Author: tfaber
Date: Mon Jan 28 18:27:21 2013
New Revision: 58246
URL: http://svn.reactos.org/svn/reactos?rev=58246&view=rev
Log:
[NTOSKRNL:MM]
- Add a DPRINT with more info to the 'Hash == TableMask' assertion
- Validate pool tags on free also for big allocations
- Validate pool tag earlier, before tracking the free operation
CORE-6929
Modified:
trunk/reactos/ntoskrnl/mm/ARM3/expool.c
Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/expool.c?…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] Mon Jan 28 18:27:21 2013
@@ -570,7 +570,12 @@
// We should have only ended up with an empty entry if we've reached
// the last bucket
//
- if (!TableEntry->Key) ASSERT(Hash == TableMask);
+ if (!TableEntry->Key)
+ {
+ DPRINT1("Empty item reached in tracker table. Tag=0x%08lx, NumberOfBytes=%lu, PoolType=%d\n",
+ Key, (ULONG)NumberOfBytes, PoolType);
+ ASSERT(Hash == TableMask);
+ }
//
// This path is hit when we don't have an entry, and the current bucket
@@ -2072,6 +2077,15 @@
}
//
+ // Check block tag
+ //
+ if (TagToFree && TagToFree != Tag)
+ {
+ DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag);
+ KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree);
+ }
+
+ //
// We have our tag and our page count, so we can go ahead and remove this
// tracker now
//
@@ -2144,20 +2158,20 @@
if (Tag & PROTECTED_POOL) Tag &= ~PROTECTED_POOL;
//
- // Stop tracking this allocation
+ // Check block tag
+ //
+ if (TagToFree && TagToFree != Tag)
+ {
+ DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag);
+ KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree);
+ }
+
+ //
+ // Track the removal of this allocation
//
ExpRemovePoolTracker(Tag,
BlockSize * POOL_BLOCK_SIZE,
Entry->PoolType - 1);
-
- //
- // Check block tag
- //
- if (TagToFree && TagToFree != Tag)
- {
- DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag);
- KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree);
- }
//
// Is this allocation small enough to have come from a lookaside list?
Author: pschweitzer
Date: Sun Jan 27 16:38:24 2013
New Revision: 58245
URL: http://svn.reactos.org/svn/reactos?rev=58245&view=rev
Log:
[NTOSKRNL]
Properly queue the IRP in IoCancelFileOpen()
Modified:
trunk/reactos/ntoskrnl/io/iomgr/file.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/file.c?r…
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] Sun Jan 27 16:38:24 2013
@@ -2497,6 +2497,7 @@
{
PIRP Irp;
KEVENT Event;
+ KIRQL OldIrql;
NTSTATUS Status;
PIO_STACK_LOCATION Stack;
@@ -2527,7 +2528,8 @@
Stack->MajorFunction = IRP_MJ_CLEANUP;
Stack->FileObject = FileObject;
- // FIXME: Put on top of IRPs list of the thread
+ /* Put on top of IRPs list of the thread */
+ IopQueueIrpToThread(Irp);
/* Call the driver */
Status = IoCallDriver(DeviceObject, Irp);
@@ -2537,7 +2539,10 @@
KernelMode, FALSE, NULL);
}
- // FIXME: Remove from IRPs list
+ /* Remove from IRPs list */
+ KeRaiseIrql(APC_LEVEL, &OldIrql);
+ IopUnQueueIrpFromThread(Irp);
+ KeLowerIrql(OldIrql);
/* Free the IRP */
IoFreeIrp(Irp);
Author: hbelusca
Date: Sun Jan 27 13:55:04 2013
New Revision: 58241
URL: http://svn.reactos.org/svn/reactos?rev=58241&view=rev
Log:
[SMSS]
Revert my change of loading the win32k kernel-mode subsystem driver by reading the Kmode value and use instead a hardcoded value, per request of Alex.
I'm wondering why Windows wouldn't allow you to use a personalized value there and forces you to use win32k with this name, placed in \SystemRoot\System32 directory and not in an other place.
Modified:
trunk/reactos/base/system/smss/smsubsys.c
Modified: trunk/reactos/base/system/smss/smsubsys.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/smsubsys.…
==============================================================================
--- trunk/reactos/base/system/smss/smsubsys.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/smss/smsubsys.c [iso-8859-1] Sun Jan 27 13:55:04 2013
@@ -515,7 +515,7 @@
{
NTSTATUS Status = STATUS_SUCCESS, Status2;
PSMP_REGISTRY_VALUE RegEntry;
- UNICODE_STRING NtPath;
+ UNICODE_STRING DestinationString, NtPath;
PLIST_ENTRY NextEntry;
LARGE_INTEGER Timeout;
PVOID State;
@@ -570,10 +570,15 @@
}
AttachedSessionId = *MuSessionId;
- /* Start Win32k.sys on this session */
+ /*
+ * Start Win32k.sys on this session. Use a hardcoded value
+ * instead of the Kmode one...
+ */
+ RtlInitUnicodeString(&DestinationString,
+ L"\\SystemRoot\\System32\\win32k.sys");
Status = NtSetSystemInformation(SystemExtendServiceTableInformation,
- &NtPath,
- sizeof(NtPath));
+ &DestinationString,
+ sizeof(DestinationString));
RtlFreeHeap(RtlGetProcessHeap(), 0, NtPath.Buffer);
SmpReleasePrivilege(State);
if (!NT_SUCCESS(Status))
Author: pschweitzer
Date: Sun Jan 27 09:50:20 2013
New Revision: 58239
URL: http://svn.reactos.org/svn/reactos?rev=58239&view=rev
Log:
[NTOSKRNL]
In ObpCheckTraverseAccess() first try to perform a fast traverse check
before doing the entire access check.
Modified:
trunk/reactos/ntoskrnl/ob/obsecure.c
Modified: trunk/reactos/ntoskrnl/ob/obsecure.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obsecure.c?rev…
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obsecure.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ob/obsecure.c [iso-8859-1] Sun Jan 27 09:50:20 2013
@@ -301,6 +301,20 @@
return FALSE;
}
+ /* First try to perform a fast traverse check
+ * If it fails, then the entire access check will
+ * have to be done.
+ */
+ Result = SeFastTraverseCheck(SecurityDescriptor,
+ AccessState,
+ FILE_WRITE_DATA,
+ AccessMode);
+ if (Result)
+ {
+ ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
+ return TRUE;
+ }
+
/* Lock the security context */
SeLockSubjectContext(&AccessState->SubjectSecurityContext);