[ros-diffs] [cgutman] 40339: - Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed - Fixes IRP, MDL, and buffer leaks - ping and dwnl don't leak at all now

3 Apr 2009

Author: cgutman
Date: Fri Apr  3 05:45:32 2009
New Revision: 40339
URL: http://svn.reactos.org/svn/reactos?rev=40339&view=rev
Log:
 - Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed
 - Fixes IRP, MDL, and buffer leaks
 - ping and dwnl don't leak at all now
Modified:
    trunk/reactos/drivers/network/afd/afd/connect.c
    trunk/reactos/drivers/network/afd/afd/listen.c
    trunk/reactos/drivers/network/afd/afd/read.c
    trunk/reactos/drivers/network/afd/afd/write.c
Modified: trunk/reactos/drivers/network/afd/afd/connect.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/con...
==============================================================================

--- trunk/reactos/drivers/network/afd/afd/connect.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/connect.c [iso-8859-1] Fri Apr  3 05:45:32 2009
@@ -96,8 +96,15 @@
     FCB->ConnectIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_CONNECT] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_CONNECT]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
    SocketStateUnlock( FCB );
    return STATUS_FILE_CLOSED;
     }
Modified: trunk/reactos/drivers/network/afd/afd/listen.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/lis...
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] Fri Apr  3 05:45:32 2009
@@ -95,6 +95,8 @@
     NTSTATUS Status = STATUS_SUCCESS;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
if( !SocketAcquireStateLock( FCB ) ) {
         Irp->IoStatus.Status = STATUS_FILE_CLOSED;
@@ -105,8 +107,15 @@
     FCB->ListenIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_PREACCEPT] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_PREACCEPT]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
    SocketStateUnlock( FCB );
    return STATUS_FILE_CLOSED;
     }
Modified: trunk/reactos/drivers/network/afd/afd/read.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/rea...
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/read.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/read.c [iso-8859-1] Fri Apr  3 05:45:32 2009
@@ -225,16 +225,17 @@
   PIRP Irp,
   PVOID Context ) {
     PAFD_FCB FCB = (PAFD_FCB)Context;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
+    PAFD_RECV_INFO RecvReq;
+    PIO_STACK_LOCATION NextIrpSp;
AFD_DbgPrint(MID_TRACE,("Called\n"));
ASSERT_IRQL(APC_LEVEL);
-    if( !SocketAcquireStateLock( FCB ) ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+    if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
-    }
FCB->ReceiveIrp.InFlightRequest = NULL;
@@ -242,11 +243,21 @@
     FCB->Recv.BytesUsed = 0;
if( FCB->State == SOCKET_STATE_CLOSED ) {
-        AFD_DbgPrint(MIN_TRACE,("!!! CLOSED SOCK GOT A RECEIVE COMPLETE !!!\n"));
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        AFD_DbgPrint(MIN_TRACE,("!!! CLOSING SOCK GOT A RECEIVE COMPLETE !!!\n"));
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+               NextIrpSp = IoGetCurrentIrpStackLocation(NextIrp);
+               RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     } else if( FCB->State == SOCKET_STATE_LISTENING ) {
         AFD_DbgPrint(MIN_TRACE,("!!! LISTENER GOT A RECEIVE COMPLETE !!!\n"));
         Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
@@ -449,6 +460,7 @@
     PAFD_RECV_INFO RecvReq;
     PAFD_STORED_DATAGRAM DatagramRecv;
     UINT DGSize = Irp->IoStatus.Information + sizeof( AFD_STORED_DATAGRAM );
+    PLIST_ENTRY NextIrpEntry;
AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
@@ -461,10 +473,20 @@
     FCB->ReceiveIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
+	       RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
DatagramRecv = ExAllocatePool( NonPagedPool, DGSize );
Modified: trunk/reactos/drivers/network/afd/afd/write.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/wri...
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] Fri Apr  3 05:45:32 2009
@@ -48,8 +48,18 @@
     /* Request is not in flight any longer */
if( FCB->State == SOCKET_STATE_CLOSED ) {
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
if( !NT_SUCCESS(Status) ) {
@@ -162,6 +172,8 @@
   PIRP Irp,
   PVOID Context ) {
     PAFD_FCB FCB = (PAFD_FCB)Context;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
AFD_DbgPrint(MID_TRACE,("Called, status %x, %d bytes used\n",
    						Irp->IoStatus.Status,
@@ -178,8 +190,17 @@
     PollReeval( FCB->DeviceExt, FCB->FileObject );
if( FCB->State == SOCKET_STATE_CLOSED ) {
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
SocketStateUnlock( FCB );

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [cgutman] 40339: - Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed - Fixes IRP, MDL, and buffer leaks - ping and dwnl don't leak at all now