ioverifier.h File Reference

#include "ioassert.h"
#include "trackirp.h"
#include "flunkirp.h"
#include "hashirp.h"
#include "sessnirp.h"

Go to the source code of this file.

Classes
struct	_IOV_INIT_DATA
Defines
#define	IOVP_COMPLETE_REQUEST(Apc, Sa1, Sa2)
#define	IOV_INITIALIZE_IRP(Irp, PacketSize, StackSize)
#define	IOV_DELETE_DEVICE(DeviceObject)
#define	IOV_DETACH_DEVICE(DeviceObject)
#define	IOV_ATTACH_DEVICE_TO_DEVICE_STACK(SourceDeviceObject, TargetDeviceObject)
#define	IOV_CANCEL_IRP(Irp, ReturnValue)   IovCancelIrp((Irp), (ReturnValue))
Typedefs
typedef _IOV_INIT_DATA	IOV_INIT_DATA
typedef _IOV_INIT_DATA *	PIOV_INIT_DATA
Functions
NTSTATUS FASTCALL	IovSpecialIrpCallDriver (IN PDEVICE_OBJECT DeviceObject, IN OUT PIRP Irp)
VOID FASTCALL	IovSpecialIrpCompleteRequest (IN PIRP Irp, IN CCHAR PriorityBoost)
VOID	IovpSpecialIrpVerifierInitWorker (IN PVOID Parameter)
VOID	IovpCompleteRequest (IN PKAPC Apc, IN PVOID *SystemArgument1, IN PVOID *SystemArgument2)
VOID	IovInitializeIrp (PIRP Irp, USHORT PacketSize, CCHAR StackSize)
VOID	IovAttachDeviceToDeviceStack (PDEVICE_OBJECT SourceDevice, PDEVICE_OBJECT TargetDevice)
VOID	IovDeleteDevice (PDEVICE_OBJECT DeleteDevice)
VOID	IovDetachDevice (PDEVICE_OBJECT TargetDevice)
BOOLEAN	IovCancelIrp (PIRP Irp, BOOLEAN *returnValue)

---

Define Documentation

#define IOV_ATTACH_DEVICE_TO_DEVICE_STACK (  SourceDeviceObject, TargetDeviceObject   )

Value: { \ if (IopVerifierOn) \ IovAttachDeviceToDeviceStack((SourceDeviceObject), (TargetDeviceObject)); \ } Definition at line 63 of file ioverifier.h. Referenced by IoAttachDeviceToDeviceStack().

#define IOV_CANCEL_IRP (  Irp, ReturnValue   )     IovCancelIrp((Irp), (ReturnValue))

Definition at line 69 of file ioverifier.h. Referenced by IoCancelIrp().

#define IOV_DELETE_DEVICE (  DeviceObject   )

Value: { \ if (IopVerifierOn) \ IovDeleteDevice(DeviceObject); \ } Definition at line 51 of file ioverifier.h. Referenced by IoDeleteDevice().

#define IOV_DETACH_DEVICE (  DeviceObject   )

Value: { \ if (IopVerifierOn) \ IovDetachDevice(DeviceObject); \ } Definition at line 57 of file ioverifier.h. Referenced by IoDetachDevice().

#define IOV_INITIALIZE_IRP (  Irp, PacketSize, StackSize   )

Value: { \ if (IopVerifierOn) \ IovInitializeIrp((Irp), (PacketSize), (StackSize)); \ } Definition at line 45 of file ioverifier.h. Referenced by IoInitializeIrp().

#define IOVP_COMPLETE_REQUEST (  Apc, Sa1, Sa2   )

Value: { \ if (IopVerifierOn) \ IovpCompleteRequest((Apc), (Sa1), (Sa2)); \ } Definition at line 39 of file ioverifier.h. Referenced by IopCompleteRequest().

---

Typedef Documentation

typedef struct _IOV_INIT_DATA IOV_INIT_DATA

typedef struct _IOV_INIT_DATA * PIOV_INIT_DATA

---

Function Documentation

VOID IovAttachDeviceToDeviceStack (  PDEVICE_OBJECT  SourceDevice, PDEVICE_OBJECT  TargetDevice )

Definition at line 1296 of file ioverifier.c. References IovpVerifierLevel, SPECIALIRP_IO_ATTACH_DEVICE_TO_DEVICE_STACK, and VOID(). { if (IovpVerifierLevel < 2) { return; } SPECIALIRP_IO_ATTACH_DEVICE_TO_DEVICE_STACK(SourceDevice, TargetDevice); }

BOOLEAN IovCancelIrp (  PIRP  Irp, BOOLEAN *  returnValue )

Definition at line 1332 of file ioverifier.c. References FALSE, Irp, SPECIALIRP_IO_CANCEL_IRP, and TRUE. { #ifndef NO_SPECIAL_IRP BOOLEAN cancelHandled ; SPECIALIRP_IO_CANCEL_IRP(Irp, &cancelHandled, returnValue) ; if (cancelHandled) { return TRUE ; } #endif return FALSE; }

VOID IovDeleteDevice (  PDEVICE_OBJECT  DeleteDevice  )

Definition at line 1309 of file ioverifier.c. References IovpVerifierLevel, SPECIALIRP_IO_DELETE_DEVICE, and VOID(). { if (IovpVerifierLevel < 2) { return; } SPECIALIRP_IO_DELETE_DEVICE(DeleteDevice); }

VOID IovDetachDevice (  PDEVICE_OBJECT  TargetDevice  )

Definition at line 1321 of file ioverifier.c. References IovpVerifierLevel, SPECIALIRP_IO_DETACH_DEVICE, and VOID(). { if (IovpVerifierLevel < 2) { return; } SPECIALIRP_IO_DETACH_DEVICE(TargetDevice); }

VOID IovInitializeIrp (  PIRP  Irp, USHORT  PacketSize, CCHAR  StackSize )

Definition at line 1279 of file ioverifier.c. References IovpVerifierLevel, Irp, SPECIALIRP_IO_INITIALIZE_IRP, and VOID(). { BOOLEAN initializeHandled ; if (IovpVerifierLevel < 2) { return; } SPECIALIRP_IO_INITIALIZE_IRP(Irp, PacketSize, StackSize, &initializeHandled) ; }

VOID IovpCompleteRequest (  IN PKAPC  Apc, IN PVOID *  SystemArgument1, IN PVOID *  SystemArgument2 )

Definition at line 542 of file ioverifier.c. References IO_INVALID_STACK_EVENT, IO_INVALID_STACK_IOSB, KeBugCheckEx(), KeGetCurrentThread, _IRP::UserEvent, _IRP::UserIosb, and VOID(). { PIRP irp; PUCHAR addr; ULONG BestStackOffset; irp = CONTAINING_RECORD( Apc, IRP, Tail.Apc ); #if defined(_X86_) addr = (PUCHAR)irp->UserIosb; if ((addr > (PUCHAR)KeGetCurrentThread()->StackLimit) && (addr <= (PUCHAR)&BestStackOffset)) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_INVALID_STACK_IOSB, (ULONG_PTR)addr, 0, 0); } addr = (PUCHAR)irp->UserEvent; if ((addr > (PUCHAR)KeGetCurrentThread()->StackLimit) && (addr <= (PUCHAR)&BestStackOffset)) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_INVALID_STACK_EVENT, (ULONG_PTR)addr, 0, 0); } #endif }

VOID IovpSpecialIrpVerifierInitWorker (  IN PVOID  Parameter  )

NTSTATUS FASTCALL IovSpecialIrpCallDriver (  IN PDEVICE_OBJECT  DeviceObject, IN OUT PIRP  Irp )

Definition at line 1159 of file ioverifier.c. References ASSERT, _IRP::CurrentLocation, DbgPrint, _IO_STACK_LOCATION::DeviceObject, FASTCALL, IO_CALL_DRIVER_INVALID_DEVICE_OBJECT, IO_CALL_DRIVER_IRP_TYPE_INVALID, IO_CALL_DRIVER_IRQL_NOT_EQUAL, IO_TYPE_IRP, IOFCALLDRIVER_STACKDATA, IoGetNextIrpStackLocation, IopfCallDriver(), IopVerifierOn, IovpValidateDeviceObject(), Irp, KeBugCheckEx(), _IO_STACK_LOCATION::MajorFunction, _DRIVER_OBJECT::MajorFunction, NTSTATUS(), PDRIVER_DISPATCH, PERFINFO_DRIVER_MAJORFUNCTION_CALL, PERFINFO_DRIVER_MAJORFUNCTION_RETURN, SPECIALIRP_IOF_CALL_1, SPECIALIRP_IOF_CALL_2, _IRP::Tail, and _IRP::Type. Referenced by IovCallDriver(), and IoVerifierInit(). : This routine is invoked to pass an I/O Request Packet (IRP) to another driver at its dispatch routine. This routine is called only for IRP tracking It duplicates the code in iosubs.c. Arguments: DeviceObject - Pointer to device object to which the IRP should be passed. Irp - Pointer to IRP for request. Return Value: Return status from driver's dispatch routine. --*/ { PIO_STACK_LOCATION irpSp; PDRIVER_OBJECT driverObject; NTSTATUS status; KIRQL saveIrql; PDRIVER_DISPATCH dispatchRoutine; IOFCALLDRIVER_STACKDATA iofCallDriverStackData ; if (!IopVerifierOn) { status = IopfCallDriver(DeviceObject, Irp); return status; } // // Ensure that this is really an I/O Request Packet. // if (Irp->Type != IO_TYPE_IRP) { ASSERT(Irp->Type == IO_TYPE_IRP); KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_IRP_TYPE_INVALID, (ULONG_PTR)Irp, 0, 0); } if (!IovpValidateDeviceObject(DeviceObject)) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_INVALID_DEVICE_OBJECT, (ULONG_PTR)DeviceObject, 0, 0); } SPECIALIRP_IOF_CALL_1(&Irp, DeviceObject, &iofCallDriverStackData) ; // // Update the IRP stack to point to the next location. // Irp->CurrentLocation--; if (Irp->CurrentLocation <= 0) { KeBugCheckEx( NO_MORE_IRP_STACK_LOCATIONS, (ULONG_PTR) Irp, 0, 0, 0 ); } irpSp = IoGetNextIrpStackLocation( Irp ); Irp->Tail.Overlay.CurrentStackLocation = irpSp; // // Save a pointer to the device object for this request so that it can // be used later in completion. // irpSp->DeviceObject = DeviceObject; // // Invoke the driver at its dispatch routine entry point. // driverObject = DeviceObject->DriverObject; dispatchRoutine = driverObject->MajorFunction[irpSp->MajorFunction] ; saveIrql = KeGetCurrentIrql(); PERFINFO_DRIVER_MAJORFUNCTION_CALL(Irp, irpSp, driverObject); status = dispatchRoutine( DeviceObject, Irp ); PERFINFO_DRIVER_MAJORFUNCTION_RETURN(Irp, irpSp, driverObject); if (saveIrql != KeGetCurrentIrql()) { DbgPrint( "IO: IoCallDriver( Driver object: %p Device object: %p Irp: %p )\n", driverObject, DeviceObject, Irp ); DbgPrint( " Irql before: %x != After: %x\n", saveIrql, KeGetCurrentIrql() ); ASSERT(saveIrql == KeGetCurrentIrql()); KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_IRQL_NOT_EQUAL, saveIrql, KeGetCurrentIrql(), 0); } SPECIALIRP_IOF_CALL_2(Irp, DeviceObject, dispatchRoutine, &status, &iofCallDriverStackData) ; return status; }

VOID FASTCALL IovSpecialIrpCompleteRequest (  IN PIRP  Irp, IN CCHAR  PriorityBoost )

Definition at line 586 of file ioverifier.c. References FASTCALL, NULL, SL_NOTCOPIED, and ZeroAndDopeIrpStackLocation. Referenced by IovCompleteRequest(), and IoVerifierInit(). : The following code is called only when doing IRP tracking. It duplicates code in iosubs.c. This routine is invoked to complete an I/O request. It is invoked by the driver in its DPC routine to perform the final completion of the IRP. The functions performed by this routine are as follows. 1. A check is made to determine whether the packet's stack locations have been exhausted. If not, then the stack location pointer is set to the next location and if there is a routine to be invoked, then it will be invoked. This continues until there are either no more routines which are interested or the packet runs out of stack. If a routine is invoked to complete the packet for a specific driver which needs to perform work a lot of work or the work needs to be performed in the context of another process, then the routine will return an alternate success code of STATUS_MORE_PROCESSING_REQUIRED. This indicates that this completion routine should simply return to its caller because the operation will be "completed" by this routine again sometime in the future. 2. A check is made to determine whether this IRP is an associated IRP. If it is, then the count on the master IRP is decremented. If the count for the master becomes zero, then the master IRP will be completed according to the steps below taken for a normal IRP being completed. If the count is still non-zero, then this IRP (the one being completed) will simply be deallocated. 3. If this is paging I/O or a close operation, then simply write the I/O status block and set the event to the signaled state, and dereference the event. If this is paging I/O, deallocate the IRP as well. 4. Unlock the pages, if any, specified by the MDL by calling MmUnlockPages. 5. A check is made to determine whether or not completion of the request can be deferred until later. If it can be, then this routine simply exits and leaves it up to the originator of the request to fully complete the IRP. By not initializing and queueing the special kernel APC to the calling thread (which is the current thread by definition), a lot of interrupt and queueing processing can be avoided. 6. The final rundown routine is invoked to queue the request packet to the target (requesting) thread as a special kernel mode APC. Arguments: Irp - Pointer to the I/O Request Packet to complete. PriorityBoost - Supplies the amount of priority boost that is to be given to the target thread when the special kernel APC is queued. Return Value: None. --*/ #define ZeroAndDopeIrpStackLocation( IrpSp ) { \ (IrpSp)->MinorFunction = 0; \ (IrpSp)->Flags = 0; \ (IrpSp)->Control = SL_NOTCOPIED; \ (IrpSp)->Parameters.Others.Argument1 = 0; \ (IrpSp)->Parameters.Others.Argument2 = 0; \ (IrpSp)->Parameters.Others.Argument3 = 0; \ (IrpSp)->Parameters.Others.Argument4 = 0; \ (IrpSp)->FileObject = (PFILE_OBJECT) NULL; } { PIRP masterIrp; NTSTATUS status; PIO_STACK_LOCATION stackPointer; PMDL mdl; PETHREAD thread; PFILE_OBJECT fileObject; KIRQL irql; PVOID saveAuxiliaryPointer = NULL; #ifndef NO_SPECIAL_IRP PVOID routine ; IOFCOMPLETEREQUEST_STACKDATA completionPacket; #endif if (!IopVerifierOn) { IopfCompleteRequest(Irp, PriorityBoost); return; } #if DBG if (Irp->CurrentLocation <= (CCHAR) Irp->StackCount) { stackPointer = IoGetCurrentIrpStackLocation(Irp); if (stackPointer->MajorFunction == IRP_MJ_POWER) { PoPowerTrace( POWERTRACE_COMPLETE, IoGetCurrentIrpStackLocation(Irp)->DeviceObject, Irp, IoGetCurrentIrpStackLocation(Irp) ); } } #endif SPECIALIRP_IOF_COMPLETE_1(Irp, PriorityBoost, &completionPacket); // // Begin by ensuring that this packet has not already been completed // by someone. // if (Irp->CurrentLocation > (CCHAR) (Irp->StackCount + 1) || Irp->Type != IO_TYPE_IRP) { KeBugCheckEx( MULTIPLE_IRP_COMPLETE_REQUESTS, (ULONG_PTR) Irp, __LINE__, 0, 0 ); } // // Ensure that the packet being completed really is still an IRP. // if (Irp->Type != IO_TYPE_IRP) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_CALL_DRIVER_IRP_TYPE_INVALID, (ULONG_PTR)Irp, 0, 0); } // // Ensure that no one believes that this request is still in a cancellable // state. // if (Irp->CancelRoutine) { ASSERT(Irp->CancelRoutine == NULL); KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_CANCEL_ROUTINE_SET, (ULONG_PTR)Irp->CancelRoutine, (ULONG_PTR)Irp, 0); } // // Ensure that the packet is not being completed with a thoroughly // confusing status code. Actually completing a packet with a pending // status probably means that someone forgot to set the real status in // the packet. if (Irp->IoStatus.Status == STATUS_PENDING) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_INVALID_STATUS, Irp->IoStatus.Status, (ULONG_PTR)Irp, 0); } // // Ensure that the packet is not being completed with a minus one. This is // apparently a common problem in some drivers, and has no meaning as a // status code. // if (Irp->IoStatus.Status == 0xffffffff) { KeBugCheckEx(DRIVER_VERIFIER_IOMANAGER_VIOLATION, IO_COMPLETE_REQUEST_INVALID_STATUS, Irp->IoStatus.Status, (ULONG_PTR)Irp, 0); } // // Ensure that if this is a paging I/O operation, and it failed, that the // reason for the failure isn't because quota was exceeded. // ASSERT( !(Irp->Flags & IRP_PAGING_IO && Irp->IoStatus.Status == STATUS_QUOTA_EXCEEDED ) ); #ifndef NO_SPECIAL_IRP if (!IovpTrackingFlags) { IopfCompleteRequest(Irp, PriorityBoost); return; } // // Now check to see whether this is the last driver that needs to be // invoked for this packet. If not, then bump the stack and check to // see whether the driver wishes to see the completion. As each stack // location is examined, invoke any routine which needs to be invoked. // If the routine returns STATUS_MORE_PROCESSING_REQUIRED, then stop the // processing of this packet. // for (stackPointer = IoGetCurrentIrpStackLocation( Irp ), Irp->CurrentLocation++, Irp->Tail.Overlay.CurrentStackLocation++; Irp->CurrentLocation <= (CCHAR) (Irp->StackCount + 1); stackPointer++, Irp->CurrentLocation++, Irp->Tail.Overlay.CurrentStackLocation++) { // // A stack location was located. Check to see whether or not it // has a completion routine and if so, whether or not it should be // invoked. // // Begin by saving the pending returned flag in the current stack // location in the fixed part of the IRP. // Irp->PendingReturned = stackPointer->Control & SL_PENDING_RETURNED; SPECIALIRP_IOF_COMPLETE_2(Irp, &completionPacket); if ( (NT_SUCCESS( Irp->IoStatus.Status ) && stackPointer->Control & SL_INVOKE_ON_SUCCESS) || (!NT_SUCCESS( Irp->IoStatus.Status ) && stackPointer->Control & SL_INVOKE_ON_ERROR) || (Irp->Cancel && stackPointer->Control & SL_INVOKE_ON_CANCEL) ) { // // This driver has specified a completion routine. Invoke the // routine passing it a pointer to its device object and the // IRP that is being completed. // ZeroAndDopeIrpStackLocation( stackPointer ); #ifndef NO_SPECIAL_IRP routine = stackPointer->CompletionRoutine ; SPECIALIRP_IOF_COMPLETE_3(Irp, routine, &completionPacket); #endif PERFINFO_DRIVER_COMPLETIONROUTINE_CALL(Irp, stackPointer); status = stackPointer->CompletionRoutine( (PDEVICE_OBJECT) (Irp->CurrentLocation == (CCHAR) (Irp->StackCount + 1) ? (PDEVICE_OBJECT) NULL : IoGetCurrentIrpStackLocation( Irp )->DeviceObject), Irp, stackPointer->Context ); PERFINFO_DRIVER_COMPLETIONROUTINE_RETURN(Irp, stackPointer); SPECIALIRP_IOF_COMPLETE_4(Irp, status, &completionPacket); if (status == STATUS_MORE_PROCESSING_REQUIRED) { // // Note: Notice that if the driver has returned the above // status value, it may have already DEALLOCATED the // packet! Therefore, do NOT touch any part of the // IRP in the following code. // SPECIALIRP_IOF_COMPLETE_5(Irp, &completionPacket); return; } } else { if (Irp->PendingReturned && Irp->CurrentLocation <= Irp->StackCount) { IoMarkIrpPending( Irp ); } ZeroAndDopeIrpStackLocation( stackPointer ); } SPECIALIRP_IOF_COMPLETE_5(Irp, &completionPacket); } // // Check to see whether this is an associated IRP. If so, then decrement // the count in the master IRP. If the count is decremented to zero, // then complete the master packet as well. // if (Irp->Flags & IRP_ASSOCIATED_IRP) { ULONG count; masterIrp = Irp->AssociatedIrp.MasterIrp; count = ExInterlockedAddUlong( (PULONG) &masterIrp->AssociatedIrp.IrpCount, 0xffffffff, &IopDatabaseLock ); // // Deallocate this packet and any MDLs that are associated with it // by either doing direct deallocations if they were allocated from // a zone or by queueing the packet to a thread to perform the // deallocation. // // Also, check the count of the master IRP to determine whether or not // the count has gone to zero. If not, then simply get out of here. // Otherwise, complete the master packet. // Irp->Tail.Overlay.Thread = masterIrp->Tail.Overlay.Thread; IopFreeIrpAndMdls( Irp ); if (count == 1) { IoCompleteRequest( masterIrp, PriorityBoost ); } return; } // // Check to see if we have a name junction. If so set the stage to // transmogrify the reparse point data in IopCompleteRequest. // if ((Irp->IoStatus.Status == STATUS_REPARSE ) && (Irp->IoStatus.Information > IO_REPARSE_TAG_RESERVED_RANGE)) { if (Irp->IoStatus.Information == IO_REPARSE_TAG_MOUNT_POINT) { // // For name junctions, we save the pointer to the auxiliary // buffer and use it below. // ASSERT( Irp->Tail.Overlay.AuxiliaryBuffer != NULL ); saveAuxiliaryPointer = (PVOID) Irp->Tail.Overlay.AuxiliaryBuffer; // // We NULL the entry to avoid its de-allocation at this time. // This buffer get deallocated in IopDoNameTransmogrify // Irp->Tail.Overlay.AuxiliaryBuffer = NULL; } else { // // Fail the request. A driver needed to act on this IRP prior // to getting to this point. // Irp->IoStatus.Status = STATUS_IO_REPARSE_TAG_NOT_HANDLED; } } // // Check the auxiliary buffer pointer in the packet and if a buffer was // allocated, deallocate it now. Note that this buffer must be freed // here since the pointer is overlayed with the APC that will be used // to get to the requesting thread's context. // if (Irp->Tail.Overlay.AuxiliaryBuffer) { ExFreePool( Irp->Tail.Overlay.AuxiliaryBuffer ); Irp->Tail.Overlay.AuxiliaryBuffer = NULL; } // // Check to see if this is paging I/O or a close operation. If either, // then special processing must be performed. The reasons that special // processing must be performed is different based on the type of // operation being performed. The biggest reasons for special processing // on paging operations are that using a special kernel APC for an in- // page operation cannot work since the special kernel APC can incur // another pagefault. Likewise, all paging I/O uses MDLs that belong // to the memory manager, not the I/O system. // // Close operations are special because the close may have been invoked // because of a special kernel APC (some IRP was completed which caused // the reference count on the object to become zero while in the I/O // system's special kernel APC routine). Therefore, a special kernel APC // cannot be used since it cannot execute until the close APC finishes. // // The special steps are as follows for a synchronous paging operation // and close are: // // 1. Copy the I/O status block (it is in SVAS, nonpaged). // 2. Signal the event // 3. If paging I/O, deallocate the IRP // // The special steps taken for asynchronous paging operations (out-pages) // are as follows: // // 1. Initialize a special kernel APC just for page writes. // 1. Queue the special kernel APC. // // It should also be noted that the logic for completing a Mount request // operation is exactly the same as a Page Read. No assumptions should be // made here about this being a Page Read operation w/o carefully checking // to ensure that they are also true for a Mount. That is: // // IRP_PAGING_IO and IRP_MOUNT_COMPLETION // // are the same flag in the IRP. // // Also note that the last time the IRP is touched for a close operation // must be just before the event is set to the signaled state. Once this // occurs, the IRP can be deallocated by the thread waiting for the event. // if (Irp->Flags & (IRP_PAGING_IO | IRP_CLOSE_OPERATION)) { if (Irp->Flags & (IRP_SYNCHRONOUS_PAGING_IO | IRP_CLOSE_OPERATION)) { ULONG flags; flags = Irp->Flags & IRP_SYNCHRONOUS_PAGING_IO; *Irp->UserIosb = Irp->IoStatus; (VOID) KeSetEvent( Irp->UserEvent, PriorityBoost, FALSE ); if (flags) { IoFreeIrp( Irp ); } } else { thread = Irp->Tail.Overlay.Thread; KeInitializeApc( &Irp->Tail.Apc, &thread->Tcb, Irp->ApcEnvironment, IopCompletePageWrite, (PKRUNDOWN_ROUTINE) NULL, (PKNORMAL_ROUTINE) NULL, KernelMode, (PVOID) NULL ); (VOID) KeInsertQueueApc( &Irp->Tail.Apc, (PVOID) NULL, (PVOID) NULL, PriorityBoost ); } return; } // // Check to see whether any pages need to be unlocked. // if (Irp->MdlAddress != NULL) { // // Unlock any pages that may be described by MDLs. // mdl = Irp->MdlAddress; while (mdl != NULL) { MmUnlockPages( mdl ); mdl = mdl->Next; } } // // Make a final check here to determine whether or not this is a // synchronous I/O operation that is being completed in the context // of the original requestor. If so, then an optimal path through // I/O completion can be taken. // if (Irp->Flags & IRP_DEFER_IO_COMPLETION && !Irp->PendingReturned) { if ((Irp->IoStatus.Status == STATUS_REPARSE ) && (Irp->IoStatus.Information == IO_REPARSE_TAG_MOUNT_POINT)) { // // For name junctions we reinstate the address of the appropriate // buffer. It is freed in parse.c // Irp->Tail.Overlay.AuxiliaryBuffer = saveAuxiliaryPointer; } return; } // // Finally, initialize the IRP as an APC structure and queue the special // kernel APC to the target thread. // thread = Irp->Tail.Overlay.Thread; fileObject = Irp->Tail.Overlay.OriginalFileObject; if (!Irp->Cancel) { KeInitializeApc( &Irp->Tail.Apc, &thread->Tcb, Irp->ApcEnvironment, IopCompleteRequest, IopAbortRequest, (PKNORMAL_ROUTINE) NULL, KernelMode, (PVOID) NULL ); (VOID) KeInsertQueueApc( &Irp->Tail.Apc, fileObject, (PVOID) saveAuxiliaryPointer, PriorityBoost ); } else { // // This request has been cancelled. Ensure that access to the thread // is synchronized, otherwise it may go away while attempting to get // through the remainder of completion for this request. This happens // when the thread times out waiting for the request to be completed // once it has been cancelled. // // Note that it is safe to capture the thread pointer above, w/o having // the lock because the cancel flag was not set at that point, and // the code that disassociates IRPs must set the flag before looking to // see whether or not the packet has been completed, and this packet // will appear to be completed because it no longer belongs to a driver. // ExAcquireSpinLock( &IopCompletionLock, &irql ); thread = Irp->Tail.Overlay.Thread; if (thread) { KeInitializeApc( &Irp->Tail.Apc, &thread->Tcb, Irp->ApcEnvironment, IopCompleteRequest, IopAbortRequest, (PKNORMAL_ROUTINE) NULL, KernelMode, (PVOID) NULL ); (VOID) KeInsertQueueApc( &Irp->Tail.Apc, fileObject, (PVOID) saveAuxiliaryPointer, PriorityBoost ); ExReleaseSpinLock( &IopCompletionLock, irql ); } else { // // This request has been aborted from completing in the caller's // thread. This can only occur if the packet was cancelled, and // the driver did not complete the request, so it was timed out. // Attempt to drop things on the floor, since the originating thread // has probably exited at this point. // ExReleaseSpinLock( &IopCompletionLock, irql ); ASSERT( Irp->Cancel ); // // Drop the IRP on the floor. // IopDropIrp( Irp, fileObject ); } } #else IopfCompleteRequest(Irp, PriorityBoost); return; #endif }

---