[FASTFAT] Don't leak directories FILE_OBJECT, FCB and cache entries.

Once a directory is crossed (opened or a child is opened), associated FCB structure is created in FastFAT, but also a stream FO for caching. Up to now, due to an extra reference taken by the stream file object, even when the directory was no longer used, the directory was kept in memory: the FCB was never deleted, the file object was never dereferenced, and the cache never released. The immediate effect of this bug is that our FAT driver was leaking every directory that was used affecting the whole OS situation. In case of directories intensive operation (like extraction the ReactOS source code in ReactOS ;-)), we were just killin the whole OS RAM without any way to release it and recover. The other side effects: IOs were faster as half of the FS was always permanant in RAM. This commit fixes the issue by forcing the FSD to release the FO, and the cache when a directory is no longer used, leading to its destruction in RAM. Downside: on IO intensive operation, expect slowdowns, obviously, there's less caching now. But more efficient! CORE-14557
2024-12-28 01:55:19 +00:00 · 2018-04-26 18:25:19 +02:00 · 2018-04-26 18:25:19 +02:00 · 94ead99e0c
commit 94ead99e0c
parent 2ea6de8a42
2 changed files with 18 additions and 3 deletions
--- a/drivers/filesystems/fastfat/cleanup.c
+++ b/drivers/filesystems/fastfat/cleanup.c
@ -107,6 +107,7 @@ VfatCleanupFile(
                {
                    pFcb->FileObject = NULL;
                    CcUninitializeCacheMap(tmpFileObject, NULL, NULL);
+                    ClearFlag(pFcb->Flags, FCB_CACHE_INITIALIZED);
                    ObDereferenceObject(tmpFileObject);
                }

--- a/drivers/filesystems/fastfat/fcb.c
+++ b/drivers/filesystems/fastfat/fcb.c
@ -313,10 +313,24 @@ vfatReleaseFCB(

    while (pFCB)
    {
+        ULONG RefCount;
+
        ASSERT(pFCB != pVCB->VolumeFcb);
        ASSERT(pFCB->RefCount > 0);
-        pFCB->RefCount--;
-        if (pFCB->RefCount == 0)
+        RefCount = --pFCB->RefCount;
+
+        if (RefCount == 1 && BooleanFlagOn(pFCB->Flags, FCB_CACHE_INITIALIZED))
+        {
+            PFILE_OBJECT tmpFileObject;
+            tmpFileObject = pFCB->FileObject;
+
+            pFCB->FileObject = NULL;
+            CcUninitializeCacheMap(tmpFileObject, NULL, NULL);
+            ClearFlag(pFCB->Flags, FCB_CACHE_INITIALIZED);
+            ObDereferenceObject(tmpFileObject);
+        }
+
+        if (RefCount == 0)
        {
            ASSERT(pFCB->OpenHandleCount == 0);
            tmpFcb = pFCB->parentFcb;
@ -623,7 +637,7 @@ vfatFCBInitializeCacheFromVolume(
    _SEH2_END;

    vfatGrabFCB(vcb, fcb);
-    fcb->Flags |= FCB_CACHE_INITIALIZED;
+    SetFlag(fcb->Flags, FCB_CACHE_INITIALIZED);
    return STATUS_SUCCESS;
 }