sys: IRP_MJ_CLEANUP: properly perform CcUninitializeCacheMap

2025-07-03 09:22:57 -05:00 · 2016-03-03 17:04:04 -08:00
parent bc9f983285
commit 98ebfed65b
4 changed files with 193 additions and 21 deletions
--- a/src/sys/cleanup.c
+++ b/src/sys/cleanup.c
@ -13,6 +13,8 @@ static NTSTATUS FspFsvrtCleanup(
 static NTSTATUS FspFsvolCleanup(
    PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp);
 FSP_IOCMPL_DISPATCH FspFsvolCleanupComplete;
+static FSP_IOP_REQUEST_FINI FspFsvolCleanupRequestFini;
+static VOID FspFsvolCleanupUninitialize(PVOID Context);
 FSP_DRIVER_DISPATCH FspCleanup;

 #ifdef ALLOC_PRAGMA
@ -20,9 +22,25 @@ FSP_DRIVER_DISPATCH FspCleanup;
 #pragma alloc_text(PAGE, FspFsvrtCleanup)
 #pragma alloc_text(PAGE, FspFsvolCleanup)
 #pragma alloc_text(PAGE, FspFsvolCleanupComplete)
+#pragma alloc_text(PAGE, FspFsvolCleanupRequestFini)
+#pragma alloc_text(PAGE, FspFsvolCleanupUninitialize)
 #pragma alloc_text(PAGE, FspCleanup)
 #endif

+enum
+{
+    /* Cleanup */
+    RequestDeviceObject                 = 0,
+    RequestIrp                          = 1,
+};
+
+typedef struct
+{
+    PFILE_OBJECT FileObject;
+    LARGE_INTEGER TruncateSize, *PTruncateSize;
+    WORK_QUEUE_ITEM WorkQueueItem;
+} FSP_FSVOL_CLEANUP_UNINITIALIZE_WORK_ITEM;
+
 static NTSTATUS FspFsctlCleanup(
    PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp)
 {
@ -61,22 +79,31 @@ static NTSTATUS FspFsvolCleanup(

    ASSERT(FileNode == FileDesc->FileNode);

-    /* !!!: REVISIT! */
-    FspFileNodeClose(FileNode, FileObject, &DeletePending);
-    CcUninitializeCacheMap(FileObject, 0, 0);
-
-    /*
-     * If DeletePending is TRUE, the FileNode is no longer in the Context table,
-     * therefore we do not need to protect its FileName against renames!
-     */
+    FspFileNodeCleanup(FileNode, FileObject, &DeletePending);
+    if (DeletePending)
+    {
+        FspFsvolDeviceFileRenameAcquireShared(FsvolDeviceObject);
+        FspFileNodeAcquireExclusive(FileNode, Full);
+    }
+    else
+        FspFileNodeAcquireShared(FileNode, Full);

    /* create the user-mode file system request; MustSucceed because IRP_MJ_CLEANUP cannot fail */
-    FspIopCreateRequestMustSucceed(Irp, DeletePending ? &FileNode->FileName : 0, 0, &Request);
+    FspIopCreateRequestMustSucceedEx(Irp, DeletePending ? &FileNode->FileName : 0, 0,
+        FspFsvolCleanupRequestFini, &Request);
    Request->Kind = FspFsctlTransactCleanupKind;
    Request->Req.Cleanup.UserContext = FileNode->UserContext;
    Request->Req.Cleanup.UserContext2 = FileDesc->UserContext2;
    Request->Req.Cleanup.Delete = DeletePending;

+    if (DeletePending)
+    {
+        FspFsvolDeviceFileRenameSetOwner(FsvolDeviceObject, Request);
+        FspIopRequestContext(Request, RequestDeviceObject) = FsvolDeviceObject;
+    }
+    FspFileNodeSetOwner(FileNode, Full, Request);
+    FspIopRequestContext(Request, RequestIrp) = Irp;
+
    return FSP_STATUS_IOQ_POST_BEST_EFFORT;

    /*
@ -95,6 +122,117 @@ NTSTATUS FspFsvolCleanupComplete(
    FSP_LEAVE_IOC("FileObject=%p", IrpSp->FileObject);
 }

+static VOID FspFsvolCleanupRequestFini(FSP_FSCTL_TRANSACT_REQ *Request, PVOID Context[4])
+{
+    /*
+     * Cleanup is rather unusual in that we are doing the cleanup post-processing
+     * in RequestFini rather than in CleanupComplete. The reason for this is that
+     * we want this processing to happen even in the (unlikely) event of the user-
+     * mode file system going away, while our Request is queued (in which case the
+     * Irp will get cancelled).
+     */
+
+    PAGED_CODE();
+
+    PDEVICE_OBJECT FsvolDeviceObject = Context[RequestDeviceObject];
+    PIRP Irp = Context[RequestIrp];
+    PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
+    PFILE_OBJECT FileObject = IrpSp->FileObject;
+    FSP_FILE_NODE *FileNode = FileObject->FsContext;
+    FSP_FSCTL_FILE_INFO FileInfo;
+    LARGE_INTEGER TruncateSize = { 0 }, *PTruncateSize = 0;
+    BOOLEAN DeletePending = 0 != Request->Req.Cleanup.Delete;
+    BOOLEAN DeletedFromContextTable;
+    BOOLEAN Success;
+
+    FspFileNodeClose(FileNode, FileObject, &DeletedFromContextTable);
+    if (DeletedFromContextTable)
+    {
+        if (DeletePending)
+            PTruncateSize = &TruncateSize;
+        else if (FileNode->TruncateOnClose)
+        {
+            /*
+             * Even when FileInfoTimeout != Infinity,
+             * this is the last size that the cache manager knows.
+             */
+            FspFileNodeGetFileInfo(FileNode, &FileInfo);
+
+            TruncateSize.QuadPart = FileInfo.FileSize;
+            PTruncateSize = &TruncateSize;
+        }
+    }
+
+    if (DeletePending)
+    {
+        ASSERT(0 != FsvolDeviceObject);
+
+        /* FileNode is Exclusive Full; release Pgio */
+        FspFileNodeReleaseOwner(FileNode, Pgio, Request);
+
+        /* FileNode is now Exclusive Main; owner is Request */
+    }
+    else
+    {
+        ASSERT(0 == FsvolDeviceObject);
+
+        /* FileNode is Shared Full; reacquire as Exclusive Main for CcUnitializeCacheMap */
+        FspFileNodeReleaseOwner(FileNode, Full, Request);
+
+        Success = DEBUGRANDTEST(90, TRUE) && FspFileNodeTryAcquireExclusive(FileNode, Main);
+        if (!Success)
+        {
+            /* oh, maaan! we now have to do delayed uninitialize! */
+
+            FSP_FSVOL_CLEANUP_UNINITIALIZE_WORK_ITEM *WorkItem;
+
+            WorkItem = FspAllocatePoolMustSucceed(
+                NonPagedPool, sizeof *WorkItem, FSP_ALLOC_INTERNAL_TAG);
+            WorkItem->FileObject = FileObject;
+            WorkItem->TruncateSize = TruncateSize;
+            WorkItem->PTruncateSize = 0 != PTruncateSize ? &WorkItem->TruncateSize : 0;
+            ExInitializeWorkItem(&WorkItem->WorkQueueItem, FspFsvolCleanupUninitialize, WorkItem);
+
+            /* make sure that the file object (and corresponding device object) stay around! */
+            ObReferenceObject(FileObject);
+
+            ExQueueWorkItem(&WorkItem->WorkQueueItem, CriticalWorkQueue);
+
+            return;
+        }
+
+        /* FileNode is now Exclusive Main; owner is current thread */
+    }
+
+    CcUninitializeCacheMap(FileObject, PTruncateSize, 0);
+
+    /* this works correctly even if owner is current thread */
+    FspFileNodeReleaseOwner(FileNode, Main, Request);
+
+    if (DeletePending)
+        FspFsvolDeviceFileRenameReleaseOwner(FsvolDeviceObject, Request);
+}
+
+static VOID FspFsvolCleanupUninitialize(PVOID Context)
+{
+    PAGED_CODE();
+
+    FSP_FSVOL_CLEANUP_UNINITIALIZE_WORK_ITEM *WorkItem = Context;
+    PFILE_OBJECT FileObject = WorkItem->FileObject;
+    FSP_FILE_NODE *FileNode = FileObject->FsContext;
+    LARGE_INTEGER *PTruncateSize = WorkItem->PTruncateSize;
+
+    FspFileNodeAcquireExclusive(FileNode, Main);
+
+    CcUninitializeCacheMap(FileObject, PTruncateSize, 0);
+
+    FspFileNodeRelease(FileNode, Main);
+
+    ObDereferenceObject(FileObject);
+
+    FspFree(WorkItem);
+}
+
 NTSTATUS FspCleanup(
    PDEVICE_OBJECT DeviceObject, PIRP Irp)
 {