Platform: Win2K (SP2)
Here is the situation…
- I have a memory block allocated (NonPaged) in Create routine. This block
is a structure containing local variables. Lets say…
struct MyLocalVariables
{
UNICODE_STRING myStr;
}
-
This structure gets passed to a routine which allocates memory for the
string. The allocation is done in PagedPool.
-
Later in CREATE routine, “myStr” gets passed to some other routine which
tries to make a copy of this string.
NTSTATUS DuplicateThisString(PUNICODE_STRING pstrSource, PUNICODE_STRING
pstrDest)
{
NTSTATUS ntRet;
if (NULL != pstrSource->Buffer)
{
*pstrDest = *pstrSource;
pstrDest->Buffer = FsAllocatePool(PagedPool,
pstrSource->MaximumLength);
RtlCopyMemory(pstrDest->Buffer, pstrSource->Buffer,
pstrSource->MaximumLength);
ntRet = STATUS_SUCCESS;
}
else
{
ntRet = STATUS_INVALID_PARAMETER;
}
return ntRet;
}
- The drier creates BSOD on RtlCopyMemory call. I came to this conclusion
from the dump analysis…
READ_ADDRESS: e887af08 Paged pool
FAULTING_IP:
MyDriver!DuplicateThisString+44
bdbec030 f3a5 rep movsd
MM_INTERNAL_CODE: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
TRAP_FRAME: bd77a064 – (.trap ffffffffbd77a064)
ErrCode = 00000000
eax=000000f8 ebx=00000000 ecx=0000003e edx=5d790005 esi=e887af08
edi=e83f13e8
eip=bdbec030 esp=bd77a0d8 ebp=bd77a14c iopl=0 nv up ei pl nz na pe
nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
MyDriver!DuplicateThisString+44:
bdbec030 f3a5 rep movsd ds:e887af08=???
es:e83f13e8=00000000
Clearly ESI register has gone bad.
My question… How can I avoid this? This does not happen all the time.
Only when there are bunch of other filter drivers in the chain… Especially
Norton and some backup application.
Is this mix of Paged and NonPaged allocation causing the trouble?
Thanks.
Naveen
That code looks fine (except that you aren’t checking the return value
of FsAllocatePool). How are you initializing pstrSource? Are you sure
pstrSource->Buffer is actually pstrSource->MaximumLength bytes in size?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Kohli, Naveen
Sent: Monday, June 09, 2003 5:30 PM
To: File Systems Developers
Subject: [ntfsd] PAGE_FAULT_IN_NONPAGED_AREA (50)
Platform: Win2K (SP2)
Here is the situation…
- I have a memory block allocated (NonPaged) in Create routine. This
block is a structure containing local variables. Lets say…
struct MyLocalVariables
{
UNICODE_STRING myStr;
}
- This structure gets passed to a routine which allocates memory for
the string. The allocation is done in PagedPool.
- Later in CREATE routine, “myStr” gets passed to some other routine
which tries to make a copy of this string.
NTSTATUS DuplicateThisString(PUNICODE_STRING pstrSource, PUNICODE_STRING
pstrDest)
{
NTSTATUS ntRet;
if (NULL != pstrSource->Buffer)
{
*pstrDest = *pstrSource;
pstrDest->Buffer = FsAllocatePool(PagedPool,
pstrSource->MaximumLength);
RtlCopyMemory(pstrDest->Buffer, pstrSource->Buffer,
pstrSource->MaximumLength);
ntRet = STATUS_SUCCESS;
}
else
{
ntRet = STATUS_INVALID_PARAMETER;
}
return ntRet;
}
4. The drier creates BSOD on RtlCopyMemory call. I came to this
conclusion from the dump analysis…
READ_ADDRESS: e887af08 Paged pool
FAULTING_IP:
MyDriver!DuplicateThisString+44
bdbec030 f3a5 rep movsd
MM_INTERNAL_CODE: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
TRAP_FRAME: bd77a064 – (.trap ffffffffbd77a064)
ErrCode = 00000000
eax=000000f8 ebx=00000000 ecx=0000003e edx=5d790005 esi=e887af08
edi=e83f13e8
eip=bdbec030 esp=bd77a0d8 ebp=bd77a14c iopl=0 nv up ei pl nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
MyDriver!DuplicateThisString+44:
bdbec030 f3a5 rep movsd ds:e887af08=???
es:e83f13e8=00000000
Clearly ESI register has gone bad.
My question… How can I avoid this? This does not happen all the time.
Only when there are bunch of other filter drivers in the chain…
Especially Norton and some backup application.
Is this mix of Paged and NonPaged allocation causing the trouble?
Thanks.
Naveen
You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks for comment Nick.
I do check return value from ExAllocatePool. I just omitted some code to
keep it short. All the initializations work fine. The trouble starts when
there are 3 file filter drivers in the chain. Especially when Norton shows
up with some backup application. Looks more like trouble with resource
exhaustion.
Here some questions I have?
- the documentation for this bug check says that only way to avoid this
error is by probing. How do you do that?
- Is there a way to check if the specified buffer is valid for reading?
Thanks,
Naveen
-----Original Message-----
From: Nick Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, June 09, 2003 9:18 PM
To: File Systems Developers
That code looks fine (except that you aren’t checking the return value
of FsAllocatePool). How are you initializing pstrSource? Are you sure
pstrSource->Buffer is actually pstrSource->MaximumLength bytes in size?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Kohli, Naveen
Sent: Monday, June 09, 2003 5:30 PM
To: File Systems Developers
Subject: [ntfsd] PAGE_FAULT_IN_NONPAGED_AREA (50)
Platform: Win2K (SP2)
Here is the situation…
- I have a memory block allocated (NonPaged) in Create routine. This
block is a structure containing local variables. Lets say…
struct MyLocalVariables
{
UNICODE_STRING myStr;
}
- This structure gets passed to a routine which allocates memory for
the string. The allocation is done in PagedPool.
- Later in CREATE routine, “myStr” gets passed to some other routine
which tries to make a copy of this string.
NTSTATUS DuplicateThisString(PUNICODE_STRING pstrSource, PUNICODE_STRING
pstrDest)
{
NTSTATUS ntRet;
if (NULL != pstrSource->Buffer)
{
*pstrDest = *pstrSource;
pstrDest->Buffer = FsAllocatePool(PagedPool,
pstrSource->MaximumLength);
RtlCopyMemory(pstrDest->Buffer, pstrSource->Buffer,
pstrSource->MaximumLength);
ntRet = STATUS_SUCCESS;
}
else
{
ntRet = STATUS_INVALID_PARAMETER;
}
return ntRet;
}
4. The drier creates BSOD on RtlCopyMemory call. I came to this
conclusion from the dump analysis…
READ_ADDRESS: e887af08 Paged pool
FAULTING_IP:
MyDriver!DuplicateThisString+44
bdbec030 f3a5 rep movsd
MM_INTERNAL_CODE: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
TRAP_FRAME: bd77a064 – (.trap ffffffffbd77a064)
ErrCode = 00000000
eax=000000f8 ebx=00000000 ecx=0000003e edx=5d790005 esi=e887af08
edi=e83f13e8
eip=bdbec030 esp=bd77a0d8 ebp=bd77a14c iopl=0 nv up ei pl nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010202
MyDriver!DuplicateThisString+44:
bdbec030 f3a5 rep movsd ds:e887af08=???
es:e83f13e8=00000000
Clearly ESI register has gone bad.
My question… How can I avoid this? This does not happen all the time.
Only when there are bunch of other filter drivers in the chain…
Especially Norton and some backup application.
Is this mix of Paged and NonPaged allocation causing the trouble?
Thanks.
Naveen
You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@criticalsites.com
To unsubscribe send a blank email to xxxxx@lists.osr.com