[PATCH 1/5] hidclass.sys: Avoid freeing pool memory with HeapFree().

List overview All Threads

newer

older

[PATCH] wininet: Use 64-bit size...

[PATCH 1/4] http.sys: New stub...

Zebediah Figura

22 Aug 2019 22 Aug '19

4:16 a.m.

Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/hidclass.sys/pnp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/hidclass.sys/pnp.c b/dlls/hidclass.sys/pnp.c index 30228055b7..676aa0b047 100644 --- a/dlls/hidclass.sys/pnp.c +++ b/dlls/hidclass.sys/pnp.c @@ -270,7 +270,7 @@ NTSTATUS WINAPI HID_PNP_Dispatch(DEVICE_OBJECT *device, IRP *irp) break; case BusQueryDeviceSerialNumber: FIXME("BusQueryDeviceSerialNumber not implemented\n"); - HeapFree(GetProcessHeap(), 0, id); + ExFreePool(id); break; } break;

-- 2.22.0

Show replies by date

Zebediah Figura

22 Aug 22 Aug

4:16 a.m.

New subject: [PATCH 2/5] ntoskrnl.exe: Allocate pool memory from an executable heap.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45843 Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 8 ++++++-- dlls/ntoskrnl.exe/tests/driver.c | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index b04e49eea7..745db57f99 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -78,6 +78,8 @@ static DWORD request_thread; /* tid of the client thread */ static DWORD client_tid;

+static HANDLE ntoskrnl_heap; + struct wine_driver { DRIVER_OBJECT driver_obj; @@ -2126,7 +2128,7 @@ PVOID WINAPI ExAllocatePoolWithQuota( POOL_TYPE type, SIZE_T size ) PVOID WINAPI ExAllocatePoolWithTag( POOL_TYPE type, SIZE_T size, ULONG tag ) { /* FIXME: handle page alignment constraints */ - void *ret = HeapAlloc( GetProcessHeap(), 0, size ); + void *ret = HeapAlloc( ntoskrnl_heap, 0, size ); TRACE( "%lu pool %u -> %p\n", size, type, ret ); return ret; } @@ -2168,7 +2170,7 @@ void WINAPI ExFreePool( void *ptr ) void WINAPI ExFreePoolWithTag( void *ptr, ULONG tag ) { TRACE( "%p\n", ptr ); - HeapFree( GetProcessHeap(), 0, ptr ); + HeapFree( ntoskrnl_heap, 0, ptr ); }

static void initialize_lookaside_list( GENERAL_LOOKASIDE *lookaside, PALLOCATE_FUNCTION allocate, PFREE_FUNCTION free, @@ -3195,9 +3197,11 @@ BOOL WINAPI DllMain( HINSTANCE inst, DWORD reason, LPVOID reserved ) #endif KeQueryTickCount( &count ); /* initialize the global KeTickCount */ NtBuildNumber = NtCurrentTeb()->Peb->OSBuildNumber; + ntoskrnl_heap = HeapCreate( HEAP_CREATE_ENABLE_EXECUTE, 0, 0 ); break; case DLL_PROCESS_DETACH: if (reserved) break; + HeapDestroy( ntoskrnl_heap ); RtlRemoveVectoredExceptionHandler( handler ); break; } diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 2b3a32b17c..dc583f98c0 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -1685,6 +1685,26 @@ static void WINAPI main_test_task(DEVICE_OBJECT *device, void *context) IoCompleteRequest(irp, IO_NO_INCREMENT); }

+#if defined(__i386__) || defined(__x86_64__) +static void test_executable_pool(void) +{ + static const unsigned char bytes[] = + { 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xc3 }; /* mov $0xdeadbeef,%eax ; ret */ + static const ULONG tag = 0x74736574; /* test */ + int (*func)(void); + int ret; + + func = ExAllocatePoolWithTag(NonPagedPool, sizeof(bytes), tag); + ok(!!func, "Got NULL memory.\n"); + + memcpy(func, bytes, sizeof(bytes)); + ret = func(); + ok(ret == 0xdeadbeef, "Got %#x.\n", ret); + + ExFreePoolWithTag(func, tag); +} +#endif + static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack) { ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength; @@ -1735,6 +1755,9 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st test_lookup_thread(); test_IoAttachDeviceToDeviceStack(); test_object_name(); +#if defined(__i386__) || defined(__x86_64__) + test_executable_pool(); +#endif

if (main_test_work_item) return STATUS_UNEXPECTED_IO_ERROR;

-- 2.22.0

Marvin

4:51 a.m.

New subject: [PATCH 2/5] ntoskrnl.exe: Allocate pool memory from an executable heap.

Hi,

While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check?

Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=55717

Your paranoid android.

=== w8 (32 bit report) ===

Report errors: The report seems to have been truncated

=== w8 (task log) ===

Task errors: An error occurred while waiting for the test to complete: the 2760 process does not exist or is not a child process The test VM has crashed, rebooted or lost connectivity (or the TestAgent server died) The previous 2 run(s) terminated abnormally

=== debian10 (32 bit report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit French report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit Japanese:Japan report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit Chinese:China report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (64 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

Zebediah Figura

4:16 a.m.

New subject: [PATCH 3/5] ntoskrnl.exe: Stub IoRegisterBootDriverReinitialization().

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47623 Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 7 +++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- include/ddk/ntddk.h | 1 + 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 745db57f99..8f15672313 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -1922,6 +1922,13 @@ void WINAPI IoRegisterDriverReinitialization( PDRIVER_OBJECT obj, PDRIVER_REINIT FIXME( "stub: %p %p %p\n", obj, reinit, context ); }

+/*********************************************************************** + * IoRegisterBootDriverReinitialization (NTOSKRNL.EXE.@) + */ +void WINAPI IoRegisterBootDriverReinitialization(DRIVER_OBJECT *driver, PDRIVER_REINITIALIZE proc, void *ctx) +{ + FIXME("driver %p, proc %p, ctx %p, stub!\n", driver, proc, ctx); +}

/*********************************************************************** * IoRegisterShutdownNotification (NTOSKRNL.EXE.@) diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index a70a74ecc5..8322fd0947 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -438,7 +438,7 @@ @ stub IoReadOperationCount @ stub IoReadPartitionTableEx @ stub IoReadTransferCount -@ stub IoRegisterBootDriverReinitialization +@ stdcall IoRegisterBootDriverReinitialization(ptr ptr ptr) @ stdcall IoRegisterDeviceInterface(ptr ptr ptr ptr) @ stdcall IoRegisterDriverReinitialization(ptr ptr ptr) @ stdcall IoRegisterFileSystem(ptr) diff --git a/include/ddk/ntddk.h b/include/ddk/ntddk.h index 8c7ead7fb6..32f9a6feaf 100644 --- a/include/ddk/ntddk.h +++ b/include/ddk/ntddk.h @@ -214,6 +214,7 @@ typedef GUID UUID; NTSTATUS WINAPI ExUuidCreate(UUID*); NTSTATUS WINAPI IoQueryDeviceDescription(PINTERFACE_TYPE,PULONG,PCONFIGURATION_TYPE,PULONG, PCONFIGURATION_TYPE,PULONG,PIO_QUERY_DEVICE_ROUTINE,PVOID); +void WINAPI IoRegisterBootDriverReinitialization(DRIVER_OBJECT*,PDRIVER_REINITIALIZE,void*); void WINAPI IoRegisterDriverReinitialization(PDRIVER_OBJECT,PDRIVER_REINITIALIZE,PVOID); NTSTATUS WINAPI IoRegisterShutdownNotification(PDEVICE_OBJECT); BOOLEAN WINAPI KeAreApcsDisabled(void);

-- 2.22.0

Marvin

4:41 a.m.

New subject: [PATCH 3/5] ntoskrnl.exe: Stub IoRegisterBootDriverReinitialization().

Hi,

While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check?

Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=55718

Your paranoid android.

=== debian10 (32 bit report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit Chinese:China report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (64 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

Zebediah Figura

4:16 a.m.

New subject: [PATCH 4/5] ntoskrnl.exe: Set the IRP thread also for create and close requests.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47623 Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 2 ++ dlls/ntoskrnl.exe/tests/driver.c | 6 ++++++ 2 files changed, 8 insertions(+)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 8f15672313..5818c769ec 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -528,6 +528,7 @@ static NTSTATUS dispatch_create( struct dispatch_context *context ) irpsp->Parameters.Create.EaLength = 0;

irp->Tail.Overlay.OriginalFileObject = file; + irp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread(); irp->RequestorMode = UserMode; irp->AssociatedIrp.SystemBuffer = NULL; irp->UserBuffer = NULL; @@ -565,6 +566,7 @@ static NTSTATUS dispatch_close( struct dispatch_context *context ) irpsp->FileObject = file;

irp->Tail.Overlay.OriginalFileObject = file; + irp->Tail.Overlay.Thread = (PETHREAD)KeGetCurrentThread(); irp->RequestorMode = UserMode; irp->AssociatedIrp.SystemBuffer = NULL; irp->UserBuffer = NULL; diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index dc583f98c0..6ab3c622ae 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -60,6 +60,8 @@ static POBJECT_TYPE *pExEventObjectType, *pIoFileObjectType, *pPsThreadType, *pI static PEPROCESS *pPsInitialSystemProcess; static void *create_caller_thread;

+static PETHREAD create_irp_thread; + void WINAPI ObfReferenceObject( void *obj );

NTSTATUS WINAPI ZwQueryInformationProcess(HANDLE,PROCESSINFOCLASS,void*,ULONG,ULONG*); @@ -342,7 +344,10 @@ static void test_current_thread(BOOL is_system) ok(PsGetThreadId((PETHREAD)KeGetCurrentThread()) == PsGetCurrentThreadId(), "thread IDs don't match\n"); ok(PsIsSystemThread((PETHREAD)KeGetCurrentThread()) == is_system, "unexpected system thread\n"); if (!is_system) + { ok(create_caller_thread == KeGetCurrentThread(), "thread is not create caller thread\n"); + ok(create_irp_thread == (PETHREAD)KeGetCurrentThread(), "thread of create request is not current thread\n"); + }

ret = ObOpenObjectByPointer(current, OBJ_KERNEL_HANDLE, NULL, PROCESS_QUERY_INFORMATION, NULL, KernelMode, &process_handle); ok(!ret, "ObOpenObjectByPointer failed: %#x\n", ret); @@ -1864,6 +1869,7 @@ static NTSTATUS WINAPI driver_Create(DEVICE_OBJECT *device, IRP *irp) *context = create_count; irpsp->FileObject->FsContext = context; create_caller_thread = KeGetCurrentThread(); + create_irp_thread = irp->Tail.Overlay.Thread;

irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest(irp, IO_NO_INCREMENT);

-- 2.22.0

Marvin

5:13 a.m.

New subject: [PATCH 4/5] ntoskrnl.exe: Set the IRP thread also for create and close requests.

Hi,

While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check?

Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=55719

Your paranoid android.

=== w8 (32 bit report) ===

Report errors: The report seems to have been truncated

=== w8 (task log) ===

Task errors: An error occurred while waiting for the test to complete: the 2748 process does not exist or is not a child process The test VM has crashed, rebooted or lost connectivity (or the TestAgent server died) The previous 2 run(s) terminated abnormally

=== debian10 (32 bit report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit French report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit Japanese:Japan report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit Chinese:China report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (32 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

=== debian10 (64 bit WoW report) ===

Report errors: ntoskrnl.exe:ntoskrnl contains a misplaced todo message for driver

Zebediah Figura

4:16 a.m.

New subject: [PATCH 5/5] ntoskrnl.exe: Implement IoGetRequestorProcess().

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47623 Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 9 +++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- dlls/ntoskrnl.exe/tests/driver.c | 2 ++ include/ddk/ntifs.h | 1 + 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 5818c769ec..d4571696bf 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -3903,3 +3903,12 @@ ULONG WINAPI ExSetTimerResolution(ULONG time, BOOLEAN set_resolution) FIXME("stub: %u %d\n", time, set_resolution); return KeQueryTimeIncrement(); } + +/*********************************************************************** + * IoGetRequestorProcess (NTOSKRNL.EXE.@) + */ +PEPROCESS WINAPI IoGetRequestorProcess(IRP *irp) +{ + TRACE("irp %p.\n", irp); + return irp->Tail.Overlay.Thread->kthread.process; +} diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index 8322fd0947..8dce2d583b 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -406,7 +406,7 @@ @ stub IoGetInitialStack @ stub IoGetLowerDeviceObject @ stdcall IoGetRelatedDeviceObject(ptr) -@ stub IoGetRequestorProcess +@ stdcall IoGetRequestorProcess(ptr) @ stub IoGetRequestorProcessId @ stub IoGetRequestorSessionId @ stdcall IoGetStackLimits(ptr ptr) diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 6ab3c622ae..0506011ce5 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -225,6 +225,8 @@ static void test_irp_struct(IRP *irp, DEVICE_OBJECT *device) ok(!irp->UserEvent, "UserEvent = %p\n", irp->UserEvent); ok(irp->Tail.Overlay.Thread == (PETHREAD)KeGetCurrentThread(), "IRP thread is not the current thread\n"); + + ok(IoGetRequestorProcess(irp) == IoGetCurrentProcess(), "processes didn't match\n"); }

static void test_mdl_map(void) diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h index b287b06799..39636e8073 100644 --- a/include/ddk/ntifs.h +++ b/include/ddk/ntifs.h @@ -131,6 +131,7 @@ typedef struct _FS_FILTER_CALLBACKS

BOOLEAN WINAPI FsRtlIsNameInExpression(PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH); DEVICE_OBJECT * WINAPI IoGetAttachedDevice(DEVICE_OBJECT*); +PEPROCESS WINAPI IoGetRequestorProcess(IRP*); NTSTATUS WINAPI ObOpenObjectByPointer(void*,ULONG,PACCESS_STATE,ACCESS_MASK,POBJECT_TYPE,KPROCESSOR_MODE,HANDLE*); NTSTATUS WINAPI ObQueryNameString(PVOID,POBJECT_NAME_INFORMATION,ULONG,PULONG); BOOLEAN WINAPI PsIsSystemThread(PETHREAD);

-- 2.22.0

1966

Age (days ago)

1966

Last active (days ago)

wine-devel@winehq.org

7 comments

2 participants

tags (0)

participants (2)

Marvin
Zebediah Figura