|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [XENCONS PATCH] Do not call IoMarkIrpPending on queued R/W IRPs
ConsoleAbiPutQueue eventually calls IoCsqInsertIrpEx, which may complete
the IRP if it's already being canceled.
Calling IoMarkIrpPending on such IRPs will cause a crash:
# Child-SP RetAddr Call Site
00 ffffd100`df0ad498 fffff803`36573569 nt!KeBugCheckEx
01 ffffd100`df0ad4a0 fffff803`365727fc nt!KiBugCheckDispatch+0x69
02 ffffd100`df0ad5e0 fffff803`3656b00d nt!KiSystemServiceHandler+0x7c
03 ffffd100`df0ad620 fffff803`36448ba1
nt!RtlpExecuteHandlerForException+0xd
04 ffffd100`df0ad650 fffff803`364479c4 nt!RtlDispatchException+0x421
05 ffffd100`df0add50 fffff803`36573642 nt!KiDispatchException+0x1e4
06 ffffd100`df0ae400 fffff803`36571edc nt!KiExceptionDispatch+0xc2
07 ffffd100`df0ae5e0 fffff80c`f0691a47 nt!KiRaiseAssertion+0x2dc
08 ffffd100`df0ae770 fffff80c`f0697b63
xencons!IoGetCurrentIrpStackLocation(
struct _IRP * Irp = 0xffffc082`64dc5170)+0x37
[10.0.26100.0\km\wdm.h @ 34677]
09 ffffd100`df0ae790 fffff80c`f069ca13 xencons!IoMarkIrpPending(
struct _IRP * Irp = 0xffffc082`64dc5170)+0x13
[10.0.26100.0\km\wdm.h @ 35091]
0a ffffd100`df0ae7d0 fffff80c`f069c45c
xencons!PdoDispatchReadWriteControl(
struct _XENCONS_PDO * Pdo = 0xffffc082`645bc690,
struct _IRP * Irp = 0xffffc082`64dc5170)+0x53
[src\xencons\pdo.c @ 1801]
0b ffffd100`df0ae810 fffff80c`f06913c9 xencons!PdoDispatch(
struct _XENCONS_PDO * Pdo = 0xffffc082`645bc690,
struct _IRP * Irp = 0xffffc082`64dc5170)+0xcc
[src\xencons\pdo.c @ 1863]
0c ffffd100`df0ae850 fffff803`36919aa0 xencons!Dispatch(
struct _DEVICE_OBJECT * DeviceObject =
0xffffc082`6468fd30 Device for "\Driver\xencons",
struct _IRP * Irp = 0xffffc082`64dc5170)+0x249
[src\xencons\driver.c @ 230]
0d ffffd100`df0ae8d0 fffff803`3691adbd
nt!IopSynchronousServiceTail+0x1a0
0e ffffd100`df0ae990 fffff803`36572d93 nt!NtWriteFile+0x66d
0f ffffd100`df0aea90 00007ffb`e6756194 nt!KiSystemServiceCopyEnd+0x13
10 000000a5`140ff318 00000000`00000000 0x00007ffb`e6756194
IRP object:
(*((xencons!_IRP *)0xffffc08264dc5170)) [Type: _IRP]
[+0x000] Type : 2288 [Type: short]
[+0x002] Size : 0x64c2 [Type: unsigned short]
[+0x008] MdlAddress : 0x0 [Type: _MDL *]
[+0x010] Flags : 0x60a00 [Type: unsigned long]
[+0x018] AssociatedIrp [Type: <unnamed-tag>]
[+0x020] ThreadListEntry [Type: _LIST_ENTRY]
[+0x030] IoStatus [Type: _IO_STATUS_BLOCK]
[+0x040] RequestorMode : 1 [Type: char]
[+0x041] PendingReturned : 0x1 [Type: unsigned char]
[+0x042] StackCount : 1 [Type: char]
[+0x043] CurrentLocation : 3 [Type: char]
[+0x044] Cancel : 0x0 [Type: unsigned char]
[+0x045] CancelIrql : 0x0 [Type: unsigned char]
[+0x046] ApcEnvironment : 0 [Type: char]
[+0x047] AllocationFlags : 0x6 [Type: unsigned char]
[+0x048] UserIosb : 0xa5140ff370 [Type: _IO_STATUS_BLOCK *]
[+0x048] IoRingContext : 0xa5140ff370 [Type: void *]
[+0x050] UserEvent : 0x0 [Type: _KEVENT *]
[+0x058] Overlay [Type: <unnamed-tag>]
[+0x068] CancelRoutine : 0x0 : 0x0 [Type: void (__cdecl*)(_DEVICE_OBJECT
*,_IRP *)]
[+0x070] UserBuffer : 0x0 [Type: void *]
[+0x078] Tail [Type: <unnamed-tag>]
Signed-off-by: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>
---
src/xencons/pdo.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/xencons/pdo.c b/src/xencons/pdo.c
index 7e42862..87b3230 100644
--- a/src/xencons/pdo.c
+++ b/src/xencons/pdo.c
@@ -1797,15 +1797,11 @@ PdoDispatchReadWriteControl(
status = XENCONS_CONSOLE_ABI(PutQueue,
&Pdo->Abi,
Irp);
- if (status == STATUS_PENDING) {
- IoMarkIrpPending(Irp);
- goto done;
+ if (status != STATUS_PENDING) {
+ Irp->IoStatus.Status = status;
+ IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
- Irp->IoStatus.Status = status;
- IoCompleteRequest(Irp, IO_NO_INCREMENT);
-
-done:
return status;
}
--
2.51.0.windows.2
--
Ngoc Tu Dinh | Vates XCP-ng Developer
XCP-ng & Xen Orchestra - Vates solutions
web: https://vates.tech
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |