sc stop is hanging

> Why would you assume that if you get it once you should be able to release

it twice?

I didn’t say once, I said twice: once for the alloc and once for the set.
I’ve verified that the ref count is two after these two operations. What I
don’t understand and what I don’t think is documented is why one gets an
assert if they release it twice after these two reference operations. To my
way of thinking one should be allowed to get the reference count to zero if
they have no more interest in the context, but this is impossible.

Are you saying that we are not allowed to release the reference created by
the set? The docs for FltSetStreamContext specifically say: “After calling
FltSetStreamContext, the caller must call FltReleaseContext to decrement the
reference count on NewContext, even if the call to FltSetStreamContext was
unsuccessful”.


“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

Though not explicitly stated I believe it is implicitly stated. You do
one release for each get/alloc. If you do more then that bad things
will happen. Why would you assume that if you get it once you should be
able to release it twice?

Once a context it attached to an object (via set) the only way to detach
it is with a delete, either implicitly (when the attached object goes
away) or explicit. So the instruction pairs are:

- allocate/get must be followed by a release
- set must be followed by a delete (or implicit delete by the system)

I am glad you found your referencing issues. As I stated earlier we are
working on verifier functionality that will track everything you Get and
will tell you when you unload what you did not release.

Neal

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Thursday, March 31, 2005 4:54 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

The only rule you don’t mention is that you will get an assertion error
if
you try to reduce the ref count to zero while the context is still
attached
to an object. This means I can only do one dereference after calling
alloc
and attach. This leaves the ref count at one until the detach, even if
I
have no interest in the context anymore.

After turning on the verifier I was able to tell what was causing the
unload
problem. I’ve now fixed all my problems in that regard.

Thanks…

“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

You have gone to a lot of work to figure out the following basic rules:

- Whenever you allocate/get a context you must at some point release it.
- Setting a context puts an internal residual count on the context which
keeps it from going away
- Deleting a context (either explicitly by calling one of the delete
context APIs or implicitly by the object it is attached to going away)
removes the residual count.
- The context cleanup routine is called once the reference count goes to
zero.

This means a deleted context will not go away until all references go
away. You should not maintain your own list of contexts just for the
purpose of deleting them at unload time. We do this for you
automatically and all you are doing is adding unnecessary overhead.

This referencing model in the filter manager works correctly and there
are no holes or problems which makes this unusable or incorrect.

It is by design that we don’t allow your filter to unload if you have
referenced objects laying around. If it does not unload it is because
you have some sort of reference counting bug.

Anytime you retrieve a filter manager object it is referenced. This
means you must do the appropriate unreference so the object can be
freed.

We will be working on verifier features that will track all of this
information so that at unload time we can tell you exactly what you have
done wrong.

If you are still having problems with this please send me the stack
backtrace of where you are hung. I want to know if it is hung unloading
an instance or unloading the filter.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Friday, March 25, 2005 5:00 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

I ended up doing ASSERT( (((ULONG)context)-1) == 1 ); everywhere
(which is
much safer ) and I was able to figure out what the context ref
count
rules are:

1) If you try to dereference any context still attached to an object, to
a
count of zero, you get an assertion error from the filter manager.

2) When the object that the context is attached to dissapears, there is
a
single decrement of the ref count done by the filter manager. This also

happens when you manually detach a context from it’s object using
FltDeleteContext.

3) The context-cleanup gets called only when the ref count goes to zero.

Using the above bits of knowledge, I was able to come up with an
algorithm
that worked for me:

a) Never deref an allocate function. This leaves the ref count at one
which
is balanced by the auto-decrement done by the filter manager when an
object
disappears.

b) Always deref all fltmgr calls that increment the ref count after
finding
out the call was successful. Once again this keeps the ref count at 1.
(Actually I keep the reference held for the brief period that I’m using
it
after any call).

This method caused my contexts to have their ref count go to zero
whenever a
context is detached from an object, either automatically or manually.
This
caused context-cleanup to be called at that time for all objects.

So I am convinced that my code is not leaving any contexts hanging, but
I am
still getting the “sc stop” hangup. I’ll start a new thread on this.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
> Help us understand your problem better.
>
> You’re talking about a stream context, right? I don’t think the
context
> cleanup gets called until everything’s done using it, i.e., the
reference
> count goes to zero. So I doubt if what you’re suggesting will work.
>
> Furthermore, it’s probably a Bad Idea to do things like
> "
(((ULONG)context)-1)=1;" because you don’t know what other parts of
the
> system (Filter Manager, file system, etc.) might be
> referencing/dereferencing the context without your knowledge. I don’t

> know
> that they do, but you should probably assume they do.
>
> Now, why can’t you release the context in post-cleanup?
>
> Ken
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Friday, March 25, 2005 5:36 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] sc stop is hanging
>
>
> I found out one more thing about context reference counts. If you
> decrement
>
> the count to zero while the context is still attached to an object,
you
> get
> an assertion error.
>
> So now I know that I have to keep the context ref count to a minimum
of 1
> all the time. This means I must not release the count added by the
> allocate
>
> routine.
>
> I sure hope that the context-cleanup routine is still called when the
> object
>
> it is linked to disappears and the ref count is 1.
>
> So my current strategy (really the only one left to me) is to not
release
> the reference from the allocate but dereference all others immediately

> after
>
> they are incremented by a FltSetXXX or FltGetXXX. This means the
context
> reference count is useless.
>
> It is tempting to just sprinkle my code with *(((ULONG) context)-1) =
1;
> everywhere as a test.
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@comcast.net
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi,

The reference created by the “set” as Neal answered must be followed by a
delete, implicit or explicit. This means that when you are not interested in
a context, you must distinguish whether the context is associated or not to
an object. If it is, a residual reference must be decremented, either doing
an explicit delete or waiting until object deletion. If the context is not
associated with an object, then you only need to release it until refcount
reach 0.

That said, you can not decrement the refcount of alloc until set has been
completed, either successfully on unsuccessfully, because this will delete
the context: “After calling FltSetStreamContext, the caller must call
FltReleaseContext to decrement the reference count on NewContext, even if
the call to FltSetStreamContext was unsuccessful”.

I founded a similar problem trying to stop my mini-filter under several
circumstances, although the context reference mechanism is very well
designed in my opinion. I have this sequence:

FltGetInstanceContext(…)
FltSendMessage(…)
FltReleaseInstaceContext(…)

If I try to unload the minifilter, FltSendMessage call will not return with
STATUS_PORT_DISCONNECTED, as FltRegisterFilter will wait until instance
context is deleted prior to the call to DisconnectNotifyCallback, when the
client port is typically closed.

Thanks,
mK

-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] En nombre de Mark Hahn
Enviado el: viernes, 01 de abril de 2005 8:03
Para: Windows File Systems Devs Interest List
Asunto: Re:[ntfsd] sc stop is hanging

Why would you assume that if you get it once you should be able to release
it twice?

I didn’t say once, I said twice: once for the alloc and once for the set.
I’ve verified that the ref count is two after these two operations. What I
don’t understand and what I don’t think is documented is why one gets an
assert if they release it twice after these two reference operations. To my
way of thinking one should be allowed to get the reference count to zero if
they have no more interest in the context, but this is impossible.

Are you saying that we are not allowed to release the reference created by
the set? The docs for FltSetStreamContext specifically say: “After calling
FltSetStreamContext, the caller must call FltReleaseContext to decrement the
reference count on NewContext, even if the call to FltSetStreamContext was
unsuccessful”.


“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

Though not explicitly stated I believe it is implicitly stated. You do
one release for each get/alloc. If you do more then that bad things
will happen. Why would you assume that if you get it once you should be
able to release it twice?

Once a context it attached to an object (via set) the only way to detach
it is with a delete, either implicitly (when the attached object goes
away) or explicit. So the instruction pairs are:

- allocate/get must be followed by a release
- set must be followed by a delete (or implicit delete by the system)

I am glad you found your referencing issues. As I stated earlier we are
working on verifier functionality that will track everything you Get and
will tell you when you unload what you did not release.

Neal

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Thursday, March 31, 2005 4:54 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

The only rule you don’t mention is that you will get an assertion error
if
you try to reduce the ref count to zero while the context is still
attached
to an object. This means I can only do one dereference after calling
alloc
and attach. This leaves the ref count at one until the detach, even if
I
have no interest in the context anymore.

After turning on the verifier I was able to tell what was causing the
unload
problem. I’ve now fixed all my problems in that regard.

Thanks…

“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

You have gone to a lot of work to figure out the following basic rules:

- Whenever you allocate/get a context you must at some point release it.
- Setting a context puts an internal residual count on the context which
keeps it from going away
- Deleting a context (either explicitly by calling one of the delete
context APIs or implicitly by the object it is attached to going away)
removes the residual count.
- The context cleanup routine is called once the reference count goes to
zero.

This means a deleted context will not go away until all references go
away. You should not maintain your own list of contexts just for the
purpose of deleting them at unload time. We do this for you
automatically and all you are doing is adding unnecessary overhead.

This referencing model in the filter manager works correctly and there
are no holes or problems which makes this unusable or incorrect.

It is by design that we don’t allow your filter to unload if you have
referenced objects laying around. If it does not unload it is because
you have some sort of reference counting bug.

Anytime you retrieve a filter manager object it is referenced. This
means you must do the appropriate unreference so the object can be
freed.

We will be working on verifier features that will track all of this
information so that at unload time we can tell you exactly what you have
done wrong.

If you are still having problems with this please send me the stack
backtrace of where you are hung. I want to know if it is hung unloading
an instance or unloading the filter.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Friday, March 25, 2005 5:00 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

I ended up doing ASSERT( (((ULONG)context)-1) == 1 ); everywhere
(which is
much safer ) and I was able to figure out what the context ref
count
rules are:

1) If you try to dereference any context still attached to an object, to
a
count of zero, you get an assertion error from the filter manager.

2) When the object that the context is attached to dissapears, there is
a
single decrement of the ref count done by the filter manager. This also

happens when you manually detach a context from it’s object using
FltDeleteContext.

3) The context-cleanup gets called only when the ref count goes to zero.

Using the above bits of knowledge, I was able to come up with an
algorithm
that worked for me:

a) Never deref an allocate function. This leaves the ref count at one
which
is balanced by the auto-decrement done by the filter manager when an
object
disappears.

b) Always deref all fltmgr calls that increment the ref count after
finding
out the call was successful. Once again this keeps the ref count at 1.
(Actually I keep the reference held for the brief period that I’m using
it
after any call).

This method caused my contexts to have their ref count go to zero
whenever a
context is detached from an object, either automatically or manually.
This
caused context-cleanup to be called at that time for all objects.

So I am convinced that my code is not leaving any contexts hanging, but
I am
still getting the “sc stop” hangup. I’ll start a new thread on this.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
>Help us understand your problem better.
>
>You’re talking about a stream context, right? I don’t think the
context
>cleanup gets called until everything’s done using it, i.e., the
reference
>count goes to zero. So I doubt if what you’re suggesting will work.
>
>Furthermore, it’s probably a Bad Idea to do things like
>"
(((ULONG)context)-1)=1;" because you don’t know what other parts of
the
>system (Filter Manager, file system, etc.) might be
>referencing/dereferencing the context without your knowledge. I don’t

>know
>that they do, but you should probably assume they do.
>
>Now, why can’t you release the context in post-cleanup?
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>Sent: Friday, March 25, 2005 5:36 PM
>To: Windows File Systems Devs Interest List
>Subject: Re:[ntfsd] sc stop is hanging
>
>
>I found out one more thing about context reference counts. If you
>decrement
>
>the count to zero while the context is still attached to an object,
you
>get
>an assertion error.
>
>So now I know that I have to keep the context ref count to a minimum
of 1
>all the time. This means I must not release the count added by the
>allocate
>
>routine.
>
>I sure hope that the context-cleanup routine is still called when the
>object
>
>it is linked to disappears and the ref count is 1.
>
>So my current strategy (really the only one left to me) is to not
release
>the reference from the allocate but dereference all others immediately

>after
>
>they are incremented by a FltSetXXX or FltGetXXX. This means the
context
>reference count is useless.
>
>It is tempting to just sprinkle my code with *(((ULONG) context)-1) =
1;
>everywhere as a test.
>
>
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Neal sent me this reply and forgot to include the list. I think this is
useful and should be in the archives:

Mark,

I see the confusion, the documentation is wrong. I will file a doc bug to
get them fixed.

As I said earlier the increment by the SET is the internal residual count
which is what keeps the object resident while it is attached to an object.
The context must be deleted (implicitly or explicitly) to detach it from it
associated object and remove the residual count, you can’t do it by
dereferencing. That is simply the way it is.

Thus the reason I said the below guidelines apply:

  • allocate/get must be followed by a release
  • set must be followed by a delete (or implicit delete by the system)

Neal

“Mark Hahn” wrote in message news:xxxxx@ntfsd…
>> Why would you assume that if you get it once you should be able to
>> release it twice?
>
> I didn’t say once, I said twice: once for the alloc and once for the set.
> I’ve verified that the ref count is two after these two operations. What
> I don’t understand and what I don’t think is documented is why one gets an
> assert if they release it twice after these two reference operations. To
> my way of thinking one should be allowed to get the reference count to
> zero if they have no more interest in the context, but this is impossible.
>
> Are you saying that we are not allowed to release the reference created by
> the set? The docs for FltSetStreamContext specifically say: “After
> calling FltSetStreamContext, the caller must call FltReleaseContext to
> decrement the reference count on NewContext, even if the call to
> FltSetStreamContext was unsuccessful”.
>
> -------------------------
>
> “Neal Christiansen” wrote in message
> news:xxxxx@ntfsd…
> Mark,
>
> Though not explicitly stated I believe it is implicitly stated. You do
> one release for each get/alloc. If you do more then that bad things
> will happen. Why would you assume that if you get it once you should be
> able to release it twice?
>
> Once a context it attached to an object (via set) the only way to detach
> it is with a delete, either implicitly (when the attached object goes
> away) or explicit. So the instruction pairs are:
>
> - allocate/get must be followed by a release
> - set must be followed by a delete (or implicit delete by the system)
>
> I am glad you found your referencing issues. As I stated earlier we are
> working on verifier functionality that will track everything you Get and
> will tell you when you unload what you did not release.
>
> Neal
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Thursday, March 31, 2005 4:54 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] sc stop is hanging
>
> The only rule you don’t mention is that you will get an assertion error
> if
> you try to reduce the ref count to zero while the context is still
> attached
> to an object. This means I can only do one dereference after calling
> alloc
> and attach. This leaves the ref count at one until the detach, even if
> I
> have no interest in the context anymore.
>
> After turning on the verifier I was able to tell what was causing the
> unload
> problem. I’ve now fixed all my problems in that regard.
>
> Thanks…
>
> “Neal Christiansen” wrote in message
> news:xxxxx@ntfsd…
> Mark,
>
> You have gone to a lot of work to figure out the following basic rules:
>
> - Whenever you allocate/get a context you must at some point release it.
> - Setting a context puts an internal residual count on the context which
> keeps it from going away
> - Deleting a context (either explicitly by calling one of the delete
> context APIs or implicitly by the object it is attached to going away)
> removes the residual count.
> - The context cleanup routine is called once the reference count goes to
> zero.
>
> This means a deleted context will not go away until all references go
> away. You should not maintain your own list of contexts just for the
> purpose of deleting them at unload time. We do this for you
> automatically and all you are doing is adding unnecessary overhead.
>
> This referencing model in the filter manager works correctly and there
> are no holes or problems which makes this unusable or incorrect.
>
> It is by design that we don’t allow your filter to unload if you have
> referenced objects laying around. If it does not unload it is because
> you have some sort of reference counting bug.
>
> Anytime you retrieve a filter manager object it is referenced. This
> means you must do the appropriate unreference so the object can be
> freed.
>
> We will be working on verifier features that will track all of this
> information so that at unload time we can tell you exactly what you have
> done wrong.
>
> If you are still having problems with this please send me the stack
> backtrace of where you are hung. I want to know if it is hung unloading
> an instance or unloading the filter.
>
>
> Neal Christiansen
> Microsoft File System Filter Group Lead
> This posting is provided “AS IS” with no warranties, and confers no
> Rights
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
> Sent: Friday, March 25, 2005 5:00 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] sc stop is hanging
>
> I ended up doing ASSERT( (((ULONG)context)-1) == 1 ); everywhere
> (which is
> much safer ) and I was able to figure out what the context ref
> count
> rules are:
>
> 1) If you try to dereference any context still attached to an object, to
> a
> count of zero, you get an assertion error from the filter manager.
>
> 2) When the object that the context is attached to dissapears, there is
> a
> single decrement of the ref count done by the filter manager. This also
>
> happens when you manually detach a context from it’s object using
> FltDeleteContext.
>
> 3) The context-cleanup gets called only when the ref count goes to zero.
>
> Using the above bits of knowledge, I was able to come up with an
> algorithm
> that worked for me:
>
> a) Never deref an allocate function. This leaves the ref count at one
> which
> is balanced by the auto-decrement done by the filter manager when an
> object
> disappears.
>
> b) Always deref all fltmgr calls that increment the ref count after
> finding
> out the call was successful. Once again this keeps the ref count at 1.
> (Actually I keep the reference held for the brief period that I’m using
> it
> after any call).
>
> This method caused my contexts to have their ref count go to zero
> whenever a
> context is detached from an object, either automatically or manually.
> This
> caused context-cleanup to be called at that time for all objects.
>
> So I am convinced that my code is not leaving any contexts hanging, but
> I am
> still getting the “sc stop” hangup. I’ll start a new thread on this.
>
> “Ken Cross” wrote in message news:xxxxx@ntfsd…
>> Help us understand your problem better.
>>
>> You’re talking about a stream context, right? I don’t think the
> context
>> cleanup gets called until everything’s done using it, i.e., the
> reference
>> count goes to zero. So I doubt if what you’re suggesting will work.
>>
>> Furthermore, it’s probably a Bad Idea to do things like
>> "
(((ULONG)context)-1)=1;" because you don’t know what other parts of
> the
>> system (Filter Manager, file system, etc.) might be
>> referencing/dereferencing the context without your knowledge. I don’t
>
>> know
>> that they do, but you should probably assume they do.
>>
>> Now, why can’t you release the context in post-cleanup?
>>
>> Ken
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>> Sent: Friday, March 25, 2005 5:36 PM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] sc stop is hanging
>>
>>
>> I found out one more thing about context reference counts. If you
>> decrement
>>
>> the count to zero while the context is still attached to an object,
> you
>> get
>> an assertion error.
>>
>> So now I know that I have to keep the context ref count to a minimum
> of 1
>> all the time. This means I must not release the count added by the
>> allocate
>>
>> routine.
>>
>> I sure hope that the context-cleanup routine is still called when the
>> object
>>
>> it is linked to disappears and the ref count is 1.
>>
>> So my current strategy (really the only one left to me) is to not
> release
>> the reference from the allocate but dereference all others immediately
>
>> after
>>
>> they are incremented by a FltSetXXX or FltGetXXX. This means the
> context
>> reference count is useless.
>>
>> It is tempting to just sprinkle my code with *(((ULONG) context)-1) =
> 1;
>> everywhere as a test.
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@comcast.net
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Misha,

This is an interesting scenario and you are correct, you will not get
the port teardown until the context is released.

We don’t do the port teardown until AFTER all references on the filter
object are gone. It is done this way because there are several things
which reference the filter (including instances) and some of the
teardown work is done asynchronously and we need to make sure it is all
complete before the port goes away.

Contexts reference the filter object which is why you get into this
scenario.

One possible solution is to close your communication port yourself in
your instance teardown complete routine. I am assuming you have one
port across all instances. You would need to close the port on the
first teardown so your code would have to handle the port going away
before you see instance teardown start.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Misha Karpin
Sent: Friday, April 01, 2005 3:08 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] sc stop is hanging

Hi,

The reference created by the “set” as Neal answered must be followed by
a
delete, implicit or explicit. This means that when you are not
interested in
a context, you must distinguish whether the context is associated or not
to
an object. If it is, a residual reference must be decremented, either
doing
an explicit delete or waiting until object deletion. If the context is
not
associated with an object, then you only need to release it until
refcount
reach 0.

That said, you can not decrement the refcount of alloc until set has
been
completed, either successfully on unsuccessfully, because this will
delete
the context: “After calling FltSetStreamContext, the caller must call
FltReleaseContext to decrement the reference count on NewContext, even
if
the call to FltSetStreamContext was unsuccessful”.

I founded a similar problem trying to stop my mini-filter under several
circumstances, although the context reference mechanism is very well
designed in my opinion. I have this sequence:

FltGetInstanceContext(…)
FltSendMessage(…)
FltReleaseInstaceContext(…)

If I try to unload the minifilter, FltSendMessage call will not return
with
STATUS_PORT_DISCONNECTED, as FltRegisterFilter will wait until instance
context is deleted prior to the call to DisconnectNotifyCallback, when
the
client port is typically closed.

Thanks,
mK

-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] En nombre de Mark Hahn
Enviado el: viernes, 01 de abril de 2005 8:03
Para: Windows File Systems Devs Interest List
Asunto: Re:[ntfsd] sc stop is hanging

Why would you assume that if you get it once you should be able to
release
it twice?

I didn’t say once, I said twice: once for the alloc and once for the
set.
I’ve verified that the ref count is two after these two operations.
What I
don’t understand and what I don’t think is documented is why one gets an
assert if they release it twice after these two reference operations.
To my
way of thinking one should be allowed to get the reference count to zero
if
they have no more interest in the context, but this is impossible.

Are you saying that we are not allowed to release the reference created
by
the set? The docs for FltSetStreamContext specifically say: “After
calling
FltSetStreamContext, the caller must call FltReleaseContext to decrement
the
reference count on NewContext, even if the call to FltSetStreamContext
was
unsuccessful”.


“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

Though not explicitly stated I believe it is implicitly stated. You do
one release for each get/alloc. If you do more then that bad things
will happen. Why would you assume that if you get it once you should be
able to release it twice?

Once a context it attached to an object (via set) the only way to detach
it is with a delete, either implicitly (when the attached object goes
away) or explicit. So the instruction pairs are:

- allocate/get must be followed by a release
- set must be followed by a delete (or implicit delete by the system)

I am glad you found your referencing issues. As I stated earlier we are
working on verifier functionality that will track everything you Get and
will tell you when you unload what you did not release.

Neal

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Thursday, March 31, 2005 4:54 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

The only rule you don’t mention is that you will get an assertion error
if
you try to reduce the ref count to zero while the context is still
attached
to an object. This means I can only do one dereference after calling
alloc
and attach. This leaves the ref count at one until the detach, even if
I
have no interest in the context anymore.

After turning on the verifier I was able to tell what was causing the
unload
problem. I’ve now fixed all my problems in that regard.

Thanks…

“Neal Christiansen” wrote in message
news:xxxxx@ntfsd…
Mark,

You have gone to a lot of work to figure out the following basic rules:

- Whenever you allocate/get a context you must at some point release it.
- Setting a context puts an internal residual count on the context which
keeps it from going away
- Deleting a context (either explicitly by calling one of the delete
context APIs or implicitly by the object it is attached to going away)
removes the residual count.
- The context cleanup routine is called once the reference count goes to
zero.

This means a deleted context will not go away until all references go
away. You should not maintain your own list of contexts just for the
purpose of deleting them at unload time. We do this for you
automatically and all you are doing is adding unnecessary overhead.

This referencing model in the filter manager works correctly and there
are no holes or problems which makes this unusable or incorrect.

It is by design that we don’t allow your filter to unload if you have
referenced objects laying around. If it does not unload it is because
you have some sort of reference counting bug.

Anytime you retrieve a filter manager object it is referenced. This
means you must do the appropriate unreference so the object can be
freed.

We will be working on verifier features that will track all of this
information so that at unload time we can tell you exactly what you have
done wrong.

If you are still having problems with this please send me the stack
backtrace of where you are hung. I want to know if it is hung unloading
an instance or unloading the filter.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
Sent: Friday, March 25, 2005 5:00 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] sc stop is hanging

I ended up doing ASSERT( (((ULONG)context)-1) == 1 ); everywhere
(which is
much safer ) and I was able to figure out what the context ref
count
rules are:

1) If you try to dereference any context still attached to an object, to
a
count of zero, you get an assertion error from the filter manager.

2) When the object that the context is attached to dissapears, there is
a
single decrement of the ref count done by the filter manager. This also

happens when you manually detach a context from it’s object using
FltDeleteContext.

3) The context-cleanup gets called only when the ref count goes to zero.

Using the above bits of knowledge, I was able to come up with an
algorithm
that worked for me:

a) Never deref an allocate function. This leaves the ref count at one
which
is balanced by the auto-decrement done by the filter manager when an
object
disappears.

b) Always deref all fltmgr calls that increment the ref count after
finding
out the call was successful. Once again this keeps the ref count at 1.
(Actually I keep the reference held for the brief period that I’m using
it
after any call).

This method caused my contexts to have their ref count go to zero
whenever a
context is detached from an object, either automatically or manually.
This
caused context-cleanup to be called at that time for all objects.

So I am convinced that my code is not leaving any contexts hanging, but
I am
still getting the “sc stop” hangup. I’ll start a new thread on this.

“Ken Cross” wrote in message news:xxxxx@ntfsd…
>Help us understand your problem better.
>
>You’re talking about a stream context, right? I don’t think the
context
>cleanup gets called until everything’s done using it, i.e., the
reference
>count goes to zero. So I doubt if what you’re suggesting will work.
>
>Furthermore, it’s probably a Bad Idea to do things like
>"
(((ULONG)context)-1)=1;" because you don’t know what other parts of
the
>system (Filter Manager, file system, etc.) might be
>referencing/dereferencing the context without your knowledge. I don’t

>know
>that they do, but you should probably assume they do.
>
>Now, why can’t you release the context in post-cleanup?
>
>Ken
>
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Hahn
>Sent: Friday, March 25, 2005 5:36 PM
>To: Windows File Systems Devs Interest List
>Subject: Re:[ntfsd] sc stop is hanging
>
>
>I found out one more thing about context reference counts. If you
>decrement
>
>the count to zero while the context is still attached to an object,
you
>get
>an assertion error.
>
>So now I know that I have to keep the context ref count to a minimum
of 1
>all the time. This means I must not release the count added by the
>allocate
>
>routine.
>
>I sure hope that the context-cleanup routine is still called when the
>object
>
>it is linked to disappears and the ref count is 1.
>
>So my current strategy (really the only one left to me) is to not
release
>the reference from the allocate but dereference all others immediately

>after
>
>they are incremented by a FltSetXXX or FltGetXXX. This means the
context
>reference count is useless.
>
>It is tempting to just sprinkle my code with *(((ULONG) context)-1) =
1;
>everywhere as a test.
>
>
>
>—
>Questions? First check the IFS FAQ at
>https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: xxxxx@comcast.net
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it’s FREE!

http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Neal,

Instante teardown complete is not called for this instante, as there is an
outstanding instante context attached to it.

In your possible solution I suppose you refer to closing the client port,
and not the communication port, but anyway I prefered to avoid the reference
in the instance context during FltSendMessage call.

Related to the user/kernel communication support in Filter Manager, I am
confused about whether it is useful to have several ClientPorts or
CommunicationPorts(ServerPorts). Is there any performance gain creating
multiple clientports for concurrent user mode notifications?

Thanks,
mK


Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Misha,

Sorry, but instance teardown complete will be called even if you have an
outstanding instance context. If that is not happening it is due to a
separate issue. Perhaps you have an outstanding pended operation that
you have not completed yet?

There is no PERF advantage to having multiple communication ports vs.
one because the communication ports are designed to support asynchronous
IO. You can have several threads all processing requests from the same
communication port efficiently.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Misha Karpin
Sent: Thursday, April 07, 2005 2:07 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] sc stop is hanging

Neal,

Instante teardown complete is not called for this instante, as there is
an
outstanding instante context attached to it.

In your possible solution I suppose you refer to closing the client
port,
and not the communication port, but anyway I prefered to avoid the
reference
in the instance context during FltSendMessage call.

Related to the user/kernel communication support in Filter Manager, I am

confused about whether it is useful to have several ClientPorts or
CommunicationPorts(ServerPorts). Is there any performance gain creating
multiple clientports for concurrent user mode notifications?

Thanks,
mK


Express yourself instantly with MSN Messenger! Download today it’s FREE!

http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Neal,

Please suppose this sequence of calls:

FltGetInstanceContext(…)
FltSendMessage(…) (suppose a near infinite call)
FltReleaseInstanceContext(…)

  1. During a FltSendMessage, call to FltUnregisterFilter waits for instance
    context deletion, then it will call DisconnectNotifyCallback.

  2. FltSendMessage will not return immediately with STATUS_PORT_DISCONNECTED,
    as the client port is connected. It does not matter whether the
    communication port is open or closed.

  3. InstanceTeardownComplete will not be called as there is an outstanding
    FltSendMessage??. The original create request has not been pended, we are
    just now processing it.

Then there are these facts and relations:

A) DisconnectNotifyCallback depends on Instance context ref count == 0

B) Close client port is done in DisconnectNotifyCallback.

C) FltSendMessage termination with STATUS_PORT_DISCONNECTED depends on Close
client port.

C) InstanceTeardownComplete depends on FltSendMessage termination???

Therefore, IN THIS SITUATION, instance teardown complete depends ultimately
on the outstanding instance context.

Anyway you are right, actually instance teardown complete will be called
even if I have an outstanding instance context.

In this scenario, FltReleaseInstanceContext depends on FltSendMessage
termination, and FltSendMessage termination depends on the outstanding
instance context. InstanceTeardownComplete will not be called as it depends
on FltSendMessage termination too.

Sorry if I am mistaken.

Thanks,
mK

-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] En nombre de Neal Christiansen
Enviado el: domingo, 10 de abril de 2005 19:55
Para: Windows File Systems Devs Interest List
Asunto: RE: [ntfsd] sc stop is hanging

Misha,

Sorry, but instance teardown complete will be called even if you have an
outstanding instance context. If that is not happening it is due to a
separate issue. Perhaps you have an outstanding pended operation that
you have not completed yet?

There is no PERF advantage to having multiple communication ports vs.
one because the communication ports are designed to support asynchronous
IO. You can have several threads all processing requests from the same
communication port efficiently.

Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
Rights

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Misha Karpin
Sent: Thursday, April 07, 2005 2:07 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] sc stop is hanging

Neal,

Instante teardown complete is not called for this instante, as there is
an
outstanding instante context attached to it.

In your possible solution I suppose you refer to closing the client
port,
and not the communication port, but anyway I prefered to avoid the
reference
in the instance context during FltSendMessage call.

Related to the user/kernel communication support in Filter Manager, I am

confused about whether it is useful to have several ClientPorts or
CommunicationPorts(ServerPorts). Is there any performance gain creating
multiple clientports for concurrent user mode notifications?

Thanks,
mK


Express yourself instantly with MSN Messenger! Download today it’s FREE!

http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/