DDK sample bug reporting

TheMSsForum.com: The Microsoft Software Forum

What's the proper way to report a potential bug in a DDK sample?
Top

Re: DDK sample bug reporting by Doron

Doron
Thu Dec 21 21:47:19 CST 2006

you can use one of hte ddk feedback links on a WDK page that relate to the
sample (if there is one). what is the bug you want to report?

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.


<BubbaGump> wrote in message
news:jecmo2t9j4kb5m7ln2o2m6rmpf8e2eua4g@4ax.com...
> What's the proper way to report a potential bug in a DDK sample?
>


Top

Re: DDK sample bug reporting by Tim

Tim
Thu Dec 21 23:34:47 CST 2006

BubbaGump <> wrote:
>
>What's the proper way to report a potential bug in a DDK sample?

This newsgroup is a good place to start. Many members of the DDK team are
regular participants.
--
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.
Top

Re: DDK sample bug reporting by BubbaGump

BubbaGump
Fri Dec 22 07:49:49 CST 2006

On Thu, 21 Dec 2006 19:47:19 -0800, "Doron Holan [MS]"
<doronh@nospam.microsoft.com> wrote:

>you can use one of hte ddk feedback links on a WDK page that relate to the
>sample (if there is one). what is the bug you want to report?


What I noticed is in the toaster bus sample (starting from the
DriverEntry in general\toaster\bus\busenum.c). In a couple cases it
orders its custom remove lock operations backwards, which are race
conditions.

For IRP_MJ_PNP and IRP_MJ_POWER it tests
DevicePnPState first but waits until a little later to call
Bus_IncIoCount. This is a test-and-set race. In the time between the
test on the state and the increment of the count, an
IRP_MN_REMOVE_DEVICE could have been handled, seen from the old count
that the device wasn't in use, and proceeded with removal just as the
handler for IRP_MJ_PNP and IRP_MJ_POWER was beginning to run.

(The operations are ordered the safe set-first-then-test way for
IRP_MJ_CLOSE, IRP_MJ_DEVICE_CONTROL, and IRP_MJ_SYSTEM_CONTROL, which
is ironic since these are the IRPs that shouldn't happen during/after
removal for other reasons.)


While I was looking at this, I also noticed a Bus_DecIoCount missing
from the (DevicePnPState == Deleted) error cleanup of the IRP_MJ_CLOSE
handler. Although it may be unnecessary to use a remove lock for
IRP_MJ_CLOSE, if the example usage were used elsewhere then it could
prevent a device from ever being removed if it happened while the
driver was handling IRP_MN_REMOVE_DEVICE during the time when it would
have blocked new requests and would be waiting for current requests to
finish.

Top

Re: DDK sample bug reporting by BubbaGump

BubbaGump
Fri Dec 22 07:51:55 CST 2006

On Thu, 21 Dec 2006 21:34:47 -0800, Tim Roberts <timr@probo.com>
wrote:

>BubbaGump <> wrote:
>>
>>What's the proper way to report a potential bug in a DDK sample?
>
>This newsgroup is a good place to start. Many members of the DDK team are
>regular participants.

I tried that once, but the Subject: line didn't seem to get anyone's
attention, enough to confirm or deny the bug.

Top

Re: DDK sample bug reporting by Eliyas

Eliyas
Fri Dec 22 09:03:54 CST 2006

I will look into it. I don't have access to the source code right now.

-Eliyas

<BubbaGump> wrote in message
news:5nnno2dsm3jivviocvsj4odgqr4kheunaf@4ax.com...
> On Thu, 21 Dec 2006 19:47:19 -0800, "Doron Holan [MS]"
> <doronh@nospam.microsoft.com> wrote:
>
>>you can use one of hte ddk feedback links on a WDK page that relate to the
>>sample (if there is one). what is the bug you want to report?
>
>
> What I noticed is in the toaster bus sample (starting from the
> DriverEntry in general\toaster\bus\busenum.c). In a couple cases it
> orders its custom remove lock operations backwards, which are race
> conditions.
>
> For IRP_MJ_PNP and IRP_MJ_POWER it tests
> DevicePnPState first but waits until a little later to call
> Bus_IncIoCount. This is a test-and-set race. In the time between the
> test on the state and the increment of the count, an
> IRP_MN_REMOVE_DEVICE could have been handled, seen from the old count
> that the device wasn't in use, and proceeded with removal just as the
> handler for IRP_MJ_PNP and IRP_MJ_POWER was beginning to run.
>
> (The operations are ordered the safe set-first-then-test way for
> IRP_MJ_CLOSE, IRP_MJ_DEVICE_CONTROL, and IRP_MJ_SYSTEM_CONTROL, which
> is ironic since these are the IRPs that shouldn't happen during/after
> removal for other reasons.)
>
>
> While I was looking at this, I also noticed a Bus_DecIoCount missing
> from the (DevicePnPState == Deleted) error cleanup of the IRP_MJ_CLOSE
> handler. Although it may be unnecessary to use a remove lock for
> IRP_MJ_CLOSE, if the example usage were used elsewhere then it could
> prevent a device from ever being removed if it happened while the
> driver was handling IRP_MN_REMOVE_DEVICE during the time when it would
> have blocked new requests and would be waiting for current requests to
> finish.
>


Top

Re: DDK sample bug reporting by BubbaGump

BubbaGump
Fri Dec 22 11:03:39 CST 2006

Thanks.




On Fri, 22 Dec 2006 07:03:54 -0800, "Eliyas Yakub [MSFT]"
<eliyasy@online.discussion.microsoft.com> wrote:

>I will look into it. I don't have access to the source code right now.
>
>-Eliyas

Top