[ros-diffs] [cgutman] 44267: - Fix a race condition that occurs when an IRP gets cancelled after it is inserted into the completion queue but before it is completed

Author: cgutman Date: Sun Nov 22 03:32:47 2009 New Revision: 44267 URL: http://svn.reactos.org/svn/reactos?rev=44267&view=rev Log: - Fix a race condition that occurs when an IRP gets cancelled after it is inserted into the completion queue but before it is completed Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h trunk/reactos/drivers/network/tcpip/include/tcp.h trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c trunk/reactos/lib/drivers/ip/transport/tcp/accept.c trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/incl… ============================================================================== --- trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -21,7 +21,7 @@ PVOID Context, PIRP Irp); -VOID DGRemoveIRP( +BOOLEAN DGRemoveIRP( PADDRESS_FILE AddrFile, PIRP Irp); Modified: trunk/reactos/drivers/network/tcpip/include/tcp.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/incl… ============================================================================== --- trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -96,8 +96,8 @@ PCONNECTION_ENDPOINT Connection, PTDI_REQUEST_KERNEL Request ); NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog ); -VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, - PCONNECTION_ENDPOINT Connection ); +BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, + PCONNECTION_ENDPOINT Connection ); NTSTATUS TCPAccept ( PTDI_REQUEST Request, PCONNECTION_ENDPOINT Listener, @@ -179,6 +179,6 @@ NTSTATUS TCPShutdown( VOID); -VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp ); +BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp ); #endif /* __TCP_H */ Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpi… ============================================================================== --- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -133,6 +133,7 @@ PTRANSPORT_CONTEXT TranContext; PFILE_OBJECT FileObject; UCHAR MinorFunction; + BOOLEAN DequeuedIrp = TRUE; IoReleaseCancelSpinLock(Irp->CancelIrql); @@ -157,7 +158,7 @@ switch(MinorFunction) { case TDI_SEND: case TDI_RECEIVE: - TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp ); + DequeuedIrp = TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp ); break; case TDI_SEND_DATAGRAM: @@ -166,7 +167,7 @@ break; } - DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); + DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); break; case TDI_RECEIVE_DATAGRAM: @@ -175,19 +176,21 @@ break; } - DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); + DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp); break; case TDI_CONNECT: - TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp); + DequeuedIrp = TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp); break; default: TI_DbgPrint(MIN_TRACE, ("Unknown IRP. MinorFunction (0x%X).\n", MinorFunction)); + ASSERT(FALSE); break; } - IRPFinish(Irp, STATUS_CANCELLED); + if (DequeuedIrp) + IRPFinish(Irp, STATUS_CANCELLED); TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); } @@ -207,7 +210,6 @@ PTRANSPORT_CONTEXT TranContext; PFILE_OBJECT FileObject; PCONNECTION_ENDPOINT Connection; - /*NTSTATUS Status = STATUS_SUCCESS;*/ IoReleaseCancelSpinLock(Irp->CancelIrql); @@ -228,13 +230,12 @@ /* Try canceling the request */ Connection = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext; - TCPRemoveIRP(Connection, Irp); - - TCPAbortListenForSocket(Connection->AddressFile->Listener, - Connection); - - Irp->IoStatus.Information = 0; - IRPFinish(Irp, STATUS_CANCELLED); + if (TCPAbortListenForSocket(Connection->AddressFile->Listener, + Connection)) + { + Irp->IoStatus.Information = 0; + IRPFinish(Irp, STATUS_CANCELLED); + } TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); } Modified: trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/d… ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -10,13 +10,14 @@ #include "precomp.h" -VOID DGRemoveIRP( +BOOLEAN DGRemoveIRP( PADDRESS_FILE AddrFile, PIRP Irp) { PLIST_ENTRY ListEntry; PDATAGRAM_RECEIVE_REQUEST ReceiveRequest; KIRQL OldIrql; + BOOLEAN Found = FALSE; TI_DbgPrint(MAX_TRACE, ("Called (Cancel IRP %08x for file %08x).\n", Irp, AddrFile)); @@ -36,6 +37,7 @@ { RemoveEntryList(&ReceiveRequest->ListEntry); ExFreePoolWithTag(ReceiveRequest, DATAGRAM_RECV_TAG); + Found = TRUE; break; } } @@ -43,6 +45,8 @@ KeReleaseSpinLock(&AddrFile->Lock, OldIrql); TI_DbgPrint(MAX_TRACE, ("Done.\n")); + + return Found; } VOID DGDeliverData( Modified: trunk/reactos/lib/drivers/ip/transport/tcp/accept.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/t… ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -104,11 +104,12 @@ return Status; } -VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, +BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener, PCONNECTION_ENDPOINT Connection ) { PLIST_ENTRY ListEntry; PTDI_BUCKET Bucket; KIRQL OldIrql; + BOOLEAN Found = FALSE; KeAcquireSpinLock(&Listener->Lock, &OldIrql); @@ -119,6 +120,7 @@ if( Bucket->AssociatedEndpoint == Connection ) { RemoveEntryList( &Bucket->Entry ); ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG ); + Found = TRUE; break; } @@ -126,6 +128,8 @@ } KeReleaseSpinLock(&Listener->Lock, OldIrql); + + return Found; } NTSTATUS TCPAccept ( PTDI_REQUEST Request, Modified: trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/t… ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] Sun Nov 22 03:32:47 2009 @@ -904,12 +904,13 @@ return Status; } -VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) { +BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) { PLIST_ENTRY Entry; PLIST_ENTRY ListHead[4]; KIRQL OldIrql; PTDI_BUCKET Bucket; UINT i = 0; + BOOLEAN Found = FALSE; ListHead[0] = &Endpoint->SendRequest; ListHead[1] = &Endpoint->ReceiveRequest; @@ -929,12 +930,15 @@ { RemoveEntryList( &Bucket->Entry ); ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG ); + Found = TRUE; break; } } } TcpipReleaseSpinLock( &Endpoint->Lock, OldIrql ); + + return Found; } /* EOF */