/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
fsdraw.c
Abstract:
This module contains routines for processing the following SMBs in
the server FSD:
Read Block Raw
Write Block Raw
The routines in this module generally work closely with the routines
in smbraw.c.
*** There is no support here for raw writes from MS-NET 1.03 clients.
There are very few of these machines in existence, and raw mode
is only a performance issue, so it is not worth the trouble to
add the necessary hacks for MS-NET 1.03, which sends raw write
requests in a different format.
Author:
Chuck Lenzmeier (chuckl) 8-Sep-1990
Manny Weiser (mannyw)
David Treadwell (davidtr)
Revision History:
--*/
#include "precomp.h"
#include "fsdraw.tmh"
#pragma hdrstop
//
// Forward declarations.
//
STATIC
VOID SRVFASTCALL
RestartWriteCompleteResponse (
IN OUT PWORK_CONTEXT WorkContext
);
#ifdef ALLOC_PRAGMA
#pragma alloc_text( PAGE8FIL, SrvFsdBuildWriteCompleteResponse )
#pragma alloc_text( PAGE8FIL, RestartWriteCompleteResponse )
#endif
#if 0
NOT PAGEABLE -- RestartCopyReadRawResponse
NOT PAGEABLE -- SrvFsdRestartPrepareRawMdlWrite
NOT PAGEABLE -- SrvFsdRestartReadRaw
NOT PAGEABLE -- SrvFsdRestartWriteRaw
#endif
#if DBG
VOID
DumpMdlChain(
IN PMDL mdl
);
#endif
�
VOID
SrvFsdBuildWriteCompleteResponse (
IN OUT PWORK_CONTEXT WorkContext,
IN NTSTATUS Status,
IN ULONG BytesWritten
)
/*++
Routine Description:
Sets up a final response to a Write Block Raw/Mpx request.
This routine is called in both the FSP and the FSD. It can be called
in the FSD only if Status == STATUS_SUCCESS.
Arguments:
WorkContext - Supplies a pointer to the work context block
describing server-specific context for the request.
Status - Supplies a status value to be returned to the client.
BytesWritten - Supplies the number of bytes actually written.
Return Value:
SMB_PROCESSOR_RETURN_TYPE - Returns SmbStatusSendResponse.
--*/
{
PSMB_HEADER header;
PRESP_WRITE_COMPLETE response;
if ( WorkContext->Rfcb != NULL ) {
UNLOCKABLE_CODE( 8FIL );
} else {
ASSERT( KeGetCurrentIrql() < DISPATCH_LEVEL );
}
//
// Get pointers to the header and the response parameters area.
// Note that Write Block Raw/Mpx can't be chained to an AndX SMB.
//
header = WorkContext->ResponseHeader;
response = (PRESP_WRITE_COMPLETE)WorkContext->ResponseParameters;
//
// Change the SMB command code to Write Complete.
//
header->Command = SMB_COM_WRITE_COMPLETE;
//
// Put the error code in the header. Note that SrvSetSmbError
// writes a null parameter area to the end of the SMB; we overwrite
// that with our own parameter area.
//
if ( Status != STATUS_SUCCESS ) {
ASSERT( KeGetCurrentIrql() < DISPATCH_LEVEL );
SrvSetSmbError2( WorkContext, Status, TRUE );
}
//
// Build the response SMB.
//
response->WordCount = 1;
SmbPutUshort( &response->Count, (USHORT)BytesWritten );
SmbPutUshort( &response->ByteCount, 0 );
WorkContext->ResponseParameters = NEXT_LOCATION(
response,
RESP_WRITE_COMPLETE,
0
);
return;
} // SrvFsdBuildWriteCompleteResponse
�
NTSTATUS
RestartCopyReadRawResponse (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN OUT PWORK_CONTEXT WorkContext
)
/*++
Routine Description:
This is the restart routine that is invoked when the send of a
Read Block Raw response completes.
This routine is called in the FSD.
Arguments:
DeviceObject - Pointer to target device object for the request.
Irp - Pointer to I/O request packet
WorkContext - Caller-specified context parameter associated with IRP.
This is actually a pointer to a Work Context block.
Return Value:
STATUS_MORE_PROCESSING_REQUIRED.
--*/
{
KIRQL oldIrql;
PCONNECTION connection;
IF_DEBUG(FSD1) SrvPrint0( " - RestartCopyReadRawResponse\n" );
//
// Check the status of the send completion.
//
CHECK_SEND_COMPLETION_STATUS( Irp->IoStatus.Status );
//
// Reset the IRP cancelled bit.
//
Irp->Cancel = FALSE;
//
// Deallocate the raw buffer, if the original SMB buffer was not
// used. Note that we do not need to unlock the raw buffer, because
// it was allocated out of nonpaged pool and locked using
// MmBuildMdlForNonPagedPool, which doesn't increment reference
// counts and therefore has no inverse.
//
if ( WorkContext->Parameters.ReadRaw.SavedResponseBuffer != NULL ) {
DEALLOCATE_NONPAGED_POOL( WorkContext->ResponseBuffer->Buffer );
IoFreeMdl( WorkContext->ResponseBuffer->Mdl );
DEALLOCATE_NONPAGED_POOL( WorkContext->ResponseBuffer );
WorkContext->ResponseBuffer =
WorkContext->Parameters.ReadRaw.SavedResponseBuffer;
}
//
// If there is an oplock break request pending, then we must go to the
// FSP to initiate the break, otherwise complete processing in the FSD.
//
connection = WorkContext->Connection;
KeRaiseIrql( DISPATCH_LEVEL, &oldIrql );
ACQUIRE_DPC_SPIN_LOCK( connection->EndpointSpinLock );
if ( IsListEmpty( &connection->OplockWorkList ) ) {
//
// Dereference control blocks and put the work item back on the
// receive queue.
//
WorkContext->Connection->RawReadsInProgress--;
RELEASE_DPC_SPIN_LOCK( connection->EndpointSpinLock );
SrvFsdRestartSmbComplete( WorkContext );
} else {
//
// Send this work context to the FSP for completion.
//
RELEASE_DPC_SPIN_LOCK( connection->EndpointSpinLock );
WorkContext->FspRestartRoutine = SrvRestartReadRawComplete;
QUEUE_WORK_TO_FSP( WorkContext );
}
IF_DEBUG(TRACE2) SrvPrint0( "RestartCopyReadRawResponse complete\n" );
KeLowerIrql( oldIrql );
return STATUS_MORE_PROCESSING_REQUIRED;
} // RestartCopyReadRawResponse
�
VOID SRVFASTCALL
SrvFsdRestartPrepareRawMdlWrite(
IN OUT PWORK_CONTEXT WorkContext
)
/*++
Routine Description:
Restart routine for completion of a "prepare MDL write" I/O request.
Prepares a work context block and an IRP describing the raw receive,
posts the receive, and sends a "go-ahead" response.
This routine is called in both the FSP and the FSD.
Arguments:
WorkContext - Supplies a pointer to the work context block
describing server-specific context for the request.
Return Value:
None.
--*/
{
PREQ_WRITE_RAW request;
PRESP_WRITE_RAW_INTERIM response;
PVOID finalResponseBuffer;
PWORK_CONTEXT rawWorkContext;
ULONG writeLength;
ULONG immediateLength;
BOOLEAN immediateWriteDone;
PMDL mdl;
PCHAR src;
PCHAR dest;
ULONG lengthToCopy;
PIO_STACK_LOCATION irpSp;
BOOLEAN bNeedTrace = (WorkContext->bAlreadyTrace == FALSE);
if (bNeedTrace) {
if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
WorkContext->PreviousSMB = EVENT_TYPE_SMB_WRITE_RAW;
SrvWmiStartContext(WorkContext);
}
else
WorkContext->bAlreadyTrace = FALSE;
IF_DEBUG(FSD1) SrvPrint0( " - SrvFsdRestartPrepareRawMdlWrite\n" );
//
// Get request parameters and saved context.
//
request = (PREQ_WRITE_RAW)WorkContext->RequestParameters;
rawWorkContext = WorkContext->Parameters.WriteRawPhase1.RawWorkContext;
writeLength = SmbGetUshort( &request->Count );
immediateLength = SmbGetUshort( &request->DataLength );
immediateWriteDone = rawWorkContext->Parameters.WriteRaw.ImmediateWriteDone;
if ( immediateWriteDone ) {
writeLength -= immediateLength;
}
finalResponseBuffer =
rawWorkContext->Parameters.WriteRaw.FinalResponseBuffer;
//
// If the prepare MDL write I/O failed, send an error response.
//
if ( !NT_SUCCESS(WorkContext->Irp->IoStatus.Status) ) {
IF_DEBUG(ERRORS) {
SrvPrint1( "SrvFsdRestartPrepareRawMdlWrite: Write failed: %X\n",
WorkContext->Irp->IoStatus.Status );
}
//
// We won't be needing the final response buffer or the raw mode
// work item.
//
if ( finalResponseBuffer != NULL ) {
DEALLOCATE_NONPAGED_POOL( finalResponseBuffer );
}
rawWorkContext->ResponseBuffer->Buffer = NULL;
RestartWriteCompleteResponse( rawWorkContext );
//
// Build and send the response.
//
if ( KeGetCurrentIrql() >= DISPATCH_LEVEL ) {
WorkContext->Irp->IoStatus.Information =
immediateWriteDone ? immediateLength : 0;
WorkContext->FspRestartRoutine = SrvBuildAndSendWriteCompleteResponse;
WorkContext->FsdRestartRoutine = SrvFsdRestartSmbComplete; // after response
QUEUE_WORK_TO_FSP( WorkContext );
} else {
SrvFsdBuildWriteCompleteResponse(
WorkContext,
WorkContext->Irp->IoStatus.Status,
immediateWriteDone ? immediateLength : 0
);
SrvFsdSendResponse( WorkContext );
}
IF_DEBUG(TRACE2) {
SrvPrint0( "SrvFsdRestartPrepareRawMdlWrite complete\n" );
}
goto Cleanup;
}
//
// If a final response is going to be sent, save information from
// the request in the final response buffer.
//
if ( finalResponseBuffer != NULL ) {
RtlCopyMemory(
(PSMB_HEADER)finalResponseBuffer,
WorkContext->RequestHeader,
sizeof(SMB_HEADER)
);
}
//
// If the immediate data has not yet been written, copy it now.
//
mdl = WorkContext->Irp->MdlAddress;
#if DBG
IF_SMB_DEBUG(RAW2) {
KdPrint(( "SrvFsdRestartPrepareRawMdlWrite: input chain:\n" ));
DumpMdlChain( mdl );
}
#endif
rawWorkContext->Parameters.WriteRaw.FirstMdl = mdl;
if ( !immediateWriteDone ) {
src = (PCHAR)WorkContext->RequestHeader +
SmbGetUshort( &request->DataOffset );
while ( immediateLength ) {
lengthToCopy = MIN( immediateLength, mdl->ByteCount );
dest = MmGetSystemAddressForMdlSafe( mdl,NormalPoolPriority );
if (dest == NULL) {
WorkContext->Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
WorkContext->Irp->IoStatus.Information = 0;
WorkContext->FspRestartRoutine = SrvBuildAndSendWriteCompleteResponse;
WorkContext->FsdRestartRoutine = SrvFsdRestartSmbComplete; // after response
QUEUE_WORK_TO_FSP( WorkContext );
goto Cleanup;
}
RtlCopyMemory( dest, src, lengthToCopy );
src += lengthToCopy;
immediateLength -= lengthToCopy;
writeLength -= lengthToCopy;
if ( lengthToCopy == mdl->ByteCount ) {
mdl = mdl->Next;
} else {
PCHAR baseVa;
ULONG lengthOfMdl;
PMDL rawMdl;
ASSERT( immediateLength == 0 );
baseVa = (PCHAR)MmGetMdlVirtualAddress(mdl) + lengthToCopy;
lengthOfMdl = mdl->ByteCount - lengthToCopy;
ASSERT( lengthOfMdl <= 65535 );
rawMdl = rawWorkContext->RequestBuffer->Mdl;
rawMdl->Size = (CSHORT)(sizeof(MDL) + (sizeof(ULONG_PTR) *
ADDRESS_AND_SIZE_TO_SPAN_PAGES( baseVa, lengthOfMdl )));
IoBuildPartialMdl( mdl, rawMdl, baseVa, lengthOfMdl );
rawMdl->Next = mdl->Next;
#if DBG
IF_SMB_DEBUG(RAW2) {
KdPrint(( "SrvFsdRestartPrepareRawMdlWrite: built partial MDL at 0x%p\n", rawMdl ));
DumpMdlChain( rawMdl );
}
#endif
mdl = rawMdl;
}
}
}
//
// Save the length of the raw write.
//
rawWorkContext->RequestBuffer->BufferLength = writeLength;
//
// Set up the restart routines in the work context.
//
rawWorkContext->FsdRestartRoutine = SrvQueueWorkToFspAtDpcLevel;
rawWorkContext->FspRestartRoutine = SrvRestartRawReceive;
//
// Build the TdiReceive request packet.
//
{
PIRP irp = rawWorkContext->Irp;
PIO_STACK_LOCATION irpSp;
PTDI_REQUEST_KERNEL_RECEIVE parameters;
irp->Tail.Overlay.OriginalFileObject = NULL;
irp->Tail.Overlay.Thread = WorkContext->CurrentWorkQueue->IrpThread;
DEBUG irp->RequestorMode = KernelMode;
//
// Get a pointer to the next stack location. This one is used to
// hold the parameters for the device I/O control request.
//
irpSp = IoGetNextIrpStackLocation( irp );
//
// Set up the completion routine.
//
IoSetCompletionRoutine(
irp,
SrvFsdIoCompletionRoutine,
rawWorkContext,
TRUE,
TRUE,
TRUE
);
irpSp->MajorFunction = IRP_MJ_INTERNAL_DEVICE_CONTROL;
irpSp->MinorFunction = (UCHAR)TDI_RECEIVE;
irpSp->FileObject = NULL;
irpSp->DeviceObject = NULL;
//
// Copy the caller's parameters to the service-specific portion of the
// IRP for those parameters that are the same for all three methods.
//
parameters = (PTDI_REQUEST_KERNEL_RECEIVE)&irpSp->Parameters;
parameters->ReceiveLength = writeLength;
parameters->ReceiveFlags = 0;
irp->MdlAddress = mdl;
irp->AssociatedIrp.SystemBuffer = NULL;
irp->Flags = (ULONG)IRP_BUFFERED_IO;
}
IF_SMB_DEBUG(RAW2) {
KdPrint(( "Issuing receive with MDL %p\n", rawWorkContext->Irp->MdlAddress ));
}
irpSp = IoGetNextIrpStackLocation( rawWorkContext->Irp );
//
// If this is a writebehind write, tell the transport that we don't
// plan to reply to the received message.
//
if ( finalResponseBuffer == NULL ) {
((PTDI_REQUEST_KERNEL_RECEIVE)&irpSp->Parameters)->ReceiveFlags |=
TDI_RECEIVE_NO_RESPONSE_EXP;
}
//
// Post the receive.
//
irpSp->Flags = 0;
irpSp->DeviceObject = rawWorkContext->Connection->DeviceObject;
irpSp->FileObject = rawWorkContext->Connection->FileObject;
ASSERT( rawWorkContext->Irp->StackCount >=
irpSp->DeviceObject->StackSize );
(VOID)IoCallDriver( irpSp->DeviceObject, rawWorkContext->Irp );
//
// Send the interim (go-ahead) response.
//
response = (PRESP_WRITE_RAW_INTERIM)WorkContext->ResponseParameters;
response->WordCount = 1;
SmbPutUshort( &response->Remaining, (USHORT)-1 );
SmbPutUshort( &response->ByteCount, 0 );
WorkContext->ResponseParameters = NEXT_LOCATION(
response,
RESP_WRITE_RAW_INTERIM,
0
);
SrvFsdSendResponse( WorkContext );
IF_DEBUG(TRACE2) SrvPrint0( "SrvFsdRestartPrepareRawMdlWrite complete\n" );
Cleanup:
if (bNeedTrace) {
SrvWmiEndContext(WorkContext);
}
return;
} // SrvFsdRestartPrepareRawMdlWrite
�
VOID SRVFASTCALL
SrvFsdRestartReadRaw (
IN OUT PWORK_CONTEXT WorkContext
)
/*++
Routine Description:
Processes file read completion for the Read Block Raw SMB.
This routine is called in both the FSP and the FSD.
Arguments:
WorkContext - Supplies a pointer to the work context block
describing server-specific context for the request.
Return Value:
None.
--*/
{
PRFCB rfcb;
KIRQL oldIrql;
USHORT readLength;
BOOLEAN bNeedTrace = (WorkContext->bAlreadyTrace == FALSE);
if (bNeedTrace) {
if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
WorkContext->PreviousSMB = EVENT_TYPE_SMB_READ_RAW;
SrvWmiStartContext(WorkContext);
}
else
WorkContext->bAlreadyTrace = FALSE;
IF_DEBUG(FSD1) SrvPrint0( " - SrvFsdRestartReadRaw\n" );
//
// Get the file pointer.
//
rfcb = WorkContext->Rfcb;
IF_DEBUG(TRACE2) {
SrvPrint2( " connection 0x%p, RFCB 0x%p\n",
WorkContext->Connection, rfcb );
}
//
// Calculate the amount of data read.
//
if ( WorkContext->Irp->IoStatus.Status == STATUS_END_OF_FILE ) {
readLength = 0;
IF_SMB_DEBUG(RAW2) {
SrvPrint0( "SrvFsdRestartReadRaw: 0 bytes read, at end-of-file\n" );
}
} else if ( !NT_SUCCESS(WorkContext->Irp->IoStatus.Status) ) {
readLength = 0;
IF_SMB_DEBUG(ERRORS) {
SrvPrint1( "SrvFsdRestartReadRaw: read request failed: %X\n",
WorkContext->Irp->IoStatus.Status );
}
} else if ( WorkContext->Parameters.ReadRaw.MdlRead ) {
//
// For an MDL read, we have to walk the MDL chain in order to
// determine how much data was read. This is because the
// operation may have happened in multiple step, with the MDLs
// being chained together. For example, part of the read may
// have been satisfied by the fast path, while the rest was
// satisfied using an IRP.
//
#if DBG
ULONG mdlCount = 0;
#endif
PMDL mdl = WorkContext->Irp->MdlAddress;
readLength = 0;
while ( mdl != NULL ) {
IF_SMB_DEBUG(RAW2) {
#if DBG
SrvPrint3( " mdl %ld at 0x%p, %ld bytes\n",
mdlCount,
mdl, MmGetMdlByteCount(mdl) );
#else
SrvPrint3( " mdl 0x%p, %ld bytes\n",
mdl, MmGetMdlByteCount(mdl) );
#endif
}
readLength += (USHORT)MmGetMdlByteCount(mdl);
#if DBG
mdlCount++;
#endif
mdl = mdl->Next;
}
IF_SMB_DEBUG(RAW2) {
#if DBG
SrvPrint2( "SrvFsdRestartReadRaw: %ld bytes in %ld MDLs\n",
readLength, mdlCount );
#else
SrvPrint2( "SrvFsdRestartReadRaw: %ld bytes\n",
readLength );
#endif
SrvPrint1( " info = 0x%p\n",
(PVOID)WorkContext->Irp->IoStatus.Information );
}
} else {
//
// Copy read. The I/O status block has the length.
//
readLength = (USHORT)WorkContext->Irp->IoStatus.Information;
IF_SMB_DEBUG(RAW2) {
SrvPrint1( "SrvFsdRestartReadRaw: %ld bytes read\n", readLength );
}
}
#ifdef SLMDBG
{
PRFCB_TRACE entry;
ACQUIRE_GLOBAL_SPIN_LOCK( Fsd, &oldIrql );
rfcb->OperationCount++;
entry = &rfcb->Trace[rfcb->NextTrace];
if ( ++rfcb->NextTrace == SLMDBG_TRACE_COUNT ) {
rfcb->NextTrace = 0;
rfcb->TraceWrapped = TRUE;
}
RELEASE_GLOBAL_SPIN_LOCK( Fsd, oldIrql );
entry->Command = WorkContext->NextCommand;
entry->Flags =
(UCHAR)(WorkContext->Parameters.ReadRaw.MdlRead ? 1 : 0);
KeQuerySystemTime( &entry->Time );
entry->Data.ReadWrite.Offset =
WorkContext->Parameters.ReadRaw.ReadRawOtherInfo.Offset.LowPart;
entry->Data.ReadWrite.Length = readLength;
}
#endif
//
// Update the file position.
//
// *** Note that we ignore the status of the operation, except to
// check for end-of-file, since we can't tell the client what
// the status was. We simply return as many bytes as the file
// system says were read.
//
// !!! Should we save the error and return it when the client
// retries?
//
// !!! Need to worry about wraparound?
//
if ( rfcb->ShareType == ShareTypeDisk ) {
rfcb->CurrentPosition =
WorkContext->Parameters.ReadRaw.ReadRawOtherInfo.Offset.LowPart +
readLength;
}
//
// Save the count of bytes read, to be used to update the server
// statistics database.
//
UPDATE_READ_STATS( WorkContext, readLength );
//
// Send the raw read data as the response.
//
WorkContext->ResponseBuffer->DataLength = readLength;
//
// There is no header on this SMB, do not generate a security signature
//
WorkContext->NoResponseSmbSecuritySignature = TRUE;
if ( WorkContext->Parameters.ReadRaw.MdlRead ) {
//
// MDL read. The data is described by the MDL returned by the
// file system (in irp->MdlAddress).
//
// *** Note that if the read failed completely (which happens if
// the read starts beyond EOF), there is no MDL.
// SrvStartSend handles this appropriately. So must
// RestartMdlReadRawResponse.
//
//
// Send the response.
//
SRV_START_SEND(
WorkContext,
WorkContext->Irp->MdlAddress,
0,
SrvQueueWorkToFspAtSendCompletion,
NULL,
RestartMdlReadRawResponse
);
} else {
//
// Copy read. The data is described by the MDL allocated in
// SrvFsdSmbReadRaw.
//
// *** Changing Mdl->ByteCount like this would be a problem if
// we had to unlock the pages in RestartCopyReadRawResponse,
// because we might end up unlocking fewer pages than we
// locked. But we don't actually lock the pages to build
// the MDL -- the buffer is allocated from nonpaged pool, so
// we use MmBuildMdlForNonPagedPool rather than
// MmProbeAndLockPages. So the pages haven't been
// referenced to account for the MDL, so there's no need to
// unlock them, so changing ByteCount isn't a problem.
//
//
// Send the response.
//
SRV_START_SEND_2(
WorkContext,
RestartCopyReadRawResponse,
NULL,
NULL
);
}
//
// The response send has been started.
//
IF_DEBUG(TRACE2) SrvPrint0( "SrvFsdRestartReadRaw complete\n" );
if (bNeedTrace) {
SrvWmiEndContext(WorkContext);
}
return;
} // SrvFsdRestartReadRaw
�
VOID SRVFASTCALL
RestartWriteCompleteResponse (
IN OUT PWORK_CONTEXT WorkContext
)
/*++
Routine Description:
This routine attempts, at DPC level, to clean up after a Write Raw
completes. It tries to dereference control blocks referenced by the
raw mode work item. If this cannot be done at DPC level (e.g., a
reference count goes to zero), this routine queues the work item to
the FSP for processing.
This routine is called in the FSD. Its FSP counterpart is
SrvRestartWriteCompleteResponse.
Arguments:
WorkContext - Supplies a pointer to the work context block
describing server-specific context for the request.
Return Value:
None.
--*/
{
PCONNECTION connection;
KIRQL oldIrql;
PRFCB rfcb;
PWORK_QUEUE queue;
UNLOCKABLE_CODE( 8FIL );
IF_DEBUG(FSD1) SrvPrint0( " - RestartWriteCompleteResponse\n" );
connection = WorkContext->Connection;
queue = connection->CurrentWorkQueue;
//
// If a final response was sent, check the status and deallocate the
// buffer.
//
if ( WorkContext->ResponseBuffer->Buffer != NULL ) {
//
// If the I/O request failed or was canceled, print an error
// message.
//
// !!! If I/O failure, should we drop the connection?
//
if ( WorkContext->Irp->Cancel ||
!NT_SUCCESS(WorkContext->Irp->IoStatus.Status) ) {
IF_DEBUG(FSD1) {
if ( WorkContext->Irp->Cancel ) {
SrvPrint0( " I/O canceled\n" );
} else {
SrvPrint1( " I/O failed: %X\n",
WorkContext->Irp->IoStatus.Status );
}
}
}
//
// Deallocate the final response buffer.
//
// *** Note that we don't need to unlock it, because it was
// allocated from nonpaged pool.
//
DEALLOCATE_NONPAGED_POOL( WorkContext->ResponseBuffer->Buffer );
}
//
// If the work context block has references to a share, a session,
// or a tree connect, queue it to the FSP immediately. These blocks
// are not in nonpaged pool, so they can't be touched at DPC level.
//
if ( (WorkContext->Share != NULL) ||
(WorkContext->Session != NULL) ||
(WorkContext->TreeConnect != NULL) ) {
goto queueToFsp;
}
ACQUIRE_SPIN_LOCK( &connection->SpinLock, &oldIrql );
//
// See if we can dereference the RawWriteCount here. If the raw
// write count goes to 0, and the RFCB is closing, or if there are
// work items queued waiting for the raw write to complete, we need
// to do this in the FSP.
//
// NOTE: The FSP decrements the count if WorkContext->Rfcb != NULL.
//
rfcb = WorkContext->Rfcb;
--rfcb->RawWriteCount;
if ( (rfcb->RawWriteCount == 0) &&
( (GET_BLOCK_STATE(rfcb) == BlockStateClosing) ||
!IsListEmpty(&rfcb->RawWriteSerializationList) ) ) {
rfcb->RawWriteCount++;
RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql );
goto queueToFsp;
}
//
// Dereference the file block. It is safe to decrement the count here
// because either the rfcb is not closed or RawWriteCount is not zero
// which means that the active reference is still there.
//
UPDATE_REFERENCE_HISTORY( rfcb, TRUE );
--rfcb->BlockHeader.ReferenceCount;
ASSERT( rfcb->BlockHeader.ReferenceCount > 0 );
RELEASE_SPIN_LOCK( &connection->SpinLock, oldIrql );
WorkContext->Rfcb = NULL;
//
// Attempt to dereference the connection.
//
ACQUIRE_SPIN_LOCK( connection->EndpointSpinLock, &oldIrql );
if ( connection->BlockHeader.ReferenceCount == 1 ) {
RELEASE_SPIN_LOCK( connection->EndpointSpinLock, oldIrql );
goto queueToFsp;
}
--connection->BlockHeader.ReferenceCount;
RELEASE_SPIN_LOCK( connection->EndpointSpinLock, oldIrql );
UPDATE_REFERENCE_HISTORY( connection, TRUE );
WorkContext->Connection = NULL;
WorkContext->Endpoint = NULL; // not a referenced pointer
//
// Put the work item back on the raw mode work item list.
//
InterlockedIncrement( &queue->FreeRawModeWorkItems );
ExInterlockedPushEntrySList( &queue->RawModeWorkItemList,
&WorkContext->SingleListEntry,
&queue->SpinLock );
IF_DEBUG(FSD2) SrvPrint0( "RestartWriteCompleteResponse complete\n" );
return;
queueToFsp:
//
// We were unable to do all the necessary cleanup at DPC level.
// Queue the work item to the FSP.
//
WorkContext->FspRestartRoutine = SrvRestartWriteCompleteResponse;
SrvQueueWorkToFsp( WorkContext );
IF_DEBUG(FSD2) SrvPrint0( "RestartWriteCompleteResponse complete\n" );
return;
} // RestartWriteCompleteResponse
�
VOID SRVFASTCALL
SrvFsdRestartWriteRaw (
IN OUT PWORK_CONTEXT WorkContext
)
/*++
Routine Description:
Processes file write completion for the Write Block Raw SMB.
This routine is called in both the FSP and the FSD.
Arguments:
WorkContext - Supplies a pointer to the work context block
describing server-specific context for the request.
Return Value:
None.
--*/
{
KIRQL oldIrql;
ULONG writeLength;
ULONG immediateLength;
BOOLEAN immediateWriteDone;
SHARE_TYPE shareType;
PMDL mdl;
ULONG sendLength;
PVOID finalResponseBuffer;
NTSTATUS status = STATUS_SUCCESS;
PRFCB rfcb = WorkContext->Rfcb;
if (WorkContext->PreviousSMB == EVENT_TYPE_SMB_LAST_EVENT)
WorkContext->PreviousSMB = EVENT_TYPE_SMB_WRITE_RAW;
SrvWmiStartContext(WorkContext);
IF_DEBUG(FSD1) SrvPrint0( " - SrvFsdRestartWriteRaw\n" );
//
// Find out the file type that we are dealing with. If it is a pipe
// then we have not prewritten the immediate data.
//
// immediateLength is the length of the data sent with the write
// block raw request.
//
shareType = rfcb->ShareType;
immediateLength = WorkContext->Parameters.WriteRaw.ImmediateLength;
immediateWriteDone = WorkContext->Parameters.WriteRaw.ImmediateWriteDone;
//
// Deallocate the raw receive buffer. Note that we do not need to
// unlock the raw buffer, because it was allocated out of nonpaged
// pool and locked using MmBuildMdlForNonPagedPool, which doesn't
// increment reference counts and therefore has no inverse.
//
if ( !WorkContext->Parameters.WriteRaw.MdlWrite ) {
//
// If this is a named pipe the request buffer actually points
// "immediateLength" bytes into the write buffer.
//
if ( immediateWriteDone ) {
DEALLOCATE_NONPAGED_POOL( WorkContext->RequestBuffer->Buffer );
IF_SMB_DEBUG(RAW2) {
SrvPrint1( "raw buffer 0x%p deallocated\n",
WorkContext->RequestBuffer->Buffer );
}
} else {
DEALLOCATE_NONPAGED_POOL(
(PCHAR)WorkContext->RequestBuffer->Buffer - immediateLength );
IF_SMB_DEBUG(RAW2) {
SrvPrint1( "raw buffer 0x%p deallocated\n",
(PCHAR)WorkContext->RequestBuffer->Buffer - immediateLength );
}
}
}
status = WorkContext->Irp->IoStatus.Status;
//
// If this is not a pipe we have already successfully written the
// immediate pipe data, so return the total bytes written by the two
// write operations.
//
writeLength = (ULONG)WorkContext->Irp->IoStatus.Information;
if( NT_SUCCESS( status ) && writeLength == 0 ) {
writeLength = WorkContext->Parameters.WriteRaw.Length;
} else {
if ( immediateWriteDone ) {
writeLength += immediateLength;
}
}
UPDATE_WRITE_STATS( WorkContext, writeLength );
finalResponseBuffer = WorkContext->Parameters.WriteRaw.FinalResponseBuffer;
//
// Update the file position.
//
// !!! Need to worry about wraparound?
//
if ( shareType == ShareTypeDisk || shareType == ShareTypePrint ) {
rfcb->CurrentPosition =
WorkContext->Parameters.WriteRaw.Offset.LowPart + writeLength;
}
if ( finalResponseBuffer == NULL ) {
//
// Update server statistics.
//
UPDATE_STATISTICS( WorkContext, 0, SMB_COM_WRITE_RAW );
//
// Save the write behind error, if any.
//
if ( !NT_SUCCESS( status ) ) {
//
// because of our assumption that the cached rfcb does
// not have a write behind error stored. This saves us
// a compare on our critical path.
//
if ( WorkContext->Connection->CachedFid == (ULONG)rfcb->Fid ) {
WorkContext->Connection->CachedFid = (ULONG)-1;
}
rfcb->SavedError = status;
}
//
// Dereference control blocks, etc.
//
WorkContext->ResponseBuffer->Buffer = NULL;
RestartWriteCompleteResponse( WorkContext );
IF_DEBUG(TRACE2) SrvPrint0( "SrvFsdRestartWriteRaw complete\n" );
goto Cleanup;
}
//
// Writethrough mode. Send a response to the client. We have to
// get a little tricky here, to make the raw mode work item look
// enough like a normal one to be able to send using it. Note that
// the header from the original request SMB was copied into the
// final response buffer.
//
WorkContext->ResponseHeader = (PSMB_HEADER)finalResponseBuffer;
WorkContext->ResponseParameters = WorkContext->ResponseHeader + 1;
ASSERT( WorkContext->RequestBuffer == WorkContext->ResponseBuffer );
WorkContext->ResponseBuffer->Buffer = finalResponseBuffer;
sendLength = (ULONG)( (PCHAR)NEXT_LOCATION(
WorkContext->ResponseParameters,
RESP_WRITE_COMPLETE,
0
) - (PCHAR)finalResponseBuffer );
WorkContext->ResponseBuffer->DataLength = sendLength;
//
// Remap the MDL to describe the final response buffer.
//
mdl = WorkContext->ResponseBuffer->Mdl;
MmInitializeMdl( mdl, finalResponseBuffer, sendLength );
MmBuildMdlForNonPagedPool( mdl );
//
// Set the bit in the SMB that indicates this is a response from the
// server.
//
WorkContext->ResponseHeader->Flags |= SMB_FLAGS_SERVER_TO_REDIR;
//
// Send the response. When the send completes, the restart routine
// RestartWriteCompleteResponse is called. We then dereference
// control blocks and put the raw mode work item back on the free
// list.
//
if ( (status != STATUS_SUCCESS) &&
(KeGetCurrentIrql() >= DISPATCH_LEVEL) ) {
WorkContext->Irp->IoStatus.Status = status;
WorkContext->Irp->IoStatus.Information = writeLength;
WorkContext->FspRestartRoutine = SrvBuildAndSendWriteCompleteResponse;
WorkContext->FsdRestartRoutine = RestartWriteCompleteResponse; // after response
QUEUE_WORK_TO_FSP( WorkContext );
} else {
SrvFsdBuildWriteCompleteResponse(
WorkContext,
status,
writeLength
);
SRV_START_SEND_2(
WorkContext,
SrvFsdSendCompletionRoutine,
RestartWriteCompleteResponse,
NULL
);
}
Cleanup:
SrvWmiEndContext(WorkContext);
return;
} // SrvFsdRestartWriteRaw