Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1111 lines
26 KiB

  1. /*++
  2. Copyright (c) 1990 Microsoft Corporation
  3. Module Name:
  4. workque.c
  5. Abstract:
  6. This module handles the communication between the NT redirector
  7. FSP and the NT redirector FSD.
  8. It defines routines that queue requests to the FSD, and routines
  9. that remove requests from the FSD work queue.
  10. Author:
  11. Larry Osterman (LarryO) 30-May-1990
  12. Revision History:
  13. 30-May-1990 LarryO
  14. Created
  15. --*/
  16. #include "precomp.h"
  17. #pragma hdrstop
  18. VOID
  19. BowserCriticalThreadWorker(
  20. IN PVOID Ctx
  21. );
  22. VOID
  23. BowserDelayedThreadWorker(
  24. IN PVOID Ctx
  25. );
  26. KSPIN_LOCK
  27. BowserIrpContextInterlock = {0};
  28. LIST_ENTRY
  29. BowserIrpContextList = {0};
  30. KSPIN_LOCK
  31. BowserIrpQueueSpinLock = {0};
  32. #ifdef ALLOC_PRAGMA
  33. #pragma alloc_text(PAGE, BowserAllocateIrpContext)
  34. #pragma alloc_text(PAGE, BowserFreeIrpContext)
  35. #pragma alloc_text(PAGE, BowserInitializeIrpContext)
  36. #pragma alloc_text(PAGE, BowserpUninitializeIrpContext)
  37. #pragma alloc_text(PAGE, BowserInitializeIrpQueue)
  38. #pragma alloc_text(PAGE, BowserQueueNonBufferRequest)
  39. #pragma alloc_text(INIT, BowserpInitializeIrpQueue)
  40. #pragma alloc_text(PAGE4BROW, BowserUninitializeIrpQueue)
  41. #pragma alloc_text(PAGE4BROW, BowserQueueNonBufferRequestReferenced)
  42. #pragma alloc_text(PAGE4BROW, BowserCancelQueuedIoForFile)
  43. #pragma alloc_text(PAGE4BROW, BowserTimeoutQueuedIrp)
  44. #endif
  45. //
  46. // Variables describing browsers use of a Critical system thread.
  47. //
  48. BOOLEAN BowserCriticalThreadRunning = FALSE;
  49. LIST_ENTRY BowserCriticalThreadQueue;
  50. WORK_QUEUE_ITEM BowserCriticalThreadWorkItem;
  51. VOID
  52. BowserQueueCriticalWorkItem (
  53. IN PWORK_QUEUE_ITEM WorkItem
  54. )
  55. /*++
  56. Routine Description:
  57. This routine queues an item onto the critical work queue.
  58. This routine ensures that at most one critical system thread is consumed
  59. by the browser by actually queing this item onto a browser specific queue
  60. then enqueing a critical work queue item that processes that queue.
  61. Arguments:
  62. WorkItem -- Work item to be processed on the critical work queue.
  63. Return Value:
  64. NONE
  65. --*/
  66. {
  67. KIRQL OldIrql;
  68. //
  69. // Insert the queue entry into the browser specific queue.
  70. //
  71. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  72. InsertTailList( &BowserCriticalThreadQueue, &WorkItem->List );
  73. //
  74. // If the browser doesn't have a critical system thread running,
  75. // start one now.
  76. //
  77. if ( !BowserCriticalThreadRunning ) {
  78. //
  79. // Mark that the thread is running now
  80. //
  81. BowserCriticalThreadRunning = TRUE;
  82. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  83. ExInitializeWorkItem( &BowserCriticalThreadWorkItem,
  84. BowserCriticalThreadWorker,
  85. NULL );
  86. ExQueueWorkItem(&BowserCriticalThreadWorkItem, CriticalWorkQueue );
  87. } else {
  88. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  89. }
  90. }
  91. VOID
  92. BowserCriticalThreadWorker(
  93. IN PVOID Ctx
  94. )
  95. /*++
  96. Routine Description:
  97. This routine processes critical browser workitems.
  98. This routine runs in a critical system thread. It is the only critical
  99. system thread used by the browser.
  100. Arguments:
  101. Ctx - Not used
  102. Return Value:
  103. NONE
  104. --*/
  105. {
  106. KIRQL OldIrql;
  107. PLIST_ENTRY Entry;
  108. PWORK_QUEUE_ITEM WorkItem;
  109. UNREFERENCED_PARAMETER( Ctx );
  110. //
  111. // Loop processing work items
  112. //
  113. while( TRUE ) {
  114. //
  115. // If the queue is empty,
  116. // indicate that this thread is no longer running.
  117. // return.
  118. //
  119. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  120. if ( IsListEmpty( &BowserCriticalThreadQueue ) ) {
  121. BowserCriticalThreadRunning = FALSE;
  122. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  123. return;
  124. }
  125. //
  126. // Remove an entry from the queue.
  127. //
  128. Entry = RemoveHeadList( &BowserCriticalThreadQueue );
  129. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  130. WorkItem = CONTAINING_RECORD(Entry, WORK_QUEUE_ITEM, List);
  131. //
  132. // Call the queued routine
  133. //
  134. (*WorkItem->WorkerRoutine)(WorkItem->Parameter);
  135. }
  136. }
  137. //
  138. // Variables describing browsers use of a Delayed system thread.
  139. //
  140. BOOLEAN BowserDelayedThreadRunning = FALSE;
  141. LIST_ENTRY BowserDelayedThreadQueue;
  142. WORK_QUEUE_ITEM BowserDelayedThreadWorkItem;
  143. VOID
  144. BowserQueueDelayedWorkItem (
  145. IN PWORK_QUEUE_ITEM WorkItem
  146. )
  147. /*++
  148. Routine Description:
  149. This routine queues an item onto the Delayed work queue.
  150. This routine ensures that at most one Delayed system thread is consumed
  151. by the browser by actually queing this item onto a browser specific queue
  152. then enqueing a Delayed work queue item that processes that queue.
  153. Arguments:
  154. WorkItem -- Work item to be processed on the Delayed work queue.
  155. Return Value:
  156. NONE
  157. --*/
  158. {
  159. KIRQL OldIrql;
  160. //
  161. // Insert the queue entry into the browser specific queue.
  162. //
  163. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  164. InsertTailList( &BowserDelayedThreadQueue, &WorkItem->List );
  165. //
  166. // If the browser doesn't have a Delayed system thread running,
  167. // start one now.
  168. //
  169. if ( !BowserDelayedThreadRunning ) {
  170. //
  171. // Mark that the thread is running now
  172. //
  173. BowserDelayedThreadRunning = TRUE;
  174. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  175. ExInitializeWorkItem( &BowserDelayedThreadWorkItem,
  176. BowserDelayedThreadWorker,
  177. NULL );
  178. ExQueueWorkItem(&BowserDelayedThreadWorkItem, DelayedWorkQueue );
  179. } else {
  180. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  181. }
  182. }
  183. VOID
  184. BowserDelayedThreadWorker(
  185. IN PVOID Ctx
  186. )
  187. /*++
  188. Routine Description:
  189. This routine processes Delayed browser workitems.
  190. This routine runs in a Delayed system thread. It is the only Delayed
  191. system thread used by the browser.
  192. Arguments:
  193. Ctx - Not used
  194. Return Value:
  195. NONE
  196. --*/
  197. {
  198. KIRQL OldIrql;
  199. PLIST_ENTRY Entry;
  200. PWORK_QUEUE_ITEM WorkItem;
  201. UNREFERENCED_PARAMETER( Ctx );
  202. //
  203. // Loop processing work items
  204. //
  205. while( TRUE ) {
  206. //
  207. // If the queue is empty,
  208. // indicate that this thread is no longer running.
  209. // return.
  210. //
  211. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  212. if ( IsListEmpty( &BowserDelayedThreadQueue ) ) {
  213. BowserDelayedThreadRunning = FALSE;
  214. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  215. return;
  216. }
  217. //
  218. // Remove an entry from the queue.
  219. //
  220. Entry = RemoveHeadList( &BowserDelayedThreadQueue );
  221. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  222. WorkItem = CONTAINING_RECORD(Entry, WORK_QUEUE_ITEM, List);
  223. //
  224. // Call the queued routine
  225. //
  226. (*WorkItem->WorkerRoutine)(WorkItem->Parameter);
  227. }
  228. }
  229. PIRP_CONTEXT
  230. BowserAllocateIrpContext (
  231. VOID
  232. )
  233. /*++
  234. Routine Description:
  235. Initialize a work queue structure, allocating all structures used for it.
  236. Arguments:
  237. None
  238. Return Value:
  239. PIRP_CONTEXT - Newly allocated Irp Context.
  240. --*/
  241. {
  242. PIRP_CONTEXT IrpContext;
  243. PAGED_CODE();
  244. if ((IrpContext = (PIRP_CONTEXT )ExInterlockedRemoveHeadList(&BowserIrpContextList, &BowserIrpContextInterlock)) == NULL) {
  245. //
  246. // If there are no IRP contexts in the "zone", allocate a new
  247. // Irp context from non paged pool.
  248. //
  249. IrpContext = ALLOCATE_POOL(NonPagedPool, sizeof(IRP_CONTEXT), POOL_IRPCONTEXT);
  250. if (IrpContext == NULL) {
  251. InternalError(("Could not allocate pool for IRP context\n"));
  252. }
  253. return IrpContext;
  254. }
  255. return IrpContext;
  256. }
  257. VOID
  258. BowserFreeIrpContext (
  259. PIRP_CONTEXT IrpContext
  260. )
  261. /*++
  262. Routine Description:
  263. Initialize a work queue structure, allocating all structures used for it.
  264. Arguments:
  265. PIRP_CONTEXT IrpContext - Irp Context to free.
  266. None
  267. Return Value:
  268. --*/
  269. {
  270. PAGED_CODE();
  271. //
  272. // We use the first two longwords of the IRP context as a list entry
  273. // when we free it to the zone.
  274. //
  275. ExInterlockedInsertTailList(&BowserIrpContextList, (PLIST_ENTRY )IrpContext,
  276. &BowserIrpContextInterlock);
  277. }
  278. VOID
  279. BowserInitializeIrpContext (
  280. VOID
  281. )
  282. /*++
  283. Routine Description:
  284. Initialize the Irp Context system
  285. Arguments:
  286. None.
  287. Return Value:
  288. None.
  289. --*/
  290. {
  291. PAGED_CODE();
  292. KeInitializeSpinLock(&BowserIrpContextInterlock);
  293. InitializeListHead(&BowserIrpContextList);
  294. }
  295. VOID
  296. BowserpUninitializeIrpContext(
  297. VOID
  298. )
  299. {
  300. PAGED_CODE();
  301. while (!IsListEmpty(&BowserIrpContextList)) {
  302. PIRP_CONTEXT IrpContext = (PIRP_CONTEXT)RemoveHeadList(&BowserIrpContextList);
  303. FREE_POOL(IrpContext);
  304. }
  305. }
  306. VOID
  307. BowserInitializeIrpQueue(
  308. PIRP_QUEUE Queue
  309. )
  310. {
  311. PAGED_CODE();
  312. InitializeListHead(&Queue->Queue);
  313. }
  314. VOID
  315. BowserUninitializeIrpQueue(
  316. PIRP_QUEUE Queue
  317. )
  318. {
  319. KIRQL OldIrql, CancelIrql;
  320. PDRIVER_CANCEL pDriverCancel;
  321. PLIST_ENTRY Entry;
  322. PIRP Request;
  323. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  324. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  325. //
  326. // Now remove this IRP from the request chain.
  327. //
  328. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  329. while (!IsListEmpty(&Queue->Queue)) {
  330. Entry = RemoveHeadList(&Queue->Queue);
  331. Request = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  332. // clear cancel routine
  333. Request->IoStatus.Information = 0;
  334. Request->Cancel = FALSE;
  335. pDriverCancel = IoSetCancelRoutine(Request, NULL);
  336. // Set to NULL in the cancel routine under BowserIrpQueueSpinLock protection.
  337. if ( pDriverCancel ) {
  338. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  339. BowserCompleteRequest(Request, STATUS_CANCELLED);
  340. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  341. }
  342. // otherwise the cancel routine is running at the moment.
  343. }
  344. ASSERT (IsListEmpty(&Queue->Queue));
  345. //
  346. // Make sure no more entries are inserted on this queue.
  347. //
  348. Queue->Queue.Flink = NULL;
  349. Queue->Queue.Blink = NULL;
  350. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  351. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  352. }
  353. VOID
  354. BowserCancelQueuedRequest(
  355. IN PDEVICE_OBJECT DeviceObject OPTIONAL,
  356. IN PIRP Irp
  357. )
  358. /*++
  359. Routine Description:
  360. This routine will cancel a queued IRP.
  361. Arguments:
  362. IN PIRP Irp - Supplies the IRP to cancel.
  363. IN PKSPIN_LOCK SpinLock - Supplies a pointer to the spin lock protecting the
  364. queue
  365. IN PLIST_ENTRY Queue - Supplies a pointer to the head of the queue.
  366. Note: See bug history for more: 294055, 306281, 124178, 124180, 131773...
  367. --*/
  368. {
  369. KIRQL OldIrql;
  370. KIRQL CancelIrql;
  371. PLIST_ENTRY Entry, NextEntry;
  372. PIRP Request;
  373. PIRP_QUEUE Queue;
  374. PIO_STACK_LOCATION NextStack = IoGetNextIrpStackLocation(Irp);
  375. LIST_ENTRY CancelList;
  376. ASSERT ( Irp->CancelRoutine == NULL );
  377. InitializeListHead(&CancelList);
  378. //
  379. // Release IOmgr set cancel IRP spinlock & acquire the local
  380. // queue protection spinlock. Then reaquire the cancel spinlock.
  381. // This is the proper lock order.
  382. //
  383. IoReleaseCancelSpinLock( Irp->CancelIrql );
  384. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  385. IoAcquireCancelSpinLock( &CancelIrql );
  386. //
  387. // Now remove this IRP from the request chain.
  388. //
  389. //
  390. // A pointer to the queue is stored in the next stack location.
  391. //
  392. Queue = (PIRP_QUEUE)NextStack->Parameters.Others.Argument4;
  393. if (Queue != NULL && Queue->Queue.Flink != NULL) {
  394. for (Entry = Queue->Queue.Flink ;
  395. Entry != &Queue->Queue ;
  396. Entry = NextEntry) {
  397. Request = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  398. if (Request->Cancel) {
  399. // we're in a cancel routine so the global cancel spinlock is locked
  400. NextEntry = Entry->Flink;
  401. RemoveEntryList(Entry);
  402. Request->IoStatus.Information = 0;
  403. Request->IoStatus.Status = STATUS_CANCELLED;
  404. IoSetCancelRoutine(Request, NULL);
  405. InsertTailList(&CancelList,Entry);
  406. } else {
  407. NextEntry = Entry->Flink;
  408. }
  409. }
  410. }
  411. IoReleaseCancelSpinLock( CancelIrql );
  412. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  413. while (!IsListEmpty(&CancelList)) {
  414. Entry = RemoveHeadList(&CancelList);
  415. Request = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  416. BowserCompleteRequest(Request, Request->IoStatus.Status);
  417. }
  418. UNREFERENCED_PARAMETER(DeviceObject);
  419. }
  420. NTSTATUS
  421. BowserQueueNonBufferRequest(
  422. IN PIRP Irp,
  423. IN PIRP_QUEUE Queue,
  424. IN PDRIVER_CANCEL CancelRoutine
  425. )
  426. /*++
  427. Routine Description:
  428. Queue an IRP in the specified queue.
  429. This routine cannot be called at an IRQ level above APC_LEVEL.
  430. Arguments:
  431. Irp - Supplies the IRP to queue.
  432. Queue - Supplies a pointer to the head of the queue.
  433. CancelRoutine - Address of routine to call if the IRP is cancelled.
  434. --*/
  435. {
  436. NTSTATUS Status;
  437. //
  438. // This routine itself is paged code which calls the discardable code
  439. // in BowserQueueNonBufferRequestReferenced().
  440. //
  441. PAGED_CODE();
  442. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  443. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  444. Status = BowserQueueNonBufferRequestReferenced( Irp,
  445. Queue,
  446. CancelRoutine );
  447. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  448. return Status;
  449. }
  450. NTSTATUS
  451. BowserQueueNonBufferRequestReferenced(
  452. IN PIRP Irp,
  453. IN PIRP_QUEUE Queue,
  454. IN PDRIVER_CANCEL CancelRoutine
  455. )
  456. /*++
  457. Routine Description:
  458. Queue an IRP in the specified queue.
  459. This routine can only be called if the BowserDiscardableCodeSection
  460. is already referenced. It can be called at any IRQ level.
  461. Arguments:
  462. Irp - Supplies the IRP to queue.
  463. Queue - Supplies a pointer to the head of the queue.
  464. CancelRoutine - Address of routine to call if the IRP is cancelled.
  465. --*/
  466. {
  467. KIRQL OldIrql, CancelIrql;
  468. LARGE_INTEGER CurrentTickCount;
  469. PIO_STACK_LOCATION NextStackLocation;
  470. BOOL bReleaseSpinlocks;
  471. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  472. // DbgPrint("Queue IRP %lx to queue %lx\n", Irp, Queue);
  473. //
  474. // Insert the request into the request announcement list.
  475. //
  476. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  477. if (Queue->Queue.Flink == NULL) {
  478. ASSERT (Queue->Queue.Blink == NULL);
  479. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  480. return(STATUS_CANCELLED);
  481. }
  482. //
  483. // Flag that this request is going to be pending.
  484. //
  485. IoMarkIrpPending(Irp);
  486. InsertTailList(&Queue->Queue, &Irp->Tail.Overlay.ListEntry);
  487. //
  488. // Make sure there's room enough in the stack location for this.
  489. //
  490. ASSERT (Irp->CurrentLocation <= Irp->StackCount);
  491. NextStackLocation = IoGetNextIrpStackLocation(Irp);
  492. //
  493. // Stick the current tick count into the next IRP stack location
  494. // for this IRP. This allows us to figure out if these IRP's have been
  495. // around for "too long".
  496. //
  497. // Beware:the IRP stack location is unaligned.
  498. //
  499. KeQueryTickCount( &CurrentTickCount );
  500. *((LARGE_INTEGER UNALIGNED *)&NextStackLocation->Parameters.Others.Argument1) =
  501. CurrentTickCount;
  502. //
  503. // Link the queue into the IRP.
  504. //
  505. NextStackLocation->Parameters.Others.Argument4 = (PVOID)Queue;
  506. // WARNING: double spinlock condition
  507. IoAcquireCancelSpinLock(&CancelIrql);
  508. bReleaseSpinlocks = TRUE;
  509. if (Irp->Cancel) {
  510. //
  511. // The Irp is in cancellable state:
  512. // if CancelRoutine == NULL, the routine is currently running
  513. // Otherwise, we need to cancel it ourselves
  514. //
  515. if ( Irp->CancelRoutine ) {
  516. // cacelable:
  517. // - rm is valid since we're still holding BowserIrpQueueSpinLock
  518. RemoveEntryList( &Irp->Tail.Overlay.ListEntry );
  519. // release spinlocks before completing the request
  520. IoReleaseCancelSpinLock(CancelIrql);
  521. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  522. bReleaseSpinlocks = FALSE;
  523. // complete.
  524. BowserCompleteRequest ( Irp, STATUS_CANCELLED );
  525. }
  526. // else CancelRoutine is running
  527. } else {
  528. IoSetCancelRoutine(Irp, CancelRoutine);
  529. }
  530. if ( bReleaseSpinlocks ) {
  531. // release spinlocks
  532. IoReleaseCancelSpinLock(CancelIrql);
  533. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  534. }
  535. return STATUS_PENDING;
  536. }
  537. VOID
  538. BowserTimeoutQueuedIrp(
  539. IN PIRP_QUEUE Queue,
  540. IN ULONG NumberOfSecondsToTimeOut
  541. )
  542. /*++
  543. Routine Description:
  544. This routine will scan an IRP queue and time out any requests that have
  545. been on the queue for "too long"
  546. Arguments:
  547. IN PIRP_QUEUE Queue - Supplies the Queue to scan.
  548. IN ULONG NumberOfSecondsToTimeOut - Supplies the number of seconds a request
  549. should remain on the queue.
  550. Return Value:
  551. None
  552. This routine will also complete any canceled queued requests it finds (on
  553. general principles).
  554. --*/
  555. {
  556. PIRP Irp;
  557. KIRQL OldIrql, CancelIrql;
  558. PDRIVER_CANCEL pDriverCancel;
  559. PLIST_ENTRY Entry, NextEntry;
  560. LARGE_INTEGER Timeout;
  561. LIST_ENTRY CancelList;
  562. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  563. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  564. InitializeListHead(&CancelList);
  565. //
  566. // Compute the timeout time into 100ns units.
  567. //
  568. Timeout.QuadPart = (LONGLONG)NumberOfSecondsToTimeOut * (LONGLONG)(10000*1000);
  569. //
  570. // Now convert the timeout into a number of ticks.
  571. //
  572. Timeout.QuadPart = Timeout.QuadPart / (LONGLONG)KeQueryTimeIncrement();
  573. ASSERT (Timeout.HighPart == 0);
  574. // DbgPrint("Dequeue irp from queue %lx...", Queue);
  575. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  576. for (Entry = Queue->Queue.Flink ;
  577. Entry != &Queue->Queue ;
  578. Entry = NextEntry) {
  579. Irp = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  580. //
  581. // If the request was canceled, this is a convenient time to cancel
  582. // it.
  583. //
  584. if (Irp->Cancel) {
  585. NextEntry = Entry->Flink;
  586. pDriverCancel = IoSetCancelRoutine(Irp, NULL);
  587. // Set to NULL in the cancel routine under BowserIrpQueueSpinLock protection.
  588. if ( pDriverCancel ) {
  589. Irp->IoStatus.Information = 0;
  590. Irp->IoStatus.Status = STATUS_CANCELLED;
  591. RemoveEntryList(Entry);
  592. InsertTailList(&CancelList,Entry);
  593. }
  594. // otherwise the cancel routine is running at the moment.
  595. //
  596. // Now check to see if this request is "too old". If it is, complete
  597. // it with an error.
  598. //
  599. } else {
  600. PIO_STACK_LOCATION NextIrpStackLocation;
  601. LARGE_INTEGER CurrentTickCount;
  602. LARGE_INTEGER RequestTime;
  603. LARGE_INTEGER Temp;
  604. NextIrpStackLocation = IoGetNextIrpStackLocation(Irp);
  605. //
  606. // Snapshot the current tickcount.
  607. //
  608. KeQueryTickCount(&CurrentTickCount);
  609. //
  610. // Figure out how many seconds this request has been active for
  611. //
  612. Temp.LowPart = (*((LARGE_INTEGER UNALIGNED *)&NextIrpStackLocation->Parameters.Others.Argument1)).LowPart;
  613. Temp.HighPart= (*((LARGE_INTEGER UNALIGNED *)&NextIrpStackLocation->Parameters.Others.Argument1)).HighPart;
  614. RequestTime.QuadPart = CurrentTickCount.QuadPart - Temp.QuadPart;
  615. ASSERT (RequestTime.HighPart == 0);
  616. //
  617. // If this request has lasted "too long", then time it
  618. // out.
  619. //
  620. if (RequestTime.LowPart > Timeout.LowPart) {
  621. NextEntry = Entry->Flink;
  622. pDriverCancel = IoSetCancelRoutine(Irp, NULL);
  623. // Set to NULL in the cancel routine under BowserIrpQueueSpinLock protection.
  624. if ( pDriverCancel ) {
  625. Irp->IoStatus.Information = 0;
  626. Irp->IoStatus.Status = STATUS_IO_TIMEOUT;
  627. RemoveEntryList(Entry);
  628. InsertTailList(&CancelList,Entry);
  629. }
  630. // otherwise it the cancel routine is running
  631. } else {
  632. NextEntry = Entry->Flink;
  633. }
  634. }
  635. }
  636. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  637. while (!IsListEmpty(&CancelList)) {
  638. Entry = RemoveHeadList(&CancelList);
  639. Irp = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  640. BowserCompleteRequest(Irp, Irp->IoStatus.Status);
  641. }
  642. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  643. // DbgPrint("%lx.\n", Irp);
  644. }
  645. PIRP
  646. BowserDequeueQueuedIrp(
  647. IN PIRP_QUEUE Queue
  648. )
  649. {
  650. PIRP Irp;
  651. KIRQL OldIrql;
  652. PLIST_ENTRY IrpEntry;
  653. // DbgPrint("Dequeue irp from queue %lx...", Queue);
  654. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  655. if (IsListEmpty(&Queue->Queue)) {
  656. //
  657. // There are no waiting request announcement FsControls, so
  658. // return success.
  659. //
  660. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  661. // DbgPrint("No entry found.\n");
  662. return NULL;
  663. }
  664. IrpEntry = RemoveHeadList(&Queue->Queue);
  665. Irp = CONTAINING_RECORD(IrpEntry, IRP, Tail.Overlay.ListEntry);
  666. IoAcquireCancelSpinLock(&Irp->CancelIrql);
  667. //
  668. // Remove the cancel request for this IRP.
  669. //
  670. Irp->Cancel = FALSE;
  671. IoSetCancelRoutine(Irp, NULL);
  672. IoReleaseCancelSpinLock(Irp->CancelIrql);
  673. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  674. // DbgPrint("%lx.\n", Irp);
  675. return Irp;
  676. }
  677. VOID
  678. BowserCancelQueuedIoForFile(
  679. IN PIRP_QUEUE Queue,
  680. IN PFILE_OBJECT FileObject
  681. )
  682. {
  683. KIRQL OldIrql;
  684. PLIST_ENTRY Entry, NextEntry;
  685. PDRIVER_CANCEL pDriverCancel;
  686. PIRP Request;
  687. LIST_ENTRY CancelList;
  688. BowserReferenceDiscardableCode( BowserDiscardableCodeSection );
  689. DISCARDABLE_CODE( BowserDiscardableCodeSection );
  690. InitializeListHead(&CancelList);
  691. //
  692. // Walk the outstanding IRP list for this
  693. //
  694. ACQUIRE_SPIN_LOCK(&BowserIrpQueueSpinLock, &OldIrql);
  695. for (Entry = Queue->Queue.Flink ;
  696. Entry != &Queue->Queue ;
  697. Entry = NextEntry) {
  698. Request = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  699. //
  700. // If the request was canceled, blow it away.
  701. //
  702. if (Request->Cancel) {
  703. NextEntry = Entry->Flink;
  704. // This is the cancel routine setting of cancel routine ptr to NULL.
  705. pDriverCancel = IoSetCancelRoutine(Request, NULL);
  706. // Set to NULL in the cancel routine under BowserIrpQueueSpinLock protection.
  707. if ( pDriverCancel ) {
  708. RemoveEntryList(Entry);
  709. Request->IoStatus.Information = 0;
  710. Request->IoStatus.Status = STATUS_CANCELLED;
  711. InsertTailList(&CancelList,Entry);
  712. }
  713. // otherwise the cancel routine is running currently.
  714. //
  715. // If the request was for this file object, blow it away.
  716. //
  717. } else if (Request->Tail.Overlay.OriginalFileObject == FileObject) {
  718. NextEntry = Entry->Flink;
  719. // This is the cancel routine setting of cancel routine ptr to NULL.
  720. pDriverCancel = IoSetCancelRoutine(Request, NULL);
  721. // Set to NULL in the cancel routine under BowserIrpQueueSpinLock protection.
  722. if ( pDriverCancel ) {
  723. RemoveEntryList(Entry);
  724. Request->IoStatus.Information = 0;
  725. Request->IoStatus.Status = STATUS_FILE_CLOSED;
  726. InsertTailList(&CancelList,Entry);
  727. }
  728. // otherwise the cancel routine is running currently.
  729. } else {
  730. NextEntry = Entry->Flink;
  731. }
  732. }
  733. RELEASE_SPIN_LOCK(&BowserIrpQueueSpinLock, OldIrql);
  734. while (!IsListEmpty(&CancelList)) {
  735. Entry = RemoveHeadList(&CancelList);
  736. Request = CONTAINING_RECORD(Entry, IRP, Tail.Overlay.ListEntry);
  737. BowserCompleteRequest(Request, Request->IoStatus.Status);
  738. }
  739. BowserDereferenceDiscardableCode( BowserDiscardableCodeSection );
  740. }
  741. VOID
  742. BowserpInitializeIrpQueue(
  743. VOID
  744. )
  745. {
  746. KeInitializeSpinLock(&BowserIrpQueueSpinLock);
  747. InitializeListHead( &BowserCriticalThreadQueue );
  748. InitializeListHead( &BowserDelayedThreadQueue );
  749. }