From f86777a8565106fb2b37237e8189d6e54f17f009 Mon Sep 17 00:00:00 2001 From: Alex Date: Tue, 6 Dec 2022 09:30:09 +0200 Subject: [PATCH] KPT global variable --- .../amd64/cpu/InterruptDescriptorTable.cpp | 36 +++++- Core/Crash/CrashDetails.cpp | 107 +++++++++++++++++- Core/Memory/Memory.cpp | 6 +- include/memory.hpp | 2 + 4 files changed, 145 insertions(+), 6 deletions(-) diff --git a/Architecture/amd64/cpu/InterruptDescriptorTable.cpp b/Architecture/amd64/cpu/InterruptDescriptorTable.cpp index a562f32..7acdf67 100644 --- a/Architecture/amd64/cpu/InterruptDescriptorTable.cpp +++ b/Architecture/amd64/cpu/InterruptDescriptorTable.cpp @@ -1,5 +1,6 @@ #include "idt.hpp" +#include #include #include #include @@ -98,8 +99,20 @@ namespace InterruptDescriptorTable extern "C" void WarnSwapgs() { warn("swapgs"); } + // void *OriginalCR3; extern "C" __attribute__((naked, used, no_stack_protector)) void InterruptHandlerStub() { + // // Store cr3 to OriginalCR3 + // asmv("mov %%cr3, %0" + // : "=q"(OriginalCR3) + // : + // : "memory"); + // // Set cr3 to KPT (Kernel Page Table) + // asmv("mov %0, %%cr3" + // : + // : "q"(KPT) + // : "memory"); + asm( // "cmp $0x1000, %rsp\n" // "jng .skip_swap_check__1\n" @@ -127,9 +140,28 @@ namespace InterruptDescriptorTable "pushq %r15\n" "movq %rsp, %rdi\n" - "call MainInterruptHandler\n" + "call MainInterruptHandler\n"); - "popq %r15\n" + // // Check if the current cr3 is the same as the KPT + // // If not, then we need to restore the cr3 + // asmv("pushq %rax\n" // push rax + // "pushq %rbx\n" // push rbx + // "movq %cr3, %rbx\n"); // mov cr3 to rbx + // asmv("movq %0, %%rax\n" // mov KPT to rax + // : + // : "q"(KPT) + // : "memory"); + // asmv("cmpq %rax, %rbx\n" // compare cr3 to rax + // "jne .skip_restore_cr3\n"); // if not equal, skip restore cr3 + // asmv("movq %0, %%cr3\n" // restore cr3 + // : + // : "q"(OriginalCR3) + // : "memory"); + // asm(".skip_restore_cr3:\n" // skip restore cr3 label + // "popq %rax\n" // KPT + // "popq %rbx\n"); // cr3 + + asm("popq %r15\n" "popq %r14\n" "popq %r13\n" "popq %r12\n" diff --git a/Core/Crash/CrashDetails.cpp b/Core/Crash/CrashDetails.cpp index 16ea021..338cb12 100644 --- a/Core/Crash/CrashDetails.cpp +++ b/Core/Crash/CrashDetails.cpp @@ -15,7 +15,7 @@ #include "../../kernel.h" -static const char *PagefaultDescriptions[8] = { +static const char *PageFaultDescriptions[8] = { "Supervisory process tried to read a non-present page entry\n", "Supervisory process tried to read a page and caused a protection fault\n", "Supervisory process tried to write to a non-present page entry\n", @@ -118,7 +118,110 @@ SafeFunction void PageFaultExceptionHandler(CHArchTrapFrame *Frame) if (Frame->ErrorCode & 0x00000008) CrashHandler::EHPrint("One or more page directory entries contain reserved bits which are set to 1.\n"); else - CrashHandler::EHPrint(PagefaultDescriptions[Frame->ErrorCode & 0b111]); + CrashHandler::EHPrint(PageFaultDescriptions[Frame->ErrorCode & 0b111]); + +#ifdef DEBUG + uint64_t CheckPageFaultAddress = 0; + CheckPageFaultAddress = CPU::x64::readcr2().PFLA; + if (CheckPageFaultAddress == 0) + CheckPageFaultAddress = Frame->rip; + + Memory::Virtual vma = Memory::Virtual(((Memory::PageTable4 *)CPU::x64::readcr3().raw)); + bool PageAvailable = vma.Check((void *)CheckPageFaultAddress); + debug("Page available (Check(...)): %s. %s", + PageAvailable ? "Yes" : "No", + (params.P && !PageAvailable) ? "CR2 == Present; Check() != Present??????" : "CR2 confirms Check() result."); + + if (PageAvailable) + { + bool Present = vma.Check((void *)CheckPageFaultAddress); + bool ReadWrite = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::RW); + bool User = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::US); + bool WriteThrough = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::PWT); + bool CacheDisabled = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::PCD); + bool Accessed = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::A); + bool Dirty = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::D); + bool Global = vma.Check((void *)CheckPageFaultAddress, Memory::PTFlag::G); + /* ... */ + + debug("Page available: %s", Present ? "Yes" : "No"); + debug("Page read/write: %s", ReadWrite ? "Yes" : "No"); + debug("Page user/kernel: %s", User ? "User" : "Kernel"); + debug("Page write-through: %s", WriteThrough ? "Yes" : "No"); + debug("Page cache disabled: %s", CacheDisabled ? "Yes" : "No"); + debug("Page accessed: %s", Accessed ? "Yes" : "No"); + debug("Page dirty: %s", Dirty ? "Yes" : "No"); + debug("Page global: %s", Global ? "Yes" : "No"); + + if (Present) + { + uint64_t CheckPageFaultLinearAddress = (uint64_t)CheckPageFaultAddress; + CheckPageFaultLinearAddress &= 0xFFFFFFFFFFFFF000; + debug("%#lx -> %#lx", CheckPageFaultAddress, CheckPageFaultLinearAddress); + + Memory::Virtual::PageMapIndexer Index = Memory::Virtual::PageMapIndexer((uint64_t)CheckPageFaultLinearAddress); + debug("Index for %#lx is PML:%d PDPTE:%d PDE:%d PTE:%d", + CheckPageFaultLinearAddress, + Index.PMLIndex, + Index.PDPTEIndex, + Index.PDEIndex, + Index.PTEIndex); + Memory::PageMapLevel4 PML4 = ((Memory::PageTable4 *)CPU::x64::readcr3().raw)->Entries[Index.PMLIndex]; + + Memory::PageDirectoryPointerTableEntryPtr *PDPTE = (Memory::PageDirectoryPointerTableEntryPtr *)((uint64_t)PML4.GetAddress() << 12); + Memory::PageDirectoryEntryPtr *PDE = (Memory::PageDirectoryEntryPtr *)((uint64_t)PDPTE->Entries[Index.PDPTEIndex].GetAddress() << 12); + Memory::PageTableEntryPtr *PTE = (Memory::PageTableEntryPtr *)((uint64_t)PDE->Entries[Index.PDEIndex].GetAddress() << 12); + + debug("# %03d-%03d-%03d-%03d: P:%s RW:%s US:%s PWT:%s PCB:%s A:%s NX:%s Address:%#lx", + Index.PMLIndex, 0, 0, 0, + PML4.Present ? "1" : "0", + PML4.ReadWrite ? "1" : "0", + PML4.UserSupervisor ? "1" : "0", + PML4.WriteThrough ? "1" : "0", + PML4.CacheDisable ? "1" : "0", + PML4.Accessed ? "1" : "0", + PML4.ExecuteDisable ? "1" : "0", + PML4.GetAddress() << 12); + + debug("# %03d-%03d-%03d-%03d: P:%s RW:%s US:%s PWT:%s PCB:%s A:%s NX:%s Address:%#lx", + Index.PMLIndex, Index.PDPTEIndex, 0, 0, + PDPTE->Entries[Index.PDPTEIndex].Present ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].ReadWrite ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].UserSupervisor ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].WriteThrough ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].CacheDisable ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].Accessed ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].ExecuteDisable ? "1" : "0", + PDPTE->Entries[Index.PDPTEIndex].GetAddress() << 12); + + debug("# %03d-%03d-%03d-%03d: P:%s RW:%s US:%s PWT:%s PCB:%s A:%s NX:%s Address:%#lx", + Index.PMLIndex, Index.PDPTEIndex, Index.PDEIndex, 0, + PDE->Entries[Index.PDEIndex].Present ? "1" : "0", + PDE->Entries[Index.PDEIndex].ReadWrite ? "1" : "0", + PDE->Entries[Index.PDEIndex].UserSupervisor ? "1" : "0", + PDE->Entries[Index.PDEIndex].WriteThrough ? "1" : "0", + PDE->Entries[Index.PDEIndex].CacheDisable ? "1" : "0", + PDE->Entries[Index.PDEIndex].Accessed ? "1" : "0", + PDE->Entries[Index.PDEIndex].ExecuteDisable ? "1" : "0", + PDE->Entries[Index.PDEIndex].GetAddress() << 12); + + debug("# %03d-%03d-%03d-%03d: P:%s RW:%s US:%s PWT:%s PCB:%s A:%s D:%s PAT:%s G:%s PK:%d NX:%s Address:%#lx", + Index.PMLIndex, Index.PDPTEIndex, Index.PDEIndex, Index.PTEIndex, + PTE->Entries[Index.PTEIndex].Present ? "1" : "0", + PTE->Entries[Index.PTEIndex].ReadWrite ? "1" : "0", + PTE->Entries[Index.PTEIndex].UserSupervisor ? "1" : "0", + PTE->Entries[Index.PTEIndex].WriteThrough ? "1" : "0", + PTE->Entries[Index.PTEIndex].CacheDisable ? "1" : "0", + PTE->Entries[Index.PTEIndex].Accessed ? "1" : "0", + PTE->Entries[Index.PTEIndex].Dirty ? "1" : "0", + PTE->Entries[Index.PTEIndex].PageAttributeTable ? "1" : "0", + PTE->Entries[Index.PTEIndex].Global ? "1" : "0", + PTE->Entries[Index.PTEIndex].ProtectionKey, + PTE->Entries[Index.PTEIndex].ExecuteDisable ? "1" : "0", + PTE->Entries[Index.PTEIndex].GetAddress() << 12); + } + } +#endif } SafeFunction void x87FloatingPointExceptionHandler(CHArchTrapFrame *Frame) { fixme("x87 floating point exception"); } SafeFunction void AlignmentCheckExceptionHandler(CHArchTrapFrame *Frame) { fixme("Alignment check exception"); } diff --git a/Core/Memory/Memory.cpp b/Core/Memory/Memory.cpp index 9e2263a..fb2d90a 100644 --- a/Core/Memory/Memory.cpp +++ b/Core/Memory/Memory.cpp @@ -11,6 +11,7 @@ using namespace Memory; Physical KernelAllocator; PageTable4 *KernelPageTable = nullptr; PageTable4 *UserspaceKernelOnlyPageTable = nullptr; +void *KPT = nullptr; static MemoryAllocatorType AllocatorType = MemoryAllocatorType::None; Xalloc::AllocatorV1 *XallocV1Allocator = nullptr; @@ -212,11 +213,12 @@ __no_instrument_function void InitializeMemoryManagement(BootInfo *Info) tracepagetable(KernelPageTable); debug("Userspace:"); tracepagetable(UserspaceKernelOnlyPageTable); + KPT = KernelPageTable; #endif #if defined(__amd64__) || defined(__i386__) - asmv("mov %0, %%cr3" ::"r"(KernelPageTable)); + asmv("mov %0, %%cr3" ::"r"(KPT)); #elif defined(__aarch64__) - asmv("msr ttbr0_el1, %0" ::"r"(KernelPageTable)); + asmv("msr ttbr0_el1, %0" ::"r"(KPT)); #endif debug("Page table updated."); if (strstr(Info->Kernel.CommandLine, "xallocv1")) diff --git a/include/memory.hpp b/include/memory.hpp index 88ba1f8..0ad4578 100644 --- a/include/memory.hpp +++ b/include/memory.hpp @@ -655,6 +655,8 @@ extern Memory::PageTable4 *UserspaceKernelOnlyPageTable; #endif // __cplusplus +extern void *KPT; + EXTERNC void *HeapMalloc(uint64_t Size); EXTERNC void *HeapCalloc(uint64_t n, uint64_t Size); EXTERNC void *HeapRealloc(void *Address, uint64_t Size);