Author: tfaber Date: Thu Jun 14 22:06:24 2012 New Revision: 56735 URL: http://svn.reactos.org/svn/reactos?rev=56735&view=rev Log: [NTOSKRNL] - Fix callback pool tags - Fix a reference leak in PsSetCreateProcessNotifyRoutine See issue #7120 for more details. Modified: trunk/reactos/ntoskrnl/CMakeLists.txt trunk/reactos/ntoskrnl/ex/callback.c trunk/reactos/ntoskrnl/include/internal/tag.h trunk/reactos/ntoskrnl/ps/psnotify.c Modified: trunk/reactos/ntoskrnl/CMakeLists.txt URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/CMakeLists.txt?re… ============================================================================== --- trunk/reactos/ntoskrnl/CMakeLists.txt [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/CMakeLists.txt [iso-8859-1] Thu Jun 14 22:06:24 2012 @@ -132,7 +132,7 @@ fstub/disksup.c fstub/fstubex.c fstub/halstub.c - fstub/translate.c + fstub/translate.c inbv/inbv.c inbv/inbvport.c io/iomgr/adapter.c Modified: trunk/reactos/ntoskrnl/ex/callback.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/callback.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/ex/callback.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/callback.c [iso-8859-1] Thu Jun 14 22:06:24 2012 @@ -59,7 +59,7 @@ /* Allocate a callback */ CallbackBlock = ExAllocatePoolWithTag(PagedPool, sizeof(EX_CALLBACK_ROUTINE_BLOCK), - 'CbRb'); + TAG_CALLBACK_ROUTINE_BLOCK); if (CallbackBlock) { /* Initialize it */ @@ -77,7 +77,7 @@ ExFreeCallBack(IN PEX_CALLBACK_ROUTINE_BLOCK CallbackBlock) { /* Just free it from memory */ - ExFreePoolWithTag(CallbackBlock, CALLBACK_TAG); + ExFreePoolWithTag(CallbackBlock, TAG_CALLBACK_ROUTINE_BLOCK); } VOID @@ -124,7 +124,7 @@ EX_FAST_REF OldValue; ULONG_PTR Count; PEX_CALLBACK_ROUTINE_BLOCK CallbackBlock; - + /* Acquire a reference */ OldValue = ExAcquireFastReference(&CallBack->RoutineBlock); Count = ExGetCountFastReference(OldValue); @@ -140,10 +140,10 @@ ASSERT(FALSE); return NULL; } - + /* Get the callback block */ CallbackBlock = ExGetObjectFastReference(OldValue); - + /* Check if this is the last reference */ if (Count == 1) { @@ -425,7 +425,7 @@ 0, ExCallbackObjectType, KernelMode, - (PVOID)&Callback, + &Callback, NULL); /* Close the Handle, since we now have the pointer */ @@ -567,7 +567,7 @@ /* Allocate memory for the structure */ CallbackRegistration = ExAllocatePoolWithTag(NonPagedPool, sizeof(CALLBACK_REGISTRATION), - CALLBACK_TAG); + TAG_CALLBACK_REGISTRATION); if (!CallbackRegistration) { /* Dereference and fail */ @@ -602,7 +602,7 @@ KeReleaseSpinLock(&CallbackObject->Lock, OldIrql); /* Free the registration */ - ExFreePoolWithTag(CallbackRegistration, CALLBACK_TAG); + ExFreePoolWithTag(CallbackRegistration, TAG_CALLBACK_REGISTRATION); CallbackRegistration = NULL; /* Dereference the object */ @@ -676,7 +676,7 @@ KeReleaseSpinLock(&CallbackObject->Lock, OldIrql); /* Delete this registration */ - ExFreePoolWithTag(CallbackRegistration, CALLBACK_TAG); + ExFreePoolWithTag(CallbackRegistration, TAG_CALLBACK_REGISTRATION); /* Remove the reference */ ObDereferenceObject(CallbackObject); Modified: trunk/reactos/ntoskrnl/include/internal/tag.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/… ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/tag.h [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/include/internal/tag.h [iso-8859-1] Thu Jun 14 22:06:24 2012 @@ -5,8 +5,9 @@ #define TAG_BCB ' BCB' #define TAG_IBCB 'BCBi' -/* formely located in include/callback.h */ -#define CALLBACK_TAG 'KBLC' +/* Executive Callbacks */ +#define TAG_CALLBACK_ROUTINE_BLOCK 'brbC' +#define TAG_CALLBACK_REGISTRATION 'eRBC' /* formely located in dbg/dbgkobj.c */ #define TAG_DEBUG_EVENT 'EgbD' Modified: trunk/reactos/ntoskrnl/ps/psnotify.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/psnotify.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/ps/psnotify.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ps/psnotify.c [iso-8859-1] Thu Jun 14 22:06:24 2012 @@ -48,35 +48,32 @@ if (!CallBack) continue; /* Check it this is a matching block */ - if (ExGetCallBackBlockRoutine(CallBack) != (PVOID)NotifyRoutine) - { - /* It's not, try the next one */ - continue; - } - - /* It is, clear the current routine */ - if (ExCompareExchangeCallBack(&PspProcessNotifyRoutine[i], - NULL, - CallBack)) - { - /* Decrement the number of routines */ - InterlockedDecrement((PLONG)&PspProcessNotifyRoutineCount); + if (ExGetCallBackBlockRoutine(CallBack) == (PVOID)NotifyRoutine) + { + /* Try removing it if it matches */ + if (ExCompareExchangeCallBack(&PspProcessNotifyRoutine[i], + NULL, + CallBack)) + { + /* Decrement the number of routines */ + InterlockedDecrement((PLONG)&PspProcessNotifyRoutineCount); + + /* Dereference the block */ + ExDereferenceCallBackBlock(&PspProcessNotifyRoutine[i], + CallBack); + + /* Wait for active callbacks */ + ExWaitForCallBacks(CallBack); + + /* Free the callback and exit */ + ExFreeCallBack(CallBack); + return STATUS_SUCCESS; + } /* Dereference the block */ ExDereferenceCallBackBlock(&PspProcessNotifyRoutine[i], CallBack); - - /* Wait for actice callbacks */ - ExWaitForCallBacks(CallBack); - - /* Free the callback and exit */ - ExFreeCallBack (CallBack); - return STATUS_SUCCESS; - } - - /* Dereference the block */ - ExDereferenceCallBackBlock(&PspProcessNotifyRoutine[i], - CallBack); + } } /* We didn't find any matching block */