archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/drivers/wdm/input/hidclass/read.c

502 lines
20 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. read.c
  9. Abstract
  11. Read handling routines
  13. Author:
  15. Ervin P.
  17. Environment:
  19. Kernel mode only
  21. Revision History:
  24. --*/
  26. #include "pch.h"
  30. /*
  31. ********************************************************************************
  32. * HidpCancelReadIrp
  33. ********************************************************************************
  34. *
  35. * If a queued read Irp gets cancelled by the user,
  36. * this function removes it from our pending-read list.
  37. *
  38. */
  39. VOID HidpCancelReadIrp(PDEVICE_OBJECT DeviceObject, PIRP Irp)
  40. {
  41. PHIDCLASS_DEVICE_EXTENSION hidDeviceExtension = (PHIDCLASS_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
  42. FDO_EXTENSION *fdoExt;
  43. PHIDCLASS_COLLECTION collection;
  44. ULONG collectionIndex;
  45. KIRQL oldIrql;
  46. PIO_STACK_LOCATION irpSp;
  47. PHIDCLASS_FILE_EXTENSION fileExtension;
  49. ASSERT(hidDeviceExtension->Signature == HID_DEVICE_EXTENSION_SIG);
  50. ASSERT(hidDeviceExtension->isClientPdo);
  51. fdoExt = &hidDeviceExtension->pdoExt.deviceFdoExt->fdoExt;
  53. collectionIndex = hidDeviceExtension->pdoExt.collectionIndex;
  54. collection = &fdoExt->classCollectionArray[collectionIndex];
  56. irpSp = IoGetCurrentIrpStackLocation(Irp);
  57. ASSERT(irpSp->FileObject->Type == IO_TYPE_FILE);
  58. fileExtension = (PHIDCLASS_FILE_EXTENSION)irpSp->FileObject->FsContext;
  60. IoReleaseCancelSpinLock(Irp->CancelIrql);
  63. LockFileExtension(fileExtension, &oldIrql);
  65. RemoveEntryList(&Irp->Tail.Overlay.ListEntry);
  67. DBG_RECORD_READ(Irp, 0, 0, TRUE);
  68. ASSERT(collection->numPendingReads > 0);
  69. collection->numPendingReads--;
  71. UnlockFileExtension(fileExtension, oldIrql);
  73. Irp->IoStatus.Status = STATUS_CANCELLED;
  74. IoCompleteRequest(Irp, IO_NO_INCREMENT);
  75. }
  78. NTSTATUS EnqueueInterruptReadIrp( PHIDCLASS_COLLECTION collection,
  79. PHIDCLASS_FILE_EXTENSION fileExtension,
  80. PIRP Irp)
  81. {
  82. NTSTATUS status;
  83. PDRIVER_CANCEL oldCancelRoutine;
  85. RUNNING_DISPATCH();
  87. /*
  88. * Must set a cancel routine before
  89. * checking the Cancel flag.
  90. */
  91. oldCancelRoutine = IoSetCancelRoutine(Irp, HidpCancelReadIrp);
  92. ASSERT(!oldCancelRoutine);
  94. /*
  95. * Make sure this Irp wasn't just cancelled.
  96. * Note that there is NO RACE CONDITION here
  97. * because we are holding the fileExtension lock.
  98. */
  99. if (Irp->Cancel) {
  100. /*
  101. * This IRP was cancelled.
  102. */
  103. oldCancelRoutine = IoSetCancelRoutine(Irp, NULL);
  104. if (oldCancelRoutine) {
  105. /*
  106. * The cancel routine was NOT called.
  107. * Return error so that caller completes the IRP.
  108. */
  109. ASSERT(oldCancelRoutine == HidpCancelReadIrp);
  110. status = STATUS_CANCELLED;
  111. } else {
  112. /*
  113. * The cancel routine was called.
  114. * As soon as we drop the spinlock it will dequeue
  115. * and complete the IRP.
  116. * Initialize the IRP's listEntry so that the dequeue
  117. * doesn't cause corruption.
  118. * Then don't touch the irp.
  119. */
  120. InitializeListHead(&Irp->Tail.Overlay.ListEntry);
  121. collection->numPendingReads++; // because cancel routine will decrement
  123. IoMarkIrpPending(Irp);
  124. status = STATUS_PENDING;
  125. }
  126. } else {
  127. DBG_RECORD_READ(Irp, IoGetCurrentIrpStackLocation(Irp)->Parameters.Read.Length, 0, FALSE)
  129. /*
  130. * There are no reports waiting.
  131. * Queue this irp onto the file extension's list of pending irps.
  132. */
  133. InsertTailList(&fileExtension->PendingIrpList, &Irp->Tail.Overlay.ListEntry);
  134. collection->numPendingReads++;
  136. IoMarkIrpPending(Irp);
  137. status = STATUS_PENDING;
  138. }
  140. return status;
  141. }
  144. PIRP DequeueInterruptReadIrp( PHIDCLASS_COLLECTION collection,
  145. PHIDCLASS_FILE_EXTENSION fileExtension)
  146. {
  147. PIRP irp = NULL;
  149. RUNNING_DISPATCH();
  151. while (!irp && !IsListEmpty(&fileExtension->PendingIrpList)) {
  152. PDRIVER_CANCEL oldCancelRoutine;
  153. PLIST_ENTRY listEntry = RemoveHeadList(&fileExtension->PendingIrpList);
  155. irp = CONTAINING_RECORD(listEntry, IRP, Tail.Overlay.ListEntry);
  157. oldCancelRoutine = IoSetCancelRoutine(irp, NULL);
  159. if (oldCancelRoutine) {
  160. ASSERT(oldCancelRoutine == HidpCancelReadIrp);
  161. ASSERT(collection->numPendingReads > 0);
  162. collection->numPendingReads--;
  163. } else {
  164. /*
  165. * IRP was cancelled and cancel routine was called.
  166. * As soon as we drop the spinlock,
  167. * the cancel routine will dequeue and complete this IRP.
  168. * Initialize the IRP's listEntry so that the dequeue doesn't cause corruption.
  169. * Then, don't touch the IRP.
  170. */
  171. ASSERT(irp->Cancel);
  172. InitializeListHead(&irp->Tail.Overlay.ListEntry);
  173. irp = NULL;
  174. }
  175. }
  177. return irp;
  178. }
  181. /*
  182. ********************************************************************************
  183. * HidpIrpMajorRead
  184. ********************************************************************************
  185. *
  186. * Note: this function should not be pageable because
  187. * reads can come in at dispatch level.
  188. *
  189. */
  190. NTSTATUS HidpIrpMajorRead(IN PHIDCLASS_DEVICE_EXTENSION HidDeviceExtension, IN OUT PIRP Irp)
  191. {
  192. NTSTATUS status = STATUS_SUCCESS;
  193. FDO_EXTENSION *fdoExt;
  194. PDO_EXTENSION *pdoExt;
  195. PIO_STACK_LOCATION irpSp;
  196. PHIDCLASS_FILE_EXTENSION fileExtension;
  197. KIRQL oldIrql;
  199. ASSERT(HidDeviceExtension->isClientPdo);
  200. pdoExt = &HidDeviceExtension->pdoExt;
  201. fdoExt = &pdoExt->deviceFdoExt->fdoExt;
  202. irpSp = IoGetCurrentIrpStackLocation(Irp);
  204. /*
  205. * Get our file extension.
  206. */
  207. if (!irpSp->FileObject ||
  208. (irpSp->FileObject &&
  209. !irpSp->FileObject->FsContext)) {
  210. DBGWARN(("Attempted read with no file extension"))
  211. Irp->IoStatus.Status = status = STATUS_PRIVILEGE_NOT_HELD;
  212. IoCompleteRequest(Irp, IO_NO_INCREMENT);
  213. return status;
  214. }
  215. ASSERT(irpSp->FileObject->Type == IO_TYPE_FILE);
  216. fileExtension = (PHIDCLASS_FILE_EXTENSION)irpSp->FileObject->FsContext;
  217. ASSERT(fileExtension->Signature == HIDCLASS_FILE_EXTENSION_SIG);
  221. if (((fdoExt->state == DEVICE_STATE_START_SUCCESS) ||
  222. (fdoExt->state == DEVICE_STATE_STOPPING) ||
  223. (fdoExt->state == DEVICE_STATE_STOPPED)) &&
  224. ((pdoExt->state == COLLECTION_STATE_RUNNING) ||
  225. (pdoExt->state == COLLECTION_STATE_STOPPING) ||
  226. (pdoExt->state == COLLECTION_STATE_STOPPED))) {
  228. ULONG collectionNum;
  229. PHIDCLASS_COLLECTION classCollection;
  230. PHIDP_COLLECTION_DESC collectionDesc;
  232. //
  233. // ISSUE: Is this safe to stop a polled collection like this?
  234. // interrupt driver collections have a restore read pump at power up
  235. // to D0, but I don't see any for polled collections...?
  236. //
  237. BOOLEAN isStopped = ((fdoExt->state == DEVICE_STATE_STOPPED) ||
  238. (fdoExt->state == DEVICE_STATE_STOPPING) ||
  239. (pdoExt->state == COLLECTION_STATE_STOPPING) ||
  240. (pdoExt->state == COLLECTION_STATE_STOPPED));
  242. Irp->IoStatus.Information = 0;
  245. /*
  246. * Get our collection and collection description.
  247. */
  248. collectionNum = HidDeviceExtension->pdoExt.collectionNum;
  249. classCollection = GetHidclassCollection(fdoExt, collectionNum);
  250. collectionDesc = GetCollectionDesc(fdoExt, collectionNum);
  252. if (classCollection && collectionDesc) {
  254. /*
  255. * Make sure the caller's read buffer is large enough to read at least one report.
  256. */
  257. if (irpSp->Parameters.Read.Length >= collectionDesc->InputLength) {
  259. /*
  260. * We know we're going to try to transfer something into the caller's
  261. * buffer, so get the global address. This will also serve to create
  262. * a mapped system address in the MDL if necessary.
  263. */
  265. if (classCollection->hidCollectionInfo.Polled) {
  267. /*
  268. * This is a POLLED collection.
  269. */
  272. if (isStopped) {
  273. status = EnqueuePolledReadIrp(classCollection, Irp);
  274. } else if (fileExtension->isOpportunisticPolledDeviceReader &&
  275. !classCollection->polledDataIsStale &&
  276. (irpSp->Parameters.Read.Length >= classCollection->savedPolledReportLen)) {
  278. PUCHAR callersBuffer;
  280. callersBuffer = HidpGetSystemAddressForMdlSafe(Irp->MdlAddress);
  282. if (callersBuffer) {
  283. ULONG userReportLength;
  284. /*
  285. * Use the polledDeviceReadQueueSpinLock to protect
  286. * the savedPolledReportBuf.
  287. */
  288. KeAcquireSpinLock(&classCollection->polledDeviceReadQueueSpinLock, &oldIrql);
  290. /*
  291. * This is an "opportunistic" reader who
  292. * wants a result right away.
  293. * We have a recent report,
  294. * so just copy the last saved report.
  295. */
  296. RtlCopyMemory( callersBuffer,
  297. classCollection->savedPolledReportBuf,
  298. classCollection->savedPolledReportLen);
  299. Irp->IoStatus.Information = userReportLength = classCollection->savedPolledReportLen;
  301. KeReleaseSpinLock(&classCollection->polledDeviceReadQueueSpinLock, oldIrql);
  303. DBG_RECORD_READ(Irp, userReportLength, (ULONG)callersBuffer[0], TRUE)
  304. status = STATUS_SUCCESS;
  305. } else {
  306. status = STATUS_INVALID_USER_BUFFER;
  307. }
  308. } else {
  310. status = EnqueuePolledReadIrp(classCollection, Irp);
  312. /*
  313. * If this is an "opportunistic" polled
  314. * device reader, and we queued the irp,
  315. * make the read happen right away.
  316. * Make sure ALL SPINLOCKS ARE RELEASED
  317. * before we call out of the driver.
  318. */
  319. if (NT_SUCCESS(status) && fileExtension->isOpportunisticPolledDeviceReader) {
  320. ReadPolledDevice(pdoExt, FALSE);
  321. }
  322. }
  323. } else {
  325. /*
  326. * This is an ordinary NON-POLLED collection.
  327. * We either:
  328. * 1. Satisfy this read with a queued report
  329. * or
  330. * 2. Queue this read IRP and satisfy it in the future
  331. * when a report comes in (on one of the ping-pong IRPs).
  332. */
  334. //
  335. // We only stop interrupt devices when we power down.
  336. //
  337. if (fdoExt->devicePowerState != PowerDeviceD0) {
  338. DBGINFO(("read report received in low power"));
  339. }
  340. isStopped |= (fdoExt->devicePowerState != PowerDeviceD0);
  342. LockFileExtension(fileExtension, &oldIrql);
  343. if (isStopped) {
  344. status = EnqueueInterruptReadIrp(classCollection, fileExtension, Irp);
  345. } else {
  346. ULONG userBufferRemaining = irpSp->Parameters.Read.Length;
  347. PUCHAR callersBuffer;
  349. callersBuffer = HidpGetSystemAddressForMdlSafe(Irp->MdlAddress);
  351. if (callersBuffer) {
  352. PUCHAR nextReportBuffer = callersBuffer;
  354. /*
  355. * There are some reports waiting.
  356. *
  357. * Spin in this loop, filling up the caller's buffer with reports,
  358. * until either the buffer fills up or we run out of reports.
  359. */
  360. ULONG reportsReturned = 0;
  362. status = STATUS_SUCCESS;
  364. while (userBufferRemaining > 0) {
  365. PHIDCLASS_REPORT reportExtension;
  366. ULONG reportSize = userBufferRemaining;
  368. reportExtension = DequeueInterruptReport(fileExtension, userBufferRemaining);
  369. if (reportExtension) {
  370. status = HidpCopyInputReportToUser( fileExtension,
  371. reportExtension->UnparsedReport,
  372. &reportSize,
  373. nextReportBuffer);
  375. /*
  376. * Whether we succeeded or failed, free this report.
  377. * (If we failed, there may be something wrong with
  378. * the report, so we'll just throw it away).
  379. */
  380. ExFreePool(reportExtension);
  382. if (NT_SUCCESS(status)) {
  383. reportsReturned++;
  384. nextReportBuffer += reportSize;
  385. ASSERT(reportSize <= userBufferRemaining);
  386. userBufferRemaining -= reportSize;
  387. } else {
  388. DBGSUCCESS(status, TRUE)
  389. break;
  390. }
  391. } else {
  392. break;
  393. }
  394. }
  396. if (NT_SUCCESS(status)) {
  397. if (!reportsReturned) {
  398. /*
  399. * No reports are ready. So queue the read IRP.
  400. */
  401. status = EnqueueInterruptReadIrp(classCollection, fileExtension, Irp);
  402. } else {
  403. /*
  404. * We've succesfully copied something into the user's buffer,
  405. * calculate how much we've copied and return in the irp.
  406. */
  407. Irp->IoStatus.Information = (ULONG)(nextReportBuffer - callersBuffer);
  408. DBG_RECORD_READ(Irp, (ULONG)Irp->IoStatus.Information, (ULONG)callersBuffer[0], TRUE)
  409. }
  410. }
  411. } else {
  412. status = STATUS_INVALID_USER_BUFFER;
  413. }
  414. }
  415. UnlockFileExtension(fileExtension, oldIrql);
  416. }
  417. } else {
  418. status = STATUS_INVALID_BUFFER_SIZE;
  419. }
  420. } else {
  421. status = STATUS_DEVICE_NOT_CONNECTED;
  422. }
  424. DBGSUCCESS(status, FALSE)
  425. } else {
  426. /*
  427. * This can legitimately happen.
  428. * The device was disconnected between the client's open and read;
  429. * or between a read-complete and the next read.
  430. */
  431. status = STATUS_DEVICE_NOT_CONNECTED;
  432. }
  435. /*
  436. * If we satisfied the read Irp (did not queue it),
  437. * then complete it here.
  438. */
  439. if (status != STATUS_PENDING) {
  440. ULONG insideReadCompleteCount;
  442. Irp->IoStatus.Status = status;
  444. insideReadCompleteCount = InterlockedIncrement(&fileExtension->insideReadCompleteCount);
  445. if (insideReadCompleteCount <= INSIDE_READCOMPLETE_MAX) {
  446. IoCompleteRequest(Irp, IO_KEYBOARD_INCREMENT);
  447. } else {
  448. /*
  449. * All these nested reads are _probably_ occuring on the same thread,
  450. * and we are going to run out of stack and crash if we keep completing
  451. * synchronously. So return pending for this IRP and schedule a workItem
  452. * to complete it asynchronously, just to give the stack a chance to unwind.
  453. */
  454. ASYNC_COMPLETE_CONTEXT *asyncCompleteContext = ALLOCATEPOOL(NonPagedPool, sizeof(ASYNC_COMPLETE_CONTEXT));
  455. if (asyncCompleteContext) {
  456. ASSERT(!Irp->CancelRoutine);
  457. DBGWARN(("HidpIrpMajorRead: CLIENT IS LOOPING ON READ COMPLETION -- scheduling workItem to complete IRP %ph (status=%xh) asynchronously", Irp, status))
  458. asyncCompleteContext->workItem = IoAllocateWorkItem(pdoExt->pdo);
  460. asyncCompleteContext->sig = ASYNC_COMPLETE_CONTEXT_SIG;
  461. asyncCompleteContext->irp = Irp;
  463. /*
  464. * Indicate that the irp has been queued
  465. */
  466. IoMarkIrpPending(asyncCompleteContext->irp);
  468. IoQueueWorkItem(asyncCompleteContext->workItem,
  469. WorkItemCallback_CompleteIrpAsynchronously,
  470. DelayedWorkQueue,
  471. asyncCompleteContext);
  473. status = STATUS_PENDING;
  474. } else {
  475. DBGERR(("HidpIrpMajorRead: completeIrpWorkItem alloc failed"))
  476. IoCompleteRequest(Irp, IO_NO_INCREMENT);
  477. }
  478. }
  480. InterlockedDecrement(&fileExtension->insideReadCompleteCount);
  481. }
  483. DBGSUCCESS(status, FALSE)
  484. return status;
  485. }
  489. VOID
  490. WorkItemCallback_CompleteIrpAsynchronously(PDEVICE_OBJECT DevObj,
  491. PVOID context)
  492. {
  493. ASYNC_COMPLETE_CONTEXT *asyncCompleteContext = context;
  495. ASSERT(asyncCompleteContext->sig == ASYNC_COMPLETE_CONTEXT_SIG);
  496. DBGVERBOSE(("WorkItemCallback_CompleteIrpAsynchronously: completing irp %ph with status %xh.", asyncCompleteContext->irp, asyncCompleteContext->irp->IoStatus.Status))
  498. IoCompleteRequest(asyncCompleteContext->irp, IO_NO_INCREMENT);
  500. IoFreeWorkItem(asyncCompleteContext->workItem);
  501. ExFreePool(asyncCompleteContext);
  502. }