- Get rid of MmZeroPte and instead implement MI_ERASE_PTE. Use this and only this to make a PTE zero. The other functions will not allow to do this.
- Add MI_UPDATE_VALID_PTE to update a valid PTE with another valid PTE
- Add 2 additional protection mask constants: MM_PROTECT_ACCESS for the lower 3 bits and MM_PROTECT_SPECIAL for the higher 2 bits. Make use of the latter when dealing with guard pages and caching.
- Deduplicate some code in MmArmAccessFault
- Move code in MiDeleteSystemPageableVm to where it belongs (it was in the wrong else case!)
- Wse MiQueryPageTableReferences instead of manipulating MmWorkingSetList->UsedPageTableEntries
svn path=/trunk/; revision=61110
- Implement SepAdjustPrivileges, which does both the counting of (changed) privileges as well as applying them, when requested. Use it in NtAdjustPrivilegesToken twice instead of duplicating the code there.
- Fix return value of NtAdjustPrivilegesToken by making sure to properly count the found privileges and check against the provided ones
- Lock the Token, while messing with the privileges
- Add support for SE_PRIVILEGE_REMOVED
- Proplery (re)calculate Token flags after changing privileges
- Improve failure pathes by using a common cleanup label
- Don't free the allocations atatched to the token in SepCreateToken on failure, since ObDereferenceObject will already do that.
- Make priviliges constants instead of initializing them.
svn path=/trunk/; revision=61109
- Remove the BoundaryAddressMultiple parameter from MmCreateMemoryArea (wasn't used) and give it instead a Granularity parameter
- Use the Granularity parameter in MmMapViewOfSegment to make sure that full sections are allocated on a MM_ALLOCATION_GRANULARITY aligned address.
- Check for overflow and unaligned image base in MmMapViewOfSection when mapping image sections
- Return proper status code on failure
svn path=/trunk/; revision=61108
BuildUserInfoBuffer: Set the UF_PASSWD_CANT_CHANGE account control flag if the user does not have the USER_CHANGE_PASSWORD access right for his own account data.
svn path=/trunk/; revision=61103
- Create the Security directory and the LSA_AUTHENTICATION_INITIALIZED event in SepInitializationPhase1().
- Get rid of SeInitSRM().
svn path=/trunk/; revision=61102
- Fix wrong check for realtime priority class in CreateProcessInternalW
- Fix double free in GetEnvironmentVariable[AW]
- Fix broken sizeof usage ('X' is of type int!)
- Remove redundant casts and comparisons
svn path=/trunk/; revision=61101
Windows / ReactOS uses a software protection field called protection mask, which is stored inside invalid (Software) PTEs to provide information about the desired protection, when a page is made valid by the page fault handler. The mask consists of the values 0-7 specifying the read/write/execute rights, 0 being inaccessible aka MM_ZERO_ACCESS, plus 2 flag-like bits, for uncached and writecombine memory respectively. Both flags together don't make sense, so this combination is used to mark guard pages. Since all these flags only make sense when used together with a proper access (i.e. not MM_ZERO_ACCESS), the combination of these flags together with MM_ZERO_ACCESS was given special meaning: MM_DECOMMIT, which equals MM_GUARDPAGE | MM_ZERO_ACCESS is for decommitted pages, that are not yet erased to zero, MM_NOACCESS, which is the mask for pages that are mapped with PAGE_NOACCESS (this is to make sure that a software PTE of a committed page is never completely 0, which it could be, when MM_ZERO_ACCESS was used), and finally MM_OUTSWAPPED_KSTACK for outswapped kernel stacks. See also https://www.reactos.org/wiki/Techwiki:Memory_Protection_constants.
The next thing to know is that the number of PTEs that are not null is counted for each PDE. So once a page gets committed, a software PTE is written and the reference count is incremented. When the page is made valid by the fault handler, the count is not changed, when the page is decommitted, the MM_DECOMMIT software PTE is written and again the PTE stays non-null and nothing is changed. Only when the range is cleaned up totally, the PTEs get erased and the reference count is decremented. Now it happened that our page fault handler missed to validate the access rights of protection constants. The problem that came up with this is a major one: since a decommitted page is a software PTE with MM_DECOMMIT as the protection mask (which we remember has the MM_GUARDPAGE bit set), the fault handler considered faults on decommitted PTEs as faults on guard pages and simply removed the guard page flag, leaving a completely empty PTE behind! So the decommitted page got erased without decrementing the reference count. This lead to CORE-7445.
- Add protection flags (MM_GUARDPAGE, MM_WRITECOMBINE, MM_OUTSWAPPED_KSTACK)
- Instead of writing 0 to a PTE, use MI_WRITE_INVALID_PTE with MmZeroPte
- Implement MiIsAccessAllowed that checks for read/write/execute access and use it in MiAccessCheck
- Add some more ASSERTs
CORE-7445 #resolve
svn path=/trunk/; revision=61095
