[ros-diffs] [cgutman] 44267: - Fix a race condition that occurs when an IRP gets cancelled after it is inserted into the completion queue but before it is completed
cgutman at svn.reactos.org
cgutman at svn.reactos.org
Sun Nov 22 03:32:47 CET 2009
Author: cgutman
Date: Sun Nov 22 03:32:47 2009
New Revision: 44267
URL: http://svn.reactos.org/svn/reactos?rev=44267&view=rev
Log:
- Fix a race condition that occurs when an IRP gets cancelled after it is inserted into the completion queue but before it is completed
Modified:
trunk/reactos/drivers/network/tcpip/include/datagram.h
trunk/reactos/drivers/network/tcpip/include/tcp.h
trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c
trunk/reactos/lib/drivers/ip/transport/tcp/accept.c
trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c
Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/include/datagram.h?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -21,7 +21,7 @@
PVOID Context,
PIRP Irp);
-VOID DGRemoveIRP(
+BOOLEAN DGRemoveIRP(
PADDRESS_FILE AddrFile,
PIRP Irp);
Modified: trunk/reactos/drivers/network/tcpip/include/tcp.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/include/tcp.h?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -96,8 +96,8 @@
PCONNECTION_ENDPOINT Connection,
PTDI_REQUEST_KERNEL Request );
NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog );
-VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
- PCONNECTION_ENDPOINT Connection );
+BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
+ PCONNECTION_ENDPOINT Connection );
NTSTATUS TCPAccept
( PTDI_REQUEST Request,
PCONNECTION_ENDPOINT Listener,
@@ -179,6 +179,6 @@
NTSTATUS TCPShutdown(
VOID);
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp );
+BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp );
#endif /* __TCP_H */
Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -133,6 +133,7 @@
PTRANSPORT_CONTEXT TranContext;
PFILE_OBJECT FileObject;
UCHAR MinorFunction;
+ BOOLEAN DequeuedIrp = TRUE;
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -157,7 +158,7 @@
switch(MinorFunction) {
case TDI_SEND:
case TDI_RECEIVE:
- TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp );
+ DequeuedIrp = TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp );
break;
case TDI_SEND_DATAGRAM:
@@ -166,7 +167,7 @@
break;
}
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
+ DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
break;
case TDI_RECEIVE_DATAGRAM:
@@ -175,19 +176,21 @@
break;
}
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
+ DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
break;
case TDI_CONNECT:
- TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp);
+ DequeuedIrp = TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp);
break;
default:
TI_DbgPrint(MIN_TRACE, ("Unknown IRP. MinorFunction (0x%X).\n", MinorFunction));
+ ASSERT(FALSE);
break;
}
- IRPFinish(Irp, STATUS_CANCELLED);
+ if (DequeuedIrp)
+ IRPFinish(Irp, STATUS_CANCELLED);
TI_DbgPrint(MAX_TRACE, ("Leaving.\n"));
}
@@ -207,7 +210,6 @@
PTRANSPORT_CONTEXT TranContext;
PFILE_OBJECT FileObject;
PCONNECTION_ENDPOINT Connection;
- /*NTSTATUS Status = STATUS_SUCCESS;*/
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -228,13 +230,12 @@
/* Try canceling the request */
Connection = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
- TCPRemoveIRP(Connection, Irp);
-
- TCPAbortListenForSocket(Connection->AddressFile->Listener,
- Connection);
-
- Irp->IoStatus.Information = 0;
- IRPFinish(Irp, STATUS_CANCELLED);
+ if (TCPAbortListenForSocket(Connection->AddressFile->Listener,
+ Connection))
+ {
+ Irp->IoStatus.Information = 0;
+ IRPFinish(Irp, STATUS_CANCELLED);
+ }
TI_DbgPrint(MAX_TRACE, ("Leaving.\n"));
}
Modified: trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -10,13 +10,14 @@
#include "precomp.h"
-VOID DGRemoveIRP(
+BOOLEAN DGRemoveIRP(
PADDRESS_FILE AddrFile,
PIRP Irp)
{
PLIST_ENTRY ListEntry;
PDATAGRAM_RECEIVE_REQUEST ReceiveRequest;
KIRQL OldIrql;
+ BOOLEAN Found = FALSE;
TI_DbgPrint(MAX_TRACE, ("Called (Cancel IRP %08x for file %08x).\n",
Irp, AddrFile));
@@ -36,6 +37,7 @@
{
RemoveEntryList(&ReceiveRequest->ListEntry);
ExFreePoolWithTag(ReceiveRequest, DATAGRAM_RECV_TAG);
+ Found = TRUE;
break;
}
}
@@ -43,6 +45,8 @@
KeReleaseSpinLock(&AddrFile->Lock, OldIrql);
TI_DbgPrint(MAX_TRACE, ("Done.\n"));
+
+ return Found;
}
VOID DGDeliverData(
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/accept.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tcp/accept.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -104,11 +104,12 @@
return Status;
}
-VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
+BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
PCONNECTION_ENDPOINT Connection ) {
PLIST_ENTRY ListEntry;
PTDI_BUCKET Bucket;
KIRQL OldIrql;
+ BOOLEAN Found = FALSE;
KeAcquireSpinLock(&Listener->Lock, &OldIrql);
@@ -119,6 +120,7 @@
if( Bucket->AssociatedEndpoint == Connection ) {
RemoveEntryList( &Bucket->Entry );
ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG );
+ Found = TRUE;
break;
}
@@ -126,6 +128,8 @@
}
KeReleaseSpinLock(&Listener->Lock, OldIrql);
+
+ return Found;
}
NTSTATUS TCPAccept ( PTDI_REQUEST Request,
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] Sun Nov 22 03:32:47 2009
@@ -904,12 +904,13 @@
return Status;
}
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) {
+BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) {
PLIST_ENTRY Entry;
PLIST_ENTRY ListHead[4];
KIRQL OldIrql;
PTDI_BUCKET Bucket;
UINT i = 0;
+ BOOLEAN Found = FALSE;
ListHead[0] = &Endpoint->SendRequest;
ListHead[1] = &Endpoint->ReceiveRequest;
@@ -929,12 +930,15 @@
{
RemoveEntryList( &Bucket->Entry );
ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG );
+ Found = TRUE;
break;
}
}
}
TcpipReleaseSpinLock( &Endpoint->Lock, OldIrql );
+
+ return Found;
}
/* EOF */
More information about the Ros-diffs
mailing list