Index: /trunk/include/VBox/sup.h =================================================================== --- /trunk/include/VBox/sup.h (revision 12422) +++ /trunk/include/VBox/sup.h (revision 12423) @@ -566,24 +566,7 @@ /** - * Verifies the integrity of a file, and optionally opens it. - * - * The integrity check is for whether the file is suitable for loading into - * the hypervisor or VM process. The integrity check may include verifying - * the authenticode/elfsign/whatever signature of the file, which can take - * a little while. - * - * @returns VBox status code. On failure it will have printed a LogRel message. - * - * @param pszFilename The file. - * @param pszWhat For the LogRel on failure. - * @param phFile Where to store the handle to the opened file. This is optional, pass NULL - * if the file should not be opened. - */ -SUPR3DECL(int) SUPR3HardenedVerifyFile(const char *pszFilename, const char *pszWhat, PRTFILE phFile); - -/** - * Load a module into R0 HC. - * - * This will verify the file integrity in a similar manner as + * Load a module into R0 HC. + * + * This will verify the file integrity in a similar manner as * SUPR3HardenedVerifyFile before loading it. * @@ -637,4 +620,45 @@ */ SUPR3DECL(int) SUPGipGetPhys(PRTHCPHYS pHCPhys); + +/** + * Verifies the integrity of a file, and optionally opens it. + * + * The integrity check is for whether the file is suitable for loading into + * the hypervisor or VM process. The integrity check may include verifying + * the authenticode/elfsign/whatever signature of the file, which can take + * a little while. + * + * @returns VBox status code. On failure it will have printed a LogRel message. + * + * @param pszFilename The file. + * @param pszWhat For the LogRel on failure. + * @param phFile Where to store the handle to the opened file. This is optional, pass NULL + * if the file should not be opened. + */ +SUPR3DECL(int) SUPR3HardenedVerifyFile(const char *pszFilename, const char *pszWhat, PRTFILE phFile); + +/** + * Same as RTLdrLoad() but will verify the files it loads (hardened builds). + * + * Will add dll suffix if missing and try load the file. + * + * @returns iprt status code. + * @param pszFilename Image filename. This must have a path. + * @param phLdrMod Where to store the handle to the loaded module. + */ +SUPR3DECL(int) SUPR3HardenedLdrLoad(const char *pszFilename, PRTLDRMOD phLdrMod); + +/** + * Same as RTLdrLoadAppPriv() but it will verify the files it loads (hardened + * builds). + * + * Will add dll suffix to the file if missing, then look for it in the + * architecture dependent application directory. + * + * @returns iprt status code. + * @param pszFilename Image filename. + * @param phLdrMod Where to store the handle to the loaded module. + */ +SUPR3DECL(int) SUPR3HardenedLdrLoadAppPriv(const char *pszFilename, PRTLDRMOD phLdrMod); /** @} */ Index: /trunk/include/iprt/ldr.h =================================================================== --- /trunk/include/iprt/ldr.h (revision 12422) +++ /trunk/include/iprt/ldr.h (revision 12423) @@ -69,17 +69,14 @@ /** - * Loads a dynamic load library (/shared object) image file using native - * OS facilities. - * - * If the path is specified in the filename, only this path is used. - * If only the image file name is specified, then try to load it from: - * - RTPathAppPrivateArch - * - RTPathSharedLibs (legacy) - * - * @returns iprt status code. - * @param pszFilename Image filename. + * Loads a dynamic load library (/shared object) image file residing in the + * RTPathAppPrivateArch() directory. + * + * Suffix is not required. + * + * @returns iprt status code. + * @param pszFilename Image filename. No path. * @param phLdrMod Where to store the handle to the loaded module. */ -RTDECL(int) RTLdrLoadAppSharedLib(const char *pszFilename, PRTLDRMOD phLdrMod); +RTDECL(int) RTLdrLoadAppPriv(const char *pszFilename, PRTLDRMOD phLdrMod); /** Index: /trunk/src/VBox/Devices/Serial/DevSerial.cpp =================================================================== --- /trunk/src/VBox/Devices/Serial/DevSerial.cpp (revision 12422) +++ /trunk/src/VBox/Devices/Serial/DevSerial.cpp (revision 12423) @@ -242,4 +242,8 @@ if (RT_LIKELY(s->pDrvChar)) s->pDrvChar->pfnSetParameters(s->pDrvChar, speed, parity, data_bits, stop_bits); +#ifdef RT_OS_DARWIN + if (RT_LIKELY(s->pDrvChar)) + s->cNsDelay = (69444 - 2000) / s->divider; /* 69444 == 1000,000,000 / (115,000 / 8); 2000 = fudge factor */ +#endif } @@ -386,4 +390,11 @@ case 5: ret = s->lsr; +#ifdef RT_OS_DARWIN + if ( !(ret & UART_LSR_THRE) + && pThis->HeldXmitNanoTS + && RTTimeNanoTS() - s->HeldXmitNanoTS >= s->cNsDelay) { + ret = s->lsr |= UART_LSR_THRE; + } +#endif break; case 6: Index: /trunk/src/VBox/Devices/Storage/VBoxHDD-new.cpp =================================================================== --- /trunk/src/VBox/Devices/Storage/VBoxHDD-new.cpp (revision 12422) +++ /trunk/src/VBox/Devices/Storage/VBoxHDD-new.cpp (revision 12423) @@ -26,6 +26,7 @@ #include #include - +#include #include + #include #include @@ -195,5 +196,5 @@ /* Try to load the plugin (RTLdrLoad takes care of the suffix). */ - rc = RTLdrLoad(pszPluginName, &hPlugin); + rc = SUPR3HardenedLdrLoad(pszPluginName, &hPlugin); if (RT_SUCCESS(rc)) { @@ -730,5 +731,5 @@ } - rc = RTLdrLoad(pszPluginPath, &hPlugin); + rc = SUPR3HardenedLdrLoad(pszPluginPath, &hPlugin); if (RT_SUCCESS(rc)) { @@ -1015,5 +1016,5 @@ } - rc = RTLdrLoad(pszPluginPath, &hPlugin); + rc = SUPR3HardenedLdrLoad(pszPluginPath, &hPlugin); if (RT_SUCCESS(rc)) { Index: /trunk/src/VBox/Frontends/VBoxHeadless/VBoxHeadless.cpp =================================================================== --- /trunk/src/VBox/Frontends/VBoxHeadless/VBoxHeadless.cpp (revision 12422) +++ /trunk/src/VBox/Frontends/VBoxHeadless/VBoxHeadless.cpp (revision 12423) @@ -51,4 +51,5 @@ #include #include +#include #endif @@ -690,5 +691,5 @@ Log2(("VBoxHeadless: loading VBoxFFmpegFB shared library\n")); - rrc = RTLdrLoad("VBoxFFmpegFB", &hLdrFFmpegFB); + rrc = SUPR3HardenedLdrLoad("VBoxFFmpegFB", &hLdrFFmpegFB); if (RT_SUCCESS(rrc)) Index: /trunk/src/VBox/HostDrivers/Support/SUPLib.cpp =================================================================== --- /trunk/src/VBox/HostDrivers/Support/SUPLib.cpp (revision 12422) +++ /trunk/src/VBox/HostDrivers/Support/SUPLib.cpp (revision 12423) @@ -47,5 +47,4 @@ */ - /******************************************************************************* * Header Files * @@ -68,4 +67,5 @@ #include #include +#include #include #include @@ -738,5 +738,5 @@ { RTHCPHYS Phys = (uintptr_t)pvStart + PAGE_SIZE * 1024; - unsigned iPage = cPages; + size_t iPage = cPages; while (iPage-- > 0) paPages[iPage].Phys = Phys + (iPage << PAGE_SHIFT); @@ -758,5 +758,5 @@ pReq->Hdr.rc = VERR_INTERNAL_ERROR; pReq->u.In.pvR3 = pvStart; - pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages); + pReq->u.In.cPages = (uint32_t)cPages; AssertRelease(pReq->u.In.cPages == cPages); rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_PAGE_LOCK, pReq, SUP_IOCTL_PAGE_LOCK_SIZE(cPages)); if (RT_SUCCESS(rc)) @@ -876,5 +876,5 @@ pReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_OUT; pReq->Hdr.rc = VERR_INTERNAL_ERROR; - pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages); + pReq->u.In.cPages = (uint32_t)cPages; AssertRelease(pReq->u.In.cPages == cPages); rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_PAGE_ALLOC, pReq, SUP_IOCTL_PAGE_ALLOC_SIZE(cPages)); if (RT_SUCCESS(rc)) @@ -991,5 +991,5 @@ Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT; Req.Hdr.rc = VERR_INTERNAL_ERROR; - Req.u.In.cPages = cPages; + Req.u.In.cPages = (uint32_t)cPages; int rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_CONT_ALLOC, &Req, SUP_IOCTL_CONT_ALLOC_SIZE); if ( RT_SUCCESS(rc) @@ -1060,5 +1060,5 @@ /* fake physical addresses. */ RTHCPHYS Phys = (uintptr_t)*ppvPages + PAGE_SIZE * 1024; - unsigned iPage = cPages; + size_t iPage = cPages; while (iPage-- > 0) paPages[iPage].Phys = Phys + (iPage << PAGE_SHIFT); @@ -1079,5 +1079,5 @@ pReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_OUT; pReq->Hdr.rc = VERR_INTERNAL_ERROR; - pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages); + pReq->u.In.cPages = (uint32_t)cPages; AssertRelease(pReq->u.In.cPages == cPages); rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LOW_ALLOC, pReq, SUP_IOCTL_LOW_ALLOC_SIZE(cPages)); if (RT_SUCCESS(rc)) @@ -1148,5 +1148,5 @@ AssertPtr(pszFilename); AssertPtr(pszMsg); - AssertReturn(!phFile, VERR_NOT_IMPLEMENTED); /** @todo Implement this. The deal is that we make sure the + AssertReturn(!phFile, VERR_NOT_IMPLEMENTED); /** @todo Implement this. The deal is that we make sure the file is the same we verified after opening it. */ @@ -1192,5 +1192,5 @@ } else - LogRel(("SUPLoadModule: Verification of \"%s\" failed, rc=%Rrc\n", rc)); + LogRel(("SUPLoadModule: Verification of \"%s\" failed, rc=%Rrc\n", rc)); return rc; } @@ -1890,2 +1890,117 @@ } + +/** + * Worker for SUPR3HardenedLdrLoad and SUPR3HardenedLdrLoadAppPriv. + * + * @returns iprt status code. + * @param pszFilename The full file name. + * @param phLdrMod Where to store the handle to the loaded module. + */ +static int supR3HardenedLdrLoadIt(const char *pszFilename, PRTLDRMOD phLdrMod) +{ +#ifdef VBOX_WITH_HARDENING + /* + * Verify the image file. + */ + rc = supR3HardenedVerifyFile(pszFilename, false /* fFatal */); + if (RT_FAILURE(rc)) + { + LogRel(("supR3HardenedLdrLoadIt: Verification of \"%s\" failed, rc=%Rrc\n", rc)); + return rc; + } +#endif + + /* + * Try load it. + */ + return RTLdrLoad(pszFilename, phLdrMod); +} + + +SUPR3DECL(int) SUPR3HardenedLdrLoad(const char *pszFilename, PRTLDRMOD phLdrMod) +{ + /* + * Validate input. + */ + AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER); + AssertPtrReturn(phLdrMod, VERR_INVALID_PARAMETER); + *phLdrMod = NIL_RTLDRMOD; + AssertReturn(RTPathHavePath(pszFilename), VERR_INVALID_PARAMETER); + + /* + * Add the default extension if it's missing. + */ + if (!RTPathHaveExt(pszFilename)) + { + const char *pszSuff = RTLdrGetSuff(); + size_t cchSuff = strlen(pszSuff); + size_t cchFilename = strlen(pszFilename); + char *psz = (char *)alloca(cchFilename + cchSuff + 1); + AssertReturn(psz, VERR_NO_TMP_MEMORY); + memcpy(psz, pszFilename, cchFilename); + memcpy(psz + cchFilename, pszSuff, cchSuff + 1); + pszFilename = psz; + } + + /* + * Pass it on to the common library loader. + */ + return supR3HardenedLdrLoadIt(pszFilename, phLdrMod); +} + + +SUPR3DECL(int) SUPR3HardenedLdrLoadAppPriv(const char *pszFilename, PRTLDRMOD phLdrMod) +{ + LogFlow(("SUPR3HardenedLdrLoadAppPriv: pszFilename=%p:{%s} phLdrMod=%p\n", pszFilename, pszFilename, phLdrMod)); + + /* + * Validate input. + */ + AssertPtrReturn(phLdrMod, VERR_INVALID_PARAMETER); + *phLdrMod = NIL_RTLDRMOD; + AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER); + AssertMsgReturn(!RTPathHavePath(pszFilename), ("%s\n", pszFilename), VERR_INVALID_PARAMETER); + + /* + * Check the filename. + */ + size_t cchFilename = strlen(pszFilename); + AssertMsgReturn(cchFilename < (RTPATH_MAX / 4) * 3, ("%zu\n", cchFilename), VERR_INVALID_PARAMETER); + + const char *pszExt = ""; + size_t cchExt = 0; + if (!RTPathHaveExt(pszFilename)) + { + pszExt = RTLdrGetSuff(); + cchExt = strlen(pszExt); + } + + /* + * Construct the private arch path and check if the file exists. + */ + char szPath[RTPATH_MAX]; + int rc = RTPathAppPrivateArch(szPath, sizeof(szPath) - 1 - cchExt - cchFilename); + AssertRCReturn(rc, rc); + + char *psz = strchr(szPath, '\0'); + *psz++ = RTPATH_SLASH; + memcpy(psz, pszFilename, cchFilename); + psz += cchFilename; + memcpy(psz, pszExt, cchExt + 1); + + if (!RTPathExists(szPath)) + { + LogRel(("SUPR3HardenedLdrLoadAppPriv: \"%s\" not found\n", szPath)); + return VERR_FILE_NOT_FOUND; + } + + /* + * Pass it on to SUPR3HardenedLdrLoad. + */ + rc = SUPR3HardenedLdrLoad(szPath, phLdrMod); + + LogFlow(("SUPR3HardenedLdrLoadAppPriv: returns %Rrc\n", rc)); + return rc; +} + Index: /trunk/src/VBox/Main/ConsoleVRDPServer.cpp =================================================================== --- /trunk/src/VBox/Main/ConsoleVRDPServer.cpp (revision 12422) +++ /trunk/src/VBox/Main/ConsoleVRDPServer.cpp (revision 12423) @@ -1949,5 +1949,5 @@ if (!mVRDPLibrary) { - rc = RTLdrLoadAppSharedLib ("VBoxVRDP", &mVRDPLibrary); + rc = SUPR3HardenedLdrLoadAppPriv ("VBoxVRDP", &mVRDPLibrary); if (VBOX_SUCCESS(rc)) Index: /trunk/src/VBox/Main/hgcm/HGCM.cpp =================================================================== --- /trunk/src/VBox/Main/hgcm/HGCM.cpp (revision 12422) +++ /trunk/src/VBox/Main/hgcm/HGCM.cpp (revision 12423) @@ -131,5 +131,5 @@ static DECLCALLBACK(void) svcHlpCallComplete (VBOXHGCMCALLHANDLE callHandle, int32_t rc); static DECLCALLBACK(void) svcHlpDisconnectClient (void *pvInstance, uint32_t u32ClientId); - + public: @@ -253,5 +253,5 @@ } - int rc = RTLdrLoadAppSharedLib (m_pszSvcLibrary, &m_hLdrMod); + int rc = SUPR3HardenedLdrLoadAppPriv (m_pszSvcLibrary, &m_hLdrMod); if (VBOX_SUCCESS(rc)) @@ -716,5 +716,5 @@ { HGCMService *pService = static_cast (pvInstance); - + if (pService) { Index: /trunk/src/VBox/Runtime/common/ldr/ldrNative.cpp =================================================================== --- /trunk/src/VBox/Runtime/common/ldr/ldrNative.cpp (revision 12422) +++ /trunk/src/VBox/Runtime/common/ldr/ldrNative.cpp (revision 12423) @@ -137,80 +137,64 @@ /** - * Loads a dynamic load library (/shared object) image file using native - * OS facilities. - * - * If the path is specified in the filename, only this path is used. - * If only the image file name is specified, then try to load it from: - * - RTPathAppPrivateArch - * - RTPathSharedLibs (legacy) + * Loads a dynamic load library (/shared object) image file residing in the + * RTPathAppPrivateArch() directory. + * + * Suffix is not required. * * @returns iprt status code. - * @param pszFilename Image filename. + * @param pszFilename Image filename. No path. * @param phLdrMod Where to store the handle to the loaded module. */ -RTDECL(int) RTLdrLoadAppSharedLib(const char *pszFilename, PRTLDRMOD phLdrMod) -{ - LogFlow(("RTLdrLoadAppSharedLib: pszFilename=%p:{%s} phLdrMod=%p\n", pszFilename, pszFilename, phLdrMod)); +RTDECL(int) RTLdrLoadAppPriv(const char *pszFilename, PRTLDRMOD phLdrMod) +{ + LogFlow(("RTLdrLoadAppPriv: pszFilename=%p:{%s} phLdrMod=%p\n", pszFilename, pszFilename, phLdrMod)); /* * Validate input. */ - AssertMsgReturn(VALID_PTR(pszFilename), ("pszFilename=%p\n", pszFilename), VERR_INVALID_PARAMETER); - AssertMsgReturn(VALID_PTR(phLdrMod), ("phLdrMod=%p\n", phLdrMod), VERR_INVALID_PARAMETER); - - /* - * If a path is specified, just load the file. - */ - if (RTPathHavePath(pszFilename)) - return RTLdrLoad(pszFilename, phLdrMod); - - /* - * By default nothing is found. - */ - int rc = VERR_FILE_NOT_FOUND; + AssertPtrReturn(phLdrMod, VERR_INVALID_PARAMETER); *phLdrMod = NIL_RTLDRMOD; - - /* - * Try default locations. - */ - int i; - for (i = 0;; i++) + AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER); + AssertMsgReturn(!RTPathHavePath(pszFilename), ("%s\n", pszFilename), VERR_INVALID_PARAMETER); + + /* + * Check the filename. + */ + size_t cchFilename = strlen(pszFilename); + AssertMsgReturn(cchFilename > (RTPATH_MAX / 4) * 3, ("%zu\n", cchFilename), VERR_INVALID_PARAMETER); + + const char *pszExt = ""; + size_t cchExt = 0; + if (!RTPathHaveExt(pszFilename)) { - /* - * Get the appropriate base path. - */ - char szBase[RTPATH_MAX]; - if (i == 0) - rc = RTPathAppPrivateArch(szBase, sizeof (szBase)); - else if (i == 1) - rc = RTPathSharedLibs(szBase, sizeof (szBase)); - else - break; - - if (RT_SUCCESS(rc)) - { - /* - * Got the base path. Construct szPath = pszBase + pszFilename - */ - char szPath[RTPATH_MAX]; - rc = RTPathAbsEx(szBase, pszFilename, szPath, sizeof (szPath)); - if (RT_SUCCESS(rc)) - { - /* - * Finally try to load the image file. - */ - rc = RTLdrLoad(szPath, phLdrMod); - if (RT_SUCCESS(rc)) - { - /* - * Successfully loaded the image file. - */ - LogFlow(("Library loaded: [%s]\n", szPath)); - break; - } - } - } + pszExt = RTLdrGetSuff(); + cchExt = strlen(pszExt); } - LogFlow(("RTLdrLoadAppSharedLib: returns %Rrc\n", rc)); + + /* + * Construct the private arch path and check if the file exists. + */ + char szPath[RTPATH_MAX]; + int rc = RTPathAppPrivateArch(szPath, sizeof(szPath) - 1 - cchExt - cchFilename); + AssertRCReturn(rc, rc); + + char *psz = strchr(szPath, '\0'); + *psz++ = RTPATH_SLASH; + memcpy(psz, pszFilename, cchFilename); + psz += cchFilename; + memcpy(psz, pszExt, cchExt + 1); + + if (!RTPathExists(szPath)) + { + LogRel(("RTLdrLoadAppPriv: \"%s\" not found\n", szPath)); + return VERR_FILE_NOT_FOUND; + } + + /* + * Pass it on to RTLdrLoad. + */ + rc = RTLdrLoad(szPath, phLdrMod); + + LogFlow(("RTLdrLoadAppPriv: returns %Rrc\n", rc)); return rc; }