Asserts in MmBuildMdlForNonPagedPool under WinXPsp2-chk

My driver needs a one-time, short write access to kernel memory that
is read-only. I use IoAllocateMdl, MmBuildMdlForNonPagedPool, and
MmMapLockedPages to create a new virtual mapping with write-access
to the underlying pages.

This appears to work properly, but I’m running the checked ntoskrnl
and hal for WinXP-sp2, and I get several asserts from mm in the
MmBuildMdlForPagedPool:

(MemoryDescriptorList->MdlFlags & ( MDL_MAPPED_TO_SYSTEM_VA |
MDL_SOURCE_IS_NONPAGED_POOL | MDL_PARTIAL_HAS_BEEN_MAPPED)) == 0
*** Source File: d:\xpsprtm\base\ntos\mm\iosup.c, line 3542

(MemoryDescriptorList->MdlFlags & ( MDL_PAGES_LOCKED | MDL_PARTIAL)) != 0
*** Source File: d:\xpsprtm\base\ntos\mm\iosup.c, line 3546

The MDL built in IoAllocateMdl from the write-protected virtual
kernel address has flags MDL_SOURCE_IS_NONPAGED_POOL and
MDL_ALLOCATED_FIXED_SIZE, as would be expected.

The first assertion from MmBuildMdlForNonPagedPool is testing to
make sure the MDL does not have MDL_SOURCE_IS_NONPAGED)POOL,
which seems totally strange, since this call requires the MDL
to be built from NPP.

The second assertion is test to make sure that my MDL either has
MDL_PAGES_LOCKED or is a PARTIAL MDL. It’s a full MDL, but I
don’t see why NonPagedPool wouldn’t be the same as permanently
locked pages. (I even tried to use MmProbeAndLockPages on the
read-only virtual address, and that gave serious complaints!)

Anyway, I do get a writable virtual address that does work, but
I’m worried that the asserts are there for a reason. Anyone have
insight into this issue? I’d be interested in whether NT, W2K,
or W2K3 has similar problems in building the MDL.

TIA

Jerry Schneider wrote:

My driver needs a one-time, short write access to kernel memory that
is read-only. I use IoAllocateMdl, MmBuildMdlForNonPagedPool, and
MmMapLockedPages to create a new virtual mapping with write-access
to the underlying pages.

This appears to work properly, but I’m running the checked ntoskrnl
and hal for WinXP-sp2, and I get several asserts from mm in the
MmBuildMdlForPagedPool:

PagedPool or NonPagedPool? You have now used both terms. Is it
possible you’re calling the wrong routine?

(MemoryDescriptorList->MdlFlags & ( MDL_MAPPED_TO_SYSTEM_VA |
MDL_SOURCE_IS_NONPAGED_POOL | MDL_PARTIAL_HAS_BEEN_MAPPED)) == 0
*** Source File: d:\xpsprtm\base\ntos\mm\iosup.c, line 3542

(MemoryDescriptorList->MdlFlags & ( MDL_PAGES_LOCKED | MDL_PARTIAL)) != 0
*** Source File: d:\xpsprtm\base\ntos\mm\iosup.c, line 3546

The MDL built in IoAllocateMdl from the write-protected virtual
kernel address has flags MDL_SOURCE_IS_NONPAGED_POOL and
MDL_ALLOCATED_FIXED_SIZE, as would be expected.

The first assertion from MmBuildMdlForNonPagedPool is testing to
make sure the MDL does not have MDL_SOURCE_IS_NONPAGED)POOL,
which seems totally strange, since this call requires the MDL
to be built from NPP.

True, IF you’re actually calling MmBuildMdlForNonPagedPool.

Tim Roberts wrote:

Jerry Schneider wrote:

> My driver needs a one-time, short write access to kernel memory that
> is read-only. I use IoAllocateMdl, MmBuildMdlForNonPagedPool, and
> MmMapLockedPages to create a new virtual mapping with write-access
> to the underlying pages.
>
> This appears to work properly, but I’m running the checked ntoskrnl
> and hal for WinXP-sp2, and I get several asserts from mm in the
> MmBuildMdlForPagedPool:
^Non

Yikes. My bad, although there isn’ such a function listed in ddk :<).
I need editor that writes what I mean, not what I type…

PagedPool or NonPagedPool? You have now used both terms. Is it
possible you’re calling the wrong routine?