1394 and Win2K

NTDEV
1

OK, maybe someone at MS can comment on this, or someone who has encountered
this specific issue. I have been digging through the assembly of the
ohci1394 and 1394bus drivers to figure out why when I attach a particular
1394 device to a 2K system, it bug checks, long before the device wizard
appears. Here is what I found:

In the bowels of Bus1394GetConfigurationInformation() it reads in the unit
directory and unit dependent directory information from the config rom. For
the device I am working on all of this works great, though in the device it
has nothing to discover in the unit dependent directory data. Then towards
the end of the above mentioned routine, it goes through and frees up all the
mdls and buffers it allocated for the reading of the config information.
What I see is that it calls IoFreeMdl() for a given mdl, then it proceeds to
call ExFreePool() on the same mdl.

This processing leads to a system failure at some point later. With verifier
turned on, the next time someone frees an Mdl, and the list in the lookaside
buffer is walked, it bugchecks due to inconsistent state.

Anyone run across this? I have ran through the scenario several times and
every time I see it double freeing the mdl. This is in Win2K with SP4
applied.

Thanks,

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)455-9568

2

As a follow up here, if another quadlet is added to the config rom with a
MODEL_KEY_SIGNATURE value, the ‘problem’ goes away.

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)455-9568

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-191504-
xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Tuesday, October 26, 2004 6:49 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] 1394 and Win2K

OK, maybe someone at MS can comment on this, or someone who has
encountered
this specific issue. I have been digging through the assembly of the
ohci1394 and 1394bus drivers to figure out why when I attach a particular
1394 device to a 2K system, it bug checks, long before the device wizard
appears. Here is what I found:

In the bowels of Bus1394GetConfigurationInformation() it reads in the unit
directory and unit dependent directory information from the config rom.
For
the device I am working on all of this works great, though in the device
it
has nothing to discover in the unit dependent directory data. Then towards
the end of the above mentioned routine, it goes through and frees up all
the
mdls and buffers it allocated for the reading of the config information.
What I see is that it calls IoFreeMdl() for a given mdl, then it proceeds
to
call ExFreePool() on the same mdl.

This processing leads to a system failure at some point later. With
verifier
turned on, the next time someone frees an Mdl, and the list in the
lookaside
buffer is walked, it bugchecks due to inconsistent state.

Anyone run across this? I have ran through the scenario several times and
every time I see it double freeing the mdl. This is in Win2K with SP4
applied.

Thanks,

Pete

Peter Scott
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)455-9568

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com