Alexy,
Good point - we’d moved far enough away from the original query that I
had missed that detail.
That suggests that if the filter is going to perform cached I/O against
the file, they need to send the IRP_MJ_CLEANUP and then rely upon the
ObDereferenceObject mechanism to “do the right thing”.
I’d be more inclined to do this using non-cached I/O in any case (if I
were writing an A/V filter, I wouldn’t want to potentially pollute the
cache with a potential virus.)
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexey Logachyov
Sent: Monday, May 10, 2004 10:21 PM
To: ntfsd redirect
Subject: Re:[ntfsd] IoCreateStreamFileObjectLite sets FO_HANDLE_CREATED
?
This is an excerpt from original post:
“During IRP_MJ_CREATE, I need to open file, make some checks and
eventually
deny the create request (Imagine
it is an antivirus).”
I can hardly imagine AV activity without utilizing Cc/Vm services.
That’s
what I held in my mind. Sorry for any confusion introduced from my side.
–htfv
“Tony Mason” wrote in message news:xxxxx@ntfsd…
You will have to explain to me how Mm or Cc can obtain a reference to
the file object without someone issuing a read against that file object
- I’ve certainly never seen such a case, and I’m having a tough time
envisioning how this could arise during normal usage.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexey Logachyov
Sent: Monday, May 10, 2004 7:59 PM
To: ntfsd redirect
Subject: Re:[ntfsd] IoCreateStreamFileObjectLite sets FO_HANDLE_CREATED
?
First of all I was not talking about other filters. Even in case where
there is only one filter and an FSD itself there’s a posibility of
created stream file object to have ref count > 2.
I don’t think that using IoCreateStreamFileObject will cause any
problem.
According to IFS docs, filters might expect to receive IRP_MJ_CLEANUP
requests for previously unseen file objects. According to FastFat and
CDFS sources, file system ignores (completes with STATUS_SUCCESS)
IRP_MJ_CLEANUP requests for unopened file objects. When we send
IRP_MJ_CLEANUP request after create request completed, file system
decodes the file object successfuly and performs all necessary actions.
–htfv
“Tony Mason” wrote in message news:xxxxx@ntfsd…
As I have previously mentioned in this forum (and documented on
OSRONLINE), ANY filter that uses a file object passed to it in the
IRP_MJ_CREATE handler is unstable/unreliable for a number of reasons.
So pointing out that some other filter might be using the file object
you pass down is really immaterial, since they are already broken, even
without your filter installed.
But even if we take Alexey’s concern into account, it argues for sending
down the IRP_MJ_CLEANUP - but we can’t do that until after the
IRP_MJ_CREATE has been sent to the underlying file system, so we can’t
use IoCreateStreamFileObject to do it for us. Thus, an alternative here
would be to create the new stream file object, pass that (via
IRP_MJ_CREATE) to the underlying FSD, perform an IRP_MJ_CLEANUP on the
file object, and then dereference the file object. If there are no
other references to the file object, the IRP_MJ_CLOSE will be generated
and the close processing proceeds. Otherwise, you have a file object
that is in the “between CLEANUP and CLOSE” state (in other words, paging
I/O operations allowed but nothing else.)
Of course, the complexity of all of this underscores the reason we have
so many interesting interop issues.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources Inc
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexey Logachyov
Sent: Monday, May 10, 2004 4:19 PM
To: ntfsd redirect
Subject: Re:[ntfsd] IoCreateStreamFileObjectLite sets FO_HANDLE_CREATED
?
I’m not sure if IoCancelFileOpen is safe to use in this case. File
object may be referenced by several parties (like Mm, Vm, and filter
itself) making ref count > 2. OP noticed that some complex checks may be
performed on stream file objects (like AV checks) which would initialize
caching on the file object.
In this case, I would use IoCreateStreamFileObjectLite (or
IoCreateStreamFileObject on NT4; lite version just makes things a lil
bit cleaner and faster) and after I’m done, send IRP_MJ_CLEANUP manually
(don’t forget to put FO_HANDLE_CREATED flag before that) and dereference
stream
file object.
–htfv
“Tony Mason” wrote in message news:xxxxx@ntfsd…
Ladislav,
IoCancelFileOpen should not be used with files that have handles (the
code bug checks if the reference count is > 2 or if FO_HANDLE_CREATED is
set in the File Object) which is why you would want
IoCreateStreamFileObjectLite (which does not set this bit).
I believe the best choice is to use IoCreateStreamFileObjectLite and
then IoCancelFileOpen when you are done. I haven’t done this in a long
time (read: before IoCancelFileOpen was added as an API) so it is
possible that there is some subtle interaction that I’m missing here.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources Inc
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Monday, May 10, 2004 6:15 AM
To: ntfsd redirect
Subject: Re: [ntfsd] IoCreateStreamFileObjectLite sets FO_HANDLE_CREATED
?
Tony,
thank you for the response.
> If you want to obtain the handle, use IoCreateStreamFileObjectEx.
No, this is what I want to avoid. Calling ZwClose within IRP_MJ_CREATE
handler is a thing which does not seem well to me.
> In all fairness, I am not sure how you are creating your stream file
> object, so I don’t even know where the I/O Manager is sending
your
> IRP_MJ_CLEANUP.)
The file object is simply created by calling IoCreateStreamFileObject.
As the source, the file object from the create IRP is used.
I tried also the “Lite” version.
> I believe that - if you use IoCreateStreamFileObjectLite
> - you can just use IoCancelFileOpen.
I’m not sure where I’ve heard that, but - is it TRUE that
IoCancelFileOpen should not be used on file objects with
FO_HANDLE_CREATED flag set ?
L.
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com