8 Jun
2011
8 Jun
'11
10:15 p.m.
Author: cgutman
Date: Wed Jun 8 22:15:27 2011
New Revision: 52152
URL: http://svn.reactos.org/svn/reactos?rev=52152&view=rev
Log:
[AFD]
- Fix a bug in some completion routines that resulted in failures being treated as
successes
- Fix various cancellation bugs
- Fixes termination of programs that open listening sockets (Firefox, server.exe,
tcpsvcs.exe, telnetd.exe, etc) and should increase stability in these programs as well
Modified:
trunk/reactos/drivers/network/afd/afd/listen.c
trunk/reactos/drivers/network/afd/afd/lock.c
trunk/reactos/drivers/network/afd/afd/main.c
trunk/reactos/drivers/network/afd/afd/write.c
Modified: trunk/reactos/drivers/network/afd/afd/listen.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/li…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] Wed Jun 8 22:15:27 2011
@@ -140,7 +140,13 @@
}
AFD_DbgPrint(MID_TRACE,("Completing listen request.\n"));
- AFD_DbgPrint(MID_TRACE,("IoStatus was %x\n",
FCB->ListenIrp.Iosb.Status));
+ AFD_DbgPrint(MID_TRACE,("IoStatus was %x\n", Irp->IoStatus.Status));
+
+ if (Irp->IoStatus.Status != STATUS_SUCCESS)
+ {
+ SocketStateUnlock(FCB);
+ return Irp->IoStatus.Status;
+ }
Qelt = ExAllocatePool( NonPagedPool, sizeof(*Qelt) );
if( !Qelt ) {
Modified: trunk/reactos/drivers/network/afd/afd/lock.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/lo…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/lock.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/lock.c [iso-8859-1] Wed Jun 8 22:15:27 2011
@@ -252,10 +252,38 @@
}
NTSTATUS LeaveIrpUntilLater( PAFD_FCB FCB, PIRP Irp, UINT Function ) {
+ NTSTATUS Status;
+
+ /* Add the IRP to the queue in all cases (so AfdCancelHandler will work properly) */
InsertTailList( &FCB->PendingIrpList[Function],
- &Irp->Tail.Overlay.ListEntry );
- IoMarkIrpPending(Irp);
- (void)IoSetCancelRoutine(Irp, AfdCancelHandler);
+ &Irp->Tail.Overlay.ListEntry );
+
+ /* Acquire the cancel spin lock and check the cancel bit */
+ IoAcquireCancelSpinLock(&Irp->CancelIrql);
+ if (!Irp->Cancel)
+ {
+ /* We are not cancelled; we're good to go so
+ * set the cancel routine, release the cancel spin lock,
+ * mark the IRP as pending, and
+ * return STATUS_PENDING to the caller
+ */
+ (void)IoSetCancelRoutine(Irp, AfdCancelHandler);
+ IoReleaseCancelSpinLock(Irp->CancelIrql);
+ IoMarkIrpPending(Irp);
+ Status = STATUS_PENDING;
+ }
+ else
+ {
+ /* We were already cancelled before we were able to register our cancel routine
+ * so we are to call the cancel routine ourselves right here to cancel the IRP
+ * (which handles all the stuff we do above) and return STATUS_CANCELLED to the
caller
+ */
+ AfdCancelHandler(IoGetCurrentIrpStackLocation(Irp)->DeviceObject,
+ Irp);
+ Status = STATUS_CANCELLED;
+ }
+
SocketStateUnlock( FCB );
- return STATUS_PENDING;
-}
+
+ return Status;
+}
Modified: trunk/reactos/drivers/network/afd/afd/main.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/ma…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/main.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/main.c [iso-8859-1] Wed Jun 8 22:15:27 2011
@@ -762,6 +762,33 @@
return (Status);
}
+VOID
+CleanupPendingIrp(PIRP Irp, PIO_STACK_LOCATION IrpSp, PAFD_ACTIVE_POLL Poll)
+{
+ PAFD_RECV_INFO RecvReq;
+ PAFD_SEND_INFO SendReq;
+ PAFD_POLL_INFO PollReq;
+
+ if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_RECV ||
+ IrpSp->MajorFunction == IRP_MJ_READ)
+ {
+ RecvReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+ UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+ }
+ else if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_SEND ||
+ IrpSp->MajorFunction == IRP_MJ_WRITE)
+ {
+ SendReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+ UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
+ }
+ else if (IrpSp->Parameters.DeviceIoControl.IoControlCode == IOCTL_AFD_SELECT)
+ {
+ PollReq = Irp->AssociatedIrp.SystemBuffer;
+ ZeroEvents(PollReq->Handles, PollReq->HandleCount);
+ SignalSocket(Poll, NULL, PollReq, STATUS_CANCELLED);
+ }
+}
+
VOID NTAPI
AfdCancelHandler(PDEVICE_OBJECT DeviceObject,
PIRP Irp)
@@ -769,39 +796,46 @@
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
PFILE_OBJECT FileObject = IrpSp->FileObject;
PAFD_FCB FCB = FileObject->FsContext;
- UINT Function;
- PAFD_RECV_INFO RecvReq;
- PAFD_SEND_INFO SendReq;
+ ULONG Function, IoctlCode;
+ PIRP CurrentIrp;
PLIST_ENTRY CurrentEntry;
- PIRP CurrentIrp;
PAFD_DEVICE_EXTENSION DeviceExt = DeviceObject->DeviceExtension;
KIRQL OldIrql;
PAFD_ACTIVE_POLL Poll;
- PAFD_POLL_INFO PollReq;
IoReleaseCancelSpinLock(Irp->CancelIrql);
-
+
if (!SocketAcquireStateLock(FCB))
return;
-
- ASSERT(IrpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL);
-
- switch (IrpSp->Parameters.DeviceIoControl.IoControlCode)
+
+ switch (IrpSp->MajorFunction)
+ {
+ case IRP_MJ_DEVICE_CONTROL:
+ IoctlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode;
+ break;
+
+ case IRP_MJ_READ:
+ IoctlCode = IOCTL_AFD_RECV;
+ break;
+
+ case IRP_MJ_WRITE:
+ IoctlCode = IOCTL_AFD_SEND;
+ break;
+
+ default:
+ ASSERT(FALSE);
+ SocketStateUnlock(FCB);
+ return;
+ }
+
+ switch (IoctlCode)
{
case IOCTL_AFD_RECV:
- RecvReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
- UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
- /* Fall through */
-
case IOCTL_AFD_RECV_DATAGRAM:
Function = FUNCTION_RECV;
break;
case IOCTL_AFD_SEND:
- SendReq = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
- UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
- /* Fall through */
-
case IOCTL_AFD_SEND_DATAGRAM:
Function = FUNCTION_SEND;
break;
@@ -821,14 +855,13 @@
while (CurrentEntry != &DeviceExt->Polls)
{
Poll = CONTAINING_RECORD(CurrentEntry, AFD_ACTIVE_POLL, ListEntry);
- CurrentIrp = Poll->Irp;
- PollReq = CurrentIrp->AssociatedIrp.SystemBuffer;
-
- if (CurrentIrp == Irp)
+
+ if (Irp == Poll->Irp)
{
- ZeroEvents(PollReq->Handles, PollReq->HandleCount);
- SignalSocket(Poll, NULL, PollReq, STATUS_CANCELLED);
- break;
+ CleanupPendingIrp(Irp, IrpSp, Poll);
+ KeReleaseSpinLock(&DeviceExt->Lock, OldIrql);
+ SocketStateUnlock(FCB);
+ return;
}
else
{
@@ -838,8 +871,9 @@
KeReleaseSpinLock(&DeviceExt->Lock, OldIrql);
- /* IRP already completed by SignalSocket */
SocketStateUnlock(FCB);
+
+ DbgPrint("WARNING!!! IRP cancellation race could lead to a process hang!
(IOCTL_AFD_SELECT)\n");
return;
default:
@@ -856,7 +890,9 @@
if (CurrentIrp == Irp)
{
RemoveEntryList(CurrentEntry);
- break;
+ CleanupPendingIrp(Irp, IrpSp, NULL);
+ UnlockAndMaybeComplete(FCB, STATUS_CANCELLED, Irp, 0);
+ return;
}
else
{
@@ -864,7 +900,9 @@
}
}
- UnlockAndMaybeComplete(FCB, STATUS_CANCELLED, Irp, 0);
+ SocketStateUnlock(FCB);
+
+ DbgPrint("WARNING!!! IRP cancellation race could lead to a process hang!
(Function: %d)\n", Function);
}
static VOID NTAPI
Modified: trunk/reactos/drivers/network/afd/afd/write.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/wr…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] Wed Jun 8 22:15:27 2011
@@ -185,9 +185,12 @@
FCB->SendIrp.InFlightRequest = NULL;
/* Request is not in flight any longer */
- FCB->PollState |= AFD_EVENT_SEND;
- FCB->PollStatus[FD_WRITE_BIT] = STATUS_SUCCESS;
- PollReeval( FCB->DeviceExt, FCB->FileObject );
+ if (Irp->IoStatus.Status == STATUS_SUCCESS)
+ {
+ FCB->PollState |= AFD_EVENT_SEND;
+ FCB->PollStatus[FD_WRITE_BIT] = STATUS_SUCCESS;
+ PollReeval( FCB->DeviceExt, FCB->FileObject );
+ }
if( FCB->State == SOCKET_STATE_CLOSED ) {
/* Cleanup our IRP queue because the FCB is being destroyed */