BOOLEAN
MmCreateProcessAddressSpace (
IN ULONG MinimumWorkingSetSize,
IN PEPROCESS NewProcess,
OUT PULONG_PTR DirectoryTableBase
)
/*++
Routine Description:
This routine creates an address space which maps the system
portion and contains a hyper space entry.
Arguments:
MinimumWorkingSetSize - Supplies the minimum working set size for
this address space. This value is only used
to ensure that ample physical pages exist
to create this process.
NewProcess - Supplies a pointer to the process object being created.
DirectoryTableBase - Returns the value of the newly created
address space's Page Directory (PD) page and
hyper space page.
Return Value:
Returns TRUE if an address space was successfully created, FALSE
if ample physical pages do not exist.
Environment:
Kernel mode. APCs Disabled.
--*/
{
LOGICAL FlushTbNeeded;
PFN_NUMBER PageDirectoryIndex;
PFN_NUMBER HyperSpaceIndex;
PFN_NUMBER PageContainingWorkingSet;
PFN_NUMBER VadBitMapPage;
MMPTE TempPte;
MMPTE TempPte2;
PEPROCESS CurrentProcess;
KIRQL OldIrql;
PMMPFN Pfn1;
ULONG Color;
PMMPTE PointerPte;
ULONG PdeOffset;
PMMPTE MappingPte;
PMMPTE PointerFillPte;
PMMPTE CurrentAddressSpacePde;
//
// Charge commitment for the page directory pages, working set page table
// page, and working set list. If Vad bitmap lookups are enabled, then
// charge for a page or two for that as well.
//
if (MiChargeCommitment (MM_PROCESS_COMMIT_CHARGE, NULL) == FALSE) {
return FALSE;
}
FlushTbNeeded = FALSE;
CurrentProcess = PsGetCurrentProcess ();
NewProcess->NextPageColor = (USHORT) (RtlRandom (&MmProcessColorSeed));
KeInitializeSpinLock (&NewProcess->HyperSpaceLock);
//
// Get the PFN lock to get physical pages.
//
LOCK_PFN (OldIrql);
//
// Check to make sure the physical pages are available.
//
if (MI_NONPAGEABLE_MEMORY_AVAILABLE() <= (SPFN_NUMBER)MinimumWorkingSetSize){
UNLOCK_PFN (OldIrql);
MiReturnCommitment (MM_PROCESS_COMMIT_CHARGE);
//
// Indicate no directory base was allocated.
//
return FALSE;
}
MM_TRACK_COMMIT (MM_DBG_COMMIT_PROCESS_CREATE, MM_PROCESS_COMMIT_CHARGE);
MI_DECREMENT_RESIDENT_AVAILABLE (MinimumWorkingSetSize,
MM_RESAVAIL_ALLOCATE_CREATE_PROCESS);
//
// Allocate a page directory page.
//
if (MmAvailablePages < MM_HIGH_LIMIT) {
MiEnsureAvailablePageOrWait (NULL, OldIrql);
}
Color = MI_PAGE_COLOR_PTE_PROCESS (PDE_BASE,
&CurrentProcess->NextPageColor);
PageDirectoryIndex = MiRemoveZeroPageMayReleaseLocks (Color, OldIrql);
Pfn1 = MI_PFN_ELEMENT (PageDirectoryIndex);
if (Pfn1->u3.e1.CacheAttribute != MiCached) {
Pfn1->u3.e1.CacheAttribute = MiCached;
FlushTbNeeded = TRUE;
}
//
// Allocate the hyper space page table page.
//
if (MmAvailablePages < MM_HIGH_LIMIT) {
MiEnsureAvailablePageOrWait (NULL, OldIrql);
}
Color = MI_PAGE_COLOR_PTE_PROCESS (MiGetPdeAddress(HYPER_SPACE),
&CurrentProcess->NextPageColor);
HyperSpaceIndex = MiRemoveZeroPageMayReleaseLocks (Color, OldIrql);
Pfn1 = MI_PFN_ELEMENT (HyperSpaceIndex);
if (Pfn1->u3.e1.CacheAttribute != MiCached) {
Pfn1->u3.e1.CacheAttribute = MiCached;
FlushTbNeeded = TRUE;
}
//
// Remove page(s) for the VAD bitmap.
//
if (MmAvailablePages < MM_HIGH_LIMIT) {
MiEnsureAvailablePageOrWait (NULL, OldIrql);
}
Color = MI_PAGE_COLOR_VA_PROCESS (MmWorkingSetList,
&CurrentProcess->NextPageColor);
VadBitMapPage = MiRemoveZeroPageMayReleaseLocks (Color, OldIrql);
Pfn1 = MI_PFN_ELEMENT (VadBitMapPage);
if (Pfn1->u3.e1.CacheAttribute != MiCached) {
Pfn1->u3.e1.CacheAttribute = MiCached;
FlushTbNeeded = TRUE;
}
//
// Remove a page for the working set list.
//
if (MmAvailablePages < MM_HIGH_LIMIT) {
MiEnsureAvailablePageOrWait (NULL, OldIrql);
}
Color = MI_PAGE_COLOR_VA_PROCESS (MmWorkingSetList,
&CurrentProcess->NextPageColor);
PageContainingWorkingSet = MiRemoveZeroPageMayReleaseLocks (Color, OldIrql);
Pfn1 = MI_PFN_ELEMENT (PageContainingWorkingSet);
if (Pfn1->u3.e1.CacheAttribute != MiCached) {
Pfn1->u3.e1.CacheAttribute = MiCached;
FlushTbNeeded = TRUE;
}
UNLOCK_PFN (OldIrql);
if (FlushTbNeeded == TRUE) {
MI_FLUSH_TB_FOR_CACHED_ATTRIBUTE ();
}
ASSERT (NewProcess->AddressSpaceInitialized == 0);
PS_SET_BITS (&NewProcess->Flags, PS_PROCESS_FLAGS_ADDRESS_SPACE1);
ASSERT (NewProcess->AddressSpaceInitialized == 1);
NewProcess->Vm.MinimumWorkingSetSize = MinimumWorkingSetSize;
NewProcess->WorkingSetPage = PageContainingWorkingSet;
INITIALIZE_DIRECTORY_TABLE_BASE (&DirectoryTableBase[0], PageDirectoryIndex);
INITIALIZE_DIRECTORY_TABLE_BASE (&DirectoryTableBase[1], HyperSpaceIndex);
//
// Initialize the page reserved for hyper space.
//
TempPte = ValidPdePde;
MI_SET_GLOBAL_STATE (TempPte, 0);
MappingPte = MiReserveSystemPtes (1, SystemPteSpace);
if (MappingPte != NULL) {
MI_MAKE_VALID_KERNEL_PTE (TempPte2,
HyperSpaceIndex,
MM_READWRITE,
MappingPte);
MI_SET_PTE_DIRTY (TempPte2);
MI_WRITE_VALID_PTE (MappingPte, TempPte2);
PointerPte = MiGetVirtualAddressMappedByPte (MappingPte);
}
else {
PointerPte = MiMapPageInHyperSpace (CurrentProcess, HyperSpaceIndex, &OldIrql);
}
TempPte.u.Hard.PageFrameNumber = VadBitMapPage;
PointerPte[MiGetPteOffset(VAD_BITMAP_SPACE)] = TempPte;
TempPte.u.Hard.PageFrameNumber = PageContainingWorkingSet;
PointerPte[MiGetPteOffset(MmWorkingSetList)] = TempPte;
if (MappingPte != NULL) {
MiReleaseSystemPtes (MappingPte, 1, SystemPteSpace);
}
else {
MiUnmapPageInHyperSpace (CurrentProcess, PointerPte, OldIrql);
}
//
// Set the PTE address in the PFN for the page directory page.
//
Pfn1 = MI_PFN_ELEMENT (PageDirectoryIndex);
Pfn1->PteAddress = (PMMPTE)PDE_BASE;
TempPte = ValidPdePde;
TempPte.u.Hard.PageFrameNumber = HyperSpaceIndex;
MI_SET_GLOBAL_STATE (TempPte, 0);
//
// Add the new process to our internal list prior to filling any
// system PDEs so if a system PDE changes (large page map or unmap)
// it can mark this process for a subsequent update.
//
ASSERT (NewProcess->Pcb.DirectoryTableBase[0] == 0);
LOCK_EXPANSION (OldIrql);
InsertTailList (&MmProcessList, &NewProcess->MmProcessLinks);
UNLOCK_EXPANSION (OldIrql);
//
// Map the page directory page in hyperspace.
//
MappingPte = MiReserveSystemPtes (1, SystemPteSpace);
if (MappingPte != NULL) {
MI_MAKE_VALID_KERNEL_PTE (TempPte2,
PageDirectoryIndex,
MM_READWRITE,
MappingPte);
MI_SET_PTE_DIRTY (TempPte2);
MI_WRITE_VALID_PTE (MappingPte, TempPte2);
PointerPte = MiGetVirtualAddressMappedByPte (MappingPte);
}
else {
PointerPte = MiMapPageInHyperSpace (CurrentProcess, PageDirectoryIndex, &OldIrql);
}
PdeOffset = MiGetPdeOffset (MmSystemRangeStart);
PointerFillPte = &PointerPte[PdeOffset];
CurrentAddressSpacePde = MiGetPdeAddress (MmSystemRangeStart);
RtlCopyMemory (PointerFillPte,
CurrentAddressSpacePde,
PAGE_SIZE - PdeOffset * sizeof (MMPTE));
//
// Map the working set page table page.
//
PdeOffset = MiGetPdeOffset (HYPER_SPACE);
PointerPte[PdeOffset] = TempPte;
//
// Zero the remaining page directory range used to map the working
// set list and its hash.
//
PdeOffset += 1;
ASSERT (MiGetPdeOffset (MmHyperSpaceEnd) >= PdeOffset);
MiZeroMemoryPte (&PointerPte[PdeOffset],
(MiGetPdeOffset (MmHyperSpaceEnd) - PdeOffset + 1));
//
// Recursively map the page directory page so it points to itself.
//
TempPte.u.Hard.PageFrameNumber = PageDirectoryIndex;
PointerPte[MiGetPdeOffset(PTE_BASE)] = TempPte;
if (MappingPte != NULL) {
MiReleaseSystemPtes (MappingPte, 1, SystemPteSpace);
}
else {
MiUnmapPageInHyperSpace (CurrentProcess, PointerPte, OldIrql);
}
InterlockedExchangeAddSizeT (&MmProcessCommit, MM_PROCESS_COMMIT_CHARGE);
//
// Up the session space reference count.
//
MiSessionAddProcess (NewProcess);
return TRUE;
}
NTSTATUS
NtFreeVirtualMemory(
__in HANDLE ProcessHandle,
__inout PVOID *BaseAddress,
__inout PSIZE_T RegionSize,
__in ULONG FreeType
)
/*++
Routine Description:
This function deletes a region of pages within the virtual address
space of a subject process.
Arguments:
ProcessHandle - An open handle to a process object.
BaseAddress - The base address of the region of pages
to be freed. This value is rounded down to the
next host page address boundary.
RegionSize - A pointer to a variable that will receive
the actual size in bytes of the freed region of
pages. The initial value of this argument is
rounded up to the next host page size boundary.
FreeType - A set of flags that describe the type of
free that is to be performed for the specified
region of pages.
FreeType Flags
MEM_DECOMMIT - The specified region of pages is to be decommitted.
MEM_RELEASE - The specified region of pages is to be released.
Return Value:
NTSTATUS.
--*/
{
KAPC_STATE ApcState;
PMMVAD_SHORT Vad;
PMMVAD_SHORT NewVad;
PMMVAD PreviousVad;
PMMVAD NextVad;
PMMVAD ChargedVad;
PEPROCESS Process;
KPROCESSOR_MODE PreviousMode;
PVOID StartingAddress;
PVOID EndingAddress;
NTSTATUS Status;
LOGICAL Attached;
SIZE_T CapturedRegionSize;
PVOID CapturedBase;
PMMPTE StartingPte;
PMMPTE EndingPte;
SIZE_T OldQuota;
SIZE_T QuotaCharge;
SIZE_T CommitReduction;
LOGICAL UserPhysicalPages;
PETHREAD CurrentThread;
PEPROCESS CurrentProcess;
PAGED_CODE();
//
// Check to make sure FreeType is good.
//
if ((FreeType & ~(MEM_DECOMMIT | MEM_RELEASE)) != 0) {
return STATUS_INVALID_PARAMETER_4;
}
//
// One of MEM_DECOMMIT or MEM_RELEASE must be specified, but not both.
//
if (((FreeType & (MEM_DECOMMIT | MEM_RELEASE)) == 0) ||
((FreeType & (MEM_DECOMMIT | MEM_RELEASE)) ==
(MEM_DECOMMIT | MEM_RELEASE))) {
return STATUS_INVALID_PARAMETER_4;
}
CurrentThread = PsGetCurrentThread ();
CurrentProcess = PsGetCurrentProcessByThread (CurrentThread);
PreviousMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
//
// Establish an exception handler, probe the specified addresses
// for write access and capture the initial values.
//
try {
if (PreviousMode != KernelMode) {
ProbeForWritePointer (BaseAddress);
ProbeForWriteUlong_ptr (RegionSize);
}
//
// Capture the base address.
//
CapturedBase = *BaseAddress;
//
// Capture the region size.
//
CapturedRegionSize = *RegionSize;
}
except (ExSystemExceptionFilter ()) {
//
// If an exception occurs during the probe or capture
// of the initial values, then handle the exception and
// return the exception code as the status value.
//
return GetExceptionCode ();
}
//
// Make sure the specified starting and ending addresses are
// within the user part of the virtual address space.
//
if (CapturedBase > MM_HIGHEST_USER_ADDRESS) {
//
// Invalid base address.
//
return STATUS_INVALID_PARAMETER_2;
}
if ((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (ULONG_PTR)CapturedBase <
CapturedRegionSize) {
//
// Invalid region size;
//
return STATUS_INVALID_PARAMETER_3;
}
EndingAddress = (PVOID)(((LONG_PTR)CapturedBase + CapturedRegionSize - 1) |
(PAGE_SIZE - 1));
StartingAddress = PAGE_ALIGN(CapturedBase);
Attached = FALSE;
if (ProcessHandle == NtCurrentProcess()) {
Process = CurrentProcess;
}
else {
//
// Reference the specified process handle for VM_OPERATION access.
//
Status = ObReferenceObjectByHandle (ProcessHandle,
PROCESS_VM_OPERATION,
PsProcessType,
PreviousMode,
(PVOID *)&Process,
NULL);
if (!NT_SUCCESS(Status)) {
return Status;
}
//
// If the specified process is not the current process, attach
// to the specified process.
//
if (CurrentProcess != Process) {
KeStackAttachProcess (&Process->Pcb, &ApcState);
Attached = TRUE;
}
}
CommitReduction = 0;
//
// Get the address creation mutex to block multiple threads from
// creating or deleting address space at the same time and
// get the working set mutex so virtual address descriptors can
// be inserted and walked. Block APCs to prevent page faults while
// we own the working set mutex.
//
LOCK_ADDRESS_SPACE (Process);
//
// Make sure the address space was not deleted.
//
if (Process->Flags & PS_PROCESS_FLAGS_VM_DELETED) {
Status = STATUS_PROCESS_IS_TERMINATING;
goto ErrorReturn;
}
Vad = (PMMVAD_SHORT) MiLocateAddress (StartingAddress);
if (Vad == NULL) {
//
// No Virtual Address Descriptor located for Base Address.
//
Status = STATUS_MEMORY_NOT_ALLOCATED;
goto ErrorReturn;
}
//
// Found the associated Virtual Address Descriptor.
//
if (Vad->EndingVpn < MI_VA_TO_VPN (EndingAddress)) {
//
// The entire range to delete is not contained within a single
// virtual address descriptor. Return an error.
//
Status = STATUS_UNABLE_TO_FREE_VM;
goto ErrorReturn;
}
//
// Check to ensure this Vad is deletable. Delete is required
// for both decommit and release.
//
if (((Vad->u.VadFlags.PrivateMemory == 0) &&
(Vad->u.VadFlags.VadType != VadRotatePhysical))
||
(Vad->u.VadFlags.VadType == VadDevicePhysicalMemory)) {
Status = STATUS_UNABLE_TO_DELETE_SECTION;
goto ErrorReturn;
}
if (Vad->u.VadFlags.NoChange == 1) {
//
// An attempt is being made to delete a secured VAD, check
// to see if this deletion is allowed.
//
if (FreeType & MEM_RELEASE) {
//
// Specify the whole range, this solves the problem with
// splitting the VAD and trying to decide where the various
// secure ranges need to go.
//
Status = MiCheckSecuredVad ((PMMVAD)Vad,
MI_VPN_TO_VA (Vad->StartingVpn),
((Vad->EndingVpn - Vad->StartingVpn) << PAGE_SHIFT) +
PAGE_SIZE,
MM_SECURE_DELETE_CHECK);
}
else {
Status = MiCheckSecuredVad ((PMMVAD)Vad,
CapturedBase,
CapturedRegionSize,
MM_SECURE_DELETE_CHECK);
}
if (!NT_SUCCESS (Status)) {
goto ErrorReturn;
}
}
UserPhysicalPages = FALSE;
ChargedVad = NULL;
PreviousVad = MiGetPreviousVad (Vad);
NextVad = MiGetNextVad (Vad);
if (FreeType & MEM_RELEASE) {
//
// *****************************************************************
// MEM_RELEASE was specified.
// *****************************************************************
//
//
// The descriptor for the address range is deletable. Remove or split
// the descriptor.
//
//
// If the region size is zero, remove the whole VAD.
//
if (CapturedRegionSize == 0) {
//
// If the region size is specified as 0, the base address
// must be the starting address for the region.
//
if (MI_VA_TO_VPN (CapturedBase) != Vad->StartingVpn) {
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
//
// This Virtual Address Descriptor has been deleted.
//
StartingAddress = MI_VPN_TO_VA (Vad->StartingVpn);
EndingAddress = MI_VPN_TO_VA_ENDING (Vad->EndingVpn);
if (Vad->u.VadFlags.VadType == VadRotatePhysical) {
Status = MiUnmapViewOfSection (Process,
CapturedBase,
UNMAP_ADDRESS_SPACE_HELD | UNMAP_ROTATE_PHYSICAL_OK);
ASSERT (CommitReduction == 0);
Vad = NULL;
CapturedRegionSize = 1 + (PCHAR)EndingAddress - (PCHAR)StartingAddress;
goto AllDone;
}
//
// Free all the physical pages that this VAD might be mapping.
//
if (Vad->u.VadFlags.VadType == VadLargePages) {
MiAweViewRemover (Process, (PMMVAD)Vad);
MiReleasePhysicalCharges (Vad->EndingVpn - Vad->StartingVpn + 1,
Process);
LOCK_WS_UNSAFE (CurrentThread, Process);
MiFreeLargePages (MI_VPN_TO_VA (Vad->StartingVpn),
MI_VPN_TO_VA_ENDING (Vad->EndingVpn),
FALSE);
}
else if (Vad->u.VadFlags.VadType == VadAwe) {
MiAweViewRemover (Process, (PMMVAD)Vad);
MiRemoveUserPhysicalPagesVad (Vad);
UserPhysicalPages = TRUE;
LOCK_WS_UNSAFE (CurrentThread, Process);
}
else if (Vad->u.VadFlags.VadType == VadWriteWatch) {
LOCK_WS_UNSAFE (CurrentThread, Process);
MiPhysicalViewRemover (Process, (PMMVAD)Vad);
}
else {
LOCK_WS_UNSAFE (CurrentThread, Process);
}
ChargedVad = (PMMVAD)Vad;
MiRemoveVad ((PMMVAD)Vad, Process);
//
// Free the VAD pool and release quota after releasing our mutexes
// to reduce contention.
//
}
else {
//
// Region's size was not specified as zero, delete the
// whole VAD or split the VAD.
//
if (MI_VA_TO_VPN (StartingAddress) == Vad->StartingVpn) {
if (MI_VA_TO_VPN (EndingAddress) == Vad->EndingVpn) {
//
// This Virtual Address Descriptor has been deleted.
//
// Free all the physical pages that this VAD might be
// mapping.
//
if (Vad->u.VadFlags.VadType == VadRotatePhysical) {
Status = MiUnmapViewOfSection (Process,
CapturedBase,
UNMAP_ADDRESS_SPACE_HELD | UNMAP_ROTATE_PHYSICAL_OK);
ASSERT (CommitReduction == 0);
Vad = NULL;
CapturedRegionSize = 1 + (PCHAR)EndingAddress - (PCHAR)StartingAddress;
goto AllDone;
}
if (Vad->u.VadFlags.VadType == VadLargePages) {
MiAweViewRemover (Process, (PMMVAD)Vad);
MiReleasePhysicalCharges (Vad->EndingVpn - Vad->StartingVpn + 1,
Process);
LOCK_WS_UNSAFE (CurrentThread, Process);
MiFreeLargePages (MI_VPN_TO_VA (Vad->StartingVpn),
MI_VPN_TO_VA_ENDING (Vad->EndingVpn),
FALSE);
}
else if (Vad->u.VadFlags.VadType == VadAwe) {
MiAweViewRemover (Process, (PMMVAD)Vad);
MiRemoveUserPhysicalPagesVad (Vad);
UserPhysicalPages = TRUE;
LOCK_WS_UNSAFE (CurrentThread, Process);
}
else if (Vad->u.VadFlags.VadType == VadWriteWatch) {
LOCK_WS_UNSAFE (CurrentThread, Process);
MiPhysicalViewRemover (Process, (PMMVAD)Vad);
}
else {
LOCK_WS_UNSAFE (CurrentThread, Process);
}
ChargedVad = (PMMVAD)Vad;
MiRemoveVad ((PMMVAD)Vad, Process);
//
// Free the VAD pool after releasing our mutexes
// to reduce contention.
//
}
else {
if ((Vad->u.VadFlags.VadType == VadAwe) ||
(Vad->u.VadFlags.VadType == VadLargePages) ||
(Vad->u.VadFlags.VadType == VadRotatePhysical) ||
(Vad->u.VadFlags.VadType == VadWriteWatch)) {
//
// Splitting or chopping a physical VAD, large page VAD
// or a write-watch VAD is not allowed.
//
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
LOCK_WS_UNSAFE (CurrentThread, Process);
//
// This Virtual Address Descriptor has a new starting
// address.
//
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process);
Vad->StartingVpn = MI_VA_TO_VPN ((PCHAR)EndingAddress + 1);
Vad->u.VadFlags.CommitCharge -= CommitReduction;
ASSERT ((SSIZE_T)Vad->u.VadFlags.CommitCharge >= 0);
NextVad = (PMMVAD)Vad;
Vad = NULL;
}
}
else {
if ((Vad->u.VadFlags.VadType == VadAwe) ||
(Vad->u.VadFlags.VadType == VadLargePages) ||
(Vad->u.VadFlags.VadType == VadRotatePhysical) ||
(Vad->u.VadFlags.VadType == VadWriteWatch)) {
//
// Splitting or chopping a physical VAD, large page VAD
// or a write-watch VAD is not allowed.
//
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
//
// Starting address is greater than start of VAD.
//
if (MI_VA_TO_VPN (EndingAddress) == Vad->EndingVpn) {
//
// Change the ending address of the VAD.
//
LOCK_WS_UNSAFE (CurrentThread, Process);
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process);
Vad->u.VadFlags.CommitCharge -= CommitReduction;
Vad->EndingVpn = MI_VA_TO_VPN ((PCHAR)StartingAddress - 1);
PreviousVad = (PMMVAD)Vad;
}
else {
//
// Split this VAD as the address range is within the VAD.
//
NewVad = ExAllocatePoolWithTag (NonPagedPool,
sizeof(MMVAD_SHORT),
'FdaV');
if (NewVad == NULL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
goto ErrorReturn;
}
*NewVad = *Vad;
NewVad->StartingVpn = MI_VA_TO_VPN ((PCHAR)EndingAddress + 1);
//
// Set the commit charge to zero so MiInsertVad will
// not charge commitment for splitting the VAD.
//
NewVad->u.VadFlags.CommitCharge = 0;
//
// Insert the VAD, this could fail due to quota charges.
//
Status = MiInsertVadCharges ((PMMVAD)NewVad, Process);
if (!NT_SUCCESS(Status)) {
//
// The quota charging failed, free the new VAD
// and return an error.
//
UNLOCK_ADDRESS_SPACE (Process);
ExFreePool (NewVad);
goto ErrorReturn2;
}
LOCK_WS_UNSAFE (CurrentThread, Process);
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process);
OldQuota = Vad->u.VadFlags.CommitCharge - CommitReduction;
Vad->EndingVpn = MI_VA_TO_VPN ((PCHAR)StartingAddress - 1);
MiInsertVad ((PMMVAD)NewVad, Process);
//
// As we have split the original VAD into 2 separate VADs
// there is no way of knowing what the commit charge
// is for each VAD. Calculate the charge and reset
// each VAD. Note that we also use the previous value
// to make sure the books stay balanced.
//
QuotaCharge = MiCalculatePageCommitment (MI_VPN_TO_VA (Vad->StartingVpn),
(PCHAR)StartingAddress - 1,
(PMMVAD)Vad,
Process);
Vad->u.VadFlags.CommitCharge = QuotaCharge;
//
// Give the remaining charge to the new VAD.
//
NewVad->u.VadFlags.CommitCharge = OldQuota - QuotaCharge;
PreviousVad = (PMMVAD)Vad;
NextVad = (PMMVAD)NewVad;
}
Vad = NULL;
}
}
if (UserPhysicalPages == TRUE) {
MiDeletePageTablesForPhysicalRange (StartingAddress, EndingAddress);
}
else {
MiDeleteVirtualAddresses (StartingAddress,
EndingAddress,
NULL);
}
UNLOCK_WS_UNSAFE (CurrentThread, Process);
//
// Return commitment for page table pages if possible.
//
MiReturnPageTablePageCommitment (StartingAddress,
EndingAddress,
Process,
PreviousVad,
NextVad);
if (ChargedVad != NULL) {
MiRemoveVadCharges (ChargedVad, Process);
}
CapturedRegionSize = 1 + (PCHAR)EndingAddress - (PCHAR)StartingAddress;
//
// Update the virtual size in the process header.
//
Process->VirtualSize -= CapturedRegionSize;
Process->CommitCharge -= CommitReduction;
Status = STATUS_SUCCESS;
AllDone:
UNLOCK_ADDRESS_SPACE (Process);
if (CommitReduction != 0) {
MI_INCREMENT_TOTAL_PROCESS_COMMIT (0 - CommitReduction);
ASSERT (Vad == NULL);
PsReturnProcessPageFileQuota (Process, CommitReduction);
MiReturnCommitment (CommitReduction);
if (Process->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) {
PsChangeJobMemoryUsage (PS_JOB_STATUS_REPORT_COMMIT_CHANGES, -(SSIZE_T)CommitReduction);
}
MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_NTFREEVM1, CommitReduction);
}
else if (Vad != NULL) {
ExFreePool (Vad);
}
if (Attached == TRUE) {
KeUnstackDetachProcess (&ApcState);
}
if (ProcessHandle != NtCurrentProcess ()) {
ObDereferenceObject (Process);
}
//
// Establish an exception handler and write the size and base
// address.
//
try {
*RegionSize = CapturedRegionSize;
*BaseAddress = StartingAddress;
}
except (EXCEPTION_EXECUTE_HANDLER) {
//
// An exception occurred, don't take any action (just handle
// the exception and return success.
}
return Status;
}
//
// **************************************************************
//
// MEM_DECOMMIT was specified.
//
// **************************************************************
//
if (Vad->u.VadFlags.VadType == VadAwe) {
//
// Pages from a physical VAD must be released via
// NtFreeUserPhysicalPages, not this routine.
//
Status = STATUS_MEMORY_NOT_ALLOCATED;
goto ErrorReturn;
}
if ((Vad->u.VadFlags.VadType == VadLargePages) ||
(Vad->u.VadFlags.VadType == VadRotatePhysical)) {
//
// Pages from a large page or rotate physical VAD must be released -
// they cannot be merely decommitted.
//
Status = STATUS_MEMORY_NOT_ALLOCATED;
goto ErrorReturn;
}
//
// Check to ensure the complete range of pages is already committed.
//
if (CapturedRegionSize == 0) {
if (MI_VA_TO_VPN (CapturedBase) != Vad->StartingVpn) {
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
EndingAddress = MI_VPN_TO_VA_ENDING (Vad->EndingVpn);
}
//
// The address range is entirely committed, decommit it now.
//
//
// Calculate the initial quotas and commit charges for this VAD.
//
StartingPte = MiGetPteAddress (StartingAddress);
EndingPte = MiGetPteAddress (EndingAddress);
CommitReduction = 1 + EndingPte - StartingPte;
//
// Check to see if the entire range can be decommitted by
// just updating the virtual address descriptor.
//
CommitReduction -= MiDecommitPages (StartingAddress,
EndingPte,
Process,
Vad);
//
// Adjust the quota charges.
//
ASSERT ((LONG)CommitReduction >= 0);
Vad->u.VadFlags.CommitCharge -= CommitReduction;
ASSERT ((LONG)Vad->u.VadFlags.CommitCharge >= 0);
Vad = NULL;
Process->CommitCharge -= CommitReduction;
UNLOCK_ADDRESS_SPACE (Process);
if (CommitReduction != 0) {
MI_INCREMENT_TOTAL_PROCESS_COMMIT (0 - CommitReduction);
PsReturnProcessPageFileQuota (Process, CommitReduction);
MiReturnCommitment (CommitReduction);
if (Process->JobStatus & PS_JOB_STATUS_REPORT_COMMIT_CHANGES) {
PsChangeJobMemoryUsage (PS_JOB_STATUS_REPORT_COMMIT_CHANGES, -(SSIZE_T)CommitReduction);
}
MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_NTFREEVM2, CommitReduction);
}
else if (Vad != NULL) {
ExFreePool (Vad);
}
if (Attached == TRUE) {
KeUnstackDetachProcess (&ApcState);
}
if (ProcessHandle != NtCurrentProcess()) {
ObDereferenceObject (Process);
}
//
// Establish an exception handler and write the size and base address.
//
try {
*RegionSize = 1 + (PCHAR)EndingAddress - (PCHAR)StartingAddress;
*BaseAddress = StartingAddress;
}
except (EXCEPTION_EXECUTE_HANDLER) {
NOTHING;
}
return STATUS_SUCCESS;
ErrorReturn:
UNLOCK_ADDRESS_SPACE (Process);
ErrorReturn2:
if (Attached == TRUE) {
KeUnstackDetachProcess (&ApcState);
}
if (ProcessHandle != NtCurrentProcess()) {
ObDereferenceObject (Process);
}
return Status;
}
NTSTATUS
MmRemovePhysicalMemory (
IN PPHYSICAL_ADDRESS StartAddress,
IN OUT PLARGE_INTEGER NumberOfBytes
)
/*++
Routine Description:
This routine attempts to remove the specified physical address range
from the system.
Arguments:
StartAddress - Supplies the starting physical address.
NumberOfBytes - Supplies a pointer to the number of bytes being removed.
Return Value:
NTSTATUS.
Environment:
Kernel mode. PASSIVE level. No locks held.
--*/
{
ULONG i;
ULONG Additional;
PFN_NUMBER Page;
PFN_NUMBER LastPage;
PFN_NUMBER OriginalLastPage;
PFN_NUMBER start;
PFN_NUMBER PagesReleased;
PMMPFN Pfn1;
PMMPFN StartPfn;
PMMPFN EndPfn;
KIRQL OldIrql;
PFN_NUMBER StartPage;
PFN_NUMBER EndPage;
PFN_COUNT NumberOfPages;
SPFN_NUMBER MaxPages;
PFN_NUMBER PageFrameIndex;
PFN_NUMBER RemovedPages;
LOGICAL Inserted;
NTSTATUS Status;
PMMPTE PointerPte;
PMMPTE EndPte;
PVOID VirtualAddress;
PPHYSICAL_MEMORY_DESCRIPTOR OldPhysicalMemoryBlock;
PPHYSICAL_MEMORY_DESCRIPTOR NewPhysicalMemoryBlock;
PPHYSICAL_MEMORY_RUN NewRun;
LOGICAL PfnDatabaseIsPhysical;
ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
ASSERT (BYTE_OFFSET(NumberOfBytes->LowPart) == 0);
ASSERT (BYTE_OFFSET(StartAddress->LowPart) == 0);
if (MI_IS_PHYSICAL_ADDRESS(MmPfnDatabase)) {
//
// The system must be configured for dynamic memory addition. This is
// not strictly required to remove the memory, but it's better to check
// for it now under the assumption that the administrator is probably
// going to want to add this range of memory back in - better to give
// the error now and refuse the removal than to refuse the addition
// later.
//
if (MmDynamicPfn == FALSE) {
return STATUS_NOT_SUPPORTED;
}
PfnDatabaseIsPhysical = TRUE;
}
else {
PfnDatabaseIsPhysical = FALSE;
}
StartPage = (PFN_NUMBER)(StartAddress->QuadPart >> PAGE_SHIFT);
NumberOfPages = (PFN_COUNT)(NumberOfBytes->QuadPart >> PAGE_SHIFT);
EndPage = StartPage + NumberOfPages;
if (EndPage - 1 > MmHighestPossiblePhysicalPage) {
//
// Truncate the request into something that can be mapped by the PFN
// database.
//
EndPage = MmHighestPossiblePhysicalPage + 1;
NumberOfPages = (PFN_COUNT)(EndPage - StartPage);
}
//
// The range cannot wrap.
//
if (StartPage >= EndPage) {
return STATUS_INVALID_PARAMETER_1;
}
StartPfn = MI_PFN_ELEMENT (StartPage);
EndPfn = MI_PFN_ELEMENT (EndPage);
ExAcquireFastMutex (&MmDynamicMemoryMutex);
#if DBG
MiDynmemData[0] += 1;
#endif
//
// Decrease all commit limits to reflect the removed memory.
//
ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql);
ASSERT (MmTotalCommitLimit <= MmTotalCommitLimitMaximum);
if ((NumberOfPages + 100 > MmTotalCommitLimit - MmTotalCommittedPages) ||
(MmTotalCommittedPages > MmTotalCommitLimit)) {
#if DBG
MiDynmemData[1] += 1;
#endif
ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql);
ExReleaseFastMutex (&MmDynamicMemoryMutex);
return STATUS_INSUFFICIENT_RESOURCES;
}
MmTotalCommitLimit -= NumberOfPages;
MmTotalCommitLimitMaximum -= NumberOfPages;
ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql);
//
// Check for outstanding promises that cannot be broken.
//
LOCK_PFN (OldIrql);
MaxPages = MI_NONPAGABLE_MEMORY_AVAILABLE() - 100;
if ((SPFN_NUMBER)NumberOfPages > MaxPages) {
#if DBG
MiDynmemData[2] += 1;
#endif
UNLOCK_PFN (OldIrql);
Status = STATUS_INSUFFICIENT_RESOURCES;
goto giveup2;
}
MmResidentAvailablePages -= NumberOfPages;
MmNumberOfPhysicalPages -= NumberOfPages;
//
// The range must be contained in a single entry. It is permissible for
// it to be part of a single entry, but it must not cross multiple entries.
//
Additional = (ULONG)-2;
start = 0;
do {
Page = MmPhysicalMemoryBlock->Run[start].BasePage;
LastPage = Page + MmPhysicalMemoryBlock->Run[start].PageCount;
if ((StartPage >= Page) && (EndPage <= LastPage)) {
if ((StartPage == Page) && (EndPage == LastPage)) {
Additional = (ULONG)-1;
}
else if ((StartPage == Page) || (EndPage == LastPage)) {
Additional = 0;
}
else {
Additional = 1;
}
break;
}
start += 1;
} while (start != MmPhysicalMemoryBlock->NumberOfRuns);
if (Additional == (ULONG)-2) {
#if DBG
MiDynmemData[3] += 1;
#endif
MmResidentAvailablePages += NumberOfPages;
MmNumberOfPhysicalPages += NumberOfPages;
UNLOCK_PFN (OldIrql);
Status = STATUS_CONFLICTING_ADDRESSES;
goto giveup2;
}
for (Pfn1 = StartPfn; Pfn1 < EndPfn; Pfn1 += 1) {
Pfn1->u3.e1.RemovalRequested = 1;
}
//
// The free and zero lists must be pruned now before releasing the PFN
// lock otherwise if another thread allocates the page from these lists,
// the allocation will clear the RemovalRequested flag forever.
//
RemovedPages = MiRemovePhysicalPages (StartPage, EndPage);
if (RemovedPages != NumberOfPages) {
#if DBG
retry:
#endif
Pfn1 = StartPfn;
InterlockedIncrement (&MiDelayPageFaults);
for (i = 0; i < 5; i += 1) {
UNLOCK_PFN (OldIrql);
//
// Attempt to move pages to the standby list. Note that only the
// pages with RemovalRequested set are moved.
//
MiTrimRemovalPagesOnly = TRUE;
MiEmptyAllWorkingSets ();
MiTrimRemovalPagesOnly = FALSE;
MiFlushAllPages ();
KeDelayExecutionThread (KernelMode, FALSE, &MmHalfSecond);
LOCK_PFN (OldIrql);
RemovedPages += MiRemovePhysicalPages (StartPage, EndPage);
if (RemovedPages == NumberOfPages) {
break;
}
//
// RemovedPages doesn't include pages that were freed directly to
// the bad page list via MiDecrementReferenceCount. So use the above
// check purely as an optimization - and walk here when necessary.
//
for ( ; Pfn1 < EndPfn; Pfn1 += 1) {
if (Pfn1->u3.e1.PageLocation != BadPageList) {
break;
}
}
if (Pfn1 == EndPfn) {
RemovedPages = NumberOfPages;
break;
}
}
InterlockedDecrement (&MiDelayPageFaults);
}
if (RemovedPages != NumberOfPages) {
#if DBG
MiDynmemData[4] += 1;
if (MiShowStuckPages != 0) {
RemovedPages = 0;
for (Pfn1 = StartPfn; Pfn1 < EndPfn; Pfn1 += 1) {
if (Pfn1->u3.e1.PageLocation != BadPageList) {
RemovedPages += 1;
}
}
ASSERT (RemovedPages != 0);
DbgPrint("MmRemovePhysicalMemory : could not get %d of %d pages\n",
RemovedPages, NumberOfPages);
if (MiShowStuckPages & 0x2) {
ULONG PfnsPrinted;
ULONG EnoughShown;
PMMPFN FirstPfn;
PFN_COUNT PfnCount;
PfnCount = 0;
PfnsPrinted = 0;
EnoughShown = 100;
if (MiShowStuckPages & 0x4) {
EnoughShown = (ULONG)-1;
}
DbgPrint("Stuck PFN list: ");
for (Pfn1 = StartPfn; Pfn1 < EndPfn; Pfn1 += 1) {
if (Pfn1->u3.e1.PageLocation != BadPageList) {
if (PfnCount == 0) {
FirstPfn = Pfn1;
}
PfnCount += 1;
}
else {
if (PfnCount != 0) {
DbgPrint("%x -> %x ; ", FirstPfn - MmPfnDatabase,
(FirstPfn - MmPfnDatabase) + PfnCount - 1);
PfnsPrinted += 1;
if (PfnsPrinted == EnoughShown) {
break;
}
PfnCount = 0;
}
}
}
if (PfnCount != 0) {
DbgPrint("%x -> %x ; ", FirstPfn - MmPfnDatabase,
(FirstPfn - MmPfnDatabase) + PfnCount - 1);
}
DbgPrint("\n");
}
if (MiShowStuckPages & 0x8) {
DbgBreakPoint ();
}
if (MiShowStuckPages & 0x10) {
goto retry;
}
}
#endif
UNLOCK_PFN (OldIrql);
Status = STATUS_NO_MEMORY;
goto giveup;
}
#if DBG
for (Pfn1 = StartPfn; Pfn1 < EndPfn; Pfn1 += 1) {
ASSERT (Pfn1->u3.e1.PageLocation == BadPageList);
}
#endif
//
// All the pages in the range have been removed. Update the physical
// memory blocks and other associated housekeeping.
//
if (Additional == 0) {
//
// The range can be split off from an end of an existing chunk so no
// pool growth or shrinkage is required.
//
NewPhysicalMemoryBlock = MmPhysicalMemoryBlock;
OldPhysicalMemoryBlock = NULL;
}
else {
//
// The range cannot be split off from an end of an existing chunk so
// pool growth or shrinkage is required.
//
UNLOCK_PFN (OldIrql);
i = (sizeof(PHYSICAL_MEMORY_DESCRIPTOR) +
(sizeof(PHYSICAL_MEMORY_RUN) * (MmPhysicalMemoryBlock->NumberOfRuns + Additional)));
NewPhysicalMemoryBlock = ExAllocatePoolWithTag (NonPagedPool,
i,
' mM');
if (NewPhysicalMemoryBlock == NULL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
#if DBG
MiDynmemData[5] += 1;
#endif
goto giveup;
}
OldPhysicalMemoryBlock = MmPhysicalMemoryBlock;
RtlZeroMemory (NewPhysicalMemoryBlock, i);
LOCK_PFN (OldIrql);
}
//
// Remove or split the requested range from the existing memory block.
//
NewPhysicalMemoryBlock->NumberOfRuns = MmPhysicalMemoryBlock->NumberOfRuns + Additional;
NewPhysicalMemoryBlock->NumberOfPages = MmPhysicalMemoryBlock->NumberOfPages - NumberOfPages;
NewRun = &NewPhysicalMemoryBlock->Run[0];
start = 0;
Inserted = FALSE;
do {
Page = MmPhysicalMemoryBlock->Run[start].BasePage;
LastPage = Page + MmPhysicalMemoryBlock->Run[start].PageCount;
if (Inserted == FALSE) {
if ((StartPage >= Page) && (EndPage <= LastPage)) {
if ((StartPage == Page) && (EndPage == LastPage)) {
ASSERT (Additional == -1);
start += 1;
continue;
}
else if ((StartPage == Page) || (EndPage == LastPage)) {
ASSERT (Additional == 0);
if (StartPage == Page) {
MmPhysicalMemoryBlock->Run[start].BasePage += NumberOfPages;
}
MmPhysicalMemoryBlock->Run[start].PageCount -= NumberOfPages;
}
else {
ASSERT (Additional == 1);
OriginalLastPage = LastPage;
MmPhysicalMemoryBlock->Run[start].PageCount =
StartPage - MmPhysicalMemoryBlock->Run[start].BasePage;
*NewRun = MmPhysicalMemoryBlock->Run[start];
NewRun += 1;
NewRun->BasePage = EndPage;
NewRun->PageCount = OriginalLastPage - EndPage;
NewRun += 1;
start += 1;
continue;
}
Inserted = TRUE;
}
}
*NewRun = MmPhysicalMemoryBlock->Run[start];
NewRun += 1;
start += 1;
} while (start != MmPhysicalMemoryBlock->NumberOfRuns);
//
// Repoint the MmPhysicalMemoryBlock at the new chunk.
// Free the old block after releasing the PFN lock.
//
MmPhysicalMemoryBlock = NewPhysicalMemoryBlock;
if (EndPage - 1 == MmHighestPhysicalPage) {
MmHighestPhysicalPage = StartPage - 1;
}
//
// Throw away all the removed pages that are currently enqueued.
//
for (Pfn1 = StartPfn; Pfn1 < EndPfn; Pfn1 += 1) {
ASSERT (Pfn1->u3.e1.PageLocation == BadPageList);
ASSERT (Pfn1->u3.e1.RemovalRequested == 1);
MiUnlinkPageFromList (Pfn1);
ASSERT (Pfn1->u1.Flink == 0);
ASSERT (Pfn1->u2.Blink == 0);
ASSERT (Pfn1->u3.e2.ReferenceCount == 0);
ASSERT64 (Pfn1->UsedPageTableEntries == 0);
Pfn1->PteAddress = PFN_REMOVED;
Pfn1->u3.e2.ShortFlags = 0;
Pfn1->OriginalPte.u.Long = ZeroKernelPte.u.Long;
Pfn1->PteFrame = 0;
}
//
// Now that the removed pages have been discarded, eliminate the PFN
// entries that mapped them. Straddling entries left over from an
// adjacent earlier removal are not collapsed at this point.
//
//
PagesReleased = 0;
if (PfnDatabaseIsPhysical == FALSE) {
VirtualAddress = (PVOID)ROUND_TO_PAGES(MI_PFN_ELEMENT(StartPage));
PointerPte = MiGetPteAddress (VirtualAddress);
EndPte = MiGetPteAddress (PAGE_ALIGN(MI_PFN_ELEMENT(EndPage)));
while (PointerPte < EndPte) {
PageFrameIndex = MI_GET_PAGE_FRAME_FROM_PTE (PointerPte);
Pfn1 = MI_PFN_ELEMENT (PageFrameIndex);
ASSERT (Pfn1->u2.ShareCount == 1);
ASSERT (Pfn1->u3.e2.ReferenceCount == 1);
Pfn1->u2.ShareCount = 0;
MI_SET_PFN_DELETED (Pfn1);
#if DBG
Pfn1->u3.e1.PageLocation = StandbyPageList;
#endif //DBG
MiDecrementReferenceCount (PageFrameIndex);
KeFlushSingleTb (VirtualAddress,
TRUE,
TRUE,
(PHARDWARE_PTE)PointerPte,
ZeroKernelPte.u.Flush);
PagesReleased += 1;
PointerPte += 1;
VirtualAddress = (PVOID)((PCHAR)VirtualAddress + PAGE_SIZE);
}
MmResidentAvailablePages += PagesReleased;
}
#if DBG
MiDynmemData[6] += 1;
#endif
UNLOCK_PFN (OldIrql);
if (PagesReleased != 0) {
MiReturnCommitment (PagesReleased);
}
ExReleaseFastMutex (&MmDynamicMemoryMutex);
if (OldPhysicalMemoryBlock != NULL) {
ExFreePool (OldPhysicalMemoryBlock);
}
NumberOfBytes->QuadPart = (ULONGLONG)NumberOfPages * PAGE_SIZE;
return STATUS_SUCCESS;
giveup:
//
// All the pages in the range were not obtained. Back everything out.
//
PageFrameIndex = StartPage;
Pfn1 = MI_PFN_ELEMENT (PageFrameIndex);
LOCK_PFN (OldIrql);
while (PageFrameIndex < EndPage) {
ASSERT (Pfn1->u3.e1.RemovalRequested == 1);
Pfn1->u3.e1.RemovalRequested = 0;
if ((Pfn1->u3.e1.PageLocation == BadPageList) &&
(Pfn1->u3.e1.ParityError == 0)) {
MiUnlinkPageFromList (Pfn1);
MiInsertPageInList (MmPageLocationList[FreePageList],
PageFrameIndex);
}
Pfn1 += 1;
PageFrameIndex += 1;
}
MmResidentAvailablePages += NumberOfPages;
MmNumberOfPhysicalPages += NumberOfPages;
UNLOCK_PFN (OldIrql);
giveup2:
ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql);
MmTotalCommitLimit += NumberOfPages;
MmTotalCommitLimitMaximum += NumberOfPages;
ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql);
ExReleaseFastMutex (&MmDynamicMemoryMutex);
return Status;
}
NTSTATUS
NtFreeVirtualMemory(
IN HANDLE ProcessHandle,
IN OUT PVOID *BaseAddress,
IN OUT PULONG RegionSize,
IN ULONG FreeType
)
/*++
Routine Description:
This function deletes a region of pages within the virtual address
space of a subject process.
Arguments:
ProcessHandle - An open handle to a process object.
BaseAddress - The base address of the region of pages
to be freed. This value is rounded down to the
next host page address boundary.
RegionSize - A pointer to a variable that will receive
the actual size in bytes of the freed region of
pages. The initial value of this argument is
rounded up to the next host page size boundary.
FreeType - A set of flags that describe the type of
free that is to be performed for the specified
region of pages.
FreeType Flags
MEM_DECOMMIT - The specified region of pages is to
be decommitted.
MEM_RELEASE - The specified region of pages is to
be released.
Return Value:
Returns the status
TBS
--*/
{
PMMVAD_SHORT Vad;
PMMVAD_SHORT NewVad;
PMMVAD PreviousVad;
PMMVAD NextVad;
PEPROCESS Process;
KPROCESSOR_MODE PreviousMode;
PVOID StartingAddress;
PVOID EndingAddress;
NTSTATUS Status;
ULONG Attached = FALSE;
ULONG CapturedRegionSize;
PVOID CapturedBase;
PMMPTE StartingPte;
PMMPTE EndingPte;
ULONG OldQuota;
ULONG QuotaCharge;
ULONG CommitReduction;
PVOID OldEnd;
PAGED_CODE();
//
// Check to make sure FreeType is good.
//
if ((FreeType & ~(MEM_DECOMMIT | MEM_RELEASE)) != 0) {
return STATUS_INVALID_PARAMETER_4;
}
//
// One of MEM_DECOMMIT or MEM_RELEASE must be specified, but not both.
//
if (((FreeType & (MEM_DECOMMIT | MEM_RELEASE)) == 0) ||
((FreeType & (MEM_DECOMMIT | MEM_RELEASE)) ==
(MEM_DECOMMIT | MEM_RELEASE))) {
return STATUS_INVALID_PARAMETER_4;
}
PreviousMode = KeGetPreviousMode();
//
// Establish an exception handler, probe the specified addresses
// for write access and capture the initial values.
//
try {
if (PreviousMode != KernelMode) {
ProbeForWriteUlong ((PULONG)BaseAddress);
ProbeForWriteUlong (RegionSize);
}
//
// Capture the base address.
//
CapturedBase = *BaseAddress;
//
// Capture the region size.
//
CapturedRegionSize = *RegionSize;
} except (ExSystemExceptionFilter()) {
//
// If an exception occurs during the probe or capture
// of the initial values, then handle the exception and
// return the exception code as the status value.
//
return GetExceptionCode();
}
#if DBG
if (MmDebug & MM_DBG_SHOW_NT_CALLS) {
if ( !MmWatchProcess ) {
DbgPrint("freevm processhandle %lx base %lx size %lx type %lx\n",
ProcessHandle, CapturedBase, CapturedRegionSize, FreeType);
}
}
#endif
//
// Make sure the specified starting and ending addresses are
// within the user part of the virtual address space.
//
if (CapturedBase > MM_HIGHEST_USER_ADDRESS) {
//
// Invalid base address.
//
return STATUS_INVALID_PARAMETER_2;
}
if ((ULONG)MM_HIGHEST_USER_ADDRESS - (ULONG)CapturedBase <
CapturedRegionSize) {
//
// Invalid region size;
//
return STATUS_INVALID_PARAMETER_3;
}
EndingAddress = (PVOID)(((ULONG)CapturedBase + CapturedRegionSize - 1) |
(PAGE_SIZE - 1));
StartingAddress = (PVOID)PAGE_ALIGN(CapturedBase);
if ( ProcessHandle == NtCurrentProcess() ) {
Process = PsGetCurrentProcess();
} else {
//
// Reference the specified process handle for VM_OPERATION access.
//
Status = ObReferenceObjectByHandle ( ProcessHandle,
PROCESS_VM_OPERATION,
PsProcessType,
PreviousMode,
(PVOID *)&Process,
NULL );
if (!NT_SUCCESS(Status)) {
return Status;
}
}
//
// If the specified process is not the current process, attach
// to the specified process.
//
if (PsGetCurrentProcess() != Process) {
KeAttachProcess (&Process->Pcb);
Attached = TRUE;
}
//
// Get the address creation mutex to block multiple threads from
// creating or deleting address space at the same time and
// get the working set mutex so virtual address descriptors can
// be inserted and walked. Block APCs to prevent page faults while
// we own the working set mutex.
//
LOCK_WS_AND_ADDRESS_SPACE (Process);
//
// Make sure the address space was not deleted.
//
if (Process->AddressSpaceDeleted != 0) {
Status = STATUS_PROCESS_IS_TERMINATING;
goto ErrorReturn;
}
Vad = (PMMVAD_SHORT)MiLocateAddress (StartingAddress);
if (Vad == NULL) {
//
// No Virtual Address Descriptor located for Base Address.
//
Status = STATUS_MEMORY_NOT_ALLOCATED;
goto ErrorReturn;
}
//
// Found the associated Virtual Address Descriptor.
//
if (Vad->EndingVa < EndingAddress) {
//
// The entire range to delete is not contained within a single
// virtual address descriptor. Return an error.
//
Status = STATUS_UNABLE_TO_FREE_VM;
goto ErrorReturn;
}
//
// Check to ensure this Vad is deletable. Delete is required
// for both decommit and release.
//
if ((Vad->u.VadFlags.PrivateMemory == 0) ||
(Vad->u.VadFlags.PhysicalMapping == 1)) {
Status = STATUS_UNABLE_TO_DELETE_SECTION;
goto ErrorReturn;
}
if (Vad->u.VadFlags.NoChange == 1) {
//
// An attempt is being made to delete a secured VAD, check
// to see if this deletion is allowed.
//
if (FreeType & MEM_RELEASE) {
//
// Specifiy the whole range, this solves the problem with
// splitting the VAD and trying to decide where the various
// secure ranges need to go.
//
Status = MiCheckSecuredVad ((PMMVAD)Vad,
Vad->StartingVa,
(PCHAR)Vad->EndingVa - (PCHAR)Vad->StartingVa,
MM_SECURE_DELETE_CHECK);
} else {
Status = MiCheckSecuredVad ((PMMVAD)Vad,
CapturedBase,
CapturedRegionSize,
MM_SECURE_DELETE_CHECK);
}
if (!NT_SUCCESS (Status)) {
goto ErrorReturn;
}
}
PreviousVad = MiGetPreviousVad (Vad);
NextVad = MiGetNextVad (Vad);
if (FreeType & MEM_RELEASE) {
//
// *****************************************************************
// MEM_RELEASE was specified.
// *****************************************************************
//
//
// The descriptor for the address range is deletable. Remove or split
// the descriptor.
//
//
// If the region size is zero, remove the whole VAD.
//
if (CapturedRegionSize == 0) {
//
// If the region size is specified as 0, the base address
// must be the starting address for the region.
//
if (CapturedBase != Vad->StartingVa) {
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
//
// This Virtual Address Descriptor has been deleted.
//
StartingAddress = Vad->StartingVa;
EndingAddress = Vad->EndingVa;
MiRemoveVad ((PMMVAD)Vad);
ExFreePool (Vad);
} else {
//
// Regions size was not specified as zero, delete the
// whole VAD or split the VAD.
//
if (StartingAddress == Vad->StartingVa) {
if (EndingAddress == Vad->EndingVa) {
//
// This Virtual Address Descriptor has been deleted.
//
MiRemoveVad ((PMMVAD)Vad);
ExFreePool (Vad);
} else {
//
// This Virtual Address Descriptor has a new starting
// address.
//
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process );
Vad->StartingVa = (PVOID)((ULONG)EndingAddress + 1L);
Vad->u.VadFlags.CommitCharge -= CommitReduction;
ASSERT ((LONG)Vad->u.VadFlags.CommitCharge >= 0);
MiReturnPageFileQuota (CommitReduction, Process);
MiReturnCommitment (CommitReduction);
Process->CommitCharge -= CommitReduction;
PreviousVad = (PMMVAD)Vad;
}
} else {
//
// Starting address is greater than start of VAD.
//
if (EndingAddress == Vad->EndingVa) {
//
// Change the ending address of the VAD.
//
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process );
Vad->u.VadFlags.CommitCharge -= CommitReduction;
MiReturnPageFileQuota (CommitReduction, Process);
MiReturnCommitment (CommitReduction);
Process->CommitCharge -= CommitReduction;
Vad->EndingVa = (PVOID)((ULONG)StartingAddress - 1L);
PreviousVad = (PMMVAD)Vad;
} else {
//
// Split this VAD as the address range is within the VAD.
//
//
// Allocate an new VAD under an exception handler
// as there may not be enough quota.
//
NewVad = ExAllocatePoolWithTag (NonPagedPool,
sizeof(MMVAD_SHORT),
'SdaV');
if ( NewVad == NULL ) {
Status = STATUS_INSUFFICIENT_RESOURCES;
goto ErrorReturn;
}
CommitReduction = MiCalculatePageCommitment (
StartingAddress,
EndingAddress,
(PMMVAD)Vad,
Process );
OldQuota = Vad->u.VadFlags.CommitCharge - CommitReduction;
OldEnd = Vad->EndingVa;
*NewVad = *Vad;
Vad->EndingVa = (PVOID)((ULONG)StartingAddress - 1L);
NewVad->StartingVa = (PVOID)((ULONG)EndingAddress + 1L);
//
// Set the commit charge to zero so MiInsertVad will
// not charge committment for splitting the VAD.
//
NewVad->u.VadFlags.CommitCharge = 0;
try {
//
// Insert the VAD, this could get an exception
// on charging quota.
//
MiInsertVad ((PMMVAD)NewVad);
} except (EXCEPTION_EXECUTE_HANDLER) {
//
// Inserting the Vad failed, reset the original
// VAD, free new vad and return an error.
//
Vad->EndingVa = OldEnd;
ExFreePool (NewVad);
Status = GetExceptionCode();
goto ErrorReturn;
}
Vad->u.VadFlags.CommitCharge -= CommitReduction;
MiReturnPageFileQuota (CommitReduction, Process);
MiReturnCommitment (CommitReduction);
Process->CommitCharge -= CommitReduction;
//
// As we have split the original VAD into 2 seperate VADs
// there is know way of knowing what the commit charge
// is for each VAD. Calculate the charge and reset
// each VAD. Note that we also use the previous value
// to make sure the books stay balanced.
//
QuotaCharge = MiCalculatePageCommitment (Vad->StartingVa,
Vad->EndingVa,
(PMMVAD)Vad,
Process );
Vad->u.VadFlags.CommitCharge = QuotaCharge;
//
// Give the remaining charge to the new VAD.
//
NewVad->u.VadFlags.CommitCharge = OldQuota - QuotaCharge;
PreviousVad = (PMMVAD)Vad;
NextVad = (PMMVAD)NewVad;
}
}
}
//
// Return commitment for page table pages if possibible.
//
MiReturnPageTablePageCommitment (StartingAddress,
EndingAddress,
Process,
PreviousVad,
NextVad);
//
// Get the PFN mutex so the MiDeleteVirtualAddresses can be called.
//
MiDeleteFreeVm (StartingAddress, EndingAddress);
UNLOCK_WS (Process);
CapturedRegionSize = 1 + (ULONG)EndingAddress - (ULONG)StartingAddress;
//
// Update the virtual size in the process header.
//
Process->VirtualSize -= CapturedRegionSize;
UNLOCK_ADDRESS_SPACE (Process);
if (Attached) {
KeDetachProcess();
}
if ( ProcessHandle != NtCurrentProcess() ) {
ObDereferenceObject (Process);
}
//
// Establish an exception handler and write the size and base
// address.
//
try {
*RegionSize = CapturedRegionSize;
*BaseAddress = StartingAddress;
} except (EXCEPTION_EXECUTE_HANDLER) {
//
// An exception occurred, don't take any action (just handle
// the exception and return success.
}
#if DBG
if (MmDebug & MM_DBG_SHOW_NT_CALLS) {
if ( MmWatchProcess ) {
if ( MmWatchProcess == PsGetCurrentProcess() ) {
DbgPrint("\n--- FREE Type 0x%lx Base %lx Size %lx\n",
FreeType, StartingAddress, CapturedRegionSize);
MmFooBar();
}
}
}
#endif
#if DBG
if (RtlAreLogging( RTL_EVENT_CLASS_VM )) {
RtlLogEvent( MiFreeVmEventId,
RTL_EVENT_CLASS_VM,
StartingAddress,
CapturedRegionSize,
FreeType
);
}
#endif // DBG
return STATUS_SUCCESS;
}
//
// **************************************************************
//
// MEM_DECOMMIT was specified.
//
// **************************************************************
//
//
// Check to ensure the complete range of pages is already committed.
//
if (CapturedRegionSize == 0) {
if (CapturedBase != Vad->StartingVa) {
Status = STATUS_FREE_VM_NOT_AT_BASE;
goto ErrorReturn;
}
EndingAddress = Vad->EndingVa;
}
#if 0
if (FreeType & MEM_CHECK_COMMIT_STATE) {
if ( !MiIsEntireRangeCommitted(StartingAddress,
EndingAddress,
Vad,
Process)) {
//
// The entire range to be decommited is not committed,
// return an errror.
//
Status = STATUS_UNABLE_TO_DECOMMIT_VM;
goto ErrorReturn;
}
}
#endif //0
//
// The address range is entirely committed, decommit it now.
//
//
// Calculate the initial quotas and commit charges for this VAD.
//
StartingPte = MiGetPteAddress (StartingAddress);
EndingPte = MiGetPteAddress (EndingAddress);
CommitReduction = 1 + EndingPte - StartingPte;
//
// Check to see if the entire range can be decommitted by
// just updating the virtual address descriptor.
//
CommitReduction -= MiDecommitPages (StartingAddress,
EndingPte,
Process,
Vad);
//
// Adjust the quota charges.
//
ASSERT ((LONG)CommitReduction >= 0);
MiReturnPageFileQuota (CommitReduction, Process);
MiReturnCommitment (CommitReduction);
Vad->u.VadFlags.CommitCharge -= CommitReduction;
Process->CommitCharge -= CommitReduction;
ASSERT ((LONG)Vad->u.VadFlags.CommitCharge >= 0);
UNLOCK_WS (Process);
UNLOCK_ADDRESS_SPACE (Process);
if (Attached) {
KeDetachProcess();
}
if ( ProcessHandle != NtCurrentProcess() ) {
ObDereferenceObject (Process);
}
//
// Establish an exception handler and write the size and base
// address.
//
try {
*RegionSize = 1 + (ULONG)EndingAddress - (ULONG)StartingAddress;
*BaseAddress = StartingAddress;
} except (EXCEPTION_EXECUTE_HANDLER) {
NOTHING;
}
#if DBG
if (RtlAreLogging( RTL_EVENT_CLASS_VM )) {
RtlLogEvent( MiFreeVmEventId,
RTL_EVENT_CLASS_VM,
StartingAddress,
1 + (ULONG)EndingAddress - (ULONG)StartingAddress,
FreeType
);
}
#endif // DBG
return STATUS_SUCCESS;
ErrorReturn:
UNLOCK_WS (Process);
UNLOCK_ADDRESS_SPACE (Process);
if (Attached) {
KeDetachProcess();
}
if ( ProcessHandle != NtCurrentProcess() ) {
ObDereferenceObject (Process);
}
return Status;
}
