mi.h File Reference

#include "ntos.h"
#include "ntimage.h"
#include "ki.h"
#include "fsrtl.h"
#include "zwapi.h"
#include "pool.h"
#include "ntiodump.h"
#include "stdio.h"
#include "string.h"
#include "safeboot.h"
#include "triage.h"

Go to the source code of this file.

Classes
struct	_MMPFNENTRY
struct	_MMPFN
struct	_MMWSLE_HASH
struct	_MMWSLENTRY
struct	_MMWSLE
struct	_MMWSL
struct	_MI_NEXT_ESTIMATION_SLOT_CONST
struct	_MMEXTEND_INFO
struct	_SEGMENT
struct	_EVENT_COUNTER
struct	_MMSECTION_FLAGS
struct	_CONTROL_AREA
struct	_LARGE_CONTROL_AREA
struct	_MMSUBSECTION_FLAGS
struct	_SUBSECTION
struct	_MMDEREFERENCE_SEGMENT_HEADER
struct	_MMPAGE_FILE_EXPANSION
struct	_MMWORKING_SET_EXPANSION_HEAD
struct	_MMFLUSH_BLOCK
struct	_MMINPAGE_SUPPORT
struct	_MMPAGE_READ
struct	_MMADDRESS_NODE
struct	_SECTION
struct	_MMBANKED_SECTION
struct	_MMVAD_FLAGS
struct	_MMVAD_FLAGS2
struct	_MMADDRESS_LIST
struct	_MMSECURE_ENTRY
struct	_MMVAD
struct	_MMVAD_SHORT
struct	_MI_PHYSICAL_VIEW
struct	_MMCLONE_BLOCK
struct	_MMCLONE_HEADER
struct	_MMCLONE_DESCRIPTOR
struct	_MMMOD_WRITER_LISTHEAD
struct	_MMMOD_WRITER_MDL_ENTRY
struct	_MMPAGING_FILE
struct	_MMINPAGE_SUPPORT_LIST
struct	_MMEVENT_COUNT_LIST
struct	_MMFREE_POOL_ENTRY
struct	_MMLOCK_CONFLICT
struct	_MMVIEW
struct	_MMSESSION
struct	_MMPTE_FLUSH_LIST
struct	_LOCK_TRACKER
struct	_LOCK_HEADER
struct	_UNLOADED_DRIVERS
struct	_VI_POOL_ENTRY_INUSE
struct	_VI_POOL_ENTRY
struct	_MI_VERIFIER_DRIVER_ENTRY
struct	_MI_VERIFIER_POOL_HEADER
struct	_MM_DRIVER_VERIFIER_DATA
struct	_MI_FREED_SPECIAL_POOL
struct	_MM_PAGED_POOL_INFO
struct	_MM_SESSION_SPACE_FLAGS
struct	_MM_SESSION_SPACE
struct	_IMAGE_ENTRY_IN_SESSION
Defines
#define	ASSERT32(exp)   ASSERT(exp)
#define	ASSERT64(exp)
#define	MI_SPECIAL_POOL_PAGABLE   0x8000
#define	MI_SPECIAL_POOL_VERIFIER   0x4000
#define	MI_SPECIAL_POOL_PTE_PAGABLE   0x0002
#define	MI_SPECIAL_POOL_PTE_NONPAGABLE   0x0004
#define	_2gb   0x80000000
#define	_4gb   0x100000000
#define	MM_FLUSH_COUNTER_MASK   (0xFFFFF)
#define	MM_FREE_WSLE_SHIFT   4
#define	WSLE_NULL_INDEX   ((ULONG)0xFFFFFFF)
#define	MM_FREE_POOL_SIGNATURE   (0x50554F4C)
#define	MM_MINIMUM_PAGED_POOL_NTAS   ((SIZE_T)(48*1024*1024))
#define	MM_ALLOCATION_FILLS_VAD   ((PMMPTE)(ULONG_PTR)~3)
#define	MM_WORKING_SET_LIST_SEARCH   17
#define	MM_FLUID_WORKING_SET   8
#define	MM_FLUID_PHYSICAL_PAGES   32
#define	MM_USABLE_PAGES_FREE   32
#define	X64K   (ULONG)65536
#define	MM_HIGHEST_VAD_ADDRESS   ((PVOID)((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (64 * 1024)))
#define	MM_NO_WS_EXPANSION   ((PLIST_ENTRY)0)
#define	MM_WS_EXPANSION_IN_PROGRESS   ((PLIST_ENTRY)35)
#define	MM_WS_SWAPPED_OUT   ((PLIST_ENTRY)37)
#define	MM_IO_IN_PROGRESS   ((PLIST_ENTRY)97)
#define	MM_PAGES_REQUIRED_FOR_MAPPED_IO   7
#define	MM4K_SHIFT   12
#define	MM4K_MASK   0xfff
#define	MMSECTOR_SHIFT   9
#define	MMSECTOR_MASK   0x1ff
#define	MM_LOCK_BY_REFCOUNT   0
#define	MM_LOCK_BY_NONPAGE   1
#define	MM_FORCE_TRIM   6
#define	MM_GROW_WSLE_HASH   20
#define	MM_MAXIMUM_WRITE_CLUSTER   (MM_MAXIMUM_DISK_IO_SIZE / PAGE_SIZE)
#define	MM_MAXIMUM_FLUSH_COUNT   (FLUSH_MULTIPLE_MAXIMUM-1)
#define	MM_ZERO_ACCESS   0
#define	MM_READONLY   1
#define	MM_EXECUTE   2
#define	MM_EXECUTE_READ   3
#define	MM_READWRITE   4
#define	MM_WRITECOPY   5
#define	MM_EXECUTE_READWRITE   6
#define	MM_EXECUTE_WRITECOPY   7
#define	MM_NOCACHE   0x8
#define	MM_GUARD_PAGE   0x10
#define	MM_DECOMMIT   0x10
#define	MM_NOACCESS   0x18
#define	MM_UNKNOWN_PROTECTION   0x100
#define	MM_LARGE_PAGES   0x111
#define	PROTECT_KSTACKS   1
#define	MM_KSTACK_OUTSWAPPED   0x1F
#define	MM_PROTECTION_WRITE_MASK   4
#define	MM_PROTECTION_COPY_MASK   1
#define	MM_PROTECTION_OPERATION_MASK   7
#define	MM_PROTECTION_EXECUTE_MASK   2
#define	MM_SECURE_DELETE_CHECK   0x55
#define	MM_DBG_WRITEFAULT   0x1
#define	MM_DBG_PTE_UPDATE   0x2
#define	MM_DBG_DUMP_WSL   0x4
#define	MM_DBG_PAGEFAULT   0x8
#define	MM_DBG_WS_EXPANSION   0x10
#define	MM_DBG_MOD_WRITE   0x20
#define	MM_DBG_CHECK_PTE   0x40
#define	MM_DBG_VAD_CONFLICT   0x80
#define	MM_DBG_SECTIONS   0x100
#define	MM_DBG_SYS_PTES   0x400
#define	MM_DBG_CLEAN_PROCESS   0x800
#define	MM_DBG_COLLIDED_PAGE   0x1000
#define	MM_DBG_DUMP_BOOT_PTES   0x2000
#define	MM_DBG_FORK   0x4000
#define	MM_DBG_DIR_BASE   0x8000
#define	MM_DBG_FLUSH_SECTION   0x10000
#define	MM_DBG_PRINTS_MODWRITES   0x20000
#define	MM_DBG_PAGE_IN_LIST   0x40000
#define	MM_DBG_CHECK_PFN_LOCK   0x80000
#define	MM_DBG_PRIVATE_PAGES   0x100000
#define	MM_DBG_WALK_VAD_TREE   0x200000
#define	MM_DBG_SWAP_PROCESS   0x400000
#define	MM_DBG_LOCK_CODE   0x800000
#define	MM_DBG_STOP_ON_ACCVIO   0x1000000
#define	MM_DBG_PAGE_REF_COUNT   0x2000000
#define	MM_DBG_SHOW_NT_CALLS   0x10000000
#define	MM_DBG_SHOW_FAULTS   0x40000000
#define	MM_DBG_SESSIONS   0x80000000
#define	MM_COPY_ON_WRITE_MASK   5
#define	MmIsRetryIoStatus(S)
#define	MI_CONVERT_FROM_PTE_PROTECTION(PROTECTION_MASK)   (MmProtectToValue[PROTECTION_MASK])
#define	MI_MASK_TO_PTE(PROTECTION_MASK)   MmProtectToPteMask[PROTECTION_MASK]
#define	MI_IS_PTE_PROTECTION_COPY_WRITE(PROTECTION_MASK)   (((PROTECTION_MASK) & MM_COPY_ON_WRITE_MASK) == MM_COPY_ON_WRITE_MASK)
#define	MI_ROUND_TO_64K(LENGTH)   (((LENGTH) + X64K - 1) & ~(X64K - 1))
#define	MI_ROUND_TO_SIZE(LENGTH, ALIGNMENT)   (((LENGTH) + ((ALIGNMENT) - 1)) & ~((ALIGNMENT) - 1))
#define	MI_64K_ALIGN(VA)   ((PVOID)((ULONG_PTR)(VA) & ~((LONG)X64K - 1)))
#define	MI_ALIGN_TO_SIZE(VA, ALIGNMENT)   ((PVOID)((ULONG_PTR)(VA) & ~((ULONG_PTR) ALIGNMENT - 1)))
#define	MI_STARTING_OFFSET(SUBSECT, PTE)
#define	MiFindEmptyAddressRangeDown(SizeOfRange, HighestAddressToEndAt, Alignment)
#define	MiGetPreviousVad(VAD)   ((PMMVAD)MiGetPreviousNode((PMMADDRESS_NODE)(VAD)))
#define	MiGetNextVad(VAD)   ((PMMVAD)MiGetNextNode((PMMADDRESS_NODE)(VAD)))
#define	MiGetFirstVad(Process)   ((PMMVAD)MiGetFirstNode((PMMADDRESS_NODE)(Process->VadRoot)))
#define	MiCheckForConflictingVad(StartingAddress, EndingAddress)
#define	MiGetNextClone(CLONE)   ((PMMCLONE_DESCRIPTOR)MiGetNextNode((PMMADDRESS_NODE)(CLONE)))
#define	MiGetPreviousClone(CLONE)   ((PMMCLONE_DESCRIPTOR)MiGetPreviousNode((PMMADDRESS_NODE)(CLONE)))
#define	MiGetFirstClone()   ((PMMCLONE_DESCRIPTOR)MiGetFirstNode((PMMADDRESS_NODE)(PsGetCurrentProcess()->CloneRoot)))
#define	MiInsertClone(CLONE)
#define	MiRemoveClone(CLONE)   MiRemoveNode((PMMADDRESS_NODE)(CLONE),(PMMADDRESS_NODE *)&(PsGetCurrentProcess()->CloneRoot));
#define	MiLocateCloneAddress(VA)
#define	MiCheckForConflictingClone(START, END)
#define	MI_VA_TO_PAGE(va)   ((ULONG_PTR)(va) >> PAGE_SHIFT)
#define	MI_VA_TO_VPN(va)   ((ULONG_PTR)(va) >> PAGE_SHIFT)
#define	MI_VPN_TO_VA(vpn)   (PVOID)((vpn) << PAGE_SHIFT)
#define	MI_VPN_TO_VA_ENDING(vpn)   (PVOID)(((vpn) << PAGE_SHIFT) | (PAGE_SIZE - 1))
#define	MiGetByteOffset(va)   ((ULONG_PTR)(va) & (PAGE_SIZE - 1))
#define	MI_PFN_ELEMENT(index)   (&MmPfnDatabase[index])
#define	MI_MAKE_PROTECT_NOT_WRITE_COPY(PROTECT)   (MmMakeProtectNotWriteCopy[PROTECT])
#define	MiLockPfnDatabase(OldIrql)   ExAcquireSpinLock(&MmPfnLock, &OldIrql)
#define	MiUnlockPfnDatabase(OldIrql)   ExReleaseSpinLock(&MmPfnLock, OldIrql)
#define	MiTryToLockPfnDatabase(OldIrql)   KeTryToAcquireSpinLock(&MmPfnLock, &OldIrql)
#define	MiReleasePfnLock()   KiReleaseSpinLock(&MmPfnLock)
#define	MiLockSystemSpace(OldIrql)   ExAcquireSpinLock(&MmSystemSpaceLock, &OldIrql)
#define	MiUnlockSystemSpace(OldIrql)   ExReleaseSpinLock(&MmSystemSpaceLock, OldIrql)
#define	MiLockSystemSpaceAtDpcLevel()   ExAcquireSpinLockAtDpcLevel(&MmSystemSpaceLock)
#define	MiUnlockSystemSpaceFromDpcLevel()   ExReleaseSpinLockFromDpcLevel(&MmSystemSpaceLock)
#define	CONSISTENCY_LOCK_PFN(OLDIRQL)
#define	CONSISTENCY_UNLOCK_PFN(OLDIRQL)
#define	CONSISTENCY_LOCK_PFN2(OLDIRQL)
#define	CONSISTENCY_UNLOCK_PFN2(OLDIRQL)
#define	PFN_CONSISTENCY_SET
#define	PFN_CONSISTENCY_UNSET
#define	LOCK_PFN(OLDIRQL)
#define	LOCK_PFN_WITH_TRY(OLDIRQL)
#define	UNLOCK_PFN(OLDIRQL)
#define	LOCK_PFN2(OLDIRQL)
#define	UNLOCK_PFN2(OLDIRQL)
#define	UNLOCK_PFN_AND_THEN_WAIT(OLDIRQL)
#define	LOCK_AWE(PROCESS, OldIrql)   ExAcquireSpinLock(&((PROCESS)->AweLock), &OldIrql)
#define	UNLOCK_AWE(PROCESS, OldIrql)   ExReleaseSpinLock(&((PROCESS)->AweLock), OldIrql)
#define	SYSLOAD_LOCK_OWNED_BY_ME()
#define	MM_PFN_LOCK_ASSERT()
#define	MM_SET_EXPANSION_OWNER()
#define	MM_CLEAR_EXPANSION_OWNER()
#define	LOCK_EXPANSION(OLDIRQL)
#define	UNLOCK_EXPANSION(OLDIRQL)
#define	UNLOCK_EXPANSION_AND_THEN_WAIT(OLDIRQL)
#define	LOCK_EXPANSION_IF_ALPHA(OLDIRQL)
#define	UNLOCK_EXPANSION_IF_ALPHA(OLDIRQL)
#define	LOCK_SYSTEM_WS(OLDIRQL)
#define	UNLOCK_SYSTEM_WS(OLDIRQL)
#define	UNLOCK_SYSTEM_WS_NO_IRQL()
#define	MM_SYSTEM_WS_LOCK_ASSERT()   ASSERT (PsGetCurrentThread() == MmSystemLockOwner);
#define	LOCK_HYPERSPACE(OLDIRQL)   ExAcquireSpinLock ( &(PsGetCurrentProcess())->HyperSpaceLock, OLDIRQL );
#define	UNLOCK_HYPERSPACE(OLDIRQL)   ExReleaseSpinLock ( &(PsGetCurrentProcess())->HyperSpaceLock, OLDIRQL );
#define	MI_WS_OWNER(PROCESS)   1
#define	MI_NOT_WS_OWNER(PROCESS)   1
#define	MI_MUTEX_ACQUIRED_UNSAFE   0x88
#define	MI_IS_WS_UNSAFE(PROCESS)   ((PROCESS)->WorkingSetLock.OldIrql == MI_MUTEX_ACQUIRED_UNSAFE)
#define	LOCK_WS(PROCESS)
#define	LOCK_WS_UNSAFE(PROCESS)
#define	MI_MUST_BE_UNSAFE(PROCESS)
#define	MI_MUST_BE_SAFE(PROCESS)
#define	UNLOCK_WS(PROCESS)
#define	UNLOCK_WS_UNSAFE(PROCESS)
#define	LOCK_ADDRESS_SPACE(PROCESS)   ExAcquireFastMutex( &((PROCESS)->AddressCreationLock))
#define	LOCK_WS_AND_ADDRESS_SPACE(PROCESS)
#define	UNLOCK_WS_AND_ADDRESS_SPACE(PROCESS)
#define	UNLOCK_ADDRESS_SPACE(PROCESS)   ExReleaseFastMutex( &((PROCESS)->AddressCreationLock))
#define	UNLOCK_WS_REGARDLESS(PROCESS, WSHELDSAFE)
#define	LOCK_WS_REGARDLESS(PROCESS, WSHELDSAFE)
#define	ZERO_LARGE(LargeInteger)
#define	MI_CHECK_BIT(ARRAY, BIT)   (((ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] >> ((BIT) & 0x1F)) & 1)
#define	MI_SET_BIT(ARRAY, BIT)   (ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] |= (1 << ((BIT) & 0x1F))
#define	MI_CLEAR_BIT(ARRAY, BIT)   (ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] &= ~(1 << ((BIT) & 0x1F))
#define	MI_MAGIC_AWE_PTEFRAME   0xffffedcb
#define	MI_PFN_IS_AWE(Pfn1)
#define	StartOfAllocation   ReadInProgress
#define	EndOfAllocation   WriteInProgress
#define	LargeSessionAllocation   PrototypePte
#define	MI_CAPTURE_USED_PAGETABLE_ENTRIES(PFN)
#define	MI_RETRIEVE_USED_PAGETABLE_ENTRIES_FROM_PTE(RBL, PTE)
#define	MI_ZERO_USED_PAGETABLE_ENTRIES_IN_INPAGE_SUPPORT(INPAGE_SUPPORT)
#define	MI_ZERO_USED_PAGETABLE_ENTRIES_IN_PFN(PFN)
#define	MI_INSERT_USED_PAGETABLE_ENTRIES_IN_PFN(PFN, INPAGE_SUPPORT)
#define	MI_GET_USED_PTES_HANDLE(VA)   ((PVOID)&MmWorkingSetList->UsedPageTableEntries[MiGetPpePdeOffset(VA)])
#define	MI_GET_USED_PTES_FROM_HANDLE(PDSHORT)   ((ULONG)(*(PUSHORT)(PDSHORT)))
#define	MI_INCREMENT_USED_PTES_BY_HANDLE(PDSHORT)
#define	MI_DECREMENT_USED_PTES_BY_HANDLE(PDSHORT)
#define	MI_MARK_PFN_AS_LOCK_CHARGED(Pfn, CallerId)
#define	MI_UNMARK_PFN_AS_LOCK_CHARGED(Pfn, CallerId)
#define	MI_ADD_LOCKED_PAGE_CHARGE(Pfn, CallerId)
#define	MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE(Pfn, CallerId)
#define	MI_ADD_LOCKED_PAGE_CHARGE_FOR_TRANSITION_PAGE(Pfn, CallerId)
#define	MI_REMOVE_LOCKED_PAGE_CHARGE(Pfn, CallerId)
#define	MI_ZERO_WSINDEX(Pfn)   Pfn->u1.Event = NULL;
#define	MI_WSLE_HASH(Address, Wsl)
#define	MI_GET_PROTECTION_FROM_WSLE(Wsl)   ((Wsl)->u1.e1.Protection)
#define	MI_USE_AGE_COUNT   4
#define	MI_USE_AGE_MAX   (MI_USE_AGE_COUNT - 1)
#define	MI_REPLACEMENT_FREE_GROWTH_SHIFT   5
#define	MI_REPLACEMENT_CLAIM_THRESHOLD_SHIFT   3
#define	MI_REPLACEMENT_EAVAIL_THRESHOLD_SHIFT   3
#define	MI_IMMEDIATE_REPLACEMENT_AGE   2
#define	MI_MAX_TRIM_PASSES   4
#define	MI_PASS0_TRIM_AGE   2
#define	MI_PASS1_TRIM_AGE   1
#define	MI_PASS2_TRIM_AGE   1
#define	MI_PASS3_TRIM_AGE   1
#define	MI_PASS4_TRIM_AGE   0
#define	MI_TRIM_AGE_THRESHOLD   2
#define	MI_FOREGROUND_CLAIM_AVAILABLE_SHIFT   3
#define	MI_BACKGROUND_CLAIM_AVAILABLE_SHIFT   1
#define	MI_CALC_NEXT_ESTIMATION_SLOT_CONST(NextEstimationSlotConst, WorkingSetList)   (NextEstimationSlotConst).Stride = 1 << MiEstimationShift;
#define	MI_NEXT_VALID_ESTIMATION_SLOT(Previous, StartEntry, Minimum, Maximum, NextEstimationSlotConst, Wsle)
#define	MI_NEXT_VALID_AGING_SLOT(Previous, Minimum, Maximum, Wsle)
#define	MI_CALCULATE_USAGE_ESTIMATE(SampledAgeCounts)
#define	MI_RESET_WSLE_AGE(PointerPte, Wsle)   (Wsle)->u1.e1.Age = 0;
#define	MI_GET_WSLE_AGE(PointerPte, Wsle)   ((Wsle)->u1.e1.Age)
#define	MI_INC_WSLE_AGE(PointerPte, Wsle)
#define	MI_UPDATE_USE_ESTIMATE(PointerPte, Wsle, SampledAgeCounts)   (SampledAgeCounts)[(Wsle)->u1.e1.Age] += 1;
#define	MI_WS_GROWING_TOO_FAST(VmSupport)
#define	SECTION_BASE_ADDRESS(_NtSection)   (*((PVOID *)&(_NtSection)->PointerToRelocations))
#define	MI_MAXIMUM_SECTION_SIZE   ((UINT64)16*1024*1024*1024*1024*1024 - (1<<MM4K_SHIFT))
#define	Mi4KStartForSubsection(address, subsection)
#define	Mi4KStartFromSubsection(address, subsection)
#define	MI_EXTEND_ANY_PAGEFILE   ((ULONG)-1)
#define	SUBSECTION_READ_ONLY   1L
#define	SUBSECTION_READ_WRITE   2L
#define	SUBSECTION_COPY_ON_WRITE   4L
#define	SUBSECTION_SHARE_ALLOW   8L
#define	COMMIT_SIZE   19
#define	MM_MAX_COMMIT   (((ULONG_PTR) 1 << COMMIT_SIZE) - 1)
#define	MM_VIEW_UNMAP   0
#define	MM_VIEW_SHARE   1
#define	MI_GET_PROTECTION_FROM_VAD(_Vad)   ((ULONG)(_Vad)->u.VadFlags.Protection)
#define	MI_PHYSICAL_VIEW_KEY   'vpmM'
#define	MI_WRITEWATCH_VIEW_KEY   'wWmM'
#define	MiCreateBitMap(BMH, S, P)
#define	MiRemoveBitMap(BMH)
#define	MI_INITIALIZE_ZERO_MDL(MDL)
#define	MM_PAGING_FILE_MDLS   2
#define	MM_SYS_PTE_TABLES_MAX   5
#define	LOCK_SYSTEM_VIEW_SPACE(_Session)   ExAcquireFastMutex (_Session->SystemSpaceViewLockPointer)
#define	UNLOCK_SYSTEM_VIEW_SPACE(_Session)   ExReleaseFastMutex (_Session->SystemSpaceViewLockPointer)
#define	MI_UNLOADED_DRIVERS   50
#define	MiDecrementShareCountOnly(P)   MiDecrementShareCount(P)
#define	MiDecrementShareAndValidCount(P)   MiDecrementShareCount(P)
#define	MiRemoveZeroPageIfAny(COLOR)
#define	MiUnmapPageInHyperSpace(OLDIRQL)   UNLOCK_HYPERSPACE(OLDIRQL)
#define	MiMakePpeExistAndMakeValid(PDE, PROCESS, PFNMUTEXHELD)
#define	MiGetProtoPteAddress(VAD, VPN)
#define	STATUS_MAPPED_WRITER_COLLISION   (0xC0033333)
#define	MM_SPECIAL_POOL_PTES   25000
#define	MI_SUSPECT_DRIVER_BUFFER_LENGTH   512
#define	VI_POOL_FREELIST_END   ((ULONG_PTR)-1)
#define	MI_VERIFIER_ENTRY_SIGNATURE   0x98761940
#define	VI_VERIFYING_DIRECTLY   0x1
#define	VI_VERIFYING_INVERSELY   0x2
#define	MM_TRACK_COMMIT(_index, bump)
#define	MI_FREED_SPECIAL_POOL_SIGNATURE   0x98764321
#define	MI_STACK_BYTES   1024
#define	MM_DBG_COMMIT_NONPAGED_POOL_EXPANSION   0
#define	MM_DBG_COMMIT_PAGED_POOL_PAGETABLE   1
#define	MM_DBG_COMMIT_PAGED_POOL_PAGES   2
#define	MM_DBG_COMMIT_SESSION_POOL_PAGE_TABLES   3
#define	MM_DBG_COMMIT_ALLOCVM1   4
#define	MM_DBG_COMMIT_ALLOCVM2   5
#define	MM_DBG_COMMIT_IMAGE   6
#define	MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM   7
#define	MM_DBG_COMMIT_INDEPENDENT_PAGES   8
#define	MM_DBG_COMMIT_CONTIGUOUS_PAGES   9
#define	MM_DBG_COMMIT_MDL_PAGES   10
#define	MM_DBG_COMMIT_NONCACHED_PAGES   11
#define	MM_DBG_COMMIT_MAPVIEW_DATA   12
#define	MM_DBG_COMMIT_FILL_SYSTEM_DIRECTORY   13
#define	MM_DBG_COMMIT_EXTRA_SYSTEM_PTES   14
#define	MM_DBG_COMMIT_DRIVER_PAGING_AT_INIT   15
#define	MM_DBG_COMMIT_PAGEFILE_FULL   16
#define	MM_DBG_COMMIT_PROCESS_CREATE   17
#define	MM_DBG_COMMIT_KERNEL_STACK_CREATE   18
#define	MM_DBG_COMMIT_SET_PROTECTION   19
#define	MM_DBG_COMMIT_SESSION_CREATE   20
#define	MM_DBG_COMMIT_SESSION_IMAGE_PAGES   21
#define	MM_DBG_COMMIT_SESSION_PAGETABLE_PAGES   22
#define	MM_DBG_COMMIT_SESSION_SHARED_IMAGE   23
#define	MM_DBG_COMMIT_DRIVER_PAGES   24
#define	MM_DBG_COMMIT_INSERT_VAD   25
#define	MM_DBG_COMMIT_SESSION_WS_INIT   26
#define	MM_DBG_COMMIT_SESSION_ADDITIONAL_WS_PAGES   27
#define	MM_DBG_COMMIT_SESSION_ADDITIONAL_WS_HASHPAGES   28
#define	MM_DBG_COMMIT_RETURN_NONPAGED_POOL_EXPANSION   29
#define	MM_DBG_COMMIT_RETURN_PAGED_POOL_PAGES   30
#define	MM_DBG_COMMIT_RETURN_SESSION_POOL_PAGE_TABLES   31
#define	MM_DBG_COMMIT_RETURN_ALLOCVM1   32
#define	MM_DBG_COMMIT_RETURN_ALLOCVM2   33
#define	MM_DBG_COMMIT_RETURN_ALLOCVM3   34
#define	MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA   35
#define	MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM   36
#define	MM_DBG_COMMIT_RETURN_NTFREEVM1   37
#define	MM_DBG_COMMIT_RETURN_NTFREEVM2   38
#define	MM_DBG_COMMIT_RETURN_NTFREEVM3   39
#define	MM_DBG_COMMIT_RETURN_NTFREEVM4   40
#define	MM_DBG_COMMIT_RETURN_MDL_PAGES   41
#define	MM_DBG_COMMIT_RETURN_NONCACHED_PAGES   42
#define	MM_DBG_COMMIT_RETURN_MAPVIEW_DATA   43
#define	MM_DBG_COMMIT_RETURN_PAGETABLES   44
#define	MM_DBG_COMMIT_RETURN_PROTECTION   45
#define	MM_DBG_COMMIT_RETURN_SEGMENT_DELETE1   46
#define	MM_DBG_COMMIT_RETURN_SEGMENT_DELETE2   47
#define	MM_DBG_COMMIT_RETURN_SESSION_CREATE_FAILURE1   48
#define	MM_DBG_COMMIT_RETURN_SESSION_DEREFERENCE   49
#define	MM_DBG_COMMIT_RETURN_SESSION_IMAGE_FAILURE1   50
#define	MM_DBG_COMMIT_RETURN_SESSION_PAGETABLE_PAGES   51
#define	MM_DBG_COMMIT_RETURN_VAD   52
#define	MM_DBG_COMMIT_RETURN_SESSION_WSL_FAILURE   54
#define	MM_DBG_COMMIT_RETURN_PROCESS_CREATE_FAILURE1   55
#define	MM_DBG_COMMIT_RETURN_PROCESS_DELETE   56
#define	MM_DBG_COMMIT_RETURN_PROCESS_CLEAN_PAGETABLES   57
#define	MM_DBG_COMMIT_RETURN_KERNEL_STACK_FAILURE1   58
#define	MM_DBG_COMMIT_RETURN_KERNEL_STACK_FAILURE2   59
#define	MM_DBG_COMMIT_RETURN_KERNEL_STACK_DELETE   60
#define	MM_DBG_COMMIT_RETURN_SESSION_DRIVER_LOAD_FAILURE1   61
#define	MM_DBG_COMMIT_RETURN_DRIVER_INIT_CODE   62
#define	MM_DBG_COMMIT_RETURN_DRIVER_UNLOAD   63
#define	MM_DBG_COMMIT_RETURN_DRIVER_UNLOAD1   64
#define	MM_BUMP_COUNTER_MAX   60
#define	MM_BUMP_COUNTER(_index, bump)
#define	MI_NONPAGABLE_MEMORY_AVAILABLE()
#define	MI_MAX_FREE_LIST_HEADS   4
#define	MI_UNUSED_SEGMENTS_COUNT_UPDATE(_count)   MmUnusedSegmentCount += (_count);
#define	MI_FILESYSTEM_NONPAGED_POOL_CHARGE   150
#define	MI_FILESYSTEM_PAGED_POOL_CHARGE   1024
#define	MI_UNUSED_SEGMENTS_SURPLUS()
#define	MI_UNUSED_SEGMENTS_INSERT_CHARGE(_ControlArea)
#define	MI_UNUSED_SEGMENTS_REMOVE_CHARGE(_ControlArea)
#define	MM_MAPPED_FILE_MDLS   4
#define	HYDRA_PROCESS   ((PEPROCESS)1)
#define	MI_SESSION_SPACE_STRUCT_SIZE   MM_ALLOCATION_GRANULARITY
#define	MI_SESSION_SPACE_WS_SIZE   (4*1024*1024 - MI_SESSION_SPACE_STRUCT_SIZE)
#define	MI_SESSION_IMAGE_SIZE   (8*1024*1024)
#define	MI_SESSION_VIEW_SIZE   (20*1024*1024)
#define	MI_SESSION_POOL_SIZE   (16*1024*1024)
#define	MM_SESSION_SPACE_DATA_SIZE   PAGE_SIZE
#define	MI_SESSION_SPACE_TOTAL_SIZE
#define	MI_SESSION_MAXIMUM_WORKING_SET   ((ULONG)(MI_SESSION_SPACE_TOTAL_SIZE >> PAGE_SHIFT))
#define	MI_SESSION_SPACE_PAGE_TABLES   (MI_SESSION_SPACE_TOTAL_SIZE / MM_VA_MAPPED_BY_PDE)
#define	MI_SESSION_IMAGE_OFFSET   (0)
#define	MI_SESSION_DATA_OFFSET   (8*1024*1024)
#define	MI_SESSION_WS_OFFSET   (8*1024*1024 + MI_SESSION_SPACE_STRUCT_SIZE)
#define	MI_SESSION_VIEW_OFFSET   (12*1024*1024)
#define	MI_SESSION_POOL_OFFSET   (32*1024*1024)
#define	MI_SESSION_IMAGE_START   ((ULONG_PTR)MmSessionBase)
#define	MI_SESSION_SPACE_WS   (MmSessionBase + MI_SESSION_WS_OFFSET)
#define	MI_SESSION_VIEW_START   (MmSessionBase + MI_SESSION_VIEW_OFFSET)
#define	MI_SESSION_POOL   (MmSessionBase + MI_SESSION_POOL_OFFSET)
#define	MI_SESSION_SPACE_END
#define	MI_IS_SESSION_IMAGE_ADDRESS(VirtualAddress)   (MiHydra == TRUE && (PVOID)(VirtualAddress) >= (PVOID)MI_SESSION_IMAGE_START && (PVOID)(VirtualAddress) < (PVOID)(MI_SESSION_IMAGE_START + MI_SESSION_IMAGE_SIZE))
#define	MI_IS_SESSION_POOL_ADDRESS(VirtualAddress)   (MiHydra == TRUE && (PVOID)(VirtualAddress) >= (PVOID)MI_SESSION_POOL && (PVOID)(VirtualAddress) < (PVOID)(MI_SESSION_POOL + MI_SESSION_POOL_SIZE))
#define	MI_IS_SESSION_ADDRESS(_VirtualAddress)   (MiHydra == TRUE && (PVOID)(_VirtualAddress) >= (PVOID)MmSessionBase && (PVOID)(_VirtualAddress) < (PVOID)(MI_SESSION_SPACE_END))
#define	MI_IS_SESSION_PTE(_Pte)   (MiHydra == TRUE && (PMMPTE)(_Pte) >= MiSessionBasePte && (PMMPTE)(_Pte) < MiSessionLastPte)
#define	SESSION_GLOBAL(_Session)   (_Session->GlobalVirtualAddress)
#define	MM_DBG_SESSION_INITIAL_PAGETABLE_ALLOC   0
#define	MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_RACE   1
#define	MM_DBG_SESSION_INITIAL_PAGE_ALLOC   2
#define	MM_DBG_SESSION_INITIAL_PAGE_FREE_FAIL1   3
#define	MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_FAIL1   4
#define	MM_DBG_SESSION_WS_PAGE_FREE   5
#define	MM_DBG_SESSION_PAGETABLE_ALLOC   6
#define	MM_DBG_SESSION_SYSMAPPED_PAGES_ALLOC   7
#define	MM_DBG_SESSION_WS_PAGETABLE_ALLOC   8
#define	MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC   9
#define	MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_FREE_FAIL1   10
#define	MM_DBG_SESSION_WS_PAGE_ALLOC   11
#define	MM_DBG_SESSION_WS_PAGE_ALLOC_GROWTH   12
#define	MM_DBG_SESSION_INITIAL_PAGE_FREE   13
#define	MM_DBG_SESSION_PAGETABLE_FREE   14
#define	MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC1   15
#define	MM_DBG_SESSION_DRIVER_PAGES_LOCKED   16
#define	MM_DBG_SESSION_DRIVER_PAGES_UNLOCKED   17
#define	MM_DBG_SESSION_WS_HASHPAGE_ALLOC   18
#define	MM_DBG_SESSION_SYSMAPPED_PAGES_COMMITTED   19
#define	MM_DBG_SESSION_COMMIT_PAGEDPOOL_PAGES   30
#define	MM_DBG_SESSION_COMMIT_DELETE_VM_RETURN   31
#define	MM_DBG_SESSION_COMMIT_POOL_FREED   32
#define	MM_DBG_SESSION_COMMIT_IMAGE_UNLOAD   33
#define	MM_DBG_SESSION_COMMIT_IMAGELOAD_FAILED1   34
#define	MM_DBG_SESSION_COMMIT_IMAGELOAD_FAILED2   35
#define	MM_DBG_SESSION_COMMIT_IMAGELOAD_NOACCESS   36
#define	MM_BUMP_SESS_COUNTER(_index, bump)
#define	MM_SNAP_SESS_MEMORY_COUNTERS(_index)
#define	MM_SESSION_FAILURE_NO_IDS   0
#define	MM_SESSION_FAILURE_NO_COMMIT   1
#define	MM_SESSION_FAILURE_NO_RESIDENT   2
#define	MM_SESSION_FAILURE_RACE_DETECTED   3
#define	MM_SESSION_FAILURE_NO_SYSPTES   4
#define	MM_SESSION_FAILURE_NO_PAGED_POOL   5
#define	MM_SESSION_FAILURE_NO_NONPAGED_POOL   6
#define	MM_SESSION_FAILURE_NO_IMAGE_VA_SPACE   7
#define	MM_SESSION_FAILURE_NO_SESSION_PAGED_POOL   8
#define	MM_SESSION_FAILURE_CAUSES   9
#define	MM_BUMP_SESSION_FAILURES(_index)   MmSessionFailureCauses[_index] += 1;
#define	MI_FLUSH_SESSION_TB(OLDIRQL)
#define	MM_SET_SESSION_LOCK_OWNER()
#define	MM_CLEAR_SESSION_LOCK_OWNER()
#define	LOCK_SESSION(OLDIRQL)
#define	UNLOCK_SESSION(OLDIRQL)
#define	MI_SESSION_SPACE_WORKING_SET_MINIMUM   20
#define	MI_SESSION_SPACE_WORKING_SET_MAXIMUM   384
#define	MM_SET_SESSION_RESOURCE_OWNER()
#define	MM_CLEAR_SESSION_RESOURCE_OWNER()
#define	MM_SESSION_SPACE_WS_LOCK_ASSERT()   ASSERT (MmSessionSpace->WorkingSetLockOwner == PsGetCurrentThread())
#define	LOCK_SESSION_SPACE_WS(OLDIRQL)
#define	UNLOCK_SESSION_SPACE_WS(OLDIRQL)
#define	MiGetPdeSessionIndex(va)   ((ULONG)(((ULONG_PTR)(va) - (ULONG_PTR)MmSessionBase) >> PDI_SHIFT))
#define	MI_GET_DIRECTORY_FRAME_FROM_PROCESS(_Process)   MI_GET_PAGE_FRAME_FROM_PTE((PMMPTE)(&((_Process)->Pcb.DirectoryTableBase[0])))
Typedefs
typedef ULONG	WSLE_NUMBER
typedef ULONG *	PWSLE_NUMBER
typedef _MMPFNENTRY	MMPFNENTRY
typedef _MMPFN	MMPFN
typedef _MMPFN *	PMMPFN
typedef enum _MMSHARE_TYPE	MMSHARE_TYPE
typedef _MMWSLE_HASH	MMWSLE_HASH
typedef _MMWSLE_HASH *	PMMWSLE_HASH
typedef _MMWSLENTRY	MMWSLENTRY
typedef _MMWSLE	MMWSLE
typedef MMWSLE *	PMMWSLE
typedef _MMWSL	MMWSL
typedef _MMWSL *	PMMWSL
typedef _MI_NEXT_ESTIMATION_SLOT_CONST	MI_NEXT_ESTIMATION_SLOT_CONST
typedef enum _SECTION_CHECK_TYPE	SECTION_CHECK_TYPE
typedef _MMEXTEND_INFO	MMEXTEND_INFO
typedef _MMEXTEND_INFO *	PMMEXTEND_INFO
typedef _SEGMENT	SEGMENT
typedef _SEGMENT *	PSEGMENT
typedef _EVENT_COUNTER	EVENT_COUNTER
typedef _EVENT_COUNTER *	PEVENT_COUNTER
typedef _MMSECTION_FLAGS	MMSECTION_FLAGS
typedef _CONTROL_AREA	CONTROL_AREA
typedef _CONTROL_AREA *	PCONTROL_AREA
typedef _LARGE_CONTROL_AREA	LARGE_CONTROL_AREA
typedef _LARGE_CONTROL_AREA *	PLARGE_CONTROL_AREA
typedef _MMSUBSECTION_FLAGS	MMSUBSECTION_FLAGS
typedef _SUBSECTION	SUBSECTION
typedef _SUBSECTION *	PSUBSECTION
typedef _MMDEREFERENCE_SEGMENT_HEADER	MMDEREFERENCE_SEGMENT_HEADER
typedef _MMPAGE_FILE_EXPANSION	MMPAGE_FILE_EXPANSION
typedef _MMPAGE_FILE_EXPANSION *	PMMPAGE_FILE_EXPANSION
typedef _MMWORKING_SET_EXPANSION_HEAD	MMWORKING_SET_EXPANSION_HEAD
typedef _MMFLUSH_BLOCK	MMFLUSH_BLOCK
typedef _MMFLUSH_BLOCK *	PMMFLUSH_BLOCK
typedef _MMINPAGE_SUPPORT	MMINPAGE_SUPPORT
typedef _MMINPAGE_SUPPORT *	PMMINPAGE_SUPPORT
typedef _MMPAGE_READ	MMPAGE_READ
typedef _MMPAGE_READ *	PMMPAGE_READ
typedef _MMADDRESS_NODE	MMADDRESS_NODE
typedef _MMADDRESS_NODE *	PMMADDRESS_NODE
typedef _SECTION	SECTION
typedef _SECTION *	PSECTION
typedef _MMBANKED_SECTION	MMBANKED_SECTION
typedef _MMBANKED_SECTION *	PMMBANKED_SECTION
typedef _MMVAD_FLAGS	MMVAD_FLAGS
typedef _MMVAD_FLAGS2	MMVAD_FLAGS2
typedef _MMADDRESS_LIST	MMADDRESS_LIST
typedef _MMADDRESS_LIST *	PMMADDRESS_LIST
typedef _MMSECURE_ENTRY	MMSECURE_ENTRY
typedef _MMSECURE_ENTRY *	PMMSECURE_ENTRY
typedef _MMVAD	MMVAD
typedef _MMVAD *	PMMVAD
typedef _MMVAD_SHORT	MMVAD_SHORT
typedef _MMVAD_SHORT *	PMMVAD_SHORT
typedef _MI_PHYSICAL_VIEW	MI_PHYSICAL_VIEW
typedef _MI_PHYSICAL_VIEW *	PMI_PHYSICAL_VIEW
typedef _MMCLONE_BLOCK	MMCLONE_BLOCK
typedef MMCLONE_BLOCK *	PMMCLONE_BLOCK
typedef _MMCLONE_HEADER	MMCLONE_HEADER
typedef _MMCLONE_HEADER *	PMMCLONE_HEADER
typedef _MMCLONE_DESCRIPTOR	MMCLONE_DESCRIPTOR
typedef _MMCLONE_DESCRIPTOR *	PMMCLONE_DESCRIPTOR
typedef _MMMOD_WRITER_LISTHEAD	MMMOD_WRITER_LISTHEAD
typedef _MMMOD_WRITER_LISTHEAD *	PMMMOD_WRITER_LISTHEAD
typedef _MMMOD_WRITER_MDL_ENTRY	MMMOD_WRITER_MDL_ENTRY
typedef _MMMOD_WRITER_MDL_ENTRY *	PMMMOD_WRITER_MDL_ENTRY
typedef _MMPAGING_FILE	MMPAGING_FILE
typedef _MMPAGING_FILE *	PMMPAGING_FILE
typedef _MMINPAGE_SUPPORT_LIST	MMINPAGE_SUPPORT_LIST
typedef _MMINPAGE_SUPPORT_LIST *	PMMINPAGE_SUPPORT_LIST
typedef _MMEVENT_COUNT_LIST	MMEVENT_COUNT_LIST
typedef _MMEVENT_COUNT_LIST *	PMMEVENT_COUNT_LIST
typedef enum _MMSYSTEM_PTE_POOL_TYPE	MMSYSTEM_PTE_POOL_TYPE
typedef _MMFREE_POOL_ENTRY	MMFREE_POOL_ENTRY
typedef _MMFREE_POOL_ENTRY *	PMMFREE_POOL_ENTRY
typedef _MMLOCK_CONFLICT	MMLOCK_CONFLICT
typedef _MMLOCK_CONFLICT *	PMMLOCK_CONFLICT
typedef _MMVIEW	MMVIEW
typedef _MMVIEW *	PMMVIEW
typedef _MMSESSION	MMSESSION
typedef _MMSESSION *	PMMSESSION
typedef _MMPTE_FLUSH_LIST	MMPTE_FLUSH_LIST
typedef _MMPTE_FLUSH_LIST *	PMMPTE_FLUSH_LIST
typedef _LOCK_TRACKER	LOCK_TRACKER
typedef _LOCK_TRACKER *	PLOCK_TRACKER
typedef _LOCK_HEADER	LOCK_HEADER
typedef _LOCK_HEADER *	PLOCK_HEADER
typedef _UNLOADED_DRIVERS	UNLOADED_DRIVERS
typedef _UNLOADED_DRIVERS *	PUNLOADED_DRIVERS
typedef _VI_POOL_ENTRY_INUSE	VI_POOL_ENTRY_INUSE
typedef _VI_POOL_ENTRY_INUSE *	PVI_POOL_ENTRY_INUSE
typedef _VI_POOL_ENTRY	VI_POOL_ENTRY
typedef _VI_POOL_ENTRY *	PVI_POOL_ENTRY
typedef _MI_VERIFIER_DRIVER_ENTRY	MI_VERIFIER_DRIVER_ENTRY
typedef _MI_VERIFIER_DRIVER_ENTRY *	PMI_VERIFIER_DRIVER_ENTRY
typedef _MI_VERIFIER_POOL_HEADER	MI_VERIFIER_POOL_HEADER
typedef _MI_VERIFIER_POOL_HEADER *	PMI_VERIFIER_POOL_HEADER
typedef _MM_DRIVER_VERIFIER_DATA	MM_DRIVER_VERIFIER_DATA
typedef _MM_DRIVER_VERIFIER_DATA *	PMM_DRIVER_VERIFIER_DATA
typedef _MI_FREED_SPECIAL_POOL	MI_FREED_SPECIAL_POOL
typedef _MI_FREED_SPECIAL_POOL *	PMI_FREED_SPECIAL_POOL
typedef _MM_PAGED_POOL_INFO	MM_PAGED_POOL_INFO
typedef _MM_PAGED_POOL_INFO *	PMM_PAGED_POOL_INFO
typedef _MM_SESSION_SPACE_FLAGS	MM_SESSION_SPACE_FLAGS
typedef _MM_SESSION_SPACE	MM_SESSION_SPACE
typedef _MM_SESSION_SPACE *	PMM_SESSION_SPACE
typedef _IMAGE_ENTRY_IN_SESSION	IMAGE_ENTRY_IN_SESSION
typedef _IMAGE_ENTRY_IN_SESSION *	PIMAGE_ENTRY_IN_SESSION
Enumerations
enum	_MMSHARE_TYPE { Normal, ShareCountOnly, AndValid }
enum	_SECTION_CHECK_TYPE { CheckDataSection, CheckImageSection, CheckUserDataSection, CheckBothSection }
enum	_MMSYSTEM_PTE_POOL_TYPE { SystemPteSpace, NonPagedPoolExpansion, MaximumPtePoolTypes }
Functions
VOID	MiCaptureWriteWatchDirtyBit (IN PEPROCESS Process, IN PVOID VirtualAddress)
VOID	MiMarkProcessAsWriteWatch (IN PEPROCESS Process)
VOID	MiRemoveConflictFromList (IN PMMLOCK_CONFLICT Conflict)
VOID	MiInsertConflictInList (IN PMMLOCK_CONFLICT Conflict)
VOID	MiInitMachineDependent (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
VOID	MiBuildPagedPool (VOID)
VOID	MiInitializeNonPagedPool (VOID)
BOOLEAN	MiInitializeSystemSpaceMap (PVOID Session OPTIONAL)
VOID	MiFindInitializationCode (OUT PVOID *StartVa, OUT PVOID *EndVa)
VOID	MiFreeInitializationCode (IN PVOID StartVa, IN PVOID EndVa)
ULONG	MiSectionInitialization (VOID)
VOID FASTCALL	MiDecrementReferenceCount (IN PFN_NUMBER PageFrameIndex)
VOID FASTCALL	MiDecrementShareCount (IN PFN_NUMBER PageFrameIndex)
VOID FASTCALL	MiInsertPageInList (IN PMMPFNLIST ListHead, IN PFN_NUMBER PageFrameIndex)
VOID FASTCALL	MiInsertStandbyListAtFront (IN PFN_NUMBER PageFrameIndex)
PFN_NUMBER FASTCALL	MiRemovePageFromList (IN PMMPFNLIST ListHead)
VOID FASTCALL	MiUnlinkPageFromList (IN PMMPFN Pfn)
VOID	MiUnlinkFreeOrZeroedPage (IN PFN_NUMBER Page)
VOID FASTCALL	MiInsertFrontModifiedNoWrite (IN PFN_NUMBER PageFrameIndex)
ULONG FASTCALL	MiEnsureAvailablePageOrWait (IN PEPROCESS Process, IN PVOID VirtualAddress)
PFN_NUMBER FASTCALL	MiRemoveZeroPage (IN ULONG PageColor)
PFN_NUMBER FASTCALL	MiRemoveAnyPage (IN ULONG PageColor)
PVOID	MiFindContiguousMemory (IN PFN_NUMBER LowestPfn, IN PFN_NUMBER HighestPfn, IN PFN_NUMBER BoundaryPfn, IN PFN_NUMBER SizeInPages, IN PVOID CallingAddress)
PVOID	MiCheckForContiguousMemory (IN PVOID BaseAddress, IN PFN_NUMBER BaseAddressPages, IN PFN_NUMBER SizeInPages, IN PFN_NUMBER LowestPfn, IN PFN_NUMBER HighestPfn, IN PFN_NUMBER BoundaryPfn)
VOID	MiInitializePfn (IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN ULONG ModifiedState)
VOID	MiInitializePfnForOtherProcess (IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN PFN_NUMBER ContainingPageFrame)
VOID	MiInitializeCopyOnWritePfn (IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN WSLE_NUMBER WorkingSetIndex, IN PVOID SessionSpace)
VOID	MiInitializeTransitionPfn (IN PFN_NUMBER PageFrameIndex, IN PMMPTE PointerPte, IN WSLE_NUMBER WorkingSetIndex)
VOID	MiFlushInPageSupportBlock ()
VOID	MiFreeInPageSupportBlock (IN PMMINPAGE_SUPPORT Support)
VOID FASTCALL	MiZeroPhysicalPage (IN PFN_NUMBER PageFrameIndex, IN ULONG Color)
VOID FASTCALL	MiRestoreTransitionPte (IN PFN_NUMBER PageFrameIndex)
PSUBSECTION	MiGetSubsectionAndProtoFromPte (IN PMMPTE PointerPte, IN PMMPTE *ProtoPte, IN PEPROCESS Process)
PVOID	MiMapPageInHyperSpace (IN PFN_NUMBER PageFrameIndex, OUT PKIRQL OldIrql)
PVOID	MiMapImageHeaderInHyperSpace (IN PFN_NUMBER PageFrameIndex)
VOID	MiUnmapImageHeaderInHyperSpace (VOID)
VOID	MiUpdateImageHeaderPage (IN PMMPTE PointerPte, IN PFN_NUMBER PageFrameNumber, IN PCONTROL_AREA ControlArea)
PFN_NUMBER	MiGetPageForHeader (VOID)
VOID	MiRemoveImageHeaderPage (IN PFN_NUMBER PageFrameNumber)
PVOID	MiMapPageToZeroInHyperSpace (IN PFN_NUMBER PageFrameIndex)
NTSTATUS	MiGetWritablePagesInSection (IN PSECTION Section, OUT PULONG WritablePages)
PMMPTE	MiReserveSystemPtes (IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPteType, IN ULONG Alignment, IN ULONG Offset, IN ULONG BugCheckOnFailure)
VOID	MiReleaseSystemPtes (IN PMMPTE StartingPte, IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPteType)
VOID	MiInitializeSystemPtes (IN PMMPTE StartingPte, IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPteType)
VOID	MiAddMappedPtes (IN PMMPTE FirstPte, IN ULONG NumberOfPtes, IN PCONTROL_AREA ControlArea)
VOID	MiInitializeIoTrackers (VOID)
PVOID	MiMapSinglePage (IN PVOID VirtualAddress OPTIONAL, IN PFN_NUMBER PageFrameIndex, IN MEMORY_CACHING_TYPE CacheType, IN MM_PAGE_PRIORITY Priority)
VOID	MiUnmapSinglePage (IN PVOID BaseAddress)
NTSTATUS	MiDispatchFault (IN BOOLEAN StoreInstrution, IN PVOID VirtualAdress, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN PEPROCESS Process, OUT PLOGICAL ApcNeeded)
NTSTATUS	MiResolveDemandZeroFault (IN PVOID VirtualAddress, IN PMMPTE PointerPte, IN PEPROCESS Process, IN ULONG PrototypePte)
NTSTATUS	MiResolveTransitionFault (IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN PEPROCESS Process, IN ULONG PfnLockHeld, OUT PLOGICAL ApcNeeded)
NTSTATUS	MiResolvePageFileFault (IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN PMMINPAGE_SUPPORT *ReadBlock, IN PEPROCESS Process)
NTSTATUS	MiResolveProtoPteFault (IN BOOLEAN StoreInstruction, IN PVOID VirtualAddress, IN PMMPTE PointerPte, IN PMMPTE PointerProtoPte, IN PMMINPAGE_SUPPORT *ReadBlock, IN PEPROCESS Process, OUT PLOGICAL ApcNeeded)
NTSTATUS	MiResolveMappedFileFault (IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN PMMINPAGE_SUPPORT *ReadBlock, IN PEPROCESS Process)
VOID	MiAddValidPageToWorkingSet (IN PVOID VirtualAddress, IN PMMPTE PointerPte, IN PMMPFN Pfn1, IN ULONG WsleMask)
NTSTATUS	MiWaitForInPageComplete (IN PMMPFN Pfn, IN PMMPTE PointerPte, IN PVOID FaultingAddress, IN PMMPTE PointerPteContents, IN PMMINPAGE_SUPPORT InPageSupport, IN PEPROCESS CurrentProcess)
NTSTATUS FASTCALL	MiCopyOnWrite (IN PVOID FaultingAddress, IN PMMPTE PointerPte)
VOID	MiSetDirtyBit (IN PVOID FaultingAddress, IN PMMPTE PointerPte, IN ULONG PfnHeld)
VOID	MiSetModifyBit (IN PMMPFN Pfn)
PMMPTE	MiFindActualFaultingPte (IN PVOID FaultingAddress)
VOID	MiInitializeReadInProgressPfn (IN PMDL Mdl, IN PMMPTE BasePte, IN PKEVENT Event, IN WSLE_NUMBER WorkingSetIndex)
NTSTATUS	MiAccessCheck (IN PMMPTE PointerPte, IN BOOLEAN WriteOperation, IN KPROCESSOR_MODE PreviousMode, IN ULONG Protection, IN BOOLEAN CallerHoldsPfnLock)
NTSTATUS FASTCALL	MiCheckForUserStackOverflow (IN PVOID FaultingAddress)
PMMPTE	MiCheckVirtualAddress (IN PVOID VirtualAddress, OUT PULONG ProtectCode)
NTSTATUS FASTCALL	MiCheckPdeForPagedPool (IN PVOID VirtualAddress)
VOID	MiInitializeMustSucceedPool (VOID)
PMMADDRESS_NODE FASTCALL	MiGetNextNode (IN PMMADDRESS_NODE Node)
PMMADDRESS_NODE FASTCALL	MiGetPreviousNode (IN PMMADDRESS_NODE Node)
PMMADDRESS_NODE FASTCALL	MiGetFirstNode (IN PMMADDRESS_NODE Root)
PMMADDRESS_NODE	MiGetLastNode (IN PMMADDRESS_NODE Root)
VOID FASTCALL	MiInsertNode (IN PMMADDRESS_NODE Node, IN OUT PMMADDRESS_NODE *Root)
VOID FASTCALL	MiRemoveNode (IN PMMADDRESS_NODE Node, IN OUT PMMADDRESS_NODE *Root)
PMMADDRESS_NODE FASTCALL	MiLocateAddressInTree (IN ULONG_PTR Vpn, IN PMMADDRESS_NODE *Root)
PMMADDRESS_NODE	MiCheckForConflictingNode (IN ULONG_PTR StartVpn, IN ULONG_PTR EndVpn, IN PMMADDRESS_NODE Root)
PVOID	MiFindEmptyAddressRangeInTree (IN SIZE_T SizeOfRange, IN ULONG_PTR Alignment, IN PMMADDRESS_NODE Root, OUT PMMADDRESS_NODE *PreviousVad)
PVOID	MiFindEmptyAddressRangeDownTree (IN SIZE_T SizeOfRange, IN PVOID HighestAddressToEndAt, IN ULONG_PTR Alignment, IN PMMADDRESS_NODE Root)
VOID	NodeTreeWalk (PMMADDRESS_NODE Start)
VOID	MiInsertVad (IN PMMVAD Vad)
VOID	MiRemoveVad (IN PMMVAD Vad)
PMMVAD FASTCALL	MiLocateAddress (IN PVOID Vad)
PVOID	MiFindEmptyAddressRange (IN SIZE_T SizeOfRange, IN ULONG_PTR Alignment, IN ULONG QuickCheck)
NTSTATUS	MiCloneProcessAddressSpace (IN PEPROCESS ProcessToClone, IN PEPROCESS ProcessToInitialize, IN PFN_NUMBER PdePhysicalPage, IN PFN_NUMBER HyperPhysicalPage)
ULONG	MiDecrementCloneBlockReference (IN PMMCLONE_DESCRIPTOR CloneDescriptor, IN PMMCLONE_BLOCK CloneBlock, IN PEPROCESS CurrentProcess)
VOID	MiWaitForForkToComplete (IN PEPROCESS CurrentProcess)
WSLE_NUMBER	MiLocateAndReserveWsle (IN PMMSUPPORT WsInfo)
VOID	MiReleaseWsle (IN WSLE_NUMBER WorkingSetIndex, IN PMMSUPPORT WsInfo)
VOID	MiUpdateWsle (IN PWSLE_NUMBER DesiredIndex, IN PVOID VirtualAddress, IN PMMWSL WorkingSetList, IN PMMPFN Pfn)
VOID	MiInitializeWorkingSetList (IN PEPROCESS CurrentProcess)
VOID	MiGrowWsleHash (IN PMMSUPPORT WsInfo)
ULONG	MiTrimWorkingSet (ULONG Reduction, IN PMMSUPPORT WsInfo, IN ULONG ForcedReduction)
VOID	MiRemoveWorkingSetPages (IN PMMWSL WorkingSetList, IN PMMSUPPORT WsInfo)
VOID FASTCALL	MiInsertWsle (IN WSLE_NUMBER Entry, IN PMMWSL WorkingSetList)
VOID FASTCALL	MiRemoveWsle (IN WSLE_NUMBER Entry, IN PMMWSL WorkingSetList)
VOID	MiFreeWorkingSetRange (IN PVOID StartVa, IN PVOID EndVa, IN PMMSUPPORT WsInfo)
WSLE_NUMBER FASTCALL	MiLocateWsle (IN PVOID VirtualAddress, IN PMMWSL WorkingSetList, IN WSLE_NUMBER WsPfnIndex)
ULONG	MiFreeWsle (IN WSLE_NUMBER WorkingSetIndex, IN PMMSUPPORT WsInfo, IN PMMPTE PointerPte)
VOID	MiSwapWslEntries (IN WSLE_NUMBER SwapEntry, IN WSLE_NUMBER Entry, IN PMMSUPPORT WsInfo)
VOID	MiRemoveWsleFromFreeList (IN ULONG Entry, IN PMMWSLE Wsle, IN PMMWSL WorkingSetList)
ULONG	MiRemovePageFromWorkingSet (IN PMMPTE PointerPte, IN PMMPFN Pfn1, IN PMMSUPPORT WsInfo)
VOID	MiTakePageFromWorkingSet (IN ULONG Entry, IN PMMSUPPORT WsInfo, IN PMMPTE PointerPte)
PFN_NUMBER	MiDeleteSystemPagableVm (IN PMMPTE PointerPte, IN PFN_NUMBER NumberOfPtes, IN MMPTE NewPteValue, IN LOGICAL SessionAllocation, OUT PPFN_NUMBER ResidentPages OPTIONAL)
VOID	MiLockCode (IN PMMPTE FirstPte, IN PMMPTE LastPte, IN ULONG LockType)
PLDR_DATA_TABLE_ENTRY	MiLookupDataTableEntry (IN PVOID AddressWithinSection, IN ULONG ResourceHeld)
VOID	MiFlushTb (VOID)
VOID	MiObtainFreePages (VOID)
VOID	MiModifiedPageWriter (IN PVOID StartContext)
VOID	MiMappedPageWriter (IN PVOID StartContext)
LOGICAL	MiIssuePageExtendRequest (IN PMMPAGE_FILE_EXPANSION PageExtend)
VOID	MiIssuePageExtendRequestNoWait (IN PFN_NUMBER SizeInPages)
SIZE_T	MiExtendPagingFiles (IN PMMPAGE_FILE_EXPANSION PageExpand)
VOID	MiContractPagingFiles (VOID)
VOID	MiAttemptPageFileReduction (VOID)
LOGICAL	MiCancelWriteOfMappedPfn (IN PFN_NUMBER PageToStop)
VOID	MiDeleteVirtualAddresses (IN PUCHAR StartingAddress, IN PUCHAR EndingAddress, IN ULONG AddressSpaceDeletion, IN PMMVAD Vad)
VOID	MiDeletePte (IN PMMPTE PointerPte, IN PVOID VirtualAddress, IN ULONG AddressSpaceDeletion, IN PEPROCESS CurrentProcess, IN PMMPTE PrototypePte, IN PMMPTE_FLUSH_LIST PteFlushList OPTIONAL)
VOID	MiDeletePageTablesForPhysicalRange (IN PVOID StartingAddress, IN PVOID EndingAddress)
VOID	MiFlushPteList (IN PMMPTE_FLUSH_LIST PteFlushList, IN ULONG AllProcessors, IN MMPTE FillPte)
ULONG FASTCALL	MiReleasePageFileSpace (IN MMPTE PteContents)
VOID FASTCALL	MiUpdateModifiedWriterMdls (IN ULONG PageFileNumber)
VOID	MiRemoveUserPhysicalPagesVad (IN PMMVAD_SHORT FoundVad)
VOID	MiCleanPhysicalProcessPages (IN PEPROCESS Process)
VOID	MiPhysicalViewRemover (IN PEPROCESS Process, IN PMMVAD Vad)
VOID	MiPhysicalViewAdjuster (IN PEPROCESS Process, IN PMMVAD OldVad, IN PMMVAD NewVad)
ULONG	MiDoesPdeExistAndMakeValid (IN PMMPTE PointerPde, IN PEPROCESS TargetProcess, IN ULONG PfnMutexHeld, OUT PULONG Waited)
ULONG	MiMakePdeExistAndMakeValid (IN PMMPTE PointerPde, IN PEPROCESS TargetProcess, IN ULONG PfnMutexHeld)
ULONG FASTCALL	MiMakeSystemAddressValid (IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess)
ULONG FASTCALL	MiMakeSystemAddressValidPfnWs (IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess OPTIONAL)
ULONG FASTCALL	MiMakeSystemAddressValidPfnSystemWs (IN PVOID VirtualAddress)
ULONG FASTCALL	MiMakeSystemAddressValidPfn (IN PVOID VirtualAddress)
ULONG FASTCALL	MiLockPagedAddress (IN PVOID VirtualAddress, IN ULONG PfnLockHeld)
VOID FASTCALL	MiUnlockPagedAddress (IN PVOID VirtualAddress, IN ULONG PfnLockHeld)
ULONG FASTCALL	MiIsPteDecommittedPage (IN PMMPTE PointerPte)
ULONG FASTCALL	MiIsProtectionCompatible (IN ULONG OldProtect, IN ULONG NewProtect)
ULONG FASTCALL	MiMakeProtectionMask (IN ULONG Protect)
ULONG	MiIsEntireRangeCommitted (IN PVOID StartingAddress, IN PVOID EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)
ULONG	MiIsEntireRangeDecommitted (IN PVOID StartingAddress, IN PVOID EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)
PMMPTE FASTCALL	MiGetProtoPteAddressExtended (IN PMMVAD Vad, IN ULONG_PTR Vpn)
PSUBSECTION FASTCALL	MiLocateSubsection (IN PMMVAD Vad, IN ULONG_PTR Vpn)
VOID	MiInitializeSystemCache (IN ULONG MinimumWorkingSet, IN ULONG MaximumWorkingSet)
VOID	MiAdjustWorkingSetManagerParameters (BOOLEAN WorkStation)
VOID FASTCALL	MiInsertBasedSection (IN PSECTION Section)
NTSTATUS	MiMapViewOfPhysicalSection (IN PCONTROL_AREA ControlArea, IN PEPROCESS Process, IN PVOID *CapturedBase, IN PLARGE_INTEGER SectionOffset, IN PSIZE_T CapturedViewSize, IN ULONG ProtectionMask, IN ULONG_PTR ZeroBits, IN ULONG AllocationType, IN BOOLEAN WriteCombined, OUT PBOOLEAN ReleasedWsMutex)
VOID	MiRemoveImageSectionObject (IN PFILE_OBJECT File, IN PCONTROL_AREA ControlArea)
VOID	MiAddSystemPtes (IN PMMPTE StartingPte, IN ULONG NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE SystemPtePoolType)
VOID	MiRemoveMappedView (IN PEPROCESS CurrentProcess, IN PMMVAD Vad)
PVOID	MiFindEmptySectionBaseDown (IN ULONG SizeOfRange, IN PVOID HighestAddressToEndAt)
VOID	MiSegmentDelete (PSEGMENT Segment)
VOID	MiSectionDelete (PVOID Object)
VOID	MiDereferenceSegmentThread (IN PVOID StartContext)
NTSTATUS	MiCreateImageFileMap (IN PFILE_OBJECT File, OUT PSEGMENT *Segment)
NTSTATUS	MiCreateDataFileMap (IN PFILE_OBJECT File, OUT PSEGMENT *Segment, IN PUINT64 MaximumSize, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN ULONG IgnoreFileSizing)
NTSTATUS	MiCreatePagingFileMap (OUT PSEGMENT *Segment, IN PUINT64 MaximumSize, IN ULONG ProtectionMask, IN ULONG AllocationAttributes)
VOID	MiPurgeSubsectionInternal (IN PSUBSECTION Subsection, IN ULONG PteOffset)
VOID	MiPurgeImageSection (IN PCONTROL_AREA ControlArea, IN PEPROCESS Process)
VOID	MiCleanSection (IN PCONTROL_AREA ControlArea, IN LOGICAL DirtyDataPagesOk)
VOID	MiCheckControlArea (IN PCONTROL_AREA ControlArea, IN PEPROCESS CurrentProcess, IN KIRQL PreviousIrql)
LOGICAL	MiCheckPurgeAndUpMapCount (IN PCONTROL_AREA ControlArea)
VOID	MiCheckForControlAreaDeletion (IN PCONTROL_AREA ControlArea)
BOOLEAN	MiCheckControlAreaStatus (IN SECTION_CHECK_TYPE SectionCheckType, IN PSECTION_OBJECT_POINTERS SectionObjectPointers, IN ULONG DelayClose, OUT PCONTROL_AREA *ControlArea, OUT PKIRQL OldIrql)
PEVENT_COUNTER	MiGetEventCounter ()
VOID	MiFlushEventCounter ()
VOID	MiFreeEventCounter (IN PEVENT_COUNTER Support, IN ULONG Flush)
ULONG	MiCanFileBeTruncatedInternal (IN PSECTION_OBJECT_POINTERS SectionPointer, IN PLARGE_INTEGER NewFileSize OPTIONAL, IN LOGICAL BlockNewViews, OUT PKIRQL PreviousIrql)
NTSTATUS	MiFlushSectionInternal (IN PMMPTE StartingPte, IN PMMPTE FinalPte, IN PSUBSECTION FirstSubsection, IN PSUBSECTION LastSubsection, IN ULONG Synchronize, IN LOGICAL WriteInProgressOk, OUT PIO_STATUS_BLOCK IoStatus)
NTSTATUS	MiProtectVirtualMemory (IN PEPROCESS Process, IN PVOID *CapturedBase, IN PSIZE_T CapturedRegionSize, IN ULONG Protect, IN PULONG LastProtect)
ULONG	MiGetPageProtection (IN PMMPTE PointerPte, IN PEPROCESS Process)
ULONG	MiSetProtectionOnSection (IN PEPROCESS Process, IN PMMVAD Vad, IN PVOID StartingAddress, IN PVOID EndingAddress, IN ULONG NewProtect, OUT PULONG CapturedOldProtect, IN ULONG DontCharge)
NTSTATUS	MiCheckSecuredVad (IN PMMVAD Vad, IN PVOID Base, IN ULONG_PTR Size, IN ULONG ProtectionMask)
ULONG	MiChangeNoAccessForkPte (IN PMMPTE PointerPte, IN ULONG ProtectionMask)
VOID	MiSetImageProtect (IN PSEGMENT Segment, IN ULONG Protection)
ULONG FASTCALL	MiChargePageFileQuota (IN SIZE_T QuotaCharge, IN PEPROCESS CurrentProcess)
VOID	MiReturnPageFileQuota (IN SIZE_T QuotaCharge, IN PEPROCESS CurrentProcess)
LOGICAL FASTCALL	MiChargeCommitment (IN SIZE_T QuotaCharge, IN PEPROCESS Process OPTIONAL)
LOGICAL FASTCALL	MiChargeCommitmentCantExpand (IN SIZE_T QuotaCharge, IN ULONG MustSucceed)
VOID FASTCALL	MiReturnCommitment (IN SIZE_T QuotaCharge)
SIZE_T	MiCalculatePageCommitment (IN PVOID StartingAddress, IN PVOID EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)
VOID	MiReturnPageTablePageCommitment (IN PVOID StartingAddress, IN PVOID EndingAddress, IN PEPROCESS CurrentProcess, IN PMMVAD PreviousVad, IN PMMVAD NextVad)
VOID	MiEmptyAllWorkingSets (VOID)
VOID	MiFlushAllPages (VOID)
VOID	MiModifiedPageWriterTimerDispatch (IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
LONGLONG	MiStartingOffset (IN PSUBSECTION Subsection, IN PMMPTE PteAddress)
LARGE_INTEGER	MiEndingOffset (IN PSUBSECTION Subsection)
VOID	MiReloadBootLoadedDrivers (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
LOGICAL	MiInitializeLoadedModuleList (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
VOID	MiEnableRandomSpecialPool (IN LOGICAL Enable)
LOGICAL	MiTriageSystem (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
LOGICAL	MiTriageAddDrivers (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
LOGICAL	MiTriageVerifyDriver (IN PLDR_DATA_TABLE_ENTRY DataTableEntry)
LOGICAL	MiInitializeDriverVerifierList (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
LOGICAL	MiApplyDriverVerifier (IN PLDR_DATA_TABLE_ENTRY, IN PMI_VERIFIER_DRIVER_ENTRY Verifier)
VOID	MiVerifyingDriverUnloading (IN PLDR_DATA_TABLE_ENTRY DataTableEntry)
VOID	MiVerifierCheckThunks (IN PLDR_DATA_TABLE_ENTRY DataTableEntry)
VOID	MiEnableKernelVerifier (VOID)
VOID	MiDumpValidAddresses (VOID)
VOID	MiDumpPfn (VOID)
VOID	MiDumpWsl (VOID)
VOID	MiFormatPte (IN PMMPTE PointerPte)
VOID	MiCheckPfn (VOID)
VOID	MiCheckPte (VOID)
VOID	MiFormatPfn (IN PMMPFN PointerPfn)
NTSTATUS	MiSessionCommitPageTables (PVOID StartVa, PVOID EndVa)
NTSTATUS	MiInitializeSessionPool (VOID)
VOID	MiCheckSessionPoolAllocations (VOID)
VOID	MiFreeSessionPoolBitMaps (VOID)
VOID	MiDetachSession (VOID)
VOID	MiAttachSession (IN PMM_SESSION_SPACE SessionGlobal)
NTSTATUS	MiEmptyWorkingSet (IN PMMSUPPORT WsInfo, IN LOGICAL WaitOk)
NTSTATUS FASTCALL	MiCheckPdeForSessionSpace (IN PVOID VirtualAddress)
NTSTATUS	MiShareSessionImage (IN PSECTION Section, IN OUT PSIZE_T ViewSize)
VOID	MiSessionWideInitializeAddresses (VOID)
NTSTATUS	MiSessionWideReserveImageAddress (IN PUNICODE_STRING pImageName, IN PSECTION Section, IN ULONG_PTR Alignment, OUT PVOID *ppAddr, OUT PBOOLEAN pAlreadyLoaded)
VOID	MiInitializeSessionIds (VOID)
VOID	MiInitializeSessionWsSupport (VOID)
VOID	MiSessionAddProcess (IN PEPROCESS NewProcess)
VOID	MiSessionRemoveProcess (VOID)
NTSTATUS	MiRemovePsLoadedModule (PLDR_DATA_TABLE_ENTRY DataTableEntry)
NTSTATUS	MiRemoveImageSessionWide (IN PVOID BaseAddr)
NTSTATUS	MiDeleteSessionVirtualAddresses (IN PVOID VirtualAddress, IN SIZE_T NumberOfBytes)
NTSTATUS	MiUnloadSessionImageByForce (IN SIZE_T NumberOfPtes, IN PVOID ImageBase)
NTSTATUS	MiSessionWideGetImageSize (IN PVOID BaseAddress, OUT PSIZE_T NumberOfBytes OPTIONAL, OUT PSIZE_T CommitPages OPTIONAL)
PIMAGE_ENTRY_IN_SESSION	MiSessionLookupImage (IN PVOID BaseAddress)
NTSTATUS	MiSessionCommitImagePages (PVOID BaseAddr, SIZE_T Size)
VOID	MiSessionUnloadAllImages (VOID)
VOID	MiFreeSessionSpaceMap (VOID)
NTSTATUS	MiSessionInitializeWorkingSetList (VOID)
VOID	MiSessionUnlinkWorkingSet (VOID)
NTSTATUS	MiSessionCopyOnWrite (IN PMM_SESSION_SPACE SessionSpace, IN PVOID FaultingAddress, IN PMMPTE PointerPte)
VOID	MiSessionOutSwapProcess (IN PEPROCESS Process)
VOID	MiSessionInSwapProcess (IN PEPROCESS Process)
Variables
ULONG	MmProtectToValue [32]
ULONG	MmProtectToPteMask [32]
ULONG	MmMakeProtectNotWriteCopy [32]
ACCESS_MASK	MmMakeSectionAccess [8]
ACCESS_MASK	MmMakeFileAccess [8]
LARGE_INTEGER	MmSevenMinutes
LARGE_INTEGER	MmWorkingSetProtectionTime
LARGE_INTEGER	MmOneSecond
LARGE_INTEGER	MmTwentySeconds
LARGE_INTEGER	MmShortTime
LARGE_INTEGER	MmHalfSecond
LARGE_INTEGER	Mm30Milliseconds
LARGE_INTEGER	MmCriticalSectionTimeout
ULONG	MmCritsectTimeoutSeconds
PEPROCESS	ExpDefaultErrorPortProcess
SIZE_T	MmExtendedCommit
PFN_NUMBER	MmHiberPages
ULONG	MiIoRetryLevel
ULONG	MiFaultRetries
ULONG	MiUserIoRetryLevel
ULONG	MiUserFaultRetries
KMUTANT	MmSystemLoadLock
LIST_ENTRY	MmLockConflictList
PETHREAD	MmSystemLockOwner
LOGICAL	MmDynamicPfn
FAST_MUTEX	MmDynamicMemoryMutex
PFN_NUMBER	MmSystemLockPagesCount
ULONG_PTR	MiActiveWriteWatch
MMSESSION	MmSession
LOGICAL	MmTrackLockedPages
BOOLEAN	MiTrackingAborted
LOGICAL	MmSnapUnloads
PUNLOADED_DRIVERS	MiUnloadedDrivers
PMMINPAGE_SUPPORT	MiGetInPageSupportBlock (VOID)
SIZE_T	MmPeakCommitment
SIZE_T	MmTotalCommitLimitMaximum
WCHAR	MmVerifyDriverBuffer []
ULONG	MmVerifyDriverBufferLength
ULONG	MmVerifyDriverLevel
LOGICAL	MmDontVerifyRandomDrivers
LOGICAL	MmProtectFreedNonPagedPool
ULONG	MmEnforceWriteProtection
LOGICAL	MmTrackPtes
ULONG	MiActiveVerifierThunks
LIST_ENTRY	MiSuspectDriverList
LOGICAL	KernelVerifier
MM_DRIVER_VERIFIER_DATA	MmVerifierData
ULONG	MiSpecialPagesNonPaged
ULONG	MiSpecialPagesNonPagedMaximum
ULONG	MmLockPagesPercentage
ULONG	MmLargePageMinimum
MMPTE	ZeroPte
MMPTE	ZeroKernelPte
MMPTE	ValidKernelPteLocal
MMPTE	ValidKernelPte
MMPTE	ValidKernelPde
MMPTE	ValidKernelPdeLocal
MMPTE	ValidUserPte
MMPTE	ValidPtePte
MMPTE	ValidPdePde
MMPTE	DemandZeroPde
MMPTE	DemandZeroPte
MMPTE	KernelPrototypePte
MMPTE	TransitionPde
MMPTE	PrototypePte
MMPTE	NoAccessPte
ULONG_PTR	MmSubsectionBase
ULONG_PTR	MmSubsectionTopPage
BOOLEAN	MiHydra
ULONG	ExpMultiUserTS
PFN_COUNT	MmNumberOfPhysicalPages
PFN_NUMBER	MmLowestPhysicalPage
PFN_NUMBER	MmHighestPhysicalPage
PFN_NUMBER	MmHighestPossiblePhysicalPage
PFN_COUNT	MmAvailablePages
PFN_NUMBER	MmMoreThanEnoughFreePages
SPFN_NUMBER	MmResidentAvailablePages
PFN_NUMBER	MmPagesAboveWsMinimum
PFN_NUMBER	MmPagesAboveWsMaximum
PFN_NUMBER	MmPagesAboveWsThreshold
PFN_NUMBER	MmWorkingSetSizeIncrement
PFN_NUMBER	MmWorkingSetSizeExpansion
PFN_NUMBER	MmWsAdjustThreshold
PFN_NUMBER	MmWsExpandThreshold
PFN_NUMBER	MmWsTrimReductionGoal
ULONG	MiDelayPageFaults
PMMPFN	MmPfnDatabase
MMPFNLIST	MmZeroedPageListHead
MMPFNLIST	MmFreePageListHead
MMPFNLIST	MmStandbyPageListHead
MMPFNLIST	MmModifiedPageListHead
MMPFNLIST	MmModifiedNoWritePageListHead
MMPFNLIST	MmBadPageListHead
PMMPFNLIST	MmPageLocationList [NUMBER_OF_PAGE_LISTS]
MMPFNLIST	MmModifiedPageListByColor [MM_MAXIMUM_NUMBER_OF_COLORS]
ULONG	MmModNoWriteInsert
KEVENT	MmAvailablePagesEvent
KEVENT	MmAvailablePagesEventHigh
KEVENT	MmZeroingPageEvent
BOOLEAN	MmZeroingPageThreadActive
PFN_NUMBER	MmMinimumFreePagesToZero
KEVENT	MmMappedFileIoComplete
PMMPTE	MmFirstReservedMappingPte
PMMPTE	MmLastReservedMappingPte
PVOID	MmNonPagedSystemStart
PCHAR	MmSystemSpaceViewStart
SIZE_T	MmSizeOfNonPagedPoolInBytes
SIZE_T	MmMinimumNonPagedPoolSize
SIZE_T	MmDefaultMaximumNonPagedPool
ULONG	MmMinAdditionNonPagedPoolPerMb
ULONG	MmMaxAdditionNonPagedPoolPerMb
SIZE_T	MmSizeOfPagedPoolInBytes
SIZE_T	MmMaximumNonPagedPoolInBytes
PFN_NUMBER	MmAllocatedNonPagedPool
PFN_NUMBER	MmSizeOfNonPagedMustSucceed
PVOID	MmNonPagedPoolExpansionStart
ULONG	MmExpandedPoolBitPosition
PFN_NUMBER	MmNumberOfFreeNonPagedPool
ULONG	MmMustSucceedPoolBitPosition
ULONG	MmNumberOfSystemPtes
ULONG	MiRequestedSystemPtes
ULONG	MmTotalFreeSystemPtes [MaximumPtePoolTypes]
SIZE_T	MmLockPagesLimit
PMMPTE	MmSystemPagePtes
ULONG	MmSystemPageDirectory
PMMPTE	MmPagedPoolBasePde
SIZE_T	MmHeapSegmentReserve
SIZE_T	MmHeapSegmentCommit
SIZE_T	MmHeapDeCommitTotalFreeThreshold
SIZE_T	MmHeapDeCommitFreeBlockThreshold
LIST_ENTRY	MmNonPagedPoolFreeListHead [MI_MAX_FREE_LIST_HEADS]
ULONG	MmFlushCounter
PVOID	MmNonPagedPoolStart
PVOID	MmNonPagedPoolEnd
PVOID	MmPagedPoolStart
PVOID	MmPagedPoolEnd
PVOID	MmNonPagedMustSucceed
MM_PAGED_POOL_INFO	MmPagedPoolInfo
PVOID	MmPageAlignedPoolBase [2]
PRTL_BITMAP	VerifierLargePagedPoolMap
MMPTE	MmFirstFreeSystemPte [MaximumPtePoolTypes]
ULONG_PTR	MiSystemViewStart
PMMWSL	MmSystemCacheWorkingSetList
PMMWSLE	MmSystemCacheWsle
PVOID	MmSystemCacheStart
PVOID	MmSystemCacheEnd
PRTL_BITMAP	MmSystemCacheAllocationMap
PRTL_BITMAP	MmSystemCacheEndingMap
PFN_NUMBER	MmSystemCacheWsMinimum
PFN_NUMBER	MmSystemCacheWsMaximum
ULONG	MmAliasAlignment
ULONG	MmAliasAlignmentOffset
ULONG	MmAliasAlignmentMask
ULONG	MmNumberDeadKernelStacks
ULONG	MmMaximumDeadKernelStacks
PMMPFN	MmFirstDeadKernelStack
PMMPTE	MmSystemPteBase
PMMWSL	MmWorkingSetList
PMMWSLE	MmWsle
PMMVAD	MmVirtualAddressDescriptorRoot
PMMADDRESS_NODE	MmSectionBasedRoot
PVOID	MmHighSectionBase
FAST_MUTEX	MmSectionCommitMutex
FAST_MUTEX	MmSectionBasedMutex
ERESOURCE	MmSectionExtendResource
ERESOURCE	MmSectionExtendSetResource
KEVENT	MmImageMappingPteEvent
ULONG	MmDataClusterSize
ULONG	MmCodeClusterSize
FAST_MUTEX	MmPageFileCreationLock
PKEVENT	MmPagingFileCreated
ULONG_PTR	MmPagingFileDebug []
KSPIN_LOCK	MmPfnLock
ERESOURCE	MmSystemWsLock
KSPIN_LOCK	MmSystemSpaceLock
KSPIN_LOCK	MmChargeCommitmentLock
KSPIN_LOCK	MmExpansionLock
MMPTE	GlobalPte
ULONG	MmSystemPageColor
ULONG	MmSecondaryColors
ULONG	MmProcessColorSeed
ULONG	MmDisablePagingExecutive
MMDEREFERENCE_SEGMENT_HEADER	MmDereferenceSegmentHeader
LIST_ENTRY	MmUnusedSegmentList
KEVENT	MmUnusedSegmentCleanup
SIZE_T	MmMaxUnusedSegmentPagedPoolUsage
SIZE_T	MmUnusedSegmentPagedPoolUsage
SIZE_T	MiUnusedSegmentPagedPoolUsage
SIZE_T	MmUnusedSegmentPagedPoolReduction
SIZE_T	MmMaxUnusedSegmentNonPagedPoolUsage
SIZE_T	MmUnusedSegmentNonPagedPoolUsage
SIZE_T	MiUnusedSegmentNonPagedPoolUsage
SIZE_T	MmUnusedSegmentNonPagedPoolReduction
ULONG	MmUnusedSegmentTrimLevel
ULONG	MmUnusedSegmentCount
MMWORKING_SET_EXPANSION_HEAD	MmWorkingSetExpansionHead
MMPAGE_FILE_EXPANSION	MmAttemptForCantExtend
MMMOD_WRITER_LISTHEAD	MmPagingFileHeader
MMMOD_WRITER_LISTHEAD	MmMappedFileHeader
PMMPAGING_FILE	MmPagingFile [MAX_PAGE_FILES]
PMMMOD_WRITER_MDL_ENTRY	MmMappedFileMdl [MM_MAPPED_FILE_MDLS]
LIST_ENTRY	MmFreePagingSpaceLow
ULONG	MmNumberOfActiveMdlEntries
ULONG	MmNumberOfPagingFiles
KEVENT	MmModifiedPageWriterEvent
KEVENT	MmCollidedFlushEvent
KEVENT	MmCollidedLockEvent
SIZE_T	MmTotalCommittedPages
SIZE_T	MmTotalCommitLimit
SIZE_T	MmOverCommit
SIZE_T	MmSharedCommit
PFN_NUMBER	MmMinimumFreePages
PFN_NUMBER	MmFreeGoal
PFN_NUMBER	MmModifiedPageMaximum
PFN_NUMBER	MmModifiedPageMinimum
ULONG	MmModifiedWriteClusterSize
ULONG	MmMinimumFreeDiskSpace
ULONG	MmPageFileExtension
ULONG	MmMinimumPageFileReduction
LARGE_INTEGER	MiModifiedPageLife
BOOLEAN	MiTimerPending
KEVENT	MiMappedPagesTooOldEvent
KDPC	MiModifiedPageWriterTimerDpc
KTIMER	MiModifiedPageWriterTimer
PFN_NUMBER	MmSystemProcessWorkingSetMin
PFN_NUMBER	MmSystemProcessWorkingSetMax
PFN_NUMBER	MmMinimumWorkingSetSize
PMMPTE	MmDebugPte
PMMPTE	MmCrashDumpPte
ULONG	MiOverCommitCallCount
SIZE_T	MmResTrack [MM_BUMP_COUNTER_MAX]
PPAGE_FAULT_NOTIFY_ROUTINE	MmPageFaultNotifyRoutine
PHARD_FAULT_NOTIFY_ROUTINE	MmHardFaultNotifyRoutine
ULONG_PTR	MmSessionBase
ULONG	MmSessionFailureCauses [MM_SESSION_FAILURE_CAUSES]
PMM_SESSION_SPACE	MmSessionSpace
ULONG	MiSessionCount
PMMPTE	MiHighestUserPte
PMMPTE	MiHighestUserPde
PMMPTE	MiSessionBasePte
PMMPTE	MiSessionLastPte
LIST_ENTRY	MiSessionWsList

---

Define Documentation

#define _2gb   0x80000000

Definition at line 71 of file mi.h. Referenced by MmInitializeProcessAddressSpace().

#define _4gb   0x100000000

Definition at line 72 of file mi.h.

#define ASSERT32 (  exp   )     ASSERT(exp)

Definition at line 58 of file mi.h. Referenced by MiGrowWsleHash(), and MiUpdateWsle().

#define ASSERT64 (  exp   )

Definition at line 59 of file mi.h. Referenced by MiGrowWsleHash(), MiUnmapLockedPagesInUserSpace(), MmAddPhysicalMemory(), and MmRemovePhysicalMemory().

#define COMMIT_SIZE   19

Definition at line 2331 of file mi.h.

#define CONSISTENCY_LOCK_PFN (  OLDIRQL   )

Definition at line 875 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiInitializeWorkingSetList(), MiMakeSpecialPoolPagable(), MiMapViewOfPhysicalSection(), MiRemoveWorkingSetPages(), MiResolveDemandZeroFault(), MiSessionInitializeWorkingSetList(), MiUpdateWsle(), MmAccessFault(), and MmCreateProcessAddressSpace().

#define CONSISTENCY_LOCK_PFN2 (  OLDIRQL   )

Definition at line 878 of file mi.h. Referenced by MiAllocatePoolPages(), and MiFreePoolPages().

#define CONSISTENCY_UNLOCK_PFN (  OLDIRQL   )

Definition at line 876 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiGetPageForHeader(), MiInitializeWorkingSetList(), MiMakeSpecialPoolPagable(), MiMapViewOfPhysicalSection(), MiRemoveWorkingSetPages(), MiResolveDemandZeroFault(), MiSessionInitializeWorkingSetList(), MiUpdateWsle(), MmAccessFault(), and MmCreateProcessAddressSpace().

#define CONSISTENCY_UNLOCK_PFN2 (  OLDIRQL   )

Definition at line 879 of file mi.h. Referenced by MiAllocatePoolPages(), and MiFreePoolPages().

#define EndOfAllocation   WriteInProgress

Definition at line 1243 of file mi.h.

#define HYDRA_PROCESS   ((PEPROCESS)1)

Definition at line 5179 of file mi.h. Referenced by MiDispatchFault(), MiEnsureAvailablePageOrWait(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiResolveTransitionFault(), MiSessionCopyOnWrite(), MiWaitForInPageComplete(), and MmAccessFault().

#define LargeSessionAllocation   PrototypePte

Definition at line 1245 of file mi.h.

#define LOCK_ADDRESS_SPACE (  PROCESS   )     ExAcquireFastMutex( &((PROCESS)->AddressCreationLock))

Definition at line 1090 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiWaitForForkToComplete(), MmMapViewOfSection(), MmSecureVirtualMemory(), MmUnsecureVirtualMemory(), and NtAreMappedFilesTheSame().

#define LOCK_AWE (  PROCESS, OldIrql   )     ExAcquireSpinLock(&((PROCESS)->AweLock), &OldIrql)

Definition at line 922 of file mi.h. Referenced by MiMapViewOfPhysicalSection(), MiPhysicalViewAdjuster(), MiPhysicalViewInserter(), MiPhysicalViewRemover(), MiRemoveMappedView(), MiRemoveUserPhysicalPagesVad(), NtAllocateUserPhysicalPages(), NtFreeUserPhysicalPages(), NtMapUserPhysicalPages(), and NtMapUserPhysicalPagesScatter().

#define LOCK_EXPANSION (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= APC_LEVEL); \ ExAcquireSpinLock (&MmExpansionLock, &OLDIRQL);\ MM_SET_EXPANSION_OWNER (); Definition at line 957 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckSystemTrimEndCriteria(), MiDereferenceSession(), MiEmptyAllWorkingSets(), MiEmptyAllWorkingSetsWorker(), MiLoadImageSection(), MiRearrangeWorkingSetExpansionList(), MiSessionAddProcess(), MiSessionInitializeWorkingSetList(), MiSessionInSwapProcess(), MiSessionOutSwapProcess(), MiSessionRemoveProcess(), MmAllowWorkingSetExpansion(), MmCleanProcessAddressSpace(), MmEnforceWorkingSetLimit(), MmInSwapProcess(), MmOutSwapProcess(), MmSessionCreate(), MmSetMemoryPriorityProcess(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

#define LOCK_EXPANSION_IF_ALPHA (  OLDIRQL   )

Definition at line 982 of file mi.h. Referenced by MiAddWorkingSetPage(), MiDoReplacement(), MiInsertWsle(), MiMakeSpecialPoolPagable(), MiRemoveWorkingSetPages(), MmAccessFault(), and MmCleanProcessAddressSpace().

#define LOCK_HYPERSPACE (  OLDIRQL   )     ExAcquireSpinLock ( &(PsGetCurrentProcess())->HyperSpaceLock, OLDIRQL );

Definition at line 1020 of file mi.h. Referenced by MiMapPageInHyperSpace().

#define LOCK_PFN (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= APC_LEVEL); \ MiLockPfnDatabase(OLDIRQL); \ PFN_CONSISTENCY_SET; Definition at line 886 of file mi.h. Referenced by MiAccessCheck(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiAttemptPageFileExtension(), MiAttemptPageFileReduction(), MiBuildForkPageTable(), MiBuildPagedPool(), MiCancelWriteOfMappedPfn(), MiCanFileBeTruncatedInternal(), MiCaptureSystemPte(), MiCheckAndSetSystemTrimCriteria(), MiCheckControlAreaStatus(), MiCheckPageFileMapping(), MiCheckPurgeAndUpMapCount(), MiCleanSection(), MiCopyOnWrite(), MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDeleteAddressesInWorkingSet(), MiDeleteFreeVm(), MiDeletePageTablesForPhysicalRange(), MiDeleteSystemPagableVm(), MiDeleteVirtualAddresses(), MiDereferenceSession(), MiDispatchFault(), MiDoesPdeExistAndMakeValid(), MiDoneWithThisPageGetAnother(), MiDownPfnReferenceCount(), MiDownShareCountFlushEntireTb(), MiEnablePagingOfDriverAtInit(), MiEnsureAvailablePageOrWait(), MiExtendPagingFileMaximum(), MiFillSystemPageDirectory(), MiFlushAcquire(), MiFlushDataSection(), MiFlushDirtyBitsToPfn(), MiFlushEventCounter(), MiFlushInPageSupportBlock(), MiFlushRelease(), MiFlushSectionInternal(), MiFlushTbAndCapture(), MiFreeInitializationCode(), MiFreeWsle(), MiGatherMappedPages(), MiGatherPagefilePages(), MiGetEventCounter(), MiGetInPageSupportBlock(), MiGetPageForHeader(), MiGetSystemCacheSubsection(), MiGrowWsleHash(), MiHandleForkTransitionPte(), MiInitializeSessionPool(), MiInitializeSpecialPool(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiInsertPageFileInList(), MiLoadImageSection(), MiLockCode(), MiMakeOutswappedPageResident(), MiMakePdeExistAndMakeValid(), MiMakeSystemAddressValidPfn(), MiMakeSystemAddressValidPfnSystemWs(), MiMakeSystemAddressValidPfnWs(), MiMapImageHeaderInHyperSpace(), MiMappedPageWriter(), MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiModifiedPageWriterWorker(), MiPageFileFull(), MiProcessValidPteList(), MiPurgeImageSection(), MiReleaseModifiedWriter(), MiReloadBootLoadedDrivers(), MiRemoveImageHeaderPage(), MiRemoveMappedPtes(), MiRemoveMappedView(), MiRemovePageFromWorkingSet(), MiRemoveUnusedSegments(), MiRemoveWorkingSetPages(), MiResetVirtualMemory(), MiResolveDemandZeroFault(), MiResolveTransitionFault(), MiSectionDelete(), MiSegmentDelete(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetPageModified(), MiSetPagingOfDriver(), MiSetProtectionOnTransitionPte(), MiSetSystemCodeProtection(), MiShareSessionImage(), MiSuperSectionDelete(), MiSwapWslEntries(), MiUnmapImageHeaderInHyperSpace(), MiUnmapLockedPagesInUserSpace(), MiUpCloneProcessRefCount(), MiUpCloneProtoRefCount(), MiUpControlAreaRefs(), MiUpdateImageHeaderPage(), MiUpdateVadPhysicalPages(), MiUpForkPageShareCount(), MiUpPfnReferenceCount(), MiWaitForForkToComplete(), MiWaitForInPageComplete(), MiWriteComplete(), MmAccessFault(), MmAddPhysicalMemory(), MmAdjustWorkingSetSize(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmCheckCachedPageState(), MmCleanProcessAddressSpace(), MmCopyToCachedPage(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmCreateSection(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmDisableModifiedWriteOfSection(), MmFlushImageSection(), MmFlushSection(), MmFreeLoaderBlock(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmGetPhysicalMemoryRanges(), MmGrowKernelStack(), MmInitializeProcessAddressSpace(), MmInitSystem(), MmInPageKernelStack(), MmInSwapProcess(), MmLockPagedPool(), MmMapUserAddressesToPage(), MmMapViewInSystemCache(), MmOutPageKernelStack(), MmOutSwapProcess(), MmPurgeSection(), MmRemovePhysicalMemory(), MmResetDriverPaging(), MmSetPageProtection(), MmShutdownSystem(), MmTrimAllSystemPagableMemory(), MmUnloadSystemImage(), MmUnlockCachedPage(), MmUnmapViewInSystemCache(), NtAllocateUserPhysicalPages(), and NtCreateSuperSection().

#define LOCK_PFN2 (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= DISPATCH_LEVEL); \ MiLockPfnDatabase(OLDIRQL); \ PFN_CONSISTENCY_SET; Definition at line 901 of file mi.h. Referenced by MiAddMdlTracker(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiFindContiguousMemory(), MiFreeMdlTracker(), MiFreeNonPagedPool(), MiLockPagedAddress(), MiMapViewOfPhysicalSection(), MiModifiedPageWriterTimerDispatch(), MiPhysicalViewAdjuster(), MiPhysicalViewInserter(), MiPhysicalViewRemover(), MiProtectSpecialPool(), MiRemoveUserPhysicalPagesVad(), MiUnlockPagedAddress(), MmFreeSpecialPool(), MmGatherMemoryForHibernate(), MmLockPagableSectionByHandle(), MmMapLockedPagesSpecifyCache(), MmProbeAndLockPages(), MmResourcesAvailable(), MmReturnMemoryForHibernate(), MmSetAddressRangeModified(), MmSetSpecialPool(), MmUnlockPagableImageSection(), MmUnlockPagedPool(), MmUnlockPages(), MmUnmapLockedPages(), and NtFreeUserPhysicalPages().

#define LOCK_PFN_WITH_TRY (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= APC_LEVEL); \ do { \ } while (MiTryToLockPfnDatabase(OLDIRQL) == FALSE); \ PFN_CONSISTENCY_SET; Definition at line 890 of file mi.h. Referenced by MmZeroPageThread().

#define LOCK_SESSION (  OLDIRQL   )

Value: ExAcquireSpinLock (&((SESSION_GLOBAL(MmSessionSpace))->SpinLock), &OLDIRQL); \ MM_SET_SESSION_LOCK_OWNER (); Definition at line 5632 of file mi.h. Referenced by MiDereferenceSession(), and MiSessionAddProcess().

#define LOCK_SESSION_SPACE_WS (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= APC_LEVEL); \ KeRaiseIrql(APC_LEVEL,&OLDIRQL); \ ExAcquireResourceExclusive(&MmSessionSpace->WsLock, TRUE); \ MM_SET_SESSION_RESOURCE_OWNER (); Definition at line 5688 of file mi.h. Referenced by MiAllocatePoolPages(), MiDeleteSystemPagableVm(), MiDispatchFault(), MiEmptyWorkingSet(), MiEnsureAvailablePageOrWait(), MiFreePoolPages(), MiLoadImageSection(), MiMakeSystemAddressValidPfnSystemWs(), MiMapViewInSystemSpace(), MiSessionCommitImagePages(), MiSessionInsertImage(), MiSessionLookupImage(), MiSessionRemoveImage(), MiSetPagingOfDriver(), MiShareSessionImage(), MiUnmapViewInSystemSpace(), MiWaitForInPageComplete(), MmAccessFault(), and MmUnloadSystemImage().

#define LOCK_SYSTEM_VIEW_SPACE (  _Session   )     ExAcquireFastMutex (_Session->SystemSpaceViewLockPointer)

Definition at line 2644 of file mi.h. Referenced by MiFreeSessionSpaceMap(), MiInsertInSystemSpace(), MiMapViewInSystemSpace(), and MiUnmapViewInSystemSpace().

#define LOCK_SYSTEM_WS (  OLDIRQL   )

Value: ASSERT (KeGetCurrentIrql() <= APC_LEVEL); \ KeRaiseIrql(APC_LEVEL,&OLDIRQL); \ ExAcquireResourceExclusive(&MmSystemWsLock,TRUE); \ ASSERT (MmSystemLockOwner == NULL); \ MmSystemLockOwner = PsGetCurrentThread(); Definition at line 998 of file mi.h. Referenced by MiDeleteSystemPagableVm(), MiDispatchFault(), MiEmptyWorkingSet(), MiEnablePagingOfDriverAtInit(), MiEnsureAvailablePageOrWait(), MiInitializeSystemCache(), MiMakeSpecialPoolPagable(), MiMakeSystemAddressValidPfnSystemWs(), MiProtectSpecialPool(), MiRemoveMappedPtes(), MiSetPagingOfDriver(), MiWaitForInPageComplete(), MmAccessFault(), MmAdjustWorkingSetSize(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmEnforceWorkingSetLimit(), MmLockPagableSectionByHandle(), MmLockPagedPool(), MmResetDriverPaging(), and MmUnmapViewInSystemCache().

#define LOCK_WS (  PROCESS   )

Value: ASSERT (MI_NOT_WS_OWNER(PROCESS)); \ ExAcquireFastMutex( &((PROCESS)->WorkingSetLock)); \ ASSERT (!MI_IS_WS_UNSAFE(PROCESS)); Definition at line 1039 of file mi.h. Referenced by MiChargeCommitment(), MiCloneProcessAddressSpace(), MiEmptyWorkingSet(), MiGetWorkingSetInfo(), MiMapViewOfPhysicalSection(), MiWaitForInPageComplete(), MmAccessFault(), MmAdjustWorkingSetSize(), MmCreateProcessAddressSpace(), MmEnforceWorkingSetLimit(), MmFlushVirtualMemory(), MmSetMemoryPriorityProcess(), NtAllocateUserPhysicalPages(), and NtFreeUserPhysicalPages().

#define LOCK_WS_AND_ADDRESS_SPACE (  PROCESS   )

Value: LOCK_ADDRESS_SPACE(PROCESS); \ LOCK_WS_UNSAFE(PROCESS); Definition at line 1093 of file mi.h. Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiProtectVirtualMemory(), MiUnmapLockedPagesInUserSpace(), MmAssignProcessToJob(), MmCleanProcessAddressSpace(), MmDeleteTeb(), MmFlushVirtualMemory(), MmMapUserAddressesToPage(), MmSetBankedSection(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), NtLockVirtualMemory(), NtQueryVirtualMemory(), and NtUnlockVirtualMemory().

#define LOCK_WS_REGARDLESS (  PROCESS, WSHELDSAFE   )

Value: if (WSHELDSAFE == TRUE) { \ LOCK_WS (PROCESS); \ } \ else { \ LOCK_WS_UNSAFE (PROCESS); \ } Definition at line 1120 of file mi.h. Referenced by MiChargeCommitment(), MiDecrementCloneBlockReference(), MiEnsureAvailablePageOrWait(), MiMakeSystemAddressValid(), MiMakeSystemAddressValidPfnWs(), and MiWaitForForkToComplete().

#define LOCK_WS_UNSAFE (  PROCESS   )

Value: ASSERT (MI_NOT_WS_OWNER(PROCESS)); \ ASSERT (KeGetCurrentIrql() == APC_LEVEL); \ ExAcquireFastMutexUnsafe( &((PROCESS)->WorkingSetLock));\ (PROCESS)->WorkingSetLock.OldIrql = MI_MUTEX_ACQUIRED_UNSAFE; Definition at line 1044 of file mi.h. Referenced by MiChargeCommitment(), MiCheckControlArea(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), MmSecureVirtualMemory(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), and NtLockVirtualMemory().

#define Mi4KStartForSubsection (  address, subsection   )

Value: subsection->StartingSector = ((PLARGE_INTEGER)address)->LowPart; \ subsection->u.SubsectionFlags.StartingSector4132 = \ (((PLARGE_INTEGER)(address))->HighPart & 0x3ff); Definition at line 2161 of file mi.h. Referenced by MiCreateDataFileMap(), and MmExtendSection().

#define Mi4KStartFromSubsection (  address, subsection   )

Value: ((PLARGE_INTEGER)address)->LowPart = subsection->StartingSector; \ ((PLARGE_INTEGER)address)->HighPart = subsection->u.SubsectionFlags.StartingSector4132; Definition at line 2190 of file mi.h. Referenced by MiEndingOffset(), MiStartingOffset(), and MmExtendSection().

#define MI_64K_ALIGN (  VA   )     ((PVOID)((ULONG_PTR)(VA) & ~((LONG)X64K - 1)))

Definition at line 360 of file mi.h. Referenced by MiInsertInSystemSpace(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), and NtAllocateVirtualMemory().

#define MI_ADD_LOCKED_PAGE_CHARGE (  Pfn, CallerId   )

Value: ASSERT (Pfn->u3.e2.ReferenceCount != 0); \ if (Pfn->u3.e2.ReferenceCount == 1) { \ if (Pfn->u2.ShareCount != 0) { \ ASSERT (Pfn->u3.e1.PageLocation == ActiveAndValid); \ MI_MARK_PFN_AS_LOCK_CHARGED(Pfn, CallerId); \ MmSystemLockPagesCount += 1; \ } \ else { \ ASSERT (Pfn->u3.e1.LockCharged == 1); \ } \ } Definition at line 1417 of file mi.h. Referenced by MiFlushSectionInternal(), MiLockCode(), MiLockPagedAddress(), MiSetSystemCodeProtection(), MmAccessFault(), MmCopyToCachedPage(), and MmProbeAndLockPages().

#define MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE (  Pfn, CallerId   )

Value: ASSERT (Pfn->u3.e1.PageLocation != ActiveAndValid); \ ASSERT (Pfn->u2.ShareCount == 0); \ if (Pfn->u3.e2.ReferenceCount == 0) { \ MI_MARK_PFN_AS_LOCK_CHARGED(Pfn, CallerId); \ MmSystemLockPagesCount += 1; \ } Definition at line 1430 of file mi.h. Referenced by MiCleanSection(), MiFlushSectionInternal(), MiGatherMappedPages(), MiGatherPagefilePages(), MiInitializeReadInProgressPfn(), MiResolveTransitionFault(), MmCopyToCachedPage(), and MmShutdownSystem().

#define MI_ADD_LOCKED_PAGE_CHARGE_FOR_TRANSITION_PAGE (  Pfn, CallerId   )

Value: ASSERT (Pfn->u3.e1.PageLocation == ActiveAndValid); \ ASSERT (Pfn->u2.ShareCount == 0); \ ASSERT (Pfn->u3.e2.ReferenceCount != 0); \ if (Pfn->u3.e2.ReferenceCount == 1) { \ MI_MARK_PFN_AS_LOCK_CHARGED(Pfn, CallerId); \ MmSystemLockPagesCount += 1; \ } Definition at line 1438 of file mi.h.

#define MI_ALIGN_TO_SIZE (  VA, ALIGNMENT   )     ((PVOID)((ULONG_PTR)(VA) & ~((ULONG_PTR) ALIGNMENT - 1)))

Definition at line 389 of file mi.h. Referenced by MiFindEmptyAddressRangeDownTree(), and MiMapViewOfDataSection().

#define MI_BACKGROUND_CLAIM_AVAILABLE_SHIFT   1

Definition at line 1704 of file mi.h. Referenced by MiDetermineWsTrimAmount(), and MiDoReplacement().

#define MI_CALC_NEXT_ESTIMATION_SLOT_CONST (  NextEstimationSlotConst, WorkingSetList   )     (NextEstimationSlotConst).Stride = 1 << MiEstimationShift;

Definition at line 1752 of file mi.h.

#define MI_CALCULATE_USAGE_ESTIMATE (  SampledAgeCounts   )

Value: (((SampledAgeCounts)[1] + \ (SampledAgeCounts)[2] + (SampledAgeCounts)[3]) \ << MiEstimationShift) Definition at line 1839 of file mi.h.

#define MI_CAPTURE_USED_PAGETABLE_ENTRIES (  PFN   )

Definition at line 1348 of file mi.h. Referenced by MiRestoreTransitionPte().

#define MI_CHECK_BIT (  ARRAY, BIT   )     (((ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] >> ((BIT) & 0x1F)) & 1)

Definition at line 1157 of file mi.h. Referenced by MiInsertVad(), and MiReturnPageTablePageCommitment().

#define MI_CLEAR_BIT (  ARRAY, BIT   )     (ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] &= ~(1 << ((BIT) & 0x1F))

Definition at line 1215 of file mi.h. Referenced by MiReturnPageTablePageCommitment().

#define MI_CONVERT_FROM_PTE_PROTECTION (  PROTECTION_MASK   )     (MmProtectToValue[PROTECTION_MASK])

Definition at line 274 of file mi.h. Referenced by MiGetPageProtection(), MiProtectVirtualMemory(), MiQueryAddressState(), MiSetProtectionOnSection(), and NtQueryVirtualMemory().

#define MI_DECREMENT_USED_PTES_BY_HANDLE (  PDSHORT   )

Value: ((*(PUSHORT)(PDSHORT)) -= 1); \ ASSERT (((*(PUSHORT)(PDSHORT)) < PTE_PER_PAGE)) Definition at line 1362 of file mi.h. Referenced by MiDeletePageTablesForPhysicalRange(), MiDeleteVirtualAddresses(), MiRemoveMappedView(), and MiUnmapLockedPagesInUserSpace().

#define MI_EXTEND_ANY_PAGEFILE   ((ULONG)-1)

Definition at line 2219 of file mi.h. Referenced by MiChargeCommitment(), MiExtendPagingFiles(), and MmInitSystem().

#define MI_FILESYSTEM_NONPAGED_POOL_CHARGE   150

Definition at line 4971 of file mi.h.

#define MI_FILESYSTEM_PAGED_POOL_CHARGE   1024

Definition at line 4973 of file mi.h.

#define MI_FLUSH_SESSION_TB (  OLDIRQL   )

Value: KeRaiseIrql (DISPATCH_LEVEL, &OLDIRQL); \ KeFlushEntireTb (TRUE, TRUE); \ KeLowerIrql (OLDIRQL); Definition at line 5617 of file mi.h. Referenced by MiDereferenceSession(), and MiDetachSession().

#define MI_FOREGROUND_CLAIM_AVAILABLE_SHIFT   3

Definition at line 1698 of file mi.h. Referenced by MiDetermineWsTrimAmount(), and MiDoReplacement().

#define MI_FREED_SPECIAL_POOL_SIGNATURE   0x98764321

Definition at line 4225 of file mi.h. Referenced by MmFreeSpecialPool().

#define MI_GET_DIRECTORY_FRAME_FROM_PROCESS (  _Process   )     MI_GET_PAGE_FRAME_FROM_PTE((PMMPTE)(&((_Process)->Pcb.DirectoryTableBase[0])))

Definition at line 5898 of file mi.h. Referenced by MiSessionInSwapProcess(), MiSessionOutSwapProcess(), and MmDeleteProcessAddressSpace().

#define MI_GET_PROTECTION_FROM_VAD (  _Vad   )     ((ULONG)(_Vad)->u.VadFlags.Protection)

Definition at line 2423 of file mi.h. Referenced by MiCheckVirtualAddress().

#define MI_GET_PROTECTION_FROM_WSLE (  Wsl   )     ((Wsl)->u1.e1.Protection)

Definition at line 1589 of file mi.h. Referenced by MiCloneProcessAddressSpace(), and MiEliminateWorkingSetEntry().

#define MI_GET_USED_PTES_FROM_HANDLE (  PDSHORT   )     ((ULONG)(*(PUSHORT)(PDSHORT)))

Definition at line 1357 of file mi.h. Referenced by MiDeletePageTablesForPhysicalRange(), MiDeleteVirtualAddresses(), MiMapViewOfPhysicalSection(), MiRemoveMappedView(), and MiUnmapLockedPagesInUserSpace().

#define MI_GET_USED_PTES_HANDLE (  VA   )     ((PVOID)&MmWorkingSetList->UsedPageTableEntries[MiGetPpePdeOffset(VA)])

Definition at line 1355 of file mi.h. Referenced by MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiDeletePageTablesForPhysicalRange(), MiDeleteVirtualAddresses(), MiMapLockedPagesInUserSpace(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiRemoveMappedView(), MiSetProtectionOnSection(), MiUnmapLockedPagesInUserSpace(), MmAccessFault(), and NtAllocateVirtualMemory().

#define MI_GET_WSLE_AGE (  PointerPte, Wsle   )     ((Wsle)->u1.e1.Age)

Definition at line 1892 of file mi.h. Referenced by MiTrimWorkingSet().

#define MI_IMMEDIATE_REPLACEMENT_AGE   2

Definition at line 1675 of file mi.h.

#define MI_INC_WSLE_AGE (  PointerPte, Wsle   )

Value: if ((Wsle)->u1.e1.Age < 3) { \ (Wsle)->u1.e1.Age += 1; \ } Definition at line 1919 of file mi.h.

#define MI_INCREMENT_USED_PTES_BY_HANDLE (  PDSHORT   )

Value: ((*(PUSHORT)(PDSHORT)) += 1); \ ASSERT (((*(PUSHORT)(PDSHORT)) <= PTE_PER_PAGE)) Definition at line 1359 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiMapLockedPagesInUserSpace(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), MmAccessFault(), and NtAllocateVirtualMemory().

#define MI_INITIALIZE_ZERO_MDL (  MDL   )

Value: { \ MDL->Next = (PMDL) NULL; \ MDL->MdlFlags = 0; \ MDL->StartVa = NULL; \ MDL->ByteOffset = 0; \ MDL->ByteCount = 0; \ } Definition at line 2510 of file mi.h. Referenced by MiCleanSection(), and MiFlushSectionInternal().

#define MI_INSERT_USED_PAGETABLE_ENTRIES_IN_PFN (  PFN, INPAGE_SUPPORT   )

Definition at line 1353 of file mi.h. Referenced by MiWaitForInPageComplete().

#define MI_IS_PTE_PROTECTION_COPY_WRITE (  PROTECTION_MASK   )     (((PROTECTION_MASK) & MM_COPY_ON_WRITE_MASK) == MM_COPY_ON_WRITE_MASK)

Definition at line 280 of file mi.h. Referenced by MiMapViewOfDataSection(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

#define MI_IS_SESSION_ADDRESS (  _VirtualAddress   )     (MiHydra == TRUE && (PVOID)(_VirtualAddress) >= (PVOID)MmSessionBase && (PVOID)(_VirtualAddress) < (PVOID)(MI_SESSION_SPACE_END))

Definition at line 5293 of file mi.h. Referenced by MiAddValidPageToWorkingSet(), MiCheckPdeForPagedPool(), MiCheckPdeForSessionSpace(), MiCheckVirtualAddress(), MiDispatchFault(), MiFreeWsle(), MiLoadSystemImage(), MiSetSystemCodeProtection(), MiUpdateWsle(), MiWriteProtectSystemImage(), MmAccessFault(), MmFlushVirtualMemory(), MmFreeDriverInitialization(), and MmIsHydraAddress().

#define MI_IS_SESSION_IMAGE_ADDRESS (  VirtualAddress   )     (MiHydra == TRUE && (PVOID)(VirtualAddress) >= (PVOID)MI_SESSION_IMAGE_START && (PVOID)(VirtualAddress) < (PVOID)(MI_SESSION_IMAGE_START + MI_SESSION_IMAGE_SIZE))

Definition at line 5287 of file mi.h. Referenced by MiCompleteProtoPteFault(), MiEliminateWorkingSetEntry(), MiLockCode(), MiMakeSystemAddressValidPfnSystemWs(), MmAccessFault(), MmPageEntireDriver(), and MmUnloadSystemImage().

#define MI_IS_SESSION_POOL_ADDRESS (  VirtualAddress   )     (MiHydra == TRUE && (PVOID)(VirtualAddress) >= (PVOID)MI_SESSION_POOL && (PVOID)(VirtualAddress) < (PVOID)(MI_SESSION_POOL + MI_SESSION_POOL_SIZE))

Definition at line 5290 of file mi.h. Referenced by MiFreePoolPages(), MiSessionPoolAllocated(), MiSessionPoolFreed(), and MmDeterminePoolType().

#define MI_IS_SESSION_PTE (  _Pte   )     (MiHydra == TRUE && (PMMPTE)(_Pte) >= MiSessionBasePte && (PMMPTE)(_Pte) < MiSessionLastPte)

Definition at line 5296 of file mi.h. Referenced by MiAddValidPageToWorkingSet(), MiCheckPdeForPagedPool(), MiCheckPdeForSessionSpace(), MiDetermineUserGlobalPteMask(), MiEnablePagingOfDriverAtInit(), and MiRestoreTransitionPte().

#define MI_IS_WS_UNSAFE (  PROCESS   )     ((PROCESS)->WorkingSetLock.OldIrql == MI_MUTEX_ACQUIRED_UNSAFE)

Definition at line 1037 of file mi.h.

#define MI_MAGIC_AWE_PTEFRAME   0xffffedcb

Definition at line 1219 of file mi.h. Referenced by MiDispatchFault(), MiFreePoolPages(), MiRemoveAnyPage(), MiRemovePhysicalPages(), MiRemoveZeroPage(), MiWaitForInPageComplete(), MmAllocatePagesForMdl(), MmCopyToCachedPage(), and MmFreePagesFromMdl().

#define MI_MAKE_PROTECT_NOT_WRITE_COPY (  PROTECT   )     (MmMakeProtectNotWriteCopy[PROTECT])

Definition at line 775 of file mi.h. Referenced by MiCopyOnWrite(), and MiInitializeCopyOnWritePfn().

#define MI_MARK_PFN_AS_LOCK_CHARGED (  Pfn, CallerId   )

Definition at line 1391 of file mi.h.

#define MI_MASK_TO_PTE (  PROTECTION_MASK   )     MmProtectToPteMask[PROTECTION_MASK]

Definition at line 277 of file mi.h.

#define MI_MAX_FREE_LIST_HEADS   4

Definition at line 4688 of file mi.h. Referenced by MiAllocatePoolPages(), MiFindContiguousMemory(), MiFreePoolPages(), MiInitializeNonPagedPool(), and MmSetKernelDumpRange().

#define MI_MAX_TRIM_PASSES   4

Definition at line 1681 of file mi.h. Referenced by MiCheckSystemTrimEndCriteria().

#define MI_MAXIMUM_SECTION_SIZE   ((UINT64)16*1024*1024*1024*1024*1024 - (1<<MM4K_SHIFT))

Definition at line 2127 of file mi.h. Referenced by MiCreateDataFileMap(), and MmExtendSection().

#define MI_MUST_BE_SAFE (  PROCESS   )

Value: ASSERT (MI_WS_OWNER(PROCESS)); \ ASSERT (!MI_IS_WS_UNSAFE(PROCESS)); Definition at line 1055 of file mi.h.

#define MI_MUST_BE_UNSAFE (  PROCESS   )

Value: ASSERT (KeGetCurrentIrql() == APC_LEVEL); \ ASSERT (MI_WS_OWNER(PROCESS)); \ ASSERT (MI_IS_WS_UNSAFE(PROCESS)); Definition at line 1050 of file mi.h.

#define MI_MUTEX_ACQUIRED_UNSAFE   0x88

Definition at line 1035 of file mi.h.

#define MI_NEXT_VALID_AGING_SLOT (  Previous, Minimum, Maximum, Wsle   )

Value: ASSERT(((Previous) >= Minimum) && ((Previous) <= Maximum)); \ do { \ (Previous) += 1; \ if ((Previous) > Maximum) { \ Previous = Minimum; \ } \ } while ((Wsle[Previous].u1.e1.Valid == 0)); Definition at line 1806 of file mi.h.

#define MI_NEXT_VALID_ESTIMATION_SLOT (  Previous, StartEntry, Minimum, Maximum, NextEstimationSlotConst, Wsle   )

Value: ASSERT(((Previous) >= Minimum) && ((Previous) <= Maximum)); \ ASSERT(((StartEntry) >= Minimum) && ((StartEntry) <= Maximum)); \ do { \ (Previous) += (NextEstimationSlotConst).Stride; \ if ((Previous) > Maximum) { \ (Previous) = Minimum + ((Previous + 1) & (NextEstimationSlotConst.Stride - 1)); \ StartEntry += 1; \ (Previous) = StartEntry; \ } \ if ((Previous) > Maximum || (Previous) < Minimum) { \ StartEntry = Minimum; \ (Previous) = StartEntry; \ } \ } while (Wsle[Previous].u1.e1.Valid == 0); Definition at line 1755 of file mi.h.

#define MI_NONPAGABLE_MEMORY_AVAILABLE (   )

Value: ((SPFN_NUMBER) \ (MmResidentAvailablePages - \ MmTotalFreeSystemPtes[NonPagedPoolExpansion] - \ (MiSpecialPagesNonPagedMaximum - MiSpecialPagesNonPaged) - \ MmSystemLockPagesCount)) Definition at line 4360 of file mi.h. Referenced by MiCreatePageTablesForPhysicalRange(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmAdjustWorkingSetSize(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmProbeAndLockPages(), and MmRemovePhysicalMemory().

#define MI_NOT_WS_OWNER (  PROCESS   )     1

Definition at line 1032 of file mi.h.

#define MI_PASS0_TRIM_AGE   2

Definition at line 1682 of file mi.h. Referenced by MiDetermineWsTrimAmount(), and MiDoReplacement().

#define MI_PASS1_TRIM_AGE   1

Definition at line 1683 of file mi.h. Referenced by MiDetermineWsTrimAmount().

#define MI_PASS2_TRIM_AGE   1

Definition at line 1684 of file mi.h. Referenced by MiDetermineWsTrimAmount().

#define MI_PASS3_TRIM_AGE   1

Definition at line 1685 of file mi.h. Referenced by MiDetermineWsTrimAmount().

#define MI_PASS4_TRIM_AGE   0

Definition at line 1686 of file mi.h. Referenced by MiDetermineWsTrimAmount(), and MiDoReplacement().

#define MI_PFN_ELEMENT (  index   )     (&MmPfnDatabase[index])

Definition at line 769 of file mi.h. Referenced by ExFreePool(), MiAccessCheck(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiBuildForkPageTable(), MiBuildPagedPool(), MiCheckForCrashDump(), MiCheckProtoPtePageState(), MiCleanPhysicalProcessPages(), MiCleanSection(), MiCloneProcessAddressSpace(), MiCompleteProtoPteFault(), MiCopyOnWrite(), MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDecrementReferenceCount(), MiDecrementShareCount(), MiDeleteAddressesInWorkingSet(), MiDeletePageTablesForPhysicalRange(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDeleteValidAddress(), MiDereferenceSession(), MiDispatchFault(), MiEmptyWorkingSet(), MiEnablePagingOfDriverAtInit(), MiEnsureAvailablePageOrWait(), MiFindContiguousMemory(), MiFlushDirtyBitsToPfn(), MiFlushSectionInternal(), MiFreeInitializationCode(), MiFreeNonPagedPool(), MiFreePoolPages(), MiFreeWsle(), MiGatherMappedPages(), MiGatherPagefilePages(), MiGetPageForHeader(), MiGetPageProtection(), MiGetSubsectionAndProtoFromPte(), MiGetWorkingSetInfo(), MiHandleForkTransitionPte(), MiInitializeCopyOnWritePfn(), MiInitializePfn(), MiInitializePfnForOtherProcess(), MiInitializeReadInProgressPfn(), MiInitializeSessionPool(), MiInitializeTransitionPfn(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiInsertFrontModifiedNoWrite(), MiInsertPageInList(), MiInsertStandbyListAtFront(), MiLoadImageSection(), MiLockCode(), MiLockPagedAddress(), MiMakeOutswappedPageResident(), MiMakeSpecialPoolPagable(), MiMapLockedPagesInUserSpace(), MiMapPageInHyperSpace(), MiMapViewOfPhysicalSection(), MiModifiedPageWriterWorker(), MiProcessValidPteList(), MiProtectSpecialPool(), MiProtectVirtualMemory(), MiPurgeImageSection(), MiReloadBootLoadedDrivers(), MiRemoveAnyPage(), MiRemoveMappedPtes(), MiRemovePageByColor(), MiRemovePageFromList(), MiRemovePageFromWorkingSet(), MiRemovePhysicalPages(), MiRemoveUserPhysicalPagesVad(), MiRemoveWorkingSetPages(), MiRemoveZeroPage(), MiResetVirtualMemory(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiResolveProtoPteFault(), MiResolveTransitionFault(), MiRestoreTransitionPte(), MiSegmentDelete(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionDeletePde(), MiSessionInitializeWorkingSetList(), MiSetDirtyBit(), MiSetPageModified(), MiSetPagingOfDriver(), MiSetProtectionOnSection(), MiSetProtectionOnTransitionPte(), MiSetSystemCodeProtection(), MiSwapWslEntries(), MiUnlinkFreeOrZeroedPage(), MiUnlinkPageFromList(), MiUnlockPagedAddress(), MiUpPfnReferenceCount(), MiWaitForInPageComplete(), MiWriteComplete(), MmAccessFault(), MmAddPhysicalMemory(), MmAllocatePagesForMdl(), MmCheckCachedPageState(), MmCleanProcessAddressSpace(), MmCopyToCachedPage(), MmCreateProcessAddressSpace(), MmDbgTranslatePhysicalAddress(), MmDbgTranslatePhysicalAddress64(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeLoaderBlock(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmFreeSpecialPool(), MmGatherMemoryForHibernate(), MmGetVirtualForPhysical(), MmInitSystem(), MmInSwapProcess(), MmMapLockedPagesSpecifyCache(), MmOutPageKernelStack(), MmOutSwapProcess(), MmProbeAndLockPages(), MmPurgeSection(), MmRemovePhysicalMemory(), MmSetAddressRangeModified(), MmShutdownSystem(), MmTrimAllSystemPagableMemory(), MmUnlockCachedPage(), MmUnlockPagableImageSection(), MmUnlockPagedPool(), MmUnlockPages(), MmUnmapLockedPages(), MmUnmapViewInSystemCache(), MmZeroPageThread(), NtAllocateUserPhysicalPages(), NtFreeUserPhysicalPages(), NtLockVirtualMemory(), NtMapUserPhysicalPages(), NtMapUserPhysicalPagesScatter(), and NtUnlockVirtualMemory().

#define MI_PFN_IS_AWE (  Pfn1   )

Value: ((Pfn1->u2.ShareCount <= 3) && \ (Pfn1->u3.e1.PageLocation == ActiveAndValid) && \ (Pfn1->u3.e1.VerifierAllocation == 0) && \ (Pfn1->u3.e1.LargeSessionAllocation == 0) && \ (Pfn1->u3.e1.StartOfAllocation == 1) && \ (Pfn1->u3.e1.EndOfAllocation == 1) && \ (Pfn1->PteFrame == MI_MAGIC_AWE_PTEFRAME)) Definition at line 1221 of file mi.h. Referenced by MiCleanPhysicalProcessPages(), MiRemoveUserPhysicalPagesVad(), MmFreePagesFromMdl(), NtAllocateUserPhysicalPages(), NtFreeUserPhysicalPages(), NtMapUserPhysicalPages(), and NtMapUserPhysicalPagesScatter().

#define MI_PHYSICAL_VIEW_KEY   'vpmM'

Definition at line 2433 of file mi.h. Referenced by MiMapLockedPagesInUserSpace(), MiMapViewOfPhysicalSection(), and NtAllocateVirtualMemory().

#define MI_REMOVE_LOCKED_PAGE_CHARGE (  Pfn, CallerId   )

Definition at line 1470 of file mi.h. Referenced by MiCleanSection(), MiDispatchFault(), MiFlushSectionInternal(), MiLockCode(), MiResolveTransitionFault(), MiSetSystemCodeProtection(), MiUnlockPagedAddress(), MiWriteComplete(), MmAccessFault(), MmCopyToCachedPage(), MmShutdownSystem(), MmUnlockCachedPage(), MmUnlockPagableImageSection(), MmUnlockPagedPool(), and MmUnlockPages().

#define MI_REPLACEMENT_CLAIM_THRESHOLD_SHIFT   3

Definition at line 1661 of file mi.h.

#define MI_REPLACEMENT_EAVAIL_THRESHOLD_SHIFT   3

Definition at line 1668 of file mi.h.

#define MI_REPLACEMENT_FREE_GROWTH_SHIFT   5

Definition at line 1654 of file mi.h.

#define MI_RESET_WSLE_AGE (  PointerPte, Wsle   )     (Wsle)->u1.e1.Age = 0;

Definition at line 1867 of file mi.h.

#define MI_RETRIEVE_USED_PAGETABLE_ENTRIES_FROM_PTE (  RBL, PTE   )

Definition at line 1349 of file mi.h. Referenced by MiResolvePageFileFault().

#define MI_ROUND_TO_64K (  LENGTH   )     (((LENGTH) + X64K - 1) & ~(X64K - 1))

Definition at line 306 of file mi.h.

#define MI_ROUND_TO_SIZE (  LENGTH, ALIGNMENT   )     (((LENGTH) + ((ALIGNMENT) - 1)) & ~((ALIGNMENT) - 1))

Definition at line 334 of file mi.h. Referenced by MiCreateImageFileMap(), MiFindEmptyAddressRange(), MiFindEmptyAddressRangeDownTree(), MiFindEmptyAddressRangeInTree(), MiGetWritablePagesInSection(), MiSessionWideInsertImageAddress(), MiSessionWideReserveImageAddress(), and VeAllocatePoolWithTagPriority().

#define MI_SESSION_DATA_OFFSET   (8*1024*1024)

Definition at line 5258 of file mi.h.

#define MI_SESSION_IMAGE_OFFSET   (0)

Definition at line 5256 of file mi.h.

#define MI_SESSION_IMAGE_SIZE   (8*1024*1024)

Definition at line 5221 of file mi.h. Referenced by MiDereferenceSession(), MiSessionWideReserveImageAddress(), and MmInitSystem().

#define MI_SESSION_IMAGE_START   ((ULONG_PTR)MmSessionBase)

Definition at line 5272 of file mi.h. Referenced by MiDereferenceSession(), and MiSessionWideReserveImageAddress().

#define MI_SESSION_MAXIMUM_WORKING_SET   ((ULONG)(MI_SESSION_SPACE_TOTAL_SIZE >> PAGE_SHIFT))

Definition at line 5241 of file mi.h. Referenced by MiDoReplacement(), and MiSessionInitializeWorkingSetList().

#define MI_SESSION_POOL   (MmSessionBase + MI_SESSION_POOL_OFFSET)

Definition at line 5278 of file mi.h. Referenced by MiInitializeSessionPool(), and MiSessionCreateInternal().

#define MI_SESSION_POOL_OFFSET   (32*1024*1024)

Definition at line 5264 of file mi.h.

#define MI_SESSION_POOL_SIZE   (16*1024*1024)

Definition at line 5225 of file mi.h. Referenced by MiInitializeSessionPool(), and MmResourcesAvailable().

#define MI_SESSION_SPACE_END

Value: ((ULONG_PTR)MmSessionBase + \ MI_SESSION_SPACE_TOTAL_SIZE) Definition at line 5280 of file mi.h. Referenced by MiAttachSession(), MiDereferenceSession(), MiDetachSession(), MiInitMachineDependent(), MiSessionCommitPageTables(), MmInitSystem(), and MmSessionCreate().

#define MI_SESSION_SPACE_PAGE_TABLES   (MI_SESSION_SPACE_TOTAL_SIZE / MM_VA_MAPPED_BY_PDE)

Definition at line 5248 of file mi.h. Referenced by MiAttachSession(), MiDereferenceSession(), MiDetachSession(), and MiSessionCommitPageTables().

#define MI_SESSION_SPACE_STRUCT_SIZE   MM_ALLOCATION_GRANULARITY

Definition at line 5217 of file mi.h.

#define MI_SESSION_SPACE_TOTAL_SIZE

Value: (MI_SESSION_IMAGE_SIZE + \ MI_SESSION_SPACE_STRUCT_SIZE + \ MI_SESSION_SPACE_WS_SIZE + \ MI_SESSION_VIEW_SIZE + \ MI_SESSION_POOL_SIZE) Definition at line 5229 of file mi.h. Referenced by MmInitSystem().

#define MI_SESSION_SPACE_WORKING_SET_MAXIMUM   384

Definition at line 5644 of file mi.h. Referenced by MiSessionInitializeWorkingSetList().

#define MI_SESSION_SPACE_WORKING_SET_MINIMUM   20

Definition at line 5642 of file mi.h. Referenced by MiDereferenceSession(), MiSessionCreateInternal(), and MiSessionInitializeWorkingSetList().

#define MI_SESSION_SPACE_WS   (MmSessionBase + MI_SESSION_WS_OFFSET)

Definition at line 5274 of file mi.h. Referenced by MiDereferenceSession(), and MiSessionInitializeWorkingSetList().

#define MI_SESSION_SPACE_WS_SIZE   (4*1024*1024 - MI_SESSION_SPACE_STRUCT_SIZE)

Definition at line 5219 of file mi.h.

#define MI_SESSION_VIEW_OFFSET   (12*1024*1024)

Definition at line 5262 of file mi.h.

#define MI_SESSION_VIEW_SIZE   (20*1024*1024)

Definition at line 5223 of file mi.h. Referenced by MiDereferenceSession(), and MiInitializeSystemSpaceMap().

#define MI_SESSION_VIEW_START   (MmSessionBase + MI_SESSION_VIEW_OFFSET)

Definition at line 5276 of file mi.h. Referenced by MiDereferenceSession(), MiInitializeSystemSpaceMap(), and MiSessionInitializeWorkingSetList().

#define MI_SESSION_WS_OFFSET   (8*1024*1024 + MI_SESSION_SPACE_STRUCT_SIZE)

Definition at line 5260 of file mi.h.

#define MI_SET_BIT (  ARRAY, BIT   )     (ULONG)ARRAY[(BIT) / (sizeof(ULONG)*8)] |= (1 << ((BIT) & 0x1F))

Definition at line 1186 of file mi.h. Referenced by MiInsertVad().

#define MI_SPECIAL_POOL_PAGABLE   0x8000

Definition at line 65 of file mi.h. Referenced by MiAllocateSpecialPool(), MmFreeSpecialPool(), and MmQuerySpecialPoolBlockSize().

#define MI_SPECIAL_POOL_PTE_NONPAGABLE   0x0004

Definition at line 68 of file mi.h. Referenced by MiAllocateSpecialPool(), MiProtectSpecialPool(), MmFreeSpecialPool(), and MmIsSpecialPoolAddressFree().

#define MI_SPECIAL_POOL_PTE_PAGABLE   0x0002

Definition at line 67 of file mi.h. Referenced by MiAllocateSpecialPool(), MiProtectSpecialPool(), MmFreeSpecialPool(), and MmIsSpecialPoolAddressFree().

#define MI_SPECIAL_POOL_VERIFIER   0x4000

Definition at line 66 of file mi.h. Referenced by MiAllocateSpecialPool(), MmFreeSpecialPool(), MmQuerySpecialPoolBlockSize(), and ViPostPoolAllocation().

#define MI_STACK_BYTES   1024

Definition at line 4227 of file mi.h. Referenced by MmFreeSpecialPool().

#define MI_STARTING_OFFSET (  SUBSECT, PTE   )

Value: (((LONGLONG)((ULONG_PTR)((PTE) - ((SUBSECT)->SubsectionBase))) << PAGE_SHIFT) + \ ((LONGLONG)((SUBSECT)->StartingSector) << MMSECTOR_SHIFT)); Definition at line 417 of file mi.h. Referenced by MiCompleteProtoPteFault(), and MiStartingOffset().

#define MI_SUSPECT_DRIVER_BUFFER_LENGTH   512

Definition at line 4068 of file mi.h.

#define MI_TRIM_AGE_THRESHOLD   2

Definition at line 1692 of file mi.h.

#define MI_UNLOADED_DRIVERS   50

Definition at line 2685 of file mi.h. Referenced by MiRememberUnloadedDriver(), and MmLocateUnloadedDriver().

#define MI_UNMARK_PFN_AS_LOCK_CHARGED (  Pfn, CallerId   )

Definition at line 1392 of file mi.h.

#define MI_UNUSED_SEGMENTS_COUNT_UPDATE (  _count   )     MmUnusedSegmentCount += (_count);

Definition at line 4968 of file mi.h.

#define MI_UNUSED_SEGMENTS_INSERT_CHARGE (  _ControlArea   )

Value: { \ MM_PFN_LOCK_ASSERT(); \ ASSERT (_ControlArea->PagedPoolUsage >= sizeof(SEGMENT)); \ ASSERT (_ControlArea->NonPagedPoolUsage >= sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); \ ASSERT (MiUnusedSegmentNonPagedPoolUsage + _ControlArea->NonPagedPoolUsage > MiUnusedSegmentNonPagedPoolUsage); \ ASSERT (MiUnusedSegmentPagedPoolUsage + _ControlArea->PagedPoolUsage > MiUnusedSegmentPagedPoolUsage); \ MiUnusedSegmentPagedPoolUsage += _ControlArea->PagedPoolUsage; \ MiUnusedSegmentNonPagedPoolUsage += _ControlArea->NonPagedPoolUsage;\ MmUnusedSegmentPagedPoolUsage += (_ControlArea->PagedPoolUsage + MI_FILESYSTEM_PAGED_POOL_CHARGE); \ MmUnusedSegmentNonPagedPoolUsage += (_ControlArea->NonPagedPoolUsage + MI_FILESYSTEM_NONPAGED_POOL_CHARGE);\ MI_UNUSED_SEGMENTS_COUNT_UPDATE(1); \ } Definition at line 5019 of file mi.h. Referenced by MiCheckControlArea(), and MiRemoveUnusedSegments().

#define MI_UNUSED_SEGMENTS_REMOVE_CHARGE (  _ControlArea   )

Value: { \ MM_PFN_LOCK_ASSERT(); \ ASSERT (_ControlArea->PagedPoolUsage >= sizeof(SEGMENT)); \ ASSERT (_ControlArea->NonPagedPoolUsage >= sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); \ ASSERT (MmUnusedSegmentNonPagedPoolUsage - _ControlArea->NonPagedPoolUsage < MmUnusedSegmentNonPagedPoolUsage); \ ASSERT (MmUnusedSegmentPagedPoolUsage - _ControlArea->PagedPoolUsage < MmUnusedSegmentPagedPoolUsage); \ MiUnusedSegmentPagedPoolUsage -= _ControlArea->PagedPoolUsage; \ MiUnusedSegmentNonPagedPoolUsage -= _ControlArea->NonPagedPoolUsage;\ MmUnusedSegmentPagedPoolUsage -= (_ControlArea->PagedPoolUsage + MI_FILESYSTEM_PAGED_POOL_CHARGE); \ MmUnusedSegmentNonPagedPoolUsage -= (_ControlArea->NonPagedPoolUsage + MI_FILESYSTEM_NONPAGED_POOL_CHARGE);\ MI_UNUSED_SEGMENTS_COUNT_UPDATE(-1); \ } Definition at line 5053 of file mi.h. Referenced by MiCheckForControlAreaDeletion(), MiRemoveUnusedSegments(), MiSegmentDelete(), and MmCreateSection().

#define MI_UNUSED_SEGMENTS_SURPLUS (   )

Value: (MmUnusedSegmentPagedPoolUsage > MmMaxUnusedSegmentPagedPoolUsage) || \ (MmUnusedSegmentNonPagedPoolUsage > MmMaxUnusedSegmentNonPagedPoolUsage) Definition at line 4995 of file mi.h. Referenced by MiAllocatePoolPages(), and MmResourcesAvailable().

#define MI_UPDATE_USE_ESTIMATE (  PointerPte, Wsle, SampledAgeCounts   )     (SampledAgeCounts)[(Wsle)->u1.e1.Age] += 1;

Definition at line 1951 of file mi.h.

#define MI_USE_AGE_COUNT   4

Definition at line 1646 of file mi.h.

#define MI_USE_AGE_MAX   (MI_USE_AGE_COUNT - 1)

Definition at line 1647 of file mi.h.

#define MI_VA_TO_PAGE (  va   )     ((ULONG_PTR)(va) >> PAGE_SHIFT)

Definition at line 759 of file mi.h.

#define MI_VA_TO_VPN (  va   )     ((ULONG_PTR)(va) >> PAGE_SHIFT)

Definition at line 761 of file mi.h. Referenced by MiAllocateVad(), MiCheckVirtualAddress(), MiCreatePebOrTeb(), MiDeleteVirtualAddresses(), MiFindEmptyAddressRangeDownTree(), MiFindEmptyAddressRangeInTree(), MiInsertVad(), MiLocateAddress(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiQueryAddressState(), MiResetVirtualMemory(), MiSetProtectionOnSection(), MmCleanProcessAddressSpace(), MmDeleteTeb(), MmFlushVirtualMemory(), MmMapUserAddressesToPage(), MmSecureVirtualMemory(), MmSetBankedSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), and NtQueryVirtualMemory().

#define MI_VERIFIER_ENTRY_SIGNATURE   0x98761940

Definition at line 4097 of file mi.h. Referenced by VerifierFreeTrackedPool(), and ViInitializeEntry().

#define MI_VPN_TO_VA (  vpn   )     (PVOID)((vpn) << PAGE_SHIFT)

Definition at line 763 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiDecommitPages(), MiFindEmptyAddressRange(), MiFindEmptyAddressRangeDownTree(), MiFindEmptyAddressRangeInTree(), MiInsertVad(), MiMapViewOfImageSection(), MiRemoveMappedView(), MiRemoveUserPhysicalPagesVad(), MiReturnPageTablePageCommitment(), MmCleanProcessAddressSpace(), MmMapUserAddressesToPage(), MmSetBankedSection(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), NtLockVirtualMemory(), NtQueryVirtualMemory(), and NtUnlockVirtualMemory().

#define MI_VPN_TO_VA_ENDING (  vpn   )     (PVOID)(((vpn) << PAGE_SHIFT) | (PAGE_SIZE - 1))

Definition at line 765 of file mi.h. Referenced by MiCreatePebOrTeb(), MiFindEmptyAddressRange(), MiFindEmptyAddressRangeDownTree(), MiFindEmptyAddressRangeInTree(), MiRemoveMappedView(), MiRemoveUserPhysicalPagesVad(), MmCleanProcessAddressSpace(), MmFlushVirtualMemory(), MmMapUserAddressesToPage(), MmUnmapViewOfSection(), NtFreeVirtualMemory(), and NtQueryVirtualMemory().

#define MI_WRITEWATCH_VIEW_KEY   'wWmM'

Definition at line 2434 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MI_WS_GROWING_TOO_FAST (  VmSupport   )

Value: ((VmSupport)->GrowthSinceLastEstimate > \ (((MI_CLAIM_INCR * (MmAvailablePages*MmAvailablePages)) / (64*64)) + 1)) Definition at line 1977 of file mi.h. Referenced by MiDoReplacement().

#define MI_WS_OWNER (  PROCESS   )     1

Definition at line 1031 of file mi.h.

#define MI_WSLE_HASH (  Address, Wsl   )

Value: ((WSLE_NUMBER)(((ULONG_PTR)PAGE_ALIGN(Address) >> (PAGE_SHIFT - 2)) % \ ((Wsl)->HashTableSize - 1))) Definition at line 1559 of file mi.h. Referenced by MiGrowWsleHash(), MiInsertWsle(), MiLocateWsle(), MiLookupWsleHashIndex(), and MiRemoveWsle().

#define MI_ZERO_USED_PAGETABLE_ENTRIES_IN_INPAGE_SUPPORT (  INPAGE_SUPPORT   )

Definition at line 1350 of file mi.h. Referenced by MiResolveMappedFileFault().

#define MI_ZERO_USED_PAGETABLE_ENTRIES_IN_PFN (  PFN   )

Definition at line 1351 of file mi.h. Referenced by MiWaitForInPageComplete().

#define MI_ZERO_WSINDEX (  Pfn   )     Pfn->u1.Event = NULL;

Definition at line 1521 of file mi.h. Referenced by MiEliminateWorkingSetEntry(), MiEnablePagingOfDriverAtInit(), MiLockCode(), and MiUpdateWsle().

#define MiCheckForConflictingClone (  START, END   )

Value: ((PMMCLONE_DESCRIPTOR)(MiCheckForConflictingNode(START,END, \ (PMMADDRESS_NODE)(PsGetCurrentProcess()->CloneRoot)))) Definition at line 747 of file mi.h.

#define MiCheckForConflictingVad (  StartingAddress, EndingAddress   )

Value: ((PMMVAD)MiCheckForConflictingNode( \ MI_VA_TO_VPN(StartingAddress), \ MI_VA_TO_VPN(EndingAddress), \ (PMMADDRESS_NODE)(PsGetCurrentProcess()->VadRoot))) Definition at line 556 of file mi.h. Referenced by MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MmInitializeProcessAddressSpace(), and NtAllocateVirtualMemory().

#define MiCreateBitMap (  BMH, S, P   )

Value: { \ ULONG _S; \ _S = sizeof(RTL_BITMAP) + (ULONG)((((S) + 31) / 32) * 4); \ *(BMH) = (PRTL_BITMAP)ExAllocatePoolWithTag( (P), _S, ' mM'); \ if (*(BMH)) { \ RtlInitializeBitMap( *(BMH), (PULONG)((*(BMH))+1), (ULONG)S); \ } \ } Definition at line 2496 of file mi.h. Referenced by MiBuildPagedPool(), MiInitializeSessionIds(), MiInitializeSessionPool(), MiInitializeSystemSpaceMap(), MiInitMachineDependent(), and NtCreatePagingFile().

#define MiDecrementShareAndValidCount (  P   )     MiDecrementShareCount(P)

Definition at line 2759 of file mi.h. Referenced by MiDeletePte(), MiDeleteSystemPagableVm(), MiDeleteValidAddress(), MiDereferenceSession(), MiEliminateWorkingSetEntry(), MiInitializeSessionPool(), MiLoadImageSection(), MiProcessValidPteList(), MiReloadBootLoadedDrivers(), MiRemoveMappedPtes(), MiRemoveMappedView(), MiSessionCreateInternal(), MiSessionDeletePde(), MiUnmapLockedPagesInUserSpace(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeNonCachedMemory(), MmOutPageKernelStack(), and MmUnmapViewInSystemCache().

#define MiDecrementShareCountOnly (  P   )     MiDecrementShareCount(P)

Definition at line 2757 of file mi.h. Referenced by ExFreePool(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDeleteValidAddress(), MiDereferenceSession(), MiDoneWithThisPageGetAnother(), MiDownShareCountFlushEntireTb(), MiInitializeSessionPool(), MiLoadImageSection(), MiProcessValidPteList(), MiReloadBootLoadedDrivers(), MiSessionCreateInternal(), MiSessionDeletePde(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeLoaderBlock(), MmFreeNonCachedMemory(), and MmOutPageKernelStack().

#define MiFindEmptyAddressRangeDown (  SizeOfRange, HighestAddressToEndAt, Alignment   )

Value: (MiFindEmptyAddressRangeDownTree( \ (SizeOfRange), \ (HighestAddressToEndAt), \ (Alignment), \ (PMMADDRESS_NODE)(PsGetCurrentProcess()->VadRoot))) Definition at line 451 of file mi.h. Referenced by MiCreatePebOrTeb(), MiMapViewOfDataSection(), and NtAllocateVirtualMemory().

#define MiGetByteOffset (  va   )     ((ULONG_PTR)(va) & (PAGE_SIZE - 1))

Definition at line 767 of file mi.h. Referenced by MiDecrementShareCount(), MiInsertPageInList(), MiInsertStandbyListAtFront(), and MiRestoreTransitionPte().

#define MiGetFirstClone (   )     ((PMMCLONE_DESCRIPTOR)MiGetFirstNode((PMMADDRESS_NODE)(PsGetCurrentProcess()->CloneRoot)))

Definition at line 634 of file mi.h. Referenced by MiCloneProcessAddressSpace().

#define MiGetFirstVad (  Process   )     ((PMMVAD)MiGetFirstNode((PMMADDRESS_NODE)(Process->VadRoot)))

Definition at line 526 of file mi.h. Referenced by MiCloneProcessAddressSpace().

#define MiGetNextClone (  CLONE   )     ((PMMCLONE_DESCRIPTOR)MiGetNextNode((PMMADDRESS_NODE)(CLONE)))

Definition at line 583 of file mi.h. Referenced by MiCloneProcessAddressSpace().

#define MiGetNextVad (  VAD   )     ((PMMVAD)MiGetNextNode((PMMADDRESS_NODE)(VAD)))

Definition at line 503 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiFindEmptyAddressRange(), MmUnmapViewOfSection(), NtFreeVirtualMemory(), and NtQueryVirtualMemory().

#define MiGetPdeSessionIndex (  va   )     ((ULONG)(((ULONG_PTR)(va) - (ULONG_PTR)MmSessionBase) >> PDI_SHIFT))

Definition at line 5733 of file mi.h. Referenced by MiCheckPdeForSessionSpace(), MiDereferenceSession(), MiInitializeSessionPool(), MiSessionCommitPageTables(), and MiSessionInitializeWorkingSetList().

#define MiGetPreviousClone (  CLONE   )     ((PMMCLONE_DESCRIPTOR)MiGetPreviousNode((PMMADDRESS_NODE)(CLONE)))

Definition at line 609 of file mi.h.

#define MiGetPreviousVad (  VAD   )     ((PMMVAD)MiGetPreviousNode((PMMADDRESS_NODE)(VAD)))

Definition at line 480 of file mi.h. Referenced by MiRemoveVad(), MmUnmapViewOfSection(), and NtFreeVirtualMemory().

#define MiGetProtoPteAddress (  VAD, VPN   )

Value: ((((((VPN) - (VAD)->StartingVpn) << PTE_SHIFT) + \ (ULONG_PTR)(VAD)->FirstPrototypePte) <= (ULONG_PTR)(VAD)->LastContiguousPte) ? \ ((PMMPTE)(((((VPN) - (VAD)->StartingVpn) << PTE_SHIFT) + \ (ULONG_PTR)(VAD)->FirstPrototypePte))) : \ MiGetProtoPteAddressExtended ((VAD),(VPN))) Definition at line 3696 of file mi.h. Referenced by MiCheckVirtualAddress(), MiDeleteVirtualAddresses(), MiProtectVirtualMemory(), MiQueryAddressState(), MiResetVirtualMemory(), MiSetProtectionOnSection(), MmFlushVirtualMemory(), and NtAllocateVirtualMemory().

#define MiInsertClone (  CLONE   )

Value: { \ ASSERT ((CLONE)->NumberOfPtes != 0); \ MiInsertNode(((PMMADDRESS_NODE)(CLONE)),(PMMADDRESS_NODE *)&(PsGetCurrentProcess()->CloneRoot)); \ } Definition at line 659 of file mi.h. Referenced by MiCloneProcessAddressSpace().

#define MiLocateCloneAddress (  VA   )

Value: (PsGetCurrentProcess()->CloneRoot ? \ ((PMMCLONE_DESCRIPTOR)MiLocateAddressInTree(((ULONG_PTR)VA), \ (PMMADDRESS_NODE *)&(PsGetCurrentProcess()->CloneRoot))) : \ ((PMMCLONE_DESCRIPTOR)NULL)) Definition at line 715 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDeletePte(), and MiDeleteValidAddress().

#define MiLockPfnDatabase (  OldIrql   )     ExAcquireSpinLock(&MmPfnLock, &OldIrql)

Definition at line 810 of file mi.h.

#define MiLockSystemSpace (  OldIrql   )     ExAcquireSpinLock(&MmSystemSpaceLock, &OldIrql)

Definition at line 822 of file mi.h. Referenced by MiReleaseSystemPtes(), MiReserveSystemPtes(), MiReserveSystemPtes2(), MmCleanProcessAddressSpace(), MmCopyVirtualMemory(), MmMapIoSpace(), MmMapLockedPagesSpecifyCache(), MmUnmapIoSpace(), and MmUnmapLockedPages().

#define MiLockSystemSpaceAtDpcLevel (   )     ExAcquireSpinLockAtDpcLevel(&MmSystemSpaceLock)

Definition at line 828 of file mi.h. Referenced by MiFlushPteList().

#define MiMakePpeExistAndMakeValid (  PDE, PROCESS, PFNMUTEXHELD   )

Definition at line 3591 of file mi.h. Referenced by MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiMapLockedPagesInUserSpace(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

#define MiReleasePfnLock (   )     KiReleaseSpinLock(&MmPfnLock)

Definition at line 819 of file mi.h.

#define MiRemoveBitMap (  BMH   )

Value: { \ ExFreePool(*(BMH)); \ *(BMH) = NULL; \ } Definition at line 2505 of file mi.h. Referenced by MiFreeSessionSpaceMap(), MiInitializeSystemSpaceMap(), and NtCreatePagingFile().

#define MiRemoveClone (  CLONE   )     MiRemoveNode((PMMADDRESS_NODE)(CLONE),(PMMADDRESS_NODE *)&(PsGetCurrentProcess()->CloneRoot));

Definition at line 687 of file mi.h. Referenced by MiCloneProcessAddressSpace(), and MiDecrementCloneBlockReference().

#define MiRemoveZeroPageIfAny (  COLOR   )

Value: (MmFreePagesByColor[ZeroedPageList][COLOR].Flink != MM_EMPTY_LIST) ? \ MiRemoveZeroPage(COLOR) : 0 Definition at line 2814 of file mi.h. Referenced by MiInitMachineDependent(), MiResolveDemandZeroFault(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmAccessFault(), and MmCreateProcessAddressSpace().

#define MiTryToLockPfnDatabase (  OldIrql   )     KeTryToAcquireSpinLock(&MmPfnLock, &OldIrql)

Definition at line 816 of file mi.h.

#define MiUnlockPfnDatabase (  OldIrql   )     ExReleaseSpinLock(&MmPfnLock, OldIrql)

Definition at line 813 of file mi.h.

#define MiUnlockSystemSpace (  OldIrql   )     ExReleaseSpinLock(&MmSystemSpaceLock, OldIrql)

Definition at line 825 of file mi.h. Referenced by MiReleaseSystemPtes(), MiReserveSystemPtes(), MiReserveSystemPtes2(), MmCleanProcessAddressSpace(), MmCopyVirtualMemory(), MmMapIoSpace(), MmMapLockedPagesSpecifyCache(), MmUnmapIoSpace(), and MmUnmapLockedPages().

#define MiUnlockSystemSpaceFromDpcLevel (   )     ExReleaseSpinLockFromDpcLevel(&MmSystemSpaceLock)

Definition at line 831 of file mi.h. Referenced by MiFlushPteList().

#define MiUnmapPageInHyperSpace (  OLDIRQL   )     UNLOCK_HYPERSPACE(OLDIRQL)

Definition at line 2922 of file mi.h. Referenced by MiBuildPagedPool(), MiCopyOnWrite(), MiDecrementShareCount(), MiGatherMappedPages(), MiInsertPageInList(), MiInsertStandbyListAtFront(), MiMakeOutswappedPageResident(), MiRestoreTransitionPte(), MiSessionCopyOnWrite(), MiSessionDeletePde(), MiSessionInSwapProcess(), MiSessionOutSwapProcess(), MiWaitForInPageComplete(), MiZeroPhysicalPage(), MmCreateProcessAddressSpace(), MmDeleteProcessAddressSpace(), MmInSwapProcess(), and MmOutSwapProcess().

#define MM4K_MASK   0xfff

Definition at line 107 of file mi.h. Referenced by MiCreateDataFileMap(), and MmExtendSection().

#define MM4K_SHIFT   12

Definition at line 106 of file mi.h. Referenced by MiCreateDataFileMap(), MiEndingOffset(), MiStartingOffset(), and MmExtendSection().

#define MM_ALLOCATION_FILLS_VAD   ((PMMPTE)(ULONG_PTR)~3)

Definition at line 84 of file mi.h. Referenced by MiMapViewOfImageSection().

#define MM_BUMP_COUNTER (  _index, bump   )

Value: if (_index >= MM_BUMP_COUNTER_MAX) { \ DbgPrint("Mm: Invalid bump counter %d %d\n", _index, MM_BUMP_COUNTER_MAX); \ DbgBreakPoint(); \ } \ else { \ MmResTrack[_index] += (bump); \ } Definition at line 4317 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiCreatePageTablesForPhysicalRange(), MiDeletePageTablesForPhysicalRange(), MiDereferenceSession(), MiFindContiguousMemory(), MiFreeNonPagedPool(), MiInitializeSessionPool(), MiLoadImageSection(), MiLockCode(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetPagingOfDriver(), MmAdjustWorkingSetSize(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmCleanProcessAddressSpace(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeDriverInitialization(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmFreeSpecialPool(), MmGrowKernelStack(), MmOutPageKernelStack(), and MmUnloadSystemImage().

#define MM_BUMP_COUNTER_MAX   60

Definition at line 4315 of file mi.h.

#define MM_BUMP_SESS_COUNTER (  _index, bump   )

Definition at line 5361 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiDereferenceSession(), MiFreePoolPages(), MiInitializeSessionPool(), MiLoadImageSection(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetPagingOfDriver(), MiShareSessionImage(), and MmUnloadSystemImage().

#define MM_BUMP_SESSION_FAILURES (  _index   )     MmSessionFailureCauses[_index] += 1;

Definition at line 5380 of file mi.h. Referenced by MiInitializeSessionPool(), MiInitializeSystemSpaceMap(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSessionInsertImage(), MiSessionWideInsertImageAddress(), MiSessionWideReserveImageAddress(), and MiShareSessionImage().

#define MM_CLEAR_EXPANSION_OWNER (   )

Definition at line 953 of file mi.h.

#define MM_CLEAR_SESSION_LOCK_OWNER (   )

Definition at line 5629 of file mi.h.

#define MM_CLEAR_SESSION_RESOURCE_OWNER (   )

Value: ASSERT (MmSessionSpace->WorkingSetLockOwner == PsGetCurrentThread()); \ MmSessionSpace->WorkingSetLockOwner = NULL; Definition at line 5681 of file mi.h.

#define MM_COPY_ON_WRITE_MASK   5

Definition at line 198 of file mi.h. Referenced by MiCreateImageFileMap(), MiResolveProtoPteFault(), MiSetProtectionOnSection(), and MiWriteComplete().

#define MM_DBG_CHECK_PFN_LOCK   0x80000

Definition at line 182 of file mi.h. Referenced by MmInitSystem().

#define MM_DBG_CHECK_PTE   0x40

Definition at line 170 of file mi.h.

#define MM_DBG_CLEAN_PROCESS   0x800

Definition at line 174 of file mi.h.

#define MM_DBG_COLLIDED_PAGE   0x1000

Definition at line 175 of file mi.h. Referenced by MiResolveTransitionFault().

#define MM_DBG_COMMIT_ALLOCVM1   4

Definition at line 4250 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MM_DBG_COMMIT_ALLOCVM2   5

Definition at line 4251 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MM_DBG_COMMIT_CONTIGUOUS_PAGES   9

Definition at line 4255 of file mi.h. Referenced by MiFindContiguousMemory().

#define MM_DBG_COMMIT_DRIVER_PAGES   24

Definition at line 4270 of file mi.h. Referenced by MiLoadImageSection().

#define MM_DBG_COMMIT_DRIVER_PAGING_AT_INIT   15

Definition at line 4261 of file mi.h.

#define MM_DBG_COMMIT_EXTRA_SYSTEM_PTES   14

Definition at line 4260 of file mi.h. Referenced by MmInitSystem().

#define MM_DBG_COMMIT_FILL_SYSTEM_DIRECTORY   13

Definition at line 4259 of file mi.h. Referenced by MiFillSystemPageDirectory().

#define MM_DBG_COMMIT_IMAGE   6

Definition at line 4252 of file mi.h. Referenced by MiCreateImageFileMap().

#define MM_DBG_COMMIT_INDEPENDENT_PAGES   8

Definition at line 4254 of file mi.h. Referenced by MmAllocateIndependentPages().

#define MM_DBG_COMMIT_INSERT_VAD   25

Definition at line 4271 of file mi.h. Referenced by MiInsertVad().

#define MM_DBG_COMMIT_KERNEL_STACK_CREATE   18

Definition at line 4264 of file mi.h. Referenced by MmCreateKernelStack().

#define MM_DBG_COMMIT_MAPVIEW_DATA   12

Definition at line 4258 of file mi.h. Referenced by MiMapViewOfDataSection().

#define MM_DBG_COMMIT_MDL_PAGES   10

Definition at line 4256 of file mi.h. Referenced by MmAllocatePagesForMdl().

#define MM_DBG_COMMIT_NONCACHED_PAGES   11

Definition at line 4257 of file mi.h. Referenced by MmAllocateNonCachedMemory().

#define MM_DBG_COMMIT_NONPAGED_POOL_EXPANSION   0

Definition at line 4246 of file mi.h. Referenced by MiAllocatePoolPages().

#define MM_DBG_COMMIT_PAGED_POOL_PAGES   2

Definition at line 4248 of file mi.h. Referenced by MiAllocatePoolPages().

#define MM_DBG_COMMIT_PAGED_POOL_PAGETABLE   1

Definition at line 4247 of file mi.h. Referenced by MiAllocatePoolPages().

#define MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM   7

Definition at line 4253 of file mi.h. Referenced by MiCreatePagingFileMap().

#define MM_DBG_COMMIT_PAGEFILE_FULL   16

Definition at line 4262 of file mi.h. Referenced by MiPageFileFull().

#define MM_DBG_COMMIT_PROCESS_CREATE   17

Definition at line 4263 of file mi.h. Referenced by MmCreateProcessAddressSpace().

#define MM_DBG_COMMIT_RETURN_ALLOCVM1   32

Definition at line 4279 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MM_DBG_COMMIT_RETURN_ALLOCVM2   33

Definition at line 4280 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MM_DBG_COMMIT_RETURN_ALLOCVM3   34

Definition at line 4281 of file mi.h. Referenced by NtAllocateVirtualMemory().

#define MM_DBG_COMMIT_RETURN_DRIVER_INIT_CODE   62

Definition at line 4308 of file mi.h. Referenced by MmFreeDriverInitialization().

#define MM_DBG_COMMIT_RETURN_DRIVER_UNLOAD   63

Definition at line 4309 of file mi.h. Referenced by MmUnloadSystemImage().

#define MM_DBG_COMMIT_RETURN_DRIVER_UNLOAD1   64

Definition at line 4310 of file mi.h. Referenced by MmUnloadSystemImage().

#define MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA   35

Definition at line 4282 of file mi.h. Referenced by MiCreateImageFileMap().

#define MM_DBG_COMMIT_RETURN_KERNEL_STACK_DELETE   60

Definition at line 4306 of file mi.h. Referenced by MmDeleteKernelStack().

#define MM_DBG_COMMIT_RETURN_KERNEL_STACK_FAILURE1   58

Definition at line 4304 of file mi.h. Referenced by MmCreateKernelStack().

#define MM_DBG_COMMIT_RETURN_KERNEL_STACK_FAILURE2   59

Definition at line 4305 of file mi.h. Referenced by MmCreateKernelStack().

#define MM_DBG_COMMIT_RETURN_MAPVIEW_DATA   43

Definition at line 4290 of file mi.h. Referenced by MiMapViewOfDataSection().

#define MM_DBG_COMMIT_RETURN_MDL_PAGES   41

Definition at line 4288 of file mi.h. Referenced by MmFreePagesFromMdl().

#define MM_DBG_COMMIT_RETURN_NONCACHED_PAGES   42

Definition at line 4289 of file mi.h. Referenced by MmFreeNonCachedMemory().

#define MM_DBG_COMMIT_RETURN_NONPAGED_POOL_EXPANSION   29

Definition at line 4276 of file mi.h. Referenced by MiFreeNonPagedPool().

#define MM_DBG_COMMIT_RETURN_NTFREEVM1   37

Definition at line 4284 of file mi.h. Referenced by NtFreeVirtualMemory().

#define MM_DBG_COMMIT_RETURN_NTFREEVM2   38

Definition at line 4285 of file mi.h. Referenced by NtFreeVirtualMemory().

#define MM_DBG_COMMIT_RETURN_NTFREEVM3   39

Definition at line 4286 of file mi.h. Referenced by NtFreeVirtualMemory().

#define MM_DBG_COMMIT_RETURN_NTFREEVM4   40

Definition at line 4287 of file mi.h. Referenced by NtFreeVirtualMemory().

#define MM_DBG_COMMIT_RETURN_PAGED_POOL_PAGES   30

Definition at line 4277 of file mi.h. Referenced by MiFreePoolPages(), and MiInitializeSessionPool().

#define MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM   36

Definition at line 4283 of file mi.h. Referenced by MiCreatePagingFileMap().

#define MM_DBG_COMMIT_RETURN_PAGETABLES   44

Definition at line 4291 of file mi.h. Referenced by MiReturnPageTablePageCommitment().

#define MM_DBG_COMMIT_RETURN_PROCESS_CLEAN_PAGETABLES   57

Definition at line 4303 of file mi.h. Referenced by MmCleanProcessAddressSpace().

#define MM_DBG_COMMIT_RETURN_PROCESS_CREATE_FAILURE1   55

Definition at line 4301 of file mi.h. Referenced by MmCreateProcessAddressSpace().

#define MM_DBG_COMMIT_RETURN_PROCESS_DELETE   56

Definition at line 4302 of file mi.h. Referenced by MmDeleteProcessAddressSpace().

#define MM_DBG_COMMIT_RETURN_PROTECTION   45

Definition at line 4292 of file mi.h. Referenced by MiSetProtectionOnSection().

#define MM_DBG_COMMIT_RETURN_SEGMENT_DELETE1   46

Definition at line 4293 of file mi.h. Referenced by MiSegmentDelete().

#define MM_DBG_COMMIT_RETURN_SEGMENT_DELETE2   47

Definition at line 4294 of file mi.h. Referenced by MiSegmentDelete().

#define MM_DBG_COMMIT_RETURN_SESSION_CREATE_FAILURE1   48

Definition at line 4295 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_COMMIT_RETURN_SESSION_DEREFERENCE   49

Definition at line 4296 of file mi.h. Referenced by MiDereferenceSession().

#define MM_DBG_COMMIT_RETURN_SESSION_DRIVER_LOAD_FAILURE1   61

Definition at line 4307 of file mi.h. Referenced by MiLoadImageSection().

#define MM_DBG_COMMIT_RETURN_SESSION_IMAGE_FAILURE1   50

Definition at line 4297 of file mi.h. Referenced by MiSessionCommitImagePages().

#define MM_DBG_COMMIT_RETURN_SESSION_PAGETABLE_PAGES   51

Definition at line 4298 of file mi.h. Referenced by MiSessionCommitPageTables().

#define MM_DBG_COMMIT_RETURN_SESSION_POOL_PAGE_TABLES   31

Definition at line 4278 of file mi.h. Referenced by MiInitializeSessionPool().

#define MM_DBG_COMMIT_RETURN_SESSION_WSL_FAILURE   54

Definition at line 4300 of file mi.h. Referenced by MiSessionInitializeWorkingSetList().

#define MM_DBG_COMMIT_RETURN_VAD   52

Definition at line 4299 of file mi.h. Referenced by MiRemoveVad().

#define MM_DBG_COMMIT_SESSION_ADDITIONAL_WS_HASHPAGES   28

Definition at line 4274 of file mi.h. Referenced by MiAddWsleHash().

#define MM_DBG_COMMIT_SESSION_ADDITIONAL_WS_PAGES   27

Definition at line 4273 of file mi.h. Referenced by MiAddWorkingSetPage().

#define MM_DBG_COMMIT_SESSION_CREATE   20

Definition at line 4266 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_COMMIT_SESSION_IMAGE_PAGES   21

Definition at line 4267 of file mi.h. Referenced by MiSessionCommitImagePages().

#define MM_DBG_COMMIT_SESSION_PAGETABLE_PAGES   22

Definition at line 4268 of file mi.h. Referenced by MiSessionCommitPageTables().

#define MM_DBG_COMMIT_SESSION_POOL_PAGE_TABLES   3

Definition at line 4249 of file mi.h. Referenced by MiInitializeSessionPool().

#define MM_DBG_COMMIT_SESSION_SHARED_IMAGE   23

Definition at line 4269 of file mi.h. Referenced by MiShareSessionImage().

#define MM_DBG_COMMIT_SESSION_WS_INIT   26

Definition at line 4272 of file mi.h. Referenced by MiSessionInitializeWorkingSetList().

#define MM_DBG_COMMIT_SET_PROTECTION   19

Definition at line 4265 of file mi.h. Referenced by MiSetProtectionOnSection().

#define MM_DBG_DIR_BASE   0x8000

Definition at line 178 of file mi.h.

#define MM_DBG_DUMP_BOOT_PTES   0x2000

Definition at line 176 of file mi.h. Referenced by MmInitSystem().

#define MM_DBG_DUMP_WSL   0x4

Definition at line 166 of file mi.h. Referenced by MiRemoveWsle().

#define MM_DBG_FLUSH_SECTION   0x10000

Definition at line 179 of file mi.h. Referenced by MiCleanSection(), MiFlushSectionInternal(), and MmPurgeSection().

#define MM_DBG_FORK   0x4000

Definition at line 177 of file mi.h. Referenced by MiCloneProcessAddressSpace(), and MiDecrementCloneBlockReference().

#define MM_DBG_LOCK_CODE   0x800000

Definition at line 186 of file mi.h. Referenced by MmLockPagableDataSection().

#define MM_DBG_MOD_WRITE   0x20

Definition at line 169 of file mi.h. Referenced by MiGatherPagefilePages(), and MiWriteComplete().

#define MM_DBG_PAGE_IN_LIST   0x40000

Definition at line 181 of file mi.h. Referenced by MiUnlinkPageFromList().

#define MM_DBG_PAGE_REF_COUNT   0x2000000

Definition at line 188 of file mi.h. Referenced by MiInsertPageInList(), and MiInsertStandbyListAtFront().

#define MM_DBG_PAGEFAULT   0x8

Definition at line 167 of file mi.h. Referenced by MiDispatchFault().

#define MM_DBG_PRINTS_MODWRITES   0x20000

Definition at line 180 of file mi.h. Referenced by MiWriteComplete().

#define MM_DBG_PRIVATE_PAGES   0x100000

Definition at line 183 of file mi.h. Referenced by MmCleanProcessAddressSpace().

#define MM_DBG_PTE_UPDATE   0x2

Definition at line 165 of file mi.h. Referenced by MiCopyOnWrite(), MiDeletePte(), MiInsertWsle(), MiRemoveWsle(), MiResolveMappedFileFault(), MiResolveProtoPteFault(), MmAccessFault(), and MmInitializeProcessAddressSpace().

#define MM_DBG_SECTIONS   0x100

Definition at line 172 of file mi.h. Referenced by MiDereferenceSegmentThread(), MiRemoveUnusedSegments(), MiSectionDelete(), MiSegmentDelete(), MmCreateSection(), and NtCreateSection().

#define MM_DBG_SESSION_COMMIT_DELETE_VM_RETURN   31

Definition at line 5324 of file mi.h.

#define MM_DBG_SESSION_COMMIT_IMAGE_UNLOAD   33

Definition at line 5326 of file mi.h. Referenced by MmUnloadSystemImage().

#define MM_DBG_SESSION_COMMIT_IMAGELOAD_FAILED1   34

Definition at line 5327 of file mi.h. Referenced by MiLoadImageSection().

#define MM_DBG_SESSION_COMMIT_IMAGELOAD_FAILED2   35

Definition at line 5328 of file mi.h. Referenced by MiLoadImageSection().

#define MM_DBG_SESSION_COMMIT_IMAGELOAD_NOACCESS   36

Definition at line 5329 of file mi.h. Referenced by MiLoadImageSection().

#define MM_DBG_SESSION_COMMIT_PAGEDPOOL_PAGES   30

Definition at line 5323 of file mi.h. Referenced by MiAllocatePoolPages().

#define MM_DBG_SESSION_COMMIT_POOL_FREED   32

Definition at line 5325 of file mi.h. Referenced by MiFreePoolPages().

#define MM_DBG_SESSION_DRIVER_PAGES_LOCKED   16

Definition at line 5318 of file mi.h. Referenced by MiSessionCommitImagePages().

#define MM_DBG_SESSION_DRIVER_PAGES_UNLOCKED   17

Definition at line 5319 of file mi.h. Referenced by MiSetPagingOfDriver().

#define MM_DBG_SESSION_INITIAL_PAGE_ALLOC   2

Definition at line 5304 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_SESSION_INITIAL_PAGE_FREE   13

Definition at line 5315 of file mi.h. Referenced by MiDereferenceSession().

#define MM_DBG_SESSION_INITIAL_PAGE_FREE_FAIL1   3

Definition at line 5305 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_SESSION_INITIAL_PAGETABLE_ALLOC   0

Definition at line 5302 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_FAIL1   4

Definition at line 5306 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_SESSION_INITIAL_PAGETABLE_FREE_RACE   1

Definition at line 5303 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC   9

Definition at line 5311 of file mi.h. Referenced by MiInitializeSessionPool().

#define MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC1   15

Definition at line 5317 of file mi.h. Referenced by MiAllocatePoolPages().

#define MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_FREE_FAIL1   10

Definition at line 5312 of file mi.h. Referenced by MiInitializeSessionPool().

#define MM_DBG_SESSION_PAGETABLE_ALLOC   6

Definition at line 5308 of file mi.h. Referenced by MiSessionCommitPageTables().

#define MM_DBG_SESSION_PAGETABLE_FREE   14

Definition at line 5316 of file mi.h. Referenced by MiDereferenceSession().

#define MM_DBG_SESSION_SYSMAPPED_PAGES_ALLOC   7

Definition at line 5309 of file mi.h. Referenced by MiShareSessionImage().

#define MM_DBG_SESSION_SYSMAPPED_PAGES_COMMITTED   19

Definition at line 5321 of file mi.h. Referenced by MiShareSessionImage().

#define MM_DBG_SESSION_WS_HASHPAGE_ALLOC   18

Definition at line 5320 of file mi.h. Referenced by MiAddWsleHash().

#define MM_DBG_SESSION_WS_PAGE_ALLOC   11

Definition at line 5313 of file mi.h. Referenced by MiSessionInitializeWorkingSetList().

#define MM_DBG_SESSION_WS_PAGE_ALLOC_GROWTH   12

Definition at line 5314 of file mi.h. Referenced by MiAddWorkingSetPage().

#define MM_DBG_SESSION_WS_PAGE_FREE   5

Definition at line 5307 of file mi.h. Referenced by MiDereferenceSession().

#define MM_DBG_SESSION_WS_PAGETABLE_ALLOC   8

Definition at line 5310 of file mi.h. Referenced by MiSessionInitializeWorkingSetList().

#define MM_DBG_SESSIONS   0x80000000

Definition at line 191 of file mi.h. Referenced by MiRearrangeWorkingSetExpansionList(), MiSessionCommitImagePages(), MiSessionCreateInternal(), MiSessionInSwapProcess(), MiSessionOutSwapProcess(), and MiSessionWideReserveImageAddress().

#define MM_DBG_SHOW_FAULTS   0x40000000

Definition at line 190 of file mi.h. Referenced by MmAccessFault().

#define MM_DBG_SHOW_NT_CALLS   0x10000000

Definition at line 189 of file mi.h. Referenced by MmCreateSection(), NtAllocateVirtualMemory(), NtCreateSection(), NtFreeVirtualMemory(), NtMapViewOfSection(), NtProtectVirtualMemory(), and NtQueryVirtualMemory().

#define MM_DBG_STOP_ON_ACCVIO   0x1000000

Definition at line 187 of file mi.h. Referenced by MiResolveProtoPteFault(), and MmAccessFault().

#define MM_DBG_SWAP_PROCESS   0x400000

Definition at line 185 of file mi.h. Referenced by MmOutSwapProcess().

#define MM_DBG_SYS_PTES   0x400

Definition at line 173 of file mi.h. Referenced by MiReleaseSystemPtes(), MiReserveSystemPtes(), and MiReserveSystemPtes2().

#define MM_DBG_VAD_CONFLICT   0x80

Definition at line 171 of file mi.h.

#define MM_DBG_WALK_VAD_TREE   0x200000

Definition at line 184 of file mi.h. Referenced by MiMapViewOfImageSection().

#define MM_DBG_WRITEFAULT   0x1

Definition at line 164 of file mi.h. Referenced by MiCopyOnWrite().

#define MM_DBG_WS_EXPANSION   0x10

Definition at line 168 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckProcessTrimCriteria(), MiRearrangeWorkingSetExpansionList(), and MmWorkingSetManager().

#define MM_DECOMMIT   0x10

Definition at line 144 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiIsPteDecommittedPage(), and NtAllocateVirtualMemory().

#define MM_EXECUTE   2

Definition at line 135 of file mi.h. Referenced by MiEnablePagingOfDriverAtInit(), MiInitMachineDependent(), MiLoadImageSection(), and MiSetPagingOfDriver().

#define MM_EXECUTE_READ   3

Definition at line 136 of file mi.h. Referenced by MiInitMachineDependent(), MiSetSystemCodeProtection(), and MiShareSessionImage().

#define MM_EXECUTE_READWRITE   6

Definition at line 139 of file mi.h. Referenced by MiCreateDataFileMap(), MiCreatePebOrTeb(), MiInitializeCopyOnWritePfn(), MiInitializePfn(), MiInitMachineDependent(), MiLoadSystemImage(), MiReloadBootLoadedDrivers(), and MmSecureVirtualMemory().

#define MM_EXECUTE_WRITECOPY   7

Definition at line 140 of file mi.h. Referenced by MiCheckVirtualAddress(), MiCreateImageFileMap(), MiInitMachineDependent(), MiMapViewOfImageSection(), MiProtectSpecialPool(), MmAccessFault(), and MmSecureVirtualMemory().

#define MM_FLUID_PHYSICAL_PAGES   32

Definition at line 90 of file mi.h. Referenced by MmInitSystem().

#define MM_FLUID_WORKING_SET   8

Definition at line 88 of file mi.h. Referenced by MmAdjustWorkingSetSize(), and NtLockVirtualMemory().

#define MM_FLUSH_COUNTER_MASK   (0xFFFFF)

Definition at line 74 of file mi.h. Referenced by MiFlushPteList(), and MiReserveSystemPtes().

#define MM_FORCE_TRIM   6

Definition at line 117 of file mi.h. Referenced by MiDoReplacement(), and MmWorkingSetManager().

#define MM_FREE_POOL_SIGNATURE   (0x50554F4C)

Definition at line 80 of file mi.h. Referenced by MiAllocatePoolPages(), MiFindContiguousMemory(), MiFreePoolPages(), MiInitializeNonPagedPool(), and MmSetKernelDumpRange().

#define MM_FREE_WSLE_SHIFT   4

Definition at line 76 of file mi.h. Referenced by MiAddWorkingSetPage(), MiEmptyWorkingSet(), MiFreeWsle(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiLocateAndReserveWsle(), MiReleaseWsle(), MiRemoveWorkingSetPages(), MiRemoveWsleFromFreeList(), MiSessionInitializeWorkingSetList(), MiSwapWslEntries(), and MiUpdateWsle().

#define MM_GROW_WSLE_HASH   20

Definition at line 119 of file mi.h. Referenced by MiAddWorkingSetPage(), MiInsertWsle(), MiMakeSpecialPoolPagable(), MiRemoveWorkingSetPages(), and MmAccessFault().

#define MM_GUARD_PAGE   0x10

Definition at line 143 of file mi.h. Referenced by MiAccessCheck(), MiCheckSecuredVad(), MiInitMachineDependent(), MiMakeProtectionMask(), and MmAccessFault().

#define MM_HIGHEST_VAD_ADDRESS   ((PVOID)((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (64 * 1024)))

Definition at line 96 of file mi.h. Referenced by MiCreatePebOrTeb(), MiFindEmptyAddressRangeDownTree(), MiFindEmptyAddressRangeInTree(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), NtAllocateVirtualMemory(), NtMapViewOfSection(), and NtQueryVirtualMemory().

#define MM_IO_IN_PROGRESS   ((PLIST_ENTRY)97)

Definition at line 102 of file mi.h. Referenced by MiGatherPagefilePages(), MiUpdateModifiedWriterMdls(), and MmOutSwapProcess().

#define MM_KSTACK_OUTSWAPPED   0x1F

Definition at line 151 of file mi.h. Referenced by MmAccessFault(), MmCreateKernelStack(), MmGrowKernelStack(), MmInPageKernelStack(), and MmOutPageKernelStack().

#define MM_LARGE_PAGES   0x111

Definition at line 147 of file mi.h. Referenced by MiCheckVirtualAddress(), and MmAccessFault().

#define MM_LOCK_BY_NONPAGE   1

Definition at line 115 of file mi.h. Referenced by MmResetDriverPaging().

#define MM_LOCK_BY_REFCOUNT   0

Definition at line 113 of file mi.h. Referenced by MiLockCode(), MmLockPagableSectionByHandle(), and MmLockPagedPool().

#define MM_MAPPED_FILE_MDLS   4

Definition at line 5085 of file mi.h. Referenced by MiModifiedPageWriter().

#define MM_MAX_COMMIT   (((ULONG_PTR) 1 << COMMIT_SIZE) - 1)

Definition at line 2338 of file mi.h. Referenced by MiAllocateVad(), MiCloneProcessAddressSpace(), MiInsertVad(), MiRemoveVad(), and NtAllocateVirtualMemory().

#define MM_MAXIMUM_FLUSH_COUNT   (FLUSH_MULTIPLE_MAXIMUM-1)

Definition at line 127 of file mi.h. Referenced by MiDeletePte(), MiDeleteSystemPagableVm(), MiFlushPteList(), MiFlushUserPhysicalPteList(), MiProcessValidPteList(), MiReleaseSystemPtes(), MiRemoveMappedPtes(), MiRemoveMappedView(), MiRemoveUserPhysicalPagesVad(), MiReserveSystemPtes2(), MmOutPageKernelStack(), MmSetAddressRangeModified(), NtAllocateUserPhysicalPages(), NtFreeUserPhysicalPages(), NtMapUserPhysicalPages(), and NtMapUserPhysicalPagesScatter().

#define MM_MAXIMUM_WRITE_CLUSTER   (MM_MAXIMUM_DISK_IO_SIZE / PAGE_SIZE)

Definition at line 121 of file mi.h. Referenced by MiCleanSection(), and MmShutdownSystem().

#define MM_MINIMUM_PAGED_POOL_NTAS   ((SIZE_T)(48*1024*1024))

Definition at line 82 of file mi.h. Referenced by MiBuildPagedPool().

#define MM_NO_WS_EXPANSION   ((PLIST_ENTRY)0)

Definition at line 99 of file mi.h. Referenced by MiDoReplacement(), MiEmptyAllWorkingSetsWorker(), MmCleanProcessAddressSpace(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

#define MM_NOACCESS   0x18

Definition at line 145 of file mi.h. Referenced by MiChangeNoAccessForkPte(), MiCheckVirtualAddress(), MiLoadImageSection(), MiMakeProtectionMask(), MiProtectSpecialPool(), MmAccessFault(), MmFreeSpecialPool(), and MmSecureVirtualMemory().

#define MM_NOCACHE   0x8

Definition at line 142 of file mi.h. Referenced by MiInitializePfn(), MiMakeProtectionMask(), MiProtectSpecialPool(), and MmMapVideoDisplay().

#define MM_PAGES_REQUIRED_FOR_MAPPED_IO   7

Definition at line 104 of file mi.h.

#define MM_PAGING_FILE_MDLS   2

Definition at line 2547 of file mi.h. Referenced by MiUpdateModifiedWriterMdls().

#define MM_PFN_LOCK_ASSERT (   )

Definition at line 951 of file mi.h. Referenced by MiCheckControlArea(), MiCheckForControlAreaDeletion(), MiCompleteProtoPteFault(), MiDecrementReferenceCount(), MiDeletePte(), MiDeleteVirtualAddresses(), MiEliminateWorkingSetEntry(), MiEnsureAvailablePageOrWait(), MiFindImageSectionObject(), MiFlushEventCounter(), MiFlushInPageSupportBlock(), MiFlushPteList(), MiFreeEventCounter(), MiFreeInPageSupportBlock(), MiGetEventCounter(), MiGetInPageSupportBlock(), MiInitializeCopyOnWritePfn(), MiInitializePfn(), MiInitializePfnForOtherProcess(), MiInitializeReadInProgressPfn(), MiInitializeTransitionPfn(), MiInsertFrontModifiedNoWrite(), MiInsertImageSectionObject(), MiInsertPageInList(), MiInsertStandbyListAtFront(), MiLockCode(), MiMakeOutswappedPageResident(), MiMapPageToZeroInHyperSpace(), MiPageFileFull(), MiReleasePageFileSpace(), MiRemoveAnyPage(), MiRemoveImageSectionObject(), MiRemovePageByColor(), MiRemovePageFromList(), MiRemovePhysicalPages(), MiRemoveZeroPage(), MiResolveDemandZeroFault(), MiResolvePageFileFault(), MiResolveProtoPteFault(), MiUnlinkFreeOrZeroedPage(), and MiUnlinkPageFromList().

#define MM_PROTECTION_COPY_MASK   1

Definition at line 154 of file mi.h. Referenced by MiProtectVirtualMemory(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

#define MM_PROTECTION_EXECUTE_MASK   2

Definition at line 156 of file mi.h. Referenced by MiResolveMappedFileFault().

#define MM_PROTECTION_OPERATION_MASK   7

Definition at line 155 of file mi.h.

#define MM_PROTECTION_WRITE_MASK   4

Definition at line 153 of file mi.h. Referenced by MiCompleteProtoPteFault(), MiCreateImageFileMap(), MiGetWritablePagesInSection(), MiSetImageProtect(), and MiWriteComplete().

#define MM_READONLY   1

Definition at line 134 of file mi.h. Referenced by MiAllocateVad(), MiCheckVirtualAddress(), MiCreateImageFileMap(), MiInitMachineDependent(), MmAccessFault(), and MmInitSystem().

#define MM_READWRITE   4

Definition at line 137 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiCheckVirtualAddress(), MiInitializePfn(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiMakeOutswappedPageResident(), MiMapLockedPagesInUserSpace(), MmAccessFault(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmCreateKernelStack(), MmDbgWriteCheck(), MmGrowKernelStack(), MmInitializeProcessAddressSpace(), MmMakeKernelResourceSectionWritable(), MmMapVideoDisplay(), MmOutSwapProcess(), MmProbeAndLockPages(), MmSecureVirtualMemory(), MmSetBankedSection(), NtMapUserPhysicalPages(), and NtMapUserPhysicalPagesScatter().

#define MM_SECURE_DELETE_CHECK   0x55

Definition at line 158 of file mi.h. Referenced by MiCheckSecuredVad(), MmUnmapViewOfSection(), and NtFreeVirtualMemory().

#define MM_SESSION_FAILURE_CAUSES   9

Definition at line 5376 of file mi.h.

#define MM_SESSION_FAILURE_NO_COMMIT   1

Definition at line 5367 of file mi.h. Referenced by MiInitializeSessionPool(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), and MiShareSessionImage().

#define MM_SESSION_FAILURE_NO_IDS   0

Definition at line 5366 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_SESSION_FAILURE_NO_IMAGE_VA_SPACE   7

Definition at line 5373 of file mi.h. Referenced by MiSessionWideReserveImageAddress().

#define MM_SESSION_FAILURE_NO_NONPAGED_POOL   6

Definition at line 5372 of file mi.h. Referenced by MiInitializeSessionPool(), MiInitializeSystemSpaceMap(), MiSessionInsertImage(), and MiSessionWideInsertImageAddress().

#define MM_SESSION_FAILURE_NO_PAGED_POOL   5

Definition at line 5371 of file mi.h. Referenced by MiSessionWideInsertImageAddress().

#define MM_SESSION_FAILURE_NO_RESIDENT   2

Definition at line 5368 of file mi.h. Referenced by MiInitializeSessionPool(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), and MiSessionInitializeWorkingSetList().

#define MM_SESSION_FAILURE_NO_SESSION_PAGED_POOL   8

Definition at line 5374 of file mi.h. Referenced by MiInitializeSystemSpaceMap().

#define MM_SESSION_FAILURE_NO_SYSPTES   4

Definition at line 5370 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_SESSION_FAILURE_RACE_DETECTED   3

Definition at line 5369 of file mi.h. Referenced by MiSessionCreateInternal().

#define MM_SESSION_SPACE_DATA_SIZE   PAGE_SIZE

Definition at line 5227 of file mi.h.

#define MM_SESSION_SPACE_WS_LOCK_ASSERT (   )     ASSERT (MmSessionSpace->WorkingSetLockOwner == PsGetCurrentThread())

Definition at line 5685 of file mi.h. Referenced by MiCheckVirtualAddress(), MiSessionCommitPageTables(), and MmAccessFault().

#define MM_SET_EXPANSION_OWNER (   )

Definition at line 952 of file mi.h. Referenced by MmTrimAllSystemPagableMemory().

#define MM_SET_SESSION_LOCK_OWNER (   )

Definition at line 5628 of file mi.h.

#define MM_SET_SESSION_RESOURCE_OWNER (   )

Value: ASSERT (MmSessionSpace->WorkingSetLockOwner == NULL); \ MmSessionSpace->WorkingSetLockOwner = PsGetCurrentThread(); Definition at line 5677 of file mi.h. Referenced by MiEmptyWorkingSet(), and MmWorkingSetManager().

#define MM_SNAP_SESS_MEMORY_COUNTERS (  _index   )

Definition at line 5362 of file mi.h. Referenced by MiDereferenceSession().

#define MM_SPECIAL_POOL_PTES   25000

Definition at line 4065 of file mi.h. Referenced by MiInitializeSpecialPool(), and MmInitSystem().

#define MM_SYS_PTE_TABLES_MAX   5

Definition at line 2581 of file mi.h. Referenced by MiInitializeSystemPtes().

#define MM_SYSTEM_WS_LOCK_ASSERT (   )     ASSERT (PsGetCurrentThread() == MmSystemLockOwner);

Definition at line 1017 of file mi.h. Referenced by MiAddWorkingSetPage(), MiDoReplacement(), MiFreeWsle(), MiReleaseWsle(), MiTrimWorkingSet(), and MiUpdateWsle().

#define MM_TRACK_COMMIT (  _index, bump   )

Definition at line 4221 of file mi.h. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiCreateImageFileMap(), MiCreatePagingFileMap(), MiDereferenceSession(), MiFillSystemPageDirectory(), MiFindContiguousMemory(), MiFreeNonPagedPool(), MiFreePoolPages(), MiInitializeSessionPool(), MiInsertVad(), MiLoadImageSection(), MiMapViewOfDataSection(), MiPageFileFull(), MiRemoveVad(), MiReturnPageTablePageCommitment(), MiSegmentDelete(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetProtectionOnSection(), MiShareSessionImage(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmCleanProcessAddressSpace(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeDriverInitialization(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmInitSystem(), MmUnloadSystemImage(), NtAllocateVirtualMemory(), and NtFreeVirtualMemory().

#define MM_UNKNOWN_PROTECTION   0x100

Definition at line 146 of file mi.h. Referenced by MiCheckVirtualAddress(), and MmAccessFault().

#define MM_USABLE_PAGES_FREE   32

Definition at line 92 of file mi.h. Referenced by MiReleasePageFileSpace(), and MiWriteComplete().

#define MM_VIEW_SHARE   1

Definition at line 2341 of file mi.h. Referenced by MiCloneProcessAddressSpace().

#define MM_VIEW_UNMAP   0

Definition at line 2340 of file mi.h. Referenced by MiMapViewOfPhysicalSection().

#define MM_WORKING_SET_LIST_SEARCH   17

Definition at line 86 of file mi.h. Referenced by MiReplaceWorkingSetEntryUsingFaultInfo().

#define MM_WRITECOPY   5

Definition at line 138 of file mi.h. Referenced by MiInitMachineDependent(), and MiProtectSpecialPool().

#define MM_WS_EXPANSION_IN_PROGRESS   ((PLIST_ENTRY)35)

Definition at line 100 of file mi.h. Referenced by MiEmptyAllWorkingSetsWorker(), MmCleanProcessAddressSpace(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

#define MM_WS_SWAPPED_OUT   ((PLIST_ENTRY)37)

Definition at line 101 of file mi.h. Referenced by MmInSwapProcess(), and MmOutSwapProcess().

#define MM_ZERO_ACCESS   0

Definition at line 133 of file mi.h.

#define MmIsRetryIoStatus (  S   )

Value: (((S) == STATUS_INSUFFICIENT_RESOURCES) || \ ((S) == STATUS_WORKING_SET_QUOTA) || \ ((S) == STATUS_NO_MEMORY)) Definition at line 250 of file mi.h. Referenced by MiDispatchFault(), MiFlushSectionInternal(), MiMakeOutswappedPageResident(), MiResolveProtoPteFault(), and MiWaitForInPageComplete().

#define MMSECTOR_MASK   0x1ff

Definition at line 111 of file mi.h. Referenced by MiCreateImageFileMap().

#define MMSECTOR_SHIFT   9

Definition at line 109 of file mi.h. Referenced by MiCreateImageFileMap(), MiEndingOffset(), and MiPurgeImageSection().

#define PFN_CONSISTENCY_SET

Definition at line 881 of file mi.h.

#define PFN_CONSISTENCY_UNSET

Definition at line 882 of file mi.h.

#define PROTECT_KSTACKS   1

Definition at line 149 of file mi.h.

#define SECTION_BASE_ADDRESS (  _NtSection   )     (*((PVOID *)&(_NtSection)->PointerToRelocations))

Definition at line 1985 of file mi.h. Referenced by MiEnablePagingTheExecutive(), MiLocateKernelSections(), MmLockPagableDataSection(), MmLockPagableSectionByHandle(), and MmUnlockPagableImageSection().

#define SESSION_GLOBAL (  _Session   )     (_Session->GlobalVirtualAddress)

Definition at line 5300 of file mi.h. Referenced by MiDereferenceSession(), MiInitializeSessionPool(), MiLoadImageSection(), MiSessionAddProcess(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), and MiSessionRemoveProcess().

#define StartOfAllocation   ReadInProgress

Definition at line 1241 of file mi.h.

#define STATUS_MAPPED_WRITER_COLLISION   (0xC0033333)

Definition at line 3882 of file mi.h. Referenced by MiFlushSectionInternal(), and MiRemoveUnusedSegments().

#define SUBSECTION_COPY_ON_WRITE   4L

Definition at line 2227 of file mi.h.

#define SUBSECTION_READ_ONLY   1L

Definition at line 2225 of file mi.h.

#define SUBSECTION_READ_WRITE   2L

Definition at line 2226 of file mi.h.

#define SUBSECTION_SHARE_ALLOW   8L

Definition at line 2228 of file mi.h.

#define SYSLOAD_LOCK_OWNED_BY_ME (   )

Definition at line 933 of file mi.h. Referenced by MiRemoveImageSessionWide(), MiSessionCommitImagePages(), MiSessionInsertImage(), MiSessionLookupImage(), MiSessionRemoveImage(), MiSessionWideDereferenceImage(), MiSessionWideGetImageSize(), MiSessionWideInsertImageAddress(), MiSessionWideReserveImageAddress(), and MiShareSessionImage().

#define UNLOCK_ADDRESS_SPACE (  PROCESS   )     ExReleaseFastMutex( &((PROCESS)->AddressCreationLock))

Definition at line 1101 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiProtectVirtualMemory(), MiWaitForForkToComplete(), MmMapViewOfSection(), MmSecureVirtualMemory(), MmUnsecureVirtualMemory(), NtAllocateVirtualMemory(), NtAreMappedFilesTheSame(), NtFreeVirtualMemory(), NtLockVirtualMemory(), and NtQueryVirtualMemory().

#define UNLOCK_AWE (  PROCESS, OldIrql   )     ExReleaseSpinLock(&((PROCESS)->AweLock), OldIrql)

Definition at line 925 of file mi.h. Referenced by MiMapViewOfPhysicalSection(), MiPhysicalViewAdjuster(), MiPhysicalViewInserter(), MiPhysicalViewRemover(), MiRemoveMappedView(), MiRemoveUserPhysicalPagesVad(), NtAllocateUserPhysicalPages(), NtFreeUserPhysicalPages(), NtMapUserPhysicalPages(), and NtMapUserPhysicalPagesScatter().

#define UNLOCK_EXPANSION (  OLDIRQL   )

Value: MM_CLEAR_EXPANSION_OWNER (); \ ExReleaseSpinLock (&MmExpansionLock, OLDIRQL); \ ASSERT (KeGetCurrentIrql() <= APC_LEVEL); Definition at line 961 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckSystemTrimEndCriteria(), MiDereferenceSession(), MiEmptyAllWorkingSets(), MiEmptyAllWorkingSetsWorker(), MiLoadImageSection(), MiRearrangeWorkingSetExpansionList(), MiSessionAddProcess(), MiSessionInitializeWorkingSetList(), MiSessionInSwapProcess(), MiSessionOutSwapProcess(), MiSessionRemoveProcess(), MmAllowWorkingSetExpansion(), MmCleanProcessAddressSpace(), MmEnforceWorkingSetLimit(), MmInSwapProcess(), MmOutSwapProcess(), MmSessionCreate(), MmSetMemoryPriorityProcess(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

#define UNLOCK_EXPANSION_AND_THEN_WAIT (  OLDIRQL   )

Value: { \ KIRQL XXX; \ ASSERT (KeGetCurrentIrql() == 2); \ ASSERT (OLDIRQL <= APC_LEVEL); \ KiLockDispatcherDatabase (&XXX); \ MM_CLEAR_EXPANSION_OWNER (); \ KiReleaseSpinLock (&MmExpansionLock); \ (KeGetCurrentThread())->WaitIrql = OLDIRQL; \ (KeGetCurrentThread())->WaitNext = TRUE; \ } Definition at line 965 of file mi.h. Referenced by MiDereferenceSession(), and MmCleanProcessAddressSpace().

#define UNLOCK_EXPANSION_IF_ALPHA (  OLDIRQL   )

Definition at line 991 of file mi.h. Referenced by MiAddWorkingSetPage(), MiDoReplacement(), MiInsertWsle(), MiMakeSpecialPoolPagable(), MiRemoveWorkingSetPages(), MmAccessFault(), and MmCleanProcessAddressSpace().

#define UNLOCK_HYPERSPACE (  OLDIRQL   )     ExReleaseSpinLock ( &(PsGetCurrentProcess())->HyperSpaceLock, OLDIRQL );

Definition at line 1024 of file mi.h.

#define UNLOCK_PFN (  OLDIRQL   )

Value: PFN_CONSISTENCY_UNSET; \ MiUnlockPfnDatabase(OLDIRQL); \ ASSERT(KeGetCurrentIrql() <= APC_LEVEL); Definition at line 896 of file mi.h. Referenced by MiAccessCheck(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiAttemptPageFileExtension(), MiAttemptPageFileReduction(), MiBuildForkPageTable(), MiBuildPagedPool(), MiCancelWriteOfMappedPfn(), MiCanFileBeTruncatedInternal(), MiCaptureSystemPte(), MiCheckAndSetSystemTrimCriteria(), MiCheckControlArea(), MiCheckControlAreaStatus(), MiCheckPageFileMapping(), MiCheckPurgeAndUpMapCount(), MiCleanSection(), MiCompleteProtoPteFault(), MiCopyOnWrite(), MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDeleteAddressesInWorkingSet(), MiDeleteFreeVm(), MiDeletePageTablesForPhysicalRange(), MiDeleteSystemPagableVm(), MiDeleteVirtualAddresses(), MiDereferenceSession(), MiDispatchFault(), MiDoesPdeExistAndMakeValid(), MiDoneWithThisPageGetAnother(), MiDownPfnReferenceCount(), MiDownShareCountFlushEntireTb(), MiEnablePagingOfDriverAtInit(), MiEnsureAvailablePageOrWait(), MiExtendPagingFileMaximum(), MiFillSystemPageDirectory(), MiFlushAcquire(), MiFlushDataSection(), MiFlushDirtyBitsToPfn(), MiFlushEventCounter(), MiFlushInPageSupportBlock(), MiFlushSectionInternal(), MiFlushTbAndCapture(), MiFreeInitializationCode(), MiFreeWsle(), MiGatherMappedPages(), MiGatherPagefilePages(), MiGetEventCounter(), MiGetInPageSupportBlock(), MiGetPageForHeader(), MiGetSystemCacheSubsection(), MiGrowWsleHash(), MiHandleForkTransitionPte(), MiInitializeSessionPool(), MiInitializeSpecialPool(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiInsertPageFileInList(), MiLoadImageSection(), MiLockCode(), MiMakeOutswappedPageResident(), MiMakePdeExistAndMakeValid(), MiMakeSystemAddressValidPfn(), MiMakeSystemAddressValidPfnSystemWs(), MiMakeSystemAddressValidPfnWs(), MiMapImageHeaderInHyperSpace(), MiMappedPageWriter(), MiMapViewInSystemSpace(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiModifiedPageWriterWorker(), MiPageFileFull(), MiProcessValidPteList(), MiPurgeImageSection(), MiReleaseModifiedWriter(), MiReloadBootLoadedDrivers(), MiRemoveImageHeaderPage(), MiRemoveMappedPtes(), MiRemoveMappedView(), MiRemovePageFromWorkingSet(), MiRemoveUnusedSegments(), MiRemoveWorkingSetPages(), MiResetVirtualMemory(), MiResolveDemandZeroFault(), MiResolvePageFileFault(), MiResolveProtoPteFault(), MiResolveTransitionFault(), MiSegmentDelete(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetPageModified(), MiSetPagingOfDriver(), MiSetProtectionOnTransitionPte(), MiSetSystemCodeProtection(), MiShareSessionImage(), MiSuperSectionDelete(), MiSwapWslEntries(), MiUnmapImageHeaderInHyperSpace(), MiUnmapLockedPagesInUserSpace(), MiUpCloneProcessRefCount(), MiUpCloneProtoRefCount(), MiUpControlAreaRefs(), MiUpdateImageHeaderPage(), MiUpdateVadPhysicalPages(), MiUpForkPageShareCount(), MiUpPfnReferenceCount(), MiWaitForForkToComplete(), MiWriteComplete(), MmAccessFault(), MmAddPhysicalMemory(), MmAdjustWorkingSetSize(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmCanFileBeTruncated(), MmCheckCachedPageState(), MmCleanProcessAddressSpace(), MmCopyToCachedPage(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmCreateSection(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmDisableModifiedWriteOfSection(), MmFlushImageSection(), MmFlushSection(), MmForceSectionClosed(), MmFreeLoaderBlock(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmGetPhysicalMemoryRanges(), MmGrowKernelStack(), MmInitializeProcessAddressSpace(), MmInitSystem(), MmInPageKernelStack(), MmInSwapProcess(), MmLockPagedPool(), MmMapUserAddressesToPage(), MmMapViewInSystemCache(), MmOutPageKernelStack(), MmOutSwapProcess(), MmPurgeSection(), MmRemovePhysicalMemory(), MmResetDriverPaging(), MmSetPageProtection(), MmShutdownSystem(), MmTrimAllSystemPagableMemory(), MmUnloadSystemImage(), MmUnlockCachedPage(), MmUnmapViewInSystemCache(), MmZeroPageThread(), NtAllocateUserPhysicalPages(), and NtCreateSuperSection().

#define UNLOCK_PFN2 (  OLDIRQL   )

Value: PFN_CONSISTENCY_UNSET; \ MiUnlockPfnDatabase(OLDIRQL); \ ASSERT(KeGetCurrentIrql() <= DISPATCH_LEVEL); Definition at line 905 of file mi.h. Referenced by MiAddMdlTracker(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiFindContiguousMemory(), MiFreeMdlTracker(), MiFreeNonPagedPool(), MiLockPagedAddress(), MiMapViewOfPhysicalSection(), MiModifiedPageWriterTimerDispatch(), MiPhysicalViewAdjuster(), MiPhysicalViewInserter(), MiPhysicalViewRemover(), MiProtectSpecialPool(), MiRemoveUserPhysicalPagesVad(), MiUnlockPagedAddress(), MmFreeSpecialPool(), MmGatherMemoryForHibernate(), MmLockPagableSectionByHandle(), MmMapLockedPagesSpecifyCache(), MmProbeAndLockPages(), MmResourcesAvailable(), MmReturnMemoryForHibernate(), MmSetAddressRangeModified(), MmSetSpecialPool(), MmUnlockPagableImageSection(), MmUnlockPagedPool(), MmUnlockPages(), MmUnmapLockedPages(), and NtFreeUserPhysicalPages().

#define UNLOCK_PFN_AND_THEN_WAIT (  OLDIRQL   )

Value: { \ KIRQL XXX; \ ASSERT (KeGetCurrentIrql() == 2); \ ASSERT (OLDIRQL <= APC_LEVEL); \ KiLockDispatcherDatabase (&XXX); \ PFN_CONSISTENCY_UNSET; \ MiReleasePfnLock(); \ (KeGetCurrentThread())->WaitIrql = OLDIRQL; \ (KeGetCurrentThread())->WaitNext = TRUE; \ } Definition at line 910 of file mi.h. Referenced by MiCheckControlAreaStatus(), MiCheckPurgeAndUpMapCount(), MiCleanSection(), MiFlushSectionInternal(), MiMapImageHeaderInHyperSpace(), MmLockPagableSectionByHandle(), and MmPurgeSection().

#define UNLOCK_SESSION (  OLDIRQL   )

Value: MM_CLEAR_SESSION_LOCK_OWNER (); \ ExReleaseSpinLock (&((SESSION_GLOBAL(MmSessionSpace))->SpinLock), OLDIRQL); Definition at line 5635 of file mi.h. Referenced by MiDereferenceSession(), and MiSessionAddProcess().

#define UNLOCK_SESSION_SPACE_WS (  OLDIRQL   )

Value: MM_CLEAR_SESSION_RESOURCE_OWNER (); \ ExReleaseResource (&MmSessionSpace->WsLock); \ KeLowerIrql (OLDIRQL); \ ASSERT (KeGetCurrentIrql() <= APC_LEVEL); Definition at line 5694 of file mi.h. Referenced by MiAllocatePoolPages(), MiDeleteSystemPagableVm(), MiDispatchFault(), MiEmptyWorkingSet(), MiEnsureAvailablePageOrWait(), MiFreePoolPages(), MiLoadImageSection(), MiMakeSystemAddressValidPfnSystemWs(), MiMapViewInSystemSpace(), MiResolveTransitionFault(), MiSessionCommitImagePages(), MiSessionInsertImage(), MiSessionLookupImage(), MiSessionRemoveImage(), MiSetPagingOfDriver(), MiShareSessionImage(), MiUnmapViewInSystemSpace(), MmAccessFault(), MmUnloadSystemImage(), and MmWorkingSetManager().

#define UNLOCK_SYSTEM_VIEW_SPACE (  _Session   )     ExReleaseFastMutex (_Session->SystemSpaceViewLockPointer)

Definition at line 2647 of file mi.h. Referenced by MiFreeSessionSpaceMap(), MiInsertInSystemSpace(), MiMapViewInSystemSpace(), and MiUnmapViewInSystemSpace().

#define UNLOCK_SYSTEM_WS (  OLDIRQL   )

Value: ASSERT (MmSystemLockOwner == PsGetCurrentThread()); \ MmSystemLockOwner = NULL; \ ExReleaseResource (&MmSystemWsLock); \ KeLowerIrql (OLDIRQL); \ ASSERT (KeGetCurrentIrql() <= APC_LEVEL); Definition at line 1005 of file mi.h. Referenced by MiDeleteSystemPagableVm(), MiDispatchFault(), MiEmptyWorkingSet(), MiEnablePagingOfDriverAtInit(), MiEnsureAvailablePageOrWait(), MiInitializeSystemCache(), MiMakeSpecialPoolPagable(), MiMakeSystemAddressValidPfnSystemWs(), MiProtectSpecialPool(), MiRemoveMappedPtes(), MiResolveTransitionFault(), MiSetPagingOfDriver(), MmAccessFault(), MmAdjustWorkingSetSize(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmEnforceWorkingSetLimit(), MmLockPagableSectionByHandle(), MmLockPagedPool(), MmResetDriverPaging(), MmUnmapViewInSystemCache(), and MmWorkingSetManager().

#define UNLOCK_SYSTEM_WS_NO_IRQL (   )

Value: ASSERT (MmSystemLockOwner == PsGetCurrentThread()); \ MmSystemLockOwner = NULL; \ ExReleaseResource (&MmSystemWsLock); Definition at line 1012 of file mi.h. Referenced by MmLockPagableSectionByHandle().

#define UNLOCK_WS (  PROCESS   )

Value: MI_MUST_BE_SAFE(PROCESS); \ ExReleaseFastMutex(&((PROCESS)->WorkingSetLock)); Definition at line 1081 of file mi.h. Referenced by MiCloneProcessAddressSpace(), MiDispatchFault(), MiEmptyWorkingSet(), MiGetWorkingSetInfo(), MiMapViewOfPhysicalSection(), MiResolveTransitionFault(), MmAccessFault(), MmAdjustWorkingSetSize(), MmCreateProcessAddressSpace(), MmEnforceWorkingSetLimit(), MmFlushVirtualMemory(), MmSetMemoryPriorityProcess(), MmWorkingSetManager(), NtAllocateUserPhysicalPages(), and NtFreeUserPhysicalPages().

#define UNLOCK_WS_AND_ADDRESS_SPACE (  PROCESS   )

Value: UNLOCK_WS_UNSAFE(PROCESS); \ UNLOCK_ADDRESS_SPACE(PROCESS); Definition at line 1097 of file mi.h. Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiProtectVirtualMemory(), MiUnmapLockedPagesInUserSpace(), MmAssignProcessToJob(), MmCleanProcessAddressSpace(), MmDeleteTeb(), MmFlushVirtualMemory(), MmMapUserAddressesToPage(), MmMapViewOfSection(), MmSetBankedSection(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), NtLockVirtualMemory(), NtQueryVirtualMemory(), and NtUnlockVirtualMemory().

#define UNLOCK_WS_REGARDLESS (  PROCESS, WSHELDSAFE   )

Value: ASSERT (MI_WS_OWNER (PROCESS)); \ if (MI_IS_WS_UNSAFE (PROCESS)) { \ UNLOCK_WS_UNSAFE (PROCESS); \ WSHELDSAFE = FALSE; \ } \ else { \ UNLOCK_WS (PROCESS); \ WSHELDSAFE = TRUE; \ } Definition at line 1109 of file mi.h. Referenced by MiChargeCommitment(), MiDecrementCloneBlockReference(), MiEnsureAvailablePageOrWait(), MiMakeSystemAddressValid(), MiMakeSystemAddressValidPfnWs(), and MiWaitForForkToComplete().

#define UNLOCK_WS_UNSAFE (  PROCESS   )

Value: MI_MUST_BE_UNSAFE(PROCESS); \ ExReleaseFastMutexUnsafe(&((PROCESS)->WorkingSetLock)); \ ASSERT (KeGetCurrentIrql() == APC_LEVEL); Definition at line 1085 of file mi.h. Referenced by MiCheckControlArea(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), MmSecureVirtualMemory(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), NtLockVirtualMemory(), and NtQueryVirtualMemory().

#define VI_POOL_FREELIST_END   ((ULONG_PTR)-1)

Definition at line 4081 of file mi.h. Referenced by MiVerifyingDriverUnloading(), ViCancelPoolAllocation(), ViInitializeEntry(), and ViInsertPoolAllocation().

#define VI_VERIFYING_DIRECTLY   0x1

Definition at line 4108 of file mi.h. Referenced by MiApplyDriverVerifier(), MiInitializeDriverVerifierList(), MmGetVerifierInformation(), VeAllocatePoolWithTagPriority(), VerifierAllocatePool(), VerifierAllocatePoolWithQuota(), VerifierAllocatePoolWithQuotaTag(), VerifierAllocatePoolWithTag(), and VerifierAllocatePoolWithTagPriority().

#define VI_VERIFYING_INVERSELY   0x2

Definition at line 4109 of file mi.h. Referenced by MiApplyDriverVerifier().

#define WSLE_NULL_INDEX   ((ULONG)0xFFFFFFF)

Definition at line 78 of file mi.h. Referenced by MiAddWorkingSetPage(), MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDeletePte(), MiDeleteSystemPagableVm(), MiEmptyWorkingSet(), MiFreeWsle(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiLocateAndReserveWsle(), MiReleaseWsle(), MiRemoveMappedPtes(), MiRemovePageFromWorkingSet(), MiRemoveWorkingSetPages(), MiRemoveWsleFromFreeList(), MiSessionInitializeWorkingSetList(), MiSwapWslEntries(), MiUpdateWsle(), MmAdjustWorkingSetSize(), NtLockVirtualMemory(), and NtUnlockVirtualMemory().

#define X64K   (ULONG)65536

Definition at line 94 of file mi.h. Referenced by MiCreateDataFileMap(), MiCreateImageFileMap(), MiFindEmptyAddressRangeInTree(), MiFindEmptySectionBaseDown(), MiGetPageForHeader(), MiInitializeSystemSpaceMap(), MiInitMachineDependent(), MiInsertInSystemSpace(), MiInsertVad(), MiLoadSystemImage(), MiMapLockedPagesInUserSpace(), MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MiUnmapViewInSystemSpace(), MmMapVideoDisplay(), MmUnmapVideoDisplay(), NtAllocateVirtualMemory(), and NtMapViewOfSection().

#define ZERO_LARGE (  LargeInteger   )

Value: (LargeInteger).LowPart = 0; \ (LargeInteger).HighPart = 0; Definition at line 1128 of file mi.h. Referenced by MiCreateImageFileMap(), MiLoadImageSection(), MmGetPhysicalAddress(), MmInitializeProcessAddressSpace(), NtCreateSection(), and NtMapViewOfSection().

---

Typedef Documentation

typedef struct _CONTROL_AREA CONTROL_AREA

Referenced by MiCreateImageFileMap(), MiCreatePagingFileMap(), MiSectionInitialization(), and MmCreateSection().

typedef struct _EVENT_COUNTER EVENT_COUNTER

typedef struct _IMAGE_ENTRY_IN_SESSION IMAGE_ENTRY_IN_SESSION

Referenced by MiSessionInsertImage().

typedef struct _LARGE_CONTROL_AREA LARGE_CONTROL_AREA

Referenced by MiCreateImageFileMap(), and MmCreateSection().

typedef struct _LOCK_HEADER LOCK_HEADER

Referenced by MmInitializeProcessAddressSpace().

typedef struct _LOCK_TRACKER LOCK_TRACKER

Referenced by MiAddMdlTracker().

typedef struct _MI_FREED_SPECIAL_POOL MI_FREED_SPECIAL_POOL

typedef struct _MI_NEXT_ESTIMATION_SLOT_CONST MI_NEXT_ESTIMATION_SLOT_CONST

typedef struct _MI_PHYSICAL_VIEW MI_PHYSICAL_VIEW

Referenced by NtAllocateVirtualMemory().

typedef struct _MI_VERIFIER_DRIVER_ENTRY MI_VERIFIER_DRIVER_ENTRY

Referenced by MiApplyDriverVerifier(), and MiInitializeDriverVerifierList().

typedef struct _MI_VERIFIER_POOL_HEADER MI_VERIFIER_POOL_HEADER

Referenced by MmFreeSpecialPool(), and ViPostPoolAllocation().

typedef struct _MM_DRIVER_VERIFIER_DATA MM_DRIVER_VERIFIER_DATA

typedef struct _MM_PAGED_POOL_INFO MM_PAGED_POOL_INFO

typedef struct _MM_SESSION_SPACE MM_SESSION_SPACE

typedef struct _MM_SESSION_SPACE_FLAGS MM_SESSION_SPACE_FLAGS

typedef struct _MMADDRESS_LIST MMADDRESS_LIST

typedef struct _MMADDRESS_NODE MMADDRESS_NODE

typedef struct _MMBANKED_SECTION MMBANKED_SECTION

Referenced by MmSetBankedSection().

typedef struct _MMCLONE_BLOCK MMCLONE_BLOCK

Referenced by MiCloneProcessAddressSpace().

typedef struct _MMCLONE_DESCRIPTOR MMCLONE_DESCRIPTOR

Referenced by MiCloneProcessAddressSpace().

typedef struct _MMCLONE_HEADER MMCLONE_HEADER

Referenced by MiCloneProcessAddressSpace().

typedef struct _MMDEREFERENCE_SEGMENT_HEADER MMDEREFERENCE_SEGMENT_HEADER

typedef struct _MMEVENT_COUNT_LIST MMEVENT_COUNT_LIST

typedef struct _MMEXTEND_INFO MMEXTEND_INFO

Referenced by MiMapViewOfDataSection().

typedef struct _MMFLUSH_BLOCK MMFLUSH_BLOCK

typedef struct _MMFREE_POOL_ENTRY MMFREE_POOL_ENTRY

Referenced by MiAllocatePoolPages(), and MmSetKernelDumpRange().

typedef struct _MMINPAGE_SUPPORT MMINPAGE_SUPPORT

typedef struct _MMINPAGE_SUPPORT_LIST MMINPAGE_SUPPORT_LIST

typedef struct _MMLOCK_CONFLICT MMLOCK_CONFLICT

Referenced by NtLockVirtualMemory().

typedef struct _MMMOD_WRITER_LISTHEAD MMMOD_WRITER_LISTHEAD

typedef struct _MMMOD_WRITER_MDL_ENTRY MMMOD_WRITER_MDL_ENTRY

Referenced by NtCreatePagingFile().

typedef struct _MMPAGE_FILE_EXPANSION MMPAGE_FILE_EXPANSION

typedef struct _MMPAGE_READ MMPAGE_READ

typedef struct _MMPAGING_FILE MMPAGING_FILE

Referenced by NtCreatePagingFile().

typedef struct _MMPFN MMPFN

Referenced by MiInitMachineDependent(), and MmSetKernelDumpRange().

typedef struct _MMPFNENTRY MMPFNENTRY

typedef struct _MMPTE_FLUSH_LIST MMPTE_FLUSH_LIST

typedef struct _MMSECTION_FLAGS MMSECTION_FLAGS

typedef struct _MMSECURE_ENTRY MMSECURE_ENTRY

Referenced by MmSecureVirtualMemory().

typedef struct _MMSESSION MMSESSION

typedef enum _MMSHARE_TYPE MMSHARE_TYPE

typedef struct _MMSUBSECTION_FLAGS MMSUBSECTION_FLAGS

typedef enum _MMSYSTEM_PTE_POOL_TYPE MMSYSTEM_PTE_POOL_TYPE

typedef struct _MMVAD MMVAD

Referenced by MiInsertVad(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), and MmSecureVirtualMemory().

typedef struct _MMVAD_FLAGS MMVAD_FLAGS

typedef struct _MMVAD_FLAGS2 MMVAD_FLAGS2

typedef struct _MMVAD_SHORT MMVAD_SHORT

Referenced by NtAllocateVirtualMemory().

typedef struct _MMVIEW MMVIEW

Referenced by MiInsertInSystemSpace().

typedef struct _MMWORKING_SET_EXPANSION_HEAD MMWORKING_SET_EXPANSION_HEAD

typedef struct _MMWSL MMWSL

Referenced by MiInitMachineDependent().

typedef struct _MMWSLE MMWSLE

Referenced by MiInitializeSystemCache().

typedef struct _MMWSLE_HASH MMWSLE_HASH

Referenced by MiGrowWsleHash(), and MiRemoveWorkingSetPages().

typedef struct _MMWSLENTRY MMWSLENTRY

Referenced by MiDeletePte().

typedef struct _CONTROL_AREA * PCONTROL_AREA

typedef struct _EVENT_COUNTER * PEVENT_COUNTER

typedef struct _IMAGE_ENTRY_IN_SESSION * PIMAGE_ENTRY_IN_SESSION

typedef struct _LARGE_CONTROL_AREA * PLARGE_CONTROL_AREA

Referenced by MiCreateImageFileMap().

typedef struct _LOCK_HEADER * PLOCK_HEADER

Referenced by MiAddMdlTracker().

typedef struct _LOCK_TRACKER * PLOCK_TRACKER

Referenced by MiAddMdlTracker().

typedef struct _MI_FREED_SPECIAL_POOL * PMI_FREED_SPECIAL_POOL

Referenced by MmFreeSpecialPool().

typedef struct _MI_PHYSICAL_VIEW * PMI_PHYSICAL_VIEW

typedef struct _MI_VERIFIER_DRIVER_ENTRY * PMI_VERIFIER_DRIVER_ENTRY

typedef struct _MI_VERIFIER_POOL_HEADER * PMI_VERIFIER_POOL_HEADER

Referenced by ViPostPoolAllocation().

typedef struct _MM_DRIVER_VERIFIER_DATA * PMM_DRIVER_VERIFIER_DATA

typedef struct _MM_PAGED_POOL_INFO * PMM_PAGED_POOL_INFO

Referenced by MiAllocatePoolPages().

typedef struct _MM_SESSION_SPACE * PMM_SESSION_SPACE

typedef struct _MMADDRESS_LIST * PMMADDRESS_LIST

typedef struct _MMADDRESS_NODE * PMMADDRESS_NODE

typedef struct _MMBANKED_SECTION * PMMBANKED_SECTION

Referenced by MmSetBankedSection().

typedef MMCLONE_BLOCK* PMMCLONE_BLOCK

Definition at line 2463 of file mi.h. Referenced by MiDeletePte(), and MiDeleteValidAddress().

typedef struct _MMCLONE_DESCRIPTOR * PMMCLONE_DESCRIPTOR

Referenced by MiDeletePte().

typedef struct _MMCLONE_HEADER * PMMCLONE_HEADER

Referenced by MiCloneProcessAddressSpace().

typedef struct _MMEVENT_COUNT_LIST * PMMEVENT_COUNT_LIST

typedef struct _MMEXTEND_INFO * PMMEXTEND_INFO

Referenced by MiRemoveMappedView().

typedef struct _MMFLUSH_BLOCK * PMMFLUSH_BLOCK

typedef struct _MMFREE_POOL_ENTRY * PMMFREE_POOL_ENTRY

Referenced by MiAllocatePoolPages().

typedef struct _MMINPAGE_SUPPORT * PMMINPAGE_SUPPORT

typedef struct _MMINPAGE_SUPPORT_LIST * PMMINPAGE_SUPPORT_LIST

typedef struct _MMLOCK_CONFLICT * PMMLOCK_CONFLICT

Referenced by MiCheckForUserStackOverflow(), and MiInsertConflictInList().

typedef struct _MMMOD_WRITER_LISTHEAD * PMMMOD_WRITER_LISTHEAD

typedef struct _MMMOD_WRITER_MDL_ENTRY * PMMMOD_WRITER_MDL_ENTRY

Referenced by MiUpdateModifiedWriterMdls().

typedef struct _MMPAGE_FILE_EXPANSION * PMMPAGE_FILE_EXPANSION

typedef struct _MMPAGE_READ * PMMPAGE_READ

typedef struct _MMPAGING_FILE * PMMPAGING_FILE

typedef struct _MMPFN * PMMPFN

Referenced by MiAccessCheck().

typedef struct _MMPTE_FLUSH_LIST * PMMPTE_FLUSH_LIST

Referenced by MiDeletePte().

typedef struct _MMSECURE_ENTRY * PMMSECURE_ENTRY

Referenced by MmSecureVirtualMemory().

typedef struct _MMSESSION * PMMSESSION

typedef struct _MMVAD * PMMVAD

typedef struct _MMVAD_SHORT * PMMVAD_SHORT

Referenced by MiCloneProcessAddressSpace().

typedef struct _MMVIEW * PMMVIEW

Referenced by MiInsertInSystemSpace().

typedef struct _MMWSL * PMMWSL

typedef MMWSLE* PMMWSLE

Definition at line 1591 of file mi.h.

typedef struct _MMWSLE_HASH * PMMWSLE_HASH

typedef struct _SECTION * PSECTION

typedef struct _SEGMENT * PSEGMENT

typedef struct _SUBSECTION * PSUBSECTION

typedef struct _UNLOADED_DRIVERS * PUNLOADED_DRIVERS

typedef struct _VI_POOL_ENTRY * PVI_POOL_ENTRY

Referenced by ViReservePoolAllocation().

typedef struct _VI_POOL_ENTRY_INUSE * PVI_POOL_ENTRY_INUSE

typedef ULONG * PWSLE_NUMBER

Definition at line 1231 of file mi.h. Referenced by MiUpdateWsle().

typedef struct _SECTION SECTION

Referenced by CmpAppendSection(), MiSectionInitialization(), MmCreateSection(), and NtAllocateVirtualMemory().

typedef enum _SECTION_CHECK_TYPE SECTION_CHECK_TYPE

typedef struct _SEGMENT SEGMENT

Referenced by MiCreateDataFileMap(), MiCreateImageFileMap(), MiCreatePagingFileMap(), and MiSectionInitialization().

typedef struct _SUBSECTION SUBSECTION

Referenced by MiCreateDataFileMap(), MiCreateImageFileMap(), MiCreatePagingFileMap(), MmCreateSection(), and MmExtendSection().

typedef struct _UNLOADED_DRIVERS UNLOADED_DRIVERS

typedef struct _VI_POOL_ENTRY VI_POOL_ENTRY

Referenced by ViReservePoolAllocation().

typedef struct _VI_POOL_ENTRY_INUSE VI_POOL_ENTRY_INUSE

typedef ULONG WSLE_NUMBER

Definition at line 1231 of file mi.h. Referenced by MiAddValidPageToWorkingSet(), MiAddWorkingSetPage(), MiAddWsleHash(), MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDeleteSystemPagableVm(), MiInitializeWorkingSetList(), MiInsertWsle(), MiLocateAndReserveWsle(), MiLocateWsle(), MiLockCode(), MiProtectSpecialPool(), MiRemovePageFromWorkingSet(), MiRemoveWorkingSetPages(), MiRemoveWsleFromFreeList(), MiSessionCopyOnWrite(), MiSessionInitializeWorkingSetList(), MiSwapWslEntries(), MiUpdateWsle(), MmAccessFault(), MmAdjustWorkingSetSize(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmTrimAllSystemPagableMemory(), and MmUnmapViewInSystemCache().

---

Enumeration Type Documentation

enum _MMSHARE_TYPE

Enumeration values: Normal  ShareCountOnly  AndValid  Definition at line 1524 of file mi.h. 01526 : 01527 // 01528 // Pfn - the PFN index to operate on. //

enum _MMSYSTEM_PTE_POOL_TYPE

Enumeration values: SystemPteSpace  NonPagedPoolExpansion  MaximumPtePoolTypes  Definition at line 2583 of file mi.h. {

enum _SECTION_CHECK_TYPE

Enumeration values: CheckDataSection  CheckImageSection  CheckUserDataSection  CheckBothSection  Definition at line 1988 of file mi.h. {

---

Function Documentation

NTSTATUS MiAccessCheck (  IN PMMPTE  PointerPte, IN BOOLEAN  WriteOperation, IN KPROCESSOR_MODE  PreviousMode, IN ULONG  Protection, IN BOOLEAN  CallerHoldsPfnLock )

Definition at line 42 of file acceschk.c. References ASSERT, FALSE, KeIsAttachedProcess, KPROCESSOR_MODE, LOCK_PFN, MI_PFN_ELEMENT, MiHighestUserPte, MM_GUARD_PAGE, MmReadWrite, _MMPFN::OriginalPte, PMMPFN, _MMPTE::u, _MMPFN::u3, UNLOCK_PFN, and UserMode. Referenced by MiResolveProtoPteFault(), and MmAccessFault(). 00052 : 00053 00054 00055 00056 Arguments: 00057 00058 PointerPte - Supplies the pointer to the PTE which caused the 00059 page fault. 00060 00061 WriteOperation - Supplies 1 if the operation is a write, 0 if 00062 the operation is a read. 00063 00064 PreviousMode - Supplies the previous mode, one of UserMode or KernelMode. 00065 00066 Protection - Supplies the protection mask to check. 00067 00068 CallerHoldsPfnLock - Supplies TRUE if the PFN lock is held, FALSE otherwise. 00069 00070 Return Value: 00071 00072 Returns TRUE if access to the page is allowed, FALSE otherwise. 00073 00074 Environment: 00075 00076 Kernel mode, APCs disabled. 00077 00078 --*/ 00079 00080 { 00081 MMPTE PteContents; 00082 KIRQL OldIrql; 00083 PMMPFN Pfn1; 00084 00085 // 00086 // Check to see if the owner bit allows access to the previous mode. 00087 // Access is not allowed if the owner is kernel and the previous 00088 // mode is user. Access is also disallowed if the write operation 00089 // is true and the write field in the PTE is false. 00090 // 00091 00092 // 00093 // If both an access violation and a guard page violation could 00094 // occur for the page, the access violation must be returned. 00095 // 00096 00097 if (PreviousMode == UserMode) { 00098 if (PointerPte > MiHighestUserPte) { 00099 return STATUS_ACCESS_VIOLATION; 00100 } 00101 } 00102 00103 PteContents = *PointerPte; 00104 00105 if (PteContents.u.Hard.Valid == 1) { 00106 00107 // 00108 // Valid pages cannot be guard page violations. 00109 // 00110 00111 if (WriteOperation) { 00112 if ((PteContents.u.Hard.Write == 1) || 00113 (PteContents.u.Hard.CopyOnWrite == 1)) { 00114 return STATUS_SUCCESS; 00115 } else { 00116 return STATUS_ACCESS_VIOLATION; 00117 } 00118 } else { 00119 return STATUS_SUCCESS; 00120 } 00121 00122 } else { 00123 00124 if ((MmReadWrite[Protection] - (CCHAR)WriteOperation) < 10) { 00125 return STATUS_ACCESS_VIOLATION; 00126 } else { 00127 00128 // 00129 // Check for a guard page fault. 00130 // 00131 00132 if (Protection & MM_GUARD_PAGE) { 00133 00134 // 00135 // If this thread is attached to a different process, 00136 // return an access violation rather than a guard 00137 // page exception. The prevents problems with unwanted 00138 // stack expansion and unexpected guard page behavior 00139 // from debuggers. 00140 00141 if (KeIsAttachedProcess()) { 00142 return STATUS_ACCESS_VIOLATION; 00143 } 00144 00145 // 00146 // Check to see if this is a transition PTE, if so, 00147 // the PFN database original contents field needs to be 00148 // updated. 00149 // 00150 00151 if ((PteContents.u.Soft.Transition == 1) && 00152 (PteContents.u.Soft.Prototype == 0)) { 00153 00154 // 00155 // Acquire the PFN mutex and check to see if the 00156 // PTE is still in the transition state, and, if so 00157 // update the original PTE in the pfn database. 00158 // 00159 00160 if (CallerHoldsPfnLock == FALSE) { 00161 LOCK_PFN (OldIrql); 00162 } 00163 PteContents = *(volatile MMPTE *)PointerPte; 00164 if ((PteContents.u.Soft.Transition == 1) && 00165 (PteContents.u.Soft.Prototype == 0)) { 00166 00167 // 00168 // Still in transition, update the PFN database. 00169 // 00170 00171 Pfn1 = MI_PFN_ELEMENT ( 00172 PteContents.u.Trans.PageFrameNumber); 00173 00174 ASSERT (Pfn1->u3.e1.PrototypePte == 0); 00175 Pfn1->OriginalPte.u.Soft.Protection = 00176 Protection & ~MM_GUARD_PAGE; 00177 } 00178 if (CallerHoldsPfnLock == FALSE) { 00179 UNLOCK_PFN (OldIrql); 00180 } 00181 } 00182 00183 PointerPte->u.Soft.Protection = Protection & ~MM_GUARD_PAGE; 00184 00185 return STATUS_GUARD_PAGE_VIOLATION; 00186 } 00187 return STATUS_SUCCESS; 00188 } 00189 } 00190 }

VOID MiAddMappedPtes (  IN PMMPTE  FirstPte, IN ULONG  NumberOfPtes, IN PCONTROL_AREA  ControlArea )

Definition at line 287 of file mapcache.c. References ASSERT, MiProtoAddressForKernelPte, MM_COLOR_MASK, _SUBSECTION::NextSubsection, PTE_SHIFT, _SUBSECTION::PtesInSubsection, _SUBSECTION::SubsectionBase, _MMPTE::u, and ZeroKernelPte. Referenced by MiMapViewInSystemSpace(), and MiShareSessionImage(). 00295 : 00296 00297 This function maps a view in the current address space to the 00298 specified control area. The page protection is identical to that 00299 of the prototype PTE. 00300 00301 This routine assumes the caller has called MiCheckPurgeAndUpMapCount, 00302 hence the PFN lock is not needed here. 00303 00304 Arguments: 00305 00306 FirstPte - Supplies a pointer to the first PTE of the current address 00307 space to initialize. 00308 00309 NumberOfPtes - Supplies the number of PTEs to initialize. 00310 00311 ControlArea - Supplies the control area to point the PTEs at. 00312 00313 Return Value: 00314 00315 None. 00316 00317 Environment: 00318 00319 Kernel mode. 00320 00321 --*/ 00322 00323 { 00324 PMMPTE PointerPte; 00325 PMMPTE ProtoPte; 00326 PMMPTE LastProto; 00327 PMMPTE LastPte; 00328 PSUBSECTION Subsection; 00329 00330 if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { 00331 Subsection = (PSUBSECTION)(ControlArea + 1); 00332 } 00333 else { 00334 Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); 00335 } 00336 00337 PointerPte = FirstPte; 00338 ASSERT (NumberOfPtes != 0); 00339 LastPte = FirstPte + NumberOfPtes; 00340 00341 ASSERT (ControlArea->NumberOfMappedViews >= 1); 00342 ASSERT (ControlArea->NumberOfUserReferences >= 1); 00343 ASSERT (ControlArea->u.Flags.HadUserReference == 1); 00344 ASSERT (ControlArea->NumberOfSectionReferences != 0); 00345 00346 ASSERT (ControlArea->u.Flags.BeingCreated == 0); 00347 ASSERT (ControlArea->u.Flags.BeingDeleted == 0); 00348 ASSERT (ControlArea->u.Flags.BeingPurged == 0); 00349 00350 ProtoPte = Subsection->SubsectionBase; 00351 00352 LastProto = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; 00353 00354 while (PointerPte < LastPte) { 00355 00356 if (ProtoPte >= LastProto) { 00357 00358 // 00359 // Handle extended subsections. 00360 // 00361 00362 Subsection = Subsection->NextSubsection; 00363 ProtoPte = Subsection->SubsectionBase; 00364 LastProto = &Subsection->SubsectionBase[ 00365 Subsection->PtesInSubsection]; 00366 } 00367 ASSERT (PointerPte->u.Long == ZeroKernelPte.u.Long); 00368 PointerPte->u.Long = MiProtoAddressForKernelPte (ProtoPte); 00369 00370 ASSERT (((ULONG_PTR)PointerPte & (MM_COLOR_MASK << PTE_SHIFT)) == 00371 (((ULONG_PTR)ProtoPte & (MM_COLOR_MASK << PTE_SHIFT)))); 00372 00373 PointerPte += 1; 00374 ProtoPte += 1; 00375 } 00376 00377 return; 00378 }

VOID MiAddSystemPtes (  IN PMMPTE  StartingPte, IN ULONG  NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE  SystemPtePoolType )

Definition at line 1907 of file sysptes.c. References ASSERT, Index, MiFillMemoryPte, MiReleaseSystemPtes(), MM_KERNEL_NOACCESS_PTE, MmSystemPtesEnd, MmSystemPtesStart, NULL, SystemPteSpace, TRUE, and USHORT. Referenced by MiInitMachineDependent(), and MmInitSystem(). : This routine adds newly created PTEs to the specified pool. Arguments: StartingPte - Supplies the address of the first PTE to put in the pool. NumberOfPtes - Supplies the number of PTEs to put in the pool. SystemPtePoolType - Supplies the PTE type of the pool to expand, one of SystemPteSpace or NonPagedPoolExpansion. Return Value: None. Environment: Kernel mode. --*/ { PMMPTE EndingPte; EndingPte = StartingPte + NumberOfPtes - 1; #ifdef _MI_SYSPTE_DEBUG_ MiRebuildPteTracker (StartingPte, NumberOfPtes); #endif if (StartingPte < MmSystemPtesStart[SystemPtePoolType]) { MmSystemPtesStart[SystemPtePoolType] = StartingPte; } if (EndingPte > MmSystemPtesEnd[SystemPtePoolType]) { MmSystemPtesEnd[SystemPtePoolType] = EndingPte; } #ifdef _MI_SYSPTE_DEBUG_ if (SystemPtePoolType == SystemPteSpace && MiPteTracker != NULL) { ULONG i; ULONG_PTR Index; PMMPTE_TRACKER Tracker; Index = StartingPte - MmSystemPtesStart[SystemPteSpace]; Tracker = &MiPteTracker[Index]; ASSERT (NumberOfPtes < 0x10000); Tracker->NumberOfPtes = (USHORT)NumberOfPtes; for (i = 0; i < NumberOfPtes; i += 1) { Tracker->InUse = TRUE; Tracker += 1; } } MiFillMemoryPte (StartingPte, NumberOfPtes * sizeof (MMPTE), MM_KERNEL_NOACCESS_PTE); #endif #ifdef _MI_GUARD_PTE_ MiReleaseSystemPtes (StartingPte, NumberOfPtes - 1, SystemPtePoolType); #else MiReleaseSystemPtes (StartingPte, NumberOfPtes, SystemPtePoolType); #endif }

VOID MiAddValidPageToWorkingSet (  IN PVOID  VirtualAddress, IN PMMPTE  PointerPte, IN PMMPFN  Pfn1, IN ULONG  WsleMask )

Definition at line 4056 of file pagfault.c. References ASSERT, _MMWSLE::e1, FALSE, MI_IS_PAGE_TABLE_ADDRESS, MI_IS_PROCESS_SPACE_ADDRESS, MI_IS_SESSION_ADDRESS, MI_IS_SESSION_PTE, MI_IS_SYSTEM_CACHE_ADDRESS, MI_SET_PTE_IN_WORKING_SET, MiLocateAndReserveWsle(), MiUpdateWsle(), MmSessionSpace, MmSystemCacheWs, MmSystemCacheWsle, MmWsle, PERFINFO_ADDTOWS, PsGetCurrentProcess, _MMWSLENTRY::SameProtectAsProto, _MMWSLE::u1, _EPROCESS::UniqueProcessId, _MM_SESSION_SPACE::Vm, _EPROCESS::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::Wsle, and WSLE_NUMBER. Referenced by MiAllocatePoolPages(), MiCompleteProtoPteFault(), MiDispatchFault(), MiMakeSpecialPoolPagable(), MiResolveDemandZeroFault(), MiResolveTransitionFault(), and MiSessionCommitPageTables(). 04065 : 04066 04067 This routine adds the specified virtual address into the 04068 appropriate working set list. 04069 04070 Arguments: 04071 04072 VirtualAddress - Supplies the address to add to the working set list. 04073 04074 PointerPte - Supplies a pointer to the pte that is now valid. 04075 04076 Pfn1 - Supplies the PFN database element for the physical page 04077 mapped by the virtual address. 04078 04079 WsleMask - Supplies a mask (protection and flags) to OR into the 04080 working set list entry. 04081 04082 Return Value: 04083 04084 None. 04085 04086 Environment: 04087 04088 Kernel mode, APCs disabled, working set lock. PFN lock NOT held. 04089 04090 --*/ 04091 04092 { 04093 WSLE_NUMBER WorkingSetIndex; 04094 PEPROCESS Process; 04095 PMMSUPPORT WsInfo; 04096 PMMWSLE Wsle; 04097 04098 ASSERT (MI_IS_PAGE_TABLE_ADDRESS(PointerPte)); 04099 ASSERT (PointerPte->u.Hard.Valid == 1); 04100 04101 if (MI_IS_SESSION_ADDRESS (VirtualAddress) || MI_IS_SESSION_PTE (VirtualAddress)) { 04102 // 04103 // Current process's session space working set. 04104 // 04105 04106 WsInfo = &MmSessionSpace->Vm; 04107 Wsle = MmSessionSpace->Wsle; 04108 } 04109 else if (MI_IS_PROCESS_SPACE_ADDRESS(VirtualAddress)) { 04110 04111 // 04112 // Per process working set. 04113 // 04114 04115 Process = PsGetCurrentProcess(); 04116 WsInfo = &Process->Vm; 04117 Wsle = MmWsle; 04118 04119 PERFINFO_ADDTOWS(Pfn1, VirtualAddress, Process->UniqueProcessId) 04120 } else { 04121 04122 // 04123 // System cache working set. 04124 // 04125 04126 WsInfo = &MmSystemCacheWs; 04127 Wsle = MmSystemCacheWsle; 04128 04129 PERFINFO_ADDTOWS(Pfn1, VirtualAddress, (HANDLE) -1); 04130 } 04131 04132 WorkingSetIndex = MiLocateAndReserveWsle (WsInfo); 04133 MiUpdateWsle (&WorkingSetIndex, 04134 VirtualAddress, 04135 WsInfo->VmWorkingSetList, 04136 Pfn1); 04137 Wsle[WorkingSetIndex].u1.Long |= WsleMask; 04138 04139 #if DBG 04140 if (MI_IS_SYSTEM_CACHE_ADDRESS(VirtualAddress)) { 04141 ASSERT (MmSystemCacheWsle[WorkingSetIndex].u1.e1.SameProtectAsProto); 04142 } 04143 #endif //DBG 04144 04145 MI_SET_PTE_IN_WORKING_SET (PointerPte, WorkingSetIndex); 04146 04147 KeFillEntryTb ((PHARDWARE_PTE)PointerPte, VirtualAddress, FALSE); 04148 return; 04149 }

VOID MiAdjustWorkingSetManagerParameters (  BOOLEAN  WorkStation  )

Definition at line 259 of file wsmanage.c. References FALSE, KeInitializeEvent, MiIdealPassFaultCountDisable, MiWaitForEmptyEvent, MiWaitingForWorkingSetEmpty, MmNumberOfPhysicalPages, MmWorkingSetReductionMax, MmWorkingSetReductionMin, MmWorkingSetVolReductionMax, PAGE_SIZE, and TRUE. Referenced by MmInitSystem(). : This function is called from MmInitSystem to adjust the working set manager trim algorithms based on system type and size. Arguments: WorkStation - TRUE if this is a workstation, FALSE if not. Return Value: None. Environment: Kernel mode --*/ { #ifdef _MI_USE_CLAIMS_ if (WorkStation && MmNumberOfPhysicalPages <= 63*1024*1024/PAGE_SIZE) { MiAgingShift = 4; MiEstimationShift = 5; } else { MiAgingShift = 5; MiEstimationShift = 6; } if (MmNumberOfPhysicalPages >= 63*1024*1024/PAGE_SIZE) { MmPlentyFreePages *= 2; } #else if (WorkStation && (MmNumberOfPhysicalPages <= (31*1024*1024/PAGE_SIZE))) { // // To get fault protection, you have to take 45 faults instead of // the old 15 fault protection threshold. // MiIdealPassFaultCountDisable = 45; // // Take more away when you are over your working set in both // forced and voluntary mode, but leave cache WS trim amounts // alone. // MmWorkingSetVolReductionMax = 100; MmWorkingSetReductionMax = 100; // // In forced mode, even if you are within your working set, take // memory away more aggressively. // MmWorkingSetReductionMin = 40; } else { MiIdealPassFaultCountDisable = 15; } #endif MiWaitingForWorkingSetEmpty = FALSE; KeInitializeEvent (&MiWaitForEmptyEvent, NotificationEvent, TRUE); }

LOGICAL MiApplyDriverVerifier (  IN  PLDR_DATA_TABLE_ENTRY, IN PMI_VERIFIER_DRIVER_ENTRY  Verifier )

Definition at line 3448 of file verifier.c. References ExAllocatePoolWithTag, FALSE, KernelVerifier, KiStackProtectTime, MI_VERIFIER_DRIVER_ENTRY, MiActiveVerifies, MiEnableRandomSpecialPool(), MiEnableVerifier(), MiFaultRetries, MiIoRetryLevel, MiSuspectDriverList, MiUserFaultRetries, MiUserIoRetryLevel, MiVerifierStackProtectTime, MiVerifyAllDrivers, MiVerifyRandomDrivers, MmVerifierData, NonPagedPool, NULL, RtlEqualUnicodeString(), RtlUpcaseUnicodeChar(), TRUE, VI_VERIFYING_DIRECTLY, VI_VERIFYING_INVERSELY, ViInitializeEntry(), ViInsertVerifierEntry(), and ViPrintString(). Referenced by MiInitializeDriverVerifierList(), and MiLoadSystemImage(). : This function is called as each module is loaded. If the module being loaded is in the suspect list, thunk it here. Arguments: DataTableEntry - Supplies the data table entry for the module. Verifier - Non-NULL if verification must be applied. FALSE indicates that the driver name must match for verification to be applied. Return Value: TRUE if thunking was applied, FALSE if not. Environment: Kernel mode, Phase 0 Initialization and normal runtime. Non paged pool exists in Phase0, but paged pool does not. Post-Phase0 serialization is provided by the MmSystemLoadLock. --*/ { WCHAR FirstChar; LOGICAL Found; PLIST_ENTRY NextEntry; ULONG VerifierFlags; if (Verifier != NULL) { Found = TRUE; } else { Found = FALSE; NextEntry = MiSuspectDriverList.Flink; while (NextEntry != &MiSuspectDriverList) { Verifier = CONTAINING_RECORD(NextEntry, MI_VERIFIER_DRIVER_ENTRY, Links); if (RtlEqualUnicodeString (&Verifier->BaseName, &DataTableEntry->BaseDllName, TRUE)) { Found = TRUE; ViInitializeEntry (Verifier, FALSE); break; } NextEntry = NextEntry->Flink; } } if (Found == FALSE) { VerifierFlags = VI_VERIFYING_DIRECTLY; if (MiVerifyAllDrivers == TRUE) { if (KernelVerifier == TRUE) { VerifierFlags = VI_VERIFYING_INVERSELY; } Found = TRUE; } else if (MiVerifyRandomDrivers != (WCHAR)0) { // // Wildcard match drivers randomly. // FirstChar = RtlUpcaseUnicodeChar(DataTableEntry->BaseDllName.Buffer[0]); if (MiVerifyRandomDrivers == FirstChar) { Found = TRUE; } else if (MiVerifyRandomDrivers == (WCHAR)'X') { if ((FirstChar >= (WCHAR)'0') && (FirstChar <= (WCHAR)'9')) { Found = TRUE; } } } if (Found == FALSE) { return FALSE; } Verifier = (PMI_VERIFIER_DRIVER_ENTRY)ExAllocatePoolWithTag ( NonPagedPool, sizeof (MI_VERIFIER_DRIVER_ENTRY) + DataTableEntry->BaseDllName.MaximumLength, 'dLmM'); if (Verifier == NULL) { return FALSE; } Verifier->BaseName.Buffer = (PWSTR)((PCHAR)Verifier + sizeof (MI_VERIFIER_DRIVER_ENTRY)); Verifier->BaseName.Length = DataTableEntry->BaseDllName.Length; Verifier->BaseName.MaximumLength = DataTableEntry->BaseDllName.MaximumLength; RtlMoveMemory (Verifier->BaseName.Buffer, DataTableEntry->BaseDllName.Buffer, DataTableEntry->BaseDllName.Length); ViInitializeEntry (Verifier, TRUE); Verifier->Flags = VerifierFlags; ViInsertVerifierEntry (Verifier); } Verifier->StartAddress = DataTableEntry->DllBase; Verifier->EndAddress = (PVOID)((ULONG_PTR)DataTableEntry->DllBase + DataTableEntry->SizeOfImage); if (MiEnableVerifier (DataTableEntry) == TRUE) { if (Verifier->Flags & VI_VERIFYING_DIRECTLY) { ViPrintString (&DataTableEntry->BaseDllName); } MmVerifierData.Loads += 1; Verifier->Loads += 1; DataTableEntry->Flags |= LDRP_IMAGE_VERIFYING; MiActiveVerifies += 1; if (MiActiveVerifies == 1) { // // Up the retry mechanism for potential injection failures. // MiIoRetryLevel = (ULONG)-1; MiFaultRetries = MiIoRetryLevel; MiUserIoRetryLevel = (ULONG)-1; MiUserFaultRetries = MiUserIoRetryLevel; #ifndef NO_POOL_CHECKS // // If a loaded driver(s) is undergoing validation, the default // special pool randomizer is disabled as the precious virtual // address space and physical memory is being put to specific // use. // MiEnableRandomSpecialPool (FALSE); #endif if (MmVerifierData.Level & DRIVER_VERIFIER_FORCE_IRQL_CHECKING) { // // Page out all thread stacks as soon as possible to // catch drivers using local events that do usermode waits. // if (KernelVerifier == FALSE) { MiVerifierStackProtectTime = KiStackProtectTime; KiStackProtectTime = 0; } } } } return Found; }

VOID MiAttachSession (  IN PMM_SESSION_SPACE  SessionGlobal  )

Definition at line 1181 of file session.c. References ASSERT, KeAttachSessionSpace(), MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MI_WRITE_VALID_PTE, MiGetPdeAddress, MiGetPpeAddress, MiHydra, MmSessionBase, PsGetCurrentProcess, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by MiEmptyAllWorkingSetsWorker(), and MmWorkingSetManager(). : Attaches to the specified session space. Arguments: SessionGlobal - Supplies a pointer to the session to attach to. Return Value: None. Environment: Kernel mode. No locks held. Current process must not have a session space - ie: the caller should be the system process or smss.exe. --*/ { PMMPTE PointerPde; #if DBG PMMPTE EndPde; ASSERT (MiHydra == TRUE); ASSERT (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 0); #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); ASSERT (PointerPde->u.Long == ZeroKernelPte.u.Long); #else PointerPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); while (PointerPde < EndPde) { ASSERT (PointerPde->u.Long == ZeroKernelPte.u.Long); PointerPde += 1; } #endif #endif #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); MI_WRITE_VALID_PTE (PointerPde, SessionGlobal->PageDirectory); #else PointerPde = MiGetPdeAddress (MmSessionBase); RtlCopyMemory (PointerPde, &SessionGlobal->PageTables[0], MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #endif #if defined(_IA64_) KeAttachSessionSpace(&SessionGlobal->SessionMapInfo); #endif }

VOID MiAttemptPageFileReduction (  VOID   )

Definition at line 1940 of file modwrite.c. References ASSERT, DbgPrint, DISPATCH_LEVEL, _MMPAGING_FILE::Entry, FALSE, File, _MMPAGING_FILE::FreeSpace, IoSetInformation(), _MMMOD_WRITER_MDL_ENTRY::LastPageToWrite, LOCK_PFN, _MMPAGING_FILE::MinimumSize, MmChargeCommitmentLock, MmMinimumPageFileReduction, MmNumberOfPagingFiles, MmPagingFile, MmTotalCommitLimit, MmTotalCommittedPages, NTSTATUS(), PAGE_SHIFT, PAGE_SIZE, RtlAreBitsClear(), RtlClearBits(), RtlSetBits(), _MMPAGING_FILE::Size, Size, TRUE, and UNLOCK_PFN. Referenced by MiDereferenceSegmentThread(). 01946 : 01947 01948 This routine attempts to reduce the size of the paging files to 01949 their minimum levels. 01950 01951 Note - Page file expansion and page file reduction are synchronized 01952 because a single thread is responsible for performing the 01953 operation. Hence, while expansion is occurring, a reduction 01954 request will be queued to the thread. 01955 01956 Arguments: 01957 01958 None. 01959 01960 Return Value: 01961 01962 None. 01963 01964 --*/ 01965 01966 { 01967 BOOLEAN Reduce; 01968 KIRQL OldIrql; 01969 ULONG i; 01970 PFN_NUMBER StartReduction; 01971 PFN_NUMBER ReductionSize; 01972 PFN_NUMBER TryBit; 01973 PFN_NUMBER TryReduction; 01974 SIZE_T MaxReduce; 01975 FILE_ALLOCATION_INFORMATION FileAllocationInfo; 01976 NTSTATUS status; 01977 01978 Reduce = FALSE; 01979 01980 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 01981 01982 // 01983 // Make sure the commit limit is greater than the number of committed 01984 // pages by twice the minimum page file reduction. Keep the 01985 // difference between the two at least minimum page file reduction. 01986 // 01987 01988 if ((MmTotalCommittedPages + (2 * MmMinimumPageFileReduction)) < 01989 MmTotalCommitLimit) { 01990 01991 MaxReduce = MmTotalCommitLimit - 01992 (MmMinimumPageFileReduction + MmTotalCommittedPages); 01993 ASSERT ((LONG)MaxReduce >= 0); 01994 01995 i = 0; 01996 do { 01997 01998 if (MaxReduce < MmMinimumPageFileReduction) { 01999 02000 // 02001 // Don't reduce any more paging files. 02002 // 02003 02004 break; 02005 } 02006 02007 if (MmPagingFile[i]->MinimumSize != MmPagingFile[i]->Size) { 02008 02009 if (MmPagingFile[i]->FreeSpace > MmMinimumPageFileReduction) { 02010 02011 // 02012 // Attempt to reduce this paging file. 02013 // 02014 02015 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 02016 02017 // 02018 // Lock the PFN database and check to see if ample pages 02019 // are free at the end of the paging file. 02020 // 02021 02022 TryBit = MmPagingFile[i]->Size - MmMinimumPageFileReduction; 02023 TryReduction = MmMinimumPageFileReduction; 02024 02025 if (TryBit <= MmPagingFile[i]->MinimumSize) { 02026 TryBit = MmPagingFile[i]->MinimumSize; 02027 TryReduction = MmPagingFile[i]->Size - 02028 MmPagingFile[i]->MinimumSize; 02029 } 02030 02031 StartReduction = 0; 02032 ReductionSize = 0; 02033 02034 LOCK_PFN (OldIrql); 02035 02036 while (TRUE) { 02037 02038 // 02039 // Try to reduce. 02040 // 02041 02042 if ((ReductionSize + TryReduction) > MaxReduce) { 02043 02044 // 02045 // The reduction attempt would remove more 02046 // than MaxReduce pages. 02047 // 02048 02049 break; 02050 } 02051 02052 if (RtlAreBitsClear (MmPagingFile[i]->Bitmap, 02053 (ULONG)TryBit, 02054 (ULONG)TryReduction)) { 02055 02056 // 02057 // Can reduce it by TryReduction, see if it can 02058 // be made smaller. 02059 // 02060 02061 StartReduction = TryBit; 02062 ReductionSize += TryReduction; 02063 02064 if (StartReduction == MmPagingFile[i]->MinimumSize) { 02065 break; 02066 } 02067 02068 TryBit = StartReduction - MmMinimumPageFileReduction; 02069 02070 if (TryBit <= MmPagingFile[i]->MinimumSize) { 02071 TryReduction -= 02072 MmPagingFile[i]->MinimumSize - TryBit; 02073 TryBit = MmPagingFile[i]->MinimumSize; 02074 } else { 02075 TryReduction = MmMinimumPageFileReduction; 02076 } 02077 } else { 02078 02079 // 02080 // Reduction has failed. 02081 // 02082 02083 break; 02084 } 02085 } //end while 02086 02087 // 02088 // Make sure there are no outstanding writes to 02089 // pages within the start reduction range. 02090 // 02091 02092 if (StartReduction != 0) { 02093 02094 // 02095 // There is an outstanding write past where the 02096 // new end of the paging file should be. This 02097 // is a very rare condition, so just punt shrinking 02098 // the file. 02099 // 02100 02101 if ((MmPagingFile[i]->Entry[0]->LastPageToWrite > 02102 StartReduction) || 02103 (MmPagingFile[i]->Entry[1]->LastPageToWrite > 02104 StartReduction)) { 02105 StartReduction = 0; 02106 } 02107 } 02108 02109 // 02110 // Are there any pages to remove? 02111 // 02112 02113 if (StartReduction != 0) { 02114 02115 // 02116 // Reduce the paging file's size and free space. 02117 // 02118 02119 ASSERT (ReductionSize == (MmPagingFile[i]->Size - StartReduction)); 02120 02121 MmPagingFile[i]->Size = StartReduction; 02122 MmPagingFile[i]->FreeSpace -= ReductionSize; 02123 MaxReduce -= ReductionSize; 02124 ASSERT ((LONG)MaxReduce >= 0); 02125 02126 RtlSetBits (MmPagingFile[i]->Bitmap, 02127 (ULONG)StartReduction, 02128 (ULONG)ReductionSize ); 02129 02130 // 02131 // Release the PFN lock now that the size info 02132 // has been updated. 02133 // 02134 02135 UNLOCK_PFN (OldIrql); 02136 02137 // 02138 // Change the commit limit to reflect the returned 02139 // page file space. 02140 // 02141 02142 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 02143 02144 // 02145 // Now that the commit lock is again held, recheck 02146 // the commit to ensure it is still safe to contract 02147 // the paging files. 02148 // 02149 02150 if ((MmTotalCommittedPages + (2 * MmMinimumPageFileReduction)) >= 02151 MmTotalCommitLimit) { 02152 02153 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 02154 LOCK_PFN (OldIrql); 02155 02156 MmPagingFile[i]->Size = StartReduction + ReductionSize; 02157 MmPagingFile[i]->FreeSpace += ReductionSize; 02158 MaxReduce += ReductionSize; 02159 ASSERT ((LONG)MaxReduce >= 0); 02160 02161 RtlClearBits (MmPagingFile[i]->Bitmap, 02162 (ULONG)StartReduction, 02163 (ULONG)ReductionSize ); 02164 02165 UNLOCK_PFN (OldIrql); 02166 02167 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 02168 break; 02169 } 02170 02171 MmTotalCommitLimit -= ReductionSize; 02172 02173 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 02174 02175 #if defined (_WIN64) || defined (_X86PAE_) 02176 FileAllocationInfo.AllocationSize.QuadPart = 02177 ((ULONG64)StartReduction << PAGE_SHIFT); 02178 02179 #else 02180 FileAllocationInfo.AllocationSize.LowPart = 02181 StartReduction * PAGE_SIZE; 02182 02183 // 02184 // Set high part to zero, paging files are 02185 // limited to 4gb. 02186 // 02187 02188 FileAllocationInfo.AllocationSize.HighPart = 0; 02189 #endif 02190 02191 // 02192 // Reduce the allocated size of the paging file 02193 // thereby actually freeing the space and 02194 // setting a new end of file. 02195 // 02196 02197 02198 ASSERT (KeGetCurrentIrql() < DISPATCH_LEVEL); 02199 status = IoSetInformation ( 02200 MmPagingFile[i]->File, 02201 FileAllocationInformation, 02202 sizeof(FILE_ALLOCATION_INFORMATION), 02203 &FileAllocationInfo 02204 ); 02205 #if DBG 02206 02207 // 02208 // Ignore errors on truncating the paging file 02209 // as we can always have less space in the bitmap 02210 // than the pagefile holds. 02211 // 02212 02213 if (status != STATUS_SUCCESS) { 02214 DbgPrint ("MM: pagefile truncate status %lx\n", 02215 status); 02216 } 02217 #endif 02218 } else { 02219 UNLOCK_PFN (OldIrql); 02220 } 02221 02222 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 02223 } 02224 } 02225 i += 1; 02226 } while (i < MmNumberOfPagingFiles); 02227 } 02228 02229 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 02230 return; 02231 }

VOID MiBuildPagedPool (  VOID   )

Definition at line 2184 of file mminit.c. : This function is called to build the structures required for paged pool and initialize the pool. Once this routine is called, paged pool may be allocated. Arguments: None. Return Value: None. Environment: Kernel Mode Only. System initialization. --*/ { SIZE_T Size; PMMPTE PointerPte; PMMPTE PointerPde; PMMPTE PointerPpe; PMMPTE PointerPpeEnd; MMPTE TempPte; PMMPFN Pfn1; PFN_NUMBER PageFrameIndex; KIRQL OldIrql; ULONG i; #if !defined (_WIN64) // // Double map system page directory page. // #if defined (_X86PAE_) PointerPte = MiGetPteAddress(PDE_BASE); for (i = 0 ; i < PD_PER_SYSTEM; i += 1) { MmSystemPageDirectory[i] = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT(MmSystemPageDirectory[i]); Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; PointerPte += 1; } // // Was not mapped physically, map it virtually in system space. // PointerPte = MiReserveSystemPtes ( PD_PER_SYSTEM, SystemPteSpace, MM_COLOR_ALIGNMENT, ((ULONG_PTR)PDE_BASE & MM_COLOR_MASK_VIRTUAL), TRUE); MmSystemPagePtes = (PMMPTE)MiGetVirtualAddressMappedByPte (PointerPte); TempPte = ValidKernelPde; for (i = 0 ; i < PD_PER_SYSTEM; i += 1) { TempPte.u.Hard.PageFrameNumber = MmSystemPageDirectory[i]; MI_WRITE_VALID_PTE (PointerPte, TempPte); PointerPte += 1; } #else MmSystemPageDirectory = MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(PDE_BASE)); Pfn1 = MI_PFN_ELEMENT(MmSystemPageDirectory); Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; MmSystemPagePtes = (PMMPTE)MiMapPageInHyperSpace (MmSystemPageDirectory, &OldIrql); MiUnmapPageInHyperSpace (OldIrql); if (!MI_IS_PHYSICAL_ADDRESS(MmSystemPagePtes)) { // // Was not mapped physically, map it virtually in system space. // PointerPte = MiReserveSystemPtes ( 1, SystemPteSpace, MM_COLOR_ALIGNMENT, ((ULONG_PTR)PDE_BASE & MM_COLOR_MASK_VIRTUAL), TRUE); TempPte = ValidKernelPde; TempPte.u.Hard.PageFrameNumber = MmSystemPageDirectory; MI_WRITE_VALID_PTE (PointerPte, TempPte); MmSystemPagePtes = (PMMPTE)MiGetVirtualAddressMappedByPte (PointerPte); } #endif #endif if (MmPagedPoolMaximumDesired == TRUE) { MmSizeOfPagedPoolInBytes = ((PCHAR)MmNonPagedSystemStart - (PCHAR)MmPagedPoolStart); } // // A size of 0 means size the pool based on physical memory. // if (MmSizeOfPagedPoolInBytes == 0) { MmSizeOfPagedPoolInBytes = 2 * MmMaximumNonPagedPoolInBytes; } if (MmIsThisAnNtAsSystem()) { if ((MmNumberOfPhysicalPages > ((24*1024*1024) >> PAGE_SHIFT)) && (MmSizeOfPagedPoolInBytes < MM_MINIMUM_PAGED_POOL_NTAS)) { MmSizeOfPagedPoolInBytes = MM_MINIMUM_PAGED_POOL_NTAS; } } if (MmSizeOfPagedPoolInBytes > (ULONG_PTR)((PCHAR)MmNonPagedSystemStart - (PCHAR)MmPagedPoolStart)) { MmSizeOfPagedPoolInBytes = ((PCHAR)MmNonPagedSystemStart - (PCHAR)MmPagedPoolStart); } Size = BYTES_TO_PAGES(MmSizeOfPagedPoolInBytes); if (Size < MM_MIN_INITIAL_PAGED_POOL) { Size = MM_MIN_INITIAL_PAGED_POOL; } if (Size > (MM_MAX_PAGED_POOL >> PAGE_SHIFT)) { Size = MM_MAX_PAGED_POOL >> PAGE_SHIFT; } Size = (Size + (PTE_PER_PAGE - 1)) / PTE_PER_PAGE; MmSizeOfPagedPoolInBytes = (ULONG_PTR)Size * PAGE_SIZE * PTE_PER_PAGE; ASSERT ((MmSizeOfPagedPoolInBytes + (PCHAR)MmPagedPoolStart) <= (PCHAR)MmNonPagedSystemStart); // // Set size to the number of pages in the pool. // Size = Size * PTE_PER_PAGE; MmPagedPoolEnd = (PVOID)(((PUCHAR)MmPagedPoolStart + MmSizeOfPagedPoolInBytes) - 1); MmPageAlignedPoolBase[PagedPool] = MmPagedPoolStart; // // Build page table page for paged pool. // PointerPde = MiGetPdeAddress (MmPagedPoolStart); MmPagedPoolBasePde = PointerPde; TempPte = ValidKernelPde; #if defined (_WIN64) // // Map in all the page directory pages to span all of paged pool. // This removes the need for a system lookup directory. // PointerPpe = MiGetPpeAddress (MmPagedPoolStart); PointerPpeEnd = MiGetPpeAddress (MmPagedPoolEnd); while (PointerPpe <= PointerPpeEnd) { if (PointerPpe->u.Hard.Valid == 0) { PageFrameIndex = MiRemoveAnyPage( MI_GET_PAGE_COLOR_FROM_PTE (PointerPpe)); TempPte.u.Hard.PageFrameNumber = PageFrameIndex; *PointerPpe = TempPte; Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); Pfn1->PteFrame = MI_GET_PAGE_FRAME_FROM_PTE ( MiGetPteAddress(PDE_KTBASE)); Pfn1->PteAddress = PointerPpe; Pfn1->u2.ShareCount = 1; Pfn1->u3.e2.ReferenceCount = 1; Pfn1->u3.e1.PageLocation = ActiveAndValid; Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; } PointerPpe += 1; } #endif PointerPte = MiGetPteAddress (MmPagedPoolStart); MmPagedPoolInfo.FirstPteForPagedPool = PointerPte; MmPagedPoolInfo.LastPteForPagedPool = MiGetPteAddress (MmPagedPoolEnd); MiFillMemoryPte (PointerPde, sizeof(MMPTE) * (1 + MiGetPdeAddress (MmPagedPoolEnd) - PointerPde), MM_KERNEL_NOACCESS_PTE); LOCK_PFN (OldIrql); // // Map in a page table page. // PageFrameIndex = MiRemoveAnyPage( MI_GET_PAGE_COLOR_FROM_PTE (PointerPde)); TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_WRITE_VALID_PTE (PointerPde, TempPte); Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); #if defined (_WIN64) Pfn1->PteFrame = MI_GET_PAGE_FRAME_FROM_PTE(MiGetPpeAddress (MmPagedPoolStart)); #else #if !defined (_X86PAE_) Pfn1->PteFrame = MmSystemPageDirectory; #else Pfn1->PteFrame = MmSystemPageDirectory[(PointerPde - MiGetPdeAddress(0)) / PDE_PER_PAGE]; #endif #endif Pfn1->PteAddress = PointerPde; Pfn1->u2.ShareCount = 1; Pfn1->u3.e2.ReferenceCount = 1; Pfn1->u3.e1.PageLocation = ActiveAndValid; Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; MiFillMemoryPte (PointerPte, PAGE_SIZE, MM_KERNEL_NOACCESS_PTE); UNLOCK_PFN (OldIrql); MmPagedPoolInfo.NextPdeForPagedPoolExpansion = PointerPde + 1; // // Build bitmaps for paged pool. // MiCreateBitMap (&MmPagedPoolInfo.PagedPoolAllocationMap, Size, NonPagedPool); RtlSetAllBits (MmPagedPoolInfo.PagedPoolAllocationMap); // // Indicate first page worth of PTEs are available. // RtlClearBits (MmPagedPoolInfo.PagedPoolAllocationMap, 0, PTE_PER_PAGE); MiCreateBitMap (&MmPagedPoolInfo.EndOfPagedPoolBitmap, Size, NonPagedPool); RtlClearAllBits (MmPagedPoolInfo.EndOfPagedPoolBitmap); // // If verifier is present then build the verifier paged pool bitmap. // if (MmVerifyDriverBufferLength != (ULONG)-1) { MiCreateBitMap (&VerifierLargePagedPoolMap, Size, NonPagedPool); RtlClearAllBits (VerifierLargePagedPoolMap); } // // Initialize paged pool. // InitializePool (PagedPool, 0L); MiInitializeSpecialPool(); // // Allow mapping of views into system space. // MiInitializeSystemSpaceMap ((PVOID)0); return; }

SIZE_T MiCalculatePageCommitment (  IN PVOID  StartingAddress, IN PVOID  EndingAddress, IN PMMVAD  Vad, IN PEPROCESS  Process )

Definition at line 519 of file mmquota.c. References BYTES_TO_PAGES, FALSE, MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteDecommittedPage(), MiIsPteOnPdeBoundary, and _MMPTE::u. Referenced by NtAllocateVirtualMemory(), and NtFreeVirtualMemory(). 00528 : 00529 00530 This routine examines the range of pages from the starting address 00531 up to and including the ending address and returns the commit charge 00532 for the pages within the range. 00533 00534 Arguments: 00535 00536 StartingAddress - Supplies the starting address of the range. 00537 00538 EndingAddress - Supplies the ending address of the range. 00539 00540 Vad - Supplies the virtual address descriptor which describes the range. 00541 00542 Process - Supplies the current process. 00543 00544 Return Value: 00545 00546 Commitment charge for the range. 00547 00548 Environment: 00549 00550 Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes 00551 held. 00552 00553 --*/ 00554 00555 { 00556 PMMPTE PointerPte; 00557 PMMPTE LastPte; 00558 PMMPTE PointerPde; 00559 PMMPTE PointerPpe; 00560 PMMPTE TempEnd; 00561 SIZE_T NumberOfCommittedPages; 00562 ULONG Waited; 00563 00564 NumberOfCommittedPages = 0; 00565 00566 PointerPpe = MiGetPpeAddress (StartingAddress); 00567 PointerPde = MiGetPdeAddress (StartingAddress); 00568 PointerPte = MiGetPteAddress (StartingAddress); 00569 00570 if (Vad->u.VadFlags.MemCommit == 1) { 00571 00572 TempEnd = EndingAddress; 00573 00574 // 00575 // All the pages are committed within this range. 00576 // 00577 00578 NumberOfCommittedPages = BYTES_TO_PAGES ((PCHAR)TempEnd - 00579 (PCHAR)StartingAddress); 00580 00581 00582 // 00583 // Examine the PTEs to determine how many pages are committed. 00584 // 00585 00586 LastPte = MiGetPteAddress (TempEnd); 00587 00588 do { 00589 00590 while (!MiDoesPpeExistAndMakeValid (PointerPpe, 00591 Process, 00592 FALSE, 00593 &Waited)) { 00594 00595 // 00596 // No PPE exists for the starting address, therefore the page 00597 // is not committed. 00598 // 00599 00600 PointerPpe += 1; 00601 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 00602 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00603 if (PointerPte > LastPte) { 00604 goto DoneCommit; 00605 } 00606 } 00607 00608 Waited = 0; 00609 00610 while (!MiDoesPdeExistAndMakeValid (PointerPde, 00611 Process, 00612 FALSE, 00613 &Waited)) { 00614 00615 // 00616 // No PDE exists for the starting address, therefore the page 00617 // is not committed. 00618 // 00619 00620 PointerPde += 1; 00621 PointerPpe = MiGetPteAddress (PointerPde); 00622 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00623 if (PointerPte > LastPte) { 00624 goto DoneCommit; 00625 } 00626 #if defined (_WIN64) 00627 if (MiIsPteOnPdeBoundary (PointerPde)) { 00628 Waited = 1; 00629 break; 00630 } 00631 #endif 00632 } 00633 00634 } while (Waited != 0); 00635 00636 restart: 00637 00638 while (PointerPte <= LastPte) { 00639 00640 if (MiIsPteOnPdeBoundary (PointerPte)) { 00641 00642 // 00643 // This is a PDE boundary, check to see if the entire 00644 // PPE/PDE pages exist. 00645 // 00646 00647 PointerPde = MiGetPteAddress (PointerPte); 00648 PointerPpe = MiGetPteAddress (PointerPde); 00649 00650 do { 00651 00652 if (!MiDoesPpeExistAndMakeValid (PointerPpe, 00653 Process, 00654 FALSE, 00655 &Waited)) { 00656 00657 // 00658 // No PDE exists for the starting address, check the VAD 00659 // to see if the pages are not committed. 00660 // 00661 00662 PointerPpe += 1; 00663 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 00664 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00665 00666 // 00667 // Check next page. 00668 // 00669 00670 goto restart; 00671 } 00672 00673 Waited = 0; 00674 00675 if (!MiDoesPdeExistAndMakeValid (PointerPde, 00676 Process, 00677 FALSE, 00678 &Waited)) { 00679 00680 // 00681 // No PDE exists for the starting address, check the VAD 00682 // to see if the pages are not committed. 00683 // 00684 00685 PointerPde += 1; 00686 PointerPpe = MiGetPteAddress (PointerPde); 00687 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00688 00689 // 00690 // Check next page. 00691 // 00692 00693 goto restart; 00694 } 00695 } while (Waited != 0); 00696 } 00697 00698 // 00699 // The PDE exists, examine the PTE. 00700 // 00701 00702 if (PointerPte->u.Long != 0) { 00703 00704 // 00705 // Has this page been explicitly decommitted? 00706 // 00707 00708 if (MiIsPteDecommittedPage (PointerPte)) { 00709 00710 // 00711 // This page is decommitted, remove it from the count. 00712 // 00713 00714 NumberOfCommittedPages -= 1; 00715 00716 } 00717 } 00718 00719 PointerPte += 1; 00720 } 00721 00722 DoneCommit: 00723 00724 if (TempEnd == EndingAddress) { 00725 return NumberOfCommittedPages; 00726 } 00727 00728 } 00729 00730 // 00731 // Examine non committed range. 00732 // 00733 00734 LastPte = MiGetPteAddress (EndingAddress); 00735 00736 do { 00737 00738 while (!MiDoesPpeExistAndMakeValid (PointerPpe, 00739 Process, 00740 FALSE, 00741 &Waited)) { 00742 00743 00744 // 00745 // No PDE exists for the starting address, therefore the page 00746 // is not committed. 00747 // 00748 00749 PointerPpe += 1; 00750 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 00751 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00752 if (PointerPte > LastPte) { 00753 return NumberOfCommittedPages; 00754 } 00755 } 00756 00757 Waited = 0; 00758 00759 while (!MiDoesPdeExistAndMakeValid (PointerPde, 00760 Process, 00761 FALSE, 00762 &Waited)) { 00763 00764 // 00765 // No PDE exists for the starting address, therefore the page 00766 // is not committed. 00767 // 00768 00769 PointerPde += 1; 00770 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00771 if (PointerPte > LastPte) { 00772 return NumberOfCommittedPages; 00773 } 00774 #if defined (_WIN64) 00775 if (MiIsPteOnPdeBoundary (PointerPde)) { 00776 PointerPpe = MiGetPteAddress (PointerPde); 00777 Waited = 1; 00778 break; 00779 } 00780 #endif 00781 } 00782 00783 } while (Waited != 0); 00784 00785 restart2: 00786 00787 while (PointerPte <= LastPte) { 00788 00789 if (MiIsPteOnPdeBoundary (PointerPte)) { 00790 00791 // 00792 // This is a PDE boundary, check to see if the entire 00793 // PPE/PDE pages exist. 00794 // 00795 00796 PointerPde = MiGetPteAddress (PointerPte); 00797 PointerPpe = MiGetPteAddress (PointerPde); 00798 00799 do { 00800 00801 if (!MiDoesPpeExistAndMakeValid (PointerPpe, 00802 Process, 00803 FALSE, 00804 &Waited)) { 00805 00806 // 00807 // No PPE exists for the starting address, check the VAD 00808 // to see if the pages are not committed. 00809 // 00810 00811 PointerPpe += 1; 00812 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 00813 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00814 00815 // 00816 // Check next page. 00817 // 00818 00819 goto restart2; 00820 } 00821 00822 Waited = 0; 00823 00824 if (!MiDoesPdeExistAndMakeValid (PointerPde, 00825 Process, 00826 FALSE, 00827 &Waited)) { 00828 00829 // 00830 // No PDE exists for the starting address, check the VAD 00831 // to see if the pages are not committed. 00832 // 00833 00834 PointerPde += 1; 00835 PointerPpe = MiGetPteAddress (PointerPde); 00836 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00837 00838 // 00839 // Check next page. 00840 // 00841 00842 goto restart2; 00843 } 00844 00845 } while (Waited != 0); 00846 } 00847 00848 // 00849 // The PDE exists, examine the PTE. 00850 // 00851 00852 if ((PointerPte->u.Long != 0) && 00853 (!MiIsPteDecommittedPage (PointerPte))) { 00854 00855 // 00856 // This page is committed, count it. 00857 // 00858 00859 NumberOfCommittedPages += 1; 00860 } 00861 00862 PointerPte += 1; 00863 } 00864 00865 return NumberOfCommittedPages; 00866 }

LOGICAL MiCancelWriteOfMappedPfn (  IN PFN_NUMBER  PageToStop  )

Definition at line 2579 of file modwrite.c. References APC_LEVEL, _MDL::ByteCount, FALSE, LOCK_PFN, _MMMOD_WRITER_MDL_ENTRY::Mdl, MiWriteComplete(), MmMappedPageWriterList, PAGE_SHIFT, TRUE, _MMMOD_WRITER_MDL_ENTRY::u, and UNLOCK_PFN. Referenced by MmPurgeSection(). 02585 : 02586 02587 This routine attempts to stop a pending mapped page writer write for the 02588 specified PFN. Note that if the write can be stopped, any other pages 02589 that may be clustered with the write are also stopped. 02590 02591 Arguments: 02592 02593 PageToStop - Supplies the frame number that the caller wants to stop. 02594 02595 Return Value: 02596 02597 TRUE if the write was stopped, FALSE if not. 02598 02599 Environment: 02600 02601 Kernel mode, PFN lock held. The PFN lock is released and reacquired if 02602 the write was stopped. 02603 02604 N.B. No other locks may be held as IRQL is lowered to APC_LEVEL here. 02605 02606 --*/ 02607 02608 { 02609 ULONG i; 02610 ULONG PageCount; 02611 KIRQL OldIrql; 02612 PPFN_NUMBER Page; 02613 PLIST_ENTRY NextEntry; 02614 PMDL MemoryDescriptorList; 02615 PMMMOD_WRITER_MDL_ENTRY ModWriterEntry; 02616 02617 // 02618 // Walk the MmMappedPageWriterList looking for an MDL which contains 02619 // the argument page. If found, remove it and cancel the write. 02620 // 02621 02622 NextEntry = MmMappedPageWriterList.Flink; 02623 while (NextEntry != &MmMappedPageWriterList) { 02624 02625 ModWriterEntry = CONTAINING_RECORD(NextEntry, 02626 MMMOD_WRITER_MDL_ENTRY, 02627 Links); 02628 02629 MemoryDescriptorList = &ModWriterEntry->Mdl; 02630 PageCount = (MemoryDescriptorList->ByteCount >> PAGE_SHIFT); 02631 Page = (PPFN_NUMBER)(MemoryDescriptorList + 1); 02632 02633 for (i = 0; i < PageCount; i += 1) { 02634 if (*Page == PageToStop) { 02635 RemoveEntryList (NextEntry); 02636 goto CancelWrite; 02637 } 02638 Page += 1; 02639 } 02640 02641 NextEntry = NextEntry->Flink; 02642 } 02643 02644 return FALSE; 02645 02646 CancelWrite: 02647 02648 UNLOCK_PFN (APC_LEVEL); 02649 02650 // 02651 // File lock conflict to indicate an error has occurred, 02652 // but that future I/Os should be allowed. Keep APCs disabled and 02653 // call the write completion routine. 02654 // 02655 02656 ModWriterEntry->u.IoStatus.Status = STATUS_FILE_LOCK_CONFLICT; 02657 ModWriterEntry->u.IoStatus.Information = 0; 02658 02659 MiWriteComplete ((PVOID)ModWriterEntry, 02660 &ModWriterEntry->u.IoStatus, 02661 0 ); 02662 02663 LOCK_PFN (OldIrql); 02664 02665 return TRUE; 02666 }

ULONG MiCanFileBeTruncatedInternal (  IN PSECTION_OBJECT_POINTERS  SectionPointer, IN PLARGE_INTEGER NewFileSize  OPTIONAL, IN LOGICAL  BlockNewViews, OUT PKIRQL  PreviousIrql )

Definition at line 2614 of file sectsup.c. References ASSERT, _SUBSECTION::ControlArea, FALSE, LOCK_PFN, MiEndingOffset(), MmFlushForWrite, MmFlushImageSection(), _SUBSECTION::NextSubsection, NULL, _CONTROL_AREA::NumberOfMappedViews, _CONTROL_AREA::NumberOfUserReferences, PAGE_SIZE, TRUE, _CONTROL_AREA::u, and UNLOCK_PFN. Referenced by MmCanFileBeTruncated(), and MmPurgeSection(). : This routine does the following: 1. Checks to see if a image section is in use for the file, if so it returns FALSE. 2. Checks to see if a user section exists for the file, if it does, it checks to make sure the new file size is greater than the size of the file, if not it returns FALSE. 3. If no image section exists, and no user created data section exists or the files size is greater, then TRUE is returned. Arguments: SectionPointer - Supplies a pointer to the section object pointers from the file object. NewFileSize - Supplies a pointer to the size the file is getting set to. BlockNewViews - Supplies TRUE if the caller will block new views while the operation (usually a purge) proceeds. This allows this routine to return TRUE even if the user has section references, provided the user currently has no mapped views. PreviousIrql - If returning TRUE, returns Irql to use when unlocking Pfn database. Return Value: TRUE if the file can be truncated (PFN locked). FALSE if it cannot be truncated (PFN not locked). Environment: Kernel mode. --*/ { KIRQL OldIrql; LARGE_INTEGER SegmentSize; PCONTROL_AREA ControlArea; PSUBSECTION Subsection; if (!MmFlushImageSection (SectionPointer, MmFlushForWrite)) { return FALSE; } LOCK_PFN (OldIrql); ControlArea = (PCONTROL_AREA)(SectionPointer->DataSectionObject); if (ControlArea != NULL) { if (ControlArea->u.Flags.BeingCreated || ControlArea->u.Flags.BeingDeleted) { goto UnlockAndReturn; } // // If there are user references and the size is less than the // size of the user view, don't allow the truncation. // if ((ControlArea->NumberOfUserReferences != 0) && ((BlockNewViews == FALSE) || (ControlArea->NumberOfMappedViews != 0))) { // // You cannot truncate the entire section if there is a user // reference. // if (!ARGUMENT_PRESENT(NewFileSize)) { goto UnlockAndReturn; } // // Locate last subsection and get total size. // if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { Subsection = (PSUBSECTION)(ControlArea + 1); } else { Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); } while (Subsection->NextSubsection != NULL) { Subsection = Subsection->NextSubsection; } ASSERT (Subsection->ControlArea->u.Flags.Image == 0); SegmentSize = MiEndingOffset(Subsection); if ((UINT64)NewFileSize->QuadPart < (UINT64)SegmentSize.QuadPart) { goto UnlockAndReturn; } // // If there are mapped views, we will skip the last page // of the section if the size passed in falls in that page. // The caller (like Cc) may want to clear this fractional page. // SegmentSize.QuadPart += PAGE_SIZE - 1; SegmentSize.LowPart &= ~(PAGE_SIZE - 1); if ((UINT64)NewFileSize->QuadPart < (UINT64)SegmentSize.QuadPart) { *NewFileSize = SegmentSize; } } } *PreviousIrql = OldIrql; return TRUE; UnlockAndReturn: UNLOCK_PFN (OldIrql); return FALSE; }

VOID MiCaptureWriteWatchDirtyBit (  IN PEPROCESS  Process, IN PVOID  VirtualAddress )

Referenced by MiEliminateWorkingSetEntry(), and MiFlushTbAndCapture().

ULONG MiChangeNoAccessForkPte (  IN PMMPTE  PointerPte, IN ULONG  ProtectionMask )

Definition at line 2032 of file protect.c. References FALSE, MM_NOACCESS, PAGED_CODE, and TRUE. Referenced by MiProtectVirtualMemory(), and MiSetProtectionOnSection(). : Arguments: PointerPte - Supplies a pointer to the current PTE. ProtectionMask - Supplies the protection mask to set. Return Value: FALSE if the loop should be repeated for this PTE, TRUE if protection has been set. Environment: Kernel mode, address creation mutex held, APCs disabled. --*/ { PAGED_CODE(); if (ProtectionMask == MM_NOACCESS) { // // No need to change the page protection. // return TRUE; } PointerPte->u.Proto.ReadOnly = 1; return FALSE; }

LOGICAL FASTCALL MiChargeCommitment (  IN SIZE_T  QuotaCharge, IN PEPROCESS Process  OPTIONAL )

Definition at line 191 of file mmquota.c. References _MMPAGE_FILE_EXPANSION::ActualExpansion, ASSERT, _MMPAGE_FILE_EXPANSION::Event, FALSE, KeInitializeEvent, LOCK_WS, LOCK_WS_REGARDLESS, LOCK_WS_UNSAFE, MI_EXTEND_ANY_PAGEFILE, MiCauseOverCommitPopup(), MiChargeCommitmentCantExpand(), MiIssuePageExtendRequest(), MM_EXTEND_COMMIT, MM_MAXIMUM_QUOTA_OVERCHARGE, MmChargeCommitmentLock, MmPageFileFullExtendPages, MmPeakCommitment, MmTotalCommitLimit, MmTotalCommittedPages, NULL, _MMPAGE_FILE_EXPANSION::PageFileNumber, _MMPAGE_FILE_EXPANSION::RequestedExpansionSize, _MMPAGE_FILE_EXPANSION::Segment, TRUE, and UNLOCK_WS_REGARDLESS. Referenced by MiCreateImageFileMap(), MiCreatePagingFileMap(), MiInitializeSessionPool(), MiInsertVad(), MiMapViewOfDataSection(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetProtectionOnSection(), MiShareSessionImage(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), NtAllocateVirtualMemory(), and NtCreatePagingFile(). 00198 : 00199 00200 This routine checks to ensure the system has sufficient page file 00201 space remaining. 00202 00203 Arguments: 00204 00205 QuotaCharge - Supplies the quota amount to charge. 00206 00207 Process - Optionally supplies the current process IF AND ONLY IF 00208 the working set mutex is held. If the paging file 00209 is being extended, the working set mutex is released if 00210 this is non-null. 00211 00212 Return Value: 00213 00214 TRUE if there is sufficient space, FALSE if not. 00215 00216 Environment: 00217 00218 Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes 00219 held. 00220 00221 --*/ 00222 00223 { 00224 KIRQL OldIrql; 00225 SIZE_T NewCommitValue; 00226 MMPAGE_FILE_EXPANSION PageExtend; 00227 LOGICAL WsHeldSafe; 00228 00229 #if !defined (_WIN64) 00230 ASSERT (QuotaCharge < 0x100000); 00231 #endif 00232 00233 ExAcquireFastLock (&MmChargeCommitmentLock, &OldIrql); 00234 00235 NewCommitValue = MmTotalCommittedPages + QuotaCharge; 00236 00237 while (NewCommitValue > MmTotalCommitLimit) { 00238 00239 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00240 00241 if (Process != NULL) { 00242 00243 // 00244 // The working set lock may have been acquired safely or unsafely 00245 // by our caller. Handle both cases here and below. 00246 // 00247 00248 UNLOCK_WS_REGARDLESS(Process, WsHeldSafe); 00249 } 00250 00251 // 00252 // Queue a message to the segment dereferencing / pagefile extending 00253 // thread to see if the page file can be extended. This is done 00254 // in the context of a system thread due to mutexes which may 00255 // currently be held. 00256 // 00257 00258 PageExtend.RequestedExpansionSize = QuotaCharge; 00259 PageExtend.Segment = NULL; 00260 PageExtend.PageFileNumber = MI_EXTEND_ANY_PAGEFILE; 00261 KeInitializeEvent (&PageExtend.Event, NotificationEvent, FALSE); 00262 00263 if (MiIssuePageExtendRequest (&PageExtend) == FALSE) { 00264 00265 if (Process != NULL) { 00266 LOCK_WS_REGARDLESS(Process, WsHeldSafe); 00267 } 00268 00269 // 00270 // If the quota is small enough, commit it anyway. Otherwise 00271 // return an error. 00272 // 00273 00274 if (QuotaCharge < MM_MAXIMUM_QUOTA_OVERCHARGE) { 00275 00276 // 00277 // Try the can't expand routine. 00278 // 00279 00280 if (MiChargeCommitmentCantExpand (QuotaCharge, FALSE) == FALSE) { 00281 return FALSE; 00282 } 00283 } else { 00284 00285 // 00286 // Put up a popup and grant an extension if possible. 00287 // 00288 00289 if (MiCauseOverCommitPopup (QuotaCharge, MM_EXTEND_COMMIT) == FALSE) { 00290 return FALSE; 00291 } 00292 } 00293 return TRUE; 00294 } 00295 00296 if (Process != NULL) { 00297 if (WsHeldSafe == TRUE) { 00298 LOCK_WS (Process); 00299 } 00300 else { 00301 LOCK_WS_UNSAFE (Process); 00302 } 00303 } 00304 00305 if (PageExtend.ActualExpansion == 0) { 00306 if (MiCauseOverCommitPopup (QuotaCharge, MM_EXTEND_COMMIT) == FALSE) { 00307 return FALSE; 00308 } 00309 return TRUE; 00310 } 00311 00312 ExAcquireFastLock (&MmChargeCommitmentLock, &OldIrql); 00313 NewCommitValue = MmTotalCommittedPages + QuotaCharge; 00314 } 00315 00316 MmTotalCommittedPages = NewCommitValue; 00317 if ((MmTotalCommittedPages > MmPeakCommitment) && 00318 (MmPageFileFullExtendPages == 0)) { 00319 MmPeakCommitment = MmTotalCommittedPages; 00320 } 00321 00322 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00323 00324 return TRUE; 00325 }

LOGICAL FASTCALL MiChargeCommitmentCantExpand (  IN SIZE_T  QuotaCharge, IN ULONG  MustSucceed )

Definition at line 329 of file mmquota.c. References _MMPAGE_FILE_EXPANSION::DereferenceList, FALSE, _MMPAGE_FILE_EXPANSION::InProgress, KeReleaseSemaphore(), L, _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, MM_DONT_EXTEND_SIZE, MmAttemptForCantExtend, MmChargeCommitmentLock, MmDereferenceSegmentHeader, MmTotalCommitLimit, MmTotalCommitLimitMaximum, MmTotalCommittedPages, _MMPAGE_FILE_EXPANSION::RequestedExpansionSize, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, and TRUE. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiChargeCommitment(), MiFillSystemPageDirectory(), MiFindContiguousMemory(), MiLoadImageSection(), MiPageFileFull(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), and MmInitSystem(). 00336 : 00337 00338 This routine charges the specified commitment without attempting 00339 to expand paging file and waiting for the expansion. The routine 00340 determines if the paging file space is exhausted, and if so, 00341 it attempts to ascertain if the paging file space could be expanded. 00342 00343 Arguments: 00344 00345 QuotaCharge - Supplies the quota amount to charge. 00346 00347 MustSucceed - Supplies TRUE if the charge must succeed. 00348 00349 Return Value: 00350 00351 TRUE if the commitment was permitted, FALSE if not. 00352 00353 Environment: 00354 00355 Kernel mode, APCs disabled. 00356 00357 --*/ 00358 00359 { 00360 KIRQL OldIrql; 00361 SIZE_T NewCommitValue; 00362 SIZE_T ExtendAmount; 00363 00364 ExAcquireFastLock (&MmChargeCommitmentLock, &OldIrql); 00365 00366 // 00367 // If the overcommitment is bigger than 512 pages, don't extend. 00368 // 00369 00370 NewCommitValue = MmTotalCommittedPages + QuotaCharge; 00371 00372 if (!MustSucceed) { 00373 00374 if (NewCommitValue > MmTotalCommitLimit) { 00375 00376 if ((NewCommitValue - MmTotalCommitLimit > MM_DONT_EXTEND_SIZE) || 00377 (NewCommitValue < MmTotalCommittedPages) || 00378 (NewCommitValue > MmTotalCommitLimitMaximum)) { 00379 00380 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00381 return FALSE; 00382 } 00383 } 00384 else if (NewCommitValue > MmTotalCommitLimitMaximum) { 00385 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00386 return FALSE; 00387 } 00388 } 00389 00390 ExtendAmount = NewCommitValue - MmTotalCommitLimit; 00391 MmTotalCommittedPages = NewCommitValue; 00392 00393 if (NewCommitValue > (MmTotalCommitLimit + 20)) { 00394 00395 // 00396 // Attempt to expand the paging file, but don't wait 00397 // to see if it succeeds. 00398 // 00399 00400 if (MmAttemptForCantExtend.InProgress != FALSE) { 00401 00402 // 00403 // An expansion request is already in progress, assume 00404 // this will succeed. 00405 // 00406 00407 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00408 return TRUE; 00409 } 00410 00411 MmAttemptForCantExtend.InProgress = TRUE; 00412 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00413 00414 // 00415 // Queue a message to the segment dereferencing / pagefile extending 00416 // thread to see if the page file can be extended. This is done 00417 // in the context of a system thread due to mutexes which may 00418 // currently be held. 00419 // 00420 00421 if (QuotaCharge > ExtendAmount) { 00422 ExtendAmount = QuotaCharge; 00423 } 00424 00425 MmAttemptForCantExtend.RequestedExpansionSize = ExtendAmount; 00426 ExAcquireFastLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); 00427 InsertTailList ( &MmDereferenceSegmentHeader.ListHead, 00428 &MmAttemptForCantExtend.DereferenceList); 00429 ExReleaseFastLock (&MmDereferenceSegmentHeader.Lock, OldIrql); 00430 00431 KeReleaseSemaphore (&MmDereferenceSegmentHeader.Semaphore, 0L, 1L, FALSE); 00432 } 00433 else { 00434 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00435 } 00436 00437 return TRUE; 00438 }

ULONG FASTCALL MiChargePageFileQuota (  IN SIZE_T  QuotaCharge, IN PEPROCESS  CurrentProcess )

Definition at line 58 of file mmquota.c. References ExRaiseStatus(), _EPROCESS_QUOTA_BLOCK::PagefileLimit, _EPROCESS_QUOTA_BLOCK::PagefileUsage, _EPROCESS_QUOTA_BLOCK::PeakPagefileUsage, PEPROCESS_QUOTA_BLOCK, PspDefaultQuotaBlock, _EPROCESS_QUOTA_BLOCK::QuotaLock, and TRUE. Referenced by MiInsertVad(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory(). 00065 : 00066 00067 This routine checks to ensure the user has sufficient page file 00068 quota remaining and, if so, charges the quota. If not an exception 00069 is raised. 00070 00071 Arguments: 00072 00073 QuotaCharge - Supplies the quota amount to charge. 00074 00075 CurrentProcess - Supplies a pointer to the current process. 00076 00077 Return Value: 00078 00079 TRUE if the quota was successfully charged, raises an exception 00080 otherwise. 00081 00082 Environment: 00083 00084 Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes 00085 held. 00086 00087 --*/ 00088 00089 { 00090 SIZE_T NewPagefileValue; 00091 PEPROCESS_QUOTA_BLOCK QuotaBlock; 00092 KIRQL OldIrql; 00093 00094 QuotaBlock = CurrentProcess->QuotaBlock; 00095 00096 retry_charge: 00097 if ( QuotaBlock != &PspDefaultQuotaBlock) { 00098 ExAcquireFastLock (&QuotaBlock->QuotaLock,&OldIrql); 00099 do_charge: 00100 NewPagefileValue = QuotaBlock->PagefileUsage + QuotaCharge; 00101 00102 if (NewPagefileValue > QuotaBlock->PagefileLimit) { 00103 ExReleaseFastLock (&QuotaBlock->QuotaLock,OldIrql); 00104 ExRaiseStatus (STATUS_PAGEFILE_QUOTA_EXCEEDED); 00105 } 00106 00107 QuotaBlock->PagefileUsage = NewPagefileValue; 00108 00109 if (NewPagefileValue > QuotaBlock->PeakPagefileUsage) { 00110 QuotaBlock->PeakPagefileUsage = NewPagefileValue; 00111 } 00112 00113 NewPagefileValue = CurrentProcess->PagefileUsage + QuotaCharge; 00114 CurrentProcess->PagefileUsage = NewPagefileValue; 00115 00116 if (NewPagefileValue > CurrentProcess->PeakPagefileUsage) { 00117 CurrentProcess->PeakPagefileUsage = NewPagefileValue; 00118 } 00119 ExReleaseFastLock (&QuotaBlock->QuotaLock,OldIrql); 00120 } else { 00121 ExAcquireFastLock (&PspDefaultQuotaBlock.QuotaLock,&OldIrql); 00122 00123 if ( (QuotaBlock = CurrentProcess->QuotaBlock) != &PspDefaultQuotaBlock) { 00124 ExReleaseFastLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql); 00125 goto retry_charge; 00126 } 00127 goto do_charge; 00128 } 00129 return TRUE; 00130 }

VOID MiCheckControlArea (  IN PCONTROL_AREA  ControlArea, IN PEPROCESS  CurrentProcess, IN KIRQL  PreviousIrql )

Definition at line 1823 of file sectsup.c. References ASSERT, _EVENT_COUNTER::Event, FALSE, KeSetEvent(), LOCK_WS_UNSAFE, MI_UNUSED_SEGMENTS_INSERT_CHARGE, MiCleanSection(), MiHydra, MiPurgeImageSection(), MiRemoveImageSectionObject(), MiSegmentDelete(), MM_PFN_LOCK_ASSERT, MmMaxUnusedSegmentNonPagedPoolUsage, MmMaxUnusedSegmentPagedPoolUsage, MmUnusedSegmentCleanup, MmUnusedSegmentList, MmUnusedSegmentNonPagedPoolUsage, MmUnusedSegmentPagedPoolUsage, NULL, TRUE, UNLOCK_PFN, and UNLOCK_WS_UNSAFE. Referenced by MiFlushRelease(), MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiRemoveMappedPtes(), MiRemoveMappedView(), MiSectionDelete(), MiShareSessionImage(), MiWriteComplete(), MmCreateSection(), MmFlushImageSection(), MmFlushSection(), MmPurgeSection(), MmShutdownSystem(), and MmUnmapViewInSystemCache(). : This routine checks the reference counts for the specified control area, and if the counts are all zero, it marks the control area for deletion and queues it to the deletion thread. *********************** NOTE ******************************** This routine returns with the PFN LOCK RELEASED!!!!! Arguments: ControlArea - Supplies a pointer to the control area to check. CurrentProcess - Supplies a pointer to the current process if and ONLY IF the working set lock is held. PreviousIrql - Supplies the previous IRQL. Return Value: NONE. Environment: Kernel mode, PFN lock held, PFN lock released upon return!!! --*/ { PEVENT_COUNTER PurgeEvent; ULONG DeleteOnClose; ULONG DereferenceSegment; PurgeEvent = NULL; DeleteOnClose = FALSE; DereferenceSegment = FALSE; MM_PFN_LOCK_ASSERT(); if ((ControlArea->NumberOfMappedViews == 0) && (ControlArea->NumberOfSectionReferences == 0)) { ASSERT (ControlArea->NumberOfUserReferences == 0); if (ControlArea->FilePointer != (PFILE_OBJECT)NULL) { if (ControlArea->NumberOfPfnReferences == 0) { // // There are no views and no physical pages referenced // by the Segment, dereference the Segment object. // ControlArea->u.Flags.BeingDeleted = 1; DereferenceSegment = TRUE; ASSERT (ControlArea->u.Flags.FilePointerNull == 0); ControlArea->u.Flags.FilePointerNull = 1; if (ControlArea->u.Flags.Image) { if (MiHydra == TRUE) { MiRemoveImageSectionObject (ControlArea->FilePointer, ControlArea); } else { ((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->ImageSectionObject)) = NULL; } } else { ASSERT (((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->DataSectionObject)) != NULL); ((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->DataSectionObject)) = NULL; } } else { // // Insert this segment into the unused segment list (unless // it is already on the list). // if (ControlArea->DereferenceList.Flink == NULL) { InsertTailList ( &MmUnusedSegmentList, &ControlArea->DereferenceList); MI_UNUSED_SEGMENTS_INSERT_CHARGE (ControlArea); } // // Indicate if this section should be deleted now that // the reference counts are zero. // DeleteOnClose = ControlArea->u.Flags.DeleteOnClose; // // The number of mapped views are zero, the number of // section references are zero, but there are some // pages of the file still resident. If this is // an image with Global Memory, "purge" the subsections // which contain the global memory and reset them to // point back to the file. // if (ControlArea->u.Flags.GlobalMemory == 1) { ASSERT (ControlArea->u.Flags.Image == 1); ControlArea->u.Flags.BeingPurged = 1; ControlArea->NumberOfMappedViews = 1; MiPurgeImageSection (ControlArea, CurrentProcess); ControlArea->u.Flags.BeingPurged = 0; ControlArea->NumberOfMappedViews -= 1; if ((ControlArea->NumberOfMappedViews == 0) && (ControlArea->NumberOfSectionReferences == 0) && (ControlArea->NumberOfPfnReferences == 0)) { ControlArea->u.Flags.BeingDeleted = 1; DereferenceSegment = TRUE; ControlArea->u.Flags.FilePointerNull = 1; if (MiHydra == TRUE) { MiRemoveImageSectionObject (ControlArea->FilePointer, ControlArea); } else { ((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->ImageSectionObject)) = NULL; } } else { PurgeEvent = ControlArea->WaitingForDeletion; ControlArea->WaitingForDeletion = NULL; } } // // If delete on close is set and the segment was // not deleted, up the count of mapped views so the // control area will not be deleted when the PFN lock // is released. // if (DeleteOnClose && !DereferenceSegment) { ControlArea->NumberOfMappedViews = 1; ControlArea->u.Flags.BeingDeleted = 1; } } } else { // // This Segment is backed by a paging file, dereference the // Segment object when the number of views goes from 1 to 0 // without regard to the number of PFN references. // ControlArea->u.Flags.BeingDeleted = 1; DereferenceSegment = TRUE; } } else if (ControlArea->WaitingForDeletion != NULL) { PurgeEvent = ControlArea->WaitingForDeletion; ControlArea->WaitingForDeletion = NULL; } UNLOCK_PFN (PreviousIrql); if (DereferenceSegment || DeleteOnClose) { // // Release the working set mutex, if it is held as the object // management routines may page fault, etc.. // if (CurrentProcess) { UNLOCK_WS_UNSAFE (CurrentProcess); } if (DereferenceSegment) { // // Delete the segment. // MiSegmentDelete (ControlArea->Segment); } else { // // The segment should be forced closed now. // MiCleanSection (ControlArea, TRUE); } ASSERT (PurgeEvent == NULL); // // Reacquire the working set lock, if a process was specified. // if (CurrentProcess) { LOCK_WS_UNSAFE (CurrentProcess); } } else { // // If any threads are waiting for the segment, indicate the // the purge operation has completed. // if (PurgeEvent != NULL) { KeSetEvent (&PurgeEvent->Event, 0, FALSE); } if (MmUnusedSegmentPagedPoolUsage > MmMaxUnusedSegmentPagedPoolUsage || MmUnusedSegmentNonPagedPoolUsage > MmMaxUnusedSegmentNonPagedPoolUsage) { KeSetEvent (&MmUnusedSegmentCleanup, 0, FALSE); } } return; }

BOOLEAN MiCheckControlAreaStatus (  IN SECTION_CHECK_TYPE  SectionCheckType, IN PSECTION_OBJECT_POINTERS  SectionObjectPointers, IN ULONG  DelayClose, OUT PCONTROL_AREA *  ControlArea, OUT PKIRQL  OldIrql )

Definition at line 2149 of file sectsup.c. References CheckBothSection, CheckImageSection, CheckUserDataSection, _EVENT_COUNTER::Event, FALSE, KeDelayExecutionThread(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KernelMode, KeWaitForSingleObject(), LOCK_PFN, MiFreeEventCounter(), MiGetEventCounter(), MmShortTime, NULL, _CONTROL_AREA::NumberOfMappedViews, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfUserReferences, _EVENT_COUNTER::RefCount, TRUE, _CONTROL_AREA::u, UNLOCK_PFN, UNLOCK_PFN_AND_THEN_WAIT, _CONTROL_AREA::WaitingForDeletion, and WrPageOut. Referenced by MmFlushImageSection(), and MmForceSectionClosed(). : This routine checks the status of the control area for the specified SectionObjectPointers. If the control area is in use, that is, the number of section references and the number of mapped views are not both zero, no action is taken and the function returns FALSE. If there is no control area associated with the specified SectionObjectPointers or the control area is in the process of being created or deleted, no action is taken and the value TRUE is returned. If, there are no section objects and the control area is not being created or deleted, the address of the control area is returned in the ControlArea argument, the address of a pool block to free is returned in the SegmentEventOut argument and the PFN_LOCK is still held at the return. Arguments: *SegmentEventOut - Returns a pointer to NonPaged Pool which much be freed by the caller when the PFN_LOCK is released. This value is NULL if no pool is allocated and the PFN_LOCK is not held. SectionCheckType - Supplies the type of section to check on, one of CheckImageSection, CheckDataSection, CheckBothSection. SectionObjectPointers - Supplies the section object pointers through which the control area can be located. DelayClose - Supplies a boolean which if TRUE and the control area is being used, the delay on close field should be set in the control area. *ControlAreaOut - Returns the address of the control area. PreviousIrql - Returns, in the case the PFN_LOCK is held, the previous IRQL so the lock can be released properly. Return Value: FALSE if the control area is in use, TRUE if the control area is gone or in the process or being created or deleted. Environment: Kernel mode, PFN lock NOT held. --*/ { PEVENT_COUNTER IoEvent; PEVENT_COUNTER SegmentEvent; ULONG DeallocateSegmentEvent = TRUE; PCONTROL_AREA ControlArea; ULONG SectRef; KIRQL OldIrql; // // Allocate an event to wait on in case the segment is in the // process of being deleted. This event cannot be allocated // with the PFN database locked as pool expansion would deadlock. // *ControlAreaOut = NULL; // // Acquire the PFN lock and examine the section object pointer // value within the file object. // // // File control blocks live in non-paged pool. // LOCK_PFN (OldIrql); SegmentEvent = MiGetEventCounter (); while (SegmentEvent == NULL) { UNLOCK_PFN (OldIrql); KeDelayExecutionThread (KernelMode, FALSE, (PLARGE_INTEGER)&MmShortTime); LOCK_PFN (OldIrql); SegmentEvent = MiGetEventCounter (); } if (SectionCheckType != CheckImageSection) { ControlArea = ((PCONTROL_AREA)(SectionObjectPointers->DataSectionObject)); } else { ControlArea = ((PCONTROL_AREA)(SectionObjectPointers->ImageSectionObject)); } if (ControlArea == NULL) { if (SectionCheckType != CheckBothSection) { // // This file no longer has an associated segment. // MiFreeEventCounter (SegmentEvent, TRUE); UNLOCK_PFN (OldIrql); return TRUE; } else { ControlArea = ((PCONTROL_AREA)(SectionObjectPointers->ImageSectionObject)); if (ControlArea == NULL) { // // This file no longer has an associated segment. // MiFreeEventCounter (SegmentEvent, TRUE); UNLOCK_PFN (OldIrql); return TRUE; } } } // // Depending on the type of section, check for the pertinent // reference count being non-zero. // if (SectionCheckType != CheckUserDataSection) { SectRef = ControlArea->NumberOfSectionReferences; } else { SectRef = ControlArea->NumberOfUserReferences; } if ((SectRef != 0) || (ControlArea->NumberOfMappedViews != 0) || (ControlArea->u.Flags.BeingCreated)) { // // The segment is currently in use or being created. // if (DelayClose) { // // The section should be deleted when the reference // counts are zero, set the delete on close flag. // ControlArea->u.Flags.DeleteOnClose = 1; } MiFreeEventCounter (SegmentEvent, TRUE); UNLOCK_PFN (OldIrql); return FALSE; } // // The segment has no references, delete it. If the segment // is already being deleted, set the event field in the control // area and wait on the event. // if (ControlArea->u.Flags.BeingDeleted) { // // The segment object is in the process of being deleted. // Check to see if another thread is waiting for the deletion, // otherwise create and event object to wait upon. // if (ControlArea->WaitingForDeletion == NULL) { // // Create an event and put its address in the control area. // DeallocateSegmentEvent = FALSE; ControlArea->WaitingForDeletion = SegmentEvent; IoEvent = SegmentEvent; } else { IoEvent = ControlArea->WaitingForDeletion; IoEvent->RefCount += 1; } // // Release the mutex and wait for the event. // KeEnterCriticalRegion(); UNLOCK_PFN_AND_THEN_WAIT(OldIrql); KeWaitForSingleObject(&IoEvent->Event, WrPageOut, KernelMode, FALSE, (PLARGE_INTEGER)NULL); LOCK_PFN (OldIrql); KeLeaveCriticalRegion(); MiFreeEventCounter (IoEvent, TRUE); if (DeallocateSegmentEvent) { MiFreeEventCounter (SegmentEvent, TRUE); } UNLOCK_PFN (OldIrql); return TRUE; } // // Return with the PFN database locked. // MiFreeEventCounter (SegmentEvent, FALSE); *ControlAreaOut = ControlArea; *PreviousIrql = OldIrql; return FALSE; }

PMMADDRESS_NODE MiCheckForConflictingNode (  IN ULONG_PTR  StartVpn, IN ULONG_PTR  EndVpn, IN PMMADDRESS_NODE  Root )

Definition at line 1068 of file addrsup.c. References _MMADDRESS_NODE::EndingVpn, _MMADDRESS_NODE::LeftChild, NULL, _MMADDRESS_NODE::RightChild, and _MMADDRESS_NODE::StartingVpn. 01076 : 01077 01078 The function determines if any addresses between a given starting and 01079 ending address is contained within a virtual address descriptor. 01080 01081 Arguments: 01082 01083 StartVpn - Supplies the virtual address to locate a containing 01084 descriptor. 01085 01086 EndVpn - Supplies the virtual address to locate a containing 01087 descriptor. 01088 01089 Return Value: 01090 01091 Returns a pointer to the first conflicting virtual address descriptor 01092 if one is found, otherwise a NULL value is returned. 01093 01094 --*/ 01095 01096 { 01097 PMMADDRESS_NODE Node; 01098 01099 Node = Root; 01100 01101 for (;;) { 01102 01103 if (Node == (PMMADDRESS_NODE)NULL) { 01104 return (PMMADDRESS_NODE)NULL; 01105 } 01106 01107 if (StartVpn > Node->EndingVpn) { 01108 Node = Node->RightChild; 01109 01110 } else if (EndVpn < Node->StartingVpn) { 01111 Node = Node->LeftChild; 01112 01113 } else { 01114 01115 // 01116 // The starting address is less than or equal to the end VA 01117 // and the ending address is greater than or equal to the 01118 // start va. Return this node. 01119 // 01120 01121 return Node; 01122 } 01123 } 01124 }

PVOID MiCheckForContiguousMemory (  IN PVOID  BaseAddress, IN PFN_NUMBER  BaseAddressPages, IN PFN_NUMBER  SizeInPages, IN PFN_NUMBER  LowestPfn, IN PFN_NUMBER  HighestPfn, IN PFN_NUMBER  BoundaryPfn )

Definition at line 6052 of file iosup.c. References ASSERT, MI_CONVERT_PHYSICAL_TO_PFN, MI_GET_PAGE_FRAME_FROM_PTE, MI_IS_PHYSICAL_ADDRESS, MiGetPteAddress, MiGetVirtualAddressMappedByPte, NULL, PAGE_SHIFT, and _MMPTE::u. Referenced by MiAllocateContiguousMemory(), and MiFindContiguousMemory(). : This routine checks to see if the physical memory mapped by the specified BaseAddress for the specified size is contiguous and that the first page is greater than or equal to the specified LowestPfn and that the last page of the physical memory is less than or equal to the specified HighestPfn. Arguments: BaseAddress - Supplies the base address to start checking at. BaseAddressPages - Supplies the number of pages to scan from the BaseAddress. SizeInPages - Supplies the number of pages in the range. LowestPfn - Supplies lowest PFN acceptable as a physical page. HighestPfn - Supplies the highest PFN acceptable as a physical page. BoundaryPfn - Supplies the PFN multiple the allocation must not cross. 0 indicates it can cross any boundary. Return Value: Returns the usable virtual address within the argument range that the caller should return to his caller. NULL if there is no usable address. Environment: Kernel mode, memory management internal. --*/ { PMMPTE PointerPte; PMMPTE LastPte; PFN_NUMBER PreviousPage; PFN_NUMBER Page; PFN_NUMBER HighestStartPage; PFN_NUMBER LastPage; PFN_NUMBER OriginalPage; PFN_NUMBER OriginalLastPage; PVOID BoundaryAllocation; PFN_NUMBER BoundaryMask; ULONG PageCount; MMPTE PteContents; BoundaryMask = ~(BoundaryPfn - 1); if (LowestPfn > HighestPfn) { return NULL; } if (LowestPfn + SizeInPages <= LowestPfn) { return NULL; } if (LowestPfn + SizeInPages > HighestPfn + 1) { return NULL; } if (BaseAddressPages < SizeInPages) { return NULL; } if (MI_IS_PHYSICAL_ADDRESS (BaseAddress)) { OriginalPage = MI_CONVERT_PHYSICAL_TO_PFN(BaseAddress); OriginalLastPage = OriginalPage + BaseAddressPages; Page = OriginalPage; LastPage = OriginalLastPage; // // Close the gaps, then examine the range for a fit. // if (Page < LowestPfn) { Page = LowestPfn; } if (LastPage > HighestPfn + 1) { LastPage = HighestPfn + 1; } HighestStartPage = LastPage - SizeInPages; if (Page > HighestStartPage) { return NULL; } if (BoundaryPfn != 0) { do { if (((Page ^ (Page + SizeInPages - 1)) & BoundaryMask) == 0) { // // This portion of the range meets the alignment // requirements. // break; } Page |= (BoundaryPfn - 1); Page += 1; } while (Page <= HighestStartPage); if (Page > HighestStartPage) { return NULL; } BoundaryAllocation = (PVOID)((PCHAR)BaseAddress + ((Page - OriginalPage) << PAGE_SHIFT)); // // The request can be satisfied. Since specific alignment was // requested, return the fit now without getting fancy. // return BoundaryAllocation; } // // If possible return a chunk on the end to reduce fragmentation. // if (LastPage == OriginalLastPage) { return (PVOID)((PCHAR)BaseAddress + ((BaseAddressPages - SizeInPages) << PAGE_SHIFT)); } // // The end chunk did not satisfy the requirements. The next best option // is to return a chunk from the beginning. Since that's where the search // began, just return the current chunk. // return (PVOID)((PCHAR)BaseAddress + ((Page - OriginalPage) << PAGE_SHIFT)); } // // Check the virtual addresses for physical contiguity. // PointerPte = MiGetPteAddress (BaseAddress); LastPte = PointerPte + BaseAddressPages; HighestStartPage = HighestPfn + 1 - SizeInPages; PageCount = 0; while (PointerPte < LastPte) { PteContents = *PointerPte; ASSERT (PteContents.u.Hard.Valid == 1); Page = MI_GET_PAGE_FRAME_FROM_PTE (&PteContents); // // Before starting a new run, ensure that it // can satisfy the location & boundary requirements (if any). // if (PageCount == 0) { if ((Page >= LowestPfn) && (Page <= HighestStartPage)) { if (BoundaryPfn == 0) { PageCount += 1; } else if (((Page ^ (Page + SizeInPages - 1)) & BoundaryMask) == 0) { // // This run's physical address meets the alignment // requirement. // PageCount += 1; } } if (PageCount == SizeInPages) { // // Success - found a single page satifying the requirements. // BaseAddress = MiGetVirtualAddressMappedByPte (PointerPte); return BaseAddress; } PreviousPage = Page; PointerPte += 1; continue; } if (Page != PreviousPage + 1) { // // This page is not physically contiguous. Start over. // PageCount = 0; continue; } PageCount += 1; if (PageCount == SizeInPages) { // // Success - found a page range satifying the requirements. // BaseAddress = MiGetVirtualAddressMappedByPte (PointerPte - PageCount + 1); return BaseAddress; } PointerPte += 1; } return NULL; }

VOID MiCheckForControlAreaDeletion (  IN PCONTROL_AREA  ControlArea  )

Definition at line 2059 of file sectsup.c. References ASSERT, FALSE, KeReleaseSemaphore(), L, _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, MI_UNUSED_SEGMENTS_REMOVE_CHARGE, MiHydra, MiRemoveImageSectionObject(), MM_PFN_LOCK_ASSERT, MmDereferenceSegmentHeader, NULL, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, and TRUE. Referenced by MiRestoreTransitionPte(). : This routine checks the reference counts for the specified control area, and if the counts are all zero, it marks the control area for deletion and queues it to the deletion thread. Arguments: ControlArea - Supplies a pointer to the control area to check. Return Value: None. Environment: Kernel mode, PFN lock held. --*/ { KIRQL OldIrql; MM_PFN_LOCK_ASSERT(); if ((ControlArea->NumberOfPfnReferences == 0) && (ControlArea->NumberOfMappedViews == 0) && (ControlArea->NumberOfSectionReferences == 0 )) { // // This segment is no longer mapped in any address space // nor are there any prototype PTEs within the segment // which are valid or in a transition state. Queue // the segment to the segment-dereferencer thread // which will dereference the segment object, potentially // causing the segment to be deleted. // ControlArea->u.Flags.BeingDeleted = 1; ASSERT (ControlArea->u.Flags.FilePointerNull == 0); ControlArea->u.Flags.FilePointerNull = 1; if (ControlArea->u.Flags.Image) { if (MiHydra == TRUE) { MiRemoveImageSectionObject (ControlArea->FilePointer, ControlArea); } else { ((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->ImageSectionObject)) = NULL; } } else { ((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->DataSectionObject)) = NULL; } ExAcquireSpinLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); ASSERT (ControlArea->DereferenceList.Flink != NULL); // // Remove the entry from the unused segment list and put it // on the dereference list. // RemoveEntryList (&ControlArea->DereferenceList); MI_UNUSED_SEGMENTS_REMOVE_CHARGE (ControlArea); InsertTailList (&MmDereferenceSegmentHeader.ListHead, &ControlArea->DereferenceList); ExReleaseSpinLock (&MmDereferenceSegmentHeader.Lock, OldIrql); KeReleaseSemaphore (&MmDereferenceSegmentHeader.Semaphore, 0L, 1L, FALSE); } return; }

NTSTATUS FASTCALL MiCheckForUserStackOverflow (  IN PVOID  FaultingAddress  )

Definition at line 194 of file acceschk.c. References ASSERT, EXCEPTION_EXECUTE_HANDLER, ExpDefaultErrorPortProcess, _MMLOCK_CONFLICT::List, MmChargeCommitmentLock, MmExtendedCommit, MmLockConflictList, MmTotalCommitLimit, NT_SUCCESS, NTSTATUS(), NULL, PAGE_ALIGN, PAGE_SIZE, PMMLOCK_CONFLICT, ProbeForRead, PsGetCurrentProcess, PsGetCurrentThread, and _MMLOCK_CONFLICT::Thread. Referenced by MmAccessFault(). 00200 : 00201 00202 This routine checks to see if the faulting address is within 00203 the stack limits and if so tries to create another guard 00204 page on the stack. A stack over flow is returned if the 00205 creation of a new guard page fails or if the stack is in 00206 the following form: 00207 00208 00209 stack +----------------+ 00210 growth | | StackBase 00211 | +----------------+ 00212 v | | 00213 | allocated | 00214 | | 00215 | ... | 00216 | | 00217 +----------------+ 00218 | old guard page | <- faulting address is in this page. 00219 +----------------+ 00220 | | 00221 +----------------+ 00222 | | last page of stack (always no access) 00223 +----------------+ 00224 00225 In this case, the page before the last page is committed, but 00226 not as a guard page and a STACK_OVERFLOW condition is returned. 00227 00228 Arguments: 00229 00230 FaultingAddress - Supplies the virtual address of the page which 00231 was a guard page. 00232 00233 Return Value: 00234 00235 None. 00236 00237 Environment: 00238 00239 Kernel mode. No mutexes held. 00240 00241 --*/ 00242 00243 { 00244 PTEB Teb; 00245 ULONG_PTR NextPage; 00246 SIZE_T RegionSize; 00247 NTSTATUS status; 00248 KIRQL OldIrql; 00249 PMMLOCK_CONFLICT Next; 00250 PVOID DeallocationStack; 00251 PVOID *StackLimit; 00252 00253 #if defined(WX86) || defined(_AXP64_) 00254 PWX86TIB Wx86Tib; 00255 #endif 00256 #if defined(_WIN64) 00257 PTEB32 Teb32; 00258 #endif 00259 00260 // 00261 // Make sure we are not recursing with the address space or 00262 // working set lock held. 00263 // 00264 00265 if (!IsListEmpty (&MmLockConflictList)) { 00266 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 00267 Next = (PMMLOCK_CONFLICT)MmLockConflictList.Flink; 00268 00269 while ((PVOID)Next != &MmLockConflictList) { 00270 00271 if (Next->Thread == PsGetCurrentThread()) { 00272 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 00273 return STATUS_GUARD_PAGE_VIOLATION; 00274 } 00275 Next = (PMMLOCK_CONFLICT)Next->List.Flink; 00276 } 00277 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 00278 } 00279 00280 // 00281 // Create an exception handler as the TEB is within the user's 00282 // address space. 00283 // 00284 00285 try { 00286 00287 Teb = NtCurrentTeb(); 00288 00289 #if defined(_IA64_) 00290 00291 if ((Teb->NtTib.StackBase <= FaultingAddress) && 00292 (Teb->DeallocationBStore > FaultingAddress)) { 00293 00294 // 00295 // check to see if the faulting address is within 00296 // the bstore limits and if so tries to create another guard 00297 // page on the bstore. 00298 // 00299 // 00300 // +----------------+ 00301 // | | last page of stack (always no access) 00302 // +----------------+ 00303 // | | 00304 // | | 00305 // | | 00306 // +----------------+ 00307 // | old guard page | <- faulting address is in this page. | 00308 // +----------------+ 00309 // bstore | | 00310 // growth | ...... | 00311 // | | 00312 // ^ | allocated | 00313 // | | | StackBase 00314 // +----------------+ 00315 // 00316 // 00317 00318 NextPage = (ULONG_PTR)PAGE_ALIGN(FaultingAddress) + PAGE_SIZE; 00319 00320 RegionSize = PAGE_SIZE; 00321 00322 if ((NextPage + PAGE_SIZE) >= (ULONG_PTR)PAGE_ALIGN(Teb->DeallocationBStore)) { 00323 00324 // 00325 // There is no more room for expansion, attempt to 00326 // commit the page before the last page of the 00327 // stack. 00328 // 00329 00330 NextPage = (ULONG_PTR)PAGE_ALIGN(Teb->DeallocationBStore) - PAGE_SIZE; 00331 00332 status = ZwAllocateVirtualMemory (NtCurrentProcess(), 00333 (PVOID *)&NextPage, 00334 0, 00335 &RegionSize, 00336 MEM_COMMIT, 00337 PAGE_READWRITE); 00338 if ( NT_SUCCESS(status) ) { 00339 Teb->BStoreLimit = (PVOID)( (PUCHAR)NextPage); 00340 } 00341 00342 return STATUS_STACK_OVERFLOW; 00343 } 00344 00345 Teb->BStoreLimit = (PVOID)((PUCHAR)(NextPage)); 00346 00347 } else { 00348 00349 #endif 00350 00351 DeallocationStack = Teb->DeallocationStack; 00352 StackLimit = &Teb->NtTib.StackLimit; 00353 00354 // 00355 // The stack base and the stack limit are both within the stack. 00356 // 00357 00358 if ((Teb->NtTib.StackBase <= FaultingAddress) || 00359 (DeallocationStack > FaultingAddress)) { 00360 00361 #if defined(WX86) 00362 // 00363 // Also check the Wx86 i386 stack on risc. 00364 // 00365 Wx86Tib = Teb->Vdm; 00366 if (Wx86Tib) { 00367 ProbeForRead(Wx86Tib, sizeof(WX86TIB), sizeof(ULONG)); 00368 if (Wx86Tib->Size == sizeof(WX86TIB) && 00369 Wx86Tib->StackBase > FaultingAddress && 00370 Wx86Tib->DeallocationStack <= FaultingAddress) { 00371 00372 DeallocationStack = Wx86Tib->DeallocationStack; 00373 StackLimit = &Wx86Tib->StackLimit; 00374 } else { 00375 // 00376 // Not within the stack. 00377 // 00378 00379 return STATUS_GUARD_PAGE_VIOLATION; 00380 } 00381 } else 00382 #endif 00383 #if defined(_WIN64) 00384 // 00385 // Also check for the 32-bit native stack on NT64 00386 // 00387 if ((Teb32 = (PTEB32)Teb->NtTib.ExceptionList) != NULL) { 00388 ProbeForRead(Teb32, sizeof(TEB32), sizeof(ULONG)); 00389 if ((ULONG_PTR)Teb32->NtTib.StackBase > (ULONG_PTR)FaultingAddress && 00390 (ULONG_PTR)Teb32->DeallocationStack <= (ULONG_PTR)FaultingAddress) { 00391 DeallocationStack = (PVOID)ULongToPtr(Teb32->DeallocationStack); 00392 00393 StackLimit = (PVOID *)&Teb32->NtTib.StackLimit; 00394 } else 00395 #if defined(_AXP64_) 00396 // 00397 // Also check the Wx86 i386 stack on risc. 00398 // 00399 if (Wx86Tib = (PWX86TIB)ULongToPtr(Teb32->Vdm)) { 00400 ProbeForRead(Wx86Tib, sizeof(WX86TIB), sizeof(ULONG)); 00401 if (Wx86Tib->Size == sizeof(WX86TIB) && 00402 (ULONG_PTR)Wx86Tib->StackBase > (ULONG_PTR)FaultingAddress && 00403 (ULONG_PTR)Wx86Tib->DeallocationStack <= (ULONG_PTR)FaultingAddress) { 00404 00405 DeallocationStack = Wx86Tib->DeallocationStack; 00406 StackLimit = (PVOID *)(&Wx86Tib->StackLimit); 00407 } else { 00408 // 00409 // Not within the stack. 00410 // 00411 00412 return STATUS_GUARD_PAGE_VIOLATION; 00413 } 00414 } else 00415 #endif 00416 { 00417 // 00418 // Not within the stack. 00419 // 00420 00421 return STATUS_GUARD_PAGE_VIOLATION; 00422 } 00423 } else 00424 #endif 00425 { 00426 // 00427 // Not within the stack. 00428 // 00429 00430 return STATUS_GUARD_PAGE_VIOLATION; 00431 } 00432 } 00433 00434 // 00435 // This address is within the current stack, check to see 00436 // if there is ample room for another guard page and 00437 // if so attempt to commit a new guard page. 00438 // 00439 00440 NextPage = ((ULONG_PTR)PAGE_ALIGN(FaultingAddress) - PAGE_SIZE); 00441 00442 RegionSize = PAGE_SIZE; 00443 00444 if ((NextPage - PAGE_SIZE) <= (ULONG_PTR)PAGE_ALIGN(DeallocationStack)) { 00445 00446 // 00447 // There is no more room for expansion, attempt to 00448 // commit the page before the last page of the 00449 // stack. 00450 // 00451 00452 NextPage = (ULONG_PTR)PAGE_ALIGN(DeallocationStack) + PAGE_SIZE; 00453 00454 status = ZwAllocateVirtualMemory (NtCurrentProcess(), 00455 (PVOID *)&NextPage, 00456 0, 00457 &RegionSize, 00458 MEM_COMMIT, 00459 PAGE_READWRITE); 00460 if ( NT_SUCCESS(status) ) { 00461 00462 #if defined(_WIN64) 00463 if (Teb32) { 00464 // update the 32-bit stacklimit 00465 *(ULONG *)StackLimit = PtrToUlong((PUCHAR)NextPage); 00466 } else { 00467 *StackLimit = (PVOID)( (PUCHAR)NextPage); 00468 } 00469 #else 00470 *StackLimit = (PVOID)( (PUCHAR)NextPage); 00471 #endif 00472 00473 } 00474 00475 return STATUS_STACK_OVERFLOW; 00476 } 00477 #if defined(_WIN64) 00478 if (Teb32) { 00479 // Update the 32-bit stacklimit 00480 *(ULONG *)StackLimit = PtrToUlong((PUCHAR)(NextPage + PAGE_SIZE)); 00481 } else { 00482 *StackLimit = (PVOID)((PUCHAR)(NextPage + PAGE_SIZE)); 00483 } 00484 #else 00485 *StackLimit = (PVOID)((PUCHAR)(NextPage + PAGE_SIZE)); 00486 #endif 00487 00488 #if defined(_IA64_) 00489 } 00490 #endif // _IA64_ 00491 00492 retry: 00493 status = ZwAllocateVirtualMemory (NtCurrentProcess(), 00494 (PVOID *)&NextPage, 00495 0, 00496 &RegionSize, 00497 MEM_COMMIT, 00498 PAGE_READWRITE | PAGE_GUARD); 00499 00500 00501 if (NT_SUCCESS(status) || (status == STATUS_ALREADY_COMMITTED)) { 00502 00503 // 00504 // The guard page is now committed or stack space is 00505 // already present, return success. 00506 // 00507 00508 return STATUS_PAGE_FAULT_GUARD_PAGE; 00509 } 00510 00511 if (PsGetCurrentProcess() == ExpDefaultErrorPortProcess) { 00512 00513 // 00514 // Don't let CSRSS process get any stack overflows due to 00515 // commitment. Increase the commitment by a page and 00516 // try again. 00517 // 00518 00519 ASSERT (status == STATUS_COMMITMENT_LIMIT); 00520 00521 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 00522 MmTotalCommitLimit += 1; 00523 MmExtendedCommit += 1; 00524 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 00525 goto retry; 00526 } 00527 00528 return STATUS_STACK_OVERFLOW; 00529 00530 } except (EXCEPTION_EXECUTE_HANDLER) { 00531 00532 // 00533 // An exception has occurred during the referencing of the 00534 // TEB or TIB, just return a guard page violation and 00535 // don't deal with the stack overflow. 00536 // 00537 00538 return STATUS_GUARD_PAGE_VIOLATION; 00539 } 00540 } }

NTSTATUS FASTCALL MiCheckPdeForPagedPool (  IN PVOID  VirtualAddress  )

Definition at line 3125 of file pagfault.c. References FALSE, MI_IS_KERNEL_PAGE_TABLE_ADDRESS, MI_IS_SESSION_ADDRESS, MI_IS_SESSION_PTE, MI_WRITE_VALID_PTE, MiCheckPdeForSessionSpace(), MiGetPdeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiHydra, MMPTE, MmSystemPagePtes, MmSystemRangeStart, NTSTATUS(), PDE_PER_PAGE, TRUE, and _MMPTE::u. Referenced by MiCheckProtoPtePageState(), MiCloneProcessAddressSpace(), MiDeletePte(), MiDeleteSystemPagableVm(), MiEliminateWorkingSetEntry(), MiHandleForkTransitionPte(), MiInitializeCopyOnWritePfn(), MiInitializePfn(), MiInitializeReadInProgressPfn(), MiInitializeTransitionPfn(), and MmAccessFault(). : This function copies the Page Table Entry for the corresponding virtual address from the system process's page directory. This allows page table pages to be lazily evaluated for things like paged pool and per-session mappings. Arguments: VirtualAddress - Supplies the virtual address in question. Return Value: Either success or access violation. Environment: Kernel mode, DISPATCH level or below. --*/ { PMMPTE PointerPde; PMMPTE PointerPte; NTSTATUS status; if (MiHydra == TRUE) { if (MI_IS_SESSION_ADDRESS (VirtualAddress) == TRUE) { // // Virtual address in the session space range. // return MiCheckPdeForSessionSpace (VirtualAddress); } if (MI_IS_SESSION_PTE (VirtualAddress) == TRUE) { // // PTE for the session space range. // return MiCheckPdeForSessionSpace (VirtualAddress); } } status = STATUS_SUCCESS; if (MI_IS_KERNEL_PAGE_TABLE_ADDRESS(VirtualAddress)) { // // PTE for paged pool. // PointerPde = MiGetPteAddress (VirtualAddress); status = STATUS_WAIT_1; } else if (VirtualAddress < MmSystemRangeStart) { return STATUS_ACCESS_VIOLATION; } else { // // Virtual address in paged pool range. // PointerPde = MiGetPdeAddress (VirtualAddress); } // // Locate the PDE for this page and make it valid. // if (PointerPde->u.Hard.Valid == 0) { PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); #if !defined (_X86PAE_) MI_WRITE_VALID_PTE (PointerPde, MmSystemPagePtes [((ULONG_PTR)PointerPde & ((sizeof(MMPTE) * PDE_PER_PAGE) - 1)) / sizeof(MMPTE)]); #else MI_WRITE_VALID_PTE (PointerPde, MmSystemPagePtes [((ULONG_PTR)PointerPde & (PD_PER_SYSTEM * (sizeof(MMPTE) * PDE_PER_PAGE) - 1)) / sizeof(MMPTE)]); #endif KeFillEntryTb ((PHARDWARE_PTE)PointerPde, PointerPte, FALSE); } return status; }

NTSTATUS FASTCALL MiCheckPdeForSessionSpace (  IN PVOID  VirtualAddress  )

Definition at line 3224 of file pagfault.c. References ASSERT, DbgPrint, FALSE, Index, MI_IS_SESSION_ADDRESS, MI_IS_SESSION_PTE, MiGetPdeAddress, MiGetPdeSessionIndex, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiHydra, MmSessionSpace, _MM_SESSION_SPACE::PageTables, TRUE, and _MMPTE::u. Referenced by MiCheckPdeForPagedPool(), and MmAccessFault(). 03230 : 03231 03232 This function copies the Page Table Entry for the corresponding 03233 session virtual address from the current session's data structures. 03234 03235 This allows page table pages to be lazily evaluated for session mappings. 03236 The caller must check for the current process having a session space. 03237 03238 Arguments: 03239 03240 VirtualAddress - Supplies the virtual address in question. 03241 03242 Return Value: 03243 03244 STATUS_WAIT_1 - The mapping has been made valid, retry the fault. 03245 03246 STATUS_SUCCESS - Did not handle the fault, continue further processing. 03247 03248 !STATUS_SUCCESS - An access violation has occurred - raise an exception. 03249 03250 Environment: 03251 03252 Kernel mode, DISPATCH level or below. 03253 03254 --*/ 03255 03256 { 03257 PMMPTE PointerPde; 03258 PVOID SessionVirtualAddress; 03259 ULONG Index; 03260 03261 // 03262 // Caller should have checked for this. 03263 // 03264 03265 ASSERT (MiHydra == TRUE); 03266 03267 // 03268 // First check whether the reference was to a page table page which maps 03269 // session space. If so, the PDE is retrieved from the session space 03270 // data structure and made valid. 03271 // 03272 03273 if (MI_IS_SESSION_PTE (VirtualAddress) == TRUE) { 03274 03275 // 03276 // Verify that the current process has a session space. 03277 // 03278 03279 PointerPde = MiGetPdeAddress (MmSessionSpace); 03280 03281 if (PointerPde->u.Hard.Valid == 0) { 03282 03283 #if DBG 03284 DbgPrint("MiCheckPdeForSessionSpace: No current session for PTE %p\n", 03285 VirtualAddress); 03286 03287 DbgBreakPoint(); 03288 #endif 03289 return STATUS_ACCESS_VIOLATION; 03290 } 03291 03292 SessionVirtualAddress = MiGetVirtualAddressMappedByPte ((PMMPTE) VirtualAddress); 03293 03294 PointerPde = MiGetPteAddress (VirtualAddress); 03295 03296 if (PointerPde->u.Hard.Valid == 1) { 03297 03298 // 03299 // The PDE is already valid - another thread must have 03300 // won the race. Just return. 03301 // 03302 03303 return STATUS_WAIT_1; 03304 } 03305 03306 // 03307 // Calculate the session space PDE index and load the 03308 // PDE from the session space table for this session. 03309 // 03310 03311 Index = MiGetPdeSessionIndex (SessionVirtualAddress); 03312 03313 PointerPde->u.Long = MmSessionSpace->PageTables[Index].u.Long; 03314 03315 if (PointerPde->u.Hard.Valid == 1) { 03316 KeFillEntryTb ((PHARDWARE_PTE)PointerPde, VirtualAddress, FALSE); 03317 return STATUS_WAIT_1; 03318 } 03319 03320 #if DBG 03321 DbgPrint("MiCheckPdeForSessionSpace: No Session PDE for PTE %p, %p\n", 03322 PointerPde->u.Long, SessionVirtualAddress); 03323 03324 DbgBreakPoint(); 03325 #endif 03326 return STATUS_ACCESS_VIOLATION; 03327 } 03328 03329 if (MI_IS_SESSION_ADDRESS (VirtualAddress) == FALSE) { 03330 03331 // 03332 // Not a session space fault - tell the caller to try other handlers. 03333 // 03334 03335 return STATUS_SUCCESS; 03336 } 03337 03338 // 03339 // Handle PDE faults for references in the session space. 03340 // Verify that the current process has a session space. 03341 // 03342 03343 PointerPde = MiGetPdeAddress (MmSessionSpace); 03344 03345 if (PointerPde->u.Hard.Valid == 0) { 03346 03347 #if DBG 03348 DbgPrint("MiCheckPdeForSessionSpace: No current session for VA %p\n", 03349 VirtualAddress); 03350 03351 DbgBreakPoint(); 03352 #endif 03353 return STATUS_ACCESS_VIOLATION; 03354 } 03355 03356 PointerPde = MiGetPdeAddress (VirtualAddress); 03357 03358 if (PointerPde->u.Hard.Valid == 0) { 03359 03360 // 03361 // Calculate the session space PDE index and load the 03362 // PDE from the session space table for this session. 03363 // 03364 03365 Index = MiGetPdeSessionIndex (VirtualAddress); 03366 03367 PointerPde->u.Long = MmSessionSpace->PageTables[Index].u.Long; 03368 03369 if (PointerPde->u.Hard.Valid == 1) { 03370 03371 KeFillEntryTb ((PHARDWARE_PTE)PointerPde, 03372 MiGetPteAddress(VirtualAddress), 03373 FALSE); 03374 03375 return STATUS_WAIT_1; 03376 } 03377 03378 #if DBG 03379 DbgPrint("MiCheckPdeForSessionSpace: No Session PDE for VA %p, %p\n", 03380 PointerPde->u.Long, VirtualAddress); 03381 03382 DbgBreakPoint(); 03383 #endif 03384 03385 return STATUS_ACCESS_VIOLATION; 03386 } 03387 03388 // 03389 // Tell the caller to continue with other fault handlers. 03390 // 03391 03392 return STATUS_SUCCESS; 03393 } #endif

VOID MiCheckPfn (  VOID   )

VOID MiCheckPte (  VOID   )

LOGICAL MiCheckPurgeAndUpMapCount (  IN PCONTROL_AREA  ControlArea  )

Definition at line 2809 of file mapview.c. References ASSERT, _EVENT_COUNTER::Event, FALSE, KeEnterCriticalRegion, KeLeaveCriticalRegion, KernelMode, KeWaitForSingleObject(), LOCK_PFN, MiFreeEventCounter(), MiGetEventCounter(), NULL, _EVENT_COUNTER::RefCount, TRUE, UNLOCK_PFN, UNLOCK_PFN_AND_THEN_WAIT, and WrVirtualMemory. Referenced by MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), and MiShareSessionImage(). 02815 : 02816 02817 This routine synchronizes with any on going purge operations 02818 on the same segment (identified via the control area). If 02819 another purge operation is occurring, the function blocks until 02820 it is completed. 02821 02822 When this function returns the MappedView and the NumberOfUserReferences 02823 count for the control area will be incremented thereby referencing 02824 the control area. 02825 02826 Arguments: 02827 02828 ControlArea - Supplies the control area for the segment to be purged. 02829 02830 Return Value: 02831 02832 TRUE if the synchronization was successful. 02833 FALSE if the synchronization did not occur due to low resources, etc. 02834 02835 Environment: 02836 02837 Kernel Mode. 02838 02839 --*/ 02840 02841 { 02842 KIRQL OldIrql; 02843 PEVENT_COUNTER PurgedEvent; 02844 PEVENT_COUNTER WaitEvent; 02845 ULONG OldRef; 02846 02847 PurgedEvent = NULL; 02848 OldRef = 1; 02849 02850 LOCK_PFN (OldIrql); 02851 02852 while (ControlArea->u.Flags.BeingPurged != 0) { 02853 02854 // 02855 // A purge operation is in progress. 02856 // 02857 02858 if (PurgedEvent == NULL) { 02859 02860 // 02861 // Release the locks and allocate pool for the event. 02862 // 02863 02864 PurgedEvent = MiGetEventCounter (); 02865 if (PurgedEvent == NULL) { 02866 UNLOCK_PFN (OldIrql); 02867 return FALSE; 02868 } 02869 02870 continue; 02871 } 02872 02873 if (ControlArea->WaitingForDeletion == NULL) { 02874 ControlArea->WaitingForDeletion = PurgedEvent; 02875 WaitEvent = PurgedEvent; 02876 PurgedEvent = NULL; 02877 } else { 02878 WaitEvent = ControlArea->WaitingForDeletion; 02879 WaitEvent->RefCount += 1; 02880 } 02881 02882 // 02883 // Release the pfn lock and wait for the event. 02884 // 02885 02886 KeEnterCriticalRegion(); 02887 UNLOCK_PFN_AND_THEN_WAIT(OldIrql); 02888 02889 KeWaitForSingleObject(&WaitEvent->Event, 02890 WrVirtualMemory, 02891 KernelMode, 02892 FALSE, 02893 (PLARGE_INTEGER)NULL); 02894 LOCK_PFN (OldIrql); 02895 KeLeaveCriticalRegion(); 02896 MiFreeEventCounter (WaitEvent, FALSE); 02897 } 02898 02899 // 02900 // Indicate another file is mapped for the segment. 02901 // 02902 02903 ControlArea->NumberOfMappedViews += 1; 02904 ControlArea->NumberOfUserReferences += 1; 02905 ControlArea->u.Flags.HadUserReference = 1; 02906 ASSERT (ControlArea->NumberOfSectionReferences != 0); 02907 02908 if (PurgedEvent != NULL) { 02909 MiFreeEventCounter (PurgedEvent, TRUE); 02910 } 02911 UNLOCK_PFN (OldIrql); 02912 02913 return TRUE; 02914 }

NTSTATUS MiCheckSecuredVad (  IN PMMVAD  Vad, IN PVOID  Base, IN ULONG_PTR  Size, IN ULONG  ProtectionMask )

VOID MiCheckSessionPoolAllocations (  VOID   )

Definition at line 4116 of file allocpag.c. References ASSERT, DbgPrint, else, KeBugCheckEx(), MiGetPdeAddress, MiGetVirtualAddressMappedByPte, MM_KERNEL_NOACCESS_PTE, MmSessionSpace, _MM_SESSION_SPACE::NonPagedPoolAllocations, _MM_SESSION_SPACE::NonPagedPoolBytes, PAGED_CODE, _MM_SESSION_SPACE::PagedPoolAllocations, _MM_SESSION_SPACE::PagedPoolBytes, _MM_SESSION_SPACE::PagedPoolEnd, _MM_SESSION_SPACE::PagedPoolStart, PTE_PER_PAGE, _MM_SESSION_SPACE::SessionId, and _MMPTE::u. Referenced by MiDereferenceSession(). : Ensure that the current session has no pool allocations since it is about to exit. All session allocations must be freed prior to session exit. Arguments: None. Return Value: None. Environment: Kernel mode. --*/ { ULONG i; PMMPTE StartPde; PMMPTE EndPde; PMMPTE PointerPte; PVOID VirtualAddress; PAGED_CODE(); if (MmSessionSpace->NonPagedPoolBytes || MmSessionSpace->PagedPoolBytes) { // // All page tables for this session's paged pool must be freed by now. // Being here means they aren't - this is fatal. Force in any valid // pages so that a debugger can show who the guilty party is. // StartPde = MiGetPdeAddress (MmSessionSpace->PagedPoolStart); EndPde = MiGetPdeAddress (MmSessionSpace->PagedPoolEnd); while (StartPde <= EndPde) { if (StartPde->u.Long != 0 && StartPde->u.Long != MM_KERNEL_NOACCESS_PTE) { // // Hunt through the page table page for valid pages and force // them in. Note this also forces in the page table page if // it is not already. // PointerPte = MiGetVirtualAddressMappedByPte (StartPde); for (i = 0; i < PTE_PER_PAGE; i += 1) { if (PointerPte->u.Long != 0 && PointerPte->u.Long != MM_KERNEL_NOACCESS_PTE) { VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); *(volatile BOOLEAN *)VirtualAddress = *(volatile BOOLEAN *)VirtualAddress; #if DBG DbgPrint("MiCheckSessionPoolAllocations: Address %p still valid\n", VirtualAddress); #endif } PointerPte += 1; } } StartPde += 1; } #if DBG DbgPrint ("MiCheckSessionPoolAllocations: This exiting session (ID %d) is leaking pool !\n", MmSessionSpace->SessionId); DbgPrint ("This means win32k.sys, rdpdd.sys, atmfd.sys or a video/font driver is broken\n"); DbgPrint ("%d nonpaged allocation leaks for %d bytes and %d paged allocation leaks for %d bytes\n", MmSessionSpace->NonPagedPoolAllocations, MmSessionSpace->NonPagedPoolBytes, MmSessionSpace->PagedPoolAllocations, MmSessionSpace->PagedPoolBytes); #endif KeBugCheckEx (SESSION_HAS_VALID_POOL_ON_EXIT, (ULONG_PTR)MmSessionSpace->SessionId, MmSessionSpace->PagedPoolBytes, MmSessionSpace->NonPagedPoolBytes, #if defined (_WIN64) (MmSessionSpace->NonPagedPoolAllocations << 32) | (MmSessionSpace->PagedPoolAllocations) #else (MmSessionSpace->NonPagedPoolAllocations << 16) | (MmSessionSpace->PagedPoolAllocations) #endif ); } ASSERT (MmSessionSpace->NonPagedPoolAllocations == 0); ASSERT (MmSessionSpace->PagedPoolAllocations == 0); }

PMMPTE MiCheckVirtualAddress (  IN PVOID  VirtualAddress, OUT PULONG  ProtectCode )

Definition at line 2880 of file pagfault.c. References _IMAGE_ENTRY_IN_SESSION::Address, ASSERT, DISPATCH_LEVEL, _MMVAD::FirstPrototypePte, _MM_SESSION_SPACE::ImageList, KeFlushEntireTb(), KeLowerIrql(), KeRaiseIrql(), _IMAGE_ENTRY_IN_SESSION::LastAddress, MI_GET_PROTECTION_FROM_VAD, MI_IS_PAGE_TABLE_ADDRESS, MI_IS_SESSION_ADDRESS, MI_VA_TO_VPN, MiGetProtoPteAddress, MiGetPteAddress, MiHandleBankedSection(), MiLocateAddress(), MM_EXECUTE_WRITECOPY, MM_LARGE_PAGES, MM_NOACCESS, MM_PAGED_POOL_START, MM_READONLY, MM_READWRITE, MM_SESSION_SPACE_WS_LOCK_ASSERT, MM_UNKNOWN_PROTECTION, MmPagedPoolInfo, MmSessionSpace, MmSharedUserDataPte, NULL, PAGE_ALIGN, PAGE_SHIFT, _IMAGE_ENTRY_IN_SESSION::PrototypePtes, _MMVAD::StartingVpn, TRUE, _MMVAD::u, _SUBSECTION::u, _MMPTE::u, _MMVAD::u2, _MMVAD::u4, and ZeroPte. Referenced by MiFindActualFaultingPte(), MiWaitForInPageComplete(), and MmAccessFault(). : This function examines the virtual address descriptors to see if the specified virtual address is contained within any of the descriptors. If a virtual address descriptor is found which contains the specified virtual address, a PTE is built from information within the virtual address descriptor and returned to the caller. Arguments: VirtualAddress - Supplies the virtual address to locate within a virtual address descriptor. Return Value: Returns the PTE which corresponds to the supplied virtual address. If no virtual address descriptor is found, a zero pte is returned. Environment: Kernel mode, APCs disabled, working set mutex held. --*/ { PMMVAD Vad; PMMPTE PointerPte; PLIST_ENTRY NextEntry; PIMAGE_ENTRY_IN_SESSION Image; if (VirtualAddress <= MM_HIGHEST_USER_ADDRESS) { #if defined(MM_SHARED_USER_DATA_VA) if (PAGE_ALIGN(VirtualAddress) == (PVOID) MM_SHARED_USER_DATA_VA) { // // This is the page that is double mapped between // user mode and kernel mode. Map in as read only. // On MIPS this is hardwired in the TB. // *ProtectCode = MM_READONLY; return &MmSharedUserDataPte; } #endif Vad = MiLocateAddress (VirtualAddress); if (Vad == (PMMVAD)NULL) { *ProtectCode = MM_NOACCESS; return NULL; } // // A virtual address descriptor which contains the virtual address // has been located. Build the PTE from the information within // the virtual address descriptor. // #ifdef LARGE_PAGES if (Vad->u.VadFlags.LargePages == 1) { KIRQL OldIrql; PSUBSECTION Subsection; // // The first prototype PTE points to the subsection for the // large page mapping. Subsection = (PSUBSECTION)Vad->FirstPrototypePte; ASSERT (Subsection->u.SubsectionFlags.LargePages == 1); KeRaiseIrql (DISPATCH_LEVEL, &OldIrql); KeFlushEntireTb (TRUE, TRUE); KeFillLargeEntryTb ((PHARDWARE_PTE)(Subsection + 1), VirtualAddress, Subsection->StartingSector); KeLowerIrql (OldIrql); *ProtectCode = MM_LARGE_PAGES; return NULL; } #endif //LARGE_PAGES if (Vad->u.VadFlags.PhysicalMapping == 1) { // // This is a banked section. // MiHandleBankedSection (VirtualAddress, Vad); *ProtectCode = MM_NOACCESS; return NULL; } if (Vad->u.VadFlags.PrivateMemory == 1) { // // This is a private region of memory. Check to make // sure the virtual address has been committed. Note that // addresses are dense from the bottom up. // if (Vad->u.VadFlags.UserPhysicalPages == 1) { // // These mappings only fault if the access is bad. // ASSERT (MiGetPteAddress(VirtualAddress)->u.Long == ZeroPte.u.Long); *ProtectCode = MM_NOACCESS; return NULL; } if (Vad->u.VadFlags.MemCommit == 1) { *ProtectCode = MI_GET_PROTECTION_FROM_VAD(Vad); return NULL; } // // The address is reserved but not committed. // *ProtectCode = MM_NOACCESS; return NULL; } else { // // This virtual address descriptor refers to a // section, calculate the address of the prototype PTE // and construct a pointer to the PTE. // //******************************************************* //******************************************************* // well here's an interesting problem, how do we know // how to set the attributes on the PTE we are creating // when we can't look at the prototype PTE without // potentially incurring a page fault. In this case // PteTemplate would be zero. //******************************************************* //******************************************************* // if (Vad->u.VadFlags.ImageMap == 1) { // // PTE and proto PTEs have the same protection for images. // *ProtectCode = MM_UNKNOWN_PROTECTION; } else { *ProtectCode = MI_GET_PROTECTION_FROM_VAD(Vad); } PointerPte = (PMMPTE)MiGetProtoPteAddress(Vad, MI_VA_TO_VPN (VirtualAddress)); if (PointerPte == NULL) { *ProtectCode = MM_NOACCESS; } if (Vad->u2.VadFlags2.ExtendableFile) { // // Make sure the data has been committed. // if ((MI_VA_TO_VPN (VirtualAddress) - Vad->StartingVpn) > (ULONG_PTR)((Vad->u4.ExtendedInfo->CommittedSize - 1) >> PAGE_SHIFT)) { *ProtectCode = MM_NOACCESS; } } return PointerPte; } } else if (MI_IS_PAGE_TABLE_ADDRESS(VirtualAddress)) { // // The virtual address is within the space occupied by PDEs, // make the PDE valid. // if (((PMMPTE)VirtualAddress >= MiGetPteAddress (MM_PAGED_POOL_START)) && ((PMMPTE)VirtualAddress <= MmPagedPoolInfo.LastPteForPagedPool)) { *ProtectCode = MM_NOACCESS; return NULL; } *ProtectCode = MM_READWRITE; return NULL; } else if (MI_IS_SESSION_ADDRESS (VirtualAddress) == TRUE) { // // See if the session space address is copy on write. // MM_SESSION_SPACE_WS_LOCK_ASSERT (); PointerPte = NULL; *ProtectCode = MM_NOACCESS; NextEntry = MmSessionSpace->ImageList.Flink; while (NextEntry != &MmSessionSpace->ImageList) { Image = CONTAINING_RECORD(NextEntry, IMAGE_ENTRY_IN_SESSION, Link); if ((VirtualAddress >= Image->Address) && (VirtualAddress <= Image->LastAddress)) { PointerPte = Image->PrototypePtes + (((PCHAR)VirtualAddress - (PCHAR)Image->Address) >> PAGE_SHIFT); *ProtectCode = MM_EXECUTE_WRITECOPY; break; } NextEntry = NextEntry->Flink; } return PointerPte; } // // Address is in system space. // *ProtectCode = MM_NOACCESS; return NULL; }

VOID MiCleanPhysicalProcessPages (  IN PEPROCESS  Process  )

Definition at line 2313 of file physical.c. References APC_LEVEL, ASSERT, BitMap, COPY_STACK_SIZE, ExFreePool(), LOWEST_USABLE_PHYSICAL_PAGE, MI_BITMAP_INDEX_TO_FRAME, MI_PFN_ELEMENT, MI_PFN_IS_AWE, MI_SET_PFN_DELETED, MiUpdateVadPhysicalPages(), MmFreePagesFromMdl(), MmHighestPossiblePhysicalPage, MmInitializeMdl, NonPagedPool, NULL, PAGE_SHIFT, PsReturnPoolQuota(), _MMPFN::PteAddress, RtlFindSetBits(), TRUE, and _MMPFN::u2. Referenced by MmCleanProcessAddressSpace(). 02319 : 02320 02321 This routine frees the VadPhysicalBitMap, any remaining physical pages (as 02322 they may not have been currently mapped into any Vads) and returns the 02323 bitmap quota. 02324 02325 Arguments: 02326 02327 Process - Supplies the process to clean. 02328 02329 Return Value: 02330 02331 None. 02332 02333 Environment: 02334 02335 Kernel mode, APC level, working set mutex held. Called only on process 02336 exit, so the AWE lock is not needed here. 02337 02338 --*/ 02339 02340 { 02341 PMMPFN Pfn1; 02342 ULONG BitMapSize; 02343 ULONG BitMapIndex; 02344 ULONG BitMapHint; 02345 PRTL_BITMAP BitMap; 02346 PPFN_NUMBER MdlPage; 02347 PFN_NUMBER MdlHack[(sizeof(MDL) / sizeof(PFN_NUMBER)) + COPY_STACK_SIZE]; 02348 ULONG_PTR MdlPages; 02349 ULONG_PTR NumberOfPages; 02350 ULONG_PTR TotalFreedPages; 02351 PMDL MemoryDescriptorList; 02352 PFN_NUMBER PageFrameIndex; 02353 #if DBG 02354 ULONG_PTR ActualPages = 0; 02355 ULONG_PTR ExpectedPages = 0; 02356 #endif 02357 02358 ASSERT (KeGetCurrentIrql() == APC_LEVEL); 02359 02360 #if DBG 02361 ExpectedPages = Process->VadPhysicalPages; 02362 #else 02363 if (Process->VadPhysicalPages == 0) { 02364 return; 02365 } 02366 #endif 02367 02368 TotalFreedPages = 0; 02369 BitMap = Process->VadPhysicalPagesBitMap; 02370 02371 if (BitMap != NULL) { 02372 02373 MdlPages = COPY_STACK_SIZE; 02374 MemoryDescriptorList = (PMDL)&MdlHack[0]; 02375 02376 MdlPage = (PPFN_NUMBER)(MemoryDescriptorList + 1); 02377 NumberOfPages = 0; 02378 02379 BitMapHint = 0; 02380 02381 while (TRUE) { 02382 02383 BitMapIndex = RtlFindSetBits (BitMap, 1, BitMapHint); 02384 02385 if (BitMapIndex < BitMapHint) { 02386 break; 02387 } 02388 02389 if (BitMapIndex == 0xFFFFFFFF) { 02390 break; 02391 } 02392 02393 PageFrameIndex = MI_BITMAP_INDEX_TO_FRAME(BitMapIndex); 02394 02395 #if defined (_WIN64) 02396 02397 // 02398 // This may become a problem for 64-bit systems with > 32tb 02399 // of physical memory as the 3rd parameter to RtlFindSetBits is 02400 // a ULONG. 02401 // 02402 02403 ASSERT (PageFrameIndex < 0x100000000); 02404 #endif 02405 02406 // 02407 // The bitmap search wraps, so handle it here. 02408 // Note PFN 0 is illegal. 02409 // 02410 02411 ASSERT (PageFrameIndex != 0); 02412 ASSERT (PageFrameIndex >= LOWEST_USABLE_PHYSICAL_PAGE); 02413 02414 ASSERT (ExpectedPages != 0); 02415 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); 02416 ASSERT (Pfn1->u2.ShareCount == 1); 02417 ASSERT (Pfn1->PteAddress == (PMMPTE)0); 02418 02419 ASSERT (MI_PFN_IS_AWE (Pfn1)); 02420 02421 MI_SET_PFN_DELETED(Pfn1); 02422 02423 *MdlPage = PageFrameIndex; 02424 MdlPage += 1; 02425 NumberOfPages += 1; 02426 #if DBG 02427 ActualPages += 1; 02428 #endif 02429 02430 if (NumberOfPages == COPY_STACK_SIZE) { 02431 02432 // 02433 // Free the pages in the full MDL. 02434 // 02435 02436 MmInitializeMdl (MemoryDescriptorList, 02437 0, 02438 NumberOfPages << PAGE_SHIFT); 02439 02440 MmFreePagesFromMdl (MemoryDescriptorList); 02441 02442 MdlPage = (PPFN_NUMBER)(MemoryDescriptorList + 1); 02443 Process->VadPhysicalPages -= NumberOfPages; 02444 TotalFreedPages += NumberOfPages; 02445 NumberOfPages = 0; 02446 } 02447 02448 BitMapHint = BitMapIndex + 1; 02449 if (BitMapHint >= BitMap->SizeOfBitMap) { 02450 break; 02451 } 02452 } 02453 02454 // 02455 // Free any straggling MDL pages here. 02456 // 02457 02458 if (NumberOfPages != 0) { 02459 MmInitializeMdl (MemoryDescriptorList, 02460 0, 02461 NumberOfPages << PAGE_SHIFT); 02462 02463 MmFreePagesFromMdl (MemoryDescriptorList); 02464 Process->VadPhysicalPages -= NumberOfPages; 02465 TotalFreedPages += NumberOfPages; 02466 } 02467 02468 ASSERT (ExpectedPages == ActualPages); 02469 02470 BitMapSize = sizeof(RTL_BITMAP) + (ULONG)((((MmHighestPossiblePhysicalPage + 1) + 31) / 32) * 4); 02471 02472 Process->VadPhysicalPagesBitMap = NULL; 02473 ExFreePool (BitMap); 02474 PsReturnPoolQuota (Process, NonPagedPool, BitMapSize); 02475 } 02476 02477 ASSERT (ExpectedPages == ActualPages); 02478 ASSERT (Process->VadPhysicalPages == 0); 02479 02480 if (TotalFreedPages != 0) { 02481 MiUpdateVadPhysicalPages (TotalFreedPages); 02482 } 02483 02484 return; 02485 }

VOID MiCleanSection (  IN PCONTROL_AREA  ControlArea, IN LOGICAL  DirtyDataPagesOk )

Definition at line 1075 of file sectsup.c. References ASSERT, _MDL::ByteCount, _SUBSECTION::ControlArea, DbgPrint, FALSE, FreePageList, IoSynchronousPageWrite(), IS_PTE_NOT_DEMAND_ZERO, KeBugCheckEx(), KeClearEvent, KeDelayExecutionThread(), KeEnterCriticalRegion, KeInitializeEvent, KeLeaveCriticalRegion, KernelMode, KeWaitForSingleObject(), LOCK_PFN, _MDL::MappedSystemVa, MDL_MAPPED_TO_SYSTEM_VA, MDL_PAGES_LOCKED, _MDL::MdlFlags, MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_INITIALIZE_ZERO_MDL, MI_IS_PFN_DELETED, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MI_SET_PFN_DELETED, MiCheckProtoPtePageState(), MiDecrementReferenceCount(), MiDecrementShareCount(), MiEndingOffset(), MiGetSubsectionAddress, MiHydra, MiInsertPageInList(), MiIsPteOnPdeBoundary, MiMakeSystemAddressValidPfn(), MiReleasePageFileSpace(), MiRemoveImageSectionObject(), MiSegmentDelete(), MiStartingOffset(), MiUnlinkPageFromList(), MM_DBG_FLUSH_SECTION, MM_MAXIMUM_WRITE_CLUSTER, MmMappedFileIoComplete, MmModifiedWriteClusterSize, MmPageLocationList, MmShortTime, MmUnmapLockedPages(), _SUBSECTION::NextSubsection, NT_SUCCESS, NTSTATUS(), NULL, _MMPFN::OriginalPte, PAGE_SHIFT, PAGE_SIZE, _MMPFN::PteAddress, _MMPFN::PteFrame, _SUBSECTION::PtesInSubsection, _MDL::Size, _MDL::StartVa, Status, _SUBSECTION::SubsectionBase, TRUE, _MMPTE::u, _CONTROL_AREA::u, _MMPFN::u3, UNLOCK_PFN, UNLOCK_PFN_AND_THEN_WAIT, and WrPageOut. Referenced by MiCheckControlArea(), MiRemoveUnusedSegments(), MmFlushImageSection(), and MmForceSectionClosed(). 01082 : 01083 01084 This function examines each prototype PTE in the section and 01085 takes the appropriate action to "delete" the prototype PTE. 01086 01087 If the PTE is dirty and is backed by a file (not a paging file), 01088 the corresponding page is written to the file. 01089 01090 At the completion of this service, the section which was 01091 operated upon is no longer usable. 01092 01093 NOTE - ALL I/O ERRORS ARE IGNORED. IF ANY WRITES FAIL, THE 01094 DIRTY PAGES ARE MARKED CLEAN AND THE SECTION IS DELETED. 01095 01096 Arguments: 01097 01098 ControlArea - Supplies a pointer to the control area for the section. 01099 01100 DirtyDataPagesOk - Supplies TRUE if dirty data pages are ok. If FALSE 01101 is specified then no dirty data pages are expected (as 01102 this is a dereference operation) so any encountered 01103 must be due to pool corruption so bugcheck. 01104 01105 Note that dirty image pages are always discarded. 01106 This should only happen for images that were either 01107 read in from floppies or images with shared global 01108 subsections. 01109 01110 Return Value: 01111 01112 None. 01113 01114 --*/ 01115 01116 { 01117 PMMPTE PointerPte; 01118 PMMPTE LastPte; 01119 PMMPTE LastWritten; 01120 MMPTE PteContents; 01121 PMMPFN Pfn1; 01122 PMMPFN Pfn2; 01123 PMMPTE WrittenPte; 01124 MMPTE WrittenContents; 01125 KIRQL OldIrql; 01126 PMDL Mdl; 01127 PSUBSECTION Subsection; 01128 PPFN_NUMBER Page; 01129 PPFN_NUMBER LastPage; 01130 LARGE_INTEGER StartingOffset; 01131 LARGE_INTEGER TempOffset; 01132 NTSTATUS Status; 01133 IO_STATUS_BLOCK IoStatus; 01134 ULONG WriteNow; 01135 ULONG ImageSection; 01136 ULONG DelayCount; 01137 ULONG First; 01138 KEVENT IoEvent; 01139 PFN_NUMBER MdlHack[(sizeof(MDL)/sizeof(PFN_NUMBER)) + MM_MAXIMUM_WRITE_CLUSTER]; 01140 01141 WriteNow = FALSE; 01142 ImageSection = FALSE; 01143 DelayCount = 0; 01144 01145 if (ControlArea->u.Flags.Image) { 01146 ImageSection = TRUE; 01147 } 01148 ASSERT (ControlArea->FilePointer); 01149 01150 PointerPte = ControlArea->Segment->PrototypePte; 01151 LastPte = PointerPte + ControlArea->Segment->NonExtendedPtes; 01152 01153 Mdl = (PMDL)&MdlHack; 01154 01155 KeInitializeEvent (&IoEvent, NotificationEvent, FALSE); 01156 01157 LastWritten = NULL; 01158 ASSERT (MmModifiedWriteClusterSize == MM_MAXIMUM_WRITE_CLUSTER); 01159 LastPage = NULL; 01160 01161 if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { 01162 Subsection = (PSUBSECTION)(ControlArea + 1); 01163 } 01164 else { 01165 Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); 01166 } 01167 01168 // 01169 // The PFN lock is required for deallocating pages from a paging 01170 // file and for deleting transition PTEs. 01171 // 01172 01173 LOCK_PFN (OldIrql); 01174 01175 // 01176 // Stop the modified page writer from writing pages to this 01177 // file, and if any paging I/O is in progress, wait for it 01178 // to complete. 01179 // 01180 01181 ControlArea->u.Flags.NoModifiedWriting = 1; 01182 01183 while (ControlArea->ModifiedWriteCount != 0) { 01184 01185 // 01186 // There is modified page writing in progess. Set the 01187 // flag in the control area indicating the modified page 01188 // writer should signal when a write to this control area 01189 // is complete. Release the PFN LOCK and wait in an 01190 // atomic operation. Once the wait is satisfied, recheck 01191 // to make sure it was this file's I/O that was written. 01192 // 01193 01194 ControlArea->u.Flags.SetMappedFileIoComplete = 1; 01195 KeEnterCriticalRegion(); 01196 UNLOCK_PFN_AND_THEN_WAIT(OldIrql); 01197 01198 KeWaitForSingleObject(&MmMappedFileIoComplete, 01199 WrPageOut, 01200 KernelMode, 01201 FALSE, 01202 (PLARGE_INTEGER)NULL); 01203 LOCK_PFN (OldIrql); 01204 KeLeaveCriticalRegion(); 01205 } 01206 01207 for (;;) { 01208 01209 First = TRUE; 01210 while (PointerPte < LastPte) { 01211 01212 if ((MiIsPteOnPdeBoundary(PointerPte)) || (First)) { 01213 01214 First = FALSE; 01215 01216 if ((ImageSection) || 01217 (MiCheckProtoPtePageState(PointerPte, FALSE))) { 01218 MiMakeSystemAddressValidPfn (PointerPte); 01219 } else { 01220 01221 // 01222 // Paged pool page is not resident, hence no transition or 01223 // valid prototype PTEs can be present in it. Skip it. 01224 // 01225 01226 PointerPte = (PMMPTE)((((ULONG_PTR)PointerPte | PAGE_SIZE - 1)) + 1); 01227 if (LastWritten != NULL) { 01228 WriteNow = TRUE; 01229 } 01230 goto WriteItOut; 01231 } 01232 } 01233 01234 PteContents = *PointerPte; 01235 01236 // 01237 // Prototype PTEs for Segments backed by paging file 01238 // are either in demand zero, page file format, or transition. 01239 // 01240 01241 if (PteContents.u.Hard.Valid == 1) { 01242 KeBugCheckEx (POOL_CORRUPTION_IN_FILE_AREA, 01243 0x0, 01244 (ULONG_PTR)ControlArea, 01245 (ULONG_PTR)PointerPte, 01246 (ULONG_PTR)PteContents.u.Long); 01247 } 01248 01249 if (PteContents.u.Soft.Prototype == 1) { 01250 01251 // 01252 // This is a normal prototype PTE in mapped file format. 01253 // 01254 01255 if (LastWritten != NULL) { 01256 WriteNow = TRUE; 01257 } 01258 } 01259 else if (PteContents.u.Soft.Transition == 1) { 01260 01261 // 01262 // Prototype PTE in transition, there are 3 possible cases: 01263 // 1. The page is part of an image which is sharable and 01264 // refers to the paging file - dereference page file 01265 // space and free the physical page. 01266 // 2. The page refers to the segment but is not modified - 01267 // free the physical page. 01268 // 3. The page refers to the segment and is modified - 01269 // write the page to the file and free the physical page. 01270 // 01271 01272 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Trans.PageFrameNumber); 01273 01274 if (Pfn1->u3.e2.ReferenceCount != 0) { 01275 if (DelayCount < 20) { 01276 01277 // 01278 // There must be an I/O in progress on this 01279 // page. Wait for the I/O operation to complete. 01280 // 01281 01282 UNLOCK_PFN (OldIrql); 01283 01284 KeDelayExecutionThread (KernelMode, FALSE, (PLARGE_INTEGER)&MmShortTime); 01285 01286 DelayCount += 1; 01287 01288 // 01289 // Redo the loop, if the delay count is greater than 01290 // 20, assume that this thread is deadlocked and 01291 // don't purge this page. The file system can deal 01292 // with the write operation in progress. 01293 // 01294 01295 LOCK_PFN (OldIrql); 01296 MiMakeSystemAddressValidPfn (PointerPte); 01297 continue; 01298 } 01299 #if DBG 01300 // 01301 // The I/O still has not completed, just ignore 01302 // the fact that the I/O is in progress and 01303 // delete the page. 01304 // 01305 01306 KdPrint(("MM:CLEAN - page number %lx has i/o outstanding\n", 01307 PteContents.u.Trans.PageFrameNumber)); 01308 #endif 01309 } 01310 01311 if (Pfn1->OriginalPte.u.Soft.Prototype == 0) { 01312 01313 // 01314 // Paging file reference (case 1). 01315 // 01316 01317 MI_SET_PFN_DELETED (Pfn1); 01318 01319 if (!ImageSection) { 01320 01321 // 01322 // This is not an image section, it must be a 01323 // page file backed section, therefore decrement 01324 // the PFN reference count for the control area. 01325 // 01326 01327 ControlArea->NumberOfPfnReferences -= 1; 01328 ASSERT ((LONG)ControlArea->NumberOfPfnReferences >= 0); 01329 } 01330 #if DBG 01331 else { 01332 // 01333 // This should only happen for images with shared 01334 // global subsections. 01335 // 01336 } 01337 #endif 01338 01339 MiDecrementShareCount (Pfn1->PteFrame); 01340 01341 // 01342 // Check the reference count for the page, if the // reference count is zero and the page is not on the 01343 // freelist, move the page to the free list, if the 01344 // reference count is not zero, ignore this page. When 01345 // the reference count goes to zero, it will be placed 01346 // on the free list. 01347 // 01348 01349 if ((Pfn1->u3.e2.ReferenceCount == 0) && 01350 (Pfn1->u3.e1.PageLocation != FreePageList)) { 01351 01352 MiUnlinkPageFromList (Pfn1); 01353 MiReleasePageFileSpace (Pfn1->OriginalPte); 01354 MiInsertPageInList (MmPageLocationList[FreePageList], 01355 MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents)); 01356 01357 } 01358 PointerPte->u.Long = 0; 01359 01360 // 01361 // If a cluster of pages to write has been completed, 01362 // set the WriteNow flag. 01363 // 01364 01365 if (LastWritten != NULL) { 01366 WriteNow = TRUE; 01367 } 01368 01369 } else { 01370 01371 if ((Pfn1->u3.e1.Modified == 0) || (ImageSection)) { 01372 01373 // 01374 // Non modified or image file page (case 2). 01375 // 01376 01377 MI_SET_PFN_DELETED (Pfn1); 01378 ControlArea->NumberOfPfnReferences -= 1; 01379 ASSERT ((LONG)ControlArea->NumberOfPfnReferences >= 0); 01380 01381 MiDecrementShareCount (Pfn1->PteFrame); 01382 01383 // 01384 // Check the reference count for the page, if the 01385 // reference count is zero and the page is not on 01386 // the freelist, move the page to the free list, 01387 // if the reference count is not zero, ignore this 01388 // page. When the reference count goes to zero, it 01389 // will be placed on the free list. 01390 // 01391 01392 if ((Pfn1->u3.e2.ReferenceCount == 0) && 01393 (Pfn1->u3.e1.PageLocation != FreePageList)) { 01394 01395 MiUnlinkPageFromList (Pfn1); 01396 MiReleasePageFileSpace (Pfn1->OriginalPte); 01397 MiInsertPageInList (MmPageLocationList[FreePageList], 01398 MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents)); 01399 } 01400 01401 PointerPte->u.Long = 0; 01402 01403 // 01404 // If a cluster of pages to write has been 01405 // completed, set the WriteNow flag. 01406 // 01407 01408 if (LastWritten != NULL) { 01409 WriteNow = TRUE; 01410 } 01411 01412 } else { 01413 01414 // 01415 // Modified page backed by the file (case 3). 01416 // Check to see if this is the first page of a 01417 // cluster. 01418 // 01419 01420 if (LastWritten == NULL) { 01421 LastPage = (PPFN_NUMBER)(Mdl + 1); 01422 ASSERT (MiGetSubsectionAddress(&Pfn1->OriginalPte) == 01423 Subsection); 01424 01425 // 01426 // Calculate the offset to read into the file. 01427 // offset = base + ((thispte - basepte) << PAGE_SHIFT) 01428 // 01429 01430 ASSERT (Subsection->ControlArea->u.Flags.Image == 0); 01431 StartingOffset.QuadPart = MiStartingOffset( 01432 Subsection, 01433 Pfn1->PteAddress); 01434 01435 MI_INITIALIZE_ZERO_MDL (Mdl); 01436 Mdl->MdlFlags |= MDL_PAGES_LOCKED; 01437 01438 Mdl->StartVa = 01439 (PVOID)ULongToPtr(Pfn1->u3.e1.PageColor << PAGE_SHIFT); 01440 Mdl->Size = (CSHORT)(sizeof(MDL) + 01441 (sizeof(PFN_NUMBER) * MmModifiedWriteClusterSize)); 01442 } 01443 01444 LastWritten = PointerPte; 01445 Mdl->ByteCount += PAGE_SIZE; 01446 01447 // 01448 // If the cluster is now full, 01449 // set the write now flag. 01450 // 01451 01452 if (Mdl->ByteCount == (PAGE_SIZE * MmModifiedWriteClusterSize)) { 01453 WriteNow = TRUE; 01454 } 01455 01456 MiUnlinkPageFromList (Pfn1); 01457 Pfn1->u3.e1.Modified = 0; 01458 01459 // 01460 // Up the reference count for the physical page as 01461 // there is I/O in progress. 01462 // 01463 01464 MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE(Pfn1, 22); 01465 Pfn1->u3.e2.ReferenceCount += 1; 01466 01467 // 01468 // Clear the modified bit for the page and set the 01469 // write in progress bit. 01470 // 01471 01472 *LastPage = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents); 01473 01474 LastPage += 1; 01475 } 01476 } 01477 } else { 01478 01479 if (IS_PTE_NOT_DEMAND_ZERO (PteContents)) { 01480 MiReleasePageFileSpace (PteContents); 01481 } 01482 PointerPte->u.Long = 0; 01483 01484 // 01485 // If a cluster of pages to write has been completed, 01486 // set the WriteNow flag. 01487 // 01488 01489 if (LastWritten != NULL) { 01490 WriteNow = TRUE; 01491 } 01492 } 01493 01494 // 01495 // Write the current cluster if it is complete, 01496 // full, or the loop is now complete. 01497 // 01498 01499 PointerPte += 1; 01500 WriteItOut: 01501 DelayCount = 0; 01502 01503 if ((WriteNow) || 01504 ((PointerPte == LastPte) && (LastWritten != NULL))) { 01505 01506 // 01507 // Issue the write request. 01508 // 01509 01510 UNLOCK_PFN (OldIrql); 01511 01512 if (DirtyDataPagesOk == FALSE) { 01513 KeBugCheckEx (POOL_CORRUPTION_IN_FILE_AREA, 01514 0x1, 01515 (ULONG_PTR)ControlArea, 01516 (ULONG_PTR)Mdl, 01517 (ULONG_PTR)0); 01518 } 01519 01520 WriteNow = FALSE; 01521 01522 KeClearEvent (&IoEvent); 01523 01524 // 01525 // Make sure the write does not go past the 01526 // end of file. (segment size). 01527 // 01528 01529 ASSERT (Subsection->ControlArea->u.Flags.Image == 0); 01530 01531 TempOffset = MiEndingOffset(Subsection); 01532 01533 if (((UINT64)StartingOffset.QuadPart + Mdl->ByteCount) > 01534 (UINT64)TempOffset.QuadPart) { 01535 01536 ASSERT ((ULONG)(TempOffset.QuadPart - 01537 StartingOffset.QuadPart) > 01538 (Mdl->ByteCount - PAGE_SIZE)); 01539 01540 Mdl->ByteCount = (ULONG)(TempOffset.QuadPart - 01541 StartingOffset.QuadPart); 01542 } 01543 01544 #if DBG 01545 if (MmDebug & MM_DBG_FLUSH_SECTION) { 01546 DbgPrint("MM:flush page write begun %lx\n", 01547 Mdl->ByteCount); 01548 } 01549 #endif //DBG 01550 01551 Status = IoSynchronousPageWrite (ControlArea->FilePointer, 01552 Mdl, 01553 &StartingOffset, 01554 &IoEvent, 01555 &IoStatus ); 01556 01557 if (NT_SUCCESS(Status)) { 01558 01559 KeWaitForSingleObject (&IoEvent, 01560 WrPageOut, 01561 KernelMode, 01562 FALSE, 01563 (PLARGE_INTEGER)NULL); 01564 } 01565 01566 if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { 01567 MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); 01568 } 01569 01570 Page = (PPFN_NUMBER)(Mdl + 1); 01571 01572 LOCK_PFN (OldIrql); 01573 01574 if (MiIsPteOnPdeBoundary(PointerPte) == 0) { 01575 01576 // 01577 // The next PTE is not in a different page, make 01578 // sure this page did not leave memory when the 01579 // I/O was in progress. 01580 // 01581 01582 MiMakeSystemAddressValidPfn (PointerPte); 01583 } 01584 01585 // 01586 // I/O complete unlock pages. 01587 // 01588 // NOTE that the error status is ignored. 01589 // 01590 01591 while (Page < LastPage) { 01592 01593 Pfn2 = MI_PFN_ELEMENT (*Page); 01594 01595 // 01596 // Make sure the page is still transition. 01597 // 01598 01599 WrittenPte = Pfn2->PteAddress; 01600 01601 MI_REMOVE_LOCKED_PAGE_CHARGE (Pfn2, 23); 01602 MiDecrementReferenceCount (*Page); 01603 01604 if (!MI_IS_PFN_DELETED (Pfn2)) { 01605 01606 // 01607 // Make sure the prototype PTE is 01608 // still in the working set. 01609 // 01610 01611 MiMakeSystemAddressValidPfn (WrittenPte); 01612 01613 if (Pfn2->PteAddress != WrittenPte) { 01614 01615 // 01616 // The PFN lock was released to make the 01617 // page table page valid, and while it 01618 // was released, the physical page 01619 // was reused. Go onto the next one. 01620 // 01621 01622 Page += 1; 01623 continue; 01624 } 01625 01626 WrittenContents = *WrittenPte; 01627 01628 if ((WrittenContents.u.Soft.Prototype == 0) && 01629 (WrittenContents.u.Soft.Transition == 1)) { 01630 01631 MI_SET_PFN_DELETED (Pfn2); 01632 ControlArea->NumberOfPfnReferences -= 1; 01633 ASSERT ((LONG)ControlArea->NumberOfPfnReferences >= 0); 01634 01635 MiDecrementShareCount (Pfn2->PteFrame); 01636 01637 // 01638 // Check the reference count for the page, 01639 // if the reference count is zero and the 01640 // page is not on the freelist, move the page 01641 // to the free list, if the reference 01642 // count is not zero, ignore this page. 01643 // When the reference count goes to zero, 01644 // it will be placed on the free list. 01645 // 01646 01647 if ((Pfn2->u3.e2.ReferenceCount == 0) && 01648 (Pfn2->u3.e1.PageLocation != FreePageList)) { 01649 01650 MiUnlinkPageFromList (Pfn2); 01651 MiReleasePageFileSpace (Pfn2->OriginalPte); 01652 MiInsertPageInList ( 01653 MmPageLocationList[FreePageList], 01654 *Page); 01655 } 01656 } 01657 WrittenPte->u.Long = 0; 01658 } 01659 Page += 1; 01660 } 01661 01662 // 01663 // Indicate that there is no current cluster being built. 01664 // 01665 01666 LastWritten = NULL; 01667 } 01668 01669 } // end while 01670 01671 // 01672 // Get the next subsection if any. 01673 // 01674 01675 if (Subsection->NextSubsection == (PSUBSECTION)NULL) { 01676 break; 01677 } 01678 01679 Subsection = Subsection->NextSubsection; 01680 PointerPte = Subsection->SubsectionBase; 01681 LastPte = PointerPte + Subsection->PtesInSubsection; 01682 01683 } // end for 01684 01685 ControlArea->NumberOfMappedViews = 0; 01686 01687 ASSERT (ControlArea->NumberOfPfnReferences == 0); 01688 01689 if (ControlArea->u.Flags.FilePointerNull == 0) { 01690 ControlArea->u.Flags.FilePointerNull = 1; 01691 01692 if (ControlArea->u.Flags.Image) { 01693 01694 if (MiHydra == TRUE) { 01695 MiRemoveImageSectionObject (ControlArea->FilePointer, 01696 ControlArea); 01697 } 01698 else { 01699 ControlArea->FilePointer->SectionObjectPointer->ImageSectionObject = NULL; 01700 } 01701 } 01702 else { 01703 01704 ASSERT (((PCONTROL_AREA)(ControlArea->FilePointer->SectionObjectPointer->DataSectionObject)) != NULL); 01705 ControlArea->FilePointer->SectionObjectPointer->DataSectionObject = NULL; 01706 01707 } 01708 } 01709 UNLOCK_PFN (OldIrql); 01710 01711 // 01712 // Delete the segment structure. 01713 // 01714 01715 MiSegmentDelete (ControlArea->Segment); 01716 01717 return; 01718 }

NTSTATUS MiCloneProcessAddressSpace (  IN PEPROCESS  ProcessToClone, IN PEPROCESS  ProcessToInitialize, IN PFN_NUMBER  PdePhysicalPage, IN PFN_NUMBER  HyperPhysicalPage )

Definition at line 100 of file forksup.c. References _EPROCESS::AddressSpaceDeleted, ASSERT, BYTE_OFFSET, _MMCLONE_DESCRIPTOR::CloneHeader, _MMCLONE_HEADER::ClonePtes, _MMVAD::ControlArea, DbgPrint, _MMVAD::EndingVpn, _MMCLONE_DESCRIPTOR::EndingVpn, ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, _EPROCESS::ForkInProgress, _EPROCESS::ForkWasSuccessful, HighPagePriority, IS_PTE_NOT_DEMAND_ZERO, KeAttachProcess(), KeBugCheckEx(), KeDelayExecutionThread(), KeDetachProcess(), KernelMode, LOCK_ADDRESS_SPACE, LOCK_WS, MDL_PAGES_LOCKED, _MDL::MdlFlags, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_GET_PROTECTION_FROM_SOFT_PTE, MI_GET_PROTECTION_FROM_WSLE, MI_INCREMENT_USED_PTES_BY_HANDLE, MI_MAKE_PROTECT_WRITE_COPY, MI_MAKE_VALID_PTE_WRITE_COPY, MI_PFN_ELEMENT, MI_PTE_LOOKUP_NEEDED, MI_VPN_TO_VA, MI_WRITE_INVALID_PTE, MiBuildForkPageTable(), MiCheckPdeForPagedPool(), MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiDoneWithThisPageGetAnother(), MiDownPfnReferenceCount(), MiDownShareCountFlushEntireTb(), MiGetFirstClone, MiGetFirstVad, MiGetNextClone, MiGetNextVad, MiGetPdeAddress, MiGetPdeOffset, MiGetPpePdeOffset, MiGetPteAddress, MiGetPteOffset, MiGetVirtualAddressMappedByPte, MiHandleForkTransitionPte(), MiInsertClone, MiInsertVad(), MiIsPteOnPdeBoundary, MiLocateCloneAddress, MiLocateWsle(), MiLockPagedAddress(), MiMakeSystemAddressValid(), MiMapSinglePage(), MiProtoAddressForPte, MiPteToProto, MiRemoveClone, MiRetrievePageDirectoryFrames(), MiUnlockPagedAddress(), MiUnmapSinglePage(), MiUpCloneProcessRefCount(), MiUpCloneProtoRefCount(), MiUpControlAreaRefs(), MiUpForkPageShareCount(), MiUpPfnReferenceCount(), MM_DBG_FORK, MM_DECOMMIT, MM_FORK_FAILED, MM_FORK_SUCCEEDED, MM_MAX_COMMIT, MM_VIEW_SHARE, MmCached, MMCLONE_BLOCK, MMCLONE_DESCRIPTOR, MMCLONE_HEADER, MmInitializeMdl, MmMapLockedPagesSpecifyCache(), MmShortTime, MmUnmapLockedPages(), MmWorkingSetList, MmWsle, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, _EPROCESS::NumberOfPrivatePages, _MMCLONE_HEADER::NumberOfProcessReferences, _MMCLONE_DESCRIPTOR::NumberOfPtes, _MMCLONE_HEADER::NumberOfPtes, _MMCLONE_DESCRIPTOR::NumberOfReferences, _MMPFN::OriginalPte, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _MMCLONE_DESCRIPTOR::PagedPoolQuotaCharge, _MMCLONE_DESCRIPTOR::Parent, _MMVAD::Parent, _EPROCESS::PeakVirtualSize, _EPROCESS::PhysicalVadList, PMMCLONE_HEADER, PMMVAD_SHORT, PsChargePoolQuota(), PsGetCurrentProcess, PsGetCurrentThread, PsReturnPoolQuota(), _MMPFN::PteAddress, _MMPFN::PteFrame, _MMVAD::StartingVpn, _MMCLONE_DESCRIPTOR::StartingVpn, TRUE, _MMPTE::u, _MMVAD::u, _MMSUPPORT::u, _MMWSLE::u1, _MMPFN::u1, _MMVAD::u2, _MMPFN::u3, _MMVAD::u3, UNLOCK_ADDRESS_SPACE, UNLOCK_WS, _MMWSL::UsedPageTableEntries, _MI_PHYSICAL_VIEW::Vad, _EPROCESS::VirtualSize, _EPROCESS::Vm, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MmInitializeProcessAddressSpace(). 00109 : 00110 00111 This routine stands on its head to produce a copy of the specified 00112 process's address space in the process to initialize. This 00113 is done by examining each virtual address descriptor's inherit 00114 attributes. If the pages described by the VAD should be inherited, 00115 each PTE is examined and copied into the new address space. 00116 00117 For private pages, fork prototype PTEs are constructed and the pages 00118 become shared, copy-on-write, between the two processes. 00119 00120 00121 Arguments: 00122 00123 ProcessToClone - Supplies the process whose address space should be 00124 cloned. 00125 00126 ProcessToInitialize - Supplies the process whose address space is to 00127 be created. 00128 00129 RootPhysicalPage - Supplies the physical page number of the top level 00130 page (parent on 64-bit systems) directory 00131 of the process to initialize. 00132 00133 HyperPhysicalPage - Supplies the physical page number of the page table 00134 page which maps hyperspace for the process to 00135 initialize. This is only needed for 32-bit systems. 00136 00137 Return Value: 00138 00139 None. 00140 00141 Environment: 00142 00143 Kernel mode, APCs disabled. 00144 00145 --*/ 00146 00147 { 00148 PFN_NUMBER PpePhysicalPage; 00149 PFN_NUMBER PdePhysicalPage; 00150 PEPROCESS CurrentProcess; 00151 PMMPTE PdeBase; 00152 PMMCLONE_HEADER CloneHeader; 00153 PMMCLONE_BLOCK CloneProtos; 00154 PMMCLONE_DESCRIPTOR CloneDescriptor; 00155 PMMVAD NewVad; 00156 PMMVAD Vad; 00157 PMMVAD NextVad; 00158 PMMVAD *VadList; 00159 PMMVAD FirstNewVad; 00160 PMMCLONE_DESCRIPTOR *CloneList; 00161 PMMCLONE_DESCRIPTOR FirstNewClone; 00162 PMMCLONE_DESCRIPTOR Clone; 00163 PMMCLONE_DESCRIPTOR NextClone; 00164 PMMCLONE_DESCRIPTOR NewClone; 00165 ULONG Attached; 00166 ULONG CloneFailed; 00167 ULONG VadInsertFailed; 00168 WSLE_NUMBER WorkingSetIndex; 00169 PVOID VirtualAddress; 00170 NTSTATUS status; 00171 PMMPFN Pfn2; 00172 PMMPFN PfnPdPage; 00173 MMPTE TempPte; 00174 MMPTE PteContents; 00175 #if defined (_X86PAE_) 00176 PMDL MdlPageDirectory; 00177 PPFN_NUMBER MdlPageFrames; 00178 PFN_NUMBER PageDirectoryFrames[PD_PER_SYSTEM]; 00179 PFN_NUMBER MdlHackPageDirectory[(sizeof(MDL)/sizeof(PFN_NUMBER)) + PD_PER_SYSTEM]; 00180 #endif 00181 PFN_NUMBER MdlPage; 00182 PFN_NUMBER MdlDirPage; 00183 PMMPTE PointerPte; 00184 PMMPTE PointerPde; 00185 PMMPTE PointerPpe; 00186 PMMPTE LastPte; 00187 PMMPTE PointerNewPte; 00188 PMMPTE NewPteMappedAddress; 00189 PMMPTE PointerNewPde; 00190 PLIST_ENTRY NextEntry; 00191 PMI_PHYSICAL_VIEW PhysicalView; 00192 PFN_NUMBER PageFrameIndex; 00193 PFN_NUMBER PageDirFrameIndex; 00194 PMMCLONE_BLOCK ForkProtoPte; 00195 PMMCLONE_BLOCK CloneProto; 00196 PMMCLONE_BLOCK LockedForkPte; 00197 PMMPTE ContainingPte; 00198 ULONG NumberOfForkPtes; 00199 PFN_NUMBER NumberOfPrivatePages; 00200 PFN_NUMBER PageTablePage; 00201 SIZE_T TotalPagedPoolCharge; 00202 SIZE_T TotalNonPagedPoolCharge; 00203 PMMPFN PfnForkPtePage; 00204 PVOID UsedPageTableEntries; 00205 ULONG ReleasedWorkingSetMutex; 00206 ULONG FirstTime; 00207 ULONG Waited; 00208 ULONG i; 00209 ULONG PpePdeOffset; 00210 #if defined (_WIN64) 00211 PVOID UsedPageDirectoryEntries; 00212 PMMPTE PointerNewPpe; 00213 PMMPTE PpeBase; 00214 PMMPFN PfnPpPage; 00215 #else 00216 PMMWSL HyperBase; 00217 #endif 00218 00219 PageTablePage = 2; 00220 NumberOfForkPtes = 0; 00221 Attached = FALSE; 00222 PageFrameIndex = (PFN_NUMBER)-1; 00223 PageDirFrameIndex = (PFN_NUMBER)-1; 00224 00225 #if DBG 00226 if (MmDebug & MM_DBG_FORK) { 00227 DbgPrint("beginning clone operation process to clone = %lx\n", 00228 ProcessToClone); 00229 } 00230 #endif //DBG 00231 00232 PAGED_CODE(); 00233 00234 if (ProcessToClone != PsGetCurrentProcess()) { 00235 Attached = TRUE; 00236 KeAttachProcess (&ProcessToClone->Pcb); 00237 } 00238 00239 #if defined (_X86PAE_) 00240 MiRetrievePageDirectoryFrames (RootPhysicalPage, PageDirectoryFrames); 00241 #endif 00242 00243 CurrentProcess = ProcessToClone; 00244 00245 // 00246 // Get the working set mutex and the address creation mutex 00247 // of the process to clone. This prevents page faults while we 00248 // are examining the address map and prevents virtual address space 00249 // from being created or deleted. 00250 // 00251 00252 LOCK_ADDRESS_SPACE (CurrentProcess); 00253 00254 // 00255 // Write-watch VAD bitmaps are not currently duplicated 00256 // so fork is not allowed. 00257 // 00258 00259 if (CurrentProcess->Vm.u.Flags.WriteWatch == 1) { 00260 status = STATUS_INVALID_PAGE_PROTECTION; 00261 goto ErrorReturn1; 00262 } 00263 00264 // 00265 // Check for AWE regions as they are not duplicated so fork is not allowed. 00266 // Note that since this is a readonly list walk, the address space mutex 00267 // is sufficient to synchronize properly. 00268 // 00269 00270 NextEntry = CurrentProcess->PhysicalVadList.Flink; 00271 while (NextEntry != &CurrentProcess->PhysicalVadList) { 00272 00273 PhysicalView = CONTAINING_RECORD(NextEntry, 00274 MI_PHYSICAL_VIEW, 00275 ListEntry); 00276 00277 if (PhysicalView->Vad->u.VadFlags.UserPhysicalPages == 1) { 00278 status = STATUS_INVALID_PAGE_PROTECTION; 00279 goto ErrorReturn1; 00280 } 00281 00282 NextEntry = NextEntry->Flink; 00283 } 00284 00285 // 00286 // Make sure the address space was not deleted, if so, return an error. 00287 // 00288 00289 if (CurrentProcess->AddressSpaceDeleted != 0) { 00290 status = STATUS_PROCESS_IS_TERMINATING; 00291 goto ErrorReturn1; 00292 } 00293 00294 // 00295 // Attempt to acquire the needed pool before starting the 00296 // clone operation, this allows an easier failure path in 00297 // the case of insufficient system resources. 00298 // 00299 00300 NumberOfPrivatePages = CurrentProcess->NumberOfPrivatePages; 00301 00302 CloneProtos = ExAllocatePoolWithTag (PagedPool, sizeof(MMCLONE_BLOCK) * 00303 NumberOfPrivatePages, 00304 'lCmM'); 00305 if (CloneProtos == NULL) { 00306 status = STATUS_INSUFFICIENT_RESOURCES; 00307 goto ErrorReturn1; 00308 } 00309 00310 CloneHeader = ExAllocatePoolWithTag (NonPagedPool, 00311 sizeof(MMCLONE_HEADER), 00312 ' mM'); 00313 if (CloneHeader == NULL) { 00314 status = STATUS_INSUFFICIENT_RESOURCES; 00315 goto ErrorReturn2; 00316 } 00317 00318 CloneDescriptor = ExAllocatePoolWithTag (NonPagedPool, 00319 sizeof(MMCLONE_DESCRIPTOR), 00320 ' mM'); 00321 if (CloneDescriptor == NULL) { 00322 status = STATUS_INSUFFICIENT_RESOURCES; 00323 goto ErrorReturn3; 00324 } 00325 00326 Vad = MiGetFirstVad (CurrentProcess); 00327 VadList = &FirstNewVad; 00328 00329 while (Vad != (PMMVAD)NULL) { 00330 00331 // 00332 // If the VAD does not go to the child, ignore it. 00333 // 00334 00335 if ((Vad->u.VadFlags.UserPhysicalPages == 0) && 00336 00337 ((Vad->u.VadFlags.PrivateMemory == 1) || 00338 (Vad->u2.VadFlags2.Inherit == MM_VIEW_SHARE))) { 00339 00340 NewVad = ExAllocatePoolWithTag (NonPagedPool, sizeof(MMVAD), ' daV'); 00341 00342 if (NewVad == NULL) { 00343 00344 // 00345 // Unable to allocate pool for all the VADs. Deallocate 00346 // all VADs and other pool obtained so far. 00347 // 00348 00349 *VadList = (PMMVAD)NULL; 00350 status = STATUS_INSUFFICIENT_RESOURCES; 00351 goto ErrorReturn4; 00352 } 00353 *VadList = NewVad; 00354 VadList = &NewVad->Parent; 00355 } 00356 Vad = MiGetNextVad (Vad); 00357 } 00358 00359 // 00360 // Terminate list of VADs for new process. 00361 // 00362 00363 *VadList = (PMMVAD)NULL; 00364 00365 // 00366 // Charge the current process the quota for the paged and nonpaged 00367 // global structures. This consists of the array of clone blocks 00368 // in paged pool and the clone header in non-paged pool. 00369 // 00370 00371 try { 00372 PsChargePoolQuota (CurrentProcess, PagedPool, sizeof(MMCLONE_BLOCK) * 00373 NumberOfPrivatePages); 00374 PageTablePage = 1; 00375 PsChargePoolQuota (CurrentProcess, NonPagedPool, sizeof(MMCLONE_HEADER)); 00376 PageTablePage = 0; 00377 00378 } except (EXCEPTION_EXECUTE_HANDLER) { 00379 00380 // 00381 // Unable to charge quota for the clone blocks. 00382 // 00383 00384 status = GetExceptionCode(); 00385 goto ErrorReturn4; 00386 } 00387 00388 LOCK_WS (CurrentProcess); 00389 00390 ASSERT (CurrentProcess->ForkInProgress == NULL); 00391 00392 // 00393 // Indicate to the pager that the current process is being 00394 // forked. This blocks other threads in that process from 00395 // modifying clone blocks counts and contents. 00396 // 00397 00398 CurrentProcess->ForkInProgress = PsGetCurrentThread(); 00399 00400 #if defined (_WIN64) 00401 00402 // 00403 // Increment the reference count for the pages which are being "locked" 00404 // in MDLs. This prevents the page from being reused while it is 00405 // being double mapped. Note we have a count of 3 below because in addition 00406 // to the PPE, we also set up a initial dummy PDE and PTE. 00407 // 00408 00409 MiUpPfnReferenceCount (RootPhysicalPage, 3); 00410 00411 // 00412 // Map the page directory parent page into the system address 00413 // space. This is accomplished by building an MDL to describe the 00414 // Page directory parent page. 00415 // 00416 00417 PpeBase = (PMMPTE)MiMapSinglePage (NULL, 00418 RootPhysicalPage, 00419 MmCached, 00420 HighPagePriority); 00421 00422 if (PpeBase == NULL) { 00423 MiDownPfnReferenceCount (RootPhysicalPage, 3); 00424 CurrentProcess->ForkInProgress = NULL; 00425 UNLOCK_WS (CurrentProcess); 00426 status = STATUS_INSUFFICIENT_RESOURCES; 00427 goto ErrorReturn4; 00428 } 00429 00430 PfnPpPage = MI_PFN_ELEMENT (RootPhysicalPage); 00431 00432 #else 00433 00434 #if !defined (_X86PAE_) 00435 MiUpPfnReferenceCount (RootPhysicalPage, 1); 00436 #endif 00437 00438 #endif 00439 00440 // 00441 // Initialize a page directory map so it can be 00442 // unlocked in the loop and the end of the loop without 00443 // any testing to see if has a valid value the first time through. 00444 // Note this is a dummy map for 64-bit systems and a real one for 32-bit. 00445 // 00446 00447 #if !defined (_X86PAE_) 00448 00449 MdlDirPage = RootPhysicalPage; 00450 00451 PdePhysicalPage = RootPhysicalPage; 00452 00453 PdeBase = (PMMPTE)MiMapSinglePage (NULL, 00454 MdlDirPage, 00455 MmCached, 00456 HighPagePriority); 00457 00458 if (PdeBase == NULL) { 00459 #if defined (_WIN64) 00460 MiDownPfnReferenceCount (RootPhysicalPage, 3); 00461 MiUnmapSinglePage (PpeBase); 00462 #else 00463 MiDownPfnReferenceCount (RootPhysicalPage, 1); 00464 #endif 00465 CurrentProcess->ForkInProgress = NULL; 00466 UNLOCK_WS (CurrentProcess); 00467 status = STATUS_INSUFFICIENT_RESOURCES; 00468 goto ErrorReturn4; 00469 } 00470 00471 #else 00472 00473 // 00474 // All 4 page directory pages need to be mapped for PAE so the heavyweight 00475 // mapping must be used. 00476 // 00477 00478 MdlPageDirectory = (PMDL)&MdlHackPageDirectory[0]; 00479 00480 MmInitializeMdl(MdlPageDirectory, (PVOID)PDE_BASE, PD_PER_SYSTEM * PAGE_SIZE); 00481 MdlPageDirectory->MdlFlags |= MDL_PAGES_LOCKED; 00482 00483 MdlPageFrames = (PPFN_NUMBER)(MdlPageDirectory + 1); 00484 00485 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 00486 *(MdlPageFrames + i) = PageDirectoryFrames[i]; 00487 MiUpPfnReferenceCount (PageDirectoryFrames[i], 1); 00488 } 00489 00490 PdePhysicalPage = RootPhysicalPage; 00491 00492 PdeBase = (PMMPTE)MmMapLockedPagesSpecifyCache (MdlPageDirectory, 00493 KernelMode, 00494 MmCached, 00495 NULL, 00496 FALSE, 00497 HighPagePriority); 00498 00499 if (PdeBase == NULL) { 00500 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 00501 MiDownPfnReferenceCount (PageDirectoryFrames[i], 1); 00502 } 00503 CurrentProcess->ForkInProgress = NULL; 00504 UNLOCK_WS (CurrentProcess); 00505 status = STATUS_INSUFFICIENT_RESOURCES; 00506 goto ErrorReturn4; 00507 } 00508 00509 #endif 00510 00511 PfnPdPage = MI_PFN_ELEMENT (RootPhysicalPage); 00512 00513 #if !defined (_WIN64) 00514 00515 // 00516 // Map hyperspace so target UsedPageTable entries can be incremented. 00517 // 00518 00519 MiUpPfnReferenceCount (HyperPhysicalPage, 2); 00520 00521 HyperBase = (PMMWSL)MiMapSinglePage (NULL, 00522 HyperPhysicalPage, 00523 MmCached, 00524 HighPagePriority); 00525 00526 if (HyperBase == NULL) { 00527 MiDownPfnReferenceCount (HyperPhysicalPage, 2); 00528 #if !defined (_X86PAE_) 00529 MiDownPfnReferenceCount (RootPhysicalPage, 1); 00530 MiUnmapSinglePage (PdeBase); 00531 #else 00532 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 00533 MiDownPfnReferenceCount (PageDirectoryFrames[i], 1); 00534 } 00535 MmUnmapLockedPages (PdeBase, MdlPageDirectory); 00536 #endif 00537 CurrentProcess->ForkInProgress = NULL; 00538 UNLOCK_WS (CurrentProcess); 00539 status = STATUS_INSUFFICIENT_RESOURCES; 00540 goto ErrorReturn4; 00541 } 00542 #endif 00543 00544 // 00545 // Initialize a page table MDL to lock and map the hyperspace page so it 00546 // can be unlocked in the loop and the end of the loop without 00547 // any testing to see if has a valid value the first time through. 00548 // 00549 00550 #if defined (_WIN64) 00551 MdlPage = RootPhysicalPage; 00552 #else 00553 MdlPage = HyperPhysicalPage; 00554 #endif 00555 00556 NewPteMappedAddress = (PMMPTE)MiMapSinglePage (NULL, 00557 MdlPage, 00558 MmCached, 00559 HighPagePriority); 00560 00561 if (NewPteMappedAddress == NULL) { 00562 00563 #if defined (_WIN64) 00564 00565 MiDownPfnReferenceCount (RootPhysicalPage, 3); 00566 MiUnmapSinglePage (PpeBase); 00567 MiUnmapSinglePage (PdeBase); 00568 00569 #else 00570 MiDownPfnReferenceCount (HyperPhysicalPage, 2); 00571 MiUnmapSinglePage (HyperBase); 00572 #if !defined (_X86PAE_) 00573 MiDownPfnReferenceCount (RootPhysicalPage, 1); 00574 MiUnmapSinglePage (PdeBase); 00575 #else 00576 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 00577 MiDownPfnReferenceCount (PageDirectoryFrames[i], 1); 00578 } 00579 MmUnmapLockedPages (PdeBase, MdlPageDirectory); 00580 #endif 00581 00582 #endif 00583 00584 CurrentProcess->ForkInProgress = NULL; 00585 UNLOCK_WS (CurrentProcess); 00586 status = STATUS_INSUFFICIENT_RESOURCES; 00587 goto ErrorReturn4; 00588 } 00589 00590 PointerNewPte = NewPteMappedAddress; 00591 00592 // 00593 // Build new clone prototype PTE block and descriptor, note that 00594 // each prototype PTE has a reference count following it. 00595 // 00596 00597 ForkProtoPte = CloneProtos; 00598 00599 LockedForkPte = ForkProtoPte; 00600 MiLockPagedAddress (LockedForkPte, FALSE); 00601 00602 CloneHeader->NumberOfPtes = (ULONG)NumberOfPrivatePages; 00603 CloneHeader->NumberOfProcessReferences = 1; 00604 CloneHeader->ClonePtes = CloneProtos; 00605 00606 00607 00608 CloneDescriptor->StartingVpn = (ULONG_PTR)CloneProtos; 00609 CloneDescriptor->EndingVpn = (ULONG_PTR)((ULONG_PTR)CloneProtos + 00610 NumberOfPrivatePages * 00611 sizeof(MMCLONE_BLOCK)); 00612 CloneDescriptor->NumberOfReferences = 0; 00613 CloneDescriptor->NumberOfPtes = (ULONG)NumberOfPrivatePages; 00614 CloneDescriptor->CloneHeader = CloneHeader; 00615 CloneDescriptor->PagedPoolQuotaCharge = sizeof(MMCLONE_BLOCK) * 00616 NumberOfPrivatePages; 00617 00618 // 00619 // Insert the clone descriptor for this fork operation into the 00620 // process which was cloned. 00621 // 00622 00623 MiInsertClone (CloneDescriptor); 00624 00625 // 00626 // Examine each virtual address descriptor and create the 00627 // proper structures for the new process. 00628 // 00629 00630 Vad = MiGetFirstVad (CurrentProcess); 00631 NewVad = FirstNewVad; 00632 00633 while (Vad != (PMMVAD)NULL) { 00634 00635 // 00636 // Examine the VAD to determine its type and inheritance 00637 // attribute. 00638 // 00639 00640 if ((Vad->u.VadFlags.UserPhysicalPages == 0) && 00641 00642 ((Vad->u.VadFlags.PrivateMemory == 1) || 00643 (Vad->u2.VadFlags2.Inherit == MM_VIEW_SHARE))) { 00644 00645 // 00646 // The virtual address descriptor should be shared in the 00647 // forked process. 00648 // 00649 00650 // 00651 // Make a copy of the VAD for the new process, the new VADs 00652 // are preallocated and linked together through the parent 00653 // field. 00654 // 00655 00656 NextVad = NewVad->Parent; 00657 00658 00659 if (Vad->u.VadFlags.PrivateMemory == 1) { 00660 *(PMMVAD_SHORT)NewVad = *(PMMVAD_SHORT)Vad; 00661 NewVad->u.VadFlags.NoChange = 0; 00662 } else { 00663 *NewVad = *Vad; 00664 } 00665 00666 if (NewVad->u.VadFlags.NoChange) { 00667 if ((NewVad->u2.VadFlags2.OneSecured) || 00668 (NewVad->u2.VadFlags2.MultipleSecured)) { 00669 00670 // 00671 // Eliminate these as the memory was secured 00672 // only in this process, not in the new one. 00673 // 00674 00675 NewVad->u2.VadFlags2.OneSecured = 0; 00676 NewVad->u2.VadFlags2.MultipleSecured = 0; 00677 NewVad->u2.VadFlags2.StoredInVad = 0; 00678 NewVad->u3.List.Flink = NULL; 00679 NewVad->u3.List.Blink = NULL; 00680 } 00681 if (NewVad->u2.VadFlags2.SecNoChange == 0) { 00682 NewVad->u.VadFlags.NoChange = 0; 00683 } 00684 } 00685 NewVad->Parent = NextVad; 00686 00687 // 00688 // If the VAD refers to a section, up the view count for that 00689 // section. This requires the PFN mutex to be held. 00690 // 00691 00692 if ((Vad->u.VadFlags.PrivateMemory == 0) && 00693 (Vad->ControlArea != (PCONTROL_AREA)NULL)) { 00694 00695 // 00696 // Increment the count of the number of views for the 00697 // section object. This requires the PFN mutex to be held. 00698 // 00699 00700 MiUpControlAreaRefs (Vad->ControlArea); 00701 } 00702 00703 // 00704 // Examine each PTE and create the appropriate PTE for the 00705 // new process. 00706 // 00707 00708 PointerPde = MiGetPdeAddress (MI_VPN_TO_VA (Vad->StartingVpn)); 00709 PointerPte = (volatile PMMPTE) MiGetPteAddress ( 00710 MI_VPN_TO_VA (Vad->StartingVpn)); 00711 LastPte = MiGetPteAddress (MI_VPN_TO_VA (Vad->EndingVpn)); 00712 FirstTime = TRUE; 00713 00714 while ((PMMPTE)PointerPte <= LastPte) { 00715 00716 // 00717 // For each PTE contained in the VAD check the page table 00718 // page, and if non-zero, make the appropriate modifications 00719 // to copy the PTE to the new process. 00720 // 00721 00722 if ((FirstTime) || MiIsPteOnPdeBoundary (PointerPte)) { 00723 00724 PointerPpe = MiGetPdeAddress (PointerPte); 00725 PointerPde = MiGetPteAddress (PointerPte); 00726 00727 do { 00728 00729 while (!MiDoesPpeExistAndMakeValid (PointerPpe, 00730 CurrentProcess, 00731 FALSE, 00732 &Waited)) { 00733 00734 // 00735 // Page directory parent is empty, go to the next one. 00736 // 00737 00738 PointerPpe += 1; 00739 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 00740 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00741 00742 if ((PMMPTE)PointerPte > LastPte) { 00743 00744 // 00745 // All done with this VAD, exit loop. 00746 // 00747 00748 goto AllDone; 00749 } 00750 } 00751 00752 Waited = 0; 00753 00754 while (!MiDoesPdeExistAndMakeValid (PointerPde, 00755 CurrentProcess, 00756 FALSE, 00757 &Waited)) { 00758 00759 // 00760 // This page directory is empty, go to the next one. 00761 // 00762 00763 PointerPde += 1; 00764 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00765 00766 if ((PMMPTE)PointerPte > LastPte) { 00767 00768 // 00769 // All done with this VAD, exit loop. 00770 // 00771 00772 goto AllDone; 00773 } 00774 #if defined (_WIN64) 00775 if (MiIsPteOnPdeBoundary (PointerPde)) { 00776 PointerPpe = MiGetPteAddress (PointerPde); 00777 Waited = 1; 00778 break; 00779 } 00780 #endif 00781 } 00782 00783 } while (Waited != 0); 00784 00785 FirstTime = FALSE; 00786 00787 #if defined (_WIN64) 00788 // 00789 // Calculate the address of the PPE in the new process's 00790 // page directory parent page. 00791 // 00792 00793 PointerNewPpe = &PpeBase[MiGetPdeOffset(PointerPte)]; 00794 00795 if (PointerNewPpe->u.Long == 0) { 00796 00797 // 00798 // No physical page has been allocated yet, get a page 00799 // and map it in as a transition page. This will 00800 // become a page table page for the new process. 00801 // 00802 00803 ReleasedWorkingSetMutex = 00804 MiDoneWithThisPageGetAnother (&PageDirFrameIndex, 00805 PointerPpe, 00806 CurrentProcess); 00807 00808 MI_ZERO_USED_PAGETABLE_ENTRIES (MI_PFN_ELEMENT(PageDirFrameIndex)); 00809 00810 if (ReleasedWorkingSetMutex) { 00811 00812 do { 00813 00814 MiDoesPpeExistAndMakeValid (PointerPpe, 00815 CurrentProcess, 00816 FALSE, 00817 &Waited); 00818 00819 Waited = 0; 00820 00821 MiDoesPdeExistAndMakeValid (PointerPde, 00822 CurrentProcess, 00823 FALSE, 00824 &Waited); 00825 } while (Waited != 0); 00826 } 00827 00828 // 00829 // Hand initialize this PFN as normal initialization 00830 // would do it for the process whose context we are 00831 // attached to. 00832 // 00833 // The PFN lock must be held while initializing the 00834 // frame to prevent those scanning the database for 00835 // free frames from taking it after we fill in the 00836 // u2 field. 00837 // 00838 00839 MiBuildForkPageTable (PageDirFrameIndex, 00840 PointerPpe, 00841 PointerNewPpe, 00842 RootPhysicalPage, 00843 PfnPpPage); 00844 00845 // 00846 // Map the new page directory page into the system 00847 // portion of the address space. Note that hyperspace 00848 // cannot be used as other operations (allocating 00849 // nonpaged pool at DPC level) could cause the 00850 // hyperspace page being used to be reused. 00851 // 00852 00853 MiDownPfnReferenceCount (MdlDirPage, 1); 00854 00855 MdlDirPage = PageDirFrameIndex; 00856 00857 ASSERT (PdeBase != NULL); 00858 00859 PdeBase = (PMMPTE)MiMapSinglePage (PdeBase, 00860 MdlDirPage, 00861 MmCached, 00862 HighPagePriority); 00863 00864 MiUpPfnReferenceCount (MdlDirPage, 1); 00865 00866 PointerNewPde = PdeBase; 00867 } 00868 else { 00869 ASSERT (PointerNewPpe->u.Hard.Valid == 1 || 00870 PointerNewPpe->u.Soft.Transition == 1); 00871 00872 if (PointerNewPpe->u.Hard.Valid == 1) { 00873 PageDirFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerNewPpe); 00874 } 00875 else { 00876 PageDirFrameIndex = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (PointerNewPpe); 00877 } 00878 } 00879 00880 // 00881 // Calculate the address of the new PDE to build. 00882 // Note that FirstTime could be true, yet the page 00883 // directory page might already be built. 00884 // 00885 00886 PointerNewPde = (PMMPTE)((ULONG_PTR)PAGE_ALIGN(PointerNewPde) | 00887 BYTE_OFFSET (PointerPde)); 00888 00889 PdePhysicalPage = PageDirFrameIndex; 00890 00891 PfnPdPage = MI_PFN_ELEMENT (PdePhysicalPage); 00892 00893 UsedPageDirectoryEntries = (PVOID)PfnPdPage; 00894 #endif 00895 00896 // 00897 // Calculate the address of the PDE in the new process's 00898 // page directory page. 00899 // 00900 00901 PpePdeOffset = MiGetPpePdeOffset(MiGetVirtualAddressMappedByPte(PointerPte)); 00902 PointerNewPde = &PdeBase[PpePdeOffset]; 00903 00904 if (PointerNewPde->u.Long == 0) { 00905 00906 // 00907 // No physical page has been allocated yet, get a page 00908 // and map it in as a transition page. This will 00909 // become a page table page for the new process. 00910 // 00911 00912 ReleasedWorkingSetMutex = 00913 MiDoneWithThisPageGetAnother (&PageFrameIndex, 00914 PointerPde, 00915 CurrentProcess); 00916 00917 if (ReleasedWorkingSetMutex) { 00918 00919 do { 00920 00921 MiDoesPpeExistAndMakeValid (PointerPpe, 00922 CurrentProcess, 00923 FALSE, 00924 &Waited); 00925 00926 Waited = 0; 00927 00928 MiDoesPdeExistAndMakeValid (PointerPde, 00929 CurrentProcess, 00930 FALSE, 00931 &Waited); 00932 } while (Waited != 0); 00933 } 00934 00935 // 00936 // Hand initialize this PFN as normal initialization 00937 // would do it for the process whose context we are 00938 // attached to. 00939 // 00940 // The PFN lock must be held while initializing the 00941 // frame to prevent those scanning the database for 00942 // free frames from taking it after we fill in the 00943 // u2 field. 00944 // 00945 00946 #if defined (_X86PAE_) 00947 PdePhysicalPage = PageDirectoryFrames[MiGetPdPteOffset(MiGetVirtualAddressMappedByPte(PointerPte))]; 00948 PfnPdPage = MI_PFN_ELEMENT (PdePhysicalPage); 00949 #endif 00950 00951 MiBuildForkPageTable (PageFrameIndex, 00952 PointerPde, 00953 PointerNewPde, 00954 PdePhysicalPage, 00955 PfnPdPage); 00956 00957 #if defined (_WIN64) 00958 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryEntries); 00959 #endif 00960 00961 // 00962 // Map the new page table page into the system portion 00963 // of the address space. Note that hyperspace 00964 // cannot be used as other operations (allocating 00965 // nonpaged pool at DPC level) could cause the 00966 // hyperspace page being used to be reused. 00967 // 00968 00969 ASSERT (NewPteMappedAddress != NULL); 00970 00971 MiDownPfnReferenceCount (MdlPage, 1); 00972 00973 MdlPage = PageFrameIndex; 00974 00975 PointerNewPte = (PMMPTE)MiMapSinglePage (NewPteMappedAddress, 00976 MdlPage, 00977 MmCached, 00978 HighPagePriority); 00979 00980 ASSERT (PointerNewPte != NULL); 00981 00982 MiUpPfnReferenceCount (MdlPage, 1); 00983 } 00984 00985 // 00986 // Calculate the address of the new PTE to build. 00987 // Note that FirstTime could be true, yet the page 00988 // table page already built. 00989 // 00990 00991 PointerNewPte = (PMMPTE)((ULONG_PTR)PAGE_ALIGN(PointerNewPte) | 00992 BYTE_OFFSET (PointerPte)); 00993 00994 #ifdef _WIN64 00995 UsedPageTableEntries = (PVOID)MI_PFN_ELEMENT((PFN_NUMBER)PointerNewPde->u.Hard.PageFrameNumber); 00996 #else 00997 #if !defined (_X86PAE_) 00998 UsedPageTableEntries = (PVOID)&HyperBase->UsedPageTableEntries 00999 [MiGetPteOffset( PointerPte )]; 01000 #else 01001 UsedPageTableEntries = (PVOID)&HyperBase->UsedPageTableEntries 01002 [MiGetPpePdeOffset(MiGetVirtualAddressMappedByPte(PointerPte))]; 01003 #endif 01004 #endif 01005 01006 } 01007 01008 // 01009 // Make the fork prototype PTE location resident. 01010 // 01011 01012 if (PAGE_ALIGN (ForkProtoPte) != PAGE_ALIGN (LockedForkPte)) { 01013 MiUnlockPagedAddress (LockedForkPte, FALSE); 01014 LockedForkPte = ForkProtoPte; 01015 MiLockPagedAddress (LockedForkPte, FALSE); 01016 } 01017 01018 MiMakeSystemAddressValid (PointerPte, CurrentProcess); 01019 01020 PteContents = *PointerPte; 01021 01022 // 01023 // Check each PTE. 01024 // 01025 01026 if (PteContents.u.Long == 0) { 01027 NOTHING; 01028 01029 } else if (PteContents.u.Hard.Valid == 1) { 01030 01031 // 01032 // Valid. 01033 // 01034 01035 Pfn2 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); 01036 VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); 01037 WorkingSetIndex = MiLocateWsle (VirtualAddress, 01038 MmWorkingSetList, 01039 Pfn2->u1.WsIndex); 01040 01041 ASSERT (WorkingSetIndex != WSLE_NULL_INDEX); 01042 01043 if (Pfn2->u3.e1.PrototypePte == 1) { 01044 01045 // 01046 // This PTE is already in prototype PTE format. 01047 // 01048 01049 // 01050 // This is a prototype PTE. The PFN database does 01051 // not contain the contents of this PTE it contains 01052 // the contents of the prototype PTE. This PTE must 01053 // be reconstructed to contain a pointer to the 01054 // prototype PTE. 01055 // 01056 // The working set list entry contains information about 01057 // how to reconstruct the PTE. 01058 // 01059 01060 if (MmWsle[WorkingSetIndex].u1.e1.SameProtectAsProto 01061 == 0) { 01062 01063 // 01064 // The protection for the prototype PTE is in the 01065 // WSLE. 01066 // 01067 01068 TempPte.u.Long = 0; 01069 TempPte.u.Soft.Protection = 01070 MI_GET_PROTECTION_FROM_WSLE(&MmWsle[WorkingSetIndex]); 01071 TempPte.u.Soft.PageFileHigh = MI_PTE_LOOKUP_NEEDED; 01072 01073 } else { 01074 01075 // 01076 // The protection is in the prototype PTE. 01077 // 01078 01079 TempPte.u.Long = MiProtoAddressForPte ( 01080 Pfn2->PteAddress); 01081 // TempPte.u.Proto.ForkType = 01082 // MmWsle[WorkingSetIndex].u1.e1.ForkType; 01083 } 01084 01085 TempPte.u.Proto.Prototype = 1; 01086 MI_WRITE_INVALID_PTE (PointerNewPte, TempPte); 01087 01088 // 01089 // A PTE is now non-zero, increment the used page 01090 // table entries counter. 01091 // 01092 01093 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableEntries); 01094 01095 // 01096 // Check to see if this is a fork prototype PTE, 01097 // and if it is increment the reference count 01098 // which is in the longword following the PTE. 01099 // 01100 01101 if (MiLocateCloneAddress ((PVOID)Pfn2->PteAddress) != 01102 (PMMCLONE_DESCRIPTOR)NULL) { 01103 01104 // 01105 // The reference count field, or the prototype PTE 01106 // for that matter may not be in the working set. 01107 // 01108 01109 CloneProto = (PMMCLONE_BLOCK)Pfn2->PteAddress; 01110 01111 MiUpCloneProtoRefCount (CloneProto, 01112 CurrentProcess); 01113 01114 if (PAGE_ALIGN (ForkProtoPte) != 01115 PAGE_ALIGN (LockedForkPte)) { 01116 MiUnlockPagedAddress (LockedForkPte, FALSE); 01117 LockedForkPte = ForkProtoPte; 01118 MiLockPagedAddress (LockedForkPte, FALSE); 01119 } 01120 01121 MiMakeSystemAddressValid (PointerPte, 01122 CurrentProcess); 01123 } 01124 01125 } else { 01126 01127 // 01128 // This is a private page, create a fork prototype PTE 01129 // which becomes the "prototype" PTE for this page. 01130 // The protection is the same as that in the prototype' 01131 // PTE so the WSLE does not need to be updated. 01132 // 01133 01134 MI_MAKE_VALID_PTE_WRITE_COPY (PointerPte); 01135 01136 ForkProtoPte->ProtoPte = *PointerPte; 01137 ForkProtoPte->CloneRefCount = 2; 01138 01139 // 01140 // Transform the PFN element to reference this new fork 01141 // prototype PTE. 01142 // 01143 01144 Pfn2->PteAddress = &ForkProtoPte->ProtoPte; 01145 Pfn2->u3.e1.PrototypePte = 1; 01146 01147 ContainingPte = MiGetPteAddress(&ForkProtoPte->ProtoPte); 01148 if (ContainingPte->u.Hard.Valid == 0) { 01149 #if !defined (_WIN64) 01150 if (!NT_SUCCESS(MiCheckPdeForPagedPool (&ForkProtoPte->ProtoPte))) { 01151 #endif 01152 KeBugCheckEx (MEMORY_MANAGEMENT, 01153 0x61940, 01154 (ULONG_PTR)&ForkProtoPte->ProtoPte, 01155 (ULONG_PTR)ContainingPte->u.Long, 01156 (ULONG_PTR)MiGetVirtualAddressMappedByPte(&ForkProtoPte->ProtoPte)); 01157 #if !defined (_WIN64) 01158 } 01159 #endif 01160 } 01161 Pfn2->PteFrame = MI_GET_PAGE_FRAME_FROM_PTE (ContainingPte); 01162 01163 01164 // 01165 // Increment the share count for the page containing the 01166 // fork prototype PTEs as we have just placed a valid 01167 // PTE into the page. 01168 // 01169 01170 PfnForkPtePage = MI_PFN_ELEMENT ( 01171 ContainingPte->u.Hard.PageFrameNumber ); 01172 01173 MiUpForkPageShareCount (PfnForkPtePage); 01174 01175 // 01176 // Change the protection in the PFN database to COPY 01177 // on write, if writable. 01178 // 01179 01180 MI_MAKE_PROTECT_WRITE_COPY (Pfn2->OriginalPte); 01181 01182 // 01183 // Put the protection into the WSLE and mark the WSLE 01184 // to indicate that the protection field for the PTE 01185 // is the same as the prototype PTE. 01186 // 01187 01188 MmWsle[WorkingSetIndex].u1.e1.Protection = 01189 MI_GET_PROTECTION_FROM_SOFT_PTE(&Pfn2->OriginalPte); 01190 01191 MmWsle[WorkingSetIndex].u1.e1.SameProtectAsProto = 1; 01192 01193 TempPte.u.Long = MiProtoAddressForPte (Pfn2->PteAddress); 01194 TempPte.u.Proto.Prototype = 1; 01195 MI_WRITE_INVALID_PTE (PointerNewPte, TempPte); 01196 01197 // 01198 // A PTE is now non-zero, increment the used page 01199 // table entries counter. 01200 // 01201 01202 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableEntries); 01203 01204 // 01205 // One less private page (it's now shared). 01206 // 01207 01208 CurrentProcess->NumberOfPrivatePages -= 1; 01209 01210 ForkProtoPte += 1; 01211 NumberOfForkPtes += 1; 01212 01213 } 01214 01215 } else if (PteContents.u.Soft.Prototype == 1) { 01216 01217 // 01218 // Prototype PTE, check to see if this is a fork 01219 // prototype PTE already. Note that if COW is set, 01220 // the PTE can just be copied (fork compatible format). 01221 // 01222 01223 MI_WRITE_INVALID_PTE (PointerNewPte, PteContents); 01224 01225 // 01226 // A PTE is now non-zero, increment the used page 01227 // table entries counter. 01228 // 01229 01230 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableEntries); 01231 01232 // 01233 // Check to see if this is a fork prototype PTE, 01234 // and if it is increment the reference count 01235 // which is in the longword following the PTE. 01236 // 01237 01238 CloneProto = (PMMCLONE_BLOCK)(MiPteToProto(PointerPte)); 01239 01240 if (MiLocateCloneAddress ((PVOID)CloneProto) != 01241 (PMMCLONE_DESCRIPTOR)NULL) { 01242 01243 // 01244 // The reference count field, or the prototype PTE 01245 // for that matter may not be in the working set. 01246 // 01247 01248 MiUpCloneProtoRefCount (CloneProto, 01249 CurrentProcess); 01250 01251 if (PAGE_ALIGN (ForkProtoPte) != 01252 PAGE_ALIGN (LockedForkPte)) { 01253 MiUnlockPagedAddress (LockedForkPte, FALSE); 01254 LockedForkPte = ForkProtoPte; 01255 MiLockPagedAddress (LockedForkPte, FALSE); 01256 } 01257 01258 MiMakeSystemAddressValid (PointerPte, 01259 CurrentProcess); 01260 } 01261 01262 } else if (PteContents.u.Soft.Transition == 1) { 01263 01264 // 01265 // Transition. 01266 // 01267 01268 if (MiHandleForkTransitionPte (PointerPte, 01269 PointerNewPte, 01270 ForkProtoPte)) { 01271 // 01272 // PTE is no longer transition, try again. 01273 // 01274 01275 continue; 01276 } 01277 01278 // 01279 // A PTE is now non-zero, increment the used page 01280 // table entries counter. 01281 // 01282 01283 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableEntries); 01284 01285 // 01286 // One less private page (it's now shared). 01287 // 01288 01289 CurrentProcess->NumberOfPrivatePages -= 1; 01290 01291 ForkProtoPte += 1; 01292 NumberOfForkPtes += 1; 01293 01294 } else { 01295 01296 // 01297 // Page file format (may be demand zero). 01298 // 01299 01300 if (IS_PTE_NOT_DEMAND_ZERO (PteContents)) { 01301 01302 if (PteContents.u.Soft.Protection == MM_DECOMMIT) { 01303 01304 // 01305 // This is a decommitted PTE, just move it 01306 // over to the new process. Don't increment 01307 // the count of private pages. 01308 // 01309 01310 MI_WRITE_INVALID_PTE (PointerNewPte, PteContents); 01311 } else { 01312 01313 // 01314 // The PTE is not demand zero, move the PTE to 01315 // a fork prototype PTE and make this PTE and 01316 // the new processes PTE refer to the fork 01317 // prototype PTE. 01318 // 01319 01320 ForkProtoPte->ProtoPte = PteContents; 01321 01322 // 01323 // Make the protection write-copy if writable. 01324 // 01325 01326 MI_MAKE_PROTECT_WRITE_COPY (ForkProtoPte->ProtoPte); 01327 01328 ForkProtoPte->CloneRefCount = 2; 01329 01330 TempPte.u.Long = 01331 MiProtoAddressForPte (&ForkProtoPte->ProtoPte); 01332 01333 TempPte.u.Proto.Prototype = 1; 01334 01335 MI_WRITE_INVALID_PTE (PointerPte, TempPte); 01336 MI_WRITE_INVALID_PTE (PointerNewPte, TempPte); 01337 01338 // 01339 // One less private page (it's now shared). 01340 // 01341 01342 CurrentProcess->NumberOfPrivatePages -= 1; 01343 01344 ForkProtoPte += 1; 01345 NumberOfForkPtes += 1; 01346 } 01347 } else { 01348 01349 // 01350 // The page is demand zero, make the new process's 01351 // page demand zero. 01352 // 01353 01354 MI_WRITE_INVALID_PTE (PointerNewPte, PteContents); 01355 } 01356 01357 // 01358 // A PTE is now non-zero, increment the used page 01359 // table entries counter. 01360 // 01361 01362 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableEntries); 01363 } 01364 01365 PointerPte += 1; 01366 PointerNewPte += 1; 01367 01368 } // end while for PTEs 01369 AllDone: 01370 NewVad = NewVad->Parent; 01371 } 01372 Vad = MiGetNextVad (Vad); 01373 01374 } // end while for VADs 01375 01376 // 01377 // Unlock paged pool page. 01378 // 01379 01380 MiUnlockPagedAddress (LockedForkPte, FALSE); 01381 01382 // 01383 // Unmap the PD Page and hyper space page. 01384 // 01385 01386 #if defined (_WIN64) 01387 MiUnmapSinglePage (PpeBase); 01388 #endif 01389 01390 #if !defined (_X86PAE_) 01391 MiUnmapSinglePage (PdeBase); 01392 #else 01393 MmUnmapLockedPages (PdeBase, MdlPageDirectory); 01394 #endif 01395 01396 #if !defined (_WIN64) 01397 MiUnmapSinglePage (HyperBase); 01398 #endif 01399 01400 MiUnmapSinglePage (NewPteMappedAddress); 01401 01402 #if defined (_WIN64) 01403 MiDownPfnReferenceCount (RootPhysicalPage, 1); 01404 #endif 01405 01406 #if defined (_X86PAE_) 01407 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 01408 MiDownPfnReferenceCount (PageDirectoryFrames[i], 1); 01409 } 01410 #else 01411 MiDownPfnReferenceCount (MdlDirPage, 1); 01412 #endif 01413 01414 #if !defined (_WIN64) 01415 MiDownPfnReferenceCount (HyperPhysicalPage, 1); 01416 #endif 01417 01418 MiDownPfnReferenceCount (MdlPage, 1); 01419 01420 // 01421 // Make the count of private pages match between the two processes. 01422 // 01423 01424 ASSERT ((SPFN_NUMBER)CurrentProcess->NumberOfPrivatePages >= 0); 01425 01426 ProcessToInitialize->NumberOfPrivatePages = 01427 CurrentProcess->NumberOfPrivatePages; 01428 01429 ASSERT (NumberOfForkPtes <= CloneDescriptor->NumberOfPtes); 01430 01431 if (NumberOfForkPtes != 0) { 01432 01433 // 01434 // The number of fork PTEs is non-zero, set the values 01435 // into the structures. 01436 // 01437 01438 CloneHeader->NumberOfPtes = NumberOfForkPtes; 01439 CloneDescriptor->NumberOfReferences = NumberOfForkPtes; 01440 CloneDescriptor->NumberOfPtes = NumberOfForkPtes; 01441 01442 } else { 01443 01444 // 01445 // There were no fork PTEs created. Remove the clone descriptor 01446 // from this process and clean up the related structures. 01447 // Note - must be holding the working set mutex and not holding 01448 // the PFN lock. 01449 // 01450 01451 MiRemoveClone (CloneDescriptor); 01452 01453 UNLOCK_WS (CurrentProcess); 01454 01455 ExFreePool (CloneDescriptor->CloneHeader->ClonePtes); 01456 01457 ExFreePool (CloneDescriptor->CloneHeader); 01458 01459 // 01460 // Return the pool for the global structures referenced by the 01461 // clone descriptor. 01462 // 01463 01464 PsReturnPoolQuota (CurrentProcess, 01465 PagedPool, 01466 CloneDescriptor->PagedPoolQuotaCharge); 01467 01468 PsReturnPoolQuota (CurrentProcess, NonPagedPool, sizeof(MMCLONE_HEADER)); 01469 01470 ExFreePool (CloneDescriptor); 01471 01472 LOCK_WS (CurrentProcess); 01473 } 01474 01475 MiDownShareCountFlushEntireTb (PageFrameIndex); 01476 01477 #if defined (_WIN64) 01478 MiDownShareCountFlushEntireTb (PageDirFrameIndex); 01479 #endif 01480 01481 PageFrameIndex = (PFN_NUMBER)-1; 01482 PageDirFrameIndex = (PFN_NUMBER)-1; 01483 01484 // 01485 // Copy the clone descriptors from this process to the new process. 01486 // 01487 01488 Clone = MiGetFirstClone (); 01489 CloneList = &FirstNewClone; 01490 CloneFailed = FALSE; 01491 01492 while (Clone != (PMMCLONE_DESCRIPTOR)NULL) { 01493 01494 // 01495 // Increment the count of processes referencing this clone block. 01496 // 01497 01498 MiUpCloneProcessRefCount (Clone); 01499 01500 do { 01501 NewClone = ExAllocatePoolWithTag (NonPagedPool, 01502 sizeof( MMCLONE_DESCRIPTOR), 01503 ' mM'); 01504 01505 if (NewClone != NULL) { 01506 break; 01507 } 01508 01509 // 01510 // There are insufficient resources to continue this operation, 01511 // however, to properly clean up at this point, all the 01512 // clone headers must be allocated, so when the cloned process 01513 // is deleted, the clone headers will be found. if the pool 01514 // is not readily available, loop periodically trying for it. 01515 // Force the clone operation to fail so the pool will soon be 01516 // released. 01517 // 01518 01519 CloneFailed = TRUE; 01520 status = STATUS_INSUFFICIENT_RESOURCES; 01521 01522 KeDelayExecutionThread (KernelMode, 01523 FALSE, 01524 (PLARGE_INTEGER)&MmShortTime); 01525 continue; 01526 } while (TRUE); 01527 01528 *NewClone = *Clone; 01529 01530 *CloneList = NewClone; 01531 CloneList = &NewClone->Parent; 01532 Clone = MiGetNextClone (Clone); 01533 } 01534 01535 *CloneList = (PMMCLONE_DESCRIPTOR)NULL; 01536 01537 // 01538 // Release the working set mutex and the address creation mutex from 01539 // the current process as all the necessary information is now 01540 // captured. 01541 // 01542 01543 UNLOCK_WS (CurrentProcess); 01544 01545 CurrentProcess->ForkInProgress = NULL; 01546 01547 UNLOCK_ADDRESS_SPACE (CurrentProcess); 01548 01549 // 01550 // As we have updated many PTEs to clear dirty bits, flush the 01551 // TB cache. Note that this was not done every time we changed 01552 // a valid PTE so other threads could be modifying the address 01553 // space without causing copy on writes. (Too bad). 01554 // 01555 01556 01557 // 01558 // Attach to the process to initialize and insert the vad and clone 01559 // descriptors into the tree. 01560 // 01561 01562 if (Attached) { 01563 KeDetachProcess (); 01564 Attached = FALSE; 01565 } 01566 01567 if (PsGetCurrentProcess() != ProcessToInitialize) { 01568 Attached = TRUE; 01569 KeAttachProcess (&ProcessToInitialize->Pcb); 01570 } 01571 01572 CurrentProcess = ProcessToInitialize; 01573 01574 // 01575 // We are now in the context of the new process, build the 01576 // VAD list and the clone list. 01577 // 01578 01579 Vad = FirstNewVad; 01580 VadInsertFailed = FALSE; 01581 01582 LOCK_WS (CurrentProcess); 01583 01584 while (Vad != (PMMVAD)NULL) { 01585 01586 NextVad = Vad->Parent; 01587 01588 try { 01589 01590 if (VadInsertFailed) { 01591 Vad->u.VadFlags.CommitCharge = MM_MAX_COMMIT; 01592 } 01593 01594 MiInsertVad (Vad); 01595 01596 } except (EXCEPTION_EXECUTE_HANDLER) { 01597 01598 // 01599 // Charging quota for the VAD failed, set the 01600 // remaining quota fields in this VAD and all 01601 // subsequent VADs to zero so the VADs can be 01602 // inserted and later deleted. 01603 // 01604 01605 VadInsertFailed = TRUE; 01606 status = GetExceptionCode(); 01607 01608 // 01609 // Do the loop again for this VAD. 01610 // 01611 01612 continue; 01613 } 01614 01615 // 01616 // Update the current virtual size. 01617 // 01618 01619 CurrentProcess->VirtualSize += PAGE_SIZE + 01620 ((Vad->EndingVpn - Vad->StartingVpn) >> PAGE_SHIFT); 01621 01622 Vad = NextVad; 01623 } 01624 01625 UNLOCK_WS (CurrentProcess); 01626 //MmUnlockCode (MiCloneProcessAddressSpace, 5000); 01627 01628 // 01629 // Update the peak virtual size. 01630 // 01631 01632 CurrentProcess->PeakVirtualSize = CurrentProcess->VirtualSize; 01633 01634 Clone = FirstNewClone; 01635 TotalPagedPoolCharge = 0; 01636 TotalNonPagedPoolCharge = 0; 01637 01638 while (Clone != (PMMCLONE_DESCRIPTOR)NULL) { 01639 01640 NextClone = Clone->Parent; 01641 MiInsertClone (Clone); 01642 01643 // 01644 // Calculate the page pool and non-paged pool to charge for these 01645 // operations. 01646 // 01647 01648 TotalPagedPoolCharge += Clone->PagedPoolQuotaCharge; 01649 TotalNonPagedPoolCharge += sizeof(MMCLONE_HEADER); 01650 01651 Clone = NextClone; 01652 } 01653 01654 if (CloneFailed || VadInsertFailed) { 01655 01656 CurrentProcess->ForkWasSuccessful = MM_FORK_FAILED; 01657 01658 if (Attached) { 01659 KeDetachProcess (); 01660 } 01661 KdPrint(("MMFORK: vad insert failed\n")); 01662 01663 return status; 01664 } 01665 01666 try { 01667 01668 PageTablePage = 1; 01669 PsChargePoolQuota (CurrentProcess, PagedPool, TotalPagedPoolCharge); 01670 PageTablePage = 0; 01671 PsChargePoolQuota (CurrentProcess, NonPagedPool, TotalNonPagedPoolCharge); 01672 01673 } except (EXCEPTION_EXECUTE_HANDLER) { 01674 01675 if (PageTablePage == 0) { 01676 PsReturnPoolQuota (CurrentProcess, PagedPool, TotalPagedPoolCharge); 01677 } 01678 KdPrint(("MMFORK: pool quota failed\n")); 01679 01680 CurrentProcess->ForkWasSuccessful = MM_FORK_FAILED; 01681 01682 if (Attached) { 01683 KeDetachProcess (); 01684 } 01685 return GetExceptionCode(); 01686 } 01687 01688 ASSERT (ProcessToClone->ForkWasSuccessful == MM_FORK_SUCCEEDED); 01689 ASSERT (CurrentProcess->ForkWasSuccessful == MM_FORK_SUCCEEDED); 01690 01691 if (Attached) { 01692 KeDetachProcess (); 01693 } 01694 01695 #if DBG 01696 if (MmDebug & MM_DBG_FORK) { 01697 DbgPrint("ending clone operation process to clone = %lx\n", 01698 ProcessToClone); 01699 } 01700 #endif //DBG 01701 01702 return STATUS_SUCCESS; 01703 01704 // 01705 // Error returns. 01706 // 01707 01708 ErrorReturn4: 01709 if (PageTablePage == 2) { 01710 NOTHING; 01711 } 01712 else if (PageTablePage == 1) { 01713 PsReturnPoolQuota (CurrentProcess, PagedPool, sizeof(MMCLONE_BLOCK) * 01714 NumberOfPrivatePages); 01715 } 01716 else { 01717 ASSERT (PageTablePage == 0); 01718 PsReturnPoolQuota (CurrentProcess, PagedPool, sizeof(MMCLONE_BLOCK) * 01719 NumberOfPrivatePages); 01720 PsReturnPoolQuota (CurrentProcess, NonPagedPool, sizeof(MMCLONE_HEADER)); 01721 } 01722 01723 NewVad = FirstNewVad; 01724 while (NewVad != NULL) { 01725 Vad = NewVad->Parent; 01726 ExFreePool (NewVad); 01727 NewVad = Vad; 01728 } 01729 01730 ExFreePool (CloneDescriptor); 01731 ErrorReturn3: 01732 ExFreePool (CloneHeader); 01733 ErrorReturn2: 01734 ExFreePool (CloneProtos); 01735 ErrorReturn1: 01736 UNLOCK_ADDRESS_SPACE (CurrentProcess); 01737 ASSERT (CurrentProcess->ForkWasSuccessful == MM_FORK_SUCCEEDED); 01738 if (Attached) { 01739 KeDetachProcess (); 01740 } 01741 return status; 01742 }

VOID MiContractPagingFiles (  VOID   )

Definition at line 1864 of file modwrite.c. References _MMPAGE_FILE_EXPANSION::DereferenceList, ExAllocatePoolWithTag, FALSE, _MMPAGING_FILE::FreeSpace, KeReleaseSemaphore(), L, _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, _MMPAGING_FILE::MinimumSize, MmChargeCommitmentLock, MmDereferenceSegmentHeader, MmMinimumPageFileReduction, MmNumberOfPagingFiles, MmPagingFile, MmTotalCommitLimit, MmTotalCommittedPages, NonPagedPool, NULL, _MMPAGE_FILE_EXPANSION::RequestedExpansionSize, _MMPAGE_FILE_EXPANSION::Segment, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, _MMPAGING_FILE::Size, and TRUE. Referenced by MmDeleteProcessAddressSpace(). 01870 : 01871 01872 This routine checks to see if ample space is no longer committed 01873 and if so, does enough free space exist in any paging file. IF 01874 the answer to both these is affirmative, a reduction in the 01875 paging file size(s) is attempted. 01876 01877 Arguments: 01878 01879 None. 01880 01881 Return Value: 01882 01883 None. 01884 01885 --*/ 01886 01887 { 01888 BOOLEAN Reduce; 01889 PMMPAGE_FILE_EXPANSION PageReduce; 01890 KIRQL OldIrql; 01891 ULONG i; 01892 01893 Reduce = FALSE; 01894 01895 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 01896 01897 if ((MmTotalCommitLimit - MmMinimumPageFileReduction) > 01898 MmTotalCommittedPages) { 01899 01900 for (i = 0;i < MmNumberOfPagingFiles; i += 1) { 01901 if (MmPagingFile[i]->Size != MmPagingFile[i]->MinimumSize) { 01902 if (MmPagingFile[i]->FreeSpace > MmMinimumPageFileReduction) { 01903 Reduce = TRUE; 01904 break; 01905 } 01906 } 01907 } 01908 01909 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 01910 01911 if (!Reduce) { 01912 return; 01913 } 01914 01915 PageReduce = ExAllocatePoolWithTag (NonPagedPool, 01916 sizeof(MMPAGE_FILE_EXPANSION), 01917 ' mM'); 01918 01919 if (PageReduce == NULL) { 01920 return; 01921 } 01922 01923 PageReduce->Segment = NULL; 01924 PageReduce->RequestedExpansionSize = 0xFFFFFFFF; 01925 01926 ExAcquireSpinLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); 01927 InsertTailList ( &MmDereferenceSegmentHeader.ListHead, 01928 &PageReduce->DereferenceList); 01929 ExReleaseSpinLock (&MmDereferenceSegmentHeader.Lock, OldIrql); 01930 01931 KeReleaseSemaphore (&MmDereferenceSegmentHeader.Semaphore, 0L, 1L, FALSE); 01932 return; 01933 } 01934 01935 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 01936 return; 01937 }

NTSTATUS FASTCALL MiCopyOnWrite (  IN PVOID  FaultingAddress, IN PMMPTE  PointerPte )

Definition at line 25 of file wrtfault.c. References ASSERT, _MMINFO_COUNTERS::CopyOnWriteCount, DbgPrint, _MMWSLE::e1, FALSE, _EPROCESS::ForkInProgress, KeFlushSingleTb(), LOCK_PFN, MI_CAPTURE_DIRTY_BIT_TO_PFN, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_SECONDARY_COLOR, MI_MAKE_PROTECT_NOT_WRITE_COPY, MI_PFN_ELEMENT, MI_SET_ACCESSED_IN_PTE, MI_SET_PTE_DIRTY, MI_WRITE_VALID_PTE_NEW_PROTECTION, MiDecrementCloneBlockReference(), MiDecrementShareCount(), MiEnsureAvailablePageOrWait(), MiFormatPfn(), MiFormatPte(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiInitializeCopyOnWritePfn(), MiLocateCloneAddress, MiLocateWsle(), MiMapPageInHyperSpace(), MiReleasePageFileSpace(), MiRemoveAnyPage(), MiUnmapPageInHyperSpace, MiWaitForForkToComplete(), MM_DBG_PTE_UPDATE, MM_DBG_WRITEFAULT, MmInfoCounters, MmWorkingSetList, MmWsle, NULL, _EPROCESS::NumberOfPrivatePages, _MMPFN::OriginalPte, PAGE_SIZE, PERFINFO_PRIVATE_COPY_ON_WRITE, _MMWSLENTRY::Protection, PsGetCurrentProcess, PsGetCurrentThread, _MMPFN::PteAddress, _MMPFN::PteFrame, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MiProtectVirtualMemory(), MiSetProtectionOnSection(), and MmAccessFault(). 00032 : 00033 00034 This routine performs a copy on write operation for the specified 00035 virtual address. 00036 00037 Arguments: 00038 00039 FaultingAddress - Supplies the virtual address which caused the 00040 fault. 00041 00042 PointerPte - Supplies the pointer to the PTE which caused the 00043 page fault. 00044 00045 00046 Return Value: 00047 00048 Returns the status of the fault handling operation. Can be one of: 00049 - Success. 00050 - In-page Error. 00051 00052 Environment: 00053 00054 Kernel mode, APC's disabled, Working set mutex held. 00055 00056 --*/ 00057 00058 { 00059 MMPTE TempPte; 00060 PFN_NUMBER PageFrameIndex; 00061 PFN_NUMBER NewPageIndex; 00062 PULONG CopyTo; 00063 PULONG CopyFrom; 00064 KIRQL OldIrql; 00065 PMMPFN Pfn1; 00066 // PMMPTE PointerPde; 00067 PEPROCESS CurrentProcess; 00068 PMMCLONE_BLOCK CloneBlock; 00069 PMMCLONE_DESCRIPTOR CloneDescriptor; 00070 PVOID VirtualAddress; 00071 WSLE_NUMBER WorkingSetIndex; 00072 LOGICAL FakeCopyOnWrite; 00073 00074 FakeCopyOnWrite = FALSE; 00075 00076 // 00077 // This is called from MmAccessFault, the PointerPte is valid 00078 // and the working set mutex ensures it cannot change state. 00079 // 00080 00081 #if DBG 00082 if (MmDebug & MM_DBG_WRITEFAULT) { 00083 DbgPrint("**copy on write Fault va %lx proc %lx thread %lx\n", 00084 (ULONG_PTR)FaultingAddress, 00085 (ULONG_PTR)PsGetCurrentProcess(), (ULONG_PTR)PsGetCurrentThread()); 00086 } 00087 00088 if (MmDebug & MM_DBG_PTE_UPDATE) { 00089 MiFormatPte(PointerPte); 00090 } 00091 #endif //DBG 00092 00093 ASSERT (PsGetCurrentProcess()->ForkInProgress == NULL); 00094 00095 // 00096 // Capture the PTE contents to TempPte. 00097 // 00098 00099 TempPte = *PointerPte; 00100 00101 // 00102 // Check to see if this is a prototype PTE with copy on write 00103 // enabled. 00104 // 00105 00106 if (TempPte.u.Hard.CopyOnWrite == 0) { 00107 00108 // 00109 // This is a fork page which is being made private in order 00110 // to change the protection of the page. 00111 // Do not make the page writable. 00112 // 00113 00114 FakeCopyOnWrite = TRUE; 00115 } 00116 00117 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 00118 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 00119 CurrentProcess = PsGetCurrentProcess(); 00120 00121 // 00122 // Acquire the PFN mutex. 00123 // 00124 00125 VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); 00126 WorkingSetIndex = MiLocateWsle (VirtualAddress, MmWorkingSetList, 00127 Pfn1->u1.WsIndex); 00128 00129 LOCK_PFN (OldIrql); 00130 00131 // 00132 // The page must be copied into a new page. 00133 // 00134 00135 // 00136 // If a fork operation is in progress and the faulting thread 00137 // is not the thread performing the fork operation, block until 00138 // the fork is completed. 00139 // 00140 00141 if ((CurrentProcess->ForkInProgress != NULL) && 00142 (CurrentProcess->ForkInProgress != PsGetCurrentThread())) { 00143 MiWaitForForkToComplete (CurrentProcess); 00144 UNLOCK_PFN (OldIrql); 00145 return STATUS_SUCCESS; 00146 } 00147 00148 if (MiEnsureAvailablePageOrWait(CurrentProcess, NULL)) { 00149 00150 // 00151 // A wait operation was performed to obtain an available 00152 // page and the working set mutex and pfn mutexes have 00153 // been released and various things may have changed for 00154 // the worse. Rather than examine all the conditions again, 00155 // return and if things are still proper, the fault we 00156 // be taken again. 00157 // 00158 00159 UNLOCK_PFN (OldIrql); 00160 return STATUS_SUCCESS; 00161 } 00162 00163 // 00164 // Increment the number of private pages. 00165 // 00166 00167 CurrentProcess->NumberOfPrivatePages += 1; 00168 00169 MmInfoCounters.CopyOnWriteCount += 1; 00170 00171 // 00172 // A page is being copied and made private, the global state of 00173 // the shared page needs to be updated at this point on certain 00174 // hardware. This is done by ORing the dirty bit into the modify bit in 00175 // the PFN element. 00176 // 00177 00178 MI_CAPTURE_DIRTY_BIT_TO_PFN (PointerPte, Pfn1); 00179 00180 // 00181 // This must be a prototype PTE. Perform the copy on write. 00182 // 00183 00184 #if DBG 00185 if (Pfn1->u3.e1.PrototypePte == 0) { 00186 DbgPrint("writefault - PTE indicates cow but not protopte\n"); 00187 MiFormatPte(PointerPte); 00188 MiFormatPfn(Pfn1); 00189 } 00190 #endif 00191 00192 CloneBlock = (PMMCLONE_BLOCK)Pfn1->PteAddress; 00193 00194 // 00195 // If the share count for the physical page is one, the reference 00196 // count is one, and the modified flag is clear the current page 00197 // can be stolen to satisfy the copy on write. 00198 // 00199 00200 #if 0 00201 // COMMENTED OUT **************************************************** 00202 // COMMENTED OUT **************************************************** 00203 // COMMENTED OUT **************************************************** 00204 if ((Pfn1->u2.ShareCount == 1) && (Pfn1->u3.e2.ReferenceCount == 1) 00205 && (Pfn1->u3.e1.Modified == 0)) { 00206 00207 // 00208 // Make this page a private page and return the prototype 00209 // PTE into its original contents. The PFN database for 00210 // this page now points to this PTE. 00211 // 00212 00213 // 00214 // Note that a page fault could occur referencing the prototype 00215 // PTE, so we map it into hyperspace to prevent a fault. 00216 // 00217 00218 MiRestorePrototypePte (Pfn1); 00219 00220 Pfn1->PteAddress = PointerPte; 00221 00222 // 00223 // Get the protection for the page. 00224 // 00225 00226 VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); 00227 WorkingSetIndex = MiLocateWsle (VirtualAddress, MmWorkingSetList, 00228 Pfn1->u1.WsIndex); 00229 00230 ASSERT (WorkingSetIndex != WSLE_NULL_INDEX) { 00231 00232 Pfn1->OriginalPte.u.Long = 0; 00233 Pfn1->OriginalPte.u.Soft.Protection = 00234 MI_MAKE_PROTECT_NOT_WRITE_COPY ( 00235 MmWsle[WorkingSetIndex].u1.e1.Protection); 00236 00237 PointerPde = MiGetPteAddress(PointerPte); 00238 Pfn1->u3.e1.PrototypePte = 0; 00239 Pfn1->PteFrame = MI_GET_PAGE_FRAME_FROM_PTE (PointerPde); 00240 00241 if (!FakeCopyOnWrite) { 00242 00243 // 00244 // If the page was Copy On Write and stolen or if the page was not 00245 // copy on write, update the PTE setting both the dirty bit and the 00246 // accessed bit. Note, that as this PTE is in the TB, the TB must 00247 // be flushed. 00248 // 00249 00250 MI_SET_PTE_DIRTY (TempPte); 00251 TempPte.u.Hard.Write = 1; 00252 MI_SET_ACCESSED_IN_PTE (&TempPte, 1); 00253 TempPte.u.Hard.CopyOnWrite = 0; 00254 MI_WRITE_VALID_PTE_NEW_PROTECTION (PointerPte, TempPte); 00255 00256 // 00257 // This is a copy on write operation, set the modify bit 00258 // in the PFN database and deallocate any page file space. 00259 // 00260 00261 Pfn1->u3.e1.Modified = 1; 00262 00263 if ((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 00264 (Pfn1->u3.e1.WriteInProgress == 0)) { 00265 00266 // 00267 // This page is in page file format, deallocate the page 00268 // file space. 00269 // 00270 00271 MiReleasePageFileSpace (Pfn1->OriginalPte); 00272 00273 // 00274 // Change original PTE to indicate no page file space is 00275 // reserved, otherwise the space will be deallocated when 00276 // the PTE is deleted. 00277 // 00278 00279 Pfn1->OriginalPte.u.Soft.PageFileHigh = 0; 00280 } 00281 } 00282 00283 // 00284 // The TB entry must be flushed as the valid PTE with the dirty 00285 // bit clear has been fetched into the TB. If it isn't flushed, 00286 // another fault is generated as the dirty bit is not set in 00287 // the cached TB entry. 00288 // 00289 00290 00291 KeFillEntryTb ((PHARDWARE_PTE)PointerPte, FaultingAddress, TRUE); 00292 00293 CloneDescriptor = MiLocateCloneAddress ((PVOID)CloneBlock); 00294 00295 if (CloneDescriptor != (PMMCLONE_DESCRIPTOR)NULL) { 00296 00297 // 00298 // Decrement the reference count for the clone block, 00299 // note that this could release and reacquire 00300 // the mutexes. 00301 // 00302 00303 MiDecrementCloneBlockReference ( CloneDescriptor, 00304 CloneBlock, 00305 CurrentProcess ); 00306 } 00307 00308 ] else [ 00309 00310 // ABOVE COMMENTED OUT **************************************************** 00311 // ABOVE COMMENTED OUT **************************************************** 00312 #endif 00313 00314 // 00315 // Get a new page with the same color as this page. 00316 // 00317 00318 NewPageIndex = MiRemoveAnyPage ( 00319 MI_GET_SECONDARY_COLOR (PageFrameIndex, 00320 Pfn1)); 00321 MiInitializeCopyOnWritePfn (NewPageIndex, PointerPte, WorkingSetIndex, NULL); 00322 00323 UNLOCK_PFN (OldIrql); 00324 00325 CopyTo = (PULONG)MiMapPageInHyperSpace (NewPageIndex, &OldIrql); 00326 00327 #if defined(_MIALT4K_) 00328 00329 // 00330 // Should avoid accessing the user space. Accessing the user space may potentially 00331 // cause a page fault on the alternate table. 00332 // 00333 00334 CopyFrom = KSEG_ADDRESS(PointerPte->u.Hard.PageFrameNumber); 00335 00336 #else 00337 CopyFrom = (PULONG)MiGetVirtualAddressMappedByPte (PointerPte); 00338 #endif 00339 00340 RtlCopyMemory ( CopyTo, CopyFrom, PAGE_SIZE); 00341 00342 PERFINFO_PRIVATE_COPY_ON_WRITE(CopyFrom, PAGE_SIZE); 00343 00344 MiUnmapPageInHyperSpace (OldIrql); 00345 00346 if (!FakeCopyOnWrite) { 00347 00348 // 00349 // If the page was really a copy on write page, make it 00350 // accessed, dirty and writable. Also, clear the copy-on-write 00351 // bit in the PTE. 00352 // 00353 00354 MI_SET_PTE_DIRTY (TempPte); 00355 TempPte.u.Hard.Write = 1; 00356 MI_SET_ACCESSED_IN_PTE (&TempPte, 1); 00357 TempPte.u.Hard.CopyOnWrite = 0; 00358 TempPte.u.Hard.PageFrameNumber = NewPageIndex; 00359 00360 } else { 00361 00362 // 00363 // The page was not really a copy on write, just change 00364 // the frame field of the PTE. 00365 // 00366 00367 TempPte.u.Hard.PageFrameNumber = NewPageIndex; 00368 } 00369 00370 // 00371 // If the modify bit is set in the PFN database for the 00372 // page, the data cache must be flushed. This is due to the 00373 // fact that this process may have been cloned and the cache 00374 // still contains stale data destined for the page we are 00375 // going to remove. 00376 // 00377 00378 ASSERT (TempPte.u.Hard.Valid == 1); 00379 00380 LOCK_PFN (OldIrql); 00381 00382 // 00383 // Flush the TB entry for this page. 00384 // 00385 00386 KeFlushSingleTb (FaultingAddress, 00387 TRUE, 00388 FALSE, 00389 (PHARDWARE_PTE)PointerPte, 00390 TempPte.u.Flush); 00391 00392 // 00393 // Decrement the share count for the page which was copied 00394 // as this pte no longer refers to it. 00395 // 00396 00397 MiDecrementShareCount (PageFrameIndex); 00398 00399 CloneDescriptor = MiLocateCloneAddress ((PVOID)CloneBlock); 00400 00401 if (CloneDescriptor != (PMMCLONE_DESCRIPTOR)NULL) { 00402 00403 // 00404 // Decrement the reference count for the clone block, 00405 // note that this could release and reacquire 00406 // the mutexes. 00407 // 00408 00409 MiDecrementCloneBlockReference ( CloneDescriptor, 00410 CloneBlock, 00411 CurrentProcess ); 00412 } 00413 00414 UNLOCK_PFN (OldIrql); 00415 return STATUS_SUCCESS; 00416 } }

NTSTATUS MiCreateDataFileMap (  IN PFILE_OBJECT  File, OUT PSEGMENT *  Segment, IN PUINT64  MaximumSize, IN ULONG  SectionPageProtection, IN ULONG  AllocationAttributes, IN ULONG  IgnoreFileSizing )

Definition at line 3553 of file creasect.c. References ASSERT, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, File, _CONTROL_AREA::FilePointer, FsRtlGetFileSize(), FsRtlSetFileSize(), Mi4KStartForSubsection, MI_MAXIMUM_SECTION_SIZE, MiFillMemoryPte, MiGetSubsectionAddressForPte, MM4K_MASK, MM4K_SHIFT, MM_ALLOCATION_FRAGMENT, MM_EXECUTE_READWRITE, MM_PROTO_PTE_ALIGNMENT, MMPTE, MMSECT, _SUBSECTION::NextSubsection, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, _SUBSECTION::NumberOfFullSectors, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PTE_SHIFT, _SUBSECTION::PtesInSubsection, ROUND_TO_PAGES, SEGMENT, _CONTROL_AREA::Segment, Size, Status, SUBSECTION, _SUBSECTION::SubsectionBase, TRUE, _SUBSECTION::u, _MMPTE::u, _CONTROL_AREA::u, _SUBSECTION::UnusedPtes, USHORT, and X64K. Referenced by MmCreateSection(). 03564 : 03565 03566 This function creates the necessary structures to allow the mapping 03567 of a data file. 03568 03569 The data file is accessed to verify desired access, a segment 03570 object is created and initialized. 03571 03572 Arguments: 03573 03574 File - Supplies the file object for the image file. 03575 03576 Segment - Returns the segment object. 03577 03578 FileHandle - Supplies the handle to the image file. 03579 03580 MaximumSize - Supplies the maximum size for the mapping. 03581 03582 SectionPageProtection - Supplies the initial page protection. 03583 03584 AllocationAttributes - Supplies the allocation attributes for the 03585 mapping. 03586 03587 Return Value: 03588 03589 Returns the status value. 03590 03591 TBS 03592 03593 03594 --*/ 03595 03596 { 03597 03598 NTSTATUS Status; 03599 ULONG NumberOfPtes; 03600 ULONG SizeOfSegment; 03601 ULONG j; 03602 ULONG Size; 03603 ULONG PartialSize; 03604 ULONG First; 03605 PCONTROL_AREA ControlArea; 03606 PSEGMENT NewSegment; 03607 PSUBSECTION Subsection; 03608 PSUBSECTION ExtendedSubsection; 03609 PMMPTE PointerPte; 03610 MMPTE TempPte; 03611 ULONG NumberOfPtesWithAlignment; 03612 UINT64 EndOfFile; 03613 UINT64 LastFileChunk; 03614 UINT64 FileOffset; 03615 UINT64 NumberOfPtesForEntireFile; 03616 ULONG ExtendedSubsections; 03617 PSUBSECTION FirstSubsection; 03618 PSUBSECTION Last; 03619 ULONG NumberOfNewSubsections; 03620 03621 PAGED_CODE(); 03622 03623 ExtendedSubsections = 0; 03624 FirstSubsection = NULL; 03625 NumberOfNewSubsections = 0; 03626 03627 // ************************************************************* 03628 // Create mapped file section. 03629 // ************************************************************* 03630 03631 if (!IgnoreFileSizing) { 03632 03633 Status = FsRtlGetFileSize (File, (PLARGE_INTEGER)&EndOfFile); 03634 03635 if (Status == STATUS_FILE_IS_A_DIRECTORY) { 03636 03637 // 03638 // Can't map a directory as a section. Return error. 03639 // 03640 03641 return STATUS_INVALID_FILE_FOR_SECTION; 03642 } 03643 03644 if (!NT_SUCCESS (Status)) { 03645 return Status; 03646 } 03647 03648 if (EndOfFile == 0 && *MaximumSize == 0) { 03649 03650 // 03651 // Can't map a zero length without specifying the maximum 03652 // size as non-zero. 03653 // 03654 03655 return STATUS_MAPPED_FILE_SIZE_ZERO; 03656 } 03657 03658 // 03659 // Make sure this file is big enough for the section. 03660 // 03661 03662 if (*MaximumSize > EndOfFile) { 03663 03664 // 03665 // If the maximum size is greater than the end-of-file, 03666 // and the user did not request page_write or page_execute_readwrite 03667 // to the section, reject the request. 03668 // 03669 03670 if (((SectionPageProtection & PAGE_READWRITE) | 03671 (SectionPageProtection & PAGE_EXECUTE_READWRITE)) == 0) { 03672 03673 return STATUS_SECTION_TOO_BIG; 03674 } 03675 03676 // 03677 // Check to make sure that the allocation size large enough 03678 // to contain all the data, if not set a new allocation size. 03679 // 03680 03681 EndOfFile = *MaximumSize; 03682 03683 Status = FsRtlSetFileSize (File, (PLARGE_INTEGER)&EndOfFile); 03684 03685 if (!NT_SUCCESS (Status)) { 03686 return Status; 03687 } 03688 } 03689 } else { 03690 03691 // 03692 // Ignore the file size, this call is from the cache manager. 03693 // 03694 03695 EndOfFile = *MaximumSize; 03696 } 03697 03698 // 03699 // Calculate the number of prototype PTEs to build for this section. 03700 // 03701 03702 // 03703 // Each subsection is limited to 16TB - 64K because the NumberOfFullSectors 03704 // and various other fields in the subsection are ULONGs. For NT64, the 03705 // allocation could be split into multiple subsections as needed to 03706 // conform to this limit - this is not worth doing for NT32 unless 03707 // sparse prototype PTE allocations are supported. 03708 // 03709 // This must be a multiple of the size of prototype pte allocation so any 03710 // given prototype pte allocation will have the same subsection for all 03711 // PTEs. 03712 // 03713 // The total section size is limited to 16PB - 4K because of the 03714 // StartingSector4132 field in each subsection. 03715 // 03716 03717 NumberOfPtesForEntireFile = (EndOfFile + PAGE_SIZE - 1) >> PAGE_SHIFT; 03718 03719 NumberOfPtes = (ULONG)NumberOfPtesForEntireFile; 03720 03721 if (EndOfFile > MI_MAXIMUM_SECTION_SIZE) { 03722 return STATUS_SECTION_TOO_BIG; 03723 } 03724 03725 if (NumberOfPtesForEntireFile > (UINT64)((MAXULONG_PTR / sizeof(MMPTE)) - sizeof (SEGMENT))) { 03726 return STATUS_SECTION_TOO_BIG; 03727 } 03728 03729 if (NumberOfPtesForEntireFile > EndOfFile) { 03730 return STATUS_SECTION_TOO_BIG; 03731 } 03732 03733 // 03734 // Calculate the number of PTEs to allocate to maintain the 03735 // desired alignment. On x86 and R3000 no additional PTEs are 03736 // needed; on MIPS, the desired alignment is 64k to avoid cache 03737 // problems. 03738 // 03739 03740 NumberOfPtesWithAlignment = (NumberOfPtes + 03741 ((MM_PROTO_PTE_ALIGNMENT >> PAGE_SHIFT) - 1)) & 03742 (~((MM_PROTO_PTE_ALIGNMENT >> PAGE_SHIFT) - 1)); 03743 03744 if (NumberOfPtesWithAlignment < NumberOfPtes) { 03745 return STATUS_SECTION_TOO_BIG; 03746 } 03747 03748 SizeOfSegment = sizeof(SEGMENT) + sizeof(MMPTE) * 03749 (NumberOfPtesWithAlignment - 1); 03750 03751 NewSegment = ExAllocatePoolWithTag (PagedPool, 03752 SizeOfSegment, 03753 MMSECT); 03754 if (NewSegment == NULL) { 03755 03756 // 03757 // The requested pool could not be allocated. 03758 // Try to allocate the memory in smaller sizes. 03759 // 03760 03761 if (SizeOfSegment < MM_ALLOCATION_FRAGMENT) { 03762 return STATUS_INSUFFICIENT_RESOURCES; 03763 } 03764 03765 Size = MM_ALLOCATION_FRAGMENT; 03766 PartialSize = SizeOfSegment; 03767 03768 do { 03769 03770 if (PartialSize < MM_ALLOCATION_FRAGMENT) { 03771 PartialSize = (ULONG) ROUND_TO_PAGES (PartialSize); 03772 Size = PartialSize; 03773 } 03774 03775 NewSegment = ExAllocatePoolWithTag (PagedPool, 03776 Size, 03777 MMSECT); 03778 ExtendedSubsection = ExAllocatePoolWithTag (NonPagedPool, 03779 sizeof(SUBSECTION), 03780 'bSmM'); 03781 03782 if ((NewSegment == NULL) || (ExtendedSubsection == NULL)) { 03783 if (NewSegment) { 03784 ExFreePool (NewSegment); 03785 } 03786 if (ExtendedSubsection) { 03787 ExFreePool (ExtendedSubsection); 03788 } 03789 03790 // 03791 // Free all the previous allocations and return an error. 03792 // 03793 03794 while (FirstSubsection != NULL) { 03795 ExFreePool (FirstSubsection->SubsectionBase); 03796 Last = FirstSubsection->NextSubsection; 03797 ExFreePool (FirstSubsection); 03798 FirstSubsection = Last; 03799 } 03800 return STATUS_INSUFFICIENT_RESOURCES; 03801 } 03802 03803 NumberOfNewSubsections += 1; 03804 RtlZeroMemory (ExtendedSubsection, sizeof(SUBSECTION)); 03805 03806 if (FirstSubsection == NULL) { 03807 FirstSubsection = ExtendedSubsection; 03808 Last = ExtendedSubsection; 03809 NumberOfNewSubsections = 0; 03810 } else { 03811 Last->NextSubsection = ExtendedSubsection; 03812 } 03813 03814 ExtendedSubsection->PtesInSubsection = Size / sizeof(MMPTE); 03815 ExtendedSubsection->SubsectionBase = (PMMPTE)NewSegment; 03816 Last = ExtendedSubsection; 03817 PartialSize -= Size; 03818 } while (PartialSize != 0); 03819 03820 // 03821 // Reset new segment and free the first subsection, as 03822 // the subsection after the control area will become the 03823 // first subsection. 03824 // 03825 03826 NewSegment = (PSEGMENT)FirstSubsection->SubsectionBase; 03827 } 03828 03829 *Segment = NewSegment; 03830 RtlZeroMemory (NewSegment, sizeof(SEGMENT)); 03831 03832 ControlArea = 03833 (PCONTROL_AREA)File->SectionObjectPointer->DataSectionObject; 03834 03835 // 03836 // Control area and first subsection have been zeroed when allocated. 03837 // 03838 03839 ControlArea->Segment = NewSegment; 03840 ControlArea->NumberOfSectionReferences = 1; 03841 03842 if (IgnoreFileSizing == FALSE) { 03843 03844 // 03845 // This reference is not from the cache manager. 03846 // 03847 03848 ControlArea->NumberOfUserReferences = 1; 03849 } 03850 03851 ControlArea->u.Flags.BeingCreated = 1; 03852 ControlArea->u.Flags.File = 1; 03853 03854 if (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics) { 03855 03856 // 03857 // This file resides on a redirected drive. 03858 // 03859 03860 ControlArea->u.Flags.Networked = 1; 03861 } 03862 03863 if (AllocationAttributes & SEC_NOCACHE) { 03864 ControlArea->u.Flags.NoCache = 1; 03865 } 03866 03867 if (IgnoreFileSizing) { 03868 // Set the was purged flag to indicate that the 03869 // file size was not explicitly set. 03870 // 03871 03872 ControlArea->u.Flags.WasPurged = 1; 03873 } 03874 03875 ControlArea->NumberOfSubsections = (USHORT)(1 + NumberOfNewSubsections); 03876 ControlArea->FilePointer = File; 03877 03878 ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); 03879 03880 Subsection = (PSUBSECTION)(ControlArea + 1); 03881 03882 if (FirstSubsection) { 03883 03884 Subsection->NextSubsection = FirstSubsection->NextSubsection; 03885 Subsection->PtesInSubsection = FirstSubsection->PtesInSubsection; 03886 ExFreePool (FirstSubsection); 03887 #if DBG 03888 FirstSubsection = NULL; 03889 #endif //DBG 03890 } else { 03891 ASSERT (Subsection->NextSubsection == NULL); 03892 } 03893 03894 First = TRUE; 03895 03896 FileOffset = 0; 03897 03898 do { 03899 03900 // 03901 // Loop through all the subsections and fill in the PTEs. 03902 // 03903 03904 03905 TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); 03906 TempPte.u.Soft.Prototype = 1; 03907 03908 // 03909 // Set all the PTEs to the execute-read-write protection. 03910 // The section will control access to these and the segment 03911 // must provide a method to allow other users to map the file 03912 // for various protections. 03913 // 03914 03915 TempPte.u.Soft.Protection = MM_EXECUTE_READWRITE; 03916 03917 // 03918 // Align the prototype PTEs on the proper boundary. 03919 // 03920 03921 if (First) { 03922 03923 PointerPte = &NewSegment->ThePtes[0]; 03924 j = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & 03925 ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); 03926 03927 if (j != 0) { 03928 j = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - j; 03929 } 03930 03931 NewSegment->PrototypePte = &NewSegment->ThePtes[j]; 03932 NewSegment->ControlArea = ControlArea; 03933 NewSegment->SizeOfSegment = EndOfFile; 03934 NewSegment->TotalNumberOfPtes = NumberOfPtes; 03935 NewSegment->SegmentPteTemplate = TempPte; 03936 PointerPte = NewSegment->PrototypePte; 03937 Subsection->SubsectionBase = PointerPte; 03938 ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); 03939 03940 if (Subsection->NextSubsection != NULL) { 03941 03942 // 03943 // Multiple segments and subsections. 03944 // Align first so it is a multiple of 64k sizes. 03945 // 03946 // 03947 03948 NewSegment->NonExtendedPtes = (ULONG) 03949 ((((Subsection->PtesInSubsection * sizeof(MMPTE)) - 03950 ((PCHAR)NewSegment->PrototypePte - (PCHAR)NewSegment)) 03951 / sizeof(MMPTE)) & ~((X64K >> PAGE_SHIFT) - 1)); 03952 } else { 03953 NewSegment->NonExtendedPtes = NumberOfPtesWithAlignment; 03954 } 03955 Subsection->PtesInSubsection = NewSegment->NonExtendedPtes; 03956 03957 First = FALSE; 03958 } else { 03959 PointerPte = (PMMPTE)Subsection->SubsectionBase; 03960 } 03961 03962 Subsection->ControlArea = ControlArea; 03963 03964 Mi4KStartForSubsection(&FileOffset, Subsection); 03965 03966 Subsection->u.SubsectionFlags.Protection = MM_EXECUTE_READWRITE; 03967 03968 if (Subsection->NextSubsection == NULL) { 03969 03970 LastFileChunk = (EndOfFile >> MM4K_SHIFT) - FileOffset; 03971 03972 // 03973 // Note this next line restricts the number of bytes mapped by 03974 // a single subsection to 16TB-4K. multiple subsections can always 03975 // be chained together to support an overall file of size 16K TB. 03976 // 03977 03978 Subsection->NumberOfFullSectors = (ULONG)LastFileChunk; 03979 03980 Subsection->u.SubsectionFlags.SectorEndOffset = 03981 (ULONG) EndOfFile & MM4K_MASK; 03982 03983 j = Subsection->PtesInSubsection; 03984 03985 Subsection->PtesInSubsection = (ULONG)( 03986 NumberOfPtesForEntireFile - 03987 (FileOffset >> (PAGE_SHIFT - MM4K_SHIFT))); 03988 03989 #if DBG 03990 MiSubsectionConsistent(Subsection); 03991 #endif 03992 03993 Subsection->UnusedPtes = j - Subsection->PtesInSubsection; 03994 } else { 03995 03996 Subsection->NumberOfFullSectors = 03997 Subsection->PtesInSubsection << (PAGE_SHIFT - MM4K_SHIFT); 03998 #if DBG 03999 MiSubsectionConsistent(Subsection); 04000 #endif 04001 04002 } 04003 04004 MiFillMemoryPte (PointerPte, 04005 (Subsection->PtesInSubsection + 04006 Subsection->UnusedPtes) * sizeof(MMPTE), 04007 TempPte.u.Long); 04008 04009 FileOffset += Subsection->PtesInSubsection << 04010 (PAGE_SHIFT - MM4K_SHIFT); 04011 Subsection = Subsection->NextSubsection; 04012 } while (Subsection != NULL); 04013 04014 return STATUS_SUCCESS; 04015 }

NTSTATUS MiCreateImageFileMap (  IN PFILE_OBJECT  File, OUT PSEGMENT *  Segment )

Definition at line 1424 of file creasect.c. References ASSERT, BYTE_OFFSET, BYTES_TO_PAGES, CcZeroEndOfLastPage(), CONTROL_AREA, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, File, _CONTROL_AREA::FilePointer, FsRtlGetFileSize(), _SEGMENT::ImageInformation, INIT_IMAGE_INFORMATION, IoPageRead(), KeClearEvent, KeInitializeEvent, KernelMode, KeWaitForSingleObject(), LARGE_CONTROL_AREA, _MDL::MappedSystemVa, MDL_MAPPED_TO_SYSTEM_VA, MDL_PAGES_LOCKED, _MDL::MdlFlags, MI_GET_PROTECTION_FROM_SOFT_PTE, MI_ROUND_TO_SIZE, MI_WRITE_INVALID_PTE, MiChargeCommitment(), MiFlushDataSection(), MiGetImageProtection(), MiGetPageForHeader(), MiGetSubsectionAddress, MiGetSubsectionAddressForPte, MiHydra, MiMapImageHeaderInHyperSpace(), MiRemoveImageHeaderPage(), MiReturnCommitment(), MiUnmapImageHeaderInHyperSpace(), MiUpdateImageHeaderPage(), MiVerifyImageHeader(), MM_COPY_ON_WRITE_MASK, MM_DBG_COMMIT_IMAGE, MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA, MM_EXECUTE_WRITECOPY, MM_MAXIMUM_IMAGE_HEADER, MM_PROTECTION_WRITE_MASK, MM_PROTO_PTE_ALIGNMENT, MM_READONLY, MM_TRACK_COMMIT, MmBuildMdlForNonPagedPool(), MMCONTROL, MmCreateMdl(), MMPTE, MMSECT, MmSectionCommitMutex, MMSECTOR_MASK, MMSECTOR_SHIFT, MmSharedCommit, MmSizeOfMdl(), MMTEMPORARY, MmUnmapLockedPages(), _SUBSECTION::NextSubsection, NonPagedPool, _LARGE_CONTROL_AREA::NonPagedPoolUsage, _CONTROL_AREA::NonPagedPoolUsage, NT_SUCCESS, NTSTATUS(), NULL, _SUBSECTION::NumberOfFullSectors, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PLARGE_CONTROL_AREA, _SEGMENT::PrototypePte, PTE_SHIFT, _SUBSECTION::PtesInSubsection, SectorOffset, _CONTROL_AREA::Segment, SEGMENT, _LARGE_CONTROL_AREA::SessionId, _SUBSECTION::StartingSector, Status, SUBSECTION, _SUBSECTION::SubsectionBase, _SEGMENT::TotalNumberOfPtes, TRUE, _LARGE_CONTROL_AREA::u, _SUBSECTION::u, _MMPTE::u, _CONTROL_AREA::u, _SUBSECTION::UnusedPtes, _LARGE_CONTROL_AREA::UserGlobalList, USHORT, WrPageIn, X64K, ZERO_LARGE, and ZeroPte. Referenced by MmCreateSection(). : This function creates the necessary structures to allow the mapping of an image file. The image file is opened and verified for correctness, a segment object is created and initialized based on data in the image header. Arguments: File - Supplies the file object for the image file. Segment - Returns the segment object. Return Value: Returns the status value. TBS --*/ { NTSTATUS Status; ULONG_PTR EndingAddress; ULONG NumberOfPtes; ULONG SizeOfSegment; ULONG SectionVirtualSize; ULONG i; ULONG j; PCONTROL_AREA ControlArea; PSUBSECTION Subsection; PMMPTE PointerPte; MMPTE TempPte; MMPTE TempPteDemandZero; PVOID Base; PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeader; PIMAGE_FILE_HEADER FileHeader; ULONG SizeOfImage; ULONG SizeOfHeaders; #if defined(_WIN64) PIMAGE_NT_HEADERS32 NtHeader32; #endif PIMAGE_SECTION_HEADER SectionTableEntry; PSEGMENT NewSegment; ULONG SectorOffset; ULONG NumberOfSubsections; PFN_NUMBER PageFrameNumber; LARGE_INTEGER StartingOffset; PCHAR ExtendedHeader; PPFN_NUMBER Page; ULONG_PTR PreferredImageBase; ULONG_PTR NextVa; PKEVENT InPageEvent; PMDL Mdl; ULONG ImageFileSize; ULONG OffsetToSectionTable; ULONG ImageAlignment; ULONG RoundingAlignment; ULONG FileAlignment; BOOLEAN ImageCommit; BOOLEAN SectionCommit; IO_STATUS_BLOCK IoStatus; LARGE_INTEGER EndOfFile; ULONG NtHeaderSize; ULONG SubsectionsAllocated; PLARGE_CONTROL_AREA LargeControlArea; PSUBSECTION NewSubsection; ULONG OriginalProtection; ULONG LoaderFlags; #if defined (_ALPHA_) || defined(_IA64_) //[barrybo] bugbug: The image alignment code should be switched back // out on IA64 when EMNT supports 4k pages for WOW64. BOOLEAN InvalidAlignmentAllowed = FALSE; ULONG TempNumberOfSubsections; PIMAGE_SECTION_HEADER TempSectionTableEntry; ULONG AdditionalSubsections; ULONG AdditionalPtes; ULONG AdditionalBasePtes; ULONG NewSubsectionsAllocated; PSEGMENT OldSegment; PMMPTE NewPointerPte; PMMPTE OldPointerPte; ULONG OrigNumberOfPtes; PCONTROL_AREA NewControlArea; #endif ExtendedHeader = NULL; // ************************************************************* // Create image file section. // ************************************************************* PAGED_CODE(); Status = FsRtlGetFileSize (File, &EndOfFile); if (Status == STATUS_FILE_IS_A_DIRECTORY) { // // Can't map a directory as a section. Return error. // return STATUS_INVALID_FILE_FOR_SECTION; } if (!NT_SUCCESS (Status)) { return Status; } if (EndOfFile.HighPart != 0) { // // File too big. Return error. // return STATUS_INVALID_FILE_FOR_SECTION; } // // Create a segment which maps an image file. // For now map a COFF image file with the subsections // containing the based address of the file. // // // Read in the file header. // InPageEvent = ExAllocatePoolWithTag (NonPagedPool, sizeof(KEVENT) + MmSizeOfMdl ( NULL, MM_MAXIMUM_IMAGE_HEADER), MMTEMPORARY); if (InPageEvent == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } Mdl = (PMDL)(InPageEvent + 1); // // Create an event for the read operation. // KeInitializeEvent (InPageEvent, NotificationEvent, FALSE); // // Build an MDL for the operation. // MmCreateMdl( Mdl, NULL, PAGE_SIZE); Mdl->MdlFlags |= MDL_PAGES_LOCKED; PageFrameNumber = MiGetPageForHeader(); Page = (PPFN_NUMBER)(Mdl + 1); *Page = PageFrameNumber; ZERO_LARGE (StartingOffset); CcZeroEndOfLastPage (File); // // Flush the data section if there is one. // MiFlushDataSection (File); Mdl->MdlFlags |= MDL_PAGES_LOCKED; Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } goto BadSection; } Base = MiMapImageHeaderInHyperSpace (PageFrameNumber); DosHeader = (PIMAGE_DOS_HEADER)Base; if (IoStatus.Information != PAGE_SIZE) { // // A full page was not read from the file, zero any remaining // bytes. // RtlZeroMemory ((PVOID)((PCHAR)Base + IoStatus.Information), PAGE_SIZE - IoStatus.Information); } // // Check to determine if this is an NT image (PE format) or // a DOS image, Win-16 image, or OS/2 image. If the image is // not NT format, return an error indicating which image it // appears to be. // if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE) { Status = STATUS_INVALID_IMAGE_NOT_MZ; goto NeImage; } #ifndef i386 if (((ULONG)DosHeader->e_lfanew & 3) != 0) { // // The image header is not aligned on a longword boundary. // Report this as an invalid protect mode image. // Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } #endif if ((ULONG)DosHeader->e_lfanew > EndOfFile.LowPart) { Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } if (((ULONG)DosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + (16 * sizeof(IMAGE_SECTION_HEADER))) <= (ULONG)DosHeader->e_lfanew) { Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } if (((ULONG)DosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + (16 * sizeof(IMAGE_SECTION_HEADER))) > PAGE_SIZE) { // // The PE header is not within the page already read or the // objects are in another page. // Build another MDL and read an additional 8k. // ExtendedHeader = ExAllocatePoolWithTag (NonPagedPool, MM_MAXIMUM_IMAGE_HEADER, MMTEMPORARY); if (ExtendedHeader == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Build an MDL for the operation. // MmCreateMdl( Mdl, ExtendedHeader, MM_MAXIMUM_IMAGE_HEADER); MmBuildMdlForNonPagedPool (Mdl); StartingOffset.LowPart = PtrToUlong(PAGE_ALIGN ((ULONG)DosHeader->e_lfanew)); KeClearEvent (InPageEvent); Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } goto NeImage; } NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)ExtendedHeader + BYTE_OFFSET((ULONG)DosHeader->e_lfanew)); NtHeaderSize = MM_MAXIMUM_IMAGE_HEADER - (ULONG)(BYTE_OFFSET((ULONG)DosHeader->e_lfanew)); } else { NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)DosHeader + (ULONG)DosHeader->e_lfanew); NtHeaderSize = PAGE_SIZE - (ULONG)DosHeader->e_lfanew; } FileHeader = &NtHeader->FileHeader; // // Check to see if this is an NT image or a DOS or OS/2 image. // Status = MiVerifyImageHeader (NtHeader, DosHeader, NtHeaderSize); if (Status != STATUS_SUCCESS) { goto NeImage; } #if defined(_WIN64) if (NtHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // The image is 32-bit. All code below this point must check // if NtHeader is NULL. If it is, then the image is PE32 and // NtHeader32 must be used. // NtHeader32 = (PIMAGE_NT_HEADERS32)NtHeader; NtHeader = NULL; } else { NtHeader32 = NULL; } if (NtHeader) { #endif ImageAlignment = NtHeader->OptionalHeader.SectionAlignment; FileAlignment = NtHeader->OptionalHeader.FileAlignment - 1; SizeOfImage = NtHeader->OptionalHeader.SizeOfImage; LoaderFlags = NtHeader->OptionalHeader.LoaderFlags; #if defined (_WIN64) } else { ImageAlignment = NtHeader32->OptionalHeader.SectionAlignment; FileAlignment = NtHeader32->OptionalHeader.FileAlignment - 1; SizeOfImage = NtHeader32->OptionalHeader.SizeOfImage; LoaderFlags = NtHeader32->OptionalHeader.LoaderFlags; } #endif RoundingAlignment = ImageAlignment; NumberOfSubsections = FileHeader->NumberOfSections; if (ImageAlignment < PAGE_SIZE) { // // The image alignment is less than the page size, // map the image with a single subsection. // ControlArea = ExAllocatePoolWithTag (NonPagedPool, (ULONG)(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION))), MMCONTROL); SubsectionsAllocated = 1; } else { // // Allocate a control area and a subsection for each section // header plus one for the image header which has no section. // ControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG)(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * (NumberOfSubsections + 1))), 'iCmM'); SubsectionsAllocated = NumberOfSubsections + 1; } if (ControlArea == NULL) { // // The requested pool could not be allocated. // Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Zero the control area and the FIRST subsection. // RtlZeroMemory (ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + sizeof(SUBSECTION) * SubsectionsAllocated); ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); Subsection = (PSUBSECTION)(ControlArea + 1); NumberOfPtes = BYTES_TO_PAGES (SizeOfImage); if (NumberOfPtes == 0) { ExFreePool (ControlArea); Status = STATUS_INVALID_IMAGE_FORMAT; goto NeImage; } #if defined (_ALPHA_) || defined(_IA64_) if (ImageAlignment < PAGE_SIZE && KeGetPreviousMode() != KernelMode && (FileHeader->Machine < USER_SHARED_DATA->ImageNumberLow || FileHeader->Machine > USER_SHARED_DATA->ImageNumberHigh)) { InvalidAlignmentAllowed = TRUE; } OrigNumberOfPtes = NumberOfPtes; #endif SizeOfSegment = sizeof(SEGMENT) + (sizeof(MMPTE) * (NumberOfPtes - 1)) + sizeof(SECTION_IMAGE_INFORMATION); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } *Segment = NewSegment; RtlZeroMemory (NewSegment, sizeof(SEGMENT)); // // Align the prototype PTEs on the proper boundary. // PointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } NewSegment->PrototypePte = &NewSegment->ThePtes[i]; NewSegment->ControlArea = ControlArea; NewSegment->ImageInformation = (PSECTION_IMAGE_INFORMATION)((PCHAR)NewSegment + sizeof(SEGMENT) + (sizeof(MMPTE) * (NumberOfPtes - 1))); NewSegment->TotalNumberOfPtes = NumberOfPtes; NewSegment->NonExtendedPtes = NumberOfPtes; NewSegment->SizeOfSegment = (ULONG_PTR)NumberOfPtes * PAGE_SIZE; RtlZeroMemory (NewSegment->ImageInformation, sizeof (SECTION_IMAGE_INFORMATION)); // // This code is built twice on the Win64 build - once for PE32+ and once for // PE32 images. // #define INIT_IMAGE_INFORMATION(OptHdr) { \ NewSegment->ImageInformation->TransferAddress = \ (PVOID)((ULONG_PTR)((OptHdr).ImageBase) + \ (OptHdr).AddressOfEntryPoint); \ NewSegment->ImageInformation->MaximumStackSize = \ (OptHdr).SizeOfStackReserve; \ NewSegment->ImageInformation->CommittedStackSize = \ (OptHdr).SizeOfStackCommit; \ NewSegment->ImageInformation->SubSystemType = \ (OptHdr).Subsystem; \ NewSegment->ImageInformation->SubSystemMajorVersion = (USHORT)((OptHdr).MajorSubsystemVersion); \ NewSegment->ImageInformation->SubSystemMinorVersion = (USHORT)((OptHdr).MinorSubsystemVersion); \ NewSegment->ImageInformation->DllCharacteristics = \ (OptHdr).DllCharacteristics; \ NewSegment->ImageInformation->ImageContainsCode = \ (BOOLEAN)(((OptHdr).SizeOfCode != 0) || \ ((OptHdr).AddressOfEntryPoint != 0)); \ } #if defined (_WIN64) if (NtHeader) { #endif INIT_IMAGE_INFORMATION(NtHeader->OptionalHeader); #if defined (_WIN64) } else { // The image is 32-bit so use the 32-bit header INIT_IMAGE_INFORMATION(NtHeader32->OptionalHeader); } #endif #undef INIT_IMAGE_INFORMATION NewSegment->ImageInformation->ImageCharacteristics = FileHeader->Characteristics; NewSegment->ImageInformation->Machine = FileHeader->Machine; ControlArea->Segment = NewSegment; ControlArea->NumberOfSectionReferences = 1; ControlArea->NumberOfUserReferences = 1; ControlArea->u.Flags.BeingCreated = 1; ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); if (ImageAlignment < PAGE_SIZE) { // // Image alignment is less than a page, the number // of subsections is 1. // ControlArea->NumberOfSubsections = 1; } else { ControlArea->NumberOfSubsections = (USHORT)NumberOfSubsections; } ControlArea->u.Flags.Image = 1; ControlArea->u.Flags.File = 1; if ((FILE_FLOPPY_DISKETTE & File->DeviceObject->Characteristics) || ((FileHeader->Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) && (FILE_REMOVABLE_MEDIA & File->DeviceObject->Characteristics)) || ((FileHeader->Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP) && (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics))) { // // This file resides on a floppy disk or a removable media or // network with flags set indicating it should be copied // to the paging file. // ControlArea->u.Flags.FloppyMedia = 1; } if (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics) { // // This file resides on a redirected drive. // ControlArea->u.Flags.Networked = 1; } ControlArea->FilePointer = File; // // Build the subsection and prototype PTEs for the image header. // Subsection->ControlArea = ControlArea; #if defined(_WIN64) if (NtHeader) { #endif NextVa = NtHeader->OptionalHeader.ImageBase; #if defined(_WIN64) } else { NextVa = NtHeader32->OptionalHeader.ImageBase; } #endif if ((NextVa & (X64K - 1)) != 0) { // // Image header is not aligned on a 64k boundary. // goto BadPeImageSegment; } NewSegment->BasedAddress = (PVOID)NextVa; #if defined(_WIN64) if (NtHeader) { #endif SizeOfHeaders = NtHeader->OptionalHeader.SizeOfHeaders; #if defined(_WIN64) } else { SizeOfHeaders = NtHeader32->OptionalHeader.SizeOfHeaders; } #endif if (SizeOfHeaders >= SizeOfImage) { goto BadPeImageSegment; } Subsection->PtesInSubsection = MI_ROUND_TO_SIZE ( SizeOfHeaders, ImageAlignment ) >> PAGE_SHIFT; PointerPte = NewSegment->PrototypePte; Subsection->SubsectionBase = PointerPte; TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); TempPte.u.Soft.Prototype = 1; NewSegment->SegmentPteTemplate = TempPte; SectorOffset = 0; if (ImageAlignment < PAGE_SIZE) { // // Aligned on less than a page size boundary. // Build a single subsection to refer to the image. // PointerPte = NewSegment->PrototypePte; Subsection->PtesInSubsection = NumberOfPtes; Subsection->NumberOfFullSectors = (ULONG)(EndOfFile.QuadPart >> MMSECTOR_SHIFT); ASSERT ((ULONG)(EndOfFile.HighPart & 0xFFFFF000) == 0); Subsection->u.SubsectionFlags.SectorEndOffset = EndOfFile.LowPart & MMSECTOR_MASK; Subsection->u.SubsectionFlags.Protection = MM_EXECUTE_WRITECOPY; // // Set all the PTEs to the execute-read-write protection. // The section will control access to these and the segment // must provide a method to allow other users to map the file // for various protections. // TempPte.u.Soft.Protection = MM_EXECUTE_WRITECOPY; NewSegment->SegmentPteTemplate = TempPte; #if defined (_ALPHA_) || defined(_IA64_) // // Invalid image alignments are supported for cross platform // emulation. Only alpha and IA64 require extra handling because page // size is larger than x86. // if (InvalidAlignmentAllowed) { TempPteDemandZero.u.Long = 0; TempPteDemandZero.u.Soft.Protection = MM_EXECUTE_WRITECOPY; SectorOffset = 0; for (i = 0; i < NumberOfPtes; i += 1) { // // Set prototype PTEs. // if (SectorOffset < EndOfFile.LowPart) { // // Data resides on the disk, refer to the control section. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { // // Data does not reside on the disk, use Demand zero pages. // MI_WRITE_INVALID_PTE (PointerPte, TempPteDemandZero); } SectorOffset += PAGE_SIZE; PointerPte += 1; } } else #endif { for (i = 0; i < NumberOfPtes; i += 1) { // // Set all the prototype PTEs to refer to the control section. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); PointerPte += 1; } } NewSegment->ImageCommitment = NumberOfPtes; // // Indicate alignment is less than a page. // TempPte.u.Long = 0; } else { // // Alignment is PAGE_SIZE or greater. // if (Subsection->PtesInSubsection > NumberOfPtes) { // // Inconsistent image, size does not agree with header. // goto BadPeImageSegment; } NumberOfPtes -= Subsection->PtesInSubsection; Subsection->NumberOfFullSectors = SizeOfHeaders >> MMSECTOR_SHIFT; Subsection->u.SubsectionFlags.SectorEndOffset = SizeOfHeaders & MMSECTOR_MASK; Subsection->u.SubsectionFlags.ReadOnly = 1; Subsection->u.SubsectionFlags.CopyOnWrite = 1; Subsection->u.SubsectionFlags.Protection = MM_READONLY; TempPte.u.Soft.Protection = MM_READONLY; NewSegment->SegmentPteTemplate = TempPte; for (i = 0; i < Subsection->PtesInSubsection; i += 1) { // // Set all the prototype PTEs to refer to the control section. // if (SectorOffset < SizeOfHeaders) { MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } SectorOffset += PAGE_SIZE; PointerPte += 1; NextVa += PAGE_SIZE; } } // // Build the next subsections. // #if defined(_WIN64) if (NtHeader) { #endif PreferredImageBase = NtHeader->OptionalHeader.ImageBase; #if defined(_WIN64) } else { PreferredImageBase = NtHeader32->OptionalHeader.ImageBase; } #endif // // At this point the object table is read in (if it was not // already read in) and may displace the image header. // SectionTableEntry = NULL; OffsetToSectionTable = sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER) + FileHeader->SizeOfOptionalHeader; if ((BYTE_OFFSET(NtHeader) + OffsetToSectionTable + #if defined (_WIN64) BYTE_OFFSET(NtHeader32) + #endif ((NumberOfSubsections + 1) * sizeof (IMAGE_SECTION_HEADER))) <= PAGE_SIZE) { // // Section tables are within the header which was read. // #if defined(_WIN64) if (NtHeader32) { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader32 + OffsetToSectionTable); } else #endif { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); } } else { // // Has an extended header been read in and are the object // tables resident? // if (ExtendedHeader != NULL) { #if defined(_WIN64) if (NtHeader32) { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader32 + OffsetToSectionTable); } else #endif { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); } // // Is the whole range of object tables mapped by the // extended header? // if ((((PCHAR)SectionTableEntry + ((NumberOfSubsections + 1) * sizeof (IMAGE_SECTION_HEADER))) - (PCHAR)ExtendedHeader) > MM_MAXIMUM_IMAGE_HEADER) { SectionTableEntry = NULL; } } } if (SectionTableEntry == NULL) { // // The section table entries are not in the same // pages as the other data already read in. Read in // the object table entries. // if (ExtendedHeader == NULL) { ExtendedHeader = ExAllocatePoolWithTag (NonPagedPool, MM_MAXIMUM_IMAGE_HEADER, MMTEMPORARY); if (ExtendedHeader == NULL) { ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Build an MDL for the operation. // MmCreateMdl( Mdl, ExtendedHeader, MM_MAXIMUM_IMAGE_HEADER); MmBuildMdlForNonPagedPool (Mdl); } StartingOffset.LowPart = PtrToUlong(PAGE_ALIGN ( (ULONG)DosHeader->e_lfanew + OffsetToSectionTable)); SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)ExtendedHeader + BYTE_OFFSET((ULONG)DosHeader->e_lfanew + OffsetToSectionTable)); KeClearEvent (InPageEvent); Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } // // From this point on NtHeader is only valid if it // was in the first 4k of the image, otherwise reading in // the object tables wiped it out. // } if (TempPte.u.Long == 0 #if defined (_ALPHA_) || defined(_IA64_) && (!InvalidAlignmentAllowed) #endif ) { // The image header is no longer valid, TempPte is // used to indicate that this image alignment is // less than a PAGE_SIZE. // // Loop through all sections and make sure there is no // uninitialized data. // Status = STATUS_SUCCESS; while (NumberOfSubsections > 0) { if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } // // If the raw pointer + raw size overflows a long word, return an error. // if (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData < SectionTableEntry->PointerToRawData) { KdPrint(("MMCREASECT: invalid section/file size %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; break; } // // If the virtual size and address does not match the rawdata // and invalid alignments not allowed return an error. // if (((SectionTableEntry->PointerToRawData != SectionTableEntry->VirtualAddress)) || (SectionVirtualSize > SectionTableEntry->SizeOfRawData)) { KdPrint(("MMCREASECT: invalid BSS/Trailingzero %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; break; } SectionTableEntry += 1; NumberOfSubsections -= 1; } if (!NT_SUCCESS(Status)) { ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } goto PeReturnSuccess; } #if defined (_ALPHA_) || defined(_IA64_) else if (TempPte.u.Long == 0 && InvalidAlignmentAllowed) { TempNumberOfSubsections = NumberOfSubsections; TempSectionTableEntry = SectionTableEntry; // // The image header is no longer valid, TempPte is // used to indicate that this image alignment is // less than a PAGE_SIZE. // // // Loop through all sections and make sure there is no // uninitialized data. // // Also determine if there are shared data sections and // the number of extra ptes they require. // AdditionalSubsections = 0; AdditionalPtes = 0; AdditionalBasePtes = 0; RoundingAlignment = PAGE_SIZE; while (TempNumberOfSubsections > 0) { ULONG EndOfSection; ULONG ExtraPages; if (TempSectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = TempSectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = TempSectionTableEntry->Misc.VirtualSize; } EndOfSection = TempSectionTableEntry->PointerToRawData + TempSectionTableEntry->SizeOfRawData; // // If the raw pointer + raw size overflows a long word, return an error. // if (EndOfSection < TempSectionTableEntry->PointerToRawData) { KdPrint(("MMCREASECT: invalid section/file size %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } // // If the section goes past SizeOfImage then allocate additional PTEs. // On x86 this is handled by the subsection mapping. On alpha this is handled // by the Wx86 loader extension after the image has been mapped in. But the // additional data must be in memory so it can be shuffled around later. // if ((EndOfSection <= EndOfFile.LowPart) && (EndOfSection > SizeOfImage)) { // // Allocate enough PTEs to cover the end of this section. // Maximize with any other sections that extend beyond SizeOfImage // ExtraPages = MI_ROUND_TO_SIZE (EndOfSection - SizeOfImage, RoundingAlignment) >> PAGE_SHIFT; if (ExtraPages > AdditionalBasePtes) { AdditionalBasePtes = ExtraPages; } } // Count number of shared data sections and additional ptes needed if ((TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_SHARED) && (!(TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_EXECUTE) || (TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_WRITE))) { AdditionalPtes += MI_ROUND_TO_SIZE (SectionVirtualSize, RoundingAlignment) >> PAGE_SHIFT; AdditionalSubsections += 1; } TempSectionTableEntry += 1; TempNumberOfSubsections -= 1; } if (AdditionalBasePtes == 0 && (AdditionalSubsections == 0 || AdditionalPtes == 0)) { // no shared data sections goto PeReturnSuccess; } // // There are additional Base PTEs or shared data sections. // For shared sections, allocate new PTEs for these sections // at the end of the image. The WX86 loader will change // fixups to point to the new pages. // // First reallocate the control area. // NewSubsectionsAllocated = SubsectionsAllocated + AdditionalSubsections; NewControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG) (sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * NewSubsectionsAllocated)), 'iCmM'); if (NewControlArea == NULL) { ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Copy the old control area to the new one, modify some fields. // RtlMoveMemory (NewControlArea, ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION) * SubsectionsAllocated); NewControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * NewSubsectionsAllocated)); NewControlArea->NumberOfSubsections = (USHORT) NewSubsectionsAllocated; // // Now allocate a new segment that has the newly calculated number // of PTEs, initialize it from the previously allocated new segment, // and overwrite the fields that should be changed. // OldSegment = NewSegment; OrigNumberOfPtes += AdditionalBasePtes; SizeOfSegment = sizeof(SEGMENT) + (sizeof(MMPTE) * (OrigNumberOfPtes + AdditionalPtes - 1)) + sizeof(SECTION_IMAGE_INFORMATION); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // ExFreePool (ControlArea); ExFreePool (NewControlArea); ExFreePool (OldSegment); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } *Segment = NewSegment; RtlMoveMemory (NewSegment, OldSegment, sizeof(SEGMENT)); // // Align the prototype PTEs on the proper boundary. // NewPointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)NewPointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } NewSegment->PrototypePte = &NewSegment->ThePtes[i]; if (i != 0) { RtlZeroMemory (&NewSegment->ThePtes[0], sizeof(MMPTE) * i); } PointerPte = NewSegment->PrototypePte + (PointerPte - OldSegment->PrototypePte); NewSegment->ControlArea = NewControlArea; NewSegment->ImageInformation = (PSECTION_IMAGE_INFORMATION)((PCHAR)NewSegment + sizeof(SEGMENT) + (sizeof(MMPTE) * (OrigNumberOfPtes + AdditionalPtes - 1))); NewSegment->TotalNumberOfPtes = OrigNumberOfPtes + AdditionalPtes; NewSegment->NonExtendedPtes = OrigNumberOfPtes + AdditionalPtes; NewSegment->SizeOfSegment = (ULONG_PTR)(OrigNumberOfPtes + AdditionalPtes) * PAGE_SIZE; RtlMoveMemory (NewSegment->ImageInformation, OldSegment->ImageInformation, sizeof (SECTION_IMAGE_INFORMATION)); // // Now change the fields in the subsections to account for the new // control area and the new segment. Also change the PTEs in the // newly allocated segment to point to the new subsections. // NewControlArea->Segment = NewSegment; NewControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + ((OrigNumberOfPtes + AdditionalPtes) * sizeof(MMPTE)))); Subsection = (PSUBSECTION)(ControlArea + 1); NewSubsection = (PSUBSECTION)(NewControlArea + 1); NewSubsection->PtesInSubsection += AdditionalBasePtes; for (i = 0; i < SubsectionsAllocated; i += 1) { // // Note: SubsectionsAllocated is always 1 (for wx86), so this loop // is executed only once. // NewSubsection->ControlArea = (PCONTROL_AREA) NewControlArea; NewSubsection->SubsectionBase = NewSegment->PrototypePte + (Subsection->SubsectionBase - OldSegment->PrototypePte); NewPointerPte = NewSegment->PrototypePte; OldPointerPte = OldSegment->PrototypePte; TempPte.u.Long = MiGetSubsectionAddressForPte (NewSubsection); TempPte.u.Soft.Prototype = 1; for (j = 0; j < OldSegment->TotalNumberOfPtes+AdditionalBasePtes; j += 1) { if ((OldPointerPte->u.Soft.Prototype == 1) && (MiGetSubsectionAddress (OldPointerPte) == Subsection)) { OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (OldPointerPte); TempPte.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (NewPointerPte, TempPte); } else if (i == 0) { // // Since the outer for loop is executed only once, there // is no need for the i == 0 above, but it is safer to // have it. If the code changes later and other sections // are added, their PTEs will get initialized here as // DemandZero and if they are not DemandZero, they will be // overwritten in a later iteration of the outer loop. // For now, this else if clause will be executed only // for DemandZero PTEs. // OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (OldPointerPte); TempPteDemandZero.u.Long = 0; TempPteDemandZero.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (NewPointerPte, TempPteDemandZero); } NewPointerPte += 1; // Stop incrementing the OldPointerPte at the last entry and use it // for the additional Base PTEs if (j < OldSegment->TotalNumberOfPtes-1) { OldPointerPte += 1; } } Subsection += 1; NewSubsection += 1; } RtlZeroMemory (NewSubsection, sizeof(SUBSECTION) * AdditionalSubsections); ExFreePool (OldSegment); ExFreePool (ControlArea); ControlArea = (PCONTROL_AREA) NewControlArea; // // Adjust some variables that are used below. // PointerPte has already been set above before OldSegment was freed. // SubsectionsAllocated = NewSubsectionsAllocated; Subsection = NewSubsection - 1; // Points to last used subsection. NumberOfPtes = AdditionalPtes; // # PTEs that haven't yet been used in // previous subsections. // Additional Base PTEs have been added. Only continue if there are // additional subsections to process if (AdditionalSubsections == 0 || AdditionalPtes == 0) { // no shared data sections goto PeReturnSuccess; } } #endif while (NumberOfSubsections > 0) { #if defined (_ALPHA_) || defined(_IA64_) if (!InvalidAlignmentAllowed || ((SectionTableEntry->Characteristics & IMAGE_SCN_MEM_SHARED) && (!(SectionTableEntry->Characteristics & IMAGE_SCN_MEM_EXECUTE) || (SectionTableEntry->Characteristics & IMAGE_SCN_MEM_WRITE)))) { #endif // // Handle case where virtual size is 0. // if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } // // Fix for Borland linker problem. The SizeOfRawData can // be a zero, but the PointerToRawData is not zero. // Set it to zero. // if (SectionTableEntry->SizeOfRawData == 0) { SectionTableEntry->PointerToRawData = 0; } // // If the section information wraps return an error. // if (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData < SectionTableEntry->PointerToRawData) { goto BadPeImageSegment; } Subsection += 1; Subsection->ControlArea = ControlArea; Subsection->NextSubsection = (PSUBSECTION)NULL; Subsection->UnusedPtes = 0; if (((NextVa != (PreferredImageBase + SectionTableEntry->VirtualAddress)) #if defined (_ALPHA_) || defined(_IA64_) && !InvalidAlignmentAllowed #endif ) || (SectionVirtualSize == 0)) { // // The specified virtual address does not align // with the next prototype PTE. // goto BadPeImageSegment; } Subsection->PtesInSubsection = MI_ROUND_TO_SIZE (SectionVirtualSize, RoundingAlignment) >> PAGE_SHIFT; if (Subsection->PtesInSubsection > NumberOfPtes) { // // Inconsistent image, size does not agree with object tables. // goto BadPeImageSegment; } NumberOfPtes -= Subsection->PtesInSubsection; Subsection->u.LongFlags = 0; Subsection->StartingSector = SectionTableEntry->PointerToRawData >> MMSECTOR_SHIFT; // // Align ending sector on file align boundary. // EndingAddress = (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData + FileAlignment) & ~FileAlignment; Subsection->NumberOfFullSectors = (ULONG) ((EndingAddress >> MMSECTOR_SHIFT) - Subsection->StartingSector); Subsection->u.SubsectionFlags.SectorEndOffset = (ULONG) EndingAddress & MMSECTOR_MASK; Subsection->SubsectionBase = PointerPte; // // Build both a demand zero PTE and a PTE pointing to the // subsection. // TempPte.u.Long = 0; TempPteDemandZero.u.Long = 0; TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); TempPte.u.Soft.Prototype = 1; ImageFileSize = SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData; TempPte.u.Soft.Protection = MiGetImageProtection (SectionTableEntry->Characteristics); TempPteDemandZero.u.Soft.Protection = TempPte.u.Soft.Protection; if (SectionTableEntry->PointerToRawData == 0) { TempPte = TempPteDemandZero; } Subsection->u.SubsectionFlags.ReadOnly = 1; Subsection->u.SubsectionFlags.CopyOnWrite = 1; Subsection->u.SubsectionFlags.Protection = MI_GET_PROTECTION_FROM_SOFT_PTE (&TempPte); if (TempPte.u.Soft.Protection & MM_PROTECTION_WRITE_MASK) { if ((TempPte.u.Soft.Protection & MM_COPY_ON_WRITE_MASK) == MM_COPY_ON_WRITE_MASK) { // // This page is copy on write, charge ImageCommitment // for all pages in this subsection. // ImageCommit = TRUE; } else { // // This page is write shared, charge commitment when // the mapping completes. // SectionCommit = TRUE; Subsection->u.SubsectionFlags.GlobalMemory = 1; ControlArea->u.Flags.GlobalMemory = 1; } } else { // // Not writable, don't charge commitment at all. // ImageCommit = FALSE; SectionCommit = FALSE; } NewSegment->SegmentPteTemplate = TempPte; SectorOffset = 0; for (i = 0; i < Subsection->PtesInSubsection; i += 1) { // // Set all the prototype PTEs to refer to the control section. // if (SectorOffset < SectionVirtualSize) { // // Make PTE accessible. // if (SectionCommit) { NewSegment->NumberOfCommittedPages += 1; } if (ImageCommit) { NewSegment->ImageCommitment += 1; } if (SectorOffset < SectionTableEntry->SizeOfRawData) { // // Data resides on the disk, use the subsection format PTE. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { // // Demand zero pages. // MI_WRITE_INVALID_PTE (PointerPte, TempPteDemandZero); } } else { // // No access pages. // MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } SectorOffset += PAGE_SIZE; PointerPte += 1; NextVa += PAGE_SIZE; } #if defined (_ALPHA_) || defined(_IA64_) } #endif SectionTableEntry += 1; NumberOfSubsections -= 1; } #if defined (_ALPHA_) || defined(_IA64_) if (!InvalidAlignmentAllowed) { #endif // // Account for the number of subsections that really are mapped. // ASSERT (ImageAlignment >= PAGE_SIZE); ControlArea->NumberOfSubsections += 1; // // If the file size is not as big as the image claimed to be, // return an error. // if (ImageFileSize > EndOfFile.LowPart) { // // Invalid image size. // KdPrint(("MMCREASECT: invalid image size - file size %lx - image size %lx\n %Z\n", EndOfFile.LowPart, ImageFileSize, &File->FileName)); goto BadPeImageSegment; } // // The total number of PTEs was decremented as sections were built, // make sure that there are less than 64k's worth at this point. // if (NumberOfPtes >= (ImageAlignment >> PAGE_SHIFT)) { // // Inconsistent image, size does not agree with object tables. // KdPrint(("MMCREASECT: invalid image - PTE left %lx\n image name %Z\n", NumberOfPtes, &File->FileName)); goto BadPeImageSegment; } // // Set any remaining PTEs to no access. // while (NumberOfPtes != 0) { MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); PointerPte += 1; NumberOfPtes -= 1; } // // Turn the image header page into a transition page within the // prototype PTEs. // if ((ExtendedHeader == NULL) && (SizeOfHeaders < PAGE_SIZE)) { // // Zero remaining portion of header. // RtlZeroMemory ((PVOID)((PCHAR)Base + SizeOfHeaders), PAGE_SIZE - SizeOfHeaders); } #if defined (_ALPHA_) || defined(_IA64_) } #endif if (NewSegment->NumberOfCommittedPages != 0) { // // Commit the pages for the image section. // if (MiChargeCommitment (NewSegment->NumberOfCommittedPages, NULL) == FALSE) { Status = STATUS_COMMITMENT_LIMIT; ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } MM_TRACK_COMMIT (MM_DBG_COMMIT_IMAGE, NewSegment->NumberOfCommittedPages); Status = STATUS_SUCCESS; ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit += NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } PeReturnSuccess: // // If this image is global per session, then allocate a large control // area. Note this doesn't need to be done for systemwide global control // areas or non-global control areas. // if ((MiHydra == TRUE) && (ControlArea->u.Flags.GlobalMemory) && ((LoaderFlags & IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL) == 0)) { LargeControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG)(sizeof(LARGE_CONTROL_AREA) + (sizeof(SUBSECTION) * SubsectionsAllocated)), 'iCmM'); if (LargeControlArea == NULL) { // // The requested pool could not be allocated. // if (NewSegment->NumberOfCommittedPages != 0) { MiReturnCommitment (NewSegment->NumberOfCommittedPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA, NewSegment->NumberOfCommittedPages); ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit -= NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Copy the normal control area into our larger one, fix the linkages, // Fill in the additional fields in the new one and free the old one. // RtlMoveMemory (LargeControlArea, ControlArea, sizeof(CONTROL_AREA)); LargeControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE( sizeof(LARGE_CONTROL_AREA) + (sizeof(SUBSECTION) * SubsectionsAllocated)); ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); Subsection = (PSUBSECTION)(ControlArea + 1); NewSubsection = (PSUBSECTION)(LargeControlArea + 1); for (i = 0; i < SubsectionsAllocated; i += 1) { RtlMoveMemory (NewSubsection, Subsection, sizeof(SUBSECTION)); NewSubsection->ControlArea = (PCONTROL_AREA) LargeControlArea; PointerPte = NewSegment->PrototypePte; TempPte.u.Long = MiGetSubsectionAddressForPte (NewSubsection); TempPte.u.Soft.Prototype = 1; for (j = 0; j < NewSegment->TotalNumberOfPtes; j += 1) { if ((PointerPte->u.Soft.Prototype == 1) && (MiGetSubsectionAddress (PointerPte) == Subsection)) { OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (PointerPte); TempPte.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (PointerPte, TempPte); } PointerPte += 1; } Subsection += 1; NewSubsection += 1; } NewSegment->ControlArea = (PCONTROL_AREA) LargeControlArea; LargeControlArea->u.Flags.GlobalOnlyPerSession = 1; LargeControlArea->SessionId = 0; InitializeListHead (&LargeControlArea->UserGlobalList); ExFreePool (ControlArea); ControlArea = (PCONTROL_AREA) LargeControlArea; } MiUnmapImageHeaderInHyperSpace (); // // Set the PFN database entry for this page to look like a transition // page. // PointerPte = NewSegment->PrototypePte; MiUpdateImageHeaderPage (PointerPte, PageFrameNumber, ControlArea); if (ExtendedHeader != NULL) { ExFreePool (ExtendedHeader); } ExFreePool (InPageEvent); return STATUS_SUCCESS; // // Error returns from image verification. // BadPeImageSegment: ExFreePool (NewSegment); ExFreePool (ControlArea); //BadPeImage: Status = STATUS_INVALID_IMAGE_FORMAT; NeImage: MiUnmapImageHeaderInHyperSpace (); BadSection: MiRemoveImageHeaderPage(PageFrameNumber); if (ExtendedHeader != NULL) { ExFreePool (ExtendedHeader); } ExFreePool (InPageEvent); return Status; }

NTSTATUS MiCreatePagingFileMap (  OUT PSEGMENT *  Segment, IN PUINT64  MaximumSize, IN ULONG  ProtectionMask, IN ULONG  AllocationAttributes )

Definition at line 4018 of file creasect.c. References BYTES_TO_PAGES, CONTROL_AREA, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, MI_WRITE_INVALID_PTE, MiChargeCommitment(), MiReturnCommitment(), MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM, MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, MM_PROTO_PTE_ALIGNMENT, MM_TRACK_COMMIT, MMCONTROL, MMSECT, MmSectionCommitMutex, MmSharedCommit, NonPagedPool, _CONTROL_AREA::NonPagedPoolUsage, NULL, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PTE_SHIFT, _SUBSECTION::PtesInSubsection, ROUND_TO_PAGES, SEGMENT, _CONTROL_AREA::Segment, SUBSECTION, _SUBSECTION::SubsectionBase, _MMPTE::u, _SUBSECTION::u, _CONTROL_AREA::u, and ZeroPte. Referenced by MmCreateSection(). : This function creates the necessary structures to allow the mapping of a paging file. Arguments: Segment - Returns the segment object. MaximumSize - Supplies the maximum size for the mapping. ProtectionMask - Supplies the initial page protection. AllocationAttributes - Supplies the allocation attributes for the mapping. Return Value: Returns the status value. TBS --*/ { PFN_NUMBER NumberOfPtes; ULONG SizeOfSegment; ULONG i; PCONTROL_AREA ControlArea; PSEGMENT NewSegment; PMMPTE PointerPte; PSUBSECTION Subsection; MMPTE TempPte; LARGE_INTEGER SpecifiedSize; PAGED_CODE(); //******************************************************************* // Create a section backed by paging file. //******************************************************************* if (*MaximumSize == 0) { return STATUS_INVALID_PARAMETER_4; } // // Limit page file backed sections to the pagefile maximum size. // #if defined (_WIN64) || defined (_X86PAE_) SpecifiedSize.QuadPart = (ROUND_TO_PAGES (*MaximumSize)) >> PAGE_SHIFT; if (SpecifiedSize.HighPart != 0) #else if (*MaximumSize > (((ULONGLONG) 4 * 1024 * 1024 * 1024)) - (1024 * 1024)) #endif { return STATUS_SECTION_TOO_BIG; } // // Create the segment object. // // // Calculate the number of prototype PTEs to build for this segment. // NumberOfPtes = BYTES_TO_PAGES (*MaximumSize); if (AllocationAttributes & SEC_COMMIT) { // // Commit the pages for the section. // if (MiChargeCommitment (NumberOfPtes, NULL) == FALSE) { return STATUS_COMMITMENT_LIMIT; } MM_TRACK_COMMIT (MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM, NumberOfPtes); } SizeOfSegment = sizeof(SEGMENT) + sizeof(MMPTE) * ((ULONG)NumberOfPtes - 1); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // if (AllocationAttributes & SEC_COMMIT) { MiReturnCommitment (NumberOfPtes); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, NumberOfPtes); } return STATUS_INSUFFICIENT_RESOURCES; } *Segment = NewSegment; ControlArea = ExAllocatePoolWithTag (NonPagedPool, (ULONG)sizeof(CONTROL_AREA) + (ULONG)sizeof(SUBSECTION), MMCONTROL); if (ControlArea == NULL) { // // The requested pool could not be allocated. // ExFreePool (NewSegment); if (AllocationAttributes & SEC_COMMIT) { MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, NumberOfPtes); MiReturnCommitment (NumberOfPtes); } return STATUS_INSUFFICIENT_RESOURCES; } // // Zero control area and first subsection. // RtlZeroMemory (ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->Segment = NewSegment; ControlArea->NumberOfSectionReferences = 1; ControlArea->NumberOfUserReferences = 1; ControlArea->NumberOfSubsections = 1; if (AllocationAttributes & SEC_BASED) { ControlArea->u.Flags.Based = 1; } if (AllocationAttributes & SEC_RESERVE) { ControlArea->u.Flags.Reserve = 1; } if (AllocationAttributes & SEC_COMMIT) { ControlArea->u.Flags.Commit = 1; } Subsection = (PSUBSECTION)(ControlArea + 1); Subsection->ControlArea = ControlArea; Subsection->PtesInSubsection = (ULONG)NumberOfPtes; Subsection->u.SubsectionFlags.Protection = ProtectionMask; // // Align the prototype PTEs on the proper boundary. // PointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } // // Zero the segment header. // RtlZeroMemory (NewSegment, sizeof(SEGMENT)); NewSegment->PrototypePte = &NewSegment->ThePtes[i]; NewSegment->ControlArea = ControlArea; // // As size is limited to 2gb, ignore the high part. // NewSegment->SizeOfSegment = (ULONG_PTR)NumberOfPtes * PAGE_SIZE; NewSegment->TotalNumberOfPtes = (ULONG)NumberOfPtes; NewSegment->NonExtendedPtes = (ULONG)NumberOfPtes; ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); PointerPte = NewSegment->PrototypePte; Subsection->SubsectionBase = PointerPte; TempPte = ZeroPte; if (AllocationAttributes & SEC_COMMIT) { TempPte.u.Soft.Protection = ProtectionMask; // // Record commitment charging. // NewSegment->NumberOfCommittedPages = NumberOfPtes; ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit += NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } NewSegment->SegmentPteTemplate.u.Soft.Protection = ProtectionMask; for (i = 0; i < NumberOfPtes; i += 1) { // // Set all the prototype PTEs to either no access or demand zero // depending on the commit flag. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); PointerPte += 1; } return STATUS_SUCCESS; }

ULONG MiDecrementCloneBlockReference (  IN PMMCLONE_DESCRIPTOR  CloneDescriptor, IN PMMCLONE_BLOCK  CloneBlock, IN PEPROCESS  CurrentProcess )

Definition at line 1745 of file forksup.c. References APC_LEVEL, ASSERT, _MMCLONE_BLOCK::CloneRefCount, DbgPrint, ExFreePool(), FALSE, FreePageList, IS_PTE_NOT_DEMAND_ZERO, KeBugCheckEx(), LOCK_PFN, LOCK_WS_REGARDLESS, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MiDecrementShareCount(), MiInsertPageInList(), MiMakeSystemAddressValidPfnWs(), MiReleasePageFileSpace(), MiRemoveClone, MiUnlinkPageFromList(), MiWaitForForkToComplete(), MM_DBG_FORK, MM_FORK_SUCCEEDED, MmPageLocationList, NonPagedPool, _MMPFN::OriginalPte, PagedPool, PsReturnPoolQuota(), _MMPFN::PteFrame, TRUE, _MMPTE::u, _MMPFN::u3, UNLOCK_PFN, UNLOCK_WS_REGARDLESS, and ZeroPte. Referenced by MiCopyOnWrite(), MiDeletePte(), and MiDeleteValidAddress(). 01753 : 01754 01755 This routine decrements the reference count field of a "fork prototype 01756 PTE" (clone-block). If the reference count becomes zero, the reference 01757 count for the clone-descriptor is decremented and if that becomes zero, 01758 it is deallocated and the number of process count for the clone header is 01759 decremented. If the number of process count becomes zero, the clone 01760 header is deallocated. 01761 01762 Arguments: 01763 01764 CloneDescriptor - Supplies the clone descriptor which describes the 01765 clone block. 01766 01767 CloneBlock - Supplies the clone block to decrement the reference count of. 01768 01769 CurrentProcess - Supplies the current process. 01770 01771 Return Value: 01772 01773 TRUE if the working set mutex was released, FALSE if it was not. 01774 01775 Environment: 01776 01777 Kernel mode, APCs disabled, working set mutex and PFN mutex held. 01778 01779 --*/ 01780 01781 { 01782 01783 ULONG MutexReleased; 01784 MMPTE CloneContents; 01785 PMMPFN Pfn3; 01786 KIRQL OldIrql; 01787 LONG NewCount; 01788 LOGICAL WsHeldSafe; 01789 01790 MutexReleased = FALSE; 01791 OldIrql = APC_LEVEL; 01792 01793 MutexReleased = MiMakeSystemAddressValidPfnWs (CloneBlock, CurrentProcess); 01794 01795 while (CurrentProcess->ForkInProgress) { 01796 MiWaitForForkToComplete (CurrentProcess); 01797 MiMakeSystemAddressValidPfnWs (CloneBlock, CurrentProcess); 01798 MutexReleased = TRUE; 01799 } 01800 01801 CloneBlock->CloneRefCount -= 1; 01802 NewCount = CloneBlock->CloneRefCount; 01803 01804 ASSERT (NewCount >= 0); 01805 01806 if (NewCount == 0) { 01807 CloneContents = CloneBlock->ProtoPte; 01808 } else { 01809 CloneContents = ZeroPte; 01810 } 01811 01812 if ((NewCount == 0) && (CloneContents.u.Long != 0)) { 01813 01814 // 01815 // The last reference to a fork prototype PTE 01816 // has been removed. Deallocate any page file 01817 // space and the transition page, if any. 01818 // 01819 01820 01821 // 01822 // Assert that the page is no longer valid. 01823 // 01824 01825 ASSERT (CloneContents.u.Hard.Valid == 0); 01826 01827 // 01828 // Assert that the PTE is not in subsection format (doesn't point 01829 // to a file). 01830 // 01831 01832 ASSERT (CloneContents.u.Soft.Prototype == 0); 01833 01834 if (CloneContents.u.Soft.Transition == 1) { 01835 01836 // 01837 // Prototype PTE in transition, put the page 01838 // on the free list. 01839 // 01840 01841 Pfn3 = MI_PFN_ELEMENT (CloneContents.u.Trans.PageFrameNumber); 01842 MI_SET_PFN_DELETED (Pfn3); 01843 01844 MiDecrementShareCount (Pfn3->PteFrame); 01845 01846 // 01847 // Check the reference count for the page, if the reference 01848 // count is zero and the page is not on the freelist, 01849 // move the page to the free list, if the reference 01850 // count is not zero, ignore this page. 01851 // When the reference count goes to zero, it will be placed on the 01852 // free list. 01853 // 01854 01855 if ((Pfn3->u3.e2.ReferenceCount == 0) && 01856 (Pfn3->u3.e1.PageLocation != FreePageList)) { 01857 01858 MiUnlinkPageFromList (Pfn3); 01859 MiReleasePageFileSpace (Pfn3->OriginalPte); 01860 MiInsertPageInList (MmPageLocationList[FreePageList], 01861 MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE(&CloneContents)); 01862 } 01863 } else { 01864 01865 if (IS_PTE_NOT_DEMAND_ZERO (CloneContents)) { 01866 MiReleasePageFileSpace (CloneContents); 01867 } 01868 } 01869 } 01870 01871 // 01872 // Decrement the number of references to the 01873 // clone descriptor. 01874 // 01875 01876 CloneDescriptor->NumberOfReferences -= 1; 01877 01878 if (CloneDescriptor->NumberOfReferences == 0) { 01879 01880 // 01881 // There are no longer any PTEs in this process which refer 01882 // to the fork prototype PTEs for this clone descriptor. 01883 // Remove the CloneDescriptor and decrement the CloneHeader 01884 // number of process's reference count. 01885 // 01886 01887 CloneDescriptor->CloneHeader->NumberOfProcessReferences -= 1; 01888 01889 MiRemoveClone (CloneDescriptor); 01890 01891 if (CloneDescriptor->CloneHeader->NumberOfProcessReferences == 0) { 01892 01893 // 01894 // There are no more processes pointing to this fork header 01895 // blow it away. 01896 // 01897 01898 UNLOCK_PFN (OldIrql); 01899 01900 // 01901 // The working set lock may have been acquired safely or unsafely 01902 // by our caller. Handle both cases here and below. 01903 // 01904 01905 UNLOCK_WS_REGARDLESS (CurrentProcess, WsHeldSafe); 01906 01907 MutexReleased = TRUE; 01908 01909 01910 #if DBG 01911 { 01912 01913 ULONG i; 01914 PMMCLONE_BLOCK OldCloneBlock; 01915 01916 OldCloneBlock = CloneDescriptor->CloneHeader->ClonePtes; 01917 for (i = 0; i < CloneDescriptor->CloneHeader->NumberOfPtes; i += 1) { 01918 if (OldCloneBlock->CloneRefCount != 0) { 01919 DbgPrint("fork block with non zero ref count %lx %lx %lx\n", 01920 OldCloneBlock, CloneDescriptor, 01921 CloneDescriptor->CloneHeader); 01922 KeBugCheckEx (MEMORY_MANAGEMENT, 1, 0, 0, 0); 01923 } 01924 } 01925 01926 if (MmDebug & MM_DBG_FORK) { 01927 DbgPrint("removing clone header at address %lx\n", 01928 CloneDescriptor->CloneHeader); 01929 } 01930 01931 } 01932 #endif //DBG 01933 01934 ExFreePool (CloneDescriptor->CloneHeader->ClonePtes); 01935 01936 ExFreePool (CloneDescriptor->CloneHeader); 01937 01938 // 01939 // The working set lock may have been acquired safely or unsafely 01940 // by our caller. Reacquire it in the same manner our caller did. 01941 // 01942 01943 LOCK_WS_REGARDLESS (CurrentProcess, WsHeldSafe); 01944 01945 LOCK_PFN (OldIrql); 01946 } 01947 01948 #if DBG 01949 if (MmDebug & MM_DBG_FORK) { 01950 DbgPrint("removing clone descriptor at address %lx\n",CloneDescriptor); 01951 } 01952 #endif //DBG 01953 01954 // 01955 // Return the pool for the global structures referenced by the 01956 // clone descriptor. 01957 // 01958 01959 UNLOCK_PFN (OldIrql); 01960 01961 if (CurrentProcess->ForkWasSuccessful == MM_FORK_SUCCEEDED) { 01962 01963 PsReturnPoolQuota (CurrentProcess, 01964 PagedPool, 01965 CloneDescriptor->PagedPoolQuotaCharge); 01966 01967 PsReturnPoolQuota (CurrentProcess, 01968 NonPagedPool, 01969 sizeof(MMCLONE_HEADER)); 01970 } 01971 01972 ExFreePool (CloneDescriptor); 01973 LOCK_PFN (OldIrql); 01974 } 01975 01976 return MutexReleased; 01977 }

VOID FASTCALL MiDecrementReferenceCount (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 167 of file pfndec.c. References ActiveAndValid, ASSERT, BadPageList, FreePageList, KeBugCheckEx(), MI_IS_PFN_DELETED, MI_PFN_ELEMENT, MiInsertPageInList(), MiInsertStandbyListAtFront(), MiReleasePageFileSpace(), MiRestoreTransitionPte(), MM_PFN_LOCK_ASSERT, MmFrontOfList, MmHighestPhysicalPage, MmPageLocationList, ModifiedPageList, _MMPFN::OriginalPte, StandbyPageList, _MMPFN::u2, and _MMPFN::u3. Referenced by MiCleanSection(), MiDecrementShareCount(), MiDispatchFault(), MiDownPfnReferenceCount(), MiFlushSectionInternal(), MiFreeNonPagedPool(), MiInitMachineDependent(), MiRemoveImageHeaderPage(), MiResolveTransitionFault(), MiSessionCreateInternal(), MiUnlockPagedAddress(), MiUpdateImageHeaderPage(), MiWriteComplete(), MmFreePagesFromMdl(), MmRemovePhysicalMemory(), MmReturnMemoryForHibernate(), MmShutdownSystem(), MmTrimAllSystemPagableMemory(), MmUnlockPagableImageSection(), MmUnlockPagedPool(), and MmUnlockPages(). 00173 : 00174 00175 This routine decrements the reference count for the specified page. 00176 If the reference count becomes zero, the page is placed on the 00177 appropriate list (free, modified, standby or bad). If the page 00178 is placed on the free or standby list, the number of available 00179 pages is incremented and if it transitions from zero to one, the 00180 available page event is set. 00181 00182 00183 Arguments: 00184 00185 PageFrameIndex - Supplies the physical page number of which to 00186 decrement the reference count. 00187 00188 Return Value: 00189 00190 none. 00191 00192 Environment: 00193 00194 Must be holding the PFN database mutex with APCs disabled. 00195 00196 --*/ 00197 00198 { 00199 PMMPFN Pfn1; 00200 00201 MM_PFN_LOCK_ASSERT(); 00202 00203 ASSERT (PageFrameIndex <= MmHighestPhysicalPage); 00204 00205 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 00206 ASSERT (Pfn1->u3.e2.ReferenceCount != 0); 00207 Pfn1->u3.e2.ReferenceCount -= 1; 00208 00209 00210 if (Pfn1->u3.e2.ReferenceCount != 0) { 00211 00212 // 00213 // The reference count is not zero, return. 00214 // 00215 00216 return; 00217 } 00218 00219 // 00220 // The reference count is now zero, put the page on some 00221 // list. 00222 // 00223 00224 00225 if (Pfn1->u2.ShareCount != 0) { 00226 00227 KeBugCheckEx (PFN_LIST_CORRUPT, 00228 7, 00229 PageFrameIndex, 00230 Pfn1->u2.ShareCount, 00231 0); 00232 return; 00233 } 00234 00235 ASSERT (Pfn1->u3.e1.PageLocation != ActiveAndValid); 00236 00237 if (MI_IS_PFN_DELETED (Pfn1)) { 00238 00239 // 00240 // There is no referenced PTE for this page, delete the page file 00241 // space (if any), and place the page on the free list. 00242 // 00243 00244 MiReleasePageFileSpace (Pfn1->OriginalPte); 00245 00246 if (Pfn1->u3.e1.RemovalRequested == 1) { 00247 MiInsertPageInList (MmPageLocationList[BadPageList], 00248 PageFrameIndex); 00249 } 00250 else { 00251 MiInsertPageInList (MmPageLocationList[FreePageList], 00252 PageFrameIndex); 00253 } 00254 00255 return; 00256 } 00257 00258 // 00259 // Place the page on the modified or standby list depending 00260 // on the state of the modify bit in the PFN element. 00261 // 00262 00263 if (Pfn1->u3.e1.Modified == 1) { 00264 MiInsertPageInList (MmPageLocationList[ModifiedPageList], PageFrameIndex); 00265 } else { 00266 00267 if (Pfn1->u3.e1.RemovalRequested == 1) { 00268 00269 // 00270 // The page may still be marked as on the modified list if the 00271 // current thread is the modified writer completing the write. 00272 // Mark it as standby so restoration of the transition PTE 00273 // doesn't flag this as illegal. 00274 // 00275 00276 Pfn1->u3.e1.PageLocation = StandbyPageList; 00277 00278 MiRestoreTransitionPte (PageFrameIndex); 00279 MiInsertPageInList (MmPageLocationList[BadPageList], 00280 PageFrameIndex); 00281 return; 00282 } 00283 00284 if (!MmFrontOfList) { 00285 MiInsertPageInList (MmPageLocationList[StandbyPageList], 00286 PageFrameIndex); 00287 } else { 00288 MiInsertStandbyListAtFront (PageFrameIndex); 00289 } 00290 } 00291 00292 return; 00293 } }

VOID FASTCALL MiDecrementShareCount (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 30 of file pfndec.c. References ActiveAndValid, ASSERT, KeBugCheckEx(), MI_MAKE_VALID_PTE_TRANSITION, MI_PFN_ELEMENT, MI_WRITE_INVALID_PTE, MiDecrementReferenceCount(), MiGetByteOffset, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MmHighestPhysicalPage, MmIsAddressValid(), _MMPFN::OriginalPte, PERFINFO_DECREFCNT, _MMPFN::PteAddress, _MMPFN::PteFrame, StandbyPageList, TransitionPage, _MMPTE::u, _MMPFN::u2, and _MMPFN::u3. Referenced by MiCleanSection(), MiCopyOnWrite(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDeleteValidAddress(), MiEliminateWorkingSetEntry(), MiEnablePagingOfDriverAtInit(), MiHandleForkTransitionPte(), MiPurgeImageSection(), MiRemoveMappedPtes(), MiRestoreTransitionPte(), MiSegmentDelete(), MiSessionCopyOnWrite(), MiSetPagingOfDriver(), MmFreeSpecialPool(), MmOutPageKernelStack(), MmOutSwapProcess(), MmPurgeSection(), and MmUnmapViewInSystemCache(). 00036 : 00037 00038 This routine decrements the share count within the PFN element 00039 for the specified physical page. If the share count becomes 00040 zero the corresponding PTE is converted to the transition state 00041 and the reference count is decremented and the ValidPte count 00042 of the PTEframe is decremented. 00043 00044 Arguments: 00045 00046 PageFrameIndex - Supplies the physical page number of which to decrement 00047 the share count. 00048 00049 Return Value: 00050 00051 None. 00052 00053 Environment: 00054 00055 Must be holding the PFN database mutex with APCs disabled. 00056 00057 --*/ 00058 00059 { 00060 MMPTE TempPte; 00061 PMMPTE PointerPte; 00062 PMMPFN Pfn1; 00063 KIRQL OldIrql; 00064 00065 ASSERT ((PageFrameIndex <= MmHighestPhysicalPage) && 00066 (PageFrameIndex > 0)); 00067 00068 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 00069 00070 if (Pfn1->u3.e1.PageLocation != ActiveAndValid && 00071 Pfn1->u3.e1.PageLocation != StandbyPageList) { 00072 KeBugCheckEx (PFN_LIST_CORRUPT, 00073 0x99, 00074 PageFrameIndex, 00075 Pfn1->u3.e1.PageLocation, 00076 0); 00077 } 00078 00079 #if PFN_CONSISTENCY 00080 if (Pfn1->u3.e1.PageTablePage == 1) { 00081 00082 // Need to run the page and see if the number of transition & valid 00083 // pages + 1 matches up to the share count. 00084 // 00085 // For the page being freed (share == 1), need to snap the caller here 00086 00087 } 00088 #endif 00089 00090 Pfn1->u2.ShareCount -= 1; 00091 00092 PERFINFO_DECREFCNT(Pfn1, PERFINFO_LOG_WSCHANGE, PERFINFO_LOG_TYPE_DECSHARCNT) 00093 00094 ASSERT (Pfn1->u2.ShareCount < 0xF000000); 00095 00096 if (Pfn1->u2.ShareCount == 0) { 00097 00098 PERFINFO_DECREFCNT(Pfn1, PERFINFO_LOG_EMPTYQ, PERFINFO_LOG_TYPE_ZEROSHARECOUNT) 00099 00100 // 00101 // The share count is now zero, decrement the reference count 00102 // for the PFN element and turn the referenced PTE into 00103 // the transition state if it refers to a prototype PTE. 00104 // PTEs which are not prototype PTEs do not need to be placed 00105 // into transition as they are placed in transition when 00106 // they are removed from the working set (working set free routine). 00107 // 00108 00109 // 00110 // If the PTE referenced by this PFN element is actually 00111 // a prototype PTE, it must be mapped into hyperspace and 00112 // then operated on. 00113 // 00114 00115 if (Pfn1->u3.e1.PrototypePte == 1) { 00116 00117 OldIrql = 99; 00118 if (MmIsAddressValid (Pfn1->PteAddress)) { 00119 PointerPte = Pfn1->PteAddress; 00120 } else { 00121 00122 // 00123 // The address is not valid in this process, map it into 00124 // hyperspace so it can be operated upon. 00125 // 00126 00127 PointerPte = (PMMPTE)MiMapPageInHyperSpace(Pfn1->PteFrame, 00128 &OldIrql); 00129 PointerPte = (PMMPTE)((PCHAR)PointerPte + 00130 MiGetByteOffset(Pfn1->PteAddress)); 00131 } 00132 00133 TempPte = *PointerPte; 00134 MI_MAKE_VALID_PTE_TRANSITION (TempPte, 00135 Pfn1->OriginalPte.u.Soft.Protection); 00136 MI_WRITE_INVALID_PTE (PointerPte, TempPte); 00137 00138 if (OldIrql != 99) { 00139 MiUnmapPageInHyperSpace (OldIrql); 00140 } 00141 00142 // 00143 // There is no need to flush the translation buffer at this 00144 // time as we only invalidated a prototype PTE. 00145 // 00146 00147 } 00148 00149 // 00150 // Change the page location to inactive (from active and valid). 00151 // 00152 00153 Pfn1->u3.e1.PageLocation = TransitionPage; 00154 00155 // 00156 // Decrement the reference count as the share count is now zero. 00157 // 00158 00159 MiDecrementReferenceCount (PageFrameIndex); 00160 } 00161 00162 return; 00163 }

VOID MiDeletePageTablesForPhysicalRange (  IN PVOID  StartingAddress, IN PVOID  EndingAddress )

Definition at line 2361 of file allocvm.c. References ADDRESS_AND_SIZE_TO_SPAN_PAGES, ASSERT, FALSE, LOCK_PFN, MI_DECREMENT_USED_PTES_BY_HANDLE, MI_GET_USED_PTES_FROM_HANDLE, MI_GET_USED_PTES_HANDLE, MI_PFN_ELEMENT, MiDeletePte(), MiGetPdeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteOnPdeBoundary, MiIsPteOnPpeBoundary, MM_BUMP_COUNTER, MMPTE, MmResidentAvailablePages, NULL, PAGE_SIZE, PsGetCurrentProcess, _MMPTE::u, _MMPFN::u2, and UNLOCK_PFN. Referenced by MmCleanProcessAddressSpace(), and NtFreeVirtualMemory(). : This routine deletes page directory and page table pages for a user-controlled physical range of pages. Even though PTEs may be zero in this range, UsedPageTable counts were incremented for these special ranges and must be decremented now. Arguments: StartingAddress - Supplies the starting address of the range. EndingAddress - Supplies the ending address of the range. Return Value: None. Environment: Kernel mode, APCs disabled, WorkingSetMutex and AddressCreation mutexes held. --*/ { PVOID TempVa; MMPTE PteContents; PMMPTE LastPte; PMMPTE LastPde; PMMPTE PointerPte; PMMPTE PointerPde; PMMPTE PointerPpe; ULONG PagesNeeded; PEPROCESS CurrentProcess; PVOID UsedPageTableHandle; PVOID UsedPageDirectoryHandle; KIRQL OldIrql; PMMPFN Pfn1; CurrentProcess = PsGetCurrentProcess(); PointerPde = MiGetPdeAddress (StartingAddress); PointerPte = MiGetPteAddress (StartingAddress); LastPde = MiGetPdeAddress (EndingAddress); LastPte = MiGetPteAddress (EndingAddress); UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (StartingAddress); // // Each PTE is already zeroed - just delete the containing pages. // // // Restore resident available pages for all of the page directory and table // pages as they can now be paged again. // if (LastPte != PointerPte) { PagesNeeded = ADDRESS_AND_SIZE_TO_SPAN_PAGES (PointerPte, (ULONG)(LastPte - PointerPte) * sizeof (MMPTE)); #if defined (_WIN64) if (LastPde != PointerPde) { PagesNeeded += ADDRESS_AND_SIZE_TO_SPAN_PAGES (PointerPde, (ULONG)(LastPde - PointerPde) * sizeof (MMPTE)); } #endif } else { PagesNeeded = 1; #if defined (_WIN64) PagesNeeded += 1; #endif } LOCK_PFN (OldIrql); MmResidentAvailablePages += PagesNeeded; MM_BUMP_COUNTER(59, PagesNeeded); while (StartingAddress <= EndingAddress) { ASSERT (PointerPte->u.Long == 0); PointerPte += 1; MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); if ((MiIsPteOnPdeBoundary(PointerPte)) || (PointerPte > LastPte)) { // // The virtual address is on a page directory boundary or it is // the last address in the entire range. // // If all the entries have been eliminated from the previous // page table page, delete the page table page itself. // PointerPde = MiGetPteAddress (PointerPte - 1); ASSERT (PointerPde->u.Hard.Valid == 1); // // Down the sharecount on the finished page table page. // PteContents = *PointerPde; Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); ASSERT (Pfn1->u2.ShareCount > 1); Pfn1->u2.ShareCount -= 1; // // If all the entries have been eliminated from the previous // page table page, delete the page table page itself. // if (MI_GET_USED_PTES_FROM_HANDLE (UsedPageTableHandle) == 0) { TempVa = MiGetVirtualAddressMappedByPte(PointerPde); MiDeletePte (PointerPde, TempVa, FALSE, CurrentProcess, NULL, NULL); #if defined (_WIN64) UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte - 1); MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); #endif } #if defined (_WIN64) if ((MiIsPteOnPpeBoundary(PointerPte)) || (PointerPte > LastPte)) { PointerPpe = MiGetPteAddress (PointerPde); ASSERT (PointerPpe->u.Hard.Valid == 1); UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte - 1); // // Down the sharecount on the finished page directory page. // PteContents = *PointerPpe; Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); ASSERT (Pfn1->u2.ShareCount > 1); Pfn1->u2.ShareCount -= 1; // // If all the entries have been eliminated from the previous // page directory page, delete the page directory page itself. // if (MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0) { TempVa = MiGetVirtualAddressMappedByPte(PointerPpe); MiDeletePte (PointerPpe, TempVa, FALSE, CurrentProcess, NULL, NULL); } } #endif if (PointerPte > LastPte) { break; } // // Release the PFN lock. This prevents a single thread // from forcing other high priority threads from being // blocked while a large address range is deleted. // UNLOCK_PFN (OldIrql); UsedPageTableHandle = MI_GET_USED_PTES_HANDLE ((PVOID)((PUCHAR)StartingAddress + PAGE_SIZE)); LOCK_PFN (OldIrql); } StartingAddress = (PVOID)((PUCHAR)StartingAddress + PAGE_SIZE); } UNLOCK_PFN (OldIrql); // // All done, return. // return; }

VOID MiDeletePte (  IN PMMPTE  PointerPte, IN PVOID  VirtualAddress, IN ULONG  AddressSpaceDeletion, IN PEPROCESS  CurrentProcess, IN PMMPTE  PrototypePte, IN PMMPTE_FLUSH_LIST PteFlushList  OPTIONAL )

Definition at line 506 of file deleteva.c. References ASSERT, DbgPrint, _MMWSLE::e1, FALSE, _MMWSL::FirstDynamic, FreePageList, KeBugCheckEx(), KeFlushSingleTb(), _MMWSLENTRY::LockedInMemory, _MMWSLENTRY::LockedInWs, MI_CAPTURE_DIRTY_BIT_TO_PFN, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MI_PTE_LOOKUP_NEEDED, MI_SET_PFN_DELETED, MI_WRITE_INVALID_PTE, MiCheckPdeForPagedPool(), MiDecrementCloneBlockReference(), MiDecrementShareAndValidCount, MiDecrementShareCount(), MiDecrementShareCountOnly, MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiFlushPteList(), MiFormatPfn(), MiFormatPte(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiHighestUserPte, MiInsertPageInList(), MiLocateCloneAddress, MiLocateWsle(), MiPteToProto, MiReleasePageFileSpace(), MiReleaseWsle(), MiRemoveWsle(), MiSwapWslEntries(), MiUnlinkPageFromList(), MM_DBG_PTE_UPDATE, MM_MAXIMUM_FLUSH_COUNT, MM_PFN_LOCK_ASSERT, MmPageLocationList, MmWorkingSetList, MmWsle, MMWSLENTRY, NT_SUCCESS, NULL, _MMPFN::OriginalPte, PAGE_ALIGN, PMMCLONE_BLOCK, PMMCLONE_DESCRIPTOR, PMMPTE_FLUSH_LIST, PrototypePte, _MMPFN::PteAddress, _MMPFN::PteFrame, TRUE, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, _MMWSLENTRY::Valid, WSLE_NULL_INDEX, and ZeroPte. Referenced by MiDecommitPages(), MiDeletePageTablesForPhysicalRange(), MiDeleteVirtualAddresses(), MiGrowWsleHash(), MiRemoveMappedView(), MiRemoveWorkingSetPages(), MiUnmapLockedPagesInUserSpace(), and MmCleanProcessAddressSpace(). : This routine deletes the contents of the specified PTE. The PTE can be in one of the following states: - active and valid - transition - in paging file - in prototype PTE format Arguments: PointerPte - Supplies a pointer to the PTE to delete. VirtualAddress - Supplies the virtual address which corresponds to the PTE. This is used to locate the working set entry to eliminate it. AddressSpaceDeletion - Supplies TRUE if the address space is being deleted, FALSE otherwise. If TRUE is specified the TB is not flushed and valid addresses are not removed from the working set. CurrentProcess - Supplies a pointer to the current process. PrototypePte - Supplies a pointer to the prototype PTE which currently or originally mapped this page. This is used to determine if the PTE is a fork PTE and should have its reference block decremented. Return Value: None. Environment: Kernel mode, APCs disabled, PFN lock and working set mutex held. --*/ { PMMPTE PointerPde; PMMPTE PointerPpe; PMMPFN Pfn1; PMMPFN Pfn2; MMPTE PteContents; ULONG WorkingSetIndex; ULONG Entry; PVOID SwapVa; MMWSLENTRY Locked; ULONG WsPfnIndex; PMMCLONE_BLOCK CloneBlock; PMMCLONE_DESCRIPTOR CloneDescriptor; ULONG Waited; MM_PFN_LOCK_ASSERT(); #if DBG if (MmDebug & MM_DBG_PTE_UPDATE) { DbgPrint("deleting PTE\n"); MiFormatPte(PointerPte); } #endif //DBG PteContents = *PointerPte; if (PteContents.u.Hard.Valid == 1) { #ifdef _X86_ #if DBG #if !defined(NT_UP) if (PteContents.u.Hard.Writable == 1) { ASSERT (PteContents.u.Hard.Dirty == 1); } ASSERT (PteContents.u.Hard.Accessed == 1); #endif //NTUP #endif //DBG #endif //X86 // // PTE is valid. Check PFN database to see if this is a prototype PTE. // Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); WsPfnIndex = Pfn1->u1.WsIndex; #if DBG if (MmDebug & MM_DBG_PTE_UPDATE) { MiFormatPfn(Pfn1); } #endif //DBG CloneDescriptor = NULL; if (Pfn1->u3.e1.PrototypePte == 1) { CloneBlock = (PMMCLONE_BLOCK)Pfn1->PteAddress; // // Capture the state of the modified bit for this PTE. // MI_CAPTURE_DIRTY_BIT_TO_PFN (PointerPte, Pfn1); // // Decrement the share and valid counts of the page table // page which maps this PTE. // PointerPde = MiGetPteAddress (PointerPte); if (PointerPde->u.Hard.Valid == 0) { #if !defined (_WIN64) if (!NT_SUCCESS(MiCheckPdeForPagedPool (PointerPte))) { #endif KeBugCheckEx (MEMORY_MANAGEMENT, 0x61940, (ULONG_PTR)PointerPte, (ULONG_PTR)PointerPde->u.Long, (ULONG_PTR)MiGetVirtualAddressMappedByPte(PointerPte)); #if !defined (_WIN64) } #endif } MiDecrementShareAndValidCount (MI_GET_PAGE_FRAME_FROM_PTE (PointerPde)); // // Decrement the share count for the physical page. // MiDecrementShareCount (MI_GET_PAGE_FRAME_FROM_PTE (&PteContents)); // // Check to see if this is a fork prototype PTE and if so // update the clone descriptor address. // if (PointerPte <= MiHighestUserPte) { if (PrototypePte != Pfn1->PteAddress) { // // Locate the clone descriptor within the clone tree. // CloneDescriptor = MiLocateCloneAddress ((PVOID)CloneBlock); #if DBG if (CloneDescriptor == NULL) { DbgPrint("1PrototypePte %p Clone desc %p pfn pte addr %p\n", PrototypePte, CloneDescriptor, Pfn1->PteAddress); MiFormatPte(PointerPte); ASSERT (FALSE); } #endif // DBG } } } else { ASSERT (Pfn1->u2.ShareCount == 1); // // This PTE is a NOT a prototype PTE, delete the physical page. // // // Decrement the share and valid counts of the page table // page which maps this PTE. // MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); // // Decrement the share count for the physical page. As the page // is private it will be put on the free list. // MiDecrementShareCountOnly (MI_GET_PAGE_FRAME_FROM_PTE (&PteContents)); // // Decrement the count for the number of private pages. // CurrentProcess->NumberOfPrivatePages -= 1; } // // Find the WSLE for this page and eliminate it. // // // If we are deleting the system portion of the address space, do // not remove WSLEs or flush translation buffers as there can be // no other usage of this address space. // if (AddressSpaceDeletion == FALSE) { WorkingSetIndex = MiLocateWsle (VirtualAddress, MmWorkingSetList, WsPfnIndex ); ASSERT (WorkingSetIndex != WSLE_NULL_INDEX); // // Check to see if this entry is locked in the working set // or locked in memory. // Locked = MmWsle[WorkingSetIndex].u1.e1; MiRemoveWsle (WorkingSetIndex, MmWorkingSetList); // // Add this entry to the list of free working set entries // and adjust the working set count. // MiReleaseWsle (WorkingSetIndex, &CurrentProcess->Vm); if ((Locked.LockedInWs == 1) || (Locked.LockedInMemory == 1)) { // // This entry is locked. // ASSERT (WorkingSetIndex < MmWorkingSetList->FirstDynamic); MmWorkingSetList->FirstDynamic -= 1; if (WorkingSetIndex != MmWorkingSetList->FirstDynamic) { Entry = MmWorkingSetList->FirstDynamic; ASSERT (MmWsle[Entry].u1.e1.Valid); SwapVa = MmWsle[Entry].u1.VirtualAddress; SwapVa = PAGE_ALIGN (SwapVa); Pfn2 = MI_PFN_ELEMENT ( MiGetPteAddress (SwapVa)->u.Hard.PageFrameNumber); #if 0 Entry = MiLocateWsleAndParent (SwapVa, &Parent, MmWorkingSetList, Pfn2->u1.WsIndex); // // Swap the removed entry with the last locked entry // which is located at first dynamic. // MiSwapWslEntries (Entry, Parent, WorkingSetIndex, MmWorkingSetList); #endif //0 MiSwapWslEntries (Entry, WorkingSetIndex, &CurrentProcess->Vm); } } else { ASSERT (WorkingSetIndex >= MmWorkingSetList->FirstDynamic); } // // Flush the entry out of the TB. // if (!ARGUMENT_PRESENT (PteFlushList)) { KeFlushSingleTb (VirtualAddress, TRUE, FALSE, (PHARDWARE_PTE)PointerPte, ZeroPte.u.Flush); } else { if (PteFlushList->Count != MM_MAXIMUM_FLUSH_COUNT) { PteFlushList->FlushPte[PteFlushList->Count] = PointerPte; PteFlushList->FlushVa[PteFlushList->Count] = VirtualAddress; PteFlushList->Count += 1; } MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } if (CloneDescriptor != NULL) { // // Flush PTEs as this could release the PFN_LOCK. // if (ARGUMENT_PRESENT (PteFlushList)) { MiFlushPteList (PteFlushList, FALSE, ZeroPte); } // // Decrement the reference count for the clone block, // note that this could release and reacquire // the mutexes hence cannot be done until after the // working set index has been removed. // if (MiDecrementCloneBlockReference ( CloneDescriptor, CloneBlock, CurrentProcess )) { // // The working set mutex was released. This may // have removed the current page directory & table page. // PointerPpe = MiGetPteAddress (PointerPde); do { MiDoesPpeExistAndMakeValid (PointerPpe, CurrentProcess, TRUE, &Waited); Waited = 0; // // If the call below results in a PFN release and // reacquire, then we must redo them both. // MiDoesPdeExistAndMakeValid (PointerPde, CurrentProcess, TRUE, &Waited); } while (Waited != 0); } } } } else if (PteContents.u.Soft.Prototype == 1) { // // This is a prototype PTE, if it is a fork PTE clean up the // fork structures. // if (PteContents.u.Soft.PageFileHigh != MI_PTE_LOOKUP_NEEDED) { // // Check to see if the prototype PTE is a fork prototype PTE. // if (PointerPte <= MiHighestUserPte) { if (PrototypePte != MiPteToProto (PointerPte)) { CloneBlock = (PMMCLONE_BLOCK)MiPteToProto (PointerPte); CloneDescriptor = MiLocateCloneAddress ((PVOID)CloneBlock); #if DBG if (CloneDescriptor == NULL) { DbgPrint("1PrototypePte %p Clone desc %p \n", PrototypePte, CloneDescriptor); MiFormatPte(PointerPte); ASSERT (FALSE); } #endif //DBG // // Decrement the reference count for the clone block, // note that this could release and reacquire // the mutexes. // MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); if (ARGUMENT_PRESENT (PteFlushList)) { MiFlushPteList (PteFlushList, FALSE, ZeroPte); } if (MiDecrementCloneBlockReference ( CloneDescriptor, CloneBlock, CurrentProcess )) { // // The working set mutex was released. This may // have removed the current page directory & table page. // PointerPde = MiGetPteAddress (PointerPte); PointerPpe = MiGetPteAddress (PointerPde); // // If either call below results in a PFN release and // reacquire, then we must redo them both. // do { if (MiDoesPpeExistAndMakeValid (PointerPpe, CurrentProcess, TRUE, &Waited) == FALSE) { // // The PPE has been deleted when the PFN lock // was released. Just bail as the PDE/PTE are // gone now anyway. // return; } Waited = 0; // // If the call below results in a PFN release and // reacquire, then we must redo them both. If the // PDE was deleted when the PFN lock was released // then we just bail as the PTE is gone anyway. // if (MiDoesPdeExistAndMakeValid (PointerPde, CurrentProcess, TRUE, &Waited) == FALSE) { return; } } while (Waited != 0); } } } } } else if (PteContents.u.Soft.Transition == 1) { // // This is a transition PTE. (Page is private) // Pfn1 = MI_PFN_ELEMENT (PteContents.u.Trans.PageFrameNumber); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCount (Pfn1->PteFrame); // // Check the reference count for the page, if the reference // count is zero, move the page to the free list, if the reference // count is not zero, ignore this page. When the reference count // goes to zero, it will be placed on the free list. // if (Pfn1->u3.e2.ReferenceCount == 0) { MiUnlinkPageFromList (Pfn1); MiReleasePageFileSpace (Pfn1->OriginalPte); MiInsertPageInList (MmPageLocationList[FreePageList], MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE(&PteContents)); } // // Decrement the count for the number of private pages. // CurrentProcess->NumberOfPrivatePages -= 1; } else { // // Must be page file space. // if (PteContents.u.Soft.PageFileHigh != MI_PTE_LOOKUP_NEEDED) { if (MiReleasePageFileSpace (*PointerPte)) { // // Decrement the count for the number of private pages. // CurrentProcess->NumberOfPrivatePages -= 1; } } } // // Zero the PTE contents. // MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); return; }

NTSTATUS MiDeleteSessionVirtualAddresses (  IN PVOID  VirtualAddress, IN SIZE_T  NumberOfBytes )

PFN_NUMBER MiDeleteSystemPagableVm (  IN PMMPTE  PointerPte, IN PFN_NUMBER  NumberOfPtes, IN MMPTE  NewPteValue, IN LOGICAL  SessionAllocation, OUT PPFN_NUMBER ResidentPages  OPTIONAL )

Definition at line 4950 of file sysload.c. References APC_LEVEL, ASSERT, _MMPTE_FLUSH_LIST::Count, DbgPrint, FALSE, _MMWSL::FirstDynamic, _MMPTE_FLUSH_LIST::FlushPte, _MMPTE_FLUSH_LIST::FlushVa, FreePageList, KeBugCheckEx(), LOCK_PFN, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, _MMWSLENTRY::LockedInMemory, _MMWSLENTRY::LockedInWs, MI_CAPTURE_DIRTY_BIT_TO_PFN, MI_FLUSH_ENTIRE_SESSION_TB, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MI_WRITE_INVALID_PTE, MiCheckPdeForPagedPool(), MiDecrementShareAndValidCount, MiDecrementShareCount(), MiDecrementShareCountOnly, MiFlushPteList(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiHighestUserPte, MiInsertPageInList(), MiLocateWsle(), MiReleasePageFileSpace(), MiReleaseWsle(), MiRemoveWsle(), MiSwapWslEntries(), MiUnlinkPageFromList(), MM_MAXIMUM_FLUSH_COUNT, MmPageLocationList, MmSessionSpace, MmSystemCacheWorkingSetList, MmSystemCacheWs, NT_SUCCESS, _MMPFN::OriginalPte, PAGE_ALIGN, _MMPFN::PteFrame, TRUE, _MMPTE::u, _MMPFN::u1, _MMWSLE::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, UNLOCK_SYSTEM_WS, _MM_SESSION_SPACE::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::Wsle, WSLE_NULL_INDEX, WSLE_NUMBER, and ZeroKernelPte. Referenced by MiFreeInitializationCode(), MiFreePoolPages(), MiLoadImageSection(), MmFreeDriverInitialization(), MmFreeSpecialPool(), and MmUnloadSystemImage(). 04960 : 04961 04962 This function deletes pagable system address space (paged pool 04963 or driver pagable sections). 04964 04965 Arguments: 04966 04967 PointerPte - Supplies the start of the PTE range to delete. 04968 04969 NumberOfPtes - Supplies the number of PTEs in the range. 04970 04971 NewPteValue - Supplies the new value for the PTE. 04972 04973 SessionAllocation - Supplies TRUE if this is a range in session space. If 04974 TRUE is specified, it is assumed that the caller has 04975 already attached to the relevant session. 04976 04977 If FALSE is supplied, then it is assumed that the range 04978 is in the systemwide global space instead. 04979 04980 ResidentPages - If not NULL, the number of resident pages freed is 04981 returned here. 04982 04983 Return Value: 04984 04985 Returns the number of pages actually freed. 04986 04987 --*/ 04988 04989 { 04990 PFN_NUMBER PageFrameIndex; 04991 MMPTE PteContents; 04992 PMMPFN Pfn1; 04993 PFN_NUMBER ValidPages; 04994 PFN_NUMBER PagesRequired; 04995 MMPTE NewContents; 04996 WSLE_NUMBER WsIndex; 04997 KIRQL OldIrql; 04998 MMPTE_FLUSH_LIST PteFlushList; 04999 MMPTE JunkPte; 05000 MMWSLENTRY Locked; 05001 05002 ASSERT (KeGetCurrentIrql() <= APC_LEVEL); 05003 05004 ValidPages = 0; 05005 PagesRequired = 0; 05006 PteFlushList.Count = 0; 05007 NewContents = NewPteValue; 05008 while (NumberOfPtes != 0) { 05009 PteContents = *PointerPte; 05010 05011 if (PteContents.u.Long != ZeroKernelPte.u.Long) { 05012 05013 if (PteContents.u.Hard.Valid == 1) { 05014 05015 if (SessionAllocation == TRUE) { 05016 LOCK_SESSION_SPACE_WS (OldIrql); 05017 } 05018 else { 05019 LOCK_SYSTEM_WS (OldIrql); 05020 } 05021 05022 PteContents = *(volatile MMPTE *)PointerPte; 05023 if (PteContents.u.Hard.Valid == 0) { 05024 if (SessionAllocation == TRUE) { 05025 UNLOCK_SESSION_SPACE_WS (OldIrql); 05026 } 05027 else { 05028 UNLOCK_SYSTEM_WS (OldIrql); 05029 } 05030 05031 continue; 05032 } 05033 05034 // 05035 // Delete the page. 05036 // 05037 05038 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (&PteContents); 05039 05040 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 05041 05042 // 05043 // Check to see if this is a pagable page in which 05044 // case it needs to be removed from the working set list. 05045 // 05046 05047 WsIndex = Pfn1->u1.WsIndex; 05048 if (WsIndex == 0) { 05049 ValidPages += 1; 05050 } else { 05051 if (SessionAllocation == FALSE) { 05052 MiRemoveWsle (WsIndex, 05053 MmSystemCacheWorkingSetList ); 05054 MiReleaseWsle (WsIndex, &MmSystemCacheWs); 05055 } 05056 else { 05057 WsIndex = MiLocateWsle( 05058 MiGetVirtualAddressMappedByPte(PointerPte), 05059 MmSessionSpace->Vm.VmWorkingSetList, 05060 WsIndex 05061 ); 05062 05063 ASSERT (WsIndex != WSLE_NULL_INDEX); 05064 05065 // 05066 // Check to see if this entry is locked in 05067 // the working set or locked in memory. 05068 // 05069 05070 Locked = MmSessionSpace->Wsle[WsIndex].u1.e1; 05071 05072 MiRemoveWsle (WsIndex, MmSessionSpace->Vm.VmWorkingSetList); 05073 05074 MiReleaseWsle (WsIndex, &MmSessionSpace->Vm); 05075 05076 if (Locked.LockedInWs == 1 || Locked.LockedInMemory == 1) { 05077 05078 // 05079 // This entry is locked. 05080 // 05081 #if DBG 05082 DbgPrint("MiDeleteSystemPagableVm: Session PointerPte 0x%p, Pfn 0x%p Locked in memory\n", 05083 PointerPte, 05084 Pfn1); 05085 05086 DbgBreakPoint(); 05087 #endif 05088 ASSERT (WsIndex < MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic); 05089 MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic -= 1; 05090 05091 if (WsIndex != MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic) { 05092 ULONG Entry; 05093 PVOID SwapVa; 05094 05095 Entry = MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic; 05096 ASSERT (MmSessionSpace->Wsle[Entry].u1.e1.Valid); 05097 SwapVa = MmSessionSpace->Wsle[Entry].u1.VirtualAddress; 05098 SwapVa = PAGE_ALIGN (SwapVa); 05099 05100 MiSwapWslEntries (Entry, 05101 WsIndex, 05102 &MmSessionSpace->Vm); 05103 } 05104 } 05105 else { 05106 ASSERT (WsIndex >= MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic); 05107 } 05108 } 05109 } 05110 05111 if (SessionAllocation == TRUE) { 05112 UNLOCK_SESSION_SPACE_WS (OldIrql); 05113 } 05114 else { 05115 UNLOCK_SYSTEM_WS (OldIrql); 05116 } 05117 05118 LOCK_PFN (OldIrql); 05119 #if DBG 05120 if ((Pfn1->u3.e2.ReferenceCount > 1) && 05121 (Pfn1->u3.e1.WriteInProgress == 0)) { 05122 DbgPrint ("MM:SYSLOAD - deleting pool locked for I/O pte %p, pfn %p, share=%x, refcount=%x, wsindex=%x\n", 05123 PointerPte, 05124 PageFrameIndex, 05125 Pfn1->u2.ShareCount, 05126 Pfn1->u3.e2.ReferenceCount, 05127 Pfn1->u1.WsIndex); 05128 // 05129 // This case is valid only if the page being deleted 05130 // contained a lookaside free list entry that wasn't mapped 05131 // and multiple threads faulted on it and waited together. 05132 // Some of the faulted threads are still on the ready 05133 // list but haven't run yet, and so still have references 05134 // to this page that they picked up during the fault. 05135 // But this current thread has already allocated the 05136 // lookaside entry and is now freeing the entire page. 05137 // 05138 // BUT - if it is NOT the above case, we really should 05139 // trap here. However, we don't have a good way to 05140 // distinguish between the two cases. Note 05141 // that this complication was inserted when we went to 05142 // cmpxchg8 because using locks would prevent anyone from 05143 // accessing the lookaside freelist flinks like this. 05144 // 05145 // So, the ASSERT below comes out, but we leave the print 05146 // above in (with more data added) for the case where it's 05147 // not a lookaside contender with the reference count, but 05148 // is instead a truly bad reference that needs to be 05149 // debugged. The system should crash shortly thereafter 05150 // and we'll at least have the above print to help us out. 05151 // 05152 // ASSERT (Pfn1->u3.e2.ReferenceCount == 1); 05153 } 05154 #endif //DBG 05155 // 05156 // Check if this is a prototype PTE 05157 // 05158 if (Pfn1->u3.e1.PrototypePte == 1) { 05159 05160 PMMPTE PointerPde; 05161 05162 ASSERT (SessionAllocation == TRUE); 05163 05164 // 05165 // Capture the state of the modified bit for this 05166 // PTE. 05167 // 05168 05169 MI_CAPTURE_DIRTY_BIT_TO_PFN (PointerPte, Pfn1); 05170 05171 // 05172 // Decrement the share and valid counts of the page table 05173 // page which maps this PTE. 05174 // 05175 05176 PointerPde = MiGetPteAddress (PointerPte); 05177 if (PointerPde->u.Hard.Valid == 0) { 05178 #if !defined (_WIN64) 05179 if (!NT_SUCCESS(MiCheckPdeForPagedPool (PointerPte))) { 05180 #endif 05181 KeBugCheckEx (MEMORY_MANAGEMENT, 05182 0x61940, 05183 (ULONG_PTR)PointerPte, 05184 (ULONG_PTR)PointerPde->u.Long, 05185 (ULONG_PTR)MiGetVirtualAddressMappedByPte(PointerPte)); 05186 #if !defined (_WIN64) 05187 } 05188 #endif 05189 } 05190 05191 MiDecrementShareAndValidCount (MI_GET_PAGE_FRAME_FROM_PTE (PointerPde)); 05192 05193 // 05194 // Decrement the share count for the physical page. 05195 // 05196 05197 MiDecrementShareCount (PageFrameIndex); 05198 05199 // 05200 // No need to worry about fork prototype PTEs 05201 // for kernel addresses. 05202 // 05203 05204 ASSERT (PointerPte > MiHighestUserPte); 05205 05206 } else { 05207 MiDecrementShareAndValidCount (Pfn1->PteFrame); 05208 MI_SET_PFN_DELETED (Pfn1); 05209 MiDecrementShareCountOnly (PageFrameIndex); 05210 } 05211 05212 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 05213 UNLOCK_PFN (OldIrql); 05214 05215 // 05216 // Flush the TB for this page. 05217 // 05218 05219 if (PteFlushList.Count != MM_MAXIMUM_FLUSH_COUNT) { 05220 05221 // 05222 // We cannot rewrite the PTE without creating a race 05223 // condition. So don't let the TB flush do it anymore. 05224 // 05225 // PteFlushList.FlushPte[PteFlushList.Count] = PointerPte; 05226 // 05227 05228 PteFlushList.FlushPte[PteFlushList.Count] = 05229 (PMMPTE)&JunkPte; 05230 05231 PteFlushList.FlushVa[PteFlushList.Count] = 05232 MiGetVirtualAddressMappedByPte (PointerPte); 05233 PteFlushList.Count += 1; 05234 } 05235 05236 } else if (PteContents.u.Soft.Prototype) { 05237 05238 ASSERT (SessionAllocation == TRUE); 05239 05240 // 05241 // No need to worry about fork prototype PTEs 05242 // for kernel addresses. 05243 // 05244 05245 ASSERT (PointerPte >= MiHighestUserPte); 05246 05247 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 05248 05249 // 05250 // We currently commit for all prototype kernel mappings since 05251 // we could copy-on-write. 05252 // 05253 05254 } else if (PteContents.u.Soft.Transition == 1) { 05255 05256 LOCK_PFN (OldIrql); 05257 05258 PteContents = *(volatile MMPTE *)PointerPte; 05259 05260 if (PteContents.u.Soft.Transition == 0) { 05261 UNLOCK_PFN (OldIrql); 05262 continue; 05263 } 05264 05265 // 05266 // Transition, release page. 05267 // 05268 05269 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents); 05270 05271 // 05272 // Set the pointer to PTE as empty so the page 05273 // is deleted when the reference count goes to zero. 05274 // 05275 05276 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 05277 05278 MI_SET_PFN_DELETED (Pfn1); 05279 05280 MiDecrementShareCount (Pfn1->PteFrame); 05281 05282 // 05283 // Check the reference count for the page, if the reference 05284 // count is zero, move the page to the free list, if the 05285 // reference count is not zero, ignore this page. When the 05286 // reference count goes to zero, it will be placed on the 05287 // free list. 05288 // 05289 05290 if (Pfn1->u3.e2.ReferenceCount == 0) { 05291 MiUnlinkPageFromList (Pfn1); 05292 MiReleasePageFileSpace (Pfn1->OriginalPte); 05293 MiInsertPageInList (MmPageLocationList[FreePageList], 05294 PageFrameIndex); 05295 } 05296 #if DBG 05297 if ((Pfn1->u3.e2.ReferenceCount > 1) && 05298 (Pfn1->u3.e1.WriteInProgress == 0)) { 05299 DbgPrint ("MM:SYSLOAD - deleting pool locked for I/O %p\n", 05300 PageFrameIndex); 05301 DbgBreakPoint(); 05302 } 05303 #endif //DBG 05304 05305 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 05306 UNLOCK_PFN (OldIrql); 05307 } else { 05308 05309 // 05310 // Demand zero, release page file space. 05311 // 05312 if (PteContents.u.Soft.PageFileHigh != 0) { 05313 LOCK_PFN (OldIrql); 05314 MiReleasePageFileSpace (PteContents); 05315 UNLOCK_PFN (OldIrql); 05316 } 05317 05318 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 05319 } 05320 05321 PagesRequired += 1; 05322 } 05323 05324 NumberOfPtes -= 1; 05325 PointerPte += 1; 05326 } 05327 05328 // 05329 // There is the thorny case where one of the pages we just deleted could 05330 // get faulted back in when we released the PFN lock above within the loop. 05331 // The only time when this can happen is if a thread faulted during an 05332 // interlocked pool allocation for an address that we've just deleted. 05333 // 05334 // If this thread sees the NewContents in the PTE, it will treat it as 05335 // demand zero, and incorrectly allocate a page, PTE and WSL. It will 05336 // reference it once and realize it needs to reread the lookaside listhead 05337 // and restart the operation. But this page would live on in paged pool 05338 // as modified (but unused) until the paged pool allocator chose to give 05339 // out its virtual address again. 05340 // 05341 // The code below rewrites the PTEs which is really bad if another thread 05342 // gets a zero page between our first setting of the PTEs above and our 05343 // second setting below - because we'll reset the PTE to demand zero, but 05344 // we'll still have a WSL entry that's valid, and we spiral from there. 05345 // 05346 // We really should remove the writing of the PTE below since we've already 05347 // done it above. But for now, we're leaving it in - it's harmless because 05348 // we've chosen to fix this problem by checking for this case when we 05349 // materialize demand zero pages. Note that we have to fix this problem 05350 // by checking in the demand zero path because a thread could be coming into 05351 // that path any time before or after we flush the PTE list and any fixes 05352 // here could only address the before case, not the after. 05353 // 05354 05355 if (SessionAllocation == TRUE) { 05356 05357 // 05358 // Session space has no ASN - flush the entire TB. 05359 // 05360 05361 MI_FLUSH_ENTIRE_SESSION_TB (TRUE, TRUE); 05362 } 05363 05364 LOCK_PFN (OldIrql); 05365 MiFlushPteList (&PteFlushList, TRUE, NewContents); 05366 UNLOCK_PFN (OldIrql); 05367 05368 if (ARGUMENT_PRESENT(ResidentPages)) { 05369 *ResidentPages = ValidPages; 05370 } 05371 05372 return PagesRequired; 05373 }

VOID MiDeleteVirtualAddresses (  IN PUCHAR  StartingAddress, IN PUCHAR  EndingAddress, IN ULONG  AddressSpaceDeletion, IN PMMVAD  Vad )

Definition at line 26 of file deleteva.c. References APC_LEVEL, _MMPTE_FLUSH_LIST::Count, DbgPrint, FALSE, IS_PTE_NOT_DEMAND_ZERO, LOCK_PFN, MI_DECREMENT_USED_PTES_BY_HANDLE, MI_GET_USED_PTES_FROM_HANDLE, MI_GET_USED_PTES_HANDLE, MI_VA_TO_VPN, MI_WRITE_INVALID_PTE, MiDeletePte(), MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiFlushPteList(), MiGetPdeAddress, MiGetPpeAddress, MiGetProtoPteAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteOnPdeBoundary, MiIsVirtualAddressOnPdeBoundary, MiIsVirtualAddressOnPpeBoundary, MiLocateSubsection(), MM_PFN_LOCK_ASSERT, NULL, PAGE_SIZE, PsGetCurrentProcess, _SUBSECTION::PtesInSubsection, _SUBSECTION::SubsectionBase, TRUE, _MMPTE::u, UNLOCK_PFN, and ZeroPte. Referenced by MiDeleteFreeVm(), MiRemoveMappedView(), and MmCleanProcessAddressSpace(). : This routine deletes the specified virtual address range within the current process. Arguments: StartingAddress - Supplies the first virtual address to delete. EndingAddress - Supplies the last address to delete. AddressSpaceDeletion - Supplies TRUE if the address space is being deleted, FALSE otherwise. If TRUE is specified the TB is not flushed and valid addresses are not removed from the working set. Vad - Supplies the virtual address descriptor which maps this range or NULL if we are not concerned about views. From the Vad the range of prototype PTEs is determined and this information is used to uncover if the PTE refers to a prototype PTE or a fork PTE. Return Value: None. Environment: Kernel mode, called with APCs disabled, working set mutex and PFN lock held. These mutexes may be released and reacquired to fault pages in. --*/ { PUCHAR Va; PUCHAR FirstValidVa; PVOID TempVa; PMMPTE PointerPte; PMMPTE PointerPde; PMMPTE PointerPpe; PMMPTE OriginalPointerPte; PMMPTE ProtoPte; PMMPTE ProtoPte2; PMMPTE LastProtoPte; PMMPTE LastProtoPte2; PEPROCESS CurrentProcess; PSUBSECTION Subsection; PVOID UsedPageTableHandle; PVOID UsedPageDirectoryHandle; KIRQL OldIrql; MMPTE_FLUSH_LIST FlushList; ULONG Waited; LOGICAL Skipped; OldIrql = APC_LEVEL; FlushList.Count = 0; MM_PFN_LOCK_ASSERT(); CurrentProcess = PsGetCurrentProcess(); Va = StartingAddress; PointerPpe = MiGetPpeAddress (Va); PointerPde = MiGetPdeAddress (Va); PointerPte = MiGetPteAddress (Va); OriginalPointerPte = PointerPte; do { while (MiDoesPpeExistAndMakeValid (PointerPpe, CurrentProcess, TRUE, &Waited) == FALSE) { // // This page directory parent entry is empty, go to the next one. // PointerPpe += 1; PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); Va = MiGetVirtualAddressMappedByPte (PointerPte); if (Va > EndingAddress) { // // All done, return. // return; } } Waited = 0; while (MiDoesPdeExistAndMakeValid (PointerPde, CurrentProcess, TRUE, &Waited) == FALSE) { // // This page directory entry is empty, go to the next one. // PointerPde += 1; PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); Va = MiGetVirtualAddressMappedByPte (PointerPte); if (Va > EndingAddress) { // // All done, return. // return; } #if defined (_WIN64) if (MiIsPteOnPdeBoundary (PointerPde)) { PointerPpe = MiGetPteAddress (PointerPde); Waited = 1; break; } #endif } } while (Waited != 0); FirstValidVa = Va; UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (Va); // // A valid PDE has been located, examine each PTE and delete them. // if ((Vad == (PMMVAD)NULL) || (Vad->u.VadFlags.PrivateMemory) || (Vad->FirstPrototypePte == (PMMPTE)NULL)) { ProtoPte = (PMMPTE)NULL; LastProtoPte = (PMMPTE)NULL; } else { ProtoPte = Vad->FirstPrototypePte; LastProtoPte = (PMMPTE)4; } // // Examine each PTE within the address range and delete it. // while (Va <= EndingAddress) { // // Note that the initial address could be aligned on a PPE or PDE // boundary so we must check for it here. // if (MiIsVirtualAddressOnPdeBoundary(Va)) { // // The virtual address is on a page directory boundary, // check the next PDE for validity and flush PTEs for the // previous page table page. // MiFlushPteList (&FlushList, FALSE, ZeroPte); // // If all the entries have been eliminated from the previous // page table page, delete the page table page itself. // if ((MI_GET_USED_PTES_FROM_HANDLE (UsedPageTableHandle) == 0) && (PointerPde->u.Long != 0)) { TempVa = MiGetVirtualAddressMappedByPte(PointerPde); MiDeletePte (PointerPde, TempVa, AddressSpaceDeletion, CurrentProcess, NULL, NULL); #if defined (_WIN64) if (Va == FirstValidVa) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); } else { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte - 1); } MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); #endif } if (MiIsVirtualAddressOnPpeBoundary(Va)) { if (Va == FirstValidVa) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); } else { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte - 1); } if ((MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0) && (PointerPpe->u.Long != 0)) { TempVa = MiGetVirtualAddressMappedByPte(PointerPpe); MiDeletePte (PointerPpe, TempVa, AddressSpaceDeletion, CurrentProcess, NULL, NULL); } } // // Release the PFN lock. This prevents a single thread // from forcing other high priority threads from being // blocked while a large address range is deleted. There // is nothing magic about the instructions within the // lock and unlock. // UNLOCK_PFN (OldIrql); PointerPde = MiGetPdeAddress (Va); PointerPpe = MiGetPpeAddress (Va); Skipped = FALSE; LOCK_PFN (OldIrql); do { while (MiDoesPpeExistAndMakeValid (PointerPpe, CurrentProcess, TRUE, &Waited) == FALSE) { // // This page directory parent entry is empty, // go to the next one. // Skipped = TRUE; PointerPpe += 1; PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); Va = MiGetVirtualAddressMappedByPte (PointerPte); if (Va > EndingAddress) { // // All done, return. // return; } } Waited = 0; while (MiDoesPdeExistAndMakeValid (PointerPde, CurrentProcess, TRUE, &Waited) == FALSE) { // // This page directory entry is empty, go to the next one. // Skipped = TRUE; PointerPde += 1; PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); Va = MiGetVirtualAddressMappedByPte (PointerPte); if (Va > EndingAddress) { // // All done, remove any straggling page directories and // return. // #if defined (_WIN64) PointerPde -= 1; PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); if ((MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0) && (PointerPpe->u.Long != 0)) { TempVa = MiGetVirtualAddressMappedByPte(PointerPpe); MiDeletePte (PointerPpe, TempVa, AddressSpaceDeletion, CurrentProcess, NULL, NULL); } #endif return; } #if defined (_WIN64) if (MiIsPteOnPdeBoundary (PointerPde)) { PointerPpe = MiGetPteAddress (PointerPde); Waited = 1; break; } #endif #if DBG if ((LastProtoPte != NULL) && (Vad->u2.VadFlags2.ExtendableFile == 0)) { ProtoPte2 = MiGetProtoPteAddress(Vad, MI_VA_TO_VPN (Va)); Subsection = MiLocateSubsection (Vad,MI_VA_TO_VPN (Va)); LastProtoPte2 = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; if (Vad->u.VadFlags.ImageMap != 1) { if ((ProtoPte2 < Subsection->SubsectionBase) || (ProtoPte2 >= LastProtoPte2)) { DbgPrint ("bad proto pte %p va %p Vad %p sub %p\n", ProtoPte2,Va,Vad,Subsection); DbgBreakPoint(); } } } #endif //DBG } } while (Waited != 0); // // The PPE and PDE are now valid, get the page table use count. // UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (Va); // // If we skipped chunks of address space, the prototype PTE pointer // must be updated now so VADs that span multiple subsections // are handled properly. // if ((Skipped == TRUE) && (LastProtoPte != NULL)) { ProtoPte = MiGetProtoPteAddress(Vad, MI_VA_TO_VPN(Va)); Subsection = MiLocateSubsection (Vad, MI_VA_TO_VPN(Va)); if (Subsection != NULL) { LastProtoPte = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; #if DBG if (Vad->u.VadFlags.ImageMap != 1) { if ((ProtoPte < Subsection->SubsectionBase) || (ProtoPte >= LastProtoPte)) { DbgPrint ("bad proto pte %p va %p Vad %p sub %p\n", ProtoPte,Va,Vad,Subsection); DbgBreakPoint(); } } #endif //DBG } else { // // The Vad span is larger than the section being mapped. // Null the proto PTE local as no more proto PTEs will // need to be deleted at this point. // LastProtoPte = (PMMPTE)NULL; } } } // // The PPE and PDE are now valid, delete the PTEs. // if (PointerPte->u.Long != 0) { // // One less used page table entry in this page table page. // MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); if (IS_PTE_NOT_DEMAND_ZERO (*PointerPte)) { if (LastProtoPte != NULL) { if (ProtoPte >= LastProtoPte) { ProtoPte = MiGetProtoPteAddress(Vad, MI_VA_TO_VPN(Va)); Subsection = MiLocateSubsection (Vad, MI_VA_TO_VPN(Va)); LastProtoPte = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; } #if DBG if (Vad->u.VadFlags.ImageMap != 1) { if ((ProtoPte < Subsection->SubsectionBase) || (ProtoPte >= LastProtoPte)) { DbgPrint ("bad proto pte %p va %p Vad %p sub %p\n", ProtoPte,Va,Vad,Subsection); DbgBreakPoint(); } } #endif //DBG } MiDeletePte (PointerPte, (PVOID)Va, AddressSpaceDeletion, CurrentProcess, ProtoPte, &FlushList); } else { MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } } Va += PAGE_SIZE; PointerPte += 1; ProtoPte += 1; } // // Flush out entries for the last page table page. // MiFlushPteList (&FlushList, FALSE, ZeroPte); // // If all the entries have been eliminated from the previous // page table page, delete the page table page itself. // if ((MI_GET_USED_PTES_FROM_HANDLE (UsedPageTableHandle) == 0) && (PointerPde->u.Long != 0)) { TempVa = MiGetVirtualAddressMappedByPte(PointerPde); MiDeletePte (PointerPde, TempVa, AddressSpaceDeletion, CurrentProcess, NULL, NULL); #if defined (_WIN64) UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte - 1); MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); if ((MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0) && (PointerPpe->u.Long != 0)) { TempVa = MiGetVirtualAddressMappedByPte(PointerPpe); MiDeletePte (PointerPpe, TempVa, AddressSpaceDeletion, CurrentProcess, NULL, NULL); } #endif } // // All done, return. // return; }

VOID MiDereferenceSegmentThread (  IN PVOID  StartContext  )

Definition at line 603 of file sectsup.c. References ASSERT, DbgPrint, _CONTROL_AREA::DereferenceList, DISPATCH_LEVEL, _MMPAGE_FILE_EXPANSION::Event, ExFreePool(), FALSE, KeClearEvent, KeSetEvent(), KeSetPriorityThread(), KeWaitForMultipleObjects(), _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, MiAttemptPageFileReduction(), MiExtendPagingFiles(), MiRemoveUnusedSegments(), MiSegmentDelete(), MM_DBG_SECTIONS, MmDereferenceSegmentHeader, MmUnusedSegmentCleanup, NTSTATUS(), NULL, PsGetCurrentThread, _MMPAGE_FILE_EXPANSION::RequestedExpansionSize, SegMaximumObject, _CONTROL_AREA::Segment, SegmentDereference, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, Status, _CONTROL_AREA::u, UsedSegmentCleanup, UserMode, VOID(), and WrVirtualMemory. Referenced by MiSectionInitialization(). : This routine is the thread for dereferencing segments which have no references from any sections or mapped views AND there are no prototype PTEs within the segment which are in the transition state (i.e., no PFN database references to the segment). It also does double duty and is used for expansion of paging files. Arguments: StartContext - Not used. Return Value: None. --*/ { PCONTROL_AREA ControlArea; PMMPAGE_FILE_EXPANSION PageExpand; PLIST_ENTRY NextEntry; KIRQL OldIrql; static KWAIT_BLOCK WaitBlockArray[SegMaximumObject]; PVOID WaitObjects[SegMaximumObject]; NTSTATUS Status; UNREFERENCED_PARAMETER (StartContext); // // Make this a real time thread. // (VOID) KeSetPriorityThread (&PsGetCurrentThread()->Tcb, LOW_REALTIME_PRIORITY + 2); WaitObjects[SegmentDereference] = (PVOID)&MmDereferenceSegmentHeader.Semaphore; WaitObjects[UsedSegmentCleanup] = (PVOID)&MmUnusedSegmentCleanup; for (;;) { Status = KeWaitForMultipleObjects(SegMaximumObject, &WaitObjects[0], WaitAny, WrVirtualMemory, UserMode, FALSE, NULL, &WaitBlockArray[0]); // // Switch on the wait status. // switch (Status) { case SegmentDereference: // // An entry is available to dereference, acquire the spinlock // and remove the entry. // ExAcquireSpinLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); if (IsListEmpty(&MmDereferenceSegmentHeader.ListHead)) { // // There is nothing in the list, rewait. // ExReleaseSpinLock (&MmDereferenceSegmentHeader.Lock, OldIrql); break; } NextEntry = RemoveHeadList(&MmDereferenceSegmentHeader.ListHead); ExReleaseSpinLock (&MmDereferenceSegmentHeader.Lock, OldIrql); ASSERT (KeGetCurrentIrql() < DISPATCH_LEVEL); ControlArea = CONTAINING_RECORD( NextEntry, CONTROL_AREA, DereferenceList ); if (ControlArea->Segment != NULL) { // // This is a control area, delete it. // #if DBG if (MmDebug & MM_DBG_SECTIONS) { DbgPrint("MM:dereferencing segment %lx control %lx\n", ControlArea->Segment, ControlArea); } #endif // // Indicate this entry is not on any list. // ControlArea->DereferenceList.Flink = NULL; ASSERT (ControlArea->u.Flags.FilePointerNull == 1); MiSegmentDelete (ControlArea->Segment); } else { // // This is a request to expand or reduce the paging files. // PageExpand = (PMMPAGE_FILE_EXPANSION)ControlArea; if (PageExpand->RequestedExpansionSize == 0xFFFFFFFF) { // // Attempt to reduce the size of the paging files. // ExFreePool (PageExpand); MiAttemptPageFileReduction (); } else { // // Attempt to expand the size of the paging files. // MiExtendPagingFiles (PageExpand); KeSetEvent (&PageExpand->Event, 0, FALSE); MiRemoveUnusedSegments(); } } break; case UsedSegmentCleanup: MiRemoveUnusedSegments(); KeClearEvent (&MmUnusedSegmentCleanup); break; default: KdPrint(("MMSegmentderef: Illegal wait status, %lx =\n", Status)); break; } // end switch } //end for return; }

VOID MiDetachSession (  VOID   )

Definition at line 1253 of file session.c. References ASSERT, KeDetachSessionSpace(), MI_FLUSH_SESSION_TB, MI_SESSION_SPACE_END, MI_SESSION_SPACE_PAGE_TABLES, MiGetPdeAddress, MiGetPpeAddress, MiHydra, MmIsAddressValid(), MmSessionBase, MmSessionSpace, PsGetCurrentProcess, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by MiEmptyAllWorkingSetsWorker(), and MmWorkingSetManager(). : Detaches from the specified session space. Arguments: None. Return Value: None. Environment: Kernel mode. No locks held. Current process must not have a session space to return to - ie: this should be the system process. --*/ { PMMPTE PointerPde; PMMPTE EndPde; KIRQL OldIrql; ASSERT (MiHydra == TRUE); ASSERT (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 0); ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); #if defined (_WIN64) PointerPde = MiGetPpeAddress (MmSessionBase); PointerPde->u.Long = ZeroKernelPte.u.Long; #else PointerPde = MiGetPdeAddress (MmSessionBase); EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); RtlZeroMemory (PointerPde, MI_SESSION_SPACE_PAGE_TABLES * sizeof (MMPTE)); #endif MI_FLUSH_SESSION_TB (OldIrql); #if defined(_IA64_) KeDetachSessionSpace(); #endif }

NTSTATUS MiDispatchFault (  IN BOOLEAN  StoreInstrution, IN PVOID  VirtualAdress, IN PMMPTE  PointerPte, IN PMMPTE  PointerProtoPte, IN PEPROCESS  Process, OUT PLOGICAL  ApcNeeded )

Definition at line 68 of file pagfault.c. References ActiveAndValid, APC_LEVEL, _ETHREAD::ApcNeeded, ASSERT, _MMINPAGE_SUPPORT::BasePte, _MDL::ByteCount, DbgPrint, _MMINPAGE_SUPPORT::Event, FALSE, _FILE_OBJECT::FileName, _MMINPAGE_SUPPORT::FilePointer, FreePageList, HYDRA_PROCESS, IoPageRead(), _MMINPAGE_SUPPORT::IoStatus, KeDelayExecutionThread(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KernelMode, KeSetEvent(), LOCK_PFN, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, _MMINPAGE_SUPPORT::Mdl, MI_IS_PHYSICAL_ADDRESS, MI_IS_SESSION_ADDRESS, MI_MAGIC_AWE_PTEFRAME, MI_MAKE_TRANSITION_PTE_VALID, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MI_SET_PTE_DIRTY, MI_WRITE_VALID_PTE, MiAddValidPageToWorkingSet(), MiCompleteProtoPteFault(), MiDecrementReferenceCount(), MiFlushInPageSupportBlock(), MiGetPdeAddress, MiGetPteAddress, MiHydra, MiInsertPageInList(), MiResolveDemandZeroFault(), MiResolvePageFileFault(), MiResolveProtoPteFault(), MiResolveTransitionFault(), MiRestoreTransitionPte(), MiUnlinkPageFromList(), MiWaitForInPageComplete(), MM_DBG_PAGEFAULT, MmHardFaultNotifyRoutine, MmIsRetryIoStatus, MmPageLocationList, MmShortTime, _ETHREAD::NestedFaultCount, NT_SUCCESS, NTSTATUS(), NULL, _MMINPAGE_SUPPORT::Page, PAGE_SIZE, PERFINFO_DISPATCHFAULT_DECL, PERFINFO_HARDFAULT, PERFINFO_HARDFAULT_INFO, PERFINFO_HARDFAULT_IOTIME, _MMINPAGE_SUPPORT::Pfn, PHARD_FAULT_NOTIFY_ROUTINE, PsGetCurrentThread, _MMPFN::PteFrame, _MMINPAGE_SUPPORT::ReadOffset, StandbyPageList, STATUS_ISSUE_PAGING_IO, STATUS_PTE_CHANGED, STATUS_REFAULT, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, UNLOCK_SYSTEM_WS, and UNLOCK_WS. Referenced by MmAccessFault(). : This routine dispatches a page fault to the appropriate routine to complete the fault. Arguments: StoreInstruction - Supplies TRUE if the instruction is trying to modify the faulting address (i.e. write access required). VirtualAddress - Supplies the faulting address. PointerPte - Supplies the PTE for the faulting address. PointerProtoPte - Supplies a pointer to the prototype PTE to fault in, NULL if no prototype PTE exists. Process - Supplies a pointer to the process object. If this parameter is NULL, then the fault is for system space and the process's working set lock is not held. If this parameter is HYDRA_PROCESS, then the fault is for session space and the process's working set lock is not held - rather the session space's working set lock is held. ApcNeeded - Supplies a pointer to a location set to TRUE if an I/O completion APC is needed to complete partial IRPs that collided. It is the caller's responsibility to initialize this (usually to FALSE) on entry. However, since this routine may be called multiple times for a single fault (for the page directory, page table and the page itself), it is possible for it to occasionally be TRUE on entry. If it is FALSE on exit, no completion APC is needed. Return Value: status. Environment: Kernel mode, working set lock held. --*/ { MMPTE TempPte; NTSTATUS status; PMMINPAGE_SUPPORT ReadBlock; MMPTE SavedPte; PMMINPAGE_SUPPORT CapturedEvent; KIRQL OldIrql; PPFN_NUMBER Page; PFN_NUMBER PageFrameIndex; LONG NumberOfBytes; PMMPTE CheckPte; PMMPTE ReadPte; PMMPFN PfnClusterPage; PMMPFN Pfn1; PHARD_FAULT_NOTIFY_ROUTINE NotifyRoutine; KIRQL PreviousIrql; LOGICAL WsLockChanged; PETHREAD CurrentThread; PERFINFO_DISPATCHFAULT_DECL(); WsLockChanged = FALSE; ProtoPteNotResident: if (PointerProtoPte != NULL) { // // Acquire the PFN lock to synchronize access to prototype PTEs. // This is required as the working set lock will not prevent // multiple processes from operating on the same prototype PTE. // LOCK_PFN (OldIrql); // // Make sure the protoptes are in memory. For // user mode faults, this should already be the case. // if (!MI_IS_PHYSICAL_ADDRESS(PointerProtoPte)) { CheckPte = MiGetPteAddress (PointerProtoPte); if (CheckPte->u.Hard.Valid == 0) { ASSERT (Process == NULL || (MiHydra == TRUE && Process == HYDRA_PROCESS)); // // The page that contains the prototype PTE is not in memory. // VirtualAddress = PointerProtoPte; PointerPte = CheckPte; PointerProtoPte = NULL; UNLOCK_PFN (OldIrql); if (Process == HYDRA_PROCESS) { // // We were called while holding this session space's // working set lock. But we need to fault in a // prototype PTE which is in system paged pool. This // must be done under the system working set lock. // // So we release the session space WSL lock and get // the system working set lock. When done // we return STATUS_MORE_PROCESSING_REQUIRED // so our caller will call us again to handle the // actual prototype PTE fault. // ASSERT (MiHydra == TRUE); UNLOCK_SESSION_SPACE_WS (APC_LEVEL); // // Lock the system working set for paged pool // LOCK_SYSTEM_WS (PreviousIrql); // // System working set is locked so set Process to show it. // Process = NULL; WsLockChanged = TRUE; ASSERT (MI_IS_SESSION_ADDRESS (VirtualAddress) == FALSE); } else { ASSERT (Process == NULL); } goto ProtoPteNotResident; } } if (PointerPte->u.Hard.Valid == 1) { // // PTE was already made valid by the cache manager support // routines. // UNLOCK_PFN (OldIrql); if (WsLockChanged == TRUE) { UNLOCK_SYSTEM_WS (APC_LEVEL); LOCK_SESSION_SPACE_WS (PreviousIrql); } return STATUS_SUCCESS; } ReadPte = PointerProtoPte; PERFINFO_HARDFAULT_INFO(PointerProtoPte); status = MiResolveProtoPteFault (StoreInstruction, VirtualAddress, PointerPte, PointerProtoPte, &ReadBlock, Process, ApcNeeded); // // Returns with PFN lock released. // ASSERT (KeGetCurrentIrql() == APC_LEVEL); } else { TempPte = *PointerPte; ASSERT (TempPte.u.Long != 0); if (TempPte.u.Soft.Transition != 0) { // // This is a transition page. // status = MiResolveTransitionFault (VirtualAddress, PointerPte, Process, FALSE, ApcNeeded); } else if (TempPte.u.Soft.PageFileHigh == 0) { // // Demand zero fault. // status = MiResolveDemandZeroFault (VirtualAddress, PointerPte, Process, FALSE); } else { // // Page resides in paging file. // ReadPte = PointerPte; LOCK_PFN (OldIrql); status = MiResolvePageFileFault (VirtualAddress, PointerPte, &ReadBlock, Process); } } ASSERT (KeGetCurrentIrql() == APC_LEVEL); if (NT_SUCCESS(status)) { if (WsLockChanged == TRUE) { UNLOCK_SYSTEM_WS (APC_LEVEL); LOCK_SESSION_SPACE_WS (OldIrql); } return status; } if (status == STATUS_ISSUE_PAGING_IO) { SavedPte = *ReadPte; CapturedEvent = (PMMINPAGE_SUPPORT)ReadBlock->Pfn->u1.Event; CurrentThread = NULL; if (Process == HYDRA_PROCESS) { UNLOCK_SESSION_SPACE_WS(APC_LEVEL); } else if (Process != NULL) { // // APCs must be explicitly disabled to prevent suspend APCs from // interrupting this thread before the I/O has been issued. // Otherwise a shared page I/O can stop any other thread that // references it indefinitely until the suspend is released. // CurrentThread = PsGetCurrentThread(); ASSERT (CurrentThread->NestedFaultCount <= 2); CurrentThread->NestedFaultCount += 1; KeEnterCriticalRegion(); UNLOCK_WS (Process); } else { UNLOCK_SYSTEM_WS(APC_LEVEL); } #if DBG if (MmDebug & MM_DBG_PAGEFAULT) { DbgPrint ("MMFAULT: va: %p size: %lx process: %s file: %Z\n", VirtualAddress, ReadBlock->Mdl.ByteCount, Process == HYDRA_PROCESS ? (PUCHAR)"Session Space" : (Process ? Process->ImageFileName : (PUCHAR)"SystemVa"), &ReadBlock->FilePointer->FileName ); } #endif //DBG PERFINFO_HARDFAULT(VirtualAddress, ReadBlock); #if defined(_PREFETCH_) // // Assert no reads issued here are marked as prefetched. // ASSERT (ReadBlock->PrefetchMdl == NULL); #endif // // Issue the read request. // status = IoPageRead ( ReadBlock->FilePointer, &ReadBlock->Mdl, &ReadBlock->ReadOffset, &ReadBlock->Event, &ReadBlock->IoStatus); if (!NT_SUCCESS(status)) { // // Set the event as the I/O system doesn't set it on errors. // ReadBlock->IoStatus.Status = status; ReadBlock->IoStatus.Information = 0; KeSetEvent (&ReadBlock->Event, 0, FALSE); } // // Wait for the I/O operation. // status = MiWaitForInPageComplete (ReadBlock->Pfn, ReadPte, VirtualAddress, &SavedPte, CapturedEvent, Process); if (CurrentThread != NULL) { KeLeaveCriticalRegion(); ASSERT (CurrentThread->NestedFaultCount <= 3); ASSERT (CurrentThread->NestedFaultCount != 0); CurrentThread->NestedFaultCount -= 1; if ((CurrentThread->ApcNeeded == 1) && (CurrentThread->NestedFaultCount == 0)) { *ApcNeeded = TRUE; CurrentThread->ApcNeeded = 0; } } PERFINFO_HARDFAULT_IOTIME(); // // MiWaitForInPageComplete RETURNS WITH THE WORKING SET LOCK // AND PFN LOCK HELD!!! // // // This is the thread which owns the event, clear the event field // in the PFN database. // Pfn1 = ReadBlock->Pfn; Page = &ReadBlock->Page[0]; NumberOfBytes = (LONG)ReadBlock->Mdl.ByteCount; CheckPte = ReadBlock->BasePte; while (NumberOfBytes > 0) { // // Don't remove the page we just brought in to // satisfy this page fault. // if (CheckPte != ReadPte) { PfnClusterPage = MI_PFN_ELEMENT (*Page); ASSERT (PfnClusterPage->PteFrame == Pfn1->PteFrame); #if DBG if (PfnClusterPage->u3.e1.InPageError) { ASSERT (status != STATUS_SUCCESS); } #endif //DBG if (PfnClusterPage->u3.e1.ReadInProgress != 0) { ASSERT (PfnClusterPage->PteFrame != MI_MAGIC_AWE_PTEFRAME); PfnClusterPage->u3.e1.ReadInProgress = 0; if (PfnClusterPage->u3.e1.InPageError == 0) { PfnClusterPage->u1.Event = (PKEVENT)NULL; } } MI_REMOVE_LOCKED_PAGE_CHARGE(PfnClusterPage, 9); MiDecrementReferenceCount (*Page); } else { PageFrameIndex = *Page; } CheckPte += 1; Page += 1; NumberOfBytes -= PAGE_SIZE; } if (status != STATUS_SUCCESS) { MI_REMOVE_LOCKED_PAGE_CHARGE(MI_PFN_ELEMENT(PageFrameIndex), 9); MiDecrementReferenceCount (PageFrameIndex); if (status == STATUS_PTE_CHANGED) { // // State of PTE changed during I/O operation, just // return success and refault. // UNLOCK_PFN (APC_LEVEL); if (WsLockChanged == TRUE) { UNLOCK_SYSTEM_WS (APC_LEVEL); LOCK_SESSION_SPACE_WS (OldIrql); } return STATUS_SUCCESS; } // // An I/O error occurred during the page read // operation. All the pages which were just // put into transition should be put onto the // free list if InPageError is set, and their // PTEs restored to the proper contents. // Page = &ReadBlock->Page[0]; NumberOfBytes = ReadBlock->Mdl.ByteCount; while (NumberOfBytes > 0) { PfnClusterPage = MI_PFN_ELEMENT (*Page); if (PfnClusterPage->u3.e1.InPageError == 1) { if (PfnClusterPage->u3.e2.ReferenceCount == 0) { PfnClusterPage->u3.e1.InPageError = 0; // // Only restore the transition PTE if the address // space still exists. Another thread may have // deleted the VAD while this thread waited for the // fault to complete - in this case, the frame // will be marked as free already. // if (PfnClusterPage->u3.e1.PageLocation != FreePageList) { ASSERT (PfnClusterPage->u3.e1.PageLocation == StandbyPageList); MiUnlinkPageFromList (PfnClusterPage); MiRestoreTransitionPte (*Page); MiInsertPageInList (MmPageLocationList[FreePageList], *Page); } } } Page += 1; NumberOfBytes -= PAGE_SIZE; } UNLOCK_PFN (APC_LEVEL); if (WsLockChanged == TRUE) { UNLOCK_SYSTEM_WS (APC_LEVEL); LOCK_SESSION_SPACE_WS (OldIrql); } if (status == STATUS_REFAULT) { // // The I/O operation to bring in a system page failed // due to insufficent resources. Delay a bit, then // return success and refault. // KeDelayExecutionThread (KernelMode, FALSE, (PLARGE_INTEGER)&MmShortTime); return STATUS_SUCCESS; } return status; } // // PTE is still in transition state, same protection, etc. // ASSERT (Pfn1->u3.e1.InPageError == 0); if (Pfn1->u2.ShareCount == 0) { MI_REMOVE_LOCKED_PAGE_CHARGE (Pfn1, 9); } Pfn1->u2.ShareCount += 1; Pfn1->u3.e1.PageLocation = ActiveAndValid; MI_MAKE_TRANSITION_PTE_VALID (TempPte, ReadPte); if (StoreInstruction && TempPte.u.Hard.Write) { MI_SET_PTE_DIRTY (TempPte); } MI_WRITE_VALID_PTE (ReadPte, TempPte); if (PointerProtoPte != NULL) { // // The prototype PTE has been made valid, now make the // original PTE valid. // if (PointerPte->u.Hard.Valid == 0) { #if DBG NTSTATUS oldstatus = status; #endif //DBG // // PTE is not valid, continue with operation. // status = MiCompleteProtoPteFault (StoreInstruction, VirtualAddress, PointerPte, PointerProtoPte); // // Returns with PFN lock released! // #if DBG if (PointerPte->u.Hard.Valid == 0) { DbgPrint ("MM:PAGFAULT - va %p %p %p status:%lx\n", VirtualAddress, PointerPte, PointerProtoPte, oldstatus); } #endif //DBG } } else { #if PFN_CONSISTENCY if (MiGetPteAddress(ReadPte) == MiGetPdeAddress(PTE_BASE)) { Pfn1->u3.e1.PageTablePage = 1; } #endif if (Pfn1->u1.Event == 0) { Pfn1->u1.Event = (PVOID)PsGetCurrentThread(); } UNLOCK_PFN (APC_LEVEL); MiAddValidPageToWorkingSet (VirtualAddress, ReadPte, Pfn1, 0); } // // Note this routine could release and reacquire the PFN lock! // LOCK_PFN (OldIrql); MiFlushInPageSupportBlock(); UNLOCK_PFN (APC_LEVEL); if (status == STATUS_SUCCESS) { status = STATUS_PAGE_FAULT_PAGING_FILE; } NotifyRoutine = MmHardFaultNotifyRoutine; if (NotifyRoutine) { (*NotifyRoutine) ( ReadBlock->FilePointer, VirtualAddress ); } } // // Stop high priority threads from consuming the CPU on collided // faults for pages that are still marked with inpage errors. All // the threads must let go of the page so it can be freed and the // inpage I/O reissued to the filesystem. // if (MmIsRetryIoStatus(status)) { KeDelayExecutionThread (KernelMode, FALSE, (PLARGE_INTEGER)&MmShortTime); status = STATUS_SUCCESS; } if ((status == STATUS_REFAULT) || (status == STATUS_PTE_CHANGED)) { status = STATUS_SUCCESS; } ASSERT (KeGetCurrentIrql() == APC_LEVEL); if (WsLockChanged == TRUE) { UNLOCK_SYSTEM_WS (APC_LEVEL); LOCK_SESSION_SPACE_WS (OldIrql); } return status; }

ULONG MiDoesPdeExistAndMakeValid (  IN PMMPTE  PointerPde, IN PEPROCESS  TargetProcess, IN ULONG  PfnMutexHeld, OUT PULONG  Waited )

Definition at line 437 of file mmsup.c. References APC_LEVEL, FALSE, LOCK_PFN, MiGetVirtualAddressMappedByPte, MiMakeSystemAddressValid(), TRUE, and UNLOCK_PFN. Referenced by MiCalculatePageCommitment(), MiCloneProcessAddressSpace(), MiDeletePte(), MiDeleteVirtualAddresses(), MiFlushDirtyBitsToPfn(), MiIsEntireRangeCommitted(), MiProtectVirtualMemory(), MiQueryAddressState(), MiResetVirtualMemory(), MiSetProtectionOnSection(), MmFlushVirtualMemory(), MmSecureVirtualMemory(), and NtLockVirtualMemory(). : This routine examines the specified Page Directory Entry to determine if the page table page mapped by the PDE exists. If the page table page exists and is not currently in memory, the working set mutex and, if held, the PFN mutex are released and the page table page is faulted into the working set. The mutexes are reacquired. If the PDE exists, the function returns true. Arguments: PointerPde - Supplies a pointer to the PDE to examine and potentially bring into the working set. TargetProcess - Supplies a pointer to the current process. PfnMutexHeld - Supplies the value TRUE if the PFN mutex is held, FALSE otherwise. Waited - Supplies a pointer to a ULONG to increment if the mutex is released and reacquired. Note this value may be incremented more than once. Return Value: TRUE if the PDE exists, FALSE if the PDE is zero. Environment: Kernel mode, APCs disabled, WorkingSetLock held. --*/ { PMMPTE PointerPte; KIRQL OldIrql; OldIrql = APC_LEVEL; if (PointerPde->u.Long == 0) { // // This page directory entry doesn't exist, return FALSE. // return FALSE; } if (PointerPde->u.Hard.Valid == 1) { // // Already valid. // return TRUE; } // // Page directory entry exists, it is either valid, in transition // or in the paging file. Fault it in. // if (PfnMutexHeld) { UNLOCK_PFN (OldIrql); *Waited += 1; } PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); *Waited += MiMakeSystemAddressValid (PointerPte, TargetProcess); if (PfnMutexHeld) { LOCK_PFN (OldIrql); } return TRUE; }

VOID MiDumpPfn (  VOID   )

Referenced by MmInitSystem().

VOID MiDumpValidAddresses (  VOID   )

Referenced by MmInitSystem().

VOID MiDumpWsl (  VOID   )

Referenced by MiRemoveWsle().

VOID MiEmptyAllWorkingSets (  VOID   )

Definition at line 2715 of file wsmanage.c. References ASSERT, ExPageLockHandle, FALSE, KeClearEvent, KernelMode, KeSetEvent(), KeWaitForSingleObject(), LOCK_EXPANSION, MiEmptyAllWorkingSetsWorker(), MiHydra, MiWaitForEmptyEvent, MiWaitingForWorkingSetEmpty, MmLockPagableSectionByHandle(), MmUnlockPagableImageSection(), MmWorkingSetManagerEvent, PAGED_CODE, PsGetCurrentThread, TRUE, UNLOCK_EXPANSION, and WrVirtualMemory. Referenced by MiAllocateContiguousMemory(), MmGatherMemoryForHibernate(), and MmRemovePhysicalMemory(). 02721 : 02722 02723 This routine attempts to empty all the working sets on the 02724 expansion list. 02725 02726 Arguments: 02727 02728 None. 02729 02730 Return Value: 02731 02732 None. 02733 02734 Environment: 02735 02736 Kernel mode. No locks held. APC level or below. 02737 02738 --*/ 02739 02740 { 02741 KIRQL OldIrql; 02742 02743 PAGED_CODE (); 02744 02745 MmLockPagableSectionByHandle (ExPageLockHandle); 02746 02747 if (MiHydra == FALSE) { 02748 MiEmptyAllWorkingSetsWorker (); 02749 } 02750 else { 02751 ASSERT (PsGetCurrentThread () != MmWorkingSetThread); 02752 02753 // 02754 // For Hydra, we cannot attach directly to the session space to be 02755 // trimmed because it would result in session space references by 02756 // other threads in this process to the attached session instead 02757 // of the (currently) correct one. In fact, we cannot even queue 02758 // this to a worker thread because the working set manager 02759 // (who shares the same page directory) may be attaching or 02760 // detaching from a session (any session). So this must be queued 02761 // to the working set manager. 02762 // 02763 02764 LOCK_EXPANSION (OldIrql); 02765 02766 if (MiWaitingForWorkingSetEmpty == FALSE) { 02767 MiWaitingForWorkingSetEmpty = TRUE; 02768 KeClearEvent (&MiWaitForEmptyEvent); 02769 } 02770 02771 UNLOCK_EXPANSION (OldIrql); 02772 02773 KeSetEvent (&MmWorkingSetManagerEvent, 0, FALSE); 02774 02775 KeWaitForSingleObject (&MiWaitForEmptyEvent, 02776 WrVirtualMemory, 02777 KernelMode, 02778 FALSE, 02779 (PLARGE_INTEGER)0); 02780 } 02781 02782 MmUnlockPagableImageSection (ExPageLockHandle); 02783 02784 return; 02785 }

NTSTATUS MiEmptyWorkingSet (  IN PMMSUPPORT  WsInfo, IN LOGICAL  WaitOk )

Definition at line 4726 of file wslist.c. References _EPROCESS::AddressSpaceDeleted, APC_LEVEL, ASSERT, Count, ExTryToAcquireResourceExclusiveLite(), FALSE, _MMWSL::FirstDynamic, _MMWSL::FirstFree, KeDelayExecutionThread(), KeLowerIrql(), KeRaiseIrql(), KernelMode, _MMWSL::LastEntry, _MMWSL::LastInitializedWsle, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, LOCK_WS, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MiFreeWsle(), MiGetPteAddress, MiHydra, MiRemoveWorkingSetPages(), MiTrimRemovalPagesOnly, MM_FREE_WSLE_SHIFT, MM_SET_SESSION_RESOURCE_OWNER, MmShortTime, MmSystemCacheWs, MmSystemLockOwner, MmSystemWsLock, _MMWSL::NextSlot, NTSTATUS(), PERFINFO_GET_PAGE_INFO, PERFINFO_LOG_WS_REMOVAL, PERFINFO_PAGE_INFO_DECL, PsGetCurrentProcess, PsGetCurrentThread, _MMPFN::PteFrame, _MMWSL::Quota, Status, TRUE, _MMSUPPORT::u, _MMWSLE::u1, _MMPFN::u3, UNLOCK_SESSION_SPACE_WS, UNLOCK_SYSTEM_WS, UNLOCK_WS, _MMWSLE::VirtualAddress, _EPROCESS::WorkingSetLock, _MMWSL::Wsle, WSLE_NULL_INDEX, and _MM_SESSION_SPACE::WsLock. Referenced by MiEmptyAllWorkingSetsWorker(), MmAdjustWorkingSetSize(), and MmTrimAllSystemPagableMemory(). 04733 : 04734 04735 This routine frees all pages from the working set. 04736 04737 Arguments: 04738 04739 WsInfo - Supplies the working set information entry to trim. 04740 04741 WaitOk - Supplies TRUE if the caller can wait, FALSE if not. 04742 04743 Return Value: 04744 04745 Status of operation. 04746 04747 Environment: 04748 04749 Kernel mode. No locks. For session operations, the caller is responsible 04750 for attaching into the proper session. 04751 04752 --*/ 04753 04754 { 04755 PEPROCESS Process; 04756 KIRQL OldIrql; 04757 PMMPTE PointerPte; 04758 ULONG Entry; 04759 ULONG Count; 04760 ULONG LastFreed; 04761 PMMWSL WorkingSetList; 04762 PMMWSLE Wsle; 04763 PMMPFN Pfn1; 04764 PFN_NUMBER PageFrameIndex; 04765 ULONG Last; 04766 NTSTATUS Status; 04767 PMM_SESSION_SPACE SessionSpace; 04768 04769 if (WsInfo == &MmSystemCacheWs) { 04770 if (WaitOk == TRUE) { 04771 LOCK_SYSTEM_WS (OldIrql); 04772 } 04773 else { 04774 KeRaiseIrql (APC_LEVEL, &OldIrql); 04775 if (!ExTryToAcquireResourceExclusiveLite (&MmSystemWsLock)) { 04776 04777 // 04778 // System working set lock was not granted, don't trim 04779 // the system cache. 04780 // 04781 04782 KeLowerIrql (OldIrql); 04783 return STATUS_SUCCESS; 04784 } 04785 04786 MmSystemLockOwner = PsGetCurrentThread(); 04787 } 04788 } 04789 else if (WsInfo->u.Flags.SessionSpace == 0) { 04790 Process = PsGetCurrentProcess (); 04791 if (WaitOk == TRUE) { 04792 LOCK_WS (Process); 04793 } 04794 else { 04795 Count = 0; 04796 do { 04797 if (ExTryToAcquireFastMutex(&Process->WorkingSetLock) != FALSE) { 04798 break; 04799 } 04800 KeDelayExecutionThread (KernelMode, FALSE, &MmShortTime); 04801 Count += 1; 04802 if (Count == 5) { 04803 04804 // 04805 // Could not get the lock, don't trim this process. 04806 // 04807 04808 return STATUS_SUCCESS; 04809 } 04810 } while (TRUE); 04811 } 04812 if (Process->AddressSpaceDeleted != 0) { 04813 Status = STATUS_PROCESS_IS_TERMINATING; 04814 goto Deleted; 04815 } 04816 } 04817 else { 04818 if (WaitOk == TRUE) { 04819 LOCK_SESSION_SPACE_WS (OldIrql); 04820 } 04821 else { 04822 ASSERT (MiHydra == TRUE); 04823 SessionSpace = CONTAINING_RECORD(WsInfo, 04824 MM_SESSION_SPACE, 04825 Vm); 04826 04827 KeRaiseIrql (APC_LEVEL, &OldIrql); 04828 04829 if (!ExTryToAcquireResourceExclusiveLite (&SessionSpace->WsLock)) { 04830 04831 // 04832 // This session space's working set lock was not 04833 // granted, don't trim it. 04834 // 04835 04836 KeLowerIrql (OldIrql); 04837 return STATUS_SUCCESS; 04838 } 04839 04840 MM_SET_SESSION_RESOURCE_OWNER(); 04841 } 04842 } 04843 04844 WorkingSetList = WsInfo->VmWorkingSetList; 04845 Wsle = WorkingSetList->Wsle; 04846 04847 // 04848 // Attempt to remove the pages starting at the bottom. 04849 // 04850 04851 LastFreed = WorkingSetList->LastEntry; 04852 for (Entry = WorkingSetList->FirstDynamic; Entry <= LastFreed; Entry += 1) { 04853 04854 if (Wsle[Entry].u1.e1.Valid != 0) { 04855 PERFINFO_PAGE_INFO_DECL(); 04856 04857 PointerPte = MiGetPteAddress (Wsle[Entry].u1.VirtualAddress); 04858 04859 PERFINFO_GET_PAGE_INFO(PointerPte); 04860 04861 if (MiTrimRemovalPagesOnly == TRUE) { 04862 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); 04863 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 04864 if (Pfn1->u3.e1.RemovalRequested == 0) { 04865 Pfn1 = MI_PFN_ELEMENT (Pfn1->PteFrame); 04866 if (Pfn1->u3.e1.RemovalRequested == 0) { 04867 #if defined (_WIN64) 04868 Pfn1 = MI_PFN_ELEMENT (Pfn1->PteFrame); 04869 if (Pfn1->u3.e1.RemovalRequested == 0) { 04870 continue; 04871 } 04872 #else 04873 continue; 04874 #endif 04875 } 04876 } 04877 } 04878 04879 if (MiFreeWsle (Entry, WsInfo, PointerPte)) { 04880 PERFINFO_LOG_WS_REMOVAL(PERFINFO_LOG_TYPE_OUTWS_EMPTYQ, WsInfo); 04881 } 04882 } 04883 } 04884 04885 if (WsInfo != &MmSystemCacheWs && WsInfo->u.Flags.SessionSpace == 0) { 04886 MiRemoveWorkingSetPages (WorkingSetList,WsInfo); 04887 } 04888 WorkingSetList->Quota = WsInfo->WorkingSetSize; 04889 WorkingSetList->NextSlot = WorkingSetList->FirstDynamic; 04890 04891 // 04892 // Attempt to remove the pages from the front to the end. 04893 // 04894 04895 // 04896 // Reorder the free list. 04897 // 04898 04899 Last = 0; 04900 Entry = WorkingSetList->FirstDynamic; 04901 LastFreed = WorkingSetList->LastInitializedWsle; 04902 while (Entry <= LastFreed) { 04903 if (Wsle[Entry].u1.e1.Valid == 0) { 04904 if (Last == 0) { 04905 WorkingSetList->FirstFree = Entry; 04906 } else { 04907 Wsle[Last].u1.Long = Entry << MM_FREE_WSLE_SHIFT; 04908 } 04909 Last = Entry; 04910 } 04911 Entry += 1; 04912 } 04913 if (Last != 0) { 04914 Wsle[Last].u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; // End of list. 04915 } 04916 Status = STATUS_SUCCESS; 04917 Deleted: 04918 04919 if (WsInfo == &MmSystemCacheWs) { 04920 UNLOCK_SYSTEM_WS (OldIrql); 04921 } 04922 else if (WsInfo->u.Flags.SessionSpace == 0) { 04923 UNLOCK_WS (Process); 04924 } 04925 else { 04926 UNLOCK_SESSION_SPACE_WS (OldIrql); 04927 } 04928 04929 return Status; 04930 }

VOID MiEnableKernelVerifier (  VOID   )

Referenced by MmInitSystem().

VOID MiEnableRandomSpecialPool (  IN LOGICAL  Enable  )

Definition at line 3398 of file allocpag.c. References MiBadTags, and _MI_BAD_TAGS::RandomizerEnabled. Referenced by MiApplyDriverVerifier(), and MiVerifyingDriverUnloading(). { MiBadTags.RandomizerEnabled = Enable; }

LARGE_INTEGER MiEndingOffset (  IN PSUBSECTION  Subsection  )

Definition at line 965 of file flushsec.c. References Mi4KStartFromSubsection, MM4K_SHIFT, and MMSECTOR_SHIFT. Referenced by MiCanFileBeTruncatedInternal(), MiCleanSection(), MiFlushSectionInternal(), and MiResolveMappedFileFault(). : This function calculates the last valid file offset in a given subsection. offset. Note that images are stored in 512-byte units whereas data is stored in 4K units. When this is all debugged, this should be made into a macro. Arguments: Subsection - Supplies a subsection to reference for the file address. PteAddress - Supplies a PTE within the subsection Return Value: Returns the file offset to obtain the backing data from. --*/ { LARGE_INTEGER FileByteOffset; if (Subsection->ControlArea->u.Flags.Image == 1) { FileByteOffset.QuadPart = (Subsection->StartingSector + Subsection->NumberOfFullSectors) << MMSECTOR_SHIFT; } else { Mi4KStartFromSubsection (&FileByteOffset, Subsection); FileByteOffset.QuadPart += Subsection->NumberOfFullSectors; FileByteOffset.QuadPart = FileByteOffset.QuadPart << MM4K_SHIFT; } FileByteOffset.QuadPart += Subsection->u.SubsectionFlags.SectorEndOffset; return FileByteOffset; }

ULONG FASTCALL MiEnsureAvailablePageOrWait (  IN PEPROCESS  Process, IN PVOID  VirtualAddress )

Definition at line 941 of file pfnlist.c. References APC_LEVEL, _PHYSICAL_MEMORY_RUN::BasePage, DbgPrint, Event(), FALSE, FASTCALL, HYDRA_PROCESS, HYPER_SPACE, KdDebuggerNotPresent, KeBugCheckEx(), KeClearEvent, KernelMode, KeWaitForSingleObject(), LOCK_PFN, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, LOCK_WS_REGARDLESS, MI_IS_HYPER_SPACE_ADDRESS, MI_IS_SYSTEM_ADDRESS, MI_PFN_ELEMENT, MiGetPteAddress, MM_HIGH_LIMIT, MM_LOW_LIMIT, MM_PFN_LOCK_ASSERT, MmAllocatedNonPagedPool, MmAvailablePages, MmAvailablePagesEvent, MmAvailablePagesEventHigh, MmMaximumNonPagedPoolInBytes, MmModifiedPageListHead, MmPhysicalMemoryBlock, MmSevenMinutes, MmSystemLockOwner, MmTotalPagesForPagingFile, NTSTATUS(), NULL, _PHYSICAL_MEMORY_DESCRIPTOR::NumberOfRuns, PAGE_SHIFT, _PHYSICAL_MEMORY_RUN::PageCount, PsGetCurrentThread, _PHYSICAL_MEMORY_DESCRIPTOR::Run, Status, _MMPFNLIST::Total, TransitionPage, TRUE, _MMPFN::u3, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, UNLOCK_SYSTEM_WS, UNLOCK_WS_REGARDLESS, and WrFreePage. Referenced by MiCopyOnWrite(), MiDoneWithThisPageGetAnother(), MiFillSystemPageDirectory(), MiGetPageForHeader(), MiInitializeSessionPool(), MiInitializeWorkingSetList(), MiLoadImageSection(), MiMakeOutswappedPageResident(), MiReloadBootLoadedDrivers(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmAccessFault(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmCopyToCachedPage(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), and MmGrowKernelStack(). : This procedure ensures that a physical page is available on the zeroed, free or standby list such that the next call the remove a page absolutely will not block. This is necessary as blocking would require a wait which could cause a deadlock condition. If a page is available the function returns immediately with a value of FALSE indicating no wait operation was performed. If no physical page is available, the thread enters a wait state and the function returns the value TRUE when the wait operation completes. Arguments: Process - Supplies a pointer to the current process if, and only if, the working set mutex is held currently held and should be released if a wait operation is issued. Supplies the value NULL otherwise. VirtualAddress - Supplies the virtual address for the faulting page. If the value is NULL, the page is treated as a user mode address. Return Value: FALSE - if a page was immediately available. TRUE - if a wait operation occurred before a page became available. Environment: Must be holding the PFN database mutex with APCs disabled. --*/ { PVOID Event; NTSTATUS Status; KIRQL OldIrql; KIRQL Ignore; ULONG Limit; ULONG Relock; PFN_NUMBER StrandedPages; LOGICAL WsHeldSafe; PMMPFN Pfn1; PMMPFN EndPfn; LARGE_INTEGER WaitBegin; LARGE_INTEGER WaitEnd; MM_PFN_LOCK_ASSERT(); if (MmAvailablePages >= MM_HIGH_LIMIT) { // // Pages are available. // return FALSE; } // // If this fault is for paged pool (or pagable kernel space, // including page table pages), let it use the last page. // #if defined(_IA64_) if (MI_IS_SYSTEM_ADDRESS(VirtualAddress) || (MI_IS_HYPER_SPACE_ADDRESS(VirtualAddress))) { #else if (((PMMPTE)VirtualAddress > MiGetPteAddress(HYPER_SPACE)) || ((VirtualAddress > MM_HIGHEST_USER_ADDRESS) && (VirtualAddress < (PVOID)PTE_BASE))) { #endif // // This fault is in the system, use 1 page as the limit. // if (MmAvailablePages >= MM_LOW_LIMIT) { // // Pages are available. // return FALSE; } Limit = MM_LOW_LIMIT; Event = (PVOID)&MmAvailablePagesEvent; } else { Limit = MM_HIGH_LIMIT; Event = (PVOID)&MmAvailablePagesEventHigh; } while (MmAvailablePages < Limit) { KeClearEvent ((PKEVENT)Event); UNLOCK_PFN (APC_LEVEL); if (Process == HYDRA_PROCESS) { UNLOCK_SESSION_SPACE_WS (APC_LEVEL); } else if (Process != NULL) { // // The working set lock may have been acquired safely or unsafely // by our caller. Handle both cases here and below. // UNLOCK_WS_REGARDLESS (Process, WsHeldSafe); } else { Relock = FALSE; if (MmSystemLockOwner == PsGetCurrentThread()) { UNLOCK_SYSTEM_WS (APC_LEVEL); Relock = TRUE; } } KiQueryInterruptTime(&WaitBegin); // // Wait 7 minutes for pages to become available. // Status = KeWaitForSingleObject(Event, WrFreePage, KernelMode, FALSE, (PLARGE_INTEGER)&MmSevenMinutes); if (Status == STATUS_TIMEOUT) { KiQueryInterruptTime(&WaitEnd); // // See how many transition pages have nonzero reference counts as // these indicate drivers that aren't unlocking the pages in their // MDLs. // Limit = 0; StrandedPages = 0; do { Pfn1 = MI_PFN_ELEMENT (MmPhysicalMemoryBlock->Run[Limit].BasePage); EndPfn = Pfn1 + MmPhysicalMemoryBlock->Run[Limit].PageCount; while (Pfn1 < EndPfn) { if ((Pfn1->u3.e1.PageLocation == TransitionPage) && (Pfn1->u3.e2.ReferenceCount != 0)) { StrandedPages += 1; } Pfn1 += 1; } Limit += 1; } while (Limit != MmPhysicalMemoryBlock->NumberOfRuns); // // This bugcheck can occur for the following reasons: // // A driver has blocked, deadlocking the modified or mapped // page writers. Examples of this include mutex deadlocks or // accesses to paged out memory in filesystem drivers, filter // drivers, etc. This indicates a driver bug. // // The storage driver(s) are not processing requests. Examples // of this are stranded queues, non-responding drives, etc. This // indicates a driver bug. // // Not enough pool is available for the storage stack to write out // modified pages. This indicates a driver bug. // // A high priority realtime thread has starved the balance set // manager from trimming pages and/or starved the modified writer // from writing them out. This indicates a bug in the component // that created this thread. // // All the processes have been trimmed to their minimums and all // modified pages written, but still no memory is available. The // freed memory must be stuck in transition pages with non-zero // reference counts - thus they cannot be put on the freelist. // A driver is neglecting to unlock the pages preventing the // reference counts from going to zero which would free the pages. // This may be due to transfers that never finish and the driver // never aborts or other driver bugs. // KeBugCheckEx (NO_PAGES_AVAILABLE, MmModifiedPageListHead.Total, MmTotalPagesForPagingFile, (MmMaximumNonPagedPoolInBytes >> PAGE_SHIFT) - MmAllocatedNonPagedPool, StrandedPages); if (!KdDebuggerNotPresent) { DbgPrint ("MmEnsureAvailablePageOrWait: 7 min timeout %x %x %x %x\n", WaitEnd.HighPart, WaitEnd.LowPart, WaitBegin.HighPart, WaitBegin.LowPart); DbgBreakPoint (); } } if (Process == HYDRA_PROCESS) { LOCK_SESSION_SPACE_WS (Ignore); } else if (Process != NULL) { // // The working set lock may have been acquired safely or unsafely // by our caller. Reacquire it in the same manner our caller did. // LOCK_WS_REGARDLESS (Process, WsHeldSafe); } else { if (Relock) { LOCK_SYSTEM_WS (Ignore); } } LOCK_PFN (OldIrql); } return TRUE; }

SIZE_T MiExtendPagingFiles (  IN PMMPAGE_FILE_EXPANSION  PageExpand  )

Definition at line 1681 of file modwrite.c. References ASSERT, FALSE, _MMPAGING_FILE::MaximumSize, MI_EXTEND_ANY_PAGEFILE, MiAttemptPageFileExtension(), MmChargeCommitmentLock, MmNumberOfPagingFiles, MmPageFileFullExtendPages, MmPagingFile, MmTotalCommitLimit, MmTotalCommittedPages, _MMPAGING_FILE::Size, and TRUE. Referenced by MiDereferenceSegmentThread(). 01687 : 01688 01689 This routine attempts to extend the paging files to provide 01690 ExtendSize bytes. 01691 01692 Note - Page file expansion and page file reduction are synchronized 01693 because a single thread is responsible for performing the 01694 operation. Hence, while expansion is occurring, a reduction 01695 request will be queued to the thread. 01696 01697 Arguments: 01698 01699 DesiredQuota - Supplies the quota in pages desired. 01700 01701 PageFileNumber - Supplies the page file number to extend. 01702 MI_EXTEND_ANY_PAGFILE indicates to extend any page file. 01703 01704 Return Value: 01705 01706 Returns the size of the extension. Zero if the page file(s) cannot 01707 be extended. 01708 01709 --*/ 01710 01711 { 01712 SIZE_T DesiredQuota; 01713 ULONG PageFileNumber; 01714 SIZE_T ExtendedSize; 01715 SIZE_T ExtendSize; 01716 ULONG i; 01717 KIRQL OldIrql; 01718 LOGICAL LockHeld; 01719 LOGICAL RealExpansion; 01720 01721 RealExpansion = TRUE; 01722 LockHeld = FALSE; 01723 ExtendedSize = 0; 01724 DesiredQuota = PageExpand->RequestedExpansionSize; 01725 PageFileNumber = PageExpand->PageFileNumber; 01726 01727 PageExpand->ActualExpansion = 0; 01728 01729 ASSERT (PageFileNumber < MmNumberOfPagingFiles || PageFileNumber == MI_EXTEND_ANY_PAGEFILE); 01730 01731 if (MmNumberOfPagingFiles == 0) { 01732 goto alldone; 01733 } 01734 01735 if (PageFileNumber < MmNumberOfPagingFiles) { 01736 i = PageFileNumber; 01737 ExtendedSize = MmPagingFile[i]->MaximumSize - MmPagingFile[i]->Size; 01738 if (ExtendedSize < DesiredQuota) { 01739 ExtendedSize = 0; 01740 } 01741 else { 01742 ExtendedSize = MiAttemptPageFileExtension (i, DesiredQuota, FALSE); 01743 } 01744 goto alldone; 01745 } 01746 01747 LockHeld = TRUE; 01748 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 01749 01750 // 01751 // Check to see if ample space already exists now that we have 01752 // the spinlock. 01753 // 01754 01755 ExtendSize = DesiredQuota + MmTotalCommittedPages; 01756 01757 if (MmTotalCommitLimit >= ExtendSize) { 01758 ExtendedSize = 1; 01759 RealExpansion = FALSE; 01760 goto alldone; 01761 } 01762 01763 // 01764 // Calculate the additional pages needed. 01765 // 01766 01767 ExtendSize -= MmTotalCommitLimit; 01768 01769 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 01770 LockHeld = FALSE; 01771 01772 // 01773 // Make sure ample space exists within the paging files. 01774 // 01775 01776 i = 0; 01777 01778 do { 01779 ExtendedSize += MmPagingFile[i]->MaximumSize - MmPagingFile[i]->Size; 01780 i += 1; 01781 } while (i < MmNumberOfPagingFiles); 01782 01783 if (ExtendedSize < ExtendSize) { 01784 ExtendedSize = 0; 01785 goto alldone; 01786 } 01787 01788 // 01789 // Attempt to extend only one of the paging files. 01790 // 01791 01792 i = 0; 01793 do { 01794 ExtendedSize = MiAttemptPageFileExtension (i, ExtendSize, FALSE); 01795 if (ExtendedSize != 0) { 01796 goto alldone; 01797 } 01798 i += 1; 01799 } while (i < MmNumberOfPagingFiles); 01800 01801 ASSERT (ExtendedSize == 0); 01802 01803 if (MmNumberOfPagingFiles == 1) { 01804 01805 // 01806 // If the attempt didn't succeed for one (not enough disk space free) - 01807 // don't try to set it to the maximum size. 01808 // 01809 01810 goto alldone; 01811 } 01812 01813 // 01814 // Attempt to extend all paging files. 01815 // 01816 01817 i = 0; 01818 do { 01819 ASSERT (ExtendSize > ExtendedSize); 01820 ExtendedSize += MiAttemptPageFileExtension (i, 01821 ExtendSize - ExtendedSize, 01822 TRUE); 01823 if (ExtendedSize >= ExtendSize) { 01824 goto alldone; 01825 } 01826 i += 1; 01827 } while (i < MmNumberOfPagingFiles); 01828 01829 // 01830 // Not enough space is available. 01831 // 01832 01833 ExtendedSize = 0; 01834 01835 alldone: 01836 01837 if (LockHeld == FALSE) { 01838 ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); 01839 } 01840 01841 if ((ExtendedSize != 0) && (RealExpansion == TRUE)) { 01842 MmTotalCommitLimit += ExtendedSize; 01843 } 01844 01845 // 01846 // If commit allotments have been temporarily blocked then unblock now. 01847 // 01848 01849 if (MmPageFileFullExtendPages) { 01850 ASSERT (MmTotalCommittedPages >= MmPageFileFullExtendPages); 01851 MmTotalCommittedPages -= MmPageFileFullExtendPages; 01852 MmPageFileFullExtendPages = 0; 01853 } 01854 01855 PageExpand->InProgress = FALSE; 01856 PageExpand->ActualExpansion = ExtendedSize; 01857 01858 ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); 01859 01860 return ExtendedSize; 01861 }

PMMPTE MiFindActualFaultingPte (  IN PVOID  FaultingAddress  )

Definition at line 2749 of file pagfault.c. References MI_IS_PHYSICAL_ADDRESS, MI_PTE_LOOKUP_NEEDED, MiCheckVirtualAddress(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiPteToProto, NULL, and _MMPTE::u. Referenced by MiWaitForInPageComplete(). 02755 : 02756 02757 This routine locates the actual PTE which must be made resident in order 02758 to complete this fault. Note that for certain cases multiple faults 02759 are required to make the final page resident. 02760 02761 Arguments: 02762 02763 FaultingAddress - Supplies the virtual address which caused the 02764 fault. 02765 02766 PointerPte - Supplies the pointer to the PTE which is in prototype 02767 PTE format. 02768 02769 02770 Return Value: 02771 02772 02773 Environment: 02774 02775 Kernel mode, APCs disabled, working set mutex held. 02776 02777 --*/ 02778 02779 { 02780 PMMPTE ProtoPteAddress; 02781 PMMPTE PointerPte; 02782 PMMPTE PointerFaultingPte; 02783 ULONG Protection; 02784 02785 if (MI_IS_PHYSICAL_ADDRESS(FaultingAddress)) { 02786 return NULL; 02787 } 02788 02789 #if defined (_WIN64) 02790 02791 PointerPte = MiGetPpeAddress (FaultingAddress); 02792 02793 if (PointerPte->u.Hard.Valid == 0) { 02794 02795 // 02796 // Page directory page is not valid. 02797 // 02798 02799 return PointerPte; 02800 } 02801 02802 #endif 02803 02804 PointerPte = MiGetPdeAddress (FaultingAddress); 02805 02806 if (PointerPte->u.Hard.Valid == 0) { 02807 02808 // 02809 // Page table page is not valid. 02810 // 02811 02812 return PointerPte; 02813 } 02814 02815 PointerPte = MiGetPteAddress (FaultingAddress); 02816 02817 if (PointerPte->u.Hard.Valid == 1) { 02818 02819 // 02820 // Page is already valid, no need to fault it in. 02821 // 02822 02823 return (PMMPTE)NULL; 02824 } 02825 02826 if (PointerPte->u.Soft.Prototype == 0) { 02827 02828 // 02829 // Page is not a prototype PTE, make this PTE valid. 02830 // 02831 02832 return PointerPte; 02833 } 02834 02835 // 02836 // Check to see if the PTE which maps the prototype PTE is valid. 02837 // 02838 02839 if (PointerPte->u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED) { 02840 02841 // 02842 // Protection is here, PTE must be located in VAD. 02843 // 02844 02845 ProtoPteAddress = MiCheckVirtualAddress (FaultingAddress, 02846 &Protection); 02847 02848 if (ProtoPteAddress == NULL) { 02849 02850 // 02851 // No prototype PTE means another thread has deleted the VAD while 02852 // this thread waited for the inpage to complete. Certainly NULL 02853 // must be returned so a stale PTE is not modified - the instruction 02854 // will then be reexecuted and an access violation delivered. 02855 // 02856 02857 return (PMMPTE)NULL; 02858 } 02859 02860 } else { 02861 02862 // 02863 // Protection is in ProtoPte. 02864 // 02865 02866 ProtoPteAddress = MiPteToProto (PointerPte); 02867 } 02868 02869 PointerFaultingPte = MiFindActualFaultingPte (ProtoPteAddress); 02870 02871 if (PointerFaultingPte == (PMMPTE)NULL) { 02872 return PointerPte; 02873 } else { 02874 return PointerFaultingPte; 02875 } 02876 02877 }

PVOID MiFindContiguousMemory (  IN PFN_NUMBER  LowestPfn, IN PFN_NUMBER  HighestPfn, IN PFN_NUMBER  BoundaryPfn, IN PFN_NUMBER  SizeInPages, IN PVOID  CallingAddress )

Definition at line 4569 of file allocpag.c. References ActiveAndValid, ASSERT, _PHYSICAL_MEMORY_RUN::BasePage, ExFreePool(), ExInsertPoolTag(), ExLockPool(), ExPageLockHandle, ExUnlockPool(), FALSE, FreePageList, Index, _MMFREE_POOL_ENTRY::List, List, LOCK_PFN2, MI_CHECK_PAGE_ALIGNMENT, MI_CONVERT_PHYSICAL_TO_PFN, MI_GET_PAGE_COLOR_FROM_VA, MI_GET_PAGE_FRAME_FROM_PTE, MI_IS_PHYSICAL_ADDRESS, MI_MAX_FREE_LIST_HEADS, MI_PFN_ELEMENT, MI_WRITE_VALID_PTE, MiChargeCommitmentCantExpand(), MiCheckForContiguousMemory(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiInsertContiguousTag, MiProtectedPoolRemoveEntryList(), MiProtectFreeNonPagedPool(), MiReserveSystemPtes(), MiRestoreTransitionPte(), MiUnlinkFreeOrZeroedPage(), MiUnlinkPageFromList(), MiUnProtectFreeNonPagedPool(), MM_BUMP_COUNTER, MM_COLOR_MASK, MM_DBG_COMMIT_CONTIGUOUS_PAGES, MM_DEMAND_ZERO_WRITE_PTE, MM_FREE_POOL_SIGNATURE, MM_TRACK_COMMIT, MmAllocatedNonPagedPool, MmDynamicMemoryMutex, MmLockPagableSectionByHandle(), MmNonPagedPoolFreeListHead, MmNumberOfFreeNonPagedPool, MmPhysicalMemoryBlock, MmProtectFreedNonPagedPool, MmResidentAvailablePages, MmUnlockPagableImageSection(), NonPagedPool, NonPagedPoolDescriptor, NonPagedPoolExpansion, NULL, _PHYSICAL_MEMORY_DESCRIPTOR::NumberOfRuns, _MMPFN::OriginalPte, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, _PHYSICAL_MEMORY_RUN::PageCount, PAGED_CODE, _MMPFN::PteAddress, _MMPFN::PteFrame, _PHYSICAL_MEMORY_DESCRIPTOR::Run, _MMFREE_POOL_ENTRY::Signature, _MMFREE_POOL_ENTRY::Size, StandbyPageList, _POOL_DESCRIPTOR::TotalBigPages, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN2, ValidKernelPte, and ZeroedPageList. Referenced by MiAllocateContiguousMemory(). : This function searches nonpaged pool and the free, zeroed, and standby lists for contiguous pages that satisfy the request. Arguments: LowestPfn - Supplies the lowest acceptable physical page number. HighestPfn - Supplies the highest acceptable physical page number. BoundaryPfn - Supplies the page frame number multiple the allocation must not cross. 0 indicates it can cross any boundary. SizeInPages - Supplies the number of pages to allocate. CallingAddress - Supplies the calling address of the allocator. Return Value: NULL - a contiguous range could not be found to satisfy the request. NON-NULL - Returns a pointer (virtual address in the nonpaged portion of the system) to the allocated physically contiguous memory. Environment: Kernel mode, IRQL of APC_LEVEL or below. --*/ { PMMPTE PointerPte; PMMPFN Pfn1; PVOID BaseAddress; PVOID BaseAddress2; KIRQL OldIrql; KIRQL OldIrql2; PMMFREE_POOL_ENTRY FreePageInfo; PLIST_ENTRY Entry; ULONG start; ULONG Index; PFN_NUMBER count; PFN_NUMBER Page; PFN_NUMBER LastPage; PFN_NUMBER found; PFN_NUMBER BoundaryMask; MMPTE TempPte; ULONG PageColor; ULONG AllocationPosition; PVOID Va; LOGICAL AddressIsPhysical; PFN_NUMBER SpanInPages; PFN_NUMBER SpanInPages2; PAGED_CODE (); BaseAddress = NULL; BoundaryMask = ~(BoundaryPfn - 1); // // A suitable pool page was not allocated via the pool allocator. // Grab the pool lock and manually search for a page which meets // the requirements. // MmLockPagableSectionByHandle (ExPageLockHandle); ExAcquireFastMutex (&MmDynamicMemoryMutex); OldIrql = ExLockPool (NonPagedPool); // // Trace through the page allocator's pool headers for a page which // meets the requirements. // // // NonPaged pool is linked together through the pages themselves. // Index = (ULONG)(SizeInPages - 1); if (Index >= MI_MAX_FREE_LIST_HEADS) { Index = MI_MAX_FREE_LIST_HEADS - 1; } while (Index < MI_MAX_FREE_LIST_HEADS) { Entry = MmNonPagedPoolFreeListHead[Index].Flink; while (Entry != &MmNonPagedPoolFreeListHead[Index]) { if (MmProtectFreedNonPagedPool == TRUE) { MiUnProtectFreeNonPagedPool ((PVOID)Entry, 0); } // // The list is not empty, see if this one meets the physical // requirements. // FreePageInfo = CONTAINING_RECORD(Entry, MMFREE_POOL_ENTRY, List); ASSERT (FreePageInfo->Signature == MM_FREE_POOL_SIGNATURE); if (FreePageInfo->Size >= SizeInPages) { // // This entry has sufficient space, check to see if the // pages meet the physical requirements. // Va = MiCheckForContiguousMemory (PAGE_ALIGN(Entry), FreePageInfo->Size, SizeInPages, LowestPfn, HighestPfn, BoundaryPfn); if (Va != NULL) { // // These pages meet the requirements. The returned // address may butt up on the end, the front or be // somewhere in the middle. Split the Entry based // on which case it is. // Entry = PAGE_ALIGN(Entry); if (MmProtectFreedNonPagedPool == FALSE) { RemoveEntryList (&FreePageInfo->List); } else { MiProtectedPoolRemoveEntryList (&FreePageInfo->List); } // // Adjust the number of free pages remaining in the pool. // The TotalBigPages calculation appears incorrect for the // case where we're splitting a block, but it's done this // way because ExFreePool corrects it when we free the // fragment block below. Likewise for // MmAllocatedNonPagedPool and MmNumberOfFreeNonPagedPool // which is corrected by MiFreePoolPages for the fragment. // NonPagedPoolDescriptor.TotalBigPages += (ULONG)FreePageInfo->Size; MmAllocatedNonPagedPool += FreePageInfo->Size; MmNumberOfFreeNonPagedPool -= FreePageInfo->Size; ASSERT ((LONG)MmNumberOfFreeNonPagedPool >= 0); if (Va == Entry) { // // Butted against the front. // AllocationPosition = 0; } else if (((PCHAR)Va + (SizeInPages << PAGE_SHIFT)) == ((PCHAR)Entry + (FreePageInfo->Size << PAGE_SHIFT))) { // // Butted against the end. // AllocationPosition = 2; } else { // // Somewhere in the middle. // AllocationPosition = 1; } // // Pages are being removed from the front of // the list entry and the whole list entry // will be removed and then the remainder inserted. // // // Mark start and end for the block at the top of the // list. // if (MI_IS_PHYSICAL_ADDRESS(Va)) { // // On certain architectures, virtual addresses // may be physical and hence have no corresponding PTE. // AddressIsPhysical = TRUE; Pfn1 = MI_PFN_ELEMENT (MI_CONVERT_PHYSICAL_TO_PFN (Va)); } else { AddressIsPhysical = FALSE; PointerPte = MiGetPteAddress(Va); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); } ASSERT (Pfn1->u3.e1.VerifierAllocation == 0); ASSERT (Pfn1->u3.e1.LargeSessionAllocation == 0); ASSERT (Pfn1->u3.e1.StartOfAllocation == 0); Pfn1->u3.e1.StartOfAllocation = 1; // // Calculate the ending PFN address, note that since // these pages are contiguous, just add to the PFN. // Pfn1 += SizeInPages - 1; ASSERT (Pfn1->u3.e1.VerifierAllocation == 0); ASSERT (Pfn1->u3.e1.LargeSessionAllocation == 0); ASSERT (Pfn1->u3.e1.EndOfAllocation == 0); Pfn1->u3.e1.EndOfAllocation = 1; if (SizeInPages == FreePageInfo->Size) { // // Unlock the pool and return. // BaseAddress = (PVOID)Va; goto Done; } BaseAddress = NULL; if (AllocationPosition != 2) { // // The end piece needs to be freed as the removal // came from the front or the middle. // BaseAddress = (PVOID)((PCHAR)Va + (SizeInPages << PAGE_SHIFT)); SpanInPages = FreePageInfo->Size - SizeInPages - (((ULONG_PTR)Va - (ULONG_PTR)Entry) >> PAGE_SHIFT); // // Mark start and end of the allocation in the PFN database. // if (AddressIsPhysical == TRUE) { // // On certain architectures, virtual addresses // may be physical and hence have no corresponding PTE. // Pfn1 = MI_PFN_ELEMENT (MI_CONVERT_PHYSICAL_TO_PFN (BaseAddress)); } else { PointerPte = MiGetPteAddress(BaseAddress); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); } ASSERT (Pfn1->u3.e1.VerifierAllocation == 0); ASSERT (Pfn1->u3.e1.LargeSessionAllocation == 0); ASSERT (Pfn1->u3.e1.StartOfAllocation == 0); Pfn1->u3.e1.StartOfAllocation = 1; // // Calculate the ending PTE's address, can't depend on // these pages being physically contiguous. // if (AddressIsPhysical == TRUE) { Pfn1 += (SpanInPages - 1); } else { PointerPte += (SpanInPages - 1); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); } ASSERT (Pfn1->u3.e1.EndOfAllocation == 0); Pfn1->u3.e1.EndOfAllocation = 1; ASSERT (((ULONG_PTR)BaseAddress & (PAGE_SIZE -1)) == 0); SpanInPages2 = SpanInPages; } BaseAddress2 = BaseAddress; BaseAddress = NULL; if (AllocationPosition != 0) { // // The front piece needs to be freed as the removal // came from the middle or the end. // BaseAddress = (PVOID)Entry; SpanInPages = ((ULONG_PTR)Va - (ULONG_PTR)Entry) >> PAGE_SHIFT; // // Mark start and end of the allocation in the PFN database. // if (AddressIsPhysical == TRUE) { // // On certain architectures, virtual addresses // may be physical and hence have no corresponding PTE. // Pfn1 = MI_PFN_ELEMENT (MI_CONVERT_PHYSICAL_TO_PFN (BaseAddress)); } else { PointerPte = MiGetPteAddress(BaseAddress); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); } ASSERT (Pfn1->u3.e1.VerifierAllocation == 0); ASSERT (Pfn1->u3.e1.LargeSessionAllocation == 0); ASSERT (Pfn1->u3.e1.StartOfAllocation == 0); Pfn1->u3.e1.StartOfAllocation = 1; // // Calculate the ending PTE's address, can't depend on // these pages being physically contiguous. // if (AddressIsPhysical == TRUE) { Pfn1 += (SpanInPages - 1); } else { PointerPte += (SpanInPages - 1); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); } ASSERT (Pfn1->u3.e1.EndOfAllocation == 0); Pfn1->u3.e1.EndOfAllocation = 1; ASSERT (((ULONG_PTR)BaseAddress & (PAGE_SIZE -1)) == 0); } // // Unlock the pool. // ExUnlockPool (NonPagedPool, OldIrql); ExReleaseFastMutex (&MmDynamicMemoryMutex); // // Free the split entry at BaseAddress back into the pool. // Note that we have overcharged the pool - the entire free // chunk has been billed. Here we return the piece we // didn't use and correct the momentary overbilling. // // The start and end allocation bits of this split entry // which we just set up enable ExFreePool and his callees // to correctly adjust the billing. // if (BaseAddress) { ExInsertPoolTag ('tnoC', BaseAddress, SpanInPages << PAGE_SHIFT, NonPagedPool); ExFreePool (BaseAddress); } if (BaseAddress2) { ExInsertPoolTag ('tnoC', BaseAddress2, SpanInPages2 << PAGE_SHIFT, NonPagedPool); ExFreePool (BaseAddress2); } BaseAddress = Va; goto Done1; } } Entry = FreePageInfo->List.Flink; if (MmProtectFreedNonPagedPool == TRUE) { MiProtectFreeNonPagedPool ((PVOID)FreePageInfo, (ULONG)FreePageInfo->Size); } } Index += 1; } // // No entry was found in free nonpaged pool that meets the requirements. // Search the PFN database for pages that meet the requirements. // start = 0; do { count = MmPhysicalMemoryBlock->Run[start].PageCount; Page = MmPhysicalMemoryBlock->Run[start].BasePage; // // Close the gaps, then examine the range for a fit. // LastPage = Page + count; if (LastPage - 1 > HighestPfn) { LastPage = HighestPfn + 1; } if (Page < LowestPfn) { Page = LowestPfn; } if ((count != 0) && (Page + SizeInPages <= LastPage)) { // // A fit may be possible in this run, check whether the pages // are on the right list. // found = 0; Pfn1 = MI_PFN_ELEMENT (Page); LOCK_PFN2 (OldIrql2); do { if ((Pfn1->u3.e1.PageLocation == ZeroedPageList) || (Pfn1->u3.e1.PageLocation == FreePageList) || (Pfn1->u3.e1.PageLocation == StandbyPageList)) { if ((Pfn1->u1.Flink != 0) && (Pfn1->u2.Blink != 0) && (Pfn1->u3.e2.ReferenceCount == 0)) { // // Before starting a new run, ensure that it // can satisfy the boundary requirements (if any). // if ((found == 0) && (BoundaryPfn != 0)) { if (((Page ^ (Page + SizeInPages - 1)) & BoundaryMask) != 0) { // // This run's physical address does not meet the // requirements. // goto NextPage; } } found += 1; if (found == SizeInPages) { // // A match has been found, remove these // pages, add them to the free pool and // return. // Page = 1 + Page - found; // // Try to find system PTES to expand the pool into. // PointerPte = MiReserveSystemPtes ((ULONG)SizeInPages, NonPagedPoolExpansion, 0, 0, FALSE); if (PointerPte == NULL) { UNLOCK_PFN2 (OldIrql2); goto Done; } MmResidentAvailablePages -= SizeInPages; MM_BUMP_COUNTER(3, SizeInPages); MiChargeCommitmentCantExpand (SizeInPages, TRUE); MM_TRACK_COMMIT (MM_DBG_COMMIT_CONTIGUOUS_PAGES, SizeInPages); BaseAddress = MiGetVirtualAddressMappedByPte (PointerPte); PageColor = MI_GET_PAGE_COLOR_FROM_VA(BaseAddress); TempPte = ValidKernelPte; MmAllocatedNonPagedPool += SizeInPages; NonPagedPoolDescriptor.TotalBigPages += (ULONG)SizeInPages; Pfn1 = MI_PFN_ELEMENT (Page - 1); do { Pfn1 += 1; if (Pfn1->u3.e1.PageLocation == StandbyPageList) { MiUnlinkPageFromList (Pfn1); MiRestoreTransitionPte (Page); } else { MiUnlinkFreeOrZeroedPage (Page); } MI_CHECK_PAGE_ALIGNMENT(Page, PageColor & MM_COLOR_MASK); Pfn1->u3.e1.PageColor = PageColor & MM_COLOR_MASK; PageColor += 1; TempPte.u.Hard.PageFrameNumber = Page; MI_WRITE_VALID_PTE (PointerPte, TempPte); Pfn1->u3.e2.ReferenceCount = 1; Pfn1->u2.ShareCount = 1; Pfn1->PteAddress = PointerPte; Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; Pfn1->PteFrame = MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(PointerPte)); Pfn1->u3.e1.PageLocation = ActiveAndValid; Pfn1->u3.e1.VerifierAllocation = 0; Pfn1->u3.e1.LargeSessionAllocation = 0; if (found == SizeInPages) { Pfn1->u3.e1.StartOfAllocation = 1; } PointerPte += 1; Page += 1; found -= 1; } while (found); Pfn1->u3.e1.EndOfAllocation = 1; UNLOCK_PFN2 (OldIrql2); goto Done; } } else { found = 0; } } else { found = 0; } NextPage: Page += 1; Pfn1 += 1; } while (Page < LastPage); UNLOCK_PFN2 (OldIrql2); } start += 1; } while (start != MmPhysicalMemoryBlock->NumberOfRuns); Done: ExUnlockPool (NonPagedPool, OldIrql); ExReleaseFastMutex (&MmDynamicMemoryMutex); Done1: MmUnlockPagableImageSection (ExPageLockHandle); if (BaseAddress) { MiInsertContiguousTag (BaseAddress, SizeInPages << PAGE_SHIFT, CallingAddress); ExInsertPoolTag ('tnoC', BaseAddress, SizeInPages << PAGE_SHIFT, NonPagedPool); } return BaseAddress; }

PVOID MiFindEmptyAddressRange (  IN SIZE_T  SizeOfRange, IN ULONG_PTR  Alignment, IN ULONG  QuickCheck )

Definition at line 431 of file vadtree.c. References _MMVAD::EndingVpn, MI_ROUND_TO_SIZE, MI_VPN_TO_VA, MI_VPN_TO_VA_ENDING, MiFindEmptyAddressRangeInTree(), MiGetNextVad, NULL, PsGetCurrentProcess, _MMVAD::StartingVpn, _EPROCESS::VadFreeHint, and _EPROCESS::VadRoot. Referenced by MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), and NtAllocateVirtualMemory(). 00439 : 00440 00441 The function examines the virtual address descriptors to locate 00442 an unused range of the specified size and returns the starting 00443 address of the range. 00444 00445 Arguments: 00446 00447 SizeOfRange - Supplies the size in bytes of the range to locate. 00448 00449 Alignment - Supplies the alignment for the address. Must be 00450 a power of 2 and greater than the page_size. 00451 00452 QuickCheck - Supplies a zero if a quick check for free memory 00453 after the VadFreeHint exists, non-zero if checking 00454 should start at the lowest address. 00455 00456 Return Value: 00457 00458 Returns the starting address of a suitable range. 00459 00460 --*/ 00461 00462 { 00463 PMMVAD NextVad; 00464 PMMVAD FreeHint; 00465 PEPROCESS CurrentProcess; 00466 PVOID StartingVa; 00467 PVOID EndingVa; 00468 00469 CurrentProcess = PsGetCurrentProcess(); 00470 FreeHint = CurrentProcess->VadFreeHint; 00471 00472 if ((QuickCheck == 0) && (FreeHint != NULL)) { 00473 00474 EndingVa = MI_VPN_TO_VA_ENDING (FreeHint->EndingVpn); 00475 NextVad = MiGetNextVad (FreeHint); 00476 if (NextVad == NULL) { 00477 00478 if (SizeOfRange < 00479 (((ULONG_PTR)MM_HIGHEST_USER_ADDRESS + 1) - 00480 MI_ROUND_TO_SIZE((ULONG_PTR)EndingVa, Alignment))) { 00481 return (PMMADDRESS_NODE)MI_ROUND_TO_SIZE((ULONG_PTR)EndingVa, 00482 Alignment); 00483 } 00484 } else { 00485 StartingVa = MI_VPN_TO_VA (NextVad->StartingVpn); 00486 00487 if (SizeOfRange < 00488 ((ULONG_PTR)StartingVa - 00489 MI_ROUND_TO_SIZE((ULONG_PTR)EndingVa, Alignment))) { 00490 00491 // 00492 // Check to ensure that the ending address aligned upwards 00493 // is not greater than the starting address. 00494 // 00495 00496 if ((ULONG_PTR)StartingVa > 00497 MI_ROUND_TO_SIZE((ULONG_PTR)EndingVa,Alignment)) { 00498 return (PMMADDRESS_NODE)MI_ROUND_TO_SIZE((ULONG_PTR)EndingVa, 00499 Alignment); 00500 } 00501 } 00502 } 00503 } 00504 00505 return (PMMVAD)MiFindEmptyAddressRangeInTree ( 00506 SizeOfRange, 00507 Alignment, 00508 (PMMADDRESS_NODE)(CurrentProcess->VadRoot), 00509 (PMMADDRESS_NODE *)&CurrentProcess->VadFreeHint); 00510 00511 }

PVOID MiFindEmptyAddressRangeDownTree (  IN SIZE_T  SizeOfRange, IN PVOID  HighestAddressToEndAt, IN ULONG_PTR  Alignment, IN PMMADDRESS_NODE  Root )

Definition at line 1252 of file addrsup.c. References ASSERT, _MMADDRESS_NODE::EndingVpn, ExRaiseStatus(), MI_ALIGN_TO_SIZE, MI_ROUND_TO_SIZE, MI_VA_TO_VPN, MI_VPN_TO_VA, MI_VPN_TO_VA_ENDING, MiGetPreviousNode(), MM_HIGHEST_VAD_ADDRESS, NULL, PAGE_SHIFT, PAGE_SIZE, _MMADDRESS_NODE::RightChild, and _MMADDRESS_NODE::StartingVpn. Referenced by MiFindEmptySectionBaseDown(). 01261 : 01262 01263 The function examines the virtual address descriptors to locate 01264 an unused range of the specified size and returns the starting 01265 address of the range. The function examines from the high 01266 addresses down and ensures that starting address is less than 01267 the specified address. 01268 01269 Arguments: 01270 01271 SizeOfRange - Supplies the size in bytes of the range to locate. 01272 01273 HighestAddressToEndAt - Supplies the virtual address that limits 01274 the value of the ending address. The ending 01275 address of the located range must be less 01276 than this address. 01277 01278 Alignment - Supplies the alignment for the address. Must be 01279 a power of 2 and greater than the page_size. 01280 01281 Root - Supplies the root of the tree to search through. 01282 01283 Return Value: 01284 01285 Returns the starting address of a suitable range. 01286 01287 --*/ 01288 01289 { 01290 PMMADDRESS_NODE Node; 01291 PMMADDRESS_NODE PreviousNode; 01292 ULONG_PTR AlignedEndingVa; 01293 PVOID OptimalStart; 01294 ULONG_PTR OptimalStartVpn; 01295 ULONG_PTR HighestVpn; 01296 ULONG_PTR AlignmentVpn; 01297 01298 SizeOfRange = MI_ROUND_TO_SIZE (SizeOfRange, PAGE_SIZE); 01299 01300 ASSERT (HighestAddressToEndAt != NULL); 01301 ASSERT (HighestAddressToEndAt <= (PVOID)((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS + 1)); 01302 01303 HighestVpn = MI_VA_TO_VPN (HighestAddressToEndAt); 01304 01305 // 01306 // Locate the Node with the highest starting address. 01307 // 01308 01309 OptimalStart = (PVOID)(MI_ALIGN_TO_SIZE( 01310 (((ULONG_PTR)HighestAddressToEndAt + 1) - SizeOfRange), 01311 Alignment)); 01312 Node = Root; 01313 01314 if (Node == (PMMADDRESS_NODE)NULL) { 01315 01316 // 01317 // The tree is empty, any range is okay. 01318 // 01319 01320 return (PMMADDRESS_NODE)(OptimalStart); 01321 } 01322 01323 // 01324 // See if an empty slot exists to hold this range, locate the largest 01325 // element in the tree. 01326 // 01327 01328 while (Node->RightChild != (PMMADDRESS_NODE)NULL) { 01329 Node = Node->RightChild; 01330 } 01331 01332 // 01333 // Check to see if a range exists between the highest address VAD 01334 // and the highest address to end at. 01335 // 01336 01337 AlignedEndingVa = (ULONG_PTR)MI_ROUND_TO_SIZE ((ULONG_PTR)MI_VPN_TO_VA_ENDING (Node->EndingVpn), 01338 Alignment); 01339 01340 if (AlignedEndingVa < (ULONG_PTR)HighestAddressToEndAt) { 01341 01342 if ( SizeOfRange < ((ULONG_PTR)HighestAddressToEndAt - AlignedEndingVa)) { 01343 01344 return (PMMADDRESS_NODE)(MI_ALIGN_TO_SIZE( 01345 ((ULONG_PTR)HighestAddressToEndAt - SizeOfRange), 01346 Alignment)); 01347 } 01348 } 01349 01350 // 01351 // Walk the tree backwards looking for a fit. 01352 // 01353 01354 OptimalStartVpn = MI_VA_TO_VPN (OptimalStart); 01355 AlignmentVpn = MI_VA_TO_VPN (Alignment); 01356 01357 for (;;) { 01358 01359 PreviousNode = MiGetPreviousNode (Node); 01360 01361 if (PreviousNode != (PMMADDRESS_NODE)NULL) { 01362 01363 // 01364 // Is the ending Va below the top of the address to end at. 01365 // 01366 01367 if (PreviousNode->EndingVpn < OptimalStartVpn) { 01368 if ((SizeOfRange >> PAGE_SHIFT) <= 01369 ((ULONG_PTR)Node->StartingVpn - 01370 (ULONG_PTR)MI_ROUND_TO_SIZE(1 + PreviousNode->EndingVpn, 01371 AlignmentVpn))) { 01372 01373 // 01374 // See if the optimal start will fit between these 01375 // two VADs. 01376 // 01377 01378 if ((OptimalStartVpn > PreviousNode->EndingVpn) && 01379 (HighestVpn < Node->StartingVpn)) { 01380 return (PMMADDRESS_NODE)(OptimalStart); 01381 } 01382 01383 // 01384 // Check to ensure that the ending address aligned upwards 01385 // is not greater than the starting address. 01386 // 01387 01388 if ((ULONG_PTR)Node->StartingVpn > 01389 (ULONG_PTR)MI_ROUND_TO_SIZE(1 + PreviousNode->EndingVpn, 01390 AlignmentVpn)) { 01391 01392 return (PMMADDRESS_NODE)MI_ALIGN_TO_SIZE( 01393 (ULONG_PTR)MI_VPN_TO_VA (Node->StartingVpn) - SizeOfRange, 01394 Alignment); 01395 } 01396 } 01397 } 01398 } else { 01399 01400 // 01401 // No more descriptors, check to see if this fits into the remainder 01402 // of the address space. 01403 // 01404 01405 if (Node->StartingVpn > MI_VA_TO_VPN (MM_LOWEST_USER_ADDRESS)) { 01406 if ((SizeOfRange >> PAGE_SHIFT) <= 01407 ((ULONG_PTR)Node->StartingVpn - MI_VA_TO_VPN (MM_LOWEST_USER_ADDRESS))) { 01408 01409 // 01410 // See if the optimal start will fit between these 01411 // two VADs. 01412 // 01413 01414 if (HighestVpn < Node->StartingVpn) { 01415 return (PMMADDRESS_NODE)(OptimalStart); 01416 } 01417 01418 return (PMMADDRESS_NODE)MI_ALIGN_TO_SIZE( 01419 (ULONG_PTR)MI_VPN_TO_VA (Node->StartingVpn) - SizeOfRange, 01420 Alignment); 01421 } 01422 } else { 01423 ExRaiseStatus (STATUS_NO_MEMORY); 01424 } 01425 } 01426 Node = PreviousNode; 01427 } 01428 } #if DBG

PVOID MiFindEmptyAddressRangeInTree (  IN SIZE_T  SizeOfRange, IN ULONG_PTR  Alignment, IN PMMADDRESS_NODE  Root, OUT PMMADDRESS_NODE *  PreviousVad )

Definition at line 1127 of file addrsup.c. References ASSERT, _MMADDRESS_NODE::EndingVpn, ExRaiseStatus(), _MMADDRESS_NODE::LeftChild, MI_ROUND_TO_SIZE, MI_VA_TO_VPN, MI_VPN_TO_VA, MI_VPN_TO_VA_ENDING, MiGetNextNode(), MM_HIGHEST_VAD_ADDRESS, NULL, PAGE_SHIFT, PAGE_SIZE, _MMADDRESS_NODE::StartingVpn, and X64K. Referenced by MiFindEmptyAddressRange(). 01136 : 01137 01138 The function examines the virtual address descriptors to locate 01139 an unused range of the specified size and returns the starting 01140 address of the range. 01141 01142 Arguments: 01143 01144 SizeOfRange - Supplies the size in bytes of the range to locate. 01145 01146 Alignment - Supplies the alignment for the address. Must be 01147 a power of 2 and greater than the page_size. 01148 01149 Root - Supplies the root of the tree to search through. 01150 01151 PreviousVad - Supplies the Vad which is before this the found 01152 address range. 01153 01154 Return Value: 01155 01156 Returns the starting address of a suitable range. 01157 01158 --*/ 01159 01160 { 01161 PMMADDRESS_NODE Node; 01162 PMMADDRESS_NODE NextNode; 01163 ULONG_PTR AlignmentVpn; 01164 01165 AlignmentVpn = Alignment >> PAGE_SHIFT; 01166 01167 // 01168 // Locate the Node with the lowest starting address. 01169 // 01170 01171 SizeOfRange = (SizeOfRange + (PAGE_SIZE - 1)) >> PAGE_SHIFT; 01172 ASSERT (SizeOfRange != 0); 01173 01174 Node = Root; 01175 01176 if (Node == (PMMADDRESS_NODE)NULL) { 01177 return MM_LOWEST_USER_ADDRESS; 01178 } 01179 while (Node->LeftChild != (PMMADDRESS_NODE)NULL) { 01180 Node = Node->LeftChild; 01181 } 01182 01183 // 01184 // Check to see if a range exists between the lowest address VAD 01185 // and lowest user address. 01186 // 01187 01188 if (Node->StartingVpn > MI_VA_TO_VPN (MM_LOWEST_USER_ADDRESS)) { 01189 if ( SizeOfRange < 01190 (Node->StartingVpn - MI_VA_TO_VPN (MM_LOWEST_USER_ADDRESS))) { 01191 01192 *PreviousVad = NULL; 01193 return MM_LOWEST_USER_ADDRESS; 01194 } 01195 } 01196 01197 for (;;) { 01198 01199 NextNode = MiGetNextNode (Node); 01200 01201 if (NextNode != (PMMADDRESS_NODE)NULL) { 01202 01203 if (SizeOfRange <= 01204 ((ULONG_PTR)NextNode->StartingVpn - 01205 MI_ROUND_TO_SIZE(1 + Node->EndingVpn, 01206 AlignmentVpn))) { 01207 01208 // 01209 // Check to ensure that the ending address aligned upwards 01210 // is not greater than the starting address. 01211 // 01212 01213 if ((ULONG_PTR)NextNode->StartingVpn > 01214 MI_ROUND_TO_SIZE(1 + Node->EndingVpn, 01215 AlignmentVpn)) { 01216 01217 *PreviousVad = Node; 01218 return (PMMADDRESS_NODE)MI_ROUND_TO_SIZE( 01219 (ULONG_PTR)MI_VPN_TO_VA_ENDING(Node->EndingVpn), 01220 Alignment); 01221 } 01222 } 01223 01224 } else { 01225 01226 // 01227 // No more descriptors, check to see if this fits into the remainder 01228 // of the address space. 01229 // 01230 01231 if ((((ULONG_PTR)Node->EndingVpn + MI_VA_TO_VPN(X64K)) < 01232 MI_VA_TO_VPN (MM_HIGHEST_VAD_ADDRESS)) 01233 && 01234 (SizeOfRange <= 01235 ((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - 01236 (ULONG_PTR)MI_ROUND_TO_SIZE( 01237 (ULONG_PTR)MI_VPN_TO_VA(Node->EndingVpn), Alignment)))) { 01238 01239 *PreviousVad = Node; 01240 return (PMMADDRESS_NODE)MI_ROUND_TO_SIZE( 01241 (ULONG_PTR)MI_VPN_TO_VA_ENDING(Node->EndingVpn), 01242 Alignment); 01243 } else { 01244 ExRaiseStatus (STATUS_NO_MEMORY); 01245 } 01246 } 01247 Node = NextNode; 01248 } 01249 }

PVOID MiFindEmptySectionBaseDown (  IN ULONG  SizeOfRange, IN PVOID  HighestAddressToEndAt )

Definition at line 154 of file sectsup.c. References MiFindEmptyAddressRangeDownTree(), MmSectionBasedRoot, and X64K. Referenced by MmCreateSection(). : The function examines the virtual address descriptors to locate an unused range of the specified size and returns the starting address of the range. This routine looks from the top down. Arguments: SectionBasedRoot - Supplies the root of the available address tree. SizeOfRange - Supplies the size in bytes of the range to locate. HighestAddressToEndAt - Supplies the virtual address to begin looking at. Return Value: Returns the starting address of a suitable range. --*/ { return MiFindEmptyAddressRangeDownTree (SizeOfRange, HighestAddressToEndAt, X64K, MmSectionBasedRoot); }

VOID MiFindInitializationCode (  OUT PVOID *  StartVa, OUT PVOID *  EndVa )

Definition at line 2474 of file mminit.c. References DbgPrint, ExAcquireResourceExclusive, ExReleaseResource, KeEnterCriticalRegion, KeLeaveCriticalRegion, MiFindInitializationCode(), MiFreeInitializationCode(), NULL, PAGE_ALIGN, PAGE_SIZE, PsLoadedModuleList, PsLoadedModuleResource, ROUND_TO_PAGES, RtlImageNtHeader(), and TRUE. Referenced by MiFindInitializationCode(), and MmZeroPageThread(). 02481 : 02482 02483 This function locates the start and end of the kernel initialization 02484 code. This code resides in the "init" section of the kernel image. 02485 02486 Arguments: 02487 02488 StartVa - Returns the starting address of the init section. 02489 02490 EndVa - Returns the ending address of the init section. 02491 02492 Return Value: 02493 02494 None. 02495 02496 Environment: 02497 02498 Kernel Mode Only. End of system initialization. 02499 02500 --*/ 02501 02502 { 02503 PLDR_DATA_TABLE_ENTRY LdrDataTableEntry; 02504 PVOID CurrentBase; 02505 PVOID InitStart; 02506 PVOID InitEnd; 02507 PLIST_ENTRY Next; 02508 PIMAGE_NT_HEADERS NtHeader; 02509 PIMAGE_SECTION_HEADER SectionTableEntry; 02510 PIMAGE_SECTION_HEADER LastDiscard; 02511 LONG i; 02512 PVOID MiFindInitializationCodeAddress; 02513 02514 MiFindInitializationCodeAddress = MmGetProcedureAddress((PVOID)&MiFindInitializationCode); 02515 02516 *StartVa = NULL; 02517 02518 // 02519 // Walk through the loader blocks looking for the base which 02520 // contains this routine. 02521 // 02522 02523 KeEnterCriticalRegion(); 02524 ExAcquireResourceExclusive (&PsLoadedModuleResource, TRUE); 02525 Next = PsLoadedModuleList.Flink; 02526 02527 while ( Next != &PsLoadedModuleList ) { 02528 LdrDataTableEntry = CONTAINING_RECORD( Next, 02529 LDR_DATA_TABLE_ENTRY, 02530 InLoadOrderLinks 02531 ); 02532 if (LdrDataTableEntry->SectionPointer != NULL) { 02533 02534 // 02535 // This entry was loaded by MmLoadSystemImage so it's already 02536 // had its init section removed. 02537 // 02538 02539 Next = Next->Flink; 02540 continue; 02541 } 02542 02543 CurrentBase = (PVOID)LdrDataTableEntry->DllBase; 02544 NtHeader = RtlImageNtHeader(CurrentBase); 02545 02546 SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + 02547 sizeof(ULONG) + 02548 sizeof(IMAGE_FILE_HEADER) + 02549 NtHeader->FileHeader.SizeOfOptionalHeader); 02550 02551 // 02552 // From the image header, locate the section named 'INIT'. 02553 // 02554 02555 i = NtHeader->FileHeader.NumberOfSections; 02556 02557 InitStart = NULL; 02558 while (i > 0) { 02559 02560 #if DBG 02561 if ((*(PULONG)SectionTableEntry->Name == 'tini') || 02562 (*(PULONG)SectionTableEntry->Name == 'egap')) { 02563 DbgPrint("driver %wZ has lower case sections (init or pagexxx)\n", 02564 &LdrDataTableEntry->FullDllName); 02565 } 02566 #endif //DBG 02567 02568 // 02569 // Free any INIT sections (or relocation sections that haven't 02570 // been already). Note a driver may have a relocation section 02571 // but not have any INIT code. 02572 // 02573 02574 if ((*(PULONG)SectionTableEntry->Name == 'TINI') || 02575 ((SectionTableEntry->Characteristics & IMAGE_SCN_MEM_DISCARDABLE) != 0)) { 02576 02577 02578 InitStart = (PVOID)((PCHAR)CurrentBase + SectionTableEntry->VirtualAddress); 02579 InitEnd = (PVOID)((PCHAR)InitStart + SectionTableEntry->SizeOfRawData - 1); 02580 InitEnd = (PVOID)((PCHAR)PAGE_ALIGN ((PCHAR)InitEnd + 02581 (NtHeader->OptionalHeader.SectionAlignment - 1)) - 1); 02582 InitStart = (PVOID)ROUND_TO_PAGES (InitStart); 02583 02584 // 02585 // Check if more sections are discardable after this one so 02586 // even small INIT sections can be discarded. 02587 // 02588 02589 if (i == 1) { 02590 LastDiscard = SectionTableEntry; 02591 } 02592 else { 02593 LastDiscard = NULL; 02594 do { 02595 i -= 1; 02596 SectionTableEntry += 1; 02597 02598 if ((SectionTableEntry->Characteristics & 02599 IMAGE_SCN_MEM_DISCARDABLE) != 0) { 02600 02601 // 02602 // Discard this too. 02603 // 02604 02605 LastDiscard = SectionTableEntry; 02606 } else { 02607 break; 02608 } 02609 } while (i > 1); 02610 } 02611 02612 if (LastDiscard) { 02613 InitEnd = (PVOID)(((PCHAR)CurrentBase + 02614 LastDiscard->VirtualAddress) + 02615 (LastDiscard->SizeOfRawData - 1)); 02616 02617 // 02618 // If this isn't the last section in the driver then the 02619 // the next section is not discardable. So the last 02620 // section is not rounded down, but all others must be. 02621 // 02622 02623 if (i != 1) { 02624 InitEnd = (PVOID)((PCHAR)PAGE_ALIGN ((PCHAR)InitEnd + 02625 (NtHeader->OptionalHeader.SectionAlignment - 1)) - 1); 02626 } 02627 } 02628 02629 if (InitEnd > (PVOID)((PCHAR)CurrentBase + 02630 LdrDataTableEntry->SizeOfImage)) { 02631 InitEnd = (PVOID)(((ULONG_PTR)CurrentBase + 02632 (LdrDataTableEntry->SizeOfImage - 1)) | 02633 (PAGE_SIZE - 1)); 02634 } 02635 02636 if (InitStart <= InitEnd) { 02637 if ((MiFindInitializationCodeAddress >= InitStart) && 02638 (MiFindInitializationCodeAddress <= InitEnd)) { 02639 02640 // 02641 // This init section is in the kernel, don't free it 02642 // now as it would free this code! 02643 // 02644 02645 *StartVa = InitStart; 02646 *EndVa = InitEnd; 02647 } 02648 else { 02649 MiFreeInitializationCode (InitStart, InitEnd); 02650 } 02651 } 02652 } 02653 i -= 1; 02654 SectionTableEntry += 1; 02655 } 02656 Next = Next->Flink; 02657 } 02658 ExReleaseResource (&PsLoadedModuleResource); 02659 KeLeaveCriticalRegion(); 02660 return; 02661 }

VOID MiFlushAllPages (  VOID   )

Definition at line 4870 of file modwrite.c. References FALSE, KeDelayExecutionThread(), KernelMode, KeSetEvent(), Mm30Milliseconds, MmModifiedPageListHead, MmModifiedPageWriterEvent, MmWriteAllModifiedPages, _MMPFNLIST::Total, and TRUE. Referenced by MiAllocateContiguousMemory(), MmGatherMemoryForHibernate(), and MmRemovePhysicalMemory(). : Forces a write of all modified pages. Arguments: None. Return Value: None. Environment: Kernel mode. No locks held. APC_LEVEL or less. --*/ { ULONG j = 0xff; MmWriteAllModifiedPages = TRUE; KeSetEvent (&MmModifiedPageWriterEvent, 0, FALSE); do { KeDelayExecutionThread (KernelMode, FALSE, &Mm30Milliseconds); j -= 1; } while ((MmModifiedPageListHead.Total > 50) && (j > 0)); MmWriteAllModifiedPages = FALSE; return; }

VOID MiFlushEventCounter (   )

Definition at line 2487 of file sectsup.c. References APC_LEVEL, _MMEVENT_COUNT_LIST::Count, ExFreePool(), _EVENT_COUNTER::ListEntry, _MMEVENT_COUNT_LIST::ListHead, LOCK_PFN, MM_PFN_LOCK_ASSERT, MmEventCountList, NULL, and UNLOCK_PFN. Referenced by MiFreeEventCounter(). : This routine examines the list of event counters and attempts to free up to 10 (if there are more than 4). It will release and reacquire the PFN lock when it frees the event counters! Arguments: None. Return Value: None. Environment: Kernel mode, PFN lock held. --*/ { KIRQL OldIrql; PEVENT_COUNTER Support[10]; ULONG i = 0; PLIST_ENTRY NextEntry; MM_PFN_LOCK_ASSERT(); while ((MmEventCountList.Count > 4) && (i < 10)) { NextEntry = RemoveHeadList (&MmEventCountList.ListHead); Support[i] = CONTAINING_RECORD (NextEntry, EVENT_COUNTER, ListEntry ); Support[i]->ListEntry.Flink = NULL; i += 1; MmEventCountList.Count -= 1; } if (i == 0) { return; } OldIrql = APC_LEVEL; UNLOCK_PFN (OldIrql); do { i -= 1; ExFreePool(Support[i]); } while (i > 0); LOCK_PFN (OldIrql); return; }

VOID MiFlushInPageSupportBlock (   )

Definition at line 4301 of file pagfault.c. References APC_LEVEL, _MMINPAGE_SUPPORT_LIST::Count, ExFreePool(), _MMINPAGE_SUPPORT::ListEntry, _MMINPAGE_SUPPORT_LIST::ListHead, LOCK_PFN, _MMINPAGE_SUPPORT::Mdl, MM_PFN_LOCK_ASSERT, MmInPageSupportList, MMMAX_INPAGE_SUPPORT, NULL, and UNLOCK_PFN. Referenced by MiDispatchFault(). 04306 : 04307 04308 This routine examines the number of freed in page support blocks, 04309 and if more than 4, frees the blocks back to the NonPagedPool. 04310 04311 04312 ****** NB: The PFN LOCK is RELEASED and reacquired during this call ****** 04313 04314 04315 Arguments: 04316 04317 None. 04318 04319 Return Value: 04320 04321 None. 04322 04323 Environment: 04324 04325 Kernel mode, PFN lock held. 04326 04327 --*/ 04328 04329 #define MMMAX_INPAGE_SUPPORT 4 04330 04331 { 04332 KIRQL OldIrql; 04333 PMMINPAGE_SUPPORT Support[10]; 04334 ULONG i = 0; 04335 PLIST_ENTRY NextEntry; 04336 04337 MM_PFN_LOCK_ASSERT(); 04338 04339 while ((MmInPageSupportList.Count > MMMAX_INPAGE_SUPPORT) && (i < 10)) { 04340 NextEntry = RemoveHeadList (&MmInPageSupportList.ListHead); 04341 Support[i] = CONTAINING_RECORD (NextEntry, 04342 MMINPAGE_SUPPORT, 04343 ListEntry ); 04344 Support[i]->ListEntry.Flink = NULL; 04345 i += 1; 04346 MmInPageSupportList.Count -= 1; 04347 } 04348 04349 if (i == 0) { 04350 return; 04351 } 04352 04353 UNLOCK_PFN (APC_LEVEL); 04354 04355 do { 04356 i -= 1; 04357 04358 #if defined (_PREFETCH_) 04359 if ((Support[i]->PrefetchMdl != NULL) && 04360 (Support[i]->PrefetchMdl != &Support[i]->Mdl)) { 04361 ExFreePool (Support[i]->PrefetchMdl); 04362 } 04363 #endif 04364 04365 ExFreePool(Support[i]); 04366 } while (i > 0); 04367 04368 LOCK_PFN (OldIrql); 04369 04370 return; 04371 }

VOID MiFlushPteList (  IN PMMPTE_FLUSH_LIST  PteFlushList, IN ULONG  AllProcessors, IN MMPTE  FillPte )

Definition at line 1160 of file deleteva.c. References ASSERT, FALSE, KeFlushEntireTb(), KeFlushMultipleTb(), KeFlushSingleTb(), MiLockSystemSpaceAtDpcLevel, MiUnlockSystemSpaceFromDpcLevel, MM_FLUSH_COUNTER_MASK, MM_MAXIMUM_FLUSH_COUNT, MM_PFN_LOCK_ASSERT, MmFlushCounter, and TRUE. Referenced by MiDeletePte(), MiDeleteSystemPagableVm(), MiDeleteVirtualAddresses(), MiProcessValidPteList(), MiReleaseSystemPtes(), MiRemoveMappedPtes(), MiRemoveWorkingSetPages(), MiReserveSystemPtes2(), and MmCleanProcessAddressSpace(). 01168 : 01169 01170 This routine flushes all the PTEs in the PTE flush list. 01171 If the list has overflowed, the entire TB is flushed. 01172 01173 Arguments: 01174 01175 PteFlushList - Supplies an optional pointer to the list to be flushed. 01176 01177 AllProcessors - Supplies TRUE if the flush occurs on all processors. 01178 01179 FillPte - Supplies the PTE to fill with. 01180 01181 Return Value: 01182 01183 None. 01184 01185 Environment: 01186 01187 Kernel mode, PFN lock held. 01188 01189 --*/ 01190 01191 { 01192 ULONG count; 01193 01194 ASSERT (ARGUMENT_PRESENT (PteFlushList)); 01195 MM_PFN_LOCK_ASSERT (); 01196 01197 count = PteFlushList->Count; 01198 01199 if (count != 0) { 01200 if (count != 1) { 01201 if (count < MM_MAXIMUM_FLUSH_COUNT) { 01202 KeFlushMultipleTb (count, 01203 &PteFlushList->FlushVa[0], 01204 TRUE, 01205 (BOOLEAN)AllProcessors, 01206 &((PHARDWARE_PTE)PteFlushList->FlushPte[0]), 01207 FillPte.u.Flush); 01208 } else { 01209 01210 // 01211 // Array has overflowed, flush the entire TB. 01212 // 01213 01214 if (AllProcessors == TRUE) { 01215 MiLockSystemSpaceAtDpcLevel(); 01216 KeFlushEntireTb (TRUE, TRUE); 01217 MmFlushCounter = (MmFlushCounter + 1) & MM_FLUSH_COUNTER_MASK; 01218 MiUnlockSystemSpaceFromDpcLevel(); 01219 } else { 01220 KeFlushEntireTb (TRUE, FALSE); 01221 } 01222 } 01223 } else { 01224 KeFlushSingleTb (PteFlushList->FlushVa[0], 01225 TRUE, 01226 (BOOLEAN)AllProcessors, 01227 (PHARDWARE_PTE)PteFlushList->FlushPte[0], 01228 FillPte.u.Flush); 01229 } 01230 PteFlushList->Count = 0; 01231 } 01232 return; 01233 } }

NTSTATUS MiFlushSectionInternal (  IN PMMPTE  StartingPte, IN PMMPTE  FinalPte, IN PSUBSECTION  FirstSubsection, IN PSUBSECTION  LastSubsection, IN ULONG  Synchronize, IN LOGICAL  WriteInProgressOk, OUT PIO_STATUS_BLOCK  IoStatus )

Definition at line 1014 of file flushsec.c. References ASSERT, _MDL::ByteCount, DbgPrint, FALSE, _CONTROL_AREA::FilePointer, _CONTROL_AREA::FlushInProgressCount, IoSynchronousPageWrite(), KeClearEvent, KeDelayExecutionThread(), KeEnterCriticalRegion, KeInitializeEvent, KeLeaveCriticalRegion, KePulseEvent(), KernelMode, KeWaitForSingleObject(), LOCK_PFN, _MDL::MappedSystemVa, MDL_MAPPED_TO_SYSTEM_VA, MDL_PAGES_LOCKED, _MDL::MdlFlags, MI_ADD_LOCKED_PAGE_CHARGE, MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_INITIALIZE_ZERO_MDL, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MiCheckProtoPtePageState(), MiDecrementReferenceCount(), MiEndingOffset(), MiIoRetryLevel, MiIsPteOnPdeBoundary, MiMakeSystemAddressValidPfn(), MiStartingOffset(), MiUnlinkPageFromList(), Mm30Milliseconds, MM_DBG_FLUSH_SECTION, MM_MAXIMUM_DISK_IO_SIZE, MmCollidedFlushEvent, MmIsRetryIoStatus, MmModifiedWriteClusterSize, MmOneSecond, MmUnmapLockedPages(), _SUBSECTION::NextSubsection, NT_SUCCESS, NTSTATUS(), NULL, _CONTROL_AREA::NumberOfPfnReferences, _MMPFN::OriginalPte, PAGE_SHIFT, PAGE_SIZE, _MMPFN::PteAddress, _SUBSECTION::PtesInSubsection, _MDL::Size, _MDL::StartVa, Status, STATUS_MAPPED_WRITER_COLLISION, _SUBSECTION::SubsectionBase, TRUE, _MMPTE::u, _CONTROL_AREA::u, _MMPFN::u3, UNLOCK_PFN, UNLOCK_PFN_AND_THEN_WAIT, and WrPageOut. Referenced by MiRemoveUnusedSegments(), MmFlushSection(), and MmFlushVirtualMemory(). 01026 : 01027 01028 This function flushes to the backing file any modified pages within 01029 the specified range of the section. The parameters describe the 01030 section's prototype PTEs (start and end) and the subsections 01031 which correspond to the starting and ending PTE. 01032 01033 Each PTE in the subsection between the specified start and end 01034 is examined and if the page is either valid or transition AND 01035 the page has been modified, the modify bit is cleared in the PFN 01036 database and the page is flushed to its backing file. 01037 01038 Arguments: 01039 01040 StartingPte - Supplies a pointer to the first prototype PTE to 01041 be examined for flushing. 01042 01043 FinalPte - Supplies a pointer to the last prototype PTE to be 01044 examined for flushing. 01045 01046 FirstSubsection - Supplies the subsection that contains the 01047 StartingPte. 01048 01049 LastSubsection - Supplies the subsection that contains the 01050 FinalPte. 01051 01052 Synchronize - Supplies TRUE if synchronization with all threads 01053 doing flush operations to this section should occur. 01054 01055 WriteInProgressOk - Supplies TRUE if the caller can tolerate a write 01056 already in progress for any dirty pages. 01057 01058 IoStatus - Returns the value of the IoStatus for the last attempted 01059 I/O operation. 01060 01061 Return Value: 01062 01063 Returns status of the operation. 01064 01065 --*/ 01066 01067 { 01068 PCONTROL_AREA ControlArea; 01069 PMMPTE PointerPte; 01070 PMMPTE LastPte; 01071 PMMPTE LastWritten; 01072 MMPTE PteContents; 01073 PMMPFN Pfn1; 01074 PMMPFN Pfn2; 01075 KIRQL OldIrql; 01076 PMDL Mdl; 01077 KEVENT IoEvent; 01078 PSUBSECTION Subsection; 01079 PPFN_NUMBER Page; 01080 PFN_NUMBER PageFrameIndex; 01081 PPFN_NUMBER LastPage; 01082 NTSTATUS Status; 01083 UINT64 StartingOffset; 01084 UINT64 TempOffset; 01085 BOOLEAN WriteNow; 01086 LOGICAL Bail; 01087 PFN_NUMBER MdlHack[(sizeof(MDL)/sizeof(PFN_NUMBER)) + (MM_MAXIMUM_DISK_IO_SIZE / PAGE_SIZE) + 1]; 01088 ULONG ReflushCount; 01089 01090 WriteNow = FALSE; 01091 Bail = FALSE; 01092 01093 IoStatus->Status = STATUS_SUCCESS; 01094 IoStatus->Information = 0; 01095 Mdl = (PMDL)&MdlHack[0]; 01096 01097 KeInitializeEvent (&IoEvent, NotificationEvent, FALSE); 01098 01099 FinalPte += 1; // Point to 1 past the last one. 01100 01101 LastWritten = NULL; 01102 LastPage = 0; 01103 Subsection = FirstSubsection; 01104 PointerPte = StartingPte; 01105 ControlArea = FirstSubsection->ControlArea; 01106 01107 LOCK_PFN (OldIrql); 01108 01109 ASSERT (ControlArea->u.Flags.Image == 0); 01110 01111 if (ControlArea->NumberOfPfnReferences == 0) { 01112 01113 // 01114 // No transition or valid prototype PTEs present, hence 01115 // no need to flush anything. 01116 // 01117 01118 UNLOCK_PFN (OldIrql); 01119 return STATUS_SUCCESS; 01120 } 01121 01122 while ((Synchronize) && (ControlArea->FlushInProgressCount != 0)) { 01123 01124 // 01125 // Another thread is currently performing a flush operation on 01126 // this file. Wait for that flush to complete. 01127 // 01128 01129 KeEnterCriticalRegion(); 01130 ControlArea->u.Flags.CollidedFlush = 1; 01131 UNLOCK_PFN_AND_THEN_WAIT(OldIrql); 01132 01133 KeWaitForSingleObject (&MmCollidedFlushEvent, 01134 WrPageOut, 01135 KernelMode, 01136 FALSE, 01137 &MmOneSecond); 01138 LOCK_PFN (OldIrql); 01139 KeLeaveCriticalRegion(); 01140 } 01141 01142 ControlArea->FlushInProgressCount += 1; 01143 01144 for (;;) { 01145 01146 if (LastSubsection != Subsection) { 01147 01148 // 01149 // Flush to the last PTE in this subsection. 01150 // 01151 01152 LastPte = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; 01153 } else { 01154 01155 // 01156 // Flush to the end of the range. 01157 // 01158 01159 LastPte = FinalPte; 01160 } 01161 01162 // 01163 // If the prototype PTEs are paged out or have a share count 01164 // of 1, they cannot contain any transition or valid PTEs. 01165 // 01166 01167 if (!MiCheckProtoPtePageState(PointerPte, TRUE)) { 01168 PointerPte = (PMMPTE)(((ULONG_PTR)PointerPte | (PAGE_SIZE - 1)) + 1); 01169 } 01170 01171 while (PointerPte < LastPte) { 01172 01173 if (MiIsPteOnPdeBoundary(PointerPte)) { 01174 01175 // 01176 // We are on a page boundary, make sure this PTE is resident. 01177 // 01178 01179 if (!MiCheckProtoPtePageState(PointerPte, TRUE)) { 01180 PointerPte = (PMMPTE)((PCHAR)PointerPte + PAGE_SIZE); 01181 01182 // 01183 // If there are dirty pages to be written, write them 01184 // now as we are skipping over PTEs. 01185 // 01186 01187 if (LastWritten != NULL) { 01188 WriteNow = TRUE; 01189 goto CheckForWrite; 01190 } 01191 continue; 01192 } 01193 } 01194 01195 PteContents = *PointerPte; 01196 01197 if ((PteContents.u.Hard.Valid == 1) || 01198 ((PteContents.u.Soft.Prototype == 0) && 01199 (PteContents.u.Soft.Transition == 1))) { 01200 01201 // 01202 // Prototype PTE in transition, there are 3 possible cases: 01203 // 1. The page is part of an image which is sharable and 01204 // refers to the paging file - dereference page file 01205 // space and free the physical page. 01206 // 2. The page refers to the segment but is not modified - 01207 // free the physical page. 01208 // 3. The page refers to the segment and is modified - 01209 // write the page to the file and free the physical page. 01210 // 01211 01212 if (PteContents.u.Hard.Valid == 1) { 01213 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (&PteContents); 01214 } else { 01215 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents); 01216 } 01217 01218 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01219 ASSERT (Pfn1->OriginalPte.u.Soft.Prototype == 1); 01220 ASSERT (Pfn1->OriginalPte.u.Hard.Valid == 0); 01221 01222 // 01223 // If the page is modified OR a write is in progress 01224 // flush it. The write in progress case catches problems 01225 // where the modified page write continually writes a 01226 // page and gets errors writing it, by writing pages 01227 // in this state, the error will be propagated back to 01228 // the caller. 01229 // 01230 01231 if ((Pfn1->u3.e1.Modified == 1) || 01232 (Pfn1->u3.e1.WriteInProgress)) { 01233 01234 if ((WriteInProgressOk == FALSE) && 01235 (Pfn1->u3.e1.WriteInProgress)) { 01236 01237 PointerPte = LastPte; 01238 Bail = TRUE; 01239 01240 if (LastWritten != NULL) { 01241 WriteNow = TRUE; 01242 } 01243 goto CheckForWrite; 01244 } 01245 01246 if (LastWritten == NULL) { 01247 01248 // 01249 // This is the first page of a cluster, initialize 01250 // the MDL, etc. 01251 // 01252 01253 LastPage = (PPFN_NUMBER)(Mdl + 1); 01254 01255 // 01256 // Calculate the offset to read into the file. 01257 // offset = base + ((thispte - basepte) << PAGE_SHIFT) 01258 // 01259 01260 StartingOffset = (UINT64) MiStartingOffset ( 01261 Subsection, 01262 Pfn1->PteAddress); 01263 01264 MI_INITIALIZE_ZERO_MDL (Mdl); 01265 01266 Mdl->MdlFlags |= MDL_PAGES_LOCKED; 01267 Mdl->StartVa = 01268 (PVOID)ULongToPtr(Pfn1->u3.e1.PageColor << PAGE_SHIFT); 01269 Mdl->Size = (CSHORT)(sizeof(MDL) + 01270 (sizeof(PFN_NUMBER) * MmModifiedWriteClusterSize)); 01271 } 01272 01273 LastWritten = PointerPte; 01274 Mdl->ByteCount += PAGE_SIZE; 01275 if (Mdl->ByteCount == (PAGE_SIZE * MmModifiedWriteClusterSize)) { 01276 WriteNow = TRUE; 01277 } 01278 01279 if (PteContents.u.Hard.Valid == 0) { 01280 01281 // 01282 // The page is in transition. 01283 // 01284 01285 MiUnlinkPageFromList (Pfn1); 01286 MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE(Pfn1, 18); 01287 } 01288 else { 01289 MI_ADD_LOCKED_PAGE_CHARGE(Pfn1, 20); 01290 } 01291 01292 // 01293 // Clear the modified bit for this page. 01294 // 01295 01296 Pfn1->u3.e1.Modified = 0; 01297 01298 // 01299 // Up the reference count for the physical page as there 01300 // is I/O in progress. 01301 // 01302 01303 Pfn1->u3.e2.ReferenceCount += 1; 01304 01305 *LastPage = PageFrameIndex; 01306 LastPage += 1; 01307 } else { 01308 01309 // 01310 // This page was not modified and therefore ends the 01311 // current write cluster if any. Set WriteNow to TRUE 01312 // if there is a cluster being built. 01313 // 01314 01315 if (LastWritten != NULL) { 01316 WriteNow = TRUE; 01317 } 01318 } 01319 } else { 01320 01321 // 01322 // This page was not modified and therefore ends the 01323 // current write cluster if any. Set WriteNow to TRUE 01324 // if there is a cluster being built. 01325 // 01326 01327 if (LastWritten != NULL) { 01328 WriteNow = TRUE; 01329 } 01330 } 01331 01332 PointerPte += 1; 01333 01334 CheckForWrite: 01335 01336 // 01337 // Write the current cluster if it is complete, 01338 // full, or the loop is now complete. 01339 // 01340 01341 if ((WriteNow) || 01342 ((PointerPte == LastPte) && (LastWritten != NULL))) { 01343 01344 LARGE_INTEGER EndOfFile; 01345 01346 // 01347 // Issue the write request. 01348 // 01349 01350 UNLOCK_PFN (OldIrql); 01351 01352 WriteNow = FALSE; 01353 01354 // 01355 // Make sure the write does not go past the 01356 // end of file. (segment size). 01357 // 01358 01359 EndOfFile = MiEndingOffset(Subsection); 01360 TempOffset = (UINT64) EndOfFile.QuadPart; 01361 01362 if (StartingOffset + Mdl->ByteCount > TempOffset) { 01363 01364 ASSERT ((ULONG_PTR)(TempOffset - StartingOffset) > 01365 (Mdl->ByteCount - PAGE_SIZE)); 01366 01367 Mdl->ByteCount = (ULONG)(TempOffset- 01368 StartingOffset); 01369 } 01370 01371 ReflushCount = MiIoRetryLevel; 01372 01373 while ( TRUE ) { 01374 01375 KeClearEvent (&IoEvent); 01376 01377 #if DBG 01378 if (MmDebug & MM_DBG_FLUSH_SECTION) { 01379 DbgPrint("flush page write begun %lx\n", 01380 Mdl->ByteCount); 01381 } 01382 #endif //DBG 01383 01384 Status = IoSynchronousPageWrite (ControlArea->FilePointer, 01385 Mdl, 01386 (PLARGE_INTEGER)&StartingOffset, 01387 &IoEvent, 01388 IoStatus ); 01389 01390 // 01391 // If success is returned, wait for the i/o event to be set. 01392 // 01393 01394 if (NT_SUCCESS(Status)) { 01395 KeWaitForSingleObject( &IoEvent, 01396 WrPageOut, 01397 KernelMode, 01398 FALSE, 01399 (PLARGE_INTEGER)NULL); 01400 // 01401 // Otherwise, copy the error to the IoStatus, for error 01402 // handling below. 01403 // 01404 01405 } else { 01406 IoStatus->Status = Status; 01407 } 01408 01409 if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { 01410 MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); 01411 } 01412 01413 Page = (PPFN_NUMBER)(Mdl + 1); 01414 01415 if (MmIsRetryIoStatus(IoStatus->Status)) { 01416 01417 ReflushCount -= 1; 01418 if (ReflushCount != 0) { 01419 KeDelayExecutionThread (KernelMode, FALSE, &Mm30Milliseconds); 01420 continue; 01421 } 01422 } 01423 01424 break; 01425 } 01426 01427 LOCK_PFN (OldIrql); 01428 01429 if (MiIsPteOnPdeBoundary(PointerPte) == 0) { 01430 01431 // 01432 // The next PTE is not in a different page, make 01433 // sure this page did not leave memory when the 01434 // I/O was in progress. 01435 // 01436 01437 MiMakeSystemAddressValidPfn (PointerPte); 01438 } 01439 01440 if (NT_SUCCESS(IoStatus->Status)) { 01441 01442 // 01443 // The I/O completed successfully, unlock the pages. 01444 // 01445 01446 while (Page < LastPage) { 01447 01448 Pfn2 = MI_PFN_ELEMENT (*Page); 01449 MI_REMOVE_LOCKED_PAGE_CHARGE(Pfn2, 19); 01450 MiDecrementReferenceCount (*Page); 01451 Page += 1; 01452 } 01453 } else { 01454 01455 // 01456 // Don't count on the file system to convey anything on errors 01457 // in the information field. 01458 // 01459 01460 IoStatus->Information = 0; 01461 01462 // 01463 // The I/O completed unsuccessfully, unlock the pages 01464 // and return an error status. 01465 // 01466 01467 while (Page < LastPage) { 01468 01469 Pfn2 = MI_PFN_ELEMENT (*Page); 01470 01471 // 01472 // Mark the page dirty again so it can be rewritten. 01473 // 01474 01475 Pfn2->u3.e1.Modified = 1; 01476 01477 MI_REMOVE_LOCKED_PAGE_CHARGE(Pfn2, 21); 01478 MiDecrementReferenceCount (*Page); 01479 Page += 1; 01480 } 01481 01482 // 01483 // Calculate how much was written thus far 01484 // and add that to the information field 01485 // of the IOSB. 01486 // 01487 01488 IoStatus->Information += 01489 (((LastWritten - StartingPte) << PAGE_SHIFT) - 01490 Mdl->ByteCount); 01491 01492 goto ErrorReturn; 01493 } 01494 01495 // 01496 // As the PFN lock has been released and 01497 // reacquired, do this loop again as the 01498 // PTE may have changed state. 01499 // 01500 01501 LastWritten = NULL; 01502 } 01503 01504 } //end while 01505 01506 if ((Bail == TRUE) || (Subsection == LastSubsection)) { 01507 01508 // 01509 // The last range has been flushed or we have collided with the 01510 // mapped page writer. Regardless, exit the top FOR loop 01511 // and return. 01512 // 01513 01514 break; 01515 } 01516 01517 Subsection = Subsection->NextSubsection; 01518 PointerPte = Subsection->SubsectionBase; 01519 01520 } //end for 01521 01522 ASSERT (LastWritten == NULL); 01523 01524 ErrorReturn: 01525 01526 ControlArea->FlushInProgressCount -= 1; 01527 if ((ControlArea->u.Flags.CollidedFlush == 1) && 01528 (ControlArea->FlushInProgressCount == 0)) { 01529 ControlArea->u.Flags.CollidedFlush = 0; 01530 KePulseEvent (&MmCollidedFlushEvent, 0, FALSE); 01531 } 01532 UNLOCK_PFN (OldIrql); 01533 01534 if (Bail == TRUE) { 01535 01536 // 01537 // This routine collided with the mapped page writer and the caller 01538 // expects an error for this. Give it to him. 01539 // 01540 01541 return STATUS_MAPPED_WRITER_COLLISION; 01542 } 01543 01544 return IoStatus->Status; 01545 }

VOID MiFlushTb (  VOID   )

VOID MiFormatPfn (  IN PMMPFN  PointerPfn  )

Referenced by MiCopyOnWrite(), MiDeletePte(), MiInitializePfn(), MiInitializePfnForOtherProcess(), MiResolveTransitionFault(), and MiUnlinkPageFromList().

VOID MiFormatPte (  IN PMMPTE  PointerPte  )

Referenced by MiCopyOnWrite(), MiDeletePte(), MiInitializePfn(), MiInitializePfnForOtherProcess(), MiResolveMappedFileFault(), MiResolveProtoPteFault(), MmAccessFault(), and MmInitSystem().

VOID MiFreeEventCounter (  IN PEVENT_COUNTER  Support, IN ULONG  Flush )

Definition at line 2438 of file sectsup.c. References ASSERT, _MMEVENT_COUNT_LIST::Count, _MMEVENT_COUNT_LIST::ListHead, MiFlushEventCounter(), MM_PFN_LOCK_ASSERT, MmEventCountList, and NULL. Referenced by MiCheckControlAreaStatus(), MiCheckPurgeAndUpMapCount(), and MmCreateSection(). : This routine frees an event counter back to the free list. Arguments: Support - Supplies a pointer to the event counter. Flush - Supplies TRUE if the PFN lock can be released and the event counter pool block actually freed. The PFN lock will be reacquired before returning. Return Value: None. Environment: Kernel mode, PFN lock held. --*/ { MM_PFN_LOCK_ASSERT(); ASSERT (Support->RefCount != 0); ASSERT (Support->ListEntry.Flink == NULL); Support->RefCount -= 1; if (Support->RefCount == 0) { InsertTailList (&MmEventCountList.ListHead, &Support->ListEntry); MmEventCountList.Count += 1; } if ((Flush) && (MmEventCountList.Count > 4)) { MiFlushEventCounter(); } return; }

VOID MiFreeInitializationCode (  IN PVOID  StartVa, IN PVOID  EndVa )

Definition at line 2664 of file mminit.c. References ASSERT, FALSE, FreePageList, LOCK_PFN, MI_CONVERT_PHYSICAL_TO_PFN, MI_IS_PHYSICAL_ADDRESS, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MiDeleteSystemPagableVm(), MiFreeInitializationCode(), MiGetPteAddress, MiInsertPageInList(), MmPageLocationList, MmUnlockPagableImageSection(), NULL, PAGE_SIZE, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, and ZeroKernelPte. Referenced by MiFindInitializationCode(), MiFreeInitializationCode(), and MmZeroPageThread(). : This function is called to delete the initialization code. Arguments: StartVa - Supplies the starting address of the range to delete. EndVa - Supplies the ending address of the range to delete. Return Value: None. Environment: Kernel Mode Only. Runs after system initialization. --*/ { PMMPFN Pfn1; PMMPTE PointerPte; PFN_NUMBER PageFrameIndex; KIRQL OldIrql; PVOID UnlockHandle; UnlockHandle = MmLockPagableCodeSection((PVOID)MiFreeInitializationCode); ASSERT(UnlockHandle); if (MI_IS_PHYSICAL_ADDRESS(StartVa)) { LOCK_PFN (OldIrql); while (StartVa < EndVa) { // // On certain architectures (e.g., MIPS) virtual addresses // may be physical and hence have no corresponding PTE. // PageFrameIndex = MI_CONVERT_PHYSICAL_TO_PFN (StartVa); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); Pfn1->u2.ShareCount = 0; Pfn1->u3.e2.ReferenceCount = 0; MI_SET_PFN_DELETED (Pfn1); MiInsertPageInList (MmPageLocationList[FreePageList], PageFrameIndex); StartVa = (PVOID)((PUCHAR)StartVa + PAGE_SIZE); } UNLOCK_PFN (OldIrql); } else { PointerPte = MiGetPteAddress (StartVa); MiDeleteSystemPagableVm (PointerPte, (PFN_NUMBER) (1 + MiGetPteAddress (EndVa) - PointerPte), ZeroKernelPte, FALSE, NULL); } MmUnlockPagableImageSection(UnlockHandle); return; }

VOID MiFreeInPageSupportBlock (  IN PMMINPAGE_SUPPORT  Support  )

Definition at line 4252 of file pagfault.c. References ASSERT, _MMINPAGE_SUPPORT_LIST::Count, _MMINPAGE_SUPPORT_LIST::ListHead, MM_PFN_LOCK_ASSERT, MmInPageSupportList, and NULL. Referenced by MiWaitForInPageComplete(), and MmCopyToCachedPage(). : This routine returns the in page support block to a list of freed blocks. Arguments: Support - Supplies the in page support block to put on the free list. Return Value: None. Environment: Kernel mode, PFN lock held. --*/ { MM_PFN_LOCK_ASSERT(); ASSERT (Support->u.Thread != NULL); ASSERT (Support->WaitCount != 0); #if defined (_PREFETCH_) ASSERT ((Support->ListEntry.Flink == NULL) || (Support->PrefetchMdl != NULL)); #else ASSERT (Support->ListEntry.Flink == NULL); #endif Support->WaitCount -= 1; if (Support->WaitCount == 0) { Support->u.Thread = NULL; InsertTailList (&MmInPageSupportList.ListHead, &Support->ListEntry); MmInPageSupportList.Count += 1; } return; }

VOID MiFreeSessionPoolBitMaps (  VOID   )

Definition at line 4478 of file allocpag.c. References _MM_PAGED_POOL_INFO::EndOfPagedPoolBitmap, ExFreePool(), MmSessionSpace, NULL, PAGED_CODE, _MM_PAGED_POOL_INFO::PagedPoolAllocationMap, _MM_SESSION_SPACE::PagedPoolInfo, and _MM_PAGED_POOL_INFO::PagedPoolLargeSessionAllocationMap. Referenced by MiDereferenceSession(), MiInitializeSessionPool(), and MiSessionCreateInternal(). : Free the current session's pool bitmap structures. Arguments: None. Return Value: None. Environment: Kernel mode. --*/ { PAGED_CODE(); if (MmSessionSpace->PagedPoolInfo.PagedPoolAllocationMap ) { ExFreePool (MmSessionSpace->PagedPoolInfo.PagedPoolAllocationMap); MmSessionSpace->PagedPoolInfo.PagedPoolAllocationMap = NULL; } if (MmSessionSpace->PagedPoolInfo.EndOfPagedPoolBitmap ) { ExFreePool (MmSessionSpace->PagedPoolInfo.EndOfPagedPoolBitmap); MmSessionSpace->PagedPoolInfo.EndOfPagedPoolBitmap = NULL; } if (MmSessionSpace->PagedPoolInfo.PagedPoolLargeSessionAllocationMap) { ExFreePool (MmSessionSpace->PagedPoolInfo.PagedPoolLargeSessionAllocationMap); MmSessionSpace->PagedPoolInfo.PagedPoolLargeSessionAllocationMap = NULL; } }

VOID MiFreeSessionSpaceMap (  VOID   )

Definition at line 4071 of file mapview.c. References _MMVIEW::ControlArea, DbgPrint, _MMVIEW::Entry, ExFreePool(), Index, KeBugCheckEx(), LOCK_SYSTEM_VIEW_SPACE, MiRemoveBitMap, MiUnmapViewInSystemSpace(), MmSessionSpace, NULL, PAGED_CODE, _MM_SESSION_SPACE::Session, _MM_SESSION_SPACE::SessionId, _MMSESSION::SystemSpaceBitMap, _MMSESSION::SystemSpaceHashEntries, _MMSESSION::SystemSpaceHashSize, _MMSESSION::SystemSpaceViewTable, and UNLOCK_SYSTEM_VIEW_SPACE. Referenced by MiDereferenceSession(), and MiSessionCreateInternal(). : This routine frees the tables used for mapping session views. Arguments: None. Return Value: None. Environment: Kernel Mode. The caller must be in the correct session context. --*/ { PMMSESSION Session; PAGED_CODE(); Session = &MmSessionSpace->Session; // // Check for leaks of objects in the view table. // LOCK_SYSTEM_VIEW_SPACE (Session); if (Session->SystemSpaceViewTable && Session->SystemSpaceHashEntries) { KeBugCheckEx (SESSION_HAS_VALID_VIEWS_ON_EXIT, (ULONG_PTR)MmSessionSpace->SessionId, Session->SystemSpaceHashEntries, (ULONG_PTR)&Session->SystemSpaceViewTable[0], Session->SystemSpaceHashSize); #if 0 ULONG Index; for (Index = 0; Index < Session->SystemSpaceHashSize; Index += 1) { PMMVIEW Table; PVOID Base; Table = &Session->SystemSpaceViewTable[Index]; if (Table->Entry) { #if DBG DbgPrint ("MM: MiFreeSessionSpaceMap: view entry %d leak: ControlArea %p, Addr %p, Size %d\n", Index, Table->ControlArea, Table->Entry & ~0xFFFF, Table->Entry & 0x0000FFFF ); #endif Base = (PVOID)(Table->Entry & ~0xFFFF); // // MiUnmapViewInSystemSpace locks the ViewLock. // UNLOCK_SYSTEM_VIEW_SPACE(Session); MiUnmapViewInSystemSpace (Session, Base); LOCK_SYSTEM_VIEW_SPACE (Session); // // The view table may have been deleted while we let go of // the lock. // if (Session->SystemSpaceViewTable == NULL) { break; } } } #endif } UNLOCK_SYSTEM_VIEW_SPACE (Session); if (Session->SystemSpaceViewTable) { ExFreePool (Session->SystemSpaceViewTable); Session->SystemSpaceViewTable = NULL; } if (Session->SystemSpaceBitMap) { MiRemoveBitMap (&Session->SystemSpaceBitMap); } }

VOID MiFreeWorkingSetRange (  IN PVOID  StartVa, IN PVOID  EndVa, IN PMMSUPPORT  WsInfo )

ULONG MiFreeWsle (  IN WSLE_NUMBER  WorkingSetIndex, IN PMMSUPPORT  WsInfo, IN PMMPTE  PointerPte )

Definition at line 1326 of file wslist.c. References ASSERT, _MMWSLE::e1, FALSE, _MMWSL::FirstDynamic, _MMWSL::FirstFree, _MMWSL::LastInitializedWsle, LOCK_PFN, MI_IS_SESSION_ADDRESS, MI_PFN_ELEMENT, MiDumpWsleInCacheBlock(), MiEliminateWorkingSetEntry(), MiRemoveWsle(), MM_FREE_WSLE_SHIFT, MM_SYSTEM_WS_LOCK_ASSERT, MmPagesAboveWsMinimum, MmSystemCacheWs, PDE_TOP, TRUE, _MMWSLE::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, _MMWSLENTRY::Valid, _MMWSLE::VirtualAddress, _MMWSL::Wsle, and WSLE_NULL_INDEX. Referenced by MiEmptyWorkingSet(), MiInsertWsle(), MiReplaceWorkingSetEntryUsingFaultInfo(), MiTrimWorkingSet(), MmAdjustWorkingSetSize(), and NtUnlockVirtualMemory(). 01334 : 01335 01336 This routine frees the specified WSLE and decrements the share 01337 count for the corresponding page, putting the PTE into a transition 01338 state if the share count goes to 0. 01339 01340 Arguments: 01341 01342 WorkingSetIndex - Supplies the index of the working set entry to free. 01343 01344 WsInfo - Supplies a pointer to the working set structure (process or 01345 system cache). 01346 01347 PointerPte - Supplies a pointer to the PTE for the working set entry. 01348 01349 Return Value: 01350 01351 Returns TRUE if the WSLE was removed, FALSE if it was not removed. 01352 Pages with valid PTEs are not removed (i.e. page table pages 01353 that contain valid or transition PTEs). 01354 01355 Environment: 01356 01357 Kernel mode, APCs disabled, working set lock. PFN lock NOT held. 01358 01359 --*/ 01360 01361 { 01362 PMMPFN Pfn1; 01363 PMMWSL WorkingSetList; 01364 PMMWSLE Wsle; 01365 KIRQL OldIrql; 01366 01367 WorkingSetList = WsInfo->VmWorkingSetList; 01368 Wsle = WorkingSetList->Wsle; 01369 01370 #if DBG 01371 if (WsInfo == &MmSystemCacheWs) { 01372 MM_SYSTEM_WS_LOCK_ASSERT(); 01373 } 01374 #endif //DBG 01375 01376 ASSERT (Wsle[WorkingSetIndex].u1.e1.Valid == 1); 01377 01378 // 01379 // Check to see if the located entry is eligible for removal. 01380 // 01381 01382 ASSERT (PointerPte->u.Hard.Valid == 1); 01383 01384 ASSERT (WorkingSetIndex >= WorkingSetList->FirstDynamic); 01385 01386 // 01387 // Check to see if this is a page table with valid PTEs. 01388 // 01389 // Note, don't clear the access bit for page table pages 01390 // with valid PTEs as this could cause an access trap fault which 01391 // would not be handled (it is only handled for PTEs not PDEs). 01392 // 01393 01394 Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); 01395 01396 LOCK_PFN (OldIrql); 01397 01398 // 01399 // If the PTE is a page table page with non-zero share count or 01400 // within the system cache with its reference count greater 01401 // than 0, don't remove it. 01402 // 01403 01404 if (WsInfo == &MmSystemCacheWs) { 01405 if (Pfn1->u3.e2.ReferenceCount > 1) { 01406 UNLOCK_PFN (OldIrql); 01407 return FALSE; 01408 } 01409 } else { 01410 if ((Pfn1->u2.ShareCount > 1) && 01411 (Pfn1->u3.e1.PrototypePte == 0)) { 01412 01413 #if DBG 01414 if (WsInfo->u.Flags.SessionSpace == 1) { 01415 ASSERT (MI_IS_SESSION_ADDRESS (Wsle[WorkingSetIndex].u1.VirtualAddress)); 01416 } 01417 else { 01418 ASSERT ((Wsle[WorkingSetIndex].u1.VirtualAddress >= (PVOID)PTE_BASE) && 01419 (Wsle[WorkingSetIndex].u1.VirtualAddress<= (PVOID)PDE_TOP)); 01420 } 01421 #endif 01422 01423 // 01424 // Don't remove page table pages from the working set until 01425 // all transition pages have exited. 01426 // 01427 01428 UNLOCK_PFN (OldIrql); 01429 return FALSE; 01430 } 01431 } 01432 01433 // 01434 // Found a candidate, remove the page from the working set. 01435 // 01436 01437 MiEliminateWorkingSetEntry (WorkingSetIndex, 01438 PointerPte, 01439 Pfn1, 01440 Wsle); 01441 01442 UNLOCK_PFN (OldIrql); 01443 01444 // 01445 // Remove the working set entry from the working set. 01446 // 01447 01448 MiRemoveWsle (WorkingSetIndex, WorkingSetList); 01449 01450 ASSERT (WorkingSetList->FirstFree >= WorkingSetList->FirstDynamic); 01451 01452 ASSERT (WorkingSetIndex >= WorkingSetList->FirstDynamic); 01453 01454 // 01455 // Put the entry on the free list and decrement the current 01456 // size. 01457 // 01458 01459 ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || 01460 (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); 01461 Wsle[WorkingSetIndex].u1.Long = WorkingSetList->FirstFree << MM_FREE_WSLE_SHIFT; 01462 WorkingSetList->FirstFree = WorkingSetIndex; 01463 ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || 01464 (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); 01465 01466 if (WsInfo->WorkingSetSize > WsInfo->MinimumWorkingSetSize) { 01467 MmPagesAboveWsMinimum -= 1; 01468 } 01469 WsInfo->WorkingSetSize -= 1; 01470 01471 #if 0 01472 if ((WsInfo == &MmSystemCacheWs) && 01473 (Pfn1->u3.e1.Modified == 1)) { 01474 MiDumpWsleInCacheBlock (PointerPte); 01475 } 01476 #endif //0 01477 return TRUE; 01478 }

PEVENT_COUNTER MiGetEventCounter (   )

Definition at line 2377 of file sectsup.c. References APC_LEVEL, ASSERT, _MMEVENT_COUNT_LIST::Count, _EVENT_COUNTER::Event, ExAllocatePoolWithTag, FALSE, KeClearEvent, KeInitializeEvent, _EVENT_COUNTER::ListEntry, _MMEVENT_COUNT_LIST::ListHead, LOCK_PFN, MM_PFN_LOCK_ASSERT, MmEventCountList, NonPagedPool, NULL, _EVENT_COUNTER::RefCount, and UNLOCK_PFN. Referenced by MiCheckControlAreaStatus(), MiCheckPurgeAndUpMapCount(), and MmCreateSection(). 02382 : 02383 02384 This function maintains a list of "events" to allow waiting 02385 on segment operations (deletion, creation, purging). 02386 02387 Arguments: 02388 02389 None. 02390 02391 Return Value: 02392 02393 Event to be used for waiting (stored into the control area) or NULL if 02394 no event could be allocated. 02395 02396 Environment: 02397 02398 Kernel mode, PFN lock held. 02399 02400 --*/ 02401 02402 { 02403 KIRQL OldIrql; 02404 PEVENT_COUNTER Support; 02405 PLIST_ENTRY NextEntry; 02406 02407 MM_PFN_LOCK_ASSERT(); 02408 02409 if (MmEventCountList.Count == 0) { 02410 ASSERT (IsListEmpty(&MmEventCountList.ListHead)); 02411 OldIrql = APC_LEVEL; 02412 UNLOCK_PFN (OldIrql); 02413 Support = ExAllocatePoolWithTag (NonPagedPool, 02414 sizeof(EVENT_COUNTER), 02415 'xEmM'); 02416 if (Support == NULL) { 02417 LOCK_PFN (OldIrql); 02418 return NULL; 02419 } 02420 KeInitializeEvent (&Support->Event, NotificationEvent, FALSE); 02421 LOCK_PFN (OldIrql); 02422 } else { 02423 ASSERT (!IsListEmpty(&MmEventCountList.ListHead)); 02424 MmEventCountList.Count -= 1; 02425 NextEntry = RemoveHeadList (&MmEventCountList.ListHead); 02426 Support = CONTAINING_RECORD (NextEntry, 02427 EVENT_COUNTER, 02428 ListEntry ); 02429 //ASSERT (Support->RefCount == 0); 02430 KeClearEvent (&Support->Event); 02431 } 02432 Support->RefCount = 1; 02433 Support->ListEntry.Flink = NULL; 02434 return Support; 02435 }

PMMADDRESS_NODE FASTCALL MiGetFirstNode (  IN PMMADDRESS_NODE  Root  )

Definition at line 424 of file addrsup.c. References _MMADDRESS_NODE::LeftChild, and NULL. 00430 : 00431 00432 This function locates the virtual address descriptor which contains 00433 the address range which logically is first within the address space. 00434 00435 Arguments: 00436 00437 None. 00438 00439 Return Value: 00440 00441 Returns a pointer to the virtual address descriptor containing the 00442 first address range, NULL if none. 00443 00444 --*/ 00445 00446 { 00447 PMMADDRESS_NODE First; 00448 00449 First = Root; 00450 00451 if (First == (PMMADDRESS_NODE)NULL) { 00452 return (PMMADDRESS_NODE)NULL; 00453 } 00454 00455 while (First->LeftChild != (PMMADDRESS_NODE)NULL) { 00456 First = First->LeftChild; 00457 } 00458 00459 return First; 00460 }

PMMADDRESS_NODE MiGetLastNode (  IN PMMADDRESS_NODE  Root  )

PMMADDRESS_NODE FASTCALL MiGetNextNode (  IN PMMADDRESS_NODE  Node  )

Definition at line 297 of file addrsup.c. References _MMADDRESS_NODE::LeftChild, NULL, _MMADDRESS_NODE::Parent, and _MMADDRESS_NODE::RightChild. Referenced by MiFindEmptyAddressRangeInTree(). 00303 : 00304 00305 This function locates the virtual address descriptor which contains 00306 the address range which logically follows the specified address range. 00307 00308 Arguments: 00309 00310 Node - Supplies a pointer to a virtual address descriptor. 00311 00312 Return Value: 00313 00314 Returns a pointer to the virtual address descriptor containing the 00315 next address range, NULL if none. 00316 00317 --*/ 00318 00319 { 00320 PMMADDRESS_NODE Next; 00321 PMMADDRESS_NODE Parent; 00322 PMMADDRESS_NODE Left; 00323 00324 Next = Node; 00325 00326 if (Next->RightChild == (PMMADDRESS_NODE)NULL) { 00327 00328 while ((Parent = Next->Parent) != (PMMADDRESS_NODE)NULL) { 00329 00330 // 00331 // Locate the first ancestor of this node of which this 00332 // node is the left child of and return that node as the 00333 // next element. 00334 // 00335 00336 if (Parent->LeftChild == Next) { 00337 return Parent; 00338 } 00339 00340 Next = Parent; 00341 00342 } 00343 00344 return (PMMADDRESS_NODE)NULL; 00345 } 00346 00347 // 00348 // A right child exists, locate the left most child of that right child. 00349 // 00350 00351 Next = Next->RightChild; 00352 00353 while ((Left = Next->LeftChild) != (PMMADDRESS_NODE)NULL) { 00354 Next = Left; 00355 } 00356 return Next; 00357 00358 }

PFN_NUMBER MiGetPageForHeader (  VOID   )

Definition at line 4378 of file creasect.c. References CONSISTENCY_UNLOCK_PFN, LOCK_PFN, MI_PAGE_COLOR_VA_PROCESS, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MiEnsureAvailablePageOrWait(), MiRemoveAnyPage(), _EPROCESS::NextPageColor, NULL, _MMPFN::OriginalPte, PsGetCurrentProcess, _MMPFN::PteAddress, _MMPFN::u3, UNLOCK_PFN, X64K, and ZeroPte. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). 04384 : 04385 04386 This non-pagable function acquires the PFN lock, removes 04387 a page and updates the PFN database as though the page was 04388 ready to be deleted if the reference count is decremented. 04389 04390 Arguments: 04391 04392 None. 04393 04394 Return Value: 04395 04396 Returns the physical page frame number. 04397 04398 --*/ 04399 04400 { 04401 KIRQL OldIrql; 04402 PFN_NUMBER PageFrameNumber; 04403 PMMPFN Pfn1; 04404 PEPROCESS Process; 04405 ULONG PageColor; 04406 04407 Process = PsGetCurrentProcess(); 04408 PageColor = MI_PAGE_COLOR_VA_PROCESS ((PVOID)X64K, 04409 &Process->NextPageColor); 04410 04411 // 04412 // Lock the PFN database and get a page. 04413 // 04414 04415 LOCK_PFN (OldIrql); 04416 04417 MiEnsureAvailablePageOrWait (NULL, NULL); 04418 04419 // 04420 // Remove page for 64k alignment. 04421 // 04422 04423 PageFrameNumber = MiRemoveAnyPage (PageColor); 04424 04425 // 04426 // Increment the reference count for the page so the 04427 // paging I/O will work, and so this page cannot be stolen from us. 04428 // 04429 04430 Pfn1 = MI_PFN_ELEMENT (PageFrameNumber); 04431 Pfn1->u3.e2.ReferenceCount += 1; 04432 04433 #ifndef PFN_CONSISTENCY 04434 // 04435 // Don't need the PFN lock for the fields below... 04436 // 04437 UNLOCK_PFN (OldIrql); 04438 #endif 04439 04440 Pfn1->OriginalPte = ZeroPte; 04441 Pfn1->PteAddress = (PVOID) (ULONG_PTR)X64K; 04442 MI_SET_PFN_DELETED (Pfn1); 04443 04444 CONSISTENCY_UNLOCK_PFN (OldIrql); 04445 04446 return PageFrameNumber; 04447 }

ULONG MiGetPageProtection (  IN PMMPTE  PointerPte, IN PEPROCESS  Process )

Definition at line 1874 of file protect.c. References Index, KSTACK_POOL_START, MI_CONVERT_FROM_PTE_PROTECTION, MI_IS_PTE_PROTOTYPE, MI_PFN_ELEMENT, MI_PTE_LOOKUP_NEEDED, MiCaptureSystemPte(), MiGetVirtualAddressMappedByPte, MiLocateWsle(), MiNumberOfExtraSystemPdes, MiPteToProto, MM_VA_MAPPED_BY_PDE, MmWorkingSetList, MmWsle, _MMPFN::OriginalPte, PAGED_CODE, _MMPTE::u, _MMPFN::u1, and _MMPFN::u3. Referenced by MiProtectVirtualMemory(), MiQueryAddressState(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory(). 01881 : 01882 01883 This routine returns the page protection of a non-zero PTE. 01884 It may release and reacquire the working set mutex. 01885 01886 Arguments: 01887 01888 PointerPte - Supplies a pointer to a non-zero PTE. 01889 01890 Return Value: 01891 01892 Returns the protection code. 01893 01894 Environment: 01895 01896 Kernel mode, working set and address creation mutex held. 01897 Note, that the address creation mutex does not need to be held 01898 if the working set mutex does not need to be released in the 01899 case of a prototype PTE. 01900 01901 --*/ 01902 01903 { 01904 01905 MMPTE PteContents; 01906 MMPTE ProtoPteContents; 01907 PMMPFN Pfn1; 01908 PMMPTE ProtoPteAddress; 01909 PVOID Va; 01910 ULONG Index; 01911 01912 PAGED_CODE(); 01913 01914 PteContents = *PointerPte; 01915 01916 if ((PteContents.u.Soft.Valid == 0) && (PteContents.u.Soft.Prototype == 1)) { 01917 01918 // 01919 // This pte is in prototype format, the protection is 01920 // stored in the prototype PTE. 01921 // 01922 01923 if (MI_IS_PTE_PROTOTYPE(PointerPte) || 01924 #ifdef _X86_ 01925 (MiNumberOfExtraSystemPdes && (PointerPte >= (PMMPTE)KSTACK_POOL_START && PointerPte < (PMMPTE)(KSTACK_POOL_START + MiNumberOfExtraSystemPdes * MM_VA_MAPPED_BY_PDE))) || 01926 #endif 01927 (PteContents.u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)) { 01928 01929 // 01930 // The protection is within this PTE. 01931 // 01932 01933 return MI_CONVERT_FROM_PTE_PROTECTION ( 01934 PteContents.u.Soft.Protection); 01935 } 01936 01937 ProtoPteAddress = MiPteToProto (PointerPte); 01938 01939 // 01940 // Capture protopte PTE contents. 01941 // 01942 01943 ProtoPteContents = MiCaptureSystemPte (ProtoPteAddress, Process); 01944 01945 // 01946 // The working set mutex may have been released and the 01947 // page may no longer be in prototype format, get the 01948 // new contents of the PTE and obtain the protection mask. 01949 // 01950 01951 PteContents = MiCaptureSystemPte (PointerPte, Process); 01952 } 01953 01954 if ((PteContents.u.Soft.Valid == 0) && (PteContents.u.Soft.Prototype == 1)) { 01955 01956 // 01957 // Pte is still prototype, return the protection captured 01958 // from the prototype PTE. 01959 // 01960 01961 if (ProtoPteContents.u.Hard.Valid == 1) { 01962 01963 // 01964 // The prototype PTE is valid, get the protection from 01965 // the PFN database. 01966 // 01967 01968 Pfn1 = MI_PFN_ELEMENT (ProtoPteContents.u.Hard.PageFrameNumber); 01969 return MI_CONVERT_FROM_PTE_PROTECTION( 01970 Pfn1->OriginalPte.u.Soft.Protection); 01971 01972 } else { 01973 01974 // 01975 // The prototype PTE is not valid, return the protection from the 01976 // PTE. 01977 // 01978 01979 return MI_CONVERT_FROM_PTE_PROTECTION ( 01980 ProtoPteContents.u.Soft.Protection); 01981 } 01982 } 01983 01984 if (PteContents.u.Hard.Valid == 1) { 01985 01986 // 01987 // The page is valid, the protection field is either in the 01988 // PFN database original PTE element or the WSLE. If 01989 // the page is private, get it from the PFN original PTE 01990 // element, else use the WSLE. 01991 // 01992 01993 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); 01994 01995 if ((Pfn1->u3.e1.PrototypePte == 0) || 01996 #ifdef _X86_ 01997 (MiNumberOfExtraSystemPdes && (PointerPte >= (PMMPTE)KSTACK_POOL_START && PointerPte < (PMMPTE)(KSTACK_POOL_START + MiNumberOfExtraSystemPdes * MM_VA_MAPPED_BY_PDE))) || 01998 #endif 01999 (MI_IS_PTE_PROTOTYPE(PointerPte))) { 02000 02001 // 02002 // This is a private PTE or the PTE address is that of a 02003 // prototype PTE, hence the protection is in 02004 // the original PTE. 02005 // 02006 02007 return MI_CONVERT_FROM_PTE_PROTECTION( 02008 Pfn1->OriginalPte.u.Soft.Protection); 02009 } 02010 02011 // 02012 // The PTE was a hardware PTE, get the protection 02013 // from the WSLE. 02014 02015 Va = (PULONG)MiGetVirtualAddressMappedByPte (PointerPte); 02016 Index = MiLocateWsle ((PVOID)Va, MmWorkingSetList, 02017 Pfn1->u1.WsIndex); 02018 02019 return MI_CONVERT_FROM_PTE_PROTECTION (MmWsle[Index].u1.e1.Protection); 02020 } 02021 02022 // 02023 // PTE is either demand zero or transition, in either 02024 // case protection is in PTE. 02025 // 02026 02027 return MI_CONVERT_FROM_PTE_PROTECTION (PteContents.u.Soft.Protection); 02028 02029 }

PMMADDRESS_NODE FASTCALL MiGetPreviousNode (  IN PMMADDRESS_NODE  Node  )

Definition at line 362 of file addrsup.c. References _MMADDRESS_NODE::LeftChild, NULL, _MMADDRESS_NODE::Parent, and _MMADDRESS_NODE::RightChild. Referenced by MiFindEmptyAddressRangeDownTree(). 00368 : 00369 00370 This function locates the virtual address descriptor which contains 00371 the address range which logically precedes the specified virtual 00372 address descriptor. 00373 00374 Arguments: 00375 00376 Node - Supplies a pointer to a virtual address descriptor. 00377 00378 Return Value: 00379 00380 Returns a pointer to the virtual address descriptor containing the 00381 next address range, NULL if none. 00382 00383 --*/ 00384 00385 { 00386 PMMADDRESS_NODE Previous; 00387 00388 Previous = Node; 00389 00390 if (Previous->LeftChild == (PMMADDRESS_NODE)NULL) { 00391 00392 00393 while (Previous->Parent != (PMMADDRESS_NODE)NULL) { 00394 00395 // 00396 // Locate the first ancestor of this node of which this 00397 // node is the right child of and return that node as the 00398 // Previous element. 00399 // 00400 00401 if (Previous->Parent->RightChild == Previous) { 00402 return Previous->Parent; 00403 } 00404 00405 Previous = Previous->Parent; 00406 00407 } 00408 return (PMMADDRESS_NODE)NULL; 00409 } 00410 00411 // 00412 // A left child exists, locate the right most child of that left child. 00413 // 00414 00415 Previous = Previous->LeftChild; 00416 while (Previous->RightChild != (PMMADDRESS_NODE)NULL) { 00417 Previous = Previous->RightChild; 00418 } 00419 return Previous; 00420 }

PMMPTE FASTCALL MiGetProtoPteAddressExtended (  IN PMMVAD  Vad, IN ULONG_PTR  Vpn )

Definition at line 685 of file extsect.c. References ASSERT, _SUBSECTION::NextSubsection, NULL, _SUBSECTION::PtesInSubsection, _SUBSECTION::SubsectionBase, and _CONTROL_AREA::u. 00692 : 00693 00694 This function calculates the address of the prototype PTE 00695 for the corresponding virtual address. 00696 00697 Arguments: 00698 00699 00700 Vad - Supplies a pointer to the virtual address desciptor which 00701 encompasses the virtual address. 00702 00703 Vpn - Supplies the virtual page number to locate a prototype PTE 00704 for. 00705 00706 Return Value: 00707 00708 The corresponding prototype PTE address. 00709 00710 --*/ 00711 00712 { 00713 PSUBSECTION Subsection; 00714 PCONTROL_AREA ControlArea; 00715 ULONG PteOffset; 00716 00717 ControlArea = Vad->ControlArea; 00718 00719 if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { 00720 Subsection = (PSUBSECTION)(ControlArea + 1); 00721 } 00722 else { 00723 Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); 00724 } 00725 00726 // 00727 // Locate the subsection which contains the First Prototype PTE 00728 // for this VAD. 00729 // 00730 00731 while ((Vad->FirstPrototypePte < Subsection->SubsectionBase) || 00732 (Vad->FirstPrototypePte >= 00733 &Subsection->SubsectionBase[Subsection->PtesInSubsection])) { 00734 00735 // 00736 // Get the next subsection. 00737 // 00738 00739 Subsection = Subsection->NextSubsection; 00740 if (Subsection == NULL) { 00741 return NULL; 00742 } 00743 } 00744 00745 // 00746 // How many PTEs beyond this subsection must we go? 00747 // 00748 00749 PteOffset = (ULONG) (((Vpn - Vad->StartingVpn) + 00750 (ULONG)(Vad->FirstPrototypePte - Subsection->SubsectionBase)) - 00751 Subsection->PtesInSubsection); 00752 00753 // DbgPrint("map extended subsection offset = %lx\n",PteOffset); 00754 00755 ASSERT (PteOffset < 0xF0000000); 00756 00757 PteOffset += Subsection->PtesInSubsection; 00758 00759 // 00760 // Locate the subsection which contains the prototype PTEs. 00761 // 00762 00763 while (PteOffset >= Subsection->PtesInSubsection) { 00764 PteOffset -= Subsection->PtesInSubsection; 00765 Subsection = Subsection->NextSubsection; 00766 if (Subsection == NULL) { 00767 return NULL; 00768 } 00769 } 00770 00771 // 00772 // The PTEs are in this subsection. 00773 // 00774 00775 ASSERT (PteOffset < Subsection->PtesInSubsection); 00776 00777 return &Subsection->SubsectionBase[PteOffset]; 00778 00779 }

PSUBSECTION MiGetSubsectionAndProtoFromPte (  IN PMMPTE  PointerPte, IN PMMPTE *  ProtoPte, IN PEPROCESS  Process )

NTSTATUS MiGetWritablePagesInSection (  IN PSECTION  Section, OUT PULONG  WritablePages )

Definition at line 4868 of file creasect.c. References ASSERT, MI_ROUND_TO_SIZE, MiGetImageProtection(), MM_PROTECTION_WRITE_MASK, MmMapViewOfSection(), MmUnmapViewOfSection(), NT_SUCCESS, NTSTATUS(), NULL, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PsGetCurrentProcess, and Status. Referenced by MiSessionWideReserveImageAddress(). : This routine calculates the number of writable pages in the image. Arguments: Section - Supplies the section for the image. WritablePages - Supplies a pointer to fill with the number of writable pages. Return Value: STATUS_SUCCESS if all went well, otherwise various NTSTATUS error codes. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { NTSTATUS Status; PVOID ViewBase; SIZE_T ViewSize; ULONG PagesInSubsection; ULONG Protection; ULONG NumberOfSubsections; ULONG OffsetToSectionTable; ULONG SectionVirtualSize; PEPROCESS Process; LARGE_INTEGER SectionOffset; PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeader; PIMAGE_SECTION_HEADER SectionTableEntry; PAGED_CODE(); ViewBase = NULL; ViewSize = 0; SectionOffset.QuadPart = 0; *WritablePages = 0; Process = PsGetCurrentProcess(); Status = MmMapViewOfSection (Section, Process, &ViewBase, 0, 0, &SectionOffset, &ViewSize, ViewUnmap, 0, PAGE_EXECUTE); if (!NT_SUCCESS(Status)) { return Status; } // // The DLL is mapped as a data file not as an image. Pull apart the // executable header. The security checks have already been // done as part of creating the section in the first place. // DosHeader = (PIMAGE_DOS_HEADER) ViewBase; ASSERT (DosHeader->e_magic == IMAGE_DOS_SIGNATURE); #ifndef i386 ASSERT (((ULONG)DosHeader->e_lfanew & 3) == 0); #endif ASSERT ((ULONG)DosHeader->e_lfanew <= ViewSize); NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)DosHeader + (ULONG)DosHeader->e_lfanew); OffsetToSectionTable = sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER) + NtHeader->FileHeader.SizeOfOptionalHeader; SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); NumberOfSubsections = NtHeader->FileHeader.NumberOfSections; while (NumberOfSubsections > 0) { Protection = MiGetImageProtection (SectionTableEntry->Characteristics); if (Protection & MM_PROTECTION_WRITE_MASK) { // // Handle the case where the virtual size is 0. // if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } PagesInSubsection = MI_ROUND_TO_SIZE (SectionVirtualSize, PAGE_SIZE) >> PAGE_SHIFT; *WritablePages += PagesInSubsection; } SectionTableEntry += 1; NumberOfSubsections -= 1; } Status = MmUnmapViewOfSection (Process, ViewBase); ASSERT (NT_SUCCESS(Status)); return Status; }

VOID MiGrowWsleHash (  IN PMMSUPPORT  WsInfo  )

Definition at line 3300 of file wslist.c. References ASSERT, ASSERT32, ASSERT64, Count, FALSE, _MMWSL::HashTable, _MMWSL::HashTableSize, _MMWSL::HashTableStart, _MMWSL::HighestPermittedHashAddress, _MMWSL::LastInitializedWsle, LOCK_PFN, _MMWSLE::Long, MI_WSLE_HASH, MiAddWsleHash(), MiCheckWsleHash(), MiDeletePte(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteOnPdeBoundary, MmSystemCacheWs, MMWSLE_HASH, _MMWSL::NonDirectCount, NULL, _EPROCESS::NumberOfPrivatePages, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, PsGetCurrentProcess, Size, TRUE, _MMPTE::u, _MMSUPPORT::u, _MMWSLE::u1, UNLOCK_PFN, _MMWSLE::VirtualAddress, and _MMWSL::Wsle. Referenced by MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiMakeSpecialPoolPagable(), MiSessionInitializeWorkingSetList(), MmAccessFault(), and MmAdjustWorkingSetSize(). : This function grows (or adds) a hash table to the working set list to allow direct indexing for WSLEs than cannot be located via the PFN database WSINDEX field. The hash table is located AFTER the WSLE array and the pages are locked into the working set just like standard WSLEs. Note that the hash table is expanded by setting the hash table field in the working set to NULL, but leaving the size as non-zero. This indicates that the hash should be expanded and the initial portion of the table zeroed. Arguments: WsInfo - Supplies a pointer to the working set info block for the process (or system cache). Return Value: None. Environment: Kernel mode, APCs disabled, working set lock held. --*/ { LONG Size; PMMWSLE Wsle; PMMPTE StartPte; PMMPTE EndPte; PMMPTE PointerPte; PMMPTE PointerPde; PMMPTE PointerPpe; PMMPTE AllocatedPde; PMMPTE AllocatedPpe; ULONG First; ULONG Hash; ULONG NewSize; PMMWSLE_HASH Table; PMMWSLE_HASH OriginalTable; ULONG j; PMMWSL WorkingSetList; KIRQL OldIrql; ULONG Count; LOGICAL LoopStart; PVOID EntryHashTableEnd; PVOID TempVa; PEPROCESS CurrentProcess; WorkingSetList = WsInfo->VmWorkingSetList; Wsle = WorkingSetList->Wsle; Table = WorkingSetList->HashTable; OriginalTable = WorkingSetList->HashTable; First = WorkingSetList->HashTableSize; if (Table == NULL) { NewSize = PtrToUlong(PAGE_ALIGN (((1 + WorkingSetList->NonDirectCount) * 2 * sizeof(MMWSLE_HASH)) + PAGE_SIZE - 1)); // // Note that the Table may be NULL and the HashTableSize/PTEs nonzero // in the case where the hash has been contracted. // j = First * sizeof(MMWSLE_HASH); // // Don't try for additional hash pages if we already have // the right amount (or too many). // if ((j + PAGE_SIZE > NewSize) && (j != 0)) { return; } Table = (PMMWSLE_HASH)(WorkingSetList->HashTableStart); EntryHashTableEnd = &Table[WorkingSetList->HashTableSize]; WorkingSetList->HashTableSize = 0; } else { // // Attempt to add 4 pages, make sure the working set list has // 4 free entries. // if ((WorkingSetList->LastInitializedWsle + 5) > WsInfo->WorkingSetSize) { NewSize = PAGE_SIZE * 4; } else { NewSize = PAGE_SIZE; } EntryHashTableEnd = &Table[WorkingSetList->HashTableSize]; } if ((PCHAR)EntryHashTableEnd + NewSize > (PCHAR)WorkingSetList->HighestPermittedHashAddress) { NewSize = (ULONG)((PCHAR)(WorkingSetList->HighestPermittedHashAddress) - ((PCHAR)EntryHashTableEnd)); if (NewSize == 0) { if (OriginalTable == NULL) { WorkingSetList->HashTableSize = First; } return; } } ASSERT64 ((MiGetPpeAddress(EntryHashTableEnd)->u.Hard.Valid == 0) || (MiGetPdeAddress(EntryHashTableEnd)->u.Hard.Valid == 0) || (MiGetPteAddress(EntryHashTableEnd)->u.Hard.Valid == 0)); ASSERT32 (MiGetPteAddress(EntryHashTableEnd)->u.Hard.Valid == 0); Size = NewSize; PointerPte = MiGetPteAddress (EntryHashTableEnd); StartPte = PointerPte; EndPte = PointerPte + (NewSize >> PAGE_SHIFT); #if defined (_WIN64) LoopStart = TRUE; AllocatedPde = NULL; AllocatedPpe = NULL; #endif do { #if defined (_WIN64) if (LoopStart == TRUE || MiIsPteOnPdeBoundary(PointerPte)) { PointerPpe = MiGetPdeAddress(PointerPte); PointerPde = MiGetPteAddress(PointerPte); if (PointerPpe->u.Hard.Valid == 0) { if (MiAddWsleHash (WsInfo, PointerPpe) == FALSE) { break; } AllocatedPpe = PointerPpe; } if (PointerPde->u.Hard.Valid == 0) { if (MiAddWsleHash (WsInfo, PointerPde) == FALSE) { break; } AllocatedPde = PointerPde; } LoopStart = FALSE; } else { AllocatedPde = NULL; AllocatedPpe = NULL; } #endif if (PointerPte->u.Hard.Valid == 0) { if (MiAddWsleHash (WsInfo, PointerPte) == FALSE) { break; } } PointerPte += 1; Size -= PAGE_SIZE; } while (Size > 0); // // If MiAddWsleHash was unable to allocate memory above, then roll back // any extra PPEs & PDEs that may have been created. Note NewSize must // be recalculated to handle the fact that memory may have run out. // #if !defined (_WIN64) if (PointerPte == StartPte) { if (OriginalTable == NULL) { WorkingSetList->HashTableSize = First; } return; } #else if (PointerPte != EndPte) { // // Clean up the last allocated PPE/PDE as they are not needed. // Note that the system cache and the session space working sets // have no current process (which MiDeletePte requires) which is // needed for WSLE and PrivatePages adjustments. // if (WsInfo != &MmSystemCacheWs && WsInfo->u.Flags.SessionSpace == 0) { CurrentProcess = PsGetCurrentProcess(); if (AllocatedPde != NULL) { ASSERT (AllocatedPde->u.Hard.Valid == 1); TempVa = MiGetVirtualAddressMappedByPte(AllocatedPde); LOCK_PFN (OldIrql); MiDeletePte (AllocatedPde, TempVa, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; UNLOCK_PFN (OldIrql); } if (AllocatedPpe != NULL) { ASSERT (AllocatedPpe->u.Hard.Valid == 1); TempVa = MiGetVirtualAddressMappedByPte(AllocatedPpe); LOCK_PFN (OldIrql); MiDeletePte (AllocatedPpe, TempVa, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; UNLOCK_PFN (OldIrql); } } if (PointerPte == StartPte) { if (OriginalTable == NULL) { WorkingSetList->HashTableSize = First; } } return; } #endif NewSize = (ULONG)((PointerPte - StartPte) << PAGE_SHIFT); ASSERT ((MiGetVirtualAddressMappedByPte(PointerPte) == WorkingSetList->HighestPermittedHashAddress) || (PointerPte->u.Hard.Valid == 0)); WorkingSetList->HashTableSize = First + NewSize / sizeof (MMWSLE_HASH); WorkingSetList->HashTable = Table; ASSERT ((&Table[WorkingSetList->HashTableSize] == WorkingSetList->HighestPermittedHashAddress) || (MiGetPteAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0)); if (First != 0) { RtlZeroMemory (Table, First * sizeof(MMWSLE_HASH)); } // // Fill hash table // j = 0; Count = WorkingSetList->NonDirectCount; Size = WorkingSetList->HashTableSize; do { if ((Wsle[j].u1.e1.Valid == 1) && (Wsle[j].u1.e1.Direct == 0)) { // // Hash this. // Count -= 1; Hash = MI_WSLE_HASH(Wsle[j].u1.Long, WorkingSetList); while (Table[Hash].Key != 0) { Hash += 1; if (Hash >= (ULONG)Size) { Hash = 0; } } Table[Hash].Key = Wsle[j].u1.Long & ~(PAGE_SIZE - 1); Table[Hash].Index = j; #if DBG PointerPte = MiGetPteAddress(Wsle[j].u1.VirtualAddress); ASSERT (PointerPte->u.Hard.Valid); #endif //DBG } ASSERT (j <= WorkingSetList->LastEntry); j += 1; } while (Count); #if DBG MiCheckWsleHash (WorkingSetList); #endif //DBG return; }

VOID MiInitializeCopyOnWritePfn (  IN PFN_NUMBER  PageFrameIndex, IN PMMPTE  PointerPte, IN WSLE_NUMBER  WorkingSetIndex, IN PVOID  SessionSpace )

Definition at line 3764 of file pagfault.c. References ActiveAndValid, ASSERT, _MMWSLE::e1, KeBugCheckEx(), MI_GET_PAGE_FRAME_FROM_PTE, MI_MAKE_PROTECT_NOT_WRITE_COPY, MI_PFN_ELEMENT, MiCheckPdeForPagedPool(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MM_EXECUTE_READWRITE, MM_PFN_LOCK_ASSERT, MmWsle, NT_SUCCESS, _MMPFN::OriginalPte, _MMWSLENTRY::Protection, _MMPFN::PteAddress, _MMPFN::PteFrame, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, and _MM_SESSION_SPACE::Wsle. Referenced by MiCopyOnWrite(), and MiSessionCopyOnWrite(). 03773 : 03774 03775 This function initializes the specified PFN element to the 03776 active and valid state for a copy on write operation. 03777 03778 In this case the page table page which contains the PTE has 03779 the proper ShareCount. 03780 03781 Arguments: 03782 03783 PageFrameIndex - Supplies the page frame number to initialize. 03784 03785 PointerPte - Supplies the pointer to the PTE which caused the 03786 page fault. 03787 03788 WorkingSetIndex - Supplies the working set index for the corresponding 03789 virtual address. 03790 03791 SessionPointer - Supplies the session space pointer if this fault is for 03792 a session space page or NULL if this is for a user page. 03793 03794 03795 Return Value: 03796 03797 None. 03798 03799 Environment: 03800 03801 Kernel mode, APCs disabled, PFN mutex held. 03802 03803 --*/ 03804 03805 { 03806 PMMPFN Pfn1; 03807 PMMPTE PteFramePointer; 03808 PFN_NUMBER PteFramePage; 03809 PVOID VirtualAddress; 03810 PMM_SESSION_SPACE SessionSpace; 03811 03812 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 03813 Pfn1->PteAddress = PointerPte; 03814 03815 // 03816 // Get the protection for the page. 03817 // 03818 03819 VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); 03820 03821 Pfn1->OriginalPte.u.Long = 0; 03822 03823 if (SessionPointer) { 03824 Pfn1->OriginalPte.u.Soft.Protection = MM_EXECUTE_READWRITE; 03825 SessionSpace = (PMM_SESSION_SPACE) SessionPointer; 03826 SessionSpace->Wsle[WorkingSetIndex].u1.e1.Protection = 03827 MM_EXECUTE_READWRITE; 03828 } 03829 else { 03830 Pfn1->OriginalPte.u.Soft.Protection = 03831 MI_MAKE_PROTECT_NOT_WRITE_COPY ( 03832 MmWsle[WorkingSetIndex].u1.e1.Protection); 03833 } 03834 03835 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 03836 Pfn1->u3.e2.ReferenceCount += 1; 03837 Pfn1->u2.ShareCount += 1; 03838 Pfn1->u3.e1.PageLocation = ActiveAndValid; 03839 Pfn1->u1.WsIndex = WorkingSetIndex; 03840 03841 // 03842 // Determine the page frame number of the page table page which 03843 // contains this PTE. 03844 // 03845 03846 PteFramePointer = MiGetPteAddress(PointerPte); 03847 if (PteFramePointer->u.Hard.Valid == 0) { 03848 #if !defined (_WIN64) 03849 if (!NT_SUCCESS(MiCheckPdeForPagedPool (PointerPte))) { 03850 #endif 03851 KeBugCheckEx (MEMORY_MANAGEMENT, 03852 0x61940, 03853 (ULONG_PTR)PointerPte, 03854 (ULONG_PTR)PteFramePointer->u.Long, 03855 (ULONG_PTR)MiGetVirtualAddressMappedByPte(PointerPte)); 03856 #if !defined (_WIN64) 03857 } 03858 #endif 03859 } 03860 03861 PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer); 03862 ASSERT (PteFramePage != 0); 03863 03864 Pfn1->PteFrame = PteFramePage; 03865 03866 #if PFN_CONSISTENCY 03867 MM_PFN_LOCK_ASSERT(); 03868 03869 Pfn1->u3.e1.PageTablePage = 0; 03870 #endif 03871 03872 // 03873 // Set the modified flag in the PFN database as we are writing 03874 // into this page and the dirty bit is already set in the PTE. 03875 // 03876 03877 Pfn1->u3.e1.Modified = 1; 03878 03879 return; 03880 }

LOGICAL MiInitializeDriverVerifierList (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Definition at line 3121 of file verifier.c. References _MI_VERIFIER_DRIVER_ENTRY::BaseName, End, ExAllocatePoolWithTag, ExInitializeFastMutex, FALSE, _MI_VERIFIER_DRIVER_ENTRY::Flags, IoVerifierInit(), IOVERIFIERINIT_EVERYTHING_TRACKED, IOVERIFIERINIT_PHASE0, IOVERIFIERINIT_VERIFIER_DRIVER_LIST, KeInitializeSpinLock(), KeQueryPerformanceCounter(), KernelVerifier, L, MI_VERIFIER_DRIVER_ENTRY, MiApplyDriverVerifier(), MiSuspectDriverList, MiTriageAddDrivers(), MiVerifierDriverAddedThunkListHead, MiVerifyAllDrivers, MiVerifyRandomDrivers, MmDontVerifyRandomDrivers, MmVerifierData, MmVerifyDriverBuffer, MmVerifyDriverBufferLength, MmVerifyDriverLevel, NonPagedPool, NULL, RtlEqualUnicodeString(), RtlInitUnicodeString(), Start, TRUE, UNICODE_WHITESPACE, USHORT, VerifierListLock, VerifierModifyableOptions, VerifierPoolLock, VerifierPoolMutex, VI_VERIFYING_DIRECTLY, ViBadMapperLock, ViInitializeEntry(), and ViInsertVerifierEntry(). Referenced by MmInitSystem(). : Parse the registry setting and set up the list of driver names that will be put through the validation process. Walk the loaded module list and thunk any drivers that need/deserve it. Arguments: None. Return Value: TRUE if successful, FALSE if not. Environment: Kernel mode, Phase 0 Initialization. Nonpaged (but not paged) pool exists. The PsLoadedModuleList has not been set up yet although the boot drivers have been relocated to their final resting places. --*/ { ULONG i; PLIST_ENTRY NextEntry; PLDR_DATA_TABLE_ENTRY DataTableEntry; PWCHAR Start; PWCHAR End; PWCHAR Walk; ULONG NameLength; PMI_VERIFIER_DRIVER_ENTRY Verifier; LARGE_INTEGER CurrentTime; UNICODE_STRING KernelString; UNICODE_STRING HalString; PMI_VERIFIER_DRIVER_ENTRY KernelEntry; PMI_VERIFIER_DRIVER_ENTRY HalEntry; InitializeListHead (&MiSuspectDriverList); if (MmVerifyDriverLevel != (ULONG)-1) { if (MmVerifyDriverLevel & DRIVER_VERIFIER_IO_CHECKING) { if (MmVerifyDriverBufferLength == (ULONG)-1) { MmVerifyDriverBufferLength = 0; // Mm will not page out verifier pages. } } } if (MmVerifyDriverBufferLength == (ULONG)-1) { if (MmDontVerifyRandomDrivers == TRUE) { return FALSE; } MmVerifyDriverBufferLength = 0; CurrentTime = KeQueryPerformanceCounter (NULL); CurrentTime.LowPart = (CurrentTime.LowPart % 26); MiVerifyRandomDrivers = (WCHAR)'A' + (WCHAR)CurrentTime.LowPart; if ((MiVerifyRandomDrivers == (WCHAR)'H') || (MiVerifyRandomDrivers == (WCHAR)'J') || (MiVerifyRandomDrivers == (WCHAR)'X') || (MiVerifyRandomDrivers == (WCHAR)'Y') || (MiVerifyRandomDrivers == (WCHAR)'Z')) { MiVerifyRandomDrivers = (WCHAR)'X'; } } KeInitializeSpinLock (&ViBadMapperLock); KeInitializeSpinLock (&VerifierListLock); KeInitializeSpinLock (&VerifierPoolLock); ExInitializeFastMutex (&VerifierPoolMutex); InitializeListHead (&MiVerifierDriverAddedThunkListHead); // // If no default is specified, then special pool, pagable code/data // flushing and pool leak detection are enabled. // if (MmVerifyDriverLevel == (ULONG)-1) { MmVerifierData.Level = DRIVER_VERIFIER_SPECIAL_POOLING | DRIVER_VERIFIER_FORCE_IRQL_CHECKING | DRIVER_VERIFIER_TRACK_POOL_ALLOCATIONS; } else { MmVerifierData.Level = MmVerifyDriverLevel; } VerifierModifyableOptions = (DRIVER_VERIFIER_SPECIAL_POOLING | DRIVER_VERIFIER_FORCE_IRQL_CHECKING | DRIVER_VERIFIER_INJECT_ALLOCATION_FAILURES); IoVerifierInit (MmVerifierData.Level, IOVERIFIERINIT_PHASE0 | IOVERIFIERINIT_EVERYTHING_TRACKED | IOVERIFIERINIT_VERIFIER_DRIVER_LIST); KernelEntry = NULL; HalEntry = NULL; if (MiVerifyRandomDrivers == (WCHAR)0) { RtlInitUnicodeString (&KernelString, L"ntoskrnl.exe"); RtlInitUnicodeString (&HalString, L"hal.dll"); Start = MmVerifyDriverBuffer; End = MmVerifyDriverBuffer + (MmVerifyDriverBufferLength - sizeof(WCHAR)) / sizeof(WCHAR); while (Start < End) { if (UNICODE_WHITESPACE(*Start)) { Start += 1; continue; } if (*Start == (WCHAR)'*') { MiVerifyAllDrivers = TRUE; break; } for (Walk = Start; Walk < End; Walk += 1) { if (UNICODE_WHITESPACE(*Walk)) { break; } } // // Got a string. Save it. // NameLength = (ULONG)(Walk - Start + 1) * sizeof (WCHAR); Verifier = (PMI_VERIFIER_DRIVER_ENTRY)ExAllocatePoolWithTag ( NonPagedPool, sizeof (MI_VERIFIER_DRIVER_ENTRY) + NameLength, 'dLmM'); if (Verifier == NULL) { break; } Verifier->BaseName.Buffer = (PWSTR)((PCHAR)Verifier + sizeof (MI_VERIFIER_DRIVER_ENTRY)); Verifier->BaseName.Length = (USHORT)NameLength - sizeof (UNICODE_NULL); Verifier->BaseName.MaximumLength = (USHORT)NameLength; RtlMoveMemory (Verifier->BaseName.Buffer, Start, NameLength - sizeof (UNICODE_NULL)); ViInitializeEntry (Verifier, TRUE); Verifier->Flags |= VI_VERIFYING_DIRECTLY; ViInsertVerifierEntry (Verifier); if (RtlEqualUnicodeString (&KernelString, &Verifier->BaseName, TRUE)) { // // All driver pool allocation calls must be intercepted so // they are not mistaken for kernel pool allocations. // MiVerifyAllDrivers = TRUE; KernelVerifier = TRUE; KernelEntry = Verifier; } else if (RtlEqualUnicodeString (&HalString, &Verifier->BaseName, TRUE)) { HalEntry = Verifier; } Start = Walk + 1; } } if (MiTriageAddDrivers (LoaderBlock) == TRUE) { // // Disable random driver verification if triage has picked driver(s). // MiVerifyRandomDrivers = (WCHAR)0; } // // Process the boot-loaded drivers now. // i = 0; NextEntry = LoaderBlock->LoadOrderListHead.Flink; for ( ; NextEntry != &LoaderBlock->LoadOrderListHead; NextEntry = NextEntry->Flink) { DataTableEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); // // Process the kernel and HAL specially. // if (i == 0) { if (KernelEntry != NULL) { MiApplyDriverVerifier (DataTableEntry, KernelEntry); } } else if (i == 1) { if (HalEntry != NULL) { MiApplyDriverVerifier (DataTableEntry, HalEntry); } } else { MiApplyDriverVerifier (DataTableEntry, NULL); } i += 1; } return TRUE; }

VOID MiInitializeIoTrackers (  VOID   )

Definition at line 1595 of file iosup.c. References KeInitializeSpinLock(), _LOCK_HEADER::ListHead, _SYSPTES_HEADER::ListHead, MiDeadPteTrackerListHead, MiPteHeader, MiPteTrackerLock, MmLockedPagesHead, MmTrackLockedPages, MmTrackPtes, and TRUE. Referenced by MmInitSystem(). { if (MmTrackPtes != 0) { InitializeListHead (&MiDeadPteTrackerListHead); KeInitializeSpinLock (&MiPteTrackerLock); InitializeListHead (&MiPteHeader.ListHead); } if (MmTrackLockedPages == TRUE) { InitializeListHead (&MmLockedPagesHead.ListHead); } }

LOGICAL MiInitializeLoadedModuleList (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Definition at line 6591 of file sysload.c. References ExAllocatePoolWithTag, ExFreePool(), ExInitializeResource, FALSE, KeInitializeSpinLock(), MiBuildImportsForBootDrivers(), MiLocateKernelSections(), NonPagedPool, NULL, PagedPool, PsLoadedModuleList, PsLoadedModuleResource, PsLoadedModuleSpinLock, PsNtosImageBase, and TRUE. Referenced by MmInitSystem(). : This function initializes the loaded module list based on the LoaderBlock. Arguments: LoaderBlock - Supplies a pointer to the system loader block. Return Value: None. Environment: Kernel mode, Phase 0 Initialization. --*/ { PLIST_ENTRY NextEntry; PLDR_DATA_TABLE_ENTRY DataTableEntry1; PLDR_DATA_TABLE_ENTRY DataTableEntry2; // // Initialize the loaded module list executive resource and spin lock. // ExInitializeResource (&PsLoadedModuleResource); KeInitializeSpinLock (&PsLoadedModuleSpinLock); InitializeListHead (&PsLoadedModuleList); // // Scan the loaded module list and allocate and initialize a data table // entry for each module. The data table entry is inserted in the loaded // module list and the initialization order list in the order specified // in the loader parameter block. The data table entry is inserted in the // memory order list in memory order. // NextEntry = LoaderBlock->LoadOrderListHead.Flink; DataTableEntry2 = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); PsNtosImageBase = DataTableEntry2->DllBase; MiLocateKernelSections (DataTableEntry2); while (NextEntry != &LoaderBlock->LoadOrderListHead) { DataTableEntry2 = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); // // Allocate a data table entry. // DataTableEntry1 = ExAllocatePoolWithTag (NonPagedPool, sizeof(LDR_DATA_TABLE_ENTRY), 'dLmM'); if (DataTableEntry1 == NULL) { return FALSE; } // // Copy the data table entry. // *DataTableEntry1 = *DataTableEntry2; DataTableEntry1->FullDllName.Buffer = ExAllocatePoolWithTag (PagedPool, DataTableEntry2->FullDllName.MaximumLength + sizeof(UNICODE_NULL), 'TDmM'); if (DataTableEntry1->FullDllName.Buffer == NULL) { ExFreePool (DataTableEntry1); return FALSE; } DataTableEntry1->BaseDllName.Buffer = ExAllocatePoolWithTag (NonPagedPool, DataTableEntry2->BaseDllName.MaximumLength + sizeof(UNICODE_NULL), 'dLmM'); if (DataTableEntry1->BaseDllName.Buffer == NULL) { ExFreePool (DataTableEntry1->FullDllName.Buffer); ExFreePool (DataTableEntry1); return FALSE; } // // Copy the strings. // RtlMoveMemory (DataTableEntry1->FullDllName.Buffer, DataTableEntry2->FullDllName.Buffer, DataTableEntry1->FullDllName.MaximumLength); RtlMoveMemory (DataTableEntry1->BaseDllName.Buffer, DataTableEntry2->BaseDllName.Buffer, DataTableEntry1->BaseDllName.MaximumLength); // // Insert the data table entry in the load order list in the order // they are specified. // InsertTailList(&PsLoadedModuleList, &DataTableEntry1->InLoadOrderLinks); NextEntry = NextEntry->Flink; } MiBuildImportsForBootDrivers (); return TRUE; }

VOID MiInitializeMustSucceedPool (  VOID   )

VOID MiInitializeNonPagedPool (  VOID   )

Definition at line 2476 of file allocpag.c. References ASSERT, BYTES_TO_PAGES, Index, MI_CONVERT_PHYSICAL_TO_PFN, MI_GET_PAGE_FRAME_FROM_PTE, MI_IS_PHYSICAL_ADDRESS, MI_MAX_FREE_LIST_HEADS, MiEndOfInitialPoolFrame, MiGetPteAddress, MiInitializeSystemPtes(), MM_FREE_POOL_SIGNATURE, MmExpandedPoolBitPosition, MmMaximumNonPagedPoolInBytes, MmMustSucceedPoolBitPosition, MmNonPagedMustSucceed, MmNonPagedPoolExpansionStart, MmNonPagedPoolFreeListHead, MmNonPagedPoolStart, MmNumberOfFreeNonPagedPool, MmSizeOfNonPagedMustSucceed, MmSizeOfNonPagedPoolInBytes, NonPagedPoolExpansion, PAGE_SIZE, PAGED_CODE, _MMFREE_POOL_ENTRY::Signature, Size, and _MMPTE::u. Referenced by MiInitMachineDependent(). 02482 : 02483 02484 This function initializes the NonPaged pool. 02485 02486 NonPaged Pool is linked together through the pages. 02487 02488 Arguments: 02489 02490 None. 02491 02492 Return Value: 02493 02494 None. 02495 02496 Environment: 02497 02498 Kernel mode, during initialization. 02499 02500 --*/ 02501 02502 { 02503 ULONG PagesInPool; 02504 ULONG Size; 02505 ULONG Index; 02506 PMMFREE_POOL_ENTRY FreeEntry; 02507 PMMFREE_POOL_ENTRY FirstEntry; 02508 PMMPTE PointerPte; 02509 PFN_NUMBER i; 02510 PULONG_PTR ThisPage; 02511 PULONG_PTR NextPage; 02512 PVOID EndOfInitialPool; 02513 PFN_NUMBER PageFrameIndex; 02514 02515 PAGED_CODE(); 02516 02517 // 02518 // Initialize the list heads for free pages. 02519 // 02520 02521 for (Index = 0; Index < MI_MAX_FREE_LIST_HEADS; Index += 1) { 02522 InitializeListHead (&MmNonPagedPoolFreeListHead[Index]); 02523 } 02524 02525 // 02526 // Initialize the must succeed pool (this occupies the first 02527 // pages of the pool area). 02528 // 02529 02530 // 02531 // Allocate NonPaged pool for the NonPagedPoolMustSucceed pool. 02532 // 02533 02534 MmNonPagedMustSucceed = (PCHAR)MmNonPagedPoolStart; 02535 02536 i = MmSizeOfNonPagedMustSucceed - PAGE_SIZE; 02537 02538 MmMustSucceedPoolBitPosition = BYTES_TO_PAGES(MmSizeOfNonPagedMustSucceed); 02539 02540 ThisPage = (PULONG_PTR)MmNonPagedMustSucceed; 02541 02542 while (i > 0) { 02543 NextPage = (PULONG_PTR)((PCHAR)ThisPage + PAGE_SIZE); 02544 *ThisPage = (ULONG_PTR)NextPage; 02545 ThisPage = NextPage; 02546 i -= PAGE_SIZE; 02547 } 02548 *ThisPage = 0; 02549 02550 // 02551 // Set up the remaining pages as non paged pool pages. 02552 // 02553 02554 ASSERT ((MmSizeOfNonPagedMustSucceed & (PAGE_SIZE - 1)) == 0); 02555 FreeEntry = (PMMFREE_POOL_ENTRY)((PCHAR)MmNonPagedPoolStart + 02556 MmSizeOfNonPagedMustSucceed); 02557 FirstEntry = FreeEntry; 02558 02559 PagesInPool = BYTES_TO_PAGES(MmSizeOfNonPagedPoolInBytes - 02560 MmSizeOfNonPagedMustSucceed); 02561 02562 // 02563 // Set the location of expanded pool. 02564 // 02565 02566 MmExpandedPoolBitPosition = BYTES_TO_PAGES (MmSizeOfNonPagedPoolInBytes); 02567 02568 MmNumberOfFreeNonPagedPool = PagesInPool; 02569 02570 Index = (ULONG)(MmNumberOfFreeNonPagedPool - 1); 02571 if (Index >= MI_MAX_FREE_LIST_HEADS) { 02572 Index = MI_MAX_FREE_LIST_HEADS - 1; 02573 } 02574 02575 InsertHeadList (&MmNonPagedPoolFreeListHead[Index], &FreeEntry->List); 02576 02577 FreeEntry->Size = PagesInPool; 02578 #if DBG 02579 FreeEntry->Signature = MM_FREE_POOL_SIGNATURE; 02580 #endif 02581 FreeEntry->Owner = FirstEntry; 02582 02583 while (PagesInPool > 1) { 02584 FreeEntry = (PMMFREE_POOL_ENTRY)((PCHAR)FreeEntry + PAGE_SIZE); 02585 #if DBG 02586 FreeEntry->Signature = MM_FREE_POOL_SIGNATURE; 02587 #endif 02588 FreeEntry->Owner = FirstEntry; 02589 PagesInPool -= 1; 02590 } 02591 02592 // 02593 // Set the last nonpaged pool PFN so coalescing on free doesn't go 02594 // past the end of the initial pool. 02595 // 02596 02597 EndOfInitialPool = (PVOID)((ULONG_PTR)MmNonPagedPoolStart + MmSizeOfNonPagedPoolInBytes - 1); 02598 02599 if (MI_IS_PHYSICAL_ADDRESS(EndOfInitialPool)) { 02600 PageFrameIndex = MI_CONVERT_PHYSICAL_TO_PFN (EndOfInitialPool); 02601 } else { 02602 PointerPte = MiGetPteAddress(EndOfInitialPool); 02603 ASSERT (PointerPte->u.Hard.Valid == 1); 02604 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); 02605 } 02606 MiEndOfInitialPoolFrame = PageFrameIndex; 02607 02608 // 02609 // Set up the system PTEs for nonpaged pool expansion. 02610 // 02611 02612 PointerPte = MiGetPteAddress (MmNonPagedPoolExpansionStart); 02613 ASSERT (PointerPte->u.Hard.Valid == 0); 02614 02615 Size = BYTES_TO_PAGES(MmMaximumNonPagedPoolInBytes - 02616 MmSizeOfNonPagedPoolInBytes); 02617 02618 // 02619 // Insert a guard PTE at the bottom of expanded nonpaged pool. 02620 // 02621 02622 Size -= 1; 02623 PointerPte += 1; 02624 02625 MiInitializeSystemPtes (PointerPte, 02626 Size, 02627 NonPagedPoolExpansion 02628 ); 02629 02630 // 02631 // A guard PTE is built at the top by our caller. This allows us to 02632 // freely increment virtual addresses in MiFreePoolPages and just check 02633 // for a blank PTE. 02634 // 02635 }

VOID MiInitializePfn (  IN PFN_NUMBER  PageFrameIndex, IN PMMPTE  PointerPte, IN ULONG  ModifiedState )

Definition at line 3398 of file pagfault.c. References ActiveAndValid, ASSERT, DbgPrint, KeBugCheckEx(), MI_GET_PAGE_FRAME_FROM_PTE, MI_IS_CACHING_DISABLED, MI_PFN_ELEMENT, MiCheckPdeForPagedPool(), MiFormatPfn(), MiFormatPte(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MM_DEMAND_ZERO_WRITE_PTE, MM_EXECUTE_READWRITE, MM_NOCACHE, MM_PFN_LOCK_ASSERT, MM_READWRITE, NT_SUCCESS, _MMPFN::OriginalPte, _MMPFN::PteAddress, _MMPFN::PteFrame, _MMPTE::u, _MMPFN::u2, and _MMPFN::u3. Referenced by ExAllocatePool(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiFillSystemPageDirectory(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiLoadImageSection(), MiReloadBootLoadedDrivers(), MiResolveDemandZeroFault(), MiSessionCommitImagePages(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmAccessFault(), MmAddPhysicalMemory(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmCheckCachedPageState(), MmCreateKernelStack(), MmGrowKernelStack(), MmInitializeProcessAddressSpace(), and MmInitSystem(). 03406 : 03407 03408 This function initializes the specified PFN element to the 03409 active and valid state. 03410 03411 Arguments: 03412 03413 PageFrameIndex - Supplies the page frame number to initialize. 03414 03415 PointerPte - Supplies the pointer to the PTE which caused the 03416 page fault. 03417 03418 ModifiedState - Supplies the state to set the modified field in the PFN 03419 element for this page, either 0 or 1. 03420 03421 Return Value: 03422 03423 None. 03424 03425 Environment: 03426 03427 Kernel mode, APCs disabled, PFN mutex held. 03428 03429 --*/ 03430 03431 { 03432 PMMPFN Pfn1; 03433 PMMPFN Pfn2; 03434 PMMPTE PteFramePointer; 03435 PFN_NUMBER PteFramePage; 03436 03437 MM_PFN_LOCK_ASSERT(); 03438 03439 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 03440 Pfn1->PteAddress = PointerPte; 03441 03442 // 03443 // If the PTE is currently valid, an address space is being built, 03444 // just make the original PTE demand zero. 03445 // 03446 03447 if (PointerPte->u.Hard.Valid == 1) { 03448 Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; 03449 03450 #if defined(_IA64_) 03451 if (PointerPte->u.Hard.Execute == 1) { 03452 Pfn1->OriginalPte.u.Soft.Protection = MM_EXECUTE_READWRITE; 03453 } 03454 #endif 03455 03456 if (MI_IS_CACHING_DISABLED (PointerPte)) { 03457 Pfn1->OriginalPte.u.Soft.Protection = MM_READWRITE | MM_NOCACHE; 03458 } 03459 03460 } else { 03461 Pfn1->OriginalPte = *PointerPte; 03462 ASSERT (!((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 03463 (Pfn1->OriginalPte.u.Soft.Transition == 1))); 03464 } 03465 03466 Pfn1->u3.e2.ReferenceCount += 1; 03467 03468 #if DBG 03469 if (Pfn1->u3.e2.ReferenceCount > 1) { 03470 DbgPrint("MM:incrementing ref count > 1 \n"); 03471 MiFormatPfn(Pfn1); 03472 MiFormatPte(PointerPte); 03473 } 03474 #endif 03475 03476 Pfn1->u2.ShareCount += 1; 03477 Pfn1->u3.e1.PageLocation = ActiveAndValid; 03478 Pfn1->u3.e1.Modified = ModifiedState; 03479 03480 #if defined (_WIN64) 03481 Pfn1->UsedPageTableEntries = 0; 03482 #endif 03483 03484 #if PFN_CONSISTENCY 03485 Pfn1->u3.e1.PageTablePage = 0; 03486 #endif 03487 // 03488 // Determine the page frame number of the page table page which 03489 // contains this PTE. 03490 // 03491 03492 PteFramePointer = MiGetPteAddress(PointerPte); 03493 if (PteFramePointer->u.Hard.Valid == 0) { 03494 #if !defined (_WIN64) 03495 if (!NT_SUCCESS(MiCheckPdeForPagedPool (PointerPte))) { 03496 #endif 03497 KeBugCheckEx (MEMORY_MANAGEMENT, 03498 0x61940, 03499 (ULONG_PTR)PointerPte, 03500 (ULONG_PTR)PteFramePointer->u.Long, 03501 (ULONG_PTR)MiGetVirtualAddressMappedByPte(PointerPte)); 03502 #if !defined (_WIN64) 03503 } 03504 #endif 03505 } 03506 PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer); 03507 ASSERT (PteFramePage != 0); 03508 Pfn1->PteFrame = PteFramePage; 03509 03510 // 03511 // Increment the share count for the page table page containing 03512 // this PTE. 03513 // 03514 03515 Pfn2 = MI_PFN_ELEMENT (PteFramePage); 03516 03517 Pfn2->u2.ShareCount += 1; 03518 03519 return; 03520 }

VOID MiInitializePfnForOtherProcess (  IN PFN_NUMBER  PageFrameIndex, IN PMMPTE  PointerPte, IN PFN_NUMBER  ContainingPageFrame )

Definition at line 3973 of file pagfault.c. References ActiveAndValid, ASSERT, DbgPrint, MI_PFN_ELEMENT, MiFormatPfn(), MiFormatPte(), MM_DEMAND_ZERO_WRITE_PTE, MM_PFN_LOCK_ASSERT, _MMPFN::OriginalPte, _MMPFN::PteAddress, _MMPFN::PteFrame, _MMPTE::u, _MMPFN::u2, and _MMPFN::u3. Referenced by MiAllocatePoolPages(), MiFillSystemPageDirectory(), MiInitializeSessionPool(), MiMakeOutswappedPageResident(), MiSessionCommitPageTables(), MiSessionCreateInternal(), and MiSessionInitializeWorkingSetList(). 03981 : 03982 03983 This function initializes the specified PFN element to the 03984 active and valid state with the dirty bit on in the PTE and 03985 the PFN database marked as modified. 03986 03987 As this PTE is not visible from the current process, the containing 03988 page frame must be supplied at the PTE contents field for the 03989 PFN database element are set to demand zero. 03990 03991 Arguments: 03992 03993 PageFrameIndex - Supplies the page frame number of which to initialize. 03994 03995 PointerPte - Supplies the pointer to the PTE which caused the 03996 page fault. 03997 03998 ContainingPageFrame - Supplies the page frame number of the page 03999 table page which contains this PTE. 04000 If the ContainingPageFrame is 0, then 04001 the ShareCount for the 04002 containing page is not incremented. 04003 04004 Return Value: 04005 04006 None. 04007 04008 Environment: 04009 04010 Kernel mode, APCs disabled, PFN mutex held. 04011 04012 --*/ 04013 04014 { 04015 PMMPFN Pfn1; 04016 PMMPFN Pfn2; 04017 04018 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 04019 Pfn1->PteAddress = PointerPte; 04020 Pfn1->OriginalPte.u.Long = MM_DEMAND_ZERO_WRITE_PTE; 04021 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 04022 Pfn1->u3.e2.ReferenceCount += 1; 04023 04024 #if DBG 04025 if (Pfn1->u3.e2.ReferenceCount > 1) { 04026 DbgPrint("MM:incrementing ref count > 1 \n"); 04027 MiFormatPfn(Pfn1); 04028 MiFormatPte(PointerPte); 04029 } 04030 #endif 04031 04032 Pfn1->u2.ShareCount += 1; 04033 Pfn1->u3.e1.PageLocation = ActiveAndValid; 04034 Pfn1->u3.e1.Modified = 1; 04035 04036 #if PFN_CONSISTENCY 04037 MM_PFN_LOCK_ASSERT(); 04038 04039 Pfn1->u3.e1.PageTablePage = 0; 04040 #endif 04041 04042 // 04043 // Increment the share count for the page table page containing 04044 // this PTE. 04045 // 04046 04047 if (ContainingPageFrame != 0) { 04048 Pfn1->PteFrame = ContainingPageFrame; 04049 Pfn2 = MI_PFN_ELEMENT (ContainingPageFrame); 04050 Pfn2->u2.ShareCount += 1; 04051 } 04052 return; 04053 }

VOID MiInitializeReadInProgressPfn (  IN PMDL  Mdl, IN PMMPTE  BasePte, IN PKEVENT  Event, IN WSLE_NUMBER  WorkingSetIndex )

Definition at line 3523 of file pagfault.c. References ASSERT, Event(), KeBugCheckEx(), MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE, MI_GET_PAGE_FRAME_FROM_PTE, MI_MAKE_TRANSITION_PTE, MI_PFN_ELEMENT, MI_PROTOTYPE_WSINDEX, MI_WRITE_INVALID_PTE, MiCheckPdeForPagedPool(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MM_PFN_LOCK_ASSERT, NT_SUCCESS, _MMPFN::OriginalPte, PAGE_SIZE, _MMPFN::PteAddress, _MMPFN::PteFrame, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiResolveMappedFileFault(), and MiResolvePageFileFault(). 03532 : 03533 03534 This function initializes the specified PFN element to the 03535 transition / read-in-progress state for an in-page operation. 03536 03537 03538 Arguments: 03539 03540 Mdl - Supplies a pointer to the MDL. 03541 03542 BasePte - Supplies the pointer to the PTE which the first page in 03543 the MDL maps. 03544 03545 Event - Supplies the event which is to be set when the I/O operation 03546 completes. 03547 03548 WorkingSetIndex - Supplies the working set index flag, a value of 03549 -1 indicates no WSLE is required because 03550 this is a prototype PTE. 03551 03552 Return Value: 03553 03554 None. 03555 03556 Environment: 03557 03558 Kernel mode, APCs disabled, PFN mutex held. 03559 03560 --*/ 03561 03562 { 03563 PMMPFN Pfn1; 03564 PMMPFN Pfn2; 03565 PMMPTE PteFramePointer; 03566 PFN_NUMBER PteFramePage; 03567 MMPTE TempPte; 03568 LONG NumberOfBytes; 03569 PPFN_NUMBER Page; 03570 03571 MM_PFN_LOCK_ASSERT(); 03572 03573 Page = (PPFN_NUMBER)(Mdl + 1); 03574 03575 NumberOfBytes = Mdl->ByteCount; 03576 03577 while (NumberOfBytes > 0) { 03578 03579 Pfn1 = MI_PFN_ELEMENT (*Page); 03580 Pfn1->u1.Event = Event; 03581 Pfn1->PteAddress = BasePte; 03582 Pfn1->OriginalPte = *BasePte; 03583 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 03584 MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE (Pfn1, 10); 03585 Pfn1->u3.e2.ReferenceCount += 1; 03586 03587 Pfn1->u2.ShareCount = 0; 03588 Pfn1->u3.e1.ReadInProgress = 1; 03589 Pfn1->u3.e1.InPageError = 0; 03590 03591 #if PFN_CONSISTENCY 03592 Pfn1->u3.e1.PageTablePage = 0; 03593 #endif 03594 if (WorkingSetIndex == MI_PROTOTYPE_WSINDEX) { 03595 Pfn1->u3.e1.PrototypePte = 1; 03596 } 03597 03598 // 03599 // Determine the page frame number of the page table page which 03600 // contains this PTE. 03601 // 03602 03603 PteFramePointer = MiGetPteAddress(BasePte); 03604 if (PteFramePointer->u.Hard.Valid == 0) { 03605 #if !defined (_WIN64) 03606 if (!NT_SUCCESS(MiCheckPdeForPagedPool (BasePte))) { 03607 #endif 03608 KeBugCheckEx (MEMORY_MANAGEMENT, 03609 0x61940, 03610 (ULONG_PTR)BasePte, 03611 (ULONG_PTR)PteFramePointer->u.Long, 03612 (ULONG_PTR)MiGetVirtualAddressMappedByPte(BasePte)); 03613 #if !defined (_WIN64) 03614 } 03615 #endif 03616 } 03617 03618 PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer); 03619 Pfn1->PteFrame = PteFramePage; 03620 03621 // 03622 // Put the PTE into the transition state, no cache flush needed as 03623 // PTE is still not valid. 03624 // 03625 03626 MI_MAKE_TRANSITION_PTE (TempPte, 03627 *Page, 03628 BasePte->u.Soft.Protection, 03629 BasePte); 03630 MI_WRITE_INVALID_PTE (BasePte, TempPte); 03631 03632 // 03633 // Increment the share count for the page table page containing 03634 // this PTE as the PTE just went into the transition state. 03635 // 03636 03637 ASSERT (PteFramePage != 0); 03638 Pfn2 = MI_PFN_ELEMENT (PteFramePage); 03639 Pfn2->u2.ShareCount += 1; 03640 03641 NumberOfBytes -= PAGE_SIZE; 03642 Page += 1; 03643 BasePte += 1; 03644 } 03645 03646 return; 03647 }

VOID MiInitializeSessionIds (  VOID   )

Definition at line 350 of file session.c. References ASSERT, ExInitializeFastMutex, MiCreateBitMap, MiSessionIdBitmap, MiSessionIdMutex, MM_MAXIMUM_CONCURRENT_SESSIONS, NonPagedPoolMustSucceed, NULL, PAGE_SIZE, PagedPool, and RtlClearAllBits(). : This routine creates and initializes session ID allocation/deallocation. Arguments: None. Return Value: None. --*/ { // // If this ever grows beyond the size of a page, both the allocation and // deletion code will need to be updated. // ASSERT (sizeof(MM_SESSION_SPACE) <= PAGE_SIZE); ExInitializeFastMutex (&MiSessionIdMutex); MiCreateBitMap (&MiSessionIdBitmap, MM_MAXIMUM_CONCURRENT_SESSIONS, PagedPool); if (MiSessionIdBitmap == NULL) { MiCreateBitMap (&MiSessionIdBitmap, MM_MAXIMUM_CONCURRENT_SESSIONS, NonPagedPoolMustSucceed); } RtlClearAllBits (MiSessionIdBitmap); }

NTSTATUS MiInitializeSessionPool (  VOID   )

Definition at line 4222 of file allocpag.c. References _MM_PAGED_POOL_INFO::AllocatedPagedPool, ASSERT, _MM_SESSION_SPACE::CommittedPages, _MM_PAGED_POOL_INFO::EndOfPagedPoolBitmap, ExInitializeFastMutex, ExpInitializePoolDescriptor(), FALSE, _MM_PAGED_POOL_INFO::FirstPteForPagedPool, Index, _MM_PAGED_POOL_INFO::LastPteForPagedPool, LOCK_PFN, MI_FLUSH_SINGLE_SESSION_TB, MI_GET_PAGE_COLOR_FROM_PTE, MI_PFN_ELEMENT, MI_SESSION_POOL, MI_SESSION_POOL_SIZE, MI_SET_PFN_DELETED, MI_WRITE_VALID_PTE, MiChargeCommitment(), MiCreateBitMap, MiDecrementShareAndValidCount, MiDecrementShareCountOnly, MiEnsureAvailablePageOrWait(), MiFillMemoryPte, MiFreeSessionPoolBitMaps(), MiGetPdeAddress, MiGetPdeSessionIndex, MiGetPteAddress, MiInitializePfnForOtherProcess(), MiRemoveAnyPage(), MiReturnCommitment(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_RETURN_PAGED_POOL_PAGES, MM_DBG_COMMIT_RETURN_SESSION_POOL_PAGE_TABLES, MM_DBG_COMMIT_SESSION_POOL_PAGE_TABLES, MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC, MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_FREE_FAIL1, MM_KERNEL_NOACCESS_PTE, MM_SESSION_FAILURE_NO_COMMIT, MM_SESSION_FAILURE_NO_NONPAGED_POOL, MM_SESSION_FAILURE_NO_RESIDENT, MM_TRACK_COMMIT, MmAvailablePages, MmResidentAvailablePages, MmSessionSpace, _MM_PAGED_POOL_INFO::NextPdeForPagedPoolExpansion, _MM_SESSION_SPACE::NonPagablePages, NonPagedPool, NULL, PAGE_SHIFT, PAGE_SIZE, _MM_SESSION_SPACE::PagedPool, _MM_PAGED_POOL_INFO::PagedPoolAllocationMap, _MM_SESSION_SPACE::PagedPoolBasePde, _MM_PAGED_POOL_INFO::PagedPoolCommit, _MM_SESSION_SPACE::PagedPoolEnd, _MM_PAGED_POOL_INFO::PagedPoolHint, _MM_SESSION_SPACE::PagedPoolInfo, _MM_PAGED_POOL_INFO::PagedPoolLargeSessionAllocationMap, _MM_SESSION_SPACE::PagedPoolMutex, PagedPoolSession, _MM_SESSION_SPACE::PagedPoolStart, _MM_SESSION_SPACE::PageTables, PPOOL_DESCRIPTOR, PTE_PER_PAGE, _MMPFN::PteFrame, RtlClearAllBits(), RtlClearBits(), RtlSetAllBits(), SESSION_GLOBAL, _MM_SESSION_SPACE::SessionPageDirectoryIndex, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, UNLOCK_PFN, ValidKernelPdeLocal, and ZeroKernelPte. Referenced by MiSessionCreateInternal(). : Initialize the current session's pool structure. Arguments: None. Return Value: Status of the pool initialization. Environment: Kernel mode. --*/ { ULONG Index; MMPTE TempPte; PMMPTE PointerPde, PointerPte; PFN_NUMBER PageFrameIndex; PPOOL_DESCRIPTOR PoolDescriptor; PMM_SESSION_SPACE SessionGlobal; PMM_PAGED_POOL_INFO PagedPoolInfo; KIRQL OldIrql; PMMPFN Pfn1; MMPTE PreviousPte; #if DBG PMMPTE StartPde, EndPde; #endif SessionGlobal = SESSION_GLOBAL(MmSessionSpace); ExInitializeFastMutex (&SessionGlobal->PagedPoolMutex); PoolDescriptor = &MmSessionSpace->PagedPool; ExpInitializePoolDescriptor (PoolDescriptor, PagedPoolSession, 0, 0, &SessionGlobal->PagedPoolMutex); MmSessionSpace->PagedPoolStart = (PVOID)MI_SESSION_POOL; MmSessionSpace->PagedPoolEnd = (PVOID)((MI_SESSION_POOL + MI_SESSION_POOL_SIZE)-1); PagedPoolInfo = &MmSessionSpace->PagedPoolInfo; PagedPoolInfo->PagedPoolCommit = 0; PagedPoolInfo->PagedPoolHint = 0; PagedPoolInfo->AllocatedPagedPool = 0; // // Build the page table page for paged pool. // PointerPde = MiGetPdeAddress (MmSessionSpace->PagedPoolStart); MmSessionSpace->PagedPoolBasePde = PointerPde; PointerPte = MiGetPteAddress (MmSessionSpace->PagedPoolStart); PagedPoolInfo->FirstPteForPagedPool = PointerPte; PagedPoolInfo->LastPteForPagedPool = MiGetPteAddress (MmSessionSpace->PagedPoolEnd); #if DBG // // Session pool better be unused. // StartPde = MiGetPdeAddress (MmSessionSpace->PagedPoolStart); EndPde = MiGetPdeAddress (MmSessionSpace->PagedPoolEnd); while (StartPde <= EndPde) { ASSERT (StartPde->u.Long == 0); StartPde += 1; } #endif // // Mark all PDEs as empty. // MiFillMemoryPte (PointerPde, sizeof(MMPTE) * (1 + MiGetPdeAddress (MmSessionSpace->PagedPoolEnd) - PointerPde), ZeroKernelPte.u.Long); if (MiChargeCommitment (1, NULL) == FALSE) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); return STATUS_NO_MEMORY; } MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_POOL_PAGE_TABLES, 1); TempPte = ValidKernelPdeLocal; LOCK_PFN (OldIrql); if (MmAvailablePages <= 1) { UNLOCK_PFN (OldIrql); MiReturnCommitment (1); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_POOL_PAGE_TABLES, 1); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_RESIDENT); return STATUS_NO_MEMORY; } MmResidentAvailablePages -= 1; MM_BUMP_COUNTER(42, 1); MM_BUMP_SESS_COUNTER(MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_ALLOC, 1); MiEnsureAvailablePageOrWait (NULL, NULL); // // Allocate and map in the initial page table page for session pool. // PageFrameIndex = MiRemoveAnyPage (MI_GET_PAGE_COLOR_FROM_PTE (PointerPde)); TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_WRITE_VALID_PTE (PointerPde, TempPte); MiInitializePfnForOtherProcess (PageFrameIndex, PointerPde, MmSessionSpace->SessionPageDirectoryIndex); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); // // This page will be locked into working set and assigned an index when // the working set is set up on return. // ASSERT (Pfn1->u1.WsIndex == 0); UNLOCK_PFN (OldIrql); KeFillEntryTb ((PHARDWARE_PTE) PointerPde, PointerPte, FALSE); #if !defined (_WIN64) Index = MiGetPdeSessionIndex (MmSessionSpace->PagedPoolStart); ASSERT (MmSessionSpace->PageTables[Index].u.Long == 0); MmSessionSpace->PageTables[Index] = TempPte; #endif MmSessionSpace->NonPagablePages += 1; MmSessionSpace->CommittedPages += 1; MiFillMemoryPte (PointerPte, PAGE_SIZE, MM_KERNEL_NOACCESS_PTE); PagedPoolInfo->NextPdeForPagedPoolExpansion = PointerPde + 1; // // Initialize the bitmaps. // MiCreateBitMap (&PagedPoolInfo->PagedPoolAllocationMap, MI_SESSION_POOL_SIZE >> PAGE_SHIFT, NonPagedPool); if (PagedPoolInfo->PagedPoolAllocationMap == NULL) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_NONPAGED_POOL); goto Failure; } // // We start with all pages in the virtual address space as "busy", and // clear bits to make pages available as we dynamically expand the pool. // RtlSetAllBits( PagedPoolInfo->PagedPoolAllocationMap ); // // Indicate first page worth of PTEs are available. // RtlClearBits (PagedPoolInfo->PagedPoolAllocationMap, 0, PTE_PER_PAGE); // // Create the end of allocation range bitmap. // MiCreateBitMap (&PagedPoolInfo->EndOfPagedPoolBitmap, MI_SESSION_POOL_SIZE >> PAGE_SHIFT, NonPagedPool); if (PagedPoolInfo->EndOfPagedPoolBitmap == NULL) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_NONPAGED_POOL); goto Failure; } RtlClearAllBits (PagedPoolInfo->EndOfPagedPoolBitmap); // // Create the large session allocation bitmap. // MiCreateBitMap (&PagedPoolInfo->PagedPoolLargeSessionAllocationMap, MI_SESSION_POOL_SIZE >> PAGE_SHIFT, NonPagedPool); if (PagedPoolInfo->PagedPoolLargeSessionAllocationMap == NULL) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_NONPAGED_POOL); goto Failure; } RtlClearAllBits (PagedPoolInfo->PagedPoolLargeSessionAllocationMap); return STATUS_SUCCESS; Failure: MiFreeSessionPoolBitMaps (); LOCK_PFN (OldIrql); ASSERT (MmSessionSpace->SessionPageDirectoryIndex == Pfn1->PteFrame); ASSERT (Pfn1->u2.ShareCount == 1); MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); MI_FLUSH_SINGLE_SESSION_TB (MiGetPteAddress(PointerPde), TRUE, TRUE, (PHARDWARE_PTE)PointerPde, ZeroKernelPte.u.Flush, PreviousPte); MmSessionSpace->NonPagablePages -= 1; MmSessionSpace->CommittedPages -= 1; MmResidentAvailablePages += 1; MM_BUMP_COUNTER(51, 1); MM_BUMP_SESS_COUNTER(MM_DBG_SESSION_PAGEDPOOL_PAGETABLE_FREE_FAIL1, 1); UNLOCK_PFN (OldIrql); MiReturnCommitment (1); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGED_POOL_PAGES, 1); return STATUS_NO_MEMORY; }

VOID MiInitializeSessionWsSupport (  VOID   )

Definition at line 1847 of file wslist.c. References MiSessionWsList. Referenced by MmInitSystem(). : This routine initializes the session space working set support. Arguments: None. Return Value: None. Environment: Kernel mode, APC_LEVEL or below, no mutexes held. --*/ { // // This is the list of all session spaces ordered in a working set list. // InitializeListHead (&MiSessionWsList); }

VOID MiInitializeSystemCache (  IN ULONG  MinimumWorkingSet, IN ULONG  MaximumWorkingSet )

Definition at line 814 of file mapcache.c. References _MMSUPPORT::AllowWorkingSetAdjustment, COMPUTE_PAGES_SPANNED, _MMWSL::FirstDynamic, _MMWSL::FirstFree, _MMWSL::HashTable, _MMWSL::HashTableSize, _MMWSL::HashTableStart, _MMWSL::HighestPermittedHashAddress, L, _MMWSL::LastEntry, _MMWSL::LastInitializedWsle, _MMWORKING_SET_EXPANSION_HEAD::ListHead, LOCK_PFN, LOCK_SYSTEM_WS, _MMSUPPORT::MaximumWorkingSetSize, MI_GET_PAGE_COLOR_FROM_PTE, MI_PTE_BASE_FOR_LOWEST_KERNEL_ADDRESS, MI_WRITE_VALID_PTE, MiGetPteAddress, MiGrowWsleHash(), MiInitializePfn(), _MMSUPPORT::MinimumWorkingSetSize, MiRemoveZeroPage(), MiSystemCacheEndExtra, MiSystemCacheStartExtra, MM_EMPTY_PTE_LIST, MM_FREE_WSLE_SHIFT, MM_MAXIMUM_WORKING_SET, MM_SYSTEM_CACHE_START, MmFirstFreeSystemCache, MmLastFreeSystemCache, MmSystemCacheEnd, MmSystemCachePteBase, MmSystemCacheStart, MmSystemCacheWorkingSetList, MmSystemCacheWs, MmSystemCacheWsle, MmSystemCacheWsMaximum, MmSystemCacheWsMinimum, MmWorkingSetExpansionHead, MMWSLE, _MMWSL::NextSlot, NULL, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, _MMWSL::Quota, TRUE, _MMPTE::u, _MMWSLE::u1, UNLOCK_PFN, UNLOCK_SYSTEM_WS, _MMWSL::UsedPageTableEntries, ValidKernelPte, _MMSUPPORT::VmWorkingSetList, _MMSUPPORT::WorkingSetExpansionLinks, _MMSUPPORT::WorkingSetSize, _MMWSL::Wsle, WSLE_NULL_INDEX, and X256K. Referenced by MmInitSystem(). 00821 : 00822 00823 This routine initializes the system cache working set and 00824 data management structures. 00825 00826 Arguments: 00827 00828 MinimumWorkingSet - Supplies the minimum working set for the system 00829 cache. 00830 00831 MaximumWorkingSet - Supplies the maximum working set size for the 00832 system cache. 00833 00834 Return Value: 00835 00836 None. 00837 00838 Environment: 00839 00840 Kernel mode, called only at phase 0 initialization. 00841 00842 --*/ 00843 00844 { 00845 ULONG SizeOfSystemCacheInPages; 00846 ULONG HunksOf256KInCache; 00847 PMMWSLE WslEntry; 00848 ULONG NumberOfEntriesMapped; 00849 PFN_NUMBER i; 00850 MMPTE PteContents; 00851 PMMPTE PointerPte; 00852 KIRQL OldIrql; 00853 00854 PointerPte = MiGetPteAddress (MmSystemCacheWorkingSetList); 00855 00856 PteContents = ValidKernelPte; 00857 00858 LOCK_PFN (OldIrql); 00859 00860 i = MiRemoveZeroPage(MI_GET_PAGE_COLOR_FROM_PTE (PointerPte)); 00861 00862 PteContents.u.Hard.PageFrameNumber = i; 00863 00864 MI_WRITE_VALID_PTE (PointerPte, PteContents); 00865 00866 MiInitializePfn (i, PointerPte, 1L); 00867 00868 UNLOCK_PFN (OldIrql); 00869 00870 #if defined (_WIN64) 00871 MmSystemCacheWsle = (PMMWSLE)(MmSystemCacheWorkingSetList + 1); 00872 #else 00873 MmSystemCacheWsle = 00874 (PMMWSLE)(&MmSystemCacheWorkingSetList->UsedPageTableEntries[0]); 00875 #endif 00876 00877 MmSystemCacheWs.VmWorkingSetList = MmSystemCacheWorkingSetList; 00878 MmSystemCacheWs.WorkingSetSize = 0; 00879 MmSystemCacheWs.MinimumWorkingSetSize = MinimumWorkingSet; 00880 MmSystemCacheWs.MaximumWorkingSetSize = MaximumWorkingSet; 00881 InsertTailList (&MmWorkingSetExpansionHead.ListHead, 00882 &MmSystemCacheWs.WorkingSetExpansionLinks); 00883 00884 MmSystemCacheWs.AllowWorkingSetAdjustment = TRUE; 00885 00886 // 00887 // Don't use entry 0 as an index of zero in the PFN database 00888 // means that the page can be assigned to a slot. This is not 00889 // a problem for process working sets as page 0 is private. 00890 // 00891 00892 MmSystemCacheWorkingSetList->FirstFree = 1; 00893 MmSystemCacheWorkingSetList->FirstDynamic = 1; 00894 MmSystemCacheWorkingSetList->NextSlot = 1; 00895 MmSystemCacheWorkingSetList->LastEntry = (ULONG)MmSystemCacheWsMinimum; 00896 MmSystemCacheWorkingSetList->Quota = MmSystemCacheWorkingSetList->LastEntry; 00897 MmSystemCacheWorkingSetList->HashTable = NULL; 00898 MmSystemCacheWorkingSetList->HashTableSize = 0; 00899 MmSystemCacheWorkingSetList->Wsle = MmSystemCacheWsle; 00900 00901 MmSystemCacheWorkingSetList->HashTableStart = 00902 (PVOID)((PCHAR)PAGE_ALIGN (&MmSystemCacheWorkingSetList->Wsle[MM_MAXIMUM_WORKING_SET]) + PAGE_SIZE); 00903 00904 MmSystemCacheWorkingSetList->HighestPermittedHashAddress = (PVOID)(MM_SYSTEM_CACHE_START); 00905 00906 NumberOfEntriesMapped = (ULONG)(((PMMWSLE)((PCHAR)MmSystemCacheWorkingSetList + 00907 PAGE_SIZE)) - MmSystemCacheWsle); 00908 00909 LOCK_PFN (OldIrql); 00910 00911 while (NumberOfEntriesMapped < MmSystemCacheWsMaximum) { 00912 00913 PointerPte += 1; 00914 i = MiRemoveZeroPage(MI_GET_PAGE_COLOR_FROM_PTE (PointerPte)); 00915 PteContents.u.Hard.PageFrameNumber = i; 00916 MI_WRITE_VALID_PTE (PointerPte, PteContents); 00917 MiInitializePfn (i, PointerPte, 1L); 00918 NumberOfEntriesMapped += PAGE_SIZE / sizeof(MMWSLE); 00919 } 00920 00921 UNLOCK_PFN (OldIrql); 00922 00923 // 00924 // Initialize the following slots as free. 00925 // 00926 00927 WslEntry = MmSystemCacheWsle + 1; 00928 00929 for (i = 1; i < NumberOfEntriesMapped; i++) { 00930 00931 // 00932 // Build the free list, note that the first working 00933 // set entries (CurrentEntry) are not on the free list. 00934 // These entries are reserved for the pages which 00935 // map the working set and the page which contains the PDE. 00936 // 00937 00938 WslEntry->u1.Long = (i + 1) << MM_FREE_WSLE_SHIFT; 00939 WslEntry += 1; 00940 } 00941 00942 WslEntry -= 1; 00943 WslEntry->u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; // End of list. 00944 00945 MmSystemCacheWorkingSetList->LastInitializedWsle = NumberOfEntriesMapped - 1; 00946 00947 // 00948 // Build a free list structure in the PTEs for the system cache. 00949 // 00950 00951 MmSystemCachePteBase = MI_PTE_BASE_FOR_LOWEST_KERNEL_ADDRESS; 00952 00953 SizeOfSystemCacheInPages = COMPUTE_PAGES_SPANNED (MmSystemCacheStart, 00954 (PCHAR)MmSystemCacheEnd - (PCHAR)MmSystemCacheStart + 1); 00955 00956 HunksOf256KInCache = SizeOfSystemCacheInPages / (X256K / PAGE_SIZE); 00957 00958 PointerPte = MiGetPteAddress (MmSystemCacheStart); 00959 00960 MmFirstFreeSystemCache = PointerPte; 00961 00962 for (i = 0; i < HunksOf256KInCache; i += 1) { 00963 PointerPte->u.List.NextEntry = (PointerPte + (X256K / PAGE_SIZE)) - MmSystemCachePteBase; 00964 PointerPte += X256K / PAGE_SIZE; 00965 } 00966 00967 PointerPte -= X256K / PAGE_SIZE; 00968 00969 #if defined(_X86_) 00970 00971 // 00972 // Add any extended ranges. 00973 // 00974 00975 if (MiSystemCacheEndExtra != MmSystemCacheEnd) { 00976 00977 SizeOfSystemCacheInPages = COMPUTE_PAGES_SPANNED (MiSystemCacheStartExtra, 00978 (PCHAR)MiSystemCacheEndExtra - (PCHAR)MiSystemCacheStartExtra + 1); 00979 00980 HunksOf256KInCache = SizeOfSystemCacheInPages / (X256K / PAGE_SIZE); 00981 00982 if (HunksOf256KInCache) { 00983 00984 PMMPTE PointerPteExtended; 00985 00986 PointerPteExtended = MiGetPteAddress (MiSystemCacheStartExtra); 00987 PointerPte->u.List.NextEntry = PointerPteExtended - MmSystemCachePteBase; 00988 PointerPte = PointerPteExtended; 00989 00990 for (i = 0; i < HunksOf256KInCache; i += 1) { 00991 PointerPte->u.List.NextEntry = (PointerPte + (X256K / PAGE_SIZE)) - MmSystemCachePteBase; 00992 PointerPte += X256K / PAGE_SIZE; 00993 } 00994 00995 PointerPte -= X256K / PAGE_SIZE; 00996 } 00997 } 00998 #endif 00999 01000 PointerPte->u.List.NextEntry = MM_EMPTY_PTE_LIST; 01001 MmLastFreeSystemCache = PointerPte; 01002 01003 if (MaximumWorkingSet > ((1536*1024) >> PAGE_SHIFT)) { 01004 01005 // 01006 // The working set list consists of more than a single page. 01007 // 01008 01009 LOCK_SYSTEM_WS (OldIrql); 01010 MiGrowWsleHash (&MmSystemCacheWs); 01011 UNLOCK_SYSTEM_WS (OldIrql); 01012 } 01013 }

VOID MiInitializeSystemPtes (  IN PMMPTE  StartingPte, IN ULONG  NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE  SystemPteType )

Definition at line 1740 of file sysptes.c. References ASSERT, MI_PTE_BASE_FOR_LOWEST_KERNEL_ADDRESS, MI_WRITE_INVALID_PTE, MiAllocatePoolPages(), MiCountFreeSystemPtes(), MiFillMemoryPte, MiReleaseSystemPtes(), MiReserveSystemPtes(), MM_EMPTY_LIST, MM_EMPTY_PTE_LIST, MM_PTE_LIST_1, MM_PTE_LIST_16, MM_PTE_LIST_2, MM_PTE_LIST_4, MM_PTE_LIST_8, MM_SYS_PTE_TABLES_MAX, MmFirstFreeSystemPte, MmFlushCounter, MmFlushPte1, MmFreeSysPteListBySize, MmLastSysPteListBySize, MmSysPteIndex, MmSystemPteBase, MmSystemPtesEnd, MmSystemPtesStart, MmTotalFreeSystemPtes, NonPagedPool, NULL, SystemPteSpace, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by MiInitializeNonPagedPool(), and MiInitMachineDependent(). : This routine initializes the system PTE pool. Arguments: StartingPte - Supplies the address of the first PTE to put in the pool. NumberOfPtes - Supplies the number of PTEs to put in the pool. SystemPtePoolType - Supplies the PTE type of the pool to initialize, one of SystemPteSpace or NonPagedPoolExpansion. Return Value: none. Environment: Kernel mode. --*/ { LONG i; LONG j; #ifdef _MI_SYSPTE_DEBUG_ PMMPTE_TRACKER Tracker; #endif // // Set the base of the system PTE pool to this PTE. This takes into // account that systems may have additional PTE pools below the PTE_BASE. // MmSystemPteBase = MI_PTE_BASE_FOR_LOWEST_KERNEL_ADDRESS; MmSystemPtesStart[SystemPtePoolType] = StartingPte; MmSystemPtesEnd[SystemPtePoolType] = StartingPte + NumberOfPtes - 1; // // If there are no PTEs specified, then make a valid chain by indicating // that the list is empty. // if (NumberOfPtes == 0) { MmFirstFreeSystemPte[SystemPtePoolType] = ZeroKernelPte; MmFirstFreeSystemPte[SystemPtePoolType].u.List.NextEntry = MM_EMPTY_LIST; return; } // // Initialize the specified system pte pool. // MiFillMemoryPte (StartingPte, NumberOfPtes * sizeof (MMPTE), ZeroKernelPte.u.Long); // // The page frame field points to the next cluster. As we only // have one cluster at initialization time, mark it as the last // cluster. // StartingPte->u.List.NextEntry = MM_EMPTY_LIST; MmFirstFreeSystemPte[SystemPtePoolType] = ZeroKernelPte; MmFirstFreeSystemPte[SystemPtePoolType].u.List.NextEntry = StartingPte - MmSystemPteBase; // // If there is only one PTE in the pool, then mark it as a one entry // PTE. Otherwise, store the cluster size in the following PTE. // if (NumberOfPtes == 1) { StartingPte->u.List.OneEntry = TRUE; } else { StartingPte += 1; MI_WRITE_INVALID_PTE (StartingPte, ZeroKernelPte); StartingPte->u.List.NextEntry = NumberOfPtes; } // // Set the total number of free PTEs for the specified type. // MmTotalFreeSystemPtes[SystemPtePoolType] = NumberOfPtes; ASSERT (MmTotalFreeSystemPtes[SystemPtePoolType] == MiCountFreeSystemPtes (SystemPtePoolType)); if (SystemPtePoolType == SystemPteSpace) { ULONG Lists[MM_SYS_PTE_TABLES_MAX] = {MM_PTE_LIST_1, MM_PTE_LIST_2, MM_PTE_LIST_4, MM_PTE_LIST_8, MM_PTE_LIST_16}; PMMPTE PointerPte; ULONG total; #ifdef _MI_SYSPTE_DEBUG_ Tracker = (PMMPTE_TRACKER) MiAllocatePoolPages ( NonPagedPool, NumberOfPtes * sizeof (MMPTE_TRACKER), 0); if (Tracker) { RtlZeroMemory (Tracker, NumberOfPtes * sizeof (MMPTE_TRACKER)); } #endif for (j = 0; j < MM_SYS_PTE_TABLES_MAX ; j++) { MmFreeSysPteListBySize [j].u.List.NextEntry = MM_EMPTY_PTE_LIST; MmLastSysPteListBySize [j] = &MmFreeSysPteListBySize [j]; } MmFlushCounter += 1; #ifndef _MI_GUARD_PTE_ // // Initialize the by size lists. // total = MM_PTE_LIST_1 * MmSysPteIndex[0] + MM_PTE_LIST_2 * MmSysPteIndex[1] + MM_PTE_LIST_4 * MmSysPteIndex[2] + MM_PTE_LIST_8 * MmSysPteIndex[3] + MM_PTE_LIST_16 * MmSysPteIndex[4]; PointerPte = MiReserveSystemPtes (total, SystemPteSpace, 64*1024, 0, TRUE); for (i = (MM_SYS_PTE_TABLES_MAX - 1); i >= 0; i--) { do { Lists[i] -= 1; MiReleaseSystemPtes (PointerPte, MmSysPteIndex[i], SystemPteSpace); PointerPte += MmSysPteIndex[i]; } while (Lists[i] != 0 ); } #endif MmFlushCounter += 1; MmFlushPte1 = NULL; #ifdef _MI_SYSPTE_DEBUG_ MiPteTracker = Tracker; #endif } return; }

BOOLEAN MiInitializeSystemSpaceMap (  PVOID Session  OPTIONAL  )

Referenced by MiBuildPagedPool(), and MiSessionCreateInternal().

VOID MiInitializeTransitionPfn (  IN PFN_NUMBER  PageFrameIndex, IN PMMPTE  PointerPte, IN WSLE_NUMBER  WorkingSetIndex )

Definition at line 3650 of file pagfault.c. References ASSERT, KeBugCheckEx(), MI_GET_PAGE_FRAME_FROM_PTE, MI_MAKE_TRANSITION_PTE, MI_PFN_ELEMENT, MI_PROTOTYPE_WSINDEX, MI_WRITE_INVALID_PTE, MiCheckPdeForPagedPool(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MM_PFN_LOCK_ASSERT, NT_SUCCESS, NULL, _MMPFN::OriginalPte, _MMPFN::PteAddress, _MMPFN::PteFrame, TransitionPage, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiUpdateImageHeaderPage(), and MmCopyToCachedPage(). 03658 : 03659 03660 This function initializes the specified PFN element to the 03661 transition state. Main use is by MapImageFile to make the 03662 page which contains the image header transition in the 03663 prototype PTEs. 03664 03665 Arguments: 03666 03667 PageFrameIndex - Supplies the page frame index to be initialized. 03668 03669 PointerPte - Supplies an invalid, non-transition PTE to initialize. 03670 03671 WorkingSetIndex - Supplies the working set index flag, a value of 03672 MI_PROTOTYPE_WSINDEX indicates no WSLE is required 03673 because this is a prototype PTE. 03674 03675 Return Value: 03676 03677 None. 03678 03679 Environment: 03680 03681 Kernel mode, APCs disabled, PFN mutex held. 03682 03683 --*/ 03684 03685 { 03686 PMMPFN Pfn1; 03687 PMMPFN Pfn2; 03688 PMMPTE PteFramePointer; 03689 PFN_NUMBER PteFramePage; 03690 MMPTE TempPte; 03691 03692 MM_PFN_LOCK_ASSERT(); 03693 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 03694 Pfn1->u1.Event = NULL; 03695 Pfn1->PteAddress = PointerPte; 03696 Pfn1->OriginalPte = *PointerPte; 03697 ASSERT (!((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 03698 (Pfn1->OriginalPte.u.Soft.Transition == 1))); 03699 03700 // 03701 // Don't change the reference count (it should already be 1). 03702 // 03703 03704 Pfn1->u2.ShareCount = 0; 03705 03706 if (WorkingSetIndex == MI_PROTOTYPE_WSINDEX) { 03707 Pfn1->u3.e1.PrototypePte = 1; 03708 } 03709 03710 Pfn1->u3.e1.PageLocation = TransitionPage; 03711 03712 // 03713 // Determine the page frame number of the page table page which 03714 // contains this PTE. 03715 // 03716 03717 PteFramePointer = MiGetPteAddress(PointerPte); 03718 if (PteFramePointer->u.Hard.Valid == 0) { 03719 #if !defined (_WIN64) 03720 if (!NT_SUCCESS(MiCheckPdeForPagedPool (PointerPte))) { 03721 #endif 03722 KeBugCheckEx (MEMORY_MANAGEMENT, 03723 0x61940, 03724 (ULONG_PTR)PointerPte, 03725 (ULONG_PTR)PteFramePointer->u.Long, 03726 (ULONG_PTR)MiGetVirtualAddressMappedByPte(PointerPte)); 03727 #if !defined (_WIN64) 03728 } 03729 #endif 03730 } 03731 03732 PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer); 03733 Pfn1->PteFrame = PteFramePage; 03734 03735 #if PFN_CONSISTENCY 03736 Pfn1->u3.e1.PageTablePage = 0; 03737 #endif 03738 03739 // 03740 // Put the PTE into the transition state, no cache flush needed as 03741 // PTE is still not valid. 03742 // 03743 03744 MI_MAKE_TRANSITION_PTE (TempPte, 03745 PageFrameIndex, 03746 PointerPte->u.Soft.Protection, 03747 PointerPte); 03748 03749 MI_WRITE_INVALID_PTE (PointerPte, TempPte); 03750 03751 // 03752 // Increment the share count for the page table page containing 03753 // this PTE as the PTE just went into the transition state. 03754 // 03755 03756 Pfn2 = MI_PFN_ELEMENT (PteFramePage); 03757 ASSERT (PteFramePage != 0); 03758 Pfn2->u2.ShareCount += 1; 03759 03760 return; 03761 }

VOID MiInitializeWorkingSetList (  IN PEPROCESS  CurrentProcess  )

Definition at line 1481 of file wslist.c. References ASSERT, CONSISTENCY_LOCK_PFN, CONSISTENCY_UNLOCK_PFN, _MMWSL::FirstDynamic, _MMWSL::FirstFree, _MMWSL::HashTable, _MMWSL::HashTableSize, _MMWSL::HashTableStart, _MMWSL::HighestPermittedHashAddress, HYPER_SPACE, HYPER_SPACE_END, _MMWSL::LastEntry, _MMWSL::LastInitializedWsle, LOCK_PFN, MI_MAKE_VALID_PTE, MI_PAGE_COLOR_PTE_PROCESS, MI_PFN_ELEMENT, MI_SET_PTE_DIRTY, MI_SET_PTE_IN_WORKING_SET, MI_WRITE_VALID_PTE, MiEnsureAvailablePageOrWait(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGrowWsleHash(), MiInitializePfn(), MiRemoveZeroPage(), MM_DEMAND_ZERO_WRITE_PTE, MM_FREE_WSLE_SHIFT, MM_MAXIMUM_WORKING_SET, MM_READWRITE, MM_SESSION_SPACE_DEFAULT, MmWorkingSetList, MmWsle, _MMWSL::NextSlot, NULL, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, _MMWSL::Quota, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, UNLOCK_PFN, _MMWSL::WaitingForImageMapping, WORKING_SET_LIST, _MMWSL::Wsle, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MmInitializeProcessAddressSpace(). : This routine initializes a process's working set to the empty state. Arguments: CurrentProcess - Supplies a pointer to the process to initialize. Return Value: None. Environment: Kernel mode, APCs disabled. --*/ { ULONG i; PMMWSLE WslEntry; ULONG CurrentEntry; PMMPTE PointerPte; PMMPFN Pfn1; WSLE_NUMBER NumberOfEntriesMapped; ULONG_PTR CurrentVa; PFN_NUMBER WorkingSetPage; MMPTE TempPte; KIRQL OldIrql; WslEntry = MmWsle; // // Initialize the temporary double mapping portion of hyperspace, if // it has not already been done. // // Initialize the working set list control cells. // MmWorkingSetList->LastEntry = CurrentProcess->Vm.MinimumWorkingSetSize; MmWorkingSetList->Quota = MmWorkingSetList->LastEntry; MmWorkingSetList->WaitingForImageMapping = (PKEVENT)NULL; MmWorkingSetList->HashTable = NULL; MmWorkingSetList->HashTableSize = 0; MmWorkingSetList->Wsle = MmWsle; MmWorkingSetList->HashTableStart = (PVOID)((PCHAR)PAGE_ALIGN (&MmWsle[MM_MAXIMUM_WORKING_SET]) + PAGE_SIZE); MmWorkingSetList->HighestPermittedHashAddress = (PVOID)(HYPER_SPACE_END + 1); // // Fill in the reserved slots. Start with the page directory page. // #if !defined (_X86PAE_) WslEntry->u1.Long = PDE_BASE; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); CONSISTENCY_LOCK_PFN (OldIrql); #if !defined (_WIN64) Pfn1->u1.Event = (PVOID)CurrentProcess; #endif CONSISTENCY_UNLOCK_PFN (OldIrql); #else // // Fill in all the page directory entries. // for (i = 0; i < PD_PER_SYSTEM; i += 1) { WslEntry->u1.VirtualAddress = (PVOID)(PDE_BASE + i * PAGE_SIZE); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); WslEntry += 1; } WslEntry -= 1; #endif #if defined (_WIN64) // // Fill in the entry for the page directory parent page. // WslEntry += 1; WslEntry->u1.Long = PDE_TBASE; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); // // Fill in the entry for the hyper space page directory page. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MiGetPdeAddress (HYPER_SPACE); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); #if defined (_IA64_) // // Fill in the entry for the session space page directory parent page. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MiGetPpeAddress (MM_SESSION_SPACE_DEFAULT); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); #endif #endif // // Fill in the entry for the page table page which maps hyper space. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MiGetPteAddress (HYPER_SPACE); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); #if defined (_X86PAE_) // // Fill in the entry for the second page table page which maps hyper space. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MiGetPteAddress (HYPER_SPACE2); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); #endif // // Fill in the entry for the page which contains the working set list. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MmWorkingSetList; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; PointerPte = MiGetPteAddress (WslEntry->u1.VirtualAddress); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmWsle); CONSISTENCY_UNLOCK_PFN (OldIrql); CurrentEntry = (WSLE_NUMBER)((WslEntry - MmWsle) + 1); // // Check to see if more pages are required in the working set list // to map the current maximum working set size. // NumberOfEntriesMapped = (WSLE_NUMBER)(((PMMWSLE)((PCHAR)WORKING_SET_LIST + PAGE_SIZE)) - MmWsle); if (CurrentProcess->Vm.MaximumWorkingSetSize >= NumberOfEntriesMapped) { PointerPte = MiGetPteAddress (&MmWsle[0]); CurrentVa = (ULONG_PTR)MmWorkingSetList + PAGE_SIZE; // // The working set requires more than a single page. // LOCK_PFN (OldIrql); do { MiEnsureAvailablePageOrWait (NULL, NULL); PointerPte += 1; WorkingSetPage = MiRemoveZeroPage ( MI_PAGE_COLOR_PTE_PROCESS (PointerPte, &CurrentProcess->NextPageColor)); PointerPte->u.Long = MM_DEMAND_ZERO_WRITE_PTE; MiInitializePfn (WorkingSetPage, PointerPte, 1); MI_MAKE_VALID_PTE (TempPte, WorkingSetPage, MM_READWRITE, PointerPte ); MI_SET_PTE_DIRTY (TempPte); MI_SET_PTE_IN_WORKING_SET (&TempPte, CurrentEntry); MI_WRITE_VALID_PTE (PointerPte, TempPte); WslEntry += 1; WslEntry->u1.Long = CurrentVa; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); Pfn1->u1.WsIndex = CurrentEntry; // MiInsertWsle(CurrentEntry, MmWorkingSetList); CurrentEntry += 1; CurrentVa += PAGE_SIZE; NumberOfEntriesMapped += PAGE_SIZE / sizeof(MMWSLE); } while (CurrentProcess->Vm.MaximumWorkingSetSize >= NumberOfEntriesMapped); UNLOCK_PFN (OldIrql); } CurrentProcess->Vm.WorkingSetSize = CurrentEntry; MmWorkingSetList->FirstFree = CurrentEntry; MmWorkingSetList->FirstDynamic = CurrentEntry; MmWorkingSetList->NextSlot = CurrentEntry; // // Initialize the following slots as free. // i = CurrentEntry + 1; do { // // Build the free list, note that the first working // set entries (CurrentEntry) are not on the free list. // These entries are reserved for the pages which // map the working set and the page which contains the PDE. // WslEntry += 1; WslEntry->u1.Long = i << MM_FREE_WSLE_SHIFT; i += 1; } while (i <= NumberOfEntriesMapped); WslEntry->u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; // End of list. MmWorkingSetList->LastInitializedWsle = NumberOfEntriesMapped - 1; if (CurrentProcess->Vm.MaximumWorkingSetSize > ((1536*1024) >> PAGE_SHIFT)) { // // The working set list consists of more than a single page. // MiGrowWsleHash (&CurrentProcess->Vm); } return; }

VOID MiInitMachineDependent (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Definition at line 41 of file inialpha.c. References _16MB, _1MB, ActiveAndValid, ASSERT, BadPageList, _MEMORY_ALLOCATION_DESCRIPTOR::BasePage, _MMPFNLIST::Blink, Buffer, c, CHAR, DISPATCH_LEVEL, ExAllocatePoolWithTag, FALSE, FIRST_MAPPING_PTE, _MMPFNLIST::Flink, _MMCOLOR_TABLES::Flink, FreePageList, HYPER_SPACE, InbvDisplayString(), InitializePool(), KeBugCheck(), KeBugCheckEx(), KeFlushSingleTb(), KeInitializeSpinLock(), KeLowerIrql(), KeRaiseIrql(), KeSweepDcache(), KSEG0_BASE, LAST_MAPPING_PTE, _MEMORY_ALLOCATION_DESCRIPTOR::ListEntry, _MMPFNLIST::ListName, LoaderBad, LoaderFirmwareTemporary, LoaderFree, LoaderLoadedProgram, LoaderOsloaderHeap, LoaderOsloaderStack, LOCK_PFN, _MMSUPPORT::MaximumWorkingSetSize, _MEMORY_ALLOCATION_DESCRIPTOR::MemoryType, MI_CONVERT_PHYSICAL_TO_PFN, MI_GET_COLOR_FROM_SECONDARY, MI_GET_PAGE_COLOR_FROM_PTE, MI_IS_PHYSICAL_ADDRESS, MI_PFN_ELEMENT, MI_SESSION_SPACE_END, MI_SET_PFN_DELETED, MiGetPdeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiHydra, MiInitializeNonPagedPool(), MiInitializeSystemPtes(), MiInsertPageInList(), _MMSUPPORT::MinimumWorkingSetSize, MiRemoveAnyPage(), MiRequestedSystemPtes, MiReserveSystemPtes(), MM_COLOR_MASK, MM_EMPTY_LIST, MM_LOWEST_NONPAGED_SYSTEM_START, MM_MAX_ADDITIONAL_NONPAGED_POOL, MM_MAX_INITIAL_NONPAGED_POOL, MM_MAXIMUM_NUMBER_OF_COLORS, MM_PAGES_IN_KSEG0, MM_SECONDARY_COLORS_DEFAULT, MM_SECONDARY_COLORS_MAX, MM_SECONDARY_COLORS_MIN, MM_SUBSECTION_MAP, MM_SYSTEM_SPACE_END, MM_SYSTEM_SPACE_START, MMCOLOR_TABLES, MmDefaultMaximumNonPagedPool, MmDynamicPfn, MmExpandedNonPagedPoolInBytes, MmFirstReservedMappingPte, MmFreePagesByColor, MmFreePagesByPrimaryColor, MmHiberPages, MmHighestPhysicalPage, MmHighestPossiblePhysicalPage, MmInitializeProcessAddressSpace(), MmIsAddressValid(), MmLastReservedMappingPte, MmLowestPhysicalPage, MmMaxAdditionNonPagedPoolPerMb, MmMaximumNonPagedPoolInBytes, MmMinAdditionNonPagedPoolPerMb, MmMinimumNonPagedPoolSize, MmNonPagedMustSucceed, MmNonPagedPoolEnd, MmNonPagedPoolExpansionStart, MmNonPagedPoolStart, MmNonPagedSystemStart, MmNumberOfPhysicalPages, MmNumberOfSystemPtes, MmPageAlignedPoolBase, MmPageLocationList, MMPFN, MmPfnDatabase, MmPfnLock, MmSecondaryColorMask, MmSecondaryColors, MmSessionBase, MmSizeOfNonPagedMustSucceed, MmSizeOfNonPagedPoolInBytes, MmSubsectionBase, MmSubsectionTopPage, MmSystemProcessWorkingSetMax, MmSystemProcessWorkingSetMin, MmSystemSpaceLock, MmWorkingSetList, MMWSL, MmWsle, NON_PAGED_SYSTEM_END, NonPagedPool, NonPagedPoolExpansion, NonPagedPoolMustSucceed, NULL, NUMBER_OF_MAPPING_PTES, PAGE_ALIGN, PAGE_DIRECTORY_MASK, PAGE_SHIFT, PAGE_SIZE, _MEMORY_ALLOCATION_DESCRIPTOR::PageCount, PDE_PER_PAGE, PsGetCurrentProcess, PTE_PER_PAGE, PTE_SHIFT, _MMPFN::PteAddress, _MMPFN::PteFrame, RtlCompareMemoryUlong(), sprintf(), StandbyPageList, SystemPteSpace, TRUE, _MMPTE::u, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, ValidKernelPte, _EPROCESS::Vm, WORKING_SET_LIST, _EPROCESS::WorkingSetPage, ZeroedPageList, and ZeroKernelPte. Referenced by MmInitSystem(). 00047 : 00048 00049 This routine performs the necessary operations to enable virtual 00050 memory. This includes building the page directory page, building 00051 page table pages to map the code section, the data section, the' 00052 stack section and the trap handler. 00053 00054 It also initializes the PFN database and populates the free list. 00055 00056 00057 Arguments: 00058 00059 None. 00060 00061 Return Value: 00062 00063 None. 00064 00065 Environment: 00066 00067 Kernel mode. 00068 00069 --*/ 00070 00071 { 00072 PMMPFN BasePfn; 00073 PMMPFN BottomPfn; 00074 PMMPFN TopPfn; 00075 BOOLEAN PfnInKseg0; 00076 ULONG LowMemoryReserved; 00077 ULONG i, j; 00078 ULONG HighPage; 00079 ULONG PagesLeft; 00080 ULONG PageNumber; 00081 ULONG PdePageNumber; 00082 ULONG PdePage; 00083 ULONG PageFrameIndex; 00084 ULONG NextPhysicalPage; 00085 ULONG PfnAllocation; 00086 ULONG NumberOfPages; 00087 PEPROCESS CurrentProcess; 00088 PVOID SpinLockPage; 00089 ULONG MostFreePage; 00090 ULONG MostFreeLowMem; 00091 PLIST_ENTRY NextMd; 00092 ULONG MaxPool; 00093 KIRQL OldIrql; 00094 PMEMORY_ALLOCATION_DESCRIPTOR FreeDescriptor; 00095 PMEMORY_ALLOCATION_DESCRIPTOR FreeDescriptorLowMem; 00096 PMEMORY_ALLOCATION_DESCRIPTOR MemoryDescriptor; 00097 MMPTE TempPte; 00098 PMMPTE PointerPde; 00099 PMMPTE PointerPte; 00100 PMMPTE LastPte; 00101 PMMPTE CacheStackPage; 00102 PMMPTE Pde; 00103 PMMPTE StartPde; 00104 PMMPTE EndPde; 00105 PMMPFN Pfn1; 00106 PMMPFN Pfn2; 00107 PULONG PointerLong; 00108 CHAR Buffer[256]; 00109 PMMFREE_POOL_ENTRY Entry; 00110 PVOID NonPagedPoolStartVirtual; 00111 ULONG Range; 00112 ULONG RemovedLowPage; 00113 ULONG RemovedLowCount; 00114 00115 RemovedLowPage = 0; 00116 RemovedLowCount = 0; 00117 LowMemoryReserved = 0; 00118 MostFreePage = 0; 00119 MostFreeLowMem = 0; 00120 FreeDescriptor = NULL; 00121 FreeDescriptorLowMem = NULL; 00122 00123 PointerPte = MiGetPdeAddress (PDE_BASE); 00124 00125 PdePageNumber = PointerPte->u.Hard.PageFrameNumber; 00126 00127 PsGetCurrentProcess()->Pcb.DirectoryTableBase[0] = PointerPte->u.Long; 00128 00129 KeSweepDcache (FALSE); 00130 00131 // 00132 // Get the lower bound of the free physical memory and the 00133 // number of physical pages by walking the memory descriptor lists. 00134 // In addition, find the memory descriptor with the most free pages 00135 // that begins at a physical address less than 16MB. The 16 MB 00136 // boundary is necessary for allocating common buffers for use by 00137 // ISA devices that cannot address more than 24 bits. 00138 // 00139 00140 NextMd = LoaderBlock->MemoryDescriptorListHead.Flink; 00141 00142 // 00143 // When restoring a hibernation image, OS Loader needs to use "a few" extra 00144 // pages of LoaderFree memory. 00145 // This is not accounted for when reserving memory for hibernation below. 00146 // Start with a safety margin to allow for this plus modest future increase. 00147 // 00148 00149 MmHiberPages = 96; 00150 00151 while (NextMd != &LoaderBlock->MemoryDescriptorListHead) { 00152 00153 MemoryDescriptor = CONTAINING_RECORD(NextMd, 00154 MEMORY_ALLOCATION_DESCRIPTOR, 00155 ListEntry); 00156 00157 HighPage = MemoryDescriptor->BasePage + MemoryDescriptor->PageCount-1; 00158 00159 // 00160 // This check results in /BURNMEMORY chunks not being counted. 00161 // 00162 00163 if (MemoryDescriptor->MemoryType != LoaderBad) { 00164 MmNumberOfPhysicalPages += MemoryDescriptor->PageCount; 00165 } 00166 00167 if (MemoryDescriptor->BasePage < MmLowestPhysicalPage) { 00168 MmLowestPhysicalPage = MemoryDescriptor->BasePage; 00169 } 00170 00171 if (HighPage > MmHighestPhysicalPage) { 00172 MmHighestPhysicalPage = HighPage; 00173 } 00174 00175 // 00176 // Locate the largest free block starting below 16 megs 00177 // and the largest free block. 00178 // 00179 00180 if ((MemoryDescriptor->MemoryType == LoaderFree) || 00181 (MemoryDescriptor->MemoryType == LoaderLoadedProgram) || 00182 (MemoryDescriptor->MemoryType == LoaderFirmwareTemporary) || 00183 (MemoryDescriptor->MemoryType == LoaderOsloaderStack)) { 00184 00185 // 00186 // Every page that will be used as free memory that is not already 00187 // marked as LoaderFree must be counted so a hibernate can reserve 00188 // the proper amount. 00189 // 00190 00191 if (MemoryDescriptor->MemoryType != LoaderFree) { 00192 MmHiberPages += MemoryDescriptor->PageCount; 00193 } 00194 00195 if ((MemoryDescriptor->PageCount > MostFreeLowMem) && 00196 (MemoryDescriptor->BasePage < (_16MB >> PAGE_SHIFT)) && 00197 (HighPage < MM_PAGES_IN_KSEG0)) { 00198 00199 MostFreeLowMem = MemoryDescriptor->PageCount; 00200 FreeDescriptorLowMem = MemoryDescriptor; 00201 00202 } else if (MemoryDescriptor->PageCount > MostFreePage) { 00203 00204 MostFreePage = MemoryDescriptor->PageCount; 00205 FreeDescriptor = MemoryDescriptor; 00206 } 00207 } else if (MemoryDescriptor->MemoryType == LoaderOsloaderHeap) { 00208 // 00209 // We do not want to use this memory yet as it still has important 00210 // data structures in it. But we still want to account for this in 00211 // the hibernation pages 00212 // 00213 MmHiberPages += MemoryDescriptor->PageCount; 00214 } 00215 00216 NextMd = MemoryDescriptor->ListEntry.Flink; 00217 } 00218 00219 // 00220 // Perform sanity checks on the results of walking the memory 00221 // descriptors. 00222 // 00223 00224 if (MmNumberOfPhysicalPages < 1024) { 00225 KeBugCheckEx (INSTALL_MORE_MEMORY, 00226 MmNumberOfPhysicalPages, 00227 MmLowestPhysicalPage, 00228 MmHighestPhysicalPage, 00229 0); 00230 } 00231 00232 if (FreeDescriptorLowMem == NULL){ 00233 InbvDisplayString("MmInit *** FATAL ERROR *** no free descriptors that begin below physical address 16MB\n"); 00234 KeBugCheck (MEMORY_MANAGEMENT); 00235 } 00236 00237 if (MmDynamicPfn == TRUE) { 00238 00239 // 00240 // Since a ~128mb PFN database is required to span the 32GB supported 00241 // by Alpha, require 256mb of memory to be present to support 00242 // this option. 00243 // 00244 00245 if (MmNumberOfPhysicalPages >= (256 * 1024 * 1024) / PAGE_SIZE) { 00246 MmHighestPossiblePhysicalPage = 0x400000 - 1; 00247 } 00248 else { 00249 MmDynamicPfn = FALSE; 00250 } 00251 } 00252 else { 00253 MmHighestPossiblePhysicalPage = MmHighestPhysicalPage; 00254 } 00255 00256 // 00257 // Used later to build nonpaged pool. 00258 // 00259 00260 NextPhysicalPage = FreeDescriptorLowMem->BasePage; 00261 NumberOfPages = FreeDescriptorLowMem->PageCount; 00262 00263 // 00264 // Build non-paged pool using the physical pages following the 00265 // data page in which to build the pool from. Non-paged pool grows 00266 // from the high range of the virtual address space and expands 00267 // downward. 00268 // 00269 // At this time non-paged pool is constructed so virtual addresses 00270 // are also physically contiguous. 00271 // 00272 00273 if ((MmSizeOfNonPagedPoolInBytes >> PAGE_SHIFT) > 00274 (7 * (MmNumberOfPhysicalPages >> 3))) { 00275 00276 // 00277 // More than 7/8 of memory allocated to nonpagedpool, reset to 0. 00278 // 00279 00280 MmSizeOfNonPagedPoolInBytes = 0; 00281 } 00282 00283 if (MmSizeOfNonPagedPoolInBytes < MmMinimumNonPagedPoolSize) { 00284 00285 // 00286 // Calculate the size of nonpaged pool. Use the minimum size, 00287 // then for every MB above 8mb add extra pages. 00288 // 00289 00290 MmSizeOfNonPagedPoolInBytes = MmMinimumNonPagedPoolSize; 00291 00292 MmSizeOfNonPagedPoolInBytes += 00293 ((MmNumberOfPhysicalPages - 1024) / 00294 (_1MB >> PAGE_SHIFT) ) * 00295 MmMinAdditionNonPagedPoolPerMb; 00296 } 00297 00298 // 00299 // Align to page size boundary. 00300 // 00301 00302 MmSizeOfNonPagedPoolInBytes &= ~(PAGE_SIZE - 1); 00303 00304 // 00305 // Limit initial nonpaged pool size to MM_MAX_INITIAL_NONPAGED_POOL 00306 // 00307 00308 if (MmSizeOfNonPagedPoolInBytes > MM_MAX_INITIAL_NONPAGED_POOL) { 00309 MmSizeOfNonPagedPoolInBytes = MM_MAX_INITIAL_NONPAGED_POOL; 00310 } 00311 00312 // 00313 // If the non-paged pool that we want to allocate will not fit in 00314 // the free memory descriptor that we have available then recompute 00315 // the size of non-paged pool to be the size of the free memory 00316 // descriptor. If the free memory descriptor cannot fit the 00317 // minimum non-paged pool size (MmMinimumNonPagedPoolSize) then we 00318 // cannot boot the operating system. 00319 // 00320 00321 if ((MmSizeOfNonPagedPoolInBytes >> PAGE_SHIFT) > NumberOfPages) { 00322 00323 // 00324 // Reserve all of low memory for nonpaged pool. 00325 // 00326 00327 MmSizeOfNonPagedPoolInBytes = NumberOfPages << PAGE_SHIFT; 00328 LowMemoryReserved = NextPhysicalPage; 00329 00330 // 00331 // Switch to backup descriptor for all other allocations. 00332 // 00333 00334 NextPhysicalPage = FreeDescriptor->BasePage; 00335 NumberOfPages = FreeDescriptor->PageCount; 00336 00337 if (MmSizeOfNonPagedPoolInBytes < MmMinimumNonPagedPoolSize) { 00338 InbvDisplayString("MmInit *** FATAL ERROR *** cannot allocate non-paged pool\n"); 00339 sprintf(Buffer, 00340 "Largest description = %d pages, require %d pages\n", 00341 NumberOfPages, 00342 MmMinimumNonPagedPoolSize >> PAGE_SHIFT); 00343 InbvDisplayString (Buffer ); 00344 KeBugCheck (MEMORY_MANAGEMENT); 00345 00346 } 00347 } 00348 00349 // 00350 // Calculate the maximum size of pool. 00351 // 00352 00353 if (MmMaximumNonPagedPoolInBytes == 0) { 00354 00355 // 00356 // Calculate the size of nonpaged pool. 00357 // For every MB above 8mb add extra pages. 00358 // 00359 00360 MmMaximumNonPagedPoolInBytes = MmDefaultMaximumNonPagedPool; 00361 00362 // 00363 // Make sure enough expansion for the PFN database exists. 00364 // 00365 00366 MmMaximumNonPagedPoolInBytes += (ULONG)PAGE_ALIGN ( 00367 MmHighestPhysicalPage * sizeof(MMPFN)); 00368 00369 MmMaximumNonPagedPoolInBytes += 00370 ((MmNumberOfPhysicalPages - 1024) / 00371 (_1MB >> PAGE_SHIFT) ) * 00372 MmMaxAdditionNonPagedPoolPerMb; 00373 } 00374 00375 MaxPool = MmSizeOfNonPagedPoolInBytes + PAGE_SIZE * 16 + 00376 (ULONG)PAGE_ALIGN ( 00377 MmHighestPhysicalPage * sizeof(MMPFN)); 00378 00379 if (MmMaximumNonPagedPoolInBytes < MaxPool) { 00380 MmMaximumNonPagedPoolInBytes = MaxPool; 00381 } 00382 00383 // 00384 // If the system is configured for maximum system PTEs then limit maximum 00385 // nonpaged pool to 128mb so the rest of the virtual address space can 00386 // be used for the PTEs. Also push as much nonpaged pool as possible 00387 // into kseg0 to free up more PTEs. 00388 // 00389 00390 if (MmMaximumNonPagedPoolInBytes > MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00391 00392 ULONG InitialNonPagedPages; 00393 ULONG ExpansionPagesToMove; 00394 ULONG LowAvailPages; 00395 00396 if ((MiRequestedSystemPtes == (ULONG)-1) || (MiHydra == TRUE)) { 00397 MmMaximumNonPagedPoolInBytes = MM_MAX_ADDITIONAL_NONPAGED_POOL; 00398 00399 if (LowMemoryReserved == 0) { 00400 00401 InitialNonPagedPages = (MmSizeOfNonPagedPoolInBytes >> PAGE_SHIFT); 00402 00403 if (InitialNonPagedPages + 1024 < NumberOfPages) { 00404 LowAvailPages = NumberOfPages - 1024 - InitialNonPagedPages; 00405 00406 ExpansionPagesToMove = (MmMaximumNonPagedPoolInBytes >> PAGE_SHIFT) - InitialNonPagedPages; 00407 00408 if (ExpansionPagesToMove > 32) { 00409 ExpansionPagesToMove -= 32; 00410 if (LowAvailPages > ExpansionPagesToMove) { 00411 LowAvailPages = ExpansionPagesToMove; 00412 } 00413 00414 MmSizeOfNonPagedPoolInBytes += (LowAvailPages << PAGE_SHIFT); 00415 } 00416 } 00417 } 00418 00419 if (MmSizeOfNonPagedPoolInBytes == MmMaximumNonPagedPoolInBytes) { 00420 ASSERT (MmSizeOfNonPagedPoolInBytes > (32 << PAGE_SHIFT)); 00421 MmSizeOfNonPagedPoolInBytes -= (32 << PAGE_SHIFT); 00422 } 00423 } 00424 } 00425 00426 // 00427 // Limit maximum nonpaged pool to MM_MAX_ADDITIONAL_NONPAGED_POOL. 00428 // 00429 00430 if (MmMaximumNonPagedPoolInBytes > MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00431 00432 if (MmMaximumNonPagedPoolInBytes > MM_MAX_INITIAL_NONPAGED_POOL + MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00433 MmMaximumNonPagedPoolInBytes = MM_MAX_INITIAL_NONPAGED_POOL + MM_MAX_ADDITIONAL_NONPAGED_POOL; 00434 } 00435 00436 if (LowMemoryReserved != 0) { 00437 if (MmMaximumNonPagedPoolInBytes > MmSizeOfNonPagedPoolInBytes + MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00438 MmMaximumNonPagedPoolInBytes = MmSizeOfNonPagedPoolInBytes + MM_MAX_ADDITIONAL_NONPAGED_POOL; 00439 } 00440 MmExpandedNonPagedPoolInBytes = MmMaximumNonPagedPoolInBytes - MmSizeOfNonPagedPoolInBytes; 00441 } 00442 else { 00443 00444 if ((MM_MAX_INITIAL_NONPAGED_POOL >> PAGE_SHIFT) >= NumberOfPages) { 00445 00446 // 00447 // Reserve all of low memory for nonpaged pool. 00448 // 00449 00450 SIZE_T Diff; 00451 00452 Diff = MmMaximumNonPagedPoolInBytes - MmSizeOfNonPagedPoolInBytes; 00453 if (Diff > MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00454 Diff = MM_MAX_ADDITIONAL_NONPAGED_POOL; 00455 } 00456 00457 MmSizeOfNonPagedPoolInBytes = NumberOfPages << PAGE_SHIFT; 00458 MmMaximumNonPagedPoolInBytes = MmSizeOfNonPagedPoolInBytes + Diff; 00459 LowMemoryReserved = NextPhysicalPage; 00460 00461 // 00462 // Switch to backup descriptor for all other allocations. 00463 // 00464 00465 NextPhysicalPage = FreeDescriptor->BasePage; 00466 NumberOfPages = FreeDescriptor->PageCount; 00467 } 00468 else { 00469 00470 MmSizeOfNonPagedPoolInBytes = MM_MAX_INITIAL_NONPAGED_POOL; 00471 00472 // 00473 // The pages must be subtracted from the low descriptor so 00474 // they are not used for anything else or put on the freelist. 00475 // But they must be added back in later when initializing PFNs 00476 // for all the descriptor ranges. 00477 // 00478 00479 RemovedLowCount = (MmSizeOfNonPagedPoolInBytes >> PAGE_SHIFT); 00480 FreeDescriptorLowMem->PageCount -= RemovedLowCount; 00481 RemovedLowPage = FreeDescriptorLowMem->BasePage + FreeDescriptorLowMem->PageCount; 00482 00483 NumberOfPages = FreeDescriptorLowMem->PageCount; 00484 } 00485 00486 MmExpandedNonPagedPoolInBytes = MmMaximumNonPagedPoolInBytes - MmSizeOfNonPagedPoolInBytes; 00487 00488 if (MmExpandedNonPagedPoolInBytes > MM_MAX_ADDITIONAL_NONPAGED_POOL) { 00489 MmExpandedNonPagedPoolInBytes = MM_MAX_ADDITIONAL_NONPAGED_POOL; 00490 } 00491 } 00492 } 00493 00494 if (MmExpandedNonPagedPoolInBytes) { 00495 MmNonPagedPoolStart = (PVOID)((ULONG)MmNonPagedPoolEnd 00496 - MmExpandedNonPagedPoolInBytes); 00497 } 00498 else { 00499 MmNonPagedPoolStart = (PVOID)((ULONG)MmNonPagedPoolEnd 00500 - (MmMaximumNonPagedPoolInBytes - 1)); 00501 } 00502 00503 MmNonPagedPoolStart = (PVOID)PAGE_ALIGN(MmNonPagedPoolStart); 00504 NonPagedPoolStartVirtual = MmNonPagedPoolStart; 00505 00506 // 00507 // Calculate the starting PDE for the system PTE pool which is 00508 // right below the nonpaged pool. 00509 // 00510 00511 MmNonPagedSystemStart = (PVOID)(((ULONG)MmNonPagedPoolStart - 00512 ((MmNumberOfSystemPtes + 1) * PAGE_SIZE)) & 00513 (~PAGE_DIRECTORY_MASK)); 00514 00515 if (MmNonPagedSystemStart < MM_LOWEST_NONPAGED_SYSTEM_START) { 00516 MmNonPagedSystemStart = MM_LOWEST_NONPAGED_SYSTEM_START; 00517 } 00518 00519 MmNumberOfSystemPtes = (((ULONG)MmNonPagedPoolStart - 00520 (ULONG)MmNonPagedSystemStart) >> PAGE_SHIFT)-1; 00521 ASSERT (MmNumberOfSystemPtes > 1000); 00522 00523 // 00524 // Set the global bit for all PDEs in system space. 00525 // 00526 00527 StartPde = MiGetPdeAddress (MM_SYSTEM_SPACE_START); 00528 EndPde = MiGetPdeAddress (MM_SYSTEM_SPACE_END); 00529 00530 while (StartPde <= EndPde) { 00531 00532 if (StartPde->u.Hard.Global == 0) { 00533 TempPte = *StartPde; 00534 TempPte.u.Hard.Global = 1; 00535 *StartPde = TempPte; 00536 } 00537 00538 StartPde += 1; 00539 } 00540 00541 if (MiHydra == TRUE) { 00542 00543 // 00544 // Clear the global bit for all session space addresses. 00545 // 00546 00547 StartPde = MiGetPdeAddress (MmSessionBase); 00548 EndPde = MiGetPdeAddress (MI_SESSION_SPACE_END); 00549 00550 while (StartPde < EndPde) { 00551 00552 if (StartPde->u.Hard.Global == 1) { 00553 TempPte = *StartPde; 00554 TempPte.u.Hard.Global = 0; 00555 *StartPde = TempPte; 00556 } 00557 00558 ASSERT (StartPde->u.Long == 0); 00559 StartPde += 1; 00560 } 00561 } 00562 00563 StartPde = MiGetPdeAddress (MmNonPagedSystemStart); 00564 00565 EndPde = MiGetPdeAddress (MmNonPagedPoolEnd); 00566 00567 ASSERT ((EndPde - StartPde) < (LONG)NumberOfPages); 00568 00569 TempPte = ValidKernelPte; 00570 00571 while (StartPde <= EndPde) { 00572 if (StartPde->u.Hard.Valid == 0) { 00573 00574 // 00575 // Map in a page directory page. 00576 // 00577 00578 TempPte.u.Hard.PageFrameNumber = NextPhysicalPage; 00579 NumberOfPages -= 1; 00580 NextPhysicalPage += 1; 00581 00582 if (NumberOfPages == 0) { 00583 ASSERT (NextPhysicalPage != (FreeDescriptor->BasePage + 00584 FreeDescriptor->PageCount)); 00585 NextPhysicalPage = FreeDescriptor->BasePage; 00586 NumberOfPages = FreeDescriptor->PageCount; 00587 } 00588 *StartPde = TempPte; 00589 } 00590 StartPde += 1; 00591 } 00592 00593 // 00594 // Zero the PTEs before non-paged pool. 00595 // 00596 00597 StartPde = MiGetPteAddress (MmNonPagedSystemStart); 00598 PointerPte = MiGetPteAddress (MmNonPagedPoolStart); 00599 00600 RtlZeroMemory (StartPde, (ULONG)PointerPte - (ULONG)StartPde); 00601 00602 // 00603 // Fill in the PTEs for non-paged pool. 00604 // 00605 00606 PointerPte = MiGetPteAddress(MmNonPagedPoolStart); 00607 LastPte = MiGetPteAddress((ULONG)MmNonPagedPoolStart + 00608 MmSizeOfNonPagedPoolInBytes - 1); 00609 00610 if (MmExpandedNonPagedPoolInBytes == 0) { 00611 if (!LowMemoryReserved) { 00612 00613 if (NumberOfPages < (ULONG)(LastPte - PointerPte + 1)) { 00614 00615 // 00616 // Can't just switch descriptors here - the initial nonpaged 00617 // pool is always mapped via KSEG0 and is thus required to be 00618 // virtually and physically contiguous. 00619 // 00620 00621 KeBugCheckEx (INSTALL_MORE_MEMORY, 00622 MmNumberOfPhysicalPages, 00623 NumberOfPages, 00624 LastPte - PointerPte + 1, 00625 1); 00626 } 00627 00628 while (PointerPte <= LastPte) { 00629 TempPte.u.Hard.PageFrameNumber = NextPhysicalPage; 00630 NextPhysicalPage += 1; 00631 NumberOfPages -= 1; 00632 ASSERT (NumberOfPages != 0); 00633 *PointerPte = TempPte; 00634 PointerPte += 1; 00635 } 00636 00637 } else { 00638 00639 ULONG ReservedPage = FreeDescriptorLowMem->BasePage; 00640 00641 while (PointerPte <= LastPte) { 00642 TempPte.u.Hard.PageFrameNumber = ReservedPage; 00643 ReservedPage += 1; 00644 *PointerPte = TempPte; 00645 PointerPte += 1; 00646 } 00647 } 00648 LastPte = MiGetPteAddress ((ULONG)MmNonPagedPoolStart + 00649 MmMaximumNonPagedPoolInBytes - 1); 00650 } 00651 else { 00652 LastPte = MiGetPteAddress ((ULONG)MmNonPagedPoolStart + 00653 MmExpandedNonPagedPoolInBytes - 1); 00654 } 00655 00656 // 00657 // Zero the remaining PTEs for non-paged pool maximum. 00658 // 00659 00660 while (PointerPte <= LastPte) { 00661 *PointerPte = ZeroKernelPte; 00662 PointerPte += 1; 00663 } 00664 00665 // 00666 // Zero the remaining PTEs (if any). 00667 // 00668 00669 while (((ULONG)PointerPte & (PAGE_SIZE - 1)) != 0) { 00670 *PointerPte = ZeroKernelPte; 00671 PointerPte += 1; 00672 } 00673 00674 if (MmExpandedNonPagedPoolInBytes) { 00675 00676 if (LowMemoryReserved) { 00677 MmNonPagedPoolStart = (PVOID)((LowMemoryReserved << PAGE_SHIFT) | 00678 KSEG0_BASE); 00679 } 00680 else if (RemovedLowPage) { 00681 MmNonPagedPoolStart = (PVOID)((RemovedLowPage << PAGE_SHIFT) | 00682 KSEG0_BASE); 00683 } 00684 else { 00685 ASSERT (FALSE); 00686 } 00687 } 00688 else { 00689 PointerPte = MiGetPteAddress (MmNonPagedPoolStart); 00690 MmNonPagedPoolStart = (PVOID)((PointerPte->u.Hard.PageFrameNumber << PAGE_SHIFT) | 00691 KSEG0_BASE); 00692 } 00693 00694 MmPageAlignedPoolBase[NonPagedPool] = MmNonPagedPoolStart; 00695 00696 MmSubsectionBase = (ULONG)MmNonPagedPoolStart; 00697 00698 if (MmExpandedNonPagedPoolInBytes == 0) { 00699 if (NextPhysicalPage < (MM_SUBSECTION_MAP >> PAGE_SHIFT)) { 00700 MmSubsectionBase = KSEG0_BASE; 00701 } 00702 } 00703 00704 MmSubsectionTopPage = (((MmSubsectionBase & ~KSEG0_BASE) + MM_SUBSECTION_MAP) >> PAGE_SHIFT); 00705 00706 // 00707 // Non-paged pages now exist, build the pool structures. 00708 // 00709 00710 if (MmExpandedNonPagedPoolInBytes) { 00711 MmNonPagedPoolExpansionStart = (PVOID)NonPagedPoolStartVirtual; 00712 } 00713 else { 00714 MmNonPagedPoolExpansionStart = (PVOID)((PCHAR)NonPagedPoolStartVirtual + 00715 MmSizeOfNonPagedPoolInBytes); 00716 } 00717 00718 MiInitializeNonPagedPool (); 00719 00720 // 00721 // Before Non-paged pool can be used, the PFN database must 00722 // be built. This is due to the fact that the start and end of 00723 // allocation bits for nonpaged pool are maintained in the 00724 // PFN elements for the corresponding pages. 00725 // 00726 00727 // 00728 // Calculate the number of pages required from page zero to 00729 // the highest page. 00730 // 00731 // Get the number of secondary colors and add the array for tracking 00732 // secondary colors to the end of the PFN database. 00733 // 00734 00735 if (MmSecondaryColors == 0) { 00736 MmSecondaryColors = PCR->SecondLevelCacheSize; 00737 } 00738 00739 MmSecondaryColors = MmSecondaryColors >> PAGE_SHIFT; 00740 00741 // 00742 // Make sure value is power of two and within limits. 00743 // 00744 00745 if (((MmSecondaryColors & (MmSecondaryColors -1)) != 0) || 00746 (MmSecondaryColors < MM_SECONDARY_COLORS_MIN) || 00747 (MmSecondaryColors > MM_SECONDARY_COLORS_MAX)) { 00748 00749 MmSecondaryColors = MM_SECONDARY_COLORS_DEFAULT; 00750 } 00751 00752 MmSecondaryColorMask = MmSecondaryColors - 1; 00753 00754 PfnAllocation = 1 + ((((MmHighestPossiblePhysicalPage + 1) * sizeof(MMPFN)) + 00755 (MmSecondaryColors * sizeof(MMCOLOR_TABLES)*2)) 00756 >> PAGE_SHIFT); 00757 00758 // 00759 // If the number of pages remaining in the current descriptor is 00760 // greater than the number of pages needed for the PFN database, 00761 // and the descriptor is for memory below 1 gig, then allocate the 00762 // PFN database from the current free descriptor. 00763 // Note: FW creates a new memory descriptor for any memory above 1GB. 00764 // Thus we don't need to worry if the highest page will go beyond 1GB for 00765 // this memory descriptor. 00766 // 00767 00768 #ifndef PFN_CONSISTENCY 00769 if ((NumberOfPages >= PfnAllocation) && 00770 (NextPhysicalPage + NumberOfPages <= MM_PAGES_IN_KSEG0)) { 00771 00772 // 00773 // Allocate the PFN database in kseg0. 00774 // 00775 // Compute the address of the PFN by allocating the appropriate 00776 // number of pages from the end of the free descriptor. 00777 // 00778 00779 PfnInKseg0 = TRUE; 00780 HighPage = NextPhysicalPage + NumberOfPages; 00781 MmPfnDatabase = (PMMPFN)(KSEG0_BASE | 00782 ((HighPage - PfnAllocation) << PAGE_SHIFT)); 00783 RtlZeroMemory(MmPfnDatabase, PfnAllocation * PAGE_SIZE); 00784 00785 // 00786 // Mark off the chunk of memory used for the PFN database. 00787 // 00788 00789 NumberOfPages -= PfnAllocation; 00790 00791 if (NextPhysicalPage >= FreeDescriptorLowMem->BasePage && 00792 NextPhysicalPage < (FreeDescriptorLowMem->BasePage + 00793 FreeDescriptorLowMem->PageCount)) { 00794 00795 // 00796 // We haven't used the other descriptor. 00797 // 00798 00799 FreeDescriptorLowMem->PageCount -= PfnAllocation; 00800 00801 } else { 00802 00803 FreeDescriptor->PageCount -= PfnAllocation; 00804 } 00805 00806 // 00807 // Allocate one PTE at the very top of the Mm virtual address space. 00808 // This provides protection against the caller of the first real 00809 // nonpaged expansion allocation in case he accidentally overruns his 00810 // pool block. (We'll trap instead of corrupting the crashdump PTEs). 00811 // This also allows us to freely increment in MiFreePoolPages 00812 // without having to worry about a valid PTE just after the end of 00813 // the highest nonpaged pool allocation. 00814 // 00815 00816 MiReserveSystemPtes (1, 00817 NonPagedPoolExpansion, 00818 0, 00819 0, 00820 TRUE); 00821 00822 } else { 00823 00824 #endif // PFN_CONSISTENCY 00825 00826 // 00827 // Calculate the start of the Pfn database (it starts at physical 00828 // page zero, even if the lowest physical page is not zero). 00829 // 00830 00831 PfnInKseg0 = FALSE; 00832 PointerPte = MiReserveSystemPtes (PfnAllocation, 00833 NonPagedPoolExpansion, 00834 0, 00835 0, 00836 TRUE); 00837 00838 #if PFN_CONSISTENCY 00839 MiPfnStartPte = PointerPte; 00840 MiPfnPtes = PfnAllocation; 00841 #endif 00842 00843 MmPfnDatabase = (PMMPFN)(MiGetVirtualAddressMappedByPte (PointerPte)); 00844 00845 // 00846 // Allocate one more PTE just below the PFN database. This provides 00847 // protection against the caller of the first real nonpaged 00848 // expansion allocation in case he accidentally overruns his pool 00849 // block. (We'll trap instead of corrupting the PFN database). 00850 // This also allows us to freely increment in MiFreePoolPages 00851 // without having to worry about a valid PTE just after the end of 00852 // the highest nonpaged pool allocation. 00853 // 00854 00855 MiReserveSystemPtes (1, 00856 NonPagedPoolExpansion, 00857 0, 00858 0, 00859 TRUE); 00860 00861 // 00862 // Go through the memory descriptors and for each physical page 00863 // make sure the PFN database has a valid PTE to map it. This allows 00864 // machines with sparse physical memory to have a minimal PFN 00865 // database. 00866 // 00867 00868 NextMd = LoaderBlock->MemoryDescriptorListHead.Flink; 00869 00870 while (NextMd != &LoaderBlock->MemoryDescriptorListHead) { 00871 00872 MemoryDescriptor = CONTAINING_RECORD(NextMd, 00873 MEMORY_ALLOCATION_DESCRIPTOR, 00874 ListEntry); 00875 00876 PointerPte = MiGetPteAddress (MI_PFN_ELEMENT( 00877 MemoryDescriptor->BasePage)); 00878 00879 LastPte = MiGetPteAddress (((PCHAR)(MI_PFN_ELEMENT( 00880 MemoryDescriptor->BasePage + 00881 MemoryDescriptor->PageCount))) - 1); 00882 00883 // 00884 // If memory was temporarily removed to create the initial non 00885 // paged pool, account for it now so PFN entries are created for it. 00886 // 00887 00888 if (MemoryDescriptor == FreeDescriptorLowMem) { 00889 if (RemovedLowPage) { 00890 ASSERT (MemoryDescriptor->BasePage + MemoryDescriptor->PageCount == RemovedLowPage); 00891 LastPte = MiGetPteAddress (((PCHAR)(MI_PFN_ELEMENT( 00892 MemoryDescriptor->BasePage + 00893 RemovedLowCount + 00894 MemoryDescriptor->PageCount))) - 1); 00895 } 00896 } 00897 00898 while (PointerPte <= LastPte) { 00899 00900 if (PointerPte->u.Hard.Valid == 0) { 00901 TempPte.u.Hard.PageFrameNumber = NextPhysicalPage; 00902 NextPhysicalPage += 1; 00903 NumberOfPages -= 1; 00904 if (NumberOfPages == 0) { 00905 ASSERT (NextPhysicalPage != (FreeDescriptor->BasePage + 00906 FreeDescriptor->PageCount)); 00907 NextPhysicalPage = FreeDescriptor->BasePage; 00908 NumberOfPages = FreeDescriptor->PageCount; 00909 } 00910 *PointerPte = TempPte; 00911 RtlZeroMemory (MiGetVirtualAddressMappedByPte (PointerPte), 00912 PAGE_SIZE); 00913 } 00914 PointerPte += 1; 00915 } 00916 NextMd = MemoryDescriptor->ListEntry.Flink; 00917 } 00918 #ifndef PFN_CONSISTENCY 00919 } 00920 #endif // PFN_CONSISTENCY 00921 00922 // 00923 // Initialize support for colored pages. 00924 // 00925 00926 MmFreePagesByColor[0] = (PMMCOLOR_TABLES) 00927 &MmPfnDatabase[MmHighestPossiblePhysicalPage + 1]; 00928 00929 MmFreePagesByColor[1] = &MmFreePagesByColor[0][MmSecondaryColors]; 00930 00931 // 00932 // Make sure the PTEs are mapped. 00933 // 00934 00935 if (!MI_IS_PHYSICAL_ADDRESS(MmFreePagesByColor[0])) { 00936 00937 PointerPte = MiGetPteAddress (&MmFreePagesByColor[0][0]); 00938 00939 LastPte = MiGetPteAddress ( 00940 (PVOID)((PCHAR)&MmFreePagesByColor[1][MmSecondaryColors]-1)); 00941 00942 while (PointerPte <= LastPte) { 00943 if (PointerPte->u.Hard.Valid == 0) { 00944 TempPte.u.Hard.PageFrameNumber = NextPhysicalPage; 00945 NextPhysicalPage += 1; 00946 NumberOfPages -= 1; 00947 if (NumberOfPages == 0) { 00948 ASSERT (NextPhysicalPage != (FreeDescriptor->BasePage + 00949 FreeDescriptor->PageCount)); 00950 NextPhysicalPage = FreeDescriptor->BasePage; 00951 NumberOfPages = FreeDescriptor->PageCount; 00952 } 00953 *PointerPte = TempPte; 00954 RtlZeroMemory (MiGetVirtualAddressMappedByPte (PointerPte), 00955 PAGE_SIZE); 00956 } 00957 PointerPte += 1; 00958 } 00959 } 00960 00961 for (i = 0; i < MmSecondaryColors; i += 1) { 00962 MmFreePagesByColor[ZeroedPageList][i].Flink = MM_EMPTY_LIST; 00963 MmFreePagesByColor[FreePageList][i].Flink = MM_EMPTY_LIST; 00964 } 00965 00966 #if MM_MAXIMUM_NUMBER_OF_COLORS > 1 00967 for (i = 0; i < MM_MAXIMUM_NUMBER_OF_COLORS; i += 1) { 00968 MmFreePagesByPrimaryColor[ZeroedPageList][i].ListName = ZeroedPageList; 00969 MmFreePagesByPrimaryColor[FreePageList][i].ListName = FreePageList; 00970 MmFreePagesByPrimaryColor[ZeroedPageList][i].Flink = MM_EMPTY_LIST; 00971 MmFreePagesByPrimaryColor[FreePageList][i].Flink = MM_EMPTY_LIST; 00972 MmFreePagesByPrimaryColor[ZeroedPageList][i].Blink = MM_EMPTY_LIST; 00973 MmFreePagesByPrimaryColor[FreePageList][i].Blink = MM_EMPTY_LIST; 00974 } 00975 #endif 00976 00977 // 00978 // Go through the page table entries and for any page which is 00979 // valid, update the corresponding PFN database element. 00980 // 00981 00982 PointerPde = MiGetPdeAddress (PTE_BASE); 00983 00984 PdePage = PointerPde->u.Hard.PageFrameNumber; 00985 Pfn1 = MI_PFN_ELEMENT(PdePage); 00986 Pfn1->PteFrame = PdePage; 00987 Pfn1->PteAddress = PointerPde; 00988 Pfn1->u2.ShareCount += 1; 00989 Pfn1->u3.e2.ReferenceCount = 1; 00990 Pfn1->u3.e1.PageLocation = ActiveAndValid; 00991 Pfn1->u3.e1.PageColor = 00992 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (PointerPde)); 00993 00994 // 00995 // Add the pages which were used to construct nonpaged pool to 00996 // the PFN database. 00997 // 00998 00999 Pde = MiGetPdeAddress (MmNonPagedSystemStart); 01000 01001 EndPde = MiGetPdeAddress(NON_PAGED_SYSTEM_END); 01002 01003 while (Pde <= EndPde) { 01004 if (Pde->u.Hard.Valid == 1) { 01005 PdePage = Pde->u.Hard.PageFrameNumber; 01006 Pfn1 = MI_PFN_ELEMENT(PdePage); 01007 Pfn1->PteFrame = PointerPde->u.Hard.PageFrameNumber; 01008 Pfn1->PteAddress = Pde; 01009 Pfn1->u2.ShareCount += 1; 01010 Pfn1->u3.e2.ReferenceCount = 1; 01011 Pfn1->u3.e1.PageLocation = ActiveAndValid; 01012 Pfn1->u3.e1.PageColor = 01013 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pde)); 01014 01015 PointerPte = MiGetVirtualAddressMappedByPte (Pde); 01016 for (j = 0 ; j < PTE_PER_PAGE; j += 1) { 01017 if (PointerPte->u.Hard.Valid == 1) { 01018 01019 PageFrameIndex = PointerPte->u.Hard.PageFrameNumber; 01020 Pfn2 = MI_PFN_ELEMENT(PageFrameIndex); 01021 Pfn2->PteFrame = PdePage; 01022 Pfn2->u2.ShareCount += 1; 01023 Pfn2->u3.e2.ReferenceCount = 1; 01024 Pfn2->u3.e1.PageLocation = ActiveAndValid; 01025 01026 Pfn2->PteAddress = 01027 (PMMPTE)(KSEG0_BASE | (PageFrameIndex << PTE_SHIFT)); 01028 01029 Pfn2->u3.e1.PageColor = 01030 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pfn2->PteAddress)); 01031 } 01032 PointerPte += 1; 01033 } 01034 } 01035 Pde += 1; 01036 } 01037 01038 // 01039 // Handle the initial nonpaged pool on expanded systems. 01040 // 01041 01042 if (MmExpandedNonPagedPoolInBytes) { 01043 PageFrameIndex = (((ULONG_PTR)MmNonPagedPoolStart & ~KSEG0_BASE) >> PAGE_SHIFT); 01044 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); 01045 j = PageFrameIndex + (MmSizeOfNonPagedPoolInBytes >> PAGE_SHIFT); 01046 while (PageFrameIndex < j) { 01047 Pfn1->PteFrame = PdePage; 01048 Pfn1->u2.ShareCount += 1; 01049 Pfn1->u3.e2.ReferenceCount = 1; 01050 Pfn1->u3.e1.PageLocation = ActiveAndValid; 01051 01052 Pfn1->PteAddress = 01053 (PMMPTE)(KSEG0_BASE | (PageFrameIndex << PTE_SHIFT)); 01054 01055 Pfn1->u3.e1.PageColor = 01056 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pfn1->PteAddress)); 01057 PageFrameIndex += 1; 01058 Pfn1 += 1; 01059 } 01060 } 01061 01062 // 01063 // If page zero is still unused, mark it as in use. This is 01064 // temporary as we want to find bugs where a physical page 01065 // is specified as zero. 01066 // 01067 01068 Pfn1 = &MmPfnDatabase[MmLowestPhysicalPage]; 01069 if (Pfn1->u3.e2.ReferenceCount == 0) { 01070 01071 // 01072 // Make the reference count non-zero and point it into a 01073 // page directory. 01074 // 01075 01076 Pde = MiGetPdeAddress (0xb0000000); 01077 PdePage = Pde->u.Hard.PageFrameNumber; 01078 Pfn1->PteFrame = PdePageNumber; 01079 Pfn1->PteAddress = Pde; 01080 Pfn1->u2.ShareCount += 1; 01081 Pfn1->u3.e2.ReferenceCount = 1; 01082 Pfn1->u3.e1.PageLocation = ActiveAndValid; 01083 Pfn1->u3.e1.PageColor = 01084 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pde)); 01085 } 01086 01087 // end of temporary set to physical page zero. 01088 01089 // 01090 // Walk through the memory descriptors and add pages to the 01091 // free list in the PFN database. 01092 // 01093 01094 NextMd = LoaderBlock->MemoryDescriptorListHead.Flink; 01095 01096 while (NextMd != &LoaderBlock->MemoryDescriptorListHead) { 01097 01098 MemoryDescriptor = CONTAINING_RECORD(NextMd, 01099 MEMORY_ALLOCATION_DESCRIPTOR, 01100 ListEntry); 01101 01102 i = MemoryDescriptor->PageCount; 01103 NextPhysicalPage = MemoryDescriptor->BasePage; 01104 01105 switch (MemoryDescriptor->MemoryType) { 01106 case LoaderBad: 01107 while (i != 0) { 01108 MiInsertPageInList (MmPageLocationList[BadPageList], 01109 NextPhysicalPage); 01110 i -= 1; 01111 NextPhysicalPage += 1; 01112 } 01113 break; 01114 01115 case LoaderFree: 01116 case LoaderLoadedProgram: 01117 case LoaderFirmwareTemporary: 01118 case LoaderOsloaderStack: 01119 01120 Pfn1 = MI_PFN_ELEMENT (NextPhysicalPage); 01121 while (i != 0) { 01122 if (Pfn1->u3.e2.ReferenceCount == 0) { 01123 01124 // 01125 // Set the PTE address to the physical page for 01126 // virtual address alignment checking. 01127 // 01128 01129 Pfn1->PteAddress = 01130 (PMMPTE)(NextPhysicalPage << PTE_SHIFT); 01131 01132 Pfn1->u3.e1.PageColor = 01133 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pfn1->PteAddress)); 01134 MiInsertPageInList (MmPageLocationList[FreePageList], 01135 NextPhysicalPage); 01136 } 01137 Pfn1 += 1; 01138 i -= 1; 01139 NextPhysicalPage += 1; 01140 } 01141 break; 01142 01143 default: 01144 01145 PointerPte = MiGetPteAddress (KSEG0_BASE | 01146 (NextPhysicalPage << PAGE_SHIFT)); 01147 Pfn1 = MI_PFN_ELEMENT (NextPhysicalPage); 01148 while (i != 0) { 01149 01150 // 01151 // Set page as in use. 01152 // 01153 01154 Pfn1->PteFrame = PdePageNumber; 01155 Pfn1->PteAddress = PointerPte; 01156 Pfn1->u2.ShareCount += 1; 01157 Pfn1->u3.e2.ReferenceCount = 1; 01158 Pfn1->u3.e1.PageLocation = ActiveAndValid; 01159 Pfn1->u3.e1.PageColor = 01160 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (PointerPte)); 01161 01162 Pfn1 += 1; 01163 i -= 1; 01164 NextPhysicalPage += 1; 01165 PointerPte += 1; 01166 } 01167 01168 break; 01169 } 01170 01171 NextMd = MemoryDescriptor->ListEntry.Flink; 01172 } 01173 01174 // 01175 // Indicate that the PFN database is allocated in NonPaged pool. 01176 // 01177 if (PfnInKseg0 == FALSE) { 01178 01179 // 01180 // The PFN database is allocated in virtual memory 01181 // 01182 // Set the start and end of allocation. 01183 // 01184 01185 Pfn1 = MI_PFN_ELEMENT(MiGetPteAddress(&MmPfnDatabase[MmLowestPhysicalPage])->u.Hard.PageFrameNumber); 01186 Pfn1->u3.e1.StartOfAllocation = 1; 01187 Pfn1 = MI_PFN_ELEMENT(MiGetPteAddress(&MmPfnDatabase[MmHighestPossiblePhysicalPage])->u.Hard.PageFrameNumber); 01188 Pfn1->u3.e1.EndOfAllocation = 1; 01189 01190 } else { 01191 01192 // 01193 // The PFN database is allocated in KSEG0. 01194 // 01195 // Mark all PFN entries for the PFN pages in use. 01196 // 01197 01198 PageNumber = ((ULONG)MmPfnDatabase - KSEG0_BASE) >> PAGE_SHIFT; 01199 Pfn1 = MI_PFN_ELEMENT(PageNumber); 01200 do { 01201 Pfn1->PteAddress = (PMMPTE)(PageNumber << PTE_SHIFT); 01202 Pfn1->u3.e1.PageColor = 01203 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pfn1->PteAddress)); 01204 Pfn1 += 1; 01205 PfnAllocation -= 1; 01206 } while (PfnAllocation != 0); 01207 01208 // 01209 // Scan the PFN database backward for pages that are completely zero. 01210 // These pages are unused and can be added to the free list 01211 // 01212 01213 if (MmDynamicPfn == FALSE) { 01214 BottomPfn = MI_PFN_ELEMENT(MmHighestPhysicalPage); 01215 do { 01216 01217 // 01218 // Compute the address of the start of the page that is next 01219 // lower in memory and scan backwards until that page address 01220 // is reached or just crossed. 01221 // 01222 01223 if (((ULONG)BottomPfn & (PAGE_SIZE - 1)) != 0) { 01224 BasePfn = (PMMPFN)((ULONG)BottomPfn & ~(PAGE_SIZE - 1)); 01225 TopPfn = BottomPfn + 1; 01226 01227 } else { 01228 BasePfn = (PMMPFN)((ULONG)BottomPfn - PAGE_SIZE); 01229 TopPfn = BottomPfn; 01230 } 01231 01232 while (BottomPfn > BasePfn) { 01233 BottomPfn -= 1; 01234 } 01235 01236 // 01237 // If the entire range over which the PFN entries span is 01238 // completely zero and the PFN entry that maps the page is 01239 // not in the range, then add the page to the appropriate 01240 // free list. 01241 // 01242 01243 Range = (ULONG)TopPfn - (ULONG)BottomPfn; 01244 if (RtlCompareMemoryUlong((PVOID)BottomPfn, Range, 0) == Range) { 01245 01246 // 01247 // Set the PTE address to the physical page for 01248 // virtual address alignment checking. 01249 // 01250 01251 PageNumber = ((ULONG)BasePfn - KSEG0_BASE) >> PAGE_SHIFT; 01252 Pfn1 = MI_PFN_ELEMENT(PageNumber); 01253 01254 ASSERT(Pfn1->u3.e2.ReferenceCount == 0); 01255 01256 PfnAllocation += 1; 01257 01258 Pfn1->PteAddress = (PMMPTE)(PageNumber << PTE_SHIFT); 01259 Pfn1->u3.e1.PageColor = 01260 MI_GET_COLOR_FROM_SECONDARY(GET_PAGE_COLOR_FROM_PTE (Pfn1->PteAddress)); 01261 01262 MiInsertPageInList(MmPageLocationList[FreePageList], 01263 PageNumber); 01264 } 01265 01266 } while (BottomPfn > MmPfnDatabase); 01267 } 01268 } 01269 01270 // 01271 // Indicate that nonpaged pool must succeed is allocated in 01272 // nonpaged pool. 01273 // 01274 01275 i = MmSizeOfNonPagedMustSucceed; 01276 Pfn1 = MI_PFN_ELEMENT(MI_CONVERT_PHYSICAL_TO_PFN (MmNonPagedMustSucceed)); 01277 01278 while ((LONG)i > 0) { 01279 Pfn1->u3.e1.StartOfAllocation = 1; 01280 Pfn1->u3.e1.EndOfAllocation = 1; 01281 i -= PAGE_SIZE; 01282 Pfn1 += 1; 01283 } 01284 01285 KeInitializeSpinLock (&MmSystemSpaceLock); 01286 KeInitializeSpinLock (&MmPfnLock); 01287 01288 // 01289 // Initialize the nonpaged available PTEs for mapping I/O space 01290 // and kernel stacks. 01291 // 01292 01293 PointerPte = MiGetPteAddress (MmNonPagedSystemStart); 01294 01295 // 01296 // Since the initial nonpaged pool must always reside in KSEG0 (many changes 01297 // would be needed in this routine otherwise), reallocate the PTEs for it 01298 // to the pagable system PTE pool now. 01299 // 01300 01301 MmNumberOfSystemPtes = MiGetPteAddress(MmNonPagedPoolExpansionStart) - PointerPte - 1; 01302 01303 MiInitializeSystemPtes (PointerPte, MmNumberOfSystemPtes, SystemPteSpace); 01304 01305 // 01306 // Initialize the nonpaged pool. 01307 // 01308 01309 InitializePool (NonPagedPool, 0); 01310 01311 // 01312 // Initialize memory management structures for this process. 01313 // 01314 01315 // 01316 // Build working set list. System initialization has created 01317 // a PTE for hyperspace. 01318 // 01319 // Note, we can't remove a zeroed page as hyper space does not 01320 // exist and we map non-zeroed pages into hyper space to zero. 01321 // 01322 01323 PointerPte = MiGetPdeAddress(HYPER_SPACE); 01324 01325 ASSERT (PointerPte->u.Hard.Valid == 1); 01326 PointerPte->u.Hard.Global = 0; 01327 PointerPte->u.Hard.Write = 1; 01328 PageFrameIndex = PointerPte->u.Hard.PageFrameNumber; 01329 01330 // 01331 // Point to the page table page we just created and zero it. 01332 // 01333 01334 PointerPte = MiGetPteAddress(HYPER_SPACE); 01335 RtlZeroMemory ((PVOID)PointerPte, PAGE_SIZE); 01336 01337 // 01338 // Hyper space now exists, set the necessary variables. 01339 // 01340 01341 MmFirstReservedMappingPte = MiGetPteAddress (FIRST_MAPPING_PTE); 01342 MmLastReservedMappingPte = MiGetPteAddress (LAST_MAPPING_PTE); 01343 01344 MmWorkingSetList = WORKING_SET_LIST; 01345 MmWsle = (PMMWSLE)((PUCHAR)WORKING_SET_LIST + sizeof(MMWSL)); 01346 01347 // 01348 // Initialize this process's memory management structures including 01349 // the working set list. 01350 // 01351 01352 // 01353 // The PFN element for the page directory has already been initialized, 01354 // zero the reference count and the share count so they won't be 01355 // wrong. 01356 // 01357 01358 Pfn1 = MI_PFN_ELEMENT (PdePageNumber); 01359 01360 LOCK_PFN (OldIrql); 01361 01362 Pfn1->u2.ShareCount = 0; 01363 Pfn1->u3.e2.ReferenceCount = 0; 01364 01365 // 01366 // The PFN element for the PDE which maps hyperspace has already 01367 // been initialized, zero the reference count and the share count 01368 // so they won't be wrong. 01369 // 01370 01371 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01372 Pfn1->u2.ShareCount = 0; 01373 Pfn1->u3.e2.ReferenceCount = 0; 01374 01375 CurrentProcess = PsGetCurrentProcess (); 01376 01377 // 01378 // Get a page for the working set list and map it into the Page 01379 // directory at the page after hyperspace. 01380 // 01381 01382 PointerPte = MiGetPteAddress (HYPER_SPACE); 01383 PageFrameIndex = MiRemoveAnyPage (MI_GET_PAGE_COLOR_FROM_PTE(PointerPte)); 01384 01385 CurrentProcess->WorkingSetPage = PageFrameIndex; 01386 01387 TempPte.u.Hard.PageFrameNumber = PageFrameIndex; 01388 PointerPde = MiGetPdeAddress (HYPER_SPACE) + 1; 01389 01390 // 01391 // Assert that the double mapped pages have the same alignment. 01392 // 01393 01394 ASSERT ((PointerPte->u.Long & (0xF << PTE_SHIFT)) == 01395 (PointerPde->u.Long & (0xF << PTE_SHIFT))); 01396 01397 *PointerPde = TempPte; 01398 PointerPde->u.Hard.Global = 0; 01399 01400 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 01401 01402 KeFillEntryTb ((PHARDWARE_PTE)PointerPde, 01403 PointerPte, 01404 TRUE); 01405 01406 RtlZeroMemory ((PVOID)PointerPte, PAGE_SIZE); 01407 01408 TempPte = *PointerPde; 01409 TempPte.u.Hard.Valid = 0; 01410 TempPte.u.Hard.Global = 0; 01411 01412 KeFlushSingleTb (PointerPte, 01413 TRUE, 01414 FALSE, 01415 (PHARDWARE_PTE)PointerPde, 01416 TempPte.u.Hard); 01417 01418 UNLOCK_PFN (OldIrql); 01419 01420 // 01421 // Initialize hyperspace for this process. 01422 // 01423 01424 PointerPte = MmFirstReservedMappingPte; 01425 PointerPte->u.Hard.PageFrameNumber = NUMBER_OF_MAPPING_PTES; 01426 01427 CurrentProcess->Vm.MaximumWorkingSetSize = MmSystemProcessWorkingSetMax; 01428 CurrentProcess->Vm.MinimumWorkingSetSize = MmSystemProcessWorkingSetMin; 01429 01430 MmInitializeProcessAddressSpace (CurrentProcess, 01431 (PEPROCESS)NULL, 01432 (PVOID)NULL, 01433 (PVOID)NULL); 01434 01435 *PointerPde = ZeroKernelPte; 01436 01437 // 01438 // Check to see if moving the secondary page structures to the end 01439 // of the PFN database is a waste of memory. And if so, copy it 01440 // to paged pool. 01441 // 01442 // If the PFN database ends on a page aligned boundary and the 01443 // size of the two arrays is less than a page, free the page 01444 // and allocate nonpagedpool for this. 01445 // 01446 01447 if ((((ULONG)MmFreePagesByColor[0] & (PAGE_SIZE - 1)) == 0) && 01448 ((MmSecondaryColors * 2 * sizeof(MMCOLOR_TABLES)) < PAGE_SIZE)) { 01449 01450 PMMCOLOR_TABLES c; 01451 01452 c = MmFreePagesByColor[0]; 01453 01454 MmFreePagesByColor[0] = ExAllocatePoolWithTag (NonPagedPoolMustSucceed, 01455 MmSecondaryColors * 2 * sizeof(MMCOLOR_TABLES), 01456 ' mM'); 01457 01458 MmFreePagesByColor[1] = &MmFreePagesByColor[0][MmSecondaryColors]; 01459 01460 RtlMoveMemory (MmFreePagesByColor[0], 01461 c, 01462 MmSecondaryColors * 2 * sizeof(MMCOLOR_TABLES)); 01463 01464 // 01465 // Free the page. 01466 // 01467 01468 if (!MI_IS_PHYSICAL_ADDRESS(c)) { 01469 PointerPte = MiGetPteAddress(c); 01470 PageFrameIndex = PointerPte->u.Hard.PageFrameNumber; 01471 *PointerPte = ZeroKernelPte; 01472 } else { 01473 PageFrameIndex = MI_CONVERT_PHYSICAL_TO_PFN (c); 01474 } 01475 01476 LOCK_PFN (OldIrql); 01477 01478 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01479 ASSERT ((Pfn1->u3.e2.ReferenceCount <= 1) && (Pfn1->u2.ShareCount <= 1)); 01480 Pfn1->u2.ShareCount = 0; 01481 Pfn1->u3.e2.ReferenceCount = 0; 01482 MI_SET_PFN_DELETED (Pfn1); 01483 #if DBG 01484 Pfn1->u3.e1.PageLocation = StandbyPageList; 01485 #endif //DBG 01486 MiInsertPageInList (MmPageLocationList[FreePageList], PageFrameIndex); 01487 UNLOCK_PFN (OldIrql); 01488 } 01489 01490 return; 01491 } }

VOID FASTCALL MiInsertBasedSection (  IN PSECTION  Section  )

Definition at line 79 of file sectsup.c. References ASSERT, MiInsertNode(), and MmSectionBasedRoot. Referenced by MmCreateSection(). : This function inserts a virtual address descriptor into the tree and reorders the splay tree as appropriate. Arguments: Section - Supplies a pointer to a based section. Return Value: None. Environment: Must be holding the section based mutex. --*/ { PMMADDRESS_NODE *Root; ASSERT (Section->Address.EndingVpn > Section->Address.StartingVpn); Root = &MmSectionBasedRoot; MiInsertNode (&Section->Address, Root); return; }

VOID MiInsertConflictInList (  IN PMMLOCK_CONFLICT  Conflict  )

Referenced by MmSecureVirtualMemory(), and NtLockVirtualMemory().

VOID FASTCALL MiInsertFrontModifiedNoWrite (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 1683 of file pfnlist.c. References ASSERT, _MMPFNLIST::Blink, _MMPFNLIST::Flink, MI_PFN_ELEMENT, MI_TALLY_TRANSITION_PAGE_ADDITION, MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmHighestPhysicalPage, MmLowestPhysicalPage, MmModifiedNoWritePageListHead, ModifiedNoWritePageList, _MMPFNLIST::Total, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiGatherMappedPages(). 01689 : 01690 01691 This procedure inserts a page at the FRONT of the modified no 01692 write list. 01693 01694 Arguments: 01695 01696 PageFrameIndex - Supplies the physical page number to insert in the 01697 list. 01698 01699 Return Value: 01700 01701 none. 01702 01703 Environment: 01704 01705 Must be holding the PFN database mutex with APCs disabled. 01706 01707 --*/ 01708 01709 { 01710 PFN_NUMBER first; 01711 PMMPFN Pfn1; 01712 PMMPFN Pfn2; 01713 01714 MM_PFN_LOCK_ASSERT(); 01715 ASSERT ((PageFrameIndex != 0) && (PageFrameIndex <= MmHighestPhysicalPage) && 01716 (PageFrameIndex >= MmLowestPhysicalPage)); 01717 01718 // 01719 // Check to ensure the reference count for the page 01720 // is zero. 01721 // 01722 01723 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); 01724 01725 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01726 01727 MmModifiedNoWritePageListHead.Total += 1; // One more page on the list. 01728 01729 MI_TALLY_TRANSITION_PAGE_ADDITION (Pfn1); 01730 01731 first = MmModifiedNoWritePageListHead.Flink; 01732 if (first == MM_EMPTY_LIST) { 01733 01734 // 01735 // List is empty add the page to the ListHead. 01736 // 01737 01738 MmModifiedNoWritePageListHead.Blink = PageFrameIndex; 01739 } else { 01740 Pfn2 = MI_PFN_ELEMENT (first); 01741 Pfn2->u2.Blink = PageFrameIndex; 01742 } 01743 01744 MmModifiedNoWritePageListHead.Flink = PageFrameIndex; 01745 Pfn1->u1.Flink = first; 01746 Pfn1->u2.Blink = MM_EMPTY_LIST; 01747 Pfn1->u3.e1.PageLocation = ModifiedNoWritePageList; 01748 return; 01749 } }

VOID FASTCALL MiInsertNode (  IN PMMADDRESS_NODE  Node, IN OUT PMMADDRESS_NODE *  Root )

Definition at line 464 of file addrsup.c. References _MMADDRESS_NODE::LeftChild, MiReorderTree(), NULL, _MMADDRESS_NODE::Parent, _MMADDRESS_NODE::RightChild, and _MMADDRESS_NODE::StartingVpn. Referenced by MiInsertBasedSection(), and MiInsertVad(). 00471 : 00472 00473 This function inserts a virtual address descriptor into the tree and 00474 reorders the splay tree as appropriate. 00475 00476 Arguments: 00477 00478 Node - Supplies a pointer to a virtual address descriptor 00479 00480 00481 Return Value: 00482 00483 None. 00484 00485 --*/ 00486 00487 { 00488 ULONG Level = 0; 00489 PMMADDRESS_NODE Parent; 00490 00491 // 00492 // Initialize virtual address descriptor child links. 00493 // 00494 00495 Node->LeftChild = (PMMADDRESS_NODE)NULL; 00496 Node->RightChild = (PMMADDRESS_NODE)NULL; 00497 00498 // 00499 // If the tree is empty, then establish this virtual address descriptor 00500 // as the root of the tree. 00501 // Otherwise descend the tree to find the correct place to 00502 // insert the descriptor. 00503 // 00504 00505 Parent = *Root; 00506 if (!Parent) { 00507 *Root = Node; 00508 Node->Parent = (PMMADDRESS_NODE)NULL; 00509 } else { 00510 00511 for (;;) { 00512 00513 Level += 1; 00514 if (Level == 15) { 00515 MiReorderTree(Parent, Root); 00516 } 00517 00518 // 00519 // If the starting address for this virtual address descriptor 00520 // is less than the parent starting address, then 00521 // follow the left child link. Else follow the right child link. 00522 // 00523 00524 if (Node->StartingVpn < Parent->StartingVpn) { 00525 00526 // 00527 // Starting address of the virtual address descriptor is less 00528 // than the parent starting virtual address. 00529 // Follow left child link if not null. Otherwise 00530 // insert the descriptor as the left child of the parent and 00531 // reorder the tree. 00532 // 00533 00534 if (Parent->LeftChild) { 00535 Parent = Parent->LeftChild; 00536 } else { 00537 Parent->LeftChild = Node; 00538 Node->Parent = Parent; 00539 // MiReorderTree(Node, Root); 00540 break; 00541 } 00542 } else { 00543 00544 // 00545 // Starting address of the virtual address descriptor is greater 00546 // than the parent starting virtual address. 00547 // Follow right child link if not null. Otherwise 00548 // insert the descriptor as the right child of the parent and 00549 // reorder the tree. 00550 // 00551 00552 if (Parent->RightChild) { 00553 Parent = Parent->RightChild; 00554 } else { 00555 Parent->RightChild = Node; 00556 Node->Parent = Parent; 00557 // MiReorderTree(Node, Root); 00558 break; 00559 } 00560 } 00561 } 00562 } 00563 return; 00564 }

VOID FASTCALL MiInsertPageInList (  IN PMMPFNLIST  ListHead, IN PFN_NUMBER  PageFrameIndex )

Definition at line 59 of file pfnlist.c. References ASSERT, BadPageList, _MMCOLOR_TABLES::Blink, FALSE, _MMCOLOR_TABLES::Flink, FreePageList, KeBugCheckEx(), KeSetEvent(), KeSetTimerEx(), MI_BARRIER_STAMP_ZEROED_PAGE, MI_GET_COLOR_FROM_SECONDARY, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_GET_SECONDARY_COLOR, MI_PFN_ELEMENT, MI_TALLY_TRANSITION_PAGE_ADDITION, MiGetByteOffset, MiMapPageInHyperSpace(), MiModifiedPageLife, MiModifiedPageWriterTimer, MiModifiedPageWriterTimerDpc, MiRestoreTransitionPte(), MiTimerPending, MiUnmapPageInHyperSpace, MM_DBG_PAGE_REF_COUNT, MM_EMPTY_LIST, MM_HIGH_LIMIT, MM_LOW_LIMIT, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmAvailablePagesEvent, MmAvailablePagesEventHigh, MmFreePageListHead, MmFreePagesByColor, MmHighestPhysicalPage, MmIsAddressValid(), MmLowestPhysicalPage, MmMinimumFreePagesToZero, MmModifiedPageListByColor, MmModifiedPageListHead, MmModifiedPageMaximum, MmModifiedPageWriterEvent, MmPageLocationList, MmTotalPagesForPagingFile, MmZeroedPageListHead, MmZeroingPageEvent, MmZeroingPageThreadActive, ModifiedNoWritePageList, ModifiedPageList, _MMPFN::OriginalPte, PERFINFO_INSERTINLIST, PsGetCurrentProcess, _MMPFN::PteAddress, _MMPFN::PteFrame, StandbyPageList, _MMPFNLIST::Total, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, VOID(), and ZeroedPageList. Referenced by MiCleanSection(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDecrementReferenceCount(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDispatchFault(), MiFreeInitializationCode(), MiGatherMappedPages(), MiInitMachineDependent(), MiModifiedPageWriterWorker(), MiPurgeImageSection(), MiRemovePhysicalPages(), MiResetVirtualMemory(), MiResolveTransitionFault(), MiSegmentDelete(), MmAddPhysicalMemory(), MmDeleteProcessAddressSpace(), MmFreeLoaderBlock(), MmPurgeSection(), MmRemovePhysicalMemory(), and MmZeroPageThread(). : This procedure inserts a page at the end of the specified list (free, standby, bad, zeroed, modified). Arguments: ListHead - Supplies the list of the list in which to insert the specified physical page. PageFrameIndex - Supplies the physical page number to insert in the list. Return Value: none. Environment: Must be holding the PFN database mutex with APCs disabled. --*/ { PFN_NUMBER last; PMMPFN Pfn1; PMMPFN Pfn2; ULONG Color; MM_PFN_LOCK_ASSERT(); ASSERT ((PageFrameIndex != 0) && (PageFrameIndex <= MmHighestPhysicalPage) && (PageFrameIndex >= MmLowestPhysicalPage)); // // Check to ensure the reference count for the page is zero. // Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); ASSERT (Pfn1->u3.e1.LockCharged == 0); PERFINFO_INSERTINLIST(PageFrameIndex, ListHead); #if DBG if (MmDebug & MM_DBG_PAGE_REF_COUNT) { PMMPTE PointerPte; KIRQL OldIrql = 99; if ((ListHead->ListName == StandbyPageList) || (ListHead->ListName == ModifiedPageList)) { if ((Pfn1->u3.e1.PrototypePte == 1) && (MmIsAddressValid (Pfn1->PteAddress))) { PointerPte = Pfn1->PteAddress; } else { // // The page containing the prototype PTE is not valid, // map the page into hyperspace and reference it that way. // PointerPte = MiMapPageInHyperSpace (Pfn1->PteFrame, &OldIrql); PointerPte = (PMMPTE)((PCHAR)PointerPte + MiGetByteOffset(Pfn1->PteAddress)); } ASSERT ((MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (PointerPte) == PageFrameIndex) || (MI_GET_PAGE_FRAME_FROM_PTE (PointerPte) == PageFrameIndex)); ASSERT (PointerPte->u.Soft.Transition == 1); ASSERT (PointerPte->u.Soft.Prototype == 0); if (OldIrql != 99) { MiUnmapPageInHyperSpace (OldIrql) } } } #endif #if PFN_CONSISTENCY if (ListHead == &MmFreePageListHead) { if (Pfn1->u2.ShareCount != 0) { KeBugCheckEx (PFN_LIST_CORRUPT, 0x91, PageFrameIndex, Pfn1->u2.ShareCount, Pfn1->u3.e2.ReferenceCount); } } else if (ListHead == &MmZeroedPageListHead) { if (Pfn1->u2.ShareCount != 0) { KeBugCheckEx (PFN_LIST_CORRUPT, 0x92, PageFrameIndex, Pfn1->u2.ShareCount, Pfn1->u3.e2.ReferenceCount); } } #endif #if DBG if ((ListHead->ListName == StandbyPageList) || (ListHead->ListName == ModifiedPageList)) { if ((Pfn1->OriginalPte.u.Soft.Prototype == 0) && (Pfn1->OriginalPte.u.Soft.Transition == 1)) { KeBugCheckEx (MEMORY_MANAGEMENT, 0x8888, 0,0,0); } } #endif ASSERT (Pfn1->u3.e2.ReferenceCount == 0); ListHead->Total += 1; // One more page on the list. // // On MIPS R4000 modified pages destined for the paging file are // kept on separate lists which group pages of the same color // together // if (ListHead == &MmModifiedPageListHead) { #if PFN_CONSISTENCY if (Pfn1->u2.ShareCount != 0) { KeBugCheckEx (PFN_LIST_CORRUPT, 0x90, PageFrameIndex, Pfn1->u2.ShareCount, Pfn1->u3.e2.ReferenceCount); } #endif if (Pfn1->OriginalPte.u.Soft.Prototype == 0) { // // This page is destined for the paging file (not // a mapped file). Change the list head to the // appropriate colored list head. // ListHead = &MmModifiedPageListByColor [Pfn1->u3.e1.PageColor]; ListHead->Total += 1; MmTotalPagesForPagingFile += 1; } else { // // This page is destined for a mapped file (not // the paging file). If there are no other pages currently // destined for the mapped file, start our timer so that we can // ensure that these pages make it to disk even if we don't pile // up enough of them to trigger the modified page writer or need // the memory. If we don't do this here, then for this scenario, // only an orderly system shutdown will write them out (days, // weeks, months or years later) and any power out in between // means we'll have lost the data. // if (ListHead->Total - MmTotalPagesForPagingFile == 1) { // // Start the DPC timer because we're the first on the list. // if (MiTimerPending == FALSE) { MiTimerPending = TRUE; (VOID) KeSetTimerEx( &MiModifiedPageWriterTimer, MiModifiedPageLife, 0, &MiModifiedPageWriterTimerDpc ); } } } } else if ((Pfn1->u3.e1.RemovalRequested == 1) && (ListHead->ListName <= StandbyPageList)) { ListHead->Total -= 1; // Undo previous increment if (ListHead->ListName == StandbyPageList) { Pfn1->u3.e1.PageLocation = StandbyPageList; MiRestoreTransitionPte (PageFrameIndex); } ListHead = MmPageLocationList[BadPageList]; ListHead->Total += 1; // One more page on the list. } last = ListHead->Blink; if (last == MM_EMPTY_LIST) { // // List is empty add the page to the ListHead. // ListHead->Flink = PageFrameIndex; } else { Pfn2 = MI_PFN_ELEMENT (last); Pfn2->u1.Flink = PageFrameIndex; } ListHead->Blink = PageFrameIndex; Pfn1->u1.Flink = MM_EMPTY_LIST; Pfn1->u2.Blink = last; Pfn1->u3.e1.PageLocation = ListHead->ListName; // // If the page was placed on the free, standby or zeroed list, // update the count of usable pages in the system. If the count // transitions from 0 to 1, the event associated with available // pages should become true. // if (ListHead->ListName <= StandbyPageList) { MmAvailablePages += 1; // // A page has just become available, check to see if the // page wait events should be signalled. // if (MmAvailablePages == MM_LOW_LIMIT) { KeSetEvent (&MmAvailablePagesEvent, 0, FALSE); } else if (MmAvailablePages == MM_HIGH_LIMIT) { KeSetEvent (&MmAvailablePagesEventHigh, 0, FALSE); } if (ListHead->ListName <= FreePageList) { ASSERT (Pfn1->u3.e1.InPageError == 0); // // We are adding a page to the free or zeroed page list. // Add the page to the end of the correct colored page list. // Color = MI_GET_SECONDARY_COLOR (PageFrameIndex, Pfn1); ASSERT (Pfn1->u3.e1.PageColor == MI_GET_COLOR_FROM_SECONDARY(Color)); if (MmFreePagesByColor[ListHead->ListName][Color].Flink == MM_EMPTY_LIST) { // // This list is empty, add this as the first and last // entry. // MmFreePagesByColor[ListHead->ListName][Color].Flink = PageFrameIndex; MmFreePagesByColor[ListHead->ListName][Color].Blink = (PVOID)Pfn1; } else { Pfn2 = (PMMPFN)MmFreePagesByColor[ListHead->ListName][Color].Blink; Pfn2->OriginalPte.u.Long = PageFrameIndex; MmFreePagesByColor[ListHead->ListName][Color].Blink = (PVOID)Pfn1; } Pfn1->OriginalPte.u.Long = MM_EMPTY_LIST; if (ListHead->ListName == ZeroedPageList) { MI_BARRIER_STAMP_ZEROED_PAGE (&Pfn1->PteFrame); } } else { // // Transition page list so tally it appropriately. // MI_TALLY_TRANSITION_PAGE_ADDITION (Pfn1); } if ((ListHead->ListName == FreePageList) && (MmFreePageListHead.Total >= MmMinimumFreePagesToZero) && (MmZeroingPageThreadActive == FALSE)) { // // There are enough pages on the free list, start // the zeroing page thread. // MmZeroingPageThreadActive = TRUE; KeSetEvent (&MmZeroingPageEvent, 0, FALSE); } return; } // // Check to see if there are too many modified pages. // if (ListHead->ListName == ModifiedPageList) { // // Transition page list so tally it appropriately. // MI_TALLY_TRANSITION_PAGE_ADDITION (Pfn1); if (Pfn1->OriginalPte.u.Soft.Prototype == 0) { ASSERT (Pfn1->OriginalPte.u.Soft.PageFileHigh == 0); } PsGetCurrentProcess()->ModifiedPageCount += 1; if (MmModifiedPageListHead.Total >= MmModifiedPageMaximum ) { // // Start the modified page writer. // KeSetEvent (&MmModifiedPageWriterEvent, 0, FALSE); } } else if (ListHead->ListName == ModifiedNoWritePageList) { MI_TALLY_TRANSITION_PAGE_ADDITION (Pfn1); } return; }

VOID FASTCALL MiInsertStandbyListAtFront (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 388 of file pfnlist.c. References ASSERT, FALSE, _MMPFNLIST::Flink, KeBugCheckEx(), KeSetEvent(), MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MiGetByteOffset, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_DBG_PAGE_REF_COUNT, MM_EMPTY_LIST, MM_HIGH_LIMIT, MM_LOW_LIMIT, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmAvailablePagesEvent, MmAvailablePagesEventHigh, MmHighestPhysicalPage, MmIsAddressValid(), MmLowestPhysicalPage, MmModifiedNoWritePageListHead, MmModifiedPageListHead, MmStandbyPageListHead, MmTransitionPrivatePages, MmTransitionSharedPages, _MMPFN::OriginalPte, PERFINFO_INSERT_FRONT_STANDBY, _MMPFN::PteAddress, _MMPFN::PteFrame, StandbyPageList, _MMPFNLIST::Total, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiDecrementReferenceCount(). 00394 : 00395 00396 This procedure inserts a page at the front of the standby list. 00397 00398 Arguments: 00399 00400 PageFrameIndex - Supplies the physical page number to insert in the 00401 list. 00402 00403 Return Value: 00404 00405 none. 00406 00407 Environment: 00408 00409 Must be holding the PFN database mutex with APCs disabled. 00410 00411 --*/ 00412 00413 { 00414 PFN_NUMBER first; 00415 IN PMMPFNLIST ListHead; 00416 PMMPFN Pfn1; 00417 PMMPFN Pfn2; 00418 00419 MM_PFN_LOCK_ASSERT(); 00420 ASSERT ((PageFrameIndex != 0) && (PageFrameIndex <= MmHighestPhysicalPage) && 00421 (PageFrameIndex >= MmLowestPhysicalPage)); 00422 00423 // 00424 // Check to ensure the reference count for the page 00425 // is zero. 00426 // 00427 00428 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); 00429 00430 PERFINFO_INSERT_FRONT_STANDBY(PageFrameIndex); 00431 00432 #if DBG 00433 if (MmDebug & MM_DBG_PAGE_REF_COUNT) { 00434 00435 PMMPTE PointerPte; 00436 KIRQL OldIrql = 99; 00437 00438 if ((Pfn1->u3.e1.PrototypePte == 1) && 00439 (MmIsAddressValid (Pfn1->PteAddress))) { 00440 PointerPte = Pfn1->PteAddress; 00441 } else { 00442 00443 // 00444 // The page containing the prototype PTE is not valid, 00445 // map the page into hyperspace and reference it that way. 00446 // 00447 00448 PointerPte = MiMapPageInHyperSpace (Pfn1->PteFrame, &OldIrql); 00449 PointerPte = (PMMPTE)((PCHAR)PointerPte + 00450 MiGetByteOffset(Pfn1->PteAddress)); 00451 } 00452 00453 ASSERT ((MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (PointerPte) == PageFrameIndex) || 00454 (MI_GET_PAGE_FRAME_FROM_PTE (PointerPte) == PageFrameIndex)); 00455 ASSERT (PointerPte->u.Soft.Transition == 1); 00456 ASSERT (PointerPte->u.Soft.Prototype == 0); 00457 if (OldIrql != 99) { 00458 MiUnmapPageInHyperSpace (OldIrql) 00459 } 00460 } 00461 00462 if ((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 00463 (Pfn1->OriginalPte.u.Soft.Transition == 1)) { 00464 KeBugCheckEx (MEMORY_MANAGEMENT, 0x8889, 0,0,0); 00465 } 00466 #endif 00467 00468 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 00469 ASSERT (Pfn1->u3.e1.PrototypePte == 1); 00470 MmTransitionSharedPages += 1; 00471 00472 MmStandbyPageListHead.Total += 1; // One more page on the list. 00473 00474 ASSERT (MmTransitionPrivatePages + MmTransitionSharedPages == MmStandbyPageListHead.Total + MmModifiedPageListHead.Total + MmModifiedNoWritePageListHead.Total); 00475 00476 ListHead = &MmStandbyPageListHead; 00477 00478 first = ListHead->Flink; 00479 if (first == MM_EMPTY_LIST) { 00480 00481 // 00482 // List is empty add the page to the ListHead. 00483 // 00484 00485 ListHead->Blink = PageFrameIndex; 00486 } else { 00487 Pfn2 = MI_PFN_ELEMENT (first); 00488 Pfn2->u2.Blink = PageFrameIndex; 00489 } 00490 00491 ListHead->Flink = PageFrameIndex; 00492 Pfn1->u2.Blink = MM_EMPTY_LIST; 00493 Pfn1->u1.Flink = first; 00494 Pfn1->u3.e1.PageLocation = StandbyPageList; 00495 00496 // 00497 // If the page was placed on the free, standby or zeroed list, 00498 // update the count of usable pages in the system. If the count 00499 // transitions from 0 to 1, the event associated with available 00500 // pages should become true. 00501 // 00502 00503 MmAvailablePages += 1; 00504 00505 // 00506 // A page has just become available, check to see if the 00507 // page wait events should be signalled. 00508 // 00509 00510 if (MmAvailablePages == MM_LOW_LIMIT) { 00511 KeSetEvent (&MmAvailablePagesEvent, 0, FALSE); 00512 } else if (MmAvailablePages == MM_HIGH_LIMIT) { 00513 KeSetEvent (&MmAvailablePagesEventHigh, 0, FALSE); 00514 } 00515 00516 return; 00517 }

VOID MiInsertVad (  IN PMMVAD  Vad  )

Definition at line 30 of file vadtree.c. References ASSERT, _EPROCESS::CommitCharge, _EPROCESS::CommitChargeLimit, _EPROCESS::CommitChargePeak, _MMWSL::CommittedPageTables, EXCEPTION_EXECUTE_HANDLER, ExRaiseStatus(), FALSE, _EPROCESS::Job, _EPROCESS::JobStatus, MI_CHECK_BIT, MI_SET_BIT, MI_VA_TO_VPN, MI_VPN_TO_VA, MiChargeCommitment(), MiChargePageFileQuota(), MiGetPpePdeOffset, MiInsertNode(), MiReturnPageFileQuota(), MM_DBG_COMMIT_INSERT_VAD, MM_MAX_COMMIT, MM_TRACK_COMMIT, MMVAD, MmWorkingSetList, NonPagedPool, NULL, _MMWSL::NumberOfCommittedPageTables, PagedPool, PDE_PER_PAGE, PS_JOB_STATUS_REPORT_COMMIT_CHANGES, PsChangeJobMemoryUsage(), PsChargePoolQuota(), PsGetCurrentProcess, PsReportProcessMemoryLimitViolation(), PsReturnPoolQuota(), PTE_SHIFT, TRUE, _EPROCESS::VadFreeHint, _EPROCESS::VadHint, _EPROCESS::VadRoot, and X64K. Referenced by MiCloneProcessAddressSpace(), MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiMapViewOfImageSection(), MiMapViewOfPhysicalSection(), MmInitializeProcessAddressSpace(), NtAllocateVirtualMemory(), and NtFreeVirtualMemory(). : This function inserts a virtual address descriptor into the tree and reorders the splay tree as appropriate. Arguments: Vad - Supplies a pointer to a virtual address descriptor Return Value: None - An exception is raised if quota is exceeded. --*/ { PMMADDRESS_NODE *Root; PEPROCESS CurrentProcess; SIZE_T RealCharge; SIZE_T PageCharge; SIZE_T PagedQuotaCharged; ULONG FirstPage; ULONG LastPage; SIZE_T PagedPoolCharge; LOGICAL ChargedPageFileQuota; LOGICAL ChargedJobCommit; ASSERT (Vad->EndingVpn >= Vad->StartingVpn); CurrentProcess = PsGetCurrentProcess(); // // Commit charge of MAX_COMMIT means don't charge quota. // if (Vad->u.VadFlags.CommitCharge != MM_MAX_COMMIT) { PageCharge = 0; PagedQuotaCharged = 0; ChargedPageFileQuota = FALSE; ChargedJobCommit = FALSE; // // Charge quota for the nonpaged pool for the VAD. This is // done here rather than by using ExAllocatePoolWithQuota // so the process object is not referenced by the quota charge. // PsChargePoolQuota (CurrentProcess, NonPagedPool, sizeof(MMVAD)); try { // // Charge quota for the prototype PTEs if this is a mapped view. // if ((Vad->u.VadFlags.PrivateMemory == 0) && (Vad->ControlArea != NULL)) { PagedPoolCharge = (Vad->EndingVpn - Vad->StartingVpn) << PTE_SHIFT; PsChargePoolQuota (CurrentProcess, PagedPool, PagedPoolCharge); PagedQuotaCharged = PagedPoolCharge; } #if !defined (_WIN64) // // Add in the charge for page table pages. // FirstPage = MiGetPpePdeOffset (MI_VPN_TO_VA (Vad->StartingVpn)); LastPage = MiGetPpePdeOffset (MI_VPN_TO_VA (Vad->EndingVpn)); while (FirstPage <= LastPage) { if (!MI_CHECK_BIT (MmWorkingSetList->CommittedPageTables, FirstPage)) { PageCharge += 1; } FirstPage += 1; } #endif RealCharge = Vad->u.VadFlags.CommitCharge + PageCharge; if (RealCharge != 0) { MiChargePageFileQuota (RealCharge, CurrentProcess); ChargedPageFileQuota = TRUE; #if 0 //commented out so page file quota is meaningful. if (Vad->u.VadFlags.PrivateMemory == 0) { if ((Vad->ControlArea->FilePointer == NULL) && (Vad->u.VadFlags.PhysicalMapping == 0)) { // // Don't charge commitment for the page file space // occupied by a page file section. This will be // charged as the shared memory is committed. // RealCharge -= 1 + (Vad->EndingVpn - Vad->StartingVpn); } } #endif //0 if (CurrentProcess->CommitChargeLimit) { if (CurrentProcess->CommitCharge + RealCharge > CurrentProcess->CommitChargeLimit) { if (CurrentProcess->Job) { PsReportProcessMemoryLimitViolation (); } ExRaiseStatus (STATUS_COMMITMENT_LIMIT); } } if (CurrentProcess->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { if (PsChangeJobMemoryUsage(RealCharge) == FALSE) { ExRaiseStatus (STATUS_COMMITMENT_LIMIT); } ChargedJobCommit = TRUE; } if (MiChargeCommitment (RealCharge, CurrentProcess) == FALSE) { ExRaiseStatus (STATUS_COMMITMENT_LIMIT); } CurrentProcess->CommitCharge += RealCharge; if (CurrentProcess->CommitCharge > CurrentProcess->CommitChargePeak) { CurrentProcess->CommitChargePeak = CurrentProcess->CommitCharge; } } } except (EXCEPTION_EXECUTE_HANDLER) { // // Return any quotas charged thus far. // PsReturnPoolQuota (CurrentProcess, NonPagedPool, sizeof(MMVAD)); if (PagedQuotaCharged != 0) { PsReturnPoolQuota (CurrentProcess, PagedPool, PagedPoolCharge); } if (ChargedPageFileQuota == TRUE) { MiReturnPageFileQuota (RealCharge, CurrentProcess); } if (ChargedJobCommit == TRUE) { // // Temporarily up the process commit charge as the // job code will be referencing it as though everything // has succeeded. // CurrentProcess->CommitCharge += RealCharge; PsChangeJobMemoryUsage(-(SSIZE_T)RealCharge); CurrentProcess->CommitCharge -= RealCharge; } ExRaiseStatus (GetExceptionCode()); } MM_TRACK_COMMIT (MM_DBG_COMMIT_INSERT_VAD, RealCharge); #if !defined (_WIN64) if (PageCharge != 0) { // // Since the commitment was successful, charge the page // table pages. // FirstPage = MiGetPpePdeOffset (MI_VPN_TO_VA (Vad->StartingVpn)); while (FirstPage <= LastPage) { if (!MI_CHECK_BIT (MmWorkingSetList->CommittedPageTables, FirstPage)) { MI_SET_BIT (MmWorkingSetList->CommittedPageTables, FirstPage); MmWorkingSetList->NumberOfCommittedPageTables += 1; #if defined (_X86PAE_) ASSERT (MmWorkingSetList->NumberOfCommittedPageTables < PD_PER_SYSTEM * PDE_PER_PAGE); #else ASSERT (MmWorkingSetList->NumberOfCommittedPageTables < PDE_PER_PAGE); #endif } FirstPage += 1; } } #endif } Root = (PMMADDRESS_NODE *)&CurrentProcess->VadRoot; // // Set the hint field in the process to this Vad. // CurrentProcess->VadHint = Vad; if (CurrentProcess->VadFreeHint != NULL) { if (((ULONG)((PMMVAD)CurrentProcess->VadFreeHint)->EndingVpn + MI_VA_TO_VPN (X64K)) >= Vad->StartingVpn) { CurrentProcess->VadFreeHint = Vad; } } MiInsertNode ( (PMMADDRESS_NODE)Vad, Root); return; }

VOID FASTCALL MiInsertWsle (  IN WSLE_NUMBER  Entry, IN PMMWSL  WorkingSetList )

Definition at line 51 of file wstree.c. References _MMSUPPORT::AllowWorkingSetAdjustment, ASSERT, DbgPrint, _MMWSLENTRY::Direct, _MMWSLE::e1, Index, _MMWSLE_HASH::Index, KeQueryTickCount(), _MMWSLE_HASH::Key, Key, LOCK_EXPANSION_IF_ALPHA, _MMWSLE::Long, MI_WSLE_HASH, MiCheckWsleHash(), MiFreeWsle(), MiGetPteAddress, MM_DBG_PTE_UPDATE, MM_GROW_WSLE_HASH, MmSessionSpace, MmSystemCacheWorkingSetList, MmSystemCacheWs, MmWorkingSetList, NULL, PAGE_ALIGN, PAGE_SIZE, PERFINFO_GET_PAGE_INFO, PERFINFO_LOG_WS_REMOVAL, PERFINFO_PAGE_INFO_DECL, PsGetCurrentProcess, Size, TickCount(), TRUE, _MMSUPPORT::u, _MMWSLE::u1, UNLOCK_EXPANSION_IF_ALPHA, _MMWSLENTRY::Valid, _MMWSLE::VirtualAddress, _MM_SESSION_SPACE::Vm, and WSLE_NUMBER. Referenced by MiRemoveWorkingSetPages(), and MiUpdateWsle(). : This routine inserts a Working Set List Entry (WSLE) into the working set. Arguments: Entry - The index number of the WSLE to insert. WorkingSetList - Supplies the working set list to insert into. Return Value: None. Environment: Kernel mode, APCs disabled, Working Set Mutex held. --*/ { PVOID VirtualAddress; PMMWSLE Wsle; PMMSUPPORT WsInfo; WSLE_NUMBER Hash; PMMWSLE_HASH Table; WSLE_NUMBER j; PMMPTE PointerPte; WSLE_NUMBER Index; LARGE_INTEGER TickCount; ULONG Size; #if defined(_ALPHA_) && !defined(_AXP64_) KIRQL OldIrql; #endif Wsle = WorkingSetList->Wsle; VirtualAddress = PAGE_ALIGN(Wsle[Entry].u1.VirtualAddress); #if DBG if (MmDebug & MM_DBG_PTE_UPDATE) { DbgPrint("inserting element %lx %lx\n", Entry, Wsle[Entry].u1.Long); } ASSERT (Wsle[Entry].u1.e1.Valid == 1); ASSERT (Wsle[Entry].u1.e1.Direct != 1); #endif //DBG WorkingSetList->NonDirectCount += 1; if ((Table = WorkingSetList->HashTable) == NULL) { return; } #if DBG MmNumberOfInserts += 1; #endif //DBG Hash = MI_WSLE_HASH(Wsle[Entry].u1.Long, WorkingSetList); // // Check hash table size and see if there is enough room to // hash or if the table should be grown. // if ((WorkingSetList->NonDirectCount + 10 + (WorkingSetList->HashTableSize >> 4)) > WorkingSetList->HashTableSize) { if (WorkingSetList == MmWorkingSetList) { WsInfo = &PsGetCurrentProcess()->Vm; ASSERT (WsInfo->u.Flags.SessionSpace == 0); } else if (WorkingSetList == MmSystemCacheWorkingSetList) { WsInfo = &MmSystemCacheWs; ASSERT (WsInfo->u.Flags.SessionSpace == 0); } else { WsInfo = &MmSessionSpace->Vm; ASSERT (WsInfo->u.Flags.SessionSpace == 1); } if ((Table + WorkingSetList->HashTableSize + ((2*PAGE_SIZE) / sizeof (MMWSLE_HASH)) <= (PMMWSLE_HASH)WorkingSetList->HighestPermittedHashAddress) && (WsInfo->AllowWorkingSetAdjustment)) { #if defined(_ALPHA_) && !defined(_AXP64_) LOCK_EXPANSION_IF_ALPHA (OldIrql); #endif WsInfo->AllowWorkingSetAdjustment = MM_GROW_WSLE_HASH; #if defined(_ALPHA_) && !defined(_AXP64_) UNLOCK_EXPANSION_IF_ALPHA (OldIrql); #endif } if ((WorkingSetList->NonDirectCount + (WorkingSetList->HashTableSize >> 4)) > WorkingSetList->HashTableSize) { // // No more room in the hash table, remove one and add there. // Pick a victim within 16 of where this would hash to. // KeQueryTickCount(&TickCount); j = Hash + (TickCount.LowPart & 0xF); Size = WorkingSetList->HashTableSize; if (j >= Size) { j = TickCount.LowPart & 0xF; } do { if (Table[j].Key != 0) { PERFINFO_PAGE_INFO_DECL(); PointerPte = MiGetPteAddress (Table[j].Key); Index = WorkingSetList->HashTable[j].Index; ASSERT (Wsle[Index].u1.e1.Valid == 1); PointerPte = MiGetPteAddress (Wsle[Index].u1.VirtualAddress); PERFINFO_GET_PAGE_INFO(PointerPte); if (MiFreeWsle (Index, WsInfo, PointerPte)) { PERFINFO_LOG_WS_REMOVAL(PERFINFO_LOG_TYPE_OUTWS_HASHFULL, WsInfo); break; } } j += 1; if (j >= Size) { j = 0; } } while (TRUE); } } // // Add to the hash table. // while (Table[Hash].Key != 0) { Hash += 1; if (Hash >= WorkingSetList->HashTableSize) { Hash = 0; } } Table[Hash].Key = Wsle[Entry].u1.Long & ~(PAGE_SIZE - 1); Table[Hash].Index = Entry; #if DBG if ((MmNumberOfInserts % 1000) == 0) { MiCheckWsleHash (WorkingSetList); } #endif //DBG return; }

ULONG MiIsEntireRangeCommitted (  IN PVOID  StartingAddress, IN PVOID  EndingAddress, IN PMMVAD  Vad, IN PEPROCESS  Process )

Definition at line 937 of file freevm.c. References FALSE, MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiGetPdeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteDecommittedPage(), MiIsPteOnPdeBoundary, PAGE_SIZE, PAGED_CODE, TRUE, and _MMPTE::u. Referenced by MiProtectVirtualMemory(), and NtFreeVirtualMemory(). 00946 : 00947 00948 This routine examines the range of pages from the starting address 00949 up to and including the ending address and returns TRUE if every 00950 page in the range is committed, FALSE otherwise. 00951 00952 Arguments: 00953 00954 StartingAddress - Supplies the starting address of the range. 00955 00956 EndingAddress - Supplies the ending address of the range. 00957 00958 Vad - Supplies the virtual address descriptor which describes the range. 00959 00960 Process - Supplies the current process. 00961 00962 Return Value: 00963 00964 TRUE if the entire range is committed. 00965 FALSE if any page within the range is not committed. 00966 00967 Environment: 00968 00969 Kernel mode, APCs disable, WorkingSetMutex and AddressCreation mutexes 00970 held. 00971 00972 --*/ 00973 00974 { 00975 PMMPTE PointerPte; 00976 PMMPTE LastPte; 00977 PMMPTE PointerPde; 00978 PMMPTE PointerPpe; 00979 ULONG FirstTime; 00980 ULONG Waited; 00981 PVOID Va; 00982 00983 PAGED_CODE(); 00984 00985 FirstTime = TRUE; 00986 00987 PointerPde = MiGetPdeAddress (StartingAddress); 00988 PointerPte = MiGetPteAddress (StartingAddress); 00989 LastPte = MiGetPteAddress (EndingAddress); 00990 00991 // 00992 // Set the Va to the starting address + 8, this solves problems 00993 // associated with address 0 (NULL) being used as a valid virtual 00994 // address and NULL in the VAD commitment field indicating no pages 00995 // are committed. 00996 // 00997 00998 Va = (PVOID)((PCHAR)StartingAddress + 8); 00999 01000 while (PointerPte <= LastPte) { 01001 01002 if (MiIsPteOnPdeBoundary(PointerPte) || (FirstTime)) { 01003 01004 // 01005 // This may be a PPE/PDE boundary, check to see if both 01006 // PPE/PDE pages exist. 01007 // 01008 01009 FirstTime = FALSE; 01010 PointerPde = MiGetPteAddress (PointerPte); 01011 PointerPpe = MiGetPteAddress (PointerPde); 01012 01013 do { 01014 01015 while (!MiDoesPpeExistAndMakeValid(PointerPpe, Process, FALSE, &Waited)) { 01016 01017 // 01018 // No PDE exists for the starting address, check the VAD 01019 // to see if the pages are committed. 01020 // 01021 01022 PointerPpe += 1; 01023 01024 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 01025 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 01026 Va = MiGetVirtualAddressMappedByPte (PointerPte); 01027 01028 if (PointerPte > LastPte) { 01029 01030 // 01031 // Make sure the entire range is committed. 01032 // 01033 01034 if (Vad->u.VadFlags.MemCommit == 0) { 01035 01036 // 01037 // The entire range to be decommitted is not committed, 01038 // return an error. 01039 // 01040 01041 return FALSE; 01042 } else { 01043 return TRUE; 01044 } 01045 } 01046 01047 // 01048 // Make sure the range thus far is committed. 01049 // 01050 01051 if (Vad->u.VadFlags.MemCommit == 0) { 01052 01053 // 01054 // The entire range to be decommitted is not committed, 01055 // return an error. 01056 // 01057 01058 return FALSE; 01059 } 01060 } 01061 01062 Waited = 0; 01063 01064 while (!MiDoesPdeExistAndMakeValid(PointerPde, Process, FALSE, &Waited)) { 01065 01066 // 01067 // No PDE exists for the starting address, check the VAD 01068 // to see if the pages are committed. 01069 // 01070 01071 PointerPde += 1; 01072 01073 PointerPpe = MiGetPteAddress (PointerPde); 01074 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 01075 Va = MiGetVirtualAddressMappedByPte (PointerPte); 01076 01077 if (PointerPte > LastPte) { 01078 01079 // 01080 // Make sure the entire range is committed. 01081 // 01082 01083 if (Vad->u.VadFlags.MemCommit == 0) { 01084 01085 // 01086 // The entire range to be decommitted is not committed, 01087 // return an error. 01088 // 01089 01090 return FALSE; 01091 } else { 01092 return TRUE; 01093 } 01094 } 01095 01096 // 01097 // Make sure the range thus far is committed. 01098 // 01099 01100 if (Vad->u.VadFlags.MemCommit == 0) { 01101 01102 // 01103 // The entire range to be decommitted is not committed, 01104 // return an error. 01105 // 01106 01107 return FALSE; 01108 } 01109 #if defined (_WIN64) 01110 if (MiIsPteOnPdeBoundary (PointerPde)) { 01111 PointerPpe = MiGetPteAddress (PointerPde); 01112 Waited = 1; 01113 break; 01114 } 01115 #endif 01116 } 01117 } while (Waited != 0); 01118 } 01119 01120 // 01121 // The page table page exists, check each PTE for commitment. 01122 // 01123 01124 if (PointerPte->u.Long == 0) { 01125 01126 // 01127 // This page has not been committed, check the VAD. 01128 // 01129 01130 if (Vad->u.VadFlags.MemCommit == 0) { 01131 01132 // 01133 // The entire range to be decommitted is not committed, 01134 // return an error. 01135 // 01136 01137 return FALSE; 01138 } 01139 } else { 01140 01141 // 01142 // Has this page been explicitly decommitted? 01143 // 01144 01145 if (MiIsPteDecommittedPage (PointerPte)) { 01146 01147 // 01148 // This page has been explicitly decommitted, return an error. 01149 // 01150 01151 return FALSE; 01152 } 01153 } 01154 PointerPte += 1; 01155 Va = (PVOID)((PCHAR)(Va) + PAGE_SIZE); 01156 } 01157 return TRUE; 01158 }

ULONG MiIsEntireRangeDecommitted (  IN PVOID  StartingAddress, IN PVOID  EndingAddress, IN PMMVAD  Vad, IN PEPROCESS  Process )

Referenced by NtAllocateVirtualMemory().

ULONG FASTCALL MiIsProtectionCompatible (  IN ULONG  OldProtect, IN ULONG  NewProtect )

Definition at line 139 of file mmsup.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, MiMakeProtectionMask(), MmCompatibleProtectionMask, and TRUE. Referenced by NtMapViewOfSection(). : This function takes two user supplied page protections and checks to see if the new protection is compatible with the old protection. protection compatible protections NoAccess NoAccess ReadOnly NoAccess, ReadOnly, ReadWriteCopy ReadWriteCopy NoAccess, ReadOnly, ReadWriteCopy ReadWrite NoAccess, ReadOnly, ReadWriteCopy, ReadWrite Execute NoAccess, Execute ExecuteRead NoAccess, ReadOnly, ReadWriteCopy, Execute, ExecuteRead, ExecuteWriteCopy ExecuteWrite NoAccess, ReadOnly, ReadWriteCopy, Execute, ExecuteRead, ExecuteWriteCopy, ReadWrite, ExecuteWrite ExecuteWriteCopy NoAccess, ReadOnly, ReadWriteCopy, Execute, ExecuteRead, ExecuteWriteCopy Arguments: OldProtect - Supplies the protection to be compatible with. NewProtect - Supplies the protection to check out. Return Value: Returns TRUE if the protection is compatible, FALSE if not. Environment: Kernel Mode. --*/ { ULONG Mask; ULONG ProtectMask; try { Mask = MiMakeProtectionMask (OldProtect) & 0x7; } except (EXCEPTION_EXECUTE_HANDLER) { return FALSE; } ProtectMask = MmCompatibleProtectionMask[Mask] | PAGE_GUARD | PAGE_NOCACHE; if ((ProtectMask | NewProtect) != ProtectMask) { return FALSE; } return TRUE; }

ULONG FASTCALL MiIsPteDecommittedPage (  IN PMMPTE  PointerPte  )

Definition at line 42 of file mmsup.c. References FALSE, MI_PTE_LOOKUP_NEEDED, MM_DECOMMIT, TRUE, and _MMPTE::u. Referenced by MiCalculatePageCommitment(), MiIsEntireRangeCommitted(), and MiQueryAddressState(). 00048 : 00049 00050 This function checks the contents of a PTE to determine if the 00051 PTE is explicitly decommitted. 00052 00053 If the PTE is a prototype PTE and the protection is not in the 00054 prototype PTE, the value FALSE is returned. 00055 00056 Arguments: 00057 00058 PointerPte - Supplies a pointer to the PTE to examine. 00059 00060 Return Value: 00061 00062 TRUE if the PTE is in the explicit decommitted state. 00063 FALSE if the PTE is not in the explicit decommitted state. 00064 00065 Environment: 00066 00067 Kernel mode, APCs disabled, WorkingSetLock held. 00068 00069 --*/ 00070 00071 { 00072 MMPTE PteContents; 00073 00074 PteContents = *PointerPte; 00075 00076 // 00077 // If the protection in the PTE is not decommitted, return false. 00078 // 00079 00080 if (PteContents.u.Soft.Protection != MM_DECOMMIT) { 00081 return FALSE; 00082 } 00083 00084 // 00085 // Check to make sure the protection field is really being interpreted 00086 // correctly. 00087 // 00088 00089 if (PteContents.u.Hard.Valid == 1) { 00090 00091 // 00092 // The PTE is valid and therefore cannot be decommitted. 00093 // 00094 00095 return FALSE; 00096 } 00097 00098 if ((PteContents.u.Soft.Prototype == 1) && 00099 (PteContents.u.Soft.PageFileHigh != MI_PTE_LOOKUP_NEEDED)) { 00100 00101 // 00102 // The PTE's protection is not known as it is in 00103 // prototype PTE format. Return FALSE. 00104 // 00105 00106 return FALSE; 00107 } 00108 00109 // 00110 // It is a decommitted PTE. 00111 // 00112 00113 return TRUE; 00114 }

LOGICAL MiIssuePageExtendRequest (  IN PMMPAGE_FILE_EXPANSION  PageExtend  )

Definition at line 4911 of file modwrite.c. References Executive, FALSE, KeReleaseSemaphore(), KernelMode, KeWaitForSingleObject(), L, _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, MmDereferenceSegmentHeader, MmOneSecond, MmTwentySeconds, NTSTATUS(), NULL, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, and TRUE. Referenced by MiChargeCommitment(), and NtCreatePagingFile(). : Queue a message to the segment dereferencing / pagefile extending thread to see if the page file can be extended. Extension is done in the context of a system thread due to mutexes which the current thread may be holding. Arguments: PageExtend - Supplies a pointer to the page file extension request. Return Value: TRUE indicates the request completed. FALSE indicates the request timed out and was removed. Environment: Kernel mode. No locks held. APC level or less. --*/ { KIRQL OldIrql; NTSTATUS status; PLIST_ENTRY NextEntry; ExAcquireFastLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); InsertTailList ( &MmDereferenceSegmentHeader.ListHead, &PageExtend->DereferenceList); ExReleaseFastLock (&MmDereferenceSegmentHeader.Lock, OldIrql); KeReleaseSemaphore (&MmDereferenceSegmentHeader.Semaphore, 0L, 1L, TRUE); // // Wait for the thread to extend the paging file. // status = KeWaitForSingleObject (&PageExtend->Event, Executive, KernelMode, FALSE, (PageExtend->RequestedExpansionSize < 10) ? &MmOneSecond : &MmTwentySeconds); if (status == STATUS_TIMEOUT) { // // The wait has timed out, if this request has not // been processed, remove it from the list and check // to see if we should allow this request to succeed. // This prevents a deadlock between the file system // trying to allocate memory in the FSP and the // segment dereferencing thread trying to close a // file object, and waiting in the file system. // KdPrint(("MiIssuePageExtendRequest: wait timed out, page-extend= %lx, quota = %lx\n", PageExtend, PageExtend->RequestedExpansionSize)); ExAcquireFastLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); NextEntry = MmDereferenceSegmentHeader.ListHead.Flink; while (NextEntry != &MmDereferenceSegmentHeader.ListHead) { // // Check to see if this is the entry we are waiting for. // if (NextEntry == &PageExtend->DereferenceList) { // // Remove this entry. // RemoveEntryList (&PageExtend->DereferenceList); ExReleaseFastLock (&MmDereferenceSegmentHeader.Lock, OldIrql); return FALSE; } NextEntry = NextEntry->Flink; } ExReleaseFastLock (&MmDereferenceSegmentHeader.Lock, OldIrql); // // Entry is being processed, wait for completion. // KdPrint (("MiIssuePageExtendRequest: rewaiting...\n")); KeWaitForSingleObject (&PageExtend->Event, Executive, KernelMode, FALSE, NULL); } return TRUE; }

VOID MiIssuePageExtendRequestNoWait (  IN PFN_NUMBER  SizeInPages  )

Definition at line 5023 of file modwrite.c. References ASSERT, _MMPAGE_FILE_EXPANSION::DereferenceList, DISPATCH_LEVEL, FALSE, _MMPAGE_FILE_EXPANSION::InProgress, KeReleaseSemaphore(), L, _MMDEREFERENCE_SEGMENT_HEADER::ListHead, _MMDEREFERENCE_SEGMENT_HEADER::Lock, MmAttemptForCantExtend, MmChargeCommitmentLock, MmDereferenceSegmentHeader, NTSTATUS(), ONEMB_IN_PAGES, _MMPAGE_FILE_EXPANSION::RequestedExpansionSize, _MMDEREFERENCE_SEGMENT_HEADER::Semaphore, and TRUE. Referenced by MiAllocatePoolPages(), and MmResourcesAvailable(). 05029 : 05030 05031 Queue a message to the segment dereferencing / pagefile extending 05032 thread to see if the page file can be extended. Extension is done 05033 in the context of a system thread due to mutexes which the current 05034 thread may be holding. 05035 05036 Arguments: 05037 05038 SizeInPages - Supplies the size in pages to increase the page file(s) by. 05039 This is rounded up to a 1MB multiple by this routine. 05040 05041 Return Value: 05042 05043 TRUE indicates the request completed. FALSE indicates the request timed 05044 out and was removed. 05045 05046 Environment: 05047 05048 Kernel mode. No locks held. APC level or less. 05049 05050 Note this routine must be very careful to not use any paged 05051 pool as the only reason it is being called is because pool is depleted. 05052 05053 --*/ 05054 05055 { 05056 KIRQL OldIrql; 05057 NTSTATUS status; 05058 PLIST_ENTRY NextEntry; 05059 05060 ASSERT (KeGetCurrentIrql() < DISPATCH_LEVEL); 05061 05062 ExAcquireFastLock (&MmChargeCommitmentLock, &OldIrql); 05063 05064 if (MmAttemptForCantExtend.InProgress != FALSE) { 05065 05066 // 05067 // An expansion request is already in progress, assume 05068 // it will help enough (another can always be issued later) and 05069 // that it will succeed. 05070 // 05071 05072 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 05073 return; 05074 } 05075 05076 MmAttemptForCantExtend.InProgress = TRUE; 05077 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 05078 05079 SizeInPages = (SizeInPages + ONEMB_IN_PAGES - 1) & ~(ONEMB_IN_PAGES - 1); 05080 05081 MmAttemptForCantExtend.RequestedExpansionSize = SizeInPages; 05082 05083 ExAcquireFastLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); 05084 05085 InsertTailList ( &MmDereferenceSegmentHeader.ListHead, 05086 &MmAttemptForCantExtend.DereferenceList); 05087 05088 ExReleaseFastLock (&MmDereferenceSegmentHeader.Lock, OldIrql); 05089 05090 KeReleaseSemaphore (&MmDereferenceSegmentHeader.Semaphore, 05091 0L, 05092 1L, 05093 FALSE); 05094 05095 return; 05096 } }

PMMVAD FASTCALL MiLocateAddress (  IN PVOID  Vad  )

Definition at line 380 of file vadtree.c. References MI_VA_TO_VPN, MiLocateAddressInTree(), NULL, PsGetCurrentProcess, _EPROCESS::VadHint, and _EPROCESS::VadRoot. Referenced by MiCheckVirtualAddress(), MiUnmapLockedPagesInUserSpace(), MmDeleteTeb(), MmFlushVirtualMemory(), MmMapUserAddressesToPage(), MmSecureVirtualMemory(), MmSetBankedSection(), MmUnmapViewOfSection(), MmUnsecureVirtualMemory(), NtAreMappedFilesTheSame(), NtFreeVirtualMemory(), NtLockVirtualMemory(), and NtUnlockVirtualMemory(). 00386 : 00387 00388 The function locates the virtual address descriptor which describes 00389 a given address. 00390 00391 Arguments: 00392 00393 VirtualAddress - Supplies the virtual address to locate a descriptor 00394 for. 00395 00396 Return Value: 00397 00398 Returns a pointer to the virtual address descriptor which contains 00399 the supplied virtual address or NULL if none was located. 00400 00401 --*/ 00402 00403 { 00404 PMMVAD FoundVad; 00405 PEPROCESS CurrentProcess; 00406 ULONG_PTR Vpn; 00407 00408 CurrentProcess = PsGetCurrentProcess(); 00409 00410 if (CurrentProcess->VadHint == NULL) { 00411 return NULL; 00412 } 00413 00414 Vpn = MI_VA_TO_VPN (VirtualAddress); 00415 if ((Vpn >= ((PMMADDRESS_NODE)CurrentProcess->VadHint)->StartingVpn) && 00416 (Vpn <= ((PMMADDRESS_NODE)CurrentProcess->VadHint)->EndingVpn)) { 00417 00418 return (PMMVAD)CurrentProcess->VadHint; 00419 } 00420 00421 FoundVad = (PMMVAD)MiLocateAddressInTree ( Vpn, 00422 (PMMADDRESS_NODE *)&(CurrentProcess->VadRoot)); 00423 00424 if (FoundVad != NULL) { 00425 CurrentProcess->VadHint = (PVOID)FoundVad; 00426 } 00427 return FoundVad; 00428 }

PMMADDRESS_NODE FASTCALL MiLocateAddressInTree (  IN ULONG_PTR  Vpn, IN PMMADDRESS_NODE *  Root )

Definition at line 1001 of file addrsup.c. References _MMADDRESS_NODE::EndingVpn, _MMADDRESS_NODE::LeftChild, MiReorderTree(), NULL, _MMADDRESS_NODE::RightChild, and _MMADDRESS_NODE::StartingVpn. Referenced by MiLocateAddress(). 01008 : 01009 01010 The function locates the virtual address descriptor which describes 01011 a given address. 01012 01013 Arguments: 01014 01015 Vpn - Supplies the virtual page number to locate a descriptor 01016 for. 01017 01018 Return Value: 01019 01020 Returns a pointer to the virtual address descriptor which contains 01021 the supplied virtual address or NULL if none was located. 01022 01023 --*/ 01024 01025 { 01026 01027 PMMADDRESS_NODE Parent; 01028 ULONG Level = 0; 01029 01030 Parent = *Root; 01031 01032 for (;;) { 01033 01034 if (Parent == (PMMADDRESS_NODE)NULL) { 01035 return (PMMADDRESS_NODE)NULL; 01036 } 01037 01038 if (Level == 20) { 01039 01040 // 01041 // There are 20 nodes above this point, reorder the 01042 // tree with this node as the root. 01043 // 01044 01045 MiReorderTree(Parent, Root); 01046 } 01047 01048 if (Vpn < Parent->StartingVpn) { 01049 Parent = Parent->LeftChild; 01050 Level += 1; 01051 01052 } else if (Vpn > Parent->EndingVpn) { 01053 Parent = Parent->RightChild; 01054 Level += 1; 01055 01056 } else { 01057 01058 // 01059 // The address is within the start and end range. 01060 // 01061 01062 return Parent; 01063 } 01064 } 01065 }

WSLE_NUMBER MiLocateAndReserveWsle (  IN PMMSUPPORT  WsInfo  )

Definition at line 117 of file wslist.c. References ASSERT, _MMWSLE::e1, FALSE, _MMWSL::FirstDynamic, _MMWSL::FirstFree, _MMWSL::LastEntry, _MMWSL::LastInitializedWsle, MiAddWorkingSetPage(), MiDoReplacement(), MM_FREE_WSLE_SHIFT, MmInfoCounters, MmPagesAboveWsMinimum, MmSystemCacheWs, MmTransitionSharedPages, MmTransitionSharedPagesPeak, _MMINFO_COUNTERS::PageFaultCount, _MMWSL::Quota, TRUE, _MMWSLE::u1, _MMWSLENTRY::Valid, _MMWSL::Wsle, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MiAddValidPageToWorkingSet(), MiAddWsleHash(), MiLockCode(), MmAccessFault(), MmCheckCachedPageState(), and MmCopyToCachedPage(). : This function examines the Working Set List for the current process and locates an entry to contain a new page. If the working set is not currently at its quota, the new page is added without removing a page, if the working set is at its quota a page is removed from the working set and the new page added in its place. Arguments: None. Return Value: Returns the working set index which is now reserved for the next page to be added. Environment: Kernel mode, APCs disabled, working set lock. PFN lock NOT held. --*/ { WSLE_NUMBER WorkingSetIndex; PMMWSL WorkingSetList; PMMWSLE Wsle; ULONG QuotaIncrement; BOOLEAN MustReplace; MustReplace = FALSE; WorkingSetList = WsInfo->VmWorkingSetList; Wsle = WorkingSetList->Wsle; // // Update page fault counts. // WsInfo->PageFaultCount += 1; MmInfoCounters.PageFaultCount += 1; // // Determine if a page should be removed from the working set to make // room for the new page. If so, remove it. In addition, determine // the size of the QuotaIncrement if the size needs to be boosted. // retry_replacement: QuotaIncrement = MiDoReplacement(WsInfo, MustReplace); ASSERT (WsInfo->WorkingSetSize <= WorkingSetList->Quota); WsInfo->WorkingSetSize += 1; if (WsInfo->WorkingSetSize > WorkingSetList->Quota) { // // Increment the quota and check boundary conditions. // WorkingSetList->Quota += QuotaIncrement; WsInfo->LastTrimFaultCount = WsInfo->PageFaultCount; if (WorkingSetList->Quota > WorkingSetList->LastInitializedWsle) { // // Add more pages to the working set list structure. // if (MiAddWorkingSetPage (WsInfo) == TRUE) { ASSERT (WsInfo->WorkingSetSize <= WorkingSetList->Quota); } else { // // No page was added to the working set list structure. // We must replace a page within this working set. // WsInfo->WorkingSetSize -= 1; MustReplace = TRUE; goto retry_replacement; } } } // // Get the working set entry from the free list. // ASSERT (WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle); ASSERT (WorkingSetList->FirstFree >= WorkingSetList->FirstDynamic); WorkingSetIndex = WorkingSetList->FirstFree; WorkingSetList->FirstFree = (WSLE_NUMBER)(Wsle[WorkingSetIndex].u1.Long >> MM_FREE_WSLE_SHIFT); ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); if (WsInfo->WorkingSetSize > WsInfo->MinimumWorkingSetSize) { MmPagesAboveWsMinimum += 1; } if (WsInfo->WorkingSetSize > WsInfo->PeakWorkingSetSize) { WsInfo->PeakWorkingSetSize = WsInfo->WorkingSetSize; } if (WsInfo == &MmSystemCacheWs) { if (WsInfo->WorkingSetSize + MmTransitionSharedPages > MmTransitionSharedPagesPeak) { MmTransitionSharedPagesPeak = WsInfo->WorkingSetSize + MmTransitionSharedPages; } } if (WorkingSetIndex > WorkingSetList->LastEntry) { WorkingSetList->LastEntry = WorkingSetIndex; } // // The returned entry is guaranteed to be available at this point. // ASSERT (Wsle[WorkingSetIndex].u1.e1.Valid == 0); return WorkingSetIndex; }

PSUBSECTION FASTCALL MiLocateSubsection (  IN PMMVAD  Vad, IN ULONG_PTR  Vpn )

Definition at line 783 of file extsect.c. References ASSERT, _SUBSECTION::NextSubsection, NULL, _SUBSECTION::PtesInSubsection, _SUBSECTION::SubsectionBase, and _CONTROL_AREA::u. Referenced by MiDeleteVirtualAddresses(), and MmFlushVirtualMemory(). 00790 : 00791 00792 This function calculates the address of the subsection 00793 for the corresponding virtual address. 00794 00795 This function only works for mapped files NOT mapped images. 00796 00797 Arguments: 00798 00799 00800 Vad - Supplies a pointer to the virtual address desciptor which 00801 encompasses the virtual address. 00802 00803 Vpn - Supplies the virtual page number to locate a prototype PTE 00804 for. 00805 00806 Return Value: 00807 00808 The corresponding prototype subsection. 00809 00810 --*/ 00811 00812 { 00813 PSUBSECTION Subsection; 00814 PCONTROL_AREA ControlArea; 00815 ULONG PteOffset; 00816 00817 ControlArea = Vad->ControlArea; 00818 00819 if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { 00820 Subsection = (PSUBSECTION)(ControlArea + 1); 00821 } 00822 else { 00823 Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); 00824 } 00825 00826 Subsection = (PSUBSECTION)(ControlArea + 1); 00827 00828 #if 0 00829 if (Subsection->NextSubsection == NULL) { 00830 00831 // 00832 // There is only one subsection, don't look any further. 00833 // 00834 00835 return Subsection; 00836 } 00837 #endif //0 00838 00839 if (ControlArea->u.Flags.Image) { 00840 00841 // 00842 // There is only one subsection, don't look any further. 00843 // 00844 00845 return Subsection; 00846 } 00847 00848 // 00849 // Locate the subsection which contains the First Prototype PTE 00850 // for this VAD. 00851 // 00852 00853 while ((Vad->FirstPrototypePte < Subsection->SubsectionBase) || 00854 (Vad->FirstPrototypePte >= 00855 &Subsection->SubsectionBase[Subsection->PtesInSubsection])) { 00856 00857 // 00858 // Get the next subsection. 00859 // 00860 00861 Subsection = Subsection->NextSubsection; 00862 if (Subsection == NULL) { 00863 return NULL; 00864 } 00865 } 00866 00867 // 00868 // How many PTEs beyond this subsection must we go? 00869 // 00870 00871 PteOffset = (ULONG)((Vpn - Vad->StartingVpn) + 00872 (ULONG)(Vad->FirstPrototypePte - Subsection->SubsectionBase)); 00873 00874 ASSERT (PteOffset < 0xF0000000); 00875 00876 // 00877 // Locate the subsection which contains the prototype PTEs. 00878 // 00879 00880 while (PteOffset >= Subsection->PtesInSubsection) { 00881 PteOffset -= Subsection->PtesInSubsection; 00882 Subsection = Subsection->NextSubsection; 00883 if (Subsection == NULL) { 00884 return NULL; 00885 } 00886 } 00887 00888 // 00889 // The PTEs are in this subsection. 00890 // 00891 00892 return Subsection; 00893 } }

WSLE_NUMBER FASTCALL MiLocateWsle (  IN PVOID  VirtualAddress, IN PMMWSL  WorkingSetList, IN WSLE_NUMBER  WsPfnIndex )

Definition at line 248 of file wstree.c. References ASSERT, _MMWSLE_HASH::Index, KeBugCheckEx(), _MMWSLE_HASH::Key, MI_GET_WORKING_SET_FROM_PTE, MI_MAXIMUM_PTE_WORKING_SET_INDEX, MI_WSLE_HASH, MiGetPteAddress, PAGE_ALIGN, _MMPTE::u, _MMWSLE::u1, _MMWSLE::VirtualAddress, and WSLE_NUMBER. Referenced by MiAllocatePoolPages(), MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDecommitPages(), MiDeleteAddressesInWorkingSet(), MiDeletePte(), MiDeleteSystemPagableVm(), MiGetPageProtection(), MiLockCode(), MiRemoveMappedPtes(), MiRemovePageFromWorkingSet(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSetProtectionOnSection(), MmUnmapViewInSystemCache(), NtLockVirtualMemory(), and NtUnlockVirtualMemory(). : This function locates the specified virtual address within the working set list. Arguments: VirtualAddress - Supplies the virtual to locate within the working set list. WorkingSetList - Supplies the working set list to search. WsPfnIndex - Supplies a hint to try before hashing or walking linearly. Return Value: Returns the index into the working set list which contains the entry. Environment: Kernel mode, APCs disabled, Working Set Mutex held. --*/ { WSLE_NUMBER i; PMMWSLE Wsle; ULONG Hash; PMMWSLE_HASH Table; ULONG Tries; WSLE_NUMBER WsPteIndex; PMMPTE PointerPte; Wsle = WorkingSetList->Wsle; VirtualAddress = PAGE_ALIGN(VirtualAddress); #if defined (_WIN64) PointerPte = MiGetPteAddress (VirtualAddress); WsPteIndex = MI_GET_WORKING_SET_FROM_PTE (PointerPte); if (WsPteIndex != 0) { while (WsPteIndex <= WorkingSetList->LastInitializedWsle) { if ((VirtualAddress == PAGE_ALIGN(Wsle[WsPteIndex].u1.VirtualAddress)) && (Wsle[WsPteIndex].u1.e1.Valid == 1)) { return WsPteIndex; } WsPteIndex += MI_MAXIMUM_PTE_WORKING_SET_INDEX; } // // No working set index for this PTE ! // KeBugCheckEx (MEMORY_MANAGEMENT, 0x41283, (ULONG_PTR)VirtualAddress, PointerPte->u.Long, (ULONG_PTR)WorkingSetList); } #endif if (WsPfnIndex <= WorkingSetList->LastInitializedWsle) { if ((VirtualAddress == PAGE_ALIGN(Wsle[WsPfnIndex].u1.VirtualAddress)) && (Wsle[WsPfnIndex].u1.e1.Valid == 1)) { return WsPfnIndex; } } if (WorkingSetList->HashTable) { Tries = 0; Table = WorkingSetList->HashTable; Hash = MI_WSLE_HASH(VirtualAddress, WorkingSetList); while (Table[Hash].Key != (ULONG_PTR)VirtualAddress) { Hash += 1; if (Hash >= WorkingSetList->HashTableSize) { Hash = 0; if (Tries != 0) { KeBugCheckEx (MEMORY_MANAGEMENT, 0x41284, (ULONG_PTR)VirtualAddress, WsPfnIndex, (ULONG_PTR)WorkingSetList); } Tries = 1; } } ASSERT (WorkingSetList->Wsle[Table[Hash].Index].u1.e1.Direct == 0); return Table[Hash].Index; } i = 0; for (; ; ) { if ((VirtualAddress == PAGE_ALIGN(Wsle[i].u1.VirtualAddress)) && (Wsle[i].u1.e1.Valid == 1)) { ASSERT (WorkingSetList->Wsle[i].u1.e1.Direct == 0); return i; } i += 1; } }

VOID MiLockCode (  IN PMMPTE  FirstPte, IN PMMPTE  LastPte, IN ULONG  LockType )

Definition at line 6461 of file iosup.c. References ActiveAndValid, APC_LEVEL, ASSERT, FALSE, _MMWSL::FirstDynamic, LOCK_PFN, MI_ADD_LOCKED_PAGE_CHARGE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_IS_PHYSICAL_ADDRESS, MI_IS_SESSION_IMAGE_ADDRESS, MI_MAKE_VALID_PTE, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MI_SET_PTE_IN_WORKING_SET, MI_WRITE_VALID_PTE, MI_ZERO_WSINDEX, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiLocateAndReserveWsle(), MiLocateWsle(), MiMakeSystemAddressValidPfnSystemWs(), MiReleaseWsle(), MiRemoveWsle(), MiSwapWslEntries(), MiUnlinkPageFromList(), MiUpdateWsle(), MM_BUMP_COUNTER, MM_LOCK_BY_REFCOUNT, MM_PFN_LOCK_ASSERT, MmLockedCode, MmPagedPoolEnd, MmPagedPoolStart, MmResidentAvailablePages, MmSessionSpace, MmSpecialPoolEnd, MmSpecialPoolStart, MmSystemCacheWorkingSetList, MmSystemCacheWs, MmTotalSystemDriverPages, _MMPFN::OriginalPte, PMMSUPPORT, PsGetCurrentThread, _MMPFN::PteAddress, TRUE, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, _MM_SESSION_SPACE::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::Wsle, WSLE_NUMBER, and ZeroKernelPte. Referenced by MmLockPagableSectionByHandle(), MmLockPagedPool(), and MmResetDriverPaging(). : This routine checks to see if the specified pages are resident in the process's working set and if so the reference count for the page is incremented. This allows the virtual address to be accessed without getting a hard page fault (have to go to the disk...) except for the extremely rare case when the page table page is removed from the working set and migrates to the disk. If the virtual address is that of the system wide global "cache", the virtual address of the "locked" pages is always guaranteed to be valid. NOTE: This routine is not to be used for general locking of user addresses - use MmProbeAndLockPages. This routine is intended for well behaved system code like the file system caches which allocates virtual addresses for mapping files AND guarantees that the mapping will not be modified (deleted or changed) while the pages are locked. Arguments: FirstPte - Supplies the base address to begin locking. LastPte - The last PTE to lock. LockType - Supplies either MM_LOCK_BY_REFCOUNT or MM_LOCK_NONPAGE. LOCK_BY_REFCOUNT increments the reference count to keep the page in memory, LOCK_NONPAGE removes the page from the working set so it's locked just like nonpaged pool. Return Value: None. Environment: Kernel mode, System working set mutex and PFN LOCK held. --*/ { PMMPFN Pfn1; PMMPTE PointerPte; MMPTE TempPte; MMPTE PteContents; WSLE_NUMBER WorkingSetIndex; WSLE_NUMBER SwapEntry; PFN_NUMBER PageFrameIndex; KIRQL OldIrql; LOGICAL SessionSpace; PMMWSL WorkingSetList; PMMSUPPORT Vm; #if PFN_CONSISTENCY KIRQL PfnIrql; #endif MM_PFN_LOCK_ASSERT(); SessionSpace = MI_IS_SESSION_IMAGE_ADDRESS (MiGetVirtualAddressMappedByPte(FirstPte)); if (SessionSpace == TRUE) { Vm = &MmSessionSpace->Vm; WorkingSetList = MmSessionSpace->Vm.VmWorkingSetList; } // // Session space is never locked by refcount. // ASSERT ((SessionSpace == FALSE) || (LockType != MM_LOCK_BY_REFCOUNT)); ASSERT (!MI_IS_PHYSICAL_ADDRESS(MiGetVirtualAddressMappedByPte(FirstPte))); PointerPte = FirstPte; MmLockedCode += 1 + LastPte - FirstPte; do { PteContents = *PointerPte; ASSERT (PteContents.u.Long != ZeroKernelPte.u.Long); if (PteContents.u.Hard.Valid == 0) { if (PteContents.u.Soft.Prototype == 1) { // // Page is not in memory and it is a prototype. // MiMakeSystemAddressValidPfnSystemWs ( MiGetVirtualAddressMappedByPte(PointerPte)); continue; } else if (PteContents.u.Soft.Transition == 1) { PageFrameIndex = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); if ((Pfn1->u3.e1.ReadInProgress) || (Pfn1->u3.e1.InPageError)) { // // Page read is ongoing, force a collided fault. // MiMakeSystemAddressValidPfnSystemWs ( MiGetVirtualAddressMappedByPte(PointerPte)); continue; } // // Paged pool is trimmed without regard to sharecounts. // This means a paged pool PTE can be in transition while // the page is still marked active. // if (Pfn1->u3.e1.PageLocation == ActiveAndValid) { ASSERT (((Pfn1->PteAddress >= MiGetPteAddress(MmPagedPoolStart)) && (Pfn1->PteAddress <= MiGetPteAddress(MmPagedPoolEnd))) || ((Pfn1->PteAddress >= MiGetPteAddress(MmSpecialPoolStart)) && (Pfn1->PteAddress <= MiGetPteAddress(MmSpecialPoolEnd)))); // // Don't increment the valid PTE count for the // paged pool page. // ASSERT (Pfn1->u2.ShareCount != 0); ASSERT (Pfn1->u3.e2.ReferenceCount != 0); Pfn1->u2.ShareCount += 1; } else { MiUnlinkPageFromList (Pfn1); // // Set the reference count and share counts to 1. Note the // reference count may be 1 already if a modified page // write is underway. The systemwide locked page charges // are correct in either case and nothing needs to be done // just yet. // Pfn1->u3.e2.ReferenceCount += 1; Pfn1->u2.ShareCount = 1; } Pfn1->u3.e1.PageLocation = ActiveAndValid; MI_MAKE_VALID_PTE (TempPte, PageFrameIndex, Pfn1->OriginalPte.u.Soft.Protection, PointerPte); MI_WRITE_VALID_PTE (PointerPte, TempPte); // // Increment the reference count one for putting it the // working set list and one for locking it for I/O. // if (LockType == MM_LOCK_BY_REFCOUNT) { // // Lock the page in the working set by upping the // reference count. // MI_ADD_LOCKED_PAGE_CHARGE (Pfn1, 34); Pfn1->u3.e2.ReferenceCount += 1; Pfn1->u1.Event = (PVOID)PsGetCurrentThread(); UNLOCK_PFN (APC_LEVEL); WorkingSetIndex = MiLocateAndReserveWsle (&MmSystemCacheWs); MiUpdateWsle (&WorkingSetIndex, MiGetVirtualAddressMappedByPte (PointerPte), MmSystemCacheWorkingSetList, Pfn1); MI_SET_PTE_IN_WORKING_SET (PointerPte, WorkingSetIndex); LOCK_PFN (OldIrql); } else { // // The wsindex field must be zero because the // page is not in the system (or session) working set. // ASSERT (Pfn1->u1.WsIndex == 0); // // Adjust available pages as this page is now not in any // working set, just like a non-paged pool page. On entry // this page was in transition so it was part of the // available pages by definition. // MmResidentAvailablePages -= 1; if (Pfn1->u3.e1.PrototypePte == 0) { MmTotalSystemDriverPages -= 1; } MM_BUMP_COUNTER(29, 1); } } else { // // Page is not in memory. // MiMakeSystemAddressValidPfnSystemWs ( MiGetVirtualAddressMappedByPte(PointerPte)); continue; } } else { // // This address is already in the system (or session) working set. // Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); // // Up the reference count so the page cannot be released. // MI_ADD_LOCKED_PAGE_CHARGE (Pfn1, 36); Pfn1->u3.e2.ReferenceCount += 1; if (LockType != MM_LOCK_BY_REFCOUNT) { // // If the page is in the system working set, remove it. // The system working set lock MUST be owned to check to // see if this page is in the working set or not. This // is because the pager may have just released the PFN lock, // acquired the system lock and is now trying to add the // page to the system working set. // // If the page is in the SESSION working set, it cannot be // removed as all these pages are carefully accounted for. // Instead move it to the locked portion of the working set // if it is not there already. // if (Pfn1->u1.WsIndex != 0) { UNLOCK_PFN (APC_LEVEL); if (SessionSpace == TRUE) { WorkingSetIndex = MiLocateWsle ( MiGetVirtualAddressMappedByPte(PointerPte), WorkingSetList, Pfn1->u1.WsIndex); if (WorkingSetIndex >= WorkingSetList->FirstDynamic) { SwapEntry = WorkingSetList->FirstDynamic; if (WorkingSetIndex != WorkingSetList->FirstDynamic) { // // Swap this entry with the one at first // dynamic. Note that the working set index // in the PTE is updated here as well. // MiSwapWslEntries (WorkingSetIndex, SwapEntry, Vm); } WorkingSetList->FirstDynamic += 1; } else { SwapEntry = WorkingSetIndex; } // // Indicate that the page is locked. // MmSessionSpace->Wsle[SwapEntry].u1.e1.LockedInWs = 1; } else { MiRemoveWsle (Pfn1->u1.WsIndex, MmSystemCacheWorkingSetList); MiReleaseWsle (Pfn1->u1.WsIndex, &MmSystemCacheWs); MI_SET_PTE_IN_WORKING_SET (PointerPte, 0); } LOCK_PFN (OldIrql); MI_ZERO_WSINDEX (Pfn1); // // Adjust available pages as this page is now not in any // working set, just like a non-paged pool page. // MmResidentAvailablePages -= 1; MM_BUMP_COUNTER(29, 1); if (Pfn1->u3.e1.PrototypePte == 0) { MmTotalSystemDriverPages -= 1; } } ASSERT (Pfn1->u3.e2.ReferenceCount > 1); MI_REMOVE_LOCKED_PAGE_CHARGE (Pfn1, 37); Pfn1->u3.e2.ReferenceCount -= 1; } } PointerPte += 1; } while (PointerPte <= LastPte); return; }

ULONG FASTCALL MiLockPagedAddress (  IN PVOID  VirtualAddress, IN ULONG  PfnLockHeld )

Definition at line 1058 of file mmsup.c. References FALSE, LOCK_PFN2, MI_ADD_LOCKED_PAGE_CHARGE, MI_PFN_ELEMENT, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiMakeSystemAddressValidPfn(), _MMPTE::u, _MMPFN::u3, and UNLOCK_PFN2. Referenced by MiCloneProcessAddressSpace(). : This routine checks to see if the virtual address is valid, and if not makes it valid. Arguments: VirtualAddress - Supplies the virtual address to make valid. CurrentProcess - Supplies a pointer to the current process. Return Value: Returns TRUE if lock released and wait performed, FALSE otherwise. Environment: Kernel mode. --*/ { PMMPTE PointerPte; PMMPFN Pfn1; KIRQL OldIrql; ULONG Waited = FALSE; PointerPte = MiGetPteAddress(VirtualAddress); // // The address must be within paged pool. // if (PfnLockHeld == FALSE) { LOCK_PFN2 (OldIrql); } if (PointerPte->u.Hard.Valid == 0) { Waited = MiMakeSystemAddressValidPfn ( MiGetVirtualAddressMappedByPte(PointerPte)); } Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); MI_ADD_LOCKED_PAGE_CHARGE(Pfn1, 6); Pfn1->u3.e2.ReferenceCount += 1; if (PfnLockHeld == FALSE) { UNLOCK_PFN2 (OldIrql); } return Waited; }

PLDR_DATA_TABLE_ENTRY MiLookupDataTableEntry (  IN PVOID  AddressWithinSection, IN ULONG  ResourceHeld )

Definition at line 6991 of file iosup.c. References ExAcquireResourceShared, ExReleaseResource, KeEnterCriticalRegion, KeLeaveCriticalRegion, NULL, PAGED_CODE, PsLoadedModuleList, PsLoadedModuleResource, and TRUE. Referenced by MmAddVerifierThunks(), MmGetSectionRange(), MmLockPagableDataSection(), MmPageEntireDriver(), and MmResetDriverPaging(). 06998 : 06999 07000 This functions locates the data table entry that maps the specified address. 07001 07002 Arguments: 07003 07004 AddressWithinSection - Supplies the address of a function contained 07005 within the desired module. 07006 07007 ResourceHeld - Supplies TRUE if the loaded module resource is already held, 07008 FALSE if not. 07009 07010 Return Value: 07011 07012 The address of the loaded module list data table entry that maps the 07013 argument address. 07014 07015 --*/ 07016 07017 { 07018 PLDR_DATA_TABLE_ENTRY DataTableEntry; 07019 PLDR_DATA_TABLE_ENTRY FoundEntry = NULL; 07020 PLIST_ENTRY NextEntry; 07021 07022 PAGED_CODE(); 07023 07024 // 07025 // Search the loaded module list for the data table entry that describes 07026 // the DLL that was just unloaded. It is possible that an entry is not in 07027 // the list if a failure occurred at a point in loading the DLL just before 07028 // the data table entry was generated. 07029 // 07030 07031 if (!ResourceHeld) { 07032 KeEnterCriticalRegion(); 07033 ExAcquireResourceShared (&PsLoadedModuleResource, TRUE); 07034 } 07035 07036 NextEntry = PsLoadedModuleList.Flink; 07037 do { 07038 07039 DataTableEntry = CONTAINING_RECORD(NextEntry, 07040 LDR_DATA_TABLE_ENTRY, 07041 InLoadOrderLinks); 07042 07043 // 07044 // Locate the loaded module that contains this address. 07045 // 07046 07047 if ( AddressWithinSection >= DataTableEntry->DllBase && 07048 AddressWithinSection < (PVOID)((PUCHAR)DataTableEntry->DllBase+DataTableEntry->SizeOfImage) ) { 07049 07050 FoundEntry = DataTableEntry; 07051 break; 07052 } 07053 07054 NextEntry = NextEntry->Flink; 07055 } while (NextEntry != &PsLoadedModuleList); 07056 07057 if (!ResourceHeld) { 07058 ExReleaseResource (&PsLoadedModuleResource); 07059 KeLeaveCriticalRegion(); 07060 } 07061 return FoundEntry; 07062 }

ULONG MiMakePdeExistAndMakeValid (  IN PMMPTE  PointerPde, IN PEPROCESS  TargetProcess, IN ULONG  PfnMutexHeld )

Definition at line 624 of file mmsup.c. References APC_LEVEL, ASSERT, FALSE, LOCK_PFN, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiMakeSystemAddressValid(), TRUE, _MMPTE::u, and UNLOCK_PFN. Referenced by MiCreatePageTablesForPhysicalRange(), MiDecommitPages(), MiMapLockedPagesInUserSpace(), MiMapViewOfPhysicalSection(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory(). 00632 : 00633 00634 This routine examines the specified Page Directory Parent Entry to 00635 determine if the page directory page mapped by the PPE exists. If it does, 00636 then it examines the specified Page Directory Entry to determine if 00637 the page table page mapped by the PDE exists. 00638 00639 If the page table page exists and is not currently in memory, the 00640 working set mutex and, if held, the PFN mutex are released and the 00641 page table page is faulted into the working set. The mutexes are 00642 reacquired. 00643 00644 If the PDE exists, the function returns true. 00645 00646 If the PDE does not exist, a zero filled PTE is created and it 00647 too is brought into the working set. In this case the return 00648 value is FALSE. 00649 00650 Arguments: 00651 00652 PointerPde - Supplies a pointer to the PDE to examine and bring 00653 into the working set. 00654 00655 TargetProcess - Supplies a pointer to the current process. 00656 00657 PfnMutexHeld - Supplies the value TRUE if the PFN mutex is held, FALSE 00658 otherwise. 00659 00660 Return Value: 00661 00662 TRUE if the PDE exists, FALSE if the PDE was created. 00663 00664 Environment: 00665 00666 Kernel mode, APCs disabled, WorkingSetLock held. 00667 00668 --*/ 00669 00670 { 00671 PMMPTE PointerPte; 00672 PMMPTE PointerPpe; 00673 KIRQL OldIrql; 00674 ULONG ReturnValue; 00675 00676 PointerPpe = MiGetPteAddress (PointerPde); 00677 00678 if (PointerPpe->u.Hard.Valid == 1 && PointerPde->u.Hard.Valid == 1) { 00679 00680 // 00681 // Already valid. 00682 // 00683 00684 return TRUE; 00685 } 00686 00687 // 00688 // Deal with the page directory page first. 00689 // 00690 00691 if (PointerPpe->u.Long == 0) { 00692 ReturnValue = FALSE; 00693 } else { 00694 ReturnValue = TRUE; 00695 } 00696 00697 // 00698 // Page directory parent entry not valid, make it valid. 00699 // 00700 00701 OldIrql = APC_LEVEL; 00702 00703 do { 00704 00705 if (PfnMutexHeld) { 00706 UNLOCK_PFN (OldIrql); 00707 } 00708 00709 // 00710 // Fault it in. 00711 // 00712 00713 MiMakeSystemAddressValid (PointerPde, TargetProcess); 00714 00715 ASSERT (PointerPpe->u.Hard.Valid == 1); 00716 00717 if (PfnMutexHeld) { 00718 LOCK_PFN (OldIrql); 00719 } 00720 00721 // 00722 // Now deal with the page table page. 00723 // 00724 00725 if (ReturnValue == TRUE) { 00726 if (PointerPde->u.Long == 0) { 00727 ReturnValue = FALSE; 00728 } else { 00729 ReturnValue = TRUE; 00730 } 00731 } 00732 00733 // 00734 // Page directory entry not valid, make it valid. 00735 // 00736 00737 OldIrql = APC_LEVEL; 00738 00739 if (PfnMutexHeld) { 00740 UNLOCK_PFN (OldIrql); 00741 } 00742 00743 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 00744 00745 // 00746 // Fault it in. 00747 // 00748 00749 MiMakeSystemAddressValid (PointerPte, TargetProcess); 00750 00751 ASSERT (PointerPde->u.Hard.Valid == 1); 00752 00753 if (PfnMutexHeld) { 00754 LOCK_PFN (OldIrql); 00755 } 00756 00757 } while (PointerPpe->u.Hard.Valid == 0 || PointerPde->u.Hard.Valid == 0); 00758 00759 return ReturnValue; 00760 }

ULONG FASTCALL MiMakeProtectionMask (  IN ULONG  Protect  )

Definition at line 243 of file mmsup.c. References ExRaiseStatus(), MM_GUARD_PAGE, MM_NOACCESS, MM_NOCACHE, MmUserProtectionToMask1, and MmUserProtectionToMask2. Referenced by MiIsProtectionCompatible(), MiProtectSpecialPool(), MiProtectVirtualMemory(), MiSetProtectionOnSection(), MmCreateSection(), MmMapViewOfSection(), MmSetPageProtection(), NtAllocateVirtualMemory(), NtMapViewOfSection(), and NtProtectVirtualMemory(). : This function takes a user supplied protection and converts it into a 5-bit protection code for the PTE. Arguments: Protect - Supplies the protection. Return Value: Returns the protection code for use in the PTE. An exception is raised if the user supplied protection is invalid. Environment: Kernel Mode. --*/ { ULONG Field1; ULONG Field2; ULONG ProtectCode; if (Protect >= (PAGE_NOCACHE * 2)) { ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); } Field1 = Protect & 0xF; Field2 = (Protect >> 4) & 0xF; // // Make sure at least one field is set. // if (Field1 == 0) { if (Field2 == 0) { // // Both fields are zero, raise exception. // ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); return 0; } ProtectCode = MmUserProtectionToMask2[Field2]; } else { if (Field2 != 0) { // // Both fields are non-zero, raise exception. // ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); return 0; } ProtectCode = MmUserProtectionToMask1[Field1]; } if (ProtectCode == -1) { ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); } if (Protect & PAGE_GUARD) { if (ProtectCode == MM_NOACCESS) { // // Invalid protection, no access and no_cache. // ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); } ProtectCode |= MM_GUARD_PAGE; } if (Protect & PAGE_NOCACHE) { if (ProtectCode == MM_NOACCESS) { // // Invalid protection, no access and no cache. // ExRaiseStatus (STATUS_INVALID_PAGE_PROTECTION); } ProtectCode |= MM_NOCACHE; } return ProtectCode; }

ULONG FASTCALL MiMakeSystemAddressValid (  IN PVOID  VirtualAddress, IN PEPROCESS  CurrentProcess )

Definition at line 764 of file mmsup.c. References ASSERT, FALSE, KeBugCheckEx(), KernelMode, LOCK_WS_REGARDLESS, MM_PAGED_POOL_START, MmAccessFault(), MmIsAddressValid(), MmPagedPoolEnd, NT_SUCCESS, NTSTATUS(), TRUE, and UNLOCK_WS_REGARDLESS. Referenced by MiCloneProcessAddressSpace(), MiDoesPdeExistAndMakeValid(), and MiMakePdeExistAndMakeValid(). : This routine checks to see if the virtual address is valid, and if not makes it valid. Arguments: VirtualAddress - Supplies the virtual address to make valid. CurrentProcess - Supplies a pointer to the current process. Return Value: Returns TRUE if lock released and wait performed, FALSE otherwise. Environment: Kernel mode, APCs disabled, WorkingSetLock held. --*/ { NTSTATUS status; LOGICAL WsHeldSafe; ULONG Waited; Waited = FALSE; ASSERT (VirtualAddress > MM_HIGHEST_USER_ADDRESS); ASSERT ((VirtualAddress < MM_PAGED_POOL_START) || (VirtualAddress > MmPagedPoolEnd)); while (!MmIsAddressValid(VirtualAddress)) { // // The virtual address is not present. Release // the working set mutex and fault it in. // // The working set lock may have been acquired safely or unsafely // by our caller. Handle both cases here and below. // UNLOCK_WS_REGARDLESS(CurrentProcess, WsHeldSafe); status = MmAccessFault (FALSE, VirtualAddress, KernelMode, (PVOID)0); if (!NT_SUCCESS(status)) { KdPrint (("MM:page fault status %lx\n",status)); KeBugCheckEx (KERNEL_DATA_INPAGE_ERROR, 1, (ULONG)status, (ULONG_PTR)CurrentProcess, (ULONG_PTR)VirtualAddress); } LOCK_WS_REGARDLESS(CurrentProcess, WsHeldSafe); Waited = TRUE; } return Waited; }

ULONG FASTCALL MiMakeSystemAddressValidPfn (  IN PVOID  VirtualAddress  )

Definition at line 996 of file mmsup.c. References APC_LEVEL, ASSERT, FALSE, KeBugCheckEx(), KernelMode, LOCK_PFN, MmAccessFault(), MmIsAddressValid(), NT_SUCCESS, NTSTATUS(), TRUE, and UNLOCK_PFN. Referenced by MiCheckProtoPtePageState(), MiCleanSection(), MiFlushSectionInternal(), MiLockPagedAddress(), MiSegmentDelete(), MiSetSystemCodeProtection(), MiUpdateImageHeaderPage(), MmAccessFault(), MmCheckCachedPageState(), MmCopyToCachedPage(), and MmPurgeSection(). 01002 : 01003 01004 This routine checks to see if the virtual address is valid, and if 01005 not makes it valid. 01006 01007 Arguments: 01008 01009 VirtualAddress - Supplies the virtual address to make valid. 01010 01011 Return Value: 01012 01013 Returns TRUE if lock released and wait performed, FALSE otherwise. 01014 01015 Environment: 01016 01017 Kernel mode, APCs disabled, only the PFN Lock held. 01018 01019 --*/ 01020 01021 { 01022 NTSTATUS status; 01023 KIRQL OldIrql = APC_LEVEL; 01024 01025 ULONG Waited = FALSE; 01026 01027 ASSERT (VirtualAddress > MM_HIGHEST_USER_ADDRESS); 01028 01029 while (!MmIsAddressValid(VirtualAddress)) { 01030 01031 // 01032 // The virtual address is not present. Release 01033 // the working set mutex and fault it in. 01034 // 01035 01036 UNLOCK_PFN (OldIrql); 01037 01038 status = MmAccessFault (FALSE, VirtualAddress, KernelMode, (PVOID)0); 01039 if (!NT_SUCCESS(status)) { 01040 KdPrint (("MM:page fault status %lx\n",status)); 01041 KeBugCheckEx (KERNEL_DATA_INPAGE_ERROR, 01042 3, 01043 (ULONG)status, 01044 (ULONG_PTR)VirtualAddress, 01045 0); 01046 } 01047 01048 LOCK_PFN (OldIrql); 01049 01050 Waited = TRUE; 01051 } 01052 01053 return Waited; 01054 }

ULONG FASTCALL MiMakeSystemAddressValidPfnSystemWs (  IN PVOID  VirtualAddress  )

Definition at line 916 of file mmsup.c. References APC_LEVEL, ASSERT, FALSE, KeBugCheckEx(), KernelMode, LOCK_PFN, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, MI_IS_SESSION_IMAGE_ADDRESS, MmAccessFault(), MmIsAddressValid(), NT_SUCCESS, NTSTATUS(), TRUE, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, and UNLOCK_SYSTEM_WS. Referenced by MiLockCode(), and MmLockPagableSectionByHandle(). 00922 : 00923 00924 This routine checks to see if the virtual address is valid, and if 00925 not makes it valid. 00926 00927 Arguments: 00928 00929 VirtualAddress - Supplies the virtual address to make valid. 00930 00931 Return Value: 00932 00933 Returns TRUE if lock released and wait performed, FALSE otherwise. 00934 00935 Environment: 00936 00937 Kernel mode, APCs disabled, PFN lock held, system working set lock held. 00938 00939 --*/ 00940 00941 { 00942 NTSTATUS status; 00943 ULONG Waited; 00944 KIRQL OldIrql; 00945 KIRQL OldIrqlWs; 00946 LOGICAL SessionSpace; 00947 00948 Waited = FALSE; 00949 OldIrql = APC_LEVEL; 00950 OldIrqlWs = APC_LEVEL; 00951 00952 ASSERT (VirtualAddress > MM_HIGHEST_USER_ADDRESS); 00953 00954 SessionSpace = MI_IS_SESSION_IMAGE_ADDRESS (VirtualAddress); 00955 00956 while (!MmIsAddressValid(VirtualAddress)) { 00957 00958 // 00959 // The virtual address is not present. Release 00960 // the working set mutex and fault it in. 00961 // 00962 00963 UNLOCK_PFN (OldIrql); 00964 00965 if (SessionSpace == TRUE) { 00966 UNLOCK_SESSION_SPACE_WS (OldIrqlWs); 00967 } 00968 else { 00969 UNLOCK_SYSTEM_WS (OldIrqlWs); 00970 } 00971 00972 status = MmAccessFault (FALSE, VirtualAddress, KernelMode, (PVOID)0); 00973 if (!NT_SUCCESS(status)) { 00974 KdPrint (("MM:page fault status %lx\n",status)); 00975 KeBugCheckEx (KERNEL_DATA_INPAGE_ERROR, 00976 2, 00977 (ULONG)status, 00978 (ULONG_PTR)0, 00979 (ULONG_PTR)VirtualAddress); 00980 } 00981 if (SessionSpace == TRUE) { 00982 LOCK_SESSION_SPACE_WS (OldIrqlWs); 00983 } 00984 else { 00985 LOCK_SYSTEM_WS (OldIrqlWs); 00986 } 00987 LOCK_PFN (OldIrql); 00988 00989 Waited = TRUE; 00990 } 00991 return Waited; 00992 }

ULONG FASTCALL MiMakeSystemAddressValidPfnWs (  IN PVOID  VirtualAddress, IN PEPROCESS CurrentProcess  OPTIONAL )

Definition at line 837 of file mmsup.c. References APC_LEVEL, ASSERT, FALSE, KeBugCheckEx(), KernelMode, LOCK_PFN, LOCK_WS_REGARDLESS, MmAccessFault(), MmIsAddressValid(), NT_SUCCESS, NTSTATUS(), NULL, TRUE, UNLOCK_PFN, and UNLOCK_WS_REGARDLESS. Referenced by MiCaptureSystemPte(), MiDecrementCloneBlockReference(), MiGetSubsectionAndProtoFromPte(), MiPurgeImageSection(), MiResetVirtualMemory(), and MiUpCloneProtoRefCount(). 00844 : 00845 00846 This routine checks to see if the virtual address is valid, and if 00847 not makes it valid. 00848 00849 Arguments: 00850 00851 VirtualAddress - Supplies the virtual address to make valid. 00852 00853 CurrentProcess - Supplies a pointer to the current process, if the 00854 working set lock is not held, this value is NULL. 00855 00856 Return Value: 00857 00858 Returns TRUE if lock released and wait performed, FALSE otherwise. 00859 00860 Environment: 00861 00862 Kernel mode, APCs disabled, PFN lock held, working set lock held 00863 if CurrentProcess != NULL. 00864 00865 --*/ 00866 00867 { 00868 NTSTATUS status; 00869 ULONG Waited; 00870 KIRQL OldIrql; 00871 LOGICAL WsHeldSafe; 00872 00873 Waited = FALSE; 00874 OldIrql = APC_LEVEL; 00875 00876 ASSERT (VirtualAddress > MM_HIGHEST_USER_ADDRESS); 00877 00878 while (!MmIsAddressValid(VirtualAddress)) { 00879 00880 // 00881 // The virtual address is not present. Release 00882 // the working set mutex and fault it in. 00883 // 00884 00885 UNLOCK_PFN (OldIrql); 00886 if (CurrentProcess != NULL) { 00887 00888 // 00889 // The working set lock may have been acquired safely or unsafely 00890 // by our caller. Handle both cases here and below. 00891 // 00892 00893 UNLOCK_WS_REGARDLESS(CurrentProcess, WsHeldSafe); 00894 } 00895 status = MmAccessFault (FALSE, VirtualAddress, KernelMode, (PVOID)0); 00896 if (!NT_SUCCESS(status)) { 00897 KdPrint (("MM:page fault status %lx\n",status)); 00898 KeBugCheckEx (KERNEL_DATA_INPAGE_ERROR, 00899 2, 00900 (ULONG)status, 00901 (ULONG_PTR)CurrentProcess, 00902 (ULONG_PTR)VirtualAddress); 00903 } 00904 if (CurrentProcess != NULL) { 00905 LOCK_WS_REGARDLESS(CurrentProcess, WsHeldSafe); 00906 } 00907 LOCK_PFN (OldIrql); 00908 00909 Waited = TRUE; 00910 } 00911 return Waited; 00912 }

PVOID MiMapImageHeaderInHyperSpace (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 80 of file axp64/hypermap.c. References ASSERT, DbgPrint, Executive, FALSE, IMAGE_MAPPING_PTE, KeBugCheck(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KernelMode, KeWaitForSingleObject(), LOCK_PFN, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MmImageMappingPteEvent, MmWorkingSetList, NULL, _MMPTE::u, UNLOCK_PFN, UNLOCK_PFN_AND_THEN_WAIT, ValidPtePte, and _MMWSL::WaitingForImageMapping. 00086 : 00087 00088 The physical address of the specified page is returned. 00089 00090 Arguments: 00091 00092 PageFrameIndex - Supplies the physical page number to map. 00093 00094 Return Value: 00095 00096 Returns the virtual address where the specified physical page was 00097 mapped. 00098 00099 Environment: 00100 00101 Kernel mode. 00102 00103 --*/ 00104 00105 { 00106 MMPTE TempPte; 00107 PMMPTE PointerPte; 00108 KIRQL OldIrql; 00109 00110 #if DBG 00111 00112 if (PageFrameIndex == 0) { 00113 DbgPrint("attempt to map physical page 0 in hyper space\n"); 00114 KeBugCheck (MEMORY_MANAGEMENT); 00115 } 00116 00117 #endif //DBG 00118 00119 PointerPte = MiGetPteAddress (IMAGE_MAPPING_PTE); 00120 00121 LOCK_PFN(OldIrql); 00122 00123 while (PointerPte->u.Long != 0) { 00124 00125 // 00126 // If there is no event specified, set one up. 00127 // 00128 00129 if (MmWorkingSetList->WaitingForImageMapping == (PKEVENT)NULL) { 00130 00131 // 00132 // Set the global event into the field and wait for it. 00133 // 00134 00135 MmWorkingSetList->WaitingForImageMapping = &MmImageMappingPteEvent; 00136 } 00137 00138 // 00139 // Release the PFN lock and wait on the event in an 00140 // atomic operation. 00141 // 00142 00143 KeEnterCriticalRegion(); 00144 00145 UNLOCK_PFN_AND_THEN_WAIT(OldIrql); 00146 00147 KeWaitForSingleObject(MmWorkingSetList->WaitingForImageMapping, 00148 Executive, 00149 KernelMode, 00150 FALSE, 00151 (PLARGE_INTEGER)NULL); 00152 00153 KeLeaveCriticalRegion(); 00154 00155 LOCK_PFN (OldIrql); 00156 } 00157 00158 ASSERT (PointerPte->u.Long == 0); 00159 00160 TempPte = ValidPtePte; 00161 TempPte.u.Hard.PageFrameNumber = PageFrameIndex; 00162 00163 *PointerPte = TempPte; 00164 00165 UNLOCK_PFN (OldIrql); 00166 00167 return (PVOID)MiGetVirtualAddressMappedByPte (PointerPte); 00168 }

PVOID MiMapPageInHyperSpace (  IN PFN_NUMBER  PageFrameIndex, OUT PKIRQL  OldIrql )

PVOID MiMapPageToZeroInHyperSpace (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 241 of file axp64/hypermap.c. References ASSERT, and MM_PFN_LOCK_ASSERT. 00247 : 00248 00249 This procedure maps the specified page frame into the 43-bit super 00250 page address range. 00251 00252 Arguments: 00253 00254 PageFrameIndex - Supplies the page frame to map. 00255 00256 Return Value: 00257 00258 The 43-bit super address of the respective page is returned as the 00259 function value. 00260 00261 --*/ 00262 00263 { 00264 00265 // 00266 // On AXP64 systems all pages can be mapped physically using the 43-bit 00267 // super page address range. 00268 // 00269 00270 ASSERT(PageFrameIndex != 0); 00271 00272 MM_PFN_LOCK_ASSERT(); 00273 00274 return KSEG_ADDRESS(PageFrameIndex); 00275 } }

VOID MiMappedPageWriter (  IN PVOID  StartContext  )

Definition at line 4239 of file modwrite.c. References APC_LEVEL, _MMMOD_WRITER_MDL_ENTRY::ControlArea, FALSE, _MMMOD_WRITER_MDL_ENTRY::File, _MMMOD_WRITER_MDL_ENTRY::FileResource, FsRtlAcquireFileForModWrite(), FsRtlSetTopLevelIrpForModWriter, IoAsynchronousPageWrite(), _MMMOD_WRITER_MDL_ENTRY::IoStatus, IoSynchronousPageWrite(), KeClearEvent, KeInitializeEvent, KeLowerIrql(), KeRaiseIrql(), KernelMode, KeSetPriorityThread(), KeWaitForSingleObject(), LOCK_PFN, _MMMOD_WRITER_MDL_ENTRY::Mdl, MiWriteComplete(), MmMappedPageWriterEvent, MmMappedPageWriterList, NT_ERROR, NTSTATUS(), NULL, PsGetCurrentThread, Status, TRUE, _CONTROL_AREA::u, _MMMOD_WRITER_MDL_ENTRY::u, UNLOCK_PFN, VOID(), _MMMOD_WRITER_MDL_ENTRY::WriteOffset, and WrVirtualMemory. Referenced by MiModifiedPageWriter(). 04245 : 04246 04247 Implements the NT secondary modified page writer thread. 04248 Requests for writes to mapped files are sent to this thread. 04249 This is required as the writing of mapped file pages could cause 04250 page faults resulting in requests for free pages. But there 04251 could be no free pages - hence a dead lock. Rather than deadlock 04252 the whole system waiting on the modified page writer, creating 04253 a secondary thread allows that thread to block without affecting 04254 on going page file writes. 04255 04256 Arguments: 04257 04258 StartContext - not used. 04259 04260 Return Value: 04261 04262 None. 04263 04264 Environment: 04265 04266 Kernel mode. 04267 04268 --*/ 04269 04270 { 04271 PMMMOD_WRITER_MDL_ENTRY ModWriterEntry; 04272 KIRQL OldIrql = 0; 04273 NTSTATUS Status; 04274 KEVENT TempEvent; 04275 04276 UNREFERENCED_PARAMETER (StartContext); 04277 04278 // 04279 // Make this a real time thread. 04280 // 04281 04282 (VOID) KeSetPriorityThread (&PsGetCurrentThread()->Tcb, 04283 LOW_REALTIME_PRIORITY + 1); 04284 04285 // 04286 // Let the file system know that we are getting resources. 04287 // 04288 04289 FsRtlSetTopLevelIrpForModWriter(); 04290 04291 KeInitializeEvent (&TempEvent, NotificationEvent, FALSE); 04292 04293 while (TRUE) { 04294 KeWaitForSingleObject (&MmMappedPageWriterEvent, 04295 WrVirtualMemory, 04296 KernelMode, 04297 FALSE, 04298 (PLARGE_INTEGER)NULL); 04299 04300 LOCK_PFN (OldIrql); 04301 if (IsListEmpty (&MmMappedPageWriterList)) { 04302 KeClearEvent (&MmMappedPageWriterEvent); 04303 UNLOCK_PFN (OldIrql); 04304 } else { 04305 04306 ModWriterEntry = (PMMMOD_WRITER_MDL_ENTRY)RemoveHeadList ( 04307 &MmMappedPageWriterList); 04308 04309 UNLOCK_PFN (OldIrql); 04310 04311 04312 if (ModWriterEntry->ControlArea->u.Flags.FailAllIo == 1) { 04313 Status = STATUS_UNSUCCESSFUL; 04314 04315 } else if (FsRtlAcquireFileForModWrite (ModWriterEntry->File, 04316 &ModWriterEntry->u.LastByte, 04317 &ModWriterEntry->FileResource)) { 04318 04319 // 04320 // Issue the write request. 04321 // 04322 04323 Status = IoAsynchronousPageWrite ( 04324 ModWriterEntry->File, 04325 &ModWriterEntry->Mdl, 04326 &ModWriterEntry->WriteOffset, 04327 MiWriteComplete, 04328 (PVOID)ModWriterEntry, 04329 &ModWriterEntry->u.IoStatus, 04330 &ModWriterEntry->Irp ); 04331 } else { 04332 04333 // 04334 // Unable to get the file system resources, set error status 04335 // to lock conflict (ignored by MiWriteComplete) so the APC 04336 // routine is explicitly called. 04337 // 04338 04339 Status = STATUS_FILE_LOCK_CONFLICT; 04340 } 04341 04342 if (NT_ERROR(Status)) { 04343 04344 // 04345 // An error has occurred, disable APC's and 04346 // call the write completion routine. 04347 // 04348 04349 ModWriterEntry->u.IoStatus.Status = Status; 04350 ModWriterEntry->u.IoStatus.Information = 0; 04351 KeRaiseIrql (APC_LEVEL, &OldIrql); 04352 MiWriteComplete ((PVOID)ModWriterEntry, 04353 &ModWriterEntry->u.IoStatus, 04354 0 ); 04355 KeLowerIrql (OldIrql); 04356 } 04357 #if 0 04358 //TEMPORARY code to use synchronous I/O here. 04359 04360 // 04361 // Issue the write request. 04362 // 04363 04364 Status = IoSynchronousPageWrite ( 04365 ModWriterEntry->File, 04366 &ModWriterEntry->Mdl, 04367 &ModWriterEntry->WriteOffset, 04368 &TempEvent, 04369 &ModWriterEntry->u.IoStatus ); 04370 04371 if (NT_ERROR(Status)) { 04372 ModWriterEntry->u.IoStatus.Status = Status; 04373 ModWriterEntry->u.IoStatus.Information = 0; 04374 } 04375 04376 if (NT_ERROR(ModWriterEntry->u.IoStatus.Status)) { 04377 KdPrint(("MM MODWRITE: modified page write failed %lx\n", Status)); 04378 } 04379 04380 // 04381 // Call the write completion routine. 04382 // 04383 04384 KeRaiseIrql (APC_LEVEL, &OldIrql); 04385 MiWriteComplete ((PVOID)ModWriterEntry, 04386 &ModWriterEntry->IoStatus, 04387 0 ); 04388 KeLowerIrql (OldIrql); 04389 #endif //0 04390 04391 } 04392 04393 } 04394 }

PVOID MiMapSinglePage (  IN PVOID VirtualAddress  OPTIONAL, IN PFN_NUMBER  PageFrameIndex, IN MEMORY_CACHING_TYPE  CacheType, IN MM_PAGE_PRIORITY  Priority )

Definition at line 2395 of file iosup.c. References ASSERT, FALSE, HighPagePriority, KeFlushEntireTb(), KeFlushSingleTb(), KeInvalidateAllCaches(), MI_DISABLE_CACHING, MI_IS_PHYSICAL_ADDRESS, MI_SET_PTE_WRITE_COMBINE, MI_WRITE_INVALID_PTE, MI_WRITE_VALID_PTE, MiGetPteAddress, MiGetSystemPteAvailability(), MiGetVirtualAddressMappedByPte, MiReserveSystemPtes(), MiSweepCacheMachineDependent(), MiWriteCombiningPtes, MM_COLOR_ALIGNMENT, MmCached, MmHardwareCoherentCached, MmNonCached, MmNonCachedUnordered, MmWriteCombined, NULL, PAGE_SIZE, PAGED_CODE, SystemPteSpace, TRUE, _MMPTE::u, ValidKernelPte, and ZeroPte. Referenced by MiCloneProcessAddressSpace(). 02404 : 02405 02406 This function (re)maps a single system PTE to the specified physical page. 02407 02408 Arguments: 02409 02410 VirtualAddress - Supplies the virtual address to map the page frame at. 02411 NULL indicates a system PTE is needed. Non-NULL supplies 02412 the virtual address returned by an earlier 02413 MiMapSinglePage call. 02414 02415 PageFrameIndex - Supplies the page frame index to map. 02416 02417 CacheType - Supplies the type of cache mapping to use for the MDL. 02418 MmCached indicates "normal" kernel or user mappings. 02419 02420 Priority - Supplies an indication as to how important it is that this 02421 request succeed under low available PTE conditions. 02422 02423 Return Value: 02424 02425 Returns the base address where the page is mapped, or NULL if it the 02426 mapping failed. 02427 02428 Environment: 02429 02430 Kernel mode. APC_LEVEL or below. 02431 02432 --*/ 02433 02434 { 02435 PMMPTE PointerPte; 02436 MMPTE TempPte; 02437 02438 PAGED_CODE (); 02439 02440 if (VirtualAddress == NULL) { 02441 02442 // 02443 // Make sure there are enough PTEs of the requested size. 02444 // 02445 02446 if ((Priority != HighPagePriority) && 02447 (MiGetSystemPteAvailability (1, Priority) == FALSE)) { 02448 return NULL; 02449 } 02450 02451 PointerPte = MiReserveSystemPtes (1, 02452 SystemPteSpace, 02453 MM_COLOR_ALIGNMENT, 02454 0, 02455 0); 02456 02457 if (PointerPte == NULL) { 02458 02459 // 02460 // Not enough system PTES are available. 02461 // 02462 02463 return NULL; 02464 } 02465 02466 ASSERT (PointerPte->u.Hard.Valid == 0); 02467 VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); 02468 } 02469 else { 02470 ASSERT (MI_IS_PHYSICAL_ADDRESS (VirtualAddress) == 0); 02471 ASSERT (VirtualAddress >= MM_SYSTEM_RANGE_START); 02472 02473 PointerPte = MiGetPteAddress (VirtualAddress); 02474 ASSERT (PointerPte->u.Hard.Valid == 1); 02475 02476 MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); 02477 02478 KeFlushSingleTb (VirtualAddress, 02479 TRUE, 02480 TRUE, 02481 (PHARDWARE_PTE)PointerPte, 02482 ZeroPte.u.Flush); 02483 } 02484 02485 TempPte = ValidKernelPte; 02486 02487 switch (CacheType) { 02488 02489 case MmNonCached: 02490 MI_DISABLE_CACHING (TempPte); 02491 break; 02492 02493 case MmCached: 02494 break; 02495 02496 case MmWriteCombined: 02497 MI_SET_PTE_WRITE_COMBINE (TempPte); 02498 break; 02499 02500 case MmHardwareCoherentCached: 02501 break; 02502 02503 #if 0 02504 case MmNonCachedUnordered: 02505 break; 02506 #endif 02507 02508 default: 02509 break; 02510 } 02511 02512 #if defined(_IA64_) 02513 if (CacheType != MmCached) { 02514 KeFlushEntireTb(FALSE, TRUE); 02515 } 02516 #endif 02517 02518 TempPte.u.Hard.PageFrameNumber = PageFrameIndex; 02519 02520 MI_WRITE_VALID_PTE (PointerPte, TempPte); 02521 02522 #if defined(i386) 02523 // 02524 // If write combined was specified then flush all caches and TBs. 02525 // 02526 02527 if (CacheType == MmWriteCombined && MiWriteCombiningPtes == TRUE) { 02528 KeFlushEntireTb (FALSE, TRUE); 02529 KeInvalidateAllCaches (TRUE); 02530 } 02531 #endif 02532 02533 #if defined(_IA64_) 02534 if (CacheType != MmCached) { 02535 MiSweepCacheMachineDependent(VirtualAddress, PAGE_SIZE, CacheType); 02536 } 02537 #endif 02538 02539 return VirtualAddress; 02540 }

NTSTATUS MiMapViewOfPhysicalSection (  IN PCONTROL_AREA  ControlArea, IN PEPROCESS  Process, IN PVOID *  CapturedBase, IN PLARGE_INTEGER  SectionOffset, IN PSIZE_T  CapturedViewSize, IN ULONG  ProtectionMask, IN ULONG_PTR  ZeroBits, IN ULONG  AllocationType, IN BOOLEAN  WriteCombined, OUT PBOOLEAN  ReleasedWsMutex )

Definition at line 43 of file alpha/physsect.c. References AggregatePages(), ASSERT, CONSISTENCY_LOCK_PFN, CONSISTENCY_UNLOCK_PFN, _MMVAD::ControlArea, DbgPrint, _MMVAD::EndingVpn, _MI_PHYSICAL_VIEW::EndVa, ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), ExRaiseStatus(), FALSE, _MMVAD::FirstPrototypePte, KeFlushEntireTb(), KeInvalidateAllCaches(), L, _MMVAD::LastContiguousPte, _MI_PHYSICAL_VIEW::ListEntry, LOCK_AWE, LOCK_PFN, LOCK_PFN2, LOCK_WS_UNSAFE, MaximumAlignment(), MI_64K_ALIGN, MI_CONVERT_PHYSICAL_BUS_TO_PFN, MI_GET_USED_PTES_FROM_HANDLE, MI_GET_USED_PTES_HANDLE, MI_INCREMENT_USED_PTES_BY_HANDLE, MI_IS_CACHING_DISABLED, MI_MAKE_VALID_PTE, MI_PFN_ELEMENT, MI_PHYSICAL_VIEW_KEY, MI_SET_PTE_DIRTY, MI_SET_PTE_WRITE_COMBINE, MI_VA_TO_VPN, MI_WRITE_VALID_PTE, MiCheckForConflictingVad, MiFindEmptyAddressRange(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGetSubsectionAddressForPte, MiGetVirtualAddressMappedByPte, MiInsertVad(), MiIsPteOnPdeBoundary, MiIsPteOnPpeBoundary, MiMakePdeExistAndMakeValid(), MiMakePpeExistAndMakeValid, MiProtoAddressForPte, MiSweepCacheMachineDependent(), MiWriteCombiningPtes, MM_USER_ADDRESS_RANGE_LIMIT, MM_VA_MAPPED_BY_PDE, MM_VIEW_UNMAP, MmPageSizeInfo, MMPPTE_NAME, MMVAD, MMVADKEY, MmWriteCombined, NonPagedPool, NULL, PAGE_SHIFT, PAGE_SIZE, _SUBSECTION::StartingSector, _MMVAD::StartingVpn, _MI_PHYSICAL_VIEW::StartVa, TRUE, _SUBSECTION::u, _MMPTE::u, _MMVAD::u, _MMPFN::u2, _MMVAD::u2, _MMVAD::u4, UNLOCK_AWE, UNLOCK_PFN, UNLOCK_PFN2, UNLOCK_WS_UNSAFE, _MI_PHYSICAL_VIEW::Vad, X64K, and ZeroPte. Referenced by MmMapViewOfSection(). : This routine maps the specified physical section into the specified process's address space. Arguments: see MmMapViewOfSection above... ControlArea - Supplies the control area for the section. Process - Supplies the process pointer which is receiving the section. ProtectionMask - Supplies the initial page protection-mask. ReleasedWsMutex - Supplies FALSE, receives TRUE if the working set mutex is released. Return Value: Status of the map view operation. Environment: Kernel Mode, working set mutex and address creation mutex held. --*/ { PMMVAD Vad; PVOID StartingAddress; PVOID EndingAddress; KIRQL OldIrql; KIRQL OldIrql2; PMMPTE PointerPpe; PMMPTE PointerPde; PMMPTE PointerPte; PMMPTE LastPte; MMPTE TempPte; PMMPFN Pfn2; ULONG PhysicalViewSize; ULONG Alignment; ULONG PagesToMap; ULONG NextPfn; PVOID UsedPageTableHandle; PVOID UsedPageDirectoryHandle; PMI_PHYSICAL_VIEW PhysicalView; // // Physical memory section. // #ifdef FIRSTDBG DbgPrint( "MM: Physsect CaptureBase = %x SectionOffset = %x\n", CapturedBase, SectionOffset->LowPart ); DbgPrint( "MM: Physsect Allocation Type = %x, MEM_LARGE_PAGES = %x\n", AllocationType, MEM_LARGE_PAGES ); #endif //FIRSTDBG // // Compute the alignment we require for the virtual mapping. // The default is 64K to match protection boundaries. // Larger page sizes are used if MEM_LARGE_PAGES is requested. // The Alpha AXP architecture supports granularity hints so that // larger pages can be defined in the following multiples of // PAGE_SIZE: // 8**(GH) * PAGE_SIZE, where GH element of {0,1,2,3} // Alignment = X64K; if( AllocationType & MEM_LARGE_PAGES ){ // // MaxAlignment is the maximum boundary alignment of the // SectionOffset (where the maximum boundary is one of the possible // granularity hints boundaries) // ULONG MaxAlignment = MaximumAlignment( SectionOffset->LowPart ); Alignment = (MaxAlignment > Alignment) ? MaxAlignment : Alignment; #ifdef FIRSTDBG DbgPrint( "MM: Alignment = %x, SectionOffset = %x\n", Alignment, SectionOffset->LowPart ); #endif //FIRSTDBG } LOCK_WS_UNSAFE (Process); if (*CapturedBase == NULL) { // // Attempt to locate address space. This could raise an // exception. // try { // // Find a starting address on an alignment boundary. // PhysicalViewSize = (SectionOffset->LowPart + *CapturedViewSize) - (ULONG)MI_64K_ALIGN(SectionOffset->LowPart); StartingAddress = MiFindEmptyAddressRange (PhysicalViewSize, Alignment, (ULONG)ZeroBits); } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } EndingAddress = (PVOID)(((ULONG)StartingAddress + PhysicalViewSize - 1L) | (PAGE_SIZE - 1L)); StartingAddress = (PVOID)((ULONG)StartingAddress + (SectionOffset->LowPart & (X64K - 1))); if (ZeroBits > 0) { if (EndingAddress > (PVOID)((ULONG)0xFFFFFFFF >> ZeroBits)) { return STATUS_NO_MEMORY; } } } else { // // Check to make sure the specified base address to ending address // is currently unused. // PhysicalViewSize = (SectionOffset->LowPart + *CapturedViewSize) - (ULONG)MI_64K_ALIGN(SectionOffset->LowPart); StartingAddress = (PVOID)((ULONG)MI_64K_ALIGN(*CapturedBase) + (SectionOffset->LowPart & (X64K - 1))); EndingAddress = (PVOID)(((ULONG)StartingAddress + *CapturedViewSize - 1L) | (PAGE_SIZE - 1L)); Vad = MiCheckForConflictingVad (StartingAddress, EndingAddress); if (Vad != (PMMVAD)NULL) { #if 0 MiDumpConflictingVad (StartingAddress, EndingAddress, Vad); #endif return STATUS_CONFLICTING_ADDRESSES; } } // // An unoccuppied address range has been found, build the virtual // address descriptor to describe this range. // // // Establish an exception handler and attempt to allocate // the pool and charge quota. Note that the InsertVad routine // will also charge quota which could raise an exception. // try { PhysicalView = (PMI_PHYSICAL_VIEW)ExAllocatePoolWithTag (NonPagedPool, sizeof(MI_PHYSICAL_VIEW), MI_PHYSICAL_VIEW_KEY); if (PhysicalView == NULL) { ExRaiseStatus (STATUS_INSUFFICIENT_RESOURCES); } Vad = (PMMVAD)ExAllocatePoolWithTag (NonPagedPool, sizeof(MMVAD), ' daV'); if (Vad == NULL) { ExRaiseStatus (STATUS_INSUFFICIENT_RESOURCES); } PhysicalView->Vad = Vad; PhysicalView->StartVa = StartingAddress; PhysicalView->EndVa = EndingAddress; Vad->StartingVpn = MI_VA_TO_VPN (StartingAddress); Vad->EndingVpn = MI_VA_TO_VPN (EndingAddress); Vad->ControlArea = ControlArea; Vad->u.LongFlags = 0; Vad->u2.VadFlags2.Inherit = ViewUnmap; Vad->u.VadFlags.PhysicalMapping = 1; Vad->u4.Banked = NULL; // Vad->u.VadFlags.ImageMap = 0; Vad->u.VadFlags.Protection = ProtectionMask; Vad->u2.VadFlags2.CopyOnWrite = 0; // Vad->u.VadFlags.LargePages = 0; Vad->FirstPrototypePte = (PMMPTE)(MI_CONVERT_PHYSICAL_BUS_TO_PFN(*SectionOffset)); // // Set the first prototype PTE field in the Vad. // Vad->LastContiguousPte = (PMMPTE)(MI_CONVERT_PHYSICAL_BUS_TO_PFN(*SectionOffset)); // // Insert the VAD. This could get an exception. // MiInsertVad (Vad); } except (EXCEPTION_EXECUTE_HANDLER) { if (PhysicalView != NULL) { ExFreePool (PhysicalView); } if (Vad != (PMMVAD)NULL) { // // The pool allocation suceeded, but the quota charge // in InsertVad failed, deallocate the pool and return // an error. // ExFreePool (Vad); return GetExceptionCode(); } return STATUS_INSUFFICIENT_RESOURCES; } // Increment the count of the number of views for the // section object. This requires the PFN mutex to be held. // LOCK_AWE (Process, OldIrql); LOCK_PFN2 (OldIrql2); InsertHeadList (&Process->PhysicalVadList, &PhysicalView->ListEntry); ControlArea->NumberOfMappedViews += 1; ControlArea->NumberOfUserReferences += 1; ASSERT (ControlArea->NumberOfSectionReferences != 0); UNLOCK_PFN2 (OldIrql2); UNLOCK_AWE (Process, OldIrql); // // Build the PTEs in the address space. // PointerPpe = MiGetPpeAddress (StartingAddress); PointerPde = MiGetPdeAddress (StartingAddress); PointerPte = MiGetPteAddress (StartingAddress); LastPte = MiGetPteAddress (EndingAddress); #if defined (_WIN64) MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); if (PointerPde->u.Long == 0) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); ASSERT (MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); } #endif MiMakePdeExistAndMakeValid(PointerPde, Process, FALSE); Pfn2 = MI_PFN_ELEMENT(PointerPde->u.Hard.PageFrameNumber); PagesToMap = ( ((ULONG)EndingAddress - (ULONG)StartingAddress) + (PAGE_SIZE-1) ) >> PAGE_SHIFT; NextPfn = MI_CONVERT_PHYSICAL_BUS_TO_PFN(*SectionOffset); #ifdef FIRSTDBG DbgPrint( "MM: Physsect, PagesToMap = %x NextPfn = %x\n", PagesToMap, NextPfn ); #endif //FIRSTDBG MI_MAKE_VALID_PTE (TempPte, NextPfn, ProtectionMask, PointerPte); if (WriteCombined == TRUE) { MI_SET_PTE_WRITE_COMBINE (TempPte); } if (TempPte.u.Hard.Write) { TempPte.u.Hard.Dirty = 1; } while (PointerPte <= LastPte) { ULONG PagesTogether; ULONG GranularityHint; // // Compute the number of pages that can be mapped together // if (AllocationType & MEM_LARGE_PAGES) { PagesTogether = AggregatePages (PointerPte, NextPfn, PagesToMap, &GranularityHint); } else { PagesTogether = 1; GranularityHint = 0; } #ifdef FIRSTDBG DbgPrint( "MM: Physsect PointerPte = %x, NextPfn = %x\n", PointerPte, NextPfn ); DbgPrint( "MM: Va = %x TempPte.Pfn = %x\n", MiGetVirtualAddressMappedByPte( PointerPte ), TempPte.u.Hard.PageFrameNumber ); DbgPrint( "MM: PagesToMap = %x\n", PagesToMap ); DbgPrint( "MM: PagesTogether = %x, GH = %x\n", PagesTogether, GranularityHint ); #endif //FIRSTDBG TempPte.u.Hard.GranularityHint = GranularityHint; NextPfn += PagesTogether; PagesToMap -= PagesTogether; UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MiGetVirtualAddressMappedByPte (PointerPte)); while (PagesTogether--) { if (MiIsPteOnPdeBoundary (PointerPte)) { PointerPde = MiGetPteAddress (PointerPte); if (MiIsPteOnPpeBoundary (PointerPte)) { PointerPpe = MiGetPteAddress (PointerPde); MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); if (PointerPde->u.Long == 0) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); ASSERT (MI_GET_USED_PTES_FROM_HANDLE (UsedPageDirectoryHandle) == 0); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); } } MiMakePdeExistAndMakeValid (PointerPde, Process, FALSE); Pfn2 = MI_PFN_ELEMENT (PointerPde->u.Hard.PageFrameNumber); UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MiGetVirtualAddressMappedByPte (PointerPte)); } ASSERT( PointerPte->u.Long == 0 ); *PointerPte = TempPte; #if PFN_CONSISTENCY LOCK_PFN (OldIrql); #endif Pfn2->u2.ShareCount += 1; #if PFN_CONSISTENCY UNLOCK_PFN (OldIrql); #endif // // Increment the count of non-zero page table entries for this // page table and the number of private pages for the process. // MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); PointerPte += 1; TempPte.u.Hard.PageFrameNumber += 1; } // while (PagesTogether-- ) } // while (PointerPte <= LastPte) UNLOCK_WS_UNSAFE (Process); *ReleasedWsMutex = TRUE; // // Update the current virtual size in the process header. // *CapturedViewSize = (ULONG)EndingAddress - (ULONG)StartingAddress + 1L; Process->VirtualSize += *CapturedViewSize; if (Process->VirtualSize > Process->PeakVirtualSize) { Process->PeakVirtualSize = Process->VirtualSize; } // // Translate the virtual address to a quasi-virtual address for // use by drivers that touch mapped devices. Note: the routine // HalCreateQva will not translate the StartingAddress if the // StartingAddress is within system memory address space. // // N.B. - It will not work to attempt map addresses that begin in // system memory and extend through i/o space. // *CapturedBase = HalCreateQva( *SectionOffset, StartingAddress ); return STATUS_SUCCESS; }

VOID MiMarkProcessAsWriteWatch (  IN PEPROCESS  Process  )

Referenced by MiPhysicalViewInserter().

VOID MiModifiedPageWriter (  IN PVOID  StartContext  )

Definition at line 2669 of file modwrite.c. References _MMMOD_WRITER_LISTHEAD::Event, ExAllocatePoolWithTag, FALSE, KeDelayExecutionThread(), KeInitializeEvent, KernelMode, KeSetPriorityThread(), L, _MMMOD_WRITER_MDL_ENTRY::Links, _MMMOD_WRITER_LISTHEAD::ListHead, MiMappedPageWriter(), MiModifiedPageWriterWorker(), MM_MAPPED_FILE_MDLS, MmFreePagingSpaceLow, MmMappedFileHeader, MmMappedFileMdl, MmMappedPageWriterEvent, MmMappedPageWriterList, MmModifiedWriteClusterSize, MmPagingFileHeader, MmSystemShutdown, NonPagedPoolMustSucceed, NULL, ObjectAttributes, PAGED_CODE, _MMMOD_WRITER_MDL_ENTRY::PagingFile, _MMMOD_WRITER_MDL_ENTRY::PagingListHead, PsCreateSystemThread(), PsGetCurrentThread, ThreadHandle, and VOID(). Referenced by MmInitSystem(). : Implements the NT modified page writer thread. When the modified page threshold is reached, or memory becomes overcommitted the modified page writer event is set, and this thread becomes active. Arguments: StartContext - not used. Return Value: None. Environment: Kernel mode. --*/ { HANDLE ThreadHandle; OBJECT_ATTRIBUTES ObjectAttributes; ULONG i; PAGED_CODE(); StartContext; //avoid compiler warning. // // Initialize listheads as empty. // MmSystemShutdown = 0; KeInitializeEvent (&MmPagingFileHeader.Event, NotificationEvent, FALSE); KeInitializeEvent (&MmMappedFileHeader.Event, NotificationEvent, FALSE); InitializeListHead(&MmPagingFileHeader.ListHead); InitializeListHead(&MmMappedFileHeader.ListHead); InitializeListHead(&MmFreePagingSpaceLow); for (i = 0; i < MM_MAPPED_FILE_MDLS; i += 1) { MmMappedFileMdl[i] = ExAllocatePoolWithTag (NonPagedPoolMustSucceed, sizeof(MMMOD_WRITER_MDL_ENTRY) + MmModifiedWriteClusterSize * sizeof(PFN_NUMBER), ' mM'); MmMappedFileMdl[i]->PagingFile = NULL; MmMappedFileMdl[i]->PagingListHead = &MmMappedFileHeader; InsertTailList (&MmMappedFileHeader.ListHead, &MmMappedFileMdl[i]->Links); } // // Make this a real time thread. // (VOID) KeSetPriorityThread (&PsGetCurrentThread()->Tcb, LOW_REALTIME_PRIORITY + 1); // // Start a secondary thread for writing mapped file pages. This // is required as the writing of mapped file pages could cause // page faults resulting in requests for free pages. But there // could be no free pages - hence a dead lock. Rather than deadlock // the whole system waiting on the modified page writer, creating // a secondary thread allows that thread to block without affecting // on going page file writes. // KeInitializeEvent (&MmMappedPageWriterEvent, NotificationEvent, FALSE); InitializeListHead(&MmMappedPageWriterList); InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL ); PsCreateSystemThread (&ThreadHandle, THREAD_ALL_ACCESS, &ObjectAttributes, 0L, NULL, MiMappedPageWriter, NULL ); ZwClose (ThreadHandle); MiModifiedPageWriterWorker(); // // Shutdown in progress, wait forever. // { LARGE_INTEGER Forever; // // System has shutdown, go into LONG wait. // Forever.LowPart = 0; Forever.HighPart = 0xF000000; KeDelayExecutionThread (KernelMode, FALSE, &Forever); } return; }

VOID MiModifiedPageWriterTimerDispatch (  IN PKDPC  Dpc, IN PVOID  DeferredContext, IN PVOID  SystemArgument1, IN PVOID  SystemArgument2 )

Definition at line 2782 of file modwrite.c. References FALSE, KeSetEvent(), LOCK_PFN2, MiMappedPagesTooOldEvent, MiTimerPending, TRUE, and UNLOCK_PFN2. Referenced by MmInitSystem(). : This routine is executed whenever modified mapped pages are waiting to be written. Its job is to signal the Modified Page Writer to write these out. Arguments: Dpc - Supplies a pointer to a control object of type DPC. DeferredContext - Optional deferred context; not used. SystemArgument1 - Optional argument 1; not used. SystemArgument2 - Optional argument 2; not used. Return Value: None. --*/ { KIRQL OldIrql; UNREFERENCED_PARAMETER (Dpc); UNREFERENCED_PARAMETER (DeferredContext); UNREFERENCED_PARAMETER (SystemArgument1); UNREFERENCED_PARAMETER (SystemArgument2); LOCK_PFN2 (OldIrql); MiTimerPending = TRUE; KeSetEvent (&MiMappedPagesTooOldEvent, 0, FALSE); UNLOCK_PFN2 (OldIrql); }

VOID MiObtainFreePages (  VOID   )

Definition at line 336 of file wsmanage.c. References FALSE, KeSetEvent(), MmAvailablePages, MmModifiedPageListHead, MmModifiedPageWriterEvent, MmModifiedWriteClusterSize, MmModNoWriteInsert, MmPagesAboveWsMinimum, MmPagesAboveWsThreshold, MmWorkingSetManagerEvent, and _MMPFNLIST::Total. Referenced by MiRemovePageByColor(), MiRemovePageFromList(), MiUnlinkFreeOrZeroedPage(), and MiUnlinkPageFromList(). 00342 : 00343 00344 This function examines the size of the modified list and the 00345 total number of pages in use because of working set increments 00346 and obtains pages by writing modified pages and/or reducing 00347 working sets. 00348 00349 Arguments: 00350 00351 None. 00352 00353 Return Value: 00354 00355 None. 00356 00357 Environment: 00358 00359 Kernel mode, APCs disabled, working set and PFN mutexes held. 00360 00361 --*/ 00362 00363 { 00364 00365 // 00366 // Check to see if there are enough modified pages to institute a 00367 // write. 00368 // 00369 00370 if ((MmModifiedPageListHead.Total >= MmModifiedWriteClusterSize) || 00371 (MmModNoWriteInsert)) { 00372 00373 // 00374 // Start the modified page writer. 00375 // 00376 00377 KeSetEvent (&MmModifiedPageWriterEvent, 0, FALSE); 00378 } 00379 00380 // 00381 // See if there are enough working sets above the minimum 00382 // threshold to make working set trimming worthwhile. 00383 // 00384 00385 if ((MmPagesAboveWsMinimum > MmPagesAboveWsThreshold) || 00386 (MmAvailablePages < 5)) { 00387 00388 // 00389 // Start the working set manager to reduce working sets. 00390 // 00391 00392 KeSetEvent (&MmWorkingSetManagerEvent, 0, FALSE); 00393 } 00394 }

VOID MiPhysicalViewAdjuster (  IN PEPROCESS  Process, IN PMMVAD  OldVad, IN PMMVAD  NewVad )

Definition at line 2721 of file iosup.c. References ASSERT, FALSE, LOCK_AWE, LOCK_PFN2, UNLOCK_AWE, UNLOCK_PFN2, and _MI_PHYSICAL_VIEW::Vad. Referenced by MmSecureVirtualMemory(). 02729 : 02730 02731 This function is a nonpaged wrapper which acquires the PFN lock to repoint 02732 a physical VAD in the process chain. 02733 02734 Arguments: 02735 02736 Process - Supplies the process in which to adjust the physical VAD. 02737 02738 Vad - Supplies the old Vad to replace. 02739 02740 NewVad - Supplies the newVad to substitute. 02741 02742 Return Value: 02743 02744 None. 02745 02746 Environment: 02747 02748 Kernel mode, called with APCs disabled, working set mutex held. 02749 02750 --*/ 02751 { 02752 KIRQL OldIrql; 02753 KIRQL OldIrql2; 02754 PLIST_ENTRY NextEntry; 02755 PMI_PHYSICAL_VIEW PhysicalView; 02756 02757 LOCK_AWE (Process, OldIrql); 02758 02759 LOCK_PFN2 (OldIrql2); 02760 02761 NextEntry = Process->PhysicalVadList.Flink; 02762 while (NextEntry != &Process->PhysicalVadList) { 02763 02764 PhysicalView = CONTAINING_RECORD(NextEntry, 02765 MI_PHYSICAL_VIEW, 02766 ListEntry); 02767 02768 if (PhysicalView->Vad == OldVad) { 02769 PhysicalView->Vad = NewVad; 02770 UNLOCK_PFN2 (OldIrql2); 02771 UNLOCK_AWE (Process, OldIrql); 02772 return; 02773 } 02774 02775 NextEntry = NextEntry->Flink; 02776 } 02777 02778 ASSERT (FALSE); 02779 02780 UNLOCK_PFN2 (OldIrql2); 02781 UNLOCK_AWE (Process, OldIrql); 02782 }

VOID MiPhysicalViewRemover (  IN PEPROCESS  Process, IN PMMVAD  Vad )

Definition at line 2641 of file iosup.c. References ASSERT, _MI_PHYSICAL_VIEW::BitMap, BitMap, ExFreePool(), FALSE, LOCK_AWE, LOCK_PFN2, MiActiveWriteWatch, NonPagedPool, NULL, PsReturnPoolQuota(), UNLOCK_AWE, UNLOCK_PFN2, and _MI_PHYSICAL_VIEW::Vad. Referenced by MiUnmapLockedPagesInUserSpace(), MmCleanProcessAddressSpace(), and NtFreeVirtualMemory(). 02648 : 02649 02650 This function is a nonpaged wrapper which acquires the PFN lock to remove 02651 a physical VAD from the process chain. 02652 02653 Arguments: 02654 02655 Process - Supplies the process to remove the physical VAD from. 02656 02657 Vad - Supplies the Vad to remove. 02658 02659 Return Value: 02660 02661 None. 02662 02663 Environment: 02664 02665 Kernel mode, APC_LEVEL, working set and address space mutexes held. 02666 02667 --*/ 02668 { 02669 KIRQL OldIrql; 02670 KIRQL OldIrql2; 02671 PRTL_BITMAP BitMap; 02672 PLIST_ENTRY NextEntry; 02673 PMI_PHYSICAL_VIEW PhysicalView; 02674 ULONG BitMapSize; 02675 02676 BitMap = NULL; 02677 02678 LOCK_AWE (Process, OldIrql); 02679 02680 LOCK_PFN2 (OldIrql2); 02681 02682 NextEntry = Process->PhysicalVadList.Flink; 02683 while (NextEntry != &Process->PhysicalVadList) { 02684 02685 PhysicalView = CONTAINING_RECORD(NextEntry, 02686 MI_PHYSICAL_VIEW, 02687 ListEntry); 02688 02689 if (PhysicalView->Vad == Vad) { 02690 RemoveEntryList (NextEntry); 02691 02692 if (Vad->u.VadFlags.WriteWatch == 1) { 02693 MiActiveWriteWatch -= 1; 02694 BitMap = PhysicalView->BitMap; 02695 ASSERT (BitMap != NULL); 02696 } 02697 02698 UNLOCK_PFN2 (OldIrql2); 02699 UNLOCK_AWE (Process, OldIrql); 02700 ExFreePool (PhysicalView); 02701 02702 if (BitMap != NULL) { 02703 BitMapSize = sizeof(RTL_BITMAP) + (ULONG)(((BitMap->SizeOfBitMap + 31) / 32) * 4); 02704 PsReturnPoolQuota (Process, NonPagedPool, BitMapSize); 02705 ExFreePool (BitMap); 02706 } 02707 02708 return; 02709 } 02710 02711 NextEntry = NextEntry->Flink; 02712 } 02713 02714 ASSERT (FALSE); 02715 02716 UNLOCK_PFN2 (OldIrql2); 02717 UNLOCK_AWE (Process, OldIrql); 02718 }

NTSTATUS MiProtectVirtualMemory (  IN PEPROCESS  Process, IN PVOID *  CapturedBase, IN PSIZE_T  CapturedRegionSize, IN ULONG  Protect, IN PULONG  LastProtect )

Definition at line 344 of file protect.c. References ALT_CHANGE, ASSERT, _MMVAD::ControlArea, _MMVAD::EndingVpn, ExAcquireFastMutexUnsafe(), EXCEPTION_EXECUTE_HANDLER, ExReleaseFastMutexUnsafe(), FALSE, L, LOCK_WS_AND_ADDRESS_SPACE, LOCK_WS_UNSAFE, MI_CONVERT_FROM_PTE_PROTECTION, MI_GET_USED_PTES_HANDLE, MI_GET_WORKING_SET_FROM_PTE, MI_INCREMENT_USED_PTES_BY_HANDLE, MI_MAKE_VALID_PTE, MI_PFN_ELEMENT, MI_SET_PTE_IN_WORKING_SET, MI_VA_TO_VPN, MiChangeNoAccessForkPte(), MiCheckForConflictingVad, MiCheckSecuredVad(), MiCopyOnWrite(), MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiFlushTbAndCapture(), MiGetPageProtection(), MiGetPdeAddress, MiGetPpeAddress, MiGetProtoPteAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsEntireRangeCommitted(), MiIsPteOnPdeBoundary, MiMakePdeExistAndMakeValid(), MiMakePpeExistAndMakeValid, MiMakeProtectForNativePage(), MiMakeProtectionMask(), MiProtectFor4kPage(), MiQueryProtectionFor4kPage(), MiRemovePageFromWorkingSet(), MiSetProtectionOnSection(), MiSetProtectionOnTransitionPte(), MM_PROTECTION_COPY_MASK, MmSectionCommitMutex, NT_SUCCESS, NTSTATUS(), NULL, _MMPFN::OriginalPte, PAGE_4K, PAGE_4K_ALIGN, PAGE_ALIGN, PAGE_SIZE, _MMVAD::StartingVpn, Status, TRUE, _MMVAD::u, _CONTROL_AREA::u, _MMPTE::u, _MMVAD::u2, _MMPFN::u3, UNLOCK_ADDRESS_SPACE, UNLOCK_WS_AND_ADDRESS_SPACE, UNLOCK_WS_UNSAFE, and VOID(). Referenced by NtAllocateVirtualMemory(), and NtProtectVirtualMemory(). : This routine changes the protection on a region of committed pages within the virtual address space of the subject process. Setting the protection on a range of pages causes the old protection to be replaced by the specified protection value. Arguments: Process - Supplies a pointer to the current process. BaseAddress - Supplies the starting address to protect. RegionsSize - Supplies the size of the region to protect. NewProtect - Supplies the new protection to set. LastProtect - Supplies the address of a kernel owned pointer to store (without probing) the old protection into. Return Value: the status of the protect operation. Environment: Kernel mode --*/ { PMMVAD FoundVad; PVOID StartingAddress; PVOID EndingAddress; PVOID CapturedBase; SIZE_T CapturedRegionSize; NTSTATUS Status; ULONG Attached; PMMPTE PointerPte; PMMPTE LastPte; PMMPTE PointerPde; PMMPTE PointerPpe; PMMPTE PointerProtoPte; PMMPTE LastProtoPte; PMMPFN Pfn1; ULONG CapturedOldProtect; ULONG ProtectionMask; MMPTE TempPte; MMPTE PteContents; MMPTE PreviousPte; ULONG Locked; PVOID Va; ULONG DoAgain; ULONG Waited; PVOID UsedPageTableHandle; PVOID UsedPageDirectoryHandle; ULONG WorkingSetIndex; #if defined(_MIALT4K_) PVOID OriginalBase; SIZE_T OriginalRegionSize; ULONG OriginalProtectionMask; PVOID StartingAddressFor4k; PVOID EndingAddressFor4k; SIZE_T CapturedRegionSizeFor4k; ULONG CapturedOldProtectFor4k; BOOLEAN EmulationFor4kPage = FALSE; #endif Attached = FALSE; Locked = FALSE; // // Get the address creation mutex to block multiple threads from // creating or deleting address space at the same time. // Get the working set mutex so PTEs can be modified. // Block APCs so an APC which takes a page // fault does not corrupt various structures. // CapturedBase = *BaseAddress; CapturedRegionSize = *RegionSize; #if defined(_MIALT4K_) OriginalBase = CapturedBase; OriginalRegionSize = CapturedRegionSize; if (Process->Wow64Process != NULL) { StartingAddressFor4k = (PVOID)PAGE_4K_ALIGN(OriginalBase); EndingAddressFor4k = (PVOID)(((ULONG_PTR)OriginalBase + OriginalRegionSize - 1) | (PAGE_4K - 1)); CapturedRegionSizeFor4k = (ULONG_PTR)EndingAddressFor4k - (ULONG_PTR)StartingAddressFor4k + 1L; OriginalProtectionMask = MiMakeProtectionMask(NewProtect); EmulationFor4kPage = TRUE; } #endif try { ProtectionMask = MiMakeProtectionMask (NewProtect); } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } LOCK_WS_AND_ADDRESS_SPACE (Process); // // Make sure the address space was not deleted, if so, return an error. // if (Process->AddressSpaceDeleted != 0) { Status = STATUS_PROCESS_IS_TERMINATING; goto ErrorFound; } EndingAddress = (PVOID)(((ULONG_PTR)CapturedBase + CapturedRegionSize - 1L) | (PAGE_SIZE - 1L)); StartingAddress = (PVOID)PAGE_ALIGN(CapturedBase); FoundVad = MiCheckForConflictingVad (StartingAddress, EndingAddress); if (FoundVad == (PMMVAD)NULL) { // // No virtual address is reserved at the specified base address, // return an error. // Status = STATUS_CONFLICTING_ADDRESSES; goto ErrorFound; } // // Ensure that the starting and ending addresses are all within // the same virtual address descriptor. // if ((MI_VA_TO_VPN (StartingAddress) < FoundVad->StartingVpn) || (MI_VA_TO_VPN (EndingAddress) > FoundVad->EndingVpn)) { // // Not within the section virtual address descriptor, // return an error. // Status = STATUS_CONFLICTING_ADDRESSES; goto ErrorFound; } if (FoundVad->u.VadFlags.UserPhysicalPages == 1) { // // These must always be readwrite. // Status = STATUS_CONFLICTING_ADDRESSES; goto ErrorFound; } if (FoundVad->u.VadFlags.PhysicalMapping == 1) { // // Setting the protection of a physically mapped section is // not allowed as there is no corresponding PFN database element. // Status = STATUS_CONFLICTING_ADDRESSES; goto ErrorFound; } if (FoundVad->u.VadFlags.NoChange == 1) { // // An attempt is made at changing the protection // of a secured VAD, check to see if the address range // to change allows the change. // Status = MiCheckSecuredVad (FoundVad, CapturedBase, CapturedRegionSize, ProtectionMask); if (!NT_SUCCESS (Status)) { goto ErrorFound; } } #if defined(_MIALT4K_) else if (EmulationFor4kPage == TRUE) { // // if not secured, relax the protection // NewProtect = MiMakeProtectForNativePage(StartingAddressFor4k, NewProtect, Process); ProtectionMask = MiMakeProtectionMask (NewProtect); } #endif if (FoundVad->u.VadFlags.PrivateMemory == 0) { // // For mapped sections, the NO_CACHE attribute is not allowed. // if (NewProtect & PAGE_NOCACHE) { // // Not allowed. // Status = STATUS_INVALID_PARAMETER_4; goto ErrorFound; } // // If this is a file mapping, then all pages must be // committed as there can be no sparse file maps. Images // can have non-committed pages if the alignment is greater // than the page size. // if ((FoundVad->ControlArea->u.Flags.File == 0) || (FoundVad->ControlArea->u.Flags.Image == 1)) { PointerProtoPte = MiGetProtoPteAddress (FoundVad, MI_VA_TO_VPN (StartingAddress)); LastProtoPte = MiGetProtoPteAddress (FoundVad, MI_VA_TO_VPN (EndingAddress)); // // Release the working set mutex and acquire the section // commit mutex. Check all the prototype PTEs described by // the virtual address range to ensure they are committed. // UNLOCK_WS_UNSAFE (Process); ExAcquireFastMutexUnsafe (&MmSectionCommitMutex); while (PointerProtoPte <= LastProtoPte) { // // Check to see if the prototype PTE is committed, if // not return an error. // if (PointerProtoPte->u.Long == 0) { // // Error, this prototype PTE is not committed. // ExReleaseFastMutexUnsafe (&MmSectionCommitMutex); Status = STATUS_NOT_COMMITTED; UNLOCK_ADDRESS_SPACE (Process); goto ErrorFoundNoWs; } PointerProtoPte += 1; } // // The range is committed, release the section commitment // mutex, acquire the working set mutex and update the local PTEs. // ExReleaseFastMutexUnsafe (&MmSectionCommitMutex); // // Set the protection on the section pages. This could // get a quota exceeded exception. // LOCK_WS_UNSAFE (Process); } #if defined(_MIALT4K_) // // We need to change the alternate table before PTEs are created for the protection // change. // if (EmulationFor4kPage == TRUE) { // // Before accessing Alternate Table, unlock the working set mutex // UNLOCK_WS_UNSAFE (Process); // // Get the old protection // CapturedOldProtectFor4k = MiQueryProtectionFor4kPage(StartingAddressFor4k, Process); if (CapturedOldProtectFor4k != 0) { CapturedOldProtectFor4k = MI_CONVERT_FROM_PTE_PROTECTION(CapturedOldProtectFor4k); } // // Set the alternate permission table // if ((FoundVad->u.VadFlags.ImageMap == 1) || (FoundVad->u2.VadFlags2.CopyOnWrite == 1)) { OriginalProtectionMask |= MM_PROTECTION_COPY_MASK; } MiProtectFor4kPage (StartingAddressFor4k, CapturedRegionSizeFor4k, OriginalProtectionMask, ALT_CHANGE, Process); LOCK_WS_UNSAFE (Process); } #endif try { Locked = MiSetProtectionOnSection ( Process, FoundVad, StartingAddress, EndingAddress, NewProtect, &CapturedOldProtect, FALSE ); } except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); goto ErrorFound; } } else { // // Not a section, private. // For private pages, the WRITECOPY attribute is not allowed. // if ((NewProtect & PAGE_WRITECOPY) || (NewProtect & PAGE_EXECUTE_WRITECOPY)) { // // Not allowed. // Status = STATUS_INVALID_PARAMETER_4; goto ErrorFound; } // // Ensure all of the pages are already committed as described // in the virtual address descriptor. // if ( !MiIsEntireRangeCommitted(StartingAddress, EndingAddress, FoundVad, Process)) { // // Previously reserved pages have been decommitted, or an error // occurred, release mutex and return status. // Status = STATUS_NOT_COMMITTED; goto ErrorFound; } #if defined(_MIALT4K_) // // We need to change the alternate table before PTEs are created for the protection // change. // if (EmulationFor4kPage == TRUE) { // // Before accessing Alternate Table, unlock the working set mutex // UNLOCK_WS_UNSAFE (Process); // // Get the old protection // CapturedOldProtectFor4k = MiQueryProtectionFor4kPage(StartingAddressFor4k, Process); if (CapturedOldProtectFor4k != 0) { CapturedOldProtectFor4k = MI_CONVERT_FROM_PTE_PROTECTION(CapturedOldProtectFor4k); } // // Set the alternate permission table // MiProtectFor4kPage (StartingAddressFor4k, CapturedRegionSizeFor4k, OriginalProtectionMask, ALT_CHANGE, Process); LOCK_WS_UNSAFE (Process); } #endif // // The address range is committed, change the protection. // PointerPpe = MiGetPpeAddress (StartingAddress); PointerPde = MiGetPdeAddress (StartingAddress); PointerPte = MiGetPteAddress (StartingAddress); LastPte = MiGetPteAddress (EndingAddress); #if defined (_WIN64) MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); if (PointerPde->u.Long == 0) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); } #endif MiMakePdeExistAndMakeValid(PointerPde, Process, FALSE); // // Capture the protection for the first page. // if (PointerPte->u.Long != 0) { CapturedOldProtect = MiGetPageProtection (PointerPte, Process); // // Make sure the page directory & table pages are still resident. // #if defined (_WIN64) MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); if (PointerPde->u.Long == 0) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); } #endif (VOID) MiMakePdeExistAndMakeValid(PointerPde, Process, FALSE); } else { // // Get the protection from the VAD. // CapturedOldProtect = MI_CONVERT_FROM_PTE_PROTECTION(FoundVad->u.VadFlags.Protection); } // // For all the PTEs in the specified address range, set the // protection depending on the state of the PTE. // while (PointerPte <= LastPte) { if (MiIsPteOnPdeBoundary (PointerPte)) { PointerPde = MiGetPteAddress (PointerPte); PointerPpe = MiGetPdeAddress (PointerPte); #if defined (_WIN64) MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); if (PointerPde->u.Long == 0) { UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); } #endif MiMakePdeExistAndMakeValid(PointerPde, Process, FALSE); } PteContents = *PointerPte; if (PteContents.u.Long == 0) { // // Increment the count of non-zero page table entries // for this page table and the number of private pages // for the process. The protection will be set as // if the PTE was demand zero. // UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MiGetVirtualAddressMappedByPte (PointerPte)); MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); } if (PteContents.u.Hard.Valid == 1) { // // Set the protection into both the PTE and the original PTE // in the PFN database. // Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); if (Pfn1->u3.e1.PrototypePte == 1) { // // This PTE refers to a fork prototype PTE, make it // private. // MiCopyOnWrite (MiGetVirtualAddressMappedByPte (PointerPte), PointerPte); // // This may have released the working set mutex and // the page directory and table pages may no longer be // in memory. // do { (VOID)MiDoesPpeExistAndMakeValid (MiGetPteAddress (PointerPde), Process, FALSE, &Waited); Waited = 0; (VOID)MiDoesPdeExistAndMakeValid (PointerPde, Process, FALSE, &Waited); } while (Waited != 0); // // Do the loop again for the same PTE. // continue; } else { // // The PTE is a private page which is valid, if the // specified protection is no-access or guard page // remove the PTE from the working set. // if ((NewProtect & PAGE_NOACCESS) || (NewProtect & PAGE_GUARD)) { // // Remove the page from the working set. // Locked = MiRemovePageFromWorkingSet (PointerPte, Pfn1, &Process->Vm); continue; } else { #if PFN_CONSISTENCY MiSetOriginalPteProtection (Pfn1, ProtectionMask); #else Pfn1->OriginalPte.u.Soft.Protection = ProtectionMask; #endif MI_MAKE_VALID_PTE (TempPte, PointerPte->u.Hard.PageFrameNumber, ProtectionMask, PointerPte); WorkingSetIndex = MI_GET_WORKING_SET_FROM_PTE (&PteContents); MI_SET_PTE_IN_WORKING_SET (&TempPte, WorkingSetIndex); // // Flush the TB as we have changed the protection // of a valid PTE. // PreviousPte.u.Flush = MiFlushTbAndCapture (PointerPte, TempPte.u.Flush, Pfn1); } } } else { if (PteContents.u.Soft.Prototype == 1) { // // This PTE refers to a fork prototype PTE, make the // page private. This is accomplished by releasing // the working set mutex, reading the page thereby // causing a fault, and re-executing the loop, hopefully, // this time, we'll find the page present and will // turn it into a private page. // // Note, that a TRY is used to catch guard // page exceptions and no-access exceptions. // Va = MiGetVirtualAddressMappedByPte (PointerPte); DoAgain = TRUE; while (PteContents.u.Hard.Valid == 0) { UNLOCK_WS_UNSAFE (Process); try { *(volatile ULONG *)Va; } except (EXCEPTION_EXECUTE_HANDLER) { if (GetExceptionCode() == STATUS_ACCESS_VIOLATION) { // // The prototype PTE must be noaccess. // DoAgain = MiChangeNoAccessForkPte (PointerPte, ProtectionMask); } else if (GetExceptionCode() == STATUS_IN_PAGE_ERROR) { // // Ignore this page and go onto the next one. // PointerPte += 1; DoAgain = TRUE; if (PointerPte > LastPte) { LOCK_WS_UNSAFE (Process); break; } } } LOCK_WS_UNSAFE (Process); do { (VOID)MiDoesPpeExistAndMakeValid (MiGetPteAddress (PointerPde), Process, FALSE, &Waited); Waited = 0; (VOID)MiDoesPdeExistAndMakeValid (PointerPde, Process, FALSE, &Waited); } while (Waited != 0); PteContents = *(volatile MMPTE *)PointerPte; } if (DoAgain) { continue; } } else { if (PteContents.u.Soft.Transition == 1) { if (MiSetProtectionOnTransitionPte ( PointerPte, ProtectionMask)) { continue; } } else { // // Must be page file space or demand zero. // PointerPte->u.Soft.Protection = ProtectionMask; ASSERT (PointerPte->u.Long != 0); } } } PointerPte += 1; } //end while } // // Common completion code. // #if defined(_MIALT4K_) if (EmulationFor4kPage == TRUE) { StartingAddress = StartingAddressFor4k; EndingAddress = EndingAddressFor4k; if (CapturedOldProtectFor4k != 0) { // // change CapturedOldProtect when CapturedOldProtectFor4k // contains the true protection for the 4k page // CapturedOldProtect = CapturedOldProtectFor4k; } } #endif *RegionSize = (PCHAR)EndingAddress - (PCHAR)StartingAddress + 1L; *BaseAddress = StartingAddress; *LastProtect = CapturedOldProtect; if (Locked) { Status = STATUS_WAS_UNLOCKED; } else { Status = STATUS_SUCCESS; } ErrorFound: UNLOCK_WS_AND_ADDRESS_SPACE (Process); ErrorFoundNoWs: return Status; }

VOID MiPurgeImageSection (  IN PCONTROL_AREA  ControlArea, IN PEPROCESS  Process )

Definition at line 541 of file umapview.c. References APC_LEVEL, ASSERT, _SUBSECTION::ControlArea, DbgPrint, FALSE, FreePageList, KeDelayExecutionThread(), KernelMode, LOCK_PFN, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MI_WRITE_INVALID_PTE, MiDecrementShareCount(), MiGetSubsectionAddressForPte, MiInsertPageInList(), MiIsPteOnPdeBoundary, MiMakeSystemAddressValidPfnWs(), MiReleasePageFileSpace(), MiUnlinkPageFromList(), MmPageLocationList, MMSECTOR_SHIFT, MmShortTime, NoAccessPte, _SUBSECTION::NumberOfFullSectors, _MMPFN::OriginalPte, PAGE_SIZE, _MMPFN::PteFrame, _SUBSECTION::PtesInSubsection, _SUBSECTION::StartingSector, _SUBSECTION::SubsectionBase, _SUBSECTION::u, _MMPTE::u, _MMPFN::u3, and UNLOCK_PFN. Referenced by MiCheckControlArea(). 00548 : 00549 00550 This function locates subsections within an image section that 00551 contain global memory and resets the global memory back to 00552 the initial subsection contents. 00553 00554 Note, that for this routine to be called the section is not 00555 referenced nor is it mapped in any process. 00556 00557 Arguments: 00558 00559 ControlArea - Supplies a pointer to the control area for the section. 00560 00561 Process - Supplies a pointer to the process IFF the working set mutex 00562 is held, else NULL is supplied. Note that IFF the working set 00563 mutex is held, it must always be acquired unsafe. 00564 00565 Return Value: 00566 00567 None. 00568 00569 Environment: 00570 00571 PFN LOCK held. 00572 00573 --*/ 00574 00575 { 00576 PMMPTE PointerPte; 00577 PMMPTE LastPte; 00578 PMMPFN Pfn1; 00579 MMPTE PteContents; 00580 MMPTE NewContents; 00581 MMPTE NewContentsDemandZero; 00582 KIRQL OldIrql = APC_LEVEL; 00583 ULONG i; 00584 ULONG SizeOfRawData; 00585 ULONG OffsetIntoSubsection; 00586 PSUBSECTION Subsection; 00587 #if DBG 00588 ULONG DelayCount = 0; 00589 #endif //DBG 00590 00591 ASSERT (ControlArea->u.Flags.Image != 0); 00592 00593 i = ControlArea->NumberOfSubsections; 00594 00595 if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { 00596 Subsection = (PSUBSECTION)(ControlArea + 1); 00597 } 00598 else { 00599 Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1); 00600 } 00601 00602 // 00603 // Loop through all the subsections 00604 00605 while (i > 0) { 00606 00607 if (Subsection->u.SubsectionFlags.GlobalMemory == 1) { 00608 00609 NewContents.u.Long = 0; 00610 NewContentsDemandZero.u.Long = 0; 00611 SizeOfRawData = 0; 00612 OffsetIntoSubsection = 0; 00613 00614 // 00615 // Purge this section. 00616 // 00617 00618 if (Subsection->StartingSector != 0) { 00619 00620 // 00621 // This is not a demand zero section. 00622 // 00623 00624 NewContents.u.Long = MiGetSubsectionAddressForPte(Subsection); 00625 NewContents.u.Soft.Prototype = 1; 00626 00627 SizeOfRawData = (Subsection->NumberOfFullSectors << MMSECTOR_SHIFT) | 00628 Subsection->u.SubsectionFlags.SectorEndOffset; 00629 } 00630 00631 NewContents.u.Soft.Protection = 00632 Subsection->u.SubsectionFlags.Protection; 00633 NewContentsDemandZero.u.Soft.Protection = 00634 NewContents.u.Soft.Protection; 00635 00636 PointerPte = Subsection->SubsectionBase; 00637 LastPte = &Subsection->SubsectionBase[Subsection->PtesInSubsection]; 00638 ControlArea = Subsection->ControlArea; 00639 00640 // 00641 // The WS lock may be released and reacquired and our callers 00642 // always acquire it unsafe. 00643 // 00644 00645 MiMakeSystemAddressValidPfnWs (PointerPte, Process); 00646 00647 while (PointerPte < LastPte) { 00648 00649 if (MiIsPteOnPdeBoundary(PointerPte)) { 00650 00651 // 00652 // We are on a page boundary, make sure this PTE is resident. 00653 // 00654 00655 MiMakeSystemAddressValidPfnWs (PointerPte, Process); 00656 } 00657 00658 PteContents = *PointerPte; 00659 if (PteContents.u.Long == 0) { 00660 00661 // 00662 // No more valid PTEs to deal with. 00663 // 00664 00665 break; 00666 } 00667 00668 ASSERT (PteContents.u.Hard.Valid == 0); 00669 00670 if ((PteContents.u.Soft.Prototype == 0) && 00671 (PteContents.u.Soft.Transition == 1)) { 00672 00673 // 00674 // The prototype PTE is in transition format. 00675 // 00676 00677 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Trans.PageFrameNumber); 00678 00679 // 00680 // If the prototype PTE is no longer pointing to 00681 // the original image page (not in protopte format), 00682 // or has been modified, remove it from memory. 00683 // 00684 00685 if ((Pfn1->u3.e1.Modified == 1) || 00686 (Pfn1->OriginalPte.u.Soft.Prototype == 0)) { 00687 ASSERT (Pfn1->OriginalPte.u.Hard.Valid == 0); 00688 00689 // 00690 // This is a transition PTE which has been 00691 // modified or is no longer in protopte format. 00692 // 00693 00694 if (Pfn1->u3.e2.ReferenceCount != 0) { 00695 00696 // 00697 // There must be an I/O in progress on this 00698 // page. Wait for the I/O operation to complete. 00699 // 00700 00701 UNLOCK_PFN (OldIrql); 00702 00703 KeDelayExecutionThread (KernelMode, FALSE, &MmShortTime); 00704 00705 // 00706 // Redo the loop. 00707 // 00708 #if DBG 00709 if ((DelayCount % 1024) == 0) { 00710 DbgPrint("MMFLUSHSEC: waiting for i/o to complete PFN %lx\n", 00711 Pfn1); 00712 } 00713 DelayCount += 1; 00714 #endif //DBG 00715 00716 LOCK_PFN (OldIrql); 00717 00718 MiMakeSystemAddressValidPfnWs (PointerPte, Process); 00719 continue; 00720 } 00721 00722 ASSERT (!((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 00723 (Pfn1->OriginalPte.u.Soft.Transition == 1))); 00724 00725 MI_WRITE_INVALID_PTE (PointerPte, Pfn1->OriginalPte); 00726 ASSERT (Pfn1->OriginalPte.u.Hard.Valid == 0); 00727 00728 // 00729 // Only reduce the number of PFN references if 00730 // the original PTE is still in prototype PTE 00731 // format. 00732 // 00733 00734 if (Pfn1->OriginalPte.u.Soft.Prototype == 1) { 00735 ControlArea->NumberOfPfnReferences -= 1; 00736 ASSERT ((LONG)ControlArea->NumberOfPfnReferences >= 0); 00737 } 00738 MiUnlinkPageFromList (Pfn1); 00739 00740 MI_SET_PFN_DELETED (Pfn1); 00741 00742 MiDecrementShareCount (Pfn1->PteFrame); 00743 00744 // 00745 // If the reference count for the page is zero, insert 00746 // it into the free page list, otherwise leave it alone 00747 // and when the reference count is decremented to zero 00748 // the page will go to the free list. 00749 // 00750 00751 if (Pfn1->u3.e2.ReferenceCount == 0) { 00752 MiReleasePageFileSpace (Pfn1->OriginalPte); 00753 MiInsertPageInList (MmPageLocationList[FreePageList], 00754 MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents)); 00755 } 00756 00757 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 00758 } 00759 } else { 00760 00761 // 00762 // Prototype PTE is not in transition format. 00763 // 00764 00765 if (PteContents.u.Soft.Prototype == 0) { 00766 00767 // 00768 // This refers to a page in the paging file, 00769 // as it no longer references the image, 00770 // restore the PTE contents to what they were 00771 // at the initial image creation. 00772 // 00773 00774 if (PteContents.u.Long != NoAccessPte.u.Long) { 00775 MiReleasePageFileSpace (PteContents); 00776 MI_WRITE_INVALID_PTE (PointerPte, NewContents); 00777 } 00778 } 00779 } 00780 PointerPte += 1; 00781 OffsetIntoSubsection += PAGE_SIZE; 00782 00783 if (OffsetIntoSubsection >= SizeOfRawData) { 00784 00785 // 00786 // There are trailing demand zero pages in this 00787 // subsection, set the PTE contents to be demand 00788 // zero for the remainder of the PTEs in this 00789 // subsection. 00790 // 00791 00792 NewContents = NewContentsDemandZero; 00793 } 00794 00795 #if DBG 00796 DelayCount = 0; 00797 #endif //DBG 00798 00799 } //end while 00800 } 00801 00802 i -=1; 00803 Subsection += 1; 00804 } 00805 00806 return; 00807 } }

VOID MiPurgeSubsectionInternal (  IN PSUBSECTION  Subsection, IN ULONG  PteOffset )

ULONG FASTCALL MiReleasePageFileSpace (  IN MMPTE  PteContents  )

Definition at line 1014 of file deleteva.c. References ASSERT, _MMPAGING_FILE::CurrentUsage, FALSE, _MMPAGING_FILE::FreeSpace, GET_PAGING_FILE_NUMBER, GET_PAGING_FILE_OFFSET, MiUpdateModifiedWriterMdls(), MM_PFN_LOCK_ASSERT, MM_USABLE_PAGES_FREE, MmNumberOfActiveMdlEntries, MmPagingFile, MmPagingFileDebug, RtlClearBits(), and TRUE. Referenced by MiCleanSection(), MiCompleteProtoPteFault(), MiCopyOnWrite(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDecrementReferenceCount(), MiDeletePte(), MiDeleteSystemPagableVm(), MiMakeOutswappedPageResident(), MiPurgeImageSection(), MiResetVirtualMemory(), MiSegmentDelete(), MiSetDirtyBit(), MiSetModifyBit(), MiSetPageModified(), MiWriteComplete(), MmPurgeSection(), MmSetAddressRangeModified(), and MmUnlockPages(). : This routine frees the paging file allocated to the specified PTE and adjusts the necessary quotas. Arguments: PteContents - Supplies the PTE which is in page file format. Return Value: Returns TRUE if any paging file space was deallocated. Environment: Kernel mode, APCs disabled, PFN lock held. --*/ { ULONG FreeBit; ULONG PageFileNumber; MM_PFN_LOCK_ASSERT(); if (PteContents.u.Soft.Prototype == 1) { // // Not in page file format. // return FALSE; } FreeBit = GET_PAGING_FILE_OFFSET (PteContents); if ((FreeBit == 0) || (FreeBit == 0xFFFFF)) { // // Page is not in a paging file, just return. // return FALSE; } PageFileNumber = GET_PAGING_FILE_NUMBER (PteContents); ASSERT (RtlCheckBit( MmPagingFile[PageFileNumber]->Bitmap, FreeBit) == 1); #if DBG if ((FreeBit < 8192) && (PageFileNumber == 0)) { ASSERT ((MmPagingFileDebug[FreeBit] & 1) != 0); MmPagingFileDebug[FreeBit] ^= 1; } #endif //DBG RtlClearBits ( MmPagingFile[PageFileNumber]->Bitmap, FreeBit, 1); MmPagingFile[PageFileNumber]->FreeSpace += 1; MmPagingFile[PageFileNumber]->CurrentUsage -= 1; // // Check to see if we should move some MDL entries for the // modified page writer now that more free space is available. // if ((MmNumberOfActiveMdlEntries == 0) || (MmPagingFile[PageFileNumber]->FreeSpace == MM_USABLE_PAGES_FREE)) { MiUpdateModifiedWriterMdls (PageFileNumber); } return TRUE; }

VOID MiReleaseSystemPtes (  IN PMMPTE  StartingPte, IN ULONG  NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE  SystemPteType )

Definition at line 1354 of file sysptes.c. References ASSERT, _MMPTE_FLUSH_LIST::Count, DbgPrint, DISPATCH_LEVEL, _MMPTE_FLUSH_LIST::FlushPte, _MMPTE_FLUSH_LIST::FlushVa, Index, KeBugCheckEx(), KeFlushEntireTb(), KeLowerIrql(), KeRaiseIrql(), MiCountFreeSystemPtes(), MiDumpSystemPtes(), MiFillMemoryPte, MiFlushPteList(), MiGetVirtualAddressMappedByPte, MiLockSystemSpace, MiUnlockSystemSpace, MM_DBG_SYS_PTES, MM_EMPTY_PTE_LIST, MM_KERNEL_NOACCESS_PTE, MM_MAX_SYSPTE_FREE, MM_MAXIMUM_FLUSH_COUNT, MM_MIN_SYSPTE_FREE, MM_PTE_TABLE_LIMIT, MmFirstFreeSystemPte, MmFlushCounter, MmFlushPte1, MmFreeSysPteListBySize, MmLastSysPteListBySize, MmSysPteIndex, MmSysPteListBySizeCount, MmSysPteMinimumFree, MmSysPteTables, MmSystemPteBase, MmSystemPtesEnd, MmSystemPtesStart, MmTotalFreeSystemPtes, NULL, PAGE_SIZE, Size, SystemPteSpace, TRUE, _MMPTE::u, and ZeroKernelPte. Referenced by ExFreePool(), MiAddSystemPtes(), MiDereferenceSession(), MiFeedSysPtePool(), MiFreeNonPagedPool(), MiInitializeSystemPtes(), MiLoadImageSection(), MiReloadBootLoadedDrivers(), MiSessionCreateInternal(), MiUnmapSinglePage(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmDeleteKernelStack(), MmFreeNonCachedMemory(), MmMapIoSpace(), MmMapLockedPagesSpecifyCache(), MmMapVideoDisplay(), MmUnloadSystemImage(), MmUnmapIoSpace(), MmUnmapLockedPages(), and MmUnmapVideoDisplay(). 01362 : 01363 01364 This function releases the specified number of PTEs 01365 within the non paged portion of system space. 01366 01367 Note that the PTEs must be invalid and the page frame number 01368 must have been set to zero. 01369 01370 Arguments: 01371 01372 StartingPte - Supplies the address of the first PTE to release. 01373 01374 NumberOfPtes - Supplies the number of PTEs to release. 01375 01376 SystemPtePoolType - Supplies the PTE type of the pool to release PTEs to, 01377 one of SystemPteSpace or NonPagedPoolExpansion. 01378 01379 Return Value: 01380 01381 none. 01382 01383 Environment: 01384 01385 Kernel mode. 01386 01387 --*/ 01388 01389 { 01390 ULONG_PTR Size; 01391 ULONG i; 01392 ULONG_PTR PteOffset; 01393 PMMPTE PointerPte; 01394 PMMPTE PointerFollowingPte; 01395 PMMPTE NextPte; 01396 KIRQL OldIrql; 01397 ULONG Index; 01398 #if defined(_IA64_) 01399 MMPTE_FLUSH_LIST PteFlushList; 01400 PMMPTE Previous; 01401 PVOID BaseAddress; 01402 #endif 01403 01404 // 01405 // Check to make sure the PTEs don't map anything. 01406 // 01407 01408 ASSERT (NumberOfPtes != 0); 01409 01410 #ifdef _MI_GUARD_PTE_ 01411 if (NumberOfPtes == 0) { 01412 KeBugCheckEx (SYSTEM_PTE_MISUSE, 01413 0xD, 01414 (ULONG_PTR)StartingPte, 01415 NumberOfPtes, 01416 SystemPtePoolType); 01417 } 01418 01419 if (SystemPtePoolType == SystemPteSpace) { 01420 if ((StartingPte + NumberOfPtes)->u.Long != MM_KERNEL_NOACCESS_PTE) { 01421 KeBugCheckEx (SYSTEM_PTE_MISUSE, 01422 0xE, 01423 (ULONG_PTR)StartingPte, 01424 NumberOfPtes, 01425 SystemPtePoolType); 01426 } 01427 NumberOfPtes += 1; 01428 } 01429 #endif 01430 01431 #if DBG 01432 if (StartingPte < MmSystemPtesStart[SystemPtePoolType]) { 01433 KeBugCheckEx (SYSTEM_PTE_MISUSE, 01434 0xF, 01435 (ULONG_PTR)StartingPte, 01436 NumberOfPtes, 01437 SystemPtePoolType); 01438 } 01439 01440 if (StartingPte > MmSystemPtesEnd[SystemPtePoolType]) { 01441 KeBugCheckEx (SYSTEM_PTE_MISUSE, 01442 0x10, 01443 (ULONG_PTR)StartingPte, 01444 NumberOfPtes, 01445 SystemPtePoolType); 01446 } 01447 #endif //DBG 01448 01449 #if 0 01450 if (MmDebug & MM_DBG_SYS_PTES) { 01451 DbgPrint("releasing 0x%lx system PTEs at location %lx\n",NumberOfPtes,StartingPte); 01452 } 01453 #endif //0 01454 01455 #if defined(_IA64_) 01456 01457 PteFlushList.Count = 0; 01458 Previous = StartingPte; 01459 BaseAddress = MiGetVirtualAddressMappedByPte (Previous); 01460 for (i = 0; i < NumberOfPtes ; i++) { 01461 if (PteFlushList.Count != MM_MAXIMUM_FLUSH_COUNT) { 01462 PteFlushList.FlushPte[PteFlushList.Count] = Previous; 01463 PteFlushList.FlushVa[PteFlushList.Count] = BaseAddress; 01464 PteFlushList.Count += 1; 01465 } 01466 *Previous = ZeroKernelPte; 01467 BaseAddress = (PVOID)((PCHAR)BaseAddress + PAGE_SIZE); 01468 Previous++; 01469 } 01470 01471 KeRaiseIrql (DISPATCH_LEVEL, &OldIrql); 01472 MiFlushPteList (&PteFlushList, TRUE, ZeroKernelPte); 01473 KeLowerIrql (OldIrql); 01474 01475 #else 01476 01477 // 01478 // Zero PTEs. 01479 // 01480 01481 #ifdef _MI_SYSPTE_DEBUG_ 01482 MiValidateSystemPtes (StartingPte, NumberOfPtes); 01483 #endif 01484 01485 MiFillMemoryPte (StartingPte, 01486 NumberOfPtes * sizeof (MMPTE), 01487 ZeroKernelPte.u.Long); 01488 01489 #ifdef _MI_SYSPTE_DEBUG_ 01490 01491 // 01492 // Invalidate any TB entries that might have been mapped to 01493 // immediately prevent bad callers from corrupting the system. 01494 // 01495 01496 KeFlushEntireTb (TRUE, TRUE); 01497 #endif 01498 01499 #endif 01500 01501 // 01502 // Acquire system space spin lock to synchronize access. 01503 // 01504 01505 PteOffset = (ULONG_PTR)(StartingPte - MmSystemPteBase); 01506 01507 #ifdef _MI_SYSPTE_DEBUG_ 01508 if (PteOffset == 0) { 01509 KeBugCheckEx (SYSTEM_PTE_MISUSE, 01510 0x11, 01511 (ULONG_PTR)StartingPte, 01512 NumberOfPtes, 01513 SystemPtePoolType); 01514 } 01515 #endif 01516 01517 MiLockSystemSpace(OldIrql); 01518 01519 #ifdef _MI_SYSPTE_DEBUG_ 01520 MiCheckPteRelease (StartingPte, NumberOfPtes); 01521 #endif 01522 01523 #ifndef _MI_GUARD_PTE_ 01524 if ((SystemPtePoolType == SystemPteSpace) && 01525 (NumberOfPtes <= MM_PTE_TABLE_LIMIT)) { 01526 01527 Index = MmSysPteTables [NumberOfPtes]; 01528 NumberOfPtes = MmSysPteIndex [Index]; 01529 01530 if (MmTotalFreeSystemPtes[SystemPteSpace] >= MM_MIN_SYSPTE_FREE) { 01531 01532 // 01533 // Don't add to the pool if the size is greater than 15 + the minimum. 01534 // 01535 01536 i = MmSysPteMinimumFree[Index]; 01537 if (MmTotalFreeSystemPtes[SystemPteSpace] >= MM_MAX_SYSPTE_FREE) { 01538 01539 // 01540 // Lots of free PTEs, quadruple the limit. 01541 // 01542 01543 i = i * 4; 01544 } 01545 i += 15; 01546 if (MmSysPteListBySizeCount[Index] <= i) { 01547 01548 #if DBG 01549 if (MmDebug & MM_DBG_SYS_PTES) { 01550 PMMPTE PointerPte1; 01551 01552 PointerPte1 = &MmFreeSysPteListBySize[Index]; 01553 while (PointerPte1->u.List.NextEntry != MM_EMPTY_PTE_LIST) { 01554 PMMPTE PointerFreedPte; 01555 ULONG j; 01556 01557 PointerPte1 = MmSystemPteBase + PointerPte1->u.List.NextEntry; 01558 PointerFreedPte = PointerPte1; 01559 for (j = 0; j < MmSysPteIndex[Index]; j++) { 01560 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 01561 PointerFreedPte++; 01562 } 01563 } 01564 } 01565 #endif //DBG 01566 MmSysPteListBySizeCount [Index] += 1; 01567 PointerPte = MmLastSysPteListBySize[Index]; 01568 ASSERT (PointerPte->u.List.NextEntry == MM_EMPTY_PTE_LIST); 01569 PointerPte->u.List.NextEntry = PteOffset; 01570 MmLastSysPteListBySize[Index] = StartingPte; 01571 StartingPte->u.List.NextEntry = MM_EMPTY_PTE_LIST; 01572 01573 #if DBG 01574 if (MmDebug & MM_DBG_SYS_PTES) { 01575 PMMPTE PointerPte1; 01576 PointerPte1 = &MmFreeSysPteListBySize[Index]; 01577 while (PointerPte1->u.List.NextEntry != MM_EMPTY_PTE_LIST) { 01578 PMMPTE PointerFreedPte; 01579 ULONG j; 01580 01581 PointerPte1 = MmSystemPteBase + PointerPte1->u.List.NextEntry; 01582 PointerFreedPte = PointerPte1; 01583 for (j = 0; j < MmSysPteIndex[Index]; j++) { 01584 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 01585 PointerFreedPte++; 01586 } 01587 } 01588 } 01589 #endif //DBG 01590 if (NumberOfPtes == 1) { 01591 if (MmFlushPte1 == NULL) { 01592 MmFlushPte1 = StartingPte; 01593 } 01594 } else { 01595 (StartingPte + 1)->u.List.NextEntry = MmFlushCounter; 01596 } 01597 01598 MiUnlockSystemSpace(OldIrql); 01599 return; 01600 } 01601 } 01602 } 01603 #endif 01604 01605 MmTotalFreeSystemPtes[SystemPtePoolType] += NumberOfPtes; 01606 01607 PteOffset = (ULONG_PTR)(StartingPte - MmSystemPteBase); 01608 PointerPte = &MmFirstFreeSystemPte[SystemPtePoolType]; 01609 01610 while (TRUE) { 01611 NextPte = MmSystemPteBase + PointerPte->u.List.NextEntry; 01612 if (PteOffset < PointerPte->u.List.NextEntry) { 01613 01614 // 01615 // Insert in the list at this point. The 01616 // previous one should point to the new freed set and 01617 // the new freed set should point to the place 01618 // the previous set points to. 01619 // 01620 // Attempt to combine the clusters before we 01621 // insert. 01622 // 01623 // Locate the end of the current structure. 01624 // 01625 01626 ASSERT (((StartingPte + NumberOfPtes) <= NextPte) || 01627 (PointerPte->u.List.NextEntry == MM_EMPTY_PTE_LIST)); 01628 01629 PointerFollowingPte = PointerPte + 1; 01630 if (PointerPte->u.List.OneEntry) { 01631 Size = 1; 01632 } else { 01633 Size = (ULONG_PTR) PointerFollowingPte->u.List.NextEntry; 01634 } 01635 if ((PointerPte + Size) == StartingPte) { 01636 01637 // 01638 // We can combine the clusters. 01639 // 01640 01641 NumberOfPtes += (ULONG)Size; 01642 PointerFollowingPte->u.List.NextEntry = NumberOfPtes; 01643 PointerPte->u.List.OneEntry = 0; 01644 01645 // 01646 // Point the starting PTE to the beginning of 01647 // the new free set and try to combine with the 01648 // following free cluster. 01649 // 01650 01651 StartingPte = PointerPte; 01652 01653 } else { 01654 01655 // 01656 // Can't combine with previous. Make this Pte the 01657 // start of a cluster. 01658 // 01659 01660 // 01661 // Point this cluster to the next cluster. 01662 // 01663 01664 StartingPte->u.List.NextEntry = PointerPte->u.List.NextEntry; 01665 01666 // 01667 // Point the current cluster to this cluster. 01668 // 01669 01670 PointerPte->u.List.NextEntry = PteOffset; 01671 01672 // 01673 // Set the size of this cluster. 01674 // 01675 01676 if (NumberOfPtes == 1) { 01677 StartingPte->u.List.OneEntry = 1; 01678 01679 } else { 01680 StartingPte->u.List.OneEntry = 0; 01681 PointerFollowingPte = StartingPte + 1; 01682 PointerFollowingPte->u.List.NextEntry = NumberOfPtes; 01683 } 01684 } 01685 01686 // 01687 // Attempt to combine the newly created cluster with 01688 // the following cluster. 01689 // 01690 01691 if ((StartingPte + NumberOfPtes) == NextPte) { 01692 01693 // 01694 // Combine with following cluster. 01695 // 01696 01697 // 01698 // Set the next cluster to the value contained in the 01699 // cluster we are merging into this one. 01700 // 01701 01702 StartingPte->u.List.NextEntry = NextPte->u.List.NextEntry; 01703 StartingPte->u.List.OneEntry = 0; 01704 PointerFollowingPte = StartingPte + 1; 01705 01706 if (NextPte->u.List.OneEntry) { 01707 Size = 1; 01708 01709 } else { 01710 NextPte++; 01711 Size = (ULONG_PTR) NextPte->u.List.NextEntry; 01712 } 01713 PointerFollowingPte->u.List.NextEntry = NumberOfPtes + Size; 01714 } 01715 #if 0 01716 if (MmDebug & MM_DBG_SYS_PTES) { 01717 MiDumpSystemPtes(SystemPtePoolType); 01718 } 01719 #endif //0 01720 01721 #if DBG 01722 if (MmDebug & MM_DBG_SYS_PTES) { 01723 ASSERT (MmTotalFreeSystemPtes[SystemPtePoolType] == 01724 MiCountFreeSystemPtes (SystemPtePoolType)); 01725 } 01726 #endif //DBG 01727 MiUnlockSystemSpace(OldIrql); 01728 return; 01729 } 01730 01731 // 01732 // Point to next freed cluster. 01733 // 01734 01735 PointerPte = NextPte; 01736 } 01737 }

VOID MiReleaseWsle (  IN WSLE_NUMBER  WorkingSetIndex, IN PMMSUPPORT  WsInfo )

Definition at line 1016 of file wslist.c. References ASSERT, _MMWSL::FirstFree, _MMWSL::LastInitializedWsle, MM_FREE_WSLE_SHIFT, MM_SYSTEM_WS_LOCK_ASSERT, MmPagesAboveWsMinimum, MmSystemCacheWs, _MMWSLE::u1, _MMWSL::Wsle, and WSLE_NULL_INDEX. Referenced by MiDecommitPages(), MiDeleteAddressesInWorkingSet(), MiDeletePte(), MiDeleteSystemPagableVm(), MiLockCode(), MiRemoveMappedPtes(), MiRemovePageFromWorkingSet(), and MmUnmapViewInSystemCache(). 01023 : 01024 01025 This function releases a previously reserved working set entry to 01026 be reused. A release occurs when a page fault is retried due to 01027 changes in PTEs and working sets during an I/O operation. 01028 01029 Arguments: 01030 01031 WorkingSetIndex - Supplies the index of the working set entry to 01032 release. 01033 01034 Return Value: 01035 01036 None. 01037 01038 Environment: 01039 01040 Kernel mode, APCs disabled, working set lock held and PFN lock held. 01041 01042 --*/ 01043 01044 { 01045 PMMWSL WorkingSetList; 01046 PMMWSLE Wsle; 01047 01048 WorkingSetList = WsInfo->VmWorkingSetList; 01049 Wsle = WorkingSetList->Wsle; 01050 #if DBG 01051 if (WsInfo == &MmSystemCacheWs) { 01052 MM_SYSTEM_WS_LOCK_ASSERT(); 01053 } 01054 #endif //DBG 01055 01056 ASSERT (WorkingSetIndex <= WorkingSetList->LastInitializedWsle); 01057 01058 // 01059 // Put the entry on the free list and decrement the current 01060 // size. 01061 // 01062 01063 ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || 01064 (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); 01065 Wsle[WorkingSetIndex].u1.Long = WorkingSetList->FirstFree << MM_FREE_WSLE_SHIFT; 01066 WorkingSetList->FirstFree = WorkingSetIndex; 01067 ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || 01068 (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); 01069 if (WsInfo->WorkingSetSize > WsInfo->MinimumWorkingSetSize) { 01070 MmPagesAboveWsMinimum -= 1; 01071 } 01072 WsInfo->WorkingSetSize -= 1; 01073 return; 01074 01075 }

VOID MiReloadBootLoadedDrivers (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Definition at line 5956 of file sysload.c. References ASSERT, DbgPrint, FALSE, InitializationPhase, LdrDoubleRelocateImage(), LdrRelocateImage(), LOCK_PFN, MI_GET_PAGE_COLOR_FROM_PTE, MI_GET_PAGE_FRAME_FROM_PTE, MI_MAKE_VALID_PTE, MI_PFN_ELEMENT, MI_SET_ACCESSED_IN_PTE, MI_SET_PFN_DELETED, MI_SET_PTE_DIRTY, MI_WRITE_VALID_PTE, MiDecrementShareAndValidCount, MiDecrementShareCountOnly, MiEnsureAvailablePageOrWait(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiInitializePfn(), MiNoLowMemory, MiReleaseSystemPtes(), MiRemoveAnyPage(), MiRemoveLowPages(), MiReserveSystemPtes(), MiUpdateThunks(), MM_EXECUTE_READWRITE, MmMakeLowMemory, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SHIFT, PAGE_SIZE, _MMPFN::PteAddress, _MMPFN::PteFrame, ROUND_TO_PAGES, RtlImageNtHeader(), Status, SystemPteSpace, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, and ZeroPte. Referenced by MmInitSystem(). : The kernel, HAL and boot drivers are relocated by the loader. All the boot drivers are then relocated again here. This function relocates osloader-loaded images into system PTEs. This gives these images the benefits that all other drivers already enjoy, including : 1. Paging of the drivers (this is more than 500K today). 2. Write-protection of their text sections. 3. Automatic unload of drivers on last dereference. Note care must be taken when processing HIGHADJ relocations more than once. Arguments: LoaderBlock - Supplies a pointer to the system loader block. Return Value: None. Environment: Kernel mode, Phase 0 Initialization. --*/ { PLDR_DATA_TABLE_ENTRY DataTableEntry; PLIST_ENTRY NextEntry; PIMAGE_NT_HEADERS NtHeader; PIMAGE_DATA_DIRECTORY DataDirectory; ULONG_PTR i; ULONG NumberOfPtes; ULONG NumberOfLoaderPtes; PMMPTE PointerPte; PMMPTE LastPte; PMMPTE LoaderPte; MMPTE PteContents; MMPTE TempPte; PVOID LoaderImageAddress; PVOID NewImageAddress; NTSTATUS Status; PFN_NUMBER PageFrameIndex; PFN_NUMBER PteFramePage; PMMPTE PteFramePointer; PMMPFN Pfn1; PMMPFN Pfn2; KIRQL OldIrql; PCHAR RelocatedVa; PCHAR NonRelocatedVa; LOGICAL StopMoving; #if !defined (_X86_) // // Non-x86 platforms have map registers so no memory shuffling is needed. // MmMakeLowMemory = FALSE; #endif StopMoving = FALSE; i = 0; NextEntry = LoaderBlock->LoadOrderListHead.Flink; for ( ; NextEntry != &LoaderBlock->LoadOrderListHead; NextEntry = NextEntry->Flink) { // // Skip the kernel and the HAL. Note their relocation sections will // be automatically reclaimed. // i += 1; if (i <= 2) { continue; } DataTableEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); // // Ensure that the relocation section exists and that the loader // hasn't freed it already. // NtHeader = RtlImageNtHeader(DataTableEntry->DllBase); if (NtHeader == NULL) { continue; } if (IMAGE_DIRECTORY_ENTRY_BASERELOC >= NtHeader->OptionalHeader.NumberOfRvaAndSizes) { continue; } DataDirectory = &NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]; if (DataDirectory->VirtualAddress == 0) { continue; } if (DataDirectory->VirtualAddress + DataDirectory->Size > DataTableEntry->SizeOfImage) { // // The relocation section has already been freed, the user must // be using an old loader that didn't save the relocations. // continue; } LoaderImageAddress = DataTableEntry->DllBase; LoaderPte = MiGetPteAddress(DataTableEntry->DllBase); NumberOfLoaderPtes = (ULONG)((ROUND_TO_PAGES(DataTableEntry->SizeOfImage)) >> PAGE_SHIFT); LOCK_PFN (OldIrql); PointerPte = LoaderPte; LastPte = PointerPte + NumberOfLoaderPtes; while (PointerPte < LastPte) { ASSERT (PointerPte->u.Hard.Valid == 1); PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); // // Mark the page as modified so boot drivers that call // MmPageEntireDriver don't lose their unmodified data ! // Pfn1->u3.e1.Modified = 1; PointerPte += 1; } UNLOCK_PFN (OldIrql); // // Extra PTEs are allocated here to map the relocation section at the // new address so the image can be relocated. // NumberOfPtes = NumberOfLoaderPtes; PointerPte = MiReserveSystemPtes (NumberOfPtes, SystemPteSpace, 0, 0, FALSE); if (PointerPte == NULL) { continue; } LastPte = PointerPte + NumberOfPtes; NewImageAddress = MiGetVirtualAddressMappedByPte (PointerPte); #if DBG_SYSLOAD DbgPrint ("Relocating %wZ from %p to %p, %x bytes\n", &DataTableEntry->FullDllName, DataTableEntry->DllBase, NewImageAddress, DataTableEntry->SizeOfImage ); #endif // // This assert is important because the assumption is made that PTEs // (not superpages) are mapping these drivers. // ASSERT (InitializationPhase == 0); // // If the system is configured to make low memory available for ISA // type drivers, then copy the boot loaded drivers now. Otherwise // only PTE adjustment is done. Presumably some day when ISA goes // away this code can be removed. // RelocatedVa = NewImageAddress; NonRelocatedVa = (PCHAR) DataTableEntry->DllBase; while (PointerPte < LastPte) { PteContents = *LoaderPte; ASSERT (PteContents.u.Hard.Valid == 1); if (MmMakeLowMemory == TRUE) { #if DBG PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (LoaderPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u1.WsIndex == 0); #endif LOCK_PFN (OldIrql); MiEnsureAvailablePageOrWait (NULL, NULL); PageFrameIndex = MiRemoveAnyPage( MI_GET_PAGE_COLOR_FROM_PTE (PointerPte)); if (PageFrameIndex < (16*1024*1024)/PAGE_SIZE) { // // If the frames cannot be replaced with high pages // then stop copying. // #if defined (_X86PAE_) if (MiNoLowMemory == FALSE) #endif StopMoving = TRUE; } MI_MAKE_VALID_PTE (TempPte, PageFrameIndex, MM_EXECUTE_READWRITE, PointerPte); MI_SET_PTE_DIRTY (TempPte); MI_SET_ACCESSED_IN_PTE (&TempPte, 1); MI_WRITE_VALID_PTE (PointerPte, TempPte); MiInitializePfn (PageFrameIndex, PointerPte, 1); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); Pfn1->u3.e1.Modified = 1; // // Initialize the WsIndex just like the original page had it. // Pfn1->u1.WsIndex = 0; UNLOCK_PFN (OldIrql); RtlMoveMemory (RelocatedVa, NonRelocatedVa, PAGE_SIZE); RelocatedVa += PAGE_SIZE; NonRelocatedVa += PAGE_SIZE; } else { MI_MAKE_VALID_PTE (TempPte, PteContents.u.Hard.PageFrameNumber, MM_EXECUTE_READWRITE, PointerPte); MI_WRITE_VALID_PTE (PointerPte, TempPte); } PointerPte += 1; LoaderPte += 1; } PointerPte -= NumberOfPtes; ASSERT (*(PULONG)NewImageAddress == *(PULONG)LoaderImageAddress); // // Image is now mapped at the new address. Relocate it (again). // #if defined(_ALPHA_) // // HIGHADJ relocations need special re-processing. This needs to be // done before resetting ImageBase. // Status = (NTSTATUS)LdrDoubleRelocateImage(NewImageAddress, LoaderImageAddress, "SYSLDR", (ULONG)STATUS_SUCCESS, (ULONG)STATUS_CONFLICTING_ADDRESSES, (ULONG)STATUS_INVALID_IMAGE_FORMAT ); #endif NtHeader->OptionalHeader.ImageBase = (ULONG_PTR)LoaderImageAddress; if (MmMakeLowMemory == TRUE) { PIMAGE_NT_HEADERS NtHeader2; NtHeader2 = (PIMAGE_NT_HEADERS)((PCHAR)NtHeader + (RelocatedVa - NonRelocatedVa)); NtHeader2->OptionalHeader.ImageBase = (ULONG_PTR)LoaderImageAddress; } Status = (NTSTATUS)LdrRelocateImage(NewImageAddress, "SYSLDR", (ULONG)STATUS_SUCCESS, (ULONG)STATUS_CONFLICTING_ADDRESSES, (ULONG)STATUS_INVALID_IMAGE_FORMAT ); if (!NT_SUCCESS(Status)) { if (MmMakeLowMemory == TRUE) { while (PointerPte < LastPte) { PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); MiDecrementShareAndValidCount (Pfn1->PteFrame); MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); PointerPte += 1; } } MiReleaseSystemPtes (PointerPte, NumberOfPtes, SystemPteSpace); if (StopMoving == TRUE) { MmMakeLowMemory = FALSE; } continue; } // // Update the IATs for all other loaded modules that reference this one. // NonRelocatedVa = (PCHAR) DataTableEntry->DllBase; DataTableEntry->DllBase = NewImageAddress; MiUpdateThunks (LoaderBlock, LoaderImageAddress, NewImageAddress, DataTableEntry->SizeOfImage); // // Update the loaded module list entry. // DataTableEntry->Flags |= LDRP_SYSTEM_MAPPED; DataTableEntry->DllBase = NewImageAddress; DataTableEntry->EntryPoint = (PVOID)((PCHAR)NewImageAddress + NtHeader->OptionalHeader.AddressOfEntryPoint); DataTableEntry->SizeOfImage = NumberOfPtes << PAGE_SHIFT; // // Update the PFNs of the image to support trimming. // Note that the loader addresses are freed now so no references // to it are permitted after this point. // LoaderPte = MiGetPteAddress (NonRelocatedVa); LOCK_PFN (OldIrql); while (PointerPte < LastPte) { ASSERT (PointerPte->u.Hard.Valid == 1); if (MmMakeLowMemory == TRUE) { ASSERT (LoaderPte->u.Hard.Valid == 1); PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (LoaderPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); #if defined (_X86_) || defined (_IA64_) // // Decrement the share count on the original page table // page so it can be freed. // MiDecrementShareAndValidCount (Pfn1->PteFrame); #endif MI_SET_PFN_DELETED (Pfn1); MiDecrementShareCountOnly (PageFrameIndex); LoaderPte += 1; } else { PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); #if defined (_X86_) || defined (_IA64_) // // Decrement the share count on the original page table // page so it can be freed. // MiDecrementShareAndValidCount (Pfn1->PteFrame); *Pfn1->PteAddress = ZeroPte; #endif // // Chain the PFN entry to its new page table. // PteFramePointer = MiGetPteAddress(PointerPte); PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer); Pfn1->PteFrame = PteFramePage; Pfn1->PteAddress = PointerPte; // // Increment the share count for the page table page that now // contains the PTE that was copied. // Pfn2 = MI_PFN_ELEMENT (PteFramePage); Pfn2->u2.ShareCount += 1; } PointerPte += 1; } UNLOCK_PFN (OldIrql); // // The physical pages mapping the relocation section are freed // later with the rest of the initialization code spanned by the // DataTableEntry->SizeOfImage. // if (StopMoving == TRUE) { MmMakeLowMemory = FALSE; } } #if defined (_X86PAE_) if (MiNoLowMemory == TRUE) { MiRemoveLowPages (); } #endif }

PFN_NUMBER FASTCALL MiRemoveAnyPage (  IN ULONG  PageColor  )

Definition at line 1395 of file pfnlist.c. References ASSERT, _MMCOLOR_TABLES::Flink, _MMPFNLIST::Flink, FreePageList, MI_CHECK_PAGE_ALIGNMENT, MI_GET_SECONDARY_COLOR, MI_MAGIC_AWE_PTEFRAME, MI_PFN_ELEMENT, MiRemovePageByColor(), MiRemovePageFromList(), MM_COLOR_MASK, MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmFreePageListHead, MmFreePagesByColor, MmStandbyPageListHead, MmZeroedPageListHead, _MMPFN::PteFrame, _MMPFNLIST::Total, _MMPFN::u2, _MMPFN::u3, and ZeroedPageList. Referenced by ExAllocatePool(), MiAllocatePoolPages(), MiAllocateSpecialPool(), MiBuildPagedPool(), MiCopyOnWrite(), MiFillSystemPageDirectory(), MiGetPageForHeader(), MiInitializeSessionPool(), MiInitMachineDependent(), MiLoadImageSection(), MiMakeOutswappedPageResident(), MiReloadBootLoadedDrivers(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MmAccessFault(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmCopyToCachedPage(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmGatherMemoryForHibernate(), MmGrowKernelStack(), MmInitSystem(), and MmZeroPageThread(). : This procedure removes a page from either the free, zeroed, or standby lists (in that order). If no pages exist on the zeroed or free list a transition page is removed from the standby list and the PTE (may be a prototype PTE) which refers to this page is changed from transition back to its original contents. Note pages MUST exist to satisfy this request. The caller ensures this by first calling MiEnsureAvailablePageOrWait. Arguments: PageColor - Supplies the page color for which this page is destined. This is used for checking virtual address alignments to determine if the D cache needs flushing before the page can be reused. Return Value: The physical page number removed from the specified list. Environment: Must be holding the PFN database mutex with APCs disabled. --*/ { PFN_NUMBER Page; PMMPFN Pfn1; ULONG Color; MM_PFN_LOCK_ASSERT(); ASSERT(MmAvailablePages != 0); // // Check the free page list, and if a page is available // remove it and return its value. // if (MmFreePagesByColor[FreePageList][PageColor].Flink != MM_EMPTY_LIST) { // // Remove the first entry on the free by color list. // Page = MmFreePagesByColor[FreePageList][PageColor].Flink; #if DBG Pfn1 = MI_PFN_ELEMENT(Page); ASSERT (Pfn1->u3.e1.PageLocation == FreePageList); ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif MiRemovePageByColor (Page, PageColor); #if DBG ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif return Page; } if (MmFreePagesByColor[ZeroedPageList][PageColor].Flink != MM_EMPTY_LIST) { // // Remove the first entry on the zeroed by color list. // Page = MmFreePagesByColor[ZeroedPageList][PageColor].Flink; #if DBG Pfn1 = MI_PFN_ELEMENT(Page); ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->u3.e1.PageLocation == ZeroedPageList); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif MiRemovePageByColor (Page, PageColor); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); return Page; } // // Try the free page list by primary color. // if (MmFreePageListHead.Flink != MM_EMPTY_LIST) { Page = MmFreePageListHead.Flink; Color = MI_GET_SECONDARY_COLOR (Page, MI_PFN_ELEMENT(Page)); #if DBG Pfn1 = MI_PFN_ELEMENT(Page); ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->u3.e1.PageLocation == FreePageList); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif MiRemovePageByColor (Page, Color); #if DBG ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif return Page; } if (MmZeroedPageListHead.Flink != MM_EMPTY_LIST) { Page = MmZeroedPageListHead.Flink; Color = MI_GET_SECONDARY_COLOR (Page, MI_PFN_ELEMENT(Page)); MiRemovePageByColor (Page, Color); #if DBG Pfn1 = MI_PFN_ELEMENT(Page); ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); #endif return Page; } if (MmFreePageListHead.Total != 0) { Page = MiRemovePageFromList(&MmFreePageListHead); ASSERT ((MI_PFN_ELEMENT(Page))->PteFrame != MI_MAGIC_AWE_PTEFRAME); } else { // // Check the zeroed page list, and if a page is available // remove it and return its value. // if (MmZeroedPageListHead.Total != 0) { Page = MiRemovePageFromList(&MmZeroedPageListHead); ASSERT ((MI_PFN_ELEMENT(Page))->PteFrame != MI_MAGIC_AWE_PTEFRAME); } else { // // No pages exist on the free or zeroed list, use the // standby list. // ASSERT(MmStandbyPageListHead.Total != 0); Page = MiRemovePageFromList(&MmStandbyPageListHead); ASSERT ((MI_PFN_ELEMENT(Page))->PteFrame != MI_MAGIC_AWE_PTEFRAME); } } MI_CHECK_PAGE_ALIGNMENT(Page, PageColor & MM_COLOR_MASK); #if DBG Pfn1 = MI_PFN_ELEMENT (Page); ASSERT (Pfn1->u3.e2.ReferenceCount == 0); ASSERT (Pfn1->u2.ShareCount == 0); #endif return Page; }

VOID MiRemoveConflictFromList (  IN PMMLOCK_CONFLICT  Conflict  )

Referenced by MmSecureVirtualMemory(), and NtLockVirtualMemory().

VOID MiRemoveImageHeaderPage (  IN PFN_NUMBER  PageFrameNumber  )

Definition at line 4501 of file creasect.c. References LOCK_PFN, MiDecrementReferenceCount(), and UNLOCK_PFN. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). : This non-pagable function acquires the PFN lock, and decrements the reference count thereby causing the physical page to be deleted. Arguments: PageFrameNumber - Supplies the PFN to decrement. Return Value: None. --*/ { KIRQL OldIrql; LOCK_PFN (OldIrql); MiDecrementReferenceCount (PageFrameNumber); UNLOCK_PFN (OldIrql); return; }

VOID MiRemoveImageSectionObject (  IN PFILE_OBJECT  File, IN PCONTROL_AREA  ControlArea )

Definition at line 4753 of file creasect.c. References ASSERT, File, MM_PFN_LOCK_ASSERT, NULL, _LARGE_CONTROL_AREA::u, and _LARGE_CONTROL_AREA::UserGlobalList. Referenced by MiCheckControlArea(), MiCheckForControlAreaDeletion(), MiCleanSection(), and MmCreateSection(). : This function searches the control area chains (if any) for an existing cache of the specified image file. For non-global control areas, there is no chain and the control area is shared for all callers and sessions. Likewise for systemwide global control areas. However, for global PER-SESSION control areas, we must do the walk. Upon finding the specified control area, we unlink it. Arguments: File - Supplies the file object for the image file. InputControlArea - Supplies the control area to remove. Return Value: None. Environment: Must be holding the PFN lock. --*/ { PLIST_ENTRY Head, Next; PLARGE_CONTROL_AREA ControlArea; PLARGE_CONTROL_AREA FirstControlArea; PLARGE_CONTROL_AREA NextControlArea; MM_PFN_LOCK_ASSERT(); ControlArea = (PLARGE_CONTROL_AREA) InputControlArea; FirstControlArea = (PLARGE_CONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); // // Get a pointer to the first control area. If this is not a // global-per-session control area, then there is no list, so we're done. // if (FirstControlArea->u.Flags.GlobalOnlyPerSession == 0) { ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = NULL; return; } // // A list may exist. Walk it as necessary and delete the requested entry. // if (FirstControlArea == ControlArea) { // // The first entry is the one to remove. If it is the only entry // in the list, then the new first entry pointer will be NULL. // Otherwise, get a pointer to the next entry and unlink the current. // if (IsListEmpty (&FirstControlArea->UserGlobalList)) { NextControlArea = NULL; } else { Next = FirstControlArea->UserGlobalList.Flink; RemoveEntryList (&FirstControlArea->UserGlobalList); NextControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (NextControlArea->u.Flags.GlobalOnlyPerSession == 1); } (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = (PCONTROL_AREA) NextControlArea; return; } // // Remove the entry, note that the ImageSectionObject need not be updated // as the entry is not at the head. // #if DBG Head = &FirstControlArea->UserGlobalList; for (Next = Head->Flink; Next != Head; Next = Next->Flink) { NextControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (NextControlArea->u.Flags.GlobalOnlyPerSession == 1); if (NextControlArea == ControlArea) { break; } } ASSERT (Next != Head); #endif RemoveEntryList (&ControlArea->UserGlobalList); }

NTSTATUS MiRemoveImageSessionWide (  IN PVOID  BaseAddr  )

Definition at line 1223 of file sessload.c. References ASSERT, MiSessionRemoveImage(), MiSessionWideDereferenceImage(), MmIsAddressValid(), MmSessionSpace, NT_SUCCESS, NTSTATUS(), PAGED_CODE, Status, SYSLOAD_LOCK_OWNED_BY_ME, and TRUE. Referenced by MiLoadImageSection(), and MmUnloadSystemImage(). : Delete the image space region from the current session space. This dereferences the globally allocated SessionWide region. The SessionWide region will be deleted if the reference count goes to zero. Arguments: BaseAddress - Supplies the address the driver is loaded at. Return Value: Returns STATUS_SUCCESS on success, STATUS_NOT_FOUND on failure. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { NTSTATUS Status; PAGED_CODE(); SYSLOAD_LOCK_OWNED_BY_ME (); ASSERT (MmIsAddressValid(MmSessionSpace) == TRUE); Status = MiSessionWideDereferenceImage (BaseAddress); ASSERT (NT_SUCCESS(Status)); // // Remove the image reference from the current session space. // MiSessionRemoveImage (BaseAddress); return Status; }

VOID MiRemoveMappedView (  IN PEPROCESS  CurrentProcess, IN PMMVAD  Vad )

Definition at line 265 of file umapview.c. References ASSERT, _MMPTE_FLUSH_LIST::Count, ExAcquireFastMutexUnsafe(), ExFreePool(), ExReleaseFastMutexUnsafe(), FALSE, KeFlushEntireTb(), LOCK_AWE, LOCK_PFN, MI_DECREMENT_USED_PTES_BY_HANDLE, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_USED_PTES_FROM_HANDLE, MI_GET_USED_PTES_HANDLE, MI_VPN_TO_VA, MI_VPN_TO_VA_ENDING, MI_WRITE_INVALID_PTE, MiCheckControlArea(), MiDecrementShareAndValidCount, MiDeletePte(), MiDeleteVirtualAddresses(), MiGetPdeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteOnPdeBoundary, MM_MAXIMUM_FLUSH_COUNT, MmSectionBasedMutex, NULL, _CONTROL_AREA::NumberOfMappedViews, _CONTROL_AREA::NumberOfUserReferences, PMMEXTEND_INFO, TRUE, UNLOCK_AWE, UNLOCK_PFN, _MI_PHYSICAL_VIEW::Vad, and ZeroPte. Referenced by MmCleanProcessAddressSpace(), and MmUnmapViewOfSection(). 00272 : 00273 00274 This function removes the mapping from the current process's 00275 address space. The physical VAD may be a normal mapping (backed by 00276 a control area) or it may have no control area (it was mapped by a driver). 00277 00278 Arguments: 00279 00280 Process - Supplies a referenced pointer to the current process object. 00281 00282 Vad - Supplies the VAD which maps the view. 00283 00284 Return Value: 00285 00286 None. 00287 00288 Environment: 00289 00290 APC level, working set mutex and address creation mutex held. 00291 00292 NOTE: THE WORKING SET MUTEXES MAY BE RELEASED THEN REACQUIRED!!!! 00293 00294 SINCE MiCheckControlArea releases unsafe, the WS mutex must be 00295 acquired UNSAFE. 00296 00297 --*/ 00298 00299 { 00300 KIRQL OldIrql; 00301 BOOLEAN DereferenceSegment; 00302 PCONTROL_AREA ControlArea; 00303 PMMPTE PointerPte; 00304 PMMPTE PointerPde; 00305 PMMPTE LastPte; 00306 PFN_NUMBER PdePage; 00307 PKEVENT PurgeEvent; 00308 PVOID TempVa; 00309 BOOLEAN DeleteOnClose; 00310 MMPTE_FLUSH_LIST PteFlushList; 00311 PVOID UsedPageTableHandle; 00312 PLIST_ENTRY NextEntry; 00313 PMI_PHYSICAL_VIEW PhysicalView; 00314 PVOID PhysicalPool; 00315 #if defined (_WIN64) 00316 PMMPTE PointerPpe; 00317 PVOID UsedPageDirectoryHandle; 00318 #endif 00319 00320 DereferenceSegment = FALSE; 00321 PurgeEvent = NULL; 00322 DeleteOnClose = FALSE; 00323 PhysicalPool = NULL; 00324 00325 ControlArea = Vad->ControlArea; 00326 00327 if (Vad->u.VadFlags.PhysicalMapping == 1) { 00328 00329 if (Vad->u4.Banked) { 00330 ExFreePool (Vad->u4.Banked); 00331 } 00332 00333 #ifdef LARGE_PAGES 00334 if (Vad->u.VadFlags.LargePages == 1) { 00335 00336 // 00337 // Delete the subsection allocated to hold the large pages. 00338 // 00339 00340 ExFreePool (Vad->FirstPrototypePte); 00341 Vad->FirstPrototypePte = NULL; 00342 KeFlushEntireTb (TRUE, FALSE); 00343 LOCK_PFN (OldIrql); 00344 } else { 00345 00346 #endif //LARGE_PAGES 00347 00348 // 00349 // This is a physical memory view. The pages map physical memory 00350 // and are not accounted for in the working set list or in the PFN 00351 // database. 00352 // 00353 00354 LOCK_AWE (CurrentProcess, OldIrql); 00355 00356 NextEntry = CurrentProcess->PhysicalVadList.Flink; 00357 while (NextEntry != &CurrentProcess->PhysicalVadList) { 00358 00359 PhysicalView = CONTAINING_RECORD(NextEntry, 00360 MI_PHYSICAL_VIEW, 00361 ListEntry); 00362 00363 if (Vad == PhysicalView->Vad) { 00364 RemoveEntryList (NextEntry); 00365 PhysicalPool = (PVOID)PhysicalView; 00366 break; 00367 } 00368 NextEntry = NextEntry->Flink; 00369 } 00370 00371 UNLOCK_AWE (CurrentProcess, OldIrql); 00372 00373 // 00374 // Set count so only flush entire TB operations are performed. 00375 // 00376 00377 PteFlushList.Count = MM_MAXIMUM_FLUSH_COUNT; 00378 00379 LOCK_PFN (OldIrql); 00380 00381 // 00382 // Remove the PTES from the address space. 00383 // 00384 00385 PointerPde = MiGetPdeAddress (MI_VPN_TO_VA (Vad->StartingVpn)); 00386 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (PointerPde); 00387 PointerPte = MiGetPteAddress (MI_VPN_TO_VA (Vad->StartingVpn)); 00388 LastPte = MiGetPteAddress (MI_VPN_TO_VA (Vad->EndingVpn)); 00389 00390 UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MI_VPN_TO_VA (Vad->StartingVpn)); 00391 00392 while (PointerPte <= LastPte) { 00393 00394 if (MiIsPteOnPdeBoundary (PointerPte)) { 00395 00396 PointerPde = MiGetPteAddress (PointerPte); 00397 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (PointerPde); 00398 00399 UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MiGetVirtualAddressMappedByPte (PointerPte)); 00400 } 00401 00402 MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); 00403 MiDecrementShareAndValidCount (PdePage); 00404 00405 // 00406 // Decrement the count of non-zero page table entries for this 00407 // page table. 00408 // 00409 00410 MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); 00411 00412 // 00413 // If all the entries have been eliminated from the previous 00414 // page table page, delete the page table page itself. And if 00415 // this results in an empty page directory page, then delete 00416 // that too. 00417 // 00418 00419 if (MI_GET_USED_PTES_FROM_HANDLE(UsedPageTableHandle) == 0) { 00420 00421 TempVa = MiGetVirtualAddressMappedByPte(PointerPde); 00422 00423 PteFlushList.Count = MM_MAXIMUM_FLUSH_COUNT; 00424 00425 MiDeletePte (PointerPde, 00426 TempVa, 00427 FALSE, 00428 CurrentProcess, 00429 (PMMPTE)NULL, 00430 &PteFlushList); 00431 00432 // 00433 // Add back in the private page MiDeletePte subtracted. 00434 // 00435 00436 CurrentProcess->NumberOfPrivatePages += 1; 00437 00438 #if defined (_WIN64) 00439 UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); 00440 00441 MI_DECREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); 00442 00443 if (MI_GET_USED_PTES_FROM_HANDLE(UsedPageDirectoryHandle) == 0) { 00444 00445 PointerPpe = MiGetPdeAddress(PointerPte); 00446 TempVa = MiGetVirtualAddressMappedByPte(PointerPpe); 00447 00448 PteFlushList.Count = MM_MAXIMUM_FLUSH_COUNT; 00449 00450 MiDeletePte (PointerPpe, 00451 TempVa, 00452 FALSE, 00453 CurrentProcess, 00454 (PMMPTE)NULL, 00455 &PteFlushList); 00456 00457 // 00458 // Add back in the private page MiDeletePte subtracted. 00459 // 00460 00461 CurrentProcess->NumberOfPrivatePages += 1; 00462 } 00463 #endif 00464 } 00465 PointerPte += 1; 00466 } 00467 KeFlushEntireTb (TRUE, FALSE); 00468 00469 #ifdef LARGE_PAGES 00470 } 00471 #endif //LARGE_PAGES 00472 } else { 00473 00474 if (Vad->u2.VadFlags2.ExtendableFile) { 00475 PMMEXTEND_INFO exinfo = NULL; 00476 ExAcquireFastMutexUnsafe (&MmSectionBasedMutex); 00477 ASSERT (Vad->ControlArea->Segment->ExtendInfo == Vad->u4.ExtendedInfo); 00478 Vad->u4.ExtendedInfo->ReferenceCount -= 1; 00479 if (Vad->u4.ExtendedInfo->ReferenceCount == 0) { 00480 exinfo = Vad->u4.ExtendedInfo; 00481 Vad->ControlArea->Segment->ExtendInfo = NULL; 00482 } 00483 ExReleaseFastMutexUnsafe (&MmSectionBasedMutex); 00484 if (exinfo) { 00485 ExFreePool (exinfo); 00486 } 00487 } 00488 00489 LOCK_PFN (OldIrql); 00490 MiDeleteVirtualAddresses (MI_VPN_TO_VA (Vad->StartingVpn), 00491 MI_VPN_TO_VA_ENDING (Vad->EndingVpn), 00492 FALSE, 00493 Vad); 00494 } 00495 00496 // 00497 // Only physical VADs mapped by drivers don't have control areas. 00498 // If this view has a control area, the view count must be decremented now. 00499 // 00500 00501 if (ControlArea) { 00502 00503 // 00504 // Decrement the count of the number of views for the 00505 // Segment object. This requires the PFN mutex to be held (it is 00506 // already). 00507 // 00508 00509 ControlArea->NumberOfMappedViews -= 1; 00510 ControlArea->NumberOfUserReferences -= 1; 00511 00512 // 00513 // Check to see if the control area (segment) should be deleted. 00514 // This routine releases the PFN lock. 00515 // 00516 00517 MiCheckControlArea (ControlArea, CurrentProcess, OldIrql); 00518 } 00519 else { 00520 00521 UNLOCK_PFN (OldIrql); 00522 00523 // 00524 // Even though it says short VAD in VadFlags, it better be a long VAD. 00525 // 00526 00527 ASSERT (Vad->u.VadFlags.PhysicalMapping == 1); 00528 ASSERT (Vad->u4.Banked == NULL); 00529 ASSERT (Vad->ControlArea == NULL); 00530 ASSERT (Vad->FirstPrototypePte == NULL); 00531 } 00532 00533 if (PhysicalPool != NULL) { 00534 ExFreePool (PhysicalPool); 00535 } 00536 00537 return; 00538 }

VOID FASTCALL MiRemoveNode (  IN PMMADDRESS_NODE  Node, IN OUT PMMADDRESS_NODE *  Root )

Definition at line 568 of file addrsup.c. References _MMADDRESS_NODE::LeftChild, NULL, _MMADDRESS_NODE::Parent, and _MMADDRESS_NODE::RightChild. Referenced by MiRemoveBasedSection(), and MiRemoveVad(). 00575 : 00576 00577 This function removes a virtual address descriptor from the tree and 00578 reorders the splay tree as appropriate. 00579 00580 Arguments: 00581 00582 Node - Supplies a pointer to a virtual address descriptor. 00583 00584 Return Value: 00585 00586 None. 00587 00588 --*/ 00589 00590 { 00591 00592 PMMADDRESS_NODE LeftChild; 00593 PMMADDRESS_NODE RightChild; 00594 PMMADDRESS_NODE SplayNode; 00595 00596 00597 LeftChild = Node->LeftChild; 00598 RightChild = Node->RightChild; 00599 00600 00601 // 00602 // If the Node is the root of the tree, then establish new root. Else 00603 // isolate splay case and perform splay tree transformation. 00604 // 00605 00606 if (Node == *Root) { 00607 00608 // 00609 // This Node is the root of the tree. There are four cases to 00610 // handle: 00611 // 00612 // 1. the descriptor has no children 00613 // 2. the descriptor has a left child but no right child 00614 // 3. the descriptor has a right child but no left child 00615 // 4. the descriptor has both a right child and a left child 00616 // 00617 00618 if (LeftChild) { 00619 if (RightChild) { 00620 00621 // 00622 // The descriptor has both a left child and a right child. 00623 // 00624 00625 if (LeftChild->RightChild) { 00626 00627 // 00628 // The left child has a right child. Make the right most 00629 // descendent of the right child of the left child the 00630 // new root of the tree. 00631 // 00632 // Pictorially: 00633 // 00634 // R R 00635 // | | 00636 // X Z 00637 // / \ / \ 00638 // A B -> A B 00639 // \ \ 00640 // . . 00641 // \ 00642 // Z 00643 // 00644 00645 SplayNode = LeftChild->RightChild; 00646 while (SplayNode->RightChild) { 00647 SplayNode = SplayNode->RightChild; 00648 } 00649 *Root = SplayNode; 00650 SplayNode->Parent->RightChild = SplayNode->LeftChild; 00651 if (SplayNode->LeftChild) { 00652 SplayNode->LeftChild->Parent = SplayNode->Parent; 00653 } 00654 SplayNode->Parent = (PMMADDRESS_NODE)NULL; 00655 LeftChild->Parent = SplayNode; 00656 RightChild->Parent = SplayNode; 00657 SplayNode->LeftChild = LeftChild; 00658 SplayNode->RightChild = RightChild; 00659 } else if (RightChild->LeftChild) { 00660 00661 // 00662 // The right child has a left child. Make the left most 00663 // descendent of the left child of the right child the 00664 // new root of the tree. 00665 // 00666 // Pictorially: 00667 // 00668 // R R 00669 // | | 00670 // X Z 00671 // / \ / \ 00672 // A B -> A B 00673 // / / 00674 // . . 00675 // / 00676 // Z 00677 // 00678 00679 SplayNode = RightChild->LeftChild; 00680 while (SplayNode->LeftChild) { 00681 SplayNode = SplayNode->LeftChild; 00682 } 00683 *Root = SplayNode; 00684 SplayNode->Parent->LeftChild = SplayNode->RightChild; 00685 if (SplayNode->RightChild) { 00686 SplayNode->RightChild->Parent = SplayNode->Parent; 00687 } 00688 SplayNode->Parent = (PMMADDRESS_NODE)NULL; 00689 LeftChild->Parent = SplayNode; 00690 RightChild->Parent = SplayNode; 00691 SplayNode->LeftChild = LeftChild; 00692 SplayNode->RightChild = RightChild; 00693 } else { 00694 00695 // 00696 // The left child of the descriptor does not have a right child, 00697 // and the right child of the descriptor does not have a left 00698 // child. Make the left child of the descriptor the new root of 00699 // the tree. 00700 // 00701 // Pictorially: 00702 // 00703 // R R 00704 // | | 00705 // X A 00706 // / \ / \ 00707 // A B -> . B 00708 // / / 00709 // . 00710 // 00711 00712 *Root = LeftChild; 00713 LeftChild->Parent = (PMMADDRESS_NODE)NULL; 00714 LeftChild->RightChild = RightChild; 00715 LeftChild->RightChild->Parent = LeftChild; 00716 } 00717 } else { 00718 00719 // 00720 // The descriptor has a left child, but does not have a right child. 00721 // Make the left child the new root of the tree. 00722 // 00723 // Pictorially: 00724 // 00725 // R R 00726 // | | 00727 // X -> A 00728 // / 00729 // A 00730 // 00731 00732 *Root = LeftChild; 00733 LeftChild->Parent = (PMMADDRESS_NODE)NULL; 00734 } 00735 } else if (RightChild) { 00736 00737 // 00738 // The descriptor has a right child, but does not have a left child. 00739 // Make the right child the new root of the tree. 00740 // 00741 // Pictorially: 00742 // 00743 // R R 00744 // | | 00745 // X -> A 00746 // \ 00747 // A 00748 // 00749 00750 *Root = RightChild; 00751 RightChild->Parent = (PMMADDRESS_NODE)NULL; 00752 while (RightChild->LeftChild) { 00753 RightChild = RightChild->LeftChild; 00754 } 00755 } else { 00756 00757 // 00758 // The descriptor has neither a left child nor a right child. The 00759 // tree will be empty after removing the descriptor. 00760 // 00761 // Pictorially: 00762 // 00763 // R R 00764 // | -> 00765 // X 00766 // 00767 00768 *Root = NULL; 00769 } 00770 } else if (LeftChild) { 00771 if (RightChild) { 00772 00773 // 00774 // The descriptor has both a left child and a right child. 00775 // 00776 00777 if (LeftChild->RightChild) { 00778 00779 // 00780 // The left child has a right child. Make the right most 00781 // descendent of the right child of the left child the new 00782 // root of the subtree. 00783 // 00784 // Pictorially: 00785 // 00786 // P P 00787 // / \ 00788 // X X 00789 // / \ / \ 00790 // A B or A B 00791 // \ \ 00792 // . . 00793 // \ \ 00794 // Z Z 00795 // 00796 // | 00797 // v 00798 // 00799 // P P 00800 // / \ 00801 // Z Z 00802 // / \ / \ 00803 // A B or A B 00804 // \ \ 00805 // . . 00806 // 00807 00808 SplayNode = LeftChild->RightChild; 00809 while (SplayNode->RightChild) { 00810 SplayNode = SplayNode->RightChild; 00811 } 00812 SplayNode->Parent->RightChild = SplayNode->LeftChild; 00813 if (SplayNode->LeftChild) { 00814 SplayNode->LeftChild->Parent = SplayNode->Parent; 00815 } 00816 SplayNode->Parent = Node->Parent; 00817 if (Node == Node->Parent->LeftChild) { 00818 Node->Parent->LeftChild = SplayNode; 00819 } else { 00820 Node->Parent->RightChild = SplayNode; 00821 } 00822 LeftChild->Parent = SplayNode; 00823 RightChild->Parent = SplayNode; 00824 SplayNode->LeftChild = LeftChild; 00825 SplayNode->RightChild = RightChild; 00826 } else if (RightChild->LeftChild) { 00827 00828 // 00829 // The right child has a left child. Make the left most 00830 // descendent of the left child of the right child the 00831 // new root of the subtree. 00832 // 00833 // Pictorially: 00834 // 00835 // P P 00836 // / \ 00837 // X X 00838 // / \ / \ 00839 // A B or A B 00840 // / / 00841 // . . 00842 // / / 00843 // Z Z 00844 // 00845 // | 00846 // v 00847 // 00848 // P P 00849 // / \ 00850 // Z Z 00851 // / \ / \ 00852 // A B or A B 00853 // / / 00854 // . . 00855 // 00856 00857 SplayNode = RightChild->LeftChild; 00858 while (SplayNode->LeftChild) { 00859 SplayNode = SplayNode->LeftChild; 00860 } 00861 SplayNode->Parent->LeftChild = SplayNode->RightChild; 00862 if (SplayNode->RightChild) { 00863 SplayNode->RightChild->Parent = SplayNode->Parent; 00864 } 00865 SplayNode->Parent = Node->Parent; 00866 if (Node == Node->Parent->LeftChild) { 00867 Node->Parent->LeftChild = SplayNode; 00868 } else { 00869 Node->Parent->RightChild = SplayNode; 00870 } 00871 LeftChild->Parent = SplayNode; 00872 RightChild->Parent = SplayNode; 00873 SplayNode->LeftChild = LeftChild; 00874 SplayNode->RightChild = RightChild; 00875 } else { 00876 00877 // 00878 // The left child of the descriptor does not have a right child, 00879 // and the right child of the descriptor does node have a left 00880 // child. Make the left child of the descriptor the new root of 00881 // the subtree. 00882 // 00883 // Pictorially: 00884 // 00885 // P P 00886 // / \ 00887 // X X 00888 // / \ / \ 00889 // A B or A B 00890 // / / 00891 // . . 00892 // 00893 // | 00894 // v 00895 // 00896 // P P 00897 // / \ 00898 // A A 00899 // / \ / \ 00900 // . B or . B 00901 // / / 00902 // 00903 00904 SplayNode = LeftChild; 00905 SplayNode->Parent = Node->Parent; 00906 if (Node == Node->Parent->LeftChild) { 00907 Node->Parent->LeftChild = SplayNode; 00908 } else { 00909 Node->Parent->RightChild = SplayNode; 00910 } 00911 SplayNode->RightChild = RightChild; 00912 RightChild->Parent = SplayNode; 00913 } 00914 } else { 00915 00916 // 00917 // The descriptor has a left child, but does not have a right child. 00918 // Make the left child the new root of the subtree. 00919 // 00920 // Pictorially: 00921 // 00922 // P P 00923 // / \ 00924 // X or X 00925 // / / 00926 // A A 00927 // 00928 // | 00929 // v 00930 // 00931 // P P 00932 // / \ 00933 // A A 00934 // 00935 00936 LeftChild->Parent = Node->Parent; 00937 if (Node == Node->Parent->LeftChild) { 00938 Node->Parent->LeftChild = LeftChild; 00939 } else { 00940 Node->Parent->RightChild = LeftChild; 00941 } 00942 } 00943 } else if (RightChild) { 00944 00945 // 00946 // descriptor has a right child, but does not have a left child. Make 00947 // the right child the new root of the subtree. 00948 // 00949 // Pictorially: 00950 // 00951 // P P 00952 // / \ 00953 // X or X 00954 // \ \ 00955 // A A 00956 // 00957 // | 00958 // v 00959 // 00960 // P P 00961 // / \ 00962 // A A 00963 // 00964 00965 RightChild->Parent = Node->Parent; 00966 if (Node == Node->Parent->LeftChild) { 00967 Node->Parent->LeftChild = RightChild; 00968 } else { 00969 Node->Parent->RightChild = RightChild; 00970 } 00971 } else { 00972 00973 // 00974 // The descriptor has neither a left child nor a right child. Delete 00975 // the descriptor from the tree and adjust its parent right or left 00976 // link. 00977 // 00978 // Pictorially: 00979 // 00980 // P P 00981 // / \ 00982 // X or X 00983 // 00984 // | 00985 // v 00986 // 00987 // P P 00988 // 00989 00990 if (Node == Node->Parent->LeftChild) { 00991 Node->Parent->LeftChild = (PMMADDRESS_NODE)NULL; 00992 } else { 00993 Node->Parent->RightChild = (PMMADDRESS_NODE)NULL; 00994 } 00995 } 00996 return; 00997 }

PFN_NUMBER FASTCALL MiRemovePageFromList (  IN PMMPFNLIST  ListHead  )

Definition at line 521 of file pfnlist.c. References ASSERT, _MMCOLOR_TABLES::Flink, FreePageList, KeBugCheckEx(), MI_GET_SECONDARY_COLOR, MI_PFN_ELEMENT, MI_TALLY_TRANSITION_PAGE_REMOVAL, MiObtainFreePages(), MiRestoreTransitionPte(), MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmFreePagesByColor, MmHighestPhysicalPage, MmLowestPhysicalPage, MmMinimumFreePages, ModifiedPageList, _MMPFN::OriginalPte, PERFINFO_REMOVEPAGE, StandbyPageList, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiRemoveAnyPage(), MiRemoveZeroPage(), and MmTrimAllSystemPagableMemory(). 00527 : 00528 00529 This procedure removes a page from the head of the specified list (free, 00530 standby, zeroed, modified). 00531 00532 This routine clears the flags word in the PFN database, hence the 00533 PFN information for this page must be initialized. 00534 00535 Arguments: 00536 00537 ListHead - Supplies the list of the list in which to remove the 00538 specified physical page. 00539 00540 Return Value: 00541 00542 The physical page number removed from the specified list. 00543 00544 Environment: 00545 00546 Must be holding the PFN database mutex with APCs disabled. 00547 00548 --*/ 00549 00550 { 00551 PFN_NUMBER PageFrameIndex; 00552 PMMPFN Pfn1; 00553 PMMPFN Pfn2; 00554 ULONG Color; 00555 00556 MM_PFN_LOCK_ASSERT(); 00557 00558 // 00559 // If the specified list is empty return MM_EMPTY_LIST. 00560 // 00561 00562 if (ListHead->Total == 0) { 00563 00564 KdPrint(("MM:Attempting to remove page from empty list\n")); 00565 KeBugCheckEx (PFN_LIST_CORRUPT, 1, (ULONG_PTR)ListHead, MmAvailablePages, 0); 00566 return 0; 00567 } 00568 00569 ASSERT (ListHead->ListName != ModifiedPageList); 00570 00571 // 00572 // Decrement the count of pages on the list and remove the first 00573 // page from the list. 00574 // 00575 00576 ListHead->Total -= 1; 00577 PageFrameIndex = ListHead->Flink; 00578 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 00579 00580 PERFINFO_REMOVEPAGE(PageFrameIndex, PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST); 00581 00582 ListHead->Flink = Pfn1->u1.Flink; 00583 00584 // 00585 // Zero the flink and blink in the pfn database element. 00586 // 00587 00588 Pfn1->u1.Flink = 0; // Assumes Flink width is >= WsIndex width 00589 Pfn1->u2.Blink = 0; 00590 00591 // 00592 // If the last page was removed (the ListHead->Flink is now 00593 // MM_EMPTY_LIST) make the listhead->Blink MM_EMPTY_LIST as well. 00594 // 00595 00596 if (ListHead->Flink == MM_EMPTY_LIST) { 00597 ListHead->Blink = MM_EMPTY_LIST; 00598 } else { 00599 00600 // 00601 // Make the PFN element point to MM_EMPTY_LIST signifying this 00602 // is the last page in the list. 00603 // 00604 00605 Pfn2 = MI_PFN_ELEMENT (ListHead->Flink); 00606 Pfn2->u2.Blink = MM_EMPTY_LIST; 00607 } 00608 00609 // 00610 // Check to see if we now have one less page available. 00611 // 00612 00613 if (ListHead->ListName <= StandbyPageList) { 00614 MmAvailablePages -= 1; 00615 00616 if (ListHead->ListName == StandbyPageList) { 00617 00618 // 00619 // This page is currently in transition, restore the PTE to 00620 // its original contents so this page can be reused. 00621 // 00622 00623 MI_TALLY_TRANSITION_PAGE_REMOVAL (Pfn1); 00624 MiRestoreTransitionPte (PageFrameIndex); 00625 } 00626 00627 if (MmAvailablePages < MmMinimumFreePages) { 00628 00629 // 00630 // Obtain free pages. 00631 // 00632 00633 MiObtainFreePages(); 00634 } 00635 } 00636 00637 ASSERT ((PageFrameIndex != 0) && 00638 (PageFrameIndex <= MmHighestPhysicalPage) && 00639 (PageFrameIndex >= MmLowestPhysicalPage)); 00640 00641 // 00642 // Zero the PFN flags longword. 00643 // 00644 00645 Color = Pfn1->u3.e1.PageColor; 00646 ASSERT (Pfn1->u3.e1.RemovalRequested == 0); 00647 Pfn1->u3.e2.ShortFlags = 0; 00648 Pfn1->u3.e1.PageColor = Color; 00649 Color = MI_GET_SECONDARY_COLOR (PageFrameIndex, Pfn1); 00650 00651 if (ListHead->ListName <= FreePageList) { 00652 00653 // 00654 // Update the color lists. 00655 // 00656 00657 ASSERT (MmFreePagesByColor[ListHead->ListName][Color].Flink == PageFrameIndex); 00658 MmFreePagesByColor[ListHead->ListName][Color].Flink = 00659 (PFN_NUMBER) Pfn1->OriginalPte.u.Long; 00660 } 00661 00662 return PageFrameIndex; 00663 }

ULONG MiRemovePageFromWorkingSet (  IN PMMPTE  PointerPte, IN PMMPFN  Pfn1, IN PMMSUPPORT  WsInfo )

Definition at line 899 of file wslist.c. References ASSERT, FALSE, _MMWSL::FirstDynamic, LOCK_PFN, _MMWSLENTRY::LockedInMemory, _MMWSLENTRY::LockedInWs, MI_PFN_ELEMENT, MiEliminateWorkingSetEntry(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiLocateWsle(), MiReleaseWsle(), MiRemoveWsle(), MiSwapWslEntries(), PAGE_ALIGN, TRUE, _MMWSLE::u1, UNLOCK_PFN, _MMWSL::Wsle, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MiProtectSpecialPool(), MiProtectVirtualMemory(), and MiSetProtectionOnSection(). : This function removes the page mapped by the specified PTE from the process's working set list. Arguments: PointerPte - Supplies a pointer to the PTE mapping the page to be removed from the working set list. Pfn1 - Supplies a pointer to the PFN database element referred to by the PointerPte. Return Value: Returns TRUE if the specified page was locked in the working set, FALSE otherwise. Environment: Kernel mode, APCs disabled, working set mutex held. --*/ { WSLE_NUMBER WorkingSetIndex; PVOID VirtualAddress; WSLE_NUMBER Entry; PVOID SwapVa; MMWSLENTRY Locked; PMMWSL WorkingSetList; PMMWSLE Wsle; KIRQL OldIrql; WorkingSetList = WsInfo->VmWorkingSetList; Wsle = WorkingSetList->Wsle; VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); WorkingSetIndex = MiLocateWsle (VirtualAddress, WorkingSetList, Pfn1->u1.WsIndex); ASSERT (WorkingSetIndex != WSLE_NULL_INDEX); LOCK_PFN (OldIrql); MiEliminateWorkingSetEntry (WorkingSetIndex, PointerPte, Pfn1, Wsle); UNLOCK_PFN (OldIrql); // // Check to see if this entry is locked in the working set // or locked in memory. // Locked = Wsle[WorkingSetIndex].u1.e1; MiRemoveWsle (WorkingSetIndex, WorkingSetList); // // Add this entry to the list of free working set entries // and adjust the working set count. // MiReleaseWsle ((WSLE_NUMBER)WorkingSetIndex, WsInfo); if ((Locked.LockedInWs == 1) || (Locked.LockedInMemory == 1)) { // // This entry is locked. // WorkingSetList->FirstDynamic -= 1; if (WorkingSetIndex != WorkingSetList->FirstDynamic) { SwapVa = Wsle[WorkingSetList->FirstDynamic].u1.VirtualAddress; SwapVa = PAGE_ALIGN (SwapVa); PointerPte = MiGetPteAddress (SwapVa); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); #if 0 Entry = MiLocateWsleAndParent (SwapVa, &Parent, WorkingSetList, Pfn1->u1.WsIndex); // // Swap the removed entry with the last locked entry // which is located at first dynamic. // MiSwapWslEntries (Entry, Parent, WorkingSetIndex, WorkingSetList); #endif //0 Entry = MiLocateWsle (SwapVa, WorkingSetList, Pfn1->u1.WsIndex); MiSwapWslEntries (Entry, WorkingSetIndex, WsInfo); } return TRUE; } else { ASSERT (WorkingSetIndex >= WorkingSetList->FirstDynamic); } return FALSE; }

NTSTATUS MiRemovePsLoadedModule (  PLDR_DATA_TABLE_ENTRY  DataTableEntry  )

VOID MiRemoveUserPhysicalPagesVad (  IN PMMVAD_SHORT  FoundVad  )

Definition at line 2110 of file physical.c. References APC_LEVEL, ASSERT, _MMPTE_FLUSH_LIST::Count, DbgPrint, _MMPTE_FLUSH_LIST::FlushPte, _MMPTE_FLUSH_LIST::FlushVa, LOCK_AWE, LOCK_PFN2, LOWEST_USABLE_PHYSICAL_PAGE, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MI_PFN_IS_AWE, MI_VPN_TO_VA, MI_VPN_TO_VA_ENDING, MI_WRITE_INVALID_PTE, MiFlushUserPhysicalPteList(), MiGetPteAddress, MiGetVirtualAddressMappedByPte, MM_MAXIMUM_FLUSH_COUNT, NULL, _EPROCESS::PhysicalVadList, PsGetCurrentProcess, _MMPTE::u, UNLOCK_AWE, UNLOCK_PFN2, _MI_PHYSICAL_VIEW::Vad, _EPROCESS::VadPhysicalPages, _EPROCESS::VadPhysicalPagesBitMap, and ZeroPte. Referenced by MmCleanProcessAddressSpace(), and NtFreeVirtualMemory(). 02116 : 02117 02118 This function removes the user-physical-pages mapped region from the 02119 current process's address space. This mapped region is private memory. 02120 02121 The physical pages of this Vad are unmapped here, but not freed. 02122 02123 Pagetable pages are freed and their use/commitment counts/quotas are 02124 managed by our caller. 02125 02126 Arguments: 02127 02128 Vad - Supplies the VAD which manages the address space. 02129 02130 Return Value: 02131 02132 None. 02133 02134 Environment: 02135 02136 APC level, working set mutex and address creation mutex held. 02137 02138 --*/ 02139 02140 { 02141 PMMPFN Pfn1; 02142 PEPROCESS Process; 02143 PFN_NUMBER PageFrameIndex; 02144 MMPTE_FLUSH_LIST PteFlushList; 02145 PMMPTE PointerPte; 02146 MMPTE PteContents; 02147 PMMPTE EndingPte; 02148 #if DBG 02149 KIRQL OldIrql; 02150 KIRQL OldIrql2; 02151 ULONG_PTR ActualPages; 02152 ULONG_PTR ExpectedPages; 02153 PLIST_ENTRY NextEntry; 02154 PMI_PHYSICAL_VIEW PhysicalView; 02155 #endif 02156 02157 ASSERT (KeGetCurrentIrql() == APC_LEVEL); 02158 02159 ASSERT (Vad->u.VadFlags.UserPhysicalPages == 1); 02160 02161 Process = PsGetCurrentProcess(); 02162 02163 // 02164 // If the physical pages count is zero, nothing needs to be done. 02165 // On checked systems, verify the list anyway. 02166 // 02167 02168 #if DBG 02169 ActualPages = 0; 02170 ExpectedPages = Process->VadPhysicalPages; 02171 #else 02172 if (Process->VadPhysicalPages == 0) { 02173 return; 02174 } 02175 #endif 02176 02177 // 02178 // The caller must have removed this Vad from the physical view list, 02179 // otherwise another thread could immediately remap pages back into the Vad. 02180 // 02181 // This allows us to proceed without acquiring the AWE or PFN locks - 02182 // everything can be done under the WS lock which is already held. 02183 // 02184 02185 #if DBG 02186 LOCK_AWE (Process, OldIrql); 02187 02188 LOCK_PFN2 (OldIrql2); 02189 02190 NextEntry = Process->PhysicalVadList.Flink; 02191 while (NextEntry != &Process->PhysicalVadList) { 02192 02193 PhysicalView = CONTAINING_RECORD(NextEntry, 02194 MI_PHYSICAL_VIEW, 02195 ListEntry); 02196 02197 if (PhysicalView->Vad == (PMMVAD)Vad) { 02198 DbgPrint ("MiRemoveUserPhysicalPagesVad : Vad %p still in list!\n", 02199 Vad); 02200 DbgBreakPoint (); 02201 } 02202 02203 NextEntry = NextEntry->Flink; 02204 } 02205 02206 UNLOCK_PFN2 (OldIrql2); 02207 UNLOCK_AWE (Process, OldIrql); 02208 #endif 02209 02210 // 02211 // If the physical pages bitmap doesn't exist, nothing needs to be done. 02212 // 02213 02214 if (Process->VadPhysicalPagesBitMap == NULL) { 02215 ASSERT (ExpectedPages == 0); 02216 return; 02217 } 02218 02219 PointerPte = MiGetPteAddress (MI_VPN_TO_VA (Vad->StartingVpn)); 02220 EndingPte = MiGetPteAddress (MI_VPN_TO_VA_ENDING (Vad->EndingVpn)); 02221 02222 PteFlushList.Count = 0; 02223 02224 while (PointerPte <= EndingPte) { 02225 PteContents = *PointerPte; 02226 if (PteContents.u.Hard.Valid == 0) { 02227 PointerPte += 1; 02228 continue; 02229 } 02230 02231 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); 02232 02233 ASSERT (PageFrameIndex >= LOWEST_USABLE_PHYSICAL_PAGE); 02234 ASSERT (ExpectedPages != 0); 02235 02236 Pfn1 = MI_PFN_ELEMENT(PageFrameIndex); 02237 02238 ASSERT (MI_PFN_IS_AWE (Pfn1)); 02239 ASSERT (Pfn1->u2.ShareCount == 2); 02240 ASSERT (Pfn1->PteAddress == PointerPte); 02241 02242 // 02243 // The frame is currently mapped in this Vad so the PTE must 02244 // be cleared and the TB entry flushed. 02245 // 02246 02247 Pfn1->u2.ShareCount -= 1; 02248 Pfn1->PteAddress = (PMMPTE)0; 02249 02250 if (PteFlushList.Count != MM_MAXIMUM_FLUSH_COUNT) { 02251 PteFlushList.FlushVa[PteFlushList.Count] = 02252 MiGetVirtualAddressMappedByPte (PointerPte); 02253 PteFlushList.FlushPte[PteFlushList.Count] = PointerPte; 02254 PteFlushList.Count += 1; 02255 } 02256 02257 MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); 02258 02259 PointerPte += 1; 02260 #if DBG 02261 ActualPages += 1; 02262 #endif 02263 ASSERT (ActualPages <= ExpectedPages); 02264 } 02265 02266 // 02267 // Flush the TB entries for these pages. Note ZeroPte is only used 02268 // when the FlushPte[0] field is nonzero or if only a single PTE is 02269 // being flushed. 02270 // 02271 02272 MiFlushUserPhysicalPteList (&PteFlushList); 02273 02274 return; 02275 }

VOID MiRemoveVad (  IN PMMVAD  Vad  )

Definition at line 256 of file vadtree.c. References BYTES_TO_PAGES, _EPROCESS::CommitCharge, ExFreePool(), _EPROCESS::JobStatus, List, _MMSECURE_ENTRY::List, MiGetPreviousVad, MiRemoveNode(), MiReturnCommitment(), MiReturnPageFileQuota(), MM_DBG_COMMIT_RETURN_VAD, MM_MAX_COMMIT, MM_TRACK_COMMIT, NonPagedPool, NULL, PagedPool, PS_JOB_STATUS_REPORT_COMMIT_CHANGES, PsChangeJobMemoryUsage(), PsGetCurrentProcess, PsReturnPoolQuota(), PTE_SHIFT, _EPROCESS::VadFreeHint, _EPROCESS::VadHint, and _EPROCESS::VadRoot. Referenced by MiUnmapLockedPagesInUserSpace(), MmCleanProcessAddressSpace(), MmDeleteTeb(), MmUnmapViewOfSection(), NtAllocateVirtualMemory(), and NtFreeVirtualMemory(). 00262 : 00263 00264 This function removes a virtual address descriptor from the tree and 00265 reorders the splay tree as appropriate. If any quota or commitment 00266 was charged by the VAD (as indicated by the CommitCharge field) it 00267 is released. 00268 00269 Arguments: 00270 00271 Vad - Supplies a pointer to a virtual address descriptor. 00272 00273 Return Value: 00274 00275 None. 00276 00277 --*/ 00278 00279 { 00280 PMMADDRESS_NODE *Root; 00281 PEPROCESS CurrentProcess; 00282 SIZE_T RealCharge; 00283 PLIST_ENTRY Next; 00284 PMMSECURE_ENTRY Entry; 00285 00286 CurrentProcess = PsGetCurrentProcess(); 00287 00288 00289 // 00290 // Commit charge of MAX_COMMIT means don't charge quota. 00291 // 00292 00293 if (Vad->u.VadFlags.CommitCharge != MM_MAX_COMMIT) { 00294 00295 // 00296 // Return the quota charge to the process. 00297 // 00298 00299 PsReturnPoolQuota (CurrentProcess, NonPagedPool, sizeof(MMVAD)); 00300 00301 if ((Vad->u.VadFlags.PrivateMemory == 0) && 00302 (Vad->ControlArea != NULL)) { 00303 PsReturnPoolQuota (CurrentProcess, 00304 PagedPool, 00305 (Vad->EndingVpn - Vad->StartingVpn) << PTE_SHIFT); 00306 } 00307 00308 RealCharge = Vad->u.VadFlags.CommitCharge; 00309 00310 if (RealCharge != 0) { 00311 00312 MiReturnPageFileQuota (RealCharge, CurrentProcess); 00313 00314 if ((Vad->u.VadFlags.PrivateMemory == 0) && 00315 (Vad->ControlArea != NULL)) { 00316 00317 #if 0 //commented out so page file quota is meaningful. 00318 if (Vad->ControlArea->FilePointer == NULL) { 00319 00320 // 00321 // Don't release commitment for the page file space 00322 // occupied by a page file section. This will be charged 00323 // as the shared memory is committed. 00324 // 00325 00326 RealCharge -= BYTES_TO_PAGES ((ULONG)Vad->EndingVa - 00327 (ULONG)Vad->StartingVa); 00328 } 00329 #endif 00330 } 00331 00332 MiReturnCommitment (RealCharge); 00333 MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_VAD, RealCharge); 00334 if (CurrentProcess->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { 00335 PsChangeJobMemoryUsage(-(SSIZE_T)RealCharge); 00336 } 00337 CurrentProcess->CommitCharge -= RealCharge; 00338 } 00339 } 00340 00341 if (Vad == CurrentProcess->VadFreeHint) { 00342 CurrentProcess->VadFreeHint = MiGetPreviousVad (Vad); 00343 } 00344 00345 Root = (PMMADDRESS_NODE *)&CurrentProcess->VadRoot; 00346 00347 MiRemoveNode ( (PMMADDRESS_NODE)Vad, Root); 00348 00349 if (Vad->u.VadFlags.NoChange) { 00350 if (Vad->u2.VadFlags2.MultipleSecured) { 00351 00352 // 00353 // Free the oustanding pool allocations. 00354 // 00355 00356 Next = Vad->u3.List.Flink; 00357 do { 00358 Entry = CONTAINING_RECORD( Next, 00359 MMSECURE_ENTRY, 00360 List); 00361 00362 Next = Entry->List.Flink; 00363 ExFreePool (Entry); 00364 } while (Next != &Vad->u3.List); 00365 } 00366 } 00367 00368 // 00369 // If the VadHint was the removed Vad, change the Hint. 00370 00371 if (CurrentProcess->VadHint == Vad) { 00372 CurrentProcess->VadHint = CurrentProcess->VadRoot; 00373 } 00374 00375 return; 00376 }

VOID MiRemoveWorkingSetPages (  IN PMMWSL  WorkingSetList, IN PMMSUPPORT  WsInfo )

Definition at line 4228 of file wslist.c. References ASSERT, CONSISTENCY_LOCK_PFN, CONSISTENCY_UNLOCK_PFN, _MMPTE_FLUSH_LIST::Count, DbgPrint, FALSE, LOCK_EXPANSION_IF_ALPHA, LOCK_PFN, MI_FLUSH_ENTIRE_SESSION_TB, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MI_SET_PTE_IN_WORKING_SET, MiCheckNullIndex(), MiDeletePte(), MiFlushPteList(), MiGetPdeAddress, MiGetPpeAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiInsertWsle(), MiIsPteOnPdeBoundary, MiIsPteOnPpeBoundary, MiRemoveWsle(), MM_FREE_WSLE_SHIFT, MM_GROW_WSLE_HASH, MmSystemCacheWs, MMWSLE_HASH, NULL, _EPROCESS::NumberOfPrivatePages, PAGE_ALIGN, PAGE_SIZE, PsGetCurrentProcess, TRUE, _MMPTE::u, _MMSUPPORT::u, _MMPFN::u1, _MMWSLE::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_EXPANSION_IF_ALPHA, UNLOCK_PFN, WSLE_NULL_INDEX, WSLE_NUMBER, and ZeroPte. : This routine compresses the WSLEs into the front of the working set and frees the pages for unneeded working set entries. Arguments: WorkingSetList - Supplies a pointer to the working set list to compress. Return Value: None. Environment: Kernel mode, Working set lock held, APCs disabled. --*/ { PMMWSLE FreeEntry; PMMWSLE LastEntry; PMMWSLE Wsle; ULONG FreeIndex; ULONG LastIndex; ULONG LastInvalid; PMMPTE LastPte; PMMPTE PointerPte; PMMPTE PointerPde; PMMPTE PointerPpe; PMMPTE WsPte; PMMPFN Pfn1; PEPROCESS CurrentProcess; MMPTE_FLUSH_LIST PteFlushList; ULONG NewSize; PMMWSLE_HASH Table; KIRQL OldIrql; ASSERT (WsInfo != &MmSystemCacheWs && WsInfo->u.Flags.SessionSpace == 0); PteFlushList.Count = 0; CurrentProcess = PsGetCurrentProcess(); #if DBG MiCheckNullIndex (WorkingSetList); #endif //DBG // // Check to see if the wsle hash table should be contracted. // if (WorkingSetList->HashTable) { Table = WorkingSetList->HashTable; #if DBG if ((PVOID)(&Table[WorkingSetList->HashTableSize]) < WorkingSetList->HighestPermittedHashAddress) { ASSERT (MiGetPteAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0); } #endif if (WsInfo->WorkingSetSize < 200) { NewSize = 0; } else { NewSize = PtrToUlong(PAGE_ALIGN ((WorkingSetList->NonDirectCount * 2 * sizeof(MMWSLE_HASH)) + PAGE_SIZE - 1)); NewSize = NewSize / sizeof(MMWSLE_HASH); } if (NewSize < WorkingSetList->HashTableSize) { #if defined(_ALPHA_) && !defined(_AXP64_) LOCK_EXPANSION_IF_ALPHA (OldIrql); #endif if (NewSize && WsInfo->AllowWorkingSetAdjustment) { WsInfo->AllowWorkingSetAdjustment = MM_GROW_WSLE_HASH; } #if defined(_ALPHA_) && !defined(_AXP64_) UNLOCK_EXPANSION_IF_ALPHA (OldIrql); #endif // // Remove pages from hash table. // ASSERT (((ULONG_PTR)&WorkingSetList->HashTable[NewSize] & (PAGE_SIZE - 1)) == 0); PointerPte = MiGetPteAddress (&WorkingSetList->HashTable[NewSize]); LastPte = MiGetPteAddress (WorkingSetList->HighestPermittedHashAddress); // // Set the hash table to null indicating that no hashing // is going on. // WorkingSetList->HashTable = NULL; WorkingSetList->HashTableSize = NewSize; LOCK_PFN (OldIrql); while ((PointerPte < LastPte) && (PointerPte->u.Hard.Valid == 1)) { MiDeletePte (PointerPte, MiGetVirtualAddressMappedByPte (PointerPte), FALSE, CurrentProcess, NULL, &PteFlushList); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; PointerPte += 1; #if defined (_WIN64) // // If all the entries have been removed from the previous page // table page, delete the page table page itself. Likewise with // the page directory page. // if ((MiIsPteOnPdeBoundary(PointerPte)) || ((MiGetPdeAddress(PointerPte))->u.Hard.Valid == 0) || ((MiGetPteAddress(PointerPte))->u.Hard.Valid == 0) || (PointerPte->u.Hard.Valid == 0)) { MiFlushPteList (&PteFlushList, FALSE, ZeroPte); PointerPde = MiGetPteAddress (PointerPte - 1); ASSERT (PointerPde->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (MI_GET_PAGE_FRAME_FROM_PTE (PointerPde)); if (Pfn1->u2.ShareCount == 1 && Pfn1->u3.e2.ReferenceCount == 1) { MiDeletePte (PointerPde, PointerPte - 1, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; } if (MiIsPteOnPpeBoundary(PointerPte)) { PointerPpe = MiGetPteAddress (PointerPde); ASSERT (PointerPpe->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (MI_GET_PAGE_FRAME_FROM_PTE (PointerPpe)); if (Pfn1->u2.ShareCount == 1 && Pfn1->u3.e2.ReferenceCount == 1) { MiDeletePte (PointerPpe, PointerPde, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; } } PointerPde = MiGetPteAddress (PointerPte); PointerPpe = MiGetPdeAddress (PointerPte); if ((PointerPpe->u.Hard.Valid == 0) || (PointerPde->u.Hard.Valid == 0)) { break; } } #endif } MiFlushPteList (&PteFlushList, FALSE, ZeroPte); if (WsInfo->u.Flags.SessionSpace == 1) { // // Session space has no ASN - flush the entire TB. // MI_FLUSH_ENTIRE_SESSION_TB (TRUE, TRUE); } UNLOCK_PFN (OldIrql); } #if defined (_WIN64) // // For 64-bit NT, the page tables and page directories are also // deleted during contraction. // ASSERT ((MiGetPpeAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0) || (MiGetPdeAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0) || (MiGetPteAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0)); #else ASSERT (MiGetPteAddress(&Table[WorkingSetList->HashTableSize])->u.Hard.Valid == 0); #endif } // // If the only pages in the working set are locked pages (that // is all pages are BEFORE first dynamic, just reorganize the // free list). // Wsle = WorkingSetList->Wsle; if (WorkingSetList->FirstDynamic == WsInfo->WorkingSetSize) { LastIndex = WorkingSetList->FirstDynamic; LastEntry = &Wsle[LastIndex]; } else { // // Start from the first dynamic and move towards the end looking // for free entries. At the same time start from the end and // move towards first dynamic looking for valid entries. // LastInvalid = 0; FreeIndex = WorkingSetList->FirstDynamic; FreeEntry = &Wsle[FreeIndex]; LastIndex = WorkingSetList->LastEntry; LastEntry = &Wsle[LastIndex]; while (FreeEntry < LastEntry) { if (FreeEntry->u1.e1.Valid == 1) { FreeEntry += 1; FreeIndex += 1; } else if (LastEntry->u1.e1.Valid == 0) { LastEntry -= 1; LastIndex -= 1; } else { // // Move the WSLE at LastEntry to the free slot at FreeEntry. // LastInvalid = 1; *FreeEntry = *LastEntry; PointerPte = MiGetPteAddress (LastEntry->u1.VirtualAddress); if (LastEntry->u1.e1.Direct) { Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = FreeIndex; CONSISTENCY_UNLOCK_PFN (OldIrql); } else { // // This entry is in the working set. Remove it // and then add the entry add the free slot. // MiRemoveWsle (LastIndex, WorkingSetList); MiInsertWsle (FreeIndex, WorkingSetList); } MI_SET_PTE_IN_WORKING_SET (PointerPte, FreeIndex); LastEntry->u1.Long = 0; LastEntry -= 1; LastIndex -= 1; FreeEntry += 1; FreeIndex += 1; } } // // If no entries were freed, just return. // if (LastInvalid == 0) { #if DBG MiCheckNullIndex (WorkingSetList); #endif //DBG return; } } // // Reorganize the free list. Make last entry the first free. // ASSERT ((LastEntry - 1)->u1.e1.Valid == 1); if (LastEntry->u1.e1.Valid == 1) { LastEntry += 1; LastIndex += 1; } WorkingSetList->LastEntry = LastIndex - 1; WorkingSetList->FirstFree = LastIndex; ASSERT ((LastEntry - 1)->u1.e1.Valid == 1); ASSERT ((LastEntry)->u1.e1.Valid == 0); // // Point free entry to the first invalid page. // FreeEntry = LastEntry; while (LastIndex < WorkingSetList->LastInitializedWsle) { // // Put the remainder of the WSLEs on the free list. // ASSERT (LastEntry->u1.e1.Valid == 0); LastIndex += 1; LastEntry->u1.Long = LastIndex << MM_FREE_WSLE_SHIFT; LastEntry += 1; } //LastEntry->u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; // End of list. // // Delete the working set pages at the end. // PointerPte = MiGetPteAddress (&Wsle[WorkingSetList->LastInitializedWsle]); if (&Wsle[WsInfo->MinimumWorkingSetSize] > FreeEntry) { FreeEntry = &Wsle[WsInfo->MinimumWorkingSetSize]; } WsPte = MiGetPteAddress (FreeEntry); #if 0 if (MiGetPteAddress (FreeEntry) != MiGetPteAddress (FreeEntry + 1)) { DbgPrint ("MiRemoveWorkingSetPages caught boundary case %x\n", FreeEntry); DbgBreakPoint(); WsPte = MiGetPteAddress (FreeEntry + 1); } #endif ASSERT (WorkingSetList->FirstFree >= WorkingSetList->FirstDynamic); LOCK_PFN (OldIrql); while (PointerPte > WsPte) { ASSERT (PointerPte->u.Hard.Valid == 1); MiDeletePte (PointerPte, MiGetVirtualAddressMappedByPte (PointerPte), FALSE, CurrentProcess, NULL, &PteFlushList); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; #if defined (_WIN64) // // If all the entries have been removed from the previous page // table page, delete the page table page itself. Likewise with // the page directory page. // if (MiIsPteOnPdeBoundary(PointerPte)) { PointerPde = MiGetPteAddress (PointerPte); ASSERT (PointerPde->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (MI_GET_PAGE_FRAME_FROM_PTE (PointerPde)); if (Pfn1->u2.ShareCount == 1 && Pfn1->u3.e2.ReferenceCount == 1) { MiFlushPteList (&PteFlushList, FALSE, ZeroPte); MiDeletePte (PointerPde, PointerPte, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; } if (MiIsPteOnPpeBoundary(PointerPte)) { PointerPpe = MiGetPteAddress (PointerPde); ASSERT (PointerPpe->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (MI_GET_PAGE_FRAME_FROM_PTE (PointerPpe)); if (Pfn1->u2.ShareCount == 1 && Pfn1->u3.e2.ReferenceCount == 1) { MiFlushPteList (&PteFlushList, FALSE, ZeroPte); MiDeletePte (PointerPpe, PointerPde, FALSE, CurrentProcess, NULL, NULL); // // Add back in the private page MiDeletePte subtracted. // CurrentProcess->NumberOfPrivatePages += 1; } } } #endif PointerPte -= 1; } MiFlushPteList (&PteFlushList, FALSE, ZeroPte); if (WsInfo->u.Flags.SessionSpace == 1) { // // Session space has no ASN - flush the entire TB. // MI_FLUSH_ENTIRE_SESSION_TB (TRUE, TRUE); } UNLOCK_PFN (OldIrql); ASSERT (WorkingSetList->FirstFree >= WorkingSetList->FirstDynamic); // // Mark the last PTE in the list as free. // LastEntry = (PMMWSLE)((PCHAR)(PAGE_ALIGN(FreeEntry)) + PAGE_SIZE); LastEntry -= 1; ASSERT (LastEntry->u1.e1.Valid == 0); LastEntry->u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; //End of List. ASSERT (LastEntry > &Wsle[0]); WorkingSetList->LastInitializedWsle = (WSLE_NUMBER)(LastEntry - &Wsle[0]); WorkingSetList->NextSlot = WorkingSetList->FirstDynamic; ASSERT (WorkingSetList->LastEntry <= WorkingSetList->LastInitializedWsle); if (WorkingSetList->Quota < WorkingSetList->LastInitializedWsle) { WorkingSetList->Quota = WorkingSetList->LastInitializedWsle; } ASSERT ((MiGetPteAddress(&Wsle[WorkingSetList->LastInitializedWsle]))->u.Hard.Valid == 1); ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); #if DBG MiCheckNullIndex (WorkingSetList); #endif //DBG return; }

VOID FASTCALL MiRemoveWsle (  IN WSLE_NUMBER  Entry, IN PMMWSL  WorkingSetList )

Definition at line 464 of file wstree.c. References ASSERT, DbgPrint, _MMWSLE::e1, KeBugCheckEx(), _MMWSLE_HASH::Key, _MMWSLE::Long, MI_IS_SYSTEM_CACHE_ADDRESS, MI_WSLE_HASH, MiDumpWsl(), MM_DBG_DUMP_WSL, MM_DBG_PTE_UPDATE, MM_PAGED_POOL_START, MmNonPagedSystemStart, MmPagedPoolPage, MmSystemCachePage, MmSystemCacheStart, MmSystemCacheWorkingSetList, MmSystemCodePage, MmSystemDriverPage, PAGE_ALIGN, _MMWSLE::u1, _MMWSLENTRY::Valid, and _MMWSLE::VirtualAddress. Referenced by MiDecommitPages(), MiDeletePte(), MiDeleteSystemPagableVm(), MiFreeWsle(), MiLockCode(), MiRemoveMappedPtes(), MiRemovePageFromWorkingSet(), MiRemoveWorkingSetPages(), and MmUnmapViewInSystemCache(). : This routine removes a Working Set List Entry (WSLE) from the working set. Arguments: Entry - The index number of the WSLE to remove. Return Value: None. Environment: Kernel mode, APCs disabled, Working Set Mutex held. --*/ { PMMWSLE Wsle; PVOID VirtualAddress; PMMWSLE_HASH Table; ULONG Hash; ULONG Tries; Wsle = WorkingSetList->Wsle; // // Locate the entry in the tree. // #if DBG if (MmDebug & MM_DBG_PTE_UPDATE) { DbgPrint("removing wsle %lx %lx\n", Entry, Wsle[Entry].u1.Long); } if (MmDebug & MM_DBG_DUMP_WSL) { MiDumpWsl(); DbgPrint(" \n"); } #endif //DBG ASSERT (Wsle[Entry].u1.e1.Valid == 1); VirtualAddress = PAGE_ALIGN (Wsle[Entry].u1.VirtualAddress); if (WorkingSetList == MmSystemCacheWorkingSetList) { // // count system space inserts and removals. // #if defined(_X86_) if (MI_IS_SYSTEM_CACHE_ADDRESS(VirtualAddress)) { MmSystemCachePage -= 1; } else #endif if (VirtualAddress < MmSystemCacheStart) { MmSystemCodePage -= 1; } else if (VirtualAddress < MM_PAGED_POOL_START) { MmSystemCachePage -= 1; } else if (VirtualAddress < MmNonPagedSystemStart) { MmPagedPoolPage -= 1; } else { MmSystemDriverPage -= 1; } } Wsle[Entry].u1.e1.Valid = 0; if (Wsle[Entry].u1.e1.Direct == 0) { WorkingSetList->NonDirectCount -= 1; if (WorkingSetList->HashTable) { Hash = MI_WSLE_HASH(Wsle[Entry].u1.Long, WorkingSetList); Table = WorkingSetList->HashTable; Tries = 0; while (Table[Hash].Key != (ULONG_PTR)VirtualAddress) { Hash += 1; if (Hash >= WorkingSetList->HashTableSize) { Hash = 0; if (Tries != 0) { KeBugCheckEx (MEMORY_MANAGEMENT, 0x41784, (ULONG_PTR)VirtualAddress, Entry, (ULONG_PTR)WorkingSetList); } Tries = 1; } } Table[Hash].Key = 0; } } return; }

VOID MiRemoveWsleFromFreeList (  IN ULONG  Entry, IN PMMWSLE  Wsle, IN PMMWSL  WorkingSetList )

Definition at line 799 of file wstree.c. References ASSERT, MM_FREE_WSLE_SHIFT, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MiSwapWslEntries(). : This routine removes a working set list entry from the free list. It is used when the entry required is not the first element in the free list. Arguments: Entry - Supplies the index of the entry to remove. Wsle - Supplies a pointer to the array of WSLEs. WorkingSetList - Supplies a pointer to the working set list. Return Value: None. Environment: Kernel mode, Working set lock and PFN lock held, APCs disabled. --*/ { WSLE_NUMBER Free; WSLE_NUMBER ParentFree; Free = WorkingSetList->FirstFree; if (Entry == Free) { ASSERT ((Wsle[Entry].u1.Long >> MM_FREE_WSLE_SHIFT) <= WorkingSetList->LastInitializedWsle); WorkingSetList->FirstFree = (WSLE_NUMBER)(Wsle[Entry].u1.Long >> MM_FREE_WSLE_SHIFT); } else { do { ParentFree = Free; ASSERT (Wsle[Free].u1.e1.Valid == 0); Free = (WSLE_NUMBER)(Wsle[Free].u1.Long >> MM_FREE_WSLE_SHIFT); } while (Free != Entry); Wsle[ParentFree].u1.Long = Wsle[Entry].u1.Long; } ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); return; }

PFN_NUMBER FASTCALL MiRemoveZeroPage (  IN ULONG  PageColor  )

Definition at line 1177 of file pfnlist.c. References ASSERT, _MMCOLOR_TABLES::Flink, _MMPFNLIST::Flink, FreePageList, MI_BARRIER_STAMP_ZEROED_PAGE, MI_CHECK_PAGE_ALIGNMENT, MI_GET_SECONDARY_COLOR, MI_MAGIC_AWE_PTEFRAME, MI_PFN_ELEMENT, MiRemovePageByColor(), MiRemovePageFromList(), MiZeroPhysicalPage(), MM_COLOR_MASK, MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmFreePageListHead, MmFreePagesByColor, MmStandbyPageListHead, MmZeroedPageListHead, PAGE_SHIFT, _MMPFN::PteFrame, _MMPFNLIST::Total, _MMPFN::u2, _MMPFN::u3, and ZeroedPageList. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiDoneWithThisPageGetAnother(), MiInitializeSystemCache(), MiInitializeWorkingSetList(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiSessionInitializeWorkingSetList(), MmAddPhysicalMemory(), MmCheckCachedPageState(), MmInitSystem(), and MmShutdownSystem(). 01183 : 01184 01185 This procedure removes a zero page from either the zeroed, free 01186 or standby lists (in that order). If no pages exist on the zeroed 01187 or free list a transition page is removed from the standby list 01188 and the PTE (may be a prototype PTE) which refers to this page is 01189 changed from transition back to its original contents. 01190 01191 If the page is not obtained from the zeroed list, it is zeroed. 01192 01193 Arguments: 01194 01195 PageColor - Supplies the page color for which this page is destined. 01196 This is used for checking virtual address alignments to 01197 determine if the D cache needs flushing before the page 01198 can be reused. 01199 01200 Return Value: 01201 01202 The physical page number removed from the specified list. 01203 01204 Environment: 01205 01206 Must be holding the PFN database mutex with APCs disabled. 01207 01208 --*/ 01209 01210 { 01211 PFN_NUMBER Page; 01212 PMMPFN Pfn1; 01213 ULONG Color; 01214 01215 MM_PFN_LOCK_ASSERT(); 01216 ASSERT(MmAvailablePages != 0); 01217 01218 // 01219 // Attempt to remove a page from the zeroed page list. If a page 01220 // is available, then remove it and return its page frame index. 01221 // Otherwise, attempt to remove a page from the free page list or 01222 // the standby list. 01223 // 01224 // N.B. It is not necessary to change page colors even if the old 01225 // color is not equal to the new color. The zero page thread 01226 // ensures that all zeroed pages are removed from all caches. 01227 // 01228 01229 if (MmFreePagesByColor[ZeroedPageList][PageColor].Flink != MM_EMPTY_LIST) { 01230 01231 // 01232 // Remove the first entry on the zeroed by color list. 01233 // 01234 01235 Page = MmFreePagesByColor[ZeroedPageList][PageColor].Flink; 01236 01237 #if DBG 01238 Pfn1 = MI_PFN_ELEMENT(Page); 01239 ASSERT (Pfn1->u3.e1.PageLocation == ZeroedPageList); 01240 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01241 #endif 01242 01243 MiRemovePageByColor (Page, PageColor); 01244 01245 #if DBG 01246 ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); 01247 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01248 ASSERT (Pfn1->u2.ShareCount == 0); 01249 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01250 #endif 01251 return Page; 01252 01253 } 01254 01255 // 01256 // No previously zeroed page with the specified secondary color exists. 01257 // Try a zeroed page of the primary color. 01258 // 01259 01260 if (MmZeroedPageListHead.Flink != MM_EMPTY_LIST) { 01261 Page = MmZeroedPageListHead.Flink; 01262 #if DBG 01263 Pfn1 = MI_PFN_ELEMENT(Page); 01264 ASSERT (Pfn1->u3.e1.PageLocation == ZeroedPageList); 01265 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01266 #endif 01267 Color = MI_GET_SECONDARY_COLOR (Page, MI_PFN_ELEMENT(Page)); 01268 MiRemovePageByColor (Page, Color); 01269 #if DBG 01270 Pfn1 = MI_PFN_ELEMENT(Page); 01271 ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); 01272 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01273 ASSERT (Pfn1->u2.ShareCount == 0); 01274 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01275 #endif 01276 return Page; 01277 } 01278 01279 // 01280 // No zeroed page of the primary color exists, try a free page of the 01281 // secondary color. 01282 // 01283 01284 if (MmFreePagesByColor[FreePageList][PageColor].Flink != MM_EMPTY_LIST) { 01285 01286 // 01287 // Remove the first entry on the free list by color. 01288 // 01289 01290 Page = MmFreePagesByColor[FreePageList][PageColor].Flink; 01291 01292 #if DBG 01293 Pfn1 = MI_PFN_ELEMENT(Page); 01294 ASSERT (Pfn1->u3.e1.PageLocation == FreePageList); 01295 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01296 #endif 01297 01298 MiRemovePageByColor (Page, PageColor); 01299 #if DBG 01300 Pfn1 = MI_PFN_ELEMENT(Page); 01301 ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); 01302 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01303 ASSERT (Pfn1->u2.ShareCount == 0); 01304 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01305 #endif 01306 goto ZeroPage; 01307 } 01308 01309 if (MmFreePageListHead.Flink != MM_EMPTY_LIST) { 01310 Page = MmFreePageListHead.Flink; 01311 01312 Color = MI_GET_SECONDARY_COLOR (Page, MI_PFN_ELEMENT(Page)); 01313 MiRemovePageByColor (Page, Color); 01314 #if DBG 01315 Pfn1 = MI_PFN_ELEMENT(Page); 01316 ASSERT (Pfn1->u3.e1.PageColor == (PageColor & MM_COLOR_MASK)); 01317 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01318 ASSERT (Pfn1->u2.ShareCount == 0); 01319 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01320 #endif 01321 goto ZeroPage; 01322 } 01323 01324 ASSERT (MmZeroedPageListHead.Total == 0); 01325 ASSERT (MmFreePageListHead.Total == 0); 01326 01327 if (MmZeroedPageListHead.Total != 0) { 01328 01329 Page = MiRemovePageFromList(&MmZeroedPageListHead); 01330 MI_CHECK_PAGE_ALIGNMENT(Page, PageColor & MM_COLOR_MASK); 01331 01332 } else { 01333 01334 // 01335 // Attempt to remove a page from the free list. If a page is 01336 // available, then remove it. Otherwise, attempt to remove a 01337 // page from the standby list. 01338 // 01339 01340 if (MmFreePageListHead.Total != 0) { 01341 Page = MiRemovePageFromList(&MmFreePageListHead); 01342 ASSERT ((MI_PFN_ELEMENT(Page))->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01343 } else { 01344 01345 // 01346 // Remove a page from the standby list and restore the original 01347 // contents of the PTE to free the last reference to the physical 01348 // page. 01349 // 01350 01351 ASSERT (MmStandbyPageListHead.Total != 0); 01352 01353 Page = MiRemovePageFromList(&MmStandbyPageListHead); 01354 ASSERT ((MI_PFN_ELEMENT(Page))->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01355 } 01356 01357 // 01358 // Zero the page removed from the free or standby list. 01359 // 01360 01361 ZeroPage: 01362 01363 Pfn1 = MI_PFN_ELEMENT(Page); 01364 01365 #if defined(_ALPHA_) 01366 HalZeroPage((PVOID)ULongToPtr((PageColor & MM_COLOR_MASK) << PAGE_SHIFT), 01367 (PVOID)ULongToPtr((Pfn1->u3.e1.PageColor) << PAGE_SHIFT), 01368 Page); 01369 #else 01370 MiZeroPhysicalPage (Page, 0); 01371 #endif 01372 01373 // 01374 // Note the stamping must occur after the page is zeroed. 01375 // 01376 01377 MI_BARRIER_STAMP_ZEROED_PAGE (&Pfn1->PteFrame); 01378 01379 Pfn1->u3.e1.PageColor = PageColor & MM_COLOR_MASK; 01380 01381 } 01382 01383 #if DBG 01384 Pfn1 = MI_PFN_ELEMENT (Page); 01385 ASSERT (Pfn1->u3.e2.ReferenceCount == 0); 01386 ASSERT (Pfn1->u2.ShareCount == 0); 01387 ASSERT (Pfn1->PteFrame != MI_MAGIC_AWE_PTEFRAME); 01388 #endif 01389 01390 return Page; 01391 }

PMMPTE MiReserveSystemPtes (  IN ULONG  NumberOfPtes, IN MMSYSTEM_PTE_POOL_TYPE  SystemPteType, IN ULONG  Alignment, IN ULONG  Offset, IN ULONG  BugCheckOnFailure )

Definition at line 524 of file sysptes.c. References ASSERT, Index, KeBugCheckEx(), KeFlushEntireTb(), MiFeedSysPtePool(), MiLockSystemSpace, MiReserveSystemPtes2(), MiUnlockSystemSpace, MM_DBG_SYS_PTES, MM_EMPTY_PTE_LIST, MM_FLUSH_COUNTER_MASK, MM_KERNEL_NOACCESS_PTE, MM_PTE_TABLE_LIMIT, MmFlushCounter, MmFlushPte1, MmFreeSysPteListBySize, MmLastSysPteListBySize, MmSysPteIndex, MmSysPteListBySizeCount, MmSysPteMinimumFree, MmSysPteTables, MmSystemPteBase, MmSystemPtesEnd, MmSystemPtesStart, NULL, Offset, PAGE_SHIFT, PTE_SHIFT, SystemPteSpace, TRUE, and _MMPTE::u. Referenced by ExAllocatePool(), MiAllocatePoolPages(), MiBuildPagedPool(), MiFindContiguousMemory(), MiInitializeSpecialPool(), MiInitializeSystemPtes(), MiInitMachineDependent(), MiLoadImageSection(), MiMapBBTMemory(), MiMapSinglePage(), MiReloadBootLoadedDrivers(), MiSessionCreateInternal(), MmAllocateIndependentPages(), MmAllocateNonCachedMemory(), MmCreateKernelStack(), MmMapIoSpace(), MmMapLockedPagesSpecifyCache(), and MmMapVideoDisplay(). 00534 : 00535 00536 This function locates the specified number of unused PTEs to locate 00537 within the non paged portion of system space. 00538 00539 Arguments: 00540 00541 NumberOfPtes - Supplies the number of PTEs to locate. 00542 00543 SystemPtePoolType - Supplies the PTE type of the pool to expand, one of 00544 SystemPteSpace or NonPagedPoolExpansion. 00545 00546 Alignment - Supplies the virtual address alignment for the address 00547 the returned PTE maps. For example, if the value is 64K, 00548 the returned PTE will map an address on a 64K boundary. 00549 An alignment of zero means to align on a page boundary. 00550 00551 Offset - Supplies the offset into the alignment for the virtual address. 00552 For example, if the Alignment is 64k and the Offset is 4k, 00553 the returned address will be 4k above a 64k boundary. 00554 00555 BugCheckOnFailure - Supplies FALSE if NULL should be returned if 00556 the request cannot be satisfied, TRUE if 00557 a bugcheck should be issued. 00558 00559 Return Value: 00560 00561 Returns the address of the first PTE located. 00562 NULL if no system PTEs can be located and BugCheckOnFailure is FALSE. 00563 00564 Environment: 00565 00566 Kernel mode, DISPATCH_LEVEL or below. 00567 00568 --*/ 00569 00570 { 00571 PMMPTE PointerPte; 00572 PMMPTE Previous; 00573 KIRQL OldIrql; 00574 ULONG PteMask; 00575 ULONG MaskSize; 00576 ULONG Index; 00577 00578 #ifdef _MI_GUARD_PTE_ 00579 ULONG ExactPtes; 00580 00581 if (NumberOfPtes == 0) { 00582 KeBugCheckEx (SYSTEM_PTE_MISUSE, 00583 0xA, 00584 BugCheckOnFailure, 00585 NumberOfPtes, 00586 SystemPtePoolType); 00587 } 00588 00589 if (SystemPtePoolType == SystemPteSpace) { 00590 NumberOfPtes += 1; 00591 } 00592 00593 ExactPtes = NumberOfPtes; 00594 #endif 00595 00596 if (SystemPtePoolType == SystemPteSpace) { 00597 00598 MaskSize = (Alignment - 1) >> (PAGE_SHIFT - PTE_SHIFT); 00599 PteMask = MaskSize & (Offset >> (PAGE_SHIFT - PTE_SHIFT)); 00600 00601 // 00602 // Acquire the system space lock to synchronize access to this 00603 // routine. 00604 // 00605 00606 MiLockSystemSpace(OldIrql); 00607 00608 if (NumberOfPtes <= MM_PTE_TABLE_LIMIT) { 00609 Index = MmSysPteTables [NumberOfPtes]; 00610 ASSERT (NumberOfPtes <= MmSysPteIndex[Index]); 00611 PointerPte = &MmFreeSysPteListBySize[Index]; 00612 #if DBG 00613 if (MmDebug & MM_DBG_SYS_PTES) { 00614 PMMPTE PointerPte1; 00615 PointerPte1 = &MmFreeSysPteListBySize[Index]; 00616 while (PointerPte1->u.List.NextEntry != MM_EMPTY_PTE_LIST) { 00617 PMMPTE PointerFreedPte; 00618 ULONG j; 00619 00620 PointerPte1 = MmSystemPteBase + PointerPte1->u.List.NextEntry; 00621 PointerFreedPte = PointerPte1; 00622 for (j = 0; j < MmSysPteIndex[Index]; j++) { 00623 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 00624 PointerFreedPte++; 00625 } 00626 } 00627 } 00628 #endif //DBG 00629 00630 Previous = PointerPte; 00631 00632 while (PointerPte->u.List.NextEntry != MM_EMPTY_PTE_LIST) { 00633 00634 // 00635 // Try to find suitable PTEs with the proper alignment. 00636 // 00637 00638 Previous = PointerPte; 00639 PointerPte = MmSystemPteBase + PointerPte->u.List.NextEntry; 00640 #if !defined(_IA64_) 00641 if (PointerPte == MmFlushPte1) { 00642 KeFlushEntireTb (TRUE, TRUE); 00643 MmFlushCounter = (MmFlushCounter + 1) & MM_FLUSH_COUNTER_MASK; 00644 MmFlushPte1 = NULL; 00645 } 00646 #endif 00647 if ((Alignment == 0) || 00648 (((ULONG_PTR)PointerPte & MaskSize) == PteMask)) { 00649 00650 #ifdef _MI_SYSPTE_DEBUG_ 00651 MiCheckPteAllocation (PointerPte, 00652 NumberOfPtes, 00653 0, 00654 MmSysPteIndex[Index]); 00655 #endif 00656 // 00657 // Proper alignment and offset, update list index. 00658 // 00659 00660 ASSERT ((PointerPte->u.List.NextEntry + MmSystemPteBase) >= 00661 MmSystemPtesStart[SystemPtePoolType] || 00662 PointerPte->u.List.NextEntry == MM_EMPTY_PTE_LIST); 00663 ASSERT ((PointerPte->u.List.NextEntry + MmSystemPteBase) <= 00664 MmSystemPtesEnd[SystemPtePoolType] || 00665 PointerPte->u.List.NextEntry == MM_EMPTY_PTE_LIST); 00666 00667 Previous->u.List.NextEntry = PointerPte->u.List.NextEntry; 00668 MmSysPteListBySizeCount [Index] -= 1; 00669 00670 #if !defined(_IA64_) 00671 if (NumberOfPtes != 1) { 00672 00673 // 00674 // Check to see if the TB should be flushed. 00675 // 00676 00677 if ((PointerPte + 1)->u.List.NextEntry == MmFlushCounter) { 00678 KeFlushEntireTb (TRUE, TRUE); 00679 MmFlushCounter = (MmFlushCounter + 1) & 00680 MM_FLUSH_COUNTER_MASK; 00681 MmFlushPte1 = NULL; 00682 } 00683 } 00684 #endif 00685 if (PointerPte->u.List.NextEntry == MM_EMPTY_PTE_LIST) { 00686 MmLastSysPteListBySize[Index] = Previous; 00687 } 00688 #if DBG 00689 00690 if (MmDebug & MM_DBG_SYS_PTES) { 00691 PMMPTE PointerPte1; 00692 PointerPte1 = &MmFreeSysPteListBySize[Index]; 00693 while (PointerPte1->u.List.NextEntry != MM_EMPTY_PTE_LIST) { 00694 PMMPTE PointerFreedPte; 00695 ULONG j; 00696 00697 PointerPte1 = MmSystemPteBase + PointerPte1->u.List.NextEntry; 00698 PointerFreedPte = PointerPte1; 00699 for (j = 0; j < MmSysPteIndex[Index]; j++) { 00700 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 00701 PointerFreedPte++; 00702 } 00703 } 00704 } 00705 #endif //DBG 00706 MiUnlockSystemSpace(OldIrql); 00707 00708 #if DBG 00709 PointerPte->u.List.NextEntry = 0xABCDE; 00710 if (MmDebug & MM_DBG_SYS_PTES) { 00711 00712 PMMPTE PointerFreedPte; 00713 ULONG j; 00714 00715 PointerFreedPte = PointerPte; 00716 for (j = 0; j < MmSysPteIndex[Index]; j++) { 00717 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 00718 PointerFreedPte++; 00719 } 00720 } 00721 if (PointerPte < MmSystemPtesStart[SystemPtePoolType]) { 00722 KeBugCheckEx (SYSTEM_PTE_MISUSE, 00723 0xB, 00724 (ULONG_PTR)PointerPte, 00725 NumberOfPtes, 00726 SystemPtePoolType); 00727 } 00728 if (PointerPte > MmSystemPtesEnd[SystemPtePoolType]) { 00729 KeBugCheckEx (SYSTEM_PTE_MISUSE, 00730 0xC, 00731 (ULONG_PTR)PointerPte, 00732 NumberOfPtes, 00733 SystemPtePoolType); 00734 } 00735 #endif //DBG 00736 00737 if (MmSysPteListBySizeCount[Index] < 00738 MmSysPteMinimumFree[Index]) { 00739 MiFeedSysPtePool (Index); 00740 } 00741 #ifdef _MI_GUARD_PTE_ 00742 (PointerPte + ExactPtes - 1)->u.Long = MM_KERNEL_NOACCESS_PTE; 00743 #endif 00744 return PointerPte; 00745 } 00746 } 00747 NumberOfPtes = MmSysPteIndex [Index]; 00748 } 00749 MiUnlockSystemSpace(OldIrql); 00750 } 00751 00752 #ifdef _MI_GUARD_PTE_ 00753 NumberOfPtes = ExactPtes; 00754 #endif 00755 00756 PointerPte = MiReserveSystemPtes2 (NumberOfPtes, 00757 SystemPtePoolType, 00758 Alignment, 00759 Offset, 00760 BugCheckOnFailure); 00761 00762 #if DBG 00763 if (MmDebug & MM_DBG_SYS_PTES) { 00764 00765 PMMPTE PointerFreedPte; 00766 ULONG j; 00767 00768 if (PointerPte) { 00769 PointerFreedPte = PointerPte; 00770 for (j = 0; j < NumberOfPtes; j++) { 00771 ASSERT (PointerFreedPte->u.Hard.Valid == 0); 00772 PointerFreedPte++; 00773 } 00774 } 00775 } 00776 #endif //DBG 00777 00778 #ifdef _MI_GUARD_PTE_ 00779 if (PointerPte) { 00780 (PointerPte + ExactPtes - 1)->u.Long = MM_KERNEL_NOACCESS_PTE; 00781 } 00782 #endif 00783 00784 return PointerPte; 00785 }

NTSTATUS MiResolveDemandZeroFault (  IN PVOID  VirtualAddress, IN PMMPTE  PointerPte, IN PEPROCESS  Process, IN ULONG  PrototypePte )

Definition at line 674 of file pagfault.c. References APC_LEVEL, ASSERT, CONSISTENCY_LOCK_PFN, CONSISTENCY_UNLOCK_PFN, _MMINFO_COUNTERS::DemandZeroCount, FALSE, HYDRA_PROCESS, LOCK_PFN, MI_BARRIER_STAMP_ZEROED_PAGE, MI_BARRIER_SYNCHRONIZE, MI_IS_PAGE_TABLE_ADDRESS, MI_MAKE_VALID_PTE, MI_PAGE_COLOR_VA_PROCESS, MI_PFN_ELEMENT, MI_SET_PTE_DIRTY, MI_WRITE_VALID_PTE, MiAddValidPageToWorkingSet(), MiEnsureAvailablePageOrWait(), MiInitializePfn(), MiRemoveAnyPage(), MiRemoveZeroPage(), MiRemoveZeroPageIfAny, MiWaitForForkToComplete(), MiZeroPhysicalPage(), MM_PFN_LOCK_ASSERT, MmInfoCounters, MmSystemPageColor, NULL, PERFINFO_PRIVATE_PAGE_DEMAND_ZERO, PERFINFO_SOFTFAULT, PrototypePte, PsGetCurrentThread, _MMPFN::PteFrame, STATUS_REFAULT, TRUE, _MMPTE::u, _MMPFN::u1, and UNLOCK_PFN. Referenced by MiDispatchFault(), MiResolveProtoPteFault(), and MmAccessFault(). : This routine resolves a demand zero page fault. If the PrototypePte argument is TRUE, the PFN lock is held, the lock cannot be dropped, and the page should not be added to the working set at this time. Arguments: VirtualAddress - Supplies the faulting address. PointerPte - Supplies the PTE for the faulting address. Process - Supplies a pointer to the process object. If this parameter is NULL, then the fault is for system space and the process's working set lock is not held. PrototypePte - Supplies TRUE if this is a prototype PTE. Return Value: status, either STATUS_SUCCESS or STATUS_REFAULT. Environment: Kernel mode, PFN lock held conditionally. --*/ { PMMPFN Pfn1; PFN_NUMBER PageFrameIndex; MMPTE TempPte; ULONG PageColor; KIRQL OldIrql; LOGICAL NeedToZero; LOGICAL BarrierNeeded; ULONG BarrierStamp; NeedToZero = FALSE; BarrierNeeded = FALSE; PERFINFO_PRIVATE_PAGE_DEMAND_ZERO(VirtualAddress); // // Check to see if a page is available, if a wait is // returned, do not continue, just return success. // if (!PrototypePte) { LOCK_PFN (OldIrql); } MM_PFN_LOCK_ASSERT(); if (PointerPte->u.Hard.Valid == 0) { if (!MiEnsureAvailablePageOrWait (Process, VirtualAddress)) { if (Process != NULL && Process != HYDRA_PROCESS && (!PrototypePte)) { // // If a fork operation is in progress and the faulting thread // is not the thread performing the fork operation, block until // the fork is completed. // if ((Process->ForkInProgress != NULL) && (Process->ForkInProgress != PsGetCurrentThread())) { MiWaitForForkToComplete (Process); UNLOCK_PFN (APC_LEVEL); return STATUS_REFAULT; } Process->NumberOfPrivatePages += 1; PageColor = MI_PAGE_COLOR_VA_PROCESS (VirtualAddress, &Process->NextPageColor); ASSERT (MI_IS_PAGE_TABLE_ADDRESS(PointerPte)); PageFrameIndex = MiRemoveZeroPageIfAny (PageColor); if (PageFrameIndex) { // // This barrier check is needed after zeroing the page // and before setting the PTE valid. Note since the PFN // database entry is used to hold the sequence timestamp, // it must be captured now. Check it at the last possible // moment. // Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); BarrierStamp = (ULONG)Pfn1->PteFrame; } else { PageFrameIndex = MiRemoveAnyPage (PageColor); NeedToZero = TRUE; } BarrierNeeded = TRUE; } else { PageColor = MI_PAGE_COLOR_VA_PROCESS (VirtualAddress, &MmSystemPageColor); // // As this is a system page, there is no need to // remove a page of zeroes, it must be initialized by // the system before being used. // if (PrototypePte) { PageFrameIndex = MiRemoveZeroPage (PageColor); } else { PageFrameIndex = MiRemoveAnyPage (PageColor); } } MmInfoCounters.DemandZeroCount += 1; MiInitializePfn (PageFrameIndex, PointerPte, 1); if (!PrototypePte) { UNLOCK_PFN (APC_LEVEL); } Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); if (NeedToZero) { MiZeroPhysicalPage (PageFrameIndex, PageColor); // // Note the stamping must occur after the page is zeroed. // MI_BARRIER_STAMP_ZEROED_PAGE (&BarrierStamp); } // // As this page is demand zero, set the modified bit in the // PFN database element and set the dirty bit in the PTE. // PERFINFO_SOFTFAULT(Pfn1, VirtualAddress, PERFINFO_LOG_TYPE_DEMANDZEROFAULT) MI_MAKE_VALID_PTE (TempPte, PageFrameIndex, PointerPte->u.Soft.Protection, PointerPte); if (TempPte.u.Hard.Write != 0) { MI_SET_PTE_DIRTY (TempPte); } if (BarrierNeeded) { MI_BARRIER_SYNCHRONIZE (BarrierStamp); } MI_WRITE_VALID_PTE (PointerPte, TempPte); if (!PrototypePte) { ASSERT (Pfn1->u1.Event == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.Event = (PVOID)PsGetCurrentThread(); CONSISTENCY_UNLOCK_PFN (OldIrql); MiAddValidPageToWorkingSet (VirtualAddress, PointerPte, Pfn1, 0); } return STATUS_PAGE_FAULT_DEMAND_ZERO; } } if (!PrototypePte) { UNLOCK_PFN (APC_LEVEL); } return STATUS_REFAULT; }

NTSTATUS MiResolveMappedFileFault (  IN PVOID  FaultingAddress, IN PMMPTE  PointerPte, IN PMMINPAGE_SUPPORT *  ReadBlock, IN PEPROCESS  Process )

NTSTATUS MiResolvePageFileFault (  IN PVOID  FaultingAddress, IN PMMPTE  PointerPte, IN PMMINPAGE_SUPPORT *  ReadBlock, IN PEPROCESS  Process )

NTSTATUS MiResolveProtoPteFault (  IN BOOLEAN  StoreInstruction, IN PVOID  VirtualAddress, IN PMMPTE  PointerPte, IN PMMPTE  PointerProtoPte, IN PMMINPAGE_SUPPORT *  ReadBlock, IN PEPROCESS  Process, OUT PLOGICAL  ApcNeeded )

NTSTATUS MiResolveTransitionFault (  IN PVOID  FaultingAddress, IN PMMPTE  PointerPte, IN PEPROCESS  Process, IN ULONG  PfnLockHeld, OUT PLOGICAL  ApcNeeded )

Definition at line 868 of file pagfault.c. References ActiveAndValid, APC_LEVEL, _ETHREAD::ApcNeeded, ASSERT, DbgPrint, FreePageList, HYDRA_PROCESS, KeEnterCriticalRegion, KeLeaveCriticalRegion, LOCK_PFN, MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_MAKE_TRANSITION_PTE_VALID, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MI_SET_PTE_CLEAN, MI_SET_PTE_DIRTY, MI_WRITE_VALID_PTE, MiAddValidPageToWorkingSet(), MiDecrementReferenceCount(), MiFormatPfn(), MiGetPteAddress, MiInsertPageInList(), MiRestoreTransitionPte(), MiUnlinkPageFromList(), MiWaitForInPageComplete(), MM_DBG_COLLIDED_PAGE, MmInfoCounters, MmPagedPoolEnd, MmPagedPoolStart, MmPageLocationList, MmSpecialPoolEnd, MmSpecialPoolStart, _ETHREAD::NestedFaultCount, NT_SUCCESS, NTSTATUS(), NULL, PERFINFO_SOFTFAULT, PsGetCurrentThread, _MMPFN::PteAddress, StandbyPageList, STATUS_REFAULT, _MMINFO_COUNTERS::TransitionCount, TRUE, _MMPTE::u, _MMINPAGE_SUPPORT::u, _MMPFN::u1, _MMPFN::u2, _MMPFN::u3, UNLOCK_PFN, UNLOCK_SESSION_SPACE_WS, UNLOCK_SYSTEM_WS, UNLOCK_WS, and _MMINPAGE_SUPPORT::WaitCount. Referenced by MiDispatchFault(), and MiResolveProtoPteFault(). : This routine resolves a transition page fault. Arguments: FaultingAddress - Supplies the faulting address. PointerPte - Supplies the PTE for the faulting address. CurrentProcess - Supplies a pointer to the process object. If this parameter is NULL, then the fault is for system space and the process's working set lock is not held. PfnLockHeld - Supplies TRUE if the PFN lock is held, FALSE if not. ApcNeeded - Supplies a pointer to a location set to TRUE if an I/O completion APC is needed to complete partial IRPs that collided. It is the caller's responsibility to initialize this (usually to FALSE) on entry. However, since this routine may be called multiple times for a single fault (for the page directory, page table and the page itself), it is possible for it to occasionally be TRUE on entry. If it is FALSE on exit, no completion APC is needed. Return Value: status, either STATUS_SUCCESS, STATUS_REFAULT or an I/O status code. Environment: Kernel mode, PFN lock may optionally be held. --*/ { PFN_NUMBER PageFrameIndex; PMMPFN Pfn1; MMPTE TempPte; NTSTATUS status; NTSTATUS PfnStatus; PMMINPAGE_SUPPORT CapturedEvent; KIRQL OldIrql; PETHREAD CurrentThread; // // *********************************************************** // Transition PTE. // *********************************************************** // // // A transition PTE is either on the free or modified list, // on neither list because of its ReferenceCount // or currently being read in from the disk (read in progress). // If the page is read in progress, this is a collided page // and must be handled accordingly. // if (!PfnLockHeld) { LOCK_PFN (OldIrql); } TempPte = *PointerPte; if ((TempPte.u.Soft.Valid == 0) && (TempPte.u.Soft.Prototype == 0) && (TempPte.u.Soft.Transition == 1)) { // // Still in transition format. // MmInfoCounters.TransitionCount += 1; PageFrameIndex = MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&TempPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); if (Pfn1->u3.e1.InPageError) { // // There was an in-page read error and there are other // threads colliding for this page, delay to let the // other threads complete and return. // ASSERT (!NT_SUCCESS(Pfn1->u1.ReadStatus)); if (!PfnLockHeld) { UNLOCK_PFN (APC_LEVEL); } return Pfn1->u1.ReadStatus; } if (Pfn1->u3.e1.ReadInProgress) { // // Collided page fault. // #if DBG if (MmDebug & MM_DBG_COLLIDED_PAGE) { DbgPrint("MM:collided page fault\n"); } #endif CapturedEvent = (PMMINPAGE_SUPPORT)Pfn1->u1.Event; CurrentThread = PsGetCurrentThread(); if (CapturedEvent->u.Thread == CurrentThread) { // // This detects MmCopyToCachedPage deadlocks where both the // user and system address point at the same physical page. // // It also detects when the Io APC completion routine accesses // the same user page (ie: during an overlapped I/O) that // the user thread has already faulted on. // // Both cases above can result in fatal deadlocks and so must // be detected here. Return a unique status code so the // (legitimate) callers know this has happened so it can be // handled properly. In the first case above this means // restarting the entire operation immediately. In the second // case above it means requesting a callback from the Mm // once the first fault has completed. // // Note that non-legitimate callers must get back a failure // status so the thread can be terminated. // ASSERT ((CurrentThread->NestedFaultCount == 1) || (CurrentThread->NestedFaultCount == 2)); CurrentThread->ApcNeeded = 1; if (!PfnLockHeld) { UNLOCK_PFN (APC_LEVEL); } return STATUS_MULTIPLE_FAULT_VIOLATION; } // // Increment the reference count for the page so it won't be // reused until all collisions have been completed. // ASSERT (Pfn1->u2.ShareCount == 0); ASSERT (Pfn1->u3.e2.ReferenceCount != 0); ASSERT (Pfn1->u3.e1.LockCharged == 1); Pfn1->u3.e2.ReferenceCount += 1; CapturedEvent->WaitCount += 1; UNLOCK_PFN (APC_LEVEL); if (CurrentProcess == HYDRA_PROCESS) { CurrentThread = NULL; UNLOCK_SESSION_SPACE_WS (APC_LEVEL); } else if (CurrentProcess != NULL) { // // APCs must be explicitly disabled to prevent suspend APCs from // interrupting this thread before the wait has been issued. // Otherwise the APC can result in this page being locked // indefinitely until the suspend is released. // ASSERT (CurrentThread->NestedFaultCount <= 2); CurrentThread->NestedFaultCount += 1; KeEnterCriticalRegion(); UNLOCK_WS (CurrentProcess); } else { CurrentThread = NULL; UNLOCK_SYSTEM_WS (APC_LEVEL); } status = MiWaitForInPageComplete (Pfn1, PointerPte, FaultingAddress, &TempPte, CapturedEvent, CurrentProcess); // // MiWaitForInPageComplete RETURNS WITH THE WORKING SET LOCK // AND PFN LOCK HELD!!! // if (CurrentThread != NULL) { KeLeaveCriticalRegion(); ASSERT (CurrentThread->NestedFaultCount <= 3); ASSERT (CurrentThread->NestedFaultCount != 0); CurrentThread->NestedFaultCount -= 1; if ((CurrentThread->ApcNeeded == 1) && (CurrentThread->NestedFaultCount == 0)) { *ApcNeeded = TRUE; CurrentThread->ApcNeeded = 0; } } ASSERT (Pfn1->u3.e1.ReadInProgress == 0); if (status != STATUS_SUCCESS) { PfnStatus = Pfn1->u1.ReadStatus; MI_REMOVE_LOCKED_PAGE_CHARGE(Pfn1, 9); MiDecrementReferenceCount (PageFrameIndex); // // Check to see if an I/O error occurred on this page. // If so, try to free the physical page, wait a // half second and return a status of PTE_CHANGED. // This will result in success being returned to // the user and the fault will occur again and should // not be a transition fault this time. // if (Pfn1->u3.e1.InPageError == 1) { ASSERT (!NT_SUCCESS(PfnStatus)); status = PfnStatus; if (Pfn1->u3.e2.ReferenceCount == 0) { Pfn1->u3.e1.InPageError = 0; // // Only restore the transition PTE if the address // space still exists. Another thread may have // deleted the VAD while this thread waited for the // fault to complete - in this case, the frame // will be marked as free already. // if (Pfn1->u3.e1.PageLocation != FreePageList) { ASSERT (Pfn1->u3.e1.PageLocation == StandbyPageList); MiUnlinkPageFromList (Pfn1); MiRestoreTransitionPte (PageFrameIndex); MiInsertPageInList(MmPageLocationList[FreePageList], PageFrameIndex); } } } #if DBG if (MmDebug & MM_DBG_COLLIDED_PAGE) { DbgPrint("MM:decrement ref count - pte changed\n"); MiFormatPfn(Pfn1); } #endif if (!PfnLockHeld) { UNLOCK_PFN (APC_LEVEL); } // // Instead of returning status, always return STATUS_REFAULT. // This is to support filesystems that save state in the // ETHREAD of the thread that serviced the fault ! Since // collided threads never enter the filesystem, their ETHREADs // haven't been hacked up. Since this only matters when // errors occur (specifically STATUS_VERIFY_REQUIRED today), // retry any failed I/O in the context of each collider // to give the filesystems ample opportunity. // return STATUS_REFAULT; } } else { // // PTE refers to a normal transition PTE. // ASSERT (Pfn1->u3.e1.InPageError == 0); if (Pfn1->u3.e1.PageLocation == ActiveAndValid) { // // This page must contain an MmSt allocation of prototype PTEs. // Because these types of pages reside in paged pool (or special // pool) and are part of the system working set, they can be // trimmed at any time regardless of the share count. However, // if the share count is nonzero, then the page state will // remain active and the page will remain in memory - but the // PTE will be set to the transition state. Make the page // valid without incrementing the reference count, but // increment the share count. // ASSERT (((Pfn1->PteAddress >= MiGetPteAddress(MmPagedPoolStart)) && (Pfn1->PteAddress <= MiGetPteAddress(MmPagedPoolEnd))) || ((Pfn1->PteAddress >= MiGetPteAddress(MmSpecialPoolStart)) && (Pfn1->PteAddress <= MiGetPteAddress(MmSpecialPoolEnd)))); // // Don't increment the valid PTE count for the // page table page. // ASSERT (Pfn1->u2.ShareCount != 0); ASSERT (Pfn1->u3.e2.ReferenceCount != 0); } else { MiUnlinkPageFromList (Pfn1); // // Update the PFN database - the reference count must be // incremented as the share count is going to go from zero to 1. // ASSERT (Pfn1->u2.ShareCount == 0); // // The PFN reference count will be 1 already here if the // modified writer has begun a write of this page. Otherwise // it's ordinarily 0. // MI_ADD_LOCKED_PAGE_CHARGE_FOR_MODIFIED_PAGE (Pfn1, 8); Pfn1->u3.e2.ReferenceCount += 1; } } // // Join with collided page fault code to handle updating // the transition PTE. // ASSERT (Pfn1->u3.e1.InPageError == 0); if (Pfn1->u2.ShareCount == 0) { MI_REMOVE_LOCKED_PAGE_CHARGE (Pfn1, 9); } Pfn1->u2.ShareCount += 1; Pfn1->u3.e1.PageLocation = ActiveAndValid; MI_MAKE_TRANSITION_PTE_VALID (TempPte, PointerPte); // // If the modified field is set in the PFN database and this // page is not copy on modify, then set the dirty bit. // This can be done as the modified page will not be // written to the paging file until this PTE is made invalid. // if (Pfn1->u3.e1.Modified && TempPte.u.Hard.Write && (TempPte.u.Hard.CopyOnWrite == 0)) { MI_SET_PTE_DIRTY (TempPte); } else { MI_SET_PTE_CLEAN (TempPte); } MI_WRITE_VALID_PTE (PointerPte, TempPte); if (!PfnLockHeld) { if (Pfn1->u1.Event == 0) { Pfn1->u1.Event = (PVOID)PsGetCurrentThread(); } UNLOCK_PFN (APC_LEVEL); PERFINFO_SOFTFAULT(Pfn1, FaultingAddress, PERFINFO_LOG_TYPE_TRANSITIONFAULT) MiAddValidPageToWorkingSet (FaultingAddress, PointerPte, Pfn1, 0); } return STATUS_PAGE_FAULT_TRANSITION; } else { if (!PfnLockHeld) { UNLOCK_PFN (APC_LEVEL); } } return STATUS_REFAULT; }

VOID FASTCALL MiRestoreTransitionPte (  IN PFN_NUMBER  PageFrameIndex  )

Definition at line 1245 of file mmsup.c. References ASSERT, _SUBSECTION::ControlArea, MI_CAPTURE_USED_PAGETABLE_ENTRIES, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_IS_SESSION_PTE, MI_PFN_ELEMENT, MI_WRITE_INVALID_PTE, MiCheckForControlAreaDeletion(), MiDecrementShareCount(), MiGetByteOffset, MiGetPteAddress, MiGetSubsectionAddress, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_SYSTEM_SPACE_START, MmIsAddressValid(), _CONTROL_AREA::NumberOfPfnReferences, _MMPFN::OriginalPte, _MMPFN::PteAddress, _MMPFN::PteFrame, StandbyPageList, _MMPTE::u, and _MMPFN::u3. Referenced by MiDecrementReferenceCount(), MiDispatchFault(), MiFindContiguousMemory(), MiInsertPageInList(), MiRemovePageFromList(), MiRemovePhysicalPages(), MiResolveTransitionFault(), and MmAllocatePagesForMdl(). 01251 : 01252 01253 This procedure restores the original contents into the PTE (which could 01254 be a prototype PTE) referred to by the PFN database for the specified 01255 physical page. It also updates all necessary data structures to 01256 reflect the fact that the referenced PTE is no longer in transition. 01257 01258 The physical address of the referenced PTE is mapped into hyper space 01259 of the current process and the PTE is then updated. 01260 01261 Arguments: 01262 01263 PageFrameIndex - Supplies the physical page number which refers to a 01264 transition PTE. 01265 01266 Return Value: 01267 01268 none. 01269 01270 Environment: 01271 01272 Must be holding the PFN database mutex with APCs disabled. 01273 01274 --*/ 01275 01276 { 01277 PMMPFN Pfn1; 01278 PMMPTE PointerPte; 01279 PSUBSECTION Subsection; 01280 PCONTROL_AREA ControlArea; 01281 KIRQL OldIrql = 99; 01282 01283 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01284 01285 ASSERT (Pfn1->u3.e1.PageLocation == StandbyPageList); 01286 01287 if (Pfn1->u3.e1.PrototypePte) { 01288 01289 if (MmIsAddressValid (Pfn1->PteAddress)) { 01290 PointerPte = Pfn1->PteAddress; 01291 } else { 01292 01293 // 01294 // The page containing the prototype PTE is not valid, 01295 // map the page into hyperspace and reference it that way. 01296 // 01297 01298 PointerPte = MiMapPageInHyperSpace (Pfn1->PteFrame, &OldIrql); 01299 PointerPte = (PMMPTE)((PCHAR)PointerPte + 01300 MiGetByteOffset(Pfn1->PteAddress)); 01301 } 01302 01303 ASSERT ((MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (PointerPte) == PageFrameIndex) && 01304 (PointerPte->u.Hard.Valid == 0)); 01305 01306 // 01307 // This page is referenced by a prototype PTE. The 01308 // segment structures need to be updated when the page 01309 // is removed from the transition state. 01310 // 01311 01312 if (Pfn1->OriginalPte.u.Soft.Prototype) { 01313 01314 // 01315 // The prototype PTE is in subsection format, calculate the 01316 // address of the control area for the subsection and decrement 01317 // the number of PFN references to the control area. 01318 // 01319 // Calculate address of subsection for this prototype PTE. 01320 // 01321 01322 Subsection = MiGetSubsectionAddress (&Pfn1->OriginalPte); 01323 ControlArea = Subsection->ControlArea; 01324 ControlArea->NumberOfPfnReferences -= 1; 01325 ASSERT ((LONG)ControlArea->NumberOfPfnReferences >= 0); 01326 01327 MiCheckForControlAreaDeletion (ControlArea); 01328 } 01329 01330 } else { 01331 01332 // 01333 // The page points to a page or page table page which may not be 01334 // for the current process. Map the page into hyperspace and 01335 // reference it through hyperspace. If the page resides in 01336 // system space (but not session space), it does not need to be 01337 // mapped as all PTEs for system space must be resident. Session 01338 // space PTEs are only mapped per session so access to them must 01339 // also go through hyperspace. 01340 // 01341 01342 PointerPte = Pfn1->PteAddress; 01343 01344 if (PointerPte < MiGetPteAddress (MM_SYSTEM_SPACE_START) || 01345 MI_IS_SESSION_PTE (PointerPte)) { 01346 01347 PointerPte = MiMapPageInHyperSpace (Pfn1->PteFrame, &OldIrql); 01348 PointerPte = (PMMPTE)((PCHAR)PointerPte + 01349 MiGetByteOffset(Pfn1->PteAddress)); 01350 } 01351 ASSERT ((MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (PointerPte) == PageFrameIndex) && 01352 (PointerPte->u.Hard.Valid == 0)); 01353 01354 MI_CAPTURE_USED_PAGETABLE_ENTRIES (Pfn1); 01355 01356 #if _WIN64 01357 #if DBGXX 01358 MiCheckPageTableTrim(PointerPte); 01359 #endif 01360 #endif 01361 } 01362 01363 ASSERT (Pfn1->OriginalPte.u.Hard.Valid == 0); 01364 ASSERT (!((Pfn1->OriginalPte.u.Soft.Prototype == 0) && 01365 (Pfn1->OriginalPte.u.Soft.Transition == 1))); 01366 01367 MI_WRITE_INVALID_PTE (PointerPte, Pfn1->OriginalPte); 01368 01369 if (OldIrql != 99) { 01370 MiUnmapPageInHyperSpace (OldIrql); 01371 } 01372 01373 // 01374 // The PTE has been restored to its original contents and is 01375 // no longer in transition. Decrement the share count on 01376 // the page table page which contains the PTE. 01377 // 01378 01379 MiDecrementShareCount (Pfn1->PteFrame); 01380 01381 return; 01382 }

VOID FASTCALL MiReturnCommitment (  IN SIZE_T  QuotaCharge  )

Definition at line 442 of file mmquota.c. References ASSERT, FALSE, MiCommitExtensionActive, MmChargeCommitmentLock, MmExtendedCommit, MmExtendedCommitLimit, MmPageFileFullExtendPages, MmTotalCommitLimit, MmTotalCommittedPages, and TRUE. Referenced by MiCreateImageFileMap(), MiCreatePagingFileMap(), MiDereferenceSession(), MiFreeNonPagedPool(), MiFreePoolPages(), MiInitializeSessionPool(), MiLoadImageSection(), MiMapViewOfDataSection(), MiPageFileFull(), MiRemoveVad(), MiReturnPageTablePageCommitment(), MiSegmentDelete(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSetProtectionOnSection(), MiShareSessionImage(), MmAllocateNonCachedMemory(), MmAllocatePagesForMdl(), MmCleanProcessAddressSpace(), MmCreateKernelStack(), MmCreateProcessAddressSpace(), MmDeleteKernelStack(), MmDeleteProcessAddressSpace(), MmFreeDriverInitialization(), MmFreeNonCachedMemory(), MmFreePagesFromMdl(), MmFreeSpecialPool(), MmRemovePhysicalMemory(), MmUnloadSystemImage(), NtAllocateVirtualMemory(), NtCreatePagingFile(), and NtFreeVirtualMemory(). 00448 : 00449 00450 This routine releases page file quota. 00451 00452 Arguments: 00453 00454 QuotaCharge - Supplies the quota amount to charge. 00455 00456 CurrentProcess - Supplies a pointer to the current process. 00457 00458 Return Value: 00459 00460 none. 00461 00462 Environment: 00463 00464 Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes 00465 held. 00466 00467 --*/ 00468 00469 { 00470 KIRQL OldIrql; 00471 00472 ExAcquireFastLock (&MmChargeCommitmentLock, &OldIrql); 00473 00474 ASSERT (MmTotalCommittedPages >= QuotaCharge); 00475 00476 MmTotalCommittedPages -= QuotaCharge; 00477 00478 // 00479 // If commit allotments have been temporarily blocked then open the 00480 // floodgates provided either enough commit has been freed or the pagefile 00481 // extension has succeeded. 00482 // 00483 00484 if (MmPageFileFullExtendPages) { 00485 ASSERT (MmTotalCommittedPages >= MmPageFileFullExtendPages); 00486 MmTotalCommittedPages -= MmPageFileFullExtendPages; 00487 MmPageFileFullExtendPages = 0; 00488 } 00489 00490 // 00491 // If the system automatically granted an increase that can be returned 00492 // now, do it. 00493 // 00494 00495 if (MiCommitExtensionActive == TRUE) { 00496 00497 if ((MmExtendedCommitLimit != 0) && 00498 (MmTotalCommitLimit > MmTotalCommittedPages) && 00499 (MmTotalCommitLimit - MmTotalCommittedPages > MmExtendedCommitLimit)) { 00500 MmTotalCommitLimit -= MmExtendedCommitLimit; 00501 MmExtendedCommitLimit = 0; 00502 } 00503 00504 if (MmExtendedCommit != 0) { 00505 MmTotalCommittedPages -= MmExtendedCommit; 00506 MmExtendedCommit = 0; 00507 } 00508 00509 if ((MmExtendedCommitLimit == 0) && (MmExtendedCommit == 0)) { 00510 MiCommitExtensionActive = FALSE; 00511 } 00512 } 00513 00514 ExReleaseFastLock (&MmChargeCommitmentLock, OldIrql); 00515 return; 00516 }

VOID MiReturnPageFileQuota (  IN SIZE_T  QuotaCharge, IN PEPROCESS  CurrentProcess )

Definition at line 133 of file mmquota.c. 00140 : 00141 00142 This routine releases page file quota. 00143 00144 Arguments: 00145 00146 QuotaCharge - Supplies the quota amount to charge. 00147 00148 CurrentProcess - Supplies a pointer to the current process. 00149 00150 Return Value: 00151 00152 none. 00153 00154 Environment: 00155 00156 Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes 00157 held. 00158 00159 --*/ 00160 00161 { 00162 00163 PEPROCESS_QUOTA_BLOCK QuotaBlock; 00164 KIRQL OldIrql; 00165 00166 QuotaBlock = CurrentProcess->QuotaBlock; 00167 00168 retry_return: 00169 if ( QuotaBlock != &PspDefaultQuotaBlock) { 00170 ExAcquireFastLock (&QuotaBlock->QuotaLock, &OldIrql); 00171 do_return: 00172 ASSERT (CurrentProcess->PagefileUsage >= QuotaCharge); 00173 CurrentProcess->PagefileUsage -= QuotaCharge; 00174 00175 ASSERT (QuotaBlock->PagefileUsage >= QuotaCharge); 00176 QuotaBlock->PagefileUsage -= QuotaCharge; 00177 ExReleaseFastLock(&QuotaBlock->QuotaLock,OldIrql); 00178 } else { 00179 ExAcquireFastLock (&PspDefaultQuotaBlock.QuotaLock, &OldIrql); 00180 if ( (QuotaBlock = CurrentProcess->QuotaBlock) != &PspDefaultQuotaBlock ) { 00181 ExReleaseFastLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql); 00182 goto retry_return; 00183 } 00184 goto do_return; 00185 } 00186 return; 00187 }

VOID MiReturnPageTablePageCommitment (  IN PVOID  StartingAddress, IN PVOID  EndingAddress, IN PEPROCESS  CurrentProcess, IN PMMVAD  PreviousVad, IN PMMVAD  NextVad )

Definition at line 869 of file mmquota.c. References ASSERT, _MMWSL::CommittedPageTables, MI_CHECK_BIT, MI_CLEAR_BIT, MI_VPN_TO_VA, MiGetPpePdeOffset, MiReturnCommitment(), MiReturnPageFileQuota(), MM_DBG_COMMIT_RETURN_PAGETABLES, MM_TRACK_COMMIT, MmWorkingSetList, NULL, _MMWSL::NumberOfCommittedPageTables, PS_JOB_STATUS_REPORT_COMMIT_CHANGES, and PsChangeJobMemoryUsage(). Referenced by MmUnmapViewOfSection(), and NtFreeVirtualMemory(). : This routine returns commitment for COMPLETE page table pages which span the virtual address range. For example (assuming 4k pages), if the StartingAddress = 64k and the EndingAddress = 5mb, no page table charges would be freed as a complete page table page is not covered by the range. However, if the StartingAddress was 4mb and the EndingAddress was 9mb, 1 page table page would be freed. Arguments: StartingAddress - Supplies the starting address of the range. EndingAddress - Supplies the ending address of the range. CurrentProcess - Supplies a pointer to the current process. PreviousVad - Supplies a pointer to the previous VAD, NULL if none. NextVad - Supplies a pointer to the next VAD, NULL if none. Return Value: None. Environment: Kernel mode, APCs disabled, WorkingSetLock and AddressCreation mutexes held. --*/ { #ifdef _WIN64 DBG_UNREFERENCED_PARAMETER (StartingAddress); DBG_UNREFERENCED_PARAMETER (EndingAddress); DBG_UNREFERENCED_PARAMETER (CurrentProcess); DBG_UNREFERENCED_PARAMETER (PreviousVad); DBG_UNREFERENCED_PARAMETER (NextVad); #else ULONG NumberToClear; LONG FirstPage; LONG LastPage; LONG PreviousPage; LONG NextPage; // // Check to see if any page table pages would be freed. // ASSERT (StartingAddress != EndingAddress); if (PreviousVad == NULL) { PreviousPage = -1; } else { PreviousPage = MiGetPpePdeOffset (MI_VPN_TO_VA (PreviousVad->EndingVpn)); } if (NextVad == NULL) { NextPage = MiGetPpePdeOffset (MM_HIGHEST_USER_ADDRESS) + 1; } else { NextPage = MiGetPpePdeOffset (MI_VPN_TO_VA (NextVad->StartingVpn)); } ASSERT (PreviousPage <= NextPage); FirstPage = MiGetPpePdeOffset (StartingAddress); LastPage = MiGetPpePdeOffset (EndingAddress); if (PreviousPage == FirstPage) { // // A VAD is within the starting page table page. // FirstPage += 1; } if (NextPage == LastPage) { // // A VAD is within the ending page table page. // LastPage -= 1; } // // Indicate that the page table page is not in use. // if (FirstPage > LastPage) { return; } NumberToClear = 1 + LastPage - FirstPage; while (FirstPage <= LastPage) { ASSERT (MI_CHECK_BIT (MmWorkingSetList->CommittedPageTables, FirstPage)); MI_CLEAR_BIT (MmWorkingSetList->CommittedPageTables, FirstPage); FirstPage += 1; } MmWorkingSetList->NumberOfCommittedPageTables -= NumberToClear; MiReturnCommitment (NumberToClear); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGETABLES, NumberToClear); MiReturnPageFileQuota (NumberToClear, CurrentProcess); if (CurrentProcess->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { PsChangeJobMemoryUsage(-(SSIZE_T)NumberToClear); } CurrentProcess->CommitCharge -= NumberToClear; return; #endif }

VOID MiSectionDelete (  PVOID  Object  )

Definition at line 511 of file sectsup.c. References _SEGMENT::ControlArea, DbgPrint, LOCK_PFN, MiCheckControlArea(), MiRemoveBasedSection(), MM_DBG_SECTIONS, MmSectionBasedMutex, NULL, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfUserReferences, PSECTION, and _CONTROL_AREA::Segment. Referenced by MiSectionInitialization(). : This routine is called by the object management procedures whenever the last reference to a section object has been removed. This routine dereferences the associated segment object and checks to see if the segment object should be deleted by queueing the segment to the segment deletion thread. Arguments: Object - a pointer to the body of the section object. Return Value: None. --*/ { PSECTION Section; volatile PCONTROL_AREA ControlArea; KIRQL OldIrql; ULONG UserRef; Section = (PSECTION)Object; if (Section->Segment == (PSEGMENT)NULL) { // // The section was never initialized, no need to remove // any structures. // return; } UserRef = Section->u.Flags.UserReference; ControlArea = (volatile PCONTROL_AREA)Section->Segment->ControlArea; #if DBG if (MmDebug & MM_DBG_SECTIONS) { DbgPrint("MM:deleting section %lx control %lx\n",Section, ControlArea); } #endif if (Section->Address.StartingVpn != 0) { // // This section is based, remove the base address from the // tree. // // // Get the allocation base mutex. // ExAcquireFastMutex (&MmSectionBasedMutex); MiRemoveBasedSection (Section); ExReleaseFastMutex (&MmSectionBasedMutex); } // // Decrement the number of section references to the segment for this // section. This requires APCs to be blocked and the PFN lock to // synchronize upon. // LOCK_PFN (OldIrql); ControlArea->NumberOfSectionReferences -= 1; ControlArea->NumberOfUserReferences -= UserRef; // // This routine returns with the PFN lock released. // MiCheckControlArea (ControlArea, NULL, OldIrql); return; }

ULONG MiSectionInitialization (  VOID   )

VOID MiSegmentDelete (  PSEGMENT  Segment  )

Definition at line 191 of file sectsup.c. References ASSERT, _SEGMENT::BasedAddress, _SEGMENT::ControlArea, _SECTION_OBJECT_POINTERS::DataSectionObject, DbgPrint, _CONTROL_AREA::DereferenceList, Event(), ExFreePool(), FALSE, File, _FILE_OBJECT::FileName, _CONTROL_AREA::FilePointer, FreePageList, _SECTION_OBJECT_POINTERS::ImageSectionObject, IS_PTE_NOT_DEMAND_ZERO, KeSetEvent(), _MMDEREFERENCE_SEGMENT_HEADER::Lock, LOCK_PFN, MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MI_UNUSED_SEGMENTS_REMOVE_CHARGE, MI_WRITE_INVALID_PTE, MiDecrementShareCount(), MiInsertPageInList(), MiIsPteOnPdeBoundary, MiMakeSystemAddressValidPfn(), MiReleasePageFileSpace(), MiReturnCommitment(), MiUnlinkPageFromList(), MM_DBG_COMMIT_RETURN_SEGMENT_DELETE1, MM_DBG_COMMIT_RETURN_SEGMENT_DELETE2, MM_DBG_SECTIONS, MM_TRACK_COMMIT, MmDereferenceSegmentHeader, MmIsAddressValid(), MmPageLocationList, MmSectionCommitMutex, MmSharedCommit, _SUBSECTION::NextSubsection, _SEGMENT::NonExtendedPtes, NT_SUCCESS, NTSTATUS(), NULL, _SEGMENT::NumberOfCommittedPages, ObDereferenceObject, _MMPFN::OriginalPte, PERFINFO_SEGMENT_DELETE, _SEGMENT::PrototypePte, PsGetCurrentProcess, _MMPFN::PteFrame, RtlFreeAnsiString(), RtlUnicodeStringToAnsiString(), _FILE_OBJECT::SectionObjectPointer, Status, _SUBSECTION::SubsectionBase, TRUE, _CONTROL_AREA::u, _MMPTE::u, _MMPFN::u3, UNLOCK_PFN, _CONTROL_AREA::WaitingForDeletion, and ZeroPte. Referenced by MiCheckControlArea(), MiCleanSection(), and MiDereferenceSegmentThread(). 00197 : 00198 00199 This routine is called by the object management procedures whenever 00200 the last reference to a segment object has been removed. This routine 00201 releases the pool allocated for the prototype PTEs and performs 00202 consistency checks on those PTEs. 00203 00204 For segments which map files, the file object is dereferenced. 00205 00206 Note, that for a segment which maps a file, no PTEs may be valid 00207 or transition, while a segment which is backed by a paging file 00208 may have transition pages, but no valid pages (there can be no 00209 PTEs which refer to the segment). 00210 00211 00212 Arguments: 00213 00214 Segment - a pointer to the segment structure. 00215 00216 Return Value: 00217 00218 None. 00219 00220 --*/ 00221 00222 { 00223 PMMPTE PointerPte; 00224 PMMPTE LastPte; 00225 PMMPFN Pfn1; 00226 KIRQL OldIrql; 00227 KIRQL OldIrql2; 00228 volatile PFILE_OBJECT File; 00229 volatile PCONTROL_AREA ControlArea; 00230 PEVENT_COUNTER Event; 00231 MMPTE PteContents; 00232 PSUBSECTION Subsection; 00233 PSUBSECTION NextSubsection; 00234 SIZE_T CommittedPages; 00235 00236 PointerPte = Segment->PrototypePte; 00237 LastPte = PointerPte + Segment->NonExtendedPtes; 00238 00239 #if DBG 00240 if (MmDebug & MM_DBG_SECTIONS) { 00241 DbgPrint("MM:deleting segment %lx control %lx\n",Segment, Segment->ControlArea); 00242 } 00243 #endif 00244 00245 ControlArea = Segment->ControlArea; 00246 00247 ASSERT (ControlArea->u.Flags.BeingDeleted == 1); 00248 00249 LOCK_PFN (OldIrql2); 00250 if (ControlArea->DereferenceList.Flink != NULL) { 00251 00252 // 00253 // Remove this from the list of unused segments. 00254 // 00255 00256 ExAcquireSpinLock (&MmDereferenceSegmentHeader.Lock, &OldIrql); 00257 RemoveEntryList (&ControlArea->DereferenceList); 00258 00259 MI_UNUSED_SEGMENTS_REMOVE_CHARGE (ControlArea); 00260 00261 ExReleaseSpinLock (&MmDereferenceSegmentHeader.Lock, OldIrql); 00262 } 00263 UNLOCK_PFN (OldIrql2); 00264 00265 if (ControlArea->u.Flags.Image || 00266 ControlArea->u.Flags.File ) { 00267 00268 // 00269 // If there have been committed pages in this segment, adjust 00270 // the total commit count. 00271 // 00272 00273 00274 // 00275 // Unload kernel debugger symbols if any were loaded. 00276 // 00277 00278 if (ControlArea->u.Flags.DebugSymbolsLoaded != 0) { 00279 00280 // 00281 // TEMP TEMP TEMP rip out when debugger converted 00282 // 00283 00284 ANSI_STRING AnsiName; 00285 NTSTATUS Status; 00286 00287 Status = RtlUnicodeStringToAnsiString( &AnsiName, 00288 (PUNICODE_STRING)&Segment->ControlArea->FilePointer->FileName, 00289 TRUE ); 00290 00291 if (NT_SUCCESS( Status)) { 00292 DbgUnLoadImageSymbols( &AnsiName, 00293 Segment->BasedAddress, 00294 (ULONG_PTR)PsGetCurrentProcess()); 00295 RtlFreeAnsiString( &AnsiName ); 00296 } 00297 LOCK_PFN (OldIrql); 00298 ControlArea->u.Flags.DebugSymbolsLoaded = 0; 00299 UNLOCK_PFN (OldIrql); 00300 } 00301 00302 // 00303 // If the segment was deleted due to a name collision at insertion 00304 // we don't want to dereference the file pointer. 00305 // 00306 00307 if (ControlArea->u.Flags.BeingCreated == FALSE) { 00308 00309 // 00310 // Clear the segment context and dereference the file object 00311 // for this Segment. 00312 // 00313 00314 LOCK_PFN (OldIrql); 00315 00316 MiMakeSystemAddressValidPfn (Segment); 00317 File = (volatile PFILE_OBJECT)Segment->ControlArea->FilePointer; 00318 ControlArea = (volatile PCONTROL_AREA)Segment->ControlArea; 00319 00320 Event = ControlArea->WaitingForDeletion; 00321 ControlArea->WaitingForDeletion = NULL; 00322 00323 UNLOCK_PFN (OldIrql); 00324 00325 if (Event != NULL) { 00326 KeSetEvent (&Event->Event, 0, FALSE); 00327 } 00328 00329 #if DBG 00330 if (ControlArea->u.Flags.Image == 1) { 00331 ASSERT (ControlArea->FilePointer->SectionObjectPointer->ImageSectionObject != (PVOID)ControlArea); 00332 } else { 00333 ASSERT (ControlArea->FilePointer->SectionObjectPointer->DataSectionObject != (PVOID)ControlArea); 00334 } 00335 #endif //DBG 00336 00337 PERFINFO_SEGMENT_DELETE(ControlArea->FilePointer); 00338 00339 ObDereferenceObject (ControlArea->FilePointer); 00340 } 00341 00342 if (ControlArea->u.Flags.Image == 0) { 00343 00344 // 00345 // This is a mapped data file. None of the prototype 00346 // PTEs may be referencing a physical page (valid or transition). 00347 // 00348 00349 #if DBG 00350 while (PointerPte < LastPte) { 00351 00352 // 00353 // Prototype PTEs for segments backed by paging file 00354 // are either in demand zero, page file format, or transition. 00355 // 00356 00357 ASSERT (PointerPte->u.Hard.Valid == 0); 00358 ASSERT ((PointerPte->u.Soft.Prototype == 1) || 00359 (PointerPte->u.Long == 0)); 00360 PointerPte += 1; 00361 } 00362 #endif //DBG 00363 00364 // 00365 // Deallocate the control area and subsections. 00366 // 00367 00368 ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); 00369 00370 Subsection = (PSUBSECTION)(ControlArea + 1); 00371 00372 Subsection = Subsection->NextSubsection; 00373 00374 while (Subsection != NULL) { 00375 ExFreePool (Subsection->SubsectionBase); 00376 NextSubsection = Subsection->NextSubsection; 00377 ExFreePool (Subsection); 00378 Subsection = NextSubsection; 00379 } 00380 00381 if (Segment->NumberOfCommittedPages != 0) { 00382 MiReturnCommitment (Segment->NumberOfCommittedPages); 00383 MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SEGMENT_DELETE1, 00384 Segment->NumberOfCommittedPages); 00385 00386 ExAcquireFastMutex (&MmSectionCommitMutex); 00387 MmSharedCommit -= Segment->NumberOfCommittedPages; 00388 ExReleaseFastMutex (&MmSectionCommitMutex); 00389 } 00390 00391 ExFreePool (Segment->ControlArea); 00392 ExFreePool (Segment); 00393 00394 // 00395 // The file mapped Segment object is now deleted. 00396 // 00397 00398 return; 00399 } 00400 } 00401 00402 // 00403 // This is a page file backed or image Segment. The Segment is being 00404 // deleted, remove all references to the paging file and physical memory. 00405 // 00406 00407 // 00408 // The PFN lock is required for deallocating pages from a paging 00409 // file and for deleting transition PTEs. 00410 // 00411 00412 LOCK_PFN (OldIrql); 00413 00414 MiMakeSystemAddressValidPfn (PointerPte); 00415 00416 while (PointerPte < LastPte) { 00417 00418 if (MiIsPteOnPdeBoundary(PointerPte)) { 00419 00420 // 00421 // We are on a page boundary, make sure this PTE is resident. 00422 // 00423 00424 if (MmIsAddressValid (PointerPte) == FALSE) { 00425 00426 MiMakeSystemAddressValidPfn (PointerPte); 00427 } 00428 } 00429 00430 PteContents = *PointerPte; 00431 00432 // 00433 // Prototype PTEs for Segments backed by paging file 00434 // are either in demand zero, page file format, or transition. 00435 // 00436 00437 ASSERT (PteContents.u.Hard.Valid == 0); 00438 00439 if (PteContents.u.Soft.Prototype == 0) { 00440 00441 if (PteContents.u.Soft.Transition == 1) { 00442 00443 // 00444 // Prototype PTE in transition, put the page on the free list. 00445 // 00446 00447 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Trans.PageFrameNumber); 00448 00449 MI_SET_PFN_DELETED (Pfn1); 00450 00451 MiDecrementShareCount (Pfn1->PteFrame); 00452 00453 // 00454 // Check the reference count for the page, if the reference 00455 // count is zero and the page is not on the freelist, 00456 // move the page to the free list, if the reference 00457 // count is not zero, ignore this page. 00458 // When the reference count goes to zero, it will be placed 00459 // on the free list. 00460 // 00461 00462 if (Pfn1->u3.e2.ReferenceCount == 0) { 00463 MiUnlinkPageFromList (Pfn1); 00464 MiReleasePageFileSpace (Pfn1->OriginalPte); 00465 MiInsertPageInList (MmPageLocationList[FreePageList], 00466 MI_GET_PAGE_FRAME_FROM_TRANSITION_PTE (&PteContents)); 00467 } 00468 00469 } else { 00470 00471 // 00472 // This is not a prototype PTE, if any paging file 00473 // space has been allocated, release it. 00474 // 00475 00476 if (IS_PTE_NOT_DEMAND_ZERO (PteContents)) { 00477 MiReleasePageFileSpace (PteContents); 00478 } 00479 } 00480 } 00481 #if DBG 00482 MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); 00483 #endif 00484 PointerPte += 1; 00485 } 00486 00487 UNLOCK_PFN (OldIrql); 00488 00489 // 00490 // If there have been committed pages in this segment, adjust 00491 // the total commit count. 00492 // 00493 00494 if (Segment->NumberOfCommittedPages != 0) { 00495 MiReturnCommitment (Segment->NumberOfCommittedPages); 00496 MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SEGMENT_DELETE2, 00497 Segment->NumberOfCommittedPages); 00498 00499 ExAcquireFastMutex (&MmSectionCommitMutex); 00500 MmSharedCommit -= Segment->NumberOfCommittedPages; 00501 ExReleaseFastMutex (&MmSectionCommitMutex); 00502 } 00503 00504 ExFreePool (Segment->ControlArea); 00505 ExFreePool (Segment); 00506 00507 return; 00508 }

VOID MiSessionAddProcess (  IN PEPROCESS  NewProcess  )

NTSTATUS MiSessionCommitImagePages (  PVOID  BaseAddr, SIZE_T  Size )

NTSTATUS MiSessionCommitPageTables (  PVOID  StartVa, PVOID  EndVa )

Referenced by MiMapViewInSystemSpace().

NTSTATUS MiSessionCopyOnWrite (  IN PMM_SESSION_SPACE  SessionSpace, IN PVOID  FaultingAddress, IN PMMPTE  PointerPte )

Definition at line 4446 of file pagfault.c. References ASSERT, _MMINFO_COUNTERS::CopyOnWriteCount, _MM_SESSION_SPACE::CopyOnWriteCount, HYDRA_PROCESS, LOCK_PFN, MI_FLUSH_SINGLE_SESSION_TB, MI_GET_PAGE_FRAME_FROM_PTE, MI_GET_SECONDARY_COLOR, MI_IS_PTE_DIRTY, MI_PFN_ELEMENT, MI_SET_ACCESSED_IN_PTE, MI_SET_PTE_DIRTY, MiDecrementShareCount(), MiEnsureAvailablePageOrWait(), MiGetVirtualAddressMappedByPte, MiInitializeCopyOnWritePfn(), MiLocateWsle(), MiMapPageInHyperSpace(), MiRemoveAnyPage(), MiUnmapPageInHyperSpace, MmInfoCounters, MmSessionSpace, NULL, PAGE_SIZE, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u3, UNLOCK_PFN, and WSLE_NUMBER. Referenced by MmAccessFault(). : This function handles copy on write for image mapped session space. Arguments: SessionSpace - Supplies the session space being referenced. FaultingAddress - Supplies the address which caused the page fault. PointerPte - Supplies the pointer to the PTE which caused the page fault. Return Value: STATUS_SUCCESS. Environment: Kernel mode, APCs disabled, session WSL held. --*/ { MMPTE TempPte; MMPTE PreviousPte; PFN_NUMBER PageFrameIndex; PFN_NUMBER NewPageIndex; PULONG CopyTo; KIRQL OldIrql; PMMPFN Pfn1; PVOID VirtualAddress; WSLE_NUMBER WorkingSetIndex; #if defined(_IA64_) UNREFERENCED_PARAMETER (FaultingAddress); #endif PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u3.e1.PrototypePte == 1); // // Acquire the PFN mutex. // VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); WorkingSetIndex = MiLocateWsle (VirtualAddress, SessionSpace->Vm.VmWorkingSetList, Pfn1->u1.WsIndex); LOCK_PFN (OldIrql); // // The page must be copied into a new page. // if (MiEnsureAvailablePageOrWait(HYDRA_PROCESS, NULL)) { // // A wait operation was performed to obtain an available // page and the working set mutex and PFN mutexes have // been released and various things may have changed for // the worse. Rather than examine all the conditions again, // return and if things are still proper, the fault will // be taken again. // UNLOCK_PFN (OldIrql); return STATUS_SUCCESS; } // // Verify that the page did not go into transition while the // PFN lock was released. If it changed state, refault it in. // TempPte = *(volatile MMPTE *)PointerPte; if (!(TempPte.u.Hard.Valid && TempPte.u.Hard.Write == 0)) { UNLOCK_PFN (OldIrql); return STATUS_SUCCESS; } // // Increment the number of private pages. // MmInfoCounters.CopyOnWriteCount += 1; MmSessionSpace->CopyOnWriteCount += 1; // // A page is being copied and made private, the global state of // the shared page does not need to be updated at this point because // it is guaranteed to be clean - no POSIX-style forking is allowed on // session addresses. // ASSERT (Pfn1->u3.e1.Modified == 0); ASSERT (!MI_IS_PTE_DIRTY(*PointerPte)); // // Get a new page with the same color as this page. // NewPageIndex = MiRemoveAnyPage (MI_GET_SECONDARY_COLOR (PageFrameIndex, Pfn1)); MiInitializeCopyOnWritePfn (NewPageIndex, PointerPte, WorkingSetIndex, SessionSpace); UNLOCK_PFN (OldIrql); // // Copy the accessed readonly page into the newly allocated writable page. // CopyTo = (PULONG)MiMapPageInHyperSpace (NewPageIndex, &OldIrql); RtlCopyMemory (CopyTo, VirtualAddress, PAGE_SIZE); MiUnmapPageInHyperSpace (OldIrql); // // Since the page was a copy on write page, make it // accessed, dirty and writable. Also clear the copy-on-write // bit in the PTE. // MI_SET_PTE_DIRTY (TempPte); TempPte.u.Hard.Write = 1; MI_SET_ACCESSED_IN_PTE (&TempPte, 1); TempPte.u.Hard.CopyOnWrite = 0; TempPte.u.Hard.PageFrameNumber = NewPageIndex; // // If the modify bit is set in the PFN database for the // page, the data cache must be flushed. This is due to the // fact that this process may have been cloned and the cache // still contains stale data destined for the page we are // going to remove. // ASSERT (TempPte.u.Hard.Valid == 1); LOCK_PFN (OldIrql); // // Flush the TB entry for this page. // MI_FLUSH_SINGLE_SESSION_TB (FaultingAddress, TRUE, TRUE, (PHARDWARE_PTE)PointerPte, TempPte.u.Flush, PreviousPte); ASSERT (Pfn1->u3.e1.PrototypePte == 1); // // Decrement the share count for the page which was copied // as this PTE no longer refers to it. // MiDecrementShareCount (PageFrameIndex); UNLOCK_PFN (OldIrql); return STATUS_SUCCESS; }

NTSTATUS MiSessionInitializeWorkingSetList (  VOID   )

Definition at line 1881 of file wslist.c. References _MMSUPPORT::AllowWorkingSetAdjustment, ASSERT, BYTES_TO_PAGES, _MM_SESSION_SPACE::CommittedPages, CONSISTENCY_LOCK_PFN, CONSISTENCY_UNLOCK_PFN, DbgPrint, ExDeleteResource, ExInitializeResource, FALSE, _MMWSL::FirstDynamic, _MMWSL::FirstFree, _MMWSL::HashTable, _MMWSL::HashTableSize, _MMWSL::HashTableStart, _MMWSL::HighestPermittedHashAddress, Index, _MMWSL::LastEntry, _MMWSL::LastInitializedWsle, LOCK_EXPANSION, LOCK_PFN, _MMSUPPORT::MaximumWorkingSetSize, MI_GET_PAGE_COLOR_FROM_VA, MI_NONPAGABLE_MEMORY_AVAILABLE, MI_PFN_ELEMENT, MI_SESSION_MAXIMUM_WORKING_SET, MI_SESSION_SPACE_WORKING_SET_MAXIMUM, MI_SESSION_SPACE_WORKING_SET_MINIMUM, MI_SESSION_SPACE_WS, MI_SESSION_VIEW_START, MI_SET_PTE_DIRTY, MI_SET_PTE_IN_WORKING_SET, MI_WRITE_VALID_PTE, MiChargeCommitment(), MiEnsureAvailablePageOrWait(), MiFillMemoryPte, MiGetPdeAddress, MiGetPdeSessionIndex, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiGrowWsleHash(), MiInitializePfn(), MiInitializePfnForOtherProcess(), _MMSUPPORT::MinimumWorkingSetSize, MiRemoveAnyPage(), MiRemoveZeroPage(), MiRemoveZeroPageIfAny, MiReturnCommitment(), MiSessionWsList, MiZeroPhysicalPage(), MM_BUMP_COUNTER, MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_RETURN_SESSION_WSL_FAILURE, MM_DBG_COMMIT_SESSION_WS_INIT, MM_DBG_SESSION_WS_PAGE_ALLOC, MM_DBG_SESSION_WS_PAGETABLE_ALLOC, MM_DEMAND_ZERO_WRITE_PTE, MM_FREE_WSLE_SHIFT, MM_SESSION_FAILURE_NO_COMMIT, MM_SESSION_FAILURE_NO_RESIDENT, MM_TRACK_COMMIT, MM_VA_MAPPED_BY_PDE, MmResidentAvailablePages, MmSessionSpace, _MMWSL::NextSlot, _MM_SESSION_SPACE::NonPagablePages, NULL, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, _MM_SESSION_SPACE::PagedPoolStart, _MM_SESSION_SPACE::PageTables, _MMWSL::Quota, SESSION_GLOBAL, _MM_SESSION_SPACE::SessionPageDirectoryIndex, TRUE, _MMPTE::u, _MMSUPPORT::u, _MM_SESSION_SPACE::u, _MMPFN::u1, _MMWSLE::u1, UNLOCK_EXPANSION, UNLOCK_PFN, _MMWSL::UsedPageTableEntries, ValidKernelPdeLocal, ValidKernelPteLocal, _MM_SESSION_SPACE::Vm, _MMSUPPORT::VmWorkingSetList, _MM_SESSION_SPACE::WorkingSetLockOwner, _MMSUPPORT::WorkingSetSize, _MM_SESSION_SPACE::Wsle, _MMWSL::Wsle, WSLE_NULL_INDEX, WSLE_NUMBER, _MM_SESSION_SPACE::WsListEntry, _MM_SESSION_SPACE::WsLock, and ZeroKernelPte. Referenced by MmSessionCreate(). : This function initializes the working set for the session space and adds it to the list of session space working sets. Arguments: None. Return Value: NT_SUCCESS if success or STATUS_NO_MEMORY on failure. Environment: Kernel mode, APC_LEVEL or below, no mutexes held. --*/ { ULONG i; KIRQL OldIrql; PMMPTE PointerPte; PMMPTE PointerPde; MMPTE TempPte; PMMWSLE WslEntry; PMMPFN Pfn1; ULONG PageColor; PFN_NUMBER ResidentPages; ULONG Index; PFN_NUMBER PageFrameIndex; ULONG CurrentEntry; ULONG NumberOfEntriesMapped; ULONG_PTR AdditionalBytes; ULONG NumberOfEntriesMappedByFirstPage; ULONG WorkingSetMaximum; PMM_SESSION_SPACE SessionGlobal; LOGICAL AllocatedPageTable; // // Use the global address for pointer references by // MmWorkingSetManager before it attaches to the address space. // SessionGlobal = SESSION_GLOBAL (MmSessionSpace); // // Set up the working set variables. // WorkingSetMaximum = MI_SESSION_SPACE_WORKING_SET_MAXIMUM; MmSessionSpace->Vm.VmWorkingSetList = (PMMWSL)MI_SESSION_SPACE_WS; #if defined (_WIN64) MmSessionSpace->Wsle = (PMMWSLE)(MmSessionSpace->Vm.VmWorkingSetList + 1); #else MmSessionSpace->Wsle = (PMMWSLE)(&MmSessionSpace->Vm.VmWorkingSetList->UsedPageTableEntries[0]); #endif ASSERT (MmSessionSpace->WorkingSetLockOwner == NULL); ASSERT (MmSessionSpace->WorkingSetLockOwnerCount == 0); // // Build the PDE entry for the working set - note that the global bit // must be turned off. // PointerPde = MiGetPdeAddress (MmSessionSpace->Vm.VmWorkingSetList); // // The page table page for the working set and its first data page // are charged against MmResidentAvailablePages and for commitment. // if (PointerPde->u.Hard.Valid == 1) { // // The page directory entry for the working set is the same // as for another range in the session space. Share the PDE. // #ifndef _IA64_ ASSERT (PointerPde->u.Hard.Global == 0); #endif AllocatedPageTable = FALSE; ResidentPages = 1; } else { AllocatedPageTable = TRUE; ResidentPages = 2; } PointerPte = MiGetPteAddress (MmSessionSpace->Vm.VmWorkingSetList); // // The data pages needed to map up to maximum working set size are also // charged against MmResidentAvailablePages and for commitment. // NumberOfEntriesMappedByFirstPage = (WSLE_NUMBER)( ((PMMWSLE)((ULONG_PTR)MmSessionSpace->Vm.VmWorkingSetList + PAGE_SIZE)) - MmSessionSpace->Wsle); if (WorkingSetMaximum > NumberOfEntriesMappedByFirstPage) { AdditionalBytes = (WorkingSetMaximum - NumberOfEntriesMappedByFirstPage) * sizeof (MMWSLE); ResidentPages += BYTES_TO_PAGES (AdditionalBytes); } if (MiChargeCommitment (ResidentPages, NULL) == FALSE) { #if DBG DbgPrint("MiSessionInitializeWorkingSetList: No commit for %d pages\n", ResidentPages); #endif MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); return STATUS_NO_MEMORY; } MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_WS_INIT, ResidentPages); // // Use the global address for resources since they are linked // into the global system wide resource list. // ExInitializeResource (&SessionGlobal->WsLock); LOCK_PFN (OldIrql); // // Check to make sure the physical pages are available. // if ((SPFN_NUMBER)ResidentPages > MI_NONPAGABLE_MEMORY_AVAILABLE() - 20) { #if DBG DbgPrint("MiSessionInitializeWorkingSetList: No Resident Pages %d, Need %d\n", MmResidentAvailablePages, ResidentPages); #endif UNLOCK_PFN (OldIrql); MiReturnCommitment (ResidentPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_SESSION_WSL_FAILURE, ResidentPages); ExDeleteResource (&SessionGlobal->WsLock); MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_RESIDENT); return STATUS_NO_MEMORY; } MmResidentAvailablePages -= ResidentPages; MM_BUMP_COUNTER(50, ResidentPages); if (AllocatedPageTable == TRUE) { MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_WS_PAGETABLE_ALLOC, 1); MiEnsureAvailablePageOrWait (NULL, NULL); PageColor = MI_GET_PAGE_COLOR_FROM_VA (NULL); PageFrameIndex = MiRemoveZeroPageIfAny (PageColor); if (PageFrameIndex == 0) { PageFrameIndex = MiRemoveAnyPage (PageColor); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageFrameIndex, PageColor); LOCK_PFN (OldIrql); } // // The global bit is masked off since we need to make sure the TB entry // is flushed when we switch to a process in a different session space. // TempPte.u.Long = ValidKernelPdeLocal.u.Long; TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_WRITE_VALID_PTE (PointerPde, TempPte); #if !defined (_WIN64) // // Add this to the session structure so other processes can fault it in. // Index = MiGetPdeSessionIndex (MmSessionSpace->Vm.VmWorkingSetList); MmSessionSpace->PageTables[Index] = TempPte; #endif // // This page frame references the session space page table page. // MiInitializePfnForOtherProcess (PageFrameIndex, PointerPde, MmSessionSpace->SessionPageDirectoryIndex); MiFillMemoryPte (PointerPte, PAGE_SIZE, ZeroKernelPte.u.Long); Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); // // This page is never paged, ensure that its WsIndex stays clear so the // release of the page will be handled correctly. // ASSERT (Pfn1->u1.WsIndex == 0); KeFillEntryTb ((PHARDWARE_PTE) PointerPde, PointerPte, FALSE); } MiEnsureAvailablePageOrWait (NULL, NULL); PageColor = MI_GET_PAGE_COLOR_FROM_VA (NULL); PageFrameIndex = MiRemoveZeroPageIfAny (PageColor); if (PageFrameIndex == 0) { PageFrameIndex = MiRemoveAnyPage (PageColor); UNLOCK_PFN (OldIrql); MiZeroPhysicalPage (PageFrameIndex, PageColor); LOCK_PFN (OldIrql); } MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_WS_PAGE_ALLOC, ResidentPages - 1); #if DBG Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u1.WsIndex == 0); #endif // // The global bit is masked off since we need to make sure the TB entry // is flushed when we switch to a process in a different session space. // TempPte.u.Long = ValidKernelPteLocal.u.Long; MI_SET_PTE_DIRTY (TempPte); TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_WRITE_VALID_PTE (PointerPte, TempPte); MiInitializePfn (PageFrameIndex, PointerPte, 1); #if DBG Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u1.WsIndex == 0); #endif UNLOCK_PFN (OldIrql); KeFillEntryTb ((PHARDWARE_PTE) PointerPte, (PMMPTE)MmSessionSpace->Vm.VmWorkingSetList, FALSE); // // Fill in the reserved slots starting with the session data page. // WslEntry = MmSessionSpace->Wsle; WslEntry->u1.VirtualAddress = (PVOID)MmSessionSpace; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (MiGetPteAddress (WslEntry->u1.VirtualAddress)->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); // // The next reserved slot is for the page table page mapping // the session data page. // WslEntry += 1; WslEntry->u1.VirtualAddress = MiGetPteAddress (MmSessionSpace); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (MiGetPteAddress (WslEntry->u1.VirtualAddress)->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmSessionSpace->Wsle); CONSISTENCY_UNLOCK_PFN (OldIrql); // // The next reserved slot is for the working set page. // WslEntry += 1; WslEntry->u1.VirtualAddress = MmSessionSpace->Vm.VmWorkingSetList; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmSessionSpace->Wsle); CONSISTENCY_UNLOCK_PFN (OldIrql); if (AllocatedPageTable == TRUE) { // // The next reserved slot is for the page table page // mapping the working set page. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)PointerPte; WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (MiGetPteAddress (WslEntry->u1.VirtualAddress)->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmSessionSpace->Wsle); CONSISTENCY_UNLOCK_PFN (OldIrql); } // // The next reserved slot is for the page table page // mapping the first session paged pool page. // WslEntry += 1; WslEntry->u1.VirtualAddress = (PVOID)MiGetPteAddress (MmSessionSpace->PagedPoolStart); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (MiGetPteAddress (WslEntry->u1.VirtualAddress)->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); CONSISTENCY_LOCK_PFN (OldIrql); Pfn1->u1.WsIndex = (WSLE_NUMBER)(WslEntry - MmSessionSpace->Wsle); CONSISTENCY_UNLOCK_PFN (OldIrql); CurrentEntry = (WSLE_NUMBER)(WslEntry + 1 - MmSessionSpace->Wsle); MmSessionSpace->Vm.u.Flags.SessionSpace = 1; MmSessionSpace->Vm.MinimumWorkingSetSize = MI_SESSION_SPACE_WORKING_SET_MINIMUM; MmSessionSpace->Vm.MaximumWorkingSetSize = WorkingSetMaximum; // // Don't trim from this session till we're finished setting up and // it's got some pages in it... // MmSessionSpace->Vm.AllowWorkingSetAdjustment = FALSE; MmSessionSpace->Vm.VmWorkingSetList->LastEntry = MI_SESSION_SPACE_WORKING_SET_MINIMUM; MmSessionSpace->Vm.VmWorkingSetList->Quota = MmSessionSpace->Vm.VmWorkingSetList->LastEntry; MmSessionSpace->Vm.VmWorkingSetList->HashTable = NULL; MmSessionSpace->Vm.VmWorkingSetList->HashTableSize = 0; MmSessionSpace->Vm.VmWorkingSetList->Wsle = MmSessionSpace->Wsle; MmSessionSpace->Vm.VmWorkingSetList->HashTableStart = (PVOID)((PCHAR)PAGE_ALIGN (&MmSessionSpace->Wsle[MI_SESSION_MAXIMUM_WORKING_SET]) + PAGE_SIZE); #if defined (_X86PAE_) // // One less page table page is needed on PAE systems. // MmSessionSpace->Vm.VmWorkingSetList->HighestPermittedHashAddress = (PVOID)(MI_SESSION_VIEW_START - MM_VA_MAPPED_BY_PDE); #else MmSessionSpace->Vm.VmWorkingSetList->HighestPermittedHashAddress = (PVOID)MI_SESSION_VIEW_START; #endif NumberOfEntriesMapped = (WSLE_NUMBER)(((PMMWSLE)((ULONG_PTR)MmSessionSpace->Vm.VmWorkingSetList + PAGE_SIZE)) - MmSessionSpace->Wsle); LOCK_PFN (OldIrql); while (NumberOfEntriesMapped < WorkingSetMaximum) { PointerPte += 1; MiEnsureAvailablePageOrWait (NULL, NULL); PageFrameIndex = MiRemoveZeroPage(MI_GET_PAGE_COLOR_FROM_VA (NULL)); PointerPte->u.Long = MM_DEMAND_ZERO_WRITE_PTE; MiInitializePfn (PageFrameIndex, PointerPte, 1); TempPte.u.Hard.PageFrameNumber = PageFrameIndex; MI_SET_PTE_IN_WORKING_SET (&TempPte, CurrentEntry); MI_WRITE_VALID_PTE (PointerPte, TempPte); WslEntry += 1; WslEntry->u1.VirtualAddress = MiGetVirtualAddressMappedByPte (PointerPte); WslEntry->u1.e1.Valid = 1; WslEntry->u1.e1.LockedInWs = 1; WslEntry->u1.e1.Direct = 1; Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); ASSERT (Pfn1->u1.WsIndex == 0); Pfn1->u1.WsIndex = CurrentEntry; // MiInsertWsle(CurrentEntry, MmWorkingSetList); CurrentEntry += 1; NumberOfEntriesMapped += PAGE_SIZE / sizeof(MMWSLE); } UNLOCK_PFN (OldIrql); MmSessionSpace->Vm.WorkingSetSize = CurrentEntry; MmSessionSpace->Vm.VmWorkingSetList->FirstFree = CurrentEntry; MmSessionSpace->Vm.VmWorkingSetList->FirstDynamic = CurrentEntry; MmSessionSpace->Vm.VmWorkingSetList->NextSlot = CurrentEntry; MmSessionSpace->NonPagablePages += ResidentPages; MmSessionSpace->CommittedPages += ResidentPages; // // Initialize the following slots as free. // WslEntry = MmSessionSpace->Wsle + CurrentEntry; for (i = CurrentEntry + 1; i < NumberOfEntriesMapped; i += 1) { // // Build the free list, note that the first working // set entries (CurrentEntry) are not on the free list. // These entries are reserved for the pages which // map the working set and the page which contains the PDE. // WslEntry->u1.Long = i << MM_FREE_WSLE_SHIFT; WslEntry += 1; } WslEntry->u1.Long = WSLE_NULL_INDEX << MM_FREE_WSLE_SHIFT; // End of list. MmSessionSpace->Vm.VmWorkingSetList->LastInitializedWsle = NumberOfEntriesMapped - 1; if (WorkingSetMaximum > ((1536*1024) >> PAGE_SHIFT)) { // // The working set list consists of more than a single page. // MiGrowWsleHash (&MmSessionSpace->Vm); } // // Put this session's working set in lists using its global address. // LOCK_EXPANSION (OldIrql); InsertTailList (&MiSessionWsList, &SessionGlobal->WsListEntry); MmSessionSpace->u.Flags.HasWsLock = 1; MmSessionSpace->u.Flags.SessionListInserted = 1; UNLOCK_EXPANSION (OldIrql); return STATUS_SUCCESS; }

VOID MiSessionInSwapProcess (  IN PEPROCESS  Process  )

Definition at line 2737 of file session.c. References ASSERT, DbgPrint, _MM_SESSION_SPACE::GlobalVirtualAddress, LOCK_EXPANSION, MI_GET_DIRECTORY_FRAME_FROM_PROCESS, MI_GET_PAGE_FRAME_FROM_PTE, MiGetPdeOffset, MiGetPpeOffset, MiGetPteAddress, MiGetPteOffset, MiHydra, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_DBG_SESSIONS, MmSessionSpace, _MM_SESSION_SPACE::ProcessList, _MM_SESSION_SPACE::ProcessOutSwapCount, _MM_SESSION_SPACE::ReferenceCount, _MM_SESSION_SPACE::SessionId, TRUE, _MMSUPPORT::u, UNLOCK_EXPANSION, _MM_SESSION_SPACE::Vm, and _MMSUPPORT::WorkingSetSize. Referenced by MmInSwapProcess(). 02743 : 02744 02745 This routine in swaps the specified process. 02746 02747 Arguments: 02748 02749 Process - Supplies a pointer to the process that is to be swapped 02750 into memory. 02751 02752 Return Value: 02753 02754 None. 02755 02756 Environment: 02757 02758 Kernel mode. This routine must not enter a wait state for memory resources 02759 or the system will deadlock. 02760 02761 --*/ 02762 02763 { 02764 MMPTE TempPte; 02765 PFN_NUMBER PdePage; 02766 PMMPTE PageDirectoryMap; 02767 KIRQL OldIrql; 02768 PFN_NUMBER SessionPage; 02769 PMM_SESSION_SPACE SessionGlobal; 02770 #if DBG 02771 ULONG InCount; 02772 ULONG OutCount; 02773 PLIST_ENTRY NextEntry; 02774 #endif 02775 #if defined (_X86PAE_) 02776 ULONG i; 02777 PPAE_ENTRY PaeVa; 02778 #endif 02779 02780 ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); 02781 02782 // 02783 // smss doesn't count when we catch it before it has detached from the 02784 // session it is currently creating. 02785 // 02786 02787 if (Process->Vm.u.Flags.SessionLeader == 1) { 02788 return; 02789 } 02790 02791 ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); 02792 02793 // 02794 // smss doesn't count when we swap it before it has detached from the 02795 // session it is currently creating. 02796 // 02797 02798 if (Process->Vm.u.Flags.SessionLeader == 1) { 02799 return; 02800 } 02801 02802 #if defined (_X86PAE_) 02803 PaeVa = Process->PaeTop; 02804 02805 #if DBG 02806 for (i = 0; i < PD_PER_SYSTEM; i += 1) { 02807 ASSERT (PaeVa->PteEntry[i].u.Hard.Valid == 1); 02808 } 02809 #endif 02810 02811 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&PaeVa->PteEntry[MiGetPdPteOffset(MmSessionSpace)]); 02812 02813 #else 02814 PdePage = MI_GET_DIRECTORY_FRAME_FROM_PROCESS(Process); 02815 #endif 02816 02817 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02818 02819 #if defined (_WIN64) 02820 TempPte = PageDirectoryMap[MiGetPpeOffset(MmSessionSpace)]; 02821 02822 MiUnmapPageInHyperSpace (OldIrql); 02823 02824 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02825 02826 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02827 #endif 02828 02829 TempPte = PageDirectoryMap[MiGetPdeOffset(MmSessionSpace)]; 02830 02831 MiUnmapPageInHyperSpace (OldIrql); 02832 02833 PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02834 02835 PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); 02836 02837 TempPte = PageDirectoryMap[MiGetPteOffset(MmSessionSpace)]; 02838 02839 MiUnmapPageInHyperSpace (OldIrql); 02840 02841 SessionPage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); 02842 02843 SessionGlobal = (PMM_SESSION_SPACE) MiMapPageInHyperSpace (SessionPage, 02844 &OldIrql); 02845 02846 ASSERT (MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(SessionGlobal->GlobalVirtualAddress)) == SessionPage); 02847 02848 SessionGlobal = SessionGlobal->GlobalVirtualAddress; 02849 02850 MiUnmapPageInHyperSpace (OldIrql); 02851 02852 LOCK_EXPANSION (OldIrql); 02853 02854 #if DBG 02855 ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount > 0); 02856 02857 InCount = 0; 02858 OutCount = 0; 02859 NextEntry = SessionGlobal->ProcessList.Flink; 02860 02861 while (NextEntry != &SessionGlobal->ProcessList) { 02862 Process = CONTAINING_RECORD (NextEntry, EPROCESS, SessionProcessLinks); 02863 02864 if (Process->ProcessOutswapEnabled == TRUE) { 02865 OutCount += 1; 02866 } 02867 else { 02868 InCount += 1; 02869 } 02870 02871 NextEntry = NextEntry->Flink; 02872 } 02873 02874 if (InCount + OutCount > SessionGlobal->ReferenceCount) { 02875 DbgPrint ("MiSessionInSwapProcess : count mismatch %p %x %x %x\n", 02876 SessionGlobal, 02877 SessionGlobal->ReferenceCount, 02878 InCount, 02879 OutCount); 02880 DbgBreakPoint (); 02881 } 02882 02883 if (SessionGlobal->ProcessOutSwapCount != OutCount) { 02884 DbgPrint ("MiSessionInSwapProcess : out count mismatch %p %x %x %x %x\n", 02885 SessionGlobal, 02886 SessionGlobal->ReferenceCount, 02887 SessionGlobal->ProcessOutSwapCount, 02888 InCount, 02889 OutCount); 02890 DbgBreakPoint (); 02891 } 02892 02893 ASSERT (SessionGlobal->ProcessOutSwapCount <= SessionGlobal->ReferenceCount); 02894 02895 MiSessionSwap[MiSwapIndex].Flag = 2; 02896 MiSessionSwap[MiSwapIndex].Process = Process; 02897 MiSessionSwap[MiSwapIndex].Session = SessionGlobal; 02898 MiSessionSwap[MiSwapIndex].OutSwapCount = SessionGlobal->ProcessOutSwapCount; 02899 MiSwapIndex += 1; 02900 if (MiSwapIndex == 0x100) { 02901 MiSwapIndex = 0; 02902 } 02903 #endif 02904 02905 if (SessionGlobal->ProcessOutSwapCount == SessionGlobal->ReferenceCount) { 02906 #if DBG 02907 MiSessionInfo[2] += 1; 02908 if (MmDebug & MM_DBG_SESSIONS) { 02909 DbgPrint ("Mm: First process (%d total) just swapped back in for session %d, %d pages\n", 02910 SessionGlobal->ProcessOutSwapCount, 02911 SessionGlobal->SessionId, 02912 SessionGlobal->Vm.WorkingSetSize); 02913 } 02914 #endif 02915 SessionGlobal->Vm.u.Flags.TrimHard = 0; 02916 } 02917 #if DBG 02918 else { 02919 MiSessionInfo[3] += 1; 02920 } 02921 #endif 02922 02923 SessionGlobal->ProcessOutSwapCount -= 1; 02924 02925 ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount >= 0); 02926 02927 UNLOCK_EXPANSION (OldIrql); 02928 } }

PIMAGE_ENTRY_IN_SESSION MiSessionLookupImage (  IN PVOID  BaseAddress  )

Definition at line 518 of file sessload.c. References _IMAGE_ENTRY_IN_SESSION::Address, _MM_SESSION_SPACE::ImageList, LOCK_SESSION_SPACE_WS, MmSessionSpace, NULL, SYSLOAD_LOCK_OWNED_BY_ME, and UNLOCK_SESSION_SPACE_WS. Referenced by MiShareSessionImage(), and MmUnloadSystemImage(). : This routine looks up the image entry within the current session by the specified base address. Arguments: BaseAddress - Supplies the base address for the executable image. Return Value: The image entry within this session on success or NULL on failure. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { PLIST_ENTRY NextEntry; PIMAGE_ENTRY_IN_SESSION Image; KIRQL OldIrql; SYSLOAD_LOCK_OWNED_BY_ME (); LOCK_SESSION_SPACE_WS (OldIrql); NextEntry = MmSessionSpace->ImageList.Flink; while (NextEntry != &MmSessionSpace->ImageList) { Image = CONTAINING_RECORD(NextEntry, IMAGE_ENTRY_IN_SESSION, Link); if (Image->Address == BaseAddress) { UNLOCK_SESSION_SPACE_WS (OldIrql); return Image; } NextEntry = NextEntry->Flink; } UNLOCK_SESSION_SPACE_WS (OldIrql); return NULL; }

VOID MiSessionOutSwapProcess (  IN PEPROCESS  Process  )

Definition at line 2551 of file session.c. References ASSERT, DbgPrint, _MM_SESSION_SPACE::GlobalVirtualAddress, KeQuerySystemTime(), _MM_SESSION_SPACE::LastProcessSwappedOutTime, LOCK_EXPANSION, MI_GET_DIRECTORY_FRAME_FROM_PROCESS, MI_GET_PAGE_FRAME_FROM_PTE, MiGetPdeOffset, MiGetPpeOffset, MiGetPteAddress, MiGetPteOffset, MiHydra, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_DBG_SESSIONS, MmSessionSpace, _MM_SESSION_SPACE::ProcessList, _MM_SESSION_SPACE::ProcessOutSwapCount, _MM_SESSION_SPACE::ReferenceCount, _MM_SESSION_SPACE::SessionId, TRUE, _MMSUPPORT::u, UNLOCK_EXPANSION, _MM_SESSION_SPACE::Vm, and _MMSUPPORT::WorkingSetSize. Referenced by MmOutSwapProcess(). : This routine notifies the containing session that the specified process is being outswapped. When all the processes within a session have been outswapped, the containing session undergoes a heavy trim. Arguments: Process - Supplies a pointer to the process that is swapped out of memory. Return Value: None. Environment: Kernel mode. This routine must not enter a wait state for memory resources or the system will deadlock. --*/ { MMPTE TempPte; PFN_NUMBER PdePage; PMMPTE PageDirectoryMap; KIRQL OldIrql; PFN_NUMBER SessionPage; PMM_SESSION_SPACE SessionGlobal; #if DBG ULONG InCount; ULONG OutCount; PLIST_ENTRY NextEntry; #endif #if defined (_X86PAE_) ULONG i; PPAE_ENTRY PaeVa; #endif ASSERT (MiHydra == TRUE && Process->Vm.u.Flags.ProcessInSession == 1); // // smss doesn't count when we swap it before it has detached from the // session it is currently creating. // if (Process->Vm.u.Flags.SessionLeader == 1) { return; } #if defined (_X86PAE_) PaeVa = Process->PaeTop; #if DBG for (i = 0; i < PD_PER_SYSTEM; i += 1) { ASSERT (PaeVa->PteEntry[i].u.Hard.Valid == 1); } #endif PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&PaeVa->PteEntry[MiGetPdPteOffset(MmSessionSpace)]); #else PdePage = MI_GET_DIRECTORY_FRAME_FROM_PROCESS(Process); #endif PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); #if defined (_WIN64) TempPte = PageDirectoryMap[MiGetPpeOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); #endif TempPte = PageDirectoryMap[MiGetPdeOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); PdePage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); PageDirectoryMap = MiMapPageInHyperSpace (PdePage, &OldIrql); TempPte = PageDirectoryMap[MiGetPteOffset(MmSessionSpace)]; MiUnmapPageInHyperSpace (OldIrql); SessionPage = MI_GET_PAGE_FRAME_FROM_PTE (&TempPte); SessionGlobal = (PMM_SESSION_SPACE) MiMapPageInHyperSpace ( SessionPage, &OldIrql); ASSERT (MI_GET_PAGE_FRAME_FROM_PTE (MiGetPteAddress(SessionGlobal->GlobalVirtualAddress)) == SessionPage); SessionGlobal = SessionGlobal->GlobalVirtualAddress; MiUnmapPageInHyperSpace (OldIrql); LOCK_EXPANSION (OldIrql); SessionGlobal->ProcessOutSwapCount += 1; #if DBG ASSERT ((LONG)SessionGlobal->ProcessOutSwapCount > 0); InCount = 0; OutCount = 0; NextEntry = SessionGlobal->ProcessList.Flink; while (NextEntry != &SessionGlobal->ProcessList) { Process = CONTAINING_RECORD (NextEntry, EPROCESS, SessionProcessLinks); if (Process->ProcessOutswapEnabled == TRUE) { OutCount += 1; } else { InCount += 1; } NextEntry = NextEntry->Flink; } if (InCount + OutCount > SessionGlobal->ReferenceCount) { DbgPrint ("MiSessionOutSwapProcess : process count mismatch %p %x %x %x\n", SessionGlobal, SessionGlobal->ReferenceCount, InCount, OutCount); DbgBreakPoint (); } if (SessionGlobal->ProcessOutSwapCount != OutCount) { DbgPrint ("MiSessionOutSwapProcess : out count mismatch %p %x %x %x %x\n", SessionGlobal, SessionGlobal->ReferenceCount, SessionGlobal->ProcessOutSwapCount, InCount, OutCount); DbgBreakPoint (); } ASSERT (SessionGlobal->ProcessOutSwapCount <= SessionGlobal->ReferenceCount); MiSessionSwap[MiSwapIndex].Flag = 1; MiSessionSwap[MiSwapIndex].Process = Process; MiSessionSwap[MiSwapIndex].Session = SessionGlobal; MiSessionSwap[MiSwapIndex].OutSwapCount = SessionGlobal->ProcessOutSwapCount; MiSwapIndex += 1; if (MiSwapIndex == 0x100) { MiSwapIndex = 0; } #endif if (SessionGlobal->ProcessOutSwapCount == SessionGlobal->ReferenceCount) { SessionGlobal->Vm.u.Flags.TrimHard = 1; #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint ("Mm: Last process (%d total) just swapped out for session %d, %d pages\n", SessionGlobal->ProcessOutSwapCount, SessionGlobal->SessionId, SessionGlobal->Vm.WorkingSetSize); } MiSessionInfo[0] += 1; #endif KeQuerySystemTime (&SessionGlobal->LastProcessSwappedOutTime); } #if DBG else { MiSessionInfo[1] += 1; } #endif UNLOCK_EXPANSION (OldIrql); }

VOID MiSessionRemoveProcess (  VOID   )

Definition at line 259 of file session.c. References ASSERT, LOCK_EXPANSION, MiDereferenceSession(), MmIsAddressValid(), MmSessionSpace, _MM_SESSION_SPACE::ProcessList, PsGetCurrentProcess, SESSION_GLOBAL, _EPROCESS::SessionProcessLinks, TRUE, _MMSUPPORT::u, UNLOCK_EXPANSION, and _EPROCESS::Vm. : This routine removes the current process from the current session space. This may trigger a substantial round of dereferencing and resource freeing if it is also the last process in the session, (holding the last image in the group, etc). Arguments: None. Return Value: None. Environment: Kernel mode, APC_LEVEL and below, but queueing of APCs to this thread has been permanently disabled. This is the last thread in the process being deleted. The caller has ensured that this process is not on the expansion list and therefore there can be no races in regards to trimming. --*/ { KIRQL OldIrql; PEPROCESS CurrentProcess; #if DBG ULONG Found; PEPROCESS Process; PLIST_ENTRY NextEntry; PMM_SESSION_SPACE SessionGlobal; #endif CurrentProcess = PsGetCurrentProcess(); if (CurrentProcess->Vm.u.Flags.ProcessInSession == 0) { return; } ASSERT (MmIsAddressValid (MmSessionSpace) == TRUE); // // Remove this process from the list of processes in the current session. // LOCK_EXPANSION (OldIrql); #if DBG SessionGlobal = SESSION_GLOBAL(MmSessionSpace); Found = 0; NextEntry = SessionGlobal->ProcessList.Flink; while (NextEntry != &SessionGlobal->ProcessList) { Process = CONTAINING_RECORD (NextEntry, EPROCESS, SessionProcessLinks); if (Process == CurrentProcess) { Found = 1; } NextEntry = NextEntry->Flink; } ASSERT (Found == 1); #endif RemoveEntryList (&CurrentProcess->SessionProcessLinks); UNLOCK_EXPANSION (OldIrql); // // Decrement this process' reference count to the session. If this // is the last reference, then the entire session will be destroyed // upon return. This includes unloading drivers, unmapping pools, // freeing page tables, etc. // MiDereferenceSession (); }

VOID MiSessionUnlinkWorkingSet (  VOID   )

VOID MiSessionUnloadAllImages (  VOID   )

Definition at line 572 of file sessload.c. References _IMAGE_ENTRY_IN_SESSION::Address, ASSERT, _MM_SESSION_SPACE::ImageList, MiLookupPsLoadedModule(), MmSessionSpace, MmUnloadSystemImage(), NTSTATUS(), _MM_SESSION_SPACE::ReferenceCount, and Status. Referenced by MiDereferenceSession(). : This routine dereferences each image that has been loaded in the current session space. As each image is dereferenced, checks are made: If this session's reference count to the image reaches zero, the VA range in this session is deleted. If the reference count to the image in the SESSIONWIDE list drops to zero, then the SESSIONWIDE's VA reservation is removed and the address space is made available to any new image. If this is the last systemwide reference to the driver then the driver is deleted from memory. Arguments: None. Return Value: None. Environment: Kernel mode. This is called in one of two contexts: 1. the last thread in the last process of the current session space. 2. or by any thread in the SMSS process. --*/ { NTSTATUS Status; PLIST_ENTRY NextEntry; PIMAGE_ENTRY_IN_SESSION Module; PLDR_DATA_TABLE_ENTRY ImageHandle; ASSERT (MmSessionSpace->ReferenceCount == 1); // // The session's working set lock does not need to be acquired here since // no thread can be faulting on these addresses. // NextEntry = MmSessionSpace->ImageList.Flink; while (NextEntry != &MmSessionSpace->ImageList) { Module = CONTAINING_RECORD(NextEntry, IMAGE_ENTRY_IN_SESSION, Link); // // Lookup the image entry in the system PsLoadedModuleList, // unload the image and delete it. // ImageHandle = MiLookupPsLoadedModule (Module->Address); ASSERT (ImageHandle); Status = MmUnloadSystemImage (ImageHandle); // // Restart the search at the beginning since the entry has been deleted. // ASSERT (MmSessionSpace->ReferenceCount == 1); NextEntry = MmSessionSpace->ImageList.Flink; } }

NTSTATUS MiSessionWideGetImageSize (  IN PVOID  BaseAddress, OUT PSIZE_T NumberOfBytes  OPTIONAL, OUT PSIZE_T CommitPages  OPTIONAL )

Definition at line 866 of file sessload.c. References _SESSIONWIDE_DRIVER_ADDRESS::Address, MmSessionWideAddressList, PSESSIONWIDE_DRIVER_ADDRESS, _SESSIONWIDE_DRIVER_ADDRESS::Size, SYSLOAD_LOCK_OWNED_BY_ME, and _SESSIONWIDE_DRIVER_ADDRESS::WritablePages. Referenced by MiShareSessionImage(), and MmUnloadSystemImage(). : Lookup the size allocated and committed for the image at the base address. This ensures that we free every page that may have been allocated due to rounding up. Arguments: BaseAddress - Supplies the preferred address that the driver has been linked (rebased) at. If this address is available, the driver will require no relocation. NumberOfBytes - Supplies a pointer to store the image size into. CommitPages - Supplies a pointer to store the number of committed pages that were charged for this image. Return Value: Returns STATUS_SUCCESS on success, STATUS_NOT_FOUND on failure. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { PLIST_ENTRY NextEntry; PSESSIONWIDE_DRIVER_ADDRESS SessionWideEntry; SYSLOAD_LOCK_OWNED_BY_ME (); NextEntry = MmSessionWideAddressList.Flink; while (NextEntry != &MmSessionWideAddressList) { SessionWideEntry = CONTAINING_RECORD (NextEntry, SESSIONWIDE_DRIVER_ADDRESS, Link); if (BaseAddress == SessionWideEntry->Address) { if (ARGUMENT_PRESENT (NumberOfBytes)) { *NumberOfBytes = SessionWideEntry->Size; } if (ARGUMENT_PRESENT (CommitPages)) { *CommitPages = SessionWideEntry->WritablePages; } return STATUS_SUCCESS; } NextEntry = NextEntry->Flink; } return STATUS_NOT_FOUND; }

VOID MiSessionWideInitializeAddresses (  VOID   )

Definition at line 652 of file sessload.c. References MmSessionWideAddressList. Referenced by MmInitSystem(). : This routine is called at system initialization to set up the group address list. Arguments: None. Return Value: None. Environment: Kernel mode. --*/ { InitializeListHead (&MmSessionWideAddressList); }

NTSTATUS MiSessionWideReserveImageAddress (  IN PUNICODE_STRING  pImageName, IN PSECTION  Section, IN ULONG_PTR  Alignment, OUT PVOID *  ppAddr, OUT PBOOLEAN  pAlreadyLoaded )

Definition at line 936 of file sessload.c. References _SESSIONWIDE_DRIVER_ADDRESS::Address, ASSERT, DbgPrint, FALSE, _SESSIONWIDE_DRIVER_ADDRESS::FullDllName, MI_ROUND_TO_SIZE, MI_SESSION_IMAGE_SIZE, MI_SESSION_IMAGE_START, MiGetWritablePagesInSection(), MiSessionInsertImage(), MiSessionWideDereferenceImage(), MiSessionWideInsertImageAddress(), MM_BUMP_SESSION_FAILURES, MM_DBG_SESSIONS, MM_SESSION_FAILURE_NO_IMAGE_VA_SPACE, MmIsAddressValid(), MmSessionSpace, MmSessionWideAddressList, NT_SUCCESS, NTSTATUS(), NULL, PAGE_SHIFT, PAGED_CODE, PSESSIONWIDE_DRIVER_ADDRESS, PsGetCurrentProcess, _SESSIONWIDE_DRIVER_ADDRESS::ReferenceCount, RtlEqualUnicodeString(), _SESSIONWIDE_DRIVER_ADDRESS::Size, Status, SYSLOAD_LOCK_OWNED_BY_ME, and TRUE. Referenced by MiLoadImageSection(). : This routine allocates a range of virtual address space within session space. This address range is unique system-wide and in this manner, code and pristine data of session drivers can be shared across multiple sessions. This routine does not actually commit pages, but reserves the virtual address region for the named image. An entry is created here and attached to the current session space to track the loaded image. Thus if all the references to a given range go away, the range can then be reused. Arguments: ImageName - Supplies the name of the driver that will be loaded into the allocated space. Section - Supplies the section (and thus, the preferred address that the driver has been linked (rebased) at. If this address is available, the driver will require no relocation. The section is also used to derive the number of bytes to reserve. Alignment - Supplies the virtual address alignment for the address. AssignedAddress - Supplies a pointer to a variable that receives the allocated address if the routine succeeds. AlreadyLoaded - Supplies a pointer to a variable that receives TRUE if the specified image name has already been loaded. Return Value: Returns STATUS_SUCCESS on success, various NTSTATUS codes on failure. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { PLIST_ENTRY NextEntry; PSESSIONWIDE_DRIVER_ADDRESS Vaddr; NTSTATUS Status; PWCHAR pName; PVOID NewAddress; ULONG_PTR AvailableAddress; ULONG_PTR SessionSpaceEnd; PVOID PreferredAddress; ULONG_PTR NumberOfBytes; ULONG WritablePages; BOOLEAN AtPreferredAddress; PAGED_CODE(); SYSLOAD_LOCK_OWNED_BY_ME (); ASSERT (PsGetCurrentProcess()->Vm.u.Flags.ProcessInSession == 1); ASSERT (MmIsAddressValid (MmSessionSpace) == TRUE); pName = NULL; *AlreadyLoaded = FALSE; PreferredAddress = Section->Segment->BasedAddress; NumberOfBytes = Section->Segment->TotalNumberOfPtes << PAGE_SHIFT; AvailableAddress = MI_SESSION_IMAGE_START; NumberOfBytes = MI_ROUND_TO_SIZE (NumberOfBytes, Alignment); SessionSpaceEnd = AvailableAddress + MI_SESSION_IMAGE_SIZE; Status = MiGetWritablePagesInSection(Section, &WritablePages); if (!NT_SUCCESS(Status)) { WritablePages = Section->Segment->TotalNumberOfPtes; } // // If the requested address is not properly aligned or not in the session // space region, pick an address for it. This image will not be shared. // if ((ULONG_PTR)PreferredAddress & (Alignment - 1)) { #if DBG DbgPrint("MiSessionWideReserveImageAddress: Bad alignment 0x%x for PreferredAddress 0x%x\n", Alignment, PreferredAddress); #endif PreferredAddress = NULL; } else if ((ULONG_PTR)PreferredAddress < AvailableAddress || ((ULONG_PTR)PreferredAddress + NumberOfBytes >= SessionSpaceEnd)) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint ("MiSessionWideReserveImageAddress: PreferredAddress 0x%x not in session space\n", PreferredAddress); } #endif PreferredAddress = NULL; } // // Check the system wide session space image list to see if the // image name has already been given a slot. // NextEntry = MmSessionWideAddressList.Flink; while (NextEntry != &MmSessionWideAddressList) { Vaddr = CONTAINING_RECORD (NextEntry, SESSIONWIDE_DRIVER_ADDRESS, Link); if (Vaddr->FullDllName.Buffer != NULL) { if (RtlEqualUnicodeString(ImageName, &Vaddr->FullDllName, TRUE)) { // // The size requested should be the same. // if (Vaddr->Size < NumberOfBytes) { #if DBG DbgPrint ("MiSessionWideReserveImageAddress: Size %d Larger than Entry %d, DLL %wZ\n", NumberOfBytes, Vaddr->Size, ImageName); #endif return STATUS_CONFLICTING_ADDRESSES; } // // This image has already been loaded systemwide. If it's // already been loaded in this session space as well, just // bump the reference count using the already allocated // address. Otherwise, insert it into this session space. // Status = MiSessionInsertImage (Vaddr->Address); if (Status == STATUS_ALREADY_COMMITTED) { *AlreadyLoaded = TRUE; *AssignedAddress = Vaddr->Address; return STATUS_SUCCESS; } if (!NT_SUCCESS (Status)) { return Status; } // // Bump the reference count as this is a new entry. // Vaddr->ReferenceCount += 1; *AssignedAddress = Vaddr->Address; return STATUS_SUCCESS; } } // // Note this list must be sorted by ascending address. // See if the PreferredAddress and size collide with any entries. // if (PreferredAddress) { if ((PreferredAddress >= Vaddr->Address) && (PreferredAddress < (PVOID)((ULONG_PTR)Vaddr->Address + Vaddr->Size))) { PreferredAddress = NULL; } else if ((PreferredAddress < Vaddr->Address) && ((PVOID)((ULONG_PTR)PreferredAddress + NumberOfBytes) > Vaddr->Address)) { PreferredAddress = NULL; } } // // Check for an available general allocation slot. // if (((PVOID)AvailableAddress >= Vaddr->Address) && (AvailableAddress <= (ULONG_PTR)Vaddr->Address + Vaddr->Size)) { AvailableAddress = (ULONG_PTR)Vaddr->Address + Vaddr->Size; if (AvailableAddress & (Alignment - 1)) { AvailableAddress = MI_ROUND_TO_SIZE (AvailableAddress, Alignment); } } else if (AvailableAddress + NumberOfBytes > (ULONG_PTR)Vaddr->Address) { AvailableAddress = (ULONG_PTR)Vaddr->Address + Vaddr->Size; if (AvailableAddress & (Alignment - 1)) { AvailableAddress = MI_ROUND_TO_SIZE (AvailableAddress, Alignment); } } NextEntry = NextEntry->Flink; } if (PreferredAddress == NULL && (AvailableAddress + NumberOfBytes > (MI_SESSION_IMAGE_START + MI_SESSION_IMAGE_SIZE))) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_IMAGE_VA_SPACE); return STATUS_NO_MEMORY; } // // Try to put the module into its requested address so it can be shared. // if (PreferredAddress) { #if DBG if (MmDebug & MM_DBG_SESSIONS) { DbgPrint ("MiSessionWideReserveImageAddress: Code Sharing on %wZ, Address 0x%x\n",ImageName,PreferredAddress); } #endif NewAddress = PreferredAddress; } else { ASSERT (AvailableAddress != 0); ASSERT ((AvailableAddress & (Alignment - 1)) == 0); #if DBG DbgPrint ("MiSessionWideReserveImageAddress: NO Code Sharing on %wZ, Address 0x%x\n",ImageName,AvailableAddress); #endif NewAddress = (PVOID)AvailableAddress; } // // Create a new node entry for the address range. // if (NewAddress == PreferredAddress) { AtPreferredAddress = TRUE; } else { AtPreferredAddress = FALSE; } Status = MiSessionWideInsertImageAddress (NewAddress, NumberOfBytes, WritablePages, ImageName, AtPreferredAddress); if (!NT_SUCCESS(Status)) { return Status; } // // Create an entry for this image in the current session space. // Status = MiSessionInsertImage (NewAddress); if (!NT_SUCCESS(Status)) { MiSessionWideDereferenceImage (NewAddress); return Status; } *AssignedAddress = NewAddress; return STATUS_SUCCESS; }

VOID MiSetDirtyBit (  IN PVOID  FaultingAddress, IN PMMPTE  PointerPte, IN ULONG  PfnHeld )

Definition at line 28 of file alpha/setdirty.c. References MI_PFN_ELEMENT, MI_SET_ACCESSED_IN_PTE, MiReleasePageFileSpace(), MM_PTE_DIRTY, _MMPFN::OriginalPte, TRUE, _MMPTE::u, and _MMPFN::u3. 00036 : 00037 00038 This routine sets dirty in the specified PTE and the modify bit in the 00039 correpsonding PFN element. If any page file space is allocated, it 00040 is deallocated. 00041 00042 Arguments: 00043 00044 FaultingAddress - Supplies the faulting address. 00045 00046 PointerPte - Supplies a pointer to the corresponding valid PTE. 00047 00048 PfnHeld - Supplies TRUE if the PFN mutex is already held. 00049 00050 Return Value: 00051 00052 None. 00053 00054 Environment: 00055 00056 Kernel mode, APC's disabled, Working set mutex held. 00057 00058 --*/ 00059 00060 { 00061 MMPTE TempPte; 00062 ULONG PageFrameIndex; 00063 PMMPFN Pfn1; 00064 KIRQL OldIrql; 00065 00066 // 00067 // The TB entry must be flushed as the valid PTE with the dirty bit clear 00068 // has been fetched into the TB. If it isn't flushed, another fault 00069 // is generated as the dirty bit is not set in the cached TB entry. 00070 // 00071 00072 // KiFlushSingleDataTb( FaultingAddress ); 00073 __dtbis( FaultingAddress ); 00074 00075 // 00076 // The page is NOT copy on write, update the PTE setting both the 00077 // dirty bit and the accessed bit. Note, that as this PTE is in 00078 // the TB, the TB must be flushed. 00079 // 00080 00081 PageFrameIndex = PointerPte->u.Hard.PageFrameNumber; 00082 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 00083 00084 TempPte = *PointerPte; 00085 TempPte.u.Hard.Dirty = 1; 00086 MI_SET_ACCESSED_IN_PTE (&TempPte, 1); 00087 *PointerPte = TempPte; 00088 00089 // 00090 // If the PFN database lock is not held, then do not update the 00091 // PFN database. 00092 // 00093 00094 if (PfnHeld) { 00095 00096 // 00097 // Set the modified field in the PFN database, also, if the physical 00098 // page is currently in a paging file, free up the page file space 00099 // as the contents are now worthless. 00100 // 00101 00102 if ( (Pfn1->OriginalPte.u.Soft.Prototype == 0) && 00103 (Pfn1->u3.e1.WriteInProgress == 0) ) { 00104 00105 // 00106 // This page is in page file format, deallocate the page file space. 00107 // 00108 00109 MiReleasePageFileSpace (Pfn1->OriginalPte); 00110 00111 // 00112 // Change original PTE to indicate no page file space is reserved, 00113 // otherwise the space will be deallocated when the PTE is 00114 // deleted. 00115 // 00116 00117 Pfn1->OriginalPte.u.Soft.PageFileHigh = 0; 00118 } 00119 00120 Pfn1->u3.e1.Modified = 1; 00121 00122 } 00123 00124 00125 return; 00126 } }

VOID MiSetImageProtect (  IN PSEGMENT  Segment, IN ULONG  Protection )

Definition at line 5376 of file sysload.c. References ASSERT, MiSetProtectionOnTransitionPte(), MM_PROTECTION_WRITE_MASK, MmLockPagedPool(), MMPTE, MmUnlockPagedPool(), _SUBSECTION::u, _MMPTE::u, and ZeroPte. Referenced by MiLoadSystemImage(), and MiShareSessionImage(). : This function sets the protection of all prototype PTEs to the specified protection. Arguments: Segment - Supplies a pointer to the segment to protect. Protection - Supplies the protection value to set. Return Value: None. --*/ { PMMPTE PointerPte; PMMPTE LastPte; MMPTE PteContents; PSUBSECTION SubSection; // // Set the subsection protections. // ASSERT (Segment->ControlArea->u.Flags.GlobalOnlyPerSession == 0); if ((Protection & MM_PROTECTION_WRITE_MASK) == 0) { SubSection = (PSUBSECTION)(Segment->ControlArea + 1); SubSection->u.SubsectionFlags.Protection = Protection; SubSection->u.SubsectionFlags.ReadOnly = 1; } PointerPte = Segment->PrototypePte; LastPte = PointerPte + Segment->NonExtendedPtes; MmLockPagedPool (PointerPte, (LastPte - PointerPte) * sizeof (MMPTE)); do { PteContents = *PointerPte; ASSERT (PteContents.u.Hard.Valid == 0); if (PteContents.u.Long != ZeroPte.u.Long) { if ((PteContents.u.Soft.Prototype == 0) && (PteContents.u.Soft.Transition == 1)) { if (MiSetProtectionOnTransitionPte (PointerPte, Protection)) { continue; } } else { PointerPte->u.Soft.Protection = Protection; } } PointerPte += 1; } while (PointerPte < LastPte); PointerPte = Segment->PrototypePte; MmUnlockPagedPool (PointerPte, (LastPte - PointerPte) * sizeof (MMPTE)); return; }

VOID MiSetModifyBit (  IN PMMPFN  Pfn  )

Definition at line 26 of file setmodfy.c. References MiReleasePageFileSpace(). 00032 : 00033 00034 This routine sets the modify bit in the specified PFN element 00035 and deallocates and allocated page file space. 00036 00037 Arguments: 00038 00039 Pfn - Supplies the pointer to the PFN element to update. 00040 00041 Return Value: 00042 00043 None. 00044 00045 Environment: 00046 00047 Kernel mode, APCs disabled, Working set mutex held and PFN lock held. 00048 00049 --*/ 00050 00051 { 00052 00053 // 00054 // Set the modified field in the PFN database, also, if the physical 00055 // page is currently in a paging file, free up the page file space 00056 // as the contents are now worthless. 00057 // 00058 00059 Pfn->u3.e1.Modified = 1; 00060 00061 if (Pfn->OriginalPte.u.Soft.Prototype == 0) { 00062 00063 // 00064 // This page is in page file format, deallocate the page file space. 00065 // 00066 00067 MiReleasePageFileSpace (Pfn->OriginalPte); 00068 00069 // 00070 // Change original PTE to indicate no page file space is reserved, 00071 // otherwise the space will be deallocated when the PTE is 00072 // deleted. 00073 // 00074 00075 Pfn->OriginalPte.u.Soft.PageFileHigh = 0; 00076 } 00077 00078 00079 return; 00080 }

ULONG MiSetProtectionOnSection (  IN PEPROCESS  Process, IN PMMVAD  Vad, IN PVOID  StartingAddress, IN PVOID  EndingAddress, IN ULONG  NewProtect, OUT PULONG  CapturedOldProtect, IN ULONG  DontCharge )

Definition at line 1110 of file protect.c. References ASSERT, EXCEPTION_EXECUTE_HANDLER, ExRaiseStatus(), FALSE, Index, LOCK_WS_UNSAFE, MI_CONVERT_FROM_PTE_PROTECTION, MI_GET_USED_PTES_HANDLE, MI_GET_WORKING_SET_FROM_PTE, MI_INCREMENT_USED_PTES_BY_HANDLE, MI_IS_PTE_PROTECTION_COPY_WRITE, MI_MAKE_VALID_PTE, MI_PFN_ELEMENT, MI_PTE_LOOKUP_NEEDED, MI_SET_PTE_IN_WORKING_SET, MI_VA_TO_VPN, MI_WRITE_INVALID_PTE, MiCaptureSystemPte(), MiChangeNoAccessForkPte(), MiChargeCommitment(), MiChargePageFileQuota(), MiCopyOnWrite(), MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiFlushTbAndCapture(), MiGetPageProtection(), MiGetPdeAddress, MiGetPpeAddress, MiGetProtoPteAddress, MiGetPteAddress, MiGetVirtualAddressMappedByPte, MiIsPteOnPdeBoundary, MiLocateWsle(), MiMakePdeExistAndMakeValid(), MiMakePpeExistAndMakeValid, MiMakeProtectionMask(), MiPteToProto, MiRemovePageFromWorkingSet(), MiReturnCommitment(), MiReturnPageFileQuota(), MiSetProtectionOnTransitionPte(), MM_COPY_ON_WRITE_MASK, MM_DBG_COMMIT_RETURN_PROTECTION, MM_DBG_COMMIT_SET_PROTECTION, MM_PROTECTION_COPY_MASK, MM_TRACK_COMMIT, MmWorkingSetList, MmWsle, NTSTATUS(), NULL, _MMPFN::OriginalPte, PAGED_CODE, PrototypePte, PS_JOB_STATUS_REPORT_COMMIT_CHANGES, PsChangeJobMemoryUsage(), PsReportProcessMemoryLimitViolation(), _MMPFN::PteAddress, TRUE, _MMPTE::u, _MMPFN::u1, _MMWSLE::u1, _MMPFN::u3, UNLOCK_WS_UNSAFE, and VOID(). Referenced by MiProtectVirtualMemory(), and NtAllocateVirtualMemory(). 01122 : 01123 01124 This routine changes the protection on a region of committed pages 01125 within the virtual address space of the subject process. Setting 01126 the protection on a range of pages causes the old protection to be 01127 replaced by the specified protection value. 01128 01129 Arguments: 01130 01131 Process - Supplies a pointer to the current process. 01132 01133 FoundVad - Supplies a pointer to the VAD containing the range to protect. 01134 01135 StartingAddress - Supplies the starting address to protect. 01136 01137 EndingAddress - Supplies the ending address to protect. 01138 01139 NewProtect - Supplies the new protection to set. 01140 01141 CapturedOldProtect - Supplies the address of a kernel owned pointer to 01142 store (without probing) the old protection into. 01143 01144 DontCharge - Supplies TRUE if no quota or commitment should be charged. 01145 01146 Return Value: 01147 01148 Returns TRUE if a locked page was removed from the working set (protection 01149 was guard page or no-access, FALSE otherwise. 01150 01151 Exceptions raised for page file quota or commitment violations. 01152 01153 Environment: 01154 01155 Kernel mode, working set mutex held, address creation mutex held 01156 APCs disabled. 01157 01158 --*/ 01159 01160 { 01161 PMMPTE PointerPte; 01162 PMMPTE LastPte; 01163 PMMPTE PointerPde; 01164 PMMPTE PointerPpe; 01165 PMMPTE PointerProtoPte; 01166 PMMPFN Pfn1; 01167 MMPTE TempPte; 01168 MMPTE PreviousPte; 01169 ULONG Locked; 01170 ULONG ProtectionMask; 01171 ULONG ProtectionMaskNotCopy; 01172 ULONG NewProtectionMask; 01173 MMPTE PteContents; 01174 ULONG Index; 01175 PULONG Va; 01176 ULONG WriteCopy; 01177 ULONG DoAgain; 01178 ULONG Waited; 01179 SIZE_T QuotaCharge; 01180 PVOID UsedPageTableHandle; 01181 PVOID UsedPageDirectoryHandle; 01182 ULONG WorkingSetIndex; 01183 01184 PAGED_CODE(); 01185 01186 Locked = FALSE; 01187 WriteCopy = FALSE; 01188 QuotaCharge = 0; 01189 01190 // 01191 // Make the protection field. 01192 // 01193 01194 ASSERT (FoundVad->u.VadFlags.PrivateMemory == 0); 01195 01196 if ((FoundVad->u.VadFlags.ImageMap == 1) || 01197 (FoundVad->u2.VadFlags2.CopyOnWrite == 1)) { 01198 01199 if (NewProtect & PAGE_READWRITE) { 01200 NewProtect &= ~PAGE_READWRITE; 01201 NewProtect |= PAGE_WRITECOPY; 01202 } 01203 01204 if (NewProtect & PAGE_EXECUTE_READWRITE) { 01205 NewProtect &= ~PAGE_EXECUTE_READWRITE; 01206 NewProtect |= PAGE_EXECUTE_WRITECOPY; 01207 } 01208 } 01209 01210 ProtectionMask = MiMakeProtectionMask (NewProtect); 01211 01212 // 01213 // Determine if copy on write is being set. 01214 // 01215 01216 ProtectionMaskNotCopy = ProtectionMask; 01217 if ((ProtectionMask & MM_COPY_ON_WRITE_MASK) == MM_COPY_ON_WRITE_MASK) { 01218 WriteCopy = TRUE; 01219 ProtectionMaskNotCopy &= ~MM_PROTECTION_COPY_MASK; 01220 } 01221 01222 #if defined(_MIALT4K_) 01223 01224 if ((Process->Wow64Process != NULL) && 01225 (FoundVad->u.VadFlags.ImageMap == 0) && 01226 (FoundVad->u2.VadFlags2.CopyOnWrite == 0) && 01227 (WriteCopy)) { 01228 01229 NTSTATUS status; 01230 01231 status = MiSetCopyPagesFor4kPage(Process, 01232 &FoundVad, 01233 &StartingAddress, 01234 &EndingAddress, 01235 ProtectionMask); 01236 01237 if (status != STATUS_SUCCESS) { 01238 ExRaiseStatus (status); 01239 } 01240 01241 } 01242 01243 #endif 01244 01245 PointerPpe = MiGetPpeAddress (StartingAddress); 01246 PointerPde = MiGetPdeAddress (StartingAddress); 01247 PointerPte = MiGetPteAddress (StartingAddress); 01248 LastPte = MiGetPteAddress (EndingAddress); 01249 01250 #if defined (_WIN64) 01251 MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); 01252 if (PointerPde->u.Long == 0) { 01253 UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); 01254 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); 01255 } 01256 #endif 01257 01258 MiMakePdeExistAndMakeValid(PointerPde, Process, FALSE); 01259 01260 // 01261 // Capture the protection for the first page. 01262 // 01263 01264 if (PointerPte->u.Long != 0) { 01265 01266 *CapturedOldProtect = MiGetPageProtection (PointerPte, Process); 01267 01268 // 01269 // Make sure the Page table page is still resident. 01270 // 01271 01272 PointerPpe = MiGetPteAddress (PointerPde); 01273 01274 do { 01275 01276 (VOID)MiDoesPpeExistAndMakeValid (PointerPpe, Process, FALSE, &Waited); 01277 Waited = 0; 01278 01279 (VOID)MiDoesPdeExistAndMakeValid (PointerPde, Process, FALSE, &Waited); 01280 } while (Waited != 0); 01281 01282 } else { 01283 01284 // 01285 // Get the protection from the VAD, unless image file. 01286 // 01287 01288 if (FoundVad->u.VadFlags.ImageMap == 0) { 01289 01290 // 01291 // This is not an image file, the protection is in the VAD. 01292 // 01293 01294 *CapturedOldProtect = 01295 MI_CONVERT_FROM_PTE_PROTECTION(FoundVad->u.VadFlags.Protection); 01296 } else { 01297 01298 // 01299 // This is an image file, the protection is in the 01300 // prototype PTE. 01301 // 01302 01303 PointerProtoPte = MiGetProtoPteAddress (FoundVad, 01304 MI_VA_TO_VPN ( 01305 MiGetVirtualAddressMappedByPte (PointerPte))); 01306 01307 TempPte = MiCaptureSystemPte (PointerProtoPte, Process); 01308 01309 *CapturedOldProtect = MiGetPageProtection (&TempPte, 01310 Process); 01311 01312 // 01313 // Make sure the Page directory and table pages are still resident. 01314 // 01315 01316 PointerPpe = MiGetPteAddress (PointerPde); 01317 01318 do { 01319 01320 (VOID)MiDoesPpeExistAndMakeValid(PointerPpe, Process, FALSE, &Waited); 01321 Waited = 0; 01322 01323 (VOID)MiDoesPdeExistAndMakeValid(PointerPde, Process, FALSE, &Waited); 01324 } while (Waited != 0); 01325 } 01326 } 01327 01328 // 01329 // If the page protection is being change to be copy-on-write, the 01330 // commitment and page file quota for the potentially dirty private pages 01331 // must be calculated and charged. This must be done before any 01332 // protections are changed as the changes cannot be undone. 01333 // 01334 01335 if (WriteCopy) { 01336 01337 // 01338 // Calculate the charges. If the page is shared and not write copy 01339 // it is counted as a charged page. 01340 // 01341 01342 while (PointerPte <= LastPte) { 01343 01344 if (MiIsPteOnPdeBoundary (PointerPte)) { 01345 01346 PointerPde = MiGetPteAddress (PointerPte); 01347 PointerPpe = MiGetPteAddress (PointerPde); 01348 01349 do { 01350 01351 while (!MiDoesPpeExistAndMakeValid(PointerPpe, Process, FALSE, &Waited)) { 01352 01353 // 01354 // No PPE exists for this address. Therefore 01355 // all the PTEs are shared and not copy on write. 01356 // go to the next PPE. 01357 // 01358 01359 PointerPpe += 1; 01360 PointerPde = MiGetVirtualAddressMappedByPte (PointerPpe); 01361 PointerProtoPte = PointerPte; 01362 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 01363 01364 if (PointerPte > LastPte) { 01365 QuotaCharge += 1 + LastPte - PointerProtoPte; 01366 goto Done; 01367 } 01368 QuotaCharge += PointerPte - PointerProtoPte; 01369 } 01370 01371 Waited = 0; 01372 01373 while (!MiDoesPdeExistAndMakeValid(PointerPde, Process, FALSE, &Waited)) { 01374 01375 // 01376 // No PDE exists for this address. Therefore 01377 // all the PTEs are shared and not copy on write. 01378 // go to the next PDE. 01379 // 01380 01381 PointerPde += 1; 01382 PointerProtoPte = PointerPte; 01383 PointerPpe = MiGetPteAddress (PointerPde); 01384 PointerPte = MiGetVirtualAddressMappedByPte (PointerPde); 01385 01386 if (PointerPte > LastPte) { 01387 QuotaCharge += 1 + LastPte - PointerProtoPte; 01388 goto Done; 01389 } 01390 QuotaCharge += PointerPte - PointerProtoPte; 01391 #if defined (_WIN64) 01392 if (MiIsPteOnPdeBoundary (PointerPde)) { 01393 Waited = 1; 01394 break; 01395 } 01396 #endif 01397 } 01398 } while (Waited != 0); 01399 } 01400 01401 PteContents = *PointerPte; 01402 01403 if (PteContents.u.Long == 0) { 01404 01405 // 01406 // The PTE has not been evaluated, assume copy on write. 01407 // 01408 01409 QuotaCharge += 1; 01410 01411 } else if ((PteContents.u.Hard.Valid == 1) && 01412 (PteContents.u.Hard.CopyOnWrite == 0)) { 01413 01414 // 01415 // See if this is a prototype PTE, if so charge it. 01416 // 01417 01418 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); 01419 01420 if (Pfn1->u3.e1.PrototypePte == 1) { 01421 QuotaCharge += 1; 01422 } 01423 } else { 01424 01425 if (PteContents.u.Soft.Prototype == 1) { 01426 01427 // 01428 // This is a prototype PTE. Charge if it is not 01429 // in copy on write format. 01430 // 01431 01432 if (PteContents.u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED) { 01433 01434 // 01435 // Page protection is within the PTE. 01436 // 01437 01438 if (!MI_IS_PTE_PROTECTION_COPY_WRITE(PteContents.u.Soft.Protection)) { 01439 QuotaCharge += 1; 01440 } 01441 } else { 01442 01443 // 01444 // The PTE references the prototype directly, therefore 01445 // it can't be copy on write. Charge. 01446 // 01447 01448 QuotaCharge += 1; 01449 } 01450 } 01451 } 01452 PointerPte += 1; 01453 } 01454 01455 Done: 01456 NOTHING; 01457 01458 // 01459 // Charge for the quota. 01460 // 01461 01462 if (!DontCharge) { 01463 MiChargePageFileQuota (QuotaCharge, Process); 01464 01465 if (Process->CommitChargeLimit) { 01466 if (Process->CommitCharge + QuotaCharge > Process->CommitChargeLimit) { 01467 MiReturnPageFileQuota (QuotaCharge, Process); 01468 if (Process->Job) { 01469 PsReportProcessMemoryLimitViolation (); 01470 } 01471 ExRaiseStatus (STATUS_COMMITMENT_LIMIT); 01472 } 01473 } 01474 if (Process->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { 01475 if (PsChangeJobMemoryUsage(QuotaCharge) == FALSE) { 01476 MiReturnPageFileQuota (QuotaCharge, Process); 01477 ExRaiseStatus (STATUS_COMMITMENT_LIMIT); 01478 } 01479 } 01480 01481 if (MiChargeCommitment (QuotaCharge, Process) == FALSE) { 01482 if (Process->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { 01483 01484 // 01485 // Temporarily up the process commit charge as the 01486 // job code will be referencing it as though everything 01487 // has succeeded. 01488 // 01489 01490 Process->CommitCharge += QuotaCharge; 01491 PsChangeJobMemoryUsage(-(SSIZE_T)QuotaCharge); 01492 Process->CommitCharge -= QuotaCharge; 01493 } 01494 MiReturnPageFileQuota (QuotaCharge, Process); 01495 ExRaiseStatus STATUS_COMMITMENT_LIMIT; 01496 } 01497 01498 // 01499 // Add the quota into the charge to the VAD. 01500 // 01501 01502 MM_TRACK_COMMIT (MM_DBG_COMMIT_SET_PROTECTION, QuotaCharge); 01503 FoundVad->u.VadFlags.CommitCharge += QuotaCharge; 01504 Process->CommitCharge += QuotaCharge; 01505 if (Process->CommitCharge > Process->CommitChargePeak) { 01506 Process->CommitChargePeak = Process->CommitCharge; 01507 } 01508 } 01509 } 01510 01511 // 01512 // For all the PTEs in the specified address range, set the 01513 // protection depending on the state of the PTE. 01514 // 01515 01516 // 01517 // If the PTE was copy on write (but not written) and the 01518 // new protection is NOT copy-on-write, return page file quota 01519 // and commitment. 01520 // 01521 01522 PointerPpe = MiGetPpeAddress (StartingAddress); 01523 PointerPde = MiGetPdeAddress (StartingAddress); 01524 PointerPte = MiGetPteAddress (StartingAddress); 01525 01526 do { 01527 01528 MiDoesPpeExistAndMakeValid (PointerPpe, Process, FALSE, &Waited); 01529 01530 Waited = 0; 01531 01532 MiDoesPdeExistAndMakeValid (PointerPde, Process, FALSE, &Waited); 01533 01534 } while (Waited != 0); 01535 01536 QuotaCharge = 0; 01537 01538 while (PointerPte <= LastPte) { 01539 01540 if (MiIsPteOnPdeBoundary (PointerPte)) { 01541 PointerPde = MiGetPteAddress (PointerPte); 01542 PointerPpe = MiGetPdeAddress (PointerPte); 01543 01544 #if defined (_WIN64) 01545 MiMakePpeExistAndMakeValid (PointerPpe, Process, FALSE); 01546 if (PointerPde->u.Long == 0) { 01547 UsedPageDirectoryHandle = MI_GET_USED_PTES_HANDLE (PointerPte); 01548 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageDirectoryHandle); 01549 } 01550 #endif 01551 01552 MiMakePdeExistAndMakeValid (PointerPde, Process, FALSE); 01553 } 01554 01555 PteContents = *PointerPte; 01556 01557 if (PteContents.u.Long == 0) { 01558 01559 // 01560 // The PTE is zero, set it into prototype PTE format 01561 // with the protection in the prototype PTE. 01562 // 01563 01564 TempPte = PrototypePte; 01565 TempPte.u.Soft.Protection = ProtectionMask; 01566 MI_WRITE_INVALID_PTE (PointerPte, TempPte); 01567 01568 // 01569 // Increment the count of non-zero page table entries 01570 // for this page table and the number of private pages 01571 // for the process. 01572 // 01573 01574 UsedPageTableHandle = MI_GET_USED_PTES_HANDLE (MiGetVirtualAddressMappedByPte (PointerPte)); 01575 01576 MI_INCREMENT_USED_PTES_BY_HANDLE (UsedPageTableHandle); 01577 01578 } else if (PteContents.u.Hard.Valid == 1) { 01579 01580 // 01581 // Set the protection into both the PTE and the original PTE 01582 // in the PFN database for private pages only. 01583 // 01584 01585 NewProtectionMask = ProtectionMask; 01586 01587 Pfn1 = MI_PFN_ELEMENT (PteContents.u.Hard.PageFrameNumber); 01588 01589 if ((NewProtect & PAGE_NOACCESS) || 01590 (NewProtect & PAGE_GUARD)) { 01591 01592 Locked = MiRemovePageFromWorkingSet (PointerPte, 01593 Pfn1, 01594 &Process->Vm ); 01595 continue; 01596 01597 } else { 01598 01599 if (Pfn1->u3.e1.PrototypePte == 1) { 01600 01601 // 01602 // The true protection may be in the WSLE, locate 01603 // the WSLE. 01604 // 01605 01606 Va = (PULONG)MiGetVirtualAddressMappedByPte (PointerPte); 01607 Index = MiLocateWsle ((PVOID)Va, MmWorkingSetList, 01608 Pfn1->u1.WsIndex); 01609 01610 // 01611 // Check to see if this is a prototype PTE. This 01612 // is done by comparing the PTE address in the 01613 // PFN database to the PTE address indicated by the 01614 // VAD. If they are not equal, this is a prototype 01615 // PTE. 01616 // 01617 01618 if (Pfn1->PteAddress != 01619 MiGetProtoPteAddress (FoundVad, 01620 MI_VA_TO_VPN ((PVOID)Va))) { 01621 01622 // 01623 // This PTE refers to a fork prototype PTE, make it 01624 // private. 01625 // 01626 01627 MiCopyOnWrite ((PVOID)Va, PointerPte); 01628 01629 if (WriteCopy) { 01630 QuotaCharge += 1; 01631 } 01632 01633 // 01634 // This may have released the working set mutex and 01635 // the page table page may no longer be in memory. 01636 // 01637 01638 PointerPpe = MiGetPteAddress (PointerPde); 01639 01640 do { 01641 01642 (VOID)MiDoesPpeExistAndMakeValid (PointerPpe, 01643 Process, 01644 FALSE, 01645 &Waited); 01646 01647 Waited = 0; 01648 01649 (VOID)MiDoesPdeExistAndMakeValid (PointerPde, 01650 Process, 01651 FALSE, 01652 &Waited); 01653 01654 } while (Waited != 0); 01655 01656 // 01657 // Do the loop again. 01658 // 01659 01660 continue; 01661 01662 } else { 01663 01664 // 01665 // Update the protection field in the WSLE and 01666 // the PTE. 01667 // 01668 // 01669 // If the PTE is copy on write uncharge the 01670 // previously charged quota. 01671 // 01672 01673 if ((!WriteCopy) && (PteContents.u.Hard.CopyOnWrite == 1)) { 01674 QuotaCharge += 1; 01675 } 01676 01677 MmWsle[Index].u1.e1.Protection = ProtectionMask; 01678 MmWsle[Index].u1.e1.SameProtectAsProto = 0; 01679 } 01680 01681 } else { 01682 01683 // 01684 // Page is private (copy on written), protection mask 01685 // is stored in the original pte field. 01686 // 01687 01688 #if PFN_CONSISTENCY 01689 MiSetOriginalPteProtection (Pfn1, ProtectionMaskNotCopy); 01690 #else 01691 Pfn1->OriginalPte.u.Soft.Protection = ProtectionMaskNotCopy; 01692 #endif 01693 NewProtectionMask = ProtectionMaskNotCopy; 01694 } 01695 01696 MI_MAKE_VALID_PTE (TempPte, 01697 PteContents.u.Hard.PageFrameNumber, 01698 NewProtectionMask, 01699 PointerPte); 01700 01701 WorkingSetIndex = MI_GET_WORKING_SET_FROM_PTE (&PteContents); 01702 01703 MI_SET_PTE_IN_WORKING_SET (&TempPte, WorkingSetIndex); 01704 } 01705 01706 // 01707 // Flush the TB as we have changed the protection 01708 // of a valid PTE. 01709 // 01710 01711 PreviousPte.u.Flush = MiFlushTbAndCapture (PointerPte, 01712 TempPte.u.Flush, 01713 Pfn1); 01714 } else { 01715 01716 if (PteContents.u.Soft.Prototype == 1) { 01717 01718 // 01719 // The PTE is in prototype PTE format. 01720 // 01721 01722 // 01723 // Is it a fork prototype PTE? 01724 // 01725 01726 Va = (PULONG)MiGetVirtualAddressMappedByPte (PointerPte); 01727 01728 if ((PteContents.u.Soft.PageFileHigh != MI_PTE_LOOKUP_NEEDED) && 01729 (MiPteToProto (PointerPte) != 01730 MiGetProtoPteAddress (FoundVad, 01731 MI_VA_TO_VPN ((PVOID)Va)))) { 01732 01733 // 01734 // This PTE refers to a fork prototype PTE, make the 01735 // page private. This is accomplished by releasing 01736 // the working set mutex, reading the page thereby 01737 // causing a fault, and re-executing the loop, hopefully, 01738 // this time, we'll find the page present and will 01739 // turn it into a private page. 01740 // 01741 // Note, that page with prototype = 1 cannot be 01742 // no-access. 01743 // 01744 01745 DoAgain = TRUE; 01746 01747 while (PteContents.u.Hard.Valid == 0) { 01748 01749 UNLOCK_WS_UNSAFE (Process); 01750 01751 try { 01752 01753 *(volatile ULONG *)Va; 01754 } except (EXCEPTION_EXECUTE_HANDLER) { 01755 01756 if (GetExceptionCode() != 01757 STATUS_GUARD_PAGE_VIOLATION) { 01758 01759 // 01760 // The prototype PTE must be noaccess. 01761 // 01762 01763 DoAgain = MiChangeNoAccessForkPte (PointerPte, 01764 ProtectionMask); 01765 } 01766 } 01767 01768 PointerPpe = MiGetPteAddress (PointerPde); 01769 01770 LOCK_WS_UNSAFE (Process); 01771 01772 do { 01773 01774 (VOID)MiDoesPpeExistAndMakeValid (PointerPpe, 01775 Process, 01776 FALSE, 01777 &Waited); 01778 01779 Waited = 0; 01780 01781 (VOID)MiDoesPdeExistAndMakeValid (PointerPde, 01782 Process, 01783 FALSE, 01784 &Waited); 01785 01786 } while (Waited != 0); 01787 01788 PteContents = *(volatile MMPTE *)PointerPte; 01789 } 01790 01791 if (DoAgain) { 01792 continue; 01793 } 01794 01795 } else { 01796 01797 // 01798 // If the new protection is not write-copy, the PTE 01799 // protection is not in the prototype PTE (can't be 01800 // write copy for sections), and the protection in 01801 // the PTE is write-copy, release the page file 01802 // quota and commitment for this page. 01803 // 01804 01805 if ((!WriteCopy) && 01806 (PteContents.u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)) { 01807 if (MI_IS_PTE_PROTECTION_COPY_WRITE(PteContents.u.Soft.Protection)) { 01808 QuotaCharge += 1; 01809 } 01810 01811 } 01812 01813 // 01814 // The PTE is a prototype PTE. Make the high part 01815 // of the PTE indicate that the protection field 01816 // is in the PTE itself. 01817 // 01818 01819 MI_WRITE_INVALID_PTE (PointerPte, PrototypePte); 01820 PointerPte->u.Soft.Protection = ProtectionMask; 01821 } 01822 01823 } else { 01824 01825 if (PteContents.u.Soft.Transition == 1) { 01826 01827 // 01828 // This is a transition PTE. (Page is private) 01829 // 01830 01831 if (MiSetProtectionOnTransitionPte ( 01832 PointerPte, 01833 ProtectionMaskNotCopy)) { 01834 continue; 01835 } 01836 01837 } else { 01838 01839 // 01840 // Must be page file space or demand zero. 01841 // 01842 01843 PointerPte->u.Soft.Protection = ProtectionMaskNotCopy; 01844 } 01845 } 01846 } 01847 01848 PointerPte += 1; 01849 } 01850 01851 // 01852 // Return the quota charge and the commitment, if any. 01853 // 01854 01855 if ((QuotaCharge > 0) && (!DontCharge)) { 01856 01857 MiReturnCommitment (QuotaCharge); 01858 MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PROTECTION, QuotaCharge); 01859 MiReturnPageFileQuota (QuotaCharge, Process); 01860 01861 ASSERT (QuotaCharge <= FoundVad->u.VadFlags.CommitCharge); 01862 01863 FoundVad->u.VadFlags.CommitCharge -= QuotaCharge; 01864 if (Process->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) { 01865 PsChangeJobMemoryUsage(-(SSIZE_T)QuotaCharge); 01866 } 01867 Process->CommitCharge -= QuotaCharge; 01868 } 01869 01870 return Locked; 01871 }

NTSTATUS MiShareSessionImage (  IN PSECTION  Section, IN OUT PSIZE_T  ViewSize )

Definition at line 119 of file sessload.c. References ASSERT, BYTES_TO_PAGES, _MM_SESSION_SPACE::CommittedPages, _SEGMENT::ControlArea, ExPageLockHandle, FALSE, _IMAGE_ENTRY_IN_SESSION::LastAddress, LOCK_PFN, LOCK_SESSION_SPACE_WS, MiAddMappedPtes(), MiChargeCommitment(), MiCheckControlArea(), MiCheckPurgeAndUpMapCount(), MiGetPteAddress, MiReturnCommitment(), MiSessionCommitPageTables(), MiSessionLookupImage(), MiSessionWideGetImageSize(), MiSetImageProtect(), MM_BUMP_SESS_COUNTER, MM_BUMP_SESSION_FAILURES, MM_DBG_COMMIT_SESSION_SHARED_IMAGE, MM_DBG_SESSION_SYSMAPPED_PAGES_ALLOC, MM_DBG_SESSION_SYSMAPPED_PAGES_COMMITTED, MM_EXECUTE_READ, MM_SESSION_FAILURE_NO_COMMIT, MM_TRACK_COMMIT, MmIsAddressValid(), MmLockPagableSectionByHandle(), MmSessionSpace, MmUnlockPagableImageSection(), NT_SUCCESS, NTSTATUS(), NULL, _CONTROL_AREA::NumberOfMappedViews, _CONTROL_AREA::NumberOfUserReferences, PAGE_SIZE, PAGED_CODE, _IMAGE_ENTRY_IN_SESSION::PrototypePtes, _CONTROL_AREA::Segment, Status, SYSLOAD_LOCK_OWNED_BY_ME, TRUE, _CONTROL_AREA::u, _MMPTE::u, UNLOCK_PFN, and UNLOCK_SESSION_SPACE_WS. Referenced by MiLoadImageSection(). : This routine maps the given image into the current session space. This allows the image to be executed backed by the image file in the filesystem and allow code and read-only data to be shared. Arguments: Section - Supplies a pointer to a section. ViewSize - Supplies the size in bytes of the view desired. Return Value: Returns STATUS_SUCCESS on success, various NTSTATUS codes on failure. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { KIRQL WsIrql; KIRQL OldIrql; PSUBSECTION Subsection; PCONTROL_AREA ControlArea; ULONG NumberOfPtes; PMMPTE StartPte; PMMPTE EndPte; PVOID AllocationStart; SIZE_T AllocationSize; NTSTATUS Status; BOOLEAN FirstMapped; PVOID MappedBase; SIZE_T CommittedPages; PIMAGE_ENTRY_IN_SESSION DriverImage; PAGED_CODE(); SYSLOAD_LOCK_OWNED_BY_ME (); if (*ViewSize == 0) { return STATUS_SUCCESS; } ASSERT (MmIsAddressValid (MmSessionSpace) == TRUE); MappedBase = Section->Segment->BasedAddress; ASSERT (((ULONG_PTR)MappedBase % PAGE_SIZE) == 0); ASSERT ((*ViewSize % PAGE_SIZE) == 0); MmLockPagableSectionByHandle (ExPageLockHandle); LOCK_SESSION_SPACE_WS (WsIrql); // // Check to see if a purge operation is in progress and if so, wait // for the purge to complete. In addition, up the count of mapped // views for this control area. // ControlArea = Section->Segment->ControlArea; ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); Subsection = (PSUBSECTION)(ControlArea + 1); if (MiCheckPurgeAndUpMapCount (ControlArea) == FALSE) { UNLOCK_SESSION_SPACE_WS(WsIrql); MmUnlockPagableImageSection(ExPageLockHandle); return STATUS_INSUFFICIENT_RESOURCES; } if (*ViewSize == 0) { *ViewSize = Section->SizeOfSection.LowPart; } else if (*ViewSize > Section->SizeOfSection.LowPart) { // // Section offset or view size past size of section. // UNLOCK_SESSION_SPACE_WS(WsIrql); LOCK_PFN (OldIrql); ControlArea->NumberOfMappedViews -= 1; ControlArea->NumberOfUserReferences -= 1; // // Check to see if the control area (segment) should be deleted. // This routine releases the PFN lock. // MiCheckControlArea (ControlArea, NULL, OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); return STATUS_INVALID_VIEW_SIZE; } AllocationStart = MappedBase; AllocationSize = *ViewSize; // // Calculate the PTE ranges and amount. // StartPte = MiGetPteAddress (AllocationStart); EndPte = MiGetPteAddress ((PCHAR)AllocationStart + AllocationSize); NumberOfPtes = BYTES_TO_PAGES (AllocationSize); Status = MiSessionWideGetImageSize (MappedBase, NULL, &CommittedPages); if (!NT_SUCCESS(Status)) { CommittedPages = NumberOfPtes; } Status = STATUS_SUCCESS; if (MiChargeCommitment (CommittedPages, NULL) == FALSE) { MM_BUMP_SESSION_FAILURES (MM_SESSION_FAILURE_NO_COMMIT); Status = STATUS_NO_MEMORY; } if (!NT_SUCCESS(Status)) { // // Don't bother releasing the page tables or their commit here, another // load will happen shortly or the whole session will go away. On // session exit everything will be released automatically. // UNLOCK_SESSION_SPACE_WS(WsIrql); LOCK_PFN (OldIrql); ControlArea->NumberOfMappedViews -= 1; ControlArea->NumberOfUserReferences -= 1; // // Check to see if the control area (segment) should be deleted. // This routine releases the PFN lock. // MiCheckControlArea (ControlArea, NULL, OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); return STATUS_NO_MEMORY; } MmSessionSpace->CommittedPages += CommittedPages; // // Make sure we have page tables for the PTE // entries we must fill in the session space structure. // Status = MiSessionCommitPageTables (AllocationStart, (PVOID)((PCHAR)AllocationStart + AllocationSize)); if (!NT_SUCCESS(Status)) { MmSessionSpace->CommittedPages -= CommittedPages; UNLOCK_SESSION_SPACE_WS (WsIrql); LOCK_PFN (OldIrql); ControlArea->NumberOfMappedViews -= 1; ControlArea->NumberOfUserReferences -= 1; // // Check to see if the control area (segment) should be deleted. // This routine releases the PFN lock. // MiCheckControlArea (ControlArea, NULL, OldIrql); MmUnlockPagableImageSection (ExPageLockHandle); MiReturnCommitment (CommittedPages); return STATUS_NO_MEMORY; } MM_TRACK_COMMIT (MM_DBG_COMMIT_SESSION_SHARED_IMAGE, CommittedPages); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_SYSMAPPED_PAGES_COMMITTED, CommittedPages); MM_BUMP_SESS_COUNTER (MM_DBG_SESSION_SYSMAPPED_PAGES_ALLOC, NumberOfPtes); #if DBG while (StartPte < EndPte) { ASSERT (StartPte->u.Long == 0); StartPte += 1; } StartPte = MiGetPteAddress (AllocationStart); #endif // // Flag that the image is mapped into system space. // if (Section->u.Flags.Image) { FirstMapped = FALSE; LOCK_PFN (OldIrql); if (ControlArea->u.Flags.ImageMappedInSystemSpace == 0) { FirstMapped = TRUE; ControlArea->u.Flags.ImageMappedInSystemSpace = 1; } UNLOCK_PFN (OldIrql); // // Initialize all of the pages to copy on write - later read only // protections will be set on the code pages. // if (FirstMapped == TRUE) { MiSetImageProtect (Section->Segment, MM_EXECUTE_READ); } } // // Initialize the PTEs as copy on write, pointing at the prototype PTEs. // MiAddMappedPtes (StartPte, NumberOfPtes, ControlArea); UNLOCK_SESSION_SPACE_WS(WsIrql); // // No session space image faults may be taken until these fields of the // image entry are initialized. // DriverImage = MiSessionLookupImage (AllocationStart); ASSERT (DriverImage); DriverImage->LastAddress = (PVOID)((PCHAR)AllocationStart + AllocationSize - 1); DriverImage->PrototypePtes = Section->Segment->PrototypePte; MmUnlockPagableImageSection(ExPageLockHandle); return STATUS_SUCCESS; }

LONGLONG MiStartingOffset (  IN PSUBSECTION  Subsection, IN PMMPTE  PteAddress )

Definition at line 916 of file flushsec.c. References Mi4KStartFromSubsection, MI_STARTING_OFFSET, MM4K_SHIFT, and PAGE_SHIFT. Referenced by MiCleanSection(), MiFlushSectionInternal(), MiGatherMappedPages(), MiResolveMappedFileFault(), and MmShutdownSystem(). : This function calculates the file offset given a subsection and a PTE offset. Note that images are stored in 512-byte units whereas data is stored in 4K units. When this is all debugged, this should be made into a macro. Arguments: Subsection - Supplies a subsection to reference for the file address. PteAddress - Supplies a PTE within the subsection Return Value: Returns the file offset to obtain the backing data from. --*/ { LONGLONG PteByteOffset; LARGE_INTEGER StartAddress; if (Subsection->ControlArea->u.Flags.Image == 1) { return MI_STARTING_OFFSET ( Subsection, PteAddress); } PteByteOffset = (LONGLONG)((PteAddress - Subsection->SubsectionBase)) << PAGE_SHIFT; Mi4KStartFromSubsection (&StartAddress, Subsection); StartAddress.QuadPart = StartAddress.QuadPart << MM4K_SHIFT; PteByteOffset += StartAddress.QuadPart; return PteByteOffset; }

VOID MiSwapWslEntries (  IN WSLE_NUMBER  SwapEntry, IN WSLE_NUMBER  Entry, IN PMMSUPPORT  WsInfo )

Definition at line 576 of file wstree.c. References ASSERT, _MMWSL::FirstFree, _MMWSL::HashTable, _MMWSLE_HASH::Index, _MMWSL::LastInitializedWsle, LOCK_PFN, MI_PFN_ELEMENT, MI_SET_PTE_IN_WORKING_SET, MiGetPteAddress, MiLookupWsleHashIndex(), MiRemoveWsleFromFreeList(), MM_FREE_WSLE_SHIFT, _MMPTE::u, _MMWSLE::u1, _MMPFN::u1, UNLOCK_PFN, _MMWSL::Wsle, WSLE_NULL_INDEX, and WSLE_NUMBER. Referenced by MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiDecommitPages(), MiDeleteAddressesInWorkingSet(), MiDeletePte(), MiDeleteSystemPagableVm(), MiLockCode(), MiRemovePageFromWorkingSet(), MiSessionCommitPageTables(), MiUpdateWsle(), NtLockVirtualMemory(), and NtUnlockVirtualMemory(). : This routine swaps the working set list entries Entry and SwapEntry in the specified working set list (process or system cache). Arguments: SwapEntry - Supplies the first entry to swap. This entry must be valid, i.e. in the working set at the current time. Entry - Supplies the other entry to swap. This entry may be valid or invalid. WsInfo - Supplies the working set list. Return Value: None. Environment: Kernel mode, Working set lock and PFN lock held (if system cache), APCs disabled. --*/ { MMWSLE WsleEntry; MMWSLE WsleSwap; PMMPTE PointerPte; PMMPFN Pfn1; PMMWSLE Wsle; PMMWSL WorkingSetList; PMMWSLE_HASH Table; #if DBG WSLE_NUMBER CurrentSize = WsInfo->WorkingSetSize; #endif //DBG #if PFN_CONSISTENCY KIRQL OldIrql; #endif WorkingSetList = WsInfo->VmWorkingSetList; Wsle = WorkingSetList->Wsle; WsleSwap = Wsle[SwapEntry]; ASSERT (WsleSwap.u1.e1.Valid != 0); WsleEntry = Wsle[Entry]; Table = WorkingSetList->HashTable; if (WsleEntry.u1.e1.Valid == 0) { // // Entry is not on any list. Remove it from the free list. // MiRemoveWsleFromFreeList (Entry, Wsle, WorkingSetList); // // Copy the Entry to this free one. // Wsle[Entry] = WsleSwap; PointerPte = MiGetPteAddress (WsleSwap.u1.VirtualAddress); if (WsleSwap.u1.e1.Direct) { Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); #if PFN_CONSISTENCY OldIrql = 99; if (PFN_LOCK_OWNED_BY_ME() == 0) { LOCK_PFN (OldIrql); } #endif Pfn1->u1.WsIndex = Entry; #if PFN_CONSISTENCY if (OldIrql != 99) { UNLOCK_PFN (OldIrql); } #endif } else { // // Update hash table. // if (Table) { Table [ MiLookupWsleHashIndex (WsleSwap.u1.Long, WorkingSetList)].Index = Entry; } } MI_SET_PTE_IN_WORKING_SET (PointerPte, Entry); // // Put entry on free list. // ASSERT (WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle); Wsle[SwapEntry].u1.Long = WorkingSetList->FirstFree << MM_FREE_WSLE_SHIFT; WorkingSetList->FirstFree = SwapEntry; ASSERT ((WorkingSetList->FirstFree <= WorkingSetList->LastInitializedWsle) || (WorkingSetList->FirstFree == WSLE_NULL_INDEX)); } else { // // Both entries are valid. // Wsle[SwapEntry] = WsleEntry; PointerPte = MiGetPteAddress (WsleEntry.u1.VirtualAddress); if (WsleEntry.u1.e1.Direct) { // // Swap the PFN WsIndex element to point to the new slot. // Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); #if PFN_CONSISTENCY OldIrql = 99; if (PFN_LOCK_OWNED_BY_ME() == 0) { LOCK_PFN (OldIrql); } #endif Pfn1->u1.WsIndex = SwapEntry; #if PFN_CONSISTENCY if (OldIrql != 99) { UNLOCK_PFN (OldIrql); } #endif } else { // // Update hash table. // if (Table) { Table[ MiLookupWsleHashIndex (WsleEntry.u1.Long, WorkingSetList)].Index = SwapEntry; } } MI_SET_PTE_IN_WORKING_SET (PointerPte, SwapEntry); Wsle[Entry] = WsleSwap; PointerPte = MiGetPteAddress (WsleSwap.u1.VirtualAddress); if (WsleSwap.u1.e1.Direct) { Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); #if PFN_CONSISTENCY OldIrql = 99; if (PFN_LOCK_OWNED_BY_ME() == 0) { LOCK_PFN (OldIrql); } #endif Pfn1->u1.WsIndex = Entry; #if PFN_CONSISTENCY if (OldIrql != 99) { UNLOCK_PFN (OldIrql); } #endif } else { if (Table) { Table[ MiLookupWsleHashIndex (WsleSwap.u1.Long, WorkingSetList)].Index = Entry; } } MI_SET_PTE_IN_WORKING_SET (PointerPte, Entry); } ASSERT (CurrentSize == WsInfo->WorkingSetSize); return; }

VOID MiTakePageFromWorkingSet (  IN ULONG  Entry, IN PMMSUPPORT  WsInfo, IN PMMPTE  PointerPte )

LOGICAL MiTriageAddDrivers (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Referenced by MiInitializeDriverVerifierList().

LOGICAL MiTriageSystem (  IN PLOADER_PARAMETER_BLOCK  LoaderBlock  )

Referenced by MmInitSystem().

LOGICAL MiTriageVerifyDriver (  IN PLDR_DATA_TABLE_ENTRY  DataTableEntry  )

ULONG MiTrimWorkingSet (  ULONG  Reduction, IN PMMSUPPORT  WsInfo, IN ULONG  ForcedReduction )

Definition at line 3612 of file wslist.c. References FALSE, _MMWSL::FirstDynamic, _MMWSL::LastEntry, MI_GET_ACCESSED_IN_PTE, MI_GET_WSLE_AGE, MI_SET_ACCESSED_IN_PTE, MiFreeWsle(), MiGetPteAddress, MiRemoveWorkingSetPages(), MM_SYSTEM_WS_LOCK_ASSERT, MmSystemCacheWs, _MMWSL::NextSlot, PAGE_SIZE, PERFINFO_GET_PAGE_INFO_WITH_DECL, PERFINFO_LOG_WS_REMOVAL, _MMWSL::Quota, TRUE, _MMSUPPORT::u, _MMWSLE::u1, _MMWSLE::VirtualAddress, and _MMWSL::Wsle. Referenced by MiDoReplacement(), MmSetMemoryPriorityProcess(), and MmWorkingSetManager(). 03620 : 03621 03622 This function reduces the working set by the specified amount. 03623 03624 Arguments: 03625 03626 Reduction - Supplies the number of pages to remove from the working 03627 set. 03628 03629 WsInfo - Supplies a pointer to the working set information for the 03630 process (or system cache) to trim. 03631 03632 ForcedReductionOrTrimAge - If using fault-based trimming, this is set to 03633 TRUE if the reduction is being done to free up 03634 pages in which case we should try to reduce 03635 working set pages as well. Set to FALSE when 03636 the reduction is trying to increase the fault 03637 rates in which case the policy should be more 03638 like locate and reserve. 03639 03640 If using claim-based trimming, this is the age 03641 value to use - ie: pages of this age or older 03642 will be removed. 03643 03644 Return Value: 03645 03646 Returns the actual number of pages removed. 03647 03648 Environment: 03649 03650 Kernel mode, APCs disabled, working set lock. PFN lock NOT held. 03651 03652 --*/ 03653 03654 { 03655 ULONG TryToFree; 03656 ULONG StartEntry; 03657 ULONG LastEntry; 03658 PMMWSL WorkingSetList; 03659 PMMWSLE Wsle; 03660 PMMPTE PointerPte; 03661 ULONG NumberLeftToRemove; 03662 ULONG LoopCount; 03663 ULONG EndCount; 03664 BOOLEAN StartFromZero; 03665 03666 NumberLeftToRemove = Reduction; 03667 WorkingSetList = WsInfo->VmWorkingSetList; 03668 Wsle = WorkingSetList->Wsle; 03669 03670 #if DBG 03671 if (WsInfo == &MmSystemCacheWs) { 03672 MM_SYSTEM_WS_LOCK_ASSERT(); 03673 } 03674 #endif //DBG 03675 03676 LastEntry = WorkingSetList->LastEntry; 03677 03678 TryToFree = WorkingSetList->NextSlot; 03679 if (TryToFree > LastEntry || TryToFree < WorkingSetList->FirstDynamic) { 03680 TryToFree = WorkingSetList->FirstDynamic; 03681 } 03682 03683 StartEntry = TryToFree; 03684 03685 #ifdef _MI_USE_CLAIMS_ 03686 03687 while (NumberLeftToRemove != 0) { 03688 if (Wsle[TryToFree].u1.e1.Valid == 1) { 03689 PointerPte = MiGetPteAddress (Wsle[TryToFree].u1.VirtualAddress); 03690 03691 if ((ForcedReductionOrTrimAge == 0) || 03692 ((MI_GET_ACCESSED_IN_PTE (PointerPte) == 0) && 03693 (MI_GET_WSLE_AGE(PointerPte, &Wsle[TryToFree]) >= ForcedReductionOrTrimAge))) { 03694 03695 PERFINFO_GET_PAGE_INFO_WITH_DECL(PointerPte); 03696 03697 if (MiFreeWsle (TryToFree, WsInfo, PointerPte)) { 03698 PERFINFO_LOG_WS_REMOVAL(PERFINFO_LOG_TYPE_OUTWS_VOLUNTRIM, WsInfo); 03699 NumberLeftToRemove -= 1; 03700 } 03701 } 03702 } 03703 TryToFree += 1; 03704 03705 if (TryToFree > LastEntry) { 03706 TryToFree = WorkingSetList->FirstDynamic; 03707 } 03708 03709 if (TryToFree == StartEntry) { 03710 break; 03711 } 03712 } 03713 03714 #else 03715 03716 LoopCount = 0; 03717 03718 if (ForcedReductionOrTrimAge) { 03719 EndCount = 4; 03720 } else { 03721 EndCount = 1; 03722 } 03723 03724 StartFromZero = FALSE; 03725 03726 while (NumberLeftToRemove != 0 && LoopCount != EndCount) { 03727 while ((NumberLeftToRemove != 0) && (TryToFree <= LastEntry)) { 03728 03729 if (Wsle[TryToFree].u1.e1.Valid == 1) { 03730 PointerPte = MiGetPteAddress (Wsle[TryToFree].u1.VirtualAddress); 03731 if (MI_GET_ACCESSED_IN_PTE (PointerPte)) { 03732 03733 // 03734 // If accessed bit is set, clear it. If accessed 03735 // bit is clear, remove from working set. 03736 // 03737 03738 MI_SET_ACCESSED_IN_PTE (PointerPte, 0); 03739 } else { 03740 PERFINFO_GET_PAGE_INFO_WITH_DECL(PointerPte); 03741 if (MiFreeWsle (TryToFree, WsInfo, PointerPte)) { 03742 PERFINFO_LOG_WS_REMOVAL(PERFINFO_LOG_TYPE_OUTWS_VOLUNTRIM, WsInfo); 03743 NumberLeftToRemove -= 1; 03744 } 03745 } 03746 } 03747 TryToFree += 1; 03748 03749 if (StartFromZero == TRUE && EndCount == 1 && TryToFree >= StartEntry) { 03750 LoopCount = EndCount; 03751 if (TryToFree > LastEntry) { 03752 TryToFree = WorkingSetList->FirstDynamic; 03753 } 03754 break; 03755 } 03756 } 03757 03758 if (TryToFree > LastEntry) { 03759 TryToFree = WorkingSetList->FirstDynamic; 03760 if (StartFromZero == TRUE) { 03761 03762 // 03763 // We've already wrapped once but didn't get back to 03764 // the StartEntry. Use the first dynamic as our base now. 03765 // 03766 03767 StartEntry = TryToFree; 03768 } 03769 else { 03770 StartFromZero = TRUE; 03771 } 03772 03773 if (TryToFree >= StartEntry) { 03774 03775 // 03776 // We've wrapped. If this is not a forced trim, then bail 03777 // now so we don't cannibalize entries we just cleared the 03778 // access bit for because they haven't had a fair chance to 03779 // be re-accessed yet. 03780 // 03781 03782 LoopCount += 1; 03783 StartFromZero = FALSE; 03784 } 03785 } 03786 } 03787 03788 #endif 03789 03790 WorkingSetList->NextSlot = TryToFree; 03791 03792 // 03793 // If this is not the system cache or a session working set, see if the 03794 // working set list can be contracted. 03795 // 03796 03797 if (WsInfo != &MmSystemCacheWs && WsInfo->u.Flags.SessionSpace == 0) { 03798 03799 // 03800 // Make sure we are at least a page above the working set maximum. 03801 // 03802 03803 if (WorkingSetList->FirstDynamic == WsInfo->WorkingSetSize) { 03804 MiRemoveWorkingSetPages (WorkingSetList, WsInfo); 03805 } else { 03806 03807 if ((WorkingSetList->Quota + 15 + (PAGE_SIZE / sizeof(MMWSLE))) < 03808 WorkingSetList->LastEntry) { 03809 if ((WsInfo->MaximumWorkingSetSize + 15 + (PAGE_SIZE / sizeof(MMWSLE))) < 03810 WorkingSetList->LastEntry ) { 03811 MiRemoveWorkingSetPages (WorkingSetList, WsInfo); 03812 } 03813 } 03814 } 03815 } 03816 return Reduction - NumberLeftToRemove; 03817 }

VOID MiUnlinkFreeOrZeroedPage (  IN PFN_NUMBER  Page  )

Definition at line 821 of file pfnlist.c. References ASSERT, _MMPFNLIST::Blink, _MMCOLOR_TABLES::Blink, _MMPFNLIST::Flink, _MMCOLOR_TABLES::Flink, FreePageList, _MMPFNLIST::ListName, MI_GET_COLOR_FROM_SECONDARY, MI_GET_SECONDARY_COLOR, MI_PFN_ELEMENT, MiObtainFreePages(), MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmFreePagesByColor, MmMinimumFreePages, MmPageLocationList, MmPfnDatabase, _MMPFN::OriginalPte, PERFINFO_UNLINKFREEPAGE, _MMPFNLIST::Total, _MMPTE::u, _MMPFN::u1, _MMPFN::u2, and _MMPFN::u3. Referenced by MiFindContiguousMemory(), MiInitMachineDependent(), MiRemovePhysicalPages(), and MmAllocatePagesForMdl(). : This procedure removes a page from the middle of a list. This is designed for the removing of free or zeroed pages from the middle of their lists. Arguments: Pfn - Supplies a pointer to the PFN database element for the physical page to remove from the list. Return Value: None. Environment: Must be holding the PFN database mutex with APCs disabled. --*/ { PMMPFNLIST ListHead; PFN_NUMBER Previous; PFN_NUMBER Next; PMMPFN Pfn2; PMMPFN Pfn; ULONG Color; Pfn = MI_PFN_ELEMENT (Page); MM_PFN_LOCK_ASSERT(); ListHead = MmPageLocationList[Pfn->u3.e1.PageLocation]; ASSERT (ListHead->Total != 0); ListHead->Total -= 1; ASSERT (ListHead->ListName <= FreePageList); ASSERT (Pfn->u3.e1.WriteInProgress == 0); ASSERT (Pfn->u3.e1.ReadInProgress == 0); PERFINFO_UNLINKFREEPAGE((ULONG_PTR)(Pfn - MmPfnDatabase), Pfn->u3.e1.PageLocation); Next = Pfn->u1.Flink; Pfn->u1.Flink = 0; // Assumes Flink width is >= WsIndex width Previous = Pfn->u2.Blink; Pfn->u2.Blink = 0; if (Next == MM_EMPTY_LIST) { ListHead->Blink = Previous; } else { Pfn2 = MI_PFN_ELEMENT(Next); Pfn2->u2.Blink = Previous; } if (Previous == MM_EMPTY_LIST) { ListHead->Flink = Next; } else { Pfn2 = MI_PFN_ELEMENT(Previous); Pfn2->u1.Flink = Next; } // // We are removing a page from the middle of the free or zeroed page list. // The secondary color tables must be updated at this time. // Color = MI_GET_SECONDARY_COLOR (Page, Pfn); ASSERT (Pfn->u3.e1.PageColor == MI_GET_COLOR_FROM_SECONDARY(Color)); // // Walk down the list and remove the page. // Next = MmFreePagesByColor[ListHead->ListName][Color].Flink; if (Next == Page) { MmFreePagesByColor[ListHead->ListName][Color].Flink = (PFN_NUMBER) Pfn->OriginalPte.u.Long; } else { // // Walk the list to find the parent. // for (; ; ) { Pfn2 = MI_PFN_ELEMENT (Next); Next = (PFN_NUMBER) Pfn2->OriginalPte.u.Long; if (Page == Next) { Pfn2->OriginalPte.u.Long = Pfn->OriginalPte.u.Long; if ((PFN_NUMBER) Pfn->OriginalPte.u.Long == MM_EMPTY_LIST) { MmFreePagesByColor[ListHead->ListName][Color].Blink = Pfn2; } break; } } } MmAvailablePages -= 1; if (MmAvailablePages < MmMinimumFreePages) { // // Obtain free pages. // MiObtainFreePages(); } return; }

VOID FASTCALL MiUnlinkPageFromList (  IN PMMPFN  Pfn  )

Definition at line 667 of file pfnlist.c. References ASSERT, _MMPFNLIST::Blink, DbgPrint, _MMPFNLIST::Flink, KeBugCheckEx(), _MMPFNLIST::ListName, MI_PFN_ELEMENT, MI_TALLY_TRANSITION_PAGE_REMOVAL, MiFormatPfn(), MiObtainFreePages(), MM_DBG_PAGE_IN_LIST, MM_EMPTY_LIST, MM_PFN_LOCK_ASSERT, MmAvailablePages, MmHighestPhysicalPage, MmMinimumFreePages, MmModifiedPageListByColor, MmModifiedPageListHead, MmPageLocationList, MmPfnDatabase, MmTotalPagesForPagingFile, ModifiedNoWritePageList, ModifiedPageList, PERFINFO_UNLINKPAGE, StandbyPageList, _MMPFNLIST::Total, _MMPFN::u1, and _MMPFN::u2. Referenced by MiCleanSection(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDispatchFault(), MiFindContiguousMemory(), MiFlushSectionInternal(), MiGatherMappedPages(), MiGatherPagefilePages(), MiLockCode(), MiMakeOutswappedPageResident(), MiModifiedPageWriterWorker(), MiPurgeImageSection(), MiRemovePhysicalPages(), MiResetVirtualMemory(), MiResolveTransitionFault(), MiSegmentDelete(), MmAllocatePagesForMdl(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmPurgeSection(), MmRemovePhysicalMemory(), and MmShutdownSystem(). 00673 : 00674 00675 This procedure removes a page from the middle of a list. This is 00676 designed for the faulting of transition pages from the standby and 00677 modified list and making them active and valid again. 00678 00679 Arguments: 00680 00681 Pfn - Supplies a pointer to the PFN database element for the physical 00682 page to remove from the list. 00683 00684 Return Value: 00685 00686 none. 00687 00688 Environment: 00689 00690 Must be holding the PFN database mutex with APCs disabled. 00691 00692 --*/ 00693 00694 { 00695 PMMPFNLIST ListHead; 00696 PFN_NUMBER Previous; 00697 PFN_NUMBER Next; 00698 PMMPFN Pfn2; 00699 00700 MM_PFN_LOCK_ASSERT(); 00701 00702 PERFINFO_UNLINKPAGE((ULONG_PTR)(Pfn - MmPfnDatabase), Pfn->u3.e1.PageLocation); 00703 00704 // 00705 // Page not on standby or modified list, check to see if the 00706 // page is currently being written by the modified page 00707 // writer, if so, just return this page. The reference 00708 // count for the page will be incremented, so when the modified 00709 // page write completes, the page will not be put back on 00710 // the list, rather, it will remain active and valid. 00711 // 00712 00713 if (Pfn->u3.e2.ReferenceCount > 0) { 00714 00715 // 00716 // The page was not on any "transition lists", check to see 00717 // if this has I/O in progress. 00718 // 00719 00720 if (Pfn->u2.ShareCount == 0) { 00721 #if DBG 00722 if (MmDebug & MM_DBG_PAGE_IN_LIST) { 00723 DbgPrint("unlinking page not in list...\n"); 00724 MiFormatPfn(Pfn); 00725 } 00726 #endif 00727 return; 00728 } 00729 KdPrint(("MM:attempt to remove page from wrong page list\n")); 00730 KeBugCheckEx (PFN_LIST_CORRUPT, 00731 2, 00732 Pfn - MmPfnDatabase, 00733 MmHighestPhysicalPage, 00734 Pfn->u3.e2.ReferenceCount); 00735 return; 00736 } 00737 00738 ListHead = MmPageLocationList[Pfn->u3.e1.PageLocation]; 00739 00740 // 00741 // Must not remove pages from free or zeroed without updating 00742 // the colored lists. 00743 // 00744 00745 ASSERT (ListHead->ListName >= StandbyPageList); 00746 00747 // 00748 // On MIPS R4000 modified pages destined for the paging file are 00749 // kept on separate lists which group pages of the same color 00750 // together 00751 // 00752 00753 if ((ListHead == &MmModifiedPageListHead) && 00754 (Pfn->OriginalPte.u.Soft.Prototype == 0)) { 00755 00756 // 00757 // This page is destined for the paging file (not 00758 // a mapped file). Change the list head to the 00759 // appropriate colored list head. 00760 // 00761 00762 ListHead->Total -= 1; 00763 MmTotalPagesForPagingFile -= 1; 00764 ListHead = &MmModifiedPageListByColor [Pfn->u3.e1.PageColor]; 00765 } 00766 00767 ASSERT (Pfn->u3.e1.WriteInProgress == 0); 00768 ASSERT (Pfn->u3.e1.ReadInProgress == 0); 00769 ASSERT (ListHead->Total != 0); 00770 00771 Next = Pfn->u1.Flink; 00772 Pfn->u1.Flink = 0; // Assumes Flink width is >= WsIndex width 00773 Previous = Pfn->u2.Blink; 00774 Pfn->u2.Blink = 0; 00775 00776 if (Next == MM_EMPTY_LIST) { 00777 ListHead->Blink = Previous; 00778 } else { 00779 Pfn2 = MI_PFN_ELEMENT(Next); 00780 Pfn2->u2.Blink = Previous; 00781 } 00782 00783 if (Previous == MM_EMPTY_LIST) { 00784 ListHead->Flink = Next; 00785 } else { 00786 Pfn2 = MI_PFN_ELEMENT(Previous); 00787 Pfn2->u1.Flink = Next; 00788 } 00789 00790 ListHead->Total -= 1; 00791 00792 // 00793 // Check to see if we now have one less page available. 00794 // 00795 00796 if (ListHead->ListName <= StandbyPageList) { 00797 MmAvailablePages -= 1; 00798 00799 if (ListHead->ListName == StandbyPageList) { 00800 MI_TALLY_TRANSITION_PAGE_REMOVAL (Pfn); 00801 } 00802 00803 if (MmAvailablePages < MmMinimumFreePages) { 00804 00805 // 00806 // Obtain free pages. 00807 // 00808 00809 MiObtainFreePages(); 00810 00811 } 00812 } 00813 else if (ListHead->ListName == ModifiedPageList || ListHead->ListName == ModifiedNoWritePageList) { 00814 MI_TALLY_TRANSITION_PAGE_REMOVAL (Pfn); 00815 } 00816 00817 return; 00818 }

NTSTATUS MiUnloadSessionImageByForce (  IN SIZE_T  NumberOfPtes, IN PVOID  ImageBase )

VOID FASTCALL MiUnlockPagedAddress (  IN PVOID  VirtualAddress, IN ULONG  PfnLockHeld )

Definition at line 1123 of file mmsup.c. References ASSERT, FALSE, LOCK_PFN2, MI_GET_PAGE_FRAME_FROM_PTE, MI_PFN_ELEMENT, MI_REMOVE_LOCKED_PAGE_CHARGE, MiDecrementReferenceCount(), MiGetPteAddress, _MMPTE::u, _MMPFN::u3, and UNLOCK_PFN2. Referenced by MiCloneProcessAddressSpace(). 01130 : 01131 01132 This routine checks to see if the virtual address is valid, and if 01133 not makes it valid. 01134 01135 Arguments: 01136 01137 VirtualAddress - Supplies the virtual address to make valid. 01138 01139 01140 Return Value: 01141 01142 None. 01143 01144 Environment: 01145 01146 Kernel mode. PFN LOCK MUST NOT BE HELD. 01147 01148 --*/ 01149 01150 { 01151 PMMPFN Pfn1; 01152 PMMPTE PointerPte; 01153 KIRQL OldIrql; 01154 PFN_NUMBER PageFrameIndex; 01155 01156 PointerPte = MiGetPteAddress(VirtualAddress); 01157 01158 // 01159 // Address must be within paged pool. 01160 // 01161 01162 if (PfnLockHeld == FALSE) { 01163 LOCK_PFN2 (OldIrql); 01164 } 01165 01166 ASSERT (PointerPte->u.Hard.Valid == 1); 01167 PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte); 01168 Pfn1 = MI_PFN_ELEMENT (PageFrameIndex); 01169 01170 ASSERT (Pfn1->u3.e2.ReferenceCount > 1); 01171 01172 MI_REMOVE_LOCKED_PAGE_CHARGE(Pfn1, 7); 01173 01174 MiDecrementReferenceCount (PageFrameIndex); 01175 01176 if (PfnLockHeld == FALSE) { 01177 UNLOCK_PFN2 (OldIrql); 01178 } 01179 return; 01180 }

VOID MiUnmapImageHeaderInHyperSpace (  VOID   )

Definition at line 243 of file alpha/hypermap.c. References ASSERT, Event(), FALSE, IMAGE_MAPPING_PTE, KeFlushSingleTb(), KePulseEvent(), LOCK_PFN, MiGetPteAddress, MmWorkingSetList, NULL, TRUE, _MMPTE::u, UNLOCK_PFN, and _MMWSL::WaitingForImageMapping. Referenced by MiCreateImageFileMap(). : This procedure unmaps the PTE reserved for mapping the image header, flushes the TB, and, if the WaitingForImageMapping field is not NULL, sets the specified event. On ALPHA, no action is required as the super-page address of the page was used. Arguments: None. Return Value: None. Environment: Kernel mode. --*/ { MMPTE TempPte; PMMPTE PointerPte; KIRQL OldIrql; PKEVENT Event; PointerPte = MiGetPteAddress (IMAGE_MAPPING_PTE); TempPte.u.Long = 0; LOCK_PFN (OldIrql); // // Capture the current state of the event field and clear it out. // Event = MmWorkingSetList->WaitingForImageMapping; MmWorkingSetList->WaitingForImageMapping = (PKEVENT)NULL; ASSERT (PointerPte->u.Long != 0); KeFlushSingleTb (IMAGE_MAPPING_PTE, TRUE, FALSE, (PHARDWARE_PTE)PointerPte, TempPte.u.Hard); UNLOCK_PFN (OldIrql); if (Event != (PKEVENT)NULL) { // // If there was an event specified, set the event. // KePulseEvent (Event, 0, FALSE); } return; }

VOID MiUnmapSinglePage (  IN PVOID  BaseAddress  )

Definition at line 2543 of file iosup.c. References ASSERT, MI_IS_PHYSICAL_ADDRESS, MiGetPteAddress, MiReleaseSystemPtes(), PAGED_CODE, and SystemPteSpace. Referenced by MiCloneProcessAddressSpace(). 02549 : 02550 02551 This routine unmaps a single locked pages which was previously mapped via 02552 an MiMapSinglePage call. 02553 02554 Arguments: 02555 02556 VirtualAddress - Supplies the virtual address used to map the page. 02557 02558 Return Value: 02559 02560 None. 02561 02562 Environment: 02563 02564 Kernel mode. APC_LEVEL or below, base address is within system space. 02565 02566 --*/ 02567 02568 { 02569 PMMPTE PointerPte; 02570 02571 PAGED_CODE (); 02572 02573 ASSERT (MI_IS_PHYSICAL_ADDRESS (VirtualAddress) == 0); 02574 ASSERT (VirtualAddress >= MM_SYSTEM_RANGE_START); 02575 02576 PointerPte = MiGetPteAddress (VirtualAddress); 02577 02578 MiReleaseSystemPtes (PointerPte, 1, SystemPteSpace); 02579 return; 02580 }

VOID MiUpdateImageHeaderPage (  IN PMMPTE  PointerPte, IN PFN_NUMBER  PageFrameNumber, IN PCONTROL_AREA  ControlArea )

Definition at line 4450 of file creasect.c. References LOCK_PFN, MiDecrementReferenceCount(), MiInitializeTransitionPfn(), MiMakeSystemAddressValidPfn(), and UNLOCK_PFN. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). 04458 : 04459 04460 This non-pagable function acquires the PFN lock, and 04461 turns the specified prototype PTE into a transition PTE 04462 referring to the specified physical page. It then 04463 decrements the reference count causing the page to 04464 be placed on the standby or modified list. 04465 04466 Arguments: 04467 04468 PointerPte - Supplies the PTE to set into the transition state. 04469 04470 PageFrameNumber - Supplies the physical page. 04471 04472 ControlArea - Supplies the control area for the prototype PTEs. 04473 04474 Return Value: 04475 04476 None. 04477 04478 --*/ 04479 04480 { 04481 KIRQL OldIrql; 04482 04483 LOCK_PFN (OldIrql); 04484 04485 MiMakeSystemAddressValidPfn (PointerPte); 04486 04487 MiInitializeTransitionPfn (PageFrameNumber, PointerPte, 0xFFFFFFFF); 04488 ControlArea->NumberOfPfnReferences += 1; 04489 04490 // 04491 // Add the page to the standby list. 04492 // 04493 04494 MiDecrementReferenceCount (PageFrameNumber); 04495 04496 UNLOCK_PFN (OldIrql); 04497 return; 04498 }

VOID FASTCALL MiUpdateModifiedWriterMdls (  IN ULONG  PageFileNumber  )

Definition at line 1098 of file deleteva.c. References _MMMOD_WRITER_MDL_ENTRY::CurrentList, _MMPAGING_FILE::Entry, _MMMOD_WRITER_LISTHEAD::Event, FALSE, KeSetEvent(), _MMMOD_WRITER_MDL_ENTRY::Links, _MMMOD_WRITER_LISTHEAD::ListHead, MM_IO_IN_PROGRESS, MM_PAGING_FILE_MDLS, MmFreePagingSpaceLow, MmNumberOfActiveMdlEntries, MmPagingFile, MmPagingFileHeader, _MMMOD_WRITER_MDL_ENTRY::PagingListHead, and PMMMOD_WRITER_MDL_ENTRY. Referenced by MiAttemptPageFileExtension(), MiExtendPagingFileMaximum(), and MiReleasePageFileSpace(). : This routine ensures the MDLs for the specified paging file are in the proper state such that paging i/o can continue. Arguments: PageFileNumber - Supplies the page file number to check the MDLs for. Return Value: None. Environment: Kernel mode, PFN lock held. --*/ { ULONG i; PMMMOD_WRITER_MDL_ENTRY WriterEntry; // // Put the MDL entries into the active list. // for (i = 0; i < MM_PAGING_FILE_MDLS; i += 1) { if ((MmPagingFile[PageFileNumber]->Entry[i]->Links.Flink != MM_IO_IN_PROGRESS) && (MmPagingFile[PageFileNumber]->Entry[i]->CurrentList == &MmFreePagingSpaceLow)) { // // Remove this entry and put it on the active list. // WriterEntry = MmPagingFile[PageFileNumber]->Entry[i]; RemoveEntryList (&WriterEntry->Links); WriterEntry->CurrentList = &MmPagingFileHeader.ListHead; KeSetEvent (&WriterEntry->PagingListHead->Event, 0, FALSE); InsertTailList (&WriterEntry->PagingListHead->ListHead, &WriterEntry->Links); MmNumberOfActiveMdlEntries += 1; } } return; }

VOID MiUpdateWsle (  IN PWSLE_NUMBER  DesiredIndex, IN PVOID  VirtualAddress, IN PMMWSL  WorkingSetList, IN PMMPFN  Pfn )

VOID MiVerifierCheckThunks (  IN PLDR_DATA_TABLE_ENTRY  DataTableEntry  )

Definition at line 3982 of file verifier.c. References _DRIVER_SPECIFIED_VERIFIER_THUNKS::DataTableEntry, ExFreePool(), MiActiveVerifierThunks, MiVerifierDriverAddedThunkListHead, PAGED_CODE, and PDRIVER_SPECIFIED_VERIFIER_THUNKS. : This routine adds another set of thunks to the verifier list. Arguments: DataTableEntry - Supplies the data table entry for the driver. Return Value: None. Environment: Kernel mode. APC_LEVEL and below. The system load lock must be held by the caller. --*/ { PLIST_ENTRY NextEntry; PDRIVER_SPECIFIED_VERIFIER_THUNKS ThunkTableBase; PAGED_CODE (); // // N.B. The DataTableEntry can move (see MiInitializeLoadedModuleList), // but this only happens long before IoInitialize so this is safe. // NextEntry = MiVerifierDriverAddedThunkListHead.Flink; while (NextEntry != &MiVerifierDriverAddedThunkListHead) { ThunkTableBase = CONTAINING_RECORD(NextEntry, DRIVER_SPECIFIED_VERIFIER_THUNKS, ListEntry); if (ThunkTableBase->DataTableEntry == DataTableEntry) { RemoveEntryList (NextEntry); NextEntry = NextEntry->Flink; ExFreePool (ThunkTableBase); MiActiveVerifierThunks -= 1; // // Keep looking as the driver may have made multiple calls. // continue; } NextEntry = NextEntry->Flink; } }

VOID MiVerifyingDriverUnloading (  IN PLDR_DATA_TABLE_ENTRY  DataTableEntry  )

Definition at line 3625 of file verifier.c. References ASSERT, _MI_VERIFIER_DRIVER_ENTRY::BaseName, _MI_VERIFIER_DRIVER_ENTRY::CurrentNonPagedPoolAllocations, _MI_VERIFIER_DRIVER_ENTRY::CurrentPagedPoolAllocations, DbgPrint, _MI_VERIFIER_DRIVER_ENTRY::EndAddress, ExFreePool(), FALSE, KeBugCheckEx(), KernelVerifier, KiStackProtectTime, MiActiveVerifies, MiEnableRandomSpecialPool(), MiNoPageOnRaiseIrql, MiSuspectDriverList, MiVerifierStackProtectTime, MmVerifierData, _MI_VERIFIER_DRIVER_ENTRY::NonPagedBytes, NULL, _MI_VERIFIER_DRIVER_ENTRY::PagedBytes, _MI_VERIFIER_DRIVER_ENTRY::PoolHash, _MI_VERIFIER_DRIVER_ENTRY::PoolHashFree, _MI_VERIFIER_DRIVER_ENTRY::PoolHashReserved, _MI_VERIFIER_DRIVER_ENTRY::PoolHashSize, RtlEqualUnicodeString(), _MI_VERIFIER_DRIVER_ENTRY::StartAddress, TRUE, _MI_VERIFIER_DRIVER_ENTRY::Unloads, VerifierListLock, _MI_VERIFIER_DRIVER_ENTRY::VerifierPoolLock, VI_POOL_FREELIST_END, and ViBadDriver. Referenced by MmUnloadSystemImage(). : This function is called as a driver that was being verified is now being unloaded. Arguments: DataTableEntry - Supplies the data table entry for the driver. Return Value: TRUE if thunking was applied, FALSE if not. Environment: Kernel mode, Phase 0 Initialization and normal runtime. Non paged pool exists in Phase0, but paged pool does not. Post-Phase0 serialization is provided by the MmSystemLoadLock. --*/ { KIRQL OldIrql; LOGICAL Found; PLIST_ENTRY NextEntry; PMI_VERIFIER_DRIVER_ENTRY Verifier; PVI_POOL_ENTRY OldHashTable; Found = FALSE; NextEntry = MiSuspectDriverList.Flink; while (NextEntry != &MiSuspectDriverList) { Verifier = CONTAINING_RECORD(NextEntry, MI_VERIFIER_DRIVER_ENTRY, Links); if (RtlEqualUnicodeString (&Verifier->BaseName, &DataTableEntry->BaseDllName, TRUE)) { Found = TRUE; break; } NextEntry = NextEntry->Flink; } ASSERT (Found == TRUE); if (MmVerifierData.Level & DRIVER_VERIFIER_TRACK_POOL_ALLOCATIONS) { // // Better not be any pool left that wasn't freed. Walk the pagable // allocations in an attempt to make them all resident for a // kernel debugger session. // if (Verifier->PagedBytes) { #if DBG DbgPrint ("Driver %wZ leaked %d paged pool allocations (0x%x bytes)\n", &DataTableEntry->FullDllName, Verifier->CurrentPagedPoolAllocations, Verifier->PagedBytes); #endif // // It would be nice to fault in the driver's paged pool allocations // now to make debugging easier, but this cannot be easily done // in a deadlock free manner. // // At least disable the paging of pool on IRQL raising in attempt // to keep some of these allocations resident for debugging. // No need to undo the increment as we're about to bugcheck anyway. // InterlockedIncrement ((PLONG)&MiNoPageOnRaiseIrql); } #if DBG if (Verifier->NonPagedBytes) { DbgPrint ("Driver %wZ leaked %d nonpaged pool allocations (0x%x bytes)\n", &DataTableEntry->FullDllName, Verifier->CurrentNonPagedPoolAllocations, Verifier->NonPagedBytes); } #endif if (Verifier->PagedBytes || Verifier->NonPagedBytes) { #if 0 DbgBreakPoint (); InterlockedDecrement (&MiNoPageOnRaiseIrql); #else // // Snap this so the build/BVT lab can easily triage the culprit. // ViBadDriver = &Verifier->BaseName; KeBugCheckEx (DRIVER_VERIFIER_DETECTED_VIOLATION, 0x60, Verifier->PagedBytes, Verifier->NonPagedBytes, Verifier->CurrentPagedPoolAllocations + Verifier->CurrentNonPagedPoolAllocations); #endif } ExAcquireSpinLock (&Verifier->VerifierPoolLock, &OldIrql); if (Verifier->PoolHashReserved != 0) { KeBugCheckEx (DRIVER_VERIFIER_DETECTED_VIOLATION, 0x61, Verifier->PagedBytes, Verifier->NonPagedBytes, Verifier->CurrentPagedPoolAllocations + Verifier->CurrentNonPagedPoolAllocations); } OldHashTable = Verifier->PoolHash; if (OldHashTable != NULL) { Verifier->PoolHashSize = 0; Verifier->PoolHashFree = VI_POOL_FREELIST_END; Verifier->PoolHash = NULL; } else { ASSERT (Verifier->PoolHashSize == 0); ASSERT (Verifier->PoolHashFree == VI_POOL_FREELIST_END); } ExReleaseSpinLock (&Verifier->VerifierPoolLock, OldIrql); if (OldHashTable != NULL) { ExFreePool (OldHashTable); } // // Clear these fields so reuse of stale addresses don't trigger // erroneous bucket fills. // ExAcquireSpinLock (&VerifierListLock, &OldIrql); Verifier->StartAddress = NULL; Verifier->EndAddress = NULL; ExReleaseSpinLock (&VerifierListLock, OldIrql); } Verifier->Unloads += 1; MmVerifierData.Unloads += 1; MiActiveVerifies -= 1; if (MiActiveVerifies == 0) { if (MmVerifierData.Level & DRIVER_VERIFIER_FORCE_IRQL_CHECKING) { // // Return to normal thread stack protection. // if (KernelVerifier == FALSE) { KiStackProtectTime = MiVerifierStackProtectTime; } } #ifndef NO_POOL_CHECKS MiEnableRandomSpecialPool (TRUE); #endif } }

VOID MiWaitForForkToComplete (  IN PEPROCESS  CurrentProcess  )

Definition at line 1980 of file forksup.c. References APC_LEVEL, LOCK_ADDRESS_SPACE, LOCK_PFN, LOCK_WS_REGARDLESS, UNLOCK_ADDRESS_SPACE, UNLOCK_PFN, and UNLOCK_WS_REGARDLESS. Referenced by MiCopyOnWrite(), MiDecrementCloneBlockReference(), MiResolveDemandZeroFault(), and MmAccessFault(). 01986 : 01987 01988 This routine waits for the current process to complete a fork 01989 operation. 01990 01991 Arguments: 01992 01993 CurrentProcess - Supplies the current process value. 01994 01995 Return Value: 01996 01997 None. 01998 01999 Environment: 02000 02001 Kernel mode, APCs disabled, working set mutex and PFN mutex held. 02002 02003 --*/ 02004 02005 { 02006 ULONG OldIrql; 02007 LOGICAL WsHeldSafe; 02008 02009 // 02010 // A fork operation is in progress and the count of clone-blocks 02011 // and other structures may not be changed. Release the mutexes 02012 // and wait for the address creation mutex which governs the 02013 // fork operation. 02014 // 02015 02016 UNLOCK_PFN (APC_LEVEL); 02017 02018 // 02019 // The working set mutex may have been acquired safely or unsafely 02020 // by our caller. Handle both cases here and below, carefully making sure 02021 // that the OldIrql left in the WS mutex on return is the same as on entry. 02022 // 02023 02024 OldIrql = CurrentProcess->WorkingSetLock.OldIrql; 02025 02026 UNLOCK_WS_REGARDLESS (CurrentProcess, WsHeldSafe); 02027 02028 // 02029 // Explicitly acquire the working set lock safely as it may be released and 02030 // reacquired by our caller. 02031 // 02032 02033 LOCK_ADDRESS_SPACE (CurrentProcess); 02034 02035 // 02036 // The working set lock may have been acquired safely or unsafely 02037 // by our caller. Reacquire it in the same manner our caller did. 02038 // 02039 02040 LOCK_WS_REGARDLESS (CurrentProcess, WsHeldSafe); 02041 02042 // 02043 // Release the address creation mutex, the working set mutex 02044 // must be held to set the ForkInProgress field. 02045 // 02046 02047 UNLOCK_ADDRESS_SPACE (CurrentProcess); 02048 02049 // 02050 // Ensure the previous IRQL is correctly set to its entry value. 02051 // 02052 02053 CurrentProcess->WorkingSetLock.OldIrql = OldIrql; 02054 02055 // 02056 // Get the PFN lock again. 02057 // 02058 02059 LOCK_PFN (OldIrql); 02060 return; 02061 } #if DBG

NTSTATUS MiWaitForInPageComplete (  IN PMMPFN  Pfn, IN PMMPTE  PointerPte, IN PVOID  FaultingAddress, IN PMMPTE  PointerPteContents, IN PMMINPAGE_SUPPORT  InPageSupport, IN PEPROCESS  CurrentProcess )

Definition at line 2335 of file pagfault.c. References ASSERT, BYTE_OFFSET, _MDL::ByteCount, DbgPrint, FALSE, HYDRA_PROCESS, KeBugCheckEx(), KernelMode, KeWaitForSingleObject(), LOCK_PFN, LOCK_SESSION_SPACE_WS, LOCK_SYSTEM_WS, LOCK_WS, _MDL::MappedSystemVa, MDL_LOCK_HELD, MDL_MAPPED_TO_SYSTEM_VA, _MDL::MdlFlags, MI_INSERT_USED_PAGETABLE_ENTRIES_IN_PFN, MI_IS_SYSTEM_CACHE_ADDRESS, MI_MAGIC_AWE_PTEFRAME, MI_PFN_ELEMENT, MI_PTE_LOOKUP_NEEDED, MI_ZERO_USED_PAGETABLE_ENTRIES_IN_PFN, MiCheckVirtualAddress(), MiFaultRetries, MiFindActualFaultingPte(), MiFreeInPageSupportBlock(), MiIoRetryLevel, MiMapPageInHyperSpace(), MiPteToProto, MiUnmapPageInHyperSpace, MiUserFaultRetries, MiUserIoRetryLevel, MiZeroPhysicalPage(), MmIsAddressValid(), MmIsRetryIoStatus, MmUnmapLockedPages(), NT_SUCCESS, NTSTATUS(), NULL, Offset, PAGE_SHIFT, PAGE_SIZE, _MMPFN::PteAddress, _MMPFN::PteFrame, STATUS_PTE_CHANGED, STATUS_REFAULT, TRUE, _MMPTE::u, _MMPFN::u1, _MMPFN::u3, and WrPageIn. Referenced by MiDispatchFault(), and MiResolveTransitionFault(). 02346 : 02347 02348 Waits for a page read to complete. 02349 02350 Arguments: 02351 02352 Pfn - Supplies a pointer to the PFN element for the page being read. 02353 02354 PointerPte - Supplies a pointer to the pte that is in the transition 02355 state. 02356 02357 FaultingAddress - Supplies the faulting address. 02358 02359 PointerPteContents - Supplies the contents of the PTE before the 02360 working set lock was released. 02361 02362 InPageSupport - Supplies a pointer to the inpage support structure 02363 for this read operation. 02364 02365 Return Value: 02366 02367 Returns the status of the in page. 02368 02369 Note that the working set lock is held upon return !!! 02370 02371 Environment: 02372 02373 Kernel mode, APCs disabled. Neither the working set lock nor 02374 the PFN lock may be held. 02375 02376 --*/ 02377 02378 { 02379 PMMPTE NewPointerPte; 02380 PMMPTE ProtoPte; 02381 PMMPFN Pfn1; 02382 PMMPFN Pfn; 02383 PULONG Va; 02384 PPFN_NUMBER Page; 02385 PPFN_NUMBER LastPage; 02386 ULONG Offset; 02387 ULONG Protection; 02388 PMDL Mdl; 02389 KIRQL OldIrql; 02390 NTSTATUS status; 02391 NTSTATUS status2; 02392 02393 // 02394 // Wait for the I/O to complete. Note that we can't wait for all 02395 // the objects simultaneously as other threads/processes could be 02396 // waiting for the same event. The first thread which completes 02397 // the wait and gets the PFN mutex may reuse the event for another 02398 // fault before this thread completes its wait. 02399 // 02400 02401 KeWaitForSingleObject( &InPageSupport->Event, 02402 WrPageIn, 02403 KernelMode, 02404 FALSE, 02405 (PLARGE_INTEGER)NULL); 02406 02407 if (CurrentProcess == HYDRA_PROCESS) { 02408 LOCK_SESSION_SPACE_WS (OldIrql); 02409 } 02410 else if (CurrentProcess != NULL) { 02411 LOCK_WS (CurrentProcess); 02412 } 02413 else { 02414 LOCK_SYSTEM_WS (OldIrql); 02415 } 02416 02417 LOCK_PFN (OldIrql); 02418 02419 ASSERT (Pfn2->u3.e2.ReferenceCount != 0); 02420 02421 // 02422 // Check to see if this is the first thread to complete the in-page 02423 // operation. 02424 // 02425 02426 Pfn = InPageSupport->Pfn; 02427 if (Pfn2 != Pfn) { 02428 ASSERT (Pfn2->PteFrame != MI_MAGIC_AWE_PTEFRAME); 02429 Pfn2->u3.e1.ReadInProgress = 0; 02430 } 02431 02432 // 02433 // Another thread has already serviced the read, check the 02434 // io-error flag in the PFN database to ensure the in-page 02435 // was successful. 02436 // 02437 02438 if (Pfn2->u3.e1.InPageError == 1) { 02439 ASSERT (!NT_SUCCESS(Pfn2->u1.ReadStatus)); 02440 MiFreeInPageSupportBlock (InPageSupport); 02441 02442 if (MmIsRetryIoStatus(Pfn2->u1.ReadStatus)) { 02443 return STATUS_REFAULT; 02444 } 02445 return Pfn2->u1.ReadStatus; 02446 } 02447 02448 if (InPageSupport->Completed == FALSE) { 02449 02450 #if defined(_PREFETCH_) 02451 02452 // 02453 // The ReadInProgress bit for the dummy page is constantly cleared 02454 // below as there are generally multiple inpage blocks pointing to 02455 // the same dummy page. 02456 // 02457 02458 ASSERT ((Pfn->u3.e1.ReadInProgress == 1) || 02459 (Pfn->PteAddress == MI_PF_DUMMY_PAGE_PTE)); 02460 #else 02461 ASSERT (Pfn->u3.e1.ReadInProgress == 1); 02462 #endif 02463 02464 InPageSupport->Completed = TRUE; 02465 02466 Mdl = &InPageSupport->Mdl; 02467 02468 #if defined(_PREFETCH_) 02469 02470 if (InPageSupport->PrefetchMdl != NULL) { 02471 02472 // 02473 // This is a prefetcher-issued read. 02474 // 02475 02476 Mdl = InPageSupport->PrefetchMdl; 02477 } 02478 02479 #endif 02480 02481 if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { 02482 #if DBG 02483 Mdl->MdlFlags |= MDL_LOCK_HELD; 02484 #endif //DBG 02485 02486 MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); 02487 02488 #if DBG 02489 Mdl->MdlFlags &= ~MDL_LOCK_HELD; 02490 #endif //DBG 02491 } 02492 02493 ASSERT (Pfn->PteFrame != MI_MAGIC_AWE_PTEFRAME); 02494 02495 Pfn->u3.e1.ReadInProgress = 0; 02496 Pfn->u1.Event = (PKEVENT)NULL; 02497 02498 #if defined (_WIN64) 02499 // 02500 // Page directory and page table pages are never clustered, 02501 // ensure this is never violated as only one UsedPageTableEntries 02502 // is kept in the inpage support block. 02503 // 02504 02505 if (InPageSupport->UsedPageTableEntries) { 02506 Page = (PPFN_NUMBER)(Mdl + 1); 02507 LastPage = Page + ((Mdl->ByteCount - 1) >> PAGE_SHIFT); 02508 ASSERT (Page == LastPage); 02509 } 02510 02511 #if DBGXX 02512 MiCheckPageTableInPage (Pfn, InPageSupport); 02513 #endif 02514 #endif 02515 02516 MI_INSERT_USED_PAGETABLE_ENTRIES_IN_PFN(Pfn, InPageSupport); 02517 02518 // 02519 // Check the IO_STATUS_BLOCK to ensure the in-page completed successfully. 02520 // 02521 02522 if (!NT_SUCCESS(InPageSupport->IoStatus.Status)) { 02523 02524 if (InPageSupport->IoStatus.Status == STATUS_END_OF_FILE) { 02525 02526 // 02527 // An attempt was made to read past the end of file 02528 // zero all the remaining bytes in the read. 02529 // 02530 02531 Page = (PPFN_NUMBER)(Mdl + 1); 02532 LastPage = Page + ((Mdl->ByteCount - 1) >> PAGE_SHIFT); 02533 02534 while (Page <= LastPage) { 02535 MiZeroPhysicalPage (*Page, 0); 02536 02537 MI_ZERO_USED_PAGETABLE_ENTRIES_IN_PFN(MI_PFN_ELEMENT(*Page)); 02538 02539 Page += 1; 02540 } 02541 02542 } else { 02543 02544 // 02545 // In page io error occurred. 02546 // 02547 02548 status = InPageSupport->IoStatus.Status; 02549 status2 = InPageSupport->IoStatus.Status; 02550 02551 if (status != STATUS_VERIFY_REQUIRED) { 02552 02553 LOGICAL Retry; 02554 02555 Retry = FALSE; 02556 #if DBG 02557 DbgPrint ("MM: inpage I/O error %X\n", 02558 InPageSupport->IoStatus.Status); 02559 #endif 02560 02561 // 02562 // If this page is for paged pool or for paged 02563 // kernel code or page table pages, bugcheck. 02564 // 02565 02566 if ((FaultingAddress > MM_HIGHEST_USER_ADDRESS) && 02567 (!MI_IS_SYSTEM_CACHE_ADDRESS(FaultingAddress))) { 02568 02569 if (MmIsRetryIoStatus(status)) { 02570 02571 MiFaultRetries -= 1; 02572 if (MiFaultRetries != 0) { 02573 Retry = TRUE; 02574 } else { 02575 MiFaultRetries = MiIoRetryLevel; 02576 } 02577 } 02578 02579 if (Retry == FALSE) { 02580 02581 ULONG_PTR PteContents; 02582 02583 // 02584 // The prototype PTE resides in paged pool which may 02585 // not be resident at this point. Check first. 02586 // 02587 02588 if (MmIsAddressValid (PointerPte) == TRUE) { 02589 PteContents = *(PULONG_PTR)PointerPte; 02590 } 02591 else { 02592 PteContents = (ULONG_PTR)-1; 02593 } 02594 02595 KeBugCheckEx (KERNEL_DATA_INPAGE_ERROR, 02596 (ULONG_PTR)PointerPte, 02597 status, 02598 (ULONG_PTR)FaultingAddress, 02599 PteContents); 02600 } 02601 status2 = STATUS_REFAULT; 02602 } 02603 else { 02604 02605 if (MmIsRetryIoStatus(status)) { 02606 02607 MiUserFaultRetries -= 1; 02608 if (MiUserFaultRetries != 0) { 02609 Retry = TRUE; 02610 } else { 02611 MiUserFaultRetries = MiUserIoRetryLevel; 02612 } 02613 } 02614 02615 if (Retry == TRUE) { 02616 status2 = STATUS_REFAULT; 02617 } 02618 } 02619 } 02620 02621 Page = (PPFN_NUMBER)(Mdl + 1); 02622 LastPage = Page + ((Mdl->ByteCount - 1) >> PAGE_SHIFT); 02623 02624 while (Page <= LastPage) { 02625 Pfn1 = MI_PFN_ELEMENT (*Page); 02626 ASSERT (Pfn1->u3.e2.ReferenceCount != 0); 02627 Pfn1->u3.e1.InPageError = 1; 02628 Pfn1->u1.ReadStatus = status; 02629 02630 #if DBG 02631 { 02632 KIRQL Old; 02633 Va = (PULONG)MiMapPageInHyperSpace (*Page,&Old); 02634 RtlFillMemoryUlong (Va, PAGE_SIZE, 0x50444142); 02635 MiUnmapPageInHyperSpace (Old); 02636 } 02637 #endif //DBG 02638 Page += 1; 02639 } 02640 02641 MiFreeInPageSupportBlock (InPageSupport); 02642 return status2; 02643 } 02644 } else { 02645 02646 MiFaultRetries = MiIoRetryLevel; 02647 MiUserFaultRetries = MiUserIoRetryLevel; 02648 02649 if (InPageSupport->IoStatus.Information != Mdl->ByteCount) { 02650 02651 ASSERT (InPageSupport->IoStatus.Information != 0); 02652 02653 // 02654 // Less than a full page was read - zero the remainder 02655 // of the page. 02656 // 02657 02658 Page = (PPFN_NUMBER)(Mdl + 1); 02659 LastPage = Page + ((Mdl->ByteCount - 1) >> PAGE_SHIFT); 02660 Page += ((InPageSupport->IoStatus.Information - 1) >> PAGE_SHIFT); 02661 02662 Offset = BYTE_OFFSET (InPageSupport->IoStatus.Information); 02663 02664 if (Offset != 0) { 02665 KIRQL Old; 02666 Va = (PULONG)((PCHAR)MiMapPageInHyperSpace (*Page, &Old) 02667 + Offset); 02668 02669 RtlZeroMemory (Va, PAGE_SIZE - Offset); 02670 MiUnmapPageInHyperSpace (Old); 02671 } 02672 02673 // 02674 // Zero any remaining pages within the MDL. 02675 // 02676 02677 Page += 1; 02678 02679 while (Page <= LastPage) { 02680 MiZeroPhysicalPage (*Page, 0); 02681 Page += 1; 02682 } 02683 } 02684 } 02685 } 02686 02687 MiFreeInPageSupportBlock (InPageSupport); 02688 02689 // 02690 // Check to see if the faulting PTE has changed. 02691 // 02692 02693 NewPointerPte = MiFindActualFaultingPte (FaultingAddress); 02694 02695 // 02696 // If this PTE is in prototype PTE format, make the pointer to the 02697 // PTE point to the prototype PTE. 02698 // 02699 02700 if (NewPointerPte == (PMMPTE)NULL) { 02701 return STATUS_PTE_CHANGED; 02702 } 02703 02704 if (NewPointerPte != PointerPte) { 02705 02706 // 02707 // Check to make sure the NewPointerPte is not a prototype PTE 02708 // which refers to the page being made valid. 02709 // 02710 02711 if (NewPointerPte->u.Soft.Prototype == 1) { 02712 if (NewPointerPte->u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED) { 02713 02714 ProtoPte = MiCheckVirtualAddress (FaultingAddress, 02715 &Protection); 02716 02717 } else { 02718 ProtoPte = MiPteToProto (NewPointerPte); 02719 } 02720 02721 // 02722 // Make sure the prototype PTE refers to the PTE made valid. 02723 // 02724 02725 if (ProtoPte != PointerPte) { 02726 return STATUS_PTE_CHANGED; 02727 } 02728 02729 // 02730 // If the only difference is the owner mask, everything is okay. 02731 // 02732 02733 if (ProtoPte->u.Long != PointerPteContents->u.Long) { 02734 return STATUS_PTE_CHANGED; 02735 } 02736 } else { 02737 return STATUS_PTE_CHANGED; 02738 } 02739 } else { 02740 02741 if (NewPointerPte->u.Long != PointerPteContents->u.Long) { 02742 return STATUS_PTE_CHANGED; 02743 } 02744 } 02745 return STATUS_SUCCESS; 02746 }

VOID FASTCALL MiZeroPhysicalPage (  IN PFN_NUMBER  PageFrameIndex, IN ULONG  Color )

Definition at line 1184 of file mmsup.c. References KeZeroPage, MiMapPageInHyperSpace(), MiUnmapPageInHyperSpace, MM_COLOR_MASK, PAGE_SHIFT, and PAGE_SIZE. Referenced by MiInitMachineDependent(), MiRemoveZeroPage(), MiResolveDemandZeroFault(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiWaitForInPageComplete(), MmAccessFault(), MmAllocatePagesForMdl(), and MmCreateProcessAddressSpace(). 01191 : 01192 01193 This procedure maps the specified physical page into hyper space 01194 and fills the page with zeros. 01195 01196 Arguments: 01197 01198 PageFrameIndex - Supplies the physical page number to fill with 01199 zeroes. 01200 01201 Return Value: 01202 01203 none. 01204 01205 Environment: 01206 01207 Kernel mode. 01208 01209 --*/ 01210 01211 { 01212 PULONG va; 01213 KIRQL OldIrql; 01214 01215 #if defined(_ALPHA_) 01216 01217 HalZeroPage((PVOID)ULongToPtr((PageColor & MM_COLOR_MASK) << PAGE_SHIFT), 01218 (PVOID)ULongToPtr((PageColor & MM_COLOR_MASK) << PAGE_SHIFT), 01219 PageFrameIndex); 01220 #else 01221 01222 UNREFERENCED_PARAMETER (PageColor); 01223 01224 va = (PULONG)MiMapPageInHyperSpace (PageFrameIndex, &OldIrql); 01225 01226 #if defined(_X86_) 01227 01228 KeZeroPage(va); 01229 01230 #else 01231 01232 RtlZeroMemory (va, PAGE_SIZE); 01233 01234 #endif // X86 01235 01236 MiUnmapPageInHyperSpace (OldIrql); 01237 01238 #endif // ALPHA 01239 01240 return; 01241 }

VOID NodeTreeWalk (  PMMADDRESS_NODE  Start  )

---

Variable Documentation

MMPTE DemandZeroPde

Definition at line 4422 of file mi.h.

MMPTE DemandZeroPte

Definition at line 4424 of file mi.h.

PEPROCESS ExpDefaultErrorPortProcess

Definition at line 230 of file mi.h.

ULONG ExpMultiUserTS

Definition at line 4440 of file mi.h.

MMPTE GlobalPte

Definition at line 4911 of file mi.h.

MMPTE KernelPrototypePte

Definition at line 4426 of file mi.h.

LOGICAL KernelVerifier

Definition at line 4195 of file mi.h.

ULONG MiActiveVerifierThunks

Definition at line 4192 of file mi.h. Referenced by MiVerifierCheckThunks(), MmAddVerifierThunks(), and MmUnloadSystemImage().

ULONG_PTR MiActiveWriteWatch

Definition at line 2440 of file mi.h. Referenced by MiEliminateWorkingSetEntry(), MiFlushTbAndCapture(), MiPhysicalViewInserter(), and MiPhysicalViewRemover().

ULONG MiDelayPageFaults

Definition at line 4555 of file mi.h. Referenced by MiAllocateContiguousMemory(), MmAccessFault(), MmGatherMemoryForHibernate(), and MmRemovePhysicalMemory().

ULONG MiFaultRetries

Definition at line 246 of file mi.h. Referenced by MiApplyDriverVerifier(), and MiWaitForInPageComplete().

PMMINPAGE_SUPPORT MiGetInPageSupportBlock(VOID)

PMMPTE MiHighestUserPde

Definition at line 5701 of file mi.h. Referenced by MiDetermineUserGlobalPteMask(), and MmInitSystem().

PMMPTE MiHighestUserPte

Definition at line 5700 of file mi.h. Referenced by MiAccessCheck(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDetermineUserGlobalPteMask(), and MmInitSystem().

BOOLEAN MiHydra

Definition at line 4438 of file mi.h. Referenced by MiAttachSession(), MiCheckAndSetSystemTrimCriteria(), MiCheckControlArea(), MiCheckForControlAreaDeletion(), MiCheckPdeForPagedPool(), MiCheckPdeForSessionSpace(), MiCheckProcessTrimCriteria(), MiCleanSection(), MiCompleteProtoPteFault(), MiCreateImageFileMap(), MiDetachSession(), MiDispatchFault(), MiEmptyAllWorkingSets(), MiEmptyAllWorkingSetsWorker(), MiEmptyWorkingSet(), MiEnablePagingTheExecutive(), MiFreePoolPages(), MiInitializeSpecialPool(), MiInitializeSystemSpaceMap(), MiInitMachineDependent(), MiLoadImageSection(), MiLoadSystemImage(), MiRearrangeWorkingSetExpansionList(), MiRemoveFromSystemSpace(), MiRemoveMappedPtes(), MiSessionInSwapProcess(), MiSessionOutSwapProcess(), MmAccessFault(), MmCleanProcessAddressSpace(), MmCreateProcessAddressSpace(), MmCreateSection(), MmFlushImageSection(), MmForceSectionClosed(), MmInitSystem(), MmInSwapProcess(), MmMapViewInSessionSpace(), MmOutSwapProcess(), MmSessionCreate(), MmSessionDelete(), MmSessionSetUnloadAddress(), MmUnmapViewInSessionSpace(), MmWorkingSetManager(), and VeAllocatePoolWithTagPriority().

ULONG MiIoRetryLevel

Definition at line 245 of file mi.h. Referenced by MiApplyDriverVerifier(), MiFlushSectionInternal(), MiMakeOutswappedPageResident(), and MiWaitForInPageComplete().

KEVENT MiMappedPagesTooOldEvent

Definition at line 5138 of file mi.h. Referenced by MiModifiedPageWriterTimerDispatch(), MiModifiedPageWriterWorker(), and MmInitSystem().

LARGE_INTEGER MiModifiedPageLife

Definition at line 5134 of file mi.h. Referenced by MiInsertPageInList(), MiModifiedPageWriterWorker(), and MmInitSystem().

KTIMER MiModifiedPageWriterTimer

Definition at line 5142 of file mi.h. Referenced by MiInsertPageInList(), MiModifiedPageWriterWorker(), and MmInitSystem().

KDPC MiModifiedPageWriterTimerDpc

Definition at line 5140 of file mi.h. Referenced by MiInsertPageInList(), MiModifiedPageWriterWorker(), and MmInitSystem().

ULONG MiOverCommitCallCount

Definition at line 5162 of file mi.h. Referenced by MiCauseOverCommitPopup().

ULONG MiRequestedSystemPtes

Definition at line 4664 of file mi.h. Referenced by MiInitializeSpecialPool(), MiInitMachineDependent(), and MmInitSystem().

PMMPTE MiSessionBasePte

Definition at line 5703 of file mi.h. Referenced by MmInitSystem().

ULONG MiSessionCount

Definition at line 5611 of file mi.h. Referenced by MiDereferenceSession(), and MmSessionCreate().

PMMPTE MiSessionLastPte

Definition at line 5704 of file mi.h. Referenced by MmInitSystem().

LIST_ENTRY MiSessionWsList

Definition at line 5771 of file mi.h. Referenced by MiInitializeSessionWsSupport(), and MiSessionInitializeWorkingSetList().

ULONG MiSpecialPagesNonPaged

Definition at line 4331 of file mi.h. Referenced by MiAllocateSpecialPool(), and MmFreeSpecialPool().

ULONG MiSpecialPagesNonPagedMaximum

Definition at line 4332 of file mi.h. Referenced by MiAllocateSpecialPool(), and MiInitializeSpecialPool().

LIST_ENTRY MiSuspectDriverList

Definition at line 4193 of file mi.h. Referenced by MiApplyDriverVerifier(), MiInitializeDriverVerifierList(), MiVerifyingDriverUnloading(), MmGetVerifierInformation(), ViInsertVerifierEntry(), and ViLocateVerifierEntry().

ULONG_PTR MiSystemViewStart

Definition at line 4744 of file mi.h. Referenced by MiInitializeSystemSpaceMap(), and MmInitSystem().

BOOLEAN MiTimerPending

Definition at line 5136 of file mi.h. Referenced by MiInsertPageInList(), MiModifiedPageWriterTimerDispatch(), and MiModifiedPageWriterWorker().

BOOLEAN MiTrackingAborted

Definition at line 2676 of file mi.h. Referenced by MiAddMdlTracker(), MiFreeMdlTracker(), and MmCleanProcessAddressSpace().

PUNLOADED_DRIVERS MiUnloadedDrivers

Definition at line 2694 of file mi.h.

SIZE_T MiUnusedSegmentNonPagedPoolUsage

Definition at line 4960 of file mi.h.

SIZE_T MiUnusedSegmentPagedPoolUsage

Definition at line 4953 of file mi.h.

ULONG MiUserFaultRetries

Definition at line 248 of file mi.h. Referenced by MiApplyDriverVerifier(), and MiWaitForInPageComplete().

ULONG MiUserIoRetryLevel

Definition at line 247 of file mi.h. Referenced by MiApplyDriverVerifier(), and MiWaitForInPageComplete().

LARGE_INTEGER Mm30Milliseconds

Definition at line 217 of file mi.h. Referenced by MiFlushAllPages(), MiFlushSectionInternal(), MiGatherPagefilePages(), MiModifiedPageWriterWorker(), MiWriteComplete(), MmAccessFault(), and MmGatherMemoryForHibernate().

ULONG MmAliasAlignment

Definition at line 4775 of file mi.h.

ULONG MmAliasAlignmentMask

Definition at line 4789 of file mi.h.

ULONG MmAliasAlignmentOffset

Definition at line 4782 of file mi.h.

PFN_NUMBER MmAllocatedNonPagedPool

Definition at line 4650 of file mi.h.

MMPAGE_FILE_EXPANSION MmAttemptForCantExtend

Definition at line 5073 of file mi.h. Referenced by MiChargeCommitmentCantExpand(), MiIssuePageExtendRequestNoWait(), and MmInitSystem().

PFN_COUNT MmAvailablePages

Definition at line 4480 of file mi.h.

KEVENT MmAvailablePagesEvent

Definition at line 4581 of file mi.h. Referenced by MiEnsureAvailablePageOrWait(), MiInsertPageInList(), MiInsertStandbyListAtFront(), and MmInitSystem().

KEVENT MmAvailablePagesEventHigh

Definition at line 4583 of file mi.h. Referenced by MiEnsureAvailablePageOrWait(), MiInsertPageInList(), MiInsertStandbyListAtFront(), and MmInitSystem().

MMPFNLIST MmBadPageListHead

Definition at line 4569 of file mi.h.

KSPIN_LOCK MmChargeCommitmentLock

Definition at line 4899 of file mi.h. Referenced by MiAttemptPageFileReduction(), MiCauseOverCommitPopup(), MiChargeCommitment(), MiChargeCommitmentCantExpand(), MiCheckForUserStackOverflow(), MiContractPagingFiles(), MiExtendPagingFiles(), MiInsertConflictInList(), MiInsertPageFileInList(), MiIssuePageExtendRequestNoWait(), MiPageFileFull(), MiRemoveConflictFromList(), MiReturnCommitment(), MmAddPhysicalMemory(), MmInitSystem(), and MmRemovePhysicalMemory().

ULONG MmCodeClusterSize

Definition at line 4854 of file mi.h. Referenced by MiResolveMappedFileFault(), and MmInitSystem().

KEVENT MmCollidedFlushEvent

Definition at line 5098 of file mi.h. Referenced by MiFlushSectionInternal(), and MmInitSystem().

KEVENT MmCollidedLockEvent

Definition at line 5100 of file mi.h. Referenced by MmInitSystem(), MmLockPagableSectionByHandle(), and MmUnlockPagableImageSection().

PMMPTE MmCrashDumpPte

Definition at line 5160 of file mi.h.

LARGE_INTEGER MmCriticalSectionTimeout

Definition at line 218 of file mi.h. Referenced by MmCreatePeb(), and MmInitSystem().

ULONG MmCritsectTimeoutSeconds

Definition at line 224 of file mi.h.

ULONG MmDataClusterSize

Definition at line 4852 of file mi.h. Referenced by MiResolveMappedFileFault(), and MmInitSystem().

PMMPTE MmDebugPte

Definition at line 5158 of file mi.h.

SIZE_T MmDefaultMaximumNonPagedPool

Definition at line 4640 of file mi.h. Referenced by MiInitMachineDependent().

MMDEREFERENCE_SEGMENT_HEADER MmDereferenceSegmentHeader

Definition at line 4944 of file mi.h. Referenced by MiChargeCommitmentCantExpand(), MiCheckForControlAreaDeletion(), MiContractPagingFiles(), MiDereferenceSegmentThread(), MiIssuePageExtendRequest(), MiIssuePageExtendRequestNoWait(), MiSectionInitialization(), and MiSegmentDelete().

ULONG MmDisablePagingExecutive

Definition at line 4929 of file mi.h.

LOGICAL MmDontVerifyRandomDrivers

Definition at line 4074 of file mi.h.

FAST_MUTEX MmDynamicMemoryMutex

Definition at line 1369 of file mi.h. Referenced by MiCheckForCrashDump(), MiFindContiguousMemory(), MmAddPhysicalMemory(), MmAllocatePagesForMdl(), MmGetPhysicalMemoryRanges(), MmInitSystem(), and MmRemovePhysicalMemory().

LOGICAL MmDynamicPfn

Definition at line 1367 of file mi.h.

ULONG MmEnforceWriteProtection

Definition at line 4077 of file mi.h.

ULONG MmExpandedPoolBitPosition

Definition at line 4656 of file mi.h. Referenced by MiFreePoolPages(), and MiInitializeNonPagedPool().

KSPIN_LOCK MmExpansionLock

Definition at line 4905 of file mi.h. Referenced by MmInitSystem(), and MmTrimAllSystemPagableMemory().

SIZE_T MmExtendedCommit

Definition at line 232 of file mi.h.

PMMPFN MmFirstDeadKernelStack

Definition at line 4798 of file mi.h. Referenced by MmCreateKernelStack(), and MmDeleteKernelStack().

MMPTE MmFirstFreeSystemPte[MaximumPtePoolTypes]

Definition at line 4742 of file mi.h. Referenced by MiInitializeSystemPtes(), MiReleaseSystemPtes(), and MiReserveSystemPtes2().

PMMPTE MmFirstReservedMappingPte

Definition at line 4616 of file mi.h. Referenced by MiInitMachineDependent(), and MiMapPageInHyperSpace().

ULONG MmFlushCounter

Definition at line 4696 of file mi.h. Referenced by MiFlushPteList(), MiInitializeSystemPtes(), MiReleaseSystemPtes(), and MiReserveSystemPtes().

PFN_NUMBER MmFreeGoal

Definition at line 5120 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckProcessTrimCriteria(), MiGatherMappedPages(), MiModifiedPageWriterWorker(), MiResolveMappedFileFault(), and MmShutdownSystem().

MMPFNLIST MmFreePageListHead

Definition at line 4561 of file mi.h.

LIST_ENTRY MmFreePagingSpaceLow

Definition at line 5090 of file mi.h. Referenced by MiExtendPagingFileMaximum(), MiGatherPagefilePages(), MiModifiedPageWriter(), MiUpdateModifiedWriterMdls(), and MiWriteComplete().

LARGE_INTEGER MmHalfSecond

Definition at line 216 of file mi.h. Referenced by MiAllocateContiguousMemory(), MiMakeOutswappedPageResident(), MmAccessFault(), MmRemovePhysicalMemory(), and NtCreateSection().

PHARD_FAULT_NOTIFY_ROUTINE MmHardFaultNotifyRoutine

Definition at line 5171 of file mi.h. Referenced by MiDispatchFault(), MmInitSystem(), and MmSetHardFaultNotifyRoutine().

SIZE_T MmHeapDeCommitFreeBlockThreshold

Definition at line 4686 of file mi.h.

SIZE_T MmHeapDeCommitTotalFreeThreshold

Definition at line 4684 of file mi.h.

SIZE_T MmHeapSegmentCommit

Definition at line 4682 of file mi.h.

SIZE_T MmHeapSegmentReserve

Definition at line 4680 of file mi.h.

PFN_NUMBER MmHiberPages

Definition at line 238 of file mi.h. Referenced by MiInitMachineDependent().

PFN_NUMBER MmHighestPhysicalPage

Definition at line 4467 of file mi.h.

PFN_NUMBER MmHighestPossiblePhysicalPage

Definition at line 4473 of file mi.h.

PVOID MmHighSectionBase

Definition at line 4821 of file mi.h. Referenced by MmCreateSection(), and MmInitSystem().

KEVENT MmImageMappingPteEvent

Definition at line 4846 of file mi.h. Referenced by MiMapImageHeaderInHyperSpace(), and MmInitSystem().

ULONG MmLargePageMinimum

Definition at line 4367 of file mi.h.

PMMPTE MmLastReservedMappingPte

Definition at line 4618 of file mi.h. Referenced by MiInitMachineDependent().

LIST_ENTRY MmLockConflictList

Definition at line 995 of file mi.h. Referenced by MiCheckForUserStackOverflow(), MiInsertConflictInList(), and MmInitSystem().

SIZE_T MmLockPagesLimit

Definition at line 4668 of file mi.h. Referenced by MmInitSystem(), and MmProbeAndLockPages().

ULONG MmLockPagesPercentage

Definition at line 4334 of file mi.h.

PFN_NUMBER MmLowestPhysicalPage

Definition at line 4461 of file mi.h.

ACCESS_MASK MmMakeFileAccess[8]

Definition at line 204 of file mi.h. Referenced by MmCreateSection().

ULONG MmMakeProtectNotWriteCopy[32]

Definition at line 202 of file mi.h.

ACCESS_MASK MmMakeSectionAccess[8]

Definition at line 203 of file mi.h. Referenced by NtMapViewOfSection().

MMMOD_WRITER_LISTHEAD MmMappedFileHeader

Definition at line 5081 of file mi.h. Referenced by MiGatherMappedPages(), MiModifiedPageWriter(), and MiModifiedPageWriterWorker().

KEVENT MmMappedFileIoComplete

Definition at line 4610 of file mi.h. Referenced by MiCleanSection(), MiWriteComplete(), MmInitSystem(), and MmPurgeSection().

PMMMOD_WRITER_MDL_ENTRY MmMappedFileMdl[MM_MAPPED_FILE_MDLS]

Definition at line 5088 of file mi.h. Referenced by MiModifiedPageWriter().

ULONG MmMaxAdditionNonPagedPoolPerMb

Definition at line 4644 of file mi.h. Referenced by MiInitMachineDependent().

ULONG MmMaximumDeadKernelStacks

Definition at line 4797 of file mi.h. Referenced by MmDeleteKernelStack(), and MmInitSystem().

SIZE_T MmMaximumNonPagedPoolInBytes

Definition at line 4648 of file mi.h.

SIZE_T MmMaxUnusedSegmentNonPagedPoolUsage

Definition at line 4957 of file mi.h. Referenced by MiCheckControlArea(), MiRemoveUnusedSegments(), and MmInitSystem().

SIZE_T MmMaxUnusedSegmentPagedPoolUsage

Definition at line 4950 of file mi.h. Referenced by MiCheckControlArea(), MiRemoveUnusedSegments(), and MmInitSystem().

ULONG MmMinAdditionNonPagedPoolPerMb

Definition at line 4642 of file mi.h. Referenced by MiInitMachineDependent().

ULONG MmMinimumFreeDiskSpace

Definition at line 5128 of file mi.h. Referenced by MiAttemptPageFileExtension().

PFN_NUMBER MmMinimumFreePages

Definition at line 5118 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckSystemTrimEndCriteria(), MiRemovePageByColor(), MiRemovePageFromList(), MiUnlinkFreeOrZeroedPage(), MiUnlinkPageFromList(), MmInitSystem(), and MmWorkingSetManager().

PFN_NUMBER MmMinimumFreePagesToZero

Definition at line 4604 of file mi.h. Referenced by MiInsertPageInList().

SIZE_T MmMinimumNonPagedPoolSize

Definition at line 4638 of file mi.h. Referenced by MiInitMachineDependent().

ULONG MmMinimumPageFileReduction

Definition at line 5132 of file mi.h. Referenced by MiAttemptPageFileReduction(), and MiContractPagingFiles().

PFN_NUMBER MmMinimumWorkingSetSize

Definition at line 5152 of file mi.h. Referenced by MmAdjustWorkingSetSize().

MMPFNLIST MmModifiedNoWritePageListHead

Definition at line 4567 of file mi.h.

MMPFNLIST MmModifiedPageListByColor[MM_MAXIMUM_NUMBER_OF_COLORS]

Definition at line 4573 of file mi.h.

MMPFNLIST MmModifiedPageListHead

Definition at line 4565 of file mi.h.

PFN_NUMBER MmModifiedPageMaximum

Definition at line 5122 of file mi.h. Referenced by MiInsertPageInList(), MmAccessFault(), MmInitSystem(), and MmWorkingSetManager().

PFN_NUMBER MmModifiedPageMinimum

Definition at line 5124 of file mi.h. Referenced by MmInitSystem().

KEVENT MmModifiedPageWriterEvent

Definition at line 5096 of file mi.h. Referenced by MiFlushAllPages(), MiInsertPageInList(), MiModifiedPageWriterWorker(), MiObtainFreePages(), MmInitSystem(), MmShutdownSystem(), and MmWorkingSetManager().

ULONG MmModifiedWriteClusterSize

Definition at line 5126 of file mi.h. Referenced by MiCleanSection(), MiFlushSectionInternal(), MiGatherMappedPages(), MiGatherPagefilePages(), MiModifiedPageWriter(), MiObtainFreePages(), MmShutdownSystem(), and NtCreatePagingFile().

ULONG MmModNoWriteInsert

Definition at line 4575 of file mi.h. Referenced by MiGatherMappedPages(), MiModifiedPageWriterWorker(), and MiObtainFreePages().

PFN_NUMBER MmMoreThanEnoughFreePages

Definition at line 4486 of file mi.h. Referenced by MiCheckAndSetSystemTrimCriteria(), MiCheckProcessTrimCriteria(), MiDoReplacement(), MiModifiedPageWriterWorker(), MmAccessFault(), MmInitSystem(), and MmSetMemoryPriorityProcess().

ULONG MmMustSucceedPoolBitPosition

Definition at line 4660 of file mi.h. Referenced by MiFreePoolPages(), and MiInitializeNonPagedPool().

PVOID MmNonPagedMustSucceed

Definition at line 4710 of file mi.h. Referenced by MiAllocatePoolPages(), MiFreePoolPages(), MiInitializeNonPagedPool(), and MiInitMachineDependent().

PVOID MmNonPagedPoolEnd

Definition at line 4704 of file mi.h.

PVOID MmNonPagedPoolExpansionStart

Definition at line 4654 of file mi.h. Referenced by MiAllocatePoolPages(), MiFreePoolPages(), MiInitializeNonPagedPool(), MiInitMachineDependent(), and MmAccessFault().

LIST_ENTRY MmNonPagedPoolFreeListHead[MI_MAX_FREE_LIST_HEADS]

Definition at line 4690 of file mi.h. Referenced by MiAllocatePoolPages(), MiFindContiguousMemory(), MiFreePoolPages(), MiInitializeNonPagedPool(), and MmSetKernelDumpRange().

PVOID MmNonPagedPoolStart

Definition at line 4702 of file mi.h.

PVOID MmNonPagedSystemStart

Definition at line 4626 of file mi.h.

ULONG MmNumberDeadKernelStacks

Definition at line 4796 of file mi.h. Referenced by MmCreateKernelStack(), and MmDeleteKernelStack().

ULONG MmNumberOfActiveMdlEntries

Definition at line 5092 of file mi.h. Referenced by MiGatherPagefilePages(), MiInsertPageFileInList(), MiReleasePageFileSpace(), MiUpdateModifiedWriterMdls(), and MiWriteComplete().

PFN_NUMBER MmNumberOfFreeNonPagedPool

Definition at line 4658 of file mi.h. Referenced by MiAllocatePoolPages(), MiFindContiguousMemory(), MiFreePoolPages(), and MiInitializeNonPagedPool().

ULONG MmNumberOfPagingFiles

Definition at line 5094 of file mi.h.

PFN_COUNT MmNumberOfPhysicalPages

Definition at line 4455 of file mi.h.

ULONG MmNumberOfSystemPtes

Definition at line 4662 of file mi.h.

LARGE_INTEGER MmOneSecond

Definition at line 213 of file mi.h. Referenced by MiFlushSectionInternal(), MiIssuePageExtendRequest(), and MiMapImageHeaderInHyperSpace().

SIZE_T MmOverCommit

Definition at line 5110 of file mi.h.

PVOID MmPageAlignedPoolBase[2]

Definition at line 4732 of file mi.h. Referenced by MiAllocatePoolPages(), MiBuildPagedPool(), MiFreePoolPages(), and MiInitMachineDependent().

PMMPTE MmPagedPoolBasePde

Definition at line 4678 of file mi.h. Referenced by MiBuildPagedPool().

PVOID MmPagedPoolEnd

Definition at line 4708 of file mi.h.

MM_PAGED_POOL_INFO MmPagedPoolInfo

Definition at line 4730 of file mi.h.

PVOID MmPagedPoolStart

Definition at line 4706 of file mi.h.

PPAGE_FAULT_NOTIFY_ROUTINE MmPageFaultNotifyRoutine

Definition at line 5170 of file mi.h. Referenced by MmAccessFault(), MmInitSystem(), and MmSetPageFaultNotifyRoutine().

FAST_MUTEX MmPageFileCreationLock

Definition at line 4860 of file mi.h. Referenced by MmInitSystem(), and NtCreatePagingFile().

ULONG MmPageFileExtension

Definition at line 5130 of file mi.h. Referenced by MiAttemptPageFileExtension().

PMMPFNLIST MmPageLocationList[NUMBER_OF_PAGE_LISTS]

Definition at line 4571 of file mi.h. Referenced by MiCleanSection(), MiDecommitPages(), MiDecrementCloneBlockReference(), MiDecrementReferenceCount(), MiDeletePte(), MiDeleteSystemPagableVm(), MiDispatchFault(), MiFreeInitializationCode(), MiGatherMappedPages(), MiInitMachineDependent(), MiInsertPageInList(), MiPurgeImageSection(), MiRemovePageByColor(), MiRemovePhysicalPages(), MiResetVirtualMemory(), MiResolveTransitionFault(), MiSegmentDelete(), MiUnlinkFreeOrZeroedPage(), MiUnlinkPageFromList(), MmAddPhysicalMemory(), MmAllocatePagesForMdl(), MmDeleteProcessAddressSpace(), MmFreeLoaderBlock(), MmPurgeSection(), MmRemovePhysicalMemory(), and MmZeroPageThread().

PFN_NUMBER MmPagesAboveWsMaximum

Definition at line 4513 of file mi.h.

PFN_NUMBER MmPagesAboveWsMinimum

Definition at line 4506 of file mi.h. Referenced by MiAddWorkingSetPage(), MiCheckAndSetSystemTrimCriteria(), MiFreeWsle(), MiLocateAndReserveWsle(), MiObtainFreePages(), MiReleaseWsle(), MmAdjustWorkingSetSize(), and MmCleanProcessAddressSpace().

PFN_NUMBER MmPagesAboveWsThreshold

Definition at line 4520 of file mi.h. Referenced by MiObtainFreePages().

PMMPAGING_FILE MmPagingFile[MAX_PAGE_FILES]

Definition at line 5083 of file mi.h. Referenced by MiAttemptPageFileExtension(), MiAttemptPageFileReduction(), MiCheckForCrashDump(), MiContractPagingFiles(), MiExtendPagingFileMaximum(), MiExtendPagingFiles(), MiInsertPageFileInList(), MiMakeOutswappedPageResident(), MiModifiedPageWriterWorker(), MiPageFileFull(), MiReleasePageFileSpace(), MiResolvePageFileFault(), MiUpdateModifiedWriterMdls(), MmGetPageFileInformation(), MmShutdownSystem(), and NtCreatePagingFile().

PKEVENT MmPagingFileCreated

Definition at line 4866 of file mi.h.

ULONG_PTR MmPagingFileDebug[]

Definition at line 4872 of file mi.h. Referenced by MiCheckForCrashDump(), MiGatherPagefilePages(), MiReleasePageFileSpace(), MiResolvePageFileFault(), and MiWriteComplete().

MMMOD_WRITER_LISTHEAD MmPagingFileHeader

Definition at line 5079 of file mi.h. Referenced by MiGatherPagefilePages(), MiInsertPageFileInList(), MiModifiedPageWriter(), MiModifiedPageWriterWorker(), MiUpdateModifiedWriterMdls(), MiWriteComplete(), and NtCreatePagingFile().

SIZE_T MmPeakCommitment

Definition at line 3982 of file mi.h.

PMMPFN MmPfnDatabase

Definition at line 4557 of file mi.h.

KSPIN_LOCK MmPfnLock

Definition at line 4880 of file mi.h.

ULONG MmProcessColorSeed

Definition at line 4921 of file mi.h. Referenced by MmCreateProcessAddressSpace().

LOGICAL MmProtectFreedNonPagedPool

Definition at line 4076 of file mi.h.

ULONG MmProtectToPteMask[32]

Definition at line 201 of file mi.h. Referenced by MiInitMachineDependent().

ULONG MmProtectToValue[32]

Definition at line 200 of file mi.h.

SPFN_NUMBER MmResidentAvailablePages

Definition at line 4499 of file mi.h.

SIZE_T MmResTrack[MM_BUMP_COUNTER_MAX]

Definition at line 5164 of file mi.h.

ULONG MmSecondaryColors

Definition at line 4919 of file mi.h.

FAST_MUTEX MmSectionBasedMutex

Definition at line 4833 of file mi.h. Referenced by MiMapViewOfDataSection(), MiRemoveMappedView(), MiSectionDelete(), MmCreateSection(), MmExtendSection(), and MmInitSystem().

PMMADDRESS_NODE MmSectionBasedRoot

Definition at line 4819 of file mi.h. Referenced by MiFindEmptySectionBaseDown(), MiInsertBasedSection(), MiRemoveBasedSection(), MiSectionInitialization(), and MmCreateSection().

FAST_MUTEX MmSectionCommitMutex

Definition at line 4827 of file mi.h. Referenced by MiCreateImageFileMap(), MiCreatePagingFileMap(), MiMapViewOfDataSection(), MiProtectVirtualMemory(), MiSegmentDelete(), MmInitSystem(), and NtAllocateVirtualMemory().

ERESOURCE MmSectionExtendResource

Definition at line 4839 of file mi.h. Referenced by MmExtendSection(), and MmInitSystem().

ERESOURCE MmSectionExtendSetResource

Definition at line 4840 of file mi.h. Referenced by MmExtendSection(), and MmInitSystem().

MMSESSION MmSession

Definition at line 2642 of file mi.h. Referenced by MiInitializeSystemSpaceMap(), MiLoadSystemImage(), MiMapViewInSystemSpace(), MiUnmapViewInSystemSpace(), MmMapViewInSessionSpace(), MmMapViewInSystemSpace(), MmUnmapViewInSessionSpace(), and MmUnmapViewInSystemSpace().

ULONG_PTR MmSessionBase

Definition at line 5211 of file mi.h. Referenced by MiAllocatePoolPages(), MiAttachSession(), MiDereferenceSession(), MiDetachSession(), MiInitMachineDependent(), MiSessionCommitPageTables(), MiSessionCreateInternal(), MmInitSystem(), and MmSessionCreate().

ULONG MmSessionFailureCauses[MM_SESSION_FAILURE_CAUSES]

Definition at line 5378 of file mi.h.

PMM_SESSION_SPACE MmSessionSpace

Definition at line 5609 of file mi.h. Referenced by MiAddValidPageToWorkingSet(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiCheckPdeForSessionSpace(), MiCheckSessionPoolAllocations(), MiCheckVirtualAddress(), MiDeleteSystemPagableVm(), MiDereferenceSession(), MiDetachSession(), MiFreePoolPages(), MiFreeSessionPoolBitMaps(), MiFreeSessionSpaceMap(), MiInitializeSessionPool(), MiInsertWsle(), MiLoadImageSection(), MiLoadSystemImage(), MiLockCode(), MiRemoveImageSessionWide(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiSessionAddProcess(), MiSessionCommitImagePages(), MiSessionCommitPageTables(), MiSessionCopyOnWrite(), MiSessionCreateInternal(), MiSessionInitializeWorkingSetList(), MiSessionInsertImage(), MiSessionInSwapProcess(), MiSessionLookupImage(), MiSessionOutSwapProcess(), MiSessionPoolAllocated(), MiSessionPoolFreed(), MiSessionPoolVector(), MiSessionRemoveImage(), MiSessionRemoveProcess(), MiSessionUnloadAllImages(), MiSessionWideReserveImageAddress(), MiSetPagingOfDriver(), MiShareSessionImage(), MiUnmapViewInSystemSpace(), MiUpdateWsle(), MmAccessFault(), MmCreateProcessAddressSpace(), MmInitSystem(), MmMapViewInSessionSpace(), MmResourcesAvailable(), MmSessionCreate(), MmSessionDelete(), MmSessionSetUnloadAddress(), MmUnloadSystemImage(), MmUnmapViewInSessionSpace(), and MmWorkingSetManager().

LARGE_INTEGER MmSevenMinutes

Definition at line 211 of file mi.h. Referenced by MiEnsureAvailablePageOrWait().

SIZE_T MmSharedCommit

Definition at line 5112 of file mi.h.

LARGE_INTEGER MmShortTime

Definition at line 215 of file mi.h. Referenced by MiCheckControlAreaStatus(), MiCheckSystemTrimEndCriteria(), MiCleanSection(), MiCloneProcessAddressSpace(), MiDispatchFault(), MiEmptyWorkingSet(), MiModifiedPageWriterWorker(), MiPurgeImageSection(), MiRemoveUnusedSegments(), MiResolveProtoPteFault(), MmAccessFault(), MmCopyToCachedPage(), MmFlushSection(), MmFlushVirtualMemory(), MmGetSystemRoutineAddress(), and MmWorkingSetManager().

PFN_NUMBER MmSizeOfNonPagedMustSucceed

Definition at line 4652 of file mi.h. Referenced by MiInitializeNonPagedPool(), and MiInitMachineDependent().

SIZE_T MmSizeOfNonPagedPoolInBytes

Definition at line 4636 of file mi.h.

SIZE_T MmSizeOfPagedPoolInBytes

Definition at line 4646 of file mi.h.

LOGICAL MmSnapUnloads

Definition at line 2683 of file mi.h.

MMPFNLIST MmStandbyPageListHead

Definition at line 4563 of file mi.h.

ULONG_PTR MmSubsectionBase

Definition at line 4434 of file mi.h.

ULONG_PTR MmSubsectionTopPage

Definition at line 4436 of file mi.h. Referenced by MiAllocatePoolPages(), and MiInitMachineDependent().

PRTL_BITMAP MmSystemCacheAllocationMap

Definition at line 4760 of file mi.h.

PVOID MmSystemCacheEnd

Definition at line 4758 of file mi.h.

PRTL_BITMAP MmSystemCacheEndingMap

Definition at line 4762 of file mi.h.

PVOID MmSystemCacheStart

Definition at line 4756 of file mi.h.

PMMWSL MmSystemCacheWorkingSetList

Definition at line 4752 of file mi.h. Referenced by MiDeleteSystemPagableVm(), MiInitializeSystemCache(), MiInsertWsle(), MiLockCode(), MiRemoveWsle(), MiUpdateWsle(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmInitSystem(), MmUnmapViewInSystemCache(), and MmWorkingSetManager().

PMMWSLE MmSystemCacheWsle

Definition at line 4754 of file mi.h. Referenced by MiAddValidPageToWorkingSet(), MiEliminateWorkingSetEntry(), MiInitializeSystemCache(), MiUpdateWsle(), MmCheckCachedPageState(), and MmCopyToCachedPage().

PFN_NUMBER MmSystemCacheWsMaximum

Definition at line 4766 of file mi.h. Referenced by MiInitializeSystemCache(), and MmInitSystem().

PFN_NUMBER MmSystemCacheWsMinimum

Definition at line 4764 of file mi.h. Referenced by MiInitializeSystemCache(), and MmInitSystem().

KMUTANT MmSystemLoadLock

Definition at line 928 of file mi.h. Referenced by MiLoadSystemImage(), MiLookupPsLoadedModule(), MmAddVerifierThunks(), MmGetVerifierInformation(), MmInitSystem(), MmSetVerifierInformation(), and MmUnloadSystemImage().

PETHREAD MmSystemLockOwner

Definition at line 996 of file mi.h. Referenced by MiEmptyWorkingSet(), MiEnsureAvailablePageOrWait(), MmAccessFault(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

PFN_NUMBER MmSystemLockPagesCount

Definition at line 1371 of file mi.h. Referenced by MmMapLockedPagesSpecifyCache(), and MmProbeAndLockPages().

ULONG MmSystemPageColor

Definition at line 4917 of file mi.h. Referenced by MiResolveDemandZeroFault().

ULONG MmSystemPageDirectory

Definition at line 4673 of file mi.h. Referenced by MiAllocatePoolPages(), MiBuildPagedPool(), and MiFillSystemPageDirectory().

PMMPTE MmSystemPagePtes

Definition at line 4670 of file mi.h. Referenced by MiAllocatePoolPages(), MiBuildPagedPool(), MiCheckPdeForPagedPool(), MiFillSystemPageDirectory(), and MiRemoveMappedPtes().

PFN_NUMBER MmSystemProcessWorkingSetMax

Definition at line 5150 of file mi.h. Referenced by MiInitMachineDependent().

PFN_NUMBER MmSystemProcessWorkingSetMin

Definition at line 5148 of file mi.h. Referenced by MiInitMachineDependent().

PMMPTE MmSystemPteBase

Definition at line 4806 of file mi.h. Referenced by MiAllocateSpecialPool(), MiInitializeSpecialPool(), MiInitializeSystemPtes(), MiReleaseSystemPtes(), MiReserveSystemPtes(), MiReserveSystemPtes2(), and MmFreeSpecialPool().

KSPIN_LOCK MmSystemSpaceLock

Definition at line 4893 of file mi.h.

PCHAR MmSystemSpaceViewStart

Definition at line 4628 of file mi.h.

ERESOURCE MmSystemWsLock

Definition at line 4887 of file mi.h. Referenced by MiEmptyWorkingSet(), MmInitSystem(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

SIZE_T MmTotalCommitLimit

Definition at line 5108 of file mi.h.

SIZE_T MmTotalCommitLimitMaximum

Definition at line 3984 of file mi.h.

SIZE_T MmTotalCommittedPages

Definition at line 5106 of file mi.h.

ULONG MmTotalFreeSystemPtes[MaximumPtePoolTypes]

Definition at line 4666 of file mi.h.

LOGICAL MmTrackLockedPages

Definition at line 2675 of file mi.h.

LOGICAL MmTrackPtes

Definition at line 4079 of file mi.h.

LARGE_INTEGER MmTwentySeconds

Definition at line 214 of file mi.h. Referenced by MiIssuePageExtendRequest(), and MmShutdownSystem().

KEVENT MmUnusedSegmentCleanup

Definition at line 4948 of file mi.h. Referenced by MiAllocatePoolPages(), MiCheckControlArea(), MiDereferenceSegmentThread(), MiSectionInitialization(), and MmResourcesAvailable().

ULONG MmUnusedSegmentCount

Definition at line 4966 of file mi.h. Referenced by MiRemoveUnusedSegments().

LIST_ENTRY MmUnusedSegmentList

Definition at line 4946 of file mi.h. Referenced by MiAllocatePoolPages(), MiCheckControlArea(), MiRemoveUnusedSegments(), MiSectionInitialization(), and MmResourcesAvailable().

SIZE_T MmUnusedSegmentNonPagedPoolReduction

Definition at line 4962 of file mi.h. Referenced by MiRemoveUnusedSegments(), and MmInitSystem().

SIZE_T MmUnusedSegmentNonPagedPoolUsage

Definition at line 4959 of file mi.h. Referenced by MiCheckControlArea(), and MiRemoveUnusedSegments().

SIZE_T MmUnusedSegmentPagedPoolReduction

Definition at line 4955 of file mi.h. Referenced by MiRemoveUnusedSegments(), and MmInitSystem().

SIZE_T MmUnusedSegmentPagedPoolUsage

Definition at line 4952 of file mi.h. Referenced by MiCheckControlArea(), and MiRemoveUnusedSegments().

ULONG MmUnusedSegmentTrimLevel

Definition at line 4964 of file mi.h.

MM_DRIVER_VERIFIER_DATA MmVerifierData

Definition at line 4197 of file mi.h.

WCHAR MmVerifyDriverBuffer[]

Definition at line 4070 of file mi.h.

ULONG MmVerifyDriverBufferLength

Definition at line 4071 of file mi.h.

ULONG MmVerifyDriverLevel

Definition at line 4072 of file mi.h.

PMMVAD MmVirtualAddressDescriptorRoot

Definition at line 4817 of file mi.h.

MMWORKING_SET_EXPANSION_HEAD MmWorkingSetExpansionHead

Definition at line 5071 of file mi.h. Referenced by MiEmptyAllWorkingSetsWorker(), MiInitializeSystemCache(), MiRearrangeWorkingSetExpansionList(), MiSessionAddProcess(), MmAllowWorkingSetExpansion(), MmInitSystem(), MmInSwapProcess(), MmTrimAllSystemPagableMemory(), and MmWorkingSetManager().

PMMWSL MmWorkingSetList

Definition at line 442 of file miglobal.c. Referenced by MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDecommitPages(), MiDeleteAddressesInWorkingSet(), MiDeletePte(), MiEmptyAllWorkingSetsWorker(), MiGetPageProtection(), MiGetWorkingSetInfo(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiInsertVad(), MiInsertWsle(), MiMapImageHeaderInHyperSpace(), MiReturnPageTablePageCommitment(), MiSetProtectionOnSection(), MiUnmapImageHeaderInHyperSpace(), MmAccessFault(), MmCleanProcessAddressSpace(), MmCreateProcessAddressSpace(), MmInitializeProcessAddressSpace(), MmInSwapProcess(), MmOutSwapProcess(), MmSetMemoryPriorityProcess(), MmWorkingSetManager(), NtLockVirtualMemory(), NtUnlockVirtualMemory(), and PspCreateProcess().

LARGE_INTEGER MmWorkingSetProtectionTime

Definition at line 212 of file mi.h. Referenced by MiCheckProcessTrimCriteria().

PFN_NUMBER MmWorkingSetSizeExpansion

Definition at line 4533 of file mi.h. Referenced by MiDoReplacement().

PFN_NUMBER MmWorkingSetSizeIncrement

Definition at line 4527 of file mi.h. Referenced by MiDoReplacement().

PFN_NUMBER MmWsAdjustThreshold

Definition at line 4540 of file mi.h. Referenced by MiDoReplacement().

PFN_NUMBER MmWsExpandThreshold

Definition at line 4547 of file mi.h. Referenced by MiDoReplacement().

PMMWSLE MmWsle

Definition at line 444 of file miglobal.c. Referenced by MiAddValidPageToWorkingSet(), MiCloneProcessAddressSpace(), MiCopyOnWrite(), MiDecommitPages(), MiDeleteAddressesInWorkingSet(), MiDeletePte(), MiEliminateWorkingSetEntry(), MiGetPageProtection(), MiGetWorkingSetInfo(), MiInitializeCopyOnWritePfn(), MiInitializeWorkingSetList(), MiInitMachineDependent(), MiSetProtectionOnSection(), MiUpdateWsle(), MmCleanProcessAddressSpace(), NtLockVirtualMemory(), and NtUnlockVirtualMemory().

PFN_NUMBER MmWsTrimReductionGoal

Definition at line 4553 of file mi.h.

MMPFNLIST MmZeroedPageListHead

Definition at line 4559 of file mi.h.

KEVENT MmZeroingPageEvent

Definition at line 4589 of file mi.h. Referenced by MiInsertPageInList(), MmInitSystem(), and MmZeroPageThread().

BOOLEAN MmZeroingPageThreadActive

Definition at line 4598 of file mi.h. Referenced by MiInsertPageInList(), MmInitSystem(), and MmZeroPageThread().

MMPTE NoAccessPte

Definition at line 4432 of file mi.h.

MMPTE PrototypePte

Definition at line 4430 of file mi.h.

MMPTE TransitionPde

Definition at line 4428 of file mi.h.

MMPTE ValidKernelPde

Definition at line 4412 of file mi.h.

MMPTE ValidKernelPdeLocal

Definition at line 4414 of file mi.h.

MMPTE ValidKernelPte

Definition at line 4410 of file mi.h.

MMPTE ValidKernelPteLocal

Definition at line 4408 of file mi.h.

MMPTE ValidPdePde

Definition at line 4420 of file mi.h.

MMPTE ValidPtePte

Definition at line 4418 of file mi.h.

MMPTE ValidUserPte

Definition at line 4416 of file mi.h.

PRTL_BITMAP VerifierLargePagedPoolMap

Definition at line 4734 of file mi.h. Referenced by MiAllocatePoolPages(), MiBuildPagedPool(), and MiFreePoolPages().

MMPTE ZeroKernelPte

Definition at line 4406 of file mi.h.

MMPTE ZeroPte

Definition at line 4404 of file mi.h.

---