From f8cbc3e48c3a60d7451168b793f669eaafce1d8b Mon Sep 17 00:00:00 2001
From: Ged Murphy <gedmurphy@reactos.org>
Date: Tue, 5 Jan 2016 18:58:32 +0000
Subject: [PATCH] [NTOSKRNL] - Use the LockQueueIoDatabaseLock spinlock to
 guard the device list instead of blindly raising the IRQL - Add missing lock
 to IopEditDeviceList

svn path=/trunk/; revision=70496
---
 reactos/ntoskrnl/io/iomgr/device.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/reactos/ntoskrnl/io/iomgr/device.c b/reactos/ntoskrnl/io/iomgr/device.c
index 13e21e4f58e..55b8bf6c202 100644
--- a/reactos/ntoskrnl/io/iomgr/device.c
+++ b/reactos/ntoskrnl/io/iomgr/device.c
@@ -333,6 +333,10 @@ IopEditDeviceList(IN PDRIVER_OBJECT DriverObject,
                   IN IOP_DEVICE_LIST_OPERATION Type)
 {
     PDEVICE_OBJECT Previous;
+    KIRQL OldIrql;
+
+    /* Lock the Device list while we edit it */
+    OldIrql = KeAcquireQueuedSpinLock(LockQueueIoDatabaseLock);
 
     /* Check the type of operation */
     if (Type == IopRemove)
@@ -353,7 +357,12 @@ IopEditDeviceList(IN PDRIVER_OBJECT DriverObject,
                 /* Not this one, keep moving */
                 if (!Previous->NextDevice)
                 {
-                    DPRINT1("Failed to remove PDO %p on driver %wZ (not found)\n", DeviceObject, &DeviceObject->DriverObject->DriverName);
+                    DPRINT1("Failed to remove PDO %p on driver %wZ (not found)\n",
+                            DeviceObject,
+                            &DeviceObject->DriverObject->DriverName);
+
+                    ASSERT(FALSE);
+                    KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock, OldIrql);
                     return;
                 }
                 Previous = Previous->NextDevice;
@@ -369,6 +378,9 @@ IopEditDeviceList(IN PDRIVER_OBJECT DriverObject,
         DeviceObject->NextDevice = DriverObject->DeviceObject;
         DriverObject->DeviceObject = DeviceObject;
     }
+
+    /* Release the device list lock */
+    KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock, OldIrql);
 }
 
 VOID
@@ -1090,8 +1102,8 @@ IoEnumerateDeviceObjectList(IN  PDRIVER_OBJECT DriverObject,
     PDEVICE_OBJECT CurrentDevice = DriverObject->DeviceObject;
     KIRQL OldIrql;
 
-    /* Raise to dispatch level */
-    KeRaiseIrql(DISPATCH_LEVEL, &OldIrql);
+    /* Lock the Device list while we enumerate it */
+    OldIrql = KeAcquireQueuedSpinLock(LockQueueIoDatabaseLock);
 
     /* Find out how many devices we'll enumerate */
     while ((CurrentDevice = CurrentDevice->NextDevice)) ActualDevices++;
@@ -1106,7 +1118,7 @@ IoEnumerateDeviceObjectList(IN  PDRIVER_OBJECT DriverObject,
     if ((ActualDevices * sizeof(PDEVICE_OBJECT)) > DeviceObjectListSize)
     {
         /* Fail because the buffer was too small */
-        KeLowerIrql(OldIrql);
+        KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock, OldIrql);
         return STATUS_BUFFER_TOO_SMALL;
     }
 
@@ -1129,8 +1141,8 @@ IoEnumerateDeviceObjectList(IN  PDRIVER_OBJECT DriverObject,
         }
     }
 
-    /* Return back to previous IRQL */
-    KeLowerIrql(OldIrql);
+    /* Release the device list lock */
+    KeReleaseQueuedSpinLock(LockQueueIoDatabaseLock, OldIrql);
 
     /* Return the status */
     return STATUS_SUCCESS;