CSAMAll.cpp revision db6deed75647a7da717a424ca0b9cd9f3829c418
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync/* $Id$ */
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync/** @file
5b281ba489ca18f0380d7efc7a5108b606cce449vboxsync * CSAM - Guest OS Code Scanning and Analysis Manager - Any Context
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync */
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync/*
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * Copyright (C) 2006-2007 Sun Microsystems, Inc.
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync *
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * available from http://www.virtualbox.org. This file is free software;
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * you can redistribute it and/or modify it under the terms of the GNU
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * General Public License (GPL) as published by the Free Software
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync *
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * Clara, CA 95054 USA or visit http://www.sun.com if you need
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * additional information or have any questions.
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync */
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync/*******************************************************************************
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync* Header Files *
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync*******************************************************************************/
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync#define LOG_GROUP LOG_GROUP_CSAM
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync#include <VBox/cpum.h>
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync#include <VBox/stam.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/patm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/csam.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/pgm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/mm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/sup.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/mm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/param.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <iprt/avl.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include "CSAMInternal.h"
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/vm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/dbg.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/err.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/log.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <iprt/assert.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/dis.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <VBox/disopcode.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <iprt/string.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync#include <iprt/asm.h>
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync/**
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * Check if this page needs to be analysed by CSAM
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync *
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * @returns VBox status code
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * @param pVM The VM to operate on.
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync * @param pvFault Fault address
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync */
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsyncVMMDECL(int) CSAMExecFault(PVM pVM, RTRCPTR pvFault)
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync{
f212e1f2b6bb160f9b7539562599a4604ca44cd2vboxsync if(!CSAMIsEnabled(pVM))
return VINF_SUCCESS;
LogFlow(("CSAMGCExecFault: for page %08X scanned=%d\n", pvFault, CSAMIsPageScanned(pVM, pvFault)));
if(CSAMIsPageScanned(pVM, pvFault))
{
// Already checked!
STAM_COUNTER_ADD(&pVM->csam.s.StatNrKnownPagesGC, 1);
return VINF_SUCCESS;
}
STAM_COUNTER_ADD(&pVM->csam.s.StatNrTraps, 1);
VM_FF_SET(pVM, VM_FF_CSAM_SCAN_PAGE);
return VINF_CSAM_PENDING_ACTION;
}
/**
* Check if this page was previously scanned by CSAM
*
* @returns true -> scanned, false -> not scanned
* @param pVM The VM to operate on.
* @param pPage GC page address
*/
VMMDECL(bool) CSAMIsPageScanned(PVM pVM, RTRCPTR pPage)
{
int pgdir, bit;
uintptr_t page;
page = (uintptr_t)pPage;
pgdir = page >> X86_PAGE_4M_SHIFT;
bit = (page & X86_PAGE_4M_OFFSET_MASK) >> X86_PAGE_4K_SHIFT;
Assert(pgdir < CSAM_PGDIRBMP_CHUNKS);
Assert(bit < PAGE_SIZE);
return pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir] && ASMBitTest((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
}
/**
* Mark a page as scanned/not scanned
*
* @note: we always mark it as scanned, even if we haven't completely done so
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param pPage GC page address (not necessarily aligned)
* @param fScanned Mark as scanned or not scanned
*
*/
VMMDECL(int) CSAMMarkPage(PVM pVM, RTRCPTR pPage, bool fScanned)
{
int pgdir, bit;
uintptr_t page;
#ifdef LOG_ENABLED
if (fScanned && !CSAMIsPageScanned(pVM, pPage))
Log(("CSAMMarkPage %RRv\n", pPage));
#endif
if(!CSAMIsEnabled(pVM))
return VINF_SUCCESS;
page = (uintptr_t)pPage;
pgdir = page >> X86_PAGE_4M_SHIFT;
bit = (page & X86_PAGE_4M_OFFSET_MASK) >> X86_PAGE_4K_SHIFT;
Assert(pgdir < CSAM_PGDIRBMP_CHUNKS);
Assert(bit < PAGE_SIZE);
if(!CTXSUFF(pVM->csam.s.pPDBitmap)[pgdir])
{
STAM_COUNTER_INC(&pVM->csam.s.StatBitmapAlloc);
int rc = MMHyperAlloc(pVM, CSAM_PAGE_BITMAP_SIZE, 0, MM_TAG_CSAM, (void **)&pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir]);
if (RT_FAILURE(rc))
{
Log(("MMR3HyperAlloc failed with %d\n", rc));
return rc;
}
#ifdef IN_GC
pVM->csam.s.pPDHCBitmapGC[pgdir] = MMHyperRCToR3(pVM, (RCPTRTYPE(void*))pVM->csam.s.pPDBitmapGC[pgdir]);
if (!pVM->csam.s.pPDHCBitmapGC[pgdir])
{
Log(("MMHyperHC2GC failed for %RRv\n", pVM->csam.s.pPDBitmapGC[pgdir]));
return rc;
}
#else
pVM->csam.s.pPDGCBitmapHC[pgdir] = MMHyperR3ToRC(pVM, pVM->csam.s.pPDBitmapHC[pgdir]);
if (!pVM->csam.s.pPDGCBitmapHC[pgdir])
{
Log(("MMHyperHC2GC failed for %RHv\n", pVM->csam.s.pPDBitmapHC[pgdir]));
return rc;
}
#endif
}
if(fScanned)
ASMBitSet((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
else
ASMBitClear((void *)pVM->csam.s.CTXSUFF(pPDBitmap)[pgdir], bit);
return VINF_SUCCESS;
}
/**
* Check if this page needs to be analysed by CSAM.
*
* This function should only be called for supervisor pages and
* only when CSAM is enabled. Leaving these selection criteria
* to the caller simplifies the interface (PTE passing).
*
* Note the the page has not yet been synced, so the TLB trick
* (which wasn't ever active anyway) cannot be applied.
*
* @returns true if the page should be marked not present because
* CSAM want need to scan it.
* @returns false if the page was already scanned.
* @param pVM The VM to operate on.
* @param GCPtr GC pointer of page
*/
VMMDECL(bool) CSAMDoesPageNeedScanning(PVM pVM, RTRCPTR GCPtr)
{
if(!CSAMIsEnabled(pVM))
return false;
if(CSAMIsPageScanned(pVM, GCPtr))
{
/* Already checked! */
STAM_COUNTER_ADD(&CTXSUFF(pVM->csam.s.StatNrKnownPages), 1);
return false;
}
STAM_COUNTER_ADD(&CTXSUFF(pVM->csam.s.StatNrPageNP), 1);
return true;
}
/**
* Remember a possible code page for later inspection
*
* @returns VBox status code.
* @param pVM The VM to operate on.
* @param GCPtr GC pointer of page
*/
VMMDECL(void) CSAMMarkPossibleCodePage(PVM pVM, RTRCPTR GCPtr)
{
if (pVM->csam.s.cPossibleCodePages < RT_ELEMENTS(pVM->csam.s.pvPossibleCodePage))
{
pVM->csam.s.pvPossibleCodePage[pVM->csam.s.cPossibleCodePages++] = (RTRCPTR)GCPtr;
VM_FF_SET(pVM, VM_FF_CSAM_PENDING_ACTION);
}
return;
}
/**
* Turn on code scanning
*
* @returns VBox status code.
* @param pVM The VM to operate on.
*/
VMMDECL(int) CSAMEnableScanning(PVM pVM)
{
pVM->fCSAMEnabled = true;
return VINF_SUCCESS;
}
/**
* Turn off code scanning
*
* @returns VBox status code.
* @param pVM The VM to operate on.
*/
VMMDECL(int) CSAMDisableScanning(PVM pVM)
{
pVM->fCSAMEnabled = false;
return VINF_SUCCESS;
}
/**
* Check if we've scanned this instruction before. If true, then we can emulate
* it instead of returning to ring 3.
*
* Using a simple array here as there are generally few mov crx instructions and
* tree lookup is likely to be more expensive. (as it would also have to be offset based)
*
* @returns boolean
* @param pVM The VM to operate on.
* @param GCPtr GC pointer of page table entry
*/
VMMDECL(bool) CSAMIsKnownDangerousInstr(PVM pVM, RTRCPTR GCPtr)
{
for (uint32_t i=0;i<pVM->csam.s.cDangerousInstr;i++)
{
if (pVM->csam.s.aDangerousInstr[i] == (RTRCPTR)GCPtr)
{
STAM_COUNTER_INC(&pVM->csam.s.StatInstrCacheHit);
return true;
}
}
/* Record that we're about to process it in ring 3. */
pVM->csam.s.aDangerousInstr[pVM->csam.s.iDangerousInstr++] = (RTRCPTR)GCPtr;
pVM->csam.s.iDangerousInstr &= CSAM_MAX_DANGR_INSTR_MASK;
if (++pVM->csam.s.cDangerousInstr > CSAM_MAX_DANGR_INSTR)
pVM->csam.s.cDangerousInstr = CSAM_MAX_DANGR_INSTR;
STAM_COUNTER_INC(&pVM->csam.s.StatInstrCacheMiss);
return false;
}