Author: sir_richard Date: Tue Oct 19 18:57:30 2010 New Revision: 49209 URL: http://svn.reactos.org/svn/reactos?rev=49209&view=rev Log: [NTOS]: Fix multiple math/logic bugs in the PrototypePTE paths. Caught while trying to switch the Win32k GDI Handle Table to ARM3 sections. Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/miarm.h?r… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] Tue Oct 19 18:57:30 2010 @@ -241,7 +241,7 @@ // #define MiProtoPteToPte(x) \ (PMMPTE)((ULONG_PTR)MmPagedPoolStart + \ - ((x)->u.Proto.ProtoAddressHigh | (x)->u.Proto.ProtoAddressLow)) + (((x)->u.Proto.ProtoAddressHigh << 7) | (x)->u.Proto.ProtoAddressLow)) #endif // @@ -624,10 +624,11 @@ * lets us only use 28 bits for the adress of the PTE */ Offset = (ULONG_PTR)PointerPte - (ULONG_PTR)MmPagedPoolStart; - + /* 7 bits go in the "low", and the other 21 bits go in the "high" */ NewPte->u.Proto.ProtoAddressLow = Offset & 0x7F; - NewPte->u.Proto.ProtoAddressHigh = Offset & 0xFFFFF80; + NewPte->u.Proto.ProtoAddressHigh = (Offset & 0xFFFFFF80) >> 7; + ASSERT(MiProtoPteToPte(NewPte) == PointerPte); } #endif Modified: trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pagfault.… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pagfault.c [iso-8859-1] Tue Oct 19 18:57:30 2010 @@ -805,21 +805,23 @@ /* Get the prototype PTE! */ ProtoPte = MiProtoPteToPte(&TempPte); } - - // - // We don't implement transition PTEs - // - ASSERT(TempPte.u.Soft.Transition == 0); - - /* Check for no-access PTE */ - if (TempPte.u.Soft.Protection == MM_NOACCESS) - { - /* Bad boy, bad boy, whatcha gonna do, whatcha gonna do when ARM3 comes for you! */ - KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA, - (ULONG_PTR)Address, - StoreInstruction, - (ULONG_PTR)TrapInformation, - 1); + else + { + // + // We don't implement transition PTEs + // + ASSERT(TempPte.u.Soft.Transition == 0); + + /* Check for no-access PTE */ + if (TempPte.u.Soft.Protection == MM_NOACCESS) + { + /* Bad boy, bad boy, whatcha gonna do, whatcha gonna do when ARM3 comes for you! */ + KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA, + (ULONG_PTR)Address, + StoreInstruction, + (ULONG_PTR)TrapInformation, + 1); + } } /* Check for demand page */ @@ -874,8 +876,6 @@ #endif /* First things first, is the PDE valid? */ -// DPRINT1("The PDE we faulted on: %lx %lx\n", PointerPde, MiAddressToPde(PTE_BASE)); - //ASSERT(PointerPde != MiAddressToPde(PTE_BASE)); ASSERT(PointerPde->u.Hard.LargePage == 0); if (PointerPde->u.Hard.Valid == 0) { @@ -918,7 +918,6 @@ if (TempPte.u.Long == (MM_READWRITE << MM_PTE_SOFTWARE_PROTECTION_BITS)) { /* Resolve the fault */ - //DPRINT1("VAD demand-zero fault: %p\n", Address); MiResolveDemandZeroFault(Address, PointerPte, CurrentProcess,