2 * This file is part of the Palacios Virtual Machine Monitor developed
3 * by the V3VEE Project with funding from the United States National
4 * Science Foundation and the Department of Energy.
6 * The V3VEE Project is a joint project between Northwestern University
7 * and the University of New Mexico. You can find out more at
10 * Copyright (c) 2008, Jack Lange <jarusl@cs.northwestern.edu>
11 * Copyright (c) 2008, The V3VEE Project <http://www.v3vee.org>
12 * All rights reserved.
14 * Author: Jack Lange <jarusl@cs.northwestern.edu>
16 * This is free software. You are permitted to use,
17 * redistribute, and modify it as specified in the file "V3VEE_LICENSE".
20 #include <palacios/vmm.h>
21 #include <palacios/vm_guest.h>
22 #include <palacios/vmm_mem_hook.h>
23 #include <palacios/vmm_emulator.h>
24 #include <palacios/vm_guest_mem.h>
25 #include <palacios/vmm_hashtable.h>
26 #include <palacios/vmm_decoder.h>
30 // Called when data is read from a memory page
31 int (*read)(struct guest_info * core, addr_t guest_addr, void * dst, uint_t length, void * priv_data);
32 // Called when data is written to a memory page
33 int (*write)(struct guest_info * core, addr_t guest_addr, void * src, uint_t length, void * priv_data);
34 // Called when memory page is accessed
35 int (*access)(struct guest_info *core, addr_t guest_va, addr_t guest_pa, struct v3_mem_region *region, pf_error_t access_info, void *priv_data);
38 struct v3_mem_region * region;
41 struct list_head hook_node;
46 static int free_hook(struct v3_vm_info * vm, struct mem_hook * hook);
48 static uint_t mem_hash_fn(addr_t key) {
49 return v3_hash_long(key, sizeof(void *) * 8);
52 static int mem_eq_fn(addr_t key1, addr_t key2) {
53 return (key1 == key2);
56 int v3_init_mem_hooks(struct v3_vm_info * vm) {
59 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
61 temp = V3_AllocPages(vm->num_cores);
64 PrintError(vm, VCORE_NONE, "Cannot allocate space for mem hooks\n");
68 hooks->hook_hvas_1 = V3_VAddr(temp);
70 temp = V3_AllocPages(vm->num_cores);
73 PrintError(vm, VCORE_NONE,"Cannot allocate space for mem hooks\n");
74 V3_FreePages(hooks->hook_hvas_1,vm->num_cores);
78 hooks->hook_hvas_2 = V3_VAddr(temp);
80 INIT_LIST_HEAD(&(hooks->hook_list));
82 hooks->reg_table = v3_create_htable(0, mem_hash_fn, mem_eq_fn);
90 // We'll assume the actual hooks were either already cleared,
91 // or will be cleared by the memory map
92 int v3_deinit_mem_hooks(struct v3_vm_info * vm) {
93 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
94 struct mem_hook * hook = NULL;
95 struct mem_hook * tmp = NULL;
103 // We delete the hook info but leave its memory region intact
104 // We rely on the memory map to clean up any orphaned regions as a result of this
105 // This needs to be fixed at some point...
106 list_for_each_entry_safe(hook, tmp, &(hooks->hook_list), hook_node) {
111 v3_free_htable(hooks->reg_table, 0, 0);
113 V3_FreePages(V3_PAddr(hooks->hook_hvas_1), vm->num_cores);
114 V3_FreePages(V3_PAddr(hooks->hook_hvas_2), vm->num_cores);
121 static inline int get_op_length(struct x86_instr * instr, struct x86_operand * operand, addr_t tgt_addr) {
123 if (instr->is_str_op) {
124 if ((instr->str_op_length * operand->size) < (0x1000 - PAGE_OFFSET_4KB(tgt_addr))) {
125 return (instr->str_op_length * operand->size);
127 return (0x1000 - PAGE_OFFSET_4KB(tgt_addr));
130 return instr->src_operand.size;
137 static int handle_mem_hook(struct guest_info * core, addr_t guest_va, addr_t guest_pa,
138 struct v3_mem_region * reg, pf_error_t access_info) {
139 struct v3_mem_hooks * hooks = &(core->vm_info->mem_hooks);
140 struct x86_instr instr;
141 void * instr_ptr = NULL;
142 int bytes_emulated = 0;
146 struct mem_hook * src_hook = NULL;
147 addr_t src_mem_op_hva = 0;
148 addr_t src_mem_op_gpa = 0;
149 int src_req_size = -1;
151 struct mem_hook * dst_hook = NULL;
152 addr_t dst_mem_op_hva = 0;
153 addr_t dst_mem_op_gpa = 0;
154 int dst_req_size = -1;
157 struct mem_hook *access_hook = NULL;
159 // Let access hooks take priority
160 access_hook = (struct mem_hook *) reg->priv_data;
161 if (access_hook && access_hook->access) {
162 return access_hook->access(core, guest_va, guest_pa, reg, access_info, access_hook->priv_data);
166 /* Find and decode hooked instruction */
167 if (core->mem_mode == PHYSICAL_MEM) {
168 ret = v3_gpa_to_hva(core, get_addr_linear(core, core->rip, &(core->segments.cs)), (addr_t *)&instr_ptr);
170 ret = v3_gva_to_hva(core, get_addr_linear(core, core->rip, &(core->segments.cs)), (addr_t *)&instr_ptr);
174 PrintError(core->vm_info, core, "Could not translate Instruction Address (%p)\n", (void *)(addr_t)core->rip);
178 if (v3_decode(core, (addr_t)instr_ptr, &instr) == -1) {
179 PrintError(core->vm_info, core, "Decoding Error\n");
185 // Test source operand, if it's memory we need to do some translations, and handle a possible hook
186 if (instr.src_operand.type == MEM_OPERAND) {
187 struct v3_mem_region * src_reg = NULL;
189 if (core->mem_mode == PHYSICAL_MEM) {
190 src_mem_op_gpa = instr.src_operand.operand;
192 if (v3_gva_to_gpa(core, instr.src_operand.operand, &src_mem_op_gpa) == -1) {
193 pf_error_t error = access_info;
196 v3_inject_guest_pf(core, instr.src_operand.operand, error);
202 if ((src_mem_op_gpa >= reg->guest_start) &&
203 (src_mem_op_gpa < reg->guest_end)) {
204 // Src address corresponds to faulted region
207 // Note that this should only trigger for string operations
208 src_reg = v3_get_mem_region(core->vm_info, core->vcpu_id, src_mem_op_gpa);
211 if (src_reg == NULL) {
212 PrintError(core->vm_info, core, "Error finding Source region (addr=%p)\n", (void *)src_mem_op_gpa);
216 src_hook = (struct mem_hook *)v3_htable_search(hooks->reg_table, (addr_t)src_reg);
218 // We don't check whether the region is a hook here because it doesn't yet matter.
219 // These hva calculations will be true regardless
220 if (src_reg->flags.alloced == 0) {
221 src_mem_op_hva = (addr_t)(hooks->hook_hvas_1 + (PAGE_SIZE * core->vcpu_id));
223 // We already have the region so we can do the conversion ourselves
224 src_mem_op_hva = (addr_t)V3_VAddr((void *)((src_mem_op_gpa - src_reg->guest_start) + src_reg->host_addr));
227 src_req_size = get_op_length(&instr, &(instr.src_operand), src_mem_op_hva);
230 // Now do the same translation / hook handling for the second operand
231 if (instr.dst_operand.type == MEM_OPERAND) {
232 struct v3_mem_region * dst_reg = NULL;
235 if (core->mem_mode == PHYSICAL_MEM) {
236 dst_mem_op_gpa = instr.dst_operand.operand;
238 if (v3_gva_to_gpa(core, instr.dst_operand.operand, &dst_mem_op_gpa) == -1) {
239 pf_error_t error = access_info;
242 v3_inject_guest_pf(core, instr.dst_operand.operand, error);
248 if ((dst_mem_op_gpa >= reg->guest_start) &&
249 (dst_mem_op_gpa < reg->guest_end)) {
250 // Dst address corresponds to faulted region
253 // Note that this should only trigger for string operations
254 dst_reg = v3_get_mem_region(core->vm_info, core->vcpu_id, dst_mem_op_gpa);
257 if (dst_reg == NULL) {
258 PrintError(core->vm_info, core, "Error finding Source region (addr=%p)\n", (void *)dst_mem_op_gpa);
262 dst_hook = (struct mem_hook *)v3_htable_search(hooks->reg_table, (addr_t)dst_reg);
264 // We don't check whether the region is a hook here because it doesn't yet matter.
265 // These hva calculations will be true regardless
266 if (dst_reg->flags.alloced == 0) {
267 dst_mem_op_hva = (addr_t)(hooks->hook_hvas_2 + (PAGE_SIZE * core->vcpu_id));
269 // We already have the region so we can do the conversion ourselves
270 dst_mem_op_hva = (addr_t)V3_VAddr((void *)((dst_mem_op_gpa - dst_reg->guest_start) + dst_reg->host_addr));
273 dst_req_size = get_op_length(&instr, &(instr.dst_operand), dst_mem_op_hva);
277 mem_op_size = ((uint_t)src_req_size < (uint_t)dst_req_size) ? src_req_size : dst_req_size;
279 if (mem_op_size == -1) {
280 PrintError(core->vm_info, core, "Error: Did not detect any memory operands...\n");
285 /* Now handle the hooks if necessary */
286 if ( (src_hook != NULL) && (src_hook->read != NULL) &&
287 (instr.src_operand.read == 1) ) {
289 // Read in data from hook
291 if (src_hook->read(core, src_mem_op_gpa, (void *)src_mem_op_hva, mem_op_size, src_hook->priv_data) == -1) {
292 PrintError(core->vm_info, core, "Read hook error at src_mem_op_gpa=%p\n", (void *)src_mem_op_gpa);
297 if ( (dst_hook != NULL) && (dst_hook->read != NULL) &&
298 (instr.dst_operand.read == 1) ) {
300 // Read in data from hook
302 if (dst_hook->read(core, dst_mem_op_gpa, (void *)dst_mem_op_hva, mem_op_size, dst_hook->priv_data) == -1) {
303 PrintError(core->vm_info, core, "Read hook error at dst_mem_op_gpa=%p\n", (void *)dst_mem_op_gpa);
308 bytes_emulated = v3_emulate(core, &instr, mem_op_size, src_mem_op_hva, dst_mem_op_hva);
310 if (bytes_emulated == -1) {
311 PrintError(core->vm_info, core, "Error emulating instruction\n");
316 if ( (src_hook != NULL) && (src_hook->write != NULL) &&
317 (instr.src_operand.write == 1) ) {
319 if (src_hook->write(core, src_mem_op_gpa, (void *)src_mem_op_hva, bytes_emulated, src_hook->priv_data) == -1) {
320 PrintError(core->vm_info, core, "Write hook error at src_mem_op_gpa=%p\n", (void *)src_mem_op_gpa);
327 if ( (dst_hook != NULL) && (dst_hook->write != NULL) &&
328 (instr.dst_operand.write == 1) ) {
330 if (dst_hook->write(core, dst_mem_op_gpa, (void *)dst_mem_op_hva, bytes_emulated, dst_hook->priv_data) == -1) {
331 PrintError(core->vm_info, core, "Write hook error at dst_mem_op_gpa=%p\n", (void *)dst_mem_op_gpa);
337 if (instr.is_str_op == 0) {
338 core->rip += instr.instr_length;
347 int v3_hook_write_mem(struct v3_vm_info * vm, uint16_t core_id,
348 addr_t guest_addr_start, addr_t guest_addr_end, addr_t host_addr,
349 int (*write)(struct guest_info * core, addr_t guest_addr, void * src, uint_t length, void * priv_data),
351 struct v3_mem_region * entry = NULL;
352 struct mem_hook * hook = V3_Malloc(sizeof(struct mem_hook));
353 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
356 PrintError(vm, VCORE_NONE, "Cannot allocate in hooking memory for full access\n");
360 memset(hook, 0, sizeof(struct mem_hook));
364 hook->priv_data = priv_data;
366 entry = v3_create_mem_region(vm, core_id, guest_addr_start, guest_addr_end);
369 PrintError(vm, VCORE_NONE, "Cannot allocate a memory region\n");
374 hook->region = entry;
376 entry->host_addr = host_addr;
377 entry->unhandled = handle_mem_hook;
378 entry->priv_data = hook;
380 entry->flags.read = 1;
381 entry->flags.exec = 1;
382 entry->flags.alloced = 1;
384 if (v3_insert_mem_region(vm, entry) == -1) {
385 PrintError(vm, VCORE_NONE, "Cannot insert memory region\n");
391 v3_htable_insert(hooks->reg_table, (addr_t)entry, (addr_t)hook);
392 list_add(&(hook->hook_node), &(hooks->hook_list));
399 int v3_hook_full_mem(struct v3_vm_info * vm, uint16_t core_id,
400 addr_t guest_addr_start, addr_t guest_addr_end,
401 int (*read)(struct guest_info * core, addr_t guest_addr, void * dst, uint_t length, void * priv_data),
402 int (*write)(struct guest_info * core, addr_t guest_addr, void * src, uint_t length, void * priv_data),
405 struct v3_mem_region * entry = NULL;
406 struct mem_hook * hook = V3_Malloc(sizeof(struct mem_hook));
407 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
410 PrintError(vm, VCORE_NONE, "Cannot allocate in hooking memory for writing\n");
414 memset(hook, 0, sizeof(struct mem_hook));
418 hook->priv_data = priv_data;
420 entry = v3_create_mem_region(vm, core_id, guest_addr_start, guest_addr_end);
423 PrintError(vm, VCORE_NONE, "Cannot create memory region\n");
428 hook->region = entry;
430 entry->unhandled = handle_mem_hook;
431 entry->priv_data = hook;
433 if (v3_insert_mem_region(vm, entry)) {
434 PrintError(vm, VCORE_NONE, "Cannot insert memory region\n");
440 list_add(&(hook->hook_node), &(hooks->hook_list));
441 v3_htable_insert(hooks->reg_table, (addr_t)entry, (addr_t)hook);
448 int v3_hook_access_mem(struct v3_vm_info * vm, uint16_t core_id,
449 addr_t guest_addr_start, addr_t guest_addr_end,
450 int (*access)(struct guest_info * core,
453 struct v3_mem_region *reg,
454 pf_error_t access_info,
459 struct v3_mem_region * entry = NULL;
460 struct mem_hook * hook = V3_Malloc(sizeof(struct mem_hook));
461 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
464 PrintError(vm, VCORE_NONE,"Cannot allocate in hooking memory for access\n");
468 memset(hook, 0, sizeof(struct mem_hook));
470 hook->access = access;
471 hook->priv_data = priv_data;
473 entry = v3_create_mem_region(vm, core_id, guest_addr_start, guest_addr_end);
476 PrintError(vm, VCORE_NONE, "Cannot create memory region\n");
481 hook->region = entry;
483 entry->unhandled = handle_mem_hook;
484 entry->priv_data = hook;
486 if (v3_insert_mem_region(vm, entry)) {
487 PrintError(vm, VCORE_NONE, "Cannot insert memory region\n");
493 list_add(&(hook->hook_node), &(hooks->hook_list));
494 v3_htable_insert(hooks->reg_table, (addr_t)entry, (addr_t)hook);
500 static int free_hook(struct v3_vm_info * vm, struct mem_hook * hook) {
501 v3_delete_mem_region(vm, hook->region);
502 list_del(&(hook->hook_node));
510 // This will unhook the memory hook registered at start address
511 // We do not support unhooking subregions
512 int v3_unhook_mem(struct v3_vm_info * vm, uint16_t core_id, addr_t guest_addr_start) {
513 struct v3_mem_region * reg = v3_get_mem_region(vm, core_id, guest_addr_start);
514 struct v3_mem_hooks * hooks = &(vm->mem_hooks);
515 struct mem_hook * hook = NULL;
518 PrintError(vm, VCORE_NONE, "Could not find region at %p\n", (void *)guest_addr_start);
522 hook = reg->priv_data;
525 PrintError(vm, VCORE_NONE, "Trying to unhook region that is not a hook at %p\n", (void *)guest_addr_start);
532 v3_htable_remove(hooks->reg_table, (addr_t)reg, 0);
