sys: FspFsvrtTransact testing

src/dll/fsctl.c

@@ -237,8 +237,8 @@ exit:
 }
 
 FSP_API NTSTATUS FspFsctlTransact(HANDLE VolumeHandle,
-    FSP_FSCTL_TRANSACT_RSP *ResponseBuf, SIZE_T ResponseBufSize,
-    FSP_FSCTL_TRANSACT_REQ *RequestBuf, SIZE_T *PRequestBufSize)
+    PVOID ResponseBuf, SIZE_T ResponseBufSize,
+    PVOID RequestBuf, SIZE_T *PRequestBufSize)
 {
     NTSTATUS Result = STATUS_SUCCESS;
     DWORD Bytes;

src/sys/cleanup.c

@@ -79,9 +79,9 @@ static NTSTATUS FspFsvolCleanup(
     if (0 == OpenCount)
     {
         /*
-            * The following must be done under the file system volume device Resource,
-            * because we are manipulating its GenericTable.
-            */
+         * The following must be done under the file system volume device Resource,
+         * because we are manipulating its GenericTable.
+         */
         ExAcquireResourceExclusiveLite(&FsvolDeviceExtension->Base.Resource, TRUE);
         try
         {

src/sys/driver.h

@@ -425,7 +425,7 @@ LONG FspFileContextClose(FSP_FILE_CONTEXT *Context)
 {
     ASSERT(ExIsResourceAcquiredExclusiveLite(Context->Header.Resource));
     ASSERT(0 < Context->OpenCount);
-    return Context->OpenCount--;
+    return --Context->OpenCount;
 }
 static inline
 VOID FspFileContextRetain(FSP_FILE_CONTEXT *Context)

src/sys/fsctl.c

@@ -113,7 +113,7 @@ static NTSTATUS FspFsctlCreateVolume(
         !FspValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorSize,
             DACL_SECURITY_INFORMATION))
         return STATUS_INVALID_PARAMETER;
-    if (FSP_FSCTL_CREATE_BUFFER_SIZE > OutputBufferLength)
+    if (FSP_FSCTL_CREATE_BUFFER_SIZEMIN > OutputBufferLength)
         return STATUS_BUFFER_TOO_SMALL;
 
     NTSTATUS Result;
@@ -138,7 +138,7 @@ static NTSTATUS FspFsctlCreateVolume(
     UNICODE_STRING DeviceSddl;
     UNICODE_STRING DeviceName;
     RtlInitUnicodeString(&DeviceSddl, L"" FSP_FSVRT_DEVICE_SDDL);
-    RtlInitEmptyUnicodeString(&DeviceName, SystemBuffer, FSP_FSCTL_CREATE_BUFFER_SIZE);
+    RtlInitEmptyUnicodeString(&DeviceName, SystemBuffer, FSP_FSCTL_CREATE_BUFFER_SIZEMIN);
     Result = RtlUnicodeStringPrintf(&DeviceName,
         L"\\Device\\Volume{%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
         Guid.Data1, Guid.Data2, Guid.Data3,
@@ -340,16 +340,18 @@ static NTSTATUS FspFsvrtTransact(
     ULONG InputBufferLength = IrpSp->Parameters.FileSystemControl.InputBufferLength;
     ULONG OutputBufferLength = IrpSp->Parameters.FileSystemControl.OutputBufferLength;
     PVOID SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
-    if (sizeof(FSP_FSCTL_TRANSACT_RSP) > InputBufferLength || 0 == SystemBuffer)
+    if (0 == SystemBuffer ||
+        (0 != InputBufferLength &&
+            FSP_FSCTL_DEFAULT_ALIGN_UP(sizeof(FSP_FSCTL_TRANSACT_RSP)) > InputBufferLength))
         return STATUS_INVALID_PARAMETER;
-    if (FSP_FSCTL_TRANSACT_BUFFER_SIZE > OutputBufferLength)
+    if (FSP_FSCTL_TRANSACT_REQ_BUFFER_SIZEMIN > OutputBufferLength)
         return STATUS_BUFFER_TOO_SMALL;
 
     NTSTATUS Result;
     FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension = FspFsvrtDeviceExtension(DeviceObject);
     PUINT8 SystemBufferEnd;
-    const FSP_FSCTL_TRANSACT_RSP *Response, *NextResponse;
-    FSP_FSCTL_TRANSACT_REQ *Request, *NextRequest, *PendingIrpRequest;
+    FSP_FSCTL_TRANSACT_RSP *Response, *NextResponse;
+    FSP_FSCTL_TRANSACT_REQ *Request, *PendingIrpRequest;
     PIRP ProcessIrp, PendingIrp;
 
     /* access check */
@@ -388,7 +390,7 @@ retry:
     /* send any pending IRP's to the user-mode file system */
     Request = SystemBuffer;
     SystemBufferEnd = (PUINT8)SystemBuffer + OutputBufferLength;
-    ASSERT((PUINT8)Request + FSP_FSCTL_TRANSACT_REQ_SIZEMAX <= SystemBufferEnd);
+    ASSERT(FspFsctlTransactCanProduceRequest(Request, SystemBufferEnd));
     for (;;)
     {
         PendingIrpRequest = FspIopRequest(PendingIrp);
@@ -398,13 +400,8 @@ retry:
             FspIopCompleteIrp(PendingIrp, Result);
         else
         {
-            NextRequest = FspFsctlTransactProduceRequest(
-                Request, PendingIrpRequest->Size, SystemBufferEnd);
-                /* this should not fail as we have already checked that we have enough space */
-            ASSERT(0 != NextRequest);
-
             RtlCopyMemory(Request, PendingIrpRequest, PendingIrpRequest->Size);
-            Request = NextRequest;
+            Request = FspFsctlTransactProduceRequest(Request, PendingIrpRequest->Size);
 
             if (!FspIoqStartProcessingIrp(&FsvrtDeviceExtension->Ioq, PendingIrp))
             {
@@ -420,7 +417,7 @@ retry:
             }
 
             /* check that we have enough space before pulling the next pending IRP off the queue */
-            if ((PUINT8)Request + FSP_FSCTL_TRANSACT_REQ_SIZEMAX > SystemBufferEnd)
+            if (!FspFsctlTransactCanProduceRequest(Request, SystemBufferEnd))
                 break;
         }
 
@@ -433,7 +430,6 @@ retry:
     if (Request == SystemBuffer)
         goto retry;
 
-    RtlZeroMemory(Request, SystemBufferEnd - (PUINT8)Request);
     Irp->IoStatus.Information = (PUINT8)Request - (PUINT8)SystemBuffer;
 
     return STATUS_SUCCESS;

src/sys/iop.c

@@ -151,7 +151,6 @@ VOID FspIopCompleteIrpEx(PIRP Irp, NTSTATUS Result, BOOLEAN DeviceRelease)
     PAGED_CODE();
 
     ASSERT(STATUS_PENDING != Result);
-    ASSERT(0 == Irp->Tail.Overlay.DriverContext[3]);
 
     if (0 != FspIopRequest(Irp))
     {