Changeset 76091 in vbox for trunk/src/VBox/Main/src-server

Timestamp:

Dec 9, 2018 11:02:49 PM (6 years ago)

Author:

vboxsync

Message:

VBoxSVC: Hook all IVirtualBox calls to catch new client processes so we can watch them for termination. Work in progress. bugref:3300

Location:

trunk/src/VBox/Main/src-server

Files:

• VirtualBoxImpl.cpp (modified) (6 diffs)
• win/svcmain.cpp (modified) (6 diffs)

trunk/src/VBox/Main/src-server/VirtualBoxImpl.cpp

@@ -29 +29 @@
 #include <iprt/string.h>
 #include <iprt/stream.h>
+#include <iprt/system.h>
 #include <iprt/thread.h>
 #include <iprt/uuid.h>
@@ -172 +173 @@
 ////////////////////////////////////////////////////////////////////////////////
 
+#if defined(RT_OS_WINDOWS) && defined(VBOXSVC_WITH_CLIENT_WATCHER)
+/**
+ * Client process watcher data.
+ */
+class WatchedClientProcess
+{
+public:
+    WatchedClientProcess(RTPROCESS a_pid, HANDLE a_hProcess) RT_NOEXCEPT
+        : m_pid(a_pid)
+        , m_cRefs(1)
+        , m_hProcess(a_hProcess)
+    {
+    }
+
+    ~WatchedClientProcess()
+    {
+        if (m_hProcess != NULL)
+        {
+            ::CloseHandle(m_hProcess);
+            m_hProcess = NULL;
+        }
+        m_pid = NIL_RTPROCESS;
+    }
+
+    /** The client PID.   */
+    RTPROCESS           m_pid;
+    /** Number of references to this structure. */
+    uint32_t volatile   m_cRefs;
+    /** Handle of the client process.
+     * Ideally, we've got full query privileges, but we'll settle for waiting.  */
+    HANDLE              m_hProcess;
+};
+typedef std::map<RTPROCESS, WatchedClientProcess *> WatchedClientProcessMap;
+#endif
+
+
 typedef ObjectsList<Medium> MediaOList;
 typedef ObjectsList<GuestOSType> GuestOSTypesOList;
@@ -181 +218 @@
 typedef std::map<Guid, ComObjPtr<Medium> > HardDiskMap;
 
+
 /**
  *  Main VirtualBox data structure.
@@ -189 +227 @@
 {
     Data()
-        : pMainConfigFile(NULL),
-          uuidMediaRegistry("48024e5c-fdd9-470f-93af-ec29f7ea518c"),
-          uRegistryNeedsSaving(0),
-          lockMachines(LOCKCLASS_LISTOFMACHINES),
-          allMachines(lockMachines),
-          lockGuestOSTypes(LOCKCLASS_LISTOFOTHEROBJECTS),
-          allGuestOSTypes(lockGuestOSTypes),
-          lockMedia(LOCKCLASS_LISTOFMEDIA),
-          allHardDisks(lockMedia),
-          allDVDImages(lockMedia),
-          allFloppyImages(lockMedia),
-          lockSharedFolders(LOCKCLASS_LISTOFOTHEROBJECTS),
-          allSharedFolders(lockSharedFolders),
-          lockDHCPServers(LOCKCLASS_LISTOFOTHEROBJECTS),
-          allDHCPServers(lockDHCPServers),
-          lockNATNetworks(LOCKCLASS_LISTOFOTHEROBJECTS),
-          allNATNetworks(lockNATNetworks),
-          mtxProgressOperations(LOCKCLASS_PROGRESSLIST),
-          pClientWatcher(NULL),
-          threadAsyncEvent(NIL_RTTHREAD),
-          pAsyncEventQ(NULL),
-          pAutostartDb(NULL),
-          fSettingsCipherKeySet(false)
-    {
+        : pMainConfigFile(NULL)
+        , uuidMediaRegistry("48024e5c-fdd9-470f-93af-ec29f7ea518c")
+        , uRegistryNeedsSaving(0)
+        , lockMachines(LOCKCLASS_LISTOFMACHINES)
+        , allMachines(lockMachines)
+        , lockGuestOSTypes(LOCKCLASS_LISTOFOTHEROBJECTS)
+        , allGuestOSTypes(lockGuestOSTypes)
+        , lockMedia(LOCKCLASS_LISTOFMEDIA)
+        , allHardDisks(lockMedia)
+        , allDVDImages(lockMedia)
+        , allFloppyImages(lockMedia)
+        , lockSharedFolders(LOCKCLASS_LISTOFOTHEROBJECTS)
+        , allSharedFolders(lockSharedFolders)
+        , lockDHCPServers(LOCKCLASS_LISTOFOTHEROBJECTS)
+        , allDHCPServers(lockDHCPServers)
+        , lockNATNetworks(LOCKCLASS_LISTOFOTHEROBJECTS)
+        , allNATNetworks(lockNATNetworks)
+        , mtxProgressOperations(LOCKCLASS_PROGRESSLIST)
+        , pClientWatcher(NULL)
+        , threadAsyncEvent(NIL_RTTHREAD)
+        , pAsyncEventQ(NULL)
+        , pAutostartDb(NULL)
+        , fSettingsCipherKeySet(false)
+#if defined(RT_OS_WINDOWS) && defined(VBOXSVC_WITH_CLIENT_WATCHER)
+        , fWatcherIsReliable(RTSystemGetNtVersion() >= RTSYSTEM_MAKE_NT_VERSION(6, 0, 0))
+#endif
+    {
+#if defined(RT_OS_WINDOWS) && defined(VBOXSVC_WITH_CLIENT_WATCHER)
+        RTCritSectRwInit(&WatcherCritSect);
+#endif
     }
 
@@ -310 +354 @@
     bool                                fSettingsCipherKeySet;
     uint8_t                             SettingsCipherKey[RTSHA512_HASH_SIZE];
+
+#if defined(RT_OS_WINDOWS) && defined(VBOXSVC_WITH_CLIENT_WATCHER)
+    /** Critical section protecting WatchedProcesses. */
+    RTCRITSECTRW                        WatcherCritSect;
+    /** Map of processes being watched, key is the PID. */
+    WatchedClientProcessMap             WatchedProcesses;
+    /** Set if the watcher is reliable, otherwise cleared.
+     * The watcher goes unreliable when we run out of memory, fail open a client
+     * process, or if the watcher thread gets messed up. */
+    bool                                fWatcherIsReliable;
+#endif
 };
 
@@ -5552 +5607 @@
 #endif /* !RT_OS_WINDOWS */
 
+#if defined(RT_OS_WINDOWS) && defined(VBOXSVC_WITH_CLIENT_WATCHER)
+
+# include <psapi.h> /* for GetProcessImageFileNameW */
+
+/**
+ * Callout from the wrapper.
+ */
+void VirtualBox::i_callHook(const char *a_pszFunction)
+{
+    RT_NOREF(a_pszFunction);
+
+    /*
+     * Let'see figure out who is calling.
+     * Note! Requires Vista+, so skip this entirely on older systems.
+     */
+    if (RTSystemGetNtVersion() >= RTSYSTEM_MAKE_NT_VERSION(6, 0, 0))
+    {
+        RPC_CALL_ATTRIBUTES_V2_W CallAttribs = { RPC_CALL_ATTRIBUTES_VERSION, RPC_QUERY_CLIENT_PID | RPC_QUERY_IS_CLIENT_LOCAL };
+        RPC_STATUS rcRpc = RpcServerInqCallAttributesW(NULL, &CallAttribs);
+        if (   rcRpc == RPC_S_OK
+            && CallAttribs.ClientPID != 0)
+        {
+            RTPROCESS const pidClient = (RTPROCESS)(uintptr_t)CallAttribs.ClientPID;
+            if (pidClient != RTProcSelf())
+            {
+                /** @todo LogRel2 later: */
+                LogRel(("i_callHook: %Rfn [ClientPID=%#zx/%zu IsClientLocal=%d ProtocolSequence=%#x CallStatus=%#x CallType=%#x OpNum=%#x InterfaceUuid=%RTuuid]\n",
+                        a_pszFunction, CallAttribs.ClientPID, CallAttribs.ClientPID, CallAttribs.IsClientLocal,
+                        CallAttribs.ProtocolSequence, CallAttribs.CallStatus, CallAttribs.CallType, CallAttribs.OpNum,
+                        &CallAttribs.InterfaceUuid));
+
+                /*
+                 * Do we know this client PID already?
+                 */
+                RTCritSectRwEnterShared(&m->WatcherCritSect);
+                WatchedClientProcessMap::iterator It = m->WatchedProcesses.find(pidClient);
+                if (It != m->WatchedProcesses.end())
+                    RTCritSectRwLeaveShared(&m->WatcherCritSect); /* Known process, nothing to do. */
+                else
+                {
+                    /* This is a new client process, start watching it. */
+                    RTCritSectRwLeaveShared(&m->WatcherCritSect);
+                    i_watchClientProcess(pidClient, a_pszFunction);
+                }
+            }
+        }
+        else
+            LogRel(("i_callHook: %Rfn - rcRpc=%#x ClientPID=%#zx/%zu !! [IsClientLocal=%d ProtocolSequence=%#x CallStatus=%#x CallType=%#x OpNum=%#x InterfaceUuid=%RTuuid]\n",
+                    a_pszFunction, rcRpc, CallAttribs.ClientPID, CallAttribs.ClientPID, CallAttribs.IsClientLocal,
+                    CallAttribs.ProtocolSequence, CallAttribs.CallStatus, CallAttribs.CallType, CallAttribs.OpNum,
+                    &CallAttribs.InterfaceUuid));
+    }
+}
+
+
+/**
+ * Wathces @a a_pidClient for termination.
+ *
+ * @returns true if successfully enabled watching of it, false if not.
+ * @param   a_pidClient     The PID to watch.
+ * @param   a_pszFunction   The function we which we detected the client in.
+ */
+bool VirtualBox::i_watchClientProcess(RTPROCESS a_pidClient, const char *a_pszFunction)
+{
+    RT_NOREF_PV(a_pszFunction);
+
+    /*
+     * Open the client process.
+     */
+    HANDLE hClient = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_INFORMATION, FALSE /*fInherit*/, a_pidClient);
+    if (hClient == NULL)
+        hClient = OpenProcess(SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION, FALSE , a_pidClient);
+    if (hClient == NULL)
+        hClient = OpenProcess(SYNCHRONIZE, FALSE , a_pidClient);
+    AssertLogRelMsgReturn(hClient != NULL, ("pidClient=%d (%#x) err=%d\n", a_pidClient, a_pidClient, GetLastError()),
+                          m->fWatcherIsReliable = false);
+
+    /*
+     * Create a new watcher structure and try add it to the map.
+     */
+    bool fRet = true;
+    WatchedClientProcess *pWatched = new (std::nothrow) WatchedClientProcess(a_pidClient, hClient);
+    if (pWatched)
+    {
+        RTCritSectRwEnterExcl(&m->WatcherCritSect);
+
+        WatchedClientProcessMap::iterator It = m->WatchedProcesses.find(a_pidClient);
+        if (It == m->WatchedProcesses.end())
+        {
+            try
+            {
+                m->WatchedProcesses.insert(WatchedClientProcessMap::value_type(a_pidClient, pWatched));
+            }
+            catch (std::bad_alloc &)
+            {
+                fRet = false;
+            }
+            if (fRet)
+            {
+                /*
+                 * Schedule it on a watcher thread.
+                 */
+                /** @todo later. */
+                RTCritSectRwLeaveExcl(&m->WatcherCritSect);
+            }
+            else
+            {
+                RTCritSectRwLeaveExcl(&m->WatcherCritSect);
+                delete pWatched;
+                LogRel(("VirtualBox::i_watchClientProcess: out of memory inserting into client map!\n"));
+            }
+        }
+        else
+        {
+            /*
+             * Someone raced us here, we lost.
+             */
+            RTCritSectRwLeaveExcl(&m->WatcherCritSect);
+            delete pWatched;
+        }
+    }
+    else
+    {
+        LogRel(("VirtualBox::i_watchClientProcess: out of memory!\n"));
+        CloseHandle(hClient);
+        m->fWatcherIsReliable = fRet = false;
+    }
+    return fRet;
+}
+
+
+/** Logs the RPC caller info to the release log. */
+/*static*/ void VirtualBox::i_logCaller(const char *a_pszFormat, ...)
+{
+    if (RTSystemGetNtVersion() >= RTSYSTEM_MAKE_NT_VERSION(6, 0, 0))
+    {
+        char szTmp[80];
+        va_list va;
+        va_start(va, a_pszFormat);
+        RTStrPrintfV(szTmp, sizeof(szTmp), a_pszFormat, va);
+        va_end(va);
+
+        RPC_CALL_ATTRIBUTES_V2_W CallAttribs = { RPC_CALL_ATTRIBUTES_VERSION, RPC_QUERY_CLIENT_PID | RPC_QUERY_IS_CLIENT_LOCAL };
+        RPC_STATUS rcRpc = RpcServerInqCallAttributesW(NULL, &CallAttribs);
+
+        RTUTF16 wszProcName[256];
+        wszProcName[0] = '\0';
+        if (rcRpc == 0 && CallAttribs.ClientPID != 0)
+        {
+            HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, (DWORD)(uintptr_t)CallAttribs.ClientPID);
+            if (hProcess)
+            {
+                RT_ZERO(wszProcName);
+                GetProcessImageFileNameW(hProcess, wszProcName, RT_ELEMENTS(wszProcName) - 1);
+                CloseHandle(hProcess);
+            }
+        }
+        LogRel(("%s [rcRpc=%#x ClientPID=%#zx/%zu (%ls) IsClientLocal=%d ProtocolSequence=%#x CallStatus=%#x CallType=%#x OpNum=%#x InterfaceUuid=%RTuuid]\n",
+                szTmp, rcRpc, CallAttribs.ClientPID, CallAttribs.ClientPID, wszProcName, CallAttribs.IsClientLocal,
+                CallAttribs.ProtocolSequence, CallAttribs.CallStatus, CallAttribs.CallType, CallAttribs.OpNum,
+                &CallAttribs.InterfaceUuid));
+    }
+}
+
+#endif /* RT_OS_WINDOWS && VBOXSVC_WITH_CLIENT_WATCHER */
+
+
 /* vi: set tabstop=4 shiftwidth=4 expandtab: */

trunk/src/VBox/Main/src-server/win/svcmain.cpp

@@ -553 +553 @@
 }
 
-#ifdef DEBUG_bird
-# include <psapi.h> /* for GetProcessImageFileNameW */
-
-/** Logs the RPC caller info to the release log. */
-static void logCaller(const char *pszFormat, ...)
-{
-    char szTmp[80];
-    va_list va;
-    va_start(va, pszFormat);
-    RTStrPrintfV(szTmp, sizeof(szTmp), pszFormat, va);
-    va_end(va);
-
-    RPC_CALL_ATTRIBUTES_V2_W CallAttribs = { RPC_CALL_ATTRIBUTES_VERSION, RPC_QUERY_CLIENT_PID | RPC_QUERY_IS_CLIENT_LOCAL };
-    RPC_STATUS rcRpc = RpcServerInqCallAttributesW(NULL, &CallAttribs);
-
-    RTUTF16 wszProcName[256];
-    wszProcName[0] = '\0';
-    if (rcRpc == 0 && CallAttribs.ClientPID != 0)
-    {
-        HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, (DWORD)(uintptr_t)CallAttribs.ClientPID);
-        if (hProcess)
-        {
-            RT_ZERO(wszProcName);
-            GetProcessImageFileNameW(hProcess, wszProcName, RT_ELEMENTS(wszProcName) - 1);
-            CloseHandle(hProcess);
-        }
-    }
-    LogRel(("%s [rcRpc=%#x ClientPID=%#zx/%zu (%ls) IsClientLocal=%d ProtocolSequence=%#x CallStatus=%#x CallType=%#x OpNum=%#x InterfaceUuid=%RTuuid]\n",
-            szTmp, rcRpc, CallAttribs.ClientPID, CallAttribs.ClientPID, wszProcName, CallAttribs.IsClientLocal,
-            CallAttribs.ProtocolSequence, CallAttribs.CallStatus, CallAttribs.CallType, CallAttribs.OpNum,
-            &CallAttribs.InterfaceUuid));
-}
 
 /**
- * Caller watcher wrapper exploration wrapping CComObjectCached.
- * @sa @bugref{3300}
+ * Custom instantiation of CComObjectCached.
+ *
+ * This catches certain QueryInterface callers for the purpose of watching for
+ * abnormal client process termination (@bugref{3300}).
+ *
+ * @todo just merge this into class VirtualBox VirtualBoxImpl.h
  */
-template <class Base> class DebugWatcher : public Base
+class VirtualBoxObjectCached : public VirtualBox
 {
 public:
-    DebugWatcher(void *a_pWhatever = NULL) : Base(a_pWhatever)
-    {
-    }
-
-    virtual ~DebugWatcher()
-    {
-    }
+    VirtualBoxObjectCached(void * = NULL)
+        : VirtualBox()
+    {
+    }
+
+    virtual ~VirtualBoxObjectCached()
+    {
+        m_iRef = LONG_MIN / 2; /* Catch refcount screwups by setting refcount something insane. */
+        FinalRelease();
+    }
+
+    /** @name IUnknown implementation for VirtualBox
+     * @{  */
 
     STDMETHOD_(ULONG, AddRef)() throw()
     {
-        ULONG cRefs = Base::AddRef();
-        logCaller("AddRef -> %u", cRefs);
+        ULONG cRefs = InternalAddRef();
+        if (cRefs == 2)
+        {
+            AssertMsg(ATL::_pAtlModule, ("ATL: referring to ATL module without having one declared in this linking namespace\n"));
+            ATL::_pAtlModule->Lock();
+        }
         return cRefs;
     }
@@ -610 +592 @@
     STDMETHOD_(ULONG, Release)() throw()
     {
-        ULONG cRefs = Base::Release();
-        logCaller("Release -> %u", cRefs);
+        ULONG cRefs = InternalRelease();
+        if (cRefs == 0)
+            delete this;
+        else if (cRefs == 1)
+        {
+            AssertMsg(ATL::_pAtlModule, ("ATL: referring to ATL module without having one declared in this linking namespace\n"));
+            ATL::_pAtlModule->Unlock();
+        }
         return cRefs;
     }
@@ -617 +605 @@
     STDMETHOD(QueryInterface)(REFIID iid, void **ppvObj) throw()
     {
-        HRESULT hrc = Base::QueryInterface(iid, ppvObj);
-        logCaller("QueryInterface %RTuuid -> %Rhrc %p", iid, hrc, *ppvObj);
+        HRESULT hrc = _InternalQueryInterface(iid, ppvObj);
+#ifdef VBOXSVC_WITH_CLIENT_WATCHER
+        i_logCaller("QueryInterface %RTuuid -> %Rhrc %p", &iid, hrc, *ppvObj);
+#endif
         return hrc;
     }
 
-    static HRESULT WINAPI CreateInstance(DebugWatcher<Base> **pp) throw()
-    {
-        AssertReturn(pp, E_POINTER);
-        *pp = NULL;
+    /** @} */
+
+    static HRESULT WINAPI CreateInstance(VirtualBoxObjectCached **ppObj) throw()
+    {
+        AssertReturn(ppObj, E_POINTER);
+        *ppObj = NULL;
 
         HRESULT hrc = E_OUTOFMEMORY;
-        DebugWatcher<Base> *p = new (std::nothrow) DebugWatcher<Base>();
+        VirtualBoxObjectCached *p = new (std::nothrow) VirtualBoxObjectCached();
         if (p)
         {
@@ -640 +632 @@
                 delete p;
             else
-                *pp = p;
+                *ppObj = p;
         }
         return hrc;
     }
-
 };
 
-#endif /* DEBUG_bird */
 
 /**
@@ -664 +654 @@
 STDMETHODIMP VirtualBoxClassFactory::CreateInstance(LPUNKNOWN pUnkOuter, REFIID riid, void **ppvObj)
 {
-# ifdef DEBUG_bird
-    logCaller("VirtualBoxClassFactory::CreateInstance: %RTuuid", riid);
+# ifdef VBOXSVC_WITH_CLIENT_WATCHER
+    VirtualBox::i_logCaller("VirtualBoxClassFactory::CreateInstance: %RTuuid", riid);
 # endif
     HRESULT hrc = E_POINTER;
@@ -703 +693 @@
                         {
                             ATL::_pAtlModule->Lock();
-#ifdef DEBUG_bird
-                            DebugWatcher<ATL::CComObjectCached<VirtualBox>> *p;
-                            m_hrcCreate = hrc = DebugWatcher<ATL::CComObjectCached<VirtualBox>>::CreateInstance(&p);
-#else
-                            ATL::CComObjectCached<VirtualBox> *p;
-                            m_hrcCreate = hrc = ATL::CComObjectCached<VirtualBox>::CreateInstance(&p);
-#endif
+                            VirtualBoxObjectCached *p;
+                            m_hrcCreate = hrc = VirtualBoxObjectCached::CreateInstance(&p);
                             if (SUCCEEDED(hrc))
                             {