is doing stuff in kernel mode faster?

I have a particular operation that opens a file, reads part of it, then
rewrites it. Currently, I use normal NT/Win32 APIs to open, read and
rewrite the file. This is all done in user mode in my application.

My application also includes a very simple device driver component – the
purpose of this component was to utilize LSA APIs that were kernel-only
until Windows 2000.

So, the question is, would this particular operation (which happens a LOT)
be any faster if I moved the code into my device driver? Basically, I
would change my NT/Win32 APIs with the Zw routines (ZwCreateFile,
ZwReadFile, ZwWriteFile). Presumably, this would save context switches
between user and kernel mode (since the entire set of APIs would execute
in kernel mode, instead of entering kernel mode/leaving kernel mode for
each API call), but I’m not sure – a Microsoft engineer told me that the
Zw APIs are only mappers onto the external APIs so that one could use
those APIs in a device driver.

So, what’s the consensus? Would moving to kernel mode make such a
sequence of operations perform faster?

Rob


Rob Newberry
Director of Fajita Technology
Group Logic, Inc.

The transition from user mode to kernel mode is not a context switch. There
is an ‘interrupt gate’ (Int 21) used on x86 systems to switch from user to
kernel mode, but this is much less overhead than a context switch. Basically
the transition gives the thread a new stack and opens up the kernel
protected VA space to the thread.

The Zw calls all have slightly less overhead than the equivalent NT system
service apis (the ones named Nt rather than Zw.) You would basically just be
saving the overhead of the INT 21 processing for user-kernelmode transition,
and that is not huge. Win32 of course adds an additional layer of software
on top of the system service api, but once again it is not overly bloated.

Of course the answer is that it would be marginally faster to do everything
in kernel mode. We could in fact all just abandon the concept of protected
rings of execution and have everybody execute their applications in one big
shared memory address space. We could call the resulting mess the ‘MacOS’
:slight_smile:

You should put code in a device driver because it is the only way to access
kernel protected resources. For NT4 - your use of a driver was correct as it
was the only way to get at the functionality you required. For W2K rather
than considering putting more of your application into the kernel you should
be considering getting it all out of the kernel.

-----Original Message-----
From: Rob Newberry [mailto:xxxxx@grouplogic.com]
Sent: Friday, October 06, 2000 10:55 AM
To: NT Developers Interest List
Subject: [ntdev] is doing stuff in kernel mode faster?

I have a particular operation that opens a file, reads part
of it, then
rewrites it. Currently, I use normal NT/Win32 APIs to open, read and
rewrite the file. This is all done in user mode in my application.

My application also includes a very simple device driver
component – the
purpose of this component was to utilize LSA APIs that were
kernel-only
until Windows 2000.

So, the question is, would this particular operation (which
happens a LOT)
be any faster if I moved the code into my device driver? Basically, I
would change my NT/Win32 APIs with the Zw routines (ZwCreateFile,
ZwReadFile, ZwWriteFile). Presumably, this would save
context switches
between user and kernel mode (since the entire set of APIs
would execute
in kernel mode, instead of entering kernel mode/leaving
kernel mode for
each API call), but I’m not sure – a Microsoft engineer told
me that the
Zw APIs are only mappers onto the external APIs so that one could use
those APIs in a device driver.

So, what’s the consensus? Would moving to kernel mode make such a
sequence of operations perform faster?

Rob


Rob Newberry
Director of Fajita Technology
Group Logic, Inc.


You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

I thought it was Int 2E.

----- Original Message -----
From: “Roddy, Mark”
To: “NT Developers Interest List”
Sent: Friday, October 06, 2000 8:23 AM
Subject: [ntdev] RE: is doing stuff in kernel mode faster?

> The transition from user mode to kernel mode is not a context switch.
There
> is an ‘interrupt gate’ (Int 21) used on x86 systems to switch from user to
> kernel mode, but this is much less overhead than a context switch.
Basically
> the transition gives the thread a new stack and opens up the kernel
> protected VA space to the thread.
>
> The Zw calls all have slightly less overhead than the equivalent NT system
> service apis (the ones named Nt rather than Zw.) You would basically just
be
> saving the overhead of the INT 21 processing for user-kernelmode
transition,
> and that is not huge. Win32 of course adds an additional layer of software
> on top of the system service api, but once again it is not overly bloated.
>
> Of course the answer is that it would be marginally faster to do
everything
> in kernel mode. We could in fact all just abandon the concept of protected
> rings of execution and have everybody execute their applications in one
big
> shared memory address space. We could call the resulting mess the ‘MacOS’
> :slight_smile:
>
> You should put code in a device driver because it is the only way to
access
> kernel protected resources. For NT4 - your use of a driver was correct as
it
> was the only way to get at the functionality you required. For W2K rather
> than considering putting more of your application into the kernel you
should
> be considering getting it all out of the kernel.
>
> > -----Original Message-----
> > From: Rob Newberry [mailto:xxxxx@grouplogic.com]
> > Sent: Friday, October 06, 2000 10:55 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] is doing stuff in kernel mode faster?
> >
> >
> >
> > I have a particular operation that opens a file, reads part
> > of it, then
> > rewrites it. Currently, I use normal NT/Win32 APIs to open, read and
> > rewrite the file. This is all done in user mode in my application.
> >
> > My application also includes a very simple device driver
> > component – the
> > purpose of this component was to utilize LSA APIs that were
> > kernel-only
> > until Windows 2000.
> >
> > So, the question is, would this particular operation (which
> > happens a LOT)
> > be any faster if I moved the code into my device driver? Basically, I
> > would change my NT/Win32 APIs with the Zw routines (ZwCreateFile,
> > ZwReadFile, ZwWriteFile). Presumably, this would save
> > context switches
> > between user and kernel mode (since the entire set of APIs
> > would execute
> > in kernel mode, instead of entering kernel mode/leaving
> > kernel mode for
> > each API call), but I’m not sure – a Microsoft engineer told
> > me that the
> > Zw APIs are only mappers onto the external APIs so that one could use
> > those APIs in a device driver.
> >
> > So, what’s the consensus? Would moving to kernel mode make such a
> > sequence of operations perform faster?
> >
> > Rob
> >
> > ---------------------------------------------------------------------
> > Rob Newberry
> > Director of Fajita Technology
> > Group Logic, Inc.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@stratus.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@hotmail.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>

Ah, but what’s 0x0d between friends ? :wink:

Yeah, it is 2e for the system calls.

Regards,

Paul Bunn, UltraBac.com, 425-644-6000
Microsoft MVP - WindowsNT/2000
http://www.ultrabac.com

-----Original Message-----
From: Noman Smith [mailto:xxxxx@hotmail.com]
Sent: Friday, October 06, 2000 10:11 AM
To: NT Developers Interest List
Subject: [ntdev] RE: is doing stuff in kernel mode faster?

I thought it was Int 2E.

----- Original Message -----
From: “Roddy, Mark”
To: “NT Developers Interest List”
Sent: Friday, October 06, 2000 8:23 AM
Subject: [ntdev] RE: is doing stuff in kernel mode faster?

> The transition from user mode to kernel mode is not a context switch.
There
> is an ‘interrupt gate’ (Int 21) used on x86 systems to switch from user to
> kernel mode, but this is much less overhead than a context switch.
Basically
> the transition gives the thread a new stack and opens up the kernel
> protected VA space to the thread.

Yup it is. That was just a test to see if anybody was awake :slight_smile:

-----Original Message-----
From: Noman Smith [mailto:xxxxx@hotmail.com]
Sent: Friday, October 06, 2000 1:11 PM
To: NT Developers Interest List
Subject: [ntdev] RE: is doing stuff in kernel mode faster?

I thought it was Int 2E.

----- Original Message -----
From: “Roddy, Mark”
> To: “NT Developers Interest List”
> Sent: Friday, October 06, 2000 8:23 AM
> Subject: [ntdev] RE: is doing stuff in kernel mode faster?
>
>
> > The transition from user mode to kernel mode is not a
> context switch.
> There
> > is an ‘interrupt gate’ (Int 21) used on x86 systems to
> switch from user to
> > kernel mode, but this is much less overhead than a context switch.
> Basically
> > the transition gives the thread a new stack and opens up the kernel
> > protected VA space to the thread.
> >
> > The Zw calls all have slightly less overhead than the
> equivalent NT system
> > service apis (the ones named Nt rather than Zw.) You would
> basically just
> be
> > saving the overhead of the INT 21 processing for user-kernelmode
> transition,
> > and that is not huge. Win32 of course adds an additional
> layer of software
> > on top of the system service api, but once again it is not
> overly bloated.
> >
> > Of course the answer is that it would be marginally faster to do
> everything
> > in kernel mode. We could in fact all just abandon the
> concept of protected
> > rings of execution and have everybody execute their
> applications in one
> big
> > shared memory address space. We could call the resulting
> mess the ‘MacOS’
> > :slight_smile:
> >
> > You should put code in a device driver because it is the only way to
> access
> > kernel protected resources. For NT4 - your use of a driver
> was correct as
> it
> > was the only way to get at the functionality you required.
> For W2K rather
> > than considering putting more of your application into the
> kernel you
> should
> > be considering getting it all out of the kernel.
> >
> > > -----Original Message-----
> > > From: Rob Newberry [mailto:xxxxx@grouplogic.com]
> > > Sent: Friday, October 06, 2000 10:55 AM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] is doing stuff in kernel mode faster?
> > >
> > >
> > >
> > > I have a particular operation that opens a file, reads part
> > > of it, then
> > > rewrites it. Currently, I use normal NT/Win32 APIs to
> open, read and
> > > rewrite the file. This is all done in user mode in my
> application.
> > >
> > > My application also includes a very simple device driver
> > > component – the
> > > purpose of this component was to utilize LSA APIs that were
> > > kernel-only
> > > until Windows 2000.
> > >
> > > So, the question is, would this particular operation (which
> > > happens a LOT)
> > > be any faster if I moved the code into my device driver?
> Basically, I
> > > would change my NT/Win32 APIs with the Zw routines (ZwCreateFile,
> > > ZwReadFile, ZwWriteFile). Presumably, this would save
> > > context switches
> > > between user and kernel mode (since the entire set of APIs
> > > would execute
> > > in kernel mode, instead of entering kernel mode/leaving
> > > kernel mode for
> > > each API call), but I’m not sure – a Microsoft engineer told
> > > me that the
> > > Zw APIs are only mappers onto the external APIs so that
> one could use
> > > those APIs in a device driver.
> > >
> > > So, what’s the consensus? Would moving to kernel mode make such a
> > > sequence of operations perform faster?
> > >
> > > Rob
> > >
> > >
> ---------------------------------------------------------------------
> > > Rob Newberry
> > > Director of Fajita Technology
> > > Group Logic, Inc.
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@stratus.com
> > > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
> > >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@hotmail.com
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@stratus.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>