Author: tfaber Date: Sat Sep 5 14:39:40 2015 New Revision: 69031 URL: http://svn.reactos.org/svn/reactos?rev=69031&view=rev Log: [NTOS:MM] - Use MmExpansionLock to synchronize changes to MmProcessList. Should fix random crashes in MmDeleteProcessAddressSpace. CORE-10111 #resolve Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h trunk/reactos/ntoskrnl/mm/ARM3/procsup.c trunk/reactos/ntoskrnl/mm/ARM3/session.c trunk/reactos/ntoskrnl/mm/marea.c Modified: trunk/reactos/ntoskrnl/mm/ARM3/miarm.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/miarm.h?r… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/miarm.h [iso-8859-1] Sat Sep 5 14:39:40 2015 @@ -634,6 +634,8 @@ extern ULONG_PTR MmSubsectionBase; extern LARGE_INTEGER MmCriticalSectionTimeout; extern LIST_ENTRY MmWorkingSetExpansionHead; +extern KSPIN_LOCK MmExpansionLock; +extern PETHREAD MiExpansionLockOwner; FORCEINLINE BOOLEAN @@ -1328,6 +1330,29 @@ /* Reacquire unsafely */ MiLockProcessWorkingSetUnsafe(Process, Thread); } +} + +FORCEINLINE +KIRQL +MiAcquireExpansionLock(VOID) +{ + KIRQL OldIrql; + + ASSERT(KeGetCurrentIrql() <= APC_LEVEL); + KeAcquireSpinLock(&MmExpansionLock, &OldIrql); + ASSERT(MiExpansionLockOwner == NULL); + MiExpansionLockOwner = PsGetCurrentThread(); + return OldIrql; +} + +FORCEINLINE +VOID +MiReleaseExpansionLock(KIRQL OldIrql) +{ + ASSERT(MiExpansionLockOwner == PsGetCurrentThread()); + MiExpansionLockOwner = NULL; + KeReleaseSpinLock(&MmExpansionLock, OldIrql); + ASSERT(KeGetCurrentIrql() <= APC_LEVEL); } // Modified: trunk/reactos/ntoskrnl/mm/ARM3/procsup.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/procsup.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/procsup.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/procsup.c [iso-8859-1] Sat Sep 5 14:39:40 2015 @@ -1178,7 +1178,9 @@ Pfn1->PteAddress = (PMMPTE)PDE_BASE; /* Insert us into the Mm process list */ + OldIrql = MiAcquireExpansionLock(); InsertTailList(&MmProcessList, &Process->MmProcessLinks); + MiReleaseExpansionLock(OldIrql); /* Get a PTE to map the page directory */ PointerPte = MiReserveSystemPtes(1, SystemPteSpace); Modified: trunk/reactos/ntoskrnl/mm/ARM3/session.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/session.c… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/session.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/session.c [iso-8859-1] Sat Sep 5 14:39:40 2015 @@ -34,29 +34,6 @@ /* PRIVATE FUNCTIONS **********************************************************/ - -FORCEINLINE -KIRQL -MiAcquireExpansionLock(VOID) -{ - KIRQL OldIrql; - - ASSERT(KeGetCurrentIrql() <= APC_LEVEL); - KeAcquireSpinLock(&MmExpansionLock, &OldIrql); - ASSERT(MiExpansionLockOwner == NULL); - MiExpansionLockOwner = PsGetCurrentThread(); - return OldIrql; -} - -FORCEINLINE -VOID -MiReleaseExpansionLock(KIRQL OldIrql) -{ - ASSERT(MiExpansionLockOwner == PsGetCurrentThread()); - MiExpansionLockOwner = NULL; - KeReleaseSpinLock(&MmExpansionLock, OldIrql); - ASSERT(KeGetCurrentIrql() <= APC_LEVEL); -} VOID NTAPI Modified: trunk/reactos/ntoskrnl/mm/marea.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/marea.c?rev=69… ============================================================================== --- trunk/reactos/ntoskrnl/mm/marea.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/marea.c [iso-8859-1] Sat Sep 5 14:39:40 2015 @@ -575,13 +575,16 @@ NTAPI MmDeleteProcessAddressSpace(PEPROCESS Process) { + KIRQL OldIrql; PVOID Address; DPRINT("MmDeleteProcessAddressSpace(Process %p (%s))\n", Process, Process->ImageFileName); #ifndef _M_AMD64 + OldIrql = MiAcquireExpansionLock(); RemoveEntryList(&Process->MmProcessLinks); + MiReleaseExpansionLock(OldIrql); #endif MmLockAddressSpace(&Process->Vm);