29 Nov
2022
29 Nov
'22
5:01 p.m.
On Tue Nov 29 06:05:51 2022 +0000, Ivo Ivanov wrote:
Yes, that won't be enough to stop the pending callbacks. The change in TpSetTimer handles this on thread pool level. If there is ke_timer_complete_proc() running at this time, it will complete in parallel. I have to dig the MS documentation again, but I'm pretty sure they don't guarantee immediate cancellation of pending DPCs after canceling an object. Since the DPCs are queued and run on another IRQ level, I assume they can't be dequeued and stopped easily in time.
That sounds believable, although it'd be nice to be sure. More concerning to me, though, is that currently we can execute the "wrong" DPC if the callback was triggered during/after a concurrent KeSetTimer().