How to open a named mutex in kernel mode?

Provided that we have two threads A and B. A is a user-mode thread, and B is a kernel-mode thread.

As we know, if A call CreateEvent to create a named event, then B can open the named event in kernel mode.

However, if A calls CreateMutex to create a named mutex, how does B open the named mutex in kernel mode?

Why is there no ZwOpenMutant akin to ZwOpenEvent in kernel mode?

Furthermore, what’s the difference between a user-mode mutex and a kernel one?

Most of us consider sharing an event to be a really bad idea, let alone a
mutex like structure. A mutant can be abandoned leaving things permanently
locked up while a mutex can’t, so using a mutant in the kernel is a really
stupid idea.

Rethink your design, sharing a mutex this way is great for crashes but not
much else.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Monday, August 12, 2013 7:13 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to open a named mutex in kernel mode?

Provided that we have two threads A and B. A is a user-mode thread, and B is
a kernel-mode thread.

As we know, if A call CreateEvent to create a named event, then B can open
the named event in kernel mode.

However, if A calls CreateMutex to create a named mutex, how does B open the
named mutex in kernel mode?

Why is there no ZwOpenMutant akin to ZwOpenEvent in kernel mode?

Furthermore, what’s the difference between a user-mode mutex and a kernel
one?


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

What is the need in this?


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntdev…
> Provided that we have two threads A and B. A is a user-mode thread, and B is a kernel-mode thread.
>
> As we know, if A call CreateEvent to create a named event, then B can open the named event in kernel mode.
>
> However, if A calls CreateMutex to create a named mutex, how does B open the named mutex in kernel mode?
>
> Why is there no ZwOpenMutant akin to ZwOpenEvent in kernel mode?
>
> Furthermore, what’s the difference between a user-mode mutex and a kernel one?
>

> A mutant can be abandoned leaving things permanently locked up while a mutex can’t, so using a mutant

in the kernel is a really stupid idea.

Well, the only possible way to turn a mutant into abandoned one is to terminate a thread that owns it at the moment. However, a thread cannot be terminated until it is about to make a return to the userland under any more or less sanely designed OS. Therefore, inability to abandon a kernel mutex by its owner is due to the fact that its owner runs in the kernel mode while holding the mutex, rather than to some feature(s) specific to a mutex construct per se…

Anton Bassov

They are separate types in the Windows kernel, and at least in the past
separate code paths for many operations. So I would not be surprised if
there was more to it than just the abandoned stuff, but that is all that is
documented.

Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Wednesday, August 14, 2013 2:49 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to open a named mutex in kernel mode?

A mutant can be abandoned leaving things permanently locked up while a
mutex can’t, so using a mutant in the kernel is a really stupid idea.

Well, the only possible way to turn a mutant into abandoned one is to
terminate a thread that owns it at the moment. However, a thread cannot be
terminated until it is about to make a return to the userland under any more
or less sanely designed OS. Therefore, inability to abandon a kernel mutex
by its owner is due to the fact that its owner runs in the kernel mode while
holding the mutex, rather than to some feature(s) specific to a mutex
construct per se…

Anton Bassov


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> They are separate types in the Windows kernel, and at least in the past separate code paths

for many operations.

IIRC, in terms of binary layout they are described by the same structure. However, when it comes to structure initialization, there are, indeed, some subtle differences…

So I would not be surprised if there was more to it than just the abandoned stuff, but that is
all that is documented.

Apparently, yes -after all, if they were identical, from KeWaitXXX() and friends perspective, to one another, there would be no need to initialize them differently, right…

Anton Bassov

As far as I can tell, we never did get an answer to this question.

My response is, “If you think you need to access a named mutex from the
kernel, your design is so fundamentally screwed up nothing can save it”.
Sort of like asking for the best glue to fasten cast-iron wings to a pig.
joe

What is the need in this?


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntdev…
>> Provided that we have two threads A and B. A is a user-mode thread, and
>> B is a kernel-mode thread.
>>
>> As we know, if A call CreateEvent to create a named event, then B can
>> open the named event in kernel mode.
>>
>> However, if A calls CreateMutex to create a named mutex, how does B open
>> the named mutex in kernel mode?
>>
>> Why is there no ZwOpenMutant akin to ZwOpenEvent in kernel mode?
>>
>> Furthermore, what’s the difference between a user-mode mutex and a
>> kernel one?
>>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

> "If you think you need to access a named mutex from the kernel, your design is so fundamentally

screwed up nothing can save it"

This is for sure…

Consider what happens if thread that currently owns mutex terminates. As long as it is kernel mutex a thread
will have to leave the region that mutex guards before it can get terminated, because it cannot get terminated until it is about to return to the userland. However, if it runs in the userland the above protection mechanism does not apply to KM waiters that may find the region that mutex guards in inconsistent state if mutex gets abandoned…

Therefore, a design that needs to access a named mutex from the kernel is fundamentally broken…

Anton Bassov