hypermap.c

Go to the documentation of this file.

/*++
 
Module Name:
 
    hypermap.c
 
Purpose:
 
    This translation unit contains the implementation of the temporary mapping functions. (hyperspace)/s
 
Author:
 
    slep (Matanel) 2025.
 
Revision History:
 
--*/
 
#include "../../includes/mm.h"
#include "../../includes/mh.h"
#include "../../assert.h"
 
// The physical memory offset itself is the hypermap virtual address. This is ruled by not touching the 0x0 - 0x1000 physical addresses AT ALL (you may touch the physical addresses, but not map them with the PhysicalMemoryOffset virtual arithemtic.)
#define HYPERMAP_VIRTUAL_ADDRESS PhysicalMemoryOffset
 
SPINLOCK HyperLock;
PPFN_ENTRY g_pfnInUse;
 
#ifdef PERFORMANCE_ANALYTICS
uint64_t g_HypermappingsDone;
#endif
 
#define LOCK_HYPERSPACE(PtrOldIrql) MsAcquireSpinlock(&HyperLock, PtrOldIrql)
#define UNLOCK_HYPERSPACE(OldIrql) MsReleaseSpinlock(&HyperLock, OldIrql)
 
void*
MiMapPageInHyperspace(
    IN  uint64_t PfnIndex,
    OUT  PIRQL OldIrql
)
 
/*++
 
    Routine description:
 
        Temporary maps the specified PFN Page into hyperspace and returns the virtual address mapped into.
 
            ************************************
            *                                  *
            * Returns with a spin lock held!!! * // thanks lou
            *                                  *
            ************************************
 
 
    Arguments:
 
        [IN]    PfnIndex - Page frame index to map.
        [OUT]    OldIrql - Pointer to store entry IRQL.
 
    Return Values:
 
        Valid Pointer to mapped region.
 
--*/
 
{
    // First, lock the hyperspace.
    LOCK_HYPERSPACE (OldIrql);
 
    // Map the PFN into the page.
    // We do not send an IPI, as we are in a spinlock.
    // Besides, an IPI does not need to be used here, as the hyperspace is a one CPU exclusive object, 2 cpus cannot use it at the same time
    // so their TLBs do not need to be updated for this VA.
    PPFN_ENTRY pfn = INDEX_TO_PPFN (PfnIndex);
    uint64_t physAddr = PPFN_TO_PHYSICAL_ADDRESS (pfn);
    PMMPTE pte = MiGetPtePointer(HYPERMAP_VIRTUAL_ADDRESS);
    MI_WRITE_PTE_NO_IPI(pte, HYPERMAP_VIRTUAL_ADDRESS, physAddr, PAGE_PRESENT | PAGE_RW);
 
    // Set PFN metadata.
    pfn->State = PfnStateActive;
    pfn->Descriptor.Mapping.PteAddress = pte;
    pfn->Descriptor.Mapping.Vad = NULL;
    g_pfnInUse = pfn;
 
#ifdef PERFORMANCE_ANALYTICS
    // No need for atomic increment, we are under spinlock.
    g_HypermappingsDone++;
#endif
 
    // Return the virtual address (now mapped)
    return (void*)HYPERMAP_VIRTUAL_ADDRESS;
}
 
void
MiUnmapHyperSpaceMap(
    IN  IRQL OldIrql
)
 
/*++
 
    Routine description:
 
        Unlocks the hyperspace, clears previous mapping.
 
    Arguments:
 
        [IN]    OldIrql - Entry IRQL given by MiMapPageInHyperspace
 
    Return Values:
 
        None.
 
    Notes:
 
        Does not release the PFN that was given, caller must do so.
 
--*/
 
{
    // Assertion that the hyperspace lock must be locked already (double unlock catch)
    assert((HyperLock.locked) == 1, "Double hypermap unlock");
    assert((g_pfnInUse) != 0, "No PFN when releasing hyperspace.");
    PPFN_ENTRY pfn = g_pfnInUse;
 
    // Clear the PTE present bit (to prevent use after free)
    MiGetPtePointer(HYPERMAP_VIRTUAL_ADDRESS)->Hard.Present = 0;
    invlpg((void*)HYPERMAP_VIRTUAL_ADDRESS); // No need to call the MiInvalidateTlb (IPI) as this addr is spinlock protected (and next access rewrites the PTE and does invplg in MI_WRITE_PTE)
 
    // After MiUnmapPte changed the pfn metadata, we change it once again to invalidate it.
    pfn->Descriptor.Mapping.PteAddress = NULL;
    pfn->Descriptor.Mapping.Vad = NULL;
    pfn->State = PfnStateTransition;
    g_pfnInUse = NULL;
 
    // We do not release the PFN, caller must do so, because it might have other uses with it.
 
    // Unlock the hyperspace.
    UNLOCK_HYPERSPACE (OldIrql);
}