CSAMAll.cpp revision 573ce26cc8c089b7b58aced264d1e9d8c5a5ff3e
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * CSAM - Guest OS Code Scanning and Analysis Manager - Any Context
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * Copyright (C) 2006-2007 Sun Microsystems, Inc.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * available from http://www.virtualbox.org. This file is free software;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * you can redistribute it and/or modify it under the terms of the GNU
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * General Public License (GPL) as published by the Free Software
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * Clara, CA 95054 USA or visit http://www.sun.com if you need
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * additional information or have any questions.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync/*******************************************************************************
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync* Header Files *
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync*******************************************************************************/
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Check if this page needs to be analysed by CSAM
223cf005b18af2c21352a70693ebaf0582f68ebcvboxsync * @returns VBox status code
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pvFault Fault address
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsyncCSAMDECL(int) CSAMExecFault(PVM pVM, RTRCPTR pvFault)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync LogFlow(("CSAMGCExecFault: for page %08X scanned=%d\n", pvFault, CSAMIsPageScanned(pVM, pvFault)));
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync // Already checked!
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync STAM_COUNTER_ADD(&pVM->csam.s.StatNrKnownPagesGC, 1);
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Check if this page was previously scanned by CSAM
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns true -> scanned, false -> not scanned
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pPage GC page address
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsyncCSAMDECL(bool) CSAMIsPageScanned(PVM pVM, RTRCPTR pPage)
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync bit = (page & X86_PAGE_4M_OFFSET_MASK) >> X86_PAGE_4K_SHIFT;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir] && ASMBitTest((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Mark a page as scanned/not scanned
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync * @note: we always mark it as scanned, even if we haven't completely done so
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync * @returns VBox status code.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pPage GC page address (not necessarily aligned)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param fScanned Mark as scanned or not scanned
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsyncCSAMDECL(int) CSAMMarkPage(PVM pVM, RTRCPTR pPage, bool fScanned)
8f7bc6ad2b7bbcb4b3b96248cd2478e45f2e3b88vboxsync bit = (page & X86_PAGE_4M_OFFSET_MASK) >> X86_PAGE_4K_SHIFT;
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync int rc = MMHyperAlloc(pVM, CSAM_PAGE_BITMAP_SIZE, 0, MM_TAG_CSAM, (void **)&pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir]);
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync pVM->csam.s.pPDHCBitmapGC[pgdir] = MMHyperGC2HC(pVM, (RCPTRTYPE(void*))pVM->csam.s.pPDBitmapGC[pgdir]);
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync Log(("MMHyperHC2GC failed for %VRv\n", pVM->csam.s.pPDBitmapGC[pgdir]));
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync pVM->csam.s.pPDGCBitmapHC[pgdir] = MMHyperHC2GC(pVM, pVM->csam.s.pPDBitmapHC[pgdir]);
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync Log(("MMHyperHC2GC failed for %VHv\n", pVM->csam.s.pPDBitmapHC[pgdir]));
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync ASMBitSet((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync ASMBitClear((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync * Check if this page needs to be analysed by CSAM.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * This function should only be called for supervisor pages and
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * only when CSAM is enabled. Leaving these selection criteria
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * to the caller simplifies the interface (PTE passing).
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Note the the page has not yet been synced, so the TLB trick
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * (which wasn't ever active anyway) cannot be applied.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns true if the page should be marked not present because
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * CSAM want need to scan it.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns false if the page was already scanned.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param GCPtr GC pointer of page
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsyncCSAMDECL(bool) CSAMDoesPageNeedScanning(PVM pVM, RTRCPTR GCPtr)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return false;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync /* Already checked! */
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync STAM_COUNTER_ADD(&CTXSUFF(pVM->csam.s.StatNrKnownPages), 1);
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return false;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync STAM_COUNTER_ADD(&CTXSUFF(pVM->csam.s.StatNrPageNP), 1);
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return true;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Remember a possible code page for later inspection
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns VBox status code.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param GCPtr GC pointer of page
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsyncCSAMDECL(void) CSAMMarkPossibleCodePage(PVM pVM, RTRCPTR GCPtr)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync if (pVM->csam.s.cPossibleCodePages < RT_ELEMENTS(pVM->csam.s.pvPossibleCodePage))
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync pVM->csam.s.pvPossibleCodePage[pVM->csam.s.cPossibleCodePages++] = (RTRCPTR)GCPtr;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Turn on code scanning
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns VBox status code.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Turn off code scanning
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns VBox status code.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * Check if we've scanned this instruction before. If true, then we can emulate
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * it instead of returning to ring 3.
aaeb2e2f6ed5b164f1dec9a16a7adeb84f64cf31vboxsync * Using a simple array here as there are generally few mov crx instructions and
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * tree lookup is likely to be more expensive. (as it would also have to be offset based)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @returns boolean
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param pVM The VM to operate on.
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync * @param GCPtr GC pointer of page table entry
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsyncCSAMDECL(bool) CSAMIsKnownDangerousInstr(PVM pVM, RTRCPTR GCPtr)
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync for (uint32_t i=0;i<pVM->csam.s.cDangerousInstr;i++)
50df3da42ff6589b0ecc4f50f2288811bc370186vboxsync if (pVM->csam.s.aDangerousInstr[i] == (RTRCPTR)GCPtr)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return true;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync /* Record that we're about to process it in ring 3. */
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync pVM->csam.s.aDangerousInstr[pVM->csam.s.iDangerousInstr++] = (RTRCPTR)GCPtr;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync pVM->csam.s.iDangerousInstr &= CSAM_MAX_DANGR_INSTR_MASK;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync if (++pVM->csam.s.cDangerousInstr > CSAM_MAX_DANGR_INSTR)
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync pVM->csam.s.cDangerousInstr = CSAM_MAX_DANGR_INSTR;
d408b82da0773c7e8cd4b3a01cb8a065a2c73a2dvboxsync return false;