https://git.reactos.org/?p=reactos.git;a=commitdiff;h=07ad8c4c11d72f9603cef8ad667664a7ce9a44f6
commit 07ad8c4c11d72f9603cef8ad667664a7ce9a44f6
Author: Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Mon Oct 9 21:45:01 2023 +0300
Commit: Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Tue Oct 24 21:45:27 2023 +0300
[NTOS:MM] Attach to the target process in MmMapViewOfSection
This is required to satisfy VAD locking rules.
---
ntoskrnl/mm/section.c | 49 +++++++++++++++++++++++++++++++------------------
1 file changed, 31 insertions(+), 18 deletions(-)
diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index 35c36d45cfa..ff77ef77077 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -4008,6 +4008,8 @@ MmMapViewOfSection(IN PVOID SectionObject,
PMMSUPPORT AddressSpace;
NTSTATUS Status = STATUS_SUCCESS;
BOOLEAN NotAtBase = FALSE;
+ BOOLEAN IsAttached = FALSE;
+ KAPC_STATE ApcState;
if (MiIsRosSectionObject(SectionObject) == FALSE)
{
@@ -4031,6 +4033,12 @@ MmMapViewOfSection(IN PVOID SectionObject,
return STATUS_INVALID_PAGE_PROTECTION;
}
+ if (PsGetCurrentProcess() != Process)
+ {
+ KeStackAttachProcess(&Process->Pcb, &ApcState);
+ IsAttached = TRUE;
+ }
+
/* FIXME: We should keep this, but it would break code checking equality */
Protect &= ~PAGE_NOCACHE;
@@ -4097,15 +4105,15 @@ MmMapViewOfSection(IN PVOID SectionObject,
/* Fail if the user requested a fixed base address. */
if ((*BaseAddress) != NULL)
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_CONFLICTING_ADDRESSES;
+ Status = STATUS_CONFLICTING_ADDRESSES;
+ goto Exit;
}
/* Otherwise find a gap to map the image. */
ImageBase = (ULONG_PTR)MmFindGap(AddressSpace,
PAGE_ROUND_UP(ImageSize), MM_VIRTMEM_GRANULARITY, FALSE);
if (ImageBase == 0)
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_CONFLICTING_ADDRESSES;
+ Status = STATUS_CONFLICTING_ADDRESSES;
+ goto Exit;
}
/* Remember that we loaded image at a different base address */
NotAtBase = TRUE;
@@ -4136,8 +4144,7 @@ MmMapViewOfSection(IN PVOID SectionObject,
MmUnlockSectionSegment(&SectionSegments[i]);
}
- MmUnlockAddressSpace(AddressSpace);
- return Status;
+ goto Exit;
}
}
@@ -4160,22 +4167,22 @@ MmMapViewOfSection(IN PVOID SectionObject,
if ((Protect & (PAGE_READWRITE|PAGE_EXECUTE_READWRITE)) &&
!(Section->InitialPageProtection &
(PAGE_READWRITE|PAGE_EXECUTE_READWRITE)))
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_SECTION_PROTECTION;
+ Status = STATUS_SECTION_PROTECTION;
+ goto Exit;
}
/* check for read access */
if ((Protect &
(PAGE_READONLY|PAGE_WRITECOPY|PAGE_EXECUTE_READ|PAGE_EXECUTE_WRITECOPY)) &&
!(Section->InitialPageProtection &
(PAGE_READONLY|PAGE_READWRITE|PAGE_WRITECOPY|PAGE_EXECUTE_READ|PAGE_EXECUTE_READWRITE|PAGE_EXECUTE_WRITECOPY)))
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_SECTION_PROTECTION;
+ Status = STATUS_SECTION_PROTECTION;
+ goto Exit;
}
/* check for execute access */
if ((Protect &
(PAGE_EXECUTE|PAGE_EXECUTE_READ|PAGE_EXECUTE_READWRITE|PAGE_EXECUTE_WRITECOPY))
&&
!(Section->InitialPageProtection &
(PAGE_EXECUTE|PAGE_EXECUTE_READ|PAGE_EXECUTE_READWRITE|PAGE_EXECUTE_WRITECOPY)))
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_SECTION_PROTECTION;
+ Status = STATUS_SECTION_PROTECTION;
+ goto Exit;
}
if (SectionOffset == NULL)
@@ -4189,8 +4196,8 @@ MmMapViewOfSection(IN PVOID SectionObject,
if ((ViewOffset % PAGE_SIZE) != 0)
{
- MmUnlockAddressSpace(AddressSpace);
- return STATUS_MAPPED_ALIGNMENT;
+ Status = STATUS_MAPPED_ALIGNMENT;
+ goto Exit;
}
if ((*ViewSize) == 0)
@@ -4219,18 +4226,24 @@ MmMapViewOfSection(IN PVOID SectionObject,
MmUnlockSectionSegment(Segment);
if (!NT_SUCCESS(Status))
{
- MmUnlockAddressSpace(AddressSpace);
- return Status;
+ goto Exit;
}
}
- MmUnlockAddressSpace(AddressSpace);
-
if (NotAtBase)
Status = STATUS_IMAGE_NOT_AT_BASE;
else
Status = STATUS_SUCCESS;
+Exit:
+
+ MmUnlockAddressSpace(AddressSpace);
+
+ if (IsAttached)
+ {
+ KeUnstackDetachProcess(&ApcState);
+ }
+
return Status;
}
