#include #include #include #include #include // This should package up an IO request and call vmm_handle_io int handle_svm_io_in(struct guest_info * info) { vmcb_ctrl_t * ctrl_area = GET_VMCB_CTRL_AREA((vmcb_t *)(info->vmm_data)); // vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data)); struct svm_io_info * io_info = (struct svm_io_info *)&(ctrl_area->exit_info1); vmm_io_hook_t * hook = get_io_hook(&(info->io_map), io_info->port); uint_t read_size = 0; if (hook == NULL) { PrintDebug("Hook Not present for in on port %x\n", io_info->port); // error, we should not have exited on this port return -1; } if (io_info->sz8) { read_size = 1; } else if (io_info->sz16) { read_size = 2; } else if (io_info->sz32) { read_size = 4; } PrintDebug("IN of %d bytes on port %d (0x%x)\n", read_size, io_info->port, io_info->port); if (hook->read(io_info->port, &(info->vm_regs.rax), read_size, hook->priv_data) != read_size) { // not sure how we handle errors..... PrintDebug("Read Failure for in on port %x\n", io_info->port); return -1; } info->rip = ctrl_area->exit_info2; return 0; } /* We might not handle wrap around of the RDI register correctly... * In that if we do wrap around the effect will manifest in the higher bits of the register */ int handle_svm_io_ins(struct guest_info * info) { vmcb_ctrl_t * ctrl_area = GET_VMCB_CTRL_AREA((vmcb_t *)(info->vmm_data)); vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data)); struct svm_io_info * io_info = (struct svm_io_info *)&(ctrl_area->exit_info1); vmm_io_hook_t * hook = get_io_hook(&(info->io_map), io_info->port); uint_t read_size = 0; addr_t dst_addr = 0; uint_t rep_num = 1; ullong_t mask = 0; // This is kind of hacky... // direction can equal either 1 or -1 // We will multiply the final added offset by this value to go the correct direction int direction = 1; struct rflags * flags = (struct rflags *)&(guest_state->rflags); if (flags->df) { direction = -1; } if (hook == NULL) { PrintDebug("Hook Not present for ins on port %x\n", io_info->port); // error, we should not have exited on this port return -1; } PrintDebug("INS on port %d (0x%x)\n", io_info->port, io_info->port); if (io_info->sz8) { read_size = 1; } else if (io_info->sz16) { read_size = 2; } else if (io_info->sz32) { read_size = 4; } else { PrintDebug("io_info Invalid Size\n"); return -1; } if (io_info->addr16) { mask = 0xffff; } else if (io_info->addr32) { mask = 0xffffffff; } else if (io_info->addr64) { mask = 0xffffffffffffffffLL; } else { // This value should be set depending on the host register size... mask = get_gpr_mask(info); PrintDebug("INS io_info invalid address size, assuming 32, io_info=0x%x\n",*((uint_t*)(io_info))); // PrintDebug("INS Aborted... Check implementation\n"); //return -1; } if (io_info->rep) { // rep_num = info->vm_regs.rcx & mask; rep_num = info->vm_regs.rcx; } PrintDebug("INS size=%d for %d steps\n", read_size, rep_num); while (rep_num > 0) { addr_t host_addr; dst_addr = get_addr_linear(info, info->vm_regs.rdi & mask, &(info->segments.es)); if (guest_va_to_host_va(info, dst_addr, &host_addr) == -1) { // either page fault or gpf... PrintDebug("Could not convert Guest VA to host VA\n"); return -1; } if (hook->read(io_info->port, (char*)host_addr, read_size, hook->priv_data) != read_size) { // not sure how we handle errors..... PrintDebug("Read Failure for ins on port %x\n", io_info->port); return -1; } info->vm_regs.rdi += read_size * direction; if (io_info->rep) info->vm_regs.rcx--; rep_num--; } info->rip = ctrl_area->exit_info2; return 0; } int handle_svm_io_out(struct guest_info * info) { vmcb_ctrl_t * ctrl_area = GET_VMCB_CTRL_AREA((vmcb_t *)(info->vmm_data)); // vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data)); struct svm_io_info * io_info = (struct svm_io_info *)&(ctrl_area->exit_info1); vmm_io_hook_t * hook = get_io_hook(&(info->io_map), io_info->port); uint_t write_size = 0; if (hook == NULL) { PrintDebug("Hook Not present for out on port %x\n", io_info->port); // error, we should not have exited on this port return -1; } if (io_info->sz8) { write_size = 1; } else if (io_info->sz16) { write_size = 2; } else if (io_info->sz32) { write_size = 4; } PrintDebug("OUT of %d bytes on port %d (0x%x)\n", write_size, io_info->port, io_info->port); if (hook->write(io_info->port, &(info->vm_regs.rax), write_size, hook->priv_data) != write_size) { // not sure how we handle errors..... PrintDebug("Write Failure for out on port %x\n", io_info->port); return -1; } info->rip = ctrl_area->exit_info2; return 0; } /* We might not handle wrap around of the RSI register correctly... * In that if we do wrap around the effect will manifest in the higher bits of the register */ int handle_svm_io_outs(struct guest_info * info) { vmcb_ctrl_t * ctrl_area = GET_VMCB_CTRL_AREA((vmcb_t *)(info->vmm_data)); vmcb_saved_state_t * guest_state = GET_VMCB_SAVE_STATE_AREA((vmcb_t*)(info->vmm_data)); struct svm_io_info * io_info = (struct svm_io_info *)&(ctrl_area->exit_info1); vmm_io_hook_t * hook = get_io_hook(&(info->io_map), io_info->port); uint_t write_size = 0; addr_t dst_addr = 0; uint_t rep_num = 1; ullong_t mask = 0; // This is kind of hacky... // direction can equal either 1 or -1 // We will multiply the final added offset by this value to go the correct direction int direction = 1; struct rflags * flags = (struct rflags *)&(guest_state->rflags); if (flags->df) { direction = -1; } if (hook == NULL) { PrintDebug("Hook Not present for outs on port %x\n", io_info->port); // error, we should not have exited on this port return -1; } PrintDebug("OUTS on port %d (0x%x)\n", io_info->port, io_info->port); if (io_info->sz8) { write_size = 1; } else if (io_info->sz16) { write_size = 2; } else if (io_info->sz32) { write_size = 4; } if (io_info->addr16) { mask = 0xffff; } else if (io_info->addr32) { mask = 0xffffffff; } else if (io_info->addr64) { mask = 0xffffffffffffffffLL; } else { // This value should be set depending on the host register size... mask = get_gpr_mask(info); PrintDebug("OUTS io_info invalid address size, assuming 32, io_info=0x%x\n",*((uint_t*)(io_info))); // PrintDebug("INS Aborted... Check implementation\n"); //return -1; // should never happen //PrintDebug("Invalid Address length\n"); //return -1; } if (io_info->rep) { rep_num = info->vm_regs.rcx & mask; } PrintDebug("OUTS size=%d for %d steps\n", write_size, rep_num); while (rep_num > 0) { addr_t host_addr; dst_addr = get_addr_linear(info, (info->vm_regs.rsi & mask), &(info->segments.ds)); if (guest_va_to_host_va(info, dst_addr, &host_addr) == -1) { // either page fault or gpf... } if (hook->write(io_info->port, (char*)host_addr, write_size, hook->priv_data) != write_size) { // not sure how we handle errors..... PrintDebug("Write Failure for outs on port %x\n", io_info->port); return -1; } info->vm_regs.rsi += write_size * direction; if (io_info->rep) info->vm_regs.rcx--; rep_num--; } info->rip = ctrl_area->exit_info2; return 0; }