There seems a bug with multicore

[ajax4sec]

There seems a bug with multi-core in IoCpuIpiDpc function of DriverIo.cpp. I tested the Sysarg2 of the function and found it is not null. So the arg would be dereferenced by ObDereferenceObject(SysArg2), which would cause the error of reference_of_pointer with a blue screen.
I am not sure I was right and welcome with the discussion.

[howknows]

Yes you are right!

for (int iCpuNum = 0, cpurefcount = 0; iCpuNum < sizeof(kTargetCpusAffinity) * 8; iCpuNum++) {
if (!(kTargetCpusAffinity & (1i64 << iCpuNum))) continue;
// Allocate and run the DPC
RtlZeroMemory(pIpiDpcStruct, sizeof(IPI_DPC_STRUCT));
pIpiDpcStruct->dwCpu = iCpuNum;
pIpiDpcStruct->Type = DPC_TYPE_START_PT;
KeInitializeEvent(&pIpiDpcStruct->kEvt, SynchronizationEvent, FALSE);
KeInitializeDpc(pkDpc, IoCpuIpiDpc, (PVOID)pIpiDpcStruct);
KeSetTargetProcessorDpc(pkDpc, (CCHAR)iCpuNum);
if (!cpurefcount)//Do not call ObfDereferenceObject too many, mul CPUs will cause BSOD. Just need call ObfDereferenceObject once!
KeInsertQueueDpc(pkDpc, (LPVOID)ptTraceStruct, (LPVOID)epTarget); // Method-Buffered: passing ptTraceStruct is safe
else
KeInsertQueueDpc(pkDpc ,(LPVOID)ptTraceStruct ,NULL);
cpurefcount++;
// Wait for the DPC to do its job
KeWaitForSingleObject((PVOID)&pIpiDpcStruct->kEvt, Executive, KernelMode, FALSE, NULL);
ntStatus = pIpiDpcStruct->ioSb.Status;
if (!NT_SUCCESS(ntStatus)) break;
}

[moflow]

Please send a pull request. I’m getting these updates via email but am traveling and do not have my native kernel development environment. It will be a couple weeks until I am home

…

On Sun, Feb 11, 2018 at 2:15 AM ajax4sec ***@***.***> wrote: ：） — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#8 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADUSW8sYWvWdEI9vaykQ_J8mubp1GoHbks5tTj8qgaJpZM4R_mg4> .