[NTOS:MM] Make SLIST handling for kernel stacks portable

Kernel stacks that re freed, can be placed on an SLIST for quick reuse. The old code was using a member of the PFN of the last stack page as the SLIST_ENTRY. This relies on the following (non-portable) assumptions: - A stack always has a PTE associated with it. - This PTE has a PFN associated with it. - The PFN has an empty field that can be re-used as an SLIST_ENTRY. - The PFN has another field that points back to the PTE, which then can be used to get the stack base. Specifically: On x64 the PFN field is not 16 bytes aligned, so it cannot be used as an SLIST_ENTRY. (In a "usermode kernel" the other assumptions are also invalid). The new code does what Windows does (and which seems absolutely obvious to do): Place the SLIST_ENTRY directly on the stack.
2025-04-04 20:50:41 +00:00 · 2018-02-04 13:30:47 +01:00 · 2018-02-04 13:30:47 +01:00 · dd73d1b6d4
commit dd73d1b6d4
parent 6c154c0625
1 changed files with 7 additions and 8 deletions
--- a/ntoskrnl/mm/ARM3/procsup.c
+++ b/ntoskrnl/mm/ARM3/procsup.c
@ -175,6 +175,7 @@ MmDeleteKernelStack(IN PVOID StackBase,
    PMMPFN Pfn1, Pfn2;
    ULONG i;
    KIRQL OldIrql;
+    PSLIST_ENTRY SListEntry;

    //
    // This should be the guard page, so decrement by one
@ -189,9 +190,8 @@ MmDeleteKernelStack(IN PVOID StackBase,
    {
        if (ExQueryDepthSList(&MmDeadStackSListHead) < MmMaximumDeadKernelStacks)
        {
-            Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
-            InterlockedPushEntrySList(&MmDeadStackSListHead,
-                                      (PSLIST_ENTRY)&Pfn1->u1.NextStackPfn);
+            SListEntry = ((PSLIST_ENTRY)StackBase) - 1;
+            InterlockedPushEntrySList(&MmDeadStackSListHead, SListEntry);
            return;
        }
    }
@ -265,7 +265,7 @@ MmCreateKernelStack(IN BOOLEAN GuiStack,
    KIRQL OldIrql;
    PFN_NUMBER PageFrameIndex;
    ULONG i;
-    PMMPFN Pfn1;
+    PSLIST_ENTRY SListEntry;

    //
    // Calculate pages needed
@ -286,11 +286,10 @@ MmCreateKernelStack(IN BOOLEAN GuiStack,
        //
        if (ExQueryDepthSList(&MmDeadStackSListHead))
        {
-            Pfn1 = (PMMPFN)InterlockedPopEntrySList(&MmDeadStackSListHead);
-            if (Pfn1)
+            SListEntry = InterlockedPopEntrySList(&MmDeadStackSListHead);
+            if (SListEntry != NULL)
            {
-                PointerPte = Pfn1->PteAddress;
-                BaseAddress = MiPteToAddress(++PointerPte);
+                BaseAddress = (SListEntry + 1);
                return BaseAddress;
            }
        }