10 Jan
2007
10 Jan
'07
3:36 a.m.
Author: ion
Date: Wed Jan 10 06:35:59 2007
New Revision: 25408
URL: http://svn.reactos.org/svn/reactos?rev=25408&view=rev
Log:
- Implement ObReferenceProcessHandleTable and ObDereferenceProcessHandleTable and use them
where appropriate to avoid race issues if the process is being killed meanwhile.
- Implement ObpReferenceProcessObjectByHandle and simplfy ObDuplicateObject.
- Disable hard errors while closing handles, and protect against races. Also print our
error message since it seems handles aren't being closed now (message displays leak
count).
- Honour DUPLICATE_CLOSE_SOURCE during failure paths in ObDuplicateObject, and catch race
conditions.
- Add some more sanity checks and speed up some internal referencing.
Modified:
trunk/reactos/ntoskrnl/KrnlFun.c
trunk/reactos/ntoskrnl/include/internal/ob.h
trunk/reactos/ntoskrnl/ob/obhandle.c
trunk/reactos/ntoskrnl/ob/obref.c
Modified: trunk/reactos/ntoskrnl/KrnlFun.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/KrnlFun.c?rev=254…
==============================================================================
--- trunk/reactos/ntoskrnl/KrnlFun.c (original)
+++ trunk/reactos/ntoskrnl/KrnlFun.c Wed Jan 10 06:35:59 2007
@@ -7,11 +7,6 @@
// Do NOT complain about it.
// Do NOT ask when it will be fixed.
// Failure to respect this will *ACHIEVE NOTHING*.
-//
-//
-// Ob:
-// - Add Directory Lock.
-// - Add Object Table Referencing.
//
// Ex:
// - Fixup existing code that talks to Ke.
Modified: trunk/reactos/ntoskrnl/include/internal/ob.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/…
==============================================================================
--- trunk/reactos/ntoskrnl/include/internal/ob.h (original)
+++ trunk/reactos/ntoskrnl/include/internal/ob.h Wed Jan 10 06:35:59 2007
@@ -171,6 +171,18 @@
IN PEPROCESS Process
);
+PHANDLE_TABLE
+NTAPI
+ObReferenceProcessHandleTable(
+ IN PEPROCESS Process
+);
+
+VOID
+NTAPI
+ObDereferenceProcessHandleTable(
+ IN PEPROCESS Process
+);
+
VOID
NTAPI
ObKillProcess(
Modified: trunk/reactos/ntoskrnl/ob/obhandle.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obhandle.c?rev…
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obhandle.c (original)
+++ trunk/reactos/ntoskrnl/ob/obhandle.c Wed Jan 10 06:35:59 2007
@@ -22,6 +22,165 @@
#define TAG_OB_HANDLE TAG('O', 'b', 'H', 'd')
/* PRIVATE FUNCTIONS *********************************************************/
+
+PHANDLE_TABLE
+NTAPI
+ObReferenceProcessHandleTable(IN PEPROCESS Process)
+{
+ PHANDLE_TABLE HandleTable = NULL;
+
+ /* Lock the process */
+ if (ExAcquireRundownProtection(&Process->RundownProtect))
+ {
+ /* Get the handle table */
+ HandleTable = Process->ObjectTable;
+ if (!HandleTable)
+ {
+ /* No table, release the lock */
+ ExReleaseRundownProtection(&Process->RundownProtect);
+ }
+ }
+
+ /* Return the handle table */
+ return HandleTable;
+}
+
+VOID
+NTAPI
+ObDereferenceProcessHandleTable(IN PEPROCESS Process)
+{
+ /* Release the process lock */
+ ExReleaseRundownProtection(&Process->RundownProtect);
+}
+
+NTSTATUS
+NTAPI
+ObpReferenceProcessObjectByHandle(IN HANDLE Handle,
+ IN PEPROCESS Process,
+ IN PHANDLE_TABLE HandleTable,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PVOID *Object,
+ OUT POBJECT_HANDLE_INFORMATION HandleInformation)
+{
+ PHANDLE_TABLE_ENTRY HandleEntry;
+ POBJECT_HEADER ObjectHeader;
+ ACCESS_MASK GrantedAccess;
+ ULONG Attributes;
+ PEPROCESS CurrentProcess;
+ PETHREAD CurrentThread;
+ NTSTATUS Status;
+ PAGED_CODE();
+
+ /* Assume failure */
+ *Object = NULL;
+
+ /* Check if the caller wants the current process */
+ if (Handle == NtCurrentProcess())
+ {
+ /* Get the current process */
+ CurrentProcess = PsGetCurrentProcess();
+
+ /* Check if the caller wanted handle information */
+ if (HandleInformation)
+ {
+ /* Return it */
+ HandleInformation->HandleAttributes = 0;
+ HandleInformation->GrantedAccess = Process->GrantedAccess;
+ }
+
+ /* Reference ourselves */
+ ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentProcess);
+ InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
+
+ /* Return the pointer */
+ *Object = CurrentProcess;
+ return STATUS_SUCCESS;
+ }
+
+ /* Check if the caller wants the current thread */
+ if (Handle == NtCurrentThread())
+ {
+ /* Get the current thread */
+ CurrentThread = PsGetCurrentThread();
+
+ /* Check if the caller wanted handle information */
+ if (HandleInformation)
+ {
+ /* Return it */
+ HandleInformation->HandleAttributes = 0;
+ HandleInformation->GrantedAccess = CurrentThread->GrantedAccess;
+ }
+
+ /* Reference ourselves */
+ ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentThread);
+ InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
+
+ /* Return the pointer */
+ *Object = CurrentThread;
+ return STATUS_SUCCESS;
+ }
+
+ /* Check if this is a kernel handle */
+ if (ObIsKernelHandle(Handle, AccessMode))
+ {
+ /* Use the kernel handle table and get the actual handle value */
+ Handle = ObKernelHandleToHandle(Handle);
+ HandleTable = ObpKernelHandleTable;
+ }
+ else
+ {
+ /* Otherwise use this process's handle table */
+ HandleTable = PsGetCurrentProcess()->ObjectTable;
+ }
+
+ /* Enter a critical region while we touch the handle table */
+ ASSERT(HandleTable != NULL);
+ KeEnterCriticalRegion();
+
+ /* Get the handle entry */
+ HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
+ if (HandleEntry)
+ {
+ /* Get the object header and validate the type*/
+ ObjectHeader = EX_HTE_TO_HDR(HandleEntry);
+
+ /* Get the granted access and validate it */
+ GrantedAccess = HandleEntry->GrantedAccess;
+
+ /* Mask out the internal attributes */
+ Attributes = HandleEntry->ObAttributes &
+ (EX_HANDLE_ENTRY_PROTECTFROMCLOSE |
+ EX_HANDLE_ENTRY_INHERITABLE |
+ EX_HANDLE_ENTRY_AUDITONCLOSE);
+
+ /* Fill out the information */
+ HandleInformation->HandleAttributes = Attributes;
+ HandleInformation->GrantedAccess = GrantedAccess;
+
+ /* Return the pointer */
+ *Object = &ObjectHeader->Body;
+
+ /* Add a reference */
+ InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
+
+ /* Unlock the handle */
+ ExUnlockHandleTableEntry(HandleTable, HandleEntry);
+ KeLeaveCriticalRegion();
+
+ /* Return success */
+ ASSERT(*Object != NULL);
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Invalid handle */
+ Status = STATUS_INVALID_HANDLE;
+ }
+
+ /* Return failure status */
+ KeLeaveCriticalRegion();
+ return Status;
+}
BOOLEAN
NTAPI
@@ -1741,11 +1900,15 @@
/* Check if we have a parent */
if (Parent)
{
+ /* Get the parent's table */
+ HandleTable = ObReferenceProcessHandleTable(Parent);
+ if (!HandleTable) return STATUS_PROCESS_IS_TERMINATING;
+
/* Duplicate the parent's */
HandleTable = ExDupHandleTable(Process,
ObpDuplicateHandleCallback,
NULL,
- Parent->ObjectTable);
+ HandleTable);
}
else
{
@@ -1753,11 +1916,14 @@
HandleTable = ExCreateHandleTable(Process);
}
- /* Now write it and make sure we got one */
+ /* Now write it */
Process->ObjectTable = HandleTable;
+
+ /* Dereference the parent's handle table if we have one */
+ if (Parent) ObDereferenceProcessHandleTable(Parent);
+
+ /* Fail or succeed depending on whether we got a handle table or not */
if (!HandleTable) return STATUS_INSUFFICIENT_RESOURCES;
-
- /* If we got here then the table was created OK */
return STATUS_SUCCESS;
}
@@ -1778,9 +1944,20 @@
NTAPI
ObKillProcess(IN PEPROCESS Process)
{
- PHANDLE_TABLE HandleTable = Process->ObjectTable;
+ PHANDLE_TABLE HandleTable;
OBP_CLOSE_HANDLE_CONTEXT Context;
+ BOOLEAN HardErrors;
PAGED_CODE();
+
+ /* Wait for process rundown */
+ ExWaitForRundownProtectionRelease(&Process->RundownProtect);
+
+ /* Get the object table */
+ HandleTable = Process->ObjectTable;
+ if (!HandleTable) return;
+
+ /* Disable hard errors while we close handles */
+ HardErrors = IoSetThreadHardErrorMode(FALSE);
/* Enter a critical region */
KeEnterCriticalRegion();
@@ -1793,13 +1970,20 @@
ExSweepHandleTable(HandleTable,
ObpCloseHandleCallback,
&Context);
-
- /* Destroy the table and leave the critical region */
+ if (HandleTable->HandleCount != 0)
+ {
+ DPRINT1("FIXME: %d handles remain!\n", HandleTable->HandleCount);
+ }
+
+ /* Leave the critical region */
+ KeLeaveCriticalRegion();
+
+ /* Re-enable hard errors */
+ IoSetThreadHardErrorMode(HardErrors);
+
+ /* Destroy the object table */
+ Process->ObjectTable = NULL;
ExDestroyHandleTable(HandleTable);
- KeLeaveCriticalRegion();
-
- /* Clear the object table */
- Process->ObjectTable = NULL;
}
NTSTATUS
@@ -1820,12 +2004,12 @@
POBJECT_TYPE ObjectType;
HANDLE NewHandle;
KAPC_STATE ApcState;
- NTSTATUS Status = STATUS_SUCCESS;
+ NTSTATUS Status;
ACCESS_MASK TargetAccess, SourceAccess;
ACCESS_STATE AccessState;
PACCESS_STATE PassedAccessState = NULL;
AUX_DATA AuxData;
- PHANDLE_TABLE HandleTable = NULL;
+ PHANDLE_TABLE HandleTable;
OBJECT_HANDLE_INFORMATION HandleInformation;
PAGED_CODE();
OBTRACE(OB_HANDLE_DEBUG,
@@ -1835,32 +2019,77 @@
SourceProcess,
TargetProcess);
- /* Check if we're not in the source process */
- if (SourceProcess != PsGetCurrentProcess())
- {
- /* Attach to it */
- KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
- AttachedToProcess = TRUE;
- }
-
- /* Now reference the source handle */
- Status = ObReferenceObjectByHandle(SourceHandle,
- 0,
- NULL,
- PreviousMode,
- (PVOID*)&SourceObject,
- &HandleInformation);
-
- /* Check if we were attached */
- if (AttachedToProcess)
- {
- /* We can safely detach now */
- KeUnstackDetachProcess(&ApcState);
- AttachedToProcess = FALSE;
- }
-
- /* Fail if we couldn't reference it */
- if (!NT_SUCCESS(Status)) return Status;
+ /* Check if we're not duplicating the same access */
+ if (!(Options & DUPLICATE_SAME_ACCESS))
+ {
+ /* Validate the desired access */
+ Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
+ if (!NT_SUCCESS(Status)) return Status;
+ }
+
+ /* Reference the object table */
+ HandleTable = ObReferenceProcessHandleTable(SourceProcess);
+ if (!HandleTable) return STATUS_PROCESS_IS_TERMINATING;
+
+ /* Reference the process object */
+ Status = ObpReferenceProcessObjectByHandle(SourceHandle,
+ 0,
+ HandleTable,
+ PreviousMode,
+ &SourceObject,
+ &HandleInformation);
+ if (!NT_SUCCESS(Status))
+ {
+ /* Fail */
+ ObDereferenceProcessHandleTable(SourceProcess);
+ return Status;
+ }
+
+ /* Check if there's no target process */
+ if (!TargetProcess)
+ {
+ /* Check if the caller wanted actual duplication */
+ if (!(Options & DUPLICATE_CLOSE_SOURCE))
+ {
+ /* Invalid request */
+ Status = STATUS_INVALID_PARAMETER;
+ }
+ else
+ {
+ /* Otherwise, do the attach */
+ KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
+
+ /* Close the handle and detach */
+ NtClose(SourceHandle);
+ KeUnstackDetachProcess(&ApcState);
+ }
+
+ /* Return */
+ ObDereferenceProcessHandleTable(SourceProcess);
+ ObDereferenceObject(SourceObject);
+ return Status;
+ }
+
+ /* Get the target handle table */
+ HandleTable = ObReferenceProcessHandleTable(TargetProcess);
+ if (!HandleTable)
+ {
+ /* Check if the caller wanted us to close the handle */
+ if (Options & DUPLICATE_CLOSE_SOURCE)
+ {
+ /* Do the attach */
+ KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
+
+ /* Close the handle and detach */
+ NtClose(SourceHandle);
+ KeUnstackDetachProcess(&ApcState);
+ }
+
+ /* Return */
+ ObDereferenceProcessHandleTable(SourceProcess);
+ ObDereferenceObject(SourceObject);
+ return STATUS_PROCESS_IS_TERMINATING;
+ }
/* Get the source access */
SourceAccess = HandleInformation.GrantedAccess;
@@ -1898,7 +2127,8 @@
if (DesiredAccess & GENERIC_ACCESS)
{
/* Map it */
- RtlMapGenericMask(&DesiredAccess,
&ObjectType->TypeInfo.GenericMapping);
+ RtlMapGenericMask(&DesiredAccess,
+ &ObjectType->TypeInfo.GenericMapping);
}
/* Set the target access */
@@ -1940,9 +2170,6 @@
HandleAttributes,
PsGetCurrentProcess(),
ObDuplicateHandle);
-
- /* Set the handle table, now that we know this handle was added */
- HandleTable = PsGetCurrentProcess()->ObjectTable;
}
/* Check if we were attached */
@@ -1989,6 +2216,10 @@
/* Return the handle */
if (TargetHandle) *TargetHandle = NewHandle;
+
+ /* Dereference handle tables */
+ ObDereferenceProcessHandleTable(SourceProcess);
+ ObDereferenceProcessHandleTable(TargetProcess);
/* Return status */
OBTRACE(OB_HANDLE_DEBUG,
Modified: trunk/reactos/ntoskrnl/ob/obref.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obref.c?rev=25…
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obref.c (original)
+++ trunk/reactos/ntoskrnl/ob/obref.c Wed Jan 10 06:35:59 2007
@@ -478,8 +478,8 @@
NTSTATUS Status;
PAGED_CODE();
- /* Fail immediately if the handle is NULL */
- if (!Handle) return STATUS_INVALID_HANDLE;
+ /* Assume failure */
+ *Object = NULL;
/* Check if the caller wants the current process */
if ((Handle == NtCurrentProcess()) &&
@@ -488,9 +488,6 @@
/* Get the current process */
CurrentProcess = PsGetCurrentProcess();
- /* Reference ourselves */
- ObReferenceObject(CurrentProcess);
-
/* Check if the caller wanted handle information */
if (HandleInformation)
{
@@ -499,6 +496,10 @@
HandleInformation->GrantedAccess = PROCESS_ALL_ACCESS;
}
+ /* Reference ourselves */
+ ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentProcess);
+ InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
+
/* Return the pointer */
*Object = CurrentProcess;
return STATUS_SUCCESS;
@@ -516,9 +517,6 @@
/* Get the current thread */
CurrentThread = PsGetCurrentThread();
- /* Reference ourselves */
- ObReferenceObject(CurrentThread);
-
/* Check if the caller wanted handle information */
if (HandleInformation)
{
@@ -527,6 +525,10 @@
HandleInformation->GrantedAccess = THREAD_ALL_ACCESS;
}
+ /* Reference ourselves */
+ ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentThread);
+ InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
+
/* Return the pointer */
*Object = CurrentThread;
return STATUS_SUCCESS;
@@ -551,6 +553,7 @@
}
/* Enter a critical region while we touch the handle table */
+ ASSERT(HandleTable != NULL);
KeEnterCriticalRegion();
/* Get the handle entry */
@@ -588,9 +591,10 @@
/* Unlock the handle */
ExUnlockHandleTableEntry(HandleTable, HandleEntry);
+ KeLeaveCriticalRegion();
/* Return success */
- KeLeaveCriticalRegion();
+ ASSERT(*Object != NULL);
return STATUS_SUCCESS;
}
else