Reference Counting in FS filter

OSR_Community_User · November 4, 2007, 10:33am

Hi all !

I implemented reference counting algorithm from OSR article “Tracking State
and Context - Reference Counting for File System Filter Drives”.

Here is the code for IRP_MJ_CLOSE:

if (!FlagOn(FileObject->Flags, FO_STREAM_FILE)

&&

(FileObject->SectionObjectPointer == NULL
||(CcGetFileObjectFromSectionPtrs(FileObject->SectionObjectPointer) !=
FileObject)))

{

Decrement MyContext->RefCounter

}

if (MyContext->RefCounter == 0 &&

(FileObject->SectionObjectPointer == NULL ||

(FileObject->SectionObjectPointer->DataSectionObject == NULL &&

FileObject->SectionObjectPointer->ImageSectionObject == NULL)))

{

Destroy MyContext

}

It works fine in most cases, but sometimes when the new file is
opened/created, its FileObject->FsContext is equal to one of
MyContext->FsContext that was not destroyed. Some examples of files that
were not destroyed are:

D:\WINDOWS\SYSTEM32\KBDUS.DLL

D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
DATA\MICROSOFT\PROTECT\S-1-5-21-57989841-162531612-725345543-500\D1550002-37
50-4C59-90CB-8B8BBDA36A7E

D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
DATA\MICROSOFT\PROTECT\CREDHIST

D:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.INI

D:\PROGRAM FILES\ALTIRIS\ALTIRIS AGENT\SOFTWARE DELIVERY\AEXSWDPOLICY.XML

Etc.

It seems that some closes are missed for these files. Is it possible that
close is not sent before FsContext release in case when reference counter
was 0 and DataSectionObject or ImageSectionObject were not NULL (in second
if)?

Do you have any other ideas?

Thanks,

Dani

Lyndon_J_Clarke-2 · November 4, 2007, 5:55pm

Dani - Why not use per stream contexts instead?

OSR_Community_User · November 5, 2007, 3:52am

I have to support W2K too, so FsRtlInsertPerStreamContext and
FsRtlRemovePerStreamContext cannot be used.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lyndon J Clarke
Sent: Monday, November 05, 2007 12:57 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Reference Counting in FS filter

Dani - Why not use per stream contexts instead?

Hi all !

I implemented reference counting algorithm from OSR article “Tracking State
and Context - Reference Counting for File System Filter Drives”.

Here is the code for IRP_MJ_CLOSE:

if (!FlagOn(FileObject->Flags, FO_STREAM_FILE)
&&
(FileObject->SectionObjectPointer == NULL
||(CcGetFileObjectFromSectionPtrs(FileObject->SectionObjectPointer) !=
FileObject)))
{
Decrement MyContext->RefCounter
}

if (MyContext->RefCounter == 0 &&
(FileObject->SectionObjectPointer == NULL ||
(FileObject->SectionObjectPointer->DataSectionObject == NULL &&
FileObject->SectionObjectPointer->ImageSectionObject == NULL)))
{
Destroy MyContext
}

It works fine in most cases, but sometimes when the new file is
opened/created, its FileObject->FsContext is equal to one of
MyContext->FsContext that was not destroyed. Some examples of files that
were not destroyed are:

D:\WINDOWS\SYSTEM32\KBDUS.DLL
D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
DATA\MICROSOFT\PROTECT\S-1-5-21-57989841-162531612-725345543-500\D1550002-37
50-4C59-90CB-8B8BBDA36A7E
D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
DATA\MICROSOFT\PROTECT\CREDHIST
D:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.INI
D:\PROGRAM FILES\ALTIRIS\ALTIRIS AGENT\SOFTWARE DELIVERY\AEXSWDPOLICY.XML
Etc.

It seems that some closes are missed for these files. Is it possible that
close is not sent before FsContext release in case when reference counter
was 0 and DataSectionObject or ImageSectionObject were not NULL (in second
if)?
Do you have any other ideas?

Thanks,
Dani

Lyndon_J_Clarke-2 · November 5, 2007, 9:23am

So you have to support W2K … can you limit to SP4 + URP?

“Dani Polovets” wrote in message
news:xxxxx@ntfsd…
>I have to support W2K too, so FsRtlInsertPerStreamContext and
> FsRtlRemovePerStreamContext cannot be used.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Lyndon J Clarke
> Sent: Monday, November 05, 2007 12:57 AM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Reference Counting in FS filter
>
> Dani - Why not use per stream contexts instead?
>
>
>
> Hi all !
>
> I implemented reference counting algorithm from OSR article “Tracking
> State
> and Context - Reference Counting for File System Filter Drives”.
>
> Here is the code for IRP_MJ_CLOSE:
>
> if (!FlagOn(FileObject->Flags, FO_STREAM_FILE)
> &&
> (FileObject->SectionObjectPointer == NULL
> ||(CcGetFileObjectFromSectionPtrs(FileObject->SectionObjectPointer) !=
> FileObject)))
> {
> Decrement MyContext->RefCounter
> }
>
> if (MyContext->RefCounter == 0 &&
> (FileObject->SectionObjectPointer == NULL ||
> (FileObject->SectionObjectPointer->DataSectionObject == NULL &&
> FileObject->SectionObjectPointer->ImageSectionObject == NULL)))
> {
> Destroy MyContext
> }
>
> It works fine in most cases, but sometimes when the new file is
> opened/created, its FileObject->FsContext is equal to one of
> MyContext->FsContext that was not destroyed. Some examples of files that
> were not destroyed are:
>
> D:\WINDOWS\SYSTEM32\KBDUS.DLL
> D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
> DATA\MICROSOFT\PROTECT\S-1-5-21-57989841-162531612-725345543-500\D1550002-37
> 50-4C59-90CB-8B8BBDA36A7E
> D:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION
> DATA\MICROSOFT\PROTECT\CREDHIST
> D:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.INI
> D:\PROGRAM FILES\ALTIRIS\ALTIRIS AGENT\SOFTWARE DELIVERY\AEXSWDPOLICY.XML
> Etc.
>
> It seems that some closes are missed for these files. Is it possible that
> close is not sent before FsContext release in case when reference counter
> was 0 and DataSectionObject or ImageSectionObject were not NULL (in second
> if)?
> Do you have any other ideas?
>
> Thanks,
> Dani
>
>
>
>
>
>