Mapping of physical memory to 32bit application on x64 environment

Hi,

i am developing a driver for a PCIe interface.

This card uses direct access to physical memory (1MB) which is allocate with the function
pAdapter->DmaOperations->AllocateCommonBuffer.

The physical memory is mapped into a 32-bit process with MmMapLockedPagesSpecifyCache.
After the process starts several time (1 -5), I got a bluescreen with KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.

Now I guess that something goes bad with the release of the mapped memory (MmUnmapLockedPages) in the 32-bit application.

The same code works well with a 32bit application in 32bit environment and with 64-bit application in a x64 environment.

Could you please give me some hint how I could solve this issue.

How can I check the calling context of the code ?
How can I check the page table with Windbg ?

Thank you for your help.

Walter Steinhauser?
Entwicklung/Development

IXXAT Automation GmbH
Leibnizstrasse 15, 88250 Weingarten, Germany
Phone +49-751-56146-0
Fax?? +49-751-56146-29
mailto:xxxxx@ixxat.de
http://www.ixxat.de

PRIVILEGED AND CONFIDENTIAL.
Any unauthorized use or disclosure
is strictly prohibited.

Sitz der Gesellschaft: Weingarten
Handelsregister Ulm HRB 551905
Gesch?ftsf?hrer:
Dipl.-Ing. Christian Schlegel,
Dipl.-Ing. Werner Sauter

?

Just FYI mapping memory into user space isn’t always the best way to do
something. If you’re still early in your design/implementation process you
might want to start another thread describing what you’re trying to do and
seeing if there are any other options before you get too far down this path.
That doesn’t help your immediate issue though…

The physical memory is mapped into a 32-bit process with
MmMapLockedPagesSpecifyCache.

How did you build the MDL before you mapped it? Also, have you run your
driver under the checked build? The memory manager in the checked build is
loaded with asserts in the MDL paths which can find all sorts of good
problems.

After the process starts several time (1 -5), I got a bluescreen with
KERNEL_DATA_INPAGE_ERROR

What’s the full !analyze -v output?

Now I guess that something goes bad with the release of the mapped memory
(MmUnmapLockedPages) in the 32-bit >application.

Assuming that you’re locking the MDL once and matching that with a single
unlock then you should be OK.

How can I check the calling context of the code ?

I’m not sure what you mean by this one.

How can I check the page table with Windbg ?

!pte

will show you a single entry.

-scott

--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntdev...
> Hi,
>
> i am developing a driver for a PCIe interface.
>
> This card uses direct access to physical memory (1MB) which is allocate
> with the function
> pAdapter->DmaOperations->AllocateCommonBuffer.
>
> The physical memory is mapped into a 32-bit process with
> MmMapLockedPagesSpecifyCache.
> After the process starts several time (1 -5), I got a bluescreen with
> KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.
>
> Now I guess that something goes bad with the release of the mapped memory
> (MmUnmapLockedPages) in the 32-bit application.
>
> The same code works well with a 32bit application in 32bit environment and
> with 64-bit application in a x64 environment.
>
> Could you please give me some hint how I could solve this issue.
>
> How can I check the calling context of the code ?
> How can I check the page table with Windbg ?
>
>
> Thank you for your help.
>
> Walter Steinhauser
> Entwicklung/Development
> --------------------------------------------
> IXXAT Automation GmbH
> Leibnizstrasse 15, 88250 Weingarten, Germany
> Phone +49-751-56146-0
> Fax +49-751-56146-29
> mailto:xxxxx@ixxat.de
> http://www.ixxat.de
> --------------------------------------------
> PRIVILEGED AND CONFIDENTIAL.
> Any unauthorized use or disclosure
> is strictly prohibited.
> --------------------------------------------
> Sitz der Gesellschaft: Weingarten
> Handelsregister Ulm HRB 551905
> Geschäftsführer:
> Dipl.-Ing. Christian Schlegel,
> Dipl.-Ing. Werner Sauter
> --------------------------------------------
>
>
>
>

What does "!analyze -v" say? Have you stepped into and around
MmMapLockedPagesSpecifyCache to be sure you don't have such silly things as
d'refing a NULL pointer? Your MDL for your memory has the page frame numbers
appended after the header, at least it did when I was dealing with MDLs and
DMA.

And did I understand that the issues is with the 32 bit app on the 64 bit
OS?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@ixxat.de
Sent: Thursday, July 15, 2010 4:17 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Mapping of physical memory to 32bit application on x64
environment

Hi,

i am developing a driver for a PCIe interface.

This card uses direct access to physical memory (1MB) which is allocate with
the function
pAdapter->DmaOperations->AllocateCommonBuffer.

The physical memory is mapped into a 32-bit process with
MmMapLockedPagesSpecifyCache.
After the process starts several time (1 -5), I got a bluescreen with
KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.

Now I guess that something goes bad with the release of the mapped memory
(MmUnmapLockedPages) in the 32-bit application.

The same code works well with a 32bit application in 32bit environment and
with 64-bit application in a x64 environment.

Could you please give me some hint how I could solve this issue.

How can I check the calling context of the code ?
How can I check the page table with Windbg ?

Thank you for your help.

Walter Steinhauser
Entwicklung/Development

IXXAT Automation GmbH
Leibnizstrasse 15, 88250 Weingarten, Germany Phone +49-751-56146-0 Fax??
+49-751-56146-29 mailto:xxxxx@ixxat.de http://www.ixxat.de

PRIVILEGED AND CONFIDENTIAL.
Any unauthorized use or disclosure
is strictly prohibited.

Sitz der Gesellschaft: Weingarten
Handelsregister Ulm HRB 551905
Gesch?ftsf?hrer:
Dipl.-Ing. Christian Schlegel,
Dipl.-Ing. Werner Sauter

?

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:

To unsubscribe, visit the List Server section of OSR Online at

Hi,

Thank you for your reply.

I know that mapping is not the best way to do something but at the moment it seems to be the easiest.

Yes, my problem occurs actually with a 32-bit application on a windows 7 64bit. If I use a 64-bit application or I execute 32-bit application on a 32-bit OS everything is OK. ( Actual state of my tests. )

Enclosed you find the output of "!analyze -v" and the source code which I used to map the memory (original from the WinDDK (V 6000 )).

My next try is to install the Driver under a checked build Windows 7.

Kind regards,
Walter Steinhauser

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: 0000000000000001, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffd0000006, error status (normally i/o status code)
Arg3: fffffa80010d3860, current process (virtual address for lock type 3, or PTE)
Arg4: fffff6800000e000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)

Debugging Details:

ERROR_CODE: (NTSTATUS) 0xd0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".

BUGCHECK_STR: 0x7a_d0000006

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: FR-IB100_test.

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800029bd682 to fffff800028be660

STACK_TEXT:
fffff880055298a8 fffff800029bd682 : 0000000000000001 fffffa80010e3900 0000000000000065 fffff80002904b14 : nt!DbgBreakPointWithStatus
fffff880055298b0 fffff800029be46e : fffffa8000000003 0000000000000000 fffff800029016e0 000000000000007a : nt!KiBugCheckDebugBreak+0x12
fffff88005529910 fffff800028c6704 : 0000000000000000 fffff6fb7da00000 fffffa80010d3860 fffff6800000e000 : nt!KeBugCheck2+0x71e
fffff88005529fe0 fffff8000286cd08 : 000000000000007a 0000000000000001 ffffffffd0000006 fffffa80010d3860 : nt!KeBugCheckEx+0x104
fffff8800552a020 fffff800028f67ac : fffff6800000e000 fffff6fb7da00000 fffffa80010d3860 fffffa8000f14d00 : nt! ?? ::FNODOBFM::string'+0x2ee43 fffff8800552a080 fffff8000298fec4 : 0000000000000001 0000000000000000 8000000000000867 fffff80002bdc627 : nt!MiMakePdeExistAndMakeValid+0x98 fffff8800552a0b0 fffff80002c8902e : 0000000001d70000 fffffa800110e800 0000000000000000 ffffffffffffffff : nt!MiMapLockedPagesInUserSpaceHelper+0x134 fffff8800552a140 fffff8000293a0d0 : fffffa800110e7d0 fffff80000000001 fffffa8000000001 0000000001d70000 : nt!MiMapLockedPagesInUserSpace+0x56e fffff8800552a1d0 fffff88003412163 : 0000000000000000 0000000000000001 fffffa8001258d20 fffff8800552aca0 : nt! ?? ::FNODOBFM::string'+0x33b48
fffff8800552a290 fffff880034124ff : fffffa8001400000 fffff88000100000 fffffa8000000008 0000000000000000 : XATib100!ShareDmaMem+0x73 [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
fffff8800552a2e0 fffff880034026dc : fffffa80021e4f68 fffff8800116f739 fffffa800118e388 fffff8800552a390 : XATib100!CPhysicalMem::MapUser+0x1f [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 291]
fffff8800552a310 fffff880034071b6 : fffffa80021e4ec0 fffff88000000002 fffff8800552a7a8 fffff8800552a7a0 : XATib100!KHwSupport::MapUser+0x16c [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\hwsupp.cpp @ 1093]
fffff8800552a350 fffff88003407fe3 : fffffa800113d188 0000000000000001 0000000000000000 0000000000000001 : XATib100!KClnkRes::OnClnkRequest+0x176 [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\cclres.cpp @ 134]
fffff8800552a800 fffff880011710c6 : fffffa800113d1e4 0000000000000000 fffffa8001258d20 0000000000000000 : XATib100!KCclClnkServer::KClnkEvent::OnRequest+0x43 [v:\src\libraries\vcisys.lib\src\ccl classes\kcclclnkserver.cpp @ 166]
fffff8800552a840 fffff8800116fefb : fffffa800118e388 fffff8800552aca0 fffffa80010d3c68 0000000000000000 : vcisrv!Ordinal997+0x80c6
fffff8800552a880 fffff8800119f702 : fffffa8000fa92c8 0000000000000000 0000000000000000 0000000000000000 : vcisrv!Ordinal997+0x6efb
fffff8800552a8b0 fffff8800119f30a : fffffa80012a3018 fffffa800104fee0 fffff8a00245f8b8 fffff800028b88bd : vcisrv!DllUnload+0x5ab2
fffff8800552a8f0 fffff88001184f56 : fffffa80012a3018 fffffa800104fee0 0000000000003400 fffffa800100af20 : vcisrv!DllUnload+0x56ba
fffff8800552a940 fffff88001181c1c : fffffa80012a3018 fffffa800104fee0 fffffa8001104be0 fffff8000293575c : vcisrv!Ordinal997+0x1bf56
fffff8800552a980 fffff88001183377 : fffff880011896a0 fffffa800104fee0 fffffa8001691330 0000000000000001 : vcisrv!Ordinal997+0x18c1c
fffff8800552a9d0 fffff80002be26b7 : fffffa8001691330 fffffa800104fee0 fffffa800104fff8 fffffa800104fee0 : vcisrv!Ordinal997+0x1a377
fffff8800552aa10 fffff80002be2f16 : 000000000008e348 0000000000000000 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
fffff8800552ab40 fffff800028c5853 : 00000000000002bc 000000000008e2e8 fffffa8001f2b710 0000007fffffffff : nt!NtDeviceIoControlFile+0x56
fffff8800552abb0 00000000742e2dd9 : 00000000742e2932 0000000077920190 0000000074350023 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
000000000008ebf8 00000000742e2932 : 0000000077920190 0000000074350023 0000000000000000 000000000018fff0 : wow64cpu!CpupSyscallStub+0x9
000000000008ec00 000000007435d07e : 0000000000000000 00000000742e1920 000000000008ee90 0000000077763831 : wow64cpu!DeviceIoctlFileFault+0x31
000000000008ecc0 000000007435c549 : 0000000000000000 0000000000000000 0000000074354ac8 000000007ffe0030 : wow64!RunCpuSimulation+0xa
000000000008ed10 00000000777782c8 : 0000000000302cc0 0000000000000000 0000000077863670 00000000778354a0 : wow64!Wow64LdrpInitialize+0x429
000000000008f260 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll+0x482c8

STACK_COMMAND: kb

FOLLOWUP_IP:
XATib100!ShareDmaMem+73 [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
fffff880`03412163 4889442430 mov qword ptr [rsp+30h],rax

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: XATib100!ShareDmaMem+73

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: XATib100

IMAGE_NAME: XATib100.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4c3eb30e

FAILURE_BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73

BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73

Followup: MachineOwner

///////////////////////////////////////////////////////////////////////////////
/**
Maps memory into the user space.

@param pVirtualAddress
Address of the beginning of the buffer to be mapped.
@param ulSize
Size of the buffer to be mapped.

@return
Pointer to mapped buffer.

@note

*/
PVOID ShareDmaMem( PVOID pVirtualAddress, ULONG ulSize )
{
PMDL pMDL; // Pointer to the memory descriptor list.
PVOID pMappedVirtualAddress = NULL ; // Pointer to the user memory.

pMDL = IoAllocateMdl(pVirtualAddress, ulSize, FALSE, FALSE, NULL);

if (pMDL)
{
MmBuildMdlForNonPagedPool(pMDL);

__try
{
pMappedVirtualAddress = MmMapLockedPagesSpecifyCache( pMDL,
UserMode,
MmCached,
NULL,
FALSE,
HighPagePriority);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
pMappedVirtualAddress = NULL;
}

//
// Release memory allocated for MDL.
//
IoFreeMdl(pMDL);
}

return pMappedVirtualAddress;
}

///////////////////////////////////////////////////////////////////////////////
/**
Unmaps memory from user space.

@param pVirtualAddress
Address of the beginning of the buffer
@param ulSize
Size of the buffer
*/
VOID UnshareDmaMem( PVOID pMappedAddress, ULONG ulSize )
{
PMDL pMDL; // Pointer to the memory descriptor list.

if( MmIsAddressValid(pMappedAddress))
{
pMDL = IoAllocateMdl(pMappedAddress, ulSize, FALSE, FALSE, NULL);

if ( pMDL )
{
MmBuildMdlForNonPagedPool(pMDL);
MmUnmapLockedPages(pMappedAddress, pMDL);

//
// Release memory allocated for MDL.
//
IoFreeMdl(pMDL);
}
}
} // UnshareDmaMem()

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@ixxat.de
Sent: Thursday, July 15, 2010 4:17 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Mapping of physical memory to 32bit application on x64
environment

Hi,

i am developing a driver for a PCIe interface.

This card uses direct access to physical memory (1MB) which is allocate
with
the function
pAdapter->DmaOperations->AllocateCommonBuffer.

The physical memory is mapped into a 32-bit process with
MmMapLockedPagesSpecifyCache.
After the process starts several time (1 -5), I got a bluescreen with
KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.

Now I guess that something goes bad with the release of the mapped
memory
(MmUnmapLockedPages) in the 32-bit application.

The same code works well with a 32bit application in 32bit environment
and
with 64-bit application in a x64 environment.

Could you please give me some hint how I could solve this issue.

How can I check the calling context of the code ?
How can I check the page table with Windbg ?

Thank you for your help.

Walter Steinhauser
Entwicklung/Development

IXXAT Automation GmbH
Leibnizstrasse 15, 88250 Weingarten, Germany Phone +49-751-56146-0
Fax
+49-751-56146-29 mailto:xxxxx@ixxat.de http://www.ixxat.de

PRIVILEGED AND CONFIDENTIAL.
Any unauthorized use or disclosure
is strictly prohibited.

Sitz der Gesellschaft: Weingarten
Handelsregister Ulm HRB 551905
Gesch?ftsf?hrer:
Dipl.-Ing. Christian Schlegel,
Dipl.-Ing. Werner Sauter

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR

To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR

To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum

I’d expect you to hit something in the checked build, you’re playing a bit
fast and loose with the MDL package here. Freeing the MDL after you’ve
mapped and then allocating a new one to unmap isn’t really how these APIs
are intended to be used. You should keep that MDL around and then unmap
using that MDL, not a new one that you just created.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntdev…
> Hi,
>
> Thank you for your reply.
>
> I know that mapping is not the best way to do something but at the moment
> it seems to be the easiest.
>
> Yes, my problem occurs actually with a 32-bit application on a windows 7
> 64bit. If I use a 64-bit application or I execute 32-bit application on a
> 32-bit OS everything is OK. ( Actual state of my tests. )
>
> Enclosed you find the output of “!analyze -v” and the source code which I
> used to map the memory (original from the WinDDK (V 6000 )).
>
> My next try is to install the Driver under a checked build Windows 7.
>
> Kind regards,
> Walter Steinhauser
>
>
> ***
> *
>
> * Bugcheck Analysis
>
> *
>
>
>
> KERNEL_DATA_INPAGE_ERROR (7a)
> The requested page of kernel data could not be read in. Typically caused
> by
> a bad block in the paging file or disk controller error. Also see
> KERNEL_STACK_INPAGE_ERROR.
> If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
> it means the disk subsystem has experienced a failure.
> If the error status is 0xC000009A, then it means the request failed
> because
> a filesystem failed to make forward progress.
> Arguments:
> Arg1: 0000000000000001, lock type that was held (value 1,2,3, or PTE
> address)
> Arg2: ffffffffd0000006, error status (normally i/o status code)
> Arg3: fffffa80010d3860, current process (virtual address for lock type 3,
> or PTE)
> Arg4: fffff6800000e000, virtual address that could not be in-paged (or PTE
> contents if arg1 is a PTE address)
>
> Debugging Details:
> ------------------
>
>
> ERROR_CODE: (NTSTATUS) 0xd0000006 - The instruction at “0x%08lx”
> referenced memory at “0x%08lx”. The required data was not placed into
> memory because of an I/O error status of “0x%08lx”.
>
> BUGCHECK_STR: 0x7a_d0000006
>
> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>
> PROCESS_NAME: FR-IB100_test.
>
> CURRENT_IRQL: 2
>
> LAST_CONTROL_TRANSFER: from fffff800029bd682 to fffff800028be660
>
> STACK_TEXT:
> fffff880055298a8 fffff800029bd682 : 0000000000000001 fffffa80010e3900
> 0000000000000065 fffff80002904b14 : nt!DbgBreakPointWithStatus
> fffff880055298b0 fffff800029be46e : fffffa8000000003 0000000000000000
> fffff800029016e0 000000000000007a : nt!KiBugCheckDebugBreak+0x12
> fffff88005529910 fffff800028c6704 : 0000000000000000 fffff6fb7da00000
> fffffa80010d3860 fffff6800000e000 : nt!KeBugCheck2+0x71e
> fffff88005529fe0 fffff8000286cd08 : 000000000000007a 0000000000000001
> ffffffffd0000006 fffffa80010d3860 : nt!KeBugCheckEx+0x104
> fffff8800552a020 fffff800028f67ac : fffff6800000e000 fffff6fb7da00000
> fffffa80010d3860 fffffa8000f14d00 : nt! ?? ::FNODOBFM::string'+0x2ee43<br>&gt; fffff8800552a080 fffff8000298fec4 : 0000000000000001 0000000000000000 <br>&gt; 8000000000000867 fffff80002bdc627 : nt!MiMakePdeExistAndMakeValid+0x98<br>&gt; fffff8800552a0b0 fffff80002c8902e : 0000000001d70000 fffffa800110e800 <br>&gt; 0000000000000000 ffffffffffffffff : <br>&gt; nt!MiMapLockedPagesInUserSpaceHelper+0x134<br>&gt; fffff8800552a140 fffff8000293a0d0 : fffffa800110e7d0 fffff80000000001 <br>&gt; fffffa8000000001 0000000001d70000 : nt!MiMapLockedPagesInUserSpace+0x56e<br>&gt; fffff8800552a1d0 fffff88003412163 : 0000000000000000 0000000000000001 <br>&gt; fffffa8001258d20 fffff8800552aca0 : nt! ?? ::FNODOBFM::string’+0x33b48
> fffff8800552a290 fffff880034124ff : fffffa8001400000 fffff88000100000
> fffffa8000000008 0000000000000000 : XATib100!ShareDmaMem+0x73
> [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
> fffff8800552a2e0 fffff880034026dc : fffffa80021e4f68 fffff8800116f739
> fffffa800118e388 fffff8800552a390 : XATib100!CPhysicalMem::MapUser+0x1f
> [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 291]
> fffff8800552a310 fffff880034071b6 : fffffa80021e4ec0 fffff88000000002
> fffff8800552a7a8 fffff8800552a7a0 : XATib100!KHwSupport::MapUser+0x16c
> [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\hwsupp.cpp @ 1093]
> fffff8800552a350 fffff88003407fe3 : fffffa800113d188 0000000000000001
> 0000000000000000 0000000000000001 :
> XATib100!KClnkRes::OnClnkRequest+0x176
> [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\cclres.cpp @ 134]
> fffff8800552a800 fffff880011710c6 : fffffa800113d1e4 0000000000000000
> fffffa8001258d20 0000000000000000 :
> XATib100!KCclClnkServer::KClnkEvent::OnRequest+0x43
> [v:\src\libraries\vcisys.lib\src\ccl classes\kcclclnkserver.cpp @ 166]
> fffff8800552a840 fffff8800116fefb : fffffa800118e388 fffff8800552aca0
> fffffa80010d3c68 0000000000000000 : vcisrv!Ordinal997+0x80c6
> fffff8800552a880 fffff8800119f702 : fffffa8000fa92c8 0000000000000000
> 0000000000000000 0000000000000000 : vcisrv!Ordinal997+0x6efb
> fffff8800552a8b0 fffff8800119f30a : fffffa80012a3018 fffffa800104fee0
> fffff8a00245f8b8 fffff800028b88bd : vcisrv!DllUnload+0x5ab2
> fffff8800552a8f0 fffff88001184f56 : fffffa80012a3018 fffffa800104fee0
> 0000000000003400 fffffa800100af20 : vcisrv!DllUnload+0x56ba
> fffff8800552a940 fffff88001181c1c : fffffa80012a3018 fffffa800104fee0
> fffffa8001104be0 fffff8000293575c : vcisrv!Ordinal997+0x1bf56
> fffff8800552a980 fffff88001183377 : fffff880011896a0 fffffa800104fee0
> fffffa8001691330 0000000000000001 : vcisrv!Ordinal997+0x18c1c
> fffff8800552a9d0 fffff80002be26b7 : fffffa8001691330 fffffa800104fee0
> fffffa800104fff8 fffffa800104fee0 : vcisrv!Ordinal997+0x1a377
> fffff8800552aa10 fffff80002be2f16 : 000000000008e348 0000000000000000
> 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
> fffff8800552ab40 fffff800028c5853 : 00000000000002bc 000000000008e2e8
> fffffa8001f2b710 0000007fffffffff : nt!NtDeviceIoControlFile+0x56
> fffff8800552abb0 00000000742e2dd9 : 00000000742e2932 0000000077920190
> 0000000074350023 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
> 000000000008ebf8 00000000742e2932 : 0000000077920190 0000000074350023
> 0000000000000000 000000000018fff0 : wow64cpu!CpupSyscallStub+0x9
> 000000000008ec00 000000007435d07e : 0000000000000000 00000000742e1920
> 000000000008ee90 0000000077763831 : wow64cpu!DeviceIoctlFileFault+0x31
> 000000000008ecc0 000000007435c549 : 0000000000000000 0000000000000000
> 0000000074354ac8 000000007ffe0030 : wow64!RunCpuSimulation+0xa
> 000000000008ed10 00000000777782c8 : 0000000000302cc0 0000000000000000
> 0000000077863670 00000000778354a0 : wow64!Wow64LdrpInitialize+0x429
> 000000000008f260 0000000000000000 : 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 : ntdll+0x482c8
>
>
> STACK_COMMAND: kb
>
> FOLLOWUP_IP:
> XATib100!ShareDmaMem+73
> [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
> fffff880`03412163 4889442430 mov qword ptr [rsp+30h],rax
>
> SYMBOL_STACK_INDEX: 9
>
> SYMBOL_NAME: XATib100!ShareDmaMem+73
>
> FOLLOWUP_NAME: MachineOwner
>
> MODULE_NAME: XATib100
>
> IMAGE_NAME: XATib100.sys
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4c3eb30e
>
> FAILURE_BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73
>
> BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73
>
> Followup: MachineOwner
>
>
> ///////////////////////////////////////////////////////////////////////////////
> /
> Maps memory into the user space.
>
> @param pVirtualAddress
> Address of the beginning of the buffer to be mapped.
> @param ulSize
> Size of the buffer to be mapped.
>
> @return
> Pointer to mapped buffer.
>
> @note
>
> */
> PVOID ShareDmaMem( PVOID pVirtualAddress, ULONG ulSize )
> {
> PMDL pMDL; // Pointer to the memory descriptor list.
> PVOID pMappedVirtualAddress = NULL ; // Pointer to the user memory.
>
> pMDL = IoAllocateMdl(pVirtualAddress, ulSize, FALSE, FALSE, NULL);
>
> if (pMDL)
> {
> MmBuildMdlForNonPagedPool(pMDL);
>
>__try
> {
> pMappedVirtualAddress = MmMapLockedPagesSpecifyCache( pMDL,
> UserMode,
> MmCached,
> NULL,
> FALSE,
>
> HighPagePriority);
> }
> __except (EXCEPTION_EXECUTE_HANDLER)
> {
> pMappedVirtualAddress = NULL;
> }
>
> //
> // Release memory allocated for MDL.
> //
> IoFreeMdl(pMDL);
> }
>
> return pMappedVirtualAddress;
> }
>
> ///////////////////////////////////////////////////////////////////////////////
> /
> Unmaps memory from user space.
>
> @param pVirtualAddress
> Address of the beginning of the buffer
> @param ulSize
> Size of the buffer
> */
> VOID UnshareDmaMem( PVOID pMappedAddress, ULONG ulSize )
> {
> PMDL pMDL; // Pointer to the memory descriptor list.
>
> if( MmIsAddressValid(pMappedAddress))
> {
> pMDL = IoAllocateMdl(pMappedAddress, ulSize, FALSE, FALSE, NULL);
>
> if ( pMDL )
> {
> MmBuildMdlForNonPagedPool(pMDL);
> MmUnmapLockedPages(pMappedAddress, pMDL);
>
> //
> // Release memory allocated for MDL.
> //
> IoFreeMdl(pMDL);
> }
> }
> } // UnshareDmaMem()
>
>
>>
>> Gary G. Little
>> H (952) 223-1349
>> C (952) 454-4629
>> xxxxx@comcast.net
>>
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of
>> xxxxx@ixxat.de
>> Sent: Thursday, July 15, 2010 4:17 AM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] Mapping of physical memory to 32bit application on x64
>> environment
>>
>> Hi,
>>
>> i am developing a driver for a PCIe interface.
>>
>> This card uses direct access to physical memory (1MB) which is allocate
>> with
>> the function
>> pAdapter->DmaOperations->AllocateCommonBuffer.
>>
>> The physical memory is mapped into a 32-bit process with
>> MmMapLockedPagesSpecifyCache.
>> After the process starts several time (1 -5), I got a bluescreen with
>> KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.
>>
>> Now I guess that something goes bad with the release of the mapped
>> memory
>> (MmUnmapLockedPages) in the 32-bit application.
>>
>> The same code works well with a 32bit application in 32bit environment
>> and
>> with 64-bit application in a x64 environment.
>>
>> Could you please give me some hint how I could solve this issue.
>>
>> How can I check the calling context of the code ?
>> How can I check the page table with Windbg ?
>>
>>
>> Thank you for your help.
>>
>> Walter Steinhauser
>> Entwicklung/Development
>> --------------------------------------------
>> IXXAT Automation GmbH
>> Leibnizstrasse 15, 88250 Weingarten, Germany Phone +49-751-56146-0
>> Fax
>> +49-751-56146-29 mailto:xxxxx@ixxat.de http://www.ixxat.de
>> --------------------------------------------
>> PRIVILEGED AND CONFIDENTIAL.
>> Any unauthorized use or disclosure
>> is strictly prohibited.
>> --------------------------------------------
>> Sitz der Gesellschaft: Weingarten
>> Handelsregister Ulm HRB 551905
>> Geschäftsführer:
>> Dipl.-Ing. Christian Schlegel,
>> Dipl.-Ing. Werner Sauter
>> --------------------------------------------
>>
>>
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>

Hi,

I have found the solution and it so easy that it’s blameful that I have not found it earlier und waste your time.

The problem was that the call to MmMapLockedPagesSpecifyCache was made on IRQL = DISPATCH_LEVEL.
The checked build of Windows 7 (64) was a wonderful hint !

So, thank you for your help and have a nice weekend.

Walter

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-418144-
xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Friday, July 16, 2010 4:13 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Mapping of physical memory to 32bit application on
x64 environment

I’d expect you to hit something in the checked build, you’re playing a
bit
fast and loose with the MDL package here. Freeing the MDL after you’ve
mapped and then allocating a new one to unmap isn’t really how these
APIs
are intended to be used. You should keep that MDL around and then unmap
using that MDL, not a new one that you just created.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntdev…
> > Hi,
> >
> > Thank you for your reply.
> >
> > I know that mapping is not the best way to do something but at the
> moment
> > it seems to be the easiest.
> >
> > Yes, my problem occurs actually with a 32-bit application on a
> windows 7
> > 64bit. If I use a 64-bit application or I execute 32-bit application
> on a
> > 32-bit OS everything is OK. ( Actual state of my tests. )
> >
> > Enclosed you find the output of “!analyze -v” and the source code
> which I
> > used to map the memory (original from the WinDDK (V 6000 )).
> >
> > My next try is to install the Driver under a checked build Windows 7.
> >
> > Kind regards,
> > Walter Steinhauser
> >
> >
> >
> ***************************************************************
>
> > *
> > *
> > * Bugcheck Analysis
> > *
> > *
> > *
> >
> ***********************************************************
>
> >
> > KERNEL_DATA_INPAGE_ERROR (7a)
> > The requested page of kernel data could not be read in. Typically
> caused
> > by
> > a bad block in the paging file or disk controller error. Also see
> > KERNEL_STACK_INPAGE_ERROR.
> > If the error status is 0xC000000E, 0xC000009C, 0xC000009D or
> 0xC0000185,
> > it means the disk subsystem has experienced a failure.
> > If the error status is 0xC000009A, then it means the request failed
> > because
> > a filesystem failed to make forward progress.
> > Arguments:
> > Arg1: 0000000000000001, lock type that was held (value 1,2,3, or PTE
> > address)
> > Arg2: ffffffffd0000006, error status (normally i/o status code)
> > Arg3: fffffa80010d3860, current process (virtual address for lock
> type 3,
> > or PTE)
> > Arg4: fffff6800000e000, virtual address that could not be in-paged
> (or PTE
> > contents if arg1 is a PTE address)
> >
> > Debugging Details:
> > ------------------
> >
> >
> > ERROR_CODE: (NTSTATUS) 0xd0000006 - The instruction at “0x%08lx”
> > referenced memory at “0x%08lx”. The required data was not placed into
> > memory because of an I/O error status of “0x%08lx”.
> >
> > BUGCHECK_STR: 0x7a_d0000006
> >
> > DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
> >
> > PROCESS_NAME: FR-IB100_test.
> >
> > CURRENT_IRQL: 2
> >
> > LAST_CONTROL_TRANSFER: from fffff800029bd682 to fffff800028be660
> >
> > STACK_TEXT:
> > fffff880055298a8 fffff800029bd682 : 0000000000000001<br>&gt; fffffa80010e3900
> > 0000000000000065 fffff80002904b14 : nt!DbgBreakPointWithStatus
> > fffff880055298b0 fffff800029be46e : fffffa8000000003<br>&gt; 0000000000000000
> > fffff800029016e0 000000000000007a : nt!KiBugCheckDebugBreak+0x12
> > fffff88005529910 fffff800028c6704 : 0000000000000000<br>&gt; fffff6fb7da00000
> > fffffa80010d3860 fffff6800000e000 : nt!KeBugCheck2+0x71e
> > fffff88005529fe0 fffff8000286cd08 : 000000000000007a<br>&gt; 0000000000000001
> > ffffffffd0000006 fffffa80010d3860 : nt!KeBugCheckEx+0x104
> > fffff8800552a020 fffff800028f67ac : fffff6800000e000<br>&gt; fffff6fb7da00000
> > fffffa80010d3860 fffffa8000f14d00 : nt! ??
> ::FNODOBFM::string'+0x2ee43<br>&gt; &gt; fffff8800552a080 fffff8000298fec4 : 0000000000000001
> 0000000000000000<br>&gt; &gt; 8000000000000867 fffff80002bdc627 :<br>&gt; nt!MiMakePdeExistAndMakeValid+0x98<br>&gt; &gt; fffff8800552a0b0 fffff80002c8902e : 0000000001d70000
> fffffa800110e800<br>&gt; &gt; 0000000000000000 ffffffffffffffff :<br>&gt; &gt; nt!MiMapLockedPagesInUserSpaceHelper+0x134<br>&gt; &gt; fffff8800552a140 fffff8000293a0d0 : fffffa800110e7d0
> fffff80000000001<br>&gt; &gt; fffffa8000000001 0000000001d70000 :<br>&gt; nt!MiMapLockedPagesInUserSpace+0x56e<br>&gt; &gt; fffff8800552a1d0 fffff88003412163 : 0000000000000000
> 0000000000000001<br>&gt; &gt; fffffa8001258d20 fffff8800552aca0 : nt! ??<br>&gt; ::FNODOBFM::string’+0x33b48
> > fffff8800552a290 fffff880034124ff : fffffa8001400000<br>&gt; fffff88000100000
> > fffffa8000000008 0000000000000000 : XATib100!ShareDmaMem+0x73
> > [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @
> 69]
> > fffff8800552a2e0 fffff880034026dc : fffffa80021e4f68<br>&gt; fffff8800116f739
> > fffffa800118e388 fffff8800552a390 :
> XATib100!CPhysicalMem::MapUser+0x1f
> > [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @
> 291]
> > fffff8800552a310 fffff880034071b6 : fffffa80021e4ec0<br>&gt; fffff88000000002
> > fffff8800552a7a8 fffff8800552a7a0 :
> XATib100!KHwSupport::MapUser+0x16c
> > [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\hwsupp.cpp @
> 1093]
> > fffff8800552a350 fffff88003407fe3 : fffffa800113d188<br>&gt; 0000000000000001
> > 0000000000000000 0000000000000001 :
> > XATib100!KClnkRes::OnClnkRequest+0x176
> > [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\cclres.cpp @
> 134]
> > fffff8800552a800 fffff880011710c6 : fffffa800113d1e4<br>&gt; 0000000000000000
> > fffffa8001258d20 0000000000000000 :
> > XATib100!KCclClnkServer::KClnkEvent::OnRequest+0x43
> > [v:\src\libraries\vcisys.lib\src\ccl classes\kcclclnkserver.cpp @
> 166]
> > fffff8800552a840 fffff8800116fefb : fffffa800118e388<br>&gt; fffff8800552aca0
> > fffffa80010d3c68 0000000000000000 : vcisrv!Ordinal997+0x80c6
> > fffff8800552a880 fffff8800119f702 : fffffa8000fa92c8<br>&gt; 0000000000000000
> > 0000000000000000 0000000000000000 : vcisrv!Ordinal997+0x6efb
> > fffff8800552a8b0 fffff8800119f30a : fffffa80012a3018<br>&gt; fffffa800104fee0
> > fffff8a00245f8b8 fffff800028b88bd : vcisrv!DllUnload+0x5ab2
> > fffff8800552a8f0 fffff88001184f56 : fffffa80012a3018<br>&gt; fffffa800104fee0
> > 0000000000003400 fffffa800100af20 : vcisrv!DllUnload+0x56ba
> > fffff8800552a940 fffff88001181c1c : fffffa80012a3018<br>&gt; fffffa800104fee0
> > fffffa8001104be0 fffff8000293575c : vcisrv!Ordinal997+0x1bf56
> > fffff8800552a980 fffff88001183377 : fffff880011896a0<br>&gt; fffffa800104fee0
> > fffffa8001691330 0000000000000001 : vcisrv!Ordinal997+0x18c1c
> > fffff8800552a9d0 fffff80002be26b7 : fffffa8001691330<br>&gt; fffffa800104fee0
> > fffffa800104fff8 fffffa800104fee0 : vcisrv!Ordinal997+0x1a377
> > fffff8800552aa10 fffff80002be2f16 : 000000000008e348<br>&gt; 0000000000000000
> > 0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
> > fffff8800552ab40 fffff800028c5853 : 00000000000002bc<br>&gt; 000000000008e2e8
> > fffffa8001f2b710 0000007fffffffff : nt!NtDeviceIoControlFile+0x56
> > fffff8800552abb0 00000000742e2dd9 : 00000000742e2932<br>&gt; 0000000077920190
> > 0000000074350023 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
> > 000000000008ebf8 00000000742e2932 : 0000000077920190<br>&gt; 0000000074350023
> > 0000000000000000 000000000018fff0 : wow64cpu!CpupSyscallStub+0x9
> > 000000000008ec00 000000007435d07e : 0000000000000000<br>&gt; 00000000742e1920
> > 000000000008ee90 0000000077763831 :
> wow64cpu!DeviceIoctlFileFault+0x31
> > 000000000008ecc0 000000007435c549 : 0000000000000000<br>&gt; 0000000000000000
> > 0000000074354ac8 000000007ffe0030 : wow64!RunCpuSimulation+0xa
> > 000000000008ed10 00000000777782c8 : 0000000000302cc0<br>&gt; 0000000000000000
> > 0000000077863670 00000000778354a0 : wow64!Wow64LdrpInitialize+0x429
> > 000000000008f260 0000000000000000 : 0000000000000000<br>&gt; 0000000000000000
> > 0000000000000000 0000000000000000 : ntdll+0x482c8
> >
> >
> > STACK_COMMAND: kb
> >
> > FOLLOWUP_IP:
> > XATib100!ShareDmaMem+73
> > [d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @
> 69]
> > fffff880`03412163 4889442430 mov qword ptr [rsp+30h],rax
> >
> > SYMBOL_STACK_INDEX: 9
> >
> > SYMBOL_NAME: XATib100!ShareDmaMem+73
> >
> > FOLLOWUP_NAME: MachineOwner
> >
> > MODULE_NAME: XATib100
> >
> > IMAGE_NAME: XATib100.sys
> >
> > DEBUG_FLR_IMAGE_TIMESTAMP: 4c3eb30e
> >
> > FAILURE_BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73
> >
> > BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73
> >
> > Followup: MachineOwner
> >
> >
> >
> ///////////////////////////////////////////////////////////////////////
> ////////
> > /
> > Maps memory into the user space.
> >
> > @param pVirtualAddress
> > Address of the beginning of the buffer to be mapped.
> > @param ulSize
> > Size of the buffer to be mapped.
> >
> > @return
> > Pointer to mapped buffer.
> >
> > @note
> >
> > */
> > PVOID ShareDmaMem( PVOID pVirtualAddress, ULONG ulSize )
> > {
> > PMDL pMDL; // Pointer to the memory descriptor
> list.
> > PVOID pMappedVirtualAddress = NULL ; // Pointer to the user memory.
> >
> > pMDL = IoAllocateMdl(pVirtualAddress, ulSize, FALSE, FALSE, NULL);
> >
> > if (pMDL)
> > {
> > MmBuildMdlForNonPagedPool(pMDL);
> >
> >__try
> > {
> > pMappedVirtualAddress = MmMapLockedPagesSpecifyCache( pMDL,
> > UserMode,
> > MmCached,
> > NULL,
> > FALSE,
> >
> > HighPagePriority);
> > }
> > __except (EXCEPTION_EXECUTE_HANDLER)
> > {
> > pMappedVirtualAddress = NULL;
> > }
> >
> > //
> > // Release memory allocated for MDL.
> > //
> > IoFreeMdl(pMDL);
> > }
> >
> > return pMappedVirtualAddress;
> > }
> >
> >
> ///////////////////////////////////////////////////////////////////////
> ////////
> > /
> > Unmaps memory from user space.
> >
> > @param pVirtualAddress
> > Address of the beginning of the buffer
> > @param ulSize
> > Size of the buffer
> > */
> > VOID UnshareDmaMem( PVOID pMappedAddress, ULONG ulSize )
> > {
> > PMDL pMDL; // Pointer to the memory descriptor list.
> >
> > if( MmIsAddressValid(pMappedAddress))
> > {
> > pMDL = IoAllocateMdl(pMappedAddress, ulSize, FALSE, FALSE, NULL);
> >
> > if ( pMDL )
> > {
> > MmBuildMdlForNonPagedPool(pMDL);
> > MmUnmapLockedPages(pMappedAddress, pMDL);
> >
> > //
> > // Release memory allocated for MDL.
> > //
> > IoFreeMdl(pMDL);
> > }
> > }
> > } // UnshareDmaMem()
> >
> >
> >>
> >> Gary G. Little
> >> H (952) 223-1349
> >> C (952) 454-4629
> >> xxxxx@comcast.net
> >>
> >>
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On Behalf Of
> >> xxxxx@ixxat.de
> >> Sent: Thursday, July 15, 2010 4:17 AM
> >> To: Windows System Software Devs Interest List
> >> Subject: [ntdev] Mapping of physical memory to 32bit application on
> x64
> >> environment
> >>
> >> Hi,
> >>
> >> i am developing a driver for a PCIe interface.
> >>
> >> This card uses direct access to physical memory (1MB) which is
> allocate
> >> with
> >> the function
> >> pAdapter->DmaOperations->AllocateCommonBuffer.
> >>
> >> The physical memory is mapped into a 32-bit process with
> >> MmMapLockedPagesSpecifyCache.
> >> After the process starts several time (1 -5), I got a bluescreen
> with
> >> KERNEL_DATA_INPAGE_ERROR at the call of
> MmMapLockedPagesSpecifyCache.
> >>
> >> Now I guess that something goes bad with the release of the mapped
> >> memory
> >> (MmUnmapLockedPages) in the 32-bit application.
> >>
> >> The same code works well with a 32bit application in 32bit
> environment
> >> and
> >> with 64-bit application in a x64 environment.
> >>
> >> Could you please give me some hint how I could solve this issue.
> >>
> >> How can I check the calling context of the code ?
> >> How can I check the page table with Windbg ?
> >>
> >>
> >> Thank you for your help.
> >>
> >> Walter Steinhauser
> >> Entwicklung/Development
> >> --------------------------------------------
> >> IXXAT Automation GmbH
> >> Leibnizstrasse 15, 88250 Weingarten, Germany Phone +49-751-56146-0
> >> Fax
> >> +49-751-56146-29 mailto:xxxxx@ixxat.de http://www.ixxat.de
> >> --------------------------------------------
> >> PRIVILEGED AND CONFIDENTIAL.
> >> Any unauthorized use or disclosure
> >> is strictly prohibited.
> >> --------------------------------------------
> >> Sitz der Gesellschaft: Weingarten
> >> Handelsregister Ulm HRB 551905
> >> Gesch?ftsf?hrer:
> >> Dipl.-Ing. Christian Schlegel,
> >> Dipl.-Ing. Werner Sauter
> >> --------------------------------------------
> >>
> >>
> >>
> >>
> >> —
> >> NTDEV is sponsored by OSR
> >>
> >> For our schedule of WDF, WDM, debugging and other seminars visit:
> >> http://www.osr.com/seminars
> >>
> >> To unsubscribe, visit the List Server section of OSR Online at
> >> http://www.osronline.com/page.cfm?name=ListServer
> >>
> >>
> >> —
> >> NTDEV is sponsored by OSR
> >>
> >> For our schedule of WDF, WDM, debugging and other seminars visit:
> >> http://www.osr.com/seminars
> >>
> >> To unsubscribe, visit the List Server section of OSR Online at
> >> http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Does your 32 bit application handle pointers correctly? Specifically, if you
pass a structure containing internal pointers to a 64 bit driver, that
driver is going to assume 64 bit pointers unless your driver "thunks" those
pointers, converting them to 64bit.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@ixxat.de
Sent: Friday, July 16, 2010 1:38 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Mapping of physical memory to 32bit application on x64
environment

Hi,

Thank you for your reply.

I know that mapping is not the best way to do something but at the moment it
seems to be the easiest.

Yes, my problem occurs actually with a 32-bit application on a windows 7
64bit. If I use a 64-bit application or I execute 32-bit application on a
32-bit OS everything is OK. ( Actual state of my tests. )

Enclosed you find the output of "!analyze -v" and the source code which I
used to map the memory (original from the WinDDK (V 6000 )).

My next try is to install the Driver under a checked build Windows 7.

Kind regards,
Walter Steinhauser

****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***

KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185, it
means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: 0000000000000001, lock type that was held (value 1,2,3, or PTE
address)
Arg2: ffffffffd0000006, error status (normally i/o status code)
Arg3: fffffa80010d3860, current process (virtual address for lock type 3, or
PTE)
Arg4: fffff6800000e000, virtual address that could not be in-paged (or PTE
contents if arg1 is a PTE address)

Debugging Details:

ERROR_CODE: (NTSTATUS) 0xd0000006 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The required data was not placed into memory because of
an I/O error status of "0x%08lx".

BUGCHECK_STR: 0x7a_d0000006

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: FR-IB100_test.

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff800029bd682 to fffff800028be660

STACK_TEXT:
fffff880055298a8 fffff800029bd682 : 0000000000000001 fffffa80010e3900
0000000000000065 fffff80002904b14 : nt!DbgBreakPointWithStatus
fffff880055298b0 fffff800029be46e : fffffa8000000003 0000000000000000
fffff800029016e0 000000000000007a : nt!KiBugCheckDebugBreak+0x12
fffff88005529910 fffff800028c6704 : 0000000000000000 fffff6fb7da00000
fffffa80010d3860 fffff6800000e000 : nt!KeBugCheck2+0x71e
fffff88005529fe0 fffff8000286cd08 : 000000000000007a 0000000000000001
ffffffffd0000006 fffffa80010d3860 : nt!KeBugCheckEx+0x104
fffff8800552a020 fffff800028f67ac : fffff6800000e000 fffff6fb7da00000
fffffa80010d3860 fffffa8000f14d00 : nt! ?? ::FNODOBFM::string'+0x2ee43 fffff8800552a080 fffff8000298fec4 : 0000000000000001 0000000000000000 8000000000000867 fffff80002bdc627 : nt!MiMakePdeExistAndMakeValid+0x98 fffff8800552a0b0 fffff80002c8902e : 0000000001d70000 fffffa800110e800 0000000000000000 ffffffffffffffff : nt!MiMapLockedPagesInUserSpaceHelper+0x134 fffff8800552a140 fffff8000293a0d0 : fffffa800110e7d0 fffff80000000001 fffffa8000000001 0000000001d70000 : nt!MiMapLockedPagesInUserSpace+0x56e fffff8800552a1d0 fffff88003412163 : 0000000000000000 0000000000000001 fffffa8001258d20 fffff8800552aca0 : nt! ?? ::FNODOBFM::string'+0x33b48
fffff8800552a290 fffff880034124ff : fffffa8001400000 fffff88000100000
fffffa8000000008 0000000000000000 : XATib100!ShareDmaMem+0x73
[d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
fffff8800552a2e0 fffff880034026dc : fffffa80021e4f68 fffff8800116f739
fffffa800118e388 fffff8800552a390 : XATib100!CPhysicalMem::MapUser+0x1f
[d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 291]
fffff8800552a310 fffff880034071b6 : fffffa80021e4ec0 fffff88000000002
fffff8800552a7a8 fffff8800552a7a0 : XATib100!KHwSupport::MapUser+0x16c
[d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\hwsupp.cpp @ 1093]
fffff8800552a350 fffff88003407fe3 : fffffa800113d188 0000000000000001
0000000000000000 0000000000000001 : XATib100!KClnkRes::OnClnkRequest+0x176
[d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\cclres.cpp @ 134]
fffff8800552a800 fffff880011710c6 : fffffa800113d1e4 0000000000000000
fffffa8001258d20 0000000000000000 :
XATib100!KCclClnkServer::KClnkEvent::OnRequest+0x43
[v:\src\libraries\vcisys.lib\src\ccl classes\kcclclnkserver.cpp @ 166]
fffff8800552a840 fffff8800116fefb : fffffa800118e388 fffff8800552aca0
fffffa80010d3c68 0000000000000000 : vcisrv!Ordinal997+0x80c6
fffff8800552a880 fffff8800119f702 : fffffa8000fa92c8 0000000000000000
0000000000000000 0000000000000000 : vcisrv!Ordinal997+0x6efb
fffff8800552a8b0 fffff8800119f30a : fffffa80012a3018 fffffa800104fee0
fffff8a00245f8b8 fffff800028b88bd : vcisrv!DllUnload+0x5ab2
fffff8800552a8f0 fffff88001184f56 : fffffa80012a3018 fffffa800104fee0
0000000000003400 fffffa800100af20 : vcisrv!DllUnload+0x56ba
fffff8800552a940 fffff88001181c1c : fffffa80012a3018 fffffa800104fee0
fffffa8001104be0 fffff8000293575c : vcisrv!Ordinal997+0x1bf56
fffff8800552a980 fffff88001183377 : fffff880011896a0 fffffa800104fee0
fffffa8001691330 0000000000000001 : vcisrv!Ordinal997+0x18c1c
fffff8800552a9d0 fffff80002be26b7 : fffffa8001691330 fffffa800104fee0
fffffa800104fff8 fffffa800104fee0 : vcisrv!Ordinal997+0x1a377
fffff8800552aa10 fffff80002be2f16 : 000000000008e348 0000000000000000
0000000000000000 0000000000000000 : nt!IopXxxControlFile+0x607
fffff8800552ab40 fffff800028c5853 : 00000000000002bc 000000000008e2e8
fffffa8001f2b710 0000007fffffffff : nt!NtDeviceIoControlFile+0x56
fffff8800552abb0 00000000742e2dd9 : 00000000742e2932 0000000077920190
0000000074350023 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
000000000008ebf8 00000000742e2932 : 0000000077920190 0000000074350023
0000000000000000 000000000018fff0 : wow64cpu!CpupSyscallStub+0x9
000000000008ec00 000000007435d07e : 0000000000000000 00000000742e1920
000000000008ee90 0000000077763831 : wow64cpu!DeviceIoctlFileFault+0x31
000000000008ecc0 000000007435c549 : 0000000000000000 0000000000000000
0000000074354ac8 000000007ffe0030 : wow64!RunCpuSimulation+0xa
000000000008ed10 00000000777782c8 : 0000000000302cc0 0000000000000000
0000000077863670 00000000778354a0 : wow64!Wow64LdrpInitialize+0x429
000000000008f260 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : ntdll+0x482c8

STACK_COMMAND: kb

FOLLOWUP_IP:
XATib100!ShareDmaMem+73
[d:__svn\vci2_18\src\drivers\fr-ib100_pcie\driver\src\wdm_mem.cpp @ 69]
fffff880`03412163 4889442430 mov qword ptr [rsp+30h],rax

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: XATib100!ShareDmaMem+73

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: XATib100

IMAGE_NAME: XATib100.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4c3eb30e

FAILURE_BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73

BUCKET_ID: X64_0x7a_d0000006_XATib100!ShareDmaMem+73

Followup: MachineOwner

////////////////////////////////////////////////////////////////////////////
///
/**
Maps memory into the user space.

@param pVirtualAddress
Address of the beginning of the buffer to be mapped.
@param ulSize
Size of the buffer to be mapped.

@return
Pointer to mapped buffer.

@note

*/
PVOID ShareDmaMem( PVOID pVirtualAddress, ULONG ulSize ) {
PMDL pMDL; // Pointer to the memory descriptor list.
PVOID pMappedVirtualAddress = NULL ; // Pointer to the user memory.

pMDL = IoAllocateMdl(pVirtualAddress, ulSize, FALSE, FALSE, NULL);

if (pMDL)
{
MmBuildMdlForNonPagedPool(pMDL);

__try
{
pMappedVirtualAddress = MmMapLockedPagesSpecifyCache( pMDL,
UserMode,
MmCached,
NULL,
FALSE,

HighPagePriority);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
pMappedVirtualAddress = NULL;
}

//
// Release memory allocated for MDL.
//
IoFreeMdl(pMDL);
}

return pMappedVirtualAddress;
}

////////////////////////////////////////////////////////////////////////////
///
/**
Unmaps memory from user space.

@param pVirtualAddress
Address of the beginning of the buffer
@param ulSize
Size of the buffer
*/
VOID UnshareDmaMem( PVOID pMappedAddress, ULONG ulSize ) {
PMDL pMDL; // Pointer to the memory descriptor list.

if( MmIsAddressValid(pMappedAddress))
{
pMDL = IoAllocateMdl(pMappedAddress, ulSize, FALSE, FALSE, NULL);

if ( pMDL )
{
MmBuildMdlForNonPagedPool(pMDL);
MmUnmapLockedPages(pMappedAddress, pMDL);

//
// Release memory allocated for MDL.
//
IoFreeMdl(pMDL);
}
}
} // UnshareDmaMem()

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@ixxat.de
Sent: Thursday, July 15, 2010 4:17 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Mapping of physical memory to 32bit application on
x64 environment

Hi,

i am developing a driver for a PCIe interface.

This card uses direct access to physical memory (1MB) which is
allocate with the function
pAdapter->DmaOperations->AllocateCommonBuffer.

The physical memory is mapped into a 32-bit process with
MmMapLockedPagesSpecifyCache.
After the process starts several time (1 -5), I got a bluescreen with
KERNEL_DATA_INPAGE_ERROR at the call of MmMapLockedPagesSpecifyCache.

Now I guess that something goes bad with the release of the mapped
memory
(MmUnmapLockedPages) in the 32-bit application.

The same code works well with a 32bit application in 32bit environment
and with 64-bit application in a x64 environment.

Could you please give me some hint how I could solve this issue.

How can I check the calling context of the code ?
How can I check the page table with Windbg ?

Thank you for your help.

Walter Steinhauser
Entwicklung/Development

IXXAT Automation GmbH
Leibnizstrasse 15, 88250 Weingarten, Germany Phone +49-751-56146-0 Fax
+49-751-56146-29 mailto:xxxxx@ixxat.de http://www.ixxat.de

PRIVILEGED AND CONFIDENTIAL.
Any unauthorized use or disclosure
is strictly prohibited.

Sitz der Gesellschaft: Weingarten
Handelsregister Ulm HRB 551905
Gesch?ftsf?hrer:
Dipl.-Ing. Christian Schlegel,
Dipl.-Ing. Werner Sauter

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR

To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR

To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum

---

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:

To unsubscribe, visit the List Server section of OSR Online at