Using FltDoCompletionProcessingWhenSafe with IRP_MJ_READ


I’m looking at swapBuffers Microsoft minifilter sample and it calls FltDoCompletionProcessingWhenSafe in Read Post operation:

However the description of that function says:

“Caution To avoid deadlocks, FltDoCompletionProcessingWhenSafe cannot be called for I/O operations that can be directly completed by a driver in the storage stack, such as the following:

Is this a bug in the sample code? If yes, what is the proper way to access the buffer in the Read handler?

Thank you!

I believe the documentation is misleading here.

The warning doesn’t really have anything to do with
FltDoCompletionProcessingWhenSafe. They just don’t want you doing I/O in the
context of a I/O PostOp callback. FltDoCompletionProcessingWhenSafe calls
your Safe callback immediately if the IRQL is <= APC_LEVEL, which might then
cause you to think it’s “safe” to perform I/O back into the file system.

See the following two posts from Alex:

The sample is pretty safe here because it’s unlikely that the
FltLockUserBuffer would recurse back into the file system for file I/O
(maybe paging file, but that’s always different anyway).

While not directly related, in general if I need to map the user buffer I
prefer to do it in PreOp. That way by the time I get to my PostOp callback I
have everything I need to do my work and it’s a bit tidier to clean up on


Thanks Scott, much appreciated!