1// SPDX-License-Identifier: GPL-2.0-only
2
3#ifndef KVM_X86_MMU_SPTE_H
4#define KVM_X86_MMU_SPTE_H
5
6#include <asm/vmx.h>
7
8#include "mmu.h"
9#include "mmu_internal.h"
10
11/*
12 * A MMU present SPTE is backed by actual memory and may or may not be present
13 * in hardware. E.g. MMIO SPTEs are not considered present. Use bit 11, as it
14 * is ignored by all flavors of SPTEs and checking a low bit often generates
15 * better code than for a high bit, e.g. 56+. MMU present checks are pervasive
16 * enough that the improved code generation is noticeable in KVM's footprint.
17 */
18#define SPTE_MMU_PRESENT_MASK BIT_ULL(11)
19
20/*
21 * TDP SPTES (more specifically, EPT SPTEs) may not have A/D bits, and may also
22 * be restricted to using write-protection (for L2 when CPU dirty logging, i.e.
23 * PML, is enabled). Use bits 52 and 53 to hold the type of A/D tracking that
24 * is must be employed for a given TDP SPTE.
25 *
26 * Note, the "enabled" mask must be '0', as bits 62:52 are _reserved_ for PAE
27 * paging, including NPT PAE. This scheme works because legacy shadow paging
28 * is guaranteed to have A/D bits and write-protection is forced only for
29 * TDP with CPU dirty logging (PML). If NPT ever gains PML-like support, it
30 * must be restricted to 64-bit KVM.
31 */
32#define SPTE_TDP_AD_SHIFT 52
33#define SPTE_TDP_AD_MASK (3ULL << SPTE_TDP_AD_SHIFT)
34#define SPTE_TDP_AD_ENABLED (0ULL << SPTE_TDP_AD_SHIFT)
35#define SPTE_TDP_AD_DISABLED (1ULL << SPTE_TDP_AD_SHIFT)
36#define SPTE_TDP_AD_WRPROT_ONLY (2ULL << SPTE_TDP_AD_SHIFT)
37static_assert(SPTE_TDP_AD_ENABLED == 0);
38
39#ifdef CONFIG_DYNAMIC_PHYSICAL_MASK
40#define SPTE_BASE_ADDR_MASK (physical_mask & ~(u64)(PAGE_SIZE-1))
41#else
42#define SPTE_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
43#endif
44
45#define SPTE_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | shadow_user_mask \
46 | shadow_x_mask | shadow_nx_mask | shadow_me_mask)
47
48#define ACC_EXEC_MASK 1
49#define ACC_WRITE_MASK PT_WRITABLE_MASK
50#define ACC_USER_MASK PT_USER_MASK
51#define ACC_ALL (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
52
53/* The mask for the R/X bits in EPT PTEs */
54#define SPTE_EPT_READABLE_MASK 0x1ull
55#define SPTE_EPT_EXECUTABLE_MASK 0x4ull
56
57#define SPTE_LEVEL_BITS 9
58#define SPTE_LEVEL_SHIFT(level) __PT_LEVEL_SHIFT(level, SPTE_LEVEL_BITS)
59#define SPTE_INDEX(address, level) __PT_INDEX(address, level, SPTE_LEVEL_BITS)
60#define SPTE_ENT_PER_PAGE __PT_ENT_PER_PAGE(SPTE_LEVEL_BITS)
61
62/*
63 * The mask/shift to use for saving the original R/X bits when marking the PTE
64 * as not-present for access tracking purposes. We do not save the W bit as the
65 * PTEs being access tracked also need to be dirty tracked, so the W bit will be
66 * restored only when a write is attempted to the page. This mask obviously
67 * must not overlap the A/D type mask.
68 */
69#define SHADOW_ACC_TRACK_SAVED_BITS_MASK (SPTE_EPT_READABLE_MASK | \
70 SPTE_EPT_EXECUTABLE_MASK)
71#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 54
72#define SHADOW_ACC_TRACK_SAVED_MASK (SHADOW_ACC_TRACK_SAVED_BITS_MASK << \
73 SHADOW_ACC_TRACK_SAVED_BITS_SHIFT)
74static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED_MASK));
75
76/*
77 * {DEFAULT,EPT}_SPTE_{HOST,MMU}_WRITABLE are used to keep track of why a given
78 * SPTE is write-protected. See is_writable_pte() for details.
79 */
80
81/* Bits 9 and 10 are ignored by all non-EPT PTEs. */
82#define DEFAULT_SPTE_HOST_WRITABLE BIT_ULL(9)
83#define DEFAULT_SPTE_MMU_WRITABLE BIT_ULL(10)
84
85/*
86 * Low ignored bits are at a premium for EPT, use high ignored bits, taking care
87 * to not overlap the A/D type mask or the saved access bits of access-tracked
88 * SPTEs when A/D bits are disabled.
89 */
90#define EPT_SPTE_HOST_WRITABLE BIT_ULL(57)
91#define EPT_SPTE_MMU_WRITABLE BIT_ULL(58)
92
93static_assert(!(EPT_SPTE_HOST_WRITABLE & SPTE_TDP_AD_MASK));
94static_assert(!(EPT_SPTE_MMU_WRITABLE & SPTE_TDP_AD_MASK));
95static_assert(!(EPT_SPTE_HOST_WRITABLE & SHADOW_ACC_TRACK_SAVED_MASK));
96static_assert(!(EPT_SPTE_MMU_WRITABLE & SHADOW_ACC_TRACK_SAVED_MASK));
97
98/* Defined only to keep the above static asserts readable. */
99#undef SHADOW_ACC_TRACK_SAVED_MASK
100
101/*
102 * Due to limited space in PTEs, the MMIO generation is a 19 bit subset of
103 * the memslots generation and is derived as follows:
104 *
105 * Bits 0-7 of the MMIO generation are propagated to spte bits 3-10
106 * Bits 8-18 of the MMIO generation are propagated to spte bits 52-62
107 *
108 * The KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS flag is intentionally not included in
109 * the MMIO generation number, as doing so would require stealing a bit from
110 * the "real" generation number and thus effectively halve the maximum number
111 * of MMIO generations that can be handled before encountering a wrap (which
112 * requires a full MMU zap). The flag is instead explicitly queried when
113 * checking for MMIO spte cache hits.
114 */
115
116#define MMIO_SPTE_GEN_LOW_START 3
117#define MMIO_SPTE_GEN_LOW_END 10
118
119#define MMIO_SPTE_GEN_HIGH_START 52
120#define MMIO_SPTE_GEN_HIGH_END 62
121
122#define MMIO_SPTE_GEN_LOW_MASK GENMASK_ULL(MMIO_SPTE_GEN_LOW_END, \
123 MMIO_SPTE_GEN_LOW_START)
124#define MMIO_SPTE_GEN_HIGH_MASK GENMASK_ULL(MMIO_SPTE_GEN_HIGH_END, \
125 MMIO_SPTE_GEN_HIGH_START)
126static_assert(!(SPTE_MMU_PRESENT_MASK &
127 (MMIO_SPTE_GEN_LOW_MASK | MMIO_SPTE_GEN_HIGH_MASK)));
128
129/*
130 * The SPTE MMIO mask must NOT overlap the MMIO generation bits or the
131 * MMU-present bit. The generation obviously co-exists with the magic MMIO
132 * mask/value, and MMIO SPTEs are considered !MMU-present.
133 *
134 * The SPTE MMIO mask is allowed to use hardware "present" bits (i.e. all EPT
135 * RWX bits), all physical address bits (legal PA bits are used for "fast" MMIO
136 * and so they're off-limits for generation; additional checks ensure the mask
137 * doesn't overlap legal PA bits), and bit 63 (carved out for future usage).
138 */
139#define SPTE_MMIO_ALLOWED_MASK (BIT_ULL(63) | GENMASK_ULL(51, 12) | GENMASK_ULL(2, 0))
140static_assert(!(SPTE_MMIO_ALLOWED_MASK &
141 (SPTE_MMU_PRESENT_MASK | MMIO_SPTE_GEN_LOW_MASK | MMIO_SPTE_GEN_HIGH_MASK)));
142
143#define MMIO_SPTE_GEN_LOW_BITS (MMIO_SPTE_GEN_LOW_END - MMIO_SPTE_GEN_LOW_START + 1)
144#define MMIO_SPTE_GEN_HIGH_BITS (MMIO_SPTE_GEN_HIGH_END - MMIO_SPTE_GEN_HIGH_START + 1)
145
146/* remember to adjust the comment above as well if you change these */
147static_assert(MMIO_SPTE_GEN_LOW_BITS == 8 && MMIO_SPTE_GEN_HIGH_BITS == 11);
148
149#define MMIO_SPTE_GEN_LOW_SHIFT (MMIO_SPTE_GEN_LOW_START - 0)
150#define MMIO_SPTE_GEN_HIGH_SHIFT (MMIO_SPTE_GEN_HIGH_START - MMIO_SPTE_GEN_LOW_BITS)
151
152#define MMIO_SPTE_GEN_MASK GENMASK_ULL(MMIO_SPTE_GEN_LOW_BITS + MMIO_SPTE_GEN_HIGH_BITS - 1, 0)
153
154/*
155 * Non-present SPTE value needs to set bit 63 for TDX, in order to suppress
156 * #VE and get EPT violations on non-present PTEs. We can use the
157 * same value also without TDX for both VMX and SVM:
158 *
159 * For SVM NPT, for non-present spte (bit 0 = 0), other bits are ignored.
160 * For VMX EPT, bit 63 is ignored if #VE is disabled. (EPT_VIOLATION_VE=0)
161 * bit 63 is #VE suppress if #VE is enabled. (EPT_VIOLATION_VE=1)
162 */
163#ifdef CONFIG_X86_64
164#define SHADOW_NONPRESENT_VALUE BIT_ULL(63)
165static_assert(!(SHADOW_NONPRESENT_VALUE & SPTE_MMU_PRESENT_MASK));
166#else
167#define SHADOW_NONPRESENT_VALUE 0ULL
168#endif
169
170
171/*
172 * True if A/D bits are supported in hardware and are enabled by KVM. When
173 * enabled, KVM uses A/D bits for all non-nested MMUs. Because L1 can disable
174 * A/D bits in EPTP12, SP and SPTE variants are needed to handle the scenario
175 * where KVM is using A/D bits for L1, but not L2.
176 */
177extern bool __read_mostly kvm_ad_enabled;
178
179extern u64 __read_mostly shadow_host_writable_mask;
180extern u64 __read_mostly shadow_mmu_writable_mask;
181extern u64 __read_mostly shadow_nx_mask;
182extern u64 __read_mostly shadow_x_mask; /* mutual exclusive with nx_mask */
183extern u64 __read_mostly shadow_user_mask;
184extern u64 __read_mostly shadow_accessed_mask;
185extern u64 __read_mostly shadow_dirty_mask;
186extern u64 __read_mostly shadow_mmio_value;
187extern u64 __read_mostly shadow_mmio_mask;
188extern u64 __read_mostly shadow_mmio_access_mask;
189extern u64 __read_mostly shadow_present_mask;
190extern u64 __read_mostly shadow_me_value;
191extern u64 __read_mostly shadow_me_mask;
192
193/*
194 * SPTEs in MMUs without A/D bits are marked with SPTE_TDP_AD_DISABLED;
195 * shadow_acc_track_mask is the set of bits to be cleared in non-accessed
196 * pages.
197 */
198extern u64 __read_mostly shadow_acc_track_mask;
199
200/*
201 * This mask must be set on all non-zero Non-Present or Reserved SPTEs in order
202 * to guard against L1TF attacks.
203 */
204extern u64 __read_mostly shadow_nonpresent_or_rsvd_mask;
205
206/*
207 * The number of high-order 1 bits to use in the mask above.
208 */
209#define SHADOW_NONPRESENT_OR_RSVD_MASK_LEN 5
210
211/*
212 * If a thread running without exclusive control of the MMU lock must perform a
213 * multi-part operation on an SPTE, it can set the SPTE to FROZEN_SPTE as a
214 * non-present intermediate value. Other threads which encounter this value
215 * should not modify the SPTE.
216 *
217 * Use a semi-arbitrary value that doesn't set RWX bits, i.e. is not-present on
218 * both AMD and Intel CPUs, and doesn't set PFN bits, i.e. doesn't create a L1TF
219 * vulnerability.
220 *
221 * Only used by the TDP MMU.
222 */
223#define FROZEN_SPTE (SHADOW_NONPRESENT_VALUE | 0x5a0ULL)
224
225/* Frozen SPTEs must not be misconstrued as shadow present PTEs. */
226static_assert(!(FROZEN_SPTE & SPTE_MMU_PRESENT_MASK));
227
228static inline bool is_frozen_spte(u64 spte)
229{
230 return spte == FROZEN_SPTE;
231}
232
233/* Get an SPTE's index into its parent's page table (and the spt array). */
234static inline int spte_index(u64 *sptep)
235{
236 return ((unsigned long)sptep / sizeof(*sptep)) & (SPTE_ENT_PER_PAGE - 1);
237}
238
239/*
240 * In some cases, we need to preserve the GFN of a non-present or reserved
241 * SPTE when we usurp the upper five bits of the physical address space to
242 * defend against L1TF, e.g. for MMIO SPTEs. To preserve the GFN, we'll
243 * shift bits of the GFN that overlap with shadow_nonpresent_or_rsvd_mask
244 * left into the reserved bits, i.e. the GFN in the SPTE will be split into
245 * high and low parts. This mask covers the lower bits of the GFN.
246 */
247extern u64 __read_mostly shadow_nonpresent_or_rsvd_lower_gfn_mask;
248
249static inline struct kvm_mmu_page *to_shadow_page(hpa_t shadow_page)
250{
251 struct page *page = pfn_to_page((shadow_page) >> PAGE_SHIFT);
252
253 return (struct kvm_mmu_page *)page_private(page);
254}
255
256static inline struct kvm_mmu_page *spte_to_child_sp(u64 spte)
257{
258 return to_shadow_page(shadow_page: spte & SPTE_BASE_ADDR_MASK);
259}
260
261static inline struct kvm_mmu_page *sptep_to_sp(u64 *sptep)
262{
263 return to_shadow_page(__pa(sptep));
264}
265
266static inline struct kvm_mmu_page *root_to_sp(hpa_t root)
267{
268 if (kvm_mmu_is_dummy_root(shadow_page: root))
269 return NULL;
270
271 /*
272 * The "root" may be a special root, e.g. a PAE entry, treat it as a
273 * SPTE to ensure any non-PA bits are dropped.
274 */
275 return spte_to_child_sp(spte: root);
276}
277
278static inline bool is_mirror_sptep(tdp_ptep_t sptep)
279{
280 return is_mirror_sp(sp: sptep_to_sp(rcu_dereference(sptep)));
281}
282
283static inline bool is_mmio_spte(struct kvm *kvm, u64 spte)
284{
285 return (spte & shadow_mmio_mask) == kvm->arch.shadow_mmio_value &&
286 likely(enable_mmio_caching);
287}
288
289static inline bool is_shadow_present_pte(u64 pte)
290{
291 return !!(pte & SPTE_MMU_PRESENT_MASK);
292}
293
294static inline bool is_ept_ve_possible(u64 spte)
295{
296 return (shadow_present_mask & VMX_EPT_SUPPRESS_VE_BIT) &&
297 !(spte & VMX_EPT_SUPPRESS_VE_BIT) &&
298 (spte & VMX_EPT_RWX_MASK) != VMX_EPT_MISCONFIG_WX_VALUE;
299}
300
301static inline bool sp_ad_disabled(struct kvm_mmu_page *sp)
302{
303 return sp->role.ad_disabled;
304}
305
306static inline bool spte_ad_enabled(u64 spte)
307{
308 KVM_MMU_WARN_ON(!is_shadow_present_pte(spte));
309 return (spte & SPTE_TDP_AD_MASK) != SPTE_TDP_AD_DISABLED;
310}
311
312static inline bool spte_ad_need_write_protect(u64 spte)
313{
314 KVM_MMU_WARN_ON(!is_shadow_present_pte(spte));
315 /*
316 * This is benign for non-TDP SPTEs as SPTE_TDP_AD_ENABLED is '0',
317 * and non-TDP SPTEs will never set these bits. Optimize for 64-bit
318 * TDP and do the A/D type check unconditionally.
319 */
320 return (spte & SPTE_TDP_AD_MASK) != SPTE_TDP_AD_ENABLED;
321}
322
323static inline bool is_access_track_spte(u64 spte)
324{
325 return !spte_ad_enabled(spte) && (spte & shadow_acc_track_mask) == 0;
326}
327
328static inline bool is_large_pte(u64 pte)
329{
330 return pte & PT_PAGE_SIZE_MASK;
331}
332
333static inline bool is_last_spte(u64 pte, int level)
334{
335 return (level == PG_LEVEL_4K) || is_large_pte(pte);
336}
337
338static inline bool is_executable_pte(u64 spte)
339{
340 return (spte & (shadow_x_mask | shadow_nx_mask)) == shadow_x_mask;
341}
342
343static inline kvm_pfn_t spte_to_pfn(u64 pte)
344{
345 return (pte & SPTE_BASE_ADDR_MASK) >> PAGE_SHIFT;
346}
347
348static inline bool is_accessed_spte(u64 spte)
349{
350 return spte & shadow_accessed_mask;
351}
352
353static inline u64 get_rsvd_bits(struct rsvd_bits_validate *rsvd_check, u64 pte,
354 int level)
355{
356 int bit7 = (pte >> 7) & 1;
357
358 return rsvd_check->rsvd_bits_mask[bit7][level-1];
359}
360
361static inline bool __is_rsvd_bits_set(struct rsvd_bits_validate *rsvd_check,
362 u64 pte, int level)
363{
364 return pte & get_rsvd_bits(rsvd_check, pte, level);
365}
366
367static inline bool __is_bad_mt_xwr(struct rsvd_bits_validate *rsvd_check,
368 u64 pte)
369{
370 return rsvd_check->bad_mt_xwr & BIT_ULL(pte & 0x3f);
371}
372
373static __always_inline bool is_rsvd_spte(struct rsvd_bits_validate *rsvd_check,
374 u64 spte, int level)
375{
376 return __is_bad_mt_xwr(rsvd_check, pte: spte) ||
377 __is_rsvd_bits_set(rsvd_check, pte: spte, level);
378}
379
380/*
381 * A shadow-present leaf SPTE may be non-writable for 4 possible reasons:
382 *
383 * 1. To intercept writes for dirty logging. KVM write-protects huge pages
384 * so that they can be split down into the dirty logging
385 * granularity (4KiB) whenever the guest writes to them. KVM also
386 * write-protects 4KiB pages so that writes can be recorded in the dirty log
387 * (e.g. if not using PML). SPTEs are write-protected for dirty logging
388 * during the VM-iotcls that enable dirty logging.
389 *
390 * 2. To intercept writes to guest page tables that KVM is shadowing. When a
391 * guest writes to its page table the corresponding shadow page table will
392 * be marked "unsync". That way KVM knows which shadow page tables need to
393 * be updated on the next TLB flush, INVLPG, etc. and which do not.
394 *
395 * 3. To prevent guest writes to read-only memory, such as for memory in a
396 * read-only memslot or guest memory backed by a read-only VMA. Writes to
397 * such pages are disallowed entirely.
398 *
399 * 4. To emulate the Accessed bit for SPTEs without A/D bits. Note, in this
400 * case, the SPTE is access-protected, not just write-protected!
401 *
402 * For cases #1 and #4, KVM can safely make such SPTEs writable without taking
403 * mmu_lock as capturing the Accessed/Dirty state doesn't require taking it.
404 * To differentiate #1 and #4 from #2 and #3, KVM uses two software-only bits
405 * in the SPTE:
406 *
407 * shadow_mmu_writable_mask, aka MMU-writable -
408 * Cleared on SPTEs that KVM is currently write-protecting for shadow paging
409 * purposes (case 2 above).
410 *
411 * shadow_host_writable_mask, aka Host-writable -
412 * Cleared on SPTEs that are not host-writable (case 3 above)
413 *
414 * Note, not all possible combinations of PT_WRITABLE_MASK,
415 * shadow_mmu_writable_mask, and shadow_host_writable_mask are valid. A given
416 * SPTE can be in only one of the following states, which map to the
417 * aforementioned 3 cases:
418 *
419 * shadow_host_writable_mask | shadow_mmu_writable_mask | PT_WRITABLE_MASK
420 * ------------------------- | ------------------------ | ----------------
421 * 1 | 1 | 1 (writable)
422 * 1 | 1 | 0 (case 1)
423 * 1 | 0 | 0 (case 2)
424 * 0 | 0 | 0 (case 3)
425 *
426 * The valid combinations of these bits are checked by
427 * check_spte_writable_invariants() whenever an SPTE is modified.
428 *
429 * Clearing the MMU-writable bit is always done under the MMU lock and always
430 * accompanied by a TLB flush before dropping the lock to avoid corrupting the
431 * shadow page tables between vCPUs. Write-protecting an SPTE for dirty logging
432 * (which does not clear the MMU-writable bit), does not flush TLBs before
433 * dropping the lock, as it only needs to synchronize guest writes with the
434 * dirty bitmap. Similarly, making the SPTE inaccessible (and non-writable) for
435 * access-tracking via the clear_young() MMU notifier also does not flush TLBs.
436 *
437 * So, there is the problem: clearing the MMU-writable bit can encounter a
438 * write-protected SPTE while CPUs still have writable mappings for that SPTE
439 * cached in their TLB. To address this, KVM always flushes TLBs when
440 * write-protecting SPTEs if the MMU-writable bit is set on the old SPTE.
441 *
442 * The Host-writable bit is not modified on present SPTEs, it is only set or
443 * cleared when an SPTE is first faulted in from non-present and then remains
444 * immutable.
445 */
446static inline bool is_writable_pte(unsigned long pte)
447{
448 return pte & PT_WRITABLE_MASK;
449}
450
451/* Note: spte must be a shadow-present leaf SPTE. */
452static inline void check_spte_writable_invariants(u64 spte)
453{
454 if (spte & shadow_mmu_writable_mask)
455 WARN_ONCE(!(spte & shadow_host_writable_mask),
456 KBUILD_MODNAME ": MMU-writable SPTE is not Host-writable: %llx",
457 spte);
458 else
459 WARN_ONCE(is_writable_pte(spte),
460 KBUILD_MODNAME ": Writable SPTE is not MMU-writable: %llx", spte);
461}
462
463static inline bool is_mmu_writable_spte(u64 spte)
464{
465 return spte & shadow_mmu_writable_mask;
466}
467
468/*
469 * Returns true if the access indicated by @fault is allowed by the existing
470 * SPTE protections. Note, the caller is responsible for checking that the
471 * SPTE is a shadow-present, leaf SPTE (either before or after).
472 */
473static inline bool is_access_allowed(struct kvm_page_fault *fault, u64 spte)
474{
475 if (fault->exec)
476 return is_executable_pte(spte);
477
478 if (fault->write)
479 return is_writable_pte(pte: spte);
480
481 /* Fault was on Read access */
482 return spte & PT_PRESENT_MASK;
483}
484
485/*
486 * If the MMU-writable flag is cleared, i.e. the SPTE is write-protected for
487 * write-tracking, remote TLBs must be flushed, even if the SPTE was read-only,
488 * as KVM allows stale Writable TLB entries to exist. When dirty logging, KVM
489 * flushes TLBs based on whether or not dirty bitmap/ring entries were reaped,
490 * not whether or not SPTEs were modified, i.e. only the write-tracking case
491 * needs to flush at the time the SPTEs is modified, before dropping mmu_lock.
492 *
493 * Don't flush if the Accessed bit is cleared, as access tracking tolerates
494 * false negatives, e.g. KVM x86 omits TLB flushes even when aging SPTEs for a
495 * mmu_notifier.clear_flush_young() event.
496 *
497 * Lastly, don't flush if the Dirty bit is cleared, as KVM unconditionally
498 * flushes when enabling dirty logging (see kvm_mmu_slot_apply_flags()), and
499 * when clearing dirty logs, KVM flushes based on whether or not dirty entries
500 * were reaped from the bitmap/ring, not whether or not dirty SPTEs were found.
501 *
502 * Note, this logic only applies to shadow-present leaf SPTEs. The caller is
503 * responsible for checking that the old SPTE is shadow-present, and is also
504 * responsible for determining whether or not a TLB flush is required when
505 * modifying a shadow-present non-leaf SPTE.
506 */
507static inline bool leaf_spte_change_needs_tlb_flush(u64 old_spte, u64 new_spte)
508{
509 return is_mmu_writable_spte(spte: old_spte) && !is_mmu_writable_spte(spte: new_spte);
510}
511
512static inline u64 get_mmio_spte_generation(u64 spte)
513{
514 u64 gen;
515
516 gen = (spte & MMIO_SPTE_GEN_LOW_MASK) >> MMIO_SPTE_GEN_LOW_SHIFT;
517 gen |= (spte & MMIO_SPTE_GEN_HIGH_MASK) >> MMIO_SPTE_GEN_HIGH_SHIFT;
518 return gen;
519}
520
521bool spte_needs_atomic_update(u64 spte);
522
523bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
524 const struct kvm_memory_slot *slot,
525 unsigned int pte_access, gfn_t gfn, kvm_pfn_t pfn,
526 u64 old_spte, bool prefetch, bool synchronizing,
527 bool host_writable, u64 *new_spte);
528u64 make_small_spte(struct kvm *kvm, u64 huge_spte,
529 union kvm_mmu_page_role role, int index);
530u64 make_huge_spte(struct kvm *kvm, u64 small_spte, int level);
531u64 make_nonleaf_spte(u64 *child_pt, bool ad_disabled);
532u64 make_mmio_spte(struct kvm_vcpu *vcpu, u64 gfn, unsigned int access);
533u64 mark_spte_for_access_track(u64 spte);
534
535/* Restore an acc-track PTE back to a regular PTE */
536static inline u64 restore_acc_track_spte(u64 spte)
537{
538 u64 saved_bits = (spte >> SHADOW_ACC_TRACK_SAVED_BITS_SHIFT)
539 & SHADOW_ACC_TRACK_SAVED_BITS_MASK;
540
541 spte &= ~shadow_acc_track_mask;
542 spte &= ~(SHADOW_ACC_TRACK_SAVED_BITS_MASK <<
543 SHADOW_ACC_TRACK_SAVED_BITS_SHIFT);
544 spte |= saved_bits;
545
546 return spte;
547}
548
549void __init kvm_mmu_spte_module_init(void);
550void kvm_mmu_reset_all_pte_masks(void);
551
552#endif
553

Provided by KDAB

Privacy Policy
Improve your Profiling and Debugging skills
Find out more

source code of linux/arch/x86/kvm/mmu/spte.h