mirror of
https://github.com/reactos/reactos.git
synced 2025-01-06 06:20:13 +00:00
2032 lines
50 KiB
C
2032 lines
50 KiB
C
/*++
|
||
|
||
Copyright (c) 1989-2000 Microsoft Corporation
|
||
|
||
Module Name:
|
||
|
||
VerfySup.c
|
||
|
||
Abstract:
|
||
|
||
This module implements the Fat Verify volume and fcb/dcb support
|
||
routines
|
||
|
||
|
||
--*/
|
||
|
||
#include "fatprocs.h"
|
||
|
||
//
|
||
// The Bug check file id for this module
|
||
//
|
||
|
||
#define BugCheckFileId (FAT_BUG_CHECK_VERFYSUP)
|
||
|
||
//
|
||
// The Debug trace level for this module
|
||
//
|
||
|
||
#define Dbg (DEBUG_TRACE_VERFYSUP)
|
||
|
||
//
|
||
// Local procedure prototypes
|
||
//
|
||
|
||
VOID
|
||
FatResetFcb (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb
|
||
);
|
||
|
||
BOOLEAN
|
||
FatMatchFileSize (
|
||
__in PIRP_CONTEXT IrpContext,
|
||
__in PDIRENT Dirent,
|
||
__in PFCB Fcb
|
||
);
|
||
|
||
_Requires_lock_held_(_Global_critical_region_)
|
||
VOID
|
||
FatDetermineAndMarkFcbCondition (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb
|
||
);
|
||
|
||
WORKER_THREAD_ROUTINE FatDeferredCleanVolume;
|
||
|
||
VOID
|
||
NTAPI
|
||
FatDeferredCleanVolume (
|
||
_In_ PVOID Parameter
|
||
);
|
||
|
||
IO_COMPLETION_ROUTINE FatMarkVolumeCompletionRoutine;
|
||
|
||
NTSTATUS
|
||
NTAPI
|
||
FatMarkVolumeCompletionRoutine(
|
||
_In_ PDEVICE_OBJECT DeviceObject,
|
||
_In_ PIRP Irp,
|
||
_In_reads_opt_(_Inexpressible_("varies")) PVOID Contxt
|
||
);
|
||
|
||
#ifdef ALLOC_PRAGMA
|
||
#pragma alloc_text(PAGE, FatCheckDirtyBit)
|
||
#pragma alloc_text(PAGE, FatVerifyOperationIsLegal)
|
||
#pragma alloc_text(PAGE, FatDeferredCleanVolume)
|
||
#pragma alloc_text(PAGE, FatMatchFileSize)
|
||
#pragma alloc_text(PAGE, FatDetermineAndMarkFcbCondition)
|
||
#pragma alloc_text(PAGE, FatQuickVerifyVcb)
|
||
#pragma alloc_text(PAGE, FatPerformVerify)
|
||
#pragma alloc_text(PAGE, FatMarkFcbCondition)
|
||
#pragma alloc_text(PAGE, FatResetFcb)
|
||
#pragma alloc_text(PAGE, FatVerifyVcb)
|
||
#pragma alloc_text(PAGE, FatVerifyFcb)
|
||
#endif
|
||
|
||
|
||
VOID
|
||
FatMarkFcbCondition (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb,
|
||
IN FCB_CONDITION FcbCondition,
|
||
IN BOOLEAN Recursive
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routines marks the entire Fcb/Dcb structure from Fcb down with
|
||
FcbCondition.
|
||
|
||
Arguments:
|
||
|
||
Fcb - Supplies the Fcb/Dcb being marked
|
||
|
||
FcbCondition - Supplies the setting to use for the Fcb Condition
|
||
|
||
Recursive - Specifies whether this condition should be applied to
|
||
all children (see the case where we are invalidating a live volume
|
||
for a case where this is now desireable).
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "FatMarkFcbCondition, Fcb = %p\n", Fcb );
|
||
|
||
//
|
||
// If we are marking this Fcb something other than Good, we will need
|
||
// to have the Vcb exclusive.
|
||
//
|
||
|
||
NT_ASSERT( FcbCondition != FcbNeedsToBeVerified ? TRUE :
|
||
FatVcbAcquiredExclusive(IrpContext, Fcb->Vcb) );
|
||
|
||
//
|
||
// If this is a PagingFile it has to be good unless media underneath is
|
||
// removable. The "removable" check was added specifically for ReadyBoost,
|
||
// which opens its cache file on a removable device as a paging file and
|
||
// relies on the file system to validate its mapping information after a
|
||
// power transition.
|
||
//
|
||
|
||
if (!FlagOn(Fcb->Vcb->VcbState, VCB_STATE_FLAG_REMOVABLE_MEDIA) &&
|
||
FlagOn(Fcb->FcbState, FCB_STATE_PAGING_FILE)) {
|
||
|
||
Fcb->FcbCondition = FcbGood;
|
||
return;
|
||
}
|
||
|
||
//
|
||
// Update the condition of the Fcb.
|
||
//
|
||
|
||
Fcb->FcbCondition = FcbCondition;
|
||
|
||
DebugTrace(0, Dbg, "MarkFcb: %wZ\n", &Fcb->FullFileName);
|
||
|
||
//
|
||
// This FastIo flag is based on FcbCondition, so update it now. This only
|
||
// applies to regular FCBs, of course.
|
||
//
|
||
|
||
if (Fcb->Header.NodeTypeCode == FAT_NTC_FCB) {
|
||
|
||
Fcb->Header.IsFastIoPossible = FatIsFastIoPossible( Fcb );
|
||
}
|
||
|
||
if (FcbCondition == FcbNeedsToBeVerified) {
|
||
FatResetFcb( IrpContext, Fcb );
|
||
}
|
||
|
||
//
|
||
// Now if we marked NeedsVerify or Bad a directory then we also need to
|
||
// go and mark all of our children with the same condition.
|
||
//
|
||
|
||
if ( ((FcbCondition == FcbNeedsToBeVerified) ||
|
||
(FcbCondition == FcbBad)) &&
|
||
Recursive &&
|
||
((Fcb->Header.NodeTypeCode == FAT_NTC_DCB) ||
|
||
(Fcb->Header.NodeTypeCode == FAT_NTC_ROOT_DCB)) ) {
|
||
|
||
PFCB OriginalFcb = Fcb;
|
||
|
||
while ( (Fcb = FatGetNextFcbTopDown(IrpContext, Fcb, OriginalFcb)) != NULL ) {
|
||
|
||
DebugTrace(0, Dbg, "MarkFcb: %wZ\n", &Fcb->FullFileName);
|
||
|
||
Fcb->FcbCondition = FcbCondition;
|
||
|
||
//
|
||
// We already know that FastIo is not possible since we are propagating
|
||
// a parent's bad/verify flag down the tree - IO to the children must
|
||
// take the long route for now.
|
||
//
|
||
|
||
Fcb->Header.IsFastIoPossible = FastIoIsNotPossible;
|
||
|
||
//
|
||
// Leave all the Fcbs in a condition to be verified.
|
||
//
|
||
|
||
if (FcbCondition == FcbNeedsToBeVerified) {
|
||
FatResetFcb( IrpContext, Fcb );
|
||
}
|
||
|
||
}
|
||
}
|
||
|
||
DebugTrace(-1, Dbg, "FatMarkFcbCondition -> VOID\n", 0);
|
||
|
||
return;
|
||
}
|
||
|
||
BOOLEAN
|
||
FatMarkDevForVerifyIfVcbMounted(
|
||
IN PVCB Vcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine checks to see if the specified Vcb is currently mounted on
|
||
the device or not. If it is, it sets the verify flag on the device, if
|
||
not then the state is noted in the Vcb.
|
||
|
||
Arguments:
|
||
|
||
Vcb - This is the volume to check.
|
||
|
||
Return Value:
|
||
|
||
TRUE if the device has been marked for verify here, FALSE otherwise.
|
||
|
||
--*/
|
||
{
|
||
BOOLEAN Marked = FALSE;
|
||
KIRQL SavedIrql;
|
||
|
||
IoAcquireVpbSpinLock( &SavedIrql );
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( push )
|
||
#pragma prefast( disable: 28175, "touching Vpb is ok for a filesystem" )
|
||
#endif
|
||
|
||
if (Vcb->Vpb->RealDevice->Vpb == Vcb->Vpb) {
|
||
|
||
SetFlag( Vcb->Vpb->RealDevice->Flags, DO_VERIFY_VOLUME);
|
||
Marked = TRUE;
|
||
}
|
||
else {
|
||
|
||
//
|
||
// Flag this to avoid the VPB spinlock in future passes.
|
||
//
|
||
|
||
SetFlag( Vcb->VcbState, VCB_STATE_VPB_NOT_ON_DEVICE);
|
||
}
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( pop )
|
||
#endif
|
||
|
||
IoReleaseVpbSpinLock( SavedIrql );
|
||
|
||
return Marked;
|
||
}
|
||
|
||
|
||
VOID
|
||
FatVerifyVcb (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PVCB Vcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routines verifies that the Vcb still denotes a valid Volume
|
||
If the Vcb is bad it raises an error condition.
|
||
|
||
Arguments:
|
||
|
||
Vcb - Supplies the Vcb being verified
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
BOOLEAN DevMarkedForVerify;
|
||
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "FatVerifyVcb, Vcb = %p\n", Vcb );
|
||
|
||
//
|
||
// If the verify volume flag in the device object is set
|
||
// this means the media has potentially changed.
|
||
//
|
||
// Note that we only force this ping for create operations.
|
||
// For others we take a sporting chance. If in the end we
|
||
// have to physically access the disk, the right thing will happen.
|
||
//
|
||
|
||
DevMarkedForVerify = BooleanFlagOn(Vcb->Vpb->RealDevice->Flags, DO_VERIFY_VOLUME);
|
||
|
||
//
|
||
// We ALWAYS force CREATE requests on unmounted volumes through the
|
||
// verify path. These requests could have been in limbo between
|
||
// IoCheckMountedVpb and us, when a verify/mount took place and caused
|
||
// a completely different fs/volume to be mounted. In this case the
|
||
// checks above may not have caught the condition, since we may already
|
||
// have verified (wrong volume) and decided that we have nothing to do.
|
||
// We want the requests to be re routed to the currently mounted volume,
|
||
// since they were directed at the 'drive', not our volume. So we take
|
||
// the verify path for synchronisation, and the request will eventually
|
||
// be bounced back to IO with STATUS_REPARSE by our verify handler.
|
||
//
|
||
|
||
if (!DevMarkedForVerify &&
|
||
(IrpContext->MajorFunction == IRP_MJ_CREATE) &&
|
||
(IrpContext->OriginatingIrp != NULL)) {
|
||
|
||
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( IrpContext->OriginatingIrp);
|
||
|
||
if ((IrpSp->FileObject->RelatedFileObject == NULL) &&
|
||
(Vcb->VcbCondition == VcbNotMounted)) {
|
||
|
||
DevMarkedForVerify = TRUE;
|
||
}
|
||
}
|
||
|
||
//
|
||
// Raise any error condition otherwise.
|
||
//
|
||
|
||
if (DevMarkedForVerify) {
|
||
|
||
DebugTrace(0, Dbg, "The Vcb needs to be verified\n", 0);
|
||
|
||
IoSetHardErrorOrVerifyDevice( IrpContext->OriginatingIrp,
|
||
Vcb->Vpb->RealDevice );
|
||
|
||
FatNormalizeAndRaiseStatus( IrpContext, STATUS_VERIFY_REQUIRED );
|
||
}
|
||
|
||
//
|
||
// Check the operation is legal for current Vcb state.
|
||
//
|
||
|
||
FatQuickVerifyVcb( IrpContext, Vcb );
|
||
|
||
DebugTrace(-1, Dbg, "FatVerifyVcb -> VOID\n", 0);
|
||
}
|
||
|
||
|
||
_Requires_lock_held_(_Global_critical_region_)
|
||
VOID
|
||
FatVerifyFcb (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routines verifies that the Fcb still denotes the same file.
|
||
If the Fcb is bad it raises a error condition.
|
||
|
||
Arguments:
|
||
|
||
Fcb - Supplies the Fcb being verified
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PFCB CurrentFcb;
|
||
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "FatVerifyFcb, Vcb = %p\n", Fcb );
|
||
|
||
//
|
||
// Always refuse operations on dismounted volumes.
|
||
//
|
||
|
||
if (FlagOn( Fcb->Vcb->VcbState, VCB_STATE_FLAG_VOLUME_DISMOUNTED )) {
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_VOLUME_DISMOUNTED );
|
||
}
|
||
|
||
//
|
||
// If this is the Fcb of a deleted dirent or our parent is deleted,
|
||
// no-op this call with the hope that the caller will do the right thing.
|
||
// The only caller we really have to worry about is the AdvanceOnly
|
||
// callback for setting valid data length from Cc, this will happen after
|
||
// cleanup (and file deletion), just before the SCM is ripped down.
|
||
//
|
||
|
||
if (IsFileDeleted( IrpContext, Fcb ) ||
|
||
((NodeType(Fcb) != FAT_NTC_ROOT_DCB) &&
|
||
IsFileDeleted( IrpContext, Fcb->ParentDcb ))) {
|
||
|
||
return;
|
||
}
|
||
|
||
//
|
||
// If we are not in the process of doing a verify,
|
||
// first do a quick spot check on the Vcb.
|
||
//
|
||
|
||
if ( Fcb->Vcb->VerifyThread != KeGetCurrentThread() ) {
|
||
|
||
FatQuickVerifyVcb( IrpContext, Fcb->Vcb );
|
||
}
|
||
|
||
//
|
||
// Now based on the condition of the Fcb we'll either return
|
||
// immediately to the caller, raise a condition, or do some work
|
||
// to verify the Fcb.
|
||
//
|
||
|
||
switch (Fcb->FcbCondition) {
|
||
|
||
case FcbGood:
|
||
|
||
DebugTrace(0, Dbg, "The Fcb is good\n", 0);
|
||
break;
|
||
|
||
case FcbBad:
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_FILE_INVALID );
|
||
break;
|
||
|
||
case FcbNeedsToBeVerified:
|
||
|
||
//
|
||
// We loop here checking our ancestors until we hit an Fcb which
|
||
// is either good or bad.
|
||
//
|
||
|
||
CurrentFcb = Fcb;
|
||
|
||
while (CurrentFcb->FcbCondition == FcbNeedsToBeVerified) {
|
||
|
||
FatDetermineAndMarkFcbCondition(IrpContext, CurrentFcb);
|
||
|
||
//
|
||
// If this Fcb didn't make it, or it was the Root Dcb, exit
|
||
// the loop now, else continue with out parent.
|
||
//
|
||
|
||
if ( (CurrentFcb->FcbCondition != FcbGood) ||
|
||
(NodeType(CurrentFcb) == FAT_NTC_ROOT_DCB) ) {
|
||
|
||
break;
|
||
}
|
||
|
||
CurrentFcb = CurrentFcb->ParentDcb;
|
||
}
|
||
|
||
//
|
||
// Now we can just look at ourselves to see how we did.
|
||
//
|
||
|
||
if (Fcb->FcbCondition != FcbGood) {
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_FILE_INVALID );
|
||
}
|
||
|
||
break;
|
||
|
||
default:
|
||
|
||
DebugDump("Invalid FcbCondition\n", 0, Fcb);
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( suppress:28159, "things are seriously wrong if we get here" )
|
||
#endif
|
||
FatBugCheck( Fcb->FcbCondition, 0, 0 );
|
||
}
|
||
|
||
DebugTrace(-1, Dbg, "FatVerifyFcb -> VOID\n", 0);
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
VOID
|
||
NTAPI
|
||
FatDeferredCleanVolume (
|
||
_In_ PVOID Parameter
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This is the routine that performs the actual FatMarkVolumeClean call.
|
||
It assures that the target volume still exists as there ia a race
|
||
condition between queueing the ExWorker item and volumes going away.
|
||
|
||
Arguments:
|
||
|
||
Parameter - Points to a clean volume packet that was allocated from pool
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PCLEAN_AND_DIRTY_VOLUME_PACKET Packet;
|
||
PLIST_ENTRY Links;
|
||
PVCB Vcb;
|
||
IRP_CONTEXT IrpContext;
|
||
BOOLEAN VcbExists = FALSE;
|
||
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "FatDeferredCleanVolume\n", 0);
|
||
|
||
Packet = (PCLEAN_AND_DIRTY_VOLUME_PACKET)Parameter;
|
||
|
||
Vcb = Packet->Vcb;
|
||
|
||
//
|
||
// Make us appear as a top level FSP request so that we will
|
||
// receive any errors from the operation.
|
||
//
|
||
|
||
IoSetTopLevelIrp( (PIRP)FSRTL_FSP_TOP_LEVEL_IRP );
|
||
|
||
//
|
||
// Dummy up and Irp Context so we can call our worker routines
|
||
//
|
||
|
||
RtlZeroMemory( &IrpContext, sizeof(IRP_CONTEXT));
|
||
|
||
SetFlag(IrpContext.Flags, IRP_CONTEXT_FLAG_WAIT);
|
||
|
||
//
|
||
// Acquire shared access to the global lock and make sure this volume
|
||
// still exists.
|
||
//
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( push )
|
||
#pragma prefast( disable: 28193, "this will always wait" )
|
||
#endif
|
||
FatAcquireSharedGlobal( &IrpContext );
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( pop )
|
||
#endif
|
||
|
||
for (Links = FatData.VcbQueue.Flink;
|
||
Links != &FatData.VcbQueue;
|
||
Links = Links->Flink) {
|
||
|
||
PVCB ExistingVcb;
|
||
|
||
ExistingVcb = CONTAINING_RECORD(Links, VCB, VcbLinks);
|
||
|
||
if ( Vcb == ExistingVcb ) {
|
||
|
||
VcbExists = TRUE;
|
||
break;
|
||
}
|
||
}
|
||
|
||
//
|
||
// If the vcb is good then mark it clean. Ignore any problems.
|
||
//
|
||
|
||
if ( VcbExists &&
|
||
(Vcb->VcbCondition == VcbGood) &&
|
||
!FlagOn(Vcb->VcbState, VCB_STATE_FLAG_SHUTDOWN) ) {
|
||
|
||
_SEH2_TRY {
|
||
|
||
if (!FlagOn(Vcb->VcbState, VCB_STATE_FLAG_MOUNTED_DIRTY)) {
|
||
|
||
FatMarkVolume( &IrpContext, Vcb, VolumeClean );
|
||
}
|
||
|
||
//
|
||
// Check for a pathological race condition, and fix it.
|
||
//
|
||
|
||
if (FlagOn(Vcb->VcbState, VCB_STATE_FLAG_VOLUME_DIRTY)) {
|
||
|
||
FatMarkVolume( &IrpContext, Vcb, VolumeDirty );
|
||
|
||
} else {
|
||
|
||
//
|
||
// Unlock the volume if it is removable.
|
||
//
|
||
|
||
if (FlagOn(Vcb->VcbState, VCB_STATE_FLAG_REMOVABLE_MEDIA) &&
|
||
!FlagOn(Vcb->VcbState, VCB_STATE_FLAG_BOOT_OR_PAGING_FILE)) {
|
||
|
||
FatToggleMediaEjectDisable( &IrpContext, Vcb, FALSE );
|
||
}
|
||
}
|
||
|
||
} _SEH2_EXCEPT( FsRtlIsNtstatusExpected(_SEH2_GetExceptionCode()) ?
|
||
EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH ) {
|
||
|
||
NOTHING;
|
||
} _SEH2_END;
|
||
}
|
||
|
||
//
|
||
// Release the global resource, unpin and repinned Bcbs and return.
|
||
//
|
||
|
||
FatReleaseGlobal( &IrpContext );
|
||
|
||
_SEH2_TRY {
|
||
|
||
FatUnpinRepinnedBcbs( &IrpContext );
|
||
|
||
} _SEH2_EXCEPT( FsRtlIsNtstatusExpected(_SEH2_GetExceptionCode()) ?
|
||
EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH ) {
|
||
|
||
NOTHING;
|
||
} _SEH2_END;
|
||
|
||
IoSetTopLevelIrp( NULL );
|
||
|
||
//
|
||
// and finally free the packet.
|
||
//
|
||
|
||
ExFreePool( Packet );
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
|
||
VOID
|
||
NTAPI
|
||
FatCleanVolumeDpc (
|
||
_In_ PKDPC Dpc,
|
||
_In_opt_ PVOID DeferredContext,
|
||
_In_opt_ PVOID SystemArgument1,
|
||
_In_opt_ PVOID SystemArgument2
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine is dispatched 5 seconds after the last disk structure was
|
||
modified in a specific volume, and exqueues an execuative worker thread
|
||
to perform the actual task of marking the volume dirty.
|
||
|
||
Arguments:
|
||
|
||
DefferedContext - Contains the Vcb to process.
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PVCB Vcb;
|
||
PCLEAN_AND_DIRTY_VOLUME_PACKET Packet;
|
||
|
||
UNREFERENCED_PARAMETER( SystemArgument1 );
|
||
UNREFERENCED_PARAMETER( SystemArgument2 );
|
||
UNREFERENCED_PARAMETER( Dpc );
|
||
|
||
Vcb = (PVCB)DeferredContext;
|
||
|
||
|
||
//
|
||
// If there is still dirty data (highly unlikely), set the timer for a
|
||
// second in the future.
|
||
//
|
||
|
||
if (CcIsThereDirtyData(Vcb->Vpb)) {
|
||
|
||
LARGE_INTEGER TwoSecondsFromNow;
|
||
|
||
TwoSecondsFromNow.QuadPart = (LONG)-2*1000*1000*10;
|
||
|
||
KeSetTimer( &Vcb->CleanVolumeTimer,
|
||
TwoSecondsFromNow,
|
||
&Vcb->CleanVolumeDpc );
|
||
|
||
return;
|
||
}
|
||
|
||
//
|
||
// If we couldn't get pool, oh well....
|
||
//
|
||
|
||
Packet = ExAllocatePoolWithTag(NonPagedPoolNx, sizeof(CLEAN_AND_DIRTY_VOLUME_PACKET), ' taF');
|
||
|
||
if ( Packet ) {
|
||
|
||
Packet->Vcb = Vcb;
|
||
Packet->Irp = NULL;
|
||
|
||
//
|
||
// Clear the dirty flag now since we cannot synchronize after this point.
|
||
//
|
||
|
||
ClearFlag( Packet->Vcb->VcbState, VCB_STATE_FLAG_VOLUME_DIRTY );
|
||
|
||
ExInitializeWorkItem( &Packet->Item, &FatDeferredCleanVolume, Packet );
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( suppress:28159, "prefast indicates this is an obsolete API, but it is ok for fastfat to keep using it" )
|
||
#endif
|
||
ExQueueWorkItem( &Packet->Item, CriticalWorkQueue );
|
||
}
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
_Requires_lock_held_(_Global_critical_region_)
|
||
VOID
|
||
FatMarkVolume (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PVCB Vcb,
|
||
IN FAT_VOLUME_STATE VolumeState
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine moves the physically marked volume state between the clean
|
||
and dirty states. For compatibility with Win9x, we manipulate both the
|
||
historical DOS (on==clean in index 1 of the FAT) and NT (on==dirty in
|
||
the CurrentHead field of the BPB) dirty bits.
|
||
|
||
Arguments:
|
||
|
||
Vcb - Supplies the Vcb being modified
|
||
|
||
VolumeState - Supplies the state the volume is transitioning to
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PCHAR Sector;
|
||
PBCB Bcb = NULL;
|
||
KEVENT Event;
|
||
PIRP Irp = NULL;
|
||
NTSTATUS Status;
|
||
BOOLEAN FsInfoUpdate = FALSE;
|
||
ULONG FsInfoOffset = 0;
|
||
ULONG ThisPass;
|
||
LARGE_INTEGER Offset;
|
||
BOOLEAN abort = FALSE;
|
||
|
||
DebugTrace(+1, Dbg, "FatMarkVolume, Vcb = %p\n", Vcb);
|
||
|
||
//
|
||
// We had best not be trying to scribble dirty/clean bits if the
|
||
// volume is write protected. The responsibility lies with the
|
||
// callers to make sure that operations that could cause a state
|
||
// change cannot happen. There are a few, though, that show it
|
||
// just doesn't make sense to force everyone to do the dinky
|
||
// check.
|
||
//
|
||
|
||
//
|
||
// If we were called for FAT12 or readonly media, return immediately.
|
||
//
|
||
|
||
if (FlagOn(Vcb->VcbState, VCB_STATE_FLAG_WRITE_PROTECTED) ||
|
||
FatIsFat12( Vcb )) {
|
||
|
||
return;
|
||
}
|
||
|
||
//
|
||
// We have two possible additional tasks to do to mark a volume
|
||
//
|
||
// Pass 0) Flip the dirty bit in the Bpb
|
||
// Pass 1) Rewrite the FsInfo sector for FAT32 if needed
|
||
//
|
||
// In most cases we can collapse these two either because the volume
|
||
// is either not FAT32 or the FsInfo sector is adjacent to the boot sector.
|
||
//
|
||
|
||
for (ThisPass = 0; ThisPass < 2; ThisPass++) {
|
||
|
||
//
|
||
// If this volume is being dirtied, or isn't FAT32, or if it is and
|
||
// we were able to perform the fast update, or the bpb lied to us
|
||
// about where the FsInfo went, we're done - no FsInfo to update in
|
||
// a seperate write.
|
||
//
|
||
|
||
if (ThisPass == 1 && (!FatIsFat32( Vcb ) ||
|
||
VolumeState != VolumeClean ||
|
||
FsInfoUpdate ||
|
||
Vcb->Bpb.FsInfoSector == 0)) {
|
||
|
||
break;
|
||
}
|
||
|
||
//
|
||
// Bail if we get an IO error.
|
||
//
|
||
|
||
_SEH2_TRY {
|
||
|
||
ULONG PinLength;
|
||
ULONG WriteLength;
|
||
|
||
//
|
||
// If the FAT table is 12-bit then our strategy is to pin the entire
|
||
// thing when any of it is modified. Here we're going to pin the
|
||
// first page, so in the 12-bit case we also want to pin the rest
|
||
// of the FAT table.
|
||
//
|
||
|
||
Offset.QuadPart = 0;
|
||
|
||
if (Vcb->AllocationSupport.FatIndexBitSize == 12) {
|
||
|
||
//
|
||
// But we only write back the first sector.
|
||
//
|
||
|
||
PinLength = FatReservedBytes(&Vcb->Bpb) + FatBytesPerFat(&Vcb->Bpb);
|
||
WriteLength = Vcb->Bpb.BytesPerSector;
|
||
|
||
} else {
|
||
|
||
WriteLength = PinLength = Vcb->Bpb.BytesPerSector;
|
||
|
||
//
|
||
// If this is a FAT32 volume going into the clean state,
|
||
// see about doing the FsInfo sector.
|
||
//
|
||
|
||
if (FatIsFat32( Vcb ) && VolumeState == VolumeClean) {
|
||
|
||
//
|
||
// If the FsInfo sector immediately follows the boot sector,
|
||
// we can do this in a single operation by rewriting both
|
||
// sectors at once.
|
||
//
|
||
|
||
if (Vcb->Bpb.FsInfoSector == 1) {
|
||
|
||
NT_ASSERT( ThisPass == 0 );
|
||
|
||
FsInfoUpdate = TRUE;
|
||
FsInfoOffset = Vcb->Bpb.BytesPerSector;
|
||
WriteLength = PinLength = Vcb->Bpb.BytesPerSector * 2;
|
||
|
||
} else if (ThisPass == 1) {
|
||
|
||
//
|
||
// We are doing an explicit write to the FsInfo sector.
|
||
//
|
||
|
||
FsInfoUpdate = TRUE;
|
||
FsInfoOffset = 0;
|
||
|
||
Offset.QuadPart = Vcb->Bpb.BytesPerSector * Vcb->Bpb.FsInfoSector;
|
||
}
|
||
}
|
||
}
|
||
|
||
//
|
||
// Call Cc directly here so that we can avoid overhead and push this
|
||
// right down to the disk.
|
||
//
|
||
|
||
CcPinRead( Vcb->VirtualVolumeFile,
|
||
&Offset,
|
||
PinLength,
|
||
TRUE,
|
||
&Bcb,
|
||
(PVOID *)&Sector );
|
||
|
||
DbgDoit( IrpContext->PinCount += 1 )
|
||
|
||
//
|
||
// Set the Bpb on Pass 0 always
|
||
//
|
||
|
||
if (ThisPass == 0) {
|
||
|
||
PCHAR CurrentHead;
|
||
|
||
//
|
||
// Before we do anything, doublecheck that this still looks like a
|
||
// FAT bootsector. If it doesn't, something remarkable happened
|
||
// and we should avoid touching the volume.
|
||
//
|
||
// THIS IS TEMPORARY (but may last a while)
|
||
//
|
||
|
||
if (!FatIsBootSectorFat( (PPACKED_BOOT_SECTOR) Sector )) {
|
||
abort = TRUE;
|
||
_SEH2_LEAVE;
|
||
}
|
||
|
||
if (FatIsFat32( Vcb )) {
|
||
|
||
CurrentHead = (PCHAR)&((PPACKED_BOOT_SECTOR_EX) Sector)->CurrentHead;
|
||
|
||
} else {
|
||
|
||
CurrentHead = (PCHAR)&((PPACKED_BOOT_SECTOR) Sector)->CurrentHead;
|
||
}
|
||
|
||
if (VolumeState == VolumeClean) {
|
||
|
||
ClearFlag( *CurrentHead, FAT_BOOT_SECTOR_DIRTY );
|
||
|
||
} else {
|
||
|
||
SetFlag( *CurrentHead, FAT_BOOT_SECTOR_DIRTY );
|
||
|
||
//
|
||
// In addition, if this request received an error that may indicate
|
||
// media corruption, have autochk perform a surface test.
|
||
//
|
||
|
||
if ( VolumeState == VolumeDirtyWithSurfaceTest ) {
|
||
|
||
SetFlag( *CurrentHead, FAT_BOOT_SECTOR_TEST_SURFACE );
|
||
}
|
||
}
|
||
}
|
||
|
||
//
|
||
// Update the FsInfo as appropriate.
|
||
//
|
||
|
||
if (FsInfoUpdate) {
|
||
|
||
PFSINFO_SECTOR FsInfoSector = (PFSINFO_SECTOR) ((PCHAR)Sector + FsInfoOffset);
|
||
|
||
//
|
||
// We just rewrite all of the spec'd fields. Note that we don't
|
||
// care to synchronize with the allocation package - this will be
|
||
// quickly taken care of by a re-dirtying of the volume if a change
|
||
// is racing with us. Remember that this is all a compatibility
|
||
// deference for Win9x FAT32 - NT will never look at this information.
|
||
//
|
||
|
||
FsInfoSector->SectorBeginSignature = FSINFO_SECTOR_BEGIN_SIGNATURE;
|
||
FsInfoSector->FsInfoSignature = FSINFO_SIGNATURE;
|
||
FsInfoSector->FreeClusterCount = Vcb->AllocationSupport.NumberOfFreeClusters;
|
||
FsInfoSector->NextFreeCluster = Vcb->ClusterHint;
|
||
FsInfoSector->SectorEndSignature = FSINFO_SECTOR_END_SIGNATURE;
|
||
}
|
||
|
||
//
|
||
// Initialize the event we're going to use
|
||
//
|
||
|
||
KeInitializeEvent( &Event, NotificationEvent, FALSE );
|
||
|
||
//
|
||
// Build the irp for the operation and also set the override flag.
|
||
// Note that we may be at APC level, so do this asyncrhonously and
|
||
// use an event for synchronization as normal request completion
|
||
// cannot occur at APC level.
|
||
//
|
||
|
||
Irp = IoBuildAsynchronousFsdRequest( IRP_MJ_WRITE,
|
||
Vcb->TargetDeviceObject,
|
||
(PVOID)Sector,
|
||
WriteLength,
|
||
&Offset,
|
||
NULL );
|
||
|
||
if ( Irp == NULL ) {
|
||
|
||
try_return(NOTHING);
|
||
}
|
||
|
||
//
|
||
// Make this operation write-through. It never hurts to try to be
|
||
// safer about this, even though we aren't logged.
|
||
//
|
||
|
||
SetFlag( IoGetNextIrpStackLocation( Irp )->Flags, SL_WRITE_THROUGH );
|
||
|
||
//
|
||
// Set up the completion routine
|
||
//
|
||
|
||
IoSetCompletionRoutine( Irp,
|
||
FatMarkVolumeCompletionRoutine,
|
||
&Event,
|
||
TRUE,
|
||
TRUE,
|
||
TRUE );
|
||
|
||
//
|
||
// Call the device to do the write and wait for it to finish.
|
||
// Igmore any return status.
|
||
//
|
||
|
||
Status = IoCallDriver( Vcb->TargetDeviceObject, Irp );
|
||
|
||
if (Status == STATUS_PENDING) {
|
||
|
||
(VOID)KeWaitForSingleObject( &Event, Executive, KernelMode, FALSE, (PLARGE_INTEGER)NULL );
|
||
}
|
||
|
||
try_exit: NOTHING;
|
||
} _SEH2_FINALLY {
|
||
|
||
//
|
||
// Clean up the Irp and Mdl
|
||
//
|
||
|
||
|
||
if (Irp) {
|
||
|
||
//
|
||
// If there is an MDL (or MDLs) associated with this I/O
|
||
// request, Free it (them) here. This is accomplished by
|
||
// walking the MDL list hanging off of the IRP and deallocating
|
||
// each MDL encountered.
|
||
//
|
||
|
||
while (Irp->MdlAddress != NULL) {
|
||
|
||
PMDL NextMdl;
|
||
|
||
NextMdl = Irp->MdlAddress->Next;
|
||
|
||
MmUnlockPages( Irp->MdlAddress );
|
||
|
||
IoFreeMdl( Irp->MdlAddress );
|
||
|
||
Irp->MdlAddress = NextMdl;
|
||
}
|
||
|
||
IoFreeIrp( Irp );
|
||
}
|
||
|
||
if (Bcb != NULL) {
|
||
|
||
FatUnpinBcb( IrpContext, Bcb );
|
||
}
|
||
} _SEH2_END;
|
||
}
|
||
|
||
if (!abort) {
|
||
|
||
//
|
||
// Flip the dirty bit in the FAT
|
||
//
|
||
|
||
if (VolumeState == VolumeDirty) {
|
||
|
||
FatSetFatEntry( IrpContext, Vcb, FAT_DIRTY_BIT_INDEX, FAT_DIRTY_VOLUME);
|
||
|
||
} else {
|
||
|
||
FatSetFatEntry( IrpContext, Vcb, FAT_DIRTY_BIT_INDEX, FAT_CLEAN_VOLUME);
|
||
}
|
||
}
|
||
|
||
DebugTrace(-1, Dbg, "FatMarkVolume -> VOID\n", 0);
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
VOID
|
||
NTAPI
|
||
FatFspMarkVolumeDirtyWithRecover(
|
||
PVOID Parameter
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This is the routine that performs the actual FatMarkVolume Dirty call
|
||
on a paging file Io that encounters a media error. It is responsible
|
||
for completing the PagingIo Irp as soon as this is done.
|
||
|
||
Note: this routine (and thus FatMarkVolume()) must be resident as
|
||
the paging file might be damaged at this point.
|
||
|
||
Arguments:
|
||
|
||
Parameter - Points to a dirty volume packet that was allocated from pool
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PCLEAN_AND_DIRTY_VOLUME_PACKET Packet;
|
||
PVCB Vcb;
|
||
IRP_CONTEXT IrpContext;
|
||
PIRP Irp;
|
||
|
||
DebugTrace(+1, Dbg, "FatFspMarkVolumeDirtyWithRecover\n", 0);
|
||
|
||
Packet = (PCLEAN_AND_DIRTY_VOLUME_PACKET)Parameter;
|
||
|
||
Vcb = Packet->Vcb;
|
||
Irp = Packet->Irp;
|
||
|
||
//
|
||
// Dummy up the IrpContext so we can call our worker routines
|
||
//
|
||
|
||
RtlZeroMemory( &IrpContext, sizeof(IRP_CONTEXT));
|
||
|
||
SetFlag(IrpContext.Flags, IRP_CONTEXT_FLAG_WAIT);
|
||
IrpContext.OriginatingIrp = Irp;
|
||
|
||
//
|
||
// Make us appear as a top level FSP request so that we will
|
||
// receive any errors from the operation.
|
||
//
|
||
|
||
IoSetTopLevelIrp( (PIRP)FSRTL_FSP_TOP_LEVEL_IRP );
|
||
|
||
//
|
||
// Try to write out the dirty bit. If something goes wrong, we
|
||
// tried.
|
||
//
|
||
|
||
_SEH2_TRY {
|
||
|
||
SetFlag( Vcb->VcbState, VCB_STATE_FLAG_MOUNTED_DIRTY );
|
||
|
||
FatMarkVolume( &IrpContext, Vcb, VolumeDirtyWithSurfaceTest );
|
||
|
||
} _SEH2_EXCEPT(FatExceptionFilter( &IrpContext, _SEH2_GetExceptionInformation() )) {
|
||
|
||
NOTHING;
|
||
} _SEH2_END;
|
||
|
||
IoSetTopLevelIrp( NULL );
|
||
|
||
//
|
||
// Now complete the originating Irp or set the synchronous event.
|
||
//
|
||
|
||
if (Packet->Event) {
|
||
KeSetEvent( Packet->Event, 0, FALSE );
|
||
} else {
|
||
IoCompleteRequest( Irp, IO_DISK_INCREMENT );
|
||
}
|
||
|
||
DebugTrace(-1, Dbg, "FatFspMarkVolumeDirtyWithRecover -> VOID\n", 0);
|
||
}
|
||
|
||
|
||
VOID
|
||
FatCheckDirtyBit (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PVCB Vcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine looks at the volume dirty bit, and depending on the state of
|
||
VCB_STATE_FLAG_MOUNTED_DIRTY, the appropriate action is taken.
|
||
|
||
Arguments:
|
||
|
||
Vcb - Supplies the Vcb being queried.
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
BOOLEAN Dirty;
|
||
|
||
PPACKED_BOOT_SECTOR BootSector;
|
||
PBCB BootSectorBcb;
|
||
|
||
UNICODE_STRING VolumeLabel;
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// Look in the boot sector
|
||
//
|
||
|
||
FatReadVolumeFile( IrpContext,
|
||
Vcb,
|
||
0,
|
||
sizeof(PACKED_BOOT_SECTOR),
|
||
&BootSectorBcb,
|
||
(PVOID *)&BootSector );
|
||
|
||
_SEH2_TRY {
|
||
|
||
//
|
||
// Check if the magic bit is set
|
||
//
|
||
|
||
if (IsBpbFat32(&BootSector->PackedBpb)) {
|
||
Dirty = BooleanFlagOn( ((PPACKED_BOOT_SECTOR_EX)BootSector)->CurrentHead,
|
||
FAT_BOOT_SECTOR_DIRTY );
|
||
} else {
|
||
Dirty = BooleanFlagOn( BootSector->CurrentHead, FAT_BOOT_SECTOR_DIRTY );
|
||
}
|
||
|
||
//
|
||
// Setup the VolumeLabel string
|
||
//
|
||
|
||
VolumeLabel.Length = Vcb->Vpb->VolumeLabelLength;
|
||
VolumeLabel.MaximumLength = MAXIMUM_VOLUME_LABEL_LENGTH;
|
||
VolumeLabel.Buffer = &Vcb->Vpb->VolumeLabel[0];
|
||
|
||
if ( Dirty ) {
|
||
|
||
//
|
||
// Do not trigger the mounted dirty bit if this is a verify
|
||
// and the volume is a boot or paging device. We know that
|
||
// a boot or paging device cannot leave the system, and thus
|
||
// that on its mount we will have figured this out correctly.
|
||
//
|
||
// This logic is a reasonable change. Why?
|
||
// 'cause setup cracked a non-exclusive DASD handle near the
|
||
// end of setup, wrote some data, closed the handle and we
|
||
// set the verify bit ... came back around and saw that other
|
||
// arbitrary activity had left the volume in a temporarily dirty
|
||
// state.
|
||
//
|
||
// Of course, the real problem is that we don't have a journal.
|
||
//
|
||
|
||
if (!(IrpContext->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL &&
|
||
IrpContext->MinorFunction == IRP_MN_VERIFY_VOLUME &&
|
||
FlagOn( Vcb->VcbState, VCB_STATE_FLAG_BOOT_OR_PAGING_FILE))) {
|
||
|
||
KdPrintEx((DPFLTR_FASTFAT_ID,
|
||
DPFLTR_INFO_LEVEL,
|
||
"FASTFAT: WARNING! Mounting Dirty Volume %Z\n",
|
||
&VolumeLabel));
|
||
|
||
SetFlag( Vcb->VcbState, VCB_STATE_FLAG_MOUNTED_DIRTY );
|
||
}
|
||
|
||
} else {
|
||
|
||
if (FlagOn(Vcb->VcbState, VCB_STATE_FLAG_MOUNTED_DIRTY)) {
|
||
|
||
KdPrintEx((DPFLTR_FASTFAT_ID,
|
||
DPFLTR_INFO_LEVEL,
|
||
"FASTFAT: Volume %Z has been cleaned.\n",
|
||
&VolumeLabel));
|
||
|
||
ClearFlag( Vcb->VcbState, VCB_STATE_FLAG_MOUNTED_DIRTY );
|
||
|
||
} else {
|
||
|
||
(VOID)FsRtlBalanceReads( Vcb->TargetDeviceObject );
|
||
}
|
||
}
|
||
|
||
} _SEH2_FINALLY {
|
||
|
||
FatUnpinBcb( IrpContext, BootSectorBcb );
|
||
} _SEH2_END;
|
||
}
|
||
|
||
|
||
VOID
|
||
FatVerifyOperationIsLegal (
|
||
IN PIRP_CONTEXT IrpContext
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine determines is the requested operation should be allowed to
|
||
continue. It either returns to the user if the request is Okay, or
|
||
raises an appropriate status.
|
||
|
||
Arguments:
|
||
|
||
Irp - Supplies the Irp to check
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PIRP Irp;
|
||
PFILE_OBJECT FileObject;
|
||
|
||
PAGED_CODE();
|
||
|
||
Irp = IrpContext->OriginatingIrp;
|
||
|
||
//
|
||
// If the Irp is not present, then we got here via close.
|
||
//
|
||
//
|
||
|
||
if ( Irp == NULL ) {
|
||
|
||
return;
|
||
}
|
||
|
||
FileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;
|
||
|
||
//
|
||
// If there is not a file object, we cannot continue.
|
||
//
|
||
|
||
if ( FileObject == NULL ) {
|
||
|
||
return;
|
||
}
|
||
|
||
//
|
||
// If the file object has already been cleaned up, and
|
||
//
|
||
// A) This request is a paging io read or write, or
|
||
// B) This request is a close operation, or
|
||
// C) This request is a set or query info call (for Lou)
|
||
// D) This is an MDL complete
|
||
//
|
||
// let it pass, otherwise return STATUS_FILE_CLOSED.
|
||
//
|
||
|
||
if ( FlagOn(FileObject->Flags, FO_CLEANUP_COMPLETE) ) {
|
||
|
||
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
||
|
||
if ( (FlagOn(Irp->Flags, IRP_PAGING_IO)) ||
|
||
(IrpSp->MajorFunction == IRP_MJ_CLOSE ) ||
|
||
(IrpSp->MajorFunction == IRP_MJ_SET_INFORMATION) ||
|
||
(IrpSp->MajorFunction == IRP_MJ_QUERY_INFORMATION) ||
|
||
( ( (IrpSp->MajorFunction == IRP_MJ_READ) ||
|
||
(IrpSp->MajorFunction == IRP_MJ_WRITE) ) &&
|
||
FlagOn(IrpSp->MinorFunction, IRP_MN_COMPLETE) ) ) {
|
||
|
||
NOTHING;
|
||
|
||
} else {
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_FILE_CLOSED );
|
||
}
|
||
}
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
|
||
//
|
||
// Internal support routine
|
||
//
|
||
|
||
VOID
|
||
FatResetFcb (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine is called when an Fcb has been marked as needs to be verified.
|
||
|
||
It does the following tasks:
|
||
|
||
- Reset Mcb mapping information
|
||
- For directories, reset dirent hints
|
||
- Set allocation size to unknown
|
||
|
||
Arguments:
|
||
|
||
Fcb - Supplies the Fcb to reset
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
LOGICAL IsRealPagingFile;
|
||
|
||
PAGED_CODE();
|
||
UNREFERENCED_PARAMETER( IrpContext );
|
||
|
||
//
|
||
// Don't do the two following operations for the Root Dcb
|
||
// of a non FAT32 volume or paging files. Paging files!?
|
||
// Yes, if someone diddles a volume we try to reverify all
|
||
// of the Fcbs just in case; however, there is no safe way
|
||
// to chuck and retrieve the mapping pair information for
|
||
// a real paging file. Lose it and die.
|
||
//
|
||
// An exception is made for ReadyBoost cache files, which
|
||
// are created as paging files on removable devices and
|
||
// require validation after a power transition.
|
||
//
|
||
|
||
if (!FlagOn(Fcb->Vcb->VcbState, VCB_STATE_FLAG_REMOVABLE_MEDIA) &&
|
||
FlagOn(Fcb->FcbState, FCB_STATE_PAGING_FILE)) {
|
||
|
||
IsRealPagingFile = TRUE;
|
||
|
||
} else {
|
||
|
||
IsRealPagingFile = FALSE;
|
||
}
|
||
|
||
if ( (NodeType(Fcb) != FAT_NTC_ROOT_DCB ||
|
||
FatIsFat32( Fcb->Vcb )) &&
|
||
!IsRealPagingFile ) {
|
||
|
||
//
|
||
// Reset the mcb mapping.
|
||
//
|
||
|
||
FsRtlRemoveLargeMcbEntry( &Fcb->Mcb, 0, 0xFFFFFFFF );
|
||
|
||
//
|
||
// Reset the allocation size to 0 or unknown
|
||
//
|
||
|
||
if ( Fcb->FirstClusterOfFile == 0 ) {
|
||
|
||
Fcb->Header.AllocationSize.QuadPart = 0;
|
||
|
||
} else {
|
||
|
||
Fcb->Header.AllocationSize.QuadPart = FCB_LOOKUP_ALLOCATIONSIZE_HINT;
|
||
}
|
||
}
|
||
|
||
//
|
||
// If this is a directory, reset the hints.
|
||
//
|
||
|
||
if ( (NodeType(Fcb) == FAT_NTC_DCB) ||
|
||
(NodeType(Fcb) == FAT_NTC_ROOT_DCB) ) {
|
||
|
||
//
|
||
// Force a rescan of the directory
|
||
//
|
||
|
||
Fcb->Specific.Dcb.UnusedDirentVbo = 0xffffffff;
|
||
Fcb->Specific.Dcb.DeletedDirentHint = 0xffffffff;
|
||
}
|
||
}
|
||
|
||
|
||
|
||
BOOLEAN
|
||
FatMatchFileSize (
|
||
__in PIRP_CONTEXT IrpContext,
|
||
__in PDIRENT Dirent,
|
||
__in PFCB Fcb
|
||
)
|
||
{
|
||
|
||
UNREFERENCED_PARAMETER(IrpContext);
|
||
|
||
if (NodeType(Fcb) != FAT_NTC_FCB) {
|
||
return TRUE;
|
||
}
|
||
|
||
|
||
if (Fcb->Header.FileSize.LowPart != Dirent->FileSize) {
|
||
return FALSE;
|
||
}
|
||
|
||
|
||
return TRUE;
|
||
}
|
||
|
||
//
|
||
// Internal support routine
|
||
//
|
||
|
||
_Requires_lock_held_(_Global_critical_region_)
|
||
VOID
|
||
FatDetermineAndMarkFcbCondition (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PFCB Fcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine checks a specific Fcb to see if it is different from what's
|
||
on the disk. The following things are checked:
|
||
|
||
- File Name
|
||
- File Size (if not directory)
|
||
- First Cluster Of File
|
||
- Dirent Attributes
|
||
|
||
Arguments:
|
||
|
||
Fcb - Supplies the Fcb to examine
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PDIRENT Dirent;
|
||
PBCB DirentBcb;
|
||
ULONG FirstClusterOfFile;
|
||
|
||
OEM_STRING Name;
|
||
CHAR Buffer[16];
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// If this is the Root Dcb, special case it. That is, we know
|
||
// by definition that it is good since it is fixed in the volume
|
||
// structure.
|
||
//
|
||
|
||
if ( NodeType(Fcb) == FAT_NTC_ROOT_DCB ) {
|
||
|
||
FatMarkFcbCondition( IrpContext, Fcb, FcbGood, FALSE );
|
||
|
||
return;
|
||
}
|
||
|
||
// The first thing we need to do to verify ourselves is
|
||
// locate the dirent on the disk.
|
||
//
|
||
|
||
FatGetDirentFromFcbOrDcb( IrpContext,
|
||
Fcb,
|
||
TRUE,
|
||
&Dirent,
|
||
&DirentBcb );
|
||
//
|
||
// If we couldn't get the dirent, this fcb must be bad (case of
|
||
// enclosing directory shrinking during the time it was ejected).
|
||
//
|
||
|
||
if (DirentBcb == NULL) {
|
||
|
||
FatMarkFcbCondition( IrpContext, Fcb, FcbBad, FALSE );
|
||
|
||
return;
|
||
}
|
||
|
||
//
|
||
// We located the dirent for ourselves now make sure it
|
||
// is really ours by comparing the Name and FatFlags.
|
||
// Then for a file we also check the file size.
|
||
//
|
||
// Note that we have to unpin the Bcb before calling FatResetFcb
|
||
// in order to avoid a deadlock in CcUninitializeCacheMap.
|
||
//
|
||
|
||
_SEH2_TRY {
|
||
|
||
Name.MaximumLength = 16;
|
||
Name.Buffer = &Buffer[0];
|
||
|
||
Fat8dot3ToString( IrpContext, Dirent, FALSE, &Name );
|
||
|
||
//
|
||
// We need to calculate the first cluster 'cause FAT32 splits
|
||
// this field across the dirent.
|
||
//
|
||
|
||
FirstClusterOfFile = Dirent->FirstClusterOfFile;
|
||
|
||
if (FatIsFat32( Fcb->Vcb )) {
|
||
|
||
FirstClusterOfFile += Dirent->FirstClusterOfFileHi << 16;
|
||
}
|
||
|
||
if (!RtlEqualString( &Name, &Fcb->ShortName.Name.Oem, TRUE )
|
||
|
||
||
|
||
|
||
!FatMatchFileSize(IrpContext, Dirent, Fcb )
|
||
|
||
||
|
||
|
||
(FirstClusterOfFile != Fcb->FirstClusterOfFile)
|
||
|
||
||
|
||
|
||
(Dirent->Attributes != Fcb->DirentFatFlags) ) {
|
||
|
||
FatMarkFcbCondition( IrpContext, Fcb, FcbBad, FALSE );
|
||
|
||
} else {
|
||
|
||
//
|
||
// We passed. Get the Fcb ready to use again.
|
||
//
|
||
|
||
FatMarkFcbCondition( IrpContext, Fcb, FcbGood, FALSE );
|
||
}
|
||
|
||
} _SEH2_FINALLY {
|
||
|
||
FatUnpinBcb( IrpContext, DirentBcb );
|
||
} _SEH2_END;
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
|
||
//
|
||
// Internal support routine
|
||
//
|
||
|
||
VOID
|
||
FatQuickVerifyVcb (
|
||
IN PIRP_CONTEXT IrpContext,
|
||
IN PVCB Vcb
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routines just checks the verify bit in the real device and the
|
||
Vcb condition and raises an appropriate exception if so warented.
|
||
It is called when verifying both Fcbs and Vcbs.
|
||
|
||
Arguments:
|
||
|
||
Vcb - Supplies the Vcb to check the condition of.
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// If the real device needs to be verified we'll set the
|
||
// DeviceToVerify to be our real device and raise VerifyRequired.
|
||
//
|
||
|
||
if (FlagOn(Vcb->Vpb->RealDevice->Flags, DO_VERIFY_VOLUME)) {
|
||
|
||
DebugTrace(0, Dbg, "The Vcb needs to be verified\n", 0);
|
||
|
||
IoSetHardErrorOrVerifyDevice( IrpContext->OriginatingIrp,
|
||
Vcb->Vpb->RealDevice );
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_VERIFY_REQUIRED );
|
||
}
|
||
|
||
//
|
||
// Based on the condition of the Vcb we'll either return to our
|
||
// caller or raise an error condition
|
||
//
|
||
|
||
switch (Vcb->VcbCondition) {
|
||
|
||
case VcbGood:
|
||
|
||
DebugTrace(0, Dbg, "The Vcb is good\n", 0);
|
||
|
||
//
|
||
// Do a check here of an operation that would try to modify a
|
||
// write protected media.
|
||
//
|
||
|
||
if (FlagOn(Vcb->VcbState, VCB_STATE_FLAG_WRITE_PROTECTED) &&
|
||
((IrpContext->MajorFunction == IRP_MJ_WRITE) ||
|
||
(IrpContext->MajorFunction == IRP_MJ_SET_INFORMATION) ||
|
||
(IrpContext->MajorFunction == IRP_MJ_SET_EA) ||
|
||
(IrpContext->MajorFunction == IRP_MJ_FLUSH_BUFFERS) ||
|
||
(IrpContext->MajorFunction == IRP_MJ_SET_VOLUME_INFORMATION) ||
|
||
(IrpContext->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL &&
|
||
IrpContext->MinorFunction == IRP_MN_USER_FS_REQUEST &&
|
||
IoGetCurrentIrpStackLocation(IrpContext->OriginatingIrp)->Parameters.FileSystemControl.FsControlCode ==
|
||
FSCTL_MARK_VOLUME_DIRTY))) {
|
||
|
||
//
|
||
// Set the real device for the pop-up info, and set the verify
|
||
// bit in the device object, so that we will force a verify
|
||
// in case the user put the correct media back in.
|
||
//
|
||
|
||
|
||
IoSetHardErrorOrVerifyDevice( IrpContext->OriginatingIrp,
|
||
Vcb->Vpb->RealDevice );
|
||
|
||
FatMarkDevForVerifyIfVcbMounted(Vcb);
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_MEDIA_WRITE_PROTECTED );
|
||
}
|
||
|
||
break;
|
||
|
||
case VcbNotMounted:
|
||
|
||
DebugTrace(0, Dbg, "The Vcb is not mounted\n", 0);
|
||
|
||
//
|
||
// Set the real device for the pop-up info, and set the verify
|
||
// bit in the device object, so that we will force a verify
|
||
// in case the user put the correct media back in.
|
||
//
|
||
|
||
IoSetHardErrorOrVerifyDevice( IrpContext->OriginatingIrp,
|
||
Vcb->Vpb->RealDevice );
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_WRONG_VOLUME );
|
||
|
||
break;
|
||
|
||
case VcbBad:
|
||
|
||
DebugTrace(0, Dbg, "The Vcb is bad\n", 0);
|
||
|
||
if (FlagOn( Vcb->VcbState, VCB_STATE_FLAG_VOLUME_DISMOUNTED )) {
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_VOLUME_DISMOUNTED );
|
||
|
||
} else {
|
||
|
||
FatRaiseStatus( IrpContext, STATUS_FILE_INVALID );
|
||
}
|
||
break;
|
||
|
||
default:
|
||
|
||
DebugDump("Invalid VcbCondition\n", 0, Vcb);
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( suppress:28159, "things are seriously wrong if we get here" )
|
||
#endif
|
||
FatBugCheck( Vcb->VcbCondition, 0, 0 );
|
||
}
|
||
}
|
||
|
||
_Requires_lock_held_(_Global_critical_region_)
|
||
NTSTATUS
|
||
FatPerformVerify (
|
||
_In_ PIRP_CONTEXT IrpContext,
|
||
_In_ PIRP Irp,
|
||
_In_ PDEVICE_OBJECT Device
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routines performs an IoVerifyVolume operation and takes the
|
||
appropriate action. After the Verify is complete the originating
|
||
Irp is sent off to an Ex Worker Thread. This routine is called
|
||
from the exception handler.
|
||
|
||
Arguments:
|
||
|
||
Irp - The irp to send off after all is well and done.
|
||
|
||
Device - The real device needing verification.
|
||
|
||
Return Value:
|
||
|
||
None.
|
||
|
||
--*/
|
||
|
||
{
|
||
PVCB Vcb;
|
||
NTSTATUS Status = STATUS_SUCCESS;
|
||
PIO_STACK_LOCATION IrpSp;
|
||
PFILE_OBJECT FileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;
|
||
BOOLEAN AllowRawMount = FALSE;
|
||
BOOLEAN VcbDeleted = FALSE;
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// Check if this Irp has a status of Verify required and if it does
|
||
// then call the I/O system to do a verify.
|
||
//
|
||
// Skip the IoVerifyVolume if this is a mount or verify request
|
||
// itself. Trying a recursive mount will cause a deadlock with
|
||
// the DeviceObject->DeviceLock.
|
||
//
|
||
|
||
if ( (IrpContext->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL) &&
|
||
((IrpContext->MinorFunction == IRP_MN_MOUNT_VOLUME) ||
|
||
(IrpContext->MinorFunction == IRP_MN_VERIFY_VOLUME)) ) {
|
||
|
||
return FatFsdPostRequest( IrpContext, Irp );
|
||
}
|
||
|
||
DebugTrace(0, Dbg, "Verify Required, DeviceObject = %p\n", Device);
|
||
|
||
//
|
||
// Extract a pointer to the Vcb from the VolumeDeviceObject.
|
||
// Note that since we have specifically excluded mount,
|
||
// requests, we know that IrpSp->DeviceObject is indeed a
|
||
// volume device object.
|
||
//
|
||
|
||
IrpSp = IoGetCurrentIrpStackLocation(Irp);
|
||
|
||
Vcb = &CONTAINING_RECORD( IrpSp->DeviceObject,
|
||
VOLUME_DEVICE_OBJECT,
|
||
DeviceObject )->Vcb;
|
||
|
||
//
|
||
// Check if the volume still thinks it needs to be verified,
|
||
// if it doesn't then we can skip doing a verify because someone
|
||
// else beat us to it.
|
||
//
|
||
|
||
_SEH2_TRY {
|
||
|
||
//
|
||
// We will allow Raw to mount this volume if we were doing a
|
||
// a DASD open.
|
||
//
|
||
|
||
if ( (IrpContext->MajorFunction == IRP_MJ_CREATE) &&
|
||
(IrpSp->FileObject->FileName.Length == 0) &&
|
||
(IrpSp->FileObject->RelatedFileObject == NULL) ) {
|
||
|
||
AllowRawMount = TRUE;
|
||
}
|
||
|
||
//
|
||
// Send down the verify. This could be going to a different
|
||
// filesystem.
|
||
//
|
||
|
||
Status = IoVerifyVolume( Device, AllowRawMount );
|
||
|
||
//
|
||
// If the verify operation completed it will return
|
||
// either STATUS_SUCCESS or STATUS_WRONG_VOLUME, exactly.
|
||
//
|
||
// If FatVerifyVolume encountered an error during
|
||
// processing, it will return that error. If we got
|
||
// STATUS_WRONG_VOLUME from the verfy, and our volume
|
||
// is now mounted, commute the status to STATUS_SUCCESS.
|
||
//
|
||
// Acquire the Vcb so we're working with a stable Vcb condition.
|
||
//
|
||
|
||
FatAcquireSharedVcb(IrpContext, Vcb);
|
||
|
||
if ( (Status == STATUS_WRONG_VOLUME) &&
|
||
(Vcb->VcbCondition == VcbGood) ) {
|
||
|
||
Status = STATUS_SUCCESS;
|
||
}
|
||
else if ((STATUS_SUCCESS == Status) && (Vcb->VcbCondition != VcbGood)) {
|
||
|
||
Status = STATUS_WRONG_VOLUME;
|
||
}
|
||
|
||
//
|
||
// Do a quick unprotected check here. The routine will do
|
||
// a safe check. After here we can release the resource.
|
||
// Note that if the volume really went away, we will be taking
|
||
// the Reparse path.
|
||
//
|
||
|
||
if ((VcbGood != Vcb->VcbCondition) &&
|
||
(0 == Vcb->OpenFileCount) ) {
|
||
|
||
FatReleaseVcb( IrpContext, Vcb);
|
||
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( push )
|
||
#pragma prefast( disable: 28137, "prefast wants the wait to be a constant, but that isn't possible for the way fastfat is designed" )
|
||
#pragma prefast( disable: 28193 )
|
||
#endif
|
||
FatAcquireExclusiveGlobal( IrpContext );
|
||
#ifdef _MSC_VER
|
||
#pragma prefast( pop )
|
||
#endif
|
||
|
||
FatAcquireExclusiveVcb( IrpContext,
|
||
Vcb );
|
||
|
||
VcbDeleted = FatCheckForDismount( IrpContext,
|
||
Vcb,
|
||
FALSE );
|
||
|
||
if (!VcbDeleted) {
|
||
|
||
FatReleaseVcb( IrpContext,
|
||
Vcb );
|
||
}
|
||
|
||
FatReleaseGlobal( IrpContext );
|
||
}
|
||
else {
|
||
|
||
FatReleaseVcb( IrpContext, Vcb);
|
||
}
|
||
|
||
//
|
||
// If the IopMount in IoVerifyVolume did something, and
|
||
// this is an absolute open, force a reparse.
|
||
//
|
||
|
||
if ((IrpContext->MajorFunction == IRP_MJ_CREATE) &&
|
||
(FileObject->RelatedFileObject == NULL) &&
|
||
((Status == STATUS_SUCCESS) || (Status == STATUS_WRONG_VOLUME))) {
|
||
|
||
Irp->IoStatus.Information = IO_REMOUNT;
|
||
|
||
FatCompleteRequest( IrpContext, Irp, STATUS_REPARSE );
|
||
Status = STATUS_REPARSE;
|
||
Irp = NULL;
|
||
}
|
||
|
||
if ( (Irp != NULL) && !NT_SUCCESS(Status) ) {
|
||
|
||
//
|
||
// Fill in the device object if required.
|
||
//
|
||
|
||
if ( IoIsErrorUserInduced( Status ) ) {
|
||
|
||
IoSetHardErrorOrVerifyDevice( Irp, Device );
|
||
}
|
||
|
||
NT_ASSERT( STATUS_VERIFY_REQUIRED != Status);
|
||
|
||
FatNormalizeAndRaiseStatus( IrpContext, Status );
|
||
}
|
||
|
||
//
|
||
// If there is still an Irp, send it off to an Ex Worker thread.
|
||
//
|
||
|
||
if ( Irp != NULL ) {
|
||
|
||
Status = FatFsdPostRequest( IrpContext, Irp );
|
||
}
|
||
|
||
}
|
||
_SEH2_EXCEPT (FatExceptionFilter( IrpContext, _SEH2_GetExceptionInformation() )) {
|
||
|
||
//
|
||
// We had some trouble trying to perform the verify or raised
|
||
// an error ourselves. So we'll abort the I/O request with
|
||
// the error status that we get back from the execption code.
|
||
//
|
||
|
||
Status = FatProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
|
||
} _SEH2_END;
|
||
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Local support routine
|
||
//
|
||
|
||
NTSTATUS
|
||
NTAPI
|
||
FatMarkVolumeCompletionRoutine(
|
||
_In_ PDEVICE_OBJECT DeviceObject,
|
||
_In_ PIRP Irp,
|
||
_In_reads_opt_(_Inexpressible_("varies")) PVOID Contxt
|
||
)
|
||
|
||
{
|
||
//
|
||
// Set the event so that our call will wake up.
|
||
//
|
||
|
||
KeSetEvent( (PKEVENT)Contxt, 0, FALSE );
|
||
|
||
UNREFERENCED_PARAMETER( DeviceObject );
|
||
UNREFERENCED_PARAMETER( Irp );
|
||
|
||
return STATUS_MORE_PROCESSING_REQUIRED;
|
||
}
|
||
|
||
|