/* demap.h * Paging lookup functions. * NetWatch system management mode administration console * * Copyright 2009, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. * * Neither the name of Google Inc. nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include #include #include #define REG_CS_ATTRIB_L (1<<9) #define PTE_PRESENT (1<<0) #define PTE_LARGE (1<<7) #define PTE_FOR(x) (((unsigned int)(x) >> 12) & 0x3FF) #define PDE_FOR(x) ((unsigned int)(x) >> 22) #define ADDR_12_MASK(x) ((unsigned int)(x) & ~((1 << 12) - 1)) /* Keep a memoized copy of the operating mode the CPU was in when we * entered SMM, so we don't have to look it up every time. */ static enum operating_mode mode; void reset_operating_mode_memo() { mode = UNKNOWN; } /* Check the saved state map to determine what mode we were in. */ void probe_operating_mode() { unsigned long cr0; if (state_get_type() == SMM_TYPE_64) { /* This is a 64-bit processor, so we may be in 64-bit * full or compatibility mode. Check if we are. */ uint64_t efer = state_get_reg(STATE_REG_EFER); if (efer & EFER_MSR_LMA) { /* We are in long mode. Is this full 64-bit, or * comatibility mode? Check the "L" bit of the * saved CS descriptor to be sure. */ if (state_get_reg(STATE_REG_CS_ATTRIB) & REG_CS_ATTRIB_L) { mode = LONG_64BIT; } else { mode = LONG_COMPAT; } return; } /* Otherwise, we are in legacy mode, so do the normal * 32-bit probes. */ } /* Either we are on a 32-bit processor, or we are on a 64-bit * processor in legacy mode. */ if (state_get_reg(STATE_REG_EFLAGS) & EFLAGS_VM) { mode = V8086; return; } cr0 = state_get_reg(STATE_REG_CR0); if (cr0 & CR0_PE) if (cr0 & CR0_PG) mode = PROTECTED_PAGING; else mode = PROTECTED_NOPAGING; else mode = REAL; } enum operating_mode get_operating_mode() { if (mode == UNKNOWN) probe_operating_mode(); return mode; } #define LONG_ADDR_MASK 0x000FFFFFFFFFF000 #define PAGE_1G_MASK 0x000FFFFFC0000000 #define PAGE_2M_MASK 0x000FFFFFFFE00000 #define LONG_ADDR_SECTION(addr, offset) ((((addr) >> (offset)) & 0x1FF) * 8) #define READ_PHYS_QWORD(pa) ({ uint64_t * p = p2v(pa); if (!p) return 0; *p; }) /* Given a virtual address from the current CPU context, determine what the * actual corresponding physical address would be, then convert that back * to a virtual address suitable for use within NetWatch. * * If the given address is not mapped in to RAM or is mapped to RAM which * cannot be accessed, returns null. * * XXX: This currently handles both long and 32-bit modes, but only knows * how to parse standard 4-kbyte pages. It assumes all segments span the full * 32-bit address space. Thus, it will return correct results for most * userspace environments in most sane OS kernels, but not necessarily kernel * space (likely to be mapped with large pages) or anything that plays tricks * with segmentation (like NaCl). */ uint64_t demap_phys (uint64_t vaddr) { uint64_t pa = state_get_reg(STATE_REG_CR3) & LONG_ADDR_MASK; uint64_t entry; if (mode == UNKNOWN) probe_operating_mode(); outputf("demapping %08x %08x m %d", (uint32_t)(vaddr>>32), (uint32_t)vaddr, mode); switch (mode) { case LONG_64BIT: case LONG_COMPAT: { /* Get PML4 entry */ entry = READ_PHYS_QWORD(pa + LONG_ADDR_SECTION(vaddr, 39)); if (!(entry & PTE_PRESENT)) return 0; pa = entry & LONG_ADDR_MASK; /* Get PDP entry */ entry = READ_PHYS_QWORD(pa + LONG_ADDR_SECTION(vaddr, 30)); if (!(entry & PTE_PRESENT)) return 0; pa = entry & LONG_ADDR_MASK; if (entry & PTE_LARGE) return (entry & PAGE_1G_MASK) + (vaddr & 0x3FFFFFFF); /* Get PDE */ entry = READ_PHYS_QWORD(pa + LONG_ADDR_SECTION(vaddr, 21)); if (!(entry & PTE_PRESENT)) return 0; pa = entry & LONG_ADDR_MASK; if (entry & PTE_LARGE) return (entry & PAGE_2M_MASK) + (vaddr & 0x1FFFFF); /* Get PTE */ entry = READ_PHYS_QWORD(pa + LONG_ADDR_SECTION(vaddr, 12)); if (!(entry & PTE_PRESENT)) return 0; pa = entry & LONG_ADDR_MASK; return pa + (vaddr & 0xFFF); } case PROTECTED_NOPAGING: case REAL: return vaddr; default: { unsigned long pde = ((unsigned long *)p2v(pa))[PDE_FOR(vaddr)]; unsigned long pte; if (!(pde & PTE_PRESENT)) return 0; pte = ((unsigned long *)p2v(ADDR_12_MASK(pde)))[PTE_FOR(vaddr)]; if (!(pte & PTE_PRESENT)) return 0; return (pte & ~0xFFF) + (vaddr & 0xFFF); } } } void *demap(uint64_t vaddr) { uint64_t paddr = demap_phys(vaddr); outputf("demap: paddr 0x%08x %08x", (uint32_t)(paddr>>32), (uint32_t)paddr); if (!paddr) return 0; return p2v(paddr); }