Author: sir_richard
Date: Tue Sep 28 16:44:18 2010
New Revision: 48921
URL:
http://svn.reactos.org/svn/reactos?rev=48921&view=rev
Log:
[NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise
process is NULL. Only attempt to acquire the process rundown lock if a process actually
exists. Fixes crashes caused by 48905.
Modified:
trunk/reactos/ntoskrnl/mm/rmap.c
Modified: trunk/reactos/ntoskrnl/mm/rmap.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/rmap.c?rev=489…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] Tue Sep 28 16:44:18 2010
@@ -75,12 +75,6 @@
}
Process = entry->Process;
- if (!ExAcquireRundownProtection(&Process->RundownProtect))
- {
- ExReleaseFastMutex(&RmapListLock);
- return STATUS_PROCESS_IS_TERMINATING;
- }
-
Address = entry->Address;
if ((((ULONG_PTR)Address) & 0xFFF) != 0)
{
@@ -89,6 +83,12 @@
if (Address < MmSystemRangeStart)
{
+ if (!ExAcquireRundownProtection(&Process->RundownProtect))
+ {
+ ExReleaseFastMutex(&RmapListLock);
+ return STATUS_PROCESS_IS_TERMINATING;
+ }
+
Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL,
KernelMode);
ExReleaseFastMutex(&RmapListLock);
if (!NT_SUCCESS(Status))
@@ -109,9 +109,9 @@
if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
{
MmUnlockAddressSpace(AddressSpace);
- ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
+ ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@@ -131,9 +131,9 @@
if (PageOp == NULL)
{
MmUnlockAddressSpace(AddressSpace);
- ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
+ ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@@ -157,9 +157,9 @@
if (PageOp == NULL)
{
MmUnlockAddressSpace(AddressSpace);
- ExReleaseRundownProtection(&Process->RundownProtect);
if (Address < MmSystemRangeStart)
{
+ ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(STATUS_UNSUCCESSFUL);
@@ -181,10 +181,9 @@
KeBugCheck(MEMORY_MANAGEMENT);
}
- ExReleaseRundownProtection(&Process->RundownProtect);
-
if (Address < MmSystemRangeStart)
{
+ ExReleaseRundownProtection(&Process->RundownProtect);
ObDereferenceObject(Process);
}
return(Status);