Ros-diffs January 2013

ros-diffs@reactos.org

11 participants
185 discussions

[tfaber] 58247: [NTOSKRNL:MM] - Validate virtual address range on pool free CORE-6929 CORE-6712 #resolve
by tfaber＠svn.reactos.org 28 Jan '13

28 Jan '13

Author: tfaber Date: Mon Jan 28 18:58:55 2013 New Revision: 58247 URL: http://svn.reactos.org/svn/reactos?rev=58247&view=rev Log: [NTOSKRNL:MM] - Validate virtual address range on pool free CORE-6929 CORE-6712 #resolve Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pool.c?re… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] Mon Jan 28 18:58:55 2013 @@ -408,8 +408,11 @@ // // Use a simple bounds check // - return (PoolAddress >= MmPagedPoolStart) && (PoolAddress <= MmPagedPoolEnd) ? - PagedPool : NonPagedPool; + if (PoolAddress >= MmPagedPoolStart && PoolAddress <= MmPagedPoolEnd) + return PagedPool; + else if (PoolAddress >= MmNonPagedPoolStart && PoolAddress <= MmNonPagedPoolEnd) + return NonPagedPool; + KeBugCheckEx(BAD_POOL_CALLER, 0x42, (ULONG_PTR)PoolAddress, 0, 0); } PVOID

1 0

[tfaber] 58246: [NTOSKRNL:MM] - Add a DPRINT with more info to the 'Hash == TableMask' assertion - Validate pool tags on free also for big allocations - Validate pool tag earlier, before tracking t...
by tfaber＠svn.reactos.org 28 Jan '13

28 Jan '13

Author: tfaber Date: Mon Jan 28 18:27:21 2013 New Revision: 58246 URL: http://svn.reactos.org/svn/reactos?rev=58246&view=rev Log: [NTOSKRNL:MM] - Add a DPRINT with more info to the 'Hash == TableMask' assertion - Validate pool tags on free also for big allocations - Validate pool tag earlier, before tracking the free operation CORE-6929 Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/expool.c?… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] Mon Jan 28 18:27:21 2013 @@ -570,7 +570,12 @@ // We should have only ended up with an empty entry if we've reached // the last bucket // - if (!TableEntry->Key) ASSERT(Hash == TableMask); + if (!TableEntry->Key) + { + DPRINT1("Empty item reached in tracker table. Tag=0x%08lx, NumberOfBytes=%lu, PoolType=%d\n", + Key, (ULONG)NumberOfBytes, PoolType); + ASSERT(Hash == TableMask); + } // // This path is hit when we don't have an entry, and the current bucket @@ -2072,6 +2077,15 @@ } // + // Check block tag + // + if (TagToFree && TagToFree != Tag) + { + DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag); + KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree); + } + + // // We have our tag and our page count, so we can go ahead and remove this // tracker now // @@ -2144,20 +2158,20 @@ if (Tag & PROTECTED_POOL) Tag &= ~PROTECTED_POOL; // - // Stop tracking this allocation + // Check block tag + // + if (TagToFree && TagToFree != Tag) + { + DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag); + KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree); + } + + // + // Track the removal of this allocation // ExpRemovePoolTracker(Tag, BlockSize * POOL_BLOCK_SIZE, Entry->PoolType - 1); - - // - // Check block tag - // - if (TagToFree && TagToFree != Tag) - { - DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag); - KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree); - } // // Is this allocation small enough to have come from a lookaside list?

1 0

[pschweitzer] 58245: [NTOSKRNL] Properly queue the IRP in IoCancelFileOpen()
by pschweitzer＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: pschweitzer Date: Sun Jan 27 16:38:24 2013 New Revision: 58245 URL: http://svn.reactos.org/svn/reactos?rev=58245&view=rev Log: [NTOSKRNL] Properly queue the IRP in IoCancelFileOpen() Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/file.c?r… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] Sun Jan 27 16:38:24 2013 @@ -2497,6 +2497,7 @@ { PIRP Irp; KEVENT Event; + KIRQL OldIrql; NTSTATUS Status; PIO_STACK_LOCATION Stack; @@ -2527,7 +2528,8 @@ Stack->MajorFunction = IRP_MJ_CLEANUP; Stack->FileObject = FileObject; - // FIXME: Put on top of IRPs list of the thread + /* Put on top of IRPs list of the thread */ + IopQueueIrpToThread(Irp); /* Call the driver */ Status = IoCallDriver(DeviceObject, Irp); @@ -2537,7 +2539,10 @@ KernelMode, FALSE, NULL); } - // FIXME: Remove from IRPs list + /* Remove from IRPs list */ + KeRaiseIrql(APC_LEVEL, &OldIrql); + IopUnQueueIrpFromThread(Irp); + KeLowerIrql(OldIrql); /* Free the IRP */ IoFreeIrp(Irp);

1 0

[pschweitzer] 58244: [NTOSKRNL] Implement IoCancelFileOpen(). You can read: http://www.osronline.com/showThread.cfm?link=20807 Even though the proposed implementation is closer to W2K implementatio...
by pschweitzer＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: pschweitzer Date: Sun Jan 27 16:18:00 2013 New Revision: 58244 URL: http://svn.reactos.org/svn/reactos?rev=58244&view=rev Log: [NTOSKRNL] Implement IoCancelFileOpen(). You can read: http://www.osronline.com/showThread.cfm?link=20807 Even though the proposed implementation is closer to W2K implementation than to W2K3 implementation In W2K3, no IRP is issued with major close. Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c Modified: trunk/reactos/ntoskrnl/io/iomgr/file.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/file.c?r… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/file.c [iso-8859-1] Sun Jan 27 16:18:00 2013 @@ -2488,14 +2488,64 @@ } /* - * @unimplemented + * @implemented */ VOID NTAPI IoCancelFileOpen(IN PDEVICE_OBJECT DeviceObject, IN PFILE_OBJECT FileObject) { - UNIMPLEMENTED; + PIRP Irp; + KEVENT Event; + NTSTATUS Status; + PIO_STACK_LOCATION Stack; + + /* Check if handles were already created for the + * open file. If so, that's over. + */ + if (FileObject->Flags & FO_HANDLE_CREATED) + KeBugCheckEx(INVALID_CANCEL_OF_FILE_OPEN, + (ULONG_PTR)FileObject, + (ULONG_PTR)DeviceObject, 0, 0); + + /* Reset the events */ + KeInitializeEvent(&Event, SynchronizationEvent, FALSE); + KeClearEvent(&FileObject->Event); + + /* Allocate the IRP we'll use */ + Irp = IopAllocateIrpMustSucceed(DeviceObject->StackSize); + /* Properly set it */ + Irp->Tail.Overlay.Thread = PsGetCurrentThread(); + Irp->UserEvent = &Event; + Irp->UserIosb = &Irp->IoStatus; + Irp->Overlay.AsynchronousParameters.UserApcRoutine = NULL; + Irp->Tail.Overlay.OriginalFileObject = FileObject; + Irp->RequestorMode = KernelMode; + Irp->Flags = IRP_CLOSE_OPERATION | IRP_SYNCHRONOUS_API; + + Stack = IoGetNextIrpStackLocation(Irp); + Stack->MajorFunction = IRP_MJ_CLEANUP; + Stack->FileObject = FileObject; + + // FIXME: Put on top of IRPs list of the thread + + /* Call the driver */ + Status = IoCallDriver(DeviceObject, Irp); + if (Status == STATUS_PENDING) + { + KeWaitForSingleObject(&Event, UserRequest, + KernelMode, FALSE, NULL); + } + + // FIXME: Remove from IRPs list + + /* Free the IRP */ + IoFreeIrp(Irp); + + /* Clear the event */ + KeClearEvent(&FileObject->Event); + /* And finally, mark the open operation as canceled */ + FileObject->Flags |= FO_FILE_OPEN_CANCELLED; } /*

1 0

[pschweitzer] 58243: [NTOSKRNL] Implement IopAllocateIrpMustSucceed() which is designed to *normally* always return an IRP. Even in low memory situations (if you wait enough).
by pschweitzer＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: pschweitzer Date: Sun Jan 27 16:11:55 2013 New Revision: 58243 URL: http://svn.reactos.org/svn/reactos?rev=58243&view=rev Log: [NTOSKRNL] Implement IopAllocateIrpMustSucceed() which is designed to *normally* always return an IRP. Even in low memory situations (if you wait enough). Modified: trunk/reactos/ntoskrnl/include/internal/io.h trunk/reactos/ntoskrnl/io/iomgr/irp.c Modified: trunk/reactos/ntoskrnl/include/internal/io.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/… ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/io.h [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/include/internal/io.h [iso-8859-1] Sun Jan 27 16:11:55 2013 @@ -903,6 +903,12 @@ IN PIRP Irp ); +PIRP +NTAPI +IopAllocateIrpMustSucceed( + IN CCHAR StackSize +); + // // Shutdown routines // Modified: trunk/reactos/ntoskrnl/io/iomgr/irp.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/irp.c?re… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/irp.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/irp.c [iso-8859-1] Sun Jan 27 16:11:55 2013 @@ -622,6 +622,40 @@ __FUNCTION__, Irp, Flags); + return Irp; +} + +/* + * @implemented + */ +PIRP +NTAPI +IopAllocateIrpMustSucceed(IN CCHAR StackSize) +{ + LONG i; + PIRP Irp; + LARGE_INTEGER Sleep; + + /* Try to get an IRP */ + Irp = IoAllocateIrp(StackSize, FALSE); + if (Irp) + return Irp; + + /* If we fail, start looping till we may get one */ + i = LONG_MAX; + do { + i--; + + /* First, sleep for 10ms */ + Sleep.QuadPart = -10 * 1000 * 10;; + KeDelayExecutionThread(KernelMode, FALSE, &Sleep); + + /* Then, retry allocation */ + Irp = IoAllocateIrp(StackSize, FALSE); + if (Irp) + return Irp; + } while (i > 0); + return Irp; }

1 0

[pschweitzer] 58242: [BUGCODES] Add the bug code for IoCancelFileOpen()
by pschweitzer＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: pschweitzer Date: Sun Jan 27 16:08:54 2013 New Revision: 58242 URL: http://svn.reactos.org/svn/reactos?rev=58242&view=rev Log: [BUGCODES] Add the bug code for IoCancelFileOpen() Modified: trunk/reactos/include/reactos/mc/bugcodes.mc Modified: trunk/reactos/include/reactos/mc/bugcodes.mc URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/mc/bugcode… ============================================================================== --- trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] (original) +++ trunk/reactos/include/reactos/mc/bugcodes.mc [iso-8859-1] Sun Jan 27 16:08:54 2013 @@ -1469,6 +1469,14 @@ POWER_FAILURE_SIMULATE . +MessageId=0xE8 +Severity=Success +Facility=System +SymbolicName=INVALID_CANCEL_OF_FILE_OPEN +Language=English +Invalid cancel of a open file. It already has handle. +. + MessageId=0xE9 Severity=Success Facility=System

1 0

[hbelusca] 58241: [SMSS] Revert my change of loading the win32k kernel-mode subsystem driver by reading the Kmode value and use instead a hardcoded value, per request of Alex. I'm wondering why Win...
by hbelusca＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: hbelusca Date: Sun Jan 27 13:55:04 2013 New Revision: 58241 URL: http://svn.reactos.org/svn/reactos?rev=58241&view=rev Log: [SMSS] Revert my change of loading the win32k kernel-mode subsystem driver by reading the Kmode value and use instead a hardcoded value, per request of Alex. I'm wondering why Windows wouldn't allow you to use a personalized value there and forces you to use win32k with this name, placed in \SystemRoot\System32 directory and not in an other place. Modified: trunk/reactos/base/system/smss/smsubsys.c Modified: trunk/reactos/base/system/smss/smsubsys.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/smsubsys.… ============================================================================== --- trunk/reactos/base/system/smss/smsubsys.c [iso-8859-1] (original) +++ trunk/reactos/base/system/smss/smsubsys.c [iso-8859-1] Sun Jan 27 13:55:04 2013 @@ -515,7 +515,7 @@ { NTSTATUS Status = STATUS_SUCCESS, Status2; PSMP_REGISTRY_VALUE RegEntry; - UNICODE_STRING NtPath; + UNICODE_STRING DestinationString, NtPath; PLIST_ENTRY NextEntry; LARGE_INTEGER Timeout; PVOID State; @@ -570,10 +570,15 @@ } AttachedSessionId = *MuSessionId; - /* Start Win32k.sys on this session */ + /* + * Start Win32k.sys on this session. Use a hardcoded value + * instead of the Kmode one... + */ + RtlInitUnicodeString(&DestinationString, + L"\\SystemRoot\\System32\\win32k.sys"); Status = NtSetSystemInformation(SystemExtendServiceTableInformation, - &NtPath, - sizeof(NtPath)); + &DestinationString, + sizeof(DestinationString)); RtlFreeHeap(RtlGetProcessHeap(), 0, NtPath.Buffer); SmpReleasePrivilege(State); if (!NT_SUCCESS(Status))

1 0

[tfaber] 58240: [KSPROXY] - Fix some MSVC and GCC 4.7 warnings
by tfaber＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: tfaber Date: Sun Jan 27 11:39:09 2013 New Revision: 58240 URL: http://svn.reactos.org/svn/reactos?rev=58240&view=rev Log: [KSPROXY] - Fix some MSVC and GCC 4.7 warnings Modified: trunk/reactos/dll/directx/ksproxy/allocator.cpp trunk/reactos/dll/directx/ksproxy/output_pin.cpp trunk/reactos/dll/directx/ksproxy/proxy.cpp Modified: trunk/reactos/dll/directx/ksproxy/allocator.cpp URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/directx/ksproxy/alloca… ============================================================================== --- trunk/reactos/dll/directx/ksproxy/allocator.cpp [iso-8859-1] (original) +++ trunk/reactos/dll/directx/ksproxy/allocator.cpp [iso-8859-1] Sun Jan 27 11:39:09 2013 @@ -583,7 +583,7 @@ { IMediaSample * Sample = m_FreeList.top(); m_FreeList.pop(); - delete Sample; + Sample->Release(); } m_FreeSamples = false; Modified: trunk/reactos/dll/directx/ksproxy/output_pin.cpp URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/directx/ksproxy/output… ============================================================================== --- trunk/reactos/dll/directx/ksproxy/output_pin.cpp [iso-8859-1] (original) +++ trunk/reactos/dll/directx/ksproxy/output_pin.cpp [iso-8859-1] Sun Jan 27 11:39:09 2013 @@ -1681,7 +1681,7 @@ if (GetSupportedSets(&pGuid, &NumGuids)) { // load all proxy plugins - if (FAILED(LoadProxyPlugins(pGuid, NumGuids))); + if (FAILED(LoadProxyPlugins(pGuid, NumGuids))) { #ifdef KSPROXY_TRACE OutputDebugStringW(L"COutputPin::Connect LoadProxyPlugins failed\n"); Modified: trunk/reactos/dll/directx/ksproxy/proxy.cpp URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/directx/ksproxy/proxy.… ============================================================================== --- trunk/reactos/dll/directx/ksproxy/proxy.cpp [iso-8859-1] (original) +++ trunk/reactos/dll/directx/ksproxy/proxy.cpp [iso-8859-1] Sun Jan 27 11:39:09 2013 @@ -208,7 +208,6 @@ CKsProxy::CKsProxy() : m_Ref(0), m_pGraph(0), - m_ReferenceClock((IReferenceClock*)this), m_FilterState(State_Stopped), m_hDevice(0), m_Plugins(), @@ -216,6 +215,7 @@ m_DevicePath(0), m_hClock(0) { + m_ReferenceClock = this; InitializeCriticalSection(&m_Lock); }

1 0

[pschweitzer] 58239: [NTOSKRNL] In ObpCheckTraverseAccess() first try to perform a fast traverse check before doing the entire access check.
by pschweitzer＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: pschweitzer Date: Sun Jan 27 09:50:20 2013 New Revision: 58239 URL: http://svn.reactos.org/svn/reactos?rev=58239&view=rev Log: [NTOSKRNL] In ObpCheckTraverseAccess() first try to perform a fast traverse check before doing the entire access check. Modified: trunk/reactos/ntoskrnl/ob/obsecure.c Modified: trunk/reactos/ntoskrnl/ob/obsecure.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obsecure.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/ob/obsecure.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ob/obsecure.c [iso-8859-1] Sun Jan 27 09:50:20 2013 @@ -301,6 +301,20 @@ return FALSE; } + /* First try to perform a fast traverse check + * If it fails, then the entire access check will + * have to be done. + */ + Result = SeFastTraverseCheck(SecurityDescriptor, + AccessState, + FILE_WRITE_DATA, + AccessMode); + if (Result) + { + ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated); + return TRUE; + } + /* Lock the security context */ SeLockSubjectContext(&AccessState->SubjectSecurityContext);

1 0

[hbelusca] 58238: [SMSS] - Uniformize the error messages and also, SmpParseCommand is SmpParseCommandLine in fact. - Remove an unneeded cast since Flags is already ULONG.
by hbelusca＠svn.reactos.org 27 Jan '13

27 Jan '13

Author: hbelusca Date: Sun Jan 27 00:19:43 2013 New Revision: 58238 URL: http://svn.reactos.org/svn/reactos?rev=58238&view=rev Log: [SMSS] - Uniformize the error messages and also, SmpParseCommand is SmpParseCommandLine in fact. - Remove an unneeded cast since Flags is already ULONG. Modified: trunk/reactos/base/system/smss/pagefile.c trunk/reactos/base/system/smss/smss.c Modified: trunk/reactos/base/system/smss/pagefile.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/pagefile.… ============================================================================== --- trunk/reactos/base/system/smss/pagefile.c [iso-8859-1] (original) +++ trunk/reactos/base/system/smss/pagefile.c [iso-8859-1] Sun Jan 27 00:19:43 2013 @@ -109,7 +109,7 @@ if (!NT_SUCCESS(Status)) { /* Fail */ - DPRINT1("SMSS:PFILE: SmpParseCommandLine(%wZ) failed with status %X \n", + DPRINT1("SMSS:PFILE: SmpParseCommandLine( %wZ ) failed - Status == %lx\n", PageFileToken, Status); return Status; } Modified: trunk/reactos/base/system/smss/smss.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/smss.c?re… ============================================================================== --- trunk/reactos/base/system/smss/smss.c [iso-8859-1] (original) +++ trunk/reactos/base/system/smss/smss.c [iso-8859-1] Sun Jan 27 00:19:43 2013 @@ -235,7 +235,7 @@ if (!NT_SUCCESS(Status)) { /* Fail if we couldn't do that */ - DPRINT1("SMSS: SmpParseCommand( %wZ ) failed - Status == %lx\n", + DPRINT1("SMSS: SmpParseCommandLine( %wZ ) failed - Status == %lx\n", CommandLine, Status); return Status; } @@ -312,7 +312,7 @@ /* Parse the initial command line */ Status = SmpParseCommandLine(InitialCommand, - (PULONG)&Flags, + &Flags, &ImageFileName, &ImageFileDirectory, &Arguments); @@ -327,7 +327,7 @@ /* And fail if any other reason is also true */ if (!NT_SUCCESS(Status)) { - DPRINT1("SMSS: SmpParseCommand( %wZ ) failed - Status == %lx\n", + DPRINT1("SMSS: SmpParseCommandLine( %wZ ) failed - Status == %lx\n", InitialCommand, Status); return Status; }

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs January 2013