Bitdefender Hypervisor Memory Introspection
hook_xcr.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #include "hook_xcr.h"
6 #include "callbacks.h"
7 #include "guests.h"
8 
9 
10 INTSTATUS
11 IntHookXcrSetHook(
12  _In_ DWORD Xcr,
13  _In_ DWORD Flags,
14  _In_ PFUNC_XcrWriteHookCallback Callback,
15  _In_opt_ void *Context,
16  _Out_opt_ HOOK_XCR **Hook
17  )
34 {
35  if (NULL == Callback)
36  {
37  return INT_STATUS_INVALID_PARAMETER_3;
38  }
39 
40  if (NULL != Hook)
41  {
42  *Hook = NULL;
43  }
44 
45  HOOK_XCR *pHook = HpAllocWithTag(sizeof(*pHook), IC_TAG_XCRH);
46  if (NULL == pHook)
47  {
48  return INT_STATUS_INSUFFICIENT_RESOURCES;
49  }
50 
51  pHook->Callback = Callback;
52  pHook->Context = Context;
53  pHook->Disabled = FALSE;
54  pHook->Flags = Flags;
55  pHook->Xcr = Xcr;
56 
57  if (0 == gGuest.XcrHooks->HooksCount++)
58  {
59  INTSTATUS status = IntEnableXcrNotifications();
60  if (!INT_SUCCESS(status))
61  {
62  HpFreeAndNullWithTag(&pHook, IC_TAG_XCRH);
63  return status;
64  }
65  }
66 
67  InsertTailList(&gGuest.XcrHooks->XcrHooksList, &pHook->Link);
68 
69  if (NULL != Hook)
70  {
71  *Hook = pHook;
72  }
73 
74  return INT_STATUS_SUCCESS;
75 }
76 
77 
78 static INTSTATUS
79 IntHookXcrDeleteHook(
80  _In_ HOOK_XCR *Hook
81  )
92 {
93  if (!Hook->Disabled)
94  {
95  return INT_STATUS_INVALID_PARAMETER_1;
96  }
97 
98  HpFreeAndNullWithTag(&Hook, IC_TAG_XCRH);
99 
100  if (0 >= --gGuest.XcrHooks->HooksCount)
101  {
102  return IntDisableXcrNotifications();
103  }
104 
105  return INT_STATUS_SUCCESS;
106 }
107 
108 
109 INTSTATUS
110 IntHookXcrRemoveHook(
111  _In_ HOOK_XCR *Hook
112  )
125 {
126  if (NULL == Hook)
127  {
128  return INT_STATUS_INVALID_PARAMETER_1;
129  }
130 
131  Hook->Disabled = TRUE;
132 
133  // If we're not handling an XCR violation right now than we can safely delete the XCR hook.
134  if (CPU_STATE_XCR_WRITE != gVcpu->State)
135  {
136  RemoveEntryList(&Hook->Link);
137 
138  INTSTATUS status = IntHookXcrDeleteHook(Hook);
139  if (!INT_SUCCESS(status))
140  {
141  ERROR("[ERROR] IntHookXcrDeleteHook failed: 0x%08x\n", status);
142  }
143  }
144 
145  return INT_STATUS_SUCCESS;
146 }
147 
148 
149 static void
150 IntHookXcrRemoveAllHooks(
151  void
152  )
156 {
157  list_for_each(gGuest.XcrHooks->XcrHooksList, HOOK_XCR, pHook)
158  {
159  INTSTATUS status = IntHookXcrRemoveHook(pHook);
160  if (!INT_SUCCESS(status))
161  {
162  ERROR("[ERROR] IntHookXcrRemoveHook failed: 0x%08x\n", status);
163  }
164  }
165 }
166 
167 
168 INTSTATUS
169 IntHookXcrCommit(
170  void
171  )
180 {
181  INTSTATUS status = INT_STATUS_SUCCESS;
182 
183  if (NULL == gGuest.XcrHooks)
184  {
185  return INT_STATUS_NOT_INITIALIZED;
186  }
187 
188  list_for_each(gGuest.XcrHooks->XcrHooksList, HOOK_XCR, pHook)
189  {
190  if (pHook->Disabled)
191  {
192  RemoveEntryList(&pHook->Link);
193 
194  status = IntHookXcrDeleteHook(pHook);
195  if (!INT_SUCCESS(status))
196  {
197  ERROR("[ERROR] IntHookXcrDeleteHook failed: 0x%08x\n", status);
198  }
199  }
200  }
201 
202  return status;
203 }
204 
205 
206 INTSTATUS
207 IntHookXcrInit(
208  void
209  )
216 {
217  gGuest.XcrHooks = HpAllocWithTag(sizeof(*gGuest.XcrHooks), IC_TAG_XCRS);
218  if (NULL == gGuest.XcrHooks)
219  {
220  return INT_STATUS_INSUFFICIENT_RESOURCES;
221  }
222 
223  InitializeListHead(&gGuest.XcrHooks->XcrHooksList);
224 
225  return INT_STATUS_SUCCESS;
226 }
227 
228 
229 INTSTATUS
230 IntHookXcrUninit(
231  void
232  )
239 {
240  if (NULL == gGuest.XcrHooks)
241  {
242  return INT_STATUS_NOT_INITIALIZED_HINT;
243  }
244 
245  IntHookXcrRemoveAllHooks();
246 
247  HpFreeAndNullWithTag(&gGuest.XcrHooks, IC_TAG_XCRS);
248 
249  return INT_STATUS_SUCCESS;
250 }
_In_opt_
#define _In_opt_
Definition: intro_sal.h:16
IntHookXcrRemoveHook
INTSTATUS IntHookXcrRemoveHook(HOOK_XCR *Hook)
Remove an extended control register hook.
Definition: hook_xcr.c:110
_In_
#define _In_
Definition: intro_sal.h:21
INT_STATUS_SUCCESS
#define INT_STATUS_SUCCESS
Definition: introstatus.h:54
IC_TAG_XCRH
#define IC_TAG_XCRH
XCR hook.
Definition: memtags.h:67
INT_SUCCESS
#define INT_SUCCESS(Status)
Definition: introstatus.h:42
ERROR
#define ERROR(fmt,...)
Definition: glue.h:62
IntHookXcrCommit
INTSTATUS IntHookXcrCommit(void)
Commit the extended control register hooks.
Definition: hook_xcr.c:169
HpAllocWithTag
#define HpAllocWithTag(Len, Tag)
Definition: glue.h:516
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
_HOOK_XCR::Flags
DWORD Flags
Flags. Can be used by the caller.
Definition: hook_xcr.h:42
_HOOK_XCR::Disabled
BOOLEAN Disabled
If true, the hook has been removed/disabled.
Definition: hook_xcr.h:44
_Out_opt_
#define _Out_opt_
Definition: intro_sal.h:30
IntHookXcrUninit
INTSTATUS IntHookXcrUninit(void)
Uninit the extended control register hooks state.
Definition: hook_xcr.c:230
INT_STATUS_NOT_INITIALIZED
#define INT_STATUS_NOT_INITIALIZED
Definition: introstatus.h:266
RemoveEntryList
static BOOLEAN RemoveEntryList(LIST_ENTRY *Entry)
Definition: introlists.h:87
_GUEST_STATE::XcrHooks
XCR_HOOK_STATE * XcrHooks
XCR hook state.
Definition: guests.h:388
IntHookXcrInit
INTSTATUS IntHookXcrInit(void)
Initialize the extended control registers hook state.
Definition: hook_xcr.c:207
_VCPU_STATE::State
CPU_STATE State
The state of this VCPU. Describes what action is the VCPU currently doing.
Definition: guests.h:173
_HOOK_XCR::Context
void * Context
Optional context.
Definition: hook_xcr.h:46
TRUE
#define TRUE
Definition: intro_types.h:30
_HOOK_XCR
Definition: hook_xcr.h:39
HpFreeAndNullWithTag
#define HpFreeAndNullWithTag(Add, Tag)
Definition: glue.h:517
InsertTailList
static void InsertTailList(LIST_ENTRY *ListHead, LIST_ENTRY *Entry)
Definition: introlists.h:135
CPU_STATE_XCR_WRITE
Handling XSETBV.
Definition: guests.h:28
IntDisableXcrNotifications
static INTSTATUS IntDisableXcrNotifications(void)
Definition: callbacks.h:244
InitializeListHead
static void InitializeListHead(LIST_ENTRY *ListHead)
Definition: introlists.h:69
hook_xcr.h
DWORD
uint32_t DWORD
Definition: intro_types.h:49
IC_TAG_XCRS
#define IC_TAG_XCRS
XCR hook state.
Definition: memtags.h:68
gGuest
GUEST_STATE gGuest
The current guest state.
Definition: guests.c:50
_HOOK_XCR::Callback
PFUNC_XcrWriteHookCallback Callback
Callback.
Definition: hook_xcr.h:45
IntEnableXcrNotifications
static INTSTATUS IntEnableXcrNotifications(void)
Definition: callbacks.h:227
INT_STATUS_NOT_INITIALIZED_HINT
#define INT_STATUS_NOT_INITIALIZED_HINT
Definition: introstatus.h:320
INT_STATUS_INVALID_PARAMETER_1
#define INT_STATUS_INVALID_PARAMETER_1
Definition: introstatus.h:62
_XCR_HOOK_STATE::XcrHooksList
LIST_HEAD XcrHooksList
The list of XCR hooks.
Definition: hook_xcr.h:31
gVcpu
VCPU_STATE * gVcpu
The state of the current VCPU.
Definition: guests.c:59
IntHookXcrDeleteHook
static INTSTATUS IntHookXcrDeleteHook(HOOK_XCR *Hook)
Permanently delete an extended control register hook.
Definition: hook_xcr.c:79
_HOOK_XCR::Link
LIST_ENTRY Link
List entry element.
Definition: hook_xcr.h:41
_XCR_HOOK_STATE::HooksCount
INT64 HooksCount
Total number of XCR hooks.
Definition: hook_xcr.h:32
_HOOK_XCR::Xcr
DWORD Xcr
Intercepted XCR.
Definition: hook_xcr.h:43
list_for_each
#define list_for_each(_head, _struct_type, _var)
Definition: introlists.h:41
PFUNC_XcrWriteHookCallback
INTSTATUS(* PFUNC_XcrWriteHookCallback)(void *Context, DWORD Xcr, INTRO_ACTION *Action)
Extended control register write callback.
Definition: hook_xcr.h:19
IntHookXcrRemoveAllHooks
static void IntHookXcrRemoveAllHooks(void)
Remove all extended control register write hooks.
Definition: hook_xcr.c:150
IntHookXcrSetHook
INTSTATUS IntHookXcrSetHook(DWORD Xcr, DWORD Flags, PFUNC_XcrWriteHookCallback Callback, void *Context, HOOK_XCR **Hook)
Set an extended control register write hook.
Definition: hook_xcr.c:11
FALSE
#define FALSE
Definition: intro_types.h:34
INT_STATUS_INSUFFICIENT_RESOURCES
#define INT_STATUS_INSUFFICIENT_RESOURCES
Definition: introstatus.h:281
INT_STATUS_INVALID_PARAMETER_3
#define INT_STATUS_INVALID_PARAMETER_3
Definition: introstatus.h:68