mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 07:23:14 +00:00
f3b65bbaed
The .change_pte() MMU notifier callback was intended as an
optimization. The original point of it was that KSM could tell KVM to flip
its secondary PTE to a new location without having to first zap it. At
the time there was also an .invalidate_page() callback; both of them were
*not* bracketed by calls to mmu_notifier_invalidate_range_{start,end}(),
and .invalidate_page() also doubled as a fallback implementation of
.change_pte().
Later on, however, both callbacks were changed to occur within an
invalidate_range_start/end() block.
In the case of .change_pte(), commit 6bdb913f0a
("mm: wrap calls to
set_pte_at_notify with invalidate_range_start and invalidate_range_end",
2012-10-09) did so to remove the fallback from .invalidate_page() to
.change_pte() and allow sleepable .invalidate_page() hooks.
This however made KVM's usage of the .change_pte() callback completely
moot, because KVM unmaps the sPTEs during .invalidate_range_start()
and therefore .change_pte() has no hope of finding a sPTE to change.
Drop the generic KVM code that dispatches to kvm_set_spte_gfn(), as
well as all the architecture specific implementations.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Anup Patel <anup@brainfault.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20240405115815.3226315-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
925 lines
24 KiB
C
925 lines
24 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (C) 2020-2023 Loongson Technology Corporation Limited
|
|
*/
|
|
|
|
#include <linux/highmem.h>
|
|
#include <linux/hugetlb.h>
|
|
#include <linux/kvm_host.h>
|
|
#include <linux/page-flags.h>
|
|
#include <linux/uaccess.h>
|
|
#include <asm/mmu_context.h>
|
|
#include <asm/pgalloc.h>
|
|
#include <asm/tlb.h>
|
|
#include <asm/kvm_mmu.h>
|
|
|
|
static inline bool kvm_hugepage_capable(struct kvm_memory_slot *slot)
|
|
{
|
|
return slot->arch.flags & KVM_MEM_HUGEPAGE_CAPABLE;
|
|
}
|
|
|
|
static inline bool kvm_hugepage_incapable(struct kvm_memory_slot *slot)
|
|
{
|
|
return slot->arch.flags & KVM_MEM_HUGEPAGE_INCAPABLE;
|
|
}
|
|
|
|
static inline void kvm_ptw_prepare(struct kvm *kvm, kvm_ptw_ctx *ctx)
|
|
{
|
|
ctx->level = kvm->arch.root_level;
|
|
/* pte table */
|
|
ctx->invalid_ptes = kvm->arch.invalid_ptes;
|
|
ctx->pte_shifts = kvm->arch.pte_shifts;
|
|
ctx->pgtable_shift = ctx->pte_shifts[ctx->level];
|
|
ctx->invalid_entry = ctx->invalid_ptes[ctx->level];
|
|
ctx->opaque = kvm;
|
|
}
|
|
|
|
/*
|
|
* Mark a range of guest physical address space old (all accesses fault) in the
|
|
* VM's GPA page table to allow detection of commonly used pages.
|
|
*/
|
|
static int kvm_mkold_pte(kvm_pte_t *pte, phys_addr_t addr, kvm_ptw_ctx *ctx)
|
|
{
|
|
if (kvm_pte_young(*pte)) {
|
|
*pte = kvm_pte_mkold(*pte);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Mark a range of guest physical address space clean (writes fault) in the VM's
|
|
* GPA page table to allow dirty page tracking.
|
|
*/
|
|
static int kvm_mkclean_pte(kvm_pte_t *pte, phys_addr_t addr, kvm_ptw_ctx *ctx)
|
|
{
|
|
gfn_t offset;
|
|
kvm_pte_t val;
|
|
|
|
val = *pte;
|
|
/*
|
|
* For kvm_arch_mmu_enable_log_dirty_pt_masked with mask, start and end
|
|
* may cross hugepage, for first huge page parameter addr is equal to
|
|
* start, however for the second huge page addr is base address of
|
|
* this huge page, rather than start or end address
|
|
*/
|
|
if ((ctx->flag & _KVM_HAS_PGMASK) && !kvm_pte_huge(val)) {
|
|
offset = (addr >> PAGE_SHIFT) - ctx->gfn;
|
|
if (!(BIT(offset) & ctx->mask))
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Need not split huge page now, just set write-proect pte bit
|
|
* Split huge page until next write fault
|
|
*/
|
|
if (kvm_pte_dirty(val)) {
|
|
*pte = kvm_pte_mkclean(val);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Clear pte entry
|
|
*/
|
|
static int kvm_flush_pte(kvm_pte_t *pte, phys_addr_t addr, kvm_ptw_ctx *ctx)
|
|
{
|
|
struct kvm *kvm;
|
|
|
|
kvm = ctx->opaque;
|
|
if (ctx->level)
|
|
kvm->stat.hugepages--;
|
|
else
|
|
kvm->stat.pages--;
|
|
|
|
*pte = ctx->invalid_entry;
|
|
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* kvm_pgd_alloc() - Allocate and initialise a KVM GPA page directory.
|
|
*
|
|
* Allocate a blank KVM GPA page directory (PGD) for representing guest physical
|
|
* to host physical page mappings.
|
|
*
|
|
* Returns: Pointer to new KVM GPA page directory.
|
|
* NULL on allocation failure.
|
|
*/
|
|
kvm_pte_t *kvm_pgd_alloc(void)
|
|
{
|
|
kvm_pte_t *pgd;
|
|
|
|
pgd = (kvm_pte_t *)__get_free_pages(GFP_KERNEL, 0);
|
|
if (pgd)
|
|
pgd_init((void *)pgd);
|
|
|
|
return pgd;
|
|
}
|
|
|
|
static void _kvm_pte_init(void *addr, unsigned long val)
|
|
{
|
|
unsigned long *p, *end;
|
|
|
|
p = (unsigned long *)addr;
|
|
end = p + PTRS_PER_PTE;
|
|
do {
|
|
p[0] = val;
|
|
p[1] = val;
|
|
p[2] = val;
|
|
p[3] = val;
|
|
p[4] = val;
|
|
p += 8;
|
|
p[-3] = val;
|
|
p[-2] = val;
|
|
p[-1] = val;
|
|
} while (p != end);
|
|
}
|
|
|
|
/*
|
|
* Caller must hold kvm->mm_lock
|
|
*
|
|
* Walk the page tables of kvm to find the PTE corresponding to the
|
|
* address @addr. If page tables don't exist for @addr, they will be created
|
|
* from the MMU cache if @cache is not NULL.
|
|
*/
|
|
static kvm_pte_t *kvm_populate_gpa(struct kvm *kvm,
|
|
struct kvm_mmu_memory_cache *cache,
|
|
unsigned long addr, int level)
|
|
{
|
|
kvm_ptw_ctx ctx;
|
|
kvm_pte_t *entry, *child;
|
|
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
child = kvm->arch.pgd;
|
|
while (ctx.level > level) {
|
|
entry = kvm_pgtable_offset(&ctx, child, addr);
|
|
if (kvm_pte_none(&ctx, entry)) {
|
|
if (!cache)
|
|
return NULL;
|
|
|
|
child = kvm_mmu_memory_cache_alloc(cache);
|
|
_kvm_pte_init(child, ctx.invalid_ptes[ctx.level - 1]);
|
|
kvm_set_pte(entry, __pa(child));
|
|
} else if (kvm_pte_huge(*entry)) {
|
|
return entry;
|
|
} else
|
|
child = (kvm_pte_t *)__va(PHYSADDR(*entry));
|
|
kvm_ptw_enter(&ctx);
|
|
}
|
|
|
|
entry = kvm_pgtable_offset(&ctx, child, addr);
|
|
|
|
return entry;
|
|
}
|
|
|
|
/*
|
|
* Page walker for VM shadow mmu at last level
|
|
* The last level is small pte page or huge pmd page
|
|
*/
|
|
static int kvm_ptw_leaf(kvm_pte_t *dir, phys_addr_t addr, phys_addr_t end, kvm_ptw_ctx *ctx)
|
|
{
|
|
int ret;
|
|
phys_addr_t next, start, size;
|
|
struct list_head *list;
|
|
kvm_pte_t *entry, *child;
|
|
|
|
ret = 0;
|
|
start = addr;
|
|
child = (kvm_pte_t *)__va(PHYSADDR(*dir));
|
|
entry = kvm_pgtable_offset(ctx, child, addr);
|
|
do {
|
|
next = addr + (0x1UL << ctx->pgtable_shift);
|
|
if (!kvm_pte_present(ctx, entry))
|
|
continue;
|
|
|
|
ret |= ctx->ops(entry, addr, ctx);
|
|
} while (entry++, addr = next, addr < end);
|
|
|
|
if (kvm_need_flush(ctx)) {
|
|
size = 0x1UL << (ctx->pgtable_shift + PAGE_SHIFT - 3);
|
|
if (start + size == end) {
|
|
list = (struct list_head *)child;
|
|
list_add_tail(list, &ctx->list);
|
|
*dir = ctx->invalid_ptes[ctx->level + 1];
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Page walker for VM shadow mmu at page table dir level
|
|
*/
|
|
static int kvm_ptw_dir(kvm_pte_t *dir, phys_addr_t addr, phys_addr_t end, kvm_ptw_ctx *ctx)
|
|
{
|
|
int ret;
|
|
phys_addr_t next, start, size;
|
|
struct list_head *list;
|
|
kvm_pte_t *entry, *child;
|
|
|
|
ret = 0;
|
|
start = addr;
|
|
child = (kvm_pte_t *)__va(PHYSADDR(*dir));
|
|
entry = kvm_pgtable_offset(ctx, child, addr);
|
|
do {
|
|
next = kvm_pgtable_addr_end(ctx, addr, end);
|
|
if (!kvm_pte_present(ctx, entry))
|
|
continue;
|
|
|
|
if (kvm_pte_huge(*entry)) {
|
|
ret |= ctx->ops(entry, addr, ctx);
|
|
continue;
|
|
}
|
|
|
|
kvm_ptw_enter(ctx);
|
|
if (ctx->level == 0)
|
|
ret |= kvm_ptw_leaf(entry, addr, next, ctx);
|
|
else
|
|
ret |= kvm_ptw_dir(entry, addr, next, ctx);
|
|
kvm_ptw_exit(ctx);
|
|
} while (entry++, addr = next, addr < end);
|
|
|
|
if (kvm_need_flush(ctx)) {
|
|
size = 0x1UL << (ctx->pgtable_shift + PAGE_SHIFT - 3);
|
|
if (start + size == end) {
|
|
list = (struct list_head *)child;
|
|
list_add_tail(list, &ctx->list);
|
|
*dir = ctx->invalid_ptes[ctx->level + 1];
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Page walker for VM shadow mmu at page root table
|
|
*/
|
|
static int kvm_ptw_top(kvm_pte_t *dir, phys_addr_t addr, phys_addr_t end, kvm_ptw_ctx *ctx)
|
|
{
|
|
int ret;
|
|
phys_addr_t next;
|
|
kvm_pte_t *entry;
|
|
|
|
ret = 0;
|
|
entry = kvm_pgtable_offset(ctx, dir, addr);
|
|
do {
|
|
next = kvm_pgtable_addr_end(ctx, addr, end);
|
|
if (!kvm_pte_present(ctx, entry))
|
|
continue;
|
|
|
|
kvm_ptw_enter(ctx);
|
|
ret |= kvm_ptw_dir(entry, addr, next, ctx);
|
|
kvm_ptw_exit(ctx);
|
|
} while (entry++, addr = next, addr < end);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* kvm_flush_range() - Flush a range of guest physical addresses.
|
|
* @kvm: KVM pointer.
|
|
* @start_gfn: Guest frame number of first page in GPA range to flush.
|
|
* @end_gfn: Guest frame number of last page in GPA range to flush.
|
|
* @lock: Whether to hold mmu_lock or not
|
|
*
|
|
* Flushes a range of GPA mappings from the GPA page tables.
|
|
*/
|
|
static void kvm_flush_range(struct kvm *kvm, gfn_t start_gfn, gfn_t end_gfn, int lock)
|
|
{
|
|
int ret;
|
|
kvm_ptw_ctx ctx;
|
|
struct list_head *pos, *temp;
|
|
|
|
ctx.ops = kvm_flush_pte;
|
|
ctx.flag = _KVM_FLUSH_PGTABLE;
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
INIT_LIST_HEAD(&ctx.list);
|
|
|
|
if (lock) {
|
|
spin_lock(&kvm->mmu_lock);
|
|
ret = kvm_ptw_top(kvm->arch.pgd, start_gfn << PAGE_SHIFT,
|
|
end_gfn << PAGE_SHIFT, &ctx);
|
|
spin_unlock(&kvm->mmu_lock);
|
|
} else
|
|
ret = kvm_ptw_top(kvm->arch.pgd, start_gfn << PAGE_SHIFT,
|
|
end_gfn << PAGE_SHIFT, &ctx);
|
|
|
|
/* Flush vpid for each vCPU individually */
|
|
if (ret)
|
|
kvm_flush_remote_tlbs(kvm);
|
|
|
|
/*
|
|
* free pte table page after mmu_lock
|
|
* the pte table page is linked together with ctx.list
|
|
*/
|
|
list_for_each_safe(pos, temp, &ctx.list) {
|
|
list_del(pos);
|
|
free_page((unsigned long)pos);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* kvm_mkclean_gpa_pt() - Make a range of guest physical addresses clean.
|
|
* @kvm: KVM pointer.
|
|
* @start_gfn: Guest frame number of first page in GPA range to flush.
|
|
* @end_gfn: Guest frame number of last page in GPA range to flush.
|
|
*
|
|
* Make a range of GPA mappings clean so that guest writes will fault and
|
|
* trigger dirty page logging.
|
|
*
|
|
* The caller must hold the @kvm->mmu_lock spinlock.
|
|
*
|
|
* Returns: Whether any GPA mappings were modified, which would require
|
|
* derived mappings (GVA page tables & TLB enties) to be
|
|
* invalidated.
|
|
*/
|
|
static int kvm_mkclean_gpa_pt(struct kvm *kvm, gfn_t start_gfn, gfn_t end_gfn)
|
|
{
|
|
kvm_ptw_ctx ctx;
|
|
|
|
ctx.ops = kvm_mkclean_pte;
|
|
ctx.flag = 0;
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
return kvm_ptw_top(kvm->arch.pgd, start_gfn << PAGE_SHIFT, end_gfn << PAGE_SHIFT, &ctx);
|
|
}
|
|
|
|
/*
|
|
* kvm_arch_mmu_enable_log_dirty_pt_masked() - write protect dirty pages
|
|
* @kvm: The KVM pointer
|
|
* @slot: The memory slot associated with mask
|
|
* @gfn_offset: The gfn offset in memory slot
|
|
* @mask: The mask of dirty pages at offset 'gfn_offset' in this memory
|
|
* slot to be write protected
|
|
*
|
|
* Walks bits set in mask write protects the associated pte's. Caller must
|
|
* acquire @kvm->mmu_lock.
|
|
*/
|
|
void kvm_arch_mmu_enable_log_dirty_pt_masked(struct kvm *kvm,
|
|
struct kvm_memory_slot *slot, gfn_t gfn_offset, unsigned long mask)
|
|
{
|
|
kvm_ptw_ctx ctx;
|
|
gfn_t base_gfn = slot->base_gfn + gfn_offset;
|
|
gfn_t start = base_gfn + __ffs(mask);
|
|
gfn_t end = base_gfn + __fls(mask) + 1;
|
|
|
|
ctx.ops = kvm_mkclean_pte;
|
|
ctx.flag = _KVM_HAS_PGMASK;
|
|
ctx.mask = mask;
|
|
ctx.gfn = base_gfn;
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
|
|
kvm_ptw_top(kvm->arch.pgd, start << PAGE_SHIFT, end << PAGE_SHIFT, &ctx);
|
|
}
|
|
|
|
int kvm_arch_prepare_memory_region(struct kvm *kvm, const struct kvm_memory_slot *old,
|
|
struct kvm_memory_slot *new, enum kvm_mr_change change)
|
|
{
|
|
gpa_t gpa_start;
|
|
hva_t hva_start;
|
|
size_t size, gpa_offset, hva_offset;
|
|
|
|
if ((change != KVM_MR_MOVE) && (change != KVM_MR_CREATE))
|
|
return 0;
|
|
/*
|
|
* Prevent userspace from creating a memory region outside of the
|
|
* VM GPA address space
|
|
*/
|
|
if ((new->base_gfn + new->npages) > (kvm->arch.gpa_size >> PAGE_SHIFT))
|
|
return -ENOMEM;
|
|
|
|
new->arch.flags = 0;
|
|
size = new->npages * PAGE_SIZE;
|
|
gpa_start = new->base_gfn << PAGE_SHIFT;
|
|
hva_start = new->userspace_addr;
|
|
if (IS_ALIGNED(size, PMD_SIZE) && IS_ALIGNED(gpa_start, PMD_SIZE)
|
|
&& IS_ALIGNED(hva_start, PMD_SIZE))
|
|
new->arch.flags |= KVM_MEM_HUGEPAGE_CAPABLE;
|
|
else {
|
|
/*
|
|
* Pages belonging to memslots that don't have the same
|
|
* alignment within a PMD for userspace and GPA cannot be
|
|
* mapped with PMD entries, because we'll end up mapping
|
|
* the wrong pages.
|
|
*
|
|
* Consider a layout like the following:
|
|
*
|
|
* memslot->userspace_addr:
|
|
* +-----+--------------------+--------------------+---+
|
|
* |abcde|fgh Stage-1 block | Stage-1 block tv|xyz|
|
|
* +-----+--------------------+--------------------+---+
|
|
*
|
|
* memslot->base_gfn << PAGE_SIZE:
|
|
* +---+--------------------+--------------------+-----+
|
|
* |abc|def Stage-2 block | Stage-2 block |tvxyz|
|
|
* +---+--------------------+--------------------+-----+
|
|
*
|
|
* If we create those stage-2 blocks, we'll end up with this
|
|
* incorrect mapping:
|
|
* d -> f
|
|
* e -> g
|
|
* f -> h
|
|
*/
|
|
gpa_offset = gpa_start & (PMD_SIZE - 1);
|
|
hva_offset = hva_start & (PMD_SIZE - 1);
|
|
if (gpa_offset != hva_offset) {
|
|
new->arch.flags |= KVM_MEM_HUGEPAGE_INCAPABLE;
|
|
} else {
|
|
if (gpa_offset == 0)
|
|
gpa_offset = PMD_SIZE;
|
|
if ((size + gpa_offset) < (PMD_SIZE * 2))
|
|
new->arch.flags |= KVM_MEM_HUGEPAGE_INCAPABLE;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
void kvm_arch_commit_memory_region(struct kvm *kvm,
|
|
struct kvm_memory_slot *old,
|
|
const struct kvm_memory_slot *new,
|
|
enum kvm_mr_change change)
|
|
{
|
|
int needs_flush;
|
|
|
|
/*
|
|
* If dirty page logging is enabled, write protect all pages in the slot
|
|
* ready for dirty logging.
|
|
*
|
|
* There is no need to do this in any of the following cases:
|
|
* CREATE: No dirty mappings will already exist.
|
|
* MOVE/DELETE: The old mappings will already have been cleaned up by
|
|
* kvm_arch_flush_shadow_memslot()
|
|
*/
|
|
if (change == KVM_MR_FLAGS_ONLY &&
|
|
(!(old->flags & KVM_MEM_LOG_DIRTY_PAGES) &&
|
|
new->flags & KVM_MEM_LOG_DIRTY_PAGES)) {
|
|
spin_lock(&kvm->mmu_lock);
|
|
/* Write protect GPA page table entries */
|
|
needs_flush = kvm_mkclean_gpa_pt(kvm, new->base_gfn,
|
|
new->base_gfn + new->npages);
|
|
spin_unlock(&kvm->mmu_lock);
|
|
if (needs_flush)
|
|
kvm_flush_remote_tlbs(kvm);
|
|
}
|
|
}
|
|
|
|
void kvm_arch_flush_shadow_all(struct kvm *kvm)
|
|
{
|
|
kvm_flush_range(kvm, 0, kvm->arch.gpa_size >> PAGE_SHIFT, 0);
|
|
}
|
|
|
|
void kvm_arch_flush_shadow_memslot(struct kvm *kvm, struct kvm_memory_slot *slot)
|
|
{
|
|
/*
|
|
* The slot has been made invalid (ready for moving or deletion), so we
|
|
* need to ensure that it can no longer be accessed by any guest vCPUs.
|
|
*/
|
|
kvm_flush_range(kvm, slot->base_gfn, slot->base_gfn + slot->npages, 1);
|
|
}
|
|
|
|
bool kvm_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range)
|
|
{
|
|
kvm_ptw_ctx ctx;
|
|
|
|
ctx.flag = 0;
|
|
ctx.ops = kvm_flush_pte;
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
INIT_LIST_HEAD(&ctx.list);
|
|
|
|
return kvm_ptw_top(kvm->arch.pgd, range->start << PAGE_SHIFT,
|
|
range->end << PAGE_SHIFT, &ctx);
|
|
}
|
|
|
|
bool kvm_age_gfn(struct kvm *kvm, struct kvm_gfn_range *range)
|
|
{
|
|
kvm_ptw_ctx ctx;
|
|
|
|
ctx.flag = 0;
|
|
ctx.ops = kvm_mkold_pte;
|
|
kvm_ptw_prepare(kvm, &ctx);
|
|
|
|
return kvm_ptw_top(kvm->arch.pgd, range->start << PAGE_SHIFT,
|
|
range->end << PAGE_SHIFT, &ctx);
|
|
}
|
|
|
|
bool kvm_test_age_gfn(struct kvm *kvm, struct kvm_gfn_range *range)
|
|
{
|
|
gpa_t gpa = range->start << PAGE_SHIFT;
|
|
kvm_pte_t *ptep = kvm_populate_gpa(kvm, NULL, gpa, 0);
|
|
|
|
if (ptep && kvm_pte_present(NULL, ptep) && kvm_pte_young(*ptep))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* kvm_map_page_fast() - Fast path GPA fault handler.
|
|
* @vcpu: vCPU pointer.
|
|
* @gpa: Guest physical address of fault.
|
|
* @write: Whether the fault was due to a write.
|
|
*
|
|
* Perform fast path GPA fault handling, doing all that can be done without
|
|
* calling into KVM. This handles marking old pages young (for idle page
|
|
* tracking), and dirtying of clean pages (for dirty page logging).
|
|
*
|
|
* Returns: 0 on success, in which case we can update derived mappings and
|
|
* resume guest execution.
|
|
* -EFAULT on failure due to absent GPA mapping or write to
|
|
* read-only page, in which case KVM must be consulted.
|
|
*/
|
|
static int kvm_map_page_fast(struct kvm_vcpu *vcpu, unsigned long gpa, bool write)
|
|
{
|
|
int ret = 0;
|
|
kvm_pfn_t pfn = 0;
|
|
kvm_pte_t *ptep, changed, new;
|
|
gfn_t gfn = gpa >> PAGE_SHIFT;
|
|
struct kvm *kvm = vcpu->kvm;
|
|
struct kvm_memory_slot *slot;
|
|
|
|
spin_lock(&kvm->mmu_lock);
|
|
|
|
/* Fast path - just check GPA page table for an existing entry */
|
|
ptep = kvm_populate_gpa(kvm, NULL, gpa, 0);
|
|
if (!ptep || !kvm_pte_present(NULL, ptep)) {
|
|
ret = -EFAULT;
|
|
goto out;
|
|
}
|
|
|
|
/* Track access to pages marked old */
|
|
new = *ptep;
|
|
if (!kvm_pte_young(new))
|
|
new = kvm_pte_mkyoung(new);
|
|
/* call kvm_set_pfn_accessed() after unlock */
|
|
|
|
if (write && !kvm_pte_dirty(new)) {
|
|
if (!kvm_pte_write(new)) {
|
|
ret = -EFAULT;
|
|
goto out;
|
|
}
|
|
|
|
if (kvm_pte_huge(new)) {
|
|
/*
|
|
* Do not set write permission when dirty logging is
|
|
* enabled for HugePages
|
|
*/
|
|
slot = gfn_to_memslot(kvm, gfn);
|
|
if (kvm_slot_dirty_track_enabled(slot)) {
|
|
ret = -EFAULT;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
/* Track dirtying of writeable pages */
|
|
new = kvm_pte_mkdirty(new);
|
|
}
|
|
|
|
changed = new ^ (*ptep);
|
|
if (changed) {
|
|
kvm_set_pte(ptep, new);
|
|
pfn = kvm_pte_pfn(new);
|
|
}
|
|
spin_unlock(&kvm->mmu_lock);
|
|
|
|
/*
|
|
* Fixme: pfn may be freed after mmu_lock
|
|
* kvm_try_get_pfn(pfn)/kvm_release_pfn pair to prevent this?
|
|
*/
|
|
if (kvm_pte_young(changed))
|
|
kvm_set_pfn_accessed(pfn);
|
|
|
|
if (kvm_pte_dirty(changed)) {
|
|
mark_page_dirty(kvm, gfn);
|
|
kvm_set_pfn_dirty(pfn);
|
|
}
|
|
return ret;
|
|
out:
|
|
spin_unlock(&kvm->mmu_lock);
|
|
return ret;
|
|
}
|
|
|
|
static bool fault_supports_huge_mapping(struct kvm_memory_slot *memslot,
|
|
unsigned long hva, bool write)
|
|
{
|
|
hva_t start, end;
|
|
|
|
/* Disable dirty logging on HugePages */
|
|
if (kvm_slot_dirty_track_enabled(memslot) && write)
|
|
return false;
|
|
|
|
if (kvm_hugepage_capable(memslot))
|
|
return true;
|
|
|
|
if (kvm_hugepage_incapable(memslot))
|
|
return false;
|
|
|
|
start = memslot->userspace_addr;
|
|
end = start + memslot->npages * PAGE_SIZE;
|
|
|
|
/*
|
|
* Next, let's make sure we're not trying to map anything not covered
|
|
* by the memslot. This means we have to prohibit block size mappings
|
|
* for the beginning and end of a non-block aligned and non-block sized
|
|
* memory slot (illustrated by the head and tail parts of the
|
|
* userspace view above containing pages 'abcde' and 'xyz',
|
|
* respectively).
|
|
*
|
|
* Note that it doesn't matter if we do the check using the
|
|
* userspace_addr or the base_gfn, as both are equally aligned (per
|
|
* the check above) and equally sized.
|
|
*/
|
|
return (hva >= ALIGN(start, PMD_SIZE)) && (hva < ALIGN_DOWN(end, PMD_SIZE));
|
|
}
|
|
|
|
/*
|
|
* Lookup the mapping level for @gfn in the current mm.
|
|
*
|
|
* WARNING! Use of host_pfn_mapping_level() requires the caller and the end
|
|
* consumer to be tied into KVM's handlers for MMU notifier events!
|
|
*
|
|
* There are several ways to safely use this helper:
|
|
*
|
|
* - Check mmu_invalidate_retry_gfn() after grabbing the mapping level, before
|
|
* consuming it. In this case, mmu_lock doesn't need to be held during the
|
|
* lookup, but it does need to be held while checking the MMU notifier.
|
|
*
|
|
* - Hold mmu_lock AND ensure there is no in-progress MMU notifier invalidation
|
|
* event for the hva. This can be done by explicit checking the MMU notifier
|
|
* or by ensuring that KVM already has a valid mapping that covers the hva.
|
|
*
|
|
* - Do not use the result to install new mappings, e.g. use the host mapping
|
|
* level only to decide whether or not to zap an entry. In this case, it's
|
|
* not required to hold mmu_lock (though it's highly likely the caller will
|
|
* want to hold mmu_lock anyways, e.g. to modify SPTEs).
|
|
*
|
|
* Note! The lookup can still race with modifications to host page tables, but
|
|
* the above "rules" ensure KVM will not _consume_ the result of the walk if a
|
|
* race with the primary MMU occurs.
|
|
*/
|
|
static int host_pfn_mapping_level(struct kvm *kvm, gfn_t gfn,
|
|
const struct kvm_memory_slot *slot)
|
|
{
|
|
int level = 0;
|
|
unsigned long hva;
|
|
unsigned long flags;
|
|
pgd_t pgd;
|
|
p4d_t p4d;
|
|
pud_t pud;
|
|
pmd_t pmd;
|
|
|
|
/*
|
|
* Note, using the already-retrieved memslot and __gfn_to_hva_memslot()
|
|
* is not solely for performance, it's also necessary to avoid the
|
|
* "writable" check in __gfn_to_hva_many(), which will always fail on
|
|
* read-only memslots due to gfn_to_hva() assuming writes. Earlier
|
|
* page fault steps have already verified the guest isn't writing a
|
|
* read-only memslot.
|
|
*/
|
|
hva = __gfn_to_hva_memslot(slot, gfn);
|
|
|
|
/*
|
|
* Disable IRQs to prevent concurrent tear down of host page tables,
|
|
* e.g. if the primary MMU promotes a P*D to a huge page and then frees
|
|
* the original page table.
|
|
*/
|
|
local_irq_save(flags);
|
|
|
|
/*
|
|
* Read each entry once. As above, a non-leaf entry can be promoted to
|
|
* a huge page _during_ this walk. Re-reading the entry could send the
|
|
* walk into the weeks, e.g. p*d_leaf() returns false (sees the old
|
|
* value) and then p*d_offset() walks into the target huge page instead
|
|
* of the old page table (sees the new value).
|
|
*/
|
|
pgd = READ_ONCE(*pgd_offset(kvm->mm, hva));
|
|
if (pgd_none(pgd))
|
|
goto out;
|
|
|
|
p4d = READ_ONCE(*p4d_offset(&pgd, hva));
|
|
if (p4d_none(p4d) || !p4d_present(p4d))
|
|
goto out;
|
|
|
|
pud = READ_ONCE(*pud_offset(&p4d, hva));
|
|
if (pud_none(pud) || !pud_present(pud))
|
|
goto out;
|
|
|
|
pmd = READ_ONCE(*pmd_offset(&pud, hva));
|
|
if (pmd_none(pmd) || !pmd_present(pmd))
|
|
goto out;
|
|
|
|
if (kvm_pte_huge(pmd_val(pmd)))
|
|
level = 1;
|
|
|
|
out:
|
|
local_irq_restore(flags);
|
|
return level;
|
|
}
|
|
|
|
/*
|
|
* Split huge page
|
|
*/
|
|
static kvm_pte_t *kvm_split_huge(struct kvm_vcpu *vcpu, kvm_pte_t *ptep, gfn_t gfn)
|
|
{
|
|
int i;
|
|
kvm_pte_t val, *child;
|
|
struct kvm *kvm = vcpu->kvm;
|
|
struct kvm_mmu_memory_cache *memcache;
|
|
|
|
memcache = &vcpu->arch.mmu_page_cache;
|
|
child = kvm_mmu_memory_cache_alloc(memcache);
|
|
val = kvm_pte_mksmall(*ptep);
|
|
for (i = 0; i < PTRS_PER_PTE; i++) {
|
|
kvm_set_pte(child + i, val);
|
|
val += PAGE_SIZE;
|
|
}
|
|
|
|
/* The later kvm_flush_tlb_gpa() will flush hugepage tlb */
|
|
kvm_set_pte(ptep, __pa(child));
|
|
|
|
kvm->stat.hugepages--;
|
|
kvm->stat.pages += PTRS_PER_PTE;
|
|
|
|
return child + (gfn & (PTRS_PER_PTE - 1));
|
|
}
|
|
|
|
/*
|
|
* kvm_map_page() - Map a guest physical page.
|
|
* @vcpu: vCPU pointer.
|
|
* @gpa: Guest physical address of fault.
|
|
* @write: Whether the fault was due to a write.
|
|
*
|
|
* Handle GPA faults by creating a new GPA mapping (or updating an existing
|
|
* one).
|
|
*
|
|
* This takes care of marking pages young or dirty (idle/dirty page tracking),
|
|
* asking KVM for the corresponding PFN, and creating a mapping in the GPA page
|
|
* tables. Derived mappings (GVA page tables and TLBs) must be handled by the
|
|
* caller.
|
|
*
|
|
* Returns: 0 on success
|
|
* -EFAULT if there is no memory region at @gpa or a write was
|
|
* attempted to a read-only memory region. This is usually handled
|
|
* as an MMIO access.
|
|
*/
|
|
static int kvm_map_page(struct kvm_vcpu *vcpu, unsigned long gpa, bool write)
|
|
{
|
|
bool writeable;
|
|
int srcu_idx, err, retry_no = 0, level;
|
|
unsigned long hva, mmu_seq, prot_bits;
|
|
kvm_pfn_t pfn;
|
|
kvm_pte_t *ptep, new_pte;
|
|
gfn_t gfn = gpa >> PAGE_SHIFT;
|
|
struct kvm *kvm = vcpu->kvm;
|
|
struct kvm_memory_slot *memslot;
|
|
struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache;
|
|
|
|
/* Try the fast path to handle old / clean pages */
|
|
srcu_idx = srcu_read_lock(&kvm->srcu);
|
|
err = kvm_map_page_fast(vcpu, gpa, write);
|
|
if (!err)
|
|
goto out;
|
|
|
|
memslot = gfn_to_memslot(kvm, gfn);
|
|
hva = gfn_to_hva_memslot_prot(memslot, gfn, &writeable);
|
|
if (kvm_is_error_hva(hva) || (write && !writeable)) {
|
|
err = -EFAULT;
|
|
goto out;
|
|
}
|
|
|
|
/* We need a minimum of cached pages ready for page table creation */
|
|
err = kvm_mmu_topup_memory_cache(memcache, KVM_MMU_CACHE_MIN_PAGES);
|
|
if (err)
|
|
goto out;
|
|
|
|
retry:
|
|
/*
|
|
* Used to check for invalidations in progress, of the pfn that is
|
|
* returned by pfn_to_pfn_prot below.
|
|
*/
|
|
mmu_seq = kvm->mmu_invalidate_seq;
|
|
/*
|
|
* Ensure the read of mmu_invalidate_seq isn't reordered with PTE reads in
|
|
* gfn_to_pfn_prot() (which calls get_user_pages()), so that we don't
|
|
* risk the page we get a reference to getting unmapped before we have a
|
|
* chance to grab the mmu_lock without mmu_invalidate_retry() noticing.
|
|
*
|
|
* This smp_rmb() pairs with the effective smp_wmb() of the combination
|
|
* of the pte_unmap_unlock() after the PTE is zapped, and the
|
|
* spin_lock() in kvm_mmu_invalidate_invalidate_<page|range_end>() before
|
|
* mmu_invalidate_seq is incremented.
|
|
*/
|
|
smp_rmb();
|
|
|
|
/* Slow path - ask KVM core whether we can access this GPA */
|
|
pfn = gfn_to_pfn_prot(kvm, gfn, write, &writeable);
|
|
if (is_error_noslot_pfn(pfn)) {
|
|
err = -EFAULT;
|
|
goto out;
|
|
}
|
|
|
|
/* Check if an invalidation has taken place since we got pfn */
|
|
spin_lock(&kvm->mmu_lock);
|
|
if (mmu_invalidate_retry_gfn(kvm, mmu_seq, gfn)) {
|
|
/*
|
|
* This can happen when mappings are changed asynchronously, but
|
|
* also synchronously if a COW is triggered by
|
|
* gfn_to_pfn_prot().
|
|
*/
|
|
spin_unlock(&kvm->mmu_lock);
|
|
kvm_release_pfn_clean(pfn);
|
|
if (retry_no > 100) {
|
|
retry_no = 0;
|
|
schedule();
|
|
}
|
|
retry_no++;
|
|
goto retry;
|
|
}
|
|
|
|
/*
|
|
* For emulated devices such virtio device, actual cache attribute is
|
|
* determined by physical machine.
|
|
* For pass through physical device, it should be uncachable
|
|
*/
|
|
prot_bits = _PAGE_PRESENT | __READABLE;
|
|
if (pfn_valid(pfn))
|
|
prot_bits |= _CACHE_CC;
|
|
else
|
|
prot_bits |= _CACHE_SUC;
|
|
|
|
if (writeable) {
|
|
prot_bits |= _PAGE_WRITE;
|
|
if (write)
|
|
prot_bits |= __WRITEABLE;
|
|
}
|
|
|
|
/* Disable dirty logging on HugePages */
|
|
level = 0;
|
|
if (!fault_supports_huge_mapping(memslot, hva, write)) {
|
|
level = 0;
|
|
} else {
|
|
level = host_pfn_mapping_level(kvm, gfn, memslot);
|
|
if (level == 1) {
|
|
gfn = gfn & ~(PTRS_PER_PTE - 1);
|
|
pfn = pfn & ~(PTRS_PER_PTE - 1);
|
|
}
|
|
}
|
|
|
|
/* Ensure page tables are allocated */
|
|
ptep = kvm_populate_gpa(kvm, memcache, gpa, level);
|
|
new_pte = kvm_pfn_pte(pfn, __pgprot(prot_bits));
|
|
if (level == 1) {
|
|
new_pte = kvm_pte_mkhuge(new_pte);
|
|
/*
|
|
* previous pmd entry is invalid_pte_table
|
|
* there is invalid tlb with small page
|
|
* need flush these invalid tlbs for current vcpu
|
|
*/
|
|
kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
|
|
++kvm->stat.hugepages;
|
|
} else if (kvm_pte_huge(*ptep) && write)
|
|
ptep = kvm_split_huge(vcpu, ptep, gfn);
|
|
else
|
|
++kvm->stat.pages;
|
|
kvm_set_pte(ptep, new_pte);
|
|
spin_unlock(&kvm->mmu_lock);
|
|
|
|
if (prot_bits & _PAGE_DIRTY) {
|
|
mark_page_dirty_in_slot(kvm, memslot, gfn);
|
|
kvm_set_pfn_dirty(pfn);
|
|
}
|
|
|
|
kvm_set_pfn_accessed(pfn);
|
|
kvm_release_pfn_clean(pfn);
|
|
out:
|
|
srcu_read_unlock(&kvm->srcu, srcu_idx);
|
|
return err;
|
|
}
|
|
|
|
int kvm_handle_mm_fault(struct kvm_vcpu *vcpu, unsigned long gpa, bool write)
|
|
{
|
|
int ret;
|
|
|
|
ret = kvm_map_page(vcpu, gpa, write);
|
|
if (ret)
|
|
return ret;
|
|
|
|
/* Invalidate this entry in the TLB */
|
|
kvm_flush_tlb_gpa(vcpu, gpa);
|
|
|
|
return 0;
|
|
}
|
|
|
|
void kvm_arch_sync_dirty_log(struct kvm *kvm, struct kvm_memory_slot *memslot)
|
|
{
|
|
}
|
|
|
|
void kvm_arch_flush_remote_tlbs_memslot(struct kvm *kvm,
|
|
const struct kvm_memory_slot *memslot)
|
|
{
|
|
kvm_flush_remote_tlbs(kvm);
|
|
}
|