[ros-dev] Re: [ros-svn] [hbirr] 14964: Do always set the UserIosb
of an irp in IoSecondStageCompletion.
Hartmut Birr
hartmut.birr at gmx.de
Wed May 4 19:15:26 CEST 2005
Alex Ionescu wrote:
> Ok, well that indicates that our VFAT driver is broken. It should be
> fixed instead of breaking correct code.
>
That isn't correct. The bug is in IoCreateFile or/and
SecondStageCompletion. It is possible that a FS driver returns
STATUS_PENDING and does later complete the irp with an error.
IoCreateFile does wait on the FileObject event but in some cases
IoSecontCompletion doesn't set the result in Irp->UserIosb. This is the
reason for bug #609. There exists more bugs. All Directory/File function
may always provide an user event handle. In some conditions they must
provide an user event handle. IoSecondStageCompletion does sometimes
dereference the user event and sometimes not. An other problem is the
copying of the results to Irp->UserIosb. The old code has used
MmSafeCopyToUser. It must use this function or guard the copy operation
by an exception frame and use MmProbeForWrite. If the operation is
asynchronous, the calling thread may be buggy and does dereference the
status block. In this case ros does crash. I've the feeling, you should
start a second rewrite of the io completion code.
- Hartmut
More information about the Ros-dev
mailing list