Skip to content

Commit

Permalink
datapath-windows: do not complete an IRP when pending status returned
Browse files Browse the repository at this point in the history 
The driver completes a pending IRP, the IRP is being marked free by the
I/O manager which causes a system crash when the IRP is completed at
the second time.
The driver should not complete a pending IRP in the context of the
Device I/O control thread.

*** Fatal System Error: 0x00000044
                       (0xFFFFFA800CF897D0,0x0000000000000F7A,0x0000000000000000,0x0000000000000000)

Break instruction exception - code 80000003 (first chance)

BugCheck 44, {fffffa800cf897d0, f7a, 0, 0}

Probably caused by : OVSExt.sys ( OVSExt!OvsCompleteIrpRequest+3a )

Followup: MachineOwner
---------

nt!DbgBreakPointWithStatus:
fffff800`5a100930 cc              int     3
11: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed.  This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened.  Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it.  The
first actually works, and the second fails.  Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second.  However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: fffffa800cf897d0, Address of the IRP
Arg2: 0000000000000f7a
Arg3: 0000000000000000
Arg4: 0000000000000000

Signed-off-by: Eitan Eliahu <eliahue@vmware.com>
Acked-by: Nithin Raju <nithin@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
  • Loading branch information
@EitanEliahu @blp
EitanEliahu authored and blp committed Nov 21, 2014
1 parent faebf93 commit 8ddda68
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions datapath-windows/ovsext/Datapath.c
View file
Expand Up @@ -864,6 +864,11 @@ OvsDeviceControl(PDEVICE_OBJECT deviceObject,
done:
KeMemoryBarrier();
instance->inUse = 0;

/* Should not complete a pending IRP unless proceesing is completed */
if (status == STATUS_PENDING) {
return status;
}
return OvsCompleteIrpRequest(irp, (ULONG_PTR)replyLen, status);
}

Expand Down

0 comments on commit 8ddda68

Please sign in to comment.