[PATCH 1/2] server: Use generic kernel object list to store client device pointer.

[Zebediah Figura]

On 3/27/19 11:43 AM, Jacek Caban wrote:
> diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
> index 77a610d7db..941ce89ab7 100644
> --- a/dlls/ntoskrnl.exe/ntoskrnl.c
> +++ b/dlls/ntoskrnl.exe/ntoskrnl.c
> @@ -1474,8 +1474,6 @@ static const WCHAR device_type_name[] = {'D','e','v','i','c','e',0};
>  static struct _OBJECT_TYPE device_type =
>  {
>      device_type_name,
> -    NULL,
> -    free_kernel_object
>  };
>  
>  POBJECT_TYPE IoDeviceObjectType = &device_type;
> @@ -1491,7 +1489,6 @@ NTSTATUS WINAPI IoCreateDevice( DRIVER_OBJECT *driver, ULONG ext_size,
>  {
>      NTSTATUS status;
>      DEVICE_OBJECT *device;
> -    HANDLE handle = 0;
>      HANDLE manager = get_device_manager();
>  
>      TRACE( "(%p, %u, %s, %u, %x, %u, %p)\n",
> @@ -1500,34 +1497,32 @@ NTSTATUS WINAPI IoCreateDevice( DRIVER_OBJECT *driver, ULONG ext_size,
>      if (!(device = alloc_kernel_object( IoDeviceObjectType, NULL, sizeof(DEVICE_OBJECT) + ext_size, 1 )))
>          return STATUS_NO_MEMORY;
>  
> +    device->DriverObject    = driver;
> +    device->DeviceExtension = device + 1;
> +    device->DeviceType      = type;
> +    device->StackSize       = 1;
> +
> +    device->NextDevice   = driver->DeviceObject;
> +    driver->DeviceObject = device;
> +
>      SERVER_START_REQ( create_device )
>      {
> -        req->access     = 0;
> -        req->attributes = 0;
>          req->rootdir    = 0;
>          req->manager    = wine_server_obj_handle( manager );
>          req->user_ptr   = wine_server_client_ptr( device );
>          if (name) wine_server_add_data( req, name->Buffer, name->Length );
> -        if (!(status = wine_server_call( req ))) handle = wine_server_ptr_handle( reply->handle );
> +        status = wine_server_call( req );
>      }
>      SERVER_END_REQ;
>  
> -    if (status == STATUS_SUCCESS)
> +    if (status)
>      {
> -        device->DriverObject    = driver;
> -        device->DeviceExtension = device + 1;
> -        device->DeviceType      = type;
> -        device->StackSize       = 1;
> -        device->Reserved        = handle;
> -
> -        device->NextDevice   = driver->DeviceObject;
> -        driver->DeviceObject = device;
> -
> -        *ret_device = device;
> +        free_kernel_object( device );
> +        return status;
>      }
> -    else free_kernel_object( device );
>  
> -    return status;
> +    *ret_device = device;
> +    return STATUS_SUCCESS;
>  }

What's the reason for moving DEVICE_OBJECT initialization before 
create_device call? In particular this won't work correctly if 
create_device fails, as then driver->DeviceObject will point to an 
invalid device.