During the processing of an IRP in my file system driver, I need to do
the following:
-
Acquire the resource of the target FCB.
-
Wait for a user-mode process to do some processing (while I am
holding the FCB’s resource).
-
Continue processing in the context of the original thread and then
release the resource of the FCB.
I have currently implemented this by waiting for an event using
KeWaitForMultipleObjects. The problem is that I want to enable the
termination of the calling process during this wait (step 2 above).
Because I have acquired an ERESOURCE in step 1, I have entered a
critical region before that and thus the code is in the critical region
during step 2. I have set a cancel routine for the IRP before step 2.
If I wait with WaitMode=KernelMode and Alertable=FALSE, the wait is not
broken and my cancel routine is not called if the user attempts to
terminate the calling process from Task Manager. Even if I wait with
WaitMode=UserMode and Alertable=TRUE, KeWaitForMultipleObjects does not
return when the user tries to terminate the process. Apparently, this is
because my code is inside a critical region. If I come out of the
critical region before the wait, then terminating the process makes
KeWaitForMultipleObjects return STATUS_USER_APC if WaitMode=UserMode.
The problem is that as far as I understand, I must be in a critical
region during the wait because I have acquired an ERESOURCE object.
Is there a way to somehow detect that the user has requested the
termination of the calling process? Perhaps if I periodically time out
the wait and check some flags in the process object or the thread
object? Are there any fields there that would reveal that the thread
should terminate as soon as control returns to user mode?
If detecting the thread termination request is not possible, are there
any other ways I could achieve my goal?
For safety and simplicity, I would like to use the original requesting
thread for steps 1 and 3. This seems important especially when
processing IRP_MJ_CREATE because the documentation of IoSetShareAccess
says: “The call must occur in the context of the first thread that
attempts to open the FileObject.” Also, I’m afraid that if I modify the
file object from another thread while the original thread is waiting,
the kernel stack of the original thread might be swapped out (which is a
problem because sometimes the file object is on the stack).
Thanks in advance!
Antti
Hi !
Look this sample (with source code):
http://wasm.ru/pub/21/files/kmd14.zip
Regards,
Marcos
----- Original Message -----
From: “Antti Nivala”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 09, 2004 1:48 PM
Subject: [ntfsd] How to detect the terminating of the current process/thread
while waiting?
During the processing of an IRP in my file system driver, I need to do
the following:
1. Acquire the resource of the target FCB.
2. Wait for a user-mode process to do some processing (while I am
holding the FCB’s resource).
3. Continue processing in the context of the original thread and then
release the resource of the FCB.
I have currently implemented this by waiting for an event using
KeWaitForMultipleObjects. The problem is that I want to enable the
termination of the calling process during this wait (step 2 above).
Because I have acquired an ERESOURCE in step 1, I have entered a
critical region before that and thus the code is in the critical region
during step 2. I have set a cancel routine for the IRP before step 2.
If I wait with WaitMode=KernelMode and Alertable=FALSE, the wait is not
broken and my cancel routine is not called if the user attempts to
terminate the calling process from Task Manager. Even if I wait with
WaitMode=UserMode and Alertable=TRUE, KeWaitForMultipleObjects does not
return when the user tries to terminate the process. Apparently, this is
because my code is inside a critical region. If I come out of the
critical region before the wait, then terminating the process makes
KeWaitForMultipleObjects return STATUS_USER_APC if WaitMode=UserMode.
The problem is that as far as I understand, I must be in a critical
region during the wait because I have acquired an ERESOURCE object.
Is there a way to somehow detect that the user has requested the
termination of the calling process? Perhaps if I periodically time out
the wait and check some flags in the process object or the thread
object? Are there any fields there that would reveal that the thread
should terminate as soon as control returns to user mode?
If detecting the thread termination request is not possible, are there
any other ways I could achieve my goal?
For safety and simplicity, I would like to use the original requesting
thread for steps 1 and 3. This seems important especially when
processing IRP_MJ_CREATE because the documentation of IoSetShareAccess
says: “The call must occur in the context of the first thread that
attempts to open the FileObject.” Also, I’m afraid that if I modify the
file object from another thread while the original thread is waiting,
the kernel stack of the original thread might be swapped out (which is a
problem because sometimes the file object is on the stack).
Thanks in advance!
Antti
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@uol.com.br
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks for the sample. Unfortunately, I don’t understand how it would help
me. I’m afraid it’s an answer to a different question than mine.
My problem is that I need to detect the “termination request” targeted at
the current thread (say “Thread A”), while this same thread (Thread A) is
waiting inside a kernel critical region. How can I do this? It seems that
being inside a critical region blocks me from receiving information about
the thread termination request even if I wait with WaitMode=UserMode and
Altertable=TRUE.
That is, the sequence is as follows (in “Thread A”):
- Thread A is a thread of a user-mode application, say Notepad.
- Thread A calls my FSD.
- My FSD calls FsRtlEnterFileSystem (to enter a critical region).
- My FSD acquires a resource (and must thus stay in the critical region).
- My FSD calls WaitForMultipleObjects with WaitMode=UserMode and
Alertable=TRUE.
NOW, the user might kill the process of Thread A from Task Manager. I would
like the wait to be aborted because the user has requested the process to be
killed, but this does not happen. Is there any way I can do this?
Thanks,
Antti
“Marcos Velasco - UOL” wrote:
> Hi !
>
> Look this sample (with source code):
> http://wasm.ru/pub/21/files/kmd14.zip
>
> Regards,
>
> Marcos
>
>
> ----- Original Message -----
> From: “Antti Nivala”
> To: “Windows File Systems Devs Interest List”
> Sent: Monday, August 09, 2004 1:48 PM
> Subject: [ntfsd] How to detect the terminating of the current
process/thread
> while waiting?
>
>
> During the processing of an IRP in my file system driver, I need to do
> the following:
>
> 1. Acquire the resource of the target FCB.
>
> 2. Wait for a user-mode process to do some processing (while I am
> holding the FCB’s resource).
>
> 3. Continue processing in the context of the original thread and then
> release the resource of the FCB.
>
> I have currently implemented this by waiting for an event using
> KeWaitForMultipleObjects. The problem is that I want to enable the
> termination of the calling process during this wait (step 2 above).
>
> Because I have acquired an ERESOURCE in step 1, I have entered a
> critical region before that and thus the code is in the critical region
> during step 2. I have set a cancel routine for the IRP before step 2.
>
> If I wait with WaitMode=KernelMode and Alertable=FALSE, the wait is not
> broken and my cancel routine is not called if the user attempts to
> terminate the calling process from Task Manager. Even if I wait with
> WaitMode=UserMode and Alertable=TRUE, KeWaitForMultipleObjects does not
> return when the user tries to terminate the process. Apparently, this is
> because my code is inside a critical region. If I come out of the
> critical region before the wait, then terminating the process makes
> KeWaitForMultipleObjects return STATUS_USER_APC if WaitMode=UserMode.
>
> The problem is that as far as I understand, I must be in a critical
> region during the wait because I have acquired an ERESOURCE object.
>
> Is there a way to somehow detect that the user has requested the
> termination of the calling process? Perhaps if I periodically time out
> the wait and check some flags in the process object or the thread
> object? Are there any fields there that would reveal that the thread
> should terminate as soon as control returns to user mode?
>
> If detecting the thread termination request is not possible, are there
> any other ways I could achieve my goal?
>
> For safety and simplicity, I would like to use the original requesting
> thread for steps 1 and 3. This seems important especially when
> processing IRP_MJ_CREATE because the documentation of IoSetShareAccess
> says: “The call must occur in the context of the first thread that
> attempts to open the FileObject.” Also, I’m afraid that if I modify the
> file object from another thread while the original thread is waiting,
> the kernel stack of the original thread might be swapped out (which is a
> problem because sometimes the file object is on the stack).
>
> Thanks in advance!
>
> Antti
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@uol.com.br
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>