Changeset 52414 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

Aug 19, 2014 2:05:18 PM (10 years ago)

Author:

vboxsync

Message:

SUP: Need per thread recursion counters for WinVerifyTrust or we risk deadlocking. This is new after hooking LdrLoadDll.

Location:

trunk/src/VBox/HostDrivers/Support/win

Files:

• SUPHardenedVerifyImage-win.cpp (modified) (5 diffs)
• import-template-kernel32.h (modified) (1 diff)

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -179 +179 @@
 PFNCRYPTCATCATALOGINFOFROMCONTEXT       g_pfnCryptCATCatalogInfoFromContext;
 
-/** Indicates active WinVerifyTrust thread. */
+/** Where we store the TLS entry for detecting WinVerifyTrustRecursion. */
+static uint32_t                         g_iTlsWinVerifyTrustRecursion = UINT32_MAX;
+/** Fallback WinVerifyTrust recursion protection. */
 static uint32_t volatile                g_idActiveThread = UINT32_MAX;
 
@@ -1870 +1872 @@
 
     /*
+     * Allocate TLS entry for WinVerifyTrust recursion prevention.
+     */
+    DWORD iTls = TlsAlloc();
+    if (iTls != TLS_OUT_OF_INDEXES)
+        g_iTlsWinVerifyTrustRecursion = iTls;
+    else
+        supR3HardenedError(GetLastError(), false /*fFatal*/, "TlsAlloc failed");
+
+    /*
      * Resolve it.
      */
@@ -2343 +2354 @@
     /*
      * Call the windows verify trust API if we've resolved it and aren't in
-     * some obvious recursion.  Assume we won't be having too much
-     * concurrency, so a single global variable should suffice, right...
+     * some obvious recursion.
      */
     if (g_pfnWinVerifyTrust != NULL)
     {
-        uint32_t const idCurrentThread = GetCurrentThreadId();
-        if (g_idActiveThread != idCurrentThread)
+        /* Check for recursion. */
+        bool fNoRecursion;
+        if (g_iTlsWinVerifyTrustRecursion != UINT32_MAX)
         {
-            ASMAtomicCmpXchgU32(&g_idActiveThread, idCurrentThread, UINT32_MAX);
-
+            fNoRecursion = TlsGetValue(g_iTlsWinVerifyTrustRecursion) == 0;
+            if (fNoRecursion)
+                TlsSetValue(g_iTlsWinVerifyTrustRecursion, (void *)1);
+        }
+        else
+        {
+            uint32_t const idCurrentThread = GetCurrentThreadId();
+            fNoRecursion = ASMAtomicCmpXchgU32(&g_idActiveThread, idCurrentThread, UINT32_MAX);
+        }
+        if (fNoRecursion)
+        {
+            /* We can call WinVerifyTrust. */
             if (pfWinVerifyTrust)
                 *pfWinVerifyTrust = true;
@@ -2385 +2406 @@
             }
 
-            ASMAtomicCmpXchgU32(&g_idActiveThread, UINT32_MAX, idCurrentThread);
+            /* Unwind recursion. */
+            if (g_iTlsWinVerifyTrustRecursion != UINT32_MAX)
+                TlsSetValue(g_iTlsWinVerifyTrustRecursion, (void *)0);
+            else
+                ASMAtomicWriteU32(&g_idActiveThread, UINT32_MAX);
         }
         else
@@ -2405 +2430 @@
 {
     return g_pfnWinVerifyTrust != NULL
-        && g_idActiveThread != GetCurrentThreadId();
+        && (   g_iTlsWinVerifyTrustRecursion != UINT32_MAX
+            ?  (uintptr_t)TlsGetValue(g_iTlsWinVerifyTrustRecursion) == 0
+            : g_idActiveThread != GetCurrentThreadId() );
 }
 

trunk/src/VBox/HostDrivers/Support/win/import-template-kernel32.h

@@ -21 +21 @@
 SUPHARNT_IMPORT_STDCALL(SetLastError, 4)
 SUPHARNT_IMPORT_STDCALL(Sleep, 4)
+SUPHARNT_IMPORT_STDCALL(TlsAlloc, 0)
+SUPHARNT_IMPORT_STDCALL(TlsGetValue, 4)
+SUPHARNT_IMPORT_STDCALL(TlsSetValue, 8)
 SUPHARNT_IMPORT_STDCALL(VirtualProtectEx, 20)
 SUPHARNT_IMPORT_STDCALL(WriteFile, 20)