Author: hpoussin
Date: Sun Aug 31 10:52:56 2008
New Revision: 35835
URL:
http://svn.reactos.org/svn/reactos?rev=35835&view=rev
Log:
Check if tags match in ExFreePoolWithTag
Check if provided tag is valid in ExAllocatePoolWithTag
Add lots of BugCheck(BAD_POOL_CALLER)
Modified:
trunk/reactos/ntoskrnl/mm/npool.c
trunk/reactos/ntoskrnl/mm/pool.c
trunk/reactos/ntoskrnl/mm/ppool.c
Modified: trunk/reactos/ntoskrnl/mm/npool.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/npool.c?rev=35…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/npool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/npool.c [iso-8859-1] Sun Aug 31 10:52:56 2008
@@ -1556,14 +1556,12 @@
{
if (blk->hdr.Magic == BLOCK_HDR_FREE_MAGIC)
{
- DbgPrint("ExFreePool of already freed address %x\n", block);
+ KeBugCheckEx(BAD_POOL_CALLER, 0x07, 0, (ULONG_PTR)blk, (ULONG_PTR)block);
}
else
{
- DbgPrint("ExFreePool of non-allocated address %x (magic %x)\n",
- block, blk->hdr.Magic);
- }
- ASSERT(FALSE);
+ KeBugCheckEx(BAD_POOL_CALLER, 0x46, (ULONG_PTR)block, 0, 0);
+ }
return;
}
@@ -1682,6 +1680,12 @@
block = (PVOID)((ULONG_PTR)best + HDR_USED_SIZE);
/* RtlZeroMemory(block, Size);*/
return(block);
+}
+
+ULONG NTAPI
+EiGetNonPagedPoolTag(PVOID Block)
+{
+ return ((HDR_USED*)((ULONG_PTR)Block - HDR_USED_SIZE))->Tag;
}
VOID
Modified: trunk/reactos/ntoskrnl/mm/pool.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/pool.c?rev=358…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/pool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/pool.c [iso-8859-1] Sun Aug 31 10:52:56 2008
@@ -21,6 +21,12 @@
/* FUNCTIONS ***************************************************************/
+ULONG NTAPI
+EiGetPagedPoolTag(IN PVOID Block);
+
+ULONG NTAPI
+EiGetNonPagedPoolTag(IN PVOID Block);
+
static PVOID STDCALL
EiAllocatePool(POOL_TYPE PoolType,
ULONG NumberOfBytes,
@@ -28,22 +34,39 @@
PVOID Caller)
{
PVOID Block;
-
- /* FIXME: Handle SESSION_POOL_MASK, VERIFIER_POOL_MASK, QUOTA_POOL_MASK */
- if (PoolType & PAGED_POOL_MASK)
- {
- Block = ExAllocatePagedPoolWithTag(PoolType,NumberOfBytes,Tag);
- }
- else
- {
- Block = ExAllocateNonPagedPoolWithTag(PoolType,NumberOfBytes,Tag,Caller);
- }
-
- if ((PoolType & MUST_SUCCEED_POOL_MASK) && Block==NULL)
- {
- KeBugCheck(MUST_SUCCEED_POOL_EMPTY);
- }
- return(Block);
+ PCHAR TagChars = (PCHAR)&Tag;
+
+ if (NumberOfBytes == 0)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x00, 0, PoolType, Tag);
+ if (Tag == 0)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x9b, PoolType, NumberOfBytes, (ULONG_PTR)Caller);
+ if (Tag == TAG('B','I','G',0))
+ KeBugCheckEx(BAD_POOL_CALLER, 0x9c, PoolType, NumberOfBytes, (ULONG_PTR)Caller);
+
+#define IS_LETTER_OR_DIGIT(c) (((c) >= 'a' && (c) <= 'z')
|| ((c) >= 'A' && (c) <= 'Z') || ((c) >= '0'
&& (c) <= '9'))
+ if (!IS_LETTER_OR_DIGIT(TagChars[0]) &&
+ !IS_LETTER_OR_DIGIT(TagChars[1]) &&
+ !IS_LETTER_OR_DIGIT(TagChars[2]) &&
+ !IS_LETTER_OR_DIGIT(TagChars[3]))
+ KeBugCheckEx(BAD_POOL_CALLER, 0x9d, Tag, PoolType, (ULONG_PTR)Caller);
+
+ /* FIXME: Handle SESSION_POOL_MASK, VERIFIER_POOL_MASK, QUOTA_POOL_MASK */
+ if (PoolType & PAGED_POOL_MASK)
+ {
+ if (KeGetCurrentIrql() > APC_LEVEL)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x08, KeGetCurrentIrql(), PoolType, Tag);
+ Block = ExAllocatePagedPoolWithTag(PoolType, NumberOfBytes, Tag);
+ }
+ else
+ {
+ if (KeGetCurrentIrql() > DISPATCH_LEVEL)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x08, KeGetCurrentIrql(), PoolType, Tag);
+ Block = ExAllocateNonPagedPoolWithTag(PoolType, NumberOfBytes, Tag, Caller);
+ }
+
+ if ((PoolType & MUST_SUCCEED_POOL_MASK) && !Block)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x9a, PoolType, NumberOfBytes, Tag);
+ return Block;
}
/*
@@ -222,29 +245,40 @@
* @implemented
*/
#undef ExFreePool
-VOID STDCALL
+VOID NTAPI
ExFreePool(IN PVOID Block)
{
- ASSERT_IRQL_LESS_OR_EQUAL(DISPATCH_LEVEL);
-
- if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase +
MmPagedPoolSize))
- {
- ExFreePagedPool(Block);
- }
- else
- {
- ExFreeNonPagedPool(Block);
- }
-}
-
-/*
- * @implemented
- */
-VOID STDCALL
+ if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase
+ MmPagedPoolSize))
+ {
+ if (KeGetCurrentIrql() > APC_LEVEL)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x09, KeGetCurrentIrql(), PagedPool,
(ULONG_PTR)Block);
+ ExFreePagedPool(Block);
+ }
+ else
+ {
+ if (KeGetCurrentIrql() > DISPATCH_LEVEL)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x09, KeGetCurrentIrql(), NonPagedPool,
(ULONG_PTR)Block);
+ ExFreeNonPagedPool(Block);
+ }
+}
+
+/*
+ * @implemented
+ */
+VOID NTAPI
ExFreePoolWithTag(IN PVOID Block, IN ULONG Tag)
{
- /* FIXME: Validate the tag */
- ExFreePool(Block);
+ ULONG BlockTag;
+
+ if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase
+ MmPagedPoolSize))
+ BlockTag = EiGetPagedPoolTag(Block);
+ else
+ BlockTag = EiGetNonPagedPoolTag(Block);
+
+ if (BlockTag != Tag)
+ KeBugCheckEx(BAD_POOL_CALLER, 0x0a, (ULONG_PTR)Block, BlockTag, Tag);
+
+ ExFreePool(Block);
}
/*
Modified: trunk/reactos/ntoskrnl/mm/ppool.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ppool.c?rev=35…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ppool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ppool.c [iso-8859-1] Sun Aug 31 10:52:56 2008
@@ -103,6 +103,12 @@
RPoolFree ( MmPagedPool, Block );
}
+ULONG NTAPI
+EiGetPagedPoolTag(IN PVOID Block)
+{
+ return RBodyToHdr(Block)->Tag;
+}
+
#ifdef PPOOL_UMODE_TEST