spte.h - OpenGrok cross reference for /kernel/linux/linux-6.6/arch/x86/kvm/mmu/spte.h

Lines Matching +full:hardware +full:- +full:protected
1 // SPDX-License-Identifier: GPL-2.0-only
11  * in hardware.  E.g. MMIO SPTEs are not considered present.  Use bit 11, as it
20  * be restricted to using write-protection (for L2 when CPU dirty logging, i.e.
26  * is guaranteed to have A/D bits and write-protection is forced only for
27  * TDP with CPU dirty logging (PML).  If NPT ever gains PML-like support, it
28  * must be restricted to 64-bit KVM.
38 #define SPTE_BASE_ADDR_MASK (physical_mask & ~(u64)(PAGE_SIZE-1))
40 #define SPTE_BASE_ADDR_MASK (((1ULL << 52) - 1) & ~(u64)(PAGE_SIZE-1))
62  * as not-present for access tracking purposes. We do not save the W bit as the
76  * SPTE is write-protected. See is_writable_pte() for details.
79 /* Bits 9 and 10 are ignored by all non-EPT PTEs. */
85  * to not overlap the A/D type mask or the saved access bits of access-tracked
103  * Bits 0-7 of the MMIO generation are propagated to spte bits 3-10
104  * Bits 8-18 of the MMIO generation are propagated to spte bits 52-62
129  * MMU-present bit.  The generation obviously co-exists with the magic MMIO
130  * mask/value, and MMIO SPTEs are considered !MMU-present.
132  * The SPTE MMIO mask is allowed to use hardware "present" bits (i.e. all EPT
134  * and so they're off-limits for generation; additional checks ensure the mask
141 #define MMIO_SPTE_GEN_LOW_BITS		(MMIO_SPTE_GEN_LOW_END - MMIO_SPTE_GEN_LOW_START + 1)
142 #define MMIO_SPTE_GEN_HIGH_BITS		(MMIO_SPTE_GEN_HIGH_END - MMIO_SPTE_GEN_HIGH_START + 1)
147 #define MMIO_SPTE_GEN_LOW_SHIFT		(MMIO_SPTE_GEN_LOW_START - 0)
148 #define MMIO_SPTE_GEN_HIGH_SHIFT	(MMIO_SPTE_GEN_HIGH_START - MMIO_SPTE_GEN_LOW_BITS)
150 #define MMIO_SPTE_GEN_MASK		GENMASK_ULL(MMIO_SPTE_GEN_LOW_BITS + MMIO_SPTE_GEN_HIGH_BITS - 1, 0)
169  * shadow_acc_track_mask is the set of bits to be cleared in non-accessed
175  * This mask must be set on all non-zero Non-Present or Reserved SPTEs in order
181  * The number of high-order 1 bits to use in the mask above.
187  * multi-part operation on an SPTE, it can set the SPTE to REMOVED_SPTE as a
188  * non-present intermediate value. Other threads which encounter this value
191  * Use a semi-arbitrary value that doesn't set RWX bits, i.e. is not-present on
193  * vulnerability.  Use only low bits to avoid 64-bit immediates.
210 	return ((unsigned long)sptep / sizeof(*sptep)) & (SPTE_ENT_PER_PAGE - 1);  in spte_index()
214  * In some cases, we need to preserve the GFN of a non-present or reserved
247 	 * SPTE to ensure any non-PA bits are dropped.  in root_to_sp()
264  * Returns true if A/D bits are supported in hardware and are enabled by KVM.
265  * When enabled, KVM uses A/D bits for all non-nested MMUs.  Because L1 can
276 	return sp->role.ad_disabled;  in sp_ad_disabled()
289 	 * This is benign for non-TDP SPTEs as SPTE_TDP_AD_ENABLED is '0',  in spte_ad_need_write_protect()
290 	 * and non-TDP SPTEs will never set these bits.  Optimize for 64-bit  in spte_ad_need_write_protect()
353 	return rsvd_check->rsvd_bits_mask[bit7][level-1];  in get_rsvd_bits()
365 	return rsvd_check->bad_mt_xwr & BIT_ULL(pte & 0x3f);  in __is_bad_mt_xwr()
376  * A shadow-present leaf SPTE may be non-writable for 4 possible reasons:
378  *  1. To intercept writes for dirty logging. KVM write-protects huge pages
381  *     write-protects 4KiB pages so that writes can be recorded in the dirty log
382  *     (e.g. if not using PML). SPTEs are write-protected for dirty logging
383  *     during the VM-iotcls that enable dirty logging.
390  *  3. To prevent guest writes to read-only memory, such as for memory in a
391  *     read-only memslot or guest memory backed by a read-only VMA. Writes to
395  *     case, the SPTE is access-protected, not just write-protected!
399  * To differentiate #1 and #4 from #2 and #3, KVM uses two software-only bits
402  *  shadow_mmu_writable_mask, aka MMU-writable -
403  *    Cleared on SPTEs that KVM is currently write-protecting for shadow paging
406  *  shadow_host_writable_mask, aka Host-writable -
407  *    Cleared on SPTEs that are not host-writable (case 3 above)
415  *   ------------------------- | ------------------------ | ----------------
424  * Clearing the MMU-writable bit is always done under the MMU lock and always
426  * shadow page tables between vCPUs. Write-protecting an SPTE for dirty logging
427  * (which does not clear the MMU-writable bit), does not flush TLBs before
429  * dirty bitmap. Similarly, making the SPTE inaccessible (and non-writable) for
430  * access-tracking via the clear_young() MMU notifier also does not flush TLBs.
432  * So, there is the problem: clearing the MMU-writable bit can encounter a
433  * write-protected SPTE while CPUs still have writable mappings for that SPTE
435  * write-protecting SPTEs if the MMU-writable bit is set on the old SPTE.
437  * The Host-writable bit is not modified on present SPTEs, it is only set or
438  * cleared when an SPTE is first faulted in from non-present and then remains
446 /* Note: spte must be a shadow-present leaf SPTE. */
451 			  KBUILD_MODNAME ": MMU-writable SPTE is not Host-writable: %llx",  in check_spte_writable_invariants()
455 			  KBUILD_MODNAME ": Writable SPTE is not MMU-writable: %llx", spte);  in check_spte_writable_invariants()
485 /* Restore an acc-track PTE back to a regular PTE */