Changeset 4971 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

Sep 21, 2007 10:19:12 PM (18 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

24737

Message:

GVM.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPDRV.h (modified) (3 diffs)
• SUPDRVShared.c (modified) (6 diffs)

trunk/src/VBox/HostDrivers/Support/SUPDRV.h

@@ -516 +516 @@
     /** Pointer to the next in the global list. */
     struct SUPDRVOBJ * volatile     pNext;
-    /** Pointer to the object destructor. */
+    /** Pointer to the object destructor.
+     * This may be set to NULL if the image containing the destructor get unloaded. */
     PFNSUPDRVDESTRUCTOR             pfnDestructor;
     /** User argument 1. */
@@ -612 +613 @@
 {
     /** Spinlock to serialize the initialization,
-     * usage counting and destruction of the IDT entry override. */
+     * usage counting and destruction of the IDT entry override and objects. */
     RTSPINLOCK              Spinlock;
 
@@ -622 +623 @@
 #endif
 
-    /** List of registered objects. */
+    /** List of registered objects. Protected by the spinlock. */
     PSUPDRVOBJ volatile     pObjs;
     /** List of free object usage records. */

trunk/src/VBox/HostDrivers/Support/SUPDRVShared.c

@@ -88 +88 @@
     { "SUPR0ContAlloc",                         (void *)SUPR0ContAlloc },
     { "SUPR0ContFree",                          (void *)SUPR0ContFree },
+    { "SUPR0LowAlloc",                          (void *)SUPR0LowAlloc },
+    { "SUPR0LowFree",                           (void *)SUPR0LowFree },
     { "SUPR0MemAlloc",                          (void *)SUPR0MemAlloc },
     { "SUPR0MemGetPhys",                        (void *)SUPR0MemGetPhys },
@@ -429 +431 @@
                 RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
 
-                pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
+                if (pObj->pfnDestructor)
+                    pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
                 RTMemFree(pObj);
             }
@@ -1315 +1318 @@
     {
         pObj->u32Magic++;
-        pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
+        if (pObj->pfnDestructor)
+            pObj->pfnDestructor(pObj, pObj->pvUser1, pObj->pvUser2);
         RTMemFree(pObj);
     }
@@ -3127 +3131 @@
 static int supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq)
 {
+    int             rc;
     PSUPDRVLDRUSAGE pUsagePrev;
     PSUPDRVLDRUSAGE pUsage;
@@ -3153 +3158 @@
      * Check if we can remove anything.
      */
+    rc = VINF_SUCCESS;
     pImage = pUsage->pImage;
     if (pImage->cUsage <= 1 || pUsage->cUsage <= 1)
     {
-        /* unlink it */
-        if (pUsagePrev)
-            pUsagePrev->pNext = pUsage->pNext;
+        /*
+         * Check if there are any objects with destructors in the image, if
+         * so leave it for the session cleanup routine so we get a chance to
+         * clean things up in the right order and not leave them all dangling.
+         */
+        RTSPINLOCKTMP   SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
+        RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
+        if (pImage->cUsage <= 1)
+        {
+            PSUPDRVOBJ pObj;
+            for (pObj = pDevExt->pObjs; pObj; pObj = pObj->pNext)
+                if (RT_UNLIKELY((uintptr_t)pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
+                {
+                    rc = VERR_SHARING_VIOLATION; /** @todo VERR_DANGLING_OBJECTS */
+                    break;
+                }
+        }
         else
-            pSession->pLdrUsage = pUsage->pNext;
-        /* free it */
-        pUsage->pImage = NULL;
-        pUsage->pNext = NULL;
-        RTMemFree(pUsage);
-
-        /*
-         * Derefrence the image.
-         */
-        if (pImage->cUsage <= 1)
-            supdrvLdrFree(pDevExt, pImage);
-        else
-            pImage->cUsage--;
+        {
+            PSUPDRVUSAGE pGenUsage;
+            for (pGenUsage = pSession->pUsage; pGenUsage; pGenUsage = pGenUsage->pNext)
+                if (RT_UNLIKELY((uintptr_t)pGenUsage->pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
+                {
+                    rc = VERR_SHARING_VIOLATION; /** @todo VERR_DANGLING_OBJECTS */
+                    break;
+                }
+        }
+        RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
+        if (rc == VINF_SUCCESS)
+        {
+            /* unlink it */
+            if (pUsagePrev)
+                pUsagePrev->pNext = pUsage->pNext;
+            else
+                pSession->pLdrUsage = pUsage->pNext;
+
+            /* free it */
+            pUsage->pImage = NULL;
+            pUsage->pNext = NULL;
+            RTMemFree(pUsage);
+
+            /*
+             * Derefrence the image.
+             */
+            if (pImage->cUsage <= 1)
+                supdrvLdrFree(pDevExt, pImage);
+            else
+                pImage->cUsage--;
+        }
     }
     else
@@ -3423 +3461 @@
     if (pDevExt->pvVMMR0 == pImage->pvImage)
         supdrvLdrUnsetR0EP(pDevExt);
+
+    /* check for objects with destructors in this image. (Shouldn't happen.) */
+    if (pDevExt->pObjs)
+    {
+        unsigned        cObjs = 0;
+        PSUPDRVOBJ      pObj;
+        RTSPINLOCKTMP   SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
+        RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
+        for (pObj = pDevExt->pObjs; pObj; pObj = pObj->pNext)
+            if (RT_UNLIKELY((uintptr_t)pObj->pfnDestructor - (uintptr_t)pImage->pvImage < pImage->cbImage))
+            {
+                pObj->pfnDestructor = NULL;
+                cObjs++;
+            }
+        RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
+        if (cObjs)
+            OSDBGPRINT(("supdrvLdrFree: Image '%s' has %d dangling objects!\n", pImage->szName, cObjs));
+    }
 
     /* call termination function if fully loaded. */