We process IRPs constantly that have memory that may be locked KM memory, or have an MDL that has been locked and mapped to a KM Va, or may be mapped but not locked, or may have an MDL that has not been mapped into the KM virtual address space, or may just provide a user mode buffer
Really? In actual, practical, Windows drivers? This hasn’t been my experience. Or, to be more precise, some of these details are hidden from a properly written driver. Consider, for example, MmGetSystemAdressForMdlSafe:
FORCEINLINE
PVOID
MmGetSystemAddressForMdlSafe (
_Inout_ PMDL Mdl,
_In_ ULONG Priority // MM_PAGE_PRIORITY logically OR'd with MdlMapping*
)
{
if (Mdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL)) {
return Mdl->MappedSystemVa;
} else {
return MmMapLockedPagesSpecifyCache(Mdl, KernelMode, MmCached,
NULL, FALSE, Priority);
}
}
This is an example of how Windows “smooths over” differences such as “already mapped vs not yet mapped” for you, so you don’t have to worry about such things.
physical memory appears to be locked by reference count
Yes, the count is in the PFN (the Page Frame Number Database).
If that is called at DPC, then you know it cannot be paged out
Hmmmm… are you SURE? How about on a Multiprocessor system?
Mr. Roddy asked, some days ago:
What real world problem are you trying to solve?
And so, I will ask again, because your questions seem to reflect an abstract view of what might occur in a driver, as opposed to the day-to-day reality of writing Windows drivers. Please, tell us… What real world problem are you trying to solve?
Peter