Transacted vs not transacted and sharings

Hi,

I have a scenario in which I have a minifilter been loaded on demand. Once loaded, I can see transacted mj writes to a file (the create was made before mi filter loaded). In pre-write, I want to open the destination file with read options so that I can read file outside the transaction state. I’m using FltCreateFileEx2 with ignore_sharings, but the open is failing with sharing_violation.

RetVal = FltCreateFileEx2(Filter, Instance, hOutTxFile, OutTxFO, FILE_READ_DATA, &ObjAttrib, &IOStatus, &Data->Iopb->Parameters.Create.AllocationSize, Data->Iopb->Parameters.Create.FileAttributes, FILE_SHARE_VALID_FLAGS, CreateDisposition, CreateOptions, Data->Iopb->Parameters.Create.EaBuffer, Data->Iopb->Parameters.Create.EaLength, IO_IGNORE_SHARE_ACCESS_CHECK, NULL);

Is there anyway in which I can bypass the FS sharing checks so that I can “see” the two states of the file (the transacted state and the not transacted state)? I have even made some proves, loading my driver first, so in mj create I will open the file not transacted for read, but later the transacted open fails for the application. If I close the file handle but maintain a reference to the FO, the subsecuent open transacted success for the application, but then my fltread fails…

Thx!

According to the transactional locking table here your open for read should
be allowed:

https://msdn.microsoft.com/en-us/library/windows/desktop/dd979526(v=vs.85).aspx

Casual FileTest experiment on Windows 10 RS1 confirms the table is accurate.
Which OS is this on?

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntfsd…

Hi,

I have a scenario in which I have a minifilter been loaded on demand. Once
loaded, I can see transacted mj writes to a file (the create was made before
mi filter loaded). In pre-write, I want to open the destination file with
read options so that I can read file outside the transaction state. I’m
using FltCreateFileEx2 with ignore_sharings, but the open is failing with
sharing_violation.

RetVal = FltCreateFileEx2(Filter, Instance, hOutTxFile, OutTxFO,
FILE_READ_DATA, &ObjAttrib, &IOStatus,
&Data->Iopb->Parameters.Create.AllocationSize,
Data->Iopb->Parameters.Create.FileAttributes, FILE_SHARE_VALID_FLAGS,
CreateDisposition, CreateOptions, Data->Iopb->Parameters.Create.EaBuffer,
Data->Iopb->Parameters.Create.EaLength, IO_IGNORE_SHARE_ACCESS_CHECK, NULL);

Is there anyway in which I can bypass the FS sharing checks so that I can
“see” the two states of the file (the transacted state and the not
transacted state)? I have even made some proves, loading my driver first, so
in mj create I will open the file not transacted for read, but later the
transacted open fails for the application. If I close the file handle but
maintain a reference to the FO, the subsecuent open transacted success for
the application, but then my fltread fails…

Thx!

Sorry, you are right. I was doing different test doing CTRL+SHIFT+I with windbg and changing parameters and probably I left some opened handle.

BTW, I’ve beeing playing a little bit with transactions and I have a deadlock scenario, which I’m not sure if can be a bug in NTFS:

In post-create, I filter all operations, except when notepad.exe opens a .txt file. When notepad opens a txt, I try to open that same txt file, this way:

txnBlock.Length = sizeof(txnBlock);
txnBlock.TransactionObject = MyTransactionObject;
txnBlock.TxFsContext = TXF_MINIVERSION_DEFAULT_VIEW;

IoInitializeDriverCreateContext(&CreateContext);
CreateContext.TxnParameters = &txnBlock;

RetVal = FltCreateFileEx2(Filter, Instance, &hFile, &MyFO,
Data->Iopb->Parameters.Create.SecurityContext->DesiredAccess, &ObjAttrib, &IOStatus, &Data->Iopb->Parameters.Create.AllocationSize, Data->Iopb->Parameters.Create.FileAttributes, FILE_SHARE_VALID_FLAGS, CreateDisposition, CreateOptions,
Data->Iopb->Parameters.Create.EaBuffer, Data->Iopb->Parameters.Create.EaLength, IO_IGNORE_SHARE_ACCESS_CHECK, &CreateContext);

if (hFile){

FltClose(hFile);
}

If call success, I close the handle, but I’m keeping the reference to the object. Notepad then closes the file, but Mm o whoever is maintaining a reference to the Top FO, so I’m also maintaining my reference to my transacted FO.

Later I try to save the txt, so notepad issues a new mj_create, in the post, the above code is again executed and it gets deadlocked in the FltCreateFileEx2 call…

This is the output from !locks:

0: kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks…

Resource @ 0xffffe0015f8adb80 Exclusively owned
Contention Count = 5
Threads: ffffe0015f744840-01<*>

Resource @ 0xffffe0015f8adc30 Exclusively owned
Contention Count = 121
Threads: ffffe0015f744840-01<*>
KD: Scanning for held locks…

Resource @ 0xffffe0016114d260 Exclusively owned
Contention Count = 23
Threads: ffffe0015f744840-01<*>
KD: Scanning for held locks.
14905 total locks, 3 locks currently held

And finally:

!thread ffffe0015f744840

1: kd> !thread ffffe0015f744840
THREAD ffffe0015f744840 Cid 0fc0.09b0 Teb: 00007ff685f4d000 Win32Thread: ffffe00161a710e0 RUNNING on processor 0
IRP List:
ffffcf8040b7ec10: (0006,03e8) Flags: 40000884 Mdl: 00000000
ffffcf8041112c10: (0006,03e8) Flags: 40000884 Mdl: 00000000
Not impersonating
DeviceMap ffffc001d97c6a60
Owning Process ffffe0016181e080 Image: notepad.exe
Attached Process N/A Image: N/A
Wait Start TickCount 2061069 Ticks: 0
Context Switch Count 1479 IdealProcessor: 0
UserTime 00:00:00.031
KernelTime 00:00:30.859
Win32 Start Address 0x00007ff686c94030
Stack Init ffffd0002be34fd0 Current ffffd0002be33660
Base ffffd0002be35000 Limit ffffd0002be2f000 Call 0
Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd0002be340b0 fffff8001e0cc4ee : ffffe0015fb18dc8 ffffd0002be34319 ffffe001605db180 000000000718ec00 : NTFS!NtfsCheckFileRecord+0x162
ffffd0002be34140 fffff8001e0cc16b : 00000000c00000d8 0000000000000000 ffffe0015f407d20 ffffe00161808380 : NTFS!NtfsReadMftRecord+0x27e
ffffd0002be34250 fffff8001e0cbbe0 : ffffd0002be34360 ffffd0002be2f000 ffffd0002be35000 fffff8001e0d4c60 : NTFS!NtfsReadFileRecord+0x9b
ffffd0002be34360 fffff8001e1121cd : 0000000000000000 0000000000000002 ffffe0015fb18dc8 ffffc001dee4a870 : NTFS!NtfsLookupInFileRecord+0x70
ffffd0002be34410 fffff8001e111c3f : ffffd0002be346d0 ffffc001da621010 ffffc001de3820a0 ffffc001de3820a0 : NTFS!TxfReadTxfDataAttribute+0x7d
ffffd0002be344e0 fffff8001e1b45e7 : ffffc001dee4a850 0000000000000002 0000000000000000 ffffc001da1d9010 : NTFS!TxfReadTxfEpoch+0x13
ffffd0002be34550 fffff8001e09e276 : ffffe0015fb18dc8 ffffc001da733d20 0000000000000000 0053002b00000000 : NTFS!TxfPrepareFileForTxfLogging+0x6cb
ffffd0002be346c0 fffff8001e09ced1 : 0000000000000001 ffffc001da621010 000000001e000100 ffffc001da621420 : NTFS!TxfOpenFileProcessing+0x476
ffffd0002be347e0 fffff8001e09b29a : ffffe0015fb18dc8 ffffcf8040b7ef20 0000000000000000 ffffc001da621420 : NTFS!NtfsOpenAttribute+0x131
ffffd0002be34900 fffff8001e09a875 : ffffd0002eeae180 0000000000000003 ffffc001da621420 ffffc00100000022 : NTFS!NtfsOpenExistingAttr+0x20a
ffffd0002be349d0 fffff8001e0999ed : ffffd0002eeae180 ffffcf8040b7ec10 ffffc001da621420 ffffe00100000022 : NTFS!NtfsOpenAttributeInExistingFile+0x135
ffffd0002be34b90 fffff8001e0c14ce : ffffe0015fb18dc8 ffffc001da621010 ffffc001da621420 ffffc001de714680 : NTFS!NtfsOpenExistingPrefixFcb+0x1ed
ffffd0002be34c80 fffff8001e0c21aa : ffffe0015fb18dc8 ffffcf8040b7ec10 ffffe0015fb18dc8 ffffd0002be34eb0 : NTFS!NtfsFindStartingNode+0x58e
ffffd0002be34d40 fffff8001e0c1c4d : ffffe0015fb18dc8 ffffcf8040b7ec10 ffffd0002eeae180 ffffe0015fb32403 : NTFS!NtfsCommonCreate+0x52a
ffffd0002be34f50 fffff801949dcfe7 : ffffd0002eeae130 0000000000000000 0000000000000000 0000007b4d50ae50 : NTFS!NtfsCommonCreateCallout+0x1d
ffffd0002be34f80 fffff801949dcfad : 0000000000006000 0000000000000012 ffffd0002be35000 fffff801949021e4 : nt!KxSwitchKernelStackCallout+0x27 (TrapFrame @ ffffd0002be34e40) ffffd0002eeadf70 fffff801949021e4 : fffff80100000006 0000000000006000 0004c33800851000 0000000000000006 : nt!KiSwitchKernelStackContinue ffffd0002eeadf90 fffff80194901f56 : 0000000000000009 0000000000006000 0000000000000000 ffffd0002eeae010 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x134 ffffd0002eeae010 fffff80194901e1f : ffffe001605db030 ffffd0002eeae130 0000000000000001 ffffcf8040b7ec10 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xa6 ffffd0002eeae070 fffff8001e0c53bd : 00000000c00000d8 0000000000000000 ffffe0015fb18dc8 ffffcf8040b7ec10 : nt!KeExpandKernelStackAndCalloutInternal+0x2f ffffd0002eeae0c0 fffff80194fb8044 : ffffe001605db030 ffffcf8040b7ec10 ffffd0002eeae300 fffff80194fcea96 : NTFS!NtfsFsdCreate+0x1dd ffffd0002eeae2e0 fffff801948a5ed2 : ffffe00160d58010 0000000000000000 ffffcf8040b7ec10 ffffe001607dbb00 : nt!IovCallDriver+0x3d8 ffffd0002eeae340 fffff8001d6651c4 : ffffd0002eeae449 ffffcf8040b7ec10 ffffe00161b4a560 ffffe00161b4a5b8 : nt!IofCallDriver+0x72 ffffd0002eeae380 fffff8001d69383a : ffffe001605d4df0 ffffd0002eeae449 0000000000000001 000000000012019f : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2a4 ffffd0002eeae400 fffff80194fb8044 : ffffcf8040b7ec01 ffffcf8040b7ec10 6d4e6f4900000060 ffffe0015f93e658 : FLTMGR!FltpCreate+0x34a ffffd0002eeae4b0 fffff801948a5ed2 : 0000000000000006 ffffd0002eeae860 0000000000000000 ffffe0015fe10db0 : nt!IovCallDriver+0x3d8 ffffd0002eeae510 fffff80194cd8bc6 : 0000000000000006 ffffd0002eeae860 0000000000000000 ffffe00100000000 : nt!IofCallDriver+0x72 ffffd0002eeae550 fffff80194ca9bc0 : fffff8019488b000 fffff8019488b000 0000000000000000 fffff80194cd8220 : nt!IopParseDevice+0x9a6 ffffd0002eeae760 fffff80194ca7c2c : ffffe0015fe0eb00 ffffd0002eeae958 0000000000000240 ffffe0015e18fb00 : nt!ObpLookupObjectName+0x9f0 ffffd0002eeae8d0 fffff80194d15e7c : 0000000000000001 ffffe0015fc93830 ffffd0002eeaeeb8 ffffd0002eeaeea8 : nt!ObOpenObjectByName+0x1ec ffffd0002eeaea00 fffff80194d159d3 : ffffd0002eeaf028 0000000000000008 ffffd0002eeaeeb8 ffffd0002eeaeea8 : nt!IopCreateFile+0x38c ffffd0002eeaeaa0 fffff8001d691222 : 0000000000000000 ffffd0002eeaefc0 ffffe0015f443000 0000000000000000 : nt!IoCreateFileEx+0x103 ffffd0002eeaeb30 fffff8001d691040 : ffffe0015fc83520 ffffd0002eeaeef8 ffffd0002eeaf028 ffffd0002eeaefc0 : FLTMGR!FltpCreateFile+0x1a6 ffffd0002eeaec30 fffff8001d6b1aa7 : ffffe0015fc83520 ffffe0015fc83520 ffffd0002eeaf028 ffffd0002eeaefc0 : FLTMGR!FltCreateFileEx2+0xd0 ffffd0002eeaed50 fffff800203c3179 : ffffe0015fe0f428 ffffe00161694ac0 0000000000000016 ffffe001`61bd61a0 : FLTMGR!FltvCreateFileEx2+0x117

Reentrancy issue?