ntdll-segv_handler: Update patchset and implement proper detection of privileged instructions.

2024-11-21 16:46:54 -08:00 · 2017-10-04 01:53:09 +02:00 · 2017-10-04 01:53:09 +02:00 · 431c546ca5
commit 431c546ca5
parent 18a46d576a
7 changed files with 170 additions and 58 deletions
--- a/patches/ntdll-segv_handler/0001-ntdll-Fix-privileged-instruction-exception-code.patch
+++ b/patches/ntdll-segv_handler/0001-ntdll-Fix-privileged-instruction-exception-code.patch
@ -1,25 +0,0 @@
-From 5c62e8187c7af1dbf7ad25e521f1a53e84f1c6d3 Mon Sep 17 00:00:00 2001
-From: Andrew Wesie <awesie@gmail.com>
-Date: Sun, 13 Nov 2016 12:35:04 -0600
-Subject: ntdll: Fix privileged instruction exception code.
-
-Signed-off-by: Andrew Wesie <awesie@gmail.com>
---
- dlls/ntdll/signal_x86_64.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/dlls/ntdll/signal_x86_64.c b/dlls/ntdll/signal_x86_64.c
-index 1c5ab158a3a..f434775df00 100644
--- a/dlls/ntdll/signal_x86_64.c
-+++ b/dlls/ntdll/signal_x86_64.c
-@@ -2790,7 +2790,6 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext )
-             WORD err = ERROR_sig(ucontext);
-             if ((err & 7) == 2 && handle_interrupt( err >> 3, rec, win_context )) break;
-             rec->ExceptionCode = err ? EXCEPTION_ACCESS_VIOLATION : EXCEPTION_PRIV_INSTRUCTION;
-            rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
-         }
-         break;
-     case TRAP_x86_PAGEFLT:  /* Page fault */
-- 
-2.14.1
-
--- a/patches/ntdll-x86_64_ExceptionInformation/0002-ntdll-Avoid-crash-when-trying-to-access-page-prot-of.patch
+++ b/patches/ntdll-x86_64_ExceptionInformation/0002-ntdll-Avoid-crash-when-trying-to-access-page-prot-of.patch
@ -0,0 +1,25 @@
+From 70bb327be039fc1d2b39df43af59e3d138724eff Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Wed, 4 Oct 2017 01:47:29 +0200
+Subject: ntdll: Avoid crash when trying to access page prot of address beyond
+ address space limit.
+
+---
+ dlls/ntdll/virtual.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
+index a496401e028..368e0ad0f9e 100644
+--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
+@@ -196,6 +196,7 @@ static BYTE get_page_vprot( const void *addr )
+     size_t idx = (size_t)addr >> page_shift;
+ 
+ #ifdef _WIN64
+    if ((idx >> pages_vprot_shift) >= pages_vprot_size) return 0;
+     if (!pages_vprot[idx >> pages_vprot_shift]) return 0;
+     return pages_vprot[idx >> pages_vprot_shift][idx & pages_vprot_mask];
+ #else
+-- 
+2.14.1
+
--- a/patches/ntdll-x86_64_ExceptionInformation/0003-ntdll-Translate-icebp-instruction-to-EXCEPTION_SINGL.patch
+++ b/patches/ntdll-x86_64_ExceptionInformation/0003-ntdll-Translate-icebp-instruction-to-EXCEPTION_SINGL.patch
--- a/patches/ntdll-x86_64_ExceptionInformation/0004-ntdll-Correctly-handle-privileged-instructions-on-x8.patch
+++ b/patches/ntdll-x86_64_ExceptionInformation/0004-ntdll-Correctly-handle-privileged-instructions-on-x8.patch
@ -0,0 +1,110 @@
+From 940dc8c23f3b1b9bdb38893ac7e203cbba6a43df Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Wed, 4 Oct 2017 01:22:19 +0200
+Subject: ntdll: Correctly handle privileged instructions on x86_64.
+
+---
+ dlls/ntdll/signal_x86_64.c | 79 +++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 78 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/ntdll/signal_x86_64.c b/dlls/ntdll/signal_x86_64.c
+index 9abb2e905a9..28f6d926a43 100644
+--- a/dlls/ntdll/signal_x86_64.c
+++ b/dlls/ntdll/signal_x86_64.c
+@@ -2718,6 +2718,83 @@ static void raise_generic_exception( EXCEPTION_RECORD *rec, CONTEXT *context )
+ }
+ 
+ 
+/***********************************************************************
+ *           is_privileged_instr
+ *
+ * Check if the fault location is a privileged instruction.
+ */
+static inline DWORD is_privileged_instr( CONTEXT *context )
+{
+    const BYTE *instr = (BYTE *)context->Rip;
+    unsigned int prefix_count = 0;
+
+    for (;;) switch(*instr)
+    {
+    /* instruction prefixes */
+    case 0x2e:  /* %cs: */
+    case 0x36:  /* %ss: */
+    case 0x3e:  /* %ds: */
+    case 0x26:  /* %es: */
+    case 0x40:  /* rex */
+    case 0x41:  /* rex */
+    case 0x42:  /* rex */
+    case 0x43:  /* rex */
+    case 0x44:  /* rex */
+    case 0x45:  /* rex */
+    case 0x46:  /* rex */
+    case 0x47:  /* rex */
+    case 0x48:  /* rex */
+    case 0x49:  /* rex */
+    case 0x4a:  /* rex */
+    case 0x4b:  /* rex */
+    case 0x4c:  /* rex */
+    case 0x4d:  /* rex */
+    case 0x4e:  /* rex */
+    case 0x4f:  /* rex */
+    case 0x64:  /* %fs: */
+    case 0x65:  /* %gs: */
+    case 0x66:  /* opcode size */
+    case 0x67:  /* addr size */
+    case 0xf0:  /* lock */
+    case 0xf2:  /* repne */
+    case 0xf3:  /* repe */
+        if (++prefix_count >= 15) return EXCEPTION_ILLEGAL_INSTRUCTION;
+        instr++;
+        continue;
+
+    case 0x0f: /* extended instruction */
+        switch(instr[1])
+        {
+        case 0x20: /* mov crX, reg */
+        case 0x21: /* mov drX, reg */
+        case 0x22: /* mov reg, crX */
+        case 0x23: /* mov reg drX */
+            return EXCEPTION_PRIV_INSTRUCTION;
+        }
+        return 0;
+    case 0x6c: /* insb (%dx) */
+    case 0x6d: /* insl (%dx) */
+    case 0x6e: /* outsb (%dx) */
+    case 0x6f: /* outsl (%dx) */
+    case 0xcd: /* int $xx */
+    case 0xe4: /* inb al,XX */
+    case 0xe5: /* in (e)ax,XX */
+    case 0xe6: /* outb XX,al */
+    case 0xe7: /* out XX,(e)ax */
+    case 0xec: /* inb (%dx),%al */
+    case 0xed: /* inl (%dx),%eax */
+    case 0xee: /* outb %al,(%dx) */
+    case 0xef: /* outl %eax,(%dx) */
+    case 0xf4: /* hlt */
+    case 0xfa: /* cli */
+    case 0xfb: /* sti */
+        return EXCEPTION_PRIV_INSTRUCTION;
+    default:
+        return 0;
+    }
+}
+
+
+ /***********************************************************************
+  *           handle_interrupt
+  *
+@@ -2788,8 +2865,8 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext )
+         {
+             CONTEXT *win_context = get_exception_context( rec );
+             WORD err = ERROR_sig(ucontext);
+            if (!err && (rec->ExceptionCode = is_privileged_instr( win_context ))) break;
+             if ((err & 7) == 2 && handle_interrupt( err >> 3, rec, win_context )) break;
+-            rec->ExceptionCode = err ? EXCEPTION_ACCESS_VIOLATION : EXCEPTION_PRIV_INSTRUCTION;
+             rec->ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
+         }
+         break;
+-- 
+2.14.1
+
--- a/patches/ntdll-x86_64_ExceptionInformation/0005-ntdll-Handle-interrupt-0x2c-on-x86_64.patch
+++ b/patches/ntdll-x86_64_ExceptionInformation/0005-ntdll-Handle-interrupt-0x2c-on-x86_64.patch
@ -0,0 +1,26 @@
+From 89fb55baee8ee0ae595f940fdcf7e69a339b0b54 Mon Sep 17 00:00:00 2001
+From: Andrew Wesie <awesie@gmail.com>
+Date: Wed, 4 Oct 2017 01:51:09 +0200
+Subject: ntdll: Handle interrupt 0x2c on x86_64.
+
+---
+ dlls/ntdll/signal_x86_64.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/dlls/ntdll/signal_x86_64.c b/dlls/ntdll/signal_x86_64.c
+index 28f6d926a43..34d748582ef 100644
+--- a/dlls/ntdll/signal_x86_64.c
+++ b/dlls/ntdll/signal_x86_64.c
+@@ -2804,6 +2804,9 @@ static inline BOOL handle_interrupt( unsigned int interrupt, EXCEPTION_RECORD *r
+ {
+     switch(interrupt)
+     {
+    case 0x2c:
+        rec->ExceptionCode = STATUS_ASSERTION_FAILURE;
+        return TRUE;
+     case 0x2d:
+         context->Rip += 3;
+         rec->ExceptionCode = EXCEPTION_BREAKPOINT;
+-- 
+2.14.1
+
--- a/patches/ntdll-x86_64_ExceptionInformation/definition
+++ b/patches/ntdll-x86_64_ExceptionInformation/definition
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -256,7 +256,6 @@ patch_enable_all ()
 	enable_ntdll_HashLinks="$1"
 	enable_ntdll_Heap_Improvements="$1"
 	enable_ntdll_Hide_Wine_Exports="$1"
-	enable_ntdll_Icebp_x86_64="$1"
 	enable_ntdll_Interrupt_0x2e="$1"
 	enable_ntdll_Junction_Points="$1"
 	enable_ntdll_LDR_MODULE="$1"
@ -302,7 +301,6 @@ patch_enable_all ()
 	enable_ntdll_Zero_mod_name="$1"
 	enable_ntdll__aulldvrm="$1"
 	enable_ntdll_call_thread_func_wrapper="$1"
-	enable_ntdll_segv_handler="$1"
 	enable_ntdll_set_full_cpu_context="$1"
 	enable_ntdll_x86_64_ExceptionInformation="$1"
 	enable_ntoskrnl_DriverTest="$1"
@ -1055,9 +1053,6 @@ patch_enable ()
 		ntdll-Hide_Wine_Exports)
 			enable_ntdll_Hide_Wine_Exports="$2"
 			;;
-		ntdll-Icebp_x86_64)
-			enable_ntdll_Icebp_x86_64="$2"
-			;;
 		ntdll-Interrupt-0x2e)
 			enable_ntdll_Interrupt_0x2e="$2"
 			;;
@ -1193,9 +1188,6 @@ patch_enable ()
 		ntdll-call_thread_func_wrapper)
 			enable_ntdll_call_thread_func_wrapper="$2"
 			;;
-		ntdll-segv_handler)
-			enable_ntdll_segv_handler="$2"
-			;;
 		ntdll-set_full_cpu_context)
 			enable_ntdll_set_full_cpu_context="$2"
 			;;
@ -6262,12 +6254,20 @@ fi
 # Patchset ntdll-x86_64_ExceptionInformation
 # |
 # | Modified files:
-# |   *	dlls/ntdll/signal_x86_64.c
+# |   *	dlls/ntdll/signal_x86_64.c, dlls/ntdll/virtual.c
 # |
 if test "$enable_ntdll_x86_64_ExceptionInformation" -eq 1; then
 	patch_apply ntdll-x86_64_ExceptionInformation/0001-ntdll-Set-proper-ExceptionInformation-0-for-x86_64-e.patch
+	patch_apply ntdll-x86_64_ExceptionInformation/0002-ntdll-Avoid-crash-when-trying-to-access-page-prot-of.patch
+	patch_apply ntdll-x86_64_ExceptionInformation/0003-ntdll-Translate-icebp-instruction-to-EXCEPTION_SINGL.patch
+	patch_apply ntdll-x86_64_ExceptionInformation/0004-ntdll-Correctly-handle-privileged-instructions-on-x8.patch
+	patch_apply ntdll-x86_64_ExceptionInformation/0005-ntdll-Handle-interrupt-0x2c-on-x86_64.patch
 	(
 		printf '%s\n' '+    { "Sebastian Lackner", "ntdll: Set proper ExceptionInformation[0] for x86_64 exceptions.", 1 },';
+		printf '%s\n' '+    { "Sebastian Lackner", "ntdll: Avoid crash when trying to access page prot of address beyond address space limit.", 1 },';
+		printf '%s\n' '+    { "Michael Müller", "ntdll: Translate icebp instruction to EXCEPTION_SINGLE_STEP on x64.", 1 },';
+		printf '%s\n' '+    { "Sebastian Lackner", "ntdll: Correctly handle privileged instructions on x86_64.", 1 },';
+		printf '%s\n' '+    { "Andrew Wesie", "ntdll: Handle interrupt 0x2c on x86_64.", 1 },';
 	) >> "$patchlist"
 fi

@ -6557,18 +6557,6 @@ if test "$enable_ntdll_Heap_Improvements" -eq 1; then
 	) >> "$patchlist"
 fi

-# Patchset ntdll-Icebp_x86_64
-# |
-# | Modified files:
-# |   *	dlls/ntdll/signal_x86_64.c
-# |
-if test "$enable_ntdll_Icebp_x86_64" -eq 1; then
-	patch_apply ntdll-Icebp_x86_64/0001-ntdll-Translate-icebp-instruction-to-EXCEPTION_SINGL.patch
-	(
-		printf '%s\n' '+    { "Michael Müller", "ntdll: Translate icebp instruction to EXCEPTION_SINGLE_STEP on x64.", 1 },';
-	) >> "$patchlist"
-fi
-
 # Patchset ntdll-Interrupt-0x2e
 # |
 # | This patchset fixes the following Wine bugs:
@ -7156,18 +7144,6 @@ if test "$enable_ntdll_call_thread_func_wrapper" -eq 1; then
 	) >> "$patchlist"
 fi

-# Patchset ntdll-segv_handler
-# |
-# | Modified files:
-# |   *	dlls/ntdll/signal_x86_64.c
-# |
-if test "$enable_ntdll_segv_handler" -eq 1; then
-	patch_apply ntdll-segv_handler/0001-ntdll-Fix-privileged-instruction-exception-code.patch
-	(
-		printf '%s\n' '+    { "Andrew Wesie", "ntdll: Fix privileged instruction exception code.", 1 },';
-	) >> "$patchlist"
-fi
-
 # Patchset ntdll-set_full_cpu_context
 # |
 # | Modified files: