2008-03-09 14:11:42 +00:00
|
|
|
/*
|
2005-01-26 13:58:37 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top directory
|
2005-05-09 01:38:29 +00:00
|
|
|
* PROJECT: ReactOS kernel
|
- Create mmsup.c in ReactOS memory manager directory. It hosts misc support functions:
- Copy kmap.c here, since it's the very definition of "misc support function"
- Copy some exported functions in mm.c which were listed as "misc functions"
- Warn that current implementation of MmIsNonPagedSystemAddressValid will kill kittens.
- Rename mm.c to mmfault.c, since other than the misc functions now in mmsup.c, it was all routines to handle page/access faults.
- Warn that MmIsAddressValid, as currently implemented, kills puppies.
- Move WriteWatch functions to virtual.c since they're part of the Virtual API system call set already hosted there.
- Move the global variables that people had been throwing in here to mminit.c, which is slightly more appropriate.
- Move wset.c's MmTrimUserMemory to balance.c, since that's where all other similar functions are located.
- Incidentally, kill wset.c, as this was the only function present.
- No functional changes, just refactoring and cleanup (other than warning the critter murder the two broken functions will achieve if called).
svn path=/trunk/; revision=41659
2009-06-28 07:52:30 +00:00
|
|
|
* FILE: ntoskrnl/mm/mmfault.c
|
2005-01-26 13:58:37 +00:00
|
|
|
* PURPOSE: Kernel memory managment functions
|
|
|
|
|
* PROGRAMMERS: David Welch (welch@cwcom.net)
|
1998-08-25 04:27:26 +00:00
|
|
|
*/
|
|
|
|
|
|
- Create mmsup.c in ReactOS memory manager directory. It hosts misc support functions:
- Copy kmap.c here, since it's the very definition of "misc support function"
- Copy some exported functions in mm.c which were listed as "misc functions"
- Warn that current implementation of MmIsNonPagedSystemAddressValid will kill kittens.
- Rename mm.c to mmfault.c, since other than the misc functions now in mmsup.c, it was all routines to handle page/access faults.
- Warn that MmIsAddressValid, as currently implemented, kills puppies.
- Move WriteWatch functions to virtual.c since they're part of the Virtual API system call set already hosted there.
- Move the global variables that people had been throwing in here to mminit.c, which is slightly more appropriate.
- Move wset.c's MmTrimUserMemory to balance.c, since that's where all other similar functions are located.
- Incidentally, kill wset.c, as this was the only function present.
- No functional changes, just refactoring and cleanup (other than warning the critter murder the two broken functions will achieve if called).
svn path=/trunk/; revision=41659
2009-06-28 07:52:30 +00:00
|
|
|
/* INCLUDES *******************************************************************/
|
1998-08-25 04:27:26 +00:00
|
|
|
|
2004-08-15 16:39:12 +00:00
|
|
|
#include <ntoskrnl.h>
|
[CACHE]
The cache manager rewrite I started years ago has finally appeared in
ReactOS' trunk and although at this point it's not quite perfectly
integrated, it's enough to boot up the bootcd or livecd. To check out
the more mature original, check out arty-newcc-reactos, branch
arty-newcc on bitbucket.org . Amine Khaldi encouraged me quite a bit
to not give up on it, and was able to reach out and be an advocate
when i really wasn't able to. Others agree that the time has come to
begin removing the old cache manager. I expect the remaining problems
in the version going to trunk will be taken care of relatively
quickly.
The motivation for this effort lies in the particularly hairy
relationship between ReactOS' cache manager and data sections. This
code completely removes page sharing between cache manager and section
and reimagines cache manager as being a facility layered on the memory
manager, not really caring about individual pages, but simply managing
data section objects where caching might occur.
It took me about 2 years to do the first pass of this rewrite and most
of this year to fix some lingering issues, properly implement demand
paging in ReactOS (code which didn't come with this patch in a
recognizable form), and finish getting the PrivateCacheMap and
SharedCacheMap relationship correct.
Currently, the new ntoskrnl/cache directory contains an own
implementation of data file sections. After things have settled down,
we can begin to deprecate and remove the parts of ReactOS' section
implementation that depend on a close relationship with cache
manager. Eventually, I think that the extra code added to
ntoskrnl/cache/section will be removed and ReactOS' own sections will
replace the use of the special MM_CACHE_SECTION_SEGMENT in the cache
path.
Note also, that this makes all cache manager (and new section parts)
use wide file offsets. If my section code were to take over other
parts of the ReactOS memory manager, they would also benefit from
these improvements.
I invite anyone who wants to to peek at this code and fix whatever
bugs can be found.
svn path=/trunk/; revision=49423
2010-11-02 02:32:39 +00:00
|
|
|
#ifdef NEWCC
|
|
|
|
|
#include "../cache/section/newmm.h"
|
|
|
|
|
#endif
|
1998-08-25 04:27:26 +00:00
|
|
|
#define NDEBUG
|
2008-08-30 16:31:06 +00:00
|
|
|
#include <debug.h>
|
1998-08-25 04:27:26 +00:00
|
|
|
|
2009-10-15 19:12:43 +00:00
|
|
|
#define MODULE_INVOLVED_IN_ARM3
|
|
|
|
|
#include "ARM3/miarm.h"
|
|
|
|
|
|
- Create mmsup.c in ReactOS memory manager directory. It hosts misc support functions:
- Copy kmap.c here, since it's the very definition of "misc support function"
- Copy some exported functions in mm.c which were listed as "misc functions"
- Warn that current implementation of MmIsNonPagedSystemAddressValid will kill kittens.
- Rename mm.c to mmfault.c, since other than the misc functions now in mmsup.c, it was all routines to handle page/access faults.
- Warn that MmIsAddressValid, as currently implemented, kills puppies.
- Move WriteWatch functions to virtual.c since they're part of the Virtual API system call set already hosted there.
- Move the global variables that people had been throwing in here to mminit.c, which is slightly more appropriate.
- Move wset.c's MmTrimUserMemory to balance.c, since that's where all other similar functions are located.
- Incidentally, kill wset.c, as this was the only function present.
- No functional changes, just refactoring and cleanup (other than warning the critter murder the two broken functions will achieve if called).
svn path=/trunk/; revision=41659
2009-06-28 07:52:30 +00:00
|
|
|
/* PRIVATE FUNCTIONS **********************************************************/
|
1998-08-25 04:27:26 +00:00
|
|
|
|
2005-09-14 01:05:50 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
MmpAccessFault(KPROCESSOR_MODE Mode,
|
|
|
|
|
ULONG_PTR Address,
|
|
|
|
|
BOOLEAN FromMdl)
|
2000-04-07 02:24:03 +00:00
|
|
|
{
|
2009-04-27 10:12:57 +00:00
|
|
|
PMMSUPPORT AddressSpace;
|
2001-02-10 22:51:11 +00:00
|
|
|
MEMORY_AREA* MemoryArea;
|
|
|
|
|
NTSTATUS Status;
|
2001-02-14 02:53:54 +00:00
|
|
|
BOOLEAN Locked = FromMdl;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
DPRINT("MmAccessFault(Mode %d, Address %x)\n", Mode, Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2008-08-24 15:48:05 +00:00
|
|
|
DPRINT1("Page fault at high IRQL was %d\n", KeGetCurrentIrql());
|
2004-04-10 22:36:07 +00:00
|
|
|
return(STATUS_UNSUCCESSFUL);
|
|
|
|
|
}
|
|
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
/*
|
|
|
|
|
* Find the memory area for the faulting address
|
|
|
|
|
*/
|
2005-07-06 08:20:26 +00:00
|
|
|
if (Address >= (ULONG_PTR)MmSystemRangeStart)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Check permissions
|
|
|
|
|
*/
|
|
|
|
|
if (Mode != KernelMode)
|
|
|
|
|
{
|
2006-08-28 23:56:35 +00:00
|
|
|
DPRINT1("MmAccessFault(Mode %d, Address %x)\n", Mode, Address);
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return(STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
AddressSpace = MmGetKernelAddressSpace();
|
|
|
|
|
}
|
2001-02-10 22:51:11 +00:00
|
|
|
else
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2009-04-27 10:12:57 +00:00
|
|
|
AddressSpace = &PsGetCurrentProcess()->Vm;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
|
MmLockAddressSpace(AddressSpace);
|
|
|
|
|
}
|
2003-06-16 19:20:28 +00:00
|
|
|
do
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-01-02 19:14:52 +00:00
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, (PVOID)Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
|
|
|
|
|
{
|
|
|
|
|
if (!FromMdl)
|
|
|
|
|
{
|
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
|
}
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return (STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (MemoryArea->Type)
|
|
|
|
|
{
|
|
|
|
|
case MEMORY_AREA_SECTION_VIEW:
|
|
|
|
|
Status = MmAccessFaultSectionView(AddressSpace,
|
|
|
|
|
MemoryArea,
|
|
|
|
|
(PVOID)Address,
|
|
|
|
|
Locked);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case MEMORY_AREA_VIRTUAL_MEMORY:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
|
|
[CACHE]
The cache manager rewrite I started years ago has finally appeared in
ReactOS' trunk and although at this point it's not quite perfectly
integrated, it's enough to boot up the bootcd or livecd. To check out
the more mature original, check out arty-newcc-reactos, branch
arty-newcc on bitbucket.org . Amine Khaldi encouraged me quite a bit
to not give up on it, and was able to reach out and be an advocate
when i really wasn't able to. Others agree that the time has come to
begin removing the old cache manager. I expect the remaining problems
in the version going to trunk will be taken care of relatively
quickly.
The motivation for this effort lies in the particularly hairy
relationship between ReactOS' cache manager and data sections. This
code completely removes page sharing between cache manager and section
and reimagines cache manager as being a facility layered on the memory
manager, not really caring about individual pages, but simply managing
data section objects where caching might occur.
It took me about 2 years to do the first pass of this rewrite and most
of this year to fix some lingering issues, properly implement demand
paging in ReactOS (code which didn't come with this patch in a
recognizable form), and finish getting the PrivateCacheMap and
SharedCacheMap relationship correct.
Currently, the new ntoskrnl/cache directory contains an own
implementation of data file sections. After things have settled down,
we can begin to deprecate and remove the parts of ReactOS' section
implementation that depend on a close relationship with cache
manager. Eventually, I think that the extra code added to
ntoskrnl/cache/section will be removed and ReactOS' own sections will
replace the use of the special MM_CACHE_SECTION_SEGMENT in the cache
path.
Note also, that this makes all cache manager (and new section parts)
use wide file offsets. If my section code were to take over other
parts of the ReactOS memory manager, they would also benefit from
these improvements.
I invite anyone who wants to to peek at this code and fix whatever
bugs can be found.
svn path=/trunk/; revision=49423
2010-11-02 02:32:39 +00:00
|
|
|
#ifdef NEWCC
|
|
|
|
|
case MEMORY_AREA_CACHE:
|
|
|
|
|
// This code locks for itself to keep from having to break a lock
|
|
|
|
|
// passed in.
|
|
|
|
|
if (!FromMdl)
|
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
|
Status = MmAccessFaultCacheSection(Mode, Address, Locked);
|
|
|
|
|
if (!FromMdl)
|
|
|
|
|
MmLockAddressSpace(AddressSpace);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
2004-04-10 22:36:07 +00:00
|
|
|
default:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-06-16 19:20:28 +00:00
|
|
|
while (Status == STATUS_MM_RESTART_OPERATION);
|
|
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
DPRINT("Completed page fault handling\n");
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
|
}
|
2001-02-10 22:51:11 +00:00
|
|
|
return(Status);
|
2000-04-07 02:24:03 +00:00
|
|
|
}
|
|
|
|
|
|
2005-09-14 01:05:50 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmNotPresentFault(KPROCESSOR_MODE Mode,
|
2005-01-12 10:05:31 +00:00
|
|
|
ULONG_PTR Address,
|
2004-04-10 22:36:07 +00:00
|
|
|
BOOLEAN FromMdl)
|
1999-04-14 00:52:19 +00:00
|
|
|
{
|
2009-04-27 10:12:57 +00:00
|
|
|
PMMSUPPORT AddressSpace;
|
1999-04-14 00:52:19 +00:00
|
|
|
MEMORY_AREA* MemoryArea;
|
1999-04-18 21:13:11 +00:00
|
|
|
NTSTATUS Status;
|
2001-02-14 02:53:54 +00:00
|
|
|
BOOLEAN Locked = FromMdl;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2000-05-24 22:29:38 +00:00
|
|
|
DPRINT("MmNotPresentFault(Mode %d, Address %x)\n", Mode, Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
|
1999-05-29 00:15:17 +00:00
|
|
|
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2008-08-24 15:48:05 +00:00
|
|
|
DPRINT1("Page fault at high IRQL was %d, address %x\n", KeGetCurrentIrql(), Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
return(STATUS_UNSUCCESSFUL);
|
|
|
|
|
}
|
|
|
|
|
|
1999-04-14 00:52:19 +00:00
|
|
|
/*
|
|
|
|
|
* Find the memory area for the faulting address
|
|
|
|
|
*/
|
2005-07-06 08:20:26 +00:00
|
|
|
if (Address >= (ULONG_PTR)MmSystemRangeStart)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Check permissions
|
|
|
|
|
*/
|
|
|
|
|
if (Mode != KernelMode)
|
|
|
|
|
{
|
2008-08-24 15:48:05 +00:00
|
|
|
DPRINT1("Address: %x\n", Address);
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return(STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
AddressSpace = MmGetKernelAddressSpace();
|
|
|
|
|
}
|
1999-04-14 00:52:19 +00:00
|
|
|
else
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2009-04-27 10:12:57 +00:00
|
|
|
AddressSpace = &PsGetCurrentProcess()->Vm;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MmLockAddressSpace(AddressSpace);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2001-04-04 22:21:32 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Call the memory area specific fault handler
|
|
|
|
|
*/
|
|
|
|
|
do
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, (PVOID)Address);
|
|
|
|
|
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
if (!FromMdl)
|
|
|
|
|
{
|
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
|
}
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return (STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2005-06-05 21:24:36 +00:00
|
|
|
|
|
|
|
|
switch (MemoryArea->Type)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_SECTION_VIEW:
|
|
|
|
|
Status = MmNotPresentFaultSectionView(AddressSpace,
|
|
|
|
|
MemoryArea,
|
|
|
|
|
(PVOID)Address,
|
|
|
|
|
Locked);
|
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_VIRTUAL_MEMORY:
|
|
|
|
|
Status = MmNotPresentFaultVirtualMemory(AddressSpace,
|
|
|
|
|
MemoryArea,
|
|
|
|
|
(PVOID)Address,
|
|
|
|
|
Locked);
|
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
[CACHE]
The cache manager rewrite I started years ago has finally appeared in
ReactOS' trunk and although at this point it's not quite perfectly
integrated, it's enough to boot up the bootcd or livecd. To check out
the more mature original, check out arty-newcc-reactos, branch
arty-newcc on bitbucket.org . Amine Khaldi encouraged me quite a bit
to not give up on it, and was able to reach out and be an advocate
when i really wasn't able to. Others agree that the time has come to
begin removing the old cache manager. I expect the remaining problems
in the version going to trunk will be taken care of relatively
quickly.
The motivation for this effort lies in the particularly hairy
relationship between ReactOS' cache manager and data sections. This
code completely removes page sharing between cache manager and section
and reimagines cache manager as being a facility layered on the memory
manager, not really caring about individual pages, but simply managing
data section objects where caching might occur.
It took me about 2 years to do the first pass of this rewrite and most
of this year to fix some lingering issues, properly implement demand
paging in ReactOS (code which didn't come with this patch in a
recognizable form), and finish getting the PrivateCacheMap and
SharedCacheMap relationship correct.
Currently, the new ntoskrnl/cache directory contains an own
implementation of data file sections. After things have settled down,
we can begin to deprecate and remove the parts of ReactOS' section
implementation that depend on a close relationship with cache
manager. Eventually, I think that the extra code added to
ntoskrnl/cache/section will be removed and ReactOS' own sections will
replace the use of the special MM_CACHE_SECTION_SEGMENT in the cache
path.
Note also, that this makes all cache manager (and new section parts)
use wide file offsets. If my section code were to take over other
parts of the ReactOS memory manager, they would also benefit from
these improvements.
I invite anyone who wants to to peek at this code and fix whatever
bugs can be found.
svn path=/trunk/; revision=49423
2010-11-02 02:32:39 +00:00
|
|
|
#ifdef NEWCC
|
|
|
|
|
case MEMORY_AREA_CACHE:
|
|
|
|
|
// This code locks for itself to keep from having to break a lock
|
|
|
|
|
// passed in.
|
|
|
|
|
if (!FromMdl)
|
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
|
Status = MmNotPresentFaultCacheSection(Mode, Address, Locked);
|
|
|
|
|
if (!FromMdl)
|
|
|
|
|
MmLockAddressSpace(AddressSpace);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
default:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2005-06-05 21:24:36 +00:00
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
2001-04-04 22:21:32 +00:00
|
|
|
while (Status == STATUS_MM_RESTART_OPERATION);
|
|
|
|
|
|
1999-04-14 00:52:19 +00:00
|
|
|
DPRINT("Completed page fault handling\n");
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2000-04-07 02:24:03 +00:00
|
|
|
return(Status);
|
1999-04-14 00:52:19 +00:00
|
|
|
}
|
|
|
|
|
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
extern BOOLEAN Mmi386MakeKernelPageTableGlobal(PVOID Address);
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmAccessFault(IN BOOLEAN StoreInstruction,
|
|
|
|
|
IN PVOID Address,
|
|
|
|
|
IN KPROCESSOR_MODE Mode,
|
|
|
|
|
IN PVOID TrapInformation)
|
|
|
|
|
{
|
2010-10-18 23:07:09 +00:00
|
|
|
PMEMORY_AREA MemoryArea = NULL;
|
2009-10-15 19:12:43 +00:00
|
|
|
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
/* Cute little hack for ROS */
|
|
|
|
|
if ((ULONG_PTR)Address >= (ULONG_PTR)MmSystemRangeStart)
|
|
|
|
|
{
|
2007-10-06 07:53:20 +00:00
|
|
|
#ifdef _M_IX86
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
/* Check for an invalid page directory in kernel mode */
|
|
|
|
|
if (Mmi386MakeKernelPageTableGlobal(Address))
|
|
|
|
|
{
|
|
|
|
|
/* All is well with the world */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
2007-10-06 07:53:20 +00:00
|
|
|
#endif
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
}
|
2009-10-15 19:12:43 +00:00
|
|
|
|
2010-10-18 23:07:09 +00:00
|
|
|
/* Is there a ReactOS address space yet? */
|
|
|
|
|
if (MmGetKernelAddressSpace())
|
2010-07-21 18:09:31 +00:00
|
|
|
{
|
2010-10-18 23:07:09 +00:00
|
|
|
/* Check if this is an ARM3 memory area */
|
|
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(MmGetKernelAddressSpace(), Address);
|
|
|
|
|
if (!(MemoryArea) && (Address <= MM_HIGHEST_USER_ADDRESS))
|
|
|
|
|
{
|
|
|
|
|
/* Could this be a VAD fault from user-mode? */
|
|
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(MmGetCurrentAddressSpace(), Address);
|
|
|
|
|
}
|
2010-07-21 18:09:31 +00:00
|
|
|
}
|
2010-10-18 23:07:09 +00:00
|
|
|
|
|
|
|
|
/* Is this an ARM3 memory area, or is there no address space yet? */
|
|
|
|
|
if (((MemoryArea) && (MemoryArea->Type == MEMORY_AREA_OWNED_BY_ARM3)) ||
|
|
|
|
|
(!(MemoryArea) && ((ULONG_PTR)Address >= (ULONG_PTR)MmPagedPoolStart)) ||
|
|
|
|
|
(!MmGetKernelAddressSpace()))
|
2009-10-15 19:12:43 +00:00
|
|
|
{
|
2010-10-18 23:07:09 +00:00
|
|
|
/* This is an ARM3 fault */
|
2010-06-06 00:49:26 +00:00
|
|
|
DPRINT("ARM3 fault %p\n", MemoryArea);
|
- Implement ARM3 page fault handling.
- Paged pool PTEs are demand zero PTEs while the memory hasn't been accessed -- this is the only type of fault supported.
- Because paged pool PDEs are also demand-paged, added code to handle demand paging of PDEs as well.
- Also, because paged pool is non-resident, but can be accessed from any process, we need a mechanism to sync up the kernel's page directory with the per-process one, on demand. This is done at startup, but other processes may have paged in paged pool that another process knows nothing about when he faults.
- Similar to the hack ReactOS Mm uses, but done properly.
- This is what that shadow system page directory is finally being used for.
- Assert if we get a user-mode fault, a transition fault, or a soft fault, since these shouldn't happen.
- Disable APCs while dispatching faults, and pseudo-use the working set lock.
- Assert if we get write errors on read-only pages, since we don't use those in ARM3 yet.
- Assert if we have a paged out PTE, this shouldn't happen yet.
- Enable test to see if we can touch a paged pool allocation.
svn path=/trunk/; revision=43507
2009-10-15 22:08:26 +00:00
|
|
|
return MmArmAccessFault(StoreInstruction, Address, Mode, TrapInformation);
|
2010-07-21 18:09:31 +00:00
|
|
|
}
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
|
|
|
|
|
/* Keep same old ReactOS Behaviour */
|
|
|
|
|
if (StoreInstruction)
|
|
|
|
|
{
|
|
|
|
|
/* Call access fault */
|
|
|
|
|
return MmpAccessFault(Mode, (ULONG_PTR)Address, TrapInformation ? FALSE : TRUE);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Call not present */
|
|
|
|
|
return MmNotPresentFault(Mode, (ULONG_PTR)Address, TrapInformation ? FALSE : TRUE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|