- Save pointer to driver's section in DriverSection during driver loading.

- Fix unloading function to check if a driver to be unloaded really has DriverSection set, and if not, fail. - Inspired by bug 3221. See issue #3221 for more details. svn path=/trunk/; revision=34526
2025-02-23 17:05:46 +00:00 · 2008-07-15 14:24:47 +00:00 · 2008-07-15 14:24:47 +00:00 · a7d600b8b8
commit a7d600b8b8
parent 81c0fbc19f
1 changed files with 18 additions and 6 deletions
--- a/reactos/ntoskrnl/io/iomgr/driver.c
+++ b/reactos/ntoskrnl/io/iomgr/driver.c
@ -1085,7 +1085,7 @@ IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
    */

    /* Call the load/unload routine, depending on current process */
-   if (DriverObject->DriverUnload)
+   if (DriverObject->DriverUnload && DriverObject->DriverSection)
   {
      if (PsGetCurrentProcess() == PsInitialSystemProcess)
      {
@ -1111,13 +1111,22 @@ IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
         KeWaitForSingleObject(&LoadParams.Event, UserRequest, KernelMode,
             FALSE, NULL);
      }
+
+      /* Unload the driver */
+      ObDereferenceObject(DriverObject);
+      ObDereferenceObject(DriverObject);
+      MmUnloadSystemImage(DriverObject->DriverSection);
+
+      return STATUS_SUCCESS;
   }
+   else
+   {
+      /* Dereference one time (refd inside this function) */
+      ObDereferenceObject(DriverObject);

-   ObDereferenceObject(DriverObject);
-   ObDereferenceObject(DriverObject);
-   MmUnloadSystemImage(DriverObject->DriverSection);
-
-   return STATUS_SUCCESS;
+      /* Return unloading failure */
+      return STATUS_INVALID_DEVICE_REQUEST;
+   }
 }

 VOID
@ -1718,6 +1727,9 @@ IopLoadUnloadDriver(PLOAD_UNLOAD_PARAMS LoadParams)
           }
       }

+       /* Store its DriverSection, so that it could be unloaded */
+       DriverObject->DriverSection = ModuleObject;
+
       /* We have a driver for this DeviceNode */
       DeviceNode->Flags |= DN_DRIVER_LOADED;
   }