ia64/xen-unstable

changeset 11453:bfd00b317815

[XEN] Revert changeset 11438. Needs fixing for PAE.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Mon Sep 11 01:55:03 2006 +0100 (2006-09-11)
parents 6f36370e373a
children 956e9aaf88c9
files xen/arch/ia64/xen/mm.c xen/arch/powerpc/mm.c xen/arch/x86/domain_build.c xen/arch/x86/mm.c xen/arch/x86/mm/shadow/common.c xen/arch/x86/mm/shadow/multi.c xen/include/asm-ia64/mm.h xen/include/asm-powerpc/mm.h xen/include/asm-x86/mm.h xen/include/asm-x86/x86_32/page-3level.h
line diff
     1.1 --- a/xen/arch/ia64/xen/mm.c	Sat Sep 09 20:48:16 2006 +0100
     1.2 +++ b/xen/arch/ia64/xen/mm.c	Mon Sep 11 01:55:03 2006 +0100
     1.3 @@ -1624,6 +1624,13 @@ void put_page_type(struct page_info *pag
     1.4                  nx &= ~PGT_validated;
     1.5              }
     1.6          }
     1.7 +        else if ( unlikely(((nx & (PGT_pinned | PGT_count_mask)) ==
     1.8 +                            (PGT_pinned | 1)) &&
     1.9 +                           ((nx & PGT_type_mask) != PGT_writable_page)) )
    1.10 +        {
    1.11 +            /* Page is now only pinned. Make the back pointer mutable again. */
    1.12 +            nx |= PGT_va_mutable;
    1.13 +        }
    1.14      }
    1.15      while ( unlikely((y = cmpxchg_rel(&page->u.inuse.type_info, x, nx)) != x) );
    1.16  }
    1.17 @@ -1633,8 +1640,6 @@ int get_page_type(struct page_info *page
    1.18  {
    1.19      u32 nx, x, y = page->u.inuse.type_info;
    1.20  
    1.21 -    ASSERT(!(type & ~PGT_type_mask));
    1.22 -
    1.23   again:
    1.24      do {
    1.25          x  = y;
    1.26 @@ -1646,25 +1651,29 @@ int get_page_type(struct page_info *page
    1.27          }
    1.28          else if ( unlikely((x & PGT_count_mask) == 0) )
    1.29          {
    1.30 -            if ( (x & PGT_type_mask) != type )
    1.31 +            if ( (x & (PGT_type_mask|PGT_va_mask)) != type )
    1.32              {
    1.33 -                /*
    1.34 -                 * On type change we check to flush stale TLB entries. This 
    1.35 -                 * may be unnecessary (e.g., page was GDT/LDT) but those 
    1.36 -                 * circumstances should be very rare.
    1.37 -                 */
    1.38 -                cpumask_t mask =
    1.39 -                    page_get_owner(page)->domain_dirty_cpumask;
    1.40 -                tlbflush_filter(mask, page->tlbflush_timestamp);
    1.41 +                if ( (x & PGT_type_mask) != (type & PGT_type_mask) )
    1.42 +                {
    1.43 +                    /*
    1.44 +                     * On type change we check to flush stale TLB
    1.45 +                     * entries. This may be unnecessary (e.g., page
    1.46 +                     * was GDT/LDT) but those circumstances should be
    1.47 +                     * very rare.
    1.48 +                     */
    1.49 +                    cpumask_t mask =
    1.50 +                        page_get_owner(page)->domain_dirty_cpumask;
    1.51 +                    tlbflush_filter(mask, page->tlbflush_timestamp);
    1.52  
    1.53 -                if ( unlikely(!cpus_empty(mask)) )
    1.54 -                {
    1.55 -                    perfc_incrc(need_flush_tlb_flush);
    1.56 -                    flush_tlb_mask(mask);
    1.57 +                    if ( unlikely(!cpus_empty(mask)) )
    1.58 +                    {
    1.59 +                        perfc_incrc(need_flush_tlb_flush);
    1.60 +                        flush_tlb_mask(mask);
    1.61 +                    }
    1.62                  }
    1.63  
    1.64                  /* We lose existing type, back pointer, and validity. */
    1.65 -                nx &= ~(PGT_type_mask | PGT_validated);
    1.66 +                nx &= ~(PGT_type_mask | PGT_va_mask | PGT_validated);
    1.67                  nx |= type;
    1.68  
    1.69                  /* No special validation needed for writable pages. */
    1.70 @@ -1673,22 +1682,46 @@ int get_page_type(struct page_info *page
    1.71                      nx |= PGT_validated;
    1.72              }
    1.73          }
    1.74 -        else if ( unlikely((x & PGT_type_mask) != type) )
    1.75 +        else
    1.76          {
    1.77 -            if ( ((x & PGT_type_mask) != PGT_l2_page_table) ||
    1.78 -                 (type != PGT_l1_page_table) )
    1.79 -                MEM_LOG("Bad type (saw %08x != exp %08x) "
    1.80 -                        "for mfn %016lx (pfn %016lx)",
    1.81 -                        x, type, page_to_mfn(page),
    1.82 -                        get_gpfn_from_mfn(page_to_mfn(page)));
    1.83 -            return 0;
    1.84 -        }
    1.85 -        else if ( unlikely(!(x & PGT_validated)) )
    1.86 -        {
    1.87 -            /* Someone else is updating validation of this page. Wait... */
    1.88 -            while ( (y = page->u.inuse.type_info) == x )
    1.89 -                cpu_relax();
    1.90 -            goto again;
    1.91 +            if ( unlikely((x & (PGT_type_mask|PGT_va_mask)) != type) )
    1.92 +            {
    1.93 +                if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
    1.94 +                {
    1.95 +                    if ( ((x & PGT_type_mask) != PGT_l2_page_table) ||
    1.96 +                         ((type & PGT_type_mask) != PGT_l1_page_table) )
    1.97 +                        MEM_LOG("Bad type (saw %08x != exp %08x) "
    1.98 +                                "for mfn %016lx (pfn %016lx)",
    1.99 +                                x, type, page_to_mfn(page),
   1.100 +                                get_gpfn_from_mfn(page_to_mfn(page)));
   1.101 +                    return 0;
   1.102 +                }
   1.103 +                else if ( (x & PGT_va_mask) == PGT_va_mutable )
   1.104 +                {
   1.105 +                    /* The va backpointer is mutable, hence we update it. */
   1.106 +                    nx &= ~PGT_va_mask;
   1.107 +                    nx |= type; /* we know the actual type is correct */
   1.108 +                }
   1.109 +                else if ( ((type & PGT_va_mask) != PGT_va_mutable) &&
   1.110 +                          ((type & PGT_va_mask) != (x & PGT_va_mask)) )
   1.111 +                {
   1.112 +#ifdef CONFIG_X86_PAE
   1.113 +                    /* We use backptr as extra typing. Cannot be unknown. */
   1.114 +                    if ( (type & PGT_type_mask) == PGT_l2_page_table )
   1.115 +                        return 0;
   1.116 +#endif
   1.117 +                    /* This table is possibly mapped at multiple locations. */
   1.118 +                    nx &= ~PGT_va_mask;
   1.119 +                    nx |= PGT_va_unknown;
   1.120 +                }
   1.121 +            }
   1.122 +            if ( unlikely(!(x & PGT_validated)) )
   1.123 +            {
   1.124 +                /* Someone else is updating validation of this page. Wait... */
   1.125 +                while ( (y = page->u.inuse.type_info) == x )
   1.126 +                    cpu_relax();
   1.127 +                goto again;
   1.128 +            }
   1.129          }
   1.130      }
   1.131      while ( unlikely((y = cmpxchg_acq(&page->u.inuse.type_info, x, nx)) != x) );
     2.1 --- a/xen/arch/powerpc/mm.c	Sat Sep 09 20:48:16 2006 +0100
     2.2 +++ b/xen/arch/powerpc/mm.c	Mon Sep 11 01:55:03 2006 +0100
     2.3 @@ -87,6 +87,12 @@ void put_page_type(struct page_info *pag
     2.4              /* Record TLB information for flush later. */
     2.5              page->tlbflush_timestamp = tlbflush_current_time();
     2.6          }
     2.7 +        else if ( unlikely((nx & (PGT_pinned|PGT_type_mask|PGT_count_mask)) == 
     2.8 +                           (PGT_pinned | 1)) )
     2.9 +        {
    2.10 +            /* Page is now only pinned. Make the back pointer mutable again. */
    2.11 +            nx |= PGT_va_mutable;
    2.12 +        }
    2.13      }
    2.14      while ( unlikely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x) );
    2.15  }
    2.16 @@ -96,8 +102,6 @@ int get_page_type(struct page_info *page
    2.17  {
    2.18      unsigned long nx, x, y = page->u.inuse.type_info;
    2.19  
    2.20 -    ASSERT(!(type & ~PGT_type_mask));
    2.21 -
    2.22   again:
    2.23      do {
    2.24          x  = y;
    2.25 @@ -109,25 +113,29 @@ int get_page_type(struct page_info *page
    2.26          }
    2.27          else if ( unlikely((x & PGT_count_mask) == 0) )
    2.28          {
    2.29 -            if ( (x & PGT_type_mask) != type )
    2.30 +            if ( (x & (PGT_type_mask|PGT_va_mask)) != type )
    2.31              {
    2.32 -                /*
    2.33 -                 * On type change we check to flush stale TLB entries. This 
    2.34 -                 * may be unnecessary (e.g., page was GDT/LDT) but those 
    2.35 -                 * circumstances should be very rare.
    2.36 -                 */
    2.37 -                cpumask_t mask =
    2.38 -                    page_get_owner(page)->domain_dirty_cpumask;
    2.39 -                tlbflush_filter(mask, page->tlbflush_timestamp);
    2.40 +                if ( (x & PGT_type_mask) != (type & PGT_type_mask) )
    2.41 +                {
    2.42 +                    /*
    2.43 +                     * On type change we check to flush stale TLB
    2.44 +                     * entries. This may be unnecessary (e.g., page
    2.45 +                     * was GDT/LDT) but those circumstances should be
    2.46 +                     * very rare.
    2.47 +                     */
    2.48 +                    cpumask_t mask =
    2.49 +                        page_get_owner(page)->domain_dirty_cpumask;
    2.50 +                    tlbflush_filter(mask, page->tlbflush_timestamp);
    2.51  
    2.52 -                if ( unlikely(!cpus_empty(mask)) )
    2.53 -                {
    2.54 -                    perfc_incrc(need_flush_tlb_flush);
    2.55 -                    flush_tlb_mask(mask);
    2.56 +                    if ( unlikely(!cpus_empty(mask)) )
    2.57 +                    {
    2.58 +                        perfc_incrc(need_flush_tlb_flush);
    2.59 +                        flush_tlb_mask(mask);
    2.60 +                    }
    2.61                  }
    2.62  
    2.63                  /* We lose existing type, back pointer, and validity. */
    2.64 -                nx &= ~(PGT_type_mask | PGT_validated);
    2.65 +                nx &= ~(PGT_type_mask | PGT_va_mask | PGT_validated);
    2.66                  nx |= type;
    2.67  
    2.68                  /* No special validation needed for writable pages. */
    2.69 @@ -136,16 +144,36 @@ int get_page_type(struct page_info *page
    2.70                      nx |= PGT_validated;
    2.71              }
    2.72          }
    2.73 -        else if ( unlikely((x & PGT_type_mask) != type) )
    2.74 +        else
    2.75          {
    2.76 -            return 0;
    2.77 -        }
    2.78 -        if ( unlikely(!(x & PGT_validated)) )
    2.79 -        {
    2.80 -            /* Someone else is updating validation of this page. Wait... */
    2.81 -            while ( (y = page->u.inuse.type_info) == x )
    2.82 -                cpu_relax();
    2.83 -            goto again;
    2.84 +            if ( unlikely((x & (PGT_type_mask|PGT_va_mask)) != type) )
    2.85 +            {
    2.86 +                if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
    2.87 +                {
    2.88 +                    return 0;
    2.89 +                }
    2.90 +                else if ( (x & PGT_va_mask) == PGT_va_mutable )
    2.91 +                {
    2.92 +                    /* The va backpointer is mutable, hence we update it. */
    2.93 +                    nx &= ~PGT_va_mask;
    2.94 +                    nx |= type; /* we know the actual type is correct */
    2.95 +                }
    2.96 +                else if ( (type & PGT_va_mask) != PGT_va_mutable )
    2.97 +                {
    2.98 +                    ASSERT((type & PGT_va_mask) != (x & PGT_va_mask));
    2.99 +
   2.100 +                    /* This table is possibly mapped at multiple locations. */
   2.101 +                    nx &= ~PGT_va_mask;
   2.102 +                    nx |= PGT_va_unknown;
   2.103 +                }
   2.104 +            }
   2.105 +            if ( unlikely(!(x & PGT_validated)) )
   2.106 +            {
   2.107 +                /* Someone else is updating validation of this page. Wait... */
   2.108 +                while ( (y = page->u.inuse.type_info) == x )
   2.109 +                    cpu_relax();
   2.110 +                goto again;
   2.111 +            }
   2.112          }
   2.113      }
   2.114      while ( unlikely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x) );
     3.1 --- a/xen/arch/x86/domain_build.c	Sat Sep 09 20:48:16 2006 +0100
     3.2 +++ b/xen/arch/x86/domain_build.c	Mon Sep 11 01:55:03 2006 +0100
     3.3 @@ -510,13 +510,15 @@ int construct_dom0(struct domain *d,
     3.4          case 1 ... 4:
     3.5              page->u.inuse.type_info &= ~PGT_type_mask;
     3.6              page->u.inuse.type_info |= PGT_l2_page_table;
     3.7 -            if ( count == 4 )
     3.8 -                page->u.inuse.type_info |= PGT_pae_xen_l2;
     3.9 +            page->u.inuse.type_info |=
    3.10 +                (count-1) << PGT_va_shift;
    3.11              get_page(page, d); /* an extra ref because of readable mapping */
    3.12              break;
    3.13          default:
    3.14              page->u.inuse.type_info &= ~PGT_type_mask;
    3.15              page->u.inuse.type_info |= PGT_l1_page_table;
    3.16 +            page->u.inuse.type_info |= 
    3.17 +                ((dsi.v_start>>L2_PAGETABLE_SHIFT)+(count-5))<<PGT_va_shift;
    3.18              get_page(page, d); /* an extra ref because of readable mapping */
    3.19              break;
    3.20          }
    3.21 @@ -542,6 +544,8 @@ int construct_dom0(struct domain *d,
    3.22          {
    3.23              page->u.inuse.type_info &= ~PGT_type_mask;
    3.24              page->u.inuse.type_info |= PGT_l1_page_table;
    3.25 +            page->u.inuse.type_info |= 
    3.26 +                ((dsi.v_start>>L2_PAGETABLE_SHIFT)+(count-1))<<PGT_va_shift;
    3.27  
    3.28              /*
    3.29               * No longer writable: decrement the type_count.
     4.1 --- a/xen/arch/x86/mm.c	Sat Sep 09 20:48:16 2006 +0100
     4.2 +++ b/xen/arch/x86/mm.c	Mon Sep 11 01:55:03 2006 +0100
     4.3 @@ -625,7 +625,8 @@ get_page_from_l1e(
     4.4  /* NB. Virtual address 'l2e' maps to a machine address within frame 'pfn'. */
     4.5  static int 
     4.6  get_page_from_l2e(
     4.7 -    l2_pgentry_t l2e, unsigned long pfn, struct domain *d)
     4.8 +    l2_pgentry_t l2e, unsigned long pfn,
     4.9 +    struct domain *d, unsigned long vaddr)
    4.10  {
    4.11      int rc;
    4.12  
    4.13 @@ -638,7 +639,10 @@ get_page_from_l2e(
    4.14          return 0;
    4.15      }
    4.16  
    4.17 -    rc = get_page_and_type_from_pagenr(l2e_get_pfn(l2e), PGT_l1_page_table, d);
    4.18 +    vaddr >>= L2_PAGETABLE_SHIFT;
    4.19 +    vaddr <<= PGT_va_shift;
    4.20 +    rc = get_page_and_type_from_pagenr(
    4.21 +        l2e_get_pfn(l2e), PGT_l1_page_table | vaddr, d);
    4.22  #if CONFIG_PAGING_LEVELS == 2
    4.23      if ( unlikely(!rc) )
    4.24          rc = get_linear_pagetable(l2e, pfn, d);
    4.25 @@ -650,7 +654,8 @@ get_page_from_l2e(
    4.26  #if CONFIG_PAGING_LEVELS >= 3
    4.27  static int 
    4.28  get_page_from_l3e(
    4.29 -    l3_pgentry_t l3e, unsigned long pfn, struct domain *d)
    4.30 +    l3_pgentry_t l3e, unsigned long pfn,
    4.31 +    struct domain *d, unsigned long vaddr)
    4.32  {
    4.33      int rc;
    4.34  
    4.35 @@ -663,7 +668,11 @@ get_page_from_l3e(
    4.36          return 0;
    4.37      }
    4.38  
    4.39 -    rc = get_page_and_type_from_pagenr(l3e_get_pfn(l3e), PGT_l2_page_table, d);
    4.40 +    vaddr >>= L3_PAGETABLE_SHIFT;
    4.41 +    vaddr <<= PGT_va_shift;
    4.42 +    rc = get_page_and_type_from_pagenr(
    4.43 +        l3e_get_pfn(l3e),
    4.44 +        PGT_l2_page_table | vaddr, d);
    4.45      return rc;
    4.46  }
    4.47  #endif /* 3 level */
    4.48 @@ -671,7 +680,8 @@ get_page_from_l3e(
    4.49  #if CONFIG_PAGING_LEVELS >= 4
    4.50  static int 
    4.51  get_page_from_l4e(
    4.52 -    l4_pgentry_t l4e, unsigned long pfn, struct domain *d)
    4.53 +    l4_pgentry_t l4e, unsigned long pfn, 
    4.54 +    struct domain *d, unsigned long vaddr)
    4.55  {
    4.56      int rc;
    4.57  
    4.58 @@ -684,7 +694,11 @@ get_page_from_l4e(
    4.59          return 0;
    4.60      }
    4.61  
    4.62 -    rc = get_page_and_type_from_pagenr(l4e_get_pfn(l4e), PGT_l3_page_table, d);
    4.63 +    vaddr >>= L4_PAGETABLE_SHIFT;
    4.64 +    vaddr <<= PGT_va_shift;
    4.65 +    rc = get_page_and_type_from_pagenr(
    4.66 +        l4e_get_pfn(l4e), 
    4.67 +        PGT_l3_page_table | vaddr, d);
    4.68  
    4.69      if ( unlikely(!rc) )
    4.70          rc = get_linear_pagetable(l4e, pfn, d);
    4.71 @@ -863,8 +877,8 @@ static int create_pae_xen_mappings(l3_pg
    4.72      /*
    4.73       * The Xen-private mappings include linear mappings. The L2 thus cannot
    4.74       * be shared by multiple L3 tables. The test here is adequate because:
    4.75 -     *  1. Cannot appear in slots != 3 because get_page_type() checks the
    4.76 -     *     PGT_pae_xen_l2 flag, which is asserted iff the L2 appears in slot 3
    4.77 +     *  1. Cannot appear in slots != 3 because the page would then then have
    4.78 +     *     unknown va backpointer, which get_page_type() explicitly disallows.
    4.79       *  2. Cannot appear in another page table's L3:
    4.80       *     a. alloc_l3_table() calls this function and this check will fail
    4.81       *     b. mod_l3_entry() disallows updates to slot 3 in an existing table
    4.82 @@ -874,7 +888,6 @@ static int create_pae_xen_mappings(l3_pg
    4.83      page = l3e_get_page(l3e3);
    4.84      BUG_ON(page->u.inuse.type_info & PGT_pinned);
    4.85      BUG_ON((page->u.inuse.type_info & PGT_count_mask) == 0);
    4.86 -    BUG_ON(!(page->u.inuse.type_info & PGT_pae_xen_l2));
    4.87      if ( (page->u.inuse.type_info & PGT_count_mask) != 1 )
    4.88      {
    4.89          MEM_LOG("PAE L3 3rd slot is shared");
    4.90 @@ -936,17 +949,61 @@ static void pae_flush_pgd(
    4.91      flush_tlb_mask(d->domain_dirty_cpumask);
    4.92  }
    4.93  
    4.94 +static inline int l1_backptr(
    4.95 +    unsigned long *backptr, unsigned long offset_in_l2, unsigned long l2_type)
    4.96 +{
    4.97 +    unsigned long l2_backptr = l2_type & PGT_va_mask;
    4.98 +    ASSERT(l2_backptr != PGT_va_unknown);
    4.99 +    ASSERT(l2_backptr != PGT_va_mutable);
   4.100 +    *backptr = 
   4.101 +        ((l2_backptr >> PGT_va_shift) << L3_PAGETABLE_SHIFT) | 
   4.102 +        (offset_in_l2 << L2_PAGETABLE_SHIFT);
   4.103 +    return 1;
   4.104 +}
   4.105 +
   4.106  #elif CONFIG_X86_64
   4.107  # define create_pae_xen_mappings(pl3e) (1)
   4.108  # define pae_flush_pgd(mfn, idx, nl3e) ((void)0)
   4.109 +
   4.110 +static inline int l1_backptr(
   4.111 +    unsigned long *backptr, unsigned long offset_in_l2, unsigned long l2_type)
   4.112 +{
   4.113 +    unsigned long l2_backptr = l2_type & PGT_va_mask;
   4.114 +    ASSERT(l2_backptr != PGT_va_unknown);
   4.115 +    ASSERT(l2_backptr != PGT_va_mutable);
   4.116 +    *backptr = ((l2_backptr >> PGT_va_shift) << L3_PAGETABLE_SHIFT) | 
   4.117 +        (offset_in_l2 << L2_PAGETABLE_SHIFT);
   4.118 +    return 1;
   4.119 +}
   4.120 +
   4.121 +static inline int l2_backptr(
   4.122 +    unsigned long *backptr, unsigned long offset_in_l3, unsigned long l3_type)
   4.123 +{
   4.124 +    unsigned long l3_backptr = l3_type & PGT_va_mask;
   4.125 +    ASSERT(l3_backptr != PGT_va_unknown);
   4.126 +    ASSERT(l3_backptr != PGT_va_mutable);
   4.127 +    *backptr = ((l3_backptr >> PGT_va_shift) << L4_PAGETABLE_SHIFT) | 
   4.128 +        (offset_in_l3 << L3_PAGETABLE_SHIFT);
   4.129 +    return 1;
   4.130 +}
   4.131 +
   4.132 +static inline int l3_backptr(
   4.133 +    unsigned long *backptr, unsigned long offset_in_l4, unsigned long l4_type)
   4.134 +{
   4.135 +    *backptr = (offset_in_l4 << L4_PAGETABLE_SHIFT);
   4.136 +    return 1;
   4.137 +}
   4.138  #else
   4.139  # define create_pae_xen_mappings(pl3e) (1)
   4.140 +# define l1_backptr(bp,l2o,l2t) \
   4.141 +    ({ *(bp) = (unsigned long)(l2o) << L2_PAGETABLE_SHIFT; 1; })
   4.142  #endif
   4.143  
   4.144  static int alloc_l2_table(struct page_info *page, unsigned long type)
   4.145  {
   4.146      struct domain *d = page_get_owner(page);
   4.147      unsigned long  pfn = page_to_mfn(page);
   4.148 +    unsigned long  vaddr;
   4.149      l2_pgentry_t  *pl2e;
   4.150      int            i;
   4.151  
   4.152 @@ -956,8 +1013,10 @@ static int alloc_l2_table(struct page_in
   4.153  
   4.154      for ( i = 0; i < L2_PAGETABLE_ENTRIES; i++ )
   4.155      {
   4.156 +        if ( !l1_backptr(&vaddr, i, type) )
   4.157 +            goto fail;
   4.158          if ( is_guest_l2_slot(type, i) &&
   4.159 -             unlikely(!get_page_from_l2e(pl2e[i], pfn, d)) )
   4.160 +             unlikely(!get_page_from_l2e(pl2e[i], pfn, d, vaddr)) )
   4.161              goto fail;
   4.162          
   4.163          adjust_guest_l2e(pl2e[i]);
   4.164 @@ -992,10 +1051,11 @@ static int alloc_l2_table(struct page_in
   4.165  
   4.166  
   4.167  #if CONFIG_PAGING_LEVELS >= 3
   4.168 -static int alloc_l3_table(struct page_info *page)
   4.169 +static int alloc_l3_table(struct page_info *page, unsigned long type)
   4.170  {
   4.171      struct domain *d = page_get_owner(page);
   4.172      unsigned long  pfn = page_to_mfn(page);
   4.173 +    unsigned long  vaddr;
   4.174      l3_pgentry_t  *pl3e;
   4.175      int            i;
   4.176  
   4.177 @@ -1019,21 +1079,14 @@ static int alloc_l3_table(struct page_in
   4.178      pl3e = map_domain_page(pfn);
   4.179      for ( i = 0; i < L3_PAGETABLE_ENTRIES; i++ )
   4.180      {
   4.181 -#ifdef CONFIG_X86_PAE
   4.182 -        if ( i == 3 )
   4.183 -        {
   4.184 -            if ( !(l3e_get_flags(pl3e[i]) & _PAGE_PRESENT) ||
   4.185 -                 (l3e_get_flags(pl3e[i]) & L3_DISALLOW_MASK) ||
   4.186 -                 !get_page_and_type_from_pagenr(l3e_get_pfn(pl3e[i]),
   4.187 -                                                PGT_l2_page_table |
   4.188 -                                                PGT_pae_xen_l2,
   4.189 -                                                d) )
   4.190 -                goto fail;
   4.191 -        }
   4.192 -        else
   4.193 +#if CONFIG_PAGING_LEVELS >= 4
   4.194 +        if ( !l2_backptr(&vaddr, i, type) )
   4.195 +            goto fail;
   4.196 +#else
   4.197 +        vaddr = (unsigned long)i << L3_PAGETABLE_SHIFT;
   4.198  #endif
   4.199          if ( is_guest_l3_slot(i) &&
   4.200 -             unlikely(!get_page_from_l3e(pl3e[i], pfn, d)) )
   4.201 +             unlikely(!get_page_from_l3e(pl3e[i], pfn, d, vaddr)) )
   4.202              goto fail;
   4.203          
   4.204          adjust_guest_l3e(pl3e[i]);
   4.205 @@ -1055,23 +1108,27 @@ static int alloc_l3_table(struct page_in
   4.206      return 0;
   4.207  }
   4.208  #else
   4.209 -#define alloc_l3_table(page) (0)
   4.210 +#define alloc_l3_table(page, type) (0)
   4.211  #endif
   4.212  
   4.213  #if CONFIG_PAGING_LEVELS >= 4
   4.214 -static int alloc_l4_table(struct page_info *page)
   4.215 +static int alloc_l4_table(struct page_info *page, unsigned long type)
   4.216  {
   4.217      struct domain *d = page_get_owner(page);
   4.218      unsigned long  pfn = page_to_mfn(page);
   4.219      l4_pgentry_t  *pl4e = page_to_virt(page);
   4.220 +    unsigned long vaddr;
   4.221      int            i;
   4.222  
   4.223      ASSERT(!shadow_mode_refcounts(d));
   4.224  
   4.225      for ( i = 0; i < L4_PAGETABLE_ENTRIES; i++ )
   4.226      {
   4.227 +        if ( !l3_backptr(&vaddr, i, type) )
   4.228 +            goto fail;
   4.229 +
   4.230          if ( is_guest_l4_slot(i) &&
   4.231 -             unlikely(!get_page_from_l4e(pl4e[i], pfn, d)) )
   4.232 +             unlikely(!get_page_from_l4e(pl4e[i], pfn, d, vaddr)) )
   4.233              goto fail;
   4.234  
   4.235          adjust_guest_l4e(pl4e[i]);
   4.236 @@ -1099,7 +1156,7 @@ static int alloc_l4_table(struct page_in
   4.237      return 0;
   4.238  }
   4.239  #else
   4.240 -#define alloc_l4_table(page) (0)
   4.241 +#define alloc_l4_table(page, type) (0)
   4.242  #endif
   4.243  
   4.244  
   4.245 @@ -1133,8 +1190,6 @@ static void free_l2_table(struct page_in
   4.246              put_page_from_l2e(pl2e[i], pfn);
   4.247  
   4.248      unmap_domain_page(pl2e);
   4.249 -
   4.250 -    page->u.inuse.type_info &= ~PGT_pae_xen_l2;
   4.251  }
   4.252  
   4.253  
   4.254 @@ -1302,6 +1357,7 @@ static int mod_l2_entry(l2_pgentry_t *pl
   4.255                          unsigned long type)
   4.256  {
   4.257      l2_pgentry_t ol2e;
   4.258 +    unsigned long vaddr = 0;
   4.259  
   4.260      if ( unlikely(!is_guest_l2_slot(type,pgentry_ptr_to_slot(pl2e))) )
   4.261      {
   4.262 @@ -1327,7 +1383,8 @@ static int mod_l2_entry(l2_pgentry_t *pl
   4.263          if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT))
   4.264              return UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn);
   4.265  
   4.266 -        if ( unlikely(!get_page_from_l2e(nl2e, pfn, current->domain)) )
   4.267 +        if ( unlikely(!l1_backptr(&vaddr, pgentry_ptr_to_slot(pl2e), type)) ||
   4.268 +             unlikely(!get_page_from_l2e(nl2e, pfn, current->domain, vaddr)) )
   4.269              return 0;
   4.270  
   4.271          if ( unlikely(!UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn)) )
   4.272 @@ -1350,9 +1407,11 @@ static int mod_l2_entry(l2_pgentry_t *pl
   4.273  /* Update the L3 entry at pl3e to new value nl3e. pl3e is within frame pfn. */
   4.274  static int mod_l3_entry(l3_pgentry_t *pl3e, 
   4.275                          l3_pgentry_t nl3e, 
   4.276 -                        unsigned long pfn)
   4.277 +                        unsigned long pfn,
   4.278 +                        unsigned long type)
   4.279  {
   4.280      l3_pgentry_t ol3e;
   4.281 +    unsigned long vaddr;
   4.282      int okay;
   4.283  
   4.284      if ( unlikely(!is_guest_l3_slot(pgentry_ptr_to_slot(pl3e))) )
   4.285 @@ -1388,8 +1447,16 @@ static int mod_l3_entry(l3_pgentry_t *pl
   4.286          if (!l3e_has_changed(ol3e, nl3e, _PAGE_PRESENT))
   4.287              return UPDATE_ENTRY(l3, pl3e, ol3e, nl3e, pfn);
   4.288  
   4.289 -        if ( unlikely(!get_page_from_l3e(nl3e, pfn, current->domain)) )
   4.290 +#if CONFIG_PAGING_LEVELS >= 4
   4.291 +        if ( unlikely(!l2_backptr(&vaddr, pgentry_ptr_to_slot(pl3e), type)) ||
   4.292 +             unlikely(!get_page_from_l3e(nl3e, pfn, current->domain, vaddr)) )
   4.293              return 0;
   4.294 +#else
   4.295 +        vaddr = (((unsigned long)pl3e & ~PAGE_MASK) / sizeof(l3_pgentry_t))
   4.296 +            << L3_PAGETABLE_SHIFT;
   4.297 +        if ( unlikely(!get_page_from_l3e(nl3e, pfn, current->domain, vaddr)) )
   4.298 +            return 0;
   4.299 +#endif 
   4.300  
   4.301          if ( unlikely(!UPDATE_ENTRY(l3, pl3e, ol3e, nl3e, pfn)) )
   4.302          {
   4.303 @@ -1418,9 +1485,11 @@ static int mod_l3_entry(l3_pgentry_t *pl
   4.304  /* Update the L4 entry at pl4e to new value nl4e. pl4e is within frame pfn. */
   4.305  static int mod_l4_entry(l4_pgentry_t *pl4e, 
   4.306                          l4_pgentry_t nl4e, 
   4.307 -                        unsigned long pfn)
   4.308 +                        unsigned long pfn,
   4.309 +                        unsigned long type)
   4.310  {
   4.311      l4_pgentry_t ol4e;
   4.312 +    unsigned long vaddr;
   4.313  
   4.314      if ( unlikely(!is_guest_l4_slot(pgentry_ptr_to_slot(pl4e))) )
   4.315      {
   4.316 @@ -1446,7 +1515,8 @@ static int mod_l4_entry(l4_pgentry_t *pl
   4.317          if (!l4e_has_changed(ol4e, nl4e, _PAGE_PRESENT))
   4.318              return UPDATE_ENTRY(l4, pl4e, ol4e, nl4e, pfn);
   4.319  
   4.320 -        if ( unlikely(!get_page_from_l4e(nl4e, pfn, current->domain)) )
   4.321 +        if ( unlikely(!l3_backptr(&vaddr, pgentry_ptr_to_slot(pl4e), type)) ||
   4.322 +             unlikely(!get_page_from_l4e(nl4e, pfn, current->domain, vaddr)) )
   4.323              return 0;
   4.324  
   4.325          if ( unlikely(!UPDATE_ENTRY(l4, pl4e, ol4e, nl4e, pfn)) )
   4.326 @@ -1480,9 +1550,9 @@ int alloc_page_type(struct page_info *pa
   4.327      case PGT_l2_page_table:
   4.328          return alloc_l2_table(page, type);
   4.329      case PGT_l3_page_table:
   4.330 -        return alloc_l3_table(page);
   4.331 +        return alloc_l3_table(page, type);
   4.332      case PGT_l4_page_table:
   4.333 -        return alloc_l4_table(page);
   4.334 +        return alloc_l4_table(page, type);
   4.335      case PGT_gdt_page:
   4.336      case PGT_ldt_page:
   4.337          return alloc_segdesc_page(page);
   4.338 @@ -1602,6 +1672,12 @@ void put_page_type(struct page_info *pag
   4.339              /* Record TLB information for flush later. */
   4.340              page->tlbflush_timestamp = tlbflush_current_time();
   4.341          }
   4.342 +        else if ( unlikely((nx & (PGT_pinned|PGT_type_mask|PGT_count_mask)) == 
   4.343 +                           (PGT_pinned|PGT_l1_page_table|1)) )
   4.344 +        {
   4.345 +            /* Page is now only pinned. Make the back pointer mutable again. */
   4.346 +            nx |= PGT_va_mutable;
   4.347 +        }
   4.348      }
   4.349      while ( unlikely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x) );
   4.350  }
   4.351 @@ -1611,8 +1687,6 @@ int get_page_type(struct page_info *page
   4.352  {
   4.353      unsigned long nx, x, y = page->u.inuse.type_info;
   4.354  
   4.355 -    ASSERT(!(type & ~(PGT_type_mask | PGT_pae_xen_l2)));
   4.356 -
   4.357   again:
   4.358      do {
   4.359          x  = y;
   4.360 @@ -1624,26 +1698,29 @@ int get_page_type(struct page_info *page
   4.361          }
   4.362          else if ( unlikely((x & PGT_count_mask) == 0) )
   4.363          {
   4.364 -            ASSERT(!(x & PGT_pae_xen_l2));
   4.365 -            if ( (x & PGT_type_mask) != type )
   4.366 +            if ( (x & (PGT_type_mask|PGT_va_mask)) != type )
   4.367              {
   4.368 -                /*
   4.369 -                 * On type change we check to flush stale TLB entries. This 
   4.370 -                 * may be unnecessary (e.g., page was GDT/LDT) but those 
   4.371 -                 * circumstances should be very rare.
   4.372 -                 */
   4.373 -                cpumask_t mask =
   4.374 -                    page_get_owner(page)->domain_dirty_cpumask;
   4.375 -                tlbflush_filter(mask, page->tlbflush_timestamp);
   4.376 -
   4.377 -                if ( unlikely(!cpus_empty(mask)) )
   4.378 +                if ( (x & PGT_type_mask) != (type & PGT_type_mask) )
   4.379                  {
   4.380 -                    perfc_incrc(need_flush_tlb_flush);
   4.381 -                    flush_tlb_mask(mask);
   4.382 +                    /*
   4.383 +                     * On type change we check to flush stale TLB
   4.384 +                     * entries. This may be unnecessary (e.g., page
   4.385 +                     * was GDT/LDT) but those circumstances should be
   4.386 +                     * very rare.
   4.387 +                     */
   4.388 +                    cpumask_t mask =
   4.389 +                        page_get_owner(page)->domain_dirty_cpumask;
   4.390 +                    tlbflush_filter(mask, page->tlbflush_timestamp);
   4.391 +
   4.392 +                    if ( unlikely(!cpus_empty(mask)) )
   4.393 +                    {
   4.394 +                        perfc_incrc(need_flush_tlb_flush);
   4.395 +                        flush_tlb_mask(mask);
   4.396 +                    }
   4.397                  }
   4.398  
   4.399                  /* We lose existing type, back pointer, and validity. */
   4.400 -                nx &= ~(PGT_type_mask | PGT_validated);
   4.401 +                nx &= ~(PGT_type_mask | PGT_va_mask | PGT_validated);
   4.402                  nx |= type;
   4.403  
   4.404                  /* No special validation needed for writable pages. */
   4.405 @@ -1652,23 +1729,51 @@ int get_page_type(struct page_info *page
   4.406                      nx |= PGT_validated;
   4.407              }
   4.408          }
   4.409 -        else if ( unlikely((x & (PGT_type_mask|PGT_pae_xen_l2)) != type) )
   4.410 +        else
   4.411          {
   4.412 -            if ( ((x & PGT_type_mask) != PGT_l2_page_table) ||
   4.413 -                 (type != PGT_l1_page_table) )
   4.414 -                MEM_LOG("Bad type (saw %" PRtype_info
   4.415 -                        " != exp %" PRtype_info ") "
   4.416 -                        "for mfn %lx (pfn %lx)",
   4.417 -                        x, type, page_to_mfn(page),
   4.418 -                        get_gpfn_from_mfn(page_to_mfn(page)));
   4.419 -            return 0;
   4.420 -        }
   4.421 -        else if ( unlikely(!(x & PGT_validated)) )
   4.422 -        {
   4.423 -            /* Someone else is updating validation of this page. Wait... */
   4.424 -            while ( (y = page->u.inuse.type_info) == x )
   4.425 -                cpu_relax();
   4.426 -            goto again;
   4.427 +            if ( unlikely((x & (PGT_type_mask|PGT_va_mask)) != type) )
   4.428 +            {
   4.429 +                if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
   4.430 +                {
   4.431 +                    if ( ((x & PGT_type_mask) != PGT_l2_page_table) ||
   4.432 +                         ((type & PGT_type_mask) != PGT_l1_page_table) )
   4.433 +                        MEM_LOG("Bad type (saw %" PRtype_info
   4.434 +                                " != exp %" PRtype_info ") "
   4.435 +                                "for mfn %lx (pfn %lx)",
   4.436 +                                x, type, page_to_mfn(page),
   4.437 +                                get_gpfn_from_mfn(page_to_mfn(page)));
   4.438 +                    return 0;
   4.439 +                }
   4.440 +                else if ( (x & PGT_va_mask) == PGT_va_mutable )
   4.441 +                {
   4.442 +                    /* The va backpointer is mutable, hence we update it. */
   4.443 +                    nx &= ~PGT_va_mask;
   4.444 +                    nx |= type; /* we know the actual type is correct */
   4.445 +                }
   4.446 +                else if ( (type & PGT_va_mask) != PGT_va_mutable )
   4.447 +                {
   4.448 +                    ASSERT((type & PGT_va_mask) != (x & PGT_va_mask));
   4.449 +#ifdef CONFIG_X86_PAE
   4.450 +                    /* We use backptr as extra typing. Cannot be unknown. */
   4.451 +                    if ( (type & PGT_type_mask) == PGT_l2_page_table )
   4.452 +                        return 0;
   4.453 +#endif
   4.454 +                    /* Fixme: add code to propagate va_unknown to subtables. */
   4.455 +                    if ( ((type & PGT_type_mask) >= PGT_l2_page_table) &&
   4.456 +                         !shadow_mode_refcounts(page_get_owner(page)) )
   4.457 +                        return 0;
   4.458 +                    /* This table is possibly mapped at multiple locations. */
   4.459 +                    nx &= ~PGT_va_mask;
   4.460 +                    nx |= PGT_va_unknown;
   4.461 +                }
   4.462 +            }
   4.463 +            if ( unlikely(!(x & PGT_validated)) )
   4.464 +            {
   4.465 +                /* Someone else is updating validation of this page. Wait... */
   4.466 +                while ( (y = page->u.inuse.type_info) == x )
   4.467 +                    cpu_relax();
   4.468 +                goto again;
   4.469 +            }
   4.470          }
   4.471      }
   4.472      while ( unlikely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x) );
   4.473 @@ -1925,25 +2030,19 @@ int do_mmuext_op(
   4.474          switch ( op.cmd )
   4.475          {
   4.476          case MMUEXT_PIN_L1_TABLE:
   4.477 -            type = PGT_l1_page_table;
   4.478 +            type = PGT_l1_page_table | PGT_va_mutable;
   4.479              goto pin_page;
   4.480  
   4.481          case MMUEXT_PIN_L2_TABLE:
   4.482 -            type = PGT_l2_page_table;
   4.483 -            goto pin_page;
   4.484 -
   4.485          case MMUEXT_PIN_L3_TABLE:
   4.486 -            type = PGT_l3_page_table;
   4.487 -            goto pin_page;
   4.488 -
   4.489          case MMUEXT_PIN_L4_TABLE:
   4.490 -            type = PGT_l4_page_table;
   4.491 +            /* Ignore pinning of subdirectories. */
   4.492 +            if ( (op.cmd - MMUEXT_PIN_L1_TABLE) != (CONFIG_PAGING_LEVELS - 1) )
   4.493 +                break;
   4.494 +
   4.495 +            type = PGT_root_page_table;
   4.496  
   4.497          pin_page:
   4.498 -            /* Ignore pinning of invalid paging levels. */
   4.499 -            if ( (op.cmd - MMUEXT_PIN_L1_TABLE) > (CONFIG_PAGING_LEVELS - 1) )
   4.500 -                break;
   4.501 -
   4.502              if ( shadow_mode_refcounts(FOREIGNDOM) )
   4.503                  break;
   4.504  
   4.505 @@ -2227,7 +2326,7 @@ int do_mmu_update(
   4.506                  }
   4.507  
   4.508                  if ( unlikely(!get_page_type(
   4.509 -                    page, type_info & PGT_type_mask)) )
   4.510 +                    page, type_info & (PGT_type_mask|PGT_va_mask))) )
   4.511                      goto not_a_pt;
   4.512  
   4.513                  switch ( type_info & PGT_type_mask )
   4.514 @@ -2249,7 +2348,7 @@ int do_mmu_update(
   4.515                  case PGT_l3_page_table:
   4.516                  {
   4.517                      l3_pgentry_t l3e = l3e_from_intpte(req.val);
   4.518 -                    okay = mod_l3_entry(va, l3e, mfn);
   4.519 +                    okay = mod_l3_entry(va, l3e, mfn, type_info);
   4.520                  }
   4.521                  break;
   4.522  #endif
   4.523 @@ -2257,7 +2356,7 @@ int do_mmu_update(
   4.524                  case PGT_l4_page_table:
   4.525                  {
   4.526                      l4_pgentry_t l4e = l4e_from_intpte(req.val);
   4.527 -                    okay = mod_l4_entry(va, l4e, mfn);
   4.528 +                    okay = mod_l4_entry(va, l4e, mfn, type_info);
   4.529                  }
   4.530                  break;
   4.531  #endif
   4.532 @@ -2355,7 +2454,7 @@ static int create_grant_pte_mapping(
   4.533      void *va;
   4.534      unsigned long gmfn, mfn;
   4.535      struct page_info *page;
   4.536 -    u32 type;
   4.537 +    u32 type_info;
   4.538      l1_pgentry_t ol1e;
   4.539      struct domain *d = v->domain;
   4.540  
   4.541 @@ -2376,8 +2475,9 @@ static int create_grant_pte_mapping(
   4.542      va = (void *)((unsigned long)va + (pte_addr & ~PAGE_MASK));
   4.543      page = mfn_to_page(mfn);
   4.544  
   4.545 -    type = page->u.inuse.type_info & PGT_type_mask;
   4.546 -    if ( (type != PGT_l1_page_table) || !get_page_type(page, type) )
   4.547 +    type_info = page->u.inuse.type_info;
   4.548 +    if ( ((type_info & PGT_type_mask) != PGT_l1_page_table) ||         
   4.549 +         !get_page_type(page, type_info & (PGT_type_mask|PGT_va_mask)) )
   4.550      {
   4.551          MEM_LOG("Grant map attempted to update a non-L1 page");
   4.552          rc = GNTST_general_error;
   4.553 @@ -2411,7 +2511,7 @@ static int destroy_grant_pte_mapping(
   4.554      void *va;
   4.555      unsigned long gmfn, mfn;
   4.556      struct page_info *page;
   4.557 -    u32 type;
   4.558 +    u32 type_info;
   4.559      l1_pgentry_t ol1e;
   4.560  
   4.561      gmfn = addr >> PAGE_SHIFT;
   4.562 @@ -2427,8 +2527,9 @@ static int destroy_grant_pte_mapping(
   4.563      va = (void *)((unsigned long)va + (addr & ~PAGE_MASK));
   4.564      page = mfn_to_page(mfn);
   4.565  
   4.566 -    type = page->u.inuse.type_info & PGT_type_mask;
   4.567 -    if ( (type != PGT_l1_page_table) || !get_page_type(page, type) )
   4.568 +    type_info = page->u.inuse.type_info;
   4.569 +    if ( ((type_info & PGT_type_mask) != PGT_l1_page_table) ||
   4.570 +         !get_page_type(page, type_info & (PGT_type_mask|PGT_va_mask)) )
   4.571      {
   4.572          MEM_LOG("Grant map attempted to update a non-L1 page");
   4.573          rc = GNTST_general_error;
     5.1 --- a/xen/arch/x86/mm/shadow/common.c	Sat Sep 09 20:48:16 2006 +0100
     5.2 +++ b/xen/arch/x86/mm/shadow/common.c	Mon Sep 11 01:55:03 2006 +0100
     5.3 @@ -21,6 +21,8 @@
     5.4   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
     5.5   */
     5.6  
     5.7 +#define SHADOW 1
     5.8 +
     5.9  #include <xen/config.h>
    5.10  #include <xen/types.h>
    5.11  #include <xen/mm.h>
    5.12 @@ -223,6 +225,7 @@ struct x86_emulate_ops shadow_emulator_o
    5.13      .cmpxchg8b_emulated = sh_x86_emulate_cmpxchg8b_emulated,
    5.14  };
    5.15  
    5.16 +
    5.17  /**************************************************************************/
    5.18  /* Code for "promoting" a guest page to the point where the shadow code is
    5.19   * willing to let it be treated as a guest page table.  This generally
    5.20 @@ -232,6 +235,7 @@ struct x86_emulate_ops shadow_emulator_o
    5.21  void shadow_promote(struct vcpu *v, mfn_t gmfn, u32 type)
    5.22  {
    5.23      struct page_info *page = mfn_to_page(gmfn);
    5.24 +    unsigned long type_info;
    5.25  
    5.26      ASSERT(valid_mfn(gmfn));
    5.27  
    5.28 @@ -247,8 +251,10 @@ void shadow_promote(struct vcpu *v, mfn_
    5.29          // vcpu or not, or even what kind of type we get; we just want the type
    5.30          // count to be > 0.
    5.31          //
    5.32 -        while ( !get_page_type(page, page->u.inuse.type_info & PGT_type_mask) )
    5.33 -            continue;
    5.34 +        do {
    5.35 +            type_info =
    5.36 +                page->u.inuse.type_info & (PGT_type_mask | PGT_va_mask);
    5.37 +        } while ( !get_page_type(page, type_info) );
    5.38  
    5.39          // Now that the type ref is non-zero, we can safely use the
    5.40          // shadow_flags.
     6.1 --- a/xen/arch/x86/mm/shadow/multi.c	Sat Sep 09 20:48:16 2006 +0100
     6.2 +++ b/xen/arch/x86/mm/shadow/multi.c	Mon Sep 11 01:55:03 2006 +0100
     6.3 @@ -35,6 +35,8 @@
     6.4  //   space for both PV and HVM guests.
     6.5  //
     6.6  
     6.7 +#define SHADOW 1
     6.8 +
     6.9  #include <xen/config.h>
    6.10  #include <xen/types.h>
    6.11  #include <xen/mm.h>
     7.1 --- a/xen/include/asm-ia64/mm.h	Sat Sep 09 20:48:16 2006 +0100
     7.2 +++ b/xen/include/asm-ia64/mm.h	Mon Sep 11 01:55:03 2006 +0100
     7.3 @@ -103,6 +103,14 @@ struct page_info
     7.4  #define _PGT_pinned         27
     7.5  #define PGT_pinned          (1U<<_PGT_pinned)
     7.6  
     7.7 + /* The 27 most significant bits of virt address if this is a page table. */
     7.8 +#define PGT_va_shift        32
     7.9 +#define PGT_va_mask         ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    7.10 + /* Is the back pointer still mutable (i.e. not fixed yet)? */
    7.11 +#define PGT_va_mutable      ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    7.12 + /* Is the back pointer unknown (e.g., p.t. is mapped at multiple VAs)? */
    7.13 +#define PGT_va_unknown      ((unsigned long)((1U<<28)-2)<<PGT_va_shift)
    7.14 +
    7.15   /* 16-bit count of uses of this frame as its current type. */
    7.16  #define PGT_count_mask      ((1U<<16)-1)
    7.17  
     8.1 --- a/xen/include/asm-powerpc/mm.h	Sat Sep 09 20:48:16 2006 +0100
     8.2 +++ b/xen/include/asm-powerpc/mm.h	Mon Sep 11 01:55:03 2006 +0100
     8.3 @@ -102,6 +102,14 @@ struct page_extents {
     8.4  #define _PGT_validated      27
     8.5  #define PGT_validated       (1U<<_PGT_validated)
     8.6  
     8.7 + /* The 27 most significant bits of virt address if this is a page table. */
     8.8 +#define PGT_va_shift        32
     8.9 +#define PGT_va_mask         ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    8.10 + /* Is the back pointer still mutable (i.e. not fixed yet)? */
    8.11 +#define PGT_va_mutable      ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    8.12 + /* Is the back pointer unknown (e.g., p.t. is mapped at multiple VAs)? */
    8.13 +#define PGT_va_unknown      ((unsigned long)((1U<<28)-2)<<PGT_va_shift)
    8.14 +
    8.15   /* 16-bit count of uses of this frame as its current type. */
    8.16  #define PGT_count_mask      ((1U<<16)-1)
    8.17  
     9.1 --- a/xen/include/asm-x86/mm.h	Sat Sep 09 20:48:16 2006 +0100
     9.2 +++ b/xen/include/asm-x86/mm.h	Mon Sep 11 01:55:03 2006 +0100
     9.3 @@ -75,6 +75,19 @@ struct page_info
     9.4  #define PGT_gdt_page        (5U<<29) /* using this page in a GDT? */
     9.5  #define PGT_ldt_page        (6U<<29) /* using this page in an LDT? */
     9.6  #define PGT_writable_page   (7U<<29) /* has writable mappings of this page? */
     9.7 +
     9.8 +#ifndef SHADOW
     9.9 +#define PGT_l1_shadow       PGT_l1_page_table
    9.10 +#define PGT_l2_shadow       PGT_l2_page_table
    9.11 +#define PGT_l3_shadow       PGT_l3_page_table
    9.12 +#define PGT_l4_shadow       PGT_l4_page_table
    9.13 +#define PGT_hl2_shadow      (5U<<29)
    9.14 +#define PGT_snapshot        (6U<<29)
    9.15 +#define PGT_writable_pred   (7U<<29) /* predicted gpfn with writable ref */
    9.16 +
    9.17 +#define PGT_fl1_shadow      (5U<<29)
    9.18 +#endif
    9.19 +
    9.20  #define PGT_type_mask       (7U<<29) /* Bits 29-31. */
    9.21  
    9.22   /* Owning guest has pinned this page to its current type? */
    9.23 @@ -83,13 +96,44 @@ struct page_info
    9.24   /* Has this page been validated for use as its current type? */
    9.25  #define _PGT_validated      27
    9.26  #define PGT_validated       (1U<<_PGT_validated)
    9.27 - /* PAE only: is this an L2 page directory containing Xen-private mappings? */
    9.28 -#define _PGT_pae_xen_l2     26
    9.29 -#define PGT_pae_xen_l2      (1U<<_PGT_pae_xen_l2)
    9.30 +#if defined(__i386__)
    9.31 + /* The 11 most significant bits of virt address if this is a page table. */
    9.32 +#define PGT_va_shift        16
    9.33 +#define PGT_va_mask         (((1U<<11)-1)<<PGT_va_shift)
    9.34 + /* Is the back pointer still mutable (i.e. not fixed yet)? */
    9.35 +#define PGT_va_mutable      (((1U<<11)-1)<<PGT_va_shift)
    9.36 + /* Is the back pointer unknown (e.g., p.t. is mapped at multiple VAs)? */
    9.37 +#define PGT_va_unknown      (((1U<<11)-2)<<PGT_va_shift)
    9.38 +#elif defined(__x86_64__)
    9.39 + /* The 27 most significant bits of virt address if this is a page table. */
    9.40 +#define PGT_va_shift        32
    9.41 +#define PGT_va_mask         ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    9.42 + /* Is the back pointer still mutable (i.e. not fixed yet)? */
    9.43 +#define PGT_va_mutable      ((unsigned long)((1U<<28)-1)<<PGT_va_shift)
    9.44 + /* Is the back pointer unknown (e.g., p.t. is mapped at multiple VAs)? */
    9.45 +#define PGT_va_unknown      ((unsigned long)((1U<<28)-2)<<PGT_va_shift)
    9.46 +#endif
    9.47  
    9.48   /* 16-bit count of uses of this frame as its current type. */
    9.49  #define PGT_count_mask      ((1U<<16)-1)
    9.50  
    9.51 +#ifndef SHADOW
    9.52 +#ifdef __x86_64__
    9.53 +#define PGT_high_mfn_shift  52
    9.54 +#define PGT_high_mfn_mask   (0xfffUL << PGT_high_mfn_shift)
    9.55 +#define PGT_mfn_mask        (((1U<<27)-1) | PGT_high_mfn_mask)
    9.56 +#define PGT_high_mfn_nx     (0x800UL << PGT_high_mfn_shift)
    9.57 +#else
    9.58 + /* 23-bit mfn mask for shadow types: good for up to 32GB RAM. */
    9.59 +#define PGT_mfn_mask        ((1U<<23)-1)
    9.60 + /* NX for PAE xen is not supported yet */
    9.61 +#define PGT_high_mfn_nx     (1ULL << 63)
    9.62 +
    9.63 +#define PGT_score_shift     23
    9.64 +#define PGT_score_mask      (((1U<<4)-1)<<PGT_score_shift)
    9.65 +#endif
    9.66 +#endif /* SHADOW */
    9.67 +
    9.68   /* Cleared when the owning guest 'frees' this page. */
    9.69  #define _PGC_allocated      31
    9.70  #define PGC_allocated       (1U<<_PGC_allocated)
    10.1 --- a/xen/include/asm-x86/x86_32/page-3level.h	Sat Sep 09 20:48:16 2006 +0100
    10.2 +++ b/xen/include/asm-x86/x86_32/page-3level.h	Mon Sep 11 01:55:03 2006 +0100
    10.3 @@ -49,7 +49,7 @@ typedef l3_pgentry_t root_pgentry_t;
    10.4  /* misc */
    10.5  #define is_guest_l1_slot(s)    (1)
    10.6  #define is_guest_l2_slot(t,s)                                              \
    10.7 -    ( !((t) & PGT_pae_xen_l2) ||                                           \
    10.8 +    ( ((((t) & PGT_va_mask) >> PGT_va_shift) != 3) ||                      \
    10.9        ((s) < (L2_PAGETABLE_FIRST_XEN_SLOT & (L2_PAGETABLE_ENTRIES - 1))) )
   10.10  #define is_guest_l3_slot(s)    (1)
   10.11