From 8c7f79080567ed1c9bd9527a343ab23210335295 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Thu, 7 Jan 2016 21:54:18 -0800
Subject: [PATCH] sys: IRP_MJ_CREATE

---
 src/sys/create.c  | 17 +++++++++++++----
 src/sys/device.c  | 14 +++-----------
 src/sys/driver.h  |  6 +-----
 src/sys/filectx.c |  5 +----
 4 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/src/sys/create.c b/src/sys/create.c
index 5fbb4948..94eb38ab 100644
--- a/src/sys/create.c
+++ b/src/sys/create.c
@@ -86,6 +86,7 @@ static NTSTATUS FspFsvolCreate(
     if ((0 == RelatedFileObject || RelatedFileObject->FsContext) && 0 == FileName.Length)
     {
         if (0 != FsvolDeviceExtension->FsvrtDeviceObject)
+#pragma prefast(disable:28175, "We are a filesystem: ok to access Vpb")
             FileObject->Vpb = FsvolDeviceExtension->FsvrtDeviceObject->Vpb;
 
         Irp->IoStatus.Information = FILE_OPENED;
@@ -242,7 +243,7 @@ static NTSTATUS FspFsvolCreate(
         FspFsvolCreateRequestFini, &Request);
     if (!NT_SUCCESS(Result))
     {
-        FspFileContextDelete(FsContext);
+        FspFileContextRelease(FsContext);
         return Result;
     }
 
@@ -374,6 +375,7 @@ VOID FspFsvolCreateComplete(
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     FSP_FSCTL_TRANSACT_REQ *Request = FspIrpRequest(Irp);
     FSP_FILE_CONTEXT *FsContext = FspIopRequestContext(Request, RequestFsContext);
+    FSP_FILE_CONTEXT *OpenedFsContext;
     UNICODE_STRING ReparseFileName;
     BOOLEAN DeleteOnClose;
 
@@ -451,6 +453,7 @@ VOID FspFsvolCreateComplete(
 
         /* set up the FileObject */
         if (0 != FsvolDeviceExtension->FsvrtDeviceObject)
+#pragma prefast(disable:28175, "We are a filesystem: ok to access Vpb")
             FileObject->Vpb = FsvolDeviceExtension->FsvrtDeviceObject->Vpb;
         FileObject->SectionObjectPointer = &FsContext->NonPaged->SectionObjectPointers;
         FileObject->PrivateCacheMap = 0;
@@ -460,11 +463,10 @@ VOID FspFsvolCreateComplete(
         DeleteOnClose = BooleanFlagOn(Request->Req.Create.CreateOptions, FILE_DELETE_ON_CLOSE);
 
         /* open the FsContext */
-        FsContext = FspFileContextOpen(FsContext, FileObject,
+        OpenedFsContext = FspFileContextOpen(FsContext, FileObject,
             Response->Rsp.Create.Opened.GrantedAccess, IrpSp->Parameters.Create.ShareAccess,
             &Result);
-        FspIopRequestContext(Request, RequestFsContext) = FsContext;
-        if (0 == FsContext)
+        if (0 == OpenedFsContext)
         {
             /* unable to open the FsContext; post a close Create2 request */
             FspFsvolCreatePostClose(FsvolDeviceObject,
@@ -473,9 +475,16 @@ VOID FspFsvolCreateComplete(
                 Response->Rsp.Create.Opened.UserContext2,
                 Result);
 
+            FspFileContextRelease(FsContext);
+
             FSP_RETURN();
         }
 
+        if (OpenedFsContext != FsContext)
+            FspFileContextRelease(FsContext);
+
+        FspIopRequestContext(Request, RequestFsContext) = FsContext = OpenedFsContext;
+
         if (FILE_OPENED == Response->IoStatus.Information)
         {
             /*
diff --git a/src/sys/device.c b/src/sys/device.c
index 3acf10ca..9bf23bbd 100644
--- a/src/sys/device.c
+++ b/src/sys/device.c
@@ -25,11 +25,7 @@ static NTSTATUS FspFsvolDeviceInit(PDEVICE_OBJECT DeviceObject);
 static VOID FspFsvolDeviceFini(PDEVICE_OBJECT DeviceObject);
 static IO_TIMER_ROUTINE FspFsvolDeviceTimerRoutine;
 static WORKER_THREAD_ROUTINE FspFsvolDeviceExpirationRoutine;
-_IRQL_raises_(APC_LEVEL)
-_IRQL_saves_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceLockContextTable(PDEVICE_OBJECT DeviceObject);
-_IRQL_requires_(APC_LEVEL)
-_IRQL_restores_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceUnlockContextTable(PDEVICE_OBJECT DeviceObject);
 PVOID FspFsvolDeviceLookupContext(PDEVICE_OBJECT DeviceObject, UINT64 Identifier);
 PVOID FspFsvolDeviceInsertContext(PDEVICE_OBJECT DeviceObject, UINT64 Identifier, PVOID Context,
@@ -295,7 +291,7 @@ static NTSTATUS FspFsvolDeviceInit(PDEVICE_OBJECT DeviceObject)
     FsvolDeviceExtension->InitDoneIoq = 1;
 
     /* initialize our generic table */
-    ExInitializeFastMutex(&FsvolDeviceExtension->GenericTableFastMutex);
+    KeInitializeGuardedMutex(&FsvolDeviceExtension->GenericTableMutex);
     RtlInitializeGenericTableAvl(&FsvolDeviceExtension->GenericTable,
         FspFsvolDeviceCompareElement, FspFsvolDeviceAllocateElement, FspFsvolDeviceFreeElement, 0);
     FsvolDeviceExtension->InitDoneGenTab = 1;
@@ -412,24 +408,20 @@ static VOID FspFsvolDeviceExpirationRoutine(PVOID Context)
     FspDeviceRelease(DeviceObject);
 }
 
-_IRQL_raises_(APC_LEVEL)
-_IRQL_saves_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceLockContextTable(PDEVICE_OBJECT DeviceObject)
 {
     PAGED_CODE();
 
     FSP_FSVOL_DEVICE_EXTENSION *FsvolDeviceExtension = FspFsvolDeviceExtension(DeviceObject);
-    ExAcquireFastMutex(&FsvolDeviceExtension->GenericTableFastMutex);
+    KeAcquireGuardedMutex(&FsvolDeviceExtension->GenericTableMutex);
 }
 
-_IRQL_requires_(APC_LEVEL)
-_IRQL_restores_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceUnlockContextTable(PDEVICE_OBJECT DeviceObject)
 {
     PAGED_CODE();
 
     FSP_FSVOL_DEVICE_EXTENSION *FsvolDeviceExtension = FspFsvolDeviceExtension(DeviceObject);
-    ExReleaseFastMutex(&FsvolDeviceExtension->GenericTableFastMutex);
+    KeReleaseGuardedMutex(&FsvolDeviceExtension->GenericTableMutex);
 }
 
 PVOID FspFsvolDeviceLookupContext(PDEVICE_OBJECT DeviceObject, UINT64 Identifier)
diff --git a/src/sys/driver.h b/src/sys/driver.h
index 6b934b14..33f69edb 100644
--- a/src/sys/driver.h
+++ b/src/sys/driver.h
@@ -433,7 +433,7 @@ typedef struct
     KSPIN_LOCK ExpirationLock;
     WORK_QUEUE_ITEM ExpirationWorkItem;
     BOOLEAN ExpirationInProgress;
-    FAST_MUTEX GenericTableFastMutex;
+    KGUARDED_MUTEX GenericTableMutex;
     RTL_AVL_TABLE GenericTable;
     PVOID GenericTableElementStorage;
     UNICODE_STRING VolumeName;
@@ -461,11 +461,7 @@ NTSTATUS FspDeviceInitialize(PDEVICE_OBJECT DeviceObject);
 VOID FspDeviceDelete(PDEVICE_OBJECT DeviceObject);
 BOOLEAN FspDeviceRetain(PDEVICE_OBJECT DeviceObject);
 VOID FspDeviceRelease(PDEVICE_OBJECT DeviceObject);
-_IRQL_raises_(APC_LEVEL)
-_IRQL_saves_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceLockContextTable(PDEVICE_OBJECT DeviceObject);
-_IRQL_requires_(APC_LEVEL)
-_IRQL_restores_global_(OldIrql, DeviceObject)
 VOID FspFsvolDeviceUnlockContextTable(PDEVICE_OBJECT DeviceObject);
 PVOID FspFsvolDeviceLookupContext(PDEVICE_OBJECT DeviceObject, UINT64 Identifier);
 PVOID FspFsvolDeviceInsertContext(PDEVICE_OBJECT DeviceObject, UINT64 Identifier, PVOID Context,
diff --git a/src/sys/filectx.c b/src/sys/filectx.c
index b648f09e..a1b7392c 100644
--- a/src/sys/filectx.c
+++ b/src/sys/filectx.c
@@ -112,7 +112,7 @@ FSP_FILE_CONTEXT *FspFileContextOpen(FSP_FILE_CONTEXT *FsContext, PFILE_OBJECT F
          * opening a prior FsContext that we found in the table.
          *
          * First check and update the share access. If successful then retain the
-         * prior FsContext for our caller and release the original FsContext.
+         * prior FsContext for our caller.
          */
         ASSERT(OpenedFsContext != FsContext);
 
@@ -150,9 +150,6 @@ FSP_FILE_CONTEXT *FspFileContextOpen(FSP_FILE_CONTEXT *FsContext, PFILE_OBJECT F
 
     FspFsvolDeviceUnlockContextTable(FsvolDeviceObject);
 
-    if (!Inserted)
-        FspFileContextRelease(FsContext);
-
     return OpenedFsContext;
 }