uint32 peChecksumExecSections(uint8 *peBaseAddr, void *realBase, PEPROCESS proc, PKAPC_STATE apc, PHYSICAL_ADDRESS *physArr) { uint16 numExecSections = peGetNumExecSections(peBaseAddr); uint32 checksum = 0, k, i, j, numRelocs = peGetNumberOfRelocs(peBaseAddr, realBase, proc, apc), relocDelta = peCalculateRelocDiff(peBaseAddr, realBase); uint8 *dataPtr = NULL; PHYSICAL_ADDRESS phys = {0}; SectionData *execSections = (SectionData *) MmAllocateNonCachedMemory( numExecSections * sizeof(SectionData)); peGetExecSections(peBaseAddr, execSections); //DbgPrint("Found %d relocations, delta of: %x\r\n", numRelocs, relocDelta); for (i = 0; i < numExecSections; i++) { uint32 numpages = execSections[i].Size / 0x1000, size = execSections[i].Size; if (numpages * 0x1000 < execSections[i].Size) numpages++; for (k = 0; k < numpages; k++) { KeStackAttachProcess(proc, apc); dataPtr = (uint8 *) MmMapIoSpace(MmGetPhysicalAddress((void *)(((uint32) realBase) + execSections[i].VirtualAddress + (0x1000 * k))), 0x1000, 0); phys = MmGetPhysicalAddress((void *) dataPtr); for (j = 0; j < min(size, 0x1000); j++) { checksum += dataPtr[j]; } MmUnmapIoSpace((void *) dataPtr, 0x1000); size -= 0x1000; KeUnstackDetachProcess(apc); } } // Subtract the relocations from the checksum // TODO Fix incase of lower load address checksum += numRelocs * (relocDelta & 0x000000FF); checksum += numRelocs * ((relocDelta & 0x0000FF00) >> 8); checksum += numRelocs * ((relocDelta & 0x00FF0000) >> 16); checksum += numRelocs * ((relocDelta & 0xFF000000) >> 24); MmFreeNonCachedMemory((void *) execSections, numExecSections * sizeof(SectionData)); return checksum; }
static PVOID OldMapIoSpace( _In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ MEMORY_CACHING_TYPE CacheType, _In_ ULONG Protect ) { PAGED_CODE(); return MmMapIoSpace(PhysicalAddress, NumberOfBytes, CacheType); }
/*---------------------------------------------------------------------------- *Function: CMM_Init *Parameters: dwContext : *Return Value: True/False *Implementation Notes: Initialize JPEG Hardware -----------------------------------------------------------------------------*/ DWORD CMM_Init( DWORD dwContext ) { HANDLE h_Mutex; FREE_MEM_T * freenode; ALLOC_MEM_T * allocnode; PHYSICAL_ADDRESS ioPhysicalBase = {0,0}; printD("\n[CMM_Init]\n"); // Mutex initialization h_Mutex = CreateCMMmutex(); if (h_Mutex == NULL) { RETAILMSG(1, (TEXT("[CMM_Init] CMM Mutex Initialize error : %d \r\n"),GetLastError())); return FALSE; } ioPhysicalBase.LowPart = CODEC_MEM_START; CachedVirAddr = (UINT8 *)MmMapIoSpace(ioPhysicalBase, CODEC_MEM_SIZE, TRUE); if (CachedVirAddr == NULL) { RETAILMSG(1, (TEXT("[CMM_Init] MmMapIoSpace failed: %d\r\n"),GetLastError())); return FALSE; } // init alloc list, if(AllocMemHead == AllocMemTail) then, the list is NULL allocnode = (ALLOC_MEM_T *)malloc(sizeof(ALLOC_MEM_T)); memset(allocnode, 0x00, sizeof(ALLOC_MEM_T)); allocnode->next = allocnode; allocnode->prev = allocnode; AllocMemHead = allocnode; AllocMemTail = AllocMemHead; // init free list, if(FreeMemHead == FreeMemTail) then, the list is NULL freenode = (FREE_MEM_T *)malloc(sizeof(FREE_MEM_T)); memset(freenode, 0x00, sizeof(FREE_MEM_T)); freenode->next = freenode; freenode->prev = freenode; FreeMemHead = freenode; FreeMemTail = FreeMemHead; freenode = (FREE_MEM_T *)malloc(sizeof(FREE_MEM_T)); memset(freenode, 0x00, sizeof(FREE_MEM_T)); freenode->startAddr = CODEC_MEM_START; freenode->size = CODEC_MEM_SIZE; InsertNodeToFreeList(freenode, -1); return TRUE; }
/* * @implemented */ PVOID NTAPI MmMapVideoDisplay(IN PHYSICAL_ADDRESS PhysicalAddress, IN SIZE_T NumberOfBytes, IN MEMORY_CACHING_TYPE CacheType) { PAGED_CODE(); // // Call the real function // return MmMapIoSpace(PhysicalAddress, NumberOfBytes, CacheType); }
NTSTATUS _write_phys_mem( PHYSICAL_ADDRESS pa, unsigned int len, void * pData ) { void * va = MmMapIoSpace( pa, len, MmCached ); if( !va ) { DbgPrint( "[chipsec] ERROR: no space for mapping\n" ); return STATUS_UNSUCCESSFUL; } DbgPrint( "[chipsec] writing %d bytes to physical address 0x%08x_%08x (virtual = %#010x)", len, pa.HighPart, pa.LowPart, (unsigned int)va ); RtlCopyMemory( va, pData, len ); MmUnmapIoSpace( va, len ); return STATUS_SUCCESS; }
BOOL InitializeAddresses(VOID) { BOOL RetValue = TRUE; PHYSICAL_ADDRESS ioPhysicalBase = {S3C6410_BASE_REG_PA_GPIO,0}; v_pGPIORegs = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE); if (v_pGPIORegs == NULL) { DEBUGMSG(ZONE_ERROR, (TEXT("[GPIO] v_pGPIORegs MmMapIoSpace() Failed \r\n"))); RetValue = FALSE; } return(RetValue); }
/*---------------------------------------------------------------------------- *Function: Phy2VirAddr *Parameters: dwContext : *Return Value: True/False *Implementation Notes: memory mapping from physical addr to virtual addr -----------------------------------------------------------------------------*/ void *Phy2VirAddr(UINT32 phy_addr, int mem_size) { void *mappedAddr = NULL; PHYSICAL_ADDRESS ioPhysicalBase = {0,0}; ioPhysicalBase.LowPart = phy_addr; mappedAddr = MmMapIoSpace(ioPhysicalBase, mem_size, FALSE); if (mappedAddr == NULL) { RETAILMSG(1, (L"[MFC:ERR] %s : Mapping Failed [PA:0x%08x]\n\r", __FUNCTION__, phy_addr)); } return mappedAddr; }
PUCHAR SoundMapPortAddress( INTERFACE_TYPE BusType, ULONG BusNumber, ULONG PortBase, ULONG Length, PULONG MemType ) /*++ Routine Description : Map a physical device port address to an address we can pass to READ/WRITE_PORT_UCHAR/USHORT etc Arguments : BusType - type of bus BusNumber - bus number PortBase - The port start address Length - how many bytes of port space to map (needed by MmMapIoSpace) Return Value : The virtual port address --*/ { PHYSICAL_ADDRESS PortAddress; PHYSICAL_ADDRESS MappedAddress; *MemType = 1; // IO space PortAddress.LowPart = PortBase; PortAddress.HighPart = 0; HalTranslateBusAddress( BusType, BusNumber, PortAddress, MemType, &MappedAddress); if (*MemType == 0) { // // Map memory type IO space into our address space // return (PUCHAR)MmMapIoSpace(MappedAddress, Length, FALSE); } else { return (PUCHAR)MappedAddress.LowPart; } }
void * hax_map_page_frame(uint64 pfn, hax_kmap_phys *kmap) { PHYSICAL_ADDRESS addr; PVOID kva; if (!kmap) { hax_error("%s: kmap == NULL\n", __func__); return NULL; } addr.QuadPart = (LONGLONG)(pfn << PG_ORDER_4K); kva = MmMapIoSpace(addr, PAGE_SIZE_4K, MmCached); kmap->kva = kva; return kva; }
/* * @implemented */ NDIS_STATUS EXPORT NdisMMapIoSpace( OUT PVOID *VirtualAddress, IN NDIS_HANDLE MiniportAdapterHandle, IN NDIS_PHYSICAL_ADDRESS PhysicalAddress, IN UINT Length) /* * FUNCTION: Maps a bus-relative address to a system-wide virtual address * ARGUMENTS: * VirtualAddress: receives virtual address of mapping * MiniportAdapterHandle: Handle originally input to MiniportInitialize * PhysicalAddress: bus-relative address to map * Length: Number of bytes to map * RETURNS: * NDIS_STATUS_SUCCESS: the operation completed successfully * NDIS_STATUS_RESOURCE_CONFLICT: the physical address range is already claimed * NDIS_STATUS_RESOURCES: insufficient resources to complete the mapping * NDIS_STATUS_FAILURE: a general failure has occured * NOTES: * - Must be called at IRQL = PASSIVE_LEVEL */ { PLOGICAL_ADAPTER Adapter = MiniportAdapterHandle; ULONG AddressSpace = 0; /* Memory Space */ NDIS_PHYSICAL_ADDRESS TranslatedAddress; PAGED_CODE(); ASSERT(VirtualAddress && MiniportAdapterHandle); NDIS_DbgPrint(MAX_TRACE, ("Called\n")); if(!HalTranslateBusAddress(Adapter->NdisMiniportBlock.BusType, Adapter->NdisMiniportBlock.BusNumber, PhysicalAddress, &AddressSpace, &TranslatedAddress)) { NDIS_DbgPrint(MIN_TRACE, ("Unable to translate address\n")); return NDIS_STATUS_RESOURCES; } *VirtualAddress = MmMapIoSpace(TranslatedAddress, Length, MmNonCached); if(!*VirtualAddress) { NDIS_DbgPrint(MIN_TRACE, ("MmMapIoSpace failed\n")); return NDIS_STATUS_RESOURCES; } return NDIS_STATUS_SUCCESS; }
BOOLEAN NTAPI XenGfxVbeGetEdid(UCHAR *pChildDescriptor, ULONG Length) { ULONG Addr; PHYSICAL_ADDRESS PhysAddr = {0}; UCHAR *pVirtAddr; USHORT XRes, YRes; TraceVerbose(("====> '%s'.\n", __FUNCTION__)); if (!g_VbeInfoInitialized) { return FALSE; } if ((pChildDescriptor == NULL)||(Length < VBE_EDID_SIZE)) { return FALSE; } // Find the EDID and map it in. The spinlock is not needed since the // EDID is a static/ro chunk (after initialization). Addr = ((ULONG)g_VbeTable.EdidSeg & (0x0000FFFF)); Addr = Addr << 4; Addr = Addr | ((ULONG)g_VbeTable.EdidAddr & (0x0000FFFF)); PhysAddr.LowPart = Addr; pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, VBE_EDID_SIZE, MmNonCached); if (pVirtAddr == NULL) { TraceError(("Could not MAP in EDID virtual address!\n")); return FALSE; } RtlCopyMemory(pChildDescriptor, pVirtAddr, VBE_EDID_SIZE); MmUnmapIoSpace(pVirtAddr, VBE_EDID_SIZE); // Fix up EDID with resolution on this system. WRITE_PORT_USHORT((USHORT*)VBE_PORT_INDEX, VBE_DISPI_INDEX_EDID_XRES); XRes = READ_PORT_USHORT((USHORT*)VBE_PORT_DATA); WRITE_PORT_USHORT((USHORT*)VBE_PORT_INDEX, VBE_DISPI_INDEX_EDID_YRES); YRes = READ_PORT_USHORT((USHORT*)VBE_PORT_DATA); *(pChildDescriptor + 0x38) = (UCHAR)(XRes & 0x00FF); *(pChildDescriptor + 0x3A) = (UCHAR)(((XRes >> 8) & 0x000F) << 4); *(pChildDescriptor + 0x3B) = (UCHAR)(YRes & 0x00FF); *(pChildDescriptor + 0x3D) = (UCHAR)(((YRes >> 8) & 0x000F) << 4); TraceVerbose(("<==== '%s'.\n", __FUNCTION__)); return TRUE; }
uint8 * peMapInImageHeader(PHYSICAL_ADDRESS physAddr) { uint8 *pePtr = NULL; uint32 imageSize = 0; pePtr = MmMapIoSpace(physAddr, PAGE_SIZE, 0); if (pePtr == NULL || *pePtr != 'M' || *(pePtr + 1) != 'Z') { DbgPrint("Invalid physical address!"); if (pePtr != NULL) MmUnmapIoSpace(pePtr, PAGE_SIZE); return NULL; } return pePtr; }
void setup_APIC_BASE(void) { PHYSICAL_ADDRESS Physical_APIC_BASE; DbgPrint("Fetching the APIC base\n"); Physical_APIC_BASE.QuadPart=readMSR(MSR_IA32_APICBASE) & 0xFFFFFFFFFFFFF000ULL; DbgPrint("Physical_APIC_BASE=%p\n", Physical_APIC_BASE.QuadPart); APIC_BASE = (PAPIC)MmMapIoSpace(Physical_APIC_BASE, sizeof(APIC), MmNonCached); DbgPrint("APIC_BASE at %p\n", APIC_BASE); }
/** @func void | retrievs and sets the GPIO base. @comm @xref **/ void InitGPIOBaseAddr() { //DWORD dwIOBase; DWORD dwIOSize; PHYSICAL_ADDRESS IOPhyAdr= { S3C6410_BASE_REG_PA_GPIO, 0 }; // RETAILMSG(PIO_DBG_MSG, (TEXT("++InitGPIOAddr\r\n"))); dwIOSize = sizeof(S3C6410_GPIO_REG); if (NULL == v_pIOP_PIO_regs) { v_pIOP_PIO_regs = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(IOPhyAdr, (ULONG)dwIOSize, FALSE); if ( NULL == v_pIOP_PIO_regs) { RETAILMSG(EPCTL_ERR_MSG, (TEXT("GPIO init address failed PIO\r\n"))); } } }
PVOID NTAPI MiFindContiguousMemory(IN PFN_NUMBER LowestPfn, IN PFN_NUMBER HighestPfn, IN PFN_NUMBER BoundaryPfn, IN PFN_NUMBER SizeInPages, IN MEMORY_CACHING_TYPE CacheType) { PFN_NUMBER Page; PHYSICAL_ADDRESS PhysicalAddress; PMMPFN Pfn1, EndPfn; PMMPTE PointerPte; PVOID BaseAddress; PAGED_CODE(); ASSERT(SizeInPages != 0); // // Our last hope is to scan the free page list for contiguous pages // Page = MiFindContiguousPages(LowestPfn, HighestPfn, BoundaryPfn, SizeInPages, CacheType); if (!Page) return NULL; // // We'll just piggyback on the I/O memory mapper // PhysicalAddress.QuadPart = Page << PAGE_SHIFT; BaseAddress = MmMapIoSpace(PhysicalAddress, SizeInPages << PAGE_SHIFT, CacheType); ASSERT(BaseAddress); /* Loop the PFN entries */ Pfn1 = MiGetPfnEntry(Page); EndPfn = Pfn1 + SizeInPages; PointerPte = MiAddressToPte(BaseAddress); do { /* Write the PTE address */ Pfn1->PteAddress = PointerPte; Pfn1->u4.PteFrame = PFN_FROM_PTE(MiAddressToPte(PointerPte++)); } while (++Pfn1 < EndPfn); /* Return the address */ return BaseAddress; }
int set_irq1(int intNumber) { unsigned char *pIoRegSel; DWORD *pIoWin; int ch,temp; PHYSICAL_ADDRESS phys; PVOID pAddr; RtlZeroMemory(&phys,sizeof(PHYSICAL_ADDRESS)); ch = intNumber; phys.u.LowPart = 0xFEC00000; pAddr = MmMapIoSpace(phys, 0x14, MmNonCached); //if (pAddr == NULL) if (!MmIsAddressValid(pAddr)) return 0; temp = *(PDWORD)pAddr; pIoRegSel = (unsigned char *)pAddr; pIoWin = (DWORD *)((unsigned char *)(pAddr) + 0x10); //{ // int i; // unsigned char j; // // for (i = 0, j = 0x10; i <= 0x17; i++, j += 2) // { // *pIoRegSel = j; // ch = *pIoWin; // DbgPrint("RedTbl[%02d]: 0x%02X\n", i, ch); // } //} *pIoRegSel = 0x12; // irq1 ch = *pIoWin; ch &= 0xffffff00; ch |= intNumber; *pIoWin = ch; MmUnmapIoSpace(pAddr, 0x14); return ch; }
static BOOLEAN NTAPI XenGfxPullUpModeInfo(VOID) { ULONG Addr; PHYSICAL_ADDRESS PhysAddr = {0}; UCHAR *pVirtAddr; ULONG Size = 0; MODE_INFO_ITEM *pCurrentMode; // Map the table and copy it up (plus any extra junk). The spinlock is not // needed since the mode table is a static/ro chunk. Addr = ((ULONG)g_VbeTable.ModesSeg & (0x0000FFFF)); Addr = Addr << 4; Addr = Addr | ((ULONG)g_VbeTable.ModesAddr & (0x0000FFFF)); PhysAddr.LowPart = Addr; pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, MODE_SIZE, MmNonCached); if (pVirtAddr == NULL) { TraceError(("Could not MAP in Mode Info List virtual address!\n")); return FALSE; } RtlCopyMemory(g_ModeInfoList, pVirtAddr, MODE_SIZE); MmUnmapIoSpace(pVirtAddr, MODE_SIZE); // Check and cleanup the table pCurrentMode = (MODE_INFO_ITEM*)g_ModeInfoList; while (pCurrentMode->ModeNumber != XENVBE_MODE_END_OF_LIST) { if (Size + 2 >= MODE_SIZE) { // This should never happen. The table is static but if it did ever happens, // this routine could be changed to use dynamic allocation (note this would // leak though since there is not unload call to use in video drivers). TraceError(("Unexpected Mode Info List overflow! Incorrect size: %d\n", Size)); return FALSE; } Size += sizeof(MODE_INFO_ITEM); pCurrentMode++; } // Clear out the tail end so it is easy to see where the end of the table is // for debugging purposes. Skip the terminator. Size += 2; RtlZeroMemory(g_ModeInfoList + Size, MODE_SIZE - Size); return TRUE; }
BOOLEAN HalpMapIoControlSpace ( VOID ) /*++ Routine Description: This routine maps the HAL SIO control space for a PowerPC system. Arguments: None. Return Value: If the initialization is successfully completed, then a value of TRUE is returned. Otherwise, a value of FALSE is returned. --*/ { PHYSICAL_ADDRESS physicalAddress; // // Map SIO control space. // physicalAddress.HighPart = 0; physicalAddress.LowPart = IO_CONTROL_PHYSICAL_BASE; HalpIoControlBase = MmMapIoSpace(physicalAddress, PAGE_SIZE * 16, FALSE); if (HalpIoControlBase == NULL) return FALSE; else return TRUE; }
/** * Maps the I/O space from VMMDev to virtual kernel address space. * * @return NTSTATUS * * @param pDevExt The device extension. * @param physicalAdr Physical address to map. * @param ulLength Length (in bytes) to map. * @param ppvMMIOBase Pointer of mapped I/O base. * @param pcbMMIO Length of mapped I/O base. */ NTSTATUS vboxguestwinMapVMMDevMemory(PVBOXGUESTDEVEXT pDevExt, PHYSICAL_ADDRESS physicalAdr, ULONG ulLength, void **ppvMMIOBase, uint32_t *pcbMMIO) { AssertPtrReturn(pDevExt, VERR_INVALID_POINTER); AssertPtrReturn(ppvMMIOBase, VERR_INVALID_POINTER); /* pcbMMIO is optional. */ NTSTATUS rc = STATUS_SUCCESS; if (physicalAdr.LowPart > 0) /* We're mapping below 4GB. */ { VMMDevMemory *pVMMDevMemory = (VMMDevMemory *)MmMapIoSpace(physicalAdr, ulLength, MmNonCached); Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: pVMMDevMemory = 0x%x\n", pVMMDevMemory)); if (pVMMDevMemory) { Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: VMMDevMemory: Version = 0x%x, Size = %d\n", pVMMDevMemory->u32Version, pVMMDevMemory->u32Size)); /* Check version of the structure; do we have the right memory version? */ if (pVMMDevMemory->u32Version != VMMDEV_MEMORY_VERSION) { Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: Wrong version (%u), refusing operation!\n", pVMMDevMemory->u32Version)); /* Not our version, refuse operation and unmap the memory. */ vboxguestwinUnmapVMMDevMemory(pDevExt); rc = STATUS_UNSUCCESSFUL; } else { /* Save results. */ *ppvMMIOBase = pVMMDevMemory; if (pcbMMIO) /* Optional. */ *pcbMMIO = pVMMDevMemory->u32Size; Log(("VBoxGuest::vboxguestwinMapVMMDevMemory: VMMDevMemory found and mapped! pvMMIOBase = 0x%p\n", *ppvMMIOBase)); } } else rc = STATUS_UNSUCCESSFUL; } return rc; }
void setup_APIC_BASE(void) { PHYSICAL_ADDRESS Physical_APIC_BASE; UINT64 APIC_BASE_VALUE = readMSR(MSR_IA32_APICBASE); DbgPrint("Fetching the APIC base\n"); Physical_APIC_BASE.QuadPart = APIC_BASE_VALUE & 0xFFFFFFFFFFFFF000ULL; DbgPrint("Physical_APIC_BASE=%p\n", Physical_APIC_BASE.QuadPart); APIC_BASE = (PAPIC)MmMapIoSpace(Physical_APIC_BASE, sizeof(APIC), MmNonCached); DbgPrint("APIC_BASE at %p\n", APIC_BASE); x2APICMode = (APIC_BASE_VALUE & (1 << 10))!=0; DbgPrint("x2APICMode=%d\n", x2APICMode); }
// The function that initilize GPIO for DAT, CD and WP lines. BOOL CSDHControllerCh1::InitGPIO() { //volatile S3C6410_GPIO_REG *pIOPreg = NULL; PHYSICAL_ADDRESS ioPhysicalBase = {0,0}; ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO; pIOPreg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE); if (pIOPreg == NULL) { RETAILMSG(TRUE, (TEXT("[HSMMC1] GPIO registers is *NOT* mapped.\n"))); return FALSE; } RETAILMSG(TRUE, (TEXT("[HSMMC1] Setting registers for the GPIO.\n"))); #ifdef _SMDK6410_CH1_8BIT_ pIOPreg->GPHCON0 = (pIOPreg->GPHCON0 & ~(0xFFFFFFFF)) | (0x22222222); // 4'b0010 for the MMC 1 pIOPreg->GPHCON1 = (pIOPreg->GPHCON1 &~(0xFF)) | (0x22); // 4'b0010 for the MMC 1 pIOPreg->GPHPUD &= ~(0xFFFFF); // Pull-up/down disabled #else // DAT 4-Bit pIOPreg->GPHCON0 = (pIOPreg->GPHCON0 & ~(0xFFFFFF)) | (0x222222); // 4'b0010 for the MMC 1 pIOPreg->GPHPUD &= ~(0xFFF); // Pull-up/down disabled #endif #ifdef _SMDK6410_CH1_WP_ // pIOPreg->GPFCON &= ~(0x3<<24); // WP_SD1 //pIOPreg->GPFPUD &= ~(0x3<<24); // Pull-up/down disabled pIOPreg->GPLCON1 &= ~(0x3<<24); // WP_SD1 pIOPreg->GPLPUD &= ~(0x3<<28); // Pull-up/down disabled #endif #ifdef _SMDK6410_CH1_EXTCD_ // Setting for card detect pin of HSMMC ch0 on SMDK6410. pIOPreg->GPNCON = ( pIOPreg->GPNCON & ~(0x3<<20) ) | (0x2<<20); // SD_CD0 by EINT10 pIOPreg->GPNPUD = ( pIOPreg->GPNPUD & ~(0x3<<20) ) | (0x0<<20); // pull-up/down disabled //pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) ; // Low levertriggered //pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) ; // Low levertriggered pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<20)) | (0x2<<20);// Falling edge triggered pIOPreg->EINT0PEND = ( pIOPreg->EINT0PEND | (0x1<<10) ); //clear EINT10 pending bit pIOPreg->EINT0MASK = ( pIOPreg->EINT0MASK & ~(0x1<<10)); //enable EINT10 //pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xF<<24)) | (0x3<<24); // MMC CDn1 //pIOPreg->GPGPUD &= ~(0x3<<12); // Pull-up/down disabled #endif MmUnmapIoSpace((PVOID)pIOPreg, sizeof(S3C6410_GPIO_REG)); return TRUE; }
BOOLEAN NTAPI XenGfxVbeInitialize(UCHAR *pShadowPortBase) { ULONG Addr; PHYSICAL_ADDRESS PhysAddr = {0}; UCHAR *pVirtAddr; TraceVerbose(("====> '%s'.\n", __FUNCTION__)); if (g_VbeInfoInitialized) { TraceVerbose(("VBE support already initialized?\n")); return FALSE; } // Pull up the VBE table information from the VBE BIOS area. Addr = (READ_PORT_USHORT((USHORT*)(pShadowPortBase + VGA_PORT_VBE_XVTSEG)) & (0x0000FFFF)) << 4; Addr = Addr | (READ_PORT_USHORT((USHORT*)(pShadowPortBase + VGA_PORT_VBE_XVTADDR)) & (0x0000FFFF)); PhysAddr.LowPart = Addr; pVirtAddr = (UCHAR*)MmMapIoSpace(PhysAddr, sizeof(VBE_XENVESA_TABLE), MmNonCached); if (pVirtAddr == NULL) { TraceError(("Could not MAP in VBE info table!\n")); return FALSE; } RtlCopyMemory(&g_VbeTable, pVirtAddr, sizeof(VBE_XENVESA_TABLE)); MmUnmapIoSpace(pVirtAddr, sizeof(VBE_XENVESA_TABLE)); // Sanity check the tag for the table if (RtlCompareMemory(g_VbeTable.Tag, VBE_XENVESA_TAG, sizeof(g_VbeTable.Tag)) != sizeof(g_VbeTable.Tag)) { TraceError(("Invalid VBE info tag?? Tag value: %.*s\n", sizeof(g_VbeTable.Tag) - 1, g_VbeTable.Tag)); return FALSE; } // Pull up the Vesa mode information once up front. if (!XenGfxPullUpModeInfo()) { // Errors traced in call return FALSE; } g_VbeInfoInitialized = TRUE; TraceVerbose(("<==== '%s'.\n", __FUNCTION__)); return TRUE; }
void * AcpiOsMapMemory ( ACPI_PHYSICAL_ADDRESS phys, ACPI_SIZE length) { PHYSICAL_ADDRESS Address; PVOID Ptr; DPRINT("AcpiOsMapMemory(phys 0x%p size 0x%X)\n", phys, length); ASSERT(phys); Address.QuadPart = (ULONG)phys; Ptr = MmMapIoSpace(Address, length, MmNonCached); if (!Ptr) { DPRINT1("Mapping failed\n"); } return Ptr; }
NTSTATUS AnajoystMapDevice( DWORD PortBase, DWORD NumberOfPorts, PJOY_EXTENSION pJoyExtension ) { DWORD MemType; PHYSICAL_ADDRESS PortAddress; PHYSICAL_ADDRESS MappedAddress; MemType = 1; // IO space PortAddress.LowPart = PortBase; PortAddress.HighPart = 0; HalTranslateBusAddress( Isa, 0, PortAddress, &MemType, &MappedAddress); if (MemType == 0) { // // Map memory type IO space into our address space // pJoyExtension->DeviceAddress = (PUCHAR) MmMapIoSpace(MappedAddress, NumberOfPorts, FALSE); } else { pJoyExtension->DeviceAddress = (PUCHAR) MappedAddress.LowPart; } return STATUS_SUCCESS; }
// The function that initilize GPIO for DAT, CD and WP lines. BOOL CSDHControllerCh0::InitGPIO() { volatile S3C6410_GPIO_REG *pIOPreg = NULL; PHYSICAL_ADDRESS ioPhysicalBase = {0,0}; ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO; pIOPreg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE); if (pIOPreg == NULL) { RETAILMSG(TRUE, (TEXT("[HSMMC0] GPIO registers is *NOT* mapped.\n"))); return FALSE; } RETAILMSG(TRUE, (TEXT("[HSMMC0] Setting registers for the GPIO.\n"))); pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xFFFFFF)) | (0x222222); // 4'b0010 for the MMC 0 pIOPreg->GPGPUD &= ~(0xFFF); // Pull-up/down disabled /* #ifdef _SMDK6410_CH0_WP_ pIOPreg->GPNCON &= ~(0x3<<24); // WP_SD0 pIOPreg->GPNPUD &= ~(0x3<<24); // Pull-up/down disabled #endif */ //#ifndef _SMDK6410_CH0_EXTCD_ pIOPreg->GPGCON = (pIOPreg->GPGCON & ~(0xF<<24)) | (0x2<<24); // SD CD0 pIOPreg->GPGPUD &= ~(0x3<<12); // Pull-up/down disabled //#endif /* #ifdef _SMDK6410_CH0_EXTCD_ // Setting for card detect pin of HSMMC ch0 on SMDK6410. pIOPreg->GPNCON = ( pIOPreg->GPNCON & ~(0x3<<26) ) | (0x2<<26); // SD_CD0 by EINT13 pIOPreg->GPNPUD = ( pIOPreg->GPNPUD & ~(0x3<<26) ) | (0x0<<26); // pull-up/down disabled pIOPreg->EINT0CON0 = ( pIOPreg->EINT0CON0 & ~(0x7<<24)) | (0x7<<24); // Both edge triggered pIOPreg->EINT0PEND = ( pIOPreg->EINT0PEND | (0x1<<13) ); //clear EINT19 pending bit pIOPreg->EINT0MASK = ( pIOPreg->EINT0MASK & ~(0x1<<13)); //enable EINT19 #endif */ MmUnmapIoSpace((PVOID)pIOPreg, sizeof(S3C6410_GPIO_REG)); return TRUE; }
VOID WvMemdiskFind(void) { PHYSICAL_ADDRESS phys_addr; PUCHAR phys_mem; UINT32 offset; BOOLEAN found = FALSE; /* Find a MEMDISK by scanning for mBFTs. Map the first MiB of memory. */ phys_addr.QuadPart = 0LL; phys_mem = MmMapIoSpace(phys_addr, 0x100000, MmNonCached); if (!phys_mem) { DBG("Could not map low memory\n"); goto err_map; } for (offset = 0; offset < 0xFFFF0; offset += 0x10) { found |= WvMemdiskCheckMbft_(phys_mem, offset, TRUE); } MmUnmapIoSpace(phys_mem, 0x100000); err_map: DBG("%smBFTs found\n", found ? "" : "No "); return; }
BOOL ACAudioHWContext::HWMapControllerRegs() { PHYSICAL_ADDRESS pa; DEBUGMSG(ZONE_AC, (L"+ACAudioHWContext::HWMapControllerRegs()\r\n")); // set the power state if (!m_hParent) { DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: " L"ERROR setting the power state.\r\n" )); goto ErrExit; } m_CurPowerState = D2; SetDevicePowerState(m_hParent, D2 , NULL); // get the McBSP pointer pa.HighPart= 0; pa.LowPart = AUDIO_MCBSP_REGS_PA; m_pMCBSPRegisters = (OMAP2420_McBSP_REGS *)MmMapIoSpace(pa, N1KB, FALSE); if (!m_pMCBSPRegisters) { DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: " L"ERROR mapping MCBSP registers.\r\n" )); goto ErrExit; } // get the PRCM registers pointer pa.LowPart = OMAP2420_PRCM_REGS_PA; m_pPRCMRegs = (OMAP2420_PRCM_REGS *)MmMapIoSpace(pa, sizeof(OMAP2420_PRCM_REGS), FALSE); if (!m_pPRCMRegs) { DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: " L"Allocating PRCM register failed.\r\n" )); goto ErrExit; } // open the SPI device m_hSPI = SPIOpen(); if (!m_hSPI) { DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: " L"Failed to open the SPI device driver.\r\n" )); goto ErrExit; } // configure the SPI device if (!SPISetSlaveAddress(m_hSPI, 0)) { DEBUGMSG(ZONE_ERROR, (L"ACAudioHWContext::HWMapControllerRegs: " L"Failed to set the SPI slave address.\r\n" )); goto ErrExit; } return TRUE; ErrExit: // reset all mappings in case of error m_pMCBSPRegisters = NULL; m_pPRCMRegs = NULL; m_hSPI = NULL; return FALSE; }
NTSTATUS DriverDeviceControl( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NTSTATUS Status = STATUS_UNSUCCESSFUL; PIO_STACK_LOCATION IrpSp; ULONG IOControlCode = 0; ULONG dwBytesWritten = 0; PCHAR pInBuf = NULL, pOutBuf = NULL; unsigned int _cpu_thread_id = 0; unsigned int new_cpu_thread_id = 0; ULONG _num_active_cpus = 0; KAFFINITY _kaffinity = 0; UINT32 core_id = 0; // // Get the current IRP stack location of this request // IrpSp = IoGetCurrentIrpStackLocation (Irp); IOControlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode; DbgPrint( "[chipsec] >>>>>>>>>> IOCTL >>>>>>>>>>\n" ); DbgPrint( "[chipsec] DeviceObject = 0x%x IOCTL = 0x%x\n", DeviceObject, IOControlCode ); DbgPrint( "[chipsec] InputBufferLength = 0x%x, OutputBufferLength = 0x%x\n", IrpSp->Parameters.DeviceIoControl.InputBufferLength, IrpSp->Parameters.DeviceIoControl.OutputBufferLength ); // // CPU thread ID // _num_active_cpus = KeQueryActiveProcessorCount( NULL ); _kaffinity = KeQueryActiveProcessors(); _cpu_thread_id = KeGetCurrentProcessorNumber(); DbgPrint( "[chipsec] Active CPU threads : %d (KeNumberProcessors = %d)\n", _num_active_cpus, KeNumberProcessors ); DbgPrint( "[chipsec] Active CPU mask (KAFFINITY): 0x%08X\n", _kaffinity ); DbgPrint( "[chipsec] Current CPU thread : %d\n", _cpu_thread_id ); // // Switch on the IOCTL code that is being requested by the user. If the // operation is a valid one for this device do the needful. // Irp -> IoStatus.Information = 0; switch( IOControlCode ) { case READ_PCI_CFG_REGISTER: { DWORD val; BYTE size = 0; WORD bdf[4]; BYTE bus = 0, dev = 0, fun = 0, off = 0; DbgPrint( "[chipsec] > READ_PCI_CFG_REGISTER\n" ); RtlCopyBytes( bdf,Irp->AssociatedIrp.SystemBuffer, 4*sizeof(WORD) ); RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 4*sizeof(WORD), sizeof(BYTE) ); bus = (UINT8)bdf[0]; dev = (UINT8)bdf[1]; fun = (UINT8)bdf[2]; off = (UINT8)bdf[3]; if( 1 != size && 2 != size && 4 != size) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } val = ReadPCICfg( bus, dev, fun, off, size ); IrpSp->Parameters.Read.Length = size; RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&val, size ); DbgPrint( "[chipsec][READ_PCI_CFG_REGISTER] B/D/F: %#04x/%#04x/%#04x, OFFSET: %#04x, value = %#010x (size = 0x%x)\n", bus, dev, fun, off, val, size ); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case WRITE_PCI_CFG_REGISTER: { DWORD val = 0; WORD bdf[6]; BYTE bus = 0, dev = 0, fun = 0, off = 0; BYTE size = 0; DbgPrint( "[chipsec] > WRITE_PCI_CFG_REGISTER\n" ); RtlCopyBytes( bdf, Irp->AssociatedIrp.SystemBuffer, 6 * sizeof(WORD) ); bus = (UINT8)bdf[0]; dev = (UINT8)bdf[1]; fun = (UINT8)bdf[2]; off = (UINT8)bdf[3]; RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 6*sizeof(WORD), sizeof(BYTE) ); val = ((DWORD)bdf[5] << 16) | bdf[4]; DbgPrint( "[chipsec][WRITE_PCI_CFG_REGISTER] B/D/F: %#02x/%#02x/%#02x, OFFSET: %#02x, value = %#010x (size = %#02x)\n", bus, dev, fun, off, val, size ); WritePCICfg( bus, dev, fun, off, size, val ); Status = STATUS_SUCCESS; break; } case IOCTL_READ_PHYSMEM: { UINT32 len = 0; PVOID virt_addr; PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 }; DbgPrint( "[chipsec] > IOCTL_READ_PHYSMEM\n" ); if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32)) { DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; phys_addr.HighPart = ((UINT32*)pInBuf)[0]; phys_addr.LowPart = ((UINT32*)pInBuf)[1]; len = ((UINT32*)pInBuf)[2]; if( !len ) len = 4; if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < len ) { DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: STATUS_BUFFER_TOO_SMALL\n" ); Status = STATUS_BUFFER_TOO_SMALL; break; } __try { Status = _read_phys_mem( phys_addr, len, pOutBuf ); } __except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] ERROR: exception code 0x%X\n", Status ); break; } if( NT_SUCCESS(Status) ) { DbgPrint( "[chipsec][IOCTL_READ_PHYSMEM] Contents:\n" ); _dump_buffer( (unsigned char *)pOutBuf, min(len,0x100) ); dwBytesWritten = len; } break; } case IOCTL_WRITE_PHYSMEM: { UINT32 len = 0; PVOID virt_addr = 0; PHYSICAL_ADDRESS phys_addr = { 0x0, 0x0 }; DbgPrint( "[chipsec] > IOCTL_WRITE_PHYSMEM\n" ); if( Irp->AssociatedIrp.SystemBuffer ) { pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < 3*sizeof(UINT32) ) { DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } phys_addr.HighPart = ((UINT32*)pInBuf)[0]; phys_addr.LowPart = ((UINT32*)pInBuf)[1]; len = ((UINT32*)pInBuf)[2]; ((UINT32*)pInBuf) += 3; if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < len + 3*sizeof(UINT32) ) { DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] Writing contents:\n" ); _dump_buffer( (unsigned char *)pInBuf, min(len,0x100) ); __try { Status = _write_phys_mem( phys_addr, len, pInBuf ); } __except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); DbgPrint( "[chipsec][IOCTL_WRITE_PHYSMEM] ERROR: exception code 0x%X\n", Status ); break; } break; } } case IOCTL_ALLOC_PHYSMEM: { SIZE_T NumberOfBytes = 0; PVOID va = 0; PHYSICAL_ADDRESS HighestAcceptableAddress = { 0xFFFFFFFF, 0xFFFFFFFF }; DbgPrint( "[chipsec] > IOCTL_ALLOC_PHYSMEM\n" ); pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; if( !pInBuf || IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT64) + sizeof(UINT32)) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &HighestAcceptableAddress.QuadPart, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) ); RtlCopyBytes( &NumberOfBytes, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT64), sizeof(UINT32) ); DbgPrint( "[chipsec] Allocating: NumberOfBytes = 0x%X, PhysAddr = 0x%I64x", NumberOfBytes, HighestAcceptableAddress.QuadPart ); va = MmAllocateContiguousMemory( NumberOfBytes, HighestAcceptableAddress ); if( !va ) { DbgPrint( "[chipsec] ERROR: STATUS_UNSUCCESSFUL - could not allocate memory\n" ); Status = STATUS_UNSUCCESSFUL; } else if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < 2*sizeof(UINT64) ) { DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2*UINT64\n" ); Status = STATUS_BUFFER_TOO_SMALL; } else { PHYSICAL_ADDRESS pa = MmGetPhysicalAddress( va ); DbgPrint( "[chipsec] Allocated Buffer: VirtAddr = 0x%I64x, PhysAddr = 0x%I64x\n", (UINT64)va, pa.QuadPart ); ((UINT64*)pOutBuf)[0] = (UINT64)va; ((UINT64*)pOutBuf)[1] = pa.QuadPart; IrpSp->Parameters.Read.Length = 2*sizeof(UINT64); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; } break; } case IOCTL_FREE_PHYSMEM: { UINT64 va = 0x0; pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; DbgPrint( "[chipsec] > IOCTL_FREE_PHYSMEM\n" ); if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64)) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) ); DbgPrint( "[chipsec][IOCTL_FREE_PHYSMEM] Virtual address of the memory being freed: 0x%I64X\n", va ); MmFreeContiguousMemory( (PVOID)va ); IrpSp->Parameters.Read.Length = 0; dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case IOCTL_GET_PHYSADDR: { UINT64 va = 0x0; PHYSICAL_ADDRESS pa = { 0x0, 0x0 }; pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; DbgPrint( "[chipsec] > IOCTL_GET_PHYSADDR\n" ); if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(UINT64)) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64)) { DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" ); Status = STATUS_BUFFER_TOO_SMALL; break; } RtlCopyBytes( &va, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT64) ); pa = MmGetPhysicalAddress( (PVOID)va ); DbgPrint( "[chipsec][IOCTL_GET_PHYSADDR] Traslated virtual address 0x%I64X to physical: 0x%I64X\n", va, pa.QuadPart, pa.LowPart); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&pa, sizeof(UINT64) ); IrpSp->Parameters.Read.Length = sizeof(UINT64); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case IOCTL_MAP_IO_SPACE: { PVOID va = 0x0; PHYSICAL_ADDRESS pa = { 0x0, 0x0 }; unsigned int len = 0; unsigned int cache_type = 0; pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; DbgPrint( "[chipsec] > IOCTL_MAP_IO_SPACE\n" ); if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength != 3*8) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(UINT64)) { DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" ); Status = STATUS_BUFFER_TOO_SMALL; break; } RtlCopyBytes( &pa, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x00, 0x8 ); RtlCopyBytes( &len, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x08, 0x4 ); RtlCopyBytes( &cache_type, (BYTE*)Irp->AssociatedIrp.SystemBuffer + 0x10, 0x4 ); va = MmMapIoSpace(pa, len, cache_type); DbgPrint( "[chipsec][IOCTL_MAP_IO_SPACE] Mapping physical address 0x%016llX to virtual 0x%016llX\n", pa, va); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&va, sizeof(va) ); IrpSp->Parameters.Read.Length = sizeof(va); dwBytesWritten = sizeof(va); Status = STATUS_SUCCESS; break; } case IOCTL_LOAD_UCODE_PATCH: { PVOID ucode_buf = NULL; UINT64 ucode_start = 0; UINT16 ucode_size = 0; UINT32 _eax = 0, _edx = 0; int CPUInfo[4] = {-1}; DbgPrint("[chipsec] > IOCTL_LOAD_UCODE_UPDATE\n" ); if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT16) ) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < 3)\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) ); if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0; KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() ); RtlCopyBytes( &ucode_size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT16) ); DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Ucode update size = 0x%X\n", ucode_size ); if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < ucode_size + sizeof(BYTE) + sizeof(UINT16) ) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < ucode_size + 3)\n" ); Status = STATUS_INVALID_PARAMETER; break; } ucode_buf = ExAllocatePoolWithTag( NonPagedPool, ucode_size, 0x3184 ); if( !ucode_buf ) { DbgPrint( "[chipsec] ERROR: couldn't allocate pool for ucode binary\n" ); break; } RtlCopyBytes( ucode_buf, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE) + sizeof(UINT16), ucode_size ); ucode_start = (UINT64)ucode_buf; DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update address = 0x%p (eax = 0x%08X, edx = 0x%08X)\n", ucode_start, (UINT32)(ucode_start & 0xFFFFFFFF), (UINT32)((ucode_start >> 32) & 0xFFFFFFFF) ); DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] ucode update contents:\n" ); _dump_buffer( (unsigned char *)ucode_buf, min(ucode_size,0x100) ); // -- // -- trigger CPU ucode patch update // -- pInBuf points to the beginning of ucode update binary // -- _wrmsr( MSR_IA32_BIOS_UPDT_TRIG, (UINT32)((ucode_start >> 32) & 0xFFFFFFFF), (UINT32)(ucode_start & 0xFFFFFFFF) ); ExFreePoolWithTag( ucode_buf, 0x3184 ); // -- // -- check if patch was loaded // -- // -- need to clear IA32_BIOS_SIGN_ID MSR first // -- CPUID will deposit an update ID value in 64-bit MSR at address MSR_IA32_BIOS_SIGN_ID // -- read IA32_BIOS_SIGN_ID MSR to check patch ID != 0 // -- DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] checking ucode update was loaded..\n" ); DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] clear IA32_BIOS_SIGN_ID, CPUID EAX=1, read back IA32_BIOS_SIGN_ID\n" ); _wrmsr( MSR_IA32_BIOS_SIGN_ID, 0, 0 ); __cpuid(CPUInfo, 1); _rdmsr( MSR_IA32_BIOS_SIGN_ID, &_eax, &_edx ); DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] RDMSR( IA32_BIOS_SIGN_ID=0x8b ) = 0x%08x%08x\n", _edx, _eax ); if( 0 != _edx ) DbgPrint( "[chipsec][IOCTL_LOAD_UCODE_UPDATE] Microcode update loaded (ID != 0)\n" ); else DbgPrint( "[chipsec] ERROR: Microcode update failed\n" ); Status = STATUS_SUCCESS; break; } case IOCTL_WRMSR: { UINT32 msrData[3]; UINT32 _eax = 0, _edx = 0; unsigned int _msr_addr; DbgPrint("[chipsec] > IOCTL_WRMSR\n"); pInBuf = Irp->AssociatedIrp.SystemBuffer; if( !pInBuf ) { DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: NO data provided\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + 3*sizeof(UINT32) ) { DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(BYTE) + 3*sizeof(UINT32))\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) ); if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0; KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); DbgPrint( "[chipsec][IOCTL_WRMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() ); RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), 3 * sizeof(UINT32) ); _msr_addr = msrData[0]; _eax = msrData[1]; _edx = msrData[2]; DbgPrint( "[chipsec][IOCTL_WRMSR] WRMSR( 0x%x ) <-- 0x%08x%08x\n", _msr_addr, _edx, _eax ); // -- // -- write MSR // -- __try { _wrmsr( _msr_addr, _edx, _eax ); } __except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); DbgPrint( "[chipsec][IOCTL_WRMSR] ERROR: exception code 0x%X\n", Status ); break; } // -- // -- read MSR to check if it was written // -- // _rdmsr( _msr_addr, &_eax, &_edx ); // DbgPrint( "[chipsec][IOCTL_WRMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax ); Status = STATUS_SUCCESS; break; } case IOCTL_RDMSR: { UINT32 msrData[1]; UINT32 _eax = 0; UINT32 _edx = 0; UINT32 _msr_addr = 0; DbgPrint("[chipsec] > IOCTL_RDMSR\n"); pInBuf = Irp->AssociatedIrp.SystemBuffer; pOutBuf = Irp->AssociatedIrp.SystemBuffer; if( !pInBuf ) { DbgPrint( "[chipsec] ERROR: No input provided\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(BYTE) + sizeof(UINT32) ) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER - input buffer size < sizeof(BYTE) + sizeof(UINT32)\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) ); if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0; KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); DbgPrint( "[chipsec][IOCTL_RDMSR] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() ); RtlCopyBytes( msrData, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(UINT32) ); _msr_addr = msrData[0]; __try { _rdmsr( _msr_addr, &_eax, &_edx ); } __except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); DbgPrint( "[chipsec][IOCTL_RDMSR] ERROR: exception code 0x%X\n", Status ); break; } DbgPrint( "[chipsec][IOCTL_RDMSR] RDMSR( 0x%x ) --> 0x%08x%08x\n", _msr_addr, _edx, _eax ); if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= 2*sizeof(UINT32) ) { IrpSp->Parameters.Read.Length = 2*sizeof(UINT32); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&_eax, sizeof(UINT32) ); RtlCopyBytes( ((UINT8*)Irp->AssociatedIrp.SystemBuffer) + sizeof(UINT32), (VOID*)&_edx, sizeof(UINT32) ); dwBytesWritten = 2*sizeof(UINT32); Status = STATUS_SUCCESS; } else { DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL - should be at least 2 UINT32\n" ); Status = STATUS_BUFFER_TOO_SMALL; } break; } case READ_IO_PORT: { DWORD value; BYTE size = 0; WORD io_port; DbgPrint( "[chipsec] > READ_IO_PORT\n" ); RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) ); RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(BYTE) ); if( 1 != size && 2 != size && 4 != size) { DbgPrint( "[chipsec][READ_IO_PORT] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } __try { value = ReadIOPort( io_port, size ); } __except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); DbgPrint( "[chipsec][READ_IO_PORT] ERROR: exception code 0x%X\n", Status ); break; } IrpSp->Parameters.Read.Length = size; RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (VOID*)&value, size ); DbgPrint( "[chipsec][READ_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size ); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case WRITE_IO_PORT: { DWORD value = 0; WORD io_port = 0; BYTE size = 0; DbgPrint( "[chipsec] > WRITE_IO_PORT\n" ); RtlCopyBytes( &io_port, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(WORD) ); RtlCopyBytes( &value, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD), sizeof(DWORD) ); RtlCopyBytes( &size, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(WORD) + sizeof(DWORD), sizeof(BYTE) ); DbgPrint( "[chipsec][WRITE_IO_PORT] I/O Port %#04x, value = %#010x (size = %#02x)\n", io_port, value, size ); __try { WriteIOPort( value, io_port, size ); } __except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); DbgPrint( "[chipsec][WRITE_IO_PORT] ERROR: exception code 0x%X\n", Status ); break; } Status = STATUS_SUCCESS; break; } case GET_CPU_DESCRIPTOR_TABLE: { BYTE dt_code = 0; DESCRIPTOR_TABLE_RECORD dtr; PDESCRIPTOR_TABLE_RECORD pdtr = &dtr; PHYSICAL_ADDRESS dt_pa; DbgPrint( "[chipsec] > GET_CPU_DESCRIPTOR_TABLE\n" ); RtlCopyBytes( &new_cpu_thread_id, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(BYTE) ); if( new_cpu_thread_id >= _num_active_cpus ) new_cpu_thread_id = 0; KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Changed CPU thread to %d\n", KeGetCurrentProcessorNumber() ); RtlCopyBytes( &dt_code, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(BYTE), sizeof(BYTE) ); DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table: %x\n", dt_code ); switch( dt_code ) { case CPU_DT_CODE_GDTR: { _store_gdtr( (void*)pdtr ); break; } case CPU_DT_CODE_LDTR: { _store_ldtr( (void*)pdtr ); break; } case CPU_DT_CODE_IDTR: default: { _store_idtr( (void*)pdtr ); break; } } DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table register contents:\n" ); _dump_buffer( (unsigned char *)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) ); DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] IDTR: Limit = 0x%04x, Base = 0x%I64x\n", dtr.limit, dtr.base ); dt_pa = MmGetPhysicalAddress( (PVOID)dtr.base ); DbgPrint( "[chipsec][GET_CPU_DESCRIPTOR_TABLE] Descriptor table PA: 0x%I64X (0x%08X_%08X)\n", dt_pa.QuadPart, dt_pa.HighPart, dt_pa.LowPart ); IrpSp->Parameters.Read.Length = sizeof(DESCRIPTOR_TABLE_RECORD) + sizeof(dt_pa.QuadPart); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)pdtr, sizeof(DESCRIPTOR_TABLE_RECORD) ); RtlCopyBytes( (UINT8*)Irp->AssociatedIrp.SystemBuffer + sizeof(DESCRIPTOR_TABLE_RECORD), (VOID*)&dt_pa.QuadPart, sizeof(dt_pa.QuadPart) ); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case IOCTL_SWSMI: { CPU_REG_TYPE gprs[6] = {0}; CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0; unsigned int _smi_code_data = 0; DbgPrint("[chipsec] > IOCTL_SWSMI\n"); pInBuf = Irp->AssociatedIrp.SystemBuffer; if( !pInBuf ) { DbgPrint( "[chipsec] ERROR: NO data provided\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(UINT16) + sizeof(gprs) ) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < sizeof(UINT16) + sizeof(gprs))\n" ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &_smi_code_data, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(UINT16) ); RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(UINT16), sizeof(gprs) ); _rax = gprs[ 0 ]; _rbx = gprs[ 1 ]; _rcx = gprs[ 2 ]; _rdx = gprs[ 3 ]; _rsi = gprs[ 4 ]; _rdi = gprs[ 5 ]; DbgPrint( "[chipsec][IOCTL_SWSMI] SW SMI to ports 0x%X-0x%X <- 0x%04X\n", 0xB2, 0xB3, _smi_code_data ); DbgPrint( " RAX = 0x%I64x\n", _rax ); DbgPrint( " RBX = 0x%I64x\n", _rbx ); DbgPrint( " RCX = 0x%I64x\n", _rcx ); DbgPrint( " RDX = 0x%I64x\n", _rdx ); DbgPrint( " RSI = 0x%I64x\n", _rsi ); DbgPrint( " RDI = 0x%I64x\n", _rdi ); // -- // -- send SMI using port 0xB2 // -- __try { _swsmi( _smi_code_data, _rax, _rbx, _rcx, _rdx, _rsi, _rdi ); } __except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); break; } Status = STATUS_SUCCESS; break; } case IOCTL_CPUID: { DWORD CPUInfo[4] = {-1}; DWORD gprs[2] = {0}; DWORD _rax = 0, _rcx = 0; //CPU_REG_TYPE gprs[6]; //CPU_REG_TYPE _rax = 0, _rbx = 0, _rcx = 0, _rdx = 0, _rsi = 0, _rdi = 0; DbgPrint("[chipsec] > IOCTL_CPUID\n"); pInBuf = Irp->AssociatedIrp.SystemBuffer; if( !pInBuf ) { DbgPrint( "[chipsec] ERROR: NO data provided\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < sizeof(gprs) ) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER (input buffer size < %d)\n", sizeof(gprs) ); Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( gprs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(gprs) ); _rax = gprs[ 0 ]; _rcx = gprs[ 1 ]; DbgPrint( "[chipsec][IOCTL_CPUID] CPUID:\n" ); DbgPrint( " EAX = 0x%08X\n", _rax ); DbgPrint( " ECX = 0x%08X\n", _rcx ); __cpuidex( CPUInfo, _rax, _rcx ); DbgPrint( "[chipsec][IOCTL_CPUID] CPUID returned:\n" ); DbgPrint( " EAX = 0x%08X\n", CPUInfo[0] ); DbgPrint( " EBX = 0x%08X\n", CPUInfo[1] ); DbgPrint( " ECX = 0x%08X\n", CPUInfo[2] ); DbgPrint( " EDX = 0x%08X\n", CPUInfo[3] ); IrpSp->Parameters.Read.Length = sizeof(CPUInfo); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)CPUInfo, sizeof(CPUInfo) ); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } case IOCTL_WRCR: { UINT64 val64 = 0; CPU_REG_TYPE value = 0; WORD cr_reg = 0; DbgPrint( "[chipsec] > WRITE_CR\n" ); if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg) + sizeof(val64) + sizeof(BYTE))) { Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) ); RtlCopyBytes( &val64, (BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg), sizeof(val64) ); new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg) + sizeof(val64)); if( new_cpu_thread_id >= _num_active_cpus ) { // new_cpu_thread_id = 0; Status = STATUS_INVALID_PARAMETER; break; } KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); value = (CPU_REG_TYPE)val64; DbgPrint( "[chipsec][WRITE_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value ); switch (cr_reg) { case 0: WriteCR0(value); Status = STATUS_SUCCESS; break; case 2: WriteCR2(value); Status = STATUS_SUCCESS; break; case 3: WriteCR3(value); Status = STATUS_SUCCESS; break; case 4: WriteCR4(value); Status = STATUS_SUCCESS; break; case 8: #if defined(_M_AMD64) WriteCR8(value); Status = STATUS_SUCCESS; break; #endif default: Status = STATUS_INVALID_PARAMETER; break; } if( !NT_SUCCESS(Status) ) { break; } dwBytesWritten = 0; Status = STATUS_SUCCESS; break; } case IOCTL_RDCR: { UINT64 val64 = 0; CPU_REG_TYPE value = 0; WORD cr_reg = 0; DbgPrint( "[chipsec] > READ_CR\n" ); if( IrpSp->Parameters.DeviceIoControl.InputBufferLength < (sizeof(cr_reg)+sizeof(BYTE)) || IrpSp->Parameters.DeviceIoControl.OutputBufferLength < (sizeof(val64)) ) { Status = STATUS_INVALID_PARAMETER; break; } RtlCopyBytes( &cr_reg, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(cr_reg) ); new_cpu_thread_id = *((BYTE*)Irp->AssociatedIrp.SystemBuffer + sizeof(cr_reg)); if( new_cpu_thread_id >= _num_active_cpus ) { // new_cpu_thread_id = 0; Status = STATUS_INVALID_PARAMETER; break; } KeSetSystemAffinityThread( (KAFFINITY)(1 << new_cpu_thread_id) ); switch (cr_reg) { case 0: value = ReadCR0(); Status = STATUS_SUCCESS; break; case 2: value = ReadCR2(); Status = STATUS_SUCCESS; break; case 3: value = ReadCR3(); Status = STATUS_SUCCESS; break; case 4: value = ReadCR4(); Status = STATUS_SUCCESS; break; case 8: #if defined(_M_AMD64) value = ReadCR8(); Status = STATUS_SUCCESS; break; #endif default: Status = STATUS_INVALID_PARAMETER; break; } if( !NT_SUCCESS(Status) ) { break; } val64 = value; RtlCopyBytes( (BYTE*)Irp->AssociatedIrp.SystemBuffer, &val64, sizeof(val64) ); dwBytesWritten = sizeof(val64); DbgPrint( "[chipsec][READ_CR] CR Reg %#04x, value = %#010x \n", cr_reg, value ); Status = STATUS_SUCCESS; break; } case IOCTL_HYPERCALL: { CPU_REG_TYPE regs[11] = {0}; CPU_REG_TYPE result = 0; DbgPrint("[chipsec] > IOCTL_HYPERCALL\n"); pInBuf = Irp->AssociatedIrp.SystemBuffer; if( !Irp->AssociatedIrp.SystemBuffer || IrpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof(regs)) { DbgPrint( "[chipsec] ERROR: STATUS_INVALID_PARAMETER\n" ); Status = STATUS_INVALID_PARAMETER; break; } if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(result)) { DbgPrint( "[chipsec] ERROR: STATUS_BUFFER_TOO_SMALL\n" ); Status = STATUS_BUFFER_TOO_SMALL; break; } RtlCopyBytes( regs, (BYTE*)Irp->AssociatedIrp.SystemBuffer, sizeof(regs) ); DbgPrint( "[chipsec][IOCTL_HYPERCALL] HYPERCALL:\n" ); #if defined(_M_AMD64) DbgPrint( " RCX = 0x%016llX RDX = 0x%016llX\n", regs[0], regs[1] ); DbgPrint( " R8 = 0x%016llX R9 = 0x%016llX\n", regs[2], regs[3] ); DbgPrint( " R10 = 0x%016llX R11 = 0x%016llX\n", regs[4], regs[5] ); DbgPrint( " RAX = 0x%016llX RBX = 0x%016llX\n", regs[6], regs[7] ); DbgPrint( " RDI = 0x%016llX RSI = 0x%016llX\n", regs[8], regs[9] ); #endif #if defined(_M_IX86) DbgPrint( " EAX = 0x%08X EBX = 0x%08X ECX = 0x%08X\n", regs[6], regs[7], regs[0] ); DbgPrint( " EDX = 0x%08X ESI = 0x%08X EDI = 0x%08X\n", regs[1], regs[8], regs[9] ); #endif DbgPrint( " XMM0-XMM5 buffer VA = 0x%016llX\n", regs[9] ); __try { result = hypercall(regs[0], regs[1], regs[2], regs[3], regs[4], regs[5], regs[6], regs[7], regs[8], regs[9], regs[10], &hypercall_page); } __except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); DbgPrint( "[chipsec][IOCTL_HYPERCALL] ERROR: exception code 0x%X\n", Status ); break; } DbgPrint( "[chipsec][IOCTL_HYPERCALL] returned: 0x%016llX\n", result); IrpSp->Parameters.Read.Length = sizeof(result); RtlCopyBytes( Irp->AssociatedIrp.SystemBuffer, (void*)&result, sizeof(result) ); dwBytesWritten = IrpSp->Parameters.Read.Length; Status = STATUS_SUCCESS; break; } default: DbgPrint( "[chipsec] ERROR: invalid IOCTL\n"); Status = STATUS_NOT_IMPLEMENTED; break; } // -- switch
static NTSTATUS NTAPI ConfigCallback(PVOID Context, PUNICODE_STRING PathName, INTERFACE_TYPE BusType, ULONG BusNumber, PKEY_VALUE_FULL_INFORMATION *BusInformation, CONFIGURATION_TYPE ControllerType, ULONG ControllerNumber, PKEY_VALUE_FULL_INFORMATION *ControllerInformation, CONFIGURATION_TYPE PeripheralType, ULONG PeripheralNumber, PKEY_VALUE_FULL_INFORMATION *PeripheralInformation) /* * FUNCTION: Callback to IoQueryDeviceDescription, which tells us about our controllers * ARGUMENTS: * Context: Unused * PathName: Unused * BusType: Type of the bus that our controller is on * BusNumber: Number of the bus that our controller is on * BusInformation: Unused * ControllerType: Unused * ControllerNumber: Number of the controller that we're adding * ControllerInformation: Full configuration information for our controller * PeripheralType: Unused * PeripheralNumber: Unused * PeripheralInformation: Full configuration information for each drive on our controller * RETURNS: * STATUS_SUCCESS in all cases * NOTES: * - The only documentation I've found about the contents of these structures is * from the various Microsoft floppy samples and from the DDK headers. They're * very vague, though, so I'm only mostly sure that this stuff is correct, as * the MS samples do things completely differently than I have done them. Seems * to work in my VMWare, though. * - Basically, the function gets all of the information (port, dma, irq) about the * controller, and then loops through all of the drives presented in PeripheralInformation. * - Each controller has a CONTROLLER_INFO created for it, and each drive has a DRIVE_INFO. * - Device objects are created for each drive (not controller), as that's the targeted * device in the eyes of the rest of the OS. Each DRIVE_INFO points to a single CONTROLLER_INFO. * - We only support up to four controllers in the whole system, each of which supports up to four * drives. */ { PKEY_VALUE_FULL_INFORMATION ControllerFullDescriptor = ControllerInformation[IoQueryDeviceConfigurationData]; PCM_FULL_RESOURCE_DESCRIPTOR ControllerResourceDescriptor = (PCM_FULL_RESOURCE_DESCRIPTOR)((PCHAR)ControllerFullDescriptor + ControllerFullDescriptor->DataOffset); PKEY_VALUE_FULL_INFORMATION PeripheralFullDescriptor = PeripheralInformation[IoQueryDeviceConfigurationData]; PCM_FULL_RESOURCE_DESCRIPTOR PeripheralResourceDescriptor = (PCM_FULL_RESOURCE_DESCRIPTOR)((PCHAR)PeripheralFullDescriptor + PeripheralFullDescriptor->DataOffset); PCM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptor; PCM_FLOPPY_DEVICE_DATA FloppyDeviceData; UCHAR i; PAGED_CODE(); UNREFERENCED_PARAMETER(PeripheralType); UNREFERENCED_PARAMETER(PeripheralNumber); UNREFERENCED_PARAMETER(BusInformation); UNREFERENCED_PARAMETER(Context); UNREFERENCED_PARAMETER(ControllerType); UNREFERENCED_PARAMETER(PathName); TRACE_(FLOPPY, "ConfigCallback called with ControllerNumber %d\n", ControllerNumber); gControllerInfo[gNumberOfControllers].ControllerNumber = ControllerNumber; gControllerInfo[gNumberOfControllers].InterfaceType = BusType; gControllerInfo[gNumberOfControllers].BusNumber = BusNumber; /* Get controller interrupt level/vector, dma channel, and port base */ for(i = 0; i < ControllerResourceDescriptor->PartialResourceList.Count; i++) { KeInitializeEvent(&gControllerInfo[gNumberOfControllers].SynchEvent, NotificationEvent, FALSE); PartialDescriptor = &ControllerResourceDescriptor->PartialResourceList.PartialDescriptors[i]; if(PartialDescriptor->Type == CmResourceTypeInterrupt) { gControllerInfo[gNumberOfControllers].Level = PartialDescriptor->u.Interrupt.Level; gControllerInfo[gNumberOfControllers].Vector = PartialDescriptor->u.Interrupt.Vector; if(PartialDescriptor->Flags & CM_RESOURCE_INTERRUPT_LATCHED) gControllerInfo[gNumberOfControllers].InterruptMode = Latched; else gControllerInfo[gNumberOfControllers].InterruptMode = LevelSensitive; } else if(PartialDescriptor->Type == CmResourceTypePort) { PHYSICAL_ADDRESS TranslatedAddress; ULONG AddressSpace = 0x1; /* I/O Port Range */ if(!HalTranslateBusAddress(BusType, BusNumber, PartialDescriptor->u.Port.Start, &AddressSpace, &TranslatedAddress)) { WARN_(FLOPPY, "HalTranslateBusAddress failed; returning\n"); return STATUS_IO_DEVICE_ERROR; } if(AddressSpace == 0) gControllerInfo[gNumberOfControllers].BaseAddress = MmMapIoSpace(TranslatedAddress, FDC_PORT_BYTES, MmNonCached); else gControllerInfo[gNumberOfControllers].BaseAddress = (PUCHAR)(ULONG_PTR)TranslatedAddress.QuadPart; } else if(PartialDescriptor->Type == CmResourceTypeDma) gControllerInfo[gNumberOfControllers].Dma = PartialDescriptor->u.Dma.Channel; } /* Start with 0 drives, then go looking */ gControllerInfo[gNumberOfControllers].NumberOfDrives = 0; /* learn about drives attached to controller */ for(i = 0; i < PeripheralResourceDescriptor->PartialResourceList.Count; i++) { PDRIVE_INFO DriveInfo = &gControllerInfo[gNumberOfControllers].DriveInfo[i]; PartialDescriptor = &PeripheralResourceDescriptor->PartialResourceList.PartialDescriptors[i]; if(PartialDescriptor->Type != CmResourceTypeDeviceSpecific) continue; FloppyDeviceData = (PCM_FLOPPY_DEVICE_DATA)(PartialDescriptor + 1); DriveInfo->ControllerInfo = &gControllerInfo[gNumberOfControllers]; DriveInfo->UnitNumber = i; DriveInfo->FloppyDeviceData.MaxDensity = FloppyDeviceData->MaxDensity; DriveInfo->FloppyDeviceData.MountDensity = FloppyDeviceData->MountDensity; DriveInfo->FloppyDeviceData.StepRateHeadUnloadTime = FloppyDeviceData->StepRateHeadUnloadTime; DriveInfo->FloppyDeviceData.HeadLoadTime = FloppyDeviceData->HeadLoadTime; DriveInfo->FloppyDeviceData.MotorOffTime = FloppyDeviceData->MotorOffTime; DriveInfo->FloppyDeviceData.SectorLengthCode = FloppyDeviceData->SectorLengthCode; DriveInfo->FloppyDeviceData.SectorPerTrack = FloppyDeviceData->SectorPerTrack; DriveInfo->FloppyDeviceData.ReadWriteGapLength = FloppyDeviceData->ReadWriteGapLength; DriveInfo->FloppyDeviceData.FormatGapLength = FloppyDeviceData->FormatGapLength; DriveInfo->FloppyDeviceData.FormatFillCharacter = FloppyDeviceData->FormatFillCharacter; DriveInfo->FloppyDeviceData.HeadSettleTime = FloppyDeviceData->HeadSettleTime; DriveInfo->FloppyDeviceData.MotorSettleTime = FloppyDeviceData->MotorSettleTime; DriveInfo->FloppyDeviceData.MaximumTrackValue = FloppyDeviceData->MaximumTrackValue; DriveInfo->FloppyDeviceData.DataTransferLength = FloppyDeviceData->DataTransferLength; /* Once it's all set up, acknowledge its existance in the controller info object */ gControllerInfo[gNumberOfControllers].NumberOfDrives++; } gControllerInfo[gNumberOfControllers].Populated = TRUE; gNumberOfControllers++; return STATUS_SUCCESS; }
void DispDrvrInitialize(void) { PHYSICAL_ADDRESS ioPhysicalBase = {0,0}; ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_SROMCON; g_pSROMReg = (volatile S3C6410_SROMCON_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_SROMCON_REG), FALSE); if (NULL == g_pSROMReg) { MYERR((_T("[S1D13521_ERR] pSROMregs = MmMapIoSpace()\r\n"))); return; } g_pSROMReg->SROM_BW = (g_pSROMReg->SROM_BW & ~(0xF<<16)) | (0<<19) | // nWBE/nBE(for UB/LB) control for Memory Bank1(0=Not using UB/LB, 1=Using UB/LB) (0<<18) | // Wait enable control for Memory Bank1 (0=WAIT disable, 1=WAIT enable) (1<<16); // Data bus width control for Memory Bank1 (0=8-bit, 1=16-bit) g_pSROMReg->SROM_BC4 = (0x7<<28) | // Tacs (0x7<<24) | // Tcos (0xF<<16) | // Tacc (0x7<<12) | // Tcoh (0x7<< 8) | // Tah (0x7<< 4) | // Tacp (0x0<< 0); // PMC ioPhysicalBase.LowPart = S3C6410_BASE_REG_PA_GPIO; g_pGPIOPReg = (volatile S3C6410_GPIO_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S3C6410_GPIO_REG), FALSE); if (NULL == g_pGPIOPReg) { MYERR((_T("[S1D13521_ERR] g_pGPIOPReg = MmMapIoSpace()\r\n"))); return; } // GPN[8] : EPD_HRDY(8) g_pGPIOPReg->GPNCON = (g_pGPIOPReg->GPNCON & ~(0x3<<16)) | (0x0<<16); // input mode g_pGPIOPReg->GPNPUD = (g_pGPIOPReg->GPNPUD & ~(0x3<<16)) | (0x0<<16); // pull-up/down disable ioPhysicalBase.LowPart = S1D13521_BASE_PA; g_pS1D13521Reg = (volatile S1D13521_REG *)MmMapIoSpace(ioPhysicalBase, sizeof(S1D13521_REG), FALSE); if (NULL == g_pS1D13521Reg) { MYERR((_T("[S1D13521_ERR] g_pS1D13521Reg != MmMapIoSpace()\r\n"))); return; } for (int i=0, j=0, v=0; i<DispDrvr_palSize; i++) { #if (LCD_BPP == 4) v = i * 0x11; #elif (LCD_BPP == 8) v = i; #endif DispDrvr_palette[i].rgbRed = DispDrvr_palette[i].rgbGreen = DispDrvr_palette[i].rgbBlue = v; DispDrvr_palette[i].rgbReserved = 0; } InitializeCriticalSection(&g_CS); g_hDirtyRect = DirtyRect_Init(workDirtyRect); S1d13521Initialize((void *)g_pS1D13521Reg, (void *)g_pGPIOPReg); MSGQUEUEOPTIONS msgopts; memset(&msgopts, 0, sizeof(msgopts)); msgopts.dwSize = sizeof(msgopts); msgopts.dwFlags = 0; //MSGQUEUE_ALLOW_BROKEN; msgopts.dwMaxMessages = 0; // no max number of messages msgopts.cbMaxMessage = sizeof(DIRTYRECTINFO); // max size of each msg msgopts.bReadAccess = FALSE; g_hMQ = CreateMsgQueue(MSGQUEUE_NAME, &msgopts); MYMSG((_T("[S1D13521_MSG] CreateMsgQueue(Write) == 0x%X\r\n"), g_hMQ)); }