Fri Feb 19 18:45:10 CET 2010

Author: sir_richard
Date: Fri Feb 19 18:45:10 2010
New Revision: 45620

URL: http://svn.reactos.org/svn/reactos?rev=45620&view=rev
Log:
[NTOS]: Fix off-by-one error in MDL locking which caused the last PFN not to be referenced if it was part of a locked MDL, because it was assumed to be "higher than the last PFN". This further caused the entire MDL to be incorrectly treated as an I/O space mapping. Later, when unlocked, the last PFN's reference count would drop to 0, and the virtual memory range that had been locked would now be using a freed page, that would get re-used later. Noticed this bug because my WC changes allocation strategies to increase the chance of pages at the end to be used, ans the last PFN was being used a lot due to this.

Modified:
    trunk/reactos/ntoskrnl/mm/ARM3/mdlsup.c

Modified: trunk/reactos/ntoskrnl/mm/ARM3/mdlsup.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/mdlsup.c?rev=45620&r1=45619&r2=45620&view=diff
==============================================================================

--- trunk/reactos/ntoskrnl/mm/ARM3/mdlsup.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/mdlsup.c [iso-8859-1] Fri Feb 19 18:45:10 2010
@@ -954,7 +954,7 @@
         // Grab the PFN
         //
         PageFrameIndex = PFN_FROM_PTE(PointerPte);
-        if (PageFrameIndex < MmHighestPhysicalPage)
+        if (PageFrameIndex <= MmHighestPhysicalPage)
         {
             //
             // Get the PFN entry


