Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Use the following general guidelines when designing and writing SynchCritSection routines that maintain state information:
To access data that an ISR also accesses, a driver routine must call a SynchCritSection routine. Noncritical section code can be interrupted. Remember that it's not sufficient to just acquire a spin lock to protect data that ISRs also access, because ISRs execute at DIRQL and acquiring a spin lock (KeAcquireSpinLock) only raises IRQL to DISPATCH_LEVEL, which allows an interrupt to invoke the ISR on the current processor.
Give each SynchCritSection routine that maintains state information responsibility for a discrete set of state variables. That is, avoid writing SynchCritSection routines that maintain overlapping state information.
This approach prevents contention, and possibly race conditions, between SynchCritSection routines (and the ISR) trying to access the same state concurrently.
This approach also ensures that each SynchCritSection routine returns control as quickly as possible. That is, one SynchCritSection routine never has to wait for another that updates some of the same state information to return control.
Avoid writing a single, large, general-purpose SynchCritSection routine that does more testing of conditions to determine what to do than actually doing useful work. On the other hand, avoid having many SynchCritSection routines that never execute a conditional statement because each updates only a single byte of state information.
Ensure every SynchCritSection routine returns control as quickly as possible, because running any SynchCritSection routine prevents the driver's ISR from executing.
The following example shows a technique for maintaining a timer counter in a device extension. Assume the driver uses the counter to determine if an I/O operation times out. Also assume the driver doesn't overlap I/O operations.
The driver's StartIo routine initializes the timer counter to some initial value for each I/O request. The driver then adds a second to its device timeout value, in case its IoTimer routine just returned control.
The driver's ISR sets this timer counter to minus one.
The driver's IoTimer routine is called once per second to read the time counter and determine whether the ISR already set it to minus one. If not, the IoTimer routine decrements the counter by using KeSynchronizeExecution to call a SynchCritSection_1 routine.
If the counter goes to zero, indicating that the request timed out, the SynchCritSection_1 routine calls a SynchCritSection_2 routine to program a device reset operation. If the counter is minus one, the IoTimer routine simply returns.
If the driver's DpcForIsr routine must reprogram the device to begin a partial-transfer operation, it must reinitialize the timer counter as the StartIo routine did.
The DpcForIsr routine also must use KeSynchronizeExecution to call the SynchCritSection_2 routine, or possibly a SynchCritSection_3 routine, to program the device for another transfer operation.
In this scenario, the driver has more than one SynchCritSection routine, each with discrete, specific responsibilities: one to maintain its timer counter, and one or more others to program the device. Each SynchCritSection routine returns control quickly because it performs a single, discrete task.
The driver has a single SynchCritSection_1 routine which, along with the driver's ISR, maintains the state to the timer counter. Thus, there's no contention for access to the timer counter among several SynchCritSection routines and the ISR.