[ion] 57221: [NTOSKRNL]: Implement MiCheckSecuredVad and stop whining about not supporting SEC_NO_CHANGE, cleaning up the log. [NTOSKRNL]: Kill a bunch of now-useless DPRINT1s in Mm, significantly ... - Ros-diffs

2 Sep 2012

Author: ion
Date: Sun Sep  2 18:54:05 2012
New Revision: 57221
URL: http://svn.reactos.org/svn/reactos?rev=57221&view=rev
Log:
[NTOSKRNL]: Implement MiCheckSecuredVad and stop whining about not supporting SEC_NO_CHANGE, cleaning up the log.
[NTOSKRNL]: Kill a bunch of now-useless DPRINT1s in Mm, significantly cleaning up the log.
[HIVES/MSI]: .NET needs InstallRoot, not InstallDir. Kills millions of DPRINT1s, thus cleaning up the log.
Modified:
    trunk/reactos/boot/bootdata/hivesft_amd64.inf
    trunk/reactos/boot/bootdata/hivesft_arm.inf
    trunk/reactos/boot/bootdata/hivesft_i386.inf
    trunk/reactos/ntoskrnl/mm/ARM3/miarm.h
    trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c
    trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c
    trunk/reactos/ntoskrnl/mm/ARM3/section.c
    trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c
    trunk/reactos/ntoskrnl/mm/ARM3/virtual.c
Modified: trunk/reactos/boot/bootdata/hivesft_amd64.inf
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_amd64...
==============================================================================

--- trunk/reactos/boot/bootdata/hivesft_amd64.inf [iso-8859-1] (original)
+++ trunk/reactos/boot/bootdata/hivesft_amd64.inf [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -30,7 +30,7 @@
 HKLM,"SOFTWARE\Microsoft\Rpc\SecurityService","9",2,"secur32.dll"
; .NET
-HKLM,"SOFTWARE\Microsoft.NETFramework","InstallDir",0x00020000,"%SystemRoot%\Microsoft .NET\Framework"
+HKLM,"SOFTWARE\Microsoft.NETFramework","InstallRoot",0x00020000,"%SystemRoot%\Microsoft .NET\Framework"
HKLM,"SOFTWARE\Microsoft\Secure",,0x00000012
Modified: trunk/reactos/boot/bootdata/hivesft_arm.inf
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_arm.i...
==============================================================================
--- trunk/reactos/boot/bootdata/hivesft_arm.inf [iso-8859-1] (original)
+++ trunk/reactos/boot/bootdata/hivesft_arm.inf [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -19,7 +19,7 @@
 HKLM,Software\Microsoft\Rpc\SecurityService,9,2,"secur32.dll"
; .NET
-HKLM,"SOFTWARE\Microsoft.NETFramework","InstallDir",0x00020000,"%SystemRoot%\Microsoft .NET\Framework"
+HKLM,"SOFTWARE\Microsoft.NETFramework","InstallRoot",0x00020000,"%SystemRoot%\Microsoft .NET\Framework"
; HTML Help
 HKLM,SOFTWARE\Microsoft\Active Setup\Installed Components{de5aed00-a4bf-11d1-9948-00c04f98bbc9},,2,"HTML Help"
Modified: trunk/reactos/boot/bootdata/hivesft_i386.inf
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft_i386....
==============================================================================
Binary files - no diff available.
Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/miarm.h?re...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -307,6 +307,13 @@
 #define MI_SESSION_DATA_PAGES_MAXIMUM (MM_ALLOCATION_GRANULARITY / PAGE_SIZE)
 #define MI_SESSION_TAG_PAGES_MAXIMUM  (MM_ALLOCATION_GRANULARITY / PAGE_SIZE)
+//
+// Used by MiCheckSecuredVad
+//
+#define MM_READ_WRITE_ALLOWED   11
+#define MM_READ_ONLY_ALLOWED    10
+#define MM_NO_ACCESS_ALLOWED    01
+#define MM_DELETE_CHECK         85
//
 // System views are binned into 64K chunks
@@ -1867,6 +1874,15 @@
     OUT PULONG_PTR Base
 );
+NTSTATUS
+NTAPI
+MiCheckSecuredVad(
+    IN PMMVAD Vad,
+    IN PVOID Base,
+    IN SIZE_T Size,
+    IN ULONG ProtectionMask
+);
+
 VOID
 NTAPI
 MiInsertVad(
Modified: trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -982,7 +982,7 @@
                 {
                     /* This is a standby page, bring it back from the cache */
                     PageFrameIndex = TempPte.u.Trans.PageFrameNumber;
-                    DPRINT1("oooh, shiny, a soft fault! 0x%lx\n", PageFrameIndex);
+                    DPRINT("oooh, shiny, a soft fault! 0x%lx\n", PageFrameIndex);
                     Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
                     ASSERT(Pfn1->u3.e1.PageLocation != ActiveAndValid);
Modified: trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c?...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/pfnlist.c [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -850,7 +850,7 @@
     if (ListHead == &MmModifiedPageListHead)
     {
         /* For now, only single-prototype pages should end up in this path */
-        DPRINT1("Modified page being added: %lx\n", PageFrameIndex);
+        DPRINT("Modified page being added: %lx\n", PageFrameIndex);
         ASSERT(Pfn1->OriginalPte.u.Soft.Prototype == 0);
/* Modified pages are colored when they are selected for page file */
@@ -1259,7 +1259,7 @@
             TempPte.u.Soft.Prototype = 0;
             TempPte.u.Soft.Protection = Pfn1->OriginalPte.u.Soft.Protection;
             MI_WRITE_INVALID_PTE(PointerPte, TempPte);
-            DPRINT1("Marking PTE: %p as transition (%p - %lx)\n", PointerPte, Pfn1, MiGetPfnEntryIndex(Pfn1));
+            DPRINT("Marking PTE: %p as transition (%p - %lx)\n", PointerPte, Pfn1, MiGetPfnEntryIndex(Pfn1));
         }
/* Put the page in transition */
Modified: trunk/reactos/ntoskrnl/mm/ARM3/section.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/section.c?...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/section.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/section.c [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -771,7 +771,18 @@
     /* For SEC_NO_CHANGE sections, we need some extra checks */
     if (Vad->u.VadFlags.NoChange == 1)
     {
-        DPRINT1("Unmapping SEC_NO_CHANGE. Should validate if allowed!\n");
+        /* Are we allowed to mess with this VAD? */
+        Status = MiCheckSecuredVad(Vad,
+                                   (PVOID)(Vad->StartingVpn >> PAGE_SHIFT),
+                                   RegionSize,
+                                   MM_DELETE_CHECK);
+        if (!NT_SUCCESS(Status))
+        {
+            /* We failed */
+            DPRINT1("Trying to unmap protected VAD!\n");
+            if (!Flags) MmUnlockAddressSpace(&Process->Vm);
+            goto Quickie;
+        }
     }
/* Not currently supported */
Modified: trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c?...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/vadnode.c [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -19,6 +19,27 @@
 /* Include Mm version of AVL support */
 #include "../ARM3/miavl.h"
 #include "../../../lib/rtl/avlsupp.c"
+
+/* GLOBALS ********************************************************************/
+
+CHAR MmReadWrite[32] =
+{
+    MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, 
+    MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+    MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+
+    MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, 
+    MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+    MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+
+    MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, 
+    MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+    MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+
+    MM_NO_ACCESS_ALLOWED, MM_READ_ONLY_ALLOWED, MM_READ_ONLY_ALLOWED, 
+    MM_READ_ONLY_ALLOWED, MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+    MM_READ_WRITE_ALLOWED, MM_READ_WRITE_ALLOWED,
+};
/* FUNCTIONS ******************************************************************/
@@ -583,4 +604,69 @@
     return STATUS_NO_MEMORY;
 }
+NTSTATUS
+NTAPI
+MiCheckSecuredVad(IN PMMVAD Vad,
+                  IN PVOID Base,
+                  IN SIZE_T Size,
+                  IN ULONG ProtectionMask)
+{
+    ULONG_PTR StartAddress, EndAddress;
+
+    /* Compute start and end address */
+    StartAddress = (ULONG_PTR)Base;
+    EndAddress = StartAddress + Size - 1;
+
+    /* Are we deleting/unmapping, or changing? */
+    if (ProtectionMask < MM_DELETE_CHECK)
+    {
+        /* Changing... are we allowed to do so? */
+        if ((Vad->u.VadFlags.NoChange == 1) &&
+            (Vad->u2.VadFlags2.SecNoChange == 1) &&
+            (Vad->u.VadFlags.Protection != ProtectionMask))
+        {
+            /* Nope, bail out */
+            DPRINT1("Trying to mess with a no-change VAD!\n");
+            return STATUS_INVALID_PAGE_PROTECTION;
+        }
+    }
+    else
+    {
+        /* This is allowed */
+        ProtectionMask = 0;
+    }
+    
+    /* ARM3 doesn't support this yet */
+    ASSERT(Vad->u2.VadFlags2.MultipleSecured == 0);
+
+    /* Is this a one-secured VAD, like a TEB or PEB? */
+    if (Vad->u2.VadFlags2.OneSecured)
+    {
+        /* Is this allocation being described by the VAD? */
+        if ((StartAddress <= ((PMMVAD_LONG)Vad)->u3.Secured.EndVpn) &&
+            (EndAddress >= ((PMMVAD_LONG)Vad)->u3.Secured.StartVpn))
+        {
+            /* Guard page? */
+            if (ProtectionMask && MM_DECOMMIT)
+            {
+                DPRINT1("Not allowed to change protection on guard page!\n");
+                return STATUS_INVALID_PAGE_PROTECTION;
+            }
+
+            /* ARM3 doesn't have read-only VADs yet */
+            ASSERT(Vad->u2.VadFlags2.ReadOnly == 0);
+            
+            /* Check if read-write protections are allowed */
+            if (MmReadWrite[ProtectionMask] < MM_READ_WRITE_ALLOWED)
+            {
+                DPRINT1("Invalid protection mask for RW access!\n");
+                return STATUS_INVALID_PAGE_PROTECTION;
+            }
+        }
+    }
+
+    /* All good, allow the change */
+    return STATUS_SUCCESS;
+}
+
 /* EOF */
Modified: trunk/reactos/ntoskrnl/mm/ARM3/virtual.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/virtual.c?...
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/virtual.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/virtual.c [iso-8859-1] Sun Sep  2 18:54:05 2012
@@ -4132,11 +4132,23 @@
         }
//
-        // We should make sure that the section's permissions aren't being messed with
+        // We should make sure that the section's permissions aren't being
+        // messed with
         //
         if (FoundVad->u.VadFlags.NoChange)
         {
-            DPRINT1("SEC_NO_CHANGE section being touched. Assuming this is ok\n");
+            //
+            // Make sure it's okay to touch it
+            //
+            Status = MiCheckSecuredVad(FoundVad,
+                                       PBaseAddress,
+                                       PRegionSize,
+                                       ProtectionMask);
+            if (!NT_SUCCESS(Status))
+            {
+                DPRINT1("Secured VAD being messed around with\n");
+                goto FailPath;
+            }
         }
//

    