Bitdefender Hypervisor Memory Introspection
Data Structures | Macros | Functions | Variables
handlers.c File Reference
#include "handlers.h"
#include "defs.h"
#include "common.h"
#include "hvmi.h"

Go to the source code of this file.

Data Structures

struct  inactive_task_frame
 

Macros

#define current_task
 
#define current_cpu
 

Functions

 def_detour_vars (commit_creds)
 
 def_detour_vars (arch_jump_label_transform)
 
 def_detour_vars (module_param_sysfs_setup)
 
 def_detour_vars (module_param_sysfs_remove)
 
 def_detour_vars (wake_up_new_task)
 
 def_detour_vars (flush_old_exec)
 
 def_detour_vars (begin_new_exec)
 
 def_detour_vars (do_exit)
 
 def_detour_vars (arch_ptrace)
 
 def_detour_vars (compat_arch_ptrace)
 
 def_detour_vars (process_vm_rw_core)
 
 def_detour_vars (__vma_link_rb)
 
 def_detour_vars (change_protection)
 
 def_detour_vars (vma_adjust)
 
 def_detour_vars (__vma_adjust)
 
 def_detour_vars (vma_rb_erase)
 
 def_detour_vars (__vma_rb_erase)
 
 def_detour_vars (expand_downwards)
 
 def_detour_vars (complete_signal)
 
 def_detour_vars (text_poke)
 
 def_detour_vars (__text_poke)
 
 def_detour_vars (ftrace_write)
 
 def_detour_vars (panic)
 
 def_detour_vars (crash_kexec)
 
 def_detour_vars (__access_remote_vm)
 
 def_detour_hijack_vars (mprotect_fixup, vma_wants_writenotify)
 
 def_detour_hijack_vars (do_munmap, rb_erase)
 
 def_detour_hijack_vars (vma_adjust, rb_erase)
 
static __default_fn_attr bool is_detour_enabled (DETOUR_ID id)
 
static __default_fn_attr size_t vmcall (DETOUR_ID id)
 
__default_fn_attr char * d_path (void *path_struct)
 
__default_fn_attr void * _memcpy (void *dest, const void *src, size_t len)
 
__default_fn_attr void store_regs (void)
 
__default_fn_attr void commit_creds (long *creds)
 
__default_fn_attr void module_param_sysfs_setup (void *module)
 
__default_fn_attr void module_param_sysfs_remove (void *module)
 
__default_fn_attr void wake_up_new_task (long task)
 
__default_fn_attr int flush_old_exec (long binprm)
 
__default_fn_attr int begin_new_exec (long binprm)
 
__default_fn_attr void do_exit (long code)
 
__default_fn_attr long arch_ptrace (long child, long request)
 
__default_fn_attr size_t process_vm_rw_core (int pid, void *iter, void *rvec, unsigned long riovcnt, unsigned long flags, int vm_write)
 
__default_fn_attr void __vma_link_rb (void *mm, void *vma, void **rb_link, void *rb_parent)
 
__default_fn_attr void change_protection (long vma, unsigned long start, unsigned long end, unsigned long newprot, int dirty_accountable, int prot_numa)
 
__default_fn_attr void pre_vma_adjust (long vma, unsigned long start, unsigned long end, unsigned long pgoff, void *insert, void *expand, long *skip_call, long *saved_vma, long *next, long *prev)
 
__default_fn_attr void vma_adjust (long _vma, unsigned long _start, unsigned long _end, unsigned long _pgoff, void *_insert, void *_expand, long *_skip_call, long saved_vma, long next, long prev)
 
__default_fn_attr void vma_rb_erase (long vma, void *root)
 
__default_fn_attr void expand_downwards (long vma, unsigned long address)
 
__default_fn_attr int complete_signal (int sig, void *task, enum pid_type type)
 
__default_fn_attr void text_poke (void *addr, const void *opcode, size_t len)
 
__default_fn_attr void ftrace_write (unsigned long ip, const char *val, int size)
 
__default_fn_attr void panic (const char *fmt)
 
__default_fn_attr void arch_jump_label_transform (void *entry, enum jump_label_type type)
 
__default_fn_attr void __access_remote_vm (void *task, void *mm, unsigned long addr, void *buf, int len, unsigned int gup_flags)
 
__default_fn_attr void do_munmap_rb_erase (unsigned long vma_vm_rb, unsigned long mm_mm_rb)
 
__default_fn_attr void vma_adjust_rb_erase (unsigned long vma_vm_rb, unsigned long mm_mm_rb)
 
__default_fn_attr void mprotect_fixup_vma_wants_writenotify (unsigned long vma)
 
void __asm_defines (void)
 

Variables

LIX_HYPERCALL_PAGE hypercall_info
 

Macro Definition Documentation

◆ current_cpu

#define current_cpu
Value:
({ \
uint32_t ret; \
asm volatile("mov %[ret], gs:[%[value]]" \
: [ret] "=r" (ret) \
: [value] "rm" ((unsigned long long)hypercall_info.OsSpecificFields.CurrentCpuOffset) : ); \
ret; \
})
hypercall_info
LIX_HYPERCALL_PAGE hypercall_info
Definition: handlers.c:53
_LIX_HYPERCALL_PAGE::OsSpecificFields
LIX_GUEST_OS_SPECIFIC OsSpecificFields
Definition: handlers.h:117
_LIX_GUEST_OS_SPECIFIC::CurrentCpuOffset
unsigned int CurrentCpuOffset
Definition: handlers.h:93

Definition at line 102 of file handlers.c.

Referenced by d_path(), and store_regs().

◆ current_task

#define current_task
Value:
({ \
void *ret; \
asm volatile("mov %[ret], gs:[%[value]]" \
: [ret] "=r" (ret) \
: [value] "rm" ((unsigned long long)hypercall_info.OsSpecificFields.CurrentTaskOffset) : ); \
(void *)ret; \
})
hypercall_info
LIX_HYPERCALL_PAGE hypercall_info
Definition: handlers.c:53
_LIX_HYPERCALL_PAGE::OsSpecificFields
LIX_GUEST_OS_SPECIFIC OsSpecificFields
Definition: handlers.h:117
_LIX_GUEST_OS_SPECIFIC::CurrentTaskOffset
unsigned int CurrentTaskOffset
Definition: handlers.h:92

Definition at line 92 of file handlers.c.

Referenced by begin_new_exec(), commit_creds(), do_exit(), flush_old_exec(), process_vm_rw_core(), and wake_up_new_task().

Function Documentation

◆ __access_remote_vm()

__default_fn_attr void __access_remote_vm ( void *  task,
void *  mm,
unsigned long  addr,
void *  buf,
int  len,
unsigned int  gup_flags 
)

Definition at line 474 of file handlers.c.

Referenced by __asm_defines().

◆ __asm_defines()

void __asm_defines ( void  )

Definition at line 545 of file handlers.c.

◆ __vma_link_rb()

__default_fn_attr void __vma_link_rb ( void *  mm,
void *  vma,
void **  rb_link,
void *  rb_parent 
)

Definition at line 308 of file handlers.c.

Referenced by __asm_defines().

◆ _memcpy()

__default_fn_attr void* _memcpy ( void *  dest,
const void *  src,
size_t  len 
)

Definition at line 149 of file handlers.c.

Referenced by store_regs().

◆ arch_jump_label_transform()

__default_fn_attr void arch_jump_label_transform ( void *  entry,
enum jump_label_type  type 
)

Definition at line 466 of file handlers.c.

Referenced by __asm_defines().

◆ arch_ptrace()

__default_fn_attr long arch_ptrace ( long  child,
long  request 
)

Definition at line 278 of file handlers.c.

Referenced by __asm_defines().

◆ begin_new_exec()

__default_fn_attr int begin_new_exec ( long  binprm)

Definition at line 252 of file handlers.c.

Referenced by __asm_defines().

◆ change_protection()

__default_fn_attr void change_protection ( long  vma,
unsigned long  start,
unsigned long  end,
unsigned long  newprot,
int  dirty_accountable,
int  prot_numa 
)

Definition at line 332 of file handlers.c.

Referenced by __asm_defines().

◆ commit_creds()

__default_fn_attr void commit_creds ( long *  creds)

Definition at line 192 of file handlers.c.

Referenced by __asm_defines().

◆ complete_signal()

__default_fn_attr int complete_signal ( int  sig,
void *  task,
enum pid_type  type 
)

Definition at line 422 of file handlers.c.

Referenced by __asm_defines().

◆ d_path()

__default_fn_attr char* d_path ( void *  path_struct)

Definition at line 140 of file handlers.c.

Referenced by begin_new_exec(), and flush_old_exec().

◆ def_detour_hijack_vars() [1/3]

def_detour_hijack_vars ( mprotect_fixup  ,
vma_wants_writenotify   
)

◆ def_detour_hijack_vars() [2/3]

def_detour_hijack_vars ( do_munmap  ,
rb_erase   
)

◆ def_detour_hijack_vars() [3/3]

def_detour_hijack_vars ( vma_adjust  ,
rb_erase   
)

◆ def_detour_vars() [1/25]

def_detour_vars ( commit_creds  )

◆ def_detour_vars() [2/25]

def_detour_vars ( arch_jump_label_transform  )

◆ def_detour_vars() [3/25]

def_detour_vars ( module_param_sysfs_setup  )

◆ def_detour_vars() [4/25]

def_detour_vars ( module_param_sysfs_remove  )

◆ def_detour_vars() [5/25]

def_detour_vars ( wake_up_new_task  )

◆ def_detour_vars() [6/25]

def_detour_vars ( flush_old_exec  )

◆ def_detour_vars() [7/25]

def_detour_vars ( begin_new_exec  )

◆ def_detour_vars() [8/25]

def_detour_vars ( do_exit  )

◆ def_detour_vars() [9/25]

def_detour_vars ( arch_ptrace  )

◆ def_detour_vars() [10/25]

def_detour_vars ( compat_arch_ptrace  )

◆ def_detour_vars() [11/25]

def_detour_vars ( process_vm_rw_core  )

◆ def_detour_vars() [12/25]

def_detour_vars ( __vma_link_rb  )

◆ def_detour_vars() [13/25]

def_detour_vars ( change_protection  )

◆ def_detour_vars() [14/25]

def_detour_vars ( vma_adjust  )

◆ def_detour_vars() [15/25]

def_detour_vars ( __vma_adjust  )

◆ def_detour_vars() [16/25]

def_detour_vars ( vma_rb_erase  )

◆ def_detour_vars() [17/25]

def_detour_vars ( __vma_rb_erase  )

◆ def_detour_vars() [18/25]

def_detour_vars ( expand_downwards  )

◆ def_detour_vars() [19/25]

def_detour_vars ( complete_signal  )

◆ def_detour_vars() [20/25]

def_detour_vars ( text_poke  )

◆ def_detour_vars() [21/25]

def_detour_vars ( __text_poke  )

◆ def_detour_vars() [22/25]

def_detour_vars ( ftrace_write  )

◆ def_detour_vars() [23/25]

def_detour_vars ( panic  )

◆ def_detour_vars() [24/25]

def_detour_vars ( crash_kexec  )

◆ def_detour_vars() [25/25]

def_detour_vars ( __access_remote_vm  )

◆ do_exit()

__default_fn_attr void do_exit ( long  code)

Definition at line 270 of file handlers.c.

Referenced by __asm_defines().

◆ do_munmap_rb_erase()

__default_fn_attr void do_munmap_rb_erase ( unsigned long  vma_vm_rb,
unsigned long  mm_mm_rb 
)

Definition at line 487 of file handlers.c.

◆ expand_downwards()

__default_fn_attr void expand_downwards ( long  vma,
unsigned long  address 
)

Definition at line 409 of file handlers.c.

Referenced by __asm_defines().

◆ flush_old_exec()

__default_fn_attr int flush_old_exec ( long  binprm)

Definition at line 234 of file handlers.c.

Referenced by __asm_defines().

◆ ftrace_write()

__default_fn_attr void ftrace_write ( unsigned long  ip,
const char *  val,
int  size 
)

Definition at line 450 of file handlers.c.

Referenced by __asm_defines().

◆ is_detour_enabled()

static __default_fn_attr bool is_detour_enabled ( DETOUR_ID  id)
static

Definition at line 113 of file handlers.c.

Referenced by vmcall().

◆ module_param_sysfs_remove()

__default_fn_attr void module_param_sysfs_remove ( void *  module)

Definition at line 218 of file handlers.c.

Referenced by __asm_defines().

◆ module_param_sysfs_setup()

__default_fn_attr void module_param_sysfs_setup ( void *  module)

Definition at line 210 of file handlers.c.

Referenced by __asm_defines().

◆ mprotect_fixup_vma_wants_writenotify()

__default_fn_attr void mprotect_fixup_vma_wants_writenotify ( unsigned long  vma)

Definition at line 519 of file handlers.c.

◆ panic()

__default_fn_attr void panic ( const char *  fmt)

Definition at line 458 of file handlers.c.

Referenced by __asm_defines().

◆ pre_vma_adjust()

__default_fn_attr void pre_vma_adjust ( long  vma,
unsigned long  start,
unsigned long  end,
unsigned long  pgoff,
void *  insert,
void *  expand,
long *  skip_call,
long *  saved_vma,
long *  next,
long *  prev 
)

Definition at line 360 of file handlers.c.

◆ process_vm_rw_core()

__default_fn_attr size_t process_vm_rw_core ( int  pid,
void *  iter,
void *  rvec,
unsigned long  riovcnt,
unsigned long  flags,
int  vm_write 
)

Definition at line 295 of file handlers.c.

Referenced by __asm_defines().

◆ store_regs()

__default_fn_attr void store_regs ( void  )

Definition at line 164 of file handlers.c.

◆ text_poke()

__default_fn_attr void text_poke ( void *  addr,
const void *  opcode,
size_t  len 
)

Definition at line 441 of file handlers.c.

Referenced by __asm_defines().

◆ vma_adjust()

__default_fn_attr void vma_adjust ( long  _vma,
unsigned long  _start,
unsigned long  _end,
unsigned long  _pgoff,
void *  _insert,
void *  _expand,
long *  _skip_call,
long  saved_vma,
long  next,
long  prev 
)

Definition at line 381 of file handlers.c.

Referenced by __asm_defines().

◆ vma_adjust_rb_erase()

__default_fn_attr void vma_adjust_rb_erase ( unsigned long  vma_vm_rb,
unsigned long  mm_mm_rb 
)

Definition at line 503 of file handlers.c.

◆ vma_rb_erase()

__default_fn_attr void vma_rb_erase ( long  vma,
void *  root 
)

Definition at line 395 of file handlers.c.

Referenced by __asm_defines().

◆ vmcall()

static __default_fn_attr size_t vmcall ( DETOUR_ID  id)
static

Definition at line 121 of file handlers.c.

Referenced by IntDetEnableHypercall(), and panic().

◆ wake_up_new_task()

__default_fn_attr void wake_up_new_task ( long  task)

Definition at line 226 of file handlers.c.

Referenced by __asm_defines().

Variable Documentation

◆ hypercall_info

LIX_HYPERCALL_PAGE hypercall_info

Definition at line 53 of file handlers.c.

Referenced by __vma_link_rb(), begin_new_exec(), change_protection(), commit_creds(), d_path(), do_munmap_rb_erase(), expand_downwards(), flush_old_exec(), is_detour_enabled(), mprotect_fixup_vma_wants_writenotify(), pre_vma_adjust(), store_regs(), vma_adjust(), vma_adjust_rb_erase(), and vma_rb_erase().