Wait wake callback function with context set to NULL.

NTDEV
1

Hi, all,

I have a crash dump on an XP system that shows the wait wake callback function tries to access the NULL pointer. By digging deeply, it seems that callback function was being call with the context set to NULL. We use the context for passing the device extension pointer and use it in the function, so the crash happens.

I am sure the context is set correctly when calling PoRequestPowerIrp, why that context turns to NULL in the callback?

Here is my code.

Status = PoRequestPowerIrp ( DeviceExtension->PhysicalDeviceObject,
IRP_MN_WAIT_WAKE,
PowerState,
(PREQUEST_POWER_COMPLETE)UsbWaitWakeCallback,
DeviceExtension,
&DeviceExtension->WaitWakeIrp);

VOID
UsbWaitWakeCallback (
PDEVICE_OBJECT DeviceObject,
UCHAR MinorFunction,
POWER_STATE PowerState,
PVOID Context,
PIO_STATUS_BLOCK IoStatus )
{
FUNCTIONNAME(“UsbWaitWakeCallback()”)
PUSB_DEVICE_EXTENSION DeviceExtension;

DeviceExtension = (PUSB_DEVICE_EXTENSION)Context;

// Context is NULL here!!!

Thanks,

Adam

2

This does work, otherwise many other drivers will break. In current implementations, the power manager stores your context in an additional IO_STACK_LOCATION that it allocates in the power irp so it can retrieve the value later. I would investigate your handling of WW power irps and how you manage the IO_STACK_LOCATIONS. It could be you are zeroing out that value. One thing you could do is put a bp on your WW processing routine, run !irp on the WW irp, look at all the stack locations, find the one that contains your DeviceExtension value and put a break on write on the address (ba w4

) and then you should be able to see who is zero'ing out the value.

On another note, you should not use PoRequestPowerIrp to set DevExt->WaitWakeIrp, there is no synchronization around setting of this value. Instead, when you get the WW irp, you should set DevExt->WaitWakeIrp there where you have the proper synchronization.

d