[ros-diffs] [sir_richard] 48921: [NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actual...

28 Sep 2010

Author: sir_richard
Date: Tue Sep 28 16:44:18 2010
New Revision: 48921
URL: http://svn.reactos.org/svn/reactos?rev=48921&view=rev
Log:
[NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actually exists. Fixes crashes caused by 48905.
Modified:
    trunk/reactos/ntoskrnl/mm/rmap.c
Modified: trunk/reactos/ntoskrnl/mm/rmap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/rmap.c?rev=4892...
==============================================================================

--- trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] Tue Sep 28 16:44:18 2010
@@ -75,12 +75,6 @@
    }
    Process = entry->Process;
-   if (!ExAcquireRundownProtection(&Process->RundownProtect))
-   {
-      ExReleaseFastMutex(&RmapListLock);
-      return STATUS_PROCESS_IS_TERMINATING;
-   }
-
    Address = entry->Address;
    if ((((ULONG_PTR)Address) & 0xFFF) != 0)
    {
@@ -89,6 +83,12 @@
if (Address < MmSystemRangeStart)
    {
+       if (!ExAcquireRundownProtection(&Process->RundownProtect))
+       {
+          ExReleaseFastMutex(&RmapListLock);
+          return STATUS_PROCESS_IS_TERMINATING;
+       }
+
       Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL, KernelMode);
       ExReleaseFastMutex(&RmapListLock);
       if (!NT_SUCCESS(Status))
@@ -109,9 +109,9 @@
    if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
    {
       MmUnlockAddressSpace(AddressSpace);
-      ExReleaseRundownProtection(&Process->RundownProtect);
       if (Address < MmSystemRangeStart)
       {
+         ExReleaseRundownProtection(&Process->RundownProtect);
          ObDereferenceObject(Process);
       }
       return(STATUS_UNSUCCESSFUL);
@@ -131,9 +131,9 @@
       if (PageOp == NULL)
       {
          MmUnlockAddressSpace(AddressSpace);
-         ExReleaseRundownProtection(&Process->RundownProtect);
          if (Address < MmSystemRangeStart)
          {
+            ExReleaseRundownProtection(&Process->RundownProtect);
             ObDereferenceObject(Process);
          }
          return(STATUS_UNSUCCESSFUL);
@@ -157,9 +157,9 @@
       if (PageOp == NULL)
       {
          MmUnlockAddressSpace(AddressSpace);
-         ExReleaseRundownProtection(&Process->RundownProtect);
          if (Address < MmSystemRangeStart)
          {
+            ExReleaseRundownProtection(&Process->RundownProtect);
             ObDereferenceObject(Process);
          }
          return(STATUS_UNSUCCESSFUL);
@@ -181,10 +181,9 @@
       KeBugCheck(MEMORY_MANAGEMENT);
    }
-   ExReleaseRundownProtection(&Process->RundownProtect);
-
    if (Address < MmSystemRangeStart)
    {
+      ExReleaseRundownProtection(&Process->RundownProtect);
       ObDereferenceObject(Process);
    }
    return(Status);

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [sir_richard] 48921: [NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actual...