Enumerating all available change journal records

Question

I have a problem with enumerating change journal records.

//my params    
READ_USN_JOURNAL_DATA read_journal_data;
read_journal_data.StartUsn = ... //next USN
read_journal_data.ReasonMask = 0xFFFFFFFF;
read_journal_data.ReturnOnlyOnClose = FALSE;
read_journal_data.UsnJournalID = ... //ID of current journal
read_journal_data.BytesToWaitFor = 9000;
read_journal_data.Timeout = 5; //5 seconds

BOOL result = DeviceIoControl(this->volume_handle_, FSCTL_READ_USN_JOURNAL,
         &read_journal_data, sizeof(read_journal_data), this->change_journal_data_buffer_,
         this->change_journal_data_buffer_, &this->valid_bytes_in_buffer_, NULL);

As you see, Timeout is nonzero and BytesToWaitFor is nonzero too. I understood that when FSCTL_READ_USN_JOURNAL call reaches the end of the change journal, it must wait Timeout seconds and then return all (0 or more) available records within the range of BytesToWaitFor. However, for some reason I am watching completely different behavior: DeviceIoControl with FSCTL_READ_USN_JOURNAL and other listed parameters can take for several minutes - until some NEW changes have been occured in file system. Why READ_USN_JOURNAL_DATA.Timeout does not limit duration of FSCTL_READ_USN_JOURNAL request?

Answer 1

It behaves exactly how it suppose to behave, to be specific:

In either case, after the time-out period any new data appended to the change journal is processed. If there are still no records to return from the specified set, the time-out period is repeated. In this mode, FSCTL_READ_USN_JOURNAL remains outstanding until at least one record is returned or I/O is canceled.

See MSDN, section Timeout