Commit graph

1639 commits

Author SHA1 Message Date
Victor Perevertkin
947f60b207
[NTOS:IO] Allow REG_SZ type for ImagePath of a driver
Fixes the load of the Sysinternals FileMon driver.

CORE-18725
2022-12-13 01:46:20 +03:00
Oleg Dubinskiy
82cf6c2b06
[NTOS:IO] Properly zero-initialize a file object created by IopParseDevice (#4931)
Fix uninitialized kernel memory leakage for a case when a file object extension is appended.

CORE-18711
2022-12-08 01:15:42 +03:00
Timo Kreuzer
e7bbbf049e [NTOS] Fix double free on allocation failure in ObCreateObject 2022-12-01 20:17:40 +02:00
Timo Kreuzer
561b71b644 [NTOS] Improve MmDeleteProcessAddressSpace 2022-12-01 20:17:40 +02:00
Timo Kreuzer
10fbefdeb0 [NTOS] Improve MmCleanProcessAddressSpace 2022-12-01 20:17:40 +02:00
Timo Kreuzer
b89a4eed72 [NTOS:EX] Initialize ExpTimeRefreshLock 2022-12-01 20:17:40 +02:00
Timo Kreuzer
9658c6a220 [NTOSKRNL] Print boot cycles on x64 just like on x86 2022-11-24 21:17:58 +02:00
Timo Kreuzer
225e0c89d9 [NTOS] Fix a bug in KiPrepareUserDebugData 2022-11-24 21:17:58 +02:00
Timo Kreuzer
e923912f94 [NTOS] Fix unwinding through KiThreadStartup 2022-11-24 21:17:58 +02:00
Timo Kreuzer
a007f5e490 [NTOS] Fix NtContinue for x64 2022-11-24 21:17:58 +02:00
Hermès Bélusca-Maïto
f7024d6c72
[PSDK][NTOS:KD64] Turns out, that even Clang in MSVC mode needs the 64-bits pointer extension hack!
Addendum to commit de81021ba.
Otherwise, we get the following build error:

 \ntoskrnl\kd64\kddata.c(532,5): error: initializer element is not a compile-time constant
      PtrToUL64(RtlpBreakWithStatusInstruction),
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 \ntoskrnl\kd64\kddata.c(526,26): note: expanded from macro 'PtrToUL64'
 #define PtrToUL64(x)    ((ULPTR64)(x))
                          ^~~~~~~~~~~~
2022-11-24 13:30:43 +01:00
Hermès Bélusca-Maïto
968b264300
[NTOS:KD] Rename the private acquire/release lock functions to fix GCC compilation.
If you ask why there are two sets of functions that do the same, it's
because this file (and the kdmain.c) will very soon some day be moved to
a transport dll, outside the kernel, and it will need these functions.
2022-11-24 01:44:14 +01:00
Hermès Bélusca-Maïto
ffb05406e6
[NTOS:KD64] Implement KdLogDbgPrint() for the WinDbg !dbgprint command.
See this command's documentation:
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/-dbgprint
and the section "DbgPrint buffer and the debugger"
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/reading-and-filtering-debugging-messages#dbgprint-buffer-and-the-debugger
for more details.

- Loosely implement the function, based on our existing circular printout
  buffers in kdio.c.
- Enable its usage in the KdpPrint() and KdpPrompt() functions.

Notice that this function will *only* capture the strings being sent **to**
the debugger, and not the strings the debugger itself produce. (This means
that we cannot use the KdPrintCircularBuffer as a replacement for our
KDBG dmesg one, for example...)

How to test:
Run ReactOS under WinDbg, and use the !dbgprint command to view the
buffer. You can also use the Memory Window, place yourself at the
address pointed by KdPrintCircularBuffer and KdPrintWritePointer, and
read its contents.

What you should observe:
Prior notice: The circular buffer in debug builds of ReactOS and Windows
is 0x8000 bytes large. In release builds, its size is down to 0x1000.
1- When you start e.g. the 2nd-stage GUI installation of ReactOS, going
   past the initial "devices installation" and letting it stabilize on
   the Welcome page, break into WinDbg and run the !dbgprint command. You
   should notice that the end of its output is weirdly truncated, compared
   to what has been actually emitted to the debug output. Comparing this
   with the actual contents of the circular buffer (via Memory Window),
   shows that the buffer contents is actually correct.
2- Copy all the text that has been output by the !dbgprint command and
   paste it in an editor; count the number of all characters appearing +
   newlines (only CR or LF), and observe that this number is "mysteriously"
   equal to 16384 == 0x4000.
3- Continue running ReactOS installation for a little while, breaking back
   back into WinDbg and looking at !dbgprint again. Its output seems to be
   still stopping at the same place as before (but the actual buffer memory
   contents shows otherwise). Continue running ROS installation, and break
   into the debugger when ROS is about to restart. You should now observe
   that the dbgprint buffer rolled over:
     dd nt!KdPrintRolloverCount shows 1.
   Carefully analysing the output of !dbgprint, however, you will notice
   that it looks a bit garbage-y: the first part of the output is actually
   truncated after 16384 characters, then you get a second part of the
   buffer showing what ReactOS was printing while shutting down. Then
   you get again what was shown at the top of the !dbgprint output.
   (Of course, comparing with the actual contents of the circular buffer
   in memory shows that its contents are fine...)

The reason of these strange observations, is because there is an intrinsic
bug in the !dbgprint command implementation (in kdexts.dll). Essentially,
it displays the contents of the circular buffer in two single dprintf()
calls: one for the "older" (bottom) part of the buffer:
  [WritePointer, EndOfBuffer]
and one for the "newer" (upper) part of the buffer:
  [CircularBuffer, WritePointer[ .
The first aspect of the bug (causing observation 3), is that those two
parts are not necessarily NULL-terminated strings (especially after
rollover), so for example, displaying the upper part of the buffer, will
potentially also display part of the buffer's bottom part.
The second aspect of the bug (explaining observations 1 and 2), is due
to the implementation of the dprintf() function (callback in dbgenv.dll).
There, it uses a fixed-sized buffer of size 0x4000 == 16384 characters.
Since the output of the circular buffer is not done by little chunks,
but by the two large parts, if any of those are larger than 0x4000 they
get truncated on display.
(This last observation is confirmed in a completely different context by
https://community.osr.com/discussion/112439/dprintf-s-max-string-length .)
2022-11-24 01:18:18 +01:00
Hermès Bélusca-Maïto
36335d9cee
[NTOS:KD64] Correctly initialize the KdPrint buffer data in KdDebuggerDataBlock so as to fix the WinDbg !dbgprint command.
Now, !dbgprint just shows an empty log (since we don't fill it), instead
of showing the following error:

  kd> !dbgprint
  Can't find DbgPrint buffer
2022-11-24 01:18:17 +01:00
Hermès Bélusca-Maïto
de81021bab
[PSDK][NTOS:KD64] Rename GCC_ULONG64 to ULPTR64 to self-document the fact it stores a pointer as a 64-bit quantity.
But the underlying GCC stupidity is still there (15 years later).

However, enable it only in 32-bit GCC builds, not in 64-bits nor with MSVC.
See commit b9cd3f2d9 (r25845) for some details.

GCC is indeed still incapable of casting 32-bit pointers up to 64-bits,
when static-initializing arrays (**outside** a function) without emitting
the error:

  "error: initializer element is not constant"

(which might somehow indicate it actually tries to generate executable
code for casting the pointers, instead of doing it at compile-time).

Going down the rabbit hole, other stupidities show up:

Our PVOID64 type and the related POINTER_64 (in 32-bit archs), or the
PVOID32 and POINTER_32 (in 64-bit archs), are all silently broken in
GCC builds, because the pointer size attributes __ptr64 and __ptr32,
which are originally MSVC-specific, are defined to nothing in _mingw.h.
(And similarly for the __uptr and __sptr sign-extension attributes.)

Clang and other sane ompilers has since then implemented those (enabled
with -fms-extensions), but not GCC. The closest thing that could exist
for GCC is to do:

  #define __ptr64 __attribute__((mode(DI)))

in order to get a 64-bit-sized pointer type with

  typedef void* __ptr64 PVOID64;

but even this does not work, with the error:

  "error: invalid pointer mode 'DI'"
2022-11-24 01:18:16 +01:00
Hermès Bélusca-Maïto
1c0950b557
[PSDK][NTOS:KD64] Update the KDDEBUGGER_DATA64 structure with new fields.
Information from the Windows 10 SDK and from
https://github.com/DarthTon/Blackbone/blob/master/src/BlackBoneDrv/NativeStructs.h
2022-11-24 01:18:15 +01:00
Marcin Jabłoński
edb7575faa
[NTOS:KE/x64] Implement KeDisconnectInterrupt() for amd64 (#4883)
Choose the correct element of the KiUnexpectedRange array,
depending on the interrupt vector, the same way as here:
a2c6af0da4/ntoskrnl/ke/amd64/except.c (L77)

And guard KeConnectInterrupt() execution with dispatcher lock.

CORE-14922
2022-11-22 23:52:18 +03:00
Hermès Bélusca-Maïto
d15f126143
[NTOS:KDBG] Fix the ANSI escape sequences used to get terminal characteristics when printing with paging.
- Line-wrapping is enabled with 'ESC[?7h' (the '?' was forgotten).
  Notice that the following reference also shows it wrong:
  https://www.cse.psu.edu/~kxc104/class/cse472/09s/hw/hw7/vt100ansi.htm

- Terminal type is actually queried with 'ESC Z' (VT52-compatible), or
  with 'ESC[c' (VT100-compatible). The antediluvian CTRL-E ('\x05')
  control code gives instead a user-configurable (usually empty) string,
  so it's not reliable.
  Also, we don't really care about the returned result, we just need to
  know that one has been sent.

Cross-checked with online documentation:
* "Digital VT100 User Guide" (EK-VT100-UG-001) (1st edition, August 1978,
  reviewed November 1978).
* https://www.real-world-systems.com/docs/ANSIcode.html
* https://geoffg.net/Downloads/Terminal/TerminalEscapeCodes.pdf
* https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
* https://en.wikipedia.org/wiki/Enquiry_character

- Retrieve the size of the *controlling terminal* with escape sequences
  only when it's a serial one: serial output is enabled *and* KDSERIAL
  is set (i.e. user input through serial). See code for the actual logic
  (the corresponding truth table is left as an exercise for the reader).

- Fix also a "Buffer" vs. "InBuffer" mismatch, that caused the whole
  code to fail.

- For fallback terminal size values, use meaningful ones when SCREEN
  is instead the controlling "terminal" (based on full-size BOOTVID
  values).

- When echoing read characters during line-cooking, do direct output by
  using KdpDprintf() instead of going through the heavy KdbpPrint() function.
  This fixes some input artifacts like: 1. extra slowdowns due to
  querying terminal size at each keypress, and 2. getting obnoxious
  "--- Press q to abort ..." prompts in the middle of typing a long
  comamnd because you are at the very bottom of the screen.
2022-11-22 02:10:55 +01:00
Hermès Bélusca-Maïto
c29d6806b8
[NTOS:KD] Remove last remnant of KdpDetectConflicts, deprecated since 2007.
Addendum to commit be2645ad8 (r25987).
2022-11-22 02:10:54 +01:00
Hermès Bélusca-Maïto
9337ea6a3c
[NTOS:KDBG] Deduplicate code between KdbpPrint() and KdbpPager(). 2022-11-22 02:10:54 +01:00
Thomas Faber
79b0fce5dc
[NTOS:CM] Consistently use synchronous I/O for registry hives.
Our current CmpFileRead/CmpFileWrite do not wait for completion,
so will cause stack corruption if used on files opened in async
mode.
2022-11-20 16:02:39 -05:00
Hermès Bélusca-Maïto
ffe3109d37
[NTOS:KD] Handle work-buffer allocation failure in KdpDebugLogInit. It can be ignored in KdpScreenInit. 2022-11-18 18:48:46 +01:00
Hermès Bélusca-Maïto
271b985981
[NTOS:KD] Cleanup of some old code.
- Remove KdbInit() macro and directly use KdbpCliInit() (since the place
  where it was used was already within an #ifdef KDBG block).

- Declare KdpKdbgInit() only when KDBG is defined, move its definition
  into kdio.c and remove the legacy wrappers/kdbg.c file.
  And in KdbInitialize(), set KdpInitRoutine directly to the former,
  instead of using the KdpKdbgInit indirection.

- Don't reset KdComPortInUse in KdpDebugLogInit().

- Minor refactorings: KdpSerialDebugPrint -> KdpSerialPrint and make it
  static; argument name "Message" -> "String", "StringLength" -> "Length".
2022-11-18 18:11:30 +01:00
Hermès Bélusca-Maïto
98e585364b
[NTOS:KD] Annotate KdInitSystem and remove redundant declaration in kd.h 2022-11-18 18:11:29 +01:00
Hermès Bélusca-Maïto
4a93b0a463
[NTOS:IO] Show the captured/generated driver name in one failure path of IoCreateDriver. 2022-11-18 18:11:28 +01:00
Hermès Bélusca-Maïto
56be4eafd5
[NTOS:IO][NDK] Add the exported IoDeleteDriver to the NDK headers. 2022-11-18 18:11:26 +01:00
Hermès Bélusca-Maïto
a4274ad548
[SMSS][NTOS:MM] Implement the architecture-specific pagefile size limits + code review. (#4843)
What we have:
- Maximum number of pagefiles: 16
- Minimum pagefile size: 256 pages (1 MB when page size = 4096 bytes)
- Maximum pagefile size:
  * 32-bit platforms: (1024 * 1024 - 1) pages (~ 4095 MB)
  * x86 with PAE support: same size as for AMD x64
  * x64 platform:  (4 * 1024 * 1024 * 1024 - 1) pages (~ 16 TB)
  * IA64 platform: (8 * 1024 * 1024 * 1024 - 1) pages (~ 32 TB)

Those are the values as supported and verified by the NT kernel.
Now,  user-mode programs (including SMSS.EXE)  have different opinions
on these, namely, they consider estimates directly in MB, respectively:
4095 MB, (16 * 1024 * 1024) MB, and (32 * 1024 * 1024) MB
(verified on Win2k3 and Win7 32 and 64 bits).
Also here, the minimum pagefile size is set to 2 MB.

Starting Windows 8+ (and 10), those values change slightly, and are
still not fully synchronized between NTOS:MM and SMSS. Finally, while
(x86 PAE and) AMD64 and ARM64 seem to share the maximum pagefile
size limit, 32-bit ARMv7 appears to use different limits than regular
x86 (2 GB instead of 4).

Please keep those values as they are for NT compatibility!

See the following references:
https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/mm/modwrite/create.htm
https://techcommunity.microsoft.com/t5/ask-the-performance-team/what-is-the-page-file-for-anyway/ba-p/372608
+ Manual extraction of the values from different NT 6.2,6.3,10 builds.

[SMSS] Fill out in particular the x86-specific case for PAE.

[NTOS:MM] Some cleanup in the NtCreatePagingFile() code, namely:
- Clarify some comments;
- Validate the lower and upper bounds of the Minimum and Maximum sizes
  (based on Windows behaviour as explained by Geoff + manual tests).
- Open the pagefile in case-insensitive;
- Simplify the loop that finds an existing matching pagefile;
- Simplify some failure exit paths;
- Add a "Missing validation steps TODO" comment block explaining the
  existing code-hole.
2022-11-16 21:54:31 +01:00
Hermès Bélusca-Maïto
9c8a8cf2aa
[CSRSRV][NTOS:PS] Misc typos fixes. 2022-11-14 00:10:30 +01:00
George Bișoc
2fef8be892
[NTOS:SE] Dump security debug info in case no every right has been granted in SepAccessCheck
The "failed to grant access rights" message isn't enough to understand what kind of access rights haven't been granted and why. Dumping information of the captured security descriptor, the ACL and its ACEs with mask rights and token SIDs should be enough to understand the reason of the failure in question.
2022-11-08 18:24:37 +01:00
George Bișoc
e2ee126c23
[NTOS:SE] Add new ACE types for SepGetSidFromAce routine 2022-11-08 18:24:37 +01:00
George Bișoc
caa3571cd7
[NTOS:SE] Implement security debug facility routines
debug.c will serve as a centralized facility for security debugging routines and everything related to that. This file will be expanded with further debug functions for the Security subsystem if needed.
2022-11-08 18:24:37 +01:00
Hermès Bélusca-Maïto
e944dfa75f
Remove '.html' from spdx.org license page URLs. (#4845) 2022-11-03 18:25:37 +01:00
Hermès Bélusca-Maïto
4ac263c93a
[NTOS][NTDLL][NDK] Nt/ZwCreatePagingFile: Fix parameter names + use SAL; fix NTDLL spec file. 2022-11-03 02:55:50 +01:00
Hermès Bélusca-Maïto
ab5fdac922
[NTOS] Add TAG_DACL in tag.h and use it. 2022-11-03 02:55:49 +01:00
Hermès Bélusca-Maïto
33e0a69dad
[NTOS] tag.h formatting (align values on 4-space tab stops). 2022-11-03 02:55:48 +01:00
Jérôme Gardou
2ae9feb59f [NTOS] Properly implement and use FsRtlAcquireFileForModWriteEx 2022-11-02 19:41:04 +01:00
Hermès Bélusca-Maïto
58983061e9
[NTOS:MM] Remove residual hack from commit 864a1bc6a (r55323). 2022-10-27 01:08:07 +02:00
Adam Słaboń
23e5d3fe25
[NTOS:MM] MmPurgeSegment: Fix wrong return value (#4801)
Return TRUE instead of NTSTATUS code which has a value of FALSE and may confuse caller.
Fixes sporadic 0x7B bugcheck when booting from corrupted NTFS volume using WinXP ntfs.sys.
2022-10-26 02:15:16 +02:00
Hermès Bélusca-Maïto
0997e9023c
[SMSS][NTOS:MM] Get rid of the remaining sprintf_nt hacks. (#4799) 2022-10-26 00:41:23 +02:00
Katayama Hirofumi MZ
00bd373e88 [NTOSKRNL] Revert 53ac8da and use UNIMPLEMENTED_DBGBREAK() 2022-10-11 07:39:40 +09:00
Katayama Hirofumi MZ
53ac8dae4d [NTOSKRNL] Write 'if (var) ASSERT(FALSE);' as 'ASSERT(!var);'
Based on Serge Gautherie's patch.
CORE-13216
2022-10-10 09:33:08 +09:00
Hervé Poussineau
06b3ee43c2 [NTOS:PNP] Partially implement NtPlugPlayControl(PlugPlayControlQueryAndRemoveDevice)
CORE-12307
2022-09-26 23:35:09 +02:00
Jérôme Gardou
75125228be [NTOS] Add some sanity checks when synchronizing PDEs 2022-09-17 13:48:56 +02:00
Kyle Katarn
3703bbd631
[NTOS:MM] Implement PeakCommitment (MmPeakCommitment, MmTotalCommittedPages) (#4650)
And return the corresponding values in SystemPerformanceInformation.
Lockless updating counters suggestion by Thomas Faber.
2022-09-12 14:22:52 +02:00
Hervé Poussineau
b6d7571ebb [CMAKE] Set KDBG define only where required (fastfat, win32k, ntoskrnl) 2022-09-10 23:16:27 +02:00
Hervé Poussineau
9e19352492 [CMAKE] Set _WINKD_ define only where required (kernel and setuplib) 2022-09-10 23:16:26 +02:00
Kyle Katarn
7ed0284e8e
[NTOS:EX] Fix returned number of handles for Idle System Process (#4661)
PsIdleProcess and PsInitialSystemProcess share the same handle table. This
leads ObGetProcessHandleCount() to report the same number of handles
when called on those system processes, when being enumerated by
NtQuerySystemInformation(SystemProcessInformation).

Instead, just return 0 for the handle count of the Idle process in SystemProcessInformation.
This is not done in ObGetProcessHandleCount(), since a separate
NtQueryInformationProcess(ProcessHandleCount) for the idle process should return
a non-zero value.

CORE-16577
2022-09-03 22:56:33 +02:00
Serge Gautherie
730b13daac
[NTOS:MM] kdbg.c: Fix Argv[n] copypastas (#4634) 2022-08-27 15:58:54 +02:00
Timo Kreuzer
e9a129c1e2 [NTOS] Remove useless functions 2022-08-22 11:22:08 +02:00
Timo Kreuzer
620f9ee71a [NTOS] Add MxCsr handling to trap handlers 2022-08-22 11:22:08 +02:00
Timo Kreuzer
92c798c657 [NTOSKRNL] Implement KiXmmExceptionHandler 2022-08-22 11:22:08 +02:00
Timo Kreuzer
39f11249ff [NTOS][RTL] Initialize MxCsr where missing 2022-08-22 11:22:08 +02:00
George Bișoc
3b00f98b94
[NTOS:SE] Fix new dynamic length calculation in TokenPrimaryGroup case
Not only primary group assignation was broken but new dynamic length calculation is also broken. The length of the captured SID is not taken into account so the new dynamic length gets only the size of the default ACL present in an access token.
Therefore, the condition is always FALSE and the code never jumps to the STATUS_ALLOTTED_SPACE_EXCEEDED branch because the length will always be small than the charged dynamic length.

Addendum to 86bde3c.
2022-08-16 20:27:27 +02:00
George Bișoc
86bde3c76a
[NTOS:SE] Fix the primary group assignation in TokenPrimaryGroup class case
With current master, what happens is that when someone wants to assign a new primary group SID for an access token, it results in an instant page fault because the primary group variable doesn't get assigned the dynamic part's address.
So the primary group variable gets an address which is basically a representation of the ACL size, hence the said address is bogus and it's where the page fault kicks in.

CORE-18249
2022-08-16 13:05:44 +02:00
Timo Kreuzer
786017c5b6 [NTOS] Don't assert, when dispatching an exception to user mode fails
Instead continue with second chance handling.
2022-08-04 16:15:24 +02:00
Timo Kreuzer
b3a8f8611d [NTOS] Treat page faults with interrupts disabled as access violation 2022-08-04 16:15:24 +02:00
Timo Kreuzer
e45af60560 [NTOS:KE/X64] Enable interrupts when accessing user mode memory 2022-08-04 16:15:24 +02:00
Timo Kreuzer
902c6eee1e [NTOS:KE] Restore interrupts in KiSwitchKernelStack 2022-08-04 16:15:24 +02:00
Timo Kreuzer
ae39ad4d10 [NTOS] Add a hack for VBox 2022-08-04 16:15:24 +02:00
Timo Kreuzer
74014e74c0 [NTOS:KDBG] Improve x64 stack trace printing 2022-08-04 16:15:24 +02:00
Timo Kreuzer
fe777bb52f [NTOS:KDBG] Nuke KdbEnter and KdbpCliModuleLoaded
They are not used anymore. Also clean up some obsolete prototypes.
2022-07-20 23:57:42 +02:00
Timo Kreuzer
31a5fa61bb [NTOS:KDBG] Add KdbpPrintUnicodeString
Calling normal unicode functions is not allowed at IRQL > APC_LEVEL, so calling _vsnprintf with unicode parameters from KDBG is invalid.
2022-07-20 23:57:42 +02:00
Timo Kreuzer
253362509e [KDBG] Fix x64 KDBG 2022-07-20 23:57:42 +02:00
Timo Kreuzer
04fe666590 [NDK] Add missing x64 unwind definitions 2022-07-20 23:57:42 +02:00
Timo Kreuzer
45f75d5d32 [NTOS:KE/x64] Handle user faults in KiGeneralProtectionFaultHandler 2022-07-14 18:35:28 +02:00
George Bișoc
54a00aa8eb
[CMLIB][NTOS:CM] Deduplicate other common definitions between CMLIB and the NTOS CM
Addendum to commit 8c2454e (r70605). Credits and courtesy go to Hermès BÉLUSCA - MAÏTO.

CORE-10802 CORE-10793
2022-07-10 14:35:53 +02:00
Tuur Martens
10126e7710 [NTOS:MM] Fix VADs being inserted even though the quota would exceed
Since we were charging the pool quota after the VAD insertion,
if the quota charge failed, the VAD would still have been inserted.
This commit attempts to resolve this issue by charging quota
before inserting the VAD thus allowing the quota charge to fail early.

Addendum to 884356a0. CORE-18028
2022-07-06 18:48:32 +02:00
Timo Kreuzer
f606b36cff [NTOSKRNL] Fix a bug in MiDeleteVirtualAddresses
When a PDE gets empty, we skip the address to the next PDE boundary, which might introduce an AddressGap, which wasn't handled before.
2022-07-05 19:29:05 +02:00
George Bișoc
4471ee4dfa
[NTOS:SE] Properly handle dynamic counters in token
On current master, ReactOS faces these problems:

- ObCreateObject charges both paged and non paged pool a size of TOKEN structure, not the actual dynamic contents of WHAT IS inside a token. For paged pool charge the size is that of the dynamic area (primary group + default DACL if any). This is basically what DynamicCharged is for.
For the non paged pool charge, the actual charge is that of TOKEN structure upon creation. On duplication and filtering however, the paged pool charge size is that of the inherited dynamic charged space from an existing token whereas the non paged pool size is that of the calculated token body
length for the new duplicated/filtered token. On current master, we're literally cheating the kernel by charging the wrong amount of quota not taking into account the dynamic contents which they come from UM.

- Both DynamicCharged and DynamicAvailable are not fully handled (DynamicAvailable is pretty much poorly handled with some cases still to be taking into account). DynamicCharged is barely handled, like at all.

- As a result of these two points above, NtSetInformationToken doesn't check when the caller wants to set up a new default token DACL or primary group if the newly DACL or the said group exceeds the dynamic charged boundary. So what happens is that I'm going to act like a smug bastard fat politician and whack
the primary group and DACL of an token however I want to, because why in the hell not? In reality no, the kernel has to punish whoever attempts to do that, although we currently don't.

- The dynamic area (aka DynamicPart) only picks up the default DACL but not the primary group as well. Generally the dynamic part is composed of primary group and default DACL, if provided.

In addition to that, we aren't returning the dynamic charged and available area in token statistics. SepComputeAvailableDynamicSpace helper is here to accommodate that. Apparently Windows is calculating the dynamic available area rather than just querying the DynamicAvailable field directly from the token.
My theory regarding this is like the following: on Windows both TokenDefaultDacl and TokenPrimaryGroup classes are barely used by the system components during startup (LSASS provides both a DACL and primary group when calling NtCreateToken anyway). In fact DynamicAvailable is 0 during token creation, duplication and filtering when inspecting a token with WinDBG. So
if an application wants to query token statistics that application will face a dynamic available space of 0.
2022-06-29 10:06:37 +02:00
George Bișoc
5da5e644bb
[NTOS:OB] Include the security descriptor charge when charging the paged pool quota of an object
On ObpChargeQuotaForObject function, the kernel will either charge the default object type charges or the specified information charges obtained from ObCreateObject API call. What happens is that if a paged pool charge is specified on ObCreateObject call the kernel will charge that
but when an object is about to be de-allocated, the amount of quota to return back to the system is the amounting of the paged pool charge specified previously by the ObCreateObject call plus the amounting of the security descriptor charge (see oblife.c / line 98).

This will result in a fatal crash with a bugcheck of QUOTA_UNDERFLOW because we are returning quota with bits of it that was never charged and that's SecurityDescriptorCharge. A QUOTA_UNDERFLOW bugcheck occurs in two following scenarios:

-- When installing Virtualbox Guest Additions and prompting the installer to reboot the system for you
-- When logging off and on back to the system and then you restart the system normally

This bug has been discovered whilst working on #4555 PR.
2022-06-26 19:47:02 +02:00
Timo Kreuzer
8521f6d7b5 [RTL] Implement dynamic function tables for x64 2022-06-25 21:45:47 +02:00
George Bișoc
9d2de519b2
[NTOS:SE] NtQueryInformationToken: implement TokenGroupsAndPrivileges
TokenGroupsAndPrivileges is the younger sister of two TokenGroups and TokenPrivileges classes. In its purpose there's no huge substantial differences apart that this class comes with its own structure, TOKEN_GROUPS_AND_PRIVILEGES, and that this structure comes with extra information.
2022-06-19 17:22:04 +02:00
George Bișoc
8e0da736b7
[NTOS:SE] Fix MSVC build 2022-06-13 20:12:32 +02:00
George Bișoc
93381263a1
[NTOS:SE] Remove redundant ReturnLength NULL check
In NtQueryInformationToken function, remove the useless and redundant NULL check for two primary reasons. First, DefaultQueryInfoBufferCheck already does the necessary probing validation checks and second, ReturnLength must NEVER be NULL!
If the caller does not respect the calling rules of NtQueryInformationToken, the caller is expected to be miserably punished.
2022-06-13 19:28:12 +02:00
George Bișoc
5e1f292062
[NTOS:SE] NtQueryInformationToken: implement token sandbox inert querying 2022-06-13 18:17:10 +02:00
George Bișoc
d0d86ab588
[NTOSKRNL] Force a probe against ReturnLength on query & Misc ICIF stuff
NtQueryInformationToken is by far the only system call in NT where ReturnLength simply cannot be optional. On Windows this parameter is always probed and an argument to NULL directly leads to an access violation exception.
This is due to the fact of how tokens work, as its information contents (token user, owner, primary group, et al) are dynamic and can vary throughout over time in memory.

What happens on current ReactOS master however is that ReturnLength is only probed if the parameter is not NULL. On a NULL case scenario the probing checks succeed and NtQueryInformationToken fails later. For this, just get rid of CompleteProbing
parameter and opt in for a bit mask flag based approach, with ICIF_FORCE_RETURN_LENGTH_PROBE being set on DefaultQueryInfoBufferCheck which NtQueryInformationToken calls it to do sanity checks.

In addition to that...

- Document the ICIF probe helpers
- Annotate the ICIF prope helpers with SAL
- With the riddance of CompleteProbing and adoption of flags based approach, add ICIF_PROBE_READ_WRITE and ICIF_PROBE_READ flags alongside with ICIF_FORCE_RETURN_LENGTH_PROBE
2022-06-12 11:05:05 +02:00
Tuur Martens
d31642c712 [NTOS:MM] Fix memory leak in NtAllocateVirtualMemory
When an allocated VAD's insertion fails, the VAD is not freed. This commit attempts to fix this behaviour.
2022-06-04 22:44:27 +02:00
George Bișoc
9a2c62b544
[NTOS:SE] Reorganize the security manager component
The current state of Security manager's code is kind of a mess. Mainly, there's code scattered around places where they shouldn't belong and token implementation (token.c) is already of a bloat in itself as it is. The file has over 6k lines and it's subject to grow exponentially with improvements, features, whatever that is.

With that being said, the token implementation code in the kernel will be split accordingly and rest of the code moved to appropriate places. The new layout will look as follows (excluding the already existing files):

- client.c (Client security implementation code)
- objtype.c (Object type list implementation code -- more code related to object types will be put here when I'm going to implement object type access checks in the future)
- subject.c (Subject security context support)

The token implementation in the kernel will be split in 4 distinct files as shown:

- token.c (Base token support routines)
- tokenlif.c (Life management of a token object -- that is Duplication, Creation and Filtering)
- tokencls.c (Token Query/Set Information Classes support)
- tokenadj.c (Token privileges/groups adjusting support)

In addition to that, tidy up the internal header and reorganize it as well.
2022-05-29 20:22:19 +02:00
Tuur Martens
cc99b9d96e [NTOS:MM] Fix MiInsertSharedUserPageVad preventing boot on x64
Fix MiInsertSharedUserPageVad to not charge the system process pool quota.
Even though PsChargeProcessNonPagedPoolQuota itself checks if the process specified is the system process, this doesn't work here as we're too early into boot for the kernel to know what the system process is.
2022-05-29 13:28:27 +02:00
Victor Perevertkin
f155b9377f
[CMAKE] Elimitate the use of GCC and CLANG variables 2022-05-27 01:37:34 +03:00
George Bișoc
064a35dc67
[NTOS:KE] Fully implement FPU Save/Restore mechanism
This commit fully implements the inner logic of KeSaveFloatingPointState and KeRestoreFloatingPointState routines. On ReactOS we're currently simply doing a FNSAVE operation whereas on Windows it is a lot more than that.

On Windows Server 2003 the logic more or less goes like this. In order to save the FPU state the NPX state of the current thread has to be checked first, that is, if NPX is loaded and currently charged for the current thread then the system will acquire the NPX registers actively present. From that point it performs either a FNSAVE or FXSAVE
if FX is actually supported. Otherwise the control word and MXCsr registers are obtained.

FXSAVE/FNSAVE operation is done solely if the FX save area is held up in a pool allocation. Pool allocation occurs if it's been found out that the NPX IRQL of the thread is not the same as the current thread which from where it determines if the interrupt level is APC then allocate some pool memory and hold the save area there, otherwise
the save area in question is grabbed from the current processor control region. If NPX is not loaded for the current thread then the FPU state is obtained from the NPX frame.

In our case we'll be doing something way simpler. Only do a FXSAVE/FNSAVE directly of the FPU state registers, in this way we are simplifying the code and the actual logic of Save/Restore mechanism.
2022-05-24 18:39:45 +02:00
George Bișoc
c020966091
[NTOS:KE] Implement the internal FPU state context structure
This is needed to store FPU state information when saving or restoring the floating point state of a system due to a call to KeSaveFloatingPointState or KeRestoreFloatingPointState.
2022-05-24 18:39:45 +02:00
George Bișoc
d88cd0eefc
[NTOS:KE] Move related FPU instrunctions to internal intrinsic file 2022-05-24 18:39:45 +02:00
George Bișoc
657bc083dc
[NTOSKRNL] Add FPU pool tags 2022-05-24 18:39:45 +02:00
Victor Perevertkin
505ac6565a
[NTOS:PNP] Misc IoInvalidateDeviceState fixes
- Add a check for correct PDO before doing anything
- Process the request only for started devices
- Send the request synchronously during the start sequence

This makes Windows' i8042prt.sys work on ReactOS.
Addendum to cf0bc1c132
2022-05-24 05:04:11 +03:00
Hermès Bélusca-Maïto
985468d08a
[NTOS:SE] Replace a bunch of RtlCopyLuid() calls into direct assignations (#4523)
Nowadays' compilers support such direct structure assignations,
and our existing codebase already uses that in other places.
2022-05-23 19:30:37 +02:00
Hermès Bélusca-Maïto
487d8601f9
[NTOS:SE] SepPerformTokenFiltering(): Fix corruption of DynamicPart (#4523)
The problem is that EndMem is changed to point to the DynamicPart of
the token, but the code after that expects it to still point into the
VariablePart instead.

Problem fixed by moving the insertion of RestrictedSids much sooner
(where the original ones are also being copied).
2022-05-23 19:30:36 +02:00
Hermès Bélusca-Maïto
9676188543
[NTOS:SE] NtAdjustGroupsToken(): Avoid double-free on ObReferenceObjectByHandle failure path (#4523) 2022-05-23 19:30:36 +02:00
Hermès Bélusca-Maïto
3370652dfc
[NTOS:SE] Fix locking in SepDuplicateToken() and SepPerformTokenFiltering() (#4523)
Shared locking must be used on the source token as it is accessed for
reading only. This fixes in particular the kmtest SeTokenFiltering that
would hang otherwise on a (wrong) exclusive locking.

- SepPerformTokenFiltering(): Always shared-lock the source token.
  Its callers (NtFilterToken and SeFilterToken) just need to sanitize and
  put the parameters in correct form before calling this helper function.

- Sync comments in NtFilterToken() with SeFilterToken().
2022-05-23 19:30:35 +02:00
Hermès Bélusca-Maïto
b33911b93d
[NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523)
This function is either called inter-kernel (in which case, all
parameters must be valid, and if not, we have to bugcheck), or, it
is called with **captured** parameters (from NtFilterToken) and those
latter ones are now expected to be valid and reside in kernel-mode.
Finally, data copied between token structures reside in kernel-mode
only and again are expected to be valid (if not, we bugcheck).
2022-05-23 19:30:34 +02:00
Hermès Bélusca-Maïto
389a2da7ff
[NTOS:SE] SepCaptureAcl(): Add missing validation of the captured ACL (#4523)
- The ACL is however not validated when the function is called within
  kernel mode and no capture is actually being done.

- Simplify aspects of the function (returning early when possible).
2022-05-23 19:30:34 +02:00
Hermès Bélusca-Maïto
a0bcf90f35
[NTOS:SE] SeValidSecurityDescriptor(): Add missing validation aspects (#4523)
- Add extra bounds checks.
- Add missing RtlValidAcl() calls for verifying the DACL and SACL.
2022-05-23 19:30:33 +02:00
Tuur Martens
4f8bbd141e [NTOS:MM] Fix memory leak in MiMapViewOfDataSection
If inserting the allocated VAD fails, MiMapViewOfDataSection will make no attempt to free the allocated VAD. Nor will it call MiDereferenceControlArea(ControlArea); like other failure return paths. This commit fixes this behavior.
Co-authored-by: Hermès BÉLUSCA - MAÏTO <hermes.belusca-maito@reactos.org>
2022-05-18 12:31:31 +02:00
Tuur Martens
884356a06e [NTOS:MM] Charge and free quotas for VAD allocations
Charge quotas for VAD allocations and free the quotas again when the VADs are freed.

CORE-18028
2022-05-14 15:09:50 +02:00
Marcus Boillat
fa52f2fae0
[NTOS:KE] Fix CPU extended family and model detection
Based on documentation from Geoff Chappell:
https://www.geoffchappell.com/studies/windows/km/cpu/cpuid/00000001h/eax.htm

CORE-17974
2022-05-09 21:50:24 +03:00
Marcus Boillat
00b3e4bc68
[NTOS:KE] Use bitfield structure for x86 CPU signature in EAX register
This makes code a lot more readable. CORE-17974
2022-05-09 21:50:24 +03:00
Stanislav Motylkov
cc82bc14e2
[NTOS:KE] Move KiGet/SetProcessorType function below KiGetCpuVendor
CORE-17974
2022-05-09 21:50:19 +03:00
George Bișoc
9f8fbe14f5
[NTOS:OB] Specify the query security descriptor tag when freeing the allocation
We are allocating blocks of pool memory for a security descriptor with its own specific tag, TAG_SEC_QUERY, so just use it when freeing when releasing the descriptor as well (aka freeing the said pool).
2022-05-08 19:16:34 +02:00
Hermès Bélusca-Maïto
b414e1e4d7
[NTOS] Don't define _IN_KERNEL_ globally for the kernel, but just where it's needed: when including regstr.h. 2022-05-07 18:38:35 +02:00
Hermès Bélusca-Maïto
9ea2b803c8
[NDK][HAL][NTOS] Add missing PRCB_MINOR_VERSION / PRCB_MAJOR_VERSION and use them. 2022-05-07 18:14:38 +02:00
Hermès Bélusca-Maïto
cfbb734799
[NTOS] Remove ROS-specific __NTOSKRNL__
See https://reactos.org/archives/public/ros-kernel/2004-June/003878.html
> In the source files one set of headers is included if
__NTDLL__ is defines and onother set if __NTOSKRNL__ is defines (dirty
workaround for our messy headers).
2022-05-07 17:53:51 +02:00
George Bișoc
55c117c4c9
[NTOS:SE] Deny access to the caller if access is not allowed by the object
There are two fundamental problems when it comes to access checks in ReactOS. First, the internal function SepAccessCheck which is the heart and brain of the whole access checks logic of the kernel warrants access to the calling thread of a process to an object even though access could not be given.

This can potentially leave security issues as we literally leave objects to be touched indiscriminately by anyone regardless of their ACEs in the DACL of a security descriptor. Second, the current access check code doesn't take into account the fact that an access token can have restricted SIDs. In such scenario we must perform additional access checks by iterating over the restricted SIDs of the primary token by comparing the SID equality and see if the group can be granted certain rights based on the ACE policy that represents the same SID.

Part of SepAccessCheck's code logic will be split for a separate private kernel routine, SepAnalyzeAcesFromDacl. The reasons for this are primarily two -- such code is subject to grow eventually as we'll support different type ACEs and handle them accordingly -- and we avoid further code duplicates. On Windows Server 2003 there are 5 different type of ACEs that are supported for access checks:

- ACCESS_DENIED_ACE_TYPE (supported by ReactOS)
- ACCESS_ALLOWED_ACE_TYPE (supported by ReactOS)
- ACCESS_DENIED_OBJECT_ACE_TYPE
- ACCESS_ALLOWED_OBJECT_ACE_TYPE
- ACCESS_ALLOWED_COMPOUND_ACE_TYPE

This gives the opportunity for us to have a semi serious kernel where security of objects are are taken into account, rather than giving access to everyone.

CORE-9174
CORE-9175
CORE-9184
CORE-14520
2022-05-06 10:09:53 +02:00
George Bișoc
f48191b4b5
[NTOS:SE] Enable support for principal and restricted SIDs
SepSidInTokenEx function already provides the necessary mechanism to handle scenario where a token has restricted SIDs or a principal SID is given to the call. There's no reason to have these redundant ASSERTs anymore.

In addition to that make sure if the SID is not a restricted and if that SID is the first element on the array and it's enabled, this is the primary user.
2022-05-06 10:09:53 +02:00
George Bișoc
bac67a65f2
[NTOS:SE] Implement SepGetSidFromAce
This function will be used to retrieve a security identifier from a valid access control entry in the kernel. Mostly and exclusively used within access checks related code and such.
2022-05-06 10:09:53 +02:00
George Bișoc
c93bf84747
[NTOS:SE] Add SepGetSidFromAce prototype & Niscellaneous Stuff 2022-05-06 10:09:52 +02:00
George Bișoc
9101a5dc6d
[NTOSKRNL] Add security access check rights pool tag 2022-05-06 10:09:52 +02:00
Katayama Hirofumi MZ
55065d3b51
[NTOS:PNP] Fix GCC build (ignoring return value) (#4473)
[NTOS:PNP] Fix GCC build (ignoring return value)

Properly handle RtlDuplicateUnicodeString return status. Addendum to de316477. Thanks to @HBelusca and @Doug-Lyons.
2022-04-28 22:16:37 +09:00
Eric Kohl
de316477b9 [NTOS:PNP] IopInitializeDevice: Create a device, allocate a device node and attach it to the root node 2022-04-27 21:52:21 +02:00
Victor Perevertkin
cf0bc1c132
[NTOS:PNP] Halfplement IoInvalidateDeviceState
Implement the correct start-stop sequence for resource rebalancing
without the actual rebalancing. Also move IoInvalidateDeviceState
processing into the enumeration thread as it should be.

CORE-17519
2022-04-27 02:42:20 +03:00
Eric Kohl
969f950bf3 [NTOS:PNP] Add a stub for NtPlugPlayControl:PlugPlayControlInitializeDevice 2022-04-24 10:02:17 +02:00
George Bișoc
11d9c88c35
[NTOS:SE] Add token debug code
Implement initial token debug code. For now debug information that is being tracked are: process image file name, process and thread client IDs and token creation method. More specific debug code can be added later only if needed.

As for the token creation method, this follows the same principle as on Windows where the creation method is defined by a value denoting the first letter of the said method of creation. That is, 0xC is for token creation, 0xD is for token duplication and 0xF is for token filtering. The debug field names are taken from Windows PDB symbols for WinDBG debug extension support purposes. The names must not be changed!
2022-04-19 11:04:59 +02:00
Hermès Bélusca-Maïto
6ff0232368
[NTOS:CM] Adapt cmboot.c for usage in NT/ReactOS bootloader.
- Add a new cmboot.h header to isolate the boot-support definitions
  shared with the NT/ReactOS bootloader.

- Move CmpFreeDriverList() to cmboot.c so that we can use it for
  cleanup paths in the NT/ReactOS bootloader.

- CmpFindControlSet(): Directly build the control set name in UNICODE,
  instead of doing an ANSI->UNICODE conversion.

- Directly assign the CurrentControlSet\Services constant string,
  instead of going the route of init-empty-string + append-string.
  This is possible since that string is not modified later.

- Remove ASSERT(FALSE), replacing them with correct failure handling.

- Add cleanup paths in CmpAddDriverToList().

- Simplify and fix CmpFreeDriverList(): it's the full DriverNode
  that needs to be freed; not the LIST_ENTRY pointer.

- Add other validity checks:
  * Registry value types and data sizes;
  * For multi-strings, verify that they are NULL-terminated.
  * For (multi-)strings, check whether they are NULL-terminated before
    optionally removing their trailing NULL character from the count.
    Check also whether they are of zero-length and take appropriate
    action where necessary.

- Add CmpIsDriverInList() for future usage in CMBOOT compiled in
  bootloader mode.

- Add SAL annotations and Doxygen documentation.

- Add debug traces.

- Formatting / code style fixes.

** TODO: Fix SafeBoot support **
2022-04-16 18:37:45 +02:00
Thomas Faber
7d1a497619
[NTOS:EX] Only set WakeTimer-related status if timer handle is valid. CORE-18133
Since STATUS_TIMER_RESUME_IGNORED is a success status, we would
otherwise go into the success case with a NULL Timer object pointer.
2022-04-03 20:13:09 -04:00
Oleg Dubinskiy
7309801e5a [NTOS:IO] IoRegisterDeviceInterface: create non-volatile keys for new device interfaces
Always create only non-volatile (sub)keys when registering a new device interface, so then they are saved after reboot.
On Windows, nearly all device interface keys are non-volatile, except the "Control" subkey, which is managed by IoSetDeviceInterfaceState instead.
In particular, it fixes MS sysaudio loading failure with MS audio drivers replacement (ks, portcls, swenum, sysaudio, wdmaud). My IoGetDeviceInterfaceAlias implementation is also required to be applied. MS sysaudio implementation(s) except that those keys are non-volatile (but we're creating them volatile instead), and trying to create a subkey(s) there (via other IoDeviceInterface* routines), to read/write some needed data. But then they fail to do that with STATUS_CHILD_MUST_BE_VOLATILE (0xc0000181), obviously because our keys are volatile.
The volatile keys can never have non-volatile subkeys.
CORE-17361
2022-03-28 08:13:05 +02:00
Hermès Bélusca-Maïto
ce641de1e0
[NTOS:CONFIG] Add missing HvGetCell casts. Addendum to a4cad7be6. 2022-03-27 19:38:53 +02:00
Hermès Bélusca-Maïto
a4cad7be6b
[SDK:CMLIB][MKHIVE][BOOT:ENVIRON][NTOS:CONFIG] Add missing HvGetCell casts. Replace some ASSERT(FALSE). 2022-03-27 18:37:16 +02:00
Hermès Bélusca-Maïto
f7e8214b55
[NTOS:INBV] Code refactoring: Move all the boot animation-specific code out of inbv.c and into the new bootanim.c file.
- inbv.c now only contains the Inbv-specific API and nothing else.

- It will make easier for people to write their own boot themes & animations,
  by just copying/adapting the bootanim.c file (and the resources).

- Add SAL annotations.

- All INBV progress bar functions (except for InbvIndicateProgress())
  should not be INIT-only functions, since they can be (not yet in ROS)
  used at later times -- namely, for feedback during hibernation.
2022-02-13 21:29:14 +01:00
Hermès Bélusca-Maïto
8fd64d636d
Restore the original inbv.c 2022-02-13 21:18:51 +01:00
Hermès Bélusca-Maïto
93c5e2b7c0
[NTOS:INBV] Duplicate inbv.c to bootanim.c -- the Git way >_>
This will preserve the history in the copied file.
2022-02-13 21:18:22 +01:00
Hermès Bélusca-Maïto
e17f7d6994
[NTOS:INBV] Add documentation to the progress-bar helpers. And fix a bug in them.
In particular, the progress percentage specified to InbvUpdateProgressBar(),
or the progress feedback made with InbvIndicateProgress() calls, is
**relative** to the progress sub-range specified with a previous call to
InbvSetProgressBarSubset() (by default, the range is 0...100%).

This functionality is used e.g. when the number of progress steps is
unknown prior, for example when loading drivers: in this case progress
is made within a given percentage range.

This bug has always been with us since 2010.
2022-02-13 21:16:52 +01:00
George Bișoc
1b06522638
[NTOS:SE] Assign the captured SID and/or privileges to NULL manually on token filtering
This reverts 8479509 commit which pretty much does nothing at all (the captured pointer is NULL within the stack of the function has no effect outside of the function). My mistake, sorry.
2022-02-10 09:51:58 +01:00
George Bișoc
8479509a7b
[NTOS:SE] Assign the captured privilege or SID as NULL when releasing
Whenever a captured security property such as privilege or SID is released, we must not have such captured property point at random address in memory but rather we must assign it as NULL after it's been freed from pool memory. This avoids potential double-after-free situations where we might release a buffer twice.
This is exactly the case with token filtering.
2022-02-09 10:29:56 +01:00
Hermès Bélusca-Maïto
20e23bbfcd
[NTOS:EX] ExpGet/SetCurrentUserUILanguage() take pointer to const string. Add an implementation note to NtQueryDefaultUILanguage(). 2022-02-08 15:56:39 +01:00
Hermès Bélusca-Maïto
0540c20167
[NTOS:EX][SDK:REACTOS] Fix capitalization of "LangId" in the ProbeFor*** functions. 2022-02-08 15:56:34 +01:00
George Bișoc
8bd980e483
[NTOS:CC] Unintialize private cache maps before purging the cache section
Before purging the data cache of a certain section of a file from system cache, we have to unintialize the private cache maps of that section if a filesystem or any other component prompts the kernel to do so.
2022-02-02 17:45:59 +01:00
Victor Perevertkin
99a6667bd9
[NTOS:KE] Remove all checks for x87 not being present 2022-01-25 02:12:33 +03:00
Victor Perevertkin
1aca6937ff
[NTOS:KE] Add a check for unsupported CPU features on i586
Currently, these features are vital for the kernel:
- CPUID instruction
- CMPXCHG8B instruction
- TSC aka Time Stamp Counter

All of that have to be present on i586
2022-01-25 02:12:33 +03:00
Victor Perevertkin
705e07ce31
[NTOS:KE] Move CPU features detection to a separate function on i586 2022-01-25 02:12:26 +03:00
Thomas Faber
8d701598fb
[NTOS:MM] Implement partial virtual region releases. CORE-17938
Fixes boot with MS videoprt.sys (and some apitests).
2022-01-22 15:07:06 -05:00
George Bișoc
be56aff102
[NTOS:PS] Use quota types on process quota querying
Quota limits on a block are enumerated on a per quota type basis thus we should use the values from PS_QUOTA_TYPE enumeration, not from POOL_TYPE.
2022-01-11 11:21:15 +01:00
George Bișoc
0c07eac5b4
[NTOS:OB] Charge/Return pool quotas of objects
As it currently stands the Object Manager doesn't charge any quotas when objects are created, nor it returns quotas when objects are de-allocated and freed from the objects namespace database. This alone can bring inconsistencies in the kernel as we simply don't know what is the amount charged in an object and thus we aren't keeping track of quotas flow.

Now with both PsReturnSharedPoolQuota and PsChargeSharedPoolQuota implemented, the Object Manager can now track the said flow of quotas every time an object is created or de-allocated, thus enforcing consistency with the use of quota resources.
2022-01-11 10:11:10 +01:00
George Bișoc
ee697cfeef
[NTOS:PS] Dereference the quota block during process cleanup
Ensure that when we're cleaning up the EPROCESS object, that we are dereferencing the quota block the process in question was using. The routine will automatically request a quota block cleanup if the process that dereferenced the quota block was the last.
2022-01-11 10:11:10 +01:00
George Bișoc
b22eefac88
[NTOS:PS] Process Quota Overhaul
-- Rewrite PspChargeProcessQuotaSpecifiedPool and PspReturnProcessQuotaSpecifiedPool private kernel routines, with the goal to implement the algorithms necessary to manage the fields of quota blocks (Usage, Return, Limit and Peak).
-- Invoke the Mm if quota limit raising or returning has to be done
-- When destroying a quota block, make sure that we're giving back all the rest of non-returned quotas to Memory Mm
-- Crash the system with QUOTA_UNDERFLOW if someone is returning way too much quota than it was previously charged
-- When a process exits, ensure that it doesn't hold up any charged quotas in QuotaUsage field of the process object, that way we're enforcing proper kernel consistency
-- Implement PsChargeSharedPoolQuota and PsChargeProcessPageFileQuota functions, used exclusively by the Object Manager. These routines are used to charge or return amount of quotas of a newly created object.
-- On PspInheritQuota, when assigning to process the default quota block if no parent process is given, we must increment the reference counts as we're using it
-- Handle the ProcessCount reference field, as it wasn't used
-- Annotate the functions with SAL
-- Document the code

=== REMARKS ===
Windows LogOn (Winlogon) is responsible for setting up a different quota block for all the processes within an interactive session, which is what we don't do. What we're currently doing instead is we're using the default block, PspDefaultQuotaBlock, for all the processes
across the system. The default block contains the default limits of -1 (which would imply no limits). By definition, the kernel won't ever return STATUS_QUOTA_EXCEEDED as we literally don't set up a definite limit for regular processes. This situation has to be tackled
in the future.

=== TODO FOR FUTURE ===
Most of the code in PspChargeProcessQuotaSpecifiedPool and PspReturnProcessQuotaSpecifiedPool private routines must be refactored in order to reduce the usage of the quota spin lock, possibly wrapping such code in a loop and whatnot.

CORE-17784
2022-01-11 10:11:09 +01:00
George Bișoc
1649a89cfa
[NTOS:MM] Implement Raise/Return pool quota functions
This implements both MmRaisePoolQuota and MmReturnPoolQuota functions, which serve exclusively for quota pool management. The process manager communicates with the memory manager in a call of need to charge or return pool quota limits.
2022-01-11 10:11:09 +01:00
George Bișoc
32e9710fd1
[NTOS:OB] Add a system process quota block macro
OBP_SYSTEM_PROCESS_QUOTA is a macro that'll be used as a way to assign a dummy quota block to system processes, as we mustn't do anything to those in case the Object Manager is charging or returning pool quotas.
2022-01-11 10:11:09 +01:00
George Bișoc
c9755651cd
[NTOS:PS] Declare some prototypes and annotate the quota functions with SAL
Declare PsReturnSharedPoolQuota and PsChargeSharedPoolQuota prototypes and annotate the functions. Furthermore, add two definitions related to quota pool limits threshold -- PSP_NON_PAGED_POOL_QUOTA_THRESHOLD and PSP_PAGED_POOL_QUOTA_THRESHOLD. For further details, see the commit description of "[NTOS:MM] Add the pool quota prototypes and some definitions".
2022-01-11 10:11:09 +01:00
George Bișoc
13cbc7fbf9
[NTOS:MM] Add the pool quota prototypes and some definitions
Declare the MmRaisePoolQuota and MmReturnPoolQuota prototypes in the header and add some definitions related to pool quotas, namely MmTotalNonPagedPoolQuota and MmTotalPagedPoolQuota. These variables are used internally by the kernel as sort of "containers" (for the lack of a better term)
which uphold the amount of quotas that the Process Manager is requesting the Memory Manager to raise or return the pool quota limit. In addition to that, add some definitions needed for both of these functions.

The definitions, MI_CHARGE_PAGED_POOL_QUOTA and MI_CHARGE_NON_PAGED_POOL_QUOTA respectively, bear some interesting aspect. Seemingly the 0x80000 and 0x10000 values (that would denote to 524288 and 65536 specifically) are used as quota "limits" or in other words, thresholds that the kernel
uses. So for example if one would want to raise the quota limit charge, MmRaisePoolQuota will raise it so based on this formula -- NewMaxQuota = CurrentQuota + LIMIT_VALUE. LIMIT_VALUE can be either MI_CHARGE_PAGED_POOL_QUOTA or MI_CHARGE_NON_PAGED_POOL_QUOTA, depending a per quota pool basis.

What's more interesting is that these values are pervasive in Process Manager even. This is when quotas are to be returned back and trim the limit of the quota block if needed, the kernel would either take the amount provided by the caller of quotas to return or the threshold (paged or not paged)
if the amount to return exceeds the said threshold in question.
2022-01-11 10:11:08 +01:00
George Bișoc
abe89d7cde
[NTOS:FSRTL] Assign the buffer length to ThisBufferLength field
This fixes an issue where ReactOS would assert on QuotaUsage == 0 as the process was still taking up quotas during a quota block de-reference with root cause of ThisBufferLength member field being 0 which made process quota charging/returning flow unbalanced.
In addition to that, on FsRtlCancelNotify routine API all we must ensure that if PsChargePoolQuota or ExAllocatePoolWithTag function fails we have to handle the raised exceptions accordingly and return the charged quota back (if we actually charged quotas that is). With said, wrap that part of code with SEH.

=== DOCUMENTATION REMARKS ===
The cause of the assert is due to the fact ThisBufferLength was being handled wrongly ever since, until this commit. When FsRtl of the Executive has to filter reported changes (with logic algorithm implemented in FsRtlNotifyFilterReportChange function), the said function will charge the quota of a given process
with an amount that is represented as the buffer length whose size is expressed in bytes. This length buffer is preserved in a local variable called NumberOfBytes, which is initialized from BufferLength member field of notification structure or from the length from stack parameters pointed from an IRP.

As it currently stands, the code is implemented in such a way that FsRtlNotifyFilterReportChange will charge quotas to a process but it doesn't assign the buffer length to ThisBufferLength. On the first glimpse ThisBufferLength and BufferLength are very similar members that serve exact same purpose but in reality there's a subtle distinction between the two.

BufferLength is a member whose length size is given by FSDs (filesystem drivers) during a notification dispatching. Whenever FsRtl receives the notification structure packed with data from the filesystem, the length pointed by BufferLength gets passed to ThisBufferLength and from now on the kernel has to use this member for the whole time of its task to accomplish
whatever request it's been given by the filesystem. In other words, BufferLength is strictly used only to pass length size data to the kernel by initializing ThisBufferLength based on that length and unequivocally the kernel uses this member field. What we're doing is that ThisBufferLength never receives the length from BufferLength therefore whenever FsRtl component
has to return quotas back it'll return an amount of 0 (which means no amount to return) and that's a bug in the kernel.
2022-01-11 10:11:08 +01:00
George Bișoc
71a4921f8a
[NTOS:EX] Manage quotas when allocating or freeing pool tables
This fixes an assertion where QuotaUsage == 0 is actually not 0 when a process is about to be destroyed.
2022-01-11 10:11:08 +01:00
George Bișoc
47cb3c20a3
[NTOSKRNL] Implement InterlockedExchangeSizeT macro 2022-01-11 10:10:56 +01:00
Vadim Galyant
fec440d8b8
[SDK:DDK][NTOS:PNP] Implement PnP arbiters initialization 2022-01-10 06:35:45 +03:00
Stanislav Motylkov
77fd33c99c
[NTOS:CM] Refactor full CPU identifier values
Dedicated to Victor Perevertkin.
2022-01-05 18:28:40 +03:00
Stanislav Motylkov
84cc81ee29
[NTOS:KE/x64] Detect CPU vendor properly and store value in PRCB
Also generate processor identifier properly based on this value
on the Configuration Manager machine-dependent initialization.

Update processor driver INF file accordingly.

CORE-17970 CORE-14922
2022-01-05 18:28:40 +03:00
Thomas Faber
a4b2c80853
[NTOS:KE] Fix buffer overflow when displaying x64 bug checks 2022-01-03 13:25:09 -05:00
Hermès Bélusca-Maïto
10a976e78f
🎊 🍾 🥳 Happy New Year 2022 to the ReactOS Community! 🎆 ⚛️ ☢️
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:
 __,  ,__)            __,  ,__)       __, ,__)        ░▄████▄░▄███▄░▄████▄░▄████▄░
(--|__| _ ,_ ,_      (--|\ | _       (--\ | _  _ ,_   ░▀▀░▄██░██░██░▀▀░▄██░▀▀░▄██░
  _|  |(_||_)|_)(_|    _| \|(/_(_|_)     \|(/_(_||    ░░▄██▀░░██░██░░▄██▀░░░▄██▀░░
 (        |  |  ,_|   (                (__|           ░██████░▀███▀░██████░██████░
.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:
2022-01-01 00:00:00 +01:00
Stanislav Motylkov
f18fb7da09
[NTOS:MM] Unrefernece some dereferences 2021-12-30 01:54:09 +03:00
Victor Perevertkin
fd9436d768
[NTOS:PNP] Remove excessive error messages 2021-12-28 04:23:51 +03:00
George Bișoc
3bc2d590a1
[NTOSKRNL] Regroup the pool allocation tags in one dedicated place
We have a special file, tag.h, which serves as a place to store whatever kernel pool allocation tag yet we still have some tags sparse over the kernel code... So just re-group them in one unique place.
2021-12-27 18:57:03 +01:00
Hervé Poussineau
0358fcf9e4 [NTOS:PNP] Let pnproot only report already detected devices
Ignore devices which have DeviceReported=1 in instance key
and not DeviceReported=1 in Control key.

CORE-17874
2021-12-16 16:14:21 +01:00
Hervé Poussineau
d380e9777c [NTOS:PNP] Set DeviceReported=1 in Instance key and Control key of legacy devices at report time
CORE-17874
2021-12-16 16:14:21 +01:00
Eric Kohl
990ba54537 [NTOS:LPC] NtReplyWaitReceivePortEx returns the correct TotalLength for connect messages
This fixes the NtAcceptConnectPort apitest.
2021-11-24 18:59:16 +01:00
Eric Kohl
07e19a5e09 [NTOS:IO] Fail, if io completion port and an apc routine are used at the same time
Add checks to NtNotifyChangeDirectoryFile, NtLockFile, NtReadFile and NtWriteFile.
This fixes two ntdll tests.
2021-11-24 13:34:26 +01:00
Thomas Faber
88e3ef5fa0
[NTOS:SE] Don't assert on levels that don't allow impersonation. 2021-11-21 17:19:03 -05:00
Eric Kohl
3e5dcf7937 [NTOS:EX] Fix version specific return value for NtSetSystemInformation:SystemFlagsInformation 2021-11-21 21:42:04 +01:00
Thomas Faber
d84022d7fd
[NTOS:SE] Fix always-true assert in SeTokenCanImpersonate.
Courtesy of VS analysis warning C6289:
Incorrect operator:  mutual exclusion over || is always a non-zero constant.  Did you intend to use && instead?
2021-11-21 12:57:50 -05:00
Thomas Faber
0af3689c2e
[REACTOS] Fix traces with missing arguments.
Courtesy of VS Code Analysis warning C6064:
Missing integer argument to 'DbgPrint' that corresponds to conversion specifier 'N'.
2021-11-21 12:57:35 -05:00
Thomas Faber
a7b2703479
[NTOS] Fix broken SAL annotations on MmDereferenceSegmentWithLock. 2021-11-21 12:47:46 -05:00
Thomas Faber
2e76fb9fe1
[NTOS:IO] Use a guarded region in IopQueueIrpToThread.
We're protecting against IopCompleteRequest, which is a special
kernel APC. So this is a little bit faster than raising the IRQL.
2021-11-20 14:58:51 -05:00
Hermès Bélusca-Maïto
712f469671
[NTOS:EX] Clarify the situation with the SystemPathInformation class. (#4065)
Since NT 3.51, this information class is trivially implemented.
The path to the NT directory is now stored in KUSER_SHARED_DATA
as the NtSystemRoot member.
Windows Checked builds show the following message and break to
the debugger before failing the function as not implemented:

EX: SystemPathInformation now available via SharedUserData

See https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/query.htm
and https://www.geoffchappell.com/studies/windows/km/ntoskrnl/inc/api/ntexapi_x/kuser_shared_data/index.htm
for more information.
2021-11-18 22:37:54 +01:00
Hermès Bélusca-Maïto
1200561fcc
[NTOS:EX] NtQuerySystemInformation: Use same parameter names as documentation. FStatus --> Status. (#4064) 2021-11-18 22:36:07 +01:00
Hermès Bélusca-Maïto
d484a68ccb
[NDK][NTOS:EX] Add/fix SAL annotations for Nt/ZwSetSystemInformation + last parameter type. (#4064) 2021-11-18 22:36:07 +01:00
Hermès Bélusca-Maïto
7692a620e7
[NDK][NTOS:EX] Minor formatting. 2021-11-18 22:36:06 +01:00
George Bișoc
f909e8762d
[NTOS:SE] Validate the SID lengths when capturing them
SIDs are variadic by nature which means their lengths can vary in a given amount of time and certain factors that allow for this happen. This also especially can lead to issues when capturing SIDs and attributes because SeCaptureSidAndAttributesArray might end up overwriting the buffer during the time it's been called.

Therefore when we're copying the SIDs, validate their lengths. In addition to that, update the documentation header accordingly and add some debug prints in code.
2021-11-16 10:55:44 +01:00
Thomas Faber
e8b79e89eb
[NTOS:PS] Fix copypasta in NtQueryInformationJobObject. CID 1441354 2021-11-13 21:23:40 -05:00
Thomas Faber
34f2b7830d
[NTOS:IO] Correctly deal with exceptions when handling FileFsDriverPathInformation. CID 1476847 2021-11-13 21:23:39 -05:00
Thomas Faber
a74ff5be17
[NTOS:IO] Don't call IopCompleteRequest with uninitialized context values. CID 716761
NormalContext and NormalRoutine are just for good measure, but
SystemArgument2 is actually used by the function.
And yes, this appears to be a bug in Win 2003.
2021-11-13 21:23:39 -05:00
Thomas Faber
8254585be5
[NTOS:EX] Assert some AcquireResource return values. CID 1321882 2021-11-13 21:23:39 -05:00
Thomas Faber
aa9a098196
[NTOS:EX] Correctly handle OOM in NtFindAtom. CID 1237072 2021-11-13 21:23:36 -05:00
George Bișoc
53db5377e2
[NTOS:SE] Implement token filtering
This implements the support of token filtering within the kernel, where the kernel can create restricted tokens of regular ones on demand by the caller. The implementation can be accessed thorough a NT syscall, NtFilterToken, and a kernel mode routine, SeFilterToken.
2021-11-07 14:14:18 +01:00
George Bișoc
05d52aba2b
[NTOS:SE] Partially revert 0129de2
The continue statements do not server any useful purpose in these loops so they're basically pointless. These have been introduced by mistake so my bad.
2021-11-05 10:13:45 +01:00
Serge Gautherie
8110a66b08 [NTOS:MM] MI_IS_*(): Improve documentation
Intel 64 and IA-32 Architectures Software Developer’s Manual
version 075 (June 2021)
2021-11-04 23:20:21 +03:00
Serge Gautherie
94b8095ba2 [NTOS:KE] KiTrap0EHandler(): Use MI_IS_WRITE_ACCESS() 2021-11-04 23:20:21 +03:00
George Bișoc
0129de218b
[NTOS:SE] Mark the token as no longer belonging to admin group upon effective duplication
A scenario where it happens that an access token belongs to an administrators group but it's disabled (that is, SeAliasAdminsSid has no attributes or it doesn't have SE_GROUP_ENABLED turn ON), the function removes this group from the token but still has TOKEN_HAS_ADMIN_GROUP flag which can lead to erratic behavior across the kernel and security modules -- implying that the token still belongs to administrators group.

This is an oversight from my part.
2021-11-04 09:30:00 +01:00
Hervé Poussineau
22d1e7a4e4 [NTOS:IO] Create non volatile registry keys for root devices (as for other devices) 2021-11-01 18:16:25 +01:00
Hervé Poussineau
9967d9aa4c [NTOS:IO] Do not crash when calling IopLegacyResourceAllocation with NULL ResourceRequirements 2021-11-01 18:16:25 +01:00
George Bișoc
fdb4205061
[NTOS:SE] Minor cleanup on SepDuplicateToken
The current code that searches for the primary group of token upon duplication is OK as is, remove whatever rest that's no longer needed.
2021-10-23 17:55:12 +02:00
Hervé Poussineau
46fbc6f432 [NTOS:PNP] Fix crash when removing a device without resources
This fixes commit 89fd2b86e4
2021-10-18 22:23:49 +02:00
Hervé Poussineau
89fd2b86e4 [NTOS:PNP] HACK: release resources when device is removed
CORE-17789
2021-10-14 23:39:31 +02:00
Hervé Poussineau
49358f3416 [NTOS:PNP] Fix resource conflict detection
Only resources of HAL were checked against conflicts, not those of PnP Manager

Let IoReportResourceForDetection() make a silent conflict check.
Otherwise IopCheckResourceDescriptor() will always return 'no conflict'.

CORE-17789
2021-10-14 23:39:31 +02:00
Hervé Poussineau
a86c3794a6 [NTOS:IO] Remove final NULL char of PDO name before writing to registry
Otherwise, if a PDO has no name (bad!), you'll see two "(Default)" entries
in HKLM\HARDWARE\RESOURCEMAP\PnP Manager\PnpManager
2021-10-14 23:39:30 +02:00
Victor Perevertkin
43f1d91687
[NTOS:PNP] Fix resource conflict detection
Previous code did not detect equal resource ranges as conflicting.
Thanks Hervé Poussineau for pointing this out!

Meanwhile, simplify the code to make it more readable.
2021-10-13 00:00:25 +03:00
Rafał Mikrut
54d5ad7533
[NTOS:KE] Fix copy paste bug in exception helper routine for ARM (#4005) 2021-10-07 23:04:19 +03:00
George Bișoc
9c1c88de3e
[NTOS:SE] Define a name macro for the threshold value
Instead of having this magic value as is, describe it within a macro for readability purposes.
2021-09-27 09:39:23 +02:00
George Bișoc
199f575342
[NTOS:SE] Check the privilege count against the maximum threshold
In SeCaptureLuidAndAttributesArray we must ensure that we don't go onto a potential integer overflow scenario by checking against the maximum limit threshold the kernel states. In addition, write an explicit name macro for the value.
2021-09-27 09:37:28 +02:00
Hermès Bélusca-Maïto
9462350a92
[NTOS:RAWFS] LE JOKE! - Commit 7716bddd (r24564) claimed to "actually create the \\Device names so that user-mode can even talk to it", yet didn't bother to do that!
Certainly due to copy-pasta error from the original code.

A consequence of this oversight, was that the IoGetDeviceObjectPointer()
calls on these device names, in fltmgr!DriverEntry() couldn't work.
(See drivers/filters/fltmgr/Interface.c, line 1880 and below.)
2021-09-26 03:02:58 +02:00
Hermès Bélusca-Maïto
5ccd45ea58
[NTOS:RAWFS] Delete the previously-created devices in case the IoCreateDevice() calls fail. 2021-09-26 03:02:57 +02:00
Hermès Bélusca-Maïto
74513a75ab
[NTOS:OB] Minor refactoring.
- NtQuerySymbolicLinkObject(): Use an intermediate variable for the object header.
- Simplify code in ObpLookupEntryDirectory() by calling ObpReleaseLookupContextObject() instead.
- Use TAG_OBJECT_TYPE instead of hardcoded tag values.
2021-09-25 01:09:01 +02:00
Hermès Bélusca-Maïto
4c63ed5a7a
[NTOS:OB] Clarify and fix the usage of the Obp*DirectoryLock*() and ObpReleaseLookupContextObject() functions.
- Disentangle the usage of ObpAcquireDirectoryLockExclusive() when it's
  used only for accessing a directory structure, or as part of a lookup
  operation.

  The Obp*DirectoryLock*() -- both shared and exclusive -- functions
  are only for locking an OB directory, for reading or writing its
  structure members.

  When performing lookup operations (insertions/deletions of entries
  within a directory), use a ObpAcquireLookupContextLock() function that
  exclusively locks the directory and saves extra lock state, that can
  be used by ObpReleaseLookupContextObject() for cleanup.

- Add documentation for these functions.
2021-09-25 00:47:43 +02:00
George Bișoc
19cdb521d2
[NTOS:OB] Acquire the lock before setting directory's session ID 2021-09-24 19:49:40 +02:00
George Bișoc
0b4763f1b1
[NTOS:SE] Do not set SE_DACL_PRESENT flag that early
The function might assign the flag yet it could possibly fail on creating a DACL and insert an "access allowed" right to the access entry within the DACL. In this case, make sure we actually succeeded on all the tasks and THEN assign the flag that the DACL is truly present.

Also, make sure that the Current buffer size variable gets its new size so that we avoid overidding the memory of the DACL if the security descriptor wants both a DACL and SACL and so that happens that the DACL memory gets overwritten by the SACL.
2021-09-24 19:39:30 +02:00
George Bișoc
f341b9080b
[NTOS:SE] Set the SACL to the World security descriptor
Implement the portion chunk of code that is responsible for setting the system access control list (SACL) to the World security descriptor, based from SeWorldSid (World security identifier).
2021-09-24 19:13:16 +02:00
George Bișoc
8e6fc7a5f5
[NTOS:SE] Implement token groups adjusting 2021-09-23 17:38:31 +02:00
George Bișoc
982ee872dd
[NTOS:SE] Privileges adjusting private routine must be paged
SepAdjustPrivileges is a private helper call that must be paged, alongside with its syscall -- NtAdjustPrivilegesToken.
2021-09-21 17:40:53 +02:00
Victor Perevertkin
62d1a2c884
[CMAKE] Fixes for clang-cl build
- User lib.exe instead of llvm-lib due to incompatibility
- Avoid wrapping resource compiler with cmcldeps
- Fix several conditional flags
2021-09-14 17:58:23 +03:00
Hermès Bélusca-Maïto
9393fc320e
[FORMATTING] Remove trailing whitespace. Addendum to 34593d93.
Excluded: 3rd-party code (incl. wine) and most of the win32ss.
2021-09-13 03:52:22 +02:00
Hermès Bélusca-Maïto
9b1edceae1
[REACTOS] Fix some instances of DPRINTs with trailing whitespace before newlines. 2021-09-13 03:52:19 +02:00
Hermès Bélusca-Maïto
6e9ff14e26
[NTOS:KD64,KE] IRQL is automatically adjusted during calls to KdEnterDebugger() and KdExitDebugger(). (#3942)
Addendum to 608032bd and 835c3023.

The IRQL is actually raised by KeFreezeExecution() and lowered by
KeThawExecution(), always to HIGH_IRQL on MP systems, or if necessary
on UP. These functions are called respectively by KdEnterDebugger()
and KdExitDebugger().
2021-09-12 18:20:32 +02:00
Hermès Bélusca-Maïto
05590079cc
[NTOS:KD64] First unlock the KD port then lower the IRQL, instead of doing the reverse. (#3942)
This properly reverses the operation of first raising the IRQL before
locking the KD port.
2021-09-12 18:19:59 +02:00
Hermès Bélusca-Maïto
c9f335e996
[NTOS:KD64] KdPollBreakIn(): Use the KeRestoreInterrupts() inline. 2021-09-12 18:16:13 +02:00
George Bișoc
fc5bc55fbb
[NTOS:SE] Use the captured security descriptor when access checking
When performing access security check, use the security descriptor that we've captured it to determine based on that descriptor if the client can be granted access or not.
2021-09-12 16:07:44 +02:00
George Bișoc
d7255f1584
[NTOS:SE] Explicitly check the auto inherit flags right away
As we now have the SEF_* flags declared within the SDK we can simply check for such flags directly wihout having to check for the hard-coded flag values.
2021-09-09 19:29:53 +02:00
Stanislav Motylkov
3f4c98a425
[ARM] Fix some compilation errors for ARM
CORE-17634 CORE-17604
2021-09-09 19:40:20 +03:00
Hermès Bélusca-Maïto
4795d953c0
[NTOS:IO] Fix an ASSERT. Addendum to commit 1fd730b7. 2021-09-06 01:05:14 +02:00
Hermès Bélusca-Maïto
fe9ac14aa3
[NTOS] Move two CODE_SEG("INIT") to a better place. 2021-09-05 21:22:45 +02:00
Hermès Bélusca-Maïto
1fd730b781
[NTOS:IO] IopInitializeDriverModule(): Set the DRVO_LEGACY_DRIVER flag if the driver is not WDM. (#3749) 2021-09-05 20:31:08 +02:00
George Bișoc
c407460f6a
[NTOS:SE] Implement effective token option upon duplication
This implements the EffectiveOnly option of SepDuplicateToken routine (used by NtDuplicateToken syscall and other functions alike) which makes the access token effective by removing the disabled parts like privileges and groups.
2021-09-05 17:01:21 +02:00
George Bișoc
84f7bee18f
[NTOS:SE] SepSinglePrivilegeCheck doesn't expect a NT status code value
Fix a wrong returned datatype of the function, as SepSinglePrivilegeCheck calls the internal private SepPrivilegeCheck function which returns a BOOLEAN value.
2021-08-22 11:31:57 +02:00
George Bișoc
8567d8145e
[NTOS:SE] Annotate the remaining functions with SAL 2021-08-22 10:29:58 +02:00
George Bișoc
6413009c10
[NTOS:SE] Document the whole subsystem in Doxygen format
And update the file comment headers.
2021-08-22 10:29:47 +02:00
Victor Perevertkin
6ef6fabfc5
[FREELDR][NTOS][HALPPC][SDK] Remove PowerPC code
Remove PowerPC-related code from the kernel, HAL, SDK and
Freeloader.
2021-08-15 15:35:51 +03:00
James Tabor
a81ad376a1 Check for PAE
Checking for PAE and set some logic later to support it.
2021-08-08 20:37:06 -05:00
Jérôme Gardou
589016ddb9 [NTOS:MM] Implement MmFlushImageSection(MmFlushForWrite) 2021-08-07 09:34:58 +02:00
Jérôme Gardou
6618d978cd [CMAKE] Do not disable optimisations on ntoskrnl build 2021-08-06 15:17:49 +02:00
Jérôme Gardou
acf28dbc1e [NTOS:MM] Fix the mess created by the "balancer thread"
When processing:
  Make sure that the process is not terminating.
  Make sure that the process WorkingSet is still valid
  Protect accessing & writing to PTEs by acquiring the working set lock

CORE-17595 CORE-17642
2021-08-05 10:06:19 +02:00
Jérôme Gardou
676dc4b441 Revert "[NTOS:MM] Do proper checks & acquire proper locks when sweeping user pages"
This reverts commit 7c006df7e0.
Note to self: This is what happens when you have too many branch and push the wrong one.
2021-08-04 23:57:39 +02:00
Jérôme Gardou
7c006df7e0 [NTOS:MM] Do proper checks & acquire proper locks when sweeping user pages
CORE-17595
2021-08-04 20:38:37 +02:00
Jérôme Gardou
789d7a7741 [NTOS:MM] When mapping pages for zeroing them, disable cache, enable write through
Idea from Thomas Faber
2021-08-04 17:48:39 +02:00
Jérôme Gardou
98e62b9bca [NTOS:MM] In page zeroing thread, zero more than one page at a time. 2021-08-04 17:48:39 +02:00
Jérôme Gardou
e98de5ef1f [NTOS:MM] Use KeZeroPages in zeroing thread 2021-08-04 17:48:39 +02:00
Jérôme Gardou
708dc6b7d6 [NTOS:MM] Do not zero-fill pages when not needed 2021-08-04 17:48:39 +02:00
Jérôme Gardou
42bec35f65 [NTOS:KE] Also rewrite KeZeroPages in assembly for amd64
Let's stick with "rep movsq" until we are able to have more precise benchmarks
2021-08-04 17:48:39 +02:00
Jérôme Gardou
51258295bd [NTOS:KE] Rewrite KeZeroPages in assembly
We spend a lot of time in this function, let's optimize it.
2021-08-04 17:48:39 +02:00
Jérôme Gardou
34662e2f6f [NTOS:MM] Copy the WorkingSet page when initializing "hand-built" process
CORE-17642
2021-08-04 11:49:38 +02:00
Jérôme Gardou
be6a6b806a [NTOS:MM] Remove dead code 2021-08-03 10:57:12 +02:00
Victor Perevertkin
5176f580e5
[CMAKE] Add memcmp to libntoskrnl for both clang and clang-cl 2021-08-02 20:23:22 +03:00
George Bișoc
632fa1cfbe
[NTOS:SE] Handle the reference logon session of the token
When creating or duplicating an access token object, make sure that the logon session is getting referenced by the token must be inserted onto the logon reference member (a.k.a LogonSession) for proper logon session referencing tracking.

Also when a token object is about to be destroyed or that we are taking away a reference session from it, we must ensure that the referenced logon session data gets removed from the token in question.
CORE-17700
2021-07-31 17:23:05 +02:00
George Bișoc
5e51f8dad2
[NTOS:SE] Implement logon reference insertion/removal to tokens 2021-07-31 16:11:03 +02:00
George Bișoc
7692c10527
[NTOS:SE] Unify all the SRM tags in one place
And rename SEP_LOGON_SESSION_TAG and SEP_LOGON_NOTIFICATION_TAG to TAG_LOGON_SESSION and TAG_LOGON_NOTIFICATION respectively.
2021-07-31 16:10:50 +02:00
Jérôme Gardou
b0dfe20981 [NTOS:MM] Fix MiIsUserPte inline 2021-07-30 18:54:54 +02:00
Jérôme Gardou
ce65553eaa [NTOS:MM] Annotate some functions with regards to MmPfnLock
Also fix MI_ASSERT_PFN_LOCK_HELD macro.
Now in debug builds, SpinLocks are always non-zero when held.
2021-07-27 15:36:55 +02:00
Jérôme Gardou
6150dc994a [NTOS:MM] Always release PFN lock in MmDereferenceSegmentWithLock
All callers release it after calling it.
CORE-17698
2021-07-27 15:36:55 +02:00
George Bișoc
e2a8585edc
[NTOS:SE] Remove redundant commented call on token duplication
When duplicating an access token, the authentication ID is already copied from the existing token to the new one anyway so there's no point on having the commented call still left in the code.
2021-07-25 18:02:32 +02:00
Timo Kreuzer
a3763c61dc [PSDK][NDK] Use hex to define MIN/MAX constants like in native SDK
This fixes use of unary minus operator on unsigned type warning.
2021-07-23 22:03:48 +02:00
Hervé Poussineau
ad370238d7 [NTOS:PS] Support using QUOTA_LIMITS_EX in NtSetInformationProcess(ProcessQuotaLimits)
Both QUOTA_LIMITS and QUOTA_LIMITS_EX are already supported in PspSetQuotaLimits,
but this was broken by a330b56787
2021-07-15 19:33:45 +02:00
George Bișoc
506cee3219 [NTOS:SE] Implement logon session termination notification
Note to SELF and EVERYONE: the commit implements the initial logon session termination notification implementation, the SeMarkLogonSessionForTerminationNotification function, but as it currently stands there are several other tasks to be addressed in the future in order for the logon termination notification to be fully completed. The tasks as of which are.

1. Our SepRmDereferenceLogonSession is not fully implemented, as it doesn't inform the LSA and filesystems of logon deletion notification
2. Implement two worker routines that are actually in charge of such tasks of informing LSA and FSDs
3. Perform logon deletion
4. Do further investigations and check whatever that is left to address, if any
2021-07-15 19:31:46 +02:00
Timo Kreuzer
47372e2ac9 [NTOS:MM] Fix MiSetSystemCodeProtection
CORE-16387 CORE-17638
Windows only makes the header RO for session space mapped drivers (win32k, dx and display drivers)
2021-07-11 21:43:07 +02:00
George Bișoc
7fb0d13a46
[NTOS:SE] Move SQOS capturing in its own file
* Quality of service kernel stuff bears nothing with security descriptors in anyway, so just have a file specifically for it
* Annotate the function arguments parameters with SAL
* Document the functions
2021-07-05 09:39:06 +02:00
George Bișoc
ff0a325116
[NTOS:SE] Allocate pool memory for security descriptor based on the caller pool type request
We're indiscriminately allocate the pool as non paged all the time, thus further ignoring the pool type parameter of the function.
2021-07-04 11:01:54 +02:00
Oleg Dubinskiy
94054a5735 [NTOS:IO] OpenRegistryHandlesFromSymbolicLink: Use REG_OPTION_NON_VOLATILE
Use REG_OPTION_NON_VOLATILE instead of REG_OPTION_VOLATILE in all ZwCreateKey calls of OpenRegistryHandlesFromSymbolicLink, since the keys created/opened by this function, should be non-volatile (in other words, be saved after reboot).
Also Device Parameters subkey that is created in IoOpenDeviceInterfaceRegistryKey (which uses that routine as well), is non-volatile too, so the parent keys whose contain it, cannot be volatile.
It will fix an error with status 0xc0000181 (STATUS_CHILD_MUST_BE_VOLATILE) occuring during loading kernel mode audio drivers from Windows XP/2003, especially checked (debug) versions, with my IoGetDeviceInterfaceAlias implementation. Also it may fix other error cases.
CORE-17361
2021-07-03 21:44:33 +02:00
George Bișoc
c869c4778d
[NTOS:SE] Assign the control flag bits to the newly created security descriptor
We allocate memory pool for a new security descriptor with specific info filled by the caller but we don't set the control flag bits for the newly allocated descriptor, which is wrong. Originally spotted by Vadim Galyant.
CORE-17650
2021-07-03 17:20:48 +02:00
Jérôme Gardou
37d0a9c3f4 [NTOS:KE] Unconditionally check IRQL when acquiring & releasing spinlock at DISPATCH_LEVEL 2021-06-29 11:49:20 +02:00
Jérôme Gardou
f30136bc79 [NTOS:KE] Test spinlock ownership on both UP & MP build
There is no reason not to, and this avoids introducing bugs stupidly.
2021-06-29 11:49:20 +02:00
Jérôme Gardou
835c30232e [NTOS:KD][NTOS:KD64][NTOS:KDBG] Fix IRQL & spinlock use
KD64: Raise to HIGH_LEVEL when entering trap
KDBG: lower to DISPATCH_LEVEL when applying IRQL hack & use a worker thread to load symbols
KD&KDBG: Actually unload symbols when required
2021-06-29 11:49:20 +02:00
Jérôme Gardou
79c2972035 [NTOS:KD] Release lock before calling KdpPrint
Avoiding resursive spinlock acquisition
2021-06-29 11:49:20 +02:00
Jérôme Gardou
608032bd08 [NTOS:KD64][NTOS:KDBG] Fix spinlocks use
Raise IRQL before entering debugger, so that KeAcquireSpinLockAtDpcLevel works as expected.
 - HIGH_LEVEL since we don't know where we are coming from.

Do not try to read debug symbol from files in KDBG.
 - There is no reason that this works if Mm didn't map it in the first place.
2021-06-29 11:49:20 +02:00
Jérôme Gardou
66dea86d68 [NTOS:KDBG] Use internal KdpDPrintf instead of DbgPrint
DbgPrint is implemented through a breakpoint, and then KD tries to recursively
lock its own spinlock. Call a lower level routine instead.
2021-06-29 11:49:20 +02:00
Jérôme Gardou
e312a40ae2 [NTOS:KE] Implement KeAcquireInStackQueuedSpinLockForDpc & KeReleaseInStackQueuedSpinLockForDpc 2021-06-29 11:49:20 +02:00
Jérôme Gardou
91587a432b [NTOS:MM] Fix another instance of reentrant spinlock acquisition 2021-06-29 11:49:20 +02:00
Victor Perevertkin
1c7f3476a0
[CMAKE] Use BUILD_MP CMake option correctly 2021-06-28 17:54:09 +03:00
Jérôme Gardou
d1f5c31820 [SDK] Add GCC overrides for SAL annotations
GCC has some functions, variables & type attributes which can be used as aliases
for some of the SAL annotations. Although it's not as rich & precise, it's still useful
since we actually enable -Werror on GCC builds whereas we don't use such an option
on MSVC builds.

For now, _Must_inspect_result_ is aliased to warn_result_unused attribute.
2021-06-28 10:20:57 +02:00