kvm/mmu/mmu_internal.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef __KVM_X86_MMU_INTERNAL_H
0003 #define __KVM_X86_MMU_INTERNAL_H
0004
0005 #include <linux/types.h>
0006 #include <linux/kvm_host.h>
0007 #include <asm/kvm_host.h>
0008
0009 #undef MMU_DEBUG
0010
0011 #ifdef MMU_DEBUG
0012 extern bool dbg;
0013
0014 #define pgprintk(x...) do { if (dbg) printk(x); } while (0)
0015 #define rmap_printk(fmt, args...) do { if (dbg) printk("%s: " fmt, __func__, ## args); } while (0)
0016 #define MMU_WARN_ON(x) WARN_ON(x)
0017 #else
0018 #define pgprintk(x...) do { } while (0)
0019 #define rmap_printk(x...) do { } while (0)
0020 #define MMU_WARN_ON(x) do { } while (0)
0021 #endif
0022
0023 /* Page table builder macros common to shadow (host) PTEs and guest PTEs. */
0024 #define __PT_LEVEL_SHIFT(level, bits_per_level) \
0025     (PAGE_SHIFT + ((level) - 1) * (bits_per_level))
0026 #define __PT_INDEX(address, level, bits_per_level) \
0027     (((address) >> __PT_LEVEL_SHIFT(level, bits_per_level)) & ((1 << (bits_per_level)) - 1))
0028
0029 #define __PT_LVL_ADDR_MASK(base_addr_mask, level, bits_per_level) \
0030     ((base_addr_mask) & ~((1ULL << (PAGE_SHIFT + (((level) - 1) * (bits_per_level)))) - 1))
0031
0032 #define __PT_LVL_OFFSET_MASK(base_addr_mask, level, bits_per_level) \
0033     ((base_addr_mask) & ((1ULL << (PAGE_SHIFT + (((level) - 1) * (bits_per_level)))) - 1))
0034
0035 #define __PT_ENT_PER_PAGE(bits_per_level)  (1 << (bits_per_level))
0036
0037 /*
0038  * Unlike regular MMU roots, PAE "roots", a.k.a. PDPTEs/PDPTRs, have a PRESENT
0039  * bit, and thus are guaranteed to be non-zero when valid.  And, when a guest
0040  * PDPTR is !PRESENT, its corresponding PAE root cannot be set to INVALID_PAGE,
0041  * as the CPU would treat that as PRESENT PDPTR with reserved bits set.  Use
0042  * '0' instead of INVALID_PAGE to indicate an invalid PAE root.
0043  */
0044 #define INVALID_PAE_ROOT    0
0045 #define IS_VALID_PAE_ROOT(x)    (!!(x))
0046
0047 typedef u64 __rcu *tdp_ptep_t;
0048
0049 struct kvm_mmu_page {
0050     /*
0051      * Note, "link" through "spt" fit in a single 64 byte cache line on
0052      * 64-bit kernels, keep it that way unless there's a reason not to.
0053      */
0054     struct list_head link;
0055     struct hlist_node hash_link;
0056
0057     bool tdp_mmu_page;
0058     bool unsync;
0059     u8 mmu_valid_gen;
0060     bool lpage_disallowed; /* Can't be replaced by an equiv large page */
0061
0062     /*
0063      * The following two entries are used to key the shadow page in the
0064      * hash table.
0065      */
0066     union kvm_mmu_page_role role;
0067     gfn_t gfn;
0068
0069     u64 *spt;
0070
0071     /*
0072      * Stores the result of the guest translation being shadowed by each
0073      * SPTE.  KVM shadows two types of guest translations: nGPA -> GPA
0074      * (shadow EPT/NPT) and GVA -> GPA (traditional shadow paging). In both
0075      * cases the result of the translation is a GPA and a set of access
0076      * constraints.
0077      *
0078      * The GFN is stored in the upper bits (PAGE_SHIFT) and the shadowed
0079      * access permissions are stored in the lower bits. Note, for
0080      * convenience and uniformity across guests, the access permissions are
0081      * stored in KVM format (e.g.  ACC_EXEC_MASK) not the raw guest format.
0082      */
0083     u64 *shadowed_translation;
0084
0085     /* Currently serving as active root */
0086     union {
0087         int root_count;
0088         refcount_t tdp_mmu_root_count;
0089     };
0090     unsigned int unsync_children;
0091     union {
0092         struct kvm_rmap_head parent_ptes; /* rmap pointers to parent sptes */
0093         tdp_ptep_t ptep;
0094     };
0095     union {
0096         DECLARE_BITMAP(unsync_child_bitmap, 512);
0097         struct {
0098             struct work_struct tdp_mmu_async_work;
0099             void *tdp_mmu_async_data;
0100         };
0101     };
0102
0103     struct list_head lpage_disallowed_link;
0104 #ifdef CONFIG_X86_32
0105     /*
0106      * Used out of the mmu-lock to avoid reading spte values while an
0107      * update is in progress; see the comments in __get_spte_lockless().
0108      */
0109     int clear_spte_count;
0110 #endif
0111
0112     /* Number of writes since the last time traversal visited this page.  */
0113     atomic_t write_flooding_count;
0114
0115 #ifdef CONFIG_X86_64
0116     /* Used for freeing the page asynchronously if it is a TDP MMU page. */
0117     struct rcu_head rcu_head;
0118 #endif
0119 };
0120
0121 extern struct kmem_cache *mmu_page_header_cache;
0122
0123 static inline struct kvm_mmu_page *to_shadow_page(hpa_t shadow_page)
0124 {
0125     struct page *page = pfn_to_page(shadow_page >> PAGE_SHIFT);
0126
0127     return (struct kvm_mmu_page *)page_private(page);
0128 }
0129
0130 static inline struct kvm_mmu_page *sptep_to_sp(u64 *sptep)
0131 {
0132     return to_shadow_page(__pa(sptep));
0133 }
0134
0135 static inline int kvm_mmu_role_as_id(union kvm_mmu_page_role role)
0136 {
0137     return role.smm ? 1 : 0;
0138 }
0139
0140 static inline int kvm_mmu_page_as_id(struct kvm_mmu_page *sp)
0141 {
0142     return kvm_mmu_role_as_id(sp->role);
0143 }
0144
0145 static inline bool kvm_mmu_page_ad_need_write_protect(struct kvm_mmu_page *sp)
0146 {
0147     /*
0148      * When using the EPT page-modification log, the GPAs in the CPU dirty
0149      * log would come from L2 rather than L1.  Therefore, we need to rely
0150      * on write protection to record dirty pages, which bypasses PML, since
0151      * writes now result in a vmexit.  Note, the check on CPU dirty logging
0152      * being enabled is mandatory as the bits used to denote WP-only SPTEs
0153      * are reserved for PAE paging (32-bit KVM).
0154      */
0155     return kvm_x86_ops.cpu_dirty_log_size && sp->role.guest_mode;
0156 }
0157
0158 int mmu_try_to_unsync_pages(struct kvm *kvm, const struct kvm_memory_slot *slot,
0159                 gfn_t gfn, bool can_unsync, bool prefetch);
0160
0161 void kvm_mmu_gfn_disallow_lpage(const struct kvm_memory_slot *slot, gfn_t gfn);
0162 void kvm_mmu_gfn_allow_lpage(const struct kvm_memory_slot *slot, gfn_t gfn);
0163 bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
0164                     struct kvm_memory_slot *slot, u64 gfn,
0165                     int min_level);
0166 void kvm_flush_remote_tlbs_with_address(struct kvm *kvm,
0167                     u64 start_gfn, u64 pages);
0168 unsigned int pte_list_count(struct kvm_rmap_head *rmap_head);
0169
0170 extern int nx_huge_pages;
0171 static inline bool is_nx_huge_page_enabled(struct kvm *kvm)
0172 {
0173     return READ_ONCE(nx_huge_pages) && !kvm->arch.disable_nx_huge_pages;
0174 }
0175
0176 struct kvm_page_fault {
0177     /* arguments to kvm_mmu_do_page_fault.  */
0178     const gpa_t addr;
0179     const u32 error_code;
0180     const bool prefetch;
0181
0182     /* Derived from error_code.  */
0183     const bool exec;
0184     const bool write;
0185     const bool present;
0186     const bool rsvd;
0187     const bool user;
0188
0189     /* Derived from mmu and global state.  */
0190     const bool is_tdp;
0191     const bool nx_huge_page_workaround_enabled;
0192
0193     /*
0194      * Whether a >4KB mapping can be created or is forbidden due to NX
0195      * hugepages.
0196      */
0197     bool huge_page_disallowed;
0198
0199     /*
0200      * Maximum page size that can be created for this fault; input to
0201      * FNAME(fetch), __direct_map and kvm_tdp_mmu_map.
0202      */
0203     u8 max_level;
0204
0205     /*
0206      * Page size that can be created based on the max_level and the
0207      * page size used by the host mapping.
0208      */
0209     u8 req_level;
0210
0211     /*
0212      * Page size that will be created based on the req_level and
0213      * huge_page_disallowed.
0214      */
0215     u8 goal_level;
0216
0217     /* Shifted addr, or result of guest page table walk if addr is a gva.  */
0218     gfn_t gfn;
0219
0220     /* The memslot containing gfn. May be NULL. */
0221     struct kvm_memory_slot *slot;
0222
0223     /* Outputs of kvm_faultin_pfn.  */
0224     kvm_pfn_t pfn;
0225     hva_t hva;
0226     bool map_writable;
0227 };
0228
0229 int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault);
0230
0231 /*
0232  * Return values of handle_mmio_page_fault(), mmu.page_fault(), fast_page_fault(),
0233  * and of course kvm_mmu_do_page_fault().
0234  *
0235  * RET_PF_CONTINUE: So far, so good, keep handling the page fault.
0236  * RET_PF_RETRY: let CPU fault again on the address.
0237  * RET_PF_EMULATE: mmio page fault, emulate the instruction directly.
0238  * RET_PF_INVALID: the spte is invalid, let the real page fault path update it.
0239  * RET_PF_FIXED: The faulting entry has been fixed.
0240  * RET_PF_SPURIOUS: The faulting entry was already fixed, e.g. by another vCPU.
0241  *
0242  * Any names added to this enum should be exported to userspace for use in
0243  * tracepoints via TRACE_DEFINE_ENUM() in mmutrace.h
0244  *
0245  * Note, all values must be greater than or equal to zero so as not to encroach
0246  * on -errno return values.  Somewhat arbitrarily use '0' for CONTINUE, which
0247  * will allow for efficient machine code when checking for CONTINUE, e.g.
0248  * "TEST %rax, %rax, JNZ", as all "stop!" values are non-zero.
0249  */
0250 enum {
0251     RET_PF_CONTINUE = 0,
0252     RET_PF_RETRY,
0253     RET_PF_EMULATE,
0254     RET_PF_INVALID,
0255     RET_PF_FIXED,
0256     RET_PF_SPURIOUS,
0257 };
0258
0259 static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
0260                     u32 err, bool prefetch)
0261 {
0262     struct kvm_page_fault fault = {
0263         .addr = cr2_or_gpa,
0264         .error_code = err,
0265         .exec = err & PFERR_FETCH_MASK,
0266         .write = err & PFERR_WRITE_MASK,
0267         .present = err & PFERR_PRESENT_MASK,
0268         .rsvd = err & PFERR_RSVD_MASK,
0269         .user = err & PFERR_USER_MASK,
0270         .prefetch = prefetch,
0271         .is_tdp = likely(vcpu->arch.mmu->page_fault == kvm_tdp_page_fault),
0272         .nx_huge_page_workaround_enabled =
0273             is_nx_huge_page_enabled(vcpu->kvm),
0274
0275         .max_level = KVM_MAX_HUGEPAGE_LEVEL,
0276         .req_level = PG_LEVEL_4K,
0277         .goal_level = PG_LEVEL_4K,
0278     };
0279     int r;
0280
0281     /*
0282      * Async #PF "faults", a.k.a. prefetch faults, are not faults from the
0283      * guest perspective and have already been counted at the time of the
0284      * original fault.
0285      */
0286     if (!prefetch)
0287         vcpu->stat.pf_taken++;
0288
0289     if (IS_ENABLED(CONFIG_RETPOLINE) && fault.is_tdp)
0290         r = kvm_tdp_page_fault(vcpu, &fault);
0291     else
0292         r = vcpu->arch.mmu->page_fault(vcpu, &fault);
0293
0294     /*
0295      * Similar to above, prefetch faults aren't truly spurious, and the
0296      * async #PF path doesn't do emulation.  Do count faults that are fixed
0297      * by the async #PF handler though, otherwise they'll never be counted.
0298      */
0299     if (r == RET_PF_FIXED)
0300         vcpu->stat.pf_fixed++;
0301     else if (prefetch)
0302         ;
0303     else if (r == RET_PF_EMULATE)
0304         vcpu->stat.pf_emulate++;
0305     else if (r == RET_PF_SPURIOUS)
0306         vcpu->stat.pf_spurious++;
0307     return r;
0308 }
0309
0310 int kvm_mmu_max_mapping_level(struct kvm *kvm,
0311                   const struct kvm_memory_slot *slot, gfn_t gfn,
0312                   int max_level);
0313 void kvm_mmu_hugepage_adjust(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault);
0314 void disallowed_hugepage_adjust(struct kvm_page_fault *fault, u64 spte, int cur_level);
0315
0316 void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc);
0317
0318 void account_huge_nx_page(struct kvm *kvm, struct kvm_mmu_page *sp);
0319 void unaccount_huge_nx_page(struct kvm *kvm, struct kvm_mmu_page *sp);
0320
0321 #endif /* __KVM_X86_MMU_INTERNAL_H */