From: Aric Stewart <aric@codeweavers.com>
Subject: [PATCH 2/2] ntoskrnl.exe: User Loader Lock to lock loading and unloading of drivers
Message-Id: <56B89216.8080200@codeweavers.com>
Date: Mon, 8 Feb 2016 07:03:18 -0600

Signed-off-by: Aric Stewart <aric@codeweavers.com>
---
 dlls/ntoskrnl.exe/ntoskrnl.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 0d7bed6..34f0faf 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -2570,12 +2570,13 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
     loaded_driver *driver;
     ULONG_PTR magic;
 
-
+    LdrLockLoaderLock(0, NULL, &magic);
     /* Check if driver is already loaded */
     LIST_FOR_EACH_ENTRY(driver, &loaded_drivers, loaded_driver, entry)
     {
         if (RtlEqualUnicodeString(DriverServiceName, &driver->name, FALSE))
         {
+            LdrUnlockLoaderLock(0, magic);
             return ERROR_SUCCESS;
         }
     }
@@ -2606,6 +2607,7 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
         ERR("cannot open key %s, err=0x%x\n", wine_dbgstr_w(keypath_buffer), status);
         HeapFree(GetProcessHeap(), 0, keypath_buffer);
         HeapFree(GetProcessHeap(), 0, driver_name);
+        LdrUnlockLoaderLock(0, magic);
         return status;
     }
 
@@ -2637,6 +2639,7 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
             HeapFree(GetProcessHeap(), 0, image_path);
             HeapFree(GetProcessHeap(), 0, keypath_buffer);
             HeapFree(GetProcessHeap(), 0, driver_name);
+            LdrUnlockLoaderLock(0, magic);
             return status;
         }
 
@@ -2683,6 +2686,7 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
     {
         HeapFree(GetProcessHeap(), 0, keypath_buffer);
         HeapFree(GetProcessHeap(), 0, driver_name);
+        LdrUnlockLoaderLock(0, magic);
         return STATUS_NOT_FOUND;
     }
 
@@ -2692,6 +2696,7 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
     list_add_tail(&loaded_drivers, &driver->entry);
 
     init_driver(driver_name, &keypath, driver);
+    LdrUnlockLoaderLock(0, magic);
 
     return STATUS_SUCCESS;
 }
@@ -2701,8 +2706,10 @@ NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *DriverServiceName)
  */
 NTSTATUS WINAPI ZwUnloadDriver(const UNICODE_STRING *DriverServiceName)
 {
+    ULONG_PTR magic;
     loaded_driver *driver, *ptr;
 
+    LdrLockLoaderLock(0, NULL, &magic);
     LIST_FOR_EACH_ENTRY_SAFE(driver, ptr, &loaded_drivers, loaded_driver, entry)
     {
         if (RtlEqualUnicodeString(DriverServiceName, &driver->name, FALSE))
@@ -2726,9 +2733,11 @@ NTSTATUS WINAPI ZwUnloadDriver(const UNICODE_STRING *DriverServiceName)
             RtlFreeUnicodeString(&driver->driver_extension.ServiceKeyName);
             FreeLibrary(driver->module);
             HeapFree(GetProcessHeap(), 0, driver);
+            LdrUnlockLoaderLock(0, magic);
             return STATUS_SUCCESS;
         }
     }
 
+    LdrUnlockLoaderLock(0, magic);
     return STATUS_NOT_FOUND;
 }