Re: Communication between Ring0 and Ring3

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Krish Menon (anonymous_at_discussions.microsoft.com)
Date: 03/18/04 

Date: Wed, 17 Mar 2004 16:11:06 -0800

Thanks for the responses, guys. Yes, I am trying to make these decisions on create/open. I've also managed to tweak my design around so that my user-mode app can do a lot of "pre-evaluation" and provide info to the file system filter driver so that the driver can simply look up this info and make a decision when the create/open requests are encountered - as you said, Mark, caching the policy info in the kernel. However, there are still some scenarios where I need to depend on user mode components external to my app, so in those scenarios, I can't seem to avoid going up to user mode.

I can work in some sort of timeout mechanism and default policy decision. But what would you define as "'takes too long'"? How long can the kernel mode thread safely wait for a decision to come back?

TIA

Krish
     
     ----- Mark Roddy wrote: -----
     
     The OP appears to be performing a file filtering operation on create/open
     requests, so presumably he is using the thread that requested the
     open/create, and he is by definition at passive level. There is nothing
     particularly wrong with this thread waiting for his user mode service to
     make a go/no-go policy decision. He does have to handle the case where the
     service terminates, or perhaps even 'takes too long'. And as you say he
     would be better off from a performance standpoint to at least cache the
     policy information in the kernel. I'm guessing he has good reasons for
     running the policy decisions up in lusermode.
     
     --
     
     =====================
     Mark Roddy
     Windows 2003/XP/2000 Consulting
     Hollis Technology Solutions 603-321-1032
     www.hollistech.com
     markr@hollistech.com
     
     
     "Farooque Khan" <farooquek@NoSpamPls-concretioindia-NoSpamPls.com> wrote in
     message news:unGzgX0BEHA.2600@TK2MSFTNGP09.phx.gbl...
> You can wait for user mode actions, in kernel mode (see
> KeWaitForSingleObject() etc).
> But there are IRQL restrictions, you CAN'T wait for ANYTHING if you are
> running
> at or above DISPATCH_LEVEL.
>> BTW, it's considered inefficient to wait like this, in the kernel mode.
     You
> should
> look to transfer the descision making code down to the driver.
>> HTH,
> --
>> -Farooque Khan
> http://farooque.150m.com
>>>>> "Krish Menon" <anonymous@discussions.microsoft.com> wrote in message
> news:00F495D9-2997-4297-AB49-69A20A2B61ED@microsoft.com...
>> Mark, I'm interested in this scenario myself and plan to use two custom
> IOCTL codes to pick up requests from the driver and deliver responses to
     the
> driver, which sounds like what you suggested. The only thing is, I want
     the
> driver to wait for the user mode app's response before it proceeds and I'm
> wondering if its safe to do that. For example, when a file open request
> comes in, I want the driver to communicate this to a user mode app, wait
> till it gets an allow/deny decision back from the user mode app and then,
> well, either allow or deny the file open request. I've come across other
> discussion threads that say this is a no-no and that ring 0 code should
> never wait for action by ring 3 code, hence the uncertainty.
>>>> I need to do this on the 9x family as well as the NT family.
>>>> TIA for your help.
>>>> Krish
>>>> ----- Mark Roddy wrote: -----
>>>>>> "Vinay" <v.sheel@mailcity.com> wrote in message
>> news:u2TjYNr%23DHA.2512@TK2MSFTNGP11.phx.gbl...
>>> Hi,
>>> Whats the communication way from ring0 to ring3 application.
>>> Is it true "Calling Ring 3 From FSD Or IFS Hook Causes Ring 3 To
> Hang" ?
>>>>>>> You don't call from kernel mode to user mode. The methods available
> for
>> communication between driver and application are also suitable for
> having an
>> application call whatever usermode api you think you need to be
> invoked.
>> Use an IRP and a custom IOCTL request. If you need output back from
> user
>> mode in your driver, then you need two irps, one to start the call
     ,
> the
>> second to deliver the results, and you need some mechanism to
> assoicate
>> respones with request.
>>>>>> =====================
>> Mark Roddy
>> Windows 2003/XP/2000 Consulting
>> Hollis Technology Solutions 603-321-1032
>> www.hollistech.com
>> markr@hollistech.com
>>>>>>>>

Relevant Pages

  • 2.6.0-test7: suspend to disk: no mouse or sound after suspend
    ... Using Gentoo with kernel 2.6.0-test7. ... Sound, no output after suspend. ... completing PM request, suspend ... registered new driver usbfs ...
    (Linux-Kernel)
  • [PATCH] Documentation: remove duplicate cleanups
    ... contains a naming policy within the kernel that is ... online status monitoring capabilities of the Linux DAC960 Driver. ... that submitted the just completed request are examined. ... This is useful if you are running a CPU ...
    (Linux-Kernel)
  • Re: When to write as a device driver instead of just a library.
    ... > one write the code as a device driver as opposed to a plain simple ... In general if it can be done in user mode, ... or major advantages to a kernel mode implementation, ... If you communicate with a device that way, ...
    (comp.os.linux.development.system)
  • Re: Getting Kernel Shared section object name in Appln
    ... synchronize the user and kernel space code safely. ... Windows drivers, you use IOCTL's to send data from the user to the driver, ... I need to allocate memory in kernel mode, fill it and then user mode ... then ZwCreateSection function ...
    (microsoft.public.development.device.drivers)
  • Re: Communication between Ring0 and Ring3
    ... particularly wrong with this thread waiting for his user mode service to ... > look to transfer the descision making code down to the driver. ... either allow or deny the file open request. ...
    (microsoft.public.development.device.drivers)