diff --git a/drivers/network/afd/afd/listen.c b/drivers/network/afd/afd/listen.c index a7b1544f522..1fa7755ce6f 100644 --- a/drivers/network/afd/afd/listen.c +++ b/drivers/network/afd/afd/listen.c @@ -87,15 +87,15 @@ static NTSTATUS NTAPI ListenComplete PAFD_FCB FCB = (PAFD_FCB)Context; PAFD_TDI_OBJECT_QELT Qelt; - if( Irp->Cancel ) { - if( FCB ) FCB->ListenIrp.InFlightRequest = NULL; - return STATUS_CANCELLED; - } - if( !SocketAcquireStateLock( FCB ) ) return Status; FCB->ListenIrp.InFlightRequest = NULL; + if( Irp->Cancel ) { + SocketStateUnlock( FCB ); + return STATUS_SUCCESS; + } + if( FCB->State == SOCKET_STATE_CLOSED ) { SocketStateUnlock( FCB ); DestroySocket( FCB ); diff --git a/drivers/network/afd/afd/lock.c b/drivers/network/afd/afd/lock.c index c1da16bba29..ed7227e5708 100644 --- a/drivers/network/afd/afd/lock.c +++ b/drivers/network/afd/afd/lock.c @@ -68,7 +68,7 @@ PAFD_WSABUF LockBuffers( PAFD_WSABUF Buf, UINT Count, BOOLEAN Write, BOOLEAN LockAddress ) { UINT i; /* Copy the buffer array so we don't lose it */ - UINT Lock = LockAddress ? 2 : 0; + UINT Lock = (LockAddress && AddressLen) ? 2 : 0; UINT Size = sizeof(AFD_WSABUF) * (Count + Lock); PAFD_WSABUF NewBuf = ExAllocatePool( PagedPool, Size * 2 ); PMDL NewMdl; @@ -80,16 +80,13 @@ PAFD_WSABUF LockBuffers( PAFD_WSABUF Buf, UINT Count, _SEH_TRY { RtlCopyMemory( NewBuf, Buf, sizeof(AFD_WSABUF) * Count ); - if( LockAddress && AddressLen ) { + if( LockAddress ) { NewBuf[Count].buf = AddressBuf; NewBuf[Count].len = *AddressLen; Count++; NewBuf[Count].buf = (PVOID)AddressLen; NewBuf[Count].len = sizeof(*AddressLen); Count++; - } else if( LockAddress ) { - RtlZeroMemory(NewBuf, sizeof(*NewBuf) * 2); - Count += 2; } } _SEH_HANDLE { AFD_DbgPrint(MIN_TRACE,("Access violation copying buffer info " diff --git a/drivers/network/afd/afd/main.c b/drivers/network/afd/afd/main.c index 781d4be9601..ae461883196 100644 --- a/drivers/network/afd/afd/main.c +++ b/drivers/network/afd/afd/main.c @@ -153,8 +153,53 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, } VOID DestroySocket( PAFD_FCB FCB ) { + UINT i; + BOOLEAN ReturnEarly = FALSE; + PAFD_IN_FLIGHT_REQUEST InFlightRequest[IN_FLIGHT_REQUESTS]; + AFD_DbgPrint(MIN_TRACE,("Called (%x)\n", FCB)); + if( !SocketAcquireStateLock( FCB ) ) return; + + FCB->State = SOCKET_STATE_CLOSED; + + InFlightRequest[0] = &FCB->ListenIrp; + InFlightRequest[1] = &FCB->ReceiveIrp; + InFlightRequest[2] = &FCB->SendIrp; + InFlightRequest[3] = &FCB->ConnectIrp; + + /* Return early here because we might be called in the mean time. */ + if( FCB->Critical || + FCB->ListenIrp.InFlightRequest || + FCB->ReceiveIrp.InFlightRequest || + FCB->SendIrp.InFlightRequest || + FCB->ConnectIrp.InFlightRequest ) { + AFD_DbgPrint(MIN_TRACE,("Leaving socket alive (%x %x %x %x)\n", + FCB->ListenIrp.InFlightRequest, + FCB->ReceiveIrp.InFlightRequest, + FCB->SendIrp.InFlightRequest, + FCB->ConnectIrp.InFlightRequest)); + ReturnEarly = TRUE; + } + + /* After PoolReeval, this FCB should not be involved in any outstanding + * poll requests */ + + /* Cancel our pending requests */ + for( i = 0; i < IN_FLIGHT_REQUESTS; i++ ) { + if( InFlightRequest[i]->InFlightRequest ) { + AFD_DbgPrint(MID_TRACE,("Cancelling in flight irp %d (%x)\n", + i, InFlightRequest[i]->InFlightRequest)); + InFlightRequest[i]->InFlightRequest->IoStatus.Status = STATUS_CANCELLED; + InFlightRequest[i]->InFlightRequest->IoStatus.Information = 0; + IoCancelIrp( InFlightRequest[i]->InFlightRequest ); + } + } + + SocketStateUnlock( FCB ); + + if( ReturnEarly ) return; + if( FCB->Recv.Window ) ExFreePool( FCB->Recv.Window ); if( FCB->Send.Window ) @@ -182,13 +227,9 @@ static NTSTATUS STDCALL AfdCloseSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp) { - UINT i; - AFD_IN_FLIGHT_REQUEST InFlightRequest[IN_FLIGHT_REQUESTS]; PFILE_OBJECT FileObject = IrpSp->FileObject; PAFD_FCB FCB = FileObject->FsContext; - if (!SocketAcquireStateLock(FCB)) return LostSocket(Irp); - AFD_DbgPrint(MID_TRACE, ("AfdClose(DeviceObject %p Irp %p)\n", DeviceObject, Irp)); @@ -201,57 +242,15 @@ AfdCloseSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, if( FCB->EventSelect ) ObDereferenceObject( FCB->EventSelect ); FileObject->FsContext = NULL; + DestroySocket( FCB ); - FCB->State = SOCKET_STATE_CLOSED; - SocketStateUnlock(FCB); - - InFlightRequest[0] = FCB->ListenIrp; - InFlightRequest[1] = FCB->ReceiveIrp; - InFlightRequest[2] = FCB->SendIrp; - InFlightRequest[3] = FCB->ConnectIrp; - - /* Return early here because we might be called in the mean time. */ - if( !(FCB->Critical || - FCB->ListenIrp.InFlightRequest || - FCB->ReceiveIrp.InFlightRequest || - FCB->SendIrp.InFlightRequest || - FCB->ConnectIrp.InFlightRequest) ) { - AFD_DbgPrint(MIN_TRACE,("Leaving socket alive (%x %x %x)\n", - FCB->ListenIrp.InFlightRequest, - FCB->ReceiveIrp.InFlightRequest, - FCB->SendIrp.InFlightRequest)); - Irp->IoStatus.Status = STATUS_SUCCESS; - Irp->IoStatus.Information = 0; - IoCompleteRequest(Irp, IO_NO_INCREMENT); - } - else - { - /* After PoolReeval, this FCB should not be involved in any outstanding - * poll requests */ - - /* Cancel our pending requests */ - for( i = 0; i < IN_FLIGHT_REQUESTS; i++ ) { - NTSTATUS Status = STATUS_NO_SUCH_FILE; - if( InFlightRequest[i].InFlightRequest ) { - AFD_DbgPrint(MID_TRACE,("Cancelling in flight irp %d (%x)\n", - i, InFlightRequest[i].InFlightRequest)); - InFlightRequest[i].InFlightRequest->IoStatus.Status = Status; - InFlightRequest[i].InFlightRequest->IoStatus.Information = 0; - IoCancelIrp( InFlightRequest[i].InFlightRequest ); - } - } - - FCB->PendingClose = Irp; - DestroySocket( FCB ); - - Irp->IoStatus.Status = STATUS_SUCCESS; - Irp->IoStatus.Information = 0; - IoCompleteRequest(Irp, IO_NO_INCREMENT); - } + Irp->IoStatus.Status = STATUS_SUCCESS; + Irp->IoStatus.Information = 0; + IoCompleteRequest(Irp, IO_NO_INCREMENT); AFD_DbgPrint(MID_TRACE, ("Returning success.\n")); - return Irp->IoStatus.Status; + return STATUS_SUCCESS; } static NTSTATUS STDCALL diff --git a/drivers/network/afd/afd/read.c b/drivers/network/afd/afd/read.c index b3398e87300..048678c0e76 100644 --- a/drivers/network/afd/afd/read.c +++ b/drivers/network/afd/afd/read.c @@ -233,11 +233,6 @@ NTSTATUS NTAPI ReceiveComplete ASSERT_IRQL(APC_LEVEL); - if( Irp->Cancel ) { - if( FCB ) FCB->ReceiveIrp.InFlightRequest = NULL; - return STATUS_CANCELLED; - } - if( !SocketAcquireStateLock( FCB ) ) return Status; FCB->ReceiveIrp.InFlightRequest = NULL; @@ -247,6 +242,7 @@ NTSTATUS NTAPI ReceiveComplete if( FCB->State == SOCKET_STATE_CLOSED ) { AFD_DbgPrint(MIN_TRACE,("!!! CLOSED SOCK GOT A RECEIVE COMPLETE !!!\n")); SocketStateUnlock( FCB ); + DestroySocket( FCB ); return STATUS_SUCCESS; } else if( FCB->State == SOCKET_STATE_LISTENING ) { AFD_DbgPrint(MIN_TRACE,("!!! LISTENER GOT A RECEIVE COMPLETE !!!\n")); @@ -453,17 +449,13 @@ PacketSocketRecvComplete( AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB)); - if( Irp->Cancel ) { - if( FCB ) FCB->ReceiveIrp.InFlightRequest = NULL; - return STATUS_CANCELLED; - } - if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED; FCB->ReceiveIrp.InFlightRequest = NULL; if( FCB->State == SOCKET_STATE_CLOSED ) { SocketStateUnlock( FCB ); + DestroySocket( FCB ); return STATUS_SUCCESS; } diff --git a/drivers/network/afd/afd/tdiconn.c b/drivers/network/afd/afd/tdiconn.c index afc69f2e73e..392adc8c885 100644 --- a/drivers/network/afd/afd/tdiconn.c +++ b/drivers/network/afd/afd/tdiconn.c @@ -172,6 +172,54 @@ TdiBuildConnectionInfo return Status; } +NTSTATUS +TdiBuildConnectionInfoPair +( PTDI_CONNECTION_INFO_PAIR ConnectionInfo, + PTRANSPORT_ADDRESS From, PTRANSPORT_ADDRESS To ) + /* + * FUNCTION: Fill a TDI_CONNECTION_INFO_PAIR struct will the two addresses + * given. + * ARGUMENTS: + * ConnectionInfo: The pair + * From: The from address + * To: The to address + * RETURNS: + * Status of the operation + */ +{ + PCHAR LayoutFrame; + UINT SizeOfEntry; + ULONG TdiAddressSize; + PTDI_CONNECTION_INFORMATION FromTdiConn, ToTdiConn; + + /* FIXME: Get from socket information */ + TdiAddressSize = TdiAddressSizeFromType(From->Address[0].AddressType); + SizeOfEntry = TdiAddressSize + sizeof(TDI_CONNECTION_INFORMATION); + + LayoutFrame = (PCHAR)ExAllocatePool(NonPagedPool, 2 * SizeOfEntry); + + if (!LayoutFrame) { + AFD_DbgPrint(MIN_TRACE, ("Insufficient resources.\n")); + return STATUS_INSUFFICIENT_RESOURCES; + } + + RtlZeroMemory( LayoutFrame, 2 * SizeOfEntry ); + + FromTdiConn = (PTDI_CONNECTION_INFORMATION)LayoutFrame; + ToTdiConn = (PTDI_CONNECTION_INFORMATION)LayoutFrame + SizeOfEntry; + + if (From != NULL) { + TdiBuildConnectionInfoInPlace( FromTdiConn, From ); + } else { + TdiBuildNullConnectionInfoInPlace( FromTdiConn, + From->Address[0].AddressType ); + } + + TdiBuildConnectionInfoInPlace( ToTdiConn, To ); + + return STATUS_SUCCESS; +} + PTA_ADDRESS TdiGetRemoteAddress( PTDI_CONNECTION_INFORMATION TdiConn ) /* * Convenience function that rounds out the abstraction of diff --git a/drivers/network/afd/afd/write.c b/drivers/network/afd/afd/write.c index 60e879de05a..b8406eb8e5a 100644 --- a/drivers/network/afd/afd/write.c +++ b/drivers/network/afd/afd/write.c @@ -40,11 +40,6 @@ static NTSTATUS NTAPI SendComplete ASSERT_IRQL(APC_LEVEL); - if( Irp->Cancel ) { - if( FCB ) FCB->SendIrp.InFlightRequest = NULL; - return STATUS_CANCELLED; - } - if( !SocketAcquireStateLock( FCB ) ) return Status; FCB->SendIrp.InFlightRequest = NULL; @@ -52,6 +47,7 @@ static NTSTATUS NTAPI SendComplete if( FCB->State == SOCKET_STATE_CLOSED ) { SocketStateUnlock( FCB ); + DestroySocket( FCB ); return STATUS_SUCCESS; } @@ -174,11 +170,6 @@ static NTSTATUS NTAPI PacketSocketSendComplete Irp->IoStatus.Status, Irp->IoStatus.Information)); - if( Irp->Cancel ) { - if( FCB ) FCB->SendIrp.InFlightRequest = NULL; - return STATUS_CANCELLED; - } - /* It's ok if the FCB already died */ if( !SocketAcquireStateLock( FCB ) ) return STATUS_SUCCESS; @@ -188,6 +179,12 @@ static NTSTATUS NTAPI PacketSocketSendComplete FCB->SendIrp.InFlightRequest = NULL; /* Request is not in flight any longer */ + if( FCB->State == SOCKET_STATE_CLOSED ) { + SocketStateUnlock( FCB ); + DestroySocket( FCB ); + return STATUS_SUCCESS; + } + SocketStateUnlock( FCB ); return STATUS_SUCCESS; diff --git a/drivers/network/afd/include/afd.h b/drivers/network/afd/include/afd.h index 6d6bc61d116..e77d64bf598 100644 --- a/drivers/network/afd/include/afd.h +++ b/drivers/network/afd/include/afd.h @@ -196,7 +196,6 @@ typedef struct _AFD_FCB { PVOID Context; DWORD PollState; UINT ContextSize; - PIRP PendingClose; LIST_ENTRY PendingIrpList[MAX_FUNCTIONS]; LIST_ENTRY DatagramList; LIST_ENTRY PendingConnections; diff --git a/drivers/network/tcpip/tcpip/dispatch.c b/drivers/network/tcpip/tcpip/dispatch.c index e52d9d866ed..9c7cbeca6b5 100644 --- a/drivers/network/tcpip/tcpip/dispatch.c +++ b/drivers/network/tcpip/tcpip/dispatch.c @@ -53,6 +53,34 @@ NTSTATUS DispPrepareIrpForCancel( return IRPFinish(Irp, STATUS_CANCELLED); } + +VOID DispCancelComplete( + PVOID Context) +/* + * FUNCTION: Completes a cancel request + * ARGUMENTS: + * Context = Pointer to context information (FILE_OBJECT) + */ +{ + /*KIRQL OldIrql;*/ + PFILE_OBJECT FileObject; + PTRANSPORT_CONTEXT TranContext; + + TI_DbgPrint(DEBUG_IRP, ("Called.\n")); + + FileObject = (PFILE_OBJECT)Context; + TranContext = (PTRANSPORT_CONTEXT)FileObject->FsContext; + + /* Set the cleanup event */ + KeSetEvent(&TranContext->CleanupEvent, 0, FALSE); + + /* We are expected to release the cancel spin lock */ + /*IoReleaseCancelSpinLock(OldIrql);*/ + + TI_DbgPrint(DEBUG_IRP, ("Leaving.\n")); +} + + VOID DispDataRequestComplete( PVOID Context, NTSTATUS Status, @@ -127,14 +155,8 @@ VOID DispDoDisconnect( PVOID Data ) { TI_DbgPrint(DEBUG_IRP, ("PostCancel: DoDisconnect done\n")); DispDataRequestComplete(DisType->Irp, STATUS_CANCELLED, 0); -} -VOID DispDoPacketCancel( PVOID Data ) { - TI_DbgPrint(DEBUG_IRP, ("Called.\n")); - PIRP *IrpP = (PIRP *)Data, Irp = *IrpP; - Irp->IoStatus.Status = STATUS_CANCELLED; - Irp->IoStatus.Information = 0; - IoCompleteRequest(Irp, IO_NO_INCREMENT); + DispCancelComplete(DisType->FileObject); } VOID NTAPI DispCancelRequest( @@ -153,7 +175,6 @@ VOID NTAPI DispCancelRequest( UCHAR MinorFunction; DISCONNECT_TYPE DisType; PVOID WorkItem; - PADDRESS_FILE AddrFile; /*NTSTATUS Status = STATUS_SUCCESS;*/ TI_DbgPrint(DEBUG_IRP, ("Called.\n")); @@ -188,23 +209,24 @@ VOID NTAPI DispCancelRequest( if( !ChewCreate( &WorkItem, sizeof(DISCONNECT_TYPE), DispDoDisconnect, &DisType ) ) ASSERT(0); - return; + break; case TDI_SEND_DATAGRAM: if (FileObject->FsContext2 != (PVOID)TDI_TRANSPORT_ADDRESS_FILE) { TI_DbgPrint(MIN_TRACE, ("TDI_SEND_DATAGRAM, but no address file.\n")); break; } - /* Nothing to do. We don't keep them around. */ + + /*DGCancelSendRequest(TranContext->Handle.AddressHandle, Irp);*/ break; case TDI_RECEIVE_DATAGRAM: - AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle; if (FileObject->FsContext2 != (PVOID)TDI_TRANSPORT_ADDRESS_FILE) { TI_DbgPrint(MIN_TRACE, ("TDI_RECEIVE_DATAGRAM, but no address file.\n")); break; } - DGRemoveIRP(AddrFile, Irp); + + /*DGCancelReceiveRequest(TranContext->Handle.AddressHandle, Irp);*/ break; default: @@ -213,8 +235,7 @@ VOID NTAPI DispCancelRequest( } IoReleaseCancelSpinLock(Irp->CancelIrql); - IoCompleteRequest(Irp, IO_NO_INCREMENT); - + TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); } @@ -258,6 +279,9 @@ VOID NTAPI DispCancelListenRequest( IoReleaseCancelSpinLock(Irp->CancelIrql); DispDataRequestComplete(Irp, STATUS_CANCELLED, 0); + + DispCancelComplete(FileObject); + TI_DbgPrint(MAX_TRACE, ("Leaving.\n")); } @@ -793,6 +817,7 @@ NTSTATUS DispTdiReceive( return Status; } + NTSTATUS DispTdiReceiveDatagram( PIRP Irp) /* @@ -809,7 +834,6 @@ NTSTATUS DispTdiReceiveDatagram( TDI_REQUEST Request; NTSTATUS Status; ULONG BytesReceived; - PADDRESS_FILE AddrFile; TI_DbgPrint(DEBUG_IRP, ("Called.\n")); @@ -823,8 +847,6 @@ NTSTATUS DispTdiReceiveDatagram( return STATUS_INVALID_ADDRESS; } - AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle; - /* Initialize a receive request */ Request.Handle.AddressHandle = TranContext->Handle.AddressHandle; Request.RequestNotifyObject = DispDataRequestComplete; @@ -844,21 +866,21 @@ NTSTATUS DispTdiReceiveDatagram( &DataBuffer, &BufferSize ); - Status = DGReceiveDatagram( - AddrFile, - DgramInfo->ReceiveDatagramInformation, - DataBuffer, - DgramInfo->ReceiveLength, - DgramInfo->ReceiveFlags, - DgramInfo->ReturnDatagramInformation, - &BytesReceived, - (PDATAGRAM_COMPLETION_ROUTINE)DispDataRequestComplete, - Irp, - Irp); - if (Status != STATUS_PENDING) { - DispDataRequestComplete(Irp, Status, BytesReceived); - } else - IoMarkIrpPending(Irp); + Status = DGReceiveDatagram( + Request.Handle.AddressHandle, + DgramInfo->ReceiveDatagramInformation, + DataBuffer, + DgramInfo->ReceiveLength, + DgramInfo->ReceiveFlags, + DgramInfo->ReturnDatagramInformation, + &BytesReceived, + (PDATAGRAM_COMPLETION_ROUTINE)DispDataRequestComplete, + Irp, + Irp); + if (Status != STATUS_PENDING) { + DispDataRequestComplete(Irp, Status, BytesReceived); + } else + IoMarkIrpPending(Irp); } TI_DbgPrint(DEBUG_IRP, ("Leaving. Status is (0x%X)\n", Status)); diff --git a/drivers/network/tcpip/tcpip/main.c b/drivers/network/tcpip/tcpip/main.c index 04ae7676542..19c5a67a681 100644 --- a/drivers/network/tcpip/tcpip/main.c +++ b/drivers/network/tcpip/tcpip/main.c @@ -138,6 +138,7 @@ CP } CP Context->CancelIrps = FALSE; + KeInitializeEvent(&Context->CleanupEvent, NotificationEvent, FALSE); CP IrpSp = IoGetCurrentIrpStackLocation(Irp); IrpSp->FileObject->FsContext = Context; @@ -265,11 +266,20 @@ VOID TiCleanupFileObjectComplete( { PIRP Irp; PIO_STACK_LOCATION IrpSp; + PTRANSPORT_CONTEXT TranContext; + KIRQL OldIrql; Irp = (PIRP)Context; IrpSp = IoGetCurrentIrpStackLocation(Irp); + TranContext = (PTRANSPORT_CONTEXT)IrpSp->FileObject->FsContext; Irp->IoStatus.Status = Status; + + IoAcquireCancelSpinLock(&OldIrql); + + KeSetEvent(&TranContext->CleanupEvent, 0, FALSE); + + IoReleaseCancelSpinLock(OldIrql); } @@ -303,6 +313,7 @@ NTSTATUS TiCleanupFileObject( IoAcquireCancelSpinLock(&OldIrql); Context->CancelIrps = TRUE; + KeResetEvent(&Context->CleanupEvent); IoReleaseCancelSpinLock(OldIrql); @@ -339,6 +350,16 @@ NTSTATUS TiCleanupFileObject( return Irp->IoStatus.Status; } + if (Status != STATUS_PENDING) + { + IoAcquireCancelSpinLock(&OldIrql); + KeSetEvent(&Context->CleanupEvent, 0, FALSE); + IoReleaseCancelSpinLock(OldIrql); + + KeWaitForSingleObject(&Context->CleanupEvent, + UserRequest, KernelMode, FALSE, NULL); + } + Irp->IoStatus.Status = Status; return Irp->IoStatus.Status;