win-pvdrivers

changeset 531:f966a0d692bc

added missing file
author James Harper <james.harper@bendigoit.com.au>
date Thu Jan 22 08:17:31 2009 +1100 (2009-01-22)
parents db0ea4b20c3c
children b7491d4ebb3c
files xenpci/xenpci_patch_kernel.c
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/xenpci/xenpci_patch_kernel.c	Thu Jan 22 08:17:31 2009 +1100
     1.3 @@ -0,0 +1,413 @@
     1.4 +/*
     1.5 +PV Drivers for Windows Xen HVM Domains
     1.6 +Copyright (C) 2007 James Harper
     1.7 +Inspired by amdvopt by Travis Betak
     1.8 +
     1.9 +This program is free software; you can redistribute it and/or
    1.10 +modify it under the terms of the GNU General Public License
    1.11 +as published by the Free Software Foundation; either version 2
    1.12 +of the License, or (at your option) any later version.
    1.13 +
    1.14 +This program is distributed in the hope that it will be useful,
    1.15 +but WITHOUT ANY WARRANTY; without even the implied warranty of
    1.16 +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    1.17 +GNU General Public License for more details.
    1.18 +
    1.19 +You should have received a copy of the GNU General Public License
    1.20 +along with this program; if not, write to the Free Software
    1.21 +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    1.22 +*/
    1.23 +
    1.24 +#include "xenpci.h"
    1.25 +
    1.26 +#if defined(_X86_)
    1.27 +
    1.28 +/* Is LOCK MOV CR0 available? */
    1.29 +#define CPUID_ALTMOVCR8	(1UL << 4)
    1.30 +/* Task priority register address */
    1.31 +#define LAPIC_TASKPRI 0xFFFE0080
    1.32 +#define TPR_BYTES   0x80, 0x00, 0xfe, 0xff
    1.33 +
    1.34 +extern VOID MoveTprToEax(VOID);
    1.35 +extern VOID MoveTprToEcx(VOID);
    1.36 +extern VOID MoveTprToEdx(VOID);
    1.37 +extern VOID MoveTprToEsi(VOID);
    1.38 +extern VOID PushTpr(VOID);
    1.39 +extern VOID MoveEaxToTpr(VOID);
    1.40 +extern VOID MoveEbxToTpr(VOID);
    1.41 +extern VOID MoveEcxToTpr(VOID);
    1.42 +extern VOID MoveEdxToTpr(VOID);
    1.43 +extern VOID MoveEsiToTpr(VOID);
    1.44 +extern VOID MoveConstToTpr(ULONG new_tpr_value);
    1.45 +extern VOID MoveZeroToTpr(VOID);
    1.46 +
    1.47 +static PHYSICAL_ADDRESS lapic_page[MAX_VIRT_CPUS];
    1.48 +static volatile PVOID lapic[MAX_VIRT_CPUS];
    1.49 +static ULONG tpr_cache[MAX_VIRT_CPUS];
    1.50 +#define PATCH_METHOD_LOCK_MOVE_CR0 1
    1.51 +#define PATCH_METHOD_MAPPED_VLAPIC 2
    1.52 +#define PATCH_METHOD_CACHED_TPR    3
    1.53 +static ULONG patch_method;
    1.54 +
    1.55 +static ULONG
    1.56 +SaveTprProcValue(ULONG cpu, ULONG value)
    1.57 +{
    1.58 +  switch (patch_method)
    1.59 +  {
    1.60 +  case PATCH_METHOD_LOCK_MOVE_CR0:
    1.61 +  case PATCH_METHOD_CACHED_TPR:
    1.62 +    tpr_cache[cpu] = value;
    1.63 +    break;
    1.64 +  case PATCH_METHOD_MAPPED_VLAPIC:
    1.65 +    /* no need to save here */
    1.66 +    break;
    1.67 +  }
    1.68 +  return value;
    1.69 +}
    1.70 +
    1.71 +static ULONG
    1.72 +SaveTpr()
    1.73 +{
    1.74 +  switch (patch_method)
    1.75 +  {
    1.76 +  case PATCH_METHOD_LOCK_MOVE_CR0:
    1.77 +  case PATCH_METHOD_CACHED_TPR:
    1.78 +    return SaveTprProcValue(KeGetCurrentProcessorNumber(), *(PULONG)LAPIC_TASKPRI);
    1.79 +  case PATCH_METHOD_MAPPED_VLAPIC:
    1.80 +    /* no need to save here */
    1.81 +    break;
    1.82 +  }
    1.83 +  return 0;
    1.84 +}
    1.85 +
    1.86 +/* called with interrupts disabled (via CLI) from an arbitrary location inside HAL.DLL */
    1.87 +static __inline LONG
    1.88 +ApicHighestVector(PULONG bitmap)
    1.89 +{
    1.90 +  int i;
    1.91 +  ULONG bit;
    1.92 +  ULONG value;
    1.93 +  for (i = 0; i < 8; i++)
    1.94 +  {
    1.95 +    value = bitmap[(7 - i) * 4];
    1.96 +    if (value)
    1.97 +    {
    1.98 +      _BitScanReverse(&bit, value);
    1.99 +      return ((7 - i) << 5) | bit;
   1.100 +    }
   1.101 +  }
   1.102 +  return -1;
   1.103 +}
   1.104 +
   1.105 +/* called with interrupts disabled (via CLI) from an arbitrary location inside HAL.DLL */
   1.106 +VOID
   1.107 +WriteTpr(ULONG new_tpr_value)
   1.108 +{
   1.109 +  LONG ISR;
   1.110 +  LONG IRR;
   1.111 +  ULONG cpu = KeGetCurrentProcessorNumber();
   1.112 +  
   1.113 +  switch (patch_method)
   1.114 +  {
   1.115 +  case PATCH_METHOD_LOCK_MOVE_CR0:
   1.116 +    tpr_cache[cpu] = new_tpr_value;
   1.117 +    __asm {
   1.118 +      mov eax, new_tpr_value;
   1.119 +      shr	eax, 4;
   1.120 +      lock mov cr0, eax; /* this is actually mov cr8, eax */
   1.121 +    }
   1.122 +    break;
   1.123 +  case PATCH_METHOD_CACHED_TPR:
   1.124 +    if (new_tpr_value != tpr_cache[cpu])
   1.125 +    {
   1.126 +      *(PULONG)LAPIC_TASKPRI = new_tpr_value;
   1.127 +      tpr_cache[cpu] = new_tpr_value;
   1.128 +    }
   1.129 +    break;
   1.130 +  case PATCH_METHOD_MAPPED_VLAPIC:
   1.131 +    /* need to set the new tpr value and then check for pending interrupts to avoid a race */
   1.132 +    *(PULONG)((PUCHAR)lapic[cpu] + 0x80) = new_tpr_value & 0xff;
   1.133 +    KeMemoryBarrier();
   1.134 +    IRR = ApicHighestVector((PULONG)((PUCHAR)lapic[cpu] + 0x200));
   1.135 +    if (IRR == -1)
   1.136 +      return;
   1.137 +    ISR = ApicHighestVector((PULONG)((PUCHAR)lapic[cpu] + 0x100));
   1.138 +    if (ISR == -1)
   1.139 +      ISR = 0;
   1.140 +    if ((ULONG)(IRR >> 4) > max((ULONG)(ISR >> 4), ((new_tpr_value & 0xf0) >> 4)))
   1.141 +      *(PULONG)LAPIC_TASKPRI = new_tpr_value;
   1.142 +    break;
   1.143 +  }
   1.144 +}
   1.145 +
   1.146 +/* called with interrupts disabled (via CLI) from an arbitrary location inside HAL.DLL */
   1.147 +ULONG
   1.148 +ReadTpr()
   1.149 +{
   1.150 +  switch (patch_method)
   1.151 +  {
   1.152 +  case PATCH_METHOD_LOCK_MOVE_CR0:
   1.153 +  case PATCH_METHOD_CACHED_TPR:
   1.154 +    return tpr_cache[KeGetCurrentProcessorNumber()];
   1.155 +  case PATCH_METHOD_MAPPED_VLAPIC:
   1.156 +    return *(PULONG)((PUCHAR)lapic[KeGetCurrentProcessorNumber()] + 0x80);
   1.157 +  default:
   1.158 +    return 0;
   1.159 +  }
   1.160 +}
   1.161 +
   1.162 +static __inline VOID
   1.163 +InsertCallRel32(PUCHAR address, ULONG target)
   1.164 +{
   1.165 +  *address = 0xE8; /* call near */
   1.166 +  *(PULONG)(address + 1) = (ULONG)target - ((ULONG)address + 5);
   1.167 +}
   1.168 +
   1.169 +#define PATCH_SIZE 10
   1.170 +
   1.171 +typedef struct {
   1.172 +  ULONG patch_type;
   1.173 +  ULONG match_size;
   1.174 +  ULONG function;
   1.175 +  UCHAR bytes[PATCH_SIZE];
   1.176 +} patch_t;
   1.177 +
   1.178 +#define PATCH_NONE  0
   1.179 +#define PATCH_1B4   1 /* 1 byte opcode with 4 bytes of data  - replace with call function */
   1.180 +#define PATCH_2B4   2 /* 2 byte opcode with 4 bytes of data - replace with nop + call function*/
   1.181 +#define PATCH_2B5   3 /* 2 byte opcode with 1 + 4 bytes of data - replace with nop + nop + call function */
   1.182 +#define PATCH_2B8   4 /* 2 byte opcode with 4 + 4 bytes of data - replace with push const + call function*/
   1.183 +
   1.184 +static patch_t patches[] =
   1.185 +{
   1.186 +  { PATCH_1B4,  5, (ULONG)MoveTprToEax,   { 0xa1, TPR_BYTES } },
   1.187 +  { PATCH_2B4,  6, (ULONG)MoveTprToEcx,   { 0x8b, 0x0d, TPR_BYTES } },
   1.188 +  { PATCH_2B4,  6, (ULONG)MoveTprToEdx,   { 0x8b, 0x15, TPR_BYTES } },
   1.189 +  { PATCH_2B4,  6, (ULONG)MoveTprToEsi,   { 0x8b, 0x35, TPR_BYTES } },
   1.190 +  { PATCH_2B4,  6, (ULONG)PushTpr,        { 0xff, 0x35, TPR_BYTES } },
   1.191 +  { PATCH_1B4,  5, (ULONG)MoveEaxToTpr,   { 0xa3, TPR_BYTES } },
   1.192 +  { PATCH_2B4,  6, (ULONG)MoveEbxToTpr,   { 0x89, 0x1D, TPR_BYTES } },
   1.193 +  { PATCH_2B4,  6, (ULONG)MoveEcxToTpr,   { 0x89, 0x0D, TPR_BYTES } },
   1.194 +  { PATCH_2B4,  6, (ULONG)MoveEdxToTpr,   { 0x89, 0x15, TPR_BYTES } },
   1.195 +  { PATCH_2B4,  6, (ULONG)MoveEsiToTpr,   { 0x89, 0x35, TPR_BYTES } },
   1.196 +  { PATCH_2B8,  6, (ULONG)MoveConstToTpr, { 0xC7, 0x05, TPR_BYTES } }, /* + another 4 bytes of const */
   1.197 +  { PATCH_2B5,  7, (ULONG)MoveZeroToTpr,  { 0x83, 0x25, TPR_BYTES, 0 } },
   1.198 +  { PATCH_NONE, 0, 0,                     { 0 } }
   1.199 +};
   1.200 +
   1.201 +static BOOLEAN
   1.202 +XenPci_TestAndPatchInstruction(PVOID address)
   1.203 +{
   1.204 +	PUCHAR instruction = address;
   1.205 +  ULONG i;
   1.206 +  /* don't declare patches[] on the stack - windows gets grumpy if we allocate too much space on the stack at HIGH_LEVEL */
   1.207 +  
   1.208 +  for (i = 0; patches[i].patch_type != PATCH_NONE; i++)
   1.209 +  {
   1.210 +    if (memcmp(address, patches[i].bytes, patches[i].match_size) == 0)
   1.211 +      break;
   1.212 +  }
   1.213 +  if (patches[i].patch_type == PATCH_NONE)
   1.214 +    return FALSE;
   1.215 +    
   1.216 +  switch (patches[i].patch_type)
   1.217 +  {
   1.218 +  case PATCH_1B4:
   1.219 +    InsertCallRel32(instruction + 0, patches[i].function);
   1.220 +    break;
   1.221 +  case PATCH_2B4:
   1.222 +    *(instruction + 0) = 0x90; /* nop */
   1.223 +    InsertCallRel32(instruction + 1, patches[i].function);
   1.224 +    break;
   1.225 +  case PATCH_2B8:
   1.226 +    *(instruction + 0) = 0x68; /* push value */
   1.227 +    *(PULONG)(instruction + 1) = *(PULONG)(instruction + 6);
   1.228 +    InsertCallRel32(instruction + 5, patches[i].function);
   1.229 +    break;
   1.230 +  case PATCH_2B5:
   1.231 +    *(instruction + 0) = 0x90; /* nop */
   1.232 +    *(instruction + 1) = 0x90; /* nop */
   1.233 +    InsertCallRel32(instruction + 2, patches[i].function);
   1.234 +    break;
   1.235 +  default:
   1.236 +    /* wtf? */
   1.237 +    break;
   1.238 +  }
   1.239 +	return TRUE;
   1.240 +}
   1.241 +
   1.242 +typedef struct {
   1.243 +  PVOID base;
   1.244 +  ULONG length;
   1.245 +} patch_info_t;
   1.246 +
   1.247 +static PVOID patch_positions[256];
   1.248 +static PVOID potential_patch_positions[256];
   1.249 +
   1.250 +static VOID
   1.251 +XenPci_DoPatchKernel0(PVOID context)
   1.252 +{
   1.253 +  patch_info_t *pi = context;
   1.254 +  ULONG i;
   1.255 +  ULONG high_level_tpr;
   1.256 +  ULONG patch_position_index = 0;
   1.257 +  ULONG potential_patch_position_index = 0;
   1.258 +
   1.259 +  FUNCTION_ENTER();
   1.260 +
   1.261 +	high_level_tpr = SaveTpr();
   1.262 +
   1.263 +  /* we know all the other CPUs are at HIGH_LEVEL so set them all to the same as cpu 0 */
   1.264 +  for (i = 1; i < MAX_VIRT_CPUS; i++)
   1.265 +    SaveTprProcValue(i, high_level_tpr);
   1.266 +
   1.267 +  /* we can't use KdPrint while patching as it may involve the TPR while we are patching it */
   1.268 +  for (i = 0; i < pi->length; i++)
   1.269 +  {
   1.270 +    if (XenPci_TestAndPatchInstruction((PUCHAR)pi->base + i))
   1.271 +    {
   1.272 +      patch_positions[patch_position_index++] = (PUCHAR)pi->base + i;
   1.273 +    }
   1.274 +    else if (*(PULONG)((PUCHAR)pi->base + i) == LAPIC_TASKPRI)
   1.275 +    {
   1.276 +       potential_patch_positions[potential_patch_position_index++] = (PUCHAR)pi->base + i;
   1.277 +    }
   1.278 +  }
   1.279 +  for (i = 0; i < patch_position_index; i++)
   1.280 +    KdPrint((__DRIVER_NAME "     Patch added at %p\n", patch_positions[i]));
   1.281 +
   1.282 +  for (i = 0; i < potential_patch_position_index; i++)
   1.283 +    KdPrint((__DRIVER_NAME "     Unpatch TPR address found at %p\n", potential_patch_positions[i]));
   1.284 +
   1.285 +  FUNCTION_EXIT();
   1.286 +}
   1.287 +
   1.288 +static VOID
   1.289 +XenPci_DoPatchKernelN(PVOID context)
   1.290 +{
   1.291 +  UNREFERENCED_PARAMETER(context);
   1.292 +  
   1.293 +  FUNCTION_ENTER();
   1.294 +
   1.295 +  FUNCTION_EXIT();
   1.296 +}
   1.297 +
   1.298 +static BOOLEAN
   1.299 +IsMoveCr8Supported()
   1.300 +{
   1.301 +  DWORD32 cpuid_output[4];
   1.302 +  
   1.303 +  __cpuid(cpuid_output, 0x80000001UL);
   1.304 +  if (cpuid_output[2] & CPUID_ALTMOVCR8)
   1.305 +    return TRUE;
   1.306 +  else
   1.307 +    return FALSE;
   1.308 +}
   1.309 +
   1.310 +static ULONG
   1.311 +MapVlapic(PXENPCI_DEVICE_DATA xpdd)
   1.312 +{
   1.313 +  struct xen_add_to_physmap xatp;
   1.314 +  ULONG rc = EINVAL;
   1.315 +  int i;
   1.316 +
   1.317 +  FUNCTION_ENTER();
   1.318 +  
   1.319 +  for (i = 0; i < KeNumberProcessors; i++)
   1.320 +  {
   1.321 +    KdPrint((__DRIVER_NAME "     mapping lapic for cpu = %d\n", i));
   1.322 +
   1.323 +    lapic_page[i] = XenPci_AllocMMIO(xpdd, PAGE_SIZE);
   1.324 +    lapic[i] = MmMapIoSpace(lapic_page[i], PAGE_SIZE, MmCached);
   1.325 +
   1.326 +    xatp.domid = DOMID_SELF;
   1.327 +    xatp.idx = i;
   1.328 +    xatp.space = XENMAPSPACE_vlapic;
   1.329 +    xatp.gpfn = (xen_pfn_t)(lapic_page[i].QuadPart >> PAGE_SHIFT);
   1.330 +    KdPrint((__DRIVER_NAME "     gpfn = %x\n", xatp.gpfn));
   1.331 +    rc = HYPERVISOR_memory_op(xpdd, XENMEM_add_to_physmap, &xatp);
   1.332 +    KdPrint((__DRIVER_NAME "     hypervisor memory op (XENMAPSPACE_vlapic_regs) ret = %d\n", rc));
   1.333 +    if (rc != 0)
   1.334 +    {
   1.335 +      FUNCTION_EXIT();
   1.336 +      return rc;
   1.337 +    }
   1.338 +  }
   1.339 +  FUNCTION_EXIT();
   1.340 +
   1.341 +  return rc;
   1.342 +}
   1.343 +
   1.344 +VOID
   1.345 +XenPci_PatchKernel(PXENPCI_DEVICE_DATA xpdd, PVOID base, ULONG length)
   1.346 +{
   1.347 +  patch_info_t patch_info;
   1.348 +  ULONG rc;
   1.349 +  RTL_OSVERSIONINFOEXW version_info;
   1.350 +
   1.351 +  FUNCTION_ENTER();
   1.352 +
   1.353 +  version_info.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW);
   1.354 +  RtlGetVersion((PRTL_OSVERSIONINFOW)&version_info);
   1.355 +  if (version_info.dwMajorVersion >= 6)
   1.356 +  {
   1.357 +    KdPrint((__DRIVER_NAME "     Vista or newer - no need for patch\n"));
   1.358 +    return;
   1.359 +  }
   1.360 +  if (version_info.dwMajorVersion == 5
   1.361 +      && version_info.dwMinorVersion > 2)
   1.362 +  {
   1.363 +    KdPrint((__DRIVER_NAME "     Windows 2003 sp2 or newer - no need for patch\n"));
   1.364 +    return;
   1.365 +  }
   1.366 +  if (version_info.dwMajorVersion == 5
   1.367 +      && version_info.dwMinorVersion == 2
   1.368 +      && version_info.wServicePackMajor >= 2)
   1.369 +  {
   1.370 +    KdPrint((__DRIVER_NAME "     Windows 2003 sp2 or newer - no need for patch\n"));
   1.371 +    return;
   1.372 +  }
   1.373 +
   1.374 +  if (IsMoveCr8Supported())
   1.375 +  {
   1.376 +    KdPrint((__DRIVER_NAME "     Using LOCK MOVE CR0 TPR patch\n"));
   1.377 +    patch_method = PATCH_METHOD_LOCK_MOVE_CR0;
   1.378 +  }
   1.379 +  else
   1.380 +  {
   1.381 +    rc = MapVlapic(xpdd);
   1.382 +    if (rc == EACCES)
   1.383 +    {
   1.384 +      KdPrint((__DRIVER_NAME "     Xen already using VMX LAPIC acceleration. No patch required\n"));
   1.385 +      return;
   1.386 +    }
   1.387 +    if (!rc)
   1.388 +    {
   1.389 +      KdPrint((__DRIVER_NAME "     Using mapped vLAPIC TPR patch\n"));
   1.390 +      patch_method = PATCH_METHOD_MAPPED_VLAPIC;
   1.391 +    }
   1.392 +    else
   1.393 +    {
   1.394 +      KdPrint((__DRIVER_NAME "     Using cached TPR patch\n"));
   1.395 +      patch_method = PATCH_METHOD_CACHED_TPR;
   1.396 +    }
   1.397 +  }
   1.398 +  patch_info.base = base;
   1.399 +  patch_info.length = length;
   1.400 +    
   1.401 +  XenPci_HighSync(XenPci_DoPatchKernel0, XenPci_DoPatchKernelN, &patch_info);
   1.402 +  
   1.403 +  FUNCTION_EXIT();
   1.404 +}
   1.405 +
   1.406 +#else
   1.407 +
   1.408 +VOID
   1.409 +XenPci_PatchKernel(PXENPCI_DEVICE_DATA xpdd, PVOID base, ULONG length)
   1.410 +{
   1.411 +  UNREFERENCED_PARAMETER(xpdd);
   1.412 +  UNREFERENCED_PARAMETER(base);
   1.413 +  UNREFERENCED_PARAMETER(length);
   1.414 +}
   1.415 +
   1.416 +#endif