ZwOpenFile never return

hi, all
i have a volume upper filter dirver based toaster filter driver,
which to handle the volume C 's read and write requests,
for other volumes i just passthru. and before the first
read and write request for volume C arrived, i try to use
ZwOpenFile to open a file belongs to other volume (eg: volume D),
but ZwOpenFile never return.

so what am i doing wrong?

Probably Filesystem is not yet mounted when you call ZwOpenFile?

“Xu Ge” ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅÅ:
news:xxxxx@ntdev…
> hi, all
> i have a volume upper filter dirver based toaster filter driver,
> which to handle the volume C 's read and write requests,
> for other volumes i just passthru. and before the first
> read and write request for volume C arrived, i try to use
> ZwOpenFile to open a file belongs to other volume (eg: volume D),
> but ZwOpenFile never return.
>
> so what am i doing wrong?
>
>
>
>

I think that the os will mount the filesystem when i call ZwOpenFile,
Am i wrong ?

“Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>
>
> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅ?
> news:xxxxx@ntdev…
>> hi, all
>> i have a volume upper filter dirver based toaster filter driver,
>> which to handle the volume C 's read and write requests,
>> for other volumes i just passthru. and before the first
>> read and write request for volume C arrived, i try to use
>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>> but ZwOpenFile never return.
>>
>> so what am i doing wrong?
>>
>>
>>
>>
>
>
>

You are write.
Are you calling ZwOpenFile on IRQL == PASSIVE_LEVEL?
If you call ZwOpenFile on APC_LEVEL it may hang because APC are blocked.

“Xu Ge” wrote in message news:xxxxx@ntdev…
>I think that the os will mount the filesystem when i call ZwOpenFile,
> Am i wrong ?
>
>
> “Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>>
>>
>> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅ?
>> news:xxxxx@ntdev…
>>> hi, all
>>> i have a volume upper filter dirver based toaster filter driver,
>>> which to handle the volume C 's read and write requests,
>>> for other volumes i just passthru. and before the first
>>> read and write request for volume C arrived, i try to use
>>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>>> but ZwOpenFile never return.
>>>
>>> so what am i doing wrong?
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>

yes, the IRQL == PASSIVE_LEVEL, i call ZwOpenFile in a system thread and
never raise irql,

when i use windbg to analyze the lock, the cmd output’s like this:
(my driver is backupex, the thread startup proc is FilterThread)

==================================================================
kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks…

Resource @ 0x814824f4 Exclusively owned
Contention Count = 2
NumberOfSharedWaiters = 1
Threads: 81473760-02<*> 8144f900-01
KD: Scanning for held locks.

Resource @ 0x81462368 Exclusively owned
Threads: 81473760-01<*>
KD: Scanning for held locks.

Resource @ 0x813f66e8 Exclusively owned
Threads: 81473760-01<*>
KD: Scanning for held locks.

Resource @ 0x8146ef40 Shared 1 owning threads
Threads: 81472623-01<*> *** Actual Thread 81472620
KD: Scanning for held locks…
229 total locks, 4 locks currently held
kd> !locks -v 814824f4

Resource @ 0x814824f4 Exclusively owned
Contention Count = 2
NumberOfSharedWaiters = 1
Threads: 81473760-02<*>

THREAD 81473760 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
f7422b98 NotificationEvent
IRP List:
813ace68: (0006,0190) Flags: 00000884 Mdl: 00000000
814543e8: (0006,0094) Flags: 00000000 Mdl: 00000000
Not impersonating
Owning Process 814739e0
Wait Start TickCount 863 Elapsed Ticks: 5774
Context Switch Count 770
UserTime 0:00:00.0000
KernelTime 0:00:06.0937
Start Address nt!IoWMISuggestInstanceName (0x8054aca6)
Stack Init f7424000 Current f74226c0 Base f7424000 Limit f7421000 Call
0
Priority 31 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f7422700 bfedf6d6 f7422b98 00000000 00000000 nt!RtlMoveMemory+0x136d
f74228d0 bfee1598 81462d28 81451148 813f6e08 Ntfs+0x16d6
f7422c58 bfee1dc2 81462d28 81451148 00000000 Ntfs+0x3598
f7422cc4 8041f54b 81482020 81451148 813f6cf8 Ntfs+0x3dc2
f7422cec 8043bd9d 813f6cf8 f7422d14 f7422d94
nt!IoBuildSynchronousFsdRequest+0x8f
f7422dac 8043ba52 e14c2040 e14c2044 00000019
nt!MmDisableModifiedWriteOfSection+0x914
f7422de8 80410f39 813f6dd4 e14c2040 00001000
nt!MmDisableModifiedWriteOfSection+0x5c9
f7422eac bff15345 813f6dd4 f7422f48 00001000 nt!CcFlushCache+0x353
f7422fb8 bff1570f e149b4e8 e14bebe8 e149b4e8
Ntfs!NtfsCreateInternalStreamCommon+0xb7ea
f7422fdc bff07b6b e149b4e8 e14bebe8 e149b4e8
Ntfs!NtfsCreateInternalStreamCommon+0xbbb4
f7423004 bff07a84 e149b4e8 ffffffff 7fffffff Ntfs!NtfsMapStream+0x7823
f7423050 bfef5c2f e1451088 ffffffff 7fffffff Ntfs!NtfsMapStream+0x773c
f7423130 bfef5998 81483b88 814820f0 00000001
Ntfs!NtfsRaiseStatus+0x110dd
f74231a8 bff02b12 81483b88 813ace68 81482020
Ntfs!NtfsRaiseStatus+0x10e46
f7423240 8041f54b 81482020 813ace68 813ace78 Ntfs!NtfsMapStream+0x27ca
f74233dc 8044e27e 8145a730 00000000 f7423488
nt!IoBuildSynchronousFsdRequest+0x8f
f7423448 804957ae 00000000 f7423500 00000040
nt!ObFindHandleForObject+0x5e3
f7423558 804a78b8 00000000 00000000 8149a000 nt!ObOpenObjectByName+0xb3
f742362c 804a361e f7423744 00120089 f7423724 nt!IoCreateFile+0x1ad
f742366c 80461691 f7423744 00120089 f7423724 nt!NtOpenFile+0x25
f742368c e10029b0 f7423700 f74236f4 00000000
nt!ExReleaseResourceForThread+0xbd5
f74236ac ffffffff f74236c0 80461604 00000000 +0xe10029b0
00000000 00000000 00000000 00000000 00000000 +0xffffffff

8144f900-01

THREAD 8144f900 Cid 8.58 Teb: 00000000 Win32Thread: 00000000 WAIT:
(Executive) KernelMode Non-Alertable
81341568 Semaphore Limit 0x7fffffff
8144f9e8 NotificationTimer
IRP List:
81344648: (0006,0190) Flags: 00000884 Mdl: 00000000
813414a8: (0006,0094) Flags: 00000000 Mdl: 00000000
Not impersonating
Owning Process 814739e0
Wait Start TickCount 6460 Elapsed Ticks: 177
Context Switch Count 37
UserTime 0:00:00.0000
KernelTime 0:00:06.0609
Start Address BackupEx!FilterThread (0xf741e2a0)
Stack Init f747c000 Current f747a938 Base f747c000 Limit f7479000 Call
0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f747a978 80417148 81341568 00000000 00000000 nt!RtlMoveMemory+0x136d
f747a9b8 804167d4 81482da8 81482da8 f747ad54
nt!ExIsResourceAcquiredSharedLite+0x359
f747a9d0 8041670d 814824f4 81341568 f747acf4
nt!ExAcquireResourceSharedLite+0x10a
f747a9e0 bff00cea 814824f4 00000001 813447b4
nt!ExAcquireResourceSharedLite+0x43
f747acf4 bff029fd 81482da8 81344648 f747ad54 Ntfs!NtfsMapStream+0x9a2
f747ad94 8041f54b 81482020 81344648 81344658 Ntfs!NtfsMapStream+0x26b5
f747af30 8044e27e 8145a730 00000000 f747afdc
nt!IoBuildSynchronousFsdRequest+0x8f
f747af9c 804957ae 00000000 f747b000 00000040
nt!ObFindHandleForObject+0x5e3
f747b0ac 804a78b8 00000000 00000000 bff74000 nt!ObOpenObjectByName+0xb3
f747b180 804a361e f747b45c 00000020 f747b470 nt!IoCreateFile+0x1ad
f747b1c0 80461691 f747b45c 00000020 f747b470 nt!NtOpenFile+0x25
f747b1e0 00000000 00000000 00000000 00000000
nt!ExReleaseResourceForThread+0xbd5

1 total locks, 1 locks currently held

“Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
> You are write.
> Are you calling ZwOpenFile on IRQL == PASSIVE_LEVEL?
> If you call ZwOpenFile on APC_LEVEL it may hang because APC are blocked.
>
> “Xu Ge” wrote in message news:xxxxx@ntdev…
>>I think that the os will mount the filesystem when i call ZwOpenFile,
>> Am i wrong ?
>>
>>
>> “Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>>>
>>>
>>> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅ?
>>> news:xxxxx@ntdev…
>>>> hi, all
>>>> i have a volume upper filter dirver based toaster filter driver,
>>>> which to handle the volume C 's read and write requests,
>>>> for other volumes i just passthru. and before the first
>>>> read and write request for volume C arrived, i try to use
>>>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>>>> but ZwOpenFile never return.
>>>>
>>>> so what am i doing wrong?
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>

First of all, I think your debugger uses wrong symbols.
The following is only my guess.
If you catch IRP under file system driver( your filter is upper for
disk/partition driver ) and block it( block IRP sending to disk/partition
driver) waiting while ZwOpenFile returns you may block ZwOpenFile because
ZwOpenFile calls file system driver and this file system driver tries to
acquire resources which already has been acquired in thread that you block.
I guess you create dead lock - you waiting in thread that acquired exclusive
resource before you call ZwOpenFile, and this other thread also try to
acquire the same resource exclusive.
If you use file system upper filter or do not block thread my guess is
wrong.

“Xu Ge” wrote in message news:xxxxx@ntdev…
> yes, the IRQL == PASSIVE_LEVEL, i call ZwOpenFile in a system thread and
> never raise irql,
>
> when i use windbg to analyze the lock, the cmd output’s like this:
> (my driver is backupex, the thread startup proc is FilterThread)
>
> ==================================================================
> kd> !locks
> DUMP OF ALL RESOURCE OBJECTS
> KD: Scanning for held locks…
>
> Resource @ 0x814824f4 Exclusively owned
> Contention Count = 2
> NumberOfSharedWaiters = 1
> Threads: 81473760-02<> 8144f900-01
> KD: Scanning for held locks.
>
> Resource @ 0x81462368 Exclusively owned
> Threads: 81473760-01<
>
> KD: Scanning for held locks.
>
> Resource @ 0x813f66e8 Exclusively owned
> Threads: 81473760-01<>
> KD: Scanning for held locks.
>
> Resource @ 0x8146ef40 Shared 1 owning threads
> Threads: 81472623-01<
> *** Actual Thread 81472620
> KD: Scanning for held locks…
> 229 total locks, 4 locks currently held
> kd> !locks -v 814824f4
>
> Resource @ 0x814824f4 Exclusively owned
> Contention Count = 2
> NumberOfSharedWaiters = 1
> Threads: 81473760-02<*>
>
> THREAD 81473760 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT:
> (Executive) KernelMode Non-Alertable
> f7422b98 NotificationEvent
> IRP List:
> 813ace68: (0006,0190) Flags: 00000884 Mdl: 00000000
> 814543e8: (0006,0094) Flags: 00000000 Mdl: 00000000
> Not impersonating
> Owning Process 814739e0
> Wait Start TickCount 863 Elapsed Ticks: 5774
> Context Switch Count 770
> UserTime 0:00:00.0000
> KernelTime 0:00:06.0937
> Start Address nt!IoWMISuggestInstanceName (0x8054aca6)
> Stack Init f7424000 Current f74226c0 Base f7424000 Limit f7421000 Call
> 0
> Priority 31 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>
> ChildEBP RetAddr Args to Child
> f7422700 bfedf6d6 f7422b98 00000000 00000000 nt!RtlMoveMemory+0x136d
> f74228d0 bfee1598 81462d28 81451148 813f6e08 Ntfs+0x16d6
> f7422c58 bfee1dc2 81462d28 81451148 00000000 Ntfs+0x3598
> f7422cc4 8041f54b 81482020 81451148 813f6cf8 Ntfs+0x3dc2
> f7422cec 8043bd9d 813f6cf8 f7422d14 f7422d94
> nt!IoBuildSynchronousFsdRequest+0x8f
> f7422dac 8043ba52 e14c2040 e14c2044 00000019
> nt!MmDisableModifiedWriteOfSection+0x914
> f7422de8 80410f39 813f6dd4 e14c2040 00001000
> nt!MmDisableModifiedWriteOfSection+0x5c9
> f7422eac bff15345 813f6dd4 f7422f48 00001000 nt!CcFlushCache+0x353
> f7422fb8 bff1570f e149b4e8 e14bebe8 e149b4e8
> Ntfs!NtfsCreateInternalStreamCommon+0xb7ea
> f7422fdc bff07b6b e149b4e8 e14bebe8 e149b4e8
> Ntfs!NtfsCreateInternalStreamCommon+0xbbb4
> f7423004 bff07a84 e149b4e8 ffffffff 7fffffff Ntfs!NtfsMapStream+0x7823
> f7423050 bfef5c2f e1451088 ffffffff 7fffffff Ntfs!NtfsMapStream+0x773c
> f7423130 bfef5998 81483b88 814820f0 00000001
> Ntfs!NtfsRaiseStatus+0x110dd
> f74231a8 bff02b12 81483b88 813ace68 81482020
> Ntfs!NtfsRaiseStatus+0x10e46
> f7423240 8041f54b 81482020 813ace68 813ace78 Ntfs!NtfsMapStream+0x27ca
> f74233dc 8044e27e 8145a730 00000000 f7423488
> nt!IoBuildSynchronousFsdRequest+0x8f
> f7423448 804957ae 00000000 f7423500 00000040
> nt!ObFindHandleForObject+0x5e3
> f7423558 804a78b8 00000000 00000000 8149a000
> nt!ObOpenObjectByName+0xb3
> f742362c 804a361e f7423744 00120089 f7423724 nt!IoCreateFile+0x1ad
> f742366c 80461691 f7423744 00120089 f7423724 nt!NtOpenFile+0x25
> f742368c e10029b0 f7423700 f74236f4 00000000
> nt!ExReleaseResourceForThread+0xbd5
> f74236ac ffffffff f74236c0 80461604 00000000 +0xe10029b0
> 00000000 00000000 00000000 00000000 00000000 +0xffffffff
>
> 8144f900-01
>
> THREAD 8144f900 Cid 8.58 Teb: 00000000 Win32Thread: 00000000 WAIT:
> (Executive) KernelMode Non-Alertable
> 81341568 Semaphore Limit 0x7fffffff
> 8144f9e8 NotificationTimer
> IRP List:
> 81344648: (0006,0190) Flags: 00000884 Mdl: 00000000
> 813414a8: (0006,0094) Flags: 00000000 Mdl: 00000000
> Not impersonating
> Owning Process 814739e0
> Wait Start TickCount 6460 Elapsed Ticks: 177
> Context Switch Count 37
> UserTime 0:00:00.0000
> KernelTime 0:00:06.0609
> Start Address BackupEx!FilterThread (0xf741e2a0)
> Stack Init f747c000 Current f747a938 Base f747c000 Limit f7479000 Call
> 0
> Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>
> ChildEBP RetAddr Args to Child
> f747a978 80417148 81341568 00000000 00000000 nt!RtlMoveMemory+0x136d
> f747a9b8 804167d4 81482da8 81482da8 f747ad54
> nt!ExIsResourceAcquiredSharedLite+0x359
> f747a9d0 8041670d 814824f4 81341568 f747acf4
> nt!ExAcquireResourceSharedLite+0x10a
> f747a9e0 bff00cea 814824f4 00000001 813447b4
> nt!ExAcquireResourceSharedLite+0x43
> f747acf4 bff029fd 81482da8 81344648 f747ad54 Ntfs!NtfsMapStream+0x9a2
> f747ad94 8041f54b 81482020 81344648 81344658 Ntfs!NtfsMapStream+0x26b5
> f747af30 8044e27e 8145a730 00000000 f747afdc
> nt!IoBuildSynchronousFsdRequest+0x8f
> f747af9c 804957ae 00000000 f747b000 00000040
> nt!ObFindHandleForObject+0x5e3
> f747b0ac 804a78b8 00000000 00000000 bff74000
> nt!ObOpenObjectByName+0xb3
> f747b180 804a361e f747b45c 00000020 f747b470 nt!IoCreateFile+0x1ad
> f747b1c0 80461691 f747b45c 00000020 f747b470 nt!NtOpenFile+0x25
> f747b1e0 00000000 00000000 00000000 00000000
> nt!ExReleaseResourceForThread+0xbd5
>
>
> 1 total locks, 1 locks currently held
>
>
>
> “Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>> You are write.
>> Are you calling ZwOpenFile on IRQL == PASSIVE_LEVEL?
>> If you call ZwOpenFile on APC_LEVEL it may hang because APC are blocked.
>>
>> “Xu Ge” wrote in message news:xxxxx@ntdev…
>>>I think that the os will mount the filesystem when i call ZwOpenFile,
>>> Am i wrong ?
>>>
>>>
>>> “Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>>> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>>>>
>>>>
>>>> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅ?
>>>> news:xxxxx@ntdev…
>>>>> hi, all
>>>>> i have a volume upper filter dirver based toaster filter driver,
>>>>> which to handle the volume C 's read and write requests,
>>>>> for other volumes i just passthru. and before the first
>>>>> read and write request for volume C arrived, i try to use
>>>>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>>>>> but ZwOpenFile never return.
>>>>>
>>>>> so what am i doing wrong?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>

i only block the read write irp sended to HarddiskVolume1, but ZwOpenFile
i called is for HarddiskVolume2, can this induce the deadlock ?

my driver is a partition upper filter driver.

“Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
> First of all, I think your debugger uses wrong symbols.
> The following is only my guess.
> If you catch IRP under file system driver( your filter is upper for
> disk/partition driver ) and block it( block IRP sending to disk/partition
> driver) waiting while ZwOpenFile returns you may block ZwOpenFile because
> ZwOpenFile calls file system driver and this file system driver tries to
> acquire resources which already has been acquired in thread that you
> block. I guess you create dead lock - you waiting in thread that acquired
> exclusive resource before you call ZwOpenFile, and this other thread also
> try to acquire the same resource exclusive.
> If you use file system upper filter or do not block thread my guess is
> wrong.
>
> “Xu Ge” wrote in message news:xxxxx@ntdev…
>> yes, the IRQL == PASSIVE_LEVEL, i call ZwOpenFile in a system thread and
>> never raise irql,
>>
>> when i use windbg to analyze the lock, the cmd output’s like this:
>> (my driver is backupex, the thread startup proc is FilterThread)
>>
>> ==================================================================
>> kd> !locks
>> DUMP OF ALL RESOURCE OBJECTS
>> KD: Scanning for held locks…
>>
>> Resource @ 0x814824f4 Exclusively owned
>> Contention Count = 2
>> NumberOfSharedWaiters = 1
>> Threads: 81473760-02<> 8144f900-01
>> KD: Scanning for held locks.
>>
>> Resource @ 0x81462368 Exclusively owned
>> Threads: 81473760-01<
>
>> KD: Scanning for held locks.
>>
>> Resource @ 0x813f66e8 Exclusively owned
>> Threads: 81473760-01<>
>> KD: Scanning for held locks.
>>
>> Resource @ 0x8146ef40 Shared 1 owning threads
>> Threads: 81472623-01<
> *** Actual Thread 81472620
>> KD: Scanning for held locks…
>> 229 total locks, 4 locks currently held
>> kd> !locks -v 814824f4
>>
>> Resource @ 0x814824f4 Exclusively owned
>> Contention Count = 2
>> NumberOfSharedWaiters = 1
>> Threads: 81473760-02<*>
>>
>> THREAD 81473760 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT:
>> (Executive) KernelMode Non-Alertable
>> f7422b98 NotificationEvent
>> IRP List:
>> 813ace68: (0006,0190) Flags: 00000884 Mdl: 00000000
>> 814543e8: (0006,0094) Flags: 00000000 Mdl: 00000000
>> Not impersonating
>> Owning Process 814739e0
>> Wait Start TickCount 863 Elapsed Ticks: 5774
>> Context Switch Count 770
>> UserTime 0:00:00.0000
>> KernelTime 0:00:06.0937
>> Start Address nt!IoWMISuggestInstanceName (0x8054aca6)
>> Stack Init f7424000 Current f74226c0 Base f7424000 Limit f7421000
>> Call 0
>> Priority 31 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>>
>> ChildEBP RetAddr Args to Child
>> f7422700 bfedf6d6 f7422b98 00000000 00000000 nt!RtlMoveMemory+0x136d
>> f74228d0 bfee1598 81462d28 81451148 813f6e08 Ntfs+0x16d6
>> f7422c58 bfee1dc2 81462d28 81451148 00000000 Ntfs+0x3598
>> f7422cc4 8041f54b 81482020 81451148 813f6cf8 Ntfs+0x3dc2
>> f7422cec 8043bd9d 813f6cf8 f7422d14 f7422d94
>> nt!IoBuildSynchronousFsdRequest+0x8f
>> f7422dac 8043ba52 e14c2040 e14c2044 00000019
>> nt!MmDisableModifiedWriteOfSection+0x914
>> f7422de8 80410f39 813f6dd4 e14c2040 00001000
>> nt!MmDisableModifiedWriteOfSection+0x5c9
>> f7422eac bff15345 813f6dd4 f7422f48 00001000 nt!CcFlushCache+0x353
>> f7422fb8 bff1570f e149b4e8 e14bebe8 e149b4e8
>> Ntfs!NtfsCreateInternalStreamCommon+0xb7ea
>> f7422fdc bff07b6b e149b4e8 e14bebe8 e149b4e8
>> Ntfs!NtfsCreateInternalStreamCommon+0xbbb4
>> f7423004 bff07a84 e149b4e8 ffffffff 7fffffff
>> Ntfs!NtfsMapStream+0x7823
>> f7423050 bfef5c2f e1451088 ffffffff 7fffffff
>> Ntfs!NtfsMapStream+0x773c
>> f7423130 bfef5998 81483b88 814820f0 00000001
>> Ntfs!NtfsRaiseStatus+0x110dd
>> f74231a8 bff02b12 81483b88 813ace68 81482020
>> Ntfs!NtfsRaiseStatus+0x10e46
>> f7423240 8041f54b 81482020 813ace68 813ace78
>> Ntfs!NtfsMapStream+0x27ca
>> f74233dc 8044e27e 8145a730 00000000 f7423488
>> nt!IoBuildSynchronousFsdRequest+0x8f
>> f7423448 804957ae 00000000 f7423500 00000040
>> nt!ObFindHandleForObject+0x5e3
>> f7423558 804a78b8 00000000 00000000 8149a000
>> nt!ObOpenObjectByName+0xb3
>> f742362c 804a361e f7423744 00120089 f7423724 nt!IoCreateFile+0x1ad
>> f742366c 80461691 f7423744 00120089 f7423724 nt!NtOpenFile+0x25
>> f742368c e10029b0 f7423700 f74236f4 00000000
>> nt!ExReleaseResourceForThread+0xbd5
>> f74236ac ffffffff f74236c0 80461604 00000000 +0xe10029b0
>> 00000000 00000000 00000000 00000000 00000000 +0xffffffff
>>
>> 8144f900-01
>>
>> THREAD 8144f900 Cid 8.58 Teb: 00000000 Win32Thread: 00000000 WAIT:
>> (Executive) KernelMode Non-Alertable
>> 81341568 Semaphore Limit 0x7fffffff
>> 8144f9e8 NotificationTimer
>> IRP List:
>> 81344648: (0006,0190) Flags: 00000884 Mdl: 00000000
>> 813414a8: (0006,0094) Flags: 00000000 Mdl: 00000000
>> Not impersonating
>> Owning Process 814739e0
>> Wait Start TickCount 6460 Elapsed Ticks: 177
>> Context Switch Count 37
>> UserTime 0:00:00.0000
>> KernelTime 0:00:06.0609
>> Start Address BackupEx!FilterThread (0xf741e2a0)
>> Stack Init f747c000 Current f747a938 Base f747c000 Limit f7479000
>> Call 0
>> Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>>
>> ChildEBP RetAddr Args to Child
>> f747a978 80417148 81341568 00000000 00000000 nt!RtlMoveMemory+0x136d
>> f747a9b8 804167d4 81482da8 81482da8 f747ad54
>> nt!ExIsResourceAcquiredSharedLite+0x359
>> f747a9d0 8041670d 814824f4 81341568 f747acf4
>> nt!ExAcquireResourceSharedLite+0x10a
>> f747a9e0 bff00cea 814824f4 00000001 813447b4
>> nt!ExAcquireResourceSharedLite+0x43
>> f747acf4 bff029fd 81482da8 81344648 f747ad54 Ntfs!NtfsMapStream+0x9a2
>> f747ad94 8041f54b 81482020 81344648 81344658
>> Ntfs!NtfsMapStream+0x26b5
>> f747af30 8044e27e 8145a730 00000000 f747afdc
>> nt!IoBuildSynchronousFsdRequest+0x8f
>> f747af9c 804957ae 00000000 f747b000 00000040
>> nt!ObFindHandleForObject+0x5e3
>> f747b0ac 804a78b8 00000000 00000000 bff74000
>> nt!ObOpenObjectByName+0xb3
>> f747b180 804a361e f747b45c 00000020 f747b470 nt!IoCreateFile+0x1ad
>> f747b1c0 80461691 f747b45c 00000020 f747b470 nt!NtOpenFile+0x25
>> f747b1e0 00000000 00000000 00000000 00000000
>> nt!ExReleaseResourceForThread+0xbd5
>>
>>
>> 1 total locks, 1 locks currently held
>>
>>
>>
>> “Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>> You are write.
>>> Are you calling ZwOpenFile on IRQL == PASSIVE_LEVEL?
>>> If you call ZwOpenFile on APC_LEVEL it may hang because APC are blocked.
>>>
>>> “Xu Ge” wrote in message news:xxxxx@ntdev…
>>>>I think that the os will mount the filesystem when i call ZwOpenFile,
>>>> Am i wrong ?
>>>>
>>>>
>>>> “Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>>>> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>>>>>
>>>>>
>>>>> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ ÓÌÅÄÕÀÝÅ?
>>>>> news:xxxxx@ntdev…
>>>>>> hi, all
>>>>>> i have a volume upper filter dirver based toaster filter driver,
>>>>>> which to handle the volume C 's read and write requests,
>>>>>> for other volumes i just passthru. and before the first
>>>>>> read and write request for volume C arrived, i try to use
>>>>>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>>>>>> but ZwOpenFile never return.
>>>>>>
>>>>>> so what am i doing wrong?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>

Possibly may induce deadlock.
To check this- do not block, send open request to other thread and then( not
waiting reply from ZwOpenFile ) send Irp to partition driver.

“Xu Ge” wrote in message news:xxxxx@ntdev…
>i only block the read write irp sended to HarddiskVolume1, but ZwOpenFile
> i called is for HarddiskVolume2, can this induce the deadlock ?
>
> my driver is a partition upper filter driver.
>
> “Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>> First of all, I think your debugger uses wrong symbols.
>> The following is only my guess.
>> If you catch IRP under file system driver( your filter is upper for
>> disk/partition driver ) and block it( block IRP sending to disk/partition
>> driver) waiting while ZwOpenFile returns you may block ZwOpenFile
>> because ZwOpenFile calls file system driver and this file system driver
>> tries to acquire resources which already has been acquired in thread that
>> you block. I guess you create dead lock - you waiting in thread that
>> acquired exclusive resource before you call ZwOpenFile, and this other
>> thread also try to acquire the same resource exclusive.
>> If you use file system upper filter or do not block thread my guess is
>> wrong.
>>
>> “Xu Ge” wrote in message news:xxxxx@ntdev…
>>> yes, the IRQL == PASSIVE_LEVEL, i call ZwOpenFile in a system thread and
>>> never raise irql,
>>>
>>> when i use windbg to analyze the lock, the cmd output’s like this:
>>> (my driver is backupex, the thread startup proc is FilterThread)
>>>
>>> ==================================================================
>>> kd> !locks
>>> DUMP OF ALL RESOURCE OBJECTS
>>> KD: Scanning for held locks…
>>>
>>> Resource @ 0x814824f4 Exclusively owned
>>> Contention Count = 2
>>> NumberOfSharedWaiters = 1
>>> Threads: 81473760-02<> 8144f900-01
>>> KD: Scanning for held locks.
>>>
>>> Resource @ 0x81462368 Exclusively owned
>>> Threads: 81473760-01<
>
>>> KD: Scanning for held locks.
>>>
>>> Resource @ 0x813f66e8 Exclusively owned
>>> Threads: 81473760-01<>
>>> KD: Scanning for held locks.
>>>
>>> Resource @ 0x8146ef40 Shared 1 owning threads
>>> Threads: 81472623-01<
> *** Actual Thread 81472620
>>> KD: Scanning for held locks…
>>> 229 total locks, 4 locks currently held
>>> kd> !locks -v 814824f4
>>>
>>> Resource @ 0x814824f4 Exclusively owned
>>> Contention Count = 2
>>> NumberOfSharedWaiters = 1
>>> Threads: 81473760-02<*>
>>>
>>> THREAD 81473760 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT:
>>> (Executive) KernelMode Non-Alertable
>>> f7422b98 NotificationEvent
>>> IRP List:
>>> 813ace68: (0006,0190) Flags: 00000884 Mdl: 00000000
>>> 814543e8: (0006,0094) Flags: 00000000 Mdl: 00000000
>>> Not impersonating
>>> Owning Process 814739e0
>>> Wait Start TickCount 863 Elapsed Ticks: 5774
>>> Context Switch Count 770
>>> UserTime 0:00:00.0000
>>> KernelTime 0:00:06.0937
>>> Start Address nt!IoWMISuggestInstanceName (0x8054aca6)
>>> Stack Init f7424000 Current f74226c0 Base f7424000 Limit f7421000
>>> Call 0
>>> Priority 31 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>>>
>>> ChildEBP RetAddr Args to Child
>>> f7422700 bfedf6d6 f7422b98 00000000 00000000 nt!RtlMoveMemory+0x136d
>>> f74228d0 bfee1598 81462d28 81451148 813f6e08 Ntfs+0x16d6
>>> f7422c58 bfee1dc2 81462d28 81451148 00000000 Ntfs+0x3598
>>> f7422cc4 8041f54b 81482020 81451148 813f6cf8 Ntfs+0x3dc2
>>> f7422cec 8043bd9d 813f6cf8 f7422d14 f7422d94
>>> nt!IoBuildSynchronousFsdRequest+0x8f
>>> f7422dac 8043ba52 e14c2040 e14c2044 00000019
>>> nt!MmDisableModifiedWriteOfSection+0x914
>>> f7422de8 80410f39 813f6dd4 e14c2040 00001000
>>> nt!MmDisableModifiedWriteOfSection+0x5c9
>>> f7422eac bff15345 813f6dd4 f7422f48 00001000 nt!CcFlushCache+0x353
>>> f7422fb8 bff1570f e149b4e8 e14bebe8 e149b4e8
>>> Ntfs!NtfsCreateInternalStreamCommon+0xb7ea
>>> f7422fdc bff07b6b e149b4e8 e14bebe8 e149b4e8
>>> Ntfs!NtfsCreateInternalStreamCommon+0xbbb4
>>> f7423004 bff07a84 e149b4e8 ffffffff 7fffffff
>>> Ntfs!NtfsMapStream+0x7823
>>> f7423050 bfef5c2f e1451088 ffffffff 7fffffff
>>> Ntfs!NtfsMapStream+0x773c
>>> f7423130 bfef5998 81483b88 814820f0 00000001
>>> Ntfs!NtfsRaiseStatus+0x110dd
>>> f74231a8 bff02b12 81483b88 813ace68 81482020
>>> Ntfs!NtfsRaiseStatus+0x10e46
>>> f7423240 8041f54b 81482020 813ace68 813ace78
>>> Ntfs!NtfsMapStream+0x27ca
>>> f74233dc 8044e27e 8145a730 00000000 f7423488
>>> nt!IoBuildSynchronousFsdRequest+0x8f
>>> f7423448 804957ae 00000000 f7423500 00000040
>>> nt!ObFindHandleForObject+0x5e3
>>> f7423558 804a78b8 00000000 00000000 8149a000
>>> nt!ObOpenObjectByName+0xb3
>>> f742362c 804a361e f7423744 00120089 f7423724 nt!IoCreateFile+0x1ad
>>> f742366c 80461691 f7423744 00120089 f7423724 nt!NtOpenFile+0x25
>>> f742368c e10029b0 f7423700 f74236f4 00000000
>>> nt!ExReleaseResourceForThread+0xbd5
>>> f74236ac ffffffff f74236c0 80461604 00000000 +0xe10029b0
>>> 00000000 00000000 00000000 00000000 00000000 +0xffffffff
>>>
>>> 8144f900-01
>>>
>>> THREAD 8144f900 Cid 8.58 Teb: 00000000 Win32Thread: 00000000
>>> WAIT: (Executive) KernelMode Non-Alertable
>>> 81341568 Semaphore Limit 0x7fffffff
>>> 8144f9e8 NotificationTimer
>>> IRP List:
>>> 81344648: (0006,0190) Flags: 00000884 Mdl: 00000000
>>> 813414a8: (0006,0094) Flags: 00000000 Mdl: 00000000
>>> Not impersonating
>>> Owning Process 814739e0
>>> Wait Start TickCount 6460 Elapsed Ticks: 177
>>> Context Switch Count 37
>>> UserTime 0:00:00.0000
>>> KernelTime 0:00:06.0609
>>> Start Address BackupEx!FilterThread (0xf741e2a0)
>>> Stack Init f747c000 Current f747a938 Base f747c000 Limit f7479000
>>> Call 0
>>> Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
>>>
>>> ChildEBP RetAddr Args to Child
>>> f747a978 80417148 81341568 00000000 00000000 nt!RtlMoveMemory+0x136d
>>> f747a9b8 804167d4 81482da8 81482da8 f747ad54
>>> nt!ExIsResourceAcquiredSharedLite+0x359
>>> f747a9d0 8041670d 814824f4 81341568 f747acf4
>>> nt!ExAcquireResourceSharedLite+0x10a
>>> f747a9e0 bff00cea 814824f4 00000001 813447b4
>>> nt!ExAcquireResourceSharedLite+0x43
>>> f747acf4 bff029fd 81482da8 81344648 f747ad54
>>> Ntfs!NtfsMapStream+0x9a2
>>> f747ad94 8041f54b 81482020 81344648 81344658
>>> Ntfs!NtfsMapStream+0x26b5
>>> f747af30 8044e27e 8145a730 00000000 f747afdc
>>> nt!IoBuildSynchronousFsdRequest+0x8f
>>> f747af9c 804957ae 00000000 f747b000 00000040
>>> nt!ObFindHandleForObject+0x5e3
>>> f747b0ac 804a78b8 00000000 00000000 bff74000
>>> nt!ObOpenObjectByName+0xb3
>>> f747b180 804a361e f747b45c 00000020 f747b470 nt!IoCreateFile+0x1ad
>>> f747b1c0 80461691 f747b45c 00000020 f747b470 nt!NtOpenFile+0x25
>>> f747b1e0 00000000 00000000 00000000 00000000
>>> nt!ExReleaseResourceForThread+0xbd5
>>>
>>>
>>> 1 total locks, 1 locks currently held
>>>
>>>
>>>
>>> “Slava Imameyev” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>>> You are write.
>>>> Are you calling ZwOpenFile on IRQL == PASSIVE_LEVEL?
>>>> If you call ZwOpenFile on APC_LEVEL it may hang because APC are
>>>> blocked.
>>>>
>>>> “Xu Ge” wrote in message news:xxxxx@ntdev…
>>>>>I think that the os will mount the filesystem when i call ZwOpenFile,
>>>>> Am i wrong ?
>>>>>
>>>>>
>>>>> “Roman Kudinov” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>>>>>> Probably Filesystem is not yet mounted when you call ZwOpenFile?
>>>>>>
>>>>>>
>>>>>> “Xu Ge” ÓÏÏÂÝÉ?ÓÏÏÂÝÉÌÁ ?ÎÏ×ÏÓÔÑÈ
>>>>>> ÓÌÅÄÕÀÝÅ?
>>>>>> news:xxxxx@ntdev…
>>>>>>> hi, all
>>>>>>> i have a volume upper filter dirver based toaster filter driver,
>>>>>>> which to handle the volume C 's read and write requests,
>>>>>>> for other volumes i just passthru. and before the first
>>>>>>> read and write request for volume C arrived, i try to use
>>>>>>> ZwOpenFile to open a file belongs to other volume (eg: volume D),
>>>>>>> but ZwOpenFile never return.
>>>>>>>
>>>>>>> so what am i doing wrong?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>