I have been trying to debug a system hang caused when passing a lot of traffic through the winpk filter. I decided to run the driver verifier against it, and at boot I’m greeted by a DRIVER_VERIFIER_DETECTED_VIOLATION BSOD with error code 0x40. The error codes are here:
So, Driver Verifier thinks that we’re calling an optimized spinlock acquire function when our IRQL
I haven’t tried yet with debug symbols, so I haven’t been able to narrow down the offending call. From looking at the code, the most suspect spot I’ve found so far is in LWF’s MF_FindAdapterByUserHandle(). This is the only place That FILTER_ACQUIRE_LOCK() macro gets called as if we are already at DISPATCH_LEVEL. I am going to try always calling NdisAcquireSpinLock()/NdisReleaseSpinLock() to see if this Driver Verifier BSOD (and hopefully the system hang) go away.
Changing the FILTER_ACQUIRE_LOCK() calls to never pass in TRUE have fixed the Driver Verifier violation, but I’m not sure that’s the best fix. It looks like we’re getting in there in a context that we aren’t expecting, and what I did just masks that problem.
And now testing resumes to see if this fixes my system hangs…