To those who are writing their own full SCSI ports:
The CLASS2 binary in NT4 has a bug. Namely - the following logic
presents in ScsiClassReadWrite:
IoMarkIrpPending(Irp);
…
return IoCallDriver(PortDeviceObject, Irp);
So, if the SCSI port driver returns any other value except
STATUS_PENDING (and there are no rules which prevent it from doing this),
IopCompleteRequest will be called twice for the same IRP - as an APC and
then directly from IopSynchronousServiceTail.
This is absolutely unacceptable and leads to a funny corruption - the
file object is ObDereferenced extra time and thus destroyed. Then, when the
umode app closes the file, you will see a bugcheck inside some Obxxx routine
called by NtClose trying to access the deallocated file object.
The CLASS source (provided in the DDK) surely manifests this bug. The
CLASS2 binary code - too.
This bug can make life worse for those who write their own SCSI port
drivers.
The rule is - the SCSI port driver must ALWAYS return STATUS_PENDING for
“execute SCSI” and “device control” SRB function codes.
Even if the port driver wants to fail the request early before putting
it to any queues - then the correct way must be:
IoMarkIrpPending(Irp);
Irp->IoStatus.Status = STATUS_xxx;
IoCompleteRequest(Irp, IO_DISK_INCREMENT);
return STATUS_PENDING;
and NOT:
Irp->IoStatus.Status = STATUS_xxx;
IoCompleteRequest(Irp, IO_DISK_INCREMENT);
return STATUS_xxx;
Max
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com