Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 07:16:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actually exists. Fixes crashes caused by 48905.

Browse source 
svn path=/trunk/; revision=48921
This commit is contained in:
Sir Richard 2010-09-28 16:44:18 +00:00
parent 5b9cd7fcae
commit 6ef328578c
1 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
reactos/ntoskrnl/mm/rmap.c
View file

@ -75,12 +75,6 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
}
Process = entry->Process;
if (!ExAcquireRundownProtection(&Process->RundownProtect))
{
ExReleaseFastMutex(&RmapListLock);
return STATUS_PROCESS_IS_TERMINATING;
}
Address = entry->Address;
if ((((ULONG_PTR)Address) & 0xFFF) != 0)
{
@ -89,6 +83,12 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (Address < MmSystemRangeStart)
{
if (!ExAcquireRundownProtection(&Process->RundownProtect))
{
ExReleaseFastMutex(&RmapListLock);
return STATUS_PROCESS_IS_TERMINATING;
}
Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL, KernelMode);
ExReleaseFastMutex(&RmapListLock);
if (!NT_SUCCESS(Status))
@ -109,9 +109,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
{
MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@ -131,9 +131,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (PageOp == NULL)
{
MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@ -157,9 +157,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (PageOp == NULL)
{
MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@ -181,10 +181,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
KeBugCheck(MEMORY_MANAGEMENT);
}
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(Status);