Saturday, February 13, 2016

The Mill CPU architecture videos.

Ivan Godard talks on different aspects of the Mill CPU family architecture. The Mill CPU family is an attempt to develop a new high performing architecture with high ILP(instruction level parallelism) on the principles different from mainstream CPU design practice. The real treasure is Ivan Godard's ability to introduce the current state of the field in concise form and then seamlessly move to the Mill architecture that uses a new approach.

Sunday, February 7, 2016

Landauer's eraser

 In 1961 Landauer showed "that the erasure of one bit of information is necessarily accompanied by the release of at least kTln(2) of heat into the environment" this defines the theoretical minimum for energy consumed by a system with memory which is W = kT ln(2) for each bit of a state, where k is a Boltzmann constant and T is a system temperature. This principle helped to solve the paradox of Maxwell's Demon.

  The following articles are a good source of reference

 "The physics of forgetting: Landauer’s erasure principle and information theory" -

Information: From Maxwell’s demon to Landauer’s eraser -

Friday, February 5, 2016

Unsafe use of FltGetFileNameInformationUnsafe

  FltGetFileNameInformationUnsafe name is spot on. It is very unsafe and dangerous function but not in the way mentioned in WDK. The documentation misses yet another dangerous case when it should not be used. This case is related to file system isolation filters( for more information on such filters follow this link ). I would state this additional condition as

  - A filter driver must not use FltGetFileNameInformationUnsafe for file objects it never observed. A filter observed a file object if it was called at least once with this file object for any operation and it never received IRP_MJ_CLOSE for this file object or observed a failed IRP_MJ_CREATE. This condition guaranties that a file object is initialized by a filter of file system driver that is beneath a filter calling FltGetFileNameInformationUnsafe . 

  When the above condition is violated by any file system filter a filter might call an underlying file system with a file object this file system never initialized as the file object was initialized by a file system filter that is above a filter that has called FltGetFileNameInformationUnsafe . At first glance it seems that in that case an upper filter must isolate the underlying filters from such file object. This is true, but there is a degenerate case when a filter can gain access to file objects that it should never see. This is a case of a process creation callback when a file object for executable file is provided as a parameter to a callback and this file object might have been initialized by a file system filter above one that registered this callback. Below is a call stack from the system where Microsoft Windows Defender file system minifilter used FltGetFileNameInformationUnsafe from a process creation callback to query a file name for a file object initialized by a file system filter attached to MiniFilter Manager ( aka fltmgr.sys )


As a result NTFS crashed when it received an IRP with a file object initialized by a file system filter attached to the top of the drivers stack. The obvious solution is to use the old good ObQueryNameString as it has been done for the last 25 years by the kernel itself, for example in NtQueryVirtualMemory when processing a memory region supported by a mapped file. In that case an IRP is created and sent from the very top of a drivers stack so an isolation filter has a chance to intercept this IRP and complete it.