Hooking Page-fault handler

Hi all.

Does anybody know that how to hook page-fault handler in my driver?

Windows XP have demand-paging mechanisms. So, I want to hook page-fault handler and set a custom page by my hook handler.

In other words, when a user-application accesses specific page, I want to set a custom page by hooking page-fault handler in my driver.
My driver makes mapping-region which are mapping kernel memory to user space. (the mapped-region is page-size align)

Any advice?

Thank you.

Forget it there is no safe way to do this, and no way to ensure that you are
catching the right process. I think this was answered here in the last few
weeks.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

wrote in message news:xxxxx@ntdev…
> Hi all.
>
> Does anybody know that how to hook page-fault handler in my driver?
>
> Windows XP have demand-paging mechanisms. So, I want to hook page-fault
> handler and set a custom page by my hook handler.
>
> In other words, when a user-application accesses specific page, I want to
> set a custom page by hooking page-fault handler in my driver.
> My driver makes mapping-region which are mapping kernel memory to user
> space. (the mapped-region is page-size align)
>
> Any advice?
>
> Thank you.
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4415 (20090910)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4415 (20090910)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Thank you for your advice.

I read your discussion.

But, I can’t believe that Windows does not support the canonical interface for
hooking page-fault.

Because, I consider that the interface is necessary for constructing a contiguous
virtual-memory space from scattering kernel-memory spaces (physical-memory spaces),
and this requisition is typical for many device drivers.

So, I consider using page-fault mechanism is proper to implement the requisition.

I have some experience in Linux device driver programming. In Linux, the developers
can use the page-fault handler for above requisition.

So, I am looking for same method on Windows kernel.

Any advice?

Go back to Linux. Windows does not have this capability, you will not get
this capability, you will destabilize the system if you try to hack this
capability. Just because Linux did this, does not mean other systems wil.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

wrote in message news:xxxxx@ntdev…
> Thank you for your advice.
>
> I read your discussion.
>
> But, I can’t believe that Windows does not support the canonical interface
> for
> hooking page-fault.
>
> Because, I consider that the interface is necessary for constructing a
> contiguous
> virtual-memory space from scattering kernel-memory spaces (physical-memory
> spaces),
> and this requisition is typical for many device drivers.
>
> So, I consider using page-fault mechanism is proper to implement the
> requisition.
>
> I have some experience in Linux device driver programming. In Linux, the
> developers
> can use the page-fault handler for above requisition.
>
> So, I am looking for same method on Windows kernel.
>
> Any advice?
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4415 (20090910)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4415 (20090910)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

I would not take duty hack.

You mean, the method of mapping kernel memory to user memory is illegal method
on Windows kernel ?

OK, If you want to copy very very large buffer (For example 100MB) to device,
such as specific NIC, will you design the program which wreaks the storm of
executing system-call for copying user-space to kernel-space?. Or, you will
say “Windows does not have this capability” to your customer?

I DO NOT intend to discuss about which a good kernel is Windows or Linux.

I am merely looking for the best solution for my requisition on Windows.

Thank you.

xxxxx@gmail.com wrote:

But, I can’t believe that Windows does not support the canonical interface for
hooking page-fault.

It is true.

Because, I consider that the interface is necessary for constructing a contiguous
virtual-memory space from scattering kernel-memory spaces (physical-memory spaces),
and this requisition is typical for many device drivers.

No, it is not. I’ve been writing Windows drivers for 19 years, and
there was only one case (in Windows 3.1) where we actually needed this.
It’s just not the way drivers are architected on Windows.

On the other hand, there probably are ways of doing what you need to
do. If you need to map a device into user space, you can do that, but
even that is not recommended, because it represents a security problem.

If you can share more about the type of problem you are trying to solve,
we can point you to the proper way of handling it in Windows.

So, I consider using page-fault mechanism is proper to implement the requisition.

Not in Windows.

I have some experience in Linux device driver programming. In Linux, the developers
can use the page-fault handler for above requisition.

So, I am looking for same method on Windows kernel.

Any advice?

Absolutely, yes: Find another way.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

xxxxx@gmail.com wrote:

You mean, the method of mapping kernel memory to user memory is illegal method
on Windows kernel ?

OK, If you want to copy very very large buffer (For example 100MB) to device,
such as specific NIC, will you design the program which wreaks the storm of
executing system-call for copying user-space to kernel-space?. Or, you will
say “Windows does not have this capability” to your customer?

Neither. When the user passes his 100MB request to the kernel driver,
the operating system will map that buffer into kernel space. There will
simply be multiple virtual-to-physical mappings for that buffer. The
driver can then create a scatter/gather list for the device’s DMA
engine, if needed. No extra copy is needed.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Mapping memory is into process address space is very much supported on
Windows.

What does this have to do with hooking the page-fault handler?

What it sounds like you think you should be able to do is provide your own
private memory virtualization facility for an arbitrary bit of user address
space.

Also, there is no such thing as ‘kernel memory’ and ‘user memory’.

There is memory.

There is kernel address space and user address space.

And for what it is worth, Windows is perfectly adept at moving large amounts
of data from applications to devices and can do so with a very small number
of system calls when the application, driver, and device are designed for
such a scenario.

Some might not even consider 100MB to be a particularly large buffer. (what
was the famous movie line, “… I sh*t bigger than that…” or some such? oh
never mind.)

My point is that whatever you are trying to do, you

a) clearly do not know how to do it on Windows else you would not be making
inquiry to this group.

b) have done it on Linux using facilities on that OS and cannot seem to see
that perhaps the problem just might not have the same solution on Windows.

c) have not done your homework on the Windows internals enough to know that
what you just asked was pretty crazy and by coming back to impugn Don, you
are not doing yourself any favors.

d) probably have a very limited number of chances to calm down and ask
again, this time with the question being formed something like

“I have a device, it has characteristics like , and my application needs
to do thus. What are my options on Windows that make sense given…”

Don’t ask how to implement the solution you have chosen. Ask how to solve
the root problem.

This group lives for questions like that. You get good ideas and free and
valuable advice that way.

Good Luck,
Dave Cattley

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, September 10, 2009 9:26 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Hooking Page-fault handler

I would not take duty hack.

You mean, the method of mapping kernel memory to user memory is illegal
method
on Windows kernel ?

OK, If you want to copy very very large buffer (For example 100MB) to
device,
such as specific NIC, will you design the program which wreaks the storm of
executing system-call for copying user-space to kernel-space?. Or, you will
say “Windows does not have this capability” to your customer?

I DO NOT intend to discuss about which a good kernel is Windows or Linux.

I am merely looking for the best solution for my requisition on Windows.

Thank you.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

This is one possibility. The second one is: forget about Linux :slight_smile:
Instead, learn how to do things properly in Windows. Recommended
reading: WDK docs, this list archives and following book
http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Friday, September 11, 2009 2:14 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Hooking Page-fault handler

Go back to Linux. Windows does not have this capability, you
will not get
this capability, you will destabilize the system if you try
to hack this
capability. Just because Linux did this, does not mean
other systems wil.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

wrote in message news:xxxxx@ntdev…
> > Thank you for your advice.
> >
> > I read your discussion.
> >
> > But, I can’t believe that Windows does not support the
> canonical interface
> > for
> > hooking page-fault.
> >
> > Because, I consider that the interface is necessary for
> constructing a
> > contiguous
> > virtual-memory space from scattering kernel-memory spaces
> (physical-memory
> > spaces),
> > and this requisition is typical for many device drivers.
> >
> > So, I consider using page-fault mechanism is proper to
> implement the
> > requisition.
> >
> > I have some experience in Linux device driver programming.
> In Linux, the
> > developers
> > can use the page-fault handler for above requisition.
> >
> > So, I am looking for same method on Windows kernel.
> >
> > Any advice?
> >
> >
> > Information from ESET NOD32 Antivirus, version of virus
> > signature database 4415 (20090910)

> >
> > The message was checked by ESET NOD32 Antivirus.
> >
> > http://www.eset.com
> >
> >
> >
>
>
>
> Information from ESET NOD32 Antivirus, version of
> virus signature database 4415 (20090910)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>

Thank you for all advices for me.

Firstly, I have to apologize for my inadequate posts and my provocative words.

I am sorry.

To tell the truth, I am tackling a co-processor driver on Windows.
This co-processor are called “Intel VT-x” and it is implemented into
Intel CPU. So, I am trying to implement software just like VMware
and VirtualBox.

“Intel VT-x” requires the physical-memory space for running the program
which may involves some privilege instructions, such as other operating
system program.

So, I considered that the physical-memory space should be allocated on my
kernel-driver. because, I through that user-space address can not translate
to physical-memory address, exactly.

Moreover, the physical-memory space may have very big size, because
nobody want to run other operating system on small memory-space.

On Windows kernel, however, my driver can not always get a very large
contiguous physical-memory space. because, Windows memory allocater
may have only fragmented physical-memory space.

To construct a very large contiguous physical-memory space,
I considered the method for gathering many physical-pages

Briefly, a large contiguous physical-memory space are constructed
by amount of physical-memory pages. (In Windows kernel term, I
think, the physical-memory page means NonPagedPool memory)

The point is that, How do scattering physical-memory pages
set up a contiguous address in USER SPACE address?.
The program (As above stated, the program means such as operating
system program) is injected by user application to my driver.

So, I want to implement my driver that the scattering
physical-memory pages are viewed as contiguous user address space.

I asked a page-fault question in my first post, because I thought that
I can use page-fault mechanisms to implement this method.Thank you for all advices for me.

Firstly, I have to apologize for my inadequate posts and my provocative words.

I am sorry.

To tell the truth, I am tackling a co-processor driver on Windows.
This co-processor are called “Intel VT-x” and it is implemented into
Intel CPU. So, I am trying to implement software just like VMware
and VirtualBox.

“Intel VT-x” requires the physical-memory space for running the program
which may involves some privilege instructions, such as other operating
system program.

So, I considered that the physical-memory space should be allocated on my
kernel-driver. because, I through that user-space address can not translate
to physical-memory address, exactly.

Moreover, the physical-memory space may have very big size, because
nobody want to run other operating system on small memory-space.

On Windows kernel, however, my driver can not always get a very large
contiguous physical-memory space. because, Windows memory allocater
may have only fragmented physical-memory space.

To construct a very large contiguous physical-memory space,
I considered the method for gathering many physical-pages

Briefly, a large contiguous physical-memory space are constructed
by amount of physical-memory pages. (In Windows kernel term, I
think, the physical-memory page means NonPagedPool memory)

The point is that, How do scattering physical-memory pages
set up a contiguous address in USER SPACE address?.
The program (As above stated, the program means such as operating
system program) is injected by user application to my driver.

So, I want to implement my driver that the scattering
physical-memory pages are viewed as contiguous user address space.

I asked a page-fault question in my first post, because I thought that
I can use page-fault mechanisms to implement this method.Thank you for all advices for me.

Firstly, I have to apologize for my inadequate posts and my provocative words.

I am sorry.

To tell the truth, I am tackling a co-processor driver on Windows.
This co-processor are called “Intel VT-x” and it is implemented into
Intel CPU. So, I am trying to implement software just like VMware
and VirtualBox.

“Intel VT-x” requires the physical-memory space for running the program
which may involves some privilege instructions, such as other operating
system program.

So, I considered that the physical-memory space should be allocated on my
kernel-driver. because, I through that user-space address can not translate
to physical-memory address, exactly.

Moreover, the physical-memory space may have very big size, because
nobody want to run other operating system on small memory-space.

On Windows kernel, however, my driver can not always get a very large
contiguous physical-memory space. because, Windows memory allocater
may have only fragmented physical-memory space.

To construct a very large contiguous physical-memory space,
I considered the method for gathering many physical-pages

Briefly, a large contiguous physical-memory space are constructed
by amount of physical-memory pages. (In Windows kernel term, I
think, the physical-memory page means NonPagedPool memory)

The point is that, How do scattering physical-memory pages
set up a contiguous address in USER SPACE address?.
The program (As above stated, the program means such as operating
system program) is injected by user application to my driver.

So, I want to implement my driver that the scattering
physical-memory pages are viewed as contiguous user address space.

I asked a page-fault question in my first post, because I thought that
I can use page-fault mechanisms to implement this method.Thank you for all advices for me.

Firstly, I have to apologize for my inadequate posts and my provocative words.

I am sorry.

To tell the truth, I am tackling a co-processor driver on Windows.
This co-processor are called “Intel VT-x” and it is implemented into
Intel CPU. So, I am trying to implement software just like VMware
and VirtualBox.

“Intel VT-x” requires the physical-memory space for running the program
which may involves some privilege instructions, such as other operating
system program.

So, I considered that the physical-memory space should be allocated on my
kernel-driver. because, I through that user-space address can not translate
to physical-memory address, exactly.

Moreover, the physical-memory space may have very big size, because
nobody want to run other operating system on small memory-space.

On Windows kernel, however, my driver can not always get a very large
contiguous physical-memory space. because, Windows memory allocater
may have only fragmented physical-memory space.

To construct a very large contiguous physical-memory space,
I considered the method for gathering many physical-pages

Briefly, a large contiguous physical-memory space are constructed
by amount of physical-memory pages. (In Windows kernel term, I
think, the physical-memory page means NonPagedPool memory)

The point is that, How do scattering physical-memory pages
set up a contiguous address in USER SPACE address?.
The program (As above stated, the program means such as operating
system program) is injected by user application to my driver.

So, I want to implement my driver that the scattering
physical-memory pages are viewed as contiguous user address space.

I asked a page-fault question in my first post, because I thought that
I can use page-fault mechanisms to implement this method.

Thank you.

> So, I consider using page-fault mechanism is proper to implement the requisition.

I have some experience in Linux device driver programming. In Linux, the developers
can use the page-fault handler for above requisition.

This mistake is very typical for someone who has an experience with the system A and is required to write a driver for the system B - he tries to do things the way they are done under the system A, although his target system B does thing differently…

But, I can’t believe that Windows does not support the canonical interface for hooking page-fault.

Well, I’ve got even bigger surprise for you - Windows does not support mmap() for devices either…

Under Linux an app will call mmap(), which will result in your driver’s mmap() handler invocation.
This handler will receive a pointer to vma object, so that it will register your driver’s nopage() method
with it. From now on your driver’s nopage() handler will get invoked whenever a page fault on your device’s memory-mapped range occurs.

It is easy to understand that once Windows does not support mmap() for devices trying the above approach under Windows is just a plain no-brainer, simply because there is nothing that logically connects
a given virtual range in the user address space with your device . In order to do something like that you will have to write an entire extension of MM and deal with structures that you don’t own, which means that you will be unable to properly synchronize an access to these structures with memory manager.

You mean, the method of mapping kernel memory to user memory is illegal method
on Windows kernel ?

If you are just desperate to map device-owned memory into the user space, you can do it with MmMapLockedPagesSpecifyCache() - there is no problem here whatsoever. However, don’t forget that
you have to make this call in the right context, and, even more important, that its matching call to
MmUnmapLockedPages() has to be made in the same context as well. Certainly, you can associate any
particular mapping with file handle and unmap memory when this handle gets closed, but consider what happens if the target app terminates abnormally after having duplicated file handle to another process.

Therefore, if you want to share memory between an app and driver it is better to do things the other way around, i.e. to allocate it in the user space and map it into the kernel one. However, again, don’t forget that
you will have to synchronize an access to this shared memory somehow, and the resulting overhead
may well outweight all benefits that you expect from sharing a buffer, in the first place. As long as we are speaking about the transfer rates megs of data per second sharing a buffer is perfectly fine, but this does not apply to each and every situation…

OK, If you want to copy very very large buffer (For example 100MB) to device, such as specific NIC,
will you design the program which wreaks the storm of executing system-call for copying
user-space to kernel-space?.

Well, as long as we speak about a single operation, all that you need here is direct IO. If you want to do it
repeatedly you can map a buffer to the kernel space( and subsequently deal with synch-related issues)…

Anton Bassov

> Firstly, I have to apologize for my …

Firstly, I have to apologize for my …

Firstly, I have to apologize for my …

Firstly, I have to apologize for my …

Have you heard a phrase(IIRC, by Diikstra) “Two or more use a FOR”??? You could have used a FOR loop here…

Anton Bassov

> My driver makes mapping-region which are mapping kernel memory to user space. (the mapped-

Can you please use documented APIs to do this?

In Win64, you can hardly hook anything (without being marked as malware by the AV software).


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

> But, I can’t believe that Windows does not support the canonical interface for

hooking page-fault.

It does not support it, and the interface is not canonical.

Map the memory using documented APIs.

Because, I consider that the interface is necessary for constructing a contiguous
virtual-memory space from scattering kernel-memory spaces (physical-memory spaces),
and this requisition is typical for many device drivers.

Not typical at all. Memory mapping across kernel/user is considered to be not so good an idea in Windows, for instance, due to synchronization issues on mapping updates.

But, if you really need so, you can:

a) allocate page-aligned (size >= 4KB) memory in kmode, then create a MDL off it, then use MmMapLockedPages(…UserMode…)

c) allocate page-aligned (VirtualAlloc) memory in umode, then pass this memory as a parameter of some METHOD_xxx_DIRECT IOCTL call.

In kmode, pend (with cancellation support) this IOCTL IRP nearly forever (till unmap will be requested by some another IOCTL), and call MmGetSystemAddressForMdlSafe(Irp->MdlAddress), this will return the kernel-mode pointer to this memory.

To undo all of this, just stupidly complete the IOCTL IRP in kmode, nothing else.

I have some experience in Linux device driver programming. In Linux, the developers
can use the page-fault handler for above requisition.

And can the developers then actually commit their patched page fault handlers to the main Linux tree?


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

What I would suggest to you is to read all docs related to the MDL structure and all MmXxx and IoXxx functions working with it. It is the key structure in all Windows memory mapping, syscall data buffering and DMA. In Linux, the similar structure is called “struct kiobuf”.

You mean, the method of mapping kernel memory to user memory is illegal method
on Windows kernel ?

Legal. By MmMapLockedPages(…UserMode…).

OK, If you want to copy very very large buffer (For example 100MB) to device,
such as specific NIC, will you design the program which wreaks the storm of
executing system-call for copying user-space to kernel-space?.

Surely. 1 syscall per 32MB is not a “storm” at all. :slight_smile:

Note that mostly Windows uses zero-copy IO, so, this surely does not mean that all of these data will go through memcpy.

On each syscall, Windows will create a MDL over the data area passed to syscall, probe and lock the pages, and then pass this MDL down to lower levels - NICs or such. Sooner or later, the MDL - maybe after transformations - will reach the hardware’s DMA which will run over its locked physical page list at its tail.

This is now zero-copy IO works in Windows.

Using remapped memory for general data flow is usually evil, since you cannot synchronize properly.

But, in some cases, its use is justified - like this new Vista’s generic sound driver (I think WaveRT is the name) which maps the DMA common buffer of the chip to the user-mode audio server process, and then provides the IOCTL of something like “advance producer pointer”. The audio server fills the mapped area with the audio data and then calls this IOCTL.

In this case, no kernel mode code ever touches the audio data at all, it only touches producer/consumer pointers. Good for DRM :slight_smile: also it is good for audio server code since the mixer’s math really accesses the output buffer bytewise.

You can re-implement this architecture for your hardware too if you think it is justified.

I am merely looking for the best solution for my requisition on Windows.

  1. allocate a page-aligned (to avoid sensitive information leak from the unaligned head/tail) kernel memory. Can be paged or nonpaged. Can even be a DMA common buffer (like in WaveRT). DMA common buffer is nonpaged.

  2. do the full MDL creation sequence on this memory. For nonpaged, it is IoAllocateMdl+MmBuildMdlForNonPagedPool. For paged, it is IoAllocateMdl+MmProbeAndLockPages, note that MmProbeAndLockPages must be called like:

Status = STATUS_SUCCESS;
__try
{
MmProbeAndLockPages(…);
} __except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}

I would suggest to wrap the above snippet as MmProbeAndLockPagesWitStatusError or such.

  1. call MmMapLockedPages(…UserMode…) on this MDL

Note that, as you can imagine, the process must first express its will to map the driver’s memory to itself, so, this all must be done in some IOCTL path.

Use of CreateFileMapping/MapViewOfFile on a usual driver’s (not FSDs) file handle is not supported in Windows. Well, it is supported, if the driver will do lots of work - set up the FCB with its header (2 locks in it) and SectionObjectPointers, support the special file size queries, and support the paging IO.

Yes, in this model, Mm will actually call the driver with “please fill these pages with the proper data” and “please process the user-updated data in these pages”, this is not a remap.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Minor correction:

Neither. When the user passes his 100MB request to the kernel driver,
the operating system will map that buffer into kernel space.

The OS itself will not, unless the driver will call MmGetSystemAddressForMdlSafe, which is usually not needed for hi-perf DMA hardware, where there is no need at all for the driver’s kmode code to ever see this data.

driver can then create a scatter/gather list for the device’s DMA
engine, if needed. No extra copy is needed.

(below is for arena431@, surely I know that Tim knows this better then me :slight_smile: )

Exactly. The OS creates a MDL from the syscall’s buffer and passes it to the driver. The driver, if it’s hardware is DMA-capable, can pass this MDL to the DMA routines which will make SGL from it, the SGL is then converted by the driver to the device-specific format and fed to the device.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

> No, it is not. I’ve been writing Windows drivers for 19 years, and

there was only one case (in Windows 3.1) where we actually needed this.
It’s just not the way drivers are architected on Windows.

In 99% of cases - yes.

But there are some legal uses of this, for instance, in WaveRT. It has some special requirements:

a) DRM - no kernel mode code should touch this data

b) it’s main client is obviously the mixer/effects code in the audio server process (former kmixer), and this thing is a complex math with bytewise (or wordwise) output. For such a client, it is easier to just use *Ptr++ = NextByte in the mapped aperture, and then sometimes call the “update producer pointer” IOCTL.

The usual Windows way will require such a client to allocate a buffer (or even manage a ring of several buffers), then use *Ptr++ = NextByte in it, then - when it is full - send it to kmode with some IOCTL, then allocate the new buffer and also handle completions. More complex.

If the client of the driver can be any (and the syscall’s Data pointer can be any) - then the usual Windows way is more flexible. But, if the output is always bytewise-generated by some math - then WaveRT’s way is maybe better.

c) special audio server process seems to be the only WaveRT’s client, so, no security issues with the mapping.

But yes, this is not a canonical way in Windows.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

> a) allocate page-aligned (size >= 4KB) memory in kmode, then create a MDL off it,

then use MmMapLockedPages(…UserMode…)

Theoretically yes, but in practice you will have to deal with quite a few additional issues if you map device-owned memory into the user space. If you want to share a buffer it is better to do it the other way around (but first of all, you have to think carefully whether sharing a buffer is needed in your particular situation, in the first place)…

In kmode, pend (with cancellation support) this IOCTL IRP nearly forever (till unmap will be
requested by some another IOCTL),

…which may never arrive, for example, because the target app terminates abnormally…

And can the developers then actually commit their patched page fault handlers to the main Linux tree?

There is no need for patching page fault handler under Linux - if your device file is mapped into the user space your nopage() method will get invoked whenever an app faults on the page, and you have to back it up with a physical page. This mechanism is very well defined by the system - there are no “ugly hacks” involved whatsoever…

Anton Bassov

> kernel-driver. because, I through that user-space address can not translate

to physical-memory address, exactly.

It can, and this is trivial in Windows - just use DO_DIRECT_IO (for read/write) and METHOD_xxx_DIRECT (for IOCTL) and then pass Irp->MdlAddress to the DMA routines.

To construct a very large contiguous physical-memory space,

Forget it. The large physical memory space will always be fragmented.

The point is that, How do scattering physical-memory pages
set up a contiguous address in USER SPACE address?.

Create a MDL describing these pages, then use MmMapLockedPages(…UserMode…).

BTW, the classic way to allocate large physical memory in Windows is MmAllocatePagesForMdl. It immediately creates a MDL.

So, I want to implement my driver that the scattering
physical-memory pages are viewed as contiguous user address space.

See above. Or - have you considering allocating in user mode, and then locking and accessing in kernel mode?


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

> There is no need for patching page fault handler under Linux - if your device file is mapped into the ?

user space your nopage() method

Is it the path which supports the mmap() call on custom driver’s file handles?


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com