- Enable sanity check in ObInsertObject to catch assholes that were calling it incorrectly (without a Handle output parameter, which is only allowed in a specific scenario). Changes:

- Registry code which was calling ObInsertObject for no reason at all. Now an ugly hack has been added to Cm code to perform the only operation the insert did -> to free the create info.
   - SeSubProcessToken was broken and calling it incorrectly, fixed.
   - \Device\PhysicalMemory was being inserted incorrectly, fixed.
   - Boot-time driver objects were being inserted for no reason, call removed.
- Support the only case of ObInsertObject where it is OK to call it without an output handle. This codepath will only charge quota instead of creating the full-blown handle.

svn path=/trunk/; revision=25394

reactos/ntoskrnl/cm/registry.c

@@ -597,6 +597,7 @@ CmiConnectHive(IN POBJECT_ATTRIBUTES KeyObjectAttributes,
 	RtlFreeUnicodeString(&RemainingPath);
 	return Status;
       }
+#if 0
     DPRINT("Inserting Key into Object Tree\n");
     Status =  ObInsertObject((PVOID)NewKey,
                              NULL,
@@ -605,6 +606,11 @@ CmiConnectHive(IN POBJECT_ATTRIBUTES KeyObjectAttributes,
                              NULL,
                              NULL);
   DPRINT("Status %x\n", Status);
+#else
+    /* Free the create information */
+    ObpFreeAndReleaseCapturedAttributes(OBJECT_TO_OBJECT_HEADER(NewKey)->ObjectCreateInfo);
+    OBJECT_TO_OBJECT_HEADER(NewKey)->ObjectCreateInfo = NULL;
+#endif
   NewKey->Flags = 0;
   NewKey->SubKeyCounts = 0;
   NewKey->SubKeys = NULL;

reactos/ntoskrnl/cm/regobj.c

@@ -382,6 +382,7 @@ CmiObjectParse(IN PVOID ParsedObject,
           RtlFreeUnicodeString(&KeyName);
           return(Status);
         }
+#if 0
       DPRINT("Inserting Key into Object Tree\n");
       Status = ObInsertObject((PVOID)FoundObject,
                               NULL,
@@ -390,6 +391,11 @@ CmiObjectParse(IN PVOID ParsedObject,
                               NULL,
                               NULL);
       DPRINT("Status %x\n", Status);
+#else
+/* Free the create information */
+ObpFreeAndReleaseCapturedAttributes(OBJECT_TO_OBJECT_HEADER(FoundObject)->ObjectCreateInfo);
+OBJECT_TO_OBJECT_HEADER(FoundObject)->ObjectCreateInfo = NULL;
+#endif
 
       /* Add the keep-alive reference */
       ObReferenceObject(FoundObject);

reactos/ntoskrnl/io/iomgr/driver.c

@@ -263,18 +263,6 @@ IopCreateDriverObject(
          ExFreePool(Buffer);
    }
 
-
-   Status = ObInsertObject(Object,
-                           NULL,
-                           FILE_ALL_ACCESS,
-                           0,
-                           NULL,
-                           NULL);
-   if (!NT_SUCCESS(Status))
-   {
-      return Status;
-   }  
-
    *DriverObject = Object;
 
    return STATUS_SUCCESS;

reactos/ntoskrnl/mm/section.c

@@ -2216,6 +2216,7 @@ MmCreatePhysicalMemorySection(VOID)
    OBJECT_ATTRIBUTES Obj;
    UNICODE_STRING Name = RTL_CONSTANT_STRING(L"\\Device\\PhysicalMemory");
    LARGE_INTEGER SectionSize;
+   HANDLE Handle;
 
    /*
     * Create the section mapping physical memory
@@ -2244,11 +2245,12 @@ MmCreatePhysicalMemorySection(VOID)
                            SECTION_ALL_ACCESS,
                            0,
                            NULL,
-                           NULL);
+                           &Handle);
    if (!NT_SUCCESS(Status))
    {
       ObDereferenceObject(PhysSection);
    }
+   ObCloseHandle(Handle, KernelMode);
    PhysSection->AllocationAttributes |= SEC_PHYSICALMEMORY;
    PhysSection->Segment->Flags &= ~MM_PAGEFILE_SEGMENT;
 

reactos/ntoskrnl/ob/obhandle.c

@@ -2329,6 +2329,7 @@ ObInsertObject(IN PVOID Object,
     OB_OPEN_REASON OpenReason;
     KPROCESSOR_MODE PreviousMode;
     NTSTATUS Status = STATUS_SUCCESS, RealStatus;
+    BOOLEAN IsNewObject;
     PAGED_CODE();
 
     /* Get the Header */
@@ -2371,34 +2372,28 @@ ObInsertObject(IN PVOID Object,
         ObjectName = &ObjectNameInfo->Name;
     }
 
-    /* Sanity check, but broken on ROS due to Cm */
+    /* Sanity check */
-#if 0
     ASSERT((Handle) ||
            ((ObjectPointerBias == 0) &&
             (ObjectName == NULL) &&
             (ObjectType->TypeInfo.SecurityRequired) &&
             (NewObject == NULL)));
-#endif
 
     /* Check if the object is unnamed and also doesn't have security */
     PreviousMode = KeGetPreviousMode();
     if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
     {
-        /* ReactOS HACK */
+        /* Assume failure */
-        if (Handle)
+        *Handle = NULL;
-        {
-            /* Assume failure */
-            *Handle = NULL;
 
-            /* Create the handle */
+        /* Create the handle */
-            Status = ObpCreateUnnamedHandle(Object,
+        Status = ObpCreateUnnamedHandle(Object,
-                                            DesiredAccess,
+                                        DesiredAccess,
-                                            ObjectPointerBias + 1,
+                                        ObjectPointerBias + 1,
-                                            ObjectCreateInfo->Attributes,
+                                        ObjectCreateInfo->Attributes,
-                                            PreviousMode,
+                                        PreviousMode,
-                                            NewObject,
+                                        NewObject,
-                                            Handle);
+                                        Handle);
-        }
 
         /* Free the create information */
         ObpFreeAndReleaseCapturedAttributes(ObjectCreateInfo);
@@ -2408,7 +2403,7 @@ ObInsertObject(IN PVOID Object,
         if (ObjectNameInfo) ObpDecrementQueryReference(ObjectNameInfo);
 
         /* Remove the extra keep-alive reference */
-        if (Handle) ObDereferenceObject(Object);
+        ObDereferenceObject(Object);
 
         /* Return */
         OBTRACE(OB_HANDLE_DEBUG,
@@ -2590,12 +2585,7 @@ ObInsertObject(IN PVOID Object,
     /* Save the actual status until here */
     RealStatus = Status;
 
-    /* HACKHACK: Because of ROS's incorrect startup, this can be called
+    /* Check if caller wants us to create a handle */
-     * without a valid Process until I finalize the startup patch,
-     * so don't create a handle if this is the case. We also don't create
-     * a handle if Handle is NULL when the Registry Code calls it, because
-     * the registry code totally bastardizes the Ob and needs to be fixed
-     */
     ObjectHeader->ObjectCreateInfo = NULL;
     if (Handle)
     {
@@ -2610,29 +2600,39 @@ ObInsertObject(IN PVOID Object,
                                  PreviousMode,
                                  NewObject,
                                  Handle);
-    }
+        if (!NT_SUCCESS(Status))
+        {
+            /* If the object had a name, backout everything */
+            if (ObjectName) ObpDeleteNameCheck(Object);
 
-    /* Check if creating the handle failed */
+            /* Return the status of the failure */
-    if (!NT_SUCCESS(Status))
+            *Handle = NULL;
+            RealStatus = Status;
+        }
+
+        /* Remove a query reference */
+        if (ObjectNameInfo) ObpDecrementQueryReference(ObjectNameInfo);
+
+        /* Remove the extra keep-alive reference */
+        ObDereferenceObject(Object);
+    }
+    else
     {
-        /* If the object had a name, backout everything */
+        /* Otherwise, lock the object type */
-        if (ObjectName) ObpDeleteNameCheck(Object);
+        ObpEnterObjectTypeMutex(ObjectType);
+
+        /* And charge quota for the process to make it appear as used */
+        RealStatus = ObpChargeQuotaForObject(ObjectHeader,
+                                             ObjectType,
+                                             &IsNewObject);
+
+        /* Release the lock */
+        ObpLeaveObjectTypeMutex(ObjectType);
+
+        /* Check if we failed and dereference the object if so */
+        if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
     }
 
-    /* Check our final status */
-    if (!NT_SUCCESS(Status))
-    {
-        /* Return the status of the failure */
-        *Handle = NULL;
-        RealStatus = Status;
-    }
-
-    /* Remove a query reference */
-    if (ObjectNameInfo) ObpDecrementQueryReference(ObjectNameInfo);
-
-    /* Remove the extra keep-alive reference */
-    if (Handle) ObDereferenceObject(Object);
-
     /* We can delete the Create Info now */
     ObpFreeAndReleaseCapturedAttributes(ObjectCreateInfo);
 

reactos/ntoskrnl/se/token.c

@@ -350,7 +350,7 @@ SeSubProcessToken(IN PTOKEN ParentToken,
         Status = ObInsertObject(NewToken,
                                 NULL,
                                 0,
-                                1,
+                                0,
                                 NULL,
                                 NULL);
         if (NT_SUCCESS(Status))
@@ -658,6 +658,8 @@ SepInitializeTokenImplementation(VOID)
     RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
     RtlInitUnicodeString(&Name, L"Token");
     ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
+    ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
+    ObjectTypeInitializer.SecurityRequired = TRUE;
     ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
     ObjectTypeInitializer.GenericMapping = SepTokenMapping;
     ObjectTypeInitializer.PoolType = PagedPool;