Just now I work on a driver of PLX9054 by DriverStudio3.2. When I begin the DMA part, I encounter a big problem , though All my code consult to the help of DriverStudio3.2.
The prolbem is when the DMA interupt occurs , the DPC runs, in it , the impletion of this sentence "m_CurrentTransfer->Continue(UseTransferSize) " would bring a reset of my PC.
I used two type of method to exchange data between the APP and the driver. First is the IRP’s MDL , the second is a common buffer. But both the same .
I used Windbg to check the problem . the result are below:
when I used IRP’s MDL :
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: D:\WINDOWS\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20
Debug session time: Mon Oct 22 23:41:40.886 2007 (GMT+8)
System Uptime: 0 days 0:40:17.396
Loading Kernel Symbols
…
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {9adc9f4c, 2, 0, 804efd80}
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
Probably caused by : pci9.sys ( pci9!KDmaAdapter::FlushBuffers+5d )
Followup: MachineOwner
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9adc9f4c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804efd80, address which referenced memory
Debugging Details:
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffdf00c). Type “.hh dbgerr001” for details
READ_ADDRESS: 9adc9f4c
CURRENT_IRQL: 2
FAULTING_IP:
nt!MmMapLockedPagesSpecifyCache+1de
804efd80 8b4f0c mov ecx,dword ptr [edi+0Ch]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: Test.exe
TRAP_FRAME: f9947e38 – (.trap 0xfffffffff9947e38)
ErrCode = 00000000
eax=8113dbf8 ebx=812860d8 ecx=833b93e8 edx=81000000 esi=00000163 edi=9adc9f40
eip=804efd80 esp=f9947eac ebp=f9947ed0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!MmMapLockedPagesSpecifyCache+0x1de:
804efd80 8b4f0c mov ecx,dword ptr [edi+0Ch] ds:0023:9adc9f4c=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 804efd80 to 804e3158
STACK_TEXT:
f9947e38 804efd80 badb0d00 81000000 81373b30 nt!KiTrap0E+0x233
f9947ed0 806ef786 812860f4 1f000000 c03e6b20 nt!MmMapLockedPagesSpecifyCache+0x1de
f9947ef4 806f0bd8 812860d8 8121fd00 00af6eb8 hal!HalpCopyBufferMap+0x24
f9947f24 f910f66d 01b83cd0 812860d8 8121fd01 hal!IoFlushAdapterBuffers+0xac
f9947f4c f910f57b 812860d8 8121fd01 00af6eb8 pci9!KDmaAdapter::FlushBuffers+0x5d [d:\program files\compuware\driverstudio\driverworks\include\kadapter.h @ 448]
f9947f88 f910e8a9 00000000 00000000 ffb80400 pci9!KDmaTransfer::CompleteLastTransfer+0x13d [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 775]
f9947fa0 f9105539 00000000 00000000 00000000 pci9!KDmaTransfer::Continue+0x19 [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 290]
f9947fbc f9103914 ffb800d8 00000000 00000000 pci9!pci9Device::IsrDpc+0x68 [e:\xxx\v5 07.10.15\pci9\driver\pci9device.cpp @ 1420]
f9947fd0 804dd179 ffb803b0 ffb800d8 00000000 pci9!pci9Device::IsrDpcLINK+0x14 [e:\xxx\v5 07.10.15\pci9\driver\pci9device.h @ 38]
f9947ff4 804dce2d f0073d54 00000000 00000000 nt!KiRetireDpcList+0x46
f9947ff8 f0073d54 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING: Frame IP not in any known module. Following frames may be wrong.
804dce2d 00000000 00000009 bb835675 00000128 0xf0073d54
STACK_COMMAND: kb
FOLLOWUP_IP:
pci9!KDmaAdapter::FlushBuffers+5d [d:\program files\compuware\driverstudio\driverworks\include\kadapter.h @ 448]
f910f66d 8be5 mov esp,ebp
FAULTING_SOURCE_CODE:
444: MapRegisterBase,
445: CurrentVa,
446: Length,
447: WriteToDevice);
448: }
449:
450: #if WDM && !defined VXD_COMPATLIB
451: inline NTSTATUS KDmaAdapter::GetScatterGatherList(
452: PDEVICE_OBJECT DeviceObject,
453: PMDL Mdl,
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: pci9!KDmaAdapter::FlushBuffers+5d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pci9
IMAGE_NAME: pci9.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 471cb9fd
FAILURE_BUCKET_ID: 0xA_pci9!KDmaAdapter::FlushBuffers+5d
BUCKET_ID: 0xA_pci9!KDmaAdapter::FlushBuffers+5d
Followup: MachineOwner
when used the common buffer, the result is :
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: D:\WINDOWS\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20
Debug session time: Wed Oct 24 04:51:18.648 2007 (GMT+8)
System Uptime: 0 days 0:02:18.158
Loading Kernel Symbols
…
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd500c). Type “.hh dbgerr001” for details
Loading unloaded module list
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {f9a92eb8, 2, 1, f911154a}
PEB is paged out (Peb.Ldr = 7ffd500c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffd500c). Type “.hh dbgerr001” for details
Probably caused by : pci9.sys ( pci9!KDmaTransfer::CompleteLastTransfer+16c )
Followup: MachineOwner
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f9a92eb8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: f911154a, address which referenced memory
Debugging Details:
PEB is paged out (Peb.Ldr = 7ffd500c). Type “.hh dbgerr001” for details
PEB is paged out (Peb.Ldr = 7ffd500c). Type “.hh dbgerr001” for details
WRITE_ADDRESS: f9a92eb8
CURRENT_IRQL: 2
FAULTING_IP:
pci9!KDmaTransfer::CompleteLastTransfer+16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f911154a f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Test.exe
TRAP_FRAME: f9947ef4 – (.trap 0xfffffffff9947ef4)
ErrCode = 00000002
eax=00000400 ebx=00000400 ecx=00000100 edx=ff9223d8 esi=811cc800 edi=f9a92eb8
eip=f911154a esp=f9947f68 ebp=f9947f88 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
pci9!KDmaTransfer::CompleteLastTransfer+0x16c:
f911154a f3a5 rep movs dword ptr es:[edi],dword ptr [esi] es:0023:f9a92eb8=??? ds:0023:811cc800=00000000
Resetting default scope
LAST_CONTROL_TRANSFER: from f911154a to 804e3158
STACK_TEXT:
f9947ef4 f911154a badb0d00 ff9223d8 f910178c nt!KiTrap0E+0x233
f9947f88 f91108d9 00000000 00000000 ff9223d8 pci9!KDmaTransfer::CompleteLastTransfer+0x16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f9947fa0 f9105589 00000000 00000000 00000000 pci9!KDmaTransfer::Continue+0x19 [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 290]
f9947fbc f9103974 81194bb8 00000000 00000000 pci9!pci9Device::IsrDpc+0x68 [e:\xxx\pci10\driver\pci9device.cpp @ 1431]
f9947fd0 804dd179 81194e90 81194bb8 00000000 pci9!pci9Device::IsrDpcLINK+0x14 [e:\xxx\pci10\driver\pci9device.h @ 38]
f9947ff4 804dce2d f042c5d4 00000000 00000000 nt!KiRetireDpcList+0x46
f9947ff8 f042c5d4 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING: Frame IP not in any known module. Following frames may be wrong.
804dce2d 00000000 00000009 bb835675 00000128 0xf042c5d4
STACK_COMMAND: kb
FOLLOWUP_IP:
pci9!KDmaTransfer::CompleteLastTransfer+16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f911154a f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
FAULTING_SOURCE_CODE:
774: // common buffer into client memory.
775: if ( m_pCommonBuffer )
776: {
777: if ( m_dir == FromDeviceToMemory )
778: RtlCopyMemory(m_pCurrentVa, m_pCommonBuffer->VirtualAddress(), nTransferred);
779: }
780:
781: m_pCurrentVa = (PVOID) ((PCHAR)m_pCurrentVa + nTransferred);
782: m_nBytesLeft -= nTransferred;
783:
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: pci9!KDmaTransfer::CompleteLastTransfer+16c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pci9
IMAGE_NAME: pci9.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 471e5d80
FAILURE_BUCKET_ID: 0xD1_W_pci9!KDmaTransfer::CompleteLastTransfer+16c
BUCKET_ID: 0xD1_W_pci9!KDmaTransfer::CompleteLastTransfer+16c
Followup: MachineOwner
The winDbg told the problem is accessed nonpageable memory in a wrong IRQL , I don’t why ,because the sentence lead to the problem is recommendated by the DS3.2.