[fireball] 42231: - Never release the user lock when processing a user server request! The user lock was being released to perform a csr notification (it still happens this way in trunk) allowing another request to start processing. Fix this by moving csr notification outside the user lock. - Don't rely on a reqinfo->data_count but use a simple boolean var for tracking the memory which must be freed. - Ros-diffs

26 Jul 2009

Author: fireball
Date: Sun Jul 26 15:13:00 2009
New Revision: 42231

URL: http://svn.reactos.org/svn/reactos?rev=42231&view=rev
Log:
- Never release the user lock when processing a user server request! The user lock was
being released to perform a csr notification (it still happens this way in trunk) allowing
another request to start processing. Fix this by moving csr notification outside the user
lock.
- Don't rely on a reqinfo->data_count but use a simple boolean var for tracking the
memory which must be freed.

Modified:
    branches/arwinss/reactos/subsystems/win32/win32k/main/csr.c
    branches/arwinss/reactos/subsystems/win32/win32k/wine/main.c

Modified: branches/arwinss/reactos/subsystems/win32/win32k/main/csr.c
URL:
http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win3…
==============================================================================

--- branches/arwinss/reactos/subsystems/win32/win32k/main/csr.c [iso-8859-1] (original)
+++ branches/arwinss/reactos/subsystems/win32/win32k/main/csr.c [iso-8859-1] Sun Jul 26
15:13:00 2009
@@ -71,13 +71,9 @@
       KeAttachProcess(&CsrProcess->Pcb);
    }
 
-   UserLeave();
-
    Status = ZwRequestWaitReplyPort(WindowsApiPort,
                                    &Request->Header,
                                    &Request->Header);
-
-   UserEnterExclusive();
 
    if (CsrProcess != OldProcess)
    {

Modified: branches/arwinss/reactos/subsystems/win32/win32k/wine/main.c
URL:
http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win3…
==============================================================================
--- branches/arwinss/reactos/subsystems/win32/win32k/wine/main.c [iso-8859-1] (original)
+++ branches/arwinss/reactos/subsystems/win32/win32k/wine/main.c [iso-8859-1] Sun Jul 26
15:13:00 2009
@@ -71,6 +71,7 @@
     enum request req = reqinfo->u.req.request_header.req;
     UCHAR i;
     ULONG DataWritten=0;
+    BOOLEAN FreeReqData = FALSE;
 
     DPRINT("WineServer call of type 0x%x\n", req);
 
@@ -106,6 +107,9 @@
             /* Advance to the next data block */
             DataWritten += reqinfo->data[i].size;
         }
+
+        /* Set the allocation flag so we free this memory later */
+        FreeReqData = TRUE;
     }
     else
     {
@@ -127,7 +131,7 @@
     }
 
     /* Free the request data area if needed */
-    if (reqinfo->data_count > 1) ExFreePool(RequestData);
+    if (FreeReqData) ExFreePool(RequestData);
 
     /* Copy back the reply data if any */
     if (ReplySize && reqinfo->reply_data)
@@ -154,11 +158,12 @@
     /* Release lock */
     UserLeave();
 
-    //if (reply.reply_header.error)
-    //    DPRINT1("returning error 0x%08X\n", reply.reply_header.error);
-
-    //if (reply.reply_header.error == 0x103 ||
-    //    reply.reply_header.error == STATUS_ACCESS_DENIED) DbgBreakPoint();
+    /* Perform any pending notifies without holding the lock */
+    if (req == REQ_create_desktop)
+    {
+        if (reply.reply_header.error != STATUS_OBJECT_NAME_EXISTS)
+            CsrNotifyCreateDesktop((HDESK)((struct create_desktop_reply
*)&reply)->handle);
+    }
 
     return reply.reply_header.error;
 }



    