Hi,
We implement oplock support in our FSD similar to how FastFat does it. We have an OPLOCK-type member variable in our FCB struct.
What is not clear to me is who is responsible for synchronizing access to the OPLOCK struct. It is an opaque struct for the FSD, but still, is the FSD responsible for synchronizing access to it by e.g. ensuring that the FCB main resource is acquired exclusively or shared before any calls to e.g. FsRtlOplockFsctrl or FsRtlCheckOplock?
I’ve examined the FastFat sample but I can’t get a definitive conclusion from there.
Obviously, the FSD needs to ensure that the OPLOCK struct stays around while such calls are made, i.e., we need to ensure that the whole FCB struct that contains the OPLOCK struct doesn’t get deallocated while e.g. a FsRtlCheckOplock call is executing.
But, assuming that the FCB is guaranteed to have been initialized properly and to stay alive, is it OK to let FsRtlCheckOplock, FsRtlOplockFsctrl and similar calls from multiple threads access the same OPLOCK struct concurrently? Or is the FSD responsible for synchronizing those calls by using the FCB’s main resource or paging IO resource or by some additional synchronization structure?
In particular, I’m looking at this aspect because I’m investigating the following bugcheck where an FsRtlOplockFsctrl call made by our driver results in a bugcheck in FsRtlpRequestShareableOplock:
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff8801b2a8c50, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8801b2a8ba8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
STACK_TEXT:
nt!KeBugCheckEx
nt!KiBugCheckDispatch+0x69
nt!KiFastFailDispatch+0xd0
nt!KiRaiseSecurityCheckFailure+0xf4
nt!FsRtlpRequestShareableOplock+0xb13
nt!FsRtlOplockFsctrlEx+0x32c
mffsd!MFFSDProcessCheckAndUpdateShareAccess+0x442
…
-Antti