|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [win-pv-devel] [PATCH] Fix pool leaks exposed by DriverVerifier
> -----Original Message----- > From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On > Behalf Of owen.smith@xxxxxxxxxx > Sent: 03 January 2017 16:54 > To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx > Cc: Owen Smith <owen.smith@xxxxxxxxxx> > Subject: [win-pv-devel] [PATCH] Fix pool leaks exposed by DriverVerifier > > From: Owen Smith <owen.smith@xxxxxxxxxx> > > * RegistryCloseKey was not called in DriverRequestReboot > * RegistryTeardown was not being called in DriverUnload > * __RegistryFree was not being called in RegistryCreateKey > * Reordered DriverEntry slightly for improved code consistancy > > Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx> Acked-by: Paul Durrant <paul.durrant@xxxxxxxxxx> The registry bugs may also exist in other drivers. I'll check. > --- > src/xenvbd/driver.c | 37 +++++++++++++++++++++++++------------ > src/xenvbd/registry.c | 2 ++ > 2 files changed, 27 insertions(+), 12 deletions(-) > > diff --git a/src/xenvbd/driver.c b/src/xenvbd/driver.c > index 3fb2fcc..776d5ae 100644 > --- a/src/xenvbd/driver.c > +++ b/src/xenvbd/driver.c > @@ -198,6 +198,8 @@ DriverRequestReboot( > > RegistryCloseKey(SubKey); > > + RegistryCloseKey(RequestKey); > + > RegistryFreeSzValue(Ansi); > > return; > @@ -470,6 +472,7 @@ DriverUnload( > Driver.StorPortDriverUnload(_DriverObject); > BufferTerminate(); > RegistryCloseKey(Driver.ParametersKey); > + RegistryTeardown(); > > Trace("<=== (Irql=%d)\n", KeGetCurrentIrql()); > } > @@ -517,6 +520,7 @@ DriverEntry( > Driver.ParametersKey = ParametersKey; > > RegistryCloseKey(ServiceKey); > + ServiceKey = NULL; > > KeInitializeSpinLock(&Driver.Lock); > Driver.Fdo = NULL; > @@ -555,23 +559,32 @@ DriverEntry( > RegistryPath, > &InitData, > NULL); > - if (NT_SUCCESS(status)) { > - Driver.StorPortDispatchPnp = _DriverObject- > >MajorFunction[IRP_MJ_PNP]; > - Driver.StorPortDispatchPower = _DriverObject- > >MajorFunction[IRP_MJ_POWER]; > - Driver.StorPortDriverUnload = _DriverObject->DriverUnload; > - > - _DriverObject->MajorFunction[IRP_MJ_PNP] = DispatchPnp; > - _DriverObject->MajorFunction[IRP_MJ_POWER] = DispatchPower; > - _DriverObject->DriverUnload = DriverUnload; > - } > + if (!NT_SUCCESS(status)) > + goto fail4; > > - Trace("<=== (%08x) (Irql=%d)\n", status, KeGetCurrentIrql()); > - return status; > + Driver.StorPortDispatchPnp = _DriverObject- > >MajorFunction[IRP_MJ_PNP]; > + Driver.StorPortDispatchPower = _DriverObject- > >MajorFunction[IRP_MJ_POWER]; > + Driver.StorPortDriverUnload = _DriverObject->DriverUnload; > + > + _DriverObject->MajorFunction[IRP_MJ_PNP] = DispatchPnp; > + _DriverObject->MajorFunction[IRP_MJ_POWER] = DispatchPower; > + _DriverObject->DriverUnload = DriverUnload; > + > + Trace("<=== (%08x) (Irql=%d)\n", STATUS_SUCCESS, KeGetCurrentIrql()); > + return STATUS_SUCCESS; > + > +fail4: > + Error("fail4\n"); > + > + BufferTerminate(); > + RegistryCloseKey(Driver.ParametersKey); > + Driver.ParametersKey = NULL; > > fail3: > Error("fail3\n"); > > - RegistryCloseKey(ServiceKey); > + if (ServiceKey) > + RegistryCloseKey(ServiceKey); > > fail2: > Error("fail2\n"); > diff --git a/src/xenvbd/registry.c b/src/xenvbd/registry.c > index b70bc89..9ceffa5 100644 > --- a/src/xenvbd/registry.c > +++ b/src/xenvbd/registry.c > @@ -234,6 +234,8 @@ RegistryCreateKey( > > *Key = Child; > > + __RegistryFree(Buffer); > + > return STATUS_SUCCESS; > > fail4: > -- > 2.8.3 > > > _______________________________________________ > win-pv-devel mailing list > win-pv-devel@xxxxxxxxxxxxxxxxxxxx > https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel _______________________________________________ win-pv-devel mailing list win-pv-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |