[ros-diffs] [fireball] 34526: - Save pointer to driver's section in DriverSection during driver loading. - Fix unloading function to check if a driver to be unloaded really has DriverSection set, and if not, fail. - Inspired by bug 3221. See issue #3221 for more details.

fireball at svn.reactos.org fireball at svn.reactos.org
Tue Jul 15 16:24:47 CEST 2008 

Author: fireball
Date: Tue Jul 15 09:24:47 2008
New Revision: 34526

URL: http://svn.reactos.org/svn/reactos?rev=34526&view=rev
Log:
- Save pointer to driver's section in DriverSection during driver loading.
- Fix unloading function to check if a driver to be unloaded really has DriverSection set, and if not, fail.
- Inspired by bug 3221.
See issue #3221 for more details.

Modified:
    trunk/reactos/ntoskrnl/io/iomgr/driver.c

Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c?rev=34526&r1=34525&r2=34526&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] Tue Jul 15 09:24:47 2008
@@ -1085,7 +1085,7 @@
     */
 
     /* Call the load/unload routine, depending on current process */
-   if (DriverObject->DriverUnload)
+   if (DriverObject->DriverUnload && DriverObject->DriverSection)
    {
       if (PsGetCurrentProcess() == PsInitialSystemProcess)
       {
@@ -1111,13 +1111,22 @@
          KeWaitForSingleObject(&LoadParams.Event, UserRequest, KernelMode,
              FALSE, NULL);
       }
-   }
-
-   ObDereferenceObject(DriverObject);
-   ObDereferenceObject(DriverObject);
-   MmUnloadSystemImage(DriverObject->DriverSection);
-
-   return STATUS_SUCCESS;
+
+      /* Unload the driver */
+      ObDereferenceObject(DriverObject);
+      ObDereferenceObject(DriverObject);
+      MmUnloadSystemImage(DriverObject->DriverSection);
+
+      return STATUS_SUCCESS;
+   }
+   else
+   {
+      /* Dereference one time (refd inside this function) */
+      ObDereferenceObject(DriverObject);
+
+      /* Return unloading failure */
+      return STATUS_INVALID_DEVICE_REQUEST;
+   }
 }
 
 VOID
@@ -1718,6 +1727,9 @@
            }
        }
 
+       /* Store its DriverSection, so that it could be unloaded */
+       DriverObject->DriverSection = ModuleObject;
+
        /* We have a driver for this DeviceNode */
        DeviceNode->Flags |= DN_DRIVER_LOADED;
    }

More information about the Ros-diffs mailing list