Hi there,
I am a novice .Would you like to help me?
I have three basic questions.
Thanks a million!
Best regards,
Andy Hao
‘Alertable’ is a per-thread boolean attribute that indicates whether or
not a USER-MODE APC can be delivered to the thread. A thread is only
made alertable while waiting on a dispatcher object, and only if the
appropriate parameters were specified. If a user-mode APC is
successfully delivered, the wait is aborted immediately, but the APC is
executed only after the thread returns to user-mode. This happens
immediately if a thread has called WaitForXXX() in user-mode, for
example, but if a thread has called KeWaitForSingleObject in
kernel-mode, say as a result of an IOCTL call from an app, it must
return all the way back up into user-mode for the execution to happen.
KERNEL-MODE APCs are different beasts, however, and their delivery is
not affected by the alertable state of the thread.
This MSDN article explains things in much more detail:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/
hh/kmarch/synchro_1oo7.asp
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andy Hao
Sent: Sunday, April 13, 2003 9:12 PM
To: NT Developers Interest List
Subject: [ntdev] APC questionHi there,
I am a novice .Would you like to help me?
I have three basic questions.
- What on the earth is the “alertable state” of thread? Its
characteristics ? 2. when does the APC interrupt happen? 3.
what routine will issue the APC interrupt ? 4. What is the
mechanism of APC in kernel ?Thanks a million!
Best regards,
Andy Hao
You are currently subscribed to ntdev as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
> 1. What on the earth is the “alertable state” of thread? Its
characteristics ?
This means that KeWaitForSingleObject can be interrupted by thread
alertion, which is usually the case when an APC is delivered for a
thread.
In this case, KeWaitForSingleObject returns STATUS_ALERTED or
STATUS_USER_APC, and you must be prepared to handle this - usually by
returning from your driver ASAP.
- What is the mechanism of APC in kernel ?
There are 3 kinds of APCs - user APCs queued by QueueUserApc, kernel
APCs, and “special kernel APC” which is IIRC IopCompleteRequest only.
Process and thread termination and suspend are also delivered as
user APCs, though they execute in kernel mode.
User APC is executed on returning from kernel mode to user mode, one
by one. Since the system thread cannot do this, and thread termination
or suspend is a user APC, the system thread cannot be terminated
externally and cannot be suspended.
After the user-mode routine for a user APC is called by
ntdll!KiUserApcDispatcher, KiUserApcDispatcher calls the NtContinue
syscall which continues the user APC queue unwind. After the queue is
done, the usual thread execution is resumed.
Kernel APC is executed at the first moment after it is scheduled,
provided the IRQL is PASSIVE_LEVEL and KeEnterCriticalRegion was not
called.
Special kernel APC - IopCompleteRequest - is executed at the first
moment after it is scheduled, provided the IRQL is PASSIVE_LEVEL.
KeEnterCriticalRegion does not block special kernel APCs, only raising
to APC_LEVEL does.
Fast mutex raises to APC_LEVEL (unless the xxxUnsafe function is
called), thus blocking all APCs. This means that Irp->UserEvent will
not be signaled, since it is signaled by IopCompleteRequest APC. So,
you cannot call ZwxxxFile function and wait on the event specified to
it on APC_LEVEL, which is turn means that you must not call ZwxxxFile
on APC_LEVEL.
As about whether the APC queueing to the thread will interrupt
KeWaitForxxx - it depends on Alertable and ProcessorMode parameters to
KeWaitForxxx. This is documented on MSDN.
Max
Hello,
For an in-depth explanation on how APCs are implemented and used check out my paper “Inside NT’s Asynchronous Procedure Call” in the November 2002 issue of Windows Developer Magazine at www.wdj.com/wdm.
Regards,
Albert Almeida
If you want an example or two of an APC, look at APCDrv.zip at
http://home.mindspring.com/~antognini/drivers/.
–
If replying by e-mail, please remove “nospam.” from the address.
James Antognini