/*
   * Kernel-based Virtual Machine driver for Linux
   *
   * This module enables machines with Intel VT-x extensions to run virtual
   * machines without emulation or binary translation.
   *
   * Copyright (C) 2006 Qumranet, Inc.

   * Copyright 2010 Red Hat, Inc. and/or its affiliates.

   *
   * Authors:
   *   Avi Kivity   <avi@qumranet.com>
   *   Yaniv Kamay  <yaniv@qumranet.com>
   *
   * This work is licensed under the terms of the GNU GPL, version 2.  See
   * the COPYING file in the top-level directory.
   *
   */

  #include "iodev.h"

  #include <linux/kvm_host.h>

  #include <linux/kvm.h>
  #include <linux/module.h>
  #include <linux/errno.h>

  #include <linux/percpu.h>

  #include <linux/mm.h>
  #include <linux/miscdevice.h>
  #include <linux/vmalloc.h>

  #include <linux/reboot.h>

  #include <linux/debugfs.h>
  #include <linux/highmem.h>
  #include <linux/file.h>

  #include <linux/syscore_ops.h>

  #include <linux/cpu.h>

  #include <linux/sched.h>

  #include <linux/cpumask.h>
  #include <linux/smp.h>

  #include <linux/anon_inodes.h>

  #include <linux/profile.h>

  #include <linux/kvm_para.h>

  #include <linux/pagemap.h>

  #include <linux/mman.h>

  #include <linux/swap.h>

  #include <linux/bitops.h>

  #include <linux/spinlock.h>

  #include <linux/compat.h>

  #include <linux/srcu.h>

  #include <linux/hugetlb.h>

  #include <linux/slab.h>

  #include <asm/processor.h>

  #include <asm/io.h>
  #include <asm/uaccess.h>

  #include <asm/pgtable.h>

  #include "coalesced_mmio.h"

  #include "async_pf.h"

  #define CREATE_TRACE_POINTS
  #include <trace/events/kvm.h>

  MODULE_AUTHOR("Qumranet");
  MODULE_LICENSE("GPL");

  /*
   * Ordering of locks:
   *

   * 		kvm->lock --> kvm->slots_lock --> kvm->irq_lock

   */

  DEFINE_RAW_SPINLOCK(kvm_lock);

  LIST_HEAD(vm_list);

  static cpumask_var_t cpus_hardware_enabled;

  static int kvm_usage_count = 0;
  static atomic_t hardware_enable_failed;

  struct kmem_cache *kvm_vcpu_cache;
  EXPORT_SYMBOL_GPL(kvm_vcpu_cache);

  static __read_mostly struct preempt_ops kvm_preempt_ops;

  struct dentry *kvm_debugfs_dir;

  static long kvm_vcpu_ioctl(struct file *file, unsigned int ioctl,
  			   unsigned long arg);

  #ifdef CONFIG_COMPAT
  static long kvm_vcpu_compat_ioctl(struct file *file, unsigned int ioctl,
  				  unsigned long arg);
  #endif

  static int hardware_enable_all(void);
  static void hardware_disable_all(void);

  static void kvm_io_bus_destroy(struct kvm_io_bus *bus);

  bool kvm_rebooting;
  EXPORT_SYMBOL_GPL(kvm_rebooting);

  static bool largepages_enabled = true;

  static struct page *hwpoison_page;
  static pfn_t hwpoison_pfn;

  struct page *fault_page;
  pfn_t fault_pfn;

  inline int kvm_is_mmio_pfn(pfn_t pfn)

  {

  	if (pfn_valid(pfn)) {

  		int reserved;

  		struct page *tail = pfn_to_page(pfn);

  		struct page *head = compound_trans_head(tail);
  		reserved = PageReserved(head);

  		if (head != tail) {

  			/*

  			 * "head" is not a dangling pointer
  			 * (compound_trans_head takes care of that)
  			 * but the hugepage may have been splitted
  			 * from under us (and we may not hold a
  			 * reference count on the head page so it can
  			 * be reused before we run PageReferenced), so
  			 * we've to check PageTail before returning
  			 * what we just read.

  			 */

  			smp_rmb();
  			if (PageTail(tail))
  				return reserved;

  		}
  		return PageReserved(tail);

  	}

  
  	return true;
  }

  /*
   * Switches to specified vcpu, until a matching vcpu_put()
   */

  void vcpu_load(struct kvm_vcpu *vcpu)

  {

  	int cpu;

  	mutex_lock(&vcpu->mutex);

  	if (unlikely(vcpu->pid != current->pids[PIDTYPE_PID].pid)) {
  		/* The thread running this VCPU changed. */
  		struct pid *oldpid = vcpu->pid;
  		struct pid *newpid = get_task_pid(current, PIDTYPE_PID);
  		rcu_assign_pointer(vcpu->pid, newpid);
  		synchronize_rcu();
  		put_pid(oldpid);
  	}

  	cpu = get_cpu();
  	preempt_notifier_register(&vcpu->preempt_notifier);

  	kvm_arch_vcpu_load(vcpu, cpu);

  	put_cpu();

  }

  void vcpu_put(struct kvm_vcpu *vcpu)

  {

  	preempt_disable();

  	kvm_arch_vcpu_put(vcpu);

  	preempt_notifier_unregister(&vcpu->preempt_notifier);
  	preempt_enable();

  	mutex_unlock(&vcpu->mutex);
  }

  static void ack_flush(void *_completed)
  {

  }

  static bool make_all_cpus_request(struct kvm *kvm, unsigned int req)

  {

  	int i, cpu, me;

  	cpumask_var_t cpus;
  	bool called = true;

  	struct kvm_vcpu *vcpu;

  	zalloc_cpumask_var(&cpus, GFP_ATOMIC);

  	me = get_cpu();

  	kvm_for_each_vcpu(i, vcpu, kvm) {

  		kvm_make_request(req, vcpu);

  		cpu = vcpu->cpu;

  
  		/* Set ->requests bit before we read ->mode */
  		smp_mb();
  
  		if (cpus != NULL && cpu != -1 && cpu != me &&
  		      kvm_vcpu_exiting_guest_mode(vcpu) != OUTSIDE_GUEST_MODE)

  			cpumask_set_cpu(cpu, cpus);

  	}

  	if (unlikely(cpus == NULL))
  		smp_call_function_many(cpu_online_mask, ack_flush, NULL, 1);
  	else if (!cpumask_empty(cpus))
  		smp_call_function_many(cpus, ack_flush, NULL, 1);
  	else
  		called = false;

  	put_cpu();

  	free_cpumask_var(cpus);

  	return called;

  }

  void kvm_flush_remote_tlbs(struct kvm *kvm)

  {

  	int dirty_count = kvm->tlbs_dirty;
  
  	smp_mb();

  	if (make_all_cpus_request(kvm, KVM_REQ_TLB_FLUSH))
  		++kvm->stat.remote_tlb_flush;

  	cmpxchg(&kvm->tlbs_dirty, dirty_count, 0);

  }

  void kvm_reload_remote_mmus(struct kvm *kvm)
  {
  	make_all_cpus_request(kvm, KVM_REQ_MMU_RELOAD);
  }

  int kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
  {
  	struct page *page;
  	int r;
  
  	mutex_init(&vcpu->mutex);
  	vcpu->cpu = -1;

  	vcpu->kvm = kvm;
  	vcpu->vcpu_id = id;

  	vcpu->pid = NULL;

  	init_waitqueue_head(&vcpu->wq);

  	kvm_async_pf_vcpu_init(vcpu);

  
  	page = alloc_page(GFP_KERNEL | __GFP_ZERO);
  	if (!page) {
  		r = -ENOMEM;
  		goto fail;
  	}
  	vcpu->run = page_address(page);

  	r = kvm_arch_vcpu_init(vcpu);

  	if (r < 0)

  		goto fail_free_run;

  	return 0;

  fail_free_run:
  	free_page((unsigned long)vcpu->run);
  fail:

  	return r;

  }
  EXPORT_SYMBOL_GPL(kvm_vcpu_init);
  
  void kvm_vcpu_uninit(struct kvm_vcpu *vcpu)
  {

  	put_pid(vcpu->pid);

  	kvm_arch_vcpu_uninit(vcpu);

  	free_page((unsigned long)vcpu->run);
  }
  EXPORT_SYMBOL_GPL(kvm_vcpu_uninit);

  #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
  static inline struct kvm *mmu_notifier_to_kvm(struct mmu_notifier *mn)
  {
  	return container_of(mn, struct kvm, mmu_notifier);
  }
  
  static void kvm_mmu_notifier_invalidate_page(struct mmu_notifier *mn,
  					     struct mm_struct *mm,
  					     unsigned long address)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);

  	int need_tlb_flush, idx;

  
  	/*
  	 * When ->invalidate_page runs, the linux pte has been zapped
  	 * already but the page is still allocated until
  	 * ->invalidate_page returns. So if we increase the sequence
  	 * here the kvm page fault will notice if the spte can't be
  	 * established because the page is going to be freed. If
  	 * instead the kvm page fault establishes the spte before
  	 * ->invalidate_page runs, kvm_unmap_hva will release it
  	 * before returning.
  	 *
  	 * The sequence increase only need to be seen at spin_unlock
  	 * time, and not at spin_lock time.
  	 *
  	 * Increasing the sequence after the spin_unlock would be
  	 * unsafe because the kvm page fault could then establish the
  	 * pte after kvm_unmap_hva returned, without noticing the page
  	 * is going to be freed.
  	 */

  	idx = srcu_read_lock(&kvm->srcu);

  	spin_lock(&kvm->mmu_lock);
  	kvm->mmu_notifier_seq++;

  	need_tlb_flush = kvm_unmap_hva(kvm, address) | kvm->tlbs_dirty;

  	spin_unlock(&kvm->mmu_lock);

  	srcu_read_unlock(&kvm->srcu, idx);

  
  	/* we've to flush the tlb before the pages can be freed */
  	if (need_tlb_flush)
  		kvm_flush_remote_tlbs(kvm);
  
  }

  static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
  					struct mm_struct *mm,
  					unsigned long address,
  					pte_t pte)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);

  	int idx;

  	idx = srcu_read_lock(&kvm->srcu);

  	spin_lock(&kvm->mmu_lock);
  	kvm->mmu_notifier_seq++;
  	kvm_set_spte_hva(kvm, address, pte);
  	spin_unlock(&kvm->mmu_lock);

  	srcu_read_unlock(&kvm->srcu, idx);

  }

  static void kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn,
  						    struct mm_struct *mm,
  						    unsigned long start,
  						    unsigned long end)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);

  	int need_tlb_flush = 0, idx;

  	idx = srcu_read_lock(&kvm->srcu);

  	spin_lock(&kvm->mmu_lock);
  	/*
  	 * The count increase must become visible at unlock time as no
  	 * spte can be established without taking the mmu_lock and
  	 * count is also read inside the mmu_lock critical section.
  	 */
  	kvm->mmu_notifier_count++;
  	for (; start < end; start += PAGE_SIZE)
  		need_tlb_flush |= kvm_unmap_hva(kvm, start);

  	need_tlb_flush |= kvm->tlbs_dirty;

  	spin_unlock(&kvm->mmu_lock);

  	srcu_read_unlock(&kvm->srcu, idx);

  
  	/* we've to flush the tlb before the pages can be freed */
  	if (need_tlb_flush)
  		kvm_flush_remote_tlbs(kvm);
  }
  
  static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn,
  						  struct mm_struct *mm,
  						  unsigned long start,
  						  unsigned long end)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);
  
  	spin_lock(&kvm->mmu_lock);
  	/*
  	 * This sequence increase will notify the kvm page fault that
  	 * the page that is going to be mapped in the spte could have
  	 * been freed.
  	 */
  	kvm->mmu_notifier_seq++;
  	/*
  	 * The above sequence increase must be visible before the
  	 * below count decrease but both values are read by the kvm
  	 * page fault under mmu_lock spinlock so we don't need to add
  	 * a smb_wmb() here in between the two.
  	 */
  	kvm->mmu_notifier_count--;
  	spin_unlock(&kvm->mmu_lock);
  
  	BUG_ON(kvm->mmu_notifier_count < 0);
  }
  
  static int kvm_mmu_notifier_clear_flush_young(struct mmu_notifier *mn,
  					      struct mm_struct *mm,
  					      unsigned long address)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);

  	int young, idx;

  	idx = srcu_read_lock(&kvm->srcu);

  	spin_lock(&kvm->mmu_lock);
  	young = kvm_age_hva(kvm, address);
  	spin_unlock(&kvm->mmu_lock);

  	srcu_read_unlock(&kvm->srcu, idx);

  
  	if (young)
  		kvm_flush_remote_tlbs(kvm);
  
  	return young;
  }

  static int kvm_mmu_notifier_test_young(struct mmu_notifier *mn,
  				       struct mm_struct *mm,
  				       unsigned long address)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);
  	int young, idx;
  
  	idx = srcu_read_lock(&kvm->srcu);
  	spin_lock(&kvm->mmu_lock);
  	young = kvm_test_age_hva(kvm, address);
  	spin_unlock(&kvm->mmu_lock);
  	srcu_read_unlock(&kvm->srcu, idx);
  
  	return young;
  }

  static void kvm_mmu_notifier_release(struct mmu_notifier *mn,
  				     struct mm_struct *mm)
  {
  	struct kvm *kvm = mmu_notifier_to_kvm(mn);

  	int idx;
  
  	idx = srcu_read_lock(&kvm->srcu);

  	kvm_arch_flush_shadow(kvm);

  	srcu_read_unlock(&kvm->srcu, idx);

  }

  static const struct mmu_notifier_ops kvm_mmu_notifier_ops = {
  	.invalidate_page	= kvm_mmu_notifier_invalidate_page,
  	.invalidate_range_start	= kvm_mmu_notifier_invalidate_range_start,
  	.invalidate_range_end	= kvm_mmu_notifier_invalidate_range_end,
  	.clear_flush_young	= kvm_mmu_notifier_clear_flush_young,

  	.test_young		= kvm_mmu_notifier_test_young,

  	.change_pte		= kvm_mmu_notifier_change_pte,

  	.release		= kvm_mmu_notifier_release,

  };

  
  static int kvm_init_mmu_notifier(struct kvm *kvm)
  {
  	kvm->mmu_notifier.ops = &kvm_mmu_notifier_ops;
  	return mmu_notifier_register(&kvm->mmu_notifier, current->mm);
  }
  
  #else  /* !(CONFIG_MMU_NOTIFIER && KVM_ARCH_WANT_MMU_NOTIFIER) */
  
  static int kvm_init_mmu_notifier(struct kvm *kvm)
  {
  	return 0;
  }

  #endif /* CONFIG_MMU_NOTIFIER && KVM_ARCH_WANT_MMU_NOTIFIER */

  static struct kvm *kvm_create_vm(void)

  {

  	int r, i;
  	struct kvm *kvm = kvm_arch_alloc_vm();

  	if (!kvm)
  		return ERR_PTR(-ENOMEM);
  
  	r = kvm_arch_init_vm(kvm);
  	if (r)
  		goto out_err_nodisable;

  
  	r = hardware_enable_all();
  	if (r)
  		goto out_err_nodisable;

  #ifdef CONFIG_HAVE_KVM_IRQCHIP
  	INIT_HLIST_HEAD(&kvm->mask_notifier_list);

  	INIT_HLIST_HEAD(&kvm->irq_ack_notifier_list);

  #endif

  	r = -ENOMEM;
  	kvm->memslots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
  	if (!kvm->memslots)

  		goto out_err_nosrcu;

  	if (init_srcu_struct(&kvm->srcu))

  		goto out_err_nosrcu;

  	for (i = 0; i < KVM_NR_BUSES; i++) {
  		kvm->buses[i] = kzalloc(sizeof(struct kvm_io_bus),
  					GFP_KERNEL);

  		if (!kvm->buses[i])

  			goto out_err;

  	}

  	spin_lock_init(&kvm->mmu_lock);

  	kvm->mm = current->mm;
  	atomic_inc(&kvm->mm->mm_count);

  	kvm_eventfd_init(kvm);

  	mutex_init(&kvm->lock);

  	mutex_init(&kvm->irq_lock);

  	mutex_init(&kvm->slots_lock);

  	atomic_set(&kvm->users_count, 1);

  
  	r = kvm_init_mmu_notifier(kvm);
  	if (r)
  		goto out_err;

  	raw_spin_lock(&kvm_lock);

  	list_add(&kvm->vm_list, &vm_list);

  	raw_spin_unlock(&kvm_lock);

  	return kvm;

  
  out_err:

  	cleanup_srcu_struct(&kvm->srcu);
  out_err_nosrcu:

  	hardware_disable_all();
  out_err_nodisable:

  	for (i = 0; i < KVM_NR_BUSES; i++)
  		kfree(kvm->buses[i]);

  	kfree(kvm->memslots);

  	kvm_arch_free_vm(kvm);

  	return ERR_PTR(r);

  }

  static void kvm_destroy_dirty_bitmap(struct kvm_memory_slot *memslot)
  {
  	if (!memslot->dirty_bitmap)
  		return;

  	if (2 * kvm_dirty_bitmap_bytes(memslot) > PAGE_SIZE)
  		vfree(memslot->dirty_bitmap_head);
  	else
  		kfree(memslot->dirty_bitmap_head);

  	memslot->dirty_bitmap = NULL;

  	memslot->dirty_bitmap_head = NULL;

  }

  /*
   * Free any memory in @free but not in @dont.
   */
  static void kvm_free_physmem_slot(struct kvm_memory_slot *free,
  				  struct kvm_memory_slot *dont)
  {

  	int i;

  	if (!dont || free->rmap != dont->rmap)
  		vfree(free->rmap);

  
  	if (!dont || free->dirty_bitmap != dont->dirty_bitmap)

  		kvm_destroy_dirty_bitmap(free);

  
  	for (i = 0; i < KVM_NR_PAGE_SIZES - 1; ++i) {
  		if (!dont || free->lpage_info[i] != dont->lpage_info[i]) {
  			vfree(free->lpage_info[i]);
  			free->lpage_info[i] = NULL;
  		}
  	}

  	free->npages = 0;

  	free->rmap = NULL;

  }

  void kvm_free_physmem(struct kvm *kvm)

  {
  	int i;

  	struct kvm_memslots *slots = kvm->memslots;
  
  	for (i = 0; i < slots->nmemslots; ++i)
  		kvm_free_physmem_slot(&slots->memslots[i], NULL);

  	kfree(kvm->memslots);

  }

  static void kvm_destroy_vm(struct kvm *kvm)
  {

  	int i;

  	struct mm_struct *mm = kvm->mm;

  	kvm_arch_sync_events(kvm);

  	raw_spin_lock(&kvm_lock);

  	list_del(&kvm->vm_list);

  	raw_spin_unlock(&kvm_lock);

  	kvm_free_irq_routing(kvm);

  	for (i = 0; i < KVM_NR_BUSES; i++)
  		kvm_io_bus_destroy(kvm->buses[i]);

  	kvm_coalesced_mmio_free(kvm);

  #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
  	mmu_notifier_unregister(&kvm->mmu_notifier, kvm->mm);

  #else
  	kvm_arch_flush_shadow(kvm);

  #endif

  	kvm_arch_destroy_vm(kvm);

  	kvm_free_physmem(kvm);
  	cleanup_srcu_struct(&kvm->srcu);
  	kvm_arch_free_vm(kvm);

  	hardware_disable_all();

  	mmdrop(mm);

  }

  void kvm_get_kvm(struct kvm *kvm)
  {
  	atomic_inc(&kvm->users_count);
  }
  EXPORT_SYMBOL_GPL(kvm_get_kvm);
  
  void kvm_put_kvm(struct kvm *kvm)
  {
  	if (atomic_dec_and_test(&kvm->users_count))
  		kvm_destroy_vm(kvm);
  }
  EXPORT_SYMBOL_GPL(kvm_put_kvm);

  static int kvm_vm_release(struct inode *inode, struct file *filp)
  {
  	struct kvm *kvm = filp->private_data;

  	kvm_irqfd_release(kvm);

  	kvm_put_kvm(kvm);

  	return 0;
  }

  #ifndef CONFIG_S390

  /*
   * Allocation size is twice as large as the actual dirty bitmap size.
   * This makes it possible to do double buffering: see x86's
   * kvm_vm_ioctl_get_dirty_log().
   */

  static int kvm_create_dirty_bitmap(struct kvm_memory_slot *memslot)
  {

  	unsigned long dirty_bytes = 2 * kvm_dirty_bitmap_bytes(memslot);

  	if (dirty_bytes > PAGE_SIZE)
  		memslot->dirty_bitmap = vzalloc(dirty_bytes);
  	else
  		memslot->dirty_bitmap = kzalloc(dirty_bytes, GFP_KERNEL);

  	if (!memslot->dirty_bitmap)
  		return -ENOMEM;

  	memslot->dirty_bitmap_head = memslot->dirty_bitmap;

  	return 0;
  }

  #endif /* !CONFIG_S390 */

  /*

   * Allocate some memory and give it an address in the guest physical address
   * space.
   *
   * Discontiguous memory is allowed, mostly for framebuffers.

   *

   * Must be called holding mmap_sem for write.

   */

  int __kvm_set_memory_region(struct kvm *kvm,
  			    struct kvm_userspace_memory_region *mem,
  			    int user_alloc)

  {

  	int r;

  	gfn_t base_gfn;

  	unsigned long npages;
  	unsigned long i;

  	struct kvm_memory_slot *memslot;
  	struct kvm_memory_slot old, new;

  	struct kvm_memslots *slots, *old_memslots;

  
  	r = -EINVAL;
  	/* General sanity checks */
  	if (mem->memory_size & (PAGE_SIZE - 1))
  		goto out;
  	if (mem->guest_phys_addr & (PAGE_SIZE - 1))
  		goto out;

  	/* We can read the guest memory with __xxx_user() later on. */
  	if (user_alloc &&
  	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||

  	     !access_ok(VERIFY_WRITE,
  			(void __user *)(unsigned long)mem->userspace_addr,
  			mem->memory_size)))

  		goto out;

  	if (mem->slot >= KVM_MEMORY_SLOTS + KVM_PRIVATE_MEM_SLOTS)

  		goto out;
  	if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)
  		goto out;

  	memslot = &kvm->memslots->memslots[mem->slot];

  	base_gfn = mem->guest_phys_addr >> PAGE_SHIFT;
  	npages = mem->memory_size >> PAGE_SHIFT;

  	r = -EINVAL;
  	if (npages > KVM_MEM_MAX_NR_PAGES)
  		goto out;

  	if (!npages)
  		mem->flags &= ~KVM_MEM_LOG_DIRTY_PAGES;

  	new = old = *memslot;

  	new.id = mem->slot;

  	new.base_gfn = base_gfn;
  	new.npages = npages;
  	new.flags = mem->flags;
  
  	/* Disallow changing a memory slot's size. */
  	r = -EINVAL;
  	if (npages && old.npages && npages != old.npages)

  		goto out_free;

  
  	/* Check for overlaps */
  	r = -EEXIST;
  	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {

  		struct kvm_memory_slot *s = &kvm->memslots->memslots[i];

  		if (s == memslot || !s->npages)

  			continue;
  		if (!((base_gfn + npages <= s->base_gfn) ||
  		      (base_gfn >= s->base_gfn + s->npages)))

  			goto out_free;

  	}

  	/* Free page dirty bitmap if unneeded */
  	if (!(new.flags & KVM_MEM_LOG_DIRTY_PAGES))

  		new.dirty_bitmap = NULL;

  
  	r = -ENOMEM;
  
  	/* Allocate if a slot is being created */

  #ifndef CONFIG_S390

  	if (npages && !new.rmap) {

  		new.rmap = vzalloc(npages * sizeof(*new.rmap));

  
  		if (!new.rmap)

  			goto out_free;

  		new.user_alloc = user_alloc;

  		new.userspace_addr = mem->userspace_addr;

  	}

  	if (!npages)
  		goto skip_lpage;

  	for (i = 0; i < KVM_NR_PAGE_SIZES - 1; ++i) {

  		unsigned long ugfn;
  		unsigned long j;
  		int lpages;

  		int level = i + 2;

  		/* Avoid unused variable warning if no large pages */
  		(void)level;
  
  		if (new.lpage_info[i])
  			continue;

  		lpages = 1 + ((base_gfn + npages - 1)
  			     >> KVM_HPAGE_GFN_SHIFT(level));
  		lpages -= base_gfn >> KVM_HPAGE_GFN_SHIFT(level);

  		new.lpage_info[i] = vzalloc(lpages * sizeof(*new.lpage_info[i]));

  
  		if (!new.lpage_info[i])

  			goto out_free;

  		if (base_gfn & (KVM_PAGES_PER_HPAGE(level) - 1))

  			new.lpage_info[i][0].write_count = 1;

  		if ((base_gfn+npages) & (KVM_PAGES_PER_HPAGE(level) - 1))

  			new.lpage_info[i][lpages - 1].write_count = 1;

  		ugfn = new.userspace_addr >> PAGE_SHIFT;
  		/*
  		 * If the gfn and userspace address are not aligned wrt each

  		 * other, or if explicitly asked to, disable large page
  		 * support for this slot

  		 */

  		if ((base_gfn ^ ugfn) & (KVM_PAGES_PER_HPAGE(level) - 1) ||

  		    !largepages_enabled)

  			for (j = 0; j < lpages; ++j)
  				new.lpage_info[i][j].write_count = 1;

  	}

  skip_lpage:

  	/* Allocate page dirty bitmap if needed */
  	if ((new.flags & KVM_MEM_LOG_DIRTY_PAGES) && !new.dirty_bitmap) {

  		if (kvm_create_dirty_bitmap(&new) < 0)

  			goto out_free;

  		/* destroy any largepage mappings for dirty tracking */

  	}

  #else  /* not defined CONFIG_S390 */
  	new.user_alloc = user_alloc;
  	if (user_alloc)
  		new.userspace_addr = mem->userspace_addr;

  #endif /* not defined CONFIG_S390 */

  	if (!npages) {
  		r = -ENOMEM;
  		slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
  		if (!slots)
  			goto out_free;
  		memcpy(slots, kvm->memslots, sizeof(struct kvm_memslots));
  		if (mem->slot >= slots->nmemslots)
  			slots->nmemslots = mem->slot + 1;

  		slots->generation++;

  		slots->memslots[mem->slot].flags |= KVM_MEMSLOT_INVALID;
  
  		old_memslots = kvm->memslots;
  		rcu_assign_pointer(kvm->memslots, slots);
  		synchronize_srcu_expedited(&kvm->srcu);
  		/* From this point no new shadow pages pointing to a deleted
  		 * memslot will be created.
  		 *
  		 * validation of sp->gfn happens in:
  		 * 	- gfn_to_hva (kvm_read_guest, gfn_to_pfn)
  		 * 	- kvm_is_visible_gfn (mmu_check_roots)
  		 */

  		kvm_arch_flush_shadow(kvm);

  		kfree(old_memslots);
  	}

  	r = kvm_arch_prepare_memory_region(kvm, &new, old, mem, user_alloc);
  	if (r)
  		goto out_free;

  	/* map the pages in iommu page table */
  	if (npages) {
  		r = kvm_iommu_map_pages(kvm, &new);
  		if (r)
  			goto out_free;
  	}

  	r = -ENOMEM;
  	slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
  	if (!slots)
  		goto out_free;
  	memcpy(slots, kvm->memslots, sizeof(struct kvm_memslots));
  	if (mem->slot >= slots->nmemslots)
  		slots->nmemslots = mem->slot + 1;

  	slots->generation++;

  
  	/* actual memory is freed via old in kvm_free_physmem_slot below */
  	if (!npages) {
  		new.rmap = NULL;
  		new.dirty_bitmap = NULL;
  		for (i = 0; i < KVM_NR_PAGE_SIZES - 1; ++i)
  			new.lpage_info[i] = NULL;
  	}
  
  	slots->memslots[mem->slot] = new;
  	old_memslots = kvm->memslots;
  	rcu_assign_pointer(kvm->memslots, slots);
  	synchronize_srcu_expedited(&kvm->srcu);

  	kvm_arch_commit_memory_region(kvm, mem, old, user_alloc);

  	/*
  	 * If the new memory slot is created, we need to clear all
  	 * mmio sptes.
  	 */
  	if (npages && old.base_gfn != mem->guest_phys_addr >> PAGE_SHIFT)
  		kvm_arch_flush_shadow(kvm);

  	kvm_free_physmem_slot(&old, &new);
  	kfree(old_memslots);

  	return 0;

  out_free:

  	kvm_free_physmem_slot(&new, &old);
  out:
  	return r;

  
  }

  EXPORT_SYMBOL_GPL(__kvm_set_memory_region);
  
  int kvm_set_memory_region(struct kvm *kvm,
  			  struct kvm_userspace_memory_region *mem,
  			  int user_alloc)
  {
  	int r;

  	mutex_lock(&kvm->slots_lock);

  	r = __kvm_set_memory_region(kvm, mem, user_alloc);

  	mutex_unlock(&kvm->slots_lock);

  	return r;
  }

  EXPORT_SYMBOL_GPL(kvm_set_memory_region);

  int kvm_vm_ioctl_set_memory_region(struct kvm *kvm,
  				   struct
  				   kvm_userspace_memory_region *mem,
  				   int user_alloc)

  {

  	if (mem->slot >= KVM_MEMORY_SLOTS)
  		return -EINVAL;

  	return kvm_set_memory_region(kvm, mem, user_alloc);

  }

  int kvm_get_dirty_log(struct kvm *kvm,
  			struct kvm_dirty_log *log, int *is_dirty)

  {
  	struct kvm_memory_slot *memslot;
  	int r, i;

  	unsigned long n;

  	unsigned long any = 0;

  	r = -EINVAL;
  	if (log->slot >= KVM_MEMORY_SLOTS)
  		goto out;

  	memslot = &kvm->memslots->memslots[log->slot];

  	r = -ENOENT;
  	if (!memslot->dirty_bitmap)
  		goto out;

  	n = kvm_dirty_bitmap_bytes(memslot);

  	for (i = 0; !any && i < n/sizeof(long); ++i)

  		any = memslot->dirty_bitmap[i];
  
  	r = -EFAULT;
  	if (copy_to_user(log->dirty_bitmap, memslot->dirty_bitmap, n))
  		goto out;

  	if (any)
  		*is_dirty = 1;

  
  	r = 0;

  out:

  	return r;
  }

  void kvm_disable_largepages(void)
  {
  	largepages_enabled = false;
  }
  EXPORT_SYMBOL_GPL(kvm_disable_largepages);

  int is_error_page(struct page *page)
  {

  	return page == bad_page || page == hwpoison_page || page == fault_page;

  }
  EXPORT_SYMBOL_GPL(is_error_page);

  int is_error_pfn(pfn_t pfn)
  {

  	return pfn == bad_pfn || pfn == hwpoison_pfn || pfn == fault_pfn;

  }
  EXPORT_SYMBOL_GPL(is_error_pfn);

  int is_hwpoison_pfn(pfn_t pfn)
  {
  	return pfn == hwpoison_pfn;
  }
  EXPORT_SYMBOL_GPL(is_hwpoison_pfn);

  int is_fault_pfn(pfn_t pfn)
  {
  	return pfn == fault_pfn;
  }
  EXPORT_SYMBOL_GPL(is_fault_pfn);

  int is_noslot_pfn(pfn_t pfn)
  {
  	return pfn == bad_pfn;
  }
  EXPORT_SYMBOL_GPL(is_noslot_pfn);
  
  int is_invalid_pfn(pfn_t pfn)
  {
  	return pfn == hwpoison_pfn || pfn == fault_pfn;
  }
  EXPORT_SYMBOL_GPL(is_invalid_pfn);

  static inline unsigned long bad_hva(void)
  {
  	return PAGE_OFFSET;
  }
  
  int kvm_is_error_hva(unsigned long addr)
  {
  	return addr == bad_hva();
  }
  EXPORT_SYMBOL_GPL(kvm_is_error_hva);

  static struct kvm_memory_slot *__gfn_to_memslot(struct kvm_memslots *slots,
  						gfn_t gfn)

  {
  	int i;

  	for (i = 0; i < slots->nmemslots; ++i) {
  		struct kvm_memory_slot *memslot = &slots->memslots[i];

  
  		if (gfn >= memslot->base_gfn
  		    && gfn < memslot->base_gfn + memslot->npages)
  			return memslot;
  	}

  	return NULL;

  }

  
  struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn)
  {
  	return __gfn_to_memslot(kvm_memslots(kvm), gfn);
  }

  EXPORT_SYMBOL_GPL(gfn_to_memslot);

  int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
  {
  	int i;

  	struct kvm_memslots *slots = kvm_memslots(kvm);

  	for (i = 0; i < KVM_MEMORY_SLOTS; ++i) {

  		struct kvm_memory_slot *memslot = &slots->memslots[i];

  		if (memslot->flags & KVM_MEMSLOT_INVALID)
  			continue;

  		if (gfn >= memslot->base_gfn
  		    && gfn < memslot->base_gfn + memslot->npages)
  			return 1;
  	}
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);

  unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn)
  {
  	struct vm_area_struct *vma;
  	unsigned long addr, size;
  
  	size = PAGE_SIZE;
  
  	addr = gfn_to_hva(kvm, gfn);
  	if (kvm_is_error_hva(addr))
  		return PAGE_SIZE;
  
  	down_read(&current->mm->mmap_sem);
  	vma = find_vma(current->mm, addr);
  	if (!vma)
  		goto out;
  
  	size = vma_kernel_pagesize(vma);
  
  out:
  	up_read(&current->mm->mmap_sem);
  
  	return size;
  }

  static unsigned long gfn_to_hva_many(struct kvm_memory_slot *slot, gfn_t gfn,

  				     gfn_t *nr_pages)

  {

  	if (!slot || slot->flags & KVM_MEMSLOT_INVALID)

  		return bad_hva();

  
  	if (nr_pages)
  		*nr_pages = slot->npages - (gfn - slot->base_gfn);

  	return gfn_to_hva_memslot(slot, gfn);

  }

  
  unsigned long gfn_to_hva(struct kvm *kvm, gfn_t gfn)
  {

  	return gfn_to_hva_many(gfn_to_memslot(kvm, gfn), gfn, NULL);

  }

  EXPORT_SYMBOL_GPL(gfn_to_hva);

  static pfn_t get_fault_pfn(void)
  {
  	get_page(fault_page);
  	return fault_pfn;
  }

  int get_user_page_nowait(struct task_struct *tsk, struct mm_struct *mm,
  	unsigned long start, int write, struct page **page)
  {
  	int flags = FOLL_TOUCH | FOLL_NOWAIT | FOLL_HWPOISON | FOLL_GET;
  
  	if (write)
  		flags |= FOLL_WRITE;
  
  	return __get_user_pages(tsk, mm, start, 1, flags, page, NULL, NULL);
  }

  static inline int check_user_page_hwpoison(unsigned long addr)
  {
  	int rc, flags = FOLL_TOUCH | FOLL_HWPOISON | FOLL_WRITE;
  
  	rc = __get_user_pages(current, current->mm, addr, 1,
  			      flags, NULL, NULL, NULL);
  	return rc == -EHWPOISON;
  }

  static pfn_t hva_to_pfn(struct kvm *kvm, unsigned long addr, bool atomic,

  			bool *async, bool write_fault, bool *writable)

  {

  	struct page *page[1];

  	int npages = 0;

  	pfn_t pfn;

  	/* we can do it either atomically or asynchronously, not both */
  	BUG_ON(atomic && async);

  	BUG_ON(!write_fault && !writable);
  
  	if (writable)
  		*writable = true;

  	if (atomic || async)

  		npages = __get_user_pages_fast(addr, 1, 1, page);

  
  	if (unlikely(npages != 1) && !atomic) {

  		might_sleep();

  
  		if (writable)
  			*writable = write_fault;

  		if (async) {
  			down_read(&current->mm->mmap_sem);
  			npages = get_user_page_nowait(current, current->mm,
  						     addr, write_fault, page);
  			up_read(&current->mm->mmap_sem);
  		} else
  			npages = get_user_pages_fast(addr, 1, write_fault,
  						     page);

  
  		/* map read fault as writable if possible */
  		if (unlikely(!write_fault) && npages == 1) {
  			struct page *wpage[1];
  
  			npages = __get_user_pages_fast(addr, 1, 1, wpage);
  			if (npages == 1) {
  				*writable = true;
  				put_page(page[0]);
  				page[0] = wpage[0];
  			}
  			npages = 1;
  		}

  	}

  	if (unlikely(npages != 1)) {
  		struct vm_area_struct *vma;

  		if (atomic)

  			return get_fault_pfn();

  		down_read(&current->mm->mmap_sem);

  		if (npages == -EHWPOISON ||
  			(!async && check_user_page_hwpoison(addr))) {

  			up_read(&current->mm->mmap_sem);

  			get_page(hwpoison_page);
  			return page_to_pfn(hwpoison_page);
  		}

  		vma = find_vma_intersection(current->mm, addr, addr+1);

  		if (vma == NULL)
  			pfn = get_fault_pfn();
  		else if ((vma->vm_flags & VM_PFNMAP)) {
  			pfn = ((addr - vma->vm_start) >> PAGE_SHIFT) +
  				vma->vm_pgoff;
  			BUG_ON(!kvm_is_mmio_pfn(pfn));
  		} else {
  			if (async && (vma->vm_flags & VM_WRITE))

  				*async = true;

  			pfn = get_fault_pfn();

  		}

  		up_read(&current->mm->mmap_sem);

  	} else
  		pfn = page_to_pfn(page[0]);

  	return pfn;

  }

  pfn_t hva_to_pfn_atomic(struct kvm *kvm, unsigned long addr)
  {

  	return hva_to_pfn(kvm, addr, true, NULL, true, NULL);

  }
  EXPORT_SYMBOL_GPL(hva_to_pfn_atomic);

  static pfn_t __gfn_to_pfn(struct kvm *kvm, gfn_t gfn, bool atomic, bool *async,
  			  bool write_fault, bool *writable)

  {
  	unsigned long addr;

  	if (async)
  		*async = false;

  	addr = gfn_to_hva(kvm, gfn);
  	if (kvm_is_error_hva(addr)) {
  		get_page(bad_page);
  		return page_to_pfn(bad_page);
  	}

  	return hva_to_pfn(kvm, addr, atomic, async, write_fault, writable);

  }
  
  pfn_t gfn_to_pfn_atomic(struct kvm *kvm, gfn_t gfn)
  {

  	return __gfn_to_pfn(kvm, gfn, true, NULL, true, NULL);

  }
  EXPORT_SYMBOL_GPL(gfn_to_pfn_atomic);

  pfn_t gfn_to_pfn_async(struct kvm *kvm, gfn_t gfn, bool *async,
  		       bool write_fault, bool *writable)

  {

  	return __gfn_to_pfn(kvm, gfn, false, async, write_fault, writable);

  }
  EXPORT_SYMBOL_GPL(gfn_to_pfn_async);

  pfn_t gfn_to_pfn(struct kvm *kvm, gfn_t gfn)
  {

  	return __gfn_to_pfn(kvm, gfn, false, NULL, true, NULL);

  }

  EXPORT_SYMBOL_GPL(gfn_to_pfn);

  pfn_t gfn_to_pfn_prot(struct kvm *kvm, gfn_t gfn, bool write_fault,
  		      bool *writable)
  {
  	return __gfn_to_pfn(kvm, gfn, false, NULL, write_fault, writable);
  }
  EXPORT_SYMBOL_GPL(gfn_to_pfn_prot);

  pfn_t gfn_to_pfn_memslot(struct kvm *kvm,
  			 struct kvm_memory_slot *slot, gfn_t gfn)
  {
  	unsigned long addr = gfn_to_hva_memslot(slot, gfn);

  	return hva_to_pfn(kvm, addr, false, NULL, true, NULL);

  }

  int gfn_to_page_many_atomic(struct kvm *kvm, gfn_t gfn, struct page **pages,
  								  int nr_pages)
  {
  	unsigned long addr;
  	gfn_t entry;

  	addr = gfn_to_hva_many(gfn_to_memslot(kvm, gfn), gfn, &entry);

  	if (kvm_is_error_hva(addr))
  		return -1;
  
  	if (entry < nr_pages)
  		return 0;
  
  	return __get_user_pages_fast(addr, nr_pages, 1, pages);
  }
  EXPORT_SYMBOL_GPL(gfn_to_page_many_atomic);

  struct page *gfn_to_page(struct kvm *kvm, gfn_t gfn)
  {

  	pfn_t pfn;
  
  	pfn = gfn_to_pfn(kvm, gfn);

  	if (!kvm_is_mmio_pfn(pfn))

  		return pfn_to_page(pfn);

  	WARN_ON(kvm_is_mmio_pfn(pfn));

  
  	get_page(bad_page);
  	return bad_page;

  }

  EXPORT_SYMBOL_GPL(gfn_to_page);

  void kvm_release_page_clean(struct page *page)
  {

  	kvm_release_pfn_clean(page_to_pfn(page));

  }
  EXPORT_SYMBOL_GPL(kvm_release_page_clean);

  void kvm_release_pfn_clean(pfn_t pfn)
  {

  	if (!kvm_is_mmio_pfn(pfn))

  		put_page(pfn_to_page(pfn));

  }
  EXPORT_SYMBOL_GPL(kvm_release_pfn_clean);

  void kvm_release_page_dirty(struct page *page)

  {

  	kvm_release_pfn_dirty(page_to_pfn(page));
  }
  EXPORT_SYMBOL_GPL(kvm_release_page_dirty);
  
  void kvm_release_pfn_dirty(pfn_t pfn)
  {
  	kvm_set_pfn_dirty(pfn);
  	kvm_release_pfn_clean(pfn);
  }
  EXPORT_SYMBOL_GPL(kvm_release_pfn_dirty);
  
  void kvm_set_page_dirty(struct page *page)
  {
  	kvm_set_pfn_dirty(page_to_pfn(page));
  }
  EXPORT_SYMBOL_GPL(kvm_set_page_dirty);
  
  void kvm_set_pfn_dirty(pfn_t pfn)
  {

  	if (!kvm_is_mmio_pfn(pfn)) {

  		struct page *page = pfn_to_page(pfn);
  		if (!PageReserved(page))
  			SetPageDirty(page);
  	}

  }

  EXPORT_SYMBOL_GPL(kvm_set_pfn_dirty);
  
  void kvm_set_pfn_accessed(pfn_t pfn)
  {

  	if (!kvm_is_mmio_pfn(pfn))

  		mark_page_accessed(pfn_to_page(pfn));

  }
  EXPORT_SYMBOL_GPL(kvm_set_pfn_accessed);
  
  void kvm_get_pfn(pfn_t pfn)
  {

  	if (!kvm_is_mmio_pfn(pfn))

  		get_page(pfn_to_page(pfn));

  }
  EXPORT_SYMBOL_GPL(kvm_get_pfn);

  static int next_segment(unsigned long len, int offset)
  {
  	if (len > PAGE_SIZE - offset)
  		return PAGE_SIZE - offset;
  	else
  		return len;
  }
  
  int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
  			int len)
  {

  	int r;
  	unsigned long addr;

  	addr = gfn_to_hva(kvm, gfn);
  	if (kvm_is_error_hva(addr))
  		return -EFAULT;

  	r = __copy_from_user(data, (void __user *)addr + offset, len);

  	if (r)

  		return -EFAULT;

  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_read_guest_page);
  
  int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len)
  {
  	gfn_t gfn = gpa >> PAGE_SHIFT;
  	int seg;
  	int offset = offset_in_page(gpa);
  	int ret;
  
  	while ((seg = next_segment(len, offset)) != 0) {
  		ret = kvm_read_guest_page(kvm, gfn, data, offset, seg);
  		if (ret < 0)
  			return ret;
  		offset = 0;
  		len -= seg;
  		data += seg;
  		++gfn;
  	}
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_read_guest);

  int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
  			  unsigned long len)
  {
  	int r;
  	unsigned long addr;
  	gfn_t gfn = gpa >> PAGE_SHIFT;
  	int offset = offset_in_page(gpa);
  
  	addr = gfn_to_hva(kvm, gfn);
  	if (kvm_is_error_hva(addr))
  		return -EFAULT;

  	pagefault_disable();

  	r = __copy_from_user_inatomic(data, (void __user *)addr + offset, len);

  	pagefault_enable();

  	if (r)
  		return -EFAULT;
  	return 0;
  }
  EXPORT_SYMBOL(kvm_read_guest_atomic);

  int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data,
  			 int offset, int len)
  {

  	int r;
  	unsigned long addr;

  	addr = gfn_to_hva(kvm, gfn);
  	if (kvm_is_error_hva(addr))
  		return -EFAULT;

  	r = __copy_to_user((void __user *)addr + offset, data, len);

  	if (r)

  		return -EFAULT;

  	mark_page_dirty(kvm, gfn);
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_write_guest_page);
  
  int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
  		    unsigned long len)
  {
  	gfn_t gfn = gpa >> PAGE_SHIFT;
  	int seg;
  	int offset = offset_in_page(gpa);
  	int ret;
  
  	while ((seg = next_segment(len, offset)) != 0) {
  		ret = kvm_write_guest_page(kvm, gfn, data, offset, seg);
  		if (ret < 0)
  			return ret;
  		offset = 0;
  		len -= seg;
  		data += seg;
  		++gfn;
  	}
  	return 0;
  }

  int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
  			      gpa_t gpa)
  {
  	struct kvm_memslots *slots = kvm_memslots(kvm);
  	int offset = offset_in_page(gpa);
  	gfn_t gfn = gpa >> PAGE_SHIFT;
  
  	ghc->gpa = gpa;
  	ghc->generation = slots->generation;
  	ghc->memslot = __gfn_to_memslot(slots, gfn);
  	ghc->hva = gfn_to_hva_many(ghc->memslot, gfn, NULL);
  	if (!kvm_is_error_hva(ghc->hva))
  		ghc->hva += offset;
  	else
  		return -EFAULT;
  
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_gfn_to_hva_cache_init);
  
  int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
  			   void *data, unsigned long len)
  {
  	struct kvm_memslots *slots = kvm_memslots(kvm);
  	int r;
  
  	if (slots->generation != ghc->generation)
  		kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa);
  
  	if (kvm_is_error_hva(ghc->hva))
  		return -EFAULT;

  	r = __copy_to_user((void __user *)ghc->hva, data, len);

  	if (r)
  		return -EFAULT;
  	mark_page_dirty_in_slot(kvm, ghc->memslot, ghc->gpa >> PAGE_SHIFT);
  
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_write_guest_cached);

  int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
  			   void *data, unsigned long len)
  {
  	struct kvm_memslots *slots = kvm_memslots(kvm);
  	int r;
  
  	if (slots->generation != ghc->generation)
  		kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa);
  
  	if (kvm_is_error_hva(ghc->hva))
  		return -EFAULT;
  
  	r = __copy_from_user(data, (void __user *)ghc->hva, len);
  	if (r)
  		return -EFAULT;
  
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_read_guest_cached);

  int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
  {

  	return kvm_write_guest_page(kvm, gfn, (const void *) empty_zero_page,
  				    offset, len);

  }
  EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
  
  int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len)
  {
  	gfn_t gfn = gpa >> PAGE_SHIFT;
  	int seg;
  	int offset = offset_in_page(gpa);
  	int ret;
  
          while ((seg = next_segment(len, offset)) != 0) {
  		ret = kvm_clear_guest_page(kvm, gfn, offset, seg);
  		if (ret < 0)
  			return ret;
  		offset = 0;
  		len -= seg;
  		++gfn;
  	}
  	return 0;
  }
  EXPORT_SYMBOL_GPL(kvm_clear_guest);

  void mark_page_dirty_in_slot(struct kvm *kvm, struct kvm_memory_slot *memslot,
  			     gfn_t gfn)

  {

  	if (memslot && memslot->dirty_bitmap) {
  		unsigned long rel_gfn = gfn - memslot->base_gfn;

  		__set_bit_le(rel_gfn, memslot->dirty_bitmap);

  	}
  }

  void mark_page_dirty(struct kvm *kvm, gfn_t gfn)
  {
  	struct kvm_memory_slot *memslot;
  
  	memslot = gfn_to_memslot(kvm, gfn);
  	mark_page_dirty_in_slot(kvm, memslot, gfn);
  }

  /*
   * The vCPU has executed a HLT instruction with in-kernel mode enabled.
   */

  void kvm_vcpu_block(struct kvm_vcpu *vcpu)

  {

  	DEFINE_WAIT(wait);
  
  	for (;;) {
  		prepare_to_wait(&vcpu->wq, &wait, TASK_INTERRUPTIBLE);

  		if (kvm_arch_vcpu_runnable(vcpu)) {

  			kvm_make_request(KVM_REQ_UNHALT, vcpu);

  			break;

  		}

  		if (kvm_cpu_has_pending_timer(vcpu))
  			break;

  		if (signal_pending(current))
  			break;

  		schedule();

  	}

  	finish_wait(&vcpu->wq, &wait);

  }

  void kvm_resched(struct kvm_vcpu *vcpu)
  {

  	if (!need_resched())
  		return;

  	cond_resched();

  }
  EXPORT_SYMBOL_GPL(kvm_resched);

  void kvm_vcpu_on_spin(struct kvm_vcpu *me)

  {

  	struct kvm *kvm = me->kvm;
  	struct kvm_vcpu *vcpu;
  	int last_boosted_vcpu = me->kvm->last_boosted_vcpu;
  	int yielded = 0;
  	int pass;
  	int i;

  	/*
  	 * We boost the priority of a VCPU that is runnable but not
  	 * currently running, because it got preempted by something
  	 * else and called schedule in __vcpu_run.  Hopefully that
  	 * VCPU is holding the lock that we need and will release it.
  	 * We approximate round-robin by starting at the last boosted VCPU.
  	 */
  	for (pass = 0; pass < 2 && !yielded; pass++) {
  		kvm_for_each_vcpu(i, vcpu, kvm) {
  			struct task_struct *task = NULL;
  			struct pid *pid;
  			if (!pass && i < last_boosted_vcpu) {
  				i = last_boosted_vcpu;
  				continue;
  			} else if (pass && i > last_boosted_vcpu)
  				break;
  			if (vcpu == me)
  				continue;
  			if (waitqueue_active(&vcpu->wq))
  				continue;
  			rcu_read_lock();
  			pid = rcu_dereference(vcpu->pid);
  			if (pid)
  				task = get_pid_task(vcpu->pid, PIDTYPE_PID);
  			rcu_read_unlock();
  			if (!task)
  				continue;
  			if (task->flags & PF_VCPU) {
  				put_task_struct(task);
  				continue;
  			}
  			if (yield_to(task, 1)) {
  				put_task_struct(task);
  				kvm->last_boosted_vcpu = i;
  				yielded = 1;
  				break;
  			}
  			put_task_struct(task);
  		}
  	}

  }
  EXPORT_SYMBOL_GPL(kvm_vcpu_on_spin);

  static int kvm_vcpu_fault(struct vm_area_struct *vma, struct vm_fault *vmf)

  {
  	struct kvm_vcpu *vcpu = vma->vm_file->private_data;

  	struct page *page;

  	if (vmf->pgoff == 0)

  		page = virt_to_page(vcpu->run);

  #ifdef CONFIG_X86

  	else if (vmf->pgoff == KVM_PIO_PAGE_OFFSET)

  		page = virt_to_page(vcpu->arch.pio_data);

  #endif

  #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
  	else if (vmf->pgoff == KVM_COALESCED_MMIO_PAGE_OFFSET)
  		page = virt_to_page(vcpu->kvm->coalesced_mmio_ring);
  #endif

  	else

  		return VM_FAULT_SIGBUS;

  	get_page(page);

  	vmf->page = page;
  	return 0;

  }

  static const struct vm_operations_struct kvm_vcpu_vm_ops = {

  	.fault = kvm_vcpu_fault,

  };
  
  static int kvm_vcpu_mmap(struct file *file, struct vm_area_struct *vma)
  {
  	vma->vm_ops = &kvm_vcpu_vm_ops;
  	return 0;
  }

  static int kvm_vcpu_release(struct inode *inode, struct file *filp)
  {
  	struct kvm_vcpu *vcpu = filp->private_data;

  	kvm_put_kvm(vcpu->kvm);

  	return 0;
  }

  static struct file_operations kvm_vcpu_fops = {

  	.release        = kvm_vcpu_release,
  	.unlocked_ioctl = kvm_vcpu_ioctl,

  #ifdef CONFIG_COMPAT
  	.compat_ioctl   = kvm_vcpu_compat_ioctl,
  #endif

  	.mmap           = kvm_vcpu_mmap,

  	.llseek		= noop_llseek,

  };
  
  /*
   * Allocates an inode for the vcpu.
   */
  static int create_vcpu_fd(struct kvm_vcpu *vcpu)
  {

  	return anon_inode_getfd("kvm-vcpu", &kvm_vcpu_fops, vcpu, O_RDWR);

  }

  /*
   * Creates some virtual cpus.  Good luck creating more than one.
   */

  static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id)

  {
  	int r;

  	struct kvm_vcpu *vcpu, *v;

  	vcpu = kvm_arch_vcpu_create(kvm, id);

  	if (IS_ERR(vcpu))
  		return PTR_ERR(vcpu);

  	preempt_notifier_init(&vcpu->preempt_notifier, &kvm_preempt_ops);

  	r = kvm_arch_vcpu_setup(vcpu);
  	if (r)

  		goto vcpu_destroy;

  	mutex_lock(&kvm->lock);

  	if (atomic_read(&kvm->online_vcpus) == KVM_MAX_VCPUS) {
  		r = -EINVAL;

  		goto unlock_vcpu_destroy;

  	}

  	kvm_for_each_vcpu(r, v, kvm)
  		if (v->vcpu_id == id) {

  			r = -EEXIST;

  			goto unlock_vcpu_destroy;

  		}
  
  	BUG_ON(kvm->vcpus[atomic_read(&kvm->online_vcpus)]);

  	/* Now it's all set up, let userspace reach it */

  	kvm_get_kvm(kvm);

  	r = create_vcpu_fd(vcpu);

  	if (r < 0) {
  		kvm_put_kvm(kvm);

  		goto unlock_vcpu_destroy;

  	}
  
  	kvm->vcpus[atomic_read(&kvm->online_vcpus)] = vcpu;
  	smp_wmb();
  	atomic_inc(&kvm->online_vcpus);
  
  #ifdef CONFIG_KVM_APIC_ARCHITECTURE
  	if (kvm->bsp_vcpu_id == id)
  		kvm->bsp_vcpu = vcpu;
  #endif
  	mutex_unlock(&kvm->lock);

  	return r;

  unlock_vcpu_destroy: