xref: /reactos/ntoskrnl/mm/ARM3/pool.c (revision e0759a5e)
1 /*
2  * PROJECT:         ReactOS Kernel
3  * LICENSE:         BSD - See COPYING.ARM in the top level directory
4  * FILE:            ntoskrnl/mm/ARM3/pool.c
5  * PURPOSE:         ARM Memory Manager Pool Allocator
6  * PROGRAMMERS:     ReactOS Portable Systems Group
7  */
8 
9 /* INCLUDES *******************************************************************/
10 
11 #include <ntoskrnl.h>
12 #define NDEBUG
13 #include <debug.h>
14 
15 #define MODULE_INVOLVED_IN_ARM3
16 #include <mm/ARM3/miarm.h>
17 
18 /* GLOBALS ********************************************************************/
19 
20 LIST_ENTRY MmNonPagedPoolFreeListHead[MI_MAX_FREE_PAGE_LISTS];
21 PFN_COUNT MmNumberOfFreeNonPagedPool, MiExpansionPoolPagesInitialCharge;
22 PVOID MmNonPagedPoolEnd0;
23 PFN_NUMBER MiStartOfInitialPoolFrame, MiEndOfInitialPoolFrame;
24 KGUARDED_MUTEX MmPagedPoolMutex;
25 MM_PAGED_POOL_INFO MmPagedPoolInfo;
26 SIZE_T MmAllocatedNonPagedPool;
27 SIZE_T MmTotalNonPagedPoolQuota;
28 SIZE_T MmTotalPagedPoolQuota;
29 ULONG MmSpecialPoolTag;
30 ULONG MmConsumedPoolPercentage;
31 BOOLEAN MmProtectFreedNonPagedPool;
32 SLIST_HEADER MiNonPagedPoolSListHead;
33 ULONG MiNonPagedPoolSListMaximum = 4;
34 SLIST_HEADER MiPagedPoolSListHead;
35 ULONG MiPagedPoolSListMaximum = 8;
36 
37 /* PRIVATE FUNCTIONS **********************************************************/
38 
39 VOID
40 NTAPI
MiProtectFreeNonPagedPool(IN PVOID VirtualAddress,IN ULONG PageCount)41 MiProtectFreeNonPagedPool(IN PVOID VirtualAddress,
42                           IN ULONG PageCount)
43 {
44     PMMPTE PointerPte, LastPte;
45     MMPTE TempPte;
46 
47     /* If pool is physical, can't protect PTEs */
48     if (MI_IS_PHYSICAL_ADDRESS(VirtualAddress)) return;
49 
50     /* Get PTE pointers and loop */
51     PointerPte = MiAddressToPte(VirtualAddress);
52     LastPte = PointerPte + PageCount;
53     do
54     {
55         /* Capture the PTE for safety */
56         TempPte = *PointerPte;
57 
58         /* Mark it as an invalid PTE, set proto bit to recognize it as pool */
59         TempPte.u.Hard.Valid = 0;
60         TempPte.u.Soft.Prototype = 1;
61         MI_WRITE_INVALID_PTE(PointerPte, TempPte);
62     } while (++PointerPte < LastPte);
63 
64     /* Flush the TLB */
65     KeFlushEntireTb(TRUE, TRUE);
66 }
67 
68 BOOLEAN
69 NTAPI
MiUnProtectFreeNonPagedPool(IN PVOID VirtualAddress,IN ULONG PageCount)70 MiUnProtectFreeNonPagedPool(IN PVOID VirtualAddress,
71                             IN ULONG PageCount)
72 {
73     PMMPTE PointerPte;
74     MMPTE TempPte;
75     PFN_NUMBER UnprotectedPages = 0;
76 
77     /* If pool is physical, can't protect PTEs */
78     if (MI_IS_PHYSICAL_ADDRESS(VirtualAddress)) return FALSE;
79 
80     /* Get, and capture the PTE */
81     PointerPte = MiAddressToPte(VirtualAddress);
82     TempPte = *PointerPte;
83 
84     /* Loop protected PTEs */
85     while ((TempPte.u.Hard.Valid == 0) && (TempPte.u.Soft.Prototype == 1))
86     {
87         /* Unprotect the PTE */
88         TempPte.u.Hard.Valid = 1;
89         TempPte.u.Soft.Prototype = 0;
90         MI_WRITE_VALID_PTE(PointerPte, TempPte);
91 
92         /* One more page */
93         if (++UnprotectedPages == PageCount) break;
94 
95         /* Capture next PTE */
96         TempPte = *(++PointerPte);
97     }
98 
99     /* Return if any pages were unprotected */
100     return UnprotectedPages ? TRUE : FALSE;
101 }
102 
103 FORCEINLINE
104 VOID
MiProtectedPoolUnProtectLinks(IN PLIST_ENTRY Links,OUT PVOID * PoolFlink,OUT PVOID * PoolBlink)105 MiProtectedPoolUnProtectLinks(IN PLIST_ENTRY Links,
106                               OUT PVOID* PoolFlink,
107                               OUT PVOID* PoolBlink)
108 {
109     BOOLEAN Safe;
110     PVOID PoolVa;
111 
112     /* Initialize variables */
113     *PoolFlink = *PoolBlink = NULL;
114 
115     /* Check if the list has entries */
116     if (IsListEmpty(Links) == FALSE)
117     {
118         /* We are going to need to forward link to do an insert */
119         PoolVa = Links->Flink;
120 
121         /* So make it safe to access */
122         Safe = MiUnProtectFreeNonPagedPool(PoolVa, 1);
123         if (Safe) *PoolFlink = PoolVa;
124     }
125 
126     /* Are we going to need a backward link too? */
127     if (Links != Links->Blink)
128     {
129         /* Get the head's backward link for the insert */
130         PoolVa = Links->Blink;
131 
132         /* Make it safe to access */
133         Safe = MiUnProtectFreeNonPagedPool(PoolVa, 1);
134         if (Safe) *PoolBlink = PoolVa;
135     }
136 }
137 
138 FORCEINLINE
139 VOID
MiProtectedPoolProtectLinks(IN PVOID PoolFlink,IN PVOID PoolBlink)140 MiProtectedPoolProtectLinks(IN PVOID PoolFlink,
141                             IN PVOID PoolBlink)
142 {
143     /* Reprotect the pages, if they got unprotected earlier */
144     if (PoolFlink) MiProtectFreeNonPagedPool(PoolFlink, 1);
145     if (PoolBlink) MiProtectFreeNonPagedPool(PoolBlink, 1);
146 }
147 
148 VOID
149 NTAPI
MiProtectedPoolInsertList(IN PLIST_ENTRY ListHead,IN PLIST_ENTRY Entry,IN BOOLEAN Critical)150 MiProtectedPoolInsertList(IN PLIST_ENTRY ListHead,
151                           IN PLIST_ENTRY Entry,
152                           IN BOOLEAN Critical)
153 {
154     PVOID PoolFlink, PoolBlink;
155 
156     /* Make the list accessible */
157     MiProtectedPoolUnProtectLinks(ListHead, &PoolFlink, &PoolBlink);
158 
159     /* Now insert in the right position */
160     Critical ? InsertHeadList(ListHead, Entry) : InsertTailList(ListHead, Entry);
161 
162     /* And reprotect the pages containing the free links */
163     MiProtectedPoolProtectLinks(PoolFlink, PoolBlink);
164 }
165 
166 VOID
167 NTAPI
MiProtectedPoolRemoveEntryList(IN PLIST_ENTRY Entry)168 MiProtectedPoolRemoveEntryList(IN PLIST_ENTRY Entry)
169 {
170     PVOID PoolFlink, PoolBlink;
171 
172     /* Make the list accessible */
173     MiProtectedPoolUnProtectLinks(Entry, &PoolFlink, &PoolBlink);
174 
175     /* Now remove */
176     RemoveEntryList(Entry);
177 
178     /* And reprotect the pages containing the free links */
179     if (PoolFlink) MiProtectFreeNonPagedPool(PoolFlink, 1);
180     if (PoolBlink) MiProtectFreeNonPagedPool(PoolBlink, 1);
181 }
182 
183 CODE_SEG("INIT")
184 VOID
185 NTAPI
MiInitializeNonPagedPoolThresholds(VOID)186 MiInitializeNonPagedPoolThresholds(VOID)
187 {
188     PFN_NUMBER Size = MmMaximumNonPagedPoolInPages;
189 
190     /* Default low threshold of 8MB or one third of nonpaged pool */
191     MiLowNonPagedPoolThreshold = (8 * _1MB) >> PAGE_SHIFT;
192     MiLowNonPagedPoolThreshold = min(MiLowNonPagedPoolThreshold, Size / 3);
193 
194     /* Default high threshold of 20MB or 50% */
195     MiHighNonPagedPoolThreshold = (20 * _1MB) >> PAGE_SHIFT;
196     MiHighNonPagedPoolThreshold = min(MiHighNonPagedPoolThreshold, Size / 2);
197     ASSERT(MiLowNonPagedPoolThreshold < MiHighNonPagedPoolThreshold);
198 }
199 
200 CODE_SEG("INIT")
201 VOID
202 NTAPI
MiInitializePoolEvents(VOID)203 MiInitializePoolEvents(VOID)
204 {
205     KIRQL OldIrql;
206     PFN_NUMBER FreePoolInPages;
207 
208     /* Lock paged pool */
209     KeAcquireGuardedMutex(&MmPagedPoolMutex);
210 
211     /* Total size of the paged pool minus the allocated size, is free */
212     FreePoolInPages = MmSizeOfPagedPoolInPages - MmPagedPoolInfo.AllocatedPagedPool;
213 
214     /* Check the initial state high state */
215     if (FreePoolInPages >= MiHighPagedPoolThreshold)
216     {
217         /* We have plenty of pool */
218         KeSetEvent(MiHighPagedPoolEvent, 0, FALSE);
219     }
220     else
221     {
222         /* We don't */
223         KeClearEvent(MiHighPagedPoolEvent);
224     }
225 
226     /* Check the initial low state */
227     if (FreePoolInPages <= MiLowPagedPoolThreshold)
228     {
229         /* We're very low in free pool memory */
230         KeSetEvent(MiLowPagedPoolEvent, 0, FALSE);
231     }
232     else
233     {
234         /* We're not */
235         KeClearEvent(MiLowPagedPoolEvent);
236     }
237 
238     /* Release the paged pool lock */
239     KeReleaseGuardedMutex(&MmPagedPoolMutex);
240 
241     /* Now it's time for the nonpaged pool lock */
242     OldIrql = KeAcquireQueuedSpinLock(LockQueueMmNonPagedPoolLock);
243 
244     /* Free pages are the maximum minus what's been allocated */
245     FreePoolInPages = MmMaximumNonPagedPoolInPages - MmAllocatedNonPagedPool;
246 
247     /* Check if we have plenty */
248     if (FreePoolInPages >= MiHighNonPagedPoolThreshold)
249     {
250         /* We do, set the event */
251         KeSetEvent(MiHighNonPagedPoolEvent, 0, FALSE);
252     }
253     else
254     {
255         /* We don't, clear the event */
256         KeClearEvent(MiHighNonPagedPoolEvent);
257     }
258 
259     /* Check if we have very little */
260     if (FreePoolInPages <= MiLowNonPagedPoolThreshold)
261     {
262         /* We do, set the event */
263         KeSetEvent(MiLowNonPagedPoolEvent, 0, FALSE);
264     }
265     else
266     {
267         /* We don't, clear it */
268         KeClearEvent(MiLowNonPagedPoolEvent);
269     }
270 
271     /* We're done, release the nonpaged pool lock */
272     KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
273 }
274 
275 CODE_SEG("INIT")
276 VOID
277 NTAPI
MiInitializeNonPagedPool(VOID)278 MiInitializeNonPagedPool(VOID)
279 {
280     ULONG i;
281     PFN_COUNT PoolPages;
282     PMMFREE_POOL_ENTRY FreeEntry, FirstEntry;
283     PMMPTE PointerPte;
284     PAGED_CODE();
285 
286     //
287     // Initialize the pool S-LISTs as well as their maximum count. In general,
288     // we'll allow 8 times the default on a 2GB system, and two times the default
289     // on a 1GB system.
290     //
291     InitializeSListHead(&MiPagedPoolSListHead);
292     InitializeSListHead(&MiNonPagedPoolSListHead);
293     if (MmNumberOfPhysicalPages >= ((2 * _1GB) /PAGE_SIZE))
294     {
295         MiNonPagedPoolSListMaximum *= 8;
296         MiPagedPoolSListMaximum *= 8;
297     }
298     else if (MmNumberOfPhysicalPages >= (_1GB /PAGE_SIZE))
299     {
300         MiNonPagedPoolSListMaximum *= 2;
301         MiPagedPoolSListMaximum *= 2;
302     }
303 
304     //
305     // However if debugging options for the pool are enabled, turn off the S-LIST
306     // to reduce the risk of messing things up even more
307     //
308     if (MmProtectFreedNonPagedPool)
309     {
310         MiNonPagedPoolSListMaximum = 0;
311         MiPagedPoolSListMaximum = 0;
312     }
313 
314     //
315     // We keep 4 lists of free pages (4 lists help avoid contention)
316     //
317     for (i = 0; i < MI_MAX_FREE_PAGE_LISTS; i++)
318     {
319         //
320         // Initialize each of them
321         //
322         InitializeListHead(&MmNonPagedPoolFreeListHead[i]);
323     }
324 
325     //
326     // Calculate how many pages the initial nonpaged pool has
327     //
328     PoolPages = (PFN_COUNT)BYTES_TO_PAGES(MmSizeOfNonPagedPoolInBytes);
329     MmNumberOfFreeNonPagedPool = PoolPages;
330 
331     //
332     // Initialize the first free entry
333     //
334     FreeEntry = MmNonPagedPoolStart;
335     FirstEntry = FreeEntry;
336     FreeEntry->Size = PoolPages;
337     FreeEntry->Signature = MM_FREE_POOL_SIGNATURE;
338     FreeEntry->Owner = FirstEntry;
339 
340     //
341     // Insert it into the last list
342     //
343     InsertHeadList(&MmNonPagedPoolFreeListHead[MI_MAX_FREE_PAGE_LISTS - 1],
344                    &FreeEntry->List);
345 
346     //
347     // Now create free entries for every single other page
348     //
349     while (PoolPages-- > 1)
350     {
351         //
352         // Link them all back to the original entry
353         //
354         FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)FreeEntry + PAGE_SIZE);
355         FreeEntry->Owner = FirstEntry;
356         FreeEntry->Signature = MM_FREE_POOL_SIGNATURE;
357     }
358 
359     //
360     // Validate and remember first allocated pool page
361     //
362     PointerPte = MiAddressToPte(MmNonPagedPoolStart);
363     ASSERT(PointerPte->u.Hard.Valid == 1);
364     MiStartOfInitialPoolFrame = PFN_FROM_PTE(PointerPte);
365 
366     //
367     // Keep track of where initial nonpaged pool ends
368     //
369     MmNonPagedPoolEnd0 = (PVOID)((ULONG_PTR)MmNonPagedPoolStart +
370                                  MmSizeOfNonPagedPoolInBytes);
371 
372     //
373     // Validate and remember last allocated pool page
374     //
375     PointerPte = MiAddressToPte((PVOID)((ULONG_PTR)MmNonPagedPoolEnd0 - 1));
376     ASSERT(PointerPte->u.Hard.Valid == 1);
377     MiEndOfInitialPoolFrame = PFN_FROM_PTE(PointerPte);
378 
379     //
380     // Validate the first nonpaged pool expansion page (which is a guard page)
381     //
382     PointerPte = MiAddressToPte(MmNonPagedPoolExpansionStart);
383     ASSERT(PointerPte->u.Hard.Valid == 0);
384 
385     //
386     // Calculate the size of the expansion region alone
387     //
388     MiExpansionPoolPagesInitialCharge = (PFN_COUNT)
389     BYTES_TO_PAGES(MmMaximumNonPagedPoolInBytes - MmSizeOfNonPagedPoolInBytes);
390 
391     //
392     // Remove 2 pages, since there's a guard page on top and on the bottom
393     //
394     MiExpansionPoolPagesInitialCharge -= 2;
395 
396     //
397     // Now initialize the nonpaged pool expansion PTE space. Remember there's a
398     // guard page on top so make sure to skip it. The bottom guard page will be
399     // guaranteed by the fact our size is off by one.
400     //
401     MiInitializeSystemPtes(PointerPte + 1,
402                            MiExpansionPoolPagesInitialCharge,
403                            NonPagedPoolExpansion);
404 }
405 
406 POOL_TYPE
407 NTAPI
MmDeterminePoolType(IN PVOID PoolAddress)408 MmDeterminePoolType(IN PVOID PoolAddress)
409 {
410     //
411     // Use a simple bounds check
412     //
413     if (PoolAddress >= MmPagedPoolStart && PoolAddress <= MmPagedPoolEnd)
414         return PagedPool;
415     else if (PoolAddress >= MmNonPagedPoolStart && PoolAddress <= MmNonPagedPoolEnd)
416         return NonPagedPool;
417     KeBugCheckEx(BAD_POOL_CALLER, 0x42, (ULONG_PTR)PoolAddress, 0, 0);
418 }
419 
420 PVOID
421 NTAPI
MiAllocatePoolPages(IN POOL_TYPE PoolType,IN SIZE_T SizeInBytes)422 MiAllocatePoolPages(IN POOL_TYPE PoolType,
423                     IN SIZE_T SizeInBytes)
424 {
425     PFN_NUMBER PageFrameNumber;
426     PFN_COUNT SizeInPages, PageTableCount;
427     ULONG i;
428     KIRQL OldIrql;
429     PLIST_ENTRY NextEntry, NextHead, LastHead;
430     PMMPTE PointerPte, StartPte;
431     PMMPDE PointerPde;
432     ULONG EndAllocation;
433     MMPTE TempPte;
434     MMPDE TempPde;
435     PMMPFN Pfn1;
436     PVOID BaseVa, BaseVaStart;
437     PMMFREE_POOL_ENTRY FreeEntry;
438 
439     //
440     // Figure out how big the allocation is in pages
441     //
442     SizeInPages = (PFN_COUNT)BYTES_TO_PAGES(SizeInBytes);
443 
444     //
445     // Check for overflow
446     //
447     if (SizeInPages == 0)
448     {
449         //
450         // Fail
451         //
452         return NULL;
453     }
454 
455     //
456     // Handle paged pool
457     //
458     if ((PoolType & BASE_POOL_TYPE_MASK) == PagedPool)
459     {
460         //
461         // If only one page is being requested, try to grab it from the S-LIST
462         //
463         if ((SizeInPages == 1) && (ExQueryDepthSList(&MiPagedPoolSListHead)))
464         {
465             BaseVa = InterlockedPopEntrySList(&MiPagedPoolSListHead);
466             if (BaseVa) return BaseVa;
467         }
468 
469         //
470         // Lock the paged pool mutex
471         //
472         KeAcquireGuardedMutex(&MmPagedPoolMutex);
473 
474         //
475         // Find some empty allocation space
476         //
477         i = RtlFindClearBitsAndSet(MmPagedPoolInfo.PagedPoolAllocationMap,
478                                    SizeInPages,
479                                    MmPagedPoolInfo.PagedPoolHint);
480         if (i == 0xFFFFFFFF)
481         {
482             //
483             // Get the page bit count
484             //
485             i = ((SizeInPages - 1) / PTE_PER_PAGE) + 1;
486             DPRINT("Paged pool expansion: %lu %x\n", i, SizeInPages);
487 
488             //
489             // Check if there is enougn paged pool expansion space left
490             //
491             if (MmPagedPoolInfo.NextPdeForPagedPoolExpansion >
492                 (PMMPDE)MiAddressToPte(MmPagedPoolInfo.LastPteForPagedPool))
493             {
494                 //
495                 // Out of memory!
496                 //
497                 DPRINT1("FAILED to allocate %Iu bytes from paged pool\n", SizeInBytes);
498                 KeReleaseGuardedMutex(&MmPagedPoolMutex);
499                 return NULL;
500             }
501 
502             //
503             // Check if we'll have to expand past the last PTE we have available
504             //
505             if (((i - 1) + MmPagedPoolInfo.NextPdeForPagedPoolExpansion) >
506                  (PMMPDE)MiAddressToPte(MmPagedPoolInfo.LastPteForPagedPool))
507             {
508                 //
509                 // We can only support this much then
510                 //
511                 PointerPde = MiPteToPde(MmPagedPoolInfo.LastPteForPagedPool);
512                 PageTableCount = (PFN_COUNT)(PointerPde + 1 -
513                                  MmPagedPoolInfo.NextPdeForPagedPoolExpansion);
514                 ASSERT(PageTableCount < i);
515                 i = PageTableCount;
516             }
517             else
518             {
519                 //
520                 // Otherwise, there is plenty of space left for this expansion
521                 //
522                 PageTableCount = i;
523             }
524 
525             //
526             // Get the template PDE we'll use to expand
527             //
528             TempPde = ValidKernelPde;
529 
530             //
531             // Get the first PTE in expansion space
532             //
533             PointerPde = MmPagedPoolInfo.NextPdeForPagedPoolExpansion;
534             BaseVa = MiPdeToPte(PointerPde);
535             BaseVaStart = BaseVa;
536 
537             //
538             // Lock the PFN database and loop pages
539             //
540             OldIrql = MiAcquirePfnLock();
541             do
542             {
543                 //
544                 // It should not already be valid
545                 //
546                 ASSERT(PointerPde->u.Hard.Valid == 0);
547 
548                 /* Request a page */
549                 MI_SET_USAGE(MI_USAGE_PAGED_POOL);
550                 MI_SET_PROCESS2("Kernel");
551                 PageFrameNumber = MiRemoveAnyPage(MI_GET_NEXT_COLOR());
552                 TempPde.u.Hard.PageFrameNumber = PageFrameNumber;
553 #if (_MI_PAGING_LEVELS >= 3)
554                 /* On PAE/x64 systems, there's no double-buffering */
555                 /* Initialize the PFN entry for it */
556                 MiInitializePfnForOtherProcess(PageFrameNumber,
557                                                (PMMPTE)PointerPde,
558                                                PFN_FROM_PTE(MiAddressToPte(PointerPde)));
559 
560                 /* Write the actual PDE now */
561                 MI_WRITE_VALID_PDE(PointerPde, TempPde);
562 #else
563                 //
564                 // Save it into our double-buffered system page directory
565                 //
566                 MmSystemPagePtes[((ULONG_PTR)PointerPde & (SYSTEM_PD_SIZE - 1)) / sizeof(MMPTE)] = TempPde;
567 
568                 /* Initialize the PFN */
569                 MiInitializePfnForOtherProcess(PageFrameNumber,
570                                                (PMMPTE)PointerPde,
571                                                MmSystemPageDirectory[(PointerPde - MiAddressToPde(NULL)) / PDE_PER_PAGE]);
572 #endif
573 
574                 //
575                 // Move on to the next expansion address
576                 //
577                 PointerPde++;
578                 BaseVa = (PVOID)((ULONG_PTR)BaseVa + PAGE_SIZE);
579                 i--;
580             } while (i > 0);
581 
582             //
583             // Release the PFN database lock
584             //
585             MiReleasePfnLock(OldIrql);
586 
587             //
588             // These pages are now available, clear their availablity bits
589             //
590             EndAllocation = (ULONG)(MmPagedPoolInfo.NextPdeForPagedPoolExpansion -
591                                     (PMMPDE)MiAddressToPte(MmPagedPoolInfo.FirstPteForPagedPool)) *
592                             PTE_PER_PAGE;
593             RtlClearBits(MmPagedPoolInfo.PagedPoolAllocationMap,
594                          EndAllocation,
595                          PageTableCount * PTE_PER_PAGE);
596 
597             //
598             // Update the next expansion location
599             //
600             MmPagedPoolInfo.NextPdeForPagedPoolExpansion += PageTableCount;
601 
602             //
603             // Zero out the newly available memory
604             //
605             RtlZeroMemory(BaseVaStart, PageTableCount * PAGE_SIZE);
606 
607             //
608             // Now try consuming the pages again
609             //
610             i = RtlFindClearBitsAndSet(MmPagedPoolInfo.PagedPoolAllocationMap,
611                                        SizeInPages,
612                                        0);
613             if (i == 0xFFFFFFFF)
614             {
615                 //
616                 // Out of memory!
617                 //
618                 DPRINT1("FAILED to allocate %Iu bytes from paged pool\n", SizeInBytes);
619                 KeReleaseGuardedMutex(&MmPagedPoolMutex);
620                 return NULL;
621             }
622         }
623 
624         //
625         // Update the pool hint if the request was just one page
626         //
627         if (SizeInPages == 1) MmPagedPoolInfo.PagedPoolHint = i + 1;
628 
629         //
630         // Update the end bitmap so we know the bounds of this allocation when
631         // the time comes to free it
632         //
633         EndAllocation = i + SizeInPages - 1;
634         RtlSetBit(MmPagedPoolInfo.EndOfPagedPoolBitmap, EndAllocation);
635 
636         //
637         // Now we can release the lock (it mainly protects the bitmap)
638         //
639         KeReleaseGuardedMutex(&MmPagedPoolMutex);
640 
641         //
642         // Now figure out where this allocation starts
643         //
644         BaseVa = (PVOID)((ULONG_PTR)MmPagedPoolStart + (i << PAGE_SHIFT));
645 
646         //
647         // Flush the TLB
648         //
649         KeFlushEntireTb(TRUE, TRUE);
650 
651         /* Setup a demand-zero writable PTE */
652         MI_MAKE_SOFTWARE_PTE(&TempPte, MM_READWRITE);
653 
654         //
655         // Find the first and last PTE, then loop them all
656         //
657         PointerPte = MiAddressToPte(BaseVa);
658         StartPte = PointerPte + SizeInPages;
659         do
660         {
661             //
662             // Write the demand zero PTE and keep going
663             //
664             MI_WRITE_INVALID_PTE(PointerPte, TempPte);
665         } while (++PointerPte < StartPte);
666 
667         //
668         // Return the allocation address to the caller
669         //
670         return BaseVa;
671     }
672 
673     //
674     // If only one page is being requested, try to grab it from the S-LIST
675     //
676     if ((SizeInPages == 1) && (ExQueryDepthSList(&MiNonPagedPoolSListHead)))
677     {
678         BaseVa = InterlockedPopEntrySList(&MiNonPagedPoolSListHead);
679         if (BaseVa) return BaseVa;
680     }
681 
682     //
683     // Allocations of less than 4 pages go into their individual buckets
684     //
685     i = min(SizeInPages, MI_MAX_FREE_PAGE_LISTS) - 1;
686 
687     //
688     // Loop through all the free page lists based on the page index
689     //
690     NextHead = &MmNonPagedPoolFreeListHead[i];
691     LastHead = &MmNonPagedPoolFreeListHead[MI_MAX_FREE_PAGE_LISTS];
692 
693     //
694     // Acquire the nonpaged pool lock
695     //
696     OldIrql = KeAcquireQueuedSpinLock(LockQueueMmNonPagedPoolLock);
697     do
698     {
699         //
700         // Now loop through all the free page entries in this given list
701         //
702         NextEntry = NextHead->Flink;
703         while (NextEntry != NextHead)
704         {
705             /* Is freed non paged pool enabled */
706             if (MmProtectFreedNonPagedPool)
707             {
708                 /* We need to be able to touch this page, unprotect it */
709                 MiUnProtectFreeNonPagedPool(NextEntry, 0);
710             }
711 
712             //
713             // Grab the entry and see if it can handle our allocation
714             //
715             FreeEntry = CONTAINING_RECORD(NextEntry, MMFREE_POOL_ENTRY, List);
716             ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE);
717             if (FreeEntry->Size >= SizeInPages)
718             {
719                 //
720                 // It does, so consume the pages from here
721                 //
722                 FreeEntry->Size -= SizeInPages;
723 
724                 //
725                 // The allocation will begin in this free page area
726                 //
727                 BaseVa = (PVOID)((ULONG_PTR)FreeEntry +
728                                  (FreeEntry->Size  << PAGE_SHIFT));
729 
730                 /* Remove the item from the list, depending if pool is protected */
731                 if (MmProtectFreedNonPagedPool)
732                     MiProtectedPoolRemoveEntryList(&FreeEntry->List);
733                 else
734                     RemoveEntryList(&FreeEntry->List);
735 
736                 //
737                 // However, check if its' still got space left
738                 //
739                 if (FreeEntry->Size != 0)
740                 {
741                     /* Check which list to insert this entry into */
742                     i = min(FreeEntry->Size, MI_MAX_FREE_PAGE_LISTS) - 1;
743 
744                     /* Insert the entry into the free list head, check for prot. pool */
745                     if (MmProtectFreedNonPagedPool)
746                         MiProtectedPoolInsertList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List, TRUE);
747                     else
748                         InsertTailList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List);
749 
750                     /* Is freed non paged pool protected? */
751                     if (MmProtectFreedNonPagedPool)
752                     {
753                         /* Protect the freed pool! */
754                         MiProtectFreeNonPagedPool(FreeEntry, FreeEntry->Size);
755                     }
756                 }
757 
758                 //
759                 // Grab the PTE for this allocation
760                 //
761                 PointerPte = MiAddressToPte(BaseVa);
762                 ASSERT(PointerPte->u.Hard.Valid == 1);
763 
764                 //
765                 // Grab the PFN NextEntry and index
766                 //
767                 Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
768 
769                 //
770                 // Now mark it as the beginning of an allocation
771                 //
772                 ASSERT(Pfn1->u3.e1.StartOfAllocation == 0);
773                 Pfn1->u3.e1.StartOfAllocation = 1;
774 
775                 /* Mark it as special pool if needed */
776                 ASSERT(Pfn1->u4.VerifierAllocation == 0);
777                 if (PoolType & VERIFIER_POOL_MASK)
778                 {
779                     Pfn1->u4.VerifierAllocation = 1;
780                 }
781 
782                 //
783                 // Check if the allocation is larger than one page
784                 //
785                 if (SizeInPages != 1)
786                 {
787                     //
788                     // Navigate to the last PFN entry and PTE
789                     //
790                     PointerPte += SizeInPages - 1;
791                     ASSERT(PointerPte->u.Hard.Valid == 1);
792                     Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
793                 }
794 
795                 //
796                 // Mark this PFN as the last (might be the same as the first)
797                 //
798                 ASSERT(Pfn1->u3.e1.EndOfAllocation == 0);
799                 Pfn1->u3.e1.EndOfAllocation = 1;
800 
801                 //
802                 // Release the nonpaged pool lock, and return the allocation
803                 //
804                 KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
805                 return BaseVa;
806             }
807 
808             //
809             // Try the next free page entry
810             //
811             NextEntry = FreeEntry->List.Flink;
812 
813             /* Is freed non paged pool protected? */
814             if (MmProtectFreedNonPagedPool)
815             {
816                 /* Protect the freed pool! */
817                 MiProtectFreeNonPagedPool(FreeEntry, FreeEntry->Size);
818             }
819         }
820     } while (++NextHead < LastHead);
821 
822     //
823     // If we got here, we're out of space.
824     // Start by releasing the lock
825     //
826     KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
827 
828     //
829     // Allocate some system PTEs
830     //
831     StartPte = MiReserveSystemPtes(SizeInPages, NonPagedPoolExpansion);
832     PointerPte = StartPte;
833     if (StartPte == NULL)
834     {
835         //
836         // Ran out of memory
837         //
838         DPRINT("Out of NP Expansion Pool\n");
839         return NULL;
840     }
841 
842     //
843     // Acquire the pool lock now
844     //
845     OldIrql = KeAcquireQueuedSpinLock(LockQueueMmNonPagedPoolLock);
846 
847     //
848     // Lock the PFN database too
849     //
850     MiAcquirePfnLockAtDpcLevel();
851 
852     /* Check that we have enough available pages for this request */
853     if (MmAvailablePages < SizeInPages)
854     {
855         MiReleasePfnLockFromDpcLevel();
856         KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
857 
858         MiReleaseSystemPtes(StartPte, SizeInPages, NonPagedPoolExpansion);
859 
860         DPRINT1("OUT OF AVAILABLE PAGES! Required %lu, Available %lu\n", SizeInPages, MmAvailablePages);
861 
862         return NULL;
863     }
864 
865     //
866     // Loop the pages
867     //
868     TempPte = ValidKernelPte;
869     do
870     {
871         /* Allocate a page */
872         MI_SET_USAGE(MI_USAGE_PAGED_POOL);
873         MI_SET_PROCESS2("Kernel");
874         PageFrameNumber = MiRemoveAnyPage(MI_GET_NEXT_COLOR());
875 
876         /* Get the PFN entry for it and fill it out */
877         Pfn1 = MiGetPfnEntry(PageFrameNumber);
878         Pfn1->u3.e2.ReferenceCount = 1;
879         Pfn1->u2.ShareCount = 1;
880         Pfn1->PteAddress = PointerPte;
881         Pfn1->u3.e1.PageLocation = ActiveAndValid;
882         Pfn1->u4.VerifierAllocation = 0;
883 
884         /* Write the PTE for it */
885         TempPte.u.Hard.PageFrameNumber = PageFrameNumber;
886         MI_WRITE_VALID_PTE(PointerPte++, TempPte);
887     } while (--SizeInPages > 0);
888 
889     //
890     // This is the last page
891     //
892     Pfn1->u3.e1.EndOfAllocation = 1;
893 
894     //
895     // Get the first page and mark it as such
896     //
897     Pfn1 = MiGetPfnEntry(StartPte->u.Hard.PageFrameNumber);
898     Pfn1->u3.e1.StartOfAllocation = 1;
899 
900     /* Mark it as a verifier allocation if needed */
901     ASSERT(Pfn1->u4.VerifierAllocation == 0);
902     if (PoolType & VERIFIER_POOL_MASK) Pfn1->u4.VerifierAllocation = 1;
903 
904     //
905     // Release the PFN and nonpaged pool lock
906     //
907     MiReleasePfnLockFromDpcLevel();
908     KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
909 
910     //
911     // Return the address
912     //
913     return MiPteToAddress(StartPte);
914 }
915 
916 ULONG
917 NTAPI
MiFreePoolPages(IN PVOID StartingVa)918 MiFreePoolPages(IN PVOID StartingVa)
919 {
920     PMMPTE PointerPte, StartPte;
921     PMMPFN Pfn1, StartPfn;
922     PFN_COUNT FreePages, NumberOfPages;
923     KIRQL OldIrql;
924     PMMFREE_POOL_ENTRY FreeEntry, NextEntry, LastEntry;
925     ULONG i, End;
926     ULONG_PTR Offset;
927 
928     //
929     // Handle paged pool
930     //
931     if ((StartingVa >= MmPagedPoolStart) && (StartingVa <= MmPagedPoolEnd))
932     {
933         //
934         // Calculate the offset from the beginning of paged pool, and convert it
935         // into pages
936         //
937         Offset = (ULONG_PTR)StartingVa - (ULONG_PTR)MmPagedPoolStart;
938         i = (ULONG)(Offset >> PAGE_SHIFT);
939         End = i;
940 
941         //
942         // Now use the end bitmap to scan until we find a set bit, meaning that
943         // this allocation finishes here
944         //
945         while (!RtlTestBit(MmPagedPoolInfo.EndOfPagedPoolBitmap, End)) End++;
946 
947         //
948         // Now calculate the total number of pages this allocation spans. If it's
949         // only one page, add it to the S-LIST instead of freeing it
950         //
951         NumberOfPages = End - i + 1;
952         if ((NumberOfPages == 1) &&
953             (ExQueryDepthSList(&MiPagedPoolSListHead) < MiPagedPoolSListMaximum))
954         {
955             InterlockedPushEntrySList(&MiPagedPoolSListHead, StartingVa);
956             return 1;
957         }
958 
959         /* Delete the actual pages */
960         PointerPte = MmPagedPoolInfo.FirstPteForPagedPool + i;
961         FreePages = MiDeleteSystemPageableVm(PointerPte, NumberOfPages, 0, NULL);
962         ASSERT(FreePages == NumberOfPages);
963 
964         //
965         // Acquire the paged pool lock
966         //
967         KeAcquireGuardedMutex(&MmPagedPoolMutex);
968 
969         //
970         // Clear the allocation and free bits
971         //
972         RtlClearBit(MmPagedPoolInfo.EndOfPagedPoolBitmap, End);
973         RtlClearBits(MmPagedPoolInfo.PagedPoolAllocationMap, i, NumberOfPages);
974 
975         //
976         // Update the hint if we need to
977         //
978         if (i < MmPagedPoolInfo.PagedPoolHint) MmPagedPoolInfo.PagedPoolHint = i;
979 
980         //
981         // Release the lock protecting the bitmaps
982         //
983         KeReleaseGuardedMutex(&MmPagedPoolMutex);
984 
985         //
986         // And finally return the number of pages freed
987         //
988         return NumberOfPages;
989     }
990 
991     //
992     // Get the first PTE and its corresponding PFN entry. If this is also the
993     // last PTE, meaning that this allocation was only for one page, push it into
994     // the S-LIST instead of freeing it
995     //
996     StartPte = PointerPte = MiAddressToPte(StartingVa);
997     StartPfn = Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
998     if ((Pfn1->u3.e1.EndOfAllocation == 1) &&
999         (ExQueryDepthSList(&MiNonPagedPoolSListHead) < MiNonPagedPoolSListMaximum))
1000     {
1001         InterlockedPushEntrySList(&MiNonPagedPoolSListHead, StartingVa);
1002         return 1;
1003     }
1004 
1005     //
1006     // Loop until we find the last PTE
1007     //
1008     while (Pfn1->u3.e1.EndOfAllocation == 0)
1009     {
1010         //
1011         // Keep going
1012         //
1013         PointerPte++;
1014         Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
1015     }
1016 
1017     //
1018     // Now we know how many pages we have
1019     //
1020     NumberOfPages = (PFN_COUNT)(PointerPte - StartPte + 1);
1021 
1022     //
1023     // Acquire the nonpaged pool lock
1024     //
1025     OldIrql = KeAcquireQueuedSpinLock(LockQueueMmNonPagedPoolLock);
1026 
1027     //
1028     // Mark the first and last PTEs as not part of an allocation anymore
1029     //
1030     StartPfn->u3.e1.StartOfAllocation = 0;
1031     Pfn1->u3.e1.EndOfAllocation = 0;
1032 
1033     //
1034     // Assume we will free as many pages as the allocation was
1035     //
1036     FreePages = NumberOfPages;
1037 
1038     //
1039     // Peek one page past the end of the allocation
1040     //
1041     PointerPte++;
1042 
1043     //
1044     // Guard against going past initial nonpaged pool
1045     //
1046     if (MiGetPfnEntryIndex(Pfn1) == MiEndOfInitialPoolFrame)
1047     {
1048         //
1049         // This page is on the outskirts of initial nonpaged pool, so ignore it
1050         //
1051         Pfn1 = NULL;
1052     }
1053     else
1054     {
1055         /* Sanity check */
1056         ASSERT((ULONG_PTR)StartingVa + NumberOfPages <= (ULONG_PTR)MmNonPagedPoolEnd);
1057 
1058         /* Check if protected pool is enabled */
1059         if (MmProtectFreedNonPagedPool)
1060         {
1061             /* The freed block will be merged, it must be made accessible */
1062             MiUnProtectFreeNonPagedPool(MiPteToAddress(PointerPte), 0);
1063         }
1064 
1065         //
1066         // Otherwise, our entire allocation must've fit within the initial non
1067         // paged pool, or the expansion nonpaged pool, so get the PFN entry of
1068         // the next allocation
1069         //
1070         if (PointerPte->u.Hard.Valid == 1)
1071         {
1072             //
1073             // It's either expansion or initial: get the PFN entry
1074             //
1075             Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
1076         }
1077         else
1078         {
1079             //
1080             // This means we've reached the guard page that protects the end of
1081             // the expansion nonpaged pool
1082             //
1083             Pfn1 = NULL;
1084         }
1085 
1086     }
1087 
1088     //
1089     // Check if this allocation actually exists
1090     //
1091     if ((Pfn1) && (Pfn1->u3.e1.StartOfAllocation == 0))
1092     {
1093         //
1094         // It doesn't, so we should actually locate a free entry descriptor
1095         //
1096         FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)StartingVa +
1097                                          (NumberOfPages << PAGE_SHIFT));
1098         ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE);
1099         ASSERT(FreeEntry->Owner == FreeEntry);
1100 
1101         /* Consume this entry's pages */
1102         FreePages += FreeEntry->Size;
1103 
1104         /* Remove the item from the list, depending if pool is protected */
1105         if (MmProtectFreedNonPagedPool)
1106             MiProtectedPoolRemoveEntryList(&FreeEntry->List);
1107         else
1108             RemoveEntryList(&FreeEntry->List);
1109     }
1110 
1111     //
1112     // Now get the official free entry we'll create for the caller's allocation
1113     //
1114     FreeEntry = StartingVa;
1115 
1116     //
1117     // Check if the our allocation is the very first page
1118     //
1119     if (MiGetPfnEntryIndex(StartPfn) == MiStartOfInitialPoolFrame)
1120     {
1121         //
1122         // Then we can't do anything or we'll risk underflowing
1123         //
1124         Pfn1 = NULL;
1125     }
1126     else
1127     {
1128         //
1129         // Otherwise, get the PTE for the page right before our allocation
1130         //
1131         PointerPte -= NumberOfPages + 1;
1132 
1133         /* Check if protected pool is enabled */
1134         if (MmProtectFreedNonPagedPool)
1135         {
1136             /* The freed block will be merged, it must be made accessible */
1137             MiUnProtectFreeNonPagedPool(MiPteToAddress(PointerPte), 0);
1138         }
1139 
1140         /* Check if this is valid pool, or a guard page */
1141         if (PointerPte->u.Hard.Valid == 1)
1142         {
1143             //
1144             // It's either expansion or initial nonpaged pool, get the PFN entry
1145             //
1146             Pfn1 = MiGetPfnEntry(PointerPte->u.Hard.PageFrameNumber);
1147         }
1148         else
1149         {
1150             //
1151             // We must've reached the guard page, so don't risk touching it
1152             //
1153             Pfn1 = NULL;
1154         }
1155     }
1156 
1157     //
1158     // Check if there is a valid PFN entry for the page before the allocation
1159     // and then check if this page was actually the end of an allocation.
1160     // If it wasn't, then we know for sure it's a free page
1161     //
1162     if ((Pfn1) && (Pfn1->u3.e1.EndOfAllocation == 0))
1163     {
1164         //
1165         // Get the free entry descriptor for that given page range
1166         //
1167         FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)StartingVa - PAGE_SIZE);
1168         ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE);
1169         FreeEntry = FreeEntry->Owner;
1170 
1171         /* Check if protected pool is enabled */
1172         if (MmProtectFreedNonPagedPool)
1173         {
1174             /* The freed block will be merged, it must be made accessible */
1175             MiUnProtectFreeNonPagedPool(FreeEntry, 0);
1176         }
1177 
1178         //
1179         // Check if the entry is small enough (1-3 pages) to be indexed on a free list
1180         // If it is, we'll want to re-insert it, since we're about to
1181         // collapse our pages on top of it, which will change its count
1182         //
1183         if (FreeEntry->Size < MI_MAX_FREE_PAGE_LISTS)
1184         {
1185             /* Remove the item from the list, depending if pool is protected */
1186             if (MmProtectFreedNonPagedPool)
1187                 MiProtectedPoolRemoveEntryList(&FreeEntry->List);
1188             else
1189                 RemoveEntryList(&FreeEntry->List);
1190 
1191             //
1192             // Update its size
1193             //
1194             FreeEntry->Size += FreePages;
1195 
1196             //
1197             // And now find the new appropriate list to place it in
1198             //
1199             i = min(FreeEntry->Size, MI_MAX_FREE_PAGE_LISTS) - 1;
1200 
1201             /* Insert the entry into the free list head, check for prot. pool */
1202             if (MmProtectFreedNonPagedPool)
1203                 MiProtectedPoolInsertList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List, TRUE);
1204             else
1205                 InsertTailList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List);
1206         }
1207         else
1208         {
1209             //
1210             // Otherwise, just combine our free pages into this entry
1211             //
1212             FreeEntry->Size += FreePages;
1213         }
1214     }
1215 
1216     //
1217     // Check if we were unable to do any compaction, and we'll stick with this
1218     //
1219     if (FreeEntry == StartingVa)
1220     {
1221         //
1222         // Well, now we are a free entry. At worse we just have our newly freed
1223         // pages, at best we have our pages plus whatever entry came after us
1224         //
1225         FreeEntry->Size = FreePages;
1226 
1227         //
1228         // Find the appropriate list we should be on
1229         //
1230         i = min(FreeEntry->Size, MI_MAX_FREE_PAGE_LISTS) - 1;
1231 
1232         /* Insert the entry into the free list head, check for prot. pool */
1233         if (MmProtectFreedNonPagedPool)
1234             MiProtectedPoolInsertList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List, TRUE);
1235         else
1236             InsertTailList(&MmNonPagedPoolFreeListHead[i], &FreeEntry->List);
1237     }
1238 
1239     //
1240     // Just a sanity check
1241     //
1242     ASSERT(FreePages != 0);
1243 
1244     //
1245     // Get all the pages between our allocation and its end. These will all now
1246     // become free page chunks.
1247     //
1248     NextEntry = StartingVa;
1249     LastEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)NextEntry + (FreePages << PAGE_SHIFT));
1250     do
1251     {
1252         //
1253         // Link back to the parent free entry, and keep going
1254         //
1255         NextEntry->Owner = FreeEntry;
1256         NextEntry->Signature = MM_FREE_POOL_SIGNATURE;
1257         NextEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)NextEntry + PAGE_SIZE);
1258     } while (NextEntry != LastEntry);
1259 
1260     /* Is freed non paged pool protected? */
1261     if (MmProtectFreedNonPagedPool)
1262     {
1263         /* Protect the freed pool! */
1264         MiProtectFreeNonPagedPool(FreeEntry, FreeEntry->Size);
1265     }
1266 
1267     //
1268     // We're done, release the lock and let the caller know how much we freed
1269     //
1270     KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
1271     return NumberOfPages;
1272 }
1273 
1274 NTSTATUS
1275 NTAPI
MiInitializeSessionPool(VOID)1276 MiInitializeSessionPool(VOID)
1277 {
1278     PMMPTE PointerPte, LastPte;
1279     PMMPDE PointerPde, LastPde;
1280     PFN_NUMBER PageFrameIndex, PdeCount;
1281     PPOOL_DESCRIPTOR PoolDescriptor;
1282     PMM_SESSION_SPACE SessionGlobal;
1283     PMM_PAGED_POOL_INFO PagedPoolInfo;
1284     NTSTATUS Status;
1285     ULONG Index, PoolSize, BitmapSize;
1286     PAGED_CODE();
1287 
1288     /* Lock session pool */
1289     SessionGlobal = MmSessionSpace->GlobalVirtualAddress;
1290     KeInitializeGuardedMutex(&SessionGlobal->PagedPoolMutex);
1291 
1292     /* Setup a valid pool descriptor */
1293     PoolDescriptor = &MmSessionSpace->PagedPool;
1294     ExInitializePoolDescriptor(PoolDescriptor,
1295                                PagedPoolSession,
1296                                0,
1297                                0,
1298                                &SessionGlobal->PagedPoolMutex);
1299 
1300     /* Setup the pool addresses */
1301     MmSessionSpace->PagedPoolStart = (PVOID)MiSessionPoolStart;
1302     MmSessionSpace->PagedPoolEnd = (PVOID)((ULONG_PTR)MiSessionPoolEnd - 1);
1303     DPRINT1("Session Pool Start: 0x%p End: 0x%p\n",
1304             MmSessionSpace->PagedPoolStart, MmSessionSpace->PagedPoolEnd);
1305 
1306     /* Reset all the counters */
1307     PagedPoolInfo = &MmSessionSpace->PagedPoolInfo;
1308     PagedPoolInfo->PagedPoolCommit = 0;
1309     PagedPoolInfo->PagedPoolHint = 0;
1310     PagedPoolInfo->AllocatedPagedPool = 0;
1311 
1312     /* Compute PDE and PTE addresses */
1313     PointerPde = MiAddressToPde(MmSessionSpace->PagedPoolStart);
1314     PointerPte = MiAddressToPte(MmSessionSpace->PagedPoolStart);
1315     LastPde = MiAddressToPde(MmSessionSpace->PagedPoolEnd);
1316     LastPte = MiAddressToPte(MmSessionSpace->PagedPoolEnd);
1317 
1318     /* Write them down */
1319     MmSessionSpace->PagedPoolBasePde = PointerPde;
1320     PagedPoolInfo->FirstPteForPagedPool = PointerPte;
1321     PagedPoolInfo->LastPteForPagedPool = LastPte;
1322     PagedPoolInfo->NextPdeForPagedPoolExpansion = PointerPde + 1;
1323 
1324     /* Zero the PDEs */
1325     PdeCount = LastPde - PointerPde;
1326     RtlZeroMemory(PointerPde, (PdeCount + 1) * sizeof(MMPTE));
1327 
1328     /* Initialize the PFN for the PDE */
1329     Status = MiInitializeAndChargePfn(&PageFrameIndex,
1330                                       PointerPde,
1331                                       MmSessionSpace->SessionPageDirectoryIndex,
1332                                       TRUE);
1333     ASSERT(NT_SUCCESS(Status) == TRUE);
1334 
1335     /* Initialize the first page table */
1336     Index = (ULONG_PTR)MmSessionSpace->PagedPoolStart - (ULONG_PTR)MmSessionBase;
1337     Index >>= 22;
1338 #ifndef _M_AMD64 // FIXME
1339     ASSERT(MmSessionSpace->PageTables[Index].u.Long == 0);
1340     MmSessionSpace->PageTables[Index] = *PointerPde;
1341 #endif
1342 
1343     /* Bump up counters */
1344     InterlockedIncrementSizeT(&MmSessionSpace->NonPageablePages);
1345     InterlockedIncrementSizeT(&MmSessionSpace->CommittedPages);
1346 
1347     /* Compute the size of the pool in pages, and of the bitmap for it */
1348     PoolSize = MmSessionPoolSize >> PAGE_SHIFT;
1349     BitmapSize = sizeof(RTL_BITMAP) + ((PoolSize + 31) / 32) * sizeof(ULONG);
1350 
1351     /* Allocate and initialize the bitmap to track allocations */
1352     PagedPoolInfo->PagedPoolAllocationMap = ExAllocatePoolWithTag(NonPagedPool,
1353                                                                   BitmapSize,
1354                                                                   TAG_MM);
1355     ASSERT(PagedPoolInfo->PagedPoolAllocationMap != NULL);
1356     RtlInitializeBitMap(PagedPoolInfo->PagedPoolAllocationMap,
1357                         (PULONG)(PagedPoolInfo->PagedPoolAllocationMap + 1),
1358                         PoolSize);
1359 
1360     /* Set all bits, but clear the first page table's worth */
1361     RtlSetAllBits(PagedPoolInfo->PagedPoolAllocationMap);
1362     RtlClearBits(PagedPoolInfo->PagedPoolAllocationMap, 0, PTE_PER_PAGE);
1363 
1364     /* Allocate and initialize the bitmap to track free space */
1365     PagedPoolInfo->EndOfPagedPoolBitmap = ExAllocatePoolWithTag(NonPagedPool,
1366                                                                 BitmapSize,
1367                                                                 TAG_MM);
1368     ASSERT(PagedPoolInfo->EndOfPagedPoolBitmap != NULL);
1369     RtlInitializeBitMap(PagedPoolInfo->EndOfPagedPoolBitmap,
1370                         (PULONG)(PagedPoolInfo->EndOfPagedPoolBitmap + 1),
1371                         PoolSize);
1372 
1373     /* Clear all the bits and return success */
1374     RtlClearAllBits(PagedPoolInfo->EndOfPagedPoolBitmap);
1375     return STATUS_SUCCESS;
1376 }
1377 
1378 /**
1379  * @brief
1380  * Raises the quota limit, depending on the given
1381  * pool type of the quota in question. The routine
1382  * is used exclusively by Process Manager for
1383  * quota handling.
1384  *
1385  * @param[in] PoolType
1386  * The type of quota pool which the quota in question
1387  * has to be raised.
1388  *
1389  * @param[in] CurrentMaxQuota
1390  * The current maximum limit of quota threshold.
1391  *
1392  * @param[out] NewMaxQuota
1393  * The newly raised maximum limit of quota threshold,
1394  * returned to the caller.
1395  *
1396  * @return
1397  * Returns TRUE if quota raising procedure has succeeded
1398  * without problems, FALSE otherwise.
1399  *
1400  * @remarks
1401  * A spin lock must be held when raising the pool quota
1402  * limit to avoid race occurences.
1403  */
_Requires_lock_held_(PspQuotaLock)1404 _Requires_lock_held_(PspQuotaLock)
1405 BOOLEAN
1406 NTAPI
1407 MmRaisePoolQuota(
1408     _In_ POOL_TYPE PoolType,
1409     _In_ SIZE_T CurrentMaxQuota,
1410     _Out_ PSIZE_T NewMaxQuota)
1411 {
1412     /*
1413      * We must be in dispatch level interrupt here
1414      * as we should be under a spin lock at this point.
1415      */
1416     ASSERT_IRQL_EQUAL(DISPATCH_LEVEL);
1417 
1418     switch (PoolType)
1419     {
1420         case NonPagedPool:
1421         {
1422             /*
1423              * When concerning with a raise (charge) of quota
1424              * in a non paged pool scenario, make sure that
1425              * we've got at least 200 pages necessary to provide.
1426              */
1427             if (MmAvailablePages < MI_QUOTA_NON_PAGED_NEEDED_PAGES)
1428             {
1429                 DPRINT1("MmRaisePoolQuota(): Not enough pages available (current pages -- %lu)\n", MmAvailablePages);
1430                 return FALSE;
1431             }
1432 
1433             /*
1434              * Check if there's at least some space available
1435              * in the non paged pool area.
1436              */
1437             if (MmMaximumNonPagedPoolInPages < (MmAllocatedNonPagedPool >> PAGE_SHIFT))
1438             {
1439                 /* There's too much allocated space, bail out */
1440                 DPRINT1("MmRaisePoolQuota(): Failed to increase pool quota, not enough non paged pool space (current size -- %lu || allocated size -- %lu)\n",
1441                         MmMaximumNonPagedPoolInPages, MmAllocatedNonPagedPool);
1442                 return FALSE;
1443             }
1444 
1445             /* Do we have enough resident pages to increase our quota? */
1446             if (MmResidentAvailablePages < MI_NON_PAGED_QUOTA_MIN_RESIDENT_PAGES)
1447             {
1448                 DPRINT1("MmRaisePoolQuota(): Failed to increase pool quota, not enough resident pages available (current available pages -- %lu)\n",
1449                         MmResidentAvailablePages);
1450                 return FALSE;
1451             }
1452 
1453             /*
1454              * Raise the non paged pool quota indicator and set
1455              * up new maximum limit of quota for the process.
1456              */
1457             MmTotalNonPagedPoolQuota += MI_CHARGE_NON_PAGED_POOL_QUOTA;
1458             *NewMaxQuota = CurrentMaxQuota + MI_CHARGE_NON_PAGED_POOL_QUOTA;
1459             DPRINT("MmRaisePoolQuota(): Non paged pool quota increased (before -- %lu || after -- %lu)\n", CurrentMaxQuota, NewMaxQuota);
1460             return TRUE;
1461         }
1462 
1463         case PagedPool:
1464         {
1465             /*
1466              * Before raising the quota limit of a paged quota
1467              * pool, make sure we've got enough space that is available.
1468              * On Windows it seems it wants to check for at least 1 MB of space
1469              * needed so that it would be possible to raise the paged pool quota.
1470              */
1471             if (MmSizeOfPagedPoolInPages < (MmPagedPoolInfo.AllocatedPagedPool >> PAGE_SHIFT))
1472             {
1473                 /* We haven't gotten enough space, bail out */
1474                 DPRINT1("MmRaisePoolQuota(): Failed to increase pool quota, not enough paged pool space (current size -- %lu || allocated size -- %lu)\n",
1475                         MmSizeOfPagedPoolInPages, MmPagedPoolInfo.AllocatedPagedPool >> PAGE_SHIFT);
1476                 return FALSE;
1477             }
1478 
1479             /*
1480              * Raise the paged pool quota indicator and set
1481              * up new maximum limit of quota for the process.
1482              */
1483             MmTotalPagedPoolQuota += MI_CHARGE_PAGED_POOL_QUOTA;
1484             *NewMaxQuota = CurrentMaxQuota + MI_CHARGE_PAGED_POOL_QUOTA;
1485             DPRINT("MmRaisePoolQuota(): Paged pool quota increased (before -- %lu || after -- %lu)\n", CurrentMaxQuota, NewMaxQuota);
1486             return TRUE;
1487         }
1488 
1489         /* Only NonPagedPool and PagedPool are used */
1490         DEFAULT_UNREACHABLE;
1491     }
1492 }
1493 
1494 /**
1495  * @brief
1496  * Returns the quota, depending on the given
1497  * pool type of the quota in question. The routine
1498  * is used exclusively by Process Manager for quota
1499  * handling.
1500  *
1501  * @param[in] PoolType
1502  * The type of quota pool which the quota in question
1503  * has to be raised.
1504  *
1505  * @param[in] CurrentMaxQuota
1506  * The current maximum limit of quota threshold.
1507  *
1508  * @return
1509  * Nothing.
1510  *
1511  * @remarks
1512  * A spin lock must be held when raising the pool quota
1513  * limit to avoid race occurences.
1514  */
_Requires_lock_held_(PspQuotaLock)1515 _Requires_lock_held_(PspQuotaLock)
1516 VOID
1517 NTAPI
1518 MmReturnPoolQuota(
1519     _In_ POOL_TYPE PoolType,
1520     _In_ SIZE_T QuotaToReturn)
1521 {
1522     /*
1523      * We must be in dispatch level interrupt here
1524      * as we should be under a spin lock at this point.
1525      */
1526     ASSERT_IRQL_EQUAL(DISPATCH_LEVEL);
1527 
1528     switch (PoolType)
1529     {
1530         case NonPagedPool:
1531         {
1532             /* This is a non paged pool type, decrease the non paged quota */
1533             ASSERT(MmTotalNonPagedPoolQuota >= QuotaToReturn);
1534             MmTotalNonPagedPoolQuota -= QuotaToReturn;
1535             DPRINT("MmReturnPoolQuota(): Non paged pool quota returned (current size -- %lu)\n", MmTotalNonPagedPoolQuota);
1536             break;
1537         }
1538 
1539         case PagedPool:
1540         {
1541             /* This is a paged pool type, decrease the paged quota */
1542             ASSERT(MmTotalPagedPoolQuota >= QuotaToReturn);
1543             MmTotalPagedPoolQuota -= QuotaToReturn;
1544             DPRINT("MmReturnPoolQuota(): Paged pool quota returned (current size -- %lu)\n", MmTotalPagedPoolQuota);
1545             break;
1546         }
1547 
1548         /* Only NonPagedPool and PagedPool are used */
1549         DEFAULT_UNREACHABLE;
1550     }
1551 }
1552 
1553 /* PUBLIC FUNCTIONS ***********************************************************/
1554 
1555 /**
1556  * @brief
1557  * Reserves the specified amount of memory in system virtual address space.
1558  *
1559  * @param[in] NumberOfBytes
1560  * Size, in bytes, of memory to reserve.
1561  *
1562  * @param[in] PoolTag
1563  * Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
1564  *
1565  * @return
1566  * A pointer to the 1st memory block of the reserved buffer in case of success, NULL otherwise.
1567  *
1568  * @remarks Must be called at IRQL <= APC_LEVEL
1569  */
1570 _Must_inspect_result_
_IRQL_requires_max_(APC_LEVEL)1571 _IRQL_requires_max_(APC_LEVEL)
1572 _Ret_maybenull_
1573 PVOID
1574 NTAPI
1575 MmAllocateMappingAddress(
1576     _In_ SIZE_T NumberOfBytes,
1577     _In_ ULONG PoolTag)
1578 {
1579     PFN_NUMBER SizeInPages;
1580     PMMPTE PointerPte;
1581     MMPTE TempPte;
1582 
1583     /* Fast exit if PoolTag is NULL */
1584     if (!PoolTag)
1585         return NULL;
1586 
1587     /* How many PTEs does the caller want? */
1588     SizeInPages = BYTES_TO_PAGES(NumberOfBytes);
1589     if (SizeInPages == 0)
1590     {
1591         KeBugCheckEx(SYSTEM_PTE_MISUSE,
1592                      PTE_MAPPING_NONE, /* Requested 0 mappings */
1593                      SizeInPages,
1594                      PoolTag,
1595                      (ULONG_PTR)_ReturnAddress());
1596     }
1597 
1598     /* We need two extra PTEs to store size and pool tag in */
1599     SizeInPages += 2;
1600 
1601     /* Reserve our PTEs */
1602     PointerPte = MiReserveSystemPtes(SizeInPages, SystemPteSpace);
1603     if (!PointerPte)
1604     {
1605         /* Failed to reserve PTEs */
1606         DPRINT1("Failed to reserve system PTEs\n");
1607         return NULL;
1608     }
1609 
1610     ASSERT(SizeInPages <= MM_EMPTY_PTE_LIST);
1611     TempPte.u.Long = 0;
1612     TempPte.u.List.NextEntry = SizeInPages;
1613     MI_WRITE_INVALID_PTE(&PointerPte[0], TempPte);
1614     TempPte.u.Long = PoolTag;
1615     TempPte.u.Hard.Valid = 0;
1616     MI_WRITE_INVALID_PTE(&PointerPte[1], TempPte);
1617     return MiPteToAddress(PointerPte + 2);
1618 }
1619 
1620 /**
1621  * @brief
1622  * Frees previously reserved amount of memory in system virtual address space.
1623  *
1624  * @param[in] BaseAddress
1625  * A pointer to the 1st memory block of the reserved buffer.
1626  *
1627  * @param[in] PoolTag
1628  * Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
1629  *
1630  * @return
1631  * Nothing.
1632  *
1633  * @see MmAllocateMappingAddress
1634  *
1635  * @remarks Must be called at IRQL <= APC_LEVEL
1636  */
_IRQL_requires_max_(APC_LEVEL)1637 _IRQL_requires_max_(APC_LEVEL)
1638 VOID
1639 NTAPI
1640 MmFreeMappingAddress(
1641     _In_ __drv_freesMem(Mem) _Post_invalid_ PVOID BaseAddress,
1642     _In_ ULONG PoolTag)
1643 {
1644     PMMPTE PointerPte;
1645     MMPTE TempPte;
1646     PFN_NUMBER SizeInPages;
1647     PFN_NUMBER i;
1648 
1649     /* Get the first PTE we reserved */
1650     PointerPte = MiAddressToPte(BaseAddress) - 2;
1651 
1652     /* Verify that the pool tag matches */
1653     TempPte.u.Long = PoolTag;
1654     TempPte.u.Hard.Valid = 0;
1655     if (PointerPte[1].u.Long != TempPte.u.Long)
1656     {
1657         KeBugCheckEx(SYSTEM_PTE_MISUSE,
1658                      PTE_MAPPING_NOT_OWNED, /* Trying to free an address it does not own */
1659                      (ULONG_PTR)BaseAddress,
1660                      PoolTag,
1661                      PointerPte[1].u.Long);
1662     }
1663 
1664     /* We must have a size */
1665     SizeInPages = PointerPte[0].u.List.NextEntry;
1666     if (SizeInPages < 3)
1667     {
1668         KeBugCheckEx(SYSTEM_PTE_MISUSE,
1669                      PTE_MAPPING_EMPTY, /* Mapping apparently empty */
1670                      (ULONG_PTR)BaseAddress,
1671                      PoolTag,
1672                      (ULONG_PTR)_ReturnAddress());
1673     }
1674 
1675     /* Enumerate all PTEs and make sure they are empty */
1676     for (i = 2; i < SizeInPages; i++)
1677     {
1678         if (PointerPte[i].u.Long != 0)
1679         {
1680             KeBugCheckEx(SYSTEM_PTE_MISUSE,
1681                          PTE_MAPPING_RESERVED, /* Mapping address still reserved */
1682                          (ULONG_PTR)PointerPte,
1683                          PoolTag,
1684                          SizeInPages - 2);
1685         }
1686     }
1687 
1688     /* Release the PTEs */
1689     MiReleaseSystemPtes(PointerPte, SizeInPages, SystemPteSpace);
1690 }
1691 
1692 /* EOF */
1693