2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
23 #include <linux/kvm_host.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
29 #include <linux/swap.h>
30 #include <linux/hugetlb.h>
33 #include <asm/cmpxchg.h>
37 * When setting this variable to true it enables Two-Dimensional-Paging
38 * where the hardware walks 2 page tables:
39 * 1. the guest-virtual to guest-physical
40 * 2. while doing 1. it walks guest-physical to host-physical
41 * If the hardware supports that we don't need to do shadow paging.
43 static bool tdp_enabled = false;
50 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
52 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
57 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
58 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
62 #define pgprintk(x...) do { } while (0)
63 #define rmap_printk(x...) do { } while (0)
67 #if defined(MMU_DEBUG) || defined(AUDIT)
72 #define ASSERT(x) do { } while (0)
76 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
77 __FILE__, __LINE__, #x); \
81 #define PT64_PT_BITS 9
82 #define PT64_ENT_PER_PAGE (1 << PT64_PT_BITS)
83 #define PT32_PT_BITS 10
84 #define PT32_ENT_PER_PAGE (1 << PT32_PT_BITS)
86 #define PT_WRITABLE_SHIFT 1
88 #define PT_PRESENT_MASK (1ULL << 0)
89 #define PT_WRITABLE_MASK (1ULL << PT_WRITABLE_SHIFT)
90 #define PT_USER_MASK (1ULL << 2)
91 #define PT_PWT_MASK (1ULL << 3)
92 #define PT_PCD_MASK (1ULL << 4)
93 #define PT_ACCESSED_MASK (1ULL << 5)
94 #define PT_DIRTY_MASK (1ULL << 6)
95 #define PT_PAGE_SIZE_MASK (1ULL << 7)
96 #define PT_PAT_MASK (1ULL << 7)
97 #define PT_GLOBAL_MASK (1ULL << 8)
98 #define PT64_NX_SHIFT 63
99 #define PT64_NX_MASK (1ULL << PT64_NX_SHIFT)
101 #define PT_PAT_SHIFT 7
102 #define PT_DIR_PAT_SHIFT 12
103 #define PT_DIR_PAT_MASK (1ULL << PT_DIR_PAT_SHIFT)
105 #define PT32_DIR_PSE36_SIZE 4
106 #define PT32_DIR_PSE36_SHIFT 13
107 #define PT32_DIR_PSE36_MASK \
108 (((1ULL << PT32_DIR_PSE36_SIZE) - 1) << PT32_DIR_PSE36_SHIFT)
111 #define PT_FIRST_AVAIL_BITS_SHIFT 9
112 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
114 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
116 #define PT64_LEVEL_BITS 9
118 #define PT64_LEVEL_SHIFT(level) \
119 (PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS)
121 #define PT64_LEVEL_MASK(level) \
122 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
124 #define PT64_INDEX(address, level)\
125 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
128 #define PT32_LEVEL_BITS 10
130 #define PT32_LEVEL_SHIFT(level) \
131 (PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS)
133 #define PT32_LEVEL_MASK(level) \
134 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
136 #define PT32_INDEX(address, level)\
137 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
140 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
141 #define PT64_DIR_BASE_ADDR_MASK \
142 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
144 #define PT32_BASE_ADDR_MASK PAGE_MASK
145 #define PT32_DIR_BASE_ADDR_MASK \
146 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
148 #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK \
151 #define PFERR_PRESENT_MASK (1U << 0)
152 #define PFERR_WRITE_MASK (1U << 1)
153 #define PFERR_USER_MASK (1U << 2)
154 #define PFERR_FETCH_MASK (1U << 4)
156 #define PT64_ROOT_LEVEL 4
157 #define PT32_ROOT_LEVEL 2
158 #define PT32E_ROOT_LEVEL 3
160 #define PT_DIRECTORY_LEVEL 2
161 #define PT_PAGE_TABLE_LEVEL 1
165 #define ACC_EXEC_MASK 1
166 #define ACC_WRITE_MASK PT_WRITABLE_MASK
167 #define ACC_USER_MASK PT_USER_MASK
168 #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
170 struct kvm_rmap_desc {
171 u64 *shadow_ptes[RMAP_EXT];
172 struct kvm_rmap_desc *more;
175 static struct kmem_cache *pte_chain_cache;
176 static struct kmem_cache *rmap_desc_cache;
177 static struct kmem_cache *mmu_page_header_cache;
179 static u64 __read_mostly shadow_trap_nonpresent_pte;
180 static u64 __read_mostly shadow_notrap_nonpresent_pte;
182 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
184 shadow_trap_nonpresent_pte = trap_pte;
185 shadow_notrap_nonpresent_pte = notrap_pte;
187 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
189 static int is_write_protection(struct kvm_vcpu *vcpu)
191 return vcpu->arch.cr0 & X86_CR0_WP;
194 static int is_cpuid_PSE36(void)
199 static int is_nx(struct kvm_vcpu *vcpu)
201 return vcpu->arch.shadow_efer & EFER_NX;
204 static int is_present_pte(unsigned long pte)
206 return pte & PT_PRESENT_MASK;
209 static int is_shadow_present_pte(u64 pte)
211 return pte != shadow_trap_nonpresent_pte
212 && pte != shadow_notrap_nonpresent_pte;
215 static int is_large_pte(u64 pte)
217 return pte & PT_PAGE_SIZE_MASK;
220 static int is_writeble_pte(unsigned long pte)
222 return pte & PT_WRITABLE_MASK;
225 static int is_dirty_pte(unsigned long pte)
227 return pte & PT_DIRTY_MASK;
230 static int is_rmap_pte(u64 pte)
232 return is_shadow_present_pte(pte);
235 static gfn_t pse36_gfn_delta(u32 gpte)
237 int shift = 32 - PT32_DIR_PSE36_SHIFT - PAGE_SHIFT;
239 return (gpte & PT32_DIR_PSE36_MASK) << shift;
242 static void set_shadow_pte(u64 *sptep, u64 spte)
245 set_64bit((unsigned long *)sptep, spte);
247 set_64bit((unsigned long long *)sptep, spte);
251 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
252 struct kmem_cache *base_cache, int min)
256 if (cache->nobjs >= min)
258 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
259 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
262 cache->objects[cache->nobjs++] = obj;
267 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
270 kfree(mc->objects[--mc->nobjs]);
273 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
278 if (cache->nobjs >= min)
280 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
281 page = alloc_page(GFP_KERNEL);
284 set_page_private(page, 0);
285 cache->objects[cache->nobjs++] = page_address(page);
290 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
293 free_page((unsigned long)mc->objects[--mc->nobjs]);
296 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
300 r = mmu_topup_memory_cache(&vcpu->arch.mmu_pte_chain_cache,
304 r = mmu_topup_memory_cache(&vcpu->arch.mmu_rmap_desc_cache,
308 r = mmu_topup_memory_cache_page(&vcpu->arch.mmu_page_cache, 8);
311 r = mmu_topup_memory_cache(&vcpu->arch.mmu_page_header_cache,
312 mmu_page_header_cache, 4);
317 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
319 mmu_free_memory_cache(&vcpu->arch.mmu_pte_chain_cache);
320 mmu_free_memory_cache(&vcpu->arch.mmu_rmap_desc_cache);
321 mmu_free_memory_cache_page(&vcpu->arch.mmu_page_cache);
322 mmu_free_memory_cache(&vcpu->arch.mmu_page_header_cache);
325 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
331 p = mc->objects[--mc->nobjs];
336 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
338 return mmu_memory_cache_alloc(&vcpu->arch.mmu_pte_chain_cache,
339 sizeof(struct kvm_pte_chain));
342 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
347 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
349 return mmu_memory_cache_alloc(&vcpu->arch.mmu_rmap_desc_cache,
350 sizeof(struct kvm_rmap_desc));
353 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
359 * Return the pointer to the largepage write count for a given
360 * gfn, handling slots that are not large page aligned.
362 static int *slot_largepage_idx(gfn_t gfn, struct kvm_memory_slot *slot)
366 idx = (gfn / KVM_PAGES_PER_HPAGE) -
367 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
368 return &slot->lpage_info[idx].write_count;
371 static void account_shadowed(struct kvm *kvm, gfn_t gfn)
375 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
377 WARN_ON(*write_count > KVM_PAGES_PER_HPAGE);
380 static void unaccount_shadowed(struct kvm *kvm, gfn_t gfn)
384 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
386 WARN_ON(*write_count < 0);
389 static int has_wrprotected_page(struct kvm *kvm, gfn_t gfn)
391 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
395 largepage_idx = slot_largepage_idx(gfn, slot);
396 return *largepage_idx;
402 static int host_largepage_backed(struct kvm *kvm, gfn_t gfn)
404 struct vm_area_struct *vma;
407 addr = gfn_to_hva(kvm, gfn);
408 if (kvm_is_error_hva(addr))
411 vma = find_vma(current->mm, addr);
412 if (vma && is_vm_hugetlb_page(vma))
418 static int is_largepage_backed(struct kvm_vcpu *vcpu, gfn_t large_gfn)
420 struct kvm_memory_slot *slot;
422 if (has_wrprotected_page(vcpu->kvm, large_gfn))
425 if (!host_largepage_backed(vcpu->kvm, large_gfn))
428 slot = gfn_to_memslot(vcpu->kvm, large_gfn);
429 if (slot && slot->dirty_bitmap)
436 * Take gfn and return the reverse mapping to it.
437 * Note: gfn must be unaliased before this function get called
440 static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage)
442 struct kvm_memory_slot *slot;
445 slot = gfn_to_memslot(kvm, gfn);
447 return &slot->rmap[gfn - slot->base_gfn];
449 idx = (gfn / KVM_PAGES_PER_HPAGE) -
450 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
452 return &slot->lpage_info[idx].rmap_pde;
456 * Reverse mapping data structures:
458 * If rmapp bit zero is zero, then rmapp point to the shadw page table entry
459 * that points to page_address(page).
461 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
462 * containing more mappings.
464 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
466 struct kvm_mmu_page *sp;
467 struct kvm_rmap_desc *desc;
468 unsigned long *rmapp;
471 if (!is_rmap_pte(*spte))
473 gfn = unalias_gfn(vcpu->kvm, gfn);
474 sp = page_header(__pa(spte));
475 sp->gfns[spte - sp->spt] = gfn;
476 rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
478 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
479 *rmapp = (unsigned long)spte;
480 } else if (!(*rmapp & 1)) {
481 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
482 desc = mmu_alloc_rmap_desc(vcpu);
483 desc->shadow_ptes[0] = (u64 *)*rmapp;
484 desc->shadow_ptes[1] = spte;
485 *rmapp = (unsigned long)desc | 1;
487 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
488 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
489 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
491 if (desc->shadow_ptes[RMAP_EXT-1]) {
492 desc->more = mmu_alloc_rmap_desc(vcpu);
495 for (i = 0; desc->shadow_ptes[i]; ++i)
497 desc->shadow_ptes[i] = spte;
501 static void rmap_desc_remove_entry(unsigned long *rmapp,
502 struct kvm_rmap_desc *desc,
504 struct kvm_rmap_desc *prev_desc)
508 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
510 desc->shadow_ptes[i] = desc->shadow_ptes[j];
511 desc->shadow_ptes[j] = NULL;
514 if (!prev_desc && !desc->more)
515 *rmapp = (unsigned long)desc->shadow_ptes[0];
518 prev_desc->more = desc->more;
520 *rmapp = (unsigned long)desc->more | 1;
521 mmu_free_rmap_desc(desc);
524 static void rmap_remove(struct kvm *kvm, u64 *spte)
526 struct kvm_rmap_desc *desc;
527 struct kvm_rmap_desc *prev_desc;
528 struct kvm_mmu_page *sp;
530 unsigned long *rmapp;
533 if (!is_rmap_pte(*spte))
535 sp = page_header(__pa(spte));
536 page = pfn_to_page((*spte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT);
537 mark_page_accessed(page);
538 if (is_writeble_pte(*spte))
539 kvm_release_page_dirty(page);
541 kvm_release_page_clean(page);
542 rmapp = gfn_to_rmap(kvm, sp->gfns[spte - sp->spt], is_large_pte(*spte));
544 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
546 } else if (!(*rmapp & 1)) {
547 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
548 if ((u64 *)*rmapp != spte) {
549 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
555 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
556 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
559 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
560 if (desc->shadow_ptes[i] == spte) {
561 rmap_desc_remove_entry(rmapp,
573 static u64 *rmap_next(struct kvm *kvm, unsigned long *rmapp, u64 *spte)
575 struct kvm_rmap_desc *desc;
576 struct kvm_rmap_desc *prev_desc;
582 else if (!(*rmapp & 1)) {
584 return (u64 *)*rmapp;
587 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
591 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i) {
592 if (prev_spte == spte)
593 return desc->shadow_ptes[i];
594 prev_spte = desc->shadow_ptes[i];
601 static void rmap_write_protect(struct kvm *kvm, u64 gfn)
603 unsigned long *rmapp;
605 int write_protected = 0;
607 gfn = unalias_gfn(kvm, gfn);
608 rmapp = gfn_to_rmap(kvm, gfn, 0);
610 spte = rmap_next(kvm, rmapp, NULL);
613 BUG_ON(!(*spte & PT_PRESENT_MASK));
614 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
615 if (is_writeble_pte(*spte)) {
616 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
619 spte = rmap_next(kvm, rmapp, spte);
621 /* check for huge page mappings */
622 rmapp = gfn_to_rmap(kvm, gfn, 1);
623 spte = rmap_next(kvm, rmapp, NULL);
626 BUG_ON(!(*spte & PT_PRESENT_MASK));
627 BUG_ON((*spte & (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK)) != (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK));
628 pgprintk("rmap_write_protect(large): spte %p %llx %lld\n", spte, *spte, gfn);
629 if (is_writeble_pte(*spte)) {
630 rmap_remove(kvm, spte);
632 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
635 spte = rmap_next(kvm, rmapp, spte);
639 kvm_flush_remote_tlbs(kvm);
641 account_shadowed(kvm, gfn);
645 static int is_empty_shadow_page(u64 *spt)
650 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
651 if (*pos != shadow_trap_nonpresent_pte) {
652 printk(KERN_ERR "%s: %p %llx\n", __FUNCTION__,
660 static void kvm_mmu_free_page(struct kvm *kvm, struct kvm_mmu_page *sp)
662 ASSERT(is_empty_shadow_page(sp->spt));
664 __free_page(virt_to_page(sp->spt));
665 __free_page(virt_to_page(sp->gfns));
667 ++kvm->arch.n_free_mmu_pages;
670 static unsigned kvm_page_table_hashfn(gfn_t gfn)
672 return gfn & ((1 << KVM_MMU_HASH_SHIFT) - 1);
675 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
678 struct kvm_mmu_page *sp;
680 sp = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_header_cache, sizeof *sp);
681 sp->spt = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
682 sp->gfns = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
683 set_page_private(virt_to_page(sp->spt), (unsigned long)sp);
684 list_add(&sp->link, &vcpu->kvm->arch.active_mmu_pages);
685 ASSERT(is_empty_shadow_page(sp->spt));
688 sp->parent_pte = parent_pte;
689 --vcpu->kvm->arch.n_free_mmu_pages;
693 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
694 struct kvm_mmu_page *sp, u64 *parent_pte)
696 struct kvm_pte_chain *pte_chain;
697 struct hlist_node *node;
702 if (!sp->multimapped) {
703 u64 *old = sp->parent_pte;
706 sp->parent_pte = parent_pte;
710 pte_chain = mmu_alloc_pte_chain(vcpu);
711 INIT_HLIST_HEAD(&sp->parent_ptes);
712 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
713 pte_chain->parent_ptes[0] = old;
715 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link) {
716 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
718 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
719 if (!pte_chain->parent_ptes[i]) {
720 pte_chain->parent_ptes[i] = parent_pte;
724 pte_chain = mmu_alloc_pte_chain(vcpu);
726 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
727 pte_chain->parent_ptes[0] = parent_pte;
730 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
733 struct kvm_pte_chain *pte_chain;
734 struct hlist_node *node;
737 if (!sp->multimapped) {
738 BUG_ON(sp->parent_pte != parent_pte);
739 sp->parent_pte = NULL;
742 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
743 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
744 if (!pte_chain->parent_ptes[i])
746 if (pte_chain->parent_ptes[i] != parent_pte)
748 while (i + 1 < NR_PTE_CHAIN_ENTRIES
749 && pte_chain->parent_ptes[i + 1]) {
750 pte_chain->parent_ptes[i]
751 = pte_chain->parent_ptes[i + 1];
754 pte_chain->parent_ptes[i] = NULL;
756 hlist_del(&pte_chain->link);
757 mmu_free_pte_chain(pte_chain);
758 if (hlist_empty(&sp->parent_ptes)) {
760 sp->parent_pte = NULL;
768 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
771 struct hlist_head *bucket;
772 struct kvm_mmu_page *sp;
773 struct hlist_node *node;
775 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
776 index = kvm_page_table_hashfn(gfn);
777 bucket = &kvm->arch.mmu_page_hash[index];
778 hlist_for_each_entry(sp, node, bucket, hash_link)
779 if (sp->gfn == gfn && !sp->role.metaphysical
780 && !sp->role.invalid) {
781 pgprintk("%s: found role %x\n",
782 __FUNCTION__, sp->role.word);
788 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
796 union kvm_mmu_page_role role;
799 struct hlist_head *bucket;
800 struct kvm_mmu_page *sp;
801 struct hlist_node *node;
804 role.glevels = vcpu->arch.mmu.root_level;
806 role.metaphysical = metaphysical;
807 role.access = access;
808 if (vcpu->arch.mmu.root_level <= PT32_ROOT_LEVEL) {
809 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
810 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
811 role.quadrant = quadrant;
813 pgprintk("%s: looking gfn %lx role %x\n", __FUNCTION__,
815 index = kvm_page_table_hashfn(gfn);
816 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
817 hlist_for_each_entry(sp, node, bucket, hash_link)
818 if (sp->gfn == gfn && sp->role.word == role.word) {
819 mmu_page_add_parent_pte(vcpu, sp, parent_pte);
820 pgprintk("%s: found\n", __FUNCTION__);
823 ++vcpu->kvm->stat.mmu_cache_miss;
824 sp = kvm_mmu_alloc_page(vcpu, parent_pte);
827 pgprintk("%s: adding gfn %lx role %x\n", __FUNCTION__, gfn, role.word);
830 hlist_add_head(&sp->hash_link, bucket);
831 vcpu->arch.mmu.prefetch_page(vcpu, sp);
833 rmap_write_protect(vcpu->kvm, gfn);
837 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
838 struct kvm_mmu_page *sp)
846 if (sp->role.level == PT_PAGE_TABLE_LEVEL) {
847 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
848 if (is_shadow_present_pte(pt[i]))
849 rmap_remove(kvm, &pt[i]);
850 pt[i] = shadow_trap_nonpresent_pte;
852 kvm_flush_remote_tlbs(kvm);
856 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
859 if (is_shadow_present_pte(ent)) {
860 if (!is_large_pte(ent)) {
861 ent &= PT64_BASE_ADDR_MASK;
862 mmu_page_remove_parent_pte(page_header(ent),
866 rmap_remove(kvm, &pt[i]);
869 pt[i] = shadow_trap_nonpresent_pte;
871 kvm_flush_remote_tlbs(kvm);
874 static void kvm_mmu_put_page(struct kvm_mmu_page *sp, u64 *parent_pte)
876 mmu_page_remove_parent_pte(sp, parent_pte);
879 static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
883 for (i = 0; i < KVM_MAX_VCPUS; ++i)
885 kvm->vcpus[i]->arch.last_pte_updated = NULL;
888 static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
892 ++kvm->stat.mmu_shadow_zapped;
893 while (sp->multimapped || sp->parent_pte) {
894 if (!sp->multimapped)
895 parent_pte = sp->parent_pte;
897 struct kvm_pte_chain *chain;
899 chain = container_of(sp->parent_ptes.first,
900 struct kvm_pte_chain, link);
901 parent_pte = chain->parent_ptes[0];
904 kvm_mmu_put_page(sp, parent_pte);
905 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
907 kvm_mmu_page_unlink_children(kvm, sp);
908 if (!sp->root_count) {
909 if (!sp->role.metaphysical)
910 unaccount_shadowed(kvm, sp->gfn);
911 hlist_del(&sp->hash_link);
912 kvm_mmu_free_page(kvm, sp);
914 list_move(&sp->link, &kvm->arch.active_mmu_pages);
915 sp->role.invalid = 1;
916 kvm_reload_remote_mmus(kvm);
918 kvm_mmu_reset_last_pte_updated(kvm);
922 * Changing the number of mmu pages allocated to the vm
923 * Note: if kvm_nr_mmu_pages is too small, you will get dead lock
925 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
928 * If we set the number of mmu pages to be smaller be than the
929 * number of actived pages , we must to free some mmu pages before we
933 if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >
935 int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
936 - kvm->arch.n_free_mmu_pages;
938 while (n_used_mmu_pages > kvm_nr_mmu_pages) {
939 struct kvm_mmu_page *page;
941 page = container_of(kvm->arch.active_mmu_pages.prev,
942 struct kvm_mmu_page, link);
943 kvm_mmu_zap_page(kvm, page);
946 kvm->arch.n_free_mmu_pages = 0;
949 kvm->arch.n_free_mmu_pages += kvm_nr_mmu_pages
950 - kvm->arch.n_alloc_mmu_pages;
952 kvm->arch.n_alloc_mmu_pages = kvm_nr_mmu_pages;
955 static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
958 struct hlist_head *bucket;
959 struct kvm_mmu_page *sp;
960 struct hlist_node *node, *n;
963 pgprintk("%s: looking for gfn %lx\n", __FUNCTION__, gfn);
965 index = kvm_page_table_hashfn(gfn);
966 bucket = &kvm->arch.mmu_page_hash[index];
967 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link)
968 if (sp->gfn == gfn && !sp->role.metaphysical) {
969 pgprintk("%s: gfn %lx role %x\n", __FUNCTION__, gfn,
971 kvm_mmu_zap_page(kvm, sp);
977 static void mmu_unshadow(struct kvm *kvm, gfn_t gfn)
979 struct kvm_mmu_page *sp;
981 while ((sp = kvm_mmu_lookup_page(kvm, gfn)) != NULL) {
982 pgprintk("%s: zap %lx %x\n", __FUNCTION__, gfn, sp->role.word);
983 kvm_mmu_zap_page(kvm, sp);
987 static void page_header_update_slot(struct kvm *kvm, void *pte, gfn_t gfn)
989 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gfn));
990 struct kvm_mmu_page *sp = page_header(__pa(pte));
992 __set_bit(slot, &sp->slot_bitmap);
995 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
999 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1001 if (gpa == UNMAPPED_GVA)
1004 down_read(¤t->mm->mmap_sem);
1005 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1006 up_read(¤t->mm->mmap_sem);
1011 static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
1012 unsigned pt_access, unsigned pte_access,
1013 int user_fault, int write_fault, int dirty,
1014 int *ptwrite, int largepage, gfn_t gfn,
1018 int was_rmapped = 0;
1019 int was_writeble = is_writeble_pte(*shadow_pte);
1020 hfn_t host_pfn = (*shadow_pte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
1022 pgprintk("%s: spte %llx access %x write_fault %d"
1023 " user_fault %d gfn %lx\n",
1024 __FUNCTION__, *shadow_pte, pt_access,
1025 write_fault, user_fault, gfn);
1027 if (is_rmap_pte(*shadow_pte)) {
1029 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
1030 * the parent of the now unreachable PTE.
1032 if (largepage && !is_large_pte(*shadow_pte)) {
1033 struct kvm_mmu_page *child;
1034 u64 pte = *shadow_pte;
1036 child = page_header(pte & PT64_BASE_ADDR_MASK);
1037 mmu_page_remove_parent_pte(child, shadow_pte);
1038 } else if (host_pfn != page_to_pfn(page)) {
1039 pgprintk("hfn old %lx new %lx\n",
1040 host_pfn, page_to_pfn(page));
1041 rmap_remove(vcpu->kvm, shadow_pte);
1044 was_rmapped = is_large_pte(*shadow_pte);
1052 * We don't set the accessed bit, since we sometimes want to see
1053 * whether the guest actually used the pte (in order to detect
1056 spte = PT_PRESENT_MASK | PT_DIRTY_MASK;
1058 pte_access &= ~ACC_WRITE_MASK;
1059 if (!(pte_access & ACC_EXEC_MASK))
1060 spte |= PT64_NX_MASK;
1062 spte |= PT_PRESENT_MASK;
1063 if (pte_access & ACC_USER_MASK)
1064 spte |= PT_USER_MASK;
1066 spte |= PT_PAGE_SIZE_MASK;
1068 spte |= page_to_phys(page);
1070 if ((pte_access & ACC_WRITE_MASK)
1071 || (write_fault && !is_write_protection(vcpu) && !user_fault)) {
1072 struct kvm_mmu_page *shadow;
1074 spte |= PT_WRITABLE_MASK;
1076 mmu_unshadow(vcpu->kvm, gfn);
1080 shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
1082 (largepage && has_wrprotected_page(vcpu->kvm, gfn))) {
1083 pgprintk("%s: found shadow page for %lx, marking ro\n",
1085 pte_access &= ~ACC_WRITE_MASK;
1086 if (is_writeble_pte(spte)) {
1087 spte &= ~PT_WRITABLE_MASK;
1088 kvm_x86_ops->tlb_flush(vcpu);
1097 if (pte_access & ACC_WRITE_MASK)
1098 mark_page_dirty(vcpu->kvm, gfn);
1100 pgprintk("%s: setting spte %llx\n", __FUNCTION__, spte);
1101 pgprintk("instantiating %s PTE (%s) at %d (%llx) addr %llx\n",
1102 (spte&PT_PAGE_SIZE_MASK)? "2MB" : "4kB",
1103 (spte&PT_WRITABLE_MASK)?"RW":"R", gfn, spte, shadow_pte);
1104 set_shadow_pte(shadow_pte, spte);
1105 if (!was_rmapped && (spte & PT_PAGE_SIZE_MASK)
1106 && (spte & PT_PRESENT_MASK))
1107 ++vcpu->kvm->stat.lpages;
1109 page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
1111 rmap_add(vcpu, shadow_pte, gfn, largepage);
1112 if (!is_rmap_pte(*shadow_pte))
1113 kvm_release_page_clean(page);
1116 kvm_release_page_dirty(page);
1118 kvm_release_page_clean(page);
1120 if (!ptwrite || !*ptwrite)
1121 vcpu->arch.last_pte_updated = shadow_pte;
1124 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
1128 static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
1129 int largepage, gfn_t gfn, struct page *page,
1132 hpa_t table_addr = vcpu->arch.mmu.root_hpa;
1136 u32 index = PT64_INDEX(v, level);
1139 ASSERT(VALID_PAGE(table_addr));
1140 table = __va(table_addr);
1143 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1144 0, write, 1, &pt_write, 0, gfn, page);
1148 if (largepage && level == 2) {
1149 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1150 0, write, 1, &pt_write, 1, gfn, page);
1154 if (table[index] == shadow_trap_nonpresent_pte) {
1155 struct kvm_mmu_page *new_table;
1158 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
1160 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
1162 1, ACC_ALL, &table[index]);
1164 pgprintk("nonpaging_map: ENOMEM\n");
1165 kvm_release_page_clean(page);
1169 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
1170 | PT_WRITABLE_MASK | PT_USER_MASK;
1172 table_addr = table[index] & PT64_BASE_ADDR_MASK;
1176 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
1183 down_read(&vcpu->kvm->slots_lock);
1185 down_read(¤t->mm->mmap_sem);
1186 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1187 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1191 page = gfn_to_page(vcpu->kvm, gfn);
1192 up_read(¤t->mm->mmap_sem);
1195 if (is_error_page(page)) {
1196 kvm_release_page_clean(page);
1197 up_read(&vcpu->kvm->slots_lock);
1201 spin_lock(&vcpu->kvm->mmu_lock);
1202 kvm_mmu_free_some_pages(vcpu);
1203 r = __direct_map(vcpu, v, write, largepage, gfn, page,
1205 spin_unlock(&vcpu->kvm->mmu_lock);
1207 up_read(&vcpu->kvm->slots_lock);
1213 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
1214 struct kvm_mmu_page *sp)
1218 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1219 sp->spt[i] = shadow_trap_nonpresent_pte;
1222 static void mmu_free_roots(struct kvm_vcpu *vcpu)
1225 struct kvm_mmu_page *sp;
1227 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
1229 spin_lock(&vcpu->kvm->mmu_lock);
1230 #ifdef CONFIG_X86_64
1231 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1232 hpa_t root = vcpu->arch.mmu.root_hpa;
1234 sp = page_header(root);
1236 if (!sp->root_count && sp->role.invalid)
1237 kvm_mmu_zap_page(vcpu->kvm, sp);
1238 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1239 spin_unlock(&vcpu->kvm->mmu_lock);
1243 for (i = 0; i < 4; ++i) {
1244 hpa_t root = vcpu->arch.mmu.pae_root[i];
1247 root &= PT64_BASE_ADDR_MASK;
1248 sp = page_header(root);
1250 if (!sp->root_count && sp->role.invalid)
1251 kvm_mmu_zap_page(vcpu->kvm, sp);
1253 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1255 spin_unlock(&vcpu->kvm->mmu_lock);
1256 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1259 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
1263 struct kvm_mmu_page *sp;
1264 int metaphysical = 0;
1266 root_gfn = vcpu->arch.cr3 >> PAGE_SHIFT;
1268 #ifdef CONFIG_X86_64
1269 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1270 hpa_t root = vcpu->arch.mmu.root_hpa;
1272 ASSERT(!VALID_PAGE(root));
1275 sp = kvm_mmu_get_page(vcpu, root_gfn, 0,
1276 PT64_ROOT_LEVEL, metaphysical,
1278 root = __pa(sp->spt);
1280 vcpu->arch.mmu.root_hpa = root;
1284 metaphysical = !is_paging(vcpu);
1287 for (i = 0; i < 4; ++i) {
1288 hpa_t root = vcpu->arch.mmu.pae_root[i];
1290 ASSERT(!VALID_PAGE(root));
1291 if (vcpu->arch.mmu.root_level == PT32E_ROOT_LEVEL) {
1292 if (!is_present_pte(vcpu->arch.pdptrs[i])) {
1293 vcpu->arch.mmu.pae_root[i] = 0;
1296 root_gfn = vcpu->arch.pdptrs[i] >> PAGE_SHIFT;
1297 } else if (vcpu->arch.mmu.root_level == 0)
1299 sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
1300 PT32_ROOT_LEVEL, metaphysical,
1302 root = __pa(sp->spt);
1304 vcpu->arch.mmu.pae_root[i] = root | PT_PRESENT_MASK;
1306 vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
1309 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
1314 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
1320 pgprintk("%s: gva %lx error %x\n", __FUNCTION__, gva, error_code);
1321 r = mmu_topup_memory_caches(vcpu);
1326 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1328 gfn = gva >> PAGE_SHIFT;
1330 return nonpaging_map(vcpu, gva & PAGE_MASK,
1331 error_code & PFERR_WRITE_MASK, gfn);
1334 static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
1340 gfn_t gfn = gpa >> PAGE_SHIFT;
1343 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1345 r = mmu_topup_memory_caches(vcpu);
1349 down_read(¤t->mm->mmap_sem);
1350 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1351 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1354 page = gfn_to_page(vcpu->kvm, gfn);
1355 if (is_error_page(page)) {
1356 kvm_release_page_clean(page);
1357 up_read(¤t->mm->mmap_sem);
1360 spin_lock(&vcpu->kvm->mmu_lock);
1361 kvm_mmu_free_some_pages(vcpu);
1362 r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
1363 largepage, gfn, page, TDP_ROOT_LEVEL);
1364 spin_unlock(&vcpu->kvm->mmu_lock);
1365 up_read(¤t->mm->mmap_sem);
1370 static void nonpaging_free(struct kvm_vcpu *vcpu)
1372 mmu_free_roots(vcpu);
1375 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
1377 struct kvm_mmu *context = &vcpu->arch.mmu;
1379 context->new_cr3 = nonpaging_new_cr3;
1380 context->page_fault = nonpaging_page_fault;
1381 context->gva_to_gpa = nonpaging_gva_to_gpa;
1382 context->free = nonpaging_free;
1383 context->prefetch_page = nonpaging_prefetch_page;
1384 context->root_level = 0;
1385 context->shadow_root_level = PT32E_ROOT_LEVEL;
1386 context->root_hpa = INVALID_PAGE;
1390 void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
1392 ++vcpu->stat.tlb_flush;
1393 kvm_x86_ops->tlb_flush(vcpu);
1396 static void paging_new_cr3(struct kvm_vcpu *vcpu)
1398 pgprintk("%s: cr3 %lx\n", __FUNCTION__, vcpu->arch.cr3);
1399 mmu_free_roots(vcpu);
1402 static void inject_page_fault(struct kvm_vcpu *vcpu,
1406 kvm_inject_page_fault(vcpu, addr, err_code);
1409 static void paging_free(struct kvm_vcpu *vcpu)
1411 nonpaging_free(vcpu);
1415 #include "paging_tmpl.h"
1419 #include "paging_tmpl.h"
1422 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1424 struct kvm_mmu *context = &vcpu->arch.mmu;
1426 ASSERT(is_pae(vcpu));
1427 context->new_cr3 = paging_new_cr3;
1428 context->page_fault = paging64_page_fault;
1429 context->gva_to_gpa = paging64_gva_to_gpa;
1430 context->prefetch_page = paging64_prefetch_page;
1431 context->free = paging_free;
1432 context->root_level = level;
1433 context->shadow_root_level = level;
1434 context->root_hpa = INVALID_PAGE;
1438 static int paging64_init_context(struct kvm_vcpu *vcpu)
1440 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1443 static int paging32_init_context(struct kvm_vcpu *vcpu)
1445 struct kvm_mmu *context = &vcpu->arch.mmu;
1447 context->new_cr3 = paging_new_cr3;
1448 context->page_fault = paging32_page_fault;
1449 context->gva_to_gpa = paging32_gva_to_gpa;
1450 context->free = paging_free;
1451 context->prefetch_page = paging32_prefetch_page;
1452 context->root_level = PT32_ROOT_LEVEL;
1453 context->shadow_root_level = PT32E_ROOT_LEVEL;
1454 context->root_hpa = INVALID_PAGE;
1458 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1460 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1463 static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
1465 struct kvm_mmu *context = &vcpu->arch.mmu;
1467 context->new_cr3 = nonpaging_new_cr3;
1468 context->page_fault = tdp_page_fault;
1469 context->free = nonpaging_free;
1470 context->prefetch_page = nonpaging_prefetch_page;
1471 context->shadow_root_level = TDP_ROOT_LEVEL;
1472 context->root_hpa = INVALID_PAGE;
1474 if (!is_paging(vcpu)) {
1475 context->gva_to_gpa = nonpaging_gva_to_gpa;
1476 context->root_level = 0;
1477 } else if (is_long_mode(vcpu)) {
1478 context->gva_to_gpa = paging64_gva_to_gpa;
1479 context->root_level = PT64_ROOT_LEVEL;
1480 } else if (is_pae(vcpu)) {
1481 context->gva_to_gpa = paging64_gva_to_gpa;
1482 context->root_level = PT32E_ROOT_LEVEL;
1484 context->gva_to_gpa = paging32_gva_to_gpa;
1485 context->root_level = PT32_ROOT_LEVEL;
1491 static int init_kvm_softmmu(struct kvm_vcpu *vcpu)
1494 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1496 if (!is_paging(vcpu))
1497 return nonpaging_init_context(vcpu);
1498 else if (is_long_mode(vcpu))
1499 return paging64_init_context(vcpu);
1500 else if (is_pae(vcpu))
1501 return paging32E_init_context(vcpu);
1503 return paging32_init_context(vcpu);
1506 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1509 return init_kvm_tdp_mmu(vcpu);
1511 return init_kvm_softmmu(vcpu);
1514 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1517 if (VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
1518 vcpu->arch.mmu.free(vcpu);
1519 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1523 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1525 destroy_kvm_mmu(vcpu);
1526 return init_kvm_mmu(vcpu);
1528 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
1530 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1534 r = mmu_topup_memory_caches(vcpu);
1537 spin_lock(&vcpu->kvm->mmu_lock);
1538 kvm_mmu_free_some_pages(vcpu);
1539 mmu_alloc_roots(vcpu);
1540 spin_unlock(&vcpu->kvm->mmu_lock);
1541 kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
1542 kvm_mmu_flush_tlb(vcpu);
1546 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1548 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1550 mmu_free_roots(vcpu);
1553 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1554 struct kvm_mmu_page *sp,
1558 struct kvm_mmu_page *child;
1561 if (is_shadow_present_pte(pte)) {
1562 if (sp->role.level == PT_PAGE_TABLE_LEVEL ||
1564 rmap_remove(vcpu->kvm, spte);
1566 child = page_header(pte & PT64_BASE_ADDR_MASK);
1567 mmu_page_remove_parent_pte(child, spte);
1570 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
1571 if (is_large_pte(pte))
1572 --vcpu->kvm->stat.lpages;
1575 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1576 struct kvm_mmu_page *sp,
1580 if ((sp->role.level != PT_PAGE_TABLE_LEVEL)
1581 && !vcpu->arch.update_pte.largepage) {
1582 ++vcpu->kvm->stat.mmu_pde_zapped;
1586 ++vcpu->kvm->stat.mmu_pte_updated;
1587 if (sp->role.glevels == PT32_ROOT_LEVEL)
1588 paging32_update_pte(vcpu, sp, spte, new);
1590 paging64_update_pte(vcpu, sp, spte, new);
1593 static bool need_remote_flush(u64 old, u64 new)
1595 if (!is_shadow_present_pte(old))
1597 if (!is_shadow_present_pte(new))
1599 if ((old ^ new) & PT64_BASE_ADDR_MASK)
1601 old ^= PT64_NX_MASK;
1602 new ^= PT64_NX_MASK;
1603 return (old & ~new & PT64_PERM_MASK) != 0;
1606 static void mmu_pte_write_flush_tlb(struct kvm_vcpu *vcpu, u64 old, u64 new)
1608 if (need_remote_flush(old, new))
1609 kvm_flush_remote_tlbs(vcpu->kvm);
1611 kvm_mmu_flush_tlb(vcpu);
1614 static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
1616 u64 *spte = vcpu->arch.last_pte_updated;
1618 return !!(spte && (*spte & PT_ACCESSED_MASK));
1621 static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1622 const u8 *new, int bytes)
1629 vcpu->arch.update_pte.largepage = 0;
1631 if (bytes != 4 && bytes != 8)
1635 * Assume that the pte write on a page table of the same type
1636 * as the current vcpu paging mode. This is nearly always true
1637 * (might be false while changing modes). Note it is verified later
1641 /* Handle a 32-bit guest writing two halves of a 64-bit gpte */
1642 if ((bytes == 4) && (gpa % 4 == 0)) {
1643 r = kvm_read_guest(vcpu->kvm, gpa & ~(u64)7, &gpte, 8);
1646 memcpy((void *)&gpte + (gpa % 8), new, 4);
1647 } else if ((bytes == 8) && (gpa % 8 == 0)) {
1648 memcpy((void *)&gpte, new, 8);
1651 if ((bytes == 4) && (gpa % 4 == 0))
1652 memcpy((void *)&gpte, new, 4);
1654 if (!is_present_pte(gpte))
1656 gfn = (gpte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
1658 down_read(¤t->mm->mmap_sem);
1659 if (is_large_pte(gpte) && is_largepage_backed(vcpu, gfn)) {
1660 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1661 vcpu->arch.update_pte.largepage = 1;
1663 page = gfn_to_page(vcpu->kvm, gfn);
1664 up_read(¤t->mm->mmap_sem);
1666 if (is_error_page(page)) {
1667 kvm_release_page_clean(page);
1670 vcpu->arch.update_pte.gfn = gfn;
1671 vcpu->arch.update_pte.page = page;
1674 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1675 const u8 *new, int bytes)
1677 gfn_t gfn = gpa >> PAGE_SHIFT;
1678 struct kvm_mmu_page *sp;
1679 struct hlist_node *node, *n;
1680 struct hlist_head *bucket;
1684 unsigned offset = offset_in_page(gpa);
1686 unsigned page_offset;
1687 unsigned misaligned;
1694 pgprintk("%s: gpa %llx bytes %d\n", __FUNCTION__, gpa, bytes);
1695 mmu_guess_page_from_pte_write(vcpu, gpa, new, bytes);
1696 spin_lock(&vcpu->kvm->mmu_lock);
1697 kvm_mmu_free_some_pages(vcpu);
1698 ++vcpu->kvm->stat.mmu_pte_write;
1699 kvm_mmu_audit(vcpu, "pre pte write");
1700 if (gfn == vcpu->arch.last_pt_write_gfn
1701 && !last_updated_pte_accessed(vcpu)) {
1702 ++vcpu->arch.last_pt_write_count;
1703 if (vcpu->arch.last_pt_write_count >= 3)
1706 vcpu->arch.last_pt_write_gfn = gfn;
1707 vcpu->arch.last_pt_write_count = 1;
1708 vcpu->arch.last_pte_updated = NULL;
1710 index = kvm_page_table_hashfn(gfn);
1711 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
1712 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link) {
1713 if (sp->gfn != gfn || sp->role.metaphysical)
1715 pte_size = sp->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1716 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1717 misaligned |= bytes < 4;
1718 if (misaligned || flooded) {
1720 * Misaligned accesses are too much trouble to fix
1721 * up; also, they usually indicate a page is not used
1724 * If we're seeing too many writes to a page,
1725 * it may no longer be a page table, or we may be
1726 * forking, in which case it is better to unmap the
1729 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1730 gpa, bytes, sp->role.word);
1731 kvm_mmu_zap_page(vcpu->kvm, sp);
1732 ++vcpu->kvm->stat.mmu_flooded;
1735 page_offset = offset;
1736 level = sp->role.level;
1738 if (sp->role.glevels == PT32_ROOT_LEVEL) {
1739 page_offset <<= 1; /* 32->64 */
1741 * A 32-bit pde maps 4MB while the shadow pdes map
1742 * only 2MB. So we need to double the offset again
1743 * and zap two pdes instead of one.
1745 if (level == PT32_ROOT_LEVEL) {
1746 page_offset &= ~7; /* kill rounding error */
1750 quadrant = page_offset >> PAGE_SHIFT;
1751 page_offset &= ~PAGE_MASK;
1752 if (quadrant != sp->role.quadrant)
1755 spte = &sp->spt[page_offset / sizeof(*spte)];
1756 if ((gpa & (pte_size - 1)) || (bytes < pte_size)) {
1758 r = kvm_read_guest_atomic(vcpu->kvm,
1759 gpa & ~(u64)(pte_size - 1),
1761 new = (const void *)&gentry;
1767 mmu_pte_write_zap_pte(vcpu, sp, spte);
1769 mmu_pte_write_new_pte(vcpu, sp, spte, new);
1770 mmu_pte_write_flush_tlb(vcpu, entry, *spte);
1774 kvm_mmu_audit(vcpu, "post pte write");
1775 spin_unlock(&vcpu->kvm->mmu_lock);
1776 if (vcpu->arch.update_pte.page) {
1777 kvm_release_page_clean(vcpu->arch.update_pte.page);
1778 vcpu->arch.update_pte.page = NULL;
1782 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1787 down_read(&vcpu->kvm->slots_lock);
1788 gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1789 up_read(&vcpu->kvm->slots_lock);
1791 spin_lock(&vcpu->kvm->mmu_lock);
1792 r = kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1793 spin_unlock(&vcpu->kvm->mmu_lock);
1797 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1799 while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
1800 struct kvm_mmu_page *sp;
1802 sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
1803 struct kvm_mmu_page, link);
1804 kvm_mmu_zap_page(vcpu->kvm, sp);
1805 ++vcpu->kvm->stat.mmu_recycled;
1809 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
1812 enum emulation_result er;
1814 r = vcpu->arch.mmu.page_fault(vcpu, cr2, error_code);
1823 r = mmu_topup_memory_caches(vcpu);
1827 er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
1832 case EMULATE_DO_MMIO:
1833 ++vcpu->stat.mmio_exits;
1836 kvm_report_emulation_failure(vcpu, "pagetable");
1844 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
1846 void kvm_enable_tdp(void)
1850 EXPORT_SYMBOL_GPL(kvm_enable_tdp);
1852 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1854 struct kvm_mmu_page *sp;
1856 while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
1857 sp = container_of(vcpu->kvm->arch.active_mmu_pages.next,
1858 struct kvm_mmu_page, link);
1859 kvm_mmu_zap_page(vcpu->kvm, sp);
1861 free_page((unsigned long)vcpu->arch.mmu.pae_root);
1864 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1871 if (vcpu->kvm->arch.n_requested_mmu_pages)
1872 vcpu->kvm->arch.n_free_mmu_pages =
1873 vcpu->kvm->arch.n_requested_mmu_pages;
1875 vcpu->kvm->arch.n_free_mmu_pages =
1876 vcpu->kvm->arch.n_alloc_mmu_pages;
1878 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1879 * Therefore we need to allocate shadow page tables in the first
1880 * 4GB of memory, which happens to fit the DMA32 zone.
1882 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1885 vcpu->arch.mmu.pae_root = page_address(page);
1886 for (i = 0; i < 4; ++i)
1887 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1892 free_mmu_pages(vcpu);
1896 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1899 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1901 return alloc_mmu_pages(vcpu);
1904 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1907 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1909 return init_kvm_mmu(vcpu);
1912 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1916 destroy_kvm_mmu(vcpu);
1917 free_mmu_pages(vcpu);
1918 mmu_free_memory_caches(vcpu);
1921 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
1923 struct kvm_mmu_page *sp;
1925 list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
1929 if (!test_bit(slot, &sp->slot_bitmap))
1933 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1935 if (pt[i] & PT_WRITABLE_MASK)
1936 pt[i] &= ~PT_WRITABLE_MASK;
1940 void kvm_mmu_zap_all(struct kvm *kvm)
1942 struct kvm_mmu_page *sp, *node;
1944 spin_lock(&kvm->mmu_lock);
1945 list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link)
1946 kvm_mmu_zap_page(kvm, sp);
1947 spin_unlock(&kvm->mmu_lock);
1949 kvm_flush_remote_tlbs(kvm);
1952 void kvm_mmu_module_exit(void)
1954 if (pte_chain_cache)
1955 kmem_cache_destroy(pte_chain_cache);
1956 if (rmap_desc_cache)
1957 kmem_cache_destroy(rmap_desc_cache);
1958 if (mmu_page_header_cache)
1959 kmem_cache_destroy(mmu_page_header_cache);
1962 int kvm_mmu_module_init(void)
1964 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1965 sizeof(struct kvm_pte_chain),
1967 if (!pte_chain_cache)
1969 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
1970 sizeof(struct kvm_rmap_desc),
1972 if (!rmap_desc_cache)
1975 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
1976 sizeof(struct kvm_mmu_page),
1978 if (!mmu_page_header_cache)
1984 kvm_mmu_module_exit();
1989 * Caculate mmu pages needed for kvm.
1991 unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
1994 unsigned int nr_mmu_pages;
1995 unsigned int nr_pages = 0;
1997 for (i = 0; i < kvm->nmemslots; i++)
1998 nr_pages += kvm->memslots[i].npages;
2000 nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
2001 nr_mmu_pages = max(nr_mmu_pages,
2002 (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
2004 return nr_mmu_pages;
2009 static const char *audit_msg;
2011 static gva_t canonicalize(gva_t gva)
2013 #ifdef CONFIG_X86_64
2014 gva = (long long)(gva << 16) >> 16;
2019 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
2020 gva_t va, int level)
2022 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
2024 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
2026 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
2029 if (ent == shadow_trap_nonpresent_pte)
2032 va = canonicalize(va);
2034 if (ent == shadow_notrap_nonpresent_pte)
2035 printk(KERN_ERR "audit: (%s) nontrapping pte"
2036 " in nonleaf level: levels %d gva %lx"
2037 " level %d pte %llx\n", audit_msg,
2038 vcpu->arch.mmu.root_level, va, level, ent);
2040 audit_mappings_page(vcpu, ent, va, level - 1);
2042 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, va);
2043 struct page *page = gpa_to_page(vcpu, gpa);
2044 hpa_t hpa = page_to_phys(page);
2046 if (is_shadow_present_pte(ent)
2047 && (ent & PT64_BASE_ADDR_MASK) != hpa)
2048 printk(KERN_ERR "xx audit error: (%s) levels %d"
2049 " gva %lx gpa %llx hpa %llx ent %llx %d\n",
2050 audit_msg, vcpu->arch.mmu.root_level,
2052 is_shadow_present_pte(ent));
2053 else if (ent == shadow_notrap_nonpresent_pte
2054 && !is_error_hpa(hpa))
2055 printk(KERN_ERR "audit: (%s) notrap shadow,"
2056 " valid guest gva %lx\n", audit_msg, va);
2057 kvm_release_page_clean(page);
2063 static void audit_mappings(struct kvm_vcpu *vcpu)
2067 if (vcpu->arch.mmu.root_level == 4)
2068 audit_mappings_page(vcpu, vcpu->arch.mmu.root_hpa, 0, 4);
2070 for (i = 0; i < 4; ++i)
2071 if (vcpu->arch.mmu.pae_root[i] & PT_PRESENT_MASK)
2072 audit_mappings_page(vcpu,
2073 vcpu->arch.mmu.pae_root[i],
2078 static int count_rmaps(struct kvm_vcpu *vcpu)
2083 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
2084 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
2085 struct kvm_rmap_desc *d;
2087 for (j = 0; j < m->npages; ++j) {
2088 unsigned long *rmapp = &m->rmap[j];
2092 if (!(*rmapp & 1)) {
2096 d = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
2098 for (k = 0; k < RMAP_EXT; ++k)
2099 if (d->shadow_ptes[k])
2110 static int count_writable_mappings(struct kvm_vcpu *vcpu)
2113 struct kvm_mmu_page *sp;
2116 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2119 if (sp->role.level != PT_PAGE_TABLE_LEVEL)
2122 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
2125 if (!(ent & PT_PRESENT_MASK))
2127 if (!(ent & PT_WRITABLE_MASK))
2135 static void audit_rmap(struct kvm_vcpu *vcpu)
2137 int n_rmap = count_rmaps(vcpu);
2138 int n_actual = count_writable_mappings(vcpu);
2140 if (n_rmap != n_actual)
2141 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
2142 __FUNCTION__, audit_msg, n_rmap, n_actual);
2145 static void audit_write_protection(struct kvm_vcpu *vcpu)
2147 struct kvm_mmu_page *sp;
2148 struct kvm_memory_slot *slot;
2149 unsigned long *rmapp;
2152 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2153 if (sp->role.metaphysical)
2156 slot = gfn_to_memslot(vcpu->kvm, sp->gfn);
2157 gfn = unalias_gfn(vcpu->kvm, sp->gfn);
2158 rmapp = &slot->rmap[gfn - slot->base_gfn];
2160 printk(KERN_ERR "%s: (%s) shadow page has writable"
2161 " mappings: gfn %lx role %x\n",
2162 __FUNCTION__, audit_msg, sp->gfn,
2167 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
2174 audit_write_protection(vcpu);
2175 audit_mappings(vcpu);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob