supporting MDL read of non-buffered file

NTFSD
1

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

  1. A Win32 test programs opens a file on my FSD using
    FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

  2. The Win32 program then issues ReadFileScatter(). The FSD’s read
    handler is called with a non-NULL Irp->MdlAddress.

  3. To fulfill the read request, the FSD reads the data from an NTFS
    file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

  1. The ZwReadFile() works correctly, the IRP is completed, and Win32
    receives the correct data in the buffers specified in the
    ReadFileScatter() call. So far so good. However, when the file
    is closed and the test app exits, I get BSOD. Obviously something
    is not cleared in the FSD’s read handler, but I can’t figure out
    what. Any idea?

Thanks in advance,
Chuck

2

Can you at least give us a HINT as to the stop code? It is difficult to
theorize what might be wrong with a code snippet without having a good
idea as to what you are seeing (PFN_LIST_CORRUPT?
KMODE_EXCEPTION_NOT_HANDLED? IRQL_NOT_LESS_OR_EQUAL?)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 12:45 PM
To: ntfsd redirect
Subject: [ntfsd] supporting MDL read of non-buffered file

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

  1. A Win32 test programs opens a file on my FSD using
    FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

  2. The Win32 program then issues ReadFileScatter(). The FSD’s read
    handler is called with a non-NULL Irp->MdlAddress.

  3. To fulfill the read request, the FSD reads the data from an NTFS
    file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

  1. The ZwReadFile() works correctly, the IRP is completed, and Win32
    receives the correct data in the buffers specified in the
    ReadFileScatter() call. So far so good. However, when the file
    is closed and the test app exits, I get BSOD. Obviously something
    is not cleared in the FSD’s read handler, but I can’t figure out
    what. Any idea?

Thanks in advance,
Chuck

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

Sorry, you’re right.

A kernel fault happened immediately after the app’s exit. It was not
in my FSD.

It was a page fault. The stack traceback:
ntoskrnl!IopDoDeferredSetInterfaceState+000B
ntoskrnl!KiInitializeAbios+0079
ntoskrnl!Dr_kitc_a+0004

It does not seem like it’s coming from the FSD or from the Win32 test
app, although it is obviously related to something I’ve done wrong in
the read handler.

When I continue after the page fault, the BSOD stop code is
IRQL_NOT_LESS_OR_EQUAL. The stack has
ntoskrnl!_IopSetDefaultGateway+00D5 although I’m not sure if it’s
significant.

This is Win 2K.

Thanks again,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:00 PM
Subject: RE: supporting MDL read of non-buffered file

Can you at least give us a HINT as to the stop code? It is difficult to
theorize what might be wrong with a code snippet without having a good
idea as to what you are seeing (PFN_LIST_CORRUPT?
KMODE_EXCEPTION_NOT_HANDLED? IRQL_NOT_LESS_OR_EQUAL?)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 12:45 PM
To: ntfsd redirect
Subject: [ntfsd] supporting MDL read of non-buffered file

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

1. A Win32 test programs opens a file on my FSD using
FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

2. The Win32 program then issues ReadFileScatter(). The FSD’s read
handler is called with a non-NULL Irp->MdlAddress.

3. To fulfill the read request, the FSD reads the data from an NTFS
file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

4. The ZwReadFile() works correctly, the IRP is completed, and Win32
receives the correct data in the buffers specified in the
ReadFileScatter() call. So far so good. However, when the file
is closed and the test app exits, I get BSOD. Obviously something
is not cleared in the FSD’s read handler, but I can’t figure out
what. Any idea?

Thanks in advance,
Chuck

4

I suspect that you have a memory corruption of some sort here, since I
can’t imagine why else you would be seeing this call sequence anyway
(initializing the system? This looks more like boot processing than
anything else). Since verifier isn’t turning it up, we can assume that
this problem is NOT in any of your allocated data structures. A few
possibilities did occur to me, though:

(1) If you REALLY are calling MmGetSystemAddressForMdlSafe from directly
inside the ZwXxx call, it is possible that you are returning zero - do
this in the wrong process context and you WILL cause random data
corruption. I mention this because if you look at the CSRSS.EXE
process, you will note that 0 is a valid address.

(2) This is a scatter/gather list of MDLs, but you only convert the VA
of the first MDL. I believe the right way to do this is in a loop,
consuming only the size of the MDL and issuing the ZwReadFile.

That’s what seems obvious at least at first inspection. But there may
be more lurking here as well.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 1:23 PM
To: ntfsd redirect
Subject: Re:[ntfsd] supporting MDL read of non-buffered file

Sorry, you’re right.

A kernel fault happened immediately after the app’s exit. It was not
in my FSD.

It was a page fault. The stack traceback:
ntoskrnl!IopDoDeferredSetInterfaceState+000B
ntoskrnl!KiInitializeAbios+0079
ntoskrnl!Dr_kitc_a+0004

It does not seem like it’s coming from the FSD or from the Win32 test
app, although it is obviously related to something I’ve done wrong in
the read handler.

When I continue after the page fault, the BSOD stop code is
IRQL_NOT_LESS_OR_EQUAL. The stack has
ntoskrnl!_IopSetDefaultGateway+00D5 although I’m not sure if it’s
significant.

This is Win 2K.

Thanks again,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:00 PM
Subject: RE: supporting MDL read of non-buffered file

Can you at least give us a HINT as to the stop code? It is difficult to
theorize what might be wrong with a code snippet without having a good
idea as to what you are seeing (PFN_LIST_CORRUPT?
KMODE_EXCEPTION_NOT_HANDLED? IRQL_NOT_LESS_OR_EQUAL?)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 12:45 PM
To: ntfsd redirect
Subject: [ntfsd] supporting MDL read of non-buffered file

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

1. A Win32 test programs opens a file on my FSD using
FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

2. The Win32 program then issues ReadFileScatter(). The FSD’s read
handler is called with a non-NULL Irp->MdlAddress.

3. To fulfill the read request, the FSD reads the data from an NTFS
file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

4. The ZwReadFile() works correctly, the IRP is completed, and Win32
receives the correct data in the buffers specified in the
ReadFileScatter() call. So far so good. However, when the file
is closed and the test app exits, I get BSOD. Obviously something
is not cleared in the FSD’s read handler, but I can’t figure out
what. Any idea?

Thanks in advance,
Chuck


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

Tony,

Many thanks. Unfortunately, I’m still puzzled by this.

I was not REALLY calling MmGetSystemAddressForMdlSafe() from the
ZwReadFile() – the code in my snippet is simplified to show the essence,
sans the validity checks etc. The address passed to ZwReadFile() is valid.

Likewise, the code only shows handling of the first MDL – the loop had been
eliminated for clarity (obviously clarity was not achieved…).

If I “fulfill” the read req by simply setting all the bytes in the buffer
to, say, ‘Z’ (instead of calling ZwReadFile()), then the data arrives back
correctly to the Win32 test app, AND there’s no crash. Only if ZwReadFile()
is called do I get a crash. I even tried have ZwReadFile() read into a tmp
buffer and then copy the buffer back to the supplied buffer, and that also
eventually caused a crash (again, after retunring the correct data to the
Win32 app).

I am not using the Cache Manager CcXxx for this file at all.

I have no problems with cached reads. Nor do I have problems with
scatter/gather of non-cached writes to the file. It’s only this
scatter/gather non-cached read that gets me.

thanks,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:47 PM
Subject: RE: supporting MDL read of non-buffered file

I suspect that you have a memory corruption of some sort here, since I
can’t imagine why else you would be seeing this call sequence anyway
(initializing the system? This looks more like boot processing than
anything else). Since verifier isn’t turning it up, we can assume that
this problem is NOT in any of your allocated data structures. A few
possibilities did occur to me, though:

(1) If you REALLY are calling MmGetSystemAddressForMdlSafe from directly
inside the ZwXxx call, it is possible that you are returning zero - do
this in the wrong process context and you WILL cause random data
corruption. I mention this because if you look at the CSRSS.EXE
process, you will note that 0 is a valid address.

(2) This is a scatter/gather list of MDLs, but you only convert the VA
of the first MDL. I believe the right way to do this is in a loop,
consuming only the size of the MDL and issuing the ZwReadFile.

That’s what seems obvious at least at first inspection. But there may
be more lurking here as well.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 1:23 PM
To: ntfsd redirect
Subject: Re:[ntfsd] supporting MDL read of non-buffered file

Sorry, you’re right.

A kernel fault happened immediately after the app’s exit. It was not
in my FSD.

It was a page fault. The stack traceback:
ntoskrnl!IopDoDeferredSetInterfaceState+000B
ntoskrnl!KiInitializeAbios+0079
ntoskrnl!Dr_kitc_a+0004

It does not seem like it’s coming from the FSD or from the Win32 test
app, although it is obviously related to something I’ve done wrong in
the read handler.

When I continue after the page fault, the BSOD stop code is
IRQL_NOT_LESS_OR_EQUAL. The stack has
ntoskrnl!_IopSetDefaultGateway+00D5 although I’m not sure if it’s
significant.

This is Win 2K.

Thanks again,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:00 PM
Subject: RE: supporting MDL read of non-buffered file

Can you at least give us a HINT as to the stop code? It is difficult to
theorize what might be wrong with a code snippet without having a good
idea as to what you are seeing (PFN_LIST_CORRUPT?
KMODE_EXCEPTION_NOT_HANDLED? IRQL_NOT_LESS_OR_EQUAL?)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 12:45 PM
To: ntfsd redirect
Subject: [ntfsd] supporting MDL read of non-buffered file

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

1. A Win32 test programs opens a file on my FSD using
FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

2. The Win32 program then issues ReadFileScatter(). The FSD’s read
handler is called with a non-NULL Irp->MdlAddress.

3. To fulfill the read request, the FSD reads the data from an NTFS
file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

4. The ZwReadFile() works correctly, the IRP is completed, and Win32
receives the correct data in the buffers specified in the
ReadFileScatter() call. So far so good. However, when the file
is closed and the test app exits, I get BSOD. Obviously something
is not cleared in the FSD’s read handler, but I can’t figure out
what. Any idea?

Thanks in advance,
Chuck


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

Chuck,

Then the problem MUST be in the MDL handling somehow. Not sure WHY
there is a problem, but that seems to be the only rational explanation.
My suggestion would be to ensure you are computing the offset/length
into the buffer correctly. Even the code snippet you did send won’t
work right if the buffer doesn’t start on the page boundary (for
example).

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 2:09 PM
To: ntfsd redirect
Subject: Re:[ntfsd] supporting MDL read of non-buffered file

Tony,

Many thanks. Unfortunately, I’m still puzzled by this.

I was not REALLY calling MmGetSystemAddressForMdlSafe() from the
ZwReadFile() – the code in my snippet is simplified to show the
essence,
sans the validity checks etc. The address passed to ZwReadFile() is
valid.

Likewise, the code only shows handling of the first MDL – the loop had
been
eliminated for clarity (obviously clarity was not achieved…).

If I “fulfill” the read req by simply setting all the bytes in the
buffer
to, say, ‘Z’ (instead of calling ZwReadFile()), then the data arrives
back
correctly to the Win32 test app, AND there’s no crash. Only if
ZwReadFile()
is called do I get a crash. I even tried have ZwReadFile() read into a
tmp
buffer and then copy the buffer back to the supplied buffer, and that
also
eventually caused a crash (again, after retunring the correct data to
the
Win32 app).

I am not using the Cache Manager CcXxx for this file at all.

I have no problems with cached reads. Nor do I have problems with
scatter/gather of non-cached writes to the file. It’s only this
scatter/gather non-cached read that gets me.

thanks,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:47 PM
Subject: RE: supporting MDL read of non-buffered file

I suspect that you have a memory corruption of some sort here, since I
can’t imagine why else you would be seeing this call sequence anyway
(initializing the system? This looks more like boot processing than
anything else). Since verifier isn’t turning it up, we can assume that
this problem is NOT in any of your allocated data structures. A few
possibilities did occur to me, though:

(1) If you REALLY are calling MmGetSystemAddressForMdlSafe from directly
inside the ZwXxx call, it is possible that you are returning zero - do
this in the wrong process context and you WILL cause random data
corruption. I mention this because if you look at the CSRSS.EXE
process, you will note that 0 is a valid address.

(2) This is a scatter/gather list of MDLs, but you only convert the VA
of the first MDL. I believe the right way to do this is in a loop,
consuming only the size of the MDL and issuing the ZwReadFile.

That’s what seems obvious at least at first inspection. But there may
be more lurking here as well.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 1:23 PM
To: ntfsd redirect
Subject: Re:[ntfsd] supporting MDL read of non-buffered file

Sorry, you’re right.

A kernel fault happened immediately after the app’s exit. It was not
in my FSD.

It was a page fault. The stack traceback:
ntoskrnl!IopDoDeferredSetInterfaceState+000B
ntoskrnl!KiInitializeAbios+0079
ntoskrnl!Dr_kitc_a+0004

It does not seem like it’s coming from the FSD or from the Win32 test
app, although it is obviously related to something I’ve done wrong in
the read handler.

When I continue after the page fault, the BSOD stop code is
IRQL_NOT_LESS_OR_EQUAL. The stack has
ntoskrnl!_IopSetDefaultGateway+00D5 although I’m not sure if it’s
significant.

This is Win 2K.

Thanks again,
Chuck

----- Original Message -----
From: “Tony Mason”
Newsgroups: ntfsd
To: “ntfsd redirect”
Sent: Friday, November 12, 2004 1:00 PM
Subject: RE: supporting MDL read of non-buffered file

Can you at least give us a HINT as to the stop code? It is difficult to
theorize what might be wrong with a code snippet without having a good
idea as to what you are seeing (PFN_LIST_CORRUPT?
KMODE_EXCEPTION_NOT_HANDLED? IRQL_NOT_LESS_OR_EQUAL?)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class April
4, 2004 in Boston!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Chuck
Sent: Friday, November 12, 2004 12:45 PM
To: ntfsd redirect
Subject: [ntfsd] supporting MDL read of non-buffered file

This must be a FAQ, but I could not find information about it.
Here’s a seq of events:

1. A Win32 test programs opens a file on my FSD using
FILE_FLAG_OVERLAPPED and FILE_FLAG_NO_BUFFERING.

2. The Win32 program then issues ReadFileScatter(). The FSD’s read
handler is called with a non-NULL Irp->MdlAddress.

3. To fulfill the read request, the FSD reads the data from an NTFS
file (in essence) thus:

NTSTATUS s = ZwReadFile(
h, // this is a handle to the NTFS file that contains the data,
NULL, NULL, NULL, &(Irp->IoStatus),
MmGetSystemAddressForMdlSafe(Irp->MdlAddress,NormalPagePriority),
IrpSp->Parameters.Read.Length,
IrpSp->Parameters.Read.ByteOffset,
NULL);

4. The ZwReadFile() works correctly, the IRP is completed, and Win32
receives the correct data in the buffers specified in the
ReadFileScatter() call. So far so good. However, when the file
is closed and the test app exits, I get BSOD. Obviously something
is not cleared in the FSD’s read handler, but I can’t figure out
what. Any idea?

Thanks in advance,
Chuck


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com