unsigned int abstraction_cpu_count()
{
unsigned int
active_processor_count;
active_processor_count = KeQueryActiveProcessorCount( NULL );
return( active_processor_count );
}
NTSTATUS
DriverEntry(
PDRIVER_OBJECT pDriverObject,
PUNICODE_STRING pRegistryPath
)
{
ULONG sum_cpu;
KAFFINITY ActiveProcessors, t;
ULONG_PTR guest_rsp;
ULONG_PTR guest_rip;
ULONG i = 0;
KdPrint(("\n[HyperVisor] DriverEntry~\n"));
if (!__Support_VMX())
{
KdPrint(("[HyperVisor] No Support VMX!\n"));
return STATUS_UNSUCCESSFUL;
}
sum_cpu = KeQueryActiveProcessorCount(&ActiveProcessors); // KeQueryActiveProcessorCount >= vista
while (sum_cpu--)
{
#define MAX_PROCID (sizeof(ULONG) << 3)
for ( ; i < MAX_PROCID; i++ )
{
t = ActiveProcessors & (1i64<<i);
if (t)
{
KeSetSystemAffinityThreadEx(t); // KeSetSystemAffinityThreadEx >= vista
GetGuestState();
get_guest_exit(&guest_rsp, &guest_rip); // 获取VmcsInit的下一条指令
VmcsInit(guest_rsp, guest_rip);
i++;
break;
}
}
}
return STATUS_SUCCESS;
}
// Locks all other processors and returns exclusivity pointer. This function
// should never be called before the last exclusivity is released.
_Use_decl_annotations_ EXTERN_C
void *ExclGainExclusivity()
{
NT_ASSERT(InterlockedAdd(&g_ExclpNumberOfLockedProcessors, 0) == 0);
_InterlockedAnd(&g_ExclpReleaseAllProcessors, 0);
const auto numberOfProcessors = KeQueryActiveProcessorCount(nullptr);
// Allocates DPCs for all processors.
auto context = reinterpret_cast<ExclusivityContext *>(ExAllocatePoolWithTag(
NonPagedPoolNx, sizeof(void *) + (numberOfProcessors * sizeof(KDPC)),
EXCLP_POOL_TAG));
if (!context)
{
return nullptr;
}
// Execute a lock DPC for all processors but this.
context->OldIrql = KeRaiseIrqlToDpcLevel();
const auto currentCpu = KeGetCurrentProcessorNumber();
for (auto i = 0ul; i < numberOfProcessors; i++)
{
if (i == currentCpu)
{
continue;
}
// Queue a lock DPC.
KeInitializeDpc(&context->Dpcs[i], ExclpRaiseIrqlAndWaitDpc, nullptr);
KeSetTargetProcessorDpc(&context->Dpcs[i], static_cast<CCHAR>(i));
KeInsertQueueDpc(&context->Dpcs[i], nullptr, nullptr);
}
// Wait until all other processors were halted.
const auto needToBeLocked = numberOfProcessors - 1;
while (_InterlockedCompareExchange(&g_ExclpNumberOfLockedProcessors,
needToBeLocked, needToBeLocked) !=
static_cast<LONG>(needToBeLocked))
{
KeStallExecutionProcessor(10);
}
return context;
}
NTSTATUS
DriverDeviceControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS Status = STATUS_UNSUCCESSFUL;
PIO_STACK_LOCATION IrpSp;
ULONG IOControlCode = 0;
ULONG dwBytesWritten = 0;
PCHAR pInBuf = NULL, pOutBuf = NULL;
unsigned int _cpu_thread_id = 0;
unsigned int new_cpu_thread_id = 0;
ULONG _num_active_cpus = 0;
KAFFINITY _kaffinity = 0;
UINT32 core_id = 0;
//
// Get the current IRP stack location of this request
//
IrpSp = IoGetCurrentIrpStackLocation (Irp);
IOControlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode;
DbgPrint( "[chipsec] >>>>>>>>>> IOCTL >>>>>>>>>>\n" );
DbgPrint( "[chipsec] DeviceObject = 0x%x IOCTL = 0x%x\n", DeviceObject, IOControlCode );
DbgPrint( "[chipsec] InputBufferLength = 0x%x, OutputBufferLength = 0x%x\n", IrpSp->Parameters.DeviceIoControl.InputBufferLength, IrpSp->Parameters.DeviceIoControl.OutputBufferLength );
//
// CPU thread ID
//
_num_active_cpus = KeQueryActiveProcessorCount( NULL );
_kaffinity = KeQueryActiveProcessors();
_cpu_thread_id = KeGetCurrentProcessorNumber();
DbgPrint( "[chipsec] Active CPU threads : %d (KeNumberProcessors = %d)\n", _num_active_cpus, KeNumberProcessors );
DbgPrint( "[chipsec] Active CPU mask (KAFFINITY): 0x%08X\n", _kaffinity );
DbgPrint( "[chipsec] Current CPU thread : %d\n", _cpu_thread_id );
//
// Switch on the IOCTL code that is being requested by the user. If the
// operation is a valid one for this device do the needful.
//
Irp -> IoStatus.Information = 0;
switch( IOControlCode )
{
case READ_PCI_CFG_REGISTER:
{
DWORD val;
BYTE size = 0;
WORD bdf[4];
BYTE bus = 0, dev = 0, fun = 0, off = 0;
DbgPrint( "[chipsec] > READ_PCI_CFG_REGISTER\n" );
RtlCopyBytes( bdf,Irp->AssociatedIrp.SystemBuffer, 4*sizeof(WORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 4*sizeof(WORD), sizeof(BYTE) );
bus = (UINT8)bdf[0];
dev = (UINT8)bdf[1];
fun = (UINT8)bdf[2];
off = (UINT8)bdf[3];
if( 1 != size && 2 != size && 4 != size)
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
val = ReadPCICfg( bus, dev, fun, off, size );
IrpSp->Parameters.Read.Length = size;
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&val, size );
DbgPrint( "[chipsec][READ_PCI_CFG_REGISTER] B/D/F: %#04x/%#04x/%#04x, OFFSET: %#04x, value = %#010x (size = 0x%x)\n", bus, dev, fun, off, val, size );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case WRITE_PCI_CFG_REGISTER:
{
DWORD val = 0;
WORD bdf[6];
BYTE bus = 0, dev = 0, fun = 0, off = 0;
BYTE size = 0;
DbgPrint( "[chipsec] > WRITE_PCI_CFG_REGISTER\n" );
RtlCopyBytes( bdf, Irp->AssociatedIrp.SystemBuffer, 6 * sizeof(WORD) );
bus = (UINT8)bdf[0];
dev = (UINT8)bdf[1];
fun = (UINT8)bdf[2];
off = (UINT8)bdf[3];
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 6*sizeof(WORD), sizeof(BYTE) );
val = ((DWORD)bdf[5] << 16) | bdf[4];
DbgPrint( "[chipsec][WRITE_PCI_CFG_REGISTER] B/D/F: %#02x/%#02x/%#02x, OFFSET: %#02x, value = %#010x (size = %#02x)\n", bus, dev, fun, off, val, size );
WritePCICfg( bus, dev, fun, off, size, val );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_READ_PHYSMEM:
{
UINT32 len = 0;
PVOID virt_addr;
PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 };
DbgPrint( "[chipsec] > IOCTL_READ_PHYSMEM\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32))
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
phys_addr.HighPart = ((UINT32*)pInBuf)[0];
phys_addr.LowPart = ((UINT32*)pInBuf)[1];
len = ((UINT32*)pInBuf)[2];
if( !len ) len = 4;
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < len )
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
__try
{
Status = _read_phys_mem( phys_addr, len, pOutBuf );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: exception code 0x%X\n", Status );
break;
}
if( NT_SUCCESS(Status) )
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] Contents:\n" );
_dump_buffer( (unsigned char *)pOutBuf, min(len,0x100) );
dwBytesWritten = len;
}
break;
}
case IOCTL_WRITE_PHYSMEM:
{
UINT32 len = 0;
PVOID virt_addr = 0;
PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 };
DbgPrint( "[chipsec] > IOCTL_WRITE_PHYSMEM\n" );
if( Irp->AssociatedIrp.SystemBuffer )
{
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
phys_addr.HighPart = ((UINT32*)pInBuf)[0];
phys_addr.LowPart = ((UINT32*)pInBuf)[1];
len = ((UINT32*)pInBuf)[2];
((UINT32*)pInBuf) += 3;
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < len + 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] Writing contents:\n" );
_dump_buffer( (unsigned char *)pInBuf, min(len,0x100) );
__try
{
Status = _write_phys_mem( phys_addr, len, pInBuf );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: exception code 0x%X\n", Status );
break;
}
break;
}
}
case IOCTL_ALLOC_PHYSMEM:
{
SIZE_T NumberOfBytes = 0;
PVOID va = 0;
PHYSICAL_ADDRESS HighestAcceptableAddress = { 0xFFFFFFFF, 0xFFFFFFFF };
DbgPrint( "[chipsec] > IOCTL_ALLOC_PHYSMEM\n" );
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf || IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT64) + sizeof(UINT32))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &HighestAcceptableAddress.QuadPart, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
RtlCopyBytes( &NumberOfBytes, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT64), sizeof(UINT32) );
DbgPrint( "[chipsec] Allocating: NumberOfBytes = 0x%X, PhysAddr = 0x%I64x", NumberOfBytes, HighestAcceptableAddress.QuadPart );
va = MmAllocateContiguousMemory( NumberOfBytes, HighestAcceptableAddress );
if( !va )
{
DbgPrint( "[chipsec] ERROR: STATUS_UNSUCCESSFUL - could not allocate memory\n" );
Status = STATUS_UNSUCCESSFUL;
}
else if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < 2*sizeof(UINT64) )
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2*UINT64\n" );
Status = STATUS_BUFFER_TOO_SMALL;
}
else
{
PHYSICAL_ADDRESS pa = MmGetPhysicalAddress( va );
DbgPrint( "[chipsec] Allocated Buffer: VirtAddr = 0x%I64x, PhysAddr = 0x%I64x\n", (UINT64)va, pa.QuadPart );
((UINT64*)pOutBuf)[0] = (UINT64)va;
((UINT64*)pOutBuf)[1] = pa.QuadPart;
IrpSp->Parameters.Read.Length = 2*sizeof(UINT64);
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
}
break;
}
case IOCTL_FREE_PHYSMEM:
{
UINT64 va = 0x0;
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_FREE_PHYSMEM\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
DbgPrint( "[chipsec][IOCTL_FREE_PHYSMEM] Virtual address of the memory being freed: 0x%I64X\n", va );
MmFreeContiguousMemory( (PVOID)va );
IrpSp->Parameters.Read.Length = 0;
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_GET_PHYSADDR:
{
UINT64 va = 0x0;
PHYSICAL_ADDRESS pa = { 0x0, 0x0 };
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_GET_PHYSADDR\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
pa = MmGetPhysicalAddress( (PVOID)va );
DbgPrint( "[chipsec][IOCTL_GET_PHYSADDR] Traslated virtual address 0x%I64X to physical: 0x%I64X\n", va, pa.QuadPart, pa.LowPart);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&pa, sizeof(UINT64) );
IrpSp->Parameters.Read.Length = sizeof(UINT64);
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_MAP_IO_SPACE:
{
PVOID va = 0x0;
PHYSICAL_ADDRESS pa = { 0x0, 0x0 };
unsigned int len = 0;
unsigned int cache_type = 0;
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_MAP_IO_SPACE\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != 3*8)
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( &pa, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x00, 0x8 );
RtlCopyBytes( &len, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x08, 0x4 );
RtlCopyBytes( &cache_type, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x10, 0x4 );
va = MmMapIoSpace(pa, len, cache_type);
DbgPrint( "[chipsec][IOCTL_MAP_IO_SPACE] Mapping physical address 0x%016llX to virtual 0x%016llX\n", pa, va);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&va, sizeof(va) );
IrpSp->Parameters.Read.Length = sizeof(va);
dwBytesWritten = sizeof(va);
Status = STATUS_SUCCESS;
break;
}
case IOCTL_LOAD_UCODE_PATCH:
{
PVOID ucode_buf = NULL;
UINT64 ucode_start = 0;
UINT16 ucode_size = 0;
UINT32 _eax = 0, _edx = 0;
int CPUInfo[4] = {-1};
DbgPrint("[chipsec] > IOCTL_LOAD_UCODE_UPDATE\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT16) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < 3)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( &ucode_size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT16) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Ucode update size = 0x%X\n", ucode_size );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < ucode_size + sizeof(BYTE) + sizeof(UINT16) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < ucode_size + 3)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
ucode_buf = ExAllocatePoolWithTag( NonPagedPool, ucode_size, 0x3184 );
if( !ucode_buf )
{
DbgPrint( "[chipsec] ERROR: couldn't allocate pool for ucode binary\n" );
break;
}
RtlCopyBytes( ucode_buf, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE) + sizeof(UINT16), ucode_size );
ucode_start = (UINT64)ucode_buf;
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update address = 0x%p (eax = 0x%08X, edx = 0x%08X)\n", ucode_start, (UINT32)(ucode_start & 0xFFFFFFFF), (UINT32)((ucode_start >> 32) & 0xFFFFFFFF) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update contents:\n" );
_dump_buffer( (unsigned char *)ucode_buf, min(ucode_size,0x100) );
// --
// -- trigger CPU ucode patch update
// -- pInBuf points to the beginning of ucode update binary
// --
_wrmsr( MSR_IA32_BIOS_UPDT_TRIG, (UINT32)((ucode_start >> 32) & 0xFFFFFFFF), (UINT32)(ucode_start & 0xFFFFFFFF) );
ExFreePoolWithTag( ucode_buf, 0x3184 );
// --
// -- check if patch was loaded
// --
// -- need to clear IA32_BIOS_SIGN_ID MSR first
// -- CPUID will deposit an update ID value in 64-bit MSR at address MSR_IA32_BIOS_SIGN_ID
// -- read IA32_BIOS_SIGN_ID MSR to check patch ID != 0
// --
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] checking ucode update was loaded..\n" );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] clear IA32_BIOS_SIGN_ID, CPUID EAX=1, read back IA32_BIOS_SIGN_ID\n" );
_wrmsr( MSR_IA32_BIOS_SIGN_ID, 0, 0 );
__cpuid(CPUInfo, 1);
_rdmsr( MSR_IA32_BIOS_SIGN_ID, &_eax, &_edx );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] RDMSR( IA32_BIOS_SIGN_ID=0x8b ) = 0x%08x%08x\n", _edx, _eax );
if( 0 != _edx ) DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Microcode update loaded (ID != 0)\n" );
else DbgPrint( "[chipsec] ERROR: Microcode update failed\n" );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_WRMSR:
{
UINT32 msrData[3];
UINT32 _eax = 0, _edx = 0;
unsigned int _msr_addr;
DbgPrint("[chipsec] > IOCTL_WRMSR\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(BYTE) + 3*sizeof(UINT32))\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_WRMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), 3 * sizeof(UINT32) );
_msr_addr = msrData[0];
_eax = msrData[1];
_edx = msrData[2];
DbgPrint( "[chipsec][IOCTL_WRMSR] WRMSR( 0x%x ) <-- 0x%08x%08x\n", _msr_addr, _edx, _eax );
// --
// -- write MSR
// --
__try
{
_wrmsr( _msr_addr, _edx, _eax );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: exception code 0x%X\n", Status );
break;
}
// --
// -- read MSR to check if it was written
// --
// _rdmsr( _msr_addr, &_eax, &_edx );
// DbgPrint( "[chipsec][IOCTL_WRMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_RDMSR:
{
UINT32 msrData[1];
UINT32 _eax = 0;
UINT32 _edx = 0;
UINT32 _msr_addr = 0;
DbgPrint("[chipsec] > IOCTL_RDMSR\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: No input provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT32) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER - input buffer size < sizeof(BYTE) + sizeof(UINT32)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_RDMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT32) );
_msr_addr = msrData[0];
__try
{
_rdmsr( _msr_addr, &_eax, &_edx );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_RDMSR] ERROR: exception code 0x%X\n", Status );
break;
}
DbgPrint( "[chipsec][IOCTL_RDMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax );
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= 2*sizeof(UINT32) )
{
IrpSp->Parameters.Read.Length = 2*sizeof(UINT32);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&_eax, sizeof(UINT32) );
RtlCopyBytes( ((UINT8*)Irp->AssociatedIrp.SystemBuffer) + sizeof(UINT32), (VOID*)&_edx, sizeof(UINT32) );
dwBytesWritten = 2*sizeof(UINT32);
Status = STATUS_SUCCESS;
}
else
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2 UINT32\n" );
Status = STATUS_BUFFER_TOO_SMALL;
}
break;
}
case READ_IO_PORT:
{
DWORD value;
BYTE size = 0;
WORD io_port;
DbgPrint( "[chipsec] > READ_IO_PORT\n" );
RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(BYTE) );
if( 1 != size && 2 != size && 4 != size)
{
DbgPrint( "[chipsec][READ_IO_PORT] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
__try
{
value = ReadIOPort( io_port, size );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][READ_IO_PORT] ERROR: exception code 0x%X\n", Status );
break;
}
IrpSp->Parameters.Read.Length = size;
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&value, size );
DbgPrint( "[chipsec][READ_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case WRITE_IO_PORT:
{
DWORD value = 0;
WORD io_port = 0;
BYTE size = 0;
DbgPrint( "[chipsec] > WRITE_IO_PORT\n" );
RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) );
RtlCopyBytes( &value, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(DWORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD) + sizeof(DWORD), sizeof(BYTE) );
DbgPrint( "[chipsec][WRITE_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size );
__try
{
WriteIOPort( value, io_port, size );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][WRITE_IO_PORT] ERROR: exception code 0x%X\n", Status );
break;
}
Status = STATUS_SUCCESS;
break;
}
case GET_CPU_DESCRIPTOR_TABLE:
{
BYTE dt_code = 0;
DESCRIPTOR_TABLE_RECORD dtr;
PDESCRIPTOR_TABLE_RECORD pdtr = &dtr;
PHYSICAL_ADDRESS dt_pa;
DbgPrint( "[chipsec] > GET_CPU_DESCRIPTOR_TABLE\n" );
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( &dt_code, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(BYTE) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table: %x\n", dt_code );
switch( dt_code )
{
case CPU_DT_CODE_GDTR: { _store_gdtr( (void*)pdtr ); break; }
case CPU_DT_CODE_LDTR: { _store_ldtr( (void*)pdtr ); break; }
case CPU_DT_CODE_IDTR:
default: { _store_idtr( (void*)pdtr ); break; }
}
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table register contents:\n" );
_dump_buffer( (unsigned char *)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] IDTR: Limit = 0x%04x, Base = 0x%I64x\n", dtr.limit, dtr.base );
dt_pa = MmGetPhysicalAddress( (PVOID)dtr.base );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table PA: 0x%I64X (0x%08X_%08X)\n", dt_pa.QuadPart, dt_pa.HighPart, dt_pa.LowPart );
IrpSp->Parameters.Read.Length = sizeof(DESCRIPTOR_TABLE_RECORD) + sizeof(dt_pa.QuadPart);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) );
RtlCopyBytes( (UINT8*)Irp->AssociatedIrp.SystemBuffer + sizeof(DESCRIPTOR_TABLE_RECORD), (VOID*)&dt_pa.QuadPart, sizeof(dt_pa.QuadPart) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_SWSMI:
{
CPU_REG_TYPE gprs[6] = {0};
CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0;
unsigned int _smi_code_data = 0;
DbgPrint("[chipsec] > IOCTL_SWSMI\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT16) + sizeof(gprs) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(UINT16) + sizeof(gprs))\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &_smi_code_data, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT16) );
RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT16), sizeof(gprs) );
_rax = gprs[ 0 ];
_rbx = gprs[ 1 ];
_rcx = gprs[ 2 ];
_rdx = gprs[ 3 ];
_rsi = gprs[ 4 ];
_rdi = gprs[ 5 ];
DbgPrint( "[chipsec][IOCTL_SWSMI] SW SMI to ports 0x%X-0x%X <- 0x%04X\n", 0xB2, 0xB3, _smi_code_data );
DbgPrint( " RAX = 0x%I64x\n", _rax );
DbgPrint( " RBX = 0x%I64x\n", _rbx );
DbgPrint( " RCX = 0x%I64x\n", _rcx );
DbgPrint( " RDX = 0x%I64x\n", _rdx );
DbgPrint( " RSI = 0x%I64x\n", _rsi );
DbgPrint( " RDI = 0x%I64x\n", _rdi );
// --
// -- send SMI using port 0xB2
// --
__try
{
_swsmi( _smi_code_data, _rax, _rbx, _rcx, _rdx, _rsi, _rdi );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
break;
}
Status = STATUS_SUCCESS;
break;
}
case IOCTL_CPUID:
{
DWORD CPUInfo[4] = {-1};
DWORD gprs[2] = {0};
DWORD _rax = 0, _rcx = 0;
//CPU_REG_TYPE gprs[6];
//CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0;
DbgPrint("[chipsec] > IOCTL_CPUID\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(gprs) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < %d)\n", sizeof(gprs) );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(gprs) );
_rax = gprs[ 0 ];
_rcx = gprs[ 1 ];
DbgPrint( "[chipsec][IOCTL_CPUID] CPUID:\n" );
DbgPrint( " EAX = 0x%08X\n", _rax );
DbgPrint( " ECX = 0x%08X\n", _rcx );
__cpuidex( CPUInfo, _rax, _rcx );
DbgPrint( "[chipsec][IOCTL_CPUID] CPUID returned:\n" );
DbgPrint( " EAX = 0x%08X\n", CPUInfo[0] );
DbgPrint( " EBX = 0x%08X\n", CPUInfo[1] );
DbgPrint( " ECX = 0x%08X\n", CPUInfo[2] );
DbgPrint( " EDX = 0x%08X\n", CPUInfo[3] );
IrpSp->Parameters.Read.Length = sizeof(CPUInfo);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)CPUInfo, sizeof(CPUInfo) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_WRCR:
{
UINT64 val64 = 0;
CPU_REG_TYPE value = 0;
WORD cr_reg = 0;
DbgPrint( "[chipsec] > WRITE_CR\n" );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg) + sizeof(val64) + sizeof(BYTE)))
{
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) );
RtlCopyBytes( &val64, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg), sizeof(val64) );
new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg) + sizeof(val64));
if( new_cpu_thread_id >= _num_active_cpus )
{
// new_cpu_thread_id = 0;
Status = STATUS_INVALID_PARAMETER;
break;
}
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
value = (CPU_REG_TYPE)val64;
DbgPrint( "[chipsec][WRITE_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value );
switch (cr_reg) {
case 0: WriteCR0(value);
Status = STATUS_SUCCESS;
break;
case 2: WriteCR2(value);
Status = STATUS_SUCCESS;
break;
case 3: WriteCR3(value);
Status = STATUS_SUCCESS;
break;
case 4: WriteCR4(value);
Status = STATUS_SUCCESS;
break;
case 8:
#if defined(_M_AMD64)
WriteCR8(value);
Status = STATUS_SUCCESS;
break;
#endif
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
if( !NT_SUCCESS(Status) ) {
break;
}
dwBytesWritten = 0;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_RDCR:
{
UINT64 val64 = 0;
CPU_REG_TYPE value = 0;
WORD cr_reg = 0;
DbgPrint( "[chipsec] > READ_CR\n" );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg)+sizeof(BYTE))
|| IrpSp->Parameters.DeviceIoControl.OutputBufferLength < (sizeof(val64))
)
{
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) );
new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg));
if( new_cpu_thread_id >= _num_active_cpus )
{
// new_cpu_thread_id = 0;
Status = STATUS_INVALID_PARAMETER;
break;
}
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
switch (cr_reg) {
case 0: value = ReadCR0();
Status = STATUS_SUCCESS;
break;
case 2: value = ReadCR2();
Status = STATUS_SUCCESS;
break;
case 3: value = ReadCR3();
Status = STATUS_SUCCESS;
break;
case 4: value = ReadCR4();
Status = STATUS_SUCCESS;
break;
case 8:
#if defined(_M_AMD64)
value = ReadCR8();
Status = STATUS_SUCCESS;
break;
#endif
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
if( !NT_SUCCESS(Status) ) {
break;
}
val64 = value;
RtlCopyBytes( (BYTE*)Irp->AssociatedIrp.SystemBuffer, &val64, sizeof(val64) );
dwBytesWritten = sizeof(val64);
DbgPrint( "[chipsec][READ_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_HYPERCALL:
{
CPU_REG_TYPE regs[11] = {0};
CPU_REG_TYPE result = 0;
DbgPrint("[chipsec] > IOCTL_HYPERCALL\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(regs))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(result))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( regs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(regs) );
DbgPrint( "[chipsec][IOCTL_HYPERCALL] HYPERCALL:\n" );
#if defined(_M_AMD64)
DbgPrint( " RCX = 0x%016llX RDX = 0x%016llX\n", regs[0], regs[1] );
DbgPrint( " R8 = 0x%016llX R9 = 0x%016llX\n", regs[2], regs[3] );
DbgPrint( " R10 = 0x%016llX R11 = 0x%016llX\n", regs[4], regs[5] );
DbgPrint( " RAX = 0x%016llX RBX = 0x%016llX\n", regs[6], regs[7] );
DbgPrint( " RDI = 0x%016llX RSI = 0x%016llX\n", regs[8], regs[9] );
#endif
#if defined(_M_IX86)
DbgPrint( " EAX = 0x%08X EBX = 0x%08X ECX = 0x%08X\n", regs[6], regs[7], regs[0] );
DbgPrint( " EDX = 0x%08X ESI = 0x%08X EDI = 0x%08X\n", regs[1], regs[8], regs[9] );
#endif
DbgPrint( " XMM0-XMM5 buffer VA = 0x%016llX\n", regs[9] );
__try
{
result = hypercall(regs[0], regs[1], regs[2], regs[3], regs[4], regs[5], regs[6], regs[7], regs[8], regs[9], regs[10], &hypercall_page);
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_HYPERCALL] ERROR: exception code 0x%X\n", Status );
break;
}
DbgPrint( "[chipsec][IOCTL_HYPERCALL] returned: 0x%016llX\n", result);
IrpSp->Parameters.Read.Length = sizeof(result);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&result, sizeof(result) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
default:
DbgPrint( "[chipsec] ERROR: invalid IOCTL\n");
Status = STATUS_NOT_IMPLEMENTED;
break;
} // -- switch
CProcessorWalker()
{
m_cpuCount = (BYTE)KeQueryActiveProcessorCount(&m_cpu);
}
NTSTATUS
DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
/*++
Routine Description:
This is the initialization routine for the Fat file system
device driver. This routine creates the device object for the FileSystem
device and performs all other driver initialization.
Arguments:
DriverObject - Pointer to driver object created by the system.
Return Value:
NTSTATUS - The function value is the final status from the initialization
operation.
--*/
{
USHORT MaxDepth;
NTSTATUS Status;
UNICODE_STRING UnicodeString;
FS_FILTER_CALLBACKS FilterCallbacks;
UNICODE_STRING ValueName;
ULONG Value;
UNREFERENCED_PARAMETER( RegistryPath );
//
// Create the device object for disks. To avoid problems with filters who
// know this name, we must keep it.
//
RtlInitUnicodeString( &UnicodeString, L"\\Fat" );
Status = IoCreateDevice( DriverObject,
0,
&UnicodeString,
FILE_DEVICE_DISK_FILE_SYSTEM,
0,
FALSE,
&FatDiskFileSystemDeviceObject );
if (!NT_SUCCESS( Status )) {
return Status;
}
//
// Create the device object for "cdroms".
//
RtlInitUnicodeString( &UnicodeString, L"\\FatCdrom" );
Status = IoCreateDevice( DriverObject,
0,
&UnicodeString,
FILE_DEVICE_CD_ROM_FILE_SYSTEM,
0,
FALSE,
&FatCdromFileSystemDeviceObject );
if (!NT_SUCCESS( Status )) {
IoDeleteDevice( FatDiskFileSystemDeviceObject);
return Status;
}
#pragma prefast( push )
#pragma prefast( disable:28155, "these are all correct" )
#pragma prefast( disable:28169, "these are all correct" )
#pragma prefast( disable:28175, "this is a filesystem, touching FastIoDispatch is allowed" )
DriverObject->DriverUnload = FatUnload;
//
// Note that because of the way data caching is done, we set neither
// the Direct I/O or Buffered I/O bit in DeviceObject->Flags. If
// data is not in the cache, or the request is not buffered, we may,
// set up for Direct I/O by hand.
//
//
// Initialize the driver object with this driver's entry points.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] = (PDRIVER_DISPATCH)FatFsdCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = (PDRIVER_DISPATCH)FatFsdClose;
DriverObject->MajorFunction[IRP_MJ_READ] = (PDRIVER_DISPATCH)FatFsdRead;
DriverObject->MajorFunction[IRP_MJ_WRITE] = (PDRIVER_DISPATCH)FatFsdWrite;
DriverObject->MajorFunction[IRP_MJ_QUERY_INFORMATION] = (PDRIVER_DISPATCH)FatFsdQueryInformation;
DriverObject->MajorFunction[IRP_MJ_SET_INFORMATION] = (PDRIVER_DISPATCH)FatFsdSetInformation;
DriverObject->MajorFunction[IRP_MJ_QUERY_EA] = (PDRIVER_DISPATCH)FatFsdQueryEa;
DriverObject->MajorFunction[IRP_MJ_SET_EA] = (PDRIVER_DISPATCH)FatFsdSetEa;
DriverObject->MajorFunction[IRP_MJ_FLUSH_BUFFERS] = (PDRIVER_DISPATCH)FatFsdFlushBuffers;
DriverObject->MajorFunction[IRP_MJ_QUERY_VOLUME_INFORMATION] = (PDRIVER_DISPATCH)FatFsdQueryVolumeInformation;
DriverObject->MajorFunction[IRP_MJ_SET_VOLUME_INFORMATION] = (PDRIVER_DISPATCH)FatFsdSetVolumeInformation;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = (PDRIVER_DISPATCH)FatFsdCleanup;
DriverObject->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] = (PDRIVER_DISPATCH)FatFsdDirectoryControl;
DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = (PDRIVER_DISPATCH)FatFsdFileSystemControl;
DriverObject->MajorFunction[IRP_MJ_LOCK_CONTROL] = (PDRIVER_DISPATCH)FatFsdLockControl;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)FatFsdDeviceControl;
DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = (PDRIVER_DISPATCH)FatFsdShutdown;
DriverObject->MajorFunction[IRP_MJ_PNP] = (PDRIVER_DISPATCH)FatFsdPnp;
DriverObject->FastIoDispatch = &FatFastIoDispatch;
RtlZeroMemory(&FatFastIoDispatch, sizeof(FatFastIoDispatch));
FatFastIoDispatch.SizeOfFastIoDispatch = sizeof(FAST_IO_DISPATCH);
FatFastIoDispatch.FastIoCheckIfPossible = FatFastIoCheckIfPossible; // CheckForFastIo
FatFastIoDispatch.FastIoRead = FsRtlCopyRead; // Read
FatFastIoDispatch.FastIoWrite = FsRtlCopyWrite; // Write
FatFastIoDispatch.FastIoQueryBasicInfo = FatFastQueryBasicInfo; // QueryBasicInfo
FatFastIoDispatch.FastIoQueryStandardInfo = FatFastQueryStdInfo; // QueryStandardInfo
FatFastIoDispatch.FastIoLock = FatFastLock; // Lock
FatFastIoDispatch.FastIoUnlockSingle = FatFastUnlockSingle; // UnlockSingle
FatFastIoDispatch.FastIoUnlockAll = FatFastUnlockAll; // UnlockAll
FatFastIoDispatch.FastIoUnlockAllByKey = FatFastUnlockAllByKey; // UnlockAllByKey
FatFastIoDispatch.FastIoQueryNetworkOpenInfo = FatFastQueryNetworkOpenInfo;
FatFastIoDispatch.AcquireForCcFlush = FatAcquireForCcFlush;
FatFastIoDispatch.ReleaseForCcFlush = FatReleaseForCcFlush;
FatFastIoDispatch.MdlRead = FsRtlMdlReadDev;
FatFastIoDispatch.MdlReadComplete = FsRtlMdlReadCompleteDev;
FatFastIoDispatch.PrepareMdlWrite = FsRtlPrepareMdlWriteDev;
FatFastIoDispatch.MdlWriteComplete = FsRtlMdlWriteCompleteDev;
#pragma prefast( pop )
//
// Initialize the filter callbacks we use.
//
RtlZeroMemory( &FilterCallbacks,
sizeof(FS_FILTER_CALLBACKS) );
FilterCallbacks.SizeOfFsFilterCallbacks = sizeof(FS_FILTER_CALLBACKS);
FilterCallbacks.PreAcquireForSectionSynchronization = FatFilterCallbackAcquireForCreateSection;
Status = FsRtlRegisterFileSystemFilterCallbacks( DriverObject,
&FilterCallbacks );
if (!NT_SUCCESS( Status )) {
IoDeleteDevice( FatDiskFileSystemDeviceObject );
IoDeleteDevice( FatCdromFileSystemDeviceObject );
return Status;
}
//
// Initialize the global data structures
//
//
// The FatData record
//
RtlZeroMemory( &FatData, sizeof(FAT_DATA));
FatData.NodeTypeCode = FAT_NTC_DATA_HEADER;
FatData.NodeByteSize = sizeof(FAT_DATA);
InitializeListHead(&FatData.VcbQueue);
FatData.DriverObject = DriverObject;
FatData.DiskFileSystemDeviceObject = FatDiskFileSystemDeviceObject;
FatData.CdromFileSystemDeviceObject = FatCdromFileSystemDeviceObject;
//
// This list head keeps track of closes yet to be done.
//
InitializeListHead( &FatData.AsyncCloseList );
InitializeListHead( &FatData.DelayedCloseList );
FatData.FatCloseItem = IoAllocateWorkItem( FatDiskFileSystemDeviceObject);
if (FatData.FatCloseItem == NULL) {
IoDeleteDevice (FatDiskFileSystemDeviceObject);
IoDeleteDevice (FatCdromFileSystemDeviceObject);
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// Allocate the zero page
//
FatData.ZeroPage = ExAllocatePoolWithTag( NonPagedPoolNx, PAGE_SIZE, 'ZtaF' );
if (FatData.ZeroPage == NULL) {
IoDeleteDevice (FatDiskFileSystemDeviceObject);
IoDeleteDevice (FatCdromFileSystemDeviceObject);
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory( FatData.ZeroPage, PAGE_SIZE );
//
// Now initialize our general purpose spinlock (gag) and figure out how
// deep and wide we want our delayed lists (along with fooling ourselves
// about the lookaside depths).
//
KeInitializeSpinLock( &FatData.GeneralSpinLock );
switch ( MmQuerySystemSize() ) {
case MmSmallSystem:
MaxDepth = 4;
FatMaxDelayedCloseCount = FAT_MAX_DELAYED_CLOSES;
break;
case MmMediumSystem:
MaxDepth = 8;
FatMaxDelayedCloseCount = 4 * FAT_MAX_DELAYED_CLOSES;
break;
case MmLargeSystem:
default:
MaxDepth = 16;
FatMaxDelayedCloseCount = 16 * FAT_MAX_DELAYED_CLOSES;
break;
}
//
// Initialize the cache manager callback routines
//
FatData.CacheManagerCallbacks.AcquireForLazyWrite = &FatAcquireFcbForLazyWrite;
FatData.CacheManagerCallbacks.ReleaseFromLazyWrite = &FatReleaseFcbFromLazyWrite;
FatData.CacheManagerCallbacks.AcquireForReadAhead = &FatAcquireFcbForReadAhead;
FatData.CacheManagerCallbacks.ReleaseFromReadAhead = &FatReleaseFcbFromReadAhead;
FatData.CacheManagerNoOpCallbacks.AcquireForLazyWrite = &FatNoOpAcquire;
FatData.CacheManagerNoOpCallbacks.ReleaseFromLazyWrite = &FatNoOpRelease;
FatData.CacheManagerNoOpCallbacks.AcquireForReadAhead = &FatNoOpAcquire;
FatData.CacheManagerNoOpCallbacks.ReleaseFromReadAhead = &FatNoOpRelease;
//
// Set up global pointer to our process.
//
FatData.OurProcess = PsGetCurrentProcess();
//
// Setup the number of processors we support for statistics as the current number
// running.
//
#if (NTDDI_VERSION >= NTDDI_VISTA)
FatData.NumberProcessors = KeQueryActiveProcessorCount( NULL );
#else
FatData.NumberProcessors = KeNumberProcessors;
#endif
//
// Read the registry to determine if we are in ChicagoMode.
//
ValueName.Buffer = COMPATIBILITY_MODE_VALUE_NAME;
ValueName.Length = sizeof(COMPATIBILITY_MODE_VALUE_NAME) - sizeof(WCHAR);
ValueName.MaximumLength = sizeof(COMPATIBILITY_MODE_VALUE_NAME);
Status = FatGetCompatibilityModeValue( &ValueName, &Value );
if (NT_SUCCESS(Status) && FlagOn(Value, 1)) {
FatData.ChicagoMode = FALSE;
} else {
FatData.ChicagoMode = TRUE;
}
//
// Read the registry to determine if we are going to generate LFNs
// for valid 8.3 names with extended characters.
//
ValueName.Buffer = CODE_PAGE_INVARIANCE_VALUE_NAME;
ValueName.Length = sizeof(CODE_PAGE_INVARIANCE_VALUE_NAME) - sizeof(WCHAR);
ValueName.MaximumLength = sizeof(CODE_PAGE_INVARIANCE_VALUE_NAME);
Status = FatGetCompatibilityModeValue( &ValueName, &Value );
if (NT_SUCCESS(Status) && FlagOn(Value, 1)) {
FatData.CodePageInvariant = FALSE;
} else {
FatData.CodePageInvariant = TRUE;
}
//
// Initialize our global resource and fire up the lookaside lists.
//
ExInitializeResourceLite( &FatData.Resource );
ExInitializeNPagedLookasideList( &FatIrpContextLookasideList,
NULL,
NULL,
POOL_NX_ALLOCATION | POOL_RAISE_IF_ALLOCATION_FAILURE,
sizeof(IRP_CONTEXT),
TAG_IRP_CONTEXT,
MaxDepth );
ExInitializeNPagedLookasideList( &FatNonPagedFcbLookasideList,
NULL,
NULL,
POOL_NX_ALLOCATION | POOL_RAISE_IF_ALLOCATION_FAILURE,
sizeof(NON_PAGED_FCB),
TAG_FCB_NONPAGED,
MaxDepth );
ExInitializeNPagedLookasideList( &FatEResourceLookasideList,
NULL,
NULL,
POOL_NX_ALLOCATION | POOL_RAISE_IF_ALLOCATION_FAILURE,
sizeof(ERESOURCE),
TAG_ERESOURCE,
MaxDepth );
ExInitializeSListHead( &FatCloseContextSList );
ExInitializeFastMutex( &FatCloseQueueMutex );
KeInitializeEvent( &FatReserveEvent, SynchronizationEvent, TRUE );
//
// Register the file system with the I/O system
//
IoRegisterFileSystem(FatDiskFileSystemDeviceObject);
ObReferenceObject (FatDiskFileSystemDeviceObject);
IoRegisterFileSystem(FatCdromFileSystemDeviceObject);
ObReferenceObject (FatCdromFileSystemDeviceObject);
//
// Find out if we are running an a FujitsuFMR machine.
//
FatData.FujitsuFMR = FatIsFujitsuFMR();
#if (NTDDI_VERSION >= NTDDI_WIN8)
//
// Find out global disk accounting state, cache the result
//
FatDiskAccountingEnabled = PsIsDiskCountersEnabled();
#endif
//
// And return to our caller
//
return( STATUS_SUCCESS );
}
int64_t
platform_num_cpus()
{
KAFFINITY k_affin;
return (int64_t)KeQueryActiveProcessorCount(&k_affin);
}
NTSTATUS
FPFilterGenericIrp(
PDEVICE_OBJECT DeviceObject,
PIRP Irp
)
{
PDEVICE_EXTENSION pDevExtension = DeviceObject->DeviceExtension;
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
NTSTATUS status = STATUS_SUCCESS;
if(pDevExtension->Type == FILTER)
{
//
// So this is the FILTER device object, ie the one between the CPU driver and ACPI.sys
//
/*
KdPrint(("LPCFILTER: FPFilterGenericIrp: Filter DeviceObject %X Irp %X\n", DeviceObject, Irp));
switch(irpStack->MajorFunction)
{
case IRP_MJ_DEVICE_CONTROL:
{
switch(irpStack->Parameters.DeviceIoControl.IoControlCode)
{
PACPI_ENUM_CHILDREN_OUTPUT_BUFFER pACPIChild;
PACPI_EVAL_OUTPUT_BUFFER pACPIEval;
//
// Thes are handled only so the driver can trace out the ACPI queries running
// between the CPU driver and ACPI.sys
//
case IOCTL_ACPI_ENUM_CHILDREN:
{
ULONG inlen = irpStack->Parameters.DeviceIoControl.InputBufferLength;
ULONG outlen = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
KdPrint(("LPCFILTER: IOCTL_ACPI_ENUM_CHILDREN Filter DeviceObject %X Irp %X\n", DeviceObject, Irp));
status = FPFilterForwardIrpSynchronous(DeviceObject, Irp);
KdPrint(("LPCFILTER: %d bytes of data in %d bytes of data out %d bytes of data returned status 0x%X\n\n",
inlen,
outlen,
Irp->IoStatus.Information,
status));
if((status == STATUS_SUCCESS) && (Irp->IoStatus.Information > sizeof(ACPI_ENUM_CHILDREN_INPUT_BUFFER)))
{
pACPIChild = (PACPI_ENUM_CHILDREN_OUTPUT_BUFFER) Irp->AssociatedIrp.SystemBuffer;
if(pACPIChild->Signature != ACPI_ENUM_CHILDREN_OUTPUT_BUFFER_SIGNATURE)
{
DbgPrint(" Invalid signature in evaluate method out buffer\n");
}
else
{
// DumpKids(pACPIChild);
}
}
status = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return status;
}
case IOCTL_ACPI_EVAL_METHOD:
{
ULONG inlen = irpStack->Parameters.DeviceIoControl.InputBufferLength;
ULONG outlen = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
PACPI_EVAL_INPUT_BUFFER pBuf;
if(inlen)
{
pBuf = ExAllocatePoolWithTag(PagedPool, inlen+10, 'ynos');
if(pBuf)
{
memset(pBuf, 0, inlen+10);
memcpy(pBuf, (PUCHAR)Irp->AssociatedIrp.SystemBuffer, inlen);
}
}
else
{
pBuf = ExAllocatePoolWithTag(PagedPool, 10, 'ynos');
if(pBuf)
{
memset(pBuf, 0, 10);
}
}
KdPrint(("LPCFILTER: IOCTL_ACPI_EVAL_METHOD Filter DeviceObject %X Irp %X\n", DeviceObject, Irp));
status = FPFilterForwardIrpSynchronous(DeviceObject, Irp);
KdPrint(("LPCFILTER: %c%c%c%c %d bytes of data in %d bytes of data out %d bytes of data returned status 0x%X\n\n",
pBuf->MethodName[0],
pBuf->MethodName[1],
pBuf->MethodName[2],
pBuf->MethodName[3],
inlen,
outlen,
Irp->IoStatus.Information,
status));
if((status == STATUS_SUCCESS) && (Irp->IoStatus.Information > sizeof(ACPI_EVAL_OUTPUT_BUFFER)))
{
pACPIEval = (PACPI_EVAL_OUTPUT_BUFFER) Irp->AssociatedIrp.SystemBuffer;
if(pACPIEval->Signature != ACPI_EVAL_OUTPUT_BUFFER_SIGNATURE)
{
DbgPrint(" Invalid signature in evaluate method out buffer\n");
}
else
{
// DumpEval(pACPIEval, pBuf);
}
}
ExFreePool(pBuf);
status = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return status;
}
case IOCTL_ACPI_EVAL_METHOD_EX:
{
ULONG inlen = irpStack->Parameters.DeviceIoControl.InputBufferLength;
ULONG outlen = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
PACPI_EVAL_INPUT_BUFFER pBuf;
if(inlen)
{
pBuf = ExAllocatePoolWithTag(PagedPool, inlen+10, 'ynos');
if(pBuf)
{
memset(pBuf, 0, inlen+10);
memcpy(pBuf, (PUCHAR)Irp->AssociatedIrp.SystemBuffer, inlen);
}
}
else
{
pBuf = ExAllocatePoolWithTag(PagedPool, 10, 'ynos');
if(pBuf)
{
memset(pBuf, 0, 10);
}
}
KdPrint(("LPCFILTER: IOCTL_ACPI_EVAL_METHOD_EX Filter DeviceObject %X Irp %X\n", DeviceObject, Irp));
status = FPFilterForwardIrpSynchronous(DeviceObject, Irp);
KdPrint(("LPCFILTER: %c%c%c%c %d bytes of data in %d bytes of data out status 0x%X\n\n",
pBuf->MethodName[0],
pBuf->MethodName[1],
pBuf->MethodName[2],
pBuf->MethodName[3],
inlen,
outlen,
status));
if((status == STATUS_SUCCESS) && (Irp->IoStatus.Information > sizeof(ACPI_EVAL_OUTPUT_BUFFER)))
{
pACPIEval = (PACPI_EVAL_OUTPUT_BUFFER) Irp->AssociatedIrp.SystemBuffer;
// DumpEval(pACPIEval, pBuf);
}
ExFreePool(pBuf);
status = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return status;
}
}
}
}
*/
// FILTER DO Irps are just passed down, we dont care what they are
return FPFilterSendToNextDriver(DeviceObject, Irp);
}
else
{
//
// This is the CONTROl device object, ie the one opened by the application
//
PDEVICE_EXTENSION2 pDevExt = DeviceObject->DeviceExtension;
KdPrint(("LPCFILTER: FPFilterGenericIrp: Control DeviceObject %X Irp %X\n", DeviceObject, Irp));
switch(irpStack->MajorFunction)
{
case IRP_MJ_CREATE:
{
KIRQL irql;
if(!NT_SUCCESS(gOpenStatus))
{
status = gOpenStatus;
KdPrint(("LPCFILTER: Previous open failed so failing this one\n"));
break;
}
KeAcquireSpinLock(&pDevExt->AppLock, &irql);
if(pDevExt->IsDataObtained == FALSE)
{
KAFFINITY ActiveAffinity;
ULONG x = 0;
pDevExt->IsDataObtained = TRUE;
KeReleaseSpinLock(&pDevExt->AppLock, irql);
// get the number of CPUs
pDevExt->NumProcs = KeQueryActiveProcessorCount(&ActiveAffinity);
// allocate and initialise our CPU state array (CPUDB)
pDevExt->pCPUDB = ExAllocatePoolWithTag(NonPagedPool, pDevExt->NumProcs * sizeof(CPUDataBase), 'ynos');
if(!pDevExt->pCPUDB)
{
status = gOpenStatus = STATUS_INSUFFICIENT_RESOURCES;
KdPrint(("LPCFILTER: Allocating CPUDB failed\n"));
break;
}
for(x = 0 ; x < pDevExt->NumProcs ; x++)
{
pDevExt->pCPUDB[x].PState = 0xFFFFFFFF;
pDevExt->pCPUDB[x].StayAliveCount = 0;
}
// get the ACPI data for CPU Pstate
gOpenStatus = GetACPIPstateData(pDevExt, pDevExt->pOtherExt->TargetDeviceObject);
if(!NT_SUCCESS(gOpenStatus))
{
KdPrint(("LPCFILTER: GetACPIPstateData failed\n"));
status = gOpenStatus;
break; // we dont free allocated data here, it is done at IRP_MJ_STOP_DEVICE
}
// Check whether the CPU supports MSRs
if(pDevExt->PCTAccessType == ADDRESS_SPACE_FFHW)
{
pDevExt->CpuManuf = GetProcessorManufAndMSRSupport();
if(pDevExt->CpuManuf == UNSUPPORTED)
{
// the data allocated in GetACPIPstateData will be freed by subsequent calls to GetACPIPstateData
// and finally freed at Stop Device
KdPrint(("LPCFILTER: GetProcessorManufAndMSRSupport failed\n"));
status = gOpenStatus = STATUS_NOT_IMPLEMENTED;
break; // we dont free allocated data here, it is done at IRP_MJ_STOP_DEVICE
}
}
// if we ever see a CPU support ADDRESS_SPACE_SYSIO space we need to add some code here....
// But it is likely we wont since the will be old CPUs ot used and too slow to run windows 7+
}
else // IsDataObtained is TRUE so we can allow the open
{
KeReleaseSpinLock(&pDevExt->AppLock, irql);
status = STATUS_SUCCESS;
KdPrint(("LPCFILTER: Previous open succeeded so succeeding this request\n"));
break;
}
// If the thread was not already started...
// We could not call this code at IRP_MJ_START_DEVICE since the lower PDO was not ready
// and returned different ACPI child data (IO ADDRESS SPACE instead of FFHW)
// However we do handle thread and data clean up at IRP_MJ_REMOVE_DEVICE
if(pDevExt->DispatcherThreadObject == NULL)
{
pDevExt->ThreadGo = TRUE;
gOpenStatus = PsCreateSystemThread(&pDevExt->DispatcherThreadHandle,
THREAD_ALL_ACCESS,
NULL,
NULL,
NULL,
(PKSTART_ROUTINE) PerfCtlThread,
pDevExt);
if (!NT_SUCCESS(gOpenStatus)) // if we cant start the thread fail the CreateFile call
{
status = gOpenStatus;
KdPrint(("LPCFILTER: PsCreateSystemThread failed\n"));
break; // we dont free allocated data here, it is done at IRP_MJ_STOP_DEVICE
}
status = ObReferenceObjectByHandle(pDevExt->DispatcherThreadHandle,
THREAD_ALL_ACCESS,
NULL,
KernelMode,
(PVOID*) &pDevExt->DispatcherThreadObject,
NULL);
ZwClose(pDevExt->DispatcherThreadHandle);
}
}
break;
case IRP_MJ_CLOSE:
{
}
break;
case IRP_MJ_DEVICE_CONTROL:
{
switch(irpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_LPC_FLTR_SET_CPU_PSTATE: // app is telling the CPU to run at a certain speed
{
ULONG x = 0;
ULONG ProcNum;
ULONG PState;
KIRQL irql;
if(irpStack->Parameters.DeviceIoControl.InputBufferLength != (2 * sizeof(ULONG)))
{
status = STATUS_INVALID_PARAMETER;
break;
}
ProcNum = *(PULONG)Irp->AssociatedIrp.SystemBuffer;
PState = *(((PULONG)Irp->AssociatedIrp.SystemBuffer) +1);
if(ProcNum > pDevExt->NumProcs)
{
status = STATUS_INVALID_PARAMETER;
break;
}
KeAcquireSpinLock(&pDevExt->AppLock, &irql);
// if the processor isnt being used, set its state
if(pDevExt->pCPUDB[ProcNum].PState == 0xFFFFFFFF)
{
InterlockedExchange(&pDevExt->pCPUDB[ProcNum].PState, PState);
// reset the stay alive count for that CPU
InterlockedExchange(&pDevExt->pCPUDB[ProcNum].StayAliveCount, 0);
// leave status set to success
}
// else if it is being used, and is the same state as requested, then OK
else
{
if(pDevExt->pCPUDB[ProcNum].PState == PState)
{
// reset the stay alive count for that CPU
InterlockedExchange(&pDevExt->pCPUDB[ProcNum].StayAliveCount, 0);
// leave status set to success
}
else
{
// else we couldnt set the PState for that CPU so fail the request
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
KeReleaseSpinLock(&pDevExt->AppLock, irql);
}
break;
case IOCTL_LPC_FLTR_SETNOW_CPU_PSTATE:
{
ULONG x = 0;
ULONG ProcNum;
ULONG PState;
KIRQL irql;
if(irpStack->Parameters.DeviceIoControl.InputBufferLength != (2 * sizeof(ULONG)))
{
status = STATUS_INVALID_PARAMETER;
break;
}
ProcNum = *(PULONG)Irp->AssociatedIrp.SystemBuffer;
PState = *(((PULONG)Irp->AssociatedIrp.SystemBuffer) +1);
if(ProcNum > pDevExt->NumProcs)
{
status = STATUS_INVALID_PARAMETER;
break;
}
KeAcquireSpinLock(&pDevExt->AppLock, &irql);
InterlockedExchange(&pDevExt->pCPUDB[ProcNum].PState, PState);
// reset the stay alive count for that CPU
InterlockedExchange(&pDevExt->pCPUDB[ProcNum].StayAliveCount, 0);
KeReleaseSpinLock(&pDevExt->AppLock, irql);
}
break;
case IOCTL_LPC_FLTR_SET_CFG:
{
KIRQL irql;
if(irpStack->Parameters.DeviceIoControl.InputBufferLength != sizeof(LPCConfiguration))
{
status = STATUS_INVALID_PARAMETER;
break;
}
KeAcquireSpinLock(&pDevExt->AppLock, &irql);
memcpy(&pDevExt->Config, Irp->AssociatedIrp.SystemBuffer, sizeof(LPCConfiguration));
KeReleaseSpinLock(&pDevExt->AppLock, irql);
}
break;
case IOCTL_LPC_FLTR_GET_CFG:
{
KIRQL irql;
if(irpStack->Parameters.DeviceIoControl.OutputBufferLength != sizeof(LPCConfiguration))
{
status = STATUS_INVALID_PARAMETER;
break;
}
KeAcquireSpinLock(&pDevExt->AppLock, &irql);
memcpy(Irp->AssociatedIrp.SystemBuffer, &pDevExt->Config, sizeof(LPCConfiguration));
KeReleaseSpinLock(&pDevExt->AppLock, irql);
Irp->IoStatus.Information = sizeof(LPCConfiguration);
}
break;
case IOCTL_LPC_FLTR_GET_STATS:
{
if(irpStack->Parameters.DeviceIoControl.OutputBufferLength == pDevExt->StatsDataSize)
{
KIRQL oldirql;
ULONG x, y;
memcpy(Irp->AssociatedIrp.SystemBuffer, pDevExt->pStats, pDevExt->StatsDataSize);
Irp->IoStatus.Information = pDevExt->StatsDataSize;
}
else if(irpStack->Parameters.DeviceIoControl.OutputBufferLength == sizeof(ULONG))
{
memcpy(Irp->AssociatedIrp.SystemBuffer, &pDevExt->StatsDataSize, sizeof(ULONG));
Irp->IoStatus.Information = sizeof(ULONG);
status = STATUS_BUFFER_OVERFLOW;
}
}
break;
}
}
}
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return(status);
}
}
/**
* @brief DPC callback.
* Calls the Xen interface api to process the ringbuffer until the ringbuffer is empty,
* then completes all requests provided by the Xen api.
*
* @todo consider completion within the XenDpc() loop. However this would release the device
* lock.
*
* @param[in] Dpc The WDFDPC handle.
*
*/
VOID
FdoEvtDeviceDpcFunc(
IN VOID *Context)
{
// --XT-- FDO context passed directly now.
PUSB_FDO_CONTEXT fdoContext = (PUSB_FDO_CONTEXT)Context;
//
// this stuff needs to be done at DPC level in order to complete irps.
//
ULONG passes = 0;
AcquireFdoLock(fdoContext);
if (fdoContext->InDpc)
{
fdoContext->DpcOverLapCount++;
ReleaseFdoLock(fdoContext);
return;
}
fdoContext->InDpc = TRUE;
BOOLEAN moreWork;
do
{
moreWork = XenDpc(fdoContext, fdoContext->RequestCollection);
passes++;
if (fdoContext->DpcOverLapCount)
{
fdoContext->totalDpcOverLapCount += fdoContext->DpcOverLapCount;
fdoContext->DpcOverLapCount = 0;
moreWork = TRUE;
}
if (moreWork & (passes >= KeQueryActiveProcessorCount(NULL)))
{
//
// reschedule the dpc to prevent starvation.
//
// --XT-- WdfDpcEnqueue(fdoContext->WdfDpc);
//
// --XT-- Schedule through the Xen interface now.
//
XenScheduleDPC(fdoContext->Xen);
TraceEvents(TRACE_LEVEL_VERBOSE, TRACE_DPC,
__FUNCTION__": enqueue dpc at %d passes\n",
passes);
fdoContext->totalDpcReQueueCount++;
break;
}
} while (moreWork);
fdoContext->InDpc = FALSE; // allow another dpc instance to run and add to the collection.
if (passes > fdoContext->maxDpcPasses)
{
fdoContext->maxDpcPasses = passes;
}
//
// complete all queued Irps. Note that this section is re-entrant.
// Note also that all of these requests have been "uncanceled" and ahve
// been marked as completed in their request contexts and that the
// additional reference on the request object has been removed.
// The collection can be safely completed with no race conditions.
//
ULONG responseCount = 0;
WDFREQUEST Request;
while ((Request = (WDFREQUEST) WdfCollectionGetFirstItem(fdoContext->RequestCollection)) != NULL)
{
WdfCollectionRemoveItem(fdoContext->RequestCollection, 0);
TraceEvents(TRACE_LEVEL_VERBOSE, TRACE_DPC,
__FUNCTION__": complete Request %p Status %x\n",
Request,
WdfRequestWdmGetIrp(Request)->IoStatus.Status);
ReleaseFdoLock(fdoContext);
WdfRequestCompleteWithPriorityBoost(Request,
WdfRequestWdmGetIrp(Request)->IoStatus.Status,
IO_SOUND_INCREMENT);
AcquireFdoLock(fdoContext);
responseCount++;
}
if (responseCount > fdoContext->maxRequestsProcessed)
{
fdoContext->maxRequestsProcessed = responseCount;
}
//
// fire up any queued requests
//
DrainRequestQueue(fdoContext, FALSE);
ReleaseFdoLock(fdoContext);
// --XT-- this trace was way too noisy, made it verbose.
TraceEvents(TRACE_LEVEL_VERBOSE, TRACE_DPC,
__FUNCTION__": exit responses processed %d passes %d\n",
responseCount,
passes);
}
int
cpu_count()
{
return (int)KeQueryActiveProcessorCount(NULL);
}
