Commit graph

1724 commits

Author SHA1 Message Date
Hermès Bélusca-Maïto
d1b3115afa
[NTOS:IO] IopDisplayLoadingMessage(): Display the loading messages only in SOS mode.
- Make the boolean SosEnabled from ex/init.c visible globally so that
  it can be checked against by IopDisplayLoadingMessage().

- Also use RtlString* function to construct the string.
2024-02-09 17:13:30 +01:00
Hermès Bélusca-Maïto
17c59456cd
[NTOS:IO] Minor formatting for IopSuffixUnicodeString and IopDisplayLoadingMessage.
- Doxygen comments;
- SAL annotations;
- These two functions are local to driver.c file only -> static'ify them.
- 2 -> sizeof(WCHAR);
- Rename Length to NumChars;
- static const'ify the L".SYS" string.
2024-02-09 17:00:25 +01:00
Hermès Bélusca-Maïto
08afb1f4b4
[NTOS:INBV] Don't include the fancy splashscreen logo as well
CORE-19449
2024-02-09 12:00:01 +01:00
Hermès Bélusca-Maïto
ee2e256ebf
[NTOS:INBV] Disable fancy boot splashscreen features
CORE-19449
2024-02-09 11:52:23 +01:00
Adam Słaboń
1f28f715ba
[NTOS:FSTUB] Pack the MASTER_BOOT_RECORD structure (#6416)
Otherwise the USHORT members are aligned to 4-byte boundary space
which overflows the disk sector buffer and ultimately results in crash.
This can be reproduced by trying to format the USB drive with Rufus.

Also put some additional C_ASSERT checks for extra safety.
2024-02-08 01:02:19 +03:00
Hervé Poussineau
9e43518da5 [NTOS:PO] Set SystemBatteriesPresent when having a battery device in the system
This is (at least) used by powercfg.cpl to know if it needs to display some additional pages.
2024-02-05 18:04:02 +01:00
Hervé Poussineau
dff8b93ee2 [NTOS:PO] Give the power device type to PopAddRemoveSysCapsCallback function 2024-02-05 18:04:02 +01:00
Oleg Dubinskiy
5abf0c76b7
[NTOS:KE/x86/arm] Use a better boot process affinity value (#6399)
Use a value that is independent of the CPU bitness.
Addendum to commit 96d5b6281
2024-01-24 17:52:56 +01:00
Justin Miller
748a2e1655
[NTOS] Fix boot on UP build - PrcbLocks are not used on UP (#6391)
On the uniprocessor kernel KiAcquirePrcbLock is a stub that doesn't modify the current Prcb's PrcbLock value.
Quickly protect this assert around CONFIG_SMP
2024-01-20 08:59:13 -08:00
Oleg Dubinskiy
ab528ac6ae
[NTOS:KE] Acquire PRCB lock before marking thread ready for execution in dispatch interrupt routine (#6387)
Fixed in x86 and ARM (this was already done in x64).

This is needed because thread preparation routine KxQueueReadyThread()
releases PRCB lock, but does not acquire it, so that the locking must
always be done outside the function, same as in all its other usage cases.
This fixes an assert from release PRCB routine, when booting x86 ReactOS
in SMP mode, because it attempts to release the lock when it is not
actually acquired.

Addendum to commit a011d19ed.

+ Add an assert in KxQueueReadyThread() to ensure the PRCB lock is actually acquired.
2024-01-20 15:58:39 +01:00
Oleg Dubinskiy
f72d6dd4c5
[NTOS:KE] Set IRQL to SYNCH_LEVEL when exiting from idle after the thread is ready for execution (#6386)
CORE-1697

Raise IRQL to SYNCH_LEVEL when exiting from the idle thread in the
idle loop, in case it is scheduled for execution. Then restore it
back to DISPATCH_LEVEL, after this is done.
This behaviour is a bit similar to the way it's done on x64.

This IRQL raise is necessary only in SMP builds.
Calls are placed in CONFIG_SMP ifdef: this avoids unnecessary IRQL
changes on UP, since SYNCH_LEVEL and DISPATCH_LEVEL are identical
there, unlike in MP, where SYNCH_LEVEL is IPI_LEVEL - 2 actually.

This prevents bugcheck DRIVER_IRQL_NOT_LESS_OR_EQUAL when booting
SMP x86 ReactOS, in KiTimerExpiration when calling it 2nd time.
The BSOD happened due to IRQL levels mismatch.
2024-01-20 15:55:20 +01:00
Timo Kreuzer
9c1cfe0587 [NTOS:KE] Fix initialization of node block for application processors
- Initialize KeNodeBlock[0] statically
- Update Prcb->ParentNode->ProcessorMask for all processors
2024-01-18 22:41:46 +01:00
Hermès Bélusca-Maïto
feb67576dd
[NTOS:CM][CMLIB] In PE mode, allow registry hives (except system ones) to use read/write access.
+ Improve related comments.

Registry hives are opened in shared read access when NT is loaded in PE
mode (MININT) or from network (the hives residing on a network share).
This is true in particular for the main system hives (SYSTEM, SOFTWARE,
DEFAULT, ...).

However, in PE mode, we can allow other hives, e.g. those loaded by the
user (with NtLoadKey) to be loaded with full read/write access, since we
boot from a local computer.
2024-01-17 22:13:03 +01:00
Hermès Bélusca-Maïto
793ee786cd
[NTOS:CM] Initially start the registry in read-only mode.
Disable registry hive writes, until the IO subsystem is initialized
and disk access is enabled (when the SM signals so after AUTOCHK).
2024-01-17 22:09:45 +01:00
Hermès Bélusca-Maïto
76f1da5631
[NTOS:CM][CMLIB] Minor code styling
In particular remove some extra-parentheses around single code tokens,
and replace few "DPRINT1 + while (TRUE);" by UNIMPLEMENTED_DBGBREAK.

+ Improve some comments.
2024-01-17 22:09:37 +01:00
Timo Kreuzer
96d5b6281d [NTOS:KE/x64] Fix boot process affinity 2024-01-16 08:15:53 +01:00
Timo Kreuzer
1ee23d33ac [NTOS:KE] Fix some KAFFINITYs 2024-01-16 08:15:53 +01:00
Hermès Bélusca-Maïto
a70ce994f0
🎊 🍾 🥳 Happy New Year 2024 to the ReactOS Community! 🎆 ⚛️ ☢️
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.██████╗  ██████╗ ██████╗ ██╗  ██╗
 __,  ,__)            __,  ,__)       __, ,__)         ╚════██╗██╔═████╗╚════██╗██║  ██║
(--|__| _ ,_ ,_      (--|\ | _       (--\ | _  _ ,_     █████╔╝██║██╔██║ █████╔╝███████║
  _|  |(_||_)|_)(_|    _| \|(/_(_|_)     \|(/_(_||     ██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║
 (        |  |  ,_|   (                (__|            ███████╗╚██████╔╝███████╗     ██║
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:.╚══════╝ ╚═════╝ ╚══════╝     ╚═╝
2024-01-01 00:00:00 +01:00
Hermès Bélusca-Maïto
434ac241df
[NTOS:INBV:PO] Consolidate shutdown logo routines where all the boot theming is implemented.
And it's late now, but... Merry Christmas 2023 as well! 🎄
Logo design by contributor 'TheCustomFHD'

"From ReactOS with Love" ;^)
2023-12-25 21:43:20 +01:00
Hermès Bélusca-Maïto
6d265d1fd8
[NTOS:INBV] Isolate the bitmap resources pertaining to the boot theme/animation into their resource sub-file. 2023-12-24 22:39:36 +01:00
Hermès Bélusca-Maïto
0f3da97456
[NTOS:KE:EX] Fix comment typo. 2023-12-24 22:39:35 +01:00
Hermès Bélusca-Maïto
7b410fb8ca
[NTOS:INBV] Don't hardcode the off-screen rot-bar-bits buffer size. 2023-12-24 21:54:24 +01:00
Hermès Bélusca-Maïto
81dc30a434
[NTOS:INBV] Improve comment & define name. 2023-12-24 21:54:23 +01:00
Hermès Bélusca-Maïto
7aec73a76c
[NTOS:INBV] Minor code style. 2023-12-24 21:54:16 +01:00
Hermès Bélusca-Maïto
3812996042
[NTOS:INBV] Fix build when INBV_ROTBAR_IMPLEMENTED is not defined. 2023-12-24 21:40:36 +01:00
Ratin Gao
ffb20d3330
[REACTOS] Fix typos (#6198)
- Adress -> Address
- Currupted -> Corrupted

3rd-party files are not modified.
2023-12-23 21:37:08 +01:00
Timo Kreuzer
1831bc6add [NTOS:KE/x64] Implement initial IPI code 2023-12-18 23:16:39 +02:00
Serge Gautherie
1244659d4c
[NTOSKRNL] Remove remnant internal/arm/asmmacro.S (#6052)
Addendum to 6212c82 (r67715).
2023-12-14 13:48:31 +00:00
Timo Kreuzer
e5c5efe2ad [NTOS:KE/x64] Set the idle thread's IdealProcessor for application processors 2023-12-08 20:16:51 +02:00
Timo Kreuzer
b1a9e72e92 [NTOS:KE/x64] Do not call HalInitSystem from application processors 2023-12-08 20:16:51 +02:00
Timo Kreuzer
d0f6874d92 [NTOS:KE/x64] Factor out KiIntializeProcessorBootStructures 2023-12-08 20:16:51 +02:00
Timo Kreuzer
8c466c3e36 [NTOS:KE/x64] Improve KiInitializePcr 2023-12-08 20:16:51 +02:00
Timo Kreuzer
d2a3b1c791 [NTOS:KE/x64] Factor out KiInitializeP0BootStructures 2023-12-08 20:16:51 +02:00
Timo Kreuzer
e655594609 [NTOS:KE/x64] (Re)move initialization of IRQL and TR 2023-12-08 20:16:51 +02:00
Timo Kreuzer
0a7255e4bf [NTOS:KE/x64] Move Initialization of TSS 2023-12-08 20:16:51 +02:00
Timo Kreuzer
160980aba1 [NTOS:KE/x64] Move initialization of PCR 2023-12-08 20:16:51 +02:00
Timo Kreuzer
ba62dd0aaa [NTOS:KE/x64] Move initialization of KeLoaderBlock 2023-12-08 20:16:51 +02:00
Timo Kreuzer
e1497d43d7 [NTOS:KE/x64] Improve KiInitializeTss 2023-12-08 20:16:51 +02:00
Timo Kreuzer
bbe16859b5 [NTOS:KE/x64] Rename P0 boot stacks 2023-12-08 20:16:51 +02:00
Timo Kreuzer
6c5b3f203d [NTOS:KE/x64] Add back a stubs.c file 2023-12-08 19:38:59 +02:00
Timo Kreuzer
57c7f06004 [NTOS:KE/x64] Rename stubs.c to traphandler.c 2023-12-08 19:38:59 +02:00
Timo Kreuzer
d87b45bee7 [NDK] Add Affinity helper inline functions 2023-12-08 19:28:57 +02:00
Hermès Bélusca-Maïto
2f0a5e546f
[NTOS:KE] Don't hardcode pool tag and TSS flag values (#6051)
Co-authored-by: Serge Gautherie <32623169+SergeGautherie@users.noreply.github.com>
2023-12-03 17:33:10 +01:00
Eric Kohl
d8ba5920a2 [NTOS:PNP][UMPNPMGR] GUID_DEVICE_ENUMERATED should be a DeviceInstallEvent
- Move the GUID_DEVICE_ENUMERATED event from the TargetDeviceChangeEvent category to the DeviceInstallEvent category
- Create a new function that handles DeviceInstallEvent category events
2023-12-03 14:00:34 +01:00
Timo Kreuzer
f92c44b217 [NTOS:KE] Remove KiMask32Array
It's useless and also broken in the way it is used. Replace it with a simple shift and make it correct for 64 bit.
2023-11-30 13:03:52 +02:00
Eric Kohl
12a5971b7a [NTOS:PNP] Queue a device change event on interface enable or disable 2023-11-27 22:36:52 +01:00
Serge Gautherie
b386ea728f [NTOSKRNL] Remove unused internal/amd64/asmmacro.S
Added, but never(?) used.

Addendum to 99e6ad7 (r46620).
2023-11-27 22:51:51 +02:00
Justin Miller
516ccad340
[NTOS:KE][HALX86] Implement AP startup code (#5879)
Co-authored-by: Victor Perevertkin <victor.perevertkin@reactos.org>

Introduce the initial changes needed to get other processors up and into kernel mode. 
This only supports x86 as of now but is the first real step towards using other system processors.
2023-11-19 15:51:33 -08:00
George Bișoc
f3141fb29e
[NTOS:CM] Implement support for alternate registry hives
Sometimes repairing a broken hive with a hive log does not always guarantee the hive
in question has fully recovered. In worst cases it could happen the LOG itself is even
corrupt too and that would certainly lead to a total unbootable system. This is most likely
if the victim hive is the SYSTEM hive.

This can be anyhow solved by the help of a mirror hive, or also called an "alternate hive".
Alternate hives serve the purpose as backup hives for primary hives of which there is still
a risk that is not worth taking. For now only the SYSTEM hive is granted the right to have
a backup alternate hive.

=== NOTE ===

Currently the SYSTEM hive can only base upon the alternate SYSTEM.ALT hive, which means the
corresponding LOG file never gets updated. When time comes the existing code must be adapted
to allow the possibility to use .ALT and .LOG hives simultaneously.
2023-11-19 20:44:29 +01:00
George Bișoc
27917c14ed
[NTOS:CM] Flush the dirty data to disk if the SYSTEM hive has been recovered by FreeLdr
If FreeLdr performed recovery against the SYSTEM hive with a log, all of its data is only present in volatile memory thus dirty. So the kernel is responsible to flush all the data that's been recovered within the SYSTEM hive into the backing storage.
2023-11-19 20:44:29 +01:00
George Bișoc
d2b8b9ec96
[NTOS:CM] Use the appropriate flags on functions that will call CmCheckRegistry & add missing CmCheckRegistry calls
In addition to that, in some functions like CmFlushKey, CmSaveKey and CmSaveMergedKeys we must validate the underlying hives as a matter of precaution that everything is alright and we don't fuck all the shit up.
2023-11-19 20:44:27 +01:00
George Bișoc
f33da480af
[SDK][CMLIB] Implement CmCheckRegistry and validation private helpers
CmCheckRegistry is a function that provides the necessary validation checks for a registry hive. This function usually comes into action when logs have been replayed for example, or when a registry hive internals have changed such as when saving a key, loading a key, etc.

This commit implements the whole Check Registry infrastructure (cmcheck.c) in CMLIB library for ease of usage and wide accessibility across parts of the OS. In addition, two more functions for registry checks are also implemented -- HvValidateHive and HvValidateBin.

Instead of having the CmCheckRegistry implementation in the kernel, it's better to have it in the Configuration Manager library instead (aka CMLIB). The benefits of having it in the library are the following:

- CmCheckRegistry can be used in FreeLdr to fix the SYSTEM hive
- It can be used on-demand in the kernel
- It can be used for offline registry repair tools
- It makes the underlying CmCheckRegistry implementation code debug-able in user mode

CORE-9195
CORE-6762
2023-11-19 20:44:27 +01:00
George Bișoc
bfcb28787d
[NTOS:CM] Disable hard errors when setting up a new size for a hive file / annotate CmpFileSetSize parameters with SAL
During a I/O failure of whatever kind the upper-level driver, namely a FSD, can raise a hard error and a deadlock can occur. We wouldn't want that to happen for particular files like hives or logs so in such cases we must disable hard errors before toying with hives until we're done.

In addition to that, annotate the CmpFileSetSize function's parameters with SAL.
2023-11-19 20:44:26 +01:00
George Bișoc
0d776beac9
[NTOS:CM] Ignore syncing/flushing requests after registry shutdown
When shutting down the registry of the system we don't want that the registry in question gets poked again, such as flushing the hives or syncing the hives and respective logs for example. The reasoning behind this is very simple, during a complete shutdown the system does final check-ups and stuff until the computer
shuts down.

Any writing operations done to the registry can lead to erratic behaviors. CmShutdownSystem call already invokes a final flushing of all the hives on the backing storage which is more than enough to ensure consistency of the last session configuration. So after that final flushing, mark HvShutdownComplete as TRUE indicating
that any eventual flushing or syncying (in the case where HvSyncHive gets called) request is outright ignored.
2023-11-19 20:44:26 +01:00
Timo Kreuzer
bf95b7e8e5 [NTOS:CC] Do not access VACB after decrementing it's reference count
It might already be deleted by a different thread.
2023-11-17 20:07:55 +02:00
George Bișoc
6438b85605
[NTOS:EX] Bail out on an invalid locale or language ID
NtSetDefaultLocale and ExpSetCurrentUserUILanguage do not probe the given locale or language ID,
and as a result of that these functions would happily take any given argument. This is problematic
because overwriting NLS data (specifically the Default registry key value as its gets set by the
NtSetDefaultLocale syscall itself) with garbage stuff, rendering the system completely unbootable.

In addition to that, these functions do not check the captured language/locale ID against pre-determined
locales or languages pre-installed in the system. This basically means an ID of 1, for example, is still
valid because it is not bogus albeit there is no such a locale of an ID of 1. That value would get passed
to the Default value key and that renders the system unbootable as well.

CORE-18100
2023-11-16 21:09:05 +01:00
Hermès Bélusca-Maïto
cef9f5c4a6
[RTL] Minor formatting, remove redundant 'return'. 2023-11-16 17:06:40 +01:00
Serge Gautherie
3fb5957de1
[NTOS:EX][CSRSRV][WIN32K] Make a few #define more explicit/strict (#5907)
- Add parentheses around macro parameters.
- Add casts on return value for the Interlocked*UL ("Unsigned Long") macros.
2023-11-13 20:55:48 +01:00
Timo Kreuzer
4bd1e81998 [RTL] Get rid of x86 asm version of RtlpGetStackLimits
There is no point in writing this function in asm.
2023-11-10 19:00:41 +02:00
Timo Kreuzer
d831bc4fab [NTOS:MM] Add ASSERTs for VAD table locking 2023-10-24 21:45:27 +03:00
Timo Kreuzer
23589e9bf1 [NTOS:MM] Lock kernel address space in MiInitSystemMemoryAreas
This is required to satisfy VAD locking rules.
2023-10-24 21:45:27 +03:00
Timo Kreuzer
07ad8c4c11 [NTOS:MM] Attach to the target process in MmMapViewOfSection
This is required to satisfy VAD locking rules.
2023-10-24 21:45:27 +03:00
Timo Kreuzer
601bb49c0d [NTOS:MM] Fix MmFreeMemoryArea
- Stay attached while deleting the VAD node
- Acquire the appropriate working set lock when deleting a VAD node
- Both are needed for locking correctness
2023-10-24 21:45:27 +03:00
Timo Kreuzer
de3958dc2b Revert "[NTOS:MM/x64] Temporarily release AddressCreationLock in MmCreateVirtualMappingUnsafeEx"
This reverts commit e685b25e35.
2023-10-24 21:45:27 +03:00
Timo Kreuzer
a662bedab8 [NTOS:MM] Fix bugs in MmAccessFault
- Acquire the appropriate working set lock when calling MmLocateMemoryAreaByAddress
- Do not access MemoryArea without holding the lock (otherwise it can be pulled away under our feet)
- Fix range check for paged pool
2023-10-24 21:45:27 +03:00
Timo Kreuzer
84d0586ca4 [NTOS:MM] Handle page table faults in MmArmAccessFault
These faults are handled by ARM³ and we don't need to check for a memory area. They can be recursive faults (e.g. from MiDeleteSystemPageableVm), so we might be holding the WS lock already. Passing it straight to ARM³ allows to acquire the WS lock below to look up the memory area.
2023-10-24 21:45:27 +03:00
Timo Kreuzer
a8b57f0a6b [NTOS:MM] Fix address space locking in MiProtectVirtualMemory 2023-10-24 21:45:27 +03:00
Timo Kreuzer
6d701b4b05 [NTOS:MM] Add ASSERTS to MmLockAddressSpace to guarantee lock ordering 2023-10-24 21:45:27 +03:00
Hermès Bélusca-Maïto
501c2bdd63
[NTOS:LPC] Fix input parameter for ProbeAndCaptureUnicodeString (#5815)
Addendum to commit b3c55b9e6 (PR #4399).

Passing &CapturedObjectName as pointer to be probed and captured would
fail if e.g. PreviousMode == UserMode, since that pointer is always in
kernel space. Instead, pass the original user-mode pointer.

Bug caught by Timo Kreuzer ;)
2023-10-23 18:18:45 +02:00
Timo Kreuzer
e685b25e35 [NTOS:MM/x64] Temporarily release AddressCreationLock in MmCreateVirtualMappingUnsafeEx
This is a hack, because the kernel mode path can incur a recursive page fault with the AddressCreationLock acquired, which would lead to a recursive acquisition, once we do proper locking in MmAccessFault.
To properly fix this the PDE must be made valid, similar to the user mode path, but that is not that simple...
2023-10-07 10:58:30 +03:00
George Bișoc
d72025649b
[NTOS:SE] Mute the access denied DPRINTs
They can be spammy. Also clarify these debug prints, because some people
think that "failed to grant access rights" means there's something wrong
in the core access check functions.
2023-10-04 18:04:30 +02:00
George Bișoc
09bfd96f3b
[NTOS:SE] HACK: Temporarily add the Local group SID to the system token
Temporarily add the local group to the system token so that Virtualbox
GA services can properly set up network drives for shared folders.

What happens is that a security descriptor has a DACL with only one ACE
that grants access to Local SID (presumably coming from Vbox?)
but the client token is that of the service which is a SYSTEM token.
Perhaps we are not impersonating the right user or whatever else.

This is only a temporary placebo, until a proper solution is found.

CORE-18250
2023-10-04 18:04:30 +02:00
George Bișoc
4b4638dc55
[NTOS:SE] HACK: Temporarily grant access to the client if empty generic mapping was passed
Certain apps such as AIM installer passes an empty generic mapping (this can
be understood with their generic masks set to 0) and our code tries to map
the access right from an ACE with the mapping provided by AccessCheck.

This can lead to a bug where we would not be able to decode the generic right
from an ACE as we need a proper generic mapping in order to do so. A mask
right that is not decoded it cannot be used to mask out the remaining rights,
further resulting into a denied access right.

What Windows does instead is they are mapping the ACE's rights in another place,
presumably when setting security data to an object, and they are using the
generic mapping passed by the kernel.

What we can do for the time being is to temporarily grant access to the client,
but only if they are an administrator.

CORE-18576
2023-10-04 18:04:29 +02:00
Timo Kreuzer
410b1030c0 [NTOS:KE/x64] Implement detection of more KF_* feature flags
- Detect KF_SSSE3, KF_SSE4_1, KF_SSE4_2, KF_RDRAND, KF_BRANCH, KF_SLAT, KF_GENUINE_INTEL, KF_AUTHENTICAMD, KF_ACNT2, KF_SMEP, KF_SMAP, KF_RDWRFSGSBASE, KF_XSAVEOPT, KF_XSAVES, KF_HUGEPAGE, KF_RDTSCP
2023-10-03 19:45:44 +03:00
Timo Kreuzer
1a7ab2fe68 [NTOS:KE/x64] Use structures for CPUID 2023-10-03 19:45:44 +03:00
Timo Kreuzer
70f6ed8ee3 [NTOS:KE/x64] Improve CPU feature detection
- Use 64 bit feature flags (with a hack in the PRCB)
- Improve setting up SharedUserData->ProcessorFeatures
2023-10-03 19:45:44 +03:00
Timo Kreuzer
47c1dcd023 [NDK] Update kernel feature bits constants
- Move them into architecture specific headers.
- Add missing constants based on https://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kprcb/featurebits.htm
- Yes, they are 64 bits
2023-10-03 19:45:44 +03:00
George Bișoc
50f367fa58
[NTOS:CM] Use COMPUTE_HASH_CHAR to compute the conv hash key
We have a dedicated macro definition for that so just use it.
2023-10-03 11:01:21 +02:00
George Bișoc
c0ea1f96ef
[NTOS:CM][DOCUMENTATION] Provide documentation for newly added functions 2023-10-01 20:06:03 +02:00
George Bișoc
f4de5ceb9e
[NTOS:CM] Implement cache lookup and cleanup subkey information for cache consistency
During an open or create procedure of a registry key, the registry parser grabs
a key control block (KCB) from the parser object and uses its information to do the
necessary work in order to obtain a pointer to the newly created or opened registry key.

However, the registry parsers faces several issues. First, we don't do subkey cache cleaning
information against gathered KCBs so whenever we do a registry parse we end up with KCBs
that have cache inconsistencies. Moreover we don't do any locking of whatever KCB we
are grabing during a parse procedure.

=== PROPOSED CHANGES ===

* Implement CmpComputeHashValue and CmpLookInCache functions. With CmpComputeHashValue we can
compute the convkey hashes of each subkey in the path name of a key so we can lock them
with CmpBuildAndLockKcbArray. CmpLookInCache is a function that searches for the suitable
KCB in the cache. The factors that determine if a KCB is "suitable" are:

-- the currently found KCB in the hash list has the same levels as that of the
given KCB from the parse object;

-- The key names from the computed hash values match with the block name of
the KCB;

-- The currently found KCB is not deleted.

The KCB will be changed if the key path name points to a partial match name in
the cache. The KCB from the parse object will be used if we have a full match
of remaining levels.

* Add missing CMP_LOCK_HASHES_FOR_KCB flags on CmpCreateKeyControlBlock calls
that create KCBs during a parse procedure. Such lock has to be preserved until
we're done with the registry parsing.

* On CmpDoCreateChild, preserve the exclusive lock of the KCB when we are
enlisting the key body.

* On CmpDoCreate, make sure that the passed parent KCB is locked exclusively and
lock the hiver flusher as we don't want the flusher to kick in during a key
creation on the given hive. Cleanup the subkey info when we're creating a key
object. Also implement missing cleanup path codes. Furthermore, avoid key
object creation if the parent KCB is protected with a read-only switch.

* Soft rewrite the CmpDoOpen function, namely how we manage a direct open vs
create KCB on open scenario. When a KCB is found in cache avoid touching
the key node. If the symbolic link has been resolved (aka found) then lock
exclusively the symbolic KCB. Otherwise just give the cached KCB to the caller.

If it were for the caller to request a KCB creation, we must check the passed
KCB from the parser object is locked exclusively, unlike on the case above
the caller doesn't want to create a KCB because there's already one in the cache.
We don't want anybody to touch our KCB while we are still toying with it during
its birth. Furthermore, enlist the key body but mind the kind of lock it's been
used.

* On CmpCreateLinkNode, avoid creating a key object if the parent KCB is protected
with a read-only switch. In addition, add missing hive flusher locks for both
the target hive and its child. Cleanup the subkey information of the KCB when
creating a link node, this ensures our cached KCB data remains consistent.

* Do a direct open on CmpParseKey if no remaining subkey levels have been found
during hash computation and cache lookup, in this case the given KCB is the
block that points to the exact key. This happens when for example someone tried
to call RegOpenKeyExW but submitting NULL to the lpSubKey argument parameter.

CORE-10581
ROSTESTS-198
2023-10-01 20:06:02 +02:00
George Bișoc
8cb56e77a6
[NTOS:CM] Do not call CmpSecurityMethod when assigning a security descriptor
CmpSecurityMethod is a method used by the Object Manager and called by this
subsystem whenever a security operation has to be done against a key object.

As CmpSecurityMethod is a specific OB construct we should not make any direct
call attempts to CmpSecurityMethod, only OB is responsible for that. This fixes
a deadlock where CmpSecurityMethod acquires a push lock for exclusive access
even though such lock is already acquired by the same calling thread in
CmpDoCreateChild.
2023-10-01 20:06:02 +02:00
George Bișoc
7fd6f86803
[NTOS:CM] Do not acquire a KCB lock twice when deleting a key object
This prevents a deadlock in DelistKeyBodyFromKCB when we delete a key
object because of an access check failure during a open procedure of a
registry key, as we are already holding a lock against the target KCB of
the key body.
2023-10-01 20:06:02 +02:00
George Bișoc
697a52aa33
[NTOS:CM] Do not acquire the lock twice when the Object Manager calls CmpSecurityMethod
Whenever a security request is invoked into a key object, such as when requesting
information from its security descriptor, the Object Manager will execute
the CmpSecurityMethod method to do the job.

The problem is that CmpSecurityMethod is not aware if the key control block
of the key body already has a lock acquired which means the function will attempt
to acquire a lock again, leading to a deadlock. This happens if the same
calling thread locks the KCB but it also wants to acquire security information
with ObCheckObjectAccess in CmpDoOpen.

Windows has a hack in CmpSecurityMethod where the passed KCB pointer is ORed
with a bitfield mask to avoid locking in all cases. This is ugly because it negates
every thread to acquire a lock if at least one has it.
2023-10-01 20:06:02 +02:00
George Bișoc
08fcf0c58b
[NTOS:CM] Implement locking/unlocking of KCBs in an array
The CmpUnLockKcbArray, CmpLockKcbArray and CmpBuildAndLockKcbArray routines
help us to lock KCBs within array so that information remains consistent when
we are doing a cache lookup during a parse procedure of the registry database.
2023-10-01 20:06:01 +02:00
George Bișoc
c6230ba255
[NTOS:CM] Add KCB array lock function prototypes & Other Stuff
Implement CmpBuildAndLockKcbArray and CmpUnLockKcbArray prototypes, we'll gonna need these
to do the locking/unlocking of KCBs stacked up in an array. In addition implement some CM
constructs specifically for cache lookup implementation (more at documentation remarks).

=== DOCUMENTATION REMARKS ===

CMP_SUBKEY_LEVELS_DEPTH_LIMIT -- This is the limit of up to 32 subkey levels
that the registry can permit. This is used in CmpComputeHashValue to ensure
that we don't compute more than the limit of subkeys we're allowed to.

CMP_KCBS_IN_ARRAY_LIMIT -- This is equal to CMP_SUBKEY_LEVELS_DEPTH_LIMIT
plus the addition by 2. This construct is used as a limit of KCB elements
the array can hold. 2 serves as an additional space for the array (one for
the root object and another one as extra space so we don't blow up the stack
array).

CMP_LOCK_KCB_ARRAY_EXCLUSIVE & CMP_LOCK_KCB_ARRAY_SHARED -- These flags are used exclusively
for CmpBuildAndLockKcbArray and CmpLockKcbArray. Their meaning are obvious.

CM_HASH_CACHE_STACK -- A structure used to store the hashes of KCBs for locking. It is named
"stack" because the way we store the hashes of KCBs is within an auxilliary "outer stack array".
2023-10-01 20:06:01 +02:00
George Bișoc
8a335a3141
[NTOS:CM] Implement the shared lock macro for use
CmpAcquireKcbLockSharedByKey can come in handy for use to lock KCBs by their convkey with a shared lock, specifically we would need this for cache lookup stuff.
2023-10-01 20:06:00 +02:00
George Bișoc
26fe3616fe
[NTOS:CM] Implement COMPUTE_HASH_CHAR macro definition
Wrap the hash computation formula in a macro so that we don't have to copy
the logic over the places again and again.
2023-10-01 20:06:00 +02:00
George Bișoc
a4213d491d
[NTOS:CM] Add surrounding parentheses to GET_HASH_INDEX definition 2023-10-01 20:05:57 +02:00
Joachim Henze
8c76870639 [NTOS:MM] Fix missing \n in unimplemented codepath DPRINT
We can hit that unimplemented code-path-line in NtQuerySection()
when browsing youtube.com with Chromium 49.
2023-09-30 19:06:30 +02:00
Serge Gautherie
c84b5007d0
[NTOS:CM] Simplify CmpDelayAllocBucketLock code a bit (#5729)
- Remove duplicate CmpDelayAllocBucketLock definition.
- Remove an else.
2023-09-28 11:39:13 +02:00
Timo Kreuzer
03283371c1 [NTOS/Mm] Fix SWAPENTRY bit-check in MmCreatePageFileMapping
Test for the highest bit, not for bit 3 / 7.
2023-09-28 01:19:47 +03:00
Serge Gautherie
9ca88bef80
[NTOS:MM] Fix 'eanbled' typo in a comment (#5728) 2023-09-27 17:31:42 +00:00
Timo Kreuzer
8227c5d380 [NTOS] Implement support for opting out of NX policy
Fixes crash in ntdll_winetest info on x64.
2023-09-26 18:04:19 +03:00
Timo Kreuzer
df053d4e43 [RTL] Improve usage of absolte vs self-relative security descriptors
- RtlpQuerySecurityDescriptor: Change argument type of first parameter from PISECURITY_DESCRIPTOR to PSECURITY_DESCRIPTOR, since it handles both absolute and self-relative SDs.
- RtlMakeSelfRelativeSD: rename first parameter from AbsoluteSD to SecurityDescriptor, since it handles both absolute and self-relative SDs.
- SepGetGroupFromDescriptor/SepGetOwnerFromDescriptor/SepGetDaclFromDescriptor/SepGetSaclFromDescriptor: Change parameter type from PVOID to PSECURITY_DESCRIPTOR for clarity.
2023-09-26 18:01:45 +03:00
Timo Kreuzer
ed06c06dcb [NTOS:CM] Fix lock leak
Triggered by low available pool memory during kmtest ExPools.
2023-09-23 18:34:00 +03:00
Hermès Bélusca-Maïto
4bdfee8e8b
[NTOS:EX] Initialize ExpResourceTimeoutCount also via the "Session Manager/ResourceTimeoutCount" registry value (#4089)
For more details, see
http://systemmanager.ru/win2k_regestry.en/29859.htm
https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Archive/102985#ResourceTimeoutCount_REG_DWORD
2023-09-21 13:33:28 +02:00
Hermès Bélusca-Maïto
b5c75ce506
[NTOS:EX] Minor header formatting. 2023-09-21 13:33:25 +02:00
Timo Kreuzer
26a64324e7 [NTOSKRNL/x64] Fix a bug in KeSwitchKernelStack
Don't safe anything in the callee's home space, because the callee can overwrite it. Use the functions home space instead.
2023-09-17 10:37:50 +03:00
Ratin Gao
4c8a2a8815
[KERNEL32][KERNEL32_APITEST] Implement user-mode UEFI / Firmware API (#5149)
- Implement firmware environment variable read/write APIs
- Add, fix and improve related definitions and declarations
- Add kernel32:UEFIFirmware apitest

CORE-11954
2023-09-14 22:14:07 +03:00
Timo Kreuzer
9666f00572 [WIN32K][NTOS] Fix parameter to MmMapViewOfSection
The code was passing 0 instead of SECTION_INHERIT::ViewUnmap (2). 0 isn't even a proper constant to be used here. It worked, because MmMapViewOfSection only compares against ViewShare (1) and treats everything else as ViewUnmap.
2023-09-09 12:15:24 +03:00