[tkreuzer] 64130: [NTOSKRNL] Mark lowest pages of P0BootStackData and KiDoubleFaultStackData as read-only to prevent unnoticed stack-overflow. CORE-4380 #resolve - Ros-diffs

13 Sep 2014

Author: tkreuzer
Date: Sat Sep 13 08:24:03 2014
New Revision: 64130

URL: http://svn.reactos.org/svn/reactos?rev=64130&view=rev
Log:
[NTOSKRNL]
Mark lowest pages of P0BootStackData and KiDoubleFaultStackData as read-only to prevent
unnoticed stack-overflow. CORE-4380 #resolve

Modified:
    trunk/reactos/ntoskrnl/ke/i386/kiinit.c

Modified: trunk/reactos/ntoskrnl/ke/i386/kiinit.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/kiinit.c?…
==============================================================================

--- trunk/reactos/ntoskrnl/ke/i386/kiinit.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ke/i386/kiinit.c	[iso-8859-1] Sat Sep 13 08:24:03 2014
@@ -16,8 +16,8 @@
 /* GLOBALS *******************************************************************/
 
 /* Boot and double-fault/NMI/DPC stack */
-UCHAR DECLSPEC_ALIGN(16) P0BootStackData[KERNEL_STACK_SIZE] = {0};
-UCHAR DECLSPEC_ALIGN(16) KiDoubleFaultStackData[KERNEL_STACK_SIZE] = {0};
+UCHAR DECLSPEC_ALIGN(PAGE_SIZE) P0BootStackData[KERNEL_STACK_SIZE] = {0};
+UCHAR DECLSPEC_ALIGN(PAGE_SIZE) KiDoubleFaultStackData[KERNEL_STACK_SIZE] = {0};
 ULONG_PTR P0BootStack = (ULONG_PTR)&P0BootStackData[KERNEL_STACK_SIZE];
 ULONG_PTR KiDoubleFaultStack =
(ULONG_PTR)&KiDoubleFaultStackData[KERNEL_STACK_SIZE];
 
@@ -679,6 +679,28 @@
     KiIdleLoop();
 }
 
+static
+VOID
+KiMarkPageAsReadOnly(
+    PVOID Address)
+{
+    PHARDWARE_PTE PointerPte;
+
+    /* Make sure the address is page aligned */
+    ASSERT(ALIGN_DOWN_POINTER_BY(Address, PAGE_SIZE) == Address);
+
+    /* Get the PTE address */
+    PointerPte = ((PHARDWARE_PTE)PTE_BASE) + ((ULONG_PTR)Address / PAGE_SIZE);
+    ASSERT(PointerPte->Valid);
+    ASSERT(PointerPte->Write);
+
+    /* Set as read-only */
+    PointerPte->Write = 0;
+
+    /* Flush the TLB entry */
+    __invlpg(Address);
+}
+
 VOID
 NTAPI
 INIT_FUNCTION
@@ -796,6 +818,10 @@
 
         /* Check for break-in */
         if (KdPollBreakIn()) DbgBreakPointWithStatus(DBG_STATUS_CONTROL_C);
+
+        /* Make the lowest page of the boot and double fault stack read-only */
+        KiMarkPageAsReadOnly(P0BootStackData);
+        KiMarkPageAsReadOnly(KiDoubleFaultStackData);
     }
 
     /* Raise to HIGH_LEVEL */



    