I saw similar issues with a TDI filter and eventually concluded that it was
a verifier ‘failure’ to correctly measure what is going on.
The issue is that somehow the stack got an IRP without out enough stack
locations for each driver in the stack. Since your driver is the first one
with verifier enabled (who knows, maybe it is the top of the stack, but no
matter) it is the first chance verifier has to complain about it.
TDI filtering in particular is so full of bad actors, hacks, and other
ugliness, verifier can hardly be expected to guess if an IRP might actually
succeed. However, I agree with your observation that in this case, verifier
does have enough information to know that the particular IRP *does* have
enough remaining stack locations to traverse the remainder of the device
stack.
I found that using I/O verification in a TDI (filter) stack was very much a
hassle. Let’s face it, a TDI filter has to be explicitly aware of IRP stack
exhaustion and the ‘rules’ get seriously bent to make it all work period.
Given that landscape, it is better for you to have direct instrumentation
(ASSERT()s, etc.) in your code to catch these errors instead of using
verifier to do it for you. Let’s face it. Your driver *does* have all the
information to know when to bugcheck!
Good luck,
Dave Cattley
Consulting Engineer
Systems Software Devlopment
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Monday, September 29, 2008 2:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Skipping IRP stack locations and driver verifier problems
I have a TDI filter driver, which does not need to process all IRPs that it
receives. For the IRPs that I do not want to filter I use the following code
in my dispatch function:
IoSkipCurrentIrpStackLocation(pIrp);
status = IoCallDriver(pDeviceExtension->pLowerDeviceObject, pIrp);
return status;
If the driver verifier is disabled, this works just fine. Enabling the
driver verifier and I/O verification, causes an error:
WDM DRIVER ERROR: This IRP is about to run out of stack locations
Note that the error occurs on Server 2003 (both x86 and x64). It does not
happen on XP x32.
This warning happens only for IRPs that have insufficient stack location
(pIrp->CurrentLocation=1). Here is the callstack before calling the filtered
driver
mydriver!MyDeviceExtensionDispatchInternal+0x10b
mydriver!MyDispatchInternal+0x73
nt!IovCallDriver+0x1b5
netbt!NbtDpcPostIrpToProvider+0x7e
nt!KiRetireDpcList+0x150
nt!KiDispatchInterrupt+0x4f
At that time: pIrp->StackCount = 2 and pIrp->CurrentLocation = 1
After calling IoSkipCurrentIrpStackLocation, pIrpCurrentLocation is 2 (as
expected), and pIrp->Tail.Overlay.CurrentStackLocation has changed.
I have several questions:
- Is this the right way to pass IRPs that I do not want to have a
completion routine for down to the lower driver?
- Is the driver verifier correct is pointing a problem or this is a false
positive? Is the verifier confused by the use of
IoSkipCurrentIrpStackLocation and if so, is there a way to get by this
problem?
Thank you in advance,
–aydan
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer