95 (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
98 #define PT_FIRST_AVAIL_BITS_SHIFT 9
99 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
101 #define PT_SHADOW_IO_MARK (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
103 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
105 #define PT64_LEVEL_BITS 9
107 #define PT64_LEVEL_SHIFT(level) \
108 (PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS)
110 #define PT64_LEVEL_MASK(level) \
111 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
113 #define PT64_INDEX(address, level)\
114 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
117 #define PT32_LEVEL_BITS 10
119 #define PT32_LEVEL_SHIFT(level) \
120 (PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS)
122 #define PT32_LEVEL_MASK(level) \
123 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
125 #define PT32_INDEX(address, level)\
126 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
129 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
130 #define PT64_DIR_BASE_ADDR_MASK \
131 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
133 #define PT32_BASE_ADDR_MASK PAGE_MASK
134 #define PT32_DIR_BASE_ADDR_MASK \
135 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
138 #define PFERR_PRESENT_MASK (1U << 0)
139 #define PFERR_WRITE_MASK (1U << 1)
140 #define PFERR_USER_MASK (1U << 2)
141 #define PFERR_FETCH_MASK (1U << 4)
143 #define PT64_ROOT_LEVEL 4
144 #define PT32_ROOT_LEVEL 2
145 #define PT32E_ROOT_LEVEL 3
147 #define PT_DIRECTORY_LEVEL 2
148 #define PT_PAGE_TABLE_LEVEL 1
152 struct kvm_rmap_desc {
153 u64 *shadow_ptes[RMAP_EXT];
154 struct kvm_rmap_desc *more;
157 static struct kmem_cache *pte_chain_cache;
158 static struct kmem_cache *rmap_desc_cache;
159 static struct kmem_cache *mmu_page_header_cache;
161 static u64 __read_mostly shadow_trap_nonpresent_pte;
162 static u64 __read_mostly shadow_notrap_nonpresent_pte;
164 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
166 shadow_trap_nonpresent_pte = trap_pte;
167 shadow_notrap_nonpresent_pte = notrap_pte;
169 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
171 static int is_write_protection(struct kvm_vcpu *vcpu)
173 return vcpu->cr0 & X86_CR0_WP;
176 static int is_cpuid_PSE36(void)
181 static int is_nx(struct kvm_vcpu *vcpu)
183 return vcpu->shadow_efer & EFER_NX;
186 static int is_present_pte(unsigned long pte)
188 return pte & PT_PRESENT_MASK;
191 static int is_shadow_present_pte(u64 pte)
193 pte &= ~PT_SHADOW_IO_MARK;
194 return pte != shadow_trap_nonpresent_pte
195 && pte != shadow_notrap_nonpresent_pte;
198 static int is_writeble_pte(unsigned long pte)
200 return pte & PT_WRITABLE_MASK;
203 static int is_dirty_pte(unsigned long pte)
205 return pte & PT_DIRTY_MASK;
208 static int is_io_pte(unsigned long pte)
210 return pte & PT_SHADOW_IO_MARK;
213 static int is_rmap_pte(u64 pte)
215 return pte != shadow_trap_nonpresent_pte
216 && pte != shadow_notrap_nonpresent_pte;
219 static void set_shadow_pte(u64 *sptep, u64 spte)
222 set_64bit((unsigned long *)sptep, spte);
224 set_64bit((unsigned long long *)sptep, spte);
228 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
229 struct kmem_cache *base_cache, int min)
233 if (cache->nobjs >= min)
235 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
236 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
239 cache->objects[cache->nobjs++] = obj;
244 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
247 kfree(mc->objects[--mc->nobjs]);
250 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
255 if (cache->nobjs >= min)
257 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
258 page = alloc_page(GFP_KERNEL);
261 set_page_private(page, 0);
262 cache->objects[cache->nobjs++] = page_address(page);
267 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
270 free_page((unsigned long)mc->objects[--mc->nobjs]);
273 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
277 kvm_mmu_free_some_pages(vcpu);
278 r = mmu_topup_memory_cache(&vcpu->mmu_pte_chain_cache,
282 r = mmu_topup_memory_cache(&vcpu->mmu_rmap_desc_cache,
286 r = mmu_topup_memory_cache_page(&vcpu->mmu_page_cache, 8);
289 r = mmu_topup_memory_cache(&vcpu->mmu_page_header_cache,
290 mmu_page_header_cache, 4);
295 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
297 mmu_free_memory_cache(&vcpu->mmu_pte_chain_cache);
298 mmu_free_memory_cache(&vcpu->mmu_rmap_desc_cache);
299 mmu_free_memory_cache_page(&vcpu->mmu_page_cache);
300 mmu_free_memory_cache(&vcpu->mmu_page_header_cache);
303 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
309 p = mc->objects[--mc->nobjs];
314 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
316 return mmu_memory_cache_alloc(&vcpu->mmu_pte_chain_cache,
317 sizeof(struct kvm_pte_chain));
320 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
325 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
327 return mmu_memory_cache_alloc(&vcpu->mmu_rmap_desc_cache,
328 sizeof(struct kvm_rmap_desc));
331 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
337 * Take gfn and return the reverse mapping to it.
338 * Note: gfn must be unaliased before this function get called
341 static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn)
343 struct kvm_memory_slot *slot;
345 slot = gfn_to_memslot(kvm, gfn);
346 return &slot->rmap[gfn - slot->base_gfn];
350 * Reverse mapping data structures:
352 * If rmapp bit zero is zero, then rmapp point to the shadw page table entry
353 * that points to page_address(page).
355 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
356 * containing more mappings.
358 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn)
360 struct kvm_mmu_page *page;
361 struct kvm_rmap_desc *desc;
362 unsigned long *rmapp;
365 if (!is_rmap_pte(*spte))
367 gfn = unalias_gfn(vcpu->kvm, gfn);
368 page = page_header(__pa(spte));
369 page->gfns[spte - page->spt] = gfn;
370 rmapp = gfn_to_rmap(vcpu->kvm, gfn);
372 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
373 *rmapp = (unsigned long)spte;
374 } else if (!(*rmapp & 1)) {
375 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
376 desc = mmu_alloc_rmap_desc(vcpu);
377 desc->shadow_ptes[0] = (u64 *)*rmapp;
378 desc->shadow_ptes[1] = spte;
379 *rmapp = (unsigned long)desc | 1;
381 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
382 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
383 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
385 if (desc->shadow_ptes[RMAP_EXT-1]) {
386 desc->more = mmu_alloc_rmap_desc(vcpu);
389 for (i = 0; desc->shadow_ptes[i]; ++i)
391 desc->shadow_ptes[i] = spte;
395 static void rmap_desc_remove_entry(unsigned long *rmapp,
396 struct kvm_rmap_desc *desc,
398 struct kvm_rmap_desc *prev_desc)
402 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
404 desc->shadow_ptes[i] = desc->shadow_ptes[j];
405 desc->shadow_ptes[j] = NULL;
408 if (!prev_desc && !desc->more)
409 *rmapp = (unsigned long)desc->shadow_ptes[0];
412 prev_desc->more = desc->more;
414 *rmapp = (unsigned long)desc->more | 1;
415 mmu_free_rmap_desc(desc);
418 static void rmap_remove(struct kvm *kvm, u64 *spte)
420 struct kvm_rmap_desc *desc;
421 struct kvm_rmap_desc *prev_desc;
422 struct kvm_mmu_page *page;
423 struct page *release_page;
424 unsigned long *rmapp;
427 if (!is_rmap_pte(*spte))
429 page = page_header(__pa(spte));
430 release_page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
431 if (is_writeble_pte(*spte))
432 kvm_release_page_dirty(release_page);
434 kvm_release_page_clean(release_page);
435 rmapp = gfn_to_rmap(kvm, page->gfns[spte - page->spt]);
437 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
439 } else if (!(*rmapp & 1)) {
440 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
441 if ((u64 *)*rmapp != spte) {
442 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
448 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
449 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
452 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
453 if (desc->shadow_ptes[i] == spte) {
454 rmap_desc_remove_entry(rmapp,
466 static u64 *rmap_next(struct kvm *kvm, unsigned long *rmapp, u64 *spte)
468 struct kvm_rmap_desc *desc;
469 struct kvm_rmap_desc *prev_desc;
475 else if (!(*rmapp & 1)) {
477 return (u64 *)*rmapp;
480 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
484 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i) {
485 if (prev_spte == spte)
486 return desc->shadow_ptes[i];
487 prev_spte = desc->shadow_ptes[i];
494 static void rmap_write_protect(struct kvm *kvm, u64 gfn)
496 unsigned long *rmapp;
499 gfn = unalias_gfn(kvm, gfn);
500 rmapp = gfn_to_rmap(kvm, gfn);
502 spte = rmap_next(kvm, rmapp, NULL);
505 BUG_ON(!(*spte & PT_PRESENT_MASK));
506 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
507 if (is_writeble_pte(*spte))
508 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
509 kvm_flush_remote_tlbs(kvm);
510 spte = rmap_next(kvm, rmapp, spte);
515 static int is_empty_shadow_page(u64 *spt)
520 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
521 if ((*pos & ~PT_SHADOW_IO_MARK) != shadow_trap_nonpresent_pte) {
522 printk(KERN_ERR "%s: %p %llx\n", __FUNCTION__,
530 static void kvm_mmu_free_page(struct kvm *kvm,
531 struct kvm_mmu_page *page_head)
533 ASSERT(is_empty_shadow_page(page_head->spt));
534 list_del(&page_head->link);
535 __free_page(virt_to_page(page_head->spt));
536 __free_page(virt_to_page(page_head->gfns));
538 ++kvm->n_free_mmu_pages;
541 static unsigned kvm_page_table_hashfn(gfn_t gfn)
546 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
549 struct kvm_mmu_page *page;
551 if (!vcpu->kvm->n_free_mmu_pages)
554 page = mmu_memory_cache_alloc(&vcpu->mmu_page_header_cache,
556 page->spt = mmu_memory_cache_alloc(&vcpu->mmu_page_cache, PAGE_SIZE);
557 page->gfns = mmu_memory_cache_alloc(&vcpu->mmu_page_cache, PAGE_SIZE);
558 set_page_private(virt_to_page(page->spt), (unsigned long)page);
559 list_add(&page->link, &vcpu->kvm->active_mmu_pages);
560 ASSERT(is_empty_shadow_page(page->spt));
561 page->slot_bitmap = 0;
562 page->multimapped = 0;
563 page->parent_pte = parent_pte;
564 --vcpu->kvm->n_free_mmu_pages;
568 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
569 struct kvm_mmu_page *page, u64 *parent_pte)
571 struct kvm_pte_chain *pte_chain;
572 struct hlist_node *node;
577 if (!page->multimapped) {
578 u64 *old = page->parent_pte;
581 page->parent_pte = parent_pte;
584 page->multimapped = 1;
585 pte_chain = mmu_alloc_pte_chain(vcpu);
586 INIT_HLIST_HEAD(&page->parent_ptes);
587 hlist_add_head(&pte_chain->link, &page->parent_ptes);
588 pte_chain->parent_ptes[0] = old;
590 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link) {
591 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
593 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
594 if (!pte_chain->parent_ptes[i]) {
595 pte_chain->parent_ptes[i] = parent_pte;
599 pte_chain = mmu_alloc_pte_chain(vcpu);
601 hlist_add_head(&pte_chain->link, &page->parent_ptes);
602 pte_chain->parent_ptes[0] = parent_pte;
605 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *page,
608 struct kvm_pte_chain *pte_chain;
609 struct hlist_node *node;
612 if (!page->multimapped) {
613 BUG_ON(page->parent_pte != parent_pte);
614 page->parent_pte = NULL;
617 hlist_for_each_entry(pte_chain, node, &page->parent_ptes, link)
618 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
619 if (!pte_chain->parent_ptes[i])
621 if (pte_chain->parent_ptes[i] != parent_pte)
623 while (i + 1 < NR_PTE_CHAIN_ENTRIES
624 && pte_chain->parent_ptes[i + 1]) {
625 pte_chain->parent_ptes[i]
626 = pte_chain->parent_ptes[i + 1];
629 pte_chain->parent_ptes[i] = NULL;
631 hlist_del(&pte_chain->link);
632 mmu_free_pte_chain(pte_chain);
633 if (hlist_empty(&page->parent_ptes)) {
634 page->multimapped = 0;
635 page->parent_pte = NULL;
643 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm,
647 struct hlist_head *bucket;
648 struct kvm_mmu_page *page;
649 struct hlist_node *node;
651 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
652 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
653 bucket = &kvm->mmu_page_hash[index];
654 hlist_for_each_entry(page, node, bucket, hash_link)
655 if (page->gfn == gfn && !page->role.metaphysical) {
656 pgprintk("%s: found role %x\n",
657 __FUNCTION__, page->role.word);
663 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
668 unsigned hugepage_access,
671 union kvm_mmu_page_role role;
674 struct hlist_head *bucket;
675 struct kvm_mmu_page *page;
676 struct hlist_node *node;
679 role.glevels = vcpu->mmu.root_level;
681 role.metaphysical = metaphysical;
682 role.hugepage_access = hugepage_access;
683 if (vcpu->mmu.root_level <= PT32_ROOT_LEVEL) {
684 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
685 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
686 role.quadrant = quadrant;
688 pgprintk("%s: looking gfn %lx role %x\n", __FUNCTION__,
690 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
691 bucket = &vcpu->kvm->mmu_page_hash[index];
692 hlist_for_each_entry(page, node, bucket, hash_link)
693 if (page->gfn == gfn && page->role.word == role.word) {
694 mmu_page_add_parent_pte(vcpu, page, parent_pte);
695 pgprintk("%s: found\n", __FUNCTION__);
698 page = kvm_mmu_alloc_page(vcpu, parent_pte);
701 pgprintk("%s: adding gfn %lx role %x\n", __FUNCTION__, gfn, role.word);
704 hlist_add_head(&page->hash_link, bucket);
705 vcpu->mmu.prefetch_page(vcpu, page);
707 rmap_write_protect(vcpu->kvm, gfn);
711 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
712 struct kvm_mmu_page *page)
720 if (page->role.level == PT_PAGE_TABLE_LEVEL) {
721 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
722 if (is_shadow_present_pte(pt[i]))
723 rmap_remove(kvm, &pt[i]);
724 pt[i] = shadow_trap_nonpresent_pte;
726 kvm_flush_remote_tlbs(kvm);
730 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
733 pt[i] = shadow_trap_nonpresent_pte;
734 if (!is_shadow_present_pte(ent))
736 ent &= PT64_BASE_ADDR_MASK;
737 mmu_page_remove_parent_pte(page_header(ent), &pt[i]);
739 kvm_flush_remote_tlbs(kvm);
742 static void kvm_mmu_put_page(struct kvm_mmu_page *page,
745 mmu_page_remove_parent_pte(page, parent_pte);
748 static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
752 for (i = 0; i < KVM_MAX_VCPUS; ++i)
754 kvm->vcpus[i]->last_pte_updated = NULL;
757 static void kvm_mmu_zap_page(struct kvm *kvm,
758 struct kvm_mmu_page *page)
762 ++kvm->stat.mmu_shadow_zapped;
763 while (page->multimapped || page->parent_pte) {
764 if (!page->multimapped)
765 parent_pte = page->parent_pte;
767 struct kvm_pte_chain *chain;
769 chain = container_of(page->parent_ptes.first,
770 struct kvm_pte_chain, link);
771 parent_pte = chain->parent_ptes[0];
774 kvm_mmu_put_page(page, parent_pte);
775 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
777 kvm_mmu_page_unlink_children(kvm, page);
778 if (!page->root_count) {
779 hlist_del(&page->hash_link);
780 kvm_mmu_free_page(kvm, page);
782 list_move(&page->link, &kvm->active_mmu_pages);
783 kvm_mmu_reset_last_pte_updated(kvm);
787 * Changing the number of mmu pages allocated to the vm
788 * Note: if kvm_nr_mmu_pages is too small, you will get dead lock
790 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
793 * If we set the number of mmu pages to be smaller be than the
794 * number of actived pages , we must to free some mmu pages before we
798 if ((kvm->n_alloc_mmu_pages - kvm->n_free_mmu_pages) >
800 int n_used_mmu_pages = kvm->n_alloc_mmu_pages
801 - kvm->n_free_mmu_pages;
803 while (n_used_mmu_pages > kvm_nr_mmu_pages) {
804 struct kvm_mmu_page *page;
806 page = container_of(kvm->active_mmu_pages.prev,
807 struct kvm_mmu_page, link);
808 kvm_mmu_zap_page(kvm, page);
811 kvm->n_free_mmu_pages = 0;
814 kvm->n_free_mmu_pages += kvm_nr_mmu_pages
815 - kvm->n_alloc_mmu_pages;
817 kvm->n_alloc_mmu_pages = kvm_nr_mmu_pages;
820 static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
823 struct hlist_head *bucket;
824 struct kvm_mmu_page *page;
825 struct hlist_node *node, *n;
828 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
830 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
831 bucket = &kvm->mmu_page_hash[index];
832 hlist_for_each_entry_safe(page, node, n, bucket, hash_link)
833 if (page->gfn == gfn && !page->role.metaphysical) {
834 pgprintk("%s: gfn %lx role %x\n", __FUNCTION__, gfn,
836 kvm_mmu_zap_page(kvm, page);
842 static void mmu_unshadow(struct kvm *kvm, gfn_t gfn)
844 struct kvm_mmu_page *page;
846 while ((page = kvm_mmu_lookup_page(kvm, gfn)) != NULL) {
847 pgprintk("%s: zap %lx %x\n",
848 __FUNCTION__, gfn, page->role.word);
849 kvm_mmu_zap_page(kvm, page);
853 static void page_header_update_slot(struct kvm *kvm, void *pte, gpa_t gpa)
855 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gpa >> PAGE_SHIFT));
856 struct kvm_mmu_page *page_head = page_header(__pa(pte));
858 __set_bit(slot, &page_head->slot_bitmap);
861 hpa_t gpa_to_hpa(struct kvm *kvm, gpa_t gpa)
866 ASSERT((gpa & HPA_ERR_MASK) == 0);
867 page = gfn_to_page(kvm, gpa >> PAGE_SHIFT);
868 hpa = ((hpa_t)page_to_pfn(page) << PAGE_SHIFT) | (gpa & (PAGE_SIZE-1));
869 if (is_error_page(page))
870 return hpa | HPA_ERR_MASK;
874 hpa_t gva_to_hpa(struct kvm_vcpu *vcpu, gva_t gva)
876 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
878 if (gpa == UNMAPPED_GVA)
880 return gpa_to_hpa(vcpu->kvm, gpa);
883 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
885 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
887 if (gpa == UNMAPPED_GVA)
889 return pfn_to_page(gpa_to_hpa(vcpu->kvm, gpa) >> PAGE_SHIFT);
892 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
896 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, hpa_t p)
898 int level = PT32E_ROOT_LEVEL;
899 hpa_t table_addr = vcpu->mmu.root_hpa;
902 page = pfn_to_page(p >> PAGE_SHIFT);
904 u32 index = PT64_INDEX(v, level);
908 ASSERT(VALID_PAGE(table_addr));
909 table = __va(table_addr);
915 was_rmapped = is_rmap_pte(pte);
916 if (is_shadow_present_pte(pte) && is_writeble_pte(pte)) {
917 kvm_release_page_clean(page);
920 mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT);
921 page_header_update_slot(vcpu->kvm, table, v);
922 table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK |
925 rmap_add(vcpu, &table[index], v >> PAGE_SHIFT);
927 kvm_release_page_clean(page);
932 if (table[index] == shadow_trap_nonpresent_pte) {
933 struct kvm_mmu_page *new_table;
936 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
938 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
940 1, 3, &table[index]);
942 pgprintk("nonpaging_map: ENOMEM\n");
943 kvm_release_page_clean(page);
947 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
948 | PT_WRITABLE_MASK | PT_USER_MASK;
950 table_addr = table[index] & PT64_BASE_ADDR_MASK;
954 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
955 struct kvm_mmu_page *sp)
959 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
960 sp->spt[i] = shadow_trap_nonpresent_pte;
963 static void mmu_free_roots(struct kvm_vcpu *vcpu)
966 struct kvm_mmu_page *page;
968 if (!VALID_PAGE(vcpu->mmu.root_hpa))
971 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
972 hpa_t root = vcpu->mmu.root_hpa;
974 page = page_header(root);
976 vcpu->mmu.root_hpa = INVALID_PAGE;
980 for (i = 0; i < 4; ++i) {
981 hpa_t root = vcpu->mmu.pae_root[i];
984 root &= PT64_BASE_ADDR_MASK;
985 page = page_header(root);
988 vcpu->mmu.pae_root[i] = INVALID_PAGE;
990 vcpu->mmu.root_hpa = INVALID_PAGE;
993 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
997 struct kvm_mmu_page *page;
999 root_gfn = vcpu->cr3 >> PAGE_SHIFT;
1001 #ifdef CONFIG_X86_64
1002 if (vcpu->mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1003 hpa_t root = vcpu->mmu.root_hpa;
1005 ASSERT(!VALID_PAGE(root));
1006 page = kvm_mmu_get_page(vcpu, root_gfn, 0,
1007 PT64_ROOT_LEVEL, 0, 0, NULL);
1008 root = __pa(page->spt);
1010 vcpu->mmu.root_hpa = root;
1014 for (i = 0; i < 4; ++i) {
1015 hpa_t root = vcpu->mmu.pae_root[i];
1017 ASSERT(!VALID_PAGE(root));
1018 if (vcpu->mmu.root_level == PT32E_ROOT_LEVEL) {
1019 if (!is_present_pte(vcpu->pdptrs[i])) {
1020 vcpu->mmu.pae_root[i] = 0;
1023 root_gfn = vcpu->pdptrs[i] >> PAGE_SHIFT;
1024 } else if (vcpu->mmu.root_level == 0)
1026 page = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
1027 PT32_ROOT_LEVEL, !is_paging(vcpu),
1029 root = __pa(page->spt);
1031 vcpu->mmu.pae_root[i] = root | PT_PRESENT_MASK;
1033 vcpu->mmu.root_hpa = __pa(vcpu->mmu.pae_root);
1036 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
1041 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
1048 r = mmu_topup_memory_caches(vcpu);
1053 ASSERT(VALID_PAGE(vcpu->mmu.root_hpa));
1056 paddr = gpa_to_hpa(vcpu->kvm, addr & PT64_BASE_ADDR_MASK);
1058 if (is_error_hpa(paddr)) {
1059 kvm_release_page_clean(pfn_to_page((paddr & PT64_BASE_ADDR_MASK)
1064 return nonpaging_map(vcpu, addr & PAGE_MASK, paddr);
1067 static void nonpaging_free(struct kvm_vcpu *vcpu)
1069 mmu_free_roots(vcpu);
1072 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
1074 struct kvm_mmu *context = &vcpu->mmu;
1076 context->new_cr3 = nonpaging_new_cr3;
1077 context->page_fault = nonpaging_page_fault;
1078 context->gva_to_gpa = nonpaging_gva_to_gpa;
1079 context->free = nonpaging_free;
1080 context->prefetch_page = nonpaging_prefetch_page;
1081 context->root_level = 0;
1082 context->shadow_root_level = PT32E_ROOT_LEVEL;
1083 context->root_hpa = INVALID_PAGE;
1087 static void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
1089 ++vcpu->stat.tlb_flush;
1090 kvm_x86_ops->tlb_flush(vcpu);
1093 static void paging_new_cr3(struct kvm_vcpu *vcpu)
1095 pgprintk("%s: cr3 %lx\n", __FUNCTION__, vcpu->cr3);
1096 mmu_free_roots(vcpu);
1099 static void inject_page_fault(struct kvm_vcpu *vcpu,
1103 kvm_x86_ops->inject_page_fault(vcpu, addr, err_code);
1106 static void paging_free(struct kvm_vcpu *vcpu)
1108 nonpaging_free(vcpu);
1112 #include "paging_tmpl.h"
1116 #include "paging_tmpl.h"
1119 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1121 struct kvm_mmu *context = &vcpu->mmu;
1123 ASSERT(is_pae(vcpu));
1124 context->new_cr3 = paging_new_cr3;
1125 context->page_fault = paging64_page_fault;
1126 context->gva_to_gpa = paging64_gva_to_gpa;
1127 context->prefetch_page = paging64_prefetch_page;
1128 context->free = paging_free;
1129 context->root_level = level;
1130 context->shadow_root_level = level;
1131 context->root_hpa = INVALID_PAGE;
1135 static int paging64_init_context(struct kvm_vcpu *vcpu)
1137 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1140 static int paging32_init_context(struct kvm_vcpu *vcpu)
1142 struct kvm_mmu *context = &vcpu->mmu;
1144 context->new_cr3 = paging_new_cr3;
1145 context->page_fault = paging32_page_fault;
1146 context->gva_to_gpa = paging32_gva_to_gpa;
1147 context->free = paging_free;
1148 context->prefetch_page = paging32_prefetch_page;
1149 context->root_level = PT32_ROOT_LEVEL;
1150 context->shadow_root_level = PT32E_ROOT_LEVEL;
1151 context->root_hpa = INVALID_PAGE;
1155 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1157 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1160 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1163 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1165 if (!is_paging(vcpu))
1166 return nonpaging_init_context(vcpu);
1167 else if (is_long_mode(vcpu))
1168 return paging64_init_context(vcpu);
1169 else if (is_pae(vcpu))
1170 return paging32E_init_context(vcpu);
1172 return paging32_init_context(vcpu);
1175 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1178 if (VALID_PAGE(vcpu->mmu.root_hpa)) {
1179 vcpu->mmu.free(vcpu);
1180 vcpu->mmu.root_hpa = INVALID_PAGE;
1184 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1186 destroy_kvm_mmu(vcpu);
1187 return init_kvm_mmu(vcpu);
1189 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
1191 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1195 mutex_lock(&vcpu->kvm->lock);
1196 r = mmu_topup_memory_caches(vcpu);
1199 mmu_alloc_roots(vcpu);
1200 kvm_x86_ops->set_cr3(vcpu, vcpu->mmu.root_hpa);
1201 kvm_mmu_flush_tlb(vcpu);
1203 mutex_unlock(&vcpu->kvm->lock);
1206 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1208 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1210 mmu_free_roots(vcpu);
1213 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1214 struct kvm_mmu_page *page,
1218 struct kvm_mmu_page *child;
1221 if (is_shadow_present_pte(pte)) {
1222 if (page->role.level == PT_PAGE_TABLE_LEVEL)
1223 rmap_remove(vcpu->kvm, spte);
1225 child = page_header(pte & PT64_BASE_ADDR_MASK);
1226 mmu_page_remove_parent_pte(child, spte);
1229 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
1230 kvm_flush_remote_tlbs(vcpu->kvm);
1233 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1234 struct kvm_mmu_page *page,
1236 const void *new, int bytes,
1239 if (page->role.level != PT_PAGE_TABLE_LEVEL) {
1240 ++vcpu->kvm->stat.mmu_pde_zapped;
1244 ++vcpu->kvm->stat.mmu_pte_updated;
1245 if (page->role.glevels == PT32_ROOT_LEVEL)
1246 paging32_update_pte(vcpu, page, spte, new, bytes,
1249 paging64_update_pte(vcpu, page, spte, new, bytes,
1253 static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
1255 u64 *spte = vcpu->last_pte_updated;
1257 return !!(spte && (*spte & PT_ACCESSED_MASK));
1260 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1261 const u8 *new, int bytes)
1263 gfn_t gfn = gpa >> PAGE_SHIFT;
1264 struct kvm_mmu_page *page;
1265 struct hlist_node *node, *n;
1266 struct hlist_head *bucket;
1269 unsigned offset = offset_in_page(gpa);
1271 unsigned page_offset;
1272 unsigned misaligned;
1278 pgprintk("%s: gpa %llx bytes %d\n", __FUNCTION__, gpa, bytes);
1279 ++vcpu->kvm->stat.mmu_pte_write;
1280 kvm_mmu_audit(vcpu, "pre pte write");
1281 if (gfn == vcpu->last_pt_write_gfn
1282 && !last_updated_pte_accessed(vcpu)) {
1283 ++vcpu->last_pt_write_count;
1284 if (vcpu->last_pt_write_count >= 3)
1287 vcpu->last_pt_write_gfn = gfn;
1288 vcpu->last_pt_write_count = 1;
1289 vcpu->last_pte_updated = NULL;
1291 index = kvm_page_table_hashfn(gfn) % KVM_NUM_MMU_PAGES;
1292 bucket = &vcpu->kvm->mmu_page_hash[index];
1293 hlist_for_each_entry_safe(page, node, n, bucket, hash_link) {
1294 if (page->gfn != gfn || page->role.metaphysical)
1296 pte_size = page->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1297 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1298 misaligned |= bytes < 4;
1299 if (misaligned || flooded) {
1301 * Misaligned accesses are too much trouble to fix
1302 * up; also, they usually indicate a page is not used
1305 * If we're seeing too many writes to a page,
1306 * it may no longer be a page table, or we may be
1307 * forking, in which case it is better to unmap the
1310 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1311 gpa, bytes, page->role.word);
1312 kvm_mmu_zap_page(vcpu->kvm, page);
1313 ++vcpu->kvm->stat.mmu_flooded;
1316 page_offset = offset;
1317 level = page->role.level;
1319 if (page->role.glevels == PT32_ROOT_LEVEL) {
1320 page_offset <<= 1; /* 32->64 */
1322 * A 32-bit pde maps 4MB while the shadow pdes map
1323 * only 2MB. So we need to double the offset again
1324 * and zap two pdes instead of one.
1326 if (level == PT32_ROOT_LEVEL) {
1327 page_offset &= ~7; /* kill rounding error */
1331 quadrant = page_offset >> PAGE_SHIFT;
1332 page_offset &= ~PAGE_MASK;
1333 if (quadrant != page->role.quadrant)
1336 spte = &page->spt[page_offset / sizeof(*spte)];
1338 mmu_pte_write_zap_pte(vcpu, page, spte);
1339 mmu_pte_write_new_pte(vcpu, page, spte, new, bytes,
1340 page_offset & (pte_size - 1));
1344 kvm_mmu_audit(vcpu, "post pte write");
1347 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1349 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, gva);
1351 return kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1354 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1356 while (vcpu->kvm->n_free_mmu_pages < KVM_REFILL_PAGES) {
1357 struct kvm_mmu_page *page;
1359 page = container_of(vcpu->kvm->active_mmu_pages.prev,
1360 struct kvm_mmu_page, link);
1361 kvm_mmu_zap_page(vcpu->kvm, page);
1362 ++vcpu->kvm->stat.mmu_recycled;
1366 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
1369 enum emulation_result er;
1371 mutex_lock(&vcpu->kvm->lock);
1372 r = vcpu->mmu.page_fault(vcpu, cr2, error_code);
1381 r = mmu_topup_memory_caches(vcpu);
1385 er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
1386 mutex_unlock(&vcpu->kvm->lock);
1391 case EMULATE_DO_MMIO:
1392 ++vcpu->stat.mmio_exits;
1395 kvm_report_emulation_failure(vcpu, "pagetable");
1401 mutex_unlock(&vcpu->kvm->lock);
1404 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
1406 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1408 struct kvm_mmu_page *page;
1410 while (!list_empty(&vcpu->kvm->active_mmu_pages)) {
1411 page = container_of(vcpu->kvm->active_mmu_pages.next,
1412 struct kvm_mmu_page, link);
1413 kvm_mmu_zap_page(vcpu->kvm, page);
1415 free_page((unsigned long)vcpu->mmu.pae_root);
1418 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1425 if (vcpu->kvm->n_requested_mmu_pages)
1426 vcpu->kvm->n_free_mmu_pages = vcpu->kvm->n_requested_mmu_pages;
1428 vcpu->kvm->n_free_mmu_pages = vcpu->kvm->n_alloc_mmu_pages;
1430 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1431 * Therefore we need to allocate shadow page tables in the first
1432 * 4GB of memory, which happens to fit the DMA32 zone.
1434 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1437 vcpu->mmu.pae_root = page_address(page);
1438 for (i = 0; i < 4; ++i)
1439 vcpu->mmu.pae_root[i] = INVALID_PAGE;
1444 free_mmu_pages(vcpu);
1448 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1451 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1453 return alloc_mmu_pages(vcpu);
1456 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1459 ASSERT(!VALID_PAGE(vcpu->mmu.root_hpa));
1461 return init_kvm_mmu(vcpu);
1464 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1468 destroy_kvm_mmu(vcpu);
1469 free_mmu_pages(vcpu);
1470 mmu_free_memory_caches(vcpu);
1473 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
1475 struct kvm_mmu_page *page;
1477 list_for_each_entry(page, &kvm->active_mmu_pages, link) {
1481 if (!test_bit(slot, &page->slot_bitmap))
1485 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1487 if (pt[i] & PT_WRITABLE_MASK)
1488 pt[i] &= ~PT_WRITABLE_MASK;
1492 void kvm_mmu_zap_all(struct kvm *kvm)
1494 struct kvm_mmu_page *page, *node;
1496 list_for_each_entry_safe(page, node, &kvm->active_mmu_pages, link)
1497 kvm_mmu_zap_page(kvm, page);
1499 kvm_flush_remote_tlbs(kvm);
1502 void kvm_mmu_module_exit(void)
1504 if (pte_chain_cache)
1505 kmem_cache_destroy(pte_chain_cache);
1506 if (rmap_desc_cache)
1507 kmem_cache_destroy(rmap_desc_cache);
1508 if (mmu_page_header_cache)
1509 kmem_cache_destroy(mmu_page_header_cache);
1512 int kvm_mmu_module_init(void)
1514 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1515 sizeof(struct kvm_pte_chain),
1517 if (!pte_chain_cache)
1519 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
1520 sizeof(struct kvm_rmap_desc),
1522 if (!rmap_desc_cache)
1525 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
1526 sizeof(struct kvm_mmu_page),
1528 if (!mmu_page_header_cache)
1534 kvm_mmu_module_exit();
1539 * Caculate mmu pages needed for kvm.
1541 unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
1544 unsigned int nr_mmu_pages;
1545 unsigned int nr_pages = 0;
1547 for (i = 0; i < kvm->nmemslots; i++)
1548 nr_pages += kvm->memslots[i].npages;
1550 nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
1551 nr_mmu_pages = max(nr_mmu_pages,
1552 (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
1554 return nr_mmu_pages;
1559 static const char *audit_msg;
1561 static gva_t canonicalize(gva_t gva)
1563 #ifdef CONFIG_X86_64
1564 gva = (long long)(gva << 16) >> 16;
1569 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
1570 gva_t va, int level)
1572 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
1574 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
1576 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
1579 if (ent == shadow_trap_nonpresent_pte)
1582 va = canonicalize(va);
1584 if (ent == shadow_notrap_nonpresent_pte)
1585 printk(KERN_ERR "audit: (%s) nontrapping pte"
1586 " in nonleaf level: levels %d gva %lx"
1587 " level %d pte %llx\n", audit_msg,
1588 vcpu->mmu.root_level, va, level, ent);
1590 audit_mappings_page(vcpu, ent, va, level - 1);
1592 gpa_t gpa = vcpu->mmu.gva_to_gpa(vcpu, va);
1593 hpa_t hpa = gpa_to_hpa(vcpu, gpa);
1596 if (is_shadow_present_pte(ent)
1597 && (ent & PT64_BASE_ADDR_MASK) != hpa)
1598 printk(KERN_ERR "xx audit error: (%s) levels %d"
1599 " gva %lx gpa %llx hpa %llx ent %llx %d\n",
1600 audit_msg, vcpu->mmu.root_level,
1602 is_shadow_present_pte(ent));
1603 else if (ent == shadow_notrap_nonpresent_pte
1604 && !is_error_hpa(hpa))
1605 printk(KERN_ERR "audit: (%s) notrap shadow,"
1606 " valid guest gva %lx\n", audit_msg, va);
1607 page = pfn_to_page((gpa & PT64_BASE_ADDR_MASK)
1609 kvm_release_page_clean(page);
1615 static void audit_mappings(struct kvm_vcpu *vcpu)
1619 if (vcpu->mmu.root_level == 4)
1620 audit_mappings_page(vcpu, vcpu->mmu.root_hpa, 0, 4);
1622 for (i = 0; i < 4; ++i)
1623 if (vcpu->mmu.pae_root[i] & PT_PRESENT_MASK)
1624 audit_mappings_page(vcpu,
1625 vcpu->mmu.pae_root[i],
1630 static int count_rmaps(struct kvm_vcpu *vcpu)
1635 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
1636 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
1637 struct kvm_rmap_desc *d;
1639 for (j = 0; j < m->npages; ++j) {
1640 unsigned long *rmapp = &m->rmap[j];
1644 if (!(*rmapp & 1)) {
1648 d = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
1650 for (k = 0; k < RMAP_EXT; ++k)
1651 if (d->shadow_ptes[k])
1662 static int count_writable_mappings(struct kvm_vcpu *vcpu)
1665 struct kvm_mmu_page *page;
1668 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1669 u64 *pt = page->spt;
1671 if (page->role.level != PT_PAGE_TABLE_LEVEL)
1674 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
1677 if (!(ent & PT_PRESENT_MASK))
1679 if (!(ent & PT_WRITABLE_MASK))
1687 static void audit_rmap(struct kvm_vcpu *vcpu)
1689 int n_rmap = count_rmaps(vcpu);
1690 int n_actual = count_writable_mappings(vcpu);
1692 if (n_rmap != n_actual)
1693 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
1694 __FUNCTION__, audit_msg, n_rmap, n_actual);
1697 static void audit_write_protection(struct kvm_vcpu *vcpu)
1699 struct kvm_mmu_page *page;
1700 struct kvm_memory_slot *slot;
1701 unsigned long *rmapp;
1704 list_for_each_entry(page, &vcpu->kvm->active_mmu_pages, link) {
1705 if (page->role.metaphysical)
1708 slot = gfn_to_memslot(vcpu->kvm, page->gfn);
1709 gfn = unalias_gfn(vcpu->kvm, page->gfn);
1710 rmapp = &slot->rmap[gfn - slot->base_gfn];
1712 printk(KERN_ERR "%s: (%s) shadow page has writable"
1713 " mappings: gfn %lx role %x\n",
1714 __FUNCTION__, audit_msg, page->gfn,
1719 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
1726 audit_write_protection(vcpu);
1727 audit_mappings(vcpu);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob