int guest_remove_page(struct domain *d, unsigned long gmfn)
{
struct page_info *page;
#ifdef CONFIG_X86
p2m_type_t p2mt;
#endif
unsigned long mfn;
#ifdef CONFIG_X86
mfn = mfn_x(gfn_to_mfn(p2m_get_hostp2m(d), gmfn, &p2mt));
if ( unlikely(p2m_is_paging(p2mt)) )
{
guest_physmap_remove_page(d, gmfn, mfn, 0);
p2m_mem_paging_drop_page(p2m_get_hostp2m(d), gmfn);
return 1;
}
#else
mfn = gmfn_to_mfn(d, gmfn);
#endif
if ( unlikely(!mfn_valid(mfn)) )
{
gdprintk(XENLOG_INFO, "Domain %u page number %lx invalid\n",
d->domain_id, gmfn);
return 0;
}
page = mfn_to_page(mfn);
#ifdef CONFIG_X86
/* If gmfn is shared, just drop the guest reference (which may or may not
* free the page) */
if(p2m_is_shared(p2mt))
{
put_page_and_type(page);
guest_physmap_remove_page(d, gmfn, mfn, 0);
return 1;
}
#endif /* CONFIG_X86 */
if ( unlikely(!get_page(page, d)) )
{
gdprintk(XENLOG_INFO, "Bad page free for domain %u\n", d->domain_id);
return 0;
}
if ( test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) )
put_page_and_type(page);
if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
put_page(page);
guest_physmap_remove_page(d, gmfn, mfn, 0);
put_page(page);
return 1;
}
int
set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn)
{
int rc = 0;
p2m_access_t a;
p2m_type_t ot;
mfn_t omfn;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
if ( !paging_mode_translate(d) )
return 0;
gfn_lock(p2m, gfn, 0);
omfn = p2m->get_entry(p2m, gfn, &ot, &a, 0, NULL);
if ( p2m_is_grant(ot) )
{
p2m_unlock(p2m);
domain_crash(d);
return 0;
}
else if ( p2m_is_ram(ot) )
{
ASSERT(mfn_valid(omfn));
set_gpfn_from_mfn(mfn_x(omfn), INVALID_M2P_ENTRY);
}
P2M_DEBUG("set mmio %lx %lx\n", gfn, mfn_x(mfn));
rc = set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_mmio_direct, p2m->default_access);
gfn_unlock(p2m, gfn, 0);
if ( 0 == rc )
gdprintk(XENLOG_ERR,
"set_mmio_p2m_entry: set_p2m_entry failed! mfn=%08lx\n",
mfn_x(get_gfn_query_unlocked(p2m->domain, gfn, &ot)));
return rc;
}
int
clear_mmio_p2m_entry(struct domain *d, unsigned long gfn)
{
int rc = 0;
mfn_t mfn;
p2m_access_t a;
p2m_type_t t;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
if ( !paging_mode_translate(d) )
return 0;
gfn_lock(p2m, gfn, 0);
mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL);
/* Do not use mfn_valid() here as it will usually fail for MMIO pages. */
if ( (INVALID_MFN == mfn_x(mfn)) || (t != p2m_mmio_direct) )
{
gdprintk(XENLOG_ERR,
"clear_mmio_p2m_entry: gfn_to_mfn failed! gfn=%08lx\n", gfn);
goto out;
}
rc = set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), PAGE_ORDER_4K, p2m_invalid, p2m->default_access);
out:
gfn_unlock(p2m, gfn, 0);
return rc;
}
/* Modify the p2m type of a range of gfns from ot to nt.
* Resets the access permissions. */
void p2m_change_type_range(struct domain *d,
unsigned long start, unsigned long end,
p2m_type_t ot, p2m_type_t nt)
{
p2m_access_t a;
p2m_type_t pt;
unsigned long gfn;
mfn_t mfn;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt));
p2m_lock(p2m);
p2m->defer_nested_flush = 1;
for ( gfn = start; gfn < end; gfn++ )
{
mfn = p2m->get_entry(p2m, gfn, &pt, &a, 0, NULL);
if ( pt == ot )
set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, nt, p2m->default_access);
}
p2m->defer_nested_flush = 0;
if ( nestedhvm_enabled(d) )
p2m_flush_nestedp2m(d);
p2m_unlock(p2m);
}
int
set_shared_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
int rc = 0;
p2m_access_t a;
p2m_type_t ot;
mfn_t omfn;
unsigned long pg_type;
if ( !paging_mode_translate(p2m->domain) )
return 0;
gfn_lock(p2m, gfn, 0);
omfn = p2m->get_entry(p2m, gfn, &ot, &a, 0, NULL);
/* At the moment we only allow p2m change if gfn has already been made
* sharable first */
ASSERT(p2m_is_shared(ot));
ASSERT(mfn_valid(omfn));
/* Set the m2p entry to invalid only if there are no further type
* refs to this page as shared */
pg_type = read_atomic(&(mfn_to_page(omfn)->u.inuse.type_info));
if ( (pg_type & PGT_count_mask) == 0
|| (pg_type & PGT_type_mask) != PGT_shared_page )
set_gpfn_from_mfn(mfn_x(omfn), INVALID_M2P_ENTRY);
P2M_DEBUG("set shared %lx %lx\n", gfn, mfn_x(mfn));
rc = set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_shared, p2m->default_access);
gfn_unlock(p2m, gfn, 0);
if ( 0 == rc )
gdprintk(XENLOG_ERR,
"set_shared_p2m_entry: set_p2m_entry failed! mfn=%08lx\n",
mfn_x(get_gfn_query_unlocked(p2m->domain, gfn, &ot)));
return rc;
}
void p2m_change_entry_type_global(struct domain *d,
p2m_type_t ot, p2m_type_t nt)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
p2m_lock(p2m);
p2m->change_entry_type_global(p2m, ot, nt);
p2m_unlock(p2m);
}
void
guest_physmap_remove_page(struct domain *d, unsigned long gfn,
unsigned long mfn, unsigned int page_order)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
gfn_lock(p2m, gfn, page_order);
p2m_remove_page(p2m, gfn, mfn, page_order);
gfn_unlock(p2m, gfn, page_order);
}
bool p2m_mem_access_emulate_check(struct vcpu *v,
const vm_event_response_t *rsp)
{
xenmem_access_t access;
bool violation = 1;
const struct vm_event_mem_access *data = &rsp->u.mem_access;
struct domain *d = v->domain;
struct p2m_domain *p2m = NULL;
if ( altp2m_active(d) )
p2m = p2m_get_altp2m(v);
if ( !p2m )
p2m = p2m_get_hostp2m(d);
if ( _p2m_get_mem_access(p2m, _gfn(data->gfn), &access) == 0 )
{
switch ( access )
{
case XENMEM_access_n:
case XENMEM_access_n2rwx:
default:
violation = data->flags & MEM_ACCESS_RWX;
break;
case XENMEM_access_r:
violation = data->flags & MEM_ACCESS_WX;
break;
case XENMEM_access_w:
violation = data->flags & MEM_ACCESS_RX;
break;
case XENMEM_access_x:
violation = data->flags & MEM_ACCESS_RW;
break;
case XENMEM_access_rx:
case XENMEM_access_rx2rw:
violation = data->flags & MEM_ACCESS_W;
break;
case XENMEM_access_wx:
violation = data->flags & MEM_ACCESS_R;
break;
case XENMEM_access_rw:
violation = data->flags & MEM_ACCESS_X;
break;
case XENMEM_access_rwx:
violation = 0;
break;
}
}
return violation;
}
static int __init pvh_setup_vmx_realmode_helpers(struct domain *d)
{
p2m_type_t p2mt;
uint32_t rc, *ident_pt;
mfn_t mfn;
paddr_t gaddr;
struct vcpu *v = d->vcpu[0];
/*
* Steal some space from the last RAM region below 4GB and use it to
* store the real-mode TSS. It needs to be aligned to 128 so that the
* TSS structure (which accounts for the first 104b) doesn't cross
* a page boundary.
*/
if ( !pvh_steal_ram(d, HVM_VM86_TSS_SIZE, 128, GB(4), &gaddr) )
{
if ( hvm_copy_to_guest_phys(gaddr, NULL, HVM_VM86_TSS_SIZE, v) !=
HVMCOPY_okay )
printk("Unable to zero VM86 TSS area\n");
d->arch.hvm_domain.params[HVM_PARAM_VM86_TSS_SIZED] =
VM86_TSS_UPDATED | ((uint64_t)HVM_VM86_TSS_SIZE << 32) | gaddr;
if ( pvh_add_mem_range(d, gaddr, gaddr + HVM_VM86_TSS_SIZE,
E820_RESERVED) )
printk("Unable to set VM86 TSS as reserved in the memory map\n");
}
else
printk("Unable to allocate VM86 TSS area\n");
/* Steal some more RAM for the identity page tables. */
if ( pvh_steal_ram(d, PAGE_SIZE, PAGE_SIZE, GB(4), &gaddr) )
{
printk("Unable to find memory to stash the identity page tables\n");
return -ENOMEM;
}
/*
* Identity-map page table is required for running with CR0.PG=0
* when using Intel EPT. Create a 32-bit non-PAE page directory of
* superpages.
*/
ident_pt = map_domain_gfn(p2m_get_hostp2m(d), _gfn(PFN_DOWN(gaddr)),
&mfn, &p2mt, 0, &rc);
if ( ident_pt == NULL )
{
printk("Unable to map identity page tables\n");
return -ENOMEM;
}
write_32bit_pse_identmap(ident_pt);
unmap_domain_page(ident_pt);
put_page(mfn_to_page(mfn_x(mfn)));
d->arch.hvm_domain.params[HVM_PARAM_IDENT_PT] = gaddr;
if ( pvh_add_mem_range(d, gaddr, gaddr + PAGE_SIZE, E820_RESERVED) )
printk("Unable to set identity page tables as reserved in the memory map\n");
return 0;
}
/**
* p2m_mem_paging_evict - Mark a guest page as paged-out
* @d: guest domain
* @gfn: guest page to evict
*
* Returns 0 for success or negative errno values if eviction is not possible.
*
* p2m_mem_paging_evict() is called by the pager and will free a guest page and
* release it back to Xen. If the following conditions are met the page can be
* freed:
* - the gfn is backed by a mfn
* - the gfn was nominated
* - the mfn has still exactly one user and has no special meaning
*
* After successful nomination some other process could have mapped the page. In
* this case eviction can not be done. If the gfn was populated before the pager
* could evict it, eviction can not be done either. In this case the gfn is
* still backed by a mfn.
*/
int p2m_mem_paging_evict(struct domain *d, unsigned long gfn)
{
struct page_info *page;
p2m_type_t p2mt;
p2m_access_t a;
mfn_t mfn;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
int ret = -EBUSY;
gfn_lock(p2m, gfn, 0);
/* Get mfn */
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL);
if ( unlikely(!mfn_valid(mfn)) )
goto out;
/* Allow only nominated pages */
if ( p2mt != p2m_ram_paging_out )
goto out;
/* Get the page so it doesn't get modified under Xen's feet */
page = mfn_to_page(mfn);
if ( unlikely(!get_page(page, d)) )
goto out;
/* Check page count and type once more */
if ( (page->count_info & (PGC_count_mask | PGC_allocated)) !=
(2 | PGC_allocated) )
goto out_put;
if ( (page->u.inuse.type_info & PGT_count_mask) != 0 )
goto out_put;
/* Decrement guest domain's ref count of the page */
if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
put_page(page);
/* Remove mapping from p2m table */
set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), PAGE_ORDER_4K, p2m_ram_paged, a);
/* Clear content before returning the page to Xen */
scrub_one_page(page);
/* Track number of paged gfns */
atomic_inc(&d->paged_pages);
ret = 0;
out_put:
/* Put the page back so it gets freed */
put_page(page);
out:
gfn_unlock(p2m, gfn, 0);
return ret;
}
static void p2m_teardown_hostp2m(struct domain *d)
{
/* Iterate over all p2m tables per domain */
struct p2m_domain *p2m = p2m_get_hostp2m(d);
if ( p2m )
{
p2m_free_one(p2m);
d->arch.p2m = NULL;
}
}
/*
* Set access type for a region of gfns.
* If gfn == INVALID_GFN, sets the default access type.
*/
long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
uint32_t start, uint32_t mask, xenmem_access_t access,
unsigned int altp2m_idx)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d), *ap2m = NULL;
p2m_access_t a;
unsigned long gfn_l;
long rc = 0;
/* altp2m view 0 is treated as the hostp2m */
if ( altp2m_idx )
{
if ( altp2m_idx >= MAX_ALTP2M ||
d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
return -EINVAL;
ap2m = d->arch.altp2m_p2m[altp2m_idx];
}
if ( !xenmem_access_to_p2m_access(p2m, access, &a) )
return -EINVAL;
/* If request to set default access. */
if ( gfn_eq(gfn, INVALID_GFN) )
{
p2m->default_access = a;
return 0;
}
p2m_lock(p2m);
if ( ap2m )
p2m_lock(ap2m);
for ( gfn_l = gfn_x(gfn) + start; nr > start; ++gfn_l )
{
rc = set_mem_access(d, p2m, ap2m, a, _gfn(gfn_l));
if ( rc )
break;
/* Check for continuation if it's not the last iteration. */
if ( nr > ++start && !(start & mask) && hypercall_preempt_check() )
{
rc = start;
break;
}
}
if ( ap2m )
p2m_unlock(ap2m);
p2m_unlock(p2m);
return rc;
}
static void hap_clean_vram_tracking(struct domain *d)
{
int i;
struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
if ( !dirty_vram )
return;
/* set l1e entries of P2M table to be read-only. */
for (i = dirty_vram->begin_pfn; i < dirty_vram->end_pfn; i++)
p2m_change_type(p2m_get_hostp2m(d), i, p2m_ram_rw, p2m_ram_logdirty);
flush_tlb_mask(&d->domain_dirty_cpumask);
}
static int hap_disable_vram_tracking(struct domain *d)
{
int i;
struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
if ( !dirty_vram )
return -EINVAL;
hap_lock(d);
d->arch.paging.mode &= ~PG_log_dirty;
hap_unlock(d);
/* set l1e entries of P2M table with normal mode */
for (i = dirty_vram->begin_pfn; i < dirty_vram->end_pfn; i++)
p2m_change_type(p2m_get_hostp2m(d), i, p2m_ram_logdirty, p2m_ram_rw);
flush_tlb_mask(&d->domain_dirty_cpumask);
return 0;
}
/**
* p2m_mem_paging_nominate - Mark a guest page as to-be-paged-out
* @d: guest domain
* @gfn: guest page to nominate
*
* Returns 0 for success or negative errno values if gfn is not pageable.
*
* p2m_mem_paging_nominate() is called by the pager and checks if a guest page
* can be paged out. If the following conditions are met the p2mt will be
* changed:
* - the gfn is backed by a mfn
* - the p2mt of the gfn is pageable
* - the mfn is not used for IO
* - the mfn has exactly one user and has no special meaning
*
* Once the p2mt is changed the page is readonly for the guest. On success the
* pager can write the page contents to disk and later evict the page.
*/
int p2m_mem_paging_nominate(struct domain *d, unsigned long gfn)
{
struct page_info *page;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
p2m_type_t p2mt;
p2m_access_t a;
mfn_t mfn;
int ret = -EBUSY;
gfn_lock(p2m, gfn, 0);
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL);
/* Check if mfn is valid */
if ( !mfn_valid(mfn) )
goto out;
/* Check p2m type */
if ( !p2m_is_pageable(p2mt) )
goto out;
/* Check for io memory page */
if ( is_iomem_page(mfn_x(mfn)) )
goto out;
/* Check page count and type */
page = mfn_to_page(mfn);
if ( (page->count_info & (PGC_count_mask | PGC_allocated)) !=
(1 | PGC_allocated) )
goto out;
if ( (page->u.inuse.type_info & PGT_count_mask) != 0 )
goto out;
/* Fix p2m entry */
set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2m_ram_paging_out, a);
ret = 0;
out:
gfn_unlock(p2m, gfn, 0);
return ret;
}
static int p2m_init_nestedp2m(struct domain *d)
{
uint8_t i;
struct p2m_domain *p2m;
mm_lock_init(&d->arch.nested_p2m_lock);
for (i = 0; i < MAX_NESTEDP2M; i++)
{
d->arch.nested_p2m[i] = p2m = p2m_init_one(d);
if ( p2m == NULL )
{
p2m_teardown_nestedp2m(d);
return -ENOMEM;
}
p2m->write_p2m_entry = nestedp2m_write_p2m_entry;
list_add(&p2m->np2m_list, &p2m_get_hostp2m(d)->np2m_list);
}
return 0;
}
/* Modify the p2m type of a single gfn from ot to nt, returning the
* entry's previous type. Resets the access permissions. */
p2m_type_t p2m_change_type(struct domain *d, unsigned long gfn,
p2m_type_t ot, p2m_type_t nt)
{
p2m_access_t a;
p2m_type_t pt;
mfn_t mfn;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt));
gfn_lock(p2m, gfn, 0);
mfn = p2m->get_entry(p2m, gfn, &pt, &a, 0, NULL);
if ( pt == ot )
set_p2m_entry(p2m, gfn, mfn, PAGE_ORDER_4K, nt, p2m->default_access);
gfn_unlock(p2m, gfn, 0);
return pt;
}
static int hap_enable_vram_tracking(struct domain *d)
{
int i;
struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
if ( !dirty_vram )
return -EINVAL;
/* turn on PG_log_dirty bit in paging mode */
hap_lock(d);
d->arch.paging.mode |= PG_log_dirty;
hap_unlock(d);
/* set l1e entries of P2M table to be read-only. */
for (i = dirty_vram->begin_pfn; i < dirty_vram->end_pfn; i++)
p2m_change_type(p2m_get_hostp2m(d), i, p2m_ram_rw, p2m_ram_logdirty);
flush_tlb_mask(&d->domain_dirty_cpumask);
return 0;
}
/*
* Set access type for a region of pfns.
* If gfn == INVALID_GFN, sets the default access type.
*/
long p2m_set_mem_access(struct domain *d, gfn_t gfn, uint32_t nr,
uint32_t start, uint32_t mask, xenmem_access_t access,
unsigned int altp2m_idx)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
p2m_access_t a;
unsigned int order;
long rc = 0;
static const p2m_access_t memaccess[] = {
#define ACCESS(ac) [XENMEM_access_##ac] = p2m_access_##ac
ACCESS(n),
ACCESS(r),
ACCESS(w),
ACCESS(rw),
ACCESS(x),
ACCESS(rx),
ACCESS(wx),
ACCESS(rwx),
ACCESS(rx2rw),
ACCESS(n2rwx),
#undef ACCESS
};
switch ( access )
{
case 0 ... ARRAY_SIZE(memaccess) - 1:
a = memaccess[access];
break;
case XENMEM_access_default:
a = p2m->default_access;
break;
default:
return -EINVAL;
}
/*
* Flip mem_access_enabled to true when a permission is set, as to prevent
* allocating or inserting super-pages.
*/
p2m->mem_access_enabled = true;
/* If request to set default access. */
if ( gfn_eq(gfn, INVALID_GFN) )
{
p2m->default_access = a;
return 0;
}
p2m_write_lock(p2m);
for ( gfn = gfn_add(gfn, start); nr > start;
gfn = gfn_next_boundary(gfn, order) )
{
p2m_type_t t;
mfn_t mfn = p2m_get_entry(p2m, gfn, &t, NULL, &order);
if ( !mfn_eq(mfn, INVALID_MFN) )
{
order = 0;
rc = p2m_set_entry(p2m, gfn, 1, mfn, t, a);
if ( rc )
break;
}
start += gfn_x(gfn_next_boundary(gfn, order)) - gfn_x(gfn);
/* Check for continuation if it is not the last iteration */
if ( nr > start && !(start & mask) && hypercall_preempt_check() )
{
rc = start;
break;
}
}
p2m_write_unlock(p2m);
return rc;
}
static int hvmemul_do_io(
int is_mmio, paddr_t addr, unsigned long *reps, int size,
paddr_t ram_gpa, int dir, int df, void *p_data)
{
paddr_t value = ram_gpa;
int value_is_ptr = (p_data == NULL);
struct vcpu *curr = current;
struct p2m_domain *p2m = p2m_get_hostp2m(curr->domain);
ioreq_t *p = get_ioreq(curr);
unsigned long ram_gfn = paddr_to_pfn(ram_gpa);
p2m_type_t p2mt;
mfn_t ram_mfn;
int rc;
/* Check for paged out page */
ram_mfn = gfn_to_mfn_unshare(p2m, ram_gfn, &p2mt, 0);
if ( p2m_is_paging(p2mt) )
{
p2m_mem_paging_populate(p2m, ram_gfn);
return X86EMUL_RETRY;
}
if ( p2m_is_shared(p2mt) )
return X86EMUL_RETRY;
/*
* Weird-sized accesses have undefined behaviour: we discard writes
* and read all-ones.
*/
if ( unlikely((size > sizeof(long)) || (size & (size - 1))) )
{
gdprintk(XENLOG_WARNING, "bad mmio size %d\n", size);
ASSERT(p_data != NULL); /* cannot happen with a REP prefix */
if ( dir == IOREQ_READ )
memset(p_data, ~0, size);
return X86EMUL_UNHANDLEABLE;
}
if ( (p_data != NULL) && (dir == IOREQ_WRITE) )
{
memcpy(&value, p_data, size);
p_data = NULL;
}
if ( is_mmio && !value_is_ptr )
{
/* Part of a multi-cycle read or write? */
if ( dir == IOREQ_WRITE )
{
paddr_t pa = curr->arch.hvm_vcpu.mmio_large_write_pa;
unsigned int bytes = curr->arch.hvm_vcpu.mmio_large_write_bytes;
if ( (addr >= pa) && ((addr + size) <= (pa + bytes)) )
return X86EMUL_OKAY;
}
else
{
paddr_t pa = curr->arch.hvm_vcpu.mmio_large_read_pa;
unsigned int bytes = curr->arch.hvm_vcpu.mmio_large_read_bytes;
if ( (addr >= pa) && ((addr + size) <= (pa + bytes)) )
{
memcpy(p_data, &curr->arch.hvm_vcpu.mmio_large_read[addr - pa],
size);
return X86EMUL_OKAY;
}
}
}
switch ( curr->arch.hvm_vcpu.io_state )
{
case HVMIO_none:
break;
case HVMIO_completed:
curr->arch.hvm_vcpu.io_state = HVMIO_none;
if ( p_data == NULL )
return X86EMUL_UNHANDLEABLE;
goto finish_access;
case HVMIO_dispatched:
/* May have to wait for previous cycle of a multi-write to complete. */
if ( is_mmio && !value_is_ptr && (dir == IOREQ_WRITE) &&
(addr == (curr->arch.hvm_vcpu.mmio_large_write_pa +
curr->arch.hvm_vcpu.mmio_large_write_bytes)) )
return X86EMUL_RETRY;
default:
return X86EMUL_UNHANDLEABLE;
}
if ( p->state != STATE_IOREQ_NONE )
{
gdprintk(XENLOG_WARNING, "WARNING: io already pending (%d)?\n",
p->state);
return X86EMUL_UNHANDLEABLE;
}
curr->arch.hvm_vcpu.io_state =
(p_data == NULL) ? HVMIO_dispatched : HVMIO_awaiting_completion;
curr->arch.hvm_vcpu.io_size = size;
p->dir = dir;
p->data_is_ptr = value_is_ptr;
p->type = is_mmio ? IOREQ_TYPE_COPY : IOREQ_TYPE_PIO;
p->size = size;
p->addr = addr;
p->count = *reps;
p->df = df;
p->data = value;
hvmtrace_io_assist(is_mmio, p);
if ( is_mmio )
{
rc = hvm_mmio_intercept(p);
if ( rc == X86EMUL_UNHANDLEABLE )
rc = hvm_buffered_io_intercept(p);
}
else
{
rc = hvm_portio_intercept(p);
}
switch ( rc )
{
case X86EMUL_OKAY:
case X86EMUL_RETRY:
*reps = p->count;
p->state = STATE_IORESP_READY;
hvm_io_assist();
curr->arch.hvm_vcpu.io_state = HVMIO_none;
break;
case X86EMUL_UNHANDLEABLE:
rc = X86EMUL_RETRY;
if ( !hvm_send_assist_req(curr) )
curr->arch.hvm_vcpu.io_state = HVMIO_none;
else if ( p_data == NULL )
rc = X86EMUL_OKAY;
break;
default:
BUG();
}
if ( rc != X86EMUL_OKAY )
return rc;
finish_access:
if ( p_data != NULL )
memcpy(p_data, &curr->arch.hvm_vcpu.io_data, size);
if ( is_mmio && !value_is_ptr )
{
/* Part of a multi-cycle read or write? */
if ( dir == IOREQ_WRITE )
{
paddr_t pa = curr->arch.hvm_vcpu.mmio_large_write_pa;
unsigned int bytes = curr->arch.hvm_vcpu.mmio_large_write_bytes;
if ( bytes == 0 )
pa = curr->arch.hvm_vcpu.mmio_large_write_pa = addr;
if ( addr == (pa + bytes) )
curr->arch.hvm_vcpu.mmio_large_write_bytes += size;
}
else
{
paddr_t pa = curr->arch.hvm_vcpu.mmio_large_read_pa;
unsigned int bytes = curr->arch.hvm_vcpu.mmio_large_read_bytes;
if ( bytes == 0 )
pa = curr->arch.hvm_vcpu.mmio_large_read_pa = addr;
if ( (addr == (pa + bytes)) &&
((bytes + size) <
sizeof(curr->arch.hvm_vcpu.mmio_large_read)) )
{
memcpy(&curr->arch.hvm_vcpu.mmio_large_read[addr - pa],
p_data, size);
curr->arch.hvm_vcpu.mmio_large_read_bytes += size;
}
}
}
return X86EMUL_OKAY;
}
bool_t p2m_mem_access_check(paddr_t gpa, unsigned long gla,
struct npfec npfec,
vm_event_request_t **req_ptr)
{
struct vcpu *v = current;
unsigned long gfn = gpa >> PAGE_SHIFT;
struct domain *d = v->domain;
struct p2m_domain *p2m = NULL;
mfn_t mfn;
p2m_type_t p2mt;
p2m_access_t p2ma;
vm_event_request_t *req;
int rc;
if ( altp2m_active(d) )
p2m = p2m_get_altp2m(v);
if ( !p2m )
p2m = p2m_get_hostp2m(d);
/* First, handle rx2rw conversion automatically.
* These calls to p2m->set_entry() must succeed: we have the gfn
* locked and just did a successful get_entry(). */
gfn_lock(p2m, gfn, 0);
mfn = p2m->get_entry(p2m, gfn, &p2mt, &p2ma, 0, NULL, NULL);
if ( npfec.write_access && p2ma == p2m_access_rx2rw )
{
rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, p2mt, p2m_access_rw, -1);
ASSERT(rc == 0);
gfn_unlock(p2m, gfn, 0);
return 1;
}
else if ( p2ma == p2m_access_n2rwx )
{
ASSERT(npfec.write_access || npfec.read_access || npfec.insn_fetch);
rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K,
p2mt, p2m_access_rwx, -1);
ASSERT(rc == 0);
}
gfn_unlock(p2m, gfn, 0);
/* Otherwise, check if there is a memory event listener, and send the message along */
if ( !vm_event_check_ring(&d->vm_event->monitor) || !req_ptr )
{
/* No listener */
if ( p2m->access_required )
{
gdprintk(XENLOG_INFO, "Memory access permissions failure, "
"no vm_event listener VCPU %d, dom %d\n",
v->vcpu_id, d->domain_id);
domain_crash(v->domain);
return 0;
}
else
{
gfn_lock(p2m, gfn, 0);
mfn = p2m->get_entry(p2m, gfn, &p2mt, &p2ma, 0, NULL, NULL);
if ( p2ma != p2m_access_n2rwx )
{
/* A listener is not required, so clear the access
* restrictions. This set must succeed: we have the
* gfn locked and just did a successful get_entry(). */
rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K,
p2mt, p2m_access_rwx, -1);
ASSERT(rc == 0);
}
gfn_unlock(p2m, gfn, 0);
return 1;
}
}
*req_ptr = NULL;
req = xzalloc(vm_event_request_t);
if ( req )
{
*req_ptr = req;
req->reason = VM_EVENT_REASON_MEM_ACCESS;
req->u.mem_access.gfn = gfn;
req->u.mem_access.offset = gpa & ((1 << PAGE_SHIFT) - 1);
if ( npfec.gla_valid )
{
req->u.mem_access.flags |= MEM_ACCESS_GLA_VALID;
req->u.mem_access.gla = gla;
if ( npfec.kind == npfec_kind_with_gla )
req->u.mem_access.flags |= MEM_ACCESS_FAULT_WITH_GLA;
else if ( npfec.kind == npfec_kind_in_gpt )
req->u.mem_access.flags |= MEM_ACCESS_FAULT_IN_GPT;
}
req->u.mem_access.flags |= npfec.read_access ? MEM_ACCESS_R : 0;
req->u.mem_access.flags |= npfec.write_access ? MEM_ACCESS_W : 0;
req->u.mem_access.flags |= npfec.insn_fetch ? MEM_ACCESS_X : 0;
}
/* Return whether vCPU pause is required (aka. sync event) */
return (p2ma != p2m_access_n2rwx);
}
static mfn_t
p2m_gfn_to_mfn(struct p2m_domain *p2m, unsigned long gfn,
p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
unsigned int *page_order)
{
mfn_t mfn;
paddr_t addr = ((paddr_t)gfn) << PAGE_SHIFT;
l2_pgentry_t *l2e;
l1_pgentry_t *l1e;
unsigned long l1e_flags;
p2m_type_t l1t;
ASSERT(paging_mode_translate(p2m->domain));
/* XXX This is for compatibility with the old model, where anything not
* XXX marked as RAM was considered to be emulated MMIO space.
* XXX Once we start explicitly registering MMIO regions in the p2m
* XXX we will return p2m_invalid for unmapped gfns */
*t = p2m_mmio_dm;
/* Not implemented except with EPT */
*a = p2m_access_rwx;
if ( gfn > p2m->max_mapped_pfn )
/* This pfn is higher than the highest the p2m map currently holds */
return _mfn(INVALID_MFN);
/* Use the fast path with the linear mapping if we can */
if ( p2m == p2m_get_hostp2m(current->domain) )
return p2m_gfn_to_mfn_current(p2m, gfn, t, a, q, page_order);
mfn = pagetable_get_mfn(p2m_get_pagetable(p2m));
#if CONFIG_PAGING_LEVELS >= 4
{
l4_pgentry_t *l4e = map_domain_page(mfn_x(mfn));
l4e += l4_table_offset(addr);
if ( (l4e_get_flags(*l4e) & _PAGE_PRESENT) == 0 )
{
unmap_domain_page(l4e);
return _mfn(INVALID_MFN);
}
mfn = _mfn(l4e_get_pfn(*l4e));
unmap_domain_page(l4e);
}
#endif
{
l3_pgentry_t *l3e = map_domain_page(mfn_x(mfn));
#if CONFIG_PAGING_LEVELS == 3
/* On PAE hosts the p2m has eight l3 entries, not four (see
* shadow_set_p2m_entry()) so we can't use l3_table_offset.
* Instead, just count the number of l3es from zero. It's safe
* to do this because we already checked that the gfn is within
* the bounds of the p2m. */
l3e += (addr >> L3_PAGETABLE_SHIFT);
#else
l3e += l3_table_offset(addr);
#endif
pod_retry_l3:
if ( (l3e_get_flags(*l3e) & _PAGE_PRESENT) == 0 )
{
if ( p2m_flags_to_type(l3e_get_flags(*l3e)) == p2m_populate_on_demand )
{
if ( q & P2M_ALLOC )
{
if ( !p2m_pod_demand_populate(p2m, gfn, PAGE_ORDER_1G, q) )
goto pod_retry_l3;
gdprintk(XENLOG_ERR, "%s: Allocate 1GB failed!\n", __func__);
}
else
*t = p2m_populate_on_demand;
}
unmap_domain_page(l3e);
return _mfn(INVALID_MFN);
}
else if ( (l3e_get_flags(*l3e) & _PAGE_PSE) )
{
mfn = _mfn(l3e_get_pfn(*l3e) +
l2_table_offset(addr) * L1_PAGETABLE_ENTRIES +
l1_table_offset(addr));
*t = p2m_flags_to_type(l3e_get_flags(*l3e));
unmap_domain_page(l3e);
ASSERT(mfn_valid(mfn) || !p2m_is_ram(*t));
if ( page_order )
*page_order = PAGE_ORDER_1G;
return (p2m_is_valid(*t)) ? mfn : _mfn(INVALID_MFN);
}
mfn = _mfn(l3e_get_pfn(*l3e));
unmap_domain_page(l3e);
}
l2e = map_domain_page(mfn_x(mfn));
l2e += l2_table_offset(addr);
pod_retry_l2:
if ( (l2e_get_flags(*l2e) & _PAGE_PRESENT) == 0 )
{
/* PoD: Try to populate a 2-meg chunk */
if ( p2m_flags_to_type(l2e_get_flags(*l2e)) == p2m_populate_on_demand )
{
if ( q & P2M_ALLOC ) {
if ( !p2m_pod_demand_populate(p2m, gfn, PAGE_ORDER_2M, q) )
goto pod_retry_l2;
} else
*t = p2m_populate_on_demand;
}
unmap_domain_page(l2e);
return _mfn(INVALID_MFN);
}
else if ( (l2e_get_flags(*l2e) & _PAGE_PSE) )
{
mfn = _mfn(l2e_get_pfn(*l2e) + l1_table_offset(addr));
*t = p2m_flags_to_type(l2e_get_flags(*l2e));
unmap_domain_page(l2e);
ASSERT(mfn_valid(mfn) || !p2m_is_ram(*t));
if ( page_order )
*page_order = PAGE_ORDER_2M;
return (p2m_is_valid(*t)) ? mfn : _mfn(INVALID_MFN);
}
mfn = _mfn(l2e_get_pfn(*l2e));
unmap_domain_page(l2e);
l1e = map_domain_page(mfn_x(mfn));
l1e += l1_table_offset(addr);
pod_retry_l1:
l1e_flags = l1e_get_flags(*l1e);
l1t = p2m_flags_to_type(l1e_flags);
if ( ((l1e_flags & _PAGE_PRESENT) == 0) && (!p2m_is_paging(l1t)) )
{
/* PoD: Try to populate */
if ( l1t == p2m_populate_on_demand )
{
if ( q & P2M_ALLOC ) {
if ( !p2m_pod_demand_populate(p2m, gfn, PAGE_ORDER_4K, q) )
goto pod_retry_l1;
} else
*t = p2m_populate_on_demand;
}
unmap_domain_page(l1e);
return _mfn(INVALID_MFN);
}
mfn = _mfn(l1e_get_pfn(*l1e));
*t = l1t;
unmap_domain_page(l1e);
ASSERT(mfn_valid(mfn) || !p2m_is_ram(*t) || p2m_is_paging(*t));
if ( page_order )
*page_order = PAGE_ORDER_4K;
return (p2m_is_valid(*t) || p2m_is_grant(*t)) ? mfn : _mfn(INVALID_MFN);
}
bool_t p2m_mem_access_check(paddr_t gpa, vaddr_t gla, const struct npfec npfec)
{
int rc;
bool_t violation;
xenmem_access_t xma;
vm_event_request_t *req;
struct vcpu *v = current;
struct p2m_domain *p2m = p2m_get_hostp2m(v->domain);
/* Mem_access is not in use. */
if ( !p2m->mem_access_enabled )
return true;
rc = p2m_get_mem_access(v->domain, _gfn(paddr_to_pfn(gpa)), &xma);
if ( rc )
return true;
/* Now check for mem_access violation. */
switch ( xma )
{
case XENMEM_access_rwx:
violation = false;
break;
case XENMEM_access_rw:
violation = npfec.insn_fetch;
break;
case XENMEM_access_wx:
violation = npfec.read_access;
break;
case XENMEM_access_rx:
case XENMEM_access_rx2rw:
violation = npfec.write_access;
break;
case XENMEM_access_x:
violation = npfec.read_access || npfec.write_access;
break;
case XENMEM_access_w:
violation = npfec.read_access || npfec.insn_fetch;
break;
case XENMEM_access_r:
violation = npfec.write_access || npfec.insn_fetch;
break;
default:
case XENMEM_access_n:
case XENMEM_access_n2rwx:
violation = true;
break;
}
if ( !violation )
return true;
/* First, handle rx2rw and n2rwx conversion automatically. */
if ( npfec.write_access && xma == XENMEM_access_rx2rw )
{
rc = p2m_set_mem_access(v->domain, _gfn(paddr_to_pfn(gpa)), 1,
0, ~0, XENMEM_access_rw, 0);
return false;
}
else if ( xma == XENMEM_access_n2rwx )
{
rc = p2m_set_mem_access(v->domain, _gfn(paddr_to_pfn(gpa)), 1,
0, ~0, XENMEM_access_rwx, 0);
}
/* Otherwise, check if there is a vm_event monitor subscriber */
if ( !vm_event_check_ring(&v->domain->vm_event->monitor) )
{
/* No listener */
if ( p2m->access_required )
{
gdprintk(XENLOG_INFO, "Memory access permissions failure, "
"no vm_event listener VCPU %d, dom %d\n",
v->vcpu_id, v->domain->domain_id);
domain_crash(v->domain);
}
else
{
/* n2rwx was already handled */
if ( xma != XENMEM_access_n2rwx )
{
/* A listener is not required, so clear the access
* restrictions. */
rc = p2m_set_mem_access(v->domain, _gfn(paddr_to_pfn(gpa)), 1,
0, ~0, XENMEM_access_rwx, 0);
}
}
/* No need to reinject */
return false;
}
req = xzalloc(vm_event_request_t);
if ( req )
{
req->reason = VM_EVENT_REASON_MEM_ACCESS;
/* Send request to mem access subscriber */
req->u.mem_access.gfn = gpa >> PAGE_SHIFT;
req->u.mem_access.offset = gpa & ((1 << PAGE_SHIFT) - 1);
if ( npfec.gla_valid )
{
req->u.mem_access.flags |= MEM_ACCESS_GLA_VALID;
req->u.mem_access.gla = gla;
if ( npfec.kind == npfec_kind_with_gla )
req->u.mem_access.flags |= MEM_ACCESS_FAULT_WITH_GLA;
else if ( npfec.kind == npfec_kind_in_gpt )
req->u.mem_access.flags |= MEM_ACCESS_FAULT_IN_GPT;
}
req->u.mem_access.flags |= npfec.read_access ? MEM_ACCESS_R : 0;
req->u.mem_access.flags |= npfec.write_access ? MEM_ACCESS_W : 0;
req->u.mem_access.flags |= npfec.insn_fetch ? MEM_ACCESS_X : 0;
if ( monitor_traps(v, (xma != XENMEM_access_n2rwx), req) < 0 )
domain_crash(v->domain);
xfree(req);
}
return false;
}
/* This function can directly access fields which are covered by clean bits. */
static int construct_vmcb(struct vcpu *v)
{
struct arch_svm_struct *arch_svm = &v->arch.hvm_svm;
struct vmcb_struct *vmcb = arch_svm->vmcb;
vmcb->_general1_intercepts =
GENERAL1_INTERCEPT_INTR | GENERAL1_INTERCEPT_NMI |
GENERAL1_INTERCEPT_SMI | GENERAL1_INTERCEPT_INIT |
GENERAL1_INTERCEPT_CPUID | GENERAL1_INTERCEPT_INVD |
GENERAL1_INTERCEPT_HLT | GENERAL1_INTERCEPT_INVLPG |
GENERAL1_INTERCEPT_INVLPGA | GENERAL1_INTERCEPT_IOIO_PROT |
GENERAL1_INTERCEPT_MSR_PROT | GENERAL1_INTERCEPT_SHUTDOWN_EVT|
GENERAL1_INTERCEPT_TASK_SWITCH;
vmcb->_general2_intercepts =
GENERAL2_INTERCEPT_VMRUN | GENERAL2_INTERCEPT_VMMCALL |
GENERAL2_INTERCEPT_VMLOAD | GENERAL2_INTERCEPT_VMSAVE |
GENERAL2_INTERCEPT_STGI | GENERAL2_INTERCEPT_CLGI |
GENERAL2_INTERCEPT_SKINIT | GENERAL2_INTERCEPT_MWAIT |
GENERAL2_INTERCEPT_WBINVD | GENERAL2_INTERCEPT_MONITOR |
GENERAL2_INTERCEPT_XSETBV;
/* Intercept all debug-register writes. */
vmcb->_dr_intercepts = ~0u;
/* Intercept all control-register accesses except for CR2 and CR8. */
vmcb->_cr_intercepts = ~(CR_INTERCEPT_CR2_READ |
CR_INTERCEPT_CR2_WRITE |
CR_INTERCEPT_CR8_READ |
CR_INTERCEPT_CR8_WRITE);
/* I/O and MSR permission bitmaps. */
arch_svm->msrpm = alloc_xenheap_pages(get_order_from_bytes(MSRPM_SIZE), 0);
if ( arch_svm->msrpm == NULL )
return -ENOMEM;
memset(arch_svm->msrpm, 0xff, MSRPM_SIZE);
svm_disable_intercept_for_msr(v, MSR_FS_BASE);
svm_disable_intercept_for_msr(v, MSR_GS_BASE);
svm_disable_intercept_for_msr(v, MSR_SHADOW_GS_BASE);
svm_disable_intercept_for_msr(v, MSR_CSTAR);
svm_disable_intercept_for_msr(v, MSR_LSTAR);
svm_disable_intercept_for_msr(v, MSR_STAR);
svm_disable_intercept_for_msr(v, MSR_SYSCALL_MASK);
/* LWP_CBADDR MSR is saved and restored by FPU code. So SVM doesn't need to
* intercept it. */
if ( cpu_has_lwp )
svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR);
vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm);
vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap);
/* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */
vmcb->_vintr.fields.intr_masking = 1;
/* Initialise event injection to no-op. */
vmcb->eventinj.bytes = 0;
/* TSC. */
vmcb->_tsc_offset = 0;
/* Don't need to intercept RDTSC if CPU supports TSC rate scaling */
if ( v->domain->arch.vtsc && !cpu_has_tsc_ratio )
{
vmcb->_general1_intercepts |= GENERAL1_INTERCEPT_RDTSC;
vmcb->_general2_intercepts |= GENERAL2_INTERCEPT_RDTSCP;
}
/* Guest EFER. */
v->arch.hvm_vcpu.guest_efer = 0;
hvm_update_guest_efer(v);
/* Guest segment limits. */
vmcb->cs.limit = ~0u;
vmcb->es.limit = ~0u;
vmcb->ss.limit = ~0u;
vmcb->ds.limit = ~0u;
vmcb->fs.limit = ~0u;
vmcb->gs.limit = ~0u;
/* Guest segment bases. */
vmcb->cs.base = 0;
vmcb->es.base = 0;
vmcb->ss.base = 0;
vmcb->ds.base = 0;
vmcb->fs.base = 0;
vmcb->gs.base = 0;
/* Guest segment AR bytes. */
vmcb->es.attr.bytes = 0xc93; /* read/write, accessed */
vmcb->ss.attr.bytes = 0xc93;
vmcb->ds.attr.bytes = 0xc93;
vmcb->fs.attr.bytes = 0xc93;
vmcb->gs.attr.bytes = 0xc93;
vmcb->cs.attr.bytes = 0xc9b; /* exec/read, accessed */
/* Guest IDT. */
vmcb->idtr.base = 0;
vmcb->idtr.limit = 0;
/* Guest GDT. */
vmcb->gdtr.base = 0;
vmcb->gdtr.limit = 0;
/* Guest LDT. */
vmcb->ldtr.sel = 0;
vmcb->ldtr.base = 0;
vmcb->ldtr.limit = 0;
vmcb->ldtr.attr.bytes = 0;
/* Guest TSS. */
vmcb->tr.attr.bytes = 0x08b; /* 32-bit TSS (busy) */
vmcb->tr.base = 0;
vmcb->tr.limit = 0xff;
v->arch.hvm_vcpu.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
hvm_update_guest_cr(v, 0);
v->arch.hvm_vcpu.guest_cr[4] = 0;
hvm_update_guest_cr(v, 4);
paging_update_paging_modes(v);
vmcb->_exception_intercepts =
HVM_TRAP_MASK
| (1U << TRAP_no_device);
if ( paging_mode_hap(v->domain) )
{
vmcb->_np_enable = 1; /* enable nested paging */
vmcb->_g_pat = MSR_IA32_CR_PAT_RESET; /* guest PAT */
vmcb->_h_cr3 = pagetable_get_paddr(
p2m_get_pagetable(p2m_get_hostp2m(v->domain)));
/* No point in intercepting CR3 reads/writes. */
vmcb->_cr_intercepts &=
~(CR_INTERCEPT_CR3_READ|CR_INTERCEPT_CR3_WRITE);
/*
* No point in intercepting INVLPG if we don't have shadow pagetables
* that need to be fixed up.
*/
vmcb->_general1_intercepts &= ~GENERAL1_INTERCEPT_INVLPG;
/* PAT is under complete control of SVM when using nested paging. */
svm_disable_intercept_for_msr(v, MSR_IA32_CR_PAT);
}
else
{
vmcb->_exception_intercepts |= (1U << TRAP_page_fault);
}
if ( cpu_has_pause_filter )
{
vmcb->_pause_filter_count = SVM_PAUSEFILTER_INIT;
vmcb->_general1_intercepts |= GENERAL1_INTERCEPT_PAUSE;
}
vmcb->cleanbits.bytes = 0;
return 0;
}
static int __p2m_get_mem_access(struct domain *d, gfn_t gfn,
xenmem_access_t *access)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
void *i;
unsigned int index;
static const xenmem_access_t memaccess[] = {
#define ACCESS(ac) [p2m_access_##ac] = XENMEM_access_##ac
ACCESS(n),
ACCESS(r),
ACCESS(w),
ACCESS(rw),
ACCESS(x),
ACCESS(rx),
ACCESS(wx),
ACCESS(rwx),
ACCESS(rx2rw),
ACCESS(n2rwx),
#undef ACCESS
};
/* If no setting was ever set, just return rwx. */
if ( !p2m->mem_access_enabled )
{
*access = XENMEM_access_rwx;
return 0;
}
/* If request to get default access. */
if ( gfn_x(gfn) == INVALID_GFN )
{
*access = memaccess[p2m->default_access];
return 0;
}
i = radix_tree_lookup(&p2m->mem_access_settings, gfn_x(gfn));
if ( !i )
{
/*
* No setting was found in the Radix tree. Check if the
* entry exists in the page-tables.
*/
paddr_t maddr = p2m_lookup(d, gfn_x(gfn) << PAGE_SHIFT, NULL);
if ( INVALID_PADDR == maddr )
return -ESRCH;
/* If entry exists then its rwx. */
*access = XENMEM_access_rwx;
}
else
{
/* Setting was found in the Radix tree. */
index = radix_tree_ptr_to_int(i);
if ( index >= ARRAY_SIZE(memaccess) )
return -ERANGE;
*access = memaccess[index];
}
return 0;
}
int
guest_physmap_add_entry(struct domain *d, unsigned long gfn,
unsigned long mfn, unsigned int page_order,
p2m_type_t t)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
unsigned long i, ogfn;
p2m_type_t ot;
p2m_access_t a;
mfn_t omfn;
int pod_count = 0;
int rc = 0;
if ( !paging_mode_translate(d) )
{
if ( need_iommu(d) && t == p2m_ram_rw )
{
for ( i = 0; i < (1 << page_order); i++ )
{
rc = iommu_map_page(
d, mfn + i, mfn + i, IOMMUF_readable|IOMMUF_writable);
if ( rc != 0 )
{
while ( i-- > 0 )
iommu_unmap_page(d, mfn + i);
return rc;
}
}
}
return 0;
}
p2m_lock(p2m);
P2M_DEBUG("adding gfn=%#lx mfn=%#lx\n", gfn, mfn);
/* First, remove m->p mappings for existing p->m mappings */
for ( i = 0; i < (1UL << page_order); i++ )
{
omfn = p2m->get_entry(p2m, gfn + i, &ot, &a, 0, NULL);
if ( p2m_is_shared(ot) )
{
/* Do an unshare to cleanly take care of all corner
* cases. */
int rc;
rc = mem_sharing_unshare_page(p2m->domain, gfn + i, 0);
if ( rc )
{
p2m_unlock(p2m);
/* NOTE: Should a guest domain bring this upon itself,
* there is not a whole lot we can do. We are buried
* deep in locks from most code paths by now. So, fail
* the call and don't try to sleep on a wait queue
* while placing the mem event.
*
* However, all current (changeset 3432abcf9380) code
* paths avoid this unsavoury situation. For now.
*
* Foreign domains are okay to place an event as they
* won't go to sleep. */
(void)mem_sharing_notify_enomem(p2m->domain, gfn + i, 0);
return rc;
}
omfn = p2m->get_entry(p2m, gfn + i, &ot, &a, 0, NULL);
ASSERT(!p2m_is_shared(ot));
}
if ( p2m_is_grant(ot) )
{
/* Really shouldn't be unmapping grant maps this way */
domain_crash(d);
p2m_unlock(p2m);
return -EINVAL;
}
else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
{
ASSERT(mfn_valid(omfn));
set_gpfn_from_mfn(mfn_x(omfn), INVALID_M2P_ENTRY);
}
else if ( ot == p2m_populate_on_demand )
{
/* Count how man PoD entries we'll be replacing if successful */
pod_count++;
}
else if ( p2m_is_paging(ot) && (ot != p2m_ram_paging_out) )
{
/* We're plugging a hole in the physmap where a paged out page was */
atomic_dec(&d->paged_pages);
}
}
/* Then, look for m->p mappings for this range and deal with them */
for ( i = 0; i < (1UL << page_order); i++ )
{
if ( page_get_owner(mfn_to_page(_mfn(mfn + i))) == dom_cow )
{
/* This is no way to add a shared page to your physmap! */
gdprintk(XENLOG_ERR, "Adding shared mfn %lx directly to dom %hu "
"physmap not allowed.\n", mfn+i, d->domain_id);
p2m_unlock(p2m);
return -EINVAL;
}
if ( page_get_owner(mfn_to_page(_mfn(mfn + i))) != d )
continue;
ogfn = mfn_to_gfn(d, _mfn(mfn+i));
if ( (ogfn != INVALID_M2P_ENTRY) && (ogfn != gfn + i) )
{
/* This machine frame is already mapped at another physical
* address */
P2M_DEBUG("aliased! mfn=%#lx, old gfn=%#lx, new gfn=%#lx\n",
mfn + i, ogfn, gfn + i);
omfn = p2m->get_entry(p2m, ogfn, &ot, &a, 0, NULL);
if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
{
ASSERT(mfn_valid(omfn));
P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n",
ogfn , mfn_x(omfn));
if ( mfn_x(omfn) == (mfn + i) )
p2m_remove_page(p2m, ogfn, mfn + i, 0);
}
}
}
/* Now, actually do the two-way mapping */
if ( mfn_valid(_mfn(mfn)) )
{
if ( !set_p2m_entry(p2m, gfn, _mfn(mfn), page_order, t, p2m->default_access) )
{
rc = -EINVAL;
goto out; /* Failed to update p2m, bail without updating m2p. */
}
if ( !p2m_is_grant(t) )
{
for ( i = 0; i < (1UL << page_order); i++ )
set_gpfn_from_mfn(mfn+i, gfn+i);
}
}
else
{
gdprintk(XENLOG_WARNING, "Adding bad mfn to p2m map (%#lx -> %#lx)\n",
gfn, mfn);
if ( !set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), page_order,
p2m_invalid, p2m->default_access) )
rc = -EINVAL;
else
{
pod_lock(p2m);
p2m->pod.entry_count -= pod_count;
BUG_ON(p2m->pod.entry_count < 0);
pod_unlock(p2m);
}
}
out:
p2m_unlock(p2m);
return rc;
}
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <asm/p2m.h>
#include <asm/mem_event.h>
int mem_paging_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec,
XEN_GUEST_HANDLE(void) u_domctl)
{
int rc;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
switch( mec->op )
{
case XEN_DOMCTL_MEM_EVENT_OP_PAGING_NOMINATE:
{
unsigned long gfn = mec->gfn;
rc = p2m_mem_paging_nominate(p2m, gfn);
}
break;
case XEN_DOMCTL_MEM_EVENT_OP_PAGING_EVICT:
{
unsigned long gfn = mec->gfn;
rc = p2m_mem_paging_evict(p2m, gfn);
}
}
if ( ap2m )
p2m_unlock(ap2m);
p2m_unlock(p2m);
return rc;
}
long p2m_set_mem_access_multi(struct domain *d,
const XEN_GUEST_HANDLE(const_uint64) pfn_list,
const XEN_GUEST_HANDLE(const_uint8) access_list,
uint32_t nr, uint32_t start, uint32_t mask,
unsigned int altp2m_idx)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d), *ap2m = NULL;
long rc = 0;
/* altp2m view 0 is treated as the hostp2m */
if ( altp2m_idx )
{
if ( altp2m_idx >= MAX_ALTP2M ||
d->arch.altp2m_eptp[altp2m_idx] == mfn_x(INVALID_MFN) )
return -EINVAL;
ap2m = d->arch.altp2m_p2m[altp2m_idx];
}
p2m_lock(p2m);
if ( ap2m )
p2m_lock(ap2m);
