Changeset 57254 in vbox

Timestamp:

Aug 9, 2015 2:26:51 PM (9 years ago)

Author:

vboxsync

Message:

SUPDrv: Enabled AC=1 I/O control checks on Linux and extended the checks to include the interrupt flag, I/O privilege level and the direction flag.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• Makefile.kmk (modified) (1 diff)
• darwin/SUPDrv-darwin.cpp (modified) (1 diff)
• linux/Makefile (modified) (1 diff)
• linux/SUPDrv-linux.c (modified) (6 diffs)

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

@@ -705 +705 @@
                 | $$(dir $$@)
         $(call MSG_TOOL,Creating,,$@)
- ifndef VBOX_WITH_HARDENING
-        $(QUIET)$(SED) -e "s;-DVBOX_WITH_HARDENING;;g" --output $@ $<
- else
-        $(QUIET)$(CP) -f $< $@
- endif
+        $(QUIET)$(SED) -e "" \
+                $(if-expr !defined(VBOX_WITH_HARDENING)   ,-e "s;-DVBOX_WITH_HARDENING;;g",) \
+                $(if-expr ($(VBOX_VERSION_BUILD) % 2) == 0,-e "s;-DVBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV;;g",) \
+                --output $@ $<
         %$(QUIET2)$(APPEND) -t '$(PATH_TARGET)/vboxdrv-mod-1.dep' \
                 'Support/$(KBUILD_TARGET)/Makefile_VBOX_HARDENED=$(VBOX_WITH_HARDENING)'

trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

@@ -645 +645 @@
      * SMAP check.
      */
-#ifdef VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV
     RTCCUINTREG fSavedEfl = ASMAddFlags(X86_EFL_AC);
-#else
-    RTCCUINTREG fSavedEfl = ASMGetFlags();
-    ASMSetAC();
+
+    int rc = VBoxDrvDarwinIOCtl(Dev, iCmd, pData, fFlags, pProcess);
+
+#if defined(VBOX_STRICT) || defined(VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV)
+    /*
+     * Before we restore AC and the rest of EFLAGS, check if the IOCtl handler code
+     * accidentially modified it or some other important flag.
+     */
+    if (RT_UNLIKELY(   (ASMGetFlags() & (X86_EFL_AC | X86_EFL_IF | X86_EFL_DF | X86_EFL_IOPL))
+                    != ((fSavedEfl    & (X86_EFL_AC | X86_EFL_IF | X86_EFL_DF | X86_EFL_IOPL)) | X86_EFL_AC) ))
+    {
+        char szTmp[48];
+        RTStrPrintf(szTmp, sizeof(szTmp), "iCmd=%#x: %#x->%#x!", iCmd, (uint32_t)fSavedEfl, (uint32_t)ASMGetFlags());
+        supdrvBadContext(&g_DevExt, "SUPDrv-darwin.cpp",  __LINE__, szTmp);
+    }
 #endif
 
-    int rc = VBoxDrvDarwinIOCtl(Dev, iCmd, pData, fFlags, pProcess);
-
-#if defined(VBOX_STRICT) || defined(VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV)
-    if (RT_UNLIKELY(!(ASMGetFlags() & X86_EFL_AC)))
-    {
-        char szTmp[32];
-        RTStrPrintf(szTmp, sizeof(szTmp), "iCmd=%#x!", iCmd);
-        supdrvBadContext(&g_DevExt, "SUPDrv-darwin.cpp",  __LINE__, szTmp);
-    }
-#endif
     ASMSetFlags(fSavedEfl);
     return rc;

trunk/src/VBox/HostDrivers/Support/linux/Makefile

@@ -256 +256 @@
 KFLAGS   := -D__KERNEL__ -DMODULE -DRT_OS_LINUX -DIN_RING0 -DIN_RT_R0 \
             -DIN_SUP_R0 -DVBOX -DRT_WITH_VBOX -DVBOX_WITH_HARDENING \
-           -DSUPDRV_WITH_RELEASE_LOGGER \
+            -DSUPDRV_WITH_RELEASE_LOGGER -DVBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV \
             -Wno-declaration-after-statement
 ifdef VBOX_REDHAT_KABI

trunk/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c

@@ -67 +67 @@
 
 
-
 /*******************************************************************************
 *   Defined Constants And Macros                                               *
@@ -96 +95 @@
                                        VBOX_VERSION_BUILD)
 #define VBoxDrvLinuxIOCtl RT_CONCAT(VBoxDrvLinuxIOCtl_,VBoxDrvLinuxVersion)
+
 
 /*******************************************************************************
@@ -650 +650 @@
     PSUPDRVSESSION pSession = (PSUPDRVSESSION)pFilp->private_data;
     int rc;
+#if defined(VBOX_STRICT) || defined(VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV)
+    RTCCUINTREG fSavedEfl;
+
+    /*
+     * Refuse all I/O control calls if we've ever detected EFLAGS.AC being cleared.
+     *
+     * This isn't a problem, as there is absolutely nothing in the kernel context that
+     * depend on user context triggering cleanups.  That would be pretty wild, right?
+     */
+    if (RT_UNLIKELY(g_DevExt.cBadContextCalls > 0))
+    {
+        SUPR0Printf("VBoxDrvDarwinIOCtl: EFLAGS.AC=0 detected %u times, refusing all I/O controls!\n", g_DevExt.cBadContextCalls);
+        return EDEVERR;
+    }
+
+    fSavedEfl = ASMAddFlags(X86_EFL_AC);
+# else
+    stac();
+# endif
 
     /*
@@ -660 +679 @@
                       || uCmd == SUP_IOCTL_FAST_DO_NOP)
                   && pSession->fUnrestricted == true))
-    {
-        stac();
         rc = supdrvIOCtlFast(uCmd, ulArg, &g_DevExt, pSession);
-        clac();
-        return rc;
-    }
-    return VBoxDrvLinuxIOCtlSlow(pFilp, uCmd, ulArg, pSession);
-
+    else
+        rc = VBoxDrvLinuxIOCtlSlow(pFilp, uCmd, ulArg, pSession);
 #else   /* !HAVE_UNLOCKED_IOCTL */
     unlock_kernel();
@@ -678 +692 @@
         rc = VBoxDrvLinuxIOCtlSlow(pFilp, uCmd, ulArg, pSession);
     lock_kernel();
+#endif  /* !HAVE_UNLOCKED_IOCTL */
+
+#if defined(VBOX_STRICT) || defined(VBOX_WITH_EFLAGS_AC_SET_IN_VBOXDRV)
+    /*
+     * Before we restore AC and the rest of EFLAGS, check if the IOCtl handler code
+     * accidentially modified it or some other important flag.
+     */
+    if (RT_UNLIKELY(   (ASMGetFlags() & (X86_EFL_AC | X86_EFL_IF | X86_EFL_DF | X86_EFL_IOPL))
+                    != ((fSavedEfl    & (X86_EFL_AC | X86_EFL_IF | X86_EFL_DF | X86_EFL_IOPL)) | X86_EFL_AC) ))
+    {
+        char szTmp[48];
+        RTStrPrintf(szTmp, sizeof(szTmp), "uCmd=%#x: %#x->%#x!", uCmd, (uint32_t)fSavedEfl, (uint32_t)ASMGetFlags());
+        supdrvBadContext(&g_DevExt, "SUPDrv-linux.c",  __LINE__, szTmp);
+    }
+    ASMSetFlags(fSavedEfl);
+#else
+    clac();
+#endif
     return rc;
-#endif  /* !HAVE_UNLOCKED_IOCTL */
 }
 
@@ -746 +777 @@
      * Process the IOCtl.
      */
-    stac();
     rc = supdrvIOCtl(uCmd, &g_DevExt, pSession, pHdr, cbBuf);
-    clac();
 
     /*