DRIVER_VERIFIER_DETECTED_VIOLATION (0x38) on rdbsslib.lib

NTFSD
1

Hi Again.

I simply wanted to find out if anyone has succeeded in running driver
verifier without bugchecks when they ran it on a FSD created using MS’s
new RDR approach using RDBSSLIB.LIB. That way I would know if the bug is
in MS’s new RDR library or is it in my FSD. Please help.

Previous e-mail with correction (rdbss.lib replaced by rdbsslib.lib) :

I wanted to find out if rdbsslib.lib that comes with Srv2003 IFSKIT
passes all driver verifier tests and whether I am wasting my time trying
to get driver verifier pass all tests on my Pseudo FSD.

I am writing a FSD (part of a pseudo file system) that uses Zw calls to
perform file operations on the local disk. I am relying on rdbsslib.lib
and linking to rdbsslib.lib to get network redirector functionality.

My driver runs fine without driver verifier on XP SP1. On 2000, I have
major problems but that’s beside the point. More importantly, when I
turn driver verifier ON for my driver and try to read a file on my
redirected drive, I get :

0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION P1 = 0x38 P2 = 0 P3 = 0.
(The driver tried to release a resource, but APCs are not disabled.)

The call stack references rdbsslib.lib functions not mine giving me the
impression that rdbsslib.lib (from Srv03 IFSKIT) is buggy.

Ntoskrnl!KeRegisterbugcheckreasoncallback
Ntoskrnl!RtlCompressBuffer
Vkfsdrv!FsRTLCopyRead2
Vkfsdrv!RxFastIoRead
Ntoskrnl!ntreadfile

Do I need to call FsRTLEnter/ExitFileSystem before calling Zw calls or
should I just not try to get driver verifier working with my driver ?
Please let me know if you need more details.

FYI : I also got some driver verifier exceptions on mrxsmb.sys.

Thanks a lot for your help !

Amitabh Mathrawala

2

Although I don’t know exact answer to your question,
I don’t believe it is a bug in rdbss.sys. If it was, we here in NTFSD
would already knew about it.

From the bugcheck description, it looks like someone
called ExReleaseResource with APCs enabled (call to ExAcquire/Release
Resource pair must be wrapped by
KeEnterCriticalRegion/KeLeaveCriticalRegion).

Also using Zw functions in pseudo-FSD looks suspicious to me
(well, I don’t know exact functionalty of your driver, so
maybe I am wrong).

L.

3

Thanks for answering Ladislav. I guess having some answer is better than
having no answer at all :-).
I am linking my driver with rdbsslib.lib and not using rdbss.sys. Maybe
that’s what I am doing wrong here. Srv03 SP1 beta IFSKIT instructed me
to
use the library and not use rdbss.sys.
I doublechecked my source code (without rdbsslib.lib) and it does not
seem
To be using ExAcquire/Release Resource at all. I know rdbsslib.lib uses
it internally. I am using Zw functions though, but I have to use them
since my driver architechture requires file IO from local disk to
fulfill it’s purpose. I guess I not use Zw functions and create new IRPs
like Tony suggested in previous articles. But would that help here ?

I’m now trying to find out more information about the bug but !verifier
0xf is not helping at all.

kd> !verifier 0xf

Verify Level 2 … enabled options are:
special irql

Summary of All Verifier Statistics

RaiseIrqls 0x0
AcquireSpinLocks 0xce6
Synch Executions 0x0
Trims 0x4e5

Pool Allocations Attempted 0x6f
Pool Allocations Succeeded 0x6f
Pool Allocations Succeeded SpecialPool 0x1b
Pool Allocations With NO TAG 0x0
Pool Allocations Failed 0x0
Resource Allocations Failed Deliberately 0x0

Current paged pool allocations 0x0 for 00000000 bytes
Peak paged pool allocations 0x0 for 00000000 bytes
Current nonpaged pool allocations 0x0 for 00000000 bytes
Peak nonpaged pool allocations 0x0 for 00000000 bytes

Driver Verification List

Entry State NonPagedPool PagedPool Module

85631f08 Loaded 00000000 00000000 vkfsdrv.sys

Fault injection trace log

3b3b3bba +0x3B3B3BBA
137b13a3 +0x137B13A3
37b73033 +0x37B73033
3716233b +0x3716233B

33313313 +0x33313313
f2333333 +0xFFFFFFFFF2333333
57531271 +0x57531271
70b733b7 +0x70B733B7

7a377fb7 +0x7A377FB7
2b3173a3 +0x2B3173A3
3b221337 +0x3B221337
333b333b +0x333B333B

4771a017 +0x4771A017
36d32033 +0x36D32033
e2735933 +0xFFFFFFFFE2735933
91333323 +0xFFFFFFFF91333323

Track irql trace log

Size of track irql queue is 0x80

Thread: 00000000
Old irql: 00000000
New irql: 00000000
Processor: 00000000
Time stamp: 00000000

Thread: 00000000
Old irql: 00000000
New irql: 00000000
Processor: 00000000
Time stamp: 00000000

Thread: 00000000
Old irql: 00000000
New irql: 00000000
Processor: 00000000
Time stamp: 00000000

Thread: 00000000
Old irql: 00000000
New irql: 00000000
Processor: 00000000
Time stamp: 00000000

If anyone has any information about, I would appreciate if you could let
me know.

Thanks.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Thursday, October 06, 2005 11:08 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] DRIVER_VERIFIER_DETECTED_VIOLATION (0x38) on
rdbsslib.lib

Although I don’t know exact answer to your question,
I don’t believe it is a bug in rdbss.sys. If it was, we here in NTFSD
would already knew about it.

From the bugcheck description, it looks like someone
called ExReleaseResource with APCs enabled (call to ExAcquire/Release
Resource pair must be wrapped by
KeEnterCriticalRegion/KeLeaveCriticalRegion).

Also using Zw functions in pseudo-FSD looks suspicious to me
(well, I don’t know exact functionalty of your driver, so
maybe I am wrong).

L.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@viack.com
To unsubscribe send a blank email to xxxxx@lists.osr.com