dismount not dismounting immediately

Matthew_Roberts · June 23, 2009, 1:53pm

I have a driver which creates a virtual partition device - it supplies
sectors which are stored in a file on a physical disk. (like a Microsoft
VHD file).

When I am unloading, I am doing this :-

RtlInitUnicodeString(&DeviceName,\DosDevices\Device126);

InitializeObjectAttributes(&ObjAttr,
&DeviceName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE ,0,0);

status=ZwCreateFile(&DeviceHandle,
GENERIC_READ,&ObjAttr,&IoStatus,NULL,
0,FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
FILE_NO_INTERMEDIATE_BUFFERING|FILE_SYNCHRONOUS_IO_NONALERT,
0,0);

if(NT_SUCCESS(status))
{

status=ZwFsControlFile(DeviceHandle,
0,0,0,IoStatus,
FSCTL_DISMOUNT_VOLUME,
0,0,0,0);

ZwClose(handle);
}

// delete symbolic link \dosdevices\device126 => device

IoDeleteDevice(context->device);

Sometimes, my device doesn’t go away immediately. The file system still
has references to it.

Is there something else I can do to persuade the filesystem to dismount more
quickly?

–Matthew

OSR_Community_User · June 24, 2009, 12:21pm

On Tue, Jun 23, 2009 at 11:52 AM, MUP DevTeam wrote:
> Is there something else I can do to persuade the filesystem to dismount more
> quickly?

Hi Matthew,

Consider sending FSCTL_INAVLIDATE_VOLUMES to the volume. The WDK has
a few example implementations which should show how to create one.
(AFAICT, it’s not documented.)

Jeff

Matthew_Roberts · June 24, 2009, 7:57pm

Thank you for that hint.

I used IoGetDeviceObjectPointer (“\Fat”) to get Fat’s device object.
Then IoBuildDeviceIoControlRequest/IoCallDriver to send that Ioctl passing a handle to \device\device126 (replacing the ZwFsControlFile(FSCTL_DISMOUNT_VOLUME) call I had before)

And the volume does get immediately unmounted, and my driver unloads.

However, repeating the mount results in a crash. (I: is a symlink to the device the 2nd time.)

Although the invalidation worked, my guess is that it invalidated more than I intended it to.

PROCESS_NAME: explorer.exe

FAULTING_IP:
nt!IopMountVolume+143
817ec9d7 8b4010 mov eax,dword ptr [eax+10h]

EXCEPTION_RECORD: ffffffff – (.exr 0xffffffffffffffff)
ExceptionAddress: 817ec9d7 (nt!IopMountVolume+0x00000143)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000006c
Attempt to read from address 0000006c

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 0000006c

READ_ADDRESS: 0000006c

FOLLOWUP_IP:
nt!IopMountVolume+143
817ec9d7 8b4010 mov eax,dword ptr [eax+10h]

BUGCHECK_STR: ACCESS_VIOLATION

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 8168da3e to 817ec9d7

STACK_TEXT:
8ef819ac 8168da3e 8fbd4030 8ef81c00 00000000 nt!IopMountVolume+0x143
8ef819dc 81869498 8ef81c14 8ef81b00 8ef81a98 nt!IopCheckVpbMounted+0x60
8ef81ab8 8188f2ff 8fbd4030 00000000 91053ac8 nt!IopParseDevice+0x7fe
8ef81b48 81866fea 00000000 8ef81ba0 00000040 nt!ObpLookupObjectName+0x5a8
8ef81ba8 8185562a 02d9f6d8 00000000 84615001 nt!ObOpenObjectByName+0x13c
8ef81d54 816a0a7a 02d9f6d8 02d9f6b0 02d9f6f8 nt!NtQueryAttributesFile+0x125
8ef81d54 77889a94 02d9f6d8 02d9f6b0 02d9f6f8 nt!KiFastCallEntry+0x12a
WARNING: Stack unwind information not available. Following frames may be wrong.
02d9f6f8 76a28844 02d9f714 0042b910 00000000 ntdll!KiFastSystemCallRet
02d9f920 76a2816f 02e763f8 02ed17a8 02ed17a8 SHELL32!CMtPtLocal::IsAutorunPresent+0x9d

STACK_COMMAND: kb

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!IopMountVolume+143

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 47918b12

FAILURE_BUCKET_ID: ACCESS_VIOLATION_VRF_nt!IopMountVolume+143

BUCKET_ID: ACCESS_VIOLATION_VRF_nt!IopMountVolume+143

Followup: MachineOwner

kd> dt _object_attributes 02d9f6d8
nt!_OBJECT_ATTRIBUTES
+0x000 Length : 0x18
+0x004 RootDirectory : (null)
+0x008 ObjectName : 0x02d9f6f0 _UNICODE_STRING “??\I:\autorun.inf”
+0x00c Attributes : 0x40
+0x010 SecurityDescriptor : (null)
+0x014 SecurityQualityOfService : (null)

kd> !devobj 8fbd4030
Device object (8fbd4030) is for:
\Driver\test126 DriverObject 881983d0
Current Irp 00000000 RefCount 1 Type 00000007 Flags 00000050
Vpb 8e52f1d8 Dacl 916b7bac DevExt 8fbd40e8 DevObjExt 8fbd4138 Dope 9105c008
ExtensionFlags (0xc0000800) DOE_BOTTOM_OF_FDO_STACK, DOE_DESIGNATED_FDO
Unknown flags 0x00000800