https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f606b36cffeaa3ab78bb7…
commit f606b36cffeaa3ab78bb730db2fcee80ba61d2f6
Author: Timo Kreuzer <timo.kreuzer(a)reactos.org>
AuthorDate: Sat Jul 2 17:46:41 2022 +0200
Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org>
CommitDate: Tue Jul 5 19:29:05 2022 +0200
[NTOSKRNL] Fix a bug in MiDeleteVirtualAddresses
When a PDE gets empty, we skip the address to the next PDE boundary, which might introduce an AddressGap, which wasn't handled before.
---
ntoskrnl/mm/ARM3/virtual.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ntoskrnl/mm/ARM3/virtual.c b/ntoskrnl/mm/ARM3/virtual.c
index 4f5cd1b016b..5b54d8b4a28 100644
--- a/ntoskrnl/mm/ARM3/virtual.c
+++ b/ntoskrnl/mm/ARM3/virtual.c
@@ -714,10 +714,15 @@ MiDeleteVirtualAddresses(IN ULONG_PTR Va,
if (MiDecrementPageTableReferences((PVOID)Va) == 0)
{
ASSERT(PointerPde->u.Long != 0);
+
/* Delete the PDE proper */
MiDeletePde(PointerPde, CurrentProcess);
- /* Jump */
+
+ /* Continue with the next PDE */
Va = (ULONG_PTR)MiPdeToAddress(PointerPde + 1);
+
+ /* Use this to detect address gaps */
+ PointerPte++;
break;
}
}
@@ -733,8 +738,8 @@ MiDeleteVirtualAddresses(IN ULONG_PTR Va,
if (Va > EndingAddress) return;
- /* Otherwise, we exited because we hit a new PDE boundary, so start over */
- AddressGap = FALSE;
+ /* Check if we exited the loop regularly */
+ AddressGap = (PointerPte != MiAddressToPte(Va));
}
}