Bugcheck during FltQueryInformationFile call targeted to RdpDr redirector.

Hi,

In PreCreateCallback I filter request targeted to RdpDr redirector. I call
FltCreateFile() and ObReferenceObjectByHandle(). Then I use the obtained
FileObject in the call to FltQueryInformationFile() for standardinformation
and the system bugcheck. The parameters for the create and the file being
opened are not relevant for the crash.

I have found that RdpDr bugcheck in rdpdr!RxLowIoCompletionTail+0x2d due to
call 0. When trying to complete the RxContext it seems that
RxContext.LowIoContext.CompletionRoutine = NULL. I don´t see a
rdpdr!RxLowIoSubmit call for this RxContext, although the RX_CONTEXT fields
i have checked (Info.FileInformationClass, CurrentIrpSp, RealDevice,
CurrentIrp, MajorFunction, etc. ) are OK.

Is there any bug in RdpDr redirector?

f4934284 f809e33d 82256a00 82256a00 81ed2c90
rdpdr!RxLowIoCompletionTail+0x2d
f4934298 f8081d26 82256a00 f49342c8 f80820a5 rdpdr!RxLowIoCompletion+0x3f
f49342a4 f80820a5 82256a00 00000000 00000016
rdpdr!DrDevice::CompleteRxContext+0x2a
f49342c8 f807934d f493430c 00000000 00000016
rdpdr!DrDevice::CompleteBusyExchange+0x4d
f49342f8 f808298d e2aae9c0 8220ba20 f4934370
rdpdr!DrDrive::OnQueryFileInfoCompletion+0x2a5
f493431c f807f6f5 e2aae9c0 0000002a f4934370
rdpdr!DrDevice::OnDeviceIoCompletion+0xa9
f493433c f807f8b2 e2aae9c0 0000002a f4934370
rdpdr!DrExchangeManager::OnDeviceIoCompletion+0x55
f4934350 f808053f e2aae9c0 0000002a f4934370
rdpdr!DrExchangeManager::HandlePacket+0x26
f493437c f807fe62 00000000 82317fdb 82317f68
rdpdr!DrSession::ReadCompletion+0xc5
f4934394 804e42cc 00000000 82317f68 82181c80
rdpdr!DrSession::ReadCompletionRoutine+0x38
f49343c4 f8677864 81f4b858 00000000 e1280008 nt!IopfCompleteRequest+0xa2
f4934400 f867846b 81f4b858 00000005 00000000
termdd!IcaChannelInputInternal+0x1f4
f4934428 f4c7b908 81eddb6c 00000005 00000000 termdd!IcaChannelInput+0x41
f493445c f4c75af5 e1280008 00e65526 00000032 RDPWD!WDW_OnDataReceived+0x180
f4934484 f4c75919 e128082c e1081664 f4934400
RDPWD!SM_MCSSendDataCallback+0x12d
f49344ec f4c75740 00000045 f4934524 0000004c
RDPWD!HandleAllSendDataPDUs+0x155
f4934508 f4c7461e 00000045 f4934524 806ee720 RDPWD!RecognizeMCSFrame+0x32
f4934530 f867b5eb e1280008 00000000 81e65558 RDPWD!MCSIcaRawInput+0x318
f4934550 f88501e5 8216adb4 00000000 81e6550c termdd!IcaRawInput+0x53
f4934d90 f867a235 81e653c0 00000000 81e65740 TDTCP!TdInputThread+0x36f

Thanks,
mK


Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Yes, this is a known bug in RDPDR. Is does not properly handle an asynchronous query information request which is what filter manager generates.

You can work around this for now by generating your own query information call and setting the IRP_SYNCHRONOUS_API flag. Below is a routine that shows you how to do this that solves the problem. This problem in RDPDR will be fixed in Longhorn.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no rights

NTSTATUS
MySynchronousQueryInformationFile (
IN PFLT_INSTANCE Instance,
IN PFILE_OBJECT FileObject,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass,
OUT PULONG LengthReturned OPTIONAL
)

/*++

Routine Description:

This routine returns the requested information about a specified file.
The information returned is determined by the FileInformationClass that
is specified, and it is placed into the caller’s FileInformation buffer.

Arguments:

Instance - Supplies the Instance initiating this IO.

FileObject - Supplies the file object about which the requested
information should be returned.

FileInformationClass - Specifies the type of information which should be
returned about the file.

Length - Supplies the length, in bytes, of the FileInformation buffer.

FileInformation - Supplies a buffer to receive the requested information
returned about the file. This must be a buffer allocated from kernel
space.

LengthReturned - the number of bytes returned if the operation was
successful.

Return Value:

The status returned is the final completion status of the operation.

–*/

{
PFLT_CALLBACK_DATA data;
NTSTATUS status;

PAGED_CODE();

status = FltAllocateCallbackData( Instance, FileObject, &data );

if (!NT_SUCCESS( status )) {

return status;
}

//
// Fill out callback data
//

data->Iopb->MajorFunction = IRP_MJ_QUERY_INFORMATION;
data->Iopb->Parameters.QueryFileInformation.FileInformationClass = FileInformationClass;
data->Iopb->Parameters.QueryFileInformation.Length = Length;
data->Iopb->Parameters.QueryFileInformation.InfoBuffer = FileInformation;
data->Iopb->IrpFlags = IRP_SYNCHRONOUS_API;

FltPerformSynchronousIo( data );

//
// Return Results
//

status = data->IoStatus.Status;

if (NT_SUCCESS( status ) &&
ARGUMENT_PRESENT(LengthReturned)) {

*LengthReturned = (ULONG) data->IoStatus.Information;
}

FltFreeCallbackData( data );

return status;
}

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Misha Karpin
Sent: Friday, February 25, 2005 7:01 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Bugcheck during FltQueryInformationFile call targeted to RdpDr redirector.

Hi,

In PreCreateCallback I filter request targeted to RdpDr redirector. I call
FltCreateFile() and ObReferenceObjectByHandle(). Then I use the obtained
FileObject in the call to FltQueryInformationFile() for standardinformation
and the system bugcheck. The parameters for the create and the file being
opened are not relevant for the crash.

I have found that RdpDr bugcheck in rdpdr!RxLowIoCompletionTail+0x2d due to
call 0. When trying to complete the RxContext it seems that
RxContext.LowIoContext.CompletionRoutine = NULL. I don?t see a
rdpdr!RxLowIoSubmit call for this RxContext, although the RX_CONTEXT fields
i have checked (Info.FileInformationClass, CurrentIrpSp, RealDevice,
CurrentIrp, MajorFunction, etc. ) are OK.

Is there any bug in RdpDr redirector?

f4934284 f809e33d 82256a00 82256a00 81ed2c90
rdpdr!RxLowIoCompletionTail+0x2d
f4934298 f8081d26 82256a00 f49342c8 f80820a5 rdpdr!RxLowIoCompletion+0x3f
f49342a4 f80820a5 82256a00 00000000 00000016
rdpdr!DrDevice::CompleteRxContext+0x2a
f49342c8 f807934d f493430c 00000000 00000016
rdpdr!DrDevice::CompleteBusyExchange+0x4d
f49342f8 f808298d e2aae9c0 8220ba20 f4934370
rdpdr!DrDrive::OnQueryFileInfoCompletion+0x2a5
f493431c f807f6f5 e2aae9c0 0000002a f4934370
rdpdr!DrDevice::OnDeviceIoCompletion+0xa9
f493433c f807f8b2 e2aae9c0 0000002a f4934370
rdpdr!DrExchangeManager::OnDeviceIoCompletion+0x55
f4934350 f808053f e2aae9c0 0000002a f4934370
rdpdr!DrExchangeManager::HandlePacket+0x26
f493437c f807fe62 00000000 82317fdb 82317f68
rdpdr!DrSession::ReadCompletion+0xc5
f4934394 804e42cc 00000000 82317f68 82181c80
rdpdr!DrSession::ReadCompletionRoutine+0x38
f49343c4 f8677864 81f4b858 00000000 e1280008 nt!IopfCompleteRequest+0xa2
f4934400 f867846b 81f4b858 00000005 00000000
termdd!IcaChannelInputInternal+0x1f4
f4934428 f4c7b908 81eddb6c 00000005 00000000 termdd!IcaChannelInput+0x41
f493445c f4c75af5 e1280008 00e65526 00000032 RDPWD!WDW_OnDataReceived+0x180
f4934484 f4c75919 e128082c e1081664 f4934400
RDPWD!SM_MCSSendDataCallback+0x12d
f49344ec f4c75740 00000045 f4934524 0000004c
RDPWD!HandleAllSendDataPDUs+0x155
f4934508 f4c7461e 00000045 f4934524 806ee720 RDPWD!RecognizeMCSFrame+0x32
f4934530 f867b5eb e1280008 00000000 81e65558 RDPWD!MCSIcaRawInput+0x318
f4934550 f88501e5 8216adb4 00000000 81e6550c termdd!IcaRawInput+0x53
f4934d90 f867a235 81e653c0 00000000 81e65740 TDTCP!TdInputThread+0x36f

Thanks,
mK


Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com