fsctl.h: FspFsctlTransact{Produce,Consume}{Request,Response}

2025-04-22 16:33:02 -05:00 · 2015-11-26 00:06:10 -08:00 · 2015-11-26 00:06:10 -08:00 · 4762f6d2e8
commit 4762f6d2e8
parent bafb947b9f
2 changed files with 50 additions and 20 deletions
--- a/inc/winfsp/fsctl.h
+++ b/inc/winfsp/fsctl.h
@ -31,7 +31,6 @@ extern const __declspec(selectany) GUID FspFsvrtDeviceClassGuid =

 #define FSP_FSCTL_CREATE_BUFFER_SIZE    128
 #define FSP_FSCTL_TRANSACT_BUFFER_SIZE  4096
-#define FSP_FSCTL_TRANSACT_REQ_SIZEMAX  1536

 /* marshalling */
 #pragma warning(push)
@ -62,6 +61,36 @@ typedef struct
    } Req;
 } FSP_TRANSACT_RSP;
 #pragma warning(pop)
+static inline FSP_TRANSACT_REQ *FspFsctlTransactProduceRequest(
+    FSP_TRANSACT_REQ *Request, SIZE_T RequestSize, PVOID RequestBufEnd)
+{
+    PVOID NextRequest = (PUINT8)Request + RequestSize;
+    return NextRequest <= RequestBufEnd ? NextRequest : 0;
+}
+static inline const FSP_TRANSACT_REQ *FspFsctlTransactConsumeRequest(
+    const FSP_TRANSACT_REQ *Request, PVOID RequestBufEnd)
+{
+    if ((PUINT8)Request + sizeof(Request->Size) > (PUINT8)RequestBufEnd ||
+        sizeof(FSP_TRANSACT_REQ) > Request->Size)
+        return 0;
+    PVOID NextRequest = (PUINT8)Request + Request->Size;
+    return NextRequest <= RequestBufEnd ? NextRequest : 0;
+}
+static inline FSP_TRANSACT_RSP *FspFsctlTransactProduceResponse(
+    FSP_TRANSACT_RSP *Response, SIZE_T ResponseSize, PVOID ResponseBufEnd)
+{
+    PVOID NextResponse = (PUINT8)Response + ResponseSize;
+    return NextResponse <= ResponseBufEnd ? NextResponse : 0;
+}
+static inline const FSP_TRANSACT_RSP *FspFsctlTransactConsumeResponse(
+    const FSP_TRANSACT_RSP *Response, PVOID ResponseBufEnd)
+{
+    if ((PUINT8)Response + sizeof(Response->Size) > (PUINT8)ResponseBufEnd ||
+        sizeof(FSP_TRANSACT_RSP) > Response->Size)
+        return 0;
+    PVOID NextResponse = (PUINT8)Response + Response->Size;
+    return NextResponse <= ResponseBufEnd ? NextResponse : 0;
+}

 #if !defined(WINFSP_SYS_DRIVER_H_INTERNAL)
 NTSTATUS FspFsctlCreateVolume(PWSTR DevicePath, PSECURITY_DESCRIPTOR SecurityDescriptor,
--- a/src/sys/fsctl.c
+++ b/src/sys/fsctl.c
@ -120,9 +120,9 @@ static NTSTATUS FspFsvrtTransact(

    NTSTATUS Result;
    FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension = FspFsvrtDeviceExtension(DeviceObject);
-    PUINT8 SystemBufferPtr, SystemBufferEnd;
-    FSP_TRANSACT_RSP *Response;
-    FSP_TRANSACT_REQ *Request;
+    PUINT8 SystemBufferEnd;
+    const FSP_TRANSACT_RSP *Response, *NextResponse;
+    FSP_TRANSACT_REQ *Request, *NextRequest, *PendingIrpRequest;
    PIRP ProcessIrp, PendingIrp;

    /* access check */
@ -136,19 +136,18 @@ static NTSTATUS FspFsvrtTransact(
    SystemBufferEnd = (PUINT8)SystemBuffer + InputBufferLength;
    for (;;)
    {
-        if ((PUINT8)Response + sizeof(Response->Size) > SystemBufferEnd ||
-            sizeof(FSP_TRANSACT_RSP) > Response->Size ||
-            (PUINT8)Response + Response->Size > SystemBufferEnd)
+        NextResponse = FspFsctlTransactConsumeResponse(Response, SystemBufferEnd);
+        if (0 == NextResponse)
            break;

        ProcessIrp = FspIoqEndProcessingIrp(&FsvrtDeviceExtension->Ioq, Response->Hint);
        if (0 == ProcessIrp)
-            /* either IRP was canceled or a bogus IrpHint was provided */
+            /* either IRP was canceled or a bogus Hint was provided */
            continue;

        //FspDispatchProcessedIrp(ProcessIrp, Response);

-        Response = (PVOID)((PUINT8)Response + Response->Size);
+        Response = NextResponse;
    }

    /* wait for an IRP to arrive */
@ -159,14 +158,21 @@ static NTSTATUS FspFsvrtTransact(
    }

    /* send any pending IRP's to the user-mode file system */
-    SystemBufferPtr = SystemBuffer;
+    Request = SystemBuffer;
    SystemBufferEnd = (PUINT8)SystemBuffer + OutputBufferLength;
-    ASSERT(SystemBufferPtr + FSP_FSCTL_TRANSACT_REQ_SIZEMAX + sizeof(Request->Size) <= SystemBufferEnd);
-    for (BOOLEAN LoopedOnce = FALSE;; LoopedOnce = TRUE)
+    for (;;)
    {
-        if (SystemBufferPtr + FSP_FSCTL_TRANSACT_REQ_SIZEMAX + sizeof(Request->Size) > SystemBufferEnd)
+        PendingIrpRequest = PendingIrp->Tail.Overlay.DriverContext[0];
+
+        NextRequest = FspFsctlTransactProduceRequest(
+            Request, PendingIrpRequest->Size, SystemBufferEnd);
+        ASSERT(0 != NextRequest || Request != SystemBuffer);
+        if (0 == NextRequest)
            break;

+        RtlCopyMemory(Request, PendingIrpRequest, PendingIrpRequest->Size);
+        Request = NextRequest;
+
        if (!FspIoqStartProcessingIrp(&FsvrtDeviceExtension->Ioq, PendingIrp))
        {
            /*
@ -180,17 +186,12 @@ static NTSTATUS FspFsvrtTransact(
            return STATUS_CANCELLED;
        }

-        Request = PendingIrp->Tail.Overlay.DriverContext[0];
-        RtlCopyMemory(SystemBufferPtr, Request, Request->Size);
-        SystemBufferPtr += Request->Size;
-
        PendingIrp = FspIoqNextPendingIrp(&FsvrtDeviceExtension->Ioq, 0);
        if (0 == PendingIrp)
            break;
+
    }
-    ASSERT(SystemBufferPtr + sizeof(Request->Size) <= SystemBufferEnd);
-    RtlZeroMemory(SystemBufferPtr, SystemBufferEnd - SystemBufferPtr);
-    Irp->IoStatus.Information = SystemBufferPtr - (PUINT8)SystemBuffer;
+    Irp->IoStatus.Information = (PUINT8)Request - (PUINT8)SystemBuffer;

    return STATUS_SUCCESS;
 }