Bitdefender Hypervisor Memory Introspection
kthread.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #include "../common.h"
6 
7 typedef void * (kthread_create_on_node_fn)(int (*threadfn)(void *data), void *data, int node, const char namefmt[], ...);
8 typedef void * (vmalloc_exec_fn)(unsigned long size);
9 typedef int (wake_up_process_fn)(void *p);
10 
11 struct data {
13  struct {
14  unsigned long hypercall;
15  unsigned long completion;
16  unsigned long error;
17  } token;
18 
20  struct {
21  kthread_create_on_node_fn *kthread_create_on_node;
22  wake_up_process_fn *wake_up_process;
23  vmalloc_exec_fn *vmalloc_exec;
24  } func;
25 
27  struct {
28  unsigned long vmalloc_size;
29  } args;
30 };
31 
33 struct data _data __agent_data("kthread") = { 0 };
34 
35 __agent_text("kthread")
36 void kthread(void)
45 {
46  void *ptr = _data.func.vmalloc_exec(_data.args.vmalloc_size);
47  if (!ptr)
48  {
49  breakpoint_2(_data.token.error, _data.func.vmalloc_exec, 0);
50  return;
51  }
52 
53  void *entry_ptr = (void *)breakpoint_1(_data.token.hypercall, ptr);
54  void *task = _data.func.kthread_create_on_node(entry_ptr, NULL, -1, "bdagent");
55  if (IS_ERR_VALUE(task))
56  {
57  breakpoint_2(_data.token.error, _data.func.kthread_create_on_node, task);
58  return;
59  }
60 
61  int ret = _data.func.wake_up_process(task);
62  if (!ret)
63  {
64  breakpoint_2(_data.token.error, _data.func.wake_up_process, ret);
65  }
66 
67  breakpoint(_data.token.completion);
68 }
69 
70 
71 __agent_trampoline("kthread")
72 void trampoline(void)
80 {
81  kthread();
82 
83  __agent_exit("kthread");
84 }
data::args
struct data::@2 args
The arguments of the agent.
data::token
struct data::@0 token
The tokens used to communicate with Intocore.
data::hypercall
unsigned long hypercall
Definition: kthread.c:14
breakpoint
static __default_fn_attr unsigned long breakpoint(unsigned long token)
Generate INT3 instruction for hypercall.
Definition: common.h:150
kthread_create_on_node_fn
void *() kthread_create_on_node_fn(int(*threadfn)(void *data), void *data, int node, const char namefmt[],...)
Definition: kthread.c:7
IS_ERR_VALUE
#define IS_ERR_VALUE(x)
Definition: common.h:49
__agent_trampoline
__agent_trampoline("kthread")
The trampoline of the agent.
Definition: kthread.c:71
data::vmalloc_exec
vmalloc_exec_fn * vmalloc_exec
Definition: kthread.c:23
breakpoint_1
#define breakpoint_1(token, p1)
Hypercall using 1 argument.
Definition: common.h:160
__agent_data
struct data _data __agent_data("kthread")
The section used for this agent is .kthread_data'.
breakpoint_2
#define breakpoint_2(token, p1, p2)
Hypercall using 2 argument.
Definition: common.h:168
data::wake_up_process
wake_up_process_fn * wake_up_process
Definition: kthread.c:22
__agent_exit
#define __agent_exit(x)
Generates the exit asm-code using a label.
Definition: common.h:89
data::kthread_create_on_node
kthread_create_on_node_fn * kthread_create_on_node
Definition: kthread.c:21
wake_up_process_fn
int() wake_up_process_fn(void *p)
Definition: kthread.c:9
data::func
struct data::@1 func
The functions used by this agent.
data::vmalloc_size
unsigned long vmalloc_size
The size of allocation.
Definition: kthread.c:28
vmalloc_exec_fn
void *() vmalloc_exec_fn(unsigned long size)
Definition: kthread.c:8
data::completion
unsigned long completion
Definition: kthread.c:15
data::error
unsigned long error
Definition: kthread.c:16
trampoline
__fn_naked void trampoline(void)
The trampoline of the agent.
Definition: deploy.c:171
data
Definition: kthread.c:11
__agent_text
__agent_text("kthread")
Allocates a memory region with size of _data.args.vmalloc_size, deploy the main agent in that memory ...
Definition: kthread.c:35