The documentation is perhaps not as cautionary as it should be on this topic. Essentially no system APIs can be safely called from an NMI callback (including but not limited to: acquiring locks, queueing a DPC, etc.), because an NMI can interrupt any code, even code that holds an interrupts-disabled or HIGH_LEVEL lock.
Since an NMI can interrupt anything (and there is almost no code that can safely be called from an NMI callback), synchronizing with any code that is called to handle an NMI without risk of deadlock etc. is difficult and cumbersome, not to mention that NMI code typically cannot be debugged in typical fashion, as the debugger itself relies on NMIs to function (at least on AMD64).
Unless something very special-purpose such as a debugging watchdog to catch, say, a hung system is being implemented, NMIs are best avoided.
From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Monday, November 27, 2017 3:41:26 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Handle NMI interrupt in Device driver
PVOID KeRegisterNmiCallback(
In PNMI_CALLBACK CallbackRoutine,
In_opt PVOID Context
);
Read the docs on how to use it.
Mark Roddy
On Sun, Nov 26, 2017 at 3:52 PM, xxxxx@hotmail.commailto:xxxxx > wrote:
> Can you please tell if this is wise step to use NMI ?
Well, apparently, not…
NMI in itself is meant to be used either for indicating critical hardware failures that require immediate attention from the system (like, for example, parity error detected by the memory controller), or for breaking into the system by means of kernel debugger (i.e. signaling it via NMI pin) when no other option is available because of some irrecoverable system software bug. For example, if CPU executes HLT instruction (or just goes into an infinite loop) while interrupts are disabled, NMI is the only way one may get the system back.
Although Linux uses NMI for watchdog timers and performance counters, in the Windows world NMI is, IIRC, firmly associated with irrecoverable system failures and always results in bugchecking. You can check the following article for more details
https://support.microsoft.com/en-us/help/2750146/nmi-hardware-failure-error-when-an-nmi-is-triggered-on-windows-8-and-whttps:
Therefore, using NMI option is obviously unwise in the Windows world unless bugchcking is your intended behavior (i.e. you want to use it for diagnostic purposes)
Anton Bassov
—
NTDEV is sponsored by OSR
Visit the list online at: http:>
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:>
To unsubscribe, visit the List Server section of OSR Online at http:>
— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></https:></mailto:xxxxx>