[ros-diffs] [sir_richard] 48921: [NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actual...

sir_richard at svn.reactos.org sir_richard at svn.reactos.org
Tue Sep 28 16:44:18 UTC 2010


Author: sir_richard
Date: Tue Sep 28 16:44:18 2010
New Revision: 48921

URL: http://svn.reactos.org/svn/reactos?rev=48921&view=rev
Log:
[NTOS]: The RMAP entry only has a valid process if the address is in user-space, otherwise process is NULL. Only attempt to acquire the process rundown lock if a process actually exists. Fixes crashes caused by 48905.

Modified:
    trunk/reactos/ntoskrnl/mm/rmap.c

Modified: trunk/reactos/ntoskrnl/mm/rmap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/rmap.c?rev=48921&r1=48920&r2=48921&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/rmap.c [iso-8859-1] Tue Sep 28 16:44:18 2010
@@ -75,12 +75,6 @@
    }
    Process = entry->Process;
 
-   if (!ExAcquireRundownProtection(&Process->RundownProtect))
-   {
-      ExReleaseFastMutex(&RmapListLock);
-      return STATUS_PROCESS_IS_TERMINATING;
-   }
-
    Address = entry->Address;
    if ((((ULONG_PTR)Address) & 0xFFF) != 0)
    {
@@ -89,6 +83,12 @@
 
    if (Address < MmSystemRangeStart)
    {
+       if (!ExAcquireRundownProtection(&Process->RundownProtect))
+       {
+          ExReleaseFastMutex(&RmapListLock);
+          return STATUS_PROCESS_IS_TERMINATING;
+       }
+
       Status = ObReferenceObjectByPointer(Process, PROCESS_ALL_ACCESS, NULL, KernelMode);
       ExReleaseFastMutex(&RmapListLock);
       if (!NT_SUCCESS(Status))
@@ -109,9 +109,9 @@
    if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
    {
       MmUnlockAddressSpace(AddressSpace);
-      ExReleaseRundownProtection(&Process->RundownProtect);
       if (Address < MmSystemRangeStart)
       {
+         ExReleaseRundownProtection(&Process->RundownProtect);
          ObDereferenceObject(Process);
       }
       return(STATUS_UNSUCCESSFUL);
@@ -131,9 +131,9 @@
       if (PageOp == NULL)
       {
          MmUnlockAddressSpace(AddressSpace);
-         ExReleaseRundownProtection(&Process->RundownProtect);
          if (Address < MmSystemRangeStart)
          {
+            ExReleaseRundownProtection(&Process->RundownProtect);
             ObDereferenceObject(Process);
          }
          return(STATUS_UNSUCCESSFUL);
@@ -157,9 +157,9 @@
       if (PageOp == NULL)
       {
          MmUnlockAddressSpace(AddressSpace);
-         ExReleaseRundownProtection(&Process->RundownProtect);
          if (Address < MmSystemRangeStart)
          {
+            ExReleaseRundownProtection(&Process->RundownProtect);
             ObDereferenceObject(Process);
          }
          return(STATUS_UNSUCCESSFUL);
@@ -181,10 +181,9 @@
       KeBugCheck(MEMORY_MANAGEMENT);
    }
 
-   ExReleaseRundownProtection(&Process->RundownProtect);
-
    if (Address < MmSystemRangeStart)
    {
+      ExReleaseRundownProtection(&Process->RundownProtect);
       ObDereferenceObject(Process);
    }
    return(Status);




More information about the Ros-diffs mailing list