Ros-diffs February 2021

ros-diffs@reactos.org

30 participants
434 discussions

[reactos] 67/100: [NTOS:MM] Fix a race
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8ed15a49a7540a91afc07… commit 8ed15a49a7540a91afc07d8eafe26a952b6d0ae6 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Wed Dec 30 09:43:55 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:MM] Fix a race --- ntoskrnl/mm/freelist.c | 7 ++++++- ntoskrnl/mm/rmap.c | 27 ++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/mm/freelist.c b/ntoskrnl/mm/freelist.c index 93d9bbd9f59..ba16362f546 100644 --- a/ntoskrnl/mm/freelist.c +++ b/ntoskrnl/mm/freelist.c @@ -436,7 +436,12 @@ MmGetRmapListHeadPage(PFN_NUMBER Pfn) /* Get the entry */ Pfn1 = MiGetPfnEntry(Pfn); ASSERT(Pfn1); - ASSERT_IS_ROS_PFN(Pfn1); + + if (!MI_IS_ROS_PFN(Pfn1)) + { + MiReleasePfnLock(oldIrql); + return NULL; + } /* Get the list head */ ListHead = Pfn1->RmapListHead; diff --git a/ntoskrnl/mm/rmap.c b/ntoskrnl/mm/rmap.c index c000953cca1..785539ea58d 100644 --- a/ntoskrnl/mm/rmap.c +++ b/ntoskrnl/mm/rmap.c @@ -149,7 +149,32 @@ MmPageOutPhysicalAddress(PFN_NUMBER Page) /* Delete this virtual mapping in the process */ MmDeleteVirtualMapping(Process, Address, &Dirty, &MapPage); - ASSERT(MapPage == Page); + + /* There is a window betwwen the start of this function and now, + * where it's possible that the process changed its memory layout, + * because of copy-on-write, unmapping memory, or whatsoever. + * Just go away if that is the case */ + if (MapPage != Page) + { + PMM_REGION Region = MmFindRegion((PVOID)MA_GetStartingAddress(MemoryArea), + &MemoryArea->SectionData.RegionListHead, + Address, NULL); + /* Restore the mapping */ + MmCreateVirtualMapping(Process, Address, Region->Protect, &MapPage, 1); + if (Dirty) + MmSetDirtyPage(Process, Address); + + MmUnlockSectionSegment(Segment); + MmUnlockAddressSpace(AddressSpace); + if (Address < MmSystemRangeStart) + { + ExReleaseRundownProtection(&Process->RundownProtect); + ObDereferenceObject(Process); + } + + /* We can still try to flush it to disk, though */ + goto WriteSegment; + } if (Page != PFN_FROM_SSE(Entry)) {

1 0

[reactos] 66/100: [NTOS:MM] Check that we don't add rmap for NULL process
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=11eee4eeec8771c399988… commit 11eee4eeec8771c399988b68e4c7bb829d2405ff Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 19:50:59 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:MM] Check that we don't add rmap for NULL process --- ntoskrnl/mm/rmap.c | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/ntoskrnl/mm/rmap.c b/ntoskrnl/mm/rmap.c index 80576f4cc59..c000953cca1 100644 --- a/ntoskrnl/mm/rmap.c +++ b/ntoskrnl/mm/rmap.c @@ -410,17 +410,11 @@ MmInsertRmap(PFN_NUMBER Page, PEPROCESS Process, if (!RMAP_IS_SEGMENT(Address)) { - if (Process == NULL) + ASSERT(Process != NULL); + PrevSize = InterlockedExchangeAddUL(&Process->Vm.WorkingSetSize, PAGE_SIZE); + if (PrevSize >= Process->Vm.PeakWorkingSetSize) { - Process = PsInitialSystemProcess; - } - if (Process) - { - PrevSize = InterlockedExchangeAddUL(&Process->Vm.WorkingSetSize, PAGE_SIZE); - if (PrevSize >= Process->Vm.PeakWorkingSetSize) - { - Process->Vm.PeakWorkingSetSize = PrevSize + PAGE_SIZE; - } + Process->Vm.PeakWorkingSetSize = PrevSize + PAGE_SIZE; } } } @@ -455,14 +449,8 @@ MmDeleteRmap(PFN_NUMBER Page, PEPROCESS Process, ExFreeToNPagedLookasideList(&RmapLookasideList, current_entry); if (!RMAP_IS_SEGMENT(Address)) { - if (Process == NULL) - { - Process = PsInitialSystemProcess; - } - if (Process) - { - (void)InterlockedExchangeAddUL(&Process->Vm.WorkingSetSize, -PAGE_SIZE); - } + ASSERT(Process != NULL); + (void)InterlockedExchangeAddUL(&Process->Vm.WorkingSetSize, -PAGE_SIZE); } return; }

1 0

[reactos] 65/100: [NTOS:MM] Fix a race condition when unmapping sections views
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=caf89b95829ca8cf851ed… commit caf89b95829ca8cf851ed20103b70a645e8c5a83 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 19:50:00 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:MM] Fix a race condition when unmapping sections views --- ntoskrnl/mm/ARM3/section.c | 18 ++++++++++++------ ntoskrnl/mm/marea.c | 6 ------ ntoskrnl/mm/section.c | 19 +++---------------- 3 files changed, 15 insertions(+), 28 deletions(-) diff --git a/ntoskrnl/mm/ARM3/section.c b/ntoskrnl/mm/ARM3/section.c index dde3b2d8cc4..fddaf752031 100644 --- a/ntoskrnl/mm/ARM3/section.c +++ b/ntoskrnl/mm/ARM3/section.c @@ -833,12 +833,17 @@ MiUnmapViewOfSection(IN PEPROCESS Process, PEPROCESS CurrentProcess = PsGetCurrentProcess(); PAGED_CODE(); + /* Check if we need to lock the address space */ + if (!Flags) MmLockAddressSpace(&Process->Vm); + /* Check for Mm Region */ MemoryArea = MmLocateMemoryAreaByAddress(&Process->Vm, BaseAddress); if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)) { /* Call Mm API */ - return MiRosUnmapViewOfSection(Process, BaseAddress, Process->ProcessExiting); + NTSTATUS Status = MiRosUnmapViewOfSection(Process, BaseAddress, Process->ProcessExiting); + if (!Flags) MmUnlockAddressSpace(&Process->Vm); + return Status; } /* Check if we should attach to the process */ @@ -849,10 +854,7 @@ MiUnmapViewOfSection(IN PEPROCESS Process, Attached = TRUE; } - /* Check if we need to lock the address space */ - if (!Flags) MmLockAddressSpace(&Process->Vm); - - /* Check if the process is already daed */ + /* Check if the process is already dead */ if (Process->VmDeleted) { /* Fail the call */ @@ -3116,11 +3118,15 @@ MmUnmapViewInSystemSpace(IN PVOID MappedBase) PAGED_CODE(); /* Was this mapped by RosMm? */ + MmLockAddressSpace(MmGetKernelAddressSpace()); MemoryArea = MmLocateMemoryAreaByAddress(MmGetKernelAddressSpace(), MappedBase); if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)) { - return MiRosUnmapViewInSystemSpace(MappedBase); + NTSTATUS Status = MiRosUnmapViewInSystemSpace(MappedBase); + MmUnlockAddressSpace(MmGetKernelAddressSpace()); + return Status; } + MmUnlockAddressSpace(MmGetKernelAddressSpace()); /* It was not, call the ARM3 routine */ return MiUnmapViewInSystemSpace(&MmSession, MappedBase); diff --git a/ntoskrnl/mm/marea.c b/ntoskrnl/mm/marea.c index cd7b9594f1d..6e4226b6c35 100644 --- a/ntoskrnl/mm/marea.c +++ b/ntoskrnl/mm/marea.c @@ -543,9 +543,6 @@ MiRosCleanupMemoryArea( (Process->ActiveThreads == 1)) || (Process->ActiveThreads == 0)); - /* We are in cleanup, we don't need to synchronize */ - MmUnlockAddressSpace(&Process->Vm); - MemoryArea = (PMEMORY_AREA)Vad; BaseAddress = (PVOID)MA_GetStartingAddress(MemoryArea); @@ -567,9 +564,6 @@ MiRosCleanupMemoryArea( /* Make sure this worked! */ ASSERT(NT_SUCCESS(Status)); - - /* Lock the address space again */ - MmLockAddressSpace(&Process->Vm); } VOID diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c index 17762f8628e..1c7fbdbefc6 100644 --- a/ntoskrnl/mm/section.c +++ b/ntoskrnl/mm/section.c @@ -3459,6 +3459,7 @@ MmUnmapViewOfSegment(PMMSUPPORT AddressSpace, return(Status); } +/* This functions must be called with a locked address space */ NTSTATUS NTAPI MiRosUnmapViewOfSection(IN PEPROCESS Process, @@ -3477,7 +3478,6 @@ MiRosUnmapViewOfSection(IN PEPROCESS Process, AddressSpace = Process ? &Process->Vm : MmGetKernelAddressSpace(); - MmLockAddressSpace(AddressSpace); MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, BaseAddress); if (MemoryArea == NULL || @@ -3492,7 +3492,6 @@ MiRosUnmapViewOfSection(IN PEPROCESS Process, if (MemoryArea) ASSERT(MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3); DPRINT1("Unable to find memory area at address %p.\n", BaseAddress); - MmUnlockAddressSpace(AddressSpace); return STATUS_NOT_MAPPED_VIEW; } @@ -3551,8 +3550,6 @@ MiRosUnmapViewOfSection(IN PEPROCESS Process, } } - MmUnlockAddressSpace(AddressSpace); - /* Notify debugger */ if (ImageBaseAddress && !SkipDebuggerNotify) DbgkUnMapViewOfSection(ImageBaseAddress); @@ -4248,24 +4245,14 @@ MmMapViewInSystemSpaceEx ( return Status; } +/* This function must be called with adress space lock held */ NTSTATUS NTAPI MiRosUnmapViewInSystemSpace(IN PVOID MappedBase) { - PMMSUPPORT AddressSpace; - NTSTATUS Status; - DPRINT("MmUnmapViewInSystemSpace() called\n"); - AddressSpace = MmGetKernelAddressSpace(); - - MmLockAddressSpace(AddressSpace); - - Status = MmUnmapViewOfSegment(AddressSpace, MappedBase); - - MmUnlockAddressSpace(AddressSpace); - - return Status; + return MmUnmapViewOfSegment(MmGetKernelAddressSpace(), MappedBase); } /**********************************************************************

1 0

[reactos] 64/100: [NTOS:CC] Perform sanity checks before doing anything else
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=57ee31ee33e2fdf7ef701… commit 57ee31ee33e2fdf7ef70172cd78690a0ddb4b92c Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 16:55:19 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:CC] Perform sanity checks before doing anything else --- ntoskrnl/cc/pin.c | 4 +--- ntoskrnl/cc/view.c | 21 ++++++++++++--------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/ntoskrnl/cc/pin.c b/ntoskrnl/cc/pin.c index 8a79ee45031..30cba0a248a 100644 --- a/ntoskrnl/cc/pin.c +++ b/ntoskrnl/cc/pin.c @@ -581,7 +581,6 @@ CcUnpinDataForThread ( IN ERESOURCE_THREAD ResourceThreadId) { PINTERNAL_BCB iBcb = Bcb; - PROS_SHARED_CACHE_MAP SharedCacheMap; CCTRACE(CC_API_DEBUG, "Bcb=%p ResourceThreadId=%lu\n", Bcb, ResourceThreadId); @@ -591,8 +590,7 @@ CcUnpinDataForThread ( iBcb->PinCount--; } - SharedCacheMap = iBcb->Vacb->SharedCacheMap; - CcpDereferenceBcb(SharedCacheMap, iBcb); + CcpDereferenceBcb(iBcb->Vacb->SharedCacheMap, iBcb); } /* diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c index 6f0490c31d0..4866db4f849 100644 --- a/ntoskrnl/cc/view.c +++ b/ntoskrnl/cc/view.c @@ -740,11 +740,13 @@ CcRosEnsureVacbResident( ASSERT((Offset + Length) <= VACB_MAPPING_GRANULARITY); +#if 0 if ((Vacb->FileOffset.QuadPart + Offset) > Vacb->SharedCacheMap->SectionSize.QuadPart) { DPRINT1("Vacb read beyond the file size!\n"); return FALSE; } +#endif BaseAddress = (PVOID)((ULONG_PTR)Vacb->BaseAddress + Offset); @@ -862,15 +864,6 @@ CcRosInternalFreeVacb ( } #endif - /* Delete the mapping */ - Status = MmUnmapViewInSystemSpace(Vacb->BaseAddress); - if (!NT_SUCCESS(Status)) - { - DPRINT1("Failed to unmap VACB from System address space! Status 0x%08X\n", Status); - ASSERT(FALSE); - /* Proceed with the deĺetion anyway */ - } - if (Vacb->ReferenceCount != 0) { DPRINT1("Invalid free: %ld\n", Vacb->ReferenceCount); @@ -884,6 +877,16 @@ CcRosInternalFreeVacb ( ASSERT(IsListEmpty(&Vacb->CacheMapVacbListEntry)); ASSERT(IsListEmpty(&Vacb->DirtyVacbListEntry)); ASSERT(IsListEmpty(&Vacb->VacbLruListEntry)); + + /* Delete the mapping */ + Status = MmUnmapViewInSystemSpace(Vacb->BaseAddress); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to unmap VACB from System address space! Status 0x%08X\n", Status); + ASSERT(FALSE); + /* Proceed with the deĺetion anyway */ + } + RtlFillMemory(Vacb, sizeof(*Vacb), 0xfd); ExFreeToNPagedLookasideList(&VacbLookasideList, Vacb); return STATUS_SUCCESS;

1 0

[reactos] 63/100: [NTOS:MM] Fix input validation/correction in MmMapViewInSystemSpace
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=cff3c399c63a36bd5f05a… commit cff3c399c63a36bd5f05aa2389d54b0824a567ab Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 16:43:03 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:MM] Fix input validation/correction in MmMapViewInSystemSpace --- ntoskrnl/include/ntoskrnl.h | 2 ++ ntoskrnl/mm/section.c | 54 ++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/ntoskrnl/include/ntoskrnl.h b/ntoskrnl/include/ntoskrnl.h index 7685c36bcf1..353efeb44c3 100644 --- a/ntoskrnl/include/ntoskrnl.h +++ b/ntoskrnl/include/ntoskrnl.h @@ -63,7 +63,9 @@ #include <regstr.h> #include <ntstrsafe.h> #include <ntpoapi.h> +#define ENABLE_INTSAFE_SIGNED_FUNCTIONS #include <ntintsafe.h> +#undef ENABLE_INTSAFE_SIGNED_FUNCTIONS /* C Headers */ #include <stdlib.h> diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c index 4756875a661..17762f8628e 100644 --- a/ntoskrnl/mm/section.c +++ b/ntoskrnl/mm/section.c @@ -3249,6 +3249,8 @@ MmMapViewOfSegment( NTSTATUS Status; ULONG Granularity; + ASSERT(ViewSize != 0); + if (Segment->WriteCopy) { /* We have to do this because the not present fault @@ -3488,6 +3490,8 @@ MiRosUnmapViewOfSection(IN PEPROCESS Process, { if (MemoryArea) ASSERT(MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3); + + DPRINT1("Unable to find memory area at address %p.\n", BaseAddress); MmUnlockAddressSpace(AddressSpace); return STATUS_NOT_MAPPED_VIEW; } @@ -4009,7 +4013,9 @@ MmMapViewOfSection(IN PVOID SectionObject, { (*ViewSize) = Section->SizeOfSection.QuadPart - ViewOffset; } - else if ((ExGetPreviousMode() == UserMode) && (((*ViewSize)+ViewOffset) > Section->SizeOfSection.QuadPart)) + else if ((ExGetPreviousMode() == UserMode) && + (((*ViewSize)+ViewOffset) > Section->SizeOfSection.QuadPart) && + (!Section->u.Flags.Reserve)) { /* Dubious */ (*ViewSize) = MIN(Section->SizeOfSection.QuadPart - ViewOffset, SIZE_T_MAX - PAGE_SIZE); @@ -4165,6 +4171,7 @@ MmMapViewInSystemSpaceEx ( PMM_SECTION_SEGMENT Segment; PMMSUPPORT AddressSpace; NTSTATUS Status; + PAGED_CODE(); if (MiIsRosSectionObject(SectionObject) == FALSE) @@ -4181,15 +4188,49 @@ MmMapViewInSystemSpaceEx ( Section = SectionObject; Segment = (PMM_SECTION_SEGMENT)Section->Segment; - AddressSpace = MmGetKernelAddressSpace(); + if (*ViewSize == 0) + { + LONGLONG MapSizeLL; - MmLockAddressSpace(AddressSpace); + /* Page-align the mapping */ + SectionOffset->LowPart = PAGE_ROUND_DOWN(SectionOffset->LowPart); - if (*ViewSize == 0) + if (!NT_SUCCESS(RtlLongLongSub(Section->SizeOfSection.QuadPart, SectionOffset->QuadPart, &MapSizeLL))) + return STATUS_INVALID_VIEW_SIZE; + + if (!NT_SUCCESS(RtlLongLongToSIZET(MapSizeLL, ViewSize))) + return STATUS_INVALID_VIEW_SIZE; + } + else { - *ViewSize = MIN((Section->SizeOfSection.QuadPart - SectionOffset->QuadPart), SIZE_T_MAX); + LONGLONG HelperLL; + + /* Get the map end */ + if (!NT_SUCCESS(RtlLongLongAdd(SectionOffset->QuadPart, *ViewSize, &HelperLL))) + return STATUS_INVALID_VIEW_SIZE; + + /* Round it up, if needed */ + if (HelperLL % PAGE_SIZE) + { + if (!NT_SUCCESS(RtlLongLongAdd(HelperLL, PAGE_SIZE - (HelperLL % PAGE_SIZE), &HelperLL))) + return STATUS_INVALID_VIEW_SIZE; + } + + /* Now that we have the mapping end, we can align down its start */ + SectionOffset->LowPart = PAGE_ROUND_DOWN(SectionOffset->LowPart); + + /* Get the new size */ + if (!NT_SUCCESS(RtlLongLongSub(HelperLL, SectionOffset->QuadPart, &HelperLL))) + return STATUS_INVALID_VIEW_SIZE; + + if (!NT_SUCCESS(RtlLongLongToSIZET(HelperLL, ViewSize))) + return STATUS_INVALID_VIEW_SIZE; } + AddressSpace = MmGetKernelAddressSpace(); + + MmLockAddressSpace(AddressSpace); + MmLockSectionSegment(Segment); Status = MmMapViewOfSegment(AddressSpace, @@ -4505,6 +4546,7 @@ MmMakePagesResident( MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, Address); if (MemoryArea == NULL) { + DPRINT1("Unable to find memory area at address %p.\n", Address); MmUnlockAddressSpace(AddressSpace); return STATUS_NOT_MAPPED_VIEW; } @@ -4608,6 +4650,7 @@ MmRosFlushVirtualMemory( if ((MemoryArea == NULL) || (MemoryArea->Type != MEMORY_AREA_SECTION_VIEW) || (MemoryArea->VadNode.u.VadFlags.VadType == VadImageMap)) { + DPRINT1("Unable to find memory area at address %p.\n", Address); MmUnlockAddressSpace(AddressSpace); return STATUS_NOT_MAPPED_VIEW; } @@ -4766,6 +4809,7 @@ MmMakePagesDirty( MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, Address); if (MemoryArea == NULL) { + DPRINT1("Unable to find memory area at address %p.\n", Address); MmUnlockAddressSpace(AddressSpace); return STATUS_NOT_MAPPED_VIEW; }

1 0

[reactos] 62/100: [NTOS:CC] Fix potnetial use-after-free
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8287a098b94d5cf60a960… commit 8287a098b94d5cf60a9604e711fba19d3a758be5 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 11:26:25 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:CC] Fix potnetial use-after-free --- ntoskrnl/cc/view.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c index e6ac23c2b6e..6f0490c31d0 100644 --- a/ntoskrnl/cc/view.c +++ b/ntoskrnl/cc/view.c @@ -208,8 +208,6 @@ CcRosFlushDirtyPages ( BOOLEAN CalledFromLazy) { PLIST_ENTRY current_entry; - PROS_VACB current; - BOOLEAN Locked; NTSTATUS Status; KIRQL OldIrql; BOOLEAN FlushAll = (Target == MAXULONG); @@ -229,6 +227,10 @@ CcRosFlushDirtyPages ( while (((current_entry != &DirtyVacbListHead) && (Target > 0)) || FlushAll) { + PROS_SHARED_CACHE_MAP SharedCacheMap; + PROS_VACB current; + BOOLEAN Locked; + if (current_entry == &DirtyVacbListHead) { ASSERT(FlushAll); @@ -244,17 +246,17 @@ CcRosFlushDirtyPages ( CcRosVacbIncRefCount(current); + SharedCacheMap = current->SharedCacheMap; + /* When performing lazy write, don't handle temporary files */ - if (CalledFromLazy && - BooleanFlagOn(current->SharedCacheMap->FileObject->Flags, FO_TEMPORARY_FILE)) + if (CalledFromLazy && BooleanFlagOn(SharedCacheMap->FileObject->Flags, FO_TEMPORARY_FILE)) { CcRosVacbDecRefCount(current); continue; } /* Don't attempt to lazy write the files that asked not to */ - if (CalledFromLazy && - BooleanFlagOn(current->SharedCacheMap->Flags, WRITEBEHIND_DISABLED)) + if (CalledFromLazy && BooleanFlagOn(SharedCacheMap->Flags, WRITEBEHIND_DISABLED)) { CcRosVacbDecRefCount(current); continue; @@ -263,32 +265,30 @@ CcRosFlushDirtyPages ( ASSERT(current->Dirty); /* Do not lazy-write the same file concurrently. Fastfat ASSERTS on that */ - if (current->SharedCacheMap->Flags & SHARED_CACHE_MAP_IN_LAZYWRITE) + if (SharedCacheMap->Flags & SHARED_CACHE_MAP_IN_LAZYWRITE) { CcRosVacbDecRefCount(current); continue; } - current->SharedCacheMap->Flags |= SHARED_CACHE_MAP_IN_LAZYWRITE; + SharedCacheMap->Flags |= SHARED_CACHE_MAP_IN_LAZYWRITE; KeReleaseQueuedSpinLock(LockQueueMasterLock, OldIrql); - Locked = current->SharedCacheMap->Callbacks->AcquireForLazyWrite( - current->SharedCacheMap->LazyWriteContext, Wait); + Locked = SharedCacheMap->Callbacks->AcquireForLazyWrite(SharedCacheMap->LazyWriteContext, Wait); if (!Locked) { DPRINT("Not locked!"); ASSERT(!Wait); - OldIrql = KeAcquireQueuedSpinLock(LockQueueMasterLock); CcRosVacbDecRefCount(current); - current->SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; + OldIrql = KeAcquireQueuedSpinLock(LockQueueMasterLock); + SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; continue; } Status = CcRosFlushVacb(current); - current->SharedCacheMap->Callbacks->ReleaseFromLazyWrite( - current->SharedCacheMap->LazyWriteContext); + SharedCacheMap->Callbacks->ReleaseFromLazyWrite(SharedCacheMap->LazyWriteContext); /* We release the VACB before acquiring the lock again, because * CcRosVacbDecRefCount might free the VACB, as CcRosFlushVacb dropped a @@ -297,7 +297,7 @@ CcRosFlushDirtyPages ( CcRosVacbDecRefCount(current); OldIrql = KeAcquireQueuedSpinLock(LockQueueMasterLock); - current->SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; + SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; if (!NT_SUCCESS(Status) && (Status != STATUS_END_OF_FILE) && (Status != STATUS_MEDIA_WRITE_PROTECTED))

1 0

[reactos] 61/100: [NTOS:CC] Always honor WriteThrough parameter in CcUnpinRepinnedBcb
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=358d06c47ca31d8854c8b… commit 358d06c47ca31d8854c8ba2ffa16ab577f798e82 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 29 10:07:57 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:CC] Always honor WriteThrough parameter in CcUnpinRepinnedBcb --- ntoskrnl/cc/pin.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/ntoskrnl/cc/pin.c b/ntoskrnl/cc/pin.c index 597468f6fd7..8a79ee45031 100644 --- a/ntoskrnl/cc/pin.c +++ b/ntoskrnl/cc/pin.c @@ -629,29 +629,25 @@ CcUnpinRepinnedBcb ( SharedCacheMap = iBcb->Vacb->SharedCacheMap; IoStatus->Status = STATUS_SUCCESS; + if (WriteThrough) + { + CcFlushCache(iBcb->Vacb->SharedCacheMap->FileObject->SectionObjectPointer, + &iBcb->PFCB.MappedFileOffset, + iBcb->PFCB.MappedLength, + IoStatus); + } + else + { + IoStatus->Status = STATUS_SUCCESS; + IoStatus->Information = 0; + } + KeAcquireSpinLock(&SharedCacheMap->BcbSpinLock, &OldIrql); if (--iBcb->RefCount == 0) { RemoveEntryList(&iBcb->BcbEntry); KeReleaseSpinLock(&SharedCacheMap->BcbSpinLock, OldIrql); - IoStatus->Information = 0; - if (WriteThrough) - { - if (iBcb->Vacb->Dirty) - { - IoStatus->Status = CcRosFlushVacb(iBcb->Vacb); - } - else - { - IoStatus->Status = STATUS_SUCCESS; - } - } - else - { - IoStatus->Status = STATUS_SUCCESS; - } - if (iBcb->PinCount != 0) { ExReleaseResourceLite(&iBcb->Lock);

1 0

[reactos] 60/100: [NTOS:CC] Do not write behind concurrently the same file
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1505abbc095f9f9414e15… commit 1505abbc095f9f9414e15847ce840d2a8fe592d9 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Tue Dec 22 11:31:51 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:CC] Do not write behind concurrently the same file --- ntoskrnl/cc/view.c | 12 ++++++++++++ ntoskrnl/include/internal/cc.h | 1 + 2 files changed, 13 insertions(+) diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c index 35d0df31545..e6ac23c2b6e 100644 --- a/ntoskrnl/cc/view.c +++ b/ntoskrnl/cc/view.c @@ -262,6 +262,15 @@ CcRosFlushDirtyPages ( ASSERT(current->Dirty); + /* Do not lazy-write the same file concurrently. Fastfat ASSERTS on that */ + if (current->SharedCacheMap->Flags & SHARED_CACHE_MAP_IN_LAZYWRITE) + { + CcRosVacbDecRefCount(current); + continue; + } + + current->SharedCacheMap->Flags |= SHARED_CACHE_MAP_IN_LAZYWRITE; + KeReleaseQueuedSpinLock(LockQueueMasterLock, OldIrql); Locked = current->SharedCacheMap->Callbacks->AcquireForLazyWrite( @@ -272,6 +281,7 @@ CcRosFlushDirtyPages ( ASSERT(!Wait); OldIrql = KeAcquireQueuedSpinLock(LockQueueMasterLock); CcRosVacbDecRefCount(current); + current->SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; continue; } @@ -287,6 +297,8 @@ CcRosFlushDirtyPages ( CcRosVacbDecRefCount(current); OldIrql = KeAcquireQueuedSpinLock(LockQueueMasterLock); + current->SharedCacheMap->Flags &= ~SHARED_CACHE_MAP_IN_LAZYWRITE; + if (!NT_SUCCESS(Status) && (Status != STATUS_END_OF_FILE) && (Status != STATUS_MEDIA_WRITE_PROTECTED)) { diff --git a/ntoskrnl/include/internal/cc.h b/ntoskrnl/include/internal/cc.h index 862a759ef7a..65fd3fe6ffa 100644 --- a/ntoskrnl/include/internal/cc.h +++ b/ntoskrnl/include/internal/cc.h @@ -200,6 +200,7 @@ typedef struct _ROS_SHARED_CACHE_MAP #define READAHEAD_DISABLED 0x1 #define WRITEBEHIND_DISABLED 0x2 #define SHARED_CACHE_MAP_IN_CREATION 0x4 +#define SHARED_CACHE_MAP_IN_LAZYWRITE 0x8 typedef struct _ROS_VACB {

1 0

[reactos] 59/100: [NTOS] Loop again and again until the whole cache is empty when sutting down
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=347a4f146b8245dd6753e… commit 347a4f146b8245dd6753e39365aafe492d37ca60 Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Mon Dec 21 18:47:32 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS] Loop again and again until the whole cache is empty when sutting down --- ntoskrnl/cc/view.c | 11 ++++++++++- ntoskrnl/po/power.c | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c index 3952986dc44..35d0df31545 100644 --- a/ntoskrnl/cc/view.c +++ b/ntoskrnl/cc/view.c @@ -212,6 +212,7 @@ CcRosFlushDirtyPages ( BOOLEAN Locked; NTSTATUS Status; KIRQL OldIrql; + BOOLEAN FlushAll = (Target == MAXULONG); DPRINT("CcRosFlushDirtyPages(Target %lu)\n", Target); @@ -226,8 +227,16 @@ CcRosFlushDirtyPages ( DPRINT("No Dirty pages\n"); } - while ((current_entry != &DirtyVacbListHead) && (Target > 0)) + while (((current_entry != &DirtyVacbListHead) && (Target > 0)) || FlushAll) { + if (current_entry == &DirtyVacbListHead) + { + ASSERT(FlushAll); + if (IsListEmpty(&DirtyVacbListHead)) + break; + current_entry = DirtyVacbListHead.Flink; + } + current = CONTAINING_RECORD(current_entry, ROS_VACB, DirtyVacbListEntry); diff --git a/ntoskrnl/po/power.c b/ntoskrnl/po/power.c index 7d2f4d7114a..6dee7054c02 100644 --- a/ntoskrnl/po/power.c +++ b/ntoskrnl/po/power.c @@ -1075,7 +1075,7 @@ NtSetSystemPowerState(IN POWER_ACTION SystemAction, #ifndef NEWCC /* Flush dirty cache pages */ /* XXX: Is that still mandatory? As now we'll wait on lazy writer to complete? */ - CcRosFlushDirtyPages(-1, &Dummy, TRUE, FALSE); //HACK: We really should wait here! + CcRosFlushDirtyPages(MAXULONG, &Dummy, TRUE, FALSE); //HACK: We really should wait here! #else Dummy = 0; #endif

1 0

[reactos] 58/100: [NTOS:MM] Keep image maps & file maps coherent at the time of creating the image map
by Jérôme Gardou 03 Feb '21

03 Feb '21

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=addf824d8739e937098e1… commit addf824d8739e937098e10fc3cd05ca094016d6e Author: Jérôme Gardou <jerome.gardou(a)reactos.org> AuthorDate: Mon Dec 21 13:54:29 2020 +0100 Commit: Jérôme Gardou <jerome.gardou(a)reactos.org> CommitDate: Wed Feb 3 09:41:23 2021 +0100 [NTOS:MM] Keep image maps & file maps coherent at the time of creating the image map --- ntoskrnl/mm/section.c | 128 +++++++++++++++++++++++++------------------------- 1 file changed, 65 insertions(+), 63 deletions(-) diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c index b9242c6eade..4756875a661 100644 --- a/ntoskrnl/mm/section.c +++ b/ntoskrnl/mm/section.c @@ -2448,6 +2448,19 @@ ExeFmtpAllocateSegments(IN ULONG NrSegments) return Segments; } +static NTSTATUS +MmMapViewOfSegment(PMMSUPPORT AddressSpace, + BOOLEAN AsImage, + PMM_SECTION_SEGMENT Segment, + PVOID* BaseAddress, + SIZE_T ViewSize, + ULONG Protect, + LONGLONG ViewOffset, + ULONG AllocationType); +static NTSTATUS +MmUnmapViewOfSegment(PMMSUPPORT AddressSpace, + PVOID BaseAddress); + static NTSTATUS NTAPI @@ -2490,36 +2503,57 @@ ExeFmtpReadFile(IN PVOID File, BufferSize = Length + OffsetAdjustment; BufferSize = PAGE_ROUND_UP(BufferSize); - /* Flush data since we're about to perform a non-cached read */ - CcFlushCache(FileObject->SectionObjectPointer, - &FileOffset, - BufferSize, - &Iosb); - /* * It's ok to use paged pool, because this is a temporary buffer only used in * the loading of executables. The assumption is that MmCreateSection is * always called at low IRQLs and that these buffers don't survive a brief * initialization phase */ - Buffer = ExAllocatePoolWithTag(PagedPool, - BufferSize, - 'rXmM'); + Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, 'rXmM'); if (!Buffer) { return STATUS_INSUFFICIENT_RESOURCES; } - UsedSize = 0; + if (FileObject->SectionObjectPointer->DataSectionObject) + { + PVOID SegmentMap = NULL; - Status = MiSimpleRead(FileObject, &FileOffset, Buffer, BufferSize, TRUE, &Iosb); + /* Get the data from the file mapping instead */ + MmLockAddressSpace(MmGetKernelAddressSpace()); + Status = MmMapViewOfSegment(MmGetKernelAddressSpace(), + FALSE, + FileObject->SectionObjectPointer->DataSectionObject, + &SegmentMap, + BufferSize, + PAGE_READONLY, + FileOffset.QuadPart, + 0); + MmUnlockAddressSpace(MmGetKernelAddressSpace()); - UsedSize = (ULONG)Iosb.Information; + if (!NT_SUCCESS(Status)) + return Status; + + RtlCopyMemory(Buffer, SegmentMap, BufferSize); + UsedSize = BufferSize; - if(NT_SUCCESS(Status) && UsedSize < OffsetAdjustment) + MmLockAddressSpace(MmGetKernelAddressSpace()); + + MmUnmapViewOfSegment(MmGetKernelAddressSpace(), SegmentMap); + + MmUnlockAddressSpace(MmGetKernelAddressSpace()); + } + else { - Status = STATUS_IN_PAGE_ERROR; - ASSERT(!NT_SUCCESS(Status)); + Status = MiSimpleRead(FileObject, &FileOffset, Buffer, BufferSize, TRUE, &Iosb); + + UsedSize = (ULONG)Iosb.Information; + + if(NT_SUCCESS(Status) && UsedSize < OffsetAdjustment) + { + Status = STATUS_IN_PAGE_ERROR; + ASSERT(!NT_SUCCESS(Status)); + } } if(NT_SUCCESS(Status)) @@ -3102,7 +3136,6 @@ MmCreateImageSection(PSECTION *SectionObject, if (ImageSectionObject == NULL) { NTSTATUS StatusExeFmt; - PMM_SECTION_SEGMENT DataSectionObject; ImageSectionObject = ExAllocatePoolZero(NonPagedPool, sizeof(MM_IMAGE_SECTION_OBJECT), TAG_MM_SECTION_SEGMENT); if (ImageSectionObject == NULL) @@ -3116,44 +3149,12 @@ MmCreateImageSection(PSECTION *SectionObject, ImageSectionObject->RefCount = 1; FileObject->SectionObjectPointer->ImageSectionObject = ImageSectionObject; - /* Get a ref on the data section object */ - DataSectionObject = FileObject->SectionObjectPointer->DataSectionObject; - while (DataSectionObject && (DataSectionObject->SegFlags & (MM_SEGMENT_INDELETE | MM_SEGMENT_INCREATE))) - { - LARGE_INTEGER ShortTime; - - MiReleasePfnLock(OldIrql); - - ShortTime.QuadPart = - 10 * 100 * 1000; - KeDelayExecutionThread(KernelMode, FALSE, &ShortTime); - - OldIrql = MiAcquirePfnLock(); - DataSectionObject = FileObject->SectionObjectPointer->DataSectionObject; - ASSERT(DataSectionObject->SegFlags & MM_DATAFILE_SEGMENT); - } - - /* Get a ref on it. */ - if (DataSectionObject) - InterlockedIncrementUL(&DataSectionObject->RefCount); - MiReleasePfnLock(OldIrql); - if (DataSectionObject) + /* Purge the cache */ + if (CcIsFileCached(FileObject)) { - if ((DataSectionObject->SectionCount - (FileObject->SectionObjectPointer->SharedCacheMap != NULL)) > 0) - { - /* Someone's got a section opened. Deny creation */ - DPRINT1("Denying image creation for %wZ: Sections opened: %lu.\n", - &FileObject->FileName, DataSectionObject->SectionCount); - InterlockedExchangePointer(&FileObject->SectionObjectPointer->ImageSectionObject, NULL); - ExFreePoolWithTag(ImageSectionObject, TAG_MM_SECTION_SEGMENT); - MmDereferenceSegment(DataSectionObject); - ObDereferenceObject(Section); - return STATUS_ACCESS_DENIED; - } - - /* Purge the cache. */ - CcPurgeCacheSection(FileObject->SectionObjectPointer, NULL, 0, FALSE); + CcFlushCache(FileObject->SectionObjectPointer, NULL, 0, NULL); } StatusExeFmt = ExeFmtpCreateImageSection(FileObject, ImageSectionObject); @@ -3234,14 +3235,15 @@ MmCreateImageSection(PSECTION *SectionObject, static NTSTATUS -MmMapViewOfSegment(PMMSUPPORT AddressSpace, - PSECTION Section, - PMM_SECTION_SEGMENT Segment, - PVOID* BaseAddress, - SIZE_T ViewSize, - ULONG Protect, - LONGLONG ViewOffset, - ULONG AllocationType) +MmMapViewOfSegment( + PMMSUPPORT AddressSpace, + BOOLEAN AsImage, + PMM_SECTION_SEGMENT Segment, + PVOID* BaseAddress, + SIZE_T ViewSize, + ULONG Protect, + LONGLONG ViewOffset, + ULONG AllocationType) { PMEMORY_AREA MArea; NTSTATUS Status; @@ -3297,7 +3299,7 @@ MmMapViewOfSegment(PMMSUPPORT AddressSpace, MArea->SectionData.Segment = Segment; MArea->SectionData.ViewOffset.QuadPart = ViewOffset; - if (Section->u.Flags.Image) + if (AsImage) { MArea->VadNode.u.VadFlags.VadType = VadImageMap; } @@ -3932,7 +3934,7 @@ MmMapViewOfSection(IN PVOID SectionObject, ((char*)ImageBase + (ULONG_PTR)SectionSegments[i].Image.VirtualAddress); MmLockSectionSegment(&SectionSegments[i]); Status = MmMapViewOfSegment(AddressSpace, - Section, + TRUE, &SectionSegments[i], &SBaseAddress, SectionSegments[i].Length.QuadPart, @@ -4017,7 +4019,7 @@ MmMapViewOfSection(IN PVOID SectionObject, MmLockSectionSegment(Segment); Status = MmMapViewOfSegment(AddressSpace, - Section, + FALSE, Segment, BaseAddress, *ViewSize, @@ -4191,7 +4193,7 @@ MmMapViewInSystemSpaceEx ( MmLockSectionSegment(Segment); Status = MmMapViewOfSegment(AddressSpace, - Section, + Section->u.Flags.Image, Segment, MappedBase, *ViewSize,

1 0

← Newer
1
...
32
33
34
35
36
37
38
...
44
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs February 2021