ntoskrnl.exe: Don't transfer back input buffer for IRP_MJ_WRITE requests.

Signed-off-by: Sebastian Lackner <sebastian@fds-team.de> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

ntoskrnl.exe: Don't transfer back input buffer for IRP_MJ_WRITE requests.
8d799ea5 · Sebastian Lackner · Alexandre Julliard · 4121b223 · 8d799ea5 · 8d799ea5
Commit 8d799ea5 authored Oct 12, 2016 by Sebastian Lackner Committed by Alexandre Julliard Oct 12, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 3 deletions

ntoskrnl.c dlls/ntoskrnl.exe/ntoskrnl.c +10 -3

wdm.h include/ddk/wdm.h +17 -0

No files found.
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -176,12 +176,15 @@ static HANDLE get_device_manager(void)
 static NTSTATUS WINAPI dispatch_irp_completion( DEVICE_OBJECT *device, IRP *irp, void *context )
 {
    FILE_OBJECT *file = irp->Tail.Overlay.OriginalFileObject;
+    HANDLE irp_handle = context;
    void *out_buff = irp->UserBuffer;
-    HANDLE handle = context;
+    if (irp->Flags & IRP_WRITE_OPERATION)
+        out_buff = NULL;  /* do not transfer back input buffer */
    SERVER_START_REQ( set_irp_result )
    {
-        req->handle   = wine_server_obj_handle( handle );
+        req->handle   = wine_server_obj_handle( irp_handle );
        req->status   = irp->IoStatus.u.Status;
        req->file_ptr = wine_server_client_ptr( file );
        if (irp->IoStatus.u.Status >= 0)
@@ -193,7 +196,7 @@ static NTSTATUS WINAPI dispatch_irp_completion( DEVICE_OBJECT *device, IRP *irp,
    }
    SERVER_END_REQ;
-    HeapFree( GetProcessHeap(), 0, out_buff );
+    HeapFree( GetProcessHeap(), 0, irp->UserBuffer );
    return STATUS_SUCCESS;
 }
@@ -248,6 +251,7 @@ static NTSTATUS dispatch_create( const irp_params_t *params, void *in_buff, ULON
    irp->UserIosb = NULL;
    irp->UserEvent = NULL;
+    irp->Flags |= IRP_CREATE_OPERATION;
    dispatch_irp( device, irp, irp_handle );
    return STATUS_SUCCESS;
@@ -285,6 +289,7 @@ static NTSTATUS dispatch_close( const irp_params_t *params, void *in_buff, ULONG
    irp->UserIosb = NULL;
    irp->UserEvent = NULL;
+    irp->Flags |= IRP_CLOSE_OPERATION;
    dispatch_irp( device, irp, irp_handle );
    HeapFree( GetProcessHeap(), 0, file );  /* FIXME: async close processing not supported */
@@ -325,6 +330,7 @@ static NTSTATUS dispatch_read( const irp_params_t *params, void *in_buff, ULONG 
    irpsp = IoGetNextIrpStackLocation( irp );
    irpsp->Parameters.Read.Key = params->read.key;
+    irp->Flags |= IRP_READ_OPERATION;
    dispatch_irp( device, irp, irp_handle );
    return STATUS_SUCCESS;
@@ -358,6 +364,7 @@ static NTSTATUS dispatch_write( const irp_params_t *params, void *in_buff, ULONG
    irpsp = IoGetNextIrpStackLocation( irp );
    irpsp->Parameters.Write.Key = params->write.key;
+    irp->Flags |= IRP_WRITE_OPERATION;
    dispatch_irp( device, irp, irp_handle );
    return STATUS_SUCCESS;

--- a/include/ddk/wdm.h
+++ b/include/ddk/wdm.h
@@ -457,6 +457,23 @@ typedef struct _IRP {
 } IRP;
 typedef struct _IRP *PIRP;
+#define IRP_NOCACHE               0x0001
+#define IRP_PAGING_IO             0x0002
+#define IRP_MOUNT_COMPLETION      0x0002
+#define IRP_SYNCHRONOUS_API       0x0004
+#define IRP_ASSOCIATED_IRP        0x0008
+#define IRP_BUFFERED_IO           0x0010
+#define IRP_DEALLOCATE_BUFFER     0x0020
+#define IRP_INPUT_OPERATION       0x0040
+#define IRP_SYNCHRONOUS_PAGING_IO 0x0040
+#define IRP_CREATE_OPERATION      0x0080
+#define IRP_READ_OPERATION        0x0100
+#define IRP_WRITE_OPERATION       0x0200
+#define IRP_CLOSE_OPERATION       0x0400
+#define IRP_DEFER_IO_COMPLETION   0x0800
+#define IRP_OB_QUERY_NAME         0x1000
+#define IRP_HOLD_DEVICE_QUEUE     0x2000
 typedef VOID (WINAPI *PINTERFACE_REFERENCE)(
  PVOID  Context);