Sorry, you are right. I was doing different test doing CTRL+SHIFT+I with windbg and changing parameters and probably I left some opened handle.
BTW, I’ve beeing playing a little bit with transactions and I have a deadlock scenario, which I’m not sure if can be a bug in NTFS:
In post-create, I filter all operations, except when notepad.exe opens a .txt file. When notepad opens a txt, I try to open that same txt file, this way:
txnBlock.Length = sizeof(txnBlock);
txnBlock.TransactionObject = MyTransactionObject;
txnBlock.TxFsContext = TXF_MINIVERSION_DEFAULT_VIEW;
IoInitializeDriverCreateContext(&CreateContext);
CreateContext.TxnParameters = &txnBlock;
RetVal = FltCreateFileEx2(Filter, Instance, &hFile, &MyFO,
Data->Iopb->Parameters.Create.SecurityContext->DesiredAccess, &ObjAttrib, &IOStatus, &Data->Iopb->Parameters.Create.AllocationSize, Data->Iopb->Parameters.Create.FileAttributes, FILE_SHARE_VALID_FLAGS, CreateDisposition, CreateOptions,
Data->Iopb->Parameters.Create.EaBuffer, Data->Iopb->Parameters.Create.EaLength, IO_IGNORE_SHARE_ACCESS_CHECK, &CreateContext);
if (hFile){
FltClose(hFile);
}
If call success, I close the handle, but I’m keeping the reference to the object. Notepad then closes the file, but Mm o whoever is maintaining a reference to the Top FO, so I’m also maintaining my reference to my transacted FO.
Later I try to save the txt, so notepad issues a new mj_create, in the post, the above code is again executed and it gets deadlocked in the FltCreateFileEx2 call…
This is the output from !locks:
0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks…
Resource @ 0xffffe0015f8adb80 Exclusively owned
Contention Count = 5
Threads: ffffe0015f744840-01<*>
Resource @ 0xffffe0015f8adc30 Exclusively owned
Contention Count = 121
Threads: ffffe0015f744840-01<*>
KD: Scanning for held locks…
Resource @ 0xffffe0016114d260 Exclusively owned
Contention Count = 23
Threads: ffffe0015f744840-01<*>
KD: Scanning for held locks.
14905 total locks, 3 locks currently held
And finally:
!thread ffffe0015f744840
…
1: kd> !thread ffffe0015f744840
THREAD ffffe0015f744840 Cid 0fc0.09b0 Teb: 00007ff685f4d000 Win32Thread: ffffe00161a710e0 RUNNING on processor 0
IRP List:
ffffcf8040b7ec10: (0006,03e8) Flags: 40000884 Mdl: 00000000
ffffcf8041112c10: (0006,03e8) Flags: 40000884 Mdl: 00000000
Not impersonating
DeviceMap ffffc001d97c6a60
Owning Process ffffe0016181e080 Image: notepad.exe
Attached Process N/A Image: N/A
Wait Start TickCount 2061069 Ticks: 0
Context Switch Count 1479 IdealProcessor: 0
UserTime 00:00:00.031
KernelTime 00:00:30.859
Win32 Start Address 0x00007ff686c94030
Stack Init ffffd0002be34fd0 Current ffffd0002be33660
Base ffffd0002be35000 Limit ffffd0002be2f000 Call 0
Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd0002be340b0 fffff800
1e0cc4ee : ffffe0015fb18dc8 ffffd000
2be34319 ffffe001605db180 00000000
0718ec00 : NTFS!NtfsCheckFileRecord+0x162
ffffd0002be34140 fffff800
1e0cc16b : 00000000c00000d8 00000000
00000000 ffffe0015f407d20 ffffe001
61808380 : NTFS!NtfsReadMftRecord+0x27e
ffffd0002be34250 fffff800
1e0cbbe0 : ffffd0002be34360 ffffd000
2be2f000 ffffd0002be35000 fffff800
1e0d4c60 : NTFS!NtfsReadFileRecord+0x9b
ffffd0002be34360 fffff800
1e1121cd : 0000000000000000 00000000
00000002 ffffe0015fb18dc8 ffffc001
dee4a870 : NTFS!NtfsLookupInFileRecord+0x70
ffffd0002be34410 fffff800
1e111c3f : ffffd0002be346d0 ffffc001
da621010 ffffc001de3820a0 ffffc001
de3820a0 : NTFS!TxfReadTxfDataAttribute+0x7d
ffffd0002be344e0 fffff800
1e1b45e7 : ffffc001dee4a850 00000000
00000002 0000000000000000 ffffc001
da1d9010 : NTFS!TxfReadTxfEpoch+0x13
ffffd0002be34550 fffff800
1e09e276 : ffffe0015fb18dc8 ffffc001
da733d20 0000000000000000 0053002b
00000000 : NTFS!TxfPrepareFileForTxfLogging+0x6cb
ffffd0002be346c0 fffff800
1e09ced1 : 0000000000000001 ffffc001
da621010 000000001e000100 ffffc001
da621420 : NTFS!TxfOpenFileProcessing+0x476
ffffd0002be347e0 fffff800
1e09b29a : ffffe0015fb18dc8 ffffcf80
40b7ef20 0000000000000000 ffffc001
da621420 : NTFS!NtfsOpenAttribute+0x131
ffffd0002be34900 fffff800
1e09a875 : ffffd0002eeae180 00000000
00000003 ffffc001da621420 ffffc001
00000022 : NTFS!NtfsOpenExistingAttr+0x20a
ffffd0002be349d0 fffff800
1e0999ed : ffffd0002eeae180 ffffcf80
40b7ec10 ffffc001da621420 ffffe001
00000022 : NTFS!NtfsOpenAttributeInExistingFile+0x135
ffffd0002be34b90 fffff800
1e0c14ce : ffffe0015fb18dc8 ffffc001
da621010 ffffc001da621420 ffffc001
de714680 : NTFS!NtfsOpenExistingPrefixFcb+0x1ed
ffffd0002be34c80 fffff800
1e0c21aa : ffffe0015fb18dc8 ffffcf80
40b7ec10 ffffe0015fb18dc8 ffffd000
2be34eb0 : NTFS!NtfsFindStartingNode+0x58e
ffffd0002be34d40 fffff800
1e0c1c4d : ffffe0015fb18dc8 ffffcf80
40b7ec10 ffffd0002eeae180 ffffe001
5fb32403 : NTFS!NtfsCommonCreate+0x52a
ffffd0002be34f50 fffff801
949dcfe7 : ffffd0002eeae130 00000000
00000000 0000000000000000 0000007b
4d50ae50 : NTFS!NtfsCommonCreateCallout+0x1d
ffffd0002be34f80 fffff801
949dcfad : 0000000000006000 00000000
00000012 ffffd0002be35000 fffff801
949021e4 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ ffffd0002be34e40) ffffd000
2eeadf70 fffff801949021e4 : fffff801
00000006 0000000000006000 0004c338
00851000 0000000000000006 : nt!KiSwitchKernelStackContinue ffffd000
2eeadf90 fffff80194901f56 : 00000000
00000009 0000000000006000 00000000
00000000 ffffd0002eeae010 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x134 ffffd000
2eeae010 fffff80194901e1f : ffffe001
605db030 ffffd0002eeae130 00000000
00000001 ffffcf8040b7ec10 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6 ffffd000
2eeae070 fffff8001e0c53bd : 00000000
c00000d8 0000000000000000 ffffe001
5fb18dc8 ffffcf8040b7ec10 : nt!KeExpandKernelStackAndCalloutInternal+0x2f ffffd000
2eeae0c0 fffff80194fb8044 : ffffe001
605db030 ffffcf8040b7ec10 ffffd000
2eeae300 fffff80194fcea96 : NTFS!NtfsFsdCreate+0x1dd ffffd000
2eeae2e0 fffff801948a5ed2 : ffffe001
60d58010 0000000000000000 ffffcf80
40b7ec10 ffffe001607dbb00 : nt!IovCallDriver+0x3d8 ffffd000
2eeae340 fffff8001d6651c4 : ffffd000
2eeae449 ffffcf8040b7ec10 ffffe001
61b4a560 ffffe00161b4a5b8 : nt!IofCallDriver+0x72 ffffd000
2eeae380 fffff8001d69383a : ffffe001
605d4df0 ffffd0002eeae449 00000000
00000001 000000000012019f : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4 ffffd000
2eeae400 fffff80194fb8044 : ffffcf80
40b7ec01 ffffcf8040b7ec10 6d4e6f49
00000060 ffffe0015f93e658 : FLTMGR!FltpCreate+0x34a ffffd000
2eeae4b0 fffff801948a5ed2 : 00000000
00000006 ffffd0002eeae860 00000000
00000000 ffffe0015fe10db0 : nt!IovCallDriver+0x3d8 ffffd000
2eeae510 fffff80194cd8bc6 : 00000000
00000006 ffffd0002eeae860 00000000
00000000 ffffe00100000000 : nt!IofCallDriver+0x72 ffffd000
2eeae550 fffff80194ca9bc0 : fffff801
9488b000 fffff8019488b000 00000000
00000000 fffff80194cd8220 : nt!IopParseDevice+0x9a6 ffffd000
2eeae760 fffff80194ca7c2c : ffffe001
5fe0eb00 ffffd0002eeae958 00000000
00000240 ffffe0015e18fb00 : nt!ObpLookupObjectName+0x9f0 ffffd000
2eeae8d0 fffff80194d15e7c : 00000000
00000001 ffffe0015fc93830 ffffd000
2eeaeeb8 ffffd0002eeaeea8 : nt!ObOpenObjectByName+0x1ec ffffd000
2eeaea00 fffff80194d159d3 : ffffd000
2eeaf028 0000000000000008 ffffd000
2eeaeeb8 ffffd0002eeaeea8 : nt!IopCreateFile+0x38c ffffd000
2eeaeaa0 fffff8001d691222 : 00000000
00000000 ffffd0002eeaefc0 ffffe001
5f443000 0000000000000000 : nt!IoCreateFileEx+0x103 ffffd000
2eeaeb30 fffff8001d691040 : ffffe001
5fc83520 ffffd0002eeaeef8 ffffd000
2eeaf028 ffffd0002eeaefc0 : FLTMGR!FltpCreateFile+0x1a6 ffffd000
2eeaec30 fffff8001d6b1aa7 : ffffe001
5fc83520 ffffe0015fc83520 ffffd000
2eeaf028 ffffd0002eeaefc0 : FLTMGR!FltCreateFileEx2+0xd0 ffffd000
2eeaed50 fffff800203c3179 : ffffe001
5fe0f428 ffffe00161694ac0 00000000
00000016 ffffe001`61bd61a0 : FLTMGR!FltvCreateFileEx2+0x117
Reentrancy issue?