diff --git a/hypervisor/Cargo.toml b/hypervisor/Cargo.toml index 5339a7b..e157e92 100644 --- a/hypervisor/Cargo.toml +++ b/hypervisor/Cargo.toml @@ -9,11 +9,6 @@ edition = "2021" name = "hypervisor" path = "src/lib.rs" -[features] -default = [] -test-windows-uefi-hooks = [] # Enables testing Windows UEFI hooks at runtime. -hyperv = [] # Enables Hyper-V hypervisor support. - [dependencies] x86 = "0.52.0" # https://crates.io/crates/x86 x86_64 = "0.15.0" # https://crates.io/crates/x86_64 diff --git a/hypervisor/src/intel/vmexit/cpuid.rs b/hypervisor/src/intel/vmexit/cpuid.rs index 8f8ecf7..8ac1f2b 100644 --- a/hypervisor/src/intel/vmexit/cpuid.rs +++ b/hypervisor/src/intel/vmexit/cpuid.rs @@ -5,11 +5,9 @@ use { crate::{ error::HypervisorError, intel::{ - hooks::{hook_manager::EptHookType, inline::InlineHookType}, vm::Vm, vmexit::{commands::handle_guest_commands, ExitType}, }, - windows::nt::pe::djb2_hash, }, bitfield::BitMut, log::*, @@ -127,28 +125,30 @@ pub fn handle_cpuid(vm: &mut Vm) -> Result { } leaf if leaf == CpuidLeaf::CacheInformation as u32 => { trace!("CPUID leaf 0x2 detected (Cache Information)."); - if vm.hook_manager.has_cpuid_cache_info_been_called == false && cfg!(feature = "test-windows-uefi-hooks") { - trace!("Register state before handling VM exit: {:#x?}", vm.guest_registers); + if vm.hook_manager.has_cpuid_cache_info_been_called == false { + /* + // Test UEFI boot-time hooks if let Some(mut kernel_hook) = vm.hook_manager.kernel_hook.take() { info!("Hooking NtQuerySystemInformation with syscall number 0x36"); - kernel_hook.enable_kernel_ept_hook( vm, - djb2_hash("NtQuerySystemInformation".as_bytes()), - EptHookType::Function(InlineHookType::Vmcall), + crate::windows::nt::pe::djb2_hash("NtQuerySystemInformation".as_bytes()), + crate::intel::hooks::hook_manager::EptHookType::Function(crate::intel::hooks::inline::InlineHookType::Vmcall), + )?; + kernel_hook.enable_syscall_ept_hook( + vm, + 0x32, + crate::intel::hooks::hook_manager::EptHookType::Function(crate::intel::hooks::inline::InlineHookType::Vmcall), )?; - - kernel_hook.enable_syscall_ept_hook(vm, 0x32, EptHookType::Function(InlineHookType::Vmcall))?; - // Place the kernel hook back in the box vm.hook_manager.kernel_hook = Some(kernel_hook); - // Set the flag vm.hook_manager.has_cpuid_cache_info_been_called = true; } else { return Err(HypervisorError::KernelHookMissing); } + */ } } leaf if leaf == CpuidLeaf::ExtendedFeatureInformation as u32 => { @@ -163,14 +163,14 @@ pub fn handle_cpuid(vm: &mut Vm) -> Result { cpuid_result.ecx = 0x6e6f6973; // "nois", part of "Illusion" (in reverse order due to little-endian storage). cpuid_result.edx = 0x00000000; // Filled with null bytes as there are no more characters to encode. } - leaf if leaf == CpuidLeaf::HypervisorInterface as u32 && cfg!(feature = "hyperv") => { + leaf if leaf == CpuidLeaf::HypervisorInterface as u32 => { trace!("CPUID leaf 0x40000001 detected (Hypervisor Interface Identification)."); // Return information indicating the hypervisor's interface. // Here, we specify that our hypervisor does not conform to the Microsoft hypervisor interface ("Hv#1"). - cpuid_result.eax = 0x00000000; // Interface signature indicating non-conformance to Microsoft interface. - cpuid_result.ebx = 0x00000000; // Reserved field set to zero. - cpuid_result.ecx = 0x00000000; // Reserved field set to zero. - cpuid_result.edx = 0x00000000; // Reserved field set to zero. + // cpuid_result.eax = 0x00000000; // Interface signature indicating non-conformance to Microsoft interface. + // cpuid_result.ebx = 0x00000000; // Reserved field set to zero. + // cpuid_result.ecx = 0x00000000; // Reserved field set to zero. + // cpuid_result.edx = 0x00000000; // Reserved field set to zero. } _ => trace!("CPUID leaf 0x{leaf:X}."), } diff --git a/hypervisor/src/intel/vmexit/msr.rs b/hypervisor/src/intel/vmexit/msr.rs index 3de83bf..7edf8bd 100644 --- a/hypervisor/src/intel/vmexit/msr.rs +++ b/hypervisor/src/intel/vmexit/msr.rs @@ -50,7 +50,7 @@ pub fn handle_msr_access(vm: &mut Vm, access_type: MsrAccessType) -> Result = 0x00000000..=0x00001FFF; const MSR_VALID_RANGE_HIGH: RangeInclusive = 0xC0000000..=0xC0001FFF; - // const MSR_HYPERV_RANGE: RangeInclusive = 0x40000000..=0x400000F0; + const MSR_HYPERV_RANGE: RangeInclusive = 0x40000000..=0x400000F0; // Define the VMX lock bit for IA32_FEATURE_CONTROL MSR const VMX_LOCK_BIT: u64 = 1 << 0; @@ -60,7 +60,7 @@ pub fn handle_msr_access(vm: &mut Vm, access_type: MsrAccessType) -> Result Result { update_guest_interrupt_flag(vm, false)?; Ok(ExitType::Continue) - } else if cfg!(feature = "hyperv") { - // If the address is not a hook and we are running under hyper-v forward it. - debug!("Hyper-V VMCALL detected and handled."); - asm_hyperv_vmcall(vm.guest_registers.rcx, vm.guest_registers.rdx, vm.guest_registers.r8); - Ok(ExitType::IncrementRIP) } else { EventInjection::vmentry_inject_gp(0); Ok(ExitType::Continue) diff --git a/uefi/Cargo.toml b/uefi/Cargo.toml index a5eb0c6..f9daf7d 100644 --- a/uefi/Cargo.toml +++ b/uefi/Cargo.toml @@ -9,10 +9,6 @@ edition = "2021" name = "illusion" path = "src/main.rs" -[features] -default = ["hyperv"] # Enables Hyper-V hypervisor support. -hyperv = [] # Enables Hyper-V hypervisor support. - [dependencies] uefi = { version = "0.28.0", features = ["global_allocator", "alloc"] } # https://crates.io/crates/uefi uefi-services = { version = "0.25.0", default-features = false } # https://crates.io/crates/uefi-services @@ -20,5 +16,4 @@ log = { version = "0.4.20", default-features = false } # https://crates.io/crate once_cell = "1.19.0" # https://crates.io/crates/once_cell spin = "0.9" # https://crates.io/crates/spin com_logger = "0.1.1" # https://crates.io/crates/com_logger -hypervisor = { path = "../hypervisor", default-features = false, features = ["hyperv"] } # Diable hooks by default but keep Hyper-V support. -#hypervisor = { path = "../hypervisor", default-features = false, features = ["hyperv", "test-windows-uefi-hooks"] } # Enable Hyper-V support and hooks for testing. \ No newline at end of file +hypervisor = { path = "../hypervisor" } \ No newline at end of file diff --git a/uefi/src/processor.rs b/uefi/src/processor.rs index f683df0..f460342 100644 --- a/uefi/src/processor.rs +++ b/uefi/src/processor.rs @@ -19,34 +19,28 @@ use { /// /// A result indicating the success or failure of starting the hypervisor. pub fn start_hypervisor_on_all_processors(boot_services: &BootServices) -> uefi::Result<()> { - if cfg!(feature = "hyperv") { - warn!("Hyper-V feature is enabled"); - start_hypervisor(); - // Multi-processor initialization is not supported in Hyper-V mode yet (ACPI). - } else { - let handle = boot_services.get_handle_for_protocol::()?; - let mp_services = boot_services.open_protocol_exclusive::(handle)?; - let processor_count = mp_services.get_number_of_processors()?; + let handle = boot_services.get_handle_for_protocol::()?; + let mp_services = boot_services.open_protocol_exclusive::(handle)?; + let processor_count = mp_services.get_number_of_processors()?; - info!("Total processors: {}", processor_count.total); - info!("Enabled processors: {}", processor_count.enabled); + info!("Total processors: {}", processor_count.total); + info!("Enabled processors: {}", processor_count.enabled); - if processor_count.enabled == 1 { - info!("Found only one processor, virtualizing it"); - start_hypervisor(); - } else { - info!("Found multiple processors, virtualizing all of them"); - - // Don't forget to virtualize this thread... - start_hypervisor(); + if processor_count.enabled == 1 { + info!("Found only one processor, virtualizing it"); + start_hypervisor(); + } else { + info!("Found multiple processors, virtualizing all of them"); - // Virtualize all other threads... - mp_services.startup_all_aps(true, start_hypervisor_on_ap as _, core::ptr::null_mut(), None, None)?; - } + // Don't forget to virtualize this thread... + start_hypervisor(); - info!("The hypervisor has been installed successfully!"); + // Virtualize all other threads... + mp_services.startup_all_aps(true, start_hypervisor_on_ap as _, core::ptr::null_mut(), None, None)?; } + info!("The hypervisor has been installed successfully!"); + Ok(()) }