Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-03 21:09:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
reactos/drivers/storage/class/cdrom/ioctl.c

9134 lines
286 KiB
C
Raw Blame History

/*--
Copyright (C) Microsoft Corporation. All rights reserved.
Module Name:
ioctl.c
Abstract:
Include all funtions for processing IOCTLs
Environment:
kernel mode only
Notes:
Revision History:
--*/
#include "stddef.h"
#include "string.h"
#include "ntddk.h"
#include "ntddstor.h"
#include "cdrom.h"
#include "ioctl.h"
#include "scratch.h"
#include "mmc.h"
#ifdef DEBUG_USE_WPP
#include "ioctl.tmh"
#endif
#define FirstDriveLetter 'C'
#define LastDriveLetter 'Z'
#if DBG
LPCSTR READ_DVD_STRUCTURE_FORMAT_STRINGS[DvdMaxDescriptor+1] = {
"Physical",
"Copyright",
"DiskKey",
"BCA",
"Manufacturer",
"Unknown"
};
#endif // DBG
_IRQL_requires_max_(APC_LEVEL)
VOID
GetConfigurationDataConversionTypeAllToTypeOne(
_In_ FEATURE_NUMBER RequestedFeature,
_In_ PSCSI_REQUEST_BLOCK Srb,
_Out_ size_t * DataLength
);
_IRQL_requires_max_(APC_LEVEL)
VOID
GetConfigurationDataSynthesize(
_In_reads_bytes_(InputBufferSize) PVOID InputBuffer,
_In_ ULONG InputBufferSize,
_Out_writes_bytes_(OutputBufferSize) PVOID OutputBuffer,
_In_ size_t OutputBufferSize,
_In_ FEATURE_NUMBER StartingFeature,
_In_ ULONG RequestType,
_Out_ size_t * DataLength
);
_IRQL_requires_max_(APC_LEVEL)
PCDB
RequestGetScsiPassThroughCdb(
_In_ PIRP Irp
);
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, DeviceIsPlayActive)
#pragma alloc_text(PAGE, RequestHandleGetDvdRegion)
#pragma alloc_text(PAGE, RequestHandleReadTOC)
#pragma alloc_text(PAGE, RequestHandleReadTocEx)
#pragma alloc_text(PAGE, RequestHandleGetConfiguration)
#pragma alloc_text(PAGE, RequestHandleGetDriveGeometry)
#pragma alloc_text(PAGE, RequestHandleDiskVerify)
#pragma alloc_text(PAGE, RequestHandleCheckVerify)
#pragma alloc_text(PAGE, RequestHandleFakePartitionInfo)
#pragma alloc_text(PAGE, RequestHandleEjectionControl)
#pragma alloc_text(PAGE, RequestHandleEnableStreaming)
#pragma alloc_text(PAGE, RequestHandleSendOpcInformation)
#pragma alloc_text(PAGE, RequestHandleGetPerformance)
#pragma alloc_text(PAGE, RequestHandleMcnSyncFakeIoctl)
#pragma alloc_text(PAGE, RequestHandleLoadEjectMedia)
#pragma alloc_text(PAGE, RequestHandleReserveRelease)
#pragma alloc_text(PAGE, RequestHandlePersistentReserve)
#pragma alloc_text(PAGE, DeviceHandleRawRead)
#pragma alloc_text(PAGE, DeviceHandlePlayAudioMsf)
#pragma alloc_text(PAGE, DeviceHandleReadQChannel)
#pragma alloc_text(PAGE, ReadQChannel)
#pragma alloc_text(PAGE, DeviceHandlePauseAudio)
#pragma alloc_text(PAGE, DeviceHandleResumeAudio)
#pragma alloc_text(PAGE, DeviceHandleSeekAudioMsf)
#pragma alloc_text(PAGE, DeviceHandleStopAudio)
#pragma alloc_text(PAGE, DeviceHandleGetSetVolume)
#pragma alloc_text(PAGE, DeviceHandleReadDvdStructure)
#pragma alloc_text(PAGE, ReadDvdStructure)
#pragma alloc_text(PAGE, DeviceHandleDvdEndSession)
#pragma alloc_text(PAGE, DeviceHandleDvdStartSessionReadKey)
#pragma alloc_text(PAGE, DvdStartSessionReadKey)
#pragma alloc_text(PAGE, DeviceHandleDvdSendKey)
#pragma alloc_text(PAGE, DvdSendKey)
#pragma alloc_text(PAGE, DeviceHandleSetReadAhead)
#pragma alloc_text(PAGE, DeviceHandleSetSpeed)
#pragma alloc_text(PAGE, RequestHandleExclusiveAccessQueryLockState)
#pragma alloc_text(PAGE, RequestHandleExclusiveAccessLockDevice)
#pragma alloc_text(PAGE, RequestHandleExclusiveAccessUnlockDevice)
#pragma alloc_text(PAGE, RequestHandleScsiPassThrough)
#pragma alloc_text(PAGE, RequestGetScsiPassThroughCdb)
#pragma alloc_text(PAGE, GetConfigurationDataConversionTypeAllToTypeOne)
#pragma alloc_text(PAGE, GetConfigurationDataSynthesize)
#endif
NTSTATUS
RequestHandleUnknownIoctl(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
All unknown IOCTLs will be forward to lower level driver.
Arguments:
Device - device object
Request - request to be handled
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PCDROM_REQUEST_CONTEXT requestContext = RequestGetContext(Request);
BOOLEAN syncRequired = requestContext->SyncRequired;
ULONG sendOptionsFlags = 0;
BOOLEAN requestSent = FALSE;
WdfRequestFormatRequestUsingCurrentType(Request);
if (syncRequired)
{
sendOptionsFlags = WDF_REQUEST_SEND_OPTION_SYNCHRONOUS;
}
else
{
WdfRequestSetCompletionRoutine(Request, RequestDummyCompletionRoutine, NULL);
}
status = RequestSend(deviceExtension,
Request,
deviceExtension->IoTarget,
sendOptionsFlags,
&requestSent);
if (requestSent)
{
if (syncRequired)
{
// the request needs to be completed here.
RequestCompletion(deviceExtension, Request, status, WdfRequestGetInformation(Request));
}
}
else
{
// failed to send the request to IoTarget
RequestCompletion(deviceExtension, Request, status, WdfRequestGetInformation(Request));
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
BOOLEAN
DeviceIsPlayActive(
_In_ WDFDEVICE Device
)
/*++
Routine Description:
This routine determines if the cd is currently playing music.
Arguments:
Device - Device object.
Return Value:
BOOLEAN - TRUE if the device is playing music.
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PSUB_Q_CURRENT_POSITION currentBuffer;
size_t bytesRead = 0;
PAGED_CODE ();
// if we don't think it is playing audio, don't bother checking.
if (!deviceExtension->DeviceAdditionalData.PlayActive)
{
return FALSE;
}
// Allocate the required memory
NT_ASSERT(sizeof(SUB_Q_CURRENT_POSITION) >= sizeof(CDROM_SUB_Q_DATA_FORMAT));
currentBuffer = ExAllocatePoolWithTag(NonPagedPoolNxCacheAligned,
sizeof(SUB_Q_CURRENT_POSITION),
CDROM_TAG_PLAY_ACTIVE);
if (currentBuffer == NULL)
{
return FALSE;
}
// set the options in the output buffer format
((PCDROM_SUB_Q_DATA_FORMAT) currentBuffer)->Format = IOCTL_CDROM_CURRENT_POSITION;
((PCDROM_SUB_Q_DATA_FORMAT) currentBuffer)->Track = 0;
// Send SCSI command to read Q Channel information.
status = ReadQChannel(deviceExtension,
NULL,
currentBuffer,
sizeof(CDROM_SUB_Q_DATA_FORMAT),
currentBuffer,
sizeof(SUB_Q_CURRENT_POSITION),
&bytesRead);
if (!NT_SUCCESS(status))
{
ExFreePool(currentBuffer);
return FALSE;
}
// update the playactive flag appropriately
if (currentBuffer->Header.AudioStatus == AUDIO_STATUS_IN_PROGRESS)
{
deviceExtension->DeviceAdditionalData.PlayActive = TRUE;
}
else
{
deviceExtension->DeviceAdditionalData.PlayActive = FALSE;
}
ExFreePool(currentBuffer);
return deviceExtension->DeviceAdditionalData.PlayActive;
}
NTSTATUS
RequestHandleGetInquiryData(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength)
/*++
Routine Description:
Handler for IOCTL_CDROM_GET_INQUIRY_DATA
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength == 0)
{
status = STATUS_BUFFER_TOO_SMALL;
}
else
{
PVOID outputBuffer = NULL;
*DataLength = min(cdData->CachedInquiryDataByteCount,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength);
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
if (NT_SUCCESS(status) &&
(outputBuffer != NULL))
{
// Always copy as much data as possible
RtlCopyMemory(outputBuffer,
cdData->CachedInquiryData,
*DataLength);
}
// and finally decide between two possible status values
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < cdData->CachedInquiryDataByteCount)
{
status = STATUS_BUFFER_OVERFLOW;
}
}
return status;
}
NTSTATUS
RequestHandleGetMediaTypeEx(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handler for IOCTL_STORAGE_GET_MEDIA_TYPES_EX
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PGET_MEDIA_TYPES mediaTypes = NULL;
PDEVICE_MEDIA_INFO mediaInfo = NULL; //&mediaTypes->MediaInfo[0];
ULONG sizeNeeded = 0;
PZERO_POWER_ODD_INFO zpoddInfo = DeviceExtension->ZeroPowerODDInfo;
*DataLength = 0;
// Must run below dispatch level.
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
{
NT_ASSERT(FALSE);
return STATUS_INVALID_LEVEL;
}
sizeNeeded = sizeof(GET_MEDIA_TYPES);
// IsMmc is static...
if (cdData->Mmc.IsMmc)
{
sizeNeeded += sizeof(DEVICE_MEDIA_INFO) * 1; // return two media types
}
status = WdfRequestRetrieveOutputBuffer(Request,
sizeNeeded,
(PVOID*)&mediaTypes,
NULL);
if (NT_SUCCESS(status) &&
(mediaTypes != NULL))
{
mediaInfo = &mediaTypes->MediaInfo[0];
RtlZeroMemory(mediaTypes, sizeNeeded);
// ISSUE-2000/5/11-henrygab - need to update GET_MEDIA_TYPES_EX
mediaTypes->DeviceType = cdData->DriveDeviceType;
mediaTypes->MediaInfoCount = 1;
mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaType = CD_ROM;
mediaInfo->DeviceSpecific.RemovableDiskInfo.NumberMediaSides = 1;
mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics = MEDIA_READ_ONLY;
mediaInfo->DeviceSpecific.RemovableDiskInfo.Cylinders.QuadPart = DeviceExtension->DiskGeometry.Cylinders.QuadPart;
mediaInfo->DeviceSpecific.RemovableDiskInfo.TracksPerCylinder = DeviceExtension->DiskGeometry.TracksPerCylinder;
mediaInfo->DeviceSpecific.RemovableDiskInfo.SectorsPerTrack = DeviceExtension->DiskGeometry.SectorsPerTrack;
mediaInfo->DeviceSpecific.RemovableDiskInfo.BytesPerSector = DeviceExtension->DiskGeometry.BytesPerSector;
if (cdData->Mmc.IsMmc)
{
// also report a removable disk
mediaTypes->MediaInfoCount += 1;
mediaInfo++;
mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaType = RemovableMedia;
mediaInfo->DeviceSpecific.RemovableDiskInfo.NumberMediaSides = 1;
mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics = MEDIA_READ_WRITE;
mediaInfo->DeviceSpecific.RemovableDiskInfo.Cylinders.QuadPart = DeviceExtension->DiskGeometry.Cylinders.QuadPart;
mediaInfo->DeviceSpecific.RemovableDiskInfo.TracksPerCylinder = DeviceExtension->DiskGeometry.TracksPerCylinder;
mediaInfo->DeviceSpecific.RemovableDiskInfo.SectorsPerTrack = DeviceExtension->DiskGeometry.SectorsPerTrack;
mediaInfo->DeviceSpecific.RemovableDiskInfo.BytesPerSector = DeviceExtension->DiskGeometry.BytesPerSector;
mediaInfo--;
}
// Status will either be success, if media is present, or no media.
// It would be optimal to base from density code and medium type, but not all devices
// have values for these fields.
// Send a TUR to determine if media is present, only if the device is not in ZPODD mode.
if ((!EXCLUSIVE_MODE(cdData) ||
EXCLUSIVE_OWNER(cdData, WdfRequestGetFileObject(Request))) &&
((zpoddInfo == NULL) ||
(zpoddInfo->InZeroPowerState == FALSE)))
{
SCSI_REQUEST_BLOCK srb;
PCDB cdb = (PCDB)srb.Cdb;
RtlZeroMemory(&srb,sizeof(SCSI_REQUEST_BLOCK));
srb.CdbLength = 6;
cdb->CDB6GENERIC.OperationCode = SCSIOP_TEST_UNIT_READY;
srb.TimeOutValue = CDROM_TEST_UNIT_READY_TIMEOUT;
status = DeviceSendSrbSynchronously(DeviceExtension->Device,
&srb,
NULL,
0,
FALSE,
Request);
if (NT_SUCCESS(status))
{
// set the disk's media as current if we can write to it.
if (cdData->Mmc.IsMmc && cdData->Mmc.WriteAllowed)
{
mediaInfo++;
SET_FLAG(mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics,
MEDIA_CURRENTLY_MOUNTED);
mediaInfo--;
}
else
{
SET_FLAG(mediaInfo->DeviceSpecific.RemovableDiskInfo.MediaCharacteristics,
MEDIA_CURRENTLY_MOUNTED);
}
}
else
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"RequestHandleGetMediaTypeEx: GET_MEDIA_TYPES status of TUR - %lx\n", status));
}
}
// per legacy cdrom behavior, always return success
status = STATUS_SUCCESS;
}
*DataLength = sizeNeeded;
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleGetDvdRegion(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handler for IOCTL_DVD_GET_REGION
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PVOID outputBuffer = NULL;
size_t bytesReturned = 0;
PDVD_COPY_PROTECT_KEY copyProtectKey = NULL;
ULONG keyLength = 0;
PDVD_DESCRIPTOR_HEADER dvdHeader;
PDVD_COPYRIGHT_DESCRIPTOR copyRightDescriptor;
PDVD_REGION dvdRegion = NULL;
PDVD_READ_STRUCTURE readStructure = NULL;
PDVD_RPC_KEY rpcKey;
PAGED_CODE ();
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,
"RequestHandleGetDvdRegion: [%p] IOCTL_DVD_GET_REGION\n", Request));
*DataLength = 0;
// reject the request if it's not a DVD device.
if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
sizeof(DVD_REGION),
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
// figure out how much data buffer we need
keyLength = max((sizeof(DVD_DESCRIPTOR_HEADER) + sizeof(DVD_COPYRIGHT_DESCRIPTOR)),
sizeof(DVD_READ_STRUCTURE));
keyLength = max(keyLength,
DVD_RPC_KEY_LENGTH);
// round the size to nearest ULONGLONG -- why?
// could this be to deal with device alignment issues?
keyLength += sizeof(ULONGLONG) - (keyLength & (sizeof(ULONGLONG) - 1));
readStructure = ExAllocatePoolWithTag(NonPagedPoolNx,
keyLength,
DVD_TAG_READ_KEY);
if (readStructure == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
}
if (NT_SUCCESS(status))
{
RtlZeroMemory (readStructure, keyLength);
readStructure->Format = DvdCopyrightDescriptor;
// use READ_STRUCTURE to read copyright descriptor
status = ReadDvdStructure(DeviceExtension,
Request,
readStructure,
keyLength,
readStructure,
sizeof(DVD_DESCRIPTOR_HEADER) + sizeof(DVD_COPYRIGHT_DESCRIPTOR),
&bytesReturned);
}
if (NT_SUCCESS(status))
{
// we got the copyright descriptor, so now get the region if possible
dvdHeader = (PDVD_DESCRIPTOR_HEADER) readStructure;
copyRightDescriptor = (PDVD_COPYRIGHT_DESCRIPTOR) dvdHeader->Data;
// the original irp's systembuffer has a copy of the info that
// should be passed down in the request
dvdRegion = outputBuffer;
dvdRegion->CopySystem = copyRightDescriptor->CopyrightProtectionType;
dvdRegion->RegionData = copyRightDescriptor->RegionManagementInformation;
// now reuse the buffer to request the copy protection info
copyProtectKey = (PDVD_COPY_PROTECT_KEY) readStructure;
RtlZeroMemory (copyProtectKey, DVD_RPC_KEY_LENGTH);
copyProtectKey->KeyLength = DVD_RPC_KEY_LENGTH;
copyProtectKey->KeyType = DvdGetRpcKey;
// send a request for READ_KEY
status = DvdStartSessionReadKey(DeviceExtension,
IOCTL_DVD_READ_KEY,
Request,
copyProtectKey,
DVD_RPC_KEY_LENGTH,
copyProtectKey,
DVD_RPC_KEY_LENGTH,
&bytesReturned);
}
if (NT_SUCCESS(status))
{
// the request succeeded. if a supported scheme is returned,
// then return the information to the caller
rpcKey = (PDVD_RPC_KEY) copyProtectKey->KeyData;
if (rpcKey->RpcScheme == 1)
{
if (rpcKey->TypeCode)
{
dvdRegion->SystemRegion = ~rpcKey->RegionMask;
dvdRegion->ResetCount = rpcKey->UserResetsAvailable;
}
else
{
// the drive has not been set for any region
dvdRegion->SystemRegion = 0;
dvdRegion->ResetCount = rpcKey->UserResetsAvailable;
}
*DataLength = sizeof(DVD_REGION);
}
else
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestHandleGetDvdRegion => rpcKey->RpcScheme != 1\n"));
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
// Clean up
if (readStructure != NULL)
{
ExFreePool(readStructure);
}
return status;
}
NTSTATUS
RequestValidateRawRead(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_RAW_READ
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PVOID inputBuffer = NULL;
PIRP irp = NULL;
PIO_STACK_LOCATION currentStack = NULL;
LARGE_INTEGER startingOffset = {0};
ULONGLONG transferBytes = 0;
ULONGLONG endOffset;
ULONGLONG mdlBytes;
RAW_READ_INFO rawReadInfo = {0};
*DataLength = 0;
irp = WdfRequestWdmGetIrp(Request);
currentStack = IoGetCurrentIrpStackLocation(irp);
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
// Check that ending sector is on disc and buffers are there and of
// correct size.
if (NT_SUCCESS(status) &&
(RequestParameters.Parameters.DeviceIoControl.Type3InputBuffer == NULL))
{
// This is a call from user space. This is the only time that we need to validate parameters.
// Validate the input and get the input buffer into Type3InputBuffer
// so the rest of the code will be uniform.
if (inputBuffer != NULL)
{
currentStack->Parameters.DeviceIoControl.Type3InputBuffer = inputBuffer;
RequestParameters.Parameters.DeviceIoControl.Type3InputBuffer = inputBuffer;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(RAW_READ_INFO))
{
*DataLength = sizeof(RAW_READ_INFO);
status = STATUS_BUFFER_TOO_SMALL;
}
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
// Since this ioctl is METHOD_OUT_DIRECT, we need to copy away the input buffer before interpreting it.
// This prevents a malicious app from messing with the input buffer while we are interpreting it.
rawReadInfo = *(PRAW_READ_INFO)RequestParameters.Parameters.DeviceIoControl.Type3InputBuffer;
startingOffset.QuadPart = rawReadInfo.DiskOffset.QuadPart;
if ((rawReadInfo.TrackMode == CDDA) ||
(rawReadInfo.TrackMode == YellowMode2) ||
(rawReadInfo.TrackMode == XAForm2) )
{
transferBytes = (ULONGLONG)rawReadInfo.SectorCount * RAW_SECTOR_SIZE;
}
else if (rawReadInfo.TrackMode == RawWithSubCode)
{
transferBytes = (ULONGLONG)rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_SUBCODE_SIZE;
}
else if (rawReadInfo.TrackMode == RawWithC2)
{
transferBytes = (ULONGLONG)rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_C2_SIZE;
}
else if (rawReadInfo.TrackMode == RawWithC2AndSubCode)
{
transferBytes = (ULONGLONG)rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_C2_AND_SUBCODE_SIZE;
}
else
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid TrackMode type %x for XA read\n",
rawReadInfo.TrackMode
));
}
endOffset = (ULONGLONG)rawReadInfo.SectorCount * COOKED_SECTOR_SIZE;
endOffset += startingOffset.QuadPart;
// check for overflows....
if (rawReadInfo.SectorCount == 0)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for XA "
"Read (zero sectors requested)\n"));
status = STATUS_INVALID_PARAMETER;
}
else if (transferBytes < (ULONGLONG)(rawReadInfo.SectorCount))
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for XA "
"Read (TransferBytes Overflow)\n"));
status = STATUS_INVALID_PARAMETER;
}
else if (endOffset < (ULONGLONG)startingOffset.QuadPart)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for XA "
"Read (EndingOffset Overflow)\n"));
status = STATUS_INVALID_PARAMETER;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < transferBytes)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for XA "
"Read (Bad buffer size)\n"));
status = STATUS_INVALID_PARAMETER;
}
else if (endOffset > (ULONGLONG)DeviceExtension->PartitionLength.QuadPart)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for XA "
"Read (Request Out of Bounds)\n"));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
// cannot validate the MdlAddress, since it is not included in any
// other location per the DDK and file system calls.
// validate the mdl describes at least the number of bytes
// requested from us.
mdlBytes = (ULONGLONG)MmGetMdlByteCount(irp->MdlAddress);
if (mdlBytes < transferBytes)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid MDL %s, Irp %p\n",
"size (5)", irp));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
// check the buffer for alignment
// This is important for x86 as some busses (ie ATAPI)
// require word-aligned buffers.
if ( ((ULONG_PTR)MmGetMdlVirtualAddress(irp->MdlAddress)) &
DeviceExtension->AdapterDescriptor->AlignmentMask )
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: Invalid I/O parameters for "
"XA Read (Buffer %p not aligned with mask %x\n",
RequestParameters.Parameters.DeviceIoControl.Type3InputBuffer,
DeviceExtension->AdapterDescriptor->AlignmentMask));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
// Validate the request is not too large for the adapter
BOOLEAN bufferIsPageAligned = FALSE;
ULONG maxLength = 0;
// if buffer is not page-aligned, then subtract one as the
// transfer could cross a page boundary.
if ((((ULONG_PTR)MmGetMdlVirtualAddress(irp->MdlAddress)) & (PAGE_SIZE-1)) == 0)
{
bufferIsPageAligned = TRUE;
}
if (bufferIsPageAligned)
{
maxLength = cdData->MaxPageAlignedTransferBytes;
}
else
{
maxLength = cdData->MaxUnalignedTransferBytes;
}
if (transferBytes > maxLength)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestValidateRawRead: The XA Read (type %x) would require %I64x bytes, "
"but the adapter can only handle %x bytes (for a%saligned buffer)\n",
rawReadInfo.TrackMode,
transferBytes,
maxLength,
(bufferIsPageAligned ? " " : "n un")
));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
//
// HACKHACK - REF #0001
// The retry count will be in this irp's IRP_MN function,
// as the new irp was freed, and we therefore cannot use
// this irp's next stack location for this function.
// This may be a good location to store this info for
// when we remove RAW_READ (mode switching), as we will
// no longer have the nextIrpStackLocation to play with
// when that occurs
//
currentStack->MinorFunction = MAXIMUM_RETRIES; // HACKHACK - REF #0001
}
return status;
}
NTSTATUS
RequestValidateReadTocEx(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_READ_TOC_EX
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_READ_TOC_EX inputBuffer = NULL;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_READ_TOC_EX))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
MINIMUM_CDROM_READ_TOC_EX_SIZE)
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = MINIMUM_CDROM_READ_TOC_EX_SIZE;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >
((USHORT)-1))
{
status = STATUS_INVALID_PARAMETER;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
status = STATUS_INVALID_PARAMETER;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if ((inputBuffer->Reserved1 != 0) ||
(inputBuffer->Reserved2 != 0) ||
(inputBuffer->Reserved3 != 0))
{
status = STATUS_INVALID_PARAMETER;
}
// NOTE: when adding new formats, ensure that first two bytes
// specify the amount of additional data available.
else if ((inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_TOC ) ||
(inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_FULL_TOC) ||
(inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_CDTEXT ))
{
// SessionTrack field is used
}
else if ((inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_SESSION) ||
(inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_PMA) ||
(inputBuffer->Format == CDROM_READ_TOC_EX_FORMAT_ATIP))
{
// SessionTrack field is reserved
if (inputBuffer->SessionTrack != 0)
{
status = STATUS_INVALID_PARAMETER;
}
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateReadToc(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_READ_TOC
Arguments:
DeviceExtension - device context
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(CDROM_TOC))
{
// they didn't request the entire TOC -- use _EX version
// for partial transfers and such.
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(CDROM_TOC);
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
status = STATUS_INVALID_PARAMETER;
}
return status;
}
NTSTATUS
RequestValidateGetLastSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_GET_LAST_SESSION
Arguments:
DeviceExtension - device context
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(CDROM_TOC_SESSION_DATA))
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(CDROM_TOC_SESSION_DATA);
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
status = STATUS_INVALID_PARAMETER;
}
return status;
}
NTSTATUS
RequestValidateReadQChannel(
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_READ_Q_CHANNEL
Arguments:
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_SUB_Q_DATA_FORMAT inputBuffer = NULL;
ULONG transferByteCount = 0;
*DataLength = 0;
if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_SUB_Q_DATA_FORMAT))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
// check for all valid types of request
if (inputBuffer->Format == IOCTL_CDROM_CURRENT_POSITION)
{
transferByteCount = sizeof(SUB_Q_CURRENT_POSITION);
}
else if (inputBuffer->Format == IOCTL_CDROM_MEDIA_CATALOG)
{
transferByteCount = sizeof(SUB_Q_MEDIA_CATALOG_NUMBER);
}
else if (inputBuffer->Format == IOCTL_CDROM_TRACK_ISRC)
{
transferByteCount = sizeof(SUB_Q_TRACK_ISRC);
}
else
{
// Format not valid
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
transferByteCount)
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = transferByteCount;
}
}
return status;
}
NTSTATUS
RequestValidateDvdReadStructure(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_DVD_READ_STRUCTURE
Arguments:
DeviceExtension - device context
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if (NT_SUCCESS(status))
{
if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(DVD_READ_STRUCTURE))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestValidateDvdReadStructure - input buffer "
"length too small (was %d should be %d)\n",
(int)RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
sizeof(DVD_READ_STRUCTURE)));
status = STATUS_INVALID_PARAMETER;
}
else if(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(READ_DVD_STRUCTURES_HEADER))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestValidateDvdReadStructure - output buffer "
"cannot hold header information\n"));
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(READ_DVD_STRUCTURES_HEADER);
}
else if(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >
MAXUSHORT)
{
// key length must fit in two bytes
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestValidateDvdReadStructure - output buffer "
"too large\n"));
status = STATUS_INVALID_PARAMETER;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
status = STATUS_INVALID_PARAMETER;
}
else if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
// reject the request if it's not a DVD device.
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
return status;
}
NTSTATUS
RequestValidateDvdStartSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_DVD_START_SESSION
Arguments:
DeviceExtension - device context
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if (NT_SUCCESS(status))
{
if(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(DVD_SESSION_ID))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestValidateDvdStartSession: DVD_START_SESSION - output "
"buffer too small\n"));
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(DVD_SESSION_ID);
}
else if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
// reject the request if it's not a DVD device.
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
return status;
}
NTSTATUS
RequestValidateDvdSendKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_DVD_SEND_KEY, IOCTL_DVD_SEND_KEY2
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_COPY_PROTECT_KEY key = NULL;
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&key,
NULL);
if (NT_SUCCESS(status))
{
if((RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(DVD_COPY_PROTECT_KEY)) ||
(RequestParameters.Parameters.DeviceIoControl.InputBufferLength != key->KeyLength))
{
//
// Key is too small to have a header or the key length doesn't
// match the input buffer length. Key must be invalid
//
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestValidateDvdSendKey: [%p] IOCTL_DVD_SEND_KEY - "
"key is too small or does not match KeyLength\n",
Request));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
// allow only certain key type (non-destructive) to go through
// IOCTL_DVD_SEND_KEY (which only requires READ access to the device)
if (RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_DVD_SEND_KEY)
{
if ((key->KeyType != DvdChallengeKey) &&
(key->KeyType != DvdBusKey2) &&
(key->KeyType != DvdInvalidateAGID))
{
status = STATUS_INVALID_PARAMETER;
}
}
else if ((key->KeyType != DvdChallengeKey) &&
(key->KeyType != DvdBusKey1) &&
(key->KeyType != DvdBusKey2) &&
(key->KeyType != DvdTitleKey) &&
(key->KeyType != DvdAsf) &&
(key->KeyType != DvdSetRpcKey) &&
(key->KeyType != DvdGetRpcKey) &&
(key->KeyType != DvdDiskKey) &&
(key->KeyType != DvdInvalidateAGID))
{
status = STATUS_INVALID_PARAMETER;
}
else if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
// reject the request if it's not a DVD device.
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
return status;
}
NTSTATUS
RequestValidateGetConfiguration(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_GET_CONFIGURATION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(GET_CONFIGURATION_HEADER))
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(GET_CONFIGURATION_HEADER);
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > 0xffff)
{
// output buffer is too large
status = STATUS_INVALID_BUFFER_SIZE;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
// buffer is not proper size multiple
status = STATUS_INVALID_PARAMETER;
}
if (NT_SUCCESS(status))
{
#if BUILD_WOW64_ENABLED && defined(_WIN64)
if (WdfRequestIsFrom32BitProcess(Request))
{
PGET_CONFIGURATION_IOCTL_INPUT32 inputBuffer = NULL;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(GET_CONFIGURATION_IOCTL_INPUT32))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
//
// also verify the arguments are reasonable.
//
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->Feature > 0xffff)
{
status = STATUS_INVALID_PARAMETER;
}
else if ((inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE) &&
(inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_CURRENT) &&
(inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_ALL))
{
status = STATUS_INVALID_PARAMETER;
}
else if (inputBuffer->Reserved[0] || inputBuffer->Reserved[1])
{
status = STATUS_INVALID_PARAMETER;
}
}
}
else
#endif
{
PGET_CONFIGURATION_IOCTL_INPUT inputBuffer = NULL;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(GET_CONFIGURATION_IOCTL_INPUT))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
// also verify the arguments are reasonable.
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->Feature > 0xffff)
{
status = STATUS_INVALID_PARAMETER;
}
else if ((inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE) &&
(inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_CURRENT) &&
(inputBuffer->RequestType != SCSI_GET_CONFIGURATION_REQUEST_TYPE_ALL))
{
status = STATUS_INVALID_PARAMETER;
}
else if (inputBuffer->Reserved[0] || inputBuffer->Reserved[1])
{
status = STATUS_INVALID_PARAMETER;
}
}
}
}
return status;
}
NTSTATUS
RequestValidateSetSpeed(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_SET_SPEED
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PCDROM_SET_SPEED inputBuffer = NULL;
ULONG requiredLength = 0;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(CDROM_SET_SPEED))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
// Get the request type using CDROM_SET_SPEED structure
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_SET_SPEED),
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->RequestType > CdromSetStreaming)
{
// Unknown request type.
status = STATUS_INVALID_PARAMETER;
}
else if (inputBuffer->RequestType == CdromSetSpeed)
{
requiredLength = sizeof(CDROM_SET_SPEED);
}
else
{
// Don't send SET STREAMING command if this is not a MMC compliant device
if (cdData->Mmc.IsMmc == FALSE)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
requiredLength = sizeof(CDROM_SET_STREAMING);
}
}
if (NT_SUCCESS(status))
{
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength < requiredLength)
{
// Input buffer too small
status = STATUS_INFO_LENGTH_MISMATCH;
}
}
return status;
}
NTSTATUS
RequestValidateAacsReadMediaKeyBlock(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_READ_MEDIA_KEY_BLOCK
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PAACS_LAYER_NUMBER layerNumber = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(AACS_LAYER_NUMBER))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < 8)
{
// This is a variable-length structure, but we're pretty sure
// it can never be less than eight bytes...
*DataLength = 8;
status = STATUS_BUFFER_TOO_SMALL;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&layerNumber,
NULL);
}
if (NT_SUCCESS(status))
{
if (*layerNumber > 255)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsStartSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_START_SESSION
Arguments:
DeviceExtension - device context
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(DVD_SESSION_ID))
{
*DataLength = sizeof(DVD_SESSION_ID);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(DVD_SESSION_ID))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
return status;
}
NTSTATUS
RequestValidateAacsSendCertificate(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_SEND_CERTIFICATE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PAACS_SEND_CERTIFICATE inputBuffer = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(AACS_SEND_CERTIFICATE))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->SessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsGetCertificate(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_GET_CERTIFICATE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PDVD_SESSION_ID sessionId = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_CERTIFICATE))
{
*DataLength = sizeof(AACS_CERTIFICATE);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_CERTIFICATE))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
}
if (NT_SUCCESS(status))
{
if (*sessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsGetChallengeKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_GET_CHALLENGE_KEY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PDVD_SESSION_ID sessionId = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_CHALLENGE_KEY))
{
*DataLength = sizeof(AACS_CHALLENGE_KEY);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_CHALLENGE_KEY))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
}
if (NT_SUCCESS(status))
{
if (*sessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsSendChallengeKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_SEND_CHALLENGE_KEY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PAACS_SEND_CHALLENGE_KEY inputBuffer = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(AACS_SEND_CHALLENGE_KEY))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->SessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsReadVolumeId(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_READ_VOLUME_ID
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PDVD_SESSION_ID sessionId = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_VOLUME_ID))
{
*DataLength = sizeof(AACS_VOLUME_ID);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_VOLUME_ID))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
}
if (NT_SUCCESS(status))
{
if (*sessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsReadSerialNumber(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_READ_SERIAL_NUMBER
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PDVD_SESSION_ID sessionId = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_SERIAL_NUMBER))
{
*DataLength = sizeof(AACS_SERIAL_NUMBER);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_SERIAL_NUMBER))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
}
if (NT_SUCCESS(status))
{
if (*sessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsReadMediaId(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_READ_MEDIA_ID
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PDVD_SESSION_ID sessionId = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_MEDIA_ID))
{
*DataLength = sizeof(AACS_MEDIA_ID);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_MEDIA_ID))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
}
if (NT_SUCCESS(status))
{
if (*sessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsBindingNonce(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_READ_BINDING_NONCE
IOCTL_AACS_GENERATE_BINDING_NONCE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PAACS_READ_BINDING_NONCE inputBuffer = NULL;
*DataLength = 0;
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(AACS_READ_BINDING_NONCE))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(AACS_BINDING_NONCE))
{
*DataLength = sizeof(AACS_BINDING_NONCE);
status = STATUS_BUFFER_TOO_SMALL;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength > sizeof(AACS_BINDING_NONCE))
{
status = STATUS_INVALID_BUFFER_SIZE;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->SessionId > MAX_COPY_PROTECT_AGID)
{
status = STATUS_INVALID_PARAMETER;
}
else if (inputBuffer->NumberOfSectors > 255)
{
status = STATUS_INVALID_PARAMETER;
}
else if (inputBuffer->StartLba > MAXULONG)
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateExclusiveAccess(
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_CDROM_EXCLUSIVE_ACCESS
Arguments:
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_EXCLUSIVE_ACCESS exclusiveAccess = NULL;
*DataLength = 0;
if (KeGetCurrentIrql() != PASSIVE_LEVEL)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "RequestValidateExclusiveAccess: IOCTL must be called at passive level.\n"));
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(CDROM_EXCLUSIVE_ACCESS))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "RequestValidateExclusiveAccess: Input buffer too small\n"));
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&exclusiveAccess,
NULL);
}
if (NT_SUCCESS(status))
{
switch (exclusiveAccess->RequestType)
{
case ExclusiveAccessQueryState:
{
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(CDROM_EXCLUSIVE_LOCK_STATE))
{
//
// Output buffer too small.
//
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "RequestValidateExclusiveAccess: Output buffer too small\n"));
*DataLength = sizeof(CDROM_EXCLUSIVE_LOCK_STATE);
status = STATUS_BUFFER_TOO_SMALL;
}
break;
}
case ExclusiveAccessLockDevice:
{
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_EXCLUSIVE_LOCK))
{
//
// Input buffer too small
//
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "RequestValidateExclusiveAccess: Input buffer too small\n"));
status = STATUS_INFO_LENGTH_MISMATCH;
}
break;
}
case ExclusiveAccessUnlockDevice:
{
//
// Nothing to check
//
break;
}
default:
{
//
// Unknown request type.
//
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "RequestValidateExclusiveAccess: Invalid request type\n"));
status = STATUS_INVALID_PARAMETER;
}
}
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleExclusiveAccessQueryLockState(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_EXCLUSIVE_ACCESS with ExclusiveAccessQueryState
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PCDROM_DATA cdData = &deviceExtension->DeviceAdditionalData;
PCDROM_EXCLUSIVE_LOCK_STATE exclusiveLockState = NULL;
PAGED_CODE();
status = WdfRequestRetrieveOutputBuffer(Request,
sizeof(CDROM_EXCLUSIVE_LOCK_STATE),
&exclusiveLockState,
NULL);
NT_ASSERT(NT_SUCCESS(status));
RtlZeroMemory(exclusiveLockState, sizeof(CDROM_EXCLUSIVE_LOCK_STATE));
if (EXCLUSIVE_MODE(cdData))
{
// Device is locked for exclusive use
exclusiveLockState->LockState = TRUE;
RtlCopyMemory(&exclusiveLockState->CallerName,
&cdData->CallerName,
CDROM_EXCLUSIVE_CALLER_LENGTH);
}
else
{
// Device is not locked
exclusiveLockState->LockState = FALSE;
}
RequestCompletion(deviceExtension, Request, status, sizeof(CDROM_EXCLUSIVE_LOCK_STATE));
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleExclusiveAccessLockDevice(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_EXCLUSIVE_ACCESS with ExclusiveAccessLockDevice
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PCDROM_DATA cdData = &deviceExtension->DeviceAdditionalData;
PCDROM_EXCLUSIVE_LOCK exclusiveLock = NULL;
PIO_ERROR_LOG_PACKET logEntry;
WDFFILEOBJECT fileObject = NULL;
ULONG idx = 0;
ULONG nameLength = 0;
PAGED_CODE();
fileObject = WdfRequestGetFileObject(Request);
if (fileObject == NULL)
{
status = STATUS_INVALID_HANDLE;
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: FileObject is NULL, cannot grant exclusive access\n"));
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_EXCLUSIVE_LOCK),
&exclusiveLock,
NULL);
}
if (NT_SUCCESS(status))
{
// Validate the caller name string
for (idx = 0; (idx < CDROM_EXCLUSIVE_CALLER_LENGTH) && (exclusiveLock->CallerName[idx] != '\0'); idx++)
{
if (!ValidChar(exclusiveLock->CallerName[idx]))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: Invalid characters in caller name\n"));
// error out
status = STATUS_INVALID_PARAMETER;
break;
}
}
}
if (NT_SUCCESS(status))
{
if ((idx == 0) || (idx >= CDROM_EXCLUSIVE_CALLER_LENGTH))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: Not a valid null terminated string.\n"));
//error out
status = STATUS_INVALID_PARAMETER;
}
else
{
nameLength = idx+1; // Add 1 for the NULL character
NT_ASSERT(nameLength <= CDROM_EXCLUSIVE_CALLER_LENGTH);
}
}
// If the file system is still mounted on this device fail the request,
// unless the force lock flag is set.
if (NT_SUCCESS(status))
{
if ((TEST_FLAG(exclusiveLock->Access.Flags, CDROM_LOCK_IGNORE_VOLUME) == FALSE) &&
IsVolumeMounted(deviceExtension->DeviceObject))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: Unable to lock device, file system mounted\n"));
status = STATUS_INVALID_DEVICE_STATE;
}
}
// Lock the device for exclusive access if the device is not already locked
if (NT_SUCCESS(status))
{
if (InterlockedCompareExchangePointer((PVOID)&cdData->ExclusiveOwner, (PVOID)fileObject, NULL) == NULL)
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: Entering exclusive mode! Device locked by file object %p\n", fileObject));
// Zero out the CallerName before storing it in the extension
RtlZeroMemory(&cdData->CallerName, CDROM_EXCLUSIVE_CALLER_LENGTH);
RtlCopyMemory(&cdData->CallerName,
&exclusiveLock->CallerName,
nameLength);
// Send Exclusive Lock notification
DeviceSendNotification(deviceExtension,
&GUID_IO_CDROM_EXCLUSIVE_LOCK,
0,
NULL);
// Log an informational event with the caller name
logEntry = IoAllocateErrorLogEntry(
deviceExtension->DeviceObject,
sizeof(IO_ERROR_LOG_PACKET) + CDROM_EXCLUSIVE_CALLER_LENGTH);
if (logEntry != NULL)
{
PUCHAR dumpDataPtr = (PUCHAR) logEntry->DumpData;
logEntry->FinalStatus = STATUS_SUCCESS;
logEntry->ErrorCode = IO_CDROM_EXCLUSIVE_LOCK;
logEntry->SequenceNumber = 0;
logEntry->MajorFunctionCode = IRP_MJ_DEVICE_CONTROL;
logEntry->IoControlCode = IOCTL_CDROM_EXCLUSIVE_ACCESS;
logEntry->RetryCount = 0;
logEntry->UniqueErrorValue = 0x1;
logEntry->DumpDataSize = CDROM_EXCLUSIVE_CALLER_LENGTH;
RtlCopyMemory(dumpDataPtr,
(PUCHAR)&cdData->CallerName,
CDROM_EXCLUSIVE_CALLER_LENGTH);
// Write the error log packet.
IoWriteErrorLogEntry(logEntry);
}
}
else
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessLockDevice: Unable to lock device, device already locked.\n"));
status = STATUS_ACCESS_DENIED;
}
}
RequestCompletion(deviceExtension, Request, status, 0);
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleExclusiveAccessUnlockDevice(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_EXCLUSIVE_ACCESS with ExclusiveAccessUnlockDevice
Arguments:
Device - device handle
Request - request to be handled
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PCDROM_EXCLUSIVE_ACCESS exclusiveAccess = NULL;
WDFFILEOBJECT fileObject = NULL;
PAGED_CODE();
fileObject = WdfRequestGetFileObject(Request);
if (fileObject == NULL)
{
// The device can be unlocked from exclusive mode only via the file object which locked it.
status = STATUS_INVALID_HANDLE;
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleExclusiveAccessUnlockDevice: FileObject is NULL, cannot release exclusive access\n"));
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(PCDROM_EXCLUSIVE_ACCESS),
&exclusiveAccess,
NULL);
}
if (NT_SUCCESS(status))
{
status = DeviceUnlockExclusive(deviceExtension, fileObject,
TEST_FLAG(exclusiveAccess->Flags, CDROM_NO_MEDIA_NOTIFICATIONS));
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "RequestHandleExclusiveAccessUnlockDevice: Device unlocked\n"));
}
RequestCompletion(deviceExtension, Request, status, 0);
return status;
}
NTSTATUS
RequestHandleQueryPropertyRetrieveCachedData(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_QUERY_PROPERTY when the required data is cached.
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PSTORAGE_PROPERTY_QUERY inputBuffer = NULL;
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
if (inputBuffer->PropertyId == StorageDeviceProperty)
{
// check output buffer length
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength == 0)
{
// According to MSDN, an output buffer of size 0 can be used to determine if a property exists
// so this must be a success case with no data transferred
*DataLength = 0;
status = STATUS_SUCCESS;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
{
// Buffer too small
*DataLength = DeviceExtension->DeviceDescriptor->Size;
status = STATUS_BUFFER_TOO_SMALL;
}
else
{
PSTORAGE_DEVICE_DESCRIPTOR outputDescriptor = NULL;
CHAR* localDescriptorBuffer = (CHAR*)DeviceExtension->DeviceDescriptor;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputDescriptor,
NULL);
if (NT_SUCCESS(status))
{
// transfer as much data out as the buffer will allow
*DataLength = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DeviceExtension->DeviceDescriptor->Size);
RtlCopyMemory(outputDescriptor,
DeviceExtension->DeviceDescriptor,
*DataLength);
// walk through and update offset variables to reflect data that didn't make it into the output buffer
if ((*DataLength >= RTL_SIZEOF_THROUGH_FIELD(STORAGE_DEVICE_DESCRIPTOR, VendorIdOffset)) &&
(DeviceExtension->DeviceDescriptor->VendorIdOffset != 0) &&
(DeviceExtension->DeviceDescriptor->VendorIdOffset != 0xFFFFFFFF))
{
// set VendorIdOffset appropriately
if (*DataLength <
(DeviceExtension->DeviceDescriptor->VendorIdOffset + strlen(localDescriptorBuffer + DeviceExtension->DeviceDescriptor->VendorIdOffset)))
{
outputDescriptor->VendorIdOffset = 0;
}
}
if ((*DataLength >= RTL_SIZEOF_THROUGH_FIELD(STORAGE_DEVICE_DESCRIPTOR, ProductIdOffset)) &&
(DeviceExtension->DeviceDescriptor->ProductIdOffset != 0) &&
(DeviceExtension->DeviceDescriptor->ProductIdOffset != 0xFFFFFFFF))
{
// set ProductIdOffset appropriately
if (*DataLength <
(DeviceExtension->DeviceDescriptor->ProductIdOffset + strlen(localDescriptorBuffer + DeviceExtension->DeviceDescriptor->ProductIdOffset)))
{
outputDescriptor->ProductIdOffset = 0;
}
}
if ((*DataLength >= RTL_SIZEOF_THROUGH_FIELD(STORAGE_DEVICE_DESCRIPTOR, ProductRevisionOffset)) &&
(DeviceExtension->DeviceDescriptor->ProductRevisionOffset != 0) &&
(DeviceExtension->DeviceDescriptor->ProductRevisionOffset != 0xFFFFFFFF))
{
// set ProductRevisionOffset appropriately
if (*DataLength <
(DeviceExtension->DeviceDescriptor->ProductRevisionOffset + strlen(localDescriptorBuffer + DeviceExtension->DeviceDescriptor->ProductRevisionOffset)))
{
outputDescriptor->ProductRevisionOffset = 0;
}
}
if ((*DataLength >= RTL_SIZEOF_THROUGH_FIELD(STORAGE_DEVICE_DESCRIPTOR, SerialNumberOffset)) &&
(DeviceExtension->DeviceDescriptor->SerialNumberOffset != 0) &&
(DeviceExtension->DeviceDescriptor->SerialNumberOffset != 0xFFFFFFFF))
{
// set SerialNumberOffset appropriately
if (*DataLength <
(DeviceExtension->DeviceDescriptor->SerialNumberOffset + strlen(localDescriptorBuffer + DeviceExtension->DeviceDescriptor->SerialNumberOffset)))
{
// NOTE: setting this to 0 since that is what most port drivers do
// [this could cause issues with SCSI port devices whose clients expect -1 in this field]
outputDescriptor->SerialNumberOffset = 0;
}
}
status = STATUS_SUCCESS;
}
}
} //end of StorageDeviceProperty
else if (inputBuffer->PropertyId == StorageAdapterProperty)
{
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength == 0)
{
// According to MSDN, an output buffer of size 0 can be used to determine if a property exists
// so this must be a success case with no data transferred
*DataLength = 0;
status = STATUS_SUCCESS;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
{
// Buffer too small
*DataLength = DeviceExtension->AdapterDescriptor->Size;
status = STATUS_BUFFER_TOO_SMALL;
}
else
{
PSTORAGE_ADAPTER_DESCRIPTOR outputDescriptor = NULL;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputDescriptor,
NULL);
if (NT_SUCCESS(status))
{
// copy as much data out as the buffer will allow
*DataLength = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DeviceExtension->AdapterDescriptor->Size);
RtlCopyMemory(outputDescriptor,
DeviceExtension->AdapterDescriptor,
*DataLength);
// set status
status = STATUS_SUCCESS;
}
}
}
}
return status;
}
NTSTATUS
RequestHandleQueryPropertyDeviceUniqueId(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceUniqueIdProperty.
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PSTORAGE_PROPERTY_QUERY inputBuffer = NULL;
PSTORAGE_DESCRIPTOR_HEADER descHeader = NULL;
size_t outLength = 0;
WDF_REQUEST_PARAMETERS requestParameters;
// Get the Request parameters
WDF_REQUEST_PARAMETERS_INIT(&requestParameters);
WdfRequestGetParameters(Request, &requestParameters);
status = WdfRequestRetrieveInputBuffer(Request,
requestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
BOOLEAN overflow = FALSE;
BOOLEAN infoFound = FALSE;
// Must run at less then dispatch.
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
{
NT_ASSERT(FALSE);
outLength = 0;
status = STATUS_INVALID_LEVEL;
}
else if (inputBuffer->QueryType == PropertyExistsQuery)
{
outLength = 0;
status = STATUS_SUCCESS;
}
else if (inputBuffer->QueryType != PropertyStandardQuery)
{
outLength = 0;
status = STATUS_NOT_SUPPORTED;
}
else
{
// Check AdditionalParameters validity.
if (inputBuffer->AdditionalParameters[0] == DUID_INCLUDE_SOFTWARE_IDS)
{
// Do nothing
}
else if (inputBuffer->AdditionalParameters[0] == DUID_HARDWARE_IDS_ONLY)
{
// Do nothing
}
else
{
outLength = 0;
status = STATUS_INVALID_PARAMETER;
}
if (NT_SUCCESS(status) &&
(outLength < sizeof(STORAGE_DESCRIPTOR_HEADER)))
{
outLength = 0;
status = STATUS_INFO_LENGTH_MISMATCH;
}
}
// From this point forward the status depends on the overflow
// and infoFound flags.
if (NT_SUCCESS(status))
{
outLength = requestParameters.Parameters.DeviceIoControl.OutputBufferLength;
status = WdfRequestRetrieveOutputBuffer(Request,
requestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&descHeader,
NULL);
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(descHeader, outLength);
descHeader->Version = DUID_VERSION_1;
descHeader->Size = sizeof(STORAGE_DEVICE_UNIQUE_IDENTIFIER);
// Try to build device unique id from StorageDeviceIdProperty.
status = RequestDuidGetDeviceIdProperty(deviceExtension,
Request,
requestParameters,
&outLength);
if (status == STATUS_BUFFER_OVERFLOW)
{
overflow = TRUE;
}
if (NT_SUCCESS(status))
{
infoFound = TRUE;
}
// Try to build device unique id from StorageDeviceProperty.
status = RequestDuidGetDeviceProperty(deviceExtension,
Request,
requestParameters,
&outLength);
if (status == STATUS_BUFFER_OVERFLOW)
{
overflow = TRUE;
}
if (NT_SUCCESS(status))
{
infoFound = TRUE;
}
// Return overflow, success, or a generic error.
if (overflow)
{
// If output buffer is STORAGE_DESCRIPTOR_HEADER, then return
// success to the user. Otherwise, send an error so the user
// knows a larger buffer is required.
if (outLength == sizeof(STORAGE_DESCRIPTOR_HEADER))
{
status = STATUS_SUCCESS;
}
else
{
outLength = (ULONG)WdfRequestGetInformation(Request);
status = STATUS_BUFFER_OVERFLOW;
}
}
else if (infoFound)
{
status = STATUS_SUCCESS;
// Exercise the compare routine. This should always succeed.
NT_ASSERT(DuidExactMatch == CompareStorageDuids((PSTORAGE_DEVICE_UNIQUE_IDENTIFIER)descHeader,
(PSTORAGE_DEVICE_UNIQUE_IDENTIFIER)descHeader));
}
else
{
status = STATUS_NOT_FOUND;
}
}
}
RequestCompletion(deviceExtension, Request, status, outLength);
return status;
}
NTSTATUS
RequestHandleQueryPropertyWriteCache(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_QUERY_PROPERTY with StorageDeviceWriteCacheProperty.
Arguments:
DeviceExtension - device context
Request - request to be handled
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PSTORAGE_PROPERTY_QUERY query = NULL;
PSTORAGE_WRITE_CACHE_PROPERTY writeCache = NULL;
PMODE_PARAMETER_HEADER modeData = NULL;
PMODE_CACHING_PAGE pageData = NULL;
size_t length = 0;
ULONG information = 0;
PSCSI_REQUEST_BLOCK srb = NULL;
WDF_REQUEST_PARAMETERS requestParameters;
// Get the Request parameters
WDF_REQUEST_PARAMETERS_INIT(&requestParameters);
WdfRequestGetParameters(Request, &requestParameters);
status = WdfRequestRetrieveInputBuffer(Request,
requestParameters.Parameters.DeviceIoControl.InputBufferLength,
&query,
NULL);
if (NT_SUCCESS(status))
{
// Must run at less then dispatch.
if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
{
NT_ASSERT(FALSE);
status = STATUS_INVALID_LEVEL;
}
else if (query->QueryType == PropertyExistsQuery)
{
information = 0;
status = STATUS_SUCCESS;
}
else if (query->QueryType != PropertyStandardQuery)
{
status = STATUS_NOT_SUPPORTED;
}
}
if (NT_SUCCESS(status))
{
length = requestParameters.Parameters.DeviceIoControl.OutputBufferLength;
if (length < sizeof(STORAGE_DESCRIPTOR_HEADER))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
requestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&writeCache,
NULL);
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(writeCache, length);
// Set version and required size.
writeCache->Version = sizeof(STORAGE_WRITE_CACHE_PROPERTY);
writeCache->Size = sizeof(STORAGE_WRITE_CACHE_PROPERTY);
if (length < sizeof(STORAGE_WRITE_CACHE_PROPERTY))
{
// caller only wants header information, bail out.
information = sizeof(STORAGE_DESCRIPTOR_HEADER);
status = STATUS_SUCCESS;
RequestCompletion(deviceExtension, Request, status, information);
return status;
}
}
if (NT_SUCCESS(status))
{
srb = ExAllocatePoolWithTag(NonPagedPoolNx,
sizeof(SCSI_REQUEST_BLOCK) +
(sizeof(ULONG_PTR) * 2),
CDROM_TAG_SRB);
if (srb == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(srb, sizeof(SCSI_REQUEST_BLOCK));
// Set known values
writeCache->NVCacheEnabled = FALSE;
writeCache->UserDefinedPowerProtection = TEST_FLAG(deviceExtension->DeviceFlags, DEV_POWER_PROTECTED);
// Check for flush cache support by sending a sync cache command
// to the device.
// Set timeout value and mark the request as not being a tagged request.
srb->Length = SCSI_REQUEST_BLOCK_SIZE;
srb->TimeOutValue = TimeOutValueGetCapValue(deviceExtension->TimeOutValue, 4);
srb->QueueTag = SP_UNTAGGED;
srb->QueueAction = SRB_SIMPLE_TAG_REQUEST;
srb->SrbFlags = deviceExtension->SrbFlags;
srb->Function = SRB_FUNCTION_EXECUTE_SCSI;
srb->CdbLength = 10;
srb->Cdb[0] = SCSIOP_SYNCHRONIZE_CACHE;
status = DeviceSendSrbSynchronously(Device,
srb,
NULL,
0,
TRUE, //flush drive cache
Request);
if (NT_SUCCESS(status))
{
writeCache->FlushCacheSupported = TRUE;
}
else
{
// Device does not support sync cache
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"RequestHandleQueryPropertyWriteCache: Synchronize cache failed with status 0x%X\n", status));
writeCache->FlushCacheSupported = FALSE;
// Reset the status if there was any failure
status = STATUS_SUCCESS;
}
modeData = ExAllocatePoolWithTag(NonPagedPoolNxCacheAligned,
MODE_PAGE_DATA_SIZE,
CDROM_TAG_MODE_DATA);
if (modeData == NULL)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"RequestHandleQueryPropertyWriteCache: Unable to allocate mode data buffer\n"));
status = STATUS_INSUFFICIENT_RESOURCES;
}
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(modeData, MODE_PAGE_DATA_SIZE);
length = DeviceRetrieveModeSenseUsingScratch(deviceExtension,
(PCHAR)modeData,
MODE_PAGE_DATA_SIZE,
MODE_PAGE_CACHING,
MODE_SENSE_CURRENT_VALUES);
if (length < sizeof(MODE_PARAMETER_HEADER))
{
// Retry the request in case of a check condition.
length = DeviceRetrieveModeSenseUsingScratch(deviceExtension,
(PCHAR)modeData,
MODE_PAGE_DATA_SIZE,
MODE_PAGE_CACHING,
MODE_SENSE_CURRENT_VALUES);
if (length < sizeof(MODE_PARAMETER_HEADER))
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL, "RequestHandleQueryPropertyWriteCache: Mode Sense failed\n"));
status = STATUS_IO_DEVICE_ERROR;
}
}
}
if (NT_SUCCESS(status))
{
// If the length is greater than length indicated by the mode data reset
// the data to the mode data.
if (length > (ULONG) (modeData->ModeDataLength + 1))
{
length = modeData->ModeDataLength + 1;
}
// Look for caching page in the returned mode page data.
pageData = ModeSenseFindSpecificPage((PCHAR)modeData,
length,
MODE_PAGE_CACHING,
TRUE);
// Check if valid caching page exists.
if (pageData == NULL)
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "RequestHandleQueryPropertyWriteCache: Unable to find caching mode page.\n"));
// Set write cache value as unknown.
writeCache->WriteCacheEnabled = WriteCacheEnableUnknown;
writeCache->WriteCacheType = WriteCacheTypeUnknown;
}
else
{
writeCache->WriteCacheEnabled = pageData->WriteCacheEnable
? WriteCacheEnabled
: WriteCacheDisabled;
writeCache->WriteCacheType = pageData->WriteCacheEnable
? WriteCacheTypeWriteBack
: WriteCacheTypeUnknown;
}
// Check write through support.
if (modeData->DeviceSpecificParameter & MODE_DSP_FUA_SUPPORTED)
{
writeCache->WriteThroughSupported = WriteThroughSupported;
}
else
{
writeCache->WriteThroughSupported = WriteThroughNotSupported;
}
// Get the changeable caching mode page and check write cache is changeable.
RtlZeroMemory(modeData, MODE_PAGE_DATA_SIZE);
length = DeviceRetrieveModeSenseUsingScratch(deviceExtension,
(PCHAR) modeData,
MODE_PAGE_DATA_SIZE,
MODE_PAGE_CACHING,
MODE_SENSE_CHANGEABLE_VALUES);
if (length < sizeof(MODE_PARAMETER_HEADER))
{
// Retry the request in case of a check condition.
length = DeviceRetrieveModeSenseUsingScratch(deviceExtension,
(PCHAR) modeData,
MODE_PAGE_DATA_SIZE,
MODE_PAGE_CACHING,
MODE_SENSE_CHANGEABLE_VALUES);
if (length < sizeof(MODE_PARAMETER_HEADER))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "RequestHandleQueryPropertyWriteCache: Mode Sense failed\n"));
// If the device fails to return changeable pages, then
// set the write cache changeable value to unknown.
writeCache->WriteCacheChangeable = WriteCacheChangeUnknown;
information = sizeof(STORAGE_WRITE_CACHE_PROPERTY);
}
}
}
if (NT_SUCCESS(status))
{
// If the length is greater than length indicated by the mode data reset
// the data to the mode data.
if (length > (ULONG) (modeData->ModeDataLength + 1))
{
length = modeData->ModeDataLength + 1;
}
// Look for caching page in the returned mode page data.
pageData = ModeSenseFindSpecificPage((PCHAR)modeData,
length,
MODE_PAGE_CACHING,
TRUE);
// Check if valid caching page exists.
if (pageData == NULL)
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "RequestHandleQueryPropertyWriteCache: Unable to find caching mode page.\n"));
// Set write cache changeable value to unknown.
writeCache->WriteCacheChangeable = WriteCacheChangeUnknown;
}
else
{
writeCache->WriteCacheChangeable = pageData->WriteCacheEnable
? WriteCacheChangeable
: WriteCacheNotChangeable;
}
information = sizeof(STORAGE_WRITE_CACHE_PROPERTY);
}
FREE_POOL(srb);
FREE_POOL(modeData);
RequestCompletion(deviceExtension, Request, status, information);
return status;
}
NTSTATUS
RequestValidateDvdReadKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_DVD_READ_KEY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_COPY_PROTECT_KEY keyParameters = NULL;
ULONG keyLength = 0;
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&keyParameters,
NULL);
if (NT_SUCCESS(status))
{
if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(DVD_COPY_PROTECT_KEY))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"DvdDeviceControl: EstablishDriveKey - challenge "
"key buffer too small\n"));
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
switch(keyParameters->KeyType)
{
case DvdChallengeKey:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_CHALLENGE_KEY_LENGTH);
keyLength = DVD_CHALLENGE_KEY_LENGTH;
break;
}
case DvdBusKey1:
case DvdBusKey2:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_BUS_KEY_LENGTH);
keyLength = DVD_BUS_KEY_LENGTH;
break;
}
case DvdTitleKey:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_TITLE_KEY_LENGTH);
keyLength = DVD_TITLE_KEY_LENGTH;
break;
}
case DvdAsf:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_ASF_LENGTH);
keyLength = DVD_ASF_LENGTH;
break;
}
case DvdDiskKey:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_DISK_KEY_LENGTH);
keyLength = DVD_DISK_KEY_LENGTH;
break;
}
case DvdGetRpcKey:
{
C_ASSERT(sizeof(DVD_COPY_PROTECT_KEY) <= DVD_RPC_KEY_LENGTH);
keyLength = DVD_RPC_KEY_LENGTH;
break;
}
default:
{
keyLength = sizeof(DVD_COPY_PROTECT_KEY);
break;
}
}
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < keyLength)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"DvdDeviceControl: EstablishDriveKey - output "
"buffer too small\n"));
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = keyLength;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength &
DeviceExtension->AdapterDescriptor->AlignmentMask)
{
status = STATUS_INVALID_PARAMETER;
}
else if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
// reject the request if it's not a DVD device.
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
return status;
}
NTSTATUS
RequestValidateDvdEndSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DVD_END_SESSION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_SESSION_ID sessionId = NULL;
UNREFERENCED_PARAMETER(DeviceExtension);
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
if (NT_SUCCESS(status))
{
if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(DVD_SESSION_ID))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"DvdDeviceControl: EndSession - input buffer too "
"small\n"));
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateAacsEndSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_AACS_END_SESSION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_SESSION_ID sessionId = NULL;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&sessionId,
NULL);
if (NT_SUCCESS(status))
{
if (!cdData->Mmc.IsAACS)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength != sizeof(DVD_SESSION_ID))
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateEnableStreaming(
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validates an IOCTL_CDROM_ENABLE_STREAMING request
Arguments:
Request - request to be handled
RequestParameters - request parameters
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_STREAMING_CONTROL inputBuffer = NULL;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_STREAMING_CONTROL))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
// Get the request type using CDROM_STREAMING_CONTROL structure
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_STREAMING_CONTROL),
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->RequestType != CdromStreamingDisable &&
inputBuffer->RequestType != CdromStreamingEnableForReadOnly &&
inputBuffer->RequestType != CdromStreamingEnableForWriteOnly &&
inputBuffer->RequestType != CdromStreamingEnableForReadWrite)
{
// Unknown request type
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateSendOpcInformation(
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validates an IOCTL_CDROM_SEND_OPC_INFORMATION request
Arguments:
Request - request to be handled
RequestParameters - request parameters
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_SIMPLE_OPC_INFO inputBuffer = NULL;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_SIMPLE_OPC_INFO))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
// Get the request type using CDROM_SIMPLE_OPC_INFO structure
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_SIMPLE_OPC_INFO),
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
if (inputBuffer->RequestType != SimpleOpcInfo)
{
// Unknown request type
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
NTSTATUS
RequestValidateGetPerformance(
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validates an IOCTL_CDROM_GET_PERFORMANCE request
Arguments:
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_WRITE_SPEED_REQUEST writeSpeedRequest = NULL;
PCDROM_PERFORMANCE_REQUEST performanceRequest = NULL;
*DataLength = 0;
// CDROM_WRITE_SPEED_REQUEST is the smallest performance request that we support.
// We use it to retrieve request type and then check input length more carefully
// on a per request type basis.
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_WRITE_SPEED_REQUEST))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_WRITE_SPEED_REQUEST),
(PVOID*)&writeSpeedRequest,
NULL);
}
if (NT_SUCCESS(status))
{
if (writeSpeedRequest->RequestType == CdromPerformanceRequest)
{
// CDROM_PERFORMANCE_REQUEST is bigger than CDROM_WRITE_SPEED_REQUEST,
// so we perform more checks and retrieve more bytes through WDF.
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(CDROM_PERFORMANCE_REQUEST))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_PERFORMANCE_REQUEST),
&performanceRequest,
NULL);
}
if (!NT_SUCCESS(status))
{
// just pass the status code from above
}
// validate all enum-type fields of CDROM_PERFORMANCE_REQUEST
else if (performanceRequest->PerformanceType != CdromReadPerformance &&
performanceRequest->PerformanceType != CdromWritePerformance)
{
status = STATUS_INVALID_PARAMETER;
}
else if (performanceRequest->Exceptions != CdromNominalPerformance &&
performanceRequest->Exceptions != CdromEntirePerformanceList &&
performanceRequest->Exceptions != CdromPerformanceExceptionsOnly)
{
status = STATUS_INVALID_PARAMETER;
}
else if (performanceRequest->Tolerance != Cdrom10Nominal20Exceptions)
{
status = STATUS_INVALID_PARAMETER;
}
}
else if (writeSpeedRequest->RequestType == CdromWriteSpeedRequest)
{
// No additional checks here: all remaining fields are ignored
// if RequestType == CdromWriteSpeedRequest.
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
// finally, check output buffer length
if (NT_SUCCESS(status))
{
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(CDROM_PERFORMANCE_HEADER))
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(CDROM_PERFORMANCE_HEADER);
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >
((USHORT)-1))
{
status = STATUS_INVALID_PARAMETER;
}
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
PCDB
RequestGetScsiPassThroughCdb(
_In_ PIRP Irp
)
/*++
Routine Description:
Get the CDB structure from the SCSI pass through
Arguments:
Irp - request to be handled
Return Value:
PCDB
--*/
{
PCDB cdb = NULL;
PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(Irp);
ULONG inputBufferLength = 0;
PVOID inputBuffer = NULL;
BOOLEAN legacyPassThrough = FALSE;
PAGED_CODE();
if (((currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH) ||
(currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_DIRECT) ||
(currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_EX) ||
(currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_DIRECT_EX)) &&
(Irp->AssociatedIrp.SystemBuffer != NULL))
{
inputBufferLength = currentIrpStack->Parameters.DeviceIoControl.InputBufferLength;
inputBuffer = Irp->AssociatedIrp.SystemBuffer;
legacyPassThrough = TRUE;
if ((currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_EX) ||
(currentIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SCSI_PASS_THROUGH_DIRECT_EX))
{
legacyPassThrough = FALSE;
}
//
// If this is a 32 bit application running on 64 bit then thunk the
// input structures to grab the cdb.
//
#if BUILD_WOW64_ENABLED && defined(_WIN64)
if (IoIs32bitProcess(Irp))
{
if (legacyPassThrough)
{
if (inputBufferLength >= sizeof(SCSI_PASS_THROUGH32))
{
cdb = (PCDB)((PSCSI_PASS_THROUGH32)inputBuffer)->Cdb;
}
}
else
{
if (inputBufferLength >= sizeof(SCSI_PASS_THROUGH32_EX))
{
cdb = (PCDB)((PSCSI_PASS_THROUGH32_EX)inputBuffer)->Cdb;
}
}
}
else
#endif
{
if (legacyPassThrough)
{
if (inputBufferLength >= sizeof(SCSI_PASS_THROUGH))
{
cdb = (PCDB)((PSCSI_PASS_THROUGH)inputBuffer)->Cdb;
}
}
else
{
if (inputBufferLength >= sizeof(SCSI_PASS_THROUGH_EX))
{
cdb = (PCDB)((PSCSI_PASS_THROUGH_EX)inputBuffer)->Cdb;
}
}
}
}
return cdb;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleScsiPassThrough(
_In_ WDFDEVICE Device,
_In_ WDFREQUEST Request
)
/*++
Routine Description:
Handle request of IOCTL_SCSI_PASS_THROUGH
IOCTL_SCSI_PASS_THROUGH_DIRECT
The function sets the MinorFunction field of irpStack,
and pass the request to lower level driver.
Arguments:
Device - device object
Request - request to be handled
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
PCDROM_DEVICE_EXTENSION deviceExtension = DeviceGetExtension(Device);
PIRP irp = WdfRequestWdmGetIrp(Request);
PZERO_POWER_ODD_INFO zpoddInfo = deviceExtension->ZeroPowerODDInfo;
PCDB cdb = NULL;
BOOLEAN isSoftEject = FALSE;
#if DBG
PCDROM_REQUEST_CONTEXT requestContext = RequestGetContext(Request);
#endif
PAGED_CODE();
#if DBG
// SPTI is always processed in sync manner.
NT_ASSERT(requestContext->SyncRequired);
#endif
if ((zpoddInfo != NULL) &&
(zpoddInfo->LoadingMechanism == LOADING_MECHANISM_TRAY) &&
(zpoddInfo->Load == 0)) // Drawer
{
cdb = RequestGetScsiPassThroughCdb(irp);
if ((cdb != NULL) &&
(cdb->AsByte[0] == SCSIOP_START_STOP_UNIT) &&
(cdb->START_STOP.LoadEject == 1) &&
(cdb->START_STOP.Start == 0))
{
isSoftEject = TRUE;
}
}
WdfRequestFormatRequestUsingCurrentType(Request);
// Special for SPTI, set the MinorFunction.
{
PIO_STACK_LOCATION nextStack = IoGetNextIrpStackLocation(irp);
nextStack->MinorFunction = 1;
}
status = RequestSend(deviceExtension,
Request,
deviceExtension->IoTarget,
WDF_REQUEST_SEND_OPTION_SYNCHRONOUS,
NULL);
if (!NT_SUCCESS(status) &&
(isSoftEject != FALSE))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_POWER,
"RequestHandleScsiPassThrough: soft eject detected, device marked as active\n"));
DeviceMarkActive(deviceExtension, TRUE, FALSE);
}
RequestCompletion(deviceExtension, Request, status, WdfRequestGetInformation(Request));
return status;
}
NTSTATUS
RequestHandleMountQueryUniqueId(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_MOUNTDEV_QUERY_UNIQUE_ID
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PMOUNTDEV_UNIQUE_ID uniqueId = NULL;
*DataLength = 0;
if (!DeviceExtension->MountedDeviceInterfaceName.Buffer)
{
status = STATUS_INVALID_PARAMETER;
}
else if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(MOUNTDEV_UNIQUE_ID))
{
*DataLength = sizeof(MOUNTDEV_UNIQUE_ID);
status = STATUS_BUFFER_TOO_SMALL;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&uniqueId,
NULL);
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(uniqueId, RequestParameters.Parameters.DeviceIoControl.OutputBufferLength);
uniqueId->UniqueIdLength = DeviceExtension->MountedDeviceInterfaceName.Length;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
(sizeof(USHORT) + DeviceExtension->MountedDeviceInterfaceName.Length))
{
*DataLength = sizeof(MOUNTDEV_UNIQUE_ID);
status = STATUS_BUFFER_OVERFLOW;
}
}
if (NT_SUCCESS(status))
{
RtlCopyMemory(uniqueId->UniqueId,
DeviceExtension->MountedDeviceInterfaceName.Buffer,
uniqueId->UniqueIdLength);
*DataLength = sizeof(USHORT) + uniqueId->UniqueIdLength;
status = STATUS_SUCCESS;
}
return status;
}
NTSTATUS
RequestHandleMountQueryDeviceName(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_MOUNTDEV_QUERY_DEVICE_NAME
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PMOUNTDEV_NAME name = NULL;
*DataLength = 0;
NT_ASSERT(DeviceExtension->DeviceName.Buffer);
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < sizeof(MOUNTDEV_NAME))
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(MOUNTDEV_NAME);
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&name,
NULL);
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(name, RequestParameters.Parameters.DeviceIoControl.OutputBufferLength);
name->NameLength = DeviceExtension->DeviceName.Length;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
(sizeof(USHORT) + DeviceExtension->DeviceName.Length))
{
status = STATUS_BUFFER_OVERFLOW;
*DataLength = sizeof(MOUNTDEV_NAME);
}
}
if (NT_SUCCESS(status))
{
RtlCopyMemory(name->Name,
DeviceExtension->DeviceName.Buffer,
name->NameLength);
status = STATUS_SUCCESS;
*DataLength = sizeof(USHORT) + name->NameLength;
}
return status;
}
NTSTATUS
RequestHandleMountQuerySuggestedLinkName(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PMOUNTDEV_SUGGESTED_LINK_NAME suggestedName = NULL;
WCHAR driveLetterNameBuffer[10] = {0};
RTL_QUERY_REGISTRY_TABLE queryTable[2] = {0};
PWSTR valueName = NULL;
UNICODE_STRING driveLetterName = {0};
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <
sizeof(MOUNTDEV_SUGGESTED_LINK_NAME))
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(MOUNTDEV_SUGGESTED_LINK_NAME);
}
if (NT_SUCCESS(status))
{
valueName = ExAllocatePoolWithTag(PagedPool,
DeviceExtension->DeviceName.Length + sizeof(WCHAR),
CDROM_TAG_STRINGS);
if (valueName == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
}
if (NT_SUCCESS(status))
{
RtlCopyMemory(valueName,
DeviceExtension->DeviceName.Buffer,
DeviceExtension->DeviceName.Length);
valueName[DeviceExtension->DeviceName.Length/sizeof(WCHAR)] = 0;
driveLetterName.Buffer = driveLetterNameBuffer;
driveLetterName.MaximumLength = sizeof(driveLetterNameBuffer);
driveLetterName.Length = 0;
queryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_TYPECHECK;
queryTable[0].Name = valueName;
queryTable[0].EntryContext = &driveLetterName;
queryTable[0].DefaultType = (REG_SZ << RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) | REG_NONE;
status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
L"\\Registry\\Machine\\System\\DISK", // why hard coded?
queryTable, NULL, NULL);
}
if (NT_SUCCESS(status))
{
if ((driveLetterName.Length == 4) &&
(driveLetterName.Buffer[0] == '%') &&
(driveLetterName.Buffer[1] == ':'))
{
driveLetterName.Buffer[0] = 0xFF;
}
else if ((driveLetterName.Length != 4) ||
(driveLetterName.Buffer[0] < FirstDriveLetter) ||
(driveLetterName.Buffer[0] > LastDriveLetter) ||
(driveLetterName.Buffer[1] != ':'))
{
status = STATUS_NOT_FOUND;
}
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&suggestedName,
NULL);
}
if (NT_SUCCESS(status))
{
RtlZeroMemory(suggestedName, RequestParameters.Parameters.DeviceIoControl.OutputBufferLength);
suggestedName->UseOnlyIfThereAreNoOtherLinks = TRUE;
suggestedName->NameLength = 28;
*DataLength = FIELD_OFFSET(MOUNTDEV_SUGGESTED_LINK_NAME, Name) + 28;
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < *DataLength)
{
*DataLength = sizeof(MOUNTDEV_SUGGESTED_LINK_NAME);
status = STATUS_BUFFER_OVERFLOW;
}
}
if (NT_SUCCESS(status))
{
RtlDeleteRegistryValue(RTL_REGISTRY_ABSOLUTE,
L"\\Registry\\Machine\\System\\DISK",
valueName);
RtlCopyMemory(suggestedName->Name, L"\\DosDevices\\", 24);
suggestedName->Name[12] = driveLetterName.Buffer[0];
suggestedName->Name[13] = ':';
}
FREE_POOL(valueName);
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleReadTOC(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_READ_TOC
IOCTL_CDROM_GET_LAST_SESSION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
VOID* outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
if (DeviceIsPlayActive(DeviceExtension->Device))
{
status = STATUS_DEVICE_BUSY;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
// handle the request
if (NT_SUCCESS(status))
{
size_t transferSize;
CDB cdb;
transferSize = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength, sizeof(CDROM_TOC));
RtlZeroMemory(outputBuffer, transferSize);
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
if (RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_CDROM_GET_LAST_SESSION)
{
// Set format to return first and last session numbers.
cdb.READ_TOC.Format2 = CDROM_READ_TOC_EX_FORMAT_SESSION;
}
else
{
// Use MSF addressing
cdb.READ_TOC.Msf = 1;
}
cdb.READ_TOC.OperationCode = SCSIOP_READ_TOC;
cdb.READ_TOC.AllocationLength[0] = (UCHAR)(transferSize >> 8);
cdb.READ_TOC.AllocationLength[1] = (UCHAR)(transferSize & 0xFF);
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, (ULONG)transferSize, TRUE, &cdb, 10);
if (NT_SUCCESS(status))
{
*DataLength = DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength;
RtlCopyMemory(outputBuffer,
DeviceExtension->ScratchContext.ScratchBuffer,
*DataLength);
}
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleReadTocEx(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_READ_TOC_EX
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_READ_TOC_EX inputBuffer = NULL;
VOID* outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
if (DeviceIsPlayActive(DeviceExtension->Device))
{
status = STATUS_DEVICE_BUSY;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
// handle the request
if (NT_SUCCESS(status))
{
size_t transferSize;
CDB cdb;
transferSize = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength, MAXUSHORT);
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.READ_TOC.OperationCode = SCSIOP_READ_TOC;
cdb.READ_TOC.Msf = inputBuffer->Msf;
cdb.READ_TOC.Format2 = inputBuffer->Format;
cdb.READ_TOC.StartingTrack = inputBuffer->SessionTrack;
cdb.READ_TOC.AllocationLength[0] = (UCHAR)(transferSize >> 8);
cdb.READ_TOC.AllocationLength[1] = (UCHAR)(transferSize & 0xFF);
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, (ULONG)transferSize, TRUE, &cdb, 10);
if (NT_SUCCESS(status))
{
if (DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength < MINIMUM_CDROM_READ_TOC_EX_SIZE)
{
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
*DataLength = DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength;
RtlCopyMemory(outputBuffer,
DeviceExtension->ScratchContext.ScratchBuffer,
*DataLength);
}
}
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
VOID
GetConfigurationDataConversionTypeAllToTypeOne(
_In_ FEATURE_NUMBER RequestedFeature,
_In_ PSCSI_REQUEST_BLOCK Srb,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Some CDROM devices do not handle the GET CONFIGURATION commands with
TYPE ONE request. The command will time out causing a bus reset.
To avoid this problem we set a device flag during start device if the device
fails a TYPE ONE request. If this flag is set the TYPE ONE requests will be
tried as TYPE ALL request and the data will be converted to TYPE ONE format
in this routine.
Arguments:
RequestedFeature - device context
Srb - request to be handled
DataLength - transfer data length
Return Value:
NTSTATUS
--*/
{
PFEATURE_HEADER featureHeader = NULL;
FEATURE_NUMBER thisFeature;
ULONG totalLength = 0;
ULONG featureLength = 0;
ULONG headerLength = 0;
PGET_CONFIGURATION_HEADER header = NULL;
PAGED_CODE ();
*DataLength = 0;
if (Srb->DataTransferLength < RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength))
{
// do not have valid data.
return;
}
// Calculate the length of valid data available in the
// capabilities buffer from the DataLength field
header = (PGET_CONFIGURATION_HEADER) Srb->DataBuffer;
REVERSE_BYTES(&totalLength, header->DataLength);
totalLength += RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength);
// Make sure the we have enough data in the SRB
totalLength = min(totalLength, Srb->DataTransferLength);
// If we have received enough data from the device
// check for the given feature.
if (totalLength >= (sizeof(GET_CONFIGURATION_HEADER) + sizeof(FEATURE_HEADER)))
{
// Feature information is present. Verify the feature.
featureHeader = (PFEATURE_HEADER)((PUCHAR)Srb->DataBuffer + sizeof(GET_CONFIGURATION_HEADER));
thisFeature = (featureHeader->FeatureCode[0] << 8) | (featureHeader->FeatureCode[1]);
if (thisFeature == RequestedFeature)
{
// Calculate the feature length
featureLength = sizeof(FEATURE_HEADER) + featureHeader->AdditionalLength;
}
}
// Calculate the total size
totalLength = sizeof(GET_CONFIGURATION_HEADER) + featureLength;
headerLength = totalLength -
RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength);
REVERSE_BYTES(header->DataLength, &headerLength);
*DataLength = totalLength;
return;
}
_IRQL_requires_max_(APC_LEVEL)
VOID
GetConfigurationDataSynthesize(
_In_reads_bytes_(InputBufferSize) PVOID InputBuffer,
_In_ ULONG InputBufferSize,
_Out_writes_bytes_(OutputBufferSize) PVOID OutputBuffer,
_In_ size_t OutputBufferSize,
_In_ FEATURE_NUMBER StartingFeature,
_In_ ULONG RequestType,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Get Configuration is a frequently used command, and we don't want it to wake
up the device in case it is in Zero Power state. Before entering Zero Power state,
the complete response of the command is saved in cache, and since the response
is always the same in case there is no media, we can synthesize the response
based on the user request.
Arguments:
InputBuffer - buffer containing cached command response
InputBufferSize - size of above buffer
OutputBuffer - buffer to fill in result
OutputBufferSize - size of above buffer
StartingFeature - requested Starting Feature Number
RequestType - requested Request Type
DataLength - transfer data length
Return Value:
--*/
{
PFEATURE_HEADER featureHeader = NULL;
ULONG validLength = 0;
ULONG featureLength = 0;
ULONG headerLength = 0;
PUCHAR buffer = NULL;
ULONG bytesRemaining = 0;
FEATURE_NUMBER featureCode = 0;
BOOLEAN shouldCopy = FALSE;
size_t copyLength = 0;
size_t transferedLength = 0;
size_t requiredLength = 0;
PGET_CONFIGURATION_HEADER header = NULL;
PAGED_CODE ();
if (InputBufferSize < sizeof (GET_CONFIGURATION_HEADER))
{
// do not have valid data.
*DataLength = 0;
return;
}
// Calculate the length of valid data available in the
// capabilities buffer from the DataLength field
header = (PGET_CONFIGURATION_HEADER) InputBuffer;
REVERSE_BYTES(&validLength, header->DataLength);
validLength += RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength);
// Make sure we have enough data
validLength = min(validLength, InputBufferSize);
// Copy the header first
copyLength = min(OutputBufferSize, sizeof (GET_CONFIGURATION_HEADER));
RtlMoveMemory(OutputBuffer,
InputBuffer,
copyLength);
transferedLength = copyLength;
requiredLength = sizeof (GET_CONFIGURATION_HEADER);
if (validLength > sizeof (GET_CONFIGURATION_HEADER))
{
buffer = header->Data;
bytesRemaining = validLength - sizeof (GET_CONFIGURATION_HEADER);
// Ignore incomplete feature descriptor
while (bytesRemaining >= sizeof (FEATURE_HEADER))
{
featureHeader = (PFEATURE_HEADER) buffer;
shouldCopy = FALSE;
featureCode = (featureHeader->FeatureCode[0] << 8) | (featureHeader->FeatureCode[1]);
featureLength = sizeof (FEATURE_HEADER) + featureHeader->AdditionalLength;
if (featureCode >= StartingFeature)
{
switch (RequestType) {
case SCSI_GET_CONFIGURATION_REQUEST_TYPE_ALL:
shouldCopy = TRUE;
break;
case SCSI_GET_CONFIGURATION_REQUEST_TYPE_CURRENT:
if (featureHeader->Current)
{
shouldCopy = TRUE;
}
break;
case SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE:
if (featureCode == StartingFeature)
{
shouldCopy = TRUE;
}
break;
default:
break;
}
}
if (shouldCopy != FALSE)
{
copyLength = min(featureLength, bytesRemaining);
copyLength = min(copyLength, OutputBufferSize - transferedLength);
RtlMoveMemory((PUCHAR) OutputBuffer + transferedLength,
buffer,
copyLength);
transferedLength += copyLength;
requiredLength += featureLength;
}
buffer += min(featureLength, bytesRemaining);
bytesRemaining -= min(featureLength, bytesRemaining);
}
}
// Adjust Data Length field in header
if (transferedLength >= RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength))
{
headerLength = (ULONG) requiredLength - RTL_SIZEOF_THROUGH_FIELD(GET_CONFIGURATION_HEADER, DataLength);
header = (PGET_CONFIGURATION_HEADER) OutputBuffer;
REVERSE_BYTES(header->DataLength, &headerLength);
}
*DataLength = transferedLength;
return;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleGetConfiguration(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_GET_CONFIGURATION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PGET_CONFIGURATION_IOCTL_INPUT inputBuffer = NULL;
VOID* outputBuffer = NULL;
size_t transferByteCount = 0;
PZERO_POWER_ODD_INFO zpoddInfo = DeviceExtension->ZeroPowerODDInfo;
BOOLEAN inZeroPowerState = FALSE;
PAGED_CODE ();
*DataLength = 0;
//
if (!cdData->Mmc.IsMmc)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
// If device is Zero Power state, there should be no media in device, thus we can synthesize the response
// from our cache. Avoid waking up the device in this case.
if ((zpoddInfo != NULL) &&
(zpoddInfo->InZeroPowerState != FALSE))
{
inZeroPowerState = TRUE;
}
if ((inZeroPowerState == FALSE) ||
(zpoddInfo->GetConfigurationBuffer == NULL))
{
CDB cdb;
//The maximum number of bytes that a Drive may return
//to describe its Features in one GET CONFIGURATION Command is 65,534
transferByteCount = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength, (MAXUSHORT - 1));
// If this is a TYPE ONE request and if this device can't handle this
// request, then we need to send TYPE ALL request to the device and
// convert the data in the completion routine. If required allocate a big
// buffer to get both configuration and feature header.
if ((inputBuffer->RequestType == SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE) &&
TEST_FLAG(cdData->HackFlags, CDROM_HACK_BAD_TYPE_ONE_GET_CONFIG))
{
transferByteCount = max(transferByteCount,
sizeof(GET_CONFIGURATION_HEADER) + sizeof(FEATURE_HEADER));
}
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.GET_CONFIGURATION.OperationCode = SCSIOP_GET_CONFIGURATION;
cdb.GET_CONFIGURATION.AllocationLength[0] = (UCHAR)(transferByteCount >> 8);
cdb.GET_CONFIGURATION.AllocationLength[1] = (UCHAR)(transferByteCount & 0xff);
cdb.GET_CONFIGURATION.StartingFeature[0] = (UCHAR)(inputBuffer->Feature >> 8);
cdb.GET_CONFIGURATION.StartingFeature[1] = (UCHAR)(inputBuffer->Feature & 0xff);
cdb.GET_CONFIGURATION.RequestType = (UCHAR)(inputBuffer->RequestType);
// If the device does not support TYPE ONE get configuration commands
// then change the request type to TYPE ALL. Convert the returned data to
// TYPE ONE format in the completion routine.
if ((inputBuffer->RequestType == SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE) &&
TEST_FLAG(cdData->HackFlags, CDROM_HACK_BAD_TYPE_ONE_GET_CONFIG))
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"DeviceHandleGetConfiguration: Changing TYPE_ONE Get Config to TYPE_ALL\n"));
cdb.GET_CONFIGURATION.RequestType = SCSI_GET_CONFIGURATION_REQUEST_TYPE_ALL;
}
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, (ULONG)transferByteCount, TRUE, &cdb, 12);
if (NT_SUCCESS(status))
{
if ((inputBuffer->RequestType == SCSI_GET_CONFIGURATION_REQUEST_TYPE_ONE) &&
TEST_FLAG(cdData->HackFlags, CDROM_HACK_BAD_TYPE_ONE_GET_CONFIG))
{
if (DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength < sizeof(GET_CONFIGURATION_HEADER))
{
// Not enough data to calculate the data length.
// So assume feature is not present
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL, "DeviceHandleGetConfiguration: No get config header!\n"));
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
//Some CDROM devices do not handle the GET CONFIGURATION commands with
//TYPE ONE request. The command will time out causing a bus reset.
//To avoid this problem we set a device flag during start device if the device
//fails a TYPE ONE request. If this flag is set the TYPE ONE requests will be
//tried as TYPE ALL request and the data will be converted to TYPE ONE format
//in this routine.
GetConfigurationDataConversionTypeAllToTypeOne(inputBuffer->Feature, DeviceExtension->ScratchContext.ScratchSrb, DataLength);
*DataLength = min(*DataLength, RequestParameters.Parameters.DeviceIoControl.OutputBufferLength);
}
}
else
{
*DataLength = DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength;
}
// copy data to output buffer
if (NT_SUCCESS(status))
{
RtlMoveMemory(outputBuffer,
DeviceExtension->ScratchContext.ScratchBuffer,
*DataLength);
}
}
ScratchBuffer_EndUse(DeviceExtension);
}
else
{
// We are in Zero Power state, and our cached response is available.
// Synthesize the requested data.
GetConfigurationDataSynthesize(zpoddInfo->GetConfigurationBuffer,
zpoddInfo->GetConfigurationBufferSize,
outputBuffer,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
inputBuffer->Feature,
inputBuffer->RequestType,
DataLength
);
}
}
return status;
}
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
RequestHandleGetDriveGeometry(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DISK_GET_LENGTH_INFO
IOCTL_DISK_GET_DRIVE_GEOMETRY
IOCTL_DISK_GET_DRIVE_GEOMETRY_EX
IOCTL_CDROM_GET_DRIVE_GEOMETRY
IOCTL_CDROM_GET_DRIVE_GEOMETRY_EX
IOCTL_STORAGE_READ_CAPACITY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
VOID* outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
// Issue ReadCapacity to update device extension
// with information for current media.
if (NT_SUCCESS(status))
{
status = MediaReadCapacity(DeviceExtension->Device);
}
if (NT_SUCCESS(status))
{
switch(RequestParameters.Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_DISK_GET_LENGTH_INFO:
{
PGET_LENGTH_INFORMATION lengthInfo = (PGET_LENGTH_INFORMATION)outputBuffer;
lengthInfo->Length = DeviceExtension->PartitionLength;
*DataLength = sizeof(GET_LENGTH_INFORMATION);
break;
}
case IOCTL_DISK_GET_DRIVE_GEOMETRY:
case IOCTL_CDROM_GET_DRIVE_GEOMETRY:
{
PDISK_GEOMETRY geometry = (PDISK_GEOMETRY)outputBuffer;
*geometry = DeviceExtension->DiskGeometry;
*DataLength = sizeof(DISK_GEOMETRY);
break;
}
case IOCTL_DISK_GET_DRIVE_GEOMETRY_EX:
case IOCTL_CDROM_GET_DRIVE_GEOMETRY_EX:
{
PDISK_GEOMETRY_EX geometryEx = (PDISK_GEOMETRY_EX)outputBuffer;
geometryEx->DiskSize = DeviceExtension->PartitionLength;
geometryEx->Geometry = DeviceExtension->DiskGeometry;
*DataLength = FIELD_OFFSET(DISK_GEOMETRY_EX, Data);
break;
}
case IOCTL_STORAGE_READ_CAPACITY:
{
PSTORAGE_READ_CAPACITY readCapacity = (PSTORAGE_READ_CAPACITY)outputBuffer;
readCapacity->Version = sizeof(STORAGE_READ_CAPACITY);
readCapacity->Size = sizeof(STORAGE_READ_CAPACITY);
readCapacity->BlockLength = DeviceExtension->DiskGeometry.BytesPerSector;
if (readCapacity->BlockLength > 0)
{
readCapacity->NumberOfBlocks.QuadPart = DeviceExtension->PartitionLength.QuadPart/readCapacity->BlockLength;
}
else
{
readCapacity->NumberOfBlocks.QuadPart = 0;
}
readCapacity->DiskLength = DeviceExtension->PartitionLength;
*DataLength = sizeof(STORAGE_READ_CAPACITY);
break;
}
default:
{
NT_ASSERT(FALSE);
break;
}
} // end of switch()
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleDiskVerify(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DISK_VERIFY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PVERIFY_INFORMATION verifyInfo = NULL;
PAGED_CODE ();
*DataLength = 0;
if (!cdData->Mmc.WriteAllowed)
{
status = STATUS_MEDIA_WRITE_PROTECTED;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&verifyInfo,
NULL);
}
// handle the request
if (NT_SUCCESS(status))
{
LARGE_INTEGER byteOffset = {0};
// Add disk offset to starting sector.
byteOffset.QuadPart = DeviceExtension->StartingOffset.QuadPart +
verifyInfo->StartingOffset.QuadPart;
// prevent overflow returning success but only validating small area
if (((DeviceExtension->StartingOffset.QuadPart + verifyInfo->StartingOffset.QuadPart) < DeviceExtension->StartingOffset.QuadPart) ||
((verifyInfo->Length >> DeviceExtension->SectorShift) > MAXUSHORT) ||
((byteOffset.QuadPart >> DeviceExtension->SectorShift) > MAXULONG) )
{
status = STATUS_INVALID_PARAMETER;
}
else
{
ULONG transferSize = 0;
ULONG timeoutValue = 0;
CDB cdb;
ULONG sectorOffset;
USHORT sectorCount;
ScratchBuffer_BeginUse(DeviceExtension);
// Convert byte offset to sector offset.
sectorOffset = (ULONG)(byteOffset.QuadPart >> DeviceExtension->SectorShift);
// Convert ULONG byte count to USHORT sector count.
sectorCount = (USHORT)(verifyInfo->Length >> DeviceExtension->SectorShift);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.CDB10.OperationCode = SCSIOP_VERIFY;
// Move little endian values into CDB in big endian format.
cdb.CDB10.LogicalBlockByte0 = ((PFOUR_BYTE)&sectorOffset)->Byte3;
cdb.CDB10.LogicalBlockByte1 = ((PFOUR_BYTE)&sectorOffset)->Byte2;
cdb.CDB10.LogicalBlockByte2 = ((PFOUR_BYTE)&sectorOffset)->Byte1;
cdb.CDB10.LogicalBlockByte3 = ((PFOUR_BYTE)&sectorOffset)->Byte0;
cdb.CDB10.TransferBlocksMsb = ((PFOUR_BYTE)&sectorCount)->Byte1;
cdb.CDB10.TransferBlocksLsb = ((PFOUR_BYTE)&sectorCount)->Byte0;
// The verify command is used by the NT FORMAT utility and
// requests are sent down for 5% of the volume size. The
// request timeout value is calculated based on the number of
// sectors verified.
if (sectorCount != 0)
{
// sectorCount is a USHORT, so no overflow here...
timeoutValue = TimeOutValueGetCapValue(DeviceExtension->TimeOutValue, ((sectorCount + 128) / 128));
}
status = ScratchBuffer_ExecuteCdbEx(DeviceExtension, Request, transferSize, FALSE, &cdb, 10, timeoutValue);
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleCheckVerify(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_CHECK_VERIFY2
IOCTL_STORAGE_CHECK_VERIFY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.CDB6GENERIC.OperationCode = SCSIOP_TEST_UNIT_READY;
status = ScratchBuffer_ExecuteCdbEx(DeviceExtension, Request, transferSize, FALSE, &cdb, 6, CDROM_TEST_UNIT_READY_TIMEOUT);
if (NT_SUCCESS(status))
{
if((RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_STORAGE_CHECK_VERIFY) &&
(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength))
{
PULONG outputBuffer = NULL;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
if (outputBuffer != NULL)
{
*outputBuffer = DeviceExtension->MediaChangeCount;
*DataLength = sizeof(ULONG);
}
}
else
{
*DataLength = 0;
}
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleFakePartitionInfo(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DISK_GET_DRIVE_LAYOUT
IOCTL_DISK_GET_DRIVE_LAYOUT_EX
IOCTL_DISK_GET_PARTITION_INFO
IOCTL_DISK_GET_PARTITION_INFO_EX
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
VOID* outputBuffer = NULL;
ULONG ioctl = RequestParameters.Parameters.DeviceIoControl.IoControlCode;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
if ((ioctl != IOCTL_DISK_GET_DRIVE_LAYOUT) &&
(ioctl != IOCTL_DISK_GET_DRIVE_LAYOUT_EX) &&
(ioctl != IOCTL_DISK_GET_PARTITION_INFO) &&
(ioctl != IOCTL_DISK_GET_PARTITION_INFO_EX))
{
status = STATUS_INTERNAL_ERROR;
}
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
// handle the request
if (NT_SUCCESS(status))
{
switch (ioctl)
{
case IOCTL_DISK_GET_DRIVE_LAYOUT:
*DataLength = FIELD_OFFSET(DRIVE_LAYOUT_INFORMATION, PartitionEntry[1]);
RtlZeroMemory(outputBuffer, *DataLength);
break;
case IOCTL_DISK_GET_DRIVE_LAYOUT_EX:
*DataLength = FIELD_OFFSET(DRIVE_LAYOUT_INFORMATION_EX, PartitionEntry[1]);
RtlZeroMemory(outputBuffer, *DataLength);
break;
case IOCTL_DISK_GET_PARTITION_INFO:
*DataLength = sizeof(PARTITION_INFORMATION);
RtlZeroMemory(outputBuffer, *DataLength);
break;
case IOCTL_DISK_GET_PARTITION_INFO_EX:
*DataLength = sizeof(PARTITION_INFORMATION_EX);
RtlZeroMemory(outputBuffer, *DataLength);
break;
default:
NT_ASSERT(!"Invalid ioctl should not have reached this point\n");
break;
}
// if we are getting the drive layout, then we need to start by
// adding some of the non-partition stuff that says we have
// exactly one partition available.
if (ioctl == IOCTL_DISK_GET_DRIVE_LAYOUT)
{
PDRIVE_LAYOUT_INFORMATION layout;
layout = (PDRIVE_LAYOUT_INFORMATION)outputBuffer;
layout->PartitionCount = 1;
layout->Signature = 1;
outputBuffer = (PVOID)(layout->PartitionEntry);
ioctl = IOCTL_DISK_GET_PARTITION_INFO;
}
else if (ioctl == IOCTL_DISK_GET_DRIVE_LAYOUT_EX)
{
PDRIVE_LAYOUT_INFORMATION_EX layoutEx;
layoutEx = (PDRIVE_LAYOUT_INFORMATION_EX)outputBuffer;
layoutEx->PartitionStyle = PARTITION_STYLE_MBR;
layoutEx->PartitionCount = 1;
layoutEx->Mbr.Signature = 1;
outputBuffer = (PVOID)(layoutEx->PartitionEntry);
ioctl = IOCTL_DISK_GET_PARTITION_INFO_EX;
}
// NOTE: the local var 'ioctl' is now modified to either EX or
// non-EX version. the local var 'systemBuffer' is now pointing
// to the partition information structure.
if (ioctl == IOCTL_DISK_GET_PARTITION_INFO)
{
PPARTITION_INFORMATION partitionInfo;
partitionInfo = (PPARTITION_INFORMATION)outputBuffer;
partitionInfo->RewritePartition = FALSE;
partitionInfo->RecognizedPartition = TRUE;
partitionInfo->PartitionType = PARTITION_FAT32;
partitionInfo->BootIndicator = FALSE;
partitionInfo->HiddenSectors = 0;
partitionInfo->StartingOffset.QuadPart = 0;
partitionInfo->PartitionLength = DeviceExtension->PartitionLength;
partitionInfo->PartitionNumber = 0;
}
else
{
PPARTITION_INFORMATION_EX partitionInfo;
partitionInfo = (PPARTITION_INFORMATION_EX)outputBuffer;
partitionInfo->PartitionStyle = PARTITION_STYLE_MBR;
partitionInfo->RewritePartition = FALSE;
partitionInfo->Mbr.RecognizedPartition = TRUE;
partitionInfo->Mbr.PartitionType = PARTITION_FAT32;
partitionInfo->Mbr.BootIndicator = FALSE;
partitionInfo->Mbr.HiddenSectors = 0;
partitionInfo->StartingOffset.QuadPart = 0;
partitionInfo->PartitionLength = DeviceExtension->PartitionLength;
partitionInfo->PartitionNumber = 0;
}
}
return status;
}
NTSTATUS
RequestHandleGetDeviceNumber(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_GET_DEVICE_NUMBER
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >=
sizeof(STORAGE_DEVICE_NUMBER))
{
PSTORAGE_DEVICE_NUMBER deviceNumber = NULL;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&deviceNumber,
NULL);
if (NT_SUCCESS(status))
{
deviceNumber->DeviceType = DeviceExtension->DeviceObject->DeviceType;
deviceNumber->DeviceNumber = DeviceExtension->DeviceNumber;
deviceNumber->PartitionNumber = (ULONG)-1; // legacy reason, return (-1) for this IOCTL.
status = STATUS_SUCCESS;
*DataLength = sizeof(STORAGE_DEVICE_NUMBER);
}
}
else
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(STORAGE_DEVICE_NUMBER);
}
return status;
}
NTSTATUS
RequestHandleGetHotPlugInfo(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_GET_HOTPLUG_INFO
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
*DataLength = 0;
if(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >=
sizeof(STORAGE_HOTPLUG_INFO))
{
PSTORAGE_HOTPLUG_INFO info = NULL;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&info,
NULL);
if (NT_SUCCESS(status))
{
*info = DeviceExtension->PrivateFdoData->HotplugInfo;
status = STATUS_SUCCESS;
*DataLength = sizeof(STORAGE_HOTPLUG_INFO);
}
}
else
{
status = STATUS_BUFFER_TOO_SMALL;
*DataLength = sizeof(STORAGE_HOTPLUG_INFO);
}
return status;
}
NTSTATUS
RequestHandleSetHotPlugInfo(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_SET_HOTPLUG_INFO
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PSTORAGE_HOTPLUG_INFO info = NULL;
*DataLength = 0;
if (RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(STORAGE_HOTPLUG_INFO))
{
// Indicate unsuccessful status and no data transferred.
status = STATUS_INFO_LENGTH_MISMATCH;
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&info,
NULL);
}
if (NT_SUCCESS(status))
{
if (info->Size != DeviceExtension->PrivateFdoData->HotplugInfo.Size)
{
status = STATUS_INVALID_PARAMETER_1;
}
if (info->MediaRemovable != DeviceExtension->PrivateFdoData->HotplugInfo.MediaRemovable)
{
status = STATUS_INVALID_PARAMETER_2;
}
if (info->MediaHotplug != DeviceExtension->PrivateFdoData->HotplugInfo.MediaHotplug)
{
status = STATUS_INVALID_PARAMETER_3;
}
if (info->WriteCacheEnableOverride != DeviceExtension->PrivateFdoData->HotplugInfo.WriteCacheEnableOverride)
{
status = STATUS_INVALID_PARAMETER_5;
}
}
if (NT_SUCCESS(status))
{
DeviceExtension->PrivateFdoData->HotplugInfo.DeviceHotplug = info->DeviceHotplug;
// Store the user-defined override in the registry
DeviceSetParameter(DeviceExtension,
CLASSP_REG_SUBKEY_NAME,
CLASSP_REG_REMOVAL_POLICY_VALUE_NAME,
(info->DeviceHotplug) ? RemovalPolicyExpectSurpriseRemoval : RemovalPolicyExpectOrderlyRemoval);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleEventNotification(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_opt_ WDFREQUEST Request,
_In_opt_ PWDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
This routine handles the process of IOCTL_STORAGE_EVENT_NOTIFICATION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - data transferred
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PMEDIA_CHANGE_DETECTION_INFO info = NULL;
LONG requestInUse;
PSTORAGE_EVENT_NOTIFICATION eventBuffer = NULL;
*DataLength = 0;
info = DeviceExtension->MediaChangeDetectionInfo;
// Since AN is ASYNCHRONOUS and can happen at any time,
// make certain not to do anything before properly initialized.
if ((!DeviceExtension->IsInitialized) || (info == NULL))
{
status = STATUS_UNSUCCESSFUL;
}
if (NT_SUCCESS(status) && (Request != NULL) && (RequestParameters != NULL)) {
//
// Validate IOCTL parameters
//
if (RequestParameters->Parameters.DeviceIoControl.InputBufferLength <
sizeof(STORAGE_EVENT_NOTIFICATION)) {
status = STATUS_INFO_LENGTH_MISMATCH;
}
//
// Check for an supported event
//
if (NT_SUCCESS(status)) {
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters->Parameters.DeviceIoControl.InputBufferLength,
&eventBuffer,
NULL);
if (NT_SUCCESS(status)) {
if ((eventBuffer->Version != STORAGE_EVENT_NOTIFICATION_VERSION_V1) ||
(eventBuffer->Size != sizeof(STORAGE_EVENT_NOTIFICATION))) {
status = STATUS_INVALID_PARAMETER;
} else if ((eventBuffer->Events &
(STORAGE_EVENT_MEDIA_STATUS | STORAGE_EVENT_DEVICE_STATUS | STORAGE_EVENT_DEVICE_OPERATION)) == 0) {
status = STATUS_NOT_SUPPORTED;
}
}
}
}
if (NT_SUCCESS(status))
{
if (info->MediaChangeDetectionDisableCount != 0)
{
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_MCN,
"RequestHandleEventNotification: device %p has detection disabled \n",
DeviceExtension->DeviceObject));
status = STATUS_UNSUCCESSFUL;
}
}
if (NT_SUCCESS(status))
{
// if the request is not in use, mark it as such.
requestInUse = InterlockedCompareExchange((PLONG)&info->MediaChangeRequestInUse, 1, 0);
if (requestInUse != 0)
{
status = STATUS_UNSUCCESSFUL;
}
}
if (NT_SUCCESS(status))
{
// The last MCN finished. ok to issue the new one.
RequestSetupMcnSyncIrp(DeviceExtension);
// The irp will go into KMDF framework and a request will be created there to represent it.
IoCallDriver(DeviceExtension->DeviceObject, info->MediaChangeSyncIrp);
}
return status;
}
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
RequestHandleEjectionControl(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_MEDIA_REMOVAL
IOCTL_STORAGE_EJECTION_CONTROL
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PPREVENT_MEDIA_REMOVAL mediaRemoval = NULL;
PAGED_CODE ();
*DataLength = 0;
if(RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
sizeof(PREVENT_MEDIA_REMOVAL))
{
status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&mediaRemoval,
NULL);
}
if (NT_SUCCESS(status))
{
status = PerformEjectionControl(DeviceExtension,
Request,
((RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_STORAGE_EJECTION_CONTROL)
? SecureMediaLock
: SimpleMediaLock),
mediaRemoval->PreventMediaRemoval);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleEnableStreaming(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handles an IOCTL_CDROM_ENABLE_STREAMING request
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Notes:
This IOCTL is serialized because it changes read/write
behavior and we want to make sure that all previous
reads/writes have been completed before we change the
behavior.
Return Value:
NTSTATUS
--*/
{
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PCDROM_PRIVATE_FDO_DATA fdoData = DeviceExtension->PrivateFdoData;
WDFFILEOBJECT fileObject = NULL;
PFILE_OBJECT_CONTEXT fileObjectContext = NULL;
NTSTATUS status = STATUS_SUCCESS;
PCDROM_STREAMING_CONTROL inputBuffer = NULL;
BOOLEAN enforceStreamingRead = FALSE;
BOOLEAN enforceStreamingWrite = FALSE;
BOOLEAN streamingReadSupported, streamingWriteSupported;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_STREAMING_CONTROL),
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
// get file object context
fileObject = WdfRequestGetFileObject(Request);
if (fileObject != NULL) {
fileObjectContext = FileObjectGetContext(fileObject);
}
NT_ASSERT(fileObjectContext != NULL);
if (fileObjectContext == NULL)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleEnableStreaming: cannot find file object context\n"));
status = STATUS_INVALID_HANDLE;
}
}
if (NT_SUCCESS(status))
{
if (inputBuffer->RequestType == CdromStreamingDisable)
{
enforceStreamingRead = FALSE;
enforceStreamingWrite = FALSE;
}
else if (inputBuffer->RequestType == CdromStreamingEnableForReadOnly)
{
enforceStreamingRead = TRUE;
enforceStreamingWrite = FALSE;
}
else if (inputBuffer->RequestType == CdromStreamingEnableForWriteOnly)
{
enforceStreamingRead = FALSE;
enforceStreamingWrite = TRUE;
}
else if (inputBuffer->RequestType == CdromStreamingEnableForReadWrite)
{
enforceStreamingRead = TRUE;
enforceStreamingWrite = TRUE;
}
streamingReadSupported = cdData->Mmc.StreamingReadSupported && !TEST_FLAG(fdoData->HackFlags, FDO_HACK_NO_STREAMING);
streamingWriteSupported = cdData->Mmc.StreamingWriteSupported && !TEST_FLAG(fdoData->HackFlags, FDO_HACK_NO_STREAMING);
if ((enforceStreamingRead && !streamingReadSupported) ||
(enforceStreamingWrite && !streamingWriteSupported))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"RequestHandleEnableStreaming: requested Streaming mode is not supported\n"));
status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
fileObjectContext->EnforceStreamingRead = enforceStreamingRead;
fileObjectContext->EnforceStreamingWrite = enforceStreamingWrite;
}
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleSendOpcInformation(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handles an IOCTL_CDROM_SEND_OPC_INFORMATION request
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_SIMPLE_OPC_INFO inputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
sizeof(CDROM_SIMPLE_OPC_INFO),
(PVOID*)&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// we support only the simplest version for now
cdb.SEND_OPC_INFORMATION.OperationCode = SCSIOP_SEND_OPC_INFORMATION;
cdb.SEND_OPC_INFORMATION.DoOpc = 1;
cdb.SEND_OPC_INFORMATION.Exclude0 = (inputBuffer->Exclude0 ? 1 : 0);
cdb.SEND_OPC_INFORMATION.Exclude1 = (inputBuffer->Exclude1 ? 1 : 0);
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, 0, FALSE, &cdb, sizeof(cdb.SEND_OPC_INFORMATION));
// nothing to do after the command finishes
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleGetPerformance(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handles an IOCTL_CDROM_GET_PERFORMANCE request
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_PERFORMANCE_REQUEST inputBuffer = NULL;
PVOID outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
// Retrieve pointers to input/output data. The size has been validated earlier
// in RequestValidateGetPerformance, so we do not check it again.
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&inputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
USHORT descriptorSize = 0;
USHORT descriptorCount = 0;
size_t transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
// Set up the CDB
RtlZeroMemory(&cdb, sizeof(CDB));
if (inputBuffer->RequestType == CdromPerformanceRequest)
{
cdb.GET_PERFORMANCE.Type = 0;
// 10b is the only defined tolerance in MMCr6
cdb.GET_PERFORMANCE.Tolerance = 2;
switch (inputBuffer->Exceptions) {
case CdromNominalPerformance:
cdb.GET_PERFORMANCE.Except = 0;
descriptorSize = sizeof(CDROM_NOMINAL_PERFORMANCE_DESCRIPTOR);
break;
case CdromEntirePerformanceList:
cdb.GET_PERFORMANCE.Except = 1;
descriptorSize = sizeof(CDROM_NOMINAL_PERFORMANCE_DESCRIPTOR);
break;
case CdromPerformanceExceptionsOnly:
cdb.GET_PERFORMANCE.Except = 2;
descriptorSize = sizeof(CDROM_EXCEPTION_PERFORMANCE_DESCRIPTOR);
break;
}
switch (inputBuffer->PerformanceType) {
case CdromReadPerformance:
cdb.GET_PERFORMANCE.Write = 0; break;
case CdromWritePerformance:
cdb.GET_PERFORMANCE.Write = 1; break;
}
REVERSE_BYTES(&cdb.GET_PERFORMANCE.StartingLBA, &inputBuffer->StaringLba);
}
else if (inputBuffer->RequestType == CdromWriteSpeedRequest)
{
cdb.GET_PERFORMANCE.Type = 3;
descriptorSize = sizeof(CDROM_WRITE_SPEED_DESCRIPTOR);
}
cdb.GET_PERFORMANCE.OperationCode = SCSIOP_GET_PERFORMANCE;
// calculate how many descriptors can fit into the output buffer
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength >=
sizeof(CDROM_PERFORMANCE_HEADER) &&
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength <=
MAXUSHORT &&
descriptorSize > 0)
{
descriptorCount = (USHORT)(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength - sizeof(CDROM_PERFORMANCE_HEADER));
descriptorCount /= descriptorSize;
}
else
{
status = STATUS_INVALID_PARAMETER;
}
REVERSE_BYTES_SHORT(&cdb.GET_PERFORMANCE.MaximumNumberOfDescriptors, &descriptorCount);
// Calculate transfer size. We round it up to meet adapter requirements.
// Extra bytes are discarded later, when we copy data to the output buffer.
transferSize = RequestParameters.Parameters.DeviceIoControl.OutputBufferLength;
transferSize += DeviceExtension->AdapterDescriptor->AlignmentMask;
transferSize &= ~DeviceExtension->AdapterDescriptor->AlignmentMask;
if (NT_SUCCESS(status))
{
status = ScratchBuffer_ExecuteCdbEx(DeviceExtension, Request, (ULONG)transferSize, TRUE, &cdb, sizeof(cdb.GET_PERFORMANCE), CDROM_GET_PERFORMANCE_TIMEOUT);
}
if (NT_SUCCESS(status))
{
if (DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength < sizeof(CDROM_PERFORMANCE_HEADER))
{
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
*DataLength = min(RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength);
RtlCopyMemory(outputBuffer,
DeviceExtension->ScratchContext.ScratchBuffer,
*DataLength);
}
}
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleMcnSyncFakeIoctl(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handles an IOCTL_MCN_SYNC_FAKE_IOCTL request
Arguments:
DeviceExtension - device context
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PMEDIA_CHANGE_DETECTION_INFO info = DeviceExtension->MediaChangeDetectionInfo;
BOOLEAN shouldRetry = TRUE;
BOOLEAN requestSent = FALSE;
PAGED_CODE ();
*DataLength = 0;
//
// Try to acquire the media change event. If we can't do it immediately
// then bail out and assume the caller will try again later.
//
while (shouldRetry)
{
status = RequestSetupMcnRequest(DeviceExtension,
info->Gesn.Supported);
if (!NT_SUCCESS(status))
{
shouldRetry = FALSE;
}
if (NT_SUCCESS(status))
{
requestSent = RequestSendMcnRequest(DeviceExtension);
if (requestSent)
{
shouldRetry = RequestPostWorkMcnRequest(DeviceExtension);
}
else
{
shouldRetry = FALSE;
}
}
}
// If there were any media change notifications that were not delivered
// for some reason, make an attempt to do so at this time.
DeviceSendDelayedMediaChangeNotifications(DeviceExtension);
// Set the status and then complete the original request.
// The timer handler will be able to send the next request.
status = STATUS_SUCCESS;
return status;
}
BOOLEAN
RequestIsRealtimeStreaming(
_In_ WDFREQUEST Request,
_In_ BOOLEAN IsReadRequest
)
/*++
Routine Description:
Checks whether a given read/write request should
be performed in Real-Time Streaming mode.
Arguments:
Request - request to be checked
IsReadRequest - TRUE = read request; FALSE = write request
Return Value:
TRUE - a Real-Time Streaming operation has to be performed
FALSE - a normal (non-Streaming) operation has to be performed
--*/
{
BOOLEAN useStreaming = FALSE;
if (!useStreaming) {
//
// Check if we're required to use Streaming via I/O Stack Location flags
//
UCHAR currentStackLocationFlags = 0;
currentStackLocationFlags = RequestGetCurrentStackLocationFlags(Request);
useStreaming = TEST_FLAG(currentStackLocationFlags, SL_REALTIME_STREAM);
}
if (!useStreaming) {
//
// Check if we were previously requested to enforce Streaming for
// the file handle through which this request was sent.
//
WDFFILEOBJECT fileObject;
PFILE_OBJECT_CONTEXT fileObjectContext;
fileObject = WdfRequestGetFileObject(Request);
if (fileObject != NULL) {
fileObjectContext = FileObjectGetContext(fileObject);
NT_ASSERT(fileObjectContext != NULL);
if (IsReadRequest && fileObjectContext->EnforceStreamingRead)
{
useStreaming = TRUE;
}
if (!IsReadRequest && fileObjectContext->EnforceStreamingWrite)
{
useStreaming = TRUE;
}
}
}
return useStreaming;
}
NTSTATUS
RequestValidateReadWrite(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters
)
/*++
Routine Description:
Validate Read/Write request
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
BOOLEAN isValid = TRUE;
LONGLONG startingOffset = 0;
size_t transferByteCount = 0;
PIRP irp = NULL;
PIO_STACK_LOCATION currentStack = NULL;
irp = WdfRequestWdmGetIrp(Request);
currentStack = IoGetCurrentIrpStackLocation(irp);
if (TEST_FLAG(DeviceExtension->DeviceObject->Flags, DO_VERIFY_VOLUME) &&
(currentStack->MinorFunction != CDROM_VOLUME_VERIFY_CHECKED) &&
!TEST_FLAG(currentStack->Flags, SL_OVERRIDE_VERIFY_VOLUME))
{
// DO_VERIFY_VOLUME is set for the device object,
// but this request is not itself a verify request.
// So fail this request.
//set the status for volume verification.
status = STATUS_VERIFY_REQUIRED;
}
if (NT_SUCCESS(status))
{
if (PLAY_ACTIVE(DeviceExtension))
{
status = STATUS_DEVICE_BUSY;
}
}
if (NT_SUCCESS(status))
{
// If the device is in exclusive mode, check whether the request is from
// the handle that locked the device.
if (EXCLUSIVE_MODE(cdData) && !EXCLUSIVE_OWNER(cdData, WdfRequestGetFileObject(Request)))
{
// This request is not from the owner. We can't let the operation go.
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW, "RequestValidateReadWrite: Access Denied! Device in exclusive mode.\n"));
status = STATUS_ACCESS_DENIED;
}
}
// Validate the request alignment.
if (NT_SUCCESS(status))
{
if (RequestParameters.Type == WdfRequestTypeRead)
{
startingOffset = RequestParameters.Parameters.Read.DeviceOffset;
transferByteCount = RequestParameters.Parameters.Read.Length;
}
else
{
startingOffset = RequestParameters.Parameters.Write.DeviceOffset;
transferByteCount = RequestParameters.Parameters.Write.Length;
}
if (!DeviceExtension->DiskGeometry.BytesPerSector)
{
DeviceExtension->DiskGeometry.BytesPerSector = 2048;
}
if (!DeviceExtension->SectorShift)
{
DeviceExtension->SectorShift = 11;
}
// Perform some basic validation up front
if (TEST_FLAG(startingOffset, DeviceExtension->DiskGeometry.BytesPerSector - 1) ||
TEST_FLAG(transferByteCount, DeviceExtension->DiskGeometry.BytesPerSector - 1))
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
// validate the request against the current mmc schema
if (NT_SUCCESS(status))
{
FEATURE_NUMBER schema = cdData->Mmc.ValidationSchema;
// We validate read requests according to the RandomWritable schema, except in the
// case of IncrementalStreamingWritable, wherein the drive is responsible for all
// of the verification
if (RequestParameters.Type == WdfRequestTypeRead)
{
if (!cdData->Mmc.WriteAllowed)
{
// standard legacy validation of read irps
// if writing is not allowed on the media
schema = FeatureRandomWritable;
}
else if (schema != FeatureIncrementalStreamingWritable)
{
// standard legacy validation of read irps
// if not using streaming writes on writable media
schema = FeatureRandomWritable;
}
}
// Fail write requests to read-only media
if ((RequestParameters.Type == WdfRequestTypeWrite) &&
!(cdData->Mmc.WriteAllowed))
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW, "RequestValidateReadWrite: Write request to read-only media\n"));
isValid = FALSE;
}
if (isValid)
{
switch (schema)
{
case FeatureDefectManagement:
case FeatureRandomWritable:
// Ensure that the request is within bounds for ROM drives.
// Writer drives do not need to have bounds as outbounds request should not damage the drive.
if(!cdData->Mmc.IsWriter)
{
if ((startingOffset >= DeviceExtension->PartitionLength.QuadPart) ||
startingOffset < 0)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW, "RequestValidateReadWrite: Request is out of bounds\n"));
isValid = FALSE;
}
else
{
ULONGLONG bytesRemaining = DeviceExtension->PartitionLength.QuadPart - startingOffset;
if ((ULONGLONG)transferByteCount > bytesRemaining)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW, "RequestValidateReadWrite: Request is out of bounds\n"));
isValid = FALSE;
}
}
}
break;
case FeatureRigidRestrictedOverwrite:
// Ensure that the number of blocks is a multiple of the blocking size
if (((transferByteCount >> DeviceExtension->SectorShift) % cdData->Mmc.Blocking) != 0)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW,
"RequestValidateReadWrite: Number of blocks is not a multiple of the blocking size (%x)\n",
cdData->Mmc.Blocking));
isValid = FALSE;
}
// Fall through
case FeatureRestrictedOverwrite:
// Ensure that the request begins on a blocking boundary
if ((Int64ShrlMod32(startingOffset, DeviceExtension->SectorShift) % cdData->Mmc.Blocking) != 0)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW,
"RequestValidateReadWrite: Starting block is not a multiple of the blocking size (%x)\n",
cdData->Mmc.Blocking));
isValid = FALSE;
}
break;
case FeatureIncrementalStreamingWritable:
// Let the drive handle the verification
break;
default:
// Unknown schema. Fail the request
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW,
"RequestValidateReadWrite: Unknown validation schema (%x)\n",
schema));
isValid = FALSE;
break;
} //end of switch (schema)
} // end of if (isValid)
if (!isValid)
{
status = STATUS_INVALID_DEVICE_REQUEST;
}
} // end of mmc schema validation
// validate that the Real-Time Streaming requests meet device capabilties
if (NT_SUCCESS(status))
{
// We do not check for FDO_HACK_NO_STREAMING in DeviceExtension->PrivateFdoData->HackFlags here,
// because we're going to hide device failures related to streaming reads/writes from the sender
// of the request. FDO_HACK_NO_STREAMING is going to be taken into account later during actual
// processing of the request.
if (RequestIsRealtimeStreaming(Request, RequestParameters.Type == WdfRequestTypeRead))
{
if (RequestParameters.Type == WdfRequestTypeRead && !cdData->Mmc.StreamingReadSupported)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW,
"RequestValidateReadWrite: Streaming reads are not supported.\n"));
status = STATUS_INVALID_DEVICE_REQUEST;
}
if (RequestParameters.Type == WdfRequestTypeWrite && !cdData->Mmc.StreamingWriteSupported)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_RW,
"RequestValidateReadWrite: Streaming writes are not supported.\n"));
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
}
return status;
}
NTSTATUS
RequestHandleReadWrite(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters
)
/*++
Routine Description:
Handle a read/write request
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
size_t transferByteCount = 0;
PIRP irp = NULL;
PIO_STACK_LOCATION currentStack = NULL;
PUCHAR dataBuffer;
irp = WdfRequestWdmGetIrp(Request);
currentStack = IoGetCurrentIrpStackLocation(irp);
dataBuffer = MmGetMdlVirtualAddress(irp->MdlAddress);
if (NT_SUCCESS(status))
{
if (RequestParameters.Type == WdfRequestTypeRead)
{
transferByteCount = RequestParameters.Parameters.Read.Length;
}
else
{
transferByteCount = RequestParameters.Parameters.Write.Length;
}
if (transferByteCount == 0)
{
// Several parts of the code turn 0 into 0xffffffff,
// so don't process a zero-length request any further.
status = STATUS_SUCCESS;
RequestCompletion(DeviceExtension, Request, status, 0);
return status;
}
// Add partition byte offset to make starting byte relative to
// beginning of disk.
currentStack->Parameters.Read.ByteOffset.QuadPart += (DeviceExtension->StartingOffset.QuadPart);
//not very necessary as the starting offset for CD/DVD device is always 0.
if (RequestParameters.Type == WdfRequestTypeRead)
{
RequestParameters.Parameters.Read.DeviceOffset = currentStack->Parameters.Read.ByteOffset.QuadPart;
}
else
{
RequestParameters.Parameters.Write.DeviceOffset = currentStack->Parameters.Write.ByteOffset.QuadPart;
}
}
if (NT_SUCCESS(status))
{
ULONG entireXferLen = currentStack->Parameters.Read.Length;
ULONG maxLength = 0;
ULONG packetsCount = 0;
PCDROM_SCRATCH_READ_WRITE_CONTEXT readWriteContext;
PCDROM_REQUEST_CONTEXT requestContext;
PCDROM_REQUEST_CONTEXT originalRequestContext;
// get the count of packets we need to send.
if ((((ULONG_PTR)dataBuffer) & (PAGE_SIZE-1)) == 0)
{
maxLength = cdData->MaxPageAlignedTransferBytes;
}
else
{
maxLength = cdData->MaxUnalignedTransferBytes;
}
packetsCount = entireXferLen / maxLength;
if (entireXferLen % maxLength != 0)
{
packetsCount++;
}
originalRequestContext = RequestGetContext(Request);
ScratchBuffer_BeginUse(DeviceExtension);
readWriteContext = &DeviceExtension->ScratchContext.ScratchReadWriteContext;
requestContext = RequestGetContext(DeviceExtension->ScratchContext.ScratchRequest);
readWriteContext->PacketsCount = packetsCount;
readWriteContext->EntireXferLen = entireXferLen;
readWriteContext->MaxLength = maxLength;
readWriteContext->StartingOffset = currentStack->Parameters.Read.ByteOffset;
readWriteContext->DataBuffer = dataBuffer;
readWriteContext->TransferedBytes = 0;
readWriteContext->IsRead = (RequestParameters.Type == WdfRequestTypeRead);
requestContext->OriginalRequest = Request;
requestContext->DeviceExtension = DeviceExtension;
//
// Setup the READ/WRITE fields in the original request which is what
// we use to properly synchronize cancellation logic between the
// cancel callback and the timer routine.
//
originalRequestContext->ReadWriteIsCompleted = FALSE;
originalRequestContext->ReadWriteRetryInitialized = FALSE;
originalRequestContext->DeviceExtension = DeviceExtension;
status = ScratchBuffer_PerformNextReadWrite(DeviceExtension, TRUE);
// We do not call ScratchBuffer_EndUse here, because we're not releasing the scratch SRB.
// It will be released in the completion routine.
}
return status;
}
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
RequestHandleLoadEjectMedia(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_EJECT_MEDIA
IOCTL_STORAGE_LOAD_MEDIA
IOCTL_STORAGE_LOAD_MEDIA2
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PZERO_POWER_ODD_INFO zpoddInfo = DeviceExtension->ZeroPowerODDInfo;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
// Synchronize with ejection control and ejection cleanup code as
// well as other eject/load requests.
WdfWaitLockAcquire(DeviceExtension->EjectSynchronizationLock, NULL);
if(DeviceExtension->ProtectedLockCount != 0)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL, "RequestHandleLoadEjectMedia: call to eject protected locked "
"device - failure\n"));
status = STATUS_DEVICE_BUSY;
}
if (NT_SUCCESS(status))
{
SCSI_REQUEST_BLOCK srb;
PCDB cdb = (PCDB)srb.Cdb;
RtlZeroMemory(&srb, sizeof(SCSI_REQUEST_BLOCK));
srb.CdbLength = 6;
cdb->START_STOP.OperationCode = SCSIOP_START_STOP_UNIT;
cdb->START_STOP.LoadEject = 1;
if(RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_STORAGE_EJECT_MEDIA)
{
cdb->START_STOP.Start = 0;
// We are sending down a soft eject, and in this case we should take an active ref
// if the command succeeds.
if ((zpoddInfo != NULL) &&
(zpoddInfo->LoadingMechanism == LOADING_MECHANISM_TRAY) &&
(zpoddInfo->Load == 0)) // Drawer
{
zpoddInfo->MonitorStartStopUnit = TRUE;
}
}
else
{
cdb->START_STOP.Start = 1;
}
status = DeviceSendSrbSynchronously(DeviceExtension->Device,
&srb,
NULL,
0,
FALSE,
Request);
if (zpoddInfo != NULL)
{
zpoddInfo->MonitorStartStopUnit = FALSE;
}
}
WdfWaitLockRelease(DeviceExtension->EjectSynchronizationLock);
}
return status;
}
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
RequestHandleReserveRelease(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_RESERVE
IOCTL_STORAGE_RELEASE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PSCSI_REQUEST_BLOCK srb = NULL;
PCDB cdb = NULL;
ULONG ioctlCode = 0;
PAGED_CODE ();
*DataLength = 0;
srb = ExAllocatePoolWithTag(NonPagedPoolNx,
sizeof(SCSI_REQUEST_BLOCK) +
(sizeof(ULONG_PTR) * 2),
CDROM_TAG_SRB);
if (srb == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
if (NT_SUCCESS(status))
{
ioctlCode = RequestParameters.Parameters.DeviceIoControl.IoControlCode;
cdb = (PCDB)srb->Cdb;
RtlZeroMemory(srb, sizeof(SCSI_REQUEST_BLOCK));
if (TEST_FLAG(DeviceExtension->PrivateFdoData->HackFlags, FDO_HACK_NO_RESERVE6))
{
srb->CdbLength = 10;
cdb->CDB10.OperationCode = (ioctlCode == IOCTL_STORAGE_RESERVE) ? SCSIOP_RESERVE_UNIT10 : SCSIOP_RELEASE_UNIT10;
}
else
{
srb->CdbLength = 6;
cdb->CDB6GENERIC.OperationCode = (ioctlCode == IOCTL_STORAGE_RESERVE) ? SCSIOP_RESERVE_UNIT : SCSIOP_RELEASE_UNIT;
}
// Set timeout value.
srb->TimeOutValue = DeviceExtension->TimeOutValue;
// Send reserves as tagged requests.
if (ioctlCode == IOCTL_STORAGE_RESERVE)
{
SET_FLAG(srb->SrbFlags, SRB_FLAGS_QUEUE_ACTION_ENABLE);
srb->QueueAction = SRB_SIMPLE_TAG_REQUEST;
}
status = DeviceSendSrbSynchronously(DeviceExtension->Device,
srb,
NULL,
0,
FALSE,
Request);
// no data transfer.
*DataLength = 0;
FREE_POOL(srb);
}
return status;
} // end RequestHandleReserveRelease()
static // __REACTOS__
BOOLEAN
ValidPersistentReserveScope(
UCHAR Scope)
{
switch (Scope) {
case RESERVATION_SCOPE_LU:
case RESERVATION_SCOPE_ELEMENT:
return TRUE;
default:
return FALSE;
}
}
static // __REACTOS__
BOOLEAN
ValidPersistentReserveType(
UCHAR Type)
{
switch (Type) {
case RESERVATION_TYPE_WRITE_EXCLUSIVE:
case RESERVATION_TYPE_EXCLUSIVE:
case RESERVATION_TYPE_WRITE_EXCLUSIVE_REGISTRANTS:
case RESERVATION_TYPE_EXCLUSIVE_REGISTRANTS:
return TRUE;
default:
return FALSE;
}
}
NTSTATUS
RequestValidatePersistentReserve(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Validate request of IOCTL_STORAGE_PERSISTENT_RESERVE_IN
IOCTL_STORAGE_PERSISTENT_RESERVE_OUT
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
ULONG ioctlCode = RequestParameters.Parameters.DeviceIoControl.IoControlCode;
PPERSISTENT_RESERVE_COMMAND reserveCommand = NULL;
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&reserveCommand,
NULL);
if (NT_SUCCESS(status))
{
if ((RequestParameters.Parameters.DeviceIoControl.InputBufferLength < sizeof(PERSISTENT_RESERVE_COMMAND)) ||
(reserveCommand->Size < sizeof(PERSISTENT_RESERVE_COMMAND)))
{
*DataLength = 0;
status = STATUS_INFO_LENGTH_MISMATCH;
}
else if ((ULONG_PTR)reserveCommand & DeviceExtension->AdapterDescriptor->AlignmentMask)
{
// Check buffer alignment. Only an issue if another kernel mode component
// (not the I/O manager) allocates the buffer.
*DataLength = 0;
status = STATUS_INVALID_USER_BUFFER;
}
}
if (NT_SUCCESS(status))
{
if (ioctlCode == IOCTL_STORAGE_PERSISTENT_RESERVE_IN)
{
if (RequestParameters.Parameters.DeviceIoControl.OutputBufferLength < reserveCommand->PR_IN.AllocationLength)
{
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
else
{
switch (reserveCommand->PR_IN.ServiceAction)
{
case RESERVATION_ACTION_READ_KEYS:
if (reserveCommand->PR_IN.AllocationLength < sizeof(PRI_REGISTRATION_LIST))
{
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
break;
case RESERVATION_ACTION_READ_RESERVATIONS:
if (reserveCommand->PR_IN.AllocationLength < sizeof(PRI_RESERVATION_LIST))
{
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
break;
default:
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
break;
}
}
}
else // case of IOCTL_STORAGE_PERSISTENT_RESERVE_OUT
{
// Verify ServiceAction, Scope, and Type
switch (reserveCommand->PR_OUT.ServiceAction)
{
case RESERVATION_ACTION_REGISTER:
case RESERVATION_ACTION_REGISTER_IGNORE_EXISTING:
case RESERVATION_ACTION_CLEAR:
// Scope and type ignored.
break;
case RESERVATION_ACTION_RESERVE:
case RESERVATION_ACTION_RELEASE:
case RESERVATION_ACTION_PREEMPT:
case RESERVATION_ACTION_PREEMPT_ABORT:
if (!ValidPersistentReserveScope(reserveCommand->PR_OUT.Scope) ||
!ValidPersistentReserveType(reserveCommand->PR_OUT.Type))
{
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
break;
default:
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
break;
}
// Check input buffer for PR Out.
// Caller must include the PR parameter list.
if (NT_SUCCESS(status))
{
if ((RequestParameters.Parameters.DeviceIoControl.InputBufferLength <
(sizeof(PERSISTENT_RESERVE_COMMAND) + sizeof(PRO_PARAMETER_LIST))) ||
(reserveCommand->Size < RequestParameters.Parameters.DeviceIoControl.InputBufferLength))
{
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
}
} // end of validation for IOCTL_STORAGE_PERSISTENT_RESERVE_OUT
}
return status;
} // end RequestValidatePersistentReserve()
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
RequestHandlePersistentReserve(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_PERSISTENT_RESERVE_IN
IOCTL_STORAGE_PERSISTENT_RESERVE_OUT
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
ULONG ioctlCode = RequestParameters.Parameters.DeviceIoControl.IoControlCode;
PSCSI_REQUEST_BLOCK srb = NULL;
PCDB cdb = NULL;
BOOLEAN writeToDevice;
PPERSISTENT_RESERVE_COMMAND reserveCommand = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&reserveCommand,
NULL);
if (NT_SUCCESS(status))
{
srb = ExAllocatePoolWithTag(NonPagedPoolNx,
sizeof(SCSI_REQUEST_BLOCK) +
(sizeof(ULONG_PTR) * 2),
CDROM_TAG_SRB);
if (srb == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
}
else
{
cdb = (PCDB)srb->Cdb;
RtlZeroMemory(srb, sizeof(SCSI_REQUEST_BLOCK));
}
}
if (NT_SUCCESS(status))
{
size_t dataBufLen = 0;
// Fill in the CDB.
if (ioctlCode == IOCTL_STORAGE_PERSISTENT_RESERVE_IN)
{
cdb->PERSISTENT_RESERVE_IN.OperationCode = SCSIOP_PERSISTENT_RESERVE_IN;
cdb->PERSISTENT_RESERVE_IN.ServiceAction = reserveCommand->PR_IN.ServiceAction;
REVERSE_BYTES_SHORT(&(cdb->PERSISTENT_RESERVE_IN.AllocationLength),
&(reserveCommand->PR_IN.AllocationLength));
dataBufLen = RequestParameters.Parameters.DeviceIoControl.OutputBufferLength;
writeToDevice = FALSE;
}
else
{
cdb->PERSISTENT_RESERVE_OUT.OperationCode = SCSIOP_PERSISTENT_RESERVE_OUT;
cdb->PERSISTENT_RESERVE_OUT.ServiceAction = reserveCommand->PR_OUT.ServiceAction;
cdb->PERSISTENT_RESERVE_OUT.Scope = reserveCommand->PR_OUT.Scope;
cdb->PERSISTENT_RESERVE_OUT.Type = reserveCommand->PR_OUT.Type;
cdb->PERSISTENT_RESERVE_OUT.ParameterListLength[1] = (UCHAR)sizeof(PRO_PARAMETER_LIST);
// Move the parameter list to the beginning of the data buffer (so it is aligned
// correctly and that the MDL describes it correctly).
RtlMoveMemory(reserveCommand,
reserveCommand->PR_OUT.ParameterList,
sizeof(PRO_PARAMETER_LIST));
dataBufLen = sizeof(PRO_PARAMETER_LIST);
writeToDevice = TRUE;
}
srb->CdbLength = 10;
srb->QueueAction = SRB_SIMPLE_TAG_REQUEST;
status = DeviceSendSrbSynchronously(DeviceExtension->Device,
srb,
reserveCommand,
(ULONG) dataBufLen,
writeToDevice,
Request);
FREE_POOL(srb);
}
return status;
}
#if (NTDDI_VERSION >= NTDDI_WIN8)
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleAreVolumesReady(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DISK_ARE_VOLUMES_READY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
BOOLEAN completeRequest = TRUE;
NTSTATUS status = STATUS_SUCCESS;
UNREFERENCED_PARAMETER(RequestParameters);
*DataLength = 0;
if (DeviceExtension->IsVolumeOnlinePending == FALSE)
{
status = STATUS_SUCCESS;
goto Cleanup;
}
//
// Add to the volume ready queue. No worries about request cancellation,
// since KMDF will automatically handle that while request is in queue.
//
status = WdfRequestForwardToIoQueue(Request,
DeviceExtension->ManualVolumeReadyQueue
);
if(!NT_SUCCESS(status))
{
goto Cleanup;
}
status = STATUS_PENDING;
completeRequest = FALSE;
Cleanup:
if (completeRequest)
{
RequestCompletion(DeviceExtension, Request, status, 0);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
RequestHandleVolumeOnline(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_VOLUME_ONLINE / IOCTL_VOLUME_POST_ONLINE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
WDFREQUEST request;
PIRP irp = NULL;
PIO_STACK_LOCATION nextStack = NULL;
UNREFERENCED_PARAMETER(RequestParameters);
*DataLength = 0;
DeviceExtension->IsVolumeOnlinePending = FALSE;
// Complete all parked volume ready requests.
for (;;)
{
status = WdfIoQueueRetrieveNextRequest(DeviceExtension->ManualVolumeReadyQueue,
&request);
if (!NT_SUCCESS(status))
{
break;
}
RequestCompletion(DeviceExtension, request, STATUS_SUCCESS, 0);
}
// Change the IOCTL code to IOCTL_DISK_VOLUMES_ARE_READY, and forward the request down,
// so that if the underlying port driver will also know that volume is ready.
WdfRequestFormatRequestUsingCurrentType(Request);
irp = WdfRequestWdmGetIrp(Request);
nextStack = IoGetNextIrpStackLocation(irp);
irp->AssociatedIrp.SystemBuffer = &DeviceExtension->DeviceNumber;
nextStack->Parameters.DeviceIoControl.OutputBufferLength = 0;
nextStack->Parameters.DeviceIoControl.InputBufferLength = sizeof (DeviceExtension->DeviceNumber);
nextStack->Parameters.DeviceIoControl.IoControlCode = IOCTL_DISK_VOLUMES_ARE_READY;
// Send the request straight down (synchronously).
RequestSend(DeviceExtension,
Request,
DeviceExtension->IoTarget,
WDF_REQUEST_SEND_OPTION_SYNCHRONOUS,
NULL);
return STATUS_SUCCESS;
}
#endif
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSTATUS
DeviceHandleRawRead(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_RAW_READ
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
// Determine whether the drive is currently in raw or cooked mode,
// and which command to use to read the data.
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
RAW_READ_INFO rawReadInfo = {0};
PVOID outputVirtAddr = NULL;
ULONG startingSector;
PIRP irp = WdfRequestWdmGetIrp(Request);
PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(irp);
VOID* outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
if (TEST_FLAG(DeviceExtension->DeviceObject->Flags, DO_VERIFY_VOLUME) &&
(currentIrpStack->MinorFunction != CDROM_VOLUME_VERIFY_CHECKED) &&
!TEST_FLAG(currentIrpStack->Flags, SL_OVERRIDE_VERIFY_VOLUME))
{
// DO_VERIFY_VOLUME is set for the device object,
// but this request is not itself a verify request.
// So fail this request.
(VOID) MediaReadCapacity(DeviceExtension->Device);
*DataLength = 0;
//set the status for volume verification.
status = STATUS_VERIFY_REQUIRED;
}
if (NT_SUCCESS(status))
{
// Since this ioctl is METHOD_OUT_DIRECT, we need to copy away
// the input buffer before interpreting it. This prevents a
// malicious app from messing with the input buffer while we
// are interpreting it. This is done in dispacth.
//
// Here, we are going to get the input buffer out of saved place.
rawReadInfo = *(PRAW_READ_INFO)currentIrpStack->Parameters.DeviceIoControl.Type3InputBuffer;
if (currentIrpStack->Parameters.DeviceIoControl.OutputBufferLength > 0)
{
// Make sure that any user buffer that we pass down to
// the hardware is properly aligned
NT_ASSERT(irp->MdlAddress);
outputVirtAddr = MmGetMdlVirtualAddress(irp->MdlAddress);
if ((ULONG_PTR)outputVirtAddr & DeviceExtension->AdapterDescriptor->AlignmentMask)
{
NT_ASSERT(!((ULONG_PTR)outputVirtAddr & DeviceExtension->AdapterDescriptor->AlignmentMask));
*DataLength = 0;
status = STATUS_INVALID_PARAMETER;
}
}
else
{
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
switch (rawReadInfo.TrackMode)
{
case CDDA:
case YellowMode2:
case XAForm2:
// no check needed.
break;
case RawWithC2AndSubCode:
if (!cdData->Mmc.ReadCdC2Pointers || !cdData->Mmc.ReadCdSubCode)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"Request to read C2 & Subcode rejected. "
"Is C2 supported: %d Is Subcode supported: %d\n",
cdData->Mmc.ReadCdC2Pointers,
cdData->Mmc.ReadCdSubCode
));
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
break;
case RawWithC2:
if (!cdData->Mmc.ReadCdC2Pointers)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"Request to read C2 rejected because drive does not "
"report support for C2 pointers\n"
));
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
break;
case RawWithSubCode:
if (!cdData->Mmc.ReadCdSubCode)
{
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"Request to read subcode rejected because drive does "
"not report support for reading the subcode data\n"
));
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
break;
default:
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
break;
}
}
if (NT_SUCCESS(status))
{
PSCSI_REQUEST_BLOCK srb = DeviceExtension->ScratchContext.ScratchSrb;
PCDB cdb = (PCDB)(srb->Cdb);
size_t transferByteCount;
BOOLEAN shouldRetry = TRUE;
ULONG timesAlreadyRetried = 0;
LONGLONG retryIn100nsUnits = 0;
transferByteCount = RequestParameters.Parameters.DeviceIoControl.OutputBufferLength;
ScratchBuffer_BeginUse(DeviceExtension);
while (shouldRetry)
{
// Setup cdb depending upon the sector type we want.
switch (rawReadInfo.TrackMode)
{
case CDDA:
transferByteCount = rawReadInfo.SectorCount * RAW_SECTOR_SIZE;
cdb->READ_CD.ExpectedSectorType = CD_DA_SECTOR;
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 3;
cdb->READ_CD.IncludeSyncData = 1;
break;
case YellowMode2:
transferByteCount = rawReadInfo.SectorCount * RAW_SECTOR_SIZE;
cdb->READ_CD.ExpectedSectorType = YELLOW_MODE2_SECTOR;
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 1;
cdb->READ_CD.IncludeSyncData = 1;
break;
case XAForm2:
transferByteCount = rawReadInfo.SectorCount * RAW_SECTOR_SIZE;
cdb->READ_CD.ExpectedSectorType = FORM2_MODE2_SECTOR;
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 3;
cdb->READ_CD.IncludeSyncData = 1;
break;
case RawWithC2AndSubCode:
transferByteCount = rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_C2_AND_SUBCODE_SIZE;
cdb->READ_CD.ExpectedSectorType = 0; // Any sector type
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 3; // Header and subheader returned
cdb->READ_CD.IncludeSyncData = 1;
cdb->READ_CD.ErrorFlags = 2; // C2 and block error
cdb->READ_CD.SubChannelSelection = 1; // raw subchannel data
break;
case RawWithC2:
transferByteCount = rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_C2_SIZE;
cdb->READ_CD.ExpectedSectorType = 0; // Any sector type
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 3; // Header and subheader returned
cdb->READ_CD.IncludeSyncData = 1;
cdb->READ_CD.ErrorFlags = 2; // C2 and block error
break;
case RawWithSubCode:
transferByteCount = rawReadInfo.SectorCount * CD_RAW_SECTOR_WITH_SUBCODE_SIZE;
cdb->READ_CD.ExpectedSectorType = 0; // Any sector type
cdb->READ_CD.IncludeUserData = 1;
cdb->READ_CD.HeaderCode = 3; // Header and subheader returned
cdb->READ_CD.IncludeSyncData = 1;
cdb->READ_CD.SubChannelSelection = 1; // raw subchannel data
break;
default:
// should already checked before coming in loop.
NT_ASSERT(FALSE);
break;
}
ScratchBuffer_SetupSrb(DeviceExtension, Request, (ULONG)transferByteCount, TRUE);
// Restore the buffer, buffer size and MdlAddress. They got changed but we don't want to use the scratch buffer.
{
PIRP scratchIrp = WdfRequestWdmGetIrp(DeviceExtension->ScratchContext.ScratchRequest);
scratchIrp->MdlAddress = irp->MdlAddress;
srb->DataBuffer = outputVirtAddr;
srb->DataTransferLength = (ULONG)transferByteCount;
}
// Calculate starting offset.
startingSector = (ULONG)(rawReadInfo.DiskOffset.QuadPart >> DeviceExtension->SectorShift);
// Fill in CDB fields.
srb->CdbLength = 12;
cdb->READ_CD.OperationCode = SCSIOP_READ_CD;
cdb->READ_CD.TransferBlocks[2] = (UCHAR) (rawReadInfo.SectorCount & 0xFF);
cdb->READ_CD.TransferBlocks[1] = (UCHAR) (rawReadInfo.SectorCount >> 8 );
cdb->READ_CD.TransferBlocks[0] = (UCHAR) (rawReadInfo.SectorCount >> 16);
cdb->READ_CD.StartingLBA[3] = (UCHAR) (startingSector & 0xFF);
cdb->READ_CD.StartingLBA[2] = (UCHAR) ((startingSector >> 8));
cdb->READ_CD.StartingLBA[1] = (UCHAR) ((startingSector >> 16));
cdb->READ_CD.StartingLBA[0] = (UCHAR) ((startingSector >> 24));
ScratchBuffer_SendSrb(DeviceExtension, TRUE, NULL);
if ((DeviceExtension->ScratchContext.ScratchSrb->SrbStatus == SRB_STATUS_ABORTED) &&
(DeviceExtension->ScratchContext.ScratchSrb->InternalStatus == STATUS_CANCELLED))
{
shouldRetry = FALSE;
status = STATUS_CANCELLED;
}
else
{
shouldRetry = RequestSenseInfoInterpretForScratchBuffer(DeviceExtension,
timesAlreadyRetried,
&status,
&retryIn100nsUnits);
if (shouldRetry)
{
LARGE_INTEGER t;
t.QuadPart = -retryIn100nsUnits;
timesAlreadyRetried++;
KeDelayExecutionThread(KernelMode, FALSE, &t);
// keep items clean
ScratchBuffer_ResetItems(DeviceExtension, FALSE);
}
}
}
if (NT_SUCCESS(status))
{
*DataLength = srb->DataTransferLength;
}
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandlePlayAudioMsf(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_PLAY_AUDIO_MSF
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_PLAY_AUDIO_MSF inputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.PLAY_AUDIO_MSF.OperationCode = SCSIOP_PLAY_AUDIO_MSF;
cdb.PLAY_AUDIO_MSF.StartingM = inputBuffer->StartingM;
cdb.PLAY_AUDIO_MSF.StartingS = inputBuffer->StartingS;
cdb.PLAY_AUDIO_MSF.StartingF = inputBuffer->StartingF;
cdb.PLAY_AUDIO_MSF.EndingM = inputBuffer->EndingM;
cdb.PLAY_AUDIO_MSF.EndingS = inputBuffer->EndingS;
cdb.PLAY_AUDIO_MSF.EndingF = inputBuffer->EndingF;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 10);
if (NT_SUCCESS(status))
{
PLAY_ACTIVE(DeviceExtension) = TRUE;
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleReadQChannel(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_READ_Q_CHANNEL
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PVOID inputBuffer = NULL;
PVOID outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
status = ReadQChannel(DeviceExtension,
Request,
inputBuffer,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
outputBuffer,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DataLength);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
ReadQChannel(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_opt_ WDFREQUEST OriginalRequest,
_In_ PVOID InputBuffer,
_In_ size_t InputBufferLength,
_In_ PVOID OutputBuffer,
_In_ size_t OutputBufferLength,
_Out_ size_t * DataLength
)
/*++
Routine Description:
base function to handle request of IOCTL_CDROM_READ_Q_CHANNEL
Arguments:
DeviceExtension - device context
OriginalRequest - original request to be handled
InputBuffer - input buffer
InputBufferLength - length of input buffer
OutputBuffer - output buffer
OutputBufferLength - length of output buffer
Return Value:
NTSTATUS
DataLength - returned data length
--*/
{
NTSTATUS status = STATUS_SUCCESS;
ULONG transferByteCount = 0;
CDB cdb;
PCDROM_SUB_Q_DATA_FORMAT inputBuffer = (PCDROM_SUB_Q_DATA_FORMAT)InputBuffer;
PSUB_Q_CHANNEL_DATA userChannelData = (PSUB_Q_CHANNEL_DATA)OutputBuffer;
PAGED_CODE ();
UNREFERENCED_PARAMETER(InputBufferLength);
*DataLength = 0;
// Set size of channel data -- however, this is dependent on
// what information we are requesting (which Format)
switch( inputBuffer->Format )
{
case IOCTL_CDROM_CURRENT_POSITION:
transferByteCount = sizeof(SUB_Q_CURRENT_POSITION);
break;
case IOCTL_CDROM_MEDIA_CATALOG:
transferByteCount = sizeof(SUB_Q_MEDIA_CATALOG_NUMBER);
break;
case IOCTL_CDROM_TRACK_ISRC:
transferByteCount = sizeof(SUB_Q_TRACK_ISRC);
break;
}
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
// Always logical unit 0, but only use MSF addressing
// for IOCTL_CDROM_CURRENT_POSITION
if (inputBuffer->Format==IOCTL_CDROM_CURRENT_POSITION)
{
cdb.SUBCHANNEL.Msf = CDB_USE_MSF;
}
// Return subchannel data
cdb.SUBCHANNEL.SubQ = CDB_SUBCHANNEL_BLOCK;
// Specify format of informatin to return
cdb.SUBCHANNEL.Format = inputBuffer->Format;
// Specify which track to access (only used by Track ISRC reads)
if (inputBuffer->Format==IOCTL_CDROM_TRACK_ISRC)
{
cdb.SUBCHANNEL.TrackNumber = inputBuffer->Track;
}
cdb.SUBCHANNEL.AllocationLength[0] = (UCHAR) (transferByteCount >> 8);
cdb.SUBCHANNEL.AllocationLength[1] = (UCHAR) (transferByteCount & 0xFF);
cdb.SUBCHANNEL.OperationCode = SCSIOP_READ_SUB_CHANNEL;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, OriginalRequest, transferByteCount, TRUE, &cdb, 10);
if (NT_SUCCESS(status))
{
PSUB_Q_CHANNEL_DATA subQPtr = DeviceExtension->ScratchContext.ScratchSrb->DataBuffer;
#if DBG
switch( inputBuffer->Format )
{
case IOCTL_CDROM_CURRENT_POSITION:
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Audio Status is %u\n", subQPtr->CurrentPosition.Header.AudioStatus ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: ADR = 0x%x\n", subQPtr->CurrentPosition.ADR ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Control = 0x%x\n", subQPtr->CurrentPosition.Control ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Track = %u\n", subQPtr->CurrentPosition.TrackNumber ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Index = %u\n", subQPtr->CurrentPosition.IndexNumber ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Absolute Address = %x\n", *((PULONG)subQPtr->CurrentPosition.AbsoluteAddress) ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Relative Address = %x\n", *((PULONG)subQPtr->CurrentPosition.TrackRelativeAddress) ));
break;
case IOCTL_CDROM_MEDIA_CATALOG:
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Audio Status is %u\n", subQPtr->MediaCatalog.Header.AudioStatus ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Mcval is %u\n", subQPtr->MediaCatalog.Mcval ));
break;
case IOCTL_CDROM_TRACK_ISRC:
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Audio Status is %u\n", subQPtr->TrackIsrc.Header.AudioStatus ));
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,"ReadQChannel: Tcval is %u\n", subQPtr->TrackIsrc.Tcval ));
break;
}
#endif
// Update the play active status.
if (subQPtr->CurrentPosition.Header.AudioStatus == AUDIO_STATUS_IN_PROGRESS)
{
PLAY_ACTIVE(DeviceExtension) = TRUE;
}
else
{
PLAY_ACTIVE(DeviceExtension) = FALSE;
}
// Check if output buffer is large enough to contain
// the data.
if (OutputBufferLength < DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength)
{
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength = (ULONG)OutputBufferLength;
}
// Copy our buffer into users.
RtlMoveMemory(userChannelData,
subQPtr,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength);
*DataLength = DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandlePauseAudio(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_PAUSE_AUDIO
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.PAUSE_RESUME.OperationCode = SCSIOP_PAUSE_RESUME;
cdb.PAUSE_RESUME.Action = CDB_AUDIO_PAUSE;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 10);
if (NT_SUCCESS(status))
{
PLAY_ACTIVE(DeviceExtension) = FALSE;
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleResumeAudio(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_RESUME_AUDIO
Arguments:
DeviceExtension - device context
Request - request to be handled
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.PAUSE_RESUME.OperationCode = SCSIOP_PAUSE_RESUME;
cdb.PAUSE_RESUME.Action = CDB_AUDIO_RESUME;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 10);
if (NT_SUCCESS(status))
{
PLAY_ACTIVE(DeviceExtension) = TRUE; //not in original code. But we should set it.
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleSeekAudioMsf(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_SEEK_AUDIO_MSF
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_SEEK_AUDIO_MSF inputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ULONG logicalBlockAddress;
logicalBlockAddress = MSF_TO_LBA(inputBuffer->M, inputBuffer->S, inputBuffer->F);
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.SEEK.OperationCode = SCSIOP_SEEK;
cdb.SEEK.LogicalBlockAddress[0] = ((PFOUR_BYTE)&logicalBlockAddress)->Byte3;
cdb.SEEK.LogicalBlockAddress[1] = ((PFOUR_BYTE)&logicalBlockAddress)->Byte2;
cdb.SEEK.LogicalBlockAddress[2] = ((PFOUR_BYTE)&logicalBlockAddress)->Byte1;
cdb.SEEK.LogicalBlockAddress[3] = ((PFOUR_BYTE)&logicalBlockAddress)->Byte0;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 10);
if (NT_SUCCESS(status))
{
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleStopAudio(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_Out_ size_t * DataLength
)
{
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.START_STOP.OperationCode = SCSIOP_START_STOP_UNIT;
cdb.START_STOP.Immediate = 1;
cdb.START_STOP.Start = 0;
cdb.START_STOP.LoadEject = 0;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 6);
if (NT_SUCCESS(status))
{
PLAY_ACTIVE(DeviceExtension) = FALSE;
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleGetSetVolume(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_GET_VOLUME
IOCTL_CDROM_SET_VOLUME
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE ();
*DataLength = 0;
if (NT_SUCCESS(status))
{
ULONG transferSize = MODE_DATA_SIZE;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.MODE_SENSE10.OperationCode = SCSIOP_MODE_SENSE10;
cdb.MODE_SENSE10.PageCode = CDROM_AUDIO_CONTROL_PAGE;
cdb.MODE_SENSE10.AllocationLength[0] = (UCHAR)(MODE_DATA_SIZE >> 8);
cdb.MODE_SENSE10.AllocationLength[1] = (UCHAR)(MODE_DATA_SIZE & 0xFF);
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, TRUE, &cdb, 10);
if (NT_SUCCESS(status))
{
if (RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_CDROM_GET_VOLUME)
{
PAUDIO_OUTPUT audioOutput;
PVOLUME_CONTROL volumeControl;
ULONG bytesTransferred;
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
(PVOID*)&volumeControl,
NULL);
if (NT_SUCCESS(status))
{
audioOutput = ModeSenseFindSpecificPage((PCHAR)DeviceExtension->ScratchContext.ScratchSrb->DataBuffer,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength,
CDROM_AUDIO_CONTROL_PAGE,
FALSE);
// Verify the page is as big as expected.
bytesTransferred = (ULONG)((PCHAR)audioOutput - (PCHAR)DeviceExtension->ScratchContext.ScratchSrb->DataBuffer) +
sizeof(AUDIO_OUTPUT);
if ((audioOutput != NULL) &&
(DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength >= bytesTransferred))
{
ULONG i;
for (i=0; i<4; i++)
{
volumeControl->PortVolume[i] = audioOutput->PortOutput[i].Volume;
}
// Set bytes transferred in IRP.
*DataLength = sizeof(VOLUME_CONTROL);
}
else
{
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
}
else //IOCTL_CDROM_SET_VOLUME
{
PAUDIO_OUTPUT audioInput = NULL;
PAUDIO_OUTPUT audioOutput = NULL;
PVOLUME_CONTROL volumeControl = NULL;
ULONG i,bytesTransferred,headerLength;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&volumeControl,
NULL);
if (NT_SUCCESS(status))
{
audioInput = ModeSenseFindSpecificPage((PCHAR)DeviceExtension->ScratchContext.ScratchSrb->DataBuffer,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength,
CDROM_AUDIO_CONTROL_PAGE,
FALSE);
// Check to make sure the mode sense data is valid before we go on
if(audioInput == NULL)
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"Mode Sense Page %d not found\n",
CDROM_AUDIO_CONTROL_PAGE));
*DataLength = 0;
status = STATUS_INVALID_DEVICE_REQUEST;
}
}
if (NT_SUCCESS(status))
{
// keep items clean; clear the command history
ScratchBuffer_ResetItems(DeviceExtension, TRUE);
headerLength = sizeof(MODE_PARAMETER_HEADER10);
bytesTransferred = sizeof(AUDIO_OUTPUT) + headerLength;
// use the scratch buffer as input buffer.
// the content of this buffer will not be changed in the following loop.
audioOutput = (PAUDIO_OUTPUT)((PCHAR)DeviceExtension->ScratchContext.ScratchBuffer + headerLength);
for (i=0; i<4; i++)
{
audioOutput->PortOutput[i].Volume = volumeControl->PortVolume[i];
audioOutput->PortOutput[i].ChannelSelection = audioInput->PortOutput[i].ChannelSelection;
}
audioOutput->CodePage = CDROM_AUDIO_CONTROL_PAGE;
audioOutput->ParameterLength = sizeof(AUDIO_OUTPUT) - 2;
audioOutput->Immediate = MODE_SELECT_IMMEDIATE;
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.MODE_SELECT10.OperationCode = SCSIOP_MODE_SELECT10;
cdb.MODE_SELECT10.ParameterListLength[0] = (UCHAR) (bytesTransferred >> 8);
cdb.MODE_SELECT10.ParameterListLength[1] = (UCHAR) (bytesTransferred & 0xFF);
cdb.MODE_SELECT10.PFBit = 1;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, bytesTransferred, FALSE, &cdb, 10);
}
*DataLength = 0;
}
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleReadDvdStructure(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DVD_READ_STRUCTURE
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PVOID inputBuffer = NULL;
PVOID outputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status))
{
status = ReadDvdStructure(DeviceExtension,
Request,
inputBuffer,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
outputBuffer,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DataLength);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
ReadDvdStructure(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_opt_ WDFREQUEST OriginalRequest,
_In_ PVOID InputBuffer,
_In_ size_t InputBufferLength,
_In_ PVOID OutputBuffer,
_In_ size_t OutputBufferLength,
_Out_ size_t * DataLength
)
/*++
Routine Description:
base function to handle request of IOCTL_DVD_START_SESSION
IOCTL_DVD_READ_KEY
Arguments:
DeviceExtension - device context
OriginalRequest - original request to be handled
InputBuffer - input buffer
InputBufferLength - length of input buffer
OutputBuffer - output buffer
OutputBufferLength - length of output buffer
Return Value:
NTSTATUS
DataLength - returned data length
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_READ_STRUCTURE request = (PDVD_READ_STRUCTURE)InputBuffer;
PDVD_DESCRIPTOR_HEADER header = (PDVD_DESCRIPTOR_HEADER)OutputBuffer;
CDB cdb;
USHORT dataLength;
ULONG blockNumber;
PFOUR_BYTE fourByte;
PAGED_CODE ();
UNREFERENCED_PARAMETER(InputBufferLength);
if (DeviceExtension->DeviceAdditionalData.DriveDeviceType != FILE_DEVICE_DVD)
{
*DataLength = 0;
return STATUS_INVALID_DEVICE_REQUEST;
}
dataLength = (USHORT)OutputBufferLength;
blockNumber = (ULONG)(request->BlockByteOffset.QuadPart >> DeviceExtension->SectorShift);
fourByte = (PFOUR_BYTE)&blockNumber;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.READ_DVD_STRUCTURE.OperationCode = SCSIOP_READ_DVD_STRUCTURE;
cdb.READ_DVD_STRUCTURE.RMDBlockNumber[0] = fourByte->Byte3;
cdb.READ_DVD_STRUCTURE.RMDBlockNumber[1] = fourByte->Byte2;
cdb.READ_DVD_STRUCTURE.RMDBlockNumber[2] = fourByte->Byte1;
cdb.READ_DVD_STRUCTURE.RMDBlockNumber[3] = fourByte->Byte0;
cdb.READ_DVD_STRUCTURE.LayerNumber = request->LayerNumber;
cdb.READ_DVD_STRUCTURE.Format = (UCHAR)request->Format;
#if DBG
{
if ((UCHAR)request->Format > DvdMaxDescriptor)
{
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,
"READ_DVD_STRUCTURE format %x = %s (%x bytes)\n",
(UCHAR)request->Format,
READ_DVD_STRUCTURE_FORMAT_STRINGS[DvdMaxDescriptor],
dataLength
));
}
else
{
TracePrint((TRACE_LEVEL_VERBOSE, TRACE_FLAG_IOCTL,
"READ_DVD_STRUCTURE format %x = %s (%x bytes)\n",
(UCHAR)request->Format,
READ_DVD_STRUCTURE_FORMAT_STRINGS[(UCHAR)request->Format],
dataLength
));
}
}
#endif // DBG
if (request->Format == DvdDiskKeyDescriptor)
{
cdb.READ_DVD_STRUCTURE.AGID = (UCHAR)request->SessionId;
}
cdb.READ_DVD_STRUCTURE.AllocationLength[0] = (UCHAR)(dataLength >> 8);
cdb.READ_DVD_STRUCTURE.AllocationLength[1] = (UCHAR)(dataLength & 0xff);
status = ScratchBuffer_ExecuteCdb(DeviceExtension, OriginalRequest, dataLength, TRUE, &cdb, 12);
if (NT_SUCCESS(status))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"DvdDCCompletion - READ_STRUCTURE: descriptor format of %d\n", request->Format));
RtlMoveMemory(header,
DeviceExtension->ScratchContext.ScratchSrb->DataBuffer,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength);
// Cook the data. There are a number of fields that really
// should be byte-swapped for the caller.
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"DvdDCCompletion - READ_STRUCTURE:\n"
"\tHeader at %p\n"
"\tDvdDCCompletion - READ_STRUCTURE: data at %p\n"
"\tDataBuffer was at %p\n"
"\tDataTransferLength was %lx\n",
header,
header->Data,
DeviceExtension->ScratchContext.ScratchSrb->DataBuffer,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength));
// First the fields in the header
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "READ_STRUCTURE: header->Length %lx -> ",
header->Length));
REVERSE_SHORT(&header->Length);
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "%lx\n", header->Length));
// Now the fields in the descriptor
if(request->Format == DvdPhysicalDescriptor)
{
ULONG tempLength = (DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength > (ULONG)FIELD_OFFSET(DVD_DESCRIPTOR_HEADER, Data))
? (DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength - FIELD_OFFSET(DVD_DESCRIPTOR_HEADER, Data))
: 0;
PDVD_LAYER_DESCRIPTOR layer = (PDVD_LAYER_DESCRIPTOR)&(header->Data[0]);
// Make sure the buffer size is good for swapping bytes.
if (tempLength >= RTL_SIZEOF_THROUGH_FIELD(DVD_LAYER_DESCRIPTOR, StartingDataSector))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "READ_STRUCTURE: StartingDataSector %lx -> ",
layer->StartingDataSector));
REVERSE_LONG(&(layer->StartingDataSector));
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "%lx\n", layer->StartingDataSector));
}
if (tempLength >= RTL_SIZEOF_THROUGH_FIELD(DVD_LAYER_DESCRIPTOR, EndDataSector))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "READ_STRUCTURE: EndDataSector %lx -> ",
layer->EndDataSector));
REVERSE_LONG(&(layer->EndDataSector));
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "%lx\n", layer->EndDataSector));
}
if (tempLength >= RTL_SIZEOF_THROUGH_FIELD(DVD_LAYER_DESCRIPTOR, EndLayerZeroSector))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "READ_STRUCTURE: EndLayerZeroSector %lx -> ",
layer->EndLayerZeroSector));
REVERSE_LONG(&(layer->EndLayerZeroSector));
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "%lx\n", layer->EndLayerZeroSector));
}
}
if (!NT_SUCCESS(status))
{
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "Status is %lx\n", status));
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "DvdDeviceControlCompletion - "
"IOCTL_DVD_READ_STRUCTURE: data transfer length of %d\n",
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength));
}
*DataLength = DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength;
}
ScratchBuffer_EndUse(DeviceExtension);
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleDvdEndSession(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DVD_END_SESSION
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_SESSION_ID sessionId = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&sessionId,
NULL);
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
DVD_SESSION_ID currentSession = 0;
DVD_SESSION_ID limitSession = 0;
if(*sessionId == DVD_END_ALL_SESSIONS)
{
currentSession = 0;
limitSession = MAX_COPY_PROTECT_AGID - 1;
}
else
{
currentSession = *sessionId;
limitSession = *sessionId;
}
ScratchBuffer_BeginUse(DeviceExtension);
do
{
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.SEND_KEY.OperationCode = SCSIOP_SEND_KEY;
cdb.SEND_KEY.AGID = (UCHAR)(currentSession);
cdb.SEND_KEY.KeyFormat = DVD_INVALIDATE_AGID;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 12);
currentSession++;
} while ((currentSession <= limitSession) && NT_SUCCESS(status));
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleDvdStartSessionReadKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DVD_START_SESSION
IOCTL_DVD_READ_KEY
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_COPY_PROTECT_KEY keyParameters = NULL;
PVOID outputBuffer = NULL;
PAGED_CODE ();
if (NT_SUCCESS(status))
{
status = WdfRequestRetrieveOutputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
&outputBuffer,
NULL);
}
if (NT_SUCCESS(status) && RequestParameters.Parameters.DeviceIoControl.IoControlCode == IOCTL_DVD_READ_KEY)
{
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&keyParameters,
NULL);
}
if (NT_SUCCESS(status))
{
status = DvdStartSessionReadKey(DeviceExtension,
RequestParameters.Parameters.DeviceIoControl.IoControlCode,
Request,
keyParameters,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
outputBuffer,
RequestParameters.Parameters.DeviceIoControl.OutputBufferLength,
DataLength);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DvdStartSessionReadKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ ULONG IoControlCode,
_In_opt_ WDFREQUEST OriginalRequest,
_In_opt_ PVOID InputBuffer,
_In_ size_t InputBufferLength,
_In_ PVOID OutputBuffer,
_In_ size_t OutputBufferLength,
_Out_ size_t * DataLength
)
/*++
Routine Description:
base function to handle request of IOCTL_DVD_START_SESSION
IOCTL_DVD_READ_KEY
Arguments:
DeviceExtension - device context
IoControlCode - IOCTL_DVD_READ_KEY or IOCTL_DVD_START_SESSION
OriginalRequest - original request to be handled
InputBuffer - input buffer
InputBufferLength - length of input buffer
OutputBuffer - output buffer
OutputBufferLength - length of output buffer
Return Value:
NTSTATUS
DataLength - returned data length
--*/
{
NTSTATUS status = STATUS_SUCCESS;
ULONG keyLength = 0;
ULONG result = 0;
ULONG allocationLength;
PFOUR_BYTE fourByte;
PDVD_COPY_PROTECT_KEY keyParameters = (PDVD_COPY_PROTECT_KEY)InputBuffer;
PAGED_CODE ();
UNREFERENCED_PARAMETER(InputBufferLength);
*DataLength = 0;
fourByte = (PFOUR_BYTE)&allocationLength;
if (IoControlCode == IOCTL_DVD_READ_KEY)
{
if (keyParameters == NULL)
{
status = STATUS_INTERNAL_ERROR;
}
// First of all, initialize the DVD region of the drive, if it has not been set yet
if (NT_SUCCESS(status) &&
(keyParameters->KeyType == DvdGetRpcKey) &&
DeviceExtension->DeviceAdditionalData.Mmc.IsCssDvd)
{
DevicePickDvdRegion(DeviceExtension->Device);
}
if (NT_SUCCESS(status) &&
(keyParameters->KeyType == DvdDiskKey))
{
// Special case - need to use READ DVD STRUCTURE command to get the disk key.
PDVD_COPY_PROTECT_KEY keyHeader = NULL;
PDVD_READ_STRUCTURE readStructureRequest = (PDVD_READ_STRUCTURE)keyParameters;
// save the key header so we can restore the interesting parts later
keyHeader = ExAllocatePoolWithTag(NonPagedPoolNx,
sizeof(DVD_COPY_PROTECT_KEY),
DVD_TAG_READ_KEY);
if(keyHeader == NULL)
{
// Can't save the context so return an error
TracePrint((TRACE_LEVEL_ERROR, TRACE_FLAG_IOCTL,
"DvdDeviceControl - READ_KEY: unable to allocate context\n"));
status = STATUS_INSUFFICIENT_RESOURCES;
}
if (NT_SUCCESS(status))
{
PREAD_DVD_STRUCTURES_HEADER rawKey = OutputBuffer;
PDVD_COPY_PROTECT_KEY outputKey = OutputBuffer;
// save input parameters
RtlCopyMemory(keyHeader,
InputBuffer,
sizeof(DVD_COPY_PROTECT_KEY));
readStructureRequest->Format = DvdDiskKeyDescriptor;
readStructureRequest->BlockByteOffset.QuadPart = 0;
readStructureRequest->LayerNumber = 0;
readStructureRequest->SessionId = keyHeader->SessionId;
status = ReadDvdStructure(DeviceExtension,
OriginalRequest,
InputBuffer,
sizeof(DVD_READ_STRUCTURE),
OutputBuffer,
sizeof(READ_DVD_STRUCTURES_HEADER) + sizeof(DVD_DISK_KEY_DESCRIPTOR),
DataLength);
// fill the output buffer, it's not touched in DeviceHandleReadDvdStructure()
// for this specific request type: DvdDiskKeyDescriptor
if (NT_SUCCESS(status))
{
// Shift the data down to its new position.
RtlMoveMemory(outputKey->KeyData,
rawKey->Data,
sizeof(DVD_DISK_KEY_DESCRIPTOR));
RtlCopyMemory(outputKey,
keyHeader,
sizeof(DVD_COPY_PROTECT_KEY));
outputKey->KeyLength = DVD_DISK_KEY_LENGTH;
*DataLength = DVD_DISK_KEY_LENGTH;
}
else
{
TracePrint((TRACE_LEVEL_WARNING, TRACE_FLAG_IOCTL,
"StartSessionReadKey Failed with status %x, %xI64 (%x) bytes\n",
status,
(unsigned int)*DataLength,
((rawKey->Length[0] << 16) | rawKey->Length[1]) ));
}
FREE_POOL(keyHeader);
}
// special process finished. return from here.
return status;
}
if (NT_SUCCESS(status))
{
status = RtlULongSub((ULONG)OutputBufferLength,
(ULONG)sizeof(DVD_COPY_PROTECT_KEY), &result);
}
if (NT_SUCCESS(status))
{
status = RtlULongAdd(result, sizeof(CDVD_KEY_HEADER), &keyLength);
}
if (NT_SUCCESS(status))
{
//The data length field of REPORT KEY Command occupies two bytes
keyLength = min(keyLength, MAXUSHORT);
}
}
else //IOCTL_DVD_START_SESSION
{
keyParameters = NULL;
keyLength = sizeof(CDVD_KEY_HEADER) + sizeof(CDVD_REPORT_AGID_DATA);
status = STATUS_SUCCESS;
}
if (NT_SUCCESS(status))
{
CDB cdb;
allocationLength = keyLength;
// Defensive coding. Prefix cannot recognize this usage.
UNREFERENCED_PARAMETER(allocationLength);
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.REPORT_KEY.OperationCode = SCSIOP_REPORT_KEY;
cdb.REPORT_KEY.AllocationLength[0] = fourByte->Byte1;
cdb.REPORT_KEY.AllocationLength[1] = fourByte->Byte0;
// set the specific parameters....
if(IoControlCode == IOCTL_DVD_READ_KEY)
{
if(keyParameters->KeyType == DvdTitleKey)
{
ULONG logicalBlockAddress;
logicalBlockAddress = (ULONG)(keyParameters->Parameters.TitleOffset.QuadPart >>
DeviceExtension->SectorShift);
fourByte = (PFOUR_BYTE)&(logicalBlockAddress);
cdb.REPORT_KEY.LogicalBlockAddress[0] = fourByte->Byte3;
cdb.REPORT_KEY.LogicalBlockAddress[1] = fourByte->Byte2;
cdb.REPORT_KEY.LogicalBlockAddress[2] = fourByte->Byte1;
cdb.REPORT_KEY.LogicalBlockAddress[3] = fourByte->Byte0;
}
cdb.REPORT_KEY.KeyFormat = (UCHAR)keyParameters->KeyType;
cdb.REPORT_KEY.AGID = (UCHAR)keyParameters->SessionId;
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"DvdStartSessionReadKey => sending irp %p (%s)\n",
OriginalRequest, "READ_KEY"));
}
else
{
cdb.REPORT_KEY.KeyFormat = DVD_REPORT_AGID;
cdb.REPORT_KEY.AGID = 0;
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"DvdStartSessionReadKey => sending irp %p (%s)\n",
OriginalRequest, "START_SESSION"));
}
status = ScratchBuffer_ExecuteCdb(DeviceExtension, OriginalRequest, keyLength, TRUE, &cdb, 12);
if (NT_SUCCESS(status))
{
if(IoControlCode == IOCTL_DVD_READ_KEY)
{
NTSTATUS tempStatus;
PDVD_COPY_PROTECT_KEY copyProtectKey = (PDVD_COPY_PROTECT_KEY)OutputBuffer;
PCDVD_KEY_HEADER keyHeader = DeviceExtension->ScratchContext.ScratchSrb->DataBuffer;
ULONG dataLength;
ULONG transferLength;
tempStatus = RtlULongSub(DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength,
FIELD_OFFSET(CDVD_KEY_HEADER, Data),
&transferLength);
dataLength = (keyHeader->DataLength[0] << 8) + keyHeader->DataLength[1];
if (NT_SUCCESS(tempStatus) && (dataLength >= 2))
{
// Adjust the data length to ignore the two reserved bytes in the
// header.
dataLength -= 2;
// take the minimum of the transferred length and the
// length as specified in the header.
if(dataLength < transferLength)
{
transferLength = dataLength;
}
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL,
"DvdDeviceControlCompletion: [%p] - READ_KEY with "
"transfer length of (%d or %d) bytes\n",
OriginalRequest,
dataLength,
DeviceExtension->ScratchContext.ScratchSrb->DataTransferLength - 2));
// Copy the key data into the return buffer
if(copyProtectKey->KeyType == DvdTitleKey)
{
RtlMoveMemory(copyProtectKey->KeyData,
keyHeader->Data + 1,
transferLength - 1);
copyProtectKey->KeyData[transferLength - 1] = 0;
// If this is a title key then we need to copy the CGMS flags
// as well.
copyProtectKey->KeyFlags = *(keyHeader->Data);
}
else
{
RtlMoveMemory(copyProtectKey->KeyData,
keyHeader->Data,
transferLength);
}
copyProtectKey->KeyLength = sizeof(DVD_COPY_PROTECT_KEY);
copyProtectKey->KeyLength += transferLength;
*DataLength = copyProtectKey->KeyLength;
}
else
{
//There is no valid data from drive.
//This may happen when Key Format = 0x3f that does not require data back from drive.
status = STATUS_SUCCESS;
*DataLength = 0;
}
}
else
{
PDVD_SESSION_ID sessionId = (PDVD_SESSION_ID)OutputBuffer;
PCDVD_KEY_HEADER keyHeader = DeviceExtension->ScratchContext.ScratchSrb->DataBuffer;
PCDVD_REPORT_AGID_DATA keyData = (PCDVD_REPORT_AGID_DATA)keyHeader->Data;
*sessionId = keyData->AGID;
*DataLength = sizeof(DVD_SESSION_ID);
}
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleDvdSendKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_DVD_SEND_KEY
IOCTL_DVD_SEND_KEY2
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PVOID inputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
status = DvdSendKey(DeviceExtension,
Request,
inputBuffer,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
DataLength);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DvdSendKey(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_opt_ WDFREQUEST OriginalRequest,
_In_ PVOID InputBuffer,
_In_ size_t InputBufferLength,
_Out_ size_t * DataLength
)
/*++
Routine Description:
base function to handle request of IOCTL_DVD_SEND_KEY(2)
NOTE: cdrom does not process this IOCTL if the input buffer length is bigger than Port transfer length.
Arguments:
DeviceExtension - device context
OriginalRequest - original request to be handled
InputBuffer - input buffer
InputBufferLength - length of input buffer
Return Value:
NTSTATUS
DataLength - returned data length
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PDVD_COPY_PROTECT_KEY key = (PDVD_COPY_PROTECT_KEY)InputBuffer;
ULONG keyLength = 0;
ULONG result = 0;
PFOUR_BYTE fourByte;
PAGED_CODE ();
UNREFERENCED_PARAMETER(InputBufferLength);
*DataLength = 0;
if (NT_SUCCESS(status))
{
if ((key->KeyLength < sizeof(DVD_COPY_PROTECT_KEY)) ||
((key->KeyLength - sizeof(DVD_COPY_PROTECT_KEY)) > DeviceExtension->ScratchContext.ScratchBufferSize))
{
NT_ASSERT(FALSE);
status = STATUS_INTERNAL_ERROR;
}
}
if (NT_SUCCESS(status))
{
status = RtlULongSub(key->KeyLength, sizeof(DVD_COPY_PROTECT_KEY), &result);
}
if (NT_SUCCESS(status))
{
status = RtlULongAdd(result, sizeof(CDVD_KEY_HEADER), &keyLength);
}
if (NT_SUCCESS(status))
{
keyLength = min(keyLength, DeviceExtension->ScratchContext.ScratchBufferSize);
if (keyLength < 2)
{
status = STATUS_INVALID_PARAMETER;
}
}
if (NT_SUCCESS(status))
{
PCDVD_KEY_HEADER keyBuffer = NULL;
CDB cdb;
ScratchBuffer_BeginUse(DeviceExtension);
// prepare the input buffer
keyBuffer = (PCDVD_KEY_HEADER)DeviceExtension->ScratchContext.ScratchBuffer;
// keylength is decremented here by two because the
// datalength does not include the header, which is two
// bytes. keylength is immediately incremented later
// by the same amount.
keyLength -= 2;
fourByte = (PFOUR_BYTE)&keyLength;
keyBuffer->DataLength[0] = fourByte->Byte1;
keyBuffer->DataLength[1] = fourByte->Byte0;
keyLength += 2;
RtlMoveMemory(keyBuffer->Data,
key->KeyData,
key->KeyLength - sizeof(DVD_COPY_PROTECT_KEY));
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.REPORT_KEY.OperationCode = SCSIOP_SEND_KEY;
cdb.SEND_KEY.ParameterListLength[0] = fourByte->Byte1;
cdb.SEND_KEY.ParameterListLength[1] = fourByte->Byte0;
cdb.SEND_KEY.KeyFormat = (UCHAR)key->KeyType;
cdb.SEND_KEY.AGID = (UCHAR)key->SessionId;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, OriginalRequest, keyLength, FALSE, &cdb, 12);
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleSetReadAhead(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_STORAGE_SET_READ_AHEAD
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PSTORAGE_SET_READ_AHEAD readAhead = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&readAhead,
NULL);
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
ULONG blockAddress;
PFOUR_BYTE fourByte = (PFOUR_BYTE)&blockAddress;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
cdb.SET_READ_AHEAD.OperationCode = SCSIOP_SET_READ_AHEAD;
blockAddress = (ULONG)(readAhead->TriggerAddress.QuadPart >>
DeviceExtension->SectorShift);
// Defensive coding. Prefix cannot recognize this usage.
UNREFERENCED_PARAMETER(blockAddress);
cdb.SET_READ_AHEAD.TriggerLBA[0] = fourByte->Byte3;
cdb.SET_READ_AHEAD.TriggerLBA[1] = fourByte->Byte2;
cdb.SET_READ_AHEAD.TriggerLBA[2] = fourByte->Byte1;
cdb.SET_READ_AHEAD.TriggerLBA[3] = fourByte->Byte0;
blockAddress = (ULONG)(readAhead->TargetAddress.QuadPart >>
DeviceExtension->SectorShift);
cdb.SET_READ_AHEAD.ReadAheadLBA[0] = fourByte->Byte3;
cdb.SET_READ_AHEAD.ReadAheadLBA[1] = fourByte->Byte2;
cdb.SET_READ_AHEAD.ReadAheadLBA[2] = fourByte->Byte1;
cdb.SET_READ_AHEAD.ReadAheadLBA[3] = fourByte->Byte0;
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 12);
if (NT_SUCCESS(status))
{
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
_IRQL_requires_max_(APC_LEVEL)
NTSTATUS
DeviceHandleSetSpeed(
_In_ PCDROM_DEVICE_EXTENSION DeviceExtension,
_In_ WDFREQUEST Request,
_In_ WDF_REQUEST_PARAMETERS RequestParameters,
_Out_ size_t * DataLength
)
/*++
Routine Description:
Handle request of IOCTL_CDROM_SET_SPEED
Arguments:
DeviceExtension - device context
Request - request to be handled
RequestParameters - request parameter
DataLength - transferred data length
Return Value:
NTSTATUS
--*/
{
NTSTATUS status = STATUS_SUCCESS;
PCDROM_DATA cdData = &(DeviceExtension->DeviceAdditionalData);
PCDROM_SET_SPEED inputBuffer = NULL;
PAGED_CODE ();
*DataLength = 0;
status = WdfRequestRetrieveInputBuffer(Request,
RequestParameters.Parameters.DeviceIoControl.InputBufferLength,
(PVOID*)&inputBuffer,
NULL);
if (NT_SUCCESS(status))
{
ULONG transferSize = 0;
CDB cdb;
CDROM_SPEED_REQUEST requestType = inputBuffer->RequestType;
ScratchBuffer_BeginUse(DeviceExtension);
RtlZeroMemory(&cdb, sizeof(CDB));
// Set up the CDB
if (requestType == CdromSetSpeed)
{
PCDROM_SET_SPEED speed = inputBuffer;
cdb.SET_CD_SPEED.OperationCode = SCSIOP_SET_CD_SPEED;
cdb.SET_CD_SPEED.RotationControl = speed->RotationControl;
REVERSE_BYTES_SHORT(&cdb.SET_CD_SPEED.ReadSpeed, &speed->ReadSpeed);
REVERSE_BYTES_SHORT(&cdb.SET_CD_SPEED.WriteSpeed, &speed->WriteSpeed);
}
else
{
PCDROM_SET_STREAMING stream = (PCDROM_SET_STREAMING)inputBuffer;
PPERFORMANCE_DESCRIPTOR perfDescriptor;
transferSize = sizeof(PERFORMANCE_DESCRIPTOR);
perfDescriptor = DeviceExtension->ScratchContext.ScratchBuffer;
RtlZeroMemory(perfDescriptor, transferSize);
perfDescriptor->RandomAccess = stream->RandomAccess;
perfDescriptor->Exact = stream->SetExact;
perfDescriptor->RestoreDefaults = stream->RestoreDefaults;
perfDescriptor->WriteRotationControl = stream->RotationControl;
REVERSE_BYTES(&perfDescriptor->StartLba, &stream->StartLba);
REVERSE_BYTES(&perfDescriptor->EndLba, &stream->EndLba);
REVERSE_BYTES(&perfDescriptor->ReadSize, &stream->ReadSize);
REVERSE_BYTES(&perfDescriptor->ReadTime, &stream->ReadTime);
REVERSE_BYTES(&perfDescriptor->WriteSize, &stream->WriteSize);
REVERSE_BYTES(&perfDescriptor->WriteTime, &stream->WriteTime);
cdb.SET_STREAMING.OperationCode = SCSIOP_SET_STREAMING;
REVERSE_BYTES_SHORT(&cdb.SET_STREAMING.ParameterListLength, &transferSize);
// set value in extension by user inputs.
cdData->RestoreDefaults = stream->Persistent ? FALSE : TRUE;
TracePrint((TRACE_LEVEL_INFORMATION, TRACE_FLAG_IOCTL, "DeviceHandleSetSpeed: Restore default speed on media change set to %s\n",
cdData->RestoreDefaults ? "true" : "false"));
}
status = ScratchBuffer_ExecuteCdb(DeviceExtension, Request, transferSize, FALSE, &cdb, 12);
if (NT_SUCCESS(status))
{
*DataLength = 0;
}
// nothing to do after the command finishes.
ScratchBuffer_EndUse(DeviceExtension);
}
return status;
}
Reference in a new issue View git blame Copy permalink