https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1b672981e2d2c5bd3d679b9f4adbb6e829075339

commit 1b672981e2d2c5bd3d679b9f4adbb6e829075339
Author:     Pierre Schweitzer <pie...@reactos.org>
AuthorDate: Sun Apr 8 18:45:38 2018 +0200
Commit:     Pierre Schweitzer <pie...@reactos.org>
CommitDate: Sun Apr 15 22:52:53 2018 +0200

    [NTOSKRNL] Map the VACB in kernel space before inserting it in lists.
    The avoids race conditions where attempts to read from disk to
    not fully initialized VACB were performed.
    Also, added more debug prints in such situations.
    
    CORE-14349
---
 ntoskrnl/cc/copy.c |  2 ++
 ntoskrnl/cc/view.c | 26 +++++++++++++-------------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/ntoskrnl/cc/copy.c b/ntoskrnl/cc/copy.c
index c39b2148ec..a70e0ab766 100644
--- a/ntoskrnl/cc/copy.c
+++ b/ntoskrnl/cc/copy.c
@@ -110,6 +110,7 @@ CcReadVirtualAddress (
     _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
     {
         Status = _SEH2_GetExceptionCode();
+        DPRINT1("MmProbeAndLockPages failed with: %lx for %p (%p, %p)\n", 
Status, Mdl, Vacb, Vacb->BaseAddress);
         KeBugCheck(CACHE_MANAGER);
     } _SEH2_END;
 
@@ -186,6 +187,7 @@ CcWriteVirtualAddress (
     _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
     {
         Status = _SEH2_GetExceptionCode();
+        DPRINT1("MmProbeAndLockPages failed with: %lx for %p (%p, %p)\n", 
Status, Mdl, Vacb, Vacb->BaseAddress);
         KeBugCheck(CACHE_MANAGER);
     } _SEH2_END;
 
diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c
index c835a03a8e..1ec4c35b1f 100644
--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@@ -752,6 +752,17 @@ CcRosCreateVacb (
     InitializeListHead(&current->CacheMapVacbListEntry);
     InitializeListHead(&current->DirtyVacbListEntry);
     InitializeListHead(&current->VacbLruListEntry);
+
+    CcRosVacbIncRefCount(current);
+
+    Status = CcRosMapVacbInKernelSpace(current);
+    if (!NT_SUCCESS(Status))
+    {
+        CcRosVacbDecRefCount(current);
+        ExFreeToNPagedLookasideList(&VacbLookasideList, current);
+        return Status;
+    }
+
     CcRosAcquireVacbLock(current, NULL);
     KeAcquireGuardedMutex(&ViewLock);
 
@@ -784,9 +795,10 @@ CcRosCreateVacb (
                         current);
             }
 #endif
+            CcRosVacbDecRefCount(*Vacb);
             CcRosReleaseVacbLock(*Vacb);
             KeReleaseGuardedMutex(&ViewLock);
-            ExFreeToNPagedLookasideList(&VacbLookasideList, *Vacb);
+            CcRosInternalFreeVacb(*Vacb);
             *Vacb = current;
             CcRosAcquireVacbLock(current, NULL);
             return STATUS_SUCCESS;
@@ -813,7 +825,6 @@ CcRosCreateVacb (
     }
     KeReleaseSpinLock(&SharedCacheMap->CacheMapLock, oldIrql);
     InsertTailList(&VacbLruListHead, &current->VacbLruListEntry);
-    CcRosVacbIncRefCount(current);
     KeReleaseGuardedMutex(&ViewLock);
 
     MI_SET_USAGE(MI_USAGE_CACHE);
@@ -838,17 +849,6 @@ CcRosCreateVacb (
     /* Reference it to allow release */
     CcRosVacbIncRefCount(current);
 
-    Status = CcRosMapVacbInKernelSpace(current);
-    if (!NT_SUCCESS(Status))
-    {
-        RemoveEntryList(&current->CacheMapVacbListEntry);
-        RemoveEntryList(&current->VacbLruListEntry);
-        CcRosReleaseVacb(SharedCacheMap, current, FALSE,
-                         FALSE, FALSE);
-        CcRosVacbDecRefCount(current);
-        ExFreeToNPagedLookasideList(&VacbLookasideList, current);
-    }
-
     return Status;
 }
 

Reply via email to