ia64/xen-unstable

view xen/arch/x86/x86_32/mm.c @ 11240:80c5350a68f1

[XEN] Clean up some x86 bootstrap code. Replace some CPU iterators
with for_each_cpu() -- we want to ensure that per_cpu areas are
accessed only for cpus in cpu_possible_map.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Tue Aug 22 11:19:48 2006 +0100 (2006-08-22)
parents 0f917d63e960
children 1d83974d08b1
line source
1 /******************************************************************************
2 * arch/x86/x86_32/mm.c
3 *
4 * Modifications to Linux original are copyright (c) 2004, K A Fraser
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 #include <xen/config.h>
22 #include <xen/lib.h>
23 #include <xen/init.h>
24 #include <xen/mm.h>
25 #include <xen/sched.h>
26 #include <xen/guest_access.h>
27 #include <asm/current.h>
28 #include <asm/page.h>
29 #include <asm/flushtlb.h>
30 #include <asm/fixmap.h>
31 #include <public/memory.h>
33 unsigned int PAGE_HYPERVISOR = __PAGE_HYPERVISOR;
34 unsigned int PAGE_HYPERVISOR_NOCACHE = __PAGE_HYPERVISOR_NOCACHE;
36 static unsigned long mpt_size;
38 struct page_info *alloc_xen_pagetable(void)
39 {
40 extern int early_boot;
41 extern unsigned long xenheap_phys_start;
42 struct page_info *pg;
44 if ( !early_boot )
45 {
46 void *v = alloc_xenheap_page();
47 return ((v == NULL) ? NULL : virt_to_page(v));
48 }
50 pg = maddr_to_page(xenheap_phys_start);
51 xenheap_phys_start += PAGE_SIZE;
52 return pg;
53 }
55 void free_xen_pagetable(struct page_info *pg)
56 {
57 free_xenheap_page(page_to_virt(pg));
58 }
60 l2_pgentry_t *virt_to_xen_l2e(unsigned long v)
61 {
62 return &idle_pg_table_l2[l2_linear_offset(v)];
63 }
65 void __init paging_init(void)
66 {
67 void *ioremap_pt;
68 unsigned long v;
69 struct page_info *pg;
70 int i;
72 #ifdef CONFIG_X86_PAE
73 printk("PAE enabled, limit: %d GB\n", MACHPHYS_MBYTES);
74 #else
75 printk("PAE disabled.\n");
76 #endif
78 if ( cpu_has_pge )
79 {
80 /* Suitable Xen mapping can be GLOBAL. */
81 set_in_cr4(X86_CR4_PGE);
82 PAGE_HYPERVISOR |= _PAGE_GLOBAL;
83 PAGE_HYPERVISOR_NOCACHE |= _PAGE_GLOBAL;
84 /* Transform early mappings (e.g., the frametable). */
85 for ( v = HYPERVISOR_VIRT_START; v; v += (1 << L2_PAGETABLE_SHIFT) )
86 if ( (l2e_get_flags(idle_pg_table_l2[l2_linear_offset(v)]) &
87 (_PAGE_PSE|_PAGE_PRESENT)) == (_PAGE_PSE|_PAGE_PRESENT) )
88 l2e_add_flags(idle_pg_table_l2[l2_linear_offset(v)],
89 _PAGE_GLOBAL);
90 }
92 /*
93 * Allocate and map the machine-to-phys table and create read-only mapping
94 * of MPT for guest-OS use.
95 */
96 mpt_size = (max_page * BYTES_PER_LONG) + (1UL << L2_PAGETABLE_SHIFT) - 1;
97 mpt_size &= ~((1UL << L2_PAGETABLE_SHIFT) - 1UL);
98 for ( i = 0; i < (mpt_size >> L2_PAGETABLE_SHIFT); i++ )
99 {
100 if ( (pg = alloc_domheap_pages(NULL, PAGETABLE_ORDER, 0)) == NULL )
101 panic("Not enough memory to bootstrap Xen.\n");
102 idle_pg_table_l2[l2_linear_offset(RDWR_MPT_VIRT_START) + i] =
103 l2e_from_page(pg, PAGE_HYPERVISOR | _PAGE_PSE);
104 /* NB. Cannot be GLOBAL as shadow_mode_translate reuses this area. */
105 idle_pg_table_l2[l2_linear_offset(RO_MPT_VIRT_START) + i] =
106 l2e_from_page(pg, (__PAGE_HYPERVISOR | _PAGE_PSE) & ~_PAGE_RW);
107 }
109 /* Fill with an obvious debug pattern. */
110 for ( i = 0; i < (mpt_size / BYTES_PER_LONG); i++)
111 set_gpfn_from_mfn(i, 0x55555555);
113 /* Create page tables for ioremap(). */
114 for ( i = 0; i < (IOREMAP_MBYTES >> (L2_PAGETABLE_SHIFT - 20)); i++ )
115 {
116 ioremap_pt = alloc_xenheap_page();
117 clear_page(ioremap_pt);
118 idle_pg_table_l2[l2_linear_offset(IOREMAP_VIRT_START) + i] =
119 l2e_from_page(virt_to_page(ioremap_pt), __PAGE_HYPERVISOR);
120 }
121 }
123 void __init setup_idle_pagetable(void)
124 {
125 int i;
127 for ( i = 0; i < PDPT_L2_ENTRIES; i++ )
128 idle_pg_table_l2[l2_linear_offset(PERDOMAIN_VIRT_START) + i] =
129 l2e_from_page(virt_to_page(idle_vcpu[0]->domain->
130 arch.mm_perdomain_pt) + i,
131 __PAGE_HYPERVISOR);
132 }
134 void __init zap_low_mappings(l2_pgentry_t *base)
135 {
136 int i;
137 u32 addr;
139 for (i = 0; ; i++) {
140 addr = (i << L2_PAGETABLE_SHIFT);
141 if (addr >= HYPERVISOR_VIRT_START)
142 break;
143 if (l2e_get_paddr(base[i]) != addr)
144 continue;
145 base[i] = l2e_empty();
146 }
147 flush_tlb_all_pge();
148 }
150 void subarch_init_memory(void)
151 {
152 unsigned long m2p_start_mfn;
153 unsigned int i, j;
155 /*
156 * We are rather picky about the layout of 'struct page_info'. The
157 * count_info and domain fields must be adjacent, as we perform atomic
158 * 64-bit operations on them. Also, just for sanity, we assert the size
159 * of the structure here.
160 */
161 BUILD_BUG_ON(offsetof(struct page_info, u.inuse._domain) !=
162 (offsetof(struct page_info, count_info) + sizeof(u32)));
163 BUILD_BUG_ON((offsetof(struct page_info, count_info) & 7) != 0);
164 BUILD_BUG_ON(sizeof(struct page_info) != 24);
166 /* M2P table is mappable read-only by privileged domains. */
167 for ( i = 0; i < (mpt_size >> L2_PAGETABLE_SHIFT); i++ )
168 {
169 m2p_start_mfn = l2e_get_pfn(
170 idle_pg_table_l2[l2_linear_offset(RDWR_MPT_VIRT_START) + i]);
171 for ( j = 0; j < L2_PAGETABLE_ENTRIES; j++ )
172 {
173 struct page_info *page = mfn_to_page(m2p_start_mfn + j);
174 share_xen_page_with_privileged_guests(page, XENSHARE_readonly);
175 }
176 }
178 if ( supervisor_mode_kernel )
179 {
180 /* Guest kernel runs in ring 0, not ring 1. */
181 struct desc_struct *d;
182 d = &gdt_table[(FLAT_RING1_CS >> 3) - FIRST_RESERVED_GDT_ENTRY];
183 d[0].b &= ~_SEGMENT_DPL;
184 d[1].b &= ~_SEGMENT_DPL;
185 }
186 }
188 long subarch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
189 {
190 struct xen_machphys_mfn_list xmml;
191 unsigned long mfn;
192 unsigned int i, max;
193 long rc = 0;
195 switch ( op )
196 {
197 case XENMEM_machphys_mfn_list:
198 if ( copy_from_guest(&xmml, arg, 1) )
199 return -EFAULT;
201 max = min_t(unsigned int, xmml.max_extents, mpt_size >> 21);
203 for ( i = 0; i < max; i++ )
204 {
205 mfn = l2e_get_pfn(idle_pg_table_l2[l2_linear_offset(
206 RDWR_MPT_VIRT_START + (i << 21))]) + l1_table_offset(i << 21);
207 if ( copy_to_guest_offset(xmml.extent_start, i, &mfn, 1) )
208 return -EFAULT;
209 }
211 xmml.nr_extents = i;
212 if ( copy_to_guest(arg, &xmml, 1) )
213 return -EFAULT;
215 break;
217 default:
218 rc = -ENOSYS;
219 break;
220 }
222 return rc;
223 }
225 long do_stack_switch(unsigned long ss, unsigned long esp)
226 {
227 int nr = smp_processor_id();
228 struct tss_struct *t = &init_tss[nr];
230 fixup_guest_stack_selector(ss);
232 current->arch.guest_context.kernel_ss = ss;
233 current->arch.guest_context.kernel_sp = esp;
234 t->ss1 = ss;
235 t->esp1 = esp;
237 return 0;
238 }
240 /* Returns TRUE if given descriptor is valid for GDT or LDT. */
241 int check_descriptor(struct desc_struct *d)
242 {
243 unsigned long base, limit;
244 u32 a = d->a, b = d->b;
245 u16 cs;
247 /* Let a ring0 guest kernel set any descriptor it wants to. */
248 if ( supervisor_mode_kernel )
249 return 1;
251 /* A not-present descriptor will always fault, so is safe. */
252 if ( !(b & _SEGMENT_P) )
253 goto good;
255 /*
256 * We don't allow a DPL of zero. There is no legitimate reason for
257 * specifying DPL==0, and it gets rather dangerous if we also accept call
258 * gates (consider a call gate pointing at another kernel descriptor with
259 * DPL 0 -- this would get the OS ring-0 privileges).
260 */
261 if ( (b & _SEGMENT_DPL) < (GUEST_KERNEL_RPL << 13) )
262 d->b = b = (b & ~_SEGMENT_DPL) | (GUEST_KERNEL_RPL << 13);
264 if ( !(b & _SEGMENT_S) )
265 {
266 /*
267 * System segment:
268 * 1. Don't allow interrupt or trap gates as they belong in the IDT.
269 * 2. Don't allow TSS descriptors or task gates as we don't
270 * virtualise x86 tasks.
271 * 3. Don't allow LDT descriptors because they're unnecessary and
272 * I'm uneasy about allowing an LDT page to contain LDT
273 * descriptors. In any case, Xen automatically creates the
274 * required descriptor when reloading the LDT register.
275 * 4. We allow call gates but they must not jump to a private segment.
276 */
278 /* Disallow everything but call gates. */
279 if ( (b & _SEGMENT_TYPE) != 0xc00 )
280 goto bad;
282 /* Validate and fix up the target code selector. */
283 cs = a >> 16;
284 fixup_guest_code_selector(cs);
285 if ( !guest_gate_selector_okay(cs) )
286 goto bad;
287 a = d->a = (d->a & 0xffffU) | (cs << 16);
289 /* Reserved bits must be zero. */
290 if ( (b & 0xe0) != 0 )
291 goto bad;
293 /* No base/limit check is needed for a call gate. */
294 goto good;
295 }
297 /* Check that base is at least a page away from Xen-private area. */
298 base = (b&(0xff<<24)) | ((b&0xff)<<16) | (a>>16);
299 if ( base >= (GUEST_SEGMENT_MAX_ADDR - PAGE_SIZE) )
300 goto bad;
302 /* Check and truncate the limit if necessary. */
303 limit = (b&0xf0000) | (a&0xffff);
304 limit++; /* We add one because limit is inclusive. */
305 if ( (b & _SEGMENT_G) )
306 limit <<= 12;
308 if ( (b & (_SEGMENT_CODE | _SEGMENT_EC)) == _SEGMENT_EC )
309 {
310 /*
311 * DATA, GROWS-DOWN.
312 * Grows-down limit check.
313 * NB. limit == 0xFFFFF provides no access (if G=1).
314 * limit == 0x00000 provides 4GB-4kB access (if G=1).
315 */
316 if ( (base + limit) > base )
317 {
318 limit = -(base & PAGE_MASK);
319 goto truncate;
320 }
321 }
322 else
323 {
324 /*
325 * DATA, GROWS-UP.
326 * CODE (CONFORMING AND NON-CONFORMING).
327 * Grows-up limit check.
328 * NB. limit == 0xFFFFF provides 4GB access (if G=1).
329 * limit == 0x00000 provides 4kB access (if G=1).
330 */
331 if ( ((base + limit) <= base) ||
332 ((base + limit) > GUEST_SEGMENT_MAX_ADDR) )
333 {
334 limit = GUEST_SEGMENT_MAX_ADDR - base;
335 truncate:
336 if ( !(b & _SEGMENT_G) )
337 goto bad; /* too dangerous; too hard to work out... */
338 limit = (limit >> 12) - 1;
339 d->a &= ~0x0ffff; d->a |= limit & 0x0ffff;
340 d->b &= ~0xf0000; d->b |= limit & 0xf0000;
341 }
342 }
344 good:
345 return 1;
346 bad:
347 return 0;
348 }
350 /*
351 * Local variables:
352 * mode: C
353 * c-set-style: "BSD"
354 * c-basic-offset: 4
355 * tab-width: 4
356 * indent-tabs-mode: nil
357 * End:
358 */