From fde02cbbc1ab22d571d507de629667300cdc4edd Mon Sep 17 00:00:00 2001 From: Alex Ionescu Date: Sat, 14 Jan 2006 08:49:10 +0000 Subject: [PATCH] - Fix flaw in win32k hardware message queue which used KMUTEX instead of KMUTANT, thus double-disabling Kernel APCs during the parsing of the queue, which would result in actually deliving hardware message callbacks with Kernel APCs disabled when going to user-mode. This was detected when my new user-mode callback rewrite added checks for this situation, and it originally caused a bugcheck. Since the message queue code is now fixed, the bugcheck has been re-enabled, hopefully no other such violations will be detected (I was able to run/install firefox for a couple of minutes and there was no APC_INDEX_MISMATCH crash). Fixes bug 1272, and thanks to Filip for doing some late-night IRC analysis with me. svn path=/trunk/; revision=20846 --- reactos/ntoskrnl/ke/i386/usercall_asm.S | 2 -- reactos/subsys/win32k/ntuser/msgqueue.c | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/reactos/ntoskrnl/ke/i386/usercall_asm.S b/reactos/ntoskrnl/ke/i386/usercall_asm.S index 03f5a2114ee..161f3c25fdf 100644 --- a/reactos/ntoskrnl/ke/i386/usercall_asm.S +++ b/reactos/ntoskrnl/ke/i386/usercall_asm.S @@ -87,7 +87,6 @@ _KiCallUserMode@8: AtPassive: -#if 0 /* Make sure that we are not attached and that APCs are not disabled */ movzx eax, byte ptr [ebx+KTHREAD_APC_STATE_INDEX] mov edx, [ebx+KTHREAD_COMBINED_APC_DISABLE] @@ -104,7 +103,6 @@ InvalidIndex: push 0 push APC_INDEX_MISMATCH call _KeBugCheckEx@20 -#endif ApcsEnabled: #endif diff --git a/reactos/subsys/win32k/ntuser/msgqueue.c b/reactos/subsys/win32k/ntuser/msgqueue.c index 2b2c7f46ca2..2ea5cd8632a 100644 --- a/reactos/subsys/win32k/ntuser/msgqueue.c +++ b/reactos/subsys/win32k/ntuser/msgqueue.c @@ -46,7 +46,7 @@ static KSPIN_LOCK SystemMessageQueueLock; static ULONG volatile HardwareMessageQueueStamp = 0; static LIST_ENTRY HardwareMessageQueueHead; -static KMUTEX HardwareMessageQueueLock; +static KMUTANT HardwareMessageQueueLock; static KEVENT HardwareMessageEvent; @@ -60,7 +60,7 @@ static PAGED_LOOKASIDE_LIST TimerLookasideList; KeReleaseSpinLock(&SystemMessageQueueLock, OldIrql) #define IntUnLockSystemHardwareMessageQueueLock(Wait) \ - KeReleaseMutex(&HardwareMessageQueueLock, Wait) + KeReleaseMutant(&HardwareMessageQueueLock, IO_NO_INCREMENT, FALSE, Wait) /* FUNCTIONS *****************************************************************/ @@ -122,7 +122,7 @@ MsqInitializeImpl(VOID) InitializeListHead(&HardwareMessageQueueHead); KeInitializeEvent(&HardwareMessageEvent, NotificationEvent, 0); KeInitializeSpinLock(&SystemMessageQueueLock); - KeInitializeMutex(&HardwareMessageQueueLock, 0); + KeInitializeMutant(&HardwareMessageQueueLock, 0); ExInitializePagedLookasideList(&MessageLookasideList, NULL,