KeWaitForXXX, APCs, Alerts, and thread termination

I’m somewhat confused as to what goes on with KeWaitForXXX() when special
actions are taken, such as kernel APCs, Alerts, and thread
termination. First off, what exactly is an alert? Just a generic way to
wake a thread up and tell it to return to user mode? As far as I can gleen
from the DDK, the wait functions can return STATUS_USER_APC if the
alertable parameter is true, and the waitmode is usermode. They can also
return STATUS_ALERTED if the alertable parameter is true, and a kernel mode
alert is delivered ( whatever that means ). The docs however do not say
that it will ever return STATUS_KERNEL_APC. Am I to understand that the
thread may be woken up to process kernel apcs, but the wait functions will
go back to sleep and not satisfy the wait? Also, is this “kernel mode
alert” how threads are terminated? If I wish to block for a long time,
should I set the alertable parameter to true so that I can be told I need
to return to user mode for thread termination with STATUS_ALERTED? Should
I also set WaitMode to UserMode so that I can be told to return to user
mode to allow user mode APCs to be delivered?
–>Phillip Susi
xxxxx@iag.net

I think the rule is that if the waitmode is KernelMode then the wait does
not abort when an APC is delivered. The
APC gets executed and the wait resumes.

If the wait is Usermode then the wait is aborted with STATUS_ALERTED.

If you want to be alerted during thread termination then this is how you
should wait.

status = KeWaitForSingleObject( &Event,
Executive,
UserMode,
(BOOLEAN) TRUE,
(PLARGE_INTEGER) NULL );

if(status == STATUS_ALERTED || status == STATUS_USER_APC)
{

// Handle the thread rundown case. .
}

This whole thing swirls my mind ): Hope this helps.
Eliyas

-----Original Message-----
From: Phillip Susi [mailto:xxxxx@iag.net]
Sent: Wednesday, June 28, 2000 8:21 AM
To: NT Developers Interest List
Subject: [ntdev] KeWaitForXXX, APCs, Alerts, and thread termination

I’m somewhat confused as to what goes on with KeWaitForXXX() when special
actions are taken, such as kernel APCs, Alerts, and thread
termination. First off, what exactly is an alert? Just a generic way to
wake a thread up and tell it to return to user mode? As far as I can gleen
from the DDK, the wait functions can return STATUS_USER_APC if the
alertable parameter is true, and the waitmode is usermode. They can also
return STATUS_ALERTED if the alertable parameter is true, and a kernel mode
alert is delivered ( whatever that means ). The docs however do not say
that it will ever return STATUS_KERNEL_APC. Am I to understand that the
thread may be woken up to process kernel apcs, but the wait functions will
go back to sleep and not satisfy the wait? Also, is this “kernel mode
alert” how threads are terminated? If I wish to block for a long time,
should I set the alertable parameter to true so that I can be told I need
to return to user mode for thread termination with STATUS_ALERTED? Should
I also set WaitMode to UserMode so that I can be told to return to user
mode to allow user mode APCs to be delivered?
–>Phillip Susi
xxxxx@iag.net


You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

> from the DDK, the wait functions can return STATUS_USER_APC if the

alertable parameter is true, and the waitmode is usermode. They can also
return STATUS_ALERTED if the alertable parameter is true, and a kernel
mode
alert is delivered ( whatever that means ).

NtAlertThread syscall?

thread may be woken up to process kernel apcs, but the wait functions will
go back to sleep and not satisfy the wait?

IIRC this is true even in Alertable=FALSE case, but only for special kernel
APCs
like IopCompleteRequest (BTW - is there any other special kernel
APCs?).

Also, is this "kernel mode

alert" how threads are terminated?

Threads are terminated by delivering an APC to it. PspExitSpecialApc is the
user APC from APC’s code point of view, though executed in kmode.

Should

I also set WaitMode to UserMode so that I can be told to return to user
mode to allow user mode APCs to be delivered?

Something like this. In this case, if wait returned with STATUS_USER_APC,
return to usermode as soon as possible, maybe failing the IRP on the way.
This can lead to thread termination which will otherwise be blocked by your
wait.
Drivers usually does not use Alertable=TRUE or WaitMode = UserMode anyway.

Max