[ros-kernel] Bugs in NtRead/WriteFile (Eric)
ekohl at rz-online.de
Sun Nov 30 16:54:27 CET 2003
"Gunnar André Dalsnes" <hardon at online.no> wrote:
> Huh? If the operation was synchronous, NtWriteFile should wait for io to
> complete thus it's not possible for IoStatusBlock to get out of scope...
> And where did usetup.exe crash? In
> IoSecondStageCompletion->*Irp->UserIosb=Irp->IoStatus ????
Allocating Irp->UserIosb from the kernel mode stack fixed the crash.
Strange, isn't is?
> Allocating IoStatusBlock (Irp->UserIosb) from NonPagedPool is not a
> requirement, so it seems to me you are trying to work-around another bug.
> We should do a MmSafeCopyToUserMode in IoSecondStageCompletion when doing
> *Irp->UserIosb=Irp->IoStatus, if the irp originated from umode. This makes
> it unnecessary (and incorrect) to use a local "safe" variable for
> IoStatusBlock (Irp->UserIosb) no matter what kind of operation
I'll try that!
> I think the real bug is that IoSecondStageCompletion are sometimes, for
> synchronous operations, called at DISPATCH_LEVEL. Copying read data back
> to umode and copying the Irp->IoStatus to the umode buffer in
> Irp->UserIosb should fail in this case, but strangely, this seems to work
> ok (i have never seen it crash). You might have been "unlucky", having the
> umode stack paged out while waiting for the write to complete, making
> usetup.exe crash in IoSecondStageCompletion->*Irp->UserIosb=Irp->IoStatus.
Shouldn't IoSecondStageCompletion only be running at PASSIVE_LEVEL?
More information about the Ros-kernel