How to send IOCTLs to a filter driver KB uses wrong mutex?
in [Device Drivers]
|
Prev: UpdateDriverForPlugAndPlayDevices() return ERROR_FILE_NOT_FOUND on Vista x86
Next: EvtDeviceArmWakeFromSx not called
From: Gabe on 13 Nov 2006 13:06 The microsoft KB on "How to send IOCTLs to a filter driver" http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q262305 uses a FastMutex to synchronize creation and deletion of control objects. The documentation for ExAcquireFastMutexUnsafe says: ExAcquireFastMutexUnsafe can be safely called only at IRQL = APC_LEVEL. Even if you were to use ExAcquireFastMutex, it sets the IRQL to APC_LEVEL. However, in the MS example, FilterCreateControlObject calls IoCreateSymbolicLink after calling ExAcquireFastMutexUnsafe and the documentation for IoCreateSymbolicLink says: Callers of IoCreateSymbolicLink must be running at IRQL = PASSIVE_LEVEL So is this a bug? Or did I miss some documentation where this is ok? I've run the code and it didn't crash, but according to the documentation, this isn't right. Gabe
From: soviet_bloke on 13 Nov 2006 23:27
Hi mate Whenever you see "Can be called only at PASSIVE_LEVEL" statement in documentation, in most cases it means that the target function may either enter the wait state, or access pageable memory, i.e. do something that one can do only at IRQL< DISPATCH_LEVEL. Once these operations can be done at APC_LEVEL, calling the target function at APC_LEVEL works fine. In other words, don't take MSDN documentation literally..... Anton Bassov Gabe wrote: > The microsoft KB on "How to send IOCTLs to a filter driver" > http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q262305 uses a > FastMutex to synchronize creation and deletion of control objects. The > documentation for ExAcquireFastMutexUnsafe says: > > ExAcquireFastMutexUnsafe can be safely called only at IRQL = APC_LEVEL. > Even if you were to use ExAcquireFastMutex, it sets the IRQL to > APC_LEVEL. > > However, in the MS example, FilterCreateControlObject calls > IoCreateSymbolicLink after calling ExAcquireFastMutexUnsafe and the > documentation for IoCreateSymbolicLink says: > > Callers of IoCreateSymbolicLink must be running at IRQL = PASSIVE_LEVEL > > So is this a bug? Or did I miss some documentation where this is ok? > I've run the code and it didn't crash, but according to the > documentation, this isn't right. > > Gabe |