NTSTATUS
SerialIoControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This routine provides the initial processing for all of the
Ioctrls for the serial device.
Arguments:
DeviceObject - Pointer to the device object for this device
Irp - Pointer to the IRP for the current request
Return Value:
The function value is the final status of the call
--*/
{
//
// The status that gets returned to the caller and
// set in the Irp.
//
NTSTATUS Status;
//
// The current stack location. This contains all of the
// information we need to process this particular request.
//
PIO_STACK_LOCATION IrpSp;
//
// Just what it says. This is the serial specific device
// extension of the device object create for the serial driver.
//
PSERIAL_DEVICE_EXTENSION Extension = DeviceObject->DeviceExtension;
//
// A temporary to hold the old IRQL so that it can be
// restored once we complete/validate this request.
//
KIRQL OldIrql;
SerialDump(
SERIRPPATH,
("SERIAL: Dispatch entry for: %x\n",Irp)
);
if (SerialCompleteIfError(
DeviceObject,
Irp
) != STATUS_SUCCESS) {
return STATUS_CANCELLED;
}
IrpSp = IoGetCurrentIrpStackLocation(Irp);
Irp->IoStatus.Information = 0L;
Status = STATUS_SUCCESS;
switch (IrpSp->Parameters.DeviceIoControl.IoControlCode) {
case IOCTL_SERIAL_SET_BAUD_RATE : {
ULONG BaudRate;
//
// Will hold the value of the appropriate divisor for
// the requested baud rate. If the baudrate is invalid
// (because the device won't support that baud rate) then
// this value is undefined.
//
// Note: in one sense the concept of a valid baud rate
// is cloudy. We could allow the user to request any
// baud rate. We could then calculate the divisor needed
// for that baud rate. As long as the divisor wasn't less
// than one we would be "ok". (The percentage difference
// between the "true" divisor and the "rounded" value given
// to the hardware might make it unusable, but... ) It would
// really be up to the user to "Know" whether the baud rate
// is suitable. So much for theory, *We* only support a given
// set of baud rates.
//
SHORT AppropriateDivisor;
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_BAUD_RATE)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
} else {
BaudRate = ((PSERIAL_BAUD_RATE)(Irp->AssociatedIrp.SystemBuffer))->BaudRate;
}
//
// Get the baud rate from the irp. We pass it
// to a routine which will set the correct divisor.
//
Status = SerialGetDivisorFromBaud(
Extension->ClockRate,
BaudRate,
&AppropriateDivisor
);
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
if (NT_SUCCESS(Status)) {
SERIAL_IOCTL_SYNC S;
Extension->CurrentBaud = BaudRate;
S.Extension = Extension;
S.Data = (PVOID)AppropriateDivisor;
KeSynchronizeExecution(
Extension->Interrupt,
SerialSetBaud,
&S
);
}
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_BAUD_RATE: {
PSERIAL_BAUD_RATE Br = (PSERIAL_BAUD_RATE)Irp->AssociatedIrp.SystemBuffer;
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_BAUD_RATE)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
Br->BaudRate = Extension->CurrentBaud;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
Irp->IoStatus.Information = sizeof(SERIAL_BAUD_RATE);
break;
}
case IOCTL_SERIAL_SET_LINE_CONTROL: {
//
// Points to the line control record in the Irp.
//
PSERIAL_LINE_CONTROL Lc =
((PSERIAL_LINE_CONTROL)(Irp->AssociatedIrp.SystemBuffer));
UCHAR LData;
UCHAR LStop;
UCHAR LParity;
UCHAR Mask = 0xff;
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_LINE_CONTROL)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
switch (Lc->WordLength) {
case 5: {
LData = SERIAL_5_DATA;
Mask = 0x1f;
break;
}
case 6: {
LData = SERIAL_6_DATA;
Mask = 0x3f;
break;
}
case 7: {
LData = SERIAL_7_DATA;
Mask = 0x7f;
break;
}
case 8: {
LData = SERIAL_8_DATA;
break;
}
default: {
Status = STATUS_INVALID_PARAMETER;
goto DoneWithIoctl;
}
}
switch (Lc->Parity) {
case NO_PARITY: {
LParity = SERIAL_NONE_PARITY;
break;
}
case EVEN_PARITY: {
LParity = SERIAL_EVEN_PARITY;
break;
}
case ODD_PARITY: {
LParity = SERIAL_ODD_PARITY;
break;
}
case SPACE_PARITY: {
LParity = SERIAL_SPACE_PARITY;
break;
}
case MARK_PARITY: {
LParity = SERIAL_MARK_PARITY;
break;
}
default: {
Status = STATUS_INVALID_PARAMETER;
goto DoneWithIoctl;
break;
}
}
switch (Lc->StopBits) {
case STOP_BIT_1: {
LStop = SERIAL_1_STOP;
break;
}
case STOP_BITS_1_5: {
if (LData != SERIAL_5_DATA) {
Status = STATUS_INVALID_PARAMETER;
goto DoneWithIoctl;
}
LStop = SERIAL_1_5_STOP;
break;
}
case STOP_BITS_2: {
if (LData == SERIAL_5_DATA) {
Status = STATUS_INVALID_PARAMETER;
goto DoneWithIoctl;
}
LStop = SERIAL_2_STOP;
break;
}
default: {
Status = STATUS_INVALID_PARAMETER;
goto DoneWithIoctl;
}
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
Extension->LineControl =
(UCHAR)((Extension->LineControl & SERIAL_LCR_BREAK) |
(LData | LParity | LStop));
Extension->ValidDataMask = Mask;
KeSynchronizeExecution(
Extension->Interrupt,
SerialSetLineControl,
Extension
);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_LINE_CONTROL: {
PSERIAL_LINE_CONTROL Lc = (PSERIAL_LINE_CONTROL)Irp->AssociatedIrp.SystemBuffer;
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_LINE_CONTROL)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
if ((Extension->LineControl & SERIAL_DATA_MASK) == SERIAL_5_DATA) {
Lc->WordLength = 5;
} else if ((Extension->LineControl & SERIAL_DATA_MASK)
== SERIAL_6_DATA) {
Lc->WordLength = 6;
} else if ((Extension->LineControl & SERIAL_DATA_MASK)
== SERIAL_7_DATA) {
Lc->WordLength = 7;
} else if ((Extension->LineControl & SERIAL_DATA_MASK)
== SERIAL_8_DATA) {
Lc->WordLength = 8;
}
if ((Extension->LineControl & SERIAL_PARITY_MASK)
== SERIAL_NONE_PARITY) {
Lc->Parity = NO_PARITY;
} else if ((Extension->LineControl & SERIAL_PARITY_MASK)
== SERIAL_ODD_PARITY) {
Lc->Parity = ODD_PARITY;
} else if ((Extension->LineControl & SERIAL_PARITY_MASK)
== SERIAL_EVEN_PARITY) {
Lc->Parity = EVEN_PARITY;
} else if ((Extension->LineControl & SERIAL_PARITY_MASK)
== SERIAL_MARK_PARITY) {
Lc->Parity = MARK_PARITY;
} else if ((Extension->LineControl & SERIAL_PARITY_MASK)
== SERIAL_SPACE_PARITY) {
Lc->Parity = SPACE_PARITY;
}
if (Extension->LineControl & SERIAL_2_STOP) {
if (Lc->WordLength == 5) {
Lc->StopBits = STOP_BITS_1_5;
} else {
Lc->StopBits = STOP_BITS_2;
}
} else {
Lc->StopBits = STOP_BIT_1;
}
Irp->IoStatus.Information = sizeof(SERIAL_LINE_CONTROL);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_SET_TIMEOUTS: {
PSERIAL_TIMEOUTS NewTimeouts =
((PSERIAL_TIMEOUTS)(Irp->AssociatedIrp.SystemBuffer));
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_TIMEOUTS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
if ((NewTimeouts->ReadIntervalTimeout == MAXULONG) &&
(NewTimeouts->ReadTotalTimeoutMultiplier == MAXULONG) &&
(NewTimeouts->ReadTotalTimeoutConstant == MAXULONG)) {
Status = STATUS_INVALID_PARAMETER;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
Extension->Timeouts.ReadIntervalTimeout =
NewTimeouts->ReadIntervalTimeout;
Extension->Timeouts.ReadTotalTimeoutMultiplier =
NewTimeouts->ReadTotalTimeoutMultiplier;
Extension->Timeouts.ReadTotalTimeoutConstant =
NewTimeouts->ReadTotalTimeoutConstant;
Extension->Timeouts.WriteTotalTimeoutMultiplier =
NewTimeouts->WriteTotalTimeoutMultiplier;
Extension->Timeouts.WriteTotalTimeoutConstant =
NewTimeouts->WriteTotalTimeoutConstant;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_TIMEOUTS: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_TIMEOUTS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
*((PSERIAL_TIMEOUTS)Irp->AssociatedIrp.SystemBuffer) = Extension->Timeouts;
Irp->IoStatus.Information = sizeof(SERIAL_TIMEOUTS);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_SET_CHARS: {
SERIAL_IOCTL_SYNC S;
PSERIAL_CHARS NewChars =
((PSERIAL_CHARS)(Irp->AssociatedIrp.SystemBuffer));
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_CHARS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// The only thing that can be wrong with the chars
// is that the xon and xoff characters are the
// same.
//
#if 0
if (NewChars->XonChar == NewChars->XoffChar) {
Status = STATUS_INVALID_PARAMETER;
break;
}
#endif
//
// We acquire the control lock so that only
// one request can GET or SET the characters
// at a time. The sets could be synchronized
// by the interrupt spinlock, but that wouldn't
// prevent multiple gets at the same time.
//
S.Extension = Extension;
S.Data = NewChars;
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
//
// Under the protection of the lock, make sure that
// the xon and xoff characters aren't the same as
// the escape character.
//
if (Extension->EscapeChar) {
if ((Extension->EscapeChar == NewChars->XonChar) ||
(Extension->EscapeChar == NewChars->XoffChar)) {
Status = STATUS_INVALID_PARAMETER;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
}
KeSynchronizeExecution(
Extension->Interrupt,
SerialSetChars,
&S
);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_CHARS: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_CHARS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
*((PSERIAL_CHARS)Irp->AssociatedIrp.SystemBuffer) = Extension->SpecialChars;
Irp->IoStatus.Information = sizeof(SERIAL_CHARS);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_SET_DTR:
case IOCTL_SERIAL_CLR_DTR: {
//
// We acquire the lock so that we can check whether
// automatic dtr flow control is enabled. If it is
// then we return an error since the app is not allowed
// to touch this if it is automatic.
//
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
if ((Extension->HandFlow.ControlHandShake & SERIAL_DTR_MASK)
== SERIAL_DTR_HANDSHAKE) {
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
} else {
KeSynchronizeExecution(
Extension->Interrupt,
((IrpSp->Parameters.DeviceIoControl.IoControlCode ==
IOCTL_SERIAL_SET_DTR)?
(SerialSetDTR):(SerialClrDTR)),
Extension
);
}
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_RESET_DEVICE: {
break;
}
case IOCTL_SERIAL_SET_RTS:
case IOCTL_SERIAL_CLR_RTS: {
//
// We acquire the lock so that we can check whether
// automatic rts flow control or transmit toggleing
// is enabled. If it is then we return an error since
// the app is not allowed to touch this if it is automatic
// or toggling.
//
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
if (((Extension->HandFlow.FlowReplace & SERIAL_RTS_MASK)
== SERIAL_RTS_HANDSHAKE) ||
((Extension->HandFlow.FlowReplace & SERIAL_RTS_MASK)
== SERIAL_TRANSMIT_TOGGLE)) {
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
} else {
KeSynchronizeExecution(
Extension->Interrupt,
((IrpSp->Parameters.DeviceIoControl.IoControlCode ==
IOCTL_SERIAL_SET_RTS)?
(SerialSetRTS):(SerialClrRTS)),
Extension
);
}
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_SET_XOFF: {
KeSynchronizeExecution(
Extension->Interrupt,
SerialPretendXoff,
Extension
);
break;
}
case IOCTL_SERIAL_SET_XON: {
KeSynchronizeExecution(
Extension->Interrupt,
SerialPretendXon,
Extension
);
break;
}
case IOCTL_SERIAL_SET_BREAK_ON: {
KeSynchronizeExecution(
Extension->Interrupt,
SerialTurnOnBreak,
Extension
);
break;
}
case IOCTL_SERIAL_SET_BREAK_OFF: {
KeSynchronizeExecution(
Extension->Interrupt,
SerialTurnOffBreak,
Extension
);
break;
}
case IOCTL_SERIAL_SET_QUEUE_SIZE: {
//
// Type ahead buffer is fixed, so we just validate
// the the users request is not bigger that our
// own internal buffer size.
//
PSERIAL_QUEUE_SIZE Rs =
((PSERIAL_QUEUE_SIZE)(Irp->AssociatedIrp.SystemBuffer));
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_QUEUE_SIZE)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// We have to allocate the memory for the new
// buffer while we're still in the context of the
// caller. We don't even try to protect this
// with a lock because the value could be stale
// as soon as we release the lock - The only time
// we will know for sure is when we actually try
// to do the resize.
//
if (Rs->InSize <= Extension->BufferSize) {
Status = STATUS_SUCCESS;
break;
}
try {
IrpSp->Parameters.DeviceIoControl.Type3InputBuffer =
ExAllocatePoolWithQuota(
NonPagedPool,
Rs->InSize
);
} except (EXCEPTION_EXECUTE_HANDLER) {
IrpSp->Parameters.DeviceIoControl.Type3InputBuffer = NULL;
Status = GetExceptionCode();
}
if (!IrpSp->Parameters.DeviceIoControl.Type3InputBuffer) {
break;
}
//
// Well the data passed was big enough. Do the request.
//
// There are two reason we place it in the read queue:
//
// 1) We want to serialize these resize requests so that
// they don't contend with each other.
//
// 2) We want to serialize these requests with reads since
// we don't want reads and resizes contending over the
// read buffer.
//
return SerialStartOrQueue(
Extension,
Irp,
&Extension->ReadQueue,
&Extension->CurrentReadIrp,
SerialStartRead
);
break;
}
case IOCTL_SERIAL_GET_WAIT_MASK: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(ULONG)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Simple scalar read. No reason to acquire a lock.
//
Irp->IoStatus.Information = sizeof(ULONG);
*((ULONG *)Irp->AssociatedIrp.SystemBuffer) = Extension->IsrWaitMask;
break;
}
case IOCTL_SERIAL_SET_WAIT_MASK: {
ULONG NewMask;
SerialDump(
SERDIAG3 | SERIRPPATH,
("SERIAL: In Ioctl processing for set mask\n")
);
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(ULONG)) {
SerialDump(
SERDIAG3,
("SERIAL: Invalid size fo the buffer %d\n",
IrpSp->Parameters.DeviceIoControl.InputBufferLength)
);
Status = STATUS_BUFFER_TOO_SMALL;
break;
} else {
NewMask = *((ULONG *)Irp->AssociatedIrp.SystemBuffer);
}
//
// Make sure that the mask only contains valid
// waitable events.
//
if (NewMask & ~(SERIAL_EV_RXCHAR |
SERIAL_EV_RXFLAG |
SERIAL_EV_TXEMPTY |
SERIAL_EV_CTS |
SERIAL_EV_DSR |
SERIAL_EV_RLSD |
SERIAL_EV_BREAK |
SERIAL_EV_ERR |
SERIAL_EV_RING |
SERIAL_EV_PERR |
SERIAL_EV_RX80FULL |
SERIAL_EV_EVENT1 |
SERIAL_EV_EVENT2)) {
SerialDump(
SERDIAG3,
("SERIAL: Unknown mask %x\n",NewMask)
);
Status = STATUS_INVALID_PARAMETER;
break;
}
//
// Either start this irp or put it on the
// queue.
//
SerialDump(
SERDIAG3 | SERIRPPATH,
("SERIAL: Starting or queuing set mask irp %x\n",Irp)
);
return SerialStartOrQueue(
Extension,
Irp,
&Extension->MaskQueue,
&Extension->CurrentMaskIrp,
SerialStartMask
);
}
case IOCTL_SERIAL_WAIT_ON_MASK: {
SerialDump(
SERDIAG3 | SERIRPPATH,
("SERIAL: In Ioctl processing for wait mask\n")
);
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(ULONG)) {
SerialDump(
SERDIAG3,
("SERIAL: Invalid size fo the buffer %d\n",
IrpSp->Parameters.DeviceIoControl.InputBufferLength)
);
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Either start this irp or put it on the
// queue.
//
SerialDump(
SERDIAG3 | SERIRPPATH,
("SERIAL: Starting or queuing wait mask irp %x\n",Irp)
);
return SerialStartOrQueue(
Extension,
Irp,
&Extension->MaskQueue,
&Extension->CurrentMaskIrp,
SerialStartMask
);
}
case IOCTL_SERIAL_IMMEDIATE_CHAR: {
KIRQL OldIrql;
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(UCHAR)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
IoAcquireCancelSpinLock(&OldIrql);
if (Extension->CurrentImmediateIrp) {
Status = STATUS_INVALID_PARAMETER;
IoReleaseCancelSpinLock(OldIrql);
} else {
//
// We can queue the char. We need to set
// a cancel routine because flow control could
// keep the char from transmitting. Make sure
// that the irp hasn't already been canceled.
//
if (Irp->Cancel) {
IoReleaseCancelSpinLock(OldIrql);
Status = STATUS_CANCELLED;
} else {
Extension->CurrentImmediateIrp = Irp;
Extension->TotalCharsQueued++;
IoReleaseCancelSpinLock(OldIrql);
SerialStartImmediate(Extension);
return STATUS_PENDING;
}
}
break;
}
case IOCTL_SERIAL_PURGE: {
ULONG Mask;
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(ULONG)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Check to make sure that the mask only has
// 0 or the other appropriate values.
//
Mask = *((ULONG *)(Irp->AssociatedIrp.SystemBuffer));
if ((!Mask) || (Mask & (~(SERIAL_PURGE_TXABORT |
SERIAL_PURGE_RXABORT |
SERIAL_PURGE_TXCLEAR |
SERIAL_PURGE_RXCLEAR
)
)
)) {
Status = STATUS_INVALID_PARAMETER;
break;
}
//
// Either start this irp or put it on the
// queue.
//
return SerialStartOrQueue(
Extension,
Irp,
&Extension->PurgeQueue,
&Extension->CurrentPurgeIrp,
SerialStartPurge
);
}
case IOCTL_SERIAL_GET_HANDFLOW: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_HANDFLOW)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(SERIAL_HANDFLOW);
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
*((PSERIAL_HANDFLOW)Irp->AssociatedIrp.SystemBuffer) =
Extension->HandFlow;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_SET_HANDFLOW: {
SERIAL_IOCTL_SYNC S;
PSERIAL_HANDFLOW HandFlow = Irp->AssociatedIrp.SystemBuffer;
//
// Make sure that the hand shake and control is the
// right size.
//
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_HANDFLOW)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// Make sure that there are no invalid bits set in
// the control and handshake.
//
if (HandFlow->ControlHandShake & SERIAL_CONTROL_INVALID) {
Status = STATUS_INVALID_PARAMETER;
break;
}
if (HandFlow->FlowReplace & SERIAL_FLOW_INVALID) {
Status = STATUS_INVALID_PARAMETER;
break;
}
//
// Make sure that the app hasn't set an invlid DTR mode.
//
if ((HandFlow->ControlHandShake & SERIAL_DTR_MASK) ==
SERIAL_DTR_MASK) {
Status = STATUS_INVALID_PARAMETER;
break;
}
//
// Make sure that haven't set totally invalid xon/xoff
// limits.
//
if ((HandFlow->XonLimit < 0) ||
((ULONG)HandFlow->XonLimit > Extension->BufferSize)) {
Status = STATUS_INVALID_PARAMETER;
break;
}
if ((HandFlow->XoffLimit < 0) ||
((ULONG)HandFlow->XoffLimit > Extension->BufferSize)) {
Status = STATUS_INVALID_PARAMETER;
break;
}
S.Extension = Extension;
S.Data = HandFlow;
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
//
// Under the protection of the lock, make sure that
// we aren't turning on error replacement when we
// are doing line status/modem status insertion.
//
if (Extension->EscapeChar) {
if (HandFlow->FlowReplace & SERIAL_ERROR_CHAR) {
Status = STATUS_INVALID_PARAMETER;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
}
KeSynchronizeExecution(
Extension->Interrupt,
SerialSetHandFlow,
&S
);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_MODEMSTATUS: {
SERIAL_IOCTL_SYNC S;
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(ULONG)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(ULONG);
S.Extension = Extension;
S.Data = Irp->AssociatedIrp.SystemBuffer;
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
KeSynchronizeExecution(
Extension->Interrupt,
SerialGetModemUpdate,
&S
);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_GET_DTRRTS: {
ULONG ModemControl;
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(ULONG)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(ULONG);
Irp->IoStatus.Status = STATUS_SUCCESS;
//
// Reading this hardware has no effect on the device.
//
ModemControl = READ_MODEM_CONTROL(Extension->Controller);
ModemControl &= SERIAL_DTR_STATE | SERIAL_RTS_STATE;
*(PULONG)Irp->AssociatedIrp.SystemBuffer = ModemControl;
break;
}
case IOCTL_SERIAL_GET_COMMSTATUS: {
SERIAL_IOCTL_SYNC S;
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_STATUS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(SERIAL_STATUS);
S.Extension = Extension;
S.Data = Irp->AssociatedIrp.SystemBuffer;
//
// Acquire the cancel spin lock so nothing much
// changes while were getting the state.
//
IoAcquireCancelSpinLock(&OldIrql);
KeSynchronizeExecution(
Extension->Interrupt,
SerialGetCommStatus,
&S
);
IoReleaseCancelSpinLock(OldIrql);
break;
}
case IOCTL_SERIAL_GET_PROPERTIES: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIAL_COMMPROP)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
//
// No synchronization is required since this information
// is "static".
//
SerialGetProperties(
Extension,
Irp->AssociatedIrp.SystemBuffer
);
Irp->IoStatus.Information = sizeof(SERIAL_COMMPROP);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
}
case IOCTL_SERIAL_XOFF_COUNTER: {
PSERIAL_XOFF_COUNTER Xc = Irp->AssociatedIrp.SystemBuffer;
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(SERIAL_XOFF_COUNTER)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
if (Xc->Counter <= 0) {
Status = STATUS_INVALID_PARAMETER;
break;
}
//
// So far so good. Put the irp onto the write queue.
//
return SerialStartOrQueue(
Extension,
Irp,
&Extension->WriteQueue,
&Extension->CurrentWriteIrp,
SerialStartWrite
);
}
case IOCTL_SERIAL_LSRMST_INSERT: {
PUCHAR escapeChar = Irp->AssociatedIrp.SystemBuffer;
//
// Make sure we get a byte.
//
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(UCHAR)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
KeAcquireSpinLock(
&Extension->ControlLock,
&OldIrql
);
if (*escapeChar) {
//
// We've got some escape work to do. We will make sure that
// the character is not the same as the Xon or Xoff character,
// or that we are already doing error replacement.
//
if ((*escapeChar == Extension->SpecialChars.XoffChar) ||
(*escapeChar == Extension->SpecialChars.XonChar) ||
(Extension->HandFlow.FlowReplace & SERIAL_ERROR_CHAR)) {
Status = STATUS_INVALID_PARAMETER;
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
}
KeSynchronizeExecution(
Extension->Interrupt,
SerialSetEscapeChar,
Irp
);
KeReleaseSpinLock(
&Extension->ControlLock,
OldIrql
);
break;
}
case IOCTL_SERIAL_CONFIG_SIZE: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(ULONG)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(ULONG);
Irp->IoStatus.Status = STATUS_SUCCESS;
*(PULONG)Irp->AssociatedIrp.SystemBuffer = 0;
break;
}
case IOCTL_SERIAL_GET_STATS: {
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength <
sizeof(SERIALPERF_STATS)) {
Status = STATUS_BUFFER_TOO_SMALL;
break;
}
Irp->IoStatus.Information = sizeof(SERIALPERF_STATS);
Irp->IoStatus.Status = STATUS_SUCCESS;
KeSynchronizeExecution(
Extension->Interrupt,
SerialGetStats,
Irp
);
break;
}
case IOCTL_SERIAL_CLEAR_STATS: {
KeSynchronizeExecution(
Extension->Interrupt,
SerialClearStats,
Extension
);
break;
}
default: {
Status = STATUS_INVALID_PARAMETER;
break;
}
}
DoneWithIoctl:;
Irp->IoStatus.Status = Status;
SerialDump(
SERIRPPATH,
("SERIAL: Complete Irp: %x\n",Irp)
);
IoCompleteRequest(
Irp,
0
);
return Status;
}
PVOID
BowserAllocatePoolWithQuota (
IN POOL_TYPE PoolType,
IN ULONG NumberOfBytes,
IN PCHAR FileName,
IN ULONG LineNumber,
IN ULONG Tag
)
{
PPOOL_HEADER header;
KIRQL oldIrql;
#if 1
ULONG i;
#endif
#if POOL_TAGGING
header = ExAllocatePoolWithTagQuota( PoolType, sizeof(POOL_HEADER) + NumberOfBytes, Tag );
#else
header = ExAllocatePoolWithQuota( PoolType, sizeof(POOL_HEADER) + NumberOfBytes );
#endif
if ( header == NULL ) {
return NULL;
}
header->NumberOfBytes = NumberOfBytes;
// DbgPrint( "BOWSER: allocated type %d, size %d at %x\n", AllocationType, NumberOfBytes, header );
ACQUIRE_SPIN_LOCK( &BowserTimeSpinLock, &oldIrql );
CurrentAllocationCount++;
CurrentAllocationSize += NumberOfBytes;
#if 1
//
// Lets see if we've already allocated one of these guys.
//
for (i = 0;i < POOL_MAXTYPE ; i+= 1 ) {
if ((PoolStats[i].LineNumber == LineNumber) &&
(PoolStats[i].FileName == FileName)) {
//
// Yup, remember this allocation and return.
//
header->Stats = &PoolStats[i];
PoolStats[i].Count++;
PoolStats[i].Size += NumberOfBytes;
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
return header + 1;
}
}
for (i = NextFreeEntry; i < POOL_MAXTYPE ; i+= 1 ) {
if ((PoolStats[i].LineNumber == 0) &&
(PoolStats[i].FileName == NULL)) {
PoolStats[i].Count++;
PoolStats[i].Size += NumberOfBytes;
PoolStats[i].FileName = FileName;
PoolStats[i].LineNumber = LineNumber;
header->Stats = &PoolStats[i];
NextFreeEntry = i+1;
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
return header + 1;
}
}
header->Stats = &PoolStats[i];
PoolStats[POOL_MAXTYPE].Count++;
PoolStats[POOL_MAXTYPE].Size += NumberOfBytes;
#endif
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
return header + 1;
}
NTSTATUS
BuildQueryDirectoryIrp(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan,
IN UCHAR MinorFunction,
OUT BOOLEAN *SynchronousIo,
OUT PDEVICE_OBJECT *DeviceObject,
OUT PIRP *Irp,
OUT PFILE_OBJECT *FileObject,
OUT KPROCESSOR_MODE *RequestorMode
)
/*++
Routine Description:
This service operates on a directory file or OLE container specified by the
FileHandle parameter. The service returns information about files in the
directory or embeddings and streams in the container specified by the file
handle. The ReturnSingleEntry parameter specifies that only a single entry
should be returned rather than filling the buffer. The actual number of
files whose information is returned, is the smallest of the following:
o One entry, if the ReturnSingleEntry parameter is TRUE.
o The number of entries whose information fits into the specified
buffer.
o The number of entries that exist.
o One entry if the optional FileName parameter is specified.
If the optional FileName parameter is specified, then the only information
that is returned is for that single entries, if it exists. Note that the
file name may not specify any wildcard characters according to the naming
conventions of the target file system. The ReturnSingleEntry parameter is
simply ignored.
The information that is obtained about the entries in the directory or OLE
container is based on the FileInformationClass parameter. Legal values are
hard coded based on the MinorFunction.
Arguments:
FileHandle - Supplies a handle to the directory file or OLE container for
which information should be returned.
Event - Supplies an optional event to be set to the Signaled state when
the query is complete.
ApcRoutine - Supplies an optional APC routine to be executed when the
query is complete.
ApcContext - Supplies a context parameter to be passed to the ApcRoutine,
if an ApcRoutine was specified.
IoStatusBlock - Address of the caller's I/O status block.
FileInformation - Supplies a buffer to receive the requested information
returned about the contents of the directory.
Length - Supplies the length, in bytes, of the FileInformation buffer.
FileInformationClass - Specfies the type of information that is to be
returned about the files in the specified directory or OLE container.
ReturnSingleEntry - Supplies a BOOLEAN value that, if TRUE, indicates that
only a single entry should be returned.
FileName - Optionally supplies a file name within the specified directory
or OLE container.
RestartScan - Supplies a BOOLEAN value that, if TRUE, indicates that the
scan should be restarted from the beginning. This parameter must be
set to TRUE by the caller the first time the service is invoked.
MinorFunction - IRP_MN_QUERY_DIRECTORY or IRP_MN_QUERY_OLE_DIRECTORY
SynchronousIo - pointer to returned BOOLEAN; TRUE if synchronous I/O
DeviceObject - pointer to returned pointer to device object
Irp - pointer to returned pointer to device object
FileObject - pointer to returned pointer to file object
RequestorMode - pointer to returned requestor mode
Return Value:
The status returned is STATUS_SUCCESS if a valid irp was created for the
query operation.
--*/
{
PIRP irp;
NTSTATUS status;
PFILE_OBJECT fileObject;
PDEVICE_OBJECT deviceObject;
PKEVENT eventObject = (PKEVENT) NULL;
KPROCESSOR_MODE requestorMode;
PCHAR auxiliaryBuffer = (PCHAR) NULL;
PIO_STACK_LOCATION irpSp;
PMDL mdl;
PETHREAD CurrentThread;
PAGED_CODE();
//
// Get the previous mode; i.e., the mode of the caller.
//
CurrentThread = PsGetCurrentThread ();
requestorMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
*RequestorMode = requestorMode;
try {
if (requestorMode != KernelMode) {
ULONG operationlength = 0; // assume invalid
//
// The caller's access mode is not kernel so probe and validate
// each of the arguments as necessary. If any failures occur,
// the condition handler will be invoked to handle them. It
// will simply cleanup and return an access violation status
// code back to the system service dispatcher.
//
//
// The IoStatusBlock parameter must be writeable by the caller.
//
ProbeForWriteIoStatus(IoStatusBlock);
//
// Ensure that the FileInformationClass parameter is legal for
// querying information about files in the directory or object.
//
if (FileInformationClass == FileDirectoryInformation) {
operationlength = sizeof(FILE_DIRECTORY_INFORMATION);
} else if (MinorFunction == IRP_MN_QUERY_DIRECTORY) {
switch (FileInformationClass)
{
case FileFullDirectoryInformation:
operationlength = sizeof(FILE_FULL_DIR_INFORMATION);
break;
case FileIdFullDirectoryInformation:
operationlength = sizeof(FILE_ID_FULL_DIR_INFORMATION);
break;
case FileBothDirectoryInformation:
operationlength = sizeof(FILE_BOTH_DIR_INFORMATION);
break;
case FileIdBothDirectoryInformation:
operationlength = sizeof(FILE_ID_BOTH_DIR_INFORMATION);
break;
case FileNamesInformation:
operationlength = sizeof(FILE_NAMES_INFORMATION);
break;
case FileObjectIdInformation:
operationlength = sizeof(FILE_OBJECTID_INFORMATION);
break;
case FileQuotaInformation:
operationlength = sizeof(FILE_QUOTA_INFORMATION);
break;
case FileReparsePointInformation:
operationlength = sizeof(FILE_REPARSE_POINT_INFORMATION);
break;
}
}
//
// If the FileInformationClass parameter is illegal, fail now.
//
if (operationlength == 0) {
return STATUS_INVALID_INFO_CLASS;
}
//
// Ensure that the caller's supplied buffer is at least large enough
// to contain the fixed part of the structure required for this
// query.
//
if (Length < operationlength) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// The FileInformation buffer must be writeable by the caller.
//
#if defined(_X86_)
ProbeForWrite( FileInformation, Length, sizeof( ULONG ) );
#elif defined(_WIN64)
//
// If we are a wow64 process, follow the X86 rules
//
if (PsGetCurrentProcessByThread(CurrentThread)->Wow64Process) {
ProbeForWrite( FileInformation, Length, sizeof( ULONG ) );
} else {
ProbeForWrite( FileInformation,
Length,
IopQuerySetAlignmentRequirement[FileInformationClass] );
}
#else
ProbeForWrite( FileInformation,
Length,
IopQuerySetAlignmentRequirement[FileInformationClass] );
#endif
}
//
// If the optional FileName parameter was specified, then it must be
// readable by the caller. Capture the file name string in a pool
// block. Note that if an error occurs during the copy, the cleanup
// code in the exception handler will deallocate the pool before
// returning an access violation status.
//
if (ARGUMENT_PRESENT( FileName )) {
UNICODE_STRING fileName;
PUNICODE_STRING nameBuffer;
//
// Capture the string descriptor itself to ensure that the
// string is readable by the caller without the caller being
// able to change the memory while its being checked.
//
if (requestorMode != KernelMode) {
ProbeAndReadUnicodeStringEx( &fileName, FileName );
} else {
fileName = *FileName;
}
//
// If the length is not an even number of bytes
// return an error.
//
if (fileName.Length & (sizeof(WCHAR) - 1)) {
return STATUS_INVALID_PARAMETER;
}
if (fileName.Length) {
//
// The length of the string is non-zero, so probe the
// buffer described by the descriptor if the caller was
// not kernel mode. Likewise, if the caller's mode was
// not kernel, then check the length of the name string
// to ensure that it is not too long.
//
if (requestorMode != KernelMode) {
ProbeForRead( fileName.Buffer,
fileName.Length,
sizeof( UCHAR ) );
//
// account for unicode
//
if (fileName.Length > MAXIMUM_FILENAME_LENGTH<<1) {
ExRaiseStatus( STATUS_INVALID_PARAMETER );
}
}
//
// Allocate an auxiliary buffer large enough to contain
// a file name descriptor and to hold the entire file
// name itself. Copy the body of the string into the
// buffer.
//
auxiliaryBuffer = ExAllocatePoolWithQuota( NonPagedPool,
fileName.Length + sizeof( UNICODE_STRING ) );
RtlCopyMemory( auxiliaryBuffer + sizeof( UNICODE_STRING ),
fileName.Buffer,
fileName.Length );
//
// Finally, build the Unicode string descriptor in the
// auxiliary buffer.
//
nameBuffer = (PUNICODE_STRING) auxiliaryBuffer;
nameBuffer->Length = fileName.Length;
nameBuffer->MaximumLength = fileName.Length;
nameBuffer->Buffer = (PWSTR) (auxiliaryBuffer + sizeof( UNICODE_STRING ) );
}
}
} except(EXCEPTION_EXECUTE_HANDLER) {
//
// An exception was incurred while probing the caller's buffers,
// attempting to allocate a pool buffer, or while trying to copy
// the caller's data. Determine what happened, clean everything
// up, and return an appropriate error status code.
//
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
return GetExceptionCode();
}
//
// There were no blatant errors so far, so reference the file object so
// the target device object can be found. Note that if the handle does
// not refer to a file object, or if the caller does not have the required
// access to the file, then it will fail.
//
status = ObReferenceObjectByHandle( FileHandle,
FILE_LIST_DIRECTORY,
IoFileObjectType,
requestorMode,
(PVOID *) &fileObject,
(POBJECT_HANDLE_INFORMATION) NULL );
if (!NT_SUCCESS( status )) {
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
return status;
}
*FileObject = fileObject;
//
// If this file has an I/O completion port associated w/it, then ensure
// that the caller did not supply an APC routine, as the two are mutually
// exclusive methods for I/O completion notification.
//
if (fileObject->CompletionContext && IopApcRoutinePresent( ApcRoutine )) {
ObDereferenceObject( fileObject );
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
return STATUS_INVALID_PARAMETER;
}
//
// Get the address of the event object and set the event to the Not-
// Signaled state, if an event was specified. Note here, too, that if
// the handle does not refer to an event, or if the event cannot be
// written, then the reference will fail.
//
if (ARGUMENT_PRESENT( Event )) {
status = ObReferenceObjectByHandle( Event,
EVENT_MODIFY_STATE,
ExEventObjectType,
requestorMode,
(PVOID *) &eventObject,
(POBJECT_HANDLE_INFORMATION) NULL );
if (!NT_SUCCESS( status )) {
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
ObDereferenceObject( fileObject );
return status;
} else {
KeClearEvent( eventObject );
}
}
//
// Make a special check here to determine whether this is a synchronous
// I/O operation. If it is, then wait here until the file is owned by
// the current thread.
//
if (fileObject->Flags & FO_SYNCHRONOUS_IO) {
BOOLEAN interrupted;
if (!IopAcquireFastLock( fileObject )) {
status = IopAcquireFileObjectLock( fileObject,
requestorMode,
(BOOLEAN) ((fileObject->Flags & FO_ALERTABLE_IO) != 0),
&interrupted );
if (interrupted) {
if (auxiliaryBuffer != NULL) {
ExFreePool( auxiliaryBuffer );
}
if (eventObject != NULL) {
ObDereferenceObject( eventObject );
}
ObDereferenceObject( fileObject );
return status;
}
}
*SynchronousIo = TRUE;
} else {
*SynchronousIo = FALSE;
#if defined(_WIN64)
if (requestorMode != KernelMode) {
try {
//
// If this is a 32-bit asynchronous IO, then mark the Iosb being sent as so.
// Note: IopMarkApcRoutineIfAsyncronousIo32 must be called after probing
// the IoStatusBlock structure for write.
//
IopMarkApcRoutineIfAsyncronousIo32(IoStatusBlock,ApcRoutine,FALSE);
} except (EXCEPTION_EXECUTE_HANDLER) {
//
// An IRP could not be allocated. Cleanup and return an appropriate
// error status code.
//
IopAllocateIrpCleanup( fileObject, eventObject );
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
return GetExceptionCode ();
}
}
#endif
}
//
// Set the file object to the Not-Signaled state.
//
KeClearEvent( &fileObject->Event );
//
// Get the address of the target device object.
//
deviceObject = IoGetRelatedDeviceObject( fileObject );
*DeviceObject = deviceObject;
//
// Allocate and initialize the I/O Request Packet (IRP) for this operation.
// The allocation is performed with an exception handler in case the
// caller does not have enough quota to allocate the packet.
irp = IoAllocateIrp( deviceObject->StackSize, !(*SynchronousIo) );
if (!irp) {
//
// An IRP could not be allocated. Cleanup and return an appropriate
// error status code.
//
IopAllocateIrpCleanup( fileObject, eventObject );
if (auxiliaryBuffer) {
ExFreePool( auxiliaryBuffer );
}
return STATUS_INSUFFICIENT_RESOURCES;
}
*Irp = irp;
irp->Tail.Overlay.OriginalFileObject = fileObject;
irp->Tail.Overlay.Thread = CurrentThread;
irp->RequestorMode = requestorMode;
//
// Fill in the service independent parameters in the IRP.
//
irp->UserEvent = eventObject;
irp->UserIosb = IoStatusBlock;
irp->Overlay.AsynchronousParameters.UserApcRoutine = ApcRoutine;
irp->Overlay.AsynchronousParameters.UserApcContext = ApcContext;
//
// Get a pointer to the stack location for the first driver. This will be
// used to pass the original function codes and parameters.
//
irpSp = IoGetNextIrpStackLocation( irp );
irpSp->MajorFunction = IRP_MJ_DIRECTORY_CONTROL;
irpSp->MinorFunction = MinorFunction;
irpSp->FileObject = fileObject;
// Also, copy the caller's parameters to the service-specific portion of
// the IRP.
//
irp->Tail.Overlay.AuxiliaryBuffer = auxiliaryBuffer;
irp->AssociatedIrp.SystemBuffer = (PVOID) NULL;
irp->MdlAddress = (PMDL) NULL;
//
// Now determine whether this driver expects to have data buffered to it
// or whether it performs direct I/O. This is based on the DO_BUFFERED_IO
// flag in the device object. If the flag is set, then a system buffer is
// allocated and the driver's data will be copied into it. Otherwise, a
// Memory Descriptor List (MDL) is allocated and the caller's buffer is
// locked down using it.
//
if (deviceObject->Flags & DO_BUFFERED_IO) {
//
// The device does not support direct I/O. Allocate a system buffer
// and specify that it should be deallocated on completion. Also
// indicate that this is an input operation so the data will be copied
// into the caller's buffer. This is done using an exception handler
// that will perform cleanup if the operation fails.
//
try {
//
// Allocate the intermediary system buffer from nonpaged pool and
// charge quota for it.
//
irp->AssociatedIrp.SystemBuffer =
ExAllocatePoolWithQuota( NonPagedPool, Length );
} except(EXCEPTION_EXECUTE_HANDLER) {
//
// An exception was incurred while either probing the caller's
// buffer or allocate the system buffer. Determine what actually
// happened, clean everything up, and return an appropriate error
// status code.
//
IopExceptionCleanup( fileObject,
irp,
eventObject,
(PKEVENT) NULL );
if (auxiliaryBuffer != NULL) {
ExFreePool( auxiliaryBuffer );
}
return GetExceptionCode();
}
//
// Remember the address of the caller's buffer so the copy can take
// place during I/O completion. Also, set the flags so that the
// completion code knows to do the copy and to deallocate the buffer.
//
irp->UserBuffer = FileInformation;
irp->Flags = (ULONG) (IRP_BUFFERED_IO |
IRP_DEALLOCATE_BUFFER |
IRP_INPUT_OPERATION);
} else if (deviceObject->Flags & DO_DIRECT_IO) {
NTSTATUS
NtLoadDriver(
IN PUNICODE_STRING DriverServiceName
)
/*++
Routine Description:
This service dynamically loads a device or file system driver into
the currently running system. It requires that the caller have the
appropriate privilege to execute this service.
Arguments:
DriverServiceName - Specifies the name of the node in the registry
associated with the driver to be loaded.
Return Value:
The status returned is the final completion status of the load operation.
--*/
{
KPROCESSOR_MODE requestorMode;
UNICODE_STRING driverServiceName;
PWCHAR nameBuffer = (PWCHAR) NULL;
LOAD_PACKET loadPacket;
PAGED_CODE();
//
// Get the previous mode; i.e., the mode of the caller.
//
requestorMode = KeGetPreviousMode();
if (requestorMode != KernelMode) {
//
// The caller's access mode is not kernel so check to ensure that
// the caller has the privilege to load a driver and probe and
// capture the name of the driver service entry.
//
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, requestorMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
//
// The caller has the appropriate privilege to load and unload
// drivers, so capture the driver service name string so that it
// can be used to locate the driver from the registry node.
//
try {
driverServiceName = ProbeAndReadUnicodeString( DriverServiceName );
if (!driverServiceName.Length) {
return STATUS_INVALID_PARAMETER;
}
ProbeForRead( driverServiceName.Buffer,
driverServiceName.Length,
sizeof( WCHAR ) );
nameBuffer = ExAllocatePoolWithQuota( PagedPool,
driverServiceName.Length );
RtlCopyMemory( nameBuffer,
driverServiceName.Buffer,
driverServiceName.Length );
driverServiceName.Buffer = nameBuffer;
} except(EXCEPTION_EXECUTE_HANDLER) {
//
// An exception was incurred while attempting to capture the
// input name string or while attempting to allocate the name
// string buffer. Simply clean everything up and return an
// appropriate error status code.
//
if (nameBuffer) {
ExFreePool( nameBuffer );
}
return GetExceptionCode();
}
} else {
