The document discusses how IO requests are handled in Windows from userland down to the hardware level using IO Request Packets (IRPs). It explains that when an application makes an IO call like ReadFile, the IO Manager creates an IRP that encapsulates the request and passes it through a stack of drivers. Each driver can perform tasks and pass the IRP to the next driver down until it reaches the hardware driver, which completes the request. On completion, the hardware driver calls up through completion routines while passing back the IRP.

1. Windows IO Manager and
Layered Driver Framework
Sisimon Soman

2. App issue ReadFile
NtReadFile
User Land
Kernel Land
IO Manager
IO Mgr create IRP Packet,
IRP send to driver stack
File System
Volume Manager
Disk Class Driver
Hardware Driver

3. What is IO Request Packet (IRP)
IO Operation passes thru,
– Different stages.
– Different threads.
– Different drivers.
IRP Encapsulate the IO request.
IRP is thread independent.

4. IRP Continued..
Compare IRP with Windows Messages
-MSG structure.
Each driver in the stack do its own task,
finally forward the IRP to the lower driver
in the stack.
IRP can be processed synchronously or
asynchronously.

5. IRP Continued..
Usually lower level hardware driver takes more
time. H/W driver can mark the IRP for pending
and return.
When H/W finish IO, H/W driver complete the
IRP by calling IoCompleteRequest().
IoCompleteRequest() call IO completion routine
set by drivers in stack and complete the IO.

6. Structure of IRP
Fixed IRP Header IRP Header
Variable Stack locations –
– One sub stack per driver Stack Location 1
Stack Location 2
Stack Location 3
Stack Location N

7. Flow of IRP
IRP for Storage
Stack
Storage Stack
IRP Header
File System Stack Location 1
Volume Manager Stack Location 2
Disk Class Driver Stack Location 3
Hardware Driver Stack Location 4
Forward IRP to lower
driver in the stack

8. Flow of IRP Completion
IRP for Storage
Stack
Storage Stack
IRP Header
File System –
Stack Location 1
Completion Routine
Volume Manager –
Stack Location 2
Completion Routine
Disk Class Driver –
Stack Location 3
Completion Routine
Hardware Driver –
Stack Location 4
Complete the IRP
Call the completion routine while
completing the IRP

9. IRP Header
IO buffer Information.
Flags
– Page IO Flag
– No Caching IO flag
IO Status – On Completion set this to IO
Completed.
IRP cancel routine

10. IRP Stack Location
IO Manager get the driver count in the
stack from the top device in the stack.
While creating IRP, IO manager allocate
the IO stack locations equal to the device
count from the top device object.

11. Contents of IO Stack Location
Major and minor function code,
– IRP_MJ_PNP
IRP_MN_START_DEVICE
IRP_MN_QUERY_REMOVE_DEVICE
Argument Specific to the function code
// System service parameters for: NtReadFile
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Read;
// System service parameters for: NtWriteFile
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Write;

12. Contents of IO Stack Location
IO Completion routine specific to the
driver.
File object specific to the request.

13. Asynchronous IO
CreateFile(…, FILE_FLAG_OVERLAPPED ,..),
ReadFile(.., LPOVERLAPPED)
When complete the IO operation, IO Mgr
signal the EVENT in LPOVERLAPPED.

14. How Async IO work in Kernel
Lower layer driver complete IRP in arbitrary
thread context.
IO Mgr call IO Completion routine in reverse
order.
If operation is Async, IO Mgr queue an APC
specific to the initiator thread.
This APC has complete info of buffer, size info.
This APC get executed later in the context of
initiator thread, which copy buffer to user space,
trigger the event set by App.

15. Common issues related IRP
After forward the IRP down, don’t touch it (except from
IO completion routine).
If lower driver mark the IRP for pending, all top layer
driver should do the same.
If a middle level driver need to keep the IRP for further
processing after completing it by lower driver, it can
return STATUS_MORE_PROCESSING REQUIRED
from completion routine.
Middle layer driver should complete it later.
See ReactOS source code (instead of reading 20 page
doc)
FastIO - Concepts

16. Part 2
How device stack setup

17. Bus driver, notice new device

18. Create Physical Device Object
Bus driver, notice new device

19. Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

20. PNP query devices
(Device relations) in bus
Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

21. PNP MhrGet the H/W device ID
PNP query devices
(Device relations) in bus
Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

22. Get Functional Driver Info from
registry using H/W Device ID
PNP MhrGet the H/W device ID
PNP query devices
(Device relations) in bus
Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

23. Load Functional driver,call
AddDevice()
Pass PDO of device also
Get Functional Driver Info from
registry using H/W Device ID
PNP MhrGet the H/W device ID
PNP query devices
(Device relations) in bus
Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

24. Create FDO of device,Attach to
PDO,Continue this for all devices
Load Functional driver,call
AddDevice()
Pass PDO of device also
Get Functional Driver Info from
registry using H/W Device ID
PNP MhrGet the H/W device ID
PNP query devices
(Device relations) in bus
Inform PNP, something changed
Create Physical Device Object
Bus driver, notice new device

25. PDO-FDO pair with
registered filter driver for a
Device
PDO-FDO pair for a Device Upper Filter
Functional Device Object
Functional Device Object
Lower Filter
Physical Device Object
Physical Device Object

26. Real world example
How storage stack build up

27. Questions ?