From b91c79e0907af062e723280dbe347ef19711384a Mon Sep 17 00:00:00 2001
From: Aiken Harris <harraiken91@gmail.com>
Date: Tue, 6 Jan 2026 15:01:05 +0100
Subject: [PATCH] Prevent adding referenced pages to the free list

---
 xtoskrnl/mm/amd64/pfn.cc | 16 ++++++++--------
 xtoskrnl/mm/i686/pfn.cc  |  9 +++++++--
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/xtoskrnl/mm/amd64/pfn.cc b/xtoskrnl/mm/amd64/pfn.cc
index 3f5c952..dd14489 100644
--- a/xtoskrnl/mm/amd64/pfn.cc
+++ b/xtoskrnl/mm/amd64/pfn.cc
@@ -189,7 +189,7 @@ MM::Pfn::ProcessMemoryDescriptor(IN PFN_NUMBER BasePage,
                                  IN PFN_NUMBER PageCount,
                                  IN LOADER_MEMORY_TYPE MemoryType)
 {
-    PFN_NUMBER CurrentPage, PageNumber;
+    PFN_NUMBER PageNumber;
     PMMPFN Pfn;
 
     /* Check if the memory descriptor describes a free memory region */
@@ -198,13 +198,13 @@ MM::Pfn::ProcessMemoryDescriptor(IN PFN_NUMBER BasePage,
         /* Iterate over each page in this free memory run */
         for(PageNumber = 0; PageNumber < PageCount; PageNumber++)
         {
-            /* Get the PFN entry for the current page and set its initial cache attribute */
-            CurrentPage = BasePage + PageNumber;
-            Pfn = GetPfnEntry(CurrentPage);
-            Pfn->u3.e1.CacheAttribute = PfnNonCached;
-
-            /* Add the page to the free list to make it available for allocation */
-            LinkFreePage(CurrentPage);
+            /* Get the PFN entry for the current page and ensure it is not referenced */
+            Pfn = GetPfnEntry(BasePage + PageNumber);
+            if(Pfn->u3.e2.ReferenceCount == 0)
+            {
+                /* Add the page to the free list to make it available for allocation */
+                LinkFreePage(BasePage + PageNumber);
+            }
         }
     }
     else
diff --git a/xtoskrnl/mm/i686/pfn.cc b/xtoskrnl/mm/i686/pfn.cc
index c44949c..9218e36 100644
--- a/xtoskrnl/mm/i686/pfn.cc
+++ b/xtoskrnl/mm/i686/pfn.cc
@@ -187,8 +187,13 @@ MM::Pfn::ProcessMemoryDescriptor(IN PFN_NUMBER BasePage,
         /* Iterate over each page in this free memory run */
         for(PageNumber = 0; PageNumber < PageCount; PageNumber++)
         {
-            /* Add the page to the free list to make it available for allocation */
-            LinkFreePage(BasePage + PageNumber);
+            /* Get the PFN entry for the current page and ensure it is not referenced */
+            Pfn = GetPfnEntry(BasePage + PageNumber);
+            if(Pfn->u3.e2.ReferenceCount == 0)
+            {
+                /* Add the page to the free list to make it available for allocation */
+                LinkFreePage(BasePage + PageNumber);
+            }
         }
     }
     else