Thursday, October 4, 2012

Suggestions

Hi everyone. It seems lately I'm having a hard time coming up with good topics, so I wanted to ask you to send me emails with topics you might be interested in. These could be things you already know but you think might be beneficial to have posted somewhere to the rest of the community or things you're not sure about. However, please keep the requests specific. Things like "minifilter interaction with the memory manager" are simply too vague to be helful. You could ask about specific functions or behaviors or structure members (but again, please keep it specific). You can find my email address on my contact information on this blog.

Thanks,
Alex.

3 comments:

  1. Hi Alex, Can you write about how to handle re-entrancy in minifilter. Even though FltXX functions does provide some insulation but there are many cases that IO can reenter. For example, how to identify if the IO issued by mini-filter reenters the stack due to underlying filter sending it to top of the stock. I have seen legacy driver use TLS or TOpLevelIRp and in some cases secondary device object. But its NOT really clear which one to use when. Would be helpful if there is some light on it. I know this is also a vague question. Let me know if you want more specifics of the problem

    ReplyDelete
    Replies
    1. Hi Sridhar,

      Are you referring to the IRP_MJ_CREATE path or do you mean IO in general ? I would like more specifics on the problem :).

      Thanks,
      Alex.

      Delete
    2. Hi Alex, I think Re-entrancy in general for mini-filters but IRP_MJ_CREATE is most sought after.

      This is a complex topic but I had to research so much to proof my minifilter from re-entrancy in various cases (My minifilter is layered FS).

      For example, TopLevelIRP is being used to distinguish to deal with Cache manager and VM interactions in read/writes. Using a different deviceObject whenever opening a file in my filter, so i can distinguish if at all it comes back to me (for example, CSC driver will put it on the stack if the file is residing locally). And have seen legacy driver used TLS to identify the original thread that requested the IO. Would be great if reentrancy can be discussed as an article without explaining the interactions (these can be found in many books ) but techniques as a resource in such cases.

      Delete