deadlock when calling ObOpenObjectByPointer()

NTFSD
1

Why I got deadlock if I call ObOpenObjectByPointer() in IRP_MJ_WRITE dispatcher?

The code is as follow:
Thanks.

NTSTATUS
FsFilterWrite (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
//
// some other code
//

if (irpSp->FileObject->Flags & FO_HANDLE_CREATED)
{
status = ObOpenObjectByPointer(
irpSp->FileObject,
OBJ_KERNEL_HANDLE,
NULL,
0,
NULL,
KernelMode,
&FileHandle
);

if (STATUS_SUCCESS == status)
{
ZwQueryInformationFile(FileHandle, &iosb, &fii, sizeof fii,FileInternalInformation);
DbgPrint(“File Index Number: %d : %d”, fii.IndexNumber.LowPart, fii.IndexNumber.HighPart);
}
}
//
// some other code
//

}

2

Is it running at DISPATCH? That may cause the deadlock, it looks ok otherwise.

3

Several things:

  1. What’s the call stack of the hanging thread? No one can tell you what’s
    going on without seeing that.

  2. Calling ZwQueryInformationFile from the paging write path is going to
    lead to a deadlock eventually as well.

  3. Why are you even doing this? If you’re writing a minifilter you can just
    call FltQueryInformationFile. If you’re not writing a minifilter (which you
    should and is another conversation) then you can just build an IRP and send
    the query to the FO.

-scott

Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntfsd…

Why I got deadlock if I call ObOpenObjectByPointer() in IRP_MJ_WRITE
dispatcher?

The code is as follow:
Thanks.

NTSTATUS
FsFilterWrite (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
//
// some other code
//

if (irpSp->FileObject->Flags & FO_HANDLE_CREATED)
{
status = ObOpenObjectByPointer(
irpSp->FileObject,
OBJ_KERNEL_HANDLE,
NULL,
0,
NULL,
KernelMode,
&FileHandle
);

if (STATUS_SUCCESS == status)
{
ZwQueryInformationFile(FileHandle, &iosb, &fii,
sizeof fii,FileInternalInformation);
DbgPrint(“File Index Number: %d : %d”,
fii.IndexNumber.LowPart, fii.IndexNumber.HighPart);
}
}
//
// some other code
//

}

4

yes, I built an IRP to do the query and everything is ok now.

But I still don’t get why you were saying “Calling ZwQueryInformationFile from the paging write path is going to lead to a deadlock eventually”?

5

>But I still don’t get why you were saying "Calling ZwQueryInformationFile

from the paging write path is going to lead to >a deadlock eventually"?

Paging I/O is sent either at APC level or in a guarded region (depending on
the O/S release). Both of these disable special kernel APCs from executing,
which the Zw APIs ultimately use to perform I/O completion of asynchronous
I/Os. So, once one of the IRPs generated by your Zw call is pended the
thread will deadlock (it won’t make progress until the APC completes, but
the APC won’t complete because it’s blocked).

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntfsd…
> yes, I built an IRP to do the query and everything is ok now.
>
> But I still don’t get why you were saying “Calling ZwQueryInformationFile
> from the paging write path is going to lead to a deadlock eventually”?
>