Stream context not cleaned until detach

OSR_Community_User · May 14, 2007, 12:43pm

Hello,

I’m trying to test minifilters behaviour in uncommon situations (here hard links and shared delete), and I found something very strange.

(1) I created two test files with this two commands…

echo sometext >X:\test1.txt
fsutil hardlink create X:\test2.txt X:\test1.txt

…so they are hard links to the same stream.

(2) I wrote a little C Win32 program to test the stream context behaviour. It dalays the file removal keeping an open handle on the stream through another dentry. You can find the code at the end of this email (testw32.c).

(3) I loaded the Ctx minifilter from WINDDK examples (on a Windows XP Professional SP2 machine) with DEBUG_TRACE_STREAM_CONTEXT_OPERATIONS and DEBUG_TRACE_ERROR flags, and attached it to the “X:” NFTS 5 file system.

(4) I run my testw32.exe and I found that the stream context is not cleaned up until I detach the minifilter from that device (you can find the relevant debug messages sent to WinDbg by the Ctx minifilter at the end of this post).

Why does it happen? If I delete those files from the command line or from the explorer interface, the stream context gets cleaned up in some seconds. If I dalay the file removal keeping an open handle on the same dentry, all works as expected too. With that program instead, I waited minutes and nothing happened. The only way to release the context seems to detach the minifilter.

Thanks for your help and hope I have been clear enough.

Paolo

-------- begin testw32.c --------
#include <windows.h>

main() {
HANDLE hFile;

hFile = CreateFile(L"X:\test1.txt",GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_DELETE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
DeleteFile(L"X:\test2.txt");
CloseHandle(hFile);
}
-------- end testw32.c --------

-------- start windbg messages --------
[Ctx]: Trying to get stream context (FileObject = 81630320, Instance = 81591588)
[Ctx]: Creating stream context (FileObject = 81630320, Instance = 81591588)
[Ctx]: Allocating stream context
[Ctx]: Setting stream context E11AF910 (FileObject = 81630320, Instance = 81591588)
[Ctx]: CtxPostCreate -> Getting/Creating stream context for file \Device\HarddiskVolume2\test1.txt (Cbd = 815347AC, FileObject = 81630320, StreamContext = E11AF910. StreamContextCreated = 1)
[Ctx]: CtxPostCreate -> Stream context info for file \Device\HarddiskVolume2\test1.txt (Cbd = 815347AC, FileObject = 81630320, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test1.txt
CreateCount = 1
CleanupCount = 0,
CloseCount = 0
[Ctx]: Trying to get stream context (FileObject = 816F0F00, Instance = 81591588)
[Ctx]: CtxPostCreate -> Getting/Creating stream context for file \Device\HarddiskVolume2\test2.txt (Cbd = 815347AC, FileObject = 816F0F00, StreamContext = E11AF910. StreamContextCreated = 0)
[Ctx]: CtxPostCreate -> Stream context info for file \Device\HarddiskVolume2\test2.txt (Cbd = 815347AC, FileObject = 816F0F00, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test2.txt
CreateCount = 2
CleanupCount = 0,
CloseCount = 0
[Ctx]: Trying to get stream context (FileObject = 816F0F00, Instance = 81591588)
[Ctx]: CtxPreCleanup -> Getting stream context for file (Cbd = 815347AC, FileObject = 816F0F00, StreamContext = E11AF910. StreamContextCreated = 0)
[Ctx]: CtxPreCleanup -> Old info in stream context for file(Cbd = 815347AC, FileObject = 816F0F00, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test2.txt
CreateCount = 2
CleanupCount = 0,
CloseCount = 0
[Ctx]: CtxPreCleanup -> New info in stream context for file (Cbd = 815347AC, FileObject = 816F0F00, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test2.txt
CreateCount = 2
CleanupCount = 1,
CloseCount = 0
[Ctx]: Trying to get stream context (FileObject = 81630320, Instance = 81591588)
[Ctx]: CtxPreCleanup -> Getting stream context for file (Cbd = 815347AC, FileObject = 81630320, StreamContext = E11AF910. StreamContextCreated = 0)
[Ctx]: CtxPreCleanup -> Old info in stream context for file(Cbd = 815347AC, FileObject = 81630320, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test2.txt
CreateCount = 2
CleanupCount = 1,
CloseCount = 0
[Ctx]: CtxPreCleanup -> New info in stream context for file (Cbd = 815347AC, FileObject = 81630320, StreamContext = E11AF910)
Name = \Device\HarddiskVolume2\test2.txt
CreateCount = 2
CleanupCount = 2,
CloseCount = 0

FLTMC DETACH CTX X:

[Ctx]: Stream context cleanup complete.
[Ctx]: Cleaning up stream context for file \Device\HarddiskVolume2\test2.txt (StreamContext = E11AF910)
CreateCount = 2
CleanupCount = 2,
CloseCount = 0
[Ctx]: Stream context cleanup complete.
-------- end windbg messages --------</windows.h>

Norbert_Wietschorke · May 14, 2007, 5:52pm

Hello Paolo,

I have the same problem and it seems (at least for me) not only related to the hardlink situation.

When using the stream context, the stream context cleanup function was only called when unloading the filter. If I use instead of the “stream context” a “stream handle context”, the cleanup was called immediately after the application issued a kind of closefile.

There is a good article here:
http://www.osronline.com/showThread.cfm?link=58540

But for me it seems - with the hope that I understood the things clear - it does also not work as expected.
I assume the point is, when does the “stream tears down”, so that the last reference to this object decrements to zero and the context will be released from the fltmgr.
One reason could be that there was no “Close” - close count is still zero, and because of this the stream (or it’s reference counter was never decremented) - but this is just a assumption.

I’m also interested for the answer

Norbert

Norbert_Wietschorke · May 14, 2007, 6:29pm

I investigated a bit more:

You wrote:

If I delete those files from the command line or from the explorer interface, the stream context gets
cleaned up in some seconds.

I tried the same with ctx but I never get the stream context cleanup … only while unloading ctx.
I run ctx, then on the cmd a “echo x > x” and then a “del x”, but the stream context was not cleaned up, … as I said, only after the unload.

So is something wrong on my system ( I tried to remove as much filters as possible).
or how did you figured this out?

Norbert

rod_widdowson · May 15, 2007, 5:16am

Go read the FAQ

http://www.osronline.com/article.cfm?article=17#Q55

If you can prove that you are getting a close and not getting the stream
context cleanup and yet detach /unload works cleanly with a verifier build
go do some more research (site:osronline.com does it for me every time) and
if you are still having problem *THEN* ask here.

wrote in message news:xxxxx@ntfsd…
>I investigated a bit more:
>
> You wrote:
>> If I delete those files from the command line or from the explorer
>> interface, the stream context gets
>> cleaned up in some seconds.
>
> I tried the same with ctx but I never get the stream context cleanup …
> only while unloading ctx.
> I run ctx, then on the cmd a “echo x > x” and then a “del x”, but the
> stream context was not cleaned up, … as I said, only after the unload.
>
> So is something wrong on my system ( I tried to remove as much filters as
> possible).
> or how did you figured this out?
>
> Norbert
>
>