IRP_MJ_MDL_READ question

Hi All,

We have a HSM filter driver which was running for a few years.

Recently we found an issue in a customer site, here the configuration of the customer.
One Windows 2008 R2 which install our filter driver, names it as computer A, and one is Windows 2008 SP2, names computer B, both are x64 bit.

In computer A, there are some empty sparse files with the reparse point set, when the users try to read these files, our filter driver will intercept it and replace the read buffer with our own data.

The customer found an issue, when they tried to run “copy” or “robocopy” in the DOS prompt to copy the sparse file in computer A from computer B via UNC path, it will get back the empty content. But if they copy&paste the sparse file in Windows explorer, there are no any issue.

So we run the filespy in computer A, we found that the copy will trigger FASTIO_MDL_READ, in this case our filter driver will disable this fast IO, then there are IRP_MJ_READ/IRP_MN_MDL comes in, our filter driver will create an MDL for that and copy the data to buffer. Here is some output of file spy:

15:49:14.520 System FASTIO_MDL_READ FFFFF8A01D4C2920 F:\test.tar STATUS_UNSUCCESSFUL Offset: 00000000-000B4000 ToRead: F000 Read: 0
29 15:49:14.520 109 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset: 00000000-000B4000 ToRead: F000 Read: F000
30 15:49:14.629 System FASTIO_MDL_READ_COMPLETE FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS
31 15:49:14.645 System FASTIO_MDL_READ FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset: 00000000-000C3000 ToRead: F000 Read: 0
32 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset: 00000000-000C3000 ToRead: F000 Read: F000
33 15:49:14.645 System FASTIO_MDL_READ FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset: 00000000-000D2000 ToRead: F000 Read: 0
34 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset: 00000000-000D2000 ToRead: F000 Read: F000
35 15:49:14.645 System FASTIO_MDL_READ_COMPLETE FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS

From the filespy output, we saw that read data is not 0, all the MDL read returns the not NULL data.

Both Windows explorer copy and DOS copy we saw the same IO behaviour which comes with MDL read. So we can’t understand why the copy from DOS prompt didn’t get back the correct data instead of null data.

We are much appreciate if anyone can give us suggestions.

Thanks
Tsang

Did I understand you right that on mdl read, you create a mdl, map it to
virtual space and then copy data to it and return exactly this allocated
mdl?

8 дек. 2016 г. 8:04 PM пользователь написал:

Hi All,

We have a HSM filter driver which was running for a few years.

Recently we found an issue in a customer site, here the configuration of
the customer.
One Windows 2008 R2 which install our filter driver, names it as computer
A, and one is Windows 2008 SP2, names computer B, both are x64 bit.

In computer A, there are some empty sparse files with the reparse point
set, when the users try to read these files, our filter driver will
intercept it and replace the read buffer with our own data.

The customer found an issue, when they tried to run “copy” or “robocopy” in
the DOS prompt to copy the sparse file in computer A from computer B via
UNC path, it will get back the empty content. But if they copy&paste the
sparse file in Windows explorer, there are no any issue.

So we run the filespy in computer A, we found that the copy will trigger
FASTIO_MDL_READ, in this case our filter driver will disable this fast IO,
then there are IRP_MJ_READ/IRP_MN_MDL comes in, our filter driver will
create an MDL for that and copy the data to buffer. Here is some output of
file spy:

15:49:14.520 System FASTIO_MDL_READ
FFFFF8A01D4C2920 F:\test.tar STATUS_UNSUCCESSFUL Offset:
00000000-000B4000 ToRead: F000 Read: 0
29 15:49:14.520 109 System IRP_MJ_READ/IRP_MN_MDL 00000004
FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
00000000-000B4000 ToRead: F000 Read: F000
30 15:49:14.629 System FASTIO_MDL_READ_COMPLETE
FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS
31 15:49:14.645 System FASTIO_MDL_READ
FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset:
00000000-000C3000 ToRead: F000 Read: 0
32 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004
FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
00000000-000C3000 ToRead: F000 Read: F000
33 15:49:14.645 System FASTIO_MDL_READ
FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset:
00000000-000D2000 ToRead: F000 Read: 0
34 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004
FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
00000000-000D2000 ToRead: F000 Read: F000
35 15:49:14.645 System FASTIO_MDL_READ_COMPLETE
FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS

From the filespy output, we saw that read data is not 0, all the MDL read
returns the not NULL data.

Both Windows explorer copy and DOS copy we saw the same IO behaviour which
comes with MDL read. So we can’t understand why the copy from DOS prompt
didn’t get back the correct data instead of null data.

We are much appreciate if anyone can give us suggestions.

Thanks
Tsang


NTFSD is sponsored by OSR

MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at <
http://www.osronline.com/page.cfm?name=ListServer&gt;</http:>

You are handling MDL read requests incorrectly. The MDL returned
describes pages in the system cache. Try looking into CcMdlRead() and
CcMdlReadComplete().

Pete


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

------ Original Message ------
From: xxxxx@hotmail.com
To: “Windows File Systems Devs Interest List”
Sent: 12/8/2016 10:05:07 AM
Subject: [ntfsd] IRP_MJ_MDL_READ question

>Hi All,
>
>We have a HSM filter driver which was running for a few years.
>
>Recently we found an issue in a customer site, here the configuration
>of the customer.
>One Windows 2008 R2 which install our filter driver, names it as
>computer A, and one is Windows 2008 SP2, names computer B, both are x64
>bit.
>
>In computer A, there are some empty sparse files with the reparse point
>set, when the users try to read these files, our filter driver will
>intercept it and replace the read buffer with our own data.
>
>The customer found an issue, when they tried to run “copy” or
>“robocopy” in the DOS prompt to copy the sparse file in computer A from
>computer B via UNC path, it will get back the empty content. But if
>they copy&paste the sparse file in Windows explorer, there are no any
>issue.
>
>So we run the filespy in computer A, we found that the copy will
>trigger FASTIO_MDL_READ, in this case our filter driver will disable
>this fast IO, then there are IRP_MJ_READ/IRP_MN_MDL comes in, our
>filter driver will create an MDL for that and copy the data to buffer.
>Here is some output of file spy:
>
>
>15:49:14.520 System FASTIO_MDL_READ FFFFF8A01D4C2920 F:\test.tar STATUS_UNSUCCESSFUL Offset:
>00000000-000B4000 ToRead: F000 Read: 0
>29 15:49:14.520 109 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
>00000000-000B4000 ToRead: F000 Read: F000
>30 15:49:14.629 System FASTIO_MDL_READ_COMPLETE FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS
>31 15:49:14.645 System FASTIO_MDL_READ FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset:
>00000000-000C3000 ToRead: F000 Read: 0
>32 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
>00000000-000C3000 ToRead: F000 Read: F000
>33 15:49:14.645 System FASTIO_MDL_READ FFFFF8A01D4C2920 f:\test.tar STATUS_UNSUCCESSFUL Offset:
>00000000-000D2000 ToRead: F000 Read: 0
>34 15:49:14.645 System IRP_MJ_READ/IRP_MN_MDL 00000004 FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS Offset:
>00000000-000D2000 ToRead: F000 Read: F000
>35 15:49:14.645 System FASTIO_MDL_READ_COMPLETE FFFFF8A01D4C2920 f:\test.tar STATUS_SUCCESS
>
>From the filespy output, we saw that read data is not 0, all the MDL
>read returns the not NULL data.
>
>Both Windows explorer copy and DOS copy we saw the same IO behaviour
>which comes with MDL read. So we can’t understand why the copy from DOS
>prompt didn’t get back the correct data instead of null data.
>
>We are much appreciate if anyone can give us suggestions.
>
>Thanks
>Tsang
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>—
>NTFSD is sponsored by OSR
>
>
>MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>software drivers!
>Details at http:
>
>To unsubscribe, visit the List Server section of OSR Online at
>http:</http:></http:>

Thanks Peter and Anatoly,

We allocated the nonpaged buffer and mapped the MDL to the buffer, copy our own data to the buffer when the IRP_MJ_MDL read comes in and complete IO in pre-read.

There are no issue for the same IO with copy&paste from Windows explorer, the return data is not empty, but copy from DOS prompt, the return data is NULL.

Regards
Tsang

> We allocated the nonpaged buffer and mapped the MDL to the buffer, copy
our own data to the buffer when the IRP_MJ_MDL read comes in and complete
IO in pre-read.

As it was stated above, this is not correct implement. You should request
MDL from cache manager and return it to IRP sender.

There are no issue for the same IO with copy&paste from Windows explorer,
the return data is not empty, but copy from DOS prompt, the return data is
NULL.

Fix your implement first, then see if problem still appears

2016-12-08 21:23 GMT+03:00 :

> Thanks Peter and Anatoly,
>
> We allocated the nonpaged buffer and mapped the MDL to the buffer, copy
> our own data to the buffer when the IRP_MJ_MDL read comes in and complete
> IO in pre-read.
>
> There are no issue for the same IO with copy&paste from Windows explorer,
> the return data is not empty, but copy from DOS prompt, the return data is
> NULL.
>
> Regards
> Tsang
>
>
> —
> NTFSD is sponsored by OSR
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:>

Hi Anatoly,

We disabled the Cache IO for our files, that’s why we allocated our own buffer for the MDL instead of requesting from Cache manager. We have our own cache buffer.

Thanks
Tsang