Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 21:36:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actually exists. Fixes crashes caused by 48905.

Browse source 
svn path=/trunk/; revision=48921
This commit is contained in:
Sir Richard 2010-09-28 16:44:18 +00:00
parent 5b9cd7fcae
commit 6ef328578c
1 changed files with 10 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
reactos/ntoskrnl/mm/rmap.c
View file

@ -75,12 +75,6 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
} }
Process = entry->Process; Process = entry->Process;
if (!ExAcquireRundownProtection(&Process->RundownProtect))
{
ExReleaseFastMutex(&RmapListLock);
return STATUS_PROCESS_IS_TERMINATING;
}
Address = entry->Address; Address = entry->Address;
if ((((ULONG_PTR)Address) & 0xFFF) != 0) if ((((ULONG_PTR)Address) & 0xFFF) != 0)
{ {
@ -89,6 +83,12 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (Address < MmSystemRangeStart) if (Address < MmSystemRangeStart)
{ {
if (!ExAcquireRundownProtection(&Process->RundownProtect))
{
ExReleaseFastMutex(&RmapListLock);
return STATUS_PROCESS_IS_TERMINATING;
}
Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL, KernelMode); Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL, KernelMode);
ExReleaseFastMutex(&RmapListLock); ExReleaseFastMutex(&RmapListLock);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
@ -109,9 +109,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (MemoryArea == NULL || MemoryArea->DeleteInProgress) if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
{ {
MmUnlockAddressSpace(AddressSpace); MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart) if (Address < MmSystemRangeStart)
{ {
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process); ObDereferenceObject(Process);
} }
return(STATUS_UNSUCCESSFUL); return(STATUS_UNSUCCESSFUL);
@ -131,9 +131,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (PageOp == NULL) if (PageOp == NULL)
{ {
MmUnlockAddressSpace(AddressSpace); MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart) if (Address < MmSystemRangeStart)
{ {
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process); ObDereferenceObject(Process);
} }
return(STATUS_UNSUCCESSFUL); return(STATUS_UNSUCCESSFUL);
@ -157,9 +157,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
if (PageOp == NULL) if (PageOp == NULL)
{ {
MmUnlockAddressSpace(AddressSpace); MmUnlockAddressSpace(AddressSpace);
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart) if (Address < MmSystemRangeStart)
{ {
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process); ObDereferenceObject(Process);
} }
return(STATUS_UNSUCCESSFUL); return(STATUS_UNSUCCESSFUL);
@ -181,10 +181,9 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page)
KeBugCheck(MEMORY_MANAGEMENT); KeBugCheck(MEMORY_MANAGEMENT);
} }
ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart) if (Address < MmSystemRangeStart)
{ {
ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process); ObDereferenceObject(Process);
} }
return(Status); return(Status);