Kernel/Io,Ps: Fix resource leaks, IRQL corruption, and race conditions

IopDeleteDevice: lower IRQL when DeletePending is false, preventing
the caller from being stuck at elevated IRQL indefinitely.

IopParseDevice: free FileObject and decrement DeviceObject refcount
when GetObjectNativeHandle fails, fixing per-failed-open leak.

IopQueryDeviceInformation: add missing ObfDereferenceObject call,
fixing a FileObject reference leak on every file query operation.

IoQueryVolumeInformation: return X_STATUS_NOT_IMPLEMENTED instead of
S_OK to prevent callers from using uninitialized output buffers.

IoCompletionObjectType: add IopDeleteIoCompletion delete procedure
that drains queued CXBX_IO_COMPLETION_PACKET entries on destruction.

PsTerminateSystemThread: wrap ThreadListEntry removal, StackCount
decrement, and reaper list insertion in KeRaiseIrqlToDpcLevel/
KfLowerIrql to match KeInitializeThread's insertion locking.

Author: PatrickvL

src/core/kernel/exports/EmuKrnlIo.cpp

@@ -68,6 +68,9 @@ static xbox::void_xt IopDeleteDevice
 			ObfDereferenceObject(DeviceObject);
 		}
 	}
+	else {
+		KfLowerIrql(OldIrql);
+	}
 }
 
 // ******************************************************************
@@ -258,6 +261,21 @@ XBSYSAPI EXPORTNUM(63) xbox::ntstatus_xt NTAPI xbox::IoCheckShareAccess
 	RETURN(X_STATUS_SUCCESS);
 }
 
+// Drain any remaining completion packets from the KQUEUE when the IoCompletion object is destroyed
+static xbox::void_xt NTAPI IopDeleteIoCompletion(IN xbox::PVOID ObjectBody)
+{
+	xbox::PKQUEUE Queue = reinterpret_cast<xbox::PKQUEUE>(ObjectBody);
+
+	// Remove and free all queued completion packets
+	while (Queue->EntryListHead.Flink != &Queue->EntryListHead) {
+		xbox::LIST_ENTRY *Entry = Queue->EntryListHead.Flink;
+		Entry->Blink->Flink = Entry->Flink;
+		Entry->Flink->Blink = Entry->Blink;
+		xbox::PCXBX_IO_COMPLETION_PACKET Packet = CONTAINING_RECORD(Entry, xbox::CXBX_IO_COMPLETION_PACKET, ListEntry);
+		xbox::ExFreePool(Packet);
+	}
+}
+
 // ******************************************************************
 // * 0x0040 - IoCompletionObjectType
 // ******************************************************************
@@ -266,7 +284,7 @@ XBSYSAPI EXPORTNUM(64) xbox::OBJECT_TYPE xbox::IoCompletionObjectType =
 	xbox::ExAllocatePoolWithTag,
 	xbox::ExFreePool,
 	NULL,
-	NULL, // TODO : xbox::IopDeleteIoCompletion,
+	IopDeleteIoCompletion,
 	NULL,
 	&xbox::ObpDefaultObject,
 	'pmoC' // = first four characters of "Completion" in reverse
@@ -973,7 +991,10 @@ xbox::ntstatus_xt NTAPI xbox::IopParseDevice(
 	}
 	if (!RootDirectory) {
 		// Then it must be from xbox's end which we don't have any support.
-		// TODO: How to free object resource?
+		if (!UseDummyFile) {
+			ObfDereferenceObject(FileObject);
+		}
+		reinterpret_cast<PDEVICE_OBJECT>(ParseObject)->ReferenceCount--;
 		EmuLog(LOG_LEVEL::ERROR2, "IopParseDevice attempt call GetObjectNativeHandle could not find any.");
 		return X_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
@@ -1276,6 +1297,8 @@ xbox::ntstatus_xt IopQueryDeviceInformation
 		result = X_STATUS_INVALID_PARAMETER;
 	}
 
+	ObfDereferenceObject(FileObject);
+
 	return result;
 
 }
@@ -1328,7 +1351,7 @@ XBSYSAPI EXPORTNUM(76) xbox::ntstatus_xt NTAPI xbox::IoQueryVolumeInformation
 	// DxbxPC2XB_FS_INFORMATION
 	LOG_UNIMPLEMENTED();
 
-	RETURN(S_OK);
+	RETURN(X_STATUS_NOT_IMPLEMENTED);
 }
 
 // ******************************************************************

src/core/kernel/exports/EmuKrnlPs.cpp

@@ -525,14 +525,18 @@ XBSYSAPI EXPORTNUM(258) xbox::void_xt NTAPI xbox::PsTerminateSystemThread
 		eThread->UniqueThread = xbox::zeroptr;
 	}
 
-	// Remove thread from the process
-	RemoveEntryList(&eThread->Tcb.ThreadListEntry);
-	eThread->Tcb.State = Terminated;
-	KiUniqueProcess.StackCount--;
+	// Remove thread from the process (synchronized with KeInitializeThread's insertion)
+	{
+		KIRQL OldIrql = KeRaiseIrqlToDpcLevel();
+		RemoveEntryList(&eThread->Tcb.ThreadListEntry);
+		eThread->Tcb.State = Terminated;
+		KiUniqueProcess.StackCount--;
+		InsertTailList(&PspReaperListHead, &((PETHREAD)eThread)->ReaperLink);
+		KfLowerIrql(OldIrql);
+	}
 
 	// PspReaperRoutine technically free'd the memory allocation from MmCreateKernelStack function.
 	// Therefore is run from another thread.
-	InsertTailList(&PspReaperListHead, &((PETHREAD)eThread)->ReaperLink);
 	KeInsertQueueDpc(&PsReaperDpc, NULL, NULL);
 
 	EmuKeFreePcr();