winfsp / winfsp

Windows File System Proxy - FUSE for Windows
https://winfsp.dev
Other
7.03k stars 509 forks source link

Winfsp mount failed #575

Open Emma1963 opened 2 months ago

Emma1963 commented 2 months ago

Hi WinFsp author(billziss-gh),

We are using WinFsp with license. We have several customers with a mount failed issue. The error code is system.Exception: 0xC0000022

We suspect there are some other drivers made this happened. But it is hard to know which one, because different customer has different environment and even install different softwares in one customer's environment. So we would like to reach out to see if there is any tool or command can help us to know which driver blocks out customermized WinFsp?

We could run fltmc command to see all the filters.

Here is one example customer: image

BTW, we didn't use the latest WinFsp code.

Thank you, Emma

Emma1963 commented 2 months ago

Is there any software list about this? Then I can send back to the customers to check.

billziss-gh commented 2 months ago

The C0000022 error code is STATUS_ACCESS_DENIED. How do you mount your file system in order to receive this error code? (Do you mount as local drive, do you use the Mount Manager, etc.)

FYI, your customer has many non-standard filters, but I am uncertain if this has anything to do with your problem.

Emma1963 commented 2 months ago

Thank you for the quick respond. We use Disk not network.

I would like to share more things to see whether anything can help.

  1. CBFS worked on the customer's machine.
  2. I refred to this article https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/allocated-altitudes, I could get the information for the filters I showed in the screenshot which are not belong to Microsoft. Do you have any experience which one would block our Fsp.sys file? If we want to add some white list. The file name we should share is the .sys file, correct?
    tedrdrv.sys    380430    Palo Alto Networks
    bhdrvx64.sys    365100    Symantec
    eeCtrl.sys    329010    Symantec
    SRTSP.sys    329000    Symantec
    CyvrFsfd.sys    321234    Palo Alto Networks
    symefasi.sys    260610    Symantec Corporation
  3. Is there any way to help us to know which non-standard filters block us? Or only the way is to uninstall them to try? Would run 'fltmc instances' can help? Just would like to have a guidence what we could do.
billziss-gh commented 2 months ago

@Emma1963 I understand that you do disk mounting. But do you use the Mount Manager for this purpose? If yes, do you make sure that the process that is used to mount runs with administrative privileges?

Emma1963 commented 2 months ago

The 'CompanyFsp' would be a local driver not a global driver. Our application didn't run as administrative privileges. Actually it won't work if the user runs as admin.

billziss-gh commented 2 months ago

@Emma1963 Please clarify if you use the Mount Manager or not. I insist on this because it is the only likely component that can return STATUS_ACCESS_DENIED during mounting.

Emma1963 commented 2 months ago

Could you please advice how to check on this?

Emma1963 commented 2 months ago

I saw your comments in this https://github.com/winfsp/winfsp/issues/573#issue-2460101049 If use Mount Manager, it should be a global driver.

Emma1963 commented 2 months ago

@billziss-gh I am sure we don't use Mount Manager. Because our repository about xFsp didn't update from 2019. I saw Mount Manager was supported in 2022. We had a meetin with the customer.

The customer uninstalled all the softwares above. I turned on our fsp logs. But there is no logs at all. I run 'fltmc instances', it didn't show the file system object. `Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus


CSAgent 321410 CSAgent Instance 0 0000000f
CSAgent 321410 CSAgent Instance 0 0000000f
CSAgent C: 321410 CSAgent Instance 0 0000000f
CSAgent 321410 CSAgent Instance 0 0000000f
CSAgent \Device\Mailslot 321410 CSAgent Instance 0 0000000f
CSAgent \Device\Mup 321410 CSAgent Instance 0 0000000f
CSAgent \Device\NamedPipe 321410 CSAgent Instance 0 0000000f
FSpy 00000000
FSpy 00000000
FSpy C: 00000000
FSpy 00000000
FSpy \Device\Mup 00000000
FileInfo 40500 FileInfo 0 0000000f
FileInfo 40500 FileInfo 0 0000000f
FileInfo C: 40500 FileInfo 0 0000000f
FileInfo 40500 FileInfo 0 0000000f
FileInfo \Device\Mup 40500 FileInfo 0 0000000f
UCPD 385250.5 UCPD - Top Instance 0 0000000f
UCPD 385250.5 UCPD - Top Instance 0 0000000f
UCPD C: 385250.5 UCPD - Top Instance 0 0000000f
UCPD 385250.5 UCPD - Top Instance 0 0000000f
UCPD \Device\Mup 385250.5 UCPD - Top Instance 0 0000000f
Wof 40700 Wof Instance 0 0000000f
Wof C: 40700 Wof Instance 0 0000000f
Wof 40700 Wof Instance 0 0000000f
aksdf 145900 aksdf Instance 0 00000000
aksdf 145900 aksdf Instance 0 00000000
aksdf C: 145900 aksdf Instance 0 00000000
aksdf 145900 aksdf Instance 0 00000000
aksdf \Device\Mup 145900 aksdf Instance 0 00000000
bfs 150000 bfs 0 0000000f
bfs 150000 bfs 0 0000000f
bfs C: 150000 bfs 0 0000000f
bfs 150000 bfs 0 0000000f
bfs \Device\Mailslot 150000 bfs 0 0000000f
bfs \Device\Mup 150000 bfs 0 0000000f
bfs \Device\NamedPipe 150000 bfs 0 0000000f
bindflt C: 409800 bindflt Instance 0 0000000f
luafv C: 135000 luafv 0 0000000f
npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000008
wcifs C: 189900 wcifs Instance 0 0000000f `

Emma1963 commented 2 months ago

If I run my local I can see something like this \Device\Volume{guid} I suspect it fails in FspFileSystemCreate

If the customer run in a totally new OS, it worked. But we could not figure out what was wrong with the old OS.

Emma1963 commented 2 months ago

Is there any setting we need to check?