I/O endpoint

This endpoint is intended for working with I/O ports, MMIO, DMA, and interrupts.

Information about methods of the endpoint is provided in the table below.

Methods of the io.IO endpoint (kl.core.IO interface)

Method

Method purpose and parameters

Potential danger of the method

RegisterPort

Purpose

Registers I/O ports.

Parameters

  • [in] base – base address of the I/O ports.
  • [in] size – width of the address range for I/O ports.
  • [out] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the I/O ports.
  • [out] rc – return code.

Allows the following:

  • Hijack I/O ports (it is recommended to monitor the base address and width of the address range for I/O ports).
  • Exhaust the kernel memory by creating a multitude of objects within it.

RegisterMmio

Purpose

Registers an MMIO memory region.

Parameters

  • [in] base – base address of the MMIO memory region.
  • [in] size – size of the MMIO memory region in bytes.
  • [out] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MMIO memory region.
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

RegisterDma

Purpose

Creates an DMA buffer.

Parameters

  • [in] size – size of the DMA buffer in bytes.
  • [in] flags – flags defining the DMA parameters.
  • [in] order – parameter defining the minimum number of memory pages (2^order) in a block.
  • [out] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [out] rc – return code.

Allows the following:

  • Exhaust the kernel memory by creating a multitude of objects within it.
  • Exhaust the RAM.

RegisterIrq

Purpose

Registers an interrupt.

Parameters

  • [in] irq – interrupt number.
  • [out] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

MapMem

Purpose

Maps an MMIO memory region to a virtual memory region.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MMIO memory region.
  • [in] prot – flags defining the access rights to the virtual memory region.
  • [in] attr – flags defining the parameters of the virtual memory region (for example, use of caching).
  • [out] address – base address of the virtual memory region.
  • [out] mapping – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the virtual memory region.
  • [out] rc – return code.

Allows the following:

  • Take control of a device when mapping an MMIO memory region to a virtual memory region (it is recommended to monitor the base address and size of the MMIO memory region when the RegisterMmio method is called).
  • Create shared memory for interprocess communication concealed from the security module if multiple processes own the handles of one MMIO memory region (the handle permissions masks must allow mapping of the MMIO memory region).
  • Exhaust the kernel memory by creating a multitude of objects within it.

PermitPort

Purpose

Opens access to I/O ports.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the I/O ports.
  • [out] access – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle is used to access I/O ports.
  • [out] rc – return code.

Allows the following:

  • Take control of a device (it is recommended to monitor the base address and width of the address range for I/O ports when the RegisterPort method is called).
  • Exhaust the kernel memory by creating a multitude of objects within it.

AttachIrq

Purpose

Attaches an interrupt to the handle used by the interrupt handler.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [in] flags – flags indicating characteristics of the interrupt.
  • [out] delivery – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle is used by the interrupt handler.
  • [out] rc – return code.

Allows the following:

  • Take CPU time from all other threads, including from other processes (the thread that attached to the interrupt will become a real-time thread).
  • Make it impossible to terminate a process from another process (the process whose thread was attached to the interrupt cannot be terminated from another process).
  • Stop the operating system (if an unhandled exception occurs in the thread handling an interrupt, the operating system stops).
  • Create malicious interrupt handling, such as incorrect handling or delayed handling (it is recommended to monitor the interrupt number when the RegisterIrq method is called).
  • Attach to an interrupt that is already attached to the interrupt handler in another process for the purpose of blocking handling of this interrupt.
  • Exhaust the kernel memory by creating a multitude of objects within it.

AttachIrqEx

Purpose

Attaches an interrupt to the handle used by the interrupt handler.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [in] flags – flags indicating characteristics of the interrupt.
  • [in] futexPtr – pointer to futex.
  • [out] delivery – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle is used by the interrupt handler.
  • [out] rc – return code.

Allows the following:

  • Take CPU time from all other threads, including from other processes (the thread that attached to the interrupt will become a real-time thread).
  • Make it impossible to terminate a process from another process (the process whose thread was attached to the interrupt cannot be terminated from another process).
  • Stop the operating system (if an unhandled exception occurs in the thread handling an interrupt, the operating system stops).
  • Create malicious interrupt handling, such as incorrect handling or delayed handling (it is recommended to monitor the interrupt number when the RegisterIrq method is called).
  • Attach to an interrupt that is already attached to the interrupt handler in another process for the purpose of blocking handling of this interrupt.
  • Exhaust the kernel memory by creating a multitude of objects within it.

DetachIrq

Purpose

Detaches an interrupt from the handle used by the interrupt handler.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [out] rc – return code.

N/A

EnableIrq

Purpose

Resumes interrupt handling.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [out] rc – return code.

N/A

DisableIrq

Purpose

Blocks interrupt handling.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the interrupt.
  • [out] rc – return code.

Lets you block interrupt handling in another process.

ModifyDma

Purpose

Modifies DMA parameters.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [in] flags – flags defining the DMA parameters.
  • [out] rc – return code.

N/A

MapDma

Purpose

Maps an DMA buffer to a virtual memory region.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [in] offset – offset (in bytes) in the DMA buffer where mapping should start.
  • [in] length – size (in bytes) of the part of the DMA buffer that needs to be mapped.
  • [in] hint – preferred base address of the virtual memory region, or 0 for the base address to be selected automatically.
  • [in] prot – flags defining the access rights to the virtual memory region.
  • [out] address – base address of the virtual memory region.
  • [out] mapping – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the virtual memory region.
  • [out] rc – return code.

Allows the following:

  • Create shared memory for interprocess communication concealed from the security module if multiple processes own the handles of one DMA buffer (the handle permissions masks must allow mapping of the DMA buffer).
  • Exhaust the kernel memory by creating a multitude of objects within it.

DmaGetInfo

Purpose

Lets you get information about a DMA buffer.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [out] flags – flags indicating the DMA parameters.
  • [out] order – parameter indicating the minimum number of memory pages (2^order) in a block.
  • [out] size – size of the DMA buffer in bytes.
  • [out] count – number of blocks.
  • [out] frames – sequence containing information about blocks.
  • [out] rc – return code.

N/A

DmaGetPhysInfo

Purpose

Lets you get information about the physical memory that was used to create a DMA buffer.

Parameters

  • [in] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [out] count – number of continuous regions of physical memory.
  • [out] frames – sequence containing information about continuous regions of physical memory.
  • [out] rc – return code.

N/A

BeginDma

Purpose

Opens access to a DMA buffer for a device.

Parameters

  • [in] resource – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the DMA buffer.
  • [out] iomapping – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the kernel object that is used to map a DMA buffer to the range of IOMMU addresses used by a device.
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

Page top