We have a filter driver which gets deadlocked with AV software's like
Symantec. The sequence of steps that cause dead lock are given below:
1.. CREATE (IRP_MJ_CREATE) request of the other application reaches AV
driver. (note that Our filter driver does not block CREATE requests)
2.. AV driver blocks the other applications CRATE request and initiates
file scan. The AV scan is happening in the context of other application
process context.
3.. AV drivers READ (IRP_MJ_READ) request reaches our filter driver (by
this time the AV CREATE request is success which has been passed through our
filter driver as our filter driver is not blocking create request)
4.. Our filter driver will block the READ request of AV driver and informs
our user mode application about the file being accessed.
5.. Now our user mode application tries to read the file as part of that
it generates CREATE request (IRP_MJ_CREATE) (which will pass through our
filter driver as this request is from our application) and this request is
seen by the AV AV driver and as the scan on that file is not finished, (AV
drivers READ request is blocked by our filter driver for validating the
file) AV is holding this request, which leads to dead lock.
Could any one guide me in finding solution to this.
Help is highly appreciated.
Thanks,
Kedar.
|
Similar Threads
