mmprobeandlockpages

OSR_Community_User · May 7, 2003, 4:56am

hi,

when MmProbeAndLockPages is called, it will try to make the buffer resident
in memory. so if the buffer is very big, the call will fail?

how do i ensure that the whole buffer in Irp->UserBuffer is valid in write
dispatch? meaning, is there a way to check if the start to end of the buffer
is valid for reading?

Ampsi

Jagannath_Krishnan · May 7, 2003, 5:01pm

You can probe the memory using ProbeForRead.
You’ll find documentation for it in the DDK.

-Jagannath

OSR_Community_User · May 7, 2003, 5:11pm

Note that just because a piece of user memory is valid at some point in
time, there is no guarantee that it is valid a short time later. Doing so
introduces a security hole in your driver.

The reason to use ProbeForRead is to validate the *alignment* of a buffer.
Use __try/__except around any direct access via a user address, including
calling MmProbeAndLockPages.

If the probe and lock fails on the entire buffer you have two choices:

Reject the call, return an error to the user; or
Break the operation into multiple pieces (make sure you define the failure
semantics here so you can handle an error part way through the buffer!)

Which is what the original request was about, correct?

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Jagannath Krishnan [mailto:xxxxx@hotmail.com]
Sent: Wednesday, May 07, 2003 5:09 PM
To: File Systems Developers
Subject: [ntfsd] Re: mmprobeandlockpages

You can probe the memory using ProbeForRead.
You’ll find documentation for it in the DDK.

-Jagannath

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · May 7, 2003, 10:48pm

thanks.

Ampsi

----- Original Message -----
From: “Tony Mason”
To: “File Systems Developers”
Sent: Thursday, May 08, 2003 05:10
Subject: [ntfsd] Re: mmprobeandlockpages

Note that just because a piece of user memory is valid at some point in
time, there is no guarantee that it is valid a short time later. Doing so
introduces a security hole in your driver.

The reason to use ProbeForRead is to validate the alignment of a buffer.
Use try/ except around any direct access via a user address, including
calling MmProbeAndLockPages.

If the probe and lock fails on the entire buffer you have two choices:

- Reject the call, return an error to the user; or
- Break the operation into multiple pieces (make sure you define the failure
semantics here so you can handle an error part way through the buffer!)

Which is what the original request was about, correct?

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Jagannath Krishnan [mailto:xxxxx@hotmail.com]
Sent: Wednesday, May 07, 2003 5:09 PM
To: File Systems Developers
Subject: [ntfsd] Re: mmprobeandlockpages

You can probe the memory using ProbeForRead.
You’ll find documentation for it in the DDK.

-Jagannath

—
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to ntfsd as: xxxxx@pmail.ntu.edu.sg
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · May 7, 2003, 10:58pm

Just a minor correction so that this email is not misunderstood:
Probe…() also validates that the buffer does not cross the
user->kernel boundary,
and raises if it is (which cannot be caught by try-except() around
buffer access alone), so even if you don’t have alignment restrictions
it is necessary.
Ravi

-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Wednesday, May 07, 2003 2:11 PM
To: File Systems Developers

Note that just because a piece of user memory is valid at some point in
time, there is no guarantee that it is valid a short time later. Doing
so introduces a security hole in your driver.

The reason to use ProbeForRead is to validate the *alignment* of a
buffer.
Use __try/__except around any direct access via a user address,
including calling MmProbeAndLockPages.

If the probe and lock fails on the entire buffer you have two choices:

Reject the call, return an error to the user; or
Break the operation into multiple pieces (make sure you define the
failure semantics here so you can handle an error part way through the
buffer!)

Which is what the original request was about, correct?

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Jagannath Krishnan [mailto:xxxxx@hotmail.com]
Sent: Wednesday, May 07, 2003 5:09 PM
To: File Systems Developers
Subject: [ntfsd] Re: mmprobeandlockpages

You can probe the memory using ProbeForRead.
You’ll find documentation for it in the DDK.

-Jagannath

You are currently subscribed to ntfsd as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com