Bitdefender Hypervisor Memory Introspection
common.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _COMMON_H_
6 #define _COMMON_H_
7 
8 #include <stdint.h>
9 #include <signal.h>
10 #include <stddef.h>
11 #include <stdbool.h>
12 #include <errno.h>
13 
14 #define MAX_ERRNO 4095
15 #define GFP_KERNEL 0x14000c0
16 
17 #define O_RDONLY 00000000
18 #define O_WRONLY 00000001
19 #define O_RDWR 00000002
20 #define O_CREAT 00000100
21 #define O_EXCL 00000200
22 #define O_TRUNC 00001000
23 
24 #define S_IRWXU 00700
25 #define S_IRUSR 00400
26 #define S_IWUSR 00200
27 #define S_IXUSR 00100
28 #define S_IRWXG 00070
29 #define S_IRGRP 00040
30 #define S_IWGRP 00020
31 #define S_IXGRP 00010
32 #define S_IRWXO 00007
33 #define S_IROTH 00004
34 #define S_IWOTH 00002
35 #define S_IXOTH 00001
36 
37 #define UMH_NO_WAIT 0
38 #define UMH_WAIT_EXEC 1
39 #define UMH_WAIT_PROC 2
40 #define UMH_KILLABLE 4
41 #define LIX_NAME_MAX 128
42 
43 #define KERNEL_VERSION(K, Patch, Sublevel) ((Sublevel) | ((Patch) << 16) | ((K) << 24))
44 
45 # define __unreachable __builtin_unreachable()
46 # define __likely(x) __builtin_expect(!!(x), 1)
47 # define __unlikely(x) __builtin_expect(!!(x), 0)
48 
49 #define IS_ERR_VALUE(x) __unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
50 
51 #define BIT(x) (1ULL << (x))
52 #define UNUSED_PARAMETER(P) ((void)(P))
53 #define PAGE_SIZE 0x1000
54 
55 // The default alignment of agents should be 1, since we don't have that much space and speed insn't a real issue
56 #define __fn_aligned __attribute__((aligned(1)))
57 #define __fn_save_all __attribute__((no_caller_saved_registers))
58 
59 #define __section(S) __attribute__((section (S)))
60 
61 #define __default_fn_attr __fn_save_all __fn_aligned
62 #define __fn_naked __attribute__((naked))
63 #define __fn_section(x) __attribute__((__section__(x)))
64 
65 #define __aligned(x) __attribute__((aligned(x)))
66 
72 #define __agent_data(x) __section("." x "_data") __aligned(1)
73 
79 #define __agent_text(x) __default_fn_attr __section("." x "_text")
80 
86 #define __agent_trampoline(x) __fn_naked __section("." x "_trampoline")
87 
89 #define __agent_exit(x) \
90  asm(".global __exit_" x); \
91  asm("__exit_" x ":"); \
92  asm("int3")
93 
95 #define GNUASM_DEFINE_STR(SYMBOL, STR) \
96  asm volatile ("#define " SYMBOL " " #STR);
97 
99 #define GNUASM_DEFINE_VAL(SYMBOL, VALUE) \
100  asm volatile ("#define " SYMBOL " %0" :: "n"(VALUE))
101 
103 #define __exit \
104  asm(".global __exit"); \
105  asm("__exit:"); \
106  asm("int3")
107 
109 #define __do_exit(address, do_exit_fn, vfree_fn) \
110  asm volatile("mov rdi, %[_address];" \
111  "push %[_do_exit_fn];" \
112  "jmp %[_vfree_fn];" \
113  : : [_address] "rm" (address), [_do_exit_fn] "rm"(do_exit_fn), [_vfree_fn] "rm"(vfree_fn) :)
114 
115 
117 #define __breakpoint_param_1(param) \
118  register size_t __p1 asm("r8") = (size_t)(param); asm volatile("" :: "r" (__p1));
119 
121 #define __breakpoint_param_2(param) \
122  register size_t __p2 asm("r9") = (size_t)(param); asm volatile("" :: "r" (__p2));
123 
125 #define __breakpoint_param_3(param) \
126  register size_t __p3 asm("r10") = (size_t)(param); asm volatile("" :: "r" (__p3));
127 
129 #define __breakpoint_param_4(param) \
130  register size_t __p4 asm("r11") = (size_t)(param); asm volatile("" :: "r" (__p4));
131 
133 #define __breakpoint_param_5(param) \
134  register size_t __p5 asm("r12") = (size_t)(param); asm volatile("" :: "r" (__p5));
135 
137 #define __breakpoint_param_6(param) \
138  register size_t __p6 asm("r13") = (size_t)(param); asm volatile("" :: "r" (__p6));
139 
141 #define __breakpoint_param_7(param) \
142  register size_t __p7 asm("r14") = (size_t)(param); asm volatile("" :: "r" (__p7));
143 
145 #define __breakpoint_param_8(param) \
146  register size_t __p8 asm("r15") = (size_t)(param); asm volatile("" :: "r" (__p8));
147 
148 
149 __default_fn_attr
150 static inline unsigned long breakpoint(unsigned long token)
154 {
155  asm volatile("int3" : "+a"(token) : );
156  return token;
157 }
158 
160 #define breakpoint_1(token, p1) \
161 ({ \
162  __breakpoint_param_1(p1); \
163  breakpoint(token); \
164 })
165 
166 
168 #define breakpoint_2(token, p1, p2) \
169 ({ \
170  __breakpoint_param_1(p1); \
171  __breakpoint_param_2(p2); \
172  breakpoint(token); \
173 })
174 
176 #define breakpoint_3(token, p1, p2, p3) \
177 ({ \
178  __breakpoint_param_1(p1); \
179  __breakpoint_param_2(p2); \
180  __breakpoint_param_3(p3); \
181  breakpoint(token); \
182 })
183 
185 #define breakpoint_4(token, p1, p2, p3, p4) \
186 ({ \
187  __breakpoint_param_1(p1); \
188  __breakpoint_param_2(p2); \
189  __breakpoint_param_3(p3); \
190  __breakpoint_param_4(p4); \
191  breakpoint(token); \
192 })
193 
195 #define breakpoint_5(token, p1, p2, p3, p4, p5) \
196 ({ \
197  __breakpoint_param_1(p1); \
198  __breakpoint_param_2(p2); \
199  __breakpoint_param_3(p3); \
200  __breakpoint_param_4(p4); \
201  __breakpoint_param_5(p5); \
202  breakpoint(token); \
203 })
204 
206 #define breakpoint_6(token, p1, p2, p3, p4, p5, p6) \
207 ({ \
208  __breakpoint_param_1(p1); \
209  __breakpoint_param_2(p2); \
210  __breakpoint_param_3(p3); \
211  __breakpoint_param_4(p4); \
212  __breakpoint_param_5(p5); \
213  __breakpoint_param_6(p6); \
214  breakpoint(token); \
215 })
216 
217 #endif // !_COMMON_H_
data::token
struct data::@0 token
The tokens used to communicate with Intocore.
breakpoint
static __default_fn_attr unsigned long breakpoint(unsigned long token)
Generate INT3 instruction for hypercall.
Definition: common.h:150
__default_fn_attr
#define __default_fn_attr
Definition: common.h:61