1 #include <palacios/vmm_shadow_paging.h>
4 #include <palacios/vmm.h>
5 #include <palacios/vm_guest_mem.h>
6 #include <palacios/vmm_emulate.h>
10 int init_shadow_page_state(struct shadow_page_state * state) {
11 state->guest_mode = PDE32;
12 state->shadow_mode = PDE32;
15 state->shadow_cr3 = 0;
20 int handle_shadow_pagefault(struct guest_info * info, addr_t fault_addr, pf_error_t error_code) {
22 switch (info->cpu_mode) {
24 return handle_shadow_pagefault32(info, fault_addr, error_code);
26 case PROTECTED_PAE_PG:
28 // currently not handled
35 // If paging is not turned on we need to handle the special cases
36 return handle_special_page_fault(info, fault_addr, error_code);
44 int handle_shadow_pagefault32(struct guest_info * info, addr_t fault_addr, pf_error_t error_code) {
45 pde32_t * guest_pde = NULL;
46 pde32_t * shadow_pde = (pde32_t *)CR3_TO_PDE32(info->shdw_pg_state.shadow_cr3);
47 addr_t guest_cr3 = CR3_TO_PDE32(info->shdw_pg_state.guest_cr3);
48 pt_access_status_t guest_pde_access;
49 pt_access_status_t shadow_pde_access;
50 pde32_t * guest_pde_entry = NULL;
51 pde32_t * shadow_pde_entry = (pde32_t *)&(shadow_pde[PDE32_INDEX(fault_addr)]);
53 if (guest_pa_to_host_va(info, guest_cr3, (addr_t*)&guest_pde) == -1) {
54 PrintDebug("Invalid Guest PDE Address: 0x%x\n", guest_cr3);
59 guest_pde_entry = (pde32_t *)&(guest_pde[PDE32_INDEX(fault_addr)]);
61 // Check the guest page permissions
62 guest_pde_access = can_access_pde32(guest_pde, fault_addr, error_code);
64 if (guest_pde_access != PT_ACCESS_OK) {
65 // inject page fault to the guest (Guest PDE fault)
67 info->ctrl_regs.cr2 = fault_addr;
68 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
73 shadow_pde_access = can_access_pde32(shadow_pde, fault_addr, error_code);
76 if (shadow_pde_access == PT_ENTRY_NOT_PRESENT) {
77 pte32_t * shadow_pte = NULL;
79 V3_AllocPages(shadow_pte, 1);
80 memset(shadow_pte, 0, PAGE_SIZE);
82 shadow_pde_entry->pt_base_addr = PD32_BASE_ADDR(shadow_pte);
85 shadow_pde_entry->present = 1;
86 shadow_pde_entry->user_page = guest_pde_entry->user_page;
88 // VMM Specific options
89 shadow_pde_entry->write_through = 0;
90 shadow_pde_entry->cache_disable = 0;
91 shadow_pde_entry->global_page = 0;
94 guest_pde_entry->accessed = 1;
96 if (guest_pde_entry->large_page == 0) {
97 shadow_pde_entry->writable = guest_pde_entry->writable;
100 * Check the Intel manual because we are ignoring Large Page issues here
101 * Also be wary of hooked pages
105 } else if (shadow_pde_access == PT_WRITE_ERROR) {
108 // Page Directory Entry marked read-only
111 PrintDebug("Shadow Paging Write Error\n");
113 } else if (shadow_pde_access == PT_USER_ERROR) {
116 // Page Directory Entry marked non-user
119 PrintDebug("Shadow Paging User access error\n");
121 } else if (shadow_pde_access == PT_ACCESS_OK) {
122 pte32_t * shadow_pte = (pte32_t *)PDE32_T_ADDR((*shadow_pde_entry));
123 pte32_t * guest_pte = NULL;
125 // Page Table Entry fault
127 if (guest_pa_to_host_va(info, PDE32_T_ADDR((*guest_pde_entry)), (addr_t*)&guest_pte) == -1) {
128 PrintDebug("Invalid Guest PTE Address: 0x%x\n", PDE32_T_ADDR((*guest_pde_entry)));
129 // Machine check the guest
131 raise_exception(info, MC_EXCEPTION);
137 if (handle_shadow_pte32_fault(info, fault_addr, error_code, shadow_pte, guest_pte) == -1) {
138 PrintDebug("Error handling Page fault caused by PTE\n");
143 // Unknown error raise page fault in guest
144 info->ctrl_regs.cr2 = fault_addr;
145 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
147 // For debugging we will return an error here for the time being,
148 // this probably shouldn't ever happen
149 PrintDebug("Unknown Error occurred\n");
150 PrintDebug("Manual Says to inject page fault into guest\n");
154 PrintDebugPageTables(shadow_pde);
162 * We assume the the guest pte pointer has already been translated to a host virtual address
164 int handle_shadow_pte32_fault(struct guest_info * info,
166 pf_error_t error_code,
167 pte32_t * shadow_pte,
168 pte32_t * guest_pte) {
170 pt_access_status_t guest_pte_access;
171 pt_access_status_t shadow_pte_access;
172 pte32_t * guest_pte_entry = (pte32_t *)&(guest_pte[PTE32_INDEX(fault_addr)]);;
173 pte32_t * shadow_pte_entry = (pte32_t *)&(shadow_pte[PTE32_INDEX(fault_addr)]);
176 // Check the guest page permissions
177 guest_pte_access = can_access_pte32(guest_pte, fault_addr, error_code);
180 if (guest_pte_access != PT_ACCESS_OK) {
181 // Inject page fault into the guest
183 info->ctrl_regs.cr2 = fault_addr;
184 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
190 shadow_pte_access = can_access_pte32(shadow_pte, fault_addr, error_code);
192 if (shadow_pte_access == PT_ACCESS_OK) {
193 // Inconsistent state...
194 // Guest Re-Entry will flush page tables and everything should now work
196 } else if (shadow_pte_access == PT_ENTRY_NOT_PRESENT) {
198 addr_t guest_pa = PTE32_T_ADDR((*guest_pte_entry));
200 // Page Table Entry Not Present
202 host_region_type_t host_page_type = get_shadow_addr_type(info, guest_pa);
204 if (host_page_type == HOST_REGION_INVALID) {
205 // Inject a machine check in the guest
207 raise_exception(info, MC_EXCEPTION);
209 PrintDebug("Invalid Guest Address in page table (0x%x)\n", guest_pa);
212 } else if (host_page_type == HOST_REGION_PHYSICAL_MEMORY) {
214 shadow_pa = get_shadow_addr(info, guest_pa);
216 shadow_pte_entry->page_base_addr = PT32_BASE_ADDR(shadow_pa);
218 shadow_pte_entry->present = guest_pte_entry->present;
219 shadow_pte_entry->user_page = guest_pte_entry->user_page;
221 //set according to VMM policy
222 shadow_pte_entry->write_through = 0;
223 shadow_pte_entry->cache_disable = 0;
224 shadow_pte_entry->global_page = 0;
227 guest_pte_entry->accessed = 1;
229 if (guest_pte_entry->dirty == 1) {
230 shadow_pte_entry->writable = guest_pte_entry->writable;
231 } else if ((guest_pte_entry->dirty == 0) && (error_code.write == 1)) {
232 shadow_pte_entry->writable = guest_pte_entry->writable;
233 guest_pte_entry->dirty = 1;
234 } else if ((guest_pte_entry->dirty = 0) && (error_code.write == 0)) {
235 shadow_pte_entry->writable = 0;
238 // Page fault handled by hook functions
239 if (handle_special_page_fault(info, fault_addr, error_code) == -1) {
240 PrintDebug("Special Page fault handler returned error for address: %x\n", fault_addr);
245 } else if ((shadow_pte_access == PT_WRITE_ERROR) &&
246 (guest_pte_entry->dirty == 0)) {
247 guest_pte_entry->dirty = 1;
248 shadow_pte_entry->writable = guest_pte_entry->writable;
252 // Inject page fault into the guest
254 info->ctrl_regs.cr2 = fault_addr;
255 raise_exception_with_error(info, PF_EXCEPTION, *(uint_t *)&error_code);
257 PrintDebug("PTE Page fault fell through... Not sure if this should ever happen\n");
258 PrintDebug("Manual Says to inject page fault into guest\n");
267 addr_t create_new_shadow_pt32(struct guest_info * info) {
270 V3_AllocPages(host_pde, 1);
271 memset(host_pde, 0, PAGE_SIZE);
273 return (addr_t)host_pde;
278 /* Currently Does not work with Segmentation!!! */
279 int handle_shadow_invlpg(struct guest_info * info) {
280 if (info->cpu_mode == PROTECTED_PG) {
285 ret = read_guest_va_memory(info, get_addr_linear(info, info->rip, &(info->segments.cs)), 15, instr);
287 PrintDebug("Could not read instruction 0x%x (ret=%d)\n", info->rip, ret);
292 /* Can INVLPG work with Segments?? */
293 while (is_prefix_byte(instr[index])) {
298 if ((instr[index] == (uchar_t)0x0f) &&
299 (instr[index + 1] == (uchar_t)0x01)) {
301 addr_t first_operand;
302 addr_t second_operand;
303 operand_type_t addr_type;
307 addr_type = decode_operands32(&(info->vm_regs), instr + index, &index, &first_operand, &second_operand, REG32);
309 if (addr_type == MEM_OPERAND) {
310 pde32_t * shadow_pd = (pde32_t *)CR3_TO_PDE32(info->shdw_pg_state.shadow_cr3);
311 pde32_t * shadow_pde_entry = (pde32_t *)&shadow_pd[PDE32_INDEX(first_operand)];
313 //PrintDebug("PDE Index=%d\n", PDE32_INDEX(first_operand));
314 //PrintDebug("FirstOperand = %x\n", first_operand);
316 if (shadow_pde_entry->large_page == 1) {
317 shadow_pde_entry->present = 0;
319 if (shadow_pde_entry->present == 1) {
320 pte32_t * shadow_pt = (pte32_t *)PDE32_T_ADDR((*shadow_pde_entry));
321 pte32_t * shadow_pte_entry = (pte32_t *)&shadow_pt[PTE32_INDEX(first_operand)];
323 shadow_pte_entry->present = 0;
330 PrintDebug("Invalid Operand type\n");
334 PrintDebug("invalid Instruction Opcode\n");
335 PrintTraceMemDump(instr, 15);
347 addr_t setup_shadow_pt32(struct guest_info * info, addr_t virt_cr3) {
348 addr_t cr3_guest_addr = CR3_TO_PDE32(virt_cr3);
350 pde32_t * host_pde = NULL;
353 // Setup up guest_pde to point to the PageDir in host addr
354 if (guest_pa_to_host_va(info, cr3_guest_addr, (addr_t*)&guest_pde) == -1) {
358 V3_AllocPages(host_pde, 1);
359 memset(host_pde, 0, PAGE_SIZE);
361 for (i = 0; i < MAX_PDE32_ENTRIES; i++) {
362 if (guest_pde[i].present == 1) {
366 if (guest_pa_to_host_va(info, PDE32_T_ADDR(guest_pde[i]), &pt_host_addr) == -1) {
370 if ((host_pte = setup_shadow_pte32(info, pt_host_addr)) == 0) {
374 host_pde[i].present = 1;
375 host_pde[i].pt_base_addr = PD32_BASE_ADDR(host_pte);
378 // Set Page DIR flags
383 PrintDebugPageTables(host_pde);
385 return (addr_t)host_pde;
390 addr_t setup_shadow_pte32(struct guest_info * info, addr_t pt_host_addr) {
391 pte32_t * guest_pte = (pte32_t *)pt_host_addr;
392 pte32_t * host_pte = NULL;
395 V3_AllocPages(host_pte, 1);
396 memset(host_pte, 0, PAGE_SIZE);
398 for (i = 0; i < MAX_PTE32_ENTRIES; i++) {
399 if (guest_pte[i].present == 1) {
400 addr_t guest_pa = PTE32_T_ADDR(guest_pte[i]);
401 shadow_mem_type_t page_type;
404 page_type = get_shadow_addr_type(info, guest_pa);
406 if (page_type == HOST_REGION_PHYSICAL_MEMORY) {
407 host_pa = get_shadow_addr(info, guest_pa);
411 // Setup various memory types
415 host_pte[i].page_base_addr = PT32_BASE_ADDR(host_pa);
416 host_pte[i].present = 1;
420 return (addr_t)host_pte;
