d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f6ef5ddaa4
freebsd-dev/sys/compat/ndis/subr_hal.c
Bill Paul d8f2dda739 Add support for Windows/x86-64 binaries to Project Evil. 
Ville-Pertti Keinonen (will at exomi dot comohmygodnospampleasekthx)
deserves a big thanks for submitting initial patches to make it
work. I have mangled his contributions appropriately.

The main gotcha with Windows/x86-64 is that Microsoft uses a different
calling convention than everyone else. The standard ABI requires using
6 registers for argument passing, with other arguments on the stack.
Microsoft uses only 4 registers, and requires the caller to leave room
on the stack for the register arguments incase the callee needs to
spill them. Unlike x86, where Microsoft uses a mix of _cdecl, _stdcall
and _fastcall, all routines on Windows/x86-64 uses the same convention.
This unfortunately means that all the functions we export to the
driver require an intermediate translation wrapper. Similarly, we have
to wrap all calls back into the driver binary itself.

The original patches provided macros to wrap every single routine at
compile time, providing a secondary jump table with a customized
wrapper for each exported routine. I decided to use a different approach:
the call wrapper for each function is created from a template at
runtime, and the routine to jump to is patched into the wrapper as
it is created. The subr_pe module has been modified to patch in the
wrapped function instead of the original. (On x86, the wrapping
routine is a no-op.)

There are some minor API differences that had to be accounted for:

- KeAcquireSpinLock() is a real function on amd64, not a macro wrapper
  around KfAcquireSpinLock()
- NdisFreeBuffer() is actually IoFreeMdl(). I had to change the whole
  NDIS_BUFFER API a bit to accomodate this.

Bugs fixed along the way:
- IoAllocateMdl() always returned NULL
- kern_windrv.c:windrv_unload() wasn't releasing private driver object
  extensions correctly (found thanks to memguard)

This has only been tested with the driver for the Broadcom 802.11g
chipset, which was the only Windows/x86-64 driver I could find.
2005-02-16 05:41:18 +00:00

413 lines
11 KiB
C
Raw Blame History

/*-
* Copyright (c) 2003
* Bill Paul <wpaul@windriver.com>. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Bill Paul.
* 4. Neither the name of the author nor the names of any co-contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/errno.h>
#include <sys/callout.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/sched.h>
#include <sys/module.h>
#include <sys/systm.h>
#include <machine/clock.h>
#include <machine/bus_memio.h>
#include <machine/bus_pio.h>
#include <machine/bus.h>
#include <sys/bus.h>
#include <sys/rman.h>
#include <compat/ndis/pe_var.h>
#include <compat/ndis/ntoskrnl_var.h>
#include <compat/ndis/hal_var.h>
__stdcall static void KeStallExecutionProcessor(uint32_t);
__stdcall static void WRITE_PORT_BUFFER_ULONG(uint32_t *,
uint32_t *, uint32_t);
__stdcall static void WRITE_PORT_BUFFER_USHORT(uint16_t *,
uint16_t *, uint32_t);
__stdcall static void WRITE_PORT_BUFFER_UCHAR(uint8_t *,
uint8_t *, uint32_t);
__stdcall static void WRITE_PORT_ULONG(uint32_t *, uint32_t);
__stdcall static void WRITE_PORT_USHORT(uint16_t *, uint16_t);
__stdcall static void WRITE_PORT_UCHAR(uint8_t *, uint8_t);
__stdcall static uint32_t READ_PORT_ULONG(uint32_t *);
__stdcall static uint16_t READ_PORT_USHORT(uint16_t *);
__stdcall static uint8_t READ_PORT_UCHAR(uint8_t *);
__stdcall static void READ_PORT_BUFFER_ULONG(uint32_t *,
uint32_t *, uint32_t);
__stdcall static void READ_PORT_BUFFER_USHORT(uint16_t *,
uint16_t *, uint32_t);
__stdcall static void READ_PORT_BUFFER_UCHAR(uint8_t *,
uint8_t *, uint32_t);
__stdcall static uint64_t KeQueryPerformanceCounter(uint64_t *);
__stdcall static void dummy (void);
extern struct mtx_pool *ndis_mtxpool;
int
hal_libinit()
{
image_patch_table *patch;
patch = hal_functbl;
while (patch->ipt_func != NULL) {
windrv_wrap((funcptr)patch->ipt_func,
(funcptr *)&patch->ipt_wrap);
patch++;
}
return(0);
}
int
hal_libfini()
{
image_patch_table *patch;
patch = hal_functbl;
while (patch->ipt_func != NULL) {
windrv_unwrap(patch->ipt_wrap);
patch++;
}
return(0);
}
__stdcall static void
KeStallExecutionProcessor(usecs)
uint32_t usecs;
{
DELAY(usecs);
return;
}
__stdcall static void
WRITE_PORT_ULONG(port, val)
uint32_t *port;
uint32_t val;
{
bus_space_write_4(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port, val);
return;
}
__stdcall static void
WRITE_PORT_USHORT(port, val)
uint16_t *port;
uint16_t val;
{
bus_space_write_2(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port, val);
return;
}
__stdcall static void
WRITE_PORT_UCHAR(port, val)
uint8_t *port;
uint8_t val;
{
bus_space_write_1(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port, val);
return;
}
__stdcall static void
WRITE_PORT_BUFFER_ULONG(port, val, cnt)
uint32_t *port;
uint32_t *val;
uint32_t cnt;
{
bus_space_write_multi_4(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
__stdcall static void
WRITE_PORT_BUFFER_USHORT(port, val, cnt)
uint16_t *port;
uint16_t *val;
uint32_t cnt;
{
bus_space_write_multi_2(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
__stdcall static void
WRITE_PORT_BUFFER_UCHAR(port, val, cnt)
uint8_t *port;
uint8_t *val;
uint32_t cnt;
{
bus_space_write_multi_1(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
__stdcall static uint16_t
READ_PORT_USHORT(port)
uint16_t *port;
{
return(bus_space_read_2(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port));
}
__stdcall static uint32_t
READ_PORT_ULONG(port)
uint32_t *port;
{
return(bus_space_read_4(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port));
}
__stdcall static uint8_t
READ_PORT_UCHAR(port)
uint8_t *port;
{
return(bus_space_read_1(NDIS_BUS_SPACE_IO, 0x0, (bus_size_t)port));
}
__stdcall static void
READ_PORT_BUFFER_ULONG(port, val, cnt)
uint32_t *port;
uint32_t *val;
uint32_t cnt;
{
bus_space_read_multi_4(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
__stdcall static void
READ_PORT_BUFFER_USHORT(port, val, cnt)
uint16_t *port;
uint16_t *val;
uint32_t cnt;
{
bus_space_read_multi_2(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
__stdcall static void
READ_PORT_BUFFER_UCHAR(port, val, cnt)
uint8_t *port;
uint8_t *val;
uint32_t cnt;
{
bus_space_read_multi_1(NDIS_BUS_SPACE_IO, 0x0,
(bus_size_t)port, val, cnt);
return;
}
/*
* The spinlock implementation in Windows differs from that of FreeBSD.
* The basic operation of spinlocks involves two steps: 1) spin in a
* tight loop while trying to acquire a lock, 2) after obtaining the
* lock, disable preemption. (Note that on uniprocessor systems, you're
* allowed to skip the first step and just lock out pre-emption, since
* it's not possible for you to be in contention with another running
* thread.) Later, you release the lock then re-enable preemption.
* The difference between Windows and FreeBSD lies in how preemption
* is disabled. In FreeBSD, it's done using critical_enter(), which on
* the x86 arch translates to a cli instruction. This masks off all
* interrupts, and effectively stops the scheduler from ever running
* so _nothing_ can execute except the current thread. In Windows,
* preemption is disabled by raising the processor IRQL to DISPATCH_LEVEL.
* This stops other threads from running, but does _not_ block device
* interrupts. This means ISRs can still run, and they can make other
* threads runable, but those other threads won't be able to execute
* until the current thread lowers the IRQL to something less than
* DISPATCH_LEVEL.
*
* There's another commonly used IRQL in Windows, which is APC_LEVEL.
* An APC is an Asynchronous Procedure Call, which differs from a DPC
* (Defered Procedure Call) in that a DPC is queued up to run in
* another thread, while an APC runs in the thread that scheduled
* it (similar to a signal handler in a UNIX process). We don't
* actually support the notion of APCs in FreeBSD, so for now, the
* only IRQLs we're interested in are DISPATCH_LEVEL and PASSIVE_LEVEL.
*
* To simulate DISPATCH_LEVEL, we raise the current thread's priority
* to PI_REALTIME, which is the highest we can give it. This should,
* if I understand things correctly, prevent anything except for an
* interrupt thread from preempting us. PASSIVE_LEVEL is basically
* everything else.
*
* Be aware that, at least on the x86 arch, the Windows spinlock
* functions are divided up in peculiar ways. The actual spinlock
* functions are KfAcquireSpinLock() and KfReleaseSpinLock(), and
* they live in HAL.dll. Meanwhile, KeInitializeSpinLock(),
* KefAcquireSpinLockAtDpcLevel() and KefReleaseSpinLockFromDpcLevel()
* live in ntoskrnl.exe. Most Windows source code will call
* KeAcquireSpinLock() and KeReleaseSpinLock(), but these are just
* macros that call KfAcquireSpinLock() and KfReleaseSpinLock().
* KefAcquireSpinLockAtDpcLevel() and KefReleaseSpinLockFromDpcLevel()
* perform the lock aquisition/release functions without doing the
* IRQL manipulation, and are used when one is already running at
* DISPATCH_LEVEL. Make sense? Good.
*
* According to the Microsoft documentation, any thread that calls
* KeAcquireSpinLock() must be running at IRQL <= DISPATCH_LEVEL. If
* we detect someone trying to acquire a spinlock from DEVICE_LEVEL
* or HIGH_LEVEL, we panic.
*/
__fastcall uint8_t
KfAcquireSpinLock(REGARGS1(kspin_lock *lock))
{
uint8_t oldirql;
/* I am so going to hell for this. */
if (KeGetCurrentIrql() > DISPATCH_LEVEL)
panic("IRQL_NOT_LESS_THAN_OR_EQUAL");
oldirql = FASTCALL1(KfRaiseIrql, DISPATCH_LEVEL);
FASTCALL1(KefAcquireSpinLockAtDpcLevel, lock);
return(oldirql);
}
__fastcall void
KfReleaseSpinLock(REGARGS2(kspin_lock *lock, uint8_t newirql))
{
FASTCALL1(KefReleaseSpinLockFromDpcLevel, lock);
FASTCALL1(KfLowerIrql, newirql);
return;
}
__stdcall uint8_t
KeGetCurrentIrql(void)
{
if (AT_DISPATCH_LEVEL(curthread))
return(DISPATCH_LEVEL);
return(PASSIVE_LEVEL);
}
__stdcall static uint64_t
KeQueryPerformanceCounter(freq)
uint64_t *freq;
{
if (freq != NULL)
*freq = hz;
return((uint64_t)ticks);
}
__fastcall uint8_t
KfRaiseIrql(REGARGS1(uint8_t irql))
{
uint8_t oldirql;
if (irql < KeGetCurrentIrql())
panic("IRQL_NOT_LESS_THAN");
if (KeGetCurrentIrql() == DISPATCH_LEVEL)
return(DISPATCH_LEVEL);
mtx_lock_spin(&sched_lock);
oldirql = curthread->td_base_pri;
sched_prio(curthread, PI_REALTIME);
#if __FreeBSD_version < 600000
curthread->td_base_pri = PI_REALTIME;
#endif
mtx_unlock_spin(&sched_lock);
return(oldirql);
}
__fastcall void
KfLowerIrql(REGARGS1(uint8_t oldirql))
{
if (oldirql == DISPATCH_LEVEL)
return;
if (KeGetCurrentIrql() != DISPATCH_LEVEL)
panic("IRQL_NOT_GREATER_THAN");
mtx_lock_spin(&sched_lock);
#if __FreeBSD_version < 600000
curthread->td_base_pri = oldirql;
#endif
sched_prio(curthread, oldirql);
mtx_unlock_spin(&sched_lock);
return;
}
__stdcall
static void dummy()
{
printf ("hal dummy called...\n");
return;
}
image_patch_table hal_functbl[] = {
IMPORT_FUNC(KeStallExecutionProcessor),
IMPORT_FUNC(WRITE_PORT_ULONG),
IMPORT_FUNC(WRITE_PORT_USHORT),
IMPORT_FUNC(WRITE_PORT_UCHAR),
IMPORT_FUNC(WRITE_PORT_BUFFER_ULONG),
IMPORT_FUNC(WRITE_PORT_BUFFER_USHORT),
IMPORT_FUNC(WRITE_PORT_BUFFER_UCHAR),
IMPORT_FUNC(READ_PORT_ULONG),
IMPORT_FUNC(READ_PORT_USHORT),
IMPORT_FUNC(READ_PORT_UCHAR),
IMPORT_FUNC(READ_PORT_BUFFER_ULONG),
IMPORT_FUNC(READ_PORT_BUFFER_USHORT),
IMPORT_FUNC(READ_PORT_BUFFER_UCHAR),
IMPORT_FUNC(KfAcquireSpinLock),
IMPORT_FUNC(KfReleaseSpinLock),
IMPORT_FUNC(KeGetCurrentIrql),
IMPORT_FUNC(KeQueryPerformanceCounter),
IMPORT_FUNC(KfLowerIrql),
IMPORT_FUNC(KfRaiseIrql),
/*
* This last entry is a catch-all for any function we haven't
* implemented yet. The PE import list patching routine will
* use it for any function that doesn't have an explicit match
* in this table.
*/
{ NULL, (FUNC)dummy, NULL },
/* End of list. */
{ NULL, NULL, NULL }
};
Reference in New Issue View Git Blame Copy Permalink