Hi all,
I’m currently stuck in a problem with our mini-filter driver. The main
purpose of this driver is hsm but we added a new feature recently to handle
offline files on snapshot volumes. So whenever a previous version of an
offline file is accessed we do the following:
- Block pre create and copy the file from the snapshot to a temporary area.
(note: the original file on the snapshot is marked with our own reparse
point). - Redirect the file in post create to the copied location in temp area
This goes all well until we use Word to open a file over the network. What
we see at first glance is that oplocks do not work correctly and when
accessing the file Word runs into some 30 seconds timeout. After further
analysis we detected that the reparsed create comes with a DesiredAccess
value of 0. This is why the oplock is not correctly broken during the
“reparsed create”. I did a test and patched the 0 value in pre-create to the
value used in the original create IRP and that did the trick.
This is an excerpt from the FileSpy output that shows the situation:
Original create on shadow copy:
723 14:54:05.659 0 System 3908 FEF13C40 IRP
FF3223B0 IRP_MJ_CREATE 00000884 00000000 819DE500
00000000 00000000 00000000 00000000
\Device\HarddiskVolumeShadowCopy4\t1\test-data\02_Office_files\DOC -
WSA\Windows Server System Reference Architecture EULA.rtf STATUS_REPARSE
FILE_OPEN CreOpts: 00200140 Access: 00020089 Share: 00000005 Attrib: 0
Reissued IRP:
724 14:54:05.659 0 System 3908 819F7E78 IRP
FF3223B0 IRP_MJ_CREATE 00000884 00000000 819DE500
E1EC4800 E1E6C818 00000000 00000000
E:$HSM_Cache$HSM_REC_HarddiskVolumeShadowCopy4_0001000000000077.dat
STATUS_SUCCESS FILE_OPEN CreOpts: 00200140 Access: 0 Share: 00000005
Attrib: 0 Result: FILE_OPENED
Questions:
a. Does DesiredAccess == 0 have a special meaning?
b. Is IO Manager altering DesiredAccess when reissuing the IRP during
reparse processing? (note: I checked the value in the original post create
and it is still the original)
c. Are we doing something completely wrong / am I on the wrong track with my
whole analysis?
Any tips, hints or help are greatly appreciated.
Regards,
Lars
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4769 (20100113) __________
The message was checked by ESET NOD32 Antivirus.