regarding driver verifier IOManager violation 307

Madhavikutty_Sreedevikutty · January 8, 2015, 6:58pm

Hi,

I get this driver verifier violation in my code:

************************************************************
Driver Verifier detected violation:

The driver issued an I/O request with an event that was already signalled
and received a STATUS_PENDING response. This can result in unwinding
before the I/O is complete.

CulpritAddress = A46234A9, Irp = 89B74EC8.
************************************************************

I’m not able to see how this could be caused…any pointers would be great.
Here is the code snippet:

=====
KEVENT Evt;
IO_STATUS_BLOCK iostatus;
PIRP pIrp = NULL;
KeInitializeEvent(&Evt,SynchronizationEvent, FALSE);
pIrp = IoBuildDeviceIoControlRequest((ULONG)IOCTL,gpdev,(LPVOID)ptr, len, NULL,0,FALSE, &Evt, &iostatus);
if(pIrp)
{
PIO_STACK_LOCATION pIoStack = IoGetNextIrpStackLocation(pIrp);
pIoStack->FileObject = gpfile;
IoCallDriver(gpdev, pIrp);
if(iostatus.Status == STATUS_SUCCESS)
ret = TRUE;
else if(iostatus.Status == STATUS_PENDING)
{
Status = KeWaitForSingleObject((PVOID)&Evt, Executive, KernelMode, FALSE, NULL);
if(Status == STATUS_SUCCESS)
ret = TRUE;
}
}

I see this only when this code is executed by multiple threads. I do not see how the event could remain signalled…I have specified infinite wait in KeWaitForSingleObject.

Thank you very much!

Regards
Madhavi

Doron_Holan · January 8, 2015, 7:14pm

Don’t check iostatus.Status when determining the status of the sent irp. iostatus.Status so only valid when the uro completes. Check status instead.

d

Bent from my phone

From: xxxxx@gmail.com mailto:xxxxx
Sent: ?1/?8/?2015 3:58 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] regarding driver verifier IOManager violation 307

Hi,

I get this driver verifier violation in my code:

Driver Verifier detected violation:

The driver issued an I/O request with an event that was already signalled
and received a STATUS_PENDING response. This can result in unwinding
before the I/O is complete.

CulpritAddress = A46234A9, Irp = 89B74EC8.

I’m not able to see how this could be caused…any pointers would be great.
Here is the code snippet:

=====
KEVENT Evt;
IO_STATUS_BLOCK iostatus;
PIRP pIrp = NULL;
KeInitializeEvent(&Evt,SynchronizationEvent, FALSE);
pIrp = IoBuildDeviceIoControlRequest((ULONG)IOCTL,gpdev,(LPVOID)ptr, len, NULL,0,FALSE, &Evt, &iostatus);
if(pIrp)
{
PIO_STACK_LOCATION pIoStack = IoGetNextIrpStackLocation(pIrp);
pIoStack->FileObject = gpfile;
IoCallDriver(gpdev, pIrp);
if(iostatus.Status == STATUS_SUCCESS)
ret = TRUE;
else if(iostatus.Status == STATUS_PENDING)
{
Status = KeWaitForSingleObject((PVOID)&Evt, Executive, KernelMode, FALSE, NULL);
if(Status == STATUS_SUCCESS)
ret = TRUE;
}
}
====

I see this only when this code is executed by multiple threads. I do not see how the event could remain signalled…I have specified infinite wait in KeWaitForSingleObject.

Thank you very much!

Regards
Madhavi

—
NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

Mark_Roddy · January 8, 2015, 7:27pm

On Thu, Jan 8, 2015 at 6:57 PM, wrote:

> IoBuildDeviceIoControlRequest

You should use the return status from IoCallDriver, not the value of
IoStatus.Status to test for STATUS_PENDING. IoStatus.Status is not
guaranteed to be valid at the time you are testing it.

Mark Roddy