Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1370 lines
34 KiB

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
obcreate.c
Abstract:
Object creation
Author:
Steve Wood (stevewo) 31-Mar-1989
Revision History:
--*/
#include "obp.h"
#undef ObCreateObject
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, ObCreateObject)
#pragma alloc_text(PAGE, ObpCaptureObjectCreateInformation)
#pragma alloc_text(PAGE, ObpCaptureObjectName)
#pragma alloc_text(PAGE, ObpAllocateObjectNameBuffer)
#pragma alloc_text(PAGE, ObpFreeObjectNameBuffer)
#pragma alloc_text(PAGE, ObDeleteCapturedInsertInfo)
#pragma alloc_text(PAGE, ObpAllocateObject)
#pragma alloc_text(PAGE, ObpFreeObject)
#pragma alloc_text(PAGE, ObFreeObjectCreateInfoBuffer)
#endif
#if DBG
BOOLEAN ObWatchHandles = FALSE;
//
// The following variable is only used on a checked build to control
// echoing out the allocs and frees of objects
//
BOOLEAN ObpShowAllocAndFree;
#else
const BOOLEAN ObWatchHandles = FALSE;
#endif
//
// Local performance counters
//
#if DBG
ULONG ObpObjectsCreated;
ULONG ObpObjectsWithPoolQuota;
ULONG ObpObjectsWithHandleDB;
ULONG ObpObjectsWithName;
ULONG ObpObjectsWithCreatorInfo;
#endif // DBG
C_ASSERT ( (FIELD_OFFSET (OBJECT_HEADER, Body) % MEMORY_ALLOCATION_ALIGNMENT) == 0 );
C_ASSERT ( (sizeof (OBJECT_HEADER_CREATOR_INFO) % MEMORY_ALLOCATION_ALIGNMENT) == 0 );
C_ASSERT ( (sizeof (OBJECT_HEADER_NAME_INFO) % MEMORY_ALLOCATION_ALIGNMENT) == 0 );
C_ASSERT ( (sizeof (OBJECT_HEADER_QUOTA_INFO) % MEMORY_ALLOCATION_ALIGNMENT) == 0 );
NTSTATUS
ObCreateObject (
IN KPROCESSOR_MODE ProbeMode,
IN POBJECT_TYPE ObjectType,
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE OwnershipMode,
IN OUT PVOID ParseContext OPTIONAL,
IN ULONG ObjectBodySize,
IN ULONG PagedPoolCharge,
IN ULONG NonPagedPoolCharge,
OUT PVOID *Object
)
/*++
Routine Description:
This functions allocates space for an NT Object from either
Paged or NonPaged pool. It captures the optional name and
SECURITY_DESCRIPTOR parameters for later use when the object is
inserted into an object table. No quota is charged at this time.
That occurs when the object is inserted into an object table.
Arguments:
ProbeMode - The processor mode to consider when doing a probe
of the input parameters
ObjectType - A pointer of the type returned by ObCreateObjectType
that gives the type of object being created.
ObjectAttributes - Optionally supplies the attributes of the object
being created (such as its name)
OwnershipMode - The processor mode of who is going to own the object
ParseContext - Ignored
ObjectBodySize - Number of bytes to allocate for the object body. The
object body immediately follows the object header in memory and are
part of a single allocation.
PagedPoolCharge - Supplies the amount of paged pool to charge for the
object. If zero is specified then the default charge for the object
type is used.
NonPagedPoolCharge - Supplies the amount of nonpaged pool to charge for
the object. If zero is specified then the default charge for the
object type is used.
Object - Receives a pointer to the newly created object
Return Value:
Following errors can occur:
- invalid object type
- insufficient memory
--*/
{
UNICODE_STRING CapturedObjectName;
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
POBJECT_HEADER ObjectHeader;
NTSTATUS Status;
PAGED_CODE();
//
// Allocate a buffer to capture the object creation information.
//
ObjectCreateInfo = ObpAllocateObjectCreateInfoBuffer();
if (ObjectCreateInfo == NULL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
} else {
//
// Capture the object attributes, quality of service, and object
// name, if specified. Otherwise, initialize the captured object
// name, the security quality of service, and the create attributes
// to default values.
//
Status = ObpCaptureObjectCreateInformation( ObjectType,
ProbeMode,
OwnershipMode,
ObjectAttributes,
&CapturedObjectName,
ObjectCreateInfo,
FALSE );
if (NT_SUCCESS(Status)) {
//
// If the creation attributes are invalid, then return an error
// status.
//
if (ObjectType->TypeInfo.InvalidAttributes & ObjectCreateInfo->Attributes) {
Status = STATUS_INVALID_PARAMETER;
} else {
//
// Set the paged and nonpaged pool quota charges for the
// object allocation.
//
if (PagedPoolCharge == 0) {
PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
}
if (NonPagedPoolCharge == 0) {
NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
}
ObjectCreateInfo->PagedPoolCharge = PagedPoolCharge;
ObjectCreateInfo->NonPagedPoolCharge = NonPagedPoolCharge;
//
// Allocate and initialize the object.
//
Status = ObpAllocateObject( ObjectCreateInfo,
OwnershipMode,
ObjectType,
&CapturedObjectName,
ObjectBodySize,
&ObjectHeader );
if (NT_SUCCESS(Status)) {
//
// If a permanent object is being created, then check if
// the caller has the appropriate privilege.
//
*Object = &ObjectHeader->Body;
if (ObjectHeader->Flags & OB_FLAG_PERMANENT_OBJECT) {
if (!SeSinglePrivilegeCheck( SeCreatePermanentPrivilege,
ProbeMode)) {
ObpFreeObject(*Object);
Status = STATUS_PRIVILEGE_NOT_HELD;
}
}
#ifdef POOL_TAGGING
if (ObpTraceEnabled && NT_SUCCESS(Status)) {
//
// Register the object and push stack information for the
// first reference
//
ObpRegisterObject( ObjectHeader );
ObpPushStackInfo( ObjectHeader, TRUE );
}
#endif //POOL_TAGGING
//
// Here is the only successful path out of this module but
// this path can also return privilege not held. In the
// error case, all the resources have already been freed
// by ObpFreeObject.
//
return Status;
}
}
//
// An error path, free the create information.
//
ObpReleaseObjectCreateInformation(ObjectCreateInfo);
if (CapturedObjectName.Buffer != NULL) {
ObpFreeObjectNameBuffer(&CapturedObjectName);
}
}
//
// An error path, free object creation information buffer.
//
ObpFreeObjectCreateInfoBuffer(ObjectCreateInfo);
}
//
// An error path
//
return Status;
}
NTSTATUS
ObpCaptureObjectCreateInformation (
IN POBJECT_TYPE ObjectType OPTIONAL,
IN KPROCESSOR_MODE ProbeMode,
IN KPROCESSOR_MODE CreatorMode,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN OUT PUNICODE_STRING CapturedObjectName,
IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
IN LOGICAL UseLookaside
)
/*++
Routine Description:
This function captures the object creation information and stuff
it into the input variable ObjectCreateInfo
Arguments:
ObjectType - Specifies the type of object we expect to capture,
currently ignored.
ProbeMode - Specifies the processor mode for doing our parameter
probes
CreatorMode - Specifies the mode the object is being created for
ObjectAttributes - Supplies the object attributes we are trying
to capture
CapturedObjectName - Recieves the name of the object being created
ObjectCreateInfo - Receives the create information for the object
like its root, attributes, and security information
UseLookaside - Specifies if we are to allocate the captured name
buffer from the lookaside list or from straight pool.
Return Value:
An appropriate status value
--*/
{
PUNICODE_STRING ObjectName;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
NTSTATUS Status;
ULONG Size;
PAGED_CODE();
//
// Capture the object attributes, the security quality of service, if
// specified, and object name, if specified.
//
Status = STATUS_SUCCESS;
RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION));
try {
if (ARGUMENT_PRESENT(ObjectAttributes)) {
//
// Probe the object attributes if necessary.
//
if (ProbeMode != KernelMode) {
ProbeForReadSmallStructure( ObjectAttributes,
sizeof(OBJECT_ATTRIBUTES),
sizeof(ULONG_PTR) );
}
if (ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES) ||
(ObjectAttributes->Attributes & ~OBJ_VALID_ATTRIBUTES)) {
Status = STATUS_INVALID_PARAMETER;
goto failureExit;
}
//
// Capture the object attributes.
//
ObjectCreateInfo->RootDirectory = ObjectAttributes->RootDirectory;
ObjectCreateInfo->Attributes = ObjectAttributes->Attributes & OBJ_VALID_ATTRIBUTES;
//
// Remove privileged option if passed in from user mode
//
if (CreatorMode != KernelMode) {
ObjectCreateInfo->Attributes &= ~OBJ_KERNEL_HANDLE;
} else if (ObWatchHandles) {
if ((ObjectCreateInfo->Attributes&OBJ_KERNEL_HANDLE) == 0 &&
PsGetCurrentProcess() != PsInitialSystemProcess) {
DbgBreakPoint ();
}
}
ObjectName = ObjectAttributes->ObjectName;
SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
SecurityQos = ObjectAttributes->SecurityQualityOfService;
if (ARGUMENT_PRESENT(SecurityDescriptor)) {
Status = SeCaptureSecurityDescriptor( SecurityDescriptor,
ProbeMode,
PagedPool,
TRUE,
&ObjectCreateInfo->SecurityDescriptor );
if (!NT_SUCCESS(Status)) {
KdPrint(( "OB: Failed to capture security descriptor at %08x - Status == %08x\n",
SecurityDescriptor,
Status) );
//
// The cleanup routine depends on this being NULL if it isn't
// allocated. SeCaptureSecurityDescriptor may modify this
// parameter even if it fails.
//
ObjectCreateInfo->SecurityDescriptor = NULL;
goto failureExit;
}
SeComputeQuotaInformationSize( ObjectCreateInfo->SecurityDescriptor,
&Size );
ObjectCreateInfo->SecurityDescriptorCharge = SeComputeSecurityQuota( Size );
ObjectCreateInfo->ProbeMode = ProbeMode;
}
if (ARGUMENT_PRESENT(SecurityQos)) {
if (ProbeMode != KernelMode) {
ProbeForReadSmallStructure( SecurityQos, sizeof(*SecurityQos), sizeof(ULONG));
}
ObjectCreateInfo->SecurityQualityOfService = *SecurityQos;
ObjectCreateInfo->SecurityQos = &ObjectCreateInfo->SecurityQualityOfService;
}
} else {
ObjectName = NULL;
}
} except (ExSystemExceptionFilter()) {
Status = GetExceptionCode();
goto failureExit;
}
//
// If an object name is specified, then capture the object name.
// Otherwise, initialize the object name descriptor and check for
// an incorrectly specified root directory.
//
if (ARGUMENT_PRESENT(ObjectName)) {
Status = ObpCaptureObjectName( ProbeMode,
ObjectName,
CapturedObjectName,
UseLookaside );
} else {
CapturedObjectName->Buffer = NULL;
CapturedObjectName->Length = 0;
CapturedObjectName->MaximumLength = 0;
if (ARGUMENT_PRESENT(ObjectCreateInfo->RootDirectory)) {
Status = STATUS_OBJECT_NAME_INVALID;
}
}
//
// If the completion status is not successful, and a security quality
// of service parameter was specified, then free the security quality
// of service memory.
//
failureExit:
if (!NT_SUCCESS(Status)) {
ObpReleaseObjectCreateInformation(ObjectCreateInfo);
}
return Status;
}
NTSTATUS
ObpCaptureObjectName (
IN KPROCESSOR_MODE ProbeMode,
IN PUNICODE_STRING ObjectName,
IN OUT PUNICODE_STRING CapturedObjectName,
IN LOGICAL UseLookaside
)
/*++
Routine Description:
This function captures the object name but first verifies that
it is at least properly sized.
Arguments:
ProbeMode - Supplies the processor mode to use when probing
the object name
ObjectName - Supplies the caller's version of the object name
CapturedObjectName - Receives the captured verified version
of the object name
UseLookaside - Indicates if the captured name buffer should be
allocated from the lookaside list or from straight pool
Return Value:
An appropriate status value
--*/
{
PWCH FreeBuffer;
UNICODE_STRING InputObjectName;
ULONG Length;
NTSTATUS Status;
PAGED_CODE();
//
// Initialize the object name descriptor and capture the specified name
// string.
//
CapturedObjectName->Buffer = NULL;
CapturedObjectName->Length = 0;
CapturedObjectName->MaximumLength = 0;
Status = STATUS_SUCCESS;
try {
//
// Probe and capture the name string descriptor and probe the
// name string, if necessary.
//
FreeBuffer = NULL;
if (ProbeMode != KernelMode) {
InputObjectName = ProbeAndReadUnicodeString(ObjectName);
ProbeForRead( InputObjectName.Buffer,
InputObjectName.Length,
sizeof(WCHAR) );
} else {
InputObjectName = *ObjectName;
}
//
// If the length of the string is not zero, then capture the string.
//
if (InputObjectName.Length != 0) {
//
// If the length of the string is not an even multiple of the
// size of a UNICODE character or cannot be zero terminated,
// then return an error.
//
Length = InputObjectName.Length;
if (((Length & (sizeof(WCHAR) - 1)) != 0) ||
(Length == (MAXUSHORT - sizeof(WCHAR) + 1))) {
Status = STATUS_OBJECT_NAME_INVALID;
} else {
//
// Allocate a buffer for the specified name string.
//
// N.B. The name buffer allocation routine adds one
// UNICODE character to the length and initializes
// the string descriptor.
//
FreeBuffer = ObpAllocateObjectNameBuffer( Length,
UseLookaside,
CapturedObjectName );
if (FreeBuffer == NULL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
} else {
//
// Copy the specified name string to the destination
// buffer.
//
RtlCopyMemory(FreeBuffer, InputObjectName.Buffer, Length);
//
// Zero terminate the name string and initialize the
// string descriptor.
//
FreeBuffer[Length / sizeof(WCHAR)] = UNICODE_NULL;
}
}
}
} except(ExSystemExceptionFilter()) {
Status = GetExceptionCode();
if (FreeBuffer != NULL) {
ExFreePool(FreeBuffer);
}
}
return Status;
}
PWCHAR
ObpAllocateObjectNameBuffer (
IN ULONG Length,
IN LOGICAL UseLookaside,
IN OUT PUNICODE_STRING ObjectName
)
/*++
Routine Description:
This function allocates an object name buffer.
N.B. This function is nonpageable.
Arguments:
Length - Supplies the length of the required buffer in bytes.
UseLookaside - Supplies a logical variable that determines whether an
attempt is made to allocate the name buffer from the lookaside list.
ObjectName - Supplies a pointer to a name buffer string descriptor.
Return Value:
If the allocation is successful, then name buffer string descriptor
is initialized and the address of the name buffer is returned as the
function value. Otherwise, a value of NULL is returned.
--*/
{
PVOID Buffer;
ULONG Maximum;
KIRQL OldIrql;
PKPRCB Prcb;
//
// If allocation from the lookaside lists is specified and the buffer
// size is less than the size of lookaside list entries, then attempt
// to allocate the name buffer from the lookaside lists. Otherwise,
// attempt to allocate the name buffer from nonpaged pool.
//
Maximum = Length + sizeof(WCHAR);
if ((UseLookaside == FALSE) || (Maximum > OBJECT_NAME_BUFFER_SIZE)) {
//
// Attempt to allocate the buffer from nonpaged pool.
//
Buffer = ExAllocatePoolWithTag( OB_NAMESPACE_POOL_TYPE , Maximum, 'mNbO' );
} else {
//
// Attempt to allocate the name buffer from the lookaside list. If
// the allocation attempt fails, then attempt to allocate the name
// buffer from pool.
//
Maximum = OBJECT_NAME_BUFFER_SIZE;
Buffer = ExAllocateFromPPLookasideList(LookasideNameBufferList);
}
//
// Initialize the string descriptor and return the buffer address.
//
ObjectName->Length = (USHORT)Length;
ObjectName->MaximumLength = (USHORT)Maximum;
ObjectName->Buffer = Buffer;
return (PWCHAR)Buffer;
}
VOID
FASTCALL
ObpFreeObjectNameBuffer (
OUT PUNICODE_STRING ObjectName
)
/*++
Routine Description:
This function frees an object name buffer.
N.B. This function is nonpageable.
Arguments:
ObjectName - Supplies a pointer to a name buffer string descriptor.
Return Value:
None.
--*/
{
PVOID Buffer;
KIRQL OldIrql;
PKPRCB Prcb;
//
// If the size of the buffer is not equal to the size of lookaside list
// entries, then free the buffer to pool. Otherwise, free the buffer to
// the lookaside list.
//
Buffer = ObjectName->Buffer;
if (ObjectName->MaximumLength != OBJECT_NAME_BUFFER_SIZE) {
ExFreePool(Buffer);
} else {
ExFreeToPPLookasideList(LookasideNameBufferList, Buffer);
}
return;
}
NTKERNELAPI
VOID
ObDeleteCapturedInsertInfo (
IN PVOID Object
)
/*++
Routine Description:
This function frees the creation information that could be pointed at
by the object header.
Arguments:
Object - Supplies the object being modified
Return Value:
None.
--*/
{
POBJECT_HEADER ObjectHeader;
PAGED_CODE();
//
// Get the address of the object header and free the object create
// information object if the object is being created.
//
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
if (ObjectHeader->Flags & OB_FLAG_NEW_OBJECT) {
if (ObjectHeader->ObjectCreateInfo != NULL) {
ObpFreeObjectCreateInformation(ObjectHeader->ObjectCreateInfo);
ObjectHeader->ObjectCreateInfo = NULL;
}
}
return;
}
NTSTATUS
ObpAllocateObject (
IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
IN KPROCESSOR_MODE OwnershipMode,
IN POBJECT_TYPE ObjectType OPTIONAL,
IN PUNICODE_STRING ObjectName,
IN ULONG ObjectBodySize,
OUT POBJECT_HEADER *ReturnedObjectHeader
)
/*++
Routine Description:
This routine allocates a new object including the object header
and body from pool and fill in the appropriate fields.
Arguments:
ObjectCreateInfo - Supplies the create information for the new object
OwnershipMode - Supplies the processor mode of who is going to own
the object
ObjectType - Optionally supplies the object type of the object being
created. If the object create info not null then this field must
be supplied.
ObjectName - Supplies the name of the object being created
ObjectBodySize - Specifies the size, in bytes, of the body of the object
being created
ReturnedObjectHeader - Receives a pointer to the object header for the
newly created objet.
Return Value:
An appropriate status value.
--*/
{
ULONG HeaderSize;
POBJECT_HEADER ObjectHeader;
NTSTATUS Status;
PVOID ZoneSegment;
ULONG QuotaInfoSize;
ULONG HandleInfoSize;
ULONG NameInfoSize;
ULONG CreatorInfoSize;
POBJECT_HEADER_QUOTA_INFO QuotaInfo;
POBJECT_HEADER_HANDLE_INFO HandleInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
POOL_TYPE PoolType;
PAGED_CODE();
#if DBG
ObpObjectsCreated += 1;
#endif // DBG
//
// Compute the sizes of the optional object header components.
//
if (ObjectCreateInfo == NULL) {
QuotaInfoSize = 0;
HandleInfoSize = 0;
NameInfoSize = sizeof( OBJECT_HEADER_NAME_INFO );
CreatorInfoSize = sizeof( OBJECT_HEADER_CREATOR_INFO );
} else {
//
// The caller specified some additional object create info
//
// First check to see if we need to set the quota
//
if (((ObjectCreateInfo->PagedPoolCharge != ObjectType->TypeInfo.DefaultPagedPoolCharge ||
ObjectCreateInfo->NonPagedPoolCharge != ObjectType->TypeInfo.DefaultNonPagedPoolCharge ||
ObjectCreateInfo->SecurityDescriptorCharge > SE_DEFAULT_SECURITY_QUOTA) &&
PsGetCurrentProcess() != PsInitialSystemProcess) ||
(ObjectCreateInfo->Attributes & OBJ_EXCLUSIVE)) {
QuotaInfoSize = sizeof( OBJECT_HEADER_QUOTA_INFO );
#if DBG
ObpObjectsWithPoolQuota += 1;
#endif // DBG
} else {
QuotaInfoSize = 0;
}
//
// Check if we are to allocate space to maintain handle counts
//
if (ObjectType->TypeInfo.MaintainHandleCount) {
HandleInfoSize = sizeof( OBJECT_HEADER_HANDLE_INFO );
#if DBG
ObpObjectsWithHandleDB += 1;
#endif // DBG
} else {
HandleInfoSize = 0;
}
//
// Check if we are to allocate space for the name
//
if (ObjectName->Buffer != NULL) {
NameInfoSize = sizeof( OBJECT_HEADER_NAME_INFO );
#if DBG
ObpObjectsWithName += 1;
#endif // DBG
} else {
NameInfoSize = 0;
}
//
// Finally check if we are to maintain the creator info
//
if (ObjectType->TypeInfo.MaintainTypeList) {
CreatorInfoSize = sizeof( OBJECT_HEADER_CREATOR_INFO );
#if DBG
ObpObjectsWithCreatorInfo += 1;
#endif // DBG
} else {
CreatorInfoSize = 0;
}
}
//
// Now compute the total header size
//
HeaderSize = QuotaInfoSize +
HandleInfoSize +
NameInfoSize +
CreatorInfoSize +
FIELD_OFFSET( OBJECT_HEADER, Body );
//
// Allocate and initialize the object.
//
// If the object type is not specified or specifies nonpaged pool,
// then allocate the object from nonpaged pool.
// Otherwise, allocate the object from paged pool.
//
if ((ObjectType == NULL) || (ObjectType->TypeInfo.PoolType == NonPagedPool)) {
PoolType = NonPagedPool;
} else {
PoolType = PagedPool;
}
ObjectHeader = ExAllocatePoolWithTag( PoolType,
HeaderSize + ObjectBodySize,
(ObjectType == NULL ? 'TjbO' : ObjectType->Key) |
PROTECTED_POOL );
if (ObjectHeader == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// Now based on if we are to put in the quota, handle, name, or creator info we
// will do the extra work. This order is very important because we rely on
// it to free the object.
//
if (QuotaInfoSize != 0) {
QuotaInfo = (POBJECT_HEADER_QUOTA_INFO)ObjectHeader;
QuotaInfo->PagedPoolCharge = ObjectCreateInfo->PagedPoolCharge;
QuotaInfo->NonPagedPoolCharge = ObjectCreateInfo->NonPagedPoolCharge;
QuotaInfo->SecurityDescriptorCharge = ObjectCreateInfo->SecurityDescriptorCharge;
QuotaInfo->ExclusiveProcess = NULL;
ObjectHeader = (POBJECT_HEADER)(QuotaInfo + 1);
}
if (HandleInfoSize != 0) {
HandleInfo = (POBJECT_HEADER_HANDLE_INFO)ObjectHeader;
HandleInfo->SingleEntry.HandleCount = 0;
ObjectHeader = (POBJECT_HEADER)(HandleInfo + 1);
}
if (NameInfoSize != 0) {
NameInfo = (POBJECT_HEADER_NAME_INFO)ObjectHeader;
NameInfo->Name = *ObjectName;
NameInfo->Directory = NULL;
NameInfo->QueryReferences = 1;
ObjectHeader = (POBJECT_HEADER)(NameInfo + 1);
}
if (CreatorInfoSize != 0) {
CreatorInfo = (POBJECT_HEADER_CREATOR_INFO)ObjectHeader;
CreatorInfo->CreatorBackTraceIndex = 0;
CreatorInfo->CreatorUniqueProcess = PsGetCurrentProcess()->UniqueProcessId;
InitializeListHead( &CreatorInfo->TypeList );
PERFINFO_ADD_OBJECT_TO_ALLOCATED_TYPE_LIST(CreatorInfo, ObjectType);
ObjectHeader = (POBJECT_HEADER)(CreatorInfo + 1);
}
//
// Compute the proper offsets based on what we have
//
if (QuotaInfoSize != 0) {
ObjectHeader->QuotaInfoOffset = (UCHAR)(QuotaInfoSize + HandleInfoSize + NameInfoSize + CreatorInfoSize);
} else {
ObjectHeader->QuotaInfoOffset = 0;
}
if (HandleInfoSize != 0) {
ObjectHeader->HandleInfoOffset = (UCHAR)(HandleInfoSize + NameInfoSize + CreatorInfoSize);
} else {
ObjectHeader->HandleInfoOffset = 0;
}
if (NameInfoSize != 0) {
ObjectHeader->NameInfoOffset = (UCHAR)(NameInfoSize + CreatorInfoSize);
} else {
ObjectHeader->NameInfoOffset = 0;
}
//
// Say that this is a new object, and conditionally set the other flags
//
ObjectHeader->Flags = OB_FLAG_NEW_OBJECT;
if (CreatorInfoSize != 0) {
ObjectHeader->Flags |= OB_FLAG_CREATOR_INFO;
}
if (HandleInfoSize != 0) {
ObjectHeader->Flags |= OB_FLAG_SINGLE_HANDLE_ENTRY;
}
//
// Set the counters and its type
//
ObjectHeader->PointerCount = 1;
ObjectHeader->HandleCount = 0;
ObjectHeader->Type = ObjectType;
//
// Initialize the object header.
//
// N.B. The initialization of the object header is done field by
// field rather than zeroing the memory and then initializing
// the pertinent fields.
//
// N.B. It is assumed that the caller will initialize the object
// attributes, object ownership, and parse context.
//
if (OwnershipMode == KernelMode) {
ObjectHeader->Flags |= OB_FLAG_KERNEL_OBJECT;
}
if (ObjectCreateInfo != NULL &&
ObjectCreateInfo->Attributes & OBJ_PERMANENT ) {
ObjectHeader->Flags |= OB_FLAG_PERMANENT_OBJECT;
}
if ((ObjectCreateInfo != NULL) &&
(ObjectCreateInfo->Attributes & OBJ_EXCLUSIVE)) {
ObjectHeader->Flags |= OB_FLAG_EXCLUSIVE_OBJECT;
}
ObjectHeader->ObjectCreateInfo = ObjectCreateInfo;
ObjectHeader->SecurityDescriptor = NULL;
if (ObjectType != NULL) {
ObjectType->TotalNumberOfObjects += 1;
if (ObjectType->TotalNumberOfObjects > ObjectType->HighWaterNumberOfObjects) {
ObjectType->HighWaterNumberOfObjects = ObjectType->TotalNumberOfObjects;
}
}
#if DBG
//
// On a checked build echo out allocs
//
if (ObpShowAllocAndFree) {
DbgPrint( "OB: Alloc %lx (%lx) %04lu", ObjectHeader, ObjectHeader, ObjectBodySize );
if (ObjectType) {
DbgPrint(" - %wZ\n", &ObjectType->Name );
} else {
DbgPrint(" - Type\n" );
}
}
#endif
*ReturnedObjectHeader = ObjectHeader;
return STATUS_SUCCESS;
}
VOID
FASTCALL
ObpFreeObject (
IN PVOID Object
)
/*++
Routine Description:
This routine undoes ObpAllocateObject. It returns the object back to free pool.
Arguments:
Object - Supplies a pointer to the body of the object being freed.
Return Value:
None.
--*/
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
POBJECT_HEADER_QUOTA_INFO QuotaInfo;
POBJECT_HEADER_HANDLE_INFO HandleInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
PVOID FreeBuffer;
ULONG NonPagedPoolCharge;
ULONG PagedPoolCharge;
PAGED_CODE();
//
// Get the address of the object header.
//
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
ObjectType = ObjectHeader->Type;
//
// Now from the header determine the start of the allocation. We need
// to backup based on what precedes the header. The order is very
// important and must be the inverse of that used by ObpAllocateObject
//
FreeBuffer = ObjectHeader;
CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO( ObjectHeader );
if (CreatorInfo != NULL) {
FreeBuffer = CreatorInfo;
}
NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader );
if (NameInfo != NULL) {
FreeBuffer = NameInfo;
}
HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO( ObjectHeader );
if (HandleInfo != NULL) {
FreeBuffer = HandleInfo;
}
QuotaInfo = OBJECT_HEADER_TO_QUOTA_INFO( ObjectHeader );
if (QuotaInfo != NULL) {
FreeBuffer = QuotaInfo;
}
#if DBG
//
// On a checked build echo out frees
//
if (ObpShowAllocAndFree) {
DbgPrint( "OB: Free %lx (%lx) - Type: %wZ\n", ObjectHeader, ObjectHeader, &ObjectType->Name );
}
#endif
//
// Decrement the number of objects of this type
//
ObjectType->TotalNumberOfObjects -= 1;
//
// Check where we were in the object initialization phase. This
// flag really only tests if we have charged quota for this object.
// This is because the object create info and the quota block charged
// are unioned together.
//
if (ObjectHeader->Flags & OB_FLAG_NEW_OBJECT) {
if (ObjectHeader->ObjectCreateInfo != NULL) {
ObpFreeObjectCreateInformation( ObjectHeader->ObjectCreateInfo );
ObjectHeader->ObjectCreateInfo = NULL;
}
} else {
if (ObjectHeader->QuotaBlockCharged != NULL) {
if (QuotaInfo != NULL) {
PagedPoolCharge = QuotaInfo->PagedPoolCharge +
QuotaInfo->SecurityDescriptorCharge;
NonPagedPoolCharge = QuotaInfo->NonPagedPoolCharge;
} else {
PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
if (ObjectHeader->Flags & OB_FLAG_DEFAULT_SECURITY_QUOTA ) {
PagedPoolCharge += SE_DEFAULT_SECURITY_QUOTA;
}
NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
}
PsReturnSharedPoolQuota( ObjectHeader->QuotaBlockCharged,
PagedPoolCharge,
NonPagedPoolCharge );
ObjectHeader->QuotaBlockCharged = NULL;
}
}
if ((HandleInfo != NULL) &&
((ObjectHeader->Flags & OB_FLAG_SINGLE_HANDLE_ENTRY) == 0)) {
//
// If a handle database has been allocated, then free the memory.
//
ExFreePool( HandleInfo->HandleCountDataBase );
HandleInfo->HandleCountDataBase = NULL;
}
//
// If a name string buffer has been allocated, then free the memory.
//
if (NameInfo != NULL && NameInfo->Name.Buffer != NULL) {
ExFreePool( NameInfo->Name.Buffer );
NameInfo->Name.Buffer = NULL;
}
PERFINFO_REMOVE_OBJECT_FROM_ALLOCATED_TYPE_LIST(CreatorInfo, ObjectHeader);
//
// Trash type field so we don't get far if we attempt to
// use a stale object pointer to this object.
//
// Sundown Note: trash it by zero-extended it.
// sign-extension will create a valid kernel address.
ObjectHeader->Type = UIntToPtr(0xBAD0B0B0);
ExFreePoolWithTag( FreeBuffer,
(ObjectType == NULL ? 'TjbO' : ObjectType->Key) |
PROTECTED_POOL );
return;
}
VOID
FASTCALL
ObFreeObjectCreateInfoBuffer (
IN POBJECT_CREATE_INFORMATION ObjectCreateInfo
)
/*++
Routine Description:
This function frees a create information buffer. Called from IO component
N.B. This function is nonpageable.
Arguments:
ObjectCreateInfo - Supplies a pointer to a create information buffer.
Return Value:
None.
--*/
{
ObpFreeObjectCreateInfoBuffer( ObjectCreateInfo );
return;
}