FltFsControlFile crashing system

NTFSD
1

NTFSD Folk:

I’m having a problem with FltFsControlFile crashing the system. It’s a
pretty simple call:

USHORT iCompress = 1; // = COMPRESSION_FORMAT_DEFAULT
ULONG iLength;

status = FltFsControlFile(
RepositoryInstance, // Instance
foOut, // File Object
FSCTL_SET_COMPRESSION, // Control code
&iCompress, // Input buffer
sizeof(iCompress), // Input buffer size
NULL, // Output buffer
0, // Output buffer size
&iLength ); // Length returned

STACK_TEXT:
f1de4200 f9cb6502 817f0020 812874a8 81223f68 EFS!EFSFsControl+0x36
f1de4278 8041dc0f 817f0020 812874a8 00000000 Ntfs!U2+0xe2
f1de428c f9d3c3e6 00000000 812d44a4 00000000 nt!IopfCallDriver+0x35
WARNING: Stack unwind information not available. Following frames may be
wrong.
f1de42b0 f9d3d2bf f1de42d0 81224b00 00000000 fltmgr!FltGetIrpName+0xd79
f1de42e8 f9d4c490 81221c48 8122163c 00000002
fltmgr!FltPerformSynchronousIo+0xa5
f1de4348 f9d4c576 81221c48 81223f68 0000000d fltmgr!FltFlushBuffers+0x352
f1de4378 f1c7e20d 81221c48 81223f68 0009c040 fltmgr!FltFsControlFile+0x24
f1de440c f1c7f2f3 00000001 f1c77548 f1de4800 fkdriver!FKCreateFKSubdir+0x161
[z:\src\filesys\minifilter\fkdriver\fkgenerations.c @ 966]

This is after a successful FltCreateFileEx using RepositoryInstance. It
crashes on both Windows 2000 and XP.

ZwFsControlFile works OK and is a temporary workaround, but I presume that
FltFsControlFile is preferable?

Ken

Kenneth J. Cross, President
FileKeeper, Inc.

xxxxx@filekeeper.com

2

Ken,

This is a known bug and has already been fixed in Srv03 SP1.

It is not properly handling a NULL output buffer when the input buffer
is a kernel mode address.

There is a simple workaround. If you will give an address and length
for the OUTPUT buffer it will not crash. I would recommend some local
on the stack. Below is an example that fixes this:

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
rights

FILE_ZERO_DATA_INFORMATION zeroDataInfo;
ULONG lengthReturned;
ULONG forceFltMgrToBuffer;

zeroDataInfo.FileOffset.QuadPart = 0;
zeroDataInfo.BeyondFinalZero.QuadPart=
tombstoneInfo.EndOfFile.QuadPart;

status = FltFsControlFile( Instance,
Tombstone,
FSCTL_SET_ZERO_DATA,
&zeroDataInfo,
sizeof(FILE_ZERO_DATA_INFORMATION),
&forceFltMgrToBuffer, // used to be NULL
sizeof(ULONG), // used to be 0
&lengthReturned );

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Monday, March 14, 2005 6:23 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] FltFsControlFile crashing system

NTFSD Folk:

I’m having a problem with FltFsControlFile crashing the system. It’s a
pretty simple call:

USHORT iCompress = 1; // = COMPRESSION_FORMAT_DEFAULT
ULONG iLength;

status = FltFsControlFile(
RepositoryInstance, // Instance
foOut, // File Object
FSCTL_SET_COMPRESSION, // Control code
&iCompress, // Input buffer
sizeof(iCompress), // Input buffer size
NULL, // Output buffer
0, // Output buffer size
&iLength ); // Length returned

STACK_TEXT:
f1de4200 f9cb6502 817f0020 812874a8 81223f68 EFS!EFSFsControl+0x36
f1de4278 8041dc0f 817f0020 812874a8 00000000 Ntfs!U2+0xe2
f1de428c f9d3c3e6 00000000 812d44a4 00000000 nt!IopfCallDriver+0x35
WARNING: Stack unwind information not available. Following frames may be
wrong.
f1de42b0 f9d3d2bf f1de42d0 81224b00 00000000 fltmgr!FltGetIrpName+0xd79
f1de42e8 f9d4c490 81221c48 8122163c 00000002
fltmgr!FltPerformSynchronousIo+0xa5
f1de4348 f9d4c576 81221c48 81223f68 0000000d
fltmgr!FltFlushBuffers+0x352
f1de4378 f1c7e20d 81221c48 81223f68 0009c040
fltmgr!FltFsControlFile+0x24
f1de440c f1c7f2f3 00000001 f1c77548 f1de4800
fkdriver!FKCreateFKSubdir+0x161
[z:\src\filesys\minifilter\fkdriver\fkgenerations.c @ 966]

This is after a successful FltCreateFileEx using RepositoryInstance. It
crashes on both Windows 2000 and XP.

ZwFsControlFile works OK and is a temporary workaround, but I presume
that
FltFsControlFile is preferable?

Ken

Kenneth J. Cross, President
FileKeeper, Inc.

xxxxx@filekeeper.com

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com