redo usage of EPT, again

Previously, EPT was completely managed by vcpu_t. Current design delegates all EPT management to the user, which gives them more freedom in how they use EPT. More specifically, in previous design it was impossible to create new EPT dynamically, after virtualization has been enabled. This issue is resolved with the new design.
906675869 · Oct 31, 2019 · a2e52fb · a2e52fb
1 parent fb0be3b
commit a2e52fb
Show file tree

Hide file tree

Showing 12 changed files with 328 additions and 146 deletions.
diff --git a/src/hvpp/hvpp/ept.h b/src/hvpp/hvpp/ept.h
@@ -12,8 +12,13 @@ class ept_t final
 {
   public:
     ept_t() noexcept;
+    ept_t(const ept_t& other) noexcept = delete;
+    ept_t(ept_t&& other) noexcept = delete;
     ~ept_t() noexcept;
 
+    ept_t& operator=(const ept_t& other) noexcept = delete;
+    ept_t& operator=(ept_t&& other) noexcept = delete;
+
     void map_identity(epte_t::access_type access = epte_t::access_type::read_write_execute) noexcept;
 
     epte_t* map    (pa_t guest_pa, pa_t host_pa,

diff --git a/src/hvpp/hvpp/hvpp.cpp b/src/hvpp/hvpp/hvpp.cpp
@@ -53,6 +53,43 @@ extern "C" {
 
 #pragma region ept.h
 
+PEPT
+NTAPI
+HvppEptCreate(
+  VOID
+  )
+{
+  return (PEPT)(new ept_t{});
+}
+
+VOID
+NTAPI
+HvppEptDestroy(
+  _In_ PEPT Ept
+  )
+{
+  delete ept_;
+}
+
+VOID
+NTAPI
+HvppEptMapIdentity(
+  _In_ PEPT Ept
+  )
+{
+  ept_->map_identity();
+}
+
+VOID
+NTAPI
+HvppEptMapIdentityEx(
+  _In_ PEPT Ept,
+  _In_ ULONG Access
+  )
+{
+  ept_->map_identity((epte_t::access_type)(Access));
+}
+
 PEPTE
 NTAPI
 HvppEptMap(
@@ -265,7 +302,9 @@ HvppDestroy(
 NTSTATUS
 NTAPI
 HvppStart(
-  _In_ PVMEXIT_HANDLER VmExitHandler
+  _In_ PVMEXIT_HANDLER VmExitHandler,
+  _In_ PVMEXIT_HANDLER_SETUP_ROUTINE SetupRoutine,
+  _In_ PVMEXIT_HANDLER_TEARDOWN_ROUTINE TeardownRoutine
   )
 {
   //
@@ -280,7 +319,7 @@ HvppStart(
   //
 
   hvpp_assert(c_exit_handler == nullptr);
-  c_exit_handler = new vmexit_c_wrapper_handler(c_handlers);
+  c_exit_handler = new vmexit_c_wrapper_handler(c_handlers, SetupRoutine, TeardownRoutine, NULL);
 
   //
   // Start the hypervisor.
@@ -322,11 +361,10 @@ HvppIsRunning(
 VOID
 NTAPI
 HvppVcpuEnableEpt(
-  _In_ PVCPU Vcpu,
-  _In_ USHORT Count
+  _In_ PVCPU Vcpu
   )
 {
-  vcpu_->ept_enable(Count);
+  vcpu_->ept_enable();
 }
 
 VOID
@@ -338,42 +376,23 @@ HvppVcpuDisableEpt(
   vcpu_->ept_disable();
 }
 
-USHORT
+PEPT
 NTAPI
-HvppVcpuGetEptIndex(
+HvppVcpuGetEpt(
   _In_ PVCPU Vcpu
   )
 {
-  return vcpu_->ept_index();
+  return (PEPT)(&vcpu_->ept());
 }
 
 VOID
 NTAPI
-HvppVcpuSetEptIndex(
-  _In_ PVCPU Vcpu,
-  _In_ USHORT Index
-  )
-{
-  vcpu_->ept_index(Index);
-}
-
-PEPT
-NTAPI
-HvppVcpuGetEpt(
+HvppVcpuSetEpt(
   _In_ PVCPU Vcpu,
-  _In_ USHORT Index
-  )
-{
-  return (PEPT)&vcpu_->ept(Index);
-}
-
-PEPT
-NTAPI
-HvppVcpuGetCurrentEpt(
-  _In_ PVCPU Vcpu
+  _In_ PEPT Ept
   )
 {
-  return (PEPT)&vcpu_->ept(vcpu_->ept_index());
+  vcpu_->ept(*(ept_t*)(Ept));
 }
 
 PVCPU_CONTEXT
@@ -382,7 +401,7 @@ HvppVcpuContext(
   _In_ PVCPU Vcpu
   )
 {
-  return (PVCPU_CONTEXT)&vcpu_->context();
+  return (PVCPU_CONTEXT)(&vcpu_->context());
 }
 
 VOID

diff --git a/src/hvpp/hvpp/hvpp.h b/src/hvpp/hvpp/hvpp.h
@@ -827,23 +827,49 @@ typedef PVOID PEPT;
 // VM-exit pass-through handler.
 //////////////////////////////////////////////////////////////////////////
 
-typedef VOID (NTAPI* PVMEXIT_PASSTROUGH_ROUTINE)(
-  _In_ PVOID PassthroughContext
-  );
-
 typedef struct _VMEXIT_PASSTHROUGH
 {
-  PVMEXIT_PASSTROUGH_ROUTINE PassthroughRoutine;
+  PVOID PassthroughRoutine;
   PVOID Context;
   // UCHAR Data[1];
 } VMEXIT_PASSTHROUGH, *PVMEXIT_PASSTHROUGH;
 
-#define HvppVmExitPassthrough(Passthrough)                    \
-  (((PVMEXIT_PASSTHROUGH)(Passthrough))->PassthroughRoutine(Passthrough));
-
-#define HvppVmContext(Passthrough)                            \
+#define HvppPassthroughContext(Passthrough)                   \
   ((PVMEXIT_PASSTHROUGH)(Passthrough)->Context)
 
+//
+// Setup.
+//
+
+typedef NTSTATUS (NTAPI* PVMEXIT_PASSTHROUGH_SETUP_ROUTINE)(
+  _In_ PVOID PassthroughContext
+  );
+
+#define HvppPassthroughSetup(Passthrough)                     \
+  (((PVMEXIT_PASSTHROUGH_SETUP_ROUTINE)(((PVMEXIT_PASSTHROUGH)(Passthrough))->PassthroughRoutine))(Passthrough));
+
+//
+// Teardown.
+//
+
+typedef VOID (NTAPI* PVMEXIT_PASSTHROUGH_TEARDOWN_ROUTINE)(
+  _In_ PVOID PassthroughContext
+  );
+
+#define HvppPassthroughTeardown(Passthrough)                  \
+  (((PVMEXIT_PASSTHROUGH_TEARDOWN_ROUTINE)(((PVMEXIT_PASSTHROUGH)(Passthrough))->PassthroughRoutine))(Passthrough));
+
+//
+// Handler.
+//
+
+typedef VOID (NTAPI* PVMEXIT_PASSTHROUGH_HANDLER_ROUTINE)(
+  _In_ PVOID PassthroughContext
+  );
+
+#define HvppPassthroughHandler(Passthrough)                   \
+  (((PVMEXIT_PASSTHROUGH_HANDLER_ROUTINE)(((PVMEXIT_PASSTHROUGH)(Passthrough))->PassthroughRoutine))(Passthrough));
+
 //////////////////////////////////////////////////////////////////////////
 // VM-exit handler.
 //////////////////////////////////////////////////////////////////////////
@@ -853,6 +879,16 @@ typedef VOID (NTAPI* PVMEXIT_HANDLER_ROUTINE)(
   _In_ PVOID Passthrough
   );
 
+typedef NTSTATUS (NTAPI* PVMEXIT_HANDLER_SETUP_ROUTINE)(
+  _In_ PVCPU Vcpu,
+  _In_ PVOID Passthrough
+  );
+
+typedef VOID (NTAPI* PVMEXIT_HANDLER_TEARDOWN_ROUTINE)(
+  _In_ PVCPU Vcpu,
+  _In_ PVOID Passthrough
+  );
+
 typedef struct _VMEXIT_HANDLER
 {
   PVMEXIT_HANDLER_ROUTINE HandlerRoutine[VMEXIT_REASON_MAX];
@@ -1120,6 +1156,31 @@ typedef struct _EPTE
   };
 } EPTE, *PEPTE;
 
+PEPT
+NTAPI
+HvppEptCreate(
+  VOID
+  );
+
+VOID
+NTAPI
+HvppEptDestroy(
+  _In_ PEPT Ept
+  );
+
+VOID
+NTAPI
+HvppEptMapIdentity(
+  _In_ PEPT Ept
+  );
+
+VOID
+NTAPI
+HvppEptMapIdentityEx(
+  _In_ PEPT Ept,
+  _In_ ULONG Access
+  );
+
 PEPTE
 NTAPI
 HvppEptMap(
@@ -1227,7 +1288,9 @@ HvppDestroy(
 NTSTATUS
 NTAPI
 HvppStart(
-  _In_ PVMEXIT_HANDLER VmExitHandler
+  _In_ PVMEXIT_HANDLER VmExitHandler,
+  _In_ PVMEXIT_HANDLER_SETUP_ROUTINE SetupRoutine,
+  _In_ PVMEXIT_HANDLER_TEARDOWN_ROUTINE TeardownRoutine
   );
 
 VOID
@@ -1253,8 +1316,7 @@ HvppIsRunning(
 VOID
 NTAPI
 HvppVcpuEnableEpt(
-  _In_ PVCPU Vcpu,
-  _In_ USHORT Count
+  _In_ PVCPU Vcpu
   );
 
 VOID
@@ -1263,29 +1325,17 @@ HvppVcpuDisableEpt(
   _In_ PVCPU Vcpu
   );
 
-USHORT
-HvppVcpuGetEptIndex(
-  _In_ PVCPU Vcpu
-  );
-
-VOID
-NTAPI
-HvppVcpuSetEptIndex(
-  _In_ PVCPU Vcpu,
-  _In_ USHORT Index
-  );
-
 PEPT
 NTAPI
 HvppVcpuGetEpt(
-  _In_ PVCPU Vcpu,
-  _In_ USHORT Index
+  _In_ PVCPU Vcpu
   );
 
-PEPT
+VOID
 NTAPI
-HvppVcpuGetCurrentEpt(
-  _In_ PVCPU Vcpu
+HvppVcpuSetEpt(
+  _In_ PVCPU Vcpu,
+  _In_ PEPT Ept
   );
 
 PVCPU_CONTEXT