Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Race Conditions in DDK Bulk USB Sample Driver ??

OSR_Community_UserOSR_Community_User Member Posts: 110,217
I have been looking at how the DDK bulkusb example handles Stopping and
Removal of devices and think I see a race condition.

It looks as if the code calls BulkUsb_CanAcceptIoRequests() before it
processes any IRPs. The purpose of this function is to check some status
flags in the device extension that are set by the PnP Stop/Remove/Query
logic.

The code looks like this:

if ( !deviceExtension->DeviceRemoved &&
// device must be started( enabled )
deviceExtension->DeviceStarted &&
// flag set when driver has answered success to
IRP_MN_QUERY_REMOVE_DEVICE
!deviceExtension->RemoveDeviceRequested &&
// flag set when driver has answered success to
IRP_MN_QUERY_STOP_DEVICE
!deviceExtension->StopDeviceRequested ){
fCan = TRUE;


Now:

What if while in the middle of these checks, say after the
RemoveDeviceRequested flag is checked the driver recieves a
IRP_MN_QUERY_REMOVE_DEVICE request and the flag gets set to true. (The
PnP code simply checks to see if there are any outstanding IRPs via a
counter, and if there are none it tells the PnP manager that it is OK to
remove the device and sets the RemoveDeviceRequested flag). Once this
happens, our I/O request will continue since we have already checked
this flag.

Am I missing something here ??

Thanks !

-Chris

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    This may be the simplistic answer, but isn't this what spinlocks are for?

    KeAcquireSpinLock(&deviceExtension->serialize, &oldIrql);

    ... your if clause

    KeReleaseSpinLock(&deviceExtension->serialize, &oldIrql);

    This should synchronize access to those flags, given that the code that
    handles QUERY attempts to acquire the same spinlock.

    -----Original Message-----
    From: Christopher Pane [mailto:[email protected]]
    Sent: Friday, June 16, 2000 12:17 PM
    To: NT Developers Interest List
    Subject: [ntdev] Race Conditions in DDK Bulk USB
    Sample Driver ??

    << File: Card for Christopher Pane >> I have been looking
    at how the DDK bulkusb example handles Stopping and
    Removal of devices and think I see a race condition.

    It looks as if the code calls BulkUsb_CanAcceptIoRequests()
    before it
    processes any IRPs. The purpose of this function is to check
    some status
    flags in the device extension that are set by the PnP
    Stop/Remove/Query
    logic.

    The code looks like this:

    if ( !deviceExtension->DeviceRemoved &&
    // device must be started( enabled )
    deviceExtension->DeviceStarted &&
    // flag set when driver has answered success to
    IRP_MN_QUERY_REMOVE_DEVICE
    !deviceExtension->RemoveDeviceRequested &&
    // flag set when driver has answered success to
    IRP_MN_QUERY_STOP_DEVICE
    !deviceExtension->StopDeviceRequested ){
    fCan = TRUE;


    Now:

    What if while in the middle of these checks, say after the
    RemoveDeviceRequested flag is checked the driver recieves a
    IRP_MN_QUERY_REMOVE_DEVICE request and the flag gets set to
    true. (The
    PnP code simply checks to see if there are any outstanding
    IRPs via a
    counter, and if there are none it tells the PnP manager that
    it is OK to
    remove the device and sets the RemoveDeviceRequested flag).
    Once this
    happens, our I/O request will continue since we have already
    checked
    this flag.

    Am I missing something here ??

    Thanks !

    -Chris
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    I agree the need for sychonization, I was just surprised there was none in the
    Sample in the DDK ;->

    Later

    -Chris

    Gary Little wrote:

    > This may be the simplistic answer, but isn't this what spinlocks are for?
    >
    > KeAcquireSpinLock(&deviceExtension->serialize, &oldIrql);
    >
    > ... your if clause
    >
    > KeReleaseSpinLock(&deviceExtension->serialize, &oldIrql);
    >
    > This should synchronize access to those flags, given that the code that
    > handles QUERY attempts to acquire the same spinlock.
    >
    > -----Original Message-----
    > From: Christopher Pane [mailto:[email protected]]
    > Sent: Friday, June 16, 2000 12:17 PM
    > To: NT Developers Interest List
    > Subject: [ntdev] Race Conditions in DDK Bulk USB
    > Sample Driver ??
    >
    > << File: Card for Christopher Pane >> I have been looking
    > at how the DDK bulkusb example handles Stopping and
    > Removal of devices and think I see a race condition.
    >
    > It looks as if the code calls BulkUsb_CanAcceptIoRequests()
    > before it
    > processes any IRPs. The purpose of this function is to check
    > some status
    > flags in the device extension that are set by the PnP
    > Stop/Remove/Query
    > logic.
    >
    > The code looks like this:
    >
    > if ( !deviceExtension->DeviceRemoved &&
    > // device must be started( enabled )
    > deviceExtension->DeviceStarted &&
    > // flag set when driver has answered success to
    > IRP_MN_QUERY_REMOVE_DEVICE
    > !deviceExtension->RemoveDeviceRequested &&
    > // flag set when driver has answered success to
    > IRP_MN_QUERY_STOP_DEVICE
    > !deviceExtension->StopDeviceRequested ){
    > fCan = TRUE;
    >
    > Now:
    >
    > What if while in the middle of these checks, say after the
    > RemoveDeviceRequested flag is checked the driver recieves a
    > IRP_MN_QUERY_REMOVE_DEVICE request and the flag gets set to
    > true. (The
    > PnP code simply checks to see if there are any outstanding
    > IRPs via a
    > counter, and if there are none it tells the PnP manager that
    > it is OK to
    > remove the device and sets the RemoveDeviceRequested flag).
    > Once this
    > happens, our I/O request will continue since we have already
    > checked
    > this flag.
    >
    > Am I missing something here ??
    >
    > Thanks !
    >
    > -Chris
    >
    >
    > ---
    > You are currently subscribed to ntdev as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online