Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
boot.c
Go to the documentation of this file.
1 /*P:010
2  * A hypervisor allows multiple Operating Systems to run on a single machine.
3  * To quote David Wheeler: "Any problem in computer science can be solved with
4  * another layer of indirection."
5  *
6  * We keep things simple in two ways. First, we start with a normal Linux
7  * kernel and insert a module (lg.ko) which allows us to run other Linux
8  * kernels the same way we'd run processes. We call the first kernel the Host,
9  * and the others the Guests. The program which sets up and configures Guests
10  * (such as the example in Documentation/virtual/lguest/lguest.c) is called the
11  * Launcher.
12  *
13  * Secondly, we only run specially modified Guests, not normal kernels: setting
14  * CONFIG_LGUEST_GUEST to "y" compiles this file into the kernel so it knows
15  * how to be a Guest at boot time. This means that you can use the same kernel
16  * you boot normally (ie. as a Host) as a Guest.
17  *
18  * These Guests know that they cannot do privileged operations, such as disable
19  * interrupts, and that they have to ask the Host to do such things explicitly.
20  * This file consists of all the replacements for such low-level native
21  * hardware operations: these special Guest versions call the Host.
22  *
23  * So how does the kernel know it's a Guest? We'll see that later, but let's
24  * just say that we end up here where we replace the native functions various
25  * "paravirt" structures with our Guest versions, then boot like normal.
26 :*/
27 
28 /*
29  * Copyright (C) 2006, Rusty Russell <[email protected]> IBM Corporation.
30  *
31  * This program is free software; you can redistribute it and/or modify
32  * it under the terms of the GNU General Public License as published by
33  * the Free Software Foundation; either version 2 of the License, or
34  * (at your option) any later version.
35  *
36  * This program is distributed in the hope that it will be useful, but
37  * WITHOUT ANY WARRANTY; without even the implied warranty of
38  * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
39  * NON INFRINGEMENT. See the GNU General Public License for more
40  * details.
41  *
42  * You should have received a copy of the GNU General Public License
43  * along with this program; if not, write to the Free Software
44  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
45  */
46 #include <linux/kernel.h>
47 #include <linux/start_kernel.h>
48 #include <linux/string.h>
49 #include <linux/console.h>
50 #include <linux/screen_info.h>
51 #include <linux/irq.h>
52 #include <linux/interrupt.h>
53 #include <linux/clocksource.h>
54 #include <linux/clockchips.h>
55 #include <linux/lguest.h>
56 #include <linux/lguest_launcher.h>
57 #include <linux/virtio_console.h>
58 #include <linux/pm.h>
59 #include <linux/export.h>
60 #include <asm/apic.h>
61 #include <asm/lguest.h>
62 #include <asm/paravirt.h>
63 #include <asm/param.h>
64 #include <asm/page.h>
65 #include <asm/pgtable.h>
66 #include <asm/desc.h>
67 #include <asm/setup.h>
68 #include <asm/e820.h>
69 #include <asm/mce.h>
70 #include <asm/io.h>
71 #include <asm/i387.h>
72 #include <asm/stackprotector.h>
73 #include <asm/reboot.h> /* for struct machine_ops */
74 #include <asm/kvm_para.h>
75 
76 /*G:010
77  * Welcome to the Guest!
78  *
79  * The Guest in our tale is a simple creature: identical to the Host but
80  * behaving in simplified but equivalent ways. In particular, the Guest is the
81  * same kernel as the Host (or at least, built from the same source code).
82 :*/
83 
85  .hcall_status = { [0 ... LHCALL_RING_SIZE-1] = 0xFF },
86  .noirq_start = (u32)lguest_noirq_start,
88  .kernel_address = PAGE_OFFSET,
89  .blocked_interrupts = { 1 }, /* Block timer interrupts */
90  .syscall_vec = SYSCALL_VECTOR,
91 };
92 
93 /*G:037
94  * async_hcall() is pretty simple: I'm quite proud of it really. We have a
95  * ring buffer of stored hypercalls which the Host will run though next time we
96  * do a normal hypercall. Each entry in the ring has 5 slots for the hypercall
97  * arguments, and a "hcall_status" word which is 0 if the call is ready to go,
98  * and 255 once the Host has finished with it.
99  *
100  * If we come around to a slot which hasn't been finished, then the table is
101  * full and we just make the hypercall directly. This has the nice side
102  * effect of causing the Host to run all the stored calls in the ring buffer
103  * which empties it for next time!
104  */
105 static void async_hcall(unsigned long call, unsigned long arg1,
106  unsigned long arg2, unsigned long arg3,
107  unsigned long arg4)
108 {
109  /* Note: This code assumes we're uniprocessor. */
110  static unsigned int next_call;
111  unsigned long flags;
112 
113  /*
114  * Disable interrupts if not already disabled: we don't want an
115  * interrupt handler making a hypercall while we're already doing
116  * one!
117  */
118  local_irq_save(flags);
119  if (lguest_data.hcall_status[next_call] != 0xFF) {
120  /* Table full, so do normal hcall which will flush table. */
121  hcall(call, arg1, arg2, arg3, arg4);
122  } else {
123  lguest_data.hcalls[next_call].arg0 = call;
124  lguest_data.hcalls[next_call].arg1 = arg1;
125  lguest_data.hcalls[next_call].arg2 = arg2;
126  lguest_data.hcalls[next_call].arg3 = arg3;
127  lguest_data.hcalls[next_call].arg4 = arg4;
128  /* Arguments must all be written before we mark it to go */
129  wmb();
130  lguest_data.hcall_status[next_call] = 0;
131  if (++next_call == LHCALL_RING_SIZE)
132  next_call = 0;
133  }
134  local_irq_restore(flags);
135 }
136 
137 /*G:035
138  * Notice the lazy_hcall() above, rather than hcall(). This is our first real
139  * optimization trick!
140  *
141  * When lazy_mode is set, it means we're allowed to defer all hypercalls and do
142  * them as a batch when lazy_mode is eventually turned off. Because hypercalls
143  * are reasonably expensive, batching them up makes sense. For example, a
144  * large munmap might update dozens of page table entries: that code calls
145  * paravirt_enter_lazy_mmu(), does the dozen updates, then calls
146  * lguest_leave_lazy_mode().
147  *
148  * So, when we're in lazy mode, we call async_hcall() to store the call for
149  * future processing:
150  */
151 static void lazy_hcall1(unsigned long call, unsigned long arg1)
152 {
154  hcall(call, arg1, 0, 0, 0);
155  else
156  async_hcall(call, arg1, 0, 0, 0);
157 }
158 
159 /* You can imagine what lazy_hcall2, 3 and 4 look like. :*/
160 static void lazy_hcall2(unsigned long call,
161  unsigned long arg1,
162  unsigned long arg2)
163 {
165  hcall(call, arg1, arg2, 0, 0);
166  else
167  async_hcall(call, arg1, arg2, 0, 0);
168 }
169 
170 static void lazy_hcall3(unsigned long call,
171  unsigned long arg1,
172  unsigned long arg2,
173  unsigned long arg3)
174 {
176  hcall(call, arg1, arg2, arg3, 0);
177  else
178  async_hcall(call, arg1, arg2, arg3, 0);
179 }
180 
181 #ifdef CONFIG_X86_PAE
182 static void lazy_hcall4(unsigned long call,
183  unsigned long arg1,
184  unsigned long arg2,
185  unsigned long arg3,
186  unsigned long arg4)
187 {
189  hcall(call, arg1, arg2, arg3, arg4);
190  else
191  async_hcall(call, arg1, arg2, arg3, arg4);
192 }
193 #endif
194 
195 /*G:036
196  * When lazy mode is turned off, we issue the do-nothing hypercall to
197  * flush any stored calls, and call the generic helper to reset the
198  * per-cpu lazy mode variable.
199  */
200 static void lguest_leave_lazy_mmu_mode(void)
201 {
202  hcall(LHCALL_FLUSH_ASYNC, 0, 0, 0, 0);
204 }
205 
206 /*
207  * We also catch the end of context switch; we enter lazy mode for much of
208  * that too, so again we need to flush here.
209  *
210  * (Technically, this is lazy CPU mode, and normally we're in lazy MMU
211  * mode, but unlike Xen, lguest doesn't care about the difference).
212  */
213 static void lguest_end_context_switch(struct task_struct *next)
214 {
215  hcall(LHCALL_FLUSH_ASYNC, 0, 0, 0, 0);
217 }
218 
219 /*G:032
220  * After that diversion we return to our first native-instruction
221  * replacements: four functions for interrupt control.
222  *
223  * The simplest way of implementing these would be to have "turn interrupts
224  * off" and "turn interrupts on" hypercalls. Unfortunately, this is too slow:
225  * these are by far the most commonly called functions of those we override.
226  *
227  * So instead we keep an "irq_enabled" field inside our "struct lguest_data",
228  * which the Guest can update with a single instruction. The Host knows to
229  * check there before it tries to deliver an interrupt.
230  */
231 
232 /*
233  * save_flags() is expected to return the processor state (ie. "flags"). The
234  * flags word contains all kind of stuff, but in practice Linux only cares
235  * about the interrupt flag. Our "save_flags()" just returns that.
236  */
237 static unsigned long save_fl(void)
238 {
239  return lguest_data.irq_enabled;
240 }
241 
242 /* Interrupts go off... */
243 static void irq_disable(void)
244 {
245  lguest_data.irq_enabled = 0;
246 }
247 
248 /*
249  * Let's pause a moment. Remember how I said these are called so often?
250  * Jeremy Fitzhardinge optimized them so hard early in 2009 that he had to
251  * break some rules. In particular, these functions are assumed to save their
252  * own registers if they need to: normal C functions assume they can trash the
253  * eax register. To use normal C functions, we use
254  * PV_CALLEE_SAVE_REGS_THUNK(), which pushes %eax onto the stack, calls the
255  * C function, then restores it.
256  */
259 /*:*/
260 
261 /* These are in i386_head.S */
262 extern void lg_irq_enable(void);
263 extern void lg_restore_fl(unsigned long flags);
264 
265 /*M:003
266  * We could be more efficient in our checking of outstanding interrupts, rather
267  * than using a branch. One way would be to put the "irq_enabled" field in a
268  * page by itself, and have the Host write-protect it when an interrupt comes
269  * in when irqs are disabled. There will then be a page fault as soon as
270  * interrupts are re-enabled.
271  *
272  * A better method is to implement soft interrupt disable generally for x86:
273  * instead of disabling interrupts, we set a flag. If an interrupt does come
274  * in, we then disable them for real. This is uncommon, so we could simply use
275  * a hypercall for interrupt control and not worry about efficiency.
276 :*/
277 
278 /*G:034
279  * The Interrupt Descriptor Table (IDT).
280  *
281  * The IDT tells the processor what to do when an interrupt comes in. Each
282  * entry in the table is a 64-bit descriptor: this holds the privilege level,
283  * address of the handler, and... well, who cares? The Guest just asks the
284  * Host to make the change anyway, because the Host controls the real IDT.
285  */
286 static void lguest_write_idt_entry(gate_desc *dt,
287  int entrynum, const gate_desc *g)
288 {
289  /*
290  * The gate_desc structure is 8 bytes long: we hand it to the Host in
291  * two 32-bit chunks. The whole 32-bit kernel used to hand descriptors
292  * around like this; typesafety wasn't a big concern in Linux's early
293  * years.
294  */
295  u32 *desc = (u32 *)g;
296  /* Keep the local copy up to date. */
297  native_write_idt_entry(dt, entrynum, g);
298  /* Tell Host about this new entry. */
299  hcall(LHCALL_LOAD_IDT_ENTRY, entrynum, desc[0], desc[1], 0);
300 }
301 
302 /*
303  * Changing to a different IDT is very rare: we keep the IDT up-to-date every
304  * time it is written, so we can simply loop through all entries and tell the
305  * Host about them.
306  */
307 static void lguest_load_idt(const struct desc_ptr *desc)
308 {
309  unsigned int i;
310  struct desc_struct *idt = (void *)desc->address;
311 
312  for (i = 0; i < (desc->size+1)/8; i++)
313  hcall(LHCALL_LOAD_IDT_ENTRY, i, idt[i].a, idt[i].b, 0);
314 }
315 
316 /*
317  * The Global Descriptor Table.
318  *
319  * The Intel architecture defines another table, called the Global Descriptor
320  * Table (GDT). You tell the CPU where it is (and its size) using the "lgdt"
321  * instruction, and then several other instructions refer to entries in the
322  * table. There are three entries which the Switcher needs, so the Host simply
323  * controls the entire thing and the Guest asks it to make changes using the
324  * LOAD_GDT hypercall.
325  *
326  * This is the exactly like the IDT code.
327  */
328 static void lguest_load_gdt(const struct desc_ptr *desc)
329 {
330  unsigned int i;
331  struct desc_struct *gdt = (void *)desc->address;
332 
333  for (i = 0; i < (desc->size+1)/8; i++)
334  hcall(LHCALL_LOAD_GDT_ENTRY, i, gdt[i].a, gdt[i].b, 0);
335 }
336 
337 /*
338  * For a single GDT entry which changes, we simply change our copy and
339  * then tell the host about it.
340  */
341 static void lguest_write_gdt_entry(struct desc_struct *dt, int entrynum,
342  const void *desc, int type)
343 {
344  native_write_gdt_entry(dt, entrynum, desc, type);
345  /* Tell Host about this new entry. */
346  hcall(LHCALL_LOAD_GDT_ENTRY, entrynum,
347  dt[entrynum].a, dt[entrynum].b, 0);
348 }
349 
350 /*
351  * There are three "thread local storage" GDT entries which change
352  * on every context switch (these three entries are how glibc implements
353  * __thread variables). As an optimization, we have a hypercall
354  * specifically for this case.
355  *
356  * Wouldn't it be nicer to have a general LOAD_GDT_ENTRIES hypercall
357  * which took a range of entries?
358  */
359 static void lguest_load_tls(struct thread_struct *t, unsigned int cpu)
360 {
361  /*
362  * There's one problem which normal hardware doesn't have: the Host
363  * can't handle us removing entries we're currently using. So we clear
364  * the GS register here: if it's needed it'll be reloaded anyway.
365  */
366  lazy_load_gs(0);
367  lazy_hcall2(LHCALL_LOAD_TLS, __pa(&t->tls_array), cpu);
368 }
369 
370 /*G:038
371  * That's enough excitement for now, back to ploughing through each of the
372  * different pv_ops structures (we're about 1/3 of the way through).
373  *
374  * This is the Local Descriptor Table, another weird Intel thingy. Linux only
375  * uses this for some strange applications like Wine. We don't do anything
376  * here, so they'll get an informative and friendly Segmentation Fault.
377  */
378 static void lguest_set_ldt(const void *addr, unsigned entries)
379 {
380 }
381 
382 /*
383  * This loads a GDT entry into the "Task Register": that entry points to a
384  * structure called the Task State Segment. Some comments scattered though the
385  * kernel code indicate that this used for task switching in ages past, along
386  * with blood sacrifice and astrology.
387  *
388  * Now there's nothing interesting in here that we don't get told elsewhere.
389  * But the native version uses the "ltr" instruction, which makes the Host
390  * complain to the Guest about a Segmentation Fault and it'll oops. So we
391  * override the native version with a do-nothing version.
392  */
393 static void lguest_load_tr_desc(void)
394 {
395 }
396 
397 /*
398  * The "cpuid" instruction is a way of querying both the CPU identity
399  * (manufacturer, model, etc) and its features. It was introduced before the
400  * Pentium in 1993 and keeps getting extended by both Intel, AMD and others.
401  * As you might imagine, after a decade and a half this treatment, it is now a
402  * giant ball of hair. Its entry in the current Intel manual runs to 28 pages.
403  *
404  * This instruction even it has its own Wikipedia entry. The Wikipedia entry
405  * has been translated into 6 languages. I am not making this up!
406  *
407  * We could get funky here and identify ourselves as "GenuineLguest", but
408  * instead we just use the real "cpuid" instruction. Then I pretty much turned
409  * off feature bits until the Guest booted. (Don't say that: you'll damage
410  * lguest sales!) Shut up, inner voice! (Hey, just pointing out that this is
411  * hardly future proof.) No one's listening! They don't like you anyway,
412  * parenthetic weirdo!
413  *
414  * Replacing the cpuid so we can turn features off is great for the kernel, but
415  * anyone (including userspace) can just use the raw "cpuid" instruction and
416  * the Host won't even notice since it isn't privileged. So we try not to get
417  * too worked up about it.
418  */
419 static void lguest_cpuid(unsigned int *ax, unsigned int *bx,
420  unsigned int *cx, unsigned int *dx)
421 {
422  int function = *ax;
423 
424  native_cpuid(ax, bx, cx, dx);
425  switch (function) {
426  /*
427  * CPUID 0 gives the highest legal CPUID number (and the ID string).
428  * We futureproof our code a little by sticking to known CPUID values.
429  */
430  case 0:
431  if (*ax > 5)
432  *ax = 5;
433  break;
434 
435  /*
436  * CPUID 1 is a basic feature request.
437  *
438  * CX: we only allow kernel to see SSE3, CMPXCHG16B and SSSE3
439  * DX: SSE, SSE2, FXSR, MMX, CMOV, CMPXCHG8B, TSC, FPU and PAE.
440  */
441  case 1:
442  *cx &= 0x00002201;
443  *dx &= 0x07808151;
444  /*
445  * The Host can do a nice optimization if it knows that the
446  * kernel mappings (addresses above 0xC0000000 or whatever
447  * PAGE_OFFSET is set to) haven't changed. But Linux calls
448  * flush_tlb_user() for both user and kernel mappings unless
449  * the Page Global Enable (PGE) feature bit is set.
450  */
451  *dx |= 0x00002000;
452  /*
453  * We also lie, and say we're family id 5. 6 or greater
454  * leads to a rdmsr in early_init_intel which we can't handle.
455  * Family ID is returned as bits 8-12 in ax.
456  */
457  *ax &= 0xFFFFF0FF;
458  *ax |= 0x00000500;
459  break;
460 
461  /*
462  * This is used to detect if we're running under KVM. We might be,
463  * but that's a Host matter, not us. So say we're not.
464  */
465  case KVM_CPUID_SIGNATURE:
466  *bx = *cx = *dx = 0;
467  break;
468 
469  /*
470  * 0x80000000 returns the highest Extended Function, so we futureproof
471  * like we do above by limiting it to known fields.
472  */
473  case 0x80000000:
474  if (*ax > 0x80000008)
475  *ax = 0x80000008;
476  break;
477 
478  /*
479  * PAE systems can mark pages as non-executable. Linux calls this the
480  * NX bit. Intel calls it XD (eXecute Disable), AMD EVP (Enhanced
481  * Virus Protection). We just switch it off here, since we don't
482  * support it.
483  */
484  case 0x80000001:
485  *dx &= ~(1 << 20);
486  break;
487  }
488 }
489 
490 /*
491  * Intel has four control registers, imaginatively named cr0, cr2, cr3 and cr4.
492  * I assume there's a cr1, but it hasn't bothered us yet, so we'll not bother
493  * it. The Host needs to know when the Guest wants to change them, so we have
494  * a whole series of functions like read_cr0() and write_cr0().
495  *
496  * We start with cr0. cr0 allows you to turn on and off all kinds of basic
497  * features, but Linux only really cares about one: the horrifically-named Task
498  * Switched (TS) bit at bit 3 (ie. 8)
499  *
500  * What does the TS bit do? Well, it causes the CPU to trap (interrupt 7) if
501  * the floating point unit is used. Which allows us to restore FPU state
502  * lazily after a task switch, and Linux uses that gratefully, but wouldn't a
503  * name like "FPUTRAP bit" be a little less cryptic?
504  *
505  * We store cr0 locally because the Host never changes it. The Guest sometimes
506  * wants to read it and we'd prefer not to bother the Host unnecessarily.
507  */
508 static unsigned long current_cr0;
509 static void lguest_write_cr0(unsigned long val)
510 {
511  lazy_hcall1(LHCALL_TS, val & X86_CR0_TS);
512  current_cr0 = val;
513 }
514 
515 static unsigned long lguest_read_cr0(void)
516 {
517  return current_cr0;
518 }
519 
520 /*
521  * Intel provided a special instruction to clear the TS bit for people too cool
522  * to use write_cr0() to do it. This "clts" instruction is faster, because all
523  * the vowels have been optimized out.
524  */
525 static void lguest_clts(void)
526 {
527  lazy_hcall1(LHCALL_TS, 0);
528  current_cr0 &= ~X86_CR0_TS;
529 }
530 
531 /*
532  * cr2 is the virtual address of the last page fault, which the Guest only ever
533  * reads. The Host kindly writes this into our "struct lguest_data", so we
534  * just read it out of there.
535  */
536 static unsigned long lguest_read_cr2(void)
537 {
538  return lguest_data.cr2;
539 }
540 
541 /* See lguest_set_pte() below. */
542 static bool cr3_changed = false;
543 static unsigned long current_cr3;
544 
545 /*
546  * cr3 is the current toplevel pagetable page: the principle is the same as
547  * cr0. Keep a local copy, and tell the Host when it changes.
548  */
549 static void lguest_write_cr3(unsigned long cr3)
550 {
551  lazy_hcall1(LHCALL_NEW_PGTABLE, cr3);
552  current_cr3 = cr3;
553 
554  /* These two page tables are simple, linear, and used during boot */
555  if (cr3 != __pa(swapper_pg_dir) && cr3 != __pa(initial_page_table))
556  cr3_changed = true;
557 }
558 
559 static unsigned long lguest_read_cr3(void)
560 {
561  return current_cr3;
562 }
563 
564 /* cr4 is used to enable and disable PGE, but we don't care. */
565 static unsigned long lguest_read_cr4(void)
566 {
567  return 0;
568 }
569 
570 static void lguest_write_cr4(unsigned long val)
571 {
572 }
573 
574 /*
575  * Page Table Handling.
576  *
577  * Now would be a good time to take a rest and grab a coffee or similarly
578  * relaxing stimulant. The easy parts are behind us, and the trek gradually
579  * winds uphill from here.
580  *
581  * Quick refresher: memory is divided into "pages" of 4096 bytes each. The CPU
582  * maps virtual addresses to physical addresses using "page tables". We could
583  * use one huge index of 1 million entries: each address is 4 bytes, so that's
584  * 1024 pages just to hold the page tables. But since most virtual addresses
585  * are unused, we use a two level index which saves space. The cr3 register
586  * contains the physical address of the top level "page directory" page, which
587  * contains physical addresses of up to 1024 second-level pages. Each of these
588  * second level pages contains up to 1024 physical addresses of actual pages,
589  * or Page Table Entries (PTEs).
590  *
591  * Here's a diagram, where arrows indicate physical addresses:
592  *
593  * cr3 ---> +---------+
594  * | --------->+---------+
595  * | | | PADDR1 |
596  * Mid-level | | PADDR2 |
597  * (PMD) page | | |
598  * | | Lower-level |
599  * | | (PTE) page |
600  * | | | |
601  * .... ....
602  *
603  * So to convert a virtual address to a physical address, we look up the top
604  * level, which points us to the second level, which gives us the physical
605  * address of that page. If the top level entry was not present, or the second
606  * level entry was not present, then the virtual address is invalid (we
607  * say "the page was not mapped").
608  *
609  * Put another way, a 32-bit virtual address is divided up like so:
610  *
611  * 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
612  * |<---- 10 bits ---->|<---- 10 bits ---->|<------ 12 bits ------>|
613  * Index into top Index into second Offset within page
614  * page directory page pagetable page
615  *
616  * Now, unfortunately, this isn't the whole story: Intel added Physical Address
617  * Extension (PAE) to allow 32 bit systems to use 64GB of memory (ie. 36 bits).
618  * These are held in 64-bit page table entries, so we can now only fit 512
619  * entries in a page, and the neat three-level tree breaks down.
620  *
621  * The result is a four level page table:
622  *
623  * cr3 --> [ 4 Upper ]
624  * [ Level ]
625  * [ Entries ]
626  * [(PUD Page)]---> +---------+
627  * | --------->+---------+
628  * | | | PADDR1 |
629  * Mid-level | | PADDR2 |
630  * (PMD) page | | |
631  * | | Lower-level |
632  * | | (PTE) page |
633  * | | | |
634  * .... ....
635  *
636  *
637  * And the virtual address is decoded as:
638  *
639  * 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
640  * |<-2->|<--- 9 bits ---->|<---- 9 bits --->|<------ 12 bits ------>|
641  * Index into Index into mid Index into lower Offset within page
642  * top entries directory page pagetable page
643  *
644  * It's too hard to switch between these two formats at runtime, so Linux only
645  * supports one or the other depending on whether CONFIG_X86_PAE is set. Many
646  * distributions turn it on, and not just for people with silly amounts of
647  * memory: the larger PTE entries allow room for the NX bit, which lets the
648  * kernel disable execution of pages and increase security.
649  *
650  * This was a problem for lguest, which couldn't run on these distributions;
651  * then Matias Zabaljauregui figured it all out and implemented it, and only a
652  * handful of puppies were crushed in the process!
653  *
654  * Back to our point: the kernel spends a lot of time changing both the
655  * top-level page directory and lower-level pagetable pages. The Guest doesn't
656  * know physical addresses, so while it maintains these page tables exactly
657  * like normal, it also needs to keep the Host informed whenever it makes a
658  * change: the Host will create the real page tables based on the Guests'.
659  */
660 
661 /*
662  * The Guest calls this after it has set a second-level entry (pte), ie. to map
663  * a page into a process' address space. We tell the Host the toplevel and
664  * address this corresponds to. The Guest uses one pagetable per process, so
665  * we need to tell the Host which one we're changing (mm->pgd).
666  */
667 static void lguest_pte_update(struct mm_struct *mm, unsigned long addr,
668  pte_t *ptep)
669 {
670 #ifdef CONFIG_X86_PAE
671  /* PAE needs to hand a 64 bit page table entry, so it uses two args. */
672  lazy_hcall4(LHCALL_SET_PTE, __pa(mm->pgd), addr,
673  ptep->pte_low, ptep->pte_high);
674 #else
675  lazy_hcall3(LHCALL_SET_PTE, __pa(mm->pgd), addr, ptep->pte_low);
676 #endif
677 }
678 
679 /* This is the "set and update" combo-meal-deal version. */
680 static void lguest_set_pte_at(struct mm_struct *mm, unsigned long addr,
681  pte_t *ptep, pte_t pteval)
682 {
683  native_set_pte(ptep, pteval);
684  lguest_pte_update(mm, addr, ptep);
685 }
686 
687 /*
688  * The Guest calls lguest_set_pud to set a top-level entry and lguest_set_pmd
689  * to set a middle-level entry when PAE is activated.
690  *
691  * Again, we set the entry then tell the Host which page we changed,
692  * and the index of the entry we changed.
693  */
694 #ifdef CONFIG_X86_PAE
695 static void lguest_set_pud(pud_t *pudp, pud_t pudval)
696 {
697  native_set_pud(pudp, pudval);
698 
699  /* 32 bytes aligned pdpt address and the index. */
700  lazy_hcall2(LHCALL_SET_PGD, __pa(pudp) & 0xFFFFFFE0,
701  (__pa(pudp) & 0x1F) / sizeof(pud_t));
702 }
703 
704 static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
705 {
706  native_set_pmd(pmdp, pmdval);
707  lazy_hcall2(LHCALL_SET_PMD, __pa(pmdp) & PAGE_MASK,
708  (__pa(pmdp) & (PAGE_SIZE - 1)) / sizeof(pmd_t));
709 }
710 #else
711 
712 /* The Guest calls lguest_set_pmd to set a top-level entry when !PAE. */
713 static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
714 {
715  native_set_pmd(pmdp, pmdval);
716  lazy_hcall2(LHCALL_SET_PGD, __pa(pmdp) & PAGE_MASK,
717  (__pa(pmdp) & (PAGE_SIZE - 1)) / sizeof(pmd_t));
718 }
719 #endif
720 
721 /*
722  * There are a couple of legacy places where the kernel sets a PTE, but we
723  * don't know the top level any more. This is useless for us, since we don't
724  * know which pagetable is changing or what address, so we just tell the Host
725  * to forget all of them. Fortunately, this is very rare.
726  *
727  * ... except in early boot when the kernel sets up the initial pagetables,
728  * which makes booting astonishingly slow: 48 seconds! So we don't even tell
729  * the Host anything changed until we've done the first real page table switch,
730  * which brings boot back to 4.3 seconds.
731  */
732 static void lguest_set_pte(pte_t *ptep, pte_t pteval)
733 {
734  native_set_pte(ptep, pteval);
735  if (cr3_changed)
736  lazy_hcall1(LHCALL_FLUSH_TLB, 1);
737 }
738 
739 #ifdef CONFIG_X86_PAE
740 /*
741  * With 64-bit PTE values, we need to be careful setting them: if we set 32
742  * bits at a time, the hardware could see a weird half-set entry. These
743  * versions ensure we update all 64 bits at once.
744  */
745 static void lguest_set_pte_atomic(pte_t *ptep, pte_t pte)
746 {
747  native_set_pte_atomic(ptep, pte);
748  if (cr3_changed)
749  lazy_hcall1(LHCALL_FLUSH_TLB, 1);
750 }
751 
752 static void lguest_pte_clear(struct mm_struct *mm, unsigned long addr,
753  pte_t *ptep)
754 {
755  native_pte_clear(mm, addr, ptep);
756  lguest_pte_update(mm, addr, ptep);
757 }
758 
759 static void lguest_pmd_clear(pmd_t *pmdp)
760 {
761  lguest_set_pmd(pmdp, __pmd(0));
762 }
763 #endif
764 
765 /*
766  * Unfortunately for Lguest, the pv_mmu_ops for page tables were based on
767  * native page table operations. On native hardware you can set a new page
768  * table entry whenever you want, but if you want to remove one you have to do
769  * a TLB flush (a TLB is a little cache of page table entries kept by the CPU).
770  *
771  * So the lguest_set_pte_at() and lguest_set_pmd() functions above are only
772  * called when a valid entry is written, not when it's removed (ie. marked not
773  * present). Instead, this is where we come when the Guest wants to remove a
774  * page table entry: we tell the Host to set that entry to 0 (ie. the present
775  * bit is zero).
776  */
777 static void lguest_flush_tlb_single(unsigned long addr)
778 {
779  /* Simply set it to zero: if it was not, it will fault back in. */
780  lazy_hcall3(LHCALL_SET_PTE, current_cr3, addr, 0);
781 }
782 
783 /*
784  * This is what happens after the Guest has removed a large number of entries.
785  * This tells the Host that any of the page table entries for userspace might
786  * have changed, ie. virtual addresses below PAGE_OFFSET.
787  */
788 static void lguest_flush_tlb_user(void)
789 {
790  lazy_hcall1(LHCALL_FLUSH_TLB, 0);
791 }
792 
793 /*
794  * This is called when the kernel page tables have changed. That's not very
795  * common (unless the Guest is using highmem, which makes the Guest extremely
796  * slow), so it's worth separating this from the user flushing above.
797  */
798 static void lguest_flush_tlb_kernel(void)
799 {
800  lazy_hcall1(LHCALL_FLUSH_TLB, 1);
801 }
802 
803 /*
804  * The Unadvanced Programmable Interrupt Controller.
805  *
806  * This is an attempt to implement the simplest possible interrupt controller.
807  * I spent some time looking though routines like set_irq_chip_and_handler,
808  * set_irq_chip_and_handler_name, set_irq_chip_data and set_phasers_to_stun and
809  * I *think* this is as simple as it gets.
810  *
811  * We can tell the Host what interrupts we want blocked ready for using the
812  * lguest_data.interrupts bitmap, so disabling (aka "masking") them is as
813  * simple as setting a bit. We don't actually "ack" interrupts as such, we
814  * just mask and unmask them. I wonder if we should be cleverer?
815  */
816 static void disable_lguest_irq(struct irq_data *data)
817 {
818  set_bit(data->irq, lguest_data.blocked_interrupts);
819 }
820 
821 static void enable_lguest_irq(struct irq_data *data)
822 {
823  clear_bit(data->irq, lguest_data.blocked_interrupts);
824 }
825 
826 /* This structure describes the lguest IRQ controller. */
827 static struct irq_chip lguest_irq_controller = {
828  .name = "lguest",
829  .irq_mask = disable_lguest_irq,
830  .irq_mask_ack = disable_lguest_irq,
831  .irq_unmask = enable_lguest_irq,
832 };
833 
834 /*
835  * This sets up the Interrupt Descriptor Table (IDT) entry for each hardware
836  * interrupt (except 128, which is used for system calls), and then tells the
837  * Linux infrastructure that each interrupt is controlled by our level-based
838  * lguest interrupt controller.
839  */
840 static void __init lguest_init_IRQ(void)
841 {
842  unsigned int i;
843 
844  for (i = FIRST_EXTERNAL_VECTOR; i < NR_VECTORS; i++) {
845  /* Some systems map "vectors" to interrupts weirdly. Not us! */
846  __this_cpu_write(vector_irq[i], i - FIRST_EXTERNAL_VECTOR);
847  if (i != SYSCALL_VECTOR)
848  set_intr_gate(i, interrupt[i - FIRST_EXTERNAL_VECTOR]);
849  }
850 
851  /*
852  * This call is required to set up for 4k stacks, where we have
853  * separate stacks for hard and soft interrupts.
854  */
856 }
857 
858 /*
859  * Interrupt descriptors are allocated as-needed, but low-numbered ones are
860  * reserved by the generic x86 code. So we ignore irq_alloc_desc_at if it
861  * tells us the irq is already used: other errors (ie. ENOMEM) we take
862  * seriously.
863  */
864 int lguest_setup_irq(unsigned int irq)
865 {
866  int err;
867 
868  /* Returns -ve error or vector number. */
869  err = irq_alloc_desc_at(irq, 0);
870  if (err < 0 && err != -EEXIST)
871  return err;
872 
873  irq_set_chip_and_handler_name(irq, &lguest_irq_controller,
874  handle_level_irq, "level");
875  return 0;
876 }
877 
878 /*
879  * Time.
880  *
881  * It would be far better for everyone if the Guest had its own clock, but
882  * until then the Host gives us the time on every interrupt.
883  */
884 static unsigned long lguest_get_wallclock(void)
885 {
886  return lguest_data.time.tv_sec;
887 }
888 
889 /*
890  * The TSC is an Intel thing called the Time Stamp Counter. The Host tells us
891  * what speed it runs at, or 0 if it's unusable as a reliable clock source.
892  * This matches what we want here: if we return 0 from this function, the x86
893  * TSC clock will give up and not register itself.
894  */
895 static unsigned long lguest_tsc_khz(void)
896 {
897  return lguest_data.tsc_khz;
898 }
899 
900 /*
901  * If we can't use the TSC, the kernel falls back to our lower-priority
902  * "lguest_clock", where we read the time value given to us by the Host.
903  */
904 static cycle_t lguest_clock_read(struct clocksource *cs)
905 {
906  unsigned long sec, nsec;
907 
908  /*
909  * Since the time is in two parts (seconds and nanoseconds), we risk
910  * reading it just as it's changing from 99 & 0.999999999 to 100 and 0,
911  * and getting 99 and 0. As Linux tends to come apart under the stress
912  * of time travel, we must be careful:
913  */
914  do {
915  /* First we read the seconds part. */
916  sec = lguest_data.time.tv_sec;
917  /*
918  * This read memory barrier tells the compiler and the CPU that
919  * this can't be reordered: we have to complete the above
920  * before going on.
921  */
922  rmb();
923  /* Now we read the nanoseconds part. */
924  nsec = lguest_data.time.tv_nsec;
925  /* Make sure we've done that. */
926  rmb();
927  /* Now if the seconds part has changed, try again. */
928  } while (unlikely(lguest_data.time.tv_sec != sec));
929 
930  /* Our lguest clock is in real nanoseconds. */
931  return sec*1000000000ULL + nsec;
932 }
933 
934 /* This is the fallback clocksource: lower priority than the TSC clocksource. */
935 static struct clocksource lguest_clock = {
936  .name = "lguest",
937  .rating = 200,
938  .read = lguest_clock_read,
939  .mask = CLOCKSOURCE_MASK(64),
941 };
942 
943 /*
944  * We also need a "struct clock_event_device": Linux asks us to set it to go
945  * off some time in the future. Actually, James Morris figured all this out, I
946  * just applied the patch.
947  */
948 static int lguest_clockevent_set_next_event(unsigned long delta,
949  struct clock_event_device *evt)
950 {
951  /* FIXME: I don't think this can ever happen, but James tells me he had
952  * to put this code in. Maybe we should remove it now. Anyone? */
953  if (delta < LG_CLOCK_MIN_DELTA) {
954  if (printk_ratelimit())
955  printk(KERN_DEBUG "%s: small delta %lu ns\n",
956  __func__, delta);
957  return -ETIME;
958  }
959 
960  /* Please wake us this far in the future. */
961  hcall(LHCALL_SET_CLOCKEVENT, delta, 0, 0, 0);
962  return 0;
963 }
964 
965 static void lguest_clockevent_set_mode(enum clock_event_mode mode,
966  struct clock_event_device *evt)
967 {
968  switch (mode) {
969  case CLOCK_EVT_MODE_UNUSED:
970  case CLOCK_EVT_MODE_SHUTDOWN:
971  /* A 0 argument shuts the clock down. */
972  hcall(LHCALL_SET_CLOCKEVENT, 0, 0, 0, 0);
973  break;
974  case CLOCK_EVT_MODE_ONESHOT:
975  /* This is what we expect. */
976  break;
977  case CLOCK_EVT_MODE_PERIODIC:
978  BUG();
979  case CLOCK_EVT_MODE_RESUME:
980  break;
981  }
982 }
983 
984 /* This describes our primitive timer chip. */
985 static struct clock_event_device lguest_clockevent = {
986  .name = "lguest",
987  .features = CLOCK_EVT_FEAT_ONESHOT,
988  .set_next_event = lguest_clockevent_set_next_event,
989  .set_mode = lguest_clockevent_set_mode,
990  .rating = INT_MAX,
991  .mult = 1,
992  .shift = 0,
993  .min_delta_ns = LG_CLOCK_MIN_DELTA,
994  .max_delta_ns = LG_CLOCK_MAX_DELTA,
995 };
996 
997 /*
998  * This is the Guest timer interrupt handler (hardware interrupt 0). We just
999  * call the clockevent infrastructure and it does whatever needs doing.
1000  */
1001 static void lguest_time_irq(unsigned int irq, struct irq_desc *desc)
1002 {
1003  unsigned long flags;
1004 
1005  /* Don't interrupt us while this is running. */
1006  local_irq_save(flags);
1007  lguest_clockevent.event_handler(&lguest_clockevent);
1008  local_irq_restore(flags);
1009 }
1010 
1011 /*
1012  * At some point in the boot process, we get asked to set up our timing
1013  * infrastructure. The kernel doesn't expect timer interrupts before this, but
1014  * we cleverly initialized the "blocked_interrupts" field of "struct
1015  * lguest_data" so that timer interrupts were blocked until now.
1016  */
1017 static void lguest_time_init(void)
1018 {
1019  /* Set up the timer interrupt (0) to go to our simple timer routine */
1020  lguest_setup_irq(0);
1021  irq_set_handler(0, lguest_time_irq);
1022 
1023  clocksource_register_hz(&lguest_clock, NSEC_PER_SEC);
1024 
1025  /* We can't set cpumask in the initializer: damn C limitations! Set it
1026  * here and register our timer device. */
1027  lguest_clockevent.cpumask = cpumask_of(0);
1028  clockevents_register_device(&lguest_clockevent);
1029 
1030  /* Finally, we unblock the timer interrupt. */
1031  clear_bit(0, lguest_data.blocked_interrupts);
1032 }
1033 
1034 /*
1035  * Miscellaneous bits and pieces.
1036  *
1037  * Here is an oddball collection of functions which the Guest needs for things
1038  * to work. They're pretty simple.
1039  */
1040 
1041 /*
1042  * The Guest needs to tell the Host what stack it expects traps to use. For
1043  * native hardware, this is part of the Task State Segment mentioned above in
1044  * lguest_load_tr_desc(), but to help hypervisors there's this special call.
1045  *
1046  * We tell the Host the segment we want to use (__KERNEL_DS is the kernel data
1047  * segment), the privilege level (we're privilege level 1, the Host is 0 and
1048  * will not tolerate us trying to use that), the stack pointer, and the number
1049  * of pages in the stack.
1050  */
1051 static void lguest_load_sp0(struct tss_struct *tss,
1052  struct thread_struct *thread)
1053 {
1054  lazy_hcall3(LHCALL_SET_STACK, __KERNEL_DS | 0x1, thread->sp0,
1056 }
1057 
1058 /* Let's just say, I wouldn't do debugging under a Guest. */
1059 static void lguest_set_debugreg(int regno, unsigned long value)
1060 {
1061  /* FIXME: Implement */
1062 }
1063 
1064 /*
1065  * There are times when the kernel wants to make sure that no memory writes are
1066  * caught in the cache (that they've all reached real hardware devices). This
1067  * doesn't matter for the Guest which has virtual hardware.
1068  *
1069  * On the Pentium 4 and above, cpuid() indicates that the Cache Line Flush
1070  * (clflush) instruction is available and the kernel uses that. Otherwise, it
1071  * uses the older "Write Back and Invalidate Cache" (wbinvd) instruction.
1072  * Unlike clflush, wbinvd can only be run at privilege level 0. So we can
1073  * ignore clflush, but replace wbinvd.
1074  */
1075 static void lguest_wbinvd(void)
1076 {
1077 }
1078 
1079 /*
1080  * If the Guest expects to have an Advanced Programmable Interrupt Controller,
1081  * we play dumb by ignoring writes and returning 0 for reads. So it's no
1082  * longer Programmable nor Controlling anything, and I don't think 8 lines of
1083  * code qualifies for Advanced. It will also never interrupt anything. It
1084  * does, however, allow us to get through the Linux boot code.
1085  */
1086 #ifdef CONFIG_X86_LOCAL_APIC
1087 static void lguest_apic_write(u32 reg, u32 v)
1088 {
1089 }
1090 
1091 static u32 lguest_apic_read(u32 reg)
1092 {
1093  return 0;
1094 }
1095 
1096 static u64 lguest_apic_icr_read(void)
1097 {
1098  return 0;
1099 }
1100 
1101 static void lguest_apic_icr_write(u32 low, u32 id)
1102 {
1103  /* Warn to see if there's any stray references */
1104  WARN_ON(1);
1105 }
1106 
1107 static void lguest_apic_wait_icr_idle(void)
1108 {
1109  return;
1110 }
1111 
1112 static u32 lguest_apic_safe_wait_icr_idle(void)
1113 {
1114  return 0;
1115 }
1116 
1117 static void set_lguest_basic_apic_ops(void)
1118 {
1119  apic->read = lguest_apic_read;
1120  apic->write = lguest_apic_write;
1121  apic->icr_read = lguest_apic_icr_read;
1122  apic->icr_write = lguest_apic_icr_write;
1123  apic->wait_icr_idle = lguest_apic_wait_icr_idle;
1124  apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle;
1125 };
1126 #endif
1127 
1128 /* STOP! Until an interrupt comes in. */
1129 static void lguest_safe_halt(void)
1130 {
1131  hcall(LHCALL_HALT, 0, 0, 0, 0);
1132 }
1133 
1134 /*
1135  * The SHUTDOWN hypercall takes a string to describe what's happening, and
1136  * an argument which says whether this to restart (reboot) the Guest or not.
1137  *
1138  * Note that the Host always prefers that the Guest speak in physical addresses
1139  * rather than virtual addresses, so we use __pa() here.
1140  */
1141 static void lguest_power_off(void)
1142 {
1143  hcall(LHCALL_SHUTDOWN, __pa("Power down"),
1144  LGUEST_SHUTDOWN_POWEROFF, 0, 0);
1145 }
1146 
1147 /*
1148  * Panicing.
1149  *
1150  * Don't. But if you did, this is what happens.
1151  */
1152 static int lguest_panic(struct notifier_block *nb, unsigned long l, void *p)
1153 {
1154  hcall(LHCALL_SHUTDOWN, __pa(p), LGUEST_SHUTDOWN_POWEROFF, 0, 0);
1155  /* The hcall won't return, but to keep gcc happy, we're "done". */
1156  return NOTIFY_DONE;
1157 }
1158 
1159 static struct notifier_block paniced = {
1160  .notifier_call = lguest_panic
1161 };
1162 
1163 /* Setting up memory is fairly easy. */
1164 static __init char *lguest_memory_setup(void)
1165 {
1166  /*
1167  * The Linux bootloader header contains an "e820" memory map: the
1168  * Launcher populated the first entry with our memory limit.
1169  */
1171  boot_params.e820_map[0].size,
1172  boot_params.e820_map[0].type);
1173 
1174  /* This string is for the boot messages. */
1175  return "LGUEST";
1176 }
1177 
1178 /*
1179  * We will eventually use the virtio console device to produce console output,
1180  * but before that is set up we use LHCALL_NOTIFY on normal memory to produce
1181  * console output.
1182  */
1183 static __init int early_put_chars(u32 vtermno, const char *buf, int count)
1184 {
1185  char scratch[17];
1186  unsigned int len = count;
1187 
1188  /* We use a nul-terminated string, so we make a copy. Icky, huh? */
1189  if (len > sizeof(scratch) - 1)
1190  len = sizeof(scratch) - 1;
1191  scratch[len] = '\0';
1192  memcpy(scratch, buf, len);
1193  hcall(LHCALL_NOTIFY, __pa(scratch), 0, 0, 0);
1194 
1195  /* This routine returns the number of bytes actually written. */
1196  return len;
1197 }
1198 
1199 /*
1200  * Rebooting also tells the Host we're finished, but the RESTART flag tells the
1201  * Launcher to reboot us.
1202  */
1203 static void lguest_restart(char *reason)
1204 {
1205  hcall(LHCALL_SHUTDOWN, __pa(reason), LGUEST_SHUTDOWN_RESTART, 0, 0);
1206 }
1207 
1208 /*G:050
1209  * Patching (Powerfully Placating Performance Pedants)
1210  *
1211  * We have already seen that pv_ops structures let us replace simple native
1212  * instructions with calls to the appropriate back end all throughout the
1213  * kernel. This allows the same kernel to run as a Guest and as a native
1214  * kernel, but it's slow because of all the indirect branches.
1215  *
1216  * Remember that David Wheeler quote about "Any problem in computer science can
1217  * be solved with another layer of indirection"? The rest of that quote is
1218  * "... But that usually will create another problem." This is the first of
1219  * those problems.
1220  *
1221  * Our current solution is to allow the paravirt back end to optionally patch
1222  * over the indirect calls to replace them with something more efficient. We
1223  * patch two of the simplest of the most commonly called functions: disable
1224  * interrupts and save interrupts. We usually have 6 or 10 bytes to patch
1225  * into: the Guest versions of these operations are small enough that we can
1226  * fit comfortably.
1227  *
1228  * First we need assembly templates of each of the patchable Guest operations,
1229  * and these are in i386_head.S.
1230  */
1231 
1232 /*G:060 We construct a table from the assembler templates: */
1233 static const struct lguest_insns
1234 {
1235  const char *start, *end;
1236 } lguest_insns[] = {
1239 };
1240 
1241 /*
1242  * Now our patch routine is fairly simple (based on the native one in
1243  * paravirt.c). If we have a replacement, we copy it in and return how much of
1244  * the available space we used.
1245  */
1246 static unsigned lguest_patch(u8 type, u16 clobber, void *ibuf,
1247  unsigned long addr, unsigned len)
1248 {
1249  unsigned int insn_len;
1250 
1251  /* Don't do anything special if we don't have a replacement */
1252  if (type >= ARRAY_SIZE(lguest_insns) || !lguest_insns[type].start)
1253  return paravirt_patch_default(type, clobber, ibuf, addr, len);
1254 
1255  insn_len = lguest_insns[type].end - lguest_insns[type].start;
1256 
1257  /* Similarly if it can't fit (doesn't happen, but let's be thorough). */
1258  if (len < insn_len)
1259  return paravirt_patch_default(type, clobber, ibuf, addr, len);
1260 
1261  /* Copy in our instructions. */
1262  memcpy(ibuf, lguest_insns[type].start, insn_len);
1263  return insn_len;
1264 }
1265 
1266 /*G:029
1267  * Once we get to lguest_init(), we know we're a Guest. The various
1268  * pv_ops structures in the kernel provide points for (almost) every routine we
1269  * have to override to avoid privileged instructions.
1270  */
1272 {
1273  /* We're under lguest. */
1274  pv_info.name = "lguest";
1275  /* Paravirt is enabled. */
1277  /* We're running at privilege level 1, not 0 as normal. */
1278  pv_info.kernel_rpl = 1;
1279  /* Everyone except Xen runs with this set. */
1281 
1282  /*
1283  * We set up all the lguest overrides for sensitive operations. These
1284  * are detailed with the operations themselves.
1285  */
1286 
1287  /* Interrupt-related operations */
1288  pv_irq_ops.save_fl = PV_CALLEE_SAVE(save_fl);
1289  pv_irq_ops.restore_fl = __PV_IS_CALLEE_SAVE(lg_restore_fl);
1290  pv_irq_ops.irq_disable = PV_CALLEE_SAVE(irq_disable);
1291  pv_irq_ops.irq_enable = __PV_IS_CALLEE_SAVE(lg_irq_enable);
1292  pv_irq_ops.safe_halt = lguest_safe_halt;
1293 
1294  /* Setup operations */
1295  pv_init_ops.patch = lguest_patch;
1296 
1297  /* Intercepts of various CPU instructions */
1298  pv_cpu_ops.load_gdt = lguest_load_gdt;
1299  pv_cpu_ops.cpuid = lguest_cpuid;
1300  pv_cpu_ops.load_idt = lguest_load_idt;
1302  pv_cpu_ops.load_sp0 = lguest_load_sp0;
1303  pv_cpu_ops.load_tr_desc = lguest_load_tr_desc;
1304  pv_cpu_ops.set_ldt = lguest_set_ldt;
1305  pv_cpu_ops.load_tls = lguest_load_tls;
1306  pv_cpu_ops.set_debugreg = lguest_set_debugreg;
1307  pv_cpu_ops.clts = lguest_clts;
1308  pv_cpu_ops.read_cr0 = lguest_read_cr0;
1309  pv_cpu_ops.write_cr0 = lguest_write_cr0;
1310  pv_cpu_ops.read_cr4 = lguest_read_cr4;
1311  pv_cpu_ops.write_cr4 = lguest_write_cr4;
1312  pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry;
1313  pv_cpu_ops.write_idt_entry = lguest_write_idt_entry;
1314  pv_cpu_ops.wbinvd = lguest_wbinvd;
1316  pv_cpu_ops.end_context_switch = lguest_end_context_switch;
1317 
1318  /* Pagetable management */
1319  pv_mmu_ops.write_cr3 = lguest_write_cr3;
1320  pv_mmu_ops.flush_tlb_user = lguest_flush_tlb_user;
1321  pv_mmu_ops.flush_tlb_single = lguest_flush_tlb_single;
1322  pv_mmu_ops.flush_tlb_kernel = lguest_flush_tlb_kernel;
1323  pv_mmu_ops.set_pte = lguest_set_pte;
1324  pv_mmu_ops.set_pte_at = lguest_set_pte_at;
1325  pv_mmu_ops.set_pmd = lguest_set_pmd;
1326 #ifdef CONFIG_X86_PAE
1327  pv_mmu_ops.set_pte_atomic = lguest_set_pte_atomic;
1328  pv_mmu_ops.pte_clear = lguest_pte_clear;
1329  pv_mmu_ops.pmd_clear = lguest_pmd_clear;
1330  pv_mmu_ops.set_pud = lguest_set_pud;
1331 #endif
1332  pv_mmu_ops.read_cr2 = lguest_read_cr2;
1333  pv_mmu_ops.read_cr3 = lguest_read_cr3;
1335  pv_mmu_ops.lazy_mode.leave = lguest_leave_lazy_mmu_mode;
1336  pv_mmu_ops.pte_update = lguest_pte_update;
1337  pv_mmu_ops.pte_update_defer = lguest_pte_update;
1338 
1339 #ifdef CONFIG_X86_LOCAL_APIC
1340  /* APIC read/write intercepts */
1341  set_lguest_basic_apic_ops();
1342 #endif
1343 
1344  x86_init.resources.memory_setup = lguest_memory_setup;
1345  x86_init.irqs.intr_init = lguest_init_IRQ;
1346  x86_init.timers.timer_init = lguest_time_init;
1347  x86_platform.calibrate_tsc = lguest_tsc_khz;
1348  x86_platform.get_wallclock = lguest_get_wallclock;
1349 
1350  /*
1351  * Now is a good time to look at the implementations of these functions
1352  * before returning to the rest of lguest_init().
1353  */
1354 
1355  /*G:070
1356  * Now we've seen all the paravirt_ops, we return to
1357  * lguest_init() where the rest of the fairly chaotic boot setup
1358  * occurs.
1359  */
1360 
1361  /*
1362  * The stack protector is a weird thing where gcc places a canary
1363  * value on the stack and then checks it on return. This file is
1364  * compiled with -fno-stack-protector it, so we got this far without
1365  * problems. The value of the canary is kept at offset 20 from the
1366  * %gs register, so we need to set that up before calling C functions
1367  * in other files.
1368  */
1369  setup_stack_canary_segment(0);
1370 
1371  /*
1372  * We could just call load_stack_canary_segment(), but we might as well
1373  * call switch_to_new_gdt() which loads the whole table and sets up the
1374  * per-cpu segment descriptor register %fs as well.
1375  */
1376  switch_to_new_gdt(0);
1377 
1378  /*
1379  * The Host<->Guest Switcher lives at the top of our address space, and
1380  * the Host told us how big it is when we made LGUEST_INIT hypercall:
1381  * it put the answer in lguest_data.reserve_mem
1382  */
1383  reserve_top_address(lguest_data.reserve_mem);
1384 
1385  /*
1386  * If we don't initialize the lock dependency checker now, it crashes
1387  * atomic_notifier_chain_register, then paravirt_disable_iospace.
1388  */
1389  lockdep_init();
1390 
1391  /* Hook in our special panic hypercall code. */
1393 
1394  /*
1395  * The IDE code spends about 3 seconds probing for disks: if we reserve
1396  * all the I/O ports up front it can't get them and so doesn't probe.
1397  * Other device drivers are similar (but less severe). This cuts the
1398  * kernel boot time on my machine from 4.1 seconds to 0.45 seconds.
1399  */
1401 
1402  /*
1403  * This is messy CPU setup stuff which the native boot code does before
1404  * start_kernel, so we have to do, too:
1405  */
1407  /* head.S usually sets up the first capability word, so do it here. */
1408  new_cpu_data.x86_capability[0] = cpuid_edx(1);
1409 
1410  /* Math is always hard! */
1411  new_cpu_data.hard_math = 1;
1412 
1413  /* We don't have features. We have puppies! Puppies! */
1414 #ifdef CONFIG_X86_MCE
1415  mce_disabled = 1;
1416 #endif
1417 #ifdef CONFIG_ACPI
1418  acpi_disabled = 1;
1419 #endif
1420 
1421  /*
1422  * We set the preferred console to "hvc". This is the "hypervisor
1423  * virtual console" driver written by the PowerPC people, which we also
1424  * adapted for lguest's use.
1425  */
1426  add_preferred_console("hvc", 0, NULL);
1427 
1428  /* Register our very early console. */
1429  virtio_cons_early_init(early_put_chars);
1430 
1431  /*
1432  * Last of all, we set the power management poweroff hook to point to
1433  * the Guest routine to power off, and the reboot hook to our restart
1434  * routine.
1435  */
1436  pm_power_off = lguest_power_off;
1437  machine_ops.restart = lguest_restart;
1438 
1439  /*
1440  * Now we're set up, call i386_start_kernel() in head32.c and we proceed
1441  * to boot as normal. It never returns.
1442  */
1444 }
1445 /*
1446  * This marks the end of stage II of our journey, The Guest.
1447  *
1448  * It is now time for us to explore the layer of virtual drivers and complete
1449  * our understanding of the Guest in "make Drivers".
1450  */