mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8471 lines
221 KiB
8471 lines
221 KiB
/*++
|
|
|
|
Copyright (c) 1989-1999 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
misc.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the miscellaneous AFD routines.
|
|
|
|
Author:
|
|
|
|
David Treadwell (davidtr) 13-Nov-1992
|
|
|
|
Revision History:
|
|
|
|
Vadim Eydelman (vadime) 1998-1999 Misc changes
|
|
|
|
--*/
|
|
|
|
#include "afdp.h"
|
|
#define TL_INSTANCE 0
|
|
#include <ipexport.h>
|
|
#include <tdiinfo.h>
|
|
#include <tcpinfo.h>
|
|
#include <ntddtcp.h>
|
|
|
|
|
|
VOID
|
|
AfdDoWork (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PVOID Context
|
|
);
|
|
|
|
NTSTATUS
|
|
AfdRestartDeviceControl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
);
|
|
|
|
VOID
|
|
AfdUnlockDriver (
|
|
IN PVOID Context
|
|
);
|
|
|
|
|
|
BOOLEAN
|
|
AfdCompareAddresses(
|
|
IN PTRANSPORT_ADDRESS Address1,
|
|
IN ULONG Address1Length,
|
|
IN PTRANSPORT_ADDRESS Address2,
|
|
IN ULONG Address2Length
|
|
);
|
|
|
|
NTSTATUS
|
|
AfdCompleteTransportIoctl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
);
|
|
|
|
NTSTATUS
|
|
AfdCompleteNBTransportIoctl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
);
|
|
|
|
BOOLEAN
|
|
AfdCleanupTransportIoctl (
|
|
PAFD_ENDPOINT Endpoint,
|
|
PAFD_REQUEST_CONTEXT RequestCtx
|
|
);
|
|
|
|
BOOLEAN
|
|
AfdCleanupNBTransportIoctl (
|
|
PAFD_ENDPOINT Endpoint,
|
|
PAFD_REQUEST_CONTEXT RequestCtx
|
|
);
|
|
|
|
#ifdef _WIN64
|
|
NTSTATUS
|
|
AfdQueryHandles32 (
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
NTSTATUS
|
|
AfdSetQos32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
NTSTATUS
|
|
AfdGetQos32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
|
|
NTSTATUS
|
|
AfdNoOperation32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
);
|
|
#endif
|
|
|
|
VOID
|
|
AfdLRListTimeout (
|
|
IN PKDPC Dpc,
|
|
IN PVOID DeferredContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
);
|
|
|
|
VOID
|
|
AfdProcessLRList (
|
|
PVOID Param
|
|
);
|
|
|
|
VOID
|
|
AfdLRStartTimer (
|
|
VOID
|
|
);
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
#pragma alloc_text( PAGE, AfdCalcBufferArrayByteLength )
|
|
#pragma alloc_text( PAGE, AfdCopyBufferArrayToBuffer )
|
|
#pragma alloc_text( PAGE, AfdCopyBufferToBufferArray )
|
|
#pragma alloc_text( PAGE, AfdCopyMdlChainToBufferArray )
|
|
#pragma alloc_text( PAGEAFD, AfdMapMdlChain )
|
|
#pragma alloc_text( PAGEAFD, AfdCopyMdlChainToMdlChain )
|
|
#pragma alloc_text( PAGEAFD, AfdAdvanceMdlChain )
|
|
#pragma alloc_text( PAGEAFD, AfdAllocateMdlChain )
|
|
#pragma alloc_text( PAGE, AfdQueryHandles )
|
|
#pragma alloc_text( PAGE, AfdGetInformation )
|
|
#pragma alloc_text( PAGEAFD, AfdSetInformation )
|
|
#pragma alloc_text( PAGE, AfdSetInLineMode )
|
|
#pragma alloc_text( PAGE, AfdGetContext )
|
|
#pragma alloc_text( PAGE, AfdGetRemoteAddress )
|
|
#pragma alloc_text( PAGE, AfdSetContext )
|
|
#pragma alloc_text( PAGE, AfdIssueDeviceControl )
|
|
#pragma alloc_text( PAGE, AfdSetEventHandler )
|
|
#pragma alloc_text( PAGE, AfdInsertNewEndpointInList )
|
|
#pragma alloc_text( PAGE, AfdRemoveEndpointFromList )
|
|
#pragma alloc_text( PAGE, AfdQueryProviderInfo )
|
|
#pragma alloc_text( PAGE, AfdLockEndpointContext )
|
|
#pragma alloc_text( PAGE, AfdUnlockEndpointContext )
|
|
#pragma alloc_text( PAGEAFD, AfdCompleteIrpList )
|
|
#pragma alloc_text( PAGEAFD, AfdErrorEventHandler )
|
|
#pragma alloc_text( PAGEAFD, AfdErrorExEventHandler )
|
|
//#pragma alloc_text( PAGEAFD, AfdRestartDeviceControl ) // can't ever be paged!
|
|
#pragma alloc_text( PAGEAFD, AfdGetConnectData )
|
|
#pragma alloc_text( PAGEAFD, AfdSetConnectData )
|
|
#pragma alloc_text( PAGEAFD, AfdFreeConnectDataBuffers )
|
|
#pragma alloc_text( PAGEAFD, AfdSaveReceivedConnectData )
|
|
// The routines below can be called when no endpoints are in the list
|
|
//#pragma alloc_text( PAGEAFD, AfdDoWork )
|
|
//#pragma alloc_text( PAGEAFD, AfdQueueWorkItem )
|
|
#pragma alloc_text( PAGEAFD, AfdGetWorkerByRoutine )
|
|
|
|
#pragma alloc_text( PAGE, AfdProcessLRList)
|
|
#pragma alloc_text( PAGEAFD, AfdLRListTimeout)
|
|
#pragma alloc_text( PAGEAFD, AfdLRStartTimer)
|
|
#pragma alloc_text( PAGEAFD, AfdLRListAddItem)
|
|
|
|
// Re-enable paging of the routines below when
|
|
// KeFlushQueuedDpcs is exported from kernel.
|
|
//#pragma alloc_text( PAGEAFD, AfdTrimLookaside)
|
|
//#pragma alloc_text( PAGEAFD, AfdCheckLookasideLists)
|
|
|
|
#if DBG
|
|
#pragma alloc_text( PAGEAFD, AfdRecordOutstandingIrpDebug )
|
|
#endif
|
|
#pragma alloc_text( PAGE, AfdExceptionFilter )
|
|
#pragma alloc_text( PAGEAFD, AfdSetQos )
|
|
#pragma alloc_text( PAGE, AfdGetQos )
|
|
#pragma alloc_text( PAGE, AfdNoOperation )
|
|
#pragma alloc_text (PAGE, AfdValidateStatus)
|
|
#pragma alloc_text( PAGEAFD, AfdValidateGroup )
|
|
#pragma alloc_text( PAGEAFD, AfdCompareAddresses )
|
|
#pragma alloc_text( PAGEAFD, AfdGetUnacceptedConnectData )
|
|
#pragma alloc_text( PAGE, AfdDoTransportIoctl )
|
|
#pragma alloc_text( PAGEAFD, AfdCancelIrp )
|
|
#ifdef _WIN64
|
|
#pragma alloc_text( PAGEAFD, AfdAllocateMdlChain32 )
|
|
#pragma alloc_text( PAGEAFD, AfdSetQos32 )
|
|
#pragma alloc_text( PAGE, AfdGetQos32 )
|
|
#pragma alloc_text( PAGE, AfdNoOperation32 )
|
|
#endif
|
|
#endif
|
|
|
|
|
|
VOID
|
|
AfdCompleteIrpList (
|
|
IN PLIST_ENTRY IrpListHead,
|
|
IN PAFD_ENDPOINT Endpoint,
|
|
IN NTSTATUS Status,
|
|
IN PAFD_IRP_CLEANUP_ROUTINE CleanupRoutine OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Completes a list of IRPs with the specified status.
|
|
|
|
Arguments:
|
|
|
|
IrpListHead - the head of the list of IRPs to complete.
|
|
|
|
Endpoint - an endpoint which lock which protects the list of IRPs.
|
|
|
|
Status - the status to use for completing the IRPs.
|
|
|
|
CleanupRoutine - a pointer to an optional IRP cleanup routine called
|
|
before the IRP is completed.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLIST_ENTRY listEntry;
|
|
PIRP irp;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
AfdAcquireSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
while ( !IsListEmpty( IrpListHead ) ) {
|
|
|
|
//
|
|
// Remove the first IRP from the list, get a pointer to
|
|
// the IRP and reset the cancel routine in the IRP. The
|
|
// IRP is no longer cancellable.
|
|
//
|
|
|
|
listEntry = RemoveHeadList( IrpListHead );
|
|
irp = CONTAINING_RECORD( listEntry, IRP, Tail.Overlay.ListEntry );
|
|
|
|
if ( IoSetCancelRoutine( irp, NULL ) == NULL ) {
|
|
|
|
//
|
|
// This IRP is about to be canceled. Look for another in the
|
|
// list. Set the Flink to NULL so the cancel routine knows
|
|
// it is not on the list.
|
|
//
|
|
|
|
irp->Tail.Overlay.ListEntry.Flink = NULL;
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// If we have a cleanup routine, call it.
|
|
//
|
|
|
|
if( CleanupRoutine != NULL ) {
|
|
|
|
if (!(CleanupRoutine)( irp )) {
|
|
//
|
|
// Cleanup routine indicated that IRP should not
|
|
// be completed.
|
|
//
|
|
continue;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// We must release the locks in order to actually
|
|
// complete the IRP. It is OK to release these locks
|
|
// because we don't maintain any absolute pointer into
|
|
// the list; the loop termination condition is just
|
|
// whether the list is completely empty.
|
|
//
|
|
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// Complete the IRP.
|
|
//
|
|
|
|
irp->IoStatus.Status = Status;
|
|
irp->IoStatus.Information = 0;
|
|
|
|
IoCompleteRequest( irp, AfdPriorityBoost );
|
|
|
|
//
|
|
// Reacquire the locks and continue completing IRPs.
|
|
//
|
|
|
|
AfdAcquireSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
}
|
|
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
return;
|
|
|
|
} // AfdCompleteIrpList
|
|
|
|
|
|
NTSTATUS
|
|
AfdErrorEventHandler (
|
|
IN PVOID TdiEventContext,
|
|
IN NTSTATUS Status
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint = TdiEventContext;
|
|
BOOLEAN result;
|
|
|
|
CHECK_REFERENCE_ENDPOINT (endpoint, result);
|
|
if (!result)
|
|
return STATUS_SUCCESS;
|
|
|
|
switch (Status) {
|
|
case STATUS_PORT_UNREACHABLE:
|
|
AfdErrorExEventHandler (TdiEventContext, Status, NULL);
|
|
break;
|
|
default:
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_WARNING_LEVEL,
|
|
"AfdErrorEventHandler called for endpoint %p\n",
|
|
endpoint ));
|
|
|
|
}
|
|
|
|
DEREFERENCE_ENDPOINT (endpoint);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
AfdErrorExEventHandler (
|
|
IN PVOID TdiEventContext,
|
|
IN NTSTATUS Status,
|
|
IN PVOID Context
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint = TdiEventContext;
|
|
BOOLEAN result;
|
|
|
|
CHECK_REFERENCE_ENDPOINT (endpoint, result);
|
|
if (!result)
|
|
return STATUS_SUCCESS;
|
|
|
|
switch (Status) {
|
|
case STATUS_PORT_UNREACHABLE:
|
|
//
|
|
// UDP uses error ex handler to report ICMP rejects
|
|
//
|
|
if (IS_DGRAM_ENDPOINT (endpoint) &&
|
|
!endpoint->Common.Datagram.DisablePUError) {
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
PLIST_ENTRY listEntry;
|
|
PIRP irp = NULL;
|
|
PTRANSPORT_ADDRESS sourceAddress = Context;
|
|
int sourceAddressLength;
|
|
PAFD_BUFFER_TAG afdBuffer;
|
|
|
|
if (sourceAddress!=NULL) {
|
|
sourceAddressLength =
|
|
FIELD_OFFSET(TRANSPORT_ADDRESS,
|
|
Address[0].Address[sourceAddress->Address[0].AddressLength]);
|
|
}
|
|
else
|
|
sourceAddressLength = 0;
|
|
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
//
|
|
// First try to fail any of the receive IRPs
|
|
//
|
|
while (!IsListEmpty (&endpoint->ReceiveDatagramIrpListHead)) {
|
|
listEntry = RemoveHeadList( &endpoint->ReceiveDatagramIrpListHead );
|
|
|
|
//
|
|
// Get a pointer to the IRP and reset the cancel routine in
|
|
// the IRP. The IRP is no longer cancellable.
|
|
//
|
|
|
|
irp = CONTAINING_RECORD( listEntry, IRP, Tail.Overlay.ListEntry );
|
|
|
|
if ( IoSetCancelRoutine( irp, NULL ) != NULL ) {
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
irp->IoStatus.Status = Status;
|
|
irp->IoStatus.Information = 0;
|
|
AfdSetupReceiveDatagramIrp (irp, NULL, 0, NULL, 0,
|
|
sourceAddress,
|
|
sourceAddressLength,
|
|
0
|
|
);
|
|
|
|
IoCompleteRequest( irp, AfdPriorityBoost );
|
|
goto Exit;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// This IRP is about to be canceled. Look for another in the
|
|
// list. Set the Flink to NULL so the cancel routine knows
|
|
// it is not on the list.
|
|
//
|
|
|
|
irp->Tail.Overlay.ListEntry.Flink = NULL;
|
|
irp = NULL;
|
|
}
|
|
}
|
|
|
|
ASSERT (irp==NULL);
|
|
//
|
|
// See if there are any PEEK IRPs
|
|
//
|
|
while (!IsListEmpty (&endpoint->PeekDatagramIrpListHead)) {
|
|
listEntry = RemoveHeadList( &endpoint->PeekDatagramIrpListHead );
|
|
|
|
//
|
|
// Get a pointer to the IRP and reset the cancel routine in
|
|
// the IRP. The IRP is no longer cancellable.
|
|
//
|
|
|
|
irp = CONTAINING_RECORD( listEntry, IRP, Tail.Overlay.ListEntry );
|
|
|
|
if ( IoSetCancelRoutine( irp, NULL ) != NULL ) {
|
|
break;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// This IRP is about to be canceled. Look for another in the
|
|
// list. Set the Flink to NULL so the cancel routine knows
|
|
// it is not on the list.
|
|
//
|
|
|
|
irp->Tail.Overlay.ListEntry.Flink = NULL;
|
|
irp = NULL;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// If we can buffer this indication, do it
|
|
//
|
|
|
|
if (endpoint->DgBufferredReceiveBytes <
|
|
endpoint->Common.Datagram.MaxBufferredReceiveBytes &&
|
|
(endpoint->DgBufferredReceiveBytes>0 ||
|
|
(endpoint->DgBufferredReceiveCount*sizeof (AFD_BUFFER_TAG)) <
|
|
endpoint->Common.Datagram.MaxBufferredReceiveBytes) ) {
|
|
afdBuffer = AfdGetBufferTag( sourceAddressLength, endpoint->OwningProcess );
|
|
if ( afdBuffer != NULL) {
|
|
|
|
//
|
|
// Save the status do distinguish this from
|
|
// normal datagram IRP
|
|
//
|
|
afdBuffer->Status = Status;
|
|
afdBuffer->DataLength = 0;
|
|
afdBuffer->DatagramFlags = 0;
|
|
afdBuffer->DataOffset = 0;
|
|
RtlCopyMemory(
|
|
afdBuffer->TdiInfo.RemoteAddress,
|
|
sourceAddress,
|
|
sourceAddressLength
|
|
);
|
|
afdBuffer->TdiInfo.RemoteAddressLength = sourceAddressLength;
|
|
|
|
//
|
|
// Place the buffer on this endpoint's list of bufferred datagrams
|
|
// and update the counts of datagrams and datagram bytes on the
|
|
// endpoint.
|
|
//
|
|
|
|
InsertTailList(
|
|
&endpoint->ReceiveDatagramBufferListHead,
|
|
&afdBuffer->BufferListEntry
|
|
);
|
|
|
|
endpoint->DgBufferredReceiveCount++;
|
|
|
|
//
|
|
// All done. Release the lock and tell the provider that we
|
|
// took all the data.
|
|
//
|
|
AfdIndicateEventSelectEvent(
|
|
endpoint,
|
|
AFD_POLL_RECEIVE,
|
|
STATUS_SUCCESS
|
|
);
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// Indicate that it is possible to receive on the endpoint now.
|
|
//
|
|
|
|
AfdIndicatePollEvent(
|
|
endpoint,
|
|
AFD_POLL_RECEIVE,
|
|
STATUS_SUCCESS
|
|
);
|
|
}
|
|
else {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
}
|
|
}
|
|
else {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
}
|
|
|
|
//
|
|
// If there was a peek IRP on the endpoint, complete it now.
|
|
//
|
|
|
|
if ( irp != NULL ) {
|
|
irp->IoStatus.Status = Status;
|
|
irp->IoStatus.Information = 0;
|
|
AfdSetupReceiveDatagramIrp (irp, NULL, 0, NULL, 0,
|
|
sourceAddress,
|
|
sourceAddressLength,
|
|
0
|
|
);
|
|
IoCompleteRequest( irp, AfdPriorityBoost );
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
Exit:
|
|
DEREFERENCE_ENDPOINT (endpoint);
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdErrorEventHandler
|
|
|
|
|
|
VOID
|
|
AfdInsertNewEndpointInList (
|
|
IN PAFD_ENDPOINT Endpoint
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Inserts a new endpoint in the global list of AFD endpoints. If this
|
|
is the first endpoint, then this routine does various allocations to
|
|
prepare AFD for usage.
|
|
|
|
Arguments:
|
|
|
|
Endpoint - the endpoint being added.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Acquire a lock which prevents other threads from performing this
|
|
// operation.
|
|
//
|
|
//
|
|
// Make sure the thread in which we execute cannot get
|
|
// suspeneded in APC while we own the global resource.
|
|
//
|
|
KeEnterCriticalRegion ();
|
|
ExAcquireResourceExclusiveLite( AfdResource, TRUE );
|
|
|
|
InterlockedIncrement(
|
|
&AfdEndpointsOpened
|
|
);
|
|
|
|
//
|
|
// If the list of endpoints is empty, do some allocations.
|
|
//
|
|
|
|
if ( IsListEmpty( &AfdEndpointListHead ) ) {
|
|
|
|
//
|
|
// Tell MM to revert to normal paging semantics.
|
|
//
|
|
|
|
if (!AfdLoaded) {
|
|
MmResetDriverPaging( DriverEntry );
|
|
AfdLoaded = (PKEVENT)1;
|
|
}
|
|
|
|
//
|
|
// Lock down the AFD section that cannot be pagable if any
|
|
// sockets are open.
|
|
//
|
|
|
|
ASSERT( AfdDiscardableCodeHandle == NULL );
|
|
|
|
AfdDiscardableCodeHandle = MmLockPagableCodeSection( AfdGetBuffer );
|
|
ASSERT( AfdDiscardableCodeHandle != NULL );
|
|
|
|
//
|
|
// Add extra reference to afd device object so that the
|
|
// driver cannot be unloaded while at least one endpoint
|
|
// is in the list.
|
|
//
|
|
ObReferenceObject (AfdDeviceObject);
|
|
|
|
//
|
|
// Setup 30 sec timer to flush lookaside lists
|
|
// if too many items are there for too long.
|
|
//
|
|
KeInitializeTimer (&AfdLookasideLists->Timer);
|
|
KeInitializeDpc (&AfdLookasideLists->Dpc, AfdCheckLookasideLists, AfdLookasideLists);
|
|
{
|
|
LARGE_INTEGER dueTime;
|
|
dueTime.QuadPart = -(30*1000*1000*10);
|
|
KeSetTimerEx (&AfdLookasideLists->Timer,
|
|
dueTime,
|
|
30*1000,
|
|
&AfdLookasideLists->Dpc);
|
|
}
|
|
|
|
}
|
|
ASSERT (AfdLoaded==(PKEVENT)1);
|
|
|
|
//
|
|
// Add the endpoint to the list(s).
|
|
//
|
|
|
|
InsertHeadList(
|
|
&AfdEndpointListHead,
|
|
&Endpoint->GlobalEndpointListEntry
|
|
);
|
|
|
|
if( Endpoint->GroupType == GroupTypeConstrained ) {
|
|
InsertHeadList(
|
|
&AfdConstrainedEndpointListHead,
|
|
&Endpoint->ConstrainedEndpointListEntry
|
|
);
|
|
}
|
|
|
|
//
|
|
// Release the lock and return.
|
|
//
|
|
|
|
ExReleaseResourceLite( AfdResource );
|
|
KeLeaveCriticalRegion ();
|
|
|
|
return;
|
|
|
|
} // AfdInsertNewEndpointInList
|
|
|
|
|
|
VOID
|
|
AfdRemoveEndpointFromList (
|
|
IN PAFD_ENDPOINT Endpoint
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Removes a new endpoint from the global list of AFD endpoints. If
|
|
this is the last endpoint in the list, then this routine does
|
|
various deallocations to save resource utilization.
|
|
|
|
Arguments:
|
|
|
|
Endpoint - the endpoint being removed.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Acquire a lock which prevents other threads from performing this
|
|
// operation.
|
|
//
|
|
|
|
//
|
|
// Make sure the thread in which we execute cannot get
|
|
// suspeneded in APC while we own the global resource.
|
|
//
|
|
KeEnterCriticalRegion ();
|
|
ExAcquireResourceExclusiveLite( AfdResource, TRUE );
|
|
|
|
InterlockedIncrement(
|
|
&AfdEndpointsClosed
|
|
);
|
|
|
|
//
|
|
// Remove the endpoint from the list(s).
|
|
//
|
|
|
|
RemoveEntryList(
|
|
&Endpoint->GlobalEndpointListEntry
|
|
);
|
|
|
|
if( Endpoint->GroupType == GroupTypeConstrained ) {
|
|
RemoveEntryList(
|
|
&Endpoint->ConstrainedEndpointListEntry
|
|
);
|
|
}
|
|
|
|
//
|
|
// If the list of endpoints is now empty, do some deallocations.
|
|
//
|
|
|
|
if ( IsListEmpty( &AfdEndpointListHead ) ) {
|
|
|
|
//
|
|
// Stop the timer that scans lookaside lists.
|
|
//
|
|
KeCancelTimer (&AfdLookasideLists->Timer);
|
|
|
|
//
|
|
// Make sure DPC is completed since we may need to reinitialize
|
|
// it after we exit this routine and new endpoint is created again.
|
|
//
|
|
KeRemoveQueueDpc (&AfdLookasideLists->Dpc);
|
|
|
|
//
|
|
// Make sure that DPC routine has actually completed before
|
|
// unlocking code section where this routine resides.
|
|
//
|
|
// Not exported from kernel - so don't put the routine
|
|
// into the discardable code section until it is.
|
|
//
|
|
// KeFlushQueuedDpcs ();
|
|
|
|
//
|
|
// Unlock the AFD section that can be pagable when no sockets
|
|
// are open.
|
|
//
|
|
|
|
ASSERT( IsListEmpty( &AfdConstrainedEndpointListHead ) );
|
|
ASSERT( AfdDiscardableCodeHandle != NULL );
|
|
|
|
MmUnlockPagableImageSection( AfdDiscardableCodeHandle );
|
|
|
|
AfdDiscardableCodeHandle = NULL;
|
|
|
|
//
|
|
// Queue off an executive worker thread to unlock AFD. We do
|
|
// this using special hacks in the AFD worker thread code so
|
|
// that we don't need to acuire a spin lock after the unlock.
|
|
//
|
|
|
|
AfdQueueWorkItem( AfdUnlockDriver, &AfdUnloadWorker );
|
|
}
|
|
|
|
//
|
|
// Release the lock and return.
|
|
//
|
|
|
|
ExReleaseResourceLite( AfdResource );
|
|
KeLeaveCriticalRegion ();
|
|
|
|
return;
|
|
|
|
} // AfdRemoveEndpointFromList
|
|
|
|
|
|
VOID
|
|
AfdUnlockDriver (
|
|
IN PVOID Context
|
|
)
|
|
{
|
|
//
|
|
// Acquire a lock which prevents other threads from performing this
|
|
// operation.
|
|
//
|
|
//
|
|
// Make sure the thread in which we execute cannot get
|
|
// suspeneded in APC while we own the global resource.
|
|
//
|
|
KeEnterCriticalRegion ();
|
|
ExAcquireResourceExclusiveLite( AfdResource, TRUE );
|
|
|
|
//
|
|
// Test whether the endpoint list remains empty. If it is still
|
|
// empty, we can proceed with unlocking the driver. If a new
|
|
// endpoint has been placed on the list, then do not make AFD
|
|
// pagable.
|
|
//
|
|
|
|
if ( IsListEmpty( &AfdEndpointListHead ) ) {
|
|
|
|
//
|
|
// Tell MM that it can page all of AFD as it desires.
|
|
//
|
|
if (AfdLoaded!=NULL && AfdLoaded!=(PKEVENT)1) {
|
|
KeSetEvent (AfdLoaded, AfdPriorityBoost, FALSE);
|
|
}
|
|
else {
|
|
MmPageEntireDriver( DriverEntry );
|
|
}
|
|
|
|
AfdLoaded = NULL;
|
|
|
|
}
|
|
|
|
ExReleaseResourceLite( AfdResource );
|
|
KeLeaveCriticalRegion ();
|
|
|
|
} // AfdUnlockDriver
|
|
|
|
|
|
NTSTATUS
|
|
AfdQueryHandles (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Returns information about the TDI handles corresponding to an AFD
|
|
endpoint. NULL is returned for either the connection handle or the
|
|
address handle (or both) if the endpoint does not have that particular
|
|
object.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
AFD_HANDLE_INFO handleInfo;
|
|
ULONG getHandleInfo;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
*Information = 0;
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
|
|
//
|
|
// Make sure that the input and output buffers are large enough.
|
|
//
|
|
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (NULL)) {
|
|
if ( InputBufferLength < sizeof(getHandleInfo) ||
|
|
OutputBufferLength < sizeof(AFD_HANDLE_INFO32) ) {
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
}
|
|
else
|
|
#endif
|
|
{
|
|
if ( InputBufferLength < sizeof(getHandleInfo) ||
|
|
OutputBufferLength < sizeof(handleInfo) ) {
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
}
|
|
|
|
try {
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (getHandleInfo),
|
|
PROBE_ALIGNMENT(ULONG));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
getHandleInfo = *((PULONG)InputBuffer);
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// If no handle information or invalid handle information was
|
|
// requested, fail.
|
|
//
|
|
|
|
if ( (getHandleInfo &
|
|
~(AFD_QUERY_ADDRESS_HANDLE | AFD_QUERY_CONNECTION_HANDLE)) != 0 ||
|
|
getHandleInfo == 0 ) {
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
//
|
|
// Initialize the output buffer.
|
|
//
|
|
|
|
handleInfo.TdiAddressHandle = NULL;
|
|
handleInfo.TdiConnectionHandle = NULL;
|
|
|
|
//
|
|
// If the caller requested a TDI address handle and we have an
|
|
// address handle for this endpoint, dupe the address handle to the
|
|
// user process.
|
|
//
|
|
|
|
if ( (getHandleInfo & AFD_QUERY_ADDRESS_HANDLE) != 0 &&
|
|
(endpoint->State == AfdEndpointStateBound ||
|
|
endpoint->State == AfdEndpointStateConnected) &&
|
|
endpoint->AddressFileObject != NULL ) {
|
|
|
|
// If transport does not support new TDI_SERVICE_FORCE_ACCESS_CHECK_FLAG
|
|
// we get the maximum possible access for the handle so that helper
|
|
// DLL can do what it wants with it. Of course this compromises the
|
|
// security, but we can't enforce it without the transport cooperation.
|
|
status = ObOpenObjectByPointer(
|
|
endpoint->AddressFileObject,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
MAXIMUM_ALLOWED,
|
|
*IoFileObjectType,
|
|
(KPROCESSOR_MODE)((endpoint->TdiServiceFlags&TDI_SERVICE_FORCE_ACCESS_CHECK)
|
|
? RequestorMode
|
|
: KernelMode),
|
|
&handleInfo.TdiAddressHandle
|
|
);
|
|
if ( !NT_SUCCESS(status) ) {
|
|
return status;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the caller requested a TDI connection handle and we have a
|
|
// connection handle for this endpoint, dupe the connection handle
|
|
// to the user process. Note that we can have a connection and
|
|
// TDI handle when endpoint is in process of being connected.
|
|
// We should not return the connection handle until enpoint is
|
|
// fully connected or it may go away while we are trying to
|
|
// reference it if connection fails (bug 93096)
|
|
//
|
|
|
|
if ( (getHandleInfo & AFD_QUERY_CONNECTION_HANDLE) != 0 &&
|
|
(endpoint->Type & AfdBlockTypeVcConnecting) == AfdBlockTypeVcConnecting &&
|
|
endpoint->State == AfdEndpointStateConnected &&
|
|
((connection=AfdGetConnectionReferenceFromEndpoint (endpoint))!=NULL)) {
|
|
|
|
ASSERT( connection->Type == AfdBlockTypeConnection );
|
|
ASSERT( connection->FileObject != NULL );
|
|
|
|
// If transport does not support new TDI_SERVICE_FORCE_ACCESS_CHECK_FLAG
|
|
// we get the maximum possible access for the handle so that helper
|
|
// DLL can do what it wants with it. Of course this compromises the
|
|
// security, but we can't enforce it without the transport cooperation.
|
|
|
|
status = ObOpenObjectByPointer(
|
|
connection->FileObject,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
MAXIMUM_ALLOWED,
|
|
*IoFileObjectType,
|
|
(KPROCESSOR_MODE)((endpoint->TdiServiceFlags & TDI_SERVICE_FORCE_ACCESS_CHECK)
|
|
? RequestorMode
|
|
: KernelMode),
|
|
&handleInfo.TdiConnectionHandle
|
|
);
|
|
|
|
DEREFERENCE_CONNECTION (connection);
|
|
|
|
if ( !NT_SUCCESS(status) ) {
|
|
if ( handleInfo.TdiAddressHandle != NULL ) {
|
|
ZwClose( handleInfo.TdiAddressHandle );
|
|
}
|
|
return status;
|
|
}
|
|
}
|
|
|
|
try {
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (NULL)) {
|
|
if (RequestorMode!=KernelMode) {
|
|
ProbeForWrite (OutputBuffer,
|
|
sizeof (AFD_HANDLE_INFO32),
|
|
PROBE_ALIGNMENT32 (AFD_HANDLE_INFO32));
|
|
}
|
|
((PAFD_HANDLE_INFO32)OutputBuffer)->TdiAddressHandle =
|
|
(VOID * POINTER_32)HandleToUlong(handleInfo.TdiAddressHandle);
|
|
((PAFD_HANDLE_INFO32)OutputBuffer)->TdiConnectionHandle =
|
|
(VOID * POINTER_32)HandleToUlong(handleInfo.TdiConnectionHandle);
|
|
*Information = sizeof (AFD_HANDLE_INFO32);
|
|
}
|
|
else
|
|
#endif
|
|
{
|
|
if (RequestorMode!=KernelMode) {
|
|
ProbeForWrite (OutputBuffer,
|
|
sizeof (handleInfo),
|
|
PROBE_ALIGNMENT (AFD_HANDLE_INFO));
|
|
}
|
|
*((PAFD_HANDLE_INFO)OutputBuffer) = handleInfo;
|
|
*Information = sizeof (handleInfo);
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
if ( handleInfo.TdiAddressHandle != NULL ) {
|
|
ZwClose( handleInfo.TdiAddressHandle );
|
|
}
|
|
if ( handleInfo.TdiConnectionHandle != NULL ) {
|
|
ZwClose( handleInfo.TdiConnectionHandle );
|
|
}
|
|
return status;
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdQueryHandles
|
|
|
|
|
|
NTSTATUS
|
|
AfdGetInformation (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Gets information in the endpoint.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
AFD_INFORMATION afdInfo;
|
|
NTSTATUS status;
|
|
LONGLONG currentTime;
|
|
LONGLONG connectTime;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
*Information = 0;
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
if (endpoint->Type==AfdBlockTypeHelper ||
|
|
endpoint->Type==AfdBlockTypeSanHelper)
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
//
|
|
// Make sure that the input and output buffers are large enough.
|
|
//
|
|
#ifdef _WIN64
|
|
{
|
|
C_ASSERT (sizeof (AFD_INFORMATION)==sizeof (AFD_INFORMATION32));
|
|
}
|
|
#endif
|
|
if ( InputBufferLength < sizeof(afdInfo.InformationType) ||
|
|
OutputBufferLength < sizeof(afdInfo) ) {
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
try {
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (NULL)) {
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (InputBufferLength),
|
|
PROBE_ALIGNMENT32(AFD_INFORMATION32));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
afdInfo.InformationType = ((PAFD_INFORMATION32)InputBuffer)->InformationType;
|
|
}
|
|
else
|
|
#endif _WIN64
|
|
{
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (InputBufferLength),
|
|
PROBE_ALIGNMENT(AFD_INFORMATION));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
afdInfo.InformationType = ((PAFD_INFORMATION)InputBuffer)->InformationType;
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Set up appropriate information in the endpoint.
|
|
//
|
|
|
|
switch ( afdInfo.InformationType ) {
|
|
|
|
case AFD_MAX_PATH_SEND_SIZE:
|
|
if (InputBufferLength>sizeof (afdInfo) &&
|
|
(endpoint->State==AfdEndpointStateBound || endpoint->State==AfdEndpointStateConnected)) {
|
|
TDI_REQUEST_KERNEL_QUERY_INFORMATION kernelQueryInfo;
|
|
TDI_CONNECTION_INFORMATION connectionInfo;
|
|
PMDL mdl;
|
|
InputBuffer = (PUCHAR)InputBuffer+sizeof (afdInfo);
|
|
InputBufferLength -= sizeof (afdInfo);
|
|
mdl = IoAllocateMdl(
|
|
InputBuffer, // VirtualAddress
|
|
InputBufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
if (mdl!=NULL) {
|
|
|
|
try {
|
|
MmProbeAndLockPages(
|
|
mdl, // MemoryDescriptorList
|
|
RequestorMode, // AccessMode
|
|
IoWriteAccess // Operation
|
|
);
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
except (AFD_EXCEPTION_FILTER (&status)) {
|
|
}
|
|
if (NT_SUCCESS (status)) {
|
|
connectionInfo.RemoteAddress = MmGetSystemAddressForMdlSafe (mdl, LowPagePriority);
|
|
if (connectionInfo.RemoteAddress!=NULL) {
|
|
connectionInfo.RemoteAddressLength = InputBufferLength;
|
|
//
|
|
// Set up a query to the TDI provider to obtain the largest
|
|
// datagram that can be sent to a particular address.
|
|
//
|
|
|
|
kernelQueryInfo.QueryType = TDI_QUERY_MAX_DATAGRAM_INFO;
|
|
kernelQueryInfo.RequestConnectionInformation = &connectionInfo;
|
|
|
|
connectionInfo.UserDataLength = 0;
|
|
connectionInfo.UserData = NULL;
|
|
connectionInfo.OptionsLength = 0;
|
|
connectionInfo.Options = NULL;
|
|
|
|
//
|
|
// Ask the TDI provider for the information.
|
|
//
|
|
|
|
status = AfdIssueDeviceControl(
|
|
endpoint->AddressFileObject,
|
|
&kernelQueryInfo,
|
|
sizeof(kernelQueryInfo),
|
|
&afdInfo.Information.Ulong,
|
|
sizeof(afdInfo.Information.Ulong),
|
|
TDI_QUERY_INFORMATION
|
|
);
|
|
}
|
|
else
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
MmUnlockPages (mdl);
|
|
}
|
|
IoFreeMdl (mdl);
|
|
}
|
|
else
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
//
|
|
// If the request succeeds, use this information. Otherwise,
|
|
// fall through and use the transport's global information.
|
|
// This is done because not all transports support this
|
|
// particular TDI request, and for those which do not the
|
|
// global information is a reasonable approximation.
|
|
//
|
|
|
|
if ( NT_SUCCESS(status) ) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
case AFD_MAX_SEND_SIZE:
|
|
{
|
|
//
|
|
// With PnP some provider info fields can change over time.
|
|
// so we query them each time we are asked.
|
|
//
|
|
TDI_PROVIDER_INFO providerInfo;
|
|
status = AfdQueryProviderInfo (
|
|
&endpoint->TransportInfo->TransportDeviceName,
|
|
&providerInfo);
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
//
|
|
// Return the MaxSendSize or MaxDatagramSendSize from the
|
|
// TDI_PROVIDER_INFO based on whether or not this is a datagram
|
|
// endpoint.
|
|
//
|
|
|
|
if ( IS_DGRAM_ENDPOINT(endpoint) ) {
|
|
afdInfo.Information.Ulong = providerInfo.MaxDatagramSize;
|
|
} else {
|
|
afdInfo.Information.Ulong = providerInfo.MaxSendSize;
|
|
}
|
|
}
|
|
|
|
}
|
|
break;
|
|
|
|
case AFD_SENDS_PENDING:
|
|
|
|
//
|
|
// If this is an endpoint on a bufferring transport, no sends
|
|
// are pending in AFD. If it is on a nonbufferring transport,
|
|
// return the count of sends pended in AFD.
|
|
//
|
|
|
|
if ( IS_TDI_BUFFERRING(endpoint) ||
|
|
(endpoint->Type & AfdBlockTypeVcConnecting) != AfdBlockTypeVcConnecting ||
|
|
endpoint->State != AfdEndpointStateConnected ||
|
|
((connection=AfdGetConnectionReferenceFromEndpoint (endpoint))==NULL)) {
|
|
afdInfo.Information.Ulong = 0;
|
|
} else {
|
|
afdInfo.Information.Ulong = connection->VcBufferredSendCount;
|
|
DEREFERENCE_CONNECTION (connection);
|
|
}
|
|
|
|
break;
|
|
|
|
case AFD_RECEIVE_WINDOW_SIZE:
|
|
|
|
//
|
|
// Return the default receive window.
|
|
//
|
|
|
|
afdInfo.Information.Ulong = AfdReceiveWindowSize;
|
|
break;
|
|
|
|
case AFD_SEND_WINDOW_SIZE:
|
|
|
|
//
|
|
// Return the default send window.
|
|
//
|
|
|
|
afdInfo.Information.Ulong = AfdSendWindowSize;
|
|
break;
|
|
|
|
case AFD_CONNECT_TIME:
|
|
|
|
//
|
|
// If the endpoint is not yet connected, return -1. Otherwise,
|
|
// calculate the number of seconds that the connection has been
|
|
// active.
|
|
//
|
|
|
|
if ( endpoint->State != AfdEndpointStateConnected ||
|
|
IS_DGRAM_ENDPOINT (endpoint) ||
|
|
(connection=AfdGetConnectionReferenceFromEndpoint( endpoint ))==NULL) {
|
|
|
|
afdInfo.Information.Ulong = 0xFFFFFFFF;
|
|
|
|
} else {
|
|
|
|
ASSERT( connection->Type == AfdBlockTypeConnection );
|
|
|
|
//
|
|
// Calculate how long the connection has been active by
|
|
// subtracting the time at which the connection started from
|
|
// the current time. Note that we convert the units of the
|
|
// time value from 100s of nanoseconds to seconds.
|
|
//
|
|
|
|
currentTime = KeQueryInterruptTime ();
|
|
|
|
connectTime = (currentTime - connection->ConnectTime);
|
|
connectTime /= 10*1000*1000;
|
|
|
|
//
|
|
// We can safely convert this to a ULONG because it takes
|
|
// 127 years to overflow a ULONG counting seconds. The
|
|
// bizarre conversion to a LARGE_INTEGER is required to
|
|
// prevent the compiler from optimizing out the full 64-bit
|
|
// division above. Without this, the compiler would do only
|
|
// a 32-bit division and lose some information.
|
|
//
|
|
|
|
//afdInfo->Information.Ulong = (ULONG)connectTime;
|
|
afdInfo.Information.Ulong = ((PLARGE_INTEGER)&connectTime)->LowPart;
|
|
|
|
DEREFERENCE_CONNECTION (connection);
|
|
}
|
|
|
|
break;
|
|
|
|
case AFD_GROUP_ID_AND_TYPE : {
|
|
|
|
PAFD_GROUP_INFO groupInfo;
|
|
|
|
groupInfo = (PAFD_GROUP_INFO)&afdInfo.Information.LargeInteger;
|
|
|
|
//
|
|
// Return the endpoint's group ID and group type.
|
|
//
|
|
|
|
groupInfo->GroupID = endpoint->GroupID;
|
|
groupInfo->GroupType = endpoint->GroupType;
|
|
|
|
}
|
|
break;
|
|
|
|
default:
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
|
|
try {
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (NULL)) {
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForWrite (OutputBuffer,
|
|
sizeof (afdInfo),
|
|
PROBE_ALIGNMENT32(AFD_INFORMATION32));
|
|
}
|
|
|
|
//
|
|
// Copy parameters back to application's memory
|
|
//
|
|
|
|
RtlMoveMemory(InputBuffer,
|
|
&afdInfo,
|
|
sizeof (afdInfo));
|
|
}
|
|
else
|
|
#endif _WIN64
|
|
{
|
|
//
|
|
// Validate the output structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForWrite (OutputBuffer,
|
|
sizeof (afdInfo),
|
|
PROBE_ALIGNMENT (AFD_INFORMATION));
|
|
}
|
|
|
|
//
|
|
// Copy parameters back to application's memory
|
|
//
|
|
|
|
*((PAFD_INFORMATION)OutputBuffer) = afdInfo;
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
return status;
|
|
}
|
|
|
|
*Information = sizeof(afdInfo);
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdGetInformation
|
|
|
|
|
|
NTSTATUS
|
|
AfdSetInformation (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Sets information in the endpoint.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
AFD_INFORMATION afdInfo;
|
|
NTSTATUS status;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
|
|
//
|
|
// Nothing to return.
|
|
//
|
|
|
|
*Information = 0;
|
|
|
|
//
|
|
// Initialize locals for cleanup.
|
|
//
|
|
|
|
connection = NULL;
|
|
status = STATUS_SUCCESS;
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
if (endpoint->Type==AfdBlockTypeHelper ||
|
|
endpoint->Type==AfdBlockTypeSanHelper)
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
//
|
|
// Make sure that the input buffer is large enough.
|
|
//
|
|
|
|
#ifdef _WIN64
|
|
{
|
|
C_ASSERT (sizeof (AFD_INFORMATION)==sizeof (AFD_INFORMATION32));
|
|
}
|
|
#endif
|
|
|
|
if ( InputBufferLength < sizeof(afdInfo) ) {
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
try {
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (NULL)) {
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (InputBufferLength),
|
|
PROBE_ALIGNMENT32(AFD_INFORMATION32));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
RtlMoveMemory (&afdInfo, InputBuffer, sizeof (afdInfo));
|
|
}
|
|
else
|
|
#endif _WIN64
|
|
{
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (afdInfo),
|
|
PROBE_ALIGNMENT(AFD_INFORMATION));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
afdInfo = *((PAFD_INFORMATION)InputBuffer);
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Set up appropriate information in the endpoint.
|
|
//
|
|
|
|
switch ( afdInfo.InformationType ) {
|
|
|
|
case AFD_NONBLOCKING_MODE:
|
|
|
|
//
|
|
// Set the blocking mode of the endpoint. If TRUE, send and receive
|
|
// calls on the endpoint will fail if they cannot be completed
|
|
// immediately.
|
|
//
|
|
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
endpoint->NonBlocking = (afdInfo.Information.Boolean!=FALSE);
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
break;
|
|
|
|
case AFD_CIRCULAR_QUEUEING:
|
|
|
|
//
|
|
// Enables circular queuing on the endpoint.
|
|
//
|
|
|
|
if( !IS_DGRAM_ENDPOINT( endpoint ) ) {
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
|
|
}
|
|
|
|
endpoint->Common.Datagram.CircularQueueing = (afdInfo.Information.Boolean!=FALSE);
|
|
break;
|
|
|
|
case AFD_REPORT_PORT_UNREACHABLE:
|
|
|
|
//
|
|
// Enables reporting PORT_UNREACHABLE to the app.
|
|
//
|
|
|
|
if( !IS_DGRAM_ENDPOINT( endpoint ) ) {
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
|
|
}
|
|
|
|
endpoint->Common.Datagram.DisablePUError = (afdInfo.Information.Boolean==FALSE);
|
|
break;
|
|
|
|
case AFD_INLINE_MODE:
|
|
|
|
//
|
|
// Set the inline mode of the endpoint. If TRUE, a receive for
|
|
// normal data will be completed with either normal data or
|
|
// expedited data. If the endpoint is connected, we need to
|
|
// tell the TDI provider that the endpoint is inline so that it
|
|
// delivers data to us in order. If the endpoint is not yet
|
|
// connected, then we will set the inline mode when we create
|
|
// the TDI connection object.
|
|
//
|
|
|
|
if ( (endpoint->Type & AfdBlockTypeVcConnecting) == AfdBlockTypeVcConnecting ) {
|
|
connection = AfdGetConnectionReferenceFromEndpoint( endpoint );
|
|
if (connection!=NULL) {
|
|
status = AfdSetInLineMode(
|
|
connection,
|
|
afdInfo.Information.Boolean
|
|
);
|
|
if ( !NT_SUCCESS(status) ) {
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
}
|
|
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
endpoint->InLine = (afdInfo.Information.Boolean!=FALSE);
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
break;
|
|
|
|
case AFD_RECEIVE_WINDOW_SIZE:
|
|
case AFD_SEND_WINDOW_SIZE: {
|
|
|
|
PCLONG maxBytes;
|
|
#ifdef AFDDBG_QUOTA
|
|
PVOID chargeBlock;
|
|
PSZ chargeType;
|
|
#endif
|
|
|
|
//
|
|
// First determine where the appropriate limits are stored in the
|
|
// connection or endpoint. We do this so that we can use common
|
|
// code to charge quota and set the new counters.
|
|
//
|
|
|
|
if ( (endpoint->Type & AfdBlockTypeVcConnecting) == AfdBlockTypeVcConnecting &&
|
|
endpoint->State == AfdEndpointStateConnected &&
|
|
((connection = AfdGetConnectionReferenceFromEndpoint (endpoint))!=NULL) ) {
|
|
|
|
if ( afdInfo.InformationType == AFD_SEND_WINDOW_SIZE ) {
|
|
maxBytes = &connection->MaxBufferredSendBytes;
|
|
} else {
|
|
maxBytes = &connection->MaxBufferredReceiveBytes;
|
|
}
|
|
|
|
#ifdef AFDDBG_QUOTA
|
|
chargeBlock = connection;
|
|
chargeType = "SetInfo vcnb";
|
|
#endif
|
|
} else if ( IS_DGRAM_ENDPOINT(endpoint) ) {
|
|
|
|
if ( afdInfo.InformationType == AFD_SEND_WINDOW_SIZE ) {
|
|
maxBytes = &endpoint->Common.Datagram.MaxBufferredSendBytes;
|
|
} else {
|
|
maxBytes = &endpoint->Common.Datagram.MaxBufferredReceiveBytes;
|
|
}
|
|
|
|
#ifdef AFDDBG_QUOTA
|
|
chargeBlock = endpoint;
|
|
chargeType = "SetInfo dgrm";
|
|
#endif
|
|
|
|
} else if (IS_SAN_ENDPOINT (endpoint) ) {
|
|
status = STATUS_SUCCESS;
|
|
goto Cleanup;
|
|
}
|
|
else {
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Make sure that we always allow at least one message to be
|
|
// bufferred on an endpoint.
|
|
//
|
|
|
|
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
if ( afdInfo.Information.Ulong == 0 ) {
|
|
|
|
//
|
|
// Don't allow the max receive bytes to go to zero, but
|
|
// max send bytes IS allowed to go to zero because it has
|
|
// special meaning: specifically, do not buffer sends.
|
|
//
|
|
|
|
if ( afdInfo.InformationType == AFD_RECEIVE_WINDOW_SIZE ) {
|
|
afdInfo.Information.Ulong = 1;
|
|
}
|
|
else {
|
|
ASSERT (afdInfo.InformationType == AFD_SEND_WINDOW_SIZE);
|
|
endpoint->DisableFastIoSend = TRUE;
|
|
}
|
|
}
|
|
else {
|
|
if( afdInfo.InformationType == AFD_SEND_WINDOW_SIZE ) {
|
|
endpoint->DisableFastIoSend = FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Set up the new information in the AFD internal structure.
|
|
//
|
|
|
|
*maxBytes = (CLONG)afdInfo.Information.Ulong;
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
|
|
break;
|
|
}
|
|
|
|
default:
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Cleanup:
|
|
if (connection!=NULL) {
|
|
DEREFERENCE_CONNECTION (connection);
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdSetInformation
|
|
|
|
|
|
NTSTATUS
|
|
AfdSetInLineMode (
|
|
IN PAFD_CONNECTION Connection,
|
|
IN BOOLEAN InLine
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Sets a connection to be in inline mode. In inline mode, urgent data
|
|
is delivered in the order in which it is received. We must tell the
|
|
TDI provider about this so that it indicates data in the proper
|
|
order.
|
|
|
|
Arguments:
|
|
|
|
Connection - the AFD connection to set as inline.
|
|
|
|
InLine - TRUE to enable inline mode, FALSE to disable inline mode.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully
|
|
performed.
|
|
|
|
--*/
|
|
|
|
{
|
|
//
|
|
// Since TCP does not implement this correctly, do everything in AFD!!!
|
|
// Background:
|
|
// When this options is enabled, TCP indicates all the data as normal
|
|
// data, so we end up mixing it together which is against the spec.
|
|
// Also, since TCP stops reporting expedited data, SIOATMARK fails
|
|
// to report presence of OOB data altogether.
|
|
// When handling OOB data completely inside AFD we can only run into
|
|
// one problem: if AFD runs out of its receive buffer for the socket
|
|
// and refuses to accept more data from TCP so that TCP buffers it
|
|
// within itself, any OOB data arriving at this point can be indicated
|
|
// out of order (not inline).
|
|
//
|
|
// Well, this appears to be even worse. Some apps (SQL) send more than
|
|
// one byte of OOB data, TCP can only send one, so it sends everything
|
|
// but the last byte as normal and the last one as OOB. It then turns
|
|
// around and indicates the OOB (last byte) first which breaks the
|
|
// ordering required by OOBINLINE.
|
|
// In the end, we are broken one way or the other, so keep the things
|
|
// the way they were for number of years and wait for TCP to fix.
|
|
NTSTATUS status;
|
|
PTCP_REQUEST_SET_INFORMATION_EX setInfoEx;
|
|
TCPSocketOption *option;
|
|
UCHAR buffer[sizeof(*setInfoEx) + sizeof(*option)];
|
|
IO_STATUS_BLOCK ioStatusBlock;
|
|
KEVENT event;
|
|
PIRP irp;
|
|
PIO_STACK_LOCATION irpSp;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Initialize the TDI information buffers.
|
|
//
|
|
|
|
setInfoEx = (PTCP_REQUEST_SET_INFORMATION_EX)buffer;
|
|
|
|
setInfoEx->ID.toi_entity.tei_entity = CO_TL_ENTITY;
|
|
setInfoEx->ID.toi_entity.tei_instance = TL_INSTANCE;
|
|
setInfoEx->ID.toi_class = INFO_CLASS_PROTOCOL;
|
|
setInfoEx->ID.toi_type = INFO_TYPE_CONNECTION;
|
|
setInfoEx->ID.toi_id = TCP_SOCKET_OOBINLINE;
|
|
setInfoEx->BufferSize = sizeof(*option);
|
|
|
|
option = (TCPSocketOption *)&setInfoEx->Buffer;
|
|
option->tso_value = InLine;
|
|
|
|
|
|
|
|
//
|
|
// Initialize the kernel event that will signal I/O completion.
|
|
//
|
|
|
|
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
|
|
|
|
//
|
|
// Build TDI set information IRP.
|
|
//
|
|
|
|
irp = IoBuildDeviceIoControlRequest (
|
|
IOCTL_TCP_SET_INFORMATION_EX,
|
|
Connection->DeviceObject,
|
|
setInfoEx,
|
|
sizeof(*setInfoEx) + setInfoEx->BufferSize,
|
|
NULL,
|
|
0,
|
|
FALSE, // InternalDeviceIoControl
|
|
&event,
|
|
&ioStatusBlock);
|
|
if (irp==NULL) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
irpSp = IoGetNextIrpStackLocation (irp);
|
|
irpSp->FileObject = Connection->FileObject;
|
|
|
|
//
|
|
// Call the driver.
|
|
//
|
|
status = IoCallDriver (Connection->DeviceObject, irp);
|
|
|
|
//
|
|
// Must be at below APC level or this IRP will never get fully completed.
|
|
//
|
|
ASSERT (KeGetCurrentIrql ()<APC_LEVEL);
|
|
|
|
//
|
|
// If necessary, wait for the I/O to complete.
|
|
//
|
|
|
|
if ( status == STATUS_PENDING ) {
|
|
status = KeWaitForSingleObject( (PVOID)&event, Executive, KernelMode, FALSE, NULL );
|
|
ASSERT (status==STATUS_SUCCESS);
|
|
}
|
|
else {
|
|
//
|
|
// The IRP must have been completed then and event set.
|
|
//
|
|
if (NT_ERROR (status) || KeReadStateEvent (&event))
|
|
;
|
|
else {
|
|
DbgPrint ("************************************************\n");
|
|
DbgPrint ("*AFD: IoCallDriver returned STATUS_SUCCESS,"
|
|
" but event in the IRP (%p) is NOT signalled!!!\n",
|
|
irp);
|
|
DbgPrint ("************************************************\n");
|
|
DbgBreakPoint ();
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the request was successfully completed, get the final I/O status.
|
|
//
|
|
|
|
if ( NT_SUCCESS(status) ) {
|
|
status = ioStatusBlock.Status;
|
|
}
|
|
|
|
|
|
//
|
|
// Since this option is only supported for TCP/IP, always return success.
|
|
//
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdSetInLineMode
|
|
|
|
//
|
|
// The locking mechanism idea below is stolen from ntos\ex\handle.c
|
|
//
|
|
|
|
PVOID
|
|
AfdLockEndpointContext (
|
|
PAFD_ENDPOINT Endpoint
|
|
)
|
|
{
|
|
PVOID context;
|
|
PAGED_CODE ();
|
|
|
|
|
|
//
|
|
// We now use this lock in APC, protect from being
|
|
// interrupted by the APC by disallowing them when we
|
|
// are holding the lock.
|
|
//
|
|
KeEnterCriticalRegion ();
|
|
while (1) {
|
|
context = Endpoint->Context;
|
|
//
|
|
// See if someone else is manipulating the context.
|
|
//
|
|
if ((context==AFD_CONTEXT_BUSY) ||
|
|
(context==AFD_CONTEXT_WAITING)) {
|
|
//
|
|
// If this has not changed while we were checking,
|
|
// tell the current owner that we are waiting (if not
|
|
// already told) and wait for a few miliseconds.
|
|
//
|
|
if (InterlockedCompareExchangePointer (
|
|
(PVOID *)&Endpoint->Context,
|
|
AFD_CONTEXT_WAITING,
|
|
context)==context) {
|
|
NTSTATUS status;
|
|
LARGE_INTEGER afd10Milliseconds = {(ULONG)(-10 * 1000 * 10), -1};
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdLockEndpointContext: Waiting for endp %p\n",
|
|
Endpoint));
|
|
|
|
KeLeaveCriticalRegion ();
|
|
|
|
status = KeWaitForSingleObject( (PVOID)&AfdContextWaitEvent,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
&afd10Milliseconds);
|
|
KeEnterCriticalRegion ();
|
|
}
|
|
else {
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdLockEndpointContext: ICEP contention on %p\n",
|
|
Endpoint));
|
|
}
|
|
//
|
|
// Try again.
|
|
//
|
|
}
|
|
else {
|
|
//
|
|
// Context is not owned, try to get the ownership
|
|
//
|
|
if (InterlockedCompareExchangePointer (
|
|
(PVOID *)&Endpoint->Context,
|
|
AFD_CONTEXT_BUSY,
|
|
context)==context) {
|
|
//
|
|
// We now own the context, return it.
|
|
//
|
|
break;
|
|
}
|
|
//
|
|
// Try again.
|
|
//
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdLockEndpointContext: ICEP contention on %p\n",
|
|
Endpoint));
|
|
|
|
}
|
|
}
|
|
|
|
return context;
|
|
}
|
|
|
|
VOID
|
|
AfdUnlockEndpointContext (
|
|
PAFD_ENDPOINT Endpoint,
|
|
PVOID Context
|
|
)
|
|
{
|
|
PAGED_CODE ();
|
|
|
|
ASSERT ((Context!=AFD_CONTEXT_BUSY) && (Context!=AFD_CONTEXT_WAITING));
|
|
|
|
//
|
|
// Set the new context pointer and see what the old value was.
|
|
//
|
|
Context = InterlockedExchangePointer ((PVOID)&Endpoint->Context, Context);
|
|
if (Context==AFD_CONTEXT_WAITING) {
|
|
LONG prevState;
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdUnlockEndpointContext: Unwaiting endp %p\n", Endpoint));
|
|
//
|
|
// Someone was waiting, tell them to go get it now.
|
|
//
|
|
prevState = KePulseEvent (&AfdContextWaitEvent,
|
|
AfdPriorityBoost,
|
|
FALSE
|
|
);
|
|
ASSERT (prevState==0);
|
|
}
|
|
else {
|
|
//
|
|
// Better be busy or someone has changed it on us.
|
|
//
|
|
ASSERT (Context==AFD_CONTEXT_BUSY);
|
|
}
|
|
KeLeaveCriticalRegion ();
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
AfdGetContext (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PVOID context;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
*Information = 0;
|
|
|
|
|
|
|
|
context = AfdLockEndpointContext (endpoint);
|
|
|
|
//
|
|
// Make sure that the output buffer is large enough to hold all the
|
|
// context information for this socket.
|
|
//
|
|
|
|
//
|
|
// If there is no context, return nothing.
|
|
//
|
|
|
|
if ( context == NULL ) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
//
|
|
// Return the context information we have stored for this endpoint.
|
|
//
|
|
|
|
else {
|
|
//
|
|
// If application buffer is too small, just
|
|
// copy whatever fits in and return the error code.
|
|
//
|
|
if ( OutputBufferLength < endpoint->ContextLength ) {
|
|
status = STATUS_BUFFER_OVERFLOW;
|
|
}
|
|
else {
|
|
OutputBufferLength = endpoint->ContextLength;
|
|
if (IS_SAN_ENDPOINT (endpoint)) {
|
|
//
|
|
// Indicate to the caller that it may also need to
|
|
// acqiure the control of the endpoint and
|
|
// fetch san specific information.
|
|
//
|
|
status = STATUS_MORE_ENTRIES;
|
|
}
|
|
else {
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
}
|
|
|
|
try {
|
|
|
|
|
|
//
|
|
// Validate the output structure if it comes from the user mode
|
|
// application
|
|
//
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForWrite (OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof (UCHAR));
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// Copy parameters back to application's memory
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
OutputBuffer,
|
|
context,
|
|
OutputBufferLength
|
|
);
|
|
|
|
*Information = endpoint->ContextLength;
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
}
|
|
}
|
|
|
|
AfdUnlockEndpointContext (endpoint, context);
|
|
|
|
return status;
|
|
|
|
} // AfdGetContext
|
|
|
|
|
|
NTSTATUS
|
|
AfdGetRemoteAddress (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PVOID context;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
*Information = 0;
|
|
|
|
context = AfdLockEndpointContext (endpoint);
|
|
//
|
|
// If there is no context or endpoint is of wrong type state or
|
|
// context information has been changed below the original size,
|
|
// return error.
|
|
//
|
|
|
|
if ( context == NULL ||
|
|
endpoint->Type!=AfdBlockTypeVcConnecting ||
|
|
endpoint->State!= AfdEndpointStateConnected ||
|
|
((CLONG)(endpoint->Common.VcConnecting.RemoteSocketAddressOffset+
|
|
endpoint->Common.VcConnecting.RemoteSocketAddressLength)) >
|
|
endpoint->ContextLength
|
|
) {
|
|
status = STATUS_INVALID_CONNECTION;
|
|
}
|
|
else {
|
|
|
|
if (OutputBufferLength<endpoint->Common.VcConnecting.RemoteSocketAddressLength) {
|
|
status = STATUS_BUFFER_OVERFLOW;
|
|
}
|
|
else {
|
|
OutputBufferLength = endpoint->Common.VcConnecting.RemoteSocketAddressLength;
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
try {
|
|
|
|
//
|
|
// Validate the output structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForWrite (OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof (UCHAR));
|
|
}
|
|
|
|
//
|
|
// Copy parameters to application's memory
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
OutputBuffer,
|
|
(PUCHAR)context+endpoint->Common.VcConnecting.RemoteSocketAddressOffset,
|
|
endpoint->Common.VcConnecting.RemoteSocketAddressLength
|
|
);
|
|
|
|
*Information = endpoint->ContextLength;
|
|
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
}
|
|
}
|
|
|
|
AfdUnlockEndpointContext (endpoint, context);
|
|
|
|
return status;
|
|
|
|
} // AfdGetRemoteAddress
|
|
|
|
|
|
NTSTATUS
|
|
AfdSetContext (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PVOID context;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
status = STATUS_SUCCESS;
|
|
*Information = 0;
|
|
|
|
context = AfdLockEndpointContext (endpoint);
|
|
try {
|
|
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
InputBufferLength,
|
|
sizeof (UCHAR));
|
|
|
|
if (OutputBuffer!=NULL) {
|
|
//
|
|
// Validate that output buffer is completely inside
|
|
// of the input buffer and offsets are inside of supported ranges.
|
|
//
|
|
if ((PUCHAR)OutputBuffer<(PUCHAR)InputBuffer ||
|
|
(PUCHAR)OutputBuffer-(PUCHAR)InputBuffer>MAXUSHORT ||
|
|
OutputBufferLength>MAXUSHORT ||
|
|
OutputBufferLength>InputBufferLength ||
|
|
(ULONG)((PUCHAR)OutputBuffer-(PUCHAR)InputBuffer)>
|
|
InputBufferLength-OutputBufferLength) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the context buffer is too small, allocate a new context
|
|
// buffer from paged pool.
|
|
//
|
|
|
|
if ( endpoint->ContextLength < InputBufferLength ) {
|
|
|
|
PVOID newContext;
|
|
|
|
|
|
//
|
|
// Allocate a new context buffer.
|
|
// Note since the socket context usually gets
|
|
// populated on socket creation during boot and not used
|
|
// right away (untill socket state is chaged), we
|
|
// make it a "cold" allocation. The flag has no effect
|
|
// after system is booted.
|
|
|
|
newContext = AFD_ALLOCATE_POOL_WITH_QUOTA(
|
|
PagedPool|POOL_COLD_ALLOCATION,
|
|
InputBufferLength,
|
|
AFD_CONTEXT_POOL_TAG
|
|
);
|
|
|
|
// AFD_ALLOCATE_POOL_WITH_QUOTA macro sets POOL_RAISE_IF_ALLOCATION_FAILURE flag
|
|
ASSERT ( newContext != NULL );
|
|
|
|
//
|
|
// Free the old context buffer, if there was one.
|
|
//
|
|
|
|
if ( context != NULL ) {
|
|
|
|
AFD_FREE_POOL(
|
|
context,
|
|
AFD_CONTEXT_POOL_TAG
|
|
);
|
|
|
|
}
|
|
|
|
context = newContext;
|
|
}
|
|
|
|
//
|
|
// Store the passed-in context buffer.
|
|
//
|
|
|
|
endpoint->ContextLength = InputBufferLength;
|
|
|
|
RtlCopyMemory(
|
|
context,
|
|
InputBuffer,
|
|
InputBufferLength
|
|
);
|
|
status = STATUS_SUCCESS;
|
|
//
|
|
// Save pointer to remote socket address which we fill
|
|
// at the time of AcceptEx processing.
|
|
//
|
|
if (OutputBuffer!=NULL) {
|
|
if (AFD_START_STATE_CHANGE (endpoint, AfdEndpointStateOpen)) {
|
|
if (endpoint->Type==AfdBlockTypeEndpoint &&
|
|
endpoint->State==AfdEndpointStateOpen) {
|
|
endpoint->Common.VcConnecting.RemoteSocketAddressOffset =
|
|
(USHORT) ((PUCHAR)OutputBuffer-(PUCHAR)InputBuffer);
|
|
endpoint->Common.VcConnecting.RemoteSocketAddressLength =
|
|
(USHORT) OutputBufferLength;
|
|
}
|
|
AFD_END_STATE_CHANGE (endpoint);
|
|
}
|
|
}
|
|
}
|
|
except (AFD_EXCEPTION_FILTER (&status)) {
|
|
}
|
|
|
|
AfdUnlockEndpointContext (endpoint, context);
|
|
return status;
|
|
|
|
} // AfdSetContext
|
|
|
|
|
|
NTSTATUS
|
|
AfdSetEventHandler (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG EventType,
|
|
IN PVOID EventHandler,
|
|
IN PVOID EventContext
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Sets up a TDI indication handler on a connection or address object
|
|
(depending on the file handle). This is done synchronously, which
|
|
shouldn't usually be an issue since TDI providers can usually complete
|
|
indication handler setups immediately.
|
|
|
|
Arguments:
|
|
|
|
FileObject - a pointer to the file object for an open connection or
|
|
address object.
|
|
|
|
EventType - the event for which the indication handler should be
|
|
called.
|
|
|
|
EventHandler - the routine to call when tghe specified event occurs.
|
|
|
|
EventContext - context which is passed to the indication routine.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates the status of the request.
|
|
|
|
--*/
|
|
|
|
{
|
|
TDI_REQUEST_KERNEL_SET_EVENT parameters;
|
|
|
|
PAGED_CODE( );
|
|
|
|
parameters.EventType = EventType;
|
|
parameters.EventHandler = EventHandler;
|
|
parameters.EventContext = EventContext;
|
|
|
|
return AfdIssueDeviceControl(
|
|
FileObject,
|
|
¶meters,
|
|
sizeof(parameters),
|
|
NULL,
|
|
0,
|
|
TDI_SET_EVENT_HANDLER
|
|
);
|
|
|
|
} // AfdSetEventHandler
|
|
|
|
|
|
NTSTATUS
|
|
AfdIssueDeviceControl (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PVOID IrpParameters,
|
|
IN ULONG IrpParametersLength,
|
|
IN PVOID MdlBuffer,
|
|
IN ULONG MdlBufferLength,
|
|
IN UCHAR MinorFunction
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Issues a device control returst to a TDI provider and waits for the
|
|
request to complete.
|
|
|
|
|
|
Arguments:
|
|
|
|
FileObject - a pointer to the file object corresponding to a TDI
|
|
handle
|
|
|
|
IrpParameters - information to write to the parameters section of the
|
|
stack location of the IRP.
|
|
|
|
IrpParametersLength - length of the parameter information. Cannot be
|
|
greater than 16.
|
|
|
|
MdlBuffer - if non-NULL, a buffer of nonpaged pool to be mapped
|
|
into an MDL and placed in the MdlAddress field of the IRP.
|
|
|
|
MdlBufferLength - the size of the buffer pointed to by MdlBuffer.
|
|
|
|
MinorFunction - the minor function code for the request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates the status of the request.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
PIRP irp;
|
|
PIO_STACK_LOCATION irpSp;
|
|
KEVENT event;
|
|
IO_STATUS_BLOCK ioStatusBlock;
|
|
PDEVICE_OBJECT deviceObject;
|
|
PMDL mdl;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Initialize the kernel event that will signal I/O completion.
|
|
//
|
|
|
|
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
|
|
|
|
//
|
|
// Attempt to allocate and initialize the I/O Request Packet (IRP)
|
|
// for this operation.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject ( FileObject );
|
|
|
|
DEBUG ioStatusBlock.Status = STATUS_UNSUCCESSFUL;
|
|
DEBUG ioStatusBlock.Information = (ULONG)-1;
|
|
|
|
//
|
|
// If an MDL buffer was specified, get an MDL, and map the buffer
|
|
//
|
|
|
|
if ( MdlBuffer != NULL ) {
|
|
|
|
mdl = IoAllocateMdl(
|
|
MdlBuffer,
|
|
MdlBufferLength,
|
|
FALSE,
|
|
FALSE,
|
|
NULL
|
|
);
|
|
if ( mdl == NULL ) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
MmBuildMdlForNonPagedPool( mdl );
|
|
|
|
} else {
|
|
|
|
mdl = NULL;
|
|
}
|
|
|
|
irp = TdiBuildInternalDeviceControlIrp (
|
|
MinorFunction,
|
|
deviceObject,
|
|
FileObject,
|
|
&event,
|
|
&ioStatusBlock
|
|
);
|
|
|
|
if ( irp == NULL ) {
|
|
if (mdl!=NULL) {
|
|
IoFreeMdl (mdl);
|
|
}
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Install MDL (if any) in the IRP.
|
|
//
|
|
irp->MdlAddress = mdl;
|
|
|
|
//
|
|
// Put the file object pointer in the stack location.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
ASSERT (irpSp->MajorFunction == IRP_MJ_INTERNAL_DEVICE_CONTROL);
|
|
irpSp->MinorFunction = MinorFunction;
|
|
irpSp->FileObject = FileObject;
|
|
|
|
//
|
|
// Fill in the service-dependent parameters for the request.
|
|
//
|
|
|
|
ASSERT( IrpParametersLength <= sizeof(irpSp->Parameters) );
|
|
RtlCopyMemory( &irpSp->Parameters, IrpParameters, IrpParametersLength );
|
|
|
|
|
|
//
|
|
// Set up a completion routine which we'll use to free the MDL
|
|
// allocated previously.
|
|
//
|
|
|
|
IoSetCompletionRoutine( irp, AfdRestartDeviceControl, NULL, TRUE, TRUE, TRUE );
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// Must be at below APC level or this IRP will never get fully completed.
|
|
//
|
|
ASSERT (KeGetCurrentIrql ()<APC_LEVEL);
|
|
|
|
//
|
|
// If necessary, wait for the I/O to complete.
|
|
//
|
|
|
|
if ( status == STATUS_PENDING ) {
|
|
status = KeWaitForSingleObject( (PVOID)&event, Executive, KernelMode, FALSE, NULL );
|
|
ASSERT (status==STATUS_SUCCESS);
|
|
}
|
|
else {
|
|
//
|
|
// The IRP must have been completed then and event set.
|
|
//
|
|
if (NT_ERROR (status) || KeReadStateEvent (&event))
|
|
;
|
|
else {
|
|
DbgPrint ("************************************************\n");
|
|
DbgPrint ("*AFD: IoCallDriver returned STATUS_SUCCESS,"
|
|
" but event in the IRP (%p) is NOT signalled!!!\n",
|
|
irp);
|
|
DbgPrint ("************************************************\n");
|
|
DbgBreakPoint ();
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the request was successfully completed, get the final I/O status.
|
|
//
|
|
|
|
if ( NT_SUCCESS(status) ) {
|
|
status = ioStatusBlock.Status;
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdIssueDeviceControl
|
|
|
|
|
|
NTSTATUS
|
|
AfdRestartDeviceControl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
)
|
|
{
|
|
//
|
|
// N.B. This routine can never be demand paged because it can be
|
|
// called before any endpoints have been placed on the global
|
|
// list--see AfdAllocateEndpoint() and it's call to
|
|
// AfdGetTransportInfo().
|
|
//
|
|
|
|
//
|
|
// If there was an MDL in the IRP, free it and reset the pointer to
|
|
// NULL. The IO system can't handle a nonpaged pool MDL being freed
|
|
// in an IRP, which is why we do it here.
|
|
//
|
|
|
|
if ( Irp->MdlAddress != NULL ) {
|
|
IoFreeMdl( Irp->MdlAddress );
|
|
Irp->MdlAddress = NULL;
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdRestartDeviceControl
|
|
|
|
|
|
NTSTATUS
|
|
AfdGetConnectData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
PAFD_CONNECT_DATA_BUFFERS connectDataBuffers;
|
|
PAFD_CONNECT_DATA_INFO connectDataInfo;
|
|
AFD_UNACCEPTED_CONNECT_DATA_INFO connectInfo;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
PMDL mdl;
|
|
NTSTATUS status;
|
|
UCHAR localBuffer[AFD_FAST_CONNECT_DATA_SIZE];
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
mdl = NULL;
|
|
status = STATUS_SUCCESS;
|
|
*Information = 0;
|
|
|
|
try {
|
|
if (InputBufferLength>0) {
|
|
if (InputBufferLength<sizeof(connectInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (connectInfo),
|
|
PROBE_ALIGNMENT(AFD_UNACCEPTED_CONNECT_DATA_INFO));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
connectInfo = *((PAFD_UNACCEPTED_CONNECT_DATA_INFO)InputBuffer);
|
|
|
|
if (connectInfo.LengthOnly &&
|
|
OutputBufferLength<sizeof (connectInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
}
|
|
|
|
if (OutputBufferLength>0) {
|
|
if (OutputBufferLength>sizeof (localBuffer)) {
|
|
mdl = IoAllocateMdl(
|
|
OutputBuffer, // VirtualAddress
|
|
OutputBufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
if (mdl==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
|
|
MmProbeAndLockPages(
|
|
mdl, // MemoryDescriptorList
|
|
RequestorMode, // AccessMode
|
|
IoWriteAccess // Operation
|
|
);
|
|
OutputBuffer = MmGetSystemAddressForMdlSafe(mdl, LowPagePriority);
|
|
if (OutputBuffer==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
}
|
|
else {
|
|
if (RequestorMode!=KernelMode) {
|
|
ProbeForWrite (OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof (UCHAR));
|
|
}
|
|
}
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If there is a connection on this endpoint, use the data buffers
|
|
// on the connection. Otherwise, use the data buffers from the
|
|
// endpoint.
|
|
//
|
|
|
|
AfdAcquireSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
|
|
if (InputBufferLength>0) {
|
|
if ((endpoint->Type & AfdBlockTypeVcListening)==AfdBlockTypeVcListening) {
|
|
connection = AfdFindReturnedConnection(
|
|
endpoint,
|
|
connectInfo.Sequence
|
|
);
|
|
}
|
|
else
|
|
connection = NULL;
|
|
|
|
if( connection == NULL ) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
connectDataBuffers = connection->ConnectDataBuffers;
|
|
}
|
|
else if ( (connection= AFD_CONNECTION_FROM_ENDPOINT (endpoint)) != NULL ) {
|
|
connectDataBuffers = connection->ConnectDataBuffers;
|
|
} else if (IS_VC_ENDPOINT (endpoint)) {
|
|
connectDataBuffers = endpoint->Common.VirtualCircuit.ConnectDataBuffers;
|
|
}
|
|
else {
|
|
connectDataBuffers = NULL;
|
|
}
|
|
|
|
//
|
|
// If there are no connect data buffers on the endpoint, complete
|
|
// the IRP with no bytes.
|
|
//
|
|
|
|
if ( connectDataBuffers == NULL ) {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_SUCCESS;
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// Determine what sort of data we're handling and where it should
|
|
// come from.
|
|
//
|
|
|
|
switch ( IoctlCode ) {
|
|
|
|
case IOCTL_AFD_GET_CONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_GET_CONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectOptions;
|
|
break;
|
|
|
|
case IOCTL_AFD_GET_DISCONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_GET_DISCONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectOptions;
|
|
break;
|
|
|
|
default:
|
|
ASSERT(!"Unknown GET_CONNECT_DATA IOCTL!");
|
|
__assume (0);
|
|
}
|
|
|
|
if ((InputBufferLength>0) && connectInfo.LengthOnly) {
|
|
|
|
connectInfo.ConnectDataLength = connectDataInfo->BufferLength;
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
try {
|
|
RtlCopyMemory (OutputBuffer,
|
|
&connectInfo,
|
|
sizeof (connectInfo));
|
|
*Information = sizeof (connectInfo);
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
except (AFD_EXCEPTION_FILTER (&status)) {
|
|
}
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If there is none of the requested data type, again complete
|
|
// the IRP with no bytes.
|
|
//
|
|
|
|
if ( connectDataInfo->Buffer == NULL ||
|
|
connectDataInfo->BufferLength == 0 ) {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
*Information = 0;
|
|
status = STATUS_SUCCESS;
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If the output buffer is too small, fail.
|
|
//
|
|
|
|
if ( OutputBufferLength < connectDataInfo->BufferLength ) {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto exit;
|
|
}
|
|
|
|
|
|
//
|
|
// Copy over the buffer and return the number of bytes copied.
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
mdl ? OutputBuffer : localBuffer,
|
|
connectDataInfo->Buffer,
|
|
connectDataInfo->BufferLength
|
|
);
|
|
|
|
*Information = connectDataInfo->BufferLength;
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
if (mdl==NULL) {
|
|
try {
|
|
RtlCopyMemory (OutputBuffer,
|
|
localBuffer,
|
|
*Information);
|
|
}
|
|
except (AFD_EXCEPTION_FILTER(&status)) {
|
|
*Information = 0;
|
|
}
|
|
}
|
|
|
|
exit:
|
|
|
|
if (mdl!=NULL) {
|
|
if (mdl->MdlFlags & MDL_PAGES_LOCKED) {
|
|
MmUnlockPages (mdl);
|
|
}
|
|
IoFreeMdl (mdl);
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdGetConnectData
|
|
|
|
|
|
NTSTATUS
|
|
AfdSetConnectData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
PAFD_CONNECT_DATA_BUFFERS connectDataBuffers;
|
|
PAFD_CONNECT_DATA_BUFFERS * connectDataBuffersTarget;
|
|
PAFD_CONNECT_DATA_INFO connectDataInfo;
|
|
AFD_UNACCEPTED_CONNECT_DATA_INFO connectInfo;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
BOOLEAN size = FALSE;
|
|
PMDL mdl;
|
|
NTSTATUS status;
|
|
UCHAR localBuffer[AFD_FAST_CONNECT_DATA_SIZE];
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
mdl = NULL;
|
|
status = STATUS_SUCCESS;
|
|
*Information = 0;
|
|
|
|
if (!IS_VC_ENDPOINT (endpoint)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
|
|
try {
|
|
if (InputBufferLength>0) {
|
|
if (InputBufferLength<sizeof(connectInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (connectInfo),
|
|
PROBE_ALIGNMENT(AFD_UNACCEPTED_CONNECT_DATA_INFO));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
connectInfo = *((PAFD_UNACCEPTED_CONNECT_DATA_INFO)InputBuffer);
|
|
|
|
}
|
|
|
|
if (OutputBufferLength>0) {
|
|
if (OutputBufferLength>sizeof (localBuffer)) {
|
|
mdl = IoAllocateMdl(
|
|
OutputBuffer, // VirtualAddress
|
|
OutputBufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
if (mdl==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
|
|
MmProbeAndLockPages(
|
|
mdl, // MemoryDescriptorList
|
|
RequestorMode, // AccessMode
|
|
IoReadAccess // Operation
|
|
);
|
|
OutputBuffer = MmGetSystemAddressForMdlSafe(mdl, LowPagePriority);
|
|
if (OutputBuffer==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
}
|
|
else {
|
|
if (RequestorMode!=KernelMode) {
|
|
ProbeForRead (OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof (UCHAR));
|
|
RtlCopyMemory (localBuffer,
|
|
OutputBuffer,
|
|
OutputBufferLength);
|
|
OutputBuffer = localBuffer;
|
|
}
|
|
}
|
|
}
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
goto exit;
|
|
}
|
|
|
|
|
|
AfdAcquireSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// If there is a connect outstanding on this endpoint or if it
|
|
// has already been shut down, fail this request. This prevents
|
|
// the connect code from accessing buffers which may be freed soon.
|
|
//
|
|
|
|
if( endpoint->StateChangeInProgress ||
|
|
((endpoint->DisconnectMode & AFD_PARTIAL_DISCONNECT_RECEIVE) != 0 )) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
|
|
if (InputBufferLength>0) {
|
|
if ((endpoint->Type & AfdBlockTypeVcListening)==AfdBlockTypeVcListening) {
|
|
connection = AfdFindReturnedConnection(
|
|
endpoint,
|
|
connectInfo.Sequence
|
|
);
|
|
}
|
|
else
|
|
connection = NULL;
|
|
|
|
if( connection == NULL ) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
connectDataBuffersTarget = &connection->ConnectDataBuffers;
|
|
}
|
|
else if ( (connection= AFD_CONNECTION_FROM_ENDPOINT (endpoint)) != NULL ) {
|
|
connectDataBuffersTarget = &connection->ConnectDataBuffers;
|
|
} else {
|
|
connectDataBuffersTarget = &endpoint->Common.VirtualCircuit.ConnectDataBuffers;
|
|
}
|
|
|
|
|
|
connectDataBuffers = *connectDataBuffersTarget;
|
|
|
|
if( connectDataBuffers == NULL ) {
|
|
|
|
try {
|
|
|
|
connectDataBuffers = AFD_ALLOCATE_POOL_WITH_QUOTA(
|
|
NonPagedPool,
|
|
sizeof(*connectDataBuffers),
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
// AFD_ALLOCATE_POOL_WITH_QUOTA macro sets POOL_RAISE_IF_ALLOCATION_FAILURE flag
|
|
ASSERT ( connectDataBuffers != NULL );
|
|
*connectDataBuffersTarget = connectDataBuffers;
|
|
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
status = GetExceptionCode ();
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
goto exit;
|
|
}
|
|
|
|
|
|
RtlZeroMemory(
|
|
connectDataBuffers,
|
|
sizeof(*connectDataBuffers)
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Determine what sort of data we're handling and where it should
|
|
// go.
|
|
//
|
|
|
|
switch( IoctlCode ) {
|
|
|
|
case IOCTL_AFD_SET_CONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->SendConnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_CONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->SendConnectOptions;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_DISCONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->SendDisconnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_DISCONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->SendDisconnectOptions;
|
|
break;
|
|
|
|
case IOCTL_AFD_SIZE_CONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectData;
|
|
size = TRUE;
|
|
break;
|
|
|
|
case IOCTL_AFD_SIZE_CONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectOptions;
|
|
size = TRUE;
|
|
break;
|
|
|
|
case IOCTL_AFD_SIZE_DISCONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectData;
|
|
size = TRUE;
|
|
break;
|
|
|
|
case IOCTL_AFD_SIZE_DISCONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectOptions;
|
|
size = TRUE;
|
|
break;
|
|
|
|
default:
|
|
ASSERT(FALSE);
|
|
}
|
|
|
|
|
|
//
|
|
// Determine the buffer size based on whether we're setting a buffer
|
|
// into which data will be received, in which case the size is
|
|
// in the four bytes of input buffer, or setting a buffer which we're
|
|
// going to send, in which case the size is the length of the input
|
|
// buffer.
|
|
//
|
|
|
|
if( size ) {
|
|
|
|
if( OutputBufferLength < sizeof(ULONG) ) {
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
OutputBufferLength = *(ULONG UNALIGNED *)OutputBuffer;
|
|
}
|
|
|
|
//
|
|
// If there's not currently a buffer of the requested type, or there is
|
|
// such a buffer and it's smaller than the requested size, free it
|
|
// and allocate a new one.
|
|
//
|
|
|
|
if( connectDataInfo->Buffer == NULL ||
|
|
connectDataInfo->BufferLength < OutputBufferLength ) {
|
|
|
|
if( connectDataInfo->Buffer != NULL ) {
|
|
|
|
AFD_FREE_POOL(
|
|
connectDataInfo->Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
}
|
|
|
|
connectDataInfo->Buffer = NULL;
|
|
connectDataInfo->BufferLength = 0;
|
|
|
|
if (OutputBufferLength>0) {
|
|
try {
|
|
|
|
connectDataInfo->Buffer = AFD_ALLOCATE_POOL_WITH_QUOTA(
|
|
NonPagedPool,
|
|
OutputBufferLength,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
// AFD_ALLOCATE_POOL_WITH_QUOTA macro sets POOL_RAISE_IF_ALLOCATION_FAILURE flag
|
|
ASSERT ( connectDataInfo->Buffer != NULL );
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
|
|
status = GetExceptionCode ();
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
goto exit;
|
|
|
|
}
|
|
|
|
|
|
RtlZeroMemory(
|
|
connectDataInfo->Buffer,
|
|
OutputBufferLength
|
|
);
|
|
}
|
|
}
|
|
|
|
//
|
|
// If this wasn't simply a "size" request, copy the data into the buffer.
|
|
//
|
|
|
|
if( !size ) {
|
|
|
|
RtlCopyMemory(
|
|
connectDataInfo->Buffer,
|
|
OutputBuffer,
|
|
OutputBufferLength
|
|
);
|
|
|
|
}
|
|
|
|
connectDataInfo->BufferLength = OutputBufferLength;
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
exit:
|
|
if (mdl!=NULL) {
|
|
if (mdl->MdlFlags & MDL_PAGES_LOCKED) {
|
|
MmUnlockPages (mdl);
|
|
}
|
|
IoFreeMdl (mdl);
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdSetConnectData
|
|
|
|
|
|
NTSTATUS
|
|
AfdSaveReceivedConnectData (
|
|
IN OUT PAFD_CONNECT_DATA_BUFFERS * DataBuffers,
|
|
IN ULONG IoControlCode,
|
|
IN PVOID Buffer,
|
|
IN ULONG BufferLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This helper routine stores the specified *received* connect/disconnect
|
|
data/options on the specified endpoint/connection.
|
|
|
|
N.B. This routine MUST be called with endpoint SpinLock held!
|
|
|
|
N.B. Unlike AfdSetConnectData(), this routine cannot allocate the
|
|
AFD_CONNECT_DATA_BUFFERS structure with quota, as it may be
|
|
called from AfdDisconnectEventHandler() in an unknown thread
|
|
context.
|
|
|
|
Arguments:
|
|
|
|
DataBuffers -Points to a pointer to the connect data buffers structure.
|
|
If the value pointed to by DataBuffers is NULL, then a new structure
|
|
is allocated, otherwise the existing structure is used.
|
|
|
|
IoControlCode - Specifies the type of data to save.
|
|
|
|
Buffer - Points to the buffer containing the data.
|
|
|
|
BufferLength - The length of Buffer.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - The completion status.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAFD_CONNECT_DATA_BUFFERS connectDataBuffers;
|
|
PAFD_CONNECT_DATA_INFO connectDataInfo;
|
|
|
|
ASSERT( KeGetCurrentIrql() >= DISPATCH_LEVEL );
|
|
|
|
//
|
|
// If there's no connect data buffer structure, allocate one now.
|
|
//
|
|
|
|
connectDataBuffers = *DataBuffers;
|
|
|
|
if( connectDataBuffers == NULL ) {
|
|
|
|
connectDataBuffers = AFD_ALLOCATE_POOL(
|
|
NonPagedPool,
|
|
sizeof(*connectDataBuffers),
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
if( connectDataBuffers == NULL ) {
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
}
|
|
|
|
RtlZeroMemory(
|
|
connectDataBuffers,
|
|
sizeof(*connectDataBuffers)
|
|
);
|
|
|
|
*DataBuffers = connectDataBuffers;
|
|
|
|
}
|
|
|
|
//
|
|
// Determine what sort of data we're handling and where it should
|
|
// go.
|
|
//
|
|
|
|
switch( IoControlCode ) {
|
|
|
|
case IOCTL_AFD_SET_CONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_CONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveConnectOptions;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_DISCONNECT_DATA:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectData;
|
|
break;
|
|
|
|
case IOCTL_AFD_SET_DISCONNECT_OPTIONS:
|
|
connectDataInfo = &connectDataBuffers->ReceiveDisconnectOptions;
|
|
break;
|
|
|
|
default:
|
|
ASSERT(FALSE);
|
|
}
|
|
|
|
//
|
|
// If the buffer in the connect structure matches the one
|
|
// passed in, must be the same buffer we passed in the request.
|
|
// Just adjust the length.
|
|
//
|
|
|
|
if (connectDataInfo->Buffer==Buffer) {
|
|
ASSERT (connectDataInfo->BufferLength>=BufferLength);
|
|
connectDataInfo->BufferLength = BufferLength;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
//
|
|
// If there was previously a buffer of the requested type, free it.
|
|
//
|
|
|
|
if( connectDataInfo->Buffer != NULL ) {
|
|
|
|
AFD_FREE_POOL(
|
|
connectDataInfo->Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
connectDataInfo->Buffer = NULL;
|
|
|
|
}
|
|
|
|
//
|
|
// Allocate a new buffer for the data and copy in the data we're to
|
|
// send.
|
|
//
|
|
|
|
connectDataInfo->Buffer = AFD_ALLOCATE_POOL(
|
|
NonPagedPool,
|
|
BufferLength,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
if( connectDataInfo->Buffer == NULL ) {
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
connectDataInfo->Buffer,
|
|
Buffer,
|
|
BufferLength
|
|
);
|
|
|
|
connectDataInfo->BufferLength = BufferLength;
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdSaveReceivedConnectData
|
|
|
|
|
|
VOID
|
|
AfdFreeConnectDataBuffers (
|
|
IN PAFD_CONNECT_DATA_BUFFERS ConnectDataBuffers
|
|
)
|
|
{
|
|
if ( ConnectDataBuffers->SendConnectData.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->SendConnectData.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->ReceiveConnectData.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->ReceiveConnectData.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->SendConnectOptions.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->SendConnectOptions.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->ReceiveConnectOptions.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->ReceiveConnectOptions.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->SendDisconnectData.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->SendDisconnectData.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->ReceiveDisconnectData.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->ReceiveDisconnectData.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->SendDisconnectOptions.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->SendDisconnectOptions.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
if ( ConnectDataBuffers->ReceiveDisconnectOptions.Buffer != NULL ) {
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers->ReceiveDisconnectOptions.Buffer,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
}
|
|
|
|
AFD_FREE_POOL(
|
|
ConnectDataBuffers,
|
|
AFD_CONNECT_DATA_POOL_TAG
|
|
);
|
|
|
|
return;
|
|
|
|
} // AfdFreeConnectDataBuffers
|
|
|
|
|
|
|
|
VOID
|
|
AfdQueueWorkItem (
|
|
IN PWORKER_THREAD_ROUTINE AfdWorkerRoutine,
|
|
IN PAFD_WORK_ITEM AfdWorkItem
|
|
)
|
|
{
|
|
KIRQL oldIrql;
|
|
|
|
ASSERT( AfdWorkerRoutine != NULL );
|
|
ASSERT( AfdWorkItem != NULL );
|
|
|
|
AfdWorkItem->AfdWorkerRoutine = AfdWorkerRoutine;
|
|
|
|
//
|
|
// Insert the work item at the tail of AFD's list of work itrems.
|
|
//
|
|
|
|
oldIrql = KeAcquireQueuedSpinLock( LockQueueAfdWorkQueueLock );
|
|
|
|
InsertTailList( &AfdWorkQueueListHead, &AfdWorkItem->WorkItemListEntry );
|
|
|
|
AfdRecordAfdWorkItemsQueued();
|
|
|
|
//
|
|
// If there is no executive worker thread working on AFD work, fire
|
|
// off an executive worker thread to start servicing the list.
|
|
//
|
|
|
|
if ( !AfdWorkThreadRunning ) {
|
|
|
|
//
|
|
// Remember that the work thread is running and release the
|
|
// lock. Note that we must release the lock before queuing the
|
|
// work because the worker thread may unlock AFD and we can't
|
|
// hold a lock when AFD is unlocked.
|
|
//
|
|
|
|
AfdRecordExWorkItemsQueued();
|
|
|
|
AfdWorkThreadRunning = TRUE;
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
|
|
IoQueueWorkItem (AfdWorkQueueItem,
|
|
AfdDoWork,
|
|
DelayedWorkQueue,
|
|
NULL);
|
|
|
|
} else {
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
}
|
|
|
|
return;
|
|
|
|
} // AfdQueueWorkItem
|
|
|
|
|
|
VOID
|
|
AfdDoWork (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PVOID Context
|
|
)
|
|
{
|
|
PAFD_WORK_ITEM afdWorkItem;
|
|
PLIST_ENTRY listEntry;
|
|
KIRQL oldIrql;
|
|
PWORKER_THREAD_ROUTINE workerRoutine;
|
|
|
|
ASSERT( AfdWorkThreadRunning );
|
|
|
|
//
|
|
// Empty the queue of AFD work items.
|
|
//
|
|
|
|
oldIrql = KeAcquireQueuedSpinLock( LockQueueAfdWorkQueueLock );
|
|
|
|
AfdRecordWorkerEnter();
|
|
AfdRecordAfdWorkerThread( PsGetCurrentThread() );
|
|
|
|
while ( !IsListEmpty( &AfdWorkQueueListHead ) ) {
|
|
|
|
//
|
|
// Take the first item from the queue and find the address
|
|
// of the AFD work item structure.
|
|
//
|
|
|
|
listEntry = RemoveHeadList( &AfdWorkQueueListHead );
|
|
afdWorkItem = CONTAINING_RECORD(
|
|
listEntry,
|
|
AFD_WORK_ITEM,
|
|
WorkItemListEntry
|
|
);
|
|
|
|
AfdRecordAfdWorkItemsProcessed();
|
|
|
|
//
|
|
// Capture the worker thread routine from the item.
|
|
//
|
|
|
|
workerRoutine = afdWorkItem->AfdWorkerRoutine;
|
|
|
|
//
|
|
// If this work item is going to unlock AFD, then remember that
|
|
// the worker thread is no longer running. This closes the
|
|
// window where AFD gets unloaded at the same time as new work
|
|
// comes in and gets put on the work queue. Note that we
|
|
// must reset this boolean BEFORE releasing the spin lock.
|
|
//
|
|
|
|
if( workerRoutine == AfdUnlockDriver ) {
|
|
|
|
AfdWorkThreadRunning = FALSE;
|
|
|
|
AfdRecordAfdWorkerThread( NULL );
|
|
AfdRecordWorkerLeave();
|
|
|
|
}
|
|
|
|
//
|
|
// Release the lock and then call the AFD worker routine.
|
|
//
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
|
|
workerRoutine( afdWorkItem );
|
|
|
|
//
|
|
// If the purpose of this work item was to unload AFD, then
|
|
// we know that there is no more work to do and we CANNOT
|
|
// acquire a spin lock. Quit servicing the list and return.
|
|
|
|
if( workerRoutine == AfdUnlockDriver ) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Reacquire the spin lock and continue servicing the list.
|
|
//
|
|
|
|
oldIrql = KeAcquireQueuedSpinLock( LockQueueAfdWorkQueueLock );
|
|
}
|
|
|
|
//
|
|
// Remember that we're no longer servicing the list and release the
|
|
// spin lock.
|
|
//
|
|
|
|
AfdRecordAfdWorkerThread( NULL );
|
|
AfdRecordWorkerLeave();
|
|
|
|
AfdWorkThreadRunning = FALSE;
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
|
|
} // AfdDoWork
|
|
|
|
|
|
|
|
|
|
PAFD_WORK_ITEM
|
|
AfdGetWorkerByRoutine (
|
|
PWORKER_THREAD_ROUTINE Routine
|
|
) {
|
|
KIRQL oldIrql;
|
|
PLIST_ENTRY listEntry;
|
|
|
|
oldIrql = KeAcquireQueuedSpinLock( LockQueueAfdWorkQueueLock );
|
|
listEntry = AfdWorkQueueListHead.Flink;
|
|
while (listEntry!=&AfdWorkQueueListHead) {
|
|
PAFD_WORK_ITEM afdWorkItem = CONTAINING_RECORD(
|
|
listEntry,
|
|
AFD_WORK_ITEM,
|
|
WorkItemListEntry
|
|
);
|
|
if (afdWorkItem->AfdWorkerRoutine==Routine) {
|
|
RemoveEntryList (&afdWorkItem->WorkItemListEntry);
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
return afdWorkItem;
|
|
}
|
|
else
|
|
listEntry = listEntry->Flink;
|
|
}
|
|
KeReleaseQueuedSpinLock( LockQueueAfdWorkQueueLock, oldIrql );
|
|
return NULL;
|
|
} // AfdGetWorkerByRoutine
|
|
|
|
|
|
#if DBG
|
|
|
|
typedef struct _AFD_OUTSTANDING_IRP {
|
|
LIST_ENTRY OutstandingIrpListEntry;
|
|
PIRP OutstandingIrp;
|
|
PCHAR FileName;
|
|
ULONG LineNumber;
|
|
} AFD_OUTSTANDING_IRP, *PAFD_OUTSTANDING_IRP;
|
|
|
|
|
|
BOOLEAN
|
|
AfdRecordOutstandingIrpDebug (
|
|
IN PAFD_ENDPOINT Endpoint,
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PCHAR FileName,
|
|
IN ULONG LineNumber
|
|
)
|
|
{
|
|
PAFD_OUTSTANDING_IRP outstandingIrp;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
//
|
|
// Get an outstanding IRP structure to hold the IRP.
|
|
//
|
|
|
|
outstandingIrp = AFD_ALLOCATE_POOL_PRIORITY (
|
|
NonPagedPool,
|
|
sizeof(AFD_OUTSTANDING_IRP),
|
|
AFD_DEBUG_POOL_TAG,
|
|
NormalPoolPriority
|
|
);
|
|
|
|
if ( outstandingIrp == NULL ) {
|
|
//
|
|
// Because our completion routine will try to
|
|
// find this IRP anyway and check for completion
|
|
// we use the stack space to put it in the list.
|
|
// The completion routine will just remove this
|
|
// element from the list without attempting to free it.
|
|
//
|
|
AFD_OUTSTANDING_IRP OutstandingIrp;
|
|
|
|
OutstandingIrp.OutstandingIrp = Irp;
|
|
OutstandingIrp.FileName = NULL; // To let completion
|
|
// routine know that this
|
|
// is not an allocated element
|
|
OutstandingIrp.LineNumber = 0;
|
|
|
|
AfdAcquireSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
InsertTailList(
|
|
&Endpoint->OutstandingIrpListHead,
|
|
&OutstandingIrp.OutstandingIrpListEntry
|
|
);
|
|
Endpoint->OutstandingIrpCount++;
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdRecordOutstandingIrp: Could not track Irp %p on endpoint %p, failing it.\n",
|
|
Irp, Endpoint));
|
|
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
IoSetNextIrpStackLocation( Irp );
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Initialize the structure and place it on the endpoint's list of
|
|
// outstanding IRPs.
|
|
//
|
|
|
|
outstandingIrp->OutstandingIrp = Irp;
|
|
outstandingIrp->FileName = FileName;
|
|
outstandingIrp->LineNumber = LineNumber;
|
|
|
|
AfdAcquireSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
InsertHeadList(
|
|
&Endpoint->OutstandingIrpListHead,
|
|
&outstandingIrp->OutstandingIrpListEntry
|
|
);
|
|
Endpoint->OutstandingIrpCount++;
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
return TRUE;
|
|
} // AfdRecordOutstandingIrpDebug
|
|
|
|
|
|
VOID
|
|
AfdCompleteOutstandingIrpDebug (
|
|
IN PAFD_ENDPOINT Endpoint,
|
|
IN PIRP Irp
|
|
)
|
|
{
|
|
PAFD_OUTSTANDING_IRP outstandingIrp;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
PLIST_ENTRY listEntry;
|
|
|
|
//
|
|
// First find the IRP on the endpoint's list of outstanding IRPs.
|
|
//
|
|
|
|
AfdAcquireSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
for ( listEntry = Endpoint->OutstandingIrpListHead.Flink;
|
|
listEntry != &Endpoint->OutstandingIrpListHead;
|
|
listEntry = listEntry->Flink ) {
|
|
|
|
outstandingIrp = CONTAINING_RECORD(
|
|
listEntry,
|
|
AFD_OUTSTANDING_IRP,
|
|
OutstandingIrpListEntry
|
|
);
|
|
if ( outstandingIrp->OutstandingIrp == Irp ) {
|
|
RemoveEntryList( listEntry );
|
|
ASSERT( Endpoint->OutstandingIrpCount != 0 );
|
|
Endpoint->OutstandingIrpCount--;
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
if (outstandingIrp->FileName!=NULL) {
|
|
AFD_FREE_POOL(
|
|
outstandingIrp,
|
|
AFD_DEBUG_POOL_TAG
|
|
);
|
|
}
|
|
return;
|
|
}
|
|
}
|
|
|
|
//
|
|
// The corresponding outstanding IRP structure was not found. This
|
|
// should never happen unless an allocate for an outstanding IRP
|
|
// structure failed above.
|
|
//
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdCompleteOutstandingIrp: Irp %p not found on endpoint %p\n",
|
|
Irp, Endpoint ));
|
|
|
|
ASSERT( Endpoint->OutstandingIrpCount != 0 );
|
|
|
|
Endpoint->OutstandingIrpCount--;
|
|
|
|
AfdReleaseSpinLock( &Endpoint->SpinLock, &lockHandle );
|
|
|
|
return;
|
|
|
|
} // AfdCompleteOutstandingIrpDebug
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if REFERENCE_DEBUG
|
|
AFD_QSPIN_LOCK AfdLocationTableLock;
|
|
PAFD_REFERENCE_LOCATION AfdLocationTable;
|
|
SIZE_T AfdLocationTableSize;
|
|
LONG AfdLocationId;
|
|
|
|
LONG
|
|
AfdFindReferenceLocation (
|
|
IN PCHAR Format,
|
|
OUT PLONG LocationId
|
|
)
|
|
{
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
PVOID ignore;
|
|
|
|
AfdAcquireSpinLock (&AfdLocationTableLock, &lockHandle);
|
|
if (*LocationId==0) {
|
|
if (AfdLocationId >= (LONG)(AfdLocationTableSize/sizeof(AfdLocationTable[0]))) {
|
|
PAFD_REFERENCE_LOCATION newTable;
|
|
newTable = ExAllocatePoolWithTag (NonPagedPool,
|
|
AfdLocationTableSize+PAGE_SIZE,
|
|
AFD_DEBUG_POOL_TAG);
|
|
if (newTable!=NULL) {
|
|
if (AfdLocationTable!=NULL) {
|
|
RtlCopyMemory (newTable, AfdLocationTable, AfdLocationTableSize);
|
|
ExFreePoolWithTag (AfdLocationTable, AFD_DEBUG_POOL_TAG);
|
|
}
|
|
AfdLocationTable = newTable;
|
|
AfdLocationTableSize += PAGE_SIZE;
|
|
}
|
|
else {
|
|
goto Unlock;
|
|
}
|
|
}
|
|
|
|
AfdLocationTable[AfdLocationId].Format = Format;
|
|
RtlGetCallersAddress (&AfdLocationTable[AfdLocationId].Address, &ignore);
|
|
|
|
*LocationId = ++AfdLocationId;
|
|
}
|
|
Unlock:
|
|
AfdReleaseSpinLock (&AfdLocationTableLock, &lockHandle);
|
|
return *LocationId;
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
#if DBG || REFERENCE_DEBUG
|
|
|
|
VOID
|
|
AfdInitializeDebugData (
|
|
VOID
|
|
)
|
|
{
|
|
AfdInitializeSpinLock (&AfdLocationTableLock);
|
|
|
|
} // AfdInitializeDebugData
|
|
|
|
VOID
|
|
AfdFreeDebugData (
|
|
VOID
|
|
)
|
|
{
|
|
if (AfdLocationTable!=NULL) {
|
|
ExFreePoolWithTag (AfdLocationTable, AFD_DEBUG_POOL_TAG);
|
|
AfdLocationTable = NULL;
|
|
}
|
|
|
|
} // AfdFreeDebugData
|
|
#endif
|
|
|
|
#if DBG
|
|
|
|
ULONG AfdTotalAllocations = 0;
|
|
ULONG AfdTotalFrees = 0;
|
|
LARGE_INTEGER AfdTotalBytesAllocated;
|
|
LARGE_INTEGER AfdTotalBytesFreed;
|
|
|
|
|
|
|
|
PVOID
|
|
AfdAllocatePool (
|
|
IN POOL_TYPE PoolType,
|
|
IN SIZE_T NumberOfBytes,
|
|
IN ULONG Tag,
|
|
IN PCHAR FileName,
|
|
IN ULONG LineNumber,
|
|
IN BOOLEAN WithQuota,
|
|
IN EX_POOL_PRIORITY Priority
|
|
)
|
|
{
|
|
|
|
PVOID memBlock;
|
|
PAFD_POOL_HEADER header;
|
|
SIZE_T allocBytes;
|
|
|
|
//
|
|
// Check for overflow first.
|
|
//
|
|
if (NumberOfBytes+sizeof (*header)<=NumberOfBytes) {
|
|
if (WithQuota) {
|
|
ExRaiseStatus (STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
if (NumberOfBytes+sizeof (*header)>=PAGE_SIZE) {
|
|
allocBytes = NumberOfBytes;
|
|
if (allocBytes<PAGE_SIZE)
|
|
allocBytes = PAGE_SIZE;
|
|
}
|
|
else {
|
|
allocBytes = NumberOfBytes+sizeof (*header);
|
|
}
|
|
|
|
|
|
if ( WithQuota ) {
|
|
ASSERT (PoolType == (NonPagedPool|POOL_RAISE_IF_ALLOCATION_FAILURE) ||
|
|
PoolType == (PagedPool|POOL_RAISE_IF_ALLOCATION_FAILURE) ||
|
|
PoolType == (PagedPool|POOL_RAISE_IF_ALLOCATION_FAILURE|POOL_COLD_ALLOCATION));
|
|
memBlock = ExAllocatePoolWithQuotaTag(
|
|
PoolType,
|
|
allocBytes,
|
|
Tag
|
|
);
|
|
ASSERT (memBlock!=NULL);
|
|
} else {
|
|
ASSERT( PoolType == NonPagedPool ||
|
|
PoolType == NonPagedPoolMustSucceed ||
|
|
PoolType == PagedPool ||
|
|
PoolType == (PagedPool|POOL_COLD_ALLOCATION));
|
|
memBlock = ExAllocatePoolWithTagPriority(
|
|
PoolType,
|
|
allocBytes,
|
|
Tag,
|
|
Priority
|
|
);
|
|
if ( memBlock == NULL ) {
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
|
|
if (allocBytes<PAGE_SIZE) {
|
|
header = memBlock;
|
|
memBlock = header+1;
|
|
header->FileName = FileName;
|
|
header->LineNumber = LineNumber;
|
|
header->Size = NumberOfBytes;
|
|
header->InUse = PoolType;
|
|
|
|
}
|
|
else {
|
|
NumberOfBytes = PAGE_SIZE;
|
|
ASSERT (PAGE_ALIGN(memBlock)==memBlock);
|
|
}
|
|
|
|
ExInterlockedAddLargeStatistic(
|
|
&AfdTotalBytesAllocated,
|
|
(CLONG)NumberOfBytes
|
|
);
|
|
InterlockedIncrement(
|
|
&AfdTotalAllocations
|
|
);
|
|
|
|
return memBlock;
|
|
|
|
} // AfdAllocatePool
|
|
|
|
#define AFD_POOL_DEBUG 0
|
|
#if AFD_POOL_DEBUG
|
|
#define MAX_LRU_POOL_BLOCKS 256
|
|
PVOID AfdLRUPoolBlocks[MAX_LRU_POOL_BLOCKS];
|
|
LONG AfdLRUPoolIndex = -1;
|
|
#endif // AFD_POOL_DEBUG
|
|
|
|
|
|
VOID
|
|
AfdFreePool (
|
|
IN PVOID Pointer,
|
|
IN ULONG Tag
|
|
)
|
|
{
|
|
|
|
ULONG PoolType;
|
|
ULONG numberOfBytes;
|
|
|
|
if (PAGE_ALIGN (Pointer)==Pointer) {
|
|
numberOfBytes = PAGE_SIZE;
|
|
}
|
|
else {
|
|
PAFD_POOL_HEADER header;
|
|
Pointer = header = (PAFD_POOL_HEADER)Pointer - 1;
|
|
ASSERT (header->Size>0);
|
|
PoolType = InterlockedExchange (&header->InUse, -1);
|
|
ASSERT( PoolType == NonPagedPool ||
|
|
PoolType == NonPagedPoolMustSucceed ||
|
|
PoolType == PagedPool ||
|
|
PoolType == (NonPagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE) ||
|
|
PoolType == (PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE) ||
|
|
PoolType == (PagedPool | POOL_COLD_ALLOCATION) ||
|
|
PoolType == (PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE | POOL_COLD_ALLOCATION));
|
|
numberOfBytes = (CLONG)header->Size;
|
|
}
|
|
|
|
ExInterlockedAddLargeStatistic(
|
|
&AfdTotalBytesFreed,
|
|
numberOfBytes
|
|
);
|
|
|
|
InterlockedIncrement(
|
|
&AfdTotalFrees
|
|
);
|
|
|
|
#if AFD_POOL_DEBUG
|
|
{
|
|
LONG idx = InterlockedIncrement (&AfdLRUPoolIndex)%MAX_LRU_POOL_BLOCKS;
|
|
RtlFillMemoryUlong (
|
|
Pointer,
|
|
(numberOfBytes+3)&(~3),
|
|
Tag);
|
|
if (PoolType!=PagedPool) {
|
|
ULONG size;
|
|
Pointer = InterlockedExchangePointer (
|
|
&AfdLRUPoolBlocks[idx],
|
|
Pointer);
|
|
if (Pointer==NULL)
|
|
return;
|
|
|
|
if (PAGE_ALIGN(Pointer)==Pointer)
|
|
numberOfBytes = PAGE_SIZE;
|
|
else {
|
|
PAFD_HEADER header;
|
|
header = (PAFD_POOL_HEADER)Pointer - 1;
|
|
Tag = *((PULONG)Pointer);
|
|
numberOfBytes = (CLONG)(header->Size+3)&(~3);
|
|
}
|
|
size = RtlCompareMemoryUlong (Pointer, numberOfBytes, Tag);
|
|
if (size!=numberOfBytes) {
|
|
DbgPrint ("Block %p is modified at %p after it was freed.\n",
|
|
Pointer, (PUCHAR)Pointer+size);
|
|
DbgBreakPoint ();
|
|
}
|
|
|
|
}
|
|
}
|
|
#endif AFD_POOL_DEBUG
|
|
|
|
MyFreePoolWithTag(
|
|
(PVOID)Pointer,
|
|
Tag
|
|
);
|
|
|
|
} // AfdFreePool
|
|
|
|
#ifdef AFDDBG_QUOTA
|
|
|
|
typedef struct _AFD_QUOTA_HASH {
|
|
PSZ Type;
|
|
LONG TotalAmount;
|
|
} AFD_QUOTA_HASH, *PAFD_QUOTA_HASH;
|
|
|
|
#define AFD_QUOTA_HASH_SIZE 31
|
|
AFD_QUOTA_HASH AfdQuotaHash[AFD_QUOTA_HASH_SIZE];
|
|
PEPROCESS AfdQuotaProcess;
|
|
|
|
|
|
|
|
typedef struct {
|
|
union {
|
|
ULONG Bytes;
|
|
struct {
|
|
UCHAR Reserved[3];
|
|
UCHAR Sign;
|
|
} ;
|
|
} ;
|
|
UCHAR Location[12];
|
|
PVOID Block;
|
|
PVOID Process;
|
|
PVOID Reserved2[2];
|
|
} QUOTA_HISTORY, *PQUOTA_HISTORY;
|
|
#define QUOTA_HISTORY_LENGTH 512
|
|
QUOTA_HISTORY AfdQuotaHistory[QUOTA_HISTORY_LENGTH];
|
|
LONG AfdQuotaHistoryIndex = 0;
|
|
|
|
VOID
|
|
AfdRecordQuotaHistory(
|
|
IN PEPROCESS Process,
|
|
IN LONG Bytes,
|
|
IN PSZ Type,
|
|
IN PVOID Block
|
|
)
|
|
{
|
|
|
|
LONG index;
|
|
PQUOTA_HISTORY history;
|
|
|
|
index = InterlockedIncrement( &AfdQuotaHistoryIndex );
|
|
index &= QUOTA_HISTORY_LENGTH - 1;
|
|
history = &AfdQuotaHistory[index];
|
|
|
|
history->Bytes = Bytes;
|
|
history->Sign = Bytes < 0 ? '-' : '+';
|
|
RtlCopyMemory( history->Location, Type, 12 );
|
|
history->Block = Block;
|
|
history->Process = Process;
|
|
|
|
index = (ULONG_PTR)Type % AFD_QUOTA_HASH_SIZE;
|
|
if (AfdQuotaHash[index].Type!=Type) {
|
|
if (InterlockedCompareExchangePointer (
|
|
(PVOID *)&AfdQuotaHash[index].Type,
|
|
Type,
|
|
NULL)!=NULL) {
|
|
AfdQuotaHash[index].Type = (PVOID)-1;
|
|
}
|
|
}
|
|
InterlockedExchangeAdd (&AfdQuotaHash[index].TotalAmount, Bytes);
|
|
} // AfdRecordQuotaHistory
|
|
#endif
|
|
#endif
|
|
|
|
|
|
PMDL
|
|
AfdAdvanceMdlChain(
|
|
IN PMDL Mdl,
|
|
IN ULONG Offset
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Accepts a pointer to an existing MDL chain and offsets that chain
|
|
by a specified number of bytes. This may involve the creation
|
|
of a partial MDL for the first entry in the new chain.
|
|
|
|
Arguments:
|
|
|
|
Mdl - Pointer to the MDL chain to advance.
|
|
|
|
Offset - The number of bytes to offset the chain.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates the status of the request.
|
|
|
|
--*/
|
|
|
|
{
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( Mdl != NULL );
|
|
ASSERT( Offset > 0 );
|
|
|
|
//
|
|
// Scan past any fully completed MDLs.
|
|
//
|
|
|
|
while ( Offset > MmGetMdlByteCount( Mdl ) ) {
|
|
PMDL prev = Mdl;
|
|
|
|
Offset -= MmGetMdlByteCount( Mdl );
|
|
ASSERT( Mdl->Next != NULL );
|
|
Mdl = Mdl->Next;
|
|
prev->Next = NULL;
|
|
MmUnlockPages (prev);
|
|
IoFreeMdl (prev);
|
|
|
|
}
|
|
|
|
//
|
|
// Tautology of the day: Offset will either be zero (meaning that
|
|
// we've advanced to a clean boundary between MDLs) or non-zero
|
|
// (meaning we need to now build a partial MDL).
|
|
//
|
|
|
|
if ( Offset > 0 ) {
|
|
|
|
NTSTATUS status;
|
|
|
|
//
|
|
// Use new MM routine.
|
|
// This saves us use of MustSucceed pool since the routine
|
|
// below is guaranteed to succeed (as it should because
|
|
// we already have the whole range locked and possibly mapped
|
|
// and there should be no problem extracting part of it within
|
|
// the same MDL).
|
|
//
|
|
|
|
status = MmAdvanceMdl (Mdl, Offset);
|
|
ASSERT (status==STATUS_SUCCESS);
|
|
}
|
|
|
|
return Mdl;
|
|
|
|
} // AfdAdvanceMdlChain
|
|
|
|
|
|
NTSTATUS
|
|
AfdAllocateMdlChain(
|
|
IN PIRP Irp,
|
|
IN LPWSABUF BufferArray,
|
|
IN ULONG BufferCount,
|
|
IN LOCK_OPERATION Operation,
|
|
OUT PULONG TotalByteCount
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Allocates a MDL chain describing the WSABUF array and attaches
|
|
the chain to the specified IRP.
|
|
|
|
Arguments:
|
|
|
|
Irp - The IRP that will receive the MDL chain.
|
|
|
|
BufferArray - Points to an array of WSABUF structures describing
|
|
the user's buffers.
|
|
|
|
BufferCount - Contains the number of WSABUF structures in the
|
|
array.
|
|
|
|
Operation - Specifies the type of operation being performed (either
|
|
IoReadAccess or IoWriteAccess).
|
|
|
|
TotalByteCount - Will receive the total number of BYTEs described
|
|
by the WSABUF array.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates the status of the request.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
PMDL currentMdl;
|
|
PMDL * chainTarget;
|
|
KPROCESSOR_MODE previousMode;
|
|
ULONG totalLength;
|
|
PVOID bufferPointer;
|
|
ULONG bufferLength;
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( Irp != NULL );
|
|
ASSERT( Irp->MdlAddress == NULL );
|
|
ASSERT( ( Operation == IoReadAccess ) || ( Operation == IoWriteAccess ) );
|
|
ASSERT( TotalByteCount != NULL );
|
|
|
|
//
|
|
// Get the previous processor mode.
|
|
//
|
|
|
|
previousMode = Irp->RequestorMode;
|
|
|
|
//
|
|
// Get into a known state.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
currentMdl = NULL;
|
|
chainTarget = &Irp->MdlAddress;
|
|
totalLength = 0;
|
|
|
|
//
|
|
// Walk the array of WSABUF structures, creating the MDLs and
|
|
// probing & locking the pages.
|
|
//
|
|
|
|
try {
|
|
|
|
if( previousMode != KernelMode ) {
|
|
|
|
if ((BufferArray==NULL) ||
|
|
(BufferCount==0) ||
|
|
(BufferCount>(MAXULONG/sizeof (WSABUF)))) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// Probe the WSABUF array.
|
|
//
|
|
|
|
ProbeForRead(
|
|
BufferArray, // Address
|
|
BufferCount * sizeof(WSABUF), // Length
|
|
PROBE_ALIGNMENT(WSABUF) // Alignment
|
|
);
|
|
|
|
}
|
|
else {
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
}
|
|
|
|
//
|
|
// Scan the array.
|
|
//
|
|
|
|
for ( ; BufferCount>0; BufferCount--, BufferArray++) {
|
|
|
|
bufferPointer = BufferArray->buf;
|
|
bufferLength = BufferArray->len;
|
|
|
|
if( bufferLength > 0 ) {
|
|
|
|
//
|
|
// Update the total byte counter.
|
|
//
|
|
|
|
totalLength += bufferLength;
|
|
|
|
//
|
|
// Create a new MDL.
|
|
//
|
|
|
|
currentMdl = IoAllocateMdl(
|
|
bufferPointer, // VirtualAddress
|
|
bufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
|
|
if( currentMdl != NULL ) {
|
|
|
|
//
|
|
// Lock the pages. This will raise an exception
|
|
// if the operation fails.
|
|
//
|
|
|
|
MmProbeAndLockPages(
|
|
currentMdl, // MemoryDescriptorList
|
|
previousMode, // AccessMode
|
|
Operation // Operation
|
|
);
|
|
|
|
//
|
|
// Chain the MDL onto the IRP. In theory, we could
|
|
// do this by passing the IRP into IoAllocateMdl(),
|
|
// but IoAllocateMdl() does a linear scan on the MDL
|
|
// chain to find the last one in the chain.
|
|
//
|
|
// We can do much better.
|
|
//
|
|
|
|
*chainTarget = currentMdl;
|
|
chainTarget = ¤tMdl->Next;
|
|
|
|
|
|
} else {
|
|
|
|
//
|
|
// Cannot allocate new MDL, return appropriate error.
|
|
//
|
|
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
//
|
|
// Ensure the MDL chain is NULL terminated.
|
|
//
|
|
|
|
ASSERT( *chainTarget == NULL );
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
//
|
|
// currentMdl will only be non-NULL at this point if an MDL
|
|
// has been created, but MmProbeAndLockPages() raised an
|
|
// exception. If this is true, then free the MDL.
|
|
// Also account for the case when currentMdl has been linked
|
|
// onto the chain and exception occured when accesing next user
|
|
// buffer.
|
|
//
|
|
|
|
if( currentMdl != NULL && chainTarget!=¤tMdl->Next) {
|
|
|
|
IoFreeMdl( currentMdl );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Return the total buffer count.
|
|
//
|
|
|
|
*TotalByteCount = totalLength;
|
|
|
|
return status;
|
|
|
|
} // AfdAllocateMdlChain
|
|
|
|
|
|
#ifdef _WIN64
|
|
NTSTATUS
|
|
AfdAllocateMdlChain32(
|
|
IN PIRP Irp,
|
|
IN LPWSABUF32 BufferArray,
|
|
IN ULONG BufferCount,
|
|
IN LOCK_OPERATION Operation,
|
|
OUT PULONG TotalByteCount
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Allocates a MDL chain describing the WSABUF array and attaches
|
|
the chain to the specified IRP.
|
|
|
|
Arguments:
|
|
|
|
Irp - The IRP that will receive the MDL chain.
|
|
|
|
BufferArray - Points to an array of WSABUF structures describing
|
|
the user's buffers.
|
|
|
|
BufferCount - Contains the number of WSABUF structures in the
|
|
array.
|
|
|
|
Operation - Specifies the type of operation being performed (either
|
|
IoReadAccess or IoWriteAccess).
|
|
|
|
TotalByteCount - Will receive the total number of BYTEs described
|
|
by the WSABUF array.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates the status of the request.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
PMDL currentMdl;
|
|
PMDL * chainTarget;
|
|
KPROCESSOR_MODE previousMode;
|
|
ULONG totalLength;
|
|
PVOID bufferPointer;
|
|
ULONG bufferLength;
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( Irp != NULL );
|
|
ASSERT( Irp->MdlAddress == NULL );
|
|
ASSERT( ( Operation == IoReadAccess ) || ( Operation == IoWriteAccess ) );
|
|
ASSERT( TotalByteCount != NULL );
|
|
|
|
//
|
|
// Get the previous processor mode.
|
|
//
|
|
|
|
previousMode = Irp->RequestorMode;
|
|
|
|
//
|
|
// Get into a known state.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
currentMdl = NULL;
|
|
chainTarget = &Irp->MdlAddress;
|
|
totalLength = 0;
|
|
|
|
//
|
|
// Walk the array of WSABUF structures, creating the MDLs and
|
|
// probing & locking the pages.
|
|
//
|
|
|
|
try {
|
|
|
|
if( previousMode != KernelMode ) {
|
|
|
|
if ((BufferArray==NULL) ||
|
|
(BufferCount==0) ||
|
|
(BufferCount>(MAXULONG/sizeof (WSABUF32)))) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// Probe the WSABUF array.
|
|
//
|
|
|
|
ProbeForRead(
|
|
BufferArray, // Address
|
|
BufferCount * sizeof(WSABUF32), // Length
|
|
PROBE_ALIGNMENT32(WSABUF32) // Alignment
|
|
);
|
|
|
|
}
|
|
else {
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
}
|
|
|
|
//
|
|
// Scan the array.
|
|
//
|
|
|
|
for ( ; BufferCount>0; BufferCount--, BufferArray++) {
|
|
|
|
bufferPointer = BufferArray->buf;
|
|
bufferLength = BufferArray->len;
|
|
|
|
if( bufferLength > 0 ) {
|
|
|
|
//
|
|
// Update the total byte counter.
|
|
//
|
|
|
|
totalLength += bufferLength;
|
|
|
|
//
|
|
// Create a new MDL.
|
|
//
|
|
|
|
currentMdl = IoAllocateMdl(
|
|
bufferPointer, // VirtualAddress
|
|
bufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
|
|
if( currentMdl != NULL ) {
|
|
|
|
//
|
|
// Lock the pages. This will raise an exception
|
|
// if the operation fails.
|
|
//
|
|
|
|
MmProbeAndLockPages(
|
|
currentMdl, // MemoryDescriptorList
|
|
previousMode, // AccessMode
|
|
Operation // Operation
|
|
);
|
|
|
|
//
|
|
// Chain the MDL onto the IRP. In theory, we could
|
|
// do this by passing the IRP into IoAllocateMdl(),
|
|
// but IoAllocateMdl() does a linear scan on the MDL
|
|
// chain to find the last one in the chain.
|
|
//
|
|
// We can do much better.
|
|
//
|
|
|
|
*chainTarget = currentMdl;
|
|
chainTarget = ¤tMdl->Next;
|
|
|
|
|
|
} else {
|
|
|
|
//
|
|
// Cannot allocate new MDL, return appropriate error.
|
|
//
|
|
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
//
|
|
// Ensure the MDL chain is NULL terminated.
|
|
//
|
|
|
|
ASSERT( *chainTarget == NULL );
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
|
|
//
|
|
// currentMdl will only be non-NULL at this point if an MDL
|
|
// has been created, but MmProbeAndLockPages() raised an
|
|
// exception. If this is true, then free the MDL.
|
|
// Also account for the case when currentMdl has been linked
|
|
// onto the chain and exception occured when accesing next user
|
|
// buffer.
|
|
//
|
|
|
|
if( currentMdl != NULL && chainTarget!=¤tMdl->Next) {
|
|
|
|
IoFreeMdl( currentMdl );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Return the total buffer count.
|
|
//
|
|
|
|
*TotalByteCount = totalLength;
|
|
|
|
return status;
|
|
|
|
} // AfdAllocateMdlChain32
|
|
#endif //_WIN64
|
|
|
|
|
|
VOID
|
|
AfdDestroyMdlChain (
|
|
IN PIRP Irp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Unlocks & frees the MDLs in the MDL chain attached to the given IRP.
|
|
|
|
Arguments:
|
|
|
|
Irp - The IRP that owns the MDL chain to destroy.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PMDL mdl;
|
|
PMDL nextMdl;
|
|
|
|
mdl = Irp->MdlAddress;
|
|
Irp->MdlAddress = NULL;
|
|
|
|
while( mdl != NULL ) {
|
|
|
|
nextMdl = mdl->Next;
|
|
MmUnlockPages( mdl );
|
|
IoFreeMdl( mdl );
|
|
mdl = nextMdl;
|
|
|
|
}
|
|
|
|
} // AfdDestroyMdlChain
|
|
|
|
|
|
ULONG
|
|
AfdCalcBufferArrayByteLength(
|
|
IN LPWSABUF BufferArray,
|
|
IN ULONG BufferCount
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Calculates the total size (in bytes) of the buffers described by the
|
|
specified WSABUF array.
|
|
|
|
Arguments:
|
|
|
|
BufferArray - Points to an array of WSABUF structures.
|
|
|
|
BufferCount - The number of entries in BufferArray.
|
|
|
|
Return Value:
|
|
|
|
ULONG - The total size (in bytes) of the buffers described by the
|
|
WSABUF array. Will raise an exception & return -1 if the total
|
|
size is obviously too large.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
LARGE_INTEGER totalLength;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
ASSERT( BufferCount <= (MAXULONG/sizeof (WSABUF)));
|
|
|
|
|
|
//
|
|
// Scan the array & sum the lengths.
|
|
//
|
|
|
|
totalLength.QuadPart = 0;
|
|
|
|
while( BufferCount-- ) {
|
|
|
|
totalLength.QuadPart += (LONGLONG)BufferArray->len;
|
|
BufferArray++;
|
|
|
|
}
|
|
|
|
if( totalLength.HighPart != 0 ||
|
|
( totalLength.LowPart & 0x80000000 ) != 0 ) {
|
|
ExRaiseAccessViolation();
|
|
}
|
|
|
|
return totalLength.LowPart;
|
|
|
|
} // AfdCalcBufferArrayByteLength
|
|
|
|
|
|
ULONG
|
|
AfdCopyBufferArrayToBuffer(
|
|
IN PVOID Destination,
|
|
IN ULONG DestinationLength,
|
|
IN LPWSABUF BufferArray,
|
|
IN ULONG BufferCount
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copies data from a WSABUF array to a linear buffer.
|
|
|
|
Arguments:
|
|
|
|
Destination - Points to the linear destination of the data.
|
|
|
|
DestinationLength - The length of Destination.
|
|
|
|
BufferArray - Points to an array of WSABUF structures describing the
|
|
source for the copy.
|
|
|
|
BufferCount - The number of entries in BufferArray.
|
|
|
|
Return Value:
|
|
|
|
ULONG - The number of bytes copied.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PVOID destinationStart;
|
|
ULONG bytesToCopy;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( Destination != NULL );
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
|
|
//
|
|
// Remember this so we can calc number of bytes copied.
|
|
//
|
|
|
|
destinationStart = Destination;
|
|
|
|
//
|
|
// Scan the array & copy to the linear buffer.
|
|
//
|
|
|
|
while( BufferCount-- && DestinationLength > 0 ) {
|
|
WSABUF Buffer = *BufferArray++;
|
|
|
|
bytesToCopy = min( DestinationLength, Buffer.len );
|
|
|
|
if( ExGetPreviousMode() != KernelMode ) {
|
|
|
|
ProbeForRead(
|
|
Buffer.buf, // Address
|
|
bytesToCopy, // Length
|
|
sizeof(UCHAR) // Alignment
|
|
);
|
|
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
Destination,
|
|
Buffer.buf,
|
|
bytesToCopy
|
|
);
|
|
|
|
Destination = (PCHAR)Destination + bytesToCopy;
|
|
DestinationLength -= bytesToCopy;
|
|
|
|
}
|
|
|
|
//
|
|
// Return number of bytes copied.
|
|
//
|
|
|
|
return (ULONG)((PUCHAR)Destination - (PUCHAR)destinationStart);
|
|
|
|
} // AfdCopyBufferArrayToBuffer
|
|
|
|
|
|
ULONG
|
|
AfdCopyBufferToBufferArray(
|
|
IN LPWSABUF BufferArray,
|
|
IN ULONG Offset,
|
|
IN ULONG BufferCount,
|
|
IN PVOID Source,
|
|
IN ULONG SourceLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copies data from a linear buffer to a WSABUF array.
|
|
|
|
Arguments:
|
|
|
|
BufferArray - Points to an array of WSABUF structures describing the
|
|
destination for the copy.
|
|
|
|
Offset - An offset within the buffer array at which the data should
|
|
be copied.
|
|
|
|
BufferCount - The number of entries in BufferArray.
|
|
|
|
Source - Points to the linear source of the data.
|
|
|
|
SourceLength - The length of Source.
|
|
|
|
Return Value:
|
|
|
|
ULONG - The number of bytes copied.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PVOID sourceStart;
|
|
ULONG bytesToCopy;
|
|
WSABUF buffer;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
ASSERT( Source != NULL );
|
|
ASSERT( SourceLength > 0 );
|
|
|
|
//
|
|
// Remember this so we can return the number of bytes copied.
|
|
//
|
|
|
|
sourceStart = Source;
|
|
|
|
//
|
|
// Handle the offset if one was specified.
|
|
//
|
|
|
|
if( Offset > 0 ) {
|
|
|
|
//
|
|
// Skip whole entries if necessary.
|
|
//
|
|
|
|
while( BufferCount > 0 &&
|
|
(buffer=*BufferArray++, Offset >= buffer.len) ) {
|
|
|
|
Offset -= buffer.len;
|
|
BufferCount--;
|
|
|
|
}
|
|
|
|
if( BufferCount > 0 ) {
|
|
//
|
|
// If we have buffers left, fix up the buffer pointer
|
|
// and length to keep the loop below fast.
|
|
//
|
|
|
|
ASSERT( Offset < buffer.len );
|
|
|
|
buffer.buf += Offset;
|
|
buffer.len -= Offset;
|
|
|
|
//
|
|
// We have already copied buffer array element, so jump
|
|
// to the body of the loop to avoid doing this again (this
|
|
// is not a mere optimization, but protection from application
|
|
// that plays tricks on us by changing content of the buffer
|
|
// array while we are looking at it).
|
|
//
|
|
goto DoCopy;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Scan the array & copy from the linear buffer.
|
|
//
|
|
|
|
while( BufferCount-->0 && SourceLength > 0 ) {
|
|
buffer = *BufferArray++;
|
|
|
|
DoCopy:
|
|
|
|
bytesToCopy = min( SourceLength, buffer.len );
|
|
|
|
if( ExGetPreviousMode() != KernelMode ) {
|
|
|
|
ProbeForWrite(
|
|
buffer.buf, // Address
|
|
bytesToCopy, // Length
|
|
sizeof(UCHAR) // Alignment
|
|
);
|
|
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
buffer.buf,
|
|
Source,
|
|
bytesToCopy
|
|
);
|
|
|
|
Source = (PCHAR)Source + bytesToCopy;
|
|
SourceLength -= bytesToCopy;
|
|
|
|
}
|
|
|
|
//
|
|
// Return number of bytes copied.
|
|
//
|
|
|
|
return (ULONG)((PUCHAR)Source - (PUCHAR)sourceStart);
|
|
|
|
} // AfdCopyBufferToBufferArray
|
|
|
|
|
|
ULONG
|
|
AfdCopyMdlChainToBufferArray(
|
|
IN LPWSABUF BufferArray,
|
|
IN ULONG BufferOffset,
|
|
IN ULONG BufferCount,
|
|
IN PMDL SourceMdl,
|
|
IN ULONG SourceOffset,
|
|
IN ULONG SourceLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copies data from a MDL chain to a WSABUF array.
|
|
|
|
Arguments:
|
|
|
|
BufferArray - Points to an array of WSABUF structures describing the
|
|
destination for the copy.
|
|
|
|
BufferOffset - An offset within the buffer array at which the data should
|
|
be copied.
|
|
|
|
BufferCount - The number of entries in BufferArray.
|
|
|
|
Source - Points to the MDL chain with data
|
|
|
|
SourceOffset - An offset within the MDL chain from which the data should
|
|
be copied.
|
|
|
|
SourceLength - The length of Source.
|
|
|
|
Return Value:
|
|
|
|
ULONG - The number of bytes copied.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
ULONG bytesCopied;
|
|
ULONG bytesToCopy, len;
|
|
WSABUF buffer;
|
|
|
|
PAGED_CODE( );
|
|
|
|
//
|
|
// Assume we can copy everything.
|
|
//
|
|
|
|
bytesCopied = SourceLength;
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( BufferArray != NULL );
|
|
ASSERT( BufferCount > 0 );
|
|
ASSERT( SourceMdl != NULL );
|
|
ASSERT( SourceLength>0 );
|
|
|
|
//
|
|
// Skip offset into the MDL chain
|
|
//
|
|
while (SourceOffset>=MmGetMdlByteCount (SourceMdl)) {
|
|
SourceOffset -= MmGetMdlByteCount (SourceMdl);
|
|
SourceMdl = SourceMdl->Next;
|
|
}
|
|
|
|
//
|
|
// Handle buffer array offset if specified
|
|
//
|
|
if (BufferOffset>0) {
|
|
//
|
|
// Skip whole entries.
|
|
//
|
|
|
|
while( BufferCount > 0 &&
|
|
(buffer=*BufferArray++,BufferOffset >= buffer.len) ) {
|
|
BufferOffset -= buffer.len;
|
|
BufferCount--;
|
|
}
|
|
|
|
if( BufferCount>0 ) {
|
|
//
|
|
// If we have buffers left, fix up the buffer pointer
|
|
// and length to keep the loop below fast.
|
|
//
|
|
|
|
ASSERT (BufferOffset < buffer.len);
|
|
buffer.buf += BufferOffset;
|
|
buffer.len -= BufferOffset;
|
|
|
|
//
|
|
// We have already copied buffer array element, so jump
|
|
// to the body of the loop to avoid doing this again (this
|
|
// is not a mere optimization, but protection from application
|
|
// that plays tricks on us by changing content of the buffer
|
|
// array while we are looking at it).
|
|
//
|
|
|
|
goto DoCopy;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// Scan the array & copy from the mdl chain.
|
|
//
|
|
|
|
while (SourceLength>0 && BufferCount-->0) {
|
|
buffer = *BufferArray++;
|
|
|
|
DoCopy:
|
|
bytesToCopy = min( SourceLength, buffer.len );
|
|
|
|
if( ExGetPreviousMode() != KernelMode ) {
|
|
|
|
ProbeForWrite(
|
|
buffer.buf, // Address
|
|
bytesToCopy, // Length
|
|
sizeof(UCHAR) // Alignment
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Update source length for data we are going to copy
|
|
//
|
|
SourceLength -= bytesToCopy;
|
|
|
|
//
|
|
// Copy full source MDLs
|
|
//
|
|
while (bytesToCopy>0 &&
|
|
(bytesToCopy>=(len=MmGetMdlByteCount (SourceMdl)-SourceOffset))) {
|
|
ASSERT (SourceMdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL));
|
|
RtlCopyMemory (buffer.buf,
|
|
(PUCHAR)MmGetSystemAddressForMdl(SourceMdl)+SourceOffset,
|
|
len);
|
|
bytesToCopy -= len;
|
|
buffer.buf += len;
|
|
SourceMdl = SourceMdl->Next;
|
|
SourceOffset = 0;
|
|
}
|
|
|
|
//
|
|
// Copy partial source MDL if space remains.
|
|
//
|
|
if (bytesToCopy>0) {
|
|
ASSERT (bytesToCopy<MmGetMdlByteCount (SourceMdl)-SourceOffset);
|
|
ASSERT (SourceMdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL));
|
|
RtlCopyMemory (buffer.buf,
|
|
(PUCHAR)MmGetSystemAddressForMdl (SourceMdl)+SourceOffset,
|
|
bytesToCopy
|
|
);
|
|
SourceOffset += bytesToCopy;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Return number of bytes copied except for those we couldn't.
|
|
//
|
|
|
|
return bytesCopied-SourceLength;
|
|
|
|
} // AfdCopyMdlChainToBufferArray
|
|
|
|
|
|
NTSTATUS
|
|
AfdCopyMdlChainToBufferAvoidMapping(
|
|
IN PMDL SrcMdl,
|
|
IN ULONG SrcOffset,
|
|
IN ULONG SrcLength,
|
|
IN PUCHAR Dst,
|
|
IN ULONG DstSize
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copies data from a MDL chain to a buffer and avoids mapping
|
|
MDLs to system space if possible.
|
|
|
|
Arguments:
|
|
|
|
Dst - Points to destination for the copy.
|
|
|
|
DstSize - Size of the buffer
|
|
|
|
Source - Points to the MDL chain with data
|
|
|
|
SourceOffset - An offset within the MDL chain from which the data should
|
|
be copied.
|
|
|
|
SourceLength - The length of Source.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - success if everything was copied OK
|
|
STATUS_INSUFFICIENT_RESOURCES - mapping failed
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
NTSTATUS status = STATUS_SUCCESS;
|
|
ULONG bytesToCopy;
|
|
PUCHAR DstEnd = Dst+DstSize;
|
|
|
|
PAGED_CODE( );
|
|
|
|
|
|
//
|
|
// Sanity check.
|
|
//
|
|
|
|
ASSERT( Dst != NULL );
|
|
ASSERT( DstSize > 0 );
|
|
ASSERT( SrcMdl != NULL );
|
|
ASSERT( SrcLength>0 );
|
|
|
|
//
|
|
// Skip offset into the MDL chain
|
|
//
|
|
while (SrcOffset>=MmGetMdlByteCount (SrcMdl)) {
|
|
SrcOffset -= MmGetMdlByteCount (SrcMdl);
|
|
SrcMdl = SrcMdl->Next;
|
|
}
|
|
|
|
while (Dst<DstEnd) {
|
|
//
|
|
// Determine how much we can copy and m
|
|
// ake sure not to exceed limits.
|
|
//
|
|
bytesToCopy = MmGetMdlByteCount(SrcMdl)-SrcOffset;
|
|
ASSERT (bytesToCopy<=(ULONG)(DstEnd-Dst));
|
|
if (bytesToCopy>SrcLength) {
|
|
bytesToCopy = SrcLength;
|
|
}
|
|
|
|
if (SrcMdl->Process==IoGetCurrentProcess ()) {
|
|
//
|
|
// If we are in the context of the same process that
|
|
// MDL was created for, copy using VAs.
|
|
//
|
|
try {
|
|
RtlCopyMemory (
|
|
Dst,
|
|
(PUCHAR)MmGetMdlVirtualAddress (SrcMdl)+SrcOffset,
|
|
bytesToCopy
|
|
);
|
|
}
|
|
except (AFD_EXCEPTION_FILTER (&status)) {
|
|
return status;
|
|
}
|
|
}
|
|
else {
|
|
//
|
|
// Otherwise, map MDL into the system space.
|
|
//
|
|
PCHAR src = MmGetSystemAddressForMdlSafe (SrcMdl, LowPagePriority);
|
|
if (!src)
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
RtlCopyMemory (
|
|
Dst,
|
|
src+SrcOffset,
|
|
bytesToCopy
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Update source length for data we are going to copy
|
|
//
|
|
SrcLength -= bytesToCopy;
|
|
if (SrcLength==0)
|
|
return STATUS_SUCCESS;
|
|
SrcMdl = SrcMdl->Next;
|
|
SrcOffset = 0;
|
|
|
|
Dst += bytesToCopy;
|
|
}
|
|
|
|
return STATUS_BUFFER_OVERFLOW;
|
|
|
|
} // AfdCopyMdlChainToBufferAvoidMapping
|
|
|
|
NTSTATUS
|
|
AfdMapMdlChain (
|
|
PMDL MdlChain
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Makes sure that eveyr MDL in the chains is mapped into
|
|
the system address space.
|
|
|
|
Arguments:
|
|
|
|
MdlChain - Destination MDL.
|
|
|
|
|
|
Return Value:
|
|
STATUS_SUCCESS - MDL chain is fully mapped
|
|
STATUS_INSUFFICIENT_RESOURCES - at least one MDL could not be mapped
|
|
|
|
--*/
|
|
{
|
|
while (MdlChain!=NULL) {
|
|
if (MmGetSystemAddressForMdlSafe(MdlChain, LowPagePriority)==NULL) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
MdlChain = MdlChain->Next;
|
|
}
|
|
return STATUS_SUCCESS;
|
|
} // AfdMapMdlChain
|
|
|
|
|
|
NTSTATUS
|
|
AfdCopyMdlChainToMdlChain (
|
|
PMDL DstMdl,
|
|
ULONG DstOffset,
|
|
PMDL SrcMdl,
|
|
ULONG SrcOffset,
|
|
ULONG SrcLength,
|
|
PULONG BytesCopied
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copies data from an MDL chain to an MDL chain.
|
|
|
|
Arguments:
|
|
|
|
DstMdl - Destination MDL.
|
|
|
|
DstOffset - Offset withih the destination MDL.
|
|
|
|
SrcMdl - Source MDL.
|
|
|
|
SrcOffset - Offset within the source.
|
|
|
|
SrcLength - lenght of the data in the source chain
|
|
|
|
BytesCopied - points to variable that received total number
|
|
of bytes actually copied
|
|
|
|
Return Value:
|
|
STATUS_SUCCESS - all of the source data was copied
|
|
STATUS_BUFFER_OVERFLOW - destination MDL was not long enough
|
|
to hold all of the source data.
|
|
|
|
--*/
|
|
{
|
|
ULONG bytesToCopy = 0, len;
|
|
PUCHAR dst;
|
|
|
|
ASSERT( SrcMdl != NULL );
|
|
ASSERT( DstMdl != NULL );
|
|
|
|
//
|
|
// Assume we can copy everything.
|
|
//
|
|
*BytesCopied = SrcLength;
|
|
|
|
//
|
|
// Skip full MDLs in source.
|
|
//
|
|
while ((SrcMdl!=NULL) && (SrcOffset>=MmGetMdlByteCount (SrcMdl))) {
|
|
SrcOffset -= MmGetMdlByteCount (SrcMdl);
|
|
SrcMdl = SrcMdl->Next;
|
|
}
|
|
|
|
//
|
|
// Skip full MDLs in destination
|
|
//
|
|
while ((DstMdl!=NULL) && (DstOffset>=MmGetMdlByteCount (DstMdl))) {
|
|
DstOffset -= MmGetMdlByteCount (DstMdl);
|
|
DstMdl = DstMdl->Next;
|
|
}
|
|
|
|
//
|
|
// Handle remaining destination offset separately to simplify the main loop.
|
|
//
|
|
if (DstOffset>0) {
|
|
dst = MmGetSystemAddressForMdlSafe (DstMdl, LowPagePriority);
|
|
if (dst==NULL)
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
dst += DstOffset;
|
|
bytesToCopy = MmGetMdlByteCount(DstMdl)-DstOffset;
|
|
goto DoCopy;
|
|
}
|
|
|
|
//
|
|
// For each MDL in destination copy source MDLs
|
|
// while source data and free space in destination remain
|
|
//
|
|
while ((SrcLength>0) && (DstMdl!=NULL)) {
|
|
dst = MmGetSystemAddressForMdlSafe (DstMdl, LowPagePriority);
|
|
if (dst==NULL)
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
bytesToCopy = MmGetMdlByteCount(DstMdl);
|
|
DoCopy:
|
|
|
|
bytesToCopy = min (SrcLength, bytesToCopy);
|
|
|
|
//
|
|
// Adjust source length
|
|
//
|
|
SrcLength -= bytesToCopy;
|
|
|
|
//
|
|
// Copy full source MDLs
|
|
//
|
|
while (bytesToCopy>0 &&
|
|
(bytesToCopy>=(len=MmGetMdlByteCount (SrcMdl)-SrcOffset))) {
|
|
ASSERT (SrcMdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL));
|
|
RtlCopyMemory (dst,
|
|
(PUCHAR)MmGetSystemAddressForMdl(SrcMdl)+SrcOffset,
|
|
len);
|
|
bytesToCopy -= len;
|
|
dst += len;
|
|
SrcMdl = SrcMdl->Next;
|
|
SrcOffset = 0;
|
|
}
|
|
|
|
|
|
//
|
|
// Copy partial source MDL if space remains
|
|
//
|
|
if (bytesToCopy>0) {
|
|
ASSERT (bytesToCopy<MmGetMdlByteCount (SrcMdl)-SrcOffset);
|
|
ASSERT (SrcMdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL));
|
|
RtlCopyMemory (dst,
|
|
(PUCHAR)MmGetSystemAddressForMdl (SrcMdl)+SrcOffset,
|
|
bytesToCopy
|
|
);
|
|
SrcOffset += bytesToCopy;
|
|
}
|
|
|
|
|
|
//
|
|
// Advance to next MDL in destination
|
|
//
|
|
DstMdl = DstMdl->Next;
|
|
|
|
}
|
|
|
|
//
|
|
// If we copied everything, return success
|
|
//
|
|
if (SrcLength==0) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
else {
|
|
//
|
|
// Otherwise, adjust for number of bytes not copied
|
|
// and return destination overflow
|
|
//
|
|
*BytesCopied -= SrcLength;
|
|
return STATUS_BUFFER_OVERFLOW;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#if DBG
|
|
|
|
VOID
|
|
AfdAssert(
|
|
IN PVOID FailedAssertion,
|
|
IN PVOID FileName,
|
|
IN ULONG LineNumber,
|
|
IN PCHAR Message OPTIONAL
|
|
)
|
|
{
|
|
|
|
if( AfdUsePrivateAssert ) {
|
|
|
|
DbgPrint(
|
|
"\n*** Assertion failed: %s%s\n*** Source File: %s, line %ld\n\n",
|
|
Message
|
|
? Message
|
|
: "",
|
|
FailedAssertion,
|
|
FileName,
|
|
LineNumber
|
|
);
|
|
|
|
DbgBreakPoint();
|
|
|
|
} else {
|
|
|
|
RtlAssert(
|
|
FailedAssertion,
|
|
FileName,
|
|
LineNumber,
|
|
Message
|
|
);
|
|
|
|
}
|
|
|
|
} // AfdAssert
|
|
#endif // DBG
|
|
|
|
|
|
NTSTATUS
|
|
FASTCALL
|
|
AfdSetQos(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine sets the QOS for the given endpoint. Note that, since
|
|
we don't really (yet) support QOS, we just ignore the incoming
|
|
data and issue a AFD_POLL_QOS or AFD_POLL_GROUP_QOS event as
|
|
appropriate.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_QOS_INFO qosInfo;
|
|
NTSTATUS status = STATUS_SUCCESS;
|
|
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (Irp)) {
|
|
status = AfdSetQos32 (Irp, IrpSp);
|
|
goto Complete;
|
|
}
|
|
#endif
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
qosInfo = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
//
|
|
// Make sure that the input buffer is large enough.
|
|
//
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
sizeof(*qosInfo) ) {
|
|
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// If the incoming data doesn't match the default QOS,
|
|
// indicate the appropriate event.
|
|
//
|
|
|
|
if( !RtlEqualMemory(
|
|
&qosInfo->Qos,
|
|
&AfdDefaultQos,
|
|
sizeof(QOS)
|
|
) ) {
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
AfdIndicateEventSelectEvent(
|
|
endpoint,
|
|
qosInfo->GroupQos
|
|
? AFD_POLL_GROUP_QOS
|
|
: AFD_POLL_QOS,
|
|
STATUS_SUCCESS
|
|
);
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
AfdIndicatePollEvent(
|
|
endpoint,
|
|
qosInfo->GroupQos
|
|
? AFD_POLL_GROUP_QOS
|
|
: AFD_POLL_QOS,
|
|
STATUS_SUCCESS
|
|
);
|
|
|
|
}
|
|
|
|
Complete:
|
|
//
|
|
// Complete the IRP.
|
|
//
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
Irp->IoStatus.Status = status;
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
|
|
return status;
|
|
|
|
} // AfdSetQos
|
|
|
|
|
|
NTSTATUS
|
|
FASTCALL
|
|
AfdGetQos(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine gets the QOS for the given endpoint.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_QOS_INFO qosInfo;
|
|
NTSTATUS status = STATUS_SUCCESS;
|
|
|
|
PAGED_CODE();
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (Irp)) {
|
|
status = AfdGetQos32 (Irp, IrpSp);
|
|
goto Complete;
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
qosInfo = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
//
|
|
// Make sure that the output buffer is large enough.
|
|
//
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
|
|
sizeof(*qosInfo) ) {
|
|
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// Just return the default data.
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
&qosInfo->Qos,
|
|
&AfdDefaultQos,
|
|
sizeof(QOS)
|
|
);
|
|
Irp->IoStatus.Information = sizeof(*qosInfo);
|
|
|
|
Complete:
|
|
//
|
|
// Complete the IRP.
|
|
//
|
|
|
|
Irp->IoStatus.Status = status;
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
return status;
|
|
|
|
} // AfdGetQos
|
|
|
|
|
|
#ifdef _WIN64
|
|
NTSTATUS
|
|
AfdSetQos32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine sets the QOS for the given endpoint. Note that, since
|
|
we don't really (yet) support QOS, we just ignore the incoming
|
|
data and issue a AFD_POLL_QOS or AFD_POLL_GROUP_QOS event as
|
|
appropriate.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_QOS_INFO32 qosInfo;
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
qosInfo = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
//
|
|
// Make sure that the input buffer is large enough.
|
|
//
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
sizeof(*qosInfo) ) {
|
|
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
|
|
}
|
|
|
|
//
|
|
// If the incoming data doesn't match the default QOS,
|
|
// indicate the appropriate event.
|
|
//
|
|
|
|
if( !RtlEqualMemory(
|
|
&qosInfo->Qos,
|
|
&AfdDefaultQos32,
|
|
sizeof(QOS32)
|
|
) ) {
|
|
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
AfdAcquireSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
AfdIndicateEventSelectEvent(
|
|
endpoint,
|
|
qosInfo->GroupQos
|
|
? AFD_POLL_GROUP_QOS
|
|
: AFD_POLL_QOS,
|
|
STATUS_SUCCESS
|
|
);
|
|
AfdReleaseSpinLock (&endpoint->SpinLock, &lockHandle);
|
|
AfdIndicatePollEvent(
|
|
endpoint,
|
|
qosInfo->GroupQos
|
|
? AFD_POLL_GROUP_QOS
|
|
: AFD_POLL_QOS,
|
|
STATUS_SUCCESS
|
|
);
|
|
|
|
}
|
|
|
|
//
|
|
// Complete the IRP.
|
|
//
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdSetQos
|
|
|
|
|
|
NTSTATUS
|
|
AfdGetQos32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine gets the QOS for the given endpoint.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_QOS_INFO32 qosInfo;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
qosInfo = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
//
|
|
// Make sure that the output buffer is large enough.
|
|
//
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
|
|
sizeof(*qosInfo) ) {
|
|
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
|
|
}
|
|
|
|
//
|
|
// Just return the default data.
|
|
//
|
|
|
|
RtlCopyMemory(
|
|
&qosInfo->Qos,
|
|
&AfdDefaultQos32,
|
|
sizeof(QOS32)
|
|
);
|
|
|
|
//
|
|
// Complete the IRP.
|
|
//
|
|
|
|
Irp->IoStatus.Information = sizeof(*qosInfo);
|
|
return STATUS_SUCCESS;
|
|
|
|
} // AfdGetQos32
|
|
#endif // _WIN64
|
|
|
|
NTSTATUS
|
|
AfdValidateStatus (
|
|
NTSTATUS Status
|
|
)
|
|
{
|
|
PAGED_CODE ();
|
|
//
|
|
// Validate the status code.
|
|
// It must match the status code conversion algorithm in msafd.
|
|
//
|
|
switch (Status) {
|
|
case STATUS_SUCCESS:
|
|
// return NO_ERROR;
|
|
|
|
case STATUS_INVALID_HANDLE:
|
|
case STATUS_OBJECT_TYPE_MISMATCH:
|
|
// return WSAENOTSOCK;
|
|
|
|
case STATUS_INSUFFICIENT_RESOURCES:
|
|
case STATUS_PAGEFILE_QUOTA:
|
|
case STATUS_COMMITMENT_LIMIT:
|
|
case STATUS_WORKING_SET_QUOTA:
|
|
case STATUS_NO_MEMORY:
|
|
case STATUS_CONFLICTING_ADDRESSES:
|
|
case STATUS_QUOTA_EXCEEDED:
|
|
case STATUS_TOO_MANY_PAGING_FILES:
|
|
case STATUS_REMOTE_RESOURCES:
|
|
case STATUS_TOO_MANY_ADDRESSES:
|
|
// return WSAENOBUFS;
|
|
|
|
case STATUS_SHARING_VIOLATION:
|
|
case STATUS_ADDRESS_ALREADY_EXISTS:
|
|
// return WSAEADDRINUSE;
|
|
|
|
case STATUS_LINK_TIMEOUT:
|
|
case STATUS_IO_TIMEOUT:
|
|
case STATUS_TIMEOUT:
|
|
// return WSAETIMEDOUT;
|
|
|
|
case STATUS_GRACEFUL_DISCONNECT:
|
|
// return WSAEDISCON;
|
|
|
|
case STATUS_REMOTE_DISCONNECT:
|
|
case STATUS_CONNECTION_RESET:
|
|
case STATUS_LINK_FAILED:
|
|
case STATUS_CONNECTION_DISCONNECTED:
|
|
case STATUS_PORT_UNREACHABLE:
|
|
// return WSAECONNRESET;
|
|
|
|
case STATUS_LOCAL_DISCONNECT:
|
|
case STATUS_TRANSACTION_ABORTED:
|
|
case STATUS_CONNECTION_ABORTED:
|
|
// return WSAECONNABORTED;
|
|
|
|
case STATUS_BAD_NETWORK_PATH:
|
|
case STATUS_NETWORK_UNREACHABLE:
|
|
case STATUS_PROTOCOL_UNREACHABLE:
|
|
// return WSAENETUNREACH;
|
|
|
|
case STATUS_HOST_UNREACHABLE:
|
|
// return WSAEHOSTUNREACH;
|
|
case STATUS_HOST_DOWN:
|
|
// return WSAEHOSTDOWN;
|
|
|
|
case STATUS_CANCELLED:
|
|
case STATUS_REQUEST_ABORTED:
|
|
// return WSAEINTR;
|
|
|
|
case STATUS_BUFFER_OVERFLOW:
|
|
case STATUS_INVALID_BUFFER_SIZE:
|
|
// return WSAEMSGSIZE;
|
|
|
|
case STATUS_BUFFER_TOO_SMALL:
|
|
case STATUS_ACCESS_VIOLATION:
|
|
// return WSAEFAULT;
|
|
|
|
// case STATUS_DEVICE_NOT_READY:
|
|
// case STATUS_REQUEST_NOT_ACCEPTED:
|
|
// return WSAEWOULDBLOCK;
|
|
|
|
case STATUS_INVALID_NETWORK_RESPONSE:
|
|
case STATUS_NETWORK_BUSY:
|
|
case STATUS_NO_SUCH_DEVICE:
|
|
case STATUS_NO_SUCH_FILE:
|
|
case STATUS_OBJECT_PATH_NOT_FOUND:
|
|
case STATUS_OBJECT_NAME_NOT_FOUND:
|
|
case STATUS_UNEXPECTED_NETWORK_ERROR:
|
|
// return WSAENETDOWN;
|
|
|
|
case STATUS_INVALID_CONNECTION:
|
|
// return WSAENOTCONN;
|
|
|
|
case STATUS_REMOTE_NOT_LISTENING:
|
|
case STATUS_CONNECTION_REFUSED:
|
|
// return WSAECONNREFUSED;
|
|
|
|
case STATUS_PIPE_DISCONNECTED:
|
|
// return WSAESHUTDOWN;
|
|
|
|
case STATUS_INVALID_ADDRESS:
|
|
case STATUS_INVALID_ADDRESS_COMPONENT:
|
|
// return WSAEADDRNOTAVAIL;
|
|
|
|
case STATUS_NOT_SUPPORTED:
|
|
case STATUS_NOT_IMPLEMENTED:
|
|
// return WSAEOPNOTSUPP;
|
|
|
|
case STATUS_ACCESS_DENIED:
|
|
// return WSAEACCES;
|
|
case STATUS_CONNECTION_ACTIVE:
|
|
// return WSAEISCONN;
|
|
break;
|
|
case STATUS_UNSUCCESSFUL:
|
|
case STATUS_INVALID_PARAMETER:
|
|
case STATUS_ADDRESS_CLOSED:
|
|
case STATUS_CONNECTION_INVALID:
|
|
case STATUS_ADDRESS_ALREADY_ASSOCIATED:
|
|
case STATUS_ADDRESS_NOT_ASSOCIATED:
|
|
case STATUS_INVALID_DEVICE_STATE:
|
|
case STATUS_INVALID_DEVICE_REQUEST:
|
|
// return WSAEINVAL;
|
|
break;
|
|
default:
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AfdValidateStatus: Unsupported status code %lx, converting to %lx(INVALID_PARAMETER)\n",
|
|
Status,
|
|
STATUS_INVALID_PARAMETER));
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
break;
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
FASTCALL
|
|
AfdNoOperation(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine does nothing but complete the IRP.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (Irp)) {
|
|
status = AfdNoOperation32 (Irp, IrpSp);
|
|
goto Complete;
|
|
}
|
|
#endif
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
|
|
//
|
|
// Assume success
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
|
|
if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength
|
|
>= sizeof (IO_STATUS_BLOCK)) {
|
|
try {
|
|
if (Irp->RequestorMode!=KernelMode) {
|
|
ProbeForRead (IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
|
|
sizeof (IO_STATUS_BLOCK),
|
|
PROBE_ALIGNMENT(IO_STATUS_BLOCK))
|
|
}
|
|
|
|
//
|
|
// Copy the status block
|
|
//
|
|
Irp->IoStatus
|
|
= *((PIO_STATUS_BLOCK)IrpSp->Parameters.DeviceIoControl.Type3InputBuffer);
|
|
Irp->IoStatus.Status = AfdValidateStatus (Irp->IoStatus.Status);
|
|
}
|
|
except (AFD_EXCEPTION_FILTER(&status)) {
|
|
//
|
|
// Fail the call, no completion notification
|
|
// should be delivered via async IO.
|
|
//
|
|
Irp->IoStatus.Status = status;
|
|
Irp->IoStatus.Information = 0;
|
|
}
|
|
}
|
|
else {
|
|
Irp->IoStatus.Status = STATUS_SUCCESS;
|
|
Irp->IoStatus.Information = 0;
|
|
}
|
|
|
|
#ifdef _WIN64
|
|
Complete:
|
|
#endif
|
|
|
|
if (status==STATUS_SUCCESS && Irp->IoStatus.Status!=STATUS_SUCCESS) {
|
|
//
|
|
// Make sure we deliver error via async IO
|
|
// operation instead of just failing this call itself.
|
|
//
|
|
IoMarkIrpPending (Irp);
|
|
status = STATUS_PENDING;
|
|
}
|
|
else {
|
|
ASSERT (status==Irp->IoStatus.Status);
|
|
}
|
|
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
return status;
|
|
|
|
} // AfdNoOperation
|
|
|
|
|
|
#ifdef _WIN64
|
|
NTSTATUS
|
|
AfdNoOperation32(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine does nothing but complete the IRP.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
|
|
//
|
|
// Assume success
|
|
//
|
|
status = STATUS_SUCCESS;
|
|
if ( IrpSp->Parameters.DeviceIoControl.InputBufferLength
|
|
>= sizeof (IO_STATUS_BLOCK32)) {
|
|
try {
|
|
if (Irp->RequestorMode!=KernelMode) {
|
|
ProbeForRead (IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
|
|
sizeof (IO_STATUS_BLOCK32),
|
|
PROBE_ALIGNMENT32(IO_STATUS_BLOCK32))
|
|
}
|
|
|
|
Irp->IoStatus.Status
|
|
= ((PIO_STATUS_BLOCK32)IrpSp->Parameters.DeviceIoControl.Type3InputBuffer)->Status;
|
|
Irp->IoStatus.Information
|
|
= ((PIO_STATUS_BLOCK32)IrpSp->Parameters.DeviceIoControl.Type3InputBuffer)->Information;
|
|
//
|
|
// Validate the status code.
|
|
// It must match the status code conversion algorithm in msafd.
|
|
//
|
|
Irp->IoStatus.Status = AfdValidateStatus (Irp->IoStatus.Status);
|
|
}
|
|
except (AFD_EXCEPTION_FILTER(&status)) {
|
|
//
|
|
// Fail the call, no completion notification
|
|
// should be delivered via async IO.
|
|
//
|
|
Irp->IoStatus.Status = status;
|
|
Irp->IoStatus.Information = 0;
|
|
}
|
|
}
|
|
else {
|
|
Irp->IoStatus.Status = STATUS_SUCCESS;
|
|
Irp->IoStatus.Information = 0;
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdNoOperation32
|
|
#endif //_WIN64
|
|
|
|
NTSTATUS
|
|
FASTCALL
|
|
AfdValidateGroup(
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine examines a group ID. If the ID is for a "constrained"
|
|
group, then all endpoints are scanned to validate the given address
|
|
is consistent with the constrained group.
|
|
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to I/O request packet.
|
|
|
|
IrpSp - pointer to the IO stack location to use for this request.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS -- Indicates whether the request was successfully queued.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_ENDPOINT compareEndpoint;
|
|
PAFD_CONNECTION connection;
|
|
PLIST_ENTRY listEntry;
|
|
PAFD_VALIDATE_GROUP_INFO validateInfo;
|
|
AFD_GROUP_TYPE groupType;
|
|
PTRANSPORT_ADDRESS requestAddress;
|
|
ULONG requestAddressLength;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
BOOLEAN result;
|
|
LONG groupId;
|
|
NTSTATUS status = STATUS_SUCCESS;
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
validateInfo = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
//
|
|
// Make sure that the input buffer is large enough.
|
|
//
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
sizeof(*validateInfo) ) {
|
|
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
if( validateInfo->RemoteAddress.TAAddressCount != 1 ) {
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
if( IrpSp->Parameters.DeviceIoControl.InputBufferLength <
|
|
( sizeof(*validateInfo) -
|
|
sizeof(TRANSPORT_ADDRESS) +
|
|
validateInfo->RemoteAddress.Address[0].AddressLength ) ) {
|
|
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// Start by referencing the group so it doesn't go away unexpectedly.
|
|
// This will also validate the group ID, and give us the group type.
|
|
//
|
|
|
|
groupId = validateInfo->GroupID;
|
|
|
|
if( !AfdReferenceGroup( groupId, &groupType ) ) {
|
|
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// If it's not a constrained group ID, we can just complete the IRP
|
|
// successfully right now.
|
|
//
|
|
|
|
if( groupType != GroupTypeConstrained ) {
|
|
|
|
AfdDereferenceGroup( validateInfo->GroupID );
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
status = STATUS_SUCCESS;
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// Calculate the size of the incoming TDI address.
|
|
//
|
|
|
|
requestAddress = &validateInfo->RemoteAddress;
|
|
|
|
requestAddressLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength -
|
|
sizeof(AFD_VALIDATE_GROUP_INFO) +
|
|
sizeof(TRANSPORT_ADDRESS);
|
|
|
|
//
|
|
// OK, it's a constrained group. Scan the list of constrained endpoints,
|
|
// find those that are either datagram endpoints or have associated
|
|
// connections, and validate the remote addresses.
|
|
//
|
|
|
|
result = TRUE;
|
|
|
|
//
|
|
// Make sure the thread in which we execute cannot get
|
|
// suspeneded in APC while we own the global resource.
|
|
//
|
|
KeEnterCriticalRegion ();
|
|
ExAcquireResourceSharedLite( AfdResource, TRUE );
|
|
|
|
for( listEntry = AfdConstrainedEndpointListHead.Flink ;
|
|
listEntry != &AfdConstrainedEndpointListHead ;
|
|
listEntry = listEntry->Flink ) {
|
|
|
|
compareEndpoint = CONTAINING_RECORD(
|
|
listEntry,
|
|
AFD_ENDPOINT,
|
|
ConstrainedEndpointListEntry
|
|
);
|
|
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( compareEndpoint ) );
|
|
ASSERT( compareEndpoint->GroupType == GroupTypeConstrained );
|
|
|
|
//
|
|
// Skip this endpoint if the group IDs don't match.
|
|
//
|
|
|
|
if( groupId != compareEndpoint->GroupID ) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
//
|
|
// If this is a datagram endpoint, check it's remote address.
|
|
//
|
|
|
|
if( IS_DGRAM_ENDPOINT( compareEndpoint ) ) {
|
|
|
|
AfdAcquireSpinLock( &compareEndpoint->SpinLock, &lockHandle );
|
|
|
|
if( compareEndpoint->Common.Datagram.RemoteAddress != NULL ) {
|
|
|
|
result = AfdCompareAddresses(
|
|
compareEndpoint->Common.Datagram.RemoteAddress,
|
|
compareEndpoint->Common.Datagram.RemoteAddressLength,
|
|
requestAddress,
|
|
requestAddressLength
|
|
);
|
|
|
|
}
|
|
|
|
AfdReleaseSpinLock( &compareEndpoint->SpinLock, &lockHandle );
|
|
|
|
if( !result ) {
|
|
break;
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// Not a datagram. If it's a connected endpoint, still has
|
|
// a connection object, and that object has a remote address,
|
|
// then compare the addresses.
|
|
//
|
|
|
|
AfdAcquireSpinLock( &compareEndpoint->SpinLock, &lockHandle );
|
|
|
|
connection = AFD_CONNECTION_FROM_ENDPOINT( compareEndpoint );
|
|
|
|
if( compareEndpoint->State == AfdEndpointStateConnected &&
|
|
connection != NULL ) {
|
|
|
|
REFERENCE_CONNECTION( connection );
|
|
|
|
if( connection->RemoteAddress != NULL ) {
|
|
|
|
result = AfdCompareAddresses(
|
|
connection->RemoteAddress,
|
|
connection->RemoteAddressLength,
|
|
requestAddress,
|
|
requestAddressLength
|
|
);
|
|
|
|
}
|
|
|
|
AfdReleaseSpinLock( &compareEndpoint->SpinLock, &lockHandle );
|
|
|
|
DEREFERENCE_CONNECTION( connection );
|
|
|
|
if( !result ) {
|
|
break;
|
|
}
|
|
|
|
} else {
|
|
|
|
AfdReleaseSpinLock( &compareEndpoint->SpinLock, &lockHandle );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ExReleaseResourceLite( AfdResource );
|
|
KeLeaveCriticalRegion ();
|
|
AfdDereferenceGroup( validateInfo->GroupID );
|
|
|
|
if( !result ) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Complete:
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
Irp->IoStatus.Status = status;
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
|
|
return status;
|
|
|
|
} // AfdValidateGroup
|
|
|
|
BOOLEAN
|
|
AfdCompareAddresses(
|
|
IN PTRANSPORT_ADDRESS Address1,
|
|
IN ULONG Address1Length,
|
|
IN PTRANSPORT_ADDRESS Address2,
|
|
IN ULONG Address2Length
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine compares two addresses in a special way to support
|
|
constrained socket groups. This routine will return TRUE if the
|
|
two addresses represent the same "interface". By "interface", I
|
|
mean something like an IP address or an IPX address. Note that for
|
|
some address types (such as IP) certain portions of the address
|
|
should be ignored (such as the port).
|
|
|
|
I really hate hard-coded knowledge of "select" address types, but
|
|
there's no easy way around it. Ideally, this should be the protocol
|
|
driver's responsibility. We could really use a standard "compare
|
|
these addresses" IOCTL in TDI.
|
|
|
|
Arguments:
|
|
|
|
Address1 - The first address.
|
|
|
|
Address1Length - The length of Address1.
|
|
|
|
Address2 - The second address.
|
|
|
|
Address2Length - The length of Address2.
|
|
|
|
Return Value:
|
|
|
|
BOOLEAN - TRUE if the addresses reference the same interface, FALSE
|
|
otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
USHORT addressType;
|
|
|
|
if (Address1Length!=Address2Length)
|
|
return FALSE;
|
|
|
|
if (Address1Length<(ULONG)FIELD_OFFSET (TRANSPORT_ADDRESS,Address[0].Address)) {
|
|
return FALSE;
|
|
}
|
|
addressType = Address1->Address[0].AddressType;
|
|
|
|
if( addressType != Address2->Address[0].AddressType ) {
|
|
|
|
//
|
|
// If they're not the same address type, they can't be the
|
|
// same address...
|
|
//
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
//
|
|
// Special case a few addresses.
|
|
//
|
|
|
|
switch( addressType ) {
|
|
|
|
case TDI_ADDRESS_TYPE_IP : {
|
|
|
|
TDI_ADDRESS_IP UNALIGNED * ip1;
|
|
TDI_ADDRESS_IP UNALIGNED * ip2;
|
|
|
|
ip1 = (PVOID)&Address1->Address[0].Address[0];
|
|
ip2 = (PVOID)&Address2->Address[0].Address[0];
|
|
|
|
//
|
|
// IP addresses. Compare the address portion (ignoring
|
|
// the port).
|
|
//
|
|
|
|
if( (Address1Length>=(ULONG)FIELD_OFFSET (TA_IP_ADDRESS, Address[0].Address[0].sin_zero)) &&
|
|
(ip1->in_addr == ip2->in_addr) ) {
|
|
return TRUE;
|
|
}
|
|
|
|
}
|
|
return FALSE;
|
|
|
|
case TDI_ADDRESS_TYPE_IP6 : {
|
|
|
|
TDI_ADDRESS_IP6 UNALIGNED * ip1;
|
|
TDI_ADDRESS_IP6 UNALIGNED * ip2;
|
|
|
|
ip1 = (PVOID)&Address1->Address[0].Address;
|
|
ip2 = (PVOID)&Address2->Address[0].Address;
|
|
|
|
//
|
|
// IPv6 addresses. Compare the address portion (ignoring
|
|
// the port and flow info).
|
|
//
|
|
|
|
if( (Address1Length>=sizeof (TA_IP6_ADDRESS)) &&
|
|
RtlEqualMemory(ip1->sin6_addr,
|
|
ip2->sin6_addr,
|
|
sizeof (ip1->sin6_addr)) ) {
|
|
return TRUE;
|
|
}
|
|
|
|
}
|
|
return FALSE;
|
|
case TDI_ADDRESS_TYPE_IPX : {
|
|
|
|
TDI_ADDRESS_IPX UNALIGNED * ipx1;
|
|
TDI_ADDRESS_IPX UNALIGNED * ipx2;
|
|
|
|
ipx1 = (PVOID)&Address1->Address[0].Address[0];
|
|
ipx2 = (PVOID)&Address2->Address[0].Address[0];
|
|
|
|
//
|
|
// IPX addresses. Compare the network and node addresses.
|
|
//
|
|
|
|
if( (Address1Length>=sizeof (TA_IPX_ADDRESS)) &&
|
|
ipx1->NetworkAddress == ipx2->NetworkAddress &&
|
|
RtlEqualMemory(
|
|
ipx1->NodeAddress,
|
|
ipx2->NodeAddress,
|
|
sizeof(ipx1->NodeAddress)
|
|
) ) {
|
|
return TRUE;
|
|
}
|
|
|
|
}
|
|
return FALSE;
|
|
|
|
case TDI_ADDRESS_TYPE_APPLETALK : {
|
|
|
|
TDI_ADDRESS_APPLETALK UNALIGNED * atalk1;
|
|
TDI_ADDRESS_APPLETALK UNALIGNED * atalk2;
|
|
|
|
atalk1 = (PVOID)&Address1->Address[0].Address[0];
|
|
atalk2 = (PVOID)&Address2->Address[0].Address[0];
|
|
|
|
//
|
|
// APPLETALK address. Compare the network and node
|
|
// addresses.
|
|
//
|
|
|
|
if( (Address1Length>=sizeof (TA_APPLETALK_ADDRESS)) &&
|
|
(atalk1->Network == atalk2->Network) &&
|
|
(atalk1->Node == atalk2->Node) ) {
|
|
return TRUE;
|
|
}
|
|
|
|
}
|
|
return FALSE;
|
|
|
|
case TDI_ADDRESS_TYPE_VNS : {
|
|
|
|
TDI_ADDRESS_VNS UNALIGNED * vns1;
|
|
TDI_ADDRESS_VNS UNALIGNED * vns2;
|
|
|
|
vns1 = (PVOID)&Address1->Address[0].Address[0];
|
|
vns2 = (PVOID)&Address2->Address[0].Address[0];
|
|
|
|
//
|
|
// VNS addresses. Compare the network and subnet addresses.
|
|
//
|
|
|
|
if( (Address1Length>=sizeof (TA_VNS_ADDRESS)) &&
|
|
RtlEqualMemory(
|
|
vns1->net_address,
|
|
vns2->net_address,
|
|
sizeof(vns1->net_address)
|
|
) &&
|
|
RtlEqualMemory(
|
|
vns1->subnet_addr,
|
|
vns2->subnet_addr,
|
|
sizeof(vns1->subnet_addr)
|
|
) ) {
|
|
return TRUE;
|
|
}
|
|
|
|
}
|
|
return FALSE;
|
|
|
|
default :
|
|
|
|
//
|
|
// Unknown address type. Do a simple memory compare.
|
|
//
|
|
|
|
return (BOOLEAN)RtlEqualMemory(
|
|
Address1,
|
|
Address2,
|
|
Address2Length
|
|
);
|
|
|
|
}
|
|
|
|
} // AfdCompareAddresses
|
|
|
|
NTSTATUS
|
|
AfdGetUnacceptedConnectData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG IoctlCode,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
IN PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PUINT_PTR Information
|
|
)
|
|
{
|
|
|
|
PAFD_ENDPOINT endpoint;
|
|
PAFD_CONNECTION connection;
|
|
PAFD_CONNECT_DATA_BUFFERS connectDataBuffers;
|
|
AFD_UNACCEPTED_CONNECT_DATA_INFO connectInfo;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
ULONG dataLength;
|
|
PMDL mdl;
|
|
NTSTATUS status;
|
|
UCHAR localBuffer[AFD_FAST_CONNECT_DATA_SIZE];
|
|
|
|
//
|
|
// Set up local pointers.
|
|
//
|
|
|
|
endpoint = FileObject->FsContext;
|
|
ASSERT( IS_AFD_ENDPOINT_TYPE( endpoint ) );
|
|
|
|
status = STATUS_SUCCESS;
|
|
mdl = NULL;
|
|
*Information = 0;
|
|
|
|
//
|
|
// Validate the request.
|
|
//
|
|
|
|
if( !endpoint->Listening ||
|
|
InputBufferLength < sizeof(connectInfo) ) {
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
}
|
|
|
|
try {
|
|
//
|
|
// Validate the input structure if it comes from the user mode
|
|
// application
|
|
//
|
|
|
|
if (RequestorMode != KernelMode ) {
|
|
ProbeForRead (InputBuffer,
|
|
sizeof (connectInfo),
|
|
PROBE_ALIGNMENT(AFD_UNACCEPTED_CONNECT_DATA_INFO));
|
|
}
|
|
|
|
//
|
|
// Make local copies of the embeded pointer and parameters
|
|
// that we will be using more than once in case malicios
|
|
// application attempts to change them while we are
|
|
// validating
|
|
//
|
|
|
|
connectInfo = *((PAFD_UNACCEPTED_CONNECT_DATA_INFO)InputBuffer);
|
|
|
|
if (connectInfo.LengthOnly &&
|
|
OutputBufferLength<sizeof (connectInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
}
|
|
|
|
if (OutputBufferLength>0) {
|
|
if (OutputBufferLength>sizeof (localBuffer)) {
|
|
mdl = IoAllocateMdl(
|
|
OutputBuffer, // VirtualAddress
|
|
OutputBufferLength, // Length
|
|
FALSE, // SecondaryBuffer
|
|
TRUE, // ChargeQuota
|
|
NULL // Irp
|
|
);
|
|
if (mdl==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
|
|
MmProbeAndLockPages(
|
|
mdl, // MemoryDescriptorList
|
|
RequestorMode, // AccessMode
|
|
IoWriteAccess // Operation
|
|
);
|
|
OutputBuffer = MmGetSystemAddressForMdlSafe(mdl, LowPagePriority);
|
|
if (OutputBuffer==NULL) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
}
|
|
else {
|
|
if (RequestorMode!=KernelMode) {
|
|
ProbeForWrite (OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof (UCHAR));
|
|
}
|
|
}
|
|
}
|
|
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
goto exit;
|
|
}
|
|
|
|
AfdAcquireSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// Find the specified connection.
|
|
//
|
|
|
|
connection = AfdFindReturnedConnection(
|
|
endpoint,
|
|
connectInfo.Sequence
|
|
);
|
|
|
|
if( connection == NULL ) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto exit;
|
|
|
|
}
|
|
|
|
//
|
|
// Determine the length of any received connect data.
|
|
//
|
|
|
|
dataLength = 0;
|
|
connectDataBuffers = connection->ConnectDataBuffers;
|
|
|
|
if( connectDataBuffers != NULL &&
|
|
connectDataBuffers->ReceiveConnectData.Buffer != NULL ) {
|
|
|
|
dataLength = connectDataBuffers->ReceiveConnectData.BufferLength;
|
|
|
|
}
|
|
|
|
//
|
|
// If the caller is just interested in the data length, return it.
|
|
//
|
|
|
|
if( connectInfo.LengthOnly ) {
|
|
|
|
connectInfo.ConnectDataLength = dataLength;
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
try {
|
|
RtlCopyMemory (OutputBuffer,
|
|
&connectInfo,
|
|
sizeof (connectInfo));
|
|
*Information = sizeof (connectInfo);
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
except (AFD_EXCEPTION_FILTER (&status)) {
|
|
}
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If there is no connect data, complete the IRP with no bytes.
|
|
//
|
|
|
|
if( dataLength == 0 ) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_SUCCESS;
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If the output buffer is too small, fail.
|
|
//
|
|
|
|
if( OutputBufferLength < dataLength ) {
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
goto exit;
|
|
}
|
|
|
|
RtlCopyMemory(
|
|
mdl ? OutputBuffer : localBuffer,
|
|
connectDataBuffers->ReceiveConnectData.Buffer,
|
|
dataLength
|
|
);
|
|
|
|
*Information = dataLength;
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
if (mdl==NULL) {
|
|
try {
|
|
RtlCopyMemory (OutputBuffer,
|
|
localBuffer,
|
|
*Information);
|
|
}
|
|
except (AFD_EXCEPTION_FILTER(&status)) {
|
|
*Information = 0;
|
|
}
|
|
}
|
|
|
|
exit:
|
|
|
|
if (mdl!=NULL) {
|
|
if (mdl->MdlFlags & MDL_PAGES_LOCKED) {
|
|
MmUnlockPages (mdl);
|
|
}
|
|
IoFreeMdl (mdl);
|
|
}
|
|
|
|
return status;
|
|
|
|
} // AfdGetUnacceptedConnectData
|
|
|
|
#ifdef _WIN64
|
|
ULONG
|
|
AfdComputeCMSGLength32 (
|
|
PVOID ControlBuffer,
|
|
ULONG ControlLength
|
|
)
|
|
{
|
|
ULONG length = 0;
|
|
|
|
ASSERT (ControlLength>=sizeof (TDI_CMSGHDR));
|
|
|
|
while (ControlLength>=sizeof (TDI_CMSGHDR)) {
|
|
PTDI_CMSGHDR hdr;
|
|
|
|
hdr = ControlBuffer;
|
|
|
|
//
|
|
// Data comes from the trusted kernel mode driver source.
|
|
//
|
|
ASSERT (ControlLength >= TDI_CMSGHDR_ALIGN((hdr)->cmsg_len));
|
|
ControlLength -= (ULONG)TDI_CMSGHDR_ALIGN((hdr)->cmsg_len);
|
|
ControlBuffer = (PUCHAR)ControlBuffer +
|
|
TDI_CMSGHDR_ALIGN((hdr)->cmsg_len);
|
|
|
|
length += (ULONG)TDI_CMSGHDR_ALIGN32(
|
|
(hdr)->cmsg_len -
|
|
TDI_CMSGDATA_ALIGN (sizeof (TDI_CMSGHDR)) +
|
|
TDI_CMSGDATA_ALIGN32(sizeof(TDI_CMSGHDR32)) );
|
|
|
|
}
|
|
|
|
ASSERT (ControlLength==0);
|
|
|
|
return length;
|
|
}
|
|
|
|
VOID
|
|
AfdCopyCMSGBuffer32 (
|
|
PVOID Dst,
|
|
PVOID ControlBuffer,
|
|
ULONG CopyLength
|
|
)
|
|
{
|
|
while (CopyLength>=sizeof (TDI_CMSGHDR32)) {
|
|
PTDI_CMSGHDR hdr;
|
|
PTDI_CMSGHDR32 hdr32;
|
|
|
|
hdr = ControlBuffer;
|
|
hdr32 = Dst;
|
|
|
|
hdr32->cmsg_len = (ULONG)( (hdr)->cmsg_len -
|
|
TDI_CMSGDATA_ALIGN (sizeof (TDI_CMSGHDR)) +
|
|
TDI_CMSGDATA_ALIGN32(sizeof(TDI_CMSGHDR32)) );
|
|
hdr32->cmsg_level = hdr->cmsg_level;
|
|
hdr32->cmsg_type = hdr->cmsg_type;
|
|
|
|
if (CopyLength<(ULONG)TDI_CMSGHDR_ALIGN32(hdr32->cmsg_len))
|
|
break;
|
|
|
|
CopyLength -= (ULONG)TDI_CMSGHDR_ALIGN32(hdr32->cmsg_len);
|
|
|
|
RtlMoveMemory ((PUCHAR)hdr32+TDI_CMSGDATA_ALIGN32(sizeof(TDI_CMSGHDR32)),
|
|
(PUCHAR)hdr+TDI_CMSGDATA_ALIGN(sizeof(TDI_CMSGHDR)),
|
|
hdr32->cmsg_len-TDI_CMSGDATA_ALIGN32(sizeof(TDI_CMSGHDR32)));
|
|
|
|
ControlBuffer = (PUCHAR)ControlBuffer +
|
|
TDI_CMSGHDR_ALIGN((hdr)->cmsg_len);
|
|
|
|
Dst = (PUCHAR)Dst + TDI_CMSGHDR_ALIGN32((hdr32)->cmsg_len);
|
|
}
|
|
|
|
}
|
|
#endif //_WIN64
|
|
|
|
//
|
|
// This is currently not used by helper dlls.
|
|
// Commented out because of security concerns
|
|
//
|
|
#if 0
|
|
//
|
|
// Context structure allocated for non-blocking IOCTLs
|
|
//
|
|
|
|
typedef struct _AFD_NBIOCTL_CONTEXT {
|
|
AFD_REQUEST_CONTEXT Context; // Context to keep track of request
|
|
ULONG PollEvent; // Poll event to signal upon completion
|
|
// IRP Irp; // Irp to queue transport
|
|
// PCHAR SystemBuffer; // Input buffer if method!=3
|
|
} AFD_NBIOCTL_CONTEXT, *PAFD_NBIOCTL_CONTEXT;
|
|
|
|
|
|
|
|
NTSTATUS
|
|
FASTCALL
|
|
AfdDoTransportIoctl (
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Passes the request from the helper DLL to the TDI transport
|
|
driver. In oreder to let the IO system properly complete asynchronous
|
|
IOCTL issued by the helper DLL, it should come on the socket handle
|
|
(afd endpoint object), and then afd redirects it to the transport
|
|
driver on the handle that herlper DLL specifies (normally address,
|
|
connection, or control channel handle)
|
|
|
|
Arguments:
|
|
|
|
Irp
|
|
|
|
IrpSp
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
|
|
{
|
|
PAFD_ENDPOINT endpoint;
|
|
AFD_TRANSPORT_IOCTL_INFO ioctlInfo;
|
|
PFILE_OBJECT fileObject;
|
|
PDEVICE_OBJECT deviceObject;
|
|
ULONG method;
|
|
PIRP newIrp;
|
|
PIO_STACK_LOCATION nextSp;
|
|
PAFD_REQUEST_CONTEXT requestCtx;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE ();
|
|
|
|
endpoint = IrpSp->FileObject->FsContext;
|
|
ASSERT (IS_AFD_ENDPOINT_TYPE (endpoint));
|
|
|
|
method = IrpSp->Parameters.DeviceIoControl.IoControlCode & 3;
|
|
|
|
if (method==METHOD_NEITHER) {
|
|
|
|
//
|
|
// We have to manually verify input buffer
|
|
//
|
|
|
|
try {
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (Irp)) {
|
|
PAFD_TRANSPORT_IOCTL_INFO32 ioctlInfo32;
|
|
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength<sizeof (*ioctlInfo32)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
}
|
|
ioctlInfo32 = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
|
|
if( Irp->RequestorMode != KernelMode ) {
|
|
ProbeForRead(
|
|
ioctlInfo32,
|
|
sizeof(*ioctlInfo32),
|
|
PROBE_ALIGNEMENT(AFD_TRANSPORT_IOCTL_INFO32)
|
|
);
|
|
}
|
|
ioctlInfo.Handle = ioctlInfo32->Handle;
|
|
ioctlInfo.InputBuffer = ioctlInfo32->InputBuffer;
|
|
ioctlInfo.InputBufferLength = ioctlInfo32->InputBufferLength;
|
|
ioctlInfo.IoControlCode = ioctlInfo32->IoControlCode;
|
|
ioctlInfo.AfdFlags = ioctlInfo32->AfdFlags;
|
|
ioctlInfo.PollEvent = ioctlInfo32->PollEvent;
|
|
}
|
|
else
|
|
#endif // _WIN64
|
|
{
|
|
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength<sizeof (ioctlInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
}
|
|
|
|
if( Irp->RequestorMode != KernelMode ) {
|
|
ProbeForRead(
|
|
IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
|
|
sizeof(ioctlInfo),
|
|
PROBE_ALIGNMENT(AFD_TRANSPORT_IOCTL_INFO)
|
|
);
|
|
}
|
|
ioctlInfo = *((PAFD_TRANSPORT_IOCTL_INFO)
|
|
IrpSp->Parameters.DeviceIoControl.Type3InputBuffer);
|
|
}
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
//
|
|
// Exception accessing input structure.
|
|
//
|
|
|
|
goto Complete;
|
|
}
|
|
}
|
|
else {
|
|
|
|
#ifdef _WIN64
|
|
if (IoIs32bitProcess (Irp)) {
|
|
PAFD_TRANSPORT_IOCTL_INFO32 ioctlInfo32;
|
|
|
|
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength<sizeof (*ioctlInfo32)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
}
|
|
|
|
ioctlInfo32 = Irp->AssociatedIrp.SystemBuffer;
|
|
ioctlInfo.Handle = ioctlInfo32->Handle;
|
|
ioctlInfo.InputBuffer = ioctlInfo32->InputBuffer;
|
|
ioctlInfo.InputBufferLength = ioctlInfo32->InputBufferLength;
|
|
ioctlInfo.IoControlCode = ioctlInfo32->IoControlCode;
|
|
ioctlInfo.AfdFlags = ioctlInfo32->AfdFlags;
|
|
ioctlInfo.PollEvent = ioctlInfo32->PollEvent;
|
|
}
|
|
else
|
|
#endif // _WIN64
|
|
{
|
|
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength<sizeof (ioctlInfo)) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
}
|
|
|
|
//
|
|
// Just copy the buffer verified by the IO system
|
|
//
|
|
|
|
ioctlInfo = *((PAFD_TRANSPORT_IOCTL_INFO)
|
|
Irp->AssociatedIrp.SystemBuffer);
|
|
}
|
|
|
|
}
|
|
|
|
|
|
//
|
|
// We rely as much as we can on the IO system to process
|
|
// IOCTL parameters for us. For this we have to make
|
|
// sure that method of AFD and helper DLL IOCTLs
|
|
// are the same, otherwise, someone can play tricks with
|
|
// buffer verification on us.
|
|
//
|
|
// If endpoint is non-blocking and request is not overlapped
|
|
// helper DLL MUST specify an event to check before queueing
|
|
// the request/signal upon its completion
|
|
//
|
|
|
|
if ((method!=(ioctlInfo.IoControlCode & 3))
|
|
|| (endpoint->NonBlocking
|
|
&& !(ioctlInfo.AfdFlags & AFD_OVERLAPPED)
|
|
&& !ioctlInfo.PollEvent)
|
|
) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
goto Complete;
|
|
}
|
|
|
|
|
|
//
|
|
// Make sure application has access to handle
|
|
// and get object reference
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle(
|
|
ioctlInfo.Handle,
|
|
(ioctlInfo.IoControlCode >> 14) & 3, // DesiredAccess
|
|
*IoFileObjectType, // Must be a file object
|
|
Irp->RequestorMode,
|
|
(PVOID *)&fileObject,
|
|
NULL
|
|
);
|
|
|
|
if (NT_SUCCESS(status)) {
|
|
|
|
//
|
|
// Get the device object of the driver to which we send the IRP
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject (fileObject);
|
|
|
|
//
|
|
// If this is a non-blocking endpoint and IO is not overlapped
|
|
// and the specified event is not signalled,
|
|
// we'll have complete the helper DLL IRP with
|
|
// STATUS_DEVICE_NOT_READY (translates to WSAEWOUDLBLOCK)
|
|
// and queue another IRP to the transport so that
|
|
// the specified event can be completed when IRP is completed
|
|
//
|
|
|
|
if (endpoint->NonBlocking
|
|
&& !(ioctlInfo.AfdFlags & AFD_OVERLAPPED)
|
|
&& !(ioctlInfo.PollEvent & endpoint->EventsActive)) {
|
|
|
|
PAFD_NBIOCTL_CONTEXT nbIoctlCtx;
|
|
USHORT irpSize;
|
|
ULONG allocSize;
|
|
|
|
irpSize = IoSizeOfIrp (deviceObject->StackSize);
|
|
|
|
//
|
|
// Compute the block size and check for overflow
|
|
//
|
|
allocSize = sizeof (*nbIoctlCtx) + irpSize + ioctlInfo.InputBufferLength;
|
|
if (allocSize < ioctlInfo.InputBufferLength ||
|
|
allocSize < irpSize) {
|
|
status = STATUS_INVALID_PARAMETER;
|
|
ObDereferenceObject (fileObject);
|
|
goto Complete;
|
|
}
|
|
|
|
//
|
|
// Allocate an IRP and associated strucutures
|
|
//
|
|
|
|
try {
|
|
nbIoctlCtx = AFD_ALLOCATE_POOL_WITH_QUOTA (
|
|
NonPagedPool,
|
|
allocSize,
|
|
AFD_TRANSPORT_IRP_POOL_TAG
|
|
);
|
|
|
|
// AFD_ALLOCATE_POOL_WITH_QUOTA macro sets POOL_RAISE_IF_ALLOCATION_FAILURE flag
|
|
ASSERT (nbIoctlCtx!=NULL);
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
status = GetExceptionCode ();
|
|
ObDereferenceObject (fileObject);
|
|
goto Complete;
|
|
}
|
|
|
|
//
|
|
// Initialize context structures
|
|
//
|
|
|
|
requestCtx = &nbIoctlCtx->Context;
|
|
requestCtx->CleanupRoutine = AfdCleanupNBTransportIoctl;
|
|
nbIoctlCtx->PollEvent = ioctlInfo.PollEvent;
|
|
|
|
//
|
|
// Initialize IRP itself
|
|
//
|
|
|
|
newIrp = (PIRP)(nbIoctlCtx+1);
|
|
IoInitializeIrp( newIrp, irpSize, deviceObject->StackSize);
|
|
newIrp->RequestorMode = KernelMode;
|
|
newIrp->Tail.Overlay.AuxiliaryBuffer = NULL;
|
|
newIrp->Tail.Overlay.OriginalFileObject = IrpSp->FileObject;
|
|
|
|
nextSp = IoGetNextIrpStackLocation (newIrp);
|
|
|
|
if ((ioctlInfo.InputBuffer!=NULL)
|
|
&& (ioctlInfo.InputBufferLength>0)) {
|
|
|
|
//
|
|
// If helper DLL specified input buffer
|
|
// we'll have to make a copy of it in case
|
|
// driver really pends the IRP while we complete the
|
|
// helper DLL IRP an system frees the input buffer
|
|
//
|
|
|
|
PVOID newBuffer;
|
|
|
|
newBuffer = (PUCHAR)newIrp+IoSizeOfIrp(deviceObject->StackSize);
|
|
try {
|
|
if (Irp->RequestorMode != KernelMode) {
|
|
ProbeForRead(
|
|
ioctlInfo.InputBuffer,
|
|
ioctlInfo.InputBufferLength,
|
|
sizeof(UCHAR)
|
|
);
|
|
}
|
|
RtlCopyMemory (newBuffer,
|
|
ioctlInfo.InputBuffer,
|
|
ioctlInfo.InputBufferLength);
|
|
} except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
|
|
//
|
|
// Exception accessing input structure.
|
|
//
|
|
|
|
AFD_FREE_POOL (nbIoctlCtx, AFD_TRANSPORT_IRP_POOL_TAG);
|
|
ObDereferenceObject (fileObject);
|
|
goto Complete;
|
|
|
|
}
|
|
|
|
//
|
|
// Store new buffer parameters in appropriate places
|
|
// in the IRP depending on the method
|
|
//
|
|
|
|
if (method==METHOD_NEITHER) {
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer = newBuffer;
|
|
newIrp->AssociatedIrp.SystemBuffer = NULL;
|
|
}
|
|
else {
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer = NULL;
|
|
newIrp->AssociatedIrp.SystemBuffer = newBuffer;
|
|
}
|
|
nextSp->Parameters.DeviceIoControl.InputBufferLength =
|
|
ioctlInfo.InputBufferLength;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// No input buffer, clear correspoinding entries
|
|
//
|
|
|
|
nextSp->Parameters.DeviceIoControl.InputBufferLength = 0;
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer = NULL;
|
|
newIrp->AssociatedIrp.SystemBuffer = NULL;
|
|
|
|
}
|
|
|
|
//
|
|
// NOTE: We do not allow output buffer parameters on
|
|
// non-blocking calls because the output buffer is deallocated
|
|
// when we complete helper DLL IRP
|
|
//
|
|
// Done during IRP initialization (IoInitializeIrp)
|
|
// newIrp->MdlAddress = NULL;
|
|
// newIrp->UserBuffer = NULL;
|
|
// nextSp->Parameters.DeviceIoControl.OutputBufferLength = 0;
|
|
|
|
IoSetCompletionRoutine( newIrp, AfdCompleteNBTransportIoctl,
|
|
nbIoctlCtx,
|
|
TRUE, TRUE, TRUE );
|
|
}
|
|
else {
|
|
|
|
//
|
|
// Blocking call, reuse the application's IRP
|
|
//
|
|
|
|
newIrp = Irp;
|
|
nextSp = IoGetNextIrpStackLocation (Irp);
|
|
nextSp->Parameters.DeviceIoControl.OutputBufferLength =
|
|
IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
|
|
|
|
|
|
if ((ioctlInfo.InputBuffer!=NULL)
|
|
&& (ioctlInfo.InputBufferLength>0)) {
|
|
|
|
//
|
|
// If application wants to pass input buffer to transport,
|
|
// we'll have to copy it to the system buffer allocated with
|
|
// Irp
|
|
//
|
|
|
|
if (method!=METHOD_NEITHER) {
|
|
ULONG sysBufferLength;
|
|
if (method==METHOD_BUFFERED) {
|
|
sysBufferLength = max (
|
|
IrpSp->Parameters.DeviceIoControl.InputBufferLength,
|
|
IrpSp->Parameters.DeviceIoControl.OutputBufferLength);
|
|
}
|
|
else {
|
|
sysBufferLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
|
|
}
|
|
|
|
|
|
//
|
|
// Methods 0-2 use system buffer to pass input
|
|
// parameters and we need to reuse original system buffer
|
|
// Make sure it has enough space for this purpose
|
|
//
|
|
|
|
try {
|
|
if (Irp->RequestorMode != KernelMode) {
|
|
ProbeForRead(
|
|
ioctlInfo.InputBuffer,
|
|
ioctlInfo.InputBufferLength,
|
|
sizeof(UCHAR)
|
|
);
|
|
}
|
|
|
|
if (ioctlInfo.InputBufferLength>sysBufferLength){
|
|
PVOID newSystemBuffer;
|
|
newSystemBuffer = ExAllocatePoolWithQuotaTag (
|
|
NonPagedPoolCacheAligned,
|
|
ioctlInfo.InputBufferLength,
|
|
AFD_TRANSPORT_IRP_POOL_TAG
|
|
);
|
|
if (newSystemBuffer==NULL) {
|
|
ExRaiseStatus (STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
ExFreePool (Irp->AssociatedIrp.SystemBuffer);
|
|
Irp->AssociatedIrp.SystemBuffer = newSystemBuffer;
|
|
}
|
|
|
|
//
|
|
// Copy application data to the system buffer
|
|
//
|
|
|
|
RtlCopyMemory (Irp->AssociatedIrp.SystemBuffer,
|
|
ioctlInfo.InputBuffer,
|
|
ioctlInfo.InputBufferLength);
|
|
|
|
}
|
|
except( AFD_EXCEPTION_FILTER(&status) ) {
|
|
ObDereferenceObject (fileObject);
|
|
goto Complete;
|
|
|
|
}
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer = NULL;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// METHOD_NEITHER, just pass whatever application
|
|
// passed to use, the driver should handle it
|
|
// appropriately.
|
|
//
|
|
// This is of course a potentialy security breach
|
|
// if transport driver is buggy
|
|
//
|
|
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer
|
|
= ioctlInfo.InputBuffer;
|
|
}
|
|
nextSp->Parameters.DeviceIoControl.InputBufferLength
|
|
= ioctlInfo.InputBufferLength;
|
|
|
|
}
|
|
else {
|
|
|
|
//
|
|
// No input buffer, clear correspoiding parameters
|
|
// Note that we can't clean system buffer as
|
|
// it has to be deallocated on completion
|
|
//
|
|
|
|
nextSp->Parameters.DeviceIoControl.Type3InputBuffer = NULL;
|
|
nextSp->Parameters.DeviceIoControl.InputBufferLength = 0;
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// We reuse our stack location parameters area for context
|
|
//
|
|
|
|
requestCtx = (PAFD_REQUEST_CONTEXT)&IrpSp->Parameters.DeviceIoControl;
|
|
requestCtx->CleanupRoutine = AfdCleanupTransportIoctl;
|
|
|
|
IoSetCompletionRoutine( newIrp, AfdCompleteTransportIoctl,
|
|
requestCtx, TRUE, TRUE, TRUE );
|
|
}
|
|
|
|
//
|
|
// Set the rest of IRP fields.
|
|
//
|
|
|
|
nextSp->MajorFunction = IRP_MJ_DEVICE_CONTROL;
|
|
nextSp->FileObject = fileObject;
|
|
nextSp->Parameters.DeviceIoControl.IoControlCode = ioctlInfo.IoControlCode;
|
|
|
|
|
|
//
|
|
// Insert context into the endpoint list so we can cancel
|
|
// the IRP when endpoint is being closed and reference endpoint
|
|
// so it does not go away until this IRP is completed
|
|
//
|
|
|
|
requestCtx->Context = newIrp;
|
|
REFERENCE_ENDPOINT (endpoint);
|
|
AfdEnqueueRequest(endpoint,requestCtx);
|
|
|
|
//
|
|
// Finally call the transport driver
|
|
//
|
|
|
|
status = IoCallDriver (deviceObject, newIrp);
|
|
|
|
//
|
|
// We no longer need our private reference to the file object
|
|
// IO system will take care of keeping this reference while our IRP
|
|
// is there
|
|
//
|
|
|
|
ObDereferenceObject (fileObject);
|
|
|
|
//
|
|
// If we used helper DLL IRP, just return whatever transport
|
|
// driver returned to us
|
|
//
|
|
|
|
if (newIrp==Irp)
|
|
return status;
|
|
|
|
//
|
|
// If driver pended or immediately completed non-blocking call,
|
|
// make sure helper DLL gets WSAEWOULDBLOCK. It will have to
|
|
// call again whenever the driver completes the IRP and corresponding
|
|
// event is set (if driver completed the IRP, event is set already).
|
|
//
|
|
|
|
if (NT_SUCCESS (status))
|
|
status = STATUS_DEVICE_NOT_READY;
|
|
}
|
|
|
|
//
|
|
// Complete the application request in case of processing failure or
|
|
// non-blocking call
|
|
//
|
|
Complete:
|
|
|
|
Irp->IoStatus.Information = 0;
|
|
Irp->IoStatus.Status = status;
|
|
IoCompleteRequest( Irp, AfdPriorityBoost );
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
AfdCompleteTransportIoctl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Called to complete transport driver IOCTL for blocking endpoints
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
STATUS_SUCCESS - IO system should finish IRP processing
|
|
STATUS_MORE_PROCESSING_REQUIRED - we are not yet done (we are actually
|
|
in the middle of cancelling)
|
|
|
|
--*/
|
|
{
|
|
PAFD_ENDPOINT endpoint = Irp->Tail.Overlay.OriginalFileObject->FsContext;
|
|
PAFD_REQUEST_CONTEXT requestCtx = Context;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
NTSTATUS status = STATUS_SUCCESS;
|
|
|
|
//
|
|
// We used Parameters structure in our stack location for context
|
|
//
|
|
ASSERT (&(IoGetCurrentIrpStackLocation(Irp)->Parameters.DeviceIoControl)
|
|
==Context);
|
|
|
|
ASSERT (IS_AFD_ENDPOINT_TYPE (endpoint));
|
|
|
|
AfdAcquireSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// We use list entry fields to synchronize with cleanup/cancel
|
|
// routine assuming that as long as the entry is in the list
|
|
// both Flink and Blink fields cannot be NULL. (using these
|
|
// fields for synchronization allows us to cut down on
|
|
// cancel spinlock usage)
|
|
//
|
|
|
|
if (AfdIsRequestInQueue(requestCtx)) {
|
|
|
|
//
|
|
// Context is still in the list, just remove it so
|
|
// noone can see it anymore
|
|
//
|
|
|
|
RemoveEntryList (&requestCtx->EndpointListLink);
|
|
}
|
|
else if (AfdIsRequestCompleted(requestCtx)) {
|
|
|
|
//
|
|
// During endpoint cleanup, this context was removed from the
|
|
// list and cancel routine is about to be called, don't let
|
|
// IO system free this IRP until cancel routine is called
|
|
// Also, indicate to the cancel routine that we are done
|
|
// with this IRP and it can complete it.
|
|
//
|
|
|
|
AfdMarkRequestCompleted (requestCtx);
|
|
status = STATUS_MORE_PROCESSING_REQUIRED;
|
|
}
|
|
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// Release reference added when we posted this IRP
|
|
//
|
|
DEREFERENCE_ENDPOINT (endpoint);
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
AfdCompleteNBTransportIoctl (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PVOID Context
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Called to complete transport driver IOCTL for non-blocking endpoints
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
STATUS_MORE_PROCESSING_REQUIRED - we handle releasing resources
|
|
for this IRP ourselves
|
|
|
|
--*/
|
|
{
|
|
PAFD_ENDPOINT endpoint = Irp->Tail.Overlay.OriginalFileObject->FsContext;
|
|
PAFD_NBIOCTL_CONTEXT nbIoctlCtx = Context;
|
|
PAFD_REQUEST_CONTEXT requestCtx = &nbIoctlCtx->Context;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
|
|
//
|
|
// The irp should be a part of our notify structure
|
|
//
|
|
|
|
ASSERT (Irp==(PIRP)(nbIoctlCtx+1));
|
|
ASSERT (IS_AFD_ENDPOINT_TYPE (endpoint));
|
|
|
|
|
|
|
|
//
|
|
// First indicate the event reported by the driver
|
|
//
|
|
|
|
ASSERT (nbIoctlCtx->PollEvent!=0);
|
|
AfdIndicatePollEvent (endpoint, 1<<nbIoctlCtx->PollEvent, Irp->IoStatus.Status);
|
|
|
|
AfdAcquireSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
AfdIndicateEventSelectEvent (endpoint, 1<<nbIoctlCtx->PollEvent, Irp->IoStatus.Status);
|
|
|
|
//
|
|
// We use list entry fields to synchronize with cleanup/cancel
|
|
// routine assuming that as long as the entry is in the list
|
|
// both Flink and Blink fields cannot be NULL. (using these
|
|
// fields for synchronization allows us to cut down on
|
|
// cancel spinlock usage)
|
|
//
|
|
|
|
if (AfdIsRequestInQueue(requestCtx)) {
|
|
//
|
|
// Context is still in the list, just remove it so
|
|
// noone can see it anymore and free the structure
|
|
//
|
|
|
|
RemoveEntryList (&requestCtx->EndpointListLink);
|
|
AFD_FREE_POOL (nbIoctlCtx, AFD_TRANSPORT_IRP_POOL_TAG);
|
|
}
|
|
else if (AfdIsRequestCompleted (requestCtx)) {
|
|
|
|
//
|
|
// During endpoint cleanup, this context was removed from the
|
|
// list and cancel routine is about to be called, don't
|
|
// free this IRP until cancel routine is called
|
|
// Also, indicate to the cancel routine that we are done
|
|
// with this IRP and it can free it.
|
|
//
|
|
|
|
AfdMarkRequestCompleted (requestCtx);
|
|
}
|
|
else {
|
|
//
|
|
// Cancel routine has completed processing this request, free it
|
|
//
|
|
AFD_FREE_POOL (nbIoctlCtx, AFD_TRANSPORT_IRP_POOL_TAG);
|
|
}
|
|
AfdReleaseSpinLock( &endpoint->SpinLock, &lockHandle );
|
|
|
|
//
|
|
// Release reference added when we posted this IRP
|
|
//
|
|
|
|
DEREFERENCE_ENDPOINT (endpoint);
|
|
|
|
return STATUS_MORE_PROCESSING_REQUIRED;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
AfdCleanupTransportIoctl (
|
|
PAFD_ENDPOINT Endpoint,
|
|
PAFD_REQUEST_CONTEXT RequestCtx
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Cancels outstanding transport IOCTL during endpoint cleanup
|
|
Used for blocking requests.
|
|
|
|
Arguments:
|
|
|
|
Endpoint - endpoint on which IOCTL was issued
|
|
|
|
RequestCtx - context associated with the request
|
|
|
|
Return Value:
|
|
|
|
TRUE - request has been completed
|
|
FALSE - request is still in driver's queue
|
|
|
|
--*/
|
|
{
|
|
PIRP Irp = RequestCtx->Context;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
//
|
|
// First attempt to cancel the IRP, if it is already completed
|
|
// this is just a no-op. In no case IRP and request structure
|
|
// could have been freed until we mark it as completed as
|
|
// the caller of this routine should have marked the request
|
|
// as being cancelled
|
|
//
|
|
|
|
ASSERT (RequestCtx->EndpointListLink.Flink==NULL);
|
|
|
|
IoCancelIrp (Irp);
|
|
|
|
AfdAcquireSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
if (AfdIsRequestCompleted (RequestCtx)) {
|
|
//
|
|
// Driver has initiated the completion of the request
|
|
// as we were cancelling it.
|
|
// "Complete the completion"
|
|
//
|
|
AfdReleaseSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
IoCompleteRequest (Irp, IO_NO_INCREMENT);
|
|
|
|
return TRUE;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// Driver has not completed the request before returning
|
|
// from cancel routine, mark the request to indicate
|
|
// that we are done with it and completion routine
|
|
// can free it
|
|
//
|
|
|
|
AfdMarkRequestCompleted (RequestCtx);
|
|
AfdReleaseSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
return FALSE;
|
|
}
|
|
|
|
}
|
|
|
|
BOOLEAN
|
|
AfdCleanupNBTransportIoctl (
|
|
PAFD_ENDPOINT Endpoint,
|
|
PAFD_REQUEST_CONTEXT RequestCtx
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Cancels outstanding transport IOCTL during endpoint cleanup
|
|
Used for non-blocking requests
|
|
|
|
Arguments:
|
|
|
|
Endpoint - endpoint on which IOCTL was issued
|
|
|
|
RequestCtx - context associated with the request
|
|
|
|
Return Value:
|
|
|
|
TRUE - request has been completed
|
|
FALSE - request is still in driver's queue
|
|
|
|
--*/
|
|
{
|
|
PIRP Irp = RequestCtx->Context;
|
|
AFD_LOCK_QUEUE_HANDLE lockHandle;
|
|
|
|
//
|
|
// The IRP should be a part of the context block, verify.
|
|
//
|
|
ASSERT (Irp==(PIRP)(CONTAINING_RECORD (RequestCtx, AFD_NBIOCTL_CONTEXT, Context)+1));
|
|
|
|
//
|
|
// First attempt to cancel the IRP, if it is already completed
|
|
// this is just a no-op. In no case IRP and request structure
|
|
// could have been freed until we mark it as completed as
|
|
// the caller of this routine should have marked the request
|
|
// as being cancelled
|
|
//
|
|
|
|
ASSERT (RequestCtx->EndpointListLink.Flink==NULL);
|
|
|
|
IoCancelIrp (Irp);
|
|
|
|
|
|
AfdAcquireSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
if (AfdIsRequestCompleted (RequestCtx)) {
|
|
//
|
|
// Driver has initiated the completion of the request
|
|
// as we were cancelling it.
|
|
// Free the context structure.
|
|
//
|
|
AfdReleaseSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
AFD_FREE_POOL (
|
|
CONTAINING_RECORD (RequestCtx, AFD_NBIOCTL_CONTEXT, Context),
|
|
AFD_TRANSPORT_IRP_POOL_TAG);
|
|
|
|
return TRUE;
|
|
}
|
|
else {
|
|
|
|
//
|
|
// Driver has not completed the request before returning
|
|
// from cancel routine, mark the request to indicate
|
|
// that we are done with it and completion routine
|
|
// can free it
|
|
//
|
|
|
|
AfdMarkRequestCompleted (RequestCtx);
|
|
AfdReleaseSpinLock (&Endpoint->SpinLock, &lockHandle);
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
}
|
|
#endif // NOT_YET
|
|
|
|
|
|
NTSTATUS
|
|
AfdQueryProviderInfo (
|
|
IN PUNICODE_STRING TransportDeviceName,
|
|
OUT PTDI_PROVIDER_INFO ProviderInfo
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Returns a provider information structure corresponding to the
|
|
specified TDI transport provider.
|
|
|
|
Arguments:
|
|
|
|
TransportDeviceName - the name of the TDI transport provider.
|
|
ProviderInfo - buffer to place provider info into
|
|
|
|
Return Value:
|
|
|
|
STATUS_SUCCESS - returned transport info is valid.
|
|
STATUS_OBJECT_NAME_NOT_FOUND - transport's device is not available yet
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
HANDLE controlChannel;
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
IO_STATUS_BLOCK iosb;
|
|
TDI_REQUEST_KERNEL_QUERY_INFORMATION kernelQueryInfo;
|
|
|
|
|
|
PAGED_CODE ();
|
|
|
|
//
|
|
// Set up the IRP stack location information to query the TDI
|
|
// provider information.
|
|
//
|
|
|
|
kernelQueryInfo.QueryType = TDI_QUERY_PROVIDER_INFORMATION;
|
|
kernelQueryInfo.RequestConnectionInformation = NULL;
|
|
|
|
//
|
|
// Open a control channel to the TDI provider.
|
|
// We ask to create a kernel handle which is
|
|
// the handle in the context of the system process
|
|
// so that application cannot close it on us while
|
|
// we are creating and referencing it.
|
|
//
|
|
|
|
InitializeObjectAttributes(
|
|
&objectAttributes,
|
|
TransportDeviceName,
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, // attributes
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
status = IoCreateFile(
|
|
&controlChannel,
|
|
MAXIMUM_ALLOWED,
|
|
&objectAttributes,
|
|
&iosb, // returned status information.
|
|
0, // block size (unused).
|
|
0, // file attributes.
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
FILE_CREATE, // create disposition.
|
|
0, // create options.
|
|
NULL, // eaInfo
|
|
0, // eaLength
|
|
CreateFileTypeNone, // CreateFileType
|
|
NULL, // ExtraCreateParameters
|
|
IO_FORCE_ACCESS_CHECK // Options
|
|
| IO_NO_PARAMETER_CHECKING
|
|
);
|
|
if ( NT_SUCCESS(status) ) {
|
|
|
|
PFILE_OBJECT controlObject;
|
|
|
|
status = ObReferenceObjectByHandle (
|
|
controlChannel, // Handle
|
|
MAXIMUM_ALLOWED, // DesiredAccess
|
|
*IoFileObjectType, // ObjectType
|
|
KernelMode, // AccessMode
|
|
(PVOID *)&controlObject, // Object,
|
|
NULL // HandleInformation
|
|
);
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
|
|
//
|
|
// Get the TDI provider information for the transport.
|
|
//
|
|
|
|
status = AfdIssueDeviceControl(
|
|
controlObject,
|
|
&kernelQueryInfo,
|
|
sizeof(kernelQueryInfo),
|
|
ProviderInfo,
|
|
sizeof(*ProviderInfo),
|
|
TDI_QUERY_INFORMATION
|
|
);
|
|
|
|
ObDereferenceObject (controlObject);
|
|
}
|
|
|
|
ZwClose( controlChannel );
|
|
}
|
|
|
|
if (!NT_SUCCESS (status)) {
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_WARNING_LEVEL,
|
|
"AfdQueryProviderInfo:"
|
|
"Transport %*ls failed provider info query with status %lx.\n",
|
|
TransportDeviceName->Length/2, TransportDeviceName->Buffer, status));
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
|
|
|
|
BOOLEAN
|
|
AfdCancelIrp (
|
|
IN PIRP Irp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to cancel an individual I/O Request Packet.
|
|
It is similiar to IoCancelIrp() except that it *must* be called with
|
|
the cancel spin lock held. This routine exists because of the
|
|
synchronization requirements of the cancellation/completion of
|
|
transmit IRPs.
|
|
|
|
Arguments:
|
|
|
|
Irp - Supplies a pointer to the IRP to be cancelled. The CancelIrql
|
|
field of the IRP must have been correctly initialized with the
|
|
IRQL from the cancel spin lock acquisition.
|
|
|
|
|
|
Return Value:
|
|
|
|
The function value is TRUE if the IRP was in a cancellable state (it
|
|
had a cancel routine), else FALSE is returned.
|
|
|
|
Notes:
|
|
|
|
It is assumed that the caller has taken the necessary action to ensure
|
|
that the packet cannot be fully completed before invoking this routine.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDRIVER_CANCEL cancelRoutine;
|
|
|
|
//
|
|
// Make sure that the cancel spin lock is held.
|
|
//
|
|
|
|
ASSERT( KeGetCurrentIrql( ) == DISPATCH_LEVEL );
|
|
|
|
//
|
|
// Set the cancel flag in the IRP.
|
|
//
|
|
|
|
Irp->Cancel = TRUE;
|
|
|
|
//
|
|
// Obtain the address of the cancel routine, and if one was specified,
|
|
// invoke it.
|
|
//
|
|
|
|
cancelRoutine = IoSetCancelRoutine( Irp, NULL );
|
|
if (cancelRoutine) {
|
|
if (Irp->CurrentLocation > (CCHAR) (Irp->StackCount + 1)) {
|
|
KeBugCheckEx( CANCEL_STATE_IN_COMPLETED_IRP, (ULONG_PTR) Irp, 0, 0, 0 );
|
|
}
|
|
cancelRoutine( Irp->Tail.Overlay.CurrentStackLocation->DeviceObject,
|
|
Irp );
|
|
//
|
|
// The cancel spinlock should have been released by the cancel routine.
|
|
//
|
|
|
|
return(TRUE);
|
|
|
|
} else {
|
|
|
|
//
|
|
// There was no cancel routine, so release the cancel spinlock and
|
|
// return indicating the Irp was not currently cancelable.
|
|
//
|
|
|
|
IoReleaseCancelSpinLock( Irp->CancelIrql );
|
|
|
|
return(FALSE);
|
|
}
|
|
|
|
} // AfdCancelIrp
|
|
|
|
|
|
VOID
|
|
AfdTrimLookaside (
|
|
PNPAGED_LOOKASIDE_LIST Lookaside
|
|
)
|
|
{
|
|
PVOID entry;
|
|
#if DBG
|
|
LONG count = 0;
|
|
#endif
|
|
|
|
while (ExQueryDepthSList (&(Lookaside->L.ListHead))>Lookaside->L.Depth*2) {
|
|
entry = InterlockedPopEntrySList(
|
|
&Lookaside->L.ListHead);
|
|
if (entry) {
|
|
#if DBG
|
|
count++;
|
|
#endif
|
|
(Lookaside->L.Free)(entry);
|
|
}
|
|
else {
|
|
break;
|
|
}
|
|
}
|
|
#if DBG
|
|
if (count>0) {
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_TRACE_LEVEL,
|
|
"AFD: Flushed %d items from lookaside list @ %p\n",
|
|
count, Lookaside));
|
|
}
|
|
#endif
|
|
}
|
|
|
|
|
|
VOID
|
|
AfdCheckLookasideLists (
|
|
IN PKDPC Dpc,
|
|
IN PVOID DeferredContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
{
|
|
LONG i;
|
|
ASSERT (Dpc==&AfdLookasideLists->Dpc);
|
|
ASSERT (DeferredContext==AfdLookasideLists);
|
|
for (i=0; i<AFD_NUM_LOOKASIDE_LISTS; i++) {
|
|
if (ExQueryDepthSList (&(AfdLookasideLists->List[i].L.ListHead)) >
|
|
AfdLookasideLists->List[i].L.Depth*2) {
|
|
if (AfdLookasideLists->TrimFlags & (1<<i)) {
|
|
AfdTrimLookaside (&AfdLookasideLists->List[i]);
|
|
AfdLookasideLists->TrimFlags &= (~(1<<i));
|
|
}
|
|
else {
|
|
AfdLookasideLists->TrimFlags |= (1<<i);
|
|
}
|
|
}
|
|
else if (AfdLookasideLists->TrimFlags & (1<<i)) {
|
|
AfdLookasideLists->TrimFlags &= (~(1<<i));
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
AfdLRListAddItem (
|
|
PAFD_LR_LIST_ITEM Item,
|
|
PAFD_LR_LIST_ROUTINE Routine
|
|
)
|
|
/*++
|
|
|
|
Adds item to low resource list and starts low resource timer if not already
|
|
started.
|
|
Arguments:
|
|
|
|
Item - item to add
|
|
Routine - routine to execute when timeout expires.
|
|
|
|
Return Value:
|
|
None
|
|
|
|
Notes:
|
|
|
|
--*/
|
|
|
|
{
|
|
LONG count;
|
|
Item->Routine = Routine;
|
|
InterlockedPushEntrySList (
|
|
&AfdLRList,
|
|
&Item->SListLink);
|
|
|
|
count = InterlockedIncrement (&AfdLRListCount);
|
|
ASSERT (count>0);
|
|
if (count==1) {
|
|
AfdLRStartTimer ();
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
AfdLRListTimeout (
|
|
IN PKDPC Dpc,
|
|
IN PVOID DeferredContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
/*++
|
|
|
|
DPC routine for low resource list timer
|
|
Simply schedules worker thread - do not want to do low resource processing at DPC
|
|
--*/
|
|
{
|
|
AfdQueueWorkItem (AfdProcessLRList, &AfdLRListWorker);
|
|
}
|
|
|
|
VOID
|
|
AfdProcessLRList (
|
|
PVOID Param
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Processeses items on low resource list and reschedules processing
|
|
if unprocessed items remain (still failing to buffer data due to
|
|
low resource condition)
|
|
|
|
Arguments:
|
|
|
|
None
|
|
Return Value:
|
|
|
|
None
|
|
Notes:
|
|
|
|
--*/
|
|
{
|
|
PSINGLE_LIST_ENTRY localList, entry;
|
|
LONG count = 0;
|
|
|
|
PAGED_CODE ();
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AFD: Processing low resource list: %ld entries\n",
|
|
AfdLRListCount));
|
|
|
|
//
|
|
// Flush the list
|
|
//
|
|
localList = InterlockedFlushSList (&AfdLRList);
|
|
|
|
|
|
//
|
|
// Reverse it to preserve order of processing (FIFO).
|
|
//
|
|
entry = NULL;
|
|
while (localList!=NULL) {
|
|
PSINGLE_LIST_ENTRY next;
|
|
next = localList->Next;
|
|
localList->Next = entry;
|
|
entry = localList;
|
|
localList = next;
|
|
}
|
|
|
|
localList = entry;
|
|
while (localList!=NULL) {
|
|
PAFD_LR_LIST_ITEM item;
|
|
entry = localList;
|
|
localList = localList->Next;
|
|
item = CONTAINING_RECORD (entry, AFD_LR_LIST_ITEM, SListLink);
|
|
|
|
//
|
|
// Try to restart receive processing on connection where buffer allocation failed
|
|
//
|
|
if (item->Routine (item)) {
|
|
//
|
|
// Success, decrement number of items outstanding,
|
|
// and note current number of items. If we did not empty
|
|
// the list, we'll have to restart the timer.
|
|
//
|
|
count = InterlockedDecrement (&AfdLRListCount);
|
|
ASSERT (count>=0);
|
|
}
|
|
else {
|
|
//
|
|
// Failure, put it back on the list. Note, that we have at list one
|
|
// item there and thus have to restart the timer again.
|
|
//
|
|
InterlockedPushEntrySList (&AfdLRList, &item->SListLink);
|
|
count = 1;
|
|
}
|
|
}
|
|
|
|
if (count!=0) {
|
|
//
|
|
// We did not empty the list, so restart the timer.
|
|
//
|
|
AfdLRStartTimer ();
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
AfdLRStartTimer (
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Start low resource timer to retry receive operation on connections
|
|
that could not buffer data due to low reaource condition.
|
|
Arguments:
|
|
|
|
None
|
|
Return Value:
|
|
|
|
None
|
|
Notes:
|
|
|
|
--*/
|
|
|
|
{
|
|
LARGE_INTEGER timeout;
|
|
BOOLEAN res;
|
|
timeout.QuadPart = -50000000i64; // 5 seconds
|
|
|
|
#if DBG
|
|
{
|
|
TIME_FIELDS timeFields;
|
|
LARGE_INTEGER currentTime;
|
|
LARGE_INTEGER localTime;
|
|
|
|
KeQuerySystemTime (¤tTime);
|
|
currentTime.QuadPart -= timeout.QuadPart;
|
|
ExSystemTimeToLocalTime (¤tTime, &localTime);
|
|
RtlTimeToTimeFields (&localTime, &timeFields);
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_INFO_LEVEL,
|
|
"AFD: Scheduling low resource timer for %2.2d:%2.2d:%2.2d\n",
|
|
timeFields.Hour,
|
|
timeFields.Minute,
|
|
timeFields.Second));
|
|
}
|
|
#endif
|
|
|
|
KeInitializeDpc(
|
|
&AfdLRListDpc,
|
|
AfdLRListTimeout,
|
|
&AfdLRList
|
|
);
|
|
|
|
KeInitializeTimer( &AfdLRListTimer );
|
|
|
|
res = KeSetTimer(
|
|
&AfdLRListTimer,
|
|
timeout,
|
|
&AfdLRListDpc
|
|
);
|
|
ASSERT (res==FALSE);
|
|
|
|
}
|
|
|
|
|
|
#ifdef _AFD_VERIFY_DATA_
|
|
|
|
VOID
|
|
AfdVerifyBuffer (
|
|
PAFD_CONNECTION Connection,
|
|
PVOID Buffer,
|
|
ULONG Length
|
|
)
|
|
{
|
|
|
|
if (Connection->VerifySequenceNumber!=0) {
|
|
PUCHAR start, end;
|
|
ULONGLONG seq;
|
|
|
|
for (start=Buffer,
|
|
end = (PUCHAR)Buffer+Length,
|
|
seq = Connection->VerifySequenceNumber-1;
|
|
start<end;
|
|
seq++, start++) {
|
|
ULONG num = (ULONG)(seq/4);
|
|
ULONG byte = (ULONG)(seq%4);
|
|
|
|
if (*start!=(UCHAR)(num>>(byte*8))) {
|
|
DbgPrint ("AfdVerifyBuffer: Data sequence number mismatch on connection %p:\n"
|
|
" data buffer-%p, offset-%lx, expected-%2.2lx, got-%2.2lx.\n",
|
|
Connection,
|
|
Buffer,
|
|
start-(PUCHAR)Buffer,
|
|
(UCHAR)(num>>(byte*8)),
|
|
*start);
|
|
|
|
DbgBreakPoint ();
|
|
//
|
|
// Disable verification to continue.
|
|
//
|
|
Connection->VerifySequenceNumber = 0;
|
|
return;
|
|
}
|
|
}
|
|
Connection->VerifySequenceNumber = seq+1;
|
|
}
|
|
}
|
|
|
|
VOID
|
|
AfdVerifyMdl (
|
|
PAFD_CONNECTION Connection,
|
|
PMDL Mdl,
|
|
ULONG Offset,
|
|
ULONG Length
|
|
) {
|
|
if (Connection->VerifySequenceNumber!=0) {
|
|
while (Mdl!=NULL) {
|
|
if (Offset>=MmGetMdlByteCount (Mdl)) {
|
|
Offset-=MmGetMdlByteCount (Mdl);
|
|
}
|
|
else if (Length<=MmGetMdlByteCount (Mdl)-Offset) {
|
|
AfdVerifyBuffer (Connection,
|
|
(PUCHAR)MmGetSystemAddressForMdl (Mdl)+Offset,
|
|
Length);
|
|
break;
|
|
}
|
|
else {
|
|
AfdVerifyBuffer (Connection,
|
|
(PUCHAR)MmGetSystemAddressForMdl (Mdl)+Offset,
|
|
MmGetMdlByteCount (Mdl)-Offset
|
|
);
|
|
Length-=(MmGetMdlByteCount (Mdl)-Offset);
|
|
Offset = 0;
|
|
}
|
|
Mdl = Mdl->Next;
|
|
}
|
|
}
|
|
}
|
|
|
|
ULONG AfdVerifyType = 0;
|
|
ULONG AfdVerifyPort = 0;
|
|
PEPROCESS AfdVerifyProcess = NULL;
|
|
|
|
VOID
|
|
AfdVerifyAddress (
|
|
PAFD_CONNECTION Connection,
|
|
PTRANSPORT_ADDRESS Address
|
|
)
|
|
{
|
|
Connection->VerifySequenceNumber = 0;
|
|
|
|
if ((AfdVerifyPort==0) ||
|
|
((AfdVerifyProcess!=NULL) &&
|
|
(AfdVerifyProcess!=Connection->OwningProcess)) ||
|
|
((AfdVerifyType!=0) &&
|
|
(AfdVerifyType!=(USHORT)Address->Address[0].AddressType))
|
|
) {
|
|
return;
|
|
}
|
|
|
|
switch (Address->Address[0].AddressType) {
|
|
case TDI_ADDRESS_TYPE_IP : {
|
|
|
|
TDI_ADDRESS_IP UNALIGNED * ip;
|
|
|
|
ip = (PVOID)&Address->Address[0].Address[0];
|
|
if (ip->sin_port!=(USHORT)AfdVerifyPort) {
|
|
return;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case TDI_ADDRESS_TYPE_IPX : {
|
|
|
|
TDI_ADDRESS_IPX UNALIGNED * ipx;
|
|
|
|
ipx = (PVOID)&Address->Address[0].Address[0];
|
|
if (ipx->Socket!=(USHORT)AfdVerifyPort) {
|
|
return;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case TDI_ADDRESS_TYPE_APPLETALK : {
|
|
|
|
TDI_ADDRESS_APPLETALK UNALIGNED * atalk;
|
|
|
|
atalk = (PVOID)&Address->Address[0].Address[0];
|
|
if (atalk->Socket!=(UCHAR)AfdVerifyPort) {
|
|
return;
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
if (AfdVerifyType==0)
|
|
return;
|
|
DbgPrint ("AfdVerifyAddress: connection-%8.8lx, addres-%8.8lx\n",
|
|
Connection, Address);
|
|
DbgBreakPoint ();
|
|
|
|
}
|
|
|
|
Connection->VerifySequenceNumber = 1;
|
|
}
|
|
#endif // _AFD_VERIFY_DATA_
|
|
|
|
LONG
|
|
AfdExceptionFilter(
|
|
#if DBG
|
|
PCHAR SourceFile,
|
|
LONG LineNumber,
|
|
#endif
|
|
PEXCEPTION_POINTERS ExceptionPointers,
|
|
PNTSTATUS ExceptionCode
|
|
)
|
|
{
|
|
|
|
|
|
PAGED_CODE ();
|
|
|
|
//
|
|
// Return exception code and translate alignment warnings into
|
|
// alignment errors if requested.
|
|
//
|
|
|
|
if (ExceptionCode) {
|
|
*ExceptionCode = ExceptionPointers->ExceptionRecord->ExceptionCode;
|
|
if (*ExceptionCode == STATUS_DATATYPE_MISALIGNMENT) {
|
|
*ExceptionCode = STATUS_DATATYPE_MISALIGNMENT_ERROR;
|
|
}
|
|
}
|
|
|
|
#if DBG
|
|
//
|
|
// Protect ourselves in case the process is totally messed up.
|
|
//
|
|
|
|
try {
|
|
|
|
PCHAR fileName;
|
|
//
|
|
// Strip off the path from the source file.
|
|
//
|
|
|
|
fileName = strrchr( SourceFile, '\\' );
|
|
|
|
if( fileName == NULL ) {
|
|
fileName = SourceFile;
|
|
} else {
|
|
fileName++;
|
|
}
|
|
|
|
//
|
|
// Whine about the exception.
|
|
//
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_WARNING_LEVEL,
|
|
"AfdExceptionFilter: exception %08lx @ %08lx, caught in %s:%d\n",
|
|
ExceptionPointers->ExceptionRecord->ExceptionCode,
|
|
ExceptionPointers->ExceptionRecord->ExceptionAddress,
|
|
fileName,
|
|
LineNumber
|
|
));
|
|
|
|
}
|
|
except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
|
|
//
|
|
// Not much we can do here...
|
|
//
|
|
|
|
NOTHING;
|
|
|
|
}
|
|
#endif //DBG
|
|
|
|
return EXCEPTION_EXECUTE_HANDLER;
|
|
|
|
} // AfdExceptionFilter
|
|
|
|
#if DBG
|
|
LONG
|
|
AfdApcExceptionFilter(
|
|
PEXCEPTION_POINTERS ExceptionPointers,
|
|
PCHAR SourceFile,
|
|
LONG LineNumber
|
|
)
|
|
{
|
|
|
|
PCHAR fileName;
|
|
|
|
PAGED_CODE ();
|
|
|
|
//
|
|
// Protect ourselves in case the process is totally messed up.
|
|
//
|
|
|
|
try {
|
|
|
|
//
|
|
// Strip off the path from the source file.
|
|
//
|
|
|
|
fileName = strrchr( SourceFile, '\\' );
|
|
|
|
if( fileName == NULL ) {
|
|
fileName = SourceFile;
|
|
} else {
|
|
fileName++;
|
|
}
|
|
|
|
//
|
|
// Whine about the exception.
|
|
//
|
|
|
|
KdPrintEx(( DPFLTR_WSOCKTRANSPORT_ID, DPFLTR_ERROR_LEVEL,
|
|
"AfdApcExceptionFilter: exception %08lx, exr:%p cxr:%p, caught in %s:%d\n",
|
|
ExceptionPointers->ExceptionRecord->ExceptionCode,
|
|
ExceptionPointers->ExceptionRecord,
|
|
ExceptionPointers->ContextRecord,
|
|
fileName,
|
|
LineNumber
|
|
));
|
|
DbgBreakPoint ();
|
|
|
|
}
|
|
except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
|
|
//
|
|
// Not much we can do here...
|
|
//
|
|
|
|
NOTHING;
|
|
|
|
}
|
|
|
|
return EXCEPTION_CONTINUE_SEARCH;
|
|
|
|
} // AfdApcExceptionFilter
|
|
#endif
|