Author: hpoussin Date: Sun Aug 31 10:52:56 2008 New Revision: 35835

URL: http://svn.reactos.org/svn/reactos?rev=35835&view=rev Log: Check if tags match in ExFreePoolWithTag Check if provided tag is valid in ExAllocatePoolWithTag Add lots of BugCheck(BAD_POOL_CALLER)

Modified: trunk/reactos/ntoskrnl/mm/npool.c trunk/reactos/ntoskrnl/mm/pool.c trunk/reactos/ntoskrnl/mm/ppool.c

Modified: trunk/reactos/ntoskrnl/mm/npool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/npool.c?rev=358... ============================================================================== --- trunk/reactos/ntoskrnl/mm/npool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/npool.c [iso-8859-1] Sun Aug 31 10:52:56 2008 @@ -1556,14 +1556,12 @@ { if (blk->hdr.Magic == BLOCK_HDR_FREE_MAGIC) { - DbgPrint("ExFreePool of already freed address %x\n", block); + KeBugCheckEx(BAD_POOL_CALLER, 0x07, 0, (ULONG_PTR)blk, (ULONG_PTR)block); } else { - DbgPrint("ExFreePool of non-allocated address %x (magic %x)\n", - block, blk->hdr.Magic); - } - ASSERT(FALSE); + KeBugCheckEx(BAD_POOL_CALLER, 0x46, (ULONG_PTR)block, 0, 0); + } return; }

@@ -1682,6 +1680,12 @@ block = (PVOID)((ULONG_PTR)best + HDR_USED_SIZE); /* RtlZeroMemory(block, Size);*/ return(block); +} + +ULONG NTAPI +EiGetNonPagedPoolTag(PVOID Block) +{ + return ((HDR_USED*)((ULONG_PTR)Block - HDR_USED_SIZE))->Tag; }

VOID

Modified: trunk/reactos/ntoskrnl/mm/pool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/pool.c?rev=3583... ============================================================================== --- trunk/reactos/ntoskrnl/mm/pool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/pool.c [iso-8859-1] Sun Aug 31 10:52:56 2008 @@ -21,6 +21,12 @@

/* FUNCTIONS ***************************************************************/

+ULONG NTAPI +EiGetPagedPoolTag(IN PVOID Block); + +ULONG NTAPI +EiGetNonPagedPoolTag(IN PVOID Block); + static PVOID STDCALL EiAllocatePool(POOL_TYPE PoolType, ULONG NumberOfBytes, @@ -28,22 +34,39 @@ PVOID Caller) { PVOID Block; - - /* FIXME: Handle SESSION_POOL_MASK, VERIFIER_POOL_MASK, QUOTA_POOL_MASK */ - if (PoolType & PAGED_POOL_MASK) - { - Block = ExAllocatePagedPoolWithTag(PoolType,NumberOfBytes,Tag); - } - else - { - Block = ExAllocateNonPagedPoolWithTag(PoolType,NumberOfBytes,Tag,Caller); - } - - if ((PoolType & MUST_SUCCEED_POOL_MASK) && Block==NULL) - { - KeBugCheck(MUST_SUCCEED_POOL_EMPTY); - } - return(Block); + PCHAR TagChars = (PCHAR)&Tag; + + if (NumberOfBytes == 0) + KeBugCheckEx(BAD_POOL_CALLER, 0x00, 0, PoolType, Tag); + if (Tag == 0) + KeBugCheckEx(BAD_POOL_CALLER, 0x9b, PoolType, NumberOfBytes, (ULONG_PTR)Caller); + if (Tag == TAG('B','I','G',0)) + KeBugCheckEx(BAD_POOL_CALLER, 0x9c, PoolType, NumberOfBytes, (ULONG_PTR)Caller); + +#define IS_LETTER_OR_DIGIT(c) (((c) >= 'a' && (c) <= 'z') || ((c) >= 'A' && (c) <= 'Z') || ((c) >= '0' && (c) <= '9')) + if (!IS_LETTER_OR_DIGIT(TagChars[0]) && + !IS_LETTER_OR_DIGIT(TagChars[1]) && + !IS_LETTER_OR_DIGIT(TagChars[2]) && + !IS_LETTER_OR_DIGIT(TagChars[3])) + KeBugCheckEx(BAD_POOL_CALLER, 0x9d, Tag, PoolType, (ULONG_PTR)Caller); + + /* FIXME: Handle SESSION_POOL_MASK, VERIFIER_POOL_MASK, QUOTA_POOL_MASK */ + if (PoolType & PAGED_POOL_MASK) + { + if (KeGetCurrentIrql() > APC_LEVEL) + KeBugCheckEx(BAD_POOL_CALLER, 0x08, KeGetCurrentIrql(), PoolType, Tag); + Block = ExAllocatePagedPoolWithTag(PoolType, NumberOfBytes, Tag); + } + else + { + if (KeGetCurrentIrql() > DISPATCH_LEVEL) + KeBugCheckEx(BAD_POOL_CALLER, 0x08, KeGetCurrentIrql(), PoolType, Tag); + Block = ExAllocateNonPagedPoolWithTag(PoolType, NumberOfBytes, Tag, Caller); + } + + if ((PoolType & MUST_SUCCEED_POOL_MASK) && !Block) + KeBugCheckEx(BAD_POOL_CALLER, 0x9a, PoolType, NumberOfBytes, Tag); + return Block; }

/* @@ -222,29 +245,40 @@ * @implemented */ #undef ExFreePool -VOID STDCALL +VOID NTAPI ExFreePool(IN PVOID Block) { - ASSERT_IRQL_LESS_OR_EQUAL(DISPATCH_LEVEL); - - if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase + MmPagedPoolSize)) - { - ExFreePagedPool(Block); - } - else - { - ExFreeNonPagedPool(Block); - } -} - -/* - * @implemented - */ -VOID STDCALL + if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase + MmPagedPoolSize)) + { + if (KeGetCurrentIrql() > APC_LEVEL) + KeBugCheckEx(BAD_POOL_CALLER, 0x09, KeGetCurrentIrql(), PagedPool, (ULONG_PTR)Block); + ExFreePagedPool(Block); + } + else + { + if (KeGetCurrentIrql() > DISPATCH_LEVEL) + KeBugCheckEx(BAD_POOL_CALLER, 0x09, KeGetCurrentIrql(), NonPagedPool, (ULONG_PTR)Block); + ExFreeNonPagedPool(Block); + } +} + +/* + * @implemented + */ +VOID NTAPI ExFreePoolWithTag(IN PVOID Block, IN ULONG Tag) { - /* FIXME: Validate the tag */ - ExFreePool(Block); + ULONG BlockTag; + + if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase + MmPagedPoolSize)) + BlockTag = EiGetPagedPoolTag(Block); + else + BlockTag = EiGetNonPagedPoolTag(Block); + + if (BlockTag != Tag) + KeBugCheckEx(BAD_POOL_CALLER, 0x0a, (ULONG_PTR)Block, BlockTag, Tag); + + ExFreePool(Block); }

/*

Modified: trunk/reactos/ntoskrnl/mm/ppool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ppool.c?rev=358... ============================================================================== --- trunk/reactos/ntoskrnl/mm/ppool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ppool.c [iso-8859-1] Sun Aug 31 10:52:56 2008 @@ -103,6 +103,12 @@ RPoolFree ( MmPagedPool, Block ); }

+ULONG NTAPI +EiGetPagedPoolTag(IN PVOID Block) +{ + return RBodyToHdr(Block)->Tag; +} +

#ifdef PPOOL_UMODE_TEST