1 files changed, 136 insertions, 114 deletions

diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c
index b7a924ace684..2a45f0691c9b 100644
--- a/drivers/lguest/page_tables.c
+++ b/drivers/lguest/page_tables.c
@@ -13,6 +13,7 @@
 #include <linux/random.h>
 #include <linux/percpu.h>
 #include <asm/tlbflush.h>
+#include <asm/uaccess.h>
 #include "lg.h"
 
 /*M:008 We hold reference to pages, which prevents them from being swapped.
@@ -44,44 +45,32 @@
  *  (vii) Setting up the page tables initially.
  :*/
 
-/* Pages a 4k long, and each page table entry is 4 bytes long, giving us 1024
- * (or 2^10) entries per page. */
-#define PTES_PER_PAGE_SHIFT 10
-#define PTES_PER_PAGE (1 << PTES_PER_PAGE_SHIFT)
 
 /* 1024 entries in a page table page maps 1024 pages: 4MB.  The Switcher is
  * conveniently placed at the top 4MB, so it uses a separate, complete PTE
  * page.  */
-#define SWITCHER_PGD_INDEX (PTES_PER_PAGE - 1)
+#define SWITCHER_PGD_INDEX (PTRS_PER_PGD - 1)
 
 /* We actually need a separate PTE page for each CPU.  Remember that after the
  * Switcher code itself comes two pages for each CPU, and we don't want this
  * CPU's guest to see the pages of any other CPU. */
-static DEFINE_PER_CPU(spte_t *, switcher_pte_pages);
+static DEFINE_PER_CPU(pte_t *, switcher_pte_pages);
 #define switcher_pte_page(cpu) per_cpu(switcher_pte_pages, cpu)
 
 /*H:320 With our shadow and Guest types established, we need to deal with
  * them: the page table code is curly enough to need helper functions to keep
  * it clear and clean.
  *
- * The first helper takes a virtual address, and says which entry in the top
- * level page table deals with that address.  Since each top level entry deals
- * with 4M, this effectively divides by 4M. */
-static unsigned vaddr_to_pgd_index(unsigned long vaddr)
-{
-        return vaddr >> (PAGE_SHIFT + PTES_PER_PAGE_SHIFT);
-}
-
-/* There are two functions which return pointers to the shadow (aka "real")
+ * There are two functions which return pointers to the shadow (aka "real")
  * page tables.
  *
  * spgd_addr() takes the virtual address and returns a pointer to the top-level
  * page directory entry for that address.  Since we keep track of several page
  * tables, the "i" argument tells us which one we're interested in (it's
  * usually the current one). */
-static spgd_t *spgd_addr(struct lguest *lg, u32 i, unsigned long vaddr)
+static pgd_t *spgd_addr(struct lguest *lg, u32 i, unsigned long vaddr)
 {
-        unsigned int index = vaddr_to_pgd_index(vaddr);
+        unsigned int index = pgd_index(vaddr);
 
         /* We kill any Guest trying to touch the Switcher addresses. */
         if (index >= SWITCHER_PGD_INDEX) {
@@ -95,28 +84,28 @@ static spgd_t *spgd_addr(struct lguest *lg, u32 i, unsigned long vaddr)
 /* This routine then takes the PGD entry given above, which contains the
  * address of the PTE page.  It then returns a pointer to the PTE entry for the
  * given address. */
-static spte_t *spte_addr(struct lguest *lg, spgd_t spgd, unsigned long vaddr)
+static pte_t *spte_addr(struct lguest *lg, pgd_t spgd, unsigned long vaddr)
 {
-        spte_t *page = __va(spgd.pfn << PAGE_SHIFT);
+        pte_t *page = __va(pgd_pfn(spgd) << PAGE_SHIFT);
         /* You should never call this if the PGD entry wasn't valid */
-        BUG_ON(!(spgd.flags & _PAGE_PRESENT));
-        return &page[(vaddr >> PAGE_SHIFT) % PTES_PER_PAGE];
+        BUG_ON(!(pgd_flags(spgd) & _PAGE_PRESENT));
+        return &page[(vaddr >> PAGE_SHIFT) % PTRS_PER_PTE];
 }
 
 /* These two functions just like the above two, except they access the Guest
  * page tables.  Hence they return a Guest address. */
 static unsigned long gpgd_addr(struct lguest *lg, unsigned long vaddr)
 {
-        unsigned int index = vaddr >> (PAGE_SHIFT + PTES_PER_PAGE_SHIFT);
-        return lg->pgdirs[lg->pgdidx].cr3 + index * sizeof(gpgd_t);
+        unsigned int index = vaddr >> (PGDIR_SHIFT);
+        return lg->pgdirs[lg->pgdidx].gpgdir + index * sizeof(pgd_t);
 }
 
 static unsigned long gpte_addr(struct lguest *lg,
-                               gpgd_t gpgd, unsigned long vaddr)
+                               pgd_t gpgd, unsigned long vaddr)
 {
-        unsigned long gpage = gpgd.pfn << PAGE_SHIFT;
-        BUG_ON(!(gpgd.flags & _PAGE_PRESENT));
-        return gpage + ((vaddr>>PAGE_SHIFT) % PTES_PER_PAGE) * sizeof(gpte_t);
+        unsigned long gpage = pgd_pfn(gpgd) << PAGE_SHIFT;
+        BUG_ON(!(pgd_flags(gpgd) & _PAGE_PRESENT));
+        return gpage + ((vaddr>>PAGE_SHIFT) % PTRS_PER_PTE) * sizeof(pte_t);
 }
 
 /*H:350 This routine takes a page number given by the Guest and converts it to
@@ -149,53 +138,55 @@ static unsigned long get_pfn(unsigned long virtpfn, int write)
  * entry can be a little tricky.  The flags are (almost) the same, but the
  * Guest PTE contains a virtual page number: the CPU needs the real page
  * number. */
-static spte_t gpte_to_spte(struct lguest *lg, gpte_t gpte, int write)
+static pte_t gpte_to_spte(struct lguest *lg, pte_t gpte, int write)
 {
-        spte_t spte;
-        unsigned long pfn;
+        unsigned long pfn, base, flags;
 
         /* The Guest sets the global flag, because it thinks that it is using
          * PGE.  We only told it to use PGE so it would tell us whether it was
          * flushing a kernel mapping or a userspace mapping.  We don't actually
          * use the global bit, so throw it away. */
-        spte.flags = (gpte.flags & ~_PAGE_GLOBAL);
+        flags = (pte_flags(gpte) & ~_PAGE_GLOBAL);
+
+        /* The Guest's pages are offset inside the Launcher. */
+        base = (unsigned long)lg->mem_base / PAGE_SIZE;
 
         /* We need a temporary "unsigned long" variable to hold the answer from
          * get_pfn(), because it returns 0xFFFFFFFF on failure, which wouldn't
          * fit in spte.pfn.  get_pfn() finds the real physical number of the
          * page, given the virtual number. */
-        pfn = get_pfn(gpte.pfn, write);
+        pfn = get_pfn(base + pte_pfn(gpte), write);
         if (pfn == -1UL) {
-                kill_guest(lg, "failed to get page %u", gpte.pfn);
+                kill_guest(lg, "failed to get page %lu", pte_pfn(gpte));
                 /* When we destroy the Guest, we'll go through the shadow page
                  * tables and release_pte() them.  Make sure we don't think
                  * this one is valid! */
-                spte.flags = 0;
+                flags = 0;
         }
-        /* Now we assign the page number, and our shadow PTE is complete. */
-        spte.pfn = pfn;
-        return spte;
+        /* Now we assemble our shadow PTE from the page number and flags. */
+        return pfn_pte(pfn, __pgprot(flags));
 }
 
 /*H:460 And to complete the chain, release_pte() looks like this: */
-static void release_pte(spte_t pte)
+static void release_pte(pte_t pte)
 {
         /* Remember that get_user_pages() took a reference to the page, in
          * get_pfn()?  We have to put it back now. */
-        if (pte.flags & _PAGE_PRESENT)
-                put_page(pfn_to_page(pte.pfn));
+        if (pte_flags(pte) & _PAGE_PRESENT)
+                put_page(pfn_to_page(pte_pfn(pte)));
 }
 /*:*/
 
-static void check_gpte(struct lguest *lg, gpte_t gpte)
+static void check_gpte(struct lguest *lg, pte_t gpte)
 {
-        if ((gpte.flags & (_PAGE_PWT|_PAGE_PSE)) || gpte.pfn >= lg->pfn_limit)
+        if ((pte_flags(gpte) & (_PAGE_PWT|_PAGE_PSE))
+            || pte_pfn(gpte) >= lg->pfn_limit)
                 kill_guest(lg, "bad page table entry");
 }
 
-static void check_gpgd(struct lguest *lg, gpgd_t gpgd)
+static void check_gpgd(struct lguest *lg, pgd_t gpgd)
 {
-        if ((gpgd.flags & ~_PAGE_TABLE) || gpgd.pfn >= lg->pfn_limit)
+        if ((pgd_flags(gpgd) & ~_PAGE_TABLE) || pgd_pfn(gpgd) >= lg->pfn_limit)
                 kill_guest(lg, "bad page directory entry");
 }
 
@@ -211,21 +202,21 @@ static void check_gpgd(struct lguest *lg, gpgd_t gpgd)
  * true. */
 int demand_page(struct lguest *lg, unsigned long vaddr, int errcode)
 {
-        gpgd_t gpgd;
-        spgd_t *spgd;
+        pgd_t gpgd;
+        pgd_t *spgd;
         unsigned long gpte_ptr;
-        gpte_t gpte;
-        spte_t *spte;
+        pte_t gpte;
+        pte_t *spte;
 
         /* First step: get the top-level Guest page table entry. */
-        gpgd = mkgpgd(lgread_u32(lg, gpgd_addr(lg, vaddr)));
+        gpgd = lgread(lg, gpgd_addr(lg, vaddr), pgd_t);
         /* Toplevel not present?  We can't map it in. */
-        if (!(gpgd.flags & _PAGE_PRESENT))
+        if (!(pgd_flags(gpgd) & _PAGE_PRESENT))
                 return 0;
 
         /* Now look at the matching shadow entry. */
         spgd = spgd_addr(lg, lg->pgdidx, vaddr);
-        if (!(spgd->flags & _PAGE_PRESENT)) {
+        if (!(pgd_flags(*spgd) & _PAGE_PRESENT)) {
                 /* No shadow entry: allocate a new shadow PTE page. */
                 unsigned long ptepage = get_zeroed_page(GFP_KERNEL);
                 /* This is not really the Guest's fault, but killing it is
@@ -238,34 +229,35 @@ int demand_page(struct lguest *lg, unsigned long vaddr, int errcode)
                 check_gpgd(lg, gpgd);
                 /* And we copy the flags to the shadow PGD entry.  The page
                  * number in the shadow PGD is the page we just allocated. */
-                spgd->raw.val = (__pa(ptepage) | gpgd.flags);
+                *spgd = __pgd(__pa(ptepage) | pgd_flags(gpgd));
         }
 
         /* OK, now we look at the lower level in the Guest page table: keep its
          * address, because we might update it later. */
         gpte_ptr = gpte_addr(lg, gpgd, vaddr);
-        gpte = mkgpte(lgread_u32(lg, gpte_ptr));
+        gpte = lgread(lg, gpte_ptr, pte_t);
 
         /* If this page isn't in the Guest page tables, we can't page it in. */
-        if (!(gpte.flags & _PAGE_PRESENT))
+        if (!(pte_flags(gpte) & _PAGE_PRESENT))
                 return 0;
 
         /* Check they're not trying to write to a page the Guest wants
          * read-only (bit 2 of errcode == write). */
-        if ((errcode & 2) && !(gpte.flags & _PAGE_RW))
+        if ((errcode & 2) && !(pte_flags(gpte) & _PAGE_RW))
                 return 0;
 
         /* User access to a kernel page? (bit 3 == user access) */
-        if ((errcode & 4) && !(gpte.flags & _PAGE_USER))
+        if ((errcode & 4) && !(pte_flags(gpte) & _PAGE_USER))
                 return 0;
 
         /* Check that the Guest PTE flags are OK, and the page number is below
          * the pfn_limit (ie. not mapping the Launcher binary). */
         check_gpte(lg, gpte);
         /* Add the _PAGE_ACCESSED and (for a write) _PAGE_DIRTY flag */
-        gpte.flags |= _PAGE_ACCESSED;
+        gpte = pte_mkyoung(gpte);
+
         if (errcode & 2)
-                gpte.flags |= _PAGE_DIRTY;
+                gpte = pte_mkdirty(gpte);
 
         /* Get the pointer to the shadow PTE entry we're going to set. */
         spte = spte_addr(lg, *spgd, vaddr);
@@ -275,21 +267,18 @@ int demand_page(struct lguest *lg, unsigned long vaddr, int errcode)
 
         /* If this is a write, we insist that the Guest page is writable (the
          * final arg to gpte_to_spte()). */
-        if (gpte.flags & _PAGE_DIRTY)
+        if (pte_dirty(gpte))
                 *spte = gpte_to_spte(lg, gpte, 1);
-        else {
+        else
                 /* If this is a read, don't set the "writable" bit in the page
                  * table entry, even if the Guest says it's writable.  That way
                  * we come back here when a write does actually ocur, so we can
                  * update the Guest's _PAGE_DIRTY flag. */
-                gpte_t ro_gpte = gpte;
-                ro_gpte.flags &= ~_PAGE_RW;
-                *spte = gpte_to_spte(lg, ro_gpte, 0);
-        }
+                *spte = gpte_to_spte(lg, pte_wrprotect(gpte), 0);
 
         /* Finally, we write the Guest PTE entry back: we've set the
          * _PAGE_ACCESSED and maybe the _PAGE_DIRTY flags. */
-        lgwrite_u32(lg, gpte_ptr, gpte.raw.val);
+        lgwrite(lg, gpte_ptr, pte_t, gpte);
 
         /* We succeeded in mapping the page! */
         return 1;
@@ -305,17 +294,18 @@ int demand_page(struct lguest *lg, unsigned long vaddr, int errcode)
  * mapped by the shadow page tables, and is it writable? */
 static int page_writable(struct lguest *lg, unsigned long vaddr)
 {
-        spgd_t *spgd;
+        pgd_t *spgd;
         unsigned long flags;
 
         /* Look at the top level entry: is it present? */
         spgd = spgd_addr(lg, lg->pgdidx, vaddr);
-        if (!(spgd->flags & _PAGE_PRESENT))
+        if (!(pgd_flags(*spgd) & _PAGE_PRESENT))
                 return 0;
 
         /* Check the flags on the pte entry itself: it must be present and
          * writable. */
-        flags = spte_addr(lg, *spgd, vaddr)->flags;
+        flags = pte_flags(*(spte_addr(lg, *spgd, vaddr)));
+
         return (flags & (_PAGE_PRESENT|_PAGE_RW)) == (_PAGE_PRESENT|_PAGE_RW);
 }
 
@@ -329,22 +319,22 @@ void pin_page(struct lguest *lg, unsigned long vaddr)
 }
 
 /*H:450 If we chase down the release_pgd() code, it looks like this: */
-static void release_pgd(struct lguest *lg, spgd_t *spgd)
+static void release_pgd(struct lguest *lg, pgd_t *spgd)
 {
         /* If the entry's not present, there's nothing to release. */
-        if (spgd->flags & _PAGE_PRESENT) {
+        if (pgd_flags(*spgd) & _PAGE_PRESENT) {
                 unsigned int i;
                 /* Converting the pfn to find the actual PTE page is easy: turn
                  * the page number into a physical address, then convert to a
                  * virtual address (easy for kernel pages like this one). */
-                spte_t *ptepage = __va(spgd->pfn << PAGE_SHIFT);
+                pte_t *ptepage = __va(pgd_pfn(*spgd) << PAGE_SHIFT);
                 /* For each entry in the page, we might need to release it. */
-                for (i = 0; i < PTES_PER_PAGE; i++)
+                for (i = 0; i < PTRS_PER_PTE; i++)
                         release_pte(ptepage[i]);
                 /* Now we can free the page of PTEs */
                 free_page((long)ptepage);
                 /* And zero out the PGD entry we we never release it twice. */
-                spgd->raw.val = 0;
+                *spgd = __pgd(0);
         }
 }
 
@@ -356,7 +346,7 @@ static void flush_user_mappings(struct lguest *lg, int idx)
 {
         unsigned int i;
         /* Release every pgd entry up to the kernel's address. */
-        for (i = 0; i < vaddr_to_pgd_index(lg->page_offset); i++)
+        for (i = 0; i < pgd_index(lg->kernel_address); i++)
                 release_pgd(lg, lg->pgdirs[idx].pgdir + i);
 }
 
@@ -369,6 +359,25 @@ void guest_pagetable_flush_user(struct lguest *lg)
 }
 /*:*/
 
+/* We walk down the guest page tables to get a guest-physical address */
+unsigned long guest_pa(struct lguest *lg, unsigned long vaddr)
+{
+        pgd_t gpgd;
+        pte_t gpte;
+
+        /* First step: get the top-level Guest page table entry. */
+        gpgd = lgread(lg, gpgd_addr(lg, vaddr), pgd_t);
+        /* Toplevel not present?  We can't map it in. */
+        if (!(pgd_flags(gpgd) & _PAGE_PRESENT))
+                kill_guest(lg, "Bad address %#lx", vaddr);
+
+        gpte = lgread(lg, gpte_addr(lg, gpgd, vaddr), pte_t);
+        if (!(pte_flags(gpte) & _PAGE_PRESENT))
+                kill_guest(lg, "Bad address %#lx", vaddr);
+
+        return pte_pfn(gpte) * PAGE_SIZE | (vaddr & ~PAGE_MASK);
+}
+
 /* We keep several page tables.  This is a simple routine to find the page
  * table (if any) corresponding to this top-level address the Guest has given
  * us. */
@@ -376,7 +385,7 @@ static unsigned int find_pgdir(struct lguest *lg, unsigned long pgtable)
 {
         unsigned int i;
         for (i = 0; i < ARRAY_SIZE(lg->pgdirs); i++)
-                if (lg->pgdirs[i].cr3 == pgtable)
+                if (lg->pgdirs[i].gpgdir == pgtable)
                         break;
         return i;
 }
@@ -385,7 +394,7 @@ static unsigned int find_pgdir(struct lguest *lg, unsigned long pgtable)
  * allocate a new one (and so the kernel parts are not there), we set
  * blank_pgdir. */
 static unsigned int new_pgdir(struct lguest *lg,
-                              unsigned long cr3,
+                              unsigned long gpgdir,
                               int *blank_pgdir)
 {
         unsigned int next;
@@ -395,7 +404,7 @@ static unsigned int new_pgdir(struct lguest *lg,
         next = random32() % ARRAY_SIZE(lg->pgdirs);
         /* If it's never been allocated at all before, try now. */
         if (!lg->pgdirs[next].pgdir) {
-                lg->pgdirs[next].pgdir = (spgd_t *)get_zeroed_page(GFP_KERNEL);
+                lg->pgdirs[next].pgdir = (pgd_t *)get_zeroed_page(GFP_KERNEL);
                 /* If the allocation fails, just keep using the one we have */
                 if (!lg->pgdirs[next].pgdir)
                         next = lg->pgdidx;
@@ -405,7 +414,7 @@ static unsigned int new_pgdir(struct lguest *lg,
                         *blank_pgdir = 1;
         }
         /* Record which Guest toplevel this shadows. */
-        lg->pgdirs[next].cr3 = cr3;
+        lg->pgdirs[next].gpgdir = gpgdir;
         /* Release all the non-kernel mappings. */
         flush_user_mappings(lg, next);
 
@@ -472,26 +481,27 @@ void guest_pagetable_clear_all(struct lguest *lg)
  * they set _PAGE_DIRTY then we can put a writable PTE entry in immediately.
  */
 static void do_set_pte(struct lguest *lg, int idx,
-                       unsigned long vaddr, gpte_t gpte)
+                       unsigned long vaddr, pte_t gpte)
 {
         /* Look up the matching shadow page directot entry. */
-        spgd_t *spgd = spgd_addr(lg, idx, vaddr);
+        pgd_t *spgd = spgd_addr(lg, idx, vaddr);
 
         /* If the top level isn't present, there's no entry to update. */
-        if (spgd->flags & _PAGE_PRESENT) {
+        if (pgd_flags(*spgd) & _PAGE_PRESENT) {
                 /* Otherwise, we start by releasing the existing entry. */
-                spte_t *spte = spte_addr(lg, *spgd, vaddr);
+                pte_t *spte = spte_addr(lg, *spgd, vaddr);
                 release_pte(*spte);
 
                 /* If they're setting this entry as dirty or accessed, we might
                  * as well put that entry they've given us in now.  This shaves
                  * 10% off a copy-on-write micro-benchmark. */
-                if (gpte.flags & (_PAGE_DIRTY | _PAGE_ACCESSED)) {
+                if (pte_flags(gpte) & (_PAGE_DIRTY | _PAGE_ACCESSED)) {
                         check_gpte(lg, gpte);
-                        *spte = gpte_to_spte(lg, gpte, gpte.flags&_PAGE_DIRTY);
+                        *spte = gpte_to_spte(lg, gpte,
+                                             pte_flags(gpte) & _PAGE_DIRTY);
                 } else
                         /* Otherwise we can demand_page() it in later. */
-                        spte->raw.val = 0;
+                        *spte = __pte(0);
         }
 }
 
@@ -506,18 +516,18 @@ static void do_set_pte(struct lguest *lg, int idx,
  * The benefit is that when we have to track a new page table, we can copy keep
  * all the kernel mappings.  This speeds up context switch immensely. */
 void guest_set_pte(struct lguest *lg,
-                   unsigned long cr3, unsigned long vaddr, gpte_t gpte)
+                   unsigned long gpgdir, unsigned long vaddr, pte_t gpte)
 {
         /* Kernel mappings must be changed on all top levels.  Slow, but
          * doesn't happen often. */
-        if (vaddr >= lg->page_offset) {
+        if (vaddr >= lg->kernel_address) {
                 unsigned int i;
                 for (i = 0; i < ARRAY_SIZE(lg->pgdirs); i++)
                         if (lg->pgdirs[i].pgdir)
                                 do_set_pte(lg, i, vaddr, gpte);
         } else {
                 /* Is this page table one we have a shadow for? */
-                int pgdir = find_pgdir(lg, cr3);
+                int pgdir = find_pgdir(lg, gpgdir);
                 if (pgdir != ARRAY_SIZE(lg->pgdirs))
                         /* If so, do the update. */
                         do_set_pte(lg, pgdir, vaddr, gpte);
@@ -538,7 +548,7 @@ void guest_set_pte(struct lguest *lg,
  *
  * So with that in mind here's our code to to update a (top-level) PGD entry:
  */
-void guest_set_pmd(struct lguest *lg, unsigned long cr3, u32 idx)
+void guest_set_pmd(struct lguest *lg, unsigned long gpgdir, u32 idx)
 {
         int pgdir;
 
@@ -548,7 +558,7 @@ void guest_set_pmd(struct lguest *lg, unsigned long cr3, u32 idx)
                 return;
 
         /* If they're talking about a page table we have a shadow for... */
-        pgdir = find_pgdir(lg, cr3);
+        pgdir = find_pgdir(lg, gpgdir);
         if (pgdir < ARRAY_SIZE(lg->pgdirs))
                 /* ... throw it away. */
                 release_pgd(lg, lg->pgdirs[pgdir].pgdir + idx);
@@ -560,21 +570,34 @@ void guest_set_pmd(struct lguest *lg, unsigned long cr3, u32 idx)
  * its first page table is.  We set some things up here: */
 int init_guest_pagetable(struct lguest *lg, unsigned long pgtable)
 {
-        /* In flush_user_mappings() we loop from 0 to
-         * "vaddr_to_pgd_index(lg->page_offset)".  This assumes it won't hit
-         * the Switcher mappings, so check that now. */
-        if (vaddr_to_pgd_index(lg->page_offset) >= SWITCHER_PGD_INDEX)
-                return -EINVAL;
         /* We start on the first shadow page table, and give it a blank PGD
          * page. */
         lg->pgdidx = 0;
-        lg->pgdirs[lg->pgdidx].cr3 = pgtable;
-        lg->pgdirs[lg->pgdidx].pgdir = (spgd_t*)get_zeroed_page(GFP_KERNEL);
+        lg->pgdirs[lg->pgdidx].gpgdir = pgtable;
+        lg->pgdirs[lg->pgdidx].pgdir = (pgd_t*)get_zeroed_page(GFP_KERNEL);
         if (!lg->pgdirs[lg->pgdidx].pgdir)
                 return -ENOMEM;
         return 0;
 }
 
+/* When the Guest calls LHCALL_LGUEST_INIT we do more setup. */
+void page_table_guest_data_init(struct lguest *lg)
+{
+        /* We get the kernel address: above this is all kernel memory. */
+        if (get_user(lg->kernel_address, &lg->lguest_data->kernel_address)
+            /* We tell the Guest that it can't use the top 4MB of virtual
+             * addresses used by the Switcher. */
+            || put_user(4U*1024*1024, &lg->lguest_data->reserve_mem)
+            || put_user(lg->pgdirs[lg->pgdidx].gpgdir,&lg->lguest_data->pgdir))
+                kill_guest(lg, "bad guest page %p", lg->lguest_data);
+
+        /* In flush_user_mappings() we loop from 0 to
+         * "pgd_index(lg->kernel_address)".  This assumes it won't hit the
+         * Switcher mappings, so check that now. */
+        if (pgd_index(lg->kernel_address) >= SWITCHER_PGD_INDEX)
+                kill_guest(lg, "bad kernel address %#lx", lg->kernel_address);
+}
+
 /* When a Guest dies, our cleanup is fairly simple. */
 void free_guest_pagetable(struct lguest *lg)
 {
@@ -594,14 +617,14 @@ void free_guest_pagetable(struct lguest *lg)
  * for each CPU already set up, we just need to hook them in. */
 void map_switcher_in_guest(struct lguest *lg, struct lguest_pages *pages)
 {
-        spte_t *switcher_pte_page = __get_cpu_var(switcher_pte_pages);
-        spgd_t switcher_pgd;
-        spte_t regs_pte;
+        pte_t *switcher_pte_page = __get_cpu_var(switcher_pte_pages);
+        pgd_t switcher_pgd;
+        pte_t regs_pte;
 
         /* Make the last PGD entry for this Guest point to the Switcher's PTE
          * page for this CPU (with appropriate flags). */
-        switcher_pgd.pfn = __pa(switcher_pte_page) >> PAGE_SHIFT;
-        switcher_pgd.flags = _PAGE_KERNEL;
+        switcher_pgd = __pgd(__pa(switcher_pte_page) | _PAGE_KERNEL);
+
         lg->pgdirs[lg->pgdidx].pgdir[SWITCHER_PGD_INDEX] = switcher_pgd;
 
         /* We also change the Switcher PTE page.  When we're running the Guest,
@@ -611,10 +634,8 @@ void map_switcher_in_guest(struct lguest *lg, struct lguest_pages *pages)
          * CPU's "struct lguest_pages": if we make sure the Guest's register
          * page is already mapped there, we don't have to copy them out
          * again. */
-        regs_pte.pfn = __pa(lg->regs_page) >> PAGE_SHIFT;
-        regs_pte.flags = _PAGE_KERNEL;
-        switcher_pte_page[(unsigned long)pages/PAGE_SIZE%PTES_PER_PAGE]
-                = regs_pte;
+        regs_pte = pfn_pte (__pa(lg->regs_page) >> PAGE_SHIFT, __pgprot(_PAGE_KERNEL));
+        switcher_pte_page[(unsigned long)pages/PAGE_SIZE%PTRS_PER_PTE] = regs_pte;
 }
 /*:*/
 
@@ -635,24 +656,25 @@ static __init void populate_switcher_pte_page(unsigned int cpu,
                                               unsigned int pages)
 {
         unsigned int i;
-        spte_t *pte = switcher_pte_page(cpu);
+        pte_t *pte = switcher_pte_page(cpu);
 
         /* The first entries are easy: they map the Switcher code. */
         for (i = 0; i < pages; i++) {
-                pte[i].pfn = page_to_pfn(switcher_page[i]);
-                pte[i].flags = _PAGE_PRESENT|_PAGE_ACCESSED;
+                pte[i] = mk_pte(switcher_page[i],
+                                __pgprot(_PAGE_PRESENT|_PAGE_ACCESSED));
         }
 
         /* The only other thing we map is this CPU's pair of pages. */
         i = pages + cpu*2;
 
         /* First page (Guest registers) is writable from the Guest */
-        pte[i].pfn = page_to_pfn(switcher_page[i]);
-        pte[i].flags = _PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_RW;
+        pte[i] = pfn_pte(page_to_pfn(switcher_page[i]),
+                         __pgprot(_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_RW));
+
         /* The second page contains the "struct lguest_ro_state", and is
          * read-only. */
-        pte[i+1].pfn = page_to_pfn(switcher_page[i+1]);
-        pte[i+1].flags = _PAGE_PRESENT|_PAGE_ACCESSED;
+        pte[i+1] = pfn_pte(page_to_pfn(switcher_page[i+1]),
+                           __pgprot(_PAGE_PRESENT|_PAGE_ACCESSED));
 }
 
 /*H:510 At boot or module load time, init_pagetables() allocates and populates
@@ -662,7 +684,7 @@ __init int init_pagetables(struct page **switcher_page, unsigned int pages)
         unsigned int i;
 
         for_each_possible_cpu(i) {
-                switcher_pte_page(i) = (spte_t *)get_zeroed_page(GFP_KERNEL);
+                switcher_pte_page(i) = (pte_t *)get_zeroed_page(GFP_KERNEL);
                 if (!switcher_pte_page(i)) {
                         free_switcher_pte_pages();
                         return -ENOMEM;