Code using |QueueUserAPC()| which triggers kernel crash in |nfs41_downcall()|
Posted by Anonymous on Wed 24th Jul 2024 12:46
raw | new post
modification of post by Anonymous (view diff)

diff --git a/daemon/nfs41_daemon.c b/daemon/nfs41_daemon.c
index 8f30607..87ecedb 100644
--- a/daemon/nfs41_daemon.c
+++ b/daemon/nfs41_daemon.c
@@ -125,6 +125,11 @@ out_map_default_ids:
     goto out;
 }

+static VOID apc_code(IN ULONG_PTR dwData)
+{
+       DPRINTF(0, ("Hello from apc_code()!\n"));
+}
+
 static unsigned int nfsd_worker_thread_main(void *args)
 {
     nfs41_daemon_globals *nfs41dg = (nfs41_daemon_globals *)args;
@@ -136,6 +141,10 @@ static unsigned int nfsd_worker_thread_main(void *args)
     DWORD inbuf_len = UPCALL_BUF_SIZE, outbuf_len;
     nfs41_upcall upcall;

+#if 1
+    QueueUserAPC((PAPCFUNC)apc_code, GetCurrentThread(), (ULONG_PTR)args);
+#endif
+
     pipe = CreateFileA(NFS41_USER_DEVICE_NAME_A, GENERIC_READ | GENERIC_WRITE,
         FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
         0, NULL);
@@ -826,6 +835,10 @@ VOID ServiceStart(DWORD argc, LPTSTR *argv)
      */
     logprintf("nfsd is running.\n");

+#if 0
+    QueueUserAPC((PAPCFUNC)apc_code, GetCurrentThread(), (ULONG_PTR)&nfs41_dg);
+#endif
+
 #ifndef STANDALONE_NFSD
     // report the status to the service control manager.
     if (!ReportStatusToSCMgr(SERVICE_RUNNING, NO_ERROR, 0))