section.c

Go to the documentation of this file.

/*
 * PROJECT:         ReactOS Kernel
 * LICENSE:         BSD - See COPYING.ARM in the top level directory
 * FILE:            ntoskrnl/mm/ARM3/section.c
 * PURPOSE:         ARM Memory Manager Section Support
 * PROGRAMMERS:     ReactOS Portable Systems Group
 */

/* INCLUDES *******************************************************************/

#include <ntoskrnl.h>
#include <ntintsafe.h>
#define NDEBUG
#include <debug.h>

#define MODULE_INVOLVED_IN_ARM3
#include <mm/ARM3/miarm.h>

/* GLOBALS ********************************************************************/

ACCESS_MASK MmMakeSectionAccess[8] =
{
    SECTION_MAP_READ,
    SECTION_MAP_READ,
    SECTION_MAP_EXECUTE,
    SECTION_MAP_EXECUTE | SECTION_MAP_READ,
    SECTION_MAP_WRITE,
    SECTION_MAP_READ,
    SECTION_MAP_EXECUTE | SECTION_MAP_WRITE,
    SECTION_MAP_EXECUTE | SECTION_MAP_READ
};

ACCESS_MASK MmMakeFileAccess[8] =
{
    FILE_READ_DATA,
    FILE_READ_DATA,
    FILE_EXECUTE,
    FILE_EXECUTE | FILE_READ_DATA,
    FILE_WRITE_DATA | FILE_READ_DATA,
    FILE_READ_DATA,
    FILE_EXECUTE | FILE_WRITE_DATA | FILE_READ_DATA,
    FILE_EXECUTE | FILE_READ_DATA
};

CHAR MmUserProtectionToMask1[16] =
{
    0,
    MM_NOACCESS,
    MM_READONLY,
    (CHAR)MM_INVALID_PROTECTION,
    MM_READWRITE,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    MM_WRITECOPY,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION
};

CHAR MmUserProtectionToMask2[16] =
{
    0,
    MM_EXECUTE,
    MM_EXECUTE_READ,
    (CHAR)MM_INVALID_PROTECTION,
    MM_EXECUTE_READWRITE,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    MM_EXECUTE_WRITECOPY,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION,
    (CHAR)MM_INVALID_PROTECTION
};

ULONG MmCompatibleProtectionMask[8] =
{
    PAGE_NOACCESS,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY,

    PAGE_NOACCESS | PAGE_EXECUTE,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY | PAGE_EXECUTE |
    PAGE_EXECUTE_READ,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY | PAGE_READWRITE,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY | PAGE_READWRITE |
    PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE |
    PAGE_EXECUTE_WRITECOPY,

    PAGE_NOACCESS | PAGE_READONLY | PAGE_WRITECOPY | PAGE_EXECUTE |
    PAGE_EXECUTE_READ | PAGE_EXECUTE_WRITECOPY
};

MMSESSION MmSession;
KGUARDED_MUTEX MmSectionCommitMutex;
MM_AVL_TABLE MmSectionBasedRoot;
KGUARDED_MUTEX MmSectionBasedMutex;
PVOID MmHighSectionBase;

/* PRIVATE FUNCTIONS **********************************************************/

BOOLEAN
NTAPI
MiIsProtectionCompatible(IN ULONG SectionPageProtection,
                         IN ULONG NewSectionPageProtection)
{
    ULONG ProtectionMask, CompatibleMask;

    /* Calculate the protection mask and make sure it's valid */
    ProtectionMask = MiMakeProtectionMask(SectionPageProtection);
    if (ProtectionMask == MM_INVALID_PROTECTION)
    {
        DPRINT1("Invalid protection mask\n");
        return FALSE;
    }

    /* Calculate the compatible mask */
    CompatibleMask = MmCompatibleProtectionMask[ProtectionMask & 0x7] |
                     PAGE_GUARD | PAGE_NOCACHE | PAGE_WRITECOMBINE;

    /* See if the mapping protection is compatible with the create protection */
    return ((CompatibleMask | NewSectionPageProtection) == CompatibleMask);
}

ACCESS_MASK
NTAPI
MiArm3GetCorrectFileAccessMask(IN ACCESS_MASK SectionPageProtection)
{
    ULONG ProtectionMask;

    /* Calculate the protection mask and make sure it's valid */
    ProtectionMask = MiMakeProtectionMask(SectionPageProtection);
    if (ProtectionMask == MM_INVALID_PROTECTION)
    {
        DPRINT1("Invalid protection mask\n");
        return STATUS_INVALID_PAGE_PROTECTION;
    }

    /* Now convert it to the required file access */
    return MmMakeFileAccess[ProtectionMask & 0x7];
}

ULONG
NTAPI
MiMakeProtectionMask(IN ULONG Protect)
{
    ULONG Mask1, Mask2, ProtectMask;

    /* PAGE_EXECUTE_WRITECOMBINE is theoretically the maximum */
    if (Protect >= (PAGE_WRITECOMBINE * 2)) return MM_INVALID_PROTECTION;

    /*
     * Windows API protection mask can be understood as two bitfields, differing
     * by whether or not execute rights are being requested
     */
    Mask1 = Protect & 0xF;
    Mask2 = (Protect >> 4) & 0xF;

    /* Check which field is there */
    if (!Mask1)
    {
        /* Mask2 must be there, use it to determine the PTE protection */
        if (!Mask2) return MM_INVALID_PROTECTION;
        ProtectMask = MmUserProtectionToMask2[Mask2];
    }
    else
    {
        /* Mask2 should not be there, use Mask1 to determine the PTE mask */
        if (Mask2) return MM_INVALID_PROTECTION;
        ProtectMask = MmUserProtectionToMask1[Mask1];
    }

    /* Make sure the final mask is a valid one */
    if (ProtectMask == MM_INVALID_PROTECTION) return MM_INVALID_PROTECTION;

    /* Check for PAGE_GUARD option */
    if (Protect & PAGE_GUARD)
    {
        /* It's not valid on no-access, nocache, or writecombine pages */
        if ((ProtectMask == MM_NOACCESS) ||
            (Protect & (PAGE_NOCACHE | PAGE_WRITECOMBINE)))
        {
            /* Fail such requests */
            return MM_INVALID_PROTECTION;
        }

        /* This actually turns on guard page in this scenario! */
        ProtectMask |= MM_GUARDPAGE;
    }

    /* Check for nocache option */
    if (Protect & PAGE_NOCACHE)
    {
        /* The earlier check should've eliminated this possibility */
        ASSERT((Protect & PAGE_GUARD) == 0);

        /* Check for no-access page or write combine page */
        if ((ProtectMask == MM_NOACCESS) || (Protect & PAGE_WRITECOMBINE))
        {
            /* Such a request is invalid */
            return MM_INVALID_PROTECTION;
        }

        /* Add the PTE flag */
        ProtectMask |= MM_NOCACHE;
    }

    /* Check for write combine option */
    if (Protect & PAGE_WRITECOMBINE)
    {
        /* The two earlier scenarios should've caught this */
        ASSERT((Protect & (PAGE_GUARD | PAGE_NOACCESS)) == 0);

        /* Don't allow on no-access pages */
        if (ProtectMask == MM_NOACCESS) return MM_INVALID_PROTECTION;

        /* This actually turns on write-combine in this scenario! */
        ProtectMask |= MM_NOACCESS;
    }

    /* Return the final MM PTE protection mask */
    return ProtectMask;
}

BOOLEAN
NTAPI
MiInitializeSystemSpaceMap(IN PMMSESSION InputSession OPTIONAL)
{
    SIZE_T AllocSize, BitmapSize, Size;
    PVOID ViewStart;
    PMMSESSION Session;

    /* Check if this a session or system space */
    if (InputSession)
    {
        /* Use the input session */
        Session = InputSession;
        ViewStart = MiSessionViewStart;
        Size = MmSessionViewSize;
    }
    else
    {
        /* Use the system space "session" */
        Session = &MmSession;
        ViewStart = MiSystemViewStart;
        Size = MmSystemViewSize;
    }

    /* Initialize the system space lock */
    Session->SystemSpaceViewLockPointer = &Session->SystemSpaceViewLock;
    KeInitializeGuardedMutex(Session->SystemSpaceViewLockPointer);

    /* Set the start address */
    Session->SystemSpaceViewStart = ViewStart;

    /* Create a bitmap to describe system space */
    BitmapSize = sizeof(RTL_BITMAP) + ((((Size / MI_SYSTEM_VIEW_BUCKET_SIZE) + 31) / 32) * sizeof(ULONG));
    Session->SystemSpaceBitMap = ExAllocatePoolWithTag(NonPagedPool,
                                                       BitmapSize,
                                                       TAG_MM);
    ASSERT(Session->SystemSpaceBitMap);
    RtlInitializeBitMap(Session->SystemSpaceBitMap,
                        (PULONG)(Session->SystemSpaceBitMap + 1),
                        (ULONG)(Size / MI_SYSTEM_VIEW_BUCKET_SIZE));

    /* Set system space fully empty to begin with */
    RtlClearAllBits(Session->SystemSpaceBitMap);

    /* Set default hash flags */
    Session->SystemSpaceHashSize = 31;
    Session->SystemSpaceHashKey = Session->SystemSpaceHashSize - 1;
    Session->SystemSpaceHashEntries = 0;

    /* Calculate how much space for the hash views we'll need */
    AllocSize = sizeof(MMVIEW) * Session->SystemSpaceHashSize;
    ASSERT(AllocSize < PAGE_SIZE);

    /* Allocate and zero the view table */
    Session->SystemSpaceViewTable = ExAllocatePoolWithTag(Session == &MmSession ?
                                                          NonPagedPool :
                                                          PagedPool,
                                                          AllocSize,
                                                          TAG_MM);
    ASSERT(Session->SystemSpaceViewTable != NULL);
    RtlZeroMemory(Session->SystemSpaceViewTable, AllocSize);

    /* Success */
    return TRUE;
}

PVOID
NTAPI
MiInsertInSystemSpace(IN PMMSESSION Session,
                      IN ULONG Buckets,
                      IN PCONTROL_AREA ControlArea)
{
    PVOID Base;
    ULONG Entry, Hash, i, HashSize;
    PMMVIEW OldTable;
    PAGED_CODE();

    /* Stay within 4GB */
    ASSERT(Buckets < MI_SYSTEM_VIEW_BUCKET_SIZE);

    /* Lock system space */
    KeAcquireGuardedMutex(Session->SystemSpaceViewLockPointer);

    /* Check if we're going to exhaust hash entries */
    if ((Session->SystemSpaceHashEntries + 8) > Session->SystemSpaceHashSize)
    {
        /* Double the hash size */
        HashSize = Session->SystemSpaceHashSize * 2;

        /* Save the old table and allocate a new one */
        OldTable = Session->SystemSpaceViewTable;
        Session->SystemSpaceViewTable = ExAllocatePoolWithTag(Session ==
                                                              &MmSession ?
                                                              NonPagedPool :
                                                              PagedPool,
                                                              HashSize *
                                                              sizeof(MMVIEW),
                                                              TAG_MM);
        if (!Session->SystemSpaceViewTable)
        {
            /* Failed to allocate a new table, keep the old one for now */
            Session->SystemSpaceViewTable = OldTable;
        }
        else
        {
            /* Clear the new table and set the new ahsh and key */
            RtlZeroMemory(Session->SystemSpaceViewTable, HashSize * sizeof(MMVIEW));
            Session->SystemSpaceHashSize = HashSize;
            Session->SystemSpaceHashKey = Session->SystemSpaceHashSize - 1;

            /* Loop the old table */
            for (i = 0; i < Session->SystemSpaceHashSize / 2; i++)
            {
                /* Check if the entry was valid */
                if (OldTable[i].Entry)
                {
                    /* Re-hash the old entry and search for space in the new table */
                    Hash = (OldTable[i].Entry >> 16) % Session->SystemSpaceHashKey;
                    while (Session->SystemSpaceViewTable[Hash].Entry)
                    {
                        /* Loop back at the beginning if we had an overflow */
                        if (++Hash >= Session->SystemSpaceHashSize) Hash = 0;
                    }

                    /* Write the old entry in the new table */
                    Session->SystemSpaceViewTable[Hash] = OldTable[i];
                }
            }

            /* Free the old table */
            ExFreePool(OldTable);
        }
    }

    /* Check if we ran out */
    if (Session->SystemSpaceHashEntries == Session->SystemSpaceHashSize)
    {
        DPRINT1("Ran out of system view hash entries\n");
        KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
        return NULL;
    }

    /* Find space where to map this view */
    i = RtlFindClearBitsAndSet(Session->SystemSpaceBitMap, Buckets, 0);
    if (i == 0xFFFFFFFF)
    {
        /* Out of space, fail */
        Session->BitmapFailures++;
        DPRINT1("Out of system view space\n");
        KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
        return NULL;
    }

    /* Compute the base address */
    Base = (PVOID)((ULONG_PTR)Session->SystemSpaceViewStart + (i * MI_SYSTEM_VIEW_BUCKET_SIZE));

    /* Get the hash entry for this allocation */
    Entry = ((ULONG_PTR)Base & ~(MI_SYSTEM_VIEW_BUCKET_SIZE - 1)) + Buckets;
    Hash = (Entry >> 16) % Session->SystemSpaceHashKey;

    /* Loop hash entries until a free one is found */
    while (Session->SystemSpaceViewTable[Hash].Entry)
    {
        /* Unless we overflow, in which case loop back at hash o */
        if (++Hash >= Session->SystemSpaceHashSize) Hash = 0;
    }

    /* Add this entry into the hash table */
    Session->SystemSpaceViewTable[Hash].Entry = Entry;
    Session->SystemSpaceViewTable[Hash].ControlArea = ControlArea;

    /* Hash entry found, increment total and return the base address */
    Session->SystemSpaceHashEntries++;
    KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
    return Base;
}

NTSTATUS
NTAPI
MiAddMappedPtes(IN PMMPTE FirstPte,
                IN PFN_NUMBER PteCount,
                IN PCONTROL_AREA ControlArea)
{
    MMPTE TempPte;
    PMMPTE PointerPte, ProtoPte, LastProtoPte, LastPte;
    PSUBSECTION Subsection;

    /* ARM3 doesn't support this yet */
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
    ASSERT(ControlArea->u.Flags.Rom == 0);
    ASSERT(ControlArea->FilePointer == NULL);

    /* Sanity checks */
    ASSERT(PteCount != 0);
    ASSERT(ControlArea->NumberOfMappedViews >= 1);
    ASSERT(ControlArea->NumberOfUserReferences >= 1);
    ASSERT(ControlArea->NumberOfSectionReferences != 0);
    ASSERT(ControlArea->u.Flags.BeingCreated == 0);
    ASSERT(ControlArea->u.Flags.BeingDeleted == 0);
    ASSERT(ControlArea->u.Flags.BeingPurged == 0);

    /* Get the PTEs for the actual mapping */
    PointerPte = FirstPte;
    LastPte = FirstPte + PteCount;

    /* Get the prototype PTEs that desribe the section mapping in the subsection */
    Subsection = (PSUBSECTION)(ControlArea + 1);
    ProtoPte = Subsection->SubsectionBase;
    LastProtoPte = &Subsection->SubsectionBase[Subsection->PtesInSubsection];

    /* Loop the PTEs for the mapping */
    while (PointerPte < LastPte)
    {
        /* We may have run out of prototype PTEs in this subsection */
        if (ProtoPte >= LastProtoPte)
        {
            /* But we don't handle this yet */
            ASSERT(FALSE);
        }

        /* The PTE should be completely clear */
        ASSERT(PointerPte->u.Long == 0);

        /* Build the prototype PTE and write it */
        MI_MAKE_PROTOTYPE_PTE(&TempPte, ProtoPte);
        MI_WRITE_INVALID_PTE(PointerPte, TempPte);

        /* Keep going */
        PointerPte++;
        ProtoPte++;
    }

    /* No failure path */
    return STATUS_SUCCESS;
}

VOID
NTAPI
MiFillSystemPageDirectory(IN PVOID Base,
                          IN SIZE_T NumberOfBytes)
{
    PMMPDE PointerPde, LastPde, SystemMapPde;
    MMPDE TempPde;
    PFN_NUMBER PageFrameIndex, ParentPage;
    KIRQL OldIrql;
    PAGED_CODE();

    /* Find the PDEs needed for this mapping */
    PointerPde = MiAddressToPde(Base);
    LastPde = MiAddressToPde((PVOID)((ULONG_PTR)Base + NumberOfBytes - 1));

#if (_MI_PAGING_LEVELS == 2)
    /* Find the system double-mapped PDE that describes this mapping */
    SystemMapPde = &MmSystemPagePtes[((ULONG_PTR)PointerPde & (SYSTEM_PD_SIZE - 1)) / sizeof(MMPTE)];
#else
    /* We don't have a double mapping */
    SystemMapPde = PointerPde;
#endif

    /* Use the PDE template and loop the PDEs */
    TempPde = ValidKernelPde;
    while (PointerPde <= LastPde)
    {
        /* Lock the PFN database */
        OldIrql = MiAcquirePfnLock();

        /* Check if we don't already have this PDE mapped */
        if (SystemMapPde->u.Hard.Valid == 0)
        {
            /* Grab a page for it */
            MI_SET_USAGE(MI_USAGE_PAGE_TABLE);
            MI_SET_PROCESS2(PsGetCurrentProcess()->ImageFileName);
            PageFrameIndex = MiRemoveZeroPage(MI_GET_NEXT_COLOR());
            ASSERT(PageFrameIndex);
            TempPde.u.Hard.PageFrameNumber = PageFrameIndex;

#if (_MI_PAGING_LEVELS == 2)
            ParentPage = MmSystemPageDirectory[(PointerPde - MiAddressToPde(NULL)) / PDE_COUNT];
#else
            ParentPage = MiPdeToPpe(PointerPde)->u.Hard.PageFrameNumber;
#endif
            /* Initialize its PFN entry, with the parent system page directory page table */
            MiInitializePfnForOtherProcess(PageFrameIndex,
                                           (PMMPTE)PointerPde,
                                           ParentPage);

            /* Make the system PDE entry valid */
            MI_WRITE_VALID_PDE(SystemMapPde, TempPde);

            /* The system PDE entry might be the PDE itself, so check for this */
            if (PointerPde->u.Hard.Valid == 0)
            {
                /* It's different, so make the real PDE valid too */
                MI_WRITE_VALID_PDE(PointerPde, TempPde);
            }
        }

        /* Release the lock and keep going with the next PDE */
        MiReleasePfnLock(OldIrql);
        SystemMapPde++;
        PointerPde++;
    }
}

NTSTATUS
NTAPI
MiCheckPurgeAndUpMapCount(IN PCONTROL_AREA ControlArea,
                          IN BOOLEAN FailIfSystemViews)
{
    KIRQL OldIrql;

    /* Flag not yet supported */
    ASSERT(FailIfSystemViews == FALSE);

    /* Lock the PFN database */
    OldIrql = MiAcquirePfnLock();

    /* State not yet supported */
    ASSERT(ControlArea->u.Flags.BeingPurged == 0);

    /* Increase the reference counts */
    ControlArea->NumberOfMappedViews++;
    ControlArea->NumberOfUserReferences++;
    ASSERT(ControlArea->NumberOfSectionReferences != 0);

    /* Release the PFN lock and return success */
    MiReleasePfnLock(OldIrql);
    return STATUS_SUCCESS;
}

PSUBSECTION
NTAPI
MiLocateSubsection(IN PMMVAD Vad,
                   IN ULONG_PTR Vpn)
{
    PSUBSECTION Subsection;
    PCONTROL_AREA ControlArea;
    ULONG_PTR PteOffset;

    /* Get the control area */
    ControlArea = Vad->ControlArea;
    ASSERT(ControlArea->u.Flags.Rom == 0);
    ASSERT(ControlArea->u.Flags.Image == 0);
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);

    /* Get the subsection */
    Subsection = (PSUBSECTION)(ControlArea + 1);

    /* We only support single-subsection segments */
    ASSERT(Subsection->SubsectionBase != NULL);
    ASSERT(Vad->FirstPrototypePte >= Subsection->SubsectionBase);
    ASSERT(Vad->FirstPrototypePte < &Subsection->SubsectionBase[Subsection->PtesInSubsection]);

    /* Compute the PTE offset */
    PteOffset = Vpn - Vad->StartingVpn;
    PteOffset += Vad->FirstPrototypePte - Subsection->SubsectionBase;

    /* Again, we only support single-subsection segments */
    ASSERT(PteOffset < 0xF0000000);
    ASSERT(PteOffset < Subsection->PtesInSubsection);

    /* Return the subsection */
    return Subsection;
}

VOID
NTAPI
MiSegmentDelete(IN PSEGMENT Segment)
{
    PCONTROL_AREA ControlArea;
    SEGMENT_FLAGS SegmentFlags;
    PSUBSECTION Subsection;
    PMMPTE PointerPte, LastPte, PteForProto;
    PMMPFN Pfn1;
    PFN_NUMBER PageFrameIndex;
    MMPTE TempPte;
    KIRQL OldIrql;

    /* Capture data */
    SegmentFlags = Segment->SegmentFlags;
    ControlArea = Segment->ControlArea;

    /* Make sure control area is on the right delete path */
    ASSERT(ControlArea->u.Flags.BeingDeleted == 1);
    ASSERT(ControlArea->WritableUserReferences == 0);

    /* These things are not supported yet */
    ASSERT(ControlArea->DereferenceList.Flink == NULL);
    ASSERT(!(ControlArea->u.Flags.Image) && !(ControlArea->u.Flags.File));
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
    ASSERT(ControlArea->u.Flags.Rom == 0);

    /* Get the subsection and PTEs for this segment */
    Subsection = (PSUBSECTION)(ControlArea + 1);
    PointerPte = Subsection->SubsectionBase;
    LastPte = PointerPte + Segment->NonExtendedPtes;

    /* Lock the PFN database */
    OldIrql = MiAcquirePfnLock();

    /* Check if the master PTE is invalid */
    PteForProto = MiAddressToPte(PointerPte);
    if (!PteForProto->u.Hard.Valid)
    {
        /* Fault it in */
        MiMakeSystemAddressValidPfn(PointerPte, OldIrql);
    }

    /* Loop all the segment PTEs */
    while (PointerPte < LastPte)
    {
        /* Check if it's time to switch master PTEs if we passed a PDE boundary */
        if (!((ULONG_PTR)PointerPte & (PD_SIZE - 1)) &&
            (PointerPte != Subsection->SubsectionBase))
        {
            /* Check if the master PTE is invalid */
            PteForProto = MiAddressToPte(PointerPte);
            if (!PteForProto->u.Hard.Valid)
            {
                /* Fault it in */
                MiMakeSystemAddressValidPfn(PointerPte, OldIrql);
            }
        }

        /* This should be a prototype PTE */
        TempPte = *PointerPte;
        ASSERT(SegmentFlags.LargePages == 0);
        ASSERT(TempPte.u.Hard.Valid == 0);

        /* See if we should clean things up */
        if (!(ControlArea->u.Flags.Image) && !(ControlArea->u.Flags.File))
        {
            /*
             * This is a section backed by the pagefile. Now that it doesn't exist anymore,
             * we can give everything back to the system.
             */
            ASSERT(TempPte.u.Soft.Prototype == 0);

            if (TempPte.u.Soft.Transition == 1)
            {
                /* We can give the page back for other use */
                DPRINT("Releasing page for transition PTE %p\n", PointerPte);
                PageFrameIndex = PFN_FROM_PTE(&TempPte);
                Pfn1 = MI_PFN_ELEMENT(PageFrameIndex);

                /* As this is a paged-backed section, nobody should reference it anymore (no cache or whatever) */
                ASSERT(Pfn1->u3.ReferenceCount == 0);

                /* And it should be in standby or modified list */
                ASSERT((Pfn1->u3.e1.PageLocation == ModifiedPageList) || (Pfn1->u3.e1.PageLocation == StandbyPageList));

                /* Unlink it and put it back in free list */
                MiUnlinkPageFromList(Pfn1);

                /* Temporarily mark this as active and make it free again */
                Pfn1->u3.e1.PageLocation = ActiveAndValid;
                MI_SET_PFN_DELETED(Pfn1);

                MiInsertPageInFreeList(PageFrameIndex);
            }
            else if (TempPte.u.Soft.PageFileHigh != 0)
            {
                /* Should not happen for now */
                ASSERT(FALSE);
            }
        }
        else
        {
            /* unsupported for now */
            ASSERT(FALSE);

            /* File-backed section must have prototype PTEs */
            ASSERT(TempPte.u.Soft.Prototype == 1);
        }

        /* Zero the PTE and keep going */
        PointerPte->u.Long = 0;
        PointerPte++;
    }

    /* Release the PFN lock */
    MiReleasePfnLock(OldIrql);

    /* Free the structures */
    ExFreePool(ControlArea);
    ExFreePool(Segment);
}

VOID
NTAPI
MiCheckControlArea(IN PCONTROL_AREA ControlArea,
                   IN KIRQL OldIrql)
{
    BOOLEAN DeleteSegment = FALSE;
    MI_ASSERT_PFN_LOCK_HELD();

    /* Check if this is the last reference or view */
    if (!(ControlArea->NumberOfMappedViews) &&
        !(ControlArea->NumberOfSectionReferences))
    {
        /* There should be no more user references either */
        ASSERT(ControlArea->NumberOfUserReferences == 0);

        /* Not yet supported */
        ASSERT(ControlArea->FilePointer == NULL);

        /* The control area is being destroyed */
        ControlArea->u.Flags.BeingDeleted = TRUE;
        DeleteSegment = TRUE;
    }

    /* Release the PFN lock */
    MiReleasePfnLock(OldIrql);

    /* Delete the segment if needed */
    if (DeleteSegment)
    {
        /* No more user write references at all */
        ASSERT(ControlArea->WritableUserReferences == 0);
        MiSegmentDelete(ControlArea->Segment);
    }
}

VOID
NTAPI
MiDereferenceControlArea(IN PCONTROL_AREA ControlArea)
{
    KIRQL OldIrql;

    /* Lock the PFN database */
    OldIrql = MiAcquirePfnLock();

    /* Drop reference counts */
    ControlArea->NumberOfMappedViews--;
    ControlArea->NumberOfUserReferences--;

    /* Check if it's time to delete the CA. This releases the lock */
    MiCheckControlArea(ControlArea, OldIrql);
}

VOID
NTAPI
MiRemoveMappedView(IN PEPROCESS CurrentProcess,
                   IN PMMVAD Vad)
{
    KIRQL OldIrql;
    PCONTROL_AREA ControlArea;
    PETHREAD CurrentThread = PsGetCurrentThread();

    /* Get the control area */
    ControlArea = Vad->ControlArea;

    /* We only support non-extendable, non-image, pagefile-backed regular sections */
    ASSERT(Vad->u.VadFlags.VadType == VadNone);
    ASSERT(Vad->u2.VadFlags2.ExtendableFile == FALSE);
    ASSERT(ControlArea);
    ASSERT(ControlArea->FilePointer == NULL);

    /* Delete the actual virtual memory pages */
    MiDeleteVirtualAddresses(Vad->StartingVpn << PAGE_SHIFT,
                             (Vad->EndingVpn << PAGE_SHIFT) | (PAGE_SIZE - 1),
                             Vad);

    /* Release the working set */
    MiUnlockProcessWorkingSetUnsafe(CurrentProcess, CurrentThread);

    /* Lock the PFN database */
    OldIrql = MiAcquirePfnLock();

    /* Remove references */
    ControlArea->NumberOfMappedViews--;
    ControlArea->NumberOfUserReferences--;

    /* Check if it should be destroyed */
    MiCheckControlArea(ControlArea, OldIrql);
}

NTSTATUS
NTAPI
MiUnmapViewOfSection(IN PEPROCESS Process,
                     IN PVOID BaseAddress,
                     IN ULONG Flags)
{
    PMEMORY_AREA MemoryArea;
    BOOLEAN Attached = FALSE;
    KAPC_STATE ApcState;
    PMMVAD Vad;
    PVOID DbgBase = NULL;
    SIZE_T RegionSize;
    NTSTATUS Status;
    PETHREAD CurrentThread = PsGetCurrentThread();
    PEPROCESS CurrentProcess = PsGetCurrentProcess();
    PAGED_CODE();

    /* Check for Mm Region */
    MemoryArea = MmLocateMemoryAreaByAddress(&Process->Vm, BaseAddress);
    if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3))
    {
        /* Call Mm API */
        return MiRosUnmapViewOfSection(Process, BaseAddress, Process->ProcessExiting);
    }

    /* Check if we should attach to the process */
    if (CurrentProcess != Process)
    {
        /* The process is different, do an attach */
        KeStackAttachProcess(&Process->Pcb, &ApcState);
        Attached = TRUE;
    }

    /* Check if we need to lock the address space */
    if (!Flags) MmLockAddressSpace(&Process->Vm);

    /* Check if the process is already daed */
    if (Process->VmDeleted)
    {
        /* Fail the call */
        DPRINT1("Process died!\n");
        if (!Flags) MmUnlockAddressSpace(&Process->Vm);
        Status = STATUS_PROCESS_IS_TERMINATING;
        goto Quickie;
    }

    /* Find the VAD for the address and make sure it's a section VAD */
    Vad = MiLocateAddress(BaseAddress);
    if (!(Vad) || (Vad->u.VadFlags.PrivateMemory))
    {
        /* Couldn't find it, or invalid VAD, fail */
        DPRINT1("No VAD or invalid VAD\n");
        if (!Flags) MmUnlockAddressSpace(&Process->Vm);
        Status = STATUS_NOT_MAPPED_VIEW;
        goto Quickie;
    }

    /* We should be attached */
    ASSERT(Process == PsGetCurrentProcess());

    /* We need the base address for the debugger message on image-backed VADs */
    if (Vad->u.VadFlags.VadType == VadImageMap)
    {
        DbgBase = (PVOID)(Vad->StartingVpn >> PAGE_SHIFT);
    }

    /* Compute the size of the VAD region */
    RegionSize = PAGE_SIZE + ((Vad->EndingVpn - Vad->StartingVpn) << PAGE_SHIFT);

    /* For SEC_NO_CHANGE sections, we need some extra checks */
    if (Vad->u.VadFlags.NoChange == 1)
    {
        /* Are we allowed to mess with this VAD? */
        Status = MiCheckSecuredVad(Vad,
                                   (PVOID)(Vad->StartingVpn >> PAGE_SHIFT),
                                   RegionSize,
                                   MM_DELETE_CHECK);
        if (!NT_SUCCESS(Status))
        {
            /* We failed */
            DPRINT1("Trying to unmap protected VAD!\n");
            if (!Flags) MmUnlockAddressSpace(&Process->Vm);
            goto Quickie;
        }
    }

    /* Not currently supported */
    ASSERT(Vad->u.VadFlags.VadType != VadRotatePhysical);

    /* FIXME: Remove VAD charges */

    /* Lock the working set */
    MiLockProcessWorkingSetUnsafe(Process, CurrentThread);

    /* Remove the VAD */
    ASSERT(Process->VadRoot.NumberGenericTableElements >= 1);
    MiRemoveNode((PMMADDRESS_NODE)Vad, &Process->VadRoot);

    /* Remove the PTEs for this view, which also releases the working set lock */
    MiRemoveMappedView(Process, Vad);

    /* FIXME: Remove commitment */

    /* Update performance counter and release the lock */
    Process->VirtualSize -= RegionSize;
    if (!Flags) MmUnlockAddressSpace(&Process->Vm);

    /* Destroy the VAD and return success */
    ExFreePool(Vad);
    Status = STATUS_SUCCESS;

    /* Failure and success case -- send debugger message, detach, and return */
Quickie:
    if (DbgBase) DbgkUnMapViewOfSection(DbgBase);
    if (Attached) KeUnstackDetachProcess(&ApcState);
    return Status;
}

NTSTATUS
NTAPI
MiSessionCommitPageTables(IN PVOID StartVa,
                          IN PVOID EndVa)
{
    KIRQL OldIrql;
    ULONG Color, Index;
    PMMPDE StartPde, EndPde;
    MMPDE TempPde = ValidKernelPdeLocal;
    PMMPFN Pfn1;
    PFN_NUMBER PageCount = 0, ActualPages = 0, PageFrameNumber;

    /* Windows sanity checks */
    ASSERT(StartVa >= (PVOID)MmSessionBase);
    ASSERT(EndVa < (PVOID)MiSessionSpaceEnd);
    ASSERT(PAGE_ALIGN(EndVa) == EndVa);

    /* Get the start and end PDE, then loop each one */
    StartPde = MiAddressToPde(StartVa);
    EndPde = MiAddressToPde((PVOID)((ULONG_PTR)EndVa - 1));
    Index = ((ULONG_PTR)StartVa - (ULONG_PTR)MmSessionBase) >> 22;
    while (StartPde <= EndPde)
    {
#ifndef _M_AMD64
        /* If we don't already have a page table for it, increment count */
        if (MmSessionSpace->PageTables[Index].u.Long == 0) PageCount++;
#endif
        /* Move to the next one */
        StartPde++;
        Index++;
    }

    /* If there's no page tables to create, bail out */
    if (PageCount == 0) return STATUS_SUCCESS;

    /* Reset the start PDE and index */
    StartPde = MiAddressToPde(StartVa);
    Index = ((ULONG_PTR)StartVa - (ULONG_PTR)MmSessionBase) >> 22;

    /* Loop each PDE while holding the working set lock */
//  MiLockWorkingSet(PsGetCurrentThread(),
//                   &MmSessionSpace->GlobalVirtualAddress->Vm);
#ifdef _M_AMD64
_WARN("MiSessionCommitPageTables halfplemented for amd64")
    DBG_UNREFERENCED_LOCAL_VARIABLE(OldIrql);
    DBG_UNREFERENCED_LOCAL_VARIABLE(Color);
    DBG_UNREFERENCED_LOCAL_VARIABLE(TempPde);
    DBG_UNREFERENCED_LOCAL_VARIABLE(Pfn1);
    DBG_UNREFERENCED_LOCAL_VARIABLE(PageFrameNumber);
    ASSERT(FALSE);
#else
    while (StartPde <= EndPde)
    {
        /* Check if we already have a page table */
        if (MmSessionSpace->PageTables[Index].u.Long == 0)
        {
            /* We don't, so the PDE shouldn't be ready yet */
            ASSERT(StartPde->u.Hard.Valid == 0);

            /* ReactOS check to avoid MiEnsureAvailablePageOrWait */
            ASSERT(MmAvailablePages >= 32);

            /* Acquire the PFN lock and grab a zero page */
            OldIrql = MiAcquirePfnLock();
            MI_SET_USAGE(MI_USAGE_PAGE_TABLE);
            MI_SET_PROCESS2(PsGetCurrentProcess()->ImageFileName);
            Color = (++MmSessionSpace->Color) & MmSecondaryColorMask;
            PageFrameNumber = MiRemoveZeroPage(Color);
            TempPde.u.Hard.PageFrameNumber = PageFrameNumber;
            MI_WRITE_VALID_PDE(StartPde, TempPde);

            /* Write the page table in session space structure */
            ASSERT(MmSessionSpace->PageTables[Index].u.Long == 0);
            MmSessionSpace->PageTables[Index] = TempPde;

            /* Initialize the PFN */
            MiInitializePfnForOtherProcess(PageFrameNumber,
                                           StartPde,
                                           MmSessionSpace->SessionPageDirectoryIndex);

            /* And now release the lock */
            MiReleasePfnLock(OldIrql);

            /* Get the PFN entry and make sure there's no event for it */
            Pfn1 = MI_PFN_ELEMENT(PageFrameNumber);
            ASSERT(Pfn1->u1.Event == NULL);

            /* Increment the number of pages */
            ActualPages++;
        }

        /* Move to the next PDE */
        StartPde++;
        Index++;
    }
#endif

    /* Make sure we didn't do more pages than expected */
    ASSERT(ActualPages <= PageCount);

    /* Release the working set lock */
//  MiUnlockWorkingSet(PsGetCurrentThread(),
//                     &MmSessionSpace->GlobalVirtualAddress->Vm);


    /* If we did at least one page... */
    if (ActualPages)
    {
        /* Update the performance counters! */
        InterlockedExchangeAddSizeT(&MmSessionSpace->NonPageablePages, ActualPages);
        InterlockedExchangeAddSizeT(&MmSessionSpace->CommittedPages, ActualPages);
    }

    /* Return status */
    return STATUS_SUCCESS;
}

NTSTATUS
NTAPI
MiMapViewInSystemSpace(IN PVOID Section,
                       IN PMMSESSION Session,
                       OUT PVOID *MappedBase,
                       IN OUT PSIZE_T ViewSize)
{
    PVOID Base;
    PCONTROL_AREA ControlArea;
    ULONG Buckets, SectionSize;
    NTSTATUS Status;
    PAGED_CODE();

    /* Get the control area, check for any flags ARM3 doesn't yet support */
    ControlArea = ((PSECTION)Section)->Segment->ControlArea;
    ASSERT(ControlArea->u.Flags.Image == 0);
    ASSERT(ControlArea->FilePointer == NULL);
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
    ASSERT(ControlArea->u.Flags.Rom == 0);
    ASSERT(ControlArea->u.Flags.WasPurged == 0);

    /* Increase the reference and map count on the control area, no purges yet */
    Status = MiCheckPurgeAndUpMapCount(ControlArea, FALSE);
    ASSERT(NT_SUCCESS(Status));

    /* Get the section size at creation time */
    SectionSize = ((PSECTION)Section)->SizeOfSection.LowPart;

    /* If the caller didn't specify a view size, assume the whole section */
    if (!(*ViewSize)) *ViewSize = SectionSize;

    /* Check if the caller wanted a larger section than the view */
    if (*ViewSize > SectionSize)
    {
        /* Fail */
        DPRINT1("View is too large\n");
        MiDereferenceControlArea(ControlArea);
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Get the number of 64K buckets required for this mapping */
    Buckets = (ULONG)(*ViewSize / MI_SYSTEM_VIEW_BUCKET_SIZE);
    if (*ViewSize & (MI_SYSTEM_VIEW_BUCKET_SIZE - 1)) Buckets++;

    /* Check if the view is more than 4GB large */
    if (Buckets >= MI_SYSTEM_VIEW_BUCKET_SIZE)
    {
        /* Fail */
        DPRINT1("View is too large\n");
        MiDereferenceControlArea(ControlArea);
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Insert this view into system space and get a base address for it */
    Base = MiInsertInSystemSpace(Session, Buckets, ControlArea);
    if (!Base)
    {
        /* Fail */
        DPRINT1("Out of system space\n");
        MiDereferenceControlArea(ControlArea);
        return STATUS_NO_MEMORY;
    }

    /* What's the underlying session? */
    if (Session == &MmSession)
    {
        /* Create the PDEs needed for this mapping, and double-map them if needed */
        MiFillSystemPageDirectory(Base, Buckets * MI_SYSTEM_VIEW_BUCKET_SIZE);
        Status = STATUS_SUCCESS;
    }
    else
    {
        /* Create the PDEs needed for this mapping */
        Status = MiSessionCommitPageTables(Base,
                                           (PVOID)((ULONG_PTR)Base +
                                           Buckets * MI_SYSTEM_VIEW_BUCKET_SIZE));
        ASSERT(NT_SUCCESS(Status));
    }

    /* Create the actual prototype PTEs for this mapping */
    Status = MiAddMappedPtes(MiAddressToPte(Base),
                             BYTES_TO_PAGES(*ViewSize),
                             ControlArea);
    ASSERT(NT_SUCCESS(Status));

    /* Return the base adress of the mapping and success */
    *MappedBase = Base;
    return STATUS_SUCCESS;
}

VOID
NTAPI
MiSetControlAreaSymbolsLoaded(IN PCONTROL_AREA ControlArea)
{
    KIRQL OldIrql;

    ASSERT(KeGetCurrentIrql() <= APC_LEVEL);

    OldIrql = MiAcquirePfnLock();
    ControlArea->u.Flags.DebugSymbolsLoaded |= 1;

    ASSERT(OldIrql <= APC_LEVEL);
    MiReleasePfnLock(OldIrql);
    ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
}

VOID
NTAPI
MiLoadUserSymbols(IN PCONTROL_AREA ControlArea,
                  IN PVOID BaseAddress,
                  IN PEPROCESS Process)
{
    NTSTATUS Status;
    ANSI_STRING FileNameA;
    PLIST_ENTRY NextEntry;
    PUNICODE_STRING FileName;
    PIMAGE_NT_HEADERS NtHeaders;
    PLDR_DATA_TABLE_ENTRY LdrEntry;

    FileName = &ControlArea->FilePointer->FileName;
    if (FileName->Length == 0)
    {
        return;
    }

    /* Acquire module list lock */
    KeEnterCriticalRegion();
    ExAcquireResourceExclusiveLite(&PsLoadedModuleResource, TRUE);

    /* Browse list to try to find current module */
    for (NextEntry = MmLoadedUserImageList.Flink;
         NextEntry != &MmLoadedUserImageList;
         NextEntry = NextEntry->Flink)
    {
        /* Get the entry */
        LdrEntry = CONTAINING_RECORD(NextEntry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InLoadOrderLinks);

        /* If already in the list, increase load count */
        if (LdrEntry->DllBase == BaseAddress)
        {
            ++LdrEntry->LoadCount;
            break;
        }
    }

    /* Not in the list, we'll add it */
    if (NextEntry == &MmLoadedUserImageList)
    {
        /* Allocate our element, taking to the name string and its null char */
        LdrEntry = ExAllocatePoolWithTag(NonPagedPool, FileName->Length + sizeof(UNICODE_NULL) + sizeof(*LdrEntry), 'bDmM');
        if (LdrEntry)
        {
            memset(LdrEntry, 0, FileName->Length + sizeof(UNICODE_NULL) + sizeof(*LdrEntry));

            _SEH2_TRY
            {
                /* Get image checksum and size */
                NtHeaders = RtlImageNtHeader(BaseAddress);
                if (NtHeaders)
                {
                    LdrEntry->SizeOfImage = NtHeaders->OptionalHeader.SizeOfImage;
                    LdrEntry->CheckSum = NtHeaders->OptionalHeader.CheckSum;
                }
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                ExFreePoolWithTag(LdrEntry, 'bDmM');
                _SEH2_YIELD(return);
            }
            _SEH2_END;

            /* Fill all the details */
            LdrEntry->DllBase = BaseAddress;
            LdrEntry->FullDllName.Buffer = (PVOID)((ULONG_PTR)LdrEntry + sizeof(*LdrEntry));
            LdrEntry->FullDllName.Length = FileName->Length;
            LdrEntry->FullDllName.MaximumLength = FileName->Length + sizeof(UNICODE_NULL);
            memcpy(LdrEntry->FullDllName.Buffer, FileName->Buffer, FileName->Length);
            LdrEntry->FullDllName.Buffer[LdrEntry->FullDllName.Length / sizeof(WCHAR)] = UNICODE_NULL;
            LdrEntry->LoadCount = 1;

            /* Insert! */
            InsertHeadList(&MmLoadedUserImageList, &LdrEntry->InLoadOrderLinks);
        }
    }

    /* Release locks */
    ExReleaseResourceLite(&PsLoadedModuleResource);
    KeLeaveCriticalRegion();

    /* Load symbols */
    Status = RtlUnicodeStringToAnsiString(&FileNameA, FileName, TRUE);
    if (NT_SUCCESS(Status))
    {
        DbgLoadImageSymbols(&FileNameA, BaseAddress, (ULONG_PTR)Process->UniqueProcessId);
        RtlFreeAnsiString(&FileNameA);
    }
}

NTSTATUS
NTAPI
MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea,
                       IN PEPROCESS Process,
                       IN PVOID *BaseAddress,
                       IN PLARGE_INTEGER SectionOffset,
                       IN PSIZE_T ViewSize,
                       IN PSECTION Section,
                       IN SECTION_INHERIT InheritDisposition,
                       IN ULONG ProtectionMask,
                       IN SIZE_T CommitSize,
                       IN ULONG_PTR ZeroBits,
                       IN ULONG AllocationType)
{
    PMMVAD_LONG Vad;
    ULONG_PTR StartAddress;
    ULONG_PTR ViewSizeInPages;
    PSUBSECTION Subsection;
    PSEGMENT Segment;
    PFN_NUMBER PteOffset;
    NTSTATUS Status;
    ULONG QuotaCharge = 0, QuotaExcess = 0;
    PMMPTE PointerPte, LastPte;
    MMPTE TempPte;
    ULONG Granularity = MM_VIRTMEM_GRANULARITY;

    DPRINT("Mapping ARM3 data section\n");

    /* Get the segment for this section */
    Segment = ControlArea->Segment;

#ifdef _M_IX86
    /* ALlow being less restrictive on x86. */
    if (AllocationType & MEM_DOS_LIM)
        Granularity = PAGE_SIZE;
#endif

    /* One can only reserve a file-based mapping, not shared memory! */
    if ((AllocationType & MEM_RESERVE) && !(ControlArea->FilePointer))
    {
        return STATUS_INVALID_PARAMETER_9;
    }

    /* First, increase the map count. No purging is supported yet */
    Status = MiCheckPurgeAndUpMapCount(ControlArea, FALSE);
    if (!NT_SUCCESS(Status)) return Status;

    /* Check if the caller specified the view size */
    if (!(*ViewSize))
    {
        /* The caller did not, so pick a 64K aligned view size based on the offset */
        SectionOffset->LowPart &= ~(_64K - 1);
        *ViewSize = (SIZE_T)(Section->SizeOfSection.QuadPart - SectionOffset->QuadPart);
    }
    else
    {
        /* A size was specified, align it to a 64K boundary */
        *ViewSize += SectionOffset->LowPart & (_64K - 1);

        /* Align the offset as well to make this an aligned map */
        SectionOffset->LowPart &= ~((ULONG)_64K - 1);
    }

    /* We must be dealing with a 64KB aligned offset. This is a Windows ASSERT */
    ASSERT((SectionOffset->LowPart & ((ULONG)_64K - 1)) == 0);

    /* It's illegal to try to map more than overflows a LONG_PTR */
    if (*ViewSize >= MAXLONG_PTR)
    {
        MiDereferenceControlArea(ControlArea);
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Windows ASSERTs for this flag */
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);

    /* Get the subsection. We don't support LARGE_CONTROL_AREA in ARM3 */
    ASSERT(ControlArea->u.Flags.Rom == 0);
    Subsection = (PSUBSECTION)(ControlArea + 1);

    /* Sections with extended segments are not supported in ARM3 */
    ASSERT(Segment->SegmentFlags.TotalNumberOfPtes4132 == 0);

    /* Within this section, figure out which PTEs will describe the view */
    PteOffset = (PFN_NUMBER)(SectionOffset->QuadPart >> PAGE_SHIFT);

    /* The offset must be in this segment's PTE chunk and it must be valid. Windows ASSERTs */
    ASSERT(PteOffset < Segment->TotalNumberOfPtes);
    ASSERT(((SectionOffset->QuadPart + *ViewSize + PAGE_SIZE - 1) >> PAGE_SHIFT) >= PteOffset);

    /* In ARM3, only one subsection is used for now. It must contain these PTEs */
    ASSERT(PteOffset < Subsection->PtesInSubsection);

    /* In ARM3, only page-file backed sections (shared memory) are supported now */
    ASSERT(ControlArea->FilePointer == NULL);

    /* Windows ASSERTs for this too -- there must be a subsection base address */
    ASSERT(Subsection->SubsectionBase != NULL);

    /* Compute how much commit space the segment will take */
    if ((CommitSize) && (Segment->NumberOfCommittedPages < Segment->TotalNumberOfPtes))
    {
        /* Charge for the maximum pages */
        QuotaCharge = BYTES_TO_PAGES(CommitSize);
    }

    /* ARM3 does not currently support large pages */
    ASSERT(Segment->SegmentFlags.LargePages == 0);

    /* Calculate how many pages the region spans */
    ViewSizeInPages = BYTES_TO_PAGES(*ViewSize);

    /* A VAD can now be allocated. Do so and zero it out */
    /* FIXME: we are allocating a LONG VAD for ReactOS compatibility only */
    ASSERT((AllocationType & MEM_RESERVE) == 0); /* ARM3 does not support this */
    Vad = ExAllocatePoolWithTag(NonPagedPool, sizeof(MMVAD_LONG), 'ldaV');
    if (!Vad)
    {
        MiDereferenceControlArea(ControlArea);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    RtlZeroMemory(Vad, sizeof(MMVAD_LONG));
    Vad->u4.Banked = (PVOID)(ULONG_PTR)0xDEADBABEDEADBABEULL;

    /* Write all the data required in the VAD for handling a fault */
    Vad->ControlArea = ControlArea;
    Vad->u.VadFlags.CommitCharge = 0;
    Vad->u.VadFlags.Protection = ProtectionMask;
    Vad->u2.VadFlags2.FileOffset = (ULONG)(SectionOffset->QuadPart >> 16);
    Vad->u2.VadFlags2.Inherit = (InheritDisposition == ViewShare);
    if ((AllocationType & SEC_NO_CHANGE) || (Section->u.Flags.NoChange))
    {
        /* This isn't really implemented yet, but handle setting the flag */
        Vad->u.VadFlags.NoChange = 1;
        Vad->u2.VadFlags2.SecNoChange = 1;
    }

    /* Finally, write down the first and last prototype PTE */
    Vad->FirstPrototypePte = &Subsection->SubsectionBase[PteOffset];
    PteOffset += ViewSizeInPages - 1;
    ASSERT(PteOffset < Subsection->PtesInSubsection);
    Vad->LastContiguousPte = &Subsection->SubsectionBase[PteOffset];

    /* Make sure the prototype PTE ranges make sense, this is a Windows ASSERT */
    ASSERT(Vad->FirstPrototypePte <= Vad->LastContiguousPte);

    /* FIXME: Should setup VAD bitmap */
    Status = STATUS_SUCCESS;

    /* Check if anything was committed */
    if (QuotaCharge)
    {
        /* Set the start and end PTE addresses, and pick the template PTE */
        PointerPte = Vad->FirstPrototypePte;
        LastPte = PointerPte + BYTES_TO_PAGES(CommitSize);
        TempPte = Segment->SegmentPteTemplate;

        /* Acquire the commit lock and loop all prototype PTEs to be committed */
        KeAcquireGuardedMutex(&MmSectionCommitMutex);
        while (PointerPte < LastPte)
        {
            /* Make sure the PTE is already invalid */
            if (PointerPte->u.Long == 0)
            {
                /* And write the invalid PTE */
                MI_WRITE_INVALID_PTE(PointerPte, TempPte);
            }
            else
            {
                /* The PTE is valid, so skip it */
                QuotaExcess++;
            }

            /* Move to the next PTE */
            PointerPte++;
        }

        /* Now check how many pages exactly we committed, and update accounting */
        ASSERT(QuotaCharge >= QuotaExcess);
        QuotaCharge -= QuotaExcess;
        Segment->NumberOfCommittedPages += QuotaCharge;
        ASSERT(Segment->NumberOfCommittedPages <= Segment->TotalNumberOfPtes);

        /* Now that we're done, release the lock */
        KeReleaseGuardedMutex(&MmSectionCommitMutex);
    }

    /* Is it SEC_BASED, or did the caller manually specify an address? */
    if (*BaseAddress != NULL)
    {
        /* Just align what the caller gave us */
        StartAddress = ALIGN_DOWN_BY((ULONG_PTR)*BaseAddress, Granularity);
    }
    else if (Section->Address.StartingVpn != 0)
    {
        /* It is a SEC_BASED mapping, use the address that was generated */
        StartAddress = Section->Address.StartingVpn + SectionOffset->LowPart;
    }
    else
    {
        StartAddress = 0;
    }

    /* Insert the VAD */
    Status = MiInsertVadEx((PMMVAD)Vad,
                           &StartAddress,
                           ViewSizeInPages * PAGE_SIZE,
                           MAXULONG_PTR >> ZeroBits,
                           Granularity,
                           AllocationType);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }

    /* Windows stores this for accounting purposes, do so as well */
    if (!Segment->u2.FirstMappedVa) Segment->u2.FirstMappedVa = (PVOID)StartAddress;

    /* Finally, let the caller know where, and for what size, the view was mapped */
    *ViewSize = ViewSizeInPages * PAGE_SIZE;
    *BaseAddress = (PVOID)StartAddress;
    DPRINT("Start and region: 0x%p, 0x%p\n", *BaseAddress, *ViewSize);
    return STATUS_SUCCESS;
}

VOID
NTAPI
MiSubsectionConsistent(IN PSUBSECTION Subsection)
{
    /* ReactOS only supports systems with 4K pages and 4K sectors */
    ASSERT(Subsection->u.SubsectionFlags.SectorEndOffset == 0);

    /* Therefore, then number of PTEs should be equal to the number of sectors */
    if (Subsection->NumberOfFullSectors != Subsection->PtesInSubsection)
    {
        /* Break and warn if this is inconsistent */
        DPRINT1("Mm: Subsection inconsistent (%x vs %x)\n",
                Subsection->NumberOfFullSectors, Subsection->PtesInSubsection);
        DbgBreakPoint();
    }
}

NTSTATUS
NTAPI
MiCreateDataFileMap(IN PFILE_OBJECT File,
                    OUT PSEGMENT *Segment,
                    IN PSIZE_T MaximumSize,
                    IN ULONG SectionPageProtection,
                    IN ULONG AllocationAttributes,
                    IN ULONG IgnoreFileSizing)
{
    /* Not yet implemented */
    ASSERT(FALSE);
    *Segment = NULL;
    return STATUS_NOT_IMPLEMENTED;
}

NTSTATUS
NTAPI
MiCreatePagingFileMap(OUT PSEGMENT *Segment,
                      IN PSIZE_T MaximumSize,
                      IN ULONG ProtectionMask,
                      IN ULONG AllocationAttributes)
{
    SIZE_T SizeLimit;
    PFN_COUNT PteCount;
    PMMPTE PointerPte;
    MMPTE TempPte;
    PCONTROL_AREA ControlArea;
    PSEGMENT NewSegment;
    PSUBSECTION Subsection;
    PAGED_CODE();

    /* No large pages in ARM3 yet */
    ASSERT((AllocationAttributes & SEC_LARGE_PAGES) == 0);

    /* Pagefile-backed sections need a known size */
    if (!(*MaximumSize)) return STATUS_INVALID_PARAMETER_4;

    /* Calculate the maximum size possible, given the Prototype PTEs we'll need */
    SizeLimit = MAXULONG_PTR - sizeof(SEGMENT);
    SizeLimit /= sizeof(MMPTE);
    SizeLimit <<= PAGE_SHIFT;

    /* Fail if this size is too big */
    if (*MaximumSize > SizeLimit) return STATUS_SECTION_TOO_BIG;

    /* Calculate how many Prototype PTEs will be needed */
    PteCount = (PFN_COUNT)((*MaximumSize + PAGE_SIZE - 1) >> PAGE_SHIFT);

    /* For commited memory, we must have a valid protection mask */
    if (AllocationAttributes & SEC_COMMIT) ASSERT(ProtectionMask != 0);

    /* The segment contains all the Prototype PTEs, allocate it in paged pool */
    NewSegment = ExAllocatePoolWithTag(PagedPool,
                                       sizeof(SEGMENT) +
                                       sizeof(MMPTE) * (PteCount - 1),
                                       'tSmM');
    ASSERT(NewSegment);
    *Segment = NewSegment;

    /* Now allocate the control area, which has the subsection structure */
    ControlArea = ExAllocatePoolWithTag(NonPagedPool,
                                        sizeof(CONTROL_AREA) + sizeof(SUBSECTION),
                                        'tCmM');
    ASSERT(ControlArea);

    /* And zero it out, filling the basic segmnet pointer and reference fields */
    RtlZeroMemory(ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION));
    ControlArea->Segment = NewSegment;
    ControlArea->NumberOfSectionReferences = 1;
    ControlArea->NumberOfUserReferences = 1;

    /* Convert allocation attributes to control area flags */
    if (AllocationAttributes & SEC_BASED) ControlArea->u.Flags.Based = 1;
    if (AllocationAttributes & SEC_RESERVE) ControlArea->u.Flags.Reserve = 1;
    if (AllocationAttributes & SEC_COMMIT) ControlArea->u.Flags.Commit = 1;

    /* We just allocated it */
    ControlArea->u.Flags.BeingCreated = 1;

    /* The subsection follows, write the mask, PTE count and point back to the CA */
    Subsection = (PSUBSECTION)(ControlArea + 1);
    Subsection->ControlArea = ControlArea;
    Subsection->PtesInSubsection = PteCount;
    Subsection->u.SubsectionFlags.Protection = ProtectionMask;

    /* Zero out the segment's prototype PTEs, and link it with the control area */
    PointerPte = &NewSegment->ThePtes[0];
    RtlZeroMemory(NewSegment, sizeof(SEGMENT));
    NewSegment->PrototypePte = PointerPte;
    NewSegment->ControlArea = ControlArea;

    /* Save some extra accounting data for the segment as well */
    NewSegment->u1.CreatingProcess = PsGetCurrentProcess();
    NewSegment->SizeOfSegment = PteCount * PAGE_SIZE;
    NewSegment->TotalNumberOfPtes = PteCount;
    NewSegment->NonExtendedPtes = PteCount;

    /* The subsection's base address is the first Prototype PTE in the segment */
    Subsection->SubsectionBase = PointerPte;

    /* Start with an empty PTE, unless this is a commit operation */
    TempPte.u.Long = 0;
    if (AllocationAttributes & SEC_COMMIT)
    {
        /* In which case, write down the protection mask in the Prototype PTEs */
        TempPte.u.Soft.Protection = ProtectionMask;

        /* For accounting, also mark these pages as being committed */
        NewSegment->NumberOfCommittedPages = PteCount;
    }

    /* The template PTE itself for the segment should also have the mask set */
    NewSegment->SegmentPteTemplate.u.Soft.Protection = ProtectionMask;

    /* Write out the prototype PTEs, for now they're simply demand zero */
#ifdef _WIN64
    RtlFillMemoryUlonglong(PointerPte, PteCount * sizeof(MMPTE), TempPte.u.Long);
#else
    RtlFillMemoryUlong(PointerPte, PteCount * sizeof(MMPTE), TempPte.u.Long);
#endif
    return STATUS_SUCCESS;
}

NTSTATUS
NTAPI
MiGetFileObjectForSectionAddress(
    IN PVOID Address,
    OUT PFILE_OBJECT *FileObject)
{
    PMMVAD Vad;
    PCONTROL_AREA ControlArea;

    /* Get the VAD */
    Vad = MiLocateAddress(Address);
    if (Vad == NULL)
    {
        /* Fail, the address does not exist */
        DPRINT1("Invalid address\n");
        return STATUS_INVALID_ADDRESS;
    }

    /* Check if this is a RosMm memory area */
    if (Vad->u.VadFlags.Spare != 0)
    {
        PMEMORY_AREA MemoryArea = (PMEMORY_AREA)Vad;
        PROS_SECTION_OBJECT Section;

        /* Check if it's a section view (RosMm section) */
        if (MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
        {
            /* Get the section pointer to the SECTION_OBJECT */
            Section = MemoryArea->Data.SectionData.Section;
            *FileObject = Section->FileObject;
        }
        else
        {
            ASSERT(MemoryArea->Type == MEMORY_AREA_CACHE);
            DPRINT1("Address is a cache section!\n");
            return STATUS_SECTION_NOT_IMAGE;
        }
    }
    else
    {
        /* Make sure it's not a VM VAD */
        if (Vad->u.VadFlags.PrivateMemory == 1)
        {
            DPRINT1("Address is not a section\n");
            return STATUS_SECTION_NOT_IMAGE;
        }

        /* Get the control area */
        ControlArea = Vad->ControlArea;
        if (!(ControlArea) || !(ControlArea->u.Flags.Image))
        {
            DPRINT1("Address is not a section\n");
            return STATUS_SECTION_NOT_IMAGE;
        }

        /* Get the file object */
        *FileObject = ControlArea->FilePointer;
    }

    /* Return success */
    return STATUS_SUCCESS;
}

PFILE_OBJECT
NTAPI
MmGetFileObjectForSection(IN PVOID SectionObject)
{
    PSECTION_OBJECT Section;
    ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
    ASSERT(SectionObject != NULL);

    /* Check if it's an ARM3, or ReactOS section */
    if (MiIsRosSectionObject(SectionObject) == FALSE)
    {
        /* Return the file pointer stored in the control area */
        Section = SectionObject;
        return Section->Segment->ControlArea->FilePointer;
    }

    /* Return the file object */
    return ((PROS_SECTION_OBJECT)SectionObject)->FileObject;
}

static
PFILE_OBJECT
MiGetFileObjectForVad(
    _In_ PMMVAD Vad)
{
    PCONTROL_AREA ControlArea;
    PFILE_OBJECT FileObject;

    /* Check if this is a RosMm memory area */
    if (Vad->u.VadFlags.Spare != 0)
    {
        PMEMORY_AREA MemoryArea = (PMEMORY_AREA)Vad;
        PROS_SECTION_OBJECT Section;

        /* Check if it's a section view (RosMm section) */
        if (MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
        {
            /* Get the section pointer to the SECTION_OBJECT */
            Section = MemoryArea->Data.SectionData.Section;
            FileObject = Section->FileObject;
        }
        else
        {
            ASSERT(MemoryArea->Type == MEMORY_AREA_CACHE);
            DPRINT1("VAD is a cache section!\n");
            return NULL;
        }
    }
    else
    {
        /* Make sure it's not a VM VAD */
        if (Vad->u.VadFlags.PrivateMemory == 1)
        {
            DPRINT1("VAD is not a section\n");
            return NULL;
        }

        /* Get the control area */
        ControlArea = Vad->ControlArea;
        if ((ControlArea == NULL) || !ControlArea->u.Flags.Image)
        {
            DPRINT1("Address is not a section\n");
            return NULL;
        }

        /* Get the file object */
        FileObject = ControlArea->FilePointer;
    }

    /* Return the file object */
    return FileObject;
}

VOID
NTAPI
MmGetImageInformation (OUT PSECTION_IMAGE_INFORMATION ImageInformation)
{
    PSECTION_OBJECT SectionObject;

    /* Get the section object of this process*/
    SectionObject = PsGetCurrentProcess()->SectionObject;
    ASSERT(SectionObject != NULL);
    ASSERT(MiIsRosSectionObject(SectionObject) == TRUE);

    /* Return the image information */
    *ImageInformation = ((PROS_SECTION_OBJECT)SectionObject)->ImageSection->ImageInformation;
}

NTSTATUS
NTAPI
MmGetFileNameForFileObject(IN PFILE_OBJECT FileObject,
                           OUT POBJECT_NAME_INFORMATION *ModuleName)
{
    POBJECT_NAME_INFORMATION ObjectNameInfo;
    NTSTATUS Status;
    ULONG ReturnLength;

    /* Allocate memory for our structure */
    ObjectNameInfo = ExAllocatePoolWithTag(PagedPool, 1024, TAG_MM);
    if (!ObjectNameInfo) return STATUS_NO_MEMORY;

    /* Query the name */
    Status = ObQueryNameString(FileObject,
                               ObjectNameInfo,
                               1024,
                               &ReturnLength);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, free memory */
        DPRINT1("Name query failed\n");
        ExFreePoolWithTag(ObjectNameInfo, TAG_MM);
        *ModuleName = NULL;
        return Status;
    }

    /* Success */
    *ModuleName = ObjectNameInfo;
    return STATUS_SUCCESS;
}

NTSTATUS
NTAPI
MmGetFileNameForSection(IN PVOID Section,
                        OUT POBJECT_NAME_INFORMATION *ModuleName)
{
    PFILE_OBJECT FileObject;

    /* Make sure it's an image section */
    if (MiIsRosSectionObject(Section) == FALSE)
    {
        /* Check ARM3 Section flag */
        if (((PSECTION)Section)->u.Flags.Image == 0)
        {
            /* It's not, fail */
            DPRINT1("Not an image section\n");
            return STATUS_SECTION_NOT_IMAGE;
        }
    }
    else if (!(((PROS_SECTION_OBJECT)Section)->AllocationAttributes & SEC_IMAGE))
    {
        /* It's not, fail */
        DPRINT1("Not an image section\n");
        return STATUS_SECTION_NOT_IMAGE;
    }

    /* Get the file object */
    FileObject = MmGetFileObjectForSection(Section);
    return MmGetFileNameForFileObject(FileObject, ModuleName);
}

NTSTATUS
NTAPI
MmGetFileNameForAddress(IN PVOID Address,
                        OUT PUNICODE_STRING ModuleName)
{
    POBJECT_NAME_INFORMATION ModuleNameInformation;
    PVOID AddressSpace;
    NTSTATUS Status;
    PMMVAD Vad;
    PFILE_OBJECT FileObject = NULL;

    /* Lock address space */
    AddressSpace = MmGetCurrentAddressSpace();
    MmLockAddressSpace(AddressSpace);

    /* Get the VAD */
    Vad = MiLocateAddress(Address);
    if (Vad == NULL)
    {
        /* Fail, the address does not exist */
        DPRINT1("No VAD at address %p\n", Address);
        MmUnlockAddressSpace(AddressSpace);
        return STATUS_INVALID_ADDRESS;
    }

    /* Get the file object pointer for the VAD */
    FileObject = MiGetFileObjectForVad(Vad);
    if (FileObject == NULL)
    {
        DPRINT1("Failed to get file object for Address %p\n", Address);
        MmUnlockAddressSpace(AddressSpace);
        return STATUS_SECTION_NOT_IMAGE;
    }

    /* Reference the file object */
    ObReferenceObject(FileObject);

    /* Unlock address space */
    MmUnlockAddressSpace(AddressSpace);

    /* Get the filename of the file object */
    Status = MmGetFileNameForFileObject(FileObject, &ModuleNameInformation);

    /* Dereference the file object */
    ObDereferenceObject(FileObject);

    /* Check if we were able to get the file object name */
    if (NT_SUCCESS(Status))
    {
        /* Init modulename */
        RtlCreateUnicodeString(ModuleName, ModuleNameInformation->Name.Buffer);

        /* Free temp taged buffer from MmGetFileNameForFileObject() */
        ExFreePoolWithTag(ModuleNameInformation, TAG_MM);
        DPRINT("Found ModuleName %S by address %p\n", ModuleName->Buffer, Address);
    }

   /* Return status */
   return Status;
}

NTSTATUS
NTAPI
MiQueryMemorySectionName(IN HANDLE ProcessHandle,
                         IN PVOID BaseAddress,
                         OUT PVOID MemoryInformation,
                         IN SIZE_T MemoryInformationLength,
                         OUT PSIZE_T ReturnLength)
{
    PEPROCESS Process;
    NTSTATUS Status;
    WCHAR ModuleFileNameBuffer[MAX_PATH] = {0};
    UNICODE_STRING ModuleFileName;
    PMEMORY_SECTION_NAME SectionName = NULL;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();

    Status = ObReferenceObjectByHandle(ProcessHandle,
                                       PROCESS_QUERY_INFORMATION,
                                       NULL,
                                       PreviousMode,
                                       (PVOID*)(&Process),
                                       NULL);

    if (!NT_SUCCESS(Status))
    {
        DPRINT("MiQueryMemorySectionName: ObReferenceObjectByHandle returned %x\n",Status);
        return Status;
    }

    RtlInitEmptyUnicodeString(&ModuleFileName, ModuleFileNameBuffer, sizeof(ModuleFileNameBuffer));
    Status = MmGetFileNameForAddress(BaseAddress, &ModuleFileName);

    if (NT_SUCCESS(Status))
    {
        SectionName = MemoryInformation;
        if (PreviousMode != KernelMode)
        {
            _SEH2_TRY
            {
                RtlInitUnicodeString(&SectionName->SectionFileName, SectionName->NameBuffer);
                SectionName->SectionFileName.MaximumLength = (USHORT)MemoryInformationLength;
                RtlCopyUnicodeString(&SectionName->SectionFileName, &ModuleFileName);

                if (ReturnLength) *ReturnLength = ModuleFileName.Length;

            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
        }
        else
        {
            RtlInitUnicodeString(&SectionName->SectionFileName, SectionName->NameBuffer);
            SectionName->SectionFileName.MaximumLength = (USHORT)MemoryInformationLength;
            RtlCopyUnicodeString(&SectionName->SectionFileName, &ModuleFileName);

            if (ReturnLength) *ReturnLength = ModuleFileName.Length;

        }
    }
    ObDereferenceObject(Process);
    return Status;
}

VOID
NTAPI
MiFlushTbAndCapture(IN PMMVAD FoundVad,
                    IN PMMPTE PointerPte,
                    IN ULONG ProtectionMask,
                    IN PMMPFN Pfn1,
                    IN BOOLEAN UpdateDirty)
{
    MMPTE TempPte, PreviousPte;
    KIRQL OldIrql;
    BOOLEAN RebuildPte = FALSE;

    //
    // User for sanity checking later on
    //
    PreviousPte = *PointerPte;

    //
    // Build the PTE and acquire the PFN lock
    //
    MI_MAKE_HARDWARE_PTE_USER(&TempPte,
                              PointerPte,
                              ProtectionMask,
                              PreviousPte.u.Hard.PageFrameNumber);
    OldIrql = MiAcquirePfnLock();

    //
    // We don't support I/O mappings in this path yet
    //
    ASSERT(Pfn1 != NULL);
    ASSERT(Pfn1->u3.e1.CacheAttribute != MiWriteCombined);

    //
    // Make sure new protection mask doesn't get in conflict and fix it if it does
    //
    if (Pfn1->u3.e1.CacheAttribute == MiCached)
    {
        //
        // This is a cached PFN
        //
        if (ProtectionMask & (MM_NOCACHE | MM_NOACCESS))
        {
            RebuildPte = TRUE;
            ProtectionMask &= ~(MM_NOCACHE | MM_NOACCESS);
        }
    }
    else if (Pfn1->u3.e1.CacheAttribute == MiNonCached)
    {
        //
        // This is a non-cached PFN
        //
        if ((ProtectionMask & (MM_NOCACHE | MM_NOACCESS)) != MM_NOCACHE)
        {
            RebuildPte = TRUE;
            ProtectionMask &= ~MM_NOACCESS;
            ProtectionMask |= MM_NOCACHE;
        }
    }

    if (RebuildPte)
    {
        MI_MAKE_HARDWARE_PTE_USER(&TempPte,
                                  PointerPte,
                                  ProtectionMask,
                                  PreviousPte.u.Hard.PageFrameNumber);
    }

    //
    // Write the new PTE, making sure we are only changing the bits
    //
    MI_UPDATE_VALID_PTE(PointerPte, TempPte);

    //
    // Flush the TLB
    //
    ASSERT(PreviousPte.u.Hard.Valid == 1);
    KeFlushCurrentTb();
    ASSERT(PreviousPte.u.Hard.Valid == 1);

    //
    // Windows updates the relevant PFN1 information, we currently don't.
    //
    if (UpdateDirty && PreviousPte.u.Hard.Dirty)
    {
        if (!Pfn1->u3.e1.Modified)
        {
            DPRINT1("FIXME: Mark PFN as dirty\n");
        }
    }

    //
    // Not supported in ARM3
    //
    ASSERT(FoundVad->u.VadFlags.VadType != VadWriteWatch);

    //
    // Release the PFN lock, we are done
    //
    MiReleasePfnLock(OldIrql);
}

//
// NOTE: This function gets a lot more complicated if we want Copy-on-Write support
//
NTSTATUS
NTAPI
MiSetProtectionOnSection(IN PEPROCESS Process,
                         IN PMMVAD FoundVad,
                         IN PVOID StartingAddress,
                         IN PVOID EndingAddress,
                         IN ULONG NewProtect,
                         OUT PULONG CapturedOldProtect,
                         IN ULONG DontCharge,
                         OUT PULONG Locked)
{
    PMMPTE PointerPte, LastPte;
    MMPTE TempPte, PteContents;
    PMMPDE PointerPde;
    PMMPFN Pfn1;
    ULONG ProtectionMask, QuotaCharge = 0;
    PETHREAD Thread = PsGetCurrentThread();
    PAGED_CODE();

    //
    // Tell caller nothing is being locked
    //
    *Locked = FALSE;

    //
    // This function should only be used for section VADs. Windows ASSERT */
    //
    ASSERT(FoundVad->u.VadFlags.PrivateMemory == 0);

    //
    // We don't support these features in ARM3
    //
    ASSERT(FoundVad->u.VadFlags.VadType != VadImageMap);
    ASSERT(FoundVad->u2.VadFlags2.CopyOnWrite == 0);

    //
    // Convert and validate the protection mask
    //
    ProtectionMask = MiMakeProtectionMask(NewProtect);
    if (ProtectionMask == MM_INVALID_PROTECTION)
    {
        DPRINT1("Invalid section protect\n");
        return STATUS_INVALID_PAGE_PROTECTION;
    }

    //
    // Get the PTE and PDE for the address, as well as the final PTE
    //
    MiLockProcessWorkingSetUnsafe(Process, Thread);
    PointerPde = MiAddressToPde(StartingAddress);
    PointerPte = MiAddressToPte(StartingAddress);
    LastPte = MiAddressToPte(EndingAddress);

    //
    // Make the PDE valid, and check the status of the first PTE
    //
    MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
    if (PointerPte->u.Long)
    {
        //
        // Not supported in ARM3
        //
        ASSERT(FoundVad->u.VadFlags.VadType != VadRotatePhysical);

        //
        // Capture the page protection and make the PDE valid
        //
        *CapturedOldProtect = MiGetPageProtection(PointerPte);
        MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
    }
    else
    {
        //
        // Only pagefile-backed section VADs are supported for now
        //
        ASSERT(FoundVad->u.VadFlags.VadType != VadImageMap);

        //
        // Grab the old protection from the VAD itself
        //
        *CapturedOldProtect = MmProtectToValue[FoundVad->u.VadFlags.Protection];
    }

    //
    // Loop all the PTEs now
    //
    MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
    while (PointerPte <= LastPte)
    {
        //
        // Check if we've crossed a PDE boundary and make the new PDE valid too
        //
        if ((((ULONG_PTR)PointerPte) & (SYSTEM_PD_SIZE - 1)) == 0)
        {
            PointerPde = MiPteToPde(PointerPte);
            MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
        }

        //
        // Capture the PTE and see what we're dealing with
        //
        PteContents = *PointerPte;
        if (PteContents.u.Long == 0)
        {
            //
            // This used to be a zero PTE and it no longer is, so we must add a
            // reference to the pagetable.
            //
            MiIncrementPageTableReferences(MiPteToAddress(PointerPte));

            //
            // Create the demand-zero prototype PTE
            //
            TempPte = PrototypePte;
            TempPte.u.Soft.Protection = ProtectionMask;
            MI_WRITE_INVALID_PTE(PointerPte, TempPte);
        }
        else if (PteContents.u.Hard.Valid == 1)
        {
            //
            // Get the PFN entry
            //
            Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(&PteContents));

            //
            // We don't support these yet
            //
            ASSERT((NewProtect & (PAGE_NOACCESS | PAGE_GUARD)) == 0);
            ASSERT(Pfn1->u3.e1.PrototypePte == 0);

            //
            // Write the protection mask and write it with a TLB flush
            //
            Pfn1->OriginalPte.u.Soft.Protection = ProtectionMask;
            MiFlushTbAndCapture(FoundVad,
                                PointerPte,
                                ProtectionMask,
                                Pfn1,
                                TRUE);
        }
        else
        {
            //
            // We don't support these cases yet
            //
            ASSERT(PteContents.u.Soft.Prototype == 0);
            ASSERT(PteContents.u.Soft.Transition == 0);

            //
            // The PTE is already demand-zero, just update the protection mask
            //
            PointerPte->u.Soft.Protection = ProtectionMask;
        }

        PointerPte++;
    }

    //
    // Unlock the working set and update quota charges if needed, then return
    //
    MiUnlockProcessWorkingSetUnsafe(Process, Thread);
    if ((QuotaCharge > 0) && (!DontCharge))
    {
        FoundVad->u.VadFlags.CommitCharge -= QuotaCharge;
        Process->CommitCharge -= QuotaCharge;
    }
    return STATUS_SUCCESS;
}

VOID
NTAPI
MiRemoveMappedPtes(IN PVOID BaseAddress,
                   IN ULONG NumberOfPtes,
                   IN PCONTROL_AREA ControlArea,
                   IN PMMSUPPORT Ws)
{
    PMMPTE PointerPte, ProtoPte;//, FirstPte;
    PMMPDE PointerPde, SystemMapPde;
    PMMPFN Pfn1, Pfn2;
    MMPTE PteContents;
    KIRQL OldIrql;
    DPRINT("Removing mapped view at: 0x%p\n", BaseAddress);

    ASSERT(Ws == NULL);

    /* Get the PTE and loop each one */
    PointerPte = MiAddressToPte(BaseAddress);
    //FirstPte = PointerPte;
    while (NumberOfPtes)
    {
        /* Check if the PTE is already valid */
        PteContents = *PointerPte;
        if (PteContents.u.Hard.Valid == 1)
        {
            /* Get the PFN entry */
            Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(&PteContents));

            /* Get the PTE */
            PointerPde = MiPteToPde(PointerPte);

            /* Lock the PFN database and make sure this isn't a mapped file */
            OldIrql = MiAcquirePfnLock();
            ASSERT(((Pfn1->u3.e1.PrototypePte) && (Pfn1->OriginalPte.u.Soft.Prototype)) == 0);

            /* Mark the page as modified accordingly */
            if (MI_IS_PAGE_DIRTY(&PteContents))
                Pfn1->u3.e1.Modified = 1;

            /* Was the PDE invalid */
            if (PointerPde->u.Long == 0)
            {
#if (_MI_PAGING_LEVELS == 2)
                /* Find the system double-mapped PDE that describes this mapping */
                SystemMapPde = &MmSystemPagePtes[((ULONG_PTR)PointerPde & (SYSTEM_PD_SIZE - 1)) / sizeof(MMPTE)];

                /* Make it valid */
                ASSERT(SystemMapPde->u.Hard.Valid == 1);
                MI_WRITE_VALID_PDE(PointerPde, *SystemMapPde);
#else
                DBG_UNREFERENCED_LOCAL_VARIABLE(SystemMapPde);
                ASSERT(FALSE);
#endif
            }

            /* Dereference the PDE and the PTE */
            Pfn2 = MiGetPfnEntry(PFN_FROM_PTE(PointerPde));
            MiDecrementShareCount(Pfn2, PFN_FROM_PTE(PointerPde));
            DBG_UNREFERENCED_LOCAL_VARIABLE(Pfn2);
            MiDecrementShareCount(Pfn1, PFN_FROM_PTE(&PteContents));

            /* Release the PFN lock */
            MiReleasePfnLock(OldIrql);
        }
        else
        {
            /* Windows ASSERT */
            ASSERT((PteContents.u.Long == 0) || (PteContents.u.Soft.Prototype == 1));

            /* Check if this is a prototype pointer PTE */
            if (PteContents.u.Soft.Prototype == 1)
            {
                /* Get the prototype PTE */
                ProtoPte = MiProtoPteToPte(&PteContents);

                /* We don't support anything else atm */
                ASSERT(ProtoPte->u.Long == 0);
            }
        }

        /* Make the PTE into a zero PTE */
        PointerPte->u.Long = 0;

        /* Move to the next PTE */
        PointerPte++;
        NumberOfPtes--;
    }

    /* Flush the TLB */
    KeFlushCurrentTb();

    /* Acquire the PFN lock */
    OldIrql = MiAcquirePfnLock();

    /* Decrement the accounting counters */
    ControlArea->NumberOfUserReferences--;
    ControlArea->NumberOfMappedViews--;

    /* Check if we should destroy the CA and release the lock */
    MiCheckControlArea(ControlArea, OldIrql);
}

ULONG
NTAPI
MiRemoveFromSystemSpace(IN PMMSESSION Session,
                        IN PVOID Base,
                        OUT PCONTROL_AREA *ControlArea)
{
    ULONG Hash, Size, Count = 0;
    ULONG_PTR Entry;
    PAGED_CODE();

    /* Compute the hash for this entry and loop trying to find it */
    Entry = (ULONG_PTR)Base >> 16;
    Hash = Entry % Session->SystemSpaceHashKey;
    while ((Session->SystemSpaceViewTable[Hash].Entry >> 16) != Entry)
    {
        /* Check if we overflew past the end of the hash table */
        if (++Hash >= Session->SystemSpaceHashSize)
        {
            /* Reset the hash to zero and keep searching from the bottom */
            Hash = 0;
            if (++Count == 2)
            {
                /* But if we overflew twice, then this is not a real mapping */
                KeBugCheckEx(DRIVER_UNMAPPING_INVALID_VIEW,
                             (ULONG_PTR)Base,
                             1,
                             0,
                             0);
            }
        }
    }

    /* One less entry */
    Session->SystemSpaceHashEntries--;

    /* Extract the size and clear the entry */
    Size = Session->SystemSpaceViewTable[Hash].Entry & 0xFFFF;
    Session->SystemSpaceViewTable[Hash].Entry = 0;

    /* Return the control area and the size */
    *ControlArea = Session->SystemSpaceViewTable[Hash].ControlArea;
    return Size;
}

NTSTATUS
NTAPI
MiUnmapViewInSystemSpace(IN PMMSESSION Session,
                         IN PVOID MappedBase)
{
    ULONG Size;
    PCONTROL_AREA ControlArea;
    PAGED_CODE();

    /* Remove this mapping */
    KeAcquireGuardedMutex(Session->SystemSpaceViewLockPointer);
    Size = MiRemoveFromSystemSpace(Session, MappedBase, &ControlArea);

    /* Clear the bits for this mapping */
    RtlClearBits(Session->SystemSpaceBitMap,
                 (ULONG)(((ULONG_PTR)MappedBase - (ULONG_PTR)Session->SystemSpaceViewStart) >> 16),
                 Size);

    /* Convert the size from a bit size into the actual size */
    Size = Size * (_64K >> PAGE_SHIFT);

    /* Remove the PTEs now */
    MiRemoveMappedPtes(MappedBase, Size, ControlArea, NULL);
    KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);

    /* Return success */
    return STATUS_SUCCESS;
}

/* PUBLIC FUNCTIONS ***********************************************************/

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmCreateArm3Section(OUT PVOID *SectionObject,
                    IN ACCESS_MASK DesiredAccess,
                    IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
                    IN PLARGE_INTEGER InputMaximumSize,
                    IN ULONG SectionPageProtection,
                    IN ULONG AllocationAttributes,
                    IN HANDLE FileHandle OPTIONAL,
                    IN PFILE_OBJECT FileObject OPTIONAL)
{
    SECTION Section;
    PSECTION NewSection;
    PSUBSECTION Subsection;
    PSEGMENT NewSegment, Segment;
    NTSTATUS Status;
    PCONTROL_AREA ControlArea;
    ULONG ProtectionMask, ControlAreaSize, Size, NonPagedCharge, PagedCharge;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    BOOLEAN FileLock = FALSE, KernelCall = FALSE;
    KIRQL OldIrql;
    PFILE_OBJECT File;
    BOOLEAN UserRefIncremented = FALSE;
    PVOID PreviousSectionPointer;

    /* Make the same sanity checks that the Nt interface should've validated */
    ASSERT((AllocationAttributes & ~(SEC_COMMIT | SEC_RESERVE | SEC_BASED |
                                     SEC_LARGE_PAGES | SEC_IMAGE | SEC_NOCACHE |
                                     SEC_NO_CHANGE)) == 0);
    ASSERT((AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | SEC_IMAGE)) != 0);
    ASSERT(!((AllocationAttributes & SEC_IMAGE) &&
             (AllocationAttributes & (SEC_COMMIT | SEC_RESERVE |
                                      SEC_NOCACHE | SEC_NO_CHANGE))));
    ASSERT(!((AllocationAttributes & SEC_COMMIT) && (AllocationAttributes & SEC_RESERVE)));
    ASSERT(!((SectionPageProtection & PAGE_NOCACHE) ||
             (SectionPageProtection & PAGE_WRITECOMBINE) ||
             (SectionPageProtection & PAGE_GUARD) ||
             (SectionPageProtection & PAGE_NOACCESS)));

    /* Convert section flag to page flag */
    if (AllocationAttributes & SEC_NOCACHE) SectionPageProtection |= PAGE_NOCACHE;

    /* Check to make sure the protection is correct. Nt* does this already */
    ProtectionMask = MiMakeProtectionMask(SectionPageProtection);
    if (ProtectionMask == MM_INVALID_PROTECTION) return STATUS_INVALID_PAGE_PROTECTION;

    /* Check if this is going to be a data or image backed file section */
    if ((FileHandle) || (FileObject))
    {
        /* These cannot be mapped with large pages */
        if (AllocationAttributes & SEC_LARGE_PAGES) return STATUS_INVALID_PARAMETER_6;

        /* For now, only support the mechanism through a file handle */
        ASSERT(FileObject == NULL);

        /* Reference the file handle to get the object */
        Status = ObReferenceObjectByHandle(FileHandle,
                                           MmMakeFileAccess[ProtectionMask],
                                           IoFileObjectType,
                                           PreviousMode,
                                           (PVOID*)&File,
                                           NULL);
        if (!NT_SUCCESS(Status)) return Status;

        /* Make sure Cc has been doing its job */
        if (!File->SectionObjectPointer)
        {
            /* This is not a valid file system-based file, fail */
            ObDereferenceObject(File);
            return STATUS_INVALID_FILE_FOR_SECTION;
        }

        /* Image-file backed sections are not yet supported */
        ASSERT((AllocationAttributes & SEC_IMAGE) == 0);

        /* Compute the size of the control area, and allocate it */
        ControlAreaSize = sizeof(CONTROL_AREA) + sizeof(MSUBSECTION);
        ControlArea = ExAllocatePoolWithTag(NonPagedPool, ControlAreaSize, 'aCmM');
        if (!ControlArea)
        {
            ObDereferenceObject(File);
            return STATUS_INSUFFICIENT_RESOURCES;
        }

        /* Zero it out */
        RtlZeroMemory(ControlArea, ControlAreaSize);

        /* Did we get a handle, or an object? */
        if (FileHandle)
        {
            /* We got a file handle so we have to lock down the file */
#if 0
            Status = FsRtlAcquireToCreateMappedSection(File, SectionPageProtection);
            if (!NT_SUCCESS(Status))
            {
                ExFreePool(ControlArea);
                ObDereferenceObject(File);
                return Status;
            }
#else
            /* ReactOS doesn't support this API yet, so do nothing */
            Status = STATUS_SUCCESS;
#endif
            /* Update the top-level IRP so that drivers know what's happening */
            IoSetTopLevelIrp((PIRP)FSRTL_FSP_TOP_LEVEL_IRP);
            FileLock = TRUE;
        }

        /* Lock the PFN database while we play with the section pointers */
        OldIrql = MiAcquirePfnLock();

        /* Image-file backed sections are not yet supported */
        ASSERT((AllocationAttributes & SEC_IMAGE) == 0);

        /* There should not already be a control area for this file */
        ASSERT(File->SectionObjectPointer->DataSectionObject == NULL);
        NewSegment = NULL;

        /* Write down that this CA is being created, and set it */
        ControlArea->u.Flags.BeingCreated = TRUE;
        ASSERT((AllocationAttributes & SEC_IMAGE) == 0);
        PreviousSectionPointer = File->SectionObjectPointer;
        File->SectionObjectPointer->DataSectionObject = ControlArea;

        /* We can release the PFN lock now */
        MiReleasePfnLock(OldIrql);

        /* We don't support previously-mapped file */
        ASSERT(NewSegment == NULL);

        /* Image-file backed sections are not yet supported */
        ASSERT((AllocationAttributes & SEC_IMAGE) == 0);

        /* So we always create a data file map */
        Status = MiCreateDataFileMap(File,
                                     &Segment,
                                     (PSIZE_T)InputMaximumSize,
                                     SectionPageProtection,
                                     AllocationAttributes,
                                     KernelCall);
        if (!NT_SUCCESS(Status))
        {
            /* Lock the PFN database while we play with the section pointers */
            OldIrql = MiAcquirePfnLock();

            /* Reset the waiting-for-deletion event */
            ASSERT(ControlArea->WaitingForDeletion == NULL);
            ControlArea->WaitingForDeletion = NULL;

            /* Set the file pointer NULL flag */
            ASSERT(ControlArea->u.Flags.FilePointerNull == 0);
            ControlArea->u.Flags.FilePointerNull = TRUE;

            /* Delete the data section object */
            ASSERT((AllocationAttributes & SEC_IMAGE) == 0);
            File->SectionObjectPointer->DataSectionObject = NULL;

            /* No longer being created */
            ControlArea->u.Flags.BeingCreated = FALSE;

            /* We can release the PFN lock now */
            MiReleasePfnLock(OldIrql);

            /* Check if we locked and set the IRP */
            if (FileLock)
            {
                /* Undo */
                IoSetTopLevelIrp(NULL);
                //FsRtlReleaseFile(File);
            }

            /* Free the control area and de-ref the file object */
            ExFreePool(ControlArea);
            ObDereferenceObject(File);

            /* All done */
            return Status;
        }

        /* On success, we expect this */
        ASSERT(PreviousSectionPointer == File->SectionObjectPointer);

        /* Check if a maximum size was specified */
        if (!InputMaximumSize->QuadPart)
        {
            /* Nope, use the segment size */
            Section.SizeOfSection.QuadPart = (LONGLONG)Segment->SizeOfSegment;
        }
        else
        {
            /* Yep, use the entered size */
            Section.SizeOfSection.QuadPart = InputMaximumSize->QuadPart;
        }
    }
    else
    {
        /* A handle must be supplied with SEC_IMAGE, as this is the no-handle path */
        if (AllocationAttributes & SEC_IMAGE) return STATUS_INVALID_FILE_FOR_SECTION;

        /* Not yet supported */
        ASSERT((AllocationAttributes & SEC_LARGE_PAGES) == 0);

        /* So this must be a pagefile-backed section, create the mappings needed */
        Status = MiCreatePagingFileMap(&NewSegment,
                                       (PSIZE_T)InputMaximumSize,
                                       ProtectionMask,
                                       AllocationAttributes);
        if (!NT_SUCCESS(Status)) return Status;

        /* Set the size here, and read the control area */
        Section.SizeOfSection.QuadPart = NewSegment->SizeOfSegment;
        ControlArea = NewSegment->ControlArea;

        /* MiCreatePagingFileMap increments user references */
        UserRefIncremented = TRUE;
    }

    /* Did we already have a segment? */
    if (!NewSegment)
    {
        /* This must be the file path and we created a segment */
        NewSegment = Segment;
        ASSERT(File != NULL);

        /* Acquire the PFN lock while we set control area flags */
        OldIrql = MiAcquirePfnLock();

        /* We don't support this race condition yet, so assume no waiters */
        ASSERT(ControlArea->WaitingForDeletion == NULL);
        ControlArea->WaitingForDeletion = NULL;

        /* Image-file backed sections are not yet supported, nor ROM images */
        ASSERT((AllocationAttributes & SEC_IMAGE) == 0);
        ASSERT(Segment->ControlArea->u.Flags.Rom == 0);

        /* Take off the being created flag, and then release the lock */
        ControlArea->u.Flags.BeingCreated = FALSE;
        MiReleasePfnLock(OldIrql);
    }

    /* Check if we locked the file earlier */
    if (FileLock)
    {
        /* Reset the top-level IRP and release the lock */
        IoSetTopLevelIrp(NULL);
        //FsRtlReleaseFile(File);
        FileLock = FALSE;
    }

    /* Set the initial section object data */
    Section.InitialPageProtection = SectionPageProtection;

    /* The mapping created a control area and segment, save the flags */
    Section.Segment = NewSegment;
    Section.u.LongFlags = ControlArea->u.LongFlags;

    /* Check if this is a user-mode read-write non-image file mapping */
    if (!(FileObject) &&
        (SectionPageProtection & (PAGE_READWRITE | PAGE_EXECUTE_READWRITE)) &&
        !(ControlArea->u.Flags.Image) &&
        (ControlArea->FilePointer))
    {
        /* Add a reference and set the flag */
        Section.u.Flags.UserWritable = TRUE;
        InterlockedIncrement((volatile LONG*)&ControlArea->WritableUserReferences);
    }

    /* Check for image mappings or page file mappings */
    if ((ControlArea->u.Flags.Image) || !(ControlArea->FilePointer))
    {
        /* Charge the segment size, and allocate a subsection */
        PagedCharge = sizeof(SECTION) + NewSegment->TotalNumberOfPtes * sizeof(MMPTE);
        Size = sizeof(SUBSECTION);
    }
    else
    {
        /* Charge nothing, and allocate a mapped subsection */
        PagedCharge = 0;
        Size = sizeof(MSUBSECTION);
    }

    /* Check if this is a normal CA */
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
    ASSERT(ControlArea->u.Flags.Rom == 0);

    /* Charge only a CA, and the subsection is right after */
    NonPagedCharge = sizeof(CONTROL_AREA);
    Subsection = (PSUBSECTION)(ControlArea + 1);

    /* We only support single-subsection mappings */
    NonPagedCharge += Size;
    ASSERT(Subsection->NextSubsection == NULL);

    /* Create the actual section object, with enough space for the prototype PTEs */
    Status = ObCreateObject(PreviousMode,
                            MmSectionObjectType,
                            ObjectAttributes,
                            PreviousMode,
                            NULL,
                            sizeof(SECTION),
                            PagedCharge,
                            NonPagedCharge,
                            (PVOID*)&NewSection);
    if (!NT_SUCCESS(Status))
    {
        /* Check if this is a user-mode read-write non-image file mapping */
        if (!(FileObject) &&
            (SectionPageProtection & (PAGE_READWRITE | PAGE_EXECUTE_READWRITE)) &&
            !(ControlArea->u.Flags.Image) &&
            (ControlArea->FilePointer))
        {
            /* Remove a reference and check the flag */
            ASSERT(Section.u.Flags.UserWritable == 1);
            InterlockedDecrement((volatile LONG*)&ControlArea->WritableUserReferences);
        }

        /* Check if a user reference was added */
        if (UserRefIncremented)
        {
            /* Acquire the PFN lock while we change counters */
            OldIrql = MiAcquirePfnLock();

            /* Decrement the accounting counters */
            ControlArea->NumberOfSectionReferences--;
            ASSERT((LONG)ControlArea->NumberOfUserReferences > 0);
            ControlArea->NumberOfUserReferences--;

            /* Check if we should destroy the CA and release the lock */
            MiCheckControlArea(ControlArea, OldIrql);
        }

        /* Return the failure code */
        return Status;
    }

    /* NOTE: Past this point, all failures will be handled by Ob upon ref->0 */

    /* Now copy the local section object from the stack into this new object */
    RtlCopyMemory(NewSection, &Section, sizeof(SECTION));
    NewSection->Address.StartingVpn = 0;

    /* For now, only user calls are supported */
    ASSERT(KernelCall == FALSE);
    NewSection->u.Flags.UserReference = TRUE;

    /* Is this a "based" allocation, in which all mappings are identical? */
    if (AllocationAttributes & SEC_BASED)
    {
        /* Lock the VAD tree during the search */
        KeAcquireGuardedMutex(&MmSectionBasedMutex);

        /* Is it a brand new ControArea ? */
        if (ControlArea->u.Flags.BeingCreated == 1)
        {
            ASSERT(ControlArea->u.Flags.Based == 1);
            /* Then we must find a global address, top-down */
            Status = MiFindEmptyAddressRangeDownBasedTree((SIZE_T)ControlArea->Segment->SizeOfSegment,
                                                          (ULONG_PTR)MmHighSectionBase,
                                                          _64K,
                                                          &MmSectionBasedRoot,
                                                          (ULONG_PTR*)&ControlArea->Segment->BasedAddress);

            if (!NT_SUCCESS(Status))
            {
                /* No way to find a valid range. */
                KeReleaseGuardedMutex(&MmSectionBasedMutex);
                ControlArea->u.Flags.Based = 0;
                NewSection->u.Flags.Based = 0;
                ObDereferenceObject(NewSection);
                return Status;
            }

            /* Compute the ending address and insert it into the VAD tree */
            NewSection->Address.StartingVpn = (ULONG_PTR)ControlArea->Segment->BasedAddress;
            NewSection->Address.EndingVpn = NewSection->Address.StartingVpn + NewSection->SizeOfSection.LowPart - 1;
            MiInsertBasedSection(NewSection);
        }
        else
        {
            /* FIXME : Should we deny section creation if SEC_BASED is not set ? Can we have two different section objects on the same based address ? Investigate !*/
            ASSERT(FALSE);
        }

        KeReleaseGuardedMutex(&MmSectionBasedMutex);
    }

    /* The control area is not being created anymore */
    if (ControlArea->u.Flags.BeingCreated == 1)
    {
        /* Acquire the PFN lock while we set control area flags */
        OldIrql = MiAcquirePfnLock();

        /* Take off the being created flag, and then release the lock */
        ControlArea->u.Flags.BeingCreated = 0;
        NewSection->u.Flags.BeingCreated = 0;

        MiReleasePfnLock(OldIrql);
    }

    /* Migrate the attribute into a flag */
    if (AllocationAttributes & SEC_NO_CHANGE) NewSection->u.Flags.NoChange = TRUE;

    /* If R/W access is not requested, this might eventually become a CoW mapping */
    if (!(SectionPageProtection & (PAGE_READWRITE | PAGE_EXECUTE_READWRITE)))
    {
        NewSection->u.Flags.CopyOnWrite = TRUE;
    }

    /* Write down if this was a kernel call */
    ControlArea->u.Flags.WasPurged |= KernelCall;
    ASSERT(ControlArea->u.Flags.WasPurged == FALSE);

    /* Make sure the segment and the section are the same size, or the section is smaller */
    ASSERT((ULONG64)NewSection->SizeOfSection.QuadPart <= NewSection->Segment->SizeOfSegment);

    /* Return the object and the creation status */
    *SectionObject = (PVOID)NewSection;
    return Status;
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmMapViewOfArm3Section(IN PVOID SectionObject,
                       IN PEPROCESS Process,
                       IN OUT PVOID *BaseAddress,
                       IN ULONG_PTR ZeroBits,
                       IN SIZE_T CommitSize,
                       IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
                       IN OUT PSIZE_T ViewSize,
                       IN SECTION_INHERIT InheritDisposition,
                       IN ULONG AllocationType,
                       IN ULONG Protect)
{
    KAPC_STATE ApcState;
    BOOLEAN Attached = FALSE;
    PSECTION Section;
    PCONTROL_AREA ControlArea;
    ULONG ProtectionMask;
    NTSTATUS Status;
    ULONG64 CalculatedViewSize;
    PAGED_CODE();

    /* Get the segment and control area */
    Section = (PSECTION)SectionObject;
    ControlArea = Section->Segment->ControlArea;

    /* These flags/states are not yet supported by ARM3 */
    ASSERT(Section->u.Flags.Image == 0);
    ASSERT(Section->u.Flags.NoCache == 0);
    ASSERT(Section->u.Flags.WriteCombined == 0);
    ASSERT(ControlArea->u.Flags.PhysicalMemory == 0);

    /* FIXME */
    if ((AllocationType & MEM_RESERVE) != 0)
    {
        DPRINT1("MmMapViewOfArm3Section called with MEM_RESERVE, this is not implemented yet!!!\n");
        return STATUS_NOT_IMPLEMENTED;
    }

    /* Check if the mapping protection is compatible with the create */
    if (!MiIsProtectionCompatible(Section->InitialPageProtection, Protect))
    {
        DPRINT1("Mapping protection is incompatible\n");
        return STATUS_SECTION_PROTECTION;
    }

    /* Check if the offset and size would cause an overflow */
    if (((ULONG64)SectionOffset->QuadPart + *ViewSize) <
         (ULONG64)SectionOffset->QuadPart)
    {
        DPRINT1("Section offset overflows\n");
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Check if the offset and size are bigger than the section itself */
    if (((ULONG64)SectionOffset->QuadPart + *ViewSize) >
         (ULONG64)Section->SizeOfSection.QuadPart)
    {
        DPRINT1("Section offset is larger than section\n");
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Check if the caller did not specify a view size */
    if (!(*ViewSize))
    {
        /* Compute it for the caller */
        CalculatedViewSize = Section->SizeOfSection.QuadPart - 
                             SectionOffset->QuadPart;

        /* Check if it's larger than 4GB or overflows into kernel-mode */
        if (!NT_SUCCESS(RtlULongLongToSIZET(CalculatedViewSize, ViewSize)) ||
            (((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - (ULONG_PTR)*BaseAddress) < CalculatedViewSize))
        {
            DPRINT1("Section view won't fit\n");
            return STATUS_INVALID_VIEW_SIZE;
        }
    }

    /* Check if the commit size is larger than the view size */
    if (CommitSize > *ViewSize)
    {
        DPRINT1("Attempting to commit more than the view itself\n");
        return STATUS_INVALID_PARAMETER_5;
    }

    /* Check if the view size is larger than the section */
    if (*ViewSize > (ULONG64)Section->SizeOfSection.QuadPart)
    {
        DPRINT1("The view is larger than the section\n");
        return STATUS_INVALID_VIEW_SIZE;
    }

    /* Compute and validate the protection mask */
    ProtectionMask = MiMakeProtectionMask(Protect);
    if (ProtectionMask == MM_INVALID_PROTECTION)
    {
        DPRINT1("The protection is invalid\n");
        return STATUS_INVALID_PAGE_PROTECTION;
    }

    /* We only handle pagefile-backed sections, which cannot be writecombined */
    if (Protect & PAGE_WRITECOMBINE)
    {
        DPRINT1("Cannot write combine a pagefile-backed section\n");
        return STATUS_INVALID_PARAMETER_10;
    }

    /* Start by attaching to the current process if needed */
    if (PsGetCurrentProcess() != Process)
    {
        KeStackAttachProcess(&Process->Pcb, &ApcState);
        Attached = TRUE;
    }

    /* Do the actual mapping */
    Status = MiMapViewOfDataSection(ControlArea,
                                    Process,
                                    BaseAddress,
                                    SectionOffset,
                                    ViewSize,
                                    Section,
                                    InheritDisposition,
                                    ProtectionMask,
                                    CommitSize,
                                    ZeroBits,
                                    AllocationType);

    /* Detach if needed, then return status */
    if (Attached) KeUnstackDetachProcess(&ApcState);
    return Status;
}

/*
 * @unimplemented
 */
BOOLEAN
NTAPI
MmDisableModifiedWriteOfSection(IN PSECTION_OBJECT_POINTERS SectionObjectPointer)
{
   UNIMPLEMENTED;
   return FALSE;
}

/*
 * @unimplemented
 */
BOOLEAN
NTAPI
MmForceSectionClosed(IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
                     IN BOOLEAN DelayClose)
{
   UNIMPLEMENTED;
   return FALSE;
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmMapViewInSessionSpace(IN PVOID Section,
                        OUT PVOID *MappedBase,
                        IN OUT PSIZE_T ViewSize)
{
    PAGED_CODE();

    // HACK
    if (MiIsRosSectionObject(Section))
    {
        return MmMapViewInSystemSpace(Section, MappedBase, ViewSize);
    }

    /* Process must be in a session */
    if (PsGetCurrentProcess()->ProcessInSession == FALSE)
    {
        DPRINT1("Process is not in session\n");
        return STATUS_NOT_MAPPED_VIEW;
    }

    /* Use the system space API, but with the session view instead */
    ASSERT(MmIsAddressValid(MmSessionSpace) == TRUE);
    return MiMapViewInSystemSpace(Section,
                                  &MmSessionSpace->Session,
                                  MappedBase,
                                  ViewSize);
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmUnmapViewInSessionSpace(IN PVOID MappedBase)
{
    PAGED_CODE();

    // HACK
    if (!MI_IS_SESSION_ADDRESS(MappedBase))
    {
        return MmUnmapViewInSystemSpace(MappedBase);
    }

    /* Process must be in a session */
    if (PsGetCurrentProcess()->ProcessInSession == FALSE)
    {
        DPRINT1("Proess is not in session\n");
        return STATUS_NOT_MAPPED_VIEW;
    }

    /* Use the system space API, but with the session view instead */
    ASSERT(MmIsAddressValid(MmSessionSpace) == TRUE);
    return MiUnmapViewInSystemSpace(&MmSessionSpace->Session,
                                    MappedBase);
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmUnmapViewOfSection(IN PEPROCESS Process,
                     IN PVOID BaseAddress)
{
    return MiUnmapViewOfSection(Process, BaseAddress, 0);
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmUnmapViewInSystemSpace(IN PVOID MappedBase)
{
    PMEMORY_AREA MemoryArea;
    PAGED_CODE();

    /* Was this mapped by RosMm? */
    MemoryArea = MmLocateMemoryAreaByAddress(MmGetKernelAddressSpace(), MappedBase);
    if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3))
    {
        return MiRosUnmapViewInSystemSpace(MappedBase);
    }

    /* It was not, call the ARM3 routine */
    return MiUnmapViewInSystemSpace(&MmSession, MappedBase);
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
MmCommitSessionMappedView(IN PVOID MappedBase,
                          IN SIZE_T ViewSize)
{
    ULONG_PTR StartAddress, EndingAddress, Base;
    ULONG Hash, Count = 0, Size, QuotaCharge;
    PMMSESSION Session;
    PMMPTE LastProtoPte, PointerPte, ProtoPte;
    PCONTROL_AREA ControlArea;
    PSEGMENT Segment;
    PSUBSECTION Subsection;
    MMPTE TempPte;
    PAGED_CODE();

    /* Make sure the base isn't past the session view range */
    if ((MappedBase < MiSessionViewStart) ||
        (MappedBase >= (PVOID)((ULONG_PTR)MiSessionViewStart + MmSessionViewSize)))
    {
        DPRINT1("Base outside of valid range\n");
        return STATUS_INVALID_PARAMETER_1;
    }

    /* Make sure the size isn't past the session view range */
    if (((ULONG_PTR)MiSessionViewStart + MmSessionViewSize -
        (ULONG_PTR)MappedBase) < ViewSize)
    {
        DPRINT1("Size outside of valid range\n");
        return STATUS_INVALID_PARAMETER_2;
    }

    /* Sanity check */
    ASSERT(ViewSize != 0);

    /* Process must be in a session */
    if (PsGetCurrentProcess()->ProcessInSession == FALSE)
    {
        DPRINT1("Process is not in session\n");
        return STATUS_NOT_MAPPED_VIEW;
    }

    /* Compute the correctly aligned base and end addresses */
    StartAddress = (ULONG_PTR)PAGE_ALIGN(MappedBase);
    EndingAddress = ((ULONG_PTR)MappedBase + ViewSize - 1) | (PAGE_SIZE - 1);

    /* Sanity check and grab the session */
    ASSERT(MmIsAddressValid(MmSessionSpace) == TRUE);
    Session = &MmSessionSpace->Session;

    /* Get the hash entry for this allocation */
    Hash = (StartAddress >> 16) % Session->SystemSpaceHashKey;

    /* Lock system space */
    KeAcquireGuardedMutex(Session->SystemSpaceViewLockPointer);

    /* Loop twice so we can try rolling over if needed */
    while (TRUE)
    {
        /* Extract the size and base addresses from the entry */
        Base = Session->SystemSpaceViewTable[Hash].Entry & ~0xFFFF;
        Size = Session->SystemSpaceViewTable[Hash].Entry & 0xFFFF;

        /* Convert the size to bucket chunks */
        Size *= MI_SYSTEM_VIEW_BUCKET_SIZE;

        /* Bail out if this entry fits in here */
        if ((StartAddress >= Base) && (EndingAddress < (Base + Size))) break;

        /* Check if we overflew past the end of the hash table */
        if (++Hash >= Session->SystemSpaceHashSize)
        {
            /* Reset the hash to zero and keep searching from the bottom */
            Hash = 0;
            if (++Count == 2)
            {
                /* But if we overflew twice, then this is not a real mapping */
                KeBugCheckEx(DRIVER_UNMAPPING_INVALID_VIEW,
                             Base,
                             2,
                             0,
                             0);
            }
        }
    }

    /* Make sure the view being mapped is not file-based */
    ControlArea = Session->SystemSpaceViewTable[Hash].ControlArea;
    if (ControlArea->FilePointer != NULL)
    {
        /* It is, so we have to bail out */
        DPRINT1("Only page-filed backed sections can be commited\n");
        KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
        return STATUS_ALREADY_COMMITTED;
    }

    /* Get the subsection. We don't support LARGE_CONTROL_AREA in ARM3 */
    ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
    ASSERT(ControlArea->u.Flags.Rom == 0);
    Subsection = (PSUBSECTION)(ControlArea + 1);

    /* Get the start and end PTEs -- make sure the end PTE isn't past the end */
    ProtoPte = Subsection->SubsectionBase + ((StartAddress - Base) >> PAGE_SHIFT);
    QuotaCharge = MiAddressToPte(EndingAddress) - MiAddressToPte(StartAddress) + 1;
    LastProtoPte = ProtoPte + QuotaCharge;
    if (LastProtoPte >= Subsection->SubsectionBase + Subsection->PtesInSubsection)
    {
        DPRINT1("PTE is out of bounds\n");
        KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
        return STATUS_INVALID_PARAMETER_2;
    }

    /* Acquire the commit lock and count all the non-committed PTEs */
    KeAcquireGuardedMutexUnsafe(&MmSectionCommitMutex);
    PointerPte = ProtoPte;
    while (PointerPte < LastProtoPte)
    {
        if (PointerPte->u.Long) QuotaCharge--;
        PointerPte++;
    }

    /* Was everything committed already? */
    if (!QuotaCharge)
    {
        /* Nothing to do! */
        KeReleaseGuardedMutexUnsafe(&MmSectionCommitMutex);
        KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
        return STATUS_SUCCESS;
    }

    /* Pick the segment and template PTE */
    Segment = ControlArea->Segment;
    TempPte = Segment->SegmentPteTemplate;
    ASSERT(TempPte.u.Long != 0);

    /* Loop all prototype PTEs to be committed */
    PointerPte = ProtoPte;
    while (PointerPte < LastProtoPte)
    {
        /* Make sure the PTE is already invalid */
        if (PointerPte->u.Long == 0)
        {
            /* And write the invalid PTE */
            MI_WRITE_INVALID_PTE(PointerPte, TempPte);
        }

        /* Move to the next PTE */
        PointerPte++;
    }

    /* Check if we had at least one page charged */
    if (QuotaCharge)
    {
        /* Update the accounting data */
        Segment->NumberOfCommittedPages += QuotaCharge;
        InterlockedExchangeAddSizeT(&MmSharedCommit, QuotaCharge);
    }

    /* Release all */
    KeReleaseGuardedMutexUnsafe(&MmSectionCommitMutex);
    KeReleaseGuardedMutex(Session->SystemSpaceViewLockPointer);
    return STATUS_SUCCESS;
}

VOID
NTAPI
MiDeleteARM3Section(PVOID ObjectBody)
{
    PSECTION SectionObject;
    PCONTROL_AREA ControlArea;
    KIRQL OldIrql;

    SectionObject = (PSECTION)ObjectBody;

    if (SectionObject->u.Flags.Based == 1)
    {
        /* Remove the node from the global section address tree */
        KeAcquireGuardedMutex(&MmSectionBasedMutex);
        MiRemoveNode(&SectionObject->Address, &MmSectionBasedRoot);
        KeReleaseGuardedMutex(&MmSectionBasedMutex);
    }

    /* Lock the PFN database */
    OldIrql = MiAcquirePfnLock();

    ASSERT(SectionObject->Segment);
    ASSERT(SectionObject->Segment->ControlArea);

    ControlArea = SectionObject->Segment->ControlArea;

    /* Dereference */
    ControlArea->NumberOfSectionReferences--;
    ControlArea->NumberOfUserReferences--;

    ASSERT(ControlArea->u.Flags.BeingDeleted == 0);

    /* Check it. It will delete it if there is no more reference to it */
    MiCheckControlArea(ControlArea, OldIrql);
}

ULONG
NTAPI
MmDoesFileHaveUserWritableReferences(IN PSECTION_OBJECT_POINTERS SectionPointer)
{
    UNIMPLEMENTED;
    return 0;
}

/* SYSTEM CALLS ***************************************************************/

NTSTATUS
NTAPI
NtAreMappedFilesTheSame(IN PVOID File1MappedAsAnImage,
                        IN PVOID File2MappedAsFile)
{
    PVOID AddressSpace;
    PMMVAD Vad1, Vad2;
    PFILE_OBJECT FileObject1, FileObject2;
    NTSTATUS Status;

    /* Lock address space */
    AddressSpace = MmGetCurrentAddressSpace();
    MmLockAddressSpace(AddressSpace);

    /* Get the VAD for Address 1 */
    Vad1 = MiLocateAddress(File1MappedAsAnImage);
    if (Vad1 == NULL)
    {
        /* Fail, the address does not exist */
        DPRINT1("No VAD at address 1 %p\n", File1MappedAsAnImage);
        Status = STATUS_INVALID_ADDRESS;
        goto Exit;
    }

    /* Get the VAD for Address 2 */
    Vad2 = MiLocateAddress(File2MappedAsFile);
    if (Vad2 == NULL)
    {
        /* Fail, the address does not exist */
        DPRINT1("No VAD at address 2 %p\n", File2MappedAsFile);
        Status = STATUS_INVALID_ADDRESS;
        goto Exit;
    }

    /* Get the file object pointer for VAD 1 */
    FileObject1 = MiGetFileObjectForVad(Vad1);
    if (FileObject1 == NULL)
    {
        DPRINT1("Failed to get file object for Address 1 %p\n", File1MappedAsAnImage);
        Status = STATUS_CONFLICTING_ADDRESSES;
        goto Exit;
    }

    /* Get the file object pointer for VAD 2 */
    FileObject2 = MiGetFileObjectForVad(Vad2);
    if (FileObject2 == NULL)
    {
        DPRINT1("Failed to get file object for Address 2 %p\n", File2MappedAsFile);
        Status = STATUS_CONFLICTING_ADDRESSES;
        goto Exit;
    }

    /* Make sure Vad1 is an image mapping */
    if (Vad1->u.VadFlags.VadType != VadImageMap)
    {
        DPRINT1("Address 1 (%p) is not an image mapping\n", File1MappedAsAnImage);
        Status = STATUS_NOT_SAME_DEVICE;
        goto Exit;
    }

    /* SectionObjectPointer is equal if the files are equal */
    if (FileObject1->SectionObjectPointer == FileObject2->SectionObjectPointer)
    {
        Status = STATUS_SUCCESS;
    }
    else
    {
        Status = STATUS_NOT_SAME_DEVICE;
    }

Exit:
    /* Unlock address space */
    MmUnlockAddressSpace(AddressSpace);
    return Status;
}

/*
 * @implemented
 */
NTSTATUS
NTAPI
NtCreateSection(OUT PHANDLE SectionHandle,
                IN ACCESS_MASK DesiredAccess,
                IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
                IN PLARGE_INTEGER MaximumSize OPTIONAL,
                IN ULONG SectionPageProtection OPTIONAL,
                IN ULONG AllocationAttributes,
                IN HANDLE FileHandle OPTIONAL)
{
    LARGE_INTEGER SafeMaximumSize;
    PVOID SectionObject;
    HANDLE Handle;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    NTSTATUS Status;
    PAGED_CODE();

    /* Check for non-existing flags */
    if ((AllocationAttributes & ~(SEC_COMMIT | SEC_RESERVE | SEC_BASED |
                                  SEC_LARGE_PAGES | SEC_IMAGE | SEC_NOCACHE |
                                  SEC_NO_CHANGE)))
    {
        if (!(AllocationAttributes & 1))
        {
            DPRINT1("Bogus allocation attribute: %lx\n", AllocationAttributes);
            return STATUS_INVALID_PARAMETER_6;
        }
    }

    /* Check for no allocation type */
    if (!(AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | SEC_IMAGE)))
    {
        DPRINT1("Missing allocation type in allocation attributes\n");
        return STATUS_INVALID_PARAMETER_6;
    }

    /* Check for image allocation with invalid attributes */
    if ((AllocationAttributes & SEC_IMAGE) &&
        (AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | SEC_LARGE_PAGES |
                                 SEC_NOCACHE | SEC_NO_CHANGE)))
    {
        DPRINT1("Image allocation with invalid attributes\n");
        return STATUS_INVALID_PARAMETER_6;
    }

    /* Check for allocation type is both commit and reserve */
    if ((AllocationAttributes & SEC_COMMIT) && (AllocationAttributes & SEC_RESERVE))
    {
        DPRINT1("Commit and reserve in the same time\n");
        return STATUS_INVALID_PARAMETER_6;
    }

    /* Now check for valid protection */
    if ((SectionPageProtection & PAGE_NOCACHE) ||
        (SectionPageProtection & PAGE_WRITECOMBINE) ||
        (SectionPageProtection & PAGE_GUARD) ||
        (SectionPageProtection & PAGE_NOACCESS))
    {
        DPRINT1("Sections don't support these protections\n");
        return STATUS_INVALID_PAGE_PROTECTION;
    }

    /* Use a maximum size of zero, if none was specified */
    SafeMaximumSize.QuadPart = 0;

    /* Check for user-mode caller */
    if (PreviousMode != KernelMode)
    {
        /* Enter SEH */
        _SEH2_TRY
        {
            /* Safely check user-mode parameters */
            if (MaximumSize) SafeMaximumSize = ProbeForReadLargeInteger(MaximumSize);
            MaximumSize = &SafeMaximumSize;
            ProbeForWriteHandle(SectionHandle);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else if (!MaximumSize) MaximumSize = &SafeMaximumSize;

    /* Check that MaximumSize is valid if backed by paging file */
    if ((!FileHandle) && (!MaximumSize->QuadPart))
        return STATUS_INVALID_PARAMETER_4;

    /* Create the section */
    Status = MmCreateSection(&SectionObject,
                             DesiredAccess,
                             ObjectAttributes,
                             MaximumSize,
                             SectionPageProtection,
                             AllocationAttributes,
                             FileHandle,
                             NULL);
    if (!NT_SUCCESS(Status)) return Status;

    /* FIXME: Should zero last page for a file mapping */

    /* Now insert the object */
    Status = ObInsertObject(SectionObject,
                            NULL,
                            DesiredAccess,
                            0,
                            NULL,
                            &Handle);
    if (NT_SUCCESS(Status))
    {
        /* Enter SEH */
        _SEH2_TRY
        {
            /* Return the handle safely */
            *SectionHandle = Handle;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Nothing here */
        }
        _SEH2_END;
    }

    /* Return the status */
    return Status;
}

NTSTATUS
NTAPI
NtOpenSection(OUT PHANDLE SectionHandle,
              IN ACCESS_MASK DesiredAccess,
              IN POBJECT_ATTRIBUTES ObjectAttributes)
{
    HANDLE Handle;
    NTSTATUS Status;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    PAGED_CODE();

    /* Check for user-mode caller */
    if (PreviousMode != KernelMode)
    {
        /* Enter SEH */
        _SEH2_TRY
        {
            /* Safely check user-mode parameters */
            ProbeForWriteHandle(SectionHandle);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }

    /* Try opening the object */
    Status = ObOpenObjectByName(ObjectAttributes,
                                MmSectionObjectType,
                                PreviousMode,
                                NULL,
                                DesiredAccess,
                                NULL,
                                &Handle);

    /* Enter SEH */
    _SEH2_TRY
    {
        /* Return the handle safely */
        *SectionHandle = Handle;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Nothing here */
    }
    _SEH2_END;

    /* Return the status */
    return Status;
}

NTSTATUS
NTAPI
NtMapViewOfSection(IN HANDLE SectionHandle,
                   IN HANDLE ProcessHandle,
                   IN OUT PVOID* BaseAddress,
                   IN ULONG_PTR ZeroBits,
                   IN SIZE_T CommitSize,
                   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
                   IN OUT PSIZE_T ViewSize,
                   IN SECTION_INHERIT InheritDisposition,
                   IN ULONG AllocationType,
                   IN ULONG Protect)
{
    PVOID SafeBaseAddress;
    LARGE_INTEGER SafeSectionOffset;
    SIZE_T SafeViewSize;
    PROS_SECTION_OBJECT Section;
    PEPROCESS Process;
    NTSTATUS Status;
    ACCESS_MASK DesiredAccess;
    ULONG ProtectionMask;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
#if defined(_M_IX86) || defined(_M_AMD64)
    static const ULONG ValidAllocationType = (MEM_TOP_DOWN | MEM_LARGE_PAGES |
            MEM_DOS_LIM | SEC_NO_CHANGE | MEM_RESERVE);
#else
    static const ULONG ValidAllocationType = (MEM_TOP_DOWN | MEM_LARGE_PAGES |
            SEC_NO_CHANGE | MEM_RESERVE);
#endif

    /* Check for invalid inherit disposition */
    if ((InheritDisposition > ViewUnmap) || (InheritDisposition < ViewShare))
    {
        DPRINT1("Invalid inherit disposition\n");
        return STATUS_INVALID_PARAMETER_8;
    }

    /* Allow only valid allocation types */
    if (AllocationType & ~ValidAllocationType)
    {
        DPRINT1("Invalid allocation type\n");
        return STATUS_INVALID_PARAMETER_9;
    }

    /* Convert the protection mask, and validate it */
    ProtectionMask = MiMakeProtectionMask(Protect);
    if (ProtectionMask == MM_INVALID_PROTECTION)
    {
        DPRINT1("Invalid page protection\n");
        return STATUS_INVALID_PAGE_PROTECTION;
    }

    /* Now convert the protection mask into desired section access mask */
    DesiredAccess = MmMakeSectionAccess[ProtectionMask & 0x7];

    /* Assume no section offset */
    SafeSectionOffset.QuadPart = 0;

    /* Enter SEH */
    _SEH2_TRY
    {
        /* Check for unsafe parameters */
        if (PreviousMode != KernelMode)
        {
            /* Probe the parameters */
            ProbeForWritePointer(BaseAddress);
            ProbeForWriteSize_t(ViewSize);
        }

        /* Check if a section offset was given */
        if (SectionOffset)
        {
            /* Check for unsafe parameters and capture section offset */
            if (PreviousMode != KernelMode) ProbeForWriteLargeInteger(SectionOffset);
            SafeSectionOffset = *SectionOffset;
        }

        /* Capture the other parameters */
        SafeBaseAddress = *BaseAddress;
        SafeViewSize = *ViewSize;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Return the exception code */
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;

    /* Check for kernel-mode address */
    if (SafeBaseAddress > MM_HIGHEST_VAD_ADDRESS)
    {
        DPRINT1("Kernel base not allowed\n");
        return STATUS_INVALID_PARAMETER_3;
    }

    /* Check for range entering kernel-mode */
    if (((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - (ULONG_PTR)SafeBaseAddress) < SafeViewSize)
    {
        DPRINT1("Overflowing into kernel base not allowed\n");
        return STATUS_INVALID_PARAMETER_3;
    }

    /* Check for invalid zero bits */
    if (ZeroBits)
    {
        if (ZeroBits > MI_MAX_ZERO_BITS)
        {
            DPRINT1("Invalid zero bits\n");
            return STATUS_INVALID_PARAMETER_4;
        }

        if ((((ULONG_PTR)SafeBaseAddress << ZeroBits) >> ZeroBits) != (ULONG_PTR)SafeBaseAddress)
        {
            DPRINT1("Invalid zero bits\n");
            return STATUS_INVALID_PARAMETER_4;
        }

        if (((((ULONG_PTR)SafeBaseAddress + SafeViewSize) << ZeroBits) >> ZeroBits) != ((ULONG_PTR)SafeBaseAddress + SafeViewSize))
        {
            DPRINT1("Invalid zero bits\n");
            return STATUS_INVALID_PARAMETER_4;
        }
    }

    /* Reference the process */
    Status = ObReferenceObjectByHandle(ProcessHandle,
                                       PROCESS_VM_OPERATION,
                                       PsProcessType,
                                       PreviousMode,
                                       (PVOID*)&Process,
                                       NULL);
    if (!NT_SUCCESS(Status)) return Status;

    /* Reference the section */
    Status = ObReferenceObjectByHandle(SectionHandle,
                                       DesiredAccess,
                                       MmSectionObjectType,
                                       PreviousMode,
                                       (PVOID*)&Section,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        ObDereferenceObject(Process);
        return Status;
    }

    if (MiIsRosSectionObject(Section) &&
        (Section->AllocationAttributes & SEC_PHYSICALMEMORY))
    {
        if (PreviousMode == UserMode &&
            SafeSectionOffset.QuadPart + SafeViewSize > MmHighestPhysicalPage << PAGE_SHIFT)
        {
            DPRINT1("Denying map past highest physical page.\n");
            ObDereferenceObject(Section);
            ObDereferenceObject(Process);
            return STATUS_INVALID_PARAMETER_6;
        }
    }
    else if (!(AllocationType & MEM_DOS_LIM))
    {
        /* Check for non-allocation-granularity-aligned BaseAddress */
        if (SafeBaseAddress != ALIGN_DOWN_POINTER_BY(SafeBaseAddress, MM_VIRTMEM_GRANULARITY))
        {
            DPRINT("BaseAddress is not at 64-kilobyte address boundary.\n");
            ObDereferenceObject(Section);
            ObDereferenceObject(Process);
            return STATUS_MAPPED_ALIGNMENT;
        }

        /* Do the same for the section offset */
        if (SafeSectionOffset.LowPart != ALIGN_DOWN_BY(SafeSectionOffset.LowPart, MM_VIRTMEM_GRANULARITY))
        {
            DPRINT("SectionOffset is not at 64-kilobyte address boundary.\n");
            ObDereferenceObject(Section);
            ObDereferenceObject(Process);
            return STATUS_MAPPED_ALIGNMENT;
        }
    }

    /* Now do the actual mapping */
    Status = MmMapViewOfSection(Section,
                                Process,
                                &SafeBaseAddress,
                                ZeroBits,
                                CommitSize,
                                &SafeSectionOffset,
                                &SafeViewSize,
                                InheritDisposition,
                                AllocationType,
                                Protect);

    /* Return data only on success */
    if (NT_SUCCESS(Status))
    {
        /* Check if this is an image for the current process */
        if (MiIsRosSectionObject(Section) &&
            (Section->AllocationAttributes & SEC_IMAGE) &&
            (Process == PsGetCurrentProcess()) &&
            (Status != STATUS_IMAGE_NOT_AT_BASE))
        {
            /* Notify the debugger */
            DbgkMapViewOfSection(Section,
                                 SafeBaseAddress,
                                 SafeSectionOffset.LowPart,
                                 SafeViewSize);
        }

        /* Enter SEH */
        _SEH2_TRY
        {
            /* Return parameters to user */
            *BaseAddress = SafeBaseAddress;
            *ViewSize = SafeViewSize;
            if (SectionOffset) *SectionOffset = SafeSectionOffset;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Nothing to do */
        }
        _SEH2_END;
    }

    /* Dereference all objects and return status */
    ObDereferenceObject(Section);
    ObDereferenceObject(Process);
    return Status;
}

NTSTATUS
NTAPI
NtUnmapViewOfSection(IN HANDLE ProcessHandle,
                     IN PVOID BaseAddress)
{
    PEPROCESS Process;
    NTSTATUS Status;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();

    /* Don't allowing mapping kernel views */
    if ((PreviousMode == UserMode) && (BaseAddress > MM_HIGHEST_USER_ADDRESS))
    {
        DPRINT1("Trying to unmap a kernel view\n");
        return STATUS_NOT_MAPPED_VIEW;
    }

    /* Reference the process */
    Status = ObReferenceObjectByHandle(ProcessHandle,
                                       PROCESS_VM_OPERATION,
                                       PsProcessType,
                                       PreviousMode,
                                       (PVOID*)&Process,
                                       NULL);
    if (!NT_SUCCESS(Status)) return Status;

    /* Unmap the view */
    Status = MiUnmapViewOfSection(Process, BaseAddress, 0);

    /* Dereference the process and return status */
    ObDereferenceObject(Process);
    return Status;
}

NTSTATUS
NTAPI
NtExtendSection(IN HANDLE SectionHandle,
                IN OUT PLARGE_INTEGER NewMaximumSize)
{
    LARGE_INTEGER SafeNewMaximumSize;
    PROS_SECTION_OBJECT Section;
    NTSTATUS Status;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();

    /* Check for user-mode parameters */
    if (PreviousMode != KernelMode)
    {
        /* Enter SEH */
        _SEH2_TRY
        {
            /* Probe and capture the maximum size, it's both read and write */
            ProbeForWriteLargeInteger(NewMaximumSize);
            SafeNewMaximumSize = *NewMaximumSize;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        /* Just read the size directly */
        SafeNewMaximumSize = *NewMaximumSize;
    }

    /* Reference the section */
    Status = ObReferenceObjectByHandle(SectionHandle,
                                       SECTION_EXTEND_SIZE,
                                       MmSectionObjectType,
                                       PreviousMode,
                                       (PVOID*)&Section,
                                       NULL);
    if (!NT_SUCCESS(Status)) return Status;

    /* Really this should go in MmExtendSection */
    if (!(Section->AllocationAttributes & SEC_FILE))
    {
        DPRINT1("Not extending a file\n");
        ObDereferenceObject(Section);
        return STATUS_SECTION_NOT_EXTENDED;
    }

    /* FIXME: Do the work */

    /* Dereference the section */
    ObDereferenceObject(Section);

    /* Enter SEH */
    _SEH2_TRY
    {
        /* Write back the new size */
        *NewMaximumSize = SafeNewMaximumSize;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Nothing to do */
    }
    _SEH2_END;

    /* Return the status */
    return STATUS_NOT_IMPLEMENTED;
}

/* EOF */