Windows 2000 interrupt level (IRQL)

Windows 2000 interrupt level (IRQL) Generate object IRQL name Purpose 1, Hardware High_level Machine checksum and bus errors 2, Power_level Power Supply Failure interruption 3, Ipi_level MP system processor room doorbell 4, Clock2_level Interval clock 25, Clock1_level Interval clock 16, Profile_level Configuration File timer 7, Dorql The number of Iot platform dependent on IO Device interruptions 8, Software Dispatch_level Execution of Thread Scheduling and latency process calls 9, Apc_level Asynchronous process invocation 10, Passive_level After the lower thread executes the hierarchical access register to know the hardware function, it must also know how to pass Program The design method references the register of the device. To achieve this goal, you must also know two types of information. 1. The first register address of the device. 2. All address spaces in the register. The device register is usually located in a continuous address space. therefore, the address of the first register is a clue required to access all other registers. unfortunately, the term address has different meanings in virtual address spaces on different platforms. you can use CPU-specific I/O commands or standard internal reference commands. Dedicated cpu I/O command access. In the intel X86 architecture, the I/O address space is 64 KB (16 bits). In the assembly language, two commands are defined for reading and writing: In and out. Access the Hal macro of port 6 in the I/O space Read_port_xxx reads a single value from a port Write_port_xxx writes a single value to the port Read_port_buffer_xxx reads a set of values from a continuous I/O port Write_port_buffer_xxx writes a set of values to a continuous I/O port. Memory ing register Read_register_xxx reads a single value from the I/O register Write_register_xxx writes a single value to an I/O register Read_register_buffer_xxx reads a set of values from a continuous I/O register. Write_register_buffer_xxx writes a set of values to a continuous I/O register. Common driver columns 1. DriverEntry (driver entry) Pdriverobject-> DriverEntry = DriverEntry; IRQL = passive_level Ntstatus DriverEntry (in pdriver_object pdriverobject, in punicode_string pregistrypath ){} 2. reinitialize (reinitialization routine) Pdriverobject-> driverreinitialize = driverreinitialize; 3. driverunload (uninstall routine) Pdriverobject-> DriverEntry = DriverEntry; 4. Shutdown (close the routine) Pdriverobject-> drivershutdown = drivershutdown; 5. bugcheck (fault detection routine) Pdriverobject-> driverbugcheck = driverbugcheck; 6. createdispatch (executed when createfile is called by the user layer. irp_mj_create) 7. closedispatch (executed when the user layer calls closehandle. irp_mj_close) 8. writedispatch (executed when the user calls writefile. irp_mj_write) 9. readdispatch (executed when the user layer calls readfile. irp_mj_read) 10. devicecontroldispatch (when the user layer calls deviceiocontrol to execute. irp_mj_device_control) the dispatch column is bound to the majorfunction pointer of the driver object. Pdriverobject-> majorfunction [irp_mj_create] = createdispatch; Pdriverobject-> majorfunction [irp_mj_close] = closedispatch; Pdriverobject-> majorfunction [irp_mj_write] = writedispatch; Pdriverobject-> majorfunction [irp_mj_read] = readdispatch; Pdriverobject-> majorfunction [irp_mj_device_control] = devicecontroldispatch; 11. driverstartio (executed when the device needs to start data transmission) Pdriverobject-> driverstartio = driverstartio; Synchronous callback routine 1. controllercontrol routine A single controller (card) supports multiple functions. there is only one function running on the card each time. when I/O is complete, the driver releases the controller. usually in a dpcforisr routine. 2. adaptercontrol routine When the ownership is allowed, the callback routine is executed. It is usually a DMA channel. 3. synchcritsection routine. It is usually used to access register synchronization. IRP Structure Typedef struct _ IRP {cshort type; ushort size; // define the common fields used to control the IRP. ///// define a pointer to the memory descriptor list (MDL) for this I/O // request. this field is only used if the I/O is "direct I/O ". // pmdl mdladdress; // list of memory descriptions pointing to the user space // flags word-used to remember varous flags. // ulong flags; // The following union is used for one of three purposes: // 1. this IRP is an associated IRP. the field is a pointer to a master // IRP. /// 2. this is the master IRP. the field is the count of the number of // IRPs which must complete (associated IRPs) before the master can // complete. /// 3. this operation is being buffered and the field is the address of // The system space buffer. // Union {struct _ IRP * masterirp; long irpcount; pvoid systembuffer; // point to System Buffer} associatedirp; /// thread List entry-allows queueing the IRP to the thread pending I/O // request packet list. // list_entry threadlistentry; // I/O status-final status of operation. // io_status_block iostatus; // contains the I/O Request status // requestor mode-mode of the original requestor of this operation. // kprocessor_mode requestormode; // pending returned-true if pending was initially returned as the // status for this packet. // Boolean pendingreturned; // stack state information. // char stackcount; char currentlocation; // cancel-packet has been canceled. // Boolean cancel; // indicates that the IRP has been canceled /// cancel IRQL-IRQL at which the cancel spinlock was acquired. // kirql cancelirql; // apcenvironment-used to save the APC environment at the time that the // packet was initialized. // cchar apcenvironment; // allocation control flags. // uchar allocationflags; // user parameters. // pio_status_block useriosb; pkevent userevent; Union {struct {pio_apc_routine userapcroutine; pvoid userapccontext;} asynchronousparameters; large_integer allocationsize;} overlay; /// cancelroutine-used to contain the address of a cancel routine supplied // by a device driver when the IRP is in a cancelable state. // pdriver_cancel cancelroutine; /// note that the userbuffer parameter is outside of the stack so that I/O // completion can copy data back into the user's address space without // having to know exactly which service was being invoked. the length // of the copy is stored in the second half of the I/O status block. if // The userbuffer field is null, then no copy is saved med. // pvoid userbuffer; // user space address of the I/o buffer /// kernel structures /// the following section contains kernel structures which the IRP needs // In order to place various work information in kernel controller system // queues. because the size and alignment cannot be controlled, they are // placed here at the end so they just hang off and do not affect the // alignment of other fields in the IRP. // Union {struct {Union {// devicequeueentry-the device queue entry field is used to // queue the IRP to the device driver device queue. // kdevice_queue_entry devicequeueentry; struct {// The following are available to the driver to use in // whatever manner is desired, while the driver owns the // packet. // pvoid drivercontext [4] ;};//// thread-pointer to caller's thread control block. // pethread thread; // auxiliary buffer-pointer to any auxiliary buffer that is // required to pass information to a driver that is not contained // in a normal buffer. // pchar auxiliarybuffer; // The following unnamed structure must be exactly identical // to the unnamed structure used in the minipacket header used // for Completion queue entries. // struct {// List entry-used to queue the packet to Completion queue, among // others. // list_entry listentry; Union {// current stack location-contains a pointer to the current // io_stack_location structure in the IRP stack. this field // shoshould never be directly accessed by drivers. they shocould // use the standard functions. // truct _ io_stack_location * currentstacklocation; // I/O stack bit, the function that saves the I/O Request Code And parameter S /// minipacket type. // ulong packettype ;};}; // original file object-pointer to the original file object // that was used to open the file. this field is owned by the // I/O system and shoshould not be used by any other drivers. // pfile_object originalfileobject;} overlay; // APC-This APC control block is used for the special kernel APC as // Well as for the caller's APC, if one was specified in the original // argument list. if so, then the APC is reused for the normal APC for // whatever mode the caller was in and the "special" routine that is // invoked before the APC gets control simply deallocates the IRP. // kapc APC; // completionkey-this is the key that is used to distinguish // individual I/O operations initiated on a single file handle. // pvoid completionkey;} tail;} IRP, * pirp; The iostatrtpacket function that operates the IRP header sends the IRP to the start I/O routine dispatchiocompleterequest to indicate that all processing has been completed. worker sends the next IRP to the start I/o routine dpcforisriocalldriver and sends the IRP to another driver dispatch ioallocateirp to request an additional IRP dispatch iofreeirp release the irp I/O completionirp stack location allocated by the driver. caller stack (stack slot) the pointer dispatchiomarkirppending sets the caller's stack slot mark as the need for further processing dispatchiogetnextirpstacklocation to obtain the pointer dispatchiosetnextirpstacklocation pointing to the next low-level driver and pushes the I/O Stack pointer to a position. dispatchiosetcompleteroutime puts the I/O completion routine on the I/O stack slot of the next low-level driver. address of the pdriver_unload driverunload driver start I/O routine. pdriver_dispatch majorfunction driver dispatch routine table, index by I/O operation code pdevice_object deviceobject connection list of Device objects created by the driver device object structure pvoid deviceextension pointing to the device extension structure pdriver_object driverobject pointing to the device's driver object ulong flags provision the buffer policy of the device is (do_buffered_io or do_direct_io) pdevice_object nextdevice points to the minimum number of I/o stack locations required by the next device that belongs to the driver cchar stacksize sent to the device's IRP ulong alignmentrequirement buffer requires the memory to adjust the iocreatedevice function of the operation device object to establish the dirverentry or identifier of the device object enables the device object to be visible to Win32. dirverentry or adddeviceioattachdevice attaches a filter to the device object. dirverentry or adddeviceiogetdeviceobjectpointer attaches the driver to the device object. the dirverentry or adddevice iocalldriver on the other driver sends the IRP request to another driver disconnects the dispatchiodetachdevice from the low-level driver. Unload or remove the device object unload or removedeivceiodeletedevice from the Win32 namespace from the system. delete the access function of the device object unload or removedeivce controller object iocreatecontroller creates the Controller object ioallocatecontroller and requests the Controller's exclusive permission iofreecontroller to release the Controller's ownership iodeletecontroller to delete the function of the control object manipulating the adapter object from the system. DMA transmission) iogetdmaadapter obtains the pointer allocateadapterchannel to the adapter object. After the request separately owns the DMA hardware maptransfer and establishes the DMA hardware flushadapterbuffers for data transmission, cleaning buffer data freemapregisters release freeing register freeadapterchannel release adapter object interrupt object only provides a way to find kernel interrupt scheduler, find the correct service routine to operate the interrupted object when an interruption occurs. Halgetinterruptvector converts the loss of bus-related interruptions to the value in the system range. Ioconnectinterrupt associates the interrupted service routine with a lost value. Kesynchronizeexecution is run synchronously on drivers of different IRQL levels. Iodisconnectinterrupt: Delete the interrupt object Memory Allocation Type 1. Use the kernel stack allocation (the stack size is 12 k) 2. Use the exallocatepool or exfreepool3. region buffer for the pool area Use exallocatepool before using exinitializezone for initialization Allocate the use of exallocatefromzone or exinterlocked-allocatefromzone (mutual lock function) Exfreetozone or interlockedfreetozone) Use exextendzone or exinterlockedextendzone extension 4. Use the backup list Initialization: exinitializenpagedlookasidelist or exinitializepagedlookasidelist Allocation: exallocatenpagedlookasidelist or exallocatepagedlookasidelist Release: exfreetonpagelookasidelist or exfreetopagelookasidelist Delete backup list: exdeletenpagelookasidelist or exdeletepagelookasidelist Interrupt Synchronization Interrupt Blocking) Keraiselrql Change the cpu irql level to the specified value. Kelowerlrql Set the low cpu irql Value Kegetcurrentirql The IRQL that returns the IRQL value of the CPU to be called. The IRQL of the IO completion routine is determined by the underlying driver call. The kernel event is introduced to process the IO completion routine.