Changeset 53045 in vbox for trunk

Timestamp:

Oct 13, 2014 2:55:00 PM (10 years ago)

Author:

vboxsync

Message:

SUP: Reduce LdrLoadDll logging. Still one log statement needing suppressing...

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPR3HardenedMain.cpp (modified) (1 diff)
• win/SUPR3HardenedMain-win.cpp (modified) (15 diffs)

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -1018 +1018 @@
 #ifdef RT_OS_WINDOWS
     if (   g_hStartupLog != NULL
-        && g_cbStartupLog < 128*_1M)
+        && g_cbStartupLog < 16*_1M)
     {
         char szBuf[5120];

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -138 +138 @@
     /** The verification result. */
     int                     rc;
-    /** Used for shutting up errors after a while. */
-    uint32_t volatile       cErrorHits;
+    /** Used for shutting up load and error messages after a while so they don't
+     * flood the the log file and fill up the disk. */
+    uint32_t volatile       cHits;
     /** The validation flags (for WinVerifyTrust retry). */
     uint32_t                fFlags;
@@ -370 +371 @@
 static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect,
                                          bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust,
-                                         bool *pfQuietFailure);
+                                         bool *pfQuiet);
 static void     supR3HardenedWinRegisterDllNotificationCallback(void);
 static void     supR3HardenedWinReInstallHooks(bool fFirst);
@@ -620 +621 @@
         pEntry->rc              = rc;
         pEntry->fFlags          = fFlags;
-        pEntry->cErrorHits      = 0;
+        pEntry->cHits           = 0;
         pEntry->fWinVerifyTrust = fWinVerifyTrust;
         pEntry->cbPath          = pUniStr->Length;
@@ -1052 +1053 @@
                     bool  fCallRealApi = false;
                     rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi,
-                                                    "Imports", false /*fAvoidWinVerifyTrust*/, NULL /*pfQuietFailure*/);
+                                                    "Imports", false /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
                     NtClose(hFile);
                 }
@@ -1275 +1276 @@
 
 static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect,
-                                         bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust,
-                                         bool *pfQuietFailure)
+                                         bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust, bool *pfQuiet)
 {
     *pfCallRealApi = false;
-    if (pfQuietFailure)
-        *pfQuietFailure = false;
+    if (pfQuiet)
+        *pfQuiet = false;
 
     /*
@@ -1314 +1314 @@
     if (pCacheHit)
     {
+        /* Do hit accounting and figure whether we need to be quiet or not. */
+        uint32_t   cHits  = ASMAtomicIncU32(&pCacheHit->cHits);
+        bool const fQuiet = cHits >= 8 && !RT_IS_POWER_OF_TWO(cHits);
+        if (pfQuiet)
+            *pfQuiet = fQuiet;
+
         /* If we haven't done the WinVerifyTrust thing, do it if we can. */
         if (   !pCacheHit->fWinVerifyTrust
@@ -1342 +1348 @@
                              pszCaller, pCacheHit->rc, pCacheHit->wszPath));
         }
-        else if (pCacheHit->cErrorHits < 16)
+        else if (!fQuiet || !pCacheHit->fWinVerifyTrust)
             SUP_DPRINTF(("supR3HardenedScreenImage/%s: cache hit (%Rrc) on %ls%s\n",
                          pszCaller, pCacheHit->rc, pCacheHit->wszPath, pCacheHit->fWinVerifyTrust ? "" : " [lacks WinVerifyTrust]"));
@@ -1353 +1359 @@
         }
 
-        uint32_t cErrorHits = ASMAtomicIncU32(&pCacheHit->cErrorHits);
-        if (   cErrorHits < 8
-            || RT_IS_POWER_OF_TWO(cErrorHits))
+        if (!fQuiet)
             supR3HardenedError(VINF_SUCCESS, false,
-                               "supR3HardenedScreenImage/%s: cached rc=%Rrc fImage=%d fProtect=%#x fAccess=%#x cErrorHits=%u %ls\n",
-                               pszCaller, pCacheHit->rc, fImage, *pfProtect, *pfAccess, cErrorHits, uBuf.UniStr.Buffer);
-        else if (pfQuietFailure)
-            *pfQuietFailure = true;
-
+                               "supR3HardenedScreenImage/%s: cached rc=%Rrc fImage=%d fProtect=%#x fAccess=%#x cHits=%u %ls\n",
+                               pszCaller, pCacheHit->rc, fImage, *pfProtect, *pfAccess, cHits, uBuf.UniStr.Buffer);
         return STATUS_TRUST_FAILURE;
     }
@@ -1610 +1611 @@
     //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: scanning %ls\n", pwszName));
     supR3HardenedScreenImage(hFile, false, &fAccess, &fProtect, &fCallRealApi, "preload", false /*fAvoidWinVerifyTrust*/,
-                             NULL /*pfQuietFailure*/);
+                             NULL /*pfQuiet*/);
     //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: done %ls\n", pwszName));
 
@@ -1648 +1649 @@
             //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 1\n"));
             NTSTATUS rcNt = supR3HardenedScreenImage(hFile, fImage, &fAccess, &fProtect, &fCallRealApi,
-                                                     "NtCreateSection", true /*fAvoidWinVerifyTrust*/, NULL /*pfQuietFailure*/);
+                                                     "NtCreateSection", true /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
             //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 2 rcNt=%#x fCallRealApi=%#x\n", rcNt, fCallRealApi));
 
@@ -1724 +1725 @@
 {
     DWORD    dwSavedLastError = RtlGetLastWin32Error();
+    bool     fQuiet = false;
     NTSTATUS rcNt;
 
@@ -1934 +1936 @@
         ResolvedName.MaximumLength = ResolvedName.Length + sizeof(WCHAR);
 
+/** @todo need to cache the translation so we can get at fQuiet here! */
         SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: '%.*ls' -> '%.*ls' [rcNt=%#x]\n",
                      (unsigned)pName->Length / sizeof(WCHAR), pName->Buffer,
@@ -1982 +1985 @@
             ULONG fProtect = 0;
             bool  fCallRealApi = false;
-            bool  fQuietFailure = false;
             rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi,
-                                            "LdrLoadDll", false /*fAvoidWinVerifyTrust*/, &fQuietFailure);
+                                            "LdrLoadDll", false /*fAvoidWinVerifyTrust*/, &fQuiet);
             NtClose(hFile);
             if (!NT_SUCCESS(rcNt))
             {
-                if (!fQuietFailure)
+                if (!fQuiet)
                 {
                     supR3HardenedError(VINF_SUCCESS, false, "supR3HardenedMonitor_LdrLoadDll: rejecting '%ls': rcNt=%#x\n",
@@ -2012 +2014 @@
      * Screened successfully enough.  Call the real thing.
      */
-    SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: pName=%.*ls *pfFlags=%#x pwszSearchPath=%p:%ls [calling]\n",
-                 (unsigned)pName->Length / sizeof(WCHAR), pName->Buffer, pfFlags ? *pfFlags : UINT32_MAX, pwszSearchPath,
-                 !((uintptr_t)pwszSearchPath & 1) && (uintptr_t)pwszSearchPath >= 0x2000U ? pwszSearchPath : L"<flags>"));
+    if (!fQuiet)
+        SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: pName=%.*ls *pfFlags=%#x pwszSearchPath=%p:%ls [calling]\n",
+                     (unsigned)pName->Length / sizeof(WCHAR), pName->Buffer, pfFlags ? *pfFlags : UINT32_MAX, pwszSearchPath,
+                     !((uintptr_t)pwszSearchPath & 1) && (uintptr_t)pwszSearchPath >= 0x2000U ? pwszSearchPath : L"<flags>"));
     RtlRestoreLastWin32Error(dwSavedLastError);
     rcNt = g_pfnLdrLoadDllReal(pwszSearchPath, pfFlags, pName, phMod);
@@ -2025 +2028 @@
     if (NT_SUCCESS(rcNt) && phMod)
         SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x hMod=%p '%ls'\n", rcNt, *phMod, wszPath));
-    else
+    else if (!NT_SUCCESS(rcNt) || !fQuiet)
         SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x '%ls'\n", rcNt, wszPath));