Author: cgutman
Date: Sun Nov 22 03:32:47 2009
New Revision: 44267
URL: http://svn.reactos.org/svn/reactos?rev=44267&view=rev
Log:
- Fix a race condition that occurs when an IRP gets cancelled after it is
inserted into the completion queue but before it is completed
Modified:
trunk/reactos/drivers/network/tcpip/include/datagram.h
trunk/reactos/drivers/network/tcpip/include/tcp.h
trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c
trunk/reactos/lib/drivers/ip/transport/tcp/accept.c
trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c
Modified: trunk/reactos/drivers/network/tcpip/include/datagram.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/include/datagram.h?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1]
(original)
+++ trunk/reactos/drivers/network/tcpip/include/datagram.h [iso-8859-1] Sun Nov
22 03:32:47 2009
@@ -21,7 +21,7 @@
PVOID Context,
PIRP Irp);
-VOID DGRemoveIRP(
+BOOLEAN DGRemoveIRP(
PADDRESS_FILE AddrFile,
PIRP Irp);
Modified: trunk/reactos/drivers/network/tcpip/include/tcp.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/include/tcp.h?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/include/tcp.h [iso-8859-1] Sun Nov 22
03:32:47 2009
@@ -96,8 +96,8 @@
PCONNECTION_ENDPOINT Connection,
PTDI_REQUEST_KERNEL Request );
NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog );
-VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
- PCONNECTION_ENDPOINT Connection );
+BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
+ PCONNECTION_ENDPOINT Connection );
NTSTATUS TCPAccept
( PTDI_REQUEST Request,
PCONNECTION_ENDPOINT Listener,
@@ -179,6 +179,6 @@
NTSTATUS TCPShutdown(
VOID);
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp );
+BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Connection, PIRP Irp );
#endif /* __TCP_H */
Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Sun Nov
22 03:32:47 2009
@@ -133,6 +133,7 @@
PTRANSPORT_CONTEXT TranContext;
PFILE_OBJECT FileObject;
UCHAR MinorFunction;
+ BOOLEAN DequeuedIrp = TRUE;
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -157,7 +158,7 @@
switch(MinorFunction) {
case TDI_SEND:
case TDI_RECEIVE:
- TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp );
+ DequeuedIrp = TCPRemoveIRP( TranContext->Handle.ConnectionContext, Irp
);
break;
case TDI_SEND_DATAGRAM:
@@ -166,7 +167,7 @@
break;
}
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
+ DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
break;
case TDI_RECEIVE_DATAGRAM:
@@ -175,19 +176,21 @@
break;
}
- DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
+ DequeuedIrp = DGRemoveIRP(TranContext->Handle.AddressHandle, Irp);
break;
case TDI_CONNECT:
- TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp);
+ DequeuedIrp = TCPRemoveIRP(TranContext->Handle.ConnectionContext, Irp);
break;
default:
TI_DbgPrint(MIN_TRACE, ("Unknown IRP. MinorFunction (0x%X).\n",
MinorFunction));
+ ASSERT(FALSE);
break;
}
- IRPFinish(Irp, STATUS_CANCELLED);
+ if (DequeuedIrp)
+ IRPFinish(Irp, STATUS_CANCELLED);
TI_DbgPrint(MAX_TRACE, ("Leaving.\n"));
}
@@ -207,7 +210,6 @@
PTRANSPORT_CONTEXT TranContext;
PFILE_OBJECT FileObject;
PCONNECTION_ENDPOINT Connection;
- /*NTSTATUS Status = STATUS_SUCCESS;*/
IoReleaseCancelSpinLock(Irp->CancelIrql);
@@ -228,13 +230,12 @@
/* Try canceling the request */
Connection = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
- TCPRemoveIRP(Connection, Irp);
-
- TCPAbortListenForSocket(Connection->AddressFile->Listener,
- Connection);
-
- Irp->IoStatus.Information = 0;
- IRPFinish(Irp, STATUS_CANCELLED);
+ if (TCPAbortListenForSocket(Connection->AddressFile->Listener,
+ Connection))
+ {
+ Irp->IoStatus.Information = 0;
+ IRPFinish(Irp, STATUS_CANCELLED);
+ }
TI_DbgPrint(MAX_TRACE, ("Leaving.\n"));
}
Modified: trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1]
(original)
+++ trunk/reactos/lib/drivers/ip/transport/datagram/datagram.c [iso-8859-1] Sun
Nov 22 03:32:47 2009
@@ -10,13 +10,14 @@
#include "precomp.h"
-VOID DGRemoveIRP(
+BOOLEAN DGRemoveIRP(
PADDRESS_FILE AddrFile,
PIRP Irp)
{
PLIST_ENTRY ListEntry;
PDATAGRAM_RECEIVE_REQUEST ReceiveRequest;
KIRQL OldIrql;
+ BOOLEAN Found = FALSE;
TI_DbgPrint(MAX_TRACE, ("Called (Cancel IRP %08x for file %08x).\n",
Irp, AddrFile));
@@ -36,6 +37,7 @@
{
RemoveEntryList(&ReceiveRequest->ListEntry);
ExFreePoolWithTag(ReceiveRequest, DATAGRAM_RECV_TAG);
+ Found = TRUE;
break;
}
}
@@ -43,6 +45,8 @@
KeReleaseSpinLock(&AddrFile->Lock, OldIrql);
TI_DbgPrint(MAX_TRACE, ("Done.\n"));
+
+ return Found;
}
VOID DGDeliverData(
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/accept.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tcp/accept.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] Sun Nov 22
03:32:47 2009
@@ -104,11 +104,12 @@
return Status;
}
-VOID TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
+BOOLEAN TCPAbortListenForSocket( PCONNECTION_ENDPOINT Listener,
PCONNECTION_ENDPOINT Connection ) {
PLIST_ENTRY ListEntry;
PTDI_BUCKET Bucket;
KIRQL OldIrql;
+ BOOLEAN Found = FALSE;
KeAcquireSpinLock(&Listener->Lock, &OldIrql);
@@ -119,6 +120,7 @@
if( Bucket->AssociatedEndpoint == Connection ) {
RemoveEntryList( &Bucket->Entry );
ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG );
+ Found = TRUE;
break;
}
@@ -126,6 +128,8 @@
}
KeReleaseSpinLock(&Listener->Lock, OldIrql);
+
+ return Found;
}
NTSTATUS TCPAccept ( PTDI_REQUEST Request,
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c?rev=44267&r1=44266&r2=44267&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/transport/tcp/tcp.c [iso-8859-1] Sun Nov 22
03:32:47 2009
@@ -904,12 +904,13 @@
return Status;
}
-VOID TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) {
+BOOLEAN TCPRemoveIRP( PCONNECTION_ENDPOINT Endpoint, PIRP Irp ) {
PLIST_ENTRY Entry;
PLIST_ENTRY ListHead[4];
KIRQL OldIrql;
PTDI_BUCKET Bucket;
UINT i = 0;
+ BOOLEAN Found = FALSE;
ListHead[0] = &Endpoint->SendRequest;
ListHead[1] = &Endpoint->ReceiveRequest;
@@ -929,12 +930,15 @@
{
RemoveEntryList( &Bucket->Entry );
ExFreePoolWithTag( Bucket, TDI_BUCKET_TAG );
+ Found = TRUE;
break;
}
}
}
TcpipReleaseSpinLock( &Endpoint->Lock, OldIrql );
+
+ return Found;
}
/* EOF */
