From 4126aae5a4bb75fcaf4d45dc53c211563512473d Mon Sep 17 00:00:00 2001 From: Martin Harvey Date: Mon, 5 Dec 2022 09:01:59 +0000 Subject: [PATCH] Correct return codes during racy destruction. Errors in PnP retun codes found when testing under driver verifier with mixed VM lifecycle operations. Under some rare cases, it is possible to get more than one PnP "remove-like" operation. This results in a PnP remove operation being processed whilst the device is already in the deleted state. This patch fixes the immediate cause of the bugfixes, by fixing the return code. Device destruction is unchanged. Investigation into the root cause is still ongoing. Signed-off-by: Martin Harvey Extrapolated this patch from other drivers. Cosmetic fixes. Signed-off-by: Paul Durrant --- src/xenvkbd/driver.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/xenvkbd/driver.c b/src/xenvkbd/driver.c index 5e98af0..26f6cb2 100644 --- a/src/xenvkbd/driver.c +++ b/src/xenvkbd/driver.c @@ -287,8 +287,20 @@ Dispatch( ASSERT3P(Dx->DeviceObject, ==, DeviceObject); if (Dx->DevicePnpState == Deleted) { + PIO_STACK_LOCATION StackLocation = IoGetCurrentIrpStackLocation(Irp); + UCHAR MajorFunction = StackLocation->MajorFunction; + UCHAR MinorFunction = StackLocation->MinorFunction; + status = STATUS_NO_SUCH_DEVICE; + if (MajorFunction == IRP_MJ_PNP) { + /* FDO and PDO deletions can block after being marked deleted, but before IoDeleteDevice */ + if (MinorFunction == IRP_MN_SURPRISE_REMOVAL || MinorFunction == IRP_MN_REMOVE_DEVICE) + status = STATUS_SUCCESS; + + ASSERT((MinorFunction != IRP_MN_CANCEL_REMOVE_DEVICE) && (MinorFunction != IRP_MN_CANCEL_STOP_DEVICE)); + } + Irp->IoStatus.Status = status; IoCompleteRequest(Irp, IO_NO_INCREMENT); goto done; -- 2.39.5