[ion] 60055: [NTOSKRNL]: Make MiCreateImageSection return STATUS_SUCCESS, not some fucked-up ROS-specific status code. [NTOSKRNL]: Make MmCreateSection do the correct access checks and parameter ch... - Ros-diffs

12 Sep 2013

Author: ion
Date: Thu Sep 12 06:01:52 2013
New Revision: 60055

URL: http://svn.reactos.org/svn/reactos?rev=60055&view=rev
Log:
[NTOSKRNL]: Make MiCreateImageSection return STATUS_SUCCESS, not some fucked-up
ROS-specific status code.
[NTOSKRNL]: Make MmCreateSection do the correct access checks and parameter checks, just
like ARM3 does. For example, asking for PAGE_EXECUTE on a non-image file no longer
requests SYNCHRONIZE and FILE_READ_DATA...it asks... FILE_EXECUTE. Cause you know...
that's what the caller..wants. Anyway, this, among other things, fixes
LdrValidateImageChecksum (and those annoying errors 0xC0000022 in the logs). SMSS is now
checking the checksums of Known DLLs just like before (in Win7 they stopped doing this to
improve boot performance, lol). It also makes Windows' SMSS happy.

Modified:
    trunk/reactos/base/system/smss/sminit.c
    trunk/reactos/ntoskrnl/mm/section.c

Modified: trunk/reactos/base/system/smss/sminit.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/sminit.c?…
==============================================================================

--- trunk/reactos/base/system/smss/sminit.c	[iso-8859-1] (original)
+++ trunk/reactos/base/system/smss/sminit.c	[iso-8859-1] Thu Sep 12 06:01:52 2013
@@ -1394,8 +1394,8 @@
     NTSTATUS Status, Status1;
     PLIST_ENTRY NextEntry;
     PSMP_REGISTRY_VALUE RegEntry;
-    //ULONG_PTR ErrorParameters[3];
-    //UNICODE_STRING ErrorResponse;
+    ULONG_PTR ErrorParameters[3];
+    UNICODE_STRING ErrorResponse;
     IO_STATUS_BLOCK IoStatusBlock;
     SECURITY_DESCRIPTOR_CONTROL OldFlag = 0;
     USHORT ImageCharacteristics;
@@ -1525,7 +1525,6 @@
                                                SmpProcessModuleImports,
                                                RegEntry,
                                                &ImageCharacteristics);
-#if 0
         if (!NT_SUCCESS(Status))
         {
             /* Checksum failed, so don't even try going further -- kill SMSS */
@@ -1547,7 +1546,6 @@
             ErrorParameters[2] = (ULONG)&RegEntry->Value;
             SmpTerminate(ErrorParameters, 5, RTL_NUMBER_OF(ErrorParameters));
         }
-#endif
 
         /* Temporarily hack the SD to use a default DACL for this section */
         if (SmpLiberalSecurityDescriptor)

Modified: trunk/reactos/ntoskrnl/mm/section.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/section.c?rev=…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/section.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/section.c	[iso-8859-1] Thu Sep 12 06:01:52 2013
@@ -161,6 +161,7 @@
     PAGE_EXECUTE_READWRITE, /* 15 = WRITABLE, READABLE, EXECUTABLE, SHARED */
 };
 
+extern ULONG MmMakeFileAccess [];
 ACCESS_MASK NTAPI MiArm3GetCorrectFileAccessMask(IN ACCESS_MASK SectionPageProtection);
 static GENERIC_MAPPING MmpSectionMapping = {
          STANDARD_RIGHTS_READ | SECTION_MAP_READ | SECTION_QUERY,
@@ -766,7 +767,7 @@
         *Flags |= EXEFMT_LOAD_ASSUME_SEGMENTS_PAGE_ALIGNED;
 
     /* Success */
-    nStatus = STATUS_ROS_EXEFMT_LOADED_FORMAT | EXEFMT_LOADED_PE32;
+    nStatus = STATUS_SUCCESS;// STATUS_ROS_EXEFMT_LOADED_FORMAT | EXEFMT_LOADED_PE32;
 
 l_Return:
     if(pBuffer)
@@ -4867,8 +4868,19 @@
                  IN PFILE_OBJECT  FileObject  OPTIONAL)
 {
     NTSTATUS Status;
-    ULONG Protection, FileAccess;
+    ULONG Protection;
     PROS_SECTION_OBJECT *SectionObject = (PROS_SECTION_OBJECT *)Section;
+
+    /* Convert section flag to page flag */
+    if (AllocationAttributes & SEC_NOCACHE) SectionPageProtection |= PAGE_NOCACHE;
+
+    /* Check to make sure the protection is correct. Nt* does this already */
+    Protection = MiMakeProtectionMask(SectionPageProtection);
+    if (Protection == MM_INVALID_PROTECTION)
+    {
+        DPRINT1("Page protection is invalid\n");
+        return STATUS_INVALID_PAGE_PROTECTION;
+    }
 
     /* Check if an ARM3 section is being created instead */
     if (!(AllocationAttributes & (SEC_IMAGE | SEC_PHYSICALMEMORY)))
@@ -4886,55 +4898,43 @@
         }
     }
 
-    /*
-     * Check the protection
-     */
-    Protection = SectionPageProtection & ~(PAGE_GUARD | PAGE_NOCACHE);
-    if (Protection != PAGE_READONLY &&
-        Protection != PAGE_READWRITE &&
-        Protection != PAGE_WRITECOPY &&
-        Protection != PAGE_EXECUTE &&
-        Protection != PAGE_EXECUTE_READ &&
-        Protection != PAGE_EXECUTE_READWRITE &&
-        Protection != PAGE_EXECUTE_WRITECOPY)
+    /* Check if this is going to be a data or image backed file section */
+    if ((FileHandle) || (FileObject))
     {
-        return STATUS_INVALID_PAGE_PROTECTION;
-    }
-
-    if ((DesiredAccess & SECTION_MAP_WRITE) &&
-        (Protection == PAGE_READWRITE ||
-         Protection == PAGE_EXECUTE_READWRITE) &&
-       !(AllocationAttributes & SEC_IMAGE))
-    {
-        DPRINT("Creating a section with WRITE access\n");
-        FileAccess = FILE_READ_DATA | FILE_WRITE_DATA | SYNCHRONIZE;
+        /* These cannot be mapped with large pages */
+        if (AllocationAttributes & SEC_LARGE_PAGES)
+        {
+            DPRINT1("Large pages cannot be used with an image mapping\n");
+            return STATUS_INVALID_PARAMETER_6;
+        }
+
+        /* Did the caller pass an object? */
+        if (FileObject)
+        {
+            /* Reference the object directly */
+            ObReferenceObject(FileObject);
+        }
+        else
+        {
+            /* Reference the file handle to get the object */
+            Status = ObReferenceObjectByHandle(FileHandle,
+                                               MmMakeFileAccess[Protection],
+                                               IoFileObjectType,
+                                               ExGetPreviousMode(),
+                                               (PVOID*)&FileObject,
+                                               NULL);
+            if (!NT_SUCCESS(Status))
+            {
+                DPRINT1("Failed to get a handle to the FO: %lx\n", Status);
+                return Status;
+            }
+        }
     }
     else
     {
-        DPRINT("Creating a section with READ access\n");
-        FileAccess = FILE_READ_DATA | SYNCHRONIZE;
+        /* A handle must be supplied with SEC_IMAGE, as this is the no-handle path */
+        if (AllocationAttributes & SEC_IMAGE) return
STATUS_INVALID_FILE_FOR_SECTION;
     }
-
-    /* FIXME: somehow combine this with the above checks */
-    if (AllocationAttributes & SEC_IMAGE)
-        FileAccess = MiArm3GetCorrectFileAccessMask(SectionPageProtection);
-
-    if (!FileObject && FileHandle)
-    {
-        Status = ObReferenceObjectByHandle(FileHandle,
-                                           FileAccess,
-                                           IoFileObjectType,
-                                           ExGetPreviousMode(),
-                                           (PVOID *)&FileObject,
-                                           NULL);
-        if (!NT_SUCCESS(Status))
-        {
-            DPRINT("Failed: 0x%08lx\n", Status);
-            return Status;
-        }
-    }
-    else if (FileObject)
-        ObReferenceObject(FileObject);
 
 #ifndef NEWCC // A hack for initializing caching.
     // This is needed only in the old case.
@@ -4955,7 +4955,10 @@
                             &ByteOffset,
                             NULL);
         if (!NT_SUCCESS(Status) && Status != STATUS_END_OF_FILE)
+        {
+            DPRINT1("CC failure: %lx\n", Status);
             return Status;
+        }
         // Caching is initialized...
     }
 #endif



    