IRP_MJ_WRITE and NPP UserBuffer - is this kosher?

Neil_Weicher · December 23, 2009, 4:05pm

In my legacy encryption FSFD I have been using this process for some time
successfully, but now am wondering if it is strictly kosher:

In the IRP_MJ_WRITE dispatch routine, I do the following:

check Irp->MdlAddress, if non-zero get system address yada yada
if zero, use Irp->UserBuffer
Allocate shadow buffer from NPP, allocate and MDL for it (maybe not
needed?)
Encrypt into the NPP shadow buffer
Set Irp->MdlAddress to shadow MDL
Set Irp->UserBuffer to shadow buffer
Continue operation

In completion routine:
8) Restore original Irp->MdlAddress and Irp->UserBuffer
9) Release shadow MDL and shadow buffer

I know this is very “old school” but is there anything really wrong about
it? Is it ok to put a Kernel address into Irp->UserBuffer?

Thanks. I’m sure a lot of us can learn from this.

OSR_Community_User · December 23, 2009, 7:45pm

Neil Weicher wrote:

In my legacy encryption FSFD I have been using this process for some time
successfully, but now am wondering if it is strictly kosher:

In the IRP_MJ_WRITE dispatch routine, I do the following:

check Irp->MdlAddress, if non-zero get system address yada yada

if zero, use Irp->UserBuffer

Allocate shadow buffer from NPP, allocate and MDL for it (maybe not
needed?)

Encrypt into the NPP shadow buffer

Set Irp->MdlAddress to shadow MDL

Set Irp->UserBuffer to shadow buffer

Continue operation

In completion routine:
8) Restore original Irp->MdlAddress and Irp->UserBuffer
9) Release shadow MDL and shadow buffer

I know this is very “old school” but is there anything really wrong about
it? Is it ok to put a Kernel address into Irp->UserBuffer?

Thanks. I’m sure a lot of us can learn from this.

Yeah, old school but hey, its hard to get away from it sometimes. I’ve
been doing nearly the same thing in several data modification legacy
filters that have been ‘out there’ for quite some time. I haven’t run
into any issues and when I investigated this some time ago I recall that
the UserBuffer pointer is used by the storage class driver to calculate
offsets into the system address obtained from the MdlAddress when it
breaks up a request into multiple Irps. Thus having a system address vs.
a user mode address I think would be the same for its use. As well, I
think that you can see this in the storage class driver samples in the DDK.

In the end, I don’t think there is any wrong with this but it would be
great to hear if other people have encountered problems.

Pete

–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295

Rajesh_Gupta · December 23, 2009, 7:53pm

I am using the technique with MiniFilter driver Swap buffer technique…

pData = (pCbd->Iopb->Parameters.Write.MdlAddress) ? VmfGetSystemAddressForMdl(pCbd->Iopb->Parameters.Write.MdlAddress) :
pCbd->Iopb->Parameters.Write.WriteBuffer;

…
Allocate Buffer, MDL … encrypt…
…

pCbd->Iopb->Parameters.Write.WriteBuffer = usrBuf;
pCbd->Iopb->Parameters.Write.MdlAddress = newMdl;
FltSetCallbackDataDirty(pCbd);

Works fine…

OSR_Community_User · December 23, 2009, 11:00pm

> it? Is it ok to put a Kernel address into Irp->UserBuffer?

For me it was always OK, provided ->MdlAddress matches ->UserBuffer and ->RequestorMode is KernelMode.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Neil_Weicher · December 28, 2009, 11:11am

Thanks, Max.

Does that mean that I should add this code?

saveRM = Irp->RequestorMode;
Irp->RequestorMode = KernelMode;
… continue operation…
Irp->RequestorMode = saveRM;

Thanks.

Neil

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
> it? Is it ok to put a Kernel address into Irp->UserBuffer?

For me it was always OK, provided ->MdlAddress matches ->UserBuffer
and ->RequestorMode is KernelMode.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

OSR_Community_User · December 28, 2009, 11:32am

> saveRM = Irp->RequestorMode;

Irp->RequestorMode = KernelMode;
… continue operation…
Irp->RequestorMode = saveRM;

Yes.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Rajesh_Gupta · December 28, 2009, 12:10pm

How about MiniFilter Driver? When we change the buffers and set the Callback dirty, do we need to change the requester mode as well? Is it taken care by “FltSetCallbackDataDirty” function?

pCbd->Iopb->Parameters.Write.WriteBuffer = usrBuf;
pCbd->Iopb->Parameters.Write.MdlAddress = newMdl;
FltSetCallbackDataDirty(pCbd);

Ayush_Gupta-2 · December 28, 2009, 2:24pm

IIRC, this is not required in minifilter. IMO, filter manager does the right
thing for you when it sees that the callback data has been marked dirty.

Regards,
Ayush Gupta
AI Consulting

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-394183-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Monday, December 28, 2009 10:41 PM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] IRP_MJ_WRITE and NPP UserBuffer - is this kosher?

How about MiniFilter Driver? When we change the buffers and set the
Callback dirty, do we need to change the requester mode as well? Is it
taken care by “FltSetCallbackDataDirty” function?

pCbd->Iopb->Parameters.Write.WriteBuffer = usrBuf;
pCbd->Iopb->Parameters.Write.MdlAddress = newMdl;
FltSetCallbackDataDirty(pCbd);

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer