KeWaitForSingleObject & PagedPool (known problem?)

NTDEV
1

Hi guys!

I'm solving a bugcheck on KeWaitForSingleObject for mutex allocated in
PagedPool.

KeWaitForSingleObject(&rwl->guard, Executive, KernelMode, FALSE, NULL);

(code is executing in a worker thread and i'm running the driver from
verifier)

As you can see I don't specify "UserMode" as told in DDK documentation. I
searched a little and found the next article:

http://support.microsoft.com/kb/186775/en-us

It contains the next tip:

  1. Never allocate dispatcher objects from a paged pool. If you do, it will
    cause occasional system bugchecks.

Can anyone tell me is it true?

Vlad

2

Yeah, I would expect that the kernel will at times (or maybe always!)
access the object at DISPATCH or higher IRQL, which means that paged out
pages will not be available, and thus cause a page-fault, which causes a
BSOD.

Just allocate it from the non-paged pool and all will be fine.

Anything that may be used (read, written or executed) at DISPATCH level or
higher must be non-paged because the definition of DISPATCH level is that
you can’t switch thread. Since paging by definition requires another thread
to run (the “swapper” or “paging” thread in the kernel), you will not be
able to get whatever paged it.

The scary thing is that if you weren’t running DV, you’d probably be able
to run this code for a few days without failure, because in most cases, the
page will still be available when the kernel tries to access it, only once
in a blue moon will it be unavailable…


Mats

xxxxx@lists.osr.com wrote on 10/22/2004 11:53:12 AM:

Hi guys!

I’m solving a bugcheck on KeWaitForSingleObject for mutex allocated in
PagedPool.

KeWaitForSingleObject(&rwl->guard, Executive, KernelMode, FALSE, NULL);

(code is executing in a worker thread and i’m running the driver from
verifier)

As you can see I don’t specify “UserMode” as told in DDK documentation. I
searched a little and found the next article:

http://support.microsoft.com/kb/186775/en-us

It contains the next tip:

  1. Never allocate dispatcher objects from a paged pool. If you do, it
    will
    cause occasional system bugchecks.

Can anyone tell me is it true?

Vlad

Questions? First check the Kernel Driver FAQ at http://www.
osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

ForwardSourceID:NT00005ED2

3

Hi Mats,

Yeah, I would expect that the kernel will at times (or maybe always!)
access the object at DISPATCH or higher IRQL, which means that paged out
pages will not be available, and thus cause a page-fault, which causes a
BSOD.

Thanks a lot. I’ve just finished my own investigation and found that
KeWaitForSingleObject raises IRQL up to DISPATCH_LEVEL and then got access
to object.

I slightly wonder why this behavior isn’t documented? (or am I missed
something?)

Vlad

4

I can’t explain why it’s not documented, but it does make sense that the OS
wants to prevent other processes from doing work when it’s in (for example)
KeWaitForSingleObject, as it coule be quite easy to create various types of
race conditions and such if other processes/threads were allowed to run at
the same time.

Just my idea from knowing about general OS functions, no special
understanding of the NT kernel itself.


Mats

xxxxx@lists.osr.com wrote on 10/22/2004 12:33:07 PM:

Hi Mats,

>
> Yeah, I would expect that the kernel will at times (or maybe always!)
> access the object at DISPATCH or higher IRQL, which means that paged
out
> pages will not be available, and thus cause a page-fault, which causes
a
> BSOD.

Thanks a lot. I’ve just finished my own investigation and found that
KeWaitForSingleObject raises IRQL up to DISPATCH_LEVEL and then got
access
to object.

I slightly wonder why this behavior isn’t documented? (or am I missed
something?)

Vlad

Questions? First check the Kernel Driver FAQ at http://www.
osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

ForwardSourceID:NT00005EDE

5

I would argue that it is documented, directly in the names of the objects.
It shouldn’t surprise you that *Dispatcher* objects are accessed at
*DISPATCH_LEVEL*.


Jake Oshins
Windows Kernel Group

This posting is provided “AS IS” with no warranties, and confers no rights.

“Vladislav Goncharov” wrote in message
news:xxxxx@ntdev…
> Hi Mats,
>
>>
>> Yeah, I would expect that the kernel will at times (or maybe always!)
>> access the object at DISPATCH or higher IRQL, which means that paged out
>> pages will not be available, and thus cause a page-fault, which causes a
>> BSOD.
>
> Thanks a lot. I’ve just finished my own investigation and found that
> KeWaitForSingleObject raises IRQL up to DISPATCH_LEVEL and then got access
> to object.
>
> I slightly wonder why this behavior isn’t documented? (or am I missed
> something?)
>
> Vlad
>
>
>

6

Yes, it is documented that all sync objects must be nonpaged.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Vladislav Goncharov”
To: “Windows System Software Devs Interest List”
Sent: Friday, October 22, 2004 3:33 PM
Subject: Re: [ntdev] KeWaitForSingleObject & PagedPool (known problem?)

> Hi Mats,
>
> >
> > Yeah, I would expect that the kernel will at times (or maybe always!)
> > access the object at DISPATCH or higher IRQL, which means that paged out
> > pages will not be available, and thus cause a page-fault, which causes a
> > BSOD.
>
> Thanks a lot. I’ve just finished my own investigation and found that
> KeWaitForSingleObject raises IRQL up to DISPATCH_LEVEL and then got access
> to object.
>
> I slightly wonder why this behavior isn’t documented? (or am I missed
> something?)
>
> Vlad
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com