[mjmartin] 51752: [USBSTOR] - USBSTOR_SendRequest: The buffer for read/write may not be NonPagedPool, which is documented as a requirement for using MmBuildMdlForNonPagedPool. Also locking the buff... - Ros-diffs

15 May 2011

Author: mjmartin
Date: Sun May 15 08:23:32 2011
New Revision: 51752
URL: http://svn.reactos.org/svn/reactos?rev=51752&view=rev
Log:
[USBSTOR]
- USBSTOR_SendRequest: The buffer for read/write may not be NonPagedPool, which is
documented as a requirement for using MmBuildMdlForNonPagedPool. Also locking the buffers
pages is also not an option as the routine is called at DISPATCH_LEVEL.
It so happens that Irp->MdlAddress is valid for read/write operations. Use it instead
of procedure above.
- Add a sanity check to make sure the Mdl does describe the transfer buffer.
Fixes IRQL_NOT_LESS_OR_EQUAL bugcheck in windows. These changes also may fixed writing to
device.
Modified:
    branches/usb-bringup/drivers/usb/usbstor/scsi.c
Modified: branches/usb-bringup/drivers/usb/usbstor/scsi.c
URL:
http://svn.reactos.org/svn/reactos/branches/usb-bringup/drivers/usb/usbstor…
==============================================================================

--- branches/usb-bringup/drivers/usb/usbstor/scsi.c [iso-8859-1] (original)
+++ branches/usb-bringup/drivers/usb/usbstor/scsi.c [iso-8859-1] Sun May 15 08:23:32 2011
@@ -442,6 +442,7 @@
     PFDO_DEVICE_EXTENSION FDODeviceExtension;
     PIRP Irp;
     PIO_STACK_LOCATION IoStack;
+       PULONG MdlVirtualAddress;
     //
     // first allocate irp context
@@ -507,8 +508,18 @@
         //
         if (OriginalRequest)
         {
-            if (OriginalRequest->MdlAddress != NULL &&
Context->TransferData == NULL)
+            if ((OriginalRequest->MdlAddress != NULL) &&
+                       (Context->TransferData == NULL || Command[0] == SCSIOP_READ ||
Command[0] == SCSIOP_WRITE))
             {
+                               //
+                               // Sanity check that the Mdl does describe the
TransferData for read/write
+                               //
+                               if (CommandLength == UFI_READ_WRITE_CMD_LEN)
+                               {
+                                       MdlVirtualAddress =
MmGetMdlVirtualAddress(OriginalRequest->MdlAddress);
+                                       ASSERT(MdlVirtualAddress ==
Context->TransferData);
+                               }
+
                 //
                 // I/O paging request
                 //
@@ -1052,7 +1063,7 @@
         //
         Status = USBSTOR_SendModeSenseCmd(DeviceObject, Irp);
     }
-    else if (pCDB->MODE_SENSE.OperationCode == SCSIOP_READ /*||
pCDB->MODE_SENSE.OperationCode == SCSIOP_WRITE*/)
+    else if (pCDB->MODE_SENSE.OperationCode == SCSIOP_READ ||
pCDB->MODE_SENSE.OperationCode == SCSIOP_WRITE)
     {
         DPRINT1("SCSIOP_READ / SCSIOP_WRITE DataTransferLength %lu\n",
Request->DataTransferLength);
    