Blue Sreen with DRIVER_VERIFIER_DMA_VIOLATION (e6) of our PCIe NDIS Adapter

Hi from Germany,

since several years our NDIS miniport driver (NDIS Version 6.6) with our NDIS PCIe NIC (DMA busmaster adapter) runs without any problems on Windows machines.

New mainboards with BIOS enabled kernel DMA protection (“enabled” seems to be default) result in a blue screen, when the computer starts and the miniport driver is enabled:

DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: 0000000000000000, Device Object of faulting device.
Arg3: 00000000000c1f80, Faulting information (usually faulting physical address).
Arg4: 0000000000000006, Fault type (hardware specific).

PROCESS_NAME: System

STACK_TEXT:
fffff80285a6cea8 fffff8027eadab47 : 00000000000000e6 0000000000000026 0000000000000000 00000000000c1f80 : nt!KeBugCheckEx
fffff80285a6ceb0 fffff8027eac6a6b : 0000000000000000 0000000000000000 fffff8027f249dd0 fffff8027f249dd0 : nt!IvtHandleInterrupt+0x1a7
fffff80285a6cf10 fffff8027e927f55 : fffff8027f2f3cc0 fffff80285a5da50 fffff8027f2f3d70 0000000000000000 : nt!HalpIommuInterruptRoutine+0x4b
fffff80285a6cf40 fffff8027e9f75cc : fffff80285a5da50 fffff8027f2f3cc0 00000000000007c4 fffff8027e9fc940 : nt!KiCallInterruptServiceRoutine+0xa5
fffff80285a6cf90 fffff8027e9f79d7 : fffff80285a5daf0 0000000000000001 0000000000040046 fffff8027e870188 : nt!KiInterruptSubDispatchNoLock+0x11c
fffff80285a5d9d0 fffff8027e9f977a : 0000000000000000 0000000000000000 fffff8027f327600 00000000000007c4 : nt!KiInterruptDispatchNoLock+0x37
fffff80285a5db60 0000000000000000 : fffff80285a5e000 fffff80285a57000 0000000000000000 0000000000000000 : nt!KiIdleLoop+0x5a

SYMBOL_NAME: nt!IvtHandleInterrupt+1a7
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe

According to the modules list of WinDbg the miniport driver seems to be loaded.

The BSD occurs on Windows 10 and 11 operating systems.

The stop code DRIVER_VERIFIER_DMA_VIOLATION gives a false indication - driver verifier is not (specifically) enabled at the machines!

More info on kernel DMA protection can be found under
how-windows-protects-against-dma-drive-by-attacks

Another user has posted on the internet:
“To work around this issue, disable Kernel DMA Protection in BIOS. … Microsoft is aware of this issue. A resolution will be provided in an upcoming release.”
See
stop-code-driver-verifier-dma-violation.md

The Microsoft (see link above) writes:
“Windows leverages the system Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless the drivers for these peripherals support memory isolation (such as DMA-remapping).”

Our miniport driver allocates memory with the following code:

// Register a DMA channel. !! Necessary, otherwise NdisMAllocateSharedMemory will fail.
//
NdisZeroMemory(&dmaDescription, sizeof(NDIS_DMA_DESCRIPTION));
dmaDescription.DemandMode = FALSE;
dmaDescription.AutoInitialize = FALSE;
dmaDescription.DmaChannelSpecified = FALSE;
dmaDescription.DmaWidth = Width32Bits;
dmaDescription.DmaSpeed = Compatible;
dmaDescription.DmaPort = 0;
dmaDescription.DmaChannel = 0;
status = NdisMRegisterDmaChannel(&Adapter->MiniportDmaHandle, Adapter->MiniportAdapterHandle, 0, TRUE, &dmaDescription, 4);

NdisMAllocateSharedMemory(Adapter->MiniportAdapterHandle, Adapter->lengthSMComplete, FALSE, &Adapter->pSMvirtualStartOriginal, &Adapter->pSMphysicalStartOriginal);

Under
enabling-dma-remapping-for-device-drivers
you can find only, that I can add:
[MyServiceInstall_AddReg]
HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in
to the INF file with the opt-in parameter = 1 meaning
“This indicates to the system that your driver is fully compatible with DMA remapping.”

My questions are:

  • How can a driver and/or PCIx adapter made compatible with DMA remapping?
  • Can I avoid the BSD by software means and without disabling the kernel DMA protection in BIOS?
  • Is it correct, that Microsoft is aware of the problem (is it a MS problem?) and is working on a solution?

Thanks a lot!

Carsten

A driver that written properly, and uses the DMA api for their particular driver model, is automatically compatible with DMA Remapping. If your driver runs (on a machine without DMA remapping active) under Driver Verifier with DMA Verification enabled, you should be good to go.

So… set the DMA remapping value to enabled, and see if your driver works.

I would DISable DMA remapping, because it’s an important security protection. Just make your driver work properly, instead.

I don’t have any idea why this would be a “problem” that MSFT needs to,fix, except for the fact that I also don’t understand why you would have to opt IN to use DMAR. As I said, all properly written drivers should work. So, while it’s nice that there’s a way to opt OUT… shouldn’t this just be “enabled by default” so that devs like you don’t encounter this BSOD?

Peter

Hi Peter,

thanks a lot for your answer, but unfortunately, I did not understand what you wanted to say to me.

“If your driver runs on a machine without DMA remapping active”
How do I know, whether the machine has DMA remapping active?

“So… set the DMA remapping value to enabled, and see if your driver works.”
“I would disable DMA remapping, because it’s an important security protection.”
How can I enable or disable DMA remapping?

As far as I know, I

  • can enable/disable Kernel DMA protection in the BIOS (on newer mainboards)
  • have an DMA remapping compatible driver (by using standard NDIS functions it should be compatible automatically)
  • can “opt in” or “opt out” by an INF file entry to tell tell the system, that my driver is remap compatible

? How can I put that all together?

Thanks
Carsten

PS:
With driver verifiers DMA check enabled and an “opt in” INF entry
“HKR,Parameters,DmaRemappingCompatible,0x00010001,1 ; where 1 = opt-in”
our miniport driver runs without any problems on machines, which don’t have the mainboard BIOS “kernel DMA protection” option.

How can I enable or disable DMA remapping?

Opt in. Set the value in the INF file. Then you’re done, and everything should work.

No? Am I missing some major point?

Peter

Yes, you are missing, that it crashes with the INF value set also :smile:

Crashing only occurs on machines, which have the BIOS “kernel DMA protection” option.

It looks likes, as this is a Microsoft bug:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/stop-code-driver-verifier-dma-violation

Except you said you have an Express bus device. The page you reference says Express bus devices aren’t affected, doesn’t it?

Peter

Our Network-Adapter (which is a PCIx-Adapter) is internally a PCI device with a PCI to PCIx bridge.
I am not familiar with the hardware details and how that affects the problem.

Thanks, Carsten

In your first post, you said it was PCIe. Now it’s PCIx.

It would help to have the details correct. They’re more than a little important when you’re writing a driver.

Peter

Sorry, it is PCI express.

So we have a PCI express (X1) Network-Adapter, which is internally a PCI device with a PCIe to PCI bridge.

I thought, that PCIx and PCI express is the same, but I learned, it is not :wink:

Thanks for asking for a clarification, Peter!