Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change the cleanup process in xeniface
Previously cleaning up granted/mapped memory from a client process was done through a process notification routine that's called on every process exit. That ensured that even if the process doesn't clean up properly itself, we get to clean up the mess. We couldn't just rely on the "device handle closed" callback because that's only called when the last reference to the object is closed: the classic "duplicate handle problem" (Process X opens the device, then maps some memory through xeniface. Process Y duplicates that device handle. Process X exits without cleaning up. Xeniface doesn't get notified because there are still references to the device object. The memory manager BSODs the OS because a process is exiting while still having locked pages in its address space). The process notify routine is very convenient (called at PASSIVE_LEVEL, in the context of the exiting process) but has some disadvantages: - It requires a global state in the driver because it doesn't have any "context" parameter. - There is a limit of 64 notify routines in a system. - The notify routine is called for every process creation and destruction in the system. Although the overhead is minimal for "not watched" processes, we can do better. Now we're using pending IOCTLs for granting/mapping memory. The client process issues a grant/map IOCTL and xeniface pends this request until either the client issues the cleanup request or exits (all pending IOCTLs are cancelled by the system when the owning thread exits). This adds some non-trivial complexity to xeniface (maintaining a pending IRP queue, unmapping user memory from not PASSIVE-guaranteed IRQL and from arbitrary context) and xencontrol (asynchronous requests, need to keep OVERLAPPED structures for the whole time an IOCTL is being pended) but is ultimately the correct way to handle the "duplicate handle problem".
- Loading branch information
Showing
14 changed files
with
1,037 additions
and
568 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#ifndef _IRP_QUEUE_H_ | ||
#define _IRP_QUEUE_H_ | ||
|
||
#include <ntddk.h> | ||
|
||
VOID CsqInsertIrp( | ||
_In_ PIO_CSQ Csq, | ||
_In_ PIRP Irp | ||
); | ||
|
||
VOID CsqRemoveIrp( | ||
_In_ PIO_CSQ Csq, | ||
_In_ PIRP Irp | ||
); | ||
|
||
PIRP CsqPeekNextIrp( | ||
_In_ PIO_CSQ Csq, | ||
_In_ PIRP Irp, | ||
_In_ PVOID PeekContext | ||
); | ||
|
||
_IRQL_raises_(DISPATCH_LEVEL) | ||
_IRQL_requires_max_(DISPATCH_LEVEL) | ||
_Acquires_lock_(CONTAINING_RECORD(Csq, XENIFACE_FDO, IrpQueue)->IrpQueueLock) | ||
VOID CsqAcquireLock( | ||
_In_ PIO_CSQ Csq, | ||
_Out_ _At_(*Irql, _Post_ _IRQL_saves_) PKIRQL Irql | ||
); | ||
|
||
_IRQL_requires_(DISPATCH_LEVEL) | ||
_Releases_lock_(CONTAINING_RECORD(Csq, XENIFACE_FDO, IrpQueue)->IrpQueueLock) | ||
VOID CsqReleaseLock( | ||
_In_ PIO_CSQ Csq, | ||
_In_ _IRQL_restores_ KIRQL Irql | ||
); | ||
|
||
VOID CsqCompleteCanceledIrp( | ||
_In_ PIO_CSQ Csq, | ||
_In_ PIRP Irp | ||
); | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.