Map contigious virtual usermode memory to specific physical pages

Hi,

[Similar the the unresolved:
https://www.osronline.com/showthread.cfm?link=157880 ]

In my PCIe driver, I would like to map multiple non contiguous (virtualy
and physicaly) memory pages to a user application, in such a way that the
user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something
like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying hardware
requires a sequence of large pyhsicaly contiguous memory blocks (which I
obtain by calling some flavour of MmAllocateContiguousMemory) and hence the
pages an nor physicly nor virtual contiguous. And no, SG is not an option
at this point. Hardware doesn’t support it.

Any ideas?

Thanks

First understand this can cause security problems. I won’t go into details here but search the archives of this list for a lot of discussion of this approach. If you need it look at http://www.osronline.com/article.cfm?id=39

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 3:50 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Map contigious virtual usermode memory to specific physical pages

Hi,

[Similar the the unresolved: https://www.osronline.com/showthread.cfm?link=157880]

In my PCIe driver, I would like to map multiple non contiguous (virtualy and physicaly) memory pages to a user application, in such a way that the user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying hardware requires a sequence of large pyhsicaly contiguous memory blocks (which I obtain by calling some flavour of MmAllocateContiguousMemory) and hence the pages an nor physicly nor virtual contiguous. And no, SG is not an option at this point. Hardware doesn’t support it.

Any ideas?

Thanks
— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at

Don,

The security problems are clear. As to the solution in the article you
metions, it only refer to a situation where the pages are virtualy contious
in kernel space. In this case they are not…

On Wed, Mar 1, 2017 at 10:58 PM, Don Burn wrote:

> First understand this can cause security problems. I won’t go into
> details here but search the archives of this list for a lot of discussion
> of this approach. If you need it look at http://www.osronline.com/
> article.cfm?id=39
>
>
> Don Burn
> Windows Driver Consulting
> Website: http://www.windrvr.com
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-626652-122747@
> lists.osr.com] On Behalf Of Menachem Shapira
> Sent: Wednesday, March 01, 2017 3:50 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Map contigious virtual usermode memory to specific
> physical pages
>
> Hi,
>
> [Similar the the unresolved: https://www.osronline.com/
> showthread.cfm?link=157880]
>
> In my PCIe driver, I would like to map multiple non contiguous (virtualy
> and physicaly) memory pages to a user application, in such a way that the
> user sees the entire memory as virtualy contiguous.
>
> It is my understanding that the Linux programmer may do something like
> ioremap(), i was wondering if we have such an equivilent.
>
> Jsut before you ask “why”, a short explation. The underlying hardware
> requires a sequence of large pyhsicaly contiguous memory blocks (which I
> obtain by calling some flavour of MmAllocateContiguousMemory) and hence the
> pages an nor physicly nor virtual contiguous. And no, SG is not an option
> at this point. Hardware doesn’t support it.
>
> Any ideas?
>
> Thanks
> — NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars
> on crash dump analysis, WDF, Windows internals and software drivers!
> Details at To unsubscribe, visit the List Server section of OSR Online at
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

You stated that the memory was allocated with MmAllocateContiguousMemory so they will be contiguous. Are you trying to allocate multiple blocks and then map them virtually contiguous? If so consider doing one block instead, if you do it early in the system boot you should be able to get any size of memory you want that way.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:04 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Map contigious virtual usermode memory to specific physical pages

Don,

The security problems are clear. As to the solution in the article you metions, it only refer to a situation where the pages are virtualy contious in kernel space. In this case they are not…

On Wed, Mar 1, 2017 at 10:58 PM, Don Burn > wrote:

First understand this can cause security problems. I won’t go into details here but search the archives of this list for a lot of discussion of this approach. If you need it look at http://www.osronline.com/article.cfm?id=39 http:

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com mailto:xxxxx [mailto:xxxxx@lists.osr.com mailto:xxxxx] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 3:50 PM
To: Windows System Software Devs Interest List >
Subject: [ntdev] Map contigious virtual usermode memory to specific physical pages

Hi,

[Similar the the unresolved: https://www.osronline.com/showthread.cfm?link=157880 https:]

In my PCIe driver, I would like to map multiple non contiguous (virtualy and physicaly) memory pages to a user application, in such a way that the user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying hardware requires a sequence of large pyhsicaly contiguous memory blocks (which I obtain by calling some flavour of MmAllocateContiguousMemory) and hence the pages an nor physicly nor virtual contiguous. And no, SG is not an option at this point. Hardware doesn’t support it.

Any ideas?

Thanks

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></https:></mailto:xxxxx></mailto:xxxxx></http:>

Yes, I am trying to allocate multiple blocks (I though that was clear… ).
Would love to do it in one block, but the sizes I require are not always
obtainable even during system boot…

On Mar 1, 2017 23:25, “Don Burn” wrote:

You stated that the memory was allocated with MmAllocateContiguousMemory so
they will be contiguous. Are you trying to allocate multiple blocks and
then map them virtually contiguous? If so consider doing one block
instead, if you do it early in the system boot you should be able to get
any size of memory you want that way.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-626654-122747@
lists.osr.com] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:04 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Map contigious virtual usermode memory to specific
physical pages

Don,

The security problems are clear. As to the solution in the article you
metions, it only refer to a situation where the pages are virtualy contious
in kernel space. In this case they are not…

On Wed, Mar 1, 2017 at 10:58 PM, Don Burn xxxxx@windrvr.com> > wrote:

First understand this can cause security problems. I won’t go into
details here but search the archives of this list for a lot of discussion
of this approach. If you need it look at http://www.osronline.com/
article.cfm?id=39 http:

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com mailto:xxxxx@lists.osr.com> [mailto:bounce-626652-122747@
lists.osr.com mailto:xxxxx] On Behalf Of
Menachem Shapira
Sent: Wednesday, March 01, 2017 3:50 PM
To: Windows System Software Devs Interest List mailto:xxxxx >
Subject: [ntdev] Map contigious virtual usermode memory to specific
physical pages

Hi,

[Similar the the unresolved: https://www.osronline.com/
showthread.cfm?link=157880 https:showthread.cfm?link=157880>]

In my PCIe driver, I would like to map multiple non contiguous
(virtualy and physicaly) memory pages to a user application, in such a way
that the user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something
like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying
hardware requires a sequence of large pyhsicaly contiguous memory blocks
(which I obtain by calling some flavour of MmAllocateContiguousMemory) and
hence the pages an nor physicly nor virtual contiguous. And no, SG is not
an option at this point. Hardware doesn’t support it.

Any ideas?

Thanks

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY
seminars on crash dump analysis, WDF, Windows internals and software
drivers! Details at To unsubscribe, visit the List Server section of OSR
Online at


NTDEV is sponsored by OSR

Visit the list online at: http:showlists.cfm?list=ntdev http:
>

MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at <
http://www.osronline.com/page.cfm?name=ListServer http:page.cfm?name=ListServer> >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on
crash dump analysis, WDF, Windows internals and software drivers! Details
at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http:>

MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at <
http://www.osronline.com/page.cfm?name=ListServer&gt;</http:></http:></http:></http:></http:></http:></https:></mailto:xxxxx></mailto:xxxxx></mailto:></http:>

How big are you looking for? I’ve done multiple GB on a 64-bit system since Server 2008. You just have to be early in to boot process, which may mean a separate driver to be boot time and early with no hardware, then call it for the block.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:37 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Map contigious virtual usermode memory to specific physical pages

Yes, I am trying to allocate multiple blocks (I though that was clear… ). Would love to do it in one block, but the sizes I require are not always obtainable even during system boot…

On Mar 1, 2017 23:25, “Don Burn” > wrote:

You stated that the memory was allocated with MmAllocateContiguousMemory so they will be contiguous. Are you trying to allocate multiple blocks and then map them virtually contiguous? If so consider doing one block instead, if you do it early in the system boot you should be able to get any size of memory you want that way.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----

From: xxxxx@lists.osr.com mailto:xxxxx [mailto:xxxxx@lists.osr.com mailto:xxxxx] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:04 PM
To: Windows System Software Devs Interest List >

Subject: Re: [ntdev] Map contigious virtual usermode memory to specific physical pages

Don,

The security problems are clear. As to the solution in the article you metions, it only refer to a situation where the pages are virtualy contious in kernel space. In this case they are not…

On Wed, Mar 1, 2017 at 10:58 PM, Don Burn mailto:xxxxx > > wrote:

First understand this can cause security problems. I won’t go into details here but search the archives of this list for a lot of discussion of this approach. If you need it look at http://www.osronline.com/article.cfm?id=39 http: http: >

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----

From: xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx > [mailto:xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx >] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 3:50 PM

To: Windows System Software Devs Interest List mailto:xxxxx > >
Subject: [ntdev] Map contigious virtual usermode memory to specific physical pages

Hi,

[Similar the the unresolved: https://www.osronline.com/showthread.cfm?link=157880 https: https: >]

In my PCIe driver, I would like to map multiple non contiguous (virtualy and physicaly) memory pages to a user application, in such a way that the user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying hardware requires a sequence of large pyhsicaly contiguous memory blocks (which I obtain by calling some flavour of MmAllocateContiguousMemory) and hence the pages an nor physicly nor virtual contiguous. And no, SG is not an option at this point. Hardware doesn’t support it.

Any ideas?

Thanks

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: http: > >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: http: > >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></http:></http:></http:></http:></http:></https:></https:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></http:></http:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

Size is firmware dependent, the driver doesn’t actually know the size, and
can’t just allocate the maximum. It is meant to run on systems with very
low resources were the firmware will need only a few MB ad on HW with
massive resources, where the firmware will require 4GB. However the
firmware does not require them to be contiguous, only the UM application.

Sent from mobile

On Mar 1, 2017 23:43, “Don Burn” wrote:

> How big are you looking for? I’ve done multiple GB on a 64-bit system
> since Server 2008. You just have to be early in to boot process, which may
> mean a separate driver to be boot time and early with no hardware, then
> call it for the block.
>
>
> Don Burn
> Windows Driver Consulting
> Website: http://www.windrvr.com
>
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:bounce-626660-122747@
> lists.osr.com] On Behalf Of Menachem Shapira
> Sent: Wednesday, March 01, 2017 4:37 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Map contigious virtual usermode memory to specific
> physical pages
>
> Yes, I am trying to allocate multiple blocks (I though that was clear…
> ). Would love to do it in one block, but the sizes I require are not always
> obtainable even during system boot…
>
>
>
> On Mar 1, 2017 23:25, “Don Burn” > xxxxx@windrvr.com> > wrote:
>
>
> You stated that the memory was allocated with
> MmAllocateContiguousMemory so they will be contiguous. Are you trying to
> allocate multiple blocks and then map them virtually contiguous? If so
> consider doing one block instead, if you do it early in the system boot you
> should be able to get any size of memory you want that way.
>
>
>
> Don Burn
> Windows Driver Consulting
> Website: http://www.windrvr.com
>
>
>
>
> -----Original Message-----
>
> From: xxxxx@lists.osr.com mailto:> xxxxx@lists.osr.com> [mailto:bounce-626654-122747@
> lists.osr.com mailto:xxxxx] On Behalf Of
> Menachem Shapira
> Sent: Wednesday, March 01, 2017 4:04 PM
> To: Windows System Software Devs Interest List <
> xxxxx@lists.osr.com mailto:xxxxx >
>
> Subject: Re: [ntdev] Map contigious virtual usermode memory to
> specific physical pages
>
> Don,
>
> The security problems are clear. As to the solution in the article
> you metions, it only refer to a situation where the pages are virtualy
> contious in kernel space. In this case they are not…
>
>
> On Wed, Mar 1, 2017 at 10:58 PM, Don Burn > mailto:xxxxx mailto:xxxxx> xxxxx@windrvr.com> > > wrote:
>
>
> First understand this can cause security problems. I
> won’t go into details here but search the archives of this list for a lot
> of discussion of this approach. If you need it look at
> http://www.osronline.com/article.cfm?id=39 http:> article.cfm?id=39> http:> http://www.osronline.com/article.cfm?id=39&gt; >
>
>
>
> Don Burn
> Windows Driver Consulting
> Website: http://www.windrvr.com
>
>
>
>
>
> -----Original Message-----
>
> From: xxxxx@lists.osr.com mailto:> xxxxx@lists.osr.com> mailto:bounce-626652-122747> lists.osr.com mailto:xxxxx > [mailto:
> xxxxx@lists.osr.com mailto:bounce-626652-122747> lists.osr.com> mailto:xxxxx> xxxxx@lists.osr.com> >] On Behalf Of Menachem Shapira
> Sent: Wednesday, March 01, 2017 3:50 PM
>
> To: Windows System Software Devs Interest List <
> xxxxx@lists.osr.com mailto:xxxxx mailto:> xxxxx@lists.osr.com mailto:xxxxx > >
> Subject: [ntdev] Map contigious virtual usermode memory to
> specific physical pages
>
> Hi,
>
>
> [Similar the the unresolved: https://www.osronline.com/
> showthread.cfm?link=157880 https:> showthread.cfm?link=157880> https:> showthread.cfm?link=157880 https:> showthread.cfm?link=157880> >]
>
>
> In my PCIe driver, I would like to map multiple non
> contiguous (virtualy and physicaly) memory pages to a user application, in
> such a way that the user sees the entire memory as virtualy contiguous.
>
> It is my understanding that the Linux programmer may do
> something like ioremap(), i was wondering if we have such an equivilent.
>
> Jsut before you ask “why”, a short explation. The
> underlying hardware requires a sequence of large pyhsicaly contiguous
> memory blocks (which I obtain by calling some flavour of
> MmAllocateContiguousMemory) and hence the pages an nor physicly nor virtual
> contiguous. And no, SG is not an option at this point. Hardware doesn’t
> support it.
>
> Any ideas?
>
> Thanks
>
> — NTDEV is sponsored by OSR Visit the list online at:
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers! Details at To unsubscribe, visit the List Server section
> of OSR Online at
>
>
> —
> NTDEV is sponsored by OSR
>
>
> Visit the list online at: http:> showlists.cfm?list=ntdev http:> showlists.cfm?list=ntdev> http:> showlists.cfm?list=ntdev http:> showlists.cfm?list=ntdev> > >
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows
> internals and software drivers!
> Details at http:
>
>
> To unsubscribe, visit the List Server section of OSR
> Online at http:> http://www.osronline.com/page.cfm?name=ListServer&gt; <
> http://www.osronline.com/page.cfm?name=ListServer <
> http://www.osronline.com/page.cfm?name=ListServer&gt; > >
>
>
>
>
> — NTDEV is sponsored by OSR Visit the list online at: MONTHLY
> seminars on crash dump analysis, WDF, Windows internals and software
> drivers! Details at To unsubscribe, visit the List Server section of OSR
> Online at
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev http:> showlists.cfm?list=ntdev> >
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals
> and software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer <
> http://www.osronline.com/page.cfm?name=ListServer&gt; >
>
>
>
> — NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars
> on crash dump analysis, WDF, Windows internals and software drivers!
> Details at To unsubscribe, visit the List Server section of OSR Online at
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></https:></https:></https:></mailto:xxxxx></mailto:></mailto:xxxxx></mailto:xxxxx></mailto:bounce-626652-122747></mailto:xxxxx></mailto:bounce-626652-122747></mailto:></http:></http:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:>

All you can do in that case is walk through the user address space to find a large enough region for your mapping, then use MmMapLockedPagesSpecifyCache with the user addresses specifying things so the chunks are adjacent. I’ve done this for one weird piece of hardware, but it does require some assist from user space using VirtualQueryEx to make things work.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:50 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Map contigious virtual usermode memory to specific physical pages

Size is firmware dependent, the driver doesn’t actually know the size, and can’t just allocate the maximum. It is meant to run on systems with very low resources were the firmware will need only a few MB ad on HW with massive resources, where the firmware will require 4GB. However the firmware does not require them to be contiguous, only the UM application.

Sent from mobile

On Mar 1, 2017 23:43, “Don Burn” > wrote:

How big are you looking for? I’ve done multiple GB on a 64-bit system since Server 2008. You just have to be early in to boot process, which may mean a separate driver to be boot time and early with no hardware, then call it for the block.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com mailto:xxxxx [mailto:xxxxx@lists.osr.com mailto:xxxxx] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:37 PM
To: Windows System Software Devs Interest List >
Subject: RE: [ntdev] Map contigious virtual usermode memory to specific physical pages

Yes, I am trying to allocate multiple blocks (I though that was clear… ). Would love to do it in one block, but the sizes I require are not always obtainable even during system boot…

On Mar 1, 2017 23:25, “Don Burn” mailto:xxxxx > > wrote:

You stated that the memory was allocated with MmAllocateContiguousMemory so they will be contiguous. Are you trying to allocate multiple blocks and then map them virtually contiguous? If so consider doing one block instead, if you do it early in the system boot you should be able to get any size of memory you want that way.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----

From: xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx > [mailto:xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx >] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 4:04 PM
To: Windows System Software Devs Interest List mailto:xxxxx > >

Subject: Re: [ntdev] Map contigious virtual usermode memory to specific physical pages

Don,

The security problems are clear. As to the solution in the article you metions, it only refer to a situation where the pages are virtualy contious in kernel space. In this case they are not…

On Wed, Mar 1, 2017 at 10:58 PM, Don Burn mailto:xxxxx > mailto:xxxxx mailto:xxxxx > > > wrote:

First understand this can cause security problems. I won’t go into details here but search the archives of this list for a lot of discussion of this approach. If you need it look at http://www.osronline.com/article.cfm?id=39 http: http: > http: http: > >

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----

From: xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx > mailto:xxxxx mailto:xxxxx > > [mailto:xxxxx@lists.osr.com mailto:xxxxx mailto:xxxxx > mailto:xxxxx mailto:xxxxx > >] On Behalf Of Menachem Shapira
Sent: Wednesday, March 01, 2017 3:50 PM

To: Windows System Software Devs Interest List mailto:xxxxx > mailto:xxxxx mailto:xxxxx > > >
Subject: [ntdev] Map contigious virtual usermode memory to specific physical pages

Hi,

[Similar the the unresolved: https://www.osronline.com/showthread.cfm?link=157880 https: https: > https: https: > >]

In my PCIe driver, I would like to map multiple non contiguous (virtualy and physicaly) memory pages to a user application, in such a way that the user sees the entire memory as virtualy contiguous.

It is my understanding that the Linux programmer may do something like ioremap(), i was wondering if we have such an equivilent.

Jsut before you ask “why”, a short explation. The underlying hardware requires a sequence of large pyhsicaly contiguous memory blocks (which I obtain by calling some flavour of MmAllocateContiguousMemory) and hence the pages an nor physicly nor virtual contiguous. And no, SG is not an option at this point. Hardware doesn’t support it.

Any ideas?

Thanks

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: http: > http: http: > > >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: http: > http: http: > > >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: http: > >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: http: > >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at


NTDEV is sponsored by OSR

Visit the list online at: http: >

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http: >

— NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at</http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></http:></https:></https:></https:></https:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></http:></http:></http:></http:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

Menachem Shapira wrote:

In my PCIe driver, I would like to map multiple non contiguous
(virtualy and physicaly) memory pages to a user application, in such a
way that the user sees the entire memory as virtualy contiguous.

Although it seems “pretty” to make these regions virtually contiguous,
it is a waste of your time to investigate hackery to make that happen.
It is trivially easy to create a data structure that hides the
discontinuities. The STL std::deque container appears to the user as a
single sequential block, but is actually implemented as a set of
discontinuous subblocks.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Thanks all,

I’m going to try to go with Don’s solution. I’ve managed to get it working
on some POC level, now i’m just left to work out what to arguments to pass
to VirtualQueryEx in order to ensure that I get addresses I can use.
Tim, you solution would work if I didn’t already have a whole lot of
applications alleady using an interface thats uses void* and treat the
memory as contiguous.

Thanks again,

On Thu, Mar 2, 2017 at 12:12 AM, Tim Roberts wrote:

> Menachem Shapira wrote:
> >
> > In my PCIe driver, I would like to map multiple non contiguous
> > (virtualy and physicaly) memory pages to a user application, in such a
> > way that the user sees the entire memory as virtualy contiguous.
>
> Although it seems “pretty” to make these regions virtually contiguous,
> it is a waste of your time to investigate hackery to make that happen.
> It is trivially easy to create a data structure that hides the
> discontinuities. The STL std::deque container appears to the user as a
> single sequential block, but is actually implemented as a set of
> discontinuous subblocks.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

Hi,

Just for completness and future refernce, this is how what I did:

************************

In my UM app - call search for a free region big enough to accomedate the
entire virtual memory block that I require:

p = 0x100000; any old address
VirtualQueryEx(GetCurrentProcess(), (VOID*)p, &Buffer, sizeof(Buffer));
while (Buffer.State != MEM_FREE || Buffer.RegionSize < (blocksize * 4))
{
p += Buffer.RegionSize;
VirtualQueryEx(GetCurrentProcess(), (VOID*)p, &Buffer, sizeof(Buffer));
}

//Here we call the IOCTL to request the driver to map pages…

**************************
In my driver:

//UserVa is the free address that the UM code found.
//m_blockSize should be page aligned
for (ULONG i = 0; i < numBlocks; i++)
{
m_memoryChunksArr[i].SystemAddress =
MmAllocateContiguousMemorySpecifyCache(m_blockSize, lowAddress,
highAddress, lowAddress, MmCached);
m_memoryChunksArr[i].pMdl =
IoAllocateMdl(m_memoryChunksArr[i].SystemAddress, m_blockSize, FALSE,
FALSE, NULL);

MmBuildMdlForNonPagedPool(m_memoryChunksArr[i].pMdl);
__try {
MmMapLockedPagesSpecifyCache(m_memoryChunksArr[i].pMdl, UserMode, MmCached,
(PUCHAR)UserVa + m_blockSize * i, FALSE,NormalPagePriority);
}

__except (EXCEPTION_EXECUTE_HANDLER) {
DbgPrint(“MmMapLockedPagesSpecifyCache failed\n”);
Status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
}

On Thu, Mar 2, 2017 at 11:34 PM, Menachem Shapira
wrote:

> Thanks all,
>
> I’m going to try to go with Don’s solution. I’ve managed to get it working
> on some POC level, now i’m just left to work out what to arguments to pass
> to VirtualQueryEx in order to ensure that I get addresses I can use.
> Tim, you solution would work if I didn’t already have a whole lot of
> applications alleady using an interface thats uses void* and treat the
> memory as contiguous.
>
> Thanks again,
>
> On Thu, Mar 2, 2017 at 12:12 AM, Tim Roberts wrote:
>
>> Menachem Shapira wrote:
>> >
>> > In my PCIe driver, I would like to map multiple non contiguous
>> > (virtualy and physicaly) memory pages to a user application, in such a
>> > way that the user sees the entire memory as virtualy contiguous.
>>
>> Although it seems “pretty” to make these regions virtually contiguous,
>> it is a waste of your time to investigate hackery to make that happen.
>> It is trivially easy to create a data structure that hides the
>> discontinuities. The STL std::deque container appears to the user as a
>> single sequential block, but is actually implemented as a set of
>> discontinuous subblocks.
>>
>> –
>> Tim Roberts, xxxxx@probo.com
>> Providenza & Boekelheide, Inc.
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> Visit the list online at: http:>> lists.cfm?list=ntdev>
>>
>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>> software drivers!
>> Details at http:
>>
>> To unsubscribe, visit the List Server section of OSR Online at <
>> http://www.osronline.com/page.cfm?name=ListServer&gt;
>>
>
></http:></http:>

Why are you trying that hard ?

You are walking the user address space in a brute force way to find the buffer of the size you need but do you realize that VirtualAlloc does the same thing in a much more reliable and optimized way ?

VirtualAlloc holds the user address space lock so no memory can be allocated or freed while it is searching for the required region size within the address space. But it does so walking an AVL tree containing already allocated buffers (to skip them).

There is also a terminology or vocabulary issue here: a “contiguous virtual usermode memory” is just a user buffer, isn’t it ?

But more importantly, your code does not seem to have anything to do with the initial request which is:

“In my PCIe driver, I would like to map multiple non contiguous (virtualy and physicaly) memory pages to a user application, in such a way that the user sees the entire memory as virtualy contiguous.”

Here is a proposed solution (I didn’t tried it):

1- Create an array of MM_PHYSICAL_ADDRESS_LIST structs that contains the physical pages of all the user buffers you plan to remap. Walk the user buffers page by page and get each physical address using MmGetPhysicalAddress. You may minimize the size of the array by merging contiguous physical pages into a single MM_PHYSICAL_ADDRESS_LIST struct and adjust its size.

2- Use the array of MM_PHYSICAL_ADDRESS_LIST with MmAllocateMdlForIoSpace to obtain an MDL containing all the physical pages.

3- Lock down the pages with MmProbeAndLockPages and map them into user space using MmMapLockedPagesSpecifyCache with UserMode as the KPROCESSOR_MODE value.

Note that you must be certain to execute in the context of the user app you are targeting for this to work and only highest level drivers are guaranted to execute in the context of the app that issued a request.

Yuck.

For one, you’re violating the contact with this API… the MM_PHYSICAL_ADDRESS_LIST is supposed to be in I/O Space, which it will not be in your model. The hint is the “ForIoSpace” part of the name.

I’d expect the checked build of the OS to ASSERT on this call. Haven’t checked if it does, but that’s what I’d expect.

Now, I agree that your basic approach *should* work, but I’d judge it too risky to use it in production code.

Peter
OSR
@OSRDrivers

>Now, I agree that your basic approach *should* work, but I’d judge it too risky to use it in production code.

Yes the physical pages are not contiguous and there is the “Process has locked pages” bugcheck issue. Mapping a buffer in the user address space is not a good idea and merging user mode buffers should be done in userland.

I also read that Linux ioremap returns a ‘special’ system VA (pointer) that should not be used directly (dereferenced). So on Linux, the “remapped” buffer cannot be “seen” by the user.