none
WdfWaitLockCreate function retrun STATUS_INSUFFICIENT_RESOURCES after windows 10 1903 update RRS feed

  • Question

  • The problem occurred in windows file system kernel driver that running in windows 10 1903.
    When the driver trying to create lock using the

    WdfWaitLockCreate(WDF_NO_OBJECT_ATTRIBUTES, &CA_agentFileObjectLock); 
    i am receiving NTSTATUS STATUS_INSUFFICIENT_RESOURCES
    in previews version of windows 10 (all of them) the NTSTATUS i am getting back from the function is STATUS_SUCCESS.

    i didnt find any record from windows docs that somethings has change with this specific function.
    NTSTATUS documention information is: "Insufficient system resources exist to complete the API."

    Thursday, June 6, 2019 10:41 AM

Answers

  • So, I did identify the problem exactly.  You aren't calling WdfDriverCreate at all, so you are not a KMDF driver.  You are not allowed to call any KMDF functions until you have called WdfDriverCreate.  Without that call, KMDF never initializes the framework runtime.

    If you don't want this to be a KMDF driver, then you need to use a WDM synchronization method.  WdfWaitLock happens to use a KEVENT, but you might find one of the others to be a better fit.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Friday, June 14, 2019 6:01 PM

All replies

  • Odd.  If you look in the source, this means "operator new" failed on the FxWaitLock object.  It has an empty constructor, so that should only be possible if the allocation failed.

    Is it POSSIBLE you're getting in a loop situation and using up all of memory?

    Is it POSSIBLE this call is now getting hit before you have initialized KMDF?


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Thursday, June 6, 2019 5:27 PM
  • Hi thanks for the response.

    The driver worked perfectly before, in all other windows 10 version. the problem occurred after updating to windows 10 1903 last update.

    the system function "wdfwaitlockcreate" is called in a an custom init function that called in the driver entry function.

    there is no loop situation.  there is no problem with memory, the problem occurred in other computers as well.

    at first i did not check the returned value of the lock create function so i did not checked if the allocation was successful and when i tried to acquire the lock i got blue screen with the following error:

    "WDF_VIOLATION".

    i have checked the dump file and discovered the source of the problem. i added few if statement to prevent the blue screen and discovered that lock is never created in the first place (in windows 10 1903 only in other ver work fine)

    if there is any more information you need to help me solve the problem please tell me i will give you all the things you need. this problem most be solved!

    THANKS


    • Edited by IdanMarc Saturday, June 8, 2019 5:32 PM
    Saturday, June 8, 2019 4:42 PM
  • You answered my first question, but not my second.  Are you calling your init function before you call WdfDriverCreate?  You can't call any Wdf functions until you have called WdfDriverCreate.  That's what initializes the framework.  Can you show us your DriverEntry code?

    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Monday, June 10, 2019 7:24 PM
  • The Driver is a file system minifilter so the initialazation line is 

            

    status = FltRegisterFilter(DriverObject,
                                         &FilterRegistration,
         &gSUPFilterData.filterHandle);

    The driver entry function: (the lock create is in "CA_Init" function )

    DriverEntry(
        _In_ PDRIVER_OBJECT DriverObject,
        _In_ PUNICODE_STRING RegistryPath
        )
    {
        NTSTATUS status = STATUS_SUCCESS;
    wchar_t logStrBuff[256];



    UNREFERENCED_PARAMETER(RegistryPath);

    LoggerInit(LOG_PATH);

    LoggerLog(LOGGER_LS_INFO, L"SentinelUNCProvider.c", L"DriverEntry", L"Sentinel UNC Provider is going up");

    swprintf_s(logStrBuff, 256, L"Sentinel UNC Provider version: %s", SENTINEL_UNC_PROVIDER_VERSION);
    LoggerLog(LOGGER_LS_INFO, L"SentinelUNCProvider.c", L"DriverEntry", logStrBuff);

    //
        //  Register with FltMgr
        //

    status = FltRegisterFilter(DriverObject,
                                   &FilterRegistration,
       &gSUPFilterData.filterHandle);

    FLT_ASSERT(NT_SUCCESS(status));

    if (NT_SUCCESS(status)) {

    // init

    //
            //  Start filtering i/o
            //

            status = FltStartFiltering(gSUPFilterData.filterHandle);



    {
    WDFWAITLOCK CA_agentFileObjectLock;
    NTSTATUS stat = WdfWaitLockCreate(WDF_NO_OBJECT_ATTRIBUTES, &CA_agentFileObjectLock);

    if (stat != STATUS_SUCCESS)
    {
    wchar_t strBuff[256];
    swprintf_s(strBuff, 256, L"Failed to init Agent file object lock. Reason: 0x%x", stat);
    LoggerLog(LOGGER_LS_ERROR, L"driver entry", L"1", strBuff);
    //return STATUS_NOT_FOUND;
    }
    else
    {
    LoggerLog(LOGGER_LS_WARN, L"driver entry", L"1", L"File object lock is created");
    }
    }

    if (NT_SUCCESS(status))
    {
    // Init Service comm. layer.
    CS_init();


    // Init Agent comm. layer.
    CA_Init(DriverObject);


    LoggerLog(LOGGER_LS_INFO, L"SentinelUNCProvider.c", L"DriverEntry", L"Sentinel UNC Provider is up");
    }
    else
    {
                FltUnregisterFilter(gSUPFilterData.filterHandle);

    LoggerLog(LOGGER_LS_FATAL, L"SentinelUNCProvider.c", L"DriverEntry", L"Failed to start filtering");
    }
        }
    else
    {
    LoggerLog(LOGGER_LS_FATAL, L"SentinelUNCProvider.c", L"DriverEntry", L"Failed registering SUP");
    }


    Tuesday, June 11, 2019 6:20 AM
  • You can debug this with the WDF source code, just step into the function and see where the error is coming from. Directions for setting up WDF source level debugging are here:

    https://github.com/Microsoft/Windows-Driver-Frameworks/wiki/Debugging-with-WDF-Source


    Scott Noone
    Engineering Partner
    OSR Open Systems Resources, Inc.
    Windows Driver Training, Consulting, Problem Analysis, and Custom Development
    https://www.osr.com
    https://www.linkedin.com/in/scottnoone

    Friday, June 14, 2019 4:00 PM
  • So, I did identify the problem exactly.  You aren't calling WdfDriverCreate at all, so you are not a KMDF driver.  You are not allowed to call any KMDF functions until you have called WdfDriverCreate.  Without that call, KMDF never initializes the framework runtime.

    If you don't want this to be a KMDF driver, then you need to use a WDM synchronization method.  WdfWaitLock happens to use a KEVENT, but you might find one of the others to be a better fit.


    Tim Roberts | Driver MVP Emeritus | Providenza & Boekelheide, Inc.

    Friday, June 14, 2019 6:01 PM