Include dependency graph for pagfault.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | MODULE_INVOLVED_IN_ARM3 |
| #define | HYDRA_PROCESS (PEPROCESS)1 |
| #define | _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7) |
Macro Definition Documentation
◆ _BYTE_MASK
| #define _BYTE_MASK | ( | Bit0, | |
| Bit1, | |||
| Bit2, | |||
| Bit3, | |||
| Bit4, | |||
| Bit5, | |||
| Bit6, | |||
| Bit7 | |||
| ) |
Value:
(Bit0) | ((Bit1) << 1) | ((Bit2) << 2) | ((Bit3) << 3) | \
((Bit4) << 4) | ((Bit5) << 5) | ((Bit6) << 6) | ((Bit7) << 7)
◆ HYDRA_PROCESS
Definition at line 20 of file pagfault.c.
◆ MODULE_INVOLVED_IN_ARM3
| #define MODULE_INVOLVED_IN_ARM3 |
Definition at line 15 of file pagfault.c.
◆ NDEBUG
| #define NDEBUG |
Definition at line 12 of file pagfault.c.
Function Documentation
◆ MiAccessCheck()
|
static |
Definition at line 168 of file pagfault.c.
174{
176
177 /* Check for invalid user-mode access */
179 {
181 }
182
183 /* Capture the PTE -- is it valid? */
184 TempPte = *PointerPte;
186 {
187 /* Was someone trying to write to it? */
188 if (StoreInstruction)
189 {
190 /* Is it writable?*/
193 {
194 /* Then there's nothing to worry about */
196 }
197
198 /* Oops! This isn't allowed */
200 }
201
202 /* Someone was trying to read from a valid PTE, that's fine too */
204 }
205
206 /* Check if the protection on the page allows what is being attempted */
208 {
210 }
211
212 /* Check if this is a guard page */
214 {
216
217 /* Attached processes can't expand their stack */
219
220 /* No support for prototype PTEs yet */
222
223 /* Remove the guard page bit, and return a guard page violation */
224 TempPte.u.Soft.Protection = ProtectionMask & ~MM_GUARDPAGE;
228 }
229
230 /* Nothing to do */
232}
FORCEINLINE VOID MI_WRITE_INVALID_PTE(IN PMMPTE PointerPte, IN MMPTE InvalidPte)
Definition: miarm.h:992
FORCEINLINE BOOLEAN MiIsAccessAllowed(_In_ ULONG ProtectionMask, _In_ BOOLEAN Write, _In_ BOOLEAN Execute)
Definition: pagfault.c:138
Definition: mmtypes.h:212
Referenced by MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiCheckForUserStackOverflow()
|
static |
Definition at line 30 of file pagfault.c.
32{
35 PVOID StackBase, DeallocationStack, NextStackAddress;
36 SIZE_T GuaranteedSize;
38
39 /* Do we own the address space lock? */
40 if (CurrentThread->AddressSpaceOwner == 1)
41 {
42 /* This isn't valid */
46 }
47
48 /* Are we attached? */
50 {
51 /* This isn't valid */
54 }
55
56 /* Read the current settings */
58 DeallocationStack = Teb->DeallocationStack;
59 GuaranteedSize = Teb->GuaranteedStackBytes;
61 StackBase, DeallocationStack, GuaranteedSize);
62
63 /* Guarantees make this code harder, for now, assume there aren't any */
64 ASSERT(GuaranteedSize == 0);
65
66 /* So allocate only the minimum guard page size */
67 GuaranteedSize = PAGE_SIZE;
68
69 /* Does this faulting stack address actually exist in the stack? */
71 {
72 /* That's odd... */
73 DPRINT1("Faulting address outside of stack bounds. Address=%p, StackBase=%p, DeallocationStack=%p\n",
74 Address, StackBase, DeallocationStack);
76 }
77
78 /* This is where the stack will start now */
80
81 /* Do we have at least one page between here and the end of the stack? */
83 {
84 /* We don't -- Trying to make this guard page valid now */
86
87 /* Calculate the next memory address */
89
90 /* Allocate the memory */
92 &NextStackAddress,
93 0,
94 &GuaranteedSize,
95 MEM_COMMIT,
96 PAGE_READWRITE);
98 {
99 /* Success! */
101 }
102 else
103 {
105 }
106
108 }
109
110 /* Don't handle this flag yet */
112
113 /* Update the stack limit */
115
116 /* Now move the guard page to the next page */
118 &NextStackAddress,
119 0,
120 &GuaranteedSize,
121 MEM_COMMIT,
124 {
125 /* We did it! */
128 }
129
130 /* Fail, we couldn't move the guard page */
134}
Definition: nsiface.idl:2307
Definition: pstypes.h:1102
Definition: compat.h:836
#define PAGE_ALIGN(Va)
Referenced by MmArmAccessFault().
◆ MiCheckPdeForPagedPool()
Definition at line 475 of file pagfault.c.
Referenced by MiDeletePte(), MiInitializePfn(), MiInitializePfnAndMakePteValid(), and MmArmAccessFault().
◆ MiCheckVirtualAddress()
|
static |
Definition at line 237 of file pagfault.c.
240{
241 PMMVAD Vad;
242 PMMPTE PointerPte;
243
244 /* No prototype/section support for now */
245 *ProtoVad = NULL;
246
247 /* User or kernel fault? */
249 {
250 /* Special case for shared data */
252 {
253 /* It's a read-only page */
254 *ProtectCode = MM_READONLY;
256 }
257
258 /* Find the VAD, it might not exist if the address is bogus */
260 if (!Vad)
261 {
262 /* Bogus virtual address */
263 *ProtectCode = MM_NOACCESS;
265 }
266
267 /* ReactOS does not handle physical memory VADs yet */
269
270 /* Check if it's a section, or just an allocation */
272 {
273 /* ReactOS does not handle AWE VADs yet */
275
276 /* This must be a TEB/PEB VAD */
278 {
279 /* It's committed, so return the VAD protection */
281 }
282 else
283 {
284 /* It has not yet been committed, so return no access */
285 *ProtectCode = MM_NOACCESS;
286 }
287
288 /* In both cases, return no PTE */
290 }
291 else
292 {
293 /* ReactOS does not supoprt these VADs yet */
296
297 /* Return the proto VAD */
298 *ProtoVad = Vad;
299
300 /* Get the prototype PTE for this page */
301 PointerPte = (((ULONG_PTR)VirtualAddress >> PAGE_SHIFT) - Vad->StartingVpn) + Vad->FirstPrototypePte;
303 ASSERT(PointerPte <= Vad->LastContiguousPte);
304
305 /* Return the Prototype PTE and the protection for the page mapping */
307 return PointerPte;
308 }
309 }
311 {
312 /* This should never happen, as these addresses are handled by the double-maping */
315 {
316 /* Fail such access */
317 *ProtectCode = MM_NOACCESS;
319 }
320
321 /* Return full access rights */
322 *ProtectCode = MM_EXECUTE_READWRITE;
324 }
326 {
327 /* ReactOS does not have an image list yet, so bail out to failure case */
329 }
330
331 /* Default case -- failure */
332 *ProtectCode = MM_NOACCESS;
334}
struct _MMPTE * PMMPTE
Definition: mmtypes.h:718
union _MMVAD::@2589 u2
union _MMVAD::@2588 u
_Must_inspect_result_ _In_ WDFDMATRANSACTION _In_ PFN_WDF_PROGRAM_DMA _In_ WDF_DMA_DIRECTION _In_ PMDL _In_ PVOID VirtualAddress
Definition: wdfdmatransaction.h:189
Referenced by MmArmAccessFault().
◆ MiCompleteProtoPteFault()
|
static |
Definition at line 765 of file pagfault.c.
771{
773 PMMPTE OriginalPte, PageTablePte;
774 ULONG_PTR Protection;
775 PFN_NUMBER PageFrameIndex;
776 PMMPFN Pfn1, Pfn2;
777 BOOLEAN OriginalProtection, DirtyPage;
778
779 /* Must be called with an valid prototype PTE, with the PFN lock held */
780 MI_ASSERT_PFN_LOCK_HELD();
781 ASSERT(PointerProtoPte->u.Hard.Valid == 1);
782
783 /* Get the page */
784 PageFrameIndex = PFN_FROM_PTE(PointerProtoPte);
785
786 /* Get the PFN entry and set it as a prototype PTE */
787 Pfn1 = MiGetPfnEntry(PageFrameIndex);
789
790 /* Increment the share count for the page table */
791 PageTablePte = MiAddressToPte(PointerPte);
794
795 /* Check where we should be getting the protection information from */
797 {
798 /* Get the protection from the PTE, there's no real Proto PTE data */
799 Protection = PointerPte->u.Soft.Protection;
800
801 /* Remember that we did not use the proto protection */
802 OriginalProtection = FALSE;
803 }
804 else
805 {
806 /* Get the protection from the original PTE link */
807 OriginalPte = &Pfn1->OriginalPte;
809
810 /* Remember that we used the original protection */
811 OriginalProtection = TRUE;
812
813 /* Check if this was a write on a read only proto */
815 {
816 /* Clear the flag */
817 StoreInstruction = 0;
818 }
819 }
820
821 /* Check if this was a write on a non-COW page */
822 DirtyPage = FALSE;
824 {
825 /* Then the page should be marked dirty */
826 DirtyPage = TRUE;
827
828 /* ReactOS check */
830 }
831
832 /* Did we get a locked incoming PFN? */
833 if (*LockedProtoPfn)
834 {
835 /* Drop a reference */
836 ASSERT((*LockedProtoPfn)->u3.e2.ReferenceCount >= 1);
837 MiDereferencePfnAndDropLockCount(*LockedProtoPfn);
838 *LockedProtoPfn = NULL;
839 }
840
841 /* Release the PFN lock */
842 MiReleasePfnLock(OldIrql);
843
844 /* Remove special/caching bits */
845 Protection &= ~MM_PROTECT_SPECIAL;
846
847 /* Setup caching */
849 {
850 /* Write combining, no caching */
853 }
855 {
856 /* Write through, no caching */
859 }
860
861 /* Check if this is a kernel or user address */
863 {
864 /* Build the user PTE */
866 }
867 else
868 {
869 /* Build the kernel PTE */
871 }
872
873 /* Set the dirty flag if needed */
875
876 /* Write the PTE */
878
879 /* Reset the protection if needed */
881
882 /* Return success */
885}
FORCEINLINE VOID MI_MAKE_HARDWARE_PTE_USER(IN PMMPTE NewPte, IN PMMPTE MappingPte, IN ULONG_PTR ProtectionMask, IN PFN_NUMBER PageFrameNumber)
Definition: miarm.h:827
FORCEINLINE VOID MiDereferencePfnAndDropLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1615
FORCEINLINE VOID MI_MAKE_HARDWARE_PTE(IN PMMPTE NewPte, IN PMMPTE MappingPte, IN ULONG_PTR ProtectionMask, IN PFN_NUMBER PageFrameNumber)
Definition: miarm.h:807
FORCEINLINE VOID MI_WRITE_VALID_PTE(IN PMMPTE PointerPte, IN MMPTE TempPte)
Definition: miarm.h:959
union _MMPFN::@1772 u3
union _MMPFN::@1771 u2
union _MMPTE::@2307 u
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:792
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiCopyPfn()
| VOID NTAPI MiCopyPfn | ( | _In_ PFN_NUMBER | DestPage, |
| _In_ PFN_NUMBER | SrcPage | ||
| ) |
Definition at line 529 of file pagfault.c.
532{
533 PMMPTE SysPtes;
535 PMMPFN DestPfn, SrcPfn;
536 PVOID DestAddress;
538
539 /* Get the PFNs */
540 DestPfn = MiGetPfnEntry(DestPage);
541 ASSERT(DestPfn);
542 SrcPfn = MiGetPfnEntry(SrcPage);
543 ASSERT(SrcPfn);
544
545 /* Grab 2 system PTEs */
547 ASSERT(SysPtes);
548
549 /* Initialize the destination PTE */
552
553 /* Setup caching */
555 {
556 /* Write combining, no caching */
559 }
561 {
562 /* Write through, no caching */
565 }
566
567 /* Make the system PTE valid with our PFN */
569
570 /* Initialize the source PTE */
573
574 /* Setup caching */
576 {
578 }
579
580 /* Make the system PTE valid with our PFN */
582
583 /* Get the addresses and perform the copy */
584 DestAddress = MiPteToAddress(&SysPtes[0]);
585 SrcAddress = MiPteToAddress(&SysPtes[1]);
587
588 /* Now get rid of it */
590}
VOID NTAPI MiReleaseSystemPtes(IN PMMPTE StartingPte, IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPtePoolType)
Definition: syspte.c:264
PMMPTE NTAPI MiReserveSystemPtes(IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPtePoolType)
Definition: syspte.c:246
Referenced by MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiDispatchFault()
| NTSTATUS NTAPI MiDispatchFault | ( | IN ULONG | FaultCode, |
| IN PVOID | Address, | ||
| IN PMMPTE | PointerPte, | ||
| IN PMMPTE | PointerProtoPte, | ||
| IN BOOLEAN | Recursive, | ||
| IN PEPROCESS | Process, | ||
| IN PVOID | TrapInformation, | ||
| IN PMMVAD | Vad | ||
| ) |
Definition at line 1319 of file pagfault.c.
1327{
1331 PMMPTE SuperProtoPte;
1333 PFN_NUMBER PageFrameIndex;
1334 PFN_COUNT PteCount, ProcessedPtes;
1336 Address,
1337 Process);
1338
1339 /* Make sure the addresses are ok */
1341
1342 //
1343 // Make sure APCs are off and we're not at dispatch
1344 //
1348
1349 //
1350 // Grab a copy of the PTE
1351 //
1352 TempPte = *PointerPte;
1353
1354 /* Do we have a prototype PTE? */
1355 if (PointerProtoPte)
1356 {
1357 /* This should never happen */
1359
1360 /* Check if this is a kernel-mode address */
1361 SuperProtoPte = MiAddressToPte(PointerProtoPte);
1363 {
1364 /* Lock the PFN database */
1365 LockIrql = MiAcquirePfnLock();
1366
1367 /* Has the PTE been made valid yet? */
1369 {
1371 }
1372 else if (PointerPte->u.Hard.Valid == 1)
1373 {
1375 }
1376
1377 /* Resolve the fault -- this will release the PFN lock */
1379 Address,
1380 PointerPte,
1381 PointerProtoPte,
1382 &OutPfn,
1383 NULL,
1384 NULL,
1385 Process,
1386 LockIrql,
1387 TrapInformation);
1389
1390 /* Complete this as a transition fault */
1395 }
1396 else
1397 {
1398 /* We only handle the lookup path */
1400
1401 /* Is there a non-image VAD? */
1402 if ((Vad) &&
1403 (Vad->u.VadFlags.VadType != VadImageMap) &&
1404 !(Vad->u2.VadFlags2.ExtendableFile))
1405 {
1406 /* One day, ReactOS will cluster faults */
1409 }
1410
1411 /* Only one PTE to handle for now */
1412 PteCount = 1;
1413 ProcessedPtes = 0;
1414
1415 /* Lock the PFN database */
1416 LockIrql = MiAcquirePfnLock();
1417
1418 /* We only handle the valid path */
1420
1421 /* Capture the PTE */
1422 TempPte = *PointerProtoPte;
1423
1424 /* Loop to handle future case of clustered faults */
1426 {
1427 /* For our current usage, this should be true */
1429 {
1430 /* Bump the share count on the PTE */
1432 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1434 }
1436 (TempPte.u.Soft.Transition == 1))
1437 {
1438 /* This is a standby page, bring it back from the cache */
1441 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1443
1444 /* Should not yet happen in ReactOS */
1447
1448 /* Get the page */
1449 MiUnlinkPageFromList(Pfn1);
1450
1451 /* Bump its reference count */
1455
1456 /* Make it valid again */
1457 /* This looks like another macro.... */
1459 ASSERT(PointerProtoPte->u.Hard.Valid == 0);
1460 ASSERT(PointerProtoPte->u.Trans.Prototype == 0);
1461 ASSERT(PointerProtoPte->u.Trans.Transition == 1);
1462 TempPte.u.Long = (PointerProtoPte->u.Long & ~0xFFF) |
1463 MmProtectToPteMask[PointerProtoPte->u.Trans.Protection];
1466
1467 /* Is the PTE writeable? */
1471 {
1472 /* Make it dirty */
1474 }
1475 else
1476 {
1477 /* Make it clean */
1479 }
1480
1481 /* Write the valid PTE */
1483 ASSERT(PointerPte->u.Hard.Valid == 0);
1484 }
1485 else
1486 {
1487 /* Page is invalid, get out of the loop */
1488 break;
1489 }
1490
1491 /* One more done, was it the last? */
1492 if (++ProcessedPtes == PteCount)
1493 {
1494 /* Complete the fault */
1496 Address,
1497 PointerPte,
1498 PointerProtoPte,
1499 LockIrql,
1500 &OutPfn);
1501
1502 /* THIS RELEASES THE PFN LOCK! */
1503 break;
1504 }
1505
1506 /* No clustered faults yet */
1508 }
1509
1510 /* Did we resolve the fault? */
1511 if (ProcessedPtes)
1512 {
1513 /* Bump the transition count */
1515 ProcessedPtes--;
1516
1517 /* Loop all the processing we did */
1518 ASSERT(ProcessedPtes == 0);
1519
1520 /* Complete this as a transition fault */
1525 }
1526
1527 /* We did not -- PFN lock is still held, prepare to resolve prototype PTE fault */
1529 MiReferenceUsedPageAndBumpLockCount(OutPfn);
1531 ASSERT(PointerPte->u.Hard.Valid == 0);
1532
1533 /* Resolve the fault -- this will release the PFN lock */
1535 Address,
1536 PointerPte,
1537 PointerProtoPte,
1538 &OutPfn,
1539 NULL,
1540 NULL,
1541 Process,
1542 LockIrql,
1543 TrapInformation);
1544 //ASSERT(Status != STATUS_ISSUE_PAGING_IO);
1545 //ASSERT(Status != STATUS_REFAULT);
1546 //ASSERT(Status != STATUS_PTE_CHANGED);
1547
1548 /* Did the routine clean out the PFN or should we? */
1549 if (OutPfn)
1550 {
1551 /* We had a locked PFN, so acquire the PFN lock to dereference it */
1553 OldIrql = MiAcquirePfnLock();
1554
1555 /* Dereference the locked PFN */
1556 MiDereferencePfnAndDropLockCount(OutPfn);
1558
1559 /* And now release the lock */
1560 MiReleasePfnLock(OldIrql);
1561 }
1562
1563 /* Complete this as a transition fault */
1568 }
1569 }
1570
1571 /* Is this a transition PTE */
1573 {
1575 PKEVENT PreviousPageEvent;
1576 KEVENT CurrentPageEvent;
1577
1578 /* Lock the PFN database */
1579 LockIrql = MiAcquirePfnLock();
1580
1581 /* Resolve */
1582 Status = MiResolveTransitionFault(!MI_IS_NOT_PRESENT_FAULT(FaultCode), Address, PointerPte, Process, LockIrql, &InPageBlock);
1583
1585
1587 {
1588 /* Another thread is reading or writing this page. Put us into the waiting queue. */
1590 PreviousPageEvent = *InPageBlock;
1591 *InPageBlock = &CurrentPageEvent;
1592 }
1593
1594 /* And now release the lock and leave*/
1595 MiReleasePfnLock(LockIrql);
1596
1598 {
1600
1601 /* Let's the chain go on */
1602 if (PreviousPageEvent)
1603 {
1605 }
1606 }
1607
1612 }
1613
1614 /* Should we page the data back in ? */
1616 {
1617 /* Lock the PFN database */
1618 LockIrql = MiAcquirePfnLock();
1619
1620 /* Resolve */
1621 Status = MiResolvePageFileFault(!MI_IS_NOT_PRESENT_FAULT(FaultCode), Address, PointerPte, Process, &LockIrql);
1622
1623 /* And now release the lock and leave*/
1624 MiReleasePfnLock(LockIrql);
1625
1630 }
1631
1632 //
1633 // The PTE must be invalid but not completely empty. It must also not be a
1634 // prototype a transition or a paged-out PTE as those scenarii should've been handled above.
1635 // These are all Windows checks
1636 //
1642
1643 //
1644 // If we got this far, the PTE can only be a demand zero PTE, which is what
1645 // we want. Go handle it!
1646 //
1648 PointerPte,
1650 Process,
1651 MM_NOIRQL);
1654 {
1655#if MI_TRACE_PFNS
1656 /* Update debug info */
1657 if (TrapInformation)
1658 MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
1659 else
1661#endif
1662
1663 //
1664 // Make sure we're returning in a sane state and pass the status down
1665 //
1669 }
1670
1671 //
1672 // Generate an access fault
1673 //
1675}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
FORCEINLINE BOOLEAN MI_IS_PHYSICAL_ADDRESS(IN PVOID Address)
Definition: miarm.h:945
FORCEINLINE VOID MiReferenceUsedPageAndBumpLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1742
static NTSTATUS NTAPI MiResolveDemandZeroFault(IN PVOID Address, IN PMMPTE PointerPte, IN ULONG Protection, IN PEPROCESS Process, IN KIRQL OldIrql)
Definition: pagfault.c:595
static NTSTATUS NTAPI MiCompleteProtoPteFault(IN BOOLEAN StoreInstruction, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN KIRQL OldIrql, IN PMMPFN *LockedProtoPfn)
Definition: pagfault.c:765
static NTSTATUS NTAPI MiResolveTransitionFault(IN BOOLEAN StoreInstruction, IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN PEPROCESS CurrentProcess, IN KIRQL OldIrql, OUT PKEVENT **InPageBlock)
Definition: pagfault.c:978
static NTSTATUS NTAPI MiResolvePageFileFault(_In_ BOOLEAN StoreInstruction, _In_ PVOID FaultingAddress, _In_ PMMPTE PointerPte, _In_ PEPROCESS CurrentProcess, _Inout_ KIRQL *OldIrql)
Definition: pagfault.c:890
static NTSTATUS NTAPI MiResolveProtoPteFault(IN BOOLEAN StoreInstruction, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN OUT PMMPFN *OutPfn, OUT PVOID *PageFileData, OUT PMMPTE PteValue, IN PEPROCESS Process, IN KIRQL OldIrql, IN PVOID TrapInformation)
Definition: pagfault.c:1110
Definition: ketypes.h:799
Definition: ketypes.h:312
union _MMPFN::@1775 u4
struct _MMPFN::@1772::@1778 e2
Referenced by MmArmAccessFault().
◆ MiIsAccessAllowed()
| FORCEINLINE BOOLEAN MiIsAccessAllowed | ( | _In_ ULONG | ProtectionMask, |
| _In_ BOOLEAN | Write, | ||
| _In_ BOOLEAN | Execute | ||
| ) |
Definition at line 138 of file pagfault.c.
142{
143 #define _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7) \
144 (Bit0) | ((Bit1) << 1) | ((Bit2) << 2) | ((Bit3) << 3) | \
145 ((Bit4) << 4) | ((Bit5) << 5) | ((Bit6) << 6) | ((Bit7) << 7)
147 {
148 { // Protect 0 1 2 3 4 5 6 7
151 },
152 {
155 }
156 };
157
158 /* We want only the lower access bits */
159 ProtectionMask &= MM_PROTECT_ACCESS;
160
161 /* Look it up in the table */
163}
static INT Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
Definition: cmd.c:347
#define _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7)
Referenced by MiAccessCheck().
◆ MiResolveDemandZeroFault()
|
static |
Definition at line 595 of file pagfault.c.
600{
601 PFN_NUMBER PageFrameNumber = 0;
605 PMMPFN Pfn1;
607 Address,
608 Process);
609
610 /* Must currently only be called by paging path */
612 {
613 /* Sanity check */
615
616 /* No forking yet */
618
619 /* Get process color */
622
623 /* We'll need a zero page */
624 NeedZero = TRUE;
625 }
626 else
627 {
628 /* Check if we need a zero page */
630
631 /* Session-backed image views must be zeroed */
635 {
636 NeedZero = TRUE;
637 }
638
639 /* Hardcode unknown color */
640 Color = 0xFFFFFFFF;
641 }
642
643 /* Check if the PFN database should be acquired */
645 {
646 /* Acquire it and remember we should release it after */
647 OldIrql = MiAcquirePfnLock();
648 HaveLock = TRUE;
649 }
650
651 /* We either manually locked the PFN DB, or already came with it locked */
652 MI_ASSERT_PFN_LOCK_HELD();
653 ASSERT(PointerPte->u.Hard.Valid == 0);
654
655 /* Assert we have enough pages */
657
658#if MI_TRACE_PFNS
661#endif
665
666 /* Do we need a zero page? */
668 {
669 /* Try to get one, if we couldn't grab a free page and zero it */
671 if (!PageFrameNumber)
672 {
673 /* We'll need a free page and zero it manually */
675 NeedZero = TRUE;
676 }
677 else
678 {
679 /* Page guaranteed to be zero-filled */
680 NeedZero = FALSE;
681 }
682 }
683 else
684 {
685 /* Get a color, and see if we should grab a zero or non-zero page */
687 if (!NeedZero)
688 {
689 /* Process or system doesn't want a zero page, grab anything */
691 }
692 else
693 {
694 /* System wants a zero page, obtain one */
696 /* No need to zero-fill it */
697 NeedZero = FALSE;
698 }
699 }
700
701 /* Initialize it */
703
704 /* Increment demand zero faults */
705 KeGetCurrentPrcb()->MmDemandZeroCount++;
706
707 /* Do we have the lock? */
708 if (HaveLock)
709 {
710 /* Release it */
711 MiReleasePfnLock(OldIrql);
712
713 /* Update performance counters */
715 }
716
717 /* Zero the page if need be */
719
720 /* Fault on user PDE, or fault on user PTE? */
722 {
723 /* User fault, build a user PTE */
725 PointerPte,
726 Protection,
727 PageFrameNumber);
728 }
729 else
730 {
731 /* This is a user-mode PDE, create a kernel PTE for it */
733 PointerPte,
734 Protection,
735 PageFrameNumber);
736 }
737
738 /* Set it dirty if it's a writable page */
740
741 /* Write it */
743
744 /* Did we manually acquire the lock */
745 if (HaveLock)
746 {
747 /* Get the PFN entry */
748 Pfn1 = MI_PFN_ELEMENT(PageFrameNumber);
749
750 /* Windows does these sanity checks */
753 }
754
755 //
756 // It's all good now
757 //
760}
VOID NTAPI MiInitializePfn(IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN BOOLEAN Modified)
Definition: pfnlist.c:962
FORCEINLINE PFN_NUMBER MiRemoveZeroPageSafe(IN ULONG Color)
Definition: miarm.h:2415
Definition: gdipluscolor.h:301
union _MMPFN::@1770 u1
Referenced by MiDispatchFault(), MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiResolvePageFileFault()
|
static |
Definition at line 890 of file pagfault.c.
895{
900 PMMPFN Pfn1;
904
905 /* Things we don't support yet */
908
910 MI_SET_PROCESS(CurrentProcess);
911
912 /* We must hold the PFN lock */
913 MI_ASSERT_PFN_LOCK_HELD();
914
915 /* Some sanity checks */
919
920 /* Get any page, it will be overwritten */
923
924 /* Initialize this PFN */
926
927 /* Sets the PFN as being in IO operation */
933
934 /* We must write the PTE now as the PFN lock will be released while performing the IO operation */
936
938
939 /* Release the PFN lock while we proceed */
940 MiReleasePfnLock(*OldIrql);
941
942 /* Do the paging IO */
944
945 /* Lock the PFN database again */
946 *OldIrql = MiAcquirePfnLock();
947
948 /* Nobody should have changed that while we were not looking */
951
953 {
954 /* Malheur! */
958 }
959
960 /* And the PTE can finally be valid */
963
965 /* Did someone start to wait on us while we proceeded ? */
967 {
968 /* Tell them we're done */
970 }
971
973}
FORCEINLINE VOID MI_MAKE_TRANSITION_PTE(_Out_ PMMPTE NewPte, _In_ PFN_NUMBER Page, _In_ ULONG Protection)
Definition: miarm.h:929
NTSTATUS NTAPI MiReadPageFile(_In_ PFN_NUMBER Page, _In_ ULONG PageFileIndex, _In_ ULONG_PTR PageFileOffset)
Definition: pagefile.c:211
Referenced by MiDispatchFault().
◆ MiResolveProtoPteFault()
|
static |
Definition at line 1110 of file pagfault.c.
1120{
1122 PMMPFN Pfn1;
1123 PFN_NUMBER PageFrameIndex;
1126 ULONG Protection;
1127
1128 /* Must be called with an invalid, prototype PTE, with the PFN lock held */
1129 MI_ASSERT_PFN_LOCK_HELD();
1130 ASSERT(PointerPte->u.Hard.Valid == 0);
1131 ASSERT(PointerPte->u.Soft.Prototype == 1);
1132
1133 /* Read the prototype PTE and check if it's valid */
1134 TempPte = *PointerProtoPte;
1136 {
1137 /* One more user of this mapped page */
1139 Pfn1 = MiGetPfnEntry(PageFrameIndex);
1141
1142 /* Call it a transition */
1144
1145 /* Complete the prototype PTE fault -- this will release the PFN lock */
1147 Address,
1148 PointerPte,
1149 PointerProtoPte,
1150 OldIrql,
1151 OutPfn);
1152 }
1153
1154 /* Make sure there's some protection mask */
1156 {
1157 /* Release the lock */
1159 MiReleasePfnLock(OldIrql);
1161 }
1162
1163 /* There is no such thing as a decommitted prototype PTE */
1165
1166 /* Check for access rights on the PTE proper */
1167 PteContents = *PointerPte;
1169 {
1171 {
1172 Protection = TempPte.u.Soft.Protection;
1173 }
1174 else
1175 {
1176 Protection = MM_READONLY;
1177 }
1178 /* Check for page acess in software */
1180 StoreInstruction,
1181 KernelMode,
1182 TempPte.u.Soft.Protection,
1183 TrapInformation,
1184 TRUE);
1186 }
1187 else
1188 {
1190 }
1191
1192 /* Check for writing copy on write page */
1194 {
1195 PFN_NUMBER PageFrameIndex, ProtoPageFrameIndex;
1197
1198 /* Resolve the proto fault as if it was a read operation */
1200 Address,
1201 PointerPte,
1202 PointerProtoPte,
1203 OutPfn,
1204 PageFileData,
1205 PteValue,
1206 Process,
1207 OldIrql,
1208 TrapInformation);
1209
1211 {
1213 }
1214
1215 /* Lock again the PFN lock, MiResolveProtoPteFault unlocked it */
1216 OldIrql = MiAcquirePfnLock();
1217
1218 /* And re-read the proto PTE */
1219 TempPte = *PointerProtoPte;
1222
1225
1226 /* Get a new page for the private copy */
1229 else
1231
1233
1234 /* Perform the copy */
1235 MiCopyPfn(PageFrameIndex, ProtoPageFrameIndex);
1236
1237 /* This will drop everything MiResolveProtoPteFault referenced */
1239
1240 /* Because now we use this */
1241 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1243
1244 /* Fix the protection */
1245 Protection &= ~MM_WRITECOPY;
1246 Protection |= MM_READWRITE;
1248 {
1249 /* Build the user PTE */
1250 MI_MAKE_HARDWARE_PTE_USER(&PteContents, PointerPte, Protection, PageFrameIndex);
1251 }
1252 else
1253 {
1254 /* Build the kernel PTE */
1255 MI_MAKE_HARDWARE_PTE(&PteContents, PointerPte, Protection, PageFrameIndex);
1256 }
1257
1258 /* And finally, write the valid PTE */
1259 MI_WRITE_VALID_PTE(PointerPte, PteContents);
1260
1261 /* The caller expects us to release the PFN lock */
1262 MiReleasePfnLock(OldIrql);
1264 }
1265
1266 /* Check for clone PTEs */
1268
1269 /* We don't support mapped files yet */
1271
1272 /* We might however have transition PTEs */
1274 {
1275 /* Resolve the transition fault */
1278 Address,
1279 PointerProtoPte,
1280 Process,
1281 OldIrql,
1282 &InPageBlock);
1284 }
1285 else
1286 {
1287 /* We also don't support paged out pages */
1289
1290 /* Resolve the demand zero fault */
1292 PointerProtoPte,
1294 Process,
1295 OldIrql);
1296#if MI_TRACE_PFNS
1297 /* Update debug info */
1298 if (TrapInformation)
1299 MiGetPfnEntry(PointerProtoPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
1300 else
1302#endif
1303
1305 }
1306
1307 /* Complete the prototype PTE fault -- this will release the PFN lock */
1308 ASSERT(PointerPte->u.Hard.Valid == 0);
1310 Address,
1311 PointerPte,
1312 PointerProtoPte,
1313 OldIrql,
1314 OutPfn);
1315}
VOID NTAPI MiDeletePte(IN PMMPTE PointerPte, IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess, IN PMMPTE PrototypePte)
Definition: virtual.c:369
VOID NTAPI MiCopyPfn(_In_ PFN_NUMBER DestPage, _In_ PFN_NUMBER SrcPage)
Definition: pagfault.c:529
static NTSTATUS NTAPI MiAccessCheck(IN PMMPTE PointerPte, IN BOOLEAN StoreInstruction, IN KPROCESSOR_MODE PreviousMode, IN ULONG_PTR ProtectionMask, IN PVOID TrapFrame, IN BOOLEAN LockHeld)
Definition: pagfault.c:168
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiResolveTransitionFault()
|
static |
Definition at line 978 of file pagfault.c.
984{
985 PFN_NUMBER PageFrameIndex;
986 PMMPFN Pfn1;
988 PMMPTE PointerToPteForProtoPage;
990 FaultingAddress, PointerPte, CurrentProcess->ImageFileName);
991
992 /* Windowss does this check */
994
995 /* ARM3 doesn't support this path */
997
998 /* Capture the PTE and make sure it's in transition format */
999 TempPte = *PointerPte;
1001 (TempPte.u.Soft.Prototype == 0) &&
1002 (TempPte.u.Soft.Transition == 1));
1003
1004 /* Get the PFN and the PFN entry */
1007 Pfn1 = MiGetPfnEntry(PageFrameIndex);
1008
1009 /* One more transition fault! */
1011
1012 /* This is from ARM3 -- Windows normally handles this here */
1014
1015 /* See if we should wait before terminating the fault */
1018 {
1022 {
1024 /* The PTE will be made valid by the thread serving the fault */
1026 }
1027 }
1028
1029 /* Windows checks there's some free pages and this isn't an in-page error */
1032
1033 /* ReactOS checks for this */
1035
1036 /* Was this a transition page in the valid list, or free/zero list? */
1038 {
1039 /* All Windows does here is a bunch of sanity checks */
1045 }
1046 else
1047 {
1048 /* Otherwise, the page is removed from its list */
1050 MiUnlinkPageFromList(Pfn1);
1051 MiReferenceUnusedPageAndBumpLockCount(Pfn1);
1052 }
1053
1054 /* At this point, there should no longer be any in-page errors */
1056
1057 /* Check if this was a PFN with no more share references */
1059
1060 /* Bump the share count and make the page valid */
1063
1064 /* Prototype PTEs are in paged pool, which itself might be in transition */
1066 {
1067 /* Check if this is a paged pool PTE in transition state */
1068 PointerToPteForProtoPage = MiAddressToPte(PointerPte);
1069 TempPte = *PointerToPteForProtoPage;
1071 {
1072 /* This isn't yet supported */
1075 }
1076 }
1077
1078 /* Build the final PTE */
1079 ASSERT(PointerPte->u.Hard.Valid == 0);
1080 ASSERT(PointerPte->u.Trans.Prototype == 0);
1081 ASSERT(PointerPte->u.Trans.Transition == 1);
1082 TempPte.u.Long = (PointerPte->u.Long & ~0xFFF) |
1083 (MmProtectToPteMask[PointerPte->u.Trans.Protection]) |
1084 MiDetermineUserGlobalPteMask(PointerPte);
1085
1086 /* Is the PTE writeable? */
1090 {
1091 /* Make it dirty */
1093 }
1094 else
1095 {
1096 /* Make it clean */
1098 }
1099
1100 /* Write the valid PTE */
1102
1103 /* Return success */
1105}
FORCEINLINE VOID MiReferenceUnusedPageAndBumpLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1787
FORCEINLINE ULONG_PTR MiDetermineUserGlobalPteMask(IN PVOID PointerPte)
Definition: miarm.h:736
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiZeroPfn()
| VOID NTAPI MiZeroPfn | ( | IN PFN_NUMBER | PageFrameNumber | ) |
Definition at line 483 of file pagfault.c.
484{
485 PMMPTE ZeroPte;
487 PMMPFN Pfn1;
488 PVOID ZeroAddress;
489
490 /* Get the PFN for this page */
491 Pfn1 = MiGetPfnEntry(PageFrameNumber);
492 ASSERT(Pfn1);
493
494 /* Grab a system PTE we can use to zero the page */
496 ASSERT(ZeroPte);
497
498 /* Initialize the PTE for it */
501
502 /* Setup caching */
504 {
505 /* Write combining, no caching */
508 }
510 {
511 /* Write through, no caching */
514 }
515
516 /* Make the system PTE valid with our PFN */
518
519 /* Get the address it maps to, and zero it out */
520 ZeroAddress = MiPteToAddress(ZeroPte);
522
523 /* Now get rid of it */
525}
Referenced by MiResolveDemandZeroFault(), and MmArmAccessFault().
◆ MmArmAccessFault()
| NTSTATUS NTAPI MmArmAccessFault | ( | IN ULONG | FaultCode, |
| IN PVOID | Address, | ||
| IN KPROCESSOR_MODE | Mode, | ||
| IN PVOID | TrapInformation | ||
| ) |
Definition at line 1679 of file pagfault.c.
1683{
1688#if (_MI_PAGING_LEVELS >= 3)
1690#if (_MI_PAGING_LEVELS == 4)
1692#endif
1693#endif
1695 PETHREAD CurrentThread;
1696 PEPROCESS CurrentProcess;
1698 PMMSUPPORT WorkingSet;
1699 ULONG ProtectionCode;
1701 PFN_NUMBER PageFrameIndex;
1703 BOOLEAN IsSessionAddress;
1704 PMMPFN Pfn1;
1706
1707 /* Check for page fault on high IRQL */
1709 {
1710#if (_MI_PAGING_LEVELS < 3)
1711 /* Could be a page table for paged pool, which we'll allow */
1714#endif
1715 /* Check if any of the top-level pages are invalid */
1716 if (
1719#endif
1722#endif
1725 {
1726 /* This fault is not valid, print out some debugging help */
1728 Address,
1729 OldIrql);
1730 if (TrapInformation)
1731 {
1732 PKTRAP_FRAME TrapFrame = TrapInformation;
1733#ifdef _M_IX86
1737#elif defined(_M_AMD64)
1741#elif defined(_M_ARM)
1743 DbgPrint("MM:***R0 %p, R1 %p R2 %p, R3 %p\n", TrapFrame->R0, TrapFrame->R1, TrapFrame->R2, TrapFrame->R3);
1744 DbgPrint("MM:***R11 %p, R12 %p SP %p, LR %p\n", TrapFrame->R11, TrapFrame->R12, TrapFrame->Sp, TrapFrame->Lr);
1745#endif
1746 }
1747
1748 /* Tell the trap handler to fail */
1750 }
1751
1752 /* Not yet implemented in ReactOS */
1754 ASSERT((!MI_IS_NOT_PRESENT_FAULT(FaultCode) && MI_IS_PAGE_COPY_ON_WRITE(PointerPte)) == FALSE);
1755
1756 /* Check if this was a write */
1758 {
1759 /* Was it to a read-only page? */
1763 {
1764 /* Crash with distinguished bugcheck code */
1765 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1768 (ULONG_PTR)TrapInformation,
1769 10);
1770 }
1771 }
1772
1773 /* Nothing is actually wrong */
1776 }
1777
1778 /* Check for kernel fault address */
1780 {
1781 /* Bail out, if the fault came from user mode */
1783
1784#if (_MI_PAGING_LEVELS == 2)
1787#endif
1788
1789 /* Check if the higher page table entries are invalid */
1790 if (
1792 /* AMD64 system, check if PXE is invalid */
1794#endif
1796 /* PAE/AMD64 system, check if PPE is invalid */
1798#endif
1799 /* Always check if the PDE is valid */
1801 {
1802 /* PXE/PPE/PDE (still) not valid, kill the system */
1803 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
1805 FaultCode,
1806 (ULONG_PTR)TrapInformation,
1807 2);
1808 }
1809
1810 /* Not handling session faults yet */
1812
1813 /* The PDE is valid, so read the PTE */
1814 TempPte = *PointerPte;
1816 {
1817 /* Check if this was system space or session space */
1818 if (!IsSessionAddress)
1819 {
1820 /* Check if the PTE is still valid under PFN lock */
1821 OldIrql = MiAcquirePfnLock();
1822 TempPte = *PointerPte;
1824 {
1825 /* Check if this was a write */
1827 {
1828 /* Was it to a read-only page? */
1832 {
1833 /* Crash with distinguished bugcheck code */
1834 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1837 (ULONG_PTR)TrapInformation,
1838 11);
1839 }
1840 }
1841
1842 /* Check for execution of non-executable memory */
1845 {
1846 KeBugCheckEx(ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY,
1849 (ULONG_PTR)TrapInformation,
1850 1);
1851 }
1852 }
1853
1854 /* Release PFN lock and return all good */
1855 MiReleasePfnLock(OldIrql);
1857 }
1858 }
1859#if (_MI_PAGING_LEVELS == 2)
1860 /* Check if this was a session PTE that needs to remap the session PDE */
1862 {
1863 /* Do the remapping */
1866 {
1867 /* It failed, this address is invalid */
1868 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
1870 FaultCode,
1871 (ULONG_PTR)TrapInformation,
1872 6);
1873 }
1874 }
1875#else
1876
1878
1879#endif
1880
1881 /* Check for a fault on the page table or hyperspace */
1883 {
1884#if (_MI_PAGING_LEVELS < 3)
1885 /* Windows does this check but I don't understand why -- it's done above! */
1887#endif
1888 /* Handle this as a user mode fault */
1889 goto UserFault;
1890 }
1891
1892 /* Get the current thread */
1893 CurrentThread = PsGetCurrentThread();
1894
1895 /* What kind of address is this */
1896 if (!IsSessionAddress)
1897 {
1898 /* Use the system working set */
1899 WorkingSet = &MmSystemCacheWs;
1900 CurrentProcess = NULL;
1901
1902 /* Make sure we don't have a recursive working set lock */
1904 (CurrentThread->OwnsProcessWorkingSetShared) ||
1905 (CurrentThread->OwnsSystemWorkingSetExclusive) ||
1906 (CurrentThread->OwnsSystemWorkingSetShared) ||
1907 (CurrentThread->OwnsSessionWorkingSetExclusive) ||
1908 (CurrentThread->OwnsSessionWorkingSetShared))
1909 {
1910 /* Fail */
1912 }
1913 }
1914 else
1915 {
1916 /* Use the session process and working set */
1917 CurrentProcess = HYDRA_PROCESS;
1919
1920 /* Make sure we don't have a recursive working set lock */
1922 (CurrentThread->OwnsSessionWorkingSetShared))
1923 {
1924 /* Fail */
1926 }
1927 }
1928
1929 /* Acquire the working set lock */
1931 MiLockWorkingSet(CurrentThread, WorkingSet);
1932
1933 /* Re-read PTE now that we own the lock */
1934 TempPte = *PointerPte;
1936 {
1937 /* Check if this was a write */
1939 {
1940 /* Was it to a read-only page that is not copy on write? */
1945 {
1946 /* Case not yet handled */
1947 ASSERT(!IsSessionAddress);
1948
1949 /* Crash with distinguished bugcheck code */
1950 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1952 TempPte.u.Long,
1953 (ULONG_PTR)TrapInformation,
1954 12);
1955 }
1956 }
1957
1958 /* Check for execution of non-executable memory */
1961 {
1962 KeBugCheckEx(ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY,
1965 (ULONG_PTR)TrapInformation,
1966 2);
1967 }
1968
1969 /* Check for read-only write in session space */
1970 if ((IsSessionAddress) &&
1971 MI_IS_WRITE_ACCESS(FaultCode) &&
1973 {
1974 /* Sanity check */
1976
1977 /* Was this COW? */
1979 {
1980 /* Then this is not allowed */
1981 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1984 (ULONG_PTR)TrapInformation,
1985 13);
1986 }
1987
1988 /* Otherwise, handle COW */
1990 }
1991
1992 /* Release the working set */
1993 MiUnlockWorkingSet(CurrentThread, WorkingSet);
1994 KeLowerIrql(LockIrql);
1995
1996 /* Otherwise, the PDE was probably invalid, and all is good now */
1998 }
1999
2000 /* Check one kind of prototype PTE */
2002 {
2003 /* Make sure protected pool is on, and that this is a pool address */
2007 MmSizeOfNonPagedPoolInBytes))) ||
2010 {
2011 /* Bad boy, bad boy, whatcha gonna do, whatcha gonna do when ARM3 comes for you! */
2012 KeBugCheckEx(DRIVER_CAUGHT_MODIFYING_FREED_POOL,
2014 FaultCode,
2015 Mode,
2016 4);
2017 }
2018
2019 /* Get the prototype PTE! */
2021
2022 /* Do we need to locate the prototype PTE in session space? */
2023 if ((IsSessionAddress) &&
2025 {
2026 /* Yep, go find it as well as the VAD for it */
2028 &ProtectionCode,
2029 &Vad);
2031 }
2032 }
2033 else
2034 {
2035 /* We don't implement transition PTEs */
2037
2038 /* Check for no-access PTE */
2040 {
2041 /* Bugcheck the system! */
2042 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
2044 FaultCode,
2045 (ULONG_PTR)TrapInformation,
2046 1);
2047 }
2048
2049 /* Check for no protecton at all */
2051 {
2052 /* Bugcheck the system! */
2053 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
2055 FaultCode,
2056 (ULONG_PTR)TrapInformation,
2057 0);
2058 }
2059 }
2060
2061 /* Check for demand page */
2063 !(ProtoPte) &&
2064 !(IsSessionAddress) &&
2066 {
2067 /* Get the protection code */
2070 {
2071 /* Bugcheck the system! */
2072 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
2074 TempPte.u.Long,
2075 (ULONG_PTR)TrapInformation,
2076 14);
2077 }
2078 }
2079
2080 /* Now do the real fault handling */
2082 Address,
2083 PointerPte,
2084 ProtoPte,
2085 FALSE,
2086 CurrentProcess,
2087 TrapInformation,
2088 NULL);
2089
2090 /* Release the working set */
2092 MiUnlockWorkingSet(CurrentThread, WorkingSet);
2093 KeLowerIrql(LockIrql);
2094
2095 /* We are done! */
2098 }
2099
2100 /* This is a user fault */
2101UserFault:
2102 CurrentThread = PsGetCurrentThread();
2104
2105 /* Lock the working set */
2106 MiLockProcessWorkingSet(CurrentProcess, CurrentThread);
2107
2108 ProtectionCode = MM_INVALID_PROTECTION;
2109
2110#if (_MI_PAGING_LEVELS == 4)
2111 /* Check if the PXE is valid */
2113 {
2114 /* Right now, we only handle scenarios where the PXE is totally empty */
2116
2117 /* This is only possible for user mode addresses! */
2119
2120 /* Check if we have a VAD */
2123 {
2124 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2126 }
2127
2128 /* Resolve a demand zero fault */
2129 MiResolveDemandZeroFault(PointerPpe,
2130 PointerPxe,
2131 MM_EXECUTE_READWRITE,
2132 CurrentProcess,
2133 MM_NOIRQL);
2134
2135 /* We should come back with a valid PXE */
2137 }
2138#endif
2139
2140#if (_MI_PAGING_LEVELS >= 3)
2141 /* Check if the PPE is valid */
2143 {
2144 /* Right now, we only handle scenarios where the PPE is totally empty */
2146
2147 /* This is only possible for user mode addresses! */
2149
2150 /* Check if we have a VAD, unless we did this already */
2152 {
2154 }
2155
2157 {
2158 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2160 }
2161
2162 /* Resolve a demand zero fault */
2163 MiResolveDemandZeroFault(PointerPde,
2164 PointerPpe,
2165 MM_EXECUTE_READWRITE,
2166 CurrentProcess,
2167 MM_NOIRQL);
2168
2169 /* We should come back with a valid PPE */
2171 MiIncrementPageTableReferences(PointerPde);
2172 }
2173#endif
2174
2175 /* Check if the PDE is invalid */
2177 {
2178 /* Right now, we only handle scenarios where the PDE is totally empty */
2180
2181 /* And go dispatch the fault on the PDE. This should handle the demand-zero */
2182#if MI_TRACE_PFNS
2183 UserPdeFault = TRUE;
2184#endif
2185 /* Check if we have a VAD, unless we did this already */
2187 {
2189 }
2190
2192 {
2193#if (_MI_PAGING_LEVELS == 2)
2194 /* Could be a page table for paged pool */
2196#endif
2197 /* Has the code above changed anything -- is this now a valid PTE? */
2199
2200 /* Either this was a bogus VA or we've fixed up a paged pool PDE */
2201 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2203 }
2204
2205 /* Resolve a demand zero fault */
2206 MiResolveDemandZeroFault(PointerPte,
2207 PointerPde,
2208 MM_EXECUTE_READWRITE,
2209 CurrentProcess,
2210 MM_NOIRQL);
2211#if _MI_PAGING_LEVELS >= 3
2212 MiIncrementPageTableReferences(PointerPte);
2213#endif
2214
2215#if MI_TRACE_PFNS
2216 UserPdeFault = FALSE;
2217 /* Update debug info */
2218 if (TrapInformation)
2219 MiGetPfnEntry(PointerPde->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
2220 else
2222#endif
2223 /* We should come back with APCs enabled, and with a valid PDE */
2226 }
2227 else
2228 {
2229 /* Not yet implemented in ReactOS */
2231 }
2232
2233 /* Now capture the PTE. */
2234 TempPte = *PointerPte;
2235
2236 /* Check if the PTE is valid */
2238 {
2239 /* Check if this is a write on a readonly PTE */
2241 {
2242 /* Is this a copy on write PTE? */
2244 {
2245 PFN_NUMBER PageFrameIndex, OldPageFrameIndex;
2246 PMMPFN Pfn1;
2247
2248 LockIrql = MiAcquirePfnLock();
2249
2251
2253 MI_SET_PROCESS(CurrentProcess);
2254
2255 /* Allocate a new page and copy it */
2258
2259 MiCopyPfn(PageFrameIndex, OldPageFrameIndex);
2260
2261 /* Dereference whatever this PTE is referencing */
2262 Pfn1 = MI_PFN_ELEMENT(OldPageFrameIndex);
2265 ProtoPte = Pfn1->PteAddress;
2267
2268 /* And make a new shiny one with our page */
2271 TempPte.u.Hard.Write = 1;
2272 TempPte.u.Hard.CopyOnWrite = 0;
2273
2275
2276 MiReleasePfnLock(LockIrql);
2277
2278 /* Return the status */
2279 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2281 }
2282
2283 /* Is this a read-only PTE? */
2285 {
2286 /* Return the status */
2287 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2289 }
2290 }
2291
2292 /* Check for execution of non-executable memory */
2295 {
2296 /* Return the status */
2297 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2299 }
2300
2301 /* The fault has already been resolved by a different thread */
2302 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2304 }
2305
2306 /* Quick check for demand-zero */
2309 {
2310 /* Resolve the fault */
2312 PointerPte,
2313 TempPte.u.Soft.Protection,
2314 CurrentProcess,
2315 MM_NOIRQL);
2316
2317#if MI_TRACE_PFNS
2318 /* Update debug info */
2319 if (TrapInformation)
2320 MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
2321 else
2323#endif
2324
2325 /* Return the status */
2326 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2328 }
2329
2330 /* Check for zero PTE */
2332 {
2333 /* Check if this address range belongs to a valid allocation (VAD) */
2336 {
2337#if (_MI_PAGING_LEVELS == 2)
2338 /* Could be a page table for paged pool */
2340#endif
2341 /* Has the code above changed anything -- is this now a valid PTE? */
2343
2344 /* Either this was a bogus VA or we've fixed up a paged pool PDE */
2345 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2347 }
2348
2349 /*
2350 * Check if this is a real user-mode address or actually a kernel-mode
2351 * page table for a user mode address
2352 */
2358#endif
2359#endif
2360 )
2361 {
2362 /* Add an additional page table reference */
2364 }
2365
2366 /* Is this a guard page? */
2368 {
2369 /* The VAD protection cannot be MM_DECOMMIT! */
2371
2372 /* Remove the bit */
2373 TempPte.u.Soft.Protection = ProtectionCode & ~MM_GUARDPAGE;
2375
2376 /* Not supported */
2378 ASSERT(CurrentThread->ApcNeeded == 0);
2379
2380 /* Drop the working set lock */
2381 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2383
2384 /* Handle stack expansion */
2386 }
2387
2388 /* Did we get a prototype PTE back? */
2389 if (!ProtoPte)
2390 {
2391 /* Is this PTE actually part of the PDE-PTE self-mapping directory? */
2393 {
2394 /* Then it's really a demand-zero PDE (on behalf of user-mode) */
2395#ifdef _M_ARM
2398#else
2400#endif
2401 }
2402 else
2403 {
2404 /* No, create a new PTE. First, write the protection */
2405 TempPte.u.Soft.Protection = ProtectionCode;
2407 }
2408
2409 /* Lock the PFN database since we're going to grab a page */
2410 OldIrql = MiAcquirePfnLock();
2411
2412 /* Make sure we have enough pages */
2414
2415 /* Try to get a zero page */
2420 if (!PageFrameIndex)
2421 {
2422 /* Grab a page out of there. Later we should grab a colored zero page */
2424 ASSERT(PageFrameIndex);
2425
2426 /* Release the lock since we need to do some zeroing */
2427 MiReleasePfnLock(OldIrql);
2428
2429 /* Zero out the page, since it's for user-mode */
2430 MiZeroPfn(PageFrameIndex);
2431
2432 /* Grab the lock again so we can initialize the PFN entry */
2433 OldIrql = MiAcquirePfnLock();
2434 }
2435
2436 /* Initialize the PFN entry now */
2437 MiInitializePfn(PageFrameIndex, PointerPte, 1);
2438
2439 /* Increment the count of pages in the process */
2440 CurrentProcess->NumberOfPrivatePages++;
2441
2442 /* One more demand-zero fault */
2443 KeGetCurrentPrcb()->MmDemandZeroCount++;
2444
2445 /* And we're done with the lock */
2446 MiReleasePfnLock(OldIrql);
2447
2448 /* Fault on user PDE, or fault on user PTE? */
2450 {
2451 /* User fault, build a user PTE */
2453 PointerPte,
2455 PageFrameIndex);
2456 }
2457 else
2458 {
2459 /* This is a user-mode PDE, create a kernel PTE for it */
2461 PointerPte,
2463 PageFrameIndex);
2464 }
2465
2466 /* Write the dirty bit for writeable pages */
2468
2469 /* And now write down the PTE, making the address valid */
2471 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
2473
2474 /* Demand zero */
2476 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2478 }
2479
2480 /* We should have a valid protection here */
2481 ASSERT(ProtectionCode != 0x100);
2482
2483 /* Write the prototype PTE */
2485 TempPte.u.Soft.Protection = ProtectionCode;
2488 }
2489 else
2490 {
2491 /* Get the protection code and check if this is a proto PTE */
2494 {
2495 /* Do we need to go find the real PTE? */
2497 {
2498 /* Get the prototype pte and VAD for it */
2500 &ProtectionCode,
2501 &Vad);
2502 if (!ProtoPte)
2503 {
2505 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2507 }
2508 }
2509 else
2510 {
2511 /* Get the prototype PTE! */
2513
2514 /* Is it read-only */
2516 {
2517 /* Set read-only code */
2518 ProtectionCode = MM_READONLY;
2519 }
2520 else
2521 {
2522 /* Set unknown protection */
2523 ProtectionCode = 0x100;
2525 }
2526 }
2527 }
2528 }
2529
2530 /* Do we have a valid protection code? */
2531 if (ProtectionCode != 0x100)
2532 {
2533 /* Run a software access check first, including to detect guard pages */
2535 !MI_IS_NOT_PRESENT_FAULT(FaultCode),
2536 Mode,
2537 ProtectionCode,
2538 TrapInformation,
2539 FALSE);
2541 {
2542 /* Not supported */
2543 ASSERT(CurrentThread->ApcNeeded == 0);
2544
2545 /* Drop the working set lock */
2546 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2548
2549 /* Did we hit a guard page? */
2551 {
2552 /* Handle stack expansion */
2554 }
2555
2556 /* Otherwise, fail back to the caller directly */
2558 }
2559 }
2560
2561 /* Dispatch the fault */
2563 Address,
2564 PointerPte,
2565 ProtoPte,
2566 FALSE,
2567 CurrentProcess,
2568 TrapInformation,
2569 Vad);
2570
2571 /* Return the status */
2573 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2575}
#define MI_IS_SYSTEM_PAGE_TABLE_ADDRESS(Address)
Definition: miarm.h:180
FORCEINLINE VOID MiLockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1265
FORCEINLINE VOID MiUnlockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1194
FORCEINLINE VOID MiUnlockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1351
FORCEINLINE VOID MI_WRITE_INVALID_PDE(IN PMMPDE PointerPde, IN MMPDE InvalidPde)
Definition: miarm.h:1035
#define MI_IS_PAGE_TABLE_OR_HYPER_ADDRESS(Address)
Definition: miarm.h:183
FORCEINLINE USHORT MiIncrementPageTableReferences(IN PVOID Address)
Definition: miarm.h:2481
FORCEINLINE VOID MiLockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1124
static PMMPTE NTAPI MiCheckVirtualAddress(IN PVOID VirtualAddress, OUT PULONG ProtectCode, OUT PMMVAD *ProtoVad)
Definition: pagfault.c:237
NTSTATUS FASTCALL MiCheckPdeForPagedPool(IN PVOID Address)
Definition: pagfault.c:475
static NTSTATUS NTAPI MiCheckForUserStackOverflow(IN PVOID Address, IN PVOID TrapInformation)
Definition: pagfault.c:30
NTSTATUS NTAPI MiDispatchFault(IN ULONG FaultCode, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN BOOLEAN Recursive, IN PEPROCESS Process, IN PVOID TrapInformation, IN PMMVAD Vad)
Definition: pagfault.c:1319
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
Definition: pstypes.h:1261
ULONG OwnsSessionWorkingSetExclusive
Definition: pstypes.h:1225
ULONG OwnsProcessWorkingSetExclusive
Definition: pstypes.h:1221
ULONG OwnsSystemWorkingSetExclusive
Definition: pstypes.h:1223
Definition: mmtypes.h:920
struct _MM_SESSION_SPACE * GlobalVirtualAddress
Definition: miarm.h:470
Referenced by MmAccessFault().
◆ MmGetExecuteOptions()
Definition at line 2579 of file pagfault.c.
2580{
2583
2584 *ExecuteOptions = 0;
2585
2587 {
2588 *ExecuteOptions |= MEM_EXECUTE_OPTION_DISABLE;
2589 }
2590
2592 {
2593 *ExecuteOptions |= MEM_EXECUTE_OPTION_ENABLE;
2594 }
2595
2597 {
2598 *ExecuteOptions |= MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION;
2599 }
2600
2602 {
2603 *ExecuteOptions |= MEM_EXECUTE_OPTION_PERMANENT;
2604 }
2605
2607 {
2608 *ExecuteOptions |= MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE;
2609 }
2610
2612 {
2613 *ExecuteOptions |= MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE;
2614 }
2615
2617}
#define MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE
Definition: mmtypes.h:77
#define MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE
Definition: mmtypes.h:78
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION
Definition: mmtypes.h:75
Definition: ketypes.h:2023
Referenced by NtQueryInformationProcess().
◆ MmSetExecuteOptions()
Definition at line 2621 of file pagfault.c.
2622{
2624 KLOCK_QUEUE_HANDLE ProcessLock;
2627
2628 /* Only accept valid flags */
2630 {
2631 /* Fail */
2634 }
2635
2636 /* Change the NX state in the process lock */
2637 KiAcquireProcessLockRaiseToSynch(CurrentProcess, &ProcessLock);
2638
2639 /* Don't change anything if the permanent flag was set */
2641 {
2642 /* Start by assuming it's not disabled */
2644
2645 /* Now process each flag and turn the equivalent bit on */
2647 {
2649 }
2651 {
2653 }
2655 {
2657 }
2659 {
2661 }
2663 {
2665 }
2667 {
2669 }
2670
2671 /* These are turned on by default if no-execution is also eanbled */
2673 {
2676 }
2677
2678 /* All good */
2680 }
2681
2682 /* Release the lock and return status */
2683 KiReleaseProcessLock(&ProcessLock);
2685}
FORCEINLINE VOID KiReleaseProcessLock(IN PKLOCK_QUEUE_HANDLE Handle)
Definition: ke_x.h:660
FORCEINLINE VOID KiAcquireProcessLockRaiseToSynch(IN PKPROCESS Process, IN PKLOCK_QUEUE_HANDLE Handle)
Definition: ke_x.h:651
Definition: ketypes.h:614
Referenced by NtSetInformationProcess().
