Author: cgutman Date: Sun Nov 22 03:32:47 2009 New Revision: 44267
URL: http://svn.reactos.org/svn/reactos?rev=44267&view=rev Log: - Fix a race condition that occurs when an IRP gets cancelled after it is inserted into the completion queue but before it is completed
Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h trunk/reactos/drivers/network/tcpip/include/tcp.h trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c trunk/reactos/lib/drivers/ip/transport/tcp/accept.c trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c
Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/inclu... ============================================================================== --- trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -21,7 +21,7 @@ PVOID Context, PIRP Irp);
-VOID DGRemoveIRP( +BOOLEAN DGRemoveIRP( PADDRESS_FILE AddrFile, PIRP Irp);
Modified: trunk/reactos/drivers/network/tcpip/include/tcp.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/inclu... ============================================================================== --- trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -96,8 +96,8 @@ PCONNECTION_ENDPOINT Connection, PTDI_REQUEST_KERNEL Request ); NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog ); -VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, - PCONNECTION_ENDPOINT Connection ); +BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, + PCONNECTION_ENDPOINT Connection ); NTSTATUS TCPAccept ( PTDI_REQUEST Request, PCONNECTION_ENDPOINT Listener, @@ -179,6 +179,6 @@ NTSTATUS TCPShutdown( VOID);
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp ); +BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp );
#endif /* __TCP_H */
Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpip... ============================================================================== --- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -133,6 +133,7 @@ PTRANSPORT_CONTEXT TranContext; PFILE_OBJECT FileObject; UCHAR MinorFunction; + BOOLEAN DequeuedIrp = TRUE;
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -157,7 +158,7 @@ switch(MinorFunction) { case TDI_SEND: case TDI_RECEIVE: - TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp ); + DequeuedIrp = TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp ); break;
case TDI_SEND_DATAGRAM: @@ -166,7 +167,7 @@ break; }
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); + DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); break;
case TDI_RECEIVE_DATAGRAM: @@ -175,19 +176,21 @@ break; }
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); + DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); break;
case TDI_CONNECT: - TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp); + DequeuedIrp = TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp); break;
default: TI_DbgPrint(MIN_TRACE, ("Unknown IRP. MinorFunction (0x%X).\n", MinorFunction)); + ASSERT(FALSE); break; }
- IRPFinish(Irp, STATUS_CANCELLED); + if (DequeuedIrp) + IRPFinish(Irp, STATUS_CANCELLED);
TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); } @@ -207,7 +210,6 @@ PTRANSPORT_CONTEXT TranContext; PFILE_OBJECT FileObject; PCONNECTION_ENDPOINT Connection; - /*NTSTATUS Status = STATUS_SUCCESS;*/
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -228,13 +230,12 @@ /* Try canceling the request */ Connection = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
- TCPRemoveIRP(Connection, Irp); - - TCPAbortListenForSocket(Connection->AddressFile->Listener, - Connection); - - Irp->IoStatus.Information = 0; - IRPFinish(Irp, STATUS_CANCELLED); + if (TCPAbortListenForSocket(Connection->AddressFile->Listener, + Connection)) + { + Irp->IoStatus.Information = 0; + IRPFinish(Irp, STATUS_CANCELLED); + }
TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); }
Modified: trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/da... ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -10,13 +10,14 @@
#include "precomp.h"
-VOID DGRemoveIRP( +BOOLEAN DGRemoveIRP( PADDRESS_FILE AddrFile, PIRP Irp) { PLIST_ENTRY ListEntry; PDATAGRAM_RECEIVE_REQUEST ReceiveRequest; KIRQL OldIrql; + BOOLEAN Found = FALSE;
TI_DbgPrint(MAX_TRACE, ("Called (Cancel IRP %08x for file %08x).\n", Irp, AddrFile)); @@ -36,6 +37,7 @@ { RemoveEntryList(&ReceiveRequest->ListEntry); ExFreePoolWithTag(ReceiveRequest, DATAGRAM_RECV_TAG); + Found = TRUE; break; } } @@ -43,6 +45,8 @@ KeReleaseSpinLock(&AddrFile->Lock, OldIrql);
TI_DbgPrint(MAX_TRACE, ("Done.\n")); + + return Found; }
VOID DGDeliverData(
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/accept.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tc... ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -104,11 +104,12 @@ return Status; }
-VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, +BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, PCONNECTION_ENDPOINT Connection ) { PLIST_ENTRY ListEntry; PTDI_BUCKET Bucket; KIRQL OldIrql; + BOOLEAN Found = FALSE;
KeAcquireSpinLock(&Listener->Lock, &OldIrql);
@@ -119,6 +120,7 @@ if( Bucket->AssociatedEndpoint == Connection ) { RemoveEntryList( &Bucket->Entry ); ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG ); + Found = TRUE; break; }
@@ -126,6 +128,8 @@ }
KeReleaseSpinLock(&Listener->Lock, OldIrql); + + return Found; }
NTSTATUS TCPAccept ( PTDI_REQUEST Request,
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tc... ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -904,12 +904,13 @@ return Status; }
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) { +BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) { PLIST_ENTRY Entry; PLIST_ENTRY ListHead[4]; KIRQL OldIrql; PTDI_BUCKET Bucket; UINT i = 0; + BOOLEAN Found = FALSE;
ListHead[0] = &Endpoint->SendRequest; ListHead[1] = &Endpoint->ReceiveRequest; @@ -929,12 +930,15 @@ { RemoveEntryList( &Bucket->Entry ); ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG ); + Found = TRUE; break; } } }
TcpipReleaseSpinLock( &Endpoint->Lock, OldIrql ); + + return Found; }
/* EOF */