Hello everybody,
Somedays back i had posted a question “Different types of APCs and their uses”.
I was told to read some documents.
I did that. However i have some confusion.
In the document on IRQLs and thread context,
“Normal kernel-mode APCs are delivered at the intermediate level that corresponds to PASSIVE_LEVEL in a critical region. The system delivers a normal kernel-mode APC when the target thread is already running at PASSIVE_LEVEL or when the thread is returning to PASSIVE_LEVEL after exiting from a critical region or after lowering the IRQL.”
and
“Special kernel-mode APCs are delivered at APC_LEVEL. The system delivers them if the target thread is running at an IRQL below APC_LEVEL or if the target thread is returning to an IRQL below APC_LEVEL.”
I am not quite able to understand why in the first line for Normal kernel mode APCs it is written that they are dlivered at intermediate level but in the second line it is written that system delivers them when target thread is running at PASSIVE_LEVEL.
Does the first line mean that it has been queued, and the second line means when it is processed?
Thanks.
Tushar
> I am not quite able to understand why in the first line for Normal kernel
mode
APCs it is written that they are dlivered at intermediate level
PASSIVE with critical region on. Kinda intermediate between real PASSIVE and
APC.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Thank you sir.
But what i really wanted to understand was that does first line mean that they are queued and the second line mean that they are processed/executed?
Thank you,
Tushar
>> Does the first line mean that it has been queued, and the second line
> means when it is processed?
APCs can be queued at IRQL <= DISPATCH_LEVEL, “queue APC” means - insert a
structure describing an APC ( i.e. KAPC ) in a threads’s APC queue.
“Deliver APC” means - remove the APC structure from the threads APC queue
and call APC’s routines. APC are always delivered( i.e. removed from the
queue ) at APC_LEVEL when the IRQL drops from APC_LEVEL to PASSIVE_LEVEL(
which might be initiated by “software interrupt” ), but depending on an APC
type the APC routines are called either at APC_LEVEL or PASSIVE_LEVEL.
APC structure is defined in WDK as KAPC which contains KernelRoutine and
NormalRoutine. KernelRoutine is always called at APC_LEVEL but NormalRoutine
is called at PASSIVE_LEVEL( the level is deliberately lowered from APC_LEVEL
to PASSIVE_LEVEL before calling and rised to APC_LEVEL after ).
There are also user-mode APCs for these APC the NormalRoutine is processed
in user-mode( which is always at PASSIVE_LEVEL ).
–
Slava Imameyev, xxxxx@hotmail.com
wrote in message news:xxxxx@ntfsd…
> Hello everybody,
>
> Somedays back i had posted a question “Different types of APCs and their
> uses”.
> I was told to read some documents.
> I did that. However i have some confusion.
> In the document on IRQLs and thread context,
>
> “Normal kernel-mode APCs are delivered at the intermediate level that
> corresponds to PASSIVE_LEVEL in a critical region. The system delivers a
> normal kernel-mode APC when the target thread is already running at
> PASSIVE_LEVEL or when the thread is returning to PASSIVE_LEVEL after
> exiting from a critical region or after lowering the IRQL.”
>
> and
>
> “Special kernel-mode APCs are delivered at APC_LEVEL. The system delivers
> them if the target thread is running at an IRQL below APC_LEVEL or if the
> target thread is returning to an IRQL below APC_LEVEL.”
>
> I am not quite able to understand why in the first line for Normal kernel
> mode APCs it is written that they are dlivered at intermediate level but
> in the second line it is written that system delivers them when target
> thread is running at PASSIVE_LEVEL.
> Does the first line mean that it has been queued, and the second line
> means when it is processed?
>
> Thanks.
>
> Tushar
>
Thank you slava,
If i got it right, following things apply:
- APCs can be queued at IRQL <= DISPATCH_LEVEL.
- APCs are removed (dequeued) at APC_LEVEL.
- APC routines are executes at IRQL PASSIVE/ APC depending on the type.
One more thing: Suppose the APC is a kernel mode APC, then are the following things correct:
- If it has a NormalRoutine, it is a normal kernel mode APC.
- And if it does not have a NormalRoutine, it is a special kernel mode APC
are the above two points right?
Thank you,
Tushar
>> If i got it right, following things apply:
Yes, correct.
- If it has a NormalRoutine, it is a normal kernel mode APC.
Correct
- And if it does not have a NormalRoutine, it is a special kernel mode
APC
Correct and Special Kernel Mode APCs are always inserted at the head of the
threads’ APC list before Normal Kernel Mode APCs.
–
Slava Imameyev, xxxxx@hotmail.com
wrote in message news:xxxxx@ntfsd…
> Thank you slava,
>
> If i got it right, following things apply:
> 1. APCs can be queued at IRQL <= DISPATCH_LEVEL.
> 2. APCs are removed (dequeued) at APC_LEVEL.
> 3. APC routines are executes at IRQL PASSIVE/ APC depending on the type.
>
> One more thing: Suppose the APC is a kernel mode APC, then are the
> following things correct:
> 1. If it has a NormalRoutine, it is a normal kernel mode APC.
> 2. And if it does not have a NormalRoutine, it is a special kernel mode
> APC
>
> are the above two points right?
>
> Thank you,
> Tushar
>
Thank you slava.
Too good… this forum is great…
ok… one more thing…
I have noticed in the WDK documentation that most of the file system calls (ex: ZwCreateFile, ZwReadFile, ZwWriteFile) have to be made at IRQL PASSIVE_LEVEL. I have two questions:
a. Why is it not possible to make a file system call at IRQL APC_LEVEL?
b. Can i make those calls at the intermediate IRQL. Can you also tell me the reason for the same?
Thank you once again.
Tushar.
> that most of the file system calls …
a. Why is it not possible to make a file system call at IRQL APC_LEVEL?
Some IRP requests( i.e. hand-maded requests from a driver ) to file system
drivers can be made at APC_LEVEL( but you should know exactly what requests
and conditions fot this ).
But Zw* functions issue IRPs( which are completed by inserting an APC ) and
wait for IRP completion.
So, at APC_LEVEL they either hang( because APCs are not delivered ) or
system crashes with a BSOD because an APC with invalid parameters( i.e.
allocated on the thread’s stack ) is called. Also, not all FSD services can
be called at APC_LEVEL.
b. Can i make those calls at the intermediate IRQL.
Yes for some requests if you create your own IRP( you must free this IRP
youself and your completion routine must return
STATUS_MORE_PROCESSING_REQUIRED ),
No for Zw* functions.
–
Slava Imameyev, xxxxx@hotmail.com
wrote in message news:xxxxx@ntfsd…
> Thank you slava.
>
> Too good… this forum is great…
> ok… one more thing…
>
> I have noticed in the WDK documentation that most of the file system calls
> (ex: ZwCreateFile, ZwReadFile, ZwWriteFile) have to be made at IRQL
> PASSIVE_LEVEL. I have two questions:
> a. Why is it not possible to make a file system call at IRQL APC_LEVEL?
> b. Can i make those calls at the intermediate IRQL. Can you also tell me
> the reason for the same?
>
> Thank you once again.
> Tushar.
>
> a. Why is it not possible to make a file system call at IRQL APC_LEVEL?
IopCompleteRequest APC delivery is blocked if you’re on APC_LEVEL.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com