[cgutman] 40339: - Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed - Fixes IRP, MDL, and buffer leaks - ping and dwnl don't leak at all now
3 Apr
2009
3 Apr
'09
1:45 a.m.
Author: cgutman
Date: Fri Apr 3 05:45:32 2009
New Revision: 40339
URL: http://svn.reactos.org/svn/reactos?rev=40339&view=rev
Log:
- Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed
- Fixes IRP, MDL, and buffer leaks
- ping and dwnl don't leak at all now
Modified:
trunk/reactos/drivers/network/afd/afd/connect.c
trunk/reactos/drivers/network/afd/afd/listen.c
trunk/reactos/drivers/network/afd/afd/read.c
trunk/reactos/drivers/network/afd/afd/write.c
Modified: trunk/reactos/drivers/network/afd/afd/connect.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/co…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/connect.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/connect.c [iso-8859-1] Fri Apr 3 05:45:32 2009
@@ -96,8 +96,15 @@
FCB->ConnectIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
- Irp->IoStatus.Status = STATUS_FILE_CLOSED;
- Irp->IoStatus.Information = 0;
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_CONNECT] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_CONNECT]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
SocketStateUnlock( FCB );
return STATUS_FILE_CLOSED;
}
Modified: trunk/reactos/drivers/network/afd/afd/listen.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/li…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/listen.c [iso-8859-1] Fri Apr 3 05:45:32 2009
@@ -95,6 +95,8 @@
NTSTATUS Status = STATUS_SUCCESS;
PAFD_FCB FCB = (PAFD_FCB)Context;
PAFD_TDI_OBJECT_QELT Qelt;
+ PLIST_ENTRY NextIrpEntry;
+ PIRP NextIrp;
if( !SocketAcquireStateLock( FCB ) ) {
Irp->IoStatus.Status = STATUS_FILE_CLOSED;
@@ -105,8 +107,15 @@
FCB->ListenIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
- Irp->IoStatus.Status = STATUS_FILE_CLOSED;
- Irp->IoStatus.Information = 0;
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_PREACCEPT] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_PREACCEPT]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
SocketStateUnlock( FCB );
return STATUS_FILE_CLOSED;
}
Modified: trunk/reactos/drivers/network/afd/afd/read.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/re…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/read.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/read.c [iso-8859-1] Fri Apr 3 05:45:32 2009
@@ -225,16 +225,17 @@
PIRP Irp,
PVOID Context ) {
PAFD_FCB FCB = (PAFD_FCB)Context;
+ PLIST_ENTRY NextIrpEntry;
+ PIRP NextIrp;
+ PAFD_RECV_INFO RecvReq;
+ PIO_STACK_LOCATION NextIrpSp;
AFD_DbgPrint(MID_TRACE,("Called\n"));
ASSERT_IRQL(APC_LEVEL);
- if( !SocketAcquireStateLock( FCB ) ) {
- Irp->IoStatus.Status = STATUS_FILE_CLOSED;
- Irp->IoStatus.Information = 0;
+ if( !SocketAcquireStateLock( FCB ) )
return STATUS_FILE_CLOSED;
- }
FCB->ReceiveIrp.InFlightRequest = NULL;
@@ -242,11 +243,21 @@
FCB->Recv.BytesUsed = 0;
if( FCB->State == SOCKET_STATE_CLOSED ) {
- AFD_DbgPrint(MIN_TRACE,("!!! CLOSED SOCK GOT A RECEIVE COMPLETE
!!!\n"));
- Irp->IoStatus.Status = STATUS_FILE_CLOSED;
- Irp->IoStatus.Information = 0;
- SocketStateUnlock( FCB );
- return STATUS_FILE_CLOSED;
+ AFD_DbgPrint(MIN_TRACE,("!!! CLOSING SOCK GOT A RECEIVE COMPLETE
!!!\n"));
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrpSp = IoGetCurrentIrpStackLocation(NextIrp);
+ RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
+ SocketStateUnlock( FCB );
+ return STATUS_FILE_CLOSED;
} else if( FCB->State == SOCKET_STATE_LISTENING ) {
AFD_DbgPrint(MIN_TRACE,("!!! LISTENER GOT A RECEIVE COMPLETE !!!\n"));
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
@@ -449,6 +460,7 @@
PAFD_RECV_INFO RecvReq;
PAFD_STORED_DATAGRAM DatagramRecv;
UINT DGSize = Irp->IoStatus.Information + sizeof( AFD_STORED_DATAGRAM );
+ PLIST_ENTRY NextIrpEntry;
AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
@@ -461,10 +473,20 @@
FCB->ReceiveIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
- Irp->IoStatus.Status = STATUS_FILE_CLOSED;
- Irp->IoStatus.Information = 0;
- SocketStateUnlock( FCB );
- return STATUS_FILE_CLOSED;
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
+ RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
+ SocketStateUnlock( FCB );
+ return STATUS_FILE_CLOSED;
}
DatagramRecv = ExAllocatePool( NonPagedPool, DGSize );
Modified: trunk/reactos/drivers/network/afd/afd/write.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/wr…
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] Fri Apr 3 05:45:32 2009
@@ -48,8 +48,18 @@
/* Request is not in flight any longer */
if( FCB->State == SOCKET_STATE_CLOSED ) {
- SocketStateUnlock( FCB );
- return STATUS_FILE_CLOSED;
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
+ SocketStateUnlock( FCB );
+ return STATUS_FILE_CLOSED;
}
if( !NT_SUCCESS(Status) ) {
@@ -162,6 +172,8 @@
PIRP Irp,
PVOID Context ) {
PAFD_FCB FCB = (PAFD_FCB)Context;
+ PLIST_ENTRY NextIrpEntry;
+ PIRP NextIrp;
AFD_DbgPrint(MID_TRACE,("Called, status %x, %d bytes used\n",
Irp->IoStatus.Status,
@@ -178,8 +190,17 @@
PollReeval( FCB->DeviceExt, FCB->FileObject );
if( FCB->State == SOCKET_STATE_CLOSED ) {
- SocketStateUnlock( FCB );
- return STATUS_FILE_CLOSED;
+ /* Cleanup our IRP queue because the FCB is being destroyed */
+ while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+ NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+ NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+ NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+ NextIrp->IoStatus.Information = 0;
+ if( NextIrp->MdlAddress ) UnlockRequest( NextIrp,
IoGetCurrentIrpStackLocation( NextIrp ) );
+ IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+ }
+ SocketStateUnlock( FCB );
+ return STATUS_FILE_CLOSED;
}
SocketStateUnlock( FCB );
5763
days inactive
5763
days old
0 comments
1 participants
participants (1)
-
cgutman@svn.reactos.org