psldt.c File Reference

#include "psp.h"

Go to the source code of this file.

Defines
#define	DESCRIPTOR_GRAN   0x00800000
#define	DESCRIPTOR_NP   0x00008000
#define	DESCRIPTOR_SYSTEM   0x00001000
#define	DESCRIPTOR_CONFORM   0x00001C00
#define	DESCRIPTOR_DPL   0x00006000
#define	DESCRIPTOR_TYPEDPL   0x00007F00
Functions
PLDT_ENTRY	PspCreateLdt (IN PLDT_ENTRY Ldt, IN ULONG Offset, IN ULONG Size, IN ULONG AllocationSize)
BOOLEAN	PspIsDescriptorValid (IN PLDT_ENTRY Descriptor)
NTSTATUS	PspLdtInitialize ()
NTSTATUS	PspQueryLdtInformation (IN PEPROCESS Process, OUT PPROCESS_LDT_INFORMATION LdtInformation, IN ULONG LdtInformationLength, OUT PULONG ReturnLength)
NTSTATUS	PspSetLdtSize (IN PEPROCESS Process, IN PPROCESS_LDT_SIZE LdtSize, IN ULONG LdtSizeLength)
NTSTATUS	PspSetLdtInformation (IN PEPROCESS Process, IN PPROCESS_LDT_INFORMATION LdtInformation, IN ULONG LdtInformationLength)
NTSTATUS	PspQueryDescriptorThread (PETHREAD Thread, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength)
VOID	PspDeleteLdt (IN PEPROCESS Process)
NTSTATUS	NtSetLdtEntries (IN ULONG Selector0, IN ULONG Entry0Low, IN ULONG Entry0Hi, IN ULONG Selector1, IN ULONG Entry1Low, IN ULONG Entry1Hi)
Variables
KMUTEX	LdtMutex

---

Define Documentation

#define DESCRIPTOR_CONFORM   0x00001C00

Definition at line 46 of file i386/psldt.c. Referenced by NtSetLdtEntries().

#define DESCRIPTOR_DPL   0x00006000

Definition at line 47 of file i386/psldt.c. Referenced by NtSetLdtEntries().

#define DESCRIPTOR_GRAN   0x00800000

Definition at line 43 of file i386/psldt.c. Referenced by NtSetLdtEntries().

#define DESCRIPTOR_NP   0x00008000

Definition at line 44 of file i386/psldt.c. Referenced by NtSetLdtEntries().

#define DESCRIPTOR_SYSTEM   0x00001000

Definition at line 45 of file i386/psldt.c. Referenced by NtSetLdtEntries().

#define DESCRIPTOR_TYPEDPL   0x00007F00

Definition at line 48 of file i386/psldt.c. Referenced by NtSetLdtEntries().

---

Function Documentation

NTSTATUS NtSetLdtEntries (  IN ULONG  Selector0, IN ULONG  Entry0Low, IN ULONG  Entry0Hi, IN ULONG  Selector1, IN ULONG  Entry1Low, IN ULONG  Entry1Hi )

Definition at line 1235 of file i386/psldt.c. References ASSERT, DESCRIPTOR_CONFORM, DESCRIPTOR_DPL, DESCRIPTOR_GRAN, DESCRIPTOR_NP, DESCRIPTOR_SYSTEM, DESCRIPTOR_TYPEDPL, ExAllocatePool, EXCEPTION_EXECUTE_HANDLER, Executive, ExFreePool(), FALSE, Ke386SetDescriptorProcess(), Ke386SetLdtProcess(), KeReleaseMutex(), KernelMode, KeWaitForSingleObject(), L, _EPROCESS::LdtInformation, LdtMutex, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SIZE, PAGED_CODE, PagedPool, _EPROCESS::Pcb, PsChargePoolQuota(), PsGetCurrentProcess, and Status. 01245 : 01246 01247 This routine sets up to two selectors in the current process's LDT. 01248 The LDT will be grown as necessary. A selector value of 0 indicates 01249 that the specified selector was not passed (allowing the setting of 01250 a single selector). 01251 01252 Arguments: 01253 01254 Selector0 -- Supplies the number of the first descriptor to set 01255 Entry0Low -- Supplies the low 32 bits of the descriptor 01256 Entry0Hi -- Supplies the high 32 bits of the descriptor 01257 Selector1 -- Supplies the number of the first descriptor to set 01258 Entry1Low -- Supplies the low 32 bits of the descriptor 01259 Entry1Hi -- Supplies the high 32 bits of the descriptor 01260 01261 Return Value: 01262 01263 TBS 01264 --*/ 01265 01266 { 01267 ULONG Base, Limit, LdtSize, AllocatedSize; 01268 NTSTATUS Status; 01269 PEPROCESS Process; 01270 LDT_ENTRY Descriptor; 01271 PLDT_ENTRY Ldt, OldLdt; 01272 PLDTINFORMATION ProcessLdtInformation; 01273 LONG MutexState; 01274 01275 PAGED_CODE(); 01276 01277 // 01278 // Verify the selectors. We do not allow selectors that point into 01279 // Kernel space, system selectors, or conforming code selectors 01280 // 01281 01282 // 01283 // Verify the selectors 01284 // 01285 if ((Selector0 & 0xFFFF0000) || (Selector1 & 0xFFFF0000)) { 01286 return STATUS_INVALID_LDT_DESCRIPTOR; 01287 } 01288 01289 // Change the selector values to indexes into the LDT 01290 01291 Selector0 = Selector0 & ~(RPL_MASK | SELECTOR_TABLE_INDEX); 01292 Selector1 = Selector1 & ~(RPL_MASK | SELECTOR_TABLE_INDEX); 01293 01294 01295 // 01296 // Verify descriptor 0 01297 // 01298 01299 if (Selector0) { 01300 01301 // Form the base and the limit 01302 Base = ((Entry0Low & 0xFFFF0000) >> 16) + ((Entry0Hi & 0xFF) << 16) 01303 + (Entry0Hi & 0xFF000000); 01304 01305 Limit = (Entry0Low & 0xFFFF) + (Entry0Hi & 0xF0000); 01306 01307 // N.B. the interpretation of the limit depends on the G bit 01308 // in the descriptor 01309 01310 if (Entry0Hi & DESCRIPTOR_GRAN) { 01311 Limit = (Limit << 12) | 0xFFF; 01312 } 01313 01314 // 01315 // Base and limit don't matter for NP descriptors, so only check 01316 // for present descriptors 01317 // 01318 if (Entry0Hi & DESCRIPTOR_NP) { 01319 01320 // Check descriptor base and limit 01321 if (((PVOID)Base > MM_HIGHEST_USER_ADDRESS) 01322 || ((PVOID)Base > (PVOID) (Base + Limit)) 01323 || ((PVOID)(Base + Limit) > MM_HIGHEST_USER_ADDRESS)) 01324 { 01325 return STATUS_INVALID_LDT_DESCRIPTOR; 01326 } 01327 01328 } 01329 // 01330 // If type and DPL are 0, this is an invalid descriptor, otherwise, 01331 // we have to check the type (invalid from the standpoint of a 01332 // descriptor created to generate a GP fault) 01333 // 01334 01335 if (Entry0Hi & DESCRIPTOR_TYPEDPL) { 01336 01337 // No system descriptors (system descriptors have system bit = 0) 01338 if (!(Entry0Hi & DESCRIPTOR_SYSTEM)) { 01339 return STATUS_INVALID_LDT_DESCRIPTOR; 01340 } 01341 01342 // No conforming code 01343 if ((Entry0Hi & DESCRIPTOR_CONFORM) == DESCRIPTOR_CONFORM) { 01344 return STATUS_INVALID_LDT_DESCRIPTOR; 01345 } 01346 01347 // Dpl must be 3 01348 if ((Entry0Hi & DESCRIPTOR_DPL) != DESCRIPTOR_DPL) { 01349 return STATUS_INVALID_LDT_DESCRIPTOR; 01350 } 01351 } 01352 } 01353 01354 // 01355 // Verify descriptor 1 01356 // 01357 01358 if (Selector1) { 01359 01360 // Form the base and the limit 01361 Base = ((Entry1Low & 0xFFFF0000) >> 16) + ((Entry1Hi & 0xFF) << 16) 01362 + (Entry1Hi & 0xFF000000); 01363 01364 Limit = (Entry1Low & 0xFFFF) + (Entry1Hi & 0xF0000); 01365 01366 // N.B. the interpretation of the limit depends on the G bit 01367 // in the descriptor 01368 01369 if (Entry1Hi & DESCRIPTOR_GRAN) { 01370 Limit = (Limit << 12) | 0xFFF; 01371 } 01372 01373 // 01374 // Base and limit don't matter for NP descriptor, so only check 01375 // for present descriptors 01376 // 01377 if (Entry1Hi & DESCRIPTOR_NP) { 01378 01379 // Check descriptor base and limit 01380 if (((PVOID)Base > MM_HIGHEST_USER_ADDRESS) 01381 || ((PVOID)Base > (PVOID) (Base + Limit)) 01382 || ((PVOID)(Base + Limit) > MM_HIGHEST_USER_ADDRESS)) 01383 { 01384 return STATUS_INVALID_LDT_DESCRIPTOR; 01385 } 01386 } 01387 // 01388 // If type and DPL are 0, this is an invalid descriptor, otherwise, 01389 // we have to check the type (invalid from the standpoint of a 01390 // descriptor created to generate a GP fault) 01391 // 01392 01393 if (Entry1Hi & DESCRIPTOR_TYPEDPL) { 01394 01395 // No system descriptors (system descriptors have system bit = 0) 01396 if (!(Entry1Hi & DESCRIPTOR_SYSTEM)) { 01397 return STATUS_INVALID_LDT_DESCRIPTOR; 01398 } 01399 01400 // No conforming code 01401 if ((Entry1Hi & DESCRIPTOR_CONFORM) == DESCRIPTOR_CONFORM) { 01402 return STATUS_INVALID_LDT_DESCRIPTOR; 01403 } 01404 01405 // Dpl must be 3 01406 if ((Entry1Hi & DESCRIPTOR_DPL) != DESCRIPTOR_DPL) { 01407 return STATUS_INVALID_LDT_DESCRIPTOR; 01408 } 01409 } 01410 } 01411 01412 // 01413 // Acquire the LDT mutex. 01414 // 01415 01416 Status = KeWaitForSingleObject( 01417 &LdtMutex, 01418 Executive, 01419 KernelMode, 01420 FALSE, 01421 NULL 01422 ); 01423 if ( !NT_SUCCESS(Status) ) { 01424 return Status; 01425 } 01426 01427 // 01428 // Figure out how large the LDT needs to be 01429 // 01430 01431 if (Selector0 > Selector1) { 01432 LdtSize = Selector0 + sizeof(LDT_ENTRY); 01433 } else { 01434 LdtSize = Selector1 + sizeof(LDT_ENTRY); 01435 } 01436 01437 Process = PsGetCurrentProcess(); 01438 ProcessLdtInformation = Process->LdtInformation; 01439 01440 // 01441 // Most of the time, the process will already have an LDT, and it 01442 // will be large enough. for this, we just set the descriptors and 01443 // return 01444 // 01445 01446 if (ProcessLdtInformation) { 01447 01448 // 01449 // If the LDT descriptor does not have to be modified. 01450 // 01451 if (ProcessLdtInformation->Size >= LdtSize) { 01452 if (Selector0) { 01453 01454 *((PULONG)(&Descriptor)) = Entry0Low; 01455 *(((PULONG)(&Descriptor)) + 1) = Entry0Hi; 01456 01457 Ke386SetDescriptorProcess( 01458 &(Process->Pcb), 01459 Selector0, 01460 Descriptor 01461 ); 01462 } 01463 01464 if (Selector1) { 01465 01466 *((PULONG)(&Descriptor)) = Entry1Low; 01467 *(((PULONG)(&Descriptor)) + 1) = Entry1Hi; 01468 01469 Ke386SetDescriptorProcess( 01470 &(Process->Pcb), 01471 Selector1, 01472 Descriptor 01473 ); 01474 } 01475 01476 MutexState = KeReleaseMutex( &LdtMutex, FALSE ); 01477 ASSERT(( MutexState == 0 )); 01478 return STATUS_SUCCESS; 01479 01480 // 01481 // Else if the Ldt will fit in the memory currently allocated 01482 // 01483 } else if (ProcessLdtInformation->AllocatedSize >= LdtSize) { 01484 01485 // 01486 // First remove the LDT. This will allow us to edit the memory. 01487 // We will then put the LDT back. Since we have to change the 01488 // limit anyway, it would take two calls to the kernel ldt 01489 // management minimum to set the descriptors. Each of those calls 01490 // would stall all of the processors in an MP system. If we 01491 // didn't remove the ldt first, and we were setting two descriptors, 01492 // we would have to call the LDT management 3 times (once per 01493 // descriptor, and once to change the limit of the LDT). 01494 // 01495 01496 Ke386SetLdtProcess( 01497 &(Process->Pcb), 01498 NULL, 01499 0L 01500 ); 01501 01502 // 01503 // Set the Descriptors in the LDT 01504 // 01505 if (Selector0) { 01506 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector0/sizeof(LDT_ENTRY)]))) = Entry0Low; 01507 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector0/sizeof(LDT_ENTRY)])) + 1) = 01508 Entry0Hi; 01509 } 01510 01511 if (Selector1) { 01512 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector1/sizeof(LDT_ENTRY)]))) = Entry1Low; 01513 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector1/sizeof(LDT_ENTRY)])) + 1) = 01514 Entry1Hi; 01515 } 01516 01517 // 01518 // Set the LDT for the process 01519 // 01520 01521 ProcessLdtInformation->Size = LdtSize; 01522 01523 Ke386SetLdtProcess( 01524 &(Process->Pcb), 01525 ProcessLdtInformation->Ldt, 01526 ProcessLdtInformation->Size 01527 ); 01528 01529 MutexState = KeReleaseMutex( &LdtMutex, FALSE ); 01530 ASSERT(( MutexState == 0 )); 01531 return STATUS_SUCCESS; 01532 // 01533 // Otherwise, we have to grow the LDT allocation 01534 // 01535 } 01536 } 01537 01538 // 01539 // If the process does not yet have an LDT information structure, 01540 // allocate and attach one. 01541 // 01542 01543 OldLdt = NULL; 01544 01545 if (!Process->LdtInformation) { 01546 ProcessLdtInformation = ExAllocatePool( 01547 PagedPool, 01548 sizeof(LDTINFORMATION) 01549 ); 01550 if (ProcessLdtInformation == NULL) { 01551 goto SetLdtEntriesCleanup; 01552 } 01553 Process->LdtInformation = ProcessLdtInformation; 01554 ProcessLdtInformation->Size = 0L; 01555 ProcessLdtInformation->AllocatedSize = 0L; 01556 ProcessLdtInformation->Ldt = NULL; 01557 } 01558 01559 // 01560 // Now, we either need to create or grow an LDT, so allocate some 01561 // memory, and copy as necessary 01562 // 01563 01564 AllocatedSize = (LdtSize + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1); 01565 01566 Ldt = ExAllocatePool( 01567 PagedPool, 01568 AllocatedSize 01569 ); 01570 01571 if (Ldt) { 01572 RtlZeroMemory( 01573 Ldt, 01574 AllocatedSize 01575 ); 01576 } else { 01577 goto SetLdtEntriesCleanup; 01578 } 01579 01580 01581 if (ProcessLdtInformation->Ldt) { 01582 // 01583 // copy the contents of the old ldt 01584 // 01585 RtlMoveMemory( 01586 Ldt, 01587 ProcessLdtInformation->Ldt, 01588 ProcessLdtInformation->Size 01589 ); 01590 01591 try { 01592 PsChargePoolQuota( 01593 Process, 01594 PagedPool, 01595 AllocatedSize - ProcessLdtInformation->AllocatedSize 01596 ); 01597 } except(EXCEPTION_EXECUTE_HANDLER) { 01598 Status = GetExceptionCode(); 01599 ExFreePool(Ldt); 01600 Ldt = NULL; 01601 } 01602 01603 if (Ldt == NULL) { 01604 goto SetLdtEntriesCleanup; 01605 } 01606 01607 } else { 01608 try { 01609 PsChargePoolQuota( 01610 Process, 01611 PagedPool, 01612 AllocatedSize 01613 ); 01614 } except(EXCEPTION_EXECUTE_HANDLER) { 01615 Status = GetExceptionCode(); 01616 ExFreePool(Ldt); 01617 Ldt = NULL; 01618 } 01619 01620 if (Ldt == NULL) { 01621 goto SetLdtEntriesCleanup; 01622 } 01623 } 01624 01625 OldLdt = ProcessLdtInformation->Ldt; 01626 ProcessLdtInformation->Size = LdtSize; 01627 ProcessLdtInformation->AllocatedSize = AllocatedSize; 01628 ProcessLdtInformation->Ldt = Ldt; 01629 01630 // 01631 // Set the descriptors in the LDT 01632 // 01633 01634 if (Selector0) { 01635 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector0/sizeof(LDT_ENTRY)]))) = Entry0Low; 01636 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector0/sizeof(LDT_ENTRY)])) + 1) = 01637 Entry0Hi; 01638 } 01639 01640 if (Selector1) { 01641 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector1/sizeof(LDT_ENTRY)]))) = Entry1Low; 01642 *((PULONG)(&(ProcessLdtInformation->Ldt[Selector1/sizeof(LDT_ENTRY)])) + 1) = 01643 Entry1Hi; 01644 } 01645 01646 // 01647 // Set the LDT for the process 01648 // 01649 01650 Ke386SetLdtProcess( 01651 &(Process->Pcb), 01652 ProcessLdtInformation->Ldt, 01653 ProcessLdtInformation->Size 01654 ); 01655 01656 // 01657 // Cleanup and exit 01658 // 01659 01660 Status = STATUS_SUCCESS; 01661 01662 SetLdtEntriesCleanup: 01663 01664 if (OldLdt) { 01665 ExFreePool(OldLdt); 01666 } 01667 01668 MutexState = KeReleaseMutex( &LdtMutex, FALSE ); 01669 ASSERT(( MutexState == 0 )); 01670 return Status; 01671 01672 } }

PLDT_ENTRY PspCreateLdt (  IN PLDT_ENTRY  Ldt, IN ULONG  Offset, IN ULONG  Size, IN ULONG  AllocationSize )

Definition at line 902 of file i386/psldt.c. References ASSERT, ExAllocatePool, NULL, Offset, PAGED_CODE, PagedPool, and Size. Referenced by PspSetLdtInformation(), and PspSetLdtSize(). : This routine allocates space in paged pool for an LDT, and copies the specified selectors into it. IT DOES NOT VALIDATE THE SELECTORS. Selector validation must be done before calling this routine. IT DOES NOT CHARGE THE QUOTA FOR THE LDT. Arguments: Ldt -- Supplies a pointer to the descriptors to be put into the Ldt. Offset -- Supplies the offset in the LDT to copy the descriptors to. Size -- Supplies the actualsize of the new Ldt AllocationSize -- Supplies the size to allocate Return Value: Pointer to the new Ldt --*/ { PLDT_ENTRY NewLdt; PAGED_CODE(); ASSERT(( AllocationSize >= Size )); ASSERT(( (Size % sizeof(LDT_ENTRY)) == 0 )); NewLdt = ExAllocatePool( PagedPool, AllocationSize ); if (NewLdt == NULL) { return NewLdt; } RtlZeroMemory( NewLdt, AllocationSize ); RtlMoveMemory( (PCHAR)NewLdt + Offset, Ldt, Size - Offset ); return NewLdt; }

VOID PspDeleteLdt (  IN PEPROCESS  Process  )

Definition at line 1202 of file i386/psldt.c. References ExFreePool(), NULL, and PAGED_CODE. : This routine frees the paged pool associated with a process' Ldt, if it has one. Arguments: Process -- Supplies a pointer to the process Return Value: None --*/ { PLDTINFORMATION LdtInformation; PAGED_CODE(); LdtInformation = Process->LdtInformation; if ( LdtInformation != NULL ) { if ( LdtInformation->Ldt != NULL ) { ExFreePool( LdtInformation->Ldt ); } ExFreePool( LdtInformation ); } }

BOOLEAN PspIsDescriptorValid (  IN PLDT_ENTRY  Descriptor  )

Definition at line 952 of file i386/psldt.c. References FALSE, PAGED_CODE, and TRUE. Referenced by PspSetLdtInformation(). : This function determines if the supplied descriptor is valid to put into a process Ldt. For the descriptor to be valid it must have the following characteristics: Base < MM_HIGHEST_USER_ADDRESS Base + Limit < MM_HIGHEST_USER_ADDRESS Type must be ReadWrite, ReadOnly, ExecuteRead, ExecuteOnly, or Invalid big or small normal or grow down Not a system descriptor (system bit is 1 == application) This rules out all gates, etc Not conforming DPL must be 3 Arguments: Descriptor -- Supplies a pointer to the descriptor to check Return Value: True if the descriptor is valid (note: valid to put into an LDT. This includes Invalid descriptors) False if not --*/ { ULONG Base; ULONG Limit; PAGED_CODE(); // // if descriptor is an invalid descriptor // if ( (Descriptor->HighWord.Bits.Type == 0) && (Descriptor->HighWord.Bits.Dpl == 0) ) { return TRUE; } Base = Descriptor->BaseLow | (Descriptor->HighWord.Bytes.BaseMid << 16) | (Descriptor->HighWord.Bytes.BaseHi << 24); Limit = Descriptor->LimitLow | (Descriptor->HighWord.Bits.LimitHi << 16); // // Only have to check for present selectors // if (Descriptor->HighWord.Bits.Pres) { ULONG ActualLimit; if ( (PVOID)Base > MM_HIGHEST_USER_ADDRESS ) { return FALSE; } ActualLimit = (Limit << (Descriptor->HighWord.Bits.Granularity * 12)) + 0xFFF * Descriptor->HighWord.Bits.Granularity; if ( (Base > (Base + ActualLimit)) || ((PVOID)(Base + ActualLimit) > MM_HIGHEST_USER_ADDRESS) ) { return FALSE; } } // // if descriptor is a system descriptor (which includes gates) // if bit 4 of the Type field is 0, then it's a system descriptor, // and we don't like it. // if ( ! (Descriptor->HighWord.Bits.Type & 0x10)) { return FALSE; } // // if descriptor is conforming code // if ( ((Descriptor->HighWord.Bits.Type & 0x18) == 0x18) && (Descriptor->HighWord.Bits.Type & 0x4)) { return FALSE; } // // if Dpl is not 3 // if ( Descriptor->HighWord.Bits.Dpl != 3 ) { return FALSE; } return TRUE; }

NTSTATUS PspLdtInitialize (   )

Definition at line 84 of file i386/psldt.c. References KeInitializeMutex(), LdtMutex, and MUTEX_LEVEL_PS_LDT. Referenced by PspInitPhase0(). : This routine initializes the Ldt support for the x86 Arguments: None Return Value: TBS --*/ { KeInitializeMutex( &LdtMutex, MUTEX_LEVEL_PS_LDT ); return STATUS_SUCCESS; }

NTSTATUS PspQueryDescriptorThread (  PETHREAD  Thread, PVOID  ThreadInformation, ULONG  ThreadInformationLength, PULONG  ReturnLength )

Definition at line 1061 of file i386/psldt.c. References ASSERT, EXCEPTION_EXECUTE_HANDLER, Executive, FALSE, Ke386GetGdtEntryThread(), KeReleaseMutex(), KernelMode, KeWaitForSingleObject(), _EPROCESS::LdtInformation, LdtMutex, NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, Status, _ETHREAD::Tcb, THREAD_TO_PROCESS, and TRUE. : This function retrieves a descriptor table entry for the specified thread. This entry may be in either the Gdt or the Ldt, as specfied by the supplied selector Arguments: Thread -- Supplies a pointer to the thread. ThreadInformation -- Supplies information on the descriptor. ThreadInformationLength -- Supplies the length of the information. ReturnLength -- Returns the number of bytes returned. Return Value: TBS --*/ { DESCRIPTOR_TABLE_ENTRY DescriptorEntry; PEPROCESS Process; BOOLEAN ReturnNow = FALSE; LONG MutexState; NTSTATUS Status; PAGED_CODE(); ASSERT( sizeof(KGDTENTRY) == sizeof(LDT_ENTRY) ); // // Verify parameters // if ( ThreadInformationLength != sizeof(DESCRIPTOR_TABLE_ENTRY) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DescriptorEntry = *(PDESCRIPTOR_TABLE_ENTRY)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER){ ReturnNow = TRUE; } if (ReturnNow) { return STATUS_SUCCESS; } Status = STATUS_SUCCESS; // // If its a Gdt entry, let the kernel find it for us // if ( !(DescriptorEntry.Selector & SELECTOR_TABLE_INDEX) ) { if ( (DescriptorEntry.Selector & 0xFFFFFFF8) >= KGDT_NUMBER * sizeof(KGDTENTRY) ) { return STATUS_ACCESS_VIOLATION; } try { Ke386GetGdtEntryThread( &(Thread->Tcb), DescriptorEntry.Selector & 0xFFFFFFF8, (PKGDTENTRY) &(((PDESCRIPTOR_TABLE_ENTRY)ThreadInformation)->Descriptor) ); if ( ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(LDT_ENTRY); } } except(EXCEPTION_EXECUTE_HANDLER) { // We want to return STATUS_SUCCESS (see module notes), so // do nothing and fall out of if. } } else { // // it's an Ldt entry, so copy it from the ldt // Process = THREAD_TO_PROCESS(Thread); // // Acquire the Ldt Mutex // Status = KeWaitForSingleObject( &LdtMutex, Executive, KernelMode, FALSE, NULL ); if ( !(NT_SUCCESS(Status)) ) { return Status; } if ( Process->LdtInformation == NULL ) { // If there is no Ldt Status = STATUS_NO_LDT; } else if ( (DescriptorEntry.Selector & 0xFFFFFFF8) >= ((PLDTINFORMATION)(Process->LdtInformation))->Size ) { // Else If the selector is outside the table Status = STATUS_ACCESS_VIOLATION; } else try { // Else return the contents of the descriptor RtlMoveMemory( &(((PDESCRIPTOR_TABLE_ENTRY)ThreadInformation)->Descriptor), (PCHAR)(((PLDTINFORMATION)(Process->LdtInformation))->Ldt) + (DescriptorEntry.Selector & 0xFFFFFFF8), sizeof(LDT_ENTRY) ); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = sizeof(LDT_ENTRY); } } except(EXCEPTION_EXECUTE_HANDLER) { // We want to return STATUS_SUCCESS (see module notes), so // do nothing and fall out of if. } MutexState = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT(( MutexState == 0 )); } return Status; }

NTSTATUS PspQueryLdtInformation (  IN PEPROCESS  Process, OUT PPROCESS_LDT_INFORMATION  LdtInformation, IN ULONG  LdtInformationLength, OUT PULONG  ReturnLength )

Definition at line 108 of file i386/psldt.c. References ASSERT, EXCEPTION_EXECUTE_HANDLER, Executive, FALSE, KeReleaseMutex(), KernelMode, KeWaitForSingleObject(), LdtMutex, NT_SUCCESS, NTSTATUS(), NULL, PAGED_CODE, Start, Status, and TRUE. : This function performs the work for the Ldt portion of the query process information function. It copies the contents of the Ldt for the specified process into the users buffer, up to the length of the buffer. Arguments: Process -- Supplies a pointer to the process to return LDT info for LdtInformation -- Supplies a pointer to the buffer ReturnLength -- Returns the number of bytes put into the buffer Return Value: TBS --*/ { ULONG CopyLength, CopyEnd; NTSTATUS Status; ULONG HeaderLength; ULONG Length, Start; LONG MutexStatus; PLDTINFORMATION ProcessLdtInfo; BOOLEAN ReturnNow = FALSE; PAGED_CODE(); // // Verify the parameters // if ( LdtInformationLength < (ULONG)sizeof(PROCESS_LDT_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; } // // This portion of the parameters may be in user space // try { // // Capture parameters // Length = LdtInformation->Length; Start = LdtInformation->Start; } except(EXCEPTION_EXECUTE_HANDLER) { ReturnNow = TRUE; } if (ReturnNow) { return STATUS_SUCCESS; } // // The buffer containing the Ldt entries must be in the information // structure. We subtract one Ldt entry, because the structure is // declared to contain one. // if (LdtInformationLength - sizeof(PROCESS_LDT_INFORMATION) + sizeof(LDT_ENTRY) < Length) { return STATUS_INFO_LENGTH_MISMATCH; } // An Ldt entry is a processor structure, and must be 8 bytes long ASSERT((sizeof(LDT_ENTRY) == 8)); // // The length of the structure must be an even number of Ldt entries // if (Length % sizeof(LDT_ENTRY)) { return STATUS_INVALID_LDT_SIZE; } // // The information to get from the Ldt must start on an Ldt entry // boundary. // if (Start % sizeof(LDT_ENTRY)) { return STATUS_INVALID_LDT_OFFSET; } // // Acquire the Ldt mutex // Status = KeWaitForSingleObject( &LdtMutex, Executive, KernelMode, FALSE, NULL ); if ( !NT_SUCCESS(Status) ) { return Status; } ProcessLdtInfo = Process->LdtInformation; // // If the process has an Ldt // if (( ProcessLdtInfo) && (ProcessLdtInfo->Size )) { ASSERT ((ProcessLdtInfo->Ldt)); // // Set the end of the copy to be the smaller of: // the end of the information the user requested or // the end of the information that is actually there // if (ProcessLdtInfo->Size < Start) { CopyEnd = Start; } else if (ProcessLdtInfo->Size - Start > Length) { CopyEnd = Length + Start; } else { CopyEnd = ProcessLdtInfo->Size; } CopyLength = CopyEnd - Start; try { // // Set the length field to the actual length of the Ldt // LdtInformation->Length = ProcessLdtInfo->Size; // // Copy the contents of the Ldt into the user's buffer // if (CopyLength) { RtlMoveMemory( &(LdtInformation->LdtEntries), (PCHAR)ProcessLdtInfo->Ldt + Start, CopyLength ); } } except(EXCEPTION_EXECUTE_HANDLER) { ReturnNow = TRUE; MutexStatus = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT(( MutexStatus == 0 )); } if (ReturnNow) { return STATUS_SUCCESS; } } else { // // There is no Ldt // CopyLength = 0; try { LdtInformation->Length = 0; } except(EXCEPTION_EXECUTE_HANDLER) { ReturnNow = TRUE; MutexStatus = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT(( MutexStatus == 0 )); } if (ReturnNow) { return STATUS_SUCCESS; } } // // Set the length of the information returned // if ( ARGUMENT_PRESENT(ReturnLength) ) { try { HeaderLength = (PCHAR)(&(LdtInformation->LdtEntries)) - (PCHAR)(&(LdtInformation->Start)); *ReturnLength = CopyLength + HeaderLength; } except(EXCEPTION_EXECUTE_HANDLER){ // We don't do anything here because we want to return success } } MutexStatus = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT(( MutexStatus == 0 )); return STATUS_SUCCESS; }

NTSTATUS PspSetLdtInformation (  IN PEPROCESS  Process, IN PPROCESS_LDT_INFORMATION  LdtInformation, IN ULONG  LdtInformationLength )

Definition at line 503 of file i386/psldt.c. References ASSERT, ExAllocatePool, EXCEPTION_EXECUTE_HANDLER, Executive, ExFreePool(), FALSE, Ke386SetDescriptorProcess(), Ke386SetLdtProcess(), KeReleaseMutex(), KernelMode, KeWaitForSingleObject(), LdtMutex, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SIZE, PAGED_CODE, PagedPool, PsChargePoolQuota(), PspCreateLdt(), PspIsDescriptorValid(), PsReturnPoolQuota(), Size, and Status. : This function alters the ldt for a specified process. It can alter portions of the LDT, or the whole LDT. If an Ldt is created or grown, the specified process will be charged the quota for the LDT. Each descriptor that is set will be verified. Arguments: Process -- Supplies a pointer to the process whose Ldt is to be modified LdtInformation -- Supplies a pointer to the information about the Ldt modifications LdtInformationLength -- Supplies the length of the LdtInformation structure. Return Value: TBS --*/ { NTSTATUS Status; PLDT_ENTRY OldLdt = NULL; ULONG OldSize = 0; ULONG AllocatedSize; ULONG Size; ULONG MutexState; ULONG LdtOffset; PLDT_ENTRY CurrentDescriptor; PPROCESS_LDT_INFORMATION LdtInfo; PLDTINFORMATION ProcessLdtInfo; PLDT_ENTRY Ldt; PAGED_CODE(); if ( LdtInformationLength < (ULONG)sizeof( PROCESS_LDT_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } Status = STATUS_SUCCESS; // // alocate a local buffer to capture the ldt information to // try { LdtInfo = ExAllocatePool( PagedPool, LdtInformationLength ); if (LdtInfo) { // // Copy the information the user is supplying // RtlMoveMemory( LdtInfo, LdtInformation, LdtInformationLength ); } } except(EXCEPTION_EXECUTE_HANDLER) { if (LdtInfo) { ExFreePool(LdtInfo); } Status = GetExceptionCode(); } // // If the capture didn't succeed // if (!NT_SUCCESS(Status)) { if (Status == STATUS_ACCESS_VIOLATION) { return STATUS_SUCCESS; } else { return Status; } } if (LdtInfo == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } // // Verify that the Start and Length are plausible // if (LdtInfo->Start & 0xFFFF0000) { return STATUS_INVALID_LDT_OFFSET; } if (LdtInfo->Length & 0xFFFF0000) { return STATUS_INVALID_LDT_SIZE; } // // Insure that the buffer it large enough to contain the specified number // of selectors. // if (LdtInformationLength - sizeof(PROCESS_LDT_INFORMATION) + sizeof(LDT_ENTRY) < LdtInfo->Length) { ExFreePool(LdtInfo); return STATUS_INFO_LENGTH_MISMATCH; } // // The info to set must be an integral number of selectors // if (LdtInfo->Length % sizeof(LDT_ENTRY)) { ExFreePool(LdtInfo); return STATUS_INVALID_LDT_SIZE; } // // The beginning of the info must be on a selector boundary // if (LdtInfo->Start % sizeof(LDT_ENTRY)) { ExFreePool(LdtInfo); return STATUS_INVALID_LDT_OFFSET; } // // Verify all of the descriptors. // for (CurrentDescriptor = LdtInfo->LdtEntries; (PCHAR)CurrentDescriptor < (PCHAR)LdtInfo->LdtEntries + LdtInfo->Length; CurrentDescriptor++ ) { if (!PspIsDescriptorValid( CurrentDescriptor )) { ExFreePool(LdtInfo); return STATUS_INVALID_LDT_DESCRIPTOR; } } // // Acquire the Ldt Mutex // Status = KeWaitForSingleObject( &LdtMutex, Executive, KernelMode, FALSE, NULL ); if ( !(NT_SUCCESS(Status)) ) { return Status; } ProcessLdtInfo = Process->LdtInformation; // // If the process doen't have an Ldt information structure, allocate // one and attach it to the process // if ( ProcessLdtInfo == NULL ) { ProcessLdtInfo = ExAllocatePool( PagedPool, sizeof(LDTINFORMATION) ); if ( ProcessLdtInfo == NULL ) { goto SetInfoCleanup; } Process->LdtInformation = ProcessLdtInfo; RtlZeroMemory( ProcessLdtInfo, sizeof(LDTINFORMATION) ); } // // If we are supposed to remove the LDT // if ( LdtInfo->Length == 0 ) { // // Remove the process' Ldt // if ( ProcessLdtInfo->Ldt ) { OldSize = ProcessLdtInfo->AllocatedSize; OldLdt = ProcessLdtInfo->Ldt; ProcessLdtInfo->AllocatedSize = 0; ProcessLdtInfo->Size = 0; ProcessLdtInfo->Ldt = NULL; Ke386SetLdtProcess( &(Process->Pcb), NULL, 0 ); PsReturnPoolQuota( Process, PagedPool, OldSize ); } } else if ( ProcessLdtInfo->Ldt == NULL ) { // // Create a new Ldt for the process // // // Allocate an integral number of pages for the LDT. // ASSERT(((PAGE_SIZE % 2) == 0)); AllocatedSize = (LdtInfo->Start + LdtInfo->Length + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1); Size = LdtInfo->Start + LdtInfo->Length; Ldt = PspCreateLdt( LdtInfo->LdtEntries, LdtInfo->Start, Size, AllocatedSize ); if ( Ldt == NULL ) { Status = STATUS_INSUFFICIENT_RESOURCES; goto SetInfoCleanup; } try { PsChargePoolQuota( Process, PagedPool, AllocatedSize ); } except(EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); } if (!NT_SUCCESS(Status)) { goto SetInfoCleanup; } ProcessLdtInfo->Ldt = Ldt; ProcessLdtInfo->Size = Size; ProcessLdtInfo->AllocatedSize = AllocatedSize; Ke386SetLdtProcess( &(Process->Pcb), ProcessLdtInfo->Ldt, ProcessLdtInfo->Size ); } else if ( (LdtInfo->Length + LdtInfo->Start) > ProcessLdtInfo->Size ) { // // Grow the process' Ldt // if ( (LdtInfo->Length + LdtInfo->Start) > ProcessLdtInfo->AllocatedSize ) { // // Current Ldt allocation is not large enough, so create a // new larger Ldt // OldSize = ProcessLdtInfo->AllocatedSize; Size = LdtInfo->Start + LdtInfo->Length; AllocatedSize = (Size + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1); Ldt = PspCreateLdt( ProcessLdtInfo->Ldt, 0, OldSize, AllocatedSize ); if ( Ldt == NULL ) { Status = STATUS_INSUFFICIENT_RESOURCES; goto SetInfoCleanup; } try { PsChargePoolQuota( Process, PagedPool, ProcessLdtInfo->AllocatedSize - OldSize ); } except(EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); } if (!NT_SUCCESS(Status)) { goto SetInfoCleanup; } // // Swap Ldt information // OldLdt = ProcessLdtInfo->Ldt; ProcessLdtInfo->Ldt = Ldt; ProcessLdtInfo->Size = Size; ProcessLdtInfo->AllocatedSize = AllocatedSize; // // Put new selectors into the new ldt // RtlMoveMemory( (PCHAR)(ProcessLdtInfo->Ldt) + LdtInfo->Start, LdtInfo->LdtEntries, LdtInfo->Length ); Ke386SetLdtProcess( &(Process->Pcb), ProcessLdtInfo->Ldt, ProcessLdtInfo->Size ); } else { // // Current Ldt allocation is large enough // ProcessLdtInfo->Size = LdtInfo->Length + LdtInfo->Start; Ke386SetLdtProcess( &(Process->Pcb), ProcessLdtInfo->Ldt, ProcessLdtInfo->Size ); // // Change the selectors in the table // for (LdtOffset = LdtInfo->Start, CurrentDescriptor = LdtInfo->LdtEntries; LdtOffset < LdtInfo->Start + LdtInfo->Length; LdtOffset += sizeof(LDT_ENTRY), CurrentDescriptor++ ) { Ke386SetDescriptorProcess( &(Process->Pcb), LdtOffset, *CurrentDescriptor ); } } } else { // // Simply changing some selectors // for (LdtOffset = LdtInfo->Start, CurrentDescriptor = LdtInfo->LdtEntries; LdtOffset < LdtInfo->Start + LdtInfo->Length; LdtOffset += sizeof(LDT_ENTRY), CurrentDescriptor++ ) { Ke386SetDescriptorProcess( &(Process->Pcb), LdtOffset, *CurrentDescriptor ); } Status = STATUS_SUCCESS; } SetInfoCleanup: MutexState = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT(( MutexState == 0 )); if (OldLdt != NULL) { ExFreePool(OldLdt); } if (LdtInfo != NULL) { ExFreePool(LdtInfo); } return Status; }

NTSTATUS PspSetLdtSize (  IN PEPROCESS  Process, IN PPROCESS_LDT_SIZE  LdtSize, IN ULONG  LdtSizeLength )

Definition at line 308 of file i386/psldt.c. References ASSERT, EXCEPTION_EXECUTE_HANDLER, Executive, ExFreePool(), FALSE, Ke386SetLdtProcess(), KeReleaseMutex(), KernelMode, KeWaitForSingleObject(), LdtMutex, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SIZE, PAGED_CODE, PagedPool, PspCreateLdt(), PsReturnPoolQuota(), Status, and TRUE. : This routine changes the LDT size. It will shrink the LDT, but not grow it. If the LDT shrinks by 1 or more pages from its current allocation, the LDT will be reallocated for the new smaller size. If the allocated size of the LDT changes, the quota charge for the Ldt will be reduced. Arguments: Process -- Supplies a pointer to the process whose Ldt is to be sized LdtSize -- Supplies a pointer to the size information Return Value: TBS --*/ { ULONG OldSize = 0; LONG MutexState; ULONG Length; PLDT_ENTRY OldLdt = NULL; NTSTATUS Status; PLDTINFORMATION ProcessLdtInfo; BOOLEAN ReturnNow = FALSE; PLDT_ENTRY Ldt; PAGED_CODE(); // // Verify the parameters // if ( LdtSizeLength != (ULONG)sizeof( PROCESS_LDT_SIZE ) ){ return STATUS_INFO_LENGTH_MISMATCH; } // // The following parameters may be in user space // try { // // Capture the new Ldt length // Length = LdtSize->Length; } except(EXCEPTION_EXECUTE_HANDLER){ ReturnNow = TRUE; } if (ReturnNow) { return STATUS_SUCCESS; } ASSERT((sizeof(LDT_ENTRY) == 8)); // // The Ldt must always be an integral number of LDT_ENTRIES // if (Length % sizeof(LDT_ENTRY)) { return STATUS_INVALID_LDT_SIZE; } // // Acquire the Ldt Mutex // Status = KeWaitForSingleObject( &LdtMutex, Executive, KernelMode, FALSE, NULL ); if ( !(NT_SUCCESS(Status)) ) { return Status; } // // If there isn't an Ldt we can't set the size of the LDT // ProcessLdtInfo = Process->LdtInformation; if ((ProcessLdtInfo == NULL) || (ProcessLdtInfo->Size == 0)) { MutexState = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT((MutexState == 0)); return STATUS_NO_LDT; } // // This function cannot be used to grow the Ldt // if (Length > ProcessLdtInfo->Size) { MutexState = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT((MutexState == 0)); return STATUS_INVALID_LDT_SIZE; } // // Later, we will set ProcessLdtInfo->Ldt = Ldt. We may set the value // of Ldt in the if statement below, but there is one case where we // don't // Ldt = ProcessLdtInfo->Ldt; // // Adjust the size of the LDT // ProcessLdtInfo->Size = Length; // // Free some of the Ldt memory if conditions allow // if ( Length == 0 ) { OldSize = ProcessLdtInfo->AllocatedSize; OldLdt = ProcessLdtInfo->Ldt; ProcessLdtInfo->AllocatedSize = 0; Ldt = NULL; } else if ( (ProcessLdtInfo->AllocatedSize - ProcessLdtInfo->Size) >= PAGE_SIZE ) { OldSize = ProcessLdtInfo->AllocatedSize; OldLdt = ProcessLdtInfo->Ldt; // // Calculate new Ldt size (lowest integer number of pages // large enough) // ProcessLdtInfo->AllocatedSize = (ProcessLdtInfo->Size + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1); // // Reallocate and copy the Ldt // Ldt = PspCreateLdt( ProcessLdtInfo->Ldt, 0, ProcessLdtInfo->Size, ProcessLdtInfo->AllocatedSize ); if ( Ldt == NULL ) { // We cannot reduce the allocation, but we can reduce the // Ldt selector limit (done using Ke386SetLdtProcess) Ldt = OldLdt; ProcessLdtInfo->AllocatedSize = OldSize; OldLdt = NULL; } } ProcessLdtInfo->Ldt = Ldt; // // Change the limit on the Process Ldt // Ke386SetLdtProcess( &(Process->Pcb), ProcessLdtInfo->Ldt, ProcessLdtInfo->Size ); // // If we resized the Ldt, free to old one and reduce the quota charge // if (OldLdt) { ExFreePool( OldLdt ); PsReturnPoolQuota( Process, PagedPool, OldSize - ProcessLdtInfo->AllocatedSize ); } MutexState = KeReleaseMutex( &LdtMutex, FALSE ); ASSERT((MutexState == 0)); return STATUS_SUCCESS; }

---

Variable Documentation

KMUTEX LdtMutex

Definition at line 51 of file i386/psldt.c. Referenced by NtSetLdtEntries(), PspLdtInitialize(), PspQueryDescriptorThread(), PspQueryLdtInformation(), PspSetLdtInformation(), and PspSetLdtSize().

---