2008-03-09 14:11:42 +00:00
|
|
|
/*
|
2005-01-26 13:58:37 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top directory
|
2005-05-09 01:38:29 +00:00
|
|
|
* PROJECT: ReactOS kernel
|
2005-01-26 13:58:37 +00:00
|
|
|
* FILE: ntoskrnl/mm/mm.c
|
|
|
|
* PURPOSE: Kernel memory managment functions
|
|
|
|
* PROGRAMMERS: David Welch (welch@cwcom.net)
|
1998-08-25 04:27:26 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* INCLUDES *****************************************************************/
|
|
|
|
|
2004-08-15 16:39:12 +00:00
|
|
|
#include <ntoskrnl.h>
|
1998-08-25 04:27:26 +00:00
|
|
|
#define NDEBUG
|
|
|
|
#include <internal/debug.h>
|
|
|
|
|
|
|
|
/* GLOBALS *****************************************************************/
|
|
|
|
|
2005-11-22 02:30:18 +00:00
|
|
|
ULONG MmUserProbeAddress = 0;
|
|
|
|
PVOID MmHighestUserAddress = NULL;
|
|
|
|
PBOOLEAN Mm64BitPhysicalAddress = FALSE;
|
|
|
|
PVOID MmSystemRangeStart = NULL;
|
2006-07-09 18:54:13 +00:00
|
|
|
ULONG MmReadClusterSize;
|
2003-05-17 19:16:39 +00:00
|
|
|
|
|
|
|
MM_STATS MmStats;
|
2000-04-02 13:32:43 +00:00
|
|
|
|
1998-08-25 04:27:26 +00:00
|
|
|
/* FUNCTIONS ****************************************************************/
|
|
|
|
|
2008-08-14 12:42:57 +00:00
|
|
|
VOID
|
|
|
|
FASTCALL
|
2008-08-15 12:17:08 +00:00
|
|
|
MiSyncThreadProcessViews(IN PKTHREAD NextThread,
|
|
|
|
IN PEPROCESS Process)
|
2008-08-14 12:42:57 +00:00
|
|
|
{
|
2008-08-14 16:43:52 +00:00
|
|
|
PETHREAD Thread = CONTAINING_RECORD(NextThread, ETHREAD, Tcb);
|
|
|
|
|
2008-08-15 12:17:08 +00:00
|
|
|
/* Hack Sync because Mm is broken */
|
2008-08-14 16:43:52 +00:00
|
|
|
MmUpdatePageDir(Process, Thread, sizeof(ETHREAD));
|
|
|
|
MmUpdatePageDir(Process, Thread->ThreadsProcess, sizeof(EPROCESS));
|
|
|
|
MmUpdatePageDir(Process,
|
|
|
|
(PVOID)Thread->Tcb.StackLimit,
|
2008-08-14 12:42:57 +00:00
|
|
|
NextThread->LargeStack ?
|
|
|
|
KERNEL_LARGE_STACK_SIZE : KERNEL_STACK_SIZE);
|
|
|
|
}
|
|
|
|
|
2003-07-10 21:05:04 +00:00
|
|
|
/*
|
2004-04-08 20:27:10 +00:00
|
|
|
* @implemented
|
2003-07-10 21:05:04 +00:00
|
|
|
*/
|
2008-05-29 16:09:47 +00:00
|
|
|
BOOLEAN NTAPI MmIsNonPagedSystemAddressValid(PVOID VirtualAddress)
|
2000-07-04 08:52:47 +00:00
|
|
|
{
|
2004-04-08 20:27:10 +00:00
|
|
|
return MmIsAddressValid(VirtualAddress);
|
2000-07-04 08:52:47 +00:00
|
|
|
}
|
|
|
|
|
2003-07-10 21:05:04 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
2008-05-29 16:09:47 +00:00
|
|
|
BOOLEAN NTAPI MmIsAddressValid(PVOID VirtualAddress)
|
2000-07-04 08:52:47 +00:00
|
|
|
/*
|
|
|
|
* FUNCTION: Checks whether the given address is valid for a read or write
|
|
|
|
* ARGUMENTS:
|
|
|
|
* VirtualAddress = address to check
|
|
|
|
* RETURNS: True if the access would be valid
|
|
|
|
* False if the access would cause a page fault
|
|
|
|
* NOTES: This function checks whether a byte access to the page would
|
|
|
|
* succeed. Is this realistic for RISC processors which don't
|
|
|
|
* allow byte granular access?
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
MEMORY_AREA* MemoryArea;
|
2008-07-28 01:49:23 +00:00
|
|
|
PMM_AVL_TABLE AddressSpace;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-07-06 08:20:26 +00:00
|
|
|
if (VirtualAddress >= MmSystemRangeStart)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
AddressSpace = MmGetKernelAddressSpace();
|
|
|
|
}
|
2004-04-08 20:05:08 +00:00
|
|
|
else
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2008-07-28 01:49:23 +00:00
|
|
|
AddressSpace = &PsGetCurrentProcess()->VadRoot;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
2000-07-04 08:52:47 +00:00
|
|
|
MmLockAddressSpace(AddressSpace);
|
2005-01-02 19:14:52 +00:00
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace,
|
|
|
|
VirtualAddress);
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2003-07-26 12:45:37 +00:00
|
|
|
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
return(FALSE);
|
|
|
|
}
|
2000-07-04 08:52:47 +00:00
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
return(TRUE);
|
1999-04-14 00:52:19 +00:00
|
|
|
}
|
|
|
|
|
2005-09-14 01:05:50 +00:00
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
MmpAccessFault(KPROCESSOR_MODE Mode,
|
|
|
|
ULONG_PTR Address,
|
|
|
|
BOOLEAN FromMdl)
|
2000-04-07 02:24:03 +00:00
|
|
|
{
|
2008-07-28 01:49:23 +00:00
|
|
|
PMM_AVL_TABLE AddressSpace;
|
2001-02-10 22:51:11 +00:00
|
|
|
MEMORY_AREA* MemoryArea;
|
|
|
|
NTSTATUS Status;
|
2001-02-14 02:53:54 +00:00
|
|
|
BOOLEAN Locked = FromMdl;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
DPRINT("MmAccessFault(Mode %d, Address %x)\n", Mode, Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-05-28 07:32:23 +00:00
|
|
|
CPRINT("Page fault at high IRQL was %d\n", KeGetCurrentIrql());
|
2004-04-10 22:36:07 +00:00
|
|
|
return(STATUS_UNSUCCESSFUL);
|
|
|
|
}
|
2001-02-10 22:51:11 +00:00
|
|
|
if (PsGetCurrentProcess() == NULL)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2006-06-11 08:25:10 +00:00
|
|
|
DPRINT("No current process\n");
|
2004-04-10 22:36:07 +00:00
|
|
|
return(STATUS_UNSUCCESSFUL);
|
|
|
|
}
|
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
/*
|
|
|
|
* Find the memory area for the faulting address
|
|
|
|
*/
|
2005-07-06 08:20:26 +00:00
|
|
|
if (Address >= (ULONG_PTR)MmSystemRangeStart)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Check permissions
|
|
|
|
*/
|
|
|
|
if (Mode != KernelMode)
|
|
|
|
{
|
2006-08-28 23:56:35 +00:00
|
|
|
DPRINT1("MmAccessFault(Mode %d, Address %x)\n", Mode, Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
DbgPrint("%s:%d\n",__FILE__,__LINE__);
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return(STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
AddressSpace = MmGetKernelAddressSpace();
|
|
|
|
}
|
2001-02-10 22:51:11 +00:00
|
|
|
else
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2008-07-28 01:49:23 +00:00
|
|
|
AddressSpace = &PsGetCurrentProcess()->VadRoot;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
MmLockAddressSpace(AddressSpace);
|
|
|
|
}
|
2003-06-16 19:20:28 +00:00
|
|
|
do
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-01-02 19:14:52 +00:00
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, (PVOID)Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
|
|
|
|
{
|
|
|
|
if (!FromMdl)
|
|
|
|
{
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
}
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return (STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
switch (MemoryArea->Type)
|
|
|
|
{
|
|
|
|
case MEMORY_AREA_SYSTEM:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MEMORY_AREA_PAGED_POOL:
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case MEMORY_AREA_SECTION_VIEW:
|
|
|
|
Status = MmAccessFaultSectionView(AddressSpace,
|
|
|
|
MemoryArea,
|
|
|
|
(PVOID)Address,
|
|
|
|
Locked);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case MEMORY_AREA_VIRTUAL_MEMORY:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MEMORY_AREA_SHARED_DATA:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2004-04-10 22:36:07 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2003-06-16 19:20:28 +00:00
|
|
|
while (Status == STATUS_MM_RESTART_OPERATION);
|
|
|
|
|
2001-02-10 22:51:11 +00:00
|
|
|
DPRINT("Completed page fault handling\n");
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
}
|
2001-02-10 22:51:11 +00:00
|
|
|
return(Status);
|
2000-04-07 02:24:03 +00:00
|
|
|
}
|
|
|
|
|
2005-09-14 01:05:50 +00:00
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
MmNotPresentFault(KPROCESSOR_MODE Mode,
|
2005-01-12 10:05:31 +00:00
|
|
|
ULONG_PTR Address,
|
2004-04-10 22:36:07 +00:00
|
|
|
BOOLEAN FromMdl)
|
1999-04-14 00:52:19 +00:00
|
|
|
{
|
2008-07-28 01:49:23 +00:00
|
|
|
PMM_AVL_TABLE AddressSpace;
|
1999-04-14 00:52:19 +00:00
|
|
|
MEMORY_AREA* MemoryArea;
|
1999-04-18 21:13:11 +00:00
|
|
|
NTSTATUS Status;
|
2001-02-14 02:53:54 +00:00
|
|
|
BOOLEAN Locked = FromMdl;
|
2004-08-01 07:24:59 +00:00
|
|
|
PFN_TYPE Pfn;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2000-05-24 22:29:38 +00:00
|
|
|
DPRINT("MmNotPresentFault(Mode %d, Address %x)\n", Mode, Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
|
1999-05-29 00:15:17 +00:00
|
|
|
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-05-28 07:32:23 +00:00
|
|
|
CPRINT("Page fault at high IRQL was %d, address %x\n", KeGetCurrentIrql(), Address);
|
2004-04-10 22:36:07 +00:00
|
|
|
return(STATUS_UNSUCCESSFUL);
|
|
|
|
}
|
|
|
|
|
1999-04-14 00:52:19 +00:00
|
|
|
/*
|
|
|
|
* Find the memory area for the faulting address
|
|
|
|
*/
|
2005-07-06 08:20:26 +00:00
|
|
|
if (Address >= (ULONG_PTR)MmSystemRangeStart)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Check permissions
|
|
|
|
*/
|
|
|
|
if (Mode != KernelMode)
|
|
|
|
{
|
2005-05-28 07:32:23 +00:00
|
|
|
CPRINT("Address: %x\n", Address);
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return(STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
AddressSpace = MmGetKernelAddressSpace();
|
|
|
|
}
|
1999-04-14 00:52:19 +00:00
|
|
|
else
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2008-07-28 01:49:23 +00:00
|
|
|
AddressSpace = &PsGetCurrentProcess()->VadRoot;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MmLockAddressSpace(AddressSpace);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2001-04-04 22:21:32 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Call the memory area specific fault handler
|
|
|
|
*/
|
|
|
|
do
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, (PVOID)Address);
|
|
|
|
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
if (!FromMdl)
|
|
|
|
{
|
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
|
|
|
}
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
return (STATUS_ACCESS_VIOLATION);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2005-06-05 21:24:36 +00:00
|
|
|
|
|
|
|
switch (MemoryArea->Type)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_PAGED_POOL:
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
Status = MmCommitPagedPoolAddress((PVOID)Address, Locked);
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_SYSTEM:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2005-06-05 21:24:36 +00:00
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_SECTION_VIEW:
|
|
|
|
Status = MmNotPresentFaultSectionView(AddressSpace,
|
|
|
|
MemoryArea,
|
|
|
|
(PVOID)Address,
|
|
|
|
Locked);
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_VIRTUAL_MEMORY:
|
|
|
|
case MEMORY_AREA_PEB_OR_TEB:
|
|
|
|
Status = MmNotPresentFaultVirtualMemory(AddressSpace,
|
|
|
|
MemoryArea,
|
|
|
|
(PVOID)Address,
|
|
|
|
Locked);
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
case MEMORY_AREA_SHARED_DATA:
|
2007-08-05 11:27:39 +00:00
|
|
|
Pfn = MmSharedDataPagePhysicalAddress.LowPart >> PAGE_SHIFT;
|
2005-06-05 21:24:36 +00:00
|
|
|
Status =
|
2006-05-18 20:32:17 +00:00
|
|
|
MmCreateVirtualMapping(PsGetCurrentProcess(),
|
2005-06-05 21:24:36 +00:00
|
|
|
(PVOID)PAGE_ROUND_DOWN(Address),
|
|
|
|
PAGE_READONLY,
|
|
|
|
&Pfn,
|
|
|
|
1);
|
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
|
2005-06-05 21:24:36 +00:00
|
|
|
default:
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
Status = STATUS_ACCESS_VIOLATION;
|
2005-06-05 21:24:36 +00:00
|
|
|
break;
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
|
|
|
}
|
2001-04-04 22:21:32 +00:00
|
|
|
while (Status == STATUS_MM_RESTART_OPERATION);
|
|
|
|
|
1999-04-14 00:52:19 +00:00
|
|
|
DPRINT("Completed page fault handling\n");
|
2001-02-14 02:53:54 +00:00
|
|
|
if (!FromMdl)
|
2004-04-10 22:36:07 +00:00
|
|
|
{
|
2005-06-05 21:24:36 +00:00
|
|
|
MmUnlockAddressSpace(AddressSpace);
|
2004-04-10 22:36:07 +00:00
|
|
|
}
|
2000-04-07 02:24:03 +00:00
|
|
|
return(Status);
|
1999-04-14 00:52:19 +00:00
|
|
|
}
|
|
|
|
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
extern BOOLEAN Mmi386MakeKernelPageTableGlobal(PVOID Address);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
MmAccessFault(IN BOOLEAN StoreInstruction,
|
|
|
|
IN PVOID Address,
|
|
|
|
IN KPROCESSOR_MODE Mode,
|
|
|
|
IN PVOID TrapInformation)
|
|
|
|
{
|
|
|
|
/* Cute little hack for ROS */
|
|
|
|
if ((ULONG_PTR)Address >= (ULONG_PTR)MmSystemRangeStart)
|
|
|
|
{
|
2007-10-06 07:53:20 +00:00
|
|
|
#ifdef _M_IX86
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
/* Check for an invalid page directory in kernel mode */
|
|
|
|
if (Mmi386MakeKernelPageTableGlobal(Address))
|
|
|
|
{
|
|
|
|
/* All is well with the world */
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
}
|
2007-10-06 07:53:20 +00:00
|
|
|
#endif
|
- Fix critical bugs in exception handling: Unwinding was completely broken, using the wrong SEH protector to detect collided unwinding. The correct protector itself also had a broken check.
- Fix architectural bug in the entire TrapFrame<->Context conversion system and Ring Privilege Transitions (Inter-ring and intra-ring) which was lacking proper sanitation and validation of segments, flags and debug registers. Among other things, IOPL is now respected, CS is not KGDT_R0_CODE | RPL_MASK anymore, and the GPF code is now properly being called. This completely fixes exception handling being totally broken and crashing firefox installer, mirc, and other applications.
- Rewrite the page fault handler base code in assembly instead of relying on a broken C routine. Detect VDM, V8086, detecting expected/normal fault in ExpInterlockedPopEntrySList and faults in the system handler code. Rewrite MmAccessFault to be the main function that calls out to other sub-fault functions, and use the same prototype as NT.
- Fix the KGDT boot table to have proper granularity and big flags, and extend it to 256 entries.
- Create proper thread context in RtlInitializeContext and cleanup Rtl Thread routines.
- Remove all int3 and breakpoints from trap handlers, and replace them with a much better "UNHANDLED_PATH" macro which freezes the system, beeps, and displays a message with the line of code that's unhandled. This is to clearly tell the user that something is unhandled, instead of nesting infinite exceptions due to the int3.
- Fix a bug in INT_PROLOG.
- Sanitize EFLAGS and Code Segments in KeContextToTrapFrame and KeTrapFrameToContext.
- Implement KiUpdateDr7 and KiRecordDr7 as well as DR_MASK and other DR-validation macros and functions to protect against DR-vulnerabilites as well as to properly account for each active hardware breakpoint in a per-thread fashion by using the dispatcher header.
- Allow CR0_EM when running in a VDM.
- Fix FPU/NPX Register handling in KeContextToTrapFrame and KeTrapFrameToContext, and also speed it up by manual copying instead of a memory move.
- Properly give IOPL 3 to user-mode threads if they requested it.
- Detect GPF during GPF.
- Detect pagefault with a trap-frame spread over two or more pages and nested.
- Properly sanitize and set correct trap frame in KiInitailizeUserApc.
- Return STATUS_ACCESS_VIOLATION during page faults instead of STATUS_UNSUCESSFUL.
- Fix assert in VdmSwapContext, as well as Code Selector check which was broken.
- Fix delayed object deletion (ObDeferDeleteObject) and the Ob Repear Routine and list.
- Update Kernel Fun.
- BUGBUG: Temporaily hack VMWare to detection to always detect VMWare.
svn path=/trunk/; revision=25238
2006-12-29 18:49:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Keep same old ReactOS Behaviour */
|
|
|
|
if (StoreInstruction)
|
|
|
|
{
|
|
|
|
/* Call access fault */
|
|
|
|
return MmpAccessFault(Mode, (ULONG_PTR)Address, TrapInformation ? FALSE : TRUE);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Call not present */
|
|
|
|
return MmNotPresentFault(Mode, (ULONG_PTR)Address, TrapInformation ? FALSE : TRUE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
MmCommitPagedPoolAddress(PVOID Address, BOOLEAN Locked)
|
|
|
|
{
|
|
|
|
NTSTATUS Status;
|
|
|
|
PFN_TYPE AllocatedPage;
|
|
|
|
Status = MmRequestPageMemoryConsumer(MC_PPOOL, FALSE, &AllocatedPage);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
{
|
|
|
|
MmUnlockAddressSpace(MmGetKernelAddressSpace());
|
|
|
|
Status = MmRequestPageMemoryConsumer(MC_PPOOL, TRUE, &AllocatedPage);
|
|
|
|
MmLockAddressSpace(MmGetKernelAddressSpace());
|
|
|
|
}
|
|
|
|
Status =
|
|
|
|
MmCreateVirtualMapping(NULL,
|
|
|
|
(PVOID)PAGE_ROUND_DOWN(Address),
|
|
|
|
PAGE_READWRITE,
|
|
|
|
&AllocatedPage,
|
|
|
|
1);
|
|
|
|
if (Locked)
|
|
|
|
{
|
|
|
|
MmLockPage(AllocatedPage);
|
|
|
|
}
|
|
|
|
return(Status);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2000-04-02 13:32:43 +00:00
|
|
|
/* Miscellanea functions: they may fit somewhere else */
|
|
|
|
|
2008-08-17 12:17:08 +00:00
|
|
|
/*
|
|
|
|
* @implemented
|
|
|
|
*/
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
MmIsRecursiveIoFault (VOID)
|
|
|
|
{
|
|
|
|
PETHREAD Thread = PsGetCurrentThread();
|
|
|
|
|
|
|
|
return (Thread->DisablePageFaultClustering | Thread->ForwardClusterOnly);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
MmMapUserAddressesToPage(IN PVOID BaseAddress,
|
|
|
|
IN SIZE_T NumberOfBytes,
|
|
|
|
IN PVOID PageAddress)
|
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
2003-07-10 21:05:04 +00:00
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
2008-05-29 16:09:47 +00:00
|
|
|
ULONG NTAPI
|
2006-09-07 05:07:34 +00:00
|
|
|
MmAdjustWorkingSetSize (ULONG Unknown0,
|
|
|
|
ULONG Unknown1,
|
2008-08-09 17:55:35 +00:00
|
|
|
ULONG Unknown2,
|
|
|
|
ULONG Unknown3)
|
2000-04-02 13:32:43 +00:00
|
|
|
{
|
2004-04-10 22:36:07 +00:00
|
|
|
UNIMPLEMENTED;
|
|
|
|
return (0);
|
2000-04-02 13:32:43 +00:00
|
|
|
}
|
|
|
|
|
2003-07-10 21:05:04 +00:00
|
|
|
/*
|
|
|
|
* @unimplemented
|
|
|
|
*/
|
2000-04-02 13:32:43 +00:00
|
|
|
BOOLEAN
|
2008-05-29 16:09:47 +00:00
|
|
|
NTAPI
|
2000-04-02 13:32:43 +00:00
|
|
|
MmSetAddressRangeModified (
|
2005-01-02 05:36:43 +00:00
|
|
|
IN PVOID Address,
|
|
|
|
IN ULONG Length
|
2004-04-10 22:36:07 +00:00
|
|
|
)
|
2000-04-02 13:32:43 +00:00
|
|
|
{
|
2004-04-10 22:36:07 +00:00
|
|
|
UNIMPLEMENTED;
|
|
|
|
return (FALSE);
|
2000-04-02 13:32:43 +00:00
|
|
|
}
|
|
|
|
|
2006-10-23 18:35:13 +00:00
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NtGetWriteWatch(IN HANDLE ProcessHandle,
|
|
|
|
IN ULONG Flags,
|
|
|
|
IN PVOID BaseAddress,
|
|
|
|
IN ULONG RegionSize,
|
|
|
|
IN PVOID *UserAddressArray,
|
|
|
|
OUT PULONG EntriesInUserAddressArray,
|
|
|
|
OUT PULONG Granularity)
|
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NtResetWriteWatch(IN HANDLE ProcessHandle,
|
|
|
|
IN PVOID BaseAddress,
|
|
|
|
IN ULONG RegionSize)
|
|
|
|
{
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
}
|
|
|
|
|
2000-03-20 18:00:55 +00:00
|
|
|
/* EOF */
|