From a54fefc0449fbccc881c017480cb92878bb460cb Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 19 Mar 2012 21:10:31 -0400 Subject: [PATCH] Windows: Refactor AFSProcessSupport Breakup AFSProcessNotify() into AFSProcessCreate() and AFSProcessDestroy(). Correct inconsistencies with ETHREAD vs ThreadId HANDLE. Add AFSProcessNotifyEx() and use PsSetCreateProcessNotifyRoutineEx() to register it on Vista SP1 and above. Change-Id: I2be85c3e8229883b4e239e1fdba9a65fc704daaa Reviewed-on: http://gerrit.openafs.org/6926 Tested-by: BuildBot Reviewed-by: Peter Scott Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- src/WINNT/afsrdr/kernel/fs/AFSInit.cpp | 23 +++- .../afsrdr/kernel/fs/AFSProcessSupport.cpp | 127 +++++++++++++----- .../afsrdr/kernel/fs/Include/AFSCommon.h | 15 +++ .../afsrdr/kernel/fs/Include/AFSStructs.h | 4 +- 4 files changed, 136 insertions(+), 33 deletions(-) diff --git a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp index 770de3793..bbc662a17 100644 --- a/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp +++ b/src/WINNT/afsrdr/kernel/fs/AFSInit.cpp @@ -45,6 +45,8 @@ extern void *KeServiceDescriptorTable; }; #endif +typedef NTSTATUS (*PsSetCreateProcessNotifyRoutineEx_t)( PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, BOOLEAN Remove); + // // DriverEntry // @@ -76,6 +78,8 @@ DriverEntry( PDRIVER_OBJECT DriverObject, BOOLEAN bExit = FALSE; UNICODE_STRING uniRoutine; RTL_OSVERSIONINFOW sysVersion; + UNICODE_STRING uniPsSetCreateProcessNotifyRoutineEx; + PsSetCreateProcessNotifyRoutineEx_t pPsSetCreateProcessNotifyRoutineEx = NULL; __try { @@ -452,8 +456,23 @@ DriverEntry( PDRIVER_OBJECT DriverObject, // Register the call back for process creation and tear down // - PsSetCreateProcessNotifyRoutine( AFSProcessNotify, - FALSE); + RtlInitUnicodeString( &uniPsSetCreateProcessNotifyRoutineEx, + L"PsSetCreateProcessNotifyRoutineEx"); + + pPsSetCreateProcessNotifyRoutineEx = (PsSetCreateProcessNotifyRoutineEx_t)MmGetSystemRoutineAddress(&uniPsSetCreateProcessNotifyRoutineEx); + + if ( pPsSetCreateProcessNotifyRoutineEx) + { + + pPsSetCreateProcessNotifyRoutineEx( AFSProcessNotifyEx, + FALSE); + } + else + { + + PsSetCreateProcessNotifyRoutine( AFSProcessNotify, + FALSE); + } try_exit: diff --git a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp index 5c8e82e17..c30b8685f 100644 --- a/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp +++ b/src/WINNT/afsrdr/kernel/fs/AFSProcessSupport.cpp @@ -44,57 +44,127 @@ AFSProcessNotify( IN HANDLE ParentId, IN BOOLEAN Create) { + // + // If this is a create notification then update our tree, otherwise remove the + // entry + // + + if( Create) + { + + AFSProcessCreate( ParentId, + ProcessId, + PsGetCurrentProcessId(), + PsGetCurrentThreadId()); + } + else + { + + AFSProcessDestroy( ParentId, + ProcessId); + } + + return; +} + +void +AFSProcessNotifyEx( IN OUT PEPROCESS Process, + IN HANDLE ProcessId, + IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo) +{ + + if ( CreateInfo) + { + + AFSProcessCreate( CreateInfo->ParentProcessId, + ProcessId, + CreateInfo->CreatingThreadId.UniqueProcess, + CreateInfo->CreatingThreadId.UniqueThread); + } + else + { + + AFSProcessDestroy( CreateInfo->ParentProcessId, + ProcessId); + } +} + + +void +AFSProcessCreate( IN HANDLE ParentId, + IN HANDLE ProcessId, + IN HANDLE CreatingProcessId, + IN HANDLE CreatingThreadId) +{ NTSTATUS ntStatus = STATUS_SUCCESS; - AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL; AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension; - AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL; - AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL; + AFSProcessCB *pProcessCB = NULL; __Enter { - // - // If this is a create notification then update our tree, otherwise remove the - // entry - // - AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING, AFS_TRACE_LEVEL_VERBOSE, - "AFSProcessNotify Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n", + "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n", pDeviceExt->Specific.Control.ProcessTree.TreeLock, PsGetCurrentThread()); AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock, TRUE); - if( Create) - { + AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING, + AFS_TRACE_LEVEL_VERBOSE, + "AFSProcessCreate Parent %08lX Process %08lX %08lX\n", + ParentId, + ProcessId, + PsGetCurrentThread()); - AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING, - AFS_TRACE_LEVEL_VERBOSE, - "AFSProcessNotify CREATE Parent %08lX Process %08lX %08lX\n", - ParentId, - ProcessId, - PsGetCurrentThread()); + pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId, + (ULONGLONG)ProcessId); - pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId, - (ULONGLONG)ProcessId); + if( pProcessCB != NULL) + { - if( pProcessCB != NULL) - { - pProcessCB->CreatingThread = (ULONGLONG)PsGetCurrentThreadId(); - } + pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId; - try_return( ntStatus); + pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId; } + AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock); + } + + return; +} + +void +AFSProcessDestroy( IN HANDLE ParentId, + IN HANDLE ProcessId) +{ + + NTSTATUS ntStatus = STATUS_SUCCESS; + AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension; + AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL; + AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL; + AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL; + + __Enter + { + + AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING, + AFS_TRACE_LEVEL_VERBOSE, + "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n", + pDeviceExt->Specific.Control.ProcessTree.TreeLock, + PsGetCurrentThreadId()); + + AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock, + TRUE); // // It's a remove so pull the entry // AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING, AFS_TRACE_LEVEL_VERBOSE, - "AFSProcessNotify DESTROY Process %08lX %08lX\n", + "AFSProcessDestroy Process %08lX %08lX\n", ProcessId, PsGetCurrentThread()); @@ -141,16 +211,13 @@ AFSProcessNotify( IN HANDLE ParentId, { AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING, AFS_TRACE_LEVEL_WARNING, - "AFSProcessNotify Process %08lX not found in ProcessTree Status %08lX %08lX\n", + "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n", ProcessId, ntStatus, PsGetCurrentThread()); } -try_exit: - AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock); - } return; @@ -354,7 +421,7 @@ AFSValidateProcessEntry( void) pParentThreadCB = pParentThreadCB->Next) { - if( pParentThreadCB->ThreadId == pProcessCB->CreatingThread) + if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId) { break; } diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h index c4b98191a..311fea0b5 100644 --- a/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h +++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSCommon.h @@ -796,6 +796,21 @@ AFSProcessNotify( IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create); +void +AFSProcessNotifyEx( IN OUT PEPROCESS Process, + IN HANDLE ProcessId, + IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo); + +void +AFSProcessCreate( IN HANDLE ParentId, + IN HANDLE ProcessId, + IN HANDLE CreatingProcessId, + IN HANDLE CreatingThreadId); + +void +AFSProcessDestroy( IN HANDLE ParentId, + IN HANDLE ProcessId); + GUID * AFSValidateProcessEntry( void); diff --git a/src/WINNT/afsrdr/kernel/fs/Include/AFSStructs.h b/src/WINNT/afsrdr/kernel/fs/Include/AFSStructs.h index 65d64135b..8b4e06fca 100644 --- a/src/WINNT/afsrdr/kernel/fs/Include/AFSStructs.h +++ b/src/WINNT/afsrdr/kernel/fs/Include/AFSStructs.h @@ -63,7 +63,9 @@ typedef struct AFS_PROCESS_CB ULONGLONG ParentProcessId; - ULONGLONG CreatingThread; + ULONGLONG CreatingProcessId; + + ULONGLONG CreatingThreadId; GUID *ActiveAuthGroup; -- 2.39.5