Bug in SFilter Windows 2000 IFS Kit sample

NTFSD
1

[The information below has also been added to the Windows 2000 IFS Kit
Errata list, which can be found at
http://www.microsoft.com/hwdev/ntifskit/errata.htm.]

A bug has recently been found and corrected in the SFilter sample. If your
file system filter driver was based on SFilter, you should make the same
changes to your own driver code. Following is a complete description of the
bug and the corrected code.

Dispatch routines should always use IoCopyCurrentIrpStackLocationToNext or
IoSkipCurrentStackLocation to copy the contents of the current IRP stack
location to that of the next-lower driver on the stack.
IoCopyCurrentIrpStackLocationToNext allows the current driver to set an I/O
completion routine; IoSkipCurrentStackLocation does not.

Drivers should never copy stack locations manually. Driver Verifier now
checks for this error. SFilter copied stack locations manually (and
incorrectly). Thus the following code has been changed wherever it occurs in
SFilter’s dispatch routines (all of which are defined in the file
sfilter.c):

  1. The following lines:
    PIO_STACK_LOCATION nextIrpSp;
    irpSp = IoGetCurrentIrpStackLocation( Irp );
    nextIrpSp = IoGetNextIrpStackLocation( Irp );
    RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );
    have been changed to:
    IoCopyCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfPassThrough (comment only)
    SfCreate (1 occurrence)
    SfFsControl (2 occurrences)

  2. The following lines:
    Irp->CurrentLocation++;
    Irp->Tail.Overlay.CurrentStackLocation++;
    have been changed to:
    IoSkipCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfCreate (1 occurrence)
    SfCleanupClose (1 occurrence)
    SfFsControl (2 occurrences)

2

Hi Diane,

There is an error in the ‘fix’ code you’ve supplied.

At the bottom of the document you supply the line:
IoSkipCurrentIrpStackLocationToNext( Irp );

Whereas at the top you talk about:
IoSkipCurrentStackLocation

Since there is no such function as IoSkipCurrentIrpStackLocationToNext I’m
assuming that
IoSkipCurrentStackLocation is the correct one.

The error is repeated in http://www.microsoft.com/hwdev/ntifskit/errata.htm

Most people will cut and paste the code lines as I did so you might want to
reannounce the fix and update the web page.

Regards,
Graham Allen

At 04:42 PM 3/24/00 -0800, Diane Olsen wrote:

[The information below has also been added to the Windows 2000 IFS Kit
Errata list, which can be found at
http://www.microsoft.com/hwdev/ntifskit/errata.htm.]

A bug has recently been found and corrected in the SFilter sample. If your
file system filter driver was based on SFilter, you should make the same
changes to your own driver code. Following is a complete description of the
bug and the corrected code.

Dispatch routines should always use IoCopyCurrentIrpStackLocationToNext or
IoSkipCurrentStackLocation to copy the contents of the current IRP stack
location to that of the next-lower driver on the stack.
IoCopyCurrentIrpStackLocationToNext allows the current driver to set an I/O
completion routine; IoSkipCurrentStackLocation does not.

Drivers should never copy stack locations manually. Driver Verifier now
checks for this error. SFilter copied stack locations manually (and
incorrectly). Thus the following code has been changed wherever it occurs in
SFilter’s dispatch routines (all of which are defined in the file
sfilter.c):

  1. The following lines:
    PIO_STACK_LOCATION nextIrpSp;
    irpSp = IoGetCurrentIrpStackLocation( Irp );
    nextIrpSp = IoGetNextIrpStackLocation( Irp );
    RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );
    have been changed to:
    IoCopyCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfPassThrough (comment only)
    SfCreate (1 occurrence)
    SfFsControl (2 occurrences)

  2. The following lines:
    Irp->CurrentLocation++;
    Irp->Tail.Overlay.CurrentStackLocation++;
    have been changed to:
    IoSkipCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfCreate (1 occurrence)
    SfCleanupClose (1 occurrence)
    SfFsControl (2 occurrences)

You are currently subscribed to ntfsd as: xxxxx@datawizard.com.au

3

Whoops! Thanks! I’ll get that fixed right away.

–Diane

-----Original Message-----
From: Graham Allen [mailto:xxxxx@datawizard.com.au]
Sent: Monday, March 27, 2000 4:18 AM
To: File Systems Developers
Cc: Diane Olsen; Windows NT IFS Kit external feedback
Subject: Re: [ntfsd] Bug in SFilter Windows 2000 IFS Kit sample

Hi Diane,

There is an error in the ‘fix’ code you’ve supplied.

At the bottom of the document you supply the line:
IoSkipCurrentIrpStackLocationToNext( Irp );

Whereas at the top you talk about:
IoSkipCurrentStackLocation

Since there is no such function as IoSkipCurrentIrpStackLocationToNext I’m
assuming that
IoSkipCurrentStackLocation is the correct one.

The error is repeated in http://www.microsoft.com/hwdev/ntifskit/errata.htm

Most people will cut and paste the code lines as I did so you might want to
reannounce the fix and update the web page.

Regards,
Graham Allen

At 04:42 PM 3/24/00 -0800, Diane Olsen wrote:

[The information below has also been added to the Windows 2000 IFS Kit
Errata list, which can be found at
http://www.microsoft.com/hwdev/ntifskit/errata.htm.]

A bug has recently been found and corrected in the SFilter sample. If your
file system filter driver was based on SFilter, you should make the same
changes to your own driver code. Following is a complete description of the
bug and the corrected code.

Dispatch routines should always use IoCopyCurrentIrpStackLocationToNext or
IoSkipCurrentStackLocation to copy the contents of the current IRP stack
location to that of the next-lower driver on the stack.
IoCopyCurrentIrpStackLocationToNext allows the current driver to set an I/O
completion routine; IoSkipCurrentStackLocation does not.

Drivers should never copy stack locations manually. Driver Verifier now
checks for this error. SFilter copied stack locations manually (and
incorrectly). Thus the following code has been changed wherever it occurs
in
SFilter’s dispatch routines (all of which are defined in the file
sfilter.c):

  1. The following lines:
    PIO_STACK_LOCATION nextIrpSp;
    irpSp = IoGetCurrentIrpStackLocation( Irp );
    nextIrpSp = IoGetNextIrpStackLocation( Irp );
    RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );
    have been changed to:
    IoCopyCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfPassThrough (comment only)
    SfCreate (1 occurrence)
    SfFsControl (2 occurrences)

  2. The following lines:
    Irp->CurrentLocation++;
    Irp->Tail.Overlay.CurrentStackLocation++;
    have been changed to:
    IoSkipCurrentIrpStackLocationToNext( Irp );
    in the following routines:
    SfCreate (1 occurrence)
    SfCleanupClose (1 occurrence)
    SfFsControl (2 occurrences)

You are currently subscribed to ntfsd as: xxxxx@datawizard.com.au

4

Would it be possible to get more detail on the potential problems this bug
may cause? Some of us have Sfilter based drivers in existing products and
we need to know how urgent this issue is to help determine when to make a
fix available.

Thanks

Rick Winter

-----Original Message-----
From: Diane Olsen [mailto:xxxxx@Exchange.Microsoft.com]
Sent: Monday, March 27, 2000 1:29 PM
To: File Systems Developers
Cc: Windows NT IFS Kit external feedback
Subject: [ntfsd] RE: Bug in SFilter Windows 2000 IFS Kit sample

Whoops! Thanks! I’ll get that fixed right away.

–Diane

-----Original Message-----
From: Graham Allen [ mailto:xxxxx@datawizard.com.au
mailto:xxxxx ]
Sent: Monday, March 27, 2000 4:18 AM
To: File Systems Developers
Cc: Diane Olsen; Windows NT IFS Kit external feedback
Subject: Re: [ntfsd] Bug in SFilter Windows 2000 IFS Kit sample

Hi Diane,

There is an error in the ‘fix’ code you’ve supplied.

At the bottom of the document you supply the line:
IoSkipCurrentIrpStackLocationToNext( Irp );

Whereas at the top you talk about:
IoSkipCurrentStackLocation

Since there is no such function as IoSkipCurrentIrpStackLocationToNext I’m
assuming that
IoSkipCurrentStackLocation is the correct one.

The error is repeated in http://www.microsoft.com/hwdev/ntifskit/errata.htm
http:

Most people will cut and paste the code lines as I did so you might want to
reannounce the fix and update the web page.

Regards,
Graham Allen

At 04:42 PM 3/24/00 -0800, Diane Olsen wrote:
>[The information below has also been added to the Windows 2000 IFS Kit
>Errata list, which can be found at
> http://www.microsoft.com/hwdev/ntifskit/errata.htm
http: .]
>
>A bug has recently been found and corrected in the SFilter sample. If your
>file system filter driver was based on SFilter, you should make the same
>changes to your own driver code. Following is a complete description of the

>bug and the corrected code.
>
>Dispatch routines should always use IoCopyCurrentIrpStackLocationToNext or
>IoSkipCurrentStackLocation to copy the contents of the current IRP stack
>location to that of the next-lower driver on the stack.
>IoCopyCurrentIrpStackLocationToNext allows the current driver to set an I/O

>completion routine; IoSkipCurrentStackLocation does not.
>
>Drivers should never copy stack locations manually. Driver Verifier now
>checks for this error. SFilter copied stack locations manually (and
>incorrectly). Thus the following code has been changed wherever it occurs
in
>SFilter’s dispatch routines (all of which are defined in the file
>sfilter.c):
>
>1. The following lines:
> PIO_STACK_LOCATION nextIrpSp;
> irpSp = IoGetCurrentIrpStackLocation( Irp );
> nextIrpSp = IoGetNextIrpStackLocation( Irp );
> RtlMoveMemory( nextIrpSp, irpSp, sizeof( IO_STACK_LOCATION ) );
> have been changed to:
> IoCopyCurrentIrpStackLocationToNext( Irp );
> in the following routines:
> SfPassThrough (comment only)
> SfCreate (1 occurrence)
> SfFsControl (2 occurrences)
>
>2. The following lines:
> Irp->CurrentLocation++;
> Irp->Tail.Overlay.CurrentStackLocation++;
> have been changed to:
> IoSkipCurrentIrpStackLocationToNext( Irp );
> in the following routines:
> SfCreate (1 occurrence)
> SfCleanupClose (1 occurrence)
> SfFsControl (2 occurrences)
>
>—
>You are currently subscribed to ntfsd as: xxxxx@datawizard.com.au</http:></http:></mailto:xxxxx>