blue screen error: DRIVER_RETURNED_HOLDING_CANCEL_LOCK

Question

I write a driver in windows 7. And I use pedding IRP to send event to application from driver. The key Code like:

PIRP PeddingIRP;

...

VOID PtDriverCancelIRP(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) 
{ 
    UNREFERENCED_PARAMETER(DeviceObject);

    KdPrint(( "[WENZ] User Message Cancel Irp....\n" ));

    if ( Irp == PeddingIRP)
        PeddingIRP = NULL; 

    Irp->IoStatus.Status = STATUS_CANCELLED; 
    Irp->IoStatus.Information = 0; 
    IoCompleteRequest(Irp,IO_NO_INCREMENT); 
}

...

NTSTATUS
DeviceControl( PDEVICE_OBJECT DeviceObject, PIRP Irp )
{
    ...
    switch ( irpSp->Parameters.DeviceIoControl.IoControlCode )
    {
        ...
    case IOCTL_NOTIFY_STATE:
    Irp->IoStatus.Information = 0;
    Irp->IoStatus.Status = STATUS_PENDING;
    IoMarkIrpPending(Irp); 
    PeddingIRP = Irp;
        IoSetCancelRoutine(Irp, PtDriverCancelIRP);

    return STATUS_PENDING;
        ...
    }
    ...
}

It works when some event notify to application. But when I uninstall the driver, blue screen error occurs: A driver has returnned from a cancellation call holding the global cancel lock. The error code id 0x011B. I use windbg trace it, and the trace happens in "PtDriverCancelIRP" function.

Dose a lock relaoted this error? I don't know why? How I fix it?

P.S. This driver is no error in Windows XP

Answer 1

A cancel routine is responsible to release the cancel spinlock. Use IoReleaseCancelSpinLock for that.

VOID PtDriverCancelIRP(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) 
{ 
    UNREFERENCED_PARAMETER(DeviceObject);

    KdPrint(( "[WENZ] User Message Cancel Irp....\n" ));

    if ( Irp == PeddingIRP)
        PeddingIRP = NULL; 

    IoReleaseCancelSpinLock(); // release the cancel spinlock

    Irp->IoStatus.Status = STATUS_CANCELLED; 
    Irp->IoStatus.Information = 0; 
    IoCompleteRequest(Irp,IO_NO_INCREMENT); 
}