VirtualBox

source: vbox/trunk/src/VBox/HostDrivers/Support/SUPDrv.c@ 14158

Last change on this file since 14158 was 13871, checked in by vboxsync, 16 years ago

VMMR0EntryFast: Always validate idCpu.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 183.6 KB
Line 
1/* $Revision: 13871 $ */
2/** @file
3 * VBoxDrv - The VirtualBox Support Driver - Common code.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 *
26 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
27 * Clara, CA 95054 USA or visit http://www.sun.com if you need
28 * additional information or have any questions.
29 */
30
31/*******************************************************************************
32* Header Files *
33*******************************************************************************/
34#define LOG_GROUP LOG_GROUP_SUP_DRV
35#include "SUPDrvInternal.h"
36#ifndef PAGE_SHIFT
37# include <iprt/param.h>
38#endif
39#include <iprt/alloc.h>
40#include <iprt/semaphore.h>
41#include <iprt/spinlock.h>
42#include <iprt/thread.h>
43#include <iprt/process.h>
44#include <iprt/mp.h>
45#include <iprt/power.h>
46#include <iprt/cpuset.h>
47#include <iprt/uuid.h>
48#include <VBox/log.h>
49#include <VBox/err.h>
50#if defined(RT_OS_DARWIN) || defined(RT_OS_SOLARIS)
51# include <iprt/crc32.h>
52# include <iprt/net.h>
53#endif
54/* VBox/x86.h not compatible with the Linux kernel sources */
55#ifdef RT_OS_LINUX
56# define X86_CPUID_VENDOR_AMD_EBX 0x68747541
57# define X86_CPUID_VENDOR_AMD_ECX 0x444d4163
58# define X86_CPUID_VENDOR_AMD_EDX 0x69746e65
59#else
60# include <VBox/x86.h>
61#endif
62
63/*
64 * Logging assignments:
65 * Log - useful stuff, like failures.
66 * LogFlow - program flow, except the really noisy bits.
67 * Log2 - Cleanup and IDTE
68 * Log3 - Loader flow noise.
69 * Log4 - Call VMMR0 flow noise.
70 * Log5 - Native yet-to-be-defined noise.
71 * Log6 - Native ioctl flow noise.
72 *
73 * Logging requires BUILD_TYPE=debug and possibly changes to the logger
74 * instanciation in log-vbox.c(pp).
75 */
76
77
78/*******************************************************************************
79* Defined Constants And Macros *
80*******************************************************************************/
81/* from x86.h - clashes with linux thus this duplication */
82#undef X86_CR0_PG
83#define X86_CR0_PG RT_BIT(31)
84#undef X86_CR0_PE
85#define X86_CR0_PE RT_BIT(0)
86#undef X86_CPUID_AMD_FEATURE_EDX_NX
87#define X86_CPUID_AMD_FEATURE_EDX_NX RT_BIT(20)
88#undef MSR_K6_EFER
89#define MSR_K6_EFER 0xc0000080
90#undef MSR_K6_EFER_NXE
91#define MSR_K6_EFER_NXE RT_BIT(11)
92#undef MSR_K6_EFER_LMA
93#define MSR_K6_EFER_LMA RT_BIT(10)
94#undef X86_CR4_PGE
95#define X86_CR4_PGE RT_BIT(7)
96#undef X86_CR4_PAE
97#define X86_CR4_PAE RT_BIT(5)
98#undef X86_CPUID_AMD_FEATURE_EDX_LONG_MODE
99#define X86_CPUID_AMD_FEATURE_EDX_LONG_MODE RT_BIT(29)
100
101
102/** The frequency by which we recalculate the u32UpdateHz and
103 * u32UpdateIntervalNS GIP members. The value must be a power of 2. */
104#define GIP_UPDATEHZ_RECALC_FREQ 0x800
105
106/**
107 * Validates a session pointer.
108 *
109 * @returns true/false accordingly.
110 * @param pSession The session.
111 */
112#define SUP_IS_SESSION_VALID(pSession) \
113 ( VALID_PTR(pSession) \
114 && pSession->u32Cookie == BIRD_INV)
115
116/** @def VBOX_SVN_REV
117 * The makefile should define this if it can. */
118#ifndef VBOX_SVN_REV
119# define VBOX_SVN_REV 0
120#endif
121
122/*******************************************************************************
123* Internal Functions *
124*******************************************************************************/
125static int supdrvMemAdd(PSUPDRVMEMREF pMem, PSUPDRVSESSION pSession);
126static int supdrvMemRelease(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, SUPDRVMEMREFTYPE eType);
127#ifdef VBOX_WITH_IDT_PATCHING
128static int supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL pReq);
129static PSUPDRVPATCH supdrvIdtPatchOne(PSUPDRVDEVEXT pDevExt, PSUPDRVPATCH pPatch);
130static int supdrvIOCtl_IdtRemoveAll(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
131static void supdrvIdtRemoveOne(PSUPDRVDEVEXT pDevExt, PSUPDRVPATCH pPatch);
132static void supdrvIdtWrite(volatile void *pvIdtEntry, const SUPDRVIDTE *pNewIDTEntry);
133#endif /* VBOX_WITH_IDT_PATCHING */
134static int supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN pReq);
135static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD pReq);
136static int supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq);
137static int supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL pReq);
138static int supdrvIDC_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVIDCREQGETSYM pReq);
139static int supdrvLdrSetR0EP(PSUPDRVDEVEXT pDevExt, void *pvVMMR0, void *pvVMMR0EntryInt, void *pvVMMR0EntryFast, void *pvVMMR0EntryEx);
140static void supdrvLdrUnsetR0EP(PSUPDRVDEVEXT pDevExt);
141static int supdrvLdrAddUsage(PSUPDRVSESSION pSession, PSUPDRVLDRIMAGE pImage);
142static void supdrvLdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage);
143static SUPPAGINGMODE supdrvIOCtl_GetPagingMode(void);
144static SUPGIPMODE supdrvGipDeterminTscMode(PSUPDRVDEVEXT pDevExt);
145#ifdef RT_OS_WINDOWS
146static int supdrvPageGetPhys(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages);
147static bool supdrvPageWasLockedByPageAlloc(PSUPDRVSESSION pSession, RTR3PTR pvR3);
148#endif /* RT_OS_WINDOWS */
149static int supdrvGipCreate(PSUPDRVDEVEXT pDevExt);
150static void supdrvGipDestroy(PSUPDRVDEVEXT pDevExt);
151static DECLCALLBACK(void) supdrvGipSyncTimer(PRTTIMER pTimer, void *pvUser, uint64_t iTick);
152static DECLCALLBACK(void) supdrvGipAsyncTimer(PRTTIMER pTimer, void *pvUser, uint64_t iTick);
153static DECLCALLBACK(void) supdrvGipMpEvent(RTMPEVENT enmEvent, RTCPUID idCpu, void *pvUser);
154
155#ifdef RT_WITH_W64_UNWIND_HACK
156DECLASM(int) supdrvNtWrapVMMR0EntryEx(PFNRT pfnVMMR0EntryEx, PVM pVM, unsigned uOperation, PSUPVMMR0REQHDR pReq, uint64_t u64Arg, PSUPDRVSESSION pSession);
157DECLASM(int) supdrvNtWrapVMMR0EntryFast(PFNRT pfnVMMR0EntryFast, PVM pVM, unsigned idCpu, unsigned uOperation);
158DECLASM(void) supdrvNtWrapObjDestructor(PFNRT pfnDestruction, void *pvObj, void *pvUser1, void *pvUser2);
159DECLASM(void *) supdrvNtWrapQueryFactoryInterface(PFNRT pfnQueryFactoryInterface, struct SUPDRVFACTORY const *pSupDrvFactory, PSUPDRVSESSION pSession, const char *pszInterfaceUuid);
160DECLASM(int) supdrvNtWrapModuleInit(PFNRT pfnModuleInit);
161DECLASM(void) supdrvNtWrapModuleTerm(PFNRT pfnModuleTerm);
162
163DECLASM(int) UNWIND_WRAP(SUPR0ComponentRegisterFactory)(PSUPDRVSESSION pSession, PCSUPDRVFACTORY pFactory);
164DECLASM(int) UNWIND_WRAP(SUPR0ComponentDeregisterFactory)(PSUPDRVSESSION pSession, PCSUPDRVFACTORY pFactory);
165DECLASM(int) UNWIND_WRAP(SUPR0ComponentQueryFactory)(PSUPDRVSESSION pSession, const char *pszName, const char *pszInterfaceUuid, void **ppvFactoryIf);
166DECLASM(void *) UNWIND_WRAP(SUPR0ObjRegister)(PSUPDRVSESSION pSession, SUPDRVOBJTYPE enmType, PFNSUPDRVDESTRUCTOR pfnDestructor, void *pvUser1, void *pvUser2);
167DECLASM(int) UNWIND_WRAP(SUPR0ObjAddRef)(void *pvObj, PSUPDRVSESSION pSession);
168DECLASM(int) UNWIND_WRAP(SUPR0ObjRelease)(void *pvObj, PSUPDRVSESSION pSession);
169DECLASM(int) UNWIND_WRAP(SUPR0ObjVerifyAccess)(void *pvObj, PSUPDRVSESSION pSession, const char *pszObjName);
170DECLASM(int) UNWIND_WRAP(SUPR0LockMem)(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages);
171DECLASM(int) UNWIND_WRAP(SUPR0UnlockMem)(PSUPDRVSESSION pSession, RTR3PTR pvR3);
172DECLASM(int) UNWIND_WRAP(SUPR0ContAlloc)(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PRTHCPHYS pHCPhys);
173DECLASM(int) UNWIND_WRAP(SUPR0ContFree)(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr);
174DECLASM(int) UNWIND_WRAP(SUPR0LowAlloc)(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PRTHCPHYS paPages);
175DECLASM(int) UNWIND_WRAP(SUPR0LowFree)(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr);
176DECLASM(int) UNWIND_WRAP(SUPR0MemAlloc)(PSUPDRVSESSION pSession, uint32_t cb, PRTR0PTR ppvR0, PRTR3PTR ppvR3);
177DECLASM(int) UNWIND_WRAP(SUPR0MemGetPhys)(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, PSUPPAGE paPages);
178DECLASM(int) UNWIND_WRAP(SUPR0MemFree)(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr);
179DECLASM(int) UNWIND_WRAP(SUPR0PageAlloc)(PSUPDRVSESSION pSession, uint32_t cPages, PRTR3PTR ppvR3, PRTHCPHYS paPages);
180DECLASM(int) UNWIND_WRAP(SUPR0PageFree)(PSUPDRVSESSION pSession, RTR3PTR pvR3);
181//DECLASM(int) UNWIND_WRAP(SUPR0Printf)(const char *pszFormat, ...);
182DECLASM(void *) UNWIND_WRAP(RTMemAlloc)(size_t cb) RT_NO_THROW;
183DECLASM(void *) UNWIND_WRAP(RTMemAllocZ)(size_t cb) RT_NO_THROW;
184DECLASM(void) UNWIND_WRAP(RTMemFree)(void *pv) RT_NO_THROW;
185DECLASM(void *) UNWIND_WRAP(RTMemDup)(const void *pvSrc, size_t cb) RT_NO_THROW;
186DECLASM(void *) UNWIND_WRAP(RTMemDupEx)(const void *pvSrc, size_t cbSrc, size_t cbExtra) RT_NO_THROW;
187DECLASM(void *) UNWIND_WRAP(RTMemRealloc)(void *pvOld, size_t cbNew) RT_NO_THROW;
188DECLASM(int) UNWIND_WRAP(RTR0MemObjAllocLow)(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable);
189DECLASM(int) UNWIND_WRAP(RTR0MemObjAllocPage)(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable);
190DECLASM(int) UNWIND_WRAP(RTR0MemObjAllocPhys)(PRTR0MEMOBJ pMemObj, size_t cb, RTHCPHYS PhysHighest);
191DECLASM(int) UNWIND_WRAP(RTR0MemObjAllocPhysNC)(PRTR0MEMOBJ pMemObj, size_t cb, RTHCPHYS PhysHighest);
192DECLASM(int) UNWIND_WRAP(RTR0MemObjAllocCont)(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable);
193DECLASM(int) UNWIND_WRAP(RTR0MemObjLockUser)(PRTR0MEMOBJ pMemObj, RTR3PTR R3Ptr, size_t cb, RTR0PROCESS R0Process);
194DECLASM(int) UNWIND_WRAP(RTR0MemObjMapKernel)(PRTR0MEMOBJ pMemObj, RTR0MEMOBJ MemObjToMap, void *pvFixed, size_t uAlignment, unsigned fProt);
195DECLASM(int) UNWIND_WRAP(RTR0MemObjMapUser)(PRTR0MEMOBJ pMemObj, RTR0MEMOBJ MemObjToMap, RTR3PTR R3PtrFixed, size_t uAlignment, unsigned fProt, RTR0PROCESS R0Process);
196/*DECLASM(void *) UNWIND_WRAP(RTR0MemObjAddress)(RTR0MEMOBJ MemObj); - not necessary */
197/*DECLASM(RTR3PTR) UNWIND_WRAP(RTR0MemObjAddressR3)(RTR0MEMOBJ MemObj); - not necessary */
198/*DECLASM(size_t) UNWIND_WRAP(RTR0MemObjSize)(RTR0MEMOBJ MemObj); - not necessary */
199/*DECLASM(bool) UNWIND_WRAP(RTR0MemObjIsMapping)(RTR0MEMOBJ MemObj); - not necessary */
200/*DECLASM(RTHCPHYS) UNWIND_WRAP(RTR0MemObjGetPagePhysAddr)(RTR0MEMOBJ MemObj, size_t iPage); - not necessary */
201DECLASM(int) UNWIND_WRAP(RTR0MemObjFree)(RTR0MEMOBJ MemObj, bool fFreeMappings);
202/* RTProcSelf - not necessary */
203/* RTR0ProcHandleSelf - not necessary */
204DECLASM(int) UNWIND_WRAP(RTSemFastMutexCreate)(PRTSEMFASTMUTEX pMutexSem);
205DECLASM(int) UNWIND_WRAP(RTSemFastMutexDestroy)(RTSEMFASTMUTEX MutexSem);
206DECLASM(int) UNWIND_WRAP(RTSemFastMutexRequest)(RTSEMFASTMUTEX MutexSem);
207DECLASM(int) UNWIND_WRAP(RTSemFastMutexRelease)(RTSEMFASTMUTEX MutexSem);
208DECLASM(int) UNWIND_WRAP(RTSemEventCreate)(PRTSEMEVENT pEventSem);
209DECLASM(int) UNWIND_WRAP(RTSemEventSignal)(RTSEMEVENT EventSem);
210DECLASM(int) UNWIND_WRAP(RTSemEventWait)(RTSEMEVENT EventSem, unsigned cMillies);
211DECLASM(int) UNWIND_WRAP(RTSemEventWaitNoResume)(RTSEMEVENT EventSem, unsigned cMillies);
212DECLASM(int) UNWIND_WRAP(RTSemEventDestroy)(RTSEMEVENT EventSem);
213DECLASM(int) UNWIND_WRAP(RTSemEventMultiCreate)(PRTSEMEVENTMULTI pEventMultiSem);
214DECLASM(int) UNWIND_WRAP(RTSemEventMultiSignal)(RTSEMEVENTMULTI EventMultiSem);
215DECLASM(int) UNWIND_WRAP(RTSemEventMultiReset)(RTSEMEVENTMULTI EventMultiSem);
216DECLASM(int) UNWIND_WRAP(RTSemEventMultiWait)(RTSEMEVENTMULTI EventMultiSem, unsigned cMillies);
217DECLASM(int) UNWIND_WRAP(RTSemEventMultiWaitNoResume)(RTSEMEVENTMULTI EventMultiSem, unsigned cMillies);
218DECLASM(int) UNWIND_WRAP(RTSemEventMultiDestroy)(RTSEMEVENTMULTI EventMultiSem);
219DECLASM(int) UNWIND_WRAP(RTSpinlockCreate)(PRTSPINLOCK pSpinlock);
220DECLASM(int) UNWIND_WRAP(RTSpinlockDestroy)(RTSPINLOCK Spinlock);
221DECLASM(void) UNWIND_WRAP(RTSpinlockAcquire)(RTSPINLOCK Spinlock, PRTSPINLOCKTMP pTmp);
222DECLASM(void) UNWIND_WRAP(RTSpinlockRelease)(RTSPINLOCK Spinlock, PRTSPINLOCKTMP pTmp);
223DECLASM(void) UNWIND_WRAP(RTSpinlockAcquireNoInts)(RTSPINLOCK Spinlock, PRTSPINLOCKTMP pTmp);
224DECLASM(void) UNWIND_WRAP(RTSpinlockReleaseNoInts)(RTSPINLOCK Spinlock, PRTSPINLOCKTMP pTmp);
225/* RTTimeNanoTS - not necessary */
226/* RTTimeMilliTS - not necessary */
227/* RTTimeSystemNanoTS - not necessary */
228/* RTTimeSystemMilliTS - not necessary */
229/* RTThreadNativeSelf - not necessary */
230DECLASM(int) UNWIND_WRAP(RTThreadSleep)(unsigned cMillies);
231DECLASM(bool) UNWIND_WRAP(RTThreadYield)(void);
232#if 0
233/* RTThreadSelf - not necessary */
234DECLASM(int) UNWIND_WRAP(RTThreadCreate)(PRTTHREAD pThread, PFNRTTHREAD pfnThread, void *pvUser, size_t cbStack,
235 RTTHREADTYPE enmType, unsigned fFlags, const char *pszName);
236DECLASM(RTNATIVETHREAD) UNWIND_WRAP(RTThreadGetNative)(RTTHREAD Thread);
237DECLASM(int) UNWIND_WRAP(RTThreadWait)(RTTHREAD Thread, unsigned cMillies, int *prc);
238DECLASM(int) UNWIND_WRAP(RTThreadWaitNoResume)(RTTHREAD Thread, unsigned cMillies, int *prc);
239DECLASM(const char *) UNWIND_WRAP(RTThreadGetName)(RTTHREAD Thread);
240DECLASM(const char *) UNWIND_WRAP(RTThreadSelfName)(void);
241DECLASM(RTTHREADTYPE) UNWIND_WRAP(RTThreadGetType)(RTTHREAD Thread);
242DECLASM(int) UNWIND_WRAP(RTThreadUserSignal)(RTTHREAD Thread);
243DECLASM(int) UNWIND_WRAP(RTThreadUserReset)(RTTHREAD Thread);
244DECLASM(int) UNWIND_WRAP(RTThreadUserWait)(RTTHREAD Thread, unsigned cMillies);
245DECLASM(int) UNWIND_WRAP(RTThreadUserWaitNoResume)(RTTHREAD Thread, unsigned cMillies);
246#endif
247/* RTLogDefaultInstance - a bit of a gamble, but we do not want the overhead! */
248/* RTMpCpuId - not necessary */
249/* RTMpCpuIdFromSetIndex - not necessary */
250/* RTMpCpuIdToSetIndex - not necessary */
251/* RTMpIsCpuPossible - not necessary */
252/* RTMpGetCount - not necessary */
253/* RTMpGetMaxCpuId - not necessary */
254/* RTMpGetOnlineCount - not necessary */
255/* RTMpGetOnlineSet - not necessary */
256/* RTMpGetSet - not necessary */
257/* RTMpIsCpuOnline - not necessary */
258DECLASM(int) UNWIND_WRAP(RTMpOnAll)(PFNRTMPWORKER pfnWorker, void *pvUser1, void *pvUser2);
259DECLASM(int) UNWIND_WRAP(RTMpOnOthers)(PFNRTMPWORKER pfnWorker, void *pvUser1, void *pvUser2);
260DECLASM(int) UNWIND_WRAP(RTMpOnSpecific)(RTCPUID idCpu, PFNRTMPWORKER pfnWorker, void *pvUser1, void *pvUser2);
261/* RTLogRelDefaultInstance - not necessary. */
262DECLASM(int) UNWIND_WRAP(RTLogSetDefaultInstanceThread)(PRTLOGGER pLogger, uintptr_t uKey);
263/* RTLogLogger - can't wrap this buster. */
264/* RTLogLoggerEx - can't wrap this buster. */
265DECLASM(void) UNWIND_WRAP(RTLogLoggerExV)(PRTLOGGER pLogger, unsigned fFlags, unsigned iGroup, const char *pszFormat, va_list args);
266/* RTLogPrintf - can't wrap this buster. */ /** @todo provide va_list log wrappers in RuntimeR0. */
267DECLASM(void) UNWIND_WRAP(RTLogPrintfV)(const char *pszFormat, va_list args);
268DECLASM(void) UNWIND_WRAP(AssertMsg1)(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction);
269/* AssertMsg2 - can't wrap this buster. */
270#endif /* RT_WITH_W64_UNWIND_HACK */
271
272
273/*******************************************************************************
274* Global Variables *
275*******************************************************************************/
276/**
277 * Array of the R0 SUP API.
278 */
279static SUPFUNC g_aFunctions[] =
280{
281 /* name function */
282 { "SUPR0ComponentRegisterFactory", (void *)UNWIND_WRAP(SUPR0ComponentRegisterFactory) },
283 { "SUPR0ComponentDeregisterFactory", (void *)UNWIND_WRAP(SUPR0ComponentDeregisterFactory) },
284 { "SUPR0ComponentQueryFactory", (void *)UNWIND_WRAP(SUPR0ComponentQueryFactory) },
285 { "SUPR0ObjRegister", (void *)UNWIND_WRAP(SUPR0ObjRegister) },
286 { "SUPR0ObjAddRef", (void *)UNWIND_WRAP(SUPR0ObjAddRef) },
287 { "SUPR0ObjRelease", (void *)UNWIND_WRAP(SUPR0ObjRelease) },
288 { "SUPR0ObjVerifyAccess", (void *)UNWIND_WRAP(SUPR0ObjVerifyAccess) },
289 { "SUPR0LockMem", (void *)UNWIND_WRAP(SUPR0LockMem) },
290 { "SUPR0UnlockMem", (void *)UNWIND_WRAP(SUPR0UnlockMem) },
291 { "SUPR0ContAlloc", (void *)UNWIND_WRAP(SUPR0ContAlloc) },
292 { "SUPR0ContFree", (void *)UNWIND_WRAP(SUPR0ContFree) },
293 { "SUPR0LowAlloc", (void *)UNWIND_WRAP(SUPR0LowAlloc) },
294 { "SUPR0LowFree", (void *)UNWIND_WRAP(SUPR0LowFree) },
295 { "SUPR0MemAlloc", (void *)UNWIND_WRAP(SUPR0MemAlloc) },
296 { "SUPR0MemGetPhys", (void *)UNWIND_WRAP(SUPR0MemGetPhys) },
297 { "SUPR0MemFree", (void *)UNWIND_WRAP(SUPR0MemFree) },
298 { "SUPR0PageAlloc", (void *)UNWIND_WRAP(SUPR0PageAlloc) },
299 { "SUPR0PageFree", (void *)UNWIND_WRAP(SUPR0PageFree) },
300 { "SUPR0Printf", (void *)SUPR0Printf }, /** @todo needs wrapping? */
301 { "RTMemAlloc", (void *)UNWIND_WRAP(RTMemAlloc) },
302 { "RTMemAllocZ", (void *)UNWIND_WRAP(RTMemAllocZ) },
303 { "RTMemFree", (void *)UNWIND_WRAP(RTMemFree) },
304 /*{ "RTMemDup", (void *)UNWIND_WRAP(RTMemDup) },
305 { "RTMemDupEx", (void *)UNWIND_WRAP(RTMemDupEx) },*/
306 { "RTMemRealloc", (void *)UNWIND_WRAP(RTMemRealloc) },
307 { "RTR0MemObjAllocLow", (void *)UNWIND_WRAP(RTR0MemObjAllocLow) },
308 { "RTR0MemObjAllocPage", (void *)UNWIND_WRAP(RTR0MemObjAllocPage) },
309 { "RTR0MemObjAllocPhys", (void *)UNWIND_WRAP(RTR0MemObjAllocPhys) },
310 { "RTR0MemObjAllocPhysNC", (void *)UNWIND_WRAP(RTR0MemObjAllocPhysNC) },
311 { "RTR0MemObjAllocCont", (void *)UNWIND_WRAP(RTR0MemObjAllocCont) },
312 { "RTR0MemObjLockUser", (void *)UNWIND_WRAP(RTR0MemObjLockUser) },
313 { "RTR0MemObjMapKernel", (void *)UNWIND_WRAP(RTR0MemObjMapKernel) },
314 { "RTR0MemObjMapUser", (void *)UNWIND_WRAP(RTR0MemObjMapUser) },
315 { "RTR0MemObjAddress", (void *)RTR0MemObjAddress },
316 { "RTR0MemObjAddressR3", (void *)RTR0MemObjAddressR3 },
317 { "RTR0MemObjSize", (void *)RTR0MemObjSize },
318 { "RTR0MemObjIsMapping", (void *)RTR0MemObjIsMapping },
319 { "RTR0MemObjGetPagePhysAddr", (void *)RTR0MemObjGetPagePhysAddr },
320 { "RTR0MemObjFree", (void *)UNWIND_WRAP(RTR0MemObjFree) },
321/* These don't work yet on linux - use fast mutexes!
322 { "RTSemMutexCreate", (void *)RTSemMutexCreate },
323 { "RTSemMutexRequest", (void *)RTSemMutexRequest },
324 { "RTSemMutexRelease", (void *)RTSemMutexRelease },
325 { "RTSemMutexDestroy", (void *)RTSemMutexDestroy },
326*/
327 { "RTProcSelf", (void *)RTProcSelf },
328 { "RTR0ProcHandleSelf", (void *)RTR0ProcHandleSelf },
329 { "RTSemFastMutexCreate", (void *)UNWIND_WRAP(RTSemFastMutexCreate) },
330 { "RTSemFastMutexDestroy", (void *)UNWIND_WRAP(RTSemFastMutexDestroy) },
331 { "RTSemFastMutexRequest", (void *)UNWIND_WRAP(RTSemFastMutexRequest) },
332 { "RTSemFastMutexRelease", (void *)UNWIND_WRAP(RTSemFastMutexRelease) },
333 { "RTSemEventCreate", (void *)UNWIND_WRAP(RTSemEventCreate) },
334 { "RTSemEventSignal", (void *)UNWIND_WRAP(RTSemEventSignal) },
335 { "RTSemEventWait", (void *)UNWIND_WRAP(RTSemEventWait) },
336 { "RTSemEventWaitNoResume", (void *)UNWIND_WRAP(RTSemEventWaitNoResume) },
337 { "RTSemEventDestroy", (void *)UNWIND_WRAP(RTSemEventDestroy) },
338 { "RTSemEventMultiCreate", (void *)UNWIND_WRAP(RTSemEventMultiCreate) },
339 { "RTSemEventMultiSignal", (void *)UNWIND_WRAP(RTSemEventMultiSignal) },
340 { "RTSemEventMultiReset", (void *)UNWIND_WRAP(RTSemEventMultiReset) },
341 { "RTSemEventMultiWait", (void *)UNWIND_WRAP(RTSemEventMultiWait) },
342 { "RTSemEventMultiWaitNoResume", (void *)UNWIND_WRAP(RTSemEventMultiWaitNoResume) },
343 { "RTSemEventMultiDestroy", (void *)UNWIND_WRAP(RTSemEventMultiDestroy) },
344 { "RTSpinlockCreate", (void *)UNWIND_WRAP(RTSpinlockCreate) },
345 { "RTSpinlockDestroy", (void *)UNWIND_WRAP(RTSpinlockDestroy) },
346 { "RTSpinlockAcquire", (void *)UNWIND_WRAP(RTSpinlockAcquire) },
347 { "RTSpinlockRelease", (void *)UNWIND_WRAP(RTSpinlockRelease) },
348 { "RTSpinlockAcquireNoInts", (void *)UNWIND_WRAP(RTSpinlockAcquireNoInts) },
349 { "RTSpinlockReleaseNoInts", (void *)UNWIND_WRAP(RTSpinlockReleaseNoInts) },
350 { "RTTimeNanoTS", (void *)RTTimeNanoTS },
351 { "RTTimeMillieTS", (void *)RTTimeMilliTS },
352 { "RTTimeSystemNanoTS", (void *)RTTimeSystemNanoTS },
353 { "RTTimeSystemMillieTS", (void *)RTTimeSystemMilliTS },
354 { "RTThreadNativeSelf", (void *)RTThreadNativeSelf },
355 { "RTThreadSleep", (void *)UNWIND_WRAP(RTThreadSleep) },
356 { "RTThreadYield", (void *)UNWIND_WRAP(RTThreadYield) },
357#if 0 /* Thread APIs, Part 2. */
358 { "RTThreadSelf", (void *)UNWIND_WRAP(RTThreadSelf) },
359 { "RTThreadCreate", (void *)UNWIND_WRAP(RTThreadCreate) }, /** @todo need to wrap the callback */
360 { "RTThreadGetNative", (void *)UNWIND_WRAP(RTThreadGetNative) },
361 { "RTThreadWait", (void *)UNWIND_WRAP(RTThreadWait) },
362 { "RTThreadWaitNoResume", (void *)UNWIND_WRAP(RTThreadWaitNoResume) },
363 { "RTThreadGetName", (void *)UNWIND_WRAP(RTThreadGetName) },
364 { "RTThreadSelfName", (void *)UNWIND_WRAP(RTThreadSelfName) },
365 { "RTThreadGetType", (void *)UNWIND_WRAP(RTThreadGetType) },
366 { "RTThreadUserSignal", (void *)UNWIND_WRAP(RTThreadUserSignal) },
367 { "RTThreadUserReset", (void *)UNWIND_WRAP(RTThreadUserReset) },
368 { "RTThreadUserWait", (void *)UNWIND_WRAP(RTThreadUserWait) },
369 { "RTThreadUserWaitNoResume", (void *)UNWIND_WRAP(RTThreadUserWaitNoResume) },
370#endif
371 { "RTLogDefaultInstance", (void *)RTLogDefaultInstance },
372 { "RTMpCpuId", (void *)RTMpCpuId },
373 { "RTMpCpuIdFromSetIndex", (void *)RTMpCpuIdFromSetIndex },
374 { "RTMpCpuIdToSetIndex", (void *)RTMpCpuIdToSetIndex },
375 { "RTMpIsCpuPossible", (void *)RTMpIsCpuPossible },
376 { "RTMpGetCount", (void *)RTMpGetCount },
377 { "RTMpGetMaxCpuId", (void *)RTMpGetMaxCpuId },
378 { "RTMpGetOnlineCount", (void *)RTMpGetOnlineCount },
379 { "RTMpGetOnlineSet", (void *)RTMpGetOnlineSet },
380 { "RTMpGetSet", (void *)RTMpGetSet },
381 { "RTMpIsCpuOnline", (void *)RTMpIsCpuOnline },
382 { "RTMpOnAll", (void *)UNWIND_WRAP(RTMpOnAll) },
383 { "RTMpOnOthers", (void *)UNWIND_WRAP(RTMpOnOthers) },
384 { "RTMpOnSpecific", (void *)UNWIND_WRAP(RTMpOnSpecific) },
385 { "RTPowerNotificationRegister", (void *)RTPowerNotificationRegister },
386 { "RTPowerNotificationDeregister", (void *)RTPowerNotificationDeregister },
387 { "RTLogRelDefaultInstance", (void *)RTLogRelDefaultInstance },
388 { "RTLogSetDefaultInstanceThread", (void *)UNWIND_WRAP(RTLogSetDefaultInstanceThread) },
389 { "RTLogLogger", (void *)RTLogLogger }, /** @todo remove this */
390 { "RTLogLoggerEx", (void *)RTLogLoggerEx }, /** @todo remove this */
391 { "RTLogLoggerExV", (void *)UNWIND_WRAP(RTLogLoggerExV) },
392 { "RTLogPrintf", (void *)RTLogPrintf }, /** @todo remove this */
393 { "RTLogPrintfV", (void *)UNWIND_WRAP(RTLogPrintfV) },
394 { "AssertMsg1", (void *)UNWIND_WRAP(AssertMsg1) },
395 { "AssertMsg2", (void *)AssertMsg2 }, /** @todo replace this by RTAssertMsg2V */
396};
397
398#if defined(RT_OS_DARWIN) || defined(RT_OS_SOLARIS)
399/**
400 * Drag in the rest of IRPT since we share it with the
401 * rest of the kernel modules on darwin.
402 */
403PFNRT g_apfnVBoxDrvIPRTDeps[] =
404{
405 (PFNRT)RTCrc32,
406 (PFNRT)RTErrConvertFromErrno,
407 (PFNRT)RTNetIPv4IsHdrValid,
408 (PFNRT)RTNetIPv4TCPChecksum,
409 (PFNRT)RTNetIPv4UDPChecksum,
410 (PFNRT)RTUuidCompare,
411 (PFNRT)RTUuidCompareStr,
412 (PFNRT)RTUuidFromStr,
413 NULL
414};
415#endif /* RT_OS_DARWIN || RT_OS_SOLARIS */
416
417
418/**
419 * Initializes the device extentsion structure.
420 *
421 * @returns IPRT status code.
422 * @param pDevExt The device extension to initialize.
423 */
424int VBOXCALL supdrvInitDevExt(PSUPDRVDEVEXT pDevExt)
425{
426 int rc;
427
428#ifdef SUPDRV_WITH_RELEASE_LOGGER
429 /*
430 * Create the release log.
431 */
432 static const char * const s_apszGroups[] = VBOX_LOGGROUP_NAMES;
433 PRTLOGGER pRelLogger;
434 rc = RTLogCreate(&pRelLogger, 0 /* fFlags */, "all",
435 "VBOX_RELEASE_LOG", RT_ELEMENTS(s_apszGroups), s_apszGroups,
436 RTLOGDEST_STDOUT | RTLOGDEST_DEBUGGER, NULL);
437 if (RT_SUCCESS(rc))
438 RTLogRelSetDefaultInstance(pRelLogger);
439#endif
440
441 /*
442 * Initialize it.
443 */
444 memset(pDevExt, 0, sizeof(*pDevExt));
445 rc = RTSpinlockCreate(&pDevExt->Spinlock);
446 if (!rc)
447 {
448 rc = RTSemFastMutexCreate(&pDevExt->mtxLdr);
449 if (!rc)
450 {
451 rc = RTSemFastMutexCreate(&pDevExt->mtxComponentFactory);
452 if (!rc)
453 {
454 rc = RTSemFastMutexCreate(&pDevExt->mtxGip);
455 if (!rc)
456 {
457 rc = supdrvGipCreate(pDevExt);
458 if (RT_SUCCESS(rc))
459 {
460 pDevExt->u32Cookie = BIRD; /** @todo make this random? */
461 return VINF_SUCCESS;
462 }
463
464 RTSemFastMutexDestroy(pDevExt->mtxGip);
465 pDevExt->mtxGip = NIL_RTSEMFASTMUTEX;
466 }
467 RTSemFastMutexDestroy(pDevExt->mtxComponentFactory);
468 pDevExt->mtxComponentFactory = NIL_RTSEMFASTMUTEX;
469 }
470 RTSemFastMutexDestroy(pDevExt->mtxLdr);
471 pDevExt->mtxLdr = NIL_RTSEMFASTMUTEX;
472 }
473 RTSpinlockDestroy(pDevExt->Spinlock);
474 pDevExt->Spinlock = NIL_RTSPINLOCK;
475 }
476#ifdef SUPDRV_WITH_RELEASE_LOGGER
477 RTLogDestroy(RTLogRelSetDefaultInstance(NULL));
478 RTLogDestroy(RTLogSetDefaultInstance(NULL));
479#endif
480
481 return rc;
482}
483
484
485/**
486 * Delete the device extension (e.g. cleanup members).
487 *
488 * @param pDevExt The device extension to delete.
489 */
490void VBOXCALL supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt)
491{
492#ifdef VBOX_WITH_IDT_PATCHING
493 PSUPDRVPATCH pPatch;
494#endif
495 PSUPDRVOBJ pObj;
496 PSUPDRVUSAGE pUsage;
497
498 /*
499 * Kill mutexes and spinlocks.
500 */
501 RTSemFastMutexDestroy(pDevExt->mtxGip);
502 pDevExt->mtxGip = NIL_RTSEMFASTMUTEX;
503 RTSemFastMutexDestroy(pDevExt->mtxLdr);
504 pDevExt->mtxLdr = NIL_RTSEMFASTMUTEX;
505 RTSpinlockDestroy(pDevExt->Spinlock);
506 pDevExt->Spinlock = NIL_RTSPINLOCK;
507 RTSemFastMutexDestroy(pDevExt->mtxComponentFactory);
508 pDevExt->mtxComponentFactory = NIL_RTSEMFASTMUTEX;
509
510 /*
511 * Free lists.
512 */
513#ifdef VBOX_WITH_IDT_PATCHING
514 /* patches */
515 /** @todo make sure we don't uninstall patches which has been patched by someone else. */
516 pPatch = pDevExt->pIdtPatchesFree;
517 pDevExt->pIdtPatchesFree = NULL;
518 while (pPatch)
519 {
520 void *pvFree = pPatch;
521 pPatch = pPatch->pNext;
522 RTMemExecFree(pvFree);
523 }
524#endif /* VBOX_WITH_IDT_PATCHING */
525
526 /* objects. */
527 pObj = pDevExt->pObjs;
528#if !defined(DEBUG_bird) || !defined(RT_OS_LINUX) /* breaks unloading, temporary, remove me! */
529 Assert(!pObj); /* (can trigger on forced unloads) */
530#endif
531 pDevExt->pObjs = NULL;
532 while (pObj)
533 {
534 void *pvFree = pObj;
535 pObj = pObj->pNext;
536 RTMemFree(pvFree);
537 }
538
539 /* usage records. */
540 pUsage = pDevExt->pUsageFree;
541 pDevExt->pUsageFree = NULL;
542 while (pUsage)
543 {
544 void *pvFree = pUsage;
545 pUsage = pUsage->pNext;
546 RTMemFree(pvFree);
547 }
548
549 /* kill the GIP. */
550 supdrvGipDestroy(pDevExt);
551
552#ifdef SUPDRV_WITH_RELEASE_LOGGER
553 /* destroy the loggers. */
554 RTLogDestroy(RTLogRelSetDefaultInstance(NULL));
555 RTLogDestroy(RTLogSetDefaultInstance(NULL));
556#endif
557}
558
559
560/**
561 * Create session.
562 *
563 * @returns IPRT status code.
564 * @param pDevExt Device extension.
565 * @param fUser Flag indicating whether this is a user or kernel session.
566 * @param ppSession Where to store the pointer to the session data.
567 */
568int VBOXCALL supdrvCreateSession(PSUPDRVDEVEXT pDevExt, bool fUser, PSUPDRVSESSION *ppSession)
569{
570 /*
571 * Allocate memory for the session data.
572 */
573 int rc = VERR_NO_MEMORY;
574 PSUPDRVSESSION pSession = *ppSession = (PSUPDRVSESSION)RTMemAllocZ(sizeof(*pSession));
575 if (pSession)
576 {
577 /* Initialize session data. */
578 rc = RTSpinlockCreate(&pSession->Spinlock);
579 if (!rc)
580 {
581 Assert(pSession->Spinlock != NIL_RTSPINLOCK);
582 pSession->pDevExt = pDevExt;
583 pSession->u32Cookie = BIRD_INV;
584 /*pSession->pLdrUsage = NULL;
585 pSession->pPatchUsage = NULL;
586 pSession->pVM = NULL;
587 pSession->pUsage = NULL;
588 pSession->pGip = NULL;
589 pSession->fGipReferenced = false;
590 pSession->Bundle.cUsed = 0; */
591 pSession->Uid = NIL_RTUID;
592 pSession->Gid = NIL_RTGID;
593 if (fUser)
594 {
595 pSession->Process = RTProcSelf();
596 pSession->R0Process = RTR0ProcHandleSelf();
597 }
598 else
599 {
600 pSession->Process = NIL_RTPROCESS;
601 pSession->R0Process = NIL_RTR0PROCESS;
602 }
603
604 LogFlow(("Created session %p initial cookie=%#x\n", pSession, pSession->u32Cookie));
605 return VINF_SUCCESS;
606 }
607
608 RTMemFree(pSession);
609 *ppSession = NULL;
610 Log(("Failed to create spinlock, rc=%d!\n", rc));
611 }
612
613 return rc;
614}
615
616
617/**
618 * Shared code for cleaning up a session.
619 *
620 * @param pDevExt Device extension.
621 * @param pSession Session data.
622 * This data will be freed by this routine.
623 */
624void VBOXCALL supdrvCloseSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
625{
626 /*
627 * Cleanup the session first.
628 */
629 supdrvCleanupSession(pDevExt, pSession);
630
631 /*
632 * Free the rest of the session stuff.
633 */
634 RTSpinlockDestroy(pSession->Spinlock);
635 pSession->Spinlock = NIL_RTSPINLOCK;
636 pSession->pDevExt = NULL;
637 RTMemFree(pSession);
638 LogFlow(("supdrvCloseSession: returns\n"));
639}
640
641
642/**
643 * Shared code for cleaning up a session (but not quite freeing it).
644 *
645 * This is primarily intended for MAC OS X where we have to clean up the memory
646 * stuff before the file handle is closed.
647 *
648 * @param pDevExt Device extension.
649 * @param pSession Session data.
650 * This data will be freed by this routine.
651 */
652void VBOXCALL supdrvCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
653{
654 PSUPDRVBUNDLE pBundle;
655 LogFlow(("supdrvCleanupSession: pSession=%p\n", pSession));
656
657 /*
658 * Remove logger instances related to this session.
659 */
660 RTLogSetDefaultInstanceThread(NULL, (uintptr_t)pSession);
661
662#ifdef VBOX_WITH_IDT_PATCHING
663 /*
664 * Uninstall any IDT patches installed for this session.
665 */
666 supdrvIOCtl_IdtRemoveAll(pDevExt, pSession);
667#endif
668
669 /*
670 * Release object references made in this session.
671 * In theory there should be noone racing us in this session.
672 */
673 Log2(("release objects - start\n"));
674 if (pSession->pUsage)
675 {
676 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
677 PSUPDRVUSAGE pUsage;
678 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
679
680 while ((pUsage = pSession->pUsage) != NULL)
681 {
682 PSUPDRVOBJ pObj = pUsage->pObj;
683 pSession->pUsage = pUsage->pNext;
684
685 AssertMsg(pUsage->cUsage >= 1 && pObj->cUsage >= pUsage->cUsage, ("glob %d; sess %d\n", pObj->cUsage, pUsage->cUsage));
686 if (pUsage->cUsage < pObj->cUsage)
687 {
688 pObj->cUsage -= pUsage->cUsage;
689 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
690 }
691 else
692 {
693 /* Destroy the object and free the record. */
694 if (pDevExt->pObjs == pObj)
695 pDevExt->pObjs = pObj->pNext;
696 else
697 {
698 PSUPDRVOBJ pObjPrev;
699 for (pObjPrev = pDevExt->pObjs; pObjPrev; pObjPrev = pObjPrev->pNext)
700 if (pObjPrev->pNext == pObj)
701 {
702 pObjPrev->pNext = pObj->pNext;
703 break;
704 }
705 Assert(pObjPrev);
706 }
707 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
708
709 Log(("supdrvCleanupSession: destroying %p/%d (%p/%p) cpid=%RTproc pid=%RTproc dtor=%p\n",
710 pObj, pObj->enmType, pObj->pvUser1, pObj->pvUser2, pObj->CreatorProcess, RTProcSelf(), pObj->pfnDestructor));
711 if (pObj->pfnDestructor)
712#ifdef RT_WITH_W64_UNWIND_HACK
713 supdrvNtWrapObjDestructor((PFNRT)pObj->pfnDestructor, pObj, pObj->pvUser1, pObj->pvUser2);
714#else
715 pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
716#endif
717 RTMemFree(pObj);
718 }
719
720 /* free it and continue. */
721 RTMemFree(pUsage);
722
723 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
724 }
725
726 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
727 AssertMsg(!pSession->pUsage, ("Some buster reregistered an object during desturction!\n"));
728 }
729 Log2(("release objects - done\n"));
730
731 /*
732 * Release memory allocated in the session.
733 *
734 * We do not serialize this as we assume that the application will
735 * not allocated memory while closing the file handle object.
736 */
737 Log2(("freeing memory:\n"));
738 pBundle = &pSession->Bundle;
739 while (pBundle)
740 {
741 PSUPDRVBUNDLE pToFree;
742 unsigned i;
743
744 /*
745 * Check and unlock all entries in the bundle.
746 */
747 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
748 {
749 if (pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ)
750 {
751 int rc;
752 Log2(("eType=%d pvR0=%p pvR3=%p cb=%ld\n", pBundle->aMem[i].eType, RTR0MemObjAddress(pBundle->aMem[i].MemObj),
753 (void *)RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3), (long)RTR0MemObjSize(pBundle->aMem[i].MemObj)));
754 if (pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ)
755 {
756 rc = RTR0MemObjFree(pBundle->aMem[i].MapObjR3, false);
757 AssertRC(rc); /** @todo figure out how to handle this. */
758 pBundle->aMem[i].MapObjR3 = NIL_RTR0MEMOBJ;
759 }
760 rc = RTR0MemObjFree(pBundle->aMem[i].MemObj, false);
761 AssertRC(rc); /** @todo figure out how to handle this. */
762 pBundle->aMem[i].MemObj = NIL_RTR0MEMOBJ;
763 pBundle->aMem[i].eType = MEMREF_TYPE_UNUSED;
764 }
765 }
766
767 /*
768 * Advance and free previous bundle.
769 */
770 pToFree = pBundle;
771 pBundle = pBundle->pNext;
772
773 pToFree->pNext = NULL;
774 pToFree->cUsed = 0;
775 if (pToFree != &pSession->Bundle)
776 RTMemFree(pToFree);
777 }
778 Log2(("freeing memory - done\n"));
779
780 /*
781 * Deregister component factories.
782 */
783 RTSemFastMutexRequest(pDevExt->mtxComponentFactory);
784 Log2(("deregistering component factories:\n"));
785 if (pDevExt->pComponentFactoryHead)
786 {
787 PSUPDRVFACTORYREG pPrev = NULL;
788 PSUPDRVFACTORYREG pCur = pDevExt->pComponentFactoryHead;
789 while (pCur)
790 {
791 if (pCur->pSession == pSession)
792 {
793 /* unlink it */
794 PSUPDRVFACTORYREG pNext = pCur->pNext;
795 if (pPrev)
796 pPrev->pNext = pNext;
797 else
798 pDevExt->pComponentFactoryHead = pNext;
799
800 /* free it */
801 pCur->pNext = NULL;
802 pCur->pSession = NULL;
803 pCur->pFactory = NULL;
804 RTMemFree(pCur);
805
806 /* next */
807 pCur = pNext;
808 }
809 else
810 {
811 /* next */
812 pPrev = pCur;
813 pCur = pCur->pNext;
814 }
815 }
816 }
817 RTSemFastMutexRelease(pDevExt->mtxComponentFactory);
818 Log2(("deregistering component factories - done\n"));
819
820 /*
821 * Loaded images needs to be dereferenced and possibly freed up.
822 */
823 RTSemFastMutexRequest(pDevExt->mtxLdr);
824 Log2(("freeing images:\n"));
825 if (pSession->pLdrUsage)
826 {
827 PSUPDRVLDRUSAGE pUsage = pSession->pLdrUsage;
828 pSession->pLdrUsage = NULL;
829 while (pUsage)
830 {
831 void *pvFree = pUsage;
832 PSUPDRVLDRIMAGE pImage = pUsage->pImage;
833 if (pImage->cUsage > pUsage->cUsage)
834 pImage->cUsage -= pUsage->cUsage;
835 else
836 supdrvLdrFree(pDevExt, pImage);
837 pUsage->pImage = NULL;
838 pUsage = pUsage->pNext;
839 RTMemFree(pvFree);
840 }
841 }
842 RTSemFastMutexRelease(pDevExt->mtxLdr);
843 Log2(("freeing images - done\n"));
844
845 /*
846 * Unmap the GIP.
847 */
848 Log2(("umapping GIP:\n"));
849 if (pSession->GipMapObjR3 != NIL_RTR0MEMOBJ)
850 {
851 SUPR0GipUnmap(pSession);
852 pSession->fGipReferenced = 0;
853 }
854 Log2(("umapping GIP - done\n"));
855}
856
857
858/**
859 * Fast path I/O Control worker.
860 *
861 * @returns VBox status code that should be passed down to ring-3 unchanged.
862 * @param uIOCtl Function number.
863 * @param idCpu VMCPU id.
864 * @param pDevExt Device extention.
865 * @param pSession Session data.
866 */
867int VBOXCALL supdrvIOCtlFast(uintptr_t uIOCtl, unsigned idCpu, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
868{
869 /*
870 * We check the two prereqs after doing this only to allow the compiler to optimize things better.
871 */
872 if (RT_LIKELY(pSession->pVM && pDevExt->pfnVMMR0EntryFast))
873 {
874 switch (uIOCtl)
875 {
876 case SUP_IOCTL_FAST_DO_RAW_RUN:
877#ifdef RT_WITH_W64_UNWIND_HACK
878 supdrvNtWrapVMMR0EntryFast((PFNRT)pDevExt->pfnVMMR0EntryFast, pSession->pVM, idCpu, SUP_VMMR0_DO_RAW_RUN);
879#else
880 pDevExt->pfnVMMR0EntryFast(pSession->pVM, idCpu, SUP_VMMR0_DO_RAW_RUN);
881#endif
882 break;
883 case SUP_IOCTL_FAST_DO_HWACC_RUN:
884#ifdef RT_WITH_W64_UNWIND_HACK
885 supdrvNtWrapVMMR0EntryFast((PFNRT)pDevExt->pfnVMMR0EntryFast, pSession->pVM, idCpu, SUP_VMMR0_DO_HWACC_RUN);
886#else
887 pDevExt->pfnVMMR0EntryFast(pSession->pVM, idCpu, SUP_VMMR0_DO_HWACC_RUN);
888#endif
889 break;
890 case SUP_IOCTL_FAST_DO_NOP:
891#ifdef RT_WITH_W64_UNWIND_HACK
892 supdrvNtWrapVMMR0EntryFast((PFNRT)pDevExt->pfnVMMR0EntryFast, pSession->pVM, idCpu, SUP_VMMR0_DO_NOP);
893#else
894 pDevExt->pfnVMMR0EntryFast(pSession->pVM, idCpu, SUP_VMMR0_DO_NOP);
895#endif
896 break;
897 default:
898 return VERR_INTERNAL_ERROR;
899 }
900 return VINF_SUCCESS;
901 }
902 return VERR_INTERNAL_ERROR;
903}
904
905
906/**
907 * Helper for supdrvIOCtl. Check if pszStr contains any character of pszChars.
908 * We would use strpbrk here if this function would be contained in the RedHat kABI white
909 * list, see http://www.kerneldrivers.org/RHEL5.
910 *
911 * @return 1 if pszStr does contain any character of pszChars, 0 otherwise.
912 * @param pszStr String to check
913 * @param pszChars Character set
914 */
915static int supdrvCheckInvalidChar(const char *pszStr, const char *pszChars)
916{
917 int chCur;
918 while ((chCur = *pszStr++) != '\0')
919 {
920 int ch;
921 const char *psz = pszChars;
922 while ((ch = *psz++) != '\0')
923 if (ch == chCur)
924 return 1;
925
926 }
927 return 0;
928}
929
930
931/**
932 * I/O Control worker.
933 *
934 * @returns 0 on success.
935 * @returns VERR_INVALID_PARAMETER if the request is invalid.
936 *
937 * @param uIOCtl Function number.
938 * @param pDevExt Device extention.
939 * @param pSession Session data.
940 * @param pReqHdr The request header.
941 */
942int VBOXCALL supdrvIOCtl(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPREQHDR pReqHdr)
943{
944 /*
945 * Validate the request.
946 */
947 /* this first check could probably be omitted as its also done by the OS specific code... */
948 if (RT_UNLIKELY( (pReqHdr->fFlags & SUPREQHDR_FLAGS_MAGIC_MASK) != SUPREQHDR_FLAGS_MAGIC
949 || pReqHdr->cbIn < sizeof(*pReqHdr)
950 || pReqHdr->cbOut < sizeof(*pReqHdr)))
951 {
952 OSDBGPRINT(("vboxdrv: Bad ioctl request header; cbIn=%#lx cbOut=%#lx fFlags=%#lx\n",
953 (long)pReqHdr->cbIn, (long)pReqHdr->cbOut, (long)pReqHdr->fFlags));
954 return VERR_INVALID_PARAMETER;
955 }
956 if (RT_UNLIKELY(uIOCtl == SUP_IOCTL_COOKIE))
957 {
958 if (pReqHdr->u32Cookie != SUPCOOKIE_INITIAL_COOKIE)
959 {
960 OSDBGPRINT(("SUP_IOCTL_COOKIE: bad cookie %#lx\n", (long)pReqHdr->u32Cookie));
961 return VERR_INVALID_PARAMETER;
962 }
963 }
964 else if (RT_UNLIKELY( pReqHdr->u32Cookie != pDevExt->u32Cookie
965 || pReqHdr->u32SessionCookie != pSession->u32Cookie))
966 {
967 OSDBGPRINT(("vboxdrv: bad cookie %#lx / %#lx.\n", (long)pReqHdr->u32Cookie, (long)pReqHdr->u32SessionCookie));
968 return VERR_INVALID_PARAMETER;
969 }
970
971/*
972 * Validation macros
973 */
974#define REQ_CHECK_SIZES_EX(Name, cbInExpect, cbOutExpect) \
975 do { \
976 if (RT_UNLIKELY(pReqHdr->cbIn != (cbInExpect) || pReqHdr->cbOut != (cbOutExpect))) \
977 { \
978 OSDBGPRINT(( #Name ": Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n", \
979 (long)pReq->Hdr.cbIn, (long)(cbInExpect), (long)pReq->Hdr.cbOut, (long)(cbOutExpect))); \
980 return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
981 } \
982 } while (0)
983
984#define REQ_CHECK_SIZES(Name) REQ_CHECK_SIZES_EX(Name, Name ## _SIZE_IN, Name ## _SIZE_OUT)
985
986#define REQ_CHECK_SIZE_IN(Name, cbInExpect) \
987 do { \
988 if (RT_UNLIKELY(pReqHdr->cbIn != (cbInExpect))) \
989 { \
990 OSDBGPRINT(( #Name ": Invalid input/output sizes. cbIn=%ld expected %ld.\n", \
991 (long)pReq->Hdr.cbIn, (long)(cbInExpect))); \
992 return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
993 } \
994 } while (0)
995
996#define REQ_CHECK_SIZE_OUT(Name, cbOutExpect) \
997 do { \
998 if (RT_UNLIKELY(pReqHdr->cbOut != (cbOutExpect))) \
999 { \
1000 OSDBGPRINT(( #Name ": Invalid input/output sizes. cbOut=%ld expected %ld.\n", \
1001 (long)pReq->Hdr.cbOut, (long)(cbOutExpect))); \
1002 return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
1003 } \
1004 } while (0)
1005
1006#define REQ_CHECK_EXPR(Name, expr) \
1007 do { \
1008 if (RT_UNLIKELY(!(expr))) \
1009 { \
1010 OSDBGPRINT(( #Name ": %s\n", #expr)); \
1011 return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
1012 } \
1013 } while (0)
1014
1015#define REQ_CHECK_EXPR_FMT(expr, fmt) \
1016 do { \
1017 if (RT_UNLIKELY(!(expr))) \
1018 { \
1019 OSDBGPRINT( fmt ); \
1020 return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
1021 } \
1022 } while (0)
1023
1024
1025 /*
1026 * The switch.
1027 */
1028 switch (SUP_CTL_CODE_NO_SIZE(uIOCtl))
1029 {
1030 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_COOKIE):
1031 {
1032 PSUPCOOKIE pReq = (PSUPCOOKIE)pReqHdr;
1033 REQ_CHECK_SIZES(SUP_IOCTL_COOKIE);
1034 if (strncmp(pReq->u.In.szMagic, SUPCOOKIE_MAGIC, sizeof(pReq->u.In.szMagic)))
1035 {
1036 OSDBGPRINT(("SUP_IOCTL_COOKIE: invalid magic %.16s\n", pReq->u.In.szMagic));
1037 pReq->Hdr.rc = VERR_INVALID_MAGIC;
1038 return 0;
1039 }
1040
1041#if 0
1042 /*
1043 * Call out to the OS specific code and let it do permission checks on the
1044 * client process.
1045 */
1046 if (!supdrvOSValidateClientProcess(pDevExt, pSession))
1047 {
1048 pReq->u.Out.u32Cookie = 0xffffffff;
1049 pReq->u.Out.u32SessionCookie = 0xffffffff;
1050 pReq->u.Out.u32SessionVersion = 0xffffffff;
1051 pReq->u.Out.u32DriverVersion = SUPDRV_IOC_VERSION;
1052 pReq->u.Out.pSession = NULL;
1053 pReq->u.Out.cFunctions = 0;
1054 pReq->Hdr.rc = VERR_PERMISSION_DENIED;
1055 return 0;
1056 }
1057#endif
1058
1059 /*
1060 * Match the version.
1061 * The current logic is very simple, match the major interface version.
1062 */
1063 if ( pReq->u.In.u32MinVersion > SUPDRV_IOC_VERSION
1064 || (pReq->u.In.u32MinVersion & 0xffff0000) != (SUPDRV_IOC_VERSION & 0xffff0000))
1065 {
1066 OSDBGPRINT(("SUP_IOCTL_COOKIE: Version mismatch. Requested: %#x Min: %#x Current: %#x\n",
1067 pReq->u.In.u32ReqVersion, pReq->u.In.u32MinVersion, SUPDRV_IOC_VERSION));
1068 pReq->u.Out.u32Cookie = 0xffffffff;
1069 pReq->u.Out.u32SessionCookie = 0xffffffff;
1070 pReq->u.Out.u32SessionVersion = 0xffffffff;
1071 pReq->u.Out.u32DriverVersion = SUPDRV_IOC_VERSION;
1072 pReq->u.Out.pSession = NULL;
1073 pReq->u.Out.cFunctions = 0;
1074 pReq->Hdr.rc = VERR_VERSION_MISMATCH;
1075 return 0;
1076 }
1077
1078 /*
1079 * Fill in return data and be gone.
1080 * N.B. The first one to change SUPDRV_IOC_VERSION shall makes sure that
1081 * u32SessionVersion <= u32ReqVersion!
1082 */
1083 /** @todo Somehow validate the client and negotiate a secure cookie... */
1084 pReq->u.Out.u32Cookie = pDevExt->u32Cookie;
1085 pReq->u.Out.u32SessionCookie = pSession->u32Cookie;
1086 pReq->u.Out.u32SessionVersion = SUPDRV_IOC_VERSION;
1087 pReq->u.Out.u32DriverVersion = SUPDRV_IOC_VERSION;
1088 pReq->u.Out.pSession = pSession;
1089 pReq->u.Out.cFunctions = sizeof(g_aFunctions) / sizeof(g_aFunctions[0]);
1090 pReq->Hdr.rc = VINF_SUCCESS;
1091 return 0;
1092 }
1093
1094 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_QUERY_FUNCS(0)):
1095 {
1096 /* validate */
1097 PSUPQUERYFUNCS pReq = (PSUPQUERYFUNCS)pReqHdr;
1098 REQ_CHECK_SIZES_EX(SUP_IOCTL_QUERY_FUNCS, SUP_IOCTL_QUERY_FUNCS_SIZE_IN, SUP_IOCTL_QUERY_FUNCS_SIZE_OUT(RT_ELEMENTS(g_aFunctions)));
1099
1100 /* execute */
1101 pReq->u.Out.cFunctions = RT_ELEMENTS(g_aFunctions);
1102 memcpy(&pReq->u.Out.aFunctions[0], g_aFunctions, sizeof(g_aFunctions));
1103 pReq->Hdr.rc = VINF_SUCCESS;
1104 return 0;
1105 }
1106
1107 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_IDT_INSTALL):
1108 {
1109 /* validate */
1110 PSUPIDTINSTALL pReq = (PSUPIDTINSTALL)pReqHdr;
1111 REQ_CHECK_SIZES(SUP_IOCTL_IDT_INSTALL);
1112
1113 /* execute */
1114#ifdef VBOX_WITH_IDT_PATCHING
1115 pReq->Hdr.rc = supdrvIOCtl_IdtInstall(pDevExt, pSession, pReq);
1116#else
1117 pReq->u.Out.u8Idt = 3;
1118 pReq->Hdr.rc = VERR_NOT_SUPPORTED;
1119#endif
1120 return 0;
1121 }
1122
1123 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_IDT_REMOVE):
1124 {
1125 /* validate */
1126 PSUPIDTREMOVE pReq = (PSUPIDTREMOVE)pReqHdr;
1127 REQ_CHECK_SIZES(SUP_IOCTL_IDT_REMOVE);
1128
1129 /* execute */
1130#ifdef VBOX_WITH_IDT_PATCHING
1131 pReq->Hdr.rc = supdrvIOCtl_IdtRemoveAll(pDevExt, pSession);
1132#else
1133 pReq->Hdr.rc = VERR_NOT_SUPPORTED;
1134#endif
1135 return 0;
1136 }
1137
1138 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_LOCK):
1139 {
1140 /* validate */
1141 PSUPPAGELOCK pReq = (PSUPPAGELOCK)pReqHdr;
1142 REQ_CHECK_SIZE_IN(SUP_IOCTL_PAGE_LOCK, SUP_IOCTL_PAGE_LOCK_SIZE_IN);
1143 REQ_CHECK_SIZE_OUT(SUP_IOCTL_PAGE_LOCK, SUP_IOCTL_PAGE_LOCK_SIZE_OUT(pReq->u.In.cPages));
1144 REQ_CHECK_EXPR(SUP_IOCTL_PAGE_LOCK, pReq->u.In.cPages > 0);
1145 REQ_CHECK_EXPR(SUP_IOCTL_PAGE_LOCK, pReq->u.In.pvR3 >= PAGE_SIZE);
1146
1147 /* execute */
1148 pReq->Hdr.rc = SUPR0LockMem(pSession, pReq->u.In.pvR3, pReq->u.In.cPages, &pReq->u.Out.aPages[0]);
1149 if (RT_FAILURE(pReq->Hdr.rc))
1150 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
1151 return 0;
1152 }
1153
1154 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_UNLOCK):
1155 {
1156 /* validate */
1157 PSUPPAGEUNLOCK pReq = (PSUPPAGEUNLOCK)pReqHdr;
1158 REQ_CHECK_SIZES(SUP_IOCTL_PAGE_UNLOCK);
1159
1160 /* execute */
1161 pReq->Hdr.rc = SUPR0UnlockMem(pSession, pReq->u.In.pvR3);
1162 return 0;
1163 }
1164
1165 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CONT_ALLOC):
1166 {
1167 /* validate */
1168 PSUPCONTALLOC pReq = (PSUPCONTALLOC)pReqHdr;
1169 REQ_CHECK_SIZES(SUP_IOCTL_CONT_ALLOC);
1170
1171 /* execute */
1172 pReq->Hdr.rc = SUPR0ContAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR0, &pReq->u.Out.pvR3, &pReq->u.Out.HCPhys);
1173 if (RT_FAILURE(pReq->Hdr.rc))
1174 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
1175 return 0;
1176 }
1177
1178 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CONT_FREE):
1179 {
1180 /* validate */
1181 PSUPCONTFREE pReq = (PSUPCONTFREE)pReqHdr;
1182 REQ_CHECK_SIZES(SUP_IOCTL_CONT_FREE);
1183
1184 /* execute */
1185 pReq->Hdr.rc = SUPR0ContFree(pSession, (RTHCUINTPTR)pReq->u.In.pvR3);
1186 return 0;
1187 }
1188
1189 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_OPEN):
1190 {
1191 /* validate */
1192 PSUPLDROPEN pReq = (PSUPLDROPEN)pReqHdr;
1193 REQ_CHECK_SIZES(SUP_IOCTL_LDR_OPEN);
1194 REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImage > 0);
1195 REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImage < _1M*16);
1196 REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.szName[0]);
1197 REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, memchr(pReq->u.In.szName, '\0', sizeof(pReq->u.In.szName)));
1198 REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, !supdrvCheckInvalidChar(pReq->u.In.szName, ";:()[]{}/\\|&*%#@!~`\"'"));
1199
1200 /* execute */
1201 pReq->Hdr.rc = supdrvIOCtl_LdrOpen(pDevExt, pSession, pReq);
1202 return 0;
1203 }
1204
1205 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_LOAD):
1206 {
1207 /* validate */
1208 PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
1209 REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= sizeof(*pReq));
1210 REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImage), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
1211 REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);
1212 REQ_CHECK_EXPR_FMT( !pReq->u.In.cSymbols
1213 || ( pReq->u.In.offSymbols < pReq->u.In.cbImage
1214 && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImage),
1215 ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImage=%#lx\n", (long)pReq->u.In.offSymbols,
1216 (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImage));
1217 REQ_CHECK_EXPR_FMT( !pReq->u.In.cbStrTab
1218 || ( pReq->u.In.offStrTab < pReq->u.In.cbImage
1219 && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImage
1220 && pReq->u.In.cbStrTab <= pReq->u.In.cbImage),
1221 ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImage=%#lx\n", (long)pReq->u.In.offStrTab,
1222 (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImage));
1223
1224 if (pReq->u.In.cSymbols)
1225 {
1226 uint32_t i;
1227 PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.achImage[pReq->u.In.offSymbols];
1228 for (i = 0; i < pReq->u.In.cSymbols; i++)
1229 {
1230 REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImage,
1231 ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImage));
1232 REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab,
1233 ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImage));
1234 REQ_CHECK_EXPR_FMT(memchr(&pReq->u.In.achImage[pReq->u.In.offStrTab + paSyms[i].offName], '\0', pReq->u.In.cbStrTab - paSyms[i].offName),
1235 ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImage));
1236 }
1237 }
1238
1239 /* execute */
1240 pReq->Hdr.rc = supdrvIOCtl_LdrLoad(pDevExt, pSession, pReq);
1241 return 0;
1242 }
1243
1244 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_FREE):
1245 {
1246 /* validate */
1247 PSUPLDRFREE pReq = (PSUPLDRFREE)pReqHdr;
1248 REQ_CHECK_SIZES(SUP_IOCTL_LDR_FREE);
1249
1250 /* execute */
1251 pReq->Hdr.rc = supdrvIOCtl_LdrFree(pDevExt, pSession, pReq);
1252 return 0;
1253 }
1254
1255 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_GET_SYMBOL):
1256 {
1257 /* validate */
1258 PSUPLDRGETSYMBOL pReq = (PSUPLDRGETSYMBOL)pReqHdr;
1259 REQ_CHECK_SIZES(SUP_IOCTL_LDR_GET_SYMBOL);
1260 REQ_CHECK_EXPR(SUP_IOCTL_LDR_GET_SYMBOL, memchr(pReq->u.In.szSymbol, '\0', sizeof(pReq->u.In.szSymbol)));
1261
1262 /* execute */
1263 pReq->Hdr.rc = supdrvIOCtl_LdrGetSymbol(pDevExt, pSession, pReq);
1264 return 0;
1265 }
1266
1267 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CALL_VMMR0(0)):
1268 {
1269 /* validate */
1270 PSUPCALLVMMR0 pReq = (PSUPCALLVMMR0)pReqHdr;
1271 Log4(("SUP_IOCTL_CALL_VMMR0: op=%u in=%u arg=%RX64 p/t=%RTproc/%RTthrd\n",
1272 pReq->u.In.uOperation, pReq->Hdr.cbIn, pReq->u.In.u64Arg, RTProcSelf(), RTThreadNativeSelf()));
1273
1274 if (pReq->Hdr.cbIn == SUP_IOCTL_CALL_VMMR0_SIZE(0))
1275 {
1276 REQ_CHECK_SIZES_EX(SUP_IOCTL_CALL_VMMR0, SUP_IOCTL_CALL_VMMR0_SIZE_IN(0), SUP_IOCTL_CALL_VMMR0_SIZE_OUT(0));
1277
1278 /* execute */
1279 if (RT_LIKELY(pDevExt->pfnVMMR0EntryEx))
1280#ifdef RT_WITH_W64_UNWIND_HACK
1281 pReq->Hdr.rc = supdrvNtWrapVMMR0EntryEx((PFNRT)pDevExt->pfnVMMR0EntryEx, pReq->u.In.pVMR0, pReq->u.In.uOperation, NULL, pReq->u.In.u64Arg, pSession);
1282#else
1283 pReq->Hdr.rc = pDevExt->pfnVMMR0EntryEx(pReq->u.In.pVMR0, pReq->u.In.uOperation, NULL, pReq->u.In.u64Arg, pSession);
1284#endif
1285 else
1286 pReq->Hdr.rc = VERR_WRONG_ORDER;
1287 }
1288 else
1289 {
1290 PSUPVMMR0REQHDR pVMMReq = (PSUPVMMR0REQHDR)&pReq->abReqPkt[0];
1291 REQ_CHECK_EXPR_FMT(pReq->Hdr.cbIn >= SUP_IOCTL_CALL_VMMR0_SIZE(sizeof(SUPVMMR0REQHDR)),
1292 ("SUP_IOCTL_CALL_VMMR0: cbIn=%#x < %#lx\n", pReq->Hdr.cbIn, SUP_IOCTL_CALL_VMMR0_SIZE(sizeof(SUPVMMR0REQHDR))));
1293 REQ_CHECK_EXPR(SUP_IOCTL_CALL_VMMR0, pVMMReq->u32Magic == SUPVMMR0REQHDR_MAGIC);
1294 REQ_CHECK_SIZES_EX(SUP_IOCTL_CALL_VMMR0, SUP_IOCTL_CALL_VMMR0_SIZE_IN(pVMMReq->cbReq), SUP_IOCTL_CALL_VMMR0_SIZE_OUT(pVMMReq->cbReq));
1295
1296 /* execute */
1297 if (RT_LIKELY(pDevExt->pfnVMMR0EntryEx))
1298#ifdef RT_WITH_W64_UNWIND_HACK
1299 pReq->Hdr.rc = supdrvNtWrapVMMR0EntryEx((PFNRT)pDevExt->pfnVMMR0EntryEx, pReq->u.In.pVMR0, pReq->u.In.uOperation, pVMMReq, pReq->u.In.u64Arg, pSession);
1300#else
1301 pReq->Hdr.rc = pDevExt->pfnVMMR0EntryEx(pReq->u.In.pVMR0, pReq->u.In.uOperation, pVMMReq, pReq->u.In.u64Arg, pSession);
1302#endif
1303 else
1304 pReq->Hdr.rc = VERR_WRONG_ORDER;
1305 }
1306
1307 if ( RT_FAILURE(pReq->Hdr.rc)
1308 && pReq->Hdr.rc != VERR_INTERRUPTED
1309 && pReq->Hdr.rc != VERR_TIMEOUT)
1310 Log(("SUP_IOCTL_CALL_VMMR0: rc=%Rrc op=%u out=%u arg=%RX64 p/t=%RTproc/%RTthrd\n",
1311 pReq->Hdr.rc, pReq->u.In.uOperation, pReq->Hdr.cbOut, pReq->u.In.u64Arg, RTProcSelf(), RTThreadNativeSelf()));
1312 else
1313 Log4(("SUP_IOCTL_CALL_VMMR0: rc=%Rrc op=%u out=%u arg=%RX64 p/t=%RTproc/%RTthrd\n",
1314 pReq->Hdr.rc, pReq->u.In.uOperation, pReq->Hdr.cbOut, pReq->u.In.u64Arg, RTProcSelf(), RTThreadNativeSelf()));
1315 return 0;
1316 }
1317
1318 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GET_PAGING_MODE):
1319 {
1320 /* validate */
1321 PSUPGETPAGINGMODE pReq = (PSUPGETPAGINGMODE)pReqHdr;
1322 REQ_CHECK_SIZES(SUP_IOCTL_GET_PAGING_MODE);
1323
1324 /* execute */
1325 pReq->Hdr.rc = VINF_SUCCESS;
1326 pReq->u.Out.enmMode = supdrvIOCtl_GetPagingMode();
1327 return 0;
1328 }
1329
1330 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LOW_ALLOC):
1331 {
1332 /* validate */
1333 PSUPLOWALLOC pReq = (PSUPLOWALLOC)pReqHdr;
1334 REQ_CHECK_EXPR(SUP_IOCTL_LOW_ALLOC, pReq->Hdr.cbIn <= SUP_IOCTL_LOW_ALLOC_SIZE_IN);
1335 REQ_CHECK_SIZES_EX(SUP_IOCTL_LOW_ALLOC, SUP_IOCTL_LOW_ALLOC_SIZE_IN, SUP_IOCTL_LOW_ALLOC_SIZE_OUT(pReq->u.In.cPages));
1336
1337 /* execute */
1338 pReq->Hdr.rc = SUPR0LowAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR0, &pReq->u.Out.pvR3, &pReq->u.Out.aPages[0]);
1339 if (RT_FAILURE(pReq->Hdr.rc))
1340 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
1341 return 0;
1342 }
1343
1344 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LOW_FREE):
1345 {
1346 /* validate */
1347 PSUPLOWFREE pReq = (PSUPLOWFREE)pReqHdr;
1348 REQ_CHECK_SIZES(SUP_IOCTL_LOW_FREE);
1349
1350 /* execute */
1351 pReq->Hdr.rc = SUPR0LowFree(pSession, (RTHCUINTPTR)pReq->u.In.pvR3);
1352 return 0;
1353 }
1354
1355 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GIP_MAP):
1356 {
1357 /* validate */
1358 PSUPGIPMAP pReq = (PSUPGIPMAP)pReqHdr;
1359 REQ_CHECK_SIZES(SUP_IOCTL_GIP_MAP);
1360
1361 /* execute */
1362 pReq->Hdr.rc = SUPR0GipMap(pSession, &pReq->u.Out.pGipR3, &pReq->u.Out.HCPhysGip);
1363 if (RT_SUCCESS(pReq->Hdr.rc))
1364 pReq->u.Out.pGipR0 = pDevExt->pGip;
1365 return 0;
1366 }
1367
1368 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GIP_UNMAP):
1369 {
1370 /* validate */
1371 PSUPGIPUNMAP pReq = (PSUPGIPUNMAP)pReqHdr;
1372 REQ_CHECK_SIZES(SUP_IOCTL_GIP_UNMAP);
1373
1374 /* execute */
1375 pReq->Hdr.rc = SUPR0GipUnmap(pSession);
1376 return 0;
1377 }
1378
1379 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_SET_VM_FOR_FAST):
1380 {
1381 /* validate */
1382 PSUPSETVMFORFAST pReq = (PSUPSETVMFORFAST)pReqHdr;
1383 REQ_CHECK_SIZES(SUP_IOCTL_SET_VM_FOR_FAST);
1384 REQ_CHECK_EXPR_FMT( !pReq->u.In.pVMR0
1385 || ( VALID_PTR(pReq->u.In.pVMR0)
1386 && !((uintptr_t)pReq->u.In.pVMR0 & (PAGE_SIZE - 1))),
1387 ("SUP_IOCTL_SET_VM_FOR_FAST: pVMR0=%p!\n", pReq->u.In.pVMR0));
1388 /* execute */
1389 pSession->pVM = pReq->u.In.pVMR0;
1390 pReq->Hdr.rc = VINF_SUCCESS;
1391 return 0;
1392 }
1393
1394 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_ALLOC):
1395 {
1396 /* validate */
1397 PSUPPAGEALLOC pReq = (PSUPPAGEALLOC)pReqHdr;
1398 REQ_CHECK_EXPR(SUP_IOCTL_PAGE_ALLOC, pReq->Hdr.cbIn <= SUP_IOCTL_PAGE_ALLOC_SIZE_IN);
1399 REQ_CHECK_SIZES_EX(SUP_IOCTL_PAGE_ALLOC, SUP_IOCTL_PAGE_ALLOC_SIZE_IN, SUP_IOCTL_PAGE_ALLOC_SIZE_OUT(pReq->u.In.cPages));
1400
1401 /* execute */
1402 pReq->Hdr.rc = SUPR0PageAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR3, &pReq->u.Out.aPages[0]);
1403 if (RT_FAILURE(pReq->Hdr.rc))
1404 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
1405 return 0;
1406 }
1407
1408 case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_FREE):
1409 {
1410 /* validate */
1411 PSUPPAGEFREE pReq = (PSUPPAGEFREE)pReqHdr;
1412 REQ_CHECK_SIZES(SUP_IOCTL_PAGE_FREE);
1413
1414 /* execute */
1415 pReq->Hdr.rc = SUPR0PageFree(pSession, pReq->u.In.pvR3);
1416 return 0;
1417 }
1418
1419 default:
1420 Log(("Unknown IOCTL %#lx\n", (long)uIOCtl));
1421 break;
1422 }
1423 return SUPDRV_ERR_GENERAL_FAILURE;
1424}
1425
1426
1427/**
1428 * Inter-Driver Communcation (IDC) worker.
1429 *
1430 * @returns VBox status code.
1431 * @retval VINF_SUCCESS on success.
1432 * @retval VERR_INVALID_PARAMETER if the request is invalid.
1433 * @retval VERR_NOT_SUPPORTED if the request isn't supported.
1434 *
1435 * @param uReq The request (function) code.
1436 * @param pDevExt Device extention.
1437 * @param pSession Session data.
1438 * @param pReqHdr The request header.
1439 */
1440int VBOXCALL supdrvIDC(uintptr_t uReq, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVIDCREQHDR pReqHdr)
1441{
1442 /*
1443 * The OS specific code has already validated the pSession
1444 * pointer, and the request size being greater or equal to
1445 * size of the header.
1446 *
1447 * So, just check that pSession is a kernel context session.
1448 */
1449 if (RT_UNLIKELY( pSession
1450 && pSession->R0Process != NIL_RTR0PROCESS))
1451 return VERR_INVALID_PARAMETER;
1452
1453/*
1454 * Validation macro.
1455 */
1456#define REQ_CHECK_IDC_SIZE(Name, cbExpect) \
1457 do { \
1458 if (RT_UNLIKELY(pReqHdr->cb != (cbExpect))) \
1459 { \
1460 OSDBGPRINT(( #Name ": Invalid input/output sizes. cb=%ld expected %ld.\n", \
1461 (long)pReqHdr->cb, (long)(cbExpect))); \
1462 return pReqHdr->rc = VERR_INVALID_PARAMETER; \
1463 } \
1464 } while (0)
1465
1466 switch (uReq)
1467 {
1468 case SUPDRV_IDC_REQ_CONNECT:
1469 {
1470 PSUPDRVIDCREQCONNECT pReq = (PSUPDRVIDCREQCONNECT)pReqHdr;
1471 REQ_CHECK_IDC_SIZE(SUPDRV_IDC_REQ_CONNECT, sizeof(*pReq));
1472
1473 /*
1474 * Validate the cookie and other input.
1475 */
1476 if (pReq->Hdr.pSession != NULL)
1477 {
1478 OSDBGPRINT(("SUPDRV_IDC_REQ_CONNECT: pSession=%p expected NULL!\n", pReq->Hdr.pSession));
1479 return pReqHdr->rc = VERR_INVALID_PARAMETER;
1480 }
1481 if (pReq->u.In.u32MagicCookie != SUPDRVIDCREQ_CONNECT_MAGIC_COOKIE)
1482 {
1483 OSDBGPRINT(("SUPDRV_IDC_REQ_CONNECT: u32MagicCookie=%#x expected %#x!\n",
1484 pReq->u.In.u32MagicCookie, SUPDRVIDCREQ_CONNECT_MAGIC_COOKIE));
1485 return pReqHdr->rc = VERR_INVALID_PARAMETER;
1486 }
1487 if ( pReq->u.In.uMinVersion > pReq->u.In.uReqVersion
1488 || (pReq->u.In.uMinVersion & UINT32_C(0xffff0000)) != (pReq->u.In.uReqVersion & UINT32_C(0xffff0000)))
1489 {
1490 OSDBGPRINT(("SUPDRV_IDC_REQ_CONNECT: uMinVersion=%#x uMaxVersion=%#x doesn't match!\n",
1491 pReq->u.In.uMinVersion, pReq->u.In.uReqVersion));
1492 return pReqHdr->rc = VERR_INVALID_PARAMETER;
1493 }
1494
1495 /*
1496 * Match the version.
1497 * The current logic is very simple, match the major interface version.
1498 */
1499 if ( pReq->u.In.uMinVersion > SUPDRV_IDC_VERSION
1500 || (pReq->u.In.uMinVersion & 0xffff0000) != (SUPDRV_IDC_VERSION & 0xffff0000))
1501 {
1502 OSDBGPRINT(("SUPDRV_IDC_REQ_CONNECT: Version mismatch. Requested: %#x Min: %#x Current: %#x\n",
1503 pReq->u.In.uReqVersion, pReq->u.In.uMinVersion, SUPDRV_IDC_VERSION));
1504 pReq->u.Out.pSession = NULL;
1505 pReq->u.Out.uSessionVersion = 0xffffffff;
1506 pReq->u.Out.uDriverVersion = SUPDRV_IDC_VERSION;
1507 pReq->u.Out.uDriverRevision = VBOX_SVN_REV;
1508 pReq->Hdr.rc = VERR_VERSION_MISMATCH;
1509 return VINF_SUCCESS;
1510 }
1511
1512 pReq->u.Out.pSession = NULL;
1513 pReq->u.Out.uSessionVersion = SUPDRV_IDC_VERSION;
1514 pReq->u.Out.uDriverVersion = SUPDRV_IDC_VERSION;
1515 pReq->u.Out.uDriverRevision = VBOX_SVN_REV;
1516
1517 /*
1518 * On NT we will already have a session associated with the
1519 * client, just like with the SUP_IOCTL_COOKIE request, while
1520 * the other doesn't.
1521 */
1522#ifdef RT_OS_WINDOWS
1523 pReq->Hdr.rc = VINF_SUCCESS;
1524#else
1525 AssertReturn(!pSession, VERR_INTERNAL_ERROR);
1526 pReq->Hdr.rc = supdrvCreateSession(pDevExt, false /* fUser */, &pSession);
1527 if (RT_FAILURE(pReq->Hdr.rc))
1528 {
1529 OSDBGPRINT(("SUPDRV_IDC_REQ_CONNECT: failed to create session, rc=%d\n", pReq->Hdr.rc));
1530 return VINF_SUCCESS;
1531 }
1532#endif
1533
1534 pReq->u.Out.pSession = pSession;
1535 pReq->Hdr.pSession = pSession;
1536
1537 return VINF_SUCCESS;
1538 }
1539
1540 case SUPDRV_IDC_REQ_DISCONNECT:
1541 {
1542 REQ_CHECK_IDC_SIZE(SUPDRV_IDC_REQ_DISCONNECT, sizeof(*pReqHdr));
1543
1544#ifdef RT_OS_WINDOWS
1545 /* Windows will destroy the session when the file object is destroyed. */
1546#else
1547 supdrvCloseSession(pDevExt, pSession);
1548#endif
1549 return pReqHdr->rc = VINF_SUCCESS;
1550 }
1551
1552 case SUPDRV_IDC_REQ_GET_SYMBOL:
1553 {
1554 PSUPDRVIDCREQGETSYM pReq = (PSUPDRVIDCREQGETSYM)pReqHdr;
1555 REQ_CHECK_IDC_SIZE(SUPDRV_IDC_REQ_GET_SYMBOL, sizeof(*pReq));
1556
1557 pReq->Hdr.rc = supdrvIDC_LdrGetSymbol(pDevExt, pSession, pReq);
1558 return VINF_SUCCESS;
1559 }
1560
1561 case SUPDRV_IDC_REQ_COMPONENT_REGISTER_FACTORY:
1562 {
1563 PSUPDRVIDCREQCOMPREGFACTORY pReq = (PSUPDRVIDCREQCOMPREGFACTORY)pReqHdr;
1564 REQ_CHECK_IDC_SIZE(SUPDRV_IDC_REQ_COMPONENT_REGISTER_FACTORY, sizeof(*pReq));
1565
1566 pReq->Hdr.rc = SUPR0ComponentRegisterFactory(pSession, pReq->u.In.pFactory);
1567 return VINF_SUCCESS;
1568 }
1569
1570 case SUPDRV_IDC_REQ_COMPONENT_DEREGISTER_FACTORY:
1571 {
1572 PSUPDRVIDCREQCOMPDEREGFACTORY pReq = (PSUPDRVIDCREQCOMPDEREGFACTORY)pReqHdr;
1573 REQ_CHECK_IDC_SIZE(SUPDRV_IDC_REQ_COMPONENT_DEREGISTER_FACTORY, sizeof(*pReq));
1574
1575 pReq->Hdr.rc = SUPR0ComponentDeregisterFactory(pSession, pReq->u.In.pFactory);
1576 return VINF_SUCCESS;
1577 }
1578
1579 default:
1580 Log(("Unknown IDC %#lx\n", (long)uReq));
1581 break;
1582 }
1583
1584#undef REQ_CHECK_IDC_SIZE
1585 return VERR_NOT_SUPPORTED;
1586}
1587
1588
1589/**
1590 * Register a object for reference counting.
1591 * The object is registered with one reference in the specified session.
1592 *
1593 * @returns Unique identifier on success (pointer).
1594 * All future reference must use this identifier.
1595 * @returns NULL on failure.
1596 * @param pfnDestructor The destructore function which will be called when the reference count reaches 0.
1597 * @param pvUser1 The first user argument.
1598 * @param pvUser2 The second user argument.
1599 */
1600SUPR0DECL(void *) SUPR0ObjRegister(PSUPDRVSESSION pSession, SUPDRVOBJTYPE enmType, PFNSUPDRVDESTRUCTOR pfnDestructor, void *pvUser1, void *pvUser2)
1601{
1602 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
1603 PSUPDRVDEVEXT pDevExt = pSession->pDevExt;
1604 PSUPDRVOBJ pObj;
1605 PSUPDRVUSAGE pUsage;
1606
1607 /*
1608 * Validate the input.
1609 */
1610 AssertReturn(SUP_IS_SESSION_VALID(pSession), NULL);
1611 AssertReturn(enmType > SUPDRVOBJTYPE_INVALID && enmType < SUPDRVOBJTYPE_END, NULL);
1612 AssertPtrReturn(pfnDestructor, NULL);
1613
1614 /*
1615 * Allocate and initialize the object.
1616 */
1617 pObj = (PSUPDRVOBJ)RTMemAlloc(sizeof(*pObj));
1618 if (!pObj)
1619 return NULL;
1620 pObj->u32Magic = SUPDRVOBJ_MAGIC;
1621 pObj->enmType = enmType;
1622 pObj->pNext = NULL;
1623 pObj->cUsage = 1;
1624 pObj->pfnDestructor = pfnDestructor;
1625 pObj->pvUser1 = pvUser1;
1626 pObj->pvUser2 = pvUser2;
1627 pObj->CreatorUid = pSession->Uid;
1628 pObj->CreatorGid = pSession->Gid;
1629 pObj->CreatorProcess= pSession->Process;
1630 supdrvOSObjInitCreator(pObj, pSession);
1631
1632 /*
1633 * Allocate the usage record.
1634 * (We keep freed usage records around to simplify SUPR0ObjAddRef().)
1635 */
1636 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
1637
1638 pUsage = pDevExt->pUsageFree;
1639 if (pUsage)
1640 pDevExt->pUsageFree = pUsage->pNext;
1641 else
1642 {
1643 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1644 pUsage = (PSUPDRVUSAGE)RTMemAlloc(sizeof(*pUsage));
1645 if (!pUsage)
1646 {
1647 RTMemFree(pObj);
1648 return NULL;
1649 }
1650 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
1651 }
1652
1653 /*
1654 * Insert the object and create the session usage record.
1655 */
1656 /* The object. */
1657 pObj->pNext = pDevExt->pObjs;
1658 pDevExt->pObjs = pObj;
1659
1660 /* The session record. */
1661 pUsage->cUsage = 1;
1662 pUsage->pObj = pObj;
1663 pUsage->pNext = pSession->pUsage;
1664 /* Log2(("SUPR0ObjRegister: pUsage=%p:{.pObj=%p, .pNext=%p}\n", pUsage, pUsage->pObj, pUsage->pNext)); */
1665 pSession->pUsage = pUsage;
1666
1667 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1668
1669 Log(("SUPR0ObjRegister: returns %p (pvUser1=%p, pvUser=%p)\n", pObj, pvUser1, pvUser2));
1670 return pObj;
1671}
1672
1673
1674/**
1675 * Increment the reference counter for the object associating the reference
1676 * with the specified session.
1677 *
1678 * @returns IPRT status code.
1679 * @param pvObj The identifier returned by SUPR0ObjRegister().
1680 * @param pSession The session which is referencing the object.
1681 *
1682 * @remarks The caller should not own any spinlocks and must carefully protect
1683 * itself against potential race with the destructor so freed memory
1684 * isn't accessed here.
1685 */
1686SUPR0DECL(int) SUPR0ObjAddRef(void *pvObj, PSUPDRVSESSION pSession)
1687{
1688 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
1689 PSUPDRVDEVEXT pDevExt = pSession->pDevExt;
1690 PSUPDRVOBJ pObj = (PSUPDRVOBJ)pvObj;
1691 PSUPDRVUSAGE pUsagePre;
1692 PSUPDRVUSAGE pUsage;
1693
1694 /*
1695 * Validate the input.
1696 * Be ready for the destruction race (someone might be stuck in the
1697 * destructor waiting a lock we own).
1698 */
1699 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
1700 AssertPtrReturn(pObj, VERR_INVALID_POINTER);
1701 AssertMsgReturn(pObj->u32Magic == SUPDRVOBJ_MAGIC || pObj->u32Magic == SUPDRVOBJ_MAGIC + 1,
1702 ("Invalid pvObj=%p magic=%#x (expected %#x or %#x)\n", pvObj, pObj->u32Magic, SUPDRVOBJ_MAGIC, SUPDRVOBJ_MAGIC + 1),
1703 VERR_INVALID_PARAMETER);
1704
1705 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
1706
1707 if (RT_UNLIKELY(pObj->u32Magic != SUPDRVOBJ_MAGIC))
1708 {
1709 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1710
1711 AssertMsgFailed(("pvObj=%p magic=%#x\n", pvObj, pObj->u32Magic));
1712 return VERR_WRONG_ORDER;
1713 }
1714
1715 /*
1716 * Preallocate the usage record.
1717 */
1718 pUsagePre = pDevExt->pUsageFree;
1719 if (pUsagePre)
1720 pDevExt->pUsageFree = pUsagePre->pNext;
1721 else
1722 {
1723 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1724 pUsagePre = (PSUPDRVUSAGE)RTMemAlloc(sizeof(*pUsagePre));
1725 if (!pUsagePre)
1726 return VERR_NO_MEMORY;
1727
1728 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
1729 }
1730
1731 /*
1732 * Reference the object.
1733 */
1734 pObj->cUsage++;
1735
1736 /*
1737 * Look for the session record.
1738 */
1739 for (pUsage = pSession->pUsage; pUsage; pUsage = pUsage->pNext)
1740 {
1741 /*Log(("SUPR0AddRef: pUsage=%p:{.pObj=%p, .pNext=%p}\n", pUsage, pUsage->pObj, pUsage->pNext));*/
1742 if (pUsage->pObj == pObj)
1743 break;
1744 }
1745 if (pUsage)
1746 pUsage->cUsage++;
1747 else
1748 {
1749 /* create a new session record. */
1750 pUsagePre->cUsage = 1;
1751 pUsagePre->pObj = pObj;
1752 pUsagePre->pNext = pSession->pUsage;
1753 pSession->pUsage = pUsagePre;
1754 /*Log(("SUPR0AddRef: pUsagePre=%p:{.pObj=%p, .pNext=%p}\n", pUsagePre, pUsagePre->pObj, pUsagePre->pNext));*/
1755
1756 pUsagePre = NULL;
1757 }
1758
1759 /*
1760 * Put any unused usage record into the free list..
1761 */
1762 if (pUsagePre)
1763 {
1764 pUsagePre->pNext = pDevExt->pUsageFree;
1765 pDevExt->pUsageFree = pUsagePre;
1766 }
1767
1768 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1769
1770 return VINF_SUCCESS;
1771}
1772
1773
1774/**
1775 * Decrement / destroy a reference counter record for an object.
1776 *
1777 * The object is uniquely identified by pfnDestructor+pvUser1+pvUser2.
1778 *
1779 * @returns IPRT status code.
1780 * @param pvObj The identifier returned by SUPR0ObjRegister().
1781 * @param pSession The session which is referencing the object.
1782 */
1783SUPR0DECL(int) SUPR0ObjRelease(void *pvObj, PSUPDRVSESSION pSession)
1784{
1785 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
1786 PSUPDRVDEVEXT pDevExt = pSession->pDevExt;
1787 PSUPDRVOBJ pObj = (PSUPDRVOBJ)pvObj;
1788 bool fDestroy = false;
1789 PSUPDRVUSAGE pUsage;
1790 PSUPDRVUSAGE pUsagePrev;
1791
1792 /*
1793 * Validate the input.
1794 */
1795 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
1796 AssertMsgReturn(VALID_PTR(pObj) && pObj->u32Magic == SUPDRVOBJ_MAGIC,
1797 ("Invalid pvObj=%p magic=%#x (exepcted %#x)\n", pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC),
1798 VERR_INVALID_PARAMETER);
1799
1800 /*
1801 * Acquire the spinlock and look for the usage record.
1802 */
1803 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
1804
1805 for (pUsagePrev = NULL, pUsage = pSession->pUsage;
1806 pUsage;
1807 pUsagePrev = pUsage, pUsage = pUsage->pNext)
1808 {
1809 /*Log2(("SUPR0ObjRelease: pUsage=%p:{.pObj=%p, .pNext=%p}\n", pUsage, pUsage->pObj, pUsage->pNext));*/
1810 if (pUsage->pObj == pObj)
1811 {
1812 AssertMsg(pUsage->cUsage >= 1 && pObj->cUsage >= pUsage->cUsage, ("glob %d; sess %d\n", pObj->cUsage, pUsage->cUsage));
1813 if (pUsage->cUsage > 1)
1814 {
1815 pObj->cUsage--;
1816 pUsage->cUsage--;
1817 }
1818 else
1819 {
1820 /*
1821 * Free the session record.
1822 */
1823 if (pUsagePrev)
1824 pUsagePrev->pNext = pUsage->pNext;
1825 else
1826 pSession->pUsage = pUsage->pNext;
1827 pUsage->pNext = pDevExt->pUsageFree;
1828 pDevExt->pUsageFree = pUsage;
1829
1830 /* What about the object? */
1831 if (pObj->cUsage > 1)
1832 pObj->cUsage--;
1833 else
1834 {
1835 /*
1836 * Object is to be destroyed, unlink it.
1837 */
1838 pObj->u32Magic = SUPDRVOBJ_MAGIC + 1;
1839 fDestroy = true;
1840 if (pDevExt->pObjs == pObj)
1841 pDevExt->pObjs = pObj->pNext;
1842 else
1843 {
1844 PSUPDRVOBJ pObjPrev;
1845 for (pObjPrev = pDevExt->pObjs; pObjPrev; pObjPrev = pObjPrev->pNext)
1846 if (pObjPrev->pNext == pObj)
1847 {
1848 pObjPrev->pNext = pObj->pNext;
1849 break;
1850 }
1851 Assert(pObjPrev);
1852 }
1853 }
1854 }
1855 break;
1856 }
1857 }
1858
1859 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
1860
1861 /*
1862 * Call the destructor and free the object if required.
1863 */
1864 if (fDestroy)
1865 {
1866 Log(("SUPR0ObjRelease: destroying %p/%d (%p/%p) cpid=%RTproc pid=%RTproc dtor=%p\n",
1867 pObj, pObj->enmType, pObj->pvUser1, pObj->pvUser2, pObj->CreatorProcess, RTProcSelf(), pObj->pfnDestructor));
1868 if (pObj->pfnDestructor)
1869#ifdef RT_WITH_W64_UNWIND_HACK
1870 supdrvNtWrapObjDestructor((PFNRT)pObj->pfnDestructor, pObj, pObj->pvUser1, pObj->pvUser2);
1871#else
1872 pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
1873#endif
1874 RTMemFree(pObj);
1875 }
1876
1877 AssertMsg(pUsage, ("pvObj=%p\n", pvObj));
1878 return pUsage ? VINF_SUCCESS : VERR_INVALID_PARAMETER;
1879}
1880
1881/**
1882 * Verifies that the current process can access the specified object.
1883 *
1884 * @returns The following IPRT status code:
1885 * @retval VINF_SUCCESS if access was granted.
1886 * @retval VERR_PERMISSION_DENIED if denied access.
1887 * @retval VERR_INVALID_PARAMETER if invalid parameter.
1888 *
1889 * @param pvObj The identifier returned by SUPR0ObjRegister().
1890 * @param pSession The session which wishes to access the object.
1891 * @param pszObjName Object string name. This is optional and depends on the object type.
1892 *
1893 * @remark The caller is responsible for making sure the object isn't removed while
1894 * we're inside this function. If uncertain about this, just call AddRef before calling us.
1895 */
1896SUPR0DECL(int) SUPR0ObjVerifyAccess(void *pvObj, PSUPDRVSESSION pSession, const char *pszObjName)
1897{
1898 PSUPDRVOBJ pObj = (PSUPDRVOBJ)pvObj;
1899 int rc;
1900
1901 /*
1902 * Validate the input.
1903 */
1904 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
1905 AssertMsgReturn(VALID_PTR(pObj) && pObj->u32Magic == SUPDRVOBJ_MAGIC,
1906 ("Invalid pvObj=%p magic=%#x (exepcted %#x)\n", pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC),
1907 VERR_INVALID_PARAMETER);
1908
1909 /*
1910 * Check access. (returns true if a decision has been made.)
1911 */
1912 rc = VERR_INTERNAL_ERROR;
1913 if (supdrvOSObjCanAccess(pObj, pSession, pszObjName, &rc))
1914 return rc;
1915
1916 /*
1917 * Default policy is to allow the user to access his own
1918 * stuff but nothing else.
1919 */
1920 if (pObj->CreatorUid == pSession->Uid)
1921 return VINF_SUCCESS;
1922 return VERR_PERMISSION_DENIED;
1923}
1924
1925
1926/**
1927 * Lock pages.
1928 *
1929 * @returns IPRT status code.
1930 * @param pSession Session to which the locked memory should be associated.
1931 * @param pvR3 Start of the memory range to lock.
1932 * This must be page aligned.
1933 * @param cb Size of the memory range to lock.
1934 * This must be page aligned.
1935 */
1936SUPR0DECL(int) SUPR0LockMem(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages)
1937{
1938 int rc;
1939 SUPDRVMEMREF Mem = {0};
1940 const size_t cb = (size_t)cPages << PAGE_SHIFT;
1941 LogFlow(("SUPR0LockMem: pSession=%p pvR3=%p cPages=%d paPages=%p\n", pSession, (void *)pvR3, cPages, paPages));
1942
1943 /*
1944 * Verify input.
1945 */
1946 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
1947 AssertPtrReturn(paPages, VERR_INVALID_PARAMETER);
1948 if ( RT_ALIGN_R3PT(pvR3, PAGE_SIZE, RTR3PTR) != pvR3
1949 || !pvR3)
1950 {
1951 Log(("pvR3 (%p) must be page aligned and not NULL!\n", (void *)pvR3));
1952 return VERR_INVALID_PARAMETER;
1953 }
1954
1955#ifdef RT_OS_WINDOWS /* A temporary hack for windows, will be removed once all ring-3 code has been cleaned up. */
1956 /* First check if we allocated it using SUPPageAlloc; if so then we don't need to lock it again */
1957 rc = supdrvPageGetPhys(pSession, pvR3, cPages, paPages);
1958 if (RT_SUCCESS(rc))
1959 return rc;
1960#endif
1961
1962 /*
1963 * Let IPRT do the job.
1964 */
1965 Mem.eType = MEMREF_TYPE_LOCKED;
1966 rc = RTR0MemObjLockUser(&Mem.MemObj, pvR3, cb, RTR0ProcHandleSelf());
1967 if (RT_SUCCESS(rc))
1968 {
1969 uint32_t iPage = cPages;
1970 AssertMsg(RTR0MemObjAddressR3(Mem.MemObj) == pvR3, ("%p == %p\n", RTR0MemObjAddressR3(Mem.MemObj), pvR3));
1971 AssertMsg(RTR0MemObjSize(Mem.MemObj) == cb, ("%x == %x\n", RTR0MemObjSize(Mem.MemObj), cb));
1972
1973 while (iPage-- > 0)
1974 {
1975 paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
1976 if (RT_UNLIKELY(paPages[iPage] == NIL_RTCCPHYS))
1977 {
1978 AssertMsgFailed(("iPage=%d\n", iPage));
1979 rc = VERR_INTERNAL_ERROR;
1980 break;
1981 }
1982 }
1983 if (RT_SUCCESS(rc))
1984 rc = supdrvMemAdd(&Mem, pSession);
1985 if (RT_FAILURE(rc))
1986 {
1987 int rc2 = RTR0MemObjFree(Mem.MemObj, false);
1988 AssertRC(rc2);
1989 }
1990 }
1991
1992 return rc;
1993}
1994
1995
1996/**
1997 * Unlocks the memory pointed to by pv.
1998 *
1999 * @returns IPRT status code.
2000 * @param pSession Session to which the memory was locked.
2001 * @param pvR3 Memory to unlock.
2002 */
2003SUPR0DECL(int) SUPR0UnlockMem(PSUPDRVSESSION pSession, RTR3PTR pvR3)
2004{
2005 LogFlow(("SUPR0UnlockMem: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
2006 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2007#ifdef RT_OS_WINDOWS
2008 /*
2009 * Temporary hack for windows - SUPR0PageFree will unlock SUPR0PageAlloc
2010 * allocations; ignore this call.
2011 */
2012 if (supdrvPageWasLockedByPageAlloc(pSession, pvR3))
2013 {
2014 LogFlow(("Page will be unlocked in SUPR0PageFree -> ignore\n"));
2015 return VINF_SUCCESS;
2016 }
2017#endif
2018 return supdrvMemRelease(pSession, (RTHCUINTPTR)pvR3, MEMREF_TYPE_LOCKED);
2019}
2020
2021
2022/**
2023 * Allocates a chunk of page aligned memory with contiguous and fixed physical
2024 * backing.
2025 *
2026 * @returns IPRT status code.
2027 * @param pSession Session data.
2028 * @param cb Number of bytes to allocate.
2029 * @param ppvR0 Where to put the address of Ring-0 mapping the allocated memory.
2030 * @param ppvR3 Where to put the address of Ring-3 mapping the allocated memory.
2031 * @param pHCPhys Where to put the physical address of allocated memory.
2032 */
2033SUPR0DECL(int) SUPR0ContAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PRTHCPHYS pHCPhys)
2034{
2035 int rc;
2036 SUPDRVMEMREF Mem = {0};
2037 LogFlow(("SUPR0ContAlloc: pSession=%p cPages=%d ppvR0=%p ppvR3=%p pHCPhys=%p\n", pSession, cPages, ppvR0, ppvR3, pHCPhys));
2038
2039 /*
2040 * Validate input.
2041 */
2042 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2043 if (!ppvR3 || !ppvR0 || !pHCPhys)
2044 {
2045 Log(("Null pointer. All of these should be set: pSession=%p ppvR0=%p ppvR3=%p pHCPhys=%p\n",
2046 pSession, ppvR0, ppvR3, pHCPhys));
2047 return VERR_INVALID_PARAMETER;
2048
2049 }
2050 if (cPages < 1 || cPages >= 256)
2051 {
2052 Log(("Illegal request cPages=%d, must be greater than 0 and smaller than 256\n", cPages));
2053 return VERR_INVALID_PARAMETER;
2054 }
2055
2056 /*
2057 * Let IPRT do the job.
2058 */
2059 rc = RTR0MemObjAllocCont(&Mem.MemObj, cPages << PAGE_SHIFT, true /* executable R0 mapping */);
2060 if (RT_SUCCESS(rc))
2061 {
2062 int rc2;
2063 rc = RTR0MemObjMapUser(&Mem.MapObjR3, Mem.MemObj, (RTR3PTR)-1, 0,
2064 RTMEM_PROT_EXEC | RTMEM_PROT_WRITE | RTMEM_PROT_READ, RTR0ProcHandleSelf());
2065 if (RT_SUCCESS(rc))
2066 {
2067 Mem.eType = MEMREF_TYPE_CONT;
2068 rc = supdrvMemAdd(&Mem, pSession);
2069 if (!rc)
2070 {
2071 *ppvR0 = RTR0MemObjAddress(Mem.MemObj);
2072 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
2073 *pHCPhys = RTR0MemObjGetPagePhysAddr(Mem.MemObj, 0);
2074 return 0;
2075 }
2076
2077 rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
2078 AssertRC(rc2);
2079 }
2080 rc2 = RTR0MemObjFree(Mem.MemObj, false);
2081 AssertRC(rc2);
2082 }
2083
2084 return rc;
2085}
2086
2087
2088/**
2089 * Frees memory allocated using SUPR0ContAlloc().
2090 *
2091 * @returns IPRT status code.
2092 * @param pSession The session to which the memory was allocated.
2093 * @param uPtr Pointer to the memory (ring-3 or ring-0).
2094 */
2095SUPR0DECL(int) SUPR0ContFree(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr)
2096{
2097 LogFlow(("SUPR0ContFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
2098 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2099 return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_CONT);
2100}
2101
2102
2103/**
2104 * Allocates a chunk of page aligned memory with fixed physical backing below 4GB.
2105 *
2106 * The memory isn't zeroed.
2107 *
2108 * @returns IPRT status code.
2109 * @param pSession Session data.
2110 * @param cPages Number of pages to allocate.
2111 * @param ppvR0 Where to put the address of Ring-0 mapping of the allocated memory.
2112 * @param ppvR3 Where to put the address of Ring-3 mapping of the allocated memory.
2113 * @param paPages Where to put the physical addresses of allocated memory.
2114 */
2115SUPR0DECL(int) SUPR0LowAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PRTHCPHYS paPages)
2116{
2117 unsigned iPage;
2118 int rc;
2119 SUPDRVMEMREF Mem = {0};
2120 LogFlow(("SUPR0LowAlloc: pSession=%p cPages=%d ppvR3=%p ppvR0=%p paPages=%p\n", pSession, cPages, ppvR3, ppvR0, paPages));
2121
2122 /*
2123 * Validate input.
2124 */
2125 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2126 if (!ppvR3 || !ppvR0 || !paPages)
2127 {
2128 Log(("Null pointer. All of these should be set: pSession=%p ppvR3=%p ppvR0=%p paPages=%p\n",
2129 pSession, ppvR3, ppvR0, paPages));
2130 return VERR_INVALID_PARAMETER;
2131
2132 }
2133 if (cPages < 1 || cPages > 256)
2134 {
2135 Log(("Illegal request cPages=%d, must be greater than 0 and smaller than 256.\n", cPages));
2136 return VERR_INVALID_PARAMETER;
2137 }
2138
2139 /*
2140 * Let IPRT do the work.
2141 */
2142 rc = RTR0MemObjAllocLow(&Mem.MemObj, cPages << PAGE_SHIFT, true /* executable ring-0 mapping */);
2143 if (RT_SUCCESS(rc))
2144 {
2145 int rc2;
2146 rc = RTR0MemObjMapUser(&Mem.MapObjR3, Mem.MemObj, (RTR3PTR)-1, 0,
2147 RTMEM_PROT_EXEC | RTMEM_PROT_WRITE | RTMEM_PROT_READ, RTR0ProcHandleSelf());
2148 if (RT_SUCCESS(rc))
2149 {
2150 Mem.eType = MEMREF_TYPE_LOW;
2151 rc = supdrvMemAdd(&Mem, pSession);
2152 if (!rc)
2153 {
2154 for (iPage = 0; iPage < cPages; iPage++)
2155 {
2156 paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
2157 AssertMsg(!(paPages[iPage] & (PAGE_SIZE - 1)), ("iPage=%d Phys=%RHp\n", paPages[iPage]));
2158 }
2159 *ppvR0 = RTR0MemObjAddress(Mem.MemObj);
2160 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
2161 return 0;
2162 }
2163
2164 rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
2165 AssertRC(rc2);
2166 }
2167
2168 rc2 = RTR0MemObjFree(Mem.MemObj, false);
2169 AssertRC(rc2);
2170 }
2171
2172 return rc;
2173}
2174
2175
2176/**
2177 * Frees memory allocated using SUPR0LowAlloc().
2178 *
2179 * @returns IPRT status code.
2180 * @param pSession The session to which the memory was allocated.
2181 * @param uPtr Pointer to the memory (ring-3 or ring-0).
2182 */
2183SUPR0DECL(int) SUPR0LowFree(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr)
2184{
2185 LogFlow(("SUPR0LowFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
2186 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2187 return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_LOW);
2188}
2189
2190
2191
2192/**
2193 * Allocates a chunk of memory with both R0 and R3 mappings.
2194 * The memory is fixed and it's possible to query the physical addresses using SUPR0MemGetPhys().
2195 *
2196 * @returns IPRT status code.
2197 * @param pSession The session to associated the allocation with.
2198 * @param cb Number of bytes to allocate.
2199 * @param ppvR0 Where to store the address of the Ring-0 mapping.
2200 * @param ppvR3 Where to store the address of the Ring-3 mapping.
2201 */
2202SUPR0DECL(int) SUPR0MemAlloc(PSUPDRVSESSION pSession, uint32_t cb, PRTR0PTR ppvR0, PRTR3PTR ppvR3)
2203{
2204 int rc;
2205 SUPDRVMEMREF Mem = {0};
2206 LogFlow(("SUPR0MemAlloc: pSession=%p cb=%d ppvR0=%p ppvR3=%p\n", pSession, cb, ppvR0, ppvR3));
2207
2208 /*
2209 * Validate input.
2210 */
2211 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2212 AssertPtrReturn(ppvR0, VERR_INVALID_POINTER);
2213 AssertPtrReturn(ppvR3, VERR_INVALID_POINTER);
2214 if (cb < 1 || cb >= _4M)
2215 {
2216 Log(("Illegal request cb=%u; must be greater than 0 and smaller than 4MB.\n", cb));
2217 return VERR_INVALID_PARAMETER;
2218 }
2219
2220 /*
2221 * Let IPRT do the work.
2222 */
2223 rc = RTR0MemObjAllocPage(&Mem.MemObj, cb, true /* executable ring-0 mapping */);
2224 if (RT_SUCCESS(rc))
2225 {
2226 int rc2;
2227 rc = RTR0MemObjMapUser(&Mem.MapObjR3, Mem.MemObj, (RTR3PTR)-1, 0,
2228 RTMEM_PROT_EXEC | RTMEM_PROT_WRITE | RTMEM_PROT_READ, RTR0ProcHandleSelf());
2229 if (RT_SUCCESS(rc))
2230 {
2231 Mem.eType = MEMREF_TYPE_MEM;
2232 rc = supdrvMemAdd(&Mem, pSession);
2233 if (!rc)
2234 {
2235 *ppvR0 = RTR0MemObjAddress(Mem.MemObj);
2236 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
2237 return VINF_SUCCESS;
2238 }
2239 rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
2240 AssertRC(rc2);
2241 }
2242
2243 rc2 = RTR0MemObjFree(Mem.MemObj, false);
2244 AssertRC(rc2);
2245 }
2246
2247 return rc;
2248}
2249
2250
2251/**
2252 * Get the physical addresses of memory allocated using SUPR0MemAlloc().
2253 *
2254 * @returns IPRT status code.
2255 * @param pSession The session to which the memory was allocated.
2256 * @param uPtr The Ring-0 or Ring-3 address returned by SUPR0MemAlloc().
2257 * @param paPages Where to store the physical addresses.
2258 */
2259SUPR0DECL(int) SUPR0MemGetPhys(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, PSUPPAGE paPages) /** @todo switch this bugger to RTHCPHYS */
2260{
2261 PSUPDRVBUNDLE pBundle;
2262 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
2263 LogFlow(("SUPR0MemGetPhys: pSession=%p uPtr=%p paPages=%p\n", pSession, (void *)uPtr, paPages));
2264
2265 /*
2266 * Validate input.
2267 */
2268 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2269 AssertPtrReturn(paPages, VERR_INVALID_POINTER);
2270 AssertReturn(uPtr, VERR_INVALID_PARAMETER);
2271
2272 /*
2273 * Search for the address.
2274 */
2275 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2276 for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
2277 {
2278 if (pBundle->cUsed > 0)
2279 {
2280 unsigned i;
2281 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
2282 {
2283 if ( pBundle->aMem[i].eType == MEMREF_TYPE_MEM
2284 && pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
2285 && ( (RTHCUINTPTR)RTR0MemObjAddress(pBundle->aMem[i].MemObj) == uPtr
2286 || ( pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
2287 && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == uPtr)
2288 )
2289 )
2290 {
2291 const size_t cPages = RTR0MemObjSize(pBundle->aMem[i].MemObj) >> PAGE_SHIFT;
2292 size_t iPage;
2293 for (iPage = 0; iPage < cPages; iPage++)
2294 {
2295 paPages[iPage].Phys = RTR0MemObjGetPagePhysAddr(pBundle->aMem[i].MemObj, iPage);
2296 paPages[iPage].uReserved = 0;
2297 }
2298 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2299 return VINF_SUCCESS;
2300 }
2301 }
2302 }
2303 }
2304 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2305 Log(("Failed to find %p!!!\n", (void *)uPtr));
2306 return VERR_INVALID_PARAMETER;
2307}
2308
2309
2310/**
2311 * Free memory allocated by SUPR0MemAlloc().
2312 *
2313 * @returns IPRT status code.
2314 * @param pSession The session owning the allocation.
2315 * @param uPtr The Ring-0 or Ring-3 address returned by SUPR0MemAlloc().
2316 */
2317SUPR0DECL(int) SUPR0MemFree(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr)
2318{
2319 LogFlow(("SUPR0MemFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
2320 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2321 return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_MEM);
2322}
2323
2324
2325/**
2326 * Allocates a chunk of memory with only a R3 mappings.
2327 * The memory is fixed and it's possible to query the physical addresses using SUPR0MemGetPhys().
2328 *
2329 * @returns IPRT status code.
2330 * @param pSession The session to associated the allocation with.
2331 * @param cPages The number of pages to allocate.
2332 * @param ppvR3 Where to store the address of the Ring-3 mapping.
2333 * @param paPages Where to store the addresses of the pages. Optional.
2334 */
2335SUPR0DECL(int) SUPR0PageAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR3PTR ppvR3, PRTHCPHYS paPages)
2336{
2337 int rc;
2338 SUPDRVMEMREF Mem = {0};
2339 LogFlow(("SUPR0PageAlloc: pSession=%p cb=%d ppvR3=%p\n", pSession, cPages, ppvR3));
2340
2341 /*
2342 * Validate input. The allowed allocation size must be at least equal to the maximum guest VRAM size.
2343 */
2344 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2345 AssertPtrReturn(ppvR3, VERR_INVALID_POINTER);
2346 if (cPages < 1 || cPages > (128 * _1M)/PAGE_SIZE)
2347 {
2348 Log(("SUPR0PageAlloc: Illegal request cb=%u; must be greater than 0 and smaller than 128MB.\n", cPages));
2349 return VERR_INVALID_PARAMETER;
2350 }
2351
2352 /*
2353 * Let IPRT do the work.
2354 */
2355 rc = RTR0MemObjAllocPhysNC(&Mem.MemObj, (size_t)cPages * PAGE_SIZE, NIL_RTHCPHYS);
2356 if (RT_SUCCESS(rc))
2357 {
2358 int rc2;
2359 rc = RTR0MemObjMapUser(&Mem.MapObjR3, Mem.MemObj, (RTR3PTR)-1, 0,
2360 RTMEM_PROT_EXEC | RTMEM_PROT_WRITE | RTMEM_PROT_READ, RTR0ProcHandleSelf());
2361 if (RT_SUCCESS(rc))
2362 {
2363 Mem.eType = MEMREF_TYPE_LOCKED_SUP;
2364 rc = supdrvMemAdd(&Mem, pSession);
2365 if (!rc)
2366 {
2367 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
2368 if (paPages)
2369 {
2370 uint32_t iPage = cPages;
2371 while (iPage-- > 0)
2372 {
2373 paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MapObjR3, iPage);
2374 Assert(paPages[iPage] != NIL_RTHCPHYS);
2375 }
2376 }
2377 return VINF_SUCCESS;
2378 }
2379 rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
2380 AssertRC(rc2);
2381 }
2382
2383 rc2 = RTR0MemObjFree(Mem.MemObj, false);
2384 AssertRC(rc2);
2385 }
2386 return rc;
2387}
2388
2389
2390#ifdef RT_OS_WINDOWS
2391/**
2392 * Check if the pages were locked by SUPR0PageAlloc
2393 *
2394 * This function will be removed along with the lock/unlock hacks when
2395 * we've cleaned up the ring-3 code properly.
2396 *
2397 * @returns boolean
2398 * @param pSession The session to which the memory was allocated.
2399 * @param pvR3 The Ring-3 address returned by SUPR0PageAlloc().
2400 */
2401static bool supdrvPageWasLockedByPageAlloc(PSUPDRVSESSION pSession, RTR3PTR pvR3)
2402{
2403 PSUPDRVBUNDLE pBundle;
2404 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
2405 LogFlow(("SUPR0PageIsLockedByPageAlloc: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
2406
2407 /*
2408 * Search for the address.
2409 */
2410 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2411 for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
2412 {
2413 if (pBundle->cUsed > 0)
2414 {
2415 unsigned i;
2416 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
2417 {
2418 if ( pBundle->aMem[i].eType == MEMREF_TYPE_LOCKED_SUP
2419 && pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
2420 && pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
2421 && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == pvR3)
2422 {
2423 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2424 return true;
2425 }
2426 }
2427 }
2428 }
2429 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2430 return false;
2431}
2432
2433
2434/**
2435 * Get the physical addresses of memory allocated using SUPR0PageAlloc().
2436 *
2437 * This function will be removed along with the lock/unlock hacks when
2438 * we've cleaned up the ring-3 code properly.
2439 *
2440 * @returns IPRT status code.
2441 * @param pSession The session to which the memory was allocated.
2442 * @param pvR3 The Ring-3 address returned by SUPR0PageAlloc().
2443 * @param cPages Number of pages in paPages
2444 * @param paPages Where to store the physical addresses.
2445 */
2446static int supdrvPageGetPhys(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages)
2447{
2448 PSUPDRVBUNDLE pBundle;
2449 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
2450 LogFlow(("supdrvPageGetPhys: pSession=%p pvR3=%p cPages=%#lx paPages=%p\n", pSession, (void *)pvR3, (long)cPages, paPages));
2451
2452 /*
2453 * Search for the address.
2454 */
2455 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2456 for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
2457 {
2458 if (pBundle->cUsed > 0)
2459 {
2460 unsigned i;
2461 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
2462 {
2463 if ( pBundle->aMem[i].eType == MEMREF_TYPE_LOCKED_SUP
2464 && pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
2465 && pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
2466 && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == pvR3)
2467 {
2468 uint32_t iPage;
2469 size_t cMaxPages = RTR0MemObjSize(pBundle->aMem[i].MemObj) >> PAGE_SHIFT;
2470 cPages = (uint32_t)RT_MIN(cMaxPages, cPages);
2471 for (iPage = 0; iPage < cPages; iPage++)
2472 paPages[iPage] = RTR0MemObjGetPagePhysAddr(pBundle->aMem[i].MemObj, iPage);
2473 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2474 return VINF_SUCCESS;
2475 }
2476 }
2477 }
2478 }
2479 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2480 return VERR_INVALID_PARAMETER;
2481}
2482#endif /* RT_OS_WINDOWS */
2483
2484
2485/**
2486 * Free memory allocated by SUPR0PageAlloc().
2487 *
2488 * @returns IPRT status code.
2489 * @param pSession The session owning the allocation.
2490 * @param pvR3 The Ring-3 address returned by SUPR0PageAlloc().
2491 */
2492SUPR0DECL(int) SUPR0PageFree(PSUPDRVSESSION pSession, RTR3PTR pvR3)
2493{
2494 LogFlow(("SUPR0PageFree: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
2495 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2496 return supdrvMemRelease(pSession, (RTHCUINTPTR)pvR3, MEMREF_TYPE_LOCKED_SUP);
2497}
2498
2499
2500/**
2501 * Maps the GIP into userspace and/or get the physical address of the GIP.
2502 *
2503 * @returns IPRT status code.
2504 * @param pSession Session to which the GIP mapping should belong.
2505 * @param ppGipR3 Where to store the address of the ring-3 mapping. (optional)
2506 * @param pHCPhysGip Where to store the physical address. (optional)
2507 *
2508 * @remark There is no reference counting on the mapping, so one call to this function
2509 * count globally as one reference. One call to SUPR0GipUnmap() is will unmap GIP
2510 * and remove the session as a GIP user.
2511 */
2512SUPR0DECL(int) SUPR0GipMap(PSUPDRVSESSION pSession, PRTR3PTR ppGipR3, PRTHCPHYS pHCPhysGip)
2513{
2514 int rc = 0;
2515 PSUPDRVDEVEXT pDevExt = pSession->pDevExt;
2516 RTR3PTR pGip = NIL_RTR3PTR;
2517 RTHCPHYS HCPhys = NIL_RTHCPHYS;
2518 LogFlow(("SUPR0GipMap: pSession=%p ppGipR3=%p pHCPhysGip=%p\n", pSession, ppGipR3, pHCPhysGip));
2519
2520 /*
2521 * Validate
2522 */
2523 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2524 AssertPtrNullReturn(ppGipR3, VERR_INVALID_POINTER);
2525 AssertPtrNullReturn(pHCPhysGip, VERR_INVALID_POINTER);
2526
2527 RTSemFastMutexRequest(pDevExt->mtxGip);
2528 if (pDevExt->pGip)
2529 {
2530 /*
2531 * Map it?
2532 */
2533 if (ppGipR3)
2534 {
2535 if (pSession->GipMapObjR3 == NIL_RTR0MEMOBJ)
2536 rc = RTR0MemObjMapUser(&pSession->GipMapObjR3, pDevExt->GipMemObj, (RTR3PTR)-1, 0,
2537 RTMEM_PROT_READ, RTR0ProcHandleSelf());
2538 if (RT_SUCCESS(rc))
2539 {
2540 pGip = RTR0MemObjAddressR3(pSession->GipMapObjR3);
2541 rc = VINF_SUCCESS; /** @todo remove this and replace the !rc below with RT_SUCCESS(rc). */
2542 }
2543 }
2544
2545 /*
2546 * Get physical address.
2547 */
2548 if (pHCPhysGip && !rc)
2549 HCPhys = pDevExt->HCPhysGip;
2550
2551 /*
2552 * Reference globally.
2553 */
2554 if (!pSession->fGipReferenced && !rc)
2555 {
2556 pSession->fGipReferenced = 1;
2557 pDevExt->cGipUsers++;
2558 if (pDevExt->cGipUsers == 1)
2559 {
2560 PSUPGLOBALINFOPAGE pGip = pDevExt->pGip;
2561 unsigned i;
2562
2563 LogFlow(("SUPR0GipMap: Resumes GIP updating\n"));
2564
2565 for (i = 0; i < RT_ELEMENTS(pGip->aCPUs); i++)
2566 ASMAtomicXchgU32(&pGip->aCPUs[i].u32TransactionId, pGip->aCPUs[i].u32TransactionId & ~(GIP_UPDATEHZ_RECALC_FREQ * 2 - 1));
2567 ASMAtomicXchgU64(&pGip->u64NanoTSLastUpdateHz, 0);
2568
2569 rc = RTTimerStart(pDevExt->pGipTimer, 0);
2570 AssertRC(rc); rc = VINF_SUCCESS;
2571 }
2572 }
2573 }
2574 else
2575 {
2576 rc = SUPDRV_ERR_GENERAL_FAILURE;
2577 Log(("SUPR0GipMap: GIP is not available!\n"));
2578 }
2579 RTSemFastMutexRelease(pDevExt->mtxGip);
2580
2581 /*
2582 * Write returns.
2583 */
2584 if (pHCPhysGip)
2585 *pHCPhysGip = HCPhys;
2586 if (ppGipR3)
2587 *ppGipR3 = pGip;
2588
2589#ifdef DEBUG_DARWIN_GIP
2590 OSDBGPRINT(("SUPR0GipMap: returns %d *pHCPhysGip=%lx *ppGip=%p GipMapObjR3\n", rc, (unsigned long)HCPhys, pGip, pSession->GipMapObjR3));
2591#else
2592 LogFlow(("SUPR0GipMap: returns %d *pHCPhysGip=%lx *ppGipR3=%p\n", rc, (unsigned long)HCPhys, (void *)(uintptr_t)pGip));
2593#endif
2594 return rc;
2595}
2596
2597
2598/**
2599 * Unmaps any user mapping of the GIP and terminates all GIP access
2600 * from this session.
2601 *
2602 * @returns IPRT status code.
2603 * @param pSession Session to which the GIP mapping should belong.
2604 */
2605SUPR0DECL(int) SUPR0GipUnmap(PSUPDRVSESSION pSession)
2606{
2607 int rc = VINF_SUCCESS;
2608 PSUPDRVDEVEXT pDevExt = pSession->pDevExt;
2609#ifdef DEBUG_DARWIN_GIP
2610 OSDBGPRINT(("SUPR0GipUnmap: pSession=%p pGip=%p GipMapObjR3=%p\n",
2611 pSession,
2612 pSession->GipMapObjR3 != NIL_RTR0MEMOBJ ? RTR0MemObjAddress(pSession->GipMapObjR3) : NULL,
2613 pSession->GipMapObjR3));
2614#else
2615 LogFlow(("SUPR0GipUnmap: pSession=%p\n", pSession));
2616#endif
2617 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2618
2619 RTSemFastMutexRequest(pDevExt->mtxGip);
2620
2621 /*
2622 * Unmap anything?
2623 */
2624 if (pSession->GipMapObjR3 != NIL_RTR0MEMOBJ)
2625 {
2626 rc = RTR0MemObjFree(pSession->GipMapObjR3, false);
2627 AssertRC(rc);
2628 if (RT_SUCCESS(rc))
2629 pSession->GipMapObjR3 = NIL_RTR0MEMOBJ;
2630 }
2631
2632 /*
2633 * Dereference global GIP.
2634 */
2635 if (pSession->fGipReferenced && !rc)
2636 {
2637 pSession->fGipReferenced = 0;
2638 if ( pDevExt->cGipUsers > 0
2639 && !--pDevExt->cGipUsers)
2640 {
2641 LogFlow(("SUPR0GipUnmap: Suspends GIP updating\n"));
2642 rc = RTTimerStop(pDevExt->pGipTimer); AssertRC(rc); rc = 0;
2643 }
2644 }
2645
2646 RTSemFastMutexRelease(pDevExt->mtxGip);
2647
2648 return rc;
2649}
2650
2651
2652/**
2653 * Register a component factory with the support driver.
2654 *
2655 * This is currently restricted to kernel sessions only.
2656 *
2657 * @returns VBox status code.
2658 * @retval VINF_SUCCESS on success.
2659 * @retval VERR_NO_MEMORY if we're out of memory.
2660 * @retval VERR_ALREADY_EXISTS if the factory has already been registered.
2661 * @retval VERR_ACCESS_DENIED if it isn't a kernel session.
2662 * @retval VERR_INVALID_PARAMETER on invalid parameter.
2663 * @retval VERR_INVALID_POINTER on invalid pointer parameter.
2664 *
2665 * @param pSession The SUPDRV session (must be a ring-0 session).
2666 * @param pFactory Pointer to the component factory registration structure.
2667 *
2668 * @remarks This interface is also available via SUPR0IdcComponentRegisterFactory.
2669 */
2670SUPR0DECL(int) SUPR0ComponentRegisterFactory(PSUPDRVSESSION pSession, PCSUPDRVFACTORY pFactory)
2671{
2672 PSUPDRVFACTORYREG pNewReg;
2673 const char *psz;
2674 int rc;
2675
2676 /*
2677 * Validate parameters.
2678 */
2679 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2680 AssertReturn(pSession->R0Process == NIL_RTR0PROCESS, VERR_ACCESS_DENIED);
2681 AssertPtrReturn(pFactory, VERR_INVALID_POINTER);
2682 AssertPtrReturn(pFactory->pfnQueryFactoryInterface, VERR_INVALID_POINTER);
2683 psz = (const char *)memchr(pFactory->szName, '\0', sizeof(pFactory->szName));
2684 AssertReturn(psz, VERR_INVALID_PARAMETER);
2685
2686 /*
2687 * Allocate and initialize a new registration structure.
2688 */
2689 pNewReg = (PSUPDRVFACTORYREG)RTMemAlloc(sizeof(SUPDRVFACTORYREG));
2690 if (pNewReg)
2691 {
2692 pNewReg->pNext = NULL;
2693 pNewReg->pFactory = pFactory;
2694 pNewReg->pSession = pSession;
2695 pNewReg->cchName = psz - &pFactory->szName[0];
2696
2697 /*
2698 * Add it to the tail of the list after checking for prior registration.
2699 */
2700 rc = RTSemFastMutexRequest(pSession->pDevExt->mtxComponentFactory);
2701 if (RT_SUCCESS(rc))
2702 {
2703 PSUPDRVFACTORYREG pPrev = NULL;
2704 PSUPDRVFACTORYREG pCur = pSession->pDevExt->pComponentFactoryHead;
2705 while (pCur && pCur->pFactory != pFactory)
2706 {
2707 pPrev = pCur;
2708 pCur = pCur->pNext;
2709 }
2710 if (!pCur)
2711 {
2712 if (pPrev)
2713 pPrev->pNext = pNewReg;
2714 else
2715 pSession->pDevExt->pComponentFactoryHead = pNewReg;
2716 rc = VINF_SUCCESS;
2717 }
2718 else
2719 rc = VERR_ALREADY_EXISTS;
2720
2721 RTSemFastMutexRelease(pSession->pDevExt->mtxComponentFactory);
2722 }
2723
2724 if (RT_FAILURE(rc))
2725 RTMemFree(pNewReg);
2726 }
2727 else
2728 rc = VERR_NO_MEMORY;
2729 return rc;
2730}
2731
2732
2733/**
2734 * Deregister a component factory.
2735 *
2736 * @returns VBox status code.
2737 * @retval VINF_SUCCESS on success.
2738 * @retval VERR_NOT_FOUND if the factory wasn't registered.
2739 * @retval VERR_ACCESS_DENIED if it isn't a kernel session.
2740 * @retval VERR_INVALID_PARAMETER on invalid parameter.
2741 * @retval VERR_INVALID_POINTER on invalid pointer parameter.
2742 *
2743 * @param pSession The SUPDRV session (must be a ring-0 session).
2744 * @param pFactory Pointer to the component factory registration structure
2745 * previously passed SUPR0ComponentRegisterFactory().
2746 *
2747 * @remarks This interface is also available via SUPR0IdcComponentDeregisterFactory.
2748 */
2749SUPR0DECL(int) SUPR0ComponentDeregisterFactory(PSUPDRVSESSION pSession, PCSUPDRVFACTORY pFactory)
2750{
2751 int rc;
2752
2753 /*
2754 * Validate parameters.
2755 */
2756 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2757 AssertReturn(pSession->R0Process == NIL_RTR0PROCESS, VERR_ACCESS_DENIED);
2758 AssertPtrReturn(pFactory, VERR_INVALID_POINTER);
2759
2760 /*
2761 * Take the lock and look for the registration record.
2762 */
2763 rc = RTSemFastMutexRequest(pSession->pDevExt->mtxComponentFactory);
2764 if (RT_SUCCESS(rc))
2765 {
2766 PSUPDRVFACTORYREG pPrev = NULL;
2767 PSUPDRVFACTORYREG pCur = pSession->pDevExt->pComponentFactoryHead;
2768 while (pCur && pCur->pFactory != pFactory)
2769 {
2770 pPrev = pCur;
2771 pCur = pCur->pNext;
2772 }
2773 if (pCur)
2774 {
2775 if (!pPrev)
2776 pSession->pDevExt->pComponentFactoryHead = pCur->pNext;
2777 else
2778 pPrev->pNext = pCur->pNext;
2779
2780 pCur->pNext = NULL;
2781 pCur->pFactory = NULL;
2782 pCur->pSession = NULL;
2783 rc = VINF_SUCCESS;
2784 }
2785 else
2786 rc = VERR_NOT_FOUND;
2787
2788 RTSemFastMutexRelease(pSession->pDevExt->mtxComponentFactory);
2789
2790 RTMemFree(pCur);
2791 }
2792 return rc;
2793}
2794
2795
2796/**
2797 * Queries a component factory.
2798 *
2799 * @returns VBox status code.
2800 * @retval VERR_INVALID_PARAMETER on invalid parameter.
2801 * @retval VERR_INVALID_POINTER on invalid pointer parameter.
2802 * @retval VERR_SUPDRV_COMPONENT_NOT_FOUND if the component factory wasn't found.
2803 * @retval VERR_SUPDRV_INTERFACE_NOT_SUPPORTED if the interface wasn't supported.
2804 *
2805 * @param pSession The SUPDRV session.
2806 * @param pszName The name of the component factory.
2807 * @param pszInterfaceUuid The UUID of the factory interface (stringified).
2808 * @param ppvFactoryIf Where to store the factory interface.
2809 */
2810SUPR0DECL(int) SUPR0ComponentQueryFactory(PSUPDRVSESSION pSession, const char *pszName, const char *pszInterfaceUuid, void **ppvFactoryIf)
2811{
2812 const char *pszEnd;
2813 size_t cchName;
2814 int rc;
2815
2816 /*
2817 * Validate parameters.
2818 */
2819 AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
2820
2821 AssertPtrReturn(pszName, VERR_INVALID_POINTER);
2822 pszEnd = memchr(pszName, '\0', RT_SIZEOFMEMB(SUPDRVFACTORY, szName));
2823 AssertReturn(pszEnd, VERR_INVALID_PARAMETER);
2824 cchName = pszEnd - pszName;
2825
2826 AssertPtrReturn(pszInterfaceUuid, VERR_INVALID_POINTER);
2827 pszEnd = memchr(pszInterfaceUuid, '\0', RTUUID_STR_LENGTH);
2828 AssertReturn(pszEnd, VERR_INVALID_PARAMETER);
2829
2830 AssertPtrReturn(ppvFactoryIf, VERR_INVALID_POINTER);
2831 *ppvFactoryIf = NULL;
2832
2833 /*
2834 * Take the lock and try all factories by this name.
2835 */
2836 rc = RTSemFastMutexRequest(pSession->pDevExt->mtxComponentFactory);
2837 if (RT_SUCCESS(rc))
2838 {
2839 PSUPDRVFACTORYREG pCur = pSession->pDevExt->pComponentFactoryHead;
2840 rc = VERR_SUPDRV_COMPONENT_NOT_FOUND;
2841 while (pCur)
2842 {
2843 if ( pCur->cchName == cchName
2844 && !memcmp(pCur->pFactory->szName, pszName, cchName))
2845 {
2846#ifdef RT_WITH_W64_UNWIND_HACK
2847 void *pvFactory = supdrvNtWrapQueryFactoryInterface((PFNRT)pCur->pFactory->pfnQueryFactoryInterface, pCur->pFactory, pSession, pszInterfaceUuid);
2848#else
2849 void *pvFactory = pCur->pFactory->pfnQueryFactoryInterface(pCur->pFactory, pSession, pszInterfaceUuid);
2850#endif
2851 if (pvFactory)
2852 {
2853 *ppvFactoryIf = pvFactory;
2854 rc = VINF_SUCCESS;
2855 break;
2856 }
2857 rc = VERR_SUPDRV_INTERFACE_NOT_SUPPORTED;
2858 }
2859
2860 /* next */
2861 pCur = pCur->pNext;
2862 }
2863
2864 RTSemFastMutexRelease(pSession->pDevExt->mtxComponentFactory);
2865 }
2866 return rc;
2867}
2868
2869
2870/**
2871 * Adds a memory object to the session.
2872 *
2873 * @returns IPRT status code.
2874 * @param pMem Memory tracking structure containing the
2875 * information to track.
2876 * @param pSession The session.
2877 */
2878static int supdrvMemAdd(PSUPDRVMEMREF pMem, PSUPDRVSESSION pSession)
2879{
2880 PSUPDRVBUNDLE pBundle;
2881 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
2882
2883 /*
2884 * Find free entry and record the allocation.
2885 */
2886 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2887 for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
2888 {
2889 if (pBundle->cUsed < RT_ELEMENTS(pBundle->aMem))
2890 {
2891 unsigned i;
2892 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
2893 {
2894 if (pBundle->aMem[i].MemObj == NIL_RTR0MEMOBJ)
2895 {
2896 pBundle->cUsed++;
2897 pBundle->aMem[i] = *pMem;
2898 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2899 return VINF_SUCCESS;
2900 }
2901 }
2902 AssertFailed(); /* !!this can't be happening!!! */
2903 }
2904 }
2905 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2906
2907 /*
2908 * Need to allocate a new bundle.
2909 * Insert into the last entry in the bundle.
2910 */
2911 pBundle = (PSUPDRVBUNDLE)RTMemAllocZ(sizeof(*pBundle));
2912 if (!pBundle)
2913 return VERR_NO_MEMORY;
2914
2915 /* take last entry. */
2916 pBundle->cUsed++;
2917 pBundle->aMem[RT_ELEMENTS(pBundle->aMem) - 1] = *pMem;
2918
2919 /* insert into list. */
2920 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2921 pBundle->pNext = pSession->Bundle.pNext;
2922 pSession->Bundle.pNext = pBundle;
2923 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2924
2925 return VINF_SUCCESS;
2926}
2927
2928
2929/**
2930 * Releases a memory object referenced by pointer and type.
2931 *
2932 * @returns IPRT status code.
2933 * @param pSession Session data.
2934 * @param uPtr Pointer to memory. This is matched against both the R0 and R3 addresses.
2935 * @param eType Memory type.
2936 */
2937static int supdrvMemRelease(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, SUPDRVMEMREFTYPE eType)
2938{
2939 PSUPDRVBUNDLE pBundle;
2940 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
2941
2942 /*
2943 * Validate input.
2944 */
2945 if (!uPtr)
2946 {
2947 Log(("Illegal address %p\n", (void *)uPtr));
2948 return VERR_INVALID_PARAMETER;
2949 }
2950
2951 /*
2952 * Search for the address.
2953 */
2954 RTSpinlockAcquire(pSession->Spinlock, &SpinlockTmp);
2955 for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
2956 {
2957 if (pBundle->cUsed > 0)
2958 {
2959 unsigned i;
2960 for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
2961 {
2962 if ( pBundle->aMem[i].eType == eType
2963 && pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
2964 && ( (RTHCUINTPTR)RTR0MemObjAddress(pBundle->aMem[i].MemObj) == uPtr
2965 || ( pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
2966 && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == uPtr))
2967 )
2968 {
2969 /* Make a copy of it and release it outside the spinlock. */
2970 SUPDRVMEMREF Mem = pBundle->aMem[i];
2971 pBundle->aMem[i].eType = MEMREF_TYPE_UNUSED;
2972 pBundle->aMem[i].MemObj = NIL_RTR0MEMOBJ;
2973 pBundle->aMem[i].MapObjR3 = NIL_RTR0MEMOBJ;
2974 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2975
2976 if (Mem.MapObjR3)
2977 {
2978 int rc = RTR0MemObjFree(Mem.MapObjR3, false);
2979 AssertRC(rc); /** @todo figure out how to handle this. */
2980 }
2981 if (Mem.MemObj)
2982 {
2983 int rc = RTR0MemObjFree(Mem.MemObj, false);
2984 AssertRC(rc); /** @todo figure out how to handle this. */
2985 }
2986 return VINF_SUCCESS;
2987 }
2988 }
2989 }
2990 }
2991 RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
2992 Log(("Failed to find %p!!! (eType=%d)\n", (void *)uPtr, eType));
2993 return VERR_INVALID_PARAMETER;
2994}
2995
2996
2997#ifdef VBOX_WITH_IDT_PATCHING
2998/**
2999 * Install IDT for the current CPU.
3000 *
3001 * @returns One of the following IPRT status codes:
3002 * @retval VINF_SUCCESS on success.
3003 * @retval VERR_IDT_FAILED.
3004 * @retval VERR_NO_MEMORY.
3005 * @param pDevExt The device extension.
3006 * @param pSession The session data.
3007 * @param pReq The request.
3008 */
3009static int supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL pReq)
3010{
3011 PSUPDRVPATCHUSAGE pUsagePre;
3012 PSUPDRVPATCH pPatchPre;
3013 RTIDTR Idtr;
3014 PSUPDRVPATCH pPatch;
3015 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
3016 LogFlow(("supdrvIOCtl_IdtInstall\n"));
3017
3018 /*
3019 * Preallocate entry for this CPU cause we don't wanna do
3020 * that inside the spinlock!
3021 */
3022 pUsagePre = (PSUPDRVPATCHUSAGE)RTMemAlloc(sizeof(*pUsagePre));
3023 if (!pUsagePre)
3024 return VERR_NO_MEMORY;
3025
3026 /*
3027 * Take the spinlock and see what we need to do.
3028 */
3029 RTSpinlockAcquireNoInts(pDevExt->Spinlock, &SpinlockTmp);
3030
3031 /* check if we already got a free patch. */
3032 if (!pDevExt->pIdtPatchesFree)
3033 {
3034 /*
3035 * Allocate a patch - outside the spinlock of course.
3036 */
3037 RTSpinlockReleaseNoInts(pDevExt->Spinlock, &SpinlockTmp);
3038
3039 pPatchPre = (PSUPDRVPATCH)RTMemExecAlloc(sizeof(*pPatchPre));
3040 if (!pPatchPre)
3041 return VERR_NO_MEMORY;
3042
3043 RTSpinlockAcquireNoInts(pDevExt->Spinlock, &SpinlockTmp);
3044 }
3045 else
3046 {
3047 pPatchPre = pDevExt->pIdtPatchesFree;
3048 pDevExt->pIdtPatchesFree = pPatchPre->pNext;
3049 }
3050
3051 /* look for matching patch entry */
3052 ASMGetIDTR(&Idtr);
3053 pPatch = pDevExt->pIdtPatches;
3054 while (pPatch && pPatch->pvIdt != (void *)Idtr.pIdt)
3055 pPatch = pPatch->pNext;
3056
3057 if (!pPatch)
3058 {
3059 /*
3060 * Create patch.
3061 */
3062 pPatch = supdrvIdtPatchOne(pDevExt, pPatchPre);
3063 if (pPatch)
3064 pPatchPre = NULL; /* mark as used. */
3065 }
3066 else
3067 {
3068 /*
3069 * Simply increment patch usage.
3070 */
3071 pPatch->cUsage++;
3072 }
3073
3074 if (pPatch)
3075 {
3076 /*
3077 * Increment and add if need be the session usage record for this patch.
3078 */
3079 PSUPDRVPATCHUSAGE pUsage = pSession->pPatchUsage;
3080 while (pUsage && pUsage->pPatch != pPatch)
3081 pUsage = pUsage->pNext;
3082
3083 if (!pUsage)
3084 {
3085 /*
3086 * Add usage record.
3087 */
3088 pUsagePre->cUsage = 1;
3089 pUsagePre->pPatch = pPatch;
3090 pUsagePre->pNext = pSession->pPatchUsage;
3091 pSession->pPatchUsage = pUsagePre;
3092 pUsagePre = NULL; /* mark as used. */
3093 }
3094 else
3095 {
3096 /*
3097 * Increment usage count.
3098 */
3099 pUsage->cUsage++;
3100 }
3101 }
3102
3103 /* free patch - we accumulate them for paranoid saftly reasons. */
3104 if (pPatchPre)
3105 {
3106 pPatchPre->pNext = pDevExt->pIdtPatchesFree;
3107 pDevExt->pIdtPatchesFree = pPatchPre;
3108 }
3109
3110 RTSpinlockReleaseNoInts(pDevExt->Spinlock, &SpinlockTmp);
3111
3112 /*
3113 * Free unused preallocated buffers.
3114 */
3115 if (pUsagePre)
3116 RTMemFree(pUsagePre);
3117
3118 pReq->u.Out.u8Idt = pDevExt->u8Idt;
3119
3120 return pPatch ? VINF_SUCCESS : VERR_IDT_FAILED;
3121}
3122
3123
3124/**
3125 * This creates a IDT patch entry.
3126 * If the first patch being installed it'll also determin the IDT entry
3127 * to use.
3128 *
3129 * @returns pPatch on success.
3130 * @returns NULL on failure.
3131 * @param pDevExt Pointer to globals.
3132 * @param pPatch Patch entry to use.
3133 * This will be linked into SUPDRVDEVEXT::pIdtPatches on
3134 * successful return.
3135 * @remark Call must be owning the SUPDRVDEVEXT::Spinlock!
3136 */
3137static PSUPDRVPATCH supdrvIdtPatchOne(PSUPDRVDEVEXT pDevExt, PSUPDRVPATCH pPatch)
3138{
3139 RTIDTR Idtr;
3140 PSUPDRVIDTE paIdt;
3141 LogFlow(("supdrvIOCtl_IdtPatchOne: pPatch=%p\n", pPatch));
3142
3143 /*
3144 * Get IDT.
3145 */
3146 ASMGetIDTR(&Idtr);
3147 paIdt = (PSUPDRVIDTE)Idtr.pIdt;
3148 /*
3149 * Recent Linux kernels can be configured to 1G user /3G kernel.
3150 */
3151 if ((uintptr_t)paIdt < 0x40000000)
3152 {
3153 AssertMsgFailed(("bad paIdt=%p\n", paIdt));
3154 return NULL;
3155 }
3156
3157 if (!pDevExt->u8Idt)
3158 {
3159 /*
3160 * Test out the alternatives.
3161 *
3162 * At the moment we do not support chaining thus we ASSUME that one of
3163 * these 48 entries is unused (which is not a problem on Win32 and
3164 * Linux to my knowledge).
3165 */
3166 /** @todo we MUST change this detection to try grab an entry which is NOT in use. This can be
3167 * combined with gathering info about which guest system call gates we can hook up directly. */
3168 unsigned i;
3169 uint8_t u8Idt = 0;
3170 static uint8_t au8Ints[] =
3171 {
3172#ifdef RT_OS_WINDOWS /* We don't use 0xef and above because they are system stuff on linux (ef is IPI,
3173 * local apic timer, or some other frequently fireing thing). */
3174 0xef, 0xee, 0xed, 0xec,
3175#endif
3176 0xeb, 0xea, 0xe9, 0xe8,
3177 0xdf, 0xde, 0xdd, 0xdc,
3178 0x7b, 0x7a, 0x79, 0x78,
3179 0xbf, 0xbe, 0xbd, 0xbc,
3180 };
3181#if defined(RT_ARCH_AMD64) && defined(DEBUG)
3182 static int s_iWobble = 0;
3183 unsigned iMax = !(s_iWobble++ % 2) ? 0x80 : 0x100;
3184 Log2(("IDT: Idtr=%p:%#x\n", (void *)Idtr.pIdt, (unsigned)Idtr.cbIdt));
3185 for (i = iMax - 0x80; i*16+15 < Idtr.cbIdt && i < iMax; i++)
3186 {
3187 Log2(("%#x: %04x:%08x%04x%04x P=%d DPL=%d IST=%d Type1=%#x u32Reserved=%#x u5Reserved=%#x\n",
3188 i, paIdt[i].u16SegSel, paIdt[i].u32OffsetTop, paIdt[i].u16OffsetHigh, paIdt[i].u16OffsetLow,
3189 paIdt[i].u1Present, paIdt[i].u2DPL, paIdt[i].u3IST, paIdt[i].u5Type2,
3190 paIdt[i].u32Reserved, paIdt[i].u5Reserved));
3191 }
3192#endif
3193 /* look for entries which are not present or otherwise unused. */
3194 for (i = 0; i < sizeof(au8Ints) / sizeof(au8Ints[0]); i++)
3195 {
3196 u8Idt = au8Ints[i];
3197 if ( u8Idt * sizeof(SUPDRVIDTE) < Idtr.cbIdt
3198 && ( !paIdt[u8Idt].u1Present
3199 || paIdt[u8Idt].u5Type2 == 0))
3200 break;
3201 u8Idt = 0;
3202 }
3203 if (!u8Idt)
3204 {
3205 /* try again, look for a compatible entry .*/
3206 for (i = 0; i < sizeof(au8Ints) / sizeof(au8Ints[0]); i++)
3207 {
3208 u8Idt = au8Ints[i];
3209 if ( u8Idt * sizeof(SUPDRVIDTE) < Idtr.cbIdt
3210 && paIdt[u8Idt].u1Present
3211 && paIdt[u8Idt].u5Type2 == SUPDRV_IDTE_TYPE2_INTERRUPT_GATE
3212 && !(paIdt[u8Idt].u16SegSel & 3))
3213 break;
3214 u8Idt = 0;
3215 }
3216 if (!u8Idt)
3217 {
3218 Log(("Failed to find appropirate IDT entry!!\n"));
3219 return NULL;
3220 }
3221 }
3222 pDevExt->u8Idt = u8Idt;
3223 LogFlow(("supdrvIOCtl_IdtPatchOne: u8Idt=%x\n", u8Idt));
3224 }
3225
3226 /*
3227 * Prepare the patch
3228 */
3229 memset(pPatch, 0, sizeof(*pPatch));
3230 pPatch->pvIdt = paIdt;
3231 pPatch->cUsage = 1;
3232 pPatch->pIdtEntry = &paIdt[pDevExt->u8Idt];
3233 pPatch->SavedIdt = paIdt[pDevExt->u8Idt];
3234 pPatch->ChangedIdt.u16OffsetLow = (uint32_t)((uintptr_t)&pPatch->auCode[0] & 0xffff);
3235 pPatch->ChangedIdt.u16OffsetHigh = (uint32_t)((uintptr_t)&pPatch->auCode[0] >> 16);
3236#ifdef RT_ARCH_AMD64
3237 pPatch->ChangedIdt.u32OffsetTop = (uint32_t)((uintptr_t)&pPatch->auCode[0] >> 32);
3238#endif
3239 pPatch->ChangedIdt.u16SegSel = ASMGetCS();
3240#ifdef RT_ARCH_AMD64
3241 pPatch->ChangedIdt.u3IST = 0;
3242 pPatch->ChangedIdt.u5Reserved = 0;
3243#else /* x86 */
3244 pPatch->ChangedIdt.u5Reserved = 0;
3245 pPatch->ChangedIdt.u3Type1 = 0;
3246#endif /* x86 */
3247 pPatch->ChangedIdt.u5Type2 = SUPDRV_IDTE_TYPE2_INTERRUPT_GATE;
3248 pPatch->ChangedIdt.u2DPL = 3;
3249 pPatch->ChangedIdt.u1Present = 1;
3250
3251 /*
3252 * Generate the patch code.
3253 */
3254 {
3255#ifdef RT_ARCH_AMD64
3256 union
3257 {
3258 uint8_t *pb;
3259 uint32_t *pu32;
3260 uint64_t *pu64;
3261 } u, uFixJmp, uFixCall, uNotNested;
3262 u.pb = &pPatch->auCode[0];
3263
3264 /* check the cookie */
3265 *u.pb++ = 0x3d; // cmp eax, GLOBALCOOKIE
3266 *u.pu32++ = pDevExt->u32Cookie;
3267
3268 *u.pb++ = 0x74; // jz @VBoxCall
3269 *u.pb++ = 2;
3270
3271 /* jump to forwarder code. */
3272 *u.pb++ = 0xeb;
3273 uFixJmp = u;
3274 *u.pb++ = 0xfe;
3275
3276 // @VBoxCall:
3277 *u.pb++ = 0x0f; // swapgs
3278 *u.pb++ = 0x01;
3279 *u.pb++ = 0xf8;
3280
3281 /*
3282 * Call VMMR0Entry
3283 * We don't have to push the arguments here, but we have top
3284 * reserve some stack space for the interrupt forwarding.
3285 */
3286# ifdef RT_OS_WINDOWS
3287 *u.pb++ = 0x50; // push rax ; alignment filler.
3288 *u.pb++ = 0x41; // push r8 ; uArg
3289 *u.pb++ = 0x50;
3290 *u.pb++ = 0x52; // push rdx ; uOperation
3291 *u.pb++ = 0x51; // push rcx ; pVM
3292# else
3293 *u.pb++ = 0x51; // push rcx ; alignment filler.
3294 *u.pb++ = 0x52; // push rdx ; uArg
3295 *u.pb++ = 0x56; // push rsi ; uOperation
3296 *u.pb++ = 0x57; // push rdi ; pVM
3297# endif
3298
3299 *u.pb++ = 0xff; // call qword [pfnVMMR0EntryInt wrt rip]
3300 *u.pb++ = 0x15;
3301 uFixCall = u;
3302 *u.pu32++ = 0;
3303
3304 *u.pb++ = 0x48; // add rsp, 20h ; remove call frame.
3305 *u.pb++ = 0x81;
3306 *u.pb++ = 0xc4;
3307 *u.pu32++ = 0x20;
3308
3309 *u.pb++ = 0x0f; // swapgs
3310 *u.pb++ = 0x01;
3311 *u.pb++ = 0xf8;
3312
3313 /* Return to R3. */
3314 uNotNested = u;
3315 *u.pb++ = 0x48; // iretq
3316 *u.pb++ = 0xcf;
3317
3318 while ((uintptr_t)u.pb & 0x7) // align 8
3319 *u.pb++ = 0xcc;
3320
3321 /* Pointer to the VMMR0Entry. */ // pfnVMMR0EntryInt dq StubVMMR0Entry
3322 *uFixCall.pu32 = (uint32_t)(u.pb - uFixCall.pb - 4); uFixCall.pb = NULL;
3323 pPatch->offVMMR0EntryFixup = (uint16_t)(u.pb - &pPatch->auCode[0]);
3324 *u.pu64++ = pDevExt->pvVMMR0 ? (uint64_t)pDevExt->pfnVMMR0EntryInt : (uint64_t)u.pb + 8;
3325
3326 /* stub entry. */ // StubVMMR0Entry:
3327 pPatch->offStub = (uint16_t)(u.pb - &pPatch->auCode[0]);
3328 *u.pb++ = 0x33; // xor eax, eax
3329 *u.pb++ = 0xc0;
3330
3331 *u.pb++ = 0x48; // dec rax
3332 *u.pb++ = 0xff;
3333 *u.pb++ = 0xc8;
3334
3335 *u.pb++ = 0xc3; // ret
3336
3337 /* forward to the original handler using a retf. */
3338 *uFixJmp.pb = (uint8_t)(u.pb - uFixJmp.pb - 1); uFixJmp.pb = NULL;
3339
3340 *u.pb++ = 0x68; // push <target cs>
3341 *u.pu32++ = !pPatch->SavedIdt.u5Type2 ? ASMGetCS() : pPatch->SavedIdt.u16SegSel;
3342
3343 *u.pb++ = 0x68; // push <low target rip>
3344 *u.pu32++ = !pPatch->SavedIdt.u5Type2
3345 ? (uint32_t)(uintptr_t)uNotNested.pb
3346 : (uint32_t)pPatch->SavedIdt.u16OffsetLow
3347 | (uint32_t)pPatch->SavedIdt.u16OffsetHigh << 16;
3348
3349 *u.pb++ = 0xc7; // mov dword [rsp + 4], <high target rip>
3350 *u.pb++ = 0x44;
3351 *u.pb++ = 0x24;
3352 *u.pb++ = 0x04;
3353 *u.pu32++ = !pPatch->SavedIdt.u5Type2
3354 ? (uint32_t)((uint64_t)uNotNested.pb >> 32)
3355 : pPatch->SavedIdt.u32OffsetTop;
3356
3357 *u.pb++ = 0x48; // retf ; does this require prefix?
3358 *u.pb++ = 0xcb;
3359
3360#else /* RT_ARCH_X86 */
3361
3362 union
3363 {
3364 uint8_t *pb;
3365 uint16_t *pu16;
3366 uint32_t *pu32;
3367 } u, uFixJmpNotNested, uFixJmp, uFixCall, uNotNested;
3368 u.pb = &pPatch->auCode[0];
3369
3370 /* check the cookie */
3371 *u.pb++ = 0x81; // cmp esi, GLOBALCOOKIE
3372 *u.pb++ = 0xfe;
3373 *u.pu32++ = pDevExt->u32Cookie;
3374
3375 *u.pb++ = 0x74; // jz VBoxCall
3376 uFixJmp = u;
3377 *u.pb++ = 0;
3378
3379 /* jump (far) to the original handler / not-nested-stub. */
3380 *u.pb++ = 0xea; // jmp far NotNested
3381 uFixJmpNotNested = u;
3382 *u.pu32++ = 0;
3383 *u.pu16++ = 0;
3384
3385 /* save selector registers. */ // VBoxCall:
3386 *uFixJmp.pb = (uint8_t)(u.pb - uFixJmp.pb - 1);
3387 *u.pb++ = 0x0f; // push fs
3388 *u.pb++ = 0xa0;
3389
3390 *u.pb++ = 0x1e; // push ds
3391
3392 *u.pb++ = 0x06; // push es
3393
3394 /* call frame */
3395 *u.pb++ = 0x51; // push ecx
3396
3397 *u.pb++ = 0x52; // push edx
3398
3399 *u.pb++ = 0x50; // push eax
3400
3401 /* load ds, es and perhaps fs before call. */
3402 *u.pb++ = 0xb8; // mov eax, KernelDS
3403 *u.pu32++ = ASMGetDS();
3404
3405 *u.pb++ = 0x8e; // mov ds, eax
3406 *u.pb++ = 0xd8;
3407
3408 *u.pb++ = 0x8e; // mov es, eax
3409 *u.pb++ = 0xc0;
3410
3411#ifdef RT_OS_WINDOWS
3412 *u.pb++ = 0xb8; // mov eax, KernelFS
3413 *u.pu32++ = ASMGetFS();
3414
3415 *u.pb++ = 0x8e; // mov fs, eax
3416 *u.pb++ = 0xe0;
3417#endif
3418
3419 /* do the call. */
3420 *u.pb++ = 0xe8; // call _VMMR0Entry / StubVMMR0Entry
3421 uFixCall = u;
3422 pPatch->offVMMR0EntryFixup = (uint16_t)(u.pb - &pPatch->auCode[0]);
3423 *u.pu32++ = 0xfffffffb;
3424
3425 *u.pb++ = 0x83; // add esp, 0ch ; cdecl
3426 *u.pb++ = 0xc4;
3427 *u.pb++ = 0x0c;
3428
3429 /* restore selector registers. */
3430 *u.pb++ = 0x07; // pop es
3431 //
3432 *u.pb++ = 0x1f; // pop ds
3433
3434 *u.pb++ = 0x0f; // pop fs
3435 *u.pb++ = 0xa1;
3436
3437 uNotNested = u; // NotNested:
3438 *u.pb++ = 0xcf; // iretd
3439
3440 /* the stub VMMR0Entry. */ // StubVMMR0Entry:
3441 pPatch->offStub = (uint16_t)(u.pb - &pPatch->auCode[0]);
3442 *u.pb++ = 0x33; // xor eax, eax
3443 *u.pb++ = 0xc0;
3444
3445 *u.pb++ = 0x48; // dec eax
3446
3447 *u.pb++ = 0xc3; // ret
3448
3449 /* Fixup the VMMR0Entry call. */
3450 if (pDevExt->pvVMMR0)
3451 *uFixCall.pu32 = (uint32_t)pDevExt->pfnVMMR0EntryInt - (uint32_t)(uFixCall.pu32 + 1);
3452 else
3453 *uFixCall.pu32 = (uint32_t)&pPatch->auCode[pPatch->offStub] - (uint32_t)(uFixCall.pu32 + 1);
3454
3455 /* Fixup the forward / nested far jump. */
3456 if (!pPatch->SavedIdt.u5Type2)
3457 {
3458 *uFixJmpNotNested.pu32++ = (uint32_t)uNotNested.pb;
3459 *uFixJmpNotNested.pu16++ = ASMGetCS();
3460 }
3461 else
3462 {
3463 *uFixJmpNotNested.pu32++ = ((uint32_t)pPatch->SavedIdt.u16OffsetHigh << 16) | pPatch->SavedIdt.u16OffsetLow;
3464 *uFixJmpNotNested.pu16++ = pPatch->SavedIdt.u16SegSel;
3465 }
3466#endif /* RT_ARCH_X86 */
3467 Assert(u.pb <= &pPatch->auCode[sizeof(pPatch->auCode)]);
3468#if 0
3469 /* dump the patch code */
3470 Log2(("patch code: %p\n", &pPatch->auCode[0]));
3471 for (uFixCall.pb = &pPatch->auCode[0]; uFixCall.pb < u.pb; uFixCall.pb++)
3472 Log2(("0x%02x,\n", *uFixCall.pb));
3473#endif
3474 }
3475
3476 /*
3477 * Install the patch.
3478 */
3479 supdrvIdtWrite(pPatch->pIdtEntry, &pPatch->ChangedIdt);
3480 AssertMsg(!memcmp((void *)pPatch->pIdtEntry, &pPatch->ChangedIdt, sizeof(pPatch->ChangedIdt)), ("The stupid change code didn't work!!!!!\n"));
3481
3482 /*
3483 * Link in the patch.
3484 */
3485 pPatch->pNext = pDevExt->pIdtPatches;
3486 pDevExt->pIdtPatches = pPatch;
3487
3488 return pPatch;
3489}
3490
3491
3492/**
3493 * Removes the sessions IDT references.
3494 * This will uninstall our IDT patch if we left unreferenced.
3495 *
3496 * @returns VINF_SUCCESS.
3497 * @param pDevExt Device globals.
3498 * @param pSession Session data.
3499 */
3500static int supdrvIOCtl_IdtRemoveAll(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
3501{
3502 PSUPDRVPATCHUSAGE pUsage;
3503 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
3504 LogFlow(("supdrvIOCtl_IdtRemoveAll: pSession=%p\n", pSession));
3505
3506 /*
3507 * Take the spinlock.
3508 */
3509 RTSpinlockAcquireNoInts(pDevExt->Spinlock, &SpinlockTmp);
3510
3511 /*
3512 * Walk usage list, removing patches as their usage count reaches zero.
3513 */
3514 pUsage = pSession->pPatchUsage;
3515 while (pUsage)
3516 {
3517 if (pUsage->pPatch->cUsage <= pUsage->cUsage)
3518 supdrvIdtRemoveOne(pDevExt, pUsage->pPatch);
3519 else
3520 pUsage->pPatch->cUsage -= pUsage->cUsage;
3521
3522 /* next */
3523 pUsage = pUsage->pNext;
3524 }
3525
3526 /*
3527 * Empty the usage chain and we're done inside the spinlock.
3528 */
3529 pUsage = pSession->pPatchUsage;
3530 pSession->pPatchUsage = NULL;
3531
3532 RTSpinlockReleaseNoInts(pDevExt->Spinlock, &SpinlockTmp);
3533
3534 /*
3535 * Free usage entries.
3536 */
3537 while (pUsage)
3538 {
3539 void *pvToFree = pUsage;
3540 pUsage->cUsage = 0;
3541 pUsage->pPatch = NULL;
3542 pUsage = pUsage->pNext;
3543 RTMemFree(pvToFree);
3544 }
3545
3546 return VINF_SUCCESS;
3547}
3548
3549
3550/**
3551 * Remove one patch.
3552 *
3553 * Worker for supdrvIOCtl_IdtRemoveAll.
3554 *
3555 * @param pDevExt Device globals.
3556 * @param pPatch Patch entry to remove.
3557 * @remark Caller must own SUPDRVDEVEXT::Spinlock!
3558 */
3559static void supdrvIdtRemoveOne(PSUPDRVDEVEXT pDevExt, PSUPDRVPATCH pPatch)
3560{
3561 LogFlow(("supdrvIdtRemoveOne: pPatch=%p\n", pPatch));
3562
3563 pPatch->cUsage = 0;
3564
3565 /*
3566 * If the IDT entry was changed it have to kick around for ever!
3567 * This will be attempted freed again, perhaps next time we'll succeed :-)
3568 */
3569 if (memcmp((void *)pPatch->pIdtEntry, &pPatch->ChangedIdt, sizeof(pPatch->ChangedIdt)))
3570 {
3571 AssertMsgFailed(("The hijacked IDT entry has CHANGED!!!\n"));
3572 return;
3573 }
3574
3575 /*
3576 * Unlink it.
3577 */
3578 if (pDevExt->pIdtPatches != pPatch)
3579 {
3580 PSUPDRVPATCH pPatchPrev = pDevExt->pIdtPatches;
3581 while (pPatchPrev)
3582 {
3583 if (pPatchPrev->pNext == pPatch)
3584 {
3585 pPatchPrev->pNext = pPatch->pNext;
3586 break;
3587 }
3588 pPatchPrev = pPatchPrev->pNext;
3589 }
3590 Assert(!pPatchPrev);
3591 }
3592 else
3593 pDevExt->pIdtPatches = pPatch->pNext;
3594 pPatch->pNext = NULL;
3595
3596
3597 /*
3598 * Verify and restore the IDT.
3599 */
3600 AssertMsg(!memcmp((void *)pPatch->pIdtEntry, &pPatch->ChangedIdt, sizeof(pPatch->ChangedIdt)), ("The hijacked IDT entry has CHANGED!!!\n"));
3601 supdrvIdtWrite(pPatch->pIdtEntry, &pPatch->SavedIdt);
3602 AssertMsg(!memcmp((void *)pPatch->pIdtEntry, &pPatch->SavedIdt, sizeof(pPatch->SavedIdt)), ("The hijacked IDT entry has CHANGED!!!\n"));
3603
3604 /*
3605 * Put it in the free list.
3606 * (This free list stuff is to calm my paranoia.)
3607 */
3608 pPatch->pvIdt = NULL;
3609 pPatch->pIdtEntry = NULL;
3610
3611 pPatch->pNext = pDevExt->pIdtPatchesFree;
3612 pDevExt->pIdtPatchesFree = pPatch;
3613}
3614
3615
3616/**
3617 * Write to an IDT entry.
3618 *
3619 * @param pvIdtEntry Where to write.
3620 * @param pNewIDTEntry What to write.
3621 */
3622static void supdrvIdtWrite(volatile void *pvIdtEntry, const SUPDRVIDTE *pNewIDTEntry)
3623{
3624 RTR0UINTREG uCR0;
3625 RTR0UINTREG uFlags;
3626
3627 /*
3628 * On SMP machines (P4 hyperthreading included) we must preform a
3629 * 64-bit locked write when updating the IDT entry.
3630 *
3631 * The F00F bugfix for linux (and probably other OSes) causes
3632 * the IDT to be pointing to an readonly mapping. We get around that
3633 * by temporarily turning of WP. Since we're inside a spinlock at this
3634 * point, interrupts are disabled and there isn't any way the WP bit
3635 * flipping can cause any trouble.
3636 */
3637
3638 /* Save & Clear interrupt flag; Save & clear WP. */
3639 uFlags = ASMGetFlags();
3640 ASMSetFlags(uFlags & ~(RTR0UINTREG)(1 << 9)); /*X86_EFL_IF*/
3641 Assert(!(ASMGetFlags() & (1 << 9)));
3642 uCR0 = ASMGetCR0();
3643 ASMSetCR0(uCR0 & ~(RTR0UINTREG)(1 << 16)); /*X86_CR0_WP*/
3644
3645 /* Update IDT Entry */
3646#ifdef RT_ARCH_AMD64
3647 ASMAtomicXchgU128((volatile uint128_t *)pvIdtEntry, *(uint128_t *)(uintptr_t)pNewIDTEntry);
3648#else
3649 ASMAtomicXchgU64((volatile uint64_t *)pvIdtEntry, *(uint64_t *)(uintptr_t)pNewIDTEntry);
3650#endif
3651
3652 /* Restore CR0 & Flags */
3653 ASMSetCR0(uCR0);
3654 ASMSetFlags(uFlags);
3655}
3656#endif /* VBOX_WITH_IDT_PATCHING */
3657
3658
3659/**
3660 * Opens an image. If it's the first time it's opened the call must upload
3661 * the bits using the supdrvIOCtl_LdrLoad() / SUPDRV_IOCTL_LDR_LOAD function.
3662 *
3663 * This is the 1st step of the loading.
3664 *
3665 * @returns IPRT status code.
3666 * @param pDevExt Device globals.
3667 * @param pSession Session data.
3668 * @param pReq The open request.
3669 */
3670static int supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN pReq)
3671{
3672 PSUPDRVLDRIMAGE pImage;
3673 unsigned cb;
3674 void *pv;
3675 LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImage=%d\n", pReq->u.In.szName, pReq->u.In.cbImage));
3676
3677 /*
3678 * Check if we got an instance of the image already.
3679 */
3680 RTSemFastMutexRequest(pDevExt->mtxLdr);
3681 for (pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext)
3682 {
3683 if (!strcmp(pImage->szName, pReq->u.In.szName))
3684 {
3685 pImage->cUsage++;
3686 pReq->u.Out.pvImageBase = pImage->pvImage;
3687 pReq->u.Out.fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
3688 supdrvLdrAddUsage(pSession, pImage);
3689 RTSemFastMutexRelease(pDevExt->mtxLdr);
3690 return VINF_SUCCESS;
3691 }
3692 }
3693 /* (not found - add it!) */
3694
3695 /*
3696 * Allocate memory.
3697 */
3698 cb = pReq->u.In.cbImage + sizeof(SUPDRVLDRIMAGE) + 31;
3699 pv = RTMemExecAlloc(cb);
3700 if (!pv)
3701 {
3702 RTSemFastMutexRelease(pDevExt->mtxLdr);
3703 Log(("supdrvIOCtl_LdrOpen: RTMemExecAlloc(%u) failed\n", cb));
3704 return VERR_NO_MEMORY;
3705 }
3706
3707 /*
3708 * Setup and link in the LDR stuff.
3709 */
3710 pImage = (PSUPDRVLDRIMAGE)pv;
3711 pImage->pvImage = RT_ALIGN_P(pImage + 1, 32);
3712 pImage->cbImage = pReq->u.In.cbImage;
3713 pImage->pfnModuleInit = NULL;
3714 pImage->pfnModuleTerm = NULL;
3715 pImage->uState = SUP_IOCTL_LDR_OPEN;
3716 pImage->cUsage = 1;
3717 strcpy(pImage->szName, pReq->u.In.szName);
3718
3719 pImage->pNext = pDevExt->pLdrImages;
3720 pDevExt->pLdrImages = pImage;
3721
3722 supdrvLdrAddUsage(pSession, pImage);
3723
3724 pReq->u.Out.pvImageBase = pImage->pvImage;
3725 pReq->u.Out.fNeedsLoading = true;
3726 RTSemFastMutexRelease(pDevExt->mtxLdr);
3727
3728#if defined(RT_OS_WINDOWS) && defined(DEBUG)
3729 SUPR0Printf("VBoxDrv: windbg> .reload /f %s=%#p\n", pImage->szName, pImage->pvImage);
3730#endif
3731 return VINF_SUCCESS;
3732}
3733
3734
3735/**
3736 * Loads the image bits.
3737 *
3738 * This is the 2nd step of the loading.
3739 *
3740 * @returns IPRT status code.
3741 * @param pDevExt Device globals.
3742 * @param pSession Session data.
3743 * @param pReq The request.
3744 */
3745static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD pReq)
3746{
3747 PSUPDRVLDRUSAGE pUsage;
3748 PSUPDRVLDRIMAGE pImage;
3749 int rc;
3750 LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImage=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImage));
3751
3752 /*
3753 * Find the ldr image.
3754 */
3755 RTSemFastMutexRequest(pDevExt->mtxLdr);
3756 pUsage = pSession->pLdrUsage;
3757 while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
3758 pUsage = pUsage->pNext;
3759 if (!pUsage)
3760 {
3761 RTSemFastMutexRelease(pDevExt->mtxLdr);
3762 Log(("SUP_IOCTL_LDR_LOAD: couldn't find image!\n"));
3763 return VERR_INVALID_HANDLE;
3764 }
3765 pImage = pUsage->pImage;
3766 if (pImage->cbImage != pReq->u.In.cbImage)
3767 {
3768 RTSemFastMutexRelease(pDevExt->mtxLdr);
3769 Log(("SUP_IOCTL_LDR_LOAD: image size mismatch!! %d(prep) != %d(load)\n", pImage->cbImage, pReq->u.In.cbImage));
3770 return VERR_INVALID_HANDLE;
3771 }
3772 if (pImage->uState != SUP_IOCTL_LDR_OPEN)
3773 {
3774 unsigned uState = pImage->uState;
3775 RTSemFastMutexRelease(pDevExt->mtxLdr);
3776 if (uState != SUP_IOCTL_LDR_LOAD)
3777 AssertMsgFailed(("SUP_IOCTL_LDR_LOAD: invalid image state %d (%#x)!\n", uState, uState));
3778 return SUPDRV_ERR_ALREADY_LOADED;
3779 }
3780 switch (pReq->u.In.eEPType)
3781 {
3782 case SUPLDRLOADEP_NOTHING:
3783 break;
3784 case SUPLDRLOADEP_VMMR0:
3785 if ( !pReq->u.In.EP.VMMR0.pvVMMR0
3786 || !pReq->u.In.EP.VMMR0.pvVMMR0EntryInt
3787 || !pReq->u.In.EP.VMMR0.pvVMMR0EntryFast
3788 || !pReq->u.In.EP.VMMR0.pvVMMR0EntryEx)
3789 {
3790 RTSemFastMutexRelease(pDevExt->mtxLdr);
3791 Log(("NULL pointer: pvVMMR0=%p pvVMMR0EntryInt=%p pvVMMR0EntryFast=%p pvVMMR0EntryEx=%p!\n",
3792 pReq->u.In.EP.VMMR0.pvVMMR0, pReq->u.In.EP.VMMR0.pvVMMR0EntryInt,
3793 pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx));
3794 return VERR_INVALID_PARAMETER;
3795 }
3796 /** @todo validate pReq->u.In.EP.VMMR0.pvVMMR0 against pvImage! */
3797 if ( (uintptr_t)pReq->u.In.EP.VMMR0.pvVMMR0EntryInt - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage
3798 || (uintptr_t)pReq->u.In.EP.VMMR0.pvVMMR0EntryFast - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage
3799 || (uintptr_t)pReq->u.In.EP.VMMR0.pvVMMR0EntryEx - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
3800 {
3801 RTSemFastMutexRelease(pDevExt->mtxLdr);
3802 Log(("Out of range (%p LB %#x): pvVMMR0EntryInt=%p, pvVMMR0EntryFast=%p or pvVMMR0EntryEx=%p is NULL!\n",
3803 pImage->pvImage, pReq->u.In.cbImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryInt,
3804 pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx));
3805 return VERR_INVALID_PARAMETER;
3806 }
3807 break;
3808 default:
3809 RTSemFastMutexRelease(pDevExt->mtxLdr);
3810 Log(("Invalid eEPType=%d\n", pReq->u.In.eEPType));
3811 return VERR_INVALID_PARAMETER;
3812 }
3813 if ( pReq->u.In.pfnModuleInit
3814 && (uintptr_t)pReq->u.In.pfnModuleInit - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
3815 {
3816 RTSemFastMutexRelease(pDevExt->mtxLdr);
3817 Log(("SUP_IOCTL_LDR_LOAD: pfnModuleInit=%p is outside the image (%p %d bytes)\n",
3818 pReq->u.In.pfnModuleInit, pImage->pvImage, pReq->u.In.cbImage));
3819 return VERR_INVALID_PARAMETER;
3820 }
3821 if ( pReq->u.In.pfnModuleTerm
3822 && (uintptr_t)pReq->u.In.pfnModuleTerm - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
3823 {
3824 RTSemFastMutexRelease(pDevExt->mtxLdr);
3825 Log(("SUP_IOCTL_LDR_LOAD: pfnModuleTerm=%p is outside the image (%p %d bytes)\n",
3826 pReq->u.In.pfnModuleTerm, pImage->pvImage, pReq->u.In.cbImage));
3827 return VERR_INVALID_PARAMETER;
3828 }
3829
3830 /*
3831 * Copy the memory.
3832 */
3833 /* no need to do try/except as this is a buffered request. */
3834 memcpy(pImage->pvImage, &pReq->u.In.achImage[0], pImage->cbImage);
3835 pImage->uState = SUP_IOCTL_LDR_LOAD;
3836 pImage->pfnModuleInit = pReq->u.In.pfnModuleInit;
3837 pImage->pfnModuleTerm = pReq->u.In.pfnModuleTerm;
3838 pImage->offSymbols = pReq->u.In.offSymbols;
3839 pImage->cSymbols = pReq->u.In.cSymbols;
3840 pImage->offStrTab = pReq->u.In.offStrTab;
3841 pImage->cbStrTab = pReq->u.In.cbStrTab;
3842
3843 /*
3844 * Update any entry points.
3845 */
3846 switch (pReq->u.In.eEPType)
3847 {
3848 default:
3849 case SUPLDRLOADEP_NOTHING:
3850 rc = VINF_SUCCESS;
3851 break;
3852 case SUPLDRLOADEP_VMMR0:
3853 rc = supdrvLdrSetR0EP(pDevExt, pReq->u.In.EP.VMMR0.pvVMMR0, pReq->u.In.EP.VMMR0.pvVMMR0EntryInt,
3854 pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx);
3855 break;
3856 }
3857
3858 /*
3859 * On success call the module initialization.
3860 */
3861 LogFlow(("supdrvIOCtl_LdrLoad: pfnModuleInit=%p\n", pImage->pfnModuleInit));
3862 if (RT_SUCCESS(rc) && pImage->pfnModuleInit)
3863 {
3864 Log(("supdrvIOCtl_LdrLoad: calling pfnModuleInit=%p\n", pImage->pfnModuleInit));
3865#ifdef RT_WITH_W64_UNWIND_HACK
3866 rc = supdrvNtWrapModuleInit((PFNRT)pImage->pfnModuleInit);
3867#else
3868 rc = pImage->pfnModuleInit();
3869#endif
3870 if (rc && pDevExt->pvVMMR0 == pImage->pvImage)
3871 supdrvLdrUnsetR0EP(pDevExt);
3872 }
3873
3874 if (rc)
3875 pImage->uState = SUP_IOCTL_LDR_OPEN;
3876
3877 RTSemFastMutexRelease(pDevExt->mtxLdr);
3878 return rc;
3879}
3880
3881
3882/**
3883 * Frees a previously loaded (prep'ed) image.
3884 *
3885 * @returns IPRT status code.
3886 * @param pDevExt Device globals.
3887 * @param pSession Session data.
3888 * @param pReq The request.
3889 */
3890static int supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq)
3891{
3892 int rc;
3893 PSUPDRVLDRUSAGE pUsagePrev;
3894 PSUPDRVLDRUSAGE pUsage;
3895 PSUPDRVLDRIMAGE pImage;
3896 LogFlow(("supdrvIOCtl_LdrFree: pvImageBase=%p\n", pReq->u.In.pvImageBase));
3897
3898 /*
3899 * Find the ldr image.
3900 */
3901 RTSemFastMutexRequest(pDevExt->mtxLdr);
3902 pUsagePrev = NULL;
3903 pUsage = pSession->pLdrUsage;
3904 while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
3905 {
3906 pUsagePrev = pUsage;
3907 pUsage = pUsage->pNext;
3908 }
3909 if (!pUsage)
3910 {
3911 RTSemFastMutexRelease(pDevExt->mtxLdr);
3912 Log(("SUP_IOCTL_LDR_FREE: couldn't find image!\n"));
3913 return VERR_INVALID_HANDLE;
3914 }
3915
3916 /*
3917 * Check if we can remove anything.
3918 */
3919 rc = VINF_SUCCESS;
3920 pImage = pUsage->pImage;
3921 if (pImage->cUsage <= 1 || pUsage->cUsage <= 1)
3922 {
3923 /*
3924 * Check if there are any objects with destructors in the image, if
3925 * so leave it for the session cleanup routine so we get a chance to
3926 * clean things up in the right order and not leave them all dangling.
3927 */
3928 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
3929 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
3930 if (pImage->cUsage <= 1)
3931 {
3932 PSUPDRVOBJ pObj;
3933 for (pObj = pDevExt->pObjs; pObj; pObj = pObj->pNext)
3934 if (RT_UNLIKELY((uintptr_t)pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
3935 {
3936 rc = VERR_SHARING_VIOLATION; /** @todo VERR_DANGLING_OBJECTS */
3937 break;
3938 }
3939 }
3940 else
3941 {
3942 PSUPDRVUSAGE pGenUsage;
3943 for (pGenUsage = pSession->pUsage; pGenUsage; pGenUsage = pGenUsage->pNext)
3944 if (RT_UNLIKELY((uintptr_t)pGenUsage->pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
3945 {
3946 rc = VERR_SHARING_VIOLATION; /** @todo VERR_DANGLING_OBJECTS */
3947 break;
3948 }
3949 }
3950 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
3951 if (rc == VINF_SUCCESS)
3952 {
3953 /* unlink it */
3954 if (pUsagePrev)
3955 pUsagePrev->pNext = pUsage->pNext;
3956 else
3957 pSession->pLdrUsage = pUsage->pNext;
3958
3959 /* free it */
3960 pUsage->pImage = NULL;
3961 pUsage->pNext = NULL;
3962 RTMemFree(pUsage);
3963
3964 /*
3965 * Derefrence the image.
3966 */
3967 if (pImage->cUsage <= 1)
3968 supdrvLdrFree(pDevExt, pImage);
3969 else
3970 pImage->cUsage--;
3971 }
3972 else
3973 Log(("supdrvIOCtl_LdrFree: Dangling objects in %p/%s!\n", pImage->pvImage, pImage->szName));
3974 }
3975 else
3976 {
3977 /*
3978 * Dereference both image and usage.
3979 */
3980 pImage->cUsage--;
3981 pUsage->cUsage--;
3982 }
3983
3984 RTSemFastMutexRelease(pDevExt->mtxLdr);
3985 return VINF_SUCCESS;
3986}
3987
3988
3989/**
3990 * Gets the address of a symbol in an open image.
3991 *
3992 * @returns 0 on success.
3993 * @returns SUPDRV_ERR_* on failure.
3994 * @param pDevExt Device globals.
3995 * @param pSession Session data.
3996 * @param pReq The request buffer.
3997 */
3998static int supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL pReq)
3999{
4000 PSUPDRVLDRIMAGE pImage;
4001 PSUPDRVLDRUSAGE pUsage;
4002 uint32_t i;
4003 PSUPLDRSYM paSyms;
4004 const char *pchStrings;
4005 const size_t cbSymbol = strlen(pReq->u.In.szSymbol) + 1;
4006 void *pvSymbol = NULL;
4007 int rc = VERR_GENERAL_FAILURE;
4008 Log3(("supdrvIOCtl_LdrGetSymbol: pvImageBase=%p szSymbol=\"%s\"\n", pReq->u.In.pvImageBase, pReq->u.In.szSymbol));
4009
4010 /*
4011 * Find the ldr image.
4012 */
4013 RTSemFastMutexRequest(pDevExt->mtxLdr);
4014 pUsage = pSession->pLdrUsage;
4015 while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
4016 pUsage = pUsage->pNext;
4017 if (!pUsage)
4018 {
4019 RTSemFastMutexRelease(pDevExt->mtxLdr);
4020 Log(("SUP_IOCTL_LDR_GET_SYMBOL: couldn't find image!\n"));
4021 return VERR_INVALID_HANDLE;
4022 }
4023 pImage = pUsage->pImage;
4024 if (pImage->uState != SUP_IOCTL_LDR_LOAD)
4025 {
4026 unsigned uState = pImage->uState;
4027 RTSemFastMutexRelease(pDevExt->mtxLdr);
4028 Log(("SUP_IOCTL_LDR_GET_SYMBOL: invalid image state %d (%#x)!\n", uState, uState)); NOREF(uState);
4029 return VERR_ALREADY_LOADED;
4030 }
4031
4032 /*
4033 * Search the symbol strings.
4034 */
4035 pchStrings = (const char *)((uint8_t *)pImage->pvImage + pImage->offStrTab);
4036 paSyms = (PSUPLDRSYM)((uint8_t *)pImage->pvImage + pImage->offSymbols);
4037 for (i = 0; i < pImage->cSymbols; i++)
4038 {
4039 if ( paSyms[i].offSymbol < pImage->cbImage /* paranoia */
4040 && paSyms[i].offName + cbSymbol <= pImage->cbStrTab
4041 && !memcmp(pchStrings + paSyms[i].offName, pReq->u.In.szSymbol, cbSymbol))
4042 {
4043 pvSymbol = (uint8_t *)pImage->pvImage + paSyms[i].offSymbol;
4044 rc = VINF_SUCCESS;
4045 break;
4046 }
4047 }
4048 RTSemFastMutexRelease(pDevExt->mtxLdr);
4049 pReq->u.Out.pvSymbol = pvSymbol;
4050 return rc;
4051}
4052
4053
4054/**
4055 * Gets the address of a symbol in an open image or the support driver.
4056 *
4057 * @returns VINF_SUCCESS on success.
4058 * @returns
4059 * @param pDevExt Device globals.
4060 * @param pSession Session data.
4061 * @param pReq The request buffer.
4062 */
4063static int supdrvIDC_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVIDCREQGETSYM pReq)
4064{
4065 int rc = VINF_SUCCESS;
4066 const char *pszSymbol = pReq->u.In.pszSymbol;
4067 const char *pszModule = pReq->u.In.pszModule;
4068 size_t cbSymbol;
4069 char const *pszEnd;
4070 uint32_t i;
4071
4072 /*
4073 * Input validation.
4074 */
4075 AssertPtrReturn(pszSymbol, VERR_INVALID_POINTER);
4076 pszEnd = (char *)memchr(pszSymbol, '\0', 512);
4077 AssertReturn(pszEnd, VERR_INVALID_PARAMETER);
4078 cbSymbol = pszEnd - pszSymbol + 1;
4079
4080 if (pszModule)
4081 {
4082 AssertPtrReturn(pszModule, VERR_INVALID_POINTER);
4083 pszEnd = (char *)memchr(pszModule, '\0', 64);
4084 AssertReturn(pszEnd, VERR_INVALID_PARAMETER);
4085 }
4086 Log3(("supdrvIDC_LdrGetSymbol: pszModule=%p:{%s} pszSymbol=%p:{%s}\n", pszModule, pszModule, pszSymbol, pszSymbol));
4087
4088
4089 if ( !pszModule
4090 || !strcmp(pszModule, "SupDrv"))
4091 {
4092 /*
4093 * Search the support driver export table.
4094 */
4095 for (i = 0; i < RT_ELEMENTS(g_aFunctions); i++)
4096 if (!strcmp(g_aFunctions[i].szName, pszSymbol))
4097 {
4098 pReq->u.Out.pfnSymbol = g_aFunctions[i].pfn;
4099 break;
4100 }
4101 }
4102 else
4103 {
4104 /*
4105 * Find the loader image.
4106 */
4107 PSUPDRVLDRIMAGE pImage;
4108
4109 RTSemFastMutexRequest(pDevExt->mtxLdr);
4110
4111 for (pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext)
4112 if (!strcmp(pImage->szName, pszModule))
4113 break;
4114 if (pImage && pImage->uState == SUP_IOCTL_LDR_LOAD)
4115 {
4116 /*
4117 * Search the symbol strings.
4118 */
4119 const char *pchStrings = (const char *)((uint8_t *)pImage->pvImage + pImage->offStrTab);
4120 PCSUPLDRSYM paSyms = (PCSUPLDRSYM)((uint8_t *)pImage->pvImage + pImage->offSymbols);
4121 for (i = 0; i < pImage->cSymbols; i++)
4122 {
4123 if ( paSyms[i].offSymbol < pImage->cbImage /* paranoia */
4124 && paSyms[i].offName + cbSymbol <= pImage->cbStrTab
4125 && !memcmp(pchStrings + paSyms[i].offName, pszSymbol, cbSymbol))
4126 {
4127 /*
4128 * Found it! Calc the symbol address and add a reference to the module.
4129 */
4130 pReq->u.Out.pfnSymbol = (PFNRT)((uint8_t *)pImage->pvImage + paSyms[i].offSymbol);
4131 rc = supdrvLdrAddUsage(pSession, pImage);
4132 break;
4133 }
4134 }
4135 }
4136 else
4137 rc = pImage ? VERR_WRONG_ORDER : VERR_MODULE_NOT_FOUND;
4138
4139 RTSemFastMutexRelease(pDevExt->mtxLdr);
4140 }
4141 return rc;
4142}
4143
4144
4145/**
4146 * Updates the IDT patches to point to the specified VMM R0 entry
4147 * point (i.e. VMMR0Enter()).
4148 *
4149 * @returns IPRT status code.
4150 * @param pDevExt Device globals.
4151 * @param pSession Session data.
4152 * @param pVMMR0 VMMR0 image handle.
4153 * @param pvVMMR0EntryInt VMMR0EntryInt address.
4154 * @param pvVMMR0EntryFast VMMR0EntryFast address.
4155 * @param pvVMMR0EntryEx VMMR0EntryEx address.
4156 * @remark Caller must own the loader mutex.
4157 */
4158static int supdrvLdrSetR0EP(PSUPDRVDEVEXT pDevExt, void *pvVMMR0, void *pvVMMR0EntryInt, void *pvVMMR0EntryFast, void *pvVMMR0EntryEx)
4159{
4160 int rc = VINF_SUCCESS;
4161 LogFlow(("supdrvLdrSetR0EP pvVMMR0=%p pvVMMR0EntryInt=%p\n", pvVMMR0, pvVMMR0EntryInt));
4162
4163
4164 /*
4165 * Check if not yet set.
4166 */
4167 if (!pDevExt->pvVMMR0)
4168 {
4169#ifdef VBOX_WITH_IDT_PATCHING
4170 PSUPDRVPATCH pPatch;
4171#endif
4172
4173 /*
4174 * Set it and update IDT patch code.
4175 */
4176 pDevExt->pvVMMR0 = pvVMMR0;
4177 pDevExt->pfnVMMR0EntryInt = pvVMMR0EntryInt;
4178 pDevExt->pfnVMMR0EntryFast = pvVMMR0EntryFast;
4179 pDevExt->pfnVMMR0EntryEx = pvVMMR0EntryEx;
4180#ifdef VBOX_WITH_IDT_PATCHING
4181 for (pPatch = pDevExt->pIdtPatches; pPatch; pPatch = pPatch->pNext)
4182 {
4183# ifdef RT_ARCH_AMD64
4184 ASMAtomicXchgU64((volatile uint64_t *)&pPatch->auCode[pPatch->offVMMR0EntryFixup], (uint64_t)pvVMMR0);
4185# else /* RT_ARCH_X86 */
4186 ASMAtomicXchgU32((volatile uint32_t *)&pPatch->auCode[pPatch->offVMMR0EntryFixup],
4187 (uint32_t)pvVMMR0 - (uint32_t)&pPatch->auCode[pPatch->offVMMR0EntryFixup + 4]);
4188# endif
4189 }
4190#endif /* VBOX_WITH_IDT_PATCHING */
4191 }
4192 else
4193 {
4194 /*
4195 * Return failure or success depending on whether the values match or not.
4196 */
4197 if ( pDevExt->pvVMMR0 != pvVMMR0
4198 || (void *)pDevExt->pfnVMMR0EntryInt != pvVMMR0EntryInt
4199 || (void *)pDevExt->pfnVMMR0EntryFast != pvVMMR0EntryFast
4200 || (void *)pDevExt->pfnVMMR0EntryEx != pvVMMR0EntryEx)
4201 {
4202 AssertMsgFailed(("SUP_IOCTL_LDR_SETR0EP: Already set pointing to a different module!\n"));
4203 rc = VERR_INVALID_PARAMETER;
4204 }
4205 }
4206 return rc;
4207}
4208
4209
4210/**
4211 * Unsets the R0 entry point installed by supdrvLdrSetR0EP.
4212 *
4213 * @param pDevExt Device globals.
4214 */
4215static void supdrvLdrUnsetR0EP(PSUPDRVDEVEXT pDevExt)
4216{
4217#ifdef VBOX_WITH_IDT_PATCHING
4218 PSUPDRVPATCH pPatch;
4219#endif
4220
4221 pDevExt->pvVMMR0 = NULL;
4222 pDevExt->pfnVMMR0EntryInt = NULL;
4223 pDevExt->pfnVMMR0EntryFast = NULL;
4224 pDevExt->pfnVMMR0EntryEx = NULL;
4225
4226#ifdef VBOX_WITH_IDT_PATCHING
4227 for (pPatch = pDevExt->pIdtPatches; pPatch; pPatch = pPatch->pNext)
4228 {
4229# ifdef RT_ARCH_AMD64
4230 ASMAtomicXchgU64((volatile uint64_t *)&pPatch->auCode[pPatch->offVMMR0EntryFixup],
4231 (uint64_t)&pPatch->auCode[pPatch->offStub]);
4232# else /* RT_ARCH_X86 */
4233 ASMAtomicXchgU32((volatile uint32_t *)&pPatch->auCode[pPatch->offVMMR0EntryFixup],
4234 (uint32_t)&pPatch->auCode[pPatch->offStub] - (uint32_t)&pPatch->auCode[pPatch->offVMMR0EntryFixup + 4]);
4235# endif
4236 }
4237#endif /* VBOX_WITH_IDT_PATCHING */
4238}
4239
4240
4241/**
4242 * Adds a usage reference in the specified session of an image.
4243 *
4244 * Called while owning the loader semaphore.
4245 *
4246 * @returns VINF_SUCCESS on success and VERR_NO_MEMORY on failure.
4247 * @param pSession Session in question.
4248 * @param pImage Image which the session is using.
4249 */
4250static int supdrvLdrAddUsage(PSUPDRVSESSION pSession, PSUPDRVLDRIMAGE pImage)
4251{
4252 PSUPDRVLDRUSAGE pUsage;
4253 LogFlow(("supdrvLdrAddUsage: pImage=%p\n", pImage));
4254
4255 /*
4256 * Referenced it already?
4257 */
4258 pUsage = pSession->pLdrUsage;
4259 while (pUsage)
4260 {
4261 if (pUsage->pImage == pImage)
4262 {
4263 pUsage->cUsage++;
4264 return VINF_SUCCESS;
4265 }
4266 pUsage = pUsage->pNext;
4267 }
4268
4269 /*
4270 * Allocate new usage record.
4271 */
4272 pUsage = (PSUPDRVLDRUSAGE)RTMemAlloc(sizeof(*pUsage));
4273 AssertReturn(pUsage, VERR_NO_MEMORY);
4274 pUsage->cUsage = 1;
4275 pUsage->pImage = pImage;
4276 pUsage->pNext = pSession->pLdrUsage;
4277 pSession->pLdrUsage = pUsage;
4278 return VINF_SUCCESS;
4279}
4280
4281
4282/**
4283 * Frees a load image.
4284 *
4285 * @param pDevExt Pointer to device extension.
4286 * @param pImage Pointer to the image we're gonna free.
4287 * This image must exit!
4288 * @remark The caller MUST own SUPDRVDEVEXT::mtxLdr!
4289 */
4290static void supdrvLdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage)
4291{
4292 PSUPDRVLDRIMAGE pImagePrev;
4293 LogFlow(("supdrvLdrFree: pImage=%p\n", pImage));
4294
4295 /* find it - arg. should've used doubly linked list. */
4296 Assert(pDevExt->pLdrImages);
4297 pImagePrev = NULL;
4298 if (pDevExt->pLdrImages != pImage)
4299 {
4300 pImagePrev = pDevExt->pLdrImages;
4301 while (pImagePrev->pNext != pImage)
4302 pImagePrev = pImagePrev->pNext;
4303 Assert(pImagePrev->pNext == pImage);
4304 }
4305
4306 /* unlink */
4307 if (pImagePrev)
4308 pImagePrev->pNext = pImage->pNext;
4309 else
4310 pDevExt->pLdrImages = pImage->pNext;
4311
4312 /* check if this is VMMR0.r0 and fix the Idt patches if it is. */
4313 if (pDevExt->pvVMMR0 == pImage->pvImage)
4314 supdrvLdrUnsetR0EP(pDevExt);
4315
4316 /* check for objects with destructors in this image. (Shouldn't happen.) */
4317 if (pDevExt->pObjs)
4318 {
4319 unsigned cObjs = 0;
4320 PSUPDRVOBJ pObj;
4321 RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
4322 RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
4323 for (pObj = pDevExt->pObjs; pObj; pObj = pObj->pNext)
4324 if (RT_UNLIKELY((uintptr_t)pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
4325 {
4326 pObj->pfnDestructor = NULL;
4327 cObjs++;
4328 }
4329 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
4330 if (cObjs)
4331 OSDBGPRINT(("supdrvLdrFree: Image '%s' has %d dangling objects!\n", pImage->szName, cObjs));
4332 }
4333
4334 /* call termination function if fully loaded. */
4335 if ( pImage->pfnModuleTerm
4336 && pImage->uState == SUP_IOCTL_LDR_LOAD)
4337 {
4338 LogFlow(("supdrvIOCtl_LdrLoad: calling pfnModuleTerm=%p\n", pImage->pfnModuleTerm));
4339#ifdef RT_WITH_W64_UNWIND_HACK
4340 supdrvNtWrapModuleTerm(pImage->pfnModuleTerm);
4341#else
4342 pImage->pfnModuleTerm();
4343#endif
4344 }
4345
4346 /* free the image */
4347 pImage->cUsage = 0;
4348 pImage->pNext = 0;
4349 pImage->uState = SUP_IOCTL_LDR_FREE;
4350 RTMemExecFree(pImage);
4351}
4352
4353
4354/**
4355 * Gets the current paging mode of the CPU and stores in in pOut.
4356 */
4357static SUPPAGINGMODE supdrvIOCtl_GetPagingMode(void)
4358{
4359 SUPPAGINGMODE enmMode;
4360
4361 RTR0UINTREG cr0 = ASMGetCR0();
4362 if ((cr0 & (X86_CR0_PG | X86_CR0_PE)) != (X86_CR0_PG | X86_CR0_PE))
4363 enmMode = SUPPAGINGMODE_INVALID;
4364 else
4365 {
4366 RTR0UINTREG cr4 = ASMGetCR4();
4367 uint32_t fNXEPlusLMA = 0;
4368 if (cr4 & X86_CR4_PAE)
4369 {
4370 uint32_t fAmdFeatures = ASMCpuId_EDX(0x80000001);
4371 if (fAmdFeatures & (X86_CPUID_AMD_FEATURE_EDX_NX | X86_CPUID_AMD_FEATURE_EDX_LONG_MODE))
4372 {
4373 uint64_t efer = ASMRdMsr(MSR_K6_EFER);
4374 if ((fAmdFeatures & X86_CPUID_AMD_FEATURE_EDX_NX) && (efer & MSR_K6_EFER_NXE))
4375 fNXEPlusLMA |= RT_BIT(0);
4376 if ((fAmdFeatures & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE) && (efer & MSR_K6_EFER_LMA))
4377 fNXEPlusLMA |= RT_BIT(1);
4378 }
4379 }
4380
4381 switch ((cr4 & (X86_CR4_PAE | X86_CR4_PGE)) | fNXEPlusLMA)
4382 {
4383 case 0:
4384 enmMode = SUPPAGINGMODE_32_BIT;
4385 break;
4386
4387 case X86_CR4_PGE:
4388 enmMode = SUPPAGINGMODE_32_BIT_GLOBAL;
4389 break;
4390
4391 case X86_CR4_PAE:
4392 enmMode = SUPPAGINGMODE_PAE;
4393 break;
4394
4395 case X86_CR4_PAE | RT_BIT(0):
4396 enmMode = SUPPAGINGMODE_PAE_NX;
4397 break;
4398
4399 case X86_CR4_PAE | X86_CR4_PGE:
4400 enmMode = SUPPAGINGMODE_PAE_GLOBAL;
4401 break;
4402
4403 case X86_CR4_PAE | X86_CR4_PGE | RT_BIT(0):
4404 enmMode = SUPPAGINGMODE_PAE_GLOBAL;
4405 break;
4406
4407 case RT_BIT(1) | X86_CR4_PAE:
4408 enmMode = SUPPAGINGMODE_AMD64;
4409 break;
4410
4411 case RT_BIT(1) | X86_CR4_PAE | RT_BIT(0):
4412 enmMode = SUPPAGINGMODE_AMD64_NX;
4413 break;
4414
4415 case RT_BIT(1) | X86_CR4_PAE | X86_CR4_PGE:
4416 enmMode = SUPPAGINGMODE_AMD64_GLOBAL;
4417 break;
4418
4419 case RT_BIT(1) | X86_CR4_PAE | X86_CR4_PGE | RT_BIT(0):
4420 enmMode = SUPPAGINGMODE_AMD64_GLOBAL_NX;
4421 break;
4422
4423 default:
4424 AssertMsgFailed(("Cannot happen! cr4=%#x fNXEPlusLMA=%d\n", cr4, fNXEPlusLMA));
4425 enmMode = SUPPAGINGMODE_INVALID;
4426 break;
4427 }
4428 }
4429 return enmMode;
4430}
4431
4432
4433/**
4434 * Creates the GIP.
4435 *
4436 * @returns negative errno.
4437 * @param pDevExt Instance data. GIP stuff may be updated.
4438 */
4439static int supdrvGipCreate(PSUPDRVDEVEXT pDevExt)
4440{
4441 PSUPGLOBALINFOPAGE pGip;
4442 RTHCPHYS HCPhysGip;
4443 uint32_t u32SystemResolution;
4444 uint32_t u32Interval;
4445 int rc;
4446
4447 LogFlow(("supdrvGipCreate:\n"));
4448
4449 /* assert order */
4450 Assert(pDevExt->u32SystemTimerGranularityGrant == 0);
4451 Assert(pDevExt->GipMemObj == NIL_RTR0MEMOBJ);
4452 Assert(!pDevExt->pGipTimer);
4453
4454 /*
4455 * Allocate a suitable page with a default kernel mapping.
4456 */
4457 rc = RTR0MemObjAllocLow(&pDevExt->GipMemObj, PAGE_SIZE, false);
4458 if (RT_FAILURE(rc))
4459 {
4460 OSDBGPRINT(("supdrvGipCreate: failed to allocate the GIP page. rc=%d\n", rc));
4461 return rc;
4462 }
4463 pGip = (PSUPGLOBALINFOPAGE)RTR0MemObjAddress(pDevExt->GipMemObj); AssertPtr(pGip);
4464 HCPhysGip = RTR0MemObjGetPagePhysAddr(pDevExt->GipMemObj, 0); Assert(HCPhysGip != NIL_RTHCPHYS);
4465
4466#if 0 /** @todo Disabled this as we didn't used to do it before and causes unnecessary stress on laptops.
4467 * It only applies to Windows and should probably revisited later, if possible made part of the
4468 * timer code (return min granularity in RTTimerGetSystemGranularity and set it in RTTimerStart). */
4469 /*
4470 * Try bump up the system timer resolution.
4471 * The more interrupts the better...
4472 */
4473 if ( RT_SUCCESS(RTTimerRequestSystemGranularity( 488281 /* 2048 HZ */, &u32SystemResolution))
4474 || RT_SUCCESS(RTTimerRequestSystemGranularity( 500000 /* 2000 HZ */, &u32SystemResolution))
4475 || RT_SUCCESS(RTTimerRequestSystemGranularity( 976563 /* 1024 HZ */, &u32SystemResolution))
4476 || RT_SUCCESS(RTTimerRequestSystemGranularity( 1000000 /* 1000 HZ */, &u32SystemResolution))
4477 || RT_SUCCESS(RTTimerRequestSystemGranularity( 1953125 /* 512 HZ */, &u32SystemResolution))
4478 || RT_SUCCESS(RTTimerRequestSystemGranularity( 2000000 /* 500 HZ */, &u32SystemResolution))
4479 || RT_SUCCESS(RTTimerRequestSystemGranularity( 3906250 /* 256 HZ */, &u32SystemResolution))
4480 || RT_SUCCESS(RTTimerRequestSystemGranularity( 4000000 /* 250 HZ */, &u32SystemResolution))
4481 || RT_SUCCESS(RTTimerRequestSystemGranularity( 7812500 /* 128 HZ */, &u32SystemResolution))
4482 || RT_SUCCESS(RTTimerRequestSystemGranularity(10000000 /* 100 HZ */, &u32SystemResolution))
4483 || RT_SUCCESS(RTTimerRequestSystemGranularity(15625000 /* 64 HZ */, &u32SystemResolution))
4484 || RT_SUCCESS(RTTimerRequestSystemGranularity(31250000 /* 32 HZ */, &u32SystemResolution))
4485 )
4486 {
4487 Assert(RTTimerGetSystemGranularity() <= u32SystemResolution);
4488 pDevExt->u32SystemTimerGranularityGrant = u32SystemResolution;
4489 }
4490#endif
4491
4492 /*
4493 * Find a reasonable update interval and initialize the structure.
4494 */
4495 u32Interval = u32SystemResolution = RTTimerGetSystemGranularity();
4496 while (u32Interval < 10000000 /* 10 ms */)
4497 u32Interval += u32SystemResolution;
4498
4499 supdrvGipInit(pDevExt, pGip, HCPhysGip, RTTimeSystemNanoTS(), 1000000000 / u32Interval /*=Hz*/);
4500
4501 /*
4502 * Create the timer.
4503 * If CPU_ALL isn't supported we'll have to fall back to synchronous mode.
4504 */
4505 if (pGip->u32Mode == SUPGIPMODE_ASYNC_TSC)
4506 {
4507 rc = RTTimerCreateEx(&pDevExt->pGipTimer, u32Interval, RTTIMER_FLAGS_CPU_ALL, supdrvGipAsyncTimer, pDevExt);
4508 if (rc == VERR_NOT_SUPPORTED)
4509 {
4510 OSDBGPRINT(("supdrvGipCreate: omni timer not supported, falling back to synchronous mode\n"));
4511 pGip->u32Mode = SUPGIPMODE_SYNC_TSC;
4512 }
4513 }
4514 if (pGip->u32Mode != SUPGIPMODE_ASYNC_TSC)
4515 rc = RTTimerCreateEx(&pDevExt->pGipTimer, u32Interval, 0, supdrvGipSyncTimer, pDevExt);
4516 if (RT_SUCCESS(rc))
4517 {
4518 if (pGip->u32Mode == SUPGIPMODE_ASYNC_TSC)
4519 rc = RTMpNotificationRegister(supdrvGipMpEvent, pDevExt);
4520 if (RT_SUCCESS(rc))
4521 {
4522 /*
4523 * We're good.
4524 */
4525 dprintf(("supdrvGipCreate: %ld ns interval.\n", (long)u32Interval));
4526 return VINF_SUCCESS;
4527 }
4528
4529 OSDBGPRINT(("supdrvGipCreate: failed register MP event notfication. rc=%d\n", rc));
4530 }
4531 else
4532 {
4533 OSDBGPRINT(("supdrvGipCreate: failed create GIP timer at %ld ns interval. rc=%d\n", (long)u32Interval, rc));
4534 Assert(!pDevExt->pGipTimer);
4535 }
4536 supdrvGipDestroy(pDevExt);
4537 return rc;
4538}
4539
4540
4541/**
4542 * Terminates the GIP.
4543 *
4544 * @param pDevExt Instance data. GIP stuff may be updated.
4545 */
4546static void supdrvGipDestroy(PSUPDRVDEVEXT pDevExt)
4547{
4548 int rc;
4549#ifdef DEBUG_DARWIN_GIP
4550 OSDBGPRINT(("supdrvGipDestroy: pDevExt=%p pGip=%p pGipTimer=%p GipMemObj=%p\n", pDevExt,
4551 pDevExt->GipMemObj != NIL_RTR0MEMOBJ ? RTR0MemObjAddress(pDevExt->GipMemObj) : NULL,
4552 pDevExt->pGipTimer, pDevExt->GipMemObj));
4553#endif
4554
4555 /*
4556 * Invalid the GIP data.
4557 */
4558 if (pDevExt->pGip)
4559 {
4560 supdrvGipTerm(pDevExt->pGip);
4561 pDevExt->pGip = NULL;
4562 }
4563
4564 /*
4565 * Destroy the timer and free the GIP memory object.
4566 */
4567 if (pDevExt->pGipTimer)
4568 {
4569 rc = RTTimerDestroy(pDevExt->pGipTimer); AssertRC(rc);
4570 pDevExt->pGipTimer = NULL;
4571 }
4572
4573 if (pDevExt->GipMemObj != NIL_RTR0MEMOBJ)
4574 {
4575 rc = RTR0MemObjFree(pDevExt->GipMemObj, true /* free mappings */); AssertRC(rc);
4576 pDevExt->GipMemObj = NIL_RTR0MEMOBJ;
4577 }
4578
4579 /*
4580 * Finally, release the system timer resolution request if one succeeded.
4581 */
4582 if (pDevExt->u32SystemTimerGranularityGrant)
4583 {
4584 rc = RTTimerReleaseSystemGranularity(pDevExt->u32SystemTimerGranularityGrant); AssertRC(rc);
4585 pDevExt->u32SystemTimerGranularityGrant = 0;
4586 }
4587}
4588
4589
4590/**
4591 * Timer callback function sync GIP mode.
4592 * @param pTimer The timer.
4593 * @param pvUser The device extension.
4594 */
4595static DECLCALLBACK(void) supdrvGipSyncTimer(PRTTIMER pTimer, void *pvUser, uint64_t iTick)
4596{
4597 RTCCUINTREG fOldFlags = ASMIntDisableFlags(); /* No interruptions please (real problem on S10). */
4598 PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
4599
4600 supdrvGipUpdate(pDevExt->pGip, RTTimeSystemNanoTS());
4601
4602 ASMSetFlags(fOldFlags);
4603}
4604
4605
4606/**
4607 * Timer callback function for async GIP mode.
4608 * @param pTimer The timer.
4609 * @param pvUser The device extension.
4610 */
4611static DECLCALLBACK(void) supdrvGipAsyncTimer(PRTTIMER pTimer, void *pvUser, uint64_t iTick)
4612{
4613 RTCCUINTREG fOldFlags = ASMIntDisableFlags(); /* No interruptions please (real problem on S10). */
4614 PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
4615 RTCPUID idCpu = RTMpCpuId();
4616 uint64_t NanoTS = RTTimeSystemNanoTS();
4617
4618 /** @todo reset the transaction number and whatnot when iTick == 1. */
4619 if (pDevExt->idGipMaster == idCpu)
4620 supdrvGipUpdate(pDevExt->pGip, NanoTS);
4621 else
4622 supdrvGipUpdatePerCpu(pDevExt->pGip, NanoTS, ASMGetApicId());
4623
4624 ASMSetFlags(fOldFlags);
4625}
4626
4627
4628/**
4629 * Multiprocessor event notification callback.
4630 *
4631 * This is used to make sue that the GIP master gets passed on to
4632 * another CPU.
4633 *
4634 * @param enmEvent The event.
4635 * @param idCpu The cpu it applies to.
4636 * @param pvUser Pointer to the device extension.
4637 */
4638static DECLCALLBACK(void) supdrvGipMpEvent(RTMPEVENT enmEvent, RTCPUID idCpu, void *pvUser)
4639{
4640 PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
4641 if (enmEvent == RTMPEVENT_OFFLINE)
4642 {
4643 RTCPUID idGipMaster;
4644 ASMAtomicReadSize(&pDevExt->idGipMaster, &idGipMaster);
4645 if (idGipMaster == idCpu)
4646 {
4647 /*
4648 * Find a new GIP master.
4649 */
4650 bool fIgnored;
4651 unsigned i;
4652 RTCPUID idNewGipMaster = NIL_RTCPUID;
4653 RTCPUSET OnlineCpus;
4654 RTMpGetOnlineSet(&OnlineCpus);
4655
4656 for (i = 0; i < RTCPUSET_MAX_CPUS; i++)
4657 {
4658 RTCPUID idCurCpu = RTMpCpuIdFromSetIndex(i);
4659 if ( RTCpuSetIsMember(&OnlineCpus, idCurCpu)
4660 && idCurCpu != idGipMaster)
4661 {
4662 idNewGipMaster = idCurCpu;
4663 break;
4664 }
4665 }
4666
4667 dprintf(("supdrvGipMpEvent: Gip master %#lx -> %#lx\n", (long)idGipMaster, (long)idNewGipMaster));
4668 ASMAtomicCmpXchgSize(&pDevExt->idGipMaster, idNewGipMaster, idGipMaster, fIgnored);
4669 NOREF(fIgnored);
4670 }
4671 }
4672}
4673
4674
4675/**
4676 * Initializes the GIP data.
4677 *
4678 * @returns IPRT status code.
4679 * @param pDevExt Pointer to the device instance data.
4680 * @param pGip Pointer to the read-write kernel mapping of the GIP.
4681 * @param HCPhys The physical address of the GIP.
4682 * @param u64NanoTS The current nanosecond timestamp.
4683 * @param uUpdateHz The update freqence.
4684 */
4685int VBOXCALL supdrvGipInit(PSUPDRVDEVEXT pDevExt, PSUPGLOBALINFOPAGE pGip, RTHCPHYS HCPhys, uint64_t u64NanoTS, unsigned uUpdateHz)
4686{
4687 unsigned i;
4688#ifdef DEBUG_DARWIN_GIP
4689 OSDBGPRINT(("supdrvGipInit: pGip=%p HCPhys=%lx u64NanoTS=%llu uUpdateHz=%d\n", pGip, (long)HCPhys, u64NanoTS, uUpdateHz));
4690#else
4691 LogFlow(("supdrvGipInit: pGip=%p HCPhys=%lx u64NanoTS=%llu uUpdateHz=%d\n", pGip, (long)HCPhys, u64NanoTS, uUpdateHz));
4692#endif
4693
4694 /*
4695 * Initialize the structure.
4696 */
4697 memset(pGip, 0, PAGE_SIZE);
4698 pGip->u32Magic = SUPGLOBALINFOPAGE_MAGIC;
4699 pGip->u32Version = SUPGLOBALINFOPAGE_VERSION;
4700 pGip->u32Mode = supdrvGipDeterminTscMode(pDevExt);
4701 pGip->u32UpdateHz = uUpdateHz;
4702 pGip->u32UpdateIntervalNS = 1000000000 / uUpdateHz;
4703 pGip->u64NanoTSLastUpdateHz = u64NanoTS;
4704
4705 for (i = 0; i < RT_ELEMENTS(pGip->aCPUs); i++)
4706 {
4707 pGip->aCPUs[i].u32TransactionId = 2;
4708 pGip->aCPUs[i].u64NanoTS = u64NanoTS;
4709 pGip->aCPUs[i].u64TSC = ASMReadTSC();
4710
4711 /*
4712 * We don't know the following values until we've executed updates.
4713 * So, we'll just insert very high values.
4714 */
4715 pGip->aCPUs[i].u64CpuHz = _4G + 1;
4716 pGip->aCPUs[i].u32UpdateIntervalTSC = _2G / 4;
4717 pGip->aCPUs[i].au32TSCHistory[0] = _2G / 4;
4718 pGip->aCPUs[i].au32TSCHistory[1] = _2G / 4;
4719 pGip->aCPUs[i].au32TSCHistory[2] = _2G / 4;
4720 pGip->aCPUs[i].au32TSCHistory[3] = _2G / 4;
4721 pGip->aCPUs[i].au32TSCHistory[4] = _2G / 4;
4722 pGip->aCPUs[i].au32TSCHistory[5] = _2G / 4;
4723 pGip->aCPUs[i].au32TSCHistory[6] = _2G / 4;
4724 pGip->aCPUs[i].au32TSCHistory[7] = _2G / 4;
4725 }
4726
4727 /*
4728 * Link it to the device extension.
4729 */
4730 pDevExt->pGip = pGip;
4731 pDevExt->HCPhysGip = HCPhys;
4732 pDevExt->cGipUsers = 0;
4733
4734 return VINF_SUCCESS;
4735}
4736
4737
4738/**
4739 * Callback used by supdrvDetermineAsyncTSC to read the TSC on a CPU.
4740 *
4741 * @param idCpu Ignored.
4742 * @param pvUser1 Where to put the TSC.
4743 * @param pvUser2 Ignored.
4744 */
4745static DECLCALLBACK(void) supdrvDetermineAsyncTscWorker(RTCPUID idCpu, void *pvUser1, void *pvUser2)
4746{
4747#if 1
4748 ASMAtomicWriteU64((uint64_t volatile *)pvUser1, ASMReadTSC());
4749#else
4750 *(uint64_t *)pvUser1 = ASMReadTSC();
4751#endif
4752}
4753
4754
4755/**
4756 * Determine if Async GIP mode is required because of TSC drift.
4757 *
4758 * When using the default/normal timer code it is essential that the time stamp counter
4759 * (TSC) runs never backwards, that is, a read operation to the counter should return
4760 * a bigger value than any previous read operation. This is guaranteed by the latest
4761 * AMD CPUs and by newer Intel CPUs which never enter the C2 state (P4). In any other
4762 * case we have to choose the asynchronous timer mode.
4763 *
4764 * @param poffMin Pointer to the determined difference between different cores.
4765 * @return false if the time stamp counters appear to be synchron, true otherwise.
4766 */
4767bool VBOXCALL supdrvDetermineAsyncTsc(uint64_t *poffMin)
4768{
4769 /*
4770 * Just iterate all the cpus 8 times and make sure that the TSC is
4771 * ever increasing. We don't bother taking TSC rollover into account.
4772 */
4773 RTCPUSET CpuSet;
4774 int iLastCpu = RTCpuLastIndex(RTMpGetSet(&CpuSet));
4775 int iCpu;
4776 int cLoops = 8;
4777 bool fAsync = false;
4778 int rc = VINF_SUCCESS;
4779 uint64_t offMax = 0;
4780 uint64_t offMin = ~(uint64_t)0;
4781 uint64_t PrevTsc = ASMReadTSC();
4782
4783 while (cLoops-- > 0)
4784 {
4785 for (iCpu = 0; iCpu <= iLastCpu; iCpu++)
4786 {
4787 uint64_t CurTsc;
4788 rc = RTMpOnSpecific(RTMpCpuIdFromSetIndex(iCpu), supdrvDetermineAsyncTscWorker, &CurTsc, NULL);
4789 if (RT_SUCCESS(rc))
4790 {
4791 if (CurTsc <= PrevTsc)
4792 {
4793 fAsync = true;
4794 offMin = offMax = PrevTsc - CurTsc;
4795 dprintf(("supdrvDetermineAsyncTsc: iCpu=%d cLoops=%d CurTsc=%llx PrevTsc=%llx\n",
4796 iCpu, cLoops, CurTsc, PrevTsc));
4797 break;
4798 }
4799
4800 /* Gather statistics (except the first time). */
4801 if (iCpu != 0 || cLoops != 7)
4802 {
4803 uint64_t off = CurTsc - PrevTsc;
4804 if (off < offMin)
4805 offMin = off;
4806 if (off > offMax)
4807 offMax = off;
4808 dprintf2(("%d/%d: off=%llx\n", cLoops, iCpu, off));
4809 }
4810
4811 /* Next */
4812 PrevTsc = CurTsc;
4813 }
4814 else if (rc == VERR_NOT_SUPPORTED)
4815 break;
4816 else
4817 AssertMsg(rc == VERR_CPU_NOT_FOUND || rc == VERR_CPU_OFFLINE, ("%d\n", rc));
4818 }
4819
4820 /* broke out of the loop. */
4821 if (iCpu <= iLastCpu)
4822 break;
4823 }
4824
4825 *poffMin = offMin; /* Almost RTMpOnSpecific profiling. */
4826 dprintf(("supdrvDetermineAsyncTsc: returns %d; iLastCpu=%d rc=%d offMin=%llx offMax=%llx\n",
4827 fAsync, iLastCpu, rc, offMin, offMax));
4828#if !defined(RT_OS_SOLARIS) && !defined(RT_OS_OS2) && !defined(RT_OS_WINDOWS)
4829 OSDBGPRINT(("vboxdrv: fAsync=%d offMin=%#lx offMax=%#lx\n", fAsync, (long)offMin, (long)offMax));
4830#endif
4831 return fAsync;
4832}
4833
4834
4835/**
4836 * Determin the GIP TSC mode.
4837 *
4838 * @returns The most suitable TSC mode.
4839 * @param pDevExt Pointer to the device instance data.
4840 */
4841static SUPGIPMODE supdrvGipDeterminTscMode(PSUPDRVDEVEXT pDevExt)
4842{
4843 /*
4844 * On SMP we're faced with two problems:
4845 * (1) There might be a skew between the CPU, so that cpu0
4846 * returns a TSC that is sligtly different from cpu1.
4847 * (2) Power management (and other things) may cause the TSC
4848 * to run at a non-constant speed, and cause the speed
4849 * to be different on the cpus. This will result in (1).
4850 *
4851 * So, on SMP systems we'll have to select the ASYNC update method
4852 * if there are symphoms of these problems.
4853 */
4854 if (RTMpGetCount() > 1)
4855 {
4856 uint32_t uEAX, uEBX, uECX, uEDX;
4857 uint64_t u64DiffCoresIgnored;
4858
4859 /* Permit the user and/or the OS specfic bits to force async mode. */
4860 if (supdrvOSGetForcedAsyncTscMode(pDevExt))
4861 return SUPGIPMODE_ASYNC_TSC;
4862
4863 /* Try check for current differences between the cpus. */
4864 if (supdrvDetermineAsyncTsc(&u64DiffCoresIgnored))
4865 return SUPGIPMODE_ASYNC_TSC;
4866
4867 /*
4868 * If the CPU supports power management and is an AMD one we
4869 * won't trust it unless it has the TscInvariant bit is set.
4870 */
4871 /* Check for "AuthenticAMD" */
4872 ASMCpuId(0, &uEAX, &uEBX, &uECX, &uEDX);
4873 if ( uEAX >= 1
4874 && uEBX == X86_CPUID_VENDOR_AMD_EBX
4875 && uECX == X86_CPUID_VENDOR_AMD_ECX
4876 && uEDX == X86_CPUID_VENDOR_AMD_EDX)
4877 {
4878 /* Check for APM support and that TscInvariant is cleared. */
4879 ASMCpuId(0x80000000, &uEAX, &uEBX, &uECX, &uEDX);
4880 if (uEAX >= 0x80000007)
4881 {
4882 ASMCpuId(0x80000007, &uEAX, &uEBX, &uECX, &uEDX);
4883 if ( !(uEDX & RT_BIT(8))/* TscInvariant */
4884 && (uEDX & 0x3e)) /* STC|TM|THERMTRIP|VID|FID. Ignore TS. */
4885 return SUPGIPMODE_ASYNC_TSC;
4886 }
4887 }
4888 }
4889 return SUPGIPMODE_SYNC_TSC;
4890}
4891
4892
4893/**
4894 * Invalidates the GIP data upon termination.
4895 *
4896 * @param pGip Pointer to the read-write kernel mapping of the GIP.
4897 */
4898void VBOXCALL supdrvGipTerm(PSUPGLOBALINFOPAGE pGip)
4899{
4900 unsigned i;
4901 pGip->u32Magic = 0;
4902 for (i = 0; i < RT_ELEMENTS(pGip->aCPUs); i++)
4903 {
4904 pGip->aCPUs[i].u64NanoTS = 0;
4905 pGip->aCPUs[i].u64TSC = 0;
4906 pGip->aCPUs[i].iTSCHistoryHead = 0;
4907 }
4908}
4909
4910
4911/**
4912 * Worker routine for supdrvGipUpdate and supdrvGipUpdatePerCpu that
4913 * updates all the per cpu data except the transaction id.
4914 *
4915 * @param pGip The GIP.
4916 * @param pGipCpu Pointer to the per cpu data.
4917 * @param u64NanoTS The current time stamp.
4918 */
4919static void supdrvGipDoUpdateCpu(PSUPGLOBALINFOPAGE pGip, PSUPGIPCPU pGipCpu, uint64_t u64NanoTS)
4920{
4921 uint64_t u64TSC;
4922 uint64_t u64TSCDelta;
4923 uint32_t u32UpdateIntervalTSC;
4924 uint32_t u32UpdateIntervalTSCSlack;
4925 unsigned iTSCHistoryHead;
4926 uint64_t u64CpuHz;
4927
4928 /*
4929 * Update the NanoTS.
4930 */
4931 ASMAtomicXchgU64(&pGipCpu->u64NanoTS, u64NanoTS);
4932
4933 /*
4934 * Calc TSC delta.
4935 */
4936 /** @todo validate the NanoTS delta, don't trust the OS to call us when it should... */
4937 u64TSC = ASMReadTSC();
4938 u64TSCDelta = u64TSC - pGipCpu->u64TSC;
4939 ASMAtomicXchgU64(&pGipCpu->u64TSC, u64TSC);
4940
4941 if (u64TSCDelta >> 32)
4942 {
4943 u64TSCDelta = pGipCpu->u32UpdateIntervalTSC;
4944 pGipCpu->cErrors++;
4945 }
4946
4947 /*
4948 * TSC History.
4949 */
4950 Assert(RT_ELEMENTS(pGipCpu->au32TSCHistory) == 8);
4951
4952 iTSCHistoryHead = (pGipCpu->iTSCHistoryHead + 1) & 7;
4953 ASMAtomicXchgU32(&pGipCpu->iTSCHistoryHead, iTSCHistoryHead);
4954 ASMAtomicXchgU32(&pGipCpu->au32TSCHistory[iTSCHistoryHead], (uint32_t)u64TSCDelta);
4955
4956 /*
4957 * UpdateIntervalTSC = average of last 8,2,1 intervals depending on update HZ.
4958 */
4959 if (pGip->u32UpdateHz >= 1000)
4960 {
4961 uint32_t u32;
4962 u32 = pGipCpu->au32TSCHistory[0];
4963 u32 += pGipCpu->au32TSCHistory[1];
4964 u32 += pGipCpu->au32TSCHistory[2];
4965 u32 += pGipCpu->au32TSCHistory[3];
4966 u32 >>= 2;
4967 u32UpdateIntervalTSC = pGipCpu->au32TSCHistory[4];
4968 u32UpdateIntervalTSC += pGipCpu->au32TSCHistory[5];
4969 u32UpdateIntervalTSC += pGipCpu->au32TSCHistory[6];
4970 u32UpdateIntervalTSC += pGipCpu->au32TSCHistory[7];
4971 u32UpdateIntervalTSC >>= 2;
4972 u32UpdateIntervalTSC += u32;
4973 u32UpdateIntervalTSC >>= 1;
4974
4975 /* Value choosen for a 2GHz Athlon64 running linux 2.6.10/11, . */
4976 u32UpdateIntervalTSCSlack = u32UpdateIntervalTSC >> 14;
4977 }
4978 else if (pGip->u32UpdateHz >= 90)
4979 {
4980 u32UpdateIntervalTSC = (uint32_t)u64TSCDelta;
4981 u32UpdateIntervalTSC += pGipCpu->au32TSCHistory[(iTSCHistoryHead - 1) & 7];
4982 u32UpdateIntervalTSC >>= 1;
4983
4984 /* value choosen on a 2GHz thinkpad running windows */
4985 u32UpdateIntervalTSCSlack = u32UpdateIntervalTSC >> 7;
4986 }
4987 else
4988 {
4989 u32UpdateIntervalTSC = (uint32_t)u64TSCDelta;
4990
4991 /* This value hasn't be checked yet.. waiting for OS/2 and 33Hz timers.. :-) */
4992 u32UpdateIntervalTSCSlack = u32UpdateIntervalTSC >> 6;
4993 }
4994 ASMAtomicXchgU32(&pGipCpu->u32UpdateIntervalTSC, u32UpdateIntervalTSC + u32UpdateIntervalTSCSlack);
4995
4996 /*
4997 * CpuHz.
4998 */
4999 u64CpuHz = ASMMult2xU32RetU64(u32UpdateIntervalTSC, pGip->u32UpdateHz);
5000 ASMAtomicXchgU64(&pGipCpu->u64CpuHz, u64CpuHz);
5001}
5002
5003
5004/**
5005 * Updates the GIP.
5006 *
5007 * @param pGip Pointer to the GIP.
5008 * @param u64NanoTS The current nanosecond timesamp.
5009 */
5010void VBOXCALL supdrvGipUpdate(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS)
5011{
5012 /*
5013 * Determin the relevant CPU data.
5014 */
5015 PSUPGIPCPU pGipCpu;
5016 if (pGip->u32Mode != SUPGIPMODE_ASYNC_TSC)
5017 pGipCpu = &pGip->aCPUs[0];
5018 else
5019 {
5020 unsigned iCpu = ASMGetApicId();
5021 if (RT_LIKELY(iCpu >= RT_ELEMENTS(pGip->aCPUs)))
5022 return;
5023 pGipCpu = &pGip->aCPUs[iCpu];
5024 }
5025
5026 /*
5027 * Start update transaction.
5028 */
5029 if (!(ASMAtomicIncU32(&pGipCpu->u32TransactionId) & 1))
5030 {
5031 /* this can happen on win32 if we're taking to long and there are more CPUs around. shouldn't happen though. */
5032 AssertMsgFailed(("Invalid transaction id, %#x, not odd!\n", pGipCpu->u32TransactionId));
5033 ASMAtomicIncU32(&pGipCpu->u32TransactionId);
5034 pGipCpu->cErrors++;
5035 return;
5036 }
5037
5038 /*
5039 * Recalc the update frequency every 0x800th time.
5040 */
5041 if (!(pGipCpu->u32TransactionId & (GIP_UPDATEHZ_RECALC_FREQ * 2 - 2)))
5042 {
5043 if (pGip->u64NanoTSLastUpdateHz)
5044 {
5045#ifdef RT_ARCH_AMD64 /** @todo fix 64-bit div here to work on x86 linux. */
5046 uint64_t u64Delta = u64NanoTS - pGip->u64NanoTSLastUpdateHz;
5047 uint32_t u32UpdateHz = (uint32_t)((UINT64_C(1000000000) * GIP_UPDATEHZ_RECALC_FREQ) / u64Delta);
5048 if (u32UpdateHz <= 2000 && u32UpdateHz >= 30)
5049 {
5050 ASMAtomicXchgU32(&pGip->u32UpdateHz, u32UpdateHz);
5051 ASMAtomicXchgU32(&pGip->u32UpdateIntervalNS, 1000000000 / u32UpdateHz);
5052 }
5053#endif
5054 }
5055 ASMAtomicXchgU64(&pGip->u64NanoTSLastUpdateHz, u64NanoTS);
5056 }
5057
5058 /*
5059 * Update the data.
5060 */
5061 supdrvGipDoUpdateCpu(pGip, pGipCpu, u64NanoTS);
5062
5063 /*
5064 * Complete transaction.
5065 */
5066 ASMAtomicIncU32(&pGipCpu->u32TransactionId);
5067}
5068
5069
5070/**
5071 * Updates the per cpu GIP data for the calling cpu.
5072 *
5073 * @param pGip Pointer to the GIP.
5074 * @param u64NanoTS The current nanosecond timesamp.
5075 * @param iCpu The CPU index.
5076 */
5077void VBOXCALL supdrvGipUpdatePerCpu(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS, unsigned iCpu)
5078{
5079 PSUPGIPCPU pGipCpu;
5080
5081 if (RT_LIKELY(iCpu < RT_ELEMENTS(pGip->aCPUs)))
5082 {
5083 pGipCpu = &pGip->aCPUs[iCpu];
5084
5085 /*
5086 * Start update transaction.
5087 */
5088 if (!(ASMAtomicIncU32(&pGipCpu->u32TransactionId) & 1))
5089 {
5090 AssertMsgFailed(("Invalid transaction id, %#x, not odd!\n", pGipCpu->u32TransactionId));
5091 ASMAtomicIncU32(&pGipCpu->u32TransactionId);
5092 pGipCpu->cErrors++;
5093 return;
5094 }
5095
5096 /*
5097 * Update the data.
5098 */
5099 supdrvGipDoUpdateCpu(pGip, pGipCpu, u64NanoTS);
5100
5101 /*
5102 * Complete transaction.
5103 */
5104 ASMAtomicIncU32(&pGipCpu->u32TransactionId);
5105 }
5106}
5107
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette