Hello -
My driver has a worker thread that
(1) uses IoAllocateIrp to make a slave IRP,
(2) installs a completion routine in the slave IRP, and
(3) sends the slave down to the USB bus driver.
The completion routine, when called, sends a message
to the worker thread, and then returns
STATUS_MORE_PROCESSING_REQUIRED to stop the IO manager
from doing anything more with the slave IRP.
The worker thread, in response to the message from the
completion routine, calls IoFreeIrp to deallocate the
slave IRP.
However, the worker thread might receive a message
directing it to cancel the slave IRP, and the cancel
message might arrive before the message from the
completion routine. So the worker thread might call
IoCancelIrp on the slave IRP, after the IO manager thinks
the slave is complete, but before the slave is deallocated.
But the call to IoCancelIrp must return before the call
to IoFreeIrp, because the worker thread is making
both calls.
Is this possible behavior dangerous?
Thanks,
Tim Sauerwein / Audio Precision, Inc.