2 * Kernel-based Virtual Machine driver for Linux
4 * This module enables machines with Intel VT-x extensions to run virtual
5 * machines without emulation or binary translation.
9 * Copyright (C) 2006 Qumranet, Inc.
12 * Yaniv Kamay <yaniv@qumranet.com>
13 * Avi Kivity <avi@qumranet.com>
15 * This work is licensed under the terms of the GNU GPL, version 2. See
16 * the COPYING file in the top-level directory.
23 #include <linux/kvm_host.h>
24 #include <linux/types.h>
25 #include <linux/string.h>
27 #include <linux/highmem.h>
28 #include <linux/module.h>
29 #include <linux/swap.h>
30 #include <linux/hugetlb.h>
31 #include <linux/compiler.h>
34 #include <asm/cmpxchg.h>
38 * When setting this variable to true it enables Two-Dimensional-Paging
39 * where the hardware walks 2 page tables:
40 * 1. the guest-virtual to guest-physical
41 * 2. while doing 1. it walks guest-physical to host-physical
42 * If the hardware supports that we don't need to do shadow paging.
44 bool tdp_enabled = false;
51 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg);
53 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg) {}
58 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
59 #define rmap_printk(x...) do { if (dbg) printk(x); } while (0)
63 #define pgprintk(x...) do { } while (0)
64 #define rmap_printk(x...) do { } while (0)
68 #if defined(MMU_DEBUG) || defined(AUDIT)
73 #define ASSERT(x) do { } while (0)
77 printk(KERN_WARNING "assertion failed %s:%d: %s\n", \
78 __FILE__, __LINE__, #x); \
82 #define PT_FIRST_AVAIL_BITS_SHIFT 9
83 #define PT64_SECOND_AVAIL_BITS_SHIFT 52
85 #define VALID_PAGE(x) ((x) != INVALID_PAGE)
87 #define PT64_LEVEL_BITS 9
89 #define PT64_LEVEL_SHIFT(level) \
90 (PAGE_SHIFT + (level - 1) * PT64_LEVEL_BITS)
92 #define PT64_LEVEL_MASK(level) \
93 (((1ULL << PT64_LEVEL_BITS) - 1) << PT64_LEVEL_SHIFT(level))
95 #define PT64_INDEX(address, level)\
96 (((address) >> PT64_LEVEL_SHIFT(level)) & ((1 << PT64_LEVEL_BITS) - 1))
99 #define PT32_LEVEL_BITS 10
101 #define PT32_LEVEL_SHIFT(level) \
102 (PAGE_SHIFT + (level - 1) * PT32_LEVEL_BITS)
104 #define PT32_LEVEL_MASK(level) \
105 (((1ULL << PT32_LEVEL_BITS) - 1) << PT32_LEVEL_SHIFT(level))
107 #define PT32_INDEX(address, level)\
108 (((address) >> PT32_LEVEL_SHIFT(level)) & ((1 << PT32_LEVEL_BITS) - 1))
111 #define PT64_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
112 #define PT64_DIR_BASE_ADDR_MASK \
113 (PT64_BASE_ADDR_MASK & ~((1ULL << (PAGE_SHIFT + PT64_LEVEL_BITS)) - 1))
115 #define PT32_BASE_ADDR_MASK PAGE_MASK
116 #define PT32_DIR_BASE_ADDR_MASK \
117 (PAGE_MASK & ~((1ULL << (PAGE_SHIFT + PT32_LEVEL_BITS)) - 1))
119 #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK \
122 #define PFERR_PRESENT_MASK (1U << 0)
123 #define PFERR_WRITE_MASK (1U << 1)
124 #define PFERR_USER_MASK (1U << 2)
125 #define PFERR_FETCH_MASK (1U << 4)
127 #define PT_DIRECTORY_LEVEL 2
128 #define PT_PAGE_TABLE_LEVEL 1
132 #define ACC_EXEC_MASK 1
133 #define ACC_WRITE_MASK PT_WRITABLE_MASK
134 #define ACC_USER_MASK PT_USER_MASK
135 #define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
137 struct kvm_pv_mmu_op_buffer {
141 char buf[512] __aligned(sizeof(long));
144 struct kvm_rmap_desc {
145 u64 *shadow_ptes[RMAP_EXT];
146 struct kvm_rmap_desc *more;
149 static struct kmem_cache *pte_chain_cache;
150 static struct kmem_cache *rmap_desc_cache;
151 static struct kmem_cache *mmu_page_header_cache;
153 static u64 __read_mostly shadow_trap_nonpresent_pte;
154 static u64 __read_mostly shadow_notrap_nonpresent_pte;
156 void kvm_mmu_set_nonpresent_ptes(u64 trap_pte, u64 notrap_pte)
158 shadow_trap_nonpresent_pte = trap_pte;
159 shadow_notrap_nonpresent_pte = notrap_pte;
161 EXPORT_SYMBOL_GPL(kvm_mmu_set_nonpresent_ptes);
163 static int is_write_protection(struct kvm_vcpu *vcpu)
165 return vcpu->arch.cr0 & X86_CR0_WP;
168 static int is_cpuid_PSE36(void)
173 static int is_nx(struct kvm_vcpu *vcpu)
175 return vcpu->arch.shadow_efer & EFER_NX;
178 static int is_present_pte(unsigned long pte)
180 return pte & PT_PRESENT_MASK;
183 static int is_shadow_present_pte(u64 pte)
185 return pte != shadow_trap_nonpresent_pte
186 && pte != shadow_notrap_nonpresent_pte;
189 static int is_large_pte(u64 pte)
191 return pte & PT_PAGE_SIZE_MASK;
194 static int is_writeble_pte(unsigned long pte)
196 return pte & PT_WRITABLE_MASK;
199 static int is_dirty_pte(unsigned long pte)
201 return pte & PT_DIRTY_MASK;
204 static int is_rmap_pte(u64 pte)
206 return is_shadow_present_pte(pte);
209 static pfn_t spte_to_pfn(u64 pte)
211 return (pte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
214 static gfn_t pse36_gfn_delta(u32 gpte)
216 int shift = 32 - PT32_DIR_PSE36_SHIFT - PAGE_SHIFT;
218 return (gpte & PT32_DIR_PSE36_MASK) << shift;
221 static void set_shadow_pte(u64 *sptep, u64 spte)
224 set_64bit((unsigned long *)sptep, spte);
226 set_64bit((unsigned long long *)sptep, spte);
230 static int mmu_topup_memory_cache(struct kvm_mmu_memory_cache *cache,
231 struct kmem_cache *base_cache, int min)
235 if (cache->nobjs >= min)
237 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
238 obj = kmem_cache_zalloc(base_cache, GFP_KERNEL);
241 cache->objects[cache->nobjs++] = obj;
246 static void mmu_free_memory_cache(struct kvm_mmu_memory_cache *mc)
249 kfree(mc->objects[--mc->nobjs]);
252 static int mmu_topup_memory_cache_page(struct kvm_mmu_memory_cache *cache,
257 if (cache->nobjs >= min)
259 while (cache->nobjs < ARRAY_SIZE(cache->objects)) {
260 page = alloc_page(GFP_KERNEL);
263 set_page_private(page, 0);
264 cache->objects[cache->nobjs++] = page_address(page);
269 static void mmu_free_memory_cache_page(struct kvm_mmu_memory_cache *mc)
272 free_page((unsigned long)mc->objects[--mc->nobjs]);
275 static int mmu_topup_memory_caches(struct kvm_vcpu *vcpu)
279 r = mmu_topup_memory_cache(&vcpu->arch.mmu_pte_chain_cache,
283 r = mmu_topup_memory_cache(&vcpu->arch.mmu_rmap_desc_cache,
287 r = mmu_topup_memory_cache_page(&vcpu->arch.mmu_page_cache, 8);
290 r = mmu_topup_memory_cache(&vcpu->arch.mmu_page_header_cache,
291 mmu_page_header_cache, 4);
296 static void mmu_free_memory_caches(struct kvm_vcpu *vcpu)
298 mmu_free_memory_cache(&vcpu->arch.mmu_pte_chain_cache);
299 mmu_free_memory_cache(&vcpu->arch.mmu_rmap_desc_cache);
300 mmu_free_memory_cache_page(&vcpu->arch.mmu_page_cache);
301 mmu_free_memory_cache(&vcpu->arch.mmu_page_header_cache);
304 static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc,
310 p = mc->objects[--mc->nobjs];
315 static struct kvm_pte_chain *mmu_alloc_pte_chain(struct kvm_vcpu *vcpu)
317 return mmu_memory_cache_alloc(&vcpu->arch.mmu_pte_chain_cache,
318 sizeof(struct kvm_pte_chain));
321 static void mmu_free_pte_chain(struct kvm_pte_chain *pc)
326 static struct kvm_rmap_desc *mmu_alloc_rmap_desc(struct kvm_vcpu *vcpu)
328 return mmu_memory_cache_alloc(&vcpu->arch.mmu_rmap_desc_cache,
329 sizeof(struct kvm_rmap_desc));
332 static void mmu_free_rmap_desc(struct kvm_rmap_desc *rd)
338 * Return the pointer to the largepage write count for a given
339 * gfn, handling slots that are not large page aligned.
341 static int *slot_largepage_idx(gfn_t gfn, struct kvm_memory_slot *slot)
345 idx = (gfn / KVM_PAGES_PER_HPAGE) -
346 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
347 return &slot->lpage_info[idx].write_count;
350 static void account_shadowed(struct kvm *kvm, gfn_t gfn)
354 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
356 WARN_ON(*write_count > KVM_PAGES_PER_HPAGE);
359 static void unaccount_shadowed(struct kvm *kvm, gfn_t gfn)
363 write_count = slot_largepage_idx(gfn, gfn_to_memslot(kvm, gfn));
365 WARN_ON(*write_count < 0);
368 static int has_wrprotected_page(struct kvm *kvm, gfn_t gfn)
370 struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
374 largepage_idx = slot_largepage_idx(gfn, slot);
375 return *largepage_idx;
381 static int host_largepage_backed(struct kvm *kvm, gfn_t gfn)
383 struct vm_area_struct *vma;
386 addr = gfn_to_hva(kvm, gfn);
387 if (kvm_is_error_hva(addr))
390 vma = find_vma(current->mm, addr);
391 if (vma && is_vm_hugetlb_page(vma))
397 static int is_largepage_backed(struct kvm_vcpu *vcpu, gfn_t large_gfn)
399 struct kvm_memory_slot *slot;
401 if (has_wrprotected_page(vcpu->kvm, large_gfn))
404 if (!host_largepage_backed(vcpu->kvm, large_gfn))
407 slot = gfn_to_memslot(vcpu->kvm, large_gfn);
408 if (slot && slot->dirty_bitmap)
415 * Take gfn and return the reverse mapping to it.
416 * Note: gfn must be unaliased before this function get called
419 static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage)
421 struct kvm_memory_slot *slot;
424 slot = gfn_to_memslot(kvm, gfn);
426 return &slot->rmap[gfn - slot->base_gfn];
428 idx = (gfn / KVM_PAGES_PER_HPAGE) -
429 (slot->base_gfn / KVM_PAGES_PER_HPAGE);
431 return &slot->lpage_info[idx].rmap_pde;
435 * Reverse mapping data structures:
437 * If rmapp bit zero is zero, then rmapp point to the shadw page table entry
438 * that points to page_address(page).
440 * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc
441 * containing more mappings.
443 static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage)
445 struct kvm_mmu_page *sp;
446 struct kvm_rmap_desc *desc;
447 unsigned long *rmapp;
450 if (!is_rmap_pte(*spte))
452 gfn = unalias_gfn(vcpu->kvm, gfn);
453 sp = page_header(__pa(spte));
454 sp->gfns[spte - sp->spt] = gfn;
455 rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage);
457 rmap_printk("rmap_add: %p %llx 0->1\n", spte, *spte);
458 *rmapp = (unsigned long)spte;
459 } else if (!(*rmapp & 1)) {
460 rmap_printk("rmap_add: %p %llx 1->many\n", spte, *spte);
461 desc = mmu_alloc_rmap_desc(vcpu);
462 desc->shadow_ptes[0] = (u64 *)*rmapp;
463 desc->shadow_ptes[1] = spte;
464 *rmapp = (unsigned long)desc | 1;
466 rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte);
467 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
468 while (desc->shadow_ptes[RMAP_EXT-1] && desc->more)
470 if (desc->shadow_ptes[RMAP_EXT-1]) {
471 desc->more = mmu_alloc_rmap_desc(vcpu);
474 for (i = 0; desc->shadow_ptes[i]; ++i)
476 desc->shadow_ptes[i] = spte;
480 static void rmap_desc_remove_entry(unsigned long *rmapp,
481 struct kvm_rmap_desc *desc,
483 struct kvm_rmap_desc *prev_desc)
487 for (j = RMAP_EXT - 1; !desc->shadow_ptes[j] && j > i; --j)
489 desc->shadow_ptes[i] = desc->shadow_ptes[j];
490 desc->shadow_ptes[j] = NULL;
493 if (!prev_desc && !desc->more)
494 *rmapp = (unsigned long)desc->shadow_ptes[0];
497 prev_desc->more = desc->more;
499 *rmapp = (unsigned long)desc->more | 1;
500 mmu_free_rmap_desc(desc);
503 static void rmap_remove(struct kvm *kvm, u64 *spte)
505 struct kvm_rmap_desc *desc;
506 struct kvm_rmap_desc *prev_desc;
507 struct kvm_mmu_page *sp;
509 unsigned long *rmapp;
512 if (!is_rmap_pte(*spte))
514 sp = page_header(__pa(spte));
515 pfn = spte_to_pfn(*spte);
516 if (*spte & PT_ACCESSED_MASK)
517 kvm_set_pfn_accessed(pfn);
518 if (is_writeble_pte(*spte))
519 kvm_release_pfn_dirty(pfn);
521 kvm_release_pfn_clean(pfn);
522 rmapp = gfn_to_rmap(kvm, sp->gfns[spte - sp->spt], is_large_pte(*spte));
524 printk(KERN_ERR "rmap_remove: %p %llx 0->BUG\n", spte, *spte);
526 } else if (!(*rmapp & 1)) {
527 rmap_printk("rmap_remove: %p %llx 1->0\n", spte, *spte);
528 if ((u64 *)*rmapp != spte) {
529 printk(KERN_ERR "rmap_remove: %p %llx 1->BUG\n",
535 rmap_printk("rmap_remove: %p %llx many->many\n", spte, *spte);
536 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
539 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i)
540 if (desc->shadow_ptes[i] == spte) {
541 rmap_desc_remove_entry(rmapp,
553 static u64 *rmap_next(struct kvm *kvm, unsigned long *rmapp, u64 *spte)
555 struct kvm_rmap_desc *desc;
556 struct kvm_rmap_desc *prev_desc;
562 else if (!(*rmapp & 1)) {
564 return (u64 *)*rmapp;
567 desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
571 for (i = 0; i < RMAP_EXT && desc->shadow_ptes[i]; ++i) {
572 if (prev_spte == spte)
573 return desc->shadow_ptes[i];
574 prev_spte = desc->shadow_ptes[i];
581 static void rmap_write_protect(struct kvm *kvm, u64 gfn)
583 unsigned long *rmapp;
585 int write_protected = 0;
587 gfn = unalias_gfn(kvm, gfn);
588 rmapp = gfn_to_rmap(kvm, gfn, 0);
590 spte = rmap_next(kvm, rmapp, NULL);
593 BUG_ON(!(*spte & PT_PRESENT_MASK));
594 rmap_printk("rmap_write_protect: spte %p %llx\n", spte, *spte);
595 if (is_writeble_pte(*spte)) {
596 set_shadow_pte(spte, *spte & ~PT_WRITABLE_MASK);
599 spte = rmap_next(kvm, rmapp, spte);
601 if (write_protected) {
604 spte = rmap_next(kvm, rmapp, NULL);
605 pfn = spte_to_pfn(*spte);
606 kvm_set_pfn_dirty(pfn);
609 /* check for huge page mappings */
610 rmapp = gfn_to_rmap(kvm, gfn, 1);
611 spte = rmap_next(kvm, rmapp, NULL);
614 BUG_ON(!(*spte & PT_PRESENT_MASK));
615 BUG_ON((*spte & (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK)) != (PT_PAGE_SIZE_MASK|PT_PRESENT_MASK));
616 pgprintk("rmap_write_protect(large): spte %p %llx %lld\n", spte, *spte, gfn);
617 if (is_writeble_pte(*spte)) {
618 rmap_remove(kvm, spte);
620 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
623 spte = rmap_next(kvm, rmapp, spte);
627 kvm_flush_remote_tlbs(kvm);
629 account_shadowed(kvm, gfn);
633 static int is_empty_shadow_page(u64 *spt)
638 for (pos = spt, end = pos + PAGE_SIZE / sizeof(u64); pos != end; pos++)
639 if (*pos != shadow_trap_nonpresent_pte) {
640 printk(KERN_ERR "%s: %p %llx\n", __func__,
648 static void kvm_mmu_free_page(struct kvm *kvm, struct kvm_mmu_page *sp)
650 ASSERT(is_empty_shadow_page(sp->spt));
652 __free_page(virt_to_page(sp->spt));
653 __free_page(virt_to_page(sp->gfns));
655 ++kvm->arch.n_free_mmu_pages;
658 static unsigned kvm_page_table_hashfn(gfn_t gfn)
660 return gfn & ((1 << KVM_MMU_HASH_SHIFT) - 1);
663 static struct kvm_mmu_page *kvm_mmu_alloc_page(struct kvm_vcpu *vcpu,
666 struct kvm_mmu_page *sp;
668 sp = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_header_cache, sizeof *sp);
669 sp->spt = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
670 sp->gfns = mmu_memory_cache_alloc(&vcpu->arch.mmu_page_cache, PAGE_SIZE);
671 set_page_private(virt_to_page(sp->spt), (unsigned long)sp);
672 list_add(&sp->link, &vcpu->kvm->arch.active_mmu_pages);
673 ASSERT(is_empty_shadow_page(sp->spt));
676 sp->parent_pte = parent_pte;
677 --vcpu->kvm->arch.n_free_mmu_pages;
681 static void mmu_page_add_parent_pte(struct kvm_vcpu *vcpu,
682 struct kvm_mmu_page *sp, u64 *parent_pte)
684 struct kvm_pte_chain *pte_chain;
685 struct hlist_node *node;
690 if (!sp->multimapped) {
691 u64 *old = sp->parent_pte;
694 sp->parent_pte = parent_pte;
698 pte_chain = mmu_alloc_pte_chain(vcpu);
699 INIT_HLIST_HEAD(&sp->parent_ptes);
700 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
701 pte_chain->parent_ptes[0] = old;
703 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link) {
704 if (pte_chain->parent_ptes[NR_PTE_CHAIN_ENTRIES-1])
706 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i)
707 if (!pte_chain->parent_ptes[i]) {
708 pte_chain->parent_ptes[i] = parent_pte;
712 pte_chain = mmu_alloc_pte_chain(vcpu);
714 hlist_add_head(&pte_chain->link, &sp->parent_ptes);
715 pte_chain->parent_ptes[0] = parent_pte;
718 static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
721 struct kvm_pte_chain *pte_chain;
722 struct hlist_node *node;
725 if (!sp->multimapped) {
726 BUG_ON(sp->parent_pte != parent_pte);
727 sp->parent_pte = NULL;
730 hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
731 for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
732 if (!pte_chain->parent_ptes[i])
734 if (pte_chain->parent_ptes[i] != parent_pte)
736 while (i + 1 < NR_PTE_CHAIN_ENTRIES
737 && pte_chain->parent_ptes[i + 1]) {
738 pte_chain->parent_ptes[i]
739 = pte_chain->parent_ptes[i + 1];
742 pte_chain->parent_ptes[i] = NULL;
744 hlist_del(&pte_chain->link);
745 mmu_free_pte_chain(pte_chain);
746 if (hlist_empty(&sp->parent_ptes)) {
748 sp->parent_pte = NULL;
756 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
759 struct hlist_head *bucket;
760 struct kvm_mmu_page *sp;
761 struct hlist_node *node;
763 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
764 index = kvm_page_table_hashfn(gfn);
765 bucket = &kvm->arch.mmu_page_hash[index];
766 hlist_for_each_entry(sp, node, bucket, hash_link)
767 if (sp->gfn == gfn && !sp->role.metaphysical
768 && !sp->role.invalid) {
769 pgprintk("%s: found role %x\n",
770 __func__, sp->role.word);
776 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
784 union kvm_mmu_page_role role;
787 struct hlist_head *bucket;
788 struct kvm_mmu_page *sp;
789 struct hlist_node *node;
792 role.glevels = vcpu->arch.mmu.root_level;
794 role.metaphysical = metaphysical;
795 role.access = access;
796 if (vcpu->arch.mmu.root_level <= PT32_ROOT_LEVEL) {
797 quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
798 quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
799 role.quadrant = quadrant;
801 pgprintk("%s: looking gfn %lx role %x\n", __func__,
803 index = kvm_page_table_hashfn(gfn);
804 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
805 hlist_for_each_entry(sp, node, bucket, hash_link)
806 if (sp->gfn == gfn && sp->role.word == role.word) {
807 mmu_page_add_parent_pte(vcpu, sp, parent_pte);
808 pgprintk("%s: found\n", __func__);
811 ++vcpu->kvm->stat.mmu_cache_miss;
812 sp = kvm_mmu_alloc_page(vcpu, parent_pte);
815 pgprintk("%s: adding gfn %lx role %x\n", __func__, gfn, role.word);
818 hlist_add_head(&sp->hash_link, bucket);
820 rmap_write_protect(vcpu->kvm, gfn);
821 vcpu->arch.mmu.prefetch_page(vcpu, sp);
825 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
826 struct kvm_mmu_page *sp)
834 if (sp->role.level == PT_PAGE_TABLE_LEVEL) {
835 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
836 if (is_shadow_present_pte(pt[i]))
837 rmap_remove(kvm, &pt[i]);
838 pt[i] = shadow_trap_nonpresent_pte;
840 kvm_flush_remote_tlbs(kvm);
844 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
847 if (is_shadow_present_pte(ent)) {
848 if (!is_large_pte(ent)) {
849 ent &= PT64_BASE_ADDR_MASK;
850 mmu_page_remove_parent_pte(page_header(ent),
854 rmap_remove(kvm, &pt[i]);
857 pt[i] = shadow_trap_nonpresent_pte;
859 kvm_flush_remote_tlbs(kvm);
862 static void kvm_mmu_put_page(struct kvm_mmu_page *sp, u64 *parent_pte)
864 mmu_page_remove_parent_pte(sp, parent_pte);
867 static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
871 for (i = 0; i < KVM_MAX_VCPUS; ++i)
873 kvm->vcpus[i]->arch.last_pte_updated = NULL;
876 static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
880 ++kvm->stat.mmu_shadow_zapped;
881 while (sp->multimapped || sp->parent_pte) {
882 if (!sp->multimapped)
883 parent_pte = sp->parent_pte;
885 struct kvm_pte_chain *chain;
887 chain = container_of(sp->parent_ptes.first,
888 struct kvm_pte_chain, link);
889 parent_pte = chain->parent_ptes[0];
892 kvm_mmu_put_page(sp, parent_pte);
893 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
895 kvm_mmu_page_unlink_children(kvm, sp);
896 if (!sp->root_count) {
897 if (!sp->role.metaphysical)
898 unaccount_shadowed(kvm, sp->gfn);
899 hlist_del(&sp->hash_link);
900 kvm_mmu_free_page(kvm, sp);
902 list_move(&sp->link, &kvm->arch.active_mmu_pages);
903 sp->role.invalid = 1;
904 kvm_reload_remote_mmus(kvm);
906 kvm_mmu_reset_last_pte_updated(kvm);
910 * Changing the number of mmu pages allocated to the vm
911 * Note: if kvm_nr_mmu_pages is too small, you will get dead lock
913 void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages)
916 * If we set the number of mmu pages to be smaller be than the
917 * number of actived pages , we must to free some mmu pages before we
921 if ((kvm->arch.n_alloc_mmu_pages - kvm->arch.n_free_mmu_pages) >
923 int n_used_mmu_pages = kvm->arch.n_alloc_mmu_pages
924 - kvm->arch.n_free_mmu_pages;
926 while (n_used_mmu_pages > kvm_nr_mmu_pages) {
927 struct kvm_mmu_page *page;
929 page = container_of(kvm->arch.active_mmu_pages.prev,
930 struct kvm_mmu_page, link);
931 kvm_mmu_zap_page(kvm, page);
934 kvm->arch.n_free_mmu_pages = 0;
937 kvm->arch.n_free_mmu_pages += kvm_nr_mmu_pages
938 - kvm->arch.n_alloc_mmu_pages;
940 kvm->arch.n_alloc_mmu_pages = kvm_nr_mmu_pages;
943 static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
946 struct hlist_head *bucket;
947 struct kvm_mmu_page *sp;
948 struct hlist_node *node, *n;
951 pgprintk("%s: looking for gfn %lx\n", __func__, gfn);
953 index = kvm_page_table_hashfn(gfn);
954 bucket = &kvm->arch.mmu_page_hash[index];
955 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link)
956 if (sp->gfn == gfn && !sp->role.metaphysical) {
957 pgprintk("%s: gfn %lx role %x\n", __func__, gfn,
959 kvm_mmu_zap_page(kvm, sp);
965 static void mmu_unshadow(struct kvm *kvm, gfn_t gfn)
967 struct kvm_mmu_page *sp;
969 while ((sp = kvm_mmu_lookup_page(kvm, gfn)) != NULL) {
970 pgprintk("%s: zap %lx %x\n", __func__, gfn, sp->role.word);
971 kvm_mmu_zap_page(kvm, sp);
975 static void page_header_update_slot(struct kvm *kvm, void *pte, gfn_t gfn)
977 int slot = memslot_id(kvm, gfn_to_memslot(kvm, gfn));
978 struct kvm_mmu_page *sp = page_header(__pa(pte));
980 __set_bit(slot, &sp->slot_bitmap);
983 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
987 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
989 if (gpa == UNMAPPED_GVA)
992 down_read(¤t->mm->mmap_sem);
993 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
994 up_read(¤t->mm->mmap_sem);
999 static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
1000 unsigned pt_access, unsigned pte_access,
1001 int user_fault, int write_fault, int dirty,
1002 int *ptwrite, int largepage, gfn_t gfn,
1003 pfn_t pfn, bool speculative)
1006 int was_rmapped = 0;
1007 int was_writeble = is_writeble_pte(*shadow_pte);
1009 pgprintk("%s: spte %llx access %x write_fault %d"
1010 " user_fault %d gfn %lx\n",
1011 __func__, *shadow_pte, pt_access,
1012 write_fault, user_fault, gfn);
1014 if (is_rmap_pte(*shadow_pte)) {
1016 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
1017 * the parent of the now unreachable PTE.
1019 if (largepage && !is_large_pte(*shadow_pte)) {
1020 struct kvm_mmu_page *child;
1021 u64 pte = *shadow_pte;
1023 child = page_header(pte & PT64_BASE_ADDR_MASK);
1024 mmu_page_remove_parent_pte(child, shadow_pte);
1025 } else if (pfn != spte_to_pfn(*shadow_pte)) {
1026 pgprintk("hfn old %lx new %lx\n",
1027 spte_to_pfn(*shadow_pte), pfn);
1028 rmap_remove(vcpu->kvm, shadow_pte);
1031 was_rmapped = is_large_pte(*shadow_pte);
1038 * We don't set the accessed bit, since we sometimes want to see
1039 * whether the guest actually used the pte (in order to detect
1042 spte = PT_PRESENT_MASK | PT_DIRTY_MASK;
1044 pte_access |= PT_ACCESSED_MASK;
1046 pte_access &= ~ACC_WRITE_MASK;
1047 if (!(pte_access & ACC_EXEC_MASK))
1048 spte |= PT64_NX_MASK;
1050 spte |= PT_PRESENT_MASK;
1051 if (pte_access & ACC_USER_MASK)
1052 spte |= PT_USER_MASK;
1054 spte |= PT_PAGE_SIZE_MASK;
1056 spte |= (u64)pfn << PAGE_SHIFT;
1058 if ((pte_access & ACC_WRITE_MASK)
1059 || (write_fault && !is_write_protection(vcpu) && !user_fault)) {
1060 struct kvm_mmu_page *shadow;
1062 spte |= PT_WRITABLE_MASK;
1064 mmu_unshadow(vcpu->kvm, gfn);
1068 shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
1070 (largepage && has_wrprotected_page(vcpu->kvm, gfn))) {
1071 pgprintk("%s: found shadow page for %lx, marking ro\n",
1073 pte_access &= ~ACC_WRITE_MASK;
1074 if (is_writeble_pte(spte)) {
1075 spte &= ~PT_WRITABLE_MASK;
1076 kvm_x86_ops->tlb_flush(vcpu);
1085 if (pte_access & ACC_WRITE_MASK)
1086 mark_page_dirty(vcpu->kvm, gfn);
1088 pgprintk("%s: setting spte %llx\n", __func__, spte);
1089 pgprintk("instantiating %s PTE (%s) at %d (%llx) addr %llx\n",
1090 (spte&PT_PAGE_SIZE_MASK)? "2MB" : "4kB",
1091 (spte&PT_WRITABLE_MASK)?"RW":"R", gfn, spte, shadow_pte);
1092 set_shadow_pte(shadow_pte, spte);
1093 if (!was_rmapped && (spte & PT_PAGE_SIZE_MASK)
1094 && (spte & PT_PRESENT_MASK))
1095 ++vcpu->kvm->stat.lpages;
1097 page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
1099 rmap_add(vcpu, shadow_pte, gfn, largepage);
1100 if (!is_rmap_pte(*shadow_pte))
1101 kvm_release_pfn_clean(pfn);
1104 kvm_release_pfn_dirty(pfn);
1106 kvm_release_pfn_clean(pfn);
1108 if (!ptwrite || !*ptwrite)
1109 vcpu->arch.last_pte_updated = shadow_pte;
1112 static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
1116 static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
1117 int largepage, gfn_t gfn, pfn_t pfn,
1120 hpa_t table_addr = vcpu->arch.mmu.root_hpa;
1124 u32 index = PT64_INDEX(v, level);
1127 ASSERT(VALID_PAGE(table_addr));
1128 table = __va(table_addr);
1131 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1132 0, write, 1, &pt_write, 0, gfn, pfn, false);
1136 if (largepage && level == 2) {
1137 mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
1138 0, write, 1, &pt_write, 1, gfn, pfn, false);
1142 if (table[index] == shadow_trap_nonpresent_pte) {
1143 struct kvm_mmu_page *new_table;
1146 pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
1148 new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
1150 1, ACC_ALL, &table[index]);
1152 pgprintk("nonpaging_map: ENOMEM\n");
1153 kvm_release_pfn_clean(pfn);
1157 table[index] = __pa(new_table->spt) | PT_PRESENT_MASK
1158 | PT_WRITABLE_MASK | PT_USER_MASK;
1160 table_addr = table[index] & PT64_BASE_ADDR_MASK;
1164 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
1170 down_read(¤t->mm->mmap_sem);
1171 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1172 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1176 pfn = gfn_to_pfn(vcpu->kvm, gfn);
1177 up_read(¤t->mm->mmap_sem);
1180 if (is_error_pfn(pfn)) {
1181 kvm_release_pfn_clean(pfn);
1185 spin_lock(&vcpu->kvm->mmu_lock);
1186 kvm_mmu_free_some_pages(vcpu);
1187 r = __direct_map(vcpu, v, write, largepage, gfn, pfn,
1189 spin_unlock(&vcpu->kvm->mmu_lock);
1196 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
1197 struct kvm_mmu_page *sp)
1201 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1202 sp->spt[i] = shadow_trap_nonpresent_pte;
1205 static void mmu_free_roots(struct kvm_vcpu *vcpu)
1208 struct kvm_mmu_page *sp;
1210 if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
1212 spin_lock(&vcpu->kvm->mmu_lock);
1213 #ifdef CONFIG_X86_64
1214 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1215 hpa_t root = vcpu->arch.mmu.root_hpa;
1217 sp = page_header(root);
1219 if (!sp->root_count && sp->role.invalid)
1220 kvm_mmu_zap_page(vcpu->kvm, sp);
1221 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1222 spin_unlock(&vcpu->kvm->mmu_lock);
1226 for (i = 0; i < 4; ++i) {
1227 hpa_t root = vcpu->arch.mmu.pae_root[i];
1230 root &= PT64_BASE_ADDR_MASK;
1231 sp = page_header(root);
1233 if (!sp->root_count && sp->role.invalid)
1234 kvm_mmu_zap_page(vcpu->kvm, sp);
1236 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1238 spin_unlock(&vcpu->kvm->mmu_lock);
1239 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1242 static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
1246 struct kvm_mmu_page *sp;
1247 int metaphysical = 0;
1249 root_gfn = vcpu->arch.cr3 >> PAGE_SHIFT;
1251 #ifdef CONFIG_X86_64
1252 if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
1253 hpa_t root = vcpu->arch.mmu.root_hpa;
1255 ASSERT(!VALID_PAGE(root));
1258 sp = kvm_mmu_get_page(vcpu, root_gfn, 0,
1259 PT64_ROOT_LEVEL, metaphysical,
1261 root = __pa(sp->spt);
1263 vcpu->arch.mmu.root_hpa = root;
1267 metaphysical = !is_paging(vcpu);
1270 for (i = 0; i < 4; ++i) {
1271 hpa_t root = vcpu->arch.mmu.pae_root[i];
1273 ASSERT(!VALID_PAGE(root));
1274 if (vcpu->arch.mmu.root_level == PT32E_ROOT_LEVEL) {
1275 if (!is_present_pte(vcpu->arch.pdptrs[i])) {
1276 vcpu->arch.mmu.pae_root[i] = 0;
1279 root_gfn = vcpu->arch.pdptrs[i] >> PAGE_SHIFT;
1280 } else if (vcpu->arch.mmu.root_level == 0)
1282 sp = kvm_mmu_get_page(vcpu, root_gfn, i << 30,
1283 PT32_ROOT_LEVEL, metaphysical,
1285 root = __pa(sp->spt);
1287 vcpu->arch.mmu.pae_root[i] = root | PT_PRESENT_MASK;
1289 vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
1292 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
1297 static int nonpaging_page_fault(struct kvm_vcpu *vcpu, gva_t gva,
1303 pgprintk("%s: gva %lx error %x\n", __func__, gva, error_code);
1304 r = mmu_topup_memory_caches(vcpu);
1309 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1311 gfn = gva >> PAGE_SHIFT;
1313 return nonpaging_map(vcpu, gva & PAGE_MASK,
1314 error_code & PFERR_WRITE_MASK, gfn);
1317 static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
1323 gfn_t gfn = gpa >> PAGE_SHIFT;
1326 ASSERT(VALID_PAGE(vcpu->arch.mmu.root_hpa));
1328 r = mmu_topup_memory_caches(vcpu);
1332 down_read(¤t->mm->mmap_sem);
1333 if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
1334 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1337 pfn = gfn_to_pfn(vcpu->kvm, gfn);
1338 up_read(¤t->mm->mmap_sem);
1339 if (is_error_pfn(pfn)) {
1340 kvm_release_pfn_clean(pfn);
1343 spin_lock(&vcpu->kvm->mmu_lock);
1344 kvm_mmu_free_some_pages(vcpu);
1345 r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
1346 largepage, gfn, pfn, TDP_ROOT_LEVEL);
1347 spin_unlock(&vcpu->kvm->mmu_lock);
1352 static void nonpaging_free(struct kvm_vcpu *vcpu)
1354 mmu_free_roots(vcpu);
1357 static int nonpaging_init_context(struct kvm_vcpu *vcpu)
1359 struct kvm_mmu *context = &vcpu->arch.mmu;
1361 context->new_cr3 = nonpaging_new_cr3;
1362 context->page_fault = nonpaging_page_fault;
1363 context->gva_to_gpa = nonpaging_gva_to_gpa;
1364 context->free = nonpaging_free;
1365 context->prefetch_page = nonpaging_prefetch_page;
1366 context->root_level = 0;
1367 context->shadow_root_level = PT32E_ROOT_LEVEL;
1368 context->root_hpa = INVALID_PAGE;
1372 void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu)
1374 ++vcpu->stat.tlb_flush;
1375 kvm_x86_ops->tlb_flush(vcpu);
1378 static void paging_new_cr3(struct kvm_vcpu *vcpu)
1380 pgprintk("%s: cr3 %lx\n", __func__, vcpu->arch.cr3);
1381 mmu_free_roots(vcpu);
1384 static void inject_page_fault(struct kvm_vcpu *vcpu,
1388 kvm_inject_page_fault(vcpu, addr, err_code);
1391 static void paging_free(struct kvm_vcpu *vcpu)
1393 nonpaging_free(vcpu);
1397 #include "paging_tmpl.h"
1401 #include "paging_tmpl.h"
1404 static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
1406 struct kvm_mmu *context = &vcpu->arch.mmu;
1408 ASSERT(is_pae(vcpu));
1409 context->new_cr3 = paging_new_cr3;
1410 context->page_fault = paging64_page_fault;
1411 context->gva_to_gpa = paging64_gva_to_gpa;
1412 context->prefetch_page = paging64_prefetch_page;
1413 context->free = paging_free;
1414 context->root_level = level;
1415 context->shadow_root_level = level;
1416 context->root_hpa = INVALID_PAGE;
1420 static int paging64_init_context(struct kvm_vcpu *vcpu)
1422 return paging64_init_context_common(vcpu, PT64_ROOT_LEVEL);
1425 static int paging32_init_context(struct kvm_vcpu *vcpu)
1427 struct kvm_mmu *context = &vcpu->arch.mmu;
1429 context->new_cr3 = paging_new_cr3;
1430 context->page_fault = paging32_page_fault;
1431 context->gva_to_gpa = paging32_gva_to_gpa;
1432 context->free = paging_free;
1433 context->prefetch_page = paging32_prefetch_page;
1434 context->root_level = PT32_ROOT_LEVEL;
1435 context->shadow_root_level = PT32E_ROOT_LEVEL;
1436 context->root_hpa = INVALID_PAGE;
1440 static int paging32E_init_context(struct kvm_vcpu *vcpu)
1442 return paging64_init_context_common(vcpu, PT32E_ROOT_LEVEL);
1445 static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
1447 struct kvm_mmu *context = &vcpu->arch.mmu;
1449 context->new_cr3 = nonpaging_new_cr3;
1450 context->page_fault = tdp_page_fault;
1451 context->free = nonpaging_free;
1452 context->prefetch_page = nonpaging_prefetch_page;
1453 context->shadow_root_level = TDP_ROOT_LEVEL;
1454 context->root_hpa = INVALID_PAGE;
1456 if (!is_paging(vcpu)) {
1457 context->gva_to_gpa = nonpaging_gva_to_gpa;
1458 context->root_level = 0;
1459 } else if (is_long_mode(vcpu)) {
1460 context->gva_to_gpa = paging64_gva_to_gpa;
1461 context->root_level = PT64_ROOT_LEVEL;
1462 } else if (is_pae(vcpu)) {
1463 context->gva_to_gpa = paging64_gva_to_gpa;
1464 context->root_level = PT32E_ROOT_LEVEL;
1466 context->gva_to_gpa = paging32_gva_to_gpa;
1467 context->root_level = PT32_ROOT_LEVEL;
1473 static int init_kvm_softmmu(struct kvm_vcpu *vcpu)
1476 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1478 if (!is_paging(vcpu))
1479 return nonpaging_init_context(vcpu);
1480 else if (is_long_mode(vcpu))
1481 return paging64_init_context(vcpu);
1482 else if (is_pae(vcpu))
1483 return paging32E_init_context(vcpu);
1485 return paging32_init_context(vcpu);
1488 static int init_kvm_mmu(struct kvm_vcpu *vcpu)
1490 vcpu->arch.update_pte.pfn = bad_pfn;
1493 return init_kvm_tdp_mmu(vcpu);
1495 return init_kvm_softmmu(vcpu);
1498 static void destroy_kvm_mmu(struct kvm_vcpu *vcpu)
1501 if (VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
1502 vcpu->arch.mmu.free(vcpu);
1503 vcpu->arch.mmu.root_hpa = INVALID_PAGE;
1507 int kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
1509 destroy_kvm_mmu(vcpu);
1510 return init_kvm_mmu(vcpu);
1512 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
1514 int kvm_mmu_load(struct kvm_vcpu *vcpu)
1518 r = mmu_topup_memory_caches(vcpu);
1521 spin_lock(&vcpu->kvm->mmu_lock);
1522 kvm_mmu_free_some_pages(vcpu);
1523 mmu_alloc_roots(vcpu);
1524 spin_unlock(&vcpu->kvm->mmu_lock);
1525 kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
1526 kvm_mmu_flush_tlb(vcpu);
1530 EXPORT_SYMBOL_GPL(kvm_mmu_load);
1532 void kvm_mmu_unload(struct kvm_vcpu *vcpu)
1534 mmu_free_roots(vcpu);
1537 static void mmu_pte_write_zap_pte(struct kvm_vcpu *vcpu,
1538 struct kvm_mmu_page *sp,
1542 struct kvm_mmu_page *child;
1545 if (is_shadow_present_pte(pte)) {
1546 if (sp->role.level == PT_PAGE_TABLE_LEVEL ||
1548 rmap_remove(vcpu->kvm, spte);
1550 child = page_header(pte & PT64_BASE_ADDR_MASK);
1551 mmu_page_remove_parent_pte(child, spte);
1554 set_shadow_pte(spte, shadow_trap_nonpresent_pte);
1555 if (is_large_pte(pte))
1556 --vcpu->kvm->stat.lpages;
1559 static void mmu_pte_write_new_pte(struct kvm_vcpu *vcpu,
1560 struct kvm_mmu_page *sp,
1564 if ((sp->role.level != PT_PAGE_TABLE_LEVEL)
1565 && !vcpu->arch.update_pte.largepage) {
1566 ++vcpu->kvm->stat.mmu_pde_zapped;
1570 ++vcpu->kvm->stat.mmu_pte_updated;
1571 if (sp->role.glevels == PT32_ROOT_LEVEL)
1572 paging32_update_pte(vcpu, sp, spte, new);
1574 paging64_update_pte(vcpu, sp, spte, new);
1577 static bool need_remote_flush(u64 old, u64 new)
1579 if (!is_shadow_present_pte(old))
1581 if (!is_shadow_present_pte(new))
1583 if ((old ^ new) & PT64_BASE_ADDR_MASK)
1585 old ^= PT64_NX_MASK;
1586 new ^= PT64_NX_MASK;
1587 return (old & ~new & PT64_PERM_MASK) != 0;
1590 static void mmu_pte_write_flush_tlb(struct kvm_vcpu *vcpu, u64 old, u64 new)
1592 if (need_remote_flush(old, new))
1593 kvm_flush_remote_tlbs(vcpu->kvm);
1595 kvm_mmu_flush_tlb(vcpu);
1598 static bool last_updated_pte_accessed(struct kvm_vcpu *vcpu)
1600 u64 *spte = vcpu->arch.last_pte_updated;
1602 return !!(spte && (*spte & PT_ACCESSED_MASK));
1605 static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1606 const u8 *new, int bytes)
1613 vcpu->arch.update_pte.largepage = 0;
1615 if (bytes != 4 && bytes != 8)
1619 * Assume that the pte write on a page table of the same type
1620 * as the current vcpu paging mode. This is nearly always true
1621 * (might be false while changing modes). Note it is verified later
1625 /* Handle a 32-bit guest writing two halves of a 64-bit gpte */
1626 if ((bytes == 4) && (gpa % 4 == 0)) {
1627 r = kvm_read_guest(vcpu->kvm, gpa & ~(u64)7, &gpte, 8);
1630 memcpy((void *)&gpte + (gpa % 8), new, 4);
1631 } else if ((bytes == 8) && (gpa % 8 == 0)) {
1632 memcpy((void *)&gpte, new, 8);
1635 if ((bytes == 4) && (gpa % 4 == 0))
1636 memcpy((void *)&gpte, new, 4);
1638 if (!is_present_pte(gpte))
1640 gfn = (gpte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
1642 down_read(¤t->mm->mmap_sem);
1643 if (is_large_pte(gpte) && is_largepage_backed(vcpu, gfn)) {
1644 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
1645 vcpu->arch.update_pte.largepage = 1;
1647 pfn = gfn_to_pfn(vcpu->kvm, gfn);
1648 up_read(¤t->mm->mmap_sem);
1650 if (is_error_pfn(pfn)) {
1651 kvm_release_pfn_clean(pfn);
1654 vcpu->arch.update_pte.gfn = gfn;
1655 vcpu->arch.update_pte.pfn = pfn;
1658 void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
1659 const u8 *new, int bytes)
1661 gfn_t gfn = gpa >> PAGE_SHIFT;
1662 struct kvm_mmu_page *sp;
1663 struct hlist_node *node, *n;
1664 struct hlist_head *bucket;
1668 unsigned offset = offset_in_page(gpa);
1670 unsigned page_offset;
1671 unsigned misaligned;
1678 pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
1679 mmu_guess_page_from_pte_write(vcpu, gpa, new, bytes);
1680 spin_lock(&vcpu->kvm->mmu_lock);
1681 kvm_mmu_free_some_pages(vcpu);
1682 ++vcpu->kvm->stat.mmu_pte_write;
1683 kvm_mmu_audit(vcpu, "pre pte write");
1684 if (gfn == vcpu->arch.last_pt_write_gfn
1685 && !last_updated_pte_accessed(vcpu)) {
1686 ++vcpu->arch.last_pt_write_count;
1687 if (vcpu->arch.last_pt_write_count >= 3)
1690 vcpu->arch.last_pt_write_gfn = gfn;
1691 vcpu->arch.last_pt_write_count = 1;
1692 vcpu->arch.last_pte_updated = NULL;
1694 index = kvm_page_table_hashfn(gfn);
1695 bucket = &vcpu->kvm->arch.mmu_page_hash[index];
1696 hlist_for_each_entry_safe(sp, node, n, bucket, hash_link) {
1697 if (sp->gfn != gfn || sp->role.metaphysical)
1699 pte_size = sp->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
1700 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
1701 misaligned |= bytes < 4;
1702 if (misaligned || flooded) {
1704 * Misaligned accesses are too much trouble to fix
1705 * up; also, they usually indicate a page is not used
1708 * If we're seeing too many writes to a page,
1709 * it may no longer be a page table, or we may be
1710 * forking, in which case it is better to unmap the
1713 pgprintk("misaligned: gpa %llx bytes %d role %x\n",
1714 gpa, bytes, sp->role.word);
1715 kvm_mmu_zap_page(vcpu->kvm, sp);
1716 ++vcpu->kvm->stat.mmu_flooded;
1719 page_offset = offset;
1720 level = sp->role.level;
1722 if (sp->role.glevels == PT32_ROOT_LEVEL) {
1723 page_offset <<= 1; /* 32->64 */
1725 * A 32-bit pde maps 4MB while the shadow pdes map
1726 * only 2MB. So we need to double the offset again
1727 * and zap two pdes instead of one.
1729 if (level == PT32_ROOT_LEVEL) {
1730 page_offset &= ~7; /* kill rounding error */
1734 quadrant = page_offset >> PAGE_SHIFT;
1735 page_offset &= ~PAGE_MASK;
1736 if (quadrant != sp->role.quadrant)
1739 spte = &sp->spt[page_offset / sizeof(*spte)];
1740 if ((gpa & (pte_size - 1)) || (bytes < pte_size)) {
1742 r = kvm_read_guest_atomic(vcpu->kvm,
1743 gpa & ~(u64)(pte_size - 1),
1745 new = (const void *)&gentry;
1751 mmu_pte_write_zap_pte(vcpu, sp, spte);
1753 mmu_pte_write_new_pte(vcpu, sp, spte, new);
1754 mmu_pte_write_flush_tlb(vcpu, entry, *spte);
1758 kvm_mmu_audit(vcpu, "post pte write");
1759 spin_unlock(&vcpu->kvm->mmu_lock);
1760 if (!is_error_pfn(vcpu->arch.update_pte.pfn)) {
1761 kvm_release_pfn_clean(vcpu->arch.update_pte.pfn);
1762 vcpu->arch.update_pte.pfn = bad_pfn;
1766 int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva)
1771 gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, gva);
1773 spin_lock(&vcpu->kvm->mmu_lock);
1774 r = kvm_mmu_unprotect_page(vcpu->kvm, gpa >> PAGE_SHIFT);
1775 spin_unlock(&vcpu->kvm->mmu_lock);
1779 void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu)
1781 while (vcpu->kvm->arch.n_free_mmu_pages < KVM_REFILL_PAGES) {
1782 struct kvm_mmu_page *sp;
1784 sp = container_of(vcpu->kvm->arch.active_mmu_pages.prev,
1785 struct kvm_mmu_page, link);
1786 kvm_mmu_zap_page(vcpu->kvm, sp);
1787 ++vcpu->kvm->stat.mmu_recycled;
1791 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
1794 enum emulation_result er;
1796 r = vcpu->arch.mmu.page_fault(vcpu, cr2, error_code);
1805 r = mmu_topup_memory_caches(vcpu);
1809 er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
1814 case EMULATE_DO_MMIO:
1815 ++vcpu->stat.mmio_exits;
1818 kvm_report_emulation_failure(vcpu, "pagetable");
1826 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
1828 void kvm_enable_tdp(void)
1832 EXPORT_SYMBOL_GPL(kvm_enable_tdp);
1834 static void free_mmu_pages(struct kvm_vcpu *vcpu)
1836 struct kvm_mmu_page *sp;
1838 while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) {
1839 sp = container_of(vcpu->kvm->arch.active_mmu_pages.next,
1840 struct kvm_mmu_page, link);
1841 kvm_mmu_zap_page(vcpu->kvm, sp);
1843 free_page((unsigned long)vcpu->arch.mmu.pae_root);
1846 static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
1853 if (vcpu->kvm->arch.n_requested_mmu_pages)
1854 vcpu->kvm->arch.n_free_mmu_pages =
1855 vcpu->kvm->arch.n_requested_mmu_pages;
1857 vcpu->kvm->arch.n_free_mmu_pages =
1858 vcpu->kvm->arch.n_alloc_mmu_pages;
1860 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
1861 * Therefore we need to allocate shadow page tables in the first
1862 * 4GB of memory, which happens to fit the DMA32 zone.
1864 page = alloc_page(GFP_KERNEL | __GFP_DMA32);
1867 vcpu->arch.mmu.pae_root = page_address(page);
1868 for (i = 0; i < 4; ++i)
1869 vcpu->arch.mmu.pae_root[i] = INVALID_PAGE;
1874 free_mmu_pages(vcpu);
1878 int kvm_mmu_create(struct kvm_vcpu *vcpu)
1881 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1883 return alloc_mmu_pages(vcpu);
1886 int kvm_mmu_setup(struct kvm_vcpu *vcpu)
1889 ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
1891 return init_kvm_mmu(vcpu);
1894 void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
1898 destroy_kvm_mmu(vcpu);
1899 free_mmu_pages(vcpu);
1900 mmu_free_memory_caches(vcpu);
1903 void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
1905 struct kvm_mmu_page *sp;
1907 list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
1911 if (!test_bit(slot, &sp->slot_bitmap))
1915 for (i = 0; i < PT64_ENT_PER_PAGE; ++i)
1917 if (pt[i] & PT_WRITABLE_MASK)
1918 pt[i] &= ~PT_WRITABLE_MASK;
1922 void kvm_mmu_zap_all(struct kvm *kvm)
1924 struct kvm_mmu_page *sp, *node;
1926 spin_lock(&kvm->mmu_lock);
1927 list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link)
1928 kvm_mmu_zap_page(kvm, sp);
1929 spin_unlock(&kvm->mmu_lock);
1931 kvm_flush_remote_tlbs(kvm);
1934 void kvm_mmu_remove_one_alloc_mmu_page(struct kvm *kvm)
1936 struct kvm_mmu_page *page;
1938 page = container_of(kvm->arch.active_mmu_pages.prev,
1939 struct kvm_mmu_page, link);
1940 kvm_mmu_zap_page(kvm, page);
1943 static int mmu_shrink(int nr_to_scan, gfp_t gfp_mask)
1946 struct kvm *kvm_freed = NULL;
1947 int cache_count = 0;
1949 spin_lock(&kvm_lock);
1951 list_for_each_entry(kvm, &vm_list, vm_list) {
1954 spin_lock(&kvm->mmu_lock);
1955 npages = kvm->arch.n_alloc_mmu_pages -
1956 kvm->arch.n_free_mmu_pages;
1957 cache_count += npages;
1958 if (!kvm_freed && nr_to_scan > 0 && npages > 0) {
1959 kvm_mmu_remove_one_alloc_mmu_page(kvm);
1965 spin_unlock(&kvm->mmu_lock);
1968 list_move_tail(&kvm_freed->vm_list, &vm_list);
1970 spin_unlock(&kvm_lock);
1975 static struct shrinker mmu_shrinker = {
1976 .shrink = mmu_shrink,
1977 .seeks = DEFAULT_SEEKS * 10,
1980 void mmu_destroy_caches(void)
1982 if (pte_chain_cache)
1983 kmem_cache_destroy(pte_chain_cache);
1984 if (rmap_desc_cache)
1985 kmem_cache_destroy(rmap_desc_cache);
1986 if (mmu_page_header_cache)
1987 kmem_cache_destroy(mmu_page_header_cache);
1990 void kvm_mmu_module_exit(void)
1992 mmu_destroy_caches();
1993 unregister_shrinker(&mmu_shrinker);
1996 int kvm_mmu_module_init(void)
1998 pte_chain_cache = kmem_cache_create("kvm_pte_chain",
1999 sizeof(struct kvm_pte_chain),
2001 if (!pte_chain_cache)
2003 rmap_desc_cache = kmem_cache_create("kvm_rmap_desc",
2004 sizeof(struct kvm_rmap_desc),
2006 if (!rmap_desc_cache)
2009 mmu_page_header_cache = kmem_cache_create("kvm_mmu_page_header",
2010 sizeof(struct kvm_mmu_page),
2012 if (!mmu_page_header_cache)
2015 register_shrinker(&mmu_shrinker);
2020 mmu_destroy_caches();
2025 * Caculate mmu pages needed for kvm.
2027 unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
2030 unsigned int nr_mmu_pages;
2031 unsigned int nr_pages = 0;
2033 for (i = 0; i < kvm->nmemslots; i++)
2034 nr_pages += kvm->memslots[i].npages;
2036 nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
2037 nr_mmu_pages = max(nr_mmu_pages,
2038 (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
2040 return nr_mmu_pages;
2043 static void *pv_mmu_peek_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2046 if (len > buffer->len)
2051 static void *pv_mmu_read_buffer(struct kvm_pv_mmu_op_buffer *buffer,
2056 ret = pv_mmu_peek_buffer(buffer, len);
2061 buffer->processed += len;
2065 static int kvm_pv_mmu_write(struct kvm_vcpu *vcpu,
2066 gpa_t addr, gpa_t value)
2071 if (!is_long_mode(vcpu) && !is_pae(vcpu))
2074 r = mmu_topup_memory_caches(vcpu);
2078 if (!emulator_write_phys(vcpu, addr, &value, bytes))
2084 static int kvm_pv_mmu_flush_tlb(struct kvm_vcpu *vcpu)
2086 kvm_x86_ops->tlb_flush(vcpu);
2090 static int kvm_pv_mmu_release_pt(struct kvm_vcpu *vcpu, gpa_t addr)
2092 spin_lock(&vcpu->kvm->mmu_lock);
2093 mmu_unshadow(vcpu->kvm, addr >> PAGE_SHIFT);
2094 spin_unlock(&vcpu->kvm->mmu_lock);
2098 static int kvm_pv_mmu_op_one(struct kvm_vcpu *vcpu,
2099 struct kvm_pv_mmu_op_buffer *buffer)
2101 struct kvm_mmu_op_header *header;
2103 header = pv_mmu_peek_buffer(buffer, sizeof *header);
2106 switch (header->op) {
2107 case KVM_MMU_OP_WRITE_PTE: {
2108 struct kvm_mmu_op_write_pte *wpte;
2110 wpte = pv_mmu_read_buffer(buffer, sizeof *wpte);
2113 return kvm_pv_mmu_write(vcpu, wpte->pte_phys,
2116 case KVM_MMU_OP_FLUSH_TLB: {
2117 struct kvm_mmu_op_flush_tlb *ftlb;
2119 ftlb = pv_mmu_read_buffer(buffer, sizeof *ftlb);
2122 return kvm_pv_mmu_flush_tlb(vcpu);
2124 case KVM_MMU_OP_RELEASE_PT: {
2125 struct kvm_mmu_op_release_pt *rpt;
2127 rpt = pv_mmu_read_buffer(buffer, sizeof *rpt);
2130 return kvm_pv_mmu_release_pt(vcpu, rpt->pt_phys);
2136 int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
2137 gpa_t addr, unsigned long *ret)
2140 struct kvm_pv_mmu_op_buffer buffer;
2142 buffer.ptr = buffer.buf;
2143 buffer.len = min_t(unsigned long, bytes, sizeof buffer.buf);
2144 buffer.processed = 0;
2146 r = kvm_read_guest(vcpu->kvm, addr, buffer.buf, buffer.len);
2150 while (buffer.len) {
2151 r = kvm_pv_mmu_op_one(vcpu, &buffer);
2160 *ret = buffer.processed;
2166 static const char *audit_msg;
2168 static gva_t canonicalize(gva_t gva)
2170 #ifdef CONFIG_X86_64
2171 gva = (long long)(gva << 16) >> 16;
2176 static void audit_mappings_page(struct kvm_vcpu *vcpu, u64 page_pte,
2177 gva_t va, int level)
2179 u64 *pt = __va(page_pte & PT64_BASE_ADDR_MASK);
2181 gva_t va_delta = 1ul << (PAGE_SHIFT + 9 * (level - 1));
2183 for (i = 0; i < PT64_ENT_PER_PAGE; ++i, va += va_delta) {
2186 if (ent == shadow_trap_nonpresent_pte)
2189 va = canonicalize(va);
2191 if (ent == shadow_notrap_nonpresent_pte)
2192 printk(KERN_ERR "audit: (%s) nontrapping pte"
2193 " in nonleaf level: levels %d gva %lx"
2194 " level %d pte %llx\n", audit_msg,
2195 vcpu->arch.mmu.root_level, va, level, ent);
2197 audit_mappings_page(vcpu, ent, va, level - 1);
2199 gpa_t gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, va);
2200 hpa_t hpa = (hpa_t)gpa_to_pfn(vcpu, gpa) << PAGE_SHIFT;
2202 if (is_shadow_present_pte(ent)
2203 && (ent & PT64_BASE_ADDR_MASK) != hpa)
2204 printk(KERN_ERR "xx audit error: (%s) levels %d"
2205 " gva %lx gpa %llx hpa %llx ent %llx %d\n",
2206 audit_msg, vcpu->arch.mmu.root_level,
2208 is_shadow_present_pte(ent));
2209 else if (ent == shadow_notrap_nonpresent_pte
2210 && !is_error_hpa(hpa))
2211 printk(KERN_ERR "audit: (%s) notrap shadow,"
2212 " valid guest gva %lx\n", audit_msg, va);
2213 kvm_release_pfn_clean(pfn);
2219 static void audit_mappings(struct kvm_vcpu *vcpu)
2223 if (vcpu->arch.mmu.root_level == 4)
2224 audit_mappings_page(vcpu, vcpu->arch.mmu.root_hpa, 0, 4);
2226 for (i = 0; i < 4; ++i)
2227 if (vcpu->arch.mmu.pae_root[i] & PT_PRESENT_MASK)
2228 audit_mappings_page(vcpu,
2229 vcpu->arch.mmu.pae_root[i],
2234 static int count_rmaps(struct kvm_vcpu *vcpu)
2239 for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {
2240 struct kvm_memory_slot *m = &vcpu->kvm->memslots[i];
2241 struct kvm_rmap_desc *d;
2243 for (j = 0; j < m->npages; ++j) {
2244 unsigned long *rmapp = &m->rmap[j];
2248 if (!(*rmapp & 1)) {
2252 d = (struct kvm_rmap_desc *)(*rmapp & ~1ul);
2254 for (k = 0; k < RMAP_EXT; ++k)
2255 if (d->shadow_ptes[k])
2266 static int count_writable_mappings(struct kvm_vcpu *vcpu)
2269 struct kvm_mmu_page *sp;
2272 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2275 if (sp->role.level != PT_PAGE_TABLE_LEVEL)
2278 for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
2281 if (!(ent & PT_PRESENT_MASK))
2283 if (!(ent & PT_WRITABLE_MASK))
2291 static void audit_rmap(struct kvm_vcpu *vcpu)
2293 int n_rmap = count_rmaps(vcpu);
2294 int n_actual = count_writable_mappings(vcpu);
2296 if (n_rmap != n_actual)
2297 printk(KERN_ERR "%s: (%s) rmap %d actual %d\n",
2298 __func__, audit_msg, n_rmap, n_actual);
2301 static void audit_write_protection(struct kvm_vcpu *vcpu)
2303 struct kvm_mmu_page *sp;
2304 struct kvm_memory_slot *slot;
2305 unsigned long *rmapp;
2308 list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
2309 if (sp->role.metaphysical)
2312 slot = gfn_to_memslot(vcpu->kvm, sp->gfn);
2313 gfn = unalias_gfn(vcpu->kvm, sp->gfn);
2314 rmapp = &slot->rmap[gfn - slot->base_gfn];
2316 printk(KERN_ERR "%s: (%s) shadow page has writable"
2317 " mappings: gfn %lx role %x\n",
2318 __func__, audit_msg, sp->gfn,
2323 static void kvm_mmu_audit(struct kvm_vcpu *vcpu, const char *msg)
2330 audit_write_protection(vcpu);
2331 audit_mappings(vcpu);
projects / linux-2.6-omap-h63xx.git / blob