Hello everyone,
Does anyone know of a way to verify/guarantee, from within your driver, that a user called DeviceIoControl with a valid OVERLAPPED structure? I’m already checking that the device file is opened with FILE_FLAG_OVERLAPPED and I’d like a way to make sure that all IOCTLs are called appropriately.
Thanks in advance,
Josh
Why in the world would you care. In your driver treat all requests as
asynchronous. The IO subsystem will take care of things if you have a
synchronous request.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Hello everyone,
>
> Does anyone know of a way to verify/guarantee, from within your driver,
> that a user called DeviceIoControl with a valid OVERLAPPED structure? I’m
> already checking that the device file is opened with FILE_FLAG_OVERLAPPED
> and I’d like a way to make sure that all IOCTLs are called appropriately.
>
> Thanks in advance,
> Josh
>
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of xxxxx@rtd.com[SMTP:xxxxx@rtd.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, November 15, 2007 9:45 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Guarantee OVERLAPPED structure from user’s DeviceIoControlDoes anyone know of a way to verify/guarantee, from within your driver, that a user called DeviceIoControl with a valid OVERLAPPED structure? I’m already checking that the device file is opened with FILE_FLAG_OVERLAPPED and I’d like a way to make sure that all IOCTLs are called appropriately.
Why and what you’d do if you detect an IOCTL which wasn’t called appropriately? It isn’t driver’s job. OVERLAPPED structure is Win32 thing and it should be checked there. Maybe checked build does it, have you tried?
It seems as you want to catch bugs made by user mode developers calling your driver. If it is a case, I’d recommend to write the bottom user mode layer and make necessary checks there. Or better, handle calls with no OVERLAPPED structure internally as synchronous calls (which should be made by Win32). I use this approach and everybody is happy with it 
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
Well, I am under the impression that it is a no-no to use synchronous IOCTL calls on a device file with FILE_FLAG_OVERLAPPED. If that is the case, I would like to be able to refuse/fail any IOCTL not called with an OVERLAPPED structure in order to prevent misuse of the driver.
Thanks,
Josh
And how will you see them when the IO manager already rejects them. You
don’t need to check the FILE OBJECT and you don’t need to reject the request
the OS will do the right thing.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Well, I am under the impression that it is a no-no to use synchronous
> IOCTL calls on a device file with FILE_FLAG_OVERLAPPED. If that is the
> case, I would like to be able to refuse/fail any IOCTL not called with an
> OVERLAPPED structure in order to prevent misuse of the driver.
>
> Thanks,
> Josh
>
Don:
I’m able to call DeviceIoControl with overlapped set to NULL, on a device file opened with FILE_FLAG_OVERLAPPED. What exactly is the IO manager doing, or should be doing?
Michal:
When you say “handle calls with no OVERLAPPED structure”, how do you determine that a call does not have an OVERLAPPED structure? That’s basically what I’m looking for.
Thanks,
Josh
If you can do this the IO manager pends the call for you, and releases it
when you finish the request. So why do you care what the upper levels are
doing, you are not part of that contract.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Don:
> I’m able to call DeviceIoControl with overlapped set to NULL, on a device
> file opened with FILE_FLAG_OVERLAPPED. What exactly is the IO manager
> doing, or should be doing?
>
> Michal:
> When you say “handle calls with no OVERLAPPED structure”, how do you
> determine that a call does not have an OVERLAPPED structure? That’s
> basically what I’m looking for.
>
> Thanks,
> Josh
>
Not a driver function. The IO manager takes care of any sync/async
issues. Your driver assumes all IO is async.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 3:45 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
Hello everyone,
Does anyone know of a way to verify/guarantee, from within your driver,
that a user called DeviceIoControl with a valid OVERLAPPED structure?
I’m already checking that the device file is opened with
FILE_FLAG_OVERLAPPED and I’d like a way to make sure that all IOCTLs are
called appropriately.
Thanks in advance,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Your impression is wrong.
What exactly do you mean by a ‘synchronous IOCTL’?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 4:04 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
Well, I am under the impression that it is a no-no to use synchronous
IOCTL calls on a device file with FILE_FLAG_OVERLAPPED. If that is the
case, I would like to be able to refuse/fail any IOCTL not called with
an OVERLAPPED structure in order to prevent misuse of the driver.
Thanks,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hmmm, If the IO Manager takes care of sync/async calls, why is it bad to make a synch call (no OVERLAPPED structure) on an async device file (opened with FILE_FLAG_OVERLAPPED)?
BTW, This seems to contradict the answers I received when I asked a similar question in this thread: http://www.osronline.com/showThread.cfm?link=119051
Thanks,
Josh
Mark:
By ‘synchronous IOCTL’, I mean calling DeviceIoControl with the ‘lpOverlapped’ parameter set to NULL.
Thanks,
Josh
There was nothing in your original question regarding wherher a DRIVER had
to do anything. IIRC in the past doing a sync call on an overlapped handle
caused problems for the application, but it NEVER AFFECTED THE DRIVER.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Hmmm, If the IO Manager takes care of sync/async calls, why is it bad to
> make a synch call (no OVERLAPPED structure) on an async device file
> (opened with FILE_FLAG_OVERLAPPED)?
>
> BTW, This seems to contradict the answers I received when I asked a
> similar question in this thread:
> http://www.osronline.com/showThread.cfm?link=119051
>
> Thanks,
> Josh
>
You are adding complexity to the driver where there should not be any. These types of things can be caught with analysis tools. IIRC, it is somewhat valid to call DeviceIoControl on an overlapped handle with a NULL overlapped. You could wait on the file handle (assuming no other io is pending) for instance to wait for it to complete.
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 1:13 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s DeviceIoControl
Don:
I’m able to call DeviceIoControl with overlapped set to NULL, on a device file opened with FILE_FLAG_OVERLAPPED. What exactly is the IO manager doing, or should be doing?
Michal:
When you say “handle calls with no OVERLAPPED structure”, how do you determine that a call does not have an OVERLAPPED structure? That’s basically what I’m looking for.
Thanks,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
It sounds like doing a driver-side check is not feasible. I’ll just have to document not to call the IOCTLs synchronously and leave it at that.
Thanks,
Josh
xxxxx@rtd.com wrote:
Well, I am under the impression that it is a no-no to use synchronous IOCTL calls on a device file with FILE_FLAG_OVERLAPPED.
What do you mean by “synchronous IOCTL calls”? Do you mean an ioctl
that a driver blocks instead of pending? If so, then there’s nothing
architecturally wrong with that. It might be unexpected, but it’s
perfectly legal.
An application can’t make a non-overlapped DeviceIoControl call on a
file handle opened with FILE_FLAG_OVERLAPPED. That’s an application
error. The documentation says that it “fails in unpredictable ways”.
If that is the case, I would like to be able to refuse/fail any IOCTL not called with an OVERLAPPED structure in order to prevent misuse of the driver.
A driver should never worry about how it was called. It should assume
that every request is asynchronous. If a request can be completed
quickly, then complete it. Otherwise, mark it pending.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
I always assumed that there was no harm in using a NULL overlapped with a
file handle opened with FILE_FLAG_OVERLAPPED (and I did it thousands of
times). But when I double checked the MSDN for DeviceIoControl today, I
found this note:
If hDevice was opened with the FILE_FLAG_OVERLAPPED flag, the operation is
performed as an overlapped (asynchronous) operation. In this case,
lpOverlapped must point to a valid OVERLAPPED structure that contains a
handle to an event object. Otherwise, the function fails in unpredictable
ways.
http://msdn2.microsoft.com/en-us/library/aa363216.aspx
The same note is present in the documentation of ReadFile.
Regarding the OP’s question, the user level code is responsible for using a
valid OVERLAPPED structure, and the I/O manager is responsible for checking
it. Your driver is not responsible to check anything like that, as
everything becomes anynchronous in the driver I/O dispatch routines.
Have a nice day
GV
----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Thursday, November 15, 2007 1:39 PM
Subject: RE: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
You are adding complexity to the driver where there should not be any.
These types of things can be caught with analysis tools. IIRC, it is
somewhat valid to call DeviceIoControl on an overlapped handle with a NULL
overlapped. You could wait on the file handle (assuming no other io is
pending) for instance to wait for it to complete.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 1:13 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
Don:
I’m able to call DeviceIoControl with overlapped set to NULL, on a device
file opened with FILE_FLAG_OVERLAPPED. What exactly is the IO manager doing,
or should be doing?
Michal:
When you say “handle calls with no OVERLAPPED structure”, how do you
determine that a call does not have an OVERLAPPED structure? That’s
basically what I’m looking for.
Thanks,
Josh
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> ----------
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of xxxxx@rtd.com[SMTP:xxxxx@rtd.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, November 15, 2007 10:12 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s DeviceIoControlWhen you say “handle calls with no OVERLAPPED structure”, how do you determine that a call does not have an OVERLAPPED structure? That’s basically what I’m looking for.
I meant to handle them in user mode. Write wrappers for this works and let app developers to use these wrappers instead of IOCTLs. When a caller of the wrapper doesn’t provide OVERLAPPED structure, use own one (local variable) and wait until IOCTL call returns.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
I guess he means DeviceIoControl() call with lpOverlapped parameter NULL. And I guess his impression is correct, athough IMO it should be handled by OS (Win32).
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Roddy, Mark[SMTP:xxxxx@stratus.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, November 15, 2007 10:28 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Guarantee OVERLAPPED structure from user’s DeviceIoControlYour impression is wrong.
What exactly do you mean by a ‘synchronous IOCTL’?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 4:04 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControlWell, I am under the impression that it is a no-no to use synchronous
IOCTL calls on a device file with FILE_FLAG_OVERLAPPED. If that is the
case, I would like to be able to refuse/fail any IOCTL not called with
an OVERLAPPED structure in order to prevent misuse of the driver.Thanks,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
The IO manager makes sure that if the driver pends an IOCTL control does
not return to a synchronous requesting thread until the request is
actually completed: it handles the sync application to async IO
subsystem problem. If your application makes an async request to a
driver that performs the request synchronously, there is no problem
other than the fact that your application’s requesting thread will not
get back control until the driver completes the request. The win32 API
demands an OVERLAPPED object for async requests as it needs a data
object into which to place completion status information.
How many people are you going to hear this from before you figure out
that it is in fact the way things work?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 4:36 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
Hmmm, If the IO Manager takes care of sync/async calls, why is it bad to
make a synch call (no OVERLAPPED structure) on an async device file
(opened with FILE_FLAG_OVERLAPPED)?
BTW, This seems to contradict the answers I received when I asked a
similar question in this thread:
http://www.osronline.com/showThread.cfm?link=119051
Thanks,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
See my other comments. Your driver simply does not and should not
concern itself with how it has been invoked by some thread. Instead
IOCTL processing should generally be asynchronous unless it can
completed without delay in the IOCTL dispatch routine, regardless of
what some application is doing with the win32 api.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@rtd.com
Sent: Thursday, November 15, 2007 4:39 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Guarantee OVERLAPPED structure from user’s
DeviceIoControl
Mark:
By ‘synchronous IOCTL’, I mean calling DeviceIoControl with the
‘lpOverlapped’ parameter set to NULL.
Thanks,
Josh
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer