Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Blue Sreen with DRIVER_VERIFIER_DMA_VIOLATION (e6) of our PCIe NDIS Adapter

gyroblaugyroblau Member Posts: 8

Hi from Germany,

since several years our NDIS miniport driver (NDIS Version 6.6) with our NDIS PCIe NIC (DMA busmaster adapter) runs without any problems on Windows machines.

New mainboards with BIOS enabled kernel DMA protection ("enabled" seems to be default) result in a blue screen, when the computer starts and the miniport driver is enabled:

DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: 0000000000000000, Device Object of faulting device.
Arg3: 00000000000c1f80, Faulting information (usually faulting physical address).
Arg4: 0000000000000006, Fault type (hardware specific).

PROCESS_NAME: System

STACK_TEXT:
fffff80285a6cea8 fffff8027eadab47 : 00000000000000e6 0000000000000026 0000000000000000 00000000000c1f80 : nt!KeBugCheckEx
fffff80285a6ceb0 fffff8027eac6a6b : 0000000000000000 0000000000000000 fffff8027f249dd0 fffff8027f249dd0 : nt!IvtHandleInterrupt+0x1a7
fffff80285a6cf10 fffff8027e927f55 : fffff8027f2f3cc0 fffff80285a5da50 fffff8027f2f3d70 0000000000000000 : nt!HalpIommuInterruptRoutine+0x4b
fffff80285a6cf40 fffff8027e9f75cc : fffff80285a5da50 fffff8027f2f3cc0 00000000000007c4 fffff8027e9fc940 : nt!KiCallInterruptServiceRoutine+0xa5
fffff80285a6cf90 fffff8027e9f79d7 : fffff80285a5daf0 0000000000000001 0000000000040046 fffff8027e870188 : nt!KiInterruptSubDispatchNoLock+0x11c
fffff80285a5d9d0 fffff8027e9f977a : 0000000000000000 0000000000000000 fffff8027f327600 00000000000007c4 : nt!KiInterruptDispatchNoLock+0x37
fffff80285a5db60 0000000000000000 : fffff80285a5e000 fffff80285a57000 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x5a

SYMBOL_NAME: nt!IvtHandleInterrupt+1a7
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe

According to the modules list of WinDbg the miniport driver seems to be loaded.

The BSD occurs on Windows 10 and 11 operating systems.

The stop code DRIVER_VERIFIER_DMA_VIOLATION gives a false indication - driver verifier is not (specifically) enabled at the machines!

More info on kernel DMA protection can be found under
how-windows-protects-against-dma-drive-by-attacks

Another user has posted on the internet:
"To work around this issue, disable Kernel DMA Protection in BIOS. ... Microsoft is aware of this issue. A resolution will be provided in an upcoming release."
See
stop-code-driver-verifier-dma-violation.md

The Microsoft (see link above) writes:
"Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless the drivers for these peripherals support memory isolation (such as DMA-remapping)."

Our miniport driver allocates memory with the following code:

// Register a DMA channel. !! Necessary, otherwise NdisMAllocateSharedMemory will fail.
//
NdisZeroMemory(&dmaDescription, sizeof(NDIS_DMA_DESCRIPTION));
dmaDescription.DemandMode = FALSE;
dmaDescription.AutoInitialize = FALSE;
dmaDescription.DmaChannelSpecified = FALSE;
dmaDescription.DmaWidth = Width32Bits;
dmaDescription.DmaSpeed = Compatible;
dmaDescription.DmaPort = 0;
dmaDescription.DmaChannel = 0;
status = NdisMRegisterDmaChannel(&Adapter->MiniportDmaHandle, Adapter->MiniportAdapterHandle, 0, TRUE, &dmaDescription, 4);

NdisMAllocateSharedMemory(Adapter->MiniportAdapterHandle, Adapter->lengthSMComplete, FALSE, &Adapter->pSMvirtualStartOriginal, &Adapter->pSMphysicalStartOriginal);

Under
enabling-dma-remapping-for-device-drivers
you can find only, that I can add:
[MyServiceInstall_AddReg]
HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in
to the INF file with the opt-in parameter = 1 meaning
"This indicates to the system that your driver is fully compatible with DMA remapping."

My questions are:

  • How can a driver and/or PCIx adapter made compatible with DMA remapping?
  • Can I avoid the BSD by software means and without disabling the kernel DMA protection in BIOS?
  • Is it correct, that Microsoft is aware of the problem (is it a MS problem?) and is working on a solution?

Thanks a lot!

Carsten

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,784

    A driver that written properly, and uses the DMA api for their particular driver model, is automatically compatible with DMA Remapping. If your driver runs (on a machine without DMA remapping active) under Driver Verifier with DMA Verification enabled, you should be good to go.

    So… set the DMA remapping value to enabled, and see if your driver works.

    I would DISable DMA remapping, because it’s an important security protection. Just make your driver work properly, instead.

    I don’t have any idea why this would be a “problem” that MSFT needs to,fix, except for the fact that I also don’t understand why you would have to opt IN to use DMAR. As I said, all properly written drivers should work. So, while it’s nice that there’s a way to opt OUT… shouldn’t this just be “enabled by default” so that devs like you don’t encounter this BSOD?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • gyroblaugyroblau Member Posts: 8

    Hi Peter,

    thanks a lot for your answer, but unfortunately, I did not understand what you wanted to say to me.

    "If your driver runs on a machine without DMA remapping active"
    How do I know, whether the machine has DMA remapping active?

    "So… set the DMA remapping value to enabled, and see if your driver works."
    "I would disable DMA remapping, because it’s an important security protection."
    How can I enable or disable DMA remapping?

    As far as I know, I

    • can enable/disable Kernel DMA protection in the BIOS (on newer mainboards)
    • have an DMA remapping compatible driver (by using standard NDIS functions it should be compatible automatically)
    • can "opt in" or "opt out" by an INF file entry to tell tell the system, that my driver is remap compatible

    ? How can I put that all together?

    Thanks
    Carsten

    PS:
    With driver verifiers DMA check enabled and an "opt in" INF entry
    "HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in"
    our miniport driver runs without any problems on machines, which don't have the mainboard BIOS "kernel DMA protection" option.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,784

    How can I enable or disable DMA remapping?

    Opt in. Set the value in the INF file. Then you’re done, and everything should work.

    No? Am I missing some major point?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • gyroblaugyroblau Member Posts: 8

    Yes, you are missing, that it crashes with the INF value set also :smile:

  • gyroblaugyroblau Member Posts: 8

    Crashing only occurs on machines, which have the BIOS "kernel DMA protection" option.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,784

    Except you said you have an Express bus device. The page you reference says Express bus devices aren’t affected, doesn’t it?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • gyroblaugyroblau Member Posts: 8

    Our Network-Adapter (which is a PCIx-Adapter) is internally a PCI device with a PCI to PCIx bridge.
    I am not familiar with the hardware details and how that affects the problem.

    Thanks, Carsten

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,784

    In your first post, you said it was PCIe. Now it’s PCIx.

    It would help to have the details correct. They’re more than a little important when you’re writing a driver.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • gyroblaugyroblau Member Posts: 8

    Sorry, it is PCI express.

    So we have a PCI express (X1) Network-Adapter, which is internally a PCI device with a PCIe to PCI bridge.

    I thought, that PCIx and PCI express is the same, but I learned, it is not ;)

    Thanks for asking for a clarification, Peter!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online