From d37280efaab68188e55f4db3ef2882e54fff3163 Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Wed, 16 May 2018 21:44:47 +0200 Subject: [PATCH] [FASTFAT] Deny dismounting system volume or a volume with a pagefile --- drivers/filesystems/fastfat/create.c | 2 ++ drivers/filesystems/fastfat/fsctl.c | 10 ++++++++++ drivers/filesystems/fastfat/vfat.h | 1 + 3 files changed, 13 insertions(+) diff --git a/drivers/filesystems/fastfat/create.c b/drivers/filesystems/fastfat/create.c index 7ecc0ffae15..d9efa96828f 100644 --- a/drivers/filesystems/fastfat/create.c +++ b/drivers/filesystems/fastfat/create.c @@ -778,6 +778,7 @@ VfatCreateFile( if (PagingFileCreate) { pFcb->Flags |= FCB_IS_PAGE_FILE; + SetFlag(DeviceExt->Flags, VCB_IS_SYS_OR_HAS_PAGE); } } else @@ -897,6 +898,7 @@ VfatCreateFile( else { pFcb->Flags |= FCB_IS_PAGE_FILE; + SetFlag(DeviceExt->Flags, VCB_IS_SYS_OR_HAS_PAGE); } } else diff --git a/drivers/filesystems/fastfat/fsctl.c b/drivers/filesystems/fastfat/fsctl.c index abd772648a0..778a2bce8b8 100644 --- a/drivers/filesystems/fastfat/fsctl.c +++ b/drivers/filesystems/fastfat/fsctl.c @@ -777,6 +777,10 @@ VfatMount( } VolumeFcb->Flags |= VCB_IS_DIRTY; + if (BooleanFlagOn(Vpb->RealDevice->Flags, DO_SYSTEM_BOOT_PARTITION)) + { + SetFlag(DeviceExt->Flags, VCB_IS_SYS_OR_HAS_PAGE); + } FsRtlNotifyVolumeEvent(DeviceExt->FATFileObject, FSRTL_VOLUME_MOUNT); FsRtlNotifyInitializeSync(&DeviceExt->NotifySync); @@ -1174,6 +1178,12 @@ VfatDismountVolume( return STATUS_ACCESS_DENIED; } + /* Deny dismount of boot volume */ + if (BooleanFlagOn(DeviceExt->Flags, VCB_IS_SYS_OR_HAS_PAGE)) + { + return STATUS_ACCESS_DENIED; + } + /* Race condition? */ if (BooleanFlagOn(DeviceExt->Flags, VCB_DISMOUNT_PENDING)) { diff --git a/drivers/filesystems/fastfat/vfat.h b/drivers/filesystems/fastfat/vfat.h index cb38b16699f..e58b61bb576 100644 --- a/drivers/filesystems/fastfat/vfat.h +++ b/drivers/filesystems/fastfat/vfat.h @@ -239,6 +239,7 @@ typedef union _DIR_ENTRY DIR_ENTRY, *PDIR_ENTRY; #define VCB_VOLUME_LOCKED 0x0001 #define VCB_DISMOUNT_PENDING 0x0002 #define VCB_IS_FATX 0x0004 +#define VCB_IS_SYS_OR_HAS_PAGE 0x0008 #define VCB_IS_DIRTY 0x4000 /* Volume is dirty */ #define VCB_CLEAR_DIRTY 0x8000 /* Clean dirty flag at shutdown */