Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Driver Design: Error handling in "Free" functions in drivers

0xrepnz0xrepnz Member Posts: 16
edited October 2019 in NTDEV

Hey, I have a general driver design question: What kind of error handling you do in the "free" functions of your drivers if the component could not free itself correctly?
Also, What about errors inside the error handler?
Most of the time if these errors happen, it means that there's a programming bug somewhere, in your code or in the code of used libraries..

Let's look at an example:

// Functions to create and destroy objects.
// These objects can be anything, kernel objects or memory..
// These are used only for the example
NTSTATUS CreateObject(__out POBJECT* Object);

NTSTATUS FreeObject(__out POBJECT* Object);

// This is the state of this component
POBJECT g_FirstObject;
POBJECT g_SecondObject;

// This is a function to initialize the component
NTSTATUS InitializeComponent(VOID)
{
    NTSTATUS Status;

    // By the way: Should I check if this component has already been initialized?

    g_FirstObject = NULL;
    g_SecondObject = NULL;

    Status = CreateObject(&g_FirstObject);

    if (!NT_SUCCESS(Status))
    {
        LOG_ERROR("Could not create object A");
        goto cleanup;
    }

    Status = CreateObject(&g_SecondObject);

    if (!NT_SUCCESS(Status))
    {
        LOG_ERROR("Could not create object B");
        goto cleanup;
    }

cleanup:
    if (!NT_SUCCESS(Status))
    {
        // If the component could not initialize itself, 
        // Call the free function to free left-overs
        // What about errors in this path? (error is ignored)
        FreeComponent();
    }
}

NTSTATUS FreeComponent(VOID)
{
    NTSTAUTS Status;

    if (g_FirstObject) { 
        // This can also cause errors..
        // What should I do with an errors in this function?
        Status = FreeObject(&g_FirstObject);

        if (!NT_SUCCESS(Status)) { 

            return Status; 
        } 
    }

    if (g_SecondObject) { 
        Status = FreeObject(&g_SecondObject);

        if (!NT_SUCCESS(Status)) { 
            // [!!] Now the component is an unstable state.
            // FirstObject is freed, and the second object could not be freed
            // What should I do? 
            return Status;
        }

    }

    return STATUS_SUCCESS;
}   
Post edited by 0xrepnz on

Comments

  • Mark_RoddyMark_Roddy Member - All Emails Posts: 4,320

    free cannot fail. If you want to be pedantic and check for error conditions (duplicate free, corrupt list, buffer over/under run, etc.) you bugcheck on failure as there is no sensible path forward.

  • 0xrepnz0xrepnz Member Posts: 16
    edited October 2019

    I don't mean ExFreePool, it could be anything that can fail (ZwFreeVirtualMemory, ObCloseHandle, ...)
    I wanted to bug check on failure, but I don't think I should shutdown the entire machine just because of a bug in my code if the system can continue working..

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,403

    If ObCloseHandle fails, the system is broken and will die shortly anyway. Mark is right. You either ignore it, or you bugcheck.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • 0xrepnz0xrepnz Member Posts: 16

    Ok thank you

  • Martin_DrábMartin_Dráb Member - All Emails Posts: 81

    Failure of these Free functions may mean that something is wrong in your code (e.g. you are attempting to close non-existent handle or free non-commited/reserved block of virtual memory). I think you may log such errors in order to find some rare bugs.

    Martin Dráb

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA