Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
mmu_audit.c
Go to the documentation of this file.
1 /*
2  * mmu_audit.c:
3  *
4  * Audit code for KVM MMU
5  *
6  * Copyright (C) 2006 Qumranet, Inc.
7  * Copyright 2010 Red Hat, Inc. and/or its affiliates.
8  *
9  * Authors:
10  * Yaniv Kamay <[email protected]>
11  * Avi Kivity <[email protected]>
12  * Marcelo Tosatti <[email protected]>
13  * Xiao Guangrong <[email protected]>
14  *
15  * This work is licensed under the terms of the GNU GPL, version 2. See
16  * the COPYING file in the top-level directory.
17  *
18  */
19 
20 #include <linux/ratelimit.h>
21 
22 char const *audit_point_name[] = {
23  "pre page fault",
24  "post page fault",
25  "pre pte write",
26  "post pte write",
27  "pre sync",
28  "post sync"
29 };
30 
31 #define audit_printk(kvm, fmt, args...) \
32  printk(KERN_ERR "audit: (%s) error: " \
33  fmt, audit_point_name[kvm->arch.audit_point], ##args)
34 
35 typedef void (*inspect_spte_fn) (struct kvm_vcpu *vcpu, u64 *sptep, int level);
36 
37 static void __mmu_spte_walk(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
38  inspect_spte_fn fn, int level)
39 {
40  int i;
41 
42  for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
43  u64 *ent = sp->spt;
44 
45  fn(vcpu, ent + i, level);
46 
47  if (is_shadow_present_pte(ent[i]) &&
48  !is_last_spte(ent[i], level)) {
49  struct kvm_mmu_page *child;
50 
51  child = page_header(ent[i] & PT64_BASE_ADDR_MASK);
52  __mmu_spte_walk(vcpu, child, fn, level - 1);
53  }
54  }
55 }
56 
57 static void mmu_spte_walk(struct kvm_vcpu *vcpu, inspect_spte_fn fn)
58 {
59  int i;
60  struct kvm_mmu_page *sp;
61 
62  if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
63  return;
64 
65  if (vcpu->arch.mmu.root_level == PT64_ROOT_LEVEL) {
66  hpa_t root = vcpu->arch.mmu.root_hpa;
67 
68  sp = page_header(root);
69  __mmu_spte_walk(vcpu, sp, fn, PT64_ROOT_LEVEL);
70  return;
71  }
72 
73  for (i = 0; i < 4; ++i) {
74  hpa_t root = vcpu->arch.mmu.pae_root[i];
75 
76  if (root && VALID_PAGE(root)) {
77  root &= PT64_BASE_ADDR_MASK;
78  sp = page_header(root);
79  __mmu_spte_walk(vcpu, sp, fn, 2);
80  }
81  }
82 
83  return;
84 }
85 
86 typedef void (*sp_handler) (struct kvm *kvm, struct kvm_mmu_page *sp);
87 
88 static void walk_all_active_sps(struct kvm *kvm, sp_handler fn)
89 {
90  struct kvm_mmu_page *sp;
91 
92  list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link)
93  fn(kvm, sp);
94 }
95 
96 static void audit_mappings(struct kvm_vcpu *vcpu, u64 *sptep, int level)
97 {
98  struct kvm_mmu_page *sp;
99  gfn_t gfn;
100  pfn_t pfn;
101  hpa_t hpa;
102 
103  sp = page_header(__pa(sptep));
104 
105  if (sp->unsync) {
106  if (level != PT_PAGE_TABLE_LEVEL) {
107  audit_printk(vcpu->kvm, "unsync sp: %p "
108  "level = %d\n", sp, level);
109  return;
110  }
111  }
112 
113  if (!is_shadow_present_pte(*sptep) || !is_last_spte(*sptep, level))
114  return;
115 
116  gfn = kvm_mmu_page_get_gfn(sp, sptep - sp->spt);
117  pfn = gfn_to_pfn_atomic(vcpu->kvm, gfn);
118 
119  if (is_error_pfn(pfn))
120  return;
121 
122  hpa = pfn << PAGE_SHIFT;
123  if ((*sptep & PT64_BASE_ADDR_MASK) != hpa)
124  audit_printk(vcpu->kvm, "levels %d pfn %llx hpa %llx "
125  "ent %llxn", vcpu->arch.mmu.root_level, pfn,
126  hpa, *sptep);
127 }
128 
129 static void inspect_spte_has_rmap(struct kvm *kvm, u64 *sptep)
130 {
131  static DEFINE_RATELIMIT_STATE(ratelimit_state, 5 * HZ, 10);
132  unsigned long *rmapp;
133  struct kvm_mmu_page *rev_sp;
134  gfn_t gfn;
135 
136  rev_sp = page_header(__pa(sptep));
137  gfn = kvm_mmu_page_get_gfn(rev_sp, sptep - rev_sp->spt);
138 
139  if (!gfn_to_memslot(kvm, gfn)) {
140  if (!__ratelimit(&ratelimit_state))
141  return;
142  audit_printk(kvm, "no memslot for gfn %llx\n", gfn);
143  audit_printk(kvm, "index %ld of sp (gfn=%llx)\n",
144  (long int)(sptep - rev_sp->spt), rev_sp->gfn);
145  dump_stack();
146  return;
147  }
148 
149  rmapp = gfn_to_rmap(kvm, gfn, rev_sp->role.level);
150  if (!*rmapp) {
151  if (!__ratelimit(&ratelimit_state))
152  return;
153  audit_printk(kvm, "no rmap for writable spte %llx\n",
154  *sptep);
155  dump_stack();
156  }
157 }
158 
159 static void audit_sptes_have_rmaps(struct kvm_vcpu *vcpu, u64 *sptep, int level)
160 {
161  if (is_shadow_present_pte(*sptep) && is_last_spte(*sptep, level))
162  inspect_spte_has_rmap(vcpu->kvm, sptep);
163 }
164 
165 static void audit_spte_after_sync(struct kvm_vcpu *vcpu, u64 *sptep, int level)
166 {
167  struct kvm_mmu_page *sp = page_header(__pa(sptep));
168 
169  if (vcpu->kvm->arch.audit_point == AUDIT_POST_SYNC && sp->unsync)
170  audit_printk(vcpu->kvm, "meet unsync sp(%p) after sync "
171  "root.\n", sp);
172 }
173 
174 static void check_mappings_rmap(struct kvm *kvm, struct kvm_mmu_page *sp)
175 {
176  int i;
177 
178  if (sp->role.level != PT_PAGE_TABLE_LEVEL)
179  return;
180 
181  for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
182  if (!is_rmap_spte(sp->spt[i]))
183  continue;
184 
185  inspect_spte_has_rmap(kvm, sp->spt + i);
186  }
187 }
188 
189 static void audit_write_protection(struct kvm *kvm, struct kvm_mmu_page *sp)
190 {
191  unsigned long *rmapp;
192  u64 *sptep;
193  struct rmap_iterator iter;
194 
195  if (sp->role.direct || sp->unsync || sp->role.invalid)
196  return;
197 
198  rmapp = gfn_to_rmap(kvm, sp->gfn, PT_PAGE_TABLE_LEVEL);
199 
200  for (sptep = rmap_get_first(*rmapp, &iter); sptep;
201  sptep = rmap_get_next(&iter)) {
202  if (is_writable_pte(*sptep))
203  audit_printk(kvm, "shadow page has writable "
204  "mappings: gfn %llx role %x\n",
205  sp->gfn, sp->role.word);
206  }
207 }
208 
209 static void audit_sp(struct kvm *kvm, struct kvm_mmu_page *sp)
210 {
211  check_mappings_rmap(kvm, sp);
212  audit_write_protection(kvm, sp);
213 }
214 
215 static void audit_all_active_sps(struct kvm *kvm)
216 {
217  walk_all_active_sps(kvm, audit_sp);
218 }
219 
220 static void audit_spte(struct kvm_vcpu *vcpu, u64 *sptep, int level)
221 {
222  audit_sptes_have_rmaps(vcpu, sptep, level);
223  audit_mappings(vcpu, sptep, level);
224  audit_spte_after_sync(vcpu, sptep, level);
225 }
226 
227 static void audit_vcpu_spte(struct kvm_vcpu *vcpu)
228 {
229  mmu_spte_walk(vcpu, audit_spte);
230 }
231 
232 static bool mmu_audit;
233 static struct static_key mmu_audit_key;
234 
235 static void __kvm_mmu_audit(struct kvm_vcpu *vcpu, int point)
236 {
237  static DEFINE_RATELIMIT_STATE(ratelimit_state, 5 * HZ, 10);
238 
239  if (!__ratelimit(&ratelimit_state))
240  return;
241 
242  vcpu->kvm->arch.audit_point = point;
243  audit_all_active_sps(vcpu->kvm);
244  audit_vcpu_spte(vcpu);
245 }
246 
247 static inline void kvm_mmu_audit(struct kvm_vcpu *vcpu, int point)
248 {
249  if (static_key_false((&mmu_audit_key)))
250  __kvm_mmu_audit(vcpu, point);
251 }
252 
253 static void mmu_audit_enable(void)
254 {
255  if (mmu_audit)
256  return;
257 
258  static_key_slow_inc(&mmu_audit_key);
259  mmu_audit = true;
260 }
261 
262 static void mmu_audit_disable(void)
263 {
264  if (!mmu_audit)
265  return;
266 
267  static_key_slow_dec(&mmu_audit_key);
268  mmu_audit = false;
269 }
270 
271 static int mmu_audit_set(const char *val, const struct kernel_param *kp)
272 {
273  int ret;
274  unsigned long enable;
275 
276  ret = strict_strtoul(val, 10, &enable);
277  if (ret < 0)
278  return -EINVAL;
279 
280  switch (enable) {
281  case 0:
282  mmu_audit_disable();
283  break;
284  case 1:
285  mmu_audit_enable();
286  break;
287  default:
288  return -EINVAL;
289  }
290 
291  return 0;
292 }
293 
294 static struct kernel_param_ops audit_param_ops = {
295  .set = mmu_audit_set,
296  .get = param_get_bool,
297 };
298 
299 module_param_cb(mmu_audit, &audit_param_ops, &mmu_audit, 0644);
Generated on Thu Jan 10 2013 13:21:10 for Linux Kernel by   doxygen 1.8.2