Author: mjmartin Date: Mon Sep 27 08:46:02 2010 New Revision: 48905
URL: http://svn.reactos.org/svn/reactos?rev=48905&view=rev Log: [ntoskrnl/mm] - Acquire rundown protection on process to make sure it is not being terminated and before attempting to do anything with the process. Fixed a rare case of PspDeleteProcess being called twice for a process, resulting in bugcheck.
Modified: trunk/reactos/ntoskrnl/mm/rmap.c
Modified: trunk/reactos/ntoskrnl/mm/rmap.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/rmap.c?rev=4890... ============================================================================== --- trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] Mon Sep 27 08:46:02 2010 @@ -208,6 +208,13 @@ return(STATUS_UNSUCCESSFUL); } Process = entry->Process; + + if (!ExAcquireRundownProtection(&Process->RundownProtect)) + { + ExReleaseFastMutex(&RmapListLock); + return STATUS_PROCESS_IS_TERMINATING; + } + Address = entry->Address; if ((((ULONG_PTR)Address) & 0xFFF) != 0) { @@ -220,6 +227,7 @@ ExReleaseFastMutex(&RmapListLock); if (!NT_SUCCESS(Status)) { + ExReleaseRundownProtection(&Process->RundownProtect); return Status; } AddressSpace = &Process->Vm; @@ -235,6 +243,7 @@ if (MemoryArea == NULL || MemoryArea->DeleteInProgress) { MmUnlockAddressSpace(AddressSpace); + ExReleaseRundownProtection(&Process->RundownProtect); if (Address < MmSystemRangeStart) { ObDereferenceObject(Process); @@ -256,6 +265,7 @@ if (PageOp == NULL) { MmUnlockAddressSpace(AddressSpace); + ExReleaseRundownProtection(&Process->RundownProtect); if (Address < MmSystemRangeStart) { ObDereferenceObject(Process); @@ -281,6 +291,7 @@ if (PageOp == NULL) { MmUnlockAddressSpace(AddressSpace); + ExReleaseRundownProtection(&Process->RundownProtect); if (Address < MmSystemRangeStart) { ObDereferenceObject(Process); @@ -303,6 +314,9 @@ { KeBugCheck(MEMORY_MANAGEMENT); } + + ExReleaseRundownProtection(&Process->RundownProtect); + if (Address < MmSystemRangeStart) { ObDereferenceObject(Process); @@ -499,6 +513,7 @@ ExAcquireFastMutex(&RmapListLock); previous_entry = NULL; current_entry = MmGetRmapListHeadPage(Page); + while (current_entry != NULL) { if (current_entry->Process == (PEPROCESS)Process && @@ -514,14 +529,14 @@ } ExReleaseFastMutex(&RmapListLock); ExFreeToNPagedLookasideList(&RmapLookasideList, current_entry); - if (Process == NULL) - { - Process = PsInitialSystemProcess; - } - if (Process) - { + if (Process == NULL) + { + Process = PsInitialSystemProcess; + } + if (Process) + { (void)InterlockedExchangeAddUL(&Process->Vm.WorkingSetSize, -PAGE_SIZE); - } + } return; } previous_entry = current_entry;