|
|
/*++
Copyright (c) 1999 Microsoft Corporation
Module Name:
sessnirp.c
Abstract:
I/O Verifier irp support routines.
Author:
Adrian Oney (adriao)
Environment:
Kernel mode
Revision History:
--*/
#include "iop.h"
#include "srb.h"
//
// This entire file is only present if NO_SPECIAL_IRP isn't defined
//
#ifndef NO_SPECIAL_IRP
//
// When enabled, everything is locked down on demand...
//
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGEVRFY, IovpSessionDataCreate)
#pragma alloc_text(PAGEVRFY, IovpSessionDataAdvance)
#pragma alloc_text(PAGEVRFY, IovpSessionDataReference)
#pragma alloc_text(PAGEVRFY, IovpSessionDataDereference)
#pragma alloc_text(PAGEVRFY, IovpSessionDataClose)
#pragma alloc_text(PAGEVRFY, IovpSessionDataDeterminePolicy)
#pragma alloc_text(PAGEVRFY, IovpSessionDataAttachSurrogate)
#pragma alloc_text(PAGEVRFY, IovpSessionDataFinalizeSurrogate)
#pragma alloc_text(PAGEVRFY, IovpSessionDataBufferIO)
#pragma alloc_text(PAGEVRFY, IovpSessionDataUnbufferIO)
#endif
#define POOL_TAG_SESSION_DATA 'sprI'
#define POOL_TAG_DIRECT_BUFFER 'BprI'
PIOV_SESSION_DATAFASTCALLIovpSessionDataCreate( IN PDEVICE_OBJECT DeviceObject, IN OUT PIOV_REQUEST_PACKET *IovPacketPointer, OUT PBOOLEAN SurrogateSpawned )/*++
Description:
This routine creates tracking data for a new IRP. It must be called on the thread the IRP was originally sent down...
Arguments:
Irp - Irp to track.
Return Value:
iovPacket block, NULL if no memory.
--*/{ PIRP irp, surrogateIrp; PIOV_SESSION_DATA iovSessionData; PIOV_REQUEST_PACKET headPacket; ULONG sessionDataSize; BOOLEAN trackable, useSurrogateIrp;
*SurrogateSpawned = FALSE;
headPacket = (PIOV_REQUEST_PACKET) (*IovPacketPointer)->ChainHead; ASSERT(headPacket == (*IovPacketPointer)); irp = headPacket->TrackedIrp;
//
// Check the IRP appropriately
//
IovpSessionDataDeterminePolicy( headPacket, DeviceObject, &trackable, &useSurrogateIrp );
if (!trackable) {
return NULL; }
//
// One extra stack location is allocated as the "zero'th" is used to
// simplify some logic...
//
sessionDataSize = sizeof(IOV_SESSION_DATA)+ irp->StackCount*sizeof(IOV_STACK_LOCATION) + VfSettingsGetSnapshotSize();
iovSessionData = ExAllocatePoolWithTag( NonPagedPool, sessionDataSize, POOL_TAG_SESSION_DATA );
if (iovSessionData == NULL) {
return NULL; }
RtlZeroMemory(iovSessionData, sessionDataSize);
iovSessionData->VerifierSettings = (PVERIFIER_SETTINGS_SNAPSHOT) (((PUCHAR) iovSessionData) + (sessionDataSize-VfSettingsGetSnapshotSize()));
RtlCopyMemory( iovSessionData->VerifierSettings, headPacket->VerifierSettings, VfSettingsGetSnapshotSize() );
iovSessionData->IovRequestPacket = headPacket; InsertHeadList(&headPacket->SessionHead, &iovSessionData->SessionLink);
if (VfSettingsIsOptionEnabled(iovSessionData->VerifierSettings, VERIFIER_OPTION_DEFER_COMPLETION)|| VfSettingsIsOptionEnabled(iovSessionData->VerifierSettings, VERIFIER_OPTION_COMPLETE_AT_PASSIVE)) {
VfSettingsSetOption(iovSessionData->VerifierSettings, VERIFIER_OPTION_FORCE_PENDING, TRUE); }
//
// If DeferIoCompletion is set we definitely want to monitor pending I/O, as
// screwing it up is gaurenteed to be fatal!
//
if ((irp->Flags & IRP_DEFER_IO_COMPLETION) && VfSettingsIsOptionEnabled(iovSessionData->VerifierSettings, VERIFIER_OPTION_POLICE_IRPS)) {
VfSettingsSetOption(iovSessionData->VerifierSettings, VERIFIER_OPTION_MONITOR_PENDING_IO, TRUE); }
headPacket->pIovSessionData = iovSessionData; headPacket->TopStackLocation = irp->CurrentLocation; headPacket->Flags |= TRACKFLAG_ACTIVE; headPacket->Flags &= ~ ( TRACKFLAG_QUEUED_INTERNALLY| TRACKFLAG_RELEASED| TRACKFLAG_SRB_MUNGED| TRACKFLAG_SWAPPED_BACK );
iovSessionData->BestVisibleIrp = irp; if (useSurrogateIrp) {
//
// We will track the IRP using a surrogate.
//
*SurrogateSpawned = IovpSessionDataAttachSurrogate( IovPacketPointer, iovSessionData ); }
TRACKIRP_DBGPRINT(( " SSN CREATE(%x)->%x\n", headPacket, iovSessionData ), 3);
return iovSessionData;}
VOIDFASTCALLIovpSessionDataAdvance( IN PDEVICE_OBJECT DeviceObject, IN PIOV_SESSION_DATA IovSessionData, IN OUT PIOV_REQUEST_PACKET *IovPacketPointer, OUT PBOOLEAN SurrogateSpawned ){ *SurrogateSpawned = FALSE;}
VOIDFASTCALLIovpSessionDataDereference( IN PIOV_SESSION_DATA IovSessionData ){ PIOV_REQUEST_PACKET iovPacket;
iovPacket = IovSessionData->IovRequestPacket; ASSERT((PIOV_REQUEST_PACKET) iovPacket->ChainHead == iovPacket);
ASSERT_SPINLOCK_HELD(&iovPacket->HeaderLock); ASSERT(IovSessionData->SessionRefCount > 0); ASSERT(iovPacket->ReferenceCount >= 0);
TRACKIRP_DBGPRINT(( " SSN DEREF(%x) %x--\n", IovSessionData, IovSessionData->SessionRefCount ), 3);
IovSessionData->SessionRefCount--; if (!IovSessionData->SessionRefCount) {
ASSERT(iovPacket->pIovSessionData != IovSessionData); ASSERT(iovPacket->ReferenceCount > iovPacket->PointerCount); //ASSERT(IsListEmpty(&IovSessionData->SessionLink));
RemoveEntryList(&IovSessionData->SessionLink); InitializeListHead(&IovSessionData->SessionLink);
VfPacketDereference(iovPacket, IOVREFTYPE_PACKET);
ExFreePool(IovSessionData); }}
VOIDFASTCALLIovpSessionDataReference( IN PIOV_SESSION_DATA IovSessionData ){ PIOV_REQUEST_PACKET iovPacket;
iovPacket = IovSessionData->IovRequestPacket; ASSERT((PIOV_REQUEST_PACKET) iovPacket->ChainHead == iovPacket);
ASSERT_SPINLOCK_HELD(&iovPacket->HeaderLock); ASSERT(IovSessionData->SessionRefCount >= 0); ASSERT(iovPacket->ReferenceCount >= 0);
TRACKIRP_DBGPRINT(( " SSN REF(%x) %x++\n", IovSessionData, IovSessionData->SessionRefCount ), 3);
if (!IovSessionData->SessionRefCount) {
VfPacketReference(iovPacket, IOVREFTYPE_PACKET); } IovSessionData->SessionRefCount++;}
VOIDFASTCALLIovpSessionDataClose( IN PIOV_SESSION_DATA IovSessionData ){ PIOV_REQUEST_PACKET iovPacket = IovSessionData->IovRequestPacket;
ASSERT_SPINLOCK_HELD(&iovPacket->HeaderLock);
ASSERT(iovPacket == (PIOV_REQUEST_PACKET) iovPacket->ChainHead); ASSERT(iovPacket->pIovSessionData == IovSessionData);
TRACKIRP_DBGPRINT(( " SSN CLOSE(%x)\n", IovSessionData ), 3);
iovPacket->Flags &= ~TRACKFLAG_ACTIVE; iovPacket->pIovSessionData = NULL;}
VOIDIovpSessionDataDeterminePolicy( IN PIOV_REQUEST_PACKET IovRequestPacket, IN PDEVICE_OBJECT DeviceObject, OUT PBOOLEAN Trackable, OUT PBOOLEAN UseSurrogateIrp )/*++
Description:
This routine is called by IovpCallDriver1 to determine which IRPs should be tracked and how that tracking should be done.
Arguments:
IovRequestPacket - Verifier data representing the incoming IRP
DeviceObject - Device object the IRP is being forwarded to
Trackable - Set if the IRP should be marked trackable
UseSurrogateIrp - Set a surrogate should be created for this IRP
Return Value:
None.
--*/{ PIO_STACK_LOCATION irpSp; PIRP irp;
irp = IovRequestPacket->TrackedIrp;
//
// Determine whether we are to monitor this IRP. If we are going to test
// any one driver in a stack, then we must unfortunately monitor the IRP's
// progress through the *entire* stack. Thus our granularity here is stack
// based, not device based! We will compensate for this somewhat in the
// driver check code, which will attempt to ignore asserts from those
// "non-targetted" drivers who happen to have messed up in our stack...
//
*Trackable = IovUtilIsVerifiedDeviceStack(DeviceObject);
irpSp = IoGetNextIrpStackLocation(irp);
if (VfSettingsIsOptionEnabled(IovRequestPacket->VerifierSettings, VERIFIER_OPTION_POLICE_IRPS)) {
*UseSurrogateIrp = VfSettingsIsOptionEnabled(NULL, VERIFIER_OPTION_SURROGATE_IRPS); *UseSurrogateIrp &= (VfSettingsIsOptionEnabled(NULL, VERIFIER_OPTION_SMASH_SRBS) || (irpSp->MajorFunction != IRP_MJ_SCSI)); } else {
*UseSurrogateIrp = FALSE; }}
BOOLEANFASTCALLIovpSessionDataAttachSurrogate( IN OUT PIOV_REQUEST_PACKET *IovPacketPointer, IN PIOV_SESSION_DATA IovSessionData )/*++
Description:
This routine creates tracking data for a new IRP. It must be called on the thread the IRP was originally sent down...
Arguments:
IovPacketPointer - Pointer to IRP packet to attach surrogate to. If a surrogate can be attached the packet will be updated to track the surrogate.
SurrogateIrp - Prepared surrogate IRP to attach.
Return Value:
iovPacket block, NULL if no memory.
--*/{
PIOV_REQUEST_PACKET iovSurrogatePacket, iovPacket, headPacket; PIRP surrogateIrp, irp; PIO_STACK_LOCATION irpSp; PSCSI_REQUEST_BLOCK srb; CCHAR activeSize;
iovPacket = *IovPacketPointer; ASSERT_SPINLOCK_HELD(&iovPacket->HeaderLock);
ASSERT(VfIrpDatabaseEntryGetChainNext((PIOV_DATABASE_HEADER) iovPacket) == NULL);
ASSERT(iovPacket->Flags & TRACKFLAG_ACTIVE);
irp = iovPacket->TrackedIrp; activeSize = (irp->CurrentLocation-1); ASSERT(activeSize);
//
// We now try to make a copy of this new IRP which we will track. We
// do this so that we may free *every* tracked IRP immediately upon
// completion.
// Technically speaking, we only need to allocate what's left of the
// stack, not the entire thing. But using the entire stack makes our
// work much much easier. Specifically the session stack array may depend
// on this.
//
// ADRIAO N.B. 03/04/1999 - Make this work only copying a portion of the
// IRP.
//
surrogateIrp = VfIrpAllocate(irp->StackCount); // activeSize
if (surrogateIrp == NULL) {
return FALSE; }
//
// Now set up the new IRP - we do this here so VfPacketCreateAndLock
// can peek at it's fields. Start with the IRP header.
//
RtlCopyMemory(surrogateIrp, irp, sizeof(IRP));
//
// Adjust StackCount and CurrentLocation
//
surrogateIrp->StackCount = irp->StackCount; // activeSize
surrogateIrp->Tail.Overlay.CurrentStackLocation = ((PIO_STACK_LOCATION) (surrogateIrp+1))+activeSize;
//
// Our new IRP "floats", and is not attached to any thread.
// Note that all cancels due to thread death will come through the
// original IRP.
//
InitializeListHead(&surrogateIrp->ThreadListEntry);
//
// Our new IRP also is not connected to user mode.
//
surrogateIrp->UserEvent = NULL; surrogateIrp->UserIosb = NULL;
//
// Now copy over only the active portions of IRP. Be very careful to not
// assume that the last stack location is right after the end of the IRP,
// as we may change this someday!
//
irpSp = (IoGetCurrentIrpStackLocation(irp)-activeSize); RtlCopyMemory(surrogateIrp+1, irpSp, sizeof(IO_STACK_LOCATION)*activeSize);
//
// Zero the portion of the new IRP we won't be using (this should
// eventually go away).
//
RtlZeroMemory( ((PIO_STACK_LOCATION) (surrogateIrp+1))+activeSize, sizeof(IO_STACK_LOCATION)*(surrogateIrp->StackCount - activeSize) );
//
// Now create a surrogate packet to track the new IRP.
//
iovSurrogatePacket = VfPacketCreateAndLock(surrogateIrp); if (iovSurrogatePacket == NULL) {
VfIrpFree(surrogateIrp); return FALSE; }
headPacket = (PIOV_REQUEST_PACKET) iovPacket->ChainHead;
ASSERT(iovSurrogatePacket->LockIrql == DISPATCH_LEVEL); irpSp = IoGetNextIrpStackLocation(irp);
//
// We will flag this bug later.
//
irp->CancelRoutine = NULL;
//
// Let's take advantage of the original IRP not being the thing partied on
// now; store a pointer to our tracking data in the information field. We
// don't use this, but it's nice when debugging...
//
irp->IoStatus.Information = (ULONG_PTR) iovPacket;
//
// ADRIAO N.B. #28 06/10/98 - This is absolutely *gross*, and not
// deterministic enough for my tastes.
//
// For IRP_MJ_SCSI (ie, IRP_MJ_INTERNAL_DEVICE_CONTROL), look and see
// if we have an SRB coming through. If so, fake out the OriginalRequest
// IRP pointer as appropriate.
//
if (irpSp->MajorFunction == IRP_MJ_SCSI) { srb = irpSp->Parameters.Others.Argument1; if (VfUtilIsMemoryRangeReadable(srb, SCSI_REQUEST_BLOCK_SIZE, VFMP_INSTANT_NONPAGED)) { if ((srb->Length == SCSI_REQUEST_BLOCK_SIZE)&&(srb->OriginalRequest == irp)) { srb->OriginalRequest = surrogateIrp; headPacket->Flags |= TRACKFLAG_SRB_MUNGED; } } }
//
// Since the replacement will never make it back to user mode (the real
// IRP shall of course), we will steal a field or two for debugging info.
//
surrogateIrp->UserIosb = (PIO_STATUS_BLOCK) iovPacket;
//
// Now that everything is built correctly, attach the surrogate. The
// surrogate holds down the packet we are attaching to. When the surrogate
// dies we will remove this reference.
//
VfPacketReference(iovPacket, IOVREFTYPE_POINTER);
//
// Stamp IRPs appropriately.
//
surrogateIrp->Flags |= IRP_DIAG_IS_SURROGATE; irp->Flags |= IRP_DIAG_HAS_SURROGATE;
//
// Mark packet as surrogate and inherit appropriate fields from iovPacket.
//
iovSurrogatePacket->Flags |= TRACKFLAG_SURROGATE | TRACKFLAG_ACTIVE; iovSurrogatePacket->pIovSessionData = iovPacket->pIovSessionData;
RtlCopyMemory( iovSurrogatePacket->VerifierSettings, iovPacket->VerifierSettings, VfSettingsGetSnapshotSize() );
iovSurrogatePacket->LastLocation = iovPacket->LastLocation; iovSurrogatePacket->TopStackLocation = irp->CurrentLocation;
iovSurrogatePacket->ArrivalIrql = iovPacket->ArrivalIrql; iovSurrogatePacket->DepartureIrql = iovPacket->DepartureIrql;
iovPacket->Flags |= TRACKFLAG_HAS_SURROGATE;
//
// Link in the new surrogate
//
VfIrpDatabaseEntryAppendToChain( (PIOV_DATABASE_HEADER) iovPacket, (PIOV_DATABASE_HEADER) iovSurrogatePacket );
*IovPacketPointer = iovSurrogatePacket;
IovpSessionDataBufferIO( iovSurrogatePacket, surrogateIrp );
return TRUE;}
VOIDFASTCALLIovpSessionDataFinalizeSurrogate( IN PIOV_SESSION_DATA IovSessionData, IN OUT PIOV_REQUEST_PACKET IovPacket, IN PIRP SurrogateIrp )/*++
Description:
This routine removes the flags from both the real and surrogate IRP and records the final IRP settings. Finally, the surrogate IRP is made "untouchable" (decommitted).
Arguments:
iovPacket - Pointer to the IRP tracking data.
Return Value:
None.--*/{ PIOV_REQUEST_PACKET iovPrevPacket; NTSTATUS status, lockedStatus; ULONG nonInterestingFlags; PIO_STACK_LOCATION irpSp; PIRP irp;
ASSERT(IovPacket->Flags&TRACKFLAG_SURROGATE);
ASSERT(VfPacketGetCurrentSessionData(IovPacket) == IovSessionData);
IovPacket->pIovSessionData = NULL;
//
// It's a surrogate, do as appropriate.
//
ASSERT(IovPacket->TopStackLocation == SurrogateIrp->CurrentLocation+1);
IovpSessionDataUnbufferIO(IovPacket, SurrogateIrp);
iovPrevPacket = (PIOV_REQUEST_PACKET) VfIrpDatabaseEntryGetChainPrevious( (PIOV_DATABASE_HEADER) IovPacket );
irp = iovPrevPacket->TrackedIrp;
//
// Carry the pending bit over.
//
if (SurrogateIrp->PendingReturned) { IoMarkIrpPending(irp); }
nonInterestingFlags = ( IRPFLAG_EXAMINE_MASK | IRP_DIAG_IS_SURROGATE| IRP_DIAG_HAS_SURROGATE );
//
// Wipe the flags nice and clean
//
SurrogateIrp->Flags &= ~IRP_DIAG_IS_SURROGATE; irp->Flags &= ~IRP_DIAG_HAS_SURROGATE;
//
// ASSERT portions of the IRP header have not changed.
//
ASSERT(irp->StackCount == SurrogateIrp->StackCount); // Later to be removed
ASSERT(irp->Type == SurrogateIrp->Type); ASSERT(irp->RequestorMode == SurrogateIrp->RequestorMode); ASSERT(irp->ApcEnvironment == SurrogateIrp->ApcEnvironment); ASSERT(irp->AllocationFlags == SurrogateIrp->AllocationFlags); ASSERT(irp->Tail.Overlay.Thread == SurrogateIrp->Tail.Overlay.Thread);
ASSERT( irp->Overlay.AsynchronousParameters.UserApcRoutine == SurrogateIrp->Overlay.AsynchronousParameters.UserApcRoutine );
ASSERT( irp->Overlay.AsynchronousParameters.UserApcContext == SurrogateIrp->Overlay.AsynchronousParameters.UserApcContext );
ASSERT( irp->Tail.Overlay.OriginalFileObject == SurrogateIrp->Tail.Overlay.OriginalFileObject );
ASSERT( irp->Tail.Overlay.AuxiliaryBuffer == SurrogateIrp->Tail.Overlay.AuxiliaryBuffer );
/*
ASSERT( irp->AssociatedIrp.SystemBuffer == SurrogateIrp->AssociatedIrp.SystemBuffer );
ASSERT( (irp->Flags & ~nonInterestingFlags) == (SurrogateIrp->Flags & ~nonInterestingFlags) );
ASSERT(irp->MdlAddress == SurrogateIrp->MdlAddress);*/ //
// ADRIAO N.B. 02/28/1999 -
// How do these change as an IRP progresses?
//
irp->Flags |= SurrogateIrp->Flags; irp->MdlAddress = SurrogateIrp->MdlAddress; irp->AssociatedIrp.SystemBuffer = SurrogateIrp->AssociatedIrp.SystemBuffer;
//
// ADRIAO N.B. 10/18/1999 - UserBuffer is edited by netbios on Type3 device
// ioctls. Yuck!
//
irp->UserBuffer = SurrogateIrp->UserBuffer;
if ((irp->Flags&IRP_DEALLOCATE_BUFFER)&& (irp->AssociatedIrp.SystemBuffer == NULL)) {
irp->Flags &= ~IRP_DEALLOCATE_BUFFER; }
//
// Copy the salient fields back. We only need to touch certain areas of the
// header.
//
irp->IoStatus = SurrogateIrp->IoStatus; irp->PendingReturned = SurrogateIrp->PendingReturned; irp->Cancel = SurrogateIrp->Cancel;
iovPrevPacket->Flags &= ~TRACKFLAG_HAS_SURROGATE;
//
// Record data from it and make the system fault if the IRP is touched
// after this completion routine.
//
IovSessionData->BestVisibleIrp = irp;
IovSessionData->IovRequestPacket = iovPrevPacket;
VfIrpDatabaseEntryRemoveFromChain((PIOV_DATABASE_HEADER) IovPacket);
VfPacketDereference(iovPrevPacket, IOVREFTYPE_POINTER);
ASSERT(IovPacket->PointerCount == 0);
VfIrpFree(SurrogateIrp);}
VOIDFASTCALLIovpSessionDataBufferIO( IN OUT PIOV_REQUEST_PACKET IovSurrogatePacket, IN PIRP SurrogateIrp ){ PMDL mdl; ULONG bufferLength; PUCHAR bufferVA, systemDestVA; PVOID systemBuffer; PIO_STACK_LOCATION irpSp;
if (!VfSettingsIsOptionEnabled(IovSurrogatePacket->VerifierSettings, VERIFIER_OPTION_BUFFER_DIRECT_IO)) {
return; }
if (SurrogateIrp->Flags & IRP_PAGING_IO) {
return; }
if (SurrogateIrp->MdlAddress == NULL) {
return; }
if (SurrogateIrp->MdlAddress->Next) {
return; }
if (SurrogateIrp->Flags & IRP_BUFFERED_IO) {
return; }
irpSp = IoGetNextIrpStackLocation(SurrogateIrp);
if (irpSp->MajorFunction != IRP_MJ_READ) {
return; }
//
// Extract length and VA from the MDL.
//
bufferLength = SurrogateIrp->MdlAddress->ByteCount; bufferVA = (PUCHAR) SurrogateIrp->MdlAddress->StartVa + SurrogateIrp->MdlAddress->ByteOffset;
//
// Allocate memory and make it the target of the MDL
//
systemBuffer = ExAllocatePoolWithTagPriority( NonPagedPool, bufferLength, POOL_TAG_DIRECT_BUFFER, HighPoolPrioritySpecialPoolOverrun );
if (systemBuffer == NULL) {
return; }
//
// Save off a pointer to the Mdl's buffer. This should never fail, but
// one never knows...
//
systemDestVA = MmGetSystemAddressForMdlSafe(SurrogateIrp->MdlAddress, HighPagePriority);
if (systemDestVA == NULL) {
ASSERT(0); ExFreePool(systemBuffer); return; }
//
// Allocate a MDL, update the IRP.
//
mdl = IoAllocateMdl( systemBuffer, bufferLength, FALSE, TRUE, SurrogateIrp );
if (mdl == NULL) {
ExFreePool(systemBuffer); return; }
MmProbeAndLockPages( mdl, KernelMode, IoWriteAccess ); IovSurrogatePacket->SystemDestVA = systemDestVA; IovSurrogatePacket->Flags |= TRACKFLAG_DIRECT_BUFFERED;}
VOIDFASTCALLIovpSessionDataUnbufferIO( IN OUT PIOV_REQUEST_PACKET IovSurrogatePacket, IN PIRP SurrogateIrp ){ PMDL mdl; ULONG surrogateLength, originalLength; ULONG_PTR bufferLength; PUCHAR surrogateVA, originalVA, systemDestVA; PVOID systemBuffer; PIOV_REQUEST_PACKET iovPrevPacket; PIRP irp;
if (!(IovSurrogatePacket->Flags & TRACKFLAG_DIRECT_BUFFERED)) {
return; }
iovPrevPacket = (PIOV_REQUEST_PACKET) VfIrpDatabaseEntryGetChainPrevious( (PIOV_DATABASE_HEADER) IovSurrogatePacket );
irp = iovPrevPacket->TrackedIrp;
ASSERT(SurrogateIrp->MdlAddress); ASSERT(SurrogateIrp->MdlAddress->Next == NULL); ASSERT(irp->MdlAddress); ASSERT(irp->MdlAddress->Next == NULL); ASSERT(!(SurrogateIrp->Flags & IRP_BUFFERED_IO)); ASSERT(!(irp->Flags & IRP_BUFFERED_IO));
//
// Extract length and VA from the MDLs.
//
surrogateLength = SurrogateIrp->MdlAddress->ByteCount; surrogateVA = (PUCHAR) SurrogateIrp->MdlAddress->StartVa + SurrogateIrp->MdlAddress->ByteOffset;
//
// We use these only for the purpose of assertions.
//
originalLength = irp->MdlAddress->ByteCount; originalVA = (PUCHAR) irp->MdlAddress->StartVa + irp->MdlAddress->ByteOffset;
ASSERT(surrogateLength == originalLength); ASSERT(SurrogateIrp->IoStatus.Information <= originalLength);
//
// Get the target buffer address and the length to write.
//
bufferLength = SurrogateIrp->IoStatus.Information; systemDestVA = IovSurrogatePacket->SystemDestVA;
//
// Copy things over.
//
RtlCopyMemory(systemDestVA, surrogateVA, bufferLength);
//
// Unlock the MDL. We have to do this ourselves as this IRP is not going to
// progress through all of IoCompleteRequest.
//
MmUnlockPages(SurrogateIrp->MdlAddress);
//
// Cleanup.
//
IoFreeMdl(SurrogateIrp->MdlAddress);
//
// Free our allocated VA
//
ExFreePool(surrogateVA);
//
// Hack the MDL back as IovpSessionDataFinalizeSurrogate requires it.
//
SurrogateIrp->MdlAddress = irp->MdlAddress;
IovSurrogatePacket->Flags &= ~TRACKFLAG_DIRECT_BUFFERED;}
#endif // NO_SPECIAL_IRP
|
