From 94ead99e0c503faa40b33b813cce296ea5c0bc0c Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Thu, 26 Apr 2018 18:25:19 +0200 Subject: [PATCH] [FASTFAT] Don't leak directories FILE_OBJECT, FCB and cache entries. Once a directory is crossed (opened or a child is opened), associated FCB structure is created in FastFAT, but also a stream FO for caching. Up to now, due to an extra reference taken by the stream file object, even when the directory was no longer used, the directory was kept in memory: the FCB was never deleted, the file object was never dereferenced, and the cache never released. The immediate effect of this bug is that our FAT driver was leaking every directory that was used affecting the whole OS situation. In case of directories intensive operation (like extraction the ReactOS source code in ReactOS ;-)), we were just killin the whole OS RAM without any way to release it and recover. The other side effects: IOs were faster as half of the FS was always permanant in RAM. This commit fixes the issue by forcing the FSD to release the FO, and the cache when a directory is no longer used, leading to its destruction in RAM. Downside: on IO intensive operation, expect slowdowns, obviously, there's less caching now. But more efficient! CORE-14557 --- drivers/filesystems/fastfat/cleanup.c | 1 + drivers/filesystems/fastfat/fcb.c | 20 +++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/drivers/filesystems/fastfat/cleanup.c b/drivers/filesystems/fastfat/cleanup.c index 0a12fd70f82..580ed807a37 100644 --- a/drivers/filesystems/fastfat/cleanup.c +++ b/drivers/filesystems/fastfat/cleanup.c @@ -107,6 +107,7 @@ VfatCleanupFile( { pFcb->FileObject = NULL; CcUninitializeCacheMap(tmpFileObject, NULL, NULL); + ClearFlag(pFcb->Flags, FCB_CACHE_INITIALIZED); ObDereferenceObject(tmpFileObject); } diff --git a/drivers/filesystems/fastfat/fcb.c b/drivers/filesystems/fastfat/fcb.c index f96a3178ba1..f6734a675e9 100644 --- a/drivers/filesystems/fastfat/fcb.c +++ b/drivers/filesystems/fastfat/fcb.c @@ -313,10 +313,24 @@ vfatReleaseFCB( while (pFCB) { + ULONG RefCount; + ASSERT(pFCB != pVCB->VolumeFcb); ASSERT(pFCB->RefCount > 0); - pFCB->RefCount--; - if (pFCB->RefCount == 0) + RefCount = --pFCB->RefCount; + + if (RefCount == 1 && BooleanFlagOn(pFCB->Flags, FCB_CACHE_INITIALIZED)) + { + PFILE_OBJECT tmpFileObject; + tmpFileObject = pFCB->FileObject; + + pFCB->FileObject = NULL; + CcUninitializeCacheMap(tmpFileObject, NULL, NULL); + ClearFlag(pFCB->Flags, FCB_CACHE_INITIALIZED); + ObDereferenceObject(tmpFileObject); + } + + if (RefCount == 0) { ASSERT(pFCB->OpenHandleCount == 0); tmpFcb = pFCB->parentFcb; @@ -623,7 +637,7 @@ vfatFCBInitializeCacheFromVolume( _SEH2_END; vfatGrabFCB(vcb, fcb); - fcb->Flags |= FCB_CACHE_INITIALIZED; + SetFlag(fcb->Flags, FCB_CACHE_INITIALIZED); return STATUS_SUCCESS; } -- 2.17.1