Include dependency graph for pagfault.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | MODULE_INVOLVED_IN_ARM3 |
| #define | HYDRA_PROCESS (PEPROCESS)1 |
| #define | _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7) |
Macro Definition Documentation
◆ _BYTE_MASK
| #define _BYTE_MASK | ( | Bit0, | |
| Bit1, | |||
| Bit2, | |||
| Bit3, | |||
| Bit4, | |||
| Bit5, | |||
| Bit6, | |||
| Bit7 | |||
| ) |
Value:
(Bit0) | ((Bit1) << 1) | ((Bit2) << 2) | ((Bit3) << 3) | \
((Bit4) << 4) | ((Bit5) << 5) | ((Bit6) << 6) | ((Bit7) << 7)
◆ HYDRA_PROCESS
Definition at line 24 of file pagfault.c.
◆ MODULE_INVOLVED_IN_ARM3
| #define MODULE_INVOLVED_IN_ARM3 |
Definition at line 15 of file pagfault.c.
◆ NDEBUG
| #define NDEBUG |
Definition at line 12 of file pagfault.c.
Function Documentation
◆ MiAccessCheck()
|
static |
Definition at line 172 of file pagfault.c.
178{
180
181 /* Check for invalid user-mode access */
183 {
185 }
186
187 /* Capture the PTE -- is it valid? */
188 TempPte = *PointerPte;
190 {
191 /* Was someone trying to write to it? */
192 if (StoreInstruction)
193 {
194 /* Is it writable?*/
197 {
198 /* Then there's nothing to worry about */
200 }
201
202 /* Oops! This isn't allowed */
204 }
205
206 /* Someone was trying to read from a valid PTE, that's fine too */
208 }
209
210 /* Check if the protection on the page allows what is being attempted */
212 {
214 }
215
216 /* Check if this is a guard page */
218 {
220
221 /* Attached processes can't expand their stack */
223
224 /* No support for prototype PTEs yet */
226
227 /* Remove the guard page bit, and return a guard page violation */
228 TempPte.u.Soft.Protection = ProtectionMask & ~MM_GUARDPAGE;
232 }
233
234 /* Nothing to do */
236}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
FORCEINLINE VOID MI_WRITE_INVALID_PTE(IN PMMPTE PointerPte, IN MMPTE InvalidPte)
Definition: miarm.h:1006
FORCEINLINE BOOLEAN MiIsAccessAllowed(_In_ ULONG ProtectionMask, _In_ BOOLEAN Write, _In_ BOOLEAN Execute)
Definition: pagfault.c:142
Definition: mmtypes.h:212
Referenced by MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiCheckForUserStackOverflow()
|
static |
Definition at line 34 of file pagfault.c.
36{
39 PVOID StackBase, DeallocationStack, NextStackAddress;
40 SIZE_T GuaranteedSize;
42
43 /* Do we own the address space lock? */
44 if (CurrentThread->AddressSpaceOwner == 1)
45 {
46 /* This isn't valid */
50 }
51
52 /* Are we attached? */
54 {
55 /* This isn't valid */
58 }
59
60 /* Read the current settings */
62 DeallocationStack = Teb->DeallocationStack;
63 GuaranteedSize = Teb->GuaranteedStackBytes;
65 StackBase, DeallocationStack, GuaranteedSize);
66
67 /* Guarantees make this code harder, for now, assume there aren't any */
68 ASSERT(GuaranteedSize == 0);
69
70 /* So allocate only the minimum guard page size */
71 GuaranteedSize = PAGE_SIZE;
72
73 /* Does this faulting stack address actually exist in the stack? */
75 {
76 /* That's odd... */
77 DPRINT1("Faulting address outside of stack bounds. Address=%p, StackBase=%p, DeallocationStack=%p\n",
78 Address, StackBase, DeallocationStack);
80 }
81
82 /* This is where the stack will start now */
84
85 /* Do we have at least one page between here and the end of the stack? */
87 {
88 /* We don't -- Trying to make this guard page valid now */
90
91 /* Calculate the next memory address */
93
94 /* Allocate the memory */
96 &NextStackAddress,
97 0,
98 &GuaranteedSize,
99 MEM_COMMIT,
100 PAGE_READWRITE);
102 {
103 /* Success! */
105 }
106 else
107 {
109 }
110
112 }
113
114 /* Don't handle this flag yet */
116
117 /* Update the stack limit */
119
120 /* Now move the guard page to the next page */
122 &NextStackAddress,
123 0,
124 &GuaranteedSize,
125 MEM_COMMIT,
128 {
129 /* We did it! */
132 }
133
134 /* Fail, we couldn't move the guard page */
138}
Definition: nsiface.idl:2307
Definition: pstypes.h:1103
Definition: compat.h:836
#define PAGE_ALIGN(Va)
Referenced by MmArmAccessFault().
◆ MiCheckPdeForPagedPool()
Definition at line 479 of file pagfault.c.
Referenced by MiDeletePte(), MiInitializePfn(), MiInitializePfnAndMakePteValid(), and MmArmAccessFault().
◆ MiCheckVirtualAddress()
|
static |
Definition at line 241 of file pagfault.c.
244{
245 PMMVAD Vad;
246 PMMPTE PointerPte;
247
248 /* No prototype/section support for now */
249 *ProtoVad = NULL;
250
251 /* User or kernel fault? */
253 {
254 /* Special case for shared data */
256 {
257 /* It's a read-only page */
258 *ProtectCode = MM_READONLY;
260 }
261
262 /* Find the VAD, it might not exist if the address is bogus */
264 if (!Vad)
265 {
266 /* Bogus virtual address */
267 *ProtectCode = MM_NOACCESS;
269 }
270
271 /* ReactOS does not handle physical memory VADs yet */
273
274 /* Check if it's a section, or just an allocation */
276 {
277 /* ReactOS does not handle AWE VADs yet */
279
280 /* This must be a TEB/PEB VAD */
282 {
283 /* It's committed, so return the VAD protection */
285 }
286 else
287 {
288 /* It has not yet been committed, so return no access */
289 *ProtectCode = MM_NOACCESS;
290 }
291
292 /* In both cases, return no PTE */
294 }
295 else
296 {
297 /* ReactOS does not supoprt these VADs yet */
300
301 /* Return the proto VAD */
302 *ProtoVad = Vad;
303
304 /* Get the prototype PTE for this page */
305 PointerPte = (((ULONG_PTR)VirtualAddress >> PAGE_SHIFT) - Vad->StartingVpn) + Vad->FirstPrototypePte;
307 ASSERT(PointerPte <= Vad->LastContiguousPte);
308
309 /* Return the Prototype PTE and the protection for the page mapping */
311 return PointerPte;
312 }
313 }
315 {
316 /* This should never happen, as these addresses are handled by the double-maping */
319 {
320 /* Fail such access */
321 *ProtectCode = MM_NOACCESS;
323 }
324
325 /* Return full access rights */
326 *ProtectCode = MM_EXECUTE_READWRITE;
328 }
330 {
331 /* ReactOS does not have an image list yet, so bail out to failure case */
333 }
334
335 /* Default case -- failure */
336 *ProtectCode = MM_NOACCESS;
338}
PMMVAD NTAPI MiLocateAddress(IN PVOID VirtualAddress)
struct _MMPTE * PMMPTE
Definition: mmtypes.h:721
union _MMVAD::@2710 u
union _MMVAD::@2711 u2
_Must_inspect_result_ _In_ WDFDMATRANSACTION _In_ PFN_WDF_PROGRAM_DMA _In_ WDF_DMA_DIRECTION _In_ PMDL _In_ PVOID VirtualAddress
Definition: wdfdmatransaction.h:189
Referenced by MmArmAccessFault().
◆ MiCompleteProtoPteFault()
|
static |
Definition at line 775 of file pagfault.c.
781{
783 PMMPTE OriginalPte, PageTablePte;
784 ULONG_PTR Protection;
785 PFN_NUMBER PageFrameIndex;
786 PMMPFN Pfn1, Pfn2;
787 BOOLEAN OriginalProtection, DirtyPage;
788
789 /* Must be called with an valid prototype PTE, with the PFN lock held */
790 MI_ASSERT_PFN_LOCK_HELD();
791 ASSERT(PointerProtoPte->u.Hard.Valid == 1);
792
793 /* Get the page */
794 PageFrameIndex = PFN_FROM_PTE(PointerProtoPte);
795
796 /* Get the PFN entry and set it as a prototype PTE */
797 Pfn1 = MiGetPfnEntry(PageFrameIndex);
799
800 /* Increment the share count for the page table */
801 PageTablePte = MiAddressToPte(PointerPte);
804
805 /* Check where we should be getting the protection information from */
807 {
808 /* Get the protection from the PTE, there's no real Proto PTE data */
809 Protection = PointerPte->u.Soft.Protection;
810
811 /* Remember that we did not use the proto protection */
812 OriginalProtection = FALSE;
813 }
814 else
815 {
816 /* Get the protection from the original PTE link */
817 OriginalPte = &Pfn1->OriginalPte;
819
820 /* Remember that we used the original protection */
821 OriginalProtection = TRUE;
822
823 /* Check if this was a write on a read only proto */
825 {
826 /* Clear the flag */
827 StoreInstruction = 0;
828 }
829 }
830
831 /* Check if this was a write on a non-COW page */
832 DirtyPage = FALSE;
834 {
835 /* Then the page should be marked dirty */
836 DirtyPage = TRUE;
837
838 /* ReactOS check */
840 }
841
842 /* Did we get a locked incoming PFN? */
843 if (*LockedProtoPfn)
844 {
845 /* Drop a reference */
846 ASSERT((*LockedProtoPfn)->u3.e2.ReferenceCount >= 1);
847 MiDereferencePfnAndDropLockCount(*LockedProtoPfn);
848 *LockedProtoPfn = NULL;
849 }
850
851 /* Release the PFN lock */
852 MiReleasePfnLock(OldIrql);
853
854 /* Remove special/caching bits */
855 Protection &= ~MM_PROTECT_SPECIAL;
856
857 /* Setup caching */
859 {
860 /* Write combining, no caching */
863 }
865 {
866 /* Write through, no caching */
869 }
870
871 /* Check if this is a kernel or user address */
873 {
874 /* Build the user PTE */
876 }
877 else
878 {
879 /* Build the kernel PTE */
881 }
882
883 /* Set the dirty flag if needed */
885
886 /* Write the PTE */
888
889 /* Reset the protection if needed */
891
892 /* Return success */
895}
FORCEINLINE VOID MI_MAKE_HARDWARE_PTE_USER(IN PMMPTE NewPte, IN PMMPTE MappingPte, IN ULONG_PTR ProtectionMask, IN PFN_NUMBER PageFrameNumber)
Definition: miarm.h:841
FORCEINLINE VOID MiDereferencePfnAndDropLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1628
FORCEINLINE VOID MI_MAKE_HARDWARE_PTE(IN PMMPTE NewPte, IN PMMPTE MappingPte, IN ULONG_PTR ProtectionMask, IN PFN_NUMBER PageFrameNumber)
Definition: miarm.h:821
FORCEINLINE VOID MI_WRITE_VALID_PTE(IN PMMPTE PointerPte, IN MMPTE TempPte)
Definition: miarm.h:973
union _MMPFN::@1842 u3
union _MMPFN::@1841 u2
union _MMPTE::@2421 u
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiCopyPfn()
| VOID NTAPI MiCopyPfn | ( | _In_ PFN_NUMBER | DestPage, |
| _In_ PFN_NUMBER | SrcPage | ||
| ) |
Definition at line 533 of file pagfault.c.
536{
537 PMMPTE SysPtes;
539 PMMPFN DestPfn, SrcPfn;
540 PVOID DestAddress;
542
543 /* Get the PFNs */
544 DestPfn = MiGetPfnEntry(DestPage);
545 ASSERT(DestPfn);
546 SrcPfn = MiGetPfnEntry(SrcPage);
547 ASSERT(SrcPfn);
548
549 /* Grab 2 system PTEs */
551 ASSERT(SysPtes);
552
553 /* Initialize the destination PTE */
556
557 /* Setup caching */
559 {
560 /* Write combining, no caching */
563 }
565 {
566 /* Write through, no caching */
569 }
570
571 /* Make the system PTE valid with our PFN */
573
574 /* Initialize the source PTE */
577
578 /* Setup caching */
580 {
582 }
583
584 /* Make the system PTE valid with our PFN */
586
587 /* Get the addresses and perform the copy */
588 DestAddress = MiPteToAddress(&SysPtes[0]);
589 SrcAddress = MiPteToAddress(&SysPtes[1]);
591
592 /* Now get rid of it */
594}
VOID NTAPI MiReleaseSystemPtes(IN PMMPTE StartingPte, IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPtePoolType)
Definition: syspte.c:264
PMMPTE NTAPI MiReserveSystemPtes(IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPtePoolType)
Definition: syspte.c:246
Referenced by MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiDispatchFault()
| NTSTATUS NTAPI MiDispatchFault | ( | IN ULONG | FaultCode, |
| IN PVOID | Address, | ||
| IN PMMPTE | PointerPte, | ||
| IN PMMPTE | PointerProtoPte, | ||
| IN BOOLEAN | Recursive, | ||
| IN PEPROCESS | Process, | ||
| IN PVOID | TrapInformation, | ||
| IN PMMVAD | Vad | ||
| ) |
Definition at line 1338 of file pagfault.c.
1346{
1350 PMMPTE SuperProtoPte;
1352 PFN_NUMBER PageFrameIndex;
1353 PFN_COUNT PteCount, ProcessedPtes;
1355 Address,
1356 Process);
1357
1358 /* Make sure the addresses are ok */
1360
1361 //
1362 // Make sure APCs are off and we're not at dispatch
1363 //
1367
1368 //
1369 // Grab a copy of the PTE
1370 //
1371 TempPte = *PointerPte;
1372
1373 /* Do we have a prototype PTE? */
1374 if (PointerProtoPte)
1375 {
1376 /* This should never happen */
1378
1379 /* Check if this is a kernel-mode address */
1380 SuperProtoPte = MiAddressToPte(PointerProtoPte);
1382 {
1383 /* Lock the PFN database */
1384 LockIrql = MiAcquirePfnLock();
1385
1386 /* Has the PTE been made valid yet? */
1388 {
1390 }
1391 else if (PointerPte->u.Hard.Valid == 1)
1392 {
1394 }
1395
1396 /* Resolve the fault -- this will release the PFN lock */
1398 Address,
1399 PointerPte,
1400 PointerProtoPte,
1401 &OutPfn,
1402 NULL,
1403 NULL,
1404 Process,
1405 LockIrql,
1406 TrapInformation);
1408
1409 /* Complete this as a transition fault */
1414 }
1415 else
1416 {
1417 /* We only handle the lookup path */
1419
1420 /* Is there a non-image VAD? */
1421 if ((Vad) &&
1422 (Vad->u.VadFlags.VadType != VadImageMap) &&
1423 !(Vad->u2.VadFlags2.ExtendableFile))
1424 {
1425 /* One day, ReactOS will cluster faults */
1428 }
1429
1430 /* Only one PTE to handle for now */
1431 PteCount = 1;
1432 ProcessedPtes = 0;
1433
1434 /* Lock the PFN database */
1435 LockIrql = MiAcquirePfnLock();
1436
1437 /* We only handle the valid path */
1439
1440 /* Capture the PTE */
1441 TempPte = *PointerProtoPte;
1442
1443 /* Loop to handle future case of clustered faults */
1445 {
1446 /* For our current usage, this should be true */
1448 {
1449 /* Bump the share count on the PTE */
1451 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1453 }
1455 (TempPte.u.Soft.Transition == 1))
1456 {
1457 /* This is a standby page, bring it back from the cache */
1460 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1462
1463 /* Should not yet happen in ReactOS */
1466
1467 /* Get the page */
1468 MiUnlinkPageFromList(Pfn1);
1469
1470 /* Bump its reference count */
1474
1475 /* Make it valid again */
1476 /* This looks like another macro.... */
1478 ASSERT(PointerProtoPte->u.Hard.Valid == 0);
1479 ASSERT(PointerProtoPte->u.Trans.Prototype == 0);
1480 ASSERT(PointerProtoPte->u.Trans.Transition == 1);
1481 TempPte.u.Long = (PointerProtoPte->u.Long & ~0xFFF) |
1482 MmProtectToPteMask[PointerProtoPte->u.Trans.Protection];
1485
1486 /* Is the PTE writeable? */
1490 {
1491 /* Make it dirty */
1493 }
1494 else
1495 {
1496 /* Make it clean */
1498 }
1499
1500 /* Write the valid PTE */
1502 ASSERT(PointerPte->u.Hard.Valid == 0);
1503 }
1504 else
1505 {
1506 /* Page is invalid, get out of the loop */
1507 break;
1508 }
1509
1510 /* One more done, was it the last? */
1511 if (++ProcessedPtes == PteCount)
1512 {
1513 /* Complete the fault */
1515 Address,
1516 PointerPte,
1517 PointerProtoPte,
1518 LockIrql,
1519 &OutPfn);
1520
1521 /* THIS RELEASES THE PFN LOCK! */
1522 break;
1523 }
1524
1525 /* No clustered faults yet */
1527 }
1528
1529 /* Did we resolve the fault? */
1530 if (ProcessedPtes)
1531 {
1532 /* Bump the transition count */
1534 ProcessedPtes--;
1535
1536 /* Loop all the processing we did */
1537 ASSERT(ProcessedPtes == 0);
1538
1539 /* Complete this as a transition fault */
1544 }
1545
1546 /* We did not -- PFN lock is still held, prepare to resolve prototype PTE fault */
1548 MiReferenceUsedPageAndBumpLockCount(OutPfn);
1550 ASSERT(PointerPte->u.Hard.Valid == 0);
1551
1552 /* Resolve the fault -- this will release the PFN lock */
1554 Address,
1555 PointerPte,
1556 PointerProtoPte,
1557 &OutPfn,
1558 NULL,
1559 NULL,
1560 Process,
1561 LockIrql,
1562 TrapInformation);
1563 //ASSERT(Status != STATUS_ISSUE_PAGING_IO);
1564 //ASSERT(Status != STATUS_REFAULT);
1565 //ASSERT(Status != STATUS_PTE_CHANGED);
1566
1567 /* Did the routine clean out the PFN or should we? */
1568 if (OutPfn)
1569 {
1570 /* We had a locked PFN, so acquire the PFN lock to dereference it */
1572 OldIrql = MiAcquirePfnLock();
1573
1574 /* Dereference the locked PFN */
1575 MiDereferencePfnAndDropLockCount(OutPfn);
1577
1578 /* And now release the lock */
1579 MiReleasePfnLock(OldIrql);
1580 }
1581
1582 /* Complete this as a transition fault */
1587 }
1588 }
1589
1590 /* Is this a transition PTE */
1592 {
1594 PKEVENT PreviousPageEvent;
1595 KEVENT CurrentPageEvent;
1596
1597 /* Lock the PFN database */
1598 LockIrql = MiAcquirePfnLock();
1599
1600 /* Resolve */
1601 Status = MiResolveTransitionFault(!MI_IS_NOT_PRESENT_FAULT(FaultCode), Address, PointerPte, Process, LockIrql, &InPageBlock);
1602
1604
1606 {
1607 /* Another thread is reading or writing this page. Put us into the waiting queue. */
1609 PreviousPageEvent = *InPageBlock;
1610 *InPageBlock = &CurrentPageEvent;
1611 }
1612
1613 /* And now release the lock and leave*/
1614 MiReleasePfnLock(LockIrql);
1615
1617 {
1619
1620 /* Let's the chain go on */
1621 if (PreviousPageEvent)
1622 {
1624 }
1625 }
1626
1631 }
1632
1633 /* Should we page the data back in ? */
1635 {
1636 /* Lock the PFN database */
1637 LockIrql = MiAcquirePfnLock();
1638
1639 /* Resolve */
1640 Status = MiResolvePageFileFault(!MI_IS_NOT_PRESENT_FAULT(FaultCode), Address, PointerPte, Process, &LockIrql);
1641
1642 /* And now release the lock and leave*/
1643 MiReleasePfnLock(LockIrql);
1644
1649 }
1650
1651 //
1652 // The PTE must be invalid but not completely empty. It must also not be a
1653 // prototype a transition or a paged-out PTE as those scenarii should've been handled above.
1654 // These are all Windows checks
1655 //
1661
1662 //
1663 // If we got this far, the PTE can only be a demand zero PTE, which is what
1664 // we want. Go handle it!
1665 //
1667 PointerPte,
1669 Process,
1670 MM_NOIRQL);
1673 {
1674#if MI_TRACE_PFNS
1675 /* Update debug info */
1676 if (TrapInformation)
1677 MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
1678 else
1680#endif
1681
1682 //
1683 // Make sure we're returning in a sane state and pass the status down
1684 //
1688 }
1689
1690 //
1691 // Return status
1692 //
1694}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
FORCEINLINE BOOLEAN MI_IS_PHYSICAL_ADDRESS(IN PVOID Address)
Definition: miarm.h:959
FORCEINLINE VOID MiReferenceUsedPageAndBumpLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1755
static NTSTATUS NTAPI MiResolveDemandZeroFault(IN PVOID Address, IN PMMPTE PointerPte, IN ULONG Protection, IN PEPROCESS Process, IN KIRQL OldIrql)
Definition: pagfault.c:599
static NTSTATUS NTAPI MiCompleteProtoPteFault(IN BOOLEAN StoreInstruction, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN KIRQL OldIrql, IN PMMPFN *LockedProtoPfn)
Definition: pagfault.c:775
static NTSTATUS NTAPI MiResolveTransitionFault(IN BOOLEAN StoreInstruction, IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN PEPROCESS CurrentProcess, IN KIRQL OldIrql, OUT PKEVENT **InPageBlock)
Definition: pagfault.c:992
static NTSTATUS NTAPI MiResolvePageFileFault(_In_ BOOLEAN StoreInstruction, _In_ PVOID FaultingAddress, _In_ PMMPTE PointerPte, _In_ PEPROCESS CurrentProcess, _Inout_ KIRQL *OldIrql)
Definition: pagfault.c:900
static NTSTATUS NTAPI MiResolveProtoPteFault(IN BOOLEAN StoreInstruction, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN OUT PMMPFN *OutPfn, OUT PVOID *PageFileData, OUT PMMPTE PteValue, IN PEPROCESS Process, IN KIRQL OldIrql, IN PVOID TrapInformation)
Definition: pagfault.c:1124
Definition: ketypes.h:811
Definition: ketypes.h:401
union _MMPFN::@1845 u4
struct _MMPFN::@1842::@1848 e2
Referenced by MmArmAccessFault().
◆ MiIsAccessAllowed()
| FORCEINLINE BOOLEAN MiIsAccessAllowed | ( | _In_ ULONG | ProtectionMask, |
| _In_ BOOLEAN | Write, | ||
| _In_ BOOLEAN | Execute | ||
| ) |
Definition at line 142 of file pagfault.c.
146{
147 #define _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7) \
148 (Bit0) | ((Bit1) << 1) | ((Bit2) << 2) | ((Bit3) << 3) | \
149 ((Bit4) << 4) | ((Bit5) << 5) | ((Bit6) << 6) | ((Bit7) << 7)
151 {
152 { // Protect 0 1 2 3 4 5 6 7
155 },
156 {
159 }
160 };
161
162 /* We want only the lower access bits */
163 ProtectionMask &= MM_PROTECT_ACCESS;
164
165 /* Look it up in the table */
167}
static INT Execute(LPTSTR Full, LPTSTR First, LPTSTR Rest, PARSED_COMMAND *Cmd)
Definition: cmd.c:347
#define _BYTE_MASK(Bit0, Bit1, Bit2, Bit3, Bit4, Bit5, Bit6, Bit7)
Referenced by MiAccessCheck().
◆ MiResolveDemandZeroFault()
|
static |
Definition at line 599 of file pagfault.c.
604{
605 PFN_NUMBER PageFrameNumber = 0;
609 PMMPFN Pfn1;
611 Address,
612 Process);
613
614 /* Must currently only be called by paging path */
616 {
617 /* Sanity check */
619
620 /* No forking yet */
622
623 /* Get process color */
626
627 /* We'll need a zero page */
628 NeedZero = TRUE;
629 }
630 else
631 {
632 /* Check if we need a zero page */
634
635 /* Session-backed image views must be zeroed */
639 {
640 NeedZero = TRUE;
641 }
642
643 /* Hardcode unknown color */
644 Color = 0xFFFFFFFF;
645 }
646
647 /* Check if the PFN database should be acquired */
649 {
650 /* Acquire it and remember we should release it after */
651 OldIrql = MiAcquirePfnLock();
652 HaveLock = TRUE;
653 }
654
655 /* We either manually locked the PFN DB, or already came with it locked */
656 MI_ASSERT_PFN_LOCK_HELD();
657 ASSERT(PointerPte->u.Hard.Valid == 0);
658
659 /* Assert we have enough pages */
660 //ASSERT(MmAvailablePages >= 32);
661
662#if MI_TRACE_PFNS
665#endif
669
670 /* Do we need a zero page? */
672 {
673 /* Try to get one, if we couldn't grab a free page and zero it */
675 if (!PageFrameNumber)
676 {
677 /* We'll need a free page and zero it manually */
679 NeedZero = TRUE;
680 }
681 else
682 {
683 /* Page guaranteed to be zero-filled */
684 NeedZero = FALSE;
685 }
686 }
687 else
688 {
689 /* Get a color, and see if we should grab a zero or non-zero page */
691 if (!NeedZero)
692 {
693 /* Process or system doesn't want a zero page, grab anything */
695 }
696 else
697 {
698 /* System wants a zero page, obtain one */
700 /* No need to zero-fill it */
701 NeedZero = FALSE;
702 }
703 }
704
705 if (PageFrameNumber == 0)
706 {
707 MiReleasePfnLock(OldIrql);
709 }
710
711 /* Initialize it */
713
714 /* Increment demand zero faults */
715 KeGetCurrentPrcb()->MmDemandZeroCount++;
716
717 /* Do we have the lock? */
718 if (HaveLock)
719 {
720 /* Release it */
721 MiReleasePfnLock(OldIrql);
722
723 /* Update performance counters */
725 }
726
727 /* Zero the page if need be */
729
730 /* Fault on user PDE, or fault on user PTE? */
732 {
733 /* User fault, build a user PTE */
735 PointerPte,
736 Protection,
737 PageFrameNumber);
738 }
739 else
740 {
741 /* This is a user-mode PDE, create a kernel PTE for it */
743 PointerPte,
744 Protection,
745 PageFrameNumber);
746 }
747
748 /* Set it dirty if it's a writable page */
750
751 /* Write it */
753
754 /* Did we manually acquire the lock */
755 if (HaveLock)
756 {
757 /* Get the PFN entry */
758 Pfn1 = MI_PFN_ELEMENT(PageFrameNumber);
759
760 /* Windows does these sanity checks */
763 }
764
765 //
766 // It's all good now
767 //
770}
VOID NTAPI MiInitializePfn(IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN BOOLEAN Modified)
Definition: pfnlist.c:970
FORCEINLINE PFN_NUMBER MiRemoveZeroPageSafe(IN ULONG Color)
Definition: miarm.h:2419
Definition: gdipluscolor.h:301
union _MMPFN::@1840 u1
Referenced by MiDispatchFault(), MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiResolvePageFileFault()
|
static |
Definition at line 900 of file pagfault.c.
905{
910 PMMPFN Pfn1;
914
915 /* Things we don't support yet */
918
920 MI_SET_PROCESS(CurrentProcess);
921
922 /* We must hold the PFN lock */
923 MI_ASSERT_PFN_LOCK_HELD();
924
925 /* Some sanity checks */
929
930 /* Get any page, it will be overwritten */
934 {
936 }
937
938 /* Initialize this PFN */
940
941 /* Sets the PFN as being in IO operation */
947
948 /* We must write the PTE now as the PFN lock will be released while performing the IO operation */
950
952
953 /* Release the PFN lock while we proceed */
954 MiReleasePfnLock(*OldIrql);
955
956 /* Do the paging IO */
958
959 /* Lock the PFN database again */
960 *OldIrql = MiAcquirePfnLock();
961
962 /* Nobody should have changed that while we were not looking */
965
967 {
968 /* Malheur! */
972 }
973
974 /* And the PTE can finally be valid */
977
979 /* Did someone start to wait on us while we proceeded ? */
981 {
982 /* Tell them we're done */
984 }
985
987}
FORCEINLINE VOID MI_MAKE_TRANSITION_PTE(_Out_ PMMPTE NewPte, _In_ PFN_NUMBER Page, _In_ ULONG Protection)
Definition: miarm.h:943
NTSTATUS NTAPI MiReadPageFile(_In_ PFN_NUMBER Page, _In_ ULONG PageFileIndex, _In_ ULONG_PTR PageFileOffset)
Definition: pagefile.c:211
Referenced by MiDispatchFault().
◆ MiResolveProtoPteFault()
|
static |
Definition at line 1124 of file pagfault.c.
1134{
1136 PMMPFN Pfn1;
1137 PFN_NUMBER PageFrameIndex;
1140 ULONG Protection;
1141
1142 /* Must be called with an invalid, prototype PTE, with the PFN lock held */
1143 MI_ASSERT_PFN_LOCK_HELD();
1144 ASSERT(PointerPte->u.Hard.Valid == 0);
1145 ASSERT(PointerPte->u.Soft.Prototype == 1);
1146
1147 /* Read the prototype PTE and check if it's valid */
1148 TempPte = *PointerProtoPte;
1150 {
1151 /* One more user of this mapped page */
1153 Pfn1 = MiGetPfnEntry(PageFrameIndex);
1155
1156 /* Call it a transition */
1158
1159 /* Complete the prototype PTE fault -- this will release the PFN lock */
1161 Address,
1162 PointerPte,
1163 PointerProtoPte,
1164 OldIrql,
1165 OutPfn);
1166 }
1167
1168 /* Make sure there's some protection mask */
1170 {
1171 /* Release the lock */
1173 MiReleasePfnLock(OldIrql);
1175 }
1176
1177 /* There is no such thing as a decommitted prototype PTE */
1179
1180 /* Check for access rights on the PTE proper */
1181 PteContents = *PointerPte;
1183 {
1185 {
1186 Protection = TempPte.u.Soft.Protection;
1187 }
1188 else
1189 {
1190 Protection = MM_READONLY;
1191 }
1192 /* Check for page acess in software */
1194 StoreInstruction,
1195 KernelMode,
1196 TempPte.u.Soft.Protection,
1197 TrapInformation,
1198 TRUE);
1200 }
1201 else
1202 {
1204 }
1205
1206 /* Check for writing copy on write page */
1208 {
1209 PFN_NUMBER PageFrameIndex, ProtoPageFrameIndex;
1211
1212 /* Resolve the proto fault as if it was a read operation */
1214 Address,
1215 PointerPte,
1216 PointerProtoPte,
1217 OutPfn,
1218 PageFileData,
1219 PteValue,
1220 Process,
1221 OldIrql,
1222 TrapInformation);
1223
1225 {
1227 }
1228
1229 /* Lock again the PFN lock, MiResolveProtoPteFault unlocked it */
1230 OldIrql = MiAcquirePfnLock();
1231
1232 /* And re-read the proto PTE */
1233 TempPte = *PointerProtoPte;
1236
1239
1240 /* Get a new page for the private copy */
1243 else
1245
1247 if (PageFrameIndex == 0)
1248 {
1249 MiReleasePfnLock(OldIrql);
1251 }
1252
1253 /* Perform the copy */
1254 MiCopyPfn(PageFrameIndex, ProtoPageFrameIndex);
1255
1256 /* This will drop everything MiResolveProtoPteFault referenced */
1258
1259 /* Because now we use this */
1260 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
1262
1263 /* Fix the protection */
1264 Protection &= ~MM_WRITECOPY;
1265 Protection |= MM_READWRITE;
1267 {
1268 /* Build the user PTE */
1269 MI_MAKE_HARDWARE_PTE_USER(&PteContents, PointerPte, Protection, PageFrameIndex);
1270 }
1271 else
1272 {
1273 /* Build the kernel PTE */
1274 MI_MAKE_HARDWARE_PTE(&PteContents, PointerPte, Protection, PageFrameIndex);
1275 }
1276
1277 /* And finally, write the valid PTE */
1278 MI_WRITE_VALID_PTE(PointerPte, PteContents);
1279
1280 /* The caller expects us to release the PFN lock */
1281 MiReleasePfnLock(OldIrql);
1283 }
1284
1285 /* Check for clone PTEs */
1287
1288 /* We don't support mapped files yet */
1290
1291 /* We might however have transition PTEs */
1293 {
1294 /* Resolve the transition fault */
1297 Address,
1298 PointerProtoPte,
1299 Process,
1300 OldIrql,
1301 &InPageBlock);
1303 }
1304 else
1305 {
1306 /* We also don't support paged out pages */
1308
1309 /* Resolve the demand zero fault */
1311 PointerProtoPte,
1313 Process,
1314 OldIrql);
1315#if MI_TRACE_PFNS
1316 /* Update debug info */
1317 if (TrapInformation)
1318 MiGetPfnEntry(PointerProtoPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
1319 else
1321#endif
1322
1324 }
1325
1326 /* Complete the prototype PTE fault -- this will release the PFN lock */
1327 ASSERT(PointerPte->u.Hard.Valid == 0);
1329 Address,
1330 PointerPte,
1331 PointerProtoPte,
1332 OldIrql,
1333 OutPfn);
1334}
VOID NTAPI MiDeletePte(IN PMMPTE PointerPte, IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess, IN PMMPTE PrototypePte)
Definition: virtual.c:369
VOID NTAPI MiCopyPfn(_In_ PFN_NUMBER DestPage, _In_ PFN_NUMBER SrcPage)
Definition: pagfault.c:533
static NTSTATUS NTAPI MiAccessCheck(IN PMMPTE PointerPte, IN BOOLEAN StoreInstruction, IN KPROCESSOR_MODE PreviousMode, IN ULONG_PTR ProtectionMask, IN PVOID TrapFrame, IN BOOLEAN LockHeld)
Definition: pagfault.c:172
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiResolveTransitionFault()
|
static |
Definition at line 992 of file pagfault.c.
998{
999 PFN_NUMBER PageFrameIndex;
1000 PMMPFN Pfn1;
1002 PMMPTE PointerToPteForProtoPage;
1004 FaultingAddress, PointerPte, CurrentProcess->ImageFileName);
1005
1006 /* Windowss does this check */
1008
1009 /* ARM3 doesn't support this path */
1011
1012 /* Capture the PTE and make sure it's in transition format */
1013 TempPte = *PointerPte;
1015 (TempPte.u.Soft.Prototype == 0) &&
1016 (TempPte.u.Soft.Transition == 1));
1017
1018 /* Get the PFN and the PFN entry */
1021 Pfn1 = MiGetPfnEntry(PageFrameIndex);
1022
1023 /* One more transition fault! */
1025
1026 /* This is from ARM3 -- Windows normally handles this here */
1028
1029 /* See if we should wait before terminating the fault */
1032 {
1036 {
1038 /* The PTE will be made valid by the thread serving the fault */
1040 }
1041 }
1042
1043 /* Windows checks there's some free pages and this isn't an in-page error */
1046
1047 /* ReactOS checks for this */
1049
1050 /* Was this a transition page in the valid list, or free/zero list? */
1052 {
1053 /* All Windows does here is a bunch of sanity checks */
1059 }
1060 else
1061 {
1062 /* Otherwise, the page is removed from its list */
1064 MiUnlinkPageFromList(Pfn1);
1065 MiReferenceUnusedPageAndBumpLockCount(Pfn1);
1066 }
1067
1068 /* At this point, there should no longer be any in-page errors */
1070
1071 /* Check if this was a PFN with no more share references */
1073
1074 /* Bump the share count and make the page valid */
1077
1078 /* Prototype PTEs are in paged pool, which itself might be in transition */
1080 {
1081 /* Check if this is a paged pool PTE in transition state */
1082 PointerToPteForProtoPage = MiAddressToPte(PointerPte);
1083 TempPte = *PointerToPteForProtoPage;
1085 {
1086 /* This isn't yet supported */
1089 }
1090 }
1091
1092 /* Build the final PTE */
1093 ASSERT(PointerPte->u.Hard.Valid == 0);
1094 ASSERT(PointerPte->u.Trans.Prototype == 0);
1095 ASSERT(PointerPte->u.Trans.Transition == 1);
1096 TempPte.u.Long = (PointerPte->u.Long & ~0xFFF) |
1097 (MmProtectToPteMask[PointerPte->u.Trans.Protection]) |
1098 MiDetermineUserGlobalPteMask(PointerPte);
1099
1100 /* Is the PTE writeable? */
1104 {
1105 /* Make it dirty */
1107 }
1108 else
1109 {
1110 /* Make it clean */
1112 }
1113
1114 /* Write the valid PTE */
1116
1117 /* Return success */
1119}
FORCEINLINE VOID MiReferenceUnusedPageAndBumpLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1800
FORCEINLINE ULONG_PTR MiDetermineUserGlobalPteMask(IN PVOID PointerPte)
Definition: miarm.h:750
Referenced by MiDispatchFault(), and MiResolveProtoPteFault().
◆ MiZeroPfn()
| VOID NTAPI MiZeroPfn | ( | IN PFN_NUMBER | PageFrameNumber | ) |
Definition at line 487 of file pagfault.c.
488{
489 PMMPTE ZeroPte;
491 PMMPFN Pfn1;
492 PVOID ZeroAddress;
493
494 /* Get the PFN for this page */
495 Pfn1 = MiGetPfnEntry(PageFrameNumber);
496 ASSERT(Pfn1);
497
498 /* Grab a system PTE we can use to zero the page */
500 ASSERT(ZeroPte);
501
502 /* Initialize the PTE for it */
505
506 /* Setup caching */
508 {
509 /* Write combining, no caching */
512 }
514 {
515 /* Write through, no caching */
518 }
519
520 /* Make the system PTE valid with our PFN */
522
523 /* Get the address it maps to, and zero it out */
524 ZeroAddress = MiPteToAddress(ZeroPte);
526
527 /* Now get rid of it */
529}
Referenced by MiResolveDemandZeroFault(), and MmArmAccessFault().
◆ MmArmAccessFault()
| NTSTATUS NTAPI MmArmAccessFault | ( | IN ULONG | FaultCode, |
| IN PVOID | Address, | ||
| IN KPROCESSOR_MODE | Mode, | ||
| IN PVOID | TrapInformation | ||
| ) |
Definition at line 1698 of file pagfault.c.
1702{
1707#if (_MI_PAGING_LEVELS >= 3)
1709#if (_MI_PAGING_LEVELS == 4)
1711#endif
1712#endif
1714 PETHREAD CurrentThread;
1715 PEPROCESS CurrentProcess;
1717 PMMSUPPORT WorkingSet;
1718 ULONG ProtectionCode;
1720 PFN_NUMBER PageFrameIndex;
1722 BOOLEAN IsSessionAddress;
1723 PMMPFN Pfn1;
1725
1726 /* Check for page fault on high IRQL */
1728 {
1729#if (_MI_PAGING_LEVELS < 3)
1730 /* Could be a page table for paged pool, which we'll allow */
1733#endif
1734 /* Check if any of the top-level pages are invalid */
1735 if (
1738#endif
1741#endif
1744 {
1745 /* This fault is not valid, print out some debugging help */
1747 Address,
1748 OldIrql);
1749 if (TrapInformation)
1750 {
1751 PKTRAP_FRAME TrapFrame = TrapInformation;
1752#ifdef _M_IX86
1756#elif defined(_M_AMD64)
1760#elif defined(_M_ARM)
1762 DbgPrint("MM:***R0 %p, R1 %p R2 %p, R3 %p\n", TrapFrame->R0, TrapFrame->R1, TrapFrame->R2, TrapFrame->R3);
1763 DbgPrint("MM:***R11 %p, R12 %p SP %p, LR %p\n", TrapFrame->R11, TrapFrame->R12, TrapFrame->Sp, TrapFrame->Lr);
1764#endif
1765 }
1766
1767 /* Tell the trap handler to fail */
1769 }
1770
1771 /* Not yet implemented in ReactOS */
1773 ASSERT((!MI_IS_NOT_PRESENT_FAULT(FaultCode) && MI_IS_PAGE_COPY_ON_WRITE(PointerPte)) == FALSE);
1774
1775 /* Check if this was a write */
1777 {
1778 /* Was it to a read-only page? */
1782 {
1783 /* Crash with distinguished bugcheck code */
1784 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1787 (ULONG_PTR)TrapInformation,
1788 10);
1789 }
1790 }
1791
1792 /* Nothing is actually wrong */
1795 }
1796
1797 /* Check for kernel fault address */
1799 {
1800 /* Bail out, if the fault came from user mode */
1802
1803#if (_MI_PAGING_LEVELS == 2)
1806#endif
1807
1808 /* Check if the higher page table entries are invalid */
1809 if (
1811 /* AMD64 system, check if PXE is invalid */
1813#endif
1815 /* PAE/AMD64 system, check if PPE is invalid */
1817#endif
1818 /* Always check if the PDE is valid */
1820 {
1821 /* PXE/PPE/PDE (still) not valid, kill the system */
1822 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
1824 FaultCode,
1825 (ULONG_PTR)TrapInformation,
1826 2);
1827 }
1828
1829 /* Not handling session faults yet */
1831
1832 /* The PDE is valid, so read the PTE */
1833 TempPte = *PointerPte;
1835 {
1836 /* Check if this was system space or session space */
1837 if (!IsSessionAddress)
1838 {
1839 /* Check if the PTE is still valid under PFN lock */
1840 OldIrql = MiAcquirePfnLock();
1841 TempPte = *PointerPte;
1843 {
1844 /* Check if this was a write */
1846 {
1847 /* Was it to a read-only page? */
1851 {
1852 /* Crash with distinguished bugcheck code */
1853 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1856 (ULONG_PTR)TrapInformation,
1857 11);
1858 }
1859 }
1860
1861 /* Check for execution of non-executable memory */
1864 {
1865 KeBugCheckEx(ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY,
1868 (ULONG_PTR)TrapInformation,
1869 1);
1870 }
1871 }
1872
1873 /* Release PFN lock and return all good */
1874 MiReleasePfnLock(OldIrql);
1876 }
1877 }
1878#if (_MI_PAGING_LEVELS == 2)
1879 /* Check if this was a session PTE that needs to remap the session PDE */
1881 {
1882 /* Do the remapping */
1885 {
1886 /* It failed, this address is invalid */
1887 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
1889 FaultCode,
1890 (ULONG_PTR)TrapInformation,
1891 6);
1892 }
1893 }
1894#else
1895
1897
1898#endif
1899
1900 /* Check for a fault on the page table or hyperspace */
1902 {
1903#if (_MI_PAGING_LEVELS < 3)
1904 /* Windows does this check but I don't understand why -- it's done above! */
1906#endif
1907 /* Handle this as a user mode fault */
1908 goto UserFault;
1909 }
1910
1911 /* Get the current thread */
1912 CurrentThread = PsGetCurrentThread();
1913
1914 /* What kind of address is this */
1915 if (!IsSessionAddress)
1916 {
1917 /* Use the system working set */
1918 WorkingSet = &MmSystemCacheWs;
1919 CurrentProcess = NULL;
1920
1921 /* Make sure we don't have a recursive working set lock */
1923 (CurrentThread->OwnsProcessWorkingSetShared) ||
1924 (CurrentThread->OwnsSystemWorkingSetExclusive) ||
1925 (CurrentThread->OwnsSystemWorkingSetShared) ||
1926 (CurrentThread->OwnsSessionWorkingSetExclusive) ||
1927 (CurrentThread->OwnsSessionWorkingSetShared))
1928 {
1929 /* Fail */
1931 }
1932 }
1933 else
1934 {
1935 /* Use the session process and working set */
1936 CurrentProcess = HYDRA_PROCESS;
1938
1939 /* Make sure we don't have a recursive working set lock */
1941 (CurrentThread->OwnsSessionWorkingSetShared))
1942 {
1943 /* Fail */
1945 }
1946 }
1947RetryKernel:
1948 /* Acquire the working set lock */
1950 MiLockWorkingSet(CurrentThread, WorkingSet);
1951
1952 /* Re-read PTE now that we own the lock */
1953 TempPte = *PointerPte;
1955 {
1956 /* Check if this was a write */
1958 {
1959 /* Was it to a read-only page that is not copy on write? */
1964 {
1965 /* Case not yet handled */
1966 ASSERT(!IsSessionAddress);
1967
1968 /* Crash with distinguished bugcheck code */
1969 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
1971 TempPte.u.Long,
1972 (ULONG_PTR)TrapInformation,
1973 12);
1974 }
1975 }
1976
1977 /* Check for execution of non-executable memory */
1980 {
1981 KeBugCheckEx(ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY,
1984 (ULONG_PTR)TrapInformation,
1985 2);
1986 }
1987
1988 /* Check for read-only write in session space */
1989 if ((IsSessionAddress) &&
1990 MI_IS_WRITE_ACCESS(FaultCode) &&
1992 {
1993 /* Sanity check */
1995
1996 /* Was this COW? */
1998 {
1999 /* Then this is not allowed */
2000 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
2003 (ULONG_PTR)TrapInformation,
2004 13);
2005 }
2006
2007 /* Otherwise, handle COW */
2009 }
2010
2011 /* Release the working set */
2012 MiUnlockWorkingSet(CurrentThread, WorkingSet);
2013 KeLowerIrql(LockIrql);
2014
2015 /* Otherwise, the PDE was probably invalid, and all is good now */
2017 }
2018
2019 /* Check one kind of prototype PTE */
2021 {
2022 /* Make sure protected pool is on, and that this is a pool address */
2026 MmSizeOfNonPagedPoolInBytes))) ||
2029 {
2030 /* Bad boy, bad boy, whatcha gonna do, whatcha gonna do when ARM3 comes for you! */
2031 KeBugCheckEx(DRIVER_CAUGHT_MODIFYING_FREED_POOL,
2033 FaultCode,
2034 Mode,
2035 4);
2036 }
2037
2038 /* Get the prototype PTE! */
2040
2041 /* Do we need to locate the prototype PTE in session space? */
2042 if ((IsSessionAddress) &&
2044 {
2045 /* Yep, go find it as well as the VAD for it */
2047 &ProtectionCode,
2048 &Vad);
2050 }
2051 }
2052 else
2053 {
2054 /* We don't implement transition PTEs */
2056
2057 /* Check for no-access PTE */
2059 {
2060 /* Bugcheck the system! */
2061 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
2063 FaultCode,
2064 (ULONG_PTR)TrapInformation,
2065 1);
2066 }
2067
2068 /* Check for no protecton at all */
2070 {
2071 /* Bugcheck the system! */
2072 KeBugCheckEx(PAGE_FAULT_IN_NONPAGED_AREA,
2074 FaultCode,
2075 (ULONG_PTR)TrapInformation,
2076 0);
2077 }
2078 }
2079
2080 /* Check for demand page */
2082 !(ProtoPte) &&
2083 !(IsSessionAddress) &&
2085 {
2086 /* Get the protection code */
2089 {
2090 /* Bugcheck the system! */
2091 KeBugCheckEx(ATTEMPTED_WRITE_TO_READONLY_MEMORY,
2093 TempPte.u.Long,
2094 (ULONG_PTR)TrapInformation,
2095 14);
2096 }
2097 }
2098
2099 /* Now do the real fault handling */
2101 Address,
2102 PointerPte,
2103 ProtoPte,
2104 FALSE,
2105 CurrentProcess,
2106 TrapInformation,
2107 NULL);
2108
2109 /* Release the working set */
2111 MiUnlockWorkingSet(CurrentThread, WorkingSet);
2112 KeLowerIrql(LockIrql);
2113
2115 {
2117 goto RetryKernel;
2118 }
2119
2120 /* We are done! */
2123 }
2124
2125 /* This is a user fault */
2126UserFault:
2127 CurrentThread = PsGetCurrentThread();
2129
2130 /* Lock the working set */
2131 MiLockProcessWorkingSet(CurrentProcess, CurrentThread);
2132
2133 ProtectionCode = MM_INVALID_PROTECTION;
2134
2135#if (_MI_PAGING_LEVELS == 4)
2136 /* Check if the PXE is valid */
2138 {
2139 /* Right now, we only handle scenarios where the PXE is totally empty */
2141
2142 /* This is only possible for user mode addresses! */
2144
2145 /* Check if we have a VAD */
2148 {
2149 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2151 }
2152
2153 /* Resolve a demand zero fault */
2155 PointerPxe,
2156 MM_EXECUTE_READWRITE,
2157 CurrentProcess,
2158 MM_NOIRQL);
2160 {
2161 goto ExitUser;
2162 }
2163
2164 /* We should come back with a valid PXE */
2166 }
2167#endif
2168
2169#if (_MI_PAGING_LEVELS >= 3)
2170 /* Check if the PPE is valid */
2172 {
2173 /* Right now, we only handle scenarios where the PPE is totally empty */
2175
2176 /* This is only possible for user mode addresses! */
2178
2179 /* Check if we have a VAD, unless we did this already */
2181 {
2183 }
2184
2186 {
2187 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2189 }
2190
2191 /* Resolve a demand zero fault */
2193 PointerPpe,
2194 MM_EXECUTE_READWRITE,
2195 CurrentProcess,
2196 MM_NOIRQL);
2198 {
2199 goto ExitUser;
2200 }
2201
2202 /* We should come back with a valid PPE */
2204 MiIncrementPageTableReferences(PointerPde);
2205 }
2206#endif
2207
2208 /* Check if the PDE is invalid */
2210 {
2211 /* Right now, we only handle scenarios where the PDE is totally empty */
2213
2214 /* And go dispatch the fault on the PDE. This should handle the demand-zero */
2215#if MI_TRACE_PFNS
2216 UserPdeFault = TRUE;
2217#endif
2218 /* Check if we have a VAD, unless we did this already */
2220 {
2222 }
2223
2225 {
2226#if (_MI_PAGING_LEVELS == 2)
2227 /* Could be a page table for paged pool */
2229#endif
2230 /* Has the code above changed anything -- is this now a valid PTE? */
2232
2233 /* Either this was a bogus VA or we've fixed up a paged pool PDE */
2234 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2236 }
2237
2238 /* Resolve a demand zero fault */
2240 PointerPde,
2241 MM_EXECUTE_READWRITE,
2242 CurrentProcess,
2243 MM_NOIRQL);
2245 {
2246 goto ExitUser;
2247 }
2248
2249#if _MI_PAGING_LEVELS >= 3
2250 MiIncrementPageTableReferences(PointerPte);
2251#endif
2252
2253#if MI_TRACE_PFNS
2254 UserPdeFault = FALSE;
2255 /* Update debug info */
2256 if (TrapInformation)
2257 MiGetPfnEntry(PointerPde->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
2258 else
2260#endif
2261 /* We should come back with APCs enabled, and with a valid PDE */
2264 }
2265 else
2266 {
2267 /* Not yet implemented in ReactOS */
2269 }
2270
2271 /* Now capture the PTE. */
2272 TempPte = *PointerPte;
2273
2274 /* Check if the PTE is valid */
2276 {
2277 /* Check if this is a write on a readonly PTE */
2279 {
2280 /* Is this a copy on write PTE? */
2282 {
2283 PFN_NUMBER PageFrameIndex, OldPageFrameIndex;
2284 PMMPFN Pfn1;
2285
2286 LockIrql = MiAcquirePfnLock();
2287
2289
2291 MI_SET_PROCESS(CurrentProcess);
2292
2293 /* Allocate a new page and copy it */
2295 if (PageFrameIndex == 0)
2296 {
2297 MiReleasePfnLock(LockIrql);
2299 goto ExitUser;
2300 }
2302
2303 MiCopyPfn(PageFrameIndex, OldPageFrameIndex);
2304
2305 /* Dereference whatever this PTE is referencing */
2306 Pfn1 = MI_PFN_ELEMENT(OldPageFrameIndex);
2309 ProtoPte = Pfn1->PteAddress;
2311
2312 /* And make a new shiny one with our page */
2315 TempPte.u.Hard.Write = 1;
2316 TempPte.u.Hard.CopyOnWrite = 0;
2317
2319
2320 MiReleasePfnLock(LockIrql);
2321
2322 /* Return the status */
2323 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2325 }
2326
2327 /* Is this a read-only PTE? */
2329 {
2330 /* Return the status */
2331 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2333 }
2334 }
2335
2336#if _MI_HAS_NO_EXECUTE
2337 /* Check for execution of non-executable memory */
2340 {
2341 /* Check if execute enable was set */
2343 {
2344 /* Fix up the PTE to be executable */
2347 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2349 }
2350
2351 /* Return the status */
2352 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2354 }
2355#endif
2356
2357 /* The fault has already been resolved by a different thread */
2358 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2360 }
2361
2362 /* Quick check for demand-zero */
2365 {
2366 /* Resolve the fault */
2368 PointerPte,
2369 TempPte.u.Soft.Protection,
2370 CurrentProcess,
2371 MM_NOIRQL);
2373 {
2374 goto ExitUser;
2375 }
2376
2377#if MI_TRACE_PFNS
2378 /* Update debug info */
2379 if (TrapInformation)
2380 MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber)->CallSite = (PVOID)((PKTRAP_FRAME)TrapInformation)->Eip;
2381 else
2383#endif
2384
2385 /* Return the status */
2386 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2388 }
2389
2390 /* Check for zero PTE */
2392 {
2393 /* Check if this address range belongs to a valid allocation (VAD) */
2396 {
2397#if (_MI_PAGING_LEVELS == 2)
2398 /* Could be a page table for paged pool */
2400#endif
2401 /* Has the code above changed anything -- is this now a valid PTE? */
2403
2404 /* Either this was a bogus VA or we've fixed up a paged pool PDE */
2405 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2407 }
2408
2409 /*
2410 * Check if this is a real user-mode address or actually a kernel-mode
2411 * page table for a user mode address
2412 */
2418#endif
2419#endif
2420 )
2421 {
2422 /* Add an additional page table reference */
2424 }
2425
2426 /* Is this a guard page? */
2428 {
2429 /* The VAD protection cannot be MM_DECOMMIT! */
2431
2432 /* Remove the bit */
2433 TempPte.u.Soft.Protection = ProtectionCode & ~MM_GUARDPAGE;
2435
2436 /* Not supported */
2438 ASSERT(CurrentThread->ApcNeeded == 0);
2439
2440 /* Drop the working set lock */
2441 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2443
2444 /* Handle stack expansion */
2446 }
2447
2448 /* Did we get a prototype PTE back? */
2449 if (!ProtoPte)
2450 {
2451 /* Is this PTE actually part of the PDE-PTE self-mapping directory? */
2453 {
2454 /* Then it's really a demand-zero PDE (on behalf of user-mode) */
2455#ifdef _M_ARM
2458#else
2460#endif
2461 }
2462 else
2463 {
2464 /* No, create a new PTE. First, write the protection */
2465 TempPte.u.Soft.Protection = ProtectionCode;
2467 }
2468
2469 /* Lock the PFN database since we're going to grab a page */
2470 OldIrql = MiAcquirePfnLock();
2471
2472 /* Make sure we have enough pages */
2473 //ASSERT(MmAvailablePages >= 32);
2474
2475 /* Try to get a zero page */
2480 if (!PageFrameIndex)
2481 {
2482 /* Grab a page out of there. Later we should grab a colored zero page */
2484
2485 /* Release the lock since we need to do some zeroing */
2486 MiReleasePfnLock(OldIrql);
2487
2488 if (PageFrameIndex == 0)
2489 {
2491 goto ExitUser;
2492 }
2493
2494 /* Zero out the page, since it's for user-mode */
2495 MiZeroPfn(PageFrameIndex);
2496
2497 /* Grab the lock again so we can initialize the PFN entry */
2498 OldIrql = MiAcquirePfnLock();
2499 }
2500
2501 /* Initialize the PFN entry now */
2502 MiInitializePfn(PageFrameIndex, PointerPte, 1);
2503
2504 /* Increment the count of pages in the process */
2505 CurrentProcess->NumberOfPrivatePages++;
2506
2507 /* One more demand-zero fault */
2508 KeGetCurrentPrcb()->MmDemandZeroCount++;
2509
2510 /* And we're done with the lock */
2511 MiReleasePfnLock(OldIrql);
2512
2513 /* Fault on user PDE, or fault on user PTE? */
2515 {
2516 /* User fault, build a user PTE */
2518 PointerPte,
2520 PageFrameIndex);
2521 }
2522 else
2523 {
2524 /* This is a user-mode PDE, create a kernel PTE for it */
2526 PointerPte,
2528 PageFrameIndex);
2529 }
2530
2531 /* Write the dirty bit for writeable pages */
2533
2534 /* And now write down the PTE, making the address valid */
2536 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);
2538
2539 /* Demand zero */
2541 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2543 }
2544
2545 /* We should have a valid protection here */
2546 ASSERT(ProtectionCode != 0x100);
2547
2548 /* Write the prototype PTE */
2550 TempPte.u.Soft.Protection = ProtectionCode;
2553 }
2554 else
2555 {
2556 /* Get the protection code and check if this is a proto PTE */
2559 {
2560 /* Do we need to go find the real PTE? */
2562 {
2563 /* Get the prototype pte and VAD for it */
2565 &ProtectionCode,
2566 &Vad);
2567 if (!ProtoPte)
2568 {
2570 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2572 }
2573 }
2574 else
2575 {
2576 /* Get the prototype PTE! */
2578
2579 /* Is it read-only */
2581 {
2582 /* Set read-only code */
2583 ProtectionCode = MM_READONLY;
2584 }
2585 else
2586 {
2587 /* Set unknown protection */
2588 ProtectionCode = 0x100;
2590 }
2591 }
2592 }
2593 }
2594
2595 /* Do we have a valid protection code? */
2596 if (ProtectionCode != 0x100)
2597 {
2598 /* Run a software access check first, including to detect guard pages */
2600 !MI_IS_NOT_PRESENT_FAULT(FaultCode),
2601 Mode,
2602 ProtectionCode,
2603 TrapInformation,
2604 FALSE);
2606 {
2607 /* Not supported */
2608 ASSERT(CurrentThread->ApcNeeded == 0);
2609
2610 /* Drop the working set lock */
2611 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2613
2614 /* Did we hit a guard page? */
2616 {
2617 /* Handle stack expansion */
2619 }
2620
2621 /* Otherwise, fail back to the caller directly */
2623 }
2624 }
2625
2626 /* Dispatch the fault */
2628 Address,
2629 PointerPte,
2630 ProtoPte,
2631 FALSE,
2632 CurrentProcess,
2633 TrapInformation,
2634 Vad);
2635
2636ExitUser:
2637
2638 /* Return the status */
2640 MiUnlockProcessWorkingSet(CurrentProcess, CurrentThread);
2641
2643 {
2645 goto UserFault;
2646 }
2647
2649}
#define MI_IS_SYSTEM_PAGE_TABLE_ADDRESS(Address)
Definition: miarm.h:194
FORCEINLINE VOID MiLockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1278
FORCEINLINE VOID MiUnlockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1207
FORCEINLINE VOID MiUnlockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1364
FORCEINLINE VOID MI_WRITE_INVALID_PDE(IN PMMPDE PointerPde, IN MMPDE InvalidPde)
Definition: miarm.h:1048
FORCEINLINE VOID MI_UPDATE_VALID_PTE(IN PMMPTE PointerPte, IN MMPTE TempPte)
Definition: miarm.h:991
#define MI_IS_PAGE_TABLE_OR_HYPER_ADDRESS(Address)
Definition: miarm.h:197
FORCEINLINE USHORT MiIncrementPageTableReferences(IN PVOID Address)
Definition: miarm.h:2485
FORCEINLINE VOID MiLockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1137
static PMMPTE NTAPI MiCheckVirtualAddress(IN PVOID VirtualAddress, OUT PULONG ProtectCode, OUT PMMVAD *ProtoVad)
Definition: pagfault.c:241
VOID NTAPI MmRebalanceMemoryConsumersAndWait(VOID)
Definition: balance.c:300
NTSTATUS FASTCALL MiCheckPdeForPagedPool(IN PVOID Address)
Definition: pagfault.c:479
static NTSTATUS NTAPI MiCheckForUserStackOverflow(IN PVOID Address, IN PVOID TrapInformation)
Definition: pagfault.c:34
NTSTATUS NTAPI MiDispatchFault(IN ULONG FaultCode, IN PVOID Address, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN BOOLEAN Recursive, IN PEPROCESS Process, IN PVOID TrapInformation, IN PMMVAD Vad)
Definition: pagfault.c:1338
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
Definition: pstypes.h:1262
ULONG OwnsSessionWorkingSetExclusive
Definition: pstypes.h:1226
ULONG OwnsProcessWorkingSetExclusive
Definition: pstypes.h:1222
ULONG OwnsSystemWorkingSetExclusive
Definition: pstypes.h:1224
Definition: mmtypes.h:923
struct _MM_SESSION_SPACE * GlobalVirtualAddress
Definition: miarm.h:484
Referenced by MmAccessFault().
◆ MmGetExecuteOptions()
Definition at line 2653 of file pagfault.c.
2654{
2657
2658 *ExecuteOptions = 0;
2659
2661 {
2662 *ExecuteOptions |= MEM_EXECUTE_OPTION_DISABLE;
2663 }
2664
2666 {
2667 *ExecuteOptions |= MEM_EXECUTE_OPTION_ENABLE;
2668 }
2669
2671 {
2672 *ExecuteOptions |= MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION;
2673 }
2674
2676 {
2677 *ExecuteOptions |= MEM_EXECUTE_OPTION_PERMANENT;
2678 }
2679
2681 {
2682 *ExecuteOptions |= MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE;
2683 }
2684
2686 {
2687 *ExecuteOptions |= MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE;
2688 }
2689
2691}
#define MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE
Definition: mmtypes.h:77
#define MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE
Definition: mmtypes.h:78
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION
Definition: mmtypes.h:75
Definition: ketypes.h:2083
Referenced by NtQueryInformationProcess().
◆ MmRebalanceMemoryConsumersAndWait()
Definition at line 300 of file balance.c.
301{
305
307 MmRebalanceMemoryConsumers();
309}
FORCEINLINE BOOLEAN MM_ANY_WS_LOCK_HELD(IN PETHREAD Thread)
Definition: miarm.h:1065
Referenced by MmArmAccessFault().
◆ MmSetExecuteOptions()
Definition at line 2695 of file pagfault.c.
2696{
2698 KLOCK_QUEUE_HANDLE ProcessLock;
2701
2702 /* Only accept valid flags */
2704 {
2705 /* Fail */
2708 }
2709
2710 /* Change the NX state in the process lock */
2711 KiAcquireProcessLockRaiseToSynch(CurrentProcess, &ProcessLock);
2712
2713 /* Don't change anything if the permanent flag was set */
2715 {
2716 /* Start by assuming it's not disabled */
2718
2719 /* Now process each flag and turn the equivalent bit on */
2721 {
2723 }
2725 {
2727 }
2729 {
2731 }
2733 {
2735 }
2737 {
2739 }
2741 {
2743 }
2744
2745 /* These are turned on by default if no-execution is also enabled */
2747 {
2750 }
2751
2752 /* All good */
2754 }
2755
2756 /* Release the lock and return status */
2757 KiReleaseProcessLock(&ProcessLock);
2759}
FORCEINLINE VOID KiReleaseProcessLock(IN PKLOCK_QUEUE_HANDLE Handle)
Definition: ke_x.h:660
FORCEINLINE VOID KiAcquireProcessLockRaiseToSynch(IN PKPROCESS Process, IN PKLOCK_QUEUE_HANDLE Handle)
Definition: ke_x.h:651
Definition: ketypes.h:626
Referenced by NtSetInformationProcess().
