VirtualBox

Changeset 25484 in vbox for trunk/src/VBox/HostDrivers


Ignore:
Timestamp:
Dec 18, 2009 2:04:56 PM (15 years ago)
Author:
vboxsync
Message:

SUPDrv: Fixed recent regression that may cause the SUPDRVSESSION allocation to be too small on some platforms, and thereby corrupting heap or/and triggering system panic.

Location:
trunk/src/VBox/HostDrivers/Support
Files:
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/SUPDrv.c

    r25465 r25484  
    337337 * @returns IPRT status code.
    338338 * @param   pDevExt     The device extension to initialize.
    339  */
    340 int VBOXCALL supdrvInitDevExt(PSUPDRVDEVEXT pDevExt)
     339 * @param   cbSession   The size of the session structure.  The size of
     340 *                      SUPDRVSESSION may be smaller when SUPDRV_AGNOSTIC is
     341 *                      defined because we're skipping the OS specific members
     342 *                      then.
     343 */
     344int VBOXCALL supdrvInitDevExt(PSUPDRVDEVEXT pDevExt, size_t cbSession)
    341345{
    342346    int rc;
     
    385389                    {
    386390                        pDevExt->u32Cookie = BIRD;  /** @todo make this random? */
     391                        pDevExt->cbSession = cbSession;
    387392
    388393                        /*
     
    554559     * Allocate memory for the session data.
    555560     */
    556     int rc = VERR_NO_MEMORY;
    557     PSUPDRVSESSION pSession = *ppSession = (PSUPDRVSESSION)RTMemAllocZ(sizeof(*pSession));
     561    int             rc;
     562    PSUPDRVSESSION  pSession = *ppSession = (PSUPDRVSESSION)RTMemAllocZ(pDevExt->cbSession);
    558563    if (pSession)
    559564    {
     
    599604        Log(("Failed to create spinlock, rc=%d!\n", rc));
    600605    }
     606    else
     607        rc = VERR_NO_MEMORY;
    601608
    602609    return rc;

  • trunk/src/VBox/HostDrivers/Support/SUPDrvInternal.h

    r25465 r25484  
    465465    /** Global cookie. */
    466466    uint32_t                        u32Cookie;
    467 
    468     /** The IDT entry number.
    469      * Only valid if pIdtPatches is set. */
    470     uint8_t volatile                u8Idt;
     467    /** The actual size of SUPDRVSESSION. (SUPDRV_AGNOSTIC) */
     468    uint32_t                        cbSession;
    471469
    472470    /** Loader mutex.
     
    600598int  VBOXCALL   supdrvIOCtlFast(uintptr_t uIOCtl, VMCPUID idCpu, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
    601599int  VBOXCALL   supdrvIDC(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVIDCREQHDR pReqHdr);
    602 int  VBOXCALL   supdrvInitDevExt(PSUPDRVDEVEXT pDevExt);
     600int  VBOXCALL   supdrvInitDevExt(PSUPDRVDEVEXT pDevExt, size_t cbSession);
    603601void VBOXCALL   supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt);
    604602int  VBOXCALL   supdrvCreateSession(PSUPDRVDEVEXT pDevExt, bool fUser, PSUPDRVSESSION *ppSession);

  • trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

    r25466 r25484  
    235235         * Initialize the device extension.
    236236         */
    237         rc = supdrvInitDevExt(&g_DevExt);
     237        rc = supdrvInitDevExt(&g_DevExt, sizeof(SUPDRVSESSION));
    238238        if (RT_SUCCESS(rc))
    239239        {

  • trunk/src/VBox/HostDrivers/Support/freebsd/SUPDrv-freebsd.c

    r25465 r25484  
    172172         * Initialize the device extension.
    173173         */
    174         rc = supdrvInitDevExt(&g_VBoxDrvFreeBSDDevExt);
     174        rc = supdrvInitDevExt(&g_VBoxDrvFreeBSDDevExt, sizeof(SUPDRVSESSION));
    175175        if (RT_SUCCESS(rc))
    176176        {

  • trunk/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c

    r25465 r25484  
    609609             */
    610610            if (RT_SUCCESS(rc))
    611                 rc = supdrvInitDevExt(&g_DevExt);
     611                rc = supdrvInitDevExt(&g_DevExt, sizeof(SUPDRVSESSION));
    612612            if (RT_SUCCESS(rc))
    613613            {
     
    732732     * Call common code for the rest.
    733733     */
    734     rc = supdrvCreateSession(&g_DevExt, true /* fUser */, (PSUPDRVSESSION *)&pSession);
     734    rc = supdrvCreateSession(&g_DevExt, true /* fUser */, &pSession);
    735735    if (!rc)
    736736    {

  • trunk/src/VBox/HostDrivers/Support/os2/SUPDrv-os2.cpp

    r25465 r25484  
    102102         * Initialize the device extension.
    103103         */
    104         rc = supdrvInitDevExt(&g_DevExt);
     104        rc = supdrvInitDevExt(&g_DevExt, sizeof(SUPDRVSESSION));
    105105        if (RT_SUCCESS(rc))
    106106        {

  • trunk/src/VBox/HostDrivers/Support/solaris/SUPDrv-solaris.c

    r25465 r25484  
    212212         * Initialize the device extension
    213213         */
    214         rc = supdrvInitDevExt(&g_DevExt);
     214        rc = supdrvInitDevExt(&g_DevExt, sizeof(SUPDRVSESSION));
    215215        if (RT_SUCCESS(rc))
    216216        {

  • trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

    r25465 r25484  
    134134                memset(pDevExt, 0, sizeof(*pDevExt));
    135135
    136                 vrc = supdrvInitDevExt(pDevExt);
     136                vrc = supdrvInitDevExt(pDevExt, sizeof(SUPDRVSESSION));
    137137                if (!vrc)
    138138                {
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette