I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
is invoked to virtual memory buffer that is it self mapped to process
space from physical memory outside Windows NT.
This problem does not exist in NT4 but is a problem in 2K.

There are two scenarios:

1. A contiguous range of physical memory is mapped into a process space
   using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
   does NOT fail.

2. A contiguous range of VIRTUAL memory in a process space is composed
   from two or more segments of physical memory that are discontiguous.
   ZwMapViewOfSection() is used to do this.
   ReadFile() to this mapped virtual memory range fails with
   ERROR_INVALID_USER_BUFFER.

Now, the problem occurs under Win2K but not under NT4. NT4 has
has SP5 as SP6 causes problems for us in relation to memory management.

The physical memory is reserved away from NT by using /MAXMEM=nnn
switch in BOOT.INI. The ZwMapViewOfSection() acts on PhysicalMemory
section object.
I can imagine that a similar problem may occur if memory being mapped is
part of VGA hardware or any other PCI device that may provide a
range of physical memory.

A workaround would be to use intermediate buffer allocated using
VirtualAlloc() but given high amounts of I/O we would prefer to avoid
unnecessary copy operations.

The ZwMapViewOfSection() usage is as follows:

ZwMapViewOfSection (pDE->SectionHandle,
ClientProcess,
&virtualAddress,
0L, // Zero bits
0L, // Zero commit
&viewBase, // offset from start of section
&TotalLength,
ViewShare, // Inherit disposition
0x0, // Allocation type
PAGE_READWRITE // | PAGE_NOCACHE
);

Mapping does not fail.

Has anyone got a clue to what may be the problem.

–

Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>

Problem update:

The problem has been found to cause another symptom that is consistent with
ReadFile() failure.

Referring to scenario 2 in my previous posting a virtual memory range is
created using multiple sections of physical memory.
This virtual memory range is to be locked in our kernel driver to do
output on our hardware. I/O is done using METHOD_NEITHER.
Kernel driver creates MDL for this memory range and does a
MmProbeAndLockPages() so that memory is
a) locked down and
b) we can determine physical page addresses for Dma scatter/gather
chains

The MmProbeAndLockPages() throws an exception which we catch.

This behavior does not occur with NT4 and is almost certainly responsible
for ReadFile() failure. ReadFile on file system devices would almost
certainly use METHOD_DIRECT which implies it would also create
and MDL and do a lock.

Hope this update helps.

ned

Ned Kacavenda wrote:

I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
is invoked to virtual memory buffer that is it self mapped to process
space from physical memory outside Windows NT.
This problem does not exist in NT4 but is a problem in 2K.

There are two scenarios:

1. A contiguous range of physical memory is mapped into a process space
   using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
   does NOT fail.

2. A contiguous range of VIRTUAL memory in a process space is composed
   from two or more segments of physical memory that are discontiguous.
   ZwMapViewOfSection() is used to do this.
   ReadFile() to this mapped virtual memory range fails with
   ERROR_INVALID_USER_BUFFER.

Now, the problem occurs under Win2K but not under NT4. NT4 has
has SP5 as SP6 causes problems for us in relation to memory management.

The physical memory is reserved away from NT by using /MAXMEM=nnn
switch in BOOT.INI. The ZwMapViewOfSection() acts on PhysicalMemory
section object.
I can imagine that a similar problem may occur if memory being mapped is
part of VGA hardware or any other PCI device that may provide a
range of physical memory.

A workaround would be to use intermediate buffer allocated using
VirtualAlloc() but given high amounts of I/O we would prefer to avoid
unnecessary copy operations.

The ZwMapViewOfSection() usage is as follows:

ZwMapViewOfSection (pDE->SectionHandle,
ClientProcess,
&virtualAddress,
0L, // Zero bits
0L, // Zero commit
&viewBase, // offset from start of section
&TotalLength,
ViewShare, // Inherit disposition
0x0, // Allocation type
PAGE_READWRITE // | PAGE_NOCACHE
);

Mapping does not fail.

Has anyone got a clue to what may be the problem.

–

Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>

---

You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
To unsubscribe send a blank email to %%email.unsub%%

–

Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>

Give me please the exception code.

----- Original Message -----
From: “Ned Kacavenda”
To: “NT Developers Interest List”
Sent: Tuesday, August 27, 2002 9:05 AM
Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
2K

> Problem update:
>
> The problem has been found to cause another symptom that is consistent
with
> ReadFile() failure.
>
> Referring to scenario 2 in my previous posting a virtual memory range is
> created using multiple sections of physical memory.
> This virtual memory range is to be locked in our kernel driver to do
> output on our hardware. I/O is done using METHOD_NEITHER.
> Kernel driver creates MDL for this memory range and does a
> MmProbeAndLockPages() so that memory is
> a) locked down and
> b) we can determine physical page addresses for Dma scatter/gather
> chains
>
> The MmProbeAndLockPages() throws an exception which we catch.
>
> This behavior does not occur with NT4 and is almost certainly responsible
> for ReadFile() failure. ReadFile on file system devices would almost
> certainly use METHOD_DIRECT which implies it would also create
> and MDL and do a lock.
>
> Hope this update helps.
>
> ned
>
>
>
>
>
>
>
>
>
>
> Ned Kacavenda wrote:
>
> > I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
> > is invoked to virtual memory buffer that is it self mapped to process
> > space from physical memory outside Windows NT.
> > This problem does not exist in NT4 but is a problem in 2K.
> >
> > There are two scenarios:
> >
> > 1. A contiguous range of physical memory is mapped into a process space
> > using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
> > does NOT fail.
> >
> > 2. A contiguous range of VIRTUAL memory in a process space is composed
> > from two or more segments of physical memory that are discontiguous.
> > ZwMapViewOfSection() is used to do this.
> > ReadFile() to this mapped virtual memory range fails with
> > ERROR_INVALID_USER_BUFFER.
> >
> > Now, the problem occurs under Win2K but not under NT4. NT4 has
> > has SP5 as SP6 causes problems for us in relation to memory management.
> >
> > The physical memory is reserved away from NT by using /MAXMEM=nnn
> > switch in BOOT.INI. The ZwMapViewOfSection() acts on PhysicalMemory
> > section object.
> > I can imagine that a similar problem may occur if memory being mapped is
> > part of VGA hardware or any other PCI device that may provide a
> > range of physical memory.
> >
> > A workaround would be to use intermediate buffer allocated using
> > VirtualAlloc() but given high amounts of I/O we would prefer to avoid
> > unnecessary copy operations.
> >
> > The ZwMapViewOfSection() usage is as follows:
> >
> > ZwMapViewOfSection (pDE->SectionHandle,
> > ClientProcess,
> > &virtualAddress,
> > 0L, // Zero bits
> > 0L, // Zero commit
> > &viewBase, // offset from start of
section
> > &TotalLength,
> > ViewShare, // Inherit disposition
> > 0x0, // Allocation type
> > PAGE_READWRITE // | PAGE_NOCACHE
> > );
> >
> > Mapping does not fail.
> >
> > Has anyone got a clue to what may be the problem.
> >
> > –
> > ===========================================================
> > Ned Kacavenda - Software Development
> > Colorbus Pty Ltd
> > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > Email: xxxxx@colorbus.com.au
> > web : http://www.colorbus.com http:</http:>
> > ===========================================================
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > To unsubscribe send a blank email to %%email.unsub%%
>
> –
> ===========================================================
> Ned Kacavenda - Software Development
> Colorbus Pty Ltd
> 1044 Dandenong Road Carnegie Victoria 3163 Australia
> Direct +61 3 8574 8023, Main +61 3 8574 8000
> Email: xxxxx@colorbus.com.au
> web : http://www.colorbus.com http:</http:>
> ===========================================================
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>

Exception code is 0xC0000005 which is access violation.

Additional information from EXCEPTION_RECORD gave
address where this occured at somewhere at 0x81nnnnn, did not
record full address. I suspect it is the execution code address.
NumberParameters in record was zero and so ExceptionInformation
was useless, despite microsoft doco explicitly indication that for
access violation there should be 2 entries in this array. Array had
meaningless random data in it.

I attempted to start fresh with checked build of NT but had no luck
with setting up our (very complex) software on it so as to repat
the exercise. In the end I was defeated by third pary drivers
and associated software that would not work on checked build.
Even the sysinternals DBGVIEW.EXE utility would not run on the
checked build of Win2K. DBGVIEW bluescreened the system
immedeately.

ned.

Dan Partelly wrote:

Give me please the exception code.

----- Original Message -----
From: “Ned Kacavenda”
> To: “NT Developers Interest List”
> Sent: Tuesday, August 27, 2002 9:05 AM
> Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
> 2K
>
> > Problem update:
> >
> > The problem has been found to cause another symptom that is consistent
> with
> > ReadFile() failure.
> >
> > Referring to scenario 2 in my previous posting a virtual memory range is
> > created using multiple sections of physical memory.
> > This virtual memory range is to be locked in our kernel driver to do
> > output on our hardware. I/O is done using METHOD_NEITHER.
> > Kernel driver creates MDL for this memory range and does a
> > MmProbeAndLockPages() so that memory is
> > a) locked down and
> > b) we can determine physical page addresses for Dma scatter/gather
> > chains
> >
> > The MmProbeAndLockPages() throws an exception which we catch.
> >
> > This behavior does not occur with NT4 and is almost certainly responsible
> > for ReadFile() failure. ReadFile on file system devices would almost
> > certainly use METHOD_DIRECT which implies it would also create
> > and MDL and do a lock.
> >
> > Hope this update helps.
> >
> > ned
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Ned Kacavenda wrote:
> >
> > > I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
> > > is invoked to virtual memory buffer that is it self mapped to process
> > > space from physical memory outside Windows NT.
> > > This problem does not exist in NT4 but is a problem in 2K.
> > >
> > > There are two scenarios:
> > >
> > > 1. A contiguous range of physical memory is mapped into a process space
> > > using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
> > > does NOT fail.
> > >
> > > 2. A contiguous range of VIRTUAL memory in a process space is composed
> > > from two or more segments of physical memory that are discontiguous.
> > > ZwMapViewOfSection() is used to do this.
> > > ReadFile() to this mapped virtual memory range fails with
> > > ERROR_INVALID_USER_BUFFER.
> > >
> > > Now, the problem occurs under Win2K but not under NT4. NT4 has
> > > has SP5 as SP6 causes problems for us in relation to memory management.
> > >
> > > The physical memory is reserved away from NT by using /MAXMEM=nnn
> > > switch in BOOT.INI. The ZwMapViewOfSection() acts on PhysicalMemory
> > > section object.
> > > I can imagine that a similar problem may occur if memory being mapped is
> > > part of VGA hardware or any other PCI device that may provide a
> > > range of physical memory.
> > >
> > > A workaround would be to use intermediate buffer allocated using
> > > VirtualAlloc() but given high amounts of I/O we would prefer to avoid
> > > unnecessary copy operations.
> > >
> > > The ZwMapViewOfSection() usage is as follows:
> > >
> > > ZwMapViewOfSection (pDE->SectionHandle,
> > > ClientProcess,
> > > &virtualAddress,
> > > 0L, // Zero bits
> > > 0L, // Zero commit
> > > &viewBase, // offset from start of
> section
> > > &TotalLength,
> > > ViewShare, // Inherit disposition
> > > 0x0, // Allocation type
> > > PAGE_READWRITE // | PAGE_NOCACHE
> > > );
> > >
> > > Mapping does not fail.
> > >
> > > Has anyone got a clue to what may be the problem.
> > >
> > > –
> > > ===========================================================
> > > Ned Kacavenda - Software Development
> > > Colorbus Pty Ltd
> > > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > > Email: xxxxx@colorbus.com.au
> > > web : http://www.colorbus.com http:</http:>
> > > ===========================================================
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > > To unsubscribe send a blank email to %%email.unsub%%
> >
> > –
> > ===========================================================
> > Ned Kacavenda - Software Development
> > Colorbus Pty Ltd
> > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > Email: xxxxx@colorbus.com.au
> > web : http://www.colorbus.com http:</http:>
> > ===========================================================
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> To unsubscribe send a blank email to %%email.unsub%%

–
===========================================================
Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>
===========================================================

Pretty interesting.
The two problems you describe are remotely linked to each other.
What you could do here is:

1. Dump the process VAD trees and see if what you think is contigous virtual
   memory it
   is really so. You say “using multiple sections”, and I dont really
   understand what you mean.
   Multiple subsequent calls to ZwMapView…() to map pieces of physicall
   memory into
   the address space contigous , one after another ? One impact of this is that
   it would result in multiple VADs. Now as I see it, this indeed can cause
   problems , (this is an educated guess,
   but ill verify it in the debugger), since the OS might see that you give a
   buffer which is bigger than the virtual memory described by the first walked
   VAD which suposedly should describe user space virtual memory which contains
   the whole buffer.

2. Trace into MmProbeAndLockPages() and see where it faults. What im
   interested here is mainly whatever the fault is in MmProbeAndLockPages() or
   in any API (mainly if its inside MmAccessFault() or not) which
   MmProbeAndLock() may call.

If you provide me this information I would be happy to look into this
problem for you, yet
I dont think what you are trying to do is legal. Will see.

Ciao, Dan

----- Original Message -----
From: “Ned Kacavenda”
To: “NT Developers Interest List”
Sent: Wednesday, August 28, 2002 10:09 AM
Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
2K

> Exception code is 0xC0000005 which is access violation.
>
> Additional information from EXCEPTION_RECORD gave
> address where this occured at somewhere at 0x81nnnnn, did not
> record full address. I suspect it is the execution code address.
> NumberParameters in record was zero and so ExceptionInformation
> was useless, despite microsoft doco explicitly indication that for
> access violation there should be 2 entries in this array. Array had
> meaningless random data in it.
>
> I attempted to start fresh with checked build of NT but had no luck
> with setting up our (very complex) software on it so as to repat
> the exercise. In the end I was defeated by third pary drivers
> and associated software that would not work on checked build.
> Even the sysinternals DBGVIEW.EXE utility would not run on the
> checked build of Win2K. DBGVIEW bluescreened the system
> immedeately.
>
> ned.
>
>
>
> Dan Partelly wrote:
>
> > Give me please the exception code.
> >
> > ----- Original Message -----
> > From: “Ned Kacavenda”
> > To: “NT Developers Interest List”
> > Sent: Tuesday, August 27, 2002 9:05 AM
> > Subject: [ntdev] Re: Unable to ReadFile() to physical memory section
under
> > 2K
> >
> > > Problem update:
> > >
> > > The problem has been found to cause another symptom that is consistent
> > with
> > > ReadFile() failure.
> > >
> > > Referring to scenario 2 in my previous posting a virtual memory range
is
> > > created using multiple sections of physical memory.
> > > This virtual memory range is to be locked in our kernel driver to do
> > > output on our hardware. I/O is done using METHOD_NEITHER.
> > > Kernel driver creates MDL for this memory range and does a
> > > MmProbeAndLockPages() so that memory is
> > > a) locked down and
> > > b) we can determine physical page addresses for Dma scatter/gather
> > > chains
> > >
> > > The MmProbeAndLockPages() throws an exception which we catch.
> > >
> > > This behavior does not occur with NT4 and is almost certainly
responsible
> > > for ReadFile() failure. ReadFile on file system devices would almost
> > > certainly use METHOD_DIRECT which implies it would also create
> > > and MDL and do a lock.
> > >
> > > Hope this update helps.
> > >
> > > ned
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Ned Kacavenda wrote:
> > >
> > > > I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
> > > > is invoked to virtual memory buffer that is it self mapped to
process
> > > > space from physical memory outside Windows NT.
> > > > This problem does not exist in NT4 but is a problem in 2K.
> > > >
> > > > There are two scenarios:
> > > >
> > > > 1. A contiguous range of physical memory is mapped into a process
space
> > > > using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
> > > > does NOT fail.
> > > >
> > > > 2. A contiguous range of VIRTUAL memory in a process space is
composed
> > > > from two or more segments of physical memory that are discontiguous.
> > > > ZwMapViewOfSection() is used to do this.
> > > > ReadFile() to this mapped virtual memory range fails with
> > > > ERROR_INVALID_USER_BUFFER.
> > > >
> > > > Now, the problem occurs under Win2K but not under NT4. NT4 has
> > > > has SP5 as SP6 causes problems for us in relation to memory
management.
> > > >
> > > > The physical memory is reserved away from NT by using /MAXMEM=nnn
> > > > switch in BOOT.INI. The ZwMapViewOfSection() acts on
PhysicalMemory
> > > > section object.
> > > > I can imagine that a similar problem may occur if memory being
mapped is
> > > > part of VGA hardware or any other PCI device that may provide a
> > > > range of physical memory.
> > > >
> > > > A workaround would be to use intermediate buffer allocated using
> > > > VirtualAlloc() but given high amounts of I/O we would prefer to
avoid
> > > > unnecessary copy operations.
> > > >
> > > > The ZwMapViewOfSection() usage is as follows:
> > > >
> > > > ZwMapViewOfSection (pDE->SectionHandle,
> > > > ClientProcess,
> > > > &virtualAddress,
> > > > 0L, // Zero bits
> > > > 0L, // Zero commit
> > > > &viewBase, // offset from
start of
> > section
> > > > &TotalLength,
> > > > ViewShare, // Inherit
disposition
> > > > 0x0, // Allocation type
> > > > PAGE_READWRITE // |
PAGE_NOCACHE
> > > > );
> > > >
> > > > Mapping does not fail.
> > > >
> > > > Has anyone got a clue to what may be the problem.
> > > >
> > > > –
> > > > ===========================================================
> > > > Ned Kacavenda - Software Development
> > > > Colorbus Pty Ltd
> > > > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > > > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > > > Email: xxxxx@colorbus.com.au
> > > > web : http://www.colorbus.com http:</http:>
> > > > ===========================================================
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as:
xxxxx@colorbus.com.au
> > > > To unsubscribe send a blank email to %%email.unsub%%
> > >
> > > –
> > > ===========================================================
> > > Ned Kacavenda - Software Development
> > > Colorbus Pty Ltd
> > > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > > Email: xxxxx@colorbus.com.au
> > > web : http://www.colorbus.com http:</http:>
> > > ===========================================================
> > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > To unsubscribe send a blank email to %%email.unsub%%
> > >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > To unsubscribe send a blank email to %%email.unsub%%
>
> –
> ===========================================================
> Ned Kacavenda - Software Development
> Colorbus Pty Ltd
> 1044 Dandenong Road Carnegie Victoria 3163 Australia
> Direct +61 3 8574 8023, Main +61 3 8574 8000
> Email: xxxxx@colorbus.com.au
> web : http://www.colorbus.com http:</http:>
> ===========================================================
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>

>> part of VGA hardware or any other PCI device that may provide a range of
physical memory.

Thats why you have MmMapIoSpace().

----- Original Message -----
From: “Ned Kacavenda”
To: “NT Developers Interest List”
Sent: Wednesday, August 28, 2002 10:09 AM
Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
2K

> Exception code is 0xC0000005 which is access violation.
>
> Additional information from EXCEPTION_RECORD gave
> address where this occured at somewhere at 0x81nnnnn, did not
> record full address. I suspect it is the execution code address.
> NumberParameters in record was zero and so ExceptionInformation
> was useless, despite microsoft doco explicitly indication that for
> access violation there should be 2 entries in this array. Array had
> meaningless random data in it.
>
> I attempted to start fresh with checked build of NT but had no luck
> with setting up our (very complex) software on it so as to repat
> the exercise. In the end I was defeated by third pary drivers
> and associated software that would not work on checked build.
> Even the sysinternals DBGVIEW.EXE utility would not run on the
> checked build of Win2K. DBGVIEW bluescreened the system
> immedeately.
>
> ned.
>
>
>
> Dan Partelly wrote:
>
> > Give me please the exception code.
> >
> > ----- Original Message -----
> > From: “Ned Kacavenda”
> > To: “NT Developers Interest List”
> > Sent: Tuesday, August 27, 2002 9:05 AM
> > Subject: [ntdev] Re: Unable to ReadFile() to physical memory section
under
> > 2K
> >
> > > Problem update:
> > >
> > > The problem has been found to cause another symptom that is consistent
> > with
> > > ReadFile() failure.
> > >
> > > Referring to scenario 2 in my previous posting a virtual memory range
is
> > > created using multiple sections of physical memory.
> > > This virtual memory range is to be locked in our kernel driver to do
> > > output on our hardware. I/O is done using METHOD_NEITHER.
> > > Kernel driver creates MDL for this memory range and does a
> > > MmProbeAndLockPages() so that memory is
> > > a) locked down and
> > > b) we can determine physical page addresses for Dma scatter/gather
> > > chains
> > >
> > > The MmProbeAndLockPages() throws an exception which we catch.
> > >
> > > This behavior does not occur with NT4 and is almost certainly
responsible
> > > for ReadFile() failure. ReadFile on file system devices would almost
> > > certainly use METHOD_DIRECT which implies it would also create
> > > and MDL and do a lock.
> > >
> > > Hope this update helps.
> > >
> > > ned
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Ned Kacavenda wrote:
> > >
> > > > I get an error, ERROR_INVALID_USER_BUFFER when a ReadFile
> > > > is invoked to virtual memory buffer that is it self mapped to
process
> > > > space from physical memory outside Windows NT.
> > > > This problem does not exist in NT4 but is a problem in 2K.
> > > >
> > > > There are two scenarios:
> > > >
> > > > 1. A contiguous range of physical memory is mapped into a process
space
> > > > using ZwMapViewOfSection(). ReadFile() to mapped virtual memory
> > > > does NOT fail.
> > > >
> > > > 2. A contiguous range of VIRTUAL memory in a process space is
composed
> > > > from two or more segments of physical memory that are discontiguous.
> > > > ZwMapViewOfSection() is used to do this.
> > > > ReadFile() to this mapped virtual memory range fails with
> > > > ERROR_INVALID_USER_BUFFER.
> > > >
> > > > Now, the problem occurs under Win2K but not under NT4. NT4 has
> > > > has SP5 as SP6 causes problems for us in relation to memory
management.
> > > >
> > > > The physical memory is reserved away from NT by using /MAXMEM=nnn
> > > > switch in BOOT.INI. The ZwMapViewOfSection() acts on
PhysicalMemory
> > > > section object.
> > > > I can imagine that a similar problem may occur if memory being
mapped is
> > > > part of VGA hardware or any other PCI device that may provide a
> > > > range of physical memory.
> > > >
> > > > A workaround would be to use intermediate buffer allocated using
> > > > VirtualAlloc() but given high amounts of I/O we would prefer to
avoid
> > > > unnecessary copy operations.
> > > >
> > > > The ZwMapViewOfSection() usage is as follows:
> > > >
> > > > ZwMapViewOfSection (pDE->SectionHandle,
> > > > ClientProcess,
> > > > &virtualAddress,
> > > > 0L, // Zero bits
> > > > 0L, // Zero commit
> > > > &viewBase, // offset from
start of
> > section
> > > > &TotalLength,
> > > > ViewShare, // Inherit
disposition
> > > > 0x0, // Allocation type
> > > > PAGE_READWRITE // |
PAGE_NOCACHE
> > > > );
> > > >
> > > > Mapping does not fail.
> > > >
> > > > Has anyone got a clue to what may be the problem.
> > > >
> > > > –
> > > > ===========================================================
> > > > Ned Kacavenda - Software Development
> > > > Colorbus Pty Ltd
> > > > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > > > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > > > Email: xxxxx@colorbus.com.au
> > > > web : http://www.colorbus.com http:</http:>
> > > > ===========================================================
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as:
xxxxx@colorbus.com.au
> > > > To unsubscribe send a blank email to %%email.unsub%%
> > >
> > > –
> > > ===========================================================
> > > Ned Kacavenda - Software Development
> > > Colorbus Pty Ltd
> > > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > > Email: xxxxx@colorbus.com.au
> > > web : http://www.colorbus.com http:</http:>
> > > ===========================================================
> > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > To unsubscribe send a blank email to %%email.unsub%%
> > >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > To unsubscribe send a blank email to %%email.unsub%%
>
> –
> ===========================================================
> Ned Kacavenda - Software Development
> Colorbus Pty Ltd
> 1044 Dandenong Road Carnegie Victoria 3163 Australia
> Direct +61 3 8574 8023, Main +61 3 8574 8000
> Email: xxxxx@colorbus.com.au
> web : http://www.colorbus.com http:</http:>
> ===========================================================
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>

Dan Partelly wrote:

Pretty interesting.
The two problems you describe are remotely linked to each other.
What you could do here is:

1. Dump the process VAD trees and see if what you think is contigous virtual
   memory it
   is really so. You say “using multiple sections”, and I dont really
   understand what you mean.
   Multiple subsequent calls to ZwMapView…() to map pieces of physicall
   memory into
   the address space contigous , one after another ? One impact of this is that
   it would result in multiple VADs. Now as I see it, this indeed can cause
   problems , (this is an educated guess,
   but ill verify it in the debugger), since the OS might see that you give a
   buffer which is bigger than the virtual memory described by the first walked
   VAD which suposedly should describe user space virtual memory which contains
   the whole buffer.

How is VAD tree dumped? Assuming win32 space the developer studio has no
such capability.

By “multiple sections” I mean this:

create a contiguous virtual memory range in a win32 process by using 2 or more
ZwMapViewOfSection() calls, nominating desired virtual address points in
user space and using physical memory adress ranges to satisfy this. Effectively
a contiguous virtual memory range is composed from chunks of physical memory.
This is similar to what NT virtual memory management does with 4K pages.
Effectively we have a ‘virtual’ memory management system that manages a pool
of memory, with min granularity of 128Kb.

Now, you say that multiple VADs are likely culprit but note following behavior:

We choose to manage portion of physical memory section in this exercise, yet
our implementation does not care whether memory section is from “PhysicalMemory”
or from a win32 unnamed file mapping object using CreateFileMapping() api.
The same exercise repeated with a win32 CreateFileMapping() object
does not have trouble with contiguous virtual memory range created from multiple
segments of file mapping.

Ultimately if I am able to paste together a virtual memory range from ‘bits’ of
file mapping then that range, given that I was allowed to create it, should be
usable in MmProbeAndLock operations, otherwise I must make sure that all
I/O and any operations that invoke MmProbeAndLock() are fully aware of
how the virtual memory range was constructed. This is a huge ask.

You may say, use Win32 file section but that is exactly what we have been
doing until we collided with NT memory management changes in Nt4SP6,
changes that are natural parto of Win2K and WinXP. So, we were forced
to resort to “PhysicalMemory” section access by reserving some with
/MAXMEM option. In the days of EISA based systems and NT3.51 we
actually had hardware that carried 128MB of memory on an EISA card
which we could manage as we are attempting to now with system ram,
and we had no trouble doing ReadFile/WriteFile.

Final item of information that may help you is that mapping that is being
done to create a virtual memory range may be done by process A for mapping
into process A but also it is done into any nominated process. Essentially,
process A is the ‘memory manager’ for several other processes.
Candidate virtual address range for a process is ‘picked’ by kernel driver
executing following two steps:

1. Using ZwVirtualAlloc to allocate a full range of virtual memory in
   designated process space. This provides a virtual address that may be
   used.
2. Free same virtual memory so that we can reuse same range for ZwMap…()

If by chance virtual memory got reallocated to some other thread then process is
repeated.

Our usage of undocumented api is forced because alternatives we have tried
are far inferior. We justify this decision by virtue of the fact our systems are
built in-house, on a specific, validated version of NT, and are thus under
our control. We are not likely to cause a headache for someone out there
that may try and install this on some future version of NT.

2. Trace into MmProbeAndLockPages() and see where it faults. What im
   interested here is mainly whatever the fault is in MmProbeAndLockPages() or
   in any API (mainly if its inside MmAccessFault() or not) which
   MmProbeAndLock() may call.

I will work towards this but it will take a little time.

If you provide me this information I would be happy to look into this
problem for you, yet
I dont think what you are trying to do is legal. Will see.

Ciao, Dan

–

Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>

>> How is VAD tree dumped?

In Windbg , using and !vad extension.

Yet to get to point of using a debugger but a significant
discovery (I think) is that WriteFile() does not fail but
ReadFile() does. I/O was requested as a single 3MB
write or read operation.

I created a 3MB virtual memory area which was composed
of 3 x 1 MB discontiguous physical memory blocks.

Will continue tomorrow.

ned

Dan Partelly wrote:

>> How is VAD tree dumped?

In Windbg , using and !vad extension.

---

You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
To unsubscribe send a blank email to %%email.unsub%%

–

Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>

SATUS_INVALID_USER_BUFFER is raised by the Cc manager, in the fast IO path
if the user buffer cant be accessed whithout causing access violations. The
DDK headers dont talk much about it, but its raughly an equivalent of
STATUS_ACCESS_VIOLATION.

Dan

----- Original Message -----
From: “Ned Kacavenda”
To: “NT Developers Interest List”
Sent: Thursday, August 29, 2002 10:18 AM
Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
2K

> Yet to get to point of using a debugger but a significant
> discovery (I think) is that WriteFile() does not fail but
> ReadFile() does. I/O was requested as a single 3MB
> write or read operation.
>
> I created a 3MB virtual memory area which was composed
> of 3 x 1 MB discontiguous physical memory blocks.
>
>
> Will continue tomorrow.
>
> ned
>
> Dan Partelly wrote:
>
> > >> How is VAD tree dumped?
> >
> > In Windbg , using and !vad extension.
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > To unsubscribe send a blank email to %%email.unsub%%
>
> –
> ===========================================================
> Ned Kacavenda - Software Development
> Colorbus Pty Ltd
> 1044 Dandenong Road Carnegie Victoria 3163 Australia
> Direct +61 3 8574 8023, Main +61 3 8574 8000
> Email: xxxxx@colorbus.com.au
> web : http://www.colorbus.com http:</http:>
> ===========================================================
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>

So, the question is: is the whole virtual memeory area accessible for writes
?

Dan

----- Original Message -----
From: “Ned Kacavenda”
To: “NT Developers Interest List”
Sent: Thursday, August 29, 2002 10:18 AM
Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
2K

> Yet to get to point of using a debugger but a significant
> discovery (I think) is that WriteFile() does not fail but
> ReadFile() does. I/O was requested as a single 3MB
> write or read operation.
>
> I created a 3MB virtual memory area which was composed
> of 3 x 1 MB discontiguous physical memory blocks.
>
>
> Will continue tomorrow.
>
> ned
>
> Dan Partelly wrote:
>
> > >> How is VAD tree dumped?
> >
> > In Windbg , using and !vad extension.
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > To unsubscribe send a blank email to %%email.unsub%%
>
> –
> ===========================================================
> Ned Kacavenda - Software Development
> Colorbus Pty Ltd
> 1044 Dandenong Road Carnegie Victoria 3163 Australia
> Direct +61 3 8574 8023, Main +61 3 8574 8000
> Email: xxxxx@colorbus.com.au
> web : http://www.colorbus.com http:</http:>
> ===========================================================
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>

Yes it is.

In a test I inserted a loop that walked the memory pointed to
by passed in virtual memory pointer just prior to MmProbeAndlLockPages(). I accessed each 4K page and there
was no access violation. This is in context of the process
thread. I will do more investigating today.

ned

Dan Partelly wrote:

So, the question is: is the whole virtual memeory area accessible for writes
?

Dan

----- Original Message -----
From: “Ned Kacavenda”
> To: “NT Developers Interest List”
> Sent: Thursday, August 29, 2002 10:18 AM
> Subject: [ntdev] Re: Unable to ReadFile() to physical memory section under
> 2K
>
> > Yet to get to point of using a debugger but a significant
> > discovery (I think) is that WriteFile() does not fail but
> > ReadFile() does. I/O was requested as a single 3MB
> > write or read operation.
> >
> > I created a 3MB virtual memory area which was composed
> > of 3 x 1 MB discontiguous physical memory blocks.
> >
> >
> > Will continue tomorrow.
> >
> > ned
> >
> > Dan Partelly wrote:
> >
> > > >> How is VAD tree dumped?
> > >
> > > In Windbg , using and !vad extension.
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> > > To unsubscribe send a blank email to %%email.unsub%%
> >
> > –
> > ===========================================================
> > Ned Kacavenda - Software Development
> > Colorbus Pty Ltd
> > 1044 Dandenong Road Carnegie Victoria 3163 Australia
> > Direct +61 3 8574 8023, Main +61 3 8574 8000
> > Email: xxxxx@colorbus.com.au
> > web : http://www.colorbus.com http:</http:>
> > ===========================================================
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@colorbus.com.au
> To unsubscribe send a blank email to %%email.unsub%%

–
===========================================================
Ned Kacavenda - Software Development
Colorbus Pty Ltd
1044 Dandenong Road Carnegie Victoria 3163 Australia
Direct +61 3 8574 8023, Main +61 3 8574 8000
Email: xxxxx@colorbus.com.au
web : http://www.colorbus.com http:</http:>
===========================================================