MmGetSystemAddressForMdlSafe returns NULL

NTDEV
1

Hi all,

in my driver I receive IRPs from the user mode.

The IRPs are using DIRECT_IO method (regular reads and writes).

I need to access the buffer, described by Irp->MdlAddress and to copy

some of the buffer’s data onto my local buffer allocated in the driver.

For that purpose I use the MmGetSystemAddressForMdlSafe function on
Irp->MdlAddress.

It worked OK for a long time.

But recently I started to receive bursts of events, in which this
function returned NULL.

I.e., it failed to map the pages to the kernel process space.

Is there any other reason for this function to fail, besides the lack of
resources (e.g., IRQL issues) ?

Is there any other way to copy the data from the buffer described by
Irp->MdlAddress?

I am sure that I call this function at PASSIVE_LEVEL (although I will
double-check it).

Thanks for all your time,

Alex.

************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

2

>Is there any other reason for this function to fail, besides the lack of

resources (e.g., IRQL issues) ?

Lack of system PTEs.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

3

Lack of resources (in particular contiguous pages in the kernel VA
space) are really the only reason this should fail.

You can allocate some reserve mappings during initialization (see
MmAllocateMappingAddress) and fall back to using these should
MmGetSystemAddressForMdlSafe fail. To be fully safe in the face of low
resources you would also want to allocate enough space for a partial MDL
that you can use to window your way through the MDL you receive.

Of course you still need to determine where you’re going to copy the
data to … if you’re out of space to map the buffer you probably are
also out of space to allocate a new system buffer to contain the copy J

-p

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Alexander Lyakas
Sent: Tuesday, July 11, 2006 12:48 AM
To: Windows System Software Devs Interest List
Cc: Gabriel Mizrahi; Tamir Offek; Yohai Merzel; Moshe Melnikov
Subject: [ntdev] MmGetSystemAddressForMdlSafe returns NULL

Hi all,

in my driver I receive IRPs from the user mode.

The IRPs are using DIRECT_IO method (regular reads and writes).

I need to access the buffer, described by Irp->MdlAddress and to copy

some of the buffer’s data onto my local buffer allocated in the driver.

For that purpose I use the MmGetSystemAddressForMdlSafe function on
Irp->MdlAddress.

It worked OK for a long time.

But recently I started to receive bursts of events, in which this
function returned NULL.

I.e., it failed to map the pages to the kernel process space.

Is there any other reason for this function to fail, besides the lack of
resources (e.g., IRQL issues) ?

Is there any other way to copy the data from the buffer described by
Irp->MdlAddress?

I am sure that I call this function at PASSIVE_LEVEL (although I will
double-check it).

Thanks for all your time,

Alex.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

************************************************************************
************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.
************************************************************************
************

4

Max, Peter, thanks for your answers.
As for reserved mappings - I will consider using them, since I do know the maximal transfer length.
As for the destination buffer - it’s preallocated, locked down, mapped and everything, so no worries there.
It seems for me that for now, I need to provide a plan B in case this function fails.

As for my second question - if the fuction succeeds - do I need to free any resources after I am done
with the source buffer?
I read through ntdev and found a post (by Max, I think), which says that if it’s a driver-allocated IRP, I may need to do some cleanup by myself.
I am 100% sure that IoFreeMdl is called on the MDL in question.
Do you think there is anything else I need to do?

5

> As for my second question - if the fuction succeeds - do I need to free any

resources after I am done
with the source buffer?

No. MmUnlockPages or IoFreeMdl will do this automatically.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

6

What are you specifying for the Priority parameter? For debug purposes, set it to LowPagePriority. If after the system runs for some period of time this function fails solidly, it could indicate there is leak in your mdl handling somewhere else.