1 #include <palacios/vmm_shadow_paging.h>
4 #include <palacios/vmm.h>
5 #include <palacios/vm_guest_mem.h>
6 #include <palacios/vmm_decoder.h>
10 int init_shadow_page_state(struct shadow_page_state * state) {
11 state->guest_mode = PDE32;
12 state->shadow_mode = PDE32;
15 state->shadow_cr3 = 0;
20 int handle_shadow_pagefault(struct guest_info * info, addr_t fault_addr, pf_error_t error_code) {
22 if (info->mem_mode == PHYSICAL_MEM) {
23 // If paging is not turned on we need to handle the special cases
24 return handle_special_page_fault(info, fault_addr, error_code);
25 } else if (info->mem_mode == VIRTUAL_MEM) {
27 switch (info->cpu_mode) {
29 return handle_shadow_pagefault32(info, fault_addr, error_code);
33 // currently not handled
40 PrintDebug("Invalid Memory mode\n");
46 int handle_shadow_pagefault32(struct guest_info * info, addr_t fault_addr, pf_error_t error_code) {
47 pde32_t * guest_pde = NULL;
48 pde32_t * shadow_pde = (pde32_t *)CR3_TO_PDE32(info->shdw_pg_state.shadow_cr3);
49 addr_t guest_cr3 = CR3_TO_PDE32(info->shdw_pg_state.guest_cr3);
50 pt_access_status_t guest_pde_access;
51 pt_access_status_t shadow_pde_access;
52 pde32_t * guest_pde_entry = NULL;
53 pde32_t * shadow_pde_entry = (pde32_t *)&(shadow_pde[PDE32_INDEX(fault_addr)]);
55 if (guest_pa_to_host_va(info, guest_cr3, (addr_t*)&guest_pde) == -1) {
56 PrintDebug("Invalid Guest PDE Address: 0x%x\n", guest_cr3);
61 guest_pde_entry = (pde32_t *)&(guest_pde[PDE32_INDEX(fault_addr)]);
63 // Check the guest page permissions
64 guest_pde_access = can_access_pde32(guest_pde, fault_addr, error_code);
66 if (guest_pde_access != PT_ACCESS_OK) {
67 // inject page fault to the guest (Guest PDE fault)
69 info->ctrl_regs.cr2 = fault_addr;
70 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
72 PrintDebug("Injecting PDE pf to guest\n");
76 shadow_pde_access = can_access_pde32(shadow_pde, fault_addr, error_code);
79 if (shadow_pde_access == PT_ENTRY_NOT_PRESENT) {
80 pte32_t * shadow_pte = NULL;
82 V3_AllocPages(shadow_pte, 1);
83 memset(shadow_pte, 0, PAGE_SIZE);
85 shadow_pde_entry->pt_base_addr = PD32_BASE_ADDR(shadow_pte);
88 shadow_pde_entry->present = 1;
89 shadow_pde_entry->user_page = guest_pde_entry->user_page;
91 // VMM Specific options
92 shadow_pde_entry->write_through = 0;
93 shadow_pde_entry->cache_disable = 0;
94 shadow_pde_entry->global_page = 0;
97 guest_pde_entry->accessed = 1;
99 if (guest_pde_entry->large_page == 0) {
100 shadow_pde_entry->writable = guest_pde_entry->writable;
103 * Check the Intel manual because we are ignoring Large Page issues here
104 * Also be wary of hooked pages
107 PrintDebug("Large PAge!!!\n");
112 } else if (shadow_pde_access == PT_WRITE_ERROR) {
115 // Page Directory Entry marked read-only
118 PrintDebug("Shadow Paging Write Error\n");
120 } else if (shadow_pde_access == PT_USER_ERROR) {
123 // Page Directory Entry marked non-user
126 PrintDebug("Shadow Paging User access error\n");
128 } else if (shadow_pde_access == PT_ACCESS_OK) {
129 pte32_t * shadow_pte = (pte32_t *)PDE32_T_ADDR((*shadow_pde_entry));
130 pte32_t * guest_pte = NULL;
132 // Page Table Entry fault
134 if (guest_pa_to_host_va(info, PDE32_T_ADDR((*guest_pde_entry)), (addr_t*)&guest_pte) == -1) {
135 PrintDebug("Invalid Guest PTE Address: 0x%x\n", PDE32_T_ADDR((*guest_pde_entry)));
136 // Machine check the guest
138 raise_exception(info, MC_EXCEPTION);
144 if (handle_shadow_pte32_fault(info, fault_addr, error_code, shadow_pte, guest_pte) == -1) {
145 PrintDebug("Error handling Page fault caused by PTE\n");
150 // Unknown error raise page fault in guest
151 info->ctrl_regs.cr2 = fault_addr;
152 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
154 // For debugging we will return an error here for the time being,
155 // this probably shouldn't ever happen
156 PrintDebug("Unknown Error occurred\n");
157 PrintDebug("Manual Says to inject page fault into guest\n");
161 //PrintDebugPageTables(shadow_pde);
162 PrintDebug("Returning end of PDE function\n");
169 * We assume the the guest pte pointer has already been translated to a host virtual address
171 int handle_shadow_pte32_fault(struct guest_info * info,
173 pf_error_t error_code,
174 pte32_t * shadow_pte,
175 pte32_t * guest_pte) {
177 pt_access_status_t guest_pte_access;
178 pt_access_status_t shadow_pte_access;
179 pte32_t * guest_pte_entry = (pte32_t *)&(guest_pte[PTE32_INDEX(fault_addr)]);;
180 pte32_t * shadow_pte_entry = (pte32_t *)&(shadow_pte[PTE32_INDEX(fault_addr)]);
183 // Check the guest page permissions
184 guest_pte_access = can_access_pte32(guest_pte, fault_addr, error_code);
187 if (guest_pte_access != PT_ACCESS_OK) {
188 // Inject page fault into the guest
190 info->ctrl_regs.cr2 = fault_addr;
191 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
193 PrintDebug("Access error injecting pf to guest\n");
198 shadow_pte_access = can_access_pte32(shadow_pte, fault_addr, error_code);
200 if (shadow_pte_access == PT_ACCESS_OK) {
201 // Inconsistent state...
202 // Guest Re-Entry will flush page tables and everything should now work
203 PrintDebug("Inconsistent state... Guest re-entry should flush tlb\n");
205 } else if (shadow_pte_access == PT_ENTRY_NOT_PRESENT) {
207 addr_t guest_pa = PTE32_T_ADDR((*guest_pte_entry));
209 // Page Table Entry Not Present
211 host_region_type_t host_page_type = get_shadow_addr_type(info, guest_pa);
213 if (host_page_type == HOST_REGION_INVALID) {
214 // Inject a machine check in the guest
216 raise_exception(info, MC_EXCEPTION);
218 PrintDebug("Invalid Guest Address in page table (0x%x)\n", guest_pa);
221 } else if (host_page_type == HOST_REGION_PHYSICAL_MEMORY) {
223 shadow_pa = get_shadow_addr(info, guest_pa);
225 shadow_pte_entry->page_base_addr = PT32_BASE_ADDR(shadow_pa);
227 shadow_pte_entry->present = guest_pte_entry->present;
228 shadow_pte_entry->user_page = guest_pte_entry->user_page;
230 //set according to VMM policy
231 shadow_pte_entry->write_through = 0;
232 shadow_pte_entry->cache_disable = 0;
233 shadow_pte_entry->global_page = 0;
236 guest_pte_entry->accessed = 1;
238 if (guest_pte_entry->dirty == 1) {
239 shadow_pte_entry->writable = guest_pte_entry->writable;
240 } else if ((guest_pte_entry->dirty == 0) && (error_code.write == 1)) {
241 shadow_pte_entry->writable = guest_pte_entry->writable;
242 guest_pte_entry->dirty = 1;
243 } else if ((guest_pte_entry->dirty = 0) && (error_code.write == 0)) {
244 shadow_pte_entry->writable = 0;
247 // Page fault handled by hook functions
248 if (handle_special_page_fault(info, fault_addr, error_code) == -1) {
249 PrintDebug("Special Page fault handler returned error for address: %x\n", fault_addr);
254 } else if ((shadow_pte_access == PT_WRITE_ERROR) &&
255 (guest_pte_entry->dirty == 0)) {
256 guest_pte_entry->dirty = 1;
257 shadow_pte_entry->writable = guest_pte_entry->writable;
259 PrintDebug("Shadow PTE Write Error\n");
263 // Inject page fault into the guest
265 info->ctrl_regs.cr2 = fault_addr;
266 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
268 PrintDebug("PTE Page fault fell through... Not sure if this should ever happen\n");
269 PrintDebug("Manual Says to inject page fault into guest\n");
273 PrintDebug("Returning end of function\n");
279 addr_t create_new_shadow_pt32(struct guest_info * info) {
282 V3_AllocPages(host_pde, 1);
283 memset(host_pde, 0, PAGE_SIZE);
285 return (addr_t)host_pde;
290 /* Currently Does not work with Segmentation!!! */
291 int handle_shadow_invlpg(struct guest_info * info) {
292 if (info->mem_mode != VIRTUAL_MEM) {
293 // Paging must be turned on...
294 // should handle with some sort of fault I think
295 PrintDebug("ERROR: INVLPG called in non paged mode\n");
300 if (info->cpu_mode == PROTECTED) {
305 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
307 PrintDebug("Could not read instruction 0x%x (ret=%d)\n", info->rip, ret);
312 /* Can INVLPG work with Segments?? */
313 while (is_prefix_byte(instr[index])) {
318 if ((instr[index] == (uchar_t)0x0f) &&
319 (instr[index + 1] == (uchar_t)0x01)) {
321 addr_t first_operand;
322 addr_t second_operand;
323 operand_type_t addr_type;
327 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
329 if (addr_type == MEM_OPERAND) {
330 pde32_t * shadow_pd = (pde32_t *)CR3_TO_PDE32(info->shdw_pg_state.shadow_cr3);
331 pde32_t * shadow_pde_entry = (pde32_t *)&shadow_pd[PDE32_INDEX(first_operand)];
333 //PrintDebug("PDE Index=%d\n", PDE32_INDEX(first_operand));
334 //PrintDebug("FirstOperand = %x\n", first_operand);
336 if (shadow_pde_entry->large_page == 1) {
337 shadow_pde_entry->present = 0;
339 if (shadow_pde_entry->present == 1) {
340 pte32_t * shadow_pt = (pte32_t *)PDE32_T_ADDR((*shadow_pde_entry));
341 pte32_t * shadow_pte_entry = (pte32_t *)&shadow_pt[PTE32_INDEX(first_operand)];
343 shadow_pte_entry->present = 0;
350 PrintDebug("Invalid Operand type\n");
354 PrintDebug("invalid Instruction Opcode\n");
355 PrintTraceMemDump(instr, 15);
367 addr_t setup_shadow_pt32(struct guest_info * info, addr_t virt_cr3) {
368 addr_t cr3_guest_addr = CR3_TO_PDE32(virt_cr3);
370 pde32_t * host_pde = NULL;
373 // Setup up guest_pde to point to the PageDir in host addr
374 if (guest_pa_to_host_va(info, cr3_guest_addr, (addr_t*)&guest_pde) == -1) {
378 V3_AllocPages(host_pde, 1);
379 memset(host_pde, 0, PAGE_SIZE);
381 for (i = 0; i < MAX_PDE32_ENTRIES; i++) {
382 if (guest_pde[i].present == 1) {
386 if (guest_pa_to_host_va(info, PDE32_T_ADDR(guest_pde[i]), &pt_host_addr) == -1) {
390 if ((host_pte = setup_shadow_pte32(info, pt_host_addr)) == 0) {
394 host_pde[i].present = 1;
395 host_pde[i].pt_base_addr = PD32_BASE_ADDR(host_pte);
398 // Set Page DIR flags
403 PrintDebugPageTables(host_pde);
405 return (addr_t)host_pde;
410 addr_t setup_shadow_pte32(struct guest_info * info, addr_t pt_host_addr) {
411 pte32_t * guest_pte = (pte32_t *)pt_host_addr;
412 pte32_t * host_pte = NULL;
415 V3_AllocPages(host_pte, 1);
416 memset(host_pte, 0, PAGE_SIZE);
418 for (i = 0; i < MAX_PTE32_ENTRIES; i++) {
419 if (guest_pte[i].present == 1) {
420 addr_t guest_pa = PTE32_T_ADDR(guest_pte[i]);
421 shadow_mem_type_t page_type;
424 page_type = get_shadow_addr_type(info, guest_pa);
426 if (page_type == HOST_REGION_PHYSICAL_MEMORY) {
427 host_pa = get_shadow_addr(info, guest_pa);
431 // Setup various memory types
435 host_pte[i].page_base_addr = PT32_BASE_ADDR(host_pa);
436 host_pte[i].present = 1;
440 return (addr_t)host_pte;