[ros-diffs] [ion] 57221: [NTOSKRNL]: Implement MiCheckSecuredVad and stop whining about not supporting SEC_NO_CHANGE, cleaning up the log. [NTOSKRNL]: Kill a bunch of now-useless DPRINT1s in Mm, significantly ...

Author: ion Date: Sun Sep 2 18:54:05 2012 New Revision: 57221 URL: http://svn.reactos.org/svn/reactos?rev=57221&view=rev Log: [NTOSKRNL]: Implement MiCheckSecuredVad and stop whining about not supporting SEC_NO_CHANGE, cleaning up the log. [NTOSKRNL]: Kill a bunch of now-useless DPRINT1s in Mm, significantly cleaning up the log. [HIVES/MSI]: .NET needs InstallRoot, not InstallDir. Kills millions of DPRINT1s, thus cleaning up the log. Modified: trunk/reactos/boot/bootdata/hivesft_amd64.inf trunk/reactos/boot/bootdata/hivesft_arm.inf trunk/reactos/boot/bootdata/hivesft_i386.inf trunk/reactos/ntoskrnl/mm/ARM3/miarm.h trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c trunk/reactos/ntoskrnl/mm/ARM3/section.c trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c trunk/reactos/ntoskrnl/mm/ARM3/virtual.c Modified: trunk/reactos/boot/bootdata/hivesft_amd64.inf URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_amd6… ============================================================================== --- trunk/reactos/boot/bootdata/hivesft_amd64.inf [iso-8859-1] (original) +++ trunk/reactos/boot/bootdata/hivesft_amd64.inf [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -30,7 +30,7 @@ HKLM,"SOFTWARE\Microsoft\Rpc\SecurityService","9",2,"secur32.dll" ; .NET -HKLM,"SOFTWARE\Microsoft\.NETFramework\","InstallDir",0x00020000,"%SystemRoot%\Microsoft .NET\Framework\" +HKLM,"SOFTWARE\Microsoft\.NETFramework\","InstallRoot",0x00020000,"%SystemRoot%\Microsoft .NET\Framework\" HKLM,"SOFTWARE\Microsoft\Secure",,0x00000012 Modified: trunk/reactos/boot/bootdata/hivesft_arm.inf URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_arm.… ============================================================================== --- trunk/reactos/boot/bootdata/hivesft_arm.inf [iso-8859-1] (original) +++ trunk/reactos/boot/bootdata/hivesft_arm.inf [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -19,7 +19,7 @@ HKLM,Software\Microsoft\Rpc\SecurityService,9,2,"secur32.dll" ; .NET -HKLM,"SOFTWARE\Microsoft\.NETFramework\","InstallDir",0x00020000,"%SystemRoot%\Microsoft .NET\Framework\" +HKLM,"SOFTWARE\Microsoft\.NETFramework\","InstallRoot",0x00020000,"%SystemRoot%\Microsoft .NET\Framework\" ; HTML Help HKLM,SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9},,2,"HTML Help" Modified: trunk/reactos/boot/bootdata/hivesft_i386.inf URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_i386… ============================================================================== Binary files - no diff available. Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/miarm.h?r… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -307,6 +307,13 @@ #define MI_SESSION_DATA_PAGES_MAXIMUM (MM_ALLOCATION_GRANULARITY / PAGE_SIZE) #define MI_SESSION_TAG_PAGES_MAXIMUM (MM_ALLOCATION_GRANULARITY / PAGE_SIZE) +// +// Used by MiCheckSecuredVad +// +#define MM_READ_WRITE_ALLOWED 11 +#define MM_READ_ONLY_ALLOWED 10 +#define MM_NO_ACCESS_ALLOWED 01 +#define MM_DELETE_CHECK 85 // // System views are binned into 64K chunks @@ -1867,6 +1874,15 @@ OUT PULONG_PTR Base ); +NTSTATUS +NTAPI +MiCheckSecuredVad( + IN PMMVAD Vad, + IN PVOID Base, + IN SIZE_T Size, + IN ULONG ProtectionMask +); + VOID NTAPI MiInsertVad( Modified: trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pagfault.… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -982,7 +982,7 @@ { /* This is a standby page, bring it back from the cache */ PageFrameIndex = TempPte.u.Trans.PageFrameNumber; - DPRINT1("oooh, shiny, a soft fault! 0x%lx\n", PageFrameIndex); + DPRINT("oooh, shiny, a soft fault! 0x%lx\n", PageFrameIndex); Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); ASSERT(Pfn1->u3.e1.PageLocation != ActiveAndValid); Modified: trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -850,7 +850,7 @@ if (ListHead == &MmModifiedPageListHead) { /* For now, only single-prototype pages should end up in this path */ - DPRINT1("Modified page being added: %lx\n", PageFrameIndex); + DPRINT("Modified page being added: %lx\n", PageFrameIndex); ASSERT(Pfn1->OriginalPte.u.Soft.Prototype == 0); /* Modified pages are colored when they are selected for page file */ @@ -1259,7 +1259,7 @@ TempPte.u.Soft.Prototype = 0; TempPte.u.Soft.Protection = Pfn1->OriginalPte.u.Soft.Protection; MI_WRITE_INVALID_PTE(PointerPte, TempPte); - DPRINT1("Marking PTE: %p as transition (%p - %lx)\n", PointerPte, Pfn1, MiGetPfnEntryIndex(Pfn1)); + DPRINT("Marking PTE: %p as transition (%p - %lx)\n", PointerPte, Pfn1, MiGetPfnEntryIndex(Pfn1)); } /* Put the page in transition */ Modified: trunk/reactos/ntoskrnl/mm/ARM3/section.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/section.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/section.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/section.c [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -771,7 +771,18 @@ /* For SEC_NO_CHANGE sections, we need some extra checks */ if (Vad->u.VadFlags.NoChange == 1) { - DPRINT1("Unmapping SEC_NO_CHANGE. Should validate if allowed!\n"); + /* Are we allowed to mess with this VAD? */ + Status = MiCheckSecuredVad(Vad, + (PVOID)(Vad->StartingVpn >> PAGE_SHIFT), + RegionSize, + MM_DELETE_CHECK); + if (!NT_SUCCESS(Status)) + { + /* We failed */ + DPRINT1("Trying to unmap protected VAD!\n"); + if (!Flags) MmUnlockAddressSpace(&Process->Vm); + goto Quickie; + } } /* Not currently supported */ Modified: trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -19,6 +19,27 @@ /* Include Mm version of AVL support */ #include "../ARM3/miavl.h" #include "../../../lib/rtl/avlsupp.c" + +/* GLOBALS ********************************************************************/ + +CHAR MmReadWrite[32] = +{ + MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, + MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + + MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, + MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + + MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, + MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + + MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, + MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, + MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED, +}; /* FUNCTIONS ******************************************************************/ @@ -583,4 +604,69 @@ return STATUS_NO_MEMORY; } +NTSTATUS +NTAPI +MiCheckSecuredVad(IN PMMVAD Vad, + IN PVOID Base, + IN SIZE_T Size, + IN ULONG ProtectionMask) +{ + ULONG_PTR StartAddress, EndAddress; + + /* Compute start and end address */ + StartAddress = (ULONG_PTR)Base; + EndAddress = StartAddress + Size - 1; + + /* Are we deleting/unmapping, or changing? */ + if (ProtectionMask < MM_DELETE_CHECK) + { + /* Changing... are we allowed to do so? */ + if ((Vad->u.VadFlags.NoChange == 1) && + (Vad->u2.VadFlags2.SecNoChange == 1) && + (Vad->u.VadFlags.Protection != ProtectionMask)) + { + /* Nope, bail out */ + DPRINT1("Trying to mess with a no-change VAD!\n"); + return STATUS_INVALID_PAGE_PROTECTION; + } + } + else + { + /* This is allowed */ + ProtectionMask = 0; + } + + /* ARM3 doesn't support this yet */ + ASSERT(Vad->u2.VadFlags2.MultipleSecured == 0); + + /* Is this a one-secured VAD, like a TEB or PEB? */ + if (Vad->u2.VadFlags2.OneSecured) + { + /* Is this allocation being described by the VAD? */ + if ((StartAddress <= ((PMMVAD_LONG)Vad)->u3.Secured.EndVpn) && + (EndAddress >= ((PMMVAD_LONG)Vad)->u3.Secured.StartVpn)) + { + /* Guard page? */ + if (ProtectionMask && MM_DECOMMIT) + { + DPRINT1("Not allowed to change protection on guard page!\n"); + return STATUS_INVALID_PAGE_PROTECTION; + } + + /* ARM3 doesn't have read-only VADs yet */ + ASSERT(Vad->u2.VadFlags2.ReadOnly == 0); + + /* Check if read-write protections are allowed */ + if (MmReadWrite[ProtectionMask] < MM_READ_WRITE_ALLOWED) + { + DPRINT1("Invalid protection mask for RW access!\n"); + return STATUS_INVALID_PAGE_PROTECTION; + } + } + } + + /* All good, allow the change */ + return STATUS_SUCCESS; +} + /* EOF */ Modified: trunk/reactos/ntoskrnl/mm/ARM3/virtual.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/virtual.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/virtual.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/virtual.c [iso-8859-1] Sun Sep 2 18:54:05 2012 @@ -4132,11 +4132,23 @@ } // - // We should make sure that the section's permissions aren't being messed with + // We should make sure that the section's permissions aren't being + // messed with // if (FoundVad->u.VadFlags.NoChange) { - DPRINT1("SEC_NO_CHANGE section being touched. Assuming this is ok\n"); + // + // Make sure it's okay to touch it + // + Status = MiCheckSecuredVad(FoundVad, + PBaseAddress, + PRegionSize, + ProtectionMask); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Secured VAD being messed around with\n"); + goto FailPath; + } } //