Hi,
I am trying to write a filter driver which will prioritize requests sent
to the disk. I’m only interested in actual disk hits and not cache hits
(and I’m not concerned with network, so that’s one thing off my back!).
Depending on the PID which generated the original request, I have to
decide which request should go straight to the underlying driver, and
which request should be delayed. I know that paging writes cannot be
delayed, but I believe I should be able to delay everything else?
I have already done an encryption filter over the last few years, so I
know some of the gotchas, but I’m wondering what type of filter I should
write:
* Above the disk driver
Pros:
easier to write, and I only get what I am interested in
Cons:
Can I actually get the PID of the original caller?
* Above the FS driver
Pros:
I should be able to get (most of the time?) the PID of the original
process. But what about antivirus softwares that post the requests and
perform the actual READs and WRITEs from another context?
Cons:
I have to deal with the cache manager…
Another possibility would be a combination: “tag” requests at the FS
level and do the actual delaying at the disk level. But can I get the
original request at the disk level?
So the main question is: Is there a way to “reliably” get the PID of the
original request? At what level? What’s the best way to get it? I don’t
need 100% accuracy, but I’d like to be close enough to have some effect
on disk I/O priority globally.
Thanks!
Eric