Hi:
I’m writing a file system driver for W2K, and have come across two very
strange (to my mind) examples of cache manager behavior.
In the first, I’m calling CcPinRead() on a FileObject I created with
IoCreateStreamFileObject(). CcPinRead(), as expected, sends a
(non-buffered) Read IRP to my driver, which I end up failing (too
complicated to go into, but I’m expecting this in this case). In this case,
I would expect either:
* CcPinRead() would return FALSE
* CcPinRead() would throw an exception
However, to my dismay, neither is happening. CcPinRead() returns TRUE, but
my Buffer pointer points to garbage. Does anyone out there have a clue as
to why this is, and how I can detect failure without explicitly having to
probe the address returned by this function?
The second case deals with CcPurgeCacheSection(). I observed this behavior:
* I call CcPurgeCacheSection() using the SectionObjectPointers from an
FCB for a file stream.
* CcPurgeCacheSection() sends a Close IRP to my driver for the
FileObject it has kept a reference to.
* This turns out to be the last outstanding reference to this FCB, so
during the Close I delete the FCB. This in turn frees the memory for the
SectionObjectPointers that I’ve sent to CcPurgeCacheSection().
* CcPurgeCacheSection() then calls MmCanFileBeTruncated(), sending it
the same SectionObjectPointers, which have now been freed. This causes a
page fault.
It seems to me that the cache manager should be aware that, once it sends a
Close IRP for its FileObject, then the SectionObjectPointers that were
handed to CcPurgeCacheSection() are now off limits. Am I off target here?
Thanks in advance for any clues that you can provide.
Curt Wohlgemuth
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com