uint32 peChecksumExecSections(uint8 *peBaseAddr,
void *realBase,
PEPROCESS proc,
PKAPC_STATE apc,
PHYSICAL_ADDRESS *physArr)
{
uint16 numExecSections = peGetNumExecSections(peBaseAddr);
uint32 checksum = 0, k, i, j,
numRelocs = peGetNumberOfRelocs(peBaseAddr, realBase, proc, apc),
relocDelta = peCalculateRelocDiff(peBaseAddr, realBase);
uint8 *dataPtr = NULL;
PHYSICAL_ADDRESS phys = {0};
SectionData *execSections = (SectionData *) MmAllocateNonCachedMemory(
numExecSections * sizeof(SectionData));
peGetExecSections(peBaseAddr, execSections);
//DbgPrint("Found %d relocations, delta of: %x\r\n", numRelocs, relocDelta);
for (i = 0; i < numExecSections; i++)
{
uint32 numpages = execSections[i].Size / 0x1000, size = execSections[i].Size;
if (numpages * 0x1000 < execSections[i].Size)
numpages++;
for (k = 0; k < numpages; k++)
{
KeStackAttachProcess(proc, apc);
dataPtr = (uint8 *) MmMapIoSpace(MmGetPhysicalAddress((void *)(((uint32) realBase) +
execSections[i].VirtualAddress + (0x1000 * k))),
0x1000, 0);
phys = MmGetPhysicalAddress((void *) dataPtr);
for (j = 0; j < min(size, 0x1000); j++)
{
checksum += dataPtr[j];
}
MmUnmapIoSpace((void *) dataPtr, 0x1000);
size -= 0x1000;
KeUnstackDetachProcess(apc);
}
}
// Subtract the relocations from the checksum
// TODO Fix incase of lower load address
checksum += numRelocs * (relocDelta & 0x000000FF);
checksum += numRelocs * ((relocDelta & 0x0000FF00) >> 8);
checksum += numRelocs * ((relocDelta & 0x00FF0000) >> 16);
checksum += numRelocs * ((relocDelta & 0xFF000000) >> 24);
MmFreeNonCachedMemory((void *) execSections, numExecSections * sizeof(SectionData));
return checksum;
}
static PVOID OldMapIoSpace(
_In_ PHYSICAL_ADDRESS PhysicalAddress,
_In_ SIZE_T NumberOfBytes,
_In_ MEMORY_CACHING_TYPE CacheType,
_In_ ULONG Protect
)
{
PAGED_CODE();
return MmMapIoSpace(PhysicalAddress, NumberOfBytes, CacheType);
}
/*----------------------------------------------------------------------------
*Function: CMM_Init
*Parameters: dwContext :
*Return Value: True/False
*Implementation Notes: Initialize JPEG Hardware
-----------------------------------------------------------------------------*/
DWORD
CMM_Init(
DWORD dwContext
)
{
HANDLE h_Mutex;
FREE_MEM_T * freenode;
ALLOC_MEM_T * allocnode;
PHYSICAL_ADDRESS ioPhysicalBase = {0,0};
printD("\n[CMM_Init]\n");
// Mutex initialization
h_Mutex = CreateCMMmutex();
if (h_Mutex == NULL)
{
RETAILMSG(1, (TEXT("[CMM_Init] CMM Mutex Initialize error : %d \r\n"),GetLastError()));
return FALSE;
}
ioPhysicalBase.LowPart = CODEC_MEM_START;
CachedVirAddr = (UINT8 *)MmMapIoSpace(ioPhysicalBase, CODEC_MEM_SIZE, TRUE);
if (CachedVirAddr == NULL)
{
RETAILMSG(1, (TEXT("[CMM_Init] MmMapIoSpace failed: %d\r\n"),GetLastError()));
return FALSE;
}
// init alloc list, if(AllocMemHead == AllocMemTail) then, the list is NULL
allocnode = (ALLOC_MEM_T *)malloc(sizeof(ALLOC_MEM_T));
memset(allocnode, 0x00, sizeof(ALLOC_MEM_T));
allocnode->next = allocnode;
allocnode->prev = allocnode;
AllocMemHead = allocnode;
AllocMemTail = AllocMemHead;
// init free list, if(FreeMemHead == FreeMemTail) then, the list is NULL
freenode = (FREE_MEM_T *)malloc(sizeof(FREE_MEM_T));
memset(freenode, 0x00, sizeof(FREE_MEM_T));
freenode->next = freenode;
freenode->prev = freenode;
FreeMemHead = freenode;
FreeMemTail = FreeMemHead;
freenode = (FREE_MEM_T *)malloc(sizeof(FREE_MEM_T));
memset(freenode, 0x00, sizeof(FREE_MEM_T));
freenode->startAddr = CODEC_MEM_START;
freenode->size = CODEC_MEM_SIZE;
InsertNodeToFreeList(freenode, -1);
return TRUE;
}
/*
* @implemented
*/
PVOID
NTAPI
MmMapVideoDisplay(IN PHYSICAL_ADDRESS PhysicalAddress,
IN SIZE_T NumberOfBytes,
IN MEMORY_CACHING_TYPE CacheType)
{
PAGED_CODE();
//
// Call the real function
//
return MmMapIoSpace(PhysicalAddress, NumberOfBytes, CacheType);
}
NTSTATUS _write_phys_mem( PHYSICAL_ADDRESS pa, unsigned int len, void * pData )
{
void * va = MmMapIoSpace( pa, len, MmCached );
if( !va )
{
DbgPrint( "[chipsec] ERROR: no space for mapping\n" );
return STATUS_UNSUCCESSFUL;
}
DbgPrint( "[chipsec] writing %d bytes to physical address 0x%08x_%08x (virtual = %#010x)", len, pa.HighPart, pa.LowPart, (unsigned int)va );
RtlCopyMemory( va, pData, len );
MmUnmapIoSpace( va, len );
return STATUS_SUCCESS;
}
BOOL InitializeAddresses(VOID)
{
BOOL RetValue = TRUE;
PHYSICAL_ADDRESS ioPhysicalBase = {S3C6410_BASE_REG_PA_GPIO,0};
v_pGPIORegs = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE);
if (v_pGPIORegs == NULL)
{
DEBUGMSG(ZONE_ERROR, (TEXT("[GPIO] v_pGPIORegs MmMapIoSpace() Failed \r\n")));
RetValue = FALSE;
}
return(RetValue);
}
/*----------------------------------------------------------------------------
*Function: Phy2VirAddr
*Parameters: dwContext :
*Return Value: True/False
*Implementation Notes: memory mapping from physical addr to virtual addr
-----------------------------------------------------------------------------*/
void *Phy2VirAddr(UINT32 phy_addr, int mem_size)
{
void *mappedAddr = NULL;
PHYSICAL_ADDRESS ioPhysicalBase = {0,0};
ioPhysicalBase.LowPart = phy_addr;
mappedAddr = MmMapIoSpace(ioPhysicalBase, mem_size, FALSE);
if (mappedAddr == NULL)
{
RETAILMSG(1, (L"[MFC:ERR] %s : Mapping Failed [PA:0x%08x]\n\r", __FUNCTION__, phy_addr));
}
return mappedAddr;
}
PUCHAR
SoundMapPortAddress(
INTERFACE_TYPE BusType,
ULONG BusNumber,
ULONG PortBase,
ULONG Length,
PULONG MemType
)
/*++
Routine Description :
Map a physical device port address to an address we can pass
to READ/WRITE_PORT_UCHAR/USHORT etc
Arguments :
BusType - type of bus
BusNumber - bus number
PortBase - The port start address
Length - how many bytes of port space to map (needed by MmMapIoSpace)
Return Value :
The virtual port address
--*/
{
PHYSICAL_ADDRESS PortAddress;
PHYSICAL_ADDRESS MappedAddress;
*MemType = 1; // IO space
PortAddress.LowPart = PortBase;
PortAddress.HighPart = 0;
HalTranslateBusAddress(
BusType,
BusNumber,
PortAddress,
MemType,
&MappedAddress);
if (*MemType == 0) {
//
// Map memory type IO space into our address space
//
return (PUCHAR)MmMapIoSpace(MappedAddress, Length, FALSE);
} else {
return (PUCHAR)MappedAddress.LowPart;
}
}
void * hax_map_page_frame(uint64 pfn, hax_kmap_phys *kmap)
{
PHYSICAL_ADDRESS addr;
PVOID kva;
if (!kmap) {
hax_error("%s: kmap == NULL\n", __func__);
return NULL;
}
addr.QuadPart = (LONGLONG)(pfn << PG_ORDER_4K);
kva = MmMapIoSpace(addr, PAGE_SIZE_4K, MmCached);
kmap->kva = kva;
return kva;
}
/*
* @implemented
*/
NDIS_STATUS
EXPORT
NdisMMapIoSpace(
OUT PVOID *VirtualAddress,
IN NDIS_HANDLE MiniportAdapterHandle,
IN NDIS_PHYSICAL_ADDRESS PhysicalAddress,
IN UINT Length)
/*
* FUNCTION: Maps a bus-relative address to a system-wide virtual address
* ARGUMENTS:
* VirtualAddress: receives virtual address of mapping
* MiniportAdapterHandle: Handle originally input to MiniportInitialize
* PhysicalAddress: bus-relative address to map
* Length: Number of bytes to map
* RETURNS:
* NDIS_STATUS_SUCCESS: the operation completed successfully
* NDIS_STATUS_RESOURCE_CONFLICT: the physical address range is already claimed
* NDIS_STATUS_RESOURCES: insufficient resources to complete the mapping
* NDIS_STATUS_FAILURE: a general failure has occured
* NOTES:
* - Must be called at IRQL = PASSIVE_LEVEL
*/
{
PLOGICAL_ADAPTER Adapter = MiniportAdapterHandle;
ULONG AddressSpace = 0; /* Memory Space */
NDIS_PHYSICAL_ADDRESS TranslatedAddress;
PAGED_CODE();
ASSERT(VirtualAddress && MiniportAdapterHandle);
NDIS_DbgPrint(MAX_TRACE, ("Called\n"));
if(!HalTranslateBusAddress(Adapter->NdisMiniportBlock.BusType, Adapter->NdisMiniportBlock.BusNumber,
PhysicalAddress, &AddressSpace, &TranslatedAddress))
{
NDIS_DbgPrint(MIN_TRACE, ("Unable to translate address\n"));
return NDIS_STATUS_RESOURCES;
}
*VirtualAddress = MmMapIoSpace(TranslatedAddress, Length, MmNonCached);
if(!*VirtualAddress) {
NDIS_DbgPrint(MIN_TRACE, ("MmMapIoSpace failed\n"));
return NDIS_STATUS_RESOURCES;
}
return NDIS_STATUS_SUCCESS;
}
BOOLEAN NTAPI XenGfxVbeGetEdid(UCHAR *pChildDescriptor, ULONG Length)
{
ULONG Addr;
PHYSICAL_ADDRESS PhysAddr = {0};
UCHAR *pVirtAddr;
USHORT XRes, YRes;
TraceVerbose(("====> '%s'.\n", __FUNCTION__));
if (!g_VbeInfoInitialized) {
return FALSE;
}
if ((pChildDescriptor == NULL)||(Length < VBE_EDID_SIZE)) {
return FALSE;
}
// Find the EDID and map it in. The spinlock is not needed since the
// EDID is a static/ro chunk (after initialization).
Addr = ((ULONG)g_VbeTable.EdidSeg & (0x0000FFFF));
Addr = Addr << 4;
Addr = Addr | ((ULONG)g_VbeTable.EdidAddr & (0x0000FFFF));
PhysAddr.LowPart = Addr;
pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, VBE_EDID_SIZE, MmNonCached);
if (pVirtAddr == NULL) {
TraceError(("Could not MAP in EDID virtual address!\n"));
return FALSE;
}
RtlCopyMemory(pChildDescriptor, pVirtAddr, VBE_EDID_SIZE);
MmUnmapIoSpace(pVirtAddr, VBE_EDID_SIZE);
// Fix up EDID with resolution on this system.
WRITE_PORT_USHORT((USHORT*)VBE_PORT_INDEX, VBE_DISPI_INDEX_EDID_XRES);
XRes = READ_PORT_USHORT((USHORT*)VBE_PORT_DATA);
WRITE_PORT_USHORT((USHORT*)VBE_PORT_INDEX, VBE_DISPI_INDEX_EDID_YRES);
YRes = READ_PORT_USHORT((USHORT*)VBE_PORT_DATA);
*(pChildDescriptor + 0x38) = (UCHAR)(XRes & 0x00FF);
*(pChildDescriptor + 0x3A) = (UCHAR)(((XRes >> 8) & 0x000F) << 4);
*(pChildDescriptor + 0x3B) = (UCHAR)(YRes & 0x00FF);
*(pChildDescriptor + 0x3D) = (UCHAR)(((YRes >> 8) & 0x000F) << 4);
TraceVerbose(("<==== '%s'.\n", __FUNCTION__));
return TRUE;
}
uint8 * peMapInImageHeader(PHYSICAL_ADDRESS physAddr)
{
uint8 *pePtr = NULL;
uint32 imageSize = 0;
pePtr = MmMapIoSpace(physAddr, PAGE_SIZE, 0);
if (pePtr == NULL || *pePtr != 'M' || *(pePtr + 1) != 'Z')
{
DbgPrint("Invalid physical address!");
if (pePtr != NULL)
MmUnmapIoSpace(pePtr, PAGE_SIZE);
return NULL;
}
return pePtr;
}
void setup_APIC_BASE(void)
{
PHYSICAL_ADDRESS Physical_APIC_BASE;
DbgPrint("Fetching the APIC base\n");
Physical_APIC_BASE.QuadPart=readMSR(MSR_IA32_APICBASE) & 0xFFFFFFFFFFFFF000ULL;
DbgPrint("Physical_APIC_BASE=%p\n", Physical_APIC_BASE.QuadPart);
APIC_BASE = (PAPIC)MmMapIoSpace(Physical_APIC_BASE, sizeof(APIC), MmNonCached);
DbgPrint("APIC_BASE at %p\n", APIC_BASE);
}
/**
@func void | retrievs and sets the GPIO base.
@comm
@xref
**/
void InitGPIOBaseAddr()
{
//DWORD dwIOBase;
DWORD dwIOSize;
PHYSICAL_ADDRESS IOPhyAdr= { S3C6410_BASE_REG_PA_GPIO, 0 };
// RETAILMSG(PIO_DBG_MSG, (TEXT("++InitGPIOAddr\r\n")));
dwIOSize = sizeof(S3C6410_GPIO_REG);
if (NULL == v_pIOP_PIO_regs)
{
v_pIOP_PIO_regs = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(IOPhyAdr, (ULONG)dwIOSize, FALSE);
if ( NULL == v_pIOP_PIO_regs)
{
RETAILMSG(EPCTL_ERR_MSG, (TEXT("GPIO init address failed PIO\r\n")));
}
}
}
PVOID
NTAPI
MiFindContiguousMemory(IN PFN_NUMBER LowestPfn,
IN PFN_NUMBER HighestPfn,
IN PFN_NUMBER BoundaryPfn,
IN PFN_NUMBER SizeInPages,
IN MEMORY_CACHING_TYPE CacheType)
{
PFN_NUMBER Page;
PHYSICAL_ADDRESS PhysicalAddress;
PMMPFN Pfn1, EndPfn;
PMMPTE PointerPte;
PVOID BaseAddress;
PAGED_CODE();
ASSERT(SizeInPages != 0);
//
// Our last hope is to scan the free page list for contiguous pages
//
Page = MiFindContiguousPages(LowestPfn,
HighestPfn,
BoundaryPfn,
SizeInPages,
CacheType);
if (!Page) return NULL;
//
// We'll just piggyback on the I/O memory mapper
//
PhysicalAddress.QuadPart = Page << PAGE_SHIFT;
BaseAddress = MmMapIoSpace(PhysicalAddress, SizeInPages << PAGE_SHIFT, CacheType);
ASSERT(BaseAddress);
/* Loop the PFN entries */
Pfn1 = MiGetPfnEntry(Page);
EndPfn = Pfn1 + SizeInPages;
PointerPte = MiAddressToPte(BaseAddress);
do
{
/* Write the PTE address */
Pfn1->PteAddress = PointerPte;
Pfn1->u4.PteFrame = PFN_FROM_PTE(MiAddressToPte(PointerPte++));
} while (++Pfn1 < EndPfn);
/* Return the address */
return BaseAddress;
}
int set_irq1(int intNumber)
{
unsigned char *pIoRegSel;
DWORD *pIoWin;
int ch,temp;
PHYSICAL_ADDRESS phys;
PVOID pAddr;
RtlZeroMemory(&phys,sizeof(PHYSICAL_ADDRESS));
ch = intNumber;
phys.u.LowPart = 0xFEC00000;
pAddr = MmMapIoSpace(phys, 0x14, MmNonCached);
//if (pAddr == NULL)
if (!MmIsAddressValid(pAddr))
return 0;
temp = *(PDWORD)pAddr;
pIoRegSel = (unsigned char *)pAddr;
pIoWin = (DWORD *)((unsigned char *)(pAddr) + 0x10);
//{
// int i;
// unsigned char j;
//
// for (i = 0, j = 0x10; i <= 0x17; i++, j += 2)
// {
// *pIoRegSel = j;
// ch = *pIoWin;
// DbgPrint("RedTbl[%02d]: 0x%02X\n", i, ch);
// }
//}
*pIoRegSel = 0x12; // irq1
ch = *pIoWin;
ch &= 0xffffff00;
ch |= intNumber;
*pIoWin = ch;
MmUnmapIoSpace(pAddr, 0x14);
return ch;
}
static BOOLEAN NTAPI XenGfxPullUpModeInfo(VOID)
{
ULONG Addr;
PHYSICAL_ADDRESS PhysAddr = {0};
UCHAR *pVirtAddr;
ULONG Size = 0;
MODE_INFO_ITEM *pCurrentMode;
// Map the table and copy it up (plus any extra junk). The spinlock is not
// needed since the mode table is a static/ro chunk.
Addr = ((ULONG)g_VbeTable.ModesSeg & (0x0000FFFF));
Addr = Addr << 4;
Addr = Addr | ((ULONG)g_VbeTable.ModesAddr & (0x0000FFFF));
PhysAddr.LowPart = Addr;
pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, MODE_SIZE, MmNonCached);
if (pVirtAddr == NULL) {
TraceError(("Could not MAP in Mode Info List virtual address!\n"));
return FALSE;
}
RtlCopyMemory(g_ModeInfoList, pVirtAddr, MODE_SIZE);
MmUnmapIoSpace(pVirtAddr, MODE_SIZE);
// Check and cleanup the table
pCurrentMode = (MODE_INFO_ITEM*)g_ModeInfoList;
while (pCurrentMode->ModeNumber != XENVBE_MODE_END_OF_LIST) {
if (Size + 2 >= MODE_SIZE) {
// This should never happen. The table is static but if it did ever happens,
// this routine could be changed to use dynamic allocation (note this would
// leak though since there is not unload call to use in video drivers).
TraceError(("Unexpected Mode Info List overflow! Incorrect size: %d\n", Size));
return FALSE;
}
Size += sizeof(MODE_INFO_ITEM);
pCurrentMode++;
}
// Clear out the tail end so it is easy to see where the end of the table is
// for debugging purposes. Skip the terminator.
Size += 2;
RtlZeroMemory(g_ModeInfoList + Size, MODE_SIZE - Size);
return TRUE;
}
BOOLEAN
HalpMapIoControlSpace (
VOID
)
/*++
Routine Description:
This routine maps the HAL SIO control space for a PowerPC system.
Arguments:
None.
Return Value:
If the initialization is successfully completed, then a value of TRUE
is returned. Otherwise, a value of FALSE is returned.
--*/
{
PHYSICAL_ADDRESS physicalAddress;
//
// Map SIO control space.
//
physicalAddress.HighPart = 0;
physicalAddress.LowPart = IO_CONTROL_PHYSICAL_BASE;
HalpIoControlBase = MmMapIoSpace(physicalAddress,
PAGE_SIZE * 16,
FALSE);
if (HalpIoControlBase == NULL)
return FALSE;
else
return TRUE;
}
/**
* Maps the I/O space from VMMDev to virtual kernel address space.
*
* @return NTSTATUS
*
* @param pDevExt The device extension.
* @param physicalAdr Physical address to map.
* @param ulLength Length (in bytes) to map.
* @param ppvMMIOBase Pointer of mapped I/O base.
* @param pcbMMIO Length of mapped I/O base.
*/
NTSTATUS vboxguestwinMapVMMDevMemory(PVBOXGUESTDEVEXT pDevExt, PHYSICAL_ADDRESS physicalAdr, ULONG ulLength,
void **ppvMMIOBase, uint32_t *pcbMMIO)
{
AssertPtrReturn(pDevExt, VERR_INVALID_POINTER);
AssertPtrReturn(ppvMMIOBase, VERR_INVALID_POINTER);
/* pcbMMIO is optional. */
NTSTATUS rc = STATUS_SUCCESS;
if (physicalAdr.LowPart > 0) /* We're mapping below 4GB. */
{
VMMDevMemory *pVMMDevMemory = (VMMDevMemory *)MmMapIoSpace(physicalAdr, ulLength, MmNonCached);
Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: pVMMDevMemory = 0x%x\n", pVMMDevMemory));
if (pVMMDevMemory)
{
Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: VMMDevMemory: Version = 0x%x, Size = %d\n",
pVMMDevMemory->u32Version, pVMMDevMemory->u32Size));
/* Check version of the structure; do we have the right memory version? */
if (pVMMDevMemory->u32Version != VMMDEV_MEMORY_VERSION)
{
Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: Wrong version (%u), refusing operation!\n",
pVMMDevMemory->u32Version));
/* Not our version, refuse operation and unmap the memory. */
vboxguestwinUnmapVMMDevMemory(pDevExt);
rc = STATUS_UNSUCCESSFUL;
}
else
{
/* Save results. */
*ppvMMIOBase = pVMMDevMemory;
if (pcbMMIO) /* Optional. */
*pcbMMIO = pVMMDevMemory->u32Size;
Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: VMMDevMemory found and mapped! pvMMIOBase = 0x%p\n",
*ppvMMIOBase));
}
}
else
rc = STATUS_UNSUCCESSFUL;
}
return rc;
}
void setup_APIC_BASE(void)
{
PHYSICAL_ADDRESS Physical_APIC_BASE;
UINT64 APIC_BASE_VALUE = readMSR(MSR_IA32_APICBASE);
DbgPrint("Fetching the APIC base\n");
Physical_APIC_BASE.QuadPart = APIC_BASE_VALUE & 0xFFFFFFFFFFFFF000ULL;
DbgPrint("Physical_APIC_BASE=%p\n", Physical_APIC_BASE.QuadPart);
APIC_BASE = (PAPIC)MmMapIoSpace(Physical_APIC_BASE, sizeof(APIC), MmNonCached);
DbgPrint("APIC_BASE at %p\n", APIC_BASE);
x2APICMode = (APIC_BASE_VALUE & (1 << 10))!=0;
DbgPrint("x2APICMode=%d\n", x2APICMode);
}
// The function that initilize GPIO for DAT, CD and WP lines.
BOOL CSDHControllerCh1::InitGPIO() {
//volatile S3C6410_GPIO_REG *pIOPreg = NULL;
PHYSICAL_ADDRESS ioPhysicalBase = {0,0};
ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO;
pIOPreg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE);
if (pIOPreg == NULL) {
RETAILMSG(TRUE, (TEXT("[HSMMC1] GPIO registers is *NOT* mapped.\n")));
return FALSE;
}
RETAILMSG(TRUE, (TEXT("[HSMMC1] Setting registers for the GPIO.\n")));
#ifdef _SMDK6410_CH1_8BIT_
pIOPreg->GPHCON0 = (pIOPreg->GPHCON0 & ~(0xFFFFFFFF)) | (0x22222222); // 4'b0010 for the MMC 1
pIOPreg->GPHCON1 = (pIOPreg->GPHCON1 &~(0xFF)) | (0x22); // 4'b0010 for the MMC 1
pIOPreg->GPHPUD &= ~(0xFFFFF); // Pull-up/down disabled
#else // DAT 4-Bit
pIOPreg->GPHCON0 = (pIOPreg->GPHCON0 & ~(0xFFFFFF)) | (0x222222); // 4'b0010 for the MMC 1
pIOPreg->GPHPUD &= ~(0xFFF); // Pull-up/down disabled
#endif
#ifdef _SMDK6410_CH1_WP_
// pIOPreg->GPFCON &= ~(0x3<<24); // WP_SD1
//pIOPreg->GPFPUD &= ~(0x3<<24); // Pull-up/down disabled
pIOPreg->GPLCON1 &= ~(0x3<<24); // WP_SD1
pIOPreg->GPLPUD &= ~(0x3<<28); // Pull-up/down disabled
#endif
#ifdef _SMDK6410_CH1_EXTCD_
// Setting for card detect pin of HSMMC ch0 on SMDK6410.
pIOPreg->GPNCON = ( pIOPreg->GPNCON & ~(0x3<<20) ) | (0x2<<20); // SD_CD0 by EINT10
pIOPreg->GPNPUD = ( pIOPreg->GPNPUD & ~(0x3<<20) ) | (0x0<<20); // pull-up/down disabled
//pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) ; // Low levertriggered
//pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) ; // Low levertriggered
pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) | (0x2<<20);// Falling edge triggered
pIOPreg->EINT0PEND = ( pIOPreg->EINT0PEND | (0x1<<10) ); //clear EINT10 pending bit
pIOPreg->EINT0MASK = ( pIOPreg->EINT0MASK & ~(0x1<<10)); //enable EINT10
//pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xF<<24)) | (0x3<<24); // MMC CDn1
//pIOPreg->GPGPUD &= ~(0x3<<12); // Pull-up/down disabled
#endif
MmUnmapIoSpace((PVOID)pIOPreg, sizeof(S3C6410_GPIO_REG));
return TRUE;
}
BOOLEAN NTAPI XenGfxVbeInitialize(UCHAR *pShadowPortBase)
{
ULONG Addr;
PHYSICAL_ADDRESS PhysAddr = {0};
UCHAR *pVirtAddr;
TraceVerbose(("====> '%s'.\n", __FUNCTION__));
if (g_VbeInfoInitialized) {
TraceVerbose(("VBE support already initialized?\n"));
return FALSE;
}
// Pull up the VBE table information from the VBE BIOS area.
Addr = (READ_PORT_USHORT((USHORT*)(pShadowPortBase + VGA_PORT_VBE_XVTSEG)) & (0x0000FFFF)) << 4;
Addr = Addr | (READ_PORT_USHORT((USHORT*)(pShadowPortBase + VGA_PORT_VBE_XVTADDR)) & (0x0000FFFF));
PhysAddr.LowPart = Addr;
pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, sizeof(VBE_XENVESA_TABLE), MmNonCached);
if (pVirtAddr == NULL) {
TraceError(("Could not MAP in VBE info table!\n"));
return FALSE;
}
RtlCopyMemory(&g_VbeTable, pVirtAddr, sizeof(VBE_XENVESA_TABLE));
MmUnmapIoSpace(pVirtAddr, sizeof(VBE_XENVESA_TABLE));
// Sanity check the tag for the table
if (RtlCompareMemory(g_VbeTable.Tag, VBE_XENVESA_TAG, sizeof(g_VbeTable.Tag)) != sizeof(g_VbeTable.Tag)) {
TraceError(("Invalid VBE info tag?? Tag value: %.*s\n", sizeof(g_VbeTable.Tag) - 1, g_VbeTable.Tag));
return FALSE;
}
// Pull up the Vesa mode information once up front.
if (!XenGfxPullUpModeInfo()) {
// Errors traced in call
return FALSE;
}
g_VbeInfoInitialized = TRUE;
TraceVerbose(("<==== '%s'.\n", __FUNCTION__));
return TRUE;
}
void *
AcpiOsMapMemory (
ACPI_PHYSICAL_ADDRESS phys,
ACPI_SIZE length)
{
PHYSICAL_ADDRESS Address;
PVOID Ptr;
DPRINT("AcpiOsMapMemory(phys 0x%p size 0x%X)\n", phys, length);
ASSERT(phys);
Address.QuadPart = (ULONG)phys;
Ptr = MmMapIoSpace(Address, length, MmNonCached);
if (!Ptr)
{
DPRINT1("Mapping failed\n");
}
return Ptr;
}
NTSTATUS
AnajoystMapDevice(
DWORD PortBase,
DWORD NumberOfPorts,
PJOY_EXTENSION pJoyExtension
)
{
DWORD MemType;
PHYSICAL_ADDRESS PortAddress;
PHYSICAL_ADDRESS MappedAddress;
MemType = 1; // IO space
PortAddress.LowPart = PortBase;
PortAddress.HighPart = 0;
HalTranslateBusAddress(
Isa,
0,
PortAddress,
&MemType,
&MappedAddress);
if (MemType == 0) {
//
// Map memory type IO space into our address space
//
pJoyExtension->DeviceAddress = (PUCHAR) MmMapIoSpace(MappedAddress,
NumberOfPorts,
FALSE);
}
else
{
pJoyExtension->DeviceAddress = (PUCHAR) MappedAddress.LowPart;
}
return STATUS_SUCCESS;
}
// The function that initilize GPIO for DAT, CD and WP lines.
BOOL CSDHControllerCh0::InitGPIO() {
volatile S3C6410_GPIO_REG *pIOPreg = NULL;
PHYSICAL_ADDRESS ioPhysicalBase = {0,0};
ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO;
pIOPreg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE);
if (pIOPreg == NULL) {
RETAILMSG(TRUE, (TEXT("[HSMMC0] GPIO registers is *NOT* mapped.\n")));
return FALSE;
}
RETAILMSG(TRUE, (TEXT("[HSMMC0] Setting registers for the GPIO.\n")));
pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xFFFFFF)) | (0x222222); // 4'b0010 for the MMC 0
pIOPreg->GPGPUD &= ~(0xFFF); // Pull-up/down disabled
/*
#ifdef _SMDK6410_CH0_WP_
pIOPreg->GPNCON &= ~(0x3<<24); // WP_SD0
pIOPreg->GPNPUD &= ~(0x3<<24); // Pull-up/down disabled
#endif
*/
//#ifndef _SMDK6410_CH0_EXTCD_
pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xF<<24)) | (0x2<<24); // SD CD0
pIOPreg->GPGPUD &= ~(0x3<<12); // Pull-up/down disabled
//#endif
/*
#ifdef _SMDK6410_CH0_EXTCD_
// Setting for card detect pin of HSMMC ch0 on SMDK6410.
pIOPreg->GPNCON = ( pIOPreg->GPNCON & ~(0x3<<26) ) | (0x2<<26); // SD_CD0 by EINT13
pIOPreg->GPNPUD = ( pIOPreg->GPNPUD & ~(0x3<<26) ) | (0x0<<26); // pull-up/down disabled
pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<24)) | (0x7<<24); // Both edge triggered
pIOPreg->EINT0PEND = ( pIOPreg->EINT0PEND | (0x1<<13) ); //clear EINT19 pending bit
pIOPreg->EINT0MASK = ( pIOPreg->EINT0MASK & ~(0x1<<13)); //enable EINT19
#endif
*/
MmUnmapIoSpace((PVOID)pIOPreg, sizeof(S3C6410_GPIO_REG));
return TRUE;
}
VOID WvMemdiskFind(void) {
PHYSICAL_ADDRESS phys_addr;
PUCHAR phys_mem;
UINT32 offset;
BOOLEAN found = FALSE;
/* Find a MEMDISK by scanning for mBFTs. Map the first MiB of memory. */
phys_addr.QuadPart = 0LL;
phys_mem = MmMapIoSpace(phys_addr, 0x100000, MmNonCached);
if (!phys_mem) {
DBG("Could not map low memory\n");
goto err_map;
}
for (offset = 0; offset < 0xFFFF0; offset += 0x10) {
found |= WvMemdiskCheckMbft_(phys_mem, offset, TRUE);
}
MmUnmapIoSpace(phys_mem, 0x100000);
err_map:
DBG("%smBFTs found\n", found ? "" : "No ");
return;
}
BOOL
ACAudioHWContext::HWMapControllerRegs()
{
PHYSICAL_ADDRESS pa;
DEBUGMSG(ZONE_AC, (L"+ACAudioHWContext::HWMapControllerRegs()\r\n"));
// set the power state
if (!m_hParent)
{
DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: "
L"ERROR setting the power state.\r\n"
));
goto ErrExit;
}
m_CurPowerState = D2;
SetDevicePowerState(m_hParent, D2 , NULL);
// get the McBSP pointer
pa.HighPart= 0;
pa.LowPart = AUDIO_MCBSP_REGS_PA;
m_pMCBSPRegisters = (OMAP2420_McBSP_REGS *)MmMapIoSpace(pa, N1KB, FALSE);
if (!m_pMCBSPRegisters)
{
DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: "
L"ERROR mapping MCBSP registers.\r\n"
));
goto ErrExit;
}
// get the PRCM registers pointer
pa.LowPart = OMAP2420_PRCM_REGS_PA;
m_pPRCMRegs = (OMAP2420_PRCM_REGS *)MmMapIoSpace(pa, sizeof(OMAP2420_PRCM_REGS), FALSE);
if (!m_pPRCMRegs)
{
DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: "
L"Allocating PRCM register failed.\r\n"
));
goto ErrExit;
}
// open the SPI device
m_hSPI = SPIOpen();
if (!m_hSPI)
{
DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: "
L"Failed to open the SPI device driver.\r\n"
));
goto ErrExit;
}
// configure the SPI device
if (!SPISetSlaveAddress(m_hSPI, 0))
{
DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: "
L"Failed to set the SPI slave address.\r\n"
));
goto ErrExit;
}
return TRUE;
ErrExit:
// reset all mappings in case of error
m_pMCBSPRegisters = NULL;
m_pPRCMRegs = NULL;
m_hSPI = NULL;
return FALSE;
}
NTSTATUS
DriverDeviceControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS Status = STATUS_UNSUCCESSFUL;
PIO_STACK_LOCATION IrpSp;
ULONG IOControlCode = 0;
ULONG dwBytesWritten = 0;
PCHAR pInBuf = NULL, pOutBuf = NULL;
unsigned int _cpu_thread_id = 0;
unsigned int new_cpu_thread_id = 0;
ULONG _num_active_cpus = 0;
KAFFINITY _kaffinity = 0;
UINT32 core_id = 0;
//
// Get the current IRP stack location of this request
//
IrpSp = IoGetCurrentIrpStackLocation (Irp);
IOControlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode;
DbgPrint( "[chipsec] >>>>>>>>>> IOCTL >>>>>>>>>>\n" );
DbgPrint( "[chipsec] DeviceObject = 0x%x IOCTL = 0x%x\n", DeviceObject, IOControlCode );
DbgPrint( "[chipsec] InputBufferLength = 0x%x, OutputBufferLength = 0x%x\n", IrpSp->Parameters.DeviceIoControl.InputBufferLength, IrpSp->Parameters.DeviceIoControl.OutputBufferLength );
//
// CPU thread ID
//
_num_active_cpus = KeQueryActiveProcessorCount( NULL );
_kaffinity = KeQueryActiveProcessors();
_cpu_thread_id = KeGetCurrentProcessorNumber();
DbgPrint( "[chipsec] Active CPU threads : %d (KeNumberProcessors = %d)\n", _num_active_cpus, KeNumberProcessors );
DbgPrint( "[chipsec] Active CPU mask (KAFFINITY): 0x%08X\n", _kaffinity );
DbgPrint( "[chipsec] Current CPU thread : %d\n", _cpu_thread_id );
//
// Switch on the IOCTL code that is being requested by the user. If the
// operation is a valid one for this device do the needful.
//
Irp -> IoStatus.Information = 0;
switch( IOControlCode )
{
case READ_PCI_CFG_REGISTER:
{
DWORD val;
BYTE size = 0;
WORD bdf[4];
BYTE bus = 0, dev = 0, fun = 0, off = 0;
DbgPrint( "[chipsec] > READ_PCI_CFG_REGISTER\n" );
RtlCopyBytes( bdf,Irp->AssociatedIrp.SystemBuffer, 4*sizeof(WORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 4*sizeof(WORD), sizeof(BYTE) );
bus = (UINT8)bdf[0];
dev = (UINT8)bdf[1];
fun = (UINT8)bdf[2];
off = (UINT8)bdf[3];
if( 1 != size && 2 != size && 4 != size)
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
val = ReadPCICfg( bus, dev, fun, off, size );
IrpSp->Parameters.Read.Length = size;
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&val, size );
DbgPrint( "[chipsec][READ_PCI_CFG_REGISTER] B/D/F: %#04x/%#04x/%#04x, OFFSET: %#04x, value = %#010x (size = 0x%x)\n", bus, dev, fun, off, val, size );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case WRITE_PCI_CFG_REGISTER:
{
DWORD val = 0;
WORD bdf[6];
BYTE bus = 0, dev = 0, fun = 0, off = 0;
BYTE size = 0;
DbgPrint( "[chipsec] > WRITE_PCI_CFG_REGISTER\n" );
RtlCopyBytes( bdf, Irp->AssociatedIrp.SystemBuffer, 6 * sizeof(WORD) );
bus = (UINT8)bdf[0];
dev = (UINT8)bdf[1];
fun = (UINT8)bdf[2];
off = (UINT8)bdf[3];
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 6*sizeof(WORD), sizeof(BYTE) );
val = ((DWORD)bdf[5] << 16) | bdf[4];
DbgPrint( "[chipsec][WRITE_PCI_CFG_REGISTER] B/D/F: %#02x/%#02x/%#02x, OFFSET: %#02x, value = %#010x (size = %#02x)\n", bus, dev, fun, off, val, size );
WritePCICfg( bus, dev, fun, off, size, val );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_READ_PHYSMEM:
{
UINT32 len = 0;
PVOID virt_addr;
PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 };
DbgPrint( "[chipsec] > IOCTL_READ_PHYSMEM\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32))
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
phys_addr.HighPart = ((UINT32*)pInBuf)[0];
phys_addr.LowPart = ((UINT32*)pInBuf)[1];
len = ((UINT32*)pInBuf)[2];
if( !len ) len = 4;
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < len )
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
__try
{
Status = _read_phys_mem( phys_addr, len, pOutBuf );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: exception code 0x%X\n", Status );
break;
}
if( NT_SUCCESS(Status) )
{
DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] Contents:\n" );
_dump_buffer( (unsigned char *)pOutBuf, min(len,0x100) );
dwBytesWritten = len;
}
break;
}
case IOCTL_WRITE_PHYSMEM:
{
UINT32 len = 0;
PVOID virt_addr = 0;
PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 };
DbgPrint( "[chipsec] > IOCTL_WRITE_PHYSMEM\n" );
if( Irp->AssociatedIrp.SystemBuffer )
{
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
phys_addr.HighPart = ((UINT32*)pInBuf)[0];
phys_addr.LowPart = ((UINT32*)pInBuf)[1];
len = ((UINT32*)pInBuf)[2];
((UINT32*)pInBuf) += 3;
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < len + 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] Writing contents:\n" );
_dump_buffer( (unsigned char *)pInBuf, min(len,0x100) );
__try
{
Status = _write_phys_mem( phys_addr, len, pInBuf );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: exception code 0x%X\n", Status );
break;
}
break;
}
}
case IOCTL_ALLOC_PHYSMEM:
{
SIZE_T NumberOfBytes = 0;
PVOID va = 0;
PHYSICAL_ADDRESS HighestAcceptableAddress = { 0xFFFFFFFF, 0xFFFFFFFF };
DbgPrint( "[chipsec] > IOCTL_ALLOC_PHYSMEM\n" );
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf || IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT64) + sizeof(UINT32))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &HighestAcceptableAddress.QuadPart, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
RtlCopyBytes( &NumberOfBytes, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT64), sizeof(UINT32) );
DbgPrint( "[chipsec] Allocating: NumberOfBytes = 0x%X, PhysAddr = 0x%I64x", NumberOfBytes, HighestAcceptableAddress.QuadPart );
va = MmAllocateContiguousMemory( NumberOfBytes, HighestAcceptableAddress );
if( !va )
{
DbgPrint( "[chipsec] ERROR: STATUS_UNSUCCESSFUL - could not allocate memory\n" );
Status = STATUS_UNSUCCESSFUL;
}
else if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < 2*sizeof(UINT64) )
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2*UINT64\n" );
Status = STATUS_BUFFER_TOO_SMALL;
}
else
{
PHYSICAL_ADDRESS pa = MmGetPhysicalAddress( va );
DbgPrint( "[chipsec] Allocated Buffer: VirtAddr = 0x%I64x, PhysAddr = 0x%I64x\n", (UINT64)va, pa.QuadPart );
((UINT64*)pOutBuf)[0] = (UINT64)va;
((UINT64*)pOutBuf)[1] = pa.QuadPart;
IrpSp->Parameters.Read.Length = 2*sizeof(UINT64);
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
}
break;
}
case IOCTL_FREE_PHYSMEM:
{
UINT64 va = 0x0;
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_FREE_PHYSMEM\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
DbgPrint( "[chipsec][IOCTL_FREE_PHYSMEM] Virtual address of the memory being freed: 0x%I64X\n", va );
MmFreeContiguousMemory( (PVOID)va );
IrpSp->Parameters.Read.Length = 0;
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_GET_PHYSADDR:
{
UINT64 va = 0x0;
PHYSICAL_ADDRESS pa = { 0x0, 0x0 };
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_GET_PHYSADDR\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) );
pa = MmGetPhysicalAddress( (PVOID)va );
DbgPrint( "[chipsec][IOCTL_GET_PHYSADDR] Traslated virtual address 0x%I64X to physical: 0x%I64X\n", va, pa.QuadPart, pa.LowPart);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&pa, sizeof(UINT64) );
IrpSp->Parameters.Read.Length = sizeof(UINT64);
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_MAP_IO_SPACE:
{
PVOID va = 0x0;
PHYSICAL_ADDRESS pa = { 0x0, 0x0 };
unsigned int len = 0;
unsigned int cache_type = 0;
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
DbgPrint( "[chipsec] > IOCTL_MAP_IO_SPACE\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != 3*8)
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( &pa, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x00, 0x8 );
RtlCopyBytes( &len, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x08, 0x4 );
RtlCopyBytes( &cache_type, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x10, 0x4 );
va = MmMapIoSpace(pa, len, cache_type);
DbgPrint( "[chipsec][IOCTL_MAP_IO_SPACE] Mapping physical address 0x%016llX to virtual 0x%016llX\n", pa, va);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&va, sizeof(va) );
IrpSp->Parameters.Read.Length = sizeof(va);
dwBytesWritten = sizeof(va);
Status = STATUS_SUCCESS;
break;
}
case IOCTL_LOAD_UCODE_PATCH:
{
PVOID ucode_buf = NULL;
UINT64 ucode_start = 0;
UINT16 ucode_size = 0;
UINT32 _eax = 0, _edx = 0;
int CPUInfo[4] = {-1};
DbgPrint("[chipsec] > IOCTL_LOAD_UCODE_UPDATE\n" );
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT16) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < 3)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( &ucode_size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT16) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Ucode update size = 0x%X\n", ucode_size );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < ucode_size + sizeof(BYTE) + sizeof(UINT16) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < ucode_size + 3)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
ucode_buf = ExAllocatePoolWithTag( NonPagedPool, ucode_size, 0x3184 );
if( !ucode_buf )
{
DbgPrint( "[chipsec] ERROR: couldn't allocate pool for ucode binary\n" );
break;
}
RtlCopyBytes( ucode_buf, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE) + sizeof(UINT16), ucode_size );
ucode_start = (UINT64)ucode_buf;
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update address = 0x%p (eax = 0x%08X, edx = 0x%08X)\n", ucode_start, (UINT32)(ucode_start & 0xFFFFFFFF), (UINT32)((ucode_start >> 32) & 0xFFFFFFFF) );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update contents:\n" );
_dump_buffer( (unsigned char *)ucode_buf, min(ucode_size,0x100) );
// --
// -- trigger CPU ucode patch update
// -- pInBuf points to the beginning of ucode update binary
// --
_wrmsr( MSR_IA32_BIOS_UPDT_TRIG, (UINT32)((ucode_start >> 32) & 0xFFFFFFFF), (UINT32)(ucode_start & 0xFFFFFFFF) );
ExFreePoolWithTag( ucode_buf, 0x3184 );
// --
// -- check if patch was loaded
// --
// -- need to clear IA32_BIOS_SIGN_ID MSR first
// -- CPUID will deposit an update ID value in 64-bit MSR at address MSR_IA32_BIOS_SIGN_ID
// -- read IA32_BIOS_SIGN_ID MSR to check patch ID != 0
// --
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] checking ucode update was loaded..\n" );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] clear IA32_BIOS_SIGN_ID, CPUID EAX=1, read back IA32_BIOS_SIGN_ID\n" );
_wrmsr( MSR_IA32_BIOS_SIGN_ID, 0, 0 );
__cpuid(CPUInfo, 1);
_rdmsr( MSR_IA32_BIOS_SIGN_ID, &_eax, &_edx );
DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] RDMSR( IA32_BIOS_SIGN_ID=0x8b ) = 0x%08x%08x\n", _edx, _eax );
if( 0 != _edx ) DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Microcode update loaded (ID != 0)\n" );
else DbgPrint( "[chipsec] ERROR: Microcode update failed\n" );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_WRMSR:
{
UINT32 msrData[3];
UINT32 _eax = 0, _edx = 0;
unsigned int _msr_addr;
DbgPrint("[chipsec] > IOCTL_WRMSR\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + 3*sizeof(UINT32) )
{
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(BYTE) + 3*sizeof(UINT32))\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_WRMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), 3 * sizeof(UINT32) );
_msr_addr = msrData[0];
_eax = msrData[1];
_edx = msrData[2];
DbgPrint( "[chipsec][IOCTL_WRMSR] WRMSR( 0x%x ) <-- 0x%08x%08x\n", _msr_addr, _edx, _eax );
// --
// -- write MSR
// --
__try
{
_wrmsr( _msr_addr, _edx, _eax );
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: exception code 0x%X\n", Status );
break;
}
// --
// -- read MSR to check if it was written
// --
// _rdmsr( _msr_addr, &_eax, &_edx );
// DbgPrint( "[chipsec][IOCTL_WRMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_RDMSR:
{
UINT32 msrData[1];
UINT32 _eax = 0;
UINT32 _edx = 0;
UINT32 _msr_addr = 0;
DbgPrint("[chipsec] > IOCTL_RDMSR\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
pOutBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: No input provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT32) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER - input buffer size < sizeof(BYTE) + sizeof(UINT32)\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][IOCTL_RDMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT32) );
_msr_addr = msrData[0];
__try
{
_rdmsr( _msr_addr, &_eax, &_edx );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_RDMSR] ERROR: exception code 0x%X\n", Status );
break;
}
DbgPrint( "[chipsec][IOCTL_RDMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax );
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= 2*sizeof(UINT32) )
{
IrpSp->Parameters.Read.Length = 2*sizeof(UINT32);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&_eax, sizeof(UINT32) );
RtlCopyBytes( ((UINT8*)Irp->AssociatedIrp.SystemBuffer) + sizeof(UINT32), (VOID*)&_edx, sizeof(UINT32) );
dwBytesWritten = 2*sizeof(UINT32);
Status = STATUS_SUCCESS;
}
else
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2 UINT32\n" );
Status = STATUS_BUFFER_TOO_SMALL;
}
break;
}
case READ_IO_PORT:
{
DWORD value;
BYTE size = 0;
WORD io_port;
DbgPrint( "[chipsec] > READ_IO_PORT\n" );
RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(BYTE) );
if( 1 != size && 2 != size && 4 != size)
{
DbgPrint( "[chipsec][READ_IO_PORT] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
__try
{
value = ReadIOPort( io_port, size );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][READ_IO_PORT] ERROR: exception code 0x%X\n", Status );
break;
}
IrpSp->Parameters.Read.Length = size;
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&value, size );
DbgPrint( "[chipsec][READ_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case WRITE_IO_PORT:
{
DWORD value = 0;
WORD io_port = 0;
BYTE size = 0;
DbgPrint( "[chipsec] > WRITE_IO_PORT\n" );
RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) );
RtlCopyBytes( &value, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(DWORD) );
RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD) + sizeof(DWORD), sizeof(BYTE) );
DbgPrint( "[chipsec][WRITE_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size );
__try
{
WriteIOPort( value, io_port, size );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][WRITE_IO_PORT] ERROR: exception code 0x%X\n", Status );
break;
}
Status = STATUS_SUCCESS;
break;
}
case GET_CPU_DESCRIPTOR_TABLE:
{
BYTE dt_code = 0;
DESCRIPTOR_TABLE_RECORD dtr;
PDESCRIPTOR_TABLE_RECORD pdtr = &dtr;
PHYSICAL_ADDRESS dt_pa;
DbgPrint( "[chipsec] > GET_CPU_DESCRIPTOR_TABLE\n" );
RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) );
if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0;
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() );
RtlCopyBytes( &dt_code, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(BYTE) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table: %x\n", dt_code );
switch( dt_code )
{
case CPU_DT_CODE_GDTR: { _store_gdtr( (void*)pdtr ); break; }
case CPU_DT_CODE_LDTR: { _store_ldtr( (void*)pdtr ); break; }
case CPU_DT_CODE_IDTR:
default: { _store_idtr( (void*)pdtr ); break; }
}
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table register contents:\n" );
_dump_buffer( (unsigned char *)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] IDTR: Limit = 0x%04x, Base = 0x%I64x\n", dtr.limit, dtr.base );
dt_pa = MmGetPhysicalAddress( (PVOID)dtr.base );
DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table PA: 0x%I64X (0x%08X_%08X)\n", dt_pa.QuadPart, dt_pa.HighPart, dt_pa.LowPart );
IrpSp->Parameters.Read.Length = sizeof(DESCRIPTOR_TABLE_RECORD) + sizeof(dt_pa.QuadPart);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) );
RtlCopyBytes( (UINT8*)Irp->AssociatedIrp.SystemBuffer + sizeof(DESCRIPTOR_TABLE_RECORD), (VOID*)&dt_pa.QuadPart, sizeof(dt_pa.QuadPart) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_SWSMI:
{
CPU_REG_TYPE gprs[6] = {0};
CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0;
unsigned int _smi_code_data = 0;
DbgPrint("[chipsec] > IOCTL_SWSMI\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT16) + sizeof(gprs) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(UINT16) + sizeof(gprs))\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &_smi_code_data, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT16) );
RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT16), sizeof(gprs) );
_rax = gprs[ 0 ];
_rbx = gprs[ 1 ];
_rcx = gprs[ 2 ];
_rdx = gprs[ 3 ];
_rsi = gprs[ 4 ];
_rdi = gprs[ 5 ];
DbgPrint( "[chipsec][IOCTL_SWSMI] SW SMI to ports 0x%X-0x%X <- 0x%04X\n", 0xB2, 0xB3, _smi_code_data );
DbgPrint( " RAX = 0x%I64x\n", _rax );
DbgPrint( " RBX = 0x%I64x\n", _rbx );
DbgPrint( " RCX = 0x%I64x\n", _rcx );
DbgPrint( " RDX = 0x%I64x\n", _rdx );
DbgPrint( " RSI = 0x%I64x\n", _rsi );
DbgPrint( " RDI = 0x%I64x\n", _rdi );
// --
// -- send SMI using port 0xB2
// --
__try
{
_swsmi( _smi_code_data, _rax, _rbx, _rcx, _rdx, _rsi, _rdi );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
break;
}
Status = STATUS_SUCCESS;
break;
}
case IOCTL_CPUID:
{
DWORD CPUInfo[4] = {-1};
DWORD gprs[2] = {0};
DWORD _rax = 0, _rcx = 0;
//CPU_REG_TYPE gprs[6];
//CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0;
DbgPrint("[chipsec] > IOCTL_CPUID\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !pInBuf )
{
DbgPrint( "[chipsec] ERROR: NO data provided\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(gprs) )
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < %d)\n", sizeof(gprs) );
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(gprs) );
_rax = gprs[ 0 ];
_rcx = gprs[ 1 ];
DbgPrint( "[chipsec][IOCTL_CPUID] CPUID:\n" );
DbgPrint( " EAX = 0x%08X\n", _rax );
DbgPrint( " ECX = 0x%08X\n", _rcx );
__cpuidex( CPUInfo, _rax, _rcx );
DbgPrint( "[chipsec][IOCTL_CPUID] CPUID returned:\n" );
DbgPrint( " EAX = 0x%08X\n", CPUInfo[0] );
DbgPrint( " EBX = 0x%08X\n", CPUInfo[1] );
DbgPrint( " ECX = 0x%08X\n", CPUInfo[2] );
DbgPrint( " EDX = 0x%08X\n", CPUInfo[3] );
IrpSp->Parameters.Read.Length = sizeof(CPUInfo);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)CPUInfo, sizeof(CPUInfo) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_WRCR:
{
UINT64 val64 = 0;
CPU_REG_TYPE value = 0;
WORD cr_reg = 0;
DbgPrint( "[chipsec] > WRITE_CR\n" );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg) + sizeof(val64) + sizeof(BYTE)))
{
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) );
RtlCopyBytes( &val64, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg), sizeof(val64) );
new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg) + sizeof(val64));
if( new_cpu_thread_id >= _num_active_cpus )
{
// new_cpu_thread_id = 0;
Status = STATUS_INVALID_PARAMETER;
break;
}
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
value = (CPU_REG_TYPE)val64;
DbgPrint( "[chipsec][WRITE_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value );
switch (cr_reg) {
case 0: WriteCR0(value);
Status = STATUS_SUCCESS;
break;
case 2: WriteCR2(value);
Status = STATUS_SUCCESS;
break;
case 3: WriteCR3(value);
Status = STATUS_SUCCESS;
break;
case 4: WriteCR4(value);
Status = STATUS_SUCCESS;
break;
case 8:
#if defined(_M_AMD64)
WriteCR8(value);
Status = STATUS_SUCCESS;
break;
#endif
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
if( !NT_SUCCESS(Status) ) {
break;
}
dwBytesWritten = 0;
Status = STATUS_SUCCESS;
break;
}
case IOCTL_RDCR:
{
UINT64 val64 = 0;
CPU_REG_TYPE value = 0;
WORD cr_reg = 0;
DbgPrint( "[chipsec] > READ_CR\n" );
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg)+sizeof(BYTE))
|| IrpSp->Parameters.DeviceIoControl.OutputBufferLength < (sizeof(val64))
)
{
Status = STATUS_INVALID_PARAMETER;
break;
}
RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) );
new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg));
if( new_cpu_thread_id >= _num_active_cpus )
{
// new_cpu_thread_id = 0;
Status = STATUS_INVALID_PARAMETER;
break;
}
KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) );
switch (cr_reg) {
case 0: value = ReadCR0();
Status = STATUS_SUCCESS;
break;
case 2: value = ReadCR2();
Status = STATUS_SUCCESS;
break;
case 3: value = ReadCR3();
Status = STATUS_SUCCESS;
break;
case 4: value = ReadCR4();
Status = STATUS_SUCCESS;
break;
case 8:
#if defined(_M_AMD64)
value = ReadCR8();
Status = STATUS_SUCCESS;
break;
#endif
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
if( !NT_SUCCESS(Status) ) {
break;
}
val64 = value;
RtlCopyBytes( (BYTE*)Irp->AssociatedIrp.SystemBuffer, &val64, sizeof(val64) );
dwBytesWritten = sizeof(val64);
DbgPrint( "[chipsec][READ_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value );
Status = STATUS_SUCCESS;
break;
}
case IOCTL_HYPERCALL:
{
CPU_REG_TYPE regs[11] = {0};
CPU_REG_TYPE result = 0;
DbgPrint("[chipsec] > IOCTL_HYPERCALL\n");
pInBuf = Irp->AssociatedIrp.SystemBuffer;
if( !Irp->AssociatedIrp.SystemBuffer ||
IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(regs))
{
DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" );
Status = STATUS_INVALID_PARAMETER;
break;
}
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(result))
{
DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" );
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
RtlCopyBytes( regs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(regs) );
DbgPrint( "[chipsec][IOCTL_HYPERCALL] HYPERCALL:\n" );
#if defined(_M_AMD64)
DbgPrint( " RCX = 0x%016llX RDX = 0x%016llX\n", regs[0], regs[1] );
DbgPrint( " R8 = 0x%016llX R9 = 0x%016llX\n", regs[2], regs[3] );
DbgPrint( " R10 = 0x%016llX R11 = 0x%016llX\n", regs[4], regs[5] );
DbgPrint( " RAX = 0x%016llX RBX = 0x%016llX\n", regs[6], regs[7] );
DbgPrint( " RDI = 0x%016llX RSI = 0x%016llX\n", regs[8], regs[9] );
#endif
#if defined(_M_IX86)
DbgPrint( " EAX = 0x%08X EBX = 0x%08X ECX = 0x%08X\n", regs[6], regs[7], regs[0] );
DbgPrint( " EDX = 0x%08X ESI = 0x%08X EDI = 0x%08X\n", regs[1], regs[8], regs[9] );
#endif
DbgPrint( " XMM0-XMM5 buffer VA = 0x%016llX\n", regs[9] );
__try
{
result = hypercall(regs[0], regs[1], regs[2], regs[3], regs[4], regs[5], regs[6], regs[7], regs[8], regs[9], regs[10], &hypercall_page);
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
Status = GetExceptionCode();
DbgPrint( "[chipsec][IOCTL_HYPERCALL] ERROR: exception code 0x%X\n", Status );
break;
}
DbgPrint( "[chipsec][IOCTL_HYPERCALL] returned: 0x%016llX\n", result);
IrpSp->Parameters.Read.Length = sizeof(result);
RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&result, sizeof(result) );
dwBytesWritten = IrpSp->Parameters.Read.Length;
Status = STATUS_SUCCESS;
break;
}
default:
DbgPrint( "[chipsec] ERROR: invalid IOCTL\n");
Status = STATUS_NOT_IMPLEMENTED;
break;
} // -- switch
static NTSTATUS NTAPI
ConfigCallback(PVOID Context,
PUNICODE_STRING PathName,
INTERFACE_TYPE BusType,
ULONG BusNumber,
PKEY_VALUE_FULL_INFORMATION *BusInformation,
CONFIGURATION_TYPE ControllerType,
ULONG ControllerNumber,
PKEY_VALUE_FULL_INFORMATION *ControllerInformation,
CONFIGURATION_TYPE PeripheralType,
ULONG PeripheralNumber,
PKEY_VALUE_FULL_INFORMATION *PeripheralInformation)
/*
* FUNCTION: Callback to IoQueryDeviceDescription, which tells us about our controllers
* ARGUMENTS:
* Context: Unused
* PathName: Unused
* BusType: Type of the bus that our controller is on
* BusNumber: Number of the bus that our controller is on
* BusInformation: Unused
* ControllerType: Unused
* ControllerNumber: Number of the controller that we're adding
* ControllerInformation: Full configuration information for our controller
* PeripheralType: Unused
* PeripheralNumber: Unused
* PeripheralInformation: Full configuration information for each drive on our controller
* RETURNS:
* STATUS_SUCCESS in all cases
* NOTES:
* - The only documentation I've found about the contents of these structures is
* from the various Microsoft floppy samples and from the DDK headers. They're
* very vague, though, so I'm only mostly sure that this stuff is correct, as
* the MS samples do things completely differently than I have done them. Seems
* to work in my VMWare, though.
* - Basically, the function gets all of the information (port, dma, irq) about the
* controller, and then loops through all of the drives presented in PeripheralInformation.
* - Each controller has a CONTROLLER_INFO created for it, and each drive has a DRIVE_INFO.
* - Device objects are created for each drive (not controller), as that's the targeted
* device in the eyes of the rest of the OS. Each DRIVE_INFO points to a single CONTROLLER_INFO.
* - We only support up to four controllers in the whole system, each of which supports up to four
* drives.
*/
{
PKEY_VALUE_FULL_INFORMATION ControllerFullDescriptor = ControllerInformation[IoQueryDeviceConfigurationData];
PCM_FULL_RESOURCE_DESCRIPTOR ControllerResourceDescriptor = (PCM_FULL_RESOURCE_DESCRIPTOR)((PCHAR)ControllerFullDescriptor +
ControllerFullDescriptor->DataOffset);
PKEY_VALUE_FULL_INFORMATION PeripheralFullDescriptor = PeripheralInformation[IoQueryDeviceConfigurationData];
PCM_FULL_RESOURCE_DESCRIPTOR PeripheralResourceDescriptor = (PCM_FULL_RESOURCE_DESCRIPTOR)((PCHAR)PeripheralFullDescriptor +
PeripheralFullDescriptor->DataOffset);
PCM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptor;
PCM_FLOPPY_DEVICE_DATA FloppyDeviceData;
UCHAR i;
PAGED_CODE();
UNREFERENCED_PARAMETER(PeripheralType);
UNREFERENCED_PARAMETER(PeripheralNumber);
UNREFERENCED_PARAMETER(BusInformation);
UNREFERENCED_PARAMETER(Context);
UNREFERENCED_PARAMETER(ControllerType);
UNREFERENCED_PARAMETER(PathName);
TRACE_(FLOPPY, "ConfigCallback called with ControllerNumber %d\n", ControllerNumber);
gControllerInfo[gNumberOfControllers].ControllerNumber = ControllerNumber;
gControllerInfo[gNumberOfControllers].InterfaceType = BusType;
gControllerInfo[gNumberOfControllers].BusNumber = BusNumber;
/* Get controller interrupt level/vector, dma channel, and port base */
for(i = 0; i < ControllerResourceDescriptor->PartialResourceList.Count; i++)
{
KeInitializeEvent(&gControllerInfo[gNumberOfControllers].SynchEvent, NotificationEvent, FALSE);
PartialDescriptor = &ControllerResourceDescriptor->PartialResourceList.PartialDescriptors[i];
if(PartialDescriptor->Type == CmResourceTypeInterrupt)
{
gControllerInfo[gNumberOfControllers].Level = PartialDescriptor->u.Interrupt.Level;
gControllerInfo[gNumberOfControllers].Vector = PartialDescriptor->u.Interrupt.Vector;
if(PartialDescriptor->Flags & CM_RESOURCE_INTERRUPT_LATCHED)
gControllerInfo[gNumberOfControllers].InterruptMode = Latched;
else
gControllerInfo[gNumberOfControllers].InterruptMode = LevelSensitive;
}
else if(PartialDescriptor->Type == CmResourceTypePort)
{
PHYSICAL_ADDRESS TranslatedAddress;
ULONG AddressSpace = 0x1; /* I/O Port Range */
if(!HalTranslateBusAddress(BusType, BusNumber, PartialDescriptor->u.Port.Start, &AddressSpace, &TranslatedAddress))
{
WARN_(FLOPPY, "HalTranslateBusAddress failed; returning\n");
return STATUS_IO_DEVICE_ERROR;
}
if(AddressSpace == 0)
gControllerInfo[gNumberOfControllers].BaseAddress = MmMapIoSpace(TranslatedAddress, FDC_PORT_BYTES, MmNonCached);
else
gControllerInfo[gNumberOfControllers].BaseAddress = (PUCHAR)(ULONG_PTR)TranslatedAddress.QuadPart;
}
else if(PartialDescriptor->Type == CmResourceTypeDma)
gControllerInfo[gNumberOfControllers].Dma = PartialDescriptor->u.Dma.Channel;
}
/* Start with 0 drives, then go looking */
gControllerInfo[gNumberOfControllers].NumberOfDrives = 0;
/* learn about drives attached to controller */
for(i = 0; i < PeripheralResourceDescriptor->PartialResourceList.Count; i++)
{
PDRIVE_INFO DriveInfo = &gControllerInfo[gNumberOfControllers].DriveInfo[i];
PartialDescriptor = &PeripheralResourceDescriptor->PartialResourceList.PartialDescriptors[i];
if(PartialDescriptor->Type != CmResourceTypeDeviceSpecific)
continue;
FloppyDeviceData = (PCM_FLOPPY_DEVICE_DATA)(PartialDescriptor + 1);
DriveInfo->ControllerInfo = &gControllerInfo[gNumberOfControllers];
DriveInfo->UnitNumber = i;
DriveInfo->FloppyDeviceData.MaxDensity = FloppyDeviceData->MaxDensity;
DriveInfo->FloppyDeviceData.MountDensity = FloppyDeviceData->MountDensity;
DriveInfo->FloppyDeviceData.StepRateHeadUnloadTime = FloppyDeviceData->StepRateHeadUnloadTime;
DriveInfo->FloppyDeviceData.HeadLoadTime = FloppyDeviceData->HeadLoadTime;
DriveInfo->FloppyDeviceData.MotorOffTime = FloppyDeviceData->MotorOffTime;
DriveInfo->FloppyDeviceData.SectorLengthCode = FloppyDeviceData->SectorLengthCode;
DriveInfo->FloppyDeviceData.SectorPerTrack = FloppyDeviceData->SectorPerTrack;
DriveInfo->FloppyDeviceData.ReadWriteGapLength = FloppyDeviceData->ReadWriteGapLength;
DriveInfo->FloppyDeviceData.FormatGapLength = FloppyDeviceData->FormatGapLength;
DriveInfo->FloppyDeviceData.FormatFillCharacter = FloppyDeviceData->FormatFillCharacter;
DriveInfo->FloppyDeviceData.HeadSettleTime = FloppyDeviceData->HeadSettleTime;
DriveInfo->FloppyDeviceData.MotorSettleTime = FloppyDeviceData->MotorSettleTime;
DriveInfo->FloppyDeviceData.MaximumTrackValue = FloppyDeviceData->MaximumTrackValue;
DriveInfo->FloppyDeviceData.DataTransferLength = FloppyDeviceData->DataTransferLength;
/* Once it's all set up, acknowledge its existance in the controller info object */
gControllerInfo[gNumberOfControllers].NumberOfDrives++;
}
gControllerInfo[gNumberOfControllers].Populated = TRUE;
gNumberOfControllers++;
return STATUS_SUCCESS;
}
void DispDrvrInitialize(void)
{
PHYSICAL_ADDRESS ioPhysicalBase = {0,0};
ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_SROMCON;
g_pSROMReg = (volatile S3C6410_SROMCON_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_SROMCON_REG), FALSE);
if (NULL == g_pSROMReg)
{
MYERR((_T("[S1D13521_ERR] pSROMregs = MmMapIoSpace()\r\n")));
return;
}
g_pSROMReg->SROM_BW = (g_pSROMReg->SROM_BW & ~(0xF<<16)) |
(0<<19) | // nWBE/nBE(for UB/LB) control for Memory Bank1(0=Not using UB/LB, 1=Using UB/LB)
(0<<18) | // Wait enable control for Memory Bank1 (0=WAIT disable, 1=WAIT enable)
(1<<16); // Data bus width control for Memory Bank1 (0=8-bit, 1=16-bit)
g_pSROMReg->SROM_BC4 = (0x7<<28) | // Tacs
(0x7<<24) | // Tcos
(0xF<<16) | // Tacc
(0x7<<12) | // Tcoh
(0x7<< 8) | // Tah
(0x7<< 4) | // Tacp
(0x0<< 0); // PMC
ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO;
g_pGPIOPReg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE);
if (NULL == g_pGPIOPReg)
{
MYERR((_T("[S1D13521_ERR] g_pGPIOPReg = MmMapIoSpace()\r\n")));
return;
}
// GPN[8] : EPD_HRDY(8)
g_pGPIOPReg->GPNCON = (g_pGPIOPReg->GPNCON & ~(0x3<<16)) | (0x0<<16); // input mode
g_pGPIOPReg->GPNPUD = (g_pGPIOPReg->GPNPUD & ~(0x3<<16)) | (0x0<<16); // pull-up/down disable
ioPhysicalBase.LowPart = S1D13521_BASE_PA;
g_pS1D13521Reg = (volatile S1D13521_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S1D13521_REG), FALSE);
if (NULL == g_pS1D13521Reg)
{
MYERR((_T("[S1D13521_ERR] g_pS1D13521Reg != MmMapIoSpace()\r\n")));
return;
}
for (int i=0, j=0, v=0; i<DispDrvr_palSize; i++)
{
#if (LCD_BPP == 4)
v = i * 0x11;
#elif (LCD_BPP == 8)
v = i;
#endif
DispDrvr_palette[i].rgbRed = DispDrvr_palette[i].rgbGreen = DispDrvr_palette[i].rgbBlue = v;
DispDrvr_palette[i].rgbReserved = 0;
}
InitializeCriticalSection(&g_CS);
g_hDirtyRect = DirtyRect_Init(workDirtyRect);
S1d13521Initialize((void *)g_pS1D13521Reg, (void *)g_pGPIOPReg);
MSGQUEUEOPTIONS msgopts;
memset(&msgopts, 0, sizeof(msgopts));
msgopts.dwSize = sizeof(msgopts);
msgopts.dwFlags = 0; //MSGQUEUE_ALLOW_BROKEN;
msgopts.dwMaxMessages = 0; // no max number of messages
msgopts.cbMaxMessage = sizeof(DIRTYRECTINFO); // max size of each msg
msgopts.bReadAccess = FALSE;
g_hMQ = CreateMsgQueue(MSGQUEUE_NAME, &msgopts);
MYMSG((_T("[S1D13521_MSG] CreateMsgQueue(Write) == 0x%X\r\n"), g_hMQ));
}
