ZwReadFile issue

NTDEV
1

Hi,

I am facing an issue when performing ZwReadFile function. When i am trying to perform ZwReadFile operation, its hanging when it is in this ZwReadile function. I found this issue when i’m debugging my driver code. Please find below the code and WinDbg debug commands

VOID
RfmEvtRead(WDFQUEUE Queue, WDFREQUEST Request, size_t Length)
{
NTSTATUS status;
PCAIFRFM_DEVICE_CONTEXT deviceData = 0;
PVOID outBuf = 0;
ULONG_PTR bytesRead = 0;
IO_STATUS_BLOCK ioStatus;
UCHAR buffer[4096];

UNREFERENCED_PARAMETER(Queue);
UNREFERENCED_PARAMETER(Length);

DbgBreakPoint();
RFMDBG((“\nRfmEvtRead Start\n”));
//
// Get a pointer to our device extension, just to show how it’s done.
// (get the WDFDEVICE from the WDFQUEUE, and the extension from the device)
//
deviceData = CaifRfmGetContextFromDevice(
WdfIoQueueGetDevice(Queue) );

status = WdfRequestRetrieveOutputBuffer(Request, 1, &outBuf, &Length);

if(!NT_SUCCESS(status))
{
#if DBG
DbgPrint(“CaifRFMEvtRead failed\n”);
#endif
WdfRequestCompleteWithInformation(Request, status, 0);
return;
}

#if DBG
DbgPrint(“CaifRFMEvtRead success\n”);
#endif

if(deviceData->FileHandle) {
status = ZwReadFile ((HANDLE)deviceData->FileHandle,
NULL,// Event,
NULL,// PIO_APC_ROUTINE ApcRoutine
NULL,// PVOID ApcContext
&ioStatus,
outBuf,
(ULONG)Length,
0, // ByteOffset
NULL // Key
);

if (!NT_SUCCESS(status)) {

DbgPrint(“\nZwReadFile failed with status 0x%x”, status);
}
else
{
DbgPrint(“\nZwReadFile Succeeded”);
}

status = ioStatus.Status;
bytesRead = ioStatus.Information;

//for(index = 0; index < 32; index++) {
DbgPrint(“outbuf = 0x%0x”, *(&outBuf));
}
RtlCopyMemory(outBuf, buffer, Length);

WdfRequestCompleteWithInformation(Request,
STATUS_SUCCESS,
0);
}

WinDbg output log:

// WinDbg
CaifRFM!RfmEvtRead+0xbf:
9547f8bf 6a00 push 0
kd> p

*** Fatal System Error: 0x0000007f
(0x00000008,0x801C6000,0x00000000,0x00000000)

WARNING: This break is not a step/trace completion.
The last command has been cleared to prevent
accidental continuation of this unrelated event.
Check the event, location and thread before resuming.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

nt!RtlpBreakWithStatusInstruction:
82860d00 cc int 3

Regards,
Pradeep

2

At what irql are you calling ZwReadFile? It must be passive level with APCs enabled

d

debt from my phone

From: xxxxx@gmail.com
Sent: 3/11/2012 9:47 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ZwReadFile issue

Hi,

I am facing an issue when performing ZwReadFile function. When i am trying to perform ZwReadFile operation, its hanging when it is in this ZwReadile function. I found this issue when i’m debugging my driver code. Please find below the code and WinDbg debug commands

VOID
RfmEvtRead(WDFQUEUE Queue, WDFREQUEST Request, size_t Length)
{
NTSTATUS status;
PCAIFRFM_DEVICE_CONTEXT deviceData = 0;
PVOID outBuf = 0;
ULONG_PTR bytesRead = 0;
IO_STATUS_BLOCK ioStatus;
UCHAR buffer[4096];

UNREFERENCED_PARAMETER(Queue);
UNREFERENCED_PARAMETER(Length);

DbgBreakPoint();
RFMDBG((“\nRfmEvtRead Start\n”));
//
// Get a pointer to our device extension, just to show how it’s done.
// (get the WDFDEVICE from the WDFQUEUE, and the extension from the device)
//
deviceData = CaifRfmGetContextFromDevice(
WdfIoQueueGetDevice(Queue) );

status = WdfRequestRetrieveOutputBuffer(Request, 1, &outBuf, &Length);

if(!NT_SUCCESS(status))
{
#if DBG
DbgPrint(“CaifRFMEvtRead failed\n”);
#endif
WdfRequestCompleteWithInformation(Request, status, 0);
return;
}

#if DBG
DbgPrint(“CaifRFMEvtRead success\n”);
#endif

if(deviceData->FileHandle) {
status = ZwReadFile ((HANDLE)deviceData->FileHandle,
NULL,// Event,
NULL,// PIO_APC_ROUTINE ApcRoutine
NULL,// PVOID ApcContext
&ioStatus,
outBuf,
(ULONG)Length,
0, // ByteOffset
NULL // Key
);

if (!NT_SUCCESS(status)) {

DbgPrint(“\nZwReadFile failed with status 0x%x”, status);
}
else
{
DbgPrint(“\nZwReadFile Succeeded”);
}

status = ioStatus.Status;
bytesRead = ioStatus.Information;

//for(index = 0; index < 32; index++) {
DbgPrint(“outbuf = 0x%0x”, *(&outBuf));
}
RtlCopyMemory(outBuf, buffer, Length);

WdfRequestCompleteWithInformation(Request,
STATUS_SUCCESS,
0);
}

WinDbg output log:

// WinDbg
CaifRFM!RfmEvtRead+0xbf:
9547f8bf 6a00 push 0
kd> p

*** Fatal System Error: 0x0000007f
(0x00000008,0x801C6000,0x00000000,0x00000000)

WARNING: This break is not a step/trace completion.
The last command has been cleared to prevent
accidental continuation of this unrelated event.
Check the event, location and thread before resuming.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

nt!RtlpBreakWithStatusInstruction:
82860d00 cc int 3

Regards,
Pradeep

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

it seems to be the problem caused by kernel stack overflow.

–> UCHAR buffer[4096]; // too big

why don’t u allocate memory for the read buffer.

4

See below…

Hi,

I am facing an issue when performing ZwReadFile function. When i am trying
to perform ZwReadFile operation, its hanging when it is in this ZwReadile
function. I found this issue when i’m debugging my driver code. Please
find below the code and WinDbg debug commands

VOID
RfmEvtRead(WDFQUEUE Queue, WDFREQUEST Request, size_t Length)
{
NTSTATUS status;
PCAIFRFM_DEVICE_CONTEXT deviceData = 0;
PVOID outBuf = 0;
ULONG_PTR bytesRead = 0;
IO_STATUS_BLOCK ioStatus;
UCHAR buffer[4096];
*****
This line is very risky in a driver. Kernel stacks are quite small, and
by the time this function is called, some unknown chunk of that small
stack is already consumed. Now you ask for a really big chunk of stack
space. Not the best idea

And if you are thinking “allocating storage is expensive”, keep in mind
that you are about to call ZwReadFile, and statistically, disk rotational
delay is orders of magnitude slower than allocating storage.

******

UNREFERENCED_PARAMETER(Queue);
UNREFERENCED_PARAMETER(Length);

DbgBreakPoint();
RFMDBG((“\nRfmEvtRead Start\n”));
//
// Get a pointer to our device extension, just to show how it’s done.
// (get the WDFDEVICE from the WDFQUEUE, and the extension from the
device)
//
deviceData = CaifRfmGetContextFromDevice(
WdfIoQueueGetDevice(Queue) );

status = WdfRequestRetrieveOutputBuffer(Request, 1, &outBuf, &Length);

if(!NT_SUCCESS(status))
{
#if DBG
DbgPrint(“CaifRFMEvtRead failed\n”);
#endif
WdfRequestCompleteWithInformation(Request, status, 0);
return;
}

#if DBG
DbgPrint(“CaifRFMEvtRead success\n”);
#endif

if(deviceData->FileHandle) {
status = ZwReadFile ((HANDLE)deviceData->FileHandle,
NULL,// Event,
NULL,// PIO_APC_ROUTINE ApcRoutine
NULL,// PVOID ApcContext
&ioStatus,
outBuf,
(ULONG)Length,
0, // ByteOffset
NULL // Key
);

if (!NT_SUCCESS(status)) {

DbgPrint(“\nZwReadFile failed with status 0x%x”, status);
}
else
{
DbgPrint(“\nZwReadFile Succeeded”);
}

status = ioStatus.Status;
bytesRead = ioStatus.Information;

//for(index = 0; index < 32; index++) {
DbgPrint(“outbuf = 0x%0x”, *(&outBuf));
}
RtlCopyMemory(outBuf, buffer, Length);

WdfRequestCompleteWithInformation(Request,
STATUS_SUCCESS,
0);
}

WinDbg output log:

// WinDbg
CaifRFM!RfmEvtRead+0xbf:
9547f8bf 6a00 push 0
kd> p

*** Fatal System Error: 0x0000007f
(0x00000008,0x801C6000,0x00000000,0x00000000)

WARNING: This break is not a step/trace completion.
The last command has been cleared to prevent
accidental continuation of this unrelated event.
Check the event, location and thread before resuming.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

nt!RtlpBreakWithStatusInstruction:
82860d00 cc int 3

******
and where is the !analyze -v output? This is not useful!
*****

Regards,
Pradeep

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

Hi all,

Thanks for your response. Now its working fine once i have reduced the read buffer size. Also one more query i got. How to increase the stack size for a KMDF driver. Also read operation is working fine only when i set IO Type as Direct IO method. IF i set it as Buffered IO type then ZwReadFile is getting succeeds but its not reading the actual value from other driver. Please help in this consideration on how to use Buffer IO method for ZwReadFile Operation

6

This should have nothing to do with the size of the callstack unless you are still putting the buffer on the stack as a local.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Monday, March 12, 2012 11:15 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ZwReadFile issue

Hi all,

Thanks for your response. Now its working fine once i have reduced the read buffer size. Also one more query i got. How to increase the stack size for a KMDF driver. Also read operation is working fine only when i set IO Type as Direct IO method. IF i set it as Buffered IO type then ZwReadFile is getting succeeds but its not reading the actual value from other driver. Please help in this consideration on how to use Buffer IO method for ZwReadFile Operation

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer