WebSVN – Kolibri OS – Diff – /kernel/branches/kolibrios-pe-clevermouse/core/memory.inc

 ;; Copyright (C) KolibriOS team 2004-2020. All rights reserved. ;;
 ;; Distributed under terms of the GNU General Public License    ;;
 ;;                                                              ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-$Revision: 8876 $
+$Revision: 9048 $
         mov     ebp, esp
         mov     ebx, cr2
         push    ebx               ;that is locals: .err_addr = cr2
         inc     [pg_data.pages_faults]
-        mov     eax, [pf_err_code]
+        mov     esi, [pf_err_code]
         cmp     ebx, OS_BASE      ;ebx == .err_addr
         jb      .user_space       ;page in application memory
         cmp     ebx, page_tabs
-        cmp     ebx, page_tabs
+        jb      .kernel_space     ;page in kernel memory
         jb      .kernel_space     ;page in kernel memory
         xor     eax, eax
         cmp     ebx, kernel_tabs
         jb      .alloc;.app_tabs  ;page tables of application ;
                                   ;simply create one
 .core_tabs:
+.fail:  ;simply return to caller
+        mov     esp, ebp
+        pop     ebx               ;restore exception number (#PF)
+        ret
+.fail_maybe_unlock:
+        test    esi, esi
+        jz      .fail
+.fail_unlock:
-.fail:  ;simply return to caller
+        mov     ecx, [current_process]
+        add     ecx, PROC.heap_lock
+        call    mutex_unlock
+        jmp     .fail
+.user_space:
+; PF entry in IDT is interrupt gate, so up to this moment
+; atomicity was guaranteed by cleared IF.
+; It is inpractical to guard all modifications in the page table by cli/sti,
+; so enable interrupts and acquire the address space lock.
+; Unfortunately, that enables the scenario when the fault of current thread
+; is resolved by another thread when the current thread waits in mutex_lock,
+; so watch out: in lock-protected section we can find out that
-        mov     esp, ebp
+; there is no error already.
-        pop     ebx               ;restore exception number (#PF)
+        sti
-        ret
+        mov     ecx, [current_process]
         add     ecx, PROC.heap_lock
-.user_space:
+        call    mutex_lock
-        test    eax, PG_READ
+        test    esi, PG_READ
-        jnz     .err_access       ;Page presents
+        jnz     .err_access       ;Page is present
-                                  ;Access error ?
+                                  ;Access error ?
         shr     ebx, 12
-        mov     ecx, ebx
+        shr     ebx, 12
-        shr     ecx, 10
+        mov     ecx, ebx
+        shr     ecx, 10
+        test    dword [master_tab+ecx*4], PG_READ
-        mov     edx, [master_tab+ecx*4]
+        jz      .fail_unlock      ;page table is not created
-        test    edx, PG_READ
+                                  ;incorrect address in program
-        jz      .fail             ;page table is not created
+        mov     eax, [page_tabs+ebx*4]
+        test    eax, PG_READ
-                                  ;incorrect address in program
+        jnz     .exit_unlock      ; already resolved by a parallel thread
         test    eax, LAZY_ALLOC_PAGE
-        mov     eax, [page_tabs+ebx*4]
+        jz      .fail_unlock      ;address is not reserved for use, error
-        test    eax, 2
+        test    eax, LAZY_ALLOC_UNREADABLE
+        jnz     .fail_unlock
+.alloc:
+        mov     esi, eax
-        jz      .fail             ;address is not reserved for usage. Error
+        call    alloc_zero_page
+        test    eax, eax
-.alloc:
+        jz      .fail_maybe_unlock
-        call    alloc_page
+        mov     edx, PG_UWR
-        test    eax, eax
+        test    esi, LAZY_ALLOC_UNWRITABLE
-        jz      .fail
+        jz      @f
+        mov     edx, PG_UR
-        stdcall map_page, [.err_addr], eax, PG_UWR
+@@:
         stdcall map_page, [.err_addr], eax, edx
-        mov     edi, [.err_addr]
+        mov     ecx, [current_process]
-        and     edi, 0xFFFFF000
+        add     [ecx+PROC.mem_used], 0x1000
-        mov     ecx, 1024
+.exit_unlock:
-        xor     eax, eax
+        mov     ecx, [current_process]
+        add     ecx, PROC.heap_lock
+        call    mutex_unlock
+.exit:  ;iret with repeat fault instruction
+        add     esp, 12;clear in stack: locals(.err_addr) + #PF + ret_to_caller
+        restore_ring3_context
+        iretd
+.err_access:
+; access denied? this may be a result of copy-on-write protection
+; Check whether the problem has already been resolved
+; while we were waiting in mutex_lock.
+        mov     eax, ebx
+        shr     eax, 12
-       ;cld     ;caller is duty for this
+        mov     eax, [page_tabs+eax*4]
-        rep stosd
+        test    eax, PG_READ
-.exit:  ;iret with repeat fault instruction
+        jz      .fail_unlock ; someone has free'd the page
-        add     esp, 12;clear in stack: locals(.err_addr) + #PF + ret_to_caller
+        test    eax, PG_USER
-        restore_ring3_context
+        jz      .fail_unlock ; page is mprotect'ed without PROT_READ
+        test    eax, PG_WRITE
+        jnz     .exit_unlock ; someone has enabled write
-        iretd
+        test    eax, PG_SHARED
+        jz      .fail_unlock ; only shared pages can be copy-on-write
-.err_access:
+; check list of mapped data
+        and     ebx, not 0xFFF
+        call    find_smap_by_address
-; access denied? this may be a result of copy-on-write protection for DLL
+        test    esi, esi
-; check list of HDLLs
+        jz      .fail_unlock
-        and     ebx, not 0xFFF
+; ignore children of SMEM, only children of PEDESCR can have copy-on-write data
+        cmp     [esi+SMAP.type], SMAP_TYPE_PE
+        jnz     .fail_unlock
-        mov     eax, [current_process]
+        shr     edi, 12
-        mov     eax, [eax+PROC.dlls_list_ptr]
+; lock page array in PEDESCR
-        test    eax, eax
+        mov     esi, [esi+SMAP.parent]
-        jz      .fail
+        lea     ecx, [esi+PEDESCR.page_array_lock]
-        mov     esi, [eax+HDLL.fd]
+        push    eax
-.scan_hdll:
+        call    mutex_lock
-        cmp     esi, eax
+        pop     eax
-        jz      .fail
+; check whether the page is shared
-        mov     edx, ebx
+; PG_SHARED flag could be set by lock_and_map_page
-        sub     edx, [esi+HDLL.base]
+        xor     eax, [esi+sizeof.PEDESCR+edi*4]
-        cmp     edx, [esi+HDLL.size]
+        test    eax, not 0xFFF
-        jb      .fault_in_hdll
+        jnz     .fail_unlock2
-.scan_hdll.next:
+; check whether write is allowed by section attributes
-        mov     esi, [esi+HDLL.fd]
+        mov     eax, [esi+sizeof.PEDESCR+edi*4]
-        jmp     .scan_hdll
+        test    eax, IMAGE_SCN_MEM_WRITE shr 20
-.fault_in_hdll:
+        jz      .fail_unlock2
-; allocate new page, map it as rw and copy data
+; if we're faulting on the page which was originally shareable writable,
+; it means that someone has disabled writing with mprotect; fail
-        call    alloc_page
+        test    eax, IMAGE_SCN_MEM_SHARED shr 20
-        test    eax, eax
+        jnz     .fail_unlock2
-        jz      .fail
+        stdcall pe_copy_on_write, PG_UWR
-        stdcall map_page, ebx, eax, PG_UWR
+        jc	.fail_unlock2
-        mov     edi, ebx
+.exit_unlock2:
-        mov     ecx, 1024
+        lea     ecx, [esi+PEDESCR.page_array_lock]
-        sub     ebx, [esi+HDLL.base]
+        call    mutex_unlock
-        mov     esi, [esi+HDLL.parent]
+        jmp     .exit_unlock
-        mov     esi, [esi+DLLDESCR.data]
+.fail_unlock2:
-        add     esi, ebx
+        lea     ecx, [esi+PEDESCR.page_array_lock]
-        rep movsd
+        call    mutex_unlock
-        jmp     .exit
+        jmp     .fail_unlock
 .kernel_space:
         call    alloc_page
         test    eax, eax
         jz      .fail
         push    eax
-        stdcall map_page, [.err_addr], eax, dword PG_SWR
+        stdcall map_page, [.err_addr], eax, PG_SWR
         pop     eax
         mov     edi, [.err_addr]
         and     edi, -4096
        ;cld     ;caller is duty for this
         rep movsd
         jmp     .exit
 endp
+; Sometimes we can just allocate a page and let the caller fill it.
+; Sometimes we need a zero-filled page, but we can zero it at the target.
+; Sometimes we need a zero-filled page before mapping to the target.
+; This function is for the last case.
+; out: eax = physical page
+; destroys: nothing
+proc alloc_zero_page
+	call	alloc_page
+	test	eax, eax
+	jz	.nothing
+	spin_lock_irqsave zero_page_spinlock
+	push	ecx edx edi eax
+	mov	edi, [zero_page_tab]
+	stdcall	map_page, edi, [esp+4], PG_SWR
+	pushd	0 [esp+4] edi ; for map_page
+	mov	ecx, 0x1000/4
+	xor	eax, eax
+	rep stosd
+	call	map_page
+	pop	eax edi edx ecx
+	spin_unlock_irqrestore zero_page_spinlock
+.nothing:
+	ret
+endp
+; in: ebx = address
+; out if SMAP exists for this address: esi -> SMAP, edi = ebx - SMAP.base
+; out if SMAP does not exist: esi = 0
+proc find_smap_by_address
+        mov     edx, [current_process]
+        add     edx, PROC.smap_list
+        mov     esi, [edx+SMAP.fd]
+.scan:
+        cmp     esi, edx
+        jz      .fail
+        mov     edi, ebx
+        sub     edi, [esi+SMAP.base]
+        cmp     edi, [esi+SMAP.size]
+        jb      .exit
+        mov     esi, [esi+SMAP.fd]
+        jmp     .scan
+.fail:
+        xor     esi, esi
+.exit:
+        ret
+endp
+; Someone is about to write to copy-on-write page inside mapped PE.
+; Provide a page that can be written to.
+; in: esi -> PEDESCR
+; in: edi = page number inside PE
+; in: eax = [esi+sizeof.PEDESCR+edi*4]
+; in: ebx = address in process, must be page-aligned
+; in: [esp+4] = access rights for the new page
+; out: CF=0 - ok, CF=1 - error, no memory
+proc pe_copy_on_write
+; 1. Decrement reference counter unless it is 0xFF.
+        mov     edx, eax
+        and     edx, 0xFF
+        cmp     edx, 0xFF
+        jz      @f
+        dec     eax
+@@:
+; 2. If reference counter is zero now, transfer ownership from PEDESCR to the process.
+        test    eax, 0xFF
+        jnz     .alloc_copy
+        mov     dword [esi+sizeof.PEDESCR+edi*4], 0
+        and     eax, not 0xFFF
+.remap:
+        stdcall map_page, ebx, eax, [esp+4]
+        clc
+        ret     4
+.alloc_copy:
+; 3. Otherwise, store updated reference counter to PEDESCR,
+; allocate new page, map it as rw and copy data.
+        mov     [esi+sizeof.PEDESCR+edi*4], eax
+        stdcall kernel_alloc, 0x1000
+        test    eax, eax
+        jz      .error
+        push    esi
+        mov     esi, ebx
+        mov     edi, eax
+        mov     ecx, 0x1000/4
+        rep movsd
+        mov     esi, eax
+        call    get_pg_addr
+        push    eax
+        stdcall free_kernel_space, esi
+        pop     eax
+        pop     esi
+        jmp     .remap
+.error:
+        stc
+        ret     4
+endp
+PROT_READ = 1
+PROT_WRITE = 2
+PROT_EXEC = 4
+proc mprotect stdcall uses ebx esi edi, address:dword, size:dword, access:dword
+locals
+retval		dd	-1
+smap_ptr	dd	0
+endl
+	mov	ecx, [current_process]
+	add	ecx, PROC.heap_lock
+	call	mutex_lock
+	test	[access], not (PROT_READ+PROT_WRITE+PROT_EXEC)
+	jnz	.error
+	cmp	[size], 0
+	jz	.error
+	mov	eax, [address]
+	add	[size], eax
+	and	eax, not 0xFFF
+.addrloop:
+	mov	[address], eax
+	mov	ecx, eax
+	cmp	eax, OS_BASE
+	jae	.error
+	shr     eax, 22
+	test    byte [master_tab+eax*4], PG_READ
+	jz      .error
+	shr	ecx, 12
+	mov	eax, [page_tabs+ecx*4]
+	test	al, PG_READ
+	jnz	.page_present
+	test	al, LAZY_ALLOC_PAGE
+	jz	.error
+	cmp	[retval], -1
+	jnz	.skip_query
+	inc	[retval]
+	test	al, LAZY_ALLOC_UNREADABLE
+	jnz	@f
+	or	[retval], PROT_READ+PROT_EXEC
+@@:
+	test	al, LAZY_ALLOC_UNWRITABLE
+	jnz	@f
+	or	[retval], PROT_WRITE
+@@:
+.skip_query:
+	and	al, not (LAZY_ALLOC_UNREADABLE+LAZY_ALLOC_UNWRITABLE)
+	test	[access], PROT_READ
+	jnz	@f
+	or	al, LAZY_ALLOC_UNREADABLE
+@@:
+	test	[access], PROT_WRITE
+	jnz	@f
+	or	al, LAZY_ALLOC_UNWRITABLE
+@@:
+	mov	[page_tabs+ecx*4], eax
+	jmp	.nextpage
+.page_present:
+	test	eax, PG_SHARED
+	jnz	.page_shared
+.normal_page:
+	cmp	[retval], -1
+	jnz	.skip_query2
+	inc	[retval]
+	test	al, PG_USER
+	jz	@f
+	or	[retval], PROT_READ+PROT_EXEC
+@@:
+	test	al, PG_WRITE
+	jz	@f
+	or	[retval], PROT_WRITE
+@@:
+.skip_query2:
+	and	al, not (PG_USER+PG_WRITE)
+	test	[access], PROT_READ
+	jz	@f
+	or	al, PG_USER
+@@:
+	test	[access], PROT_WRITE
+	jz	@f
+	or	al, PG_WRITE
+@@:
+	mov	[page_tabs+ecx*4], eax
+	mov	eax, [address]
+	invlpg	[eax]
+	jmp	.nextpage
+.page_shared:
+	mov	esi, [smap_ptr]
+	test	esi, esi
+	jz	.find_smap
+	mov	edx, [address]
+	sub	edx, [esi+SMAP.base]
+	cmp	edx, [esi+SMAP.size]
+	jb	.found_smap
+.find_smap:
+	mov	ebx, [address]
+	call	find_smap_by_address
+	mov	[smap_ptr], esi
+	test	esi, esi
+	jz	.normal_page
+.found_smap:
+	cmp	[esi+SMAP.type], SMAP_TYPE_PE
+	jnz	.error
+	shr	edi, 12
+	mov	esi, [esi+SMAP.parent]
+	lea	ecx, [esi+PEDESCR.page_array_lock]
+	push	eax
+	call	mutex_lock
+	pop	eax
+	xor	eax, [esi+sizeof.PEDESCR+edi*4]
+	test	eax, not 0xFFF
+	jnz	.normal_page_unlock
+	mov	eax, [esi+sizeof.PEDESCR+edi*4]
+	test	eax, IMAGE_SCN_MEM_SHARED shr 20
+	jnz	.normal_page_unlock
+	cmp	[retval], -1
+	jnz	.skip_query3
+	mov	edx, [address]
+	shr	edx, 12
+	inc	[retval]
+	test	byte [page_tabs+edx*4], PG_USER
+	jz	@f
+	or	[retval], PROT_READ+PROT_EXEC
+@@:
+	test	eax, IMAGE_SCN_MEM_WRITE shr 20
+	jz	@f
+	or	[retval], PROT_WRITE
+@@:
+.skip_query3:
+	test	[access], PROT_WRITE
+	jz	.no_write
+	push	PG_SWR
+	test	[access], PROT_READ
+	jz	@f
+	pop	edx
+	push	PG_UWR
+@@:
+	call	pe_copy_on_write
+	lea	ecx, [esi+PEDESCR.page_array_lock]
+	call	mutex_unlock
+	jmp	.nextpage
+.normal_page_unlock:
+	lea	ecx, [esi+PEDESCR.page_array_lock]
+	call	mutex_unlock
+	mov	ecx, [address]
+	shr	ecx, 12
+	mov	eax, [page_tabs+ecx*4]
+	jmp	.normal_page
+.no_write:
+	lea	ecx, [esi+PEDESCR.page_array_lock]
+	call	mutex_unlock
+	mov	ecx, [address]
+	shr	ecx, 12
+	mov	eax, [page_tabs+ecx*4]
+	jmp	.skip_query2
+.nextpage:
+	mov	eax, [address]
+	add	eax, 0x1000
+	cmp	eax, [size]
+	jb	.addrloop
+.exit:
+	mov	ecx, [current_process]
+	add	ecx, PROC.heap_lock
+	call	mutex_unlock
+	mov	eax, [retval]
+	ret
+.error:
+	or	[retval], -1
+	jmp	.exit
+endp
 ; returns number of mapped bytes
-proc map_mem_ipc stdcall, lin_addr:dword,slot:dword,\
+proc map_memEx stdcall uses ebx esi edi, lin_addr:dword,slot:dword,\
-                      ofs:dword,buf_size:dword,req_access:dword
+                      ofs:dword,buf_size:dword,req_access:dword,where:dword
         locals
              count   dd ?
              process dd ?
         cmp     [buf_size], 0
         jz      .exit
         mov     eax, [slot]
         shl     eax, 8
-        mov     eax, [SLOT_BASE+eax+APPDATA.process]
+        mov     ecx, [SLOT_BASE+eax+APPDATA.process]
-        test    eax, eax
+        test    ecx, ecx
         jz      .exit
+        mov     [process], ecx
+        add     ecx, PROC.heap_lock
         call    mutex_lock
-        mov     [process], eax
+        mov     eax, [process]
         mov     ebx, [ofs]
         shr     ebx, 22
         mov     eax, [eax+PROC.pdt_0+ebx*4]                 ;get page table
-        mov     esi, [ipc_ptab]
+        mov     esi, [where]
         and     eax, 0xFFFFF000
-        jz      .exit
+        jz      .unlock_exit
         stdcall map_page, esi, eax, PG_SWR
 @@:
         mov     edi, [lin_addr]
         and     edi, 0xFFFFF000
         mov     ecx, [buf_size]
-        add     ecx, 4095
-        shr     ecx, 12
+        add     ecx, 4095
-        inc     ecx                  ; ???????????
+        shr     ecx, 12
         mov     edx, [ofs]
         shr     edx, 12
         and     edx, 0x3FF
 .map:
-        stdcall safe_map_page, [slot], [req_access], [ofs]
+        stdcall lock_and_map_page, [slot], [req_access], [ofs]
-        jnc     .exit
+        jnc     .unlock_exit
         add     [count], PAGE_SIZE
         add     [ofs], PAGE_SIZE
         dec     ecx
-        jz      .exit
+        jz      .unlock_exit
         add     edi, PAGE_SIZE
         inc     edx
         cmp     edx, 1024
         jnz     .map
         inc     ebx
         mov     eax, [process]
         mov     eax, [eax+PROC.pdt_0+ebx*4]
+        and     eax, 0xFFFFF000
+        jz      .unlock_exit
+        stdcall map_page, esi, eax, PG_SWR
-        and     eax, 0xFFFFF000
+        xor     edx, edx
-        jz      .exit
+        jmp     .map
 .unlock_exit:
-        stdcall map_page, esi, eax, PG_SWR
+        mov     ecx, [process]
-        xor     edx, edx
+        add     ecx, PROC.heap_lock
-        jmp     .map
+        call    mutex_unlock
 .exit:
-        mov     eax, [count]
-        ret
+        mov     eax, [count]
-endp
+        ret
-proc map_memEx stdcall, lin_addr:dword,slot:dword,\
+endp
                         ofs:dword,buf_size:dword,req_access:dword
-        locals
+proc unmap_memEx stdcall uses ebx esi edi, lin_addr:dword,slot:dword,\
-             count   dd ?
+                      ofs:dword,mapped_size:dword,pagedir:dword
-             process dd ?
+        locals
+             process dd ?
+        endl
-        endl
+        cmp     [mapped_size], 0
-        mov     [count], 0
+        jz      .exit
-        cmp     [buf_size], 0
-        jz      .exit
+        mov     eax, [slot]
         shl     eax, 8
+        mov     ecx, [SLOT_BASE+eax+APPDATA.process]
-        mov     eax, [slot]
+        mov     [process], ecx
+        xor     eax, eax
-        shl     eax, 8
+        test    ecx, ecx
-        mov     eax, [SLOT_BASE+eax+APPDATA.process]
+        jz      @f
-        test    eax, eax
+        add     ecx, PROC.heap_lock
+        call    mutex_lock
-        jz      .exit
+        mov     ebx, [ofs]
         shr     ebx, 22
+        mov     eax, [process]
+        mov     eax, [eax+PROC.pdt_0+ebx*4]                 ;get page table
-        mov     [process], eax
+@@:
-        mov     ebx, [ofs]
+        xor     esi, esi
-        shr     ebx, 22
+        and     eax, 0xFFFFF000
-        mov     eax, [eax+PROC.pdt_0+ebx*4]                 ;get page table
+        jz      @f
-        mov     esi, [proc_mem_tab]
+        mov     esi, [pagedir]
-        and     eax, 0xFFFFF000
+        stdcall map_page, esi, eax, PG_SWR
-        jz      .exit
+@@:
-        stdcall map_page, esi, eax, PG_SWR
+        mov     ecx, shared_locked_mutex
-@@:
+        call    mutex_lock
+        mov     edi, [lin_addr]
-        mov     edi, [lin_addr]
+        shr     edi, 12
-        and     edi, 0xFFFFF000
-        mov     ecx, [buf_size]
-        add     ecx, 4095
+        mov     ecx, [mapped_size]
-        shr     ecx, 12
-        inc     ecx                  ; ???????????
+        add     ecx, 4095
+        shr     ecx, 12
-        mov     edx, [ofs]
+        mov     [mapped_size], ecx
-        shr     edx, 12
-        and     edx, 0x3FF
+        mov     edx, [ofs]
-.map:
+        shr     edx, 12
-        stdcall safe_map_page, [slot], [req_access], [ofs]
+        and     edx, 0x3FF
+        lea     esi, [esi+edx*4]
+.map:
+        call    unlock_and_unmap_page
-        jnc     .exit
+        dec     [mapped_size]
-        add     [count], PAGE_SIZE
+        jz      .done
         add     [ofs], PAGE_SIZE
-        dec     ecx
+        inc     edi
+        add     esi, 4
-        jz      .exit
+        test    esi, 0xFFF
-        add     edi, PAGE_SIZE
+        jnz     .map
+        inc     ebx
+        xor     esi, esi
+        cmp     [process], 0
+        jz      .map
+        mov     eax, [process]
+        mov     eax, [eax+PROC.pdt_0+ebx*4]
+        and     eax, 0xFFFFF000
-        inc     edx
+        jz      .map
-        cmp     edx, 1024
+        mov     esi, [pagedir]
+        stdcall map_page, esi, eax, PG_SWR
+        jmp     .map
+.done:
-        jnz     .map
+        mov     ecx, shared_locked_mutex
         call    mutex_unlock
-        inc     ebx
+        cmp     [process], 0
-        mov     eax, [process]
+        jz      .exit
-        mov     eax, [eax+PROC.pdt_0+ebx*4]
+        mov     ecx, [process]
+        add     ecx, PROC.heap_lock
-        and     eax, 0xFFFFF000
+        call    mutex_unlock
-        jz      .exit
+.exit:
+        mov     eax, [pagedir]
+        mov     ecx, eax
+        shr     ecx, 12
+        mov     dword [page_tabs+ecx*4], 0
+        invlpg  [eax]
-        stdcall map_page, esi, eax, PG_SWR
+        ret
-        xor     edx, edx
+endp
         jmp     .map
-.exit:
+; in: esi+edx*4 = pointer to page table entry
-        mov     eax, [count]
+; in: [slot], [req_access], [ofs] on the stack
-        ret
+; in: edi = linear address to map
+; in: address space lock must be held
-endp
+; out: CF cleared <=> failed
+; destroys: only eax
 proc lock_and_map_page stdcall, slot:dword, req_access:dword, ofs:dword
-; in: esi+edx*4 = pointer to page table entry
+    locals
-; in: [slot], [req_access], [ofs] on the stack
+        locked_descr dd ?
-; in: edi = linear address to map
+    endl
 ; out: CF cleared <=> failed
-; destroys: only eax
+        mov     eax, [esi+edx*4]
-proc safe_map_page stdcall, slot:dword, req_access:dword, ofs:dword
+        test    eax, PG_READ
-        mov     eax, [esi+edx*4]
+        jz      .not_present
-        test    al, PG_READ
+        test    eax, PG_SHARED
-        jz      .not_present
+        jnz     .resolve_shared
-        test    al, PG_WRITE
+; normal case: not shared allocated page, mark as shared and map with requested access
-        jz      .resolve_readonly
+        or      dword [esi+edx*4], PG_SHARED
-; normal case: writable page, just map with requested access
+.map:
-.map:
+        and     eax, not 0xFFF
+        stdcall map_page, edi, eax, [req_access]
+        stc
+.fail:
-        stdcall map_page, edi, eax, [req_access]
+        ret
+.not_present:
+; check for alloc-on-demand page
+        test    eax, LAZY_ALLOC_PAGE
+        jz      .fail
+; allocate new page, save it to source page table
-        stc
+        push    ecx
-.fail:
+        call    alloc_zero_page
-        ret
+        pop     ecx
-.not_present:
-; check for alloc-on-demand page
+        test    eax, eax
-        test    al, 2
+        jz      .fail
-        jz      .fail
+        or      eax, PG_READ+PG_SHARED
-; allocate new page, save it to source page table
+        test    dword [esi+edx*4], LAZY_ALLOC_UNREADABLE
-        push    ecx
+        jnz     @f
-        call    alloc_page
+        or      eax, PG_USER
-        pop     ecx
+@@:
-        test    eax, eax
+        test    dword [esi+edx*4], LAZY_ALLOC_UNWRITABLE
+        jnz     @f
-        jz      .fail
+        or      eax, PG_WRITE
-        or      al, PG_UWR
+@@:
         mov     [esi+edx*4], eax
         jmp     .map
-.resolve_readonly:
-; readonly page, probably copy-on-write
-; check: readonly request of readonly page is ok
+.resolve_shared:
-        test    [req_access], PG_WRITE
+        push    ecx edx eax
-        jz      .map
+        mov     eax, sizeof.SHARED_LOCKED_PAGE
-; find control structure for this page
+        call    malloc
-        pushf
+        mov     [locked_descr], eax
-        cli
+        test    eax, eax
-        cld
+        jz      .fail_pop
+        mov     edx, [esp]
-        push    ebx ecx
+        and     edx, not 0xFFF
+        mov     [eax+SHARED_LOCKED_PAGE.address], edx
+        mov     eax, [slot]
+        shl     eax, 8
+        mov     eax, [SLOT_BASE+eax+APPDATA.process]
+        mov     ecx, [eax+PROC.smap_list]
+        add     eax, PROC.smap_list
+.find_shared_parent:
+        cmp     ecx, eax
-        mov     eax, [slot]
+        jz      .shared_orphan
+        mov     edx, [ofs]
+        sub     edx, [ecx+SMAP.base]
+        cmp     edx, [ecx+SMAP.size]
+        jb      .found_shared_parent
-        shl     eax, 8
+        mov     ecx, [ecx+SMAP.fd]
-        mov     eax, [SLOT_BASE+eax+APPDATA.process]
+        jmp     .find_shared_parent
+.shared_abandoned:
+        call    mutex_unlock
-        mov     eax, [eax+PROC.dlls_list_ptr]
+.shared_orphan:
+; no copy-on-write for orphans
+        test    dword [esp], PG_WRITE
+        jnz     @f
+        test    [req_access], PG_WRITE
+        jnz     .shared_forbidden
+@@:
-        test    eax, eax
+; locking the same normal page for second time:
+; the first lock_and_map_page has set PG_SHARED,
+; now we must cooperate with that other thread.
+        mov     ecx, shared_locked_mutex
+        call    mutex_lock
+        mov     eax, [locked_descr]
-        jz      .no_hdll
+        mov     [eax+SHARED_LOCKED_PAGE.parent], 0
+.shared_common:
+        mov     edx, [shared_locked_list+SHARED_LOCKED_PAGE.bk]
-        mov     ecx, [eax+HDLL.fd]
+        mov     [eax+SHARED_LOCKED_PAGE.fd], shared_locked_list
-.scan_hdll:
+        mov     [eax+SHARED_LOCKED_PAGE.bk], edx
-        cmp     ecx, eax
+        mov     [edx+SHARED_LOCKED_PAGE.fd], eax
+        mov     [shared_locked_list+SHARED_LOCKED_PAGE.bk], edx
+        call    mutex_unlock
-        jz      .no_hdll
+        pop     eax edx ecx
+        jmp     .map
+.shared_forbidden_unlock:
+        call    mutex_unlock
-        mov     ebx, [ofs]
+.shared_forbidden:
-        and     ebx, not 0xFFF
+        mov     eax, [locked_descr]
-        sub     ebx, [ecx+HDLL.base]
+        call    free
+.fail_pop:
+        pop     eax edx ecx
+        clc
+        ret
+.found_shared_parent:
+        shr     edx, 12
+        mov     eax, [locked_descr]
+        mov     [eax+SHARED_LOCKED_PAGE.offs], edx
+        cmp     [ecx+SMAP.type], SMAP_TYPE_PE
+        jnz     .parent_smap
+        push    edx
+        mov     ecx, [ecx+SMAP.parent]
-        cmp     ebx, [ecx+HDLL.size]
+        add     ecx, PEDESCR.page_array_lock
-        jb      .hdll_found
+        call    mutex_lock
+        pop     edx
+        mov     eax, [esp]
+        xor     eax, [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4]
+        test    eax, not 0xFFF
+        jnz     .shared_abandoned
+        test    dword [esp], PG_WRITE
+        jnz     @f
+        test    [req_access], PG_WRITE
+        jnz     .pedescr_try_cow
+@@:
+        mov     eax, [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4]
+        inc     eax
+        test    eax, 0xFF
+        jnz     @f
+        dec     eax
+@@:
+        mov     [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4], eax
+        push    ecx
+        mov     ecx, pe_list_mutex
+        call    mutex_lock
+        mov     eax, [esp]
+        inc     dword [eax+PEDESCR.refcount-PEDESCR.page_array_lock]
+        call    mutex_unlock
+        pop     ecx
+        call    mutex_unlock
+        sub     ecx, PEDESCR.page_array_lock
+        push    ecx
+.shared_common2:
+        mov     ecx, shared_locked_mutex
+        call    mutex_lock
+        mov     eax, [locked_descr]
+        pop     [eax+SHARED_LOCKED_PAGE.parent]
+        jmp     .shared_common
-        mov     ecx, [ecx+HDLL.fd]
+.pedescr_try_cow:
-        jmp     .scan_hdll
+        mov     eax, [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4]
+        test	eax, IMAGE_SCN_MEM_WRITE shr 20
+        jz	@f
+        or      dword [esp], PG_WRITE
-.no_hdll:
+@@:
+        dec     eax
+        test    eax, 0xFF
+        jnz     .pedescr_alloc_copy
+        mov     dword [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4], 0
-        pop     ecx ebx
+        call    mutex_unlock
+        mov     eax, [locked_descr]
-        popf
+        call    free
+        pop     eax edx ecx
-        clc
+        or      eax, PG_SHARED
-        ret
+        mov     [esi+edx*4], eax
+        jmp     .map
+.pedescr_alloc_copy:
-.hdll_found:
+        push    ecx edx
+        stdcall kernel_alloc, 0x1000
+        pop     edx ecx
+        test    eax, eax
+        jz      .shared_forbidden_unlock
+        dec     dword [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4]
-; allocate page, save it in page table, map it, copy contents from base
+        push    ecx esi edi
+        mov     esi, edi
+        mov     edi, eax
-        mov     eax, [ecx+HDLL.parent]
+        stdcall map_page, esi, [ecx+sizeof.PEDESCR-PEDESCR.page_array_lock+edx*4], PG_READ
+        mov     ecx, 0x1000/4
+        rep movsd
+        sub     esi, 0x1000
-        add     ebx, [eax+DLLDESCR.data]
+        sub     edi, 0x1000
-        call    alloc_page
+        mov     eax, edi
+        call    get_pg_addr
+        and     dword [esp+12], 0xFFF
+        or      dword [esp+12], eax
+        stdcall map_page, esi, eax, [req_access]
+        stdcall free_kernel_space, edi
+        pop     edi esi ecx
+        call    mutex_unlock
+        mov     eax, [locked_descr]
+        call    free
+        pop     eax edx ecx
+        or      eax, PG_SHARED
+        mov     [esi+edx*4], eax
+        stc
+        ret
+.parent_smap:
+        test    dword [esp], PG_WRITE
+        jnz     @f
+        test    [req_access], PG_WRITE
+        jz      .shared_forbidden
+@@:
+        push    [ecx+SMAP.parent]
+        mov     ecx, shmem_list_mutex
+        call    mutex_lock
+        mov     eax, [esp]
+        inc     dword [esp]
+        inc     [eax+SMEM.refcount]
+        call    mutex_unlock
+        jmp     .shared_common2
+endp
+; in: esi -> process page table entry or esi < 0x1000 if no page table entry
+; in: edi = page number for mapped copy
+; in: shared_locked_mutex is held
+; destroys eax, ecx, edx
+proc unlock_and_unmap_page
+        mov     edx, [page_tabs+edi*4]
+        and     edx, not 0xFFF
+        mov     dword [page_tabs+edi*4], 0
+        mov     eax, edi
+        shl     eax, 12
+        invlpg  [eax]
+        mov     eax, [shared_locked_list+SHARED_LOCKED_PAGE.fd]
+.check_list:
+        cmp     eax, shared_locked_list
+        jz      .not_in_list
+        cmp     edx, [eax+SHARED_LOCKED_PAGE.address]
+        jz      .found_in_list
+        mov     eax, [eax+SHARED_LOCKED_PAGE.fd]
+        jmp     .check_list
+.found_in_list:
+        push    esi
+        mov     esi, [eax+SHARED_LOCKED_PAGE.parent]
+        mov     edx, [eax+SHARED_LOCKED_PAGE.fd]
+        mov     ecx, [eax+SHARED_LOCKED_PAGE.bk]
+        mov     [edx+SHARED_LOCKED_PAGE.bk], ecx
+        mov     [ecx+SHARED_LOCKED_PAGE.fd], edx
+        test    esi, esi
+        jz      .orphan
+        btr     esi, 0
+        jc      .parent_smap
+        push    eax
+        lea     ecx, [esi+PEDESCR.page_array_lock]
+        call    mutex_lock
+        mov     edx, [esp]
+        mov     edx, [edx+SHARED_LOCKED_PAGE.offs]
+        mov     eax, [esi+sizeof.PEDESCR+edx*4]
+        and     eax, 0xFF
+        cmp     eax, 0xFF
+        jz      .no_deref
+        mov     eax, [esi+sizeof.PEDESCR+edx*4]
+        dec     eax
+        test    eax, 0xFF
+        jnz     @f
+        call    free_page
+        xor     eax, eax
+@@:
+        mov     [esi+sizeof.PEDESCR+edx*4], eax
+.no_deref:
+        lea     ecx, [esi+PEDESCR.page_array_lock]
+        call    mutex_unlock
+        call    dereference_pe
+        pop     eax
+        call    free
+        pop     esi
+        ret
+.parent_smap:
+        call    free
+        call    dereference_smem
+        pop     esi
+        ret
+.orphan:
+        call    free
+        pop     esi
-        test    eax, eax
+        ret
-        jz      .no_hdll
+.not_in_list:
-        or      al, PG_UWR
+        cmp     esi, 0x1000
-        mov     [esi+edx*4], eax
+        jb      .just_free
 proc sys_ipc_send stdcall, PID:dword, msg_addr:dword, msg_size:dword
            locals
              dst_slot   dd ?
+             dst_offset dd ?
-             dst_offset dd ?
+             dst_ptr    dd ?
              buf_size   dd ?
+             used_buf   dd ?
+             mapped_size dd ?
-             used_buf   dd ?
+             result     dd ?
            endl
-        pushf
+        mov     ecx, ipc_mutex
-        cli
+        call    mutex_lock
         mov     eax, [PID]
         mov     [dst_slot], eax
         shl     eax, 8
         mov     edi, [eax+SLOT_BASE+APPDATA.ipc_start] ;is ipc area defined?
         test    edi, edi
         jz      .no_ipc_area
+        mov     [dst_ptr], edi
         mov     ebx, edi
         and     ebx, 0xFFF
         stdcall alloc_kernel_space, esi
         mov     ecx, eax
         pop     edi esi
 @@:
         mov     [used_buf], ecx
-        stdcall map_mem_ipc, ecx, [dst_slot], \
+        stdcall map_memEx, ecx, [dst_slot], \
-                edi, esi, PG_SWR
+                edi, esi, PG_SWR, [ipc_ptab]
+        mov     [mapped_size], eax
+        mov     [result], 3 ; buffer overflow
+        sub     eax, [dst_offset]
+        jc      .no_copy_data
+        cmp     [buf_size], eax
+        jb      @f
+        mov     [buf_size], eax
+@@:
+        cmp     [buf_size], 8
+        jb      .no_copy_data
         mov     [result], 2 ; ipc blocked
         mov     edi, [dst_offset]
         add     edi, [used_buf]
         cmp     dword [edi], 0
+        jnz     .no_copy_data         ;if dword [buffer]<>0 - ipc blocked now
         jnz     .ipc_blocked          ;if dword [buffer]<>0 - ipc blocked now
         mov     [result], 3 ; buffer overflow
         mov     edx, dword [edi+4]
         lea     ebx, [edx+8]
         add     ebx, [msg_size]
+        cmp     ebx, [buf_size]
-        cmp     ebx, [buf_size]
+        ja      .no_copy_data          ;esi<0 - not enough memory in buffer
         ja      .buffer_overflow       ;esi<0 - not enough memory in buffer
         mov     [result], 0
         mov     dword [edi+4], ebx
         mov     eax, [TASK_BASE]
         add     edi, 8
         mov     esi, [msg_addr]
        ;    add esi, new_app_base
         cld
         rep movsb
+.no_copy_data:
+        stdcall unmap_memEx, [used_buf], [dst_slot], [dst_ptr], [mapped_size], [ipc_ptab]
-        mov     ebx, [ipc_tmp]
-        mov     edx, ebx
-        shr     ebx, 12
-        xor     eax, eax
-        mov     [page_tabs+ebx*4], eax
-        invlpg  [edx]
-        mov     ebx, [ipc_pdir]
-        mov     edx, ebx
-        shr     ebx, 12
-        xor     eax, eax
-        mov     [page_tabs+ebx*4], eax
-        invlpg  [edx]
-        mov     ebx, [ipc_ptab]
-        mov     edx, ebx
+        cmp     [result], 0
-        shr     ebx, 12
-        xor     eax, eax
-        mov     [page_tabs+ebx*4], eax
-        invlpg  [edx]
         jnz     @f
         mov     eax, [dst_slot]
         shl     eax, BSF sizeof.APPDATA
+        or      [eax+SLOT_BASE+APPDATA.occurred_events], EVENT_IPC
+@@:
+        mov     eax, [used_buf]
-        or      [eax+SLOT_BASE+APPDATA.occurred_events], EVENT_IPC
+        cmp     eax, [ipc_tmp]
+        je      @f
+        stdcall free_kernel_space, eax
+@@:
+        mov     ecx, ipc_mutex
-        push    0
+        call    mutex_unlock
+        mov     eax, [result]
-        jmp     .ret
+        ret
+.no_pid:
-.no_pid:
+        mov     ecx, ipc_mutex
-        popf
+        call    mutex_unlock
         mov     eax, 4
         ret
+.no_ipc_area:
-.no_ipc_area:
+        mov     ecx, ipc_mutex
-        popf
+        call    mutex_unlock
         xor     eax, eax
         inc     eax
-        ret
-.ipc_blocked:
-        push    2
-        jmp     .ret
-.buffer_overflow:
-        push    3
-.ret:
-        mov     eax, [used_buf]
-        cmp     eax, [ipc_tmp]
-        je      @f
-        stdcall free_kernel_space, eax
-@@:
-        pop     eax
-        popf
         ret
 endp
 align 4
 f68:
         cmp     ebx, 4
         jbe     sys_sheduler
         cmp     ebx, 11
         jb      undefined_syscall
-        cmp     ebx, 29
+        cmp     ebx, 32
         ja      undefined_syscall
         xor     eax, eax
         jmp     dword [f68call+ebx*4-11*4]
 .11:
         call    init_heap
 .29:
         stdcall user_ring, ecx
         mov     [esp+SYSCALL_STACK._eax], eax
+	ret
+.30:
+        cmp     ecx, OS_BASE
+        jae     .fail
+        stdcall load_file_maybe_pe, ecx
+        test    esi, esi
+        jz      .30.not_pe
+        stdcall map_pe_usermode, esi, eax, ebx
+        mov     [esp+32], eax
+        ret
+.30.resolve_fail:
+        movi    eax, -5
+        jmp     .30.error
+.30.not_pe:
+        cmp     eax, -0x1000
+        ja      .30.error
+        stdcall kernel_free, eax
+        movi    eax, -31
+.30.error:
+        mov     [esp+32], eax
+        ret
+.31:
+        stdcall unmap_pe_usermode, ecx
+        mov     [esp+32], eax
+        ret
+.32:
+        stdcall mprotect, edx, esi, ecx
+        mov     [esp+32], eax
         ret
 .fail:
            dd f68.25   ; unmask exception
            dd f68.26   ; user_unmap
            dd f68.27   ; load_file_umode
            dd f68.28   ; loadFileUnicode
            dd f68.29   ; user_ring
+           dd f68.30   ; map_pe_usermode
+           dd f68.31   ; unmap_pe_usermode
+           dd f68.32   ; mprotect
 align 4
 proc load_pe_driver stdcall, file:dword, cmdline:dword

Subversion Repositories Kolibri OS

(root)/kernel/branches/kolibrios-pe-clevermouse/core/memory.inc – Rev 9047 → 9048