[NTOS:KE/x64] Implement KeDisconnectInterrupt() for amd64 (#4883)

Choose the correct element of the KiUnexpectedRange array, depending on the interrupt vector, the same way as here: a2c6af0da4/ntoskrnl/ke/amd64/except.c (L77) And guard KeConnectInterrupt() execution with dispatcher lock. CORE-14922
2025-04-03 20:21:17 +00:00 · 2022-11-22 21:52:18 +01:00 · 2022-11-22 21:52:18 +01:00 · edb7575faa
commit edb7575faa
parent d15f126143
1 changed files with 76 additions and 10 deletions
--- a/ntoskrnl/ke/amd64/interrupt.c
+++ b/ntoskrnl/ke/amd64/interrupt.c
@ -17,8 +17,8 @@
 #include <debug.h>

 extern UCHAR KiInterruptDispatchTemplate[16];
-extern UCHAR KiUnexpectedRange[];
-extern UCHAR KiUnexpectedRangeEnd[];
+extern KI_INTERRUPT_DISPATCH_ENTRY KiUnexpectedRange[256];
+extern KI_INTERRUPT_DISPATCH_ENTRY KiUnexpectedRangeEnd[];
 void KiInterruptDispatch(void);


@ -82,6 +82,7 @@ KeConnectInterrupt(IN PKINTERRUPT Interrupt)
 {
    PVOID CurrentHandler;
    PKINTERRUPT ConnectedInterrupt;
+    KIRQL OldIrql;

    ASSERT(Interrupt->Vector >= PRIMARY_VECTOR_BASE);
    ASSERT(Interrupt->Vector <= MAXIMUM_IDTVECTOR);
@ -93,6 +94,10 @@ KeConnectInterrupt(IN PKINTERRUPT Interrupt)
    /* Check if its already connected */
    if (Interrupt->Connected) return TRUE;

+    /* Set the system affinity and acquire the dispatcher lock */
+    KeSetSystemAffinityThread(1ULL << Interrupt->Number);
+    OldIrql = KiAcquireDispatcherLock();
+
    /* Query the current handler */
    CurrentHandler = KeQueryInterruptHandler(Interrupt->Vector);

@ -118,7 +123,7 @@ KeConnectInterrupt(IN PKINTERRUPT Interrupt)
            /* Didn't work, restore old handler */
            DPRINT1("HalEnableSystemInterrupt failed\n");
            KeRegisterInterruptHandler(Interrupt->Vector, CurrentHandler);
-            return FALSE;
+            goto Cleanup;
        }
    }
    else
@ -131,7 +136,7 @@ KeConnectInterrupt(IN PKINTERRUPT Interrupt)
            (ConnectedInterrupt->ShareVector == 0) ||
            (Interrupt->Mode != ConnectedInterrupt->Mode))
        {
-            return FALSE;
+            goto Cleanup;
        }

        /* Insert the new interrupt into the connected interrupt's list */
@ -142,21 +147,82 @@ KeConnectInterrupt(IN PKINTERRUPT Interrupt)
    /* Mark as connected */
    Interrupt->Connected = TRUE;

-    return TRUE;
+Cleanup:
+    /* Release the dispatcher lock and restore the thread affinity */
+    KiReleaseDispatcherLock(OldIrql);
+    KeRevertToUserAffinityThread();
+    return Interrupt->Connected;
 }

 BOOLEAN
 NTAPI
 KeDisconnectInterrupt(IN PKINTERRUPT Interrupt)
 {
-    /* If the interrupt wasn't connected, there's nothing to do */
-    if (!Interrupt->Connected)
+    KIRQL OldIrql;
+    PVOID VectorHandler, UnexpectedHandler;
+    PKINTERRUPT VectorFirstInterrupt, NextInterrupt;
+    PLIST_ENTRY HandlerHead;
+
+    /* Set the system affinity and acquire the dispatcher lock */
+    KeSetSystemAffinityThread(1ULL << Interrupt->Number);
+    OldIrql = KiAcquireDispatcherLock();
+
+    /* Check if the interrupt was connected - otherwise there's nothing to do */
+    if (Interrupt->Connected)
    {
-        return FALSE;
+        /* Get the handler for this interrupt vector */
+        VectorHandler = KeQueryInterruptHandler(Interrupt->Vector);
+
+        /* Get the first interrupt for this handler */
+        VectorFirstInterrupt = CONTAINING_RECORD(VectorHandler, KINTERRUPT, DispatchCode);
+
+        /* The first interrupt list entry is the interrupt list head */
+        HandlerHead = &VectorFirstInterrupt->InterruptListEntry;
+
+        /* If the list is empty, this is the only interrupt for this vector */
+        if (IsListEmpty(HandlerHead))
+        {
+            /* If the list is empty, and the head is not from this interrupt,
+             * this interrupt is somehow incorrectly connected */
+            ASSERT(VectorFirstInterrupt == Interrupt);
+
+            UnexpectedHandler = &KiUnexpectedRange[Interrupt->Vector]._Op_push;
+
+            /* This is the only interrupt, the handler can be disconnected */
+            HalDisableSystemInterrupt(Interrupt->Vector, Interrupt->Irql);
+            KeRegisterInterruptHandler(Interrupt->Vector, UnexpectedHandler);
+        }
+        /* If the interrupt to be disconnected is the list head, but some others follow */
+        else if (VectorFirstInterrupt == Interrupt)
+        {
+            /* Relocate the head to the next element */
+            HandlerHead = HandlerHead->Flink;
+            RemoveTailList(HandlerHead);
+
+            /* Get the next interrupt from the list head */
+            NextInterrupt = CONTAINING_RECORD(HandlerHead,
+                                              KINTERRUPT,
+                                              InterruptListEntry);
+
+            /* Set the next interrupt as the handler for this vector */
+            KeRegisterInterruptHandler(Interrupt->Vector,
+                                       NextInterrupt->DispatchCode);
+        }
+        /* If the interrupt to be disconnected is not the list head */
+        else
+        {
+            /* Remove the to be disconnected interrupt from the interrupt list */
+            RemoveEntryList(&Interrupt->InterruptListEntry);
+        }
+
+        /* Mark as not connected */
+        Interrupt->Connected = FALSE;
    }

-    UNIMPLEMENTED;
-    __debugbreak();
+    /* Release the dispatcher lock and restore the thread affinity */
+    KiReleaseDispatcherLock(OldIrql);
+    KeRevertToUserAffinityThread();
+
    return TRUE;
 }