ProtocolReceive crashes

OSR_Community_User · March 9, 2006, 3:17pm

Hi!

I modified the Passthru IM driver. In my ProtocolReceive function when
NdisGetReceivePacket doesn’t return with the full packet I try to create
it from the parameters passed to ProtocolReceive.
I allocate memory for the packet, it’s size is HeaderBufferSize +
PacketSize.
I copy the HeaderBuffer, then the LookAheadBuffer to my memory.
Then i check if LookAheadBufferSize < PacketSize. This check fails, so
the two size is equal.
And here comes the crash. I call NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle) and I get a blue screen with
DRIVER_IRQL_NOT_LESS_OR_EQUAL.

From WinDbg:
READ_ADDRESS: 12008432

CURRENT_IRQL: 2

FAULTING_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from f0b74000 to 804e187f

STACK_TEXT:
8054ff7c f0b74000 badb0d00 120083f6 ffa4dd93 nt!KiTrap0E+0x233
80550104 f908ebd6 ff460e38 ff962008 f23b209c passthru!PtReceive+0x280
[c:.…\protocol.c @ 1211]
80550138 00030000 02010000 64610400 04016c73
NDIS!EthFilterDprIndicateReceive+0xe0
WARNING: Frame IP not in any known module. Following frames may be wrong.
80550168 f9540802 ff962008 0000ffff ff962008 0x30000
80550178 f9540889 ff962008 804e4a15 811b9658 RTL8139!RTFast_RcvDpc+0x50
80550190 f9087712 00962008 80558e80 80558c20
RTL8139!RTFast_HandleInterrupt+0x2f
805501ac 804dbbd4 ff962074 ff962060 00000000 NDIS!ndisMDpc+0xff
805501d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
805501d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

FAULTING_SOURCE_CODE:
1207: }
1208: }
1209: else
1210: {
> 1211: NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle);
1212: if (Status == NDIS_STATUS_SUCCESS)
1213: {
1214: NdisChainBufferAtFront(Packet, LookAheadBuffer);
1215: }
1216: else

Can anyone tell me what’s wrong?
Thanks.

Baki

David_R_Cattley · March 9, 2006, 4:21pm

Baki,

You indicated that you try to allocate the packet with
NdisDprAllocatePacket() but I don’t see where you said you ever acquired a
spinlock to raise IRQL to DISPLATCH_LEVEL.

You cannot call NdisDprAllocatePacket() unless you *know* you are at
DISPATCH_LEVEL. The receive path of an NDIS Protocol (that is what an IM
driver is behaving as in this case) is not guaranteed to be called at
DISPATCH_LEVEL, it is restricted to behave within the range of IRQL <=
DISPATCH_LEVEL.

Try changing your call of NdisDprAllocatePacket() to NdisAllocatePacket()
and see what happens.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bakonyi Gabor
Sent: Thursday, March 09, 2006 3:17 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ProtocolReceive crashes

Hi!

I modified the Passthru IM driver. In my ProtocolReceive function when
NdisGetReceivePacket doesn’t return with the full packet I try to create it
from the parameters passed to ProtocolReceive.
I allocate memory for the packet, it’s size is HeaderBufferSize +
PacketSize.
I copy the HeaderBuffer, then the LookAheadBuffer to my memory.
Then i check if LookAheadBufferSize < PacketSize. This check fails, so the
two size is equal.
And here comes the crash. I call NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle) and I get a blue screen with
DRIVER_IRQL_NOT_LESS_OR_EQUAL.

From WinDbg:
READ_ADDRESS: 12008432

CURRENT_IRQL: 2

FAULTING_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from f0b74000 to 804e187f

STACK_TEXT:
8054ff7c f0b74000 badb0d00 120083f6 ffa4dd93 nt!KiTrap0E+0x233
80550104 f908ebd6 ff460e38 ff962008 f23b209c passthru!PtReceive+0x280
[c:.…\protocol.c @ 1211]
80550138 00030000 02010000 64610400 04016c73
NDIS!EthFilterDprIndicateReceive+0xe0
WARNING: Frame IP not in any known module. Following frames may be wrong.
80550168 f9540802 ff962008 0000ffff ff962008 0x30000
80550178 f9540889 ff962008 804e4a15 811b9658 RTL8139!RTFast_RcvDpc+0x50
80550190 f9087712 00962008 80558e80 80558c20
RTL8139!RTFast_HandleInterrupt+0x2f
805501ac 804dbbd4 ff962074 ff962060 00000000 NDIS!ndisMDpc+0xff
805501d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
805501d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

FAULTING_SOURCE_CODE:
1207: }
1208: }
1209: else
1210: {
> 1211: NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle);
1212: if (Status == NDIS_STATUS_SUCCESS)
1213: {
1214: NdisChainBufferAtFront(Packet, LookAheadBuffer);
1215: }
1216: else

Can anyone tell me what’s wrong?
Thanks.

Baki

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · March 10, 2006, 1:01am

Dear Bakonyi,
In may test about PASSTHRU, just do like yours , it’s ok, NO pc crash .
Maybe you should give more SOURCE_CODE in ProtocolReceive() function ,
if it can be .
So we can know about your case.

Best regards
Josephxu

2006/3/9, Bakonyi Gabor :
>
> Hi!
>
> I modified the Passthru IM driver. In my ProtocolReceive function when
> NdisGetReceivePacket doesn’t return with the full packet I try to create
> it from the parameters passed to ProtocolReceive.
> I allocate memory for the packet, it’s size is HeaderBufferSize +
> PacketSize.
> I copy the HeaderBuffer, then the LookAheadBuffer to my memory.
> Then i check if LookAheadBufferSize < PacketSize. This check fails, so
> the two size is equal.
> And here comes the crash. I call NdisDprAllocatePacket(&Status, &Packet,
> pAdapt->RecvPacketPoolHandle) and I get a blue screen with
> DRIVER_IRQL_NOT_LESS_OR_EQUAL.
>
> From WinDbg:
> READ_ADDRESS: 12008432
>
> CURRENT_IRQL: 2
>
> FAULTING_IP:
> passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
> f0b74000 8b423c mov eax,[edx+0x3c]
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0xD1
>
> LAST_CONTROL_TRANSFER: from f0b74000 to 804e187f
>
> STACK_TEXT:
> 8054ff7c f0b74000 badb0d00 120083f6 ffa4dd93 nt!KiTrap0E+0x233
> 80550104 f908ebd6 ff460e38 ff962008 f23b209c passthru!PtReceive+0x280
> [c:.…\protocol.c @ 1211]
> 80550138 00030000 02010000 64610400 04016c73
> NDIS!EthFilterDprIndicateReceive+0xe0
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 80550168 f9540802 ff962008 0000ffff ff962008 0x30000
> 80550178 f9540889 ff962008 804e4a15 811b9658 RTL8139!RTFast_RcvDpc+0x50
> 80550190 f9087712 00962008 80558e80 80558c20
> RTL8139!RTFast_HandleInterrupt+0x2f
> 805501ac 804dbbd4 ff962074 ff962060 00000000 NDIS!ndisMDpc+0xff
> 805501d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
> 805501d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26
>
> STACK_COMMAND: .bugcheck ; kb
>
> FOLLOWUP_IP:
> passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
> f0b74000 8b423c mov eax,[edx+0x3c]
>
> FAULTING_SOURCE_CODE:
> 1207: }
> 1208: }
> 1209: else
> 1210: {
> > 1211: NdisDprAllocatePacket(&Status, &Packet,
> pAdapt->RecvPacketPoolHandle);
> 1212: if (Status == NDIS_STATUS_SUCCESS)
> 1213: {
> 1214: NdisChainBufferAtFront(Packet, LookAheadBuffer);
> 1215: }
> 1216: else
>
> Can anyone tell me what’s wrong?
> Thanks.
>
> Baki
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

OSR_Community_User · March 10, 2006, 2:33am

When I wanted to copy the source code to this reply, I reviewed the code
and found the bug. For some reason, I wanted to chain the
LookAheadBuffer to the Packet not the buffer I allocated. So, the
mystery is solved, thank you for the help

Baki

David R. Cattley wrote:

Baki,

You indicated that you try to allocate the packet with
NdisDprAllocatePacket() but I don’t see where you said you ever acquired a
spinlock to raise IRQL to DISPLATCH_LEVEL.

You cannot call NdisDprAllocatePacket() unless you *know* you are at
DISPATCH_LEVEL. The receive path of an NDIS Protocol (that is what an IM
driver is behaving as in this case) is not guaranteed to be called at
DISPATCH_LEVEL, it is restricted to behave within the range of IRQL <=
DISPATCH_LEVEL.

Try changing your call of NdisDprAllocatePacket() to NdisAllocatePacket()
and see what happens.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bakonyi Gabor
Sent: Thursday, March 09, 2006 3:17 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ProtocolReceive crashes

Hi!

I modified the Passthru IM driver. In my ProtocolReceive function when
NdisGetReceivePacket doesn’t return with the full packet I try to create it
from the parameters passed to ProtocolReceive.
I allocate memory for the packet, it’s size is HeaderBufferSize +
PacketSize.
I copy the HeaderBuffer, then the LookAheadBuffer to my memory.
Then i check if LookAheadBufferSize < PacketSize. This check fails, so the
two size is equal.
And here comes the crash. I call NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle) and I get a blue screen with
DRIVER_IRQL_NOT_LESS_OR_EQUAL.

From WinDbg:
READ_ADDRESS: 12008432

CURRENT_IRQL: 2

FAULTING_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from f0b74000 to 804e187f

STACK_TEXT:
8054ff7c f0b74000 badb0d00 120083f6 ffa4dd93 nt!KiTrap0E+0x233
80550104 f908ebd6 ff460e38 ff962008 f23b209c passthru!PtReceive+0x280
[c:.…\protocol.c @ 1211]
80550138 00030000 02010000 64610400 04016c73
NDIS!EthFilterDprIndicateReceive+0xe0
WARNING: Frame IP not in any known module. Following frames may be wrong.
80550168 f9540802 ff962008 0000ffff ff962008 0x30000
80550178 f9540889 ff962008 804e4a15 811b9658 RTL8139!RTFast_RcvDpc+0x50
80550190 f9087712 00962008 80558e80 80558c20
RTL8139!RTFast_HandleInterrupt+0x2f
805501ac 804dbbd4 ff962074 ff962060 00000000 NDIS!ndisMDpc+0xff
805501d0 804dbb4d 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46
805501d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26

STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
passthru!PtReceive+280 [c:.…\protocol.c @ 1211]
f0b74000 8b423c mov eax,[edx+0x3c]

FAULTING_SOURCE_CODE:
1207: }
1208: }
1209: else
1210: {
> 1211: NdisDprAllocatePacket(&Status, &Packet,
pAdapt->RecvPacketPoolHandle);
1212: if (Status == NDIS_STATUS_SUCCESS)
1213: {
1214: NdisChainBufferAtFront(Packet, LookAheadBuffer);
1215: }
1216: else

Can anyone tell me what’s wrong?
Thanks.

Baki

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer