Experiences with low resources simulations ?

Hi, all

I want my filter to work under all Verifier options set to on
(especially Low resources simulation, which is a must for some
certifications).

If the filter does many things depend upon allocated memory,
I’m afraid that even if the filter works correctly,
the system may fail to boot.

Imagine a situation where the system loads one of the critical
processs (let’s say winlogon.exe), and one of the pages could not be loaded.
I expect that it will BSOD.

Is that scenario possible or does the low resources simulation
start since a certain point when the system is fully initialized ?

L.

I believe I saw quite a few boot BSODs with LRS on - I am not testing with it
now.

Ladislav Zezula wrote:

Hi, all

I want my filter to work under all Verifier options set to on
(especially Low resources simulation, which is a must for some
certifications).

If the filter does many things depend upon allocated memory,
I’m afraid that even if the filter works correctly,
the system may fail to boot.

Imagine a situation where the system loads one of the critical
processs (let’s say winlogon.exe), and one of the pages could not be loaded.
I expect that it will BSOD.

Is that scenario possible or does the low resources simulation
start since a certain point when the system is fully initialized ?

L.


Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@alfasp.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Ladislav

So according to my understanding low resource simulation works by failing
some resource requests for the driver which is configured subject of
verifier and it does not just go fail resource requests of other components
than the configured subject of verifier. So just configure verifier for your
driver and low resource simulation will just fail resource requests for your
driver. Also low resource simulation waits some period I thnk that is seven
minutes from when the configured driver is loaded before it starts.

So experiences … well low resource simulation is very powerful but you
have to think a bit about how you are going to use that option. It is not
something you just enable for all the time like for example special pool.

Here are some typical cases that I have picked up with help from low
resource simulation in driver verifier.

  1. Developer was creating a simple data item and just forgot to check the
    return value ExAllocatePoolXxx() was not null. This one was a bit obvious :slight_smile:

  2. Developer was creating a composite data item, somewhere like DriverEntry,
    which uses multiple allocations. Part way through an allocation fails and
    developer has checked the allocaiton but left the composite in a broken
    condition. Some time later along comes another thread which assumes the
    composite data item is valid … access violation. This one was a bit more
    fun :-o

  3. Developer aquired a lock around some allocation code for a shared data
    item, checked the allocation failed and did immediate return without release
    of the lock, then some other thread later tried to acquire the lock to
    access the data item … deadlock. This one was a lot more fun :open_mouth:

If I had not caught these with low resource simulation in my test lab then
almost for sure I would have had to deal with these at a customer site; I
know which scenario I prefer …

I have seen some cases where developer has wrapped allocations up in more or
less endless retry loops in order to overcome problems with low resource
simulation; this practice I can not recommend. I can however recommend
prudent and thoughtful use of low resource simulation.

Cheers
Lyndon

“Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
> Hi, all
>
> I want my filter to work under all Verifier options set to on
> (especially Low resources simulation, which is a must for some
> certifications).
>
> If the filter does many things depend upon allocated memory,
> I’m afraid that even if the filter works correctly,
> the system may fail to boot.
>
> Imagine a situation where the system loads one of the critical
> processs (let’s say winlogon.exe), and one of the pages could not be
> loaded.
> I expect that it will BSOD.
>
> Is that scenario possible or does the low resources simulation
> start since a certain point when the system is fully initialized ?
>
> L.
>
>

“Lyndon J Clarke” wrote in message
news:xxxxx@ntfsd…

[snip]

> I have seen some cases where developer has wrapped allocations up in more
> or less endless retry loops in order to overcome problems with low
> resource simulation; this practice I can not recommend. I can however
> recommend prudent and thoughtful use of low resource simulation.

IIRC, this won’t work, because verifier will keep failing this particular
allocation request.

As I understand it, there are really only two ways to deal with allocation
failures. One is to fail the request and undo everything you’ve done. Fine
for a non-critical device, not OK for the paging path. The other way is to
preallocate the minimum (at least) you need to make forward progress, then
use those resources serially when in low resource conditions. That means
you need to preallocate any sync primitives you may require, as well. Seems
like the most sensible place is the device extension, but there may be other
places that make more sense in certain architectures.

Phil

Philip D. Barila Windows DDK MVP
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.

Phil

IIRC, this won’t work, because verifier will keep failing this particular
allocation request.

Really? How interesting … well whichever is the case I would not recommend
the practice since all it seeks to do is circumvent, and undermine the
usefulness of, low resource simulation.

As I understand it, there are really only two ways to deal with allocation

Two excellent strategies where definite results are needed and there are
others … horses for courses and all that … not all developers have the
same degree of experience and discipline … and who with hand on heart has
never made a slip when the hot breath of project management is trained on
the collar :slight_smile:

Cheers
Lyndon

“Phil Barila” wrote in message
news:xxxxx@ntfsd…
> “Lyndon J Clarke” wrote in message
> news:xxxxx@ntfsd…
>
> [snip]
>
>> I have seen some cases where developer has wrapped allocations up in more
>> or less endless retry loops in order to overcome problems with low
>> resource simulation; this practice I can not recommend. I can however
>> recommend prudent and thoughtful use of low resource simulation.
>
> IIRC, this won’t work, because verifier will keep failing this particular
> allocation request.
>
> As I understand it, there are really only two ways to deal with allocation
> failures. One is to fail the request and undo everything you’ve done.
> Fine for a non-critical device, not OK for the paging path. The other way
> is to preallocate the minimum (at least) you need to make forward
> progress, then use those resources serially when in low resource
> conditions. That means you need to preallocate any sync primitives you
> may require, as well. Seems like the most sensible place is the device
> extension, but there may be other places that make more sense in certain
> architectures.
>
> Phil
> –
> Philip D. Barila Windows DDK MVP
> Seagate Technology, LLC
> (720) 684-1842
> As if I need to say it: Not speaking for Seagate.
>
>
>

> Is that scenario possible or does the low resources simulation

start since a certain point when the system is fully initialized ?

It starts later, in a minute or so. The OS must not BSOD with Low Resources
simulation, though the operations can fail.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

If I read correct, the low resources starts seven minutes after the system
starts …for some value of system starts.

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
>> Is that scenario possible or does the low resources simulation
>> start since a certain point when the system is fully initialized ?
>
> It starts later, in a minute or so. The OS must not BSOD with Low
> Resources
> simulation, though the operations can fail.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>

> So experiences … well low resource simulation is very powerful but you

have to think a bit about how you are going to use that option. It is not
something you just enable for all the time like for example special pool.

Sure. The biggest question is usually how to deal with allocation failure,
from the driver’s philosophy’s point of view.

If I read correct, the low resources starts seven minutes after the system
starts …for some value of system starts.

If it is really so, it is OK. There is always a way how to fail the complete
request, whatever this will mean for the application that has issued it.

Let me ask one more question - do you know if the allocation failures
could come from ExAllocatePool only or it includes lookaside lists too ?

L.

> Let me ask one more question - do you know if the allocation failures

could come from ExAllocatePool only or it includes lookaside lists too ?

From both. Lookasides use ExAllocatePoolWithTag internally.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com