From 29eda3e5dcc0fa63139eeb9dac3f6116a2c106fd Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Mon, 5 Oct 2009 01:44:17 +0000 Subject: [PATCH] - Cancel pending user IRPs when we get a IRP_MJ_CLEANUP request - Previously there was some confusion between IRPs in PendingIrpList and InFlightRequest, InFlightRequest IRPs go from AFD to a TDI transport driver (tcpip) which are sent on behalf of AFD and are cancelled upon socket destruction (IRP_MJ_CLOSE) vs. IRPs in the PendingIrpList which go from user-mode to AFD which are sent of behalf of the user and should be cancelled when handling IRP_MJ_CLEANUP svn path=/trunk/; revision=43296 --- reactos/drivers/network/afd/afd/main.c | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/reactos/drivers/network/afd/afd/main.c b/reactos/drivers/network/afd/afd/main.c index 3df1faec10a..b827eed4183 100644 --- a/reactos/drivers/network/afd/afd/main.c +++ b/reactos/drivers/network/afd/afd/main.c @@ -171,6 +171,38 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, return Status; } +static NTSTATUS NTAPI +AfdCleanupSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, + PIO_STACK_LOCATION IrpSp) +{ + PFILE_OBJECT FileObject = IrpSp->FileObject; + PAFD_FCB FCB = FileObject->FsContext; + PLIST_ENTRY CurrentEntry, NextEntry; + UINT Function; + PIRP CurrentIrp; + + if( !SocketAcquireStateLock( FCB ) ) return LostSocket(Irp); + + for (Function = 0; Function < MAX_FUNCTIONS; Function++) + { + CurrentEntry = FCB->PendingIrpList[Function].Flink; + while (CurrentEntry != &FCB->PendingIrpList[Function]) + { + NextEntry = CurrentEntry->Flink; + CurrentIrp = CONTAINING_RECORD(CurrentEntry, IRP, Tail.Overlay.ListEntry); + + /* The cancel routine will remove the IRP from the list */ + IoCancelIrp(CurrentIrp); + + CurrentEntry = NextEntry; + } + } + + KillSelectsForFCB( FCB->DeviceExt, FileObject, FALSE ); + + return UnlockAndMaybeComplete(FCB, STATUS_SUCCESS, Irp, 0); +} + static NTSTATUS NTAPI AfdCloseSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp) @@ -347,6 +379,9 @@ AfdDispatch(PDEVICE_OBJECT DeviceObject, PIRP Irp) /* Ditto the borrowing */ return AfdCloseSocket(DeviceObject, Irp, IrpSp); + case IRP_MJ_CLEANUP: + return AfdCleanupSocket(DeviceObject, Irp, IrpSp); + /* write data */ case IRP_MJ_WRITE: return AfdConnectedSocketWriteData( DeviceObject, Irp, IrpSp, TRUE ); @@ -626,6 +661,7 @@ DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) /* register driver routines */ DriverObject->MajorFunction[IRP_MJ_CLOSE] = AfdDispatch; DriverObject->MajorFunction[IRP_MJ_CREATE] = AfdDispatch; + DriverObject->MajorFunction[IRP_MJ_CLEANUP] = AfdDispatch; DriverObject->MajorFunction[IRP_MJ_WRITE] = AfdDispatch; DriverObject->MajorFunction[IRP_MJ_READ] = AfdDispatch; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = AfdDispatch;