[cmihail] 51781: Make kernel not crash when trying to accept in incoming tcp connection. The problem is in TCPAcceptEventHandler, where calling the LibTCPAccept function would cause an assert to fa... - Ros-diffs

16 May 2011

Author: cmihail
Date: Mon May 16 13:00:34 2011
New Revision: 51781

URL: http://svn.reactos.org/svn/reactos?rev=51781&view=rev
Log:
Make kernel not crash when trying to accept in incoming tcp connection. The problem is in
TCPAcceptEventHandler, where calling the LibTCPAccept function would cause an assert to
fail in LibTCPAccept. We just set the state of the pcb to LISTEN and after calling
LibTCPAccept we set it to ESTABLISHED. The connection still fails but at least the kernel
doesn't crash. Needs further serious investigation.

Modified:
    branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c

Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/drive…
==============================================================================

--- branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1]
(original)
+++ branches/GSoC_2011/TcpIpDriver/lib/drivers/ip/transport/tcp/event.c [iso-8859-1] Mon
May 16 13:00:34 2011
@@ -114,7 +114,7 @@
     NTSTATUS Status;
     KIRQL OldIrql;
     
-    DbgPrint("TCPAcceptEventHandler\n");
+    DbgPrint("TCPAcceptEventHandler] Called\n");
     
     ReferenceObject(Connection);
     
@@ -126,7 +126,7 @@
         Irp = Bucket->Request.RequestContext;
         IrpSp = IoGetCurrentIrpStackLocation( Irp );
         
-        TI_DbgPrint(DEBUG_TCP,("Getting the socket\n"));
+        TI_DbgPrint(DEBUG_TCP,("[TCPAcceptEventHandler] Getting the
socket\n"));
         
         Status = TCPCheckPeerForAccept(newpcb,
                                        (PTDI_REQUEST_KERNEL)&IrpSp->Parameters);
@@ -136,22 +136,27 @@
         Bucket->Status = Status;
         Bucket->Information = 0;
         
-        DbgPrint("Associated with: 0x%x\n",
Bucket->AssociatedEndpoint->SocketContext);
-        
-        DbgPrint("Completing accept event %x\n", Status);
+        DbgPrint("[TCPAcceptEventHandler] Associated with: 0x%x\n",
Bucket->AssociatedEndpoint->SocketContext);
+        
+        DbgPrint("[TCPAcceptEventHandler] Completing accept event %x\n",
Status);
         
         Complete = Bucket->Request.RequestNotifyObject;
         
         if (Status == STATUS_SUCCESS)
         {
+            newpcb->state = LISTEN;
             LockObject(Bucket->AssociatedEndpoint, &OldIrql);
             Bucket->AssociatedEndpoint->SocketContext = newpcb;
+            DbgPrint("[TCPAcceptEventHandler] LibTCPAccept coming up\n");
             
             LibTCPAccept(newpcb, Bucket->AssociatedEndpoint);
+
+            DbgPrint("[TCPAcceptEventHandler] Trying to unlock
Bucket->AssociatedEndpoint\n");
             UnlockObject(Bucket->AssociatedEndpoint, OldIrql);
+            newpcb->state = ESTABLISHED;
         }
         
-        DbgPrint("Done!\n");
+        DbgPrint("[TCPAcceptEventHandler] Done!\n");
         
         Complete(Bucket->Request.RequestContext, Bucket->Status,
Bucket->Information);
             
@@ -172,7 +177,7 @@
     NTSTATUS Status;
     PMDL Mdl;
     
-    DbgPrint("TCPSendEventHandler\n");
+    DbgPrint("[TCPSendEventHandler] Called\n");
     
     ReferenceObject(Connection);
 
@@ -248,7 +253,7 @@
     
     ReferenceObject(Connection);
     
-    DbgPrint("TCPRecvEventHandler\n");
+    DbgPrint("[TCPRecvEventHandler] Called\n");
     
     if ((Entry = ExInterlockedRemoveHeadList(&Connection->ReceiveRequest,
&Connection->Lock))) {
         Bucket = CONTAINING_RECORD( Entry, TDI_BUCKET, Entry );
@@ -304,25 +309,28 @@
     PTDI_BUCKET Bucket;
     PLIST_ENTRY Entry;
     
-    DbgPrint("TCPConnectEventHandler\n");
-    
-    ReferenceObject(Connection);
-    
-    while ((Entry = ExInterlockedRemoveHeadList(&Connection->ConnectRequest,
&Connection->Lock))) {
+    DbgPrint("[TCPConnectEventHandler] Called\n");
+    
+    ReferenceObject(Connection);
+    
+    while ((Entry = ExInterlockedRemoveHeadList(&Connection->ConnectRequest,
&Connection->Lock)))
+    {
         
         Bucket = CONTAINING_RECORD( Entry, TDI_BUCKET, Entry );
         
         Bucket->Status = TCPTranslateError(err);
         Bucket->Information = 0;
         
-        DbgPrint("Completing connection request! (0x%x)\n", err);
-        
-        Complete = Bucket->Request.RequestNotifyObject;
-        
-        Complete(Bucket->Request.RequestContext, Bucket->Status,
Bucket->Information);
-        
-        ExFreePoolWithTag(Bucket, TDI_BUCKET_TAG);
-    }
+        DbgPrint("[TCPConnectEventHandler] Completing connection request!
(0x%x)\n", err);
+        
+        Complete = Bucket->Request.RequestNotifyObject;
+        
+        Complete(Bucket->Request.RequestContext, Bucket->Status,
Bucket->Information);
+        
+        ExFreePoolWithTag(Bucket, TDI_BUCKET_TAG);
+    }
+
+    DbgPrint("[TCPConnectEventHandler] Done\n");
     
     DereferenceObject(Connection);
 }



    