none
ExAcquireSpinLockExclusiveAtDpcLevel missing _IRQL_requires_max_ annotation RRS feed

  • Question

  • Hi.

    ExAcquireSpinLockExclusiveAtDpcLevel is missing _IRQL_requires_max_(HIGH_LEVEL). According to MSDN, the API can be called at any level equal or higher than DISPATCH_LEVEL. However, because the prototype in wdm.h is missing _IRQL_requires_max_ in WDK version 10.0.17134.0, _IRQL_requires_max_(DISPATCH_LEVEL) is applied implicitly. This causes code analysis warning C28121 when the API is called from a function that runs at a higher IRQL than DISPATCH_LEVEL. 

    The same issue applies to ExReleaseSpinLockExclusiveFromDpcLevel too. 

    (Please let me know if here is not the right place to discuss this topic and ask a fix when necessary.)

    Thank you,

    Saturday, July 21, 2018 2:23 PM

All replies

  • In older versions of the WDK it used to have _IRQL_requires_min_(DISPATCH_LEVEL)  I suspect that is the correct annotation.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Saturday, July 21, 2018 4:44 PM
  • This is correct because this routine is sometimes used to acquire a spinlock at an arbitrary IRQL. Yes, the name contains the phrase "AtDpcLevel", but that just means that it doesn't set IRQL before acquiring the spinlock.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Saturday, July 21, 2018 8:26 PM
    Moderator
  • Thanks Brian and Don for the quick replies.

    The current version of WDK also has _IRQL_requires_min_(DISPATCH_LEVEL) but I believe it is incorrect. Having _IRQL_requires_min_ does not indicate that the function is allowed to be called at a higher IRQL (it is indicating the minimum must be DISPATCH_LEVEL), and because code analysis assumes the maximum allowed IRQL is DISPATCH_LEVEL when no _IRQL_requires_max_ is specified, the current annotation is interpreted as "allowed only at DISPATCH_LEVEL", which is incorrect.

    You can test annotation with code like this:

    #include <ntifs.h>
    
    EX_SPIN_LOCK g_SpinLock;
    
    _IRQL_requires_(DISPATCH_LEVEL + 1)
    VOID Func() {
        ExAcquireSpinLockExclusiveAtDpcLevel(&g_SpinLock);
        ExReleaseSpinLockExclusiveFromDpcLevel(&g_SpinLock);
    }
    
    EXTERN_C NTSTATUS DriverEntry(PDRIVER_OBJECT, PUNICODE_STRING) {
        return STATUS_UNSUCCESSFUL;
    }

    Analysis (on VS 15.8.0 Preview 4) will generate warnings like those. 

    warning C28121: The function 'ExAcquireSpinLockExclusiveAtDpcLevel(&g_SpinLock)' is not permitted to be called at the current IRQ level. The current level is too high:  IRQL was last set to 3 at line 6. The level might have been inferred from the function signature.
    warning C28121: The function 'ExReleaseSpinLockExclusiveFromDpcLevel(&g_SpinLock)' is not permitted to be called at the current IRQ level. The current level is too high:  IRQL was last set to 3 at line 6. The level might have been inferred from the function signature.


    Sunday, July 22, 2018 5:28 AM