MyOS/thread_8c_source.html

#include "../../includes/ps.h"

#include "../../assert.h"

#include "../../includes/mg.h"

#include "../../includes/ob.h"


#define MIN_TID           3u

#define MAX_TID           0xFFFFFFFCu

#define ALIGN_DELTA       3u

#define MAX_FREE_POOL     1024u


#define THREAD_STACK_SIZE (1024*24) // 24 KiB

#define THREAD_ALIGNMENT 16


// Clean exit for a thread�never returns!

static void ThreadExit(void) {

#ifdef DEBUG

    gop_printf(COLOR_RED, "Reached ThreadExit, dereferencing object.\n");

#endif

    // Terminate the thread.

    assert(&PsGetCurrentThread()->InternalThread == MeGetCurrentThread());

    PsTerminateThread(PsGetCurrentThread(), MT_SUCCESS);

}


static void ThreadWrapperEx(ThreadEntry thread_entry, THREAD_PARAMETER parameter) {

    // thread_entry(parameters) -> void func(void*)

    thread_entry(parameter); // If thread entry takes no parameters, passing NULL is still fine.

    ThreadExit();

}


extern EPROCESS PsInitialSystemProcess;


MTSTATUS


PsCreateThread(

    HANDLE ProcessHandle,

    PHANDLE ThreadHandle,

    ThreadEntry EntryPoint,

    THREAD_PARAMETER ThreadParameter,

    TimeSliceTicks TimeSlice

)


{

    // Checks.

    if (!ProcessHandle || !EntryPoint || !TimeSlice) return MT_INVALID_PARAM;

    MTSTATUS Status;

    PEPROCESS ParentProcess;


    Status = ObReferenceObjectByHandle(ProcessHandle, MT_PROCESS_CREATE_THREAD, PsProcessType, (void**)&ParentProcess, NULL);

    if (MT_FAILURE(Status)) return Status;


    // Acquire process rundown protection.

    if (!MsAcquireRundownProtection(&ParentProcess->ProcessRundown)) {

        // Process is, being terminated?

        return MT_PROCESS_IS_TERMINATING;

    }


    // Create a new thread.

    PETHREAD Thread;

    Status = ObCreateObject(PsThreadType, sizeof(ETHREAD), (void**) & Thread);

    if (MT_FAILURE(Status)) goto Cleanup;


    // Initialize list head.

    InitializeListHead(&Thread->ThreadListEntry);


    // Create a TID for the thread.

    Thread->TID = PsAllocateThreadId(Thread);


    // Create a new stack for the thread's kernel environment.

    Thread->InternalThread.KernelStack = MiCreateKernelStack(false);

    if (!Thread->InternalThread.KernelStack) goto CleanupWithRef;


    // Create user mode stack. (FIXME User mode stack creation like in ntdll, but how does it create the first user mode thread stack, helluva i know.)

    void* BaseAddress = (void*)(USER_VA_END - 4096);

    Status = MmAllocateVirtualMemory(ParentProcess, &BaseAddress, 4096, VAD_FLAG_WRITE | VAD_FLAG_READ);

    if (MT_FAILURE(Status)) goto CleanupWithRef;

    Thread->InternalThread.StackBase = (void*)(USER_VA_END); // Stack grows downward.


    // Setup timeslice.

    Thread->InternalThread.TimeSlice = TimeSlice;

    Thread->InternalThread.TimeSliceAllocated = TimeSlice;


    // Set registers

    TRAP_FRAME ContextFrame;

    kmemset(&ContextFrame, 0, sizeof(TRAP_FRAME));


    ContextFrame.rsp = (uint64_t)Thread->InternalThread.StackBase;

    ContextFrame.rip = (uint64_t)EntryPoint;

    ContextFrame.rdi = (uint64_t)ThreadParameter;

    ContextFrame.rflags = USER_RFLAGS;

    ContextFrame.cs = USER_CS;

    ContextFrame.ss = USER_SS;

    Thread->InternalThread.TrapRegisters = ContextFrame;


    // Set state

    Thread->InternalThread.ThreadState = THREAD_READY;

    Thread->InternalThread.ApcState.SavedApcProcess = ParentProcess;


    // Set process's thread properties.

    if (!ParentProcess->MainThread) {

        ParentProcess->MainThread = Thread;

    }


    Thread->ParentProcess = ParentProcess;


    // Create a handle for the thread (and place it in the process's handle table).

    Status = ObCreateHandleForObjectEx(Thread, MT_THREAD_ALL_ACCESS, ThreadHandle, ParentProcess->ObjectTable);

    if (MT_FAILURE(Status)) goto CleanupWithRef;


    // Add to list of all threads in the parent process.

    InsertTailList(&ParentProcess->AllThreads, &Thread->ThreadListEntry);

    InterlockedIncrementU32((volatile uint32_t*)&ParentProcess->NumThreads);

    Status = MT_SUCCESS;

CleanupWithRef:

    // If all went smoothly, this should cancel out the reference made by ObCreateHandleForObject. (so we only have 1 reference left by ObCreateObject)

    // If not, it would reach reference 0, and PspDeleteThread would execute.

    ObDereferenceObject(Thread);

Cleanup:

    MsReleaseRundownProtection(&ParentProcess->ProcessRundown);

    return Status;

}


MTSTATUS PsCreateSystemThread(ThreadEntry entry, THREAD_PARAMETER parameter, TimeSliceTicks TIMESLICE) {

    if (!PsInitialSystemProcess.PID) return MT_NOT_FOUND; // The system process, somehow, hasn't been setupped yet.

    if (!entry || !TIMESLICE) return MT_INVALID_PARAM;


    // First, allocate a new thread. (using our shiny and glossy new object manager!!!)

    MTSTATUS Status;

    PETHREAD thread;

    Status = ObCreateObject(PsThreadType, sizeof(ETHREAD), (void*) & thread);

    if (MT_FAILURE(Status)) {

        return Status;

    }


    InitializeListHead(&thread->ThreadListEntry);


    // Zero it.

    kmemset((void*)thread, 0, sizeof(ETHREAD));

    bool LargeStack = false;

    void* stackStart = MiCreateKernelStack(LargeStack);


    if (!stackStart) {

        // free thread

        ObDereferenceObject(thread);

        return MT_NO_MEMORY;

    }


    uintptr_t StackTop = (uintptr_t)stackStart;


    StackTop &= ~0xF; // Align to 16 bytes (clear lower 4 bits)

    StackTop -= 8; // Decrement by 8 to keep 16-byte alignment. (after pushes)


    thread->InternalThread.StackBase = stackStart; // The stackbase must be the one gotten from MiCreateKernelStack, as freeing with StackTop will result in incorrect arithmetic, and so assertion failure.

    thread->InternalThread.IsLargeStack = LargeStack;

    thread->InternalThread.KernelStack = stackStart;


    TRAP_FRAME* cfm = &thread->InternalThread.TrapRegisters;

    kmemset(cfm, 0, sizeof * cfm);


    // Set our timeslice.

    thread->InternalThread.TimeSlice = TIMESLICE;

    thread->InternalThread.TimeSliceAllocated = TIMESLICE;


    // saved rsp must point to the top (aligned), not sp-8

    cfm->rsp = (uint64_t)StackTop;

    cfm->rip = (uint64_t)ThreadWrapperEx;

    cfm->rdi = (uint64_t)entry; // first argument to ThreadWrapperEx (the entry point)

    cfm->rsi = (uint64_t)parameter; // second arugment to ThreadWrapperEx (the parameter pointer)


    cfm->ss = KERNEL_SS;

    cfm->cs = KERNEL_CS;


    // Create it's RFLAGS with IF bit set to 1.

    cfm->rflags |= (1 << 9ULL);


    // Set it's registers and others.

    thread->InternalThread.TrapRegisters = *cfm;

    thread->InternalThread.ThreadState = THREAD_READY;

    thread->TID = PsAllocateThreadId(thread);

    thread->CurrentEvent = NULL;

    thread->InternalThread.ApcState.SavedApcProcess = &PsInitialSystemProcess;


    // Process stuffz

    thread->ParentProcess = &PsInitialSystemProcess; // The parent process for the system thread, is the system process.

    MeEnqueueThreadWithLock(&MeGetCurrentProcessor()->readyQueue, thread);


    return MT_SUCCESS;

}


PETHREAD


PsGetCurrentThread (void) {

    return CONTAINING_RECORD(MeGetCurrentThread(), ETHREAD, InternalThread);

}


void


PsTerminateThread(

    IN PETHREAD Thread,

    IN MTSTATUS ExitStatus

)


{

    // On thread terminations, we only unlink them from global list, delete stacks, and other

    // BUT WE DO NOT - Delete the ETHREAD, since thats up to the object manager to do so, we do not interfere

    // with its work.

    Thread->InternalThread.ThreadState = THREAD_TERMINATING;

    Thread->ExitStatus = ExitStatus;


    // Signal all events that the thread is waiting on to execute immediately.

    // Todo parse waitblock.


    // Since this is marked as TERMINATING, the scheduler will dereference the thread in Ob, and from that if

    // the references have reached 0, the Ob will call PsDeleteThread.

    // The scheduler WILL NOT schedule this thread anymore due to its TERMINATION flag.


    // Schedule away!

    Schedule();

}


void


PsDeleteThread(

    IN void* Object

)


{

    // This function is called when the reference count for this thread has reached 0 (e.g, it is no longer in use)

    // (No need to call PsTerminateThread, it is the one that initiated the final dereference, since it set to terminated, and scheduler called dereference)

    // We free everything that the thread uses.

    // All though, before, we should wait for rundown release (so nobody is changing the fields to avoid UAF)

    PETHREAD Thread = (PETHREAD)Object;

    MsWaitForRundownProtectionRelease(&Thread->ThreadRundown);


    bool IsKernelThread = PsIsKernelThread(Thread);


    // Free TID.

    PsFreeCid(Thread->TID);


    // Free its stack.

    if (IsKernelThread) {

        PsDeferKernelStackDeletion(Thread->InternalThread.StackBase, Thread->InternalThread.IsLargeStack);

    }

    else {

        assert(false, "User mode threads are not supported yet.");

    }


    // When we reach here, the function returns, and the ETHREAD is deleted.

}


IN
#define IN
Definition annotations.h:7

assert.h

assert
#define assert(...)
Definition assert.h:57

InterlockedIncrementU32
FORCEINLINE uint32_t InterlockedIncrementU32(volatile uint32_t *target)
Definition atomic.h:115

PsAllocateThreadId
HANDLE PsAllocateThreadId(IN PETHREAD Thread)
Definition cid.c:88

PsFreeCid
void PsFreeCid(IN HANDLE Cid)
Definition cid.c:163

EPROCESS
struct _EPROCESS EPROCESS
Definition core.h:49

TRAP_FRAME
struct _TRAP_FRAME TRAP_FRAME
Definition core.h:53

PEPROCESS
EPROCESS * PEPROCESS
Definition core.h:50

ETHREAD
struct _ETHREAD ETHREAD
Definition core.h:41

PETHREAD
ETHREAD * PETHREAD
Definition core.h:42

gop_printf
void gop_printf(uint32_t color, const char *fmt,...)
Definition gop.c:694

PHANDLE
int32_t * PHANDLE
Definition ht.h:59

HANDLE
int32_t HANDLE
Definition ht.h:59

CONTAINING_RECORD
#define CONTAINING_RECORD(ptr, type, member)
Definition macros.h:11

KERNEL_SS
#define KERNEL_SS
Definition me.h:240

USER_CS
#define USER_CS
Definition me.h:241

USER_RFLAGS
#define USER_RFLAGS
Definition me.h:245

MeGetCurrentThread
FORCEINLINE PITHREAD MeGetCurrentThread(void)
Definition me.h:431

KERNEL_CS
#define KERNEL_CS
Definition me.h:238

USER_SS
#define USER_SS
Definition me.h:243

MeGetCurrentProcessor
FORCEINLINE PPROCESSOR MeGetCurrentProcessor(void)
Definition me.h:356

TimeSliceTicks
enum _TimeSliceTicks TimeSliceTicks

mg.h

COLOR_RED
#define COLOR_RED
Colors definitions for easier access.
Definition mg.h:29

VAD_FLAG_READ
@ VAD_FLAG_READ
Definition mm.h:259

VAD_FLAG_WRITE
@ VAD_FLAG_WRITE
Definition mm.h:260

kmemset
FORCEINLINE void * kmemset(void *dest, int64_t val, uint64_t len)
Definition mm.h:540

USER_VA_END
#define USER_VA_END
Definition mm.h:160

MiCreateKernelStack
void * MiCreateKernelStack(IN bool LargeStack)
Definition mmproc.c:25

InitializeListHead
FORCEINLINE void InitializeListHead(PDOUBLY_LINKED_LIST Head)
Definition ms.h:166

InsertTailList
FORCEINLINE void InsertTailList(PDOUBLY_LINKED_LIST Head, PDOUBLY_LINKED_LIST Entry)
Definition ms.h:179

MT_NO_MEMORY
#define MT_NO_MEMORY
Definition mtstatus.h:42

MT_SUCCESS
#define MT_SUCCESS
Definition mtstatus.h:22

MT_PROCESS_IS_TERMINATING
#define MT_PROCESS_IS_TERMINATING
Definition mtstatus.h:123

MT_FAILURE
#define MT_FAILURE(Status)
Definition mtstatus.h:16

MT_INVALID_PARAM
#define MT_INVALID_PARAM
Definition mtstatus.h:24

MTSTATUS
int32_t MTSTATUS
Definition mtstatus.h:12

MT_NOT_FOUND
#define MT_NOT_FOUND
Definition mtstatus.h:30

ObReferenceObjectByHandle
MTSTATUS ObReferenceObjectByHandle(IN HANDLE Handle, IN uint32_t DesiredAccess, IN POBJECT_TYPE DesiredType, OUT void **Object, _Out_Opt PHANDLE_TABLE_ENTRY HandleInformation)
Definition ob.c:247

ObCreateHandleForObjectEx
MTSTATUS ObCreateHandleForObjectEx(IN void *Object, IN ACCESS_MASK DesiredAccess, OUT PHANDLE ReturnedHandle, IN PHANDLE_TABLE ObjectTable)
Definition ob.c:363

ObDereferenceObject
void ObDereferenceObject(IN void *Object)
Definition ob.c:446

ObCreateObject
MTSTATUS ObCreateObject(IN POBJECT_TYPE ObjectType, IN uint32_t ObjectSize, OUT void **ObjectCreated)
Definition ob.c:116

ob.h

ps.h

MeEnqueueThreadWithLock
FORCEINLINE void MeEnqueueThreadWithLock(Queue *queue, PETHREAD thread)
Definition ps.h:306

ThreadEntry
void(* ThreadEntry)(THREAD_PARAMETER)
Definition ps.h:147

MT_THREAD_ALL_ACCESS
#define MT_THREAD_ALL_ACCESS
Definition ps.h:72

MT_PROCESS_CREATE_THREAD
#define MT_PROCESS_CREATE_THREAD
Definition ps.h:79

THREAD_TERMINATING
@ THREAD_TERMINATING
Definition ps.h:41

THREAD_READY
@ THREAD_READY
Definition ps.h:39

PsIsKernelThread
FORCEINLINE bool PsIsKernelThread(IN PETHREAD Thread)
Definition ps.h:259

THREAD_PARAMETER
void * THREAD_PARAMETER
Definition ps.h:146

PsThreadType
POBJECT_TYPE PsThreadType
Definition psmgr.c:31

PsProcessType
POBJECT_TYPE PsProcessType
Definition psmgr.c:30

PsDeferKernelStackDeletion
void PsDeferKernelStackDeletion(void *StackBase, bool IsLarge)
Definition pswork.c:65

MsAcquireRundownProtection
bool MsAcquireRundownProtection(IN PRUNDOWN_REF rundown)
Definition rundown.c:7

MsReleaseRundownProtection
void MsReleaseRundownProtection(IN PRUNDOWN_REF rundown)
Definition rundown.c:40

MsWaitForRundownProtectionRelease
void MsWaitForRundownProtectionRelease(IN PRUNDOWN_REF rundown)
Definition rundown.c:63

Schedule
NORETURN void Schedule(void)
Definition scheduler.c:105

PsInitialSystemProcess
EPROCESS PsInitialSystemProcess
Definition kernel.c:162

_APC_STATE::SavedApcProcess
PEPROCESS SavedApcProcess
Definition me.h:249

_EPROCESS::NumThreads
uint32_t NumThreads
Definition ps.h:110

_EPROCESS::ProcessRundown
struct _RUNDOWN_REF ProcessRundown
Definition ps.h:105

_EPROCESS::ObjectTable
PHANDLE_TABLE ObjectTable
Definition ps.h:114

_EPROCESS::MainThread
struct _ETHREAD * MainThread
Definition ps.h:108

_EPROCESS::AllThreads
DOUBLY_LINKED_LIST AllThreads
Definition ps.h:109

_ETHREAD::ThreadRundown
struct _RUNDOWN_REF ThreadRundown
Definition ps.h:129

_ETHREAD::ParentProcess
struct _EPROCESS * ParentProcess
Definition ps.h:127

_ETHREAD::InternalThread
struct _ITHREAD InternalThread
Definition ps.h:122

_ETHREAD::TID
HANDLE TID
Definition ps.h:125

_ETHREAD::CurrentEvent
struct _EVENT * CurrentEvent
Definition ps.h:126

_ETHREAD::ThreadListEntry
struct _DOUBLY_LINKED_LIST ThreadListEntry
Definition ps.h:128

_ITHREAD::ThreadState
uint32_t ThreadState
Definition me.h:263

_ITHREAD::StackBase
void * StackBase
Definition me.h:264

_ITHREAD::IsLargeStack
bool IsLargeStack
Definition me.h:265

_ITHREAD::TimeSlice
enum _TimeSliceTicks TimeSlice
Definition me.h:267

_ITHREAD::KernelStack
void * KernelStack
Definition me.h:266

_ITHREAD::TrapRegisters
struct _TRAP_FRAME TrapRegisters
Definition me.h:262

_ITHREAD::TimeSliceAllocated
enum _TimeSliceTicks TimeSliceAllocated
Definition me.h:268

_ITHREAD::ApcState
struct _APC_STATE ApcState
Definition me.h:270

_TRAP_FRAME::ss
uint64_t ss
Definition me.h:161

_TRAP_FRAME::rdi
uint64_t rdi
Definition me.h:154

_TRAP_FRAME::rsp
uint64_t rsp
Definition me.h:160

_TRAP_FRAME::rip
uint64_t rip
Definition me.h:157

_TRAP_FRAME::rflags
uint64_t rflags
Definition me.h:159

_TRAP_FRAME::rsi
uint64_t rsi
Definition me.h:154

_TRAP_FRAME::cs
uint64_t cs
Definition me.h:158

PsCreateSystemThread
MTSTATUS PsCreateSystemThread(ThreadEntry entry, THREAD_PARAMETER parameter, TimeSliceTicks TIMESLICE)
Definition thread.c:122

PsTerminateThread
void PsTerminateThread(IN PETHREAD Thread, IN MTSTATUS ExitStatus)
Definition thread.c:196

PsGetCurrentThread
PETHREAD PsGetCurrentThread(void)
Definition thread.c:191

PsCreateThread
MTSTATUS PsCreateThread(HANDLE ProcessHandle, PHANDLE ThreadHandle, ThreadEntry EntryPoint, THREAD_PARAMETER ThreadParameter, TimeSliceTicks TimeSlice)
Definition thread.c:34

PsDeleteThread
void PsDeleteThread(IN void *Object)
Definition thread.c:220

MmAllocateVirtualMemory
MTSTATUS MmAllocateVirtualMemory(IN PEPROCESS Process, _In_Opt _Out_Opt void **BaseAddress, IN size_t NumberOfBytes, IN VAD_FLAGS VadFlags)
Definition vad.c:723