STATUS_FILE_LOCK_CONFLICT

NTFSD
1

Hello!

When I try to write buffer to the file ZwWriteFile() return STATUS_FILE_LOCK_CONFLICT :


char *buffer = MmGetSystemAddressForMdlSafe(MdlAddress, NormalPagePriority);
if(buffer)
{
status = ZwWriteFile(fileHandle,NULL,NULL,NULL,&fileIoStatus,buffer,bytes,&offset,NULL);
}

MdlAddress - valid mdl.

But when I try write simple char* buffer it’s ok :


char *buffer = ExAllocatePool(PagedPool, bufferSize);
if(buffer)
{
status = ZwWriteFile(fileHandle,NULL,NULL,NULL,&fileIoStatus,buffer,bytes,&offset,NULL);
}

Why,what I do wrong?

2

You are focused on the buffer, when a lock conflict would suggest a problem with the offset and length.

If you think it is the file system failing your request, see if it happens on FAT and if it does, build FAT from source (in the WDK) and then trace through it with the kernel debugger.

Tony
OSR

3

Tony Mason, when I write to file bytes = 0x1000 (length) and offset = 0x0,but I’m always catch STATUS_FILE_LOCK_CONFLICT…Don’t understand…

4

Full code in PRE-WRITE CALLBACK in miniFilter :


if(Data->Iopb->MajorFunction == IRP_MJ_WRITE && FlagOn(Data->Iopb->IrpFlags ,IRP_NOCACHE))
{
if(Data->Iopb->Parameters.Write.Length)
{
if(Data->Iopb->Parameters.Write.MdlAddress)
{
buffer = MmGetSystemAddressForMdlSafe(Data->Iopb->Parameters.Write.MdlAddress, NormalPagePriority);
}

status = ZwWriteFile(fileHandle,NULL,NULL,NULL,&fileIoStatus,buffer,
Data->Iopb->Parameters.Write.Length,
Data->Iopb->Parameters.Write.ByteOffset,
NULL);

//status ----> STATUS_FILE_LOCK_CONFLICT

}
}

I’m reading post about this problem on http://www.osronline.com/showThread.cfm?link=143839, but didn’t solve…

5

And this situation repeats on NTFS, but on FAT32 work fine.

6

Hi Alex,

I had a similar issue a few moths ago and later (with some help from NTFSD list) I realized it was about not resetting the TopLevelIrp when doing new I/O from my filter.

Maybe you should check for this.

Regards,

Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br

7

Hi Alex, first of all I would like to ask what do you want to achieve? The second question is to which file “fileHandle” belong?

8

Mitja Kravos,I want to make copy of written file.
“fileHandle” - handle of copy’s file :

status = ZwCreateFile(fileHandle,
FILE_WRITE_DATA |SYNCHRONIZE, &fileObject,
&fileIoStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);

9

Fernando Roberto,you can tell in more detail about this method?

10

Copied from MSDN:

Note ZwCreateFile might return STATUS_FILE_LOCK_CONFLICT as the return value or in the Status member of the IO_STATUS_BLOCK structure that is pointed to by the IoStatusBlock parameter. This would occur only if the NTFS log file is full, and an error occurs while ZwCreateFile tries to handle this situation.

One more question: what is the content of “fileObject”?

11

Sure,

IoTopLevelIrp is an internal variable stored on the TSL. It is used to tell the file system driver who is the system component responsible for a given IRP. This value is changed by the cache manager/memory manager or so.

When you filter such an IRP and you want to send a new one on the same thread context, you need to read the current TopLevelIrp by using IoGetTopLevelIrp and save it on a local variable. Then you need to reset the TopLevelIrp to NULL before sending your IRP down stack using IoSetTopLevelIrp.

After having your IRP completed, you need to restore the actual TopLevelIrp before sending the IRP you received to the underlying file system. You do so by using your local variable.

12

Fernando Roberto,thank you very much,I will try to understand it!
Mitja Kravos,ZwCreateFile() in my code don’t failed,failed only ZwWriteFile()!

13

When I’m start driver verifier,then catch BSOD PAGE_FAULT_NONPAGED_AREA in FastFat.sys on write operation, without verifier all work’s…

Code :

topIrp = IoGetTopLevelIrp();
IoSetTopLevelIrp(NULL);

…My FS operations (ZwCreateFile()/ZwWriteFile())…

IoSetTopLevelIrp(topIrp);

14

Hi Alex,

Additionally, you must be careful about calling Zw routines with high IRQL.
Some operations are received in your filter with higher IRQL than you need to call ZwCreateFile/ZwWriteFile.
These two routines require being called on PASSIVE_LEVEL with APC enabled.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff567121(v=vs.85).aspx

Check your current IRQL before using Zw routines by using KeGetCurrentIrql.

As an alternative, you can build the IRP you need by calling IoBuildSynchronousFsdRequest routine and send it to the underlying file system by using IoCallDriver routine.

http://msdn.microsoft.com/en-us/library/windows/hardware/ff548330(v=vs.85).aspx

Regards,

Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br

15

In my pre-write procedure KeGetCurrentIrql() return PASSIVE_LEVEL and when I’m call ZwWriteFile() catch BSOD (PAGE_FAULT_NONPAGED_AREA) in in a deep of CacheManager (according to minidump analyze)…

topIrp = IoGetTopLevelIrp();

IoSetTopLevelIrp(NULL);

status = ZwCreateFile(fileHandle,
FILE_WRITE_DATA |SYNCHRONIZE,
&fileObject,
&fileIoStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);

<----BSOD---->

status = ZwWriteFile(fileHandle,NULL,NULL,NULL,&fileIoStatus,fileBuffer, fileLength, fileOffset, NULL);

IoSetTopLevelIrp(topIrp );

How I can resolve this problem?

16

Hi Alex,

This is something hard to solve just looking at the source code.
What !analyze -v shows about?

Regards,

Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br