[NTOS:MM] Fix address space locking in MiProtectVirtualMemory

2024-12-28 01:55:19 +00:00 · 2023-10-09 22:01:56 +03:00 · 2023-10-09 22:01:56 +03:00 · a8b57f0a6b
commit a8b57f0a6b
parent 6d701b4b05
1 changed files with 16 additions and 12 deletions
--- a/ntoskrnl/mm/ARM3/virtual.c
+++ b/ntoskrnl/mm/ARM3/virtual.c
@ -2213,6 +2213,9 @@ MiProtectVirtualMemory(IN PEPROCESS Process,
    PETHREAD Thread = PsGetCurrentThread();
    TABLE_SEARCH_RESULT Result;

+    /* We must be attached */
+    ASSERT(Process == PsGetCurrentProcess());
+
    /* Calculate base address for the VAD */
    StartingAddress = (ULONG_PTR)PAGE_ALIGN((*BaseAddress));
    EndingAddress = (((ULONG_PTR)*BaseAddress + *NumberOfBytesToProtect - 1) | (PAGE_SIZE - 1));
@ -2225,18 +2228,6 @@ MiProtectVirtualMemory(IN PEPROCESS Process,
        return STATUS_INVALID_PAGE_PROTECTION;
    }

-    /* Check for ROS specific memory area */
-    MemoryArea = MmLocateMemoryAreaByAddress(&Process->Vm, *BaseAddress);
-    if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3))
-    {
-        /* Evil hack */
-        return MiRosProtectVirtualMemory(Process,
-                                         BaseAddress,
-                                         NumberOfBytesToProtect,
-                                         NewAccessProtection,
-                                         OldAccessProtection);
-    }
-
    /* Lock the address space and make sure the process isn't already dead */
    AddressSpace = MmGetCurrentAddressSpace();
    MmLockAddressSpace(AddressSpace);
@ -2247,6 +2238,19 @@ MiProtectVirtualMemory(IN PEPROCESS Process,
        goto FailPath;
    }

+    /* Check for ROS specific memory area */
+    MemoryArea = MmLocateMemoryAreaByAddress(&Process->Vm, *BaseAddress);
+    if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3))
+    {
+        /* Evil hack */
+        MmUnlockAddressSpace(AddressSpace);
+        return MiRosProtectVirtualMemory(Process,
+                                         BaseAddress,
+                                         NumberOfBytesToProtect,
+                                         NewAccessProtection,
+                                         OldAccessProtection);
+    }
+
    /* Get the VAD for this address range, and make sure it exists */
    Result = MiCheckForConflictingNode(StartingAddress >> PAGE_SHIFT,
                                       EndingAddress >> PAGE_SHIFT,