Changeset 54013 in vbox

Timestamp:

Jan 28, 2015 1:44:00 PM (10 years ago)

Author:

vboxsync

Message:

Support: added SUPR3LockDownLoader()

Location:

trunk

Files:

• include/VBox/sup.h (modified) (1 diff)
• src/VBox/HostDrivers/Support/SUPDrv.c (modified) (6 diffs)
• src/VBox/HostDrivers/Support/SUPDrvIOC.h (modified) (2 diffs)
• src/VBox/HostDrivers/Support/SUPDrvInternal.h (modified) (1 diff)
• src/VBox/HostDrivers/Support/SUPLib.cpp (modified) (2 diffs)
• src/VBox/VMM/tools/VBoxVMMPreload.cpp (modified) (7 diffs)

trunk/include/VBox/sup.h

@@ -1137 +1137 @@
 
 /**
+ * Lock down the module loader interface.
+ *
+ * This will lock down the module loader interface. No new modules can be
+ * loaded and all loaded modules can no longer be freed.
+ *
+ * @returns VBox status code.
+ * @param   pErrInfo        Where to return extended error information.
+ *                          Optional.
+ */
+SUPR3DECL(int) SUPR3LockDownLoader(PRTERRINFO pErrInfo);
+
+/**
  * Get the address of a symbol in a ring-0 module.
  *

trunk/src/VBox/HostDrivers/Support/SUPDrv.c

@@ -148 +148 @@
 static int                  supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD pReq);
 static int                  supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq);
+static int                  supdrvIOCtl_LdrLockDown(PSUPDRVDEVEXT pDevExt);
 static int                  supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL pReq);
 static int                  supdrvIDC_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVIDCREQGETSYM pReq);
@@ -1710 +1711 @@
         }
 
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_LOCK_DOWN):
+        {
+            /* validate */
+            REQ_CHECK_SIZES(SUP_IOCTL_LDR_LOCK_DOWN);
+
+            /* execute */
+            pReqHdr->rc = supdrvIOCtl_LdrLockDown(pDevExt);
+            return 0;
+        }
+
         case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_GET_SYMBOL):
         {
@@ -4557 +4568 @@
     /* (not found - add it!) */
 
+    /* If the loader interface is locked down, make userland fail early */
+    if (pDevExt->fLdrLockedDown)
+    {
+        supdrvLdrUnlock(pDevExt);
+        Log(("supdrvIOCtl_LdrOpen: Not adding '%s' to image list, loader interface is locked down!\n", pReq->u.In.szName));
+        return VERR_PERMISSION_DENIED;
+    }
+
     /*
      * Allocate memory.
@@ -4722 +4741 @@
     }
 
+    /* If the loader interface is locked down, don't load new images */
+    if (pDevExt->fLdrLockedDown)
+    {
+        supdrvLdrUnlock(pDevExt);
+        Log(("SUP_IOCTL_LDR_LOAD: Not loading '%s' image bits, loader interface is locked down!\n", pImage->szName));
+        return VERR_PERMISSION_DENIED;
+    }
+
     switch (pReq->u.In.eEPType)
     {
@@ -4984 +5011 @@
 
 /**
+ * Lock down the image loader interface.
+ *
+ * @returns IPRT status code.
+ * @param   pDevExt     Device globals.
+ */
+static int supdrvIOCtl_LdrLockDown(PSUPDRVDEVEXT pDevExt)
+{
+    LogFlow(("supdrvIOCtl_LdrLockDown:\n"));
+
+    supdrvLdrLock(pDevExt);
+    if (!pDevExt->fLdrLockedDown)
+    {
+        pDevExt->fLdrLockedDown = true;
+        Log(("supdrvIOCtl_LdrLockDown: Image loader interface locked down\n"));
+    }
+    supdrvLdrUnlock(pDevExt);
+
+    return VINF_SUCCESS;
+}
+
+
+/**
  * Gets the address of a symbol in an open image.
  *
@@ -5252 +5301 @@
     PSUPDRVLDRIMAGE pImagePrev;
     LogFlow(("supdrvLdrFree: pImage=%p\n", pImage));
+
+    /*
+     * Warn if we're releasing images while the image loader interface is
+     * locked down -- we won't be able to reload them!
+     */
+    if (pDevExt->fLdrLockedDown)
+        Log(("supdrvLdrFree: Warning: unloading '%s' image, while loader interface is locked down!\n", pImage->szName));
 
     /* find it - arg. should've used doubly linked list. */

trunk/src/VBox/HostDrivers/Support/SUPDrvIOC.h

@@ -215 +215 @@
  *          - (none).
  */
-#define SUPDRV_IOC_VERSION                              0x001d0000
+#define SUPDRV_IOC_VERSION                              0x001d0001
 
 /** SUP_IOCTL_COOKIE. */
@@ -480 +480 @@
 
 
+/** @name SUP_IOCTL_LDR_LOCK_DOWN
+ * Lock down the image loader interface.
+ * @{
+ */
+#define SUP_IOCTL_LDR_LOCK_DOWN                         SUP_CTL_CODE_SIZE(38, SUP_IOCTL_LDR_LOCK_DOWN_SIZE)
+#define SUP_IOCTL_LDR_LOCK_DOWN_SIZE                    sizeof(SUPREQHDR)
+#define SUP_IOCTL_LDR_LOCK_DOWN_SIZE_IN                 sizeof(SUPREQHDR)
+#define SUP_IOCTL_LDR_LOCK_DOWN_SIZE_OUT                sizeof(SUPREQHDR)
+/** @} */
+
+
 /** @name SUP_IOCTL_LDR_GET_SYMBOL
  * Get address of a symbol within an image.

trunk/src/VBox/HostDrivers/Support/SUPDrvInternal.h

@@ -610 +610 @@
     /** Linked list of loaded code. */
     PSUPDRVLDRIMAGE volatile        pLdrImages;
+    /** Set if the image loading interface got disabled after loading all needed images */
+    bool                            fLdrLockedDown;
 
     /** @name These members for detecting whether an API caller is in ModuleInit.

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

@@ -279 +279 @@
         strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
         CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
-        const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x001c0000
-                                   ? 0x001c0001
+        const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x001d0000
+                                   ? 0x001d0001
                                    : SUPDRV_IOC_VERSION & 0xffff0000;
         CookieReq.u.In.u32MinVersion = uMinVersion;
@@ -1038 +1038 @@
 
 
+SUPR3DECL(int) SUPR3LockDownLoader(PRTERRINFO pErrInfo)
+{
+    /* fake */
+    if (RT_UNLIKELY(g_uSupFakeMode))
+        return VINF_SUCCESS;
+
+    /*
+     * Lock down the module loader interface.
+     */
+    SUPREQHDR ReqHdr;
+    ReqHdr.u32Cookie = g_u32Cookie;
+    ReqHdr.u32SessionCookie = g_u32SessionCookie;
+    ReqHdr.cbIn = SUP_IOCTL_LDR_LOCK_DOWN_SIZE_IN;
+    ReqHdr.cbOut = SUP_IOCTL_LDR_LOCK_DOWN_SIZE_OUT;
+    ReqHdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    ReqHdr.rc = VERR_INTERNAL_ERROR;
+    int rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOCK_DOWN, &ReqHdr, SUP_IOCTL_LDR_LOCK_DOWN_SIZE);
+    if (RT_FAILURE(rc))
+        return RTErrInfoSetF(pErrInfo, rc,
+                             "SUPR3LockDownLoader: SUP_IOCTL_LDR_LOCK_DOWN ioctl returned %Rrc", rc);
+
+    return ReqHdr.rc;
+}
+
+
 /**
  * Fallback for SUPR3PageAllocEx on systems where RTR0MemObjPhysAllocNC isn't

trunk/src/VBox/VMM/tools/VBoxVMMPreload.cpp

@@ -52 +52 @@
 
 static uint32_t     g_cVerbose = 1;
+static bool         g_fLockDown = false;
 
 
@@ -71 +72 @@
         { "--only",     'o', RTGETOPT_REQ_STRING  },
         { "--quiet",    'q', RTGETOPT_REQ_NOTHING },
+        { "--lock" ,    'l', RTGETOPT_REQ_NOTHING },
         { "--verbose",  'v', RTGETOPT_REQ_NOTHING },
     };
@@ -115 +117 @@
                 break;
 
+            case 'l':
+                g_fLockDown = true;
+                break;
+
             case 'h':
                 RTPrintf(VBOX_PRODUCT " VMM ring-0 Module Preloader Version " VBOX_VERSION_STRING
@@ -120 +126 @@
                          "All rights reserved.\n"
                          "\n"
-                         "Usage: VBoxVMMPreload [-hqvV] [-o|--only <mod>]\n"
+                         "Usage: VBoxVMMPreload [-hlqvV] [-o|--only <mod>]\n"
                          "\n");
                 *pfExit = true;
@@ -145 +151 @@
 static RTEXITCODE LoadModules(void)
 {
+    RTERRINFOSTATIC ErrInfo;
+
     for (uint32_t i = 0; i < RT_ELEMENTS(g_aModules); i++)
     {
@@ -156 +164 @@
                 return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTPathAppPrivateArch or RTPathAppend returned %Rrc", rc);
 
-            RTERRINFOSTATIC ErrInfo;
             RTErrInfoInitStatic(&ErrInfo);
             rc = SUPR3LoadModule(szPath, g_aModules[i].pszName, &g_aModules[i].pvImageBase, &ErrInfo.Core);
@@ -167 +174 @@
     }
 
+    if (g_fLockDown)
+    {
+        RTErrInfoInitStatic(&ErrInfo);
+        int rc = SUPR3LockDownLoader(&ErrInfo.Core);
+        if (RT_FAILURE(rc))
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, "SUPR3LockDownLoader failed: %s (rc=%Rrc)",
+                                  ErrInfo.Core.pszMsg, rc);
+        if (g_cVerbose >= 1)
+            RTMsgInfo("Locked down module loader interface!\n");
+    }
+
     RTStrmFlush(g_pStdOut);
     return RTEXITCODE_SUCCESS;