Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hi from Germany,
since several years our NDIS miniport driver (NDIS Version 6.6) with our NDIS PCIe NIC (DMA busmaster adapter) runs without any problems on Windows machines.
New mainboards with BIOS enabled kernel DMA protection ("enabled" seems to be default) result in a blue screen, when the computer starts and the miniport driver is enabled:
DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: 0000000000000000, Device Object of faulting device.
Arg3: 00000000000c1f80, Faulting information (usually faulting physical address).
Arg4: 0000000000000006, Fault type (hardware specific).
PROCESS_NAME: System
STACK_TEXT:
fffff80285a6cea8 fffff802
7eadab47 : 00000000000000e6 00000000
00000026 0000000000000000 00000000
000c1f80 : nt!KeBugCheckEx
fffff80285a6ceb0 fffff802
7eac6a6b : 0000000000000000 00000000
00000000 fffff8027f249dd0 fffff802
7f249dd0 : nt!IvtHandleInterrupt+0x1a7
fffff80285a6cf10 fffff802
7e927f55 : fffff8027f2f3cc0 fffff802
85a5da50 fffff8027f2f3d70 00000000
00000000 : nt!HalpIommuInterruptRoutine+0x4b
fffff80285a6cf40 fffff802
7e9f75cc : fffff80285a5da50 fffff802
7f2f3cc0 00000000000007c4 fffff802
7e9fc940 : nt!KiCallInterruptServiceRoutine+0xa5
fffff80285a6cf90 fffff802
7e9f79d7 : fffff80285a5daf0 00000000
00000001 0000000000040046 fffff802
7e870188 : nt!KiInterruptSubDispatchNoLock+0x11c
fffff80285a5d9d0 fffff802
7e9f977a : 0000000000000000 00000000
00000000 fffff8027f327600 00000000
000007c4 : nt!KiInterruptDispatchNoLock+0x37
fffff80285a5db60 00000000
00000000 : fffff80285a5e000 fffff802
85a57000 0000000000000000 00000000
00000000 : nt!KiIdleLoop+0x5a
SYMBOL_NAME: nt!IvtHandleInterrupt+1a7
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
According to the modules list of WinDbg the miniport driver seems to be loaded.
The BSD occurs on Windows 10 and 11 operating systems.
The stop code DRIVER_VERIFIER_DMA_VIOLATION gives a false indication - driver verifier is not (specifically) enabled at the machines!
More info on kernel DMA protection can be found under
how-windows-protects-against-dma-drive-by-attacks
Another user has posted on the internet:
"To work around this issue, disable Kernel DMA Protection in BIOS. ... Microsoft is aware of this issue. A resolution will be provided in an upcoming release."
See
stop-code-driver-verifier-dma-violation.md
The Microsoft (see link above) writes:
"Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless the drivers for these peripherals support memory isolation (such as DMA-remapping)."
Our miniport driver allocates memory with the following code:
// Register a DMA channel. !! Necessary, otherwise NdisMAllocateSharedMemory will fail.
//
NdisZeroMemory(&dmaDescription, sizeof(NDIS_DMA_DESCRIPTION));
dmaDescription.DemandMode = FALSE;
dmaDescription.AutoInitialize = FALSE;
dmaDescription.DmaChannelSpecified = FALSE;
dmaDescription.DmaWidth = Width32Bits;
dmaDescription.DmaSpeed = Compatible;
dmaDescription.DmaPort = 0;
dmaDescription.DmaChannel = 0;
status = NdisMRegisterDmaChannel(&Adapter->MiniportDmaHandle, Adapter->MiniportAdapterHandle, 0, TRUE, &dmaDescription, 4);
NdisMAllocateSharedMemory(Adapter->MiniportAdapterHandle, Adapter->lengthSMComplete, FALSE, &Adapter->pSMvirtualStartOriginal, &Adapter->pSMphysicalStartOriginal);
Under
enabling-dma-remapping-for-device-drivers
you can find only, that I can add:
[MyServiceInstall_AddReg]
HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in
to the INF file with the opt-in parameter = 1 meaning
"This indicates to the system that your driver is fully compatible with DMA remapping."
My questions are:
Thanks a lot!
Carsten
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Internals & Software Drivers | 7 February 2022 | Live, Online |
Kernel Debugging | 21 March 2022 | Live, Online |
Developing Minifilters | 23 May 2022 | Live, Online |
Writing WDF Drivers | 12 September 2022 | Live, Online |
Comments
A driver that written properly, and uses the DMA api for their particular driver model, is automatically compatible with DMA Remapping. If your driver runs (on a machine without DMA remapping active) under Driver Verifier with DMA Verification enabled, you should be good to go.
So… set the DMA remapping value to enabled, and see if your driver works.
I would DISable DMA remapping, because it’s an important security protection. Just make your driver work properly, instead.
I don’t have any idea why this would be a “problem” that MSFT needs to,fix, except for the fact that I also don’t understand why you would have to opt IN to use DMAR. As I said, all properly written drivers should work. So, while it’s nice that there’s a way to opt OUT… shouldn’t this just be “enabled by default” so that devs like you don’t encounter this BSOD?
Peter
Peter Viscarola
OSR
@OSRDrivers
Hi Peter,
thanks a lot for your answer, but unfortunately, I did not understand what you wanted to say to me.
"If your driver runs on a machine without DMA remapping active"
How do I know, whether the machine has DMA remapping active?
"So… set the DMA remapping value to enabled, and see if your driver works."
"I would disable DMA remapping, because it’s an important security protection."
How can I enable or disable DMA remapping?
As far as I know, I
? How can I put that all together?
Thanks
Carsten
PS:
With driver verifiers DMA check enabled and an "opt in" INF entry
"HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in"
our miniport driver runs without any problems on machines, which don't have the mainboard BIOS "kernel DMA protection" option.
Opt in. Set the value in the INF file. Then you’re done, and everything should work.
No? Am I missing some major point?
Peter
Peter Viscarola
OSR
@OSRDrivers
Yes, you are missing, that it crashes with the INF value set also
Crashing only occurs on machines, which have the BIOS "kernel DMA protection" option.
It looks likes, as this is a Microsoft bug:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/stop-code-driver-verifier-dma-violation
Except you said you have an Express bus device. The page you reference says Express bus devices aren’t affected, doesn’t it?
Peter
Peter Viscarola
OSR
@OSRDrivers
Our Network-Adapter (which is a PCIx-Adapter) is internally a PCI device with a PCI to PCIx bridge.
I am not familiar with the hardware details and how that affects the problem.
Thanks, Carsten
In your first post, you said it was PCIe. Now it’s PCIx.
It would help to have the details correct. They’re more than a little important when you’re writing a driver.
Peter
Peter Viscarola
OSR
@OSRDrivers
Sorry, it is PCI express.
So we have a PCI express (X1) Network-Adapter, which is internally a PCI device with a PCIe to PCI bridge.
I thought, that PCIx and PCI express is the same, but I learned, it is not
Thanks for asking for a clarification, Peter!