[ros-diffs] [reactos] 06/09: [NTOS:MM] Fix MmFreeMemoryArea

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=601bb49c0d276447fd643… commit 601bb49c0d276447fd6435a8f70cc0f190db681a Author: Timo Kreuzer &lt;timo.kreuzer(a)reactos.org&gt; AuthorDate: Mon Oct 9 22:24:01 2023 +0300 Commit: Timo Kreuzer &lt;timo.kreuzer(a)reactos.org&gt; CommitDate: Tue Oct 24 21:45:27 2023 +0300 [NTOS:MM] Fix MmFreeMemoryArea - Stay attached while deleting the VAD node - Acquire the appropriate working set lock when deleting a VAD node - Both are needed for locking correctness --- ntoskrnl/mm/marea.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/ntoskrnl/mm/marea.c b/ntoskrnl/mm/marea.c index ab8bff4a18e..281226c4afc 100644 --- a/ntoskrnl/mm/marea.c +++ b/ntoskrnl/mm/marea.c @@ -300,8 +300,7 @@ MmFreeMemoryArea( PEPROCESS CurrentProcess = PsGetCurrentProcess(); PEPROCESS Process = MmGetAddressSpaceOwner(AddressSpace); - if (Process != NULL && - Process != CurrentProcess) + if ((Process != NULL) && (Process != CurrentProcess)) { KeAttachProcess(&Process->Pcb); } @@ -337,12 +336,6 @@ MmFreeMemoryArea( } } - if (Process != NULL && - Process != CurrentProcess) - { - KeDetachProcess(); - } - //if (MemoryArea->VadNode.StartingVpn < (ULONG_PTR)MmSystemRangeStart >> PAGE_SHIFT if (MemoryArea->Vad) { @@ -357,14 +350,23 @@ MmFreeMemoryArea( ASSERT(MemoryArea->VadNode.u.VadFlags.Spare != 0); if (((PMMVAD)MemoryArea->Vad)->u.VadFlags.Spare == 1) { + MiLockProcessWorkingSet(PsGetCurrentProcess(), PsGetCurrentThread()); MiRemoveNode((PMMADDRESS_NODE)&MemoryArea->VadNode, &Process->VadRoot); + MiUnlockProcessWorkingSet(PsGetCurrentProcess(), PsGetCurrentThread()); } MemoryArea->Vad = NULL; } else { + MiLockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs); MiRemoveNode((PMMADDRESS_NODE)&MemoryArea->VadNode, &MiRosKernelVadRoot); + MiUnlockWorkingSet(PsGetCurrentThread(), &MmSystemCacheWs); + } + + if ((Process != NULL) && (Process != CurrentProcess)) + { + KeDetachProcess(); } }