Irp->MdlAddress for a METHOD_BUFFERED Irp

Robin_Mitra · March 25, 2003, 5:05pm

Hi,

Does anyone know if it is safe to use the Irp->MdlAddress field of an Irp
that came in with a METHOD_BUFFERED Ioctl for my own uses?
I.e. I’ve defined a IOCTL that needs to fill more than one user buffer. So
the user passes me pointers to user mode buffers in the inBuffer of a
METHOD_BUFFERED Ioctl (i could use METHOD_NEITHER as well). Anyway, my
driver will do all things necessary with the buffer pointer (I am the
top-most driver, IoAllocateMdl, MmBuildAndLockPages…). One of these Mdls I
would like to store in the Irp in case I have to pend it. I know I could use
Irp->Tail.Overlay.DriverContext or so, but I find it tempting to use
Irp->MdlAddress. The question is, what happens when I complete the Irp? Will
the Io-manager stumble over the Mdl or ignore it?

Robin

OSR_Community_User · March 25, 2003, 5:12pm

If you are worried about the io manager stumbling over the irp you
manually placed into the irp, why not set the MdlAddress field to NULL
before completing the irp? As long as you are the only one seeing the
irp in this state, you can safely store whatever you want in that field
… but why isn’t the DriverContext good for this purpose? Did you run
out of slots or you don’t like the casting?

D

This posting is provided “AS IS” with no warranties, and confers no
rights

-----Original Message-----
From: Robin MItra [mailto:xxxxx@mitrasoft.de]
Sent: Tuesday, March 25, 2003 2:04 PM
To: NT Developers Interest List
Subject: [ntdev] Irp->MdlAddress for a METHOD_BUFFERED Irp

Hi,

Does anyone know if it is safe to use the Irp->MdlAddress field of an
Irp
that came in with a METHOD_BUFFERED Ioctl for my own uses?
I.e. I’ve defined a IOCTL that needs to fill more than one user buffer.
So
the user passes me pointers to user mode buffers in the inBuffer of a
METHOD_BUFFERED Ioctl (i could use METHOD_NEITHER as well). Anyway, my
driver will do all things necessary with the buffer pointer (I am the
top-most driver, IoAllocateMdl, MmBuildAndLockPages…). One of these
Mdls I
would like to store in the Irp in case I have to pend it. I know I could
use
Irp->Tail.Overlay.DriverContext or so, but I find it tempting to use
Irp->MdlAddress. The question is, what happens when I complete the Irp?
Will
the Io-manager stumble over the Mdl or ignore it?

Robin

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · March 25, 2003, 6:38pm

“Robin MItra” wrote in message news:xxxxx@ntdev…
>
> Hi,
>
> Does anyone know if it is safe to use the Irp->MdlAddress field of an Irp
> that came in with a METHOD_BUFFERED Ioctl for my own uses?
> I.e. I’ve defined a IOCTL that needs to fill more than one user buffer. So
> the user passes me pointers to user mode buffers in the inBuffer of a
> METHOD_BUFFERED Ioctl (i could use METHOD_NEITHER as well). Anyway, my
> driver will do all things necessary with the buffer pointer (I am the
> top-most driver, IoAllocateMdl, MmBuildAndLockPages…). One of these Mdls
I
> would like to store in the Irp in case I have to pend it. I know I could
use
> Irp->Tail.Overlay.DriverContext or so, but I find it tempting to use
> Irp->MdlAddress. The question is, what happens when I complete the Irp?
Will
> the Io-manager stumble over the Mdl or ignore it?

If you are passing the user mode buffer to the next lower driver as the data
buffer it’s supposed to use, you should use the MdlAddress field. If you
are not passing that buffer to the next lower driver, but you need to access
it in a completion routine, you’ll need to put a pointer to the MDL in your
callback’s context struct. If you don’t send the IRP down at all, you can
use DriverContext or MdlAddress, or anything else, since you own the IRP
until you send it down or complete it.

Just keep in mind you shouldn’t touch the Irp after you call IoCallDriver to
send it along, except in a completion routine.

Phil
–
Philip D. Barila
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
E-mail address is pointed at a domain squatter. Use reply-to instead.

Maxim_S_Shatskih · March 26, 2003, 10:22am

> Does anyone know if it is safe to use the Irp->MdlAddress field of
an Irp

that came in with a METHOD_BUFFERED Ioctl for my own uses?

No. Even METHOD_xxx_DIRECT IOCTLs can have Irp->MdlAddress as NULL if
the data length is 0.

would like to store in the Irp in case I have to pend it. I know I
could use
Irp->Tail.Overlay.DriverContext

The correct way.

or so, but I find it tempting to use
Irp->MdlAddress.

Do not touch this field - it is handles specially in
IoCompleteRequest. You can touch it and restore the initial value
before IoCompleteRequest though, provided you will not send the IRP
down.

Max

OSR_Community_User · March 26, 2003, 10:49am

“Phil Barila” wrote in message
news:xxxxx@ntdev…
>
> “Robin MItra” wrote in message news:xxxxx@ntdev…
> >
> > Hi,
> >
> > Does anyone know if it is safe to use the Irp->MdlAddress field of an
Irp
> > that came in with a METHOD_BUFFERED Ioctl for my own uses?
> > I.e. I’ve defined a IOCTL that needs to fill more than one user buffer.
So
> > the user passes me pointers to user mode buffers in the inBuffer of a
> > METHOD_BUFFERED Ioctl (i could use METHOD_NEITHER as well). Anyway, my
> > driver will do all things necessary with the buffer pointer (I am the
> > top-most driver, IoAllocateMdl, MmBuildAndLockPages…). One of these
Mdls
> I
> > would like to store in the Irp in case I have to pend it. I know I could
> use
> > Irp->Tail.Overlay.DriverContext or so, but I find it tempting to use
> > Irp->MdlAddress. The question is, what happens when I complete the Irp?
> Will
> > the Io-manager stumble over the Mdl or ignore it?
>
> If you are passing the user mode buffer to the next lower driver as the
data
> buffer it’s supposed to use, you should use the MdlAddress field. If you
> are not passing that buffer to the next lower driver, but you need to
access
> it in a completion routine, you’ll need to put a pointer to the MDL in
your
> callback’s context struct. If you don’t send the IRP down at all, you can
> use DriverContext or MdlAddress, or anything else, since you own the IRP
> until you send it down or complete it.
>
> Just keep in mind you shouldn’t touch the Irp after you call IoCallDriver
to
> send it along, except in a completion routine.

I should mention that if you do use MdlAddress, when you free the MDL, you
need to reset MdlAddress to whatever it was before you started messing with
it, which is usually NULL in the cases you stated.

Phil
–
Philip D. Barila
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.

Robin_Mitra · March 26, 2003, 4:26pm

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
>
> > Irp->MdlAddress.
>
> Do not touch this field - it is handles specially in
> IoCompleteRequest. You can touch it and restore the initial value
> before IoCompleteRequest though, provided you will not send the IRP
> down.
>
> Max
>

Yes , I was suspecting somthing like that. Actually I was using
Irp->MdlAddress the way Doron Holan mentioned (setting it to NULL before
completeing the Irp). ?This was and still is working, but as I was going
through the code I decided to be paranoid about a few things including this
one, so I thought I’d ask the Gurus here.

Thanks a lot.

Robin