session.c File Reference

#include "mi.h"

Go to the source code of this file.

Defines
#define	MM_MAXIMUM_CONCURRENT_SESSIONS   16384
#define	MI_SESSION_COMMIT_CHARGE   2
Functions
VOID	MiSessionAddProcess (PEPROCESS NewProcess)
VOID	MiSessionRemoveProcess (VOID)
VOID	MiInitializeSessionIds (VOID)
NTSTATUS	MiSessionCreateInternal (OUT PULONG SessionId)
NTSTATUS	MiSessionCommitPageTables (IN PVOID StartVa, IN PVOID EndVa)
BOOLEAN	MiDereferenceSession (VOID)
VOID	MiSessionDeletePde (IN PMMPTE Pde, IN BOOLEAN WorkingSetInitialized, IN PMMPTE SelfMapPde)
VOID	MmSessionLeader (IN PEPROCESS Process)
VOID	MmSessionSetUnloadAddress (IN PDRIVER_OBJECT pWin32KDevice)
NTSTATUS	MmSessionCreate (OUT PULONG SessionId)
NTSTATUS	MmSessionDelete (ULONG SessionId)
VOID	MiAttachSession (IN PMM_SESSION_SPACE SessionGlobal)
VOID	MiDetachSession (VOID)
NTSTATUS	MiSessionCommitImagePages (IN PVOID VirtualAddress, IN SIZE_T NumberOfBytes)
VOID	MiSessionOutSwapProcess (IN PEPROCESS Process)
VOID	MiSessionInSwapProcess (IN PEPROCESS Process)
Variables
ULONG	MiSessionCount
FAST_MUTEX	MiSessionIdMutex
PRTL_BITMAP	MiSessionIdBitmap

---

Define Documentation

#define MI_SESSION_COMMIT_CHARGE   2

Definition at line 35 of file session.c. Referenced by MiSessionCreateInternal().

#define MM_MAXIMUM_CONCURRENT_SESSIONS   16384

Definition at line 26 of file session.c. Referenced by MiInitializeSessionIds().

---

Function Documentation

VOID MiAttachSession (  IN PMM_SESSION_SPACE  SessionGlobal  )

Definition at line 1181 of file session.c. References ASSERT, KeAttachSessionSpace(), MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MI_WRITE_VALID_PTE, MiGetPdeAddress, MiGetPpeAddress, MiHydra, MmSessionBase, PsGetCurrentProcess, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by MiEmptyAllWorkingSetsWorker(), and MmWorkingSetManager(). : Attaches to the specified session space. Arguments: SessionGlobal - Supplies a pointer to the session to attach to. Return Value: None. Environment: Kernel mode. No locks held. Current process must not have a session space - ie: the caller should be the system process or smss.exe. --*/ { PMMPTE PointerPde; #if DBG PMMPTE EndPde; ASSERT (MiHydra == TRUE); ASSERT (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 0); #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); ASSERT (PointerPde->u.Long == ZeroKernelPte.u.Long); #else PointerPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); while (PointerPde < EndPde) { ASSERT (PointerPde->u.Long == ZeroKernelPte.u.Long); PointerPde += 1; } #endif #endif #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); MI_WRITE_VALID_PTE (PointerPde, SessionGlobal->PageDirectory); #else PointerPde = MiGetPdeAddress (MmSessionBase); RtlCopyMemory (PointerPde, &SessionGlobal->PageTables[0], MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #endif #if defined(_IA64_) KeAttachSessionSpace(&SessionGlobal->SessionMapInfo); #endif }

BOOLEAN MiDereferenceSession (  VOID   )

Definition at line 1544 of file session.c. References ASSERT, _MM_SESSION_SPACE::AttachCount, _MM_SESSION_SPACE::AttachEvent, _MM_SESSION_SPACE::CommittedPages, _DRIVER_OBJECT::DriverUnload, Event(), ExDeleteResource, FALSE, _MM_SESSION_SPACE::GlobalPteEntry, _MMWSL::HighestPermittedHashAddress, Index, KeDetachSessionSpace(), KeDisableSessionSharing(), KeEnterCriticalRegion, KeInitializeEvent, KeLeaveCriticalRegion, KernelMode, KeWaitForSingleObject(), LOCK_EXPANSION, LOCK_PFN, LOCK_SESSION, MI_FLUSH_SESSION_TB, MI_FLUSH_SINGLE_SESSION_TB, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MI_SESSION_IMAGE_SIZE, MI_SESSION_IMAGE_START, MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MI_SESSION_SPACE_WORKING_SET_MINIMUM, MI_SESSION_SPACE_WS, MI_SESSION_VIEW_SIZE, MI_SESSION_VIEW_START, MI_SET_PFN_DELETED, MI_WRITE_INVALID_PTE, MiCheckSessionPoolAllocations(), MiDecrementShareAndValidCount, MiDecrementShareCountOnly, MiFreeSessionPoolBitMaps(), MiFreeSessionSpaceMap(), MiGetPdeAddress, MiGetPdeSessionIndex, MiGetPpeAddress, MiGetPteAddress, MiReleaseSystemPtes(), MiReturnCommitment(), MiSessionCount, MiSessionDeletePde(), MiSessionIdBitmap, MiSessionIdMutex, MiSessionUnloadAllImages(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_DBG_COMMIT_RETURN_SESSION_DEREFERENCE, MM_DBG_SESSION_INITIAL_PAGE_FREE, MM_DBG_SESSION_PAGETABLE_FREE, MM_DBG_SESSION_WS_PAGE_FREE, MM_SNAP_SESS_MEMORY_COUNTERS, MM_TRACK_COMMIT, MMPTE, MmResidentAvailablePages, MmSessionBase, MmSessionSpace, _MM_SESSION_SPACE::NonPagablePages, NULL, _MM_SESSION_SPACE::PageTables, _MM_SESSION_SPACE::ProcessOutSwapCount, PsGetCurrentProcess, _MMPFN::PteFrame, _MM_SESSION_SPACE::ReferenceCount, RtlClearBits(), SESSION_GLOBAL, _MM_SESSION_SPACE::SessionId, _MM_SESSION_SPACE::SessionPageDirectoryIndex, SystemPteSpace, TRUE, _MMPTE::u, _MMSUPPORT::u, _MM_SESSION_SPACE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_EXPANSION, UNLOCK_EXPANSION_AND_THEN_WAIT, UNLOCK_PFN, UNLOCK_SESSION, _MM_SESSION_SPACE::Vm, _EPROCESS::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::Win32KDriverObject, _MMSUPPORT::WorkingSetExpansionLinks, WrVirtualMemory, _MM_SESSION_SPACE::WsListEntry, _MM_SESSION_SPACE::WsLock, and ZeroKernelPte. Referenced by MiSessionRemoveProcess(), MmSessionCreate(), and MmSessionDelete(). : Decrement this process' reference count to the session, unmapping access to the session for the current process. If this is the last process reference to this session, then the entire session will be destroyed upon return. This includes unloading drivers, unmapping pools, freeing page tables, etc. Arguments: None. Return Value: TRUE if the session was deleted, FALSE if only this process' access to the session was deleted. Environment: Kernel mode, no mutexes held, APCs disabled. --*/ { KIRQL OldIrql; ULONG Index; ULONG CountReleased; ULONG SessionId; PFN_NUMBER PageFrameIndex; ULONG SessionDataPdeIndex; KEVENT Event; MMPTE PreviousPte; PMMPFN Pfn1; PMMPTE PointerPpe; PMMPTE PointerPte; PMMPTE EndPte; PMMPTE GlobalPteEntrySave; PMMPTE StartPde; PMMPTE EndPde; PMM_SESSION_SPACE SessionGlobal; MMPTE SavePageTables[MI_SESSION_SPACE_PAGE_TABLES]; BOOLEAN WorkingSetWasInitialized; ULONG AttachCount; PEPROCESS Process; ASSERT ((PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 1) || ((MmSessionSpace->u.Flags.Initialized == 0) && (PsGetCurrentProcess()->Vm.u.Flags.SessionLeader == 1) && (MmSessionSpace->ReferenceCount == 1))); SessionId = MmSessionSpace->SessionId; ASSERT (RtlCheckBit (MiSessionIdBitmap, SessionId)); LOCK_SESSION (OldIrql); if (MmSessionSpace->ReferenceCount > 1) { MmSessionSpace->ReferenceCount -= 1; UNLOCK_SESSION (OldIrql); Process = PsGetCurrentProcess(); LOCK_EXPANSION (OldIrql); Process->Vm.u.Flags.ProcessInSession = 0; UNLOCK_EXPANSION (OldIrql); // // Don't delete any non-smss session space mappings here. Let them // live on through process death. This handles the case where // MmDispatchWin32Callout picks csrss - csrss has exited as it's not // the last process (smss is). smss is simultaneously detaching from // the session and since it is the last process, it's waiting on // the AttachCount below. The dispatch callout ends up in csrss but // has no way to synchronize against csrss exiting through this path // as the object reference count doesn't stop it. So leave the // session space mappings alive so the callout can execute through // the remains of csrss. // // Note that when smss detaches, the address space must get cleared // here so that subsequent session creations by smss will succeed. // if (Process->Vm.u.Flags.SessionLeader == 1) { #if defined (_WIN64) StartPde = MiGetPpeAddress (MmSessionBase); StartPde->u.Long = ZeroKernelPte.u.Long; #else StartPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); RtlZeroMemory (StartPde, (EndPde - StartPde) * sizeof(MMPTE)); #endif // // Flush the session space TB entries. // MI_FLUSH_SESSION_TB (OldIrql); } #if defined(_IA64_) KeDetachSessionSpace(); #endif return FALSE; } // // Mark it as being deleted. // MmSessionSpace->u.Flags.BeingDeleted = 1; // // This is the final dereference. We could be any process // including SMSS when a session space load fails. Note also that // processes can terminate in any order as well. // UNLOCK_SESSION (OldIrql); SessionGlobal = SESSION_GLOBAL (MmSessionSpace); LOCK_EXPANSION (OldIrql); // // Wait for any cross-session process attaches to detach. Refuse // subsequent attempts to cross-session attach so the address invalidation // code doesn't surprise an ongoing or subsequent attachee. // ASSERT (MmSessionSpace->u.Flags.DeletePending == 0); MmSessionSpace->u.Flags.DeletePending = 1; AttachCount = MmSessionSpace->AttachCount; if (AttachCount) { KeInitializeEvent (&MmSessionSpace->AttachEvent, NotificationEvent, FALSE); UNLOCK_EXPANSION (OldIrql); KeWaitForSingleObject( &MmSessionSpace->AttachEvent, WrVirtualMemory, KernelMode, FALSE, (PLARGE_INTEGER)NULL); LOCK_EXPANSION (OldIrql); ASSERT (MmSessionSpace->u.Flags.DeletePending == 1); ASSERT (MmSessionSpace->AttachCount == 0); } if (MmSessionSpace->Vm.u.Flags.BeingTrimmed) { // // Initialize an event and put the event address // in the VmSupport. When the trimming is complete, // this event will be set. // KeInitializeEvent(&Event, NotificationEvent, FALSE); MmSessionSpace->Vm.WorkingSetExpansionLinks.Blink = (PLIST_ENTRY)&Event; // // Release the mutex and wait for the event. // KeEnterCriticalRegion(); UNLOCK_EXPANSION_AND_THEN_WAIT (OldIrql); KeWaitForSingleObject(&Event, WrVirtualMemory, KernelMode, FALSE, (PLARGE_INTEGER)NULL); KeLeaveCriticalRegion(); LOCK_EXPANSION (OldIrql); } else if (MmSessionSpace->u.Flags.WorkingSetInserted == 1) { // // Remove this session from the session list and the working // set list. // RemoveEntryList (&SessionGlobal->Vm.WorkingSetExpansionLinks); MmSessionSpace->u.Flags.WorkingSetInserted = 0; } if (MmSessionSpace->u.Flags.SessionListInserted == 1) { RemoveEntryList (&SessionGlobal->WsListEntry); MmSessionSpace->u.Flags.SessionListInserted = 0; } MiSessionCount -= 1; UNLOCK_EXPANSION (OldIrql); #if DBG if (PsGetCurrentProcess()->Vm.u.Flags.SessionLeader == 0) { ASSERT (MmSessionSpace->ProcessOutSwapCount == 0); ASSERT (MmSessionSpace->ReferenceCount == 1); } #endif MM_SNAP_SESS_MEMORY_COUNTERS(0); // // If an unload function has been registered for WIN32K.SYS, // call it now before we force an unload on any modules. WIN32K.SYS // is responsible for calling any other loaded modules that have // unload routines to be run. Another option is to have the other // session drivers register a DLL initialize/uninitialize pair on load. // if (MmSessionSpace->Win32KDriverObject.DriverUnload ) { MmSessionSpace->Win32KDriverObject.DriverUnload (&MmSessionSpace->Win32KDriverObject); } // // Now that all modules have had their unload routine(s) // called, check for pool leaks before unloading the images. // MiCheckSessionPoolAllocations (); ASSERT (MmSessionSpace->ReferenceCount == 1); MM_SNAP_SESS_MEMORY_COUNTERS(1); // // Destroy the view mapping structures. // MiFreeSessionSpaceMap (); MM_SNAP_SESS_MEMORY_COUNTERS(2); // // Walk down the list of modules we have loaded dereferencing them. // // This allows us to force an unload of any kernel images loaded by // the session so we do not have any virtual space and paging // file leaks. // MiSessionUnloadAllImages (); MM_SNAP_SESS_MEMORY_COUNTERS(3); // // Destroy the session space bitmap structure // MiFreeSessionPoolBitMaps (); MM_SNAP_SESS_MEMORY_COUNTERS(4); // // Reference the session space structure using its global // kernel PTE based address. This is to avoid deleting it out // from underneath ourselves. // GlobalPteEntrySave = MmSessionSpace->GlobalPteEntry; // // Sweep the individual regions in their proper order. // #if DBG // // Check the executable image region. All images // should have been unloaded by the image handler. // MiCheckSessionVirtualSpace ((PVOID)MI_SESSION_IMAGE_START, MI_SESSION_IMAGE_SIZE); #endif MM_SNAP_SESS_MEMORY_COUNTERS(5); #if DBG // // Check the view region. All views should have been cleaned up already. // MiCheckSessionVirtualSpace ((PVOID)MI_SESSION_VIEW_START, MI_SESSION_VIEW_SIZE); #endif // // Save the page tables in the session space structure since // we are going to tear it down. // #if defined (_WIN64) RtlCopyMemory (SavePageTables, MiGetPdeAddress (MmSessionBase), MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #else RtlCopyMemory (SavePageTables, MmSessionSpace->PageTables, MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #endif MM_SNAP_SESS_MEMORY_COUNTERS(6); #if DBG // // Check everything possible before the remaining virtual address space // is torn down. In this way if anything is amiss, the data can be // more easily examined. // Pfn1 = MI_PFN_ELEMENT (MmSessionSpace->SessionPageDirectoryIndex); // // This should be greater than 1 because working set page tables are // using this as their parent as well. // ASSERT (Pfn1->u2.ShareCount > 1); #endif CountReleased = 0; if (MmSessionSpace->u.Flags.HasWsLock == 1) { PointerPte = MiGetPteAddress (MI_SESSION_SPACE_WS); EndPte = MiGetPteAddress (MmSessionSpace->Vm.VmWorkingSetList->HighestPermittedHashAddress); for ( ; PointerPte < EndPte; PointerPte += 1) { if (PointerPte->u.Long) { ASSERT (PointerPte->u.Hard.Valid == 1); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_WS_PAGE_FREE, 1); MmSessionSpace->CommittedPages -= 1; MmSessionSpace->NonPagablePages -= 1; CountReleased += 1; } } WorkingSetWasInitialized = TRUE; MmSessionSpace->u.Flags.HasWsLock = 0; } else { WorkingSetWasInitialized = FALSE; } // // Account for the session data structure data page. For NT64, the page // directory page is also accounted for here. // #if defined (_WIN64) MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGE_FREE, 2); MmSessionSpace->CommittedPages -= 2; MmSessionSpace->NonPagablePages -= 2; CountReleased += 2; #else MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGE_FREE, 1); MmSessionSpace->CommittedPages -= 1; MmSessionSpace->NonPagablePages -= 1; CountReleased += 1; #endif // // Account for any needed session space page tables. // for (Index = 0; Index < MI_SESSION_SPACE_PAGE_TABLES; Index += 1) { StartPde = &SavePageTables[Index]; if (StartPde->u.Long != ZeroKernelPte.u.Long) { MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_PAGETABLE_FREE, 1); MmSessionSpace->CommittedPages -= 1; MmSessionSpace->NonPagablePages -= 1; CountReleased += 1; } } ASSERT (MmSessionSpace->NonPagablePages == 0); // // Note that whenever win32k or drivers loaded by it leak pool, the // ASSERT below will be triggered. // ASSERT (MmSessionSpace->CommittedPages == 0); MiReturnCommitment (CountReleased); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_DEREFERENCE, CountReleased); // // Sweep the working set entries. // No more accesses to the working set or its lock are allowed. // if (WorkingSetWasInitialized == TRUE) { ExDeleteResource (&SessionGlobal->WsLock); PointerPte = MiGetPteAddress (MI_SESSION_SPACE_WS); EndPte = MiGetPteAddress (MmSessionSpace->Vm.VmWorkingSetList->HighestPermittedHashAddress); for ( ; PointerPte < EndPte; PointerPte += 1) { if (PointerPte->u.Long) { ASSERT (PointerPte->u.Hard.Valid == 1); // // Delete the page. // PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); // // Each page should still be locked in the session working set. // LOCK_PFN (OldIrql); ASSERT (Pfn1->u3.e2.ReferenceCount == 1); MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); MI_WRITE_INVALID_PTE (PointerPte, ZeroKernelPte); MmResidentAvailablePages += 1; MM_BUMP_COUNTER(52, 1); UNLOCK_PFN (OldIrql); } } } #if defined(_IA64_) KeDisableSessionSharing(&SessionGlobal->SessionMapInfo); #endif // // Now delete the session space structure itself. // No more accesses to MmSessionSpace after this. // PointerPte = MiGetPteAddress (MmSessionSpace); // // Delete the page. // PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); // // Make sure this page is still locked. // ASSERT (Pfn1->u1.WsIndex == 0); LOCK_PFN (OldIrql); ASSERT (Pfn1->u3.e2.ReferenceCount == 1); ASSERT (Pfn1->PteFrame == MmSessionSpace->SessionPageDirectoryIndex); MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); MI_WRITE_INVALID_PTE (PointerPte, ZeroKernelPte); MmResidentAvailablePages += CountReleased; MM_BUMP_COUNTER(53, CountReleased); MmResidentAvailablePages += MI_SESSION_SPACE_WORKING_SET_MINIMUM; MM_BUMP_COUNTER(56, MI_SESSION_SPACE_WORKING_SET_MINIMUM); UNLOCK_PFN (OldIrql); StartPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); RtlZeroMemory (StartPde, (EndPde - StartPde) * sizeof(MMPTE)); // // Flush the session space TB entries. // MI_FLUSH_SESSION_TB (OldIrql); // // Free the self-map PTE. // MiReleaseSystemPtes (GlobalPteEntrySave, 1, SystemPteSpace); // // Delete page table pages. Note that the page table page mapping the // session space data structure is done last so that we can apply // various ASSERTs in the DeletePde routine. // SessionDataPdeIndex = MiGetPdeSessionIndex (MmSessionSpace); LOCK_PFN (OldIrql); for (Index = 0; Index < MI_SESSION_SPACE_PAGE_TABLES; Index += 1) { if (Index == SessionDataPdeIndex) { // // The self map entry must be done last. // continue; } MiSessionDeletePde (&SavePageTables[Index], WorkingSetWasInitialized, &SavePageTables[SessionDataPdeIndex]); } MiSessionDeletePde (&SavePageTables[SessionDataPdeIndex], WorkingSetWasInitialized, &SavePageTables[SessionDataPdeIndex]); #if defined (_WIN64) // // Delete the session page directory page. // PointerPpe = MiGetPpeAddress (MmSessionSpace); PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPpe); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); MI_FLUSH_SINGLE_SESSION_TB (MiGetPdeAddress (MmSessionSpace), TRUE, TRUE, (PHARDWARE_PTE)PointerPpe, ZeroKernelPte.u.Flush, PreviousPte); #endif UNLOCK_PFN (OldIrql); ExAcquireFastMutex (&MiSessionIdMutex); ASSERT (RtlCheckBit (MiSessionIdBitmap, SessionId)); RtlClearBits (MiSessionIdBitmap, SessionId, 1); ExReleaseFastMutex (&MiSessionIdMutex); LOCK_EXPANSION (OldIrql); PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession = 0; UNLOCK_EXPANSION (OldIrql); // // The session space has been deleted and all TB flushing is complete. // return TRUE; }

VOID MiDetachSession (  VOID   )

Definition at line 1253 of file session.c. References ASSERT, KeDetachSessionSpace(), MI_FLUSH_SESSION_TB, MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MiGetPdeAddress, MiGetPpeAddress, MiHydra, MmIsAddressValid(), MmSessionBase, MmSessionSpace, PsGetCurrentProcess, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by MiEmptyAllWorkingSetsWorker(), and MmWorkingSetManager(). : Detaches from the specified session space. Arguments: None. Return Value: None. Environment: Kernel mode. No locks held. Current process must not have a session space to return to - ie: this should be the system process. --*/ { PMMPTE PointerPde; PMMPTE EndPde; KIRQL OldIrql; ASSERT (MiHydra == TRUE); ASSERT (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 0); ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); PointerPde->u.Long = ZeroKernelPte.u.Long; #else PointerPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); RtlZeroMemory (PointerPde, MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #endif MI_FLUSH_SESSION_TB (OldIrql); #if defined(_IA64_) KeDetachSessionSpace(); #endif }

VOID MiInitializeSessionIds (  VOID   )

Referenced by MmInitSystem().

VOID MiSessionAddProcess (  PEPROCESS  NewProcess  )

Definition at line 178 of file session.c. References _MMSUPPORT::AllowWorkingSetAdjustment, ASSERT, FALSE, KeAddSessionSpace(), _MMWORKING_SET_EXPANSION_HEAD::ListHead, LOCK_EXPANSION, LOCK_SESSION, MmIsAddressValid(), MmSessionSpace, MmWorkingSetExpansionHead, _EPROCESS::Pcb, _MM_SESSION_SPACE::ProcessList, PsGetCurrentProcess, _MM_SESSION_SPACE::ReferenceCount, SESSION_GLOBAL, _EPROCESS::SessionProcessLinks, TRUE, _MMSUPPORT::u, _MM_SESSION_SPACE::u, UNLOCK_EXPANSION, UNLOCK_SESSION, _EPROCESS::Vm, _MM_SESSION_SPACE::Vm, and _MMSUPPORT::WorkingSetExpansionLinks. Referenced by MmCreateProcessAddressSpace(). : Add the new process to the current session space. Arguments: NewProcess - Supplies a pointer to the process being created. Return Value: None. Environment: Kernel mode, APCs disabled. --*/ { KIRQL OldIrql; PMM_SESSION_SPACE SessionGlobal; // // If the calling process has no session, then the new process won't get // one either. // if (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 0) { return; } ASSERT (MmIsAddressValid (MmSessionSpace) == TRUE); SessionGlobal = SESSION_GLOBAL(MmSessionSpace); LOCK_SESSION (OldIrql); MmSessionSpace->ReferenceCount += 1; UNLOCK_SESSION (OldIrql); #if defined(_IA64_) KeAddSessionSpace(&NewProcess->Pcb, &SessionGlobal->SessionMapInfo); #endif // // Link the process entry into the session space and WSL structures. // LOCK_EXPANSION (OldIrql); if (IsListEmpty(&SessionGlobal->ProcessList)) { if (MmSessionSpace->Vm.AllowWorkingSetAdjustment == FALSE) { ASSERT (MmSessionSpace->u.Flags.WorkingSetInserted == 0); MmSessionSpace->Vm.AllowWorkingSetAdjustment = TRUE; InsertTailList (&MmWorkingSetExpansionHead.ListHead, &SessionGlobal->Vm.WorkingSetExpansionLinks); MmSessionSpace->u.Flags.WorkingSetInserted = 1; } } InsertTailList (&SessionGlobal->ProcessList, &NewProcess->SessionProcessLinks); NewProcess->Vm.u.Flags.ProcessInSession = 1; UNLOCK_EXPANSION (OldIrql); }

NTSTATUS MiSessionCommitImagePages (  IN PVOID  VirtualAddress, IN SIZE_T  NumberOfBytes )

Definition at line 2144 of file session.c. References ASSERT, _MM_SESSION_SPACE::CommittedPages, DbgPrint, FALSE, LOCK_PFN, LOCK_SESSION_SPACE_WS, MI_GET_PAGE_COLOR_FROM_SESSION, MI_NONPAGABLE_MEMORY_AVAILABLE, MI_PFN_ELEMENT, MI_WRITE_VALID_PTE, MiChargeCommitment(), MiEnsureAvailablePageOrWait(), MiGetPteAddress, MiInitializePfn(), MiRemoveAnyPage(), MiRemoveZeroPageIfAny, MiReturnCommitment(), MiSessionCommitPageTables(), MiZeroPhysicalPage(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_RETURN_SESSION_IMAGE_FAILURE1, MM_DBG_COMMIT_SESSION_IMAGE_PAGES, MM_DBG_SESSION_DRIVER_PAGES_LOCKED, MM_DBG_SESSIONS, MM_SESSION_FAILURE_NO_COMMIT, MM_SESSION_FAILURE_NO_RESIDENT, MM_TRACK_COMMIT, MmIsAddressValid(), MmResidentAvailablePages, MmSessionSpace, _MM_SESSION_SPACE::NonPagablePages, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SHIFT, PAGE_SIZE, Status, SYSLOAD_LOCK_OWNED_BY_ME, _MMPTE::u, _MMPFN::u1, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, ValidKernelPteLocal, and ZeroKernelPte. Referenced by MiLoadImageSection(). : This routine commits virtual memory within the current session space with backing pages. The virtual addresses within session space are allocated with a separate facility in the image management facility. This is because images must be at a unique system wide virtual address. Arguments: VirtualAddress - Supplies the first virtual address to commit. NumberOfBytes - Supplies the number of bytes to commit. Return Value: STATUS_SUCCESS if all went well, STATUS_NO_MEMORY if the current process has no session. Environment: Kernel mode, MmSystemLoadLock held. --*/ { KIRQL WsIrql; KIRQL OldIrql; ULONG Color; PFN_NUMBER SizeInPages; PMMPFN Pfn1; ULONG_PTR AllocationStart; PFN_NUMBER PageFrameIndex; NTSTATUS Status; PMMPTE StartPte, EndPte; MMPTE TempPte; SYSLOAD_LOCK_OWNED_BY_ME (); if (NumberOfBytes == 0) { return STATUS_SUCCESS; } if (MmIsAddressValid(MmSessionSpace) == FALSE) { #if DBG DbgPrint ("MiSessionCommitImagePages: No session space!\n"); #endif return STATUS_NO_MEMORY; } ASSERT (((ULONG_PTR)VirtualAddress % PAGE_SIZE) == 0); ASSERT ((NumberOfBytes % PAGE_SIZE) == 0); SizeInPages = (PFN_NUMBER)(NumberOfBytes >> PAGE_SHIFT); // // Calculate pages needed. // AllocationStart = (ULONG_PTR)VirtualAddress; // // Lock the session space working set. // LOCK_SESSION_SPACE_WS(WsIrql); // // Make sure we have page tables for the PTE // entries we must fill in the session space structure. // Status = MiSessionCommitPageTables ((PVOID)AllocationStart, (PVOID)(AllocationStart + NumberOfBytes)); if (!NT_SUCCESS(Status)) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCommitImagePages: Could not commit pagetables, Not enough memory! MmResidentAvailablePages %d, SizeInPages %d\n", MmResidentAvailablePages, SizeInPages); } #endif UNLOCK_SESSION_SPACE_WS(WsIrql); return STATUS_NO_MEMORY; } // // go into loop allocating them and placing them into the page // tables. // StartPte = MiGetPteAddress (AllocationStart); EndPte = MiGetPteAddress (AllocationStart + NumberOfBytes); if (MiChargeCommitment (SizeInPages, NULL) == FALSE) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); UNLOCK_SESSION_SPACE_WS(WsIrql); return STATUS_NO_MEMORY; } MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_IMAGE_PAGES, SizeInPages); TempPte = ValidKernelPteLocal; LOCK_PFN (OldIrql); // // Check to make sure the physical pages are available. // if ((SPFN_NUMBER)SizeInPages > MI_NONPAGABLE_MEMORY_AVAILABLE() - 20) { UNLOCK_PFN (OldIrql); MiReturnCommitment (SizeInPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_IMAGE_FAILURE1, SizeInPages); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_RESIDENT); UNLOCK_SESSION_SPACE_WS(WsIrql); return STATUS_NO_MEMORY; } MmResidentAvailablePages -= SizeInPages; MM_BUMP_COUNTER(45, SizeInPages); while (StartPte < EndPte) { ASSERT (StartPte->u.Long == ZeroKernelPte.u.Long); MiEnsureAvailablePageOrWait (NULL, NULL); Color = MI_GET_PAGE_COLOR_FROM_SESSION (MmSessionSpace); PageFrameIndex = MiRemoveZeroPageIfAny (Color); if (PageFrameIndex == 0) { PageFrameIndex = MiRemoveAnyPage (Color); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageFrameIndex, Color); LOCK_PFN (OldIrql); } TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_WRITE_VALID_PTE (StartPte, TempPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u1.WsIndex == 0); MiInitializePfn (PageFrameIndex, StartPte, 1); KeFillEntryTb ((PHARDWARE_PTE) StartPte, (PMMPTE)AllocationStart, FALSE); StartPte += 1; AllocationStart += PAGE_SIZE; } UNLOCK_PFN (OldIrql); MmSessionSpace->CommittedPages += SizeInPages; MmSessionSpace->NonPagablePages += SizeInPages; MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_DRIVER_PAGES_LOCKED, SizeInPages); UNLOCK_SESSION_SPACE_WS(WsIrql); return STATUS_SUCCESS; }

NTSTATUS MiSessionCommitPageTables (  IN PVOID  StartVa, IN PVOID  EndVa )

Definition at line 2318 of file session.c. References ASSERT, CHAR, _MM_SESSION_SPACE::CommittedPages, FALSE, _MMWSL::FirstDynamic, Index, LOCK_PFN, MI_GET_PAGE_COLOR_FROM_SESSION, MI_GET_PAGE_FRAME_FROM_PTE, MI_NONPAGABLE_MEMORY_AVAILABLE, MI_PFN_ELEMENT, MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MI_WRITE_VALID_PTE, MiAddValidPageToWorkingSet(), MiChargeCommitment(), MiEnsureAvailablePageOrWait(), MiGetPdeAddress, MiGetPdeSessionIndex, MiGetVirtualAddressMappedByPte, MiInitializePfnForOtherProcess(), MiLocateWsle(), MiRemoveAnyPage(), MiRemoveZeroPageIfAny, MiReturnCommitment(), MiSwapWslEntries(), MiZeroPhysicalPage(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_RETURN_SESSION_PAGETABLE_PAGES, MM_DBG_COMMIT_SESSION_PAGETABLE_PAGES, MM_DBG_SESSION_PAGETABLE_ALLOC, MM_SESSION_FAILURE_NO_COMMIT, MM_SESSION_FAILURE_NO_RESIDENT, MM_SESSION_SPACE_WS_LOCK_ASSERT, MM_TRACK_COMMIT, MmIsAddressValid(), MmResidentAvailablePages, MmSessionBase, MmSessionSpace, _MM_SESSION_SPACE::NonPagablePages, NULL, _MM_SESSION_SPACE::PageTables, PsGetCurrentThread, _MM_SESSION_SPACE::SessionPageDirectoryIndex, TRUE, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, UNLOCK_PFN, ValidKernelPdeLocal, _MM_SESSION_SPACE::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::Wsle, and ZeroKernelPte. Referenced by MiSessionCommitImagePages(), and MiShareSessionImage(). : Fill in page tables covering the specified virtual address range. Arguments: StartVa - Supplies a starting virtual address. EndVa - Supplies an ending virtual address. Return Value: STATUS_SUCCESS on success, STATUS_NO_MEMORY on failure. Environment: Kernel mode. Session space working set mutex held. --*/ { KIRQL OldIrql; ULONG Color; ULONG Index; PMMPTE StartPde, EndPde; MMPTE TempPte; PMMPFN Pfn1; ULONG Entry; ULONG SwapEntry; PFN_NUMBER SizeInPages; PFN_NUMBER PageTablePage; PVOID SessionPte; PMMWSL WorkingSetList; CHAR SavePageTables[MI_SESSION_SPACE_PAGE_TABLES]; ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); MM_SESSION_SPACE_WS_LOCK_ASSERT(); ASSERT (StartVa >= (PVOID)MmSessionBase); ASSERT (EndVa < (PVOID)MI_SESSION_SPACE_END); // // Allocate the page table pages, loading them // into the current process's page directory. // StartPde = MiGetPdeAddress (StartVa); EndPde = MiGetPdeAddress (EndVa); Index = MiGetPdeSessionIndex (StartVa); SizeInPages = 0; while (StartPde <= EndPde) { #if defined (_WIN64) if (StartPde->u.Long == ZeroKernelPte.u.Long) #else if (MmSessionSpace->PageTables[Index].u.Long == ZeroKernelPte.u.Long) #endif { SizeInPages += 1; } StartPde += 1; Index += 1; } if (SizeInPages == 0) { return STATUS_SUCCESS; } if (MiChargeCommitment (SizeInPages, NULL) == FALSE) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); return STATUS_NO_MEMORY; } MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_PAGETABLE_PAGES, SizeInPages); StartPde = MiGetPdeAddress (StartVa); Index = MiGetPdeSessionIndex (StartVa); TempPte = ValidKernelPdeLocal; LOCK_PFN (OldIrql); // // Check to make sure the physical pages are available. // if ((SPFN_NUMBER)SizeInPages > MI_NONPAGABLE_MEMORY_AVAILABLE() - 20) { UNLOCK_PFN (OldIrql); MiReturnCommitment (SizeInPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_PAGETABLE_PAGES, SizeInPages); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_RESIDENT); return STATUS_NO_MEMORY; } MmResidentAvailablePages -= SizeInPages; MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_PAGETABLE_ALLOC, SizeInPages); MM_BUMP_COUNTER(44, SizeInPages); WorkingSetList = MmSessionSpace->Vm.VmWorkingSetList; RtlZeroMemory (SavePageTables, sizeof (SavePageTables)); while (StartPde <= EndPde) { #if defined (_WIN64) if (StartPde->u.Long == ZeroKernelPte.u.Long) #else if (MmSessionSpace->PageTables[Index].u.Long == ZeroKernelPte.u.Long) #endif { ASSERT (StartPde->u.Hard.Valid == 0); SavePageTables[Index] = 1; MiEnsureAvailablePageOrWait (NULL, NULL); Color = MI_GET_PAGE_COLOR_FROM_SESSION (MmSessionSpace); PageTablePage = MiRemoveZeroPageIfAny (Color); if (PageTablePage == 0) { PageTablePage = MiRemoveAnyPage (Color); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageTablePage, Color); LOCK_PFN (OldIrql); } TempPte.u.Hard.PageFrameNumber = PageTablePage; MI_WRITE_VALID_PTE (StartPde, TempPte); #if !defined (_WIN64) MmSessionSpace->PageTables[Index] = TempPte; #endif MmSessionSpace->NonPagablePages += 1; MmSessionSpace->CommittedPages += 1; MiInitializePfnForOtherProcess (PageTablePage, StartPde, MmSessionSpace->SessionPageDirectoryIndex); } StartPde += 1; Index += 1; } UNLOCK_PFN (OldIrql); StartPde = MiGetPdeAddress (StartVa); Index = MiGetPdeSessionIndex (StartVa); while (StartPde <= EndPde) { if (SavePageTables[Index] == 1) { ASSERT (StartPde->u.Hard.Valid == 1); PageTablePage = MI_GET_PAGE_FRAME_FROM_PTE (StartPde); Pfn1 = MI_PFN_ELEMENT (PageTablePage); ASSERT (Pfn1->u1.Event == NULL); Pfn1->u1.Event = (PVOID)PsGetCurrentThread (); SessionPte = MiGetVirtualAddressMappedByPte (StartPde); MiAddValidPageToWorkingSet (SessionPte, StartPde, Pfn1, 0); Entry = MiLocateWsle (SessionPte, MmSessionSpace->Vm.VmWorkingSetList, Pfn1->u1.WsIndex); if (Entry >= WorkingSetList->FirstDynamic) { SwapEntry = WorkingSetList->FirstDynamic; if (Entry != WorkingSetList->FirstDynamic) { // // Swap this entry with the one at first dynamic. // MiSwapWslEntries (Entry, SwapEntry, &MmSessionSpace->Vm); } WorkingSetList->FirstDynamic += 1; } else { SwapEntry = Entry; } // // Indicate that the page is locked. // MmSessionSpace->Wsle[SwapEntry].u1.e1.LockedInWs = 1; } StartPde += 1; Index += 1; } return STATUS_SUCCESS; }

NTSTATUS MiSessionCreateInternal (  OUT PULONG  SessionId  )

Definition at line 394 of file session.c. References ASSERT, _MM_SESSION_SPACE::Color, _MM_SESSION_SPACE::CommittedPages, DbgPrint, FALSE, _MM_SESSION_SPACE::GlobalPteEntry, _MM_SESSION_SPACE::GlobalVirtualAddress, _MM_SESSION_SPACE::ImageList, KeEnableSessionSharing(), KeInitializeSpinLock(), LOCK_PFN, MI_FLUSH_SINGLE_SESSION_TB, MI_GET_PAGE_COLOR_FROM_VA, MI_NONPAGABLE_MEMORY_AVAILABLE, MI_PFN_ELEMENT, MI_SESSION_COMMIT_CHARGE, MI_SESSION_POOL, MI_SESSION_SPACE_WORKING_SET_MINIMUM, MI_SET_PFN_DELETED, MI_WRITE_VALID_PTE, MiChargeCommitment(), MiDecrementReferenceCount(), MiDecrementShareAndValidCount, MiDecrementShareCountOnly, MiEnsureAvailablePageOrWait(), MiFreeSessionPoolBitMaps(), MiFreeSessionSpaceMap(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiInitializePfn(), MiInitializePfnForOtherProcess(), MiInitializeSessionPool(), MiInitializeSystemSpaceMap(), MiReleaseSystemPtes(), MiRemoveAnyPage(), MiRemoveZeroPageIfAny, MiReserveSystemPtes(), MiReturnCommitment(), MiSessionIdBitmap, MiSessionIdMutex, MiZeroPhysicalPage(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_RETURN_SESSION_CREATE_FAILURE1, MM_DBG_COMMIT_SESSION_CREATE, MM_DBG_SESSION_INITIAL_PAGE_ALLOC, MM_DBG_SESSION_INITIAL_PAGE_FREE_FAIL1, MM_DBG_SESSION_INITIAL_PAGETABLE_ALLOC, MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_FAIL1, MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_RACE, MM_DBG_SESSIONS, MM_DEMAND_ZERO_WRITE_PTE, MM_SESSION_FAILURE_NO_COMMIT, MM_SESSION_FAILURE_NO_IDS, MM_SESSION_FAILURE_NO_RESIDENT, MM_SESSION_FAILURE_NO_SYSPTES, MM_SESSION_FAILURE_RACE_DETECTED, MM_TRACK_COMMIT, MmIsAddressValid(), MmResidentAvailablePages, MmSessionBase, MmSessionSpace, _MM_SESSION_SPACE::NonPagablePages, NT_SUCCESS, NTSTATUS(), NULL, _MMPFN::OriginalPte, _MM_SESSION_SPACE::PageTables, _MM_SESSION_SPACE::ProcessList, _MMPFN::PteFrame, _MM_SESSION_SPACE::ReferenceCount, RtlClearBits(), RtlFindClearBitsAndSet(), _MM_SESSION_SPACE::Session, SESSION_GLOBAL, _MM_SESSION_SPACE::SessionId, _MM_SESSION_SPACE::SessionPageDirectoryIndex, _MM_SESSION_SPACE::SpinLock, StandbyPageList, Status, SystemPteSpace, TRUE, _MM_SESSION_SPACE::u, _MMPTE::u, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, ValidKernelPdeLocal, ValidKernelPteLocal, _MM_SESSION_SPACE::WsListEntry, and ZeroKernelPte. Referenced by MmSessionCreate(). : This routine creates the data structure that describes and maintains the session space. It resides at the beginning of the session space. Carefully construct the first page mapping to bootstrap the fault handler which relies on the session space data structure being present and valid. In 32-bit NT, this initial mapping for the portion of session space mapped by the first PDE will automatically be inherited by all child processes when the system copies the system portion of the page directory for new address spaces. Additional entries are faulted in by the session space fault handler, which references this structure. For 64-bit NT, everything is automatically inherited. This routine commits virtual memory within the current session space with backing pages. The virtual addresses within session space are allocated with a separate facility in the image management facility. This is because images must be at a unique system wide virtual address. Arguments: SessionId - Supplies a pointer to place the new session ID into. Return Value: STATUS_SUCCESS if all went well, various failure status codes if the session was not created. Environment: Kernel mode, no mutexes held. --*/ { KIRQL OldIrql; PMMPTE PointerPpe; PMMPTE PointerPde; PMMPTE PointerPte; NTSTATUS Status; PMM_SESSION_SPACE SessionSpace; PMM_SESSION_SPACE SessionGlobal; PFN_NUMBER ResidentPages; BOOLEAN GotCommit; BOOLEAN GotPages; PMMPFN Pfn1; MMPTE TempPte; MMPTE AliasPte; MMPTE PreviousPte; ULONG_PTR Va; PFN_NUMBER DataPage; PFN_NUMBER PageTablePage; PFN_NUMBER PageDirectoryPage; ULONG PageColor; SessionSpace = NULL; GotCommit = FALSE; GotPages = FALSE; ASSERT (MmIsAddressValid(SessionSpace) == FALSE); ExAcquireFastMutex (&MiSessionIdMutex); *SessionId = RtlFindClearBitsAndSet (MiSessionIdBitmap, 1, 0); ExReleaseFastMutex (&MiSessionIdMutex); if (*SessionId == 0xFFFFFFFF) { #if DBG DbgPrint("MiSessionCreateInternal: No session IDs available\n"); #endif MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_IDS); return STATUS_NO_MEMORY; } ResidentPages = MI_SESSION_COMMIT_CHARGE; if (MiChargeCommitment (ResidentPages, NULL) == FALSE) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCreateInternal: No commit for %d pages\n", ResidentPages); } #endif MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); goto Failure; } GotCommit = TRUE; MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_CREATE, ResidentPages); LOCK_PFN (OldIrql); // // Check to make sure the physical pages are available. // if ((SPFN_NUMBER)(ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM) > MI_NONPAGABLE_MEMORY_AVAILABLE()) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCreateInternal: No Resident Pages %d, Need %d\n", MmResidentAvailablePages, ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); } #endif UNLOCK_PFN (OldIrql); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_RESIDENT); goto Failure; } GotPages = TRUE; MmResidentAvailablePages -= (ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_COUNTER(40, ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); #if defined (_WIN64) // // Initialize the page directory page. // MiEnsureAvailablePageOrWait (NULL, NULL); PageColor = MI_GET_PAGE_COLOR_FROM_VA (NULL); PageDirectoryPage = MiRemoveZeroPageIfAny (PageColor); if (PageDirectoryPage == 0) { PageDirectoryPage = MiRemoveAnyPage (PageColor); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageDirectoryPage, PageColor); LOCK_PFN (OldIrql); } // // The global bit is masked off since we need to make sure the TB entry // is flushed when we switch to a process in a different session space. // TempPte.u.Long = ValidKernelPdeLocal.u.Long; TempPte.u.Hard.PageFrameNumber = PageDirectoryPage; PointerPpe = MiGetPpeAddress ((PVOID)MmSessionSpace); // // Another thread may have gotten here before us, check for that now. // if (PointerPpe->u.Long != 0) { #if DBG ASSERT (PointerPpe->u.Hard.Valid == 1); DbgPrint("MiSessionCreateInternal: Detected PPE %p race\n", PointerPpe->u.Long); DbgBreakPoint (); #endif //DBG Pfn1 = MI_PFN_ELEMENT (PageDirectoryPage); ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); Pfn1->u3.e2.ReferenceCount = 1; Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; MI_SET_PFN_DELETED (Pfn1); #if DBG Pfn1->u3.e1.PageLocation = StandbyPageList; #endif MiDecrementReferenceCount (PageDirectoryPage); MmResidentAvailablePages += (ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_COUNTER(46, ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_RACE, 1); GotPages = FALSE; UNLOCK_PFN (OldIrql); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_RACE_DETECTED); goto Failure; } *PointerPpe = TempPte; MiInitializePfnForOtherProcess (PageDirectoryPage, PointerPpe, 0); Pfn1 = MI_PFN_ELEMENT (PageDirectoryPage); Pfn1->PteFrame = 0; ASSERT (MI_PFN_ELEMENT(PageDirectoryPage)->u1.WsIndex == 0); KeFillEntryTb ((PHARDWARE_PTE) PointerPpe, MiGetVirtualAddressMappedByPte (PointerPpe), FALSE); #endif // // Initialize the page table page. // MiEnsureAvailablePageOrWait (NULL, NULL); PageColor = MI_GET_PAGE_COLOR_FROM_VA (NULL); PageTablePage = MiRemoveZeroPageIfAny (PageColor); if (PageTablePage == 0) { PageTablePage = MiRemoveAnyPage (PageColor); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageTablePage, PageColor); LOCK_PFN (OldIrql); } // // The global bit is masked off since we need to make sure the TB entry // is flushed when we switch to a process in a different session space. // TempPte.u.Long = ValidKernelPdeLocal.u.Long; TempPte.u.Hard.PageFrameNumber = PageTablePage; PointerPde = MiGetPdeAddress ((PVOID)MmSessionSpace); #if !defined (_WIN64) // // Another thread may have gotten here before us, check for that now. // if (PointerPde->u.Long != 0) { #if DBG ASSERT (PointerPde->u.Hard.Valid == 1); DbgPrint("MiSessionCreateInternal: Detected PDE %p race\n", PointerPde->u.Long); DbgBreakPoint (); #endif //DBG Pfn1 = MI_PFN_ELEMENT (PageTablePage); ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); Pfn1->u3.e2.ReferenceCount = 1; Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; MI_SET_PFN_DELETED (Pfn1); #if DBG Pfn1->u3.e1.PageLocation = StandbyPageList; #endif MiDecrementReferenceCount (PageTablePage); MmResidentAvailablePages += (ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_COUNTER(46, ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_RACE, 1); GotPages = FALSE; UNLOCK_PFN (OldIrql); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_RACE_DETECTED); goto Failure; } #endif MI_WRITE_VALID_PTE (PointerPde, TempPte); // // This page frame references itself instead of the current (SMSS.EXE) // page directory as its PteFrame. This allows the current process to // appear more normal (at least on 32-bit NT). It just means we have // to treat this page specially during teardown. // MiInitializePfnForOtherProcess (PageTablePage, PointerPde, PageTablePage); // // This page is never paged, ensure that its WsIndex stays clear so the // release of the page is handled correctly. // ASSERT (MI_PFN_ELEMENT(PageTablePage)->u1.WsIndex == 0); Va = (ULONG_PTR)MiGetPteAddress (MmSessionSpace); KeFillEntryTb ((PHARDWARE_PTE) PointerPde, (PMMPTE)Va, FALSE); MiEnsureAvailablePageOrWait (NULL, NULL); PageColor = MI_GET_PAGE_COLOR_FROM_VA (NULL); DataPage = MiRemoveZeroPageIfAny (PageColor); if (DataPage == 0) { DataPage = MiRemoveAnyPage (PageColor); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (DataPage, PageColor); LOCK_PFN (OldIrql); } // // The global bit is masked off since we need to make sure the TB entry // is flushed when we switch to a process in a different session space. // TempPte.u.Long = ValidKernelPteLocal.u.Long; TempPte.u.Hard.PageFrameNumber = DataPage; PointerPte = MiGetPteAddress (MmSessionSpace); MI_WRITE_VALID_PTE (PointerPte, TempPte); MiInitializePfn (DataPage, PointerPte, 1); ASSERT (MI_PFN_ELEMENT(DataPage)->u1.WsIndex == 0); UNLOCK_PFN (OldIrql); KeFillEntryTb ((PHARDWARE_PTE) PointerPte, (PMMPTE)MmSessionSpace, FALSE); AliasPte = *PointerPte; // // Initialize the new session space data structure. // SessionSpace = MmSessionSpace; MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGETABLE_ALLOC, 1); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGE_ALLOC, 1); SessionSpace->ReferenceCount = 1; SessionSpace->u.LongFlags = 0; SessionSpace->SessionId = *SessionId; SessionSpace->SessionPageDirectoryIndex = PageTablePage; SessionSpace->Color = PageColor; // // Track the page table page and the data page. // SessionSpace->NonPagablePages = ResidentPages; SessionSpace->CommittedPages = ResidentPages; #if defined (_WIN64) // // Initialize the session data page directory entry so trimmers can attach. // PointerPpe = MiGetPpeAddress ((PVOID)MmSessionSpace); SessionSpace->PageDirectory = *PointerPpe; #else // // Load the session data page table entry so that other processes // can fault in the mapping. // SessionSpace->PageTables[PointerPde - MiGetPdeAddress (MmSessionBase)] = *PointerPde; #endif // // Reserve a global system PTE and map the data page into it. // SessionSpace->GlobalPteEntry = MiReserveSystemPtes (1, SystemPteSpace, 0, 0, FALSE ); if (SessionSpace->GlobalPteEntry == NULL) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCreateInternal: No memory for session self-map\n"); } #endif MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_SYSPTES); goto Failure; } *(SessionSpace->GlobalPteEntry) = AliasPte; SessionSpace->GlobalVirtualAddress = MiGetVirtualAddressMappedByPte (SessionSpace->GlobalPteEntry); SessionGlobal = SESSION_GLOBAL(SessionSpace); // // This list entry is only referenced while within the // session space and has session space (not global) addresses. // InitializeListHead (&SessionSpace->ImageList); // // Initialize the session space pool. // Status = MiInitializeSessionPool (); if (!NT_SUCCESS(Status)) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCreateInternal: No memory for session pool\n"); } #endif goto Failure; } // // Initialize the view mapping support - note this must happen after // initializing session pool. // if (MiInitializeSystemSpaceMap (&SessionGlobal->Session) == FALSE) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint("MiSessionCreateInternal: No memory for view mapping\n"); } #endif goto Failure; } // // Use the global virtual address rather than the session space virtual // address to set up fields that need to be globally accessible. // InitializeListHead (&SessionGlobal->WsListEntry); InitializeListHead (&SessionGlobal->ProcessList); KeInitializeSpinLock (&SessionGlobal->SpinLock); #if defined(_IA64_) KeEnableSessionSharing(&SessionGlobal->SessionMapInfo); #endif return STATUS_SUCCESS; Failure: if (GotCommit == TRUE) { MiReturnCommitment (ResidentPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_CREATE_FAILURE1, ResidentPages); } if (GotPages == TRUE) { #if defined (_WIN64) PointerPpe = MiGetPpeAddress (MI_SESSION_POOL); ASSERT (PointerPpe->u.Hard.Valid != 0); #endif PointerPde = MiGetPdeAddress (MI_SESSION_POOL); ASSERT (PointerPde->u.Hard.Valid != 0); // // Note that this call will acquire the session space lock, so the // data page better be mapped. // MiFreeSessionSpaceMap (); // // Free the initial page table page that was allocated for the // paged pool range (if it has been allocated at this point). // MiFreeSessionPoolBitMaps (); if (SessionSpace->GlobalPteEntry) { MiReleaseSystemPtes (SessionSpace->GlobalPteEntry, 1, SystemPteSpace); SessionSpace->GlobalPteEntry = (PMMPTE)0; } LOCK_PFN (OldIrql); // // Free the session data structure page. // Pfn1 = MI_PFN_ELEMENT (DataPage); MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (DataPage); MI_FLUSH_SINGLE_SESSION_TB (MmSessionSpace, TRUE, TRUE, (PHARDWARE_PTE)PointerPte, ZeroKernelPte.u.Flush, PreviousPte); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGE_FREE_FAIL1, 1); // // Free the page table page. // Pfn1 = MI_PFN_ELEMENT (PageTablePage); ASSERT (PageTablePage == Pfn1->PteFrame); ASSERT (Pfn1->u2.ShareCount == 2); Pfn1->u2.ShareCount -= 1; MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageTablePage); MI_FLUSH_SINGLE_SESSION_TB (MiGetVirtualAddressMappedByPte(PointerPde), TRUE, TRUE, (PHARDWARE_PTE)PointerPde, ZeroKernelPte.u.Flush, PreviousPte); #if defined (_WIN64) // // Free the page directory page. // Pfn1 = MI_PFN_ELEMENT (PageDirectoryPage); ASSERT (PageDirectoryPage == Pfn1->PteFrame); ASSERT (Pfn1->u2.ShareCount == 1); ASSERT (Pfn1->u3.e2.ReferenceCount == 1); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageDirectoryPage); MI_FLUSH_SINGLE_SESSION_TB (MiGetVirtualAddressMappedByPte(PointerPpe), TRUE, TRUE, (PHARDWARE_PTE)PointerPpe, ZeroKernelPte.u.Flush, PreviousPte); #endif // // Now that the PDE has been zeroed, another thread in this process // could attempt a session create so be careful not to count on any // anything in this particular session. // MmResidentAvailablePages += (ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_COUNTER (49, ResidentPages + MI_SESSION_SPACE_WORKING_SET_MINIMUM); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_FAIL1, 1); UNLOCK_PFN (OldIrql); } ExAcquireFastMutex (&MiSessionIdMutex); ASSERT (RtlCheckBit (MiSessionIdBitmap, *SessionId)); RtlClearBits (MiSessionIdBitmap, *SessionId, 1); ExReleaseFastMutex (&MiSessionIdMutex); return STATUS_NO_MEMORY; }

VOID MiSessionDeletePde (  IN PMMPTE  Pde, IN BOOLEAN  WorkingSetInitialized, IN PMMPTE  SelfMapPde )

Definition at line 1408 of file session.c. References ASSERT, DbgPrint, FALSE, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MiDecrementShareAndValidCount, MiDecrementShareCountOnly, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_KERNEL_NOACCESS_PTE, MmHighestPhysicalPage, PTE_PER_PAGE, _MMPFN::PteFrame, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, and ZeroKernelPte. Referenced by MiDereferenceSession(). 01416 : 01417 01418 Used to delete a page directory entry from a session space. 01419 01420 Arguments: 01421 01422 Pde - Supplies the page directory entry to delete. 01423 01424 WorkingSetInitialized - Supplies TRUE if the working set has been 01425 initialized. 01426 01427 SelfMapPde - Supplies the page directory entry that contains the self map 01428 session page. 01429 01430 01431 Return Value: 01432 01433 None. 01434 01435 Environment: 01436 01437 Kernel mode. PFN lock held. 01438 01439 --*/ 01440 01441 { 01442 PMMPFN Pfn1; 01443 PMMPFN Pfn2; 01444 KIRQL OldIrql2; 01445 PFN_NUMBER PageFrameIndex; 01446 BOOLEAN SelfMapPage; 01447 #if DBG 01448 ULONG i; 01449 PMMPTE PointerPte; 01450 #endif 01451 01452 if (Pde->u.Long == ZeroKernelPte.u.Long) { 01453 return; 01454 } 01455 01456 SelfMapPage = (Pde == SelfMapPde ? TRUE : FALSE); 01457 01458 ASSERT (Pde->u.Hard.Valid == 1); 01459 01460 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (Pde); 01461 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01462 01463 #if DBG 01464 01465 ASSERT (PageFrameIndex <= MmHighestPhysicalPage); 01466 01467 if (WorkingSetInitialized == TRUE) { 01468 ASSERT (Pfn1->u1.WsIndex); 01469 } 01470 01471 ASSERT (Pfn1->u3.e1.PrototypePte == 0); 01472 ASSERT (Pfn1->u3.e2.ReferenceCount == 1); 01473 ASSERT (Pfn1->PteFrame <= MmHighestPhysicalPage); 01474 01475 Pfn2 = MI_PFN_ELEMENT (Pfn1->PteFrame); 01476 01477 // 01478 // Verify the containing page table is still the page 01479 // table page mapping the session data structure. 01480 // 01481 01482 if (SelfMapPage == FALSE) { 01483 01484 // 01485 // Note these ASSERTs will fail if win32k leaks pool. 01486 // 01487 01488 ASSERT (Pfn1->u2.ShareCount == 1); 01489 #if !defined (_WIN64) 01490 01491 // 01492 // 32-bit NT points the additional page tables at the master. 01493 // 64-bit NT doesn't need to use this trick as there is always 01494 // an additional hierarchy level. 01495 // 01496 01497 ASSERT (Pfn1->PteFrame == MI_GET_PAGE_FRAME_FROM_PTE (SelfMapPde)); 01498 #endif 01499 ASSERT (Pfn2->u2.ShareCount > 2); 01500 } 01501 else { 01502 ASSERT (Pfn1 == Pfn2); 01503 ASSERT (Pfn1->u2.ShareCount == 2); 01504 } 01505 01506 // 01507 // Make sure the page table page is zeroed. It should always be zero 01508 // unless win32k leaks pool or random bits get set. 01509 // 01510 01511 PointerPte = (PMMPTE)MiMapPageInHyperSpace (PageFrameIndex, &OldIrql2); 01512 01513 i = 0; 01514 while (i < PTE_PER_PAGE) { 01515 if (PointerPte->u.Long != 0 && PointerPte->u.Long != MM_KERNEL_NOACCESS_PTE) { 01516 DbgPrint("MM: Deleting session page table: Index %d PTE %p is not zero! %p\n", 01517 i, 01518 PointerPte, 01519 PointerPte->u.Long); 01520 DbgBreakPoint(); 01521 } 01522 PointerPte += 1; 01523 i += 1; 01524 } 01525 01526 MiUnmapPageInHyperSpace (OldIrql2); 01527 01528 #endif // DBG 01529 01530 if (SelfMapPage == FALSE) { 01531 MiDecrementShareAndValidCount (Pfn1->PteFrame); 01532 } 01533 else { 01534 ASSERT (Pfn1 == Pfn2); 01535 ASSERT (Pfn1->u2.ShareCount == 2); 01536 Pfn1->u2.ShareCount -= 1; 01537 } 01538 01539 MI_SET_PFN_DELETED (Pfn1); 01540 MiDecrementShareCountOnly (PageFrameIndex); 01541 }

VOID MiSessionInSwapProcess (  IN PEPROCESS  Process  )

Definition at line 2737 of file session.c. References ASSERT, DbgPrint, _MM_SESSION_SPACE::GlobalVirtualAddress, LOCK_EXPANSION, MI_GET_DIRECTORY_FRAME_FROM_PROCESS, MI_GET_PAGE_FRAME_FROM_PTE, MiGetPdeOffset, MiGetPpeOffset, MiGetPteAddress, MiGetPteOffset, MiHydra, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_DBG_SESSIONS, MmSessionSpace, _MM_SESSION_SPACE::ProcessList, _MM_SESSION_SPACE::ProcessOutSwapCount, _MM_SESSION_SPACE::ReferenceCount, _MM_SESSION_SPACE::SessionId, TRUE, _MMSUPPORT::u, UNLOCK_EXPANSION, _MM_SESSION_SPACE::Vm, and _MMSUPPORT::WorkingSetSize. Referenced by MmInSwapProcess(). 02743 : 02744 02745 This routine in swaps the specified process. 02746 02747 Arguments: 02748 02749 Process - Supplies a pointer to the process that is to be swapped 02750 into memory. 02751 02752 Return Value: 02753 02754 None. 02755 02756 Environment: 02757 02758 Kernel mode. This routine must not enter a wait state for memory resources 02759 or the system will deadlock. 02760 02761 --*/ 02762 02763 { 02764 MMPTE TempPte; 02765 PFN_NUMBER PdePage; 02766 PMMPTE PageDirectoryMap; 02767 KIRQL OldIrql; 02768 PFN_NUMBER SessionPage; 02769 PMM_SESSION_SPACE SessionGlobal; 02770 #if DBG 02771 ULONG InCount; 02772 ULONG OutCount; 02773 PLIST_ENTRY NextEntry; 02774 #endif 02775 #if defined (_X86PAE_) 02776 ULONG i; 02777 PPAE_ENTRY PaeVa; 02778 #endif 02779 02780 ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); 02781 02782 // 02783 // smss doesn't count when we catch it before it has detached from the 02784 // session it is currently creating. 02785 // 02786 02787 if (Process->Vm.u.Flags.SessionLeader == 1) { 02788 return; 02789 } 02790 02791 ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); 02792 02793 // 02794 // smss doesn't count when we swap it before it has detached from the 02795 // session it is currently creating. 02796 // 02797 02798 if (Process->Vm.u.Flags.SessionLeader == 1) { 02799 return; 02800 } 02801 02802 #if defined (_X86PAE_) 02803 PaeVa = Process->PaeTop; 02804 02805 #if DBG 02806 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 02807 ASSERT (PaeVa->PteEntry[i].u.Hard.Valid == 1); 02808 } 02809 #endif 02810 02811 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&PaeVa->PteEntry[MiGetPdPteOffset(MmSessionSpace)]); 02812 02813 #else 02814 PdePage = MI_GET_DIRECTORY_FRAME_FROM_PROCESS(Process); 02815 #endif 02816 02817 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02818 02819 #if defined (_WIN64) 02820 TempPte = PageDirectoryMap[MiGetPpeOffset(MmSessionSpace)]; 02821 02822 MiUnmapPageInHyperSpace (OldIrql); 02823 02824 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02825 02826 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02827 #endif 02828 02829 TempPte = PageDirectoryMap[MiGetPdeOffset(MmSessionSpace)]; 02830 02831 MiUnmapPageInHyperSpace (OldIrql); 02832 02833 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02834 02835 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02836 02837 TempPte = PageDirectoryMap[MiGetPteOffset(MmSessionSpace)]; 02838 02839 MiUnmapPageInHyperSpace (OldIrql); 02840 02841 SessionPage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02842 02843 SessionGlobal = (PMM_SESSION_SPACE) MiMapPageInHyperSpace (SessionPage, 02844 &OldIrql); 02845 02846 ASSERT (MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(SessionGlobal->GlobalVirtualAddress)) == SessionPage); 02847 02848 SessionGlobal = SessionGlobal->GlobalVirtualAddress; 02849 02850 MiUnmapPageInHyperSpace (OldIrql); 02851 02852 LOCK_EXPANSION (OldIrql); 02853 02854 #if DBG 02855 ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount > 0); 02856 02857 InCount = 0; 02858 OutCount = 0; 02859 NextEntry = SessionGlobal->ProcessList.Flink; 02860 02861 while (NextEntry != &SessionGlobal->ProcessList) { 02862 Process = CONTAINING_RECORD (NextEntry, EPROCESS, SessionProcessLinks); 02863 02864 if (Process->ProcessOutswapEnabled == TRUE) { 02865 OutCount += 1; 02866 } 02867 else { 02868 InCount += 1; 02869 } 02870 02871 NextEntry = NextEntry->Flink; 02872 } 02873 02874 if (InCount + OutCount > SessionGlobal->ReferenceCount) { 02875 DbgPrint ("MiSessionInSwapProcess : count mismatch %p %x %x %x\n", 02876 SessionGlobal, 02877 SessionGlobal->ReferenceCount, 02878 InCount, 02879 OutCount); 02880 DbgBreakPoint (); 02881 } 02882 02883 if (SessionGlobal->ProcessOutSwapCount != OutCount) { 02884 DbgPrint ("MiSessionInSwapProcess : out count mismatch %p %x %x %x %x\n", 02885 SessionGlobal, 02886 SessionGlobal->ReferenceCount, 02887 SessionGlobal->ProcessOutSwapCount, 02888 InCount, 02889 OutCount); 02890 DbgBreakPoint (); 02891 } 02892 02893 ASSERT (SessionGlobal->ProcessOutSwapCount <= SessionGlobal->ReferenceCount); 02894 02895 MiSessionSwap[MiSwapIndex].Flag = 2; 02896 MiSessionSwap[MiSwapIndex].Process = Process; 02897 MiSessionSwap[MiSwapIndex].Session = SessionGlobal; 02898 MiSessionSwap[MiSwapIndex].OutSwapCount = SessionGlobal->ProcessOutSwapCount; 02899 MiSwapIndex += 1; 02900 if (MiSwapIndex == 0x100) { 02901 MiSwapIndex = 0; 02902 } 02903 #endif 02904 02905 if (SessionGlobal->ProcessOutSwapCount == SessionGlobal->ReferenceCount) { 02906 #if DBG 02907 MiSessionInfo[2] += 1; 02908 if (MmDebug & MM_DBG_SESSIONS) { 02909 DbgPrint ("Mm: First process (%d total) just swapped back in for session %d, %d pages\n", 02910 SessionGlobal->ProcessOutSwapCount, 02911 SessionGlobal->SessionId, 02912 SessionGlobal->Vm.WorkingSetSize); 02913 } 02914 #endif 02915 SessionGlobal->Vm.u.Flags.TrimHard = 0; 02916 } 02917 #if DBG 02918 else { 02919 MiSessionInfo[3] += 1; 02920 } 02921 #endif 02922 02923 SessionGlobal->ProcessOutSwapCount -= 1; 02924 02925 ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount >= 0); 02926 02927 UNLOCK_EXPANSION (OldIrql); 02928 } }

VOID MiSessionOutSwapProcess (  IN PEPROCESS  Process  )

Definition at line 2551 of file session.c. References ASSERT, DbgPrint, _MM_SESSION_SPACE::GlobalVirtualAddress, KeQuerySystemTime(), _MM_SESSION_SPACE::LastProcessSwappedOutTime, LOCK_EXPANSION, MI_GET_DIRECTORY_FRAME_FROM_PROCESS, MI_GET_PAGE_FRAME_FROM_PTE, MiGetPdeOffset, MiGetPpeOffset, MiGetPteAddress, MiGetPteOffset, MiHydra, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_DBG_SESSIONS, MmSessionSpace, _MM_SESSION_SPACE::ProcessList, _MM_SESSION_SPACE::ProcessOutSwapCount, _MM_SESSION_SPACE::ReferenceCount, _MM_SESSION_SPACE::SessionId, TRUE, _MMSUPPORT::u, UNLOCK_EXPANSION, _MM_SESSION_SPACE::Vm, and _MMSUPPORT::WorkingSetSize. Referenced by MmOutSwapProcess(). : This routine notifies the containing session that the specified process is being outswapped. When all the processes within a session have been outswapped, the containing session undergoes a heavy trim. Arguments: Process - Supplies a pointer to the process that is swapped out of memory. Return Value: None. Environment: Kernel mode. This routine must not enter a wait state for memory resources or the system will deadlock. --*/ { MMPTE TempPte; PFN_NUMBER PdePage; PMMPTE PageDirectoryMap; KIRQL OldIrql; PFN_NUMBER SessionPage; PMM_SESSION_SPACE SessionGlobal; #if DBG ULONG InCount; ULONG OutCount; PLIST_ENTRY NextEntry; #endif #if defined (_X86PAE_) ULONG i; PPAE_ENTRY PaeVa; #endif ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); // // smss doesn't count when we swap it before it has detached from the // session it is currently creating. // if (Process->Vm.u.Flags.SessionLeader == 1) { return; } #if defined (_X86PAE_) PaeVa = Process->PaeTop; #if DBG for (i = 0; i < PD_PER_SYSTEM; i += 1) { ASSERT (PaeVa->PteEntry[i].u.Hard.Valid == 1); } #endif PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&PaeVa->PteEntry[MiGetPdPteOffset(MmSessionSpace)]); #else PdePage = MI_GET_DIRECTORY_FRAME_FROM_PROCESS(Process); #endif PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); #if defined (_WIN64) TempPte = PageDirectoryMap[MiGetPpeOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); #endif TempPte = PageDirectoryMap[MiGetPdeOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); TempPte = PageDirectoryMap[MiGetPteOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); SessionPage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); SessionGlobal = (PMM_SESSION_SPACE) MiMapPageInHyperSpace ( SessionPage, &OldIrql); ASSERT (MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(SessionGlobal->GlobalVirtualAddress)) == SessionPage); SessionGlobal = SessionGlobal->GlobalVirtualAddress; MiUnmapPageInHyperSpace (OldIrql); LOCK_EXPANSION (OldIrql); SessionGlobal->ProcessOutSwapCount += 1; #if DBG ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount > 0); InCount = 0; OutCount = 0; NextEntry = SessionGlobal->ProcessList.Flink; while (NextEntry != &SessionGlobal->ProcessList) { Process = CONTAINING_RECORD (NextEntry, EPROCESS, SessionProcessLinks); if (Process->ProcessOutswapEnabled == TRUE) { OutCount += 1; } else { InCount += 1; } NextEntry = NextEntry->Flink; } if (InCount + OutCount > SessionGlobal->ReferenceCount) { DbgPrint ("MiSessionOutSwapProcess : process count mismatch %p %x %x %x\n", SessionGlobal, SessionGlobal->ReferenceCount, InCount, OutCount); DbgBreakPoint (); } if (SessionGlobal->ProcessOutSwapCount != OutCount) { DbgPrint ("MiSessionOutSwapProcess : out count mismatch %p %x %x %x %x\n", SessionGlobal, SessionGlobal->ReferenceCount, SessionGlobal->ProcessOutSwapCount, InCount, OutCount); DbgBreakPoint (); } ASSERT (SessionGlobal->ProcessOutSwapCount <= SessionGlobal->ReferenceCount); MiSessionSwap[MiSwapIndex].Flag = 1; MiSessionSwap[MiSwapIndex].Process = Process; MiSessionSwap[MiSwapIndex].Session = SessionGlobal; MiSessionSwap[MiSwapIndex].OutSwapCount = SessionGlobal->ProcessOutSwapCount; MiSwapIndex += 1; if (MiSwapIndex == 0x100) { MiSwapIndex = 0; } #endif if (SessionGlobal->ProcessOutSwapCount == SessionGlobal->ReferenceCount) { SessionGlobal->Vm.u.Flags.TrimHard = 1; #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint ("Mm: Last process (%d total) just swapped out for session %d, %d pages\n", SessionGlobal->ProcessOutSwapCount, SessionGlobal->SessionId, SessionGlobal->Vm.WorkingSetSize); } MiSessionInfo[0] += 1; #endif KeQuerySystemTime (&SessionGlobal->LastProcessSwappedOutTime); } #if DBG else { MiSessionInfo[1] += 1; } #endif UNLOCK_EXPANSION (OldIrql); }

VOID MiSessionRemoveProcess (  VOID   )

Referenced by MmCleanProcessAddressSpace().

NTSTATUS MmSessionCreate (  OUT PULONG  SessionId  )

Definition at line 974 of file session.c. References ASSERT, FALSE, KeEnterCriticalRegion, KeLeaveCriticalRegion, LOCK_EXPANSION, MI_SESSION_SPACE_END, MiDereferenceSession(), MiGetPdeAddress, MiGetPpeAddress, MiHydra, MiSessionCount, MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmIsAddressValid(), MmSessionBase, MmSessionSpace, NT_SUCCESS, NTSTATUS(), PsGetCurrentProcess, Status, _MM_SESSION_SPACE::u, _MMPTE::u, _MMSUPPORT::u, UNLOCK_EXPANSION, _EPROCESS::Vm, and ZeroKernelPte. Referenced by NtSetSystemInformation(). : Called from NtSetSystemInformation() to create a session space in the calling process with the specified SessionId. An error is returned if the calling process already has a session Space. Arguments: SessionId - Supplies a pointer to place the resulting session id in. Return Value: Various NTSTATUS error codes. Environment: Kernel mode, no mutexes held. --*/ { KIRQL OldIrql; NTSTATUS Status; PEPROCESS CurrentProcess; #if DBG PMMPTE StartPde; PMMPTE EndPde; #endif if (MiHydra == FALSE) { return STATUS_INVALID_SYSTEM_SERVICE; } CurrentProcess = PsGetCurrentProcess(); // // A simple check to see if the calling process already has a session space. // No need to go through all this if it does. Creation races are caught // below and recovered from regardless. // if (CurrentProcess->Vm.u.Flags.ProcessInSession == 1) { return STATUS_ALREADY_COMMITTED; } if (CurrentProcess->Vm.u.Flags.SessionLeader == 0) { // // Only the session manager can create a session. // return STATUS_INVALID_SYSTEM_SERVICE; } #if DBG ASSERT (MmIsAddressValid(MmSessionSpace) == FALSE); #if defined (_WIN64) ASSERT ((MiGetPpeAddress(MmSessionBase))->u.Long == ZeroKernelPte.u.Long); #else StartPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); while (StartPde < EndPde) { ASSERT (StartPde->u.Long == ZeroKernelPte.u.Long); StartPde += 1; } #endif #endif KeEnterCriticalRegion(); Status = MiSessionCreateInternal (SessionId); if (!NT_SUCCESS(Status)) { KeLeaveCriticalRegion(); return Status; } LOCK_EXPANSION (OldIrql); MiSessionCount += 1; UNLOCK_EXPANSION (OldIrql); // // Add the session space to the working set list. // Status = MiSessionInitializeWorkingSetList (); if (!NT_SUCCESS(Status)) { MiDereferenceSession (); KeLeaveCriticalRegion(); return Status; } KeLeaveCriticalRegion(); MmSessionSpace->u.Flags.Initialized = 1; LOCK_EXPANSION (OldIrql); CurrentProcess->Vm.u.Flags.ProcessInSession = 1; UNLOCK_EXPANSION (OldIrql); return Status; }

NTSTATUS MmSessionDelete (  ULONG  SessionId  )

Definition at line 1093 of file session.c. References ASSERT, DbgPrint, FALSE, KeEnterCriticalRegion, KeLeaveCriticalRegion, MiDereferenceSession(), MiHydra, MmIsAddressValid(), MmSessionSpace, PsGetCurrentProcess, _MM_SESSION_SPACE::SessionId, TRUE, _MMSUPPORT::u, and _EPROCESS::Vm. Referenced by NtSetSystemInformation(). : Called from NtSetSystemInformation() to detach from an existing session space in the calling process. An error is returned if the calling process has no session Space. Arguments: SessionId - Supplies the session id to delete. Return Value: STATUS_SUCCESS on success, STATUS_UNABLE_TO_FREE_VM on failure. This process will not be able to access session space anymore upon a successful return. If this is the last process in the session then the entire session is torn down. Environment: Kernel mode, no mutexes held. --*/ { PEPROCESS CurrentProcess; if (MiHydra == FALSE) { return STATUS_INVALID_SYSTEM_SERVICE; } CurrentProcess = PsGetCurrentProcess(); // // See if the calling process has a session space - this must be // checked since we can be called via a system service. // if (CurrentProcess->Vm.u.Flags.ProcessInSession == 0) { #if DBG DbgPrint ("MmSessionDelete: Process %p not in a session\n", PsGetCurrentProcess()); DbgBreakPoint(); #endif return STATUS_UNABLE_TO_FREE_VM; } if (CurrentProcess->Vm.u.Flags.SessionLeader == 0) { // // Only the session manager can delete a session. This is because // it affects the virtual mappings for all threads within the process // when this address space is deleted. This is different from normal // VAD clearing because win32k and other drivers rely on this space. // return STATUS_UNABLE_TO_FREE_VM; } ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); if (MmSessionSpace->SessionId != SessionId) { #if DBG DbgPrint("MmSessionDelete: Wrong SessionId! Own %d, Ask %d\n", MmSessionSpace->SessionId, SessionId); DbgBreakPoint(); #endif return STATUS_UNABLE_TO_FREE_VM; } KeEnterCriticalRegion (); MiDereferenceSession (); KeLeaveCriticalRegion (); return STATUS_SUCCESS; }

VOID MmSessionLeader (  IN PEPROCESS  Process  )

Definition at line 109 of file session.c. : Mark the argument process as having the ability to create or delete session spaces. This is only granted to the session manager process. Arguments: Process - Supplies a pointer to the privileged process. Return Value: None. Environment: Kernel mode. --*/ { Process->Vm.u.Flags.SessionLeader = 1; }

VOID MmSessionSetUnloadAddress (  IN PDRIVER_OBJECT  pWin32KDevice  )

Definition at line 140 of file session.c. References ASSERT, MiHydra, MmIsAddressValid(), MmSessionSpace, PsGetCurrentProcess, TRUE, and _MM_SESSION_SPACE::Win32KDriverObject. Referenced by NtSetSystemInformation(). : Copy the win32k.sys driver object to the session structure for use during unload. Arguments: NewProcess - Supplies a pointer to the win32k driver object. Return Value: None. Environment: Kernel mode. --*/ { if (MiHydra == TRUE && PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 1) { ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); RtlMoveMemory (&MmSessionSpace->Win32KDriverObject, pWin32KDevice, sizeof(DRIVER_OBJECT)); } }

---

Variable Documentation

ULONG MiSessionCount

Definition at line 24 of file session.c. Referenced by MiDereferenceSession(), and MmSessionCreate().

PRTL_BITMAP MiSessionIdBitmap

Definition at line 30 of file session.c. Referenced by MiDereferenceSession(), MiInitializeSessionIds(), and MiSessionCreateInternal().

FAST_MUTEX MiSessionIdMutex

Definition at line 28 of file session.c. Referenced by MiDereferenceSession(), MiInitializeSessionIds(), and MiSessionCreateInternal().

---