1 /* $Id: create.c,v 1.55 2002/10/01 19:27:25 chorns Exp $
3 * COPYRIGHT: See COPYING in the top level directory
4 * PROJECT: ReactOS kernel
5 * FILE: ntoskrnl/ps/thread.c
6 * PURPOSE: Thread managment
7 * PROGRAMMER: David Welch (welch@mcmail.com)
10 * 12/10/99: Phillip Susi: Thread priorities, and APC work
16 * All of the routines that manipulate the thread queue synchronize on
21 /* INCLUDES ****************************************************************/
23 #include <ddk/ntddk.h>
24 #include <internal/ke.h>
25 #include <internal/ob.h>
26 #include <internal/ps.h>
27 #include <internal/se.h>
28 #include <internal/id.h>
29 #include <internal/dbg.h>
30 #include <internal/ldr.h>
33 #include <internal/debug.h>
35 /* GLOBAL *******************************************************************/
37 static ULONG PiNextThreadUniqueId
= 0;
39 extern KSPIN_LOCK PiThreadListLock
;
40 extern ULONG PiNrThreads
;
42 extern LIST_ENTRY PiThreadListHead
;
44 #define MAX_THREAD_NOTIFY_ROUTINE_COUNT 8
46 static ULONG PiThreadNotifyRoutineCount
= 0;
47 static PCREATE_THREAD_NOTIFY_ROUTINE
48 PiThreadNotifyRoutine
[MAX_THREAD_NOTIFY_ROUTINE_COUNT
];
50 /* FUNCTIONS ***************************************************************/
53 PsAssignImpersonationToken(PETHREAD Thread
,
57 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
60 if (TokenHandle
!= NULL
)
62 Status
= ObReferenceObjectByHandle(TokenHandle
,
68 if (!NT_SUCCESS(Status
))
72 ImpersonationLevel
= Token
->ImpersonationLevel
;
77 ImpersonationLevel
= 0;
80 PsImpersonateClient(Thread
,
87 ObDereferenceObject(Token
);
89 return(STATUS_SUCCESS
);
97 Thread
= PsGetCurrentThread();
99 if (Thread
->ActiveImpersonationInfo
!= 0)
101 ObDereferenceObject(Thread
->ImpersonationInfo
->Token
);
102 Thread
->ActiveImpersonationInfo
= 0;
107 PsImpersonateClient(PETHREAD Thread
,
111 SECURITY_IMPERSONATION_LEVEL Level
)
115 if (Thread
->ActiveImpersonationInfo
!= 0)
117 Thread
->ActiveImpersonationInfo
= 0;
118 if (Thread
->ImpersonationInfo
->Token
!= NULL
)
120 ObDereferenceObject(Thread
->ImpersonationInfo
->Token
);
125 if (Thread
->ActiveImpersonationInfo
== 0 ||
126 Thread
->ImpersonationInfo
== NULL
)
128 Thread
->ImpersonationInfo
= ExAllocatePool(NonPagedPool
,
129 sizeof(PS_IMPERSONATION_INFO
));
131 Thread
->ImpersonationInfo
->Level
= Level
;
132 Thread
->ImpersonationInfo
->Unknown2
= c
;
133 Thread
->ImpersonationInfo
->Unknown1
= b
;
134 Thread
->ImpersonationInfo
->Token
= Token
;
135 ObReferenceObjectByPointer(Token
,
139 Thread
->ActiveImpersonationInfo
= 1;
143 PsReferenceEffectiveToken(PETHREAD Thread
,
144 PTOKEN_TYPE TokenType
,
146 PSECURITY_IMPERSONATION_LEVEL Level
)
151 if (Thread
->ActiveImpersonationInfo
== 0)
153 Process
= Thread
->ThreadsProcess
;
154 *TokenType
= TokenPrimary
;
156 Token
= Process
->Token
;
160 Token
= Thread
->ImpersonationInfo
->Token
;
161 *TokenType
= TokenImpersonation
;
162 *b
= Thread
->ImpersonationInfo
->Unknown2
;
163 *Level
= Thread
->ImpersonationInfo
->Level
;
169 NtImpersonateThread(IN HANDLE ThreadHandle
,
170 IN HANDLE ThreadToImpersonateHandle
,
171 IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
)
174 PETHREAD ThreadToImpersonate
;
176 SECURITY_CLIENT_CONTEXT ClientContext
;
178 Status
= ObReferenceObjectByHandle(ThreadHandle
,
184 if (!NT_SUCCESS(Status
))
189 Status
= ObReferenceObjectByHandle(ThreadToImpersonateHandle
,
193 (PVOID
*)&ThreadToImpersonate
,
195 if (!NT_SUCCESS(Status
))
197 ObDereferenceObject(Thread
);
201 Status
= SeCreateClientSecurity(ThreadToImpersonate
,
202 SecurityQualityOfService
,
205 if (!NT_SUCCESS(Status
))
207 ObDereferenceObject(Thread
);
208 ObDereferenceObject(ThreadToImpersonate
);
212 SeImpersonateClient(&ClientContext
, Thread
);
213 if (ClientContext
.Token
!= NULL
)
215 ObDereferenceObject(ClientContext
.Token
);
217 return(STATUS_SUCCESS
);
221 NtOpenThreadToken(IN HANDLE ThreadHandle
,
222 IN ACCESS_MASK DesiredAccess
,
223 IN BOOLEAN OpenAsSelf
,
224 OUT PHANDLE TokenHandle
)
231 Status
= ObReferenceObjectByHandle(ThreadHandle
,
237 if (!NT_SUCCESS(Status
))
242 Token
= PsReferencePrimaryToken(Thread
->ThreadsProcess
);
243 SepCreateImpersonationTokenDacl(Token
);
245 return(STATUS_UNSUCCESSFUL
);
248 PACCESS_TOKEN STDCALL
249 PsReferenceImpersonationToken(PETHREAD Thread
,
252 SECURITY_IMPERSONATION_LEVEL
* Level
)
254 if (Thread
->ActiveImpersonationInfo
== 0)
259 *Level
= Thread
->ImpersonationInfo
->Level
;
260 *Unknown1
= Thread
->ImpersonationInfo
->Unknown1
;
261 *Unknown2
= Thread
->ImpersonationInfo
->Unknown2
;
262 ObReferenceObjectByPointer(Thread
->ImpersonationInfo
->Token
,
266 return(Thread
->ImpersonationInfo
->Token
);
270 PiBeforeBeginThread(CONTEXT c
)
272 DPRINT("PiBeforeBeginThread(Eip %x)\n", c
.Eip
);
273 KeLowerIrql(PASSIVE_LEVEL
);
277 PiDeleteThread(PVOID ObjectBody
)
282 Thread
= (PETHREAD
)ObjectBody
;
284 DPRINT("PiDeleteThread(ObjectBody %x)\n",ObjectBody
);
286 ObDereferenceObject(Thread
->ThreadsProcess
);
287 Thread
->ThreadsProcess
= NULL
;
289 KeAcquireSpinLock(&PiThreadListLock
, &oldIrql
);
291 for (i
= 0; i
< PiThreadNotifyRoutineCount
; i
++)
293 PiThreadNotifyRoutine
[i
](Thread
->Cid
.UniqueProcess
,
294 Thread
->Cid
.UniqueThread
,
298 RemoveEntryList(&Thread
->Tcb
.ThreadListEntry
);
299 KeReleaseSpinLock(&PiThreadListLock
, oldIrql
);
300 KeReleaseThread(Thread
);
301 DPRINT("PiDeleteThread() finished\n");
305 PsInitializeThread(HANDLE ProcessHandle
,
307 PHANDLE ThreadHandle
,
308 ACCESS_MASK DesiredAccess
,
309 POBJECT_ATTRIBUTES ThreadAttributes
,
321 if (ProcessHandle
!= NULL
)
323 Status
= ObReferenceObjectByHandle(ProcessHandle
,
324 PROCESS_CREATE_THREAD
,
329 if (Status
!= STATUS_SUCCESS
)
331 DPRINT("Failed at %s:%d\n",__FILE__
,__LINE__
);
334 DPRINT( "Creating thread in process %x\n", Process
);
338 Process
= PsInitialSystemProcess
;
339 ObReferenceObjectByPointer(Process
,
340 PROCESS_CREATE_THREAD
,
346 * Create and initialize thread
348 Status
= ObCreateObject(ThreadHandle
,
353 if (!NT_SUCCESS(Status
))
358 DPRINT("Thread = %x\n",Thread
);
362 KeInitializeThread(&Process
->Pcb
, &Thread
->Tcb
, First
);
363 Thread
->ThreadsProcess
= Process
;
365 * FIXME: What lock protects this?
367 InsertTailList(&Thread
->ThreadsProcess
->ThreadListHead
,
368 &Thread
->Tcb
.ProcessThreadListEntry
);
369 InitializeListHead(&Thread
->TerminationPortList
);
370 KeInitializeSpinLock(&Thread
->ActiveTimerListLock
);
371 InitializeListHead(&Thread
->IrpList
);
372 Thread
->Cid
.UniqueThread
= (HANDLE
)InterlockedIncrement(
373 &PiNextThreadUniqueId
);
374 Thread
->Cid
.UniqueProcess
= (HANDLE
)Thread
->ThreadsProcess
->UniqueProcessId
;
375 Thread
->DeadThread
= 0;
376 Thread
->Win32Thread
= 0;
377 DPRINT("Thread->Cid.UniqueThread %d\n",Thread
->Cid
.UniqueThread
);
381 KeAcquireSpinLock(&PiThreadListLock
, &oldIrql
);
382 InsertTailList(&PiThreadListHead
, &Thread
->Tcb
.ThreadListEntry
);
383 KeReleaseSpinLock(&PiThreadListLock
, oldIrql
);
385 Thread
->Tcb
.BasePriority
= Thread
->ThreadsProcess
->Pcb
.BasePriority
;
386 Thread
->Tcb
.Priority
= Thread
->Tcb
.BasePriority
;
388 for (i
= 0; i
< PiThreadNotifyRoutineCount
; i
++)
390 PiThreadNotifyRoutine
[i
](Thread
->Cid
.UniqueProcess
,
391 Thread
->Cid
.UniqueThread
,
395 return(STATUS_SUCCESS
);
400 PsCreateTeb(HANDLE ProcessHandle
,
403 PINITIAL_TEB InitialTeb
)
405 MEMORY_BASIC_INFORMATION Info
;
414 TebBase
= (PVOID
)0x7FFDE000;
419 Status
= NtQueryVirtualMemory(ProcessHandle
,
421 MemoryBasicInformation
,
425 if (!NT_SUCCESS(Status
))
427 CPRINT("NtQueryVirtualMemory (Status %x)\n", Status
);
430 /* FIXME: Race between this and the above check */
431 if (Info
.State
== MEM_FREE
)
433 /* The TEB must reside in user space */
434 Status
= NtAllocateVirtualMemory(ProcessHandle
,
438 MEM_RESERVE
| MEM_COMMIT
,
440 if (NT_SUCCESS(Status
))
446 TebBase
= TebBase
- TebSize
;
449 DPRINT ("TebBase %p TebSize %lu\n", TebBase
, TebSize
);
451 /* set all pointers to and from the TEB */
452 Teb
.Tib
.Self
= TebBase
;
453 if (Thread
->ThreadsProcess
)
455 Teb
.Peb
= Thread
->ThreadsProcess
->Peb
; /* No PEB yet!! */
457 DPRINT("Teb.Peb %x\n", Teb
.Peb
);
459 /* store stack information from InitialTeb */
460 if (InitialTeb
!= NULL
)
462 Teb
.Tib
.StackBase
= InitialTeb
->StackBase
;
463 Teb
.Tib
.StackLimit
= InitialTeb
->StackLimit
;
464 Teb
.DeallocationStack
= InitialTeb
->StackAllocate
;
467 /* more initialization */
468 Teb
.Cid
.UniqueThread
= Thread
->Cid
.UniqueThread
;
469 Teb
.Cid
.UniqueProcess
= Thread
->Cid
.UniqueProcess
;
470 Teb
.CurrentLocale
= PsDefaultThreadLocaleId
;
472 DPRINT("sizeof(TEB) %x\n", sizeof(TEB
));
474 /* write TEB data into teb page */
475 Status
= NtWriteVirtualMemory(ProcessHandle
,
481 if (!NT_SUCCESS(Status
))
484 DPRINT1 ("Writing TEB failed!\n");
487 NtFreeVirtualMemory(ProcessHandle
,
497 *TebPtr
= (PTEB
)TebBase
;
500 DPRINT("TEB allocated at %p\n", TebBase
);
506 LdrInitApcRundownRoutine(PKAPC Apc
)
512 LdrInitApcKernelRoutine(PKAPC Apc
,
513 PKNORMAL_ROUTINE
* NormalRoutine
,
514 PVOID
* NormalContext
,
515 PVOID
* SystemArgument1
,
516 PVOID
* SystemArgument2
)
522 NtCreateThread(PHANDLE ThreadHandle
,
523 ACCESS_MASK DesiredAccess
,
524 POBJECT_ATTRIBUTES ObjectAttributes
,
525 HANDLE ProcessHandle
,
527 PCONTEXT ThreadContext
,
528 PINITIAL_TEB InitialTeb
,
529 BOOLEAN CreateSuspended
)
536 DPRINT("NtCreateThread(ThreadHandle %x, PCONTEXT %x)\n",
537 ThreadHandle
,ThreadContext
);
539 Status
= PsInitializeThread(ProcessHandle
,
545 if (!NT_SUCCESS(Status
))
550 Status
= KiArchInitThreadWithContext(&Thread
->Tcb
, ThreadContext
);
551 if (!NT_SUCCESS(Status
))
556 Status
= PsCreateTeb(ProcessHandle
,
560 if (!NT_SUCCESS(Status
))
564 Thread
->Tcb
.Teb
= TebBase
;
566 Thread
->StartAddress
= NULL
;
570 *Client
= Thread
->Cid
;
574 * Maybe send a message to the process's debugger
576 DbgkCreateThread((PVOID
)ThreadContext
->Eip
);
579 * First, force the thread to be non-alertable for user-mode alerts.
581 Thread
->Tcb
.Alertable
= FALSE
;
584 * If the thread is to be created suspended then queue an APC to
585 * do the suspend before we run any userspace code.
589 PsSuspendThread(Thread
, NULL
);
593 * Queue an APC to the thread that will execute the ntdll startup
596 LdrInitApc
= ExAllocatePool(NonPagedPool
, sizeof(KAPC
));
597 KeInitializeApc(LdrInitApc
, &Thread
->Tcb
, 0, LdrInitApcKernelRoutine
,
598 LdrInitApcRundownRoutine
, LdrpGetSystemDllEntryPoint(),
600 KeInsertQueueApc(LdrInitApc
, NULL
, NULL
, UserMode
);
603 * Start the thread running and force it to execute the APC(s) we just
604 * queued before it runs anything else in user-mode.
606 Thread
->Tcb
.Alertable
= TRUE
;
607 Thread
->Tcb
.Alerted
[0] = 1;
608 PsUnblockThread(Thread
, NULL
);
610 return(STATUS_SUCCESS
);
615 PsCreateSystemThread(PHANDLE ThreadHandle
,
616 ACCESS_MASK DesiredAccess
,
617 POBJECT_ATTRIBUTES ObjectAttributes
,
618 HANDLE ProcessHandle
,
620 PKSTART_ROUTINE StartRoutine
,
623 * FUNCTION: Creates a thread which executes in kernel mode
625 * ThreadHandle (OUT) = Caller supplied storage for the returned thread
627 * DesiredAccess = Requested access to the thread
628 * ObjectAttributes = Object attributes (optional)
629 * ProcessHandle = Handle of process thread will run in
630 * NULL to use system process
631 * ClientId (OUT) = Caller supplied storage for the returned client id
632 * of the thread (optional)
633 * StartRoutine = Entry point for the thread
634 * StartContext = Argument supplied to the thread when it begins
636 * RETURNS: Success or failure status
642 DPRINT("PsCreateSystemThread(ThreadHandle %x, ProcessHandle %x)\n",
643 ThreadHandle
,ProcessHandle
);
645 Status
= PsInitializeThread(ProcessHandle
,
651 if (!NT_SUCCESS(Status
))
656 Thread
->StartAddress
= StartRoutine
;
657 Status
= KiArchInitThread(&Thread
->Tcb
, StartRoutine
, StartContext
);
658 if (!NT_SUCCESS(Status
))
663 if (ClientId
!= NULL
)
665 *ClientId
=Thread
->Cid
;
668 PsUnblockThread(Thread
, NULL
);
670 return(STATUS_SUCCESS
);
675 PsSetCreateThreadNotifyRoutine(IN PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine
)
677 if (PiThreadNotifyRoutineCount
>= MAX_THREAD_NOTIFY_ROUTINE_COUNT
)
678 return(STATUS_INSUFFICIENT_RESOURCES
);
680 PiThreadNotifyRoutine
[PiThreadNotifyRoutineCount
] = NotifyRoutine
;
681 PiThreadNotifyRoutineCount
++;
683 return(STATUS_SUCCESS
);