Hi Steve,
Well, my code is based of the DDK sample ( cancel.c ), following are some snippets of my code ( Lock aquasition is in bold ):
NTSTATUS IrpQueue::Insert(PIRP Irp)
{
IoCsqInsertIrp(&m_CsqEx, Irp, NULL);
return STATUS_SUCCESS;
}
NTSTATUS IrpQueue::Remove(PIRP &pIrp)
{
pIrp = IoCsqRemoveNextIrp(&m_CsqEx, NULL);
return pIrp ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
}
VOID IrpQueue::CsqInsertIrp(PIO_CSQ Csq, PIRP Irp)
{
IO_CSQ_EX* pCsqEx = (IO_CSQ_EX*)Csq;
InsertTailList(&pCsqEx->pThis->m_Queue, &Irp->Tail.Overlay.ListEntry);
pCsqEx->pThis->m_ulMessageCount++;
}
VOID IrpQueue::CsqRemoveIrp(PIO_CSQ Csq, PIRP Irp)
{
IO_CSQ_EX* pCsqEx = (IO_CSQ_EX*)Csq;
if(0 == pCsqEx->pThis->m_ulMessageCount)
return;
RemoveEntryList(&Irp->Tail.Overlay.ListEntry);
pCsqEx->pThis->m_ulMessageCount–;
}
PIRP IrpQueue::CsqPeekNextIrp(PIO_CSQ Csq, PIRP Irp, PVOID PeekContext)
{
PIRP nextIrp = NULL;
PLIST_ENTRY nextEntry;
PLIST_ENTRY listHead;
PIO_STACK_LOCATION irpStack;
IO_CSQ_EX* pCsqEx = (IO_CSQ_EX*)Csq;
listHead = &pCsqEx->pThis->m_Queue;
// If the IRP is NULL, we will start peeking from the listhead, else
// we will start from that IRP onwards. This is done under the
// assumption that new IRPs are always inserted at the tail.
if(Irp == NULL)
nextEntry = listHead->Flink;
else
nextEntry = Irp->Tail.Overlay.ListEntry.Flink;
while(nextEntry != listHead)
{
nextIrp = CONTAINING_RECORD(nextEntry, IRP, Tail.Overlay.ListEntry);
irpStack = IoGetCurrentIrpStackLocation(nextIrp);
// If context is present, continue until you find a matching one.
// Else you break out as you got next one.
if(PeekContext)
{
if(irpStack->FileObject == (PFILE_OBJECT) PeekContext)
break;
}
else
break;
nextIrp = NULL;
nextEntry = nextEntry->Flink;
}
return nextIrp;
}
VOID IrpQueue::CsqAcquireLock(PIO_CSQ Csq, PKIRQL Irql)
{
IO_CSQ_EX* pCsqEx = (IO_CSQ_EX*)Csq;
KeAcquireSpinLock(&pCsqEx->pThis->m_QueueLock, Irql);
}
VOID IrpQueue::CsqReleaseLock(PIO_CSQ Csq, KIRQL Irql)
{
IO_CSQ_EX* pCsqEx = (IO_CSQ_EX*)Csq;
KeReleaseSpinLock(&pCsqEx->pThis->m_QueueLock, Irql);
}
VOID IrpQueue::CsqCompleteCanceledIrp(PIO_CSQ Csq, PIRP Irp)
{
Irp->IoStatus.Status = STATUS_CANCELLED;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
}
Steve Dispensa wrote:
It’s not going to be pageable unless you make it so. Don’t worry about that. Can you post some code from your lock acquisition and release callbacks?
There are CSQ samples in the DDK that may provide some guidance.
-sd
On Oct 26, 2005, at 10:49 AM, Nadav wrote:
Hi Steve, thanks for your responce, I don’t mark any of my code as pageable, I guess the default state of a driver code is non-pageable… How can I verify it ???
Naddav.
Steve Dispensa wrote:
What kind of locking are you using for the CsqAcquireLock() and CsqReleaseLock() callbacks? If you’re at raised irql (DISPATCH_LEVEL in this case), you need to be sure you’re using spin locks and that the lock code is resident (i.e. not market pageable by a pragma or something).
Incidentally, 5112 prefast complains (wrongly) about the lock acquisition and release in the CSQ callbacks (acquired resource leaked…).
-sd
On Oct 26, 2005, at 6:19 AM, Nadav wrote:
Hi,
I my driver queue IRP requests to a CSQ, these IRPs are extracted and used by the driver occasionally, at certain scenarios I get an DRIVER_IRQL_NOT_LESS_OR_EQUAL BugCheck from within [d:\dnsrv\base\ntos\io\iomgr\cancelapi.c @ 99], it seems as it somehow related to my IrpCanelation callback ( although the exception is generated BEFORE the cancellation routine is called ).
I really don’t know what to figure out of it… is there any restriction for the IRQLs that a CSQ should use? ( I couldn’t find any )
Following is the Dump I as provided by WinDbg.
Any help would be appreciated.
Naddav.
kd> !analyze -v
Bugcheck Analysis
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 82330fd8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b9f23e43, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 82330fd8
CURRENT_IRQL: 2
FAULTING_IP:
SETSDriver!IopCsqCancelRoutine+3f [d:\dnsrv\base\ntos\io\iomgr\cancelapi.c @ 99]
b9f23e43 ff5608 call dword ptr [esi+0x8]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 808157c7 to b9f23e43
TRAP_FRAME: b9fb1bc8 – (.trap ffffffffb9fb1bc8)
ErrCode = 00000000
eax=00000001 ebx=81a60f68 ecx=00000041 edx=b9fb1c5c esi=82330fd0 edi=82330fd0
eip=b9f23e43 esp=b9fb1c3c ebp=b9fb1c50 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
SETSDriver!IopCsqCancelRoutine+0x3f:
b9f23e43 ff5608 call dword ptr [esi+0x8] ds:0023:82330fd8=???
Resetting default scope
STACK_TEXT:
b9fb1c50 808157c7 f9f90e30 81a60f01 fb5e3228 SETSDriver!IopCsqCancelRoutine+0x3f [d:\dnsrv\base\ntos\io\iomgr\cancelapi.c @ 99]
b9fb1c68 808f932a 81a60f68 fd6bf020 00000000 nt!IoCancelIrp+0x64
b9fb1c90 8090aa3a fb5e3020 fb5e3020 fb5e3260 nt!IoCancelThreadIo+0x36
b9fb1d18 8090a8aa 00000000 00000000 fb5e3020 nt!PspExitThread+0x466
b9fb1d30 80915cb4 fb5e3020 00000000 00000001 nt!PspTerminateThreadByPointer+0x4b
b9fb1d54 8082337b 00000000 00000000 01e8ffb8 nt!NtTerminateThread+0x71
b9fb1d54 7c82ed54 00000000 00000000 01e8ffb8 nt!KiFastCallEntry+0xf8
01e8ff9c 7c822044 77e661c0 00000000 00000000 ntdll!KiFastSystemCallRet
01e8ffa0 77e661c0 00000000 00000000 00000000 ntdll!ZwTerminateThread+0xc
01e8ffb8 77e66068 00000000 00000000 00000000 kernel32!ExitThread+0x41
01e8ffec 00000000 031563c0 0016bed8 00000000 kernel32!BaseThreadStart+0x39
FOLLOWUP_IP:
SETSDriver!IopCsqCancelRoutine+3f [d:\dnsrv\base\ntos\io\iomgr\cancelapi.c @ 99]
b9f23e43 ff5608 call dword ptr [esi+0x8]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: SETSDriver!IopCsqCancelRoutine+3f
MODULE_NAME: SETSDriver
IMAGE_NAME: SETSDriver.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 435f3548
STACK_COMMAND: .trap ffffffffb9fb1bc8 ; kb
FAILURE_BUCKET_ID: 0xD1_VRF_SETSDriver!IopCsqCancelRoutine+3f
BUCKET_ID: 0xD1_VRF_SETSDriver!IopCsqCancelRoutine+3f
Followup: MachineOwner
---------
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click. — Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to ntfsd as: xxxxx@positivenetworks.net To unsubscribe send a blank email to xxxxx@lists.osr.com
----------------------------------
Steve Dispensa
MVP - Windows DDK
www.kernelmustard.com
—
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click. — Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17 You are currently subscribed to ntfsd as: xxxxx@positivenetworks.net To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click.