Hi,
I do not agree to this changes. For a non system thread, we use a kernel mode apc first, which uses a second user mode apc. This overhead isn't necessary. For system threads it isn't possible to use a kernel mode apc which calls PspExitThread. A system thread must terminate it self. It is only possible to help by marking a flag, setting an event or unwait the thread.
- Hartmut
Hi,
I based these changes on some APC tracing on my system. First, a kernel APC is queded up without the special flag and its normal function is called PspExitNormalApc. This function then kills the thread immediately if it's a system thread. I believe this is an optimization and allows us to kill the thread directly from the first APC...there's no use in going down to user-mode for this. If this is a user-thread, then a second APC is queued, this time usermode, to kill the thread. I don't really see any overhead...this is faster then queuing a user-mode APC to deal with everything, since system threads will stay in kernel and we won't need the overhead of a user APC (much larger then the overhead of killing a user thread by doing two apcs).
Best regards, Alex Ionescu