Windows: Deny writes/truncation to files w RO attr

[openafs.git] / src / WINNT / afsrdr / kernel / lib / AFSWrite.cpp

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
index f6148b9..1376d06 100644 (file)
--- a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
- * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
+ * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014 Your File System, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -121,6 +121,8 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
     BOOLEAN            bReleasePaging = FALSE;
     BOOLEAN            bExtendingWrite = FALSE;
     BOOLEAN            bSynchronousFo = FALSE;
+    BOOLEAN           bWriteToEndOfFile = FALSE;
+    BOOLEAN           bWait = FALSE;
     BOOLEAN            bCompleteIrp = TRUE;
     BOOLEAN            bForceFlush = FALSE;
     BOOLEAN            bLockOK;
@@ -177,6 +179,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
         liStartingByte = pIrpSp->Parameters.Write.ByteOffset;
         bPagingIo      = BooleanFlagOn( Irp->Flags, IRP_PAGING_IO);
         bNonCachedIo   = BooleanFlagOn( Irp->Flags, IRP_NOCACHE);
+       bWait          = IoIsOperationSynchronous( Irp);
         ulByteCount    = pIrpSp->Parameters.Write.Length;
         bSynchronousFo = BooleanFlagOn( pFileObject->Flags, FO_SYNCHRONOUS_IO);
 
@@ -257,7 +260,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                           "AFSCommonWrite (%p) Request failed due to read only volume\n",
                           Irp));
 
-            try_return( ntStatus = STATUS_ACCESS_DENIED);
+            try_return( ntStatus = STATUS_MEDIA_WRITE_PROTECTED);
         }
 
         //
@@ -354,7 +357,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
             if( pFileObject->PrivateCacheMap == NULL)
             {
 
-                AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
+               AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
                               AFS_TRACE_LEVEL_VERBOSE,
                               "AFSCommonWrite Acquiring Fcb SectionObject lock %p EXCL %08lX\n",
                               &pNPFcb->SectionObjectResource,
@@ -386,7 +389,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                     CcSetDirtyPageThreshold( pFileObject,
                                              AFS_DIRTY_CHUNK_THRESHOLD * pDeviceExt->Specific.RDR.MaximumRPCLength / 4096);
                 }
-                __except( EXCEPTION_EXECUTE_HANDLER)
+               __except( EXCEPTION_EXECUTE_HANDLER)
                 {
 
                     ntStatus = GetExceptionCode();
@@ -398,7 +401,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                                   ntStatus));
                 }
 
-                AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
+               AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
                               AFS_TRACE_LEVEL_VERBOSE,
                               "AFSCommonWrite Releasing Fcb SectionObject lock %p EXCL %08lX\n",
                               &pNPFcb->SectionObjectResource,
@@ -415,39 +418,73 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                 }
             }
 
-            if (!CcCanIWrite( pFileObject,
-                              ulByteCount,
-                              FALSE,
-                              bRetry))
-            {
-
-                AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
-                              AFS_TRACE_LEVEL_WARNING,
-                              "AFSCommonWrite (FO: %p) CcCanIWrite says No room for Offset %0I64X Length %08lX bytes! Deferring%s\n",
-                              pFileObject,
-                              liStartingByte.QuadPart,
-                              ulByteCount,
-                              bRetry ? " RETRY" : ""));
+           //
+           // On versions of Microsoft Windows older than Vista the IO Manager
+           // will issue multiple outstanding writes on a synchronous file object
+           // if one of the cached writes completes with STATUS_PENDING.  This can
+           // result in the writes being completed out of order which can corrupt
+           // the end of file marker.  On OS versions older than Vista use a spin
+           // loop instead of deferring the write.
+           //
+
+           if ( bSynchronousFo &&
+                AFSRtlSysVersion.dwMajorVersion < 6)
+           {
 
-                ntStatus = AFSDeferWrite( DeviceObject, pFileObject, hCallingUser, Irp, ulByteCount, bRetry);
+               while (!CcCanIWrite( pFileObject,
+                                    ulByteCount,
+                                    bWait && !bRetry,
+                                    bRetry))
+               {
+                   static const LONGLONG llWriteDelay = (LONGLONG)-100000;
+                   bRetry = TRUE;
 
-                if ( STATUS_PENDING == ntStatus)
-                {
+                   AFSDbgLogMsg( AFS_SUBSYSTEM_IO_PROCESSING,
+                                 AFS_TRACE_LEVEL_WARNING,
+                                 "AFSCommonWrite (FO: %p) CcCanIWrite says No room for %u bytes! Retry in 10ms\n",
+                                 pFileObject,
+                                 ulByteCount);
 
-                    bCompleteIrp = FALSE;
-                }
-                else
-                {
+                   KeDelayExecutionThread(KernelMode, FALSE, (PLARGE_INTEGER)&llWriteDelay);
+               }
+           }
+           else
+           {
 
-                    AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
-                                  AFS_TRACE_LEVEL_ERROR,
-                                  "AFSCommonWrite (FO: %p) AFSDeferWrite failure Status %08lX\n",
-                                  pFileObject,
-                                  ntStatus));
-                }
+               if (!CcCanIWrite( pFileObject,
+                                 ulByteCount,
+                                 bWait && !bRetry,
+                                 bRetry))
+               {
 
-                try_return( ntStatus);
-            }
+                   AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
+                                 AFS_TRACE_LEVEL_WARNING,
+                                 "AFSCommonWrite (FO: %p) CcCanIWrite says No room for Offset %0I64X Length %08lX bytes! Deferring%s\n",
+                                 pFileObject,
+                                 liStartingByte.QuadPart,
+                                 ulByteCount,
+                                 bRetry ? " RETRY" : ""));
+
+                   ntStatus = AFSDeferWrite( DeviceObject, pFileObject, hCallingUser, Irp, ulByteCount, bRetry);
+
+                   if ( STATUS_PENDING == ntStatus)
+                   {
+
+                       bCompleteIrp = FALSE;
+                   }
+                   else
+                   {
+
+                       AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
+                                     AFS_TRACE_LEVEL_ERROR,
+                                     "AFSCommonWrite (FO: %p) AFSDeferWrite failure Status %08lX\n",
+                                     pFileObject,
+                                     ntStatus));
+                   }
+
+                   try_return( ntStatus);
+               }
+           }
         }
 
         //
@@ -511,10 +548,12 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
             else
             {
 
-                bExtendingWrite = (((liStartingByte.QuadPart + ulByteCount) >=
-                                     pFcb->Header.FileSize.QuadPart) ||
-                                    (liStartingByte.LowPart == FILE_WRITE_TO_END_OF_FILE &&
-                                      liStartingByte.HighPart == -1)) ;
+               bWriteToEndOfFile = liStartingByte.LowPart == FILE_WRITE_TO_END_OF_FILE &&
+                                   liStartingByte.HighPart == -1;
+
+               bExtendingWrite = ( bWriteToEndOfFile ||
+                                   ((liStartingByte.QuadPart + ulByteCount) >=
+                                     pFcb->Header.FileSize.QuadPart));
 
                 if( bExtendingWrite || bNonCachedIo)
                 {
@@ -522,6 +561,11 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                     // Check for lock inversion
                     //
 
+                   //
+                   // For bExtendingWrite the PagingResource is needed to protect
+                   // the CcSetFileSizes call in AFSExtendingWrite
+                   //
+
                     ASSERT( !ExIsResourceAcquiredLite( &pNPFcb->PagingResource ));
 
                     AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
@@ -535,7 +579,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
 
                     bReleaseMain = TRUE;
 
-                    AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
+                   AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
                                   AFS_TRACE_LEVEL_VERBOSE,
                                   "AFSCommonWrite Acquiring Fcb SectionObject lock %p EXCL %08lX\n",
                                   &pNPFcb->SectionObjectResource,
@@ -546,20 +590,24 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
 
                     bReleaseSectionObject = TRUE;
 
-                    if (liStartingByte.LowPart == FILE_WRITE_TO_END_OF_FILE &&
-                         liStartingByte.HighPart == -1)
-                    {
-                        if (pFcb->Header.ValidDataLength.QuadPart > pFcb->Header.FileSize.QuadPart)
-                        {
-                            liStartingByte = pFcb->Header.ValidDataLength;
-                        }
-                        else
-                        {
-                            liStartingByte = pFcb->Header.FileSize;
-                        }
-                    }
+                   if ( bWriteToEndOfFile)
+                   {
 
-                    //
+                       if (pFcb->Header.ValidDataLength.QuadPart > pFcb->Header.FileSize.QuadPart)
+                       {
+
+                           liStartingByte = pFcb->Header.ValidDataLength;
+                       }
+                       else
+                       {
+
+                           liStartingByte = pFcb->Header.FileSize;
+                       }
+
+                       pIrpSp->Parameters.Write.ByteOffset = liStartingByte;
+                   }
+
+                   //
                     // We have the correct lock - even if we don't end up truncating
                     //
                     bLockOK = TRUE;
@@ -579,7 +627,7 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
 
                     bReleaseMain = TRUE;
 
-                    AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING,
+                   AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
                                   AFS_TRACE_LEVEL_VERBOSE,
                                   "AFSCommonWrite Acquiring Fcb SectionObject lock %p SHARED %08lX\n",
                                   &pNPFcb->SectionObjectResource,
@@ -598,6 +646,12 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
                     if (!bLockOK)
                     {
 
+                       AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
+                                     AFS_TRACE_LEVEL_VERBOSE,
+                                     "AFSCommonWrite Releasing Fcb SectionObject lock %p SHARED %08lX\n",
+                                     &pNPFcb->SectionObjectResource,
+                                     PsGetCurrentThread()));
+
                        AFSReleaseResource( &pNPFcb->SectionObjectResource);
 
                        bReleaseSectionObject = FALSE;
@@ -635,6 +689,10 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
 
                 ntStatus = AFSExtendingWrite( pFcb, pFileObject, (liStartingByte.QuadPart + ulByteCount));
 
+               //
+               // Fcb->NPFcb->Resource is now held SHARED
+               //
+
                 if( !NT_SUCCESS(ntStatus))
                 {
 
@@ -659,7 +717,8 @@ AFSCommonWrite( IN PDEVICE_OBJECT DeviceObject,
         {
 
             //
-            // Main and SectionObject resources held Shared
+           // Main resource held Shared
+           // SectionObject resource held exclusive if extending write
             //
 
             AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
@@ -702,12 +761,13 @@ try_exit:
                       Irp,
                       ntStatus));
 
-        if ( NT_SUCCESS( ntStatus))
+       if ( NT_SUCCESS( ntStatus) &&
+            ntStatus != STATUS_PENDING)
         {
             if ( !bPagingIo)
             {
 
-                if( bSynchronousFo)
+               if( bSynchronousFo)
                 {
 
                     pFileObject->CurrentByteOffset.QuadPart = liStartingByte.QuadPart + ulByteCount;
@@ -734,7 +794,8 @@ try_exit:
             }
         }
 
-        if ( !bPagingIo && bNonCachedIo && CcIsFileCached( pFileObject) &&
+       if ( ntStatus != STATUS_PENDING &&
+            !bPagingIo && bNonCachedIo && CcIsFileCached( pFileObject) &&
              pNPFcb->SectionObjectPointers.DataSectionObject != NULL &&
              bReleaseSectionObject)
         {
@@ -786,7 +847,7 @@ try_exit:
 
                AFSDbgTrace(( 0,
                              0,
-                             "EXCEPTION - AFSProcessOverwriteSupercede MmCanFileBeTruncated failed FID %08lX-%08lX-%08lX-%08lX Status 0x%08lX\n",
+                             "EXCEPTION - AFSCommonWrite CcPurgeCacheSection failed FID %08lX-%08lX-%08lX-%08lX Status 0x%08lX\n",
                               pFcb->ObjectInformation->FileId.Cell,
                               pFcb->ObjectInformation->FileId.Volume,
                               pFcb->ObjectInformation->FileId.Vnode,
@@ -802,6 +863,12 @@ try_exit:
         if( bReleaseSectionObject)
         {
 
+           AFSDbgTrace(( AFS_SUBSYSTEM_LOCK_PROCESSING|AFS_SUBSYSTEM_SECTION_OBJECT,
+                         AFS_TRACE_LEVEL_VERBOSE,
+                         "AFSCommonWrite Releasing Fcb SectionObject lock %p EXCL/SHARED %08lX\n",
+                         &pNPFcb->SectionObjectResource,
+                         PsGetCurrentThread()));
+
             AFSReleaseResource( &pNPFcb->SectionObjectResource);
         }
 
@@ -1792,7 +1859,7 @@ AFSCachedWrite( IN PDEVICE_OBJECT DeviceObject,
 
                 ntStatus = Irp->IoStatus.Status;
             }
-            __except( EXCEPTION_EXECUTE_HANDLER)
+           __except( EXCEPTION_EXECUTE_HANDLER)
             {
                 ntStatus = GetExceptionCode();
 
@@ -1890,7 +1957,7 @@ AFSCachedWrite( IN PDEVICE_OBJECT DeviceObject,
                     try_return( ntStatus = STATUS_UNSUCCESSFUL);
                 }
             }
-            __except( EXCEPTION_EXECUTE_HANDLER)
+           __except( EXCEPTION_EXECUTE_HANDLER)
             {
 
                 ntStatus = GetExceptionCode();
@@ -1913,31 +1980,49 @@ AFSCachedWrite( IN PDEVICE_OBJECT DeviceObject,
                 BooleanFlagOn(pFileObject->Flags, (FO_NO_INTERMEDIATE_BUFFERING + FO_WRITE_THROUGH)))
             {
 
-                //
-                // We have detected a file we do a write through with.
-                //
-
-                CcFlushCache(&pFcb->NPFcb->SectionObjectPointers,
-                             &liCurrentOffset,
-                             ulCurrentIO,
-                             &iosbFlush);
-
-                if( !NT_SUCCESS( iosbFlush.Status))
+               __try
+               {
+                   //
+                   // We have detected a file we do a write through with.
+                   //
+
+                   CcFlushCache(&pFcb->NPFcb->SectionObjectPointers,
+                                 &liCurrentOffset,
+                                 ulCurrentIO,
+                                 &iosbFlush);
+
+                   if( !NT_SUCCESS( iosbFlush.Status))
+                   {
+
+                       AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
+                                     AFS_TRACE_LEVEL_ERROR,
+                                     "AFSCachedWrite (%p) CcFlushCache failure %wZ FID %08lX-%08lX-%08lX-%08lX Status 0x%08lX Bytes 0x%08lX\n",
+                                     Irp,
+                                     &pFileObject->FileName,
+                                     pFcb->ObjectInformation->FileId.Cell,
+                                     pFcb->ObjectInformation->FileId.Volume,
+                                     pFcb->ObjectInformation->FileId.Vnode,
+                                     pFcb->ObjectInformation->FileId.Unique,
+                                     iosbFlush.Status,
+                                     iosbFlush.Information));
+
+                       try_return( ntStatus = iosbFlush.Status);
+                   }
+               }
+               __except( EXCEPTION_EXECUTE_HANDLER)
                 {
 
+                   ntStatus = GetExceptionCode();
+
                     AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
                                   AFS_TRACE_LEVEL_ERROR,
-                                  "AFSCachedWrite (%p) CcFlushCache failure %wZ FID %08lX-%08lX-%08lX-%08lX Status 0x%08lX Bytes 0x%08lX\n",
+                                 "AFSCachedWrite (%p) CcFlushCache Threw exception %wZ @ %0I64X Status %08lX\n",
                                   Irp,
                                   &pFileObject->FileName,
-                                  pFcb->ObjectInformation->FileId.Cell,
-                                  pFcb->ObjectInformation->FileId.Volume,
-                                  pFcb->ObjectInformation->FileId.Vnode,
-                                  pFcb->ObjectInformation->FileId.Unique,
-                                  iosbFlush.Status,
-                                  iosbFlush.Information));
-
-                    try_return( ntStatus = iosbFlush.Status);
+                                 liCurrentOffset.QuadPart,
+                                 ntStatus));
+
+                   try_return( ntStatus);
                 }
             }
 
@@ -1978,6 +2063,10 @@ try_exit:
     return ntStatus;
 }
 
+//
+// Called with Fcb->NPFcb->SectionObjectResource and Fcb->NPFcb->Resource held
+//
+
 static
 NTSTATUS
 AFSExtendingWrite( IN AFSFcb *Fcb,
@@ -2023,6 +2112,9 @@ AFSExtendingWrite( IN AFSFcb *Fcb,
         //
         // If the file is currently cached, then let the MM know about the extension
         //
+       // The CcSetFileSizes call should be made with only the PagingResource held
+       // which we are currently not holding.
+       //
 
         if( CcIsFileCached( FileObject))
         {
@@ -2062,8 +2154,6 @@ AFSShareWrite( IN PDEVICE_OBJECT DeviceObject,
     __Enter
     {
 
-        pFcb = (AFSFcb *)pIrpSp->FileObject->FsContext;
-
         pCcb = (AFSCcb *)pIrpSp->FileObject->FsContext2;
 
         AFSDbgTrace(( AFS_SUBSYSTEM_PIPE_PROCESSING,
@@ -2100,6 +2190,8 @@ AFSShareWrite( IN PDEVICE_OBJECT DeviceObject,
             try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
         }
 
+       pFcb = (AFSFcb *)pIrpSp->FileObject->FsContext;
+
         AFSAcquireShared( &pFcb->NPFcb->Resource,
                           TRUE);