Why always check for a MDL first provided that a system buffer is available?

Microsoft published a series of ppt files on minifilter; one of them is titled as “Accessing User Buffers”, and its file name is buffermanagement.ppt.

On page 11, the ppt says:

/*
Buffer Address vs. MDL.

You can have the following combinations of the two: MDL only (typically on paging IO), Buffer Address only, Buffer Address and MDL

Always check for a MDL first

If it has one, get a system address for it and use that.
*/

I think the ppt’s suggestion is wrong.

1, If FLTFL_CALLBACK_DATA_SYSTEM_BUFFER is set, the system buffer is guaranteed to be in the nonpaged pool. So we can access them at any IRQL.

2, If we use mdl, then we must call MmGetSystemAddressForMdlSafe() which is expensive and may be failed, because it demands for precious PTEs.

So, I think the correct suggestion should be the following:

Always check to see if FLTFL_CALLBACK_DATA_SYSTEM_BUFFER is set.

Am I right?

corrections?

Always check to see if FLTFL_CALLBACK_DATA_SYSTEM_BUFFER is set first. If set, then directly use the system buffer; if not set, then check to see if the mdl is set.

Am I right?

In general for IO pathways in filesystem filter drivers you have either:

  1. A top level access from user mode and you are given only a pointer to
    a user buffer. In this case you need to probe and lock the pages, etc.
    before accessing them.

  2. You are in the paging pathway and you are given an MDL.

In this situation it is better to check first for the MDL and then
fallback to the user buffer. While the SystemBuffer may be set in some
cases this will not be the typical case. As well, I would suspect in the
cases that the SystemBuffer is set, it is mapped from the Mdl so
retrieving the system address from the Mdl is trivial and not expensive.
Of course in the case where there is a SystemBuffer and no Mdl then
using the SystemBuffer first is the way to go.

Pete

On 9/19/2012 4:14 PM, xxxxx@gmail.com wrote:

Microsoft published a series of ppt files on minifilter; one of them is titled as “Accessing User Buffers”, and its file name is buffermanagement.ppt.

On page 11, the ppt says:

/*
Buffer Address vs. MDL.

You can have the following combinations of the two: MDL only (typically on paging IO), Buffer Address only, Buffer Address and MDL

Always check for a MDL first

If it has one, get a system address for it and use that.
*/

I think the ppt’s suggestion is wrong.

1, If FLTFL_CALLBACK_DATA_SYSTEM_BUFFER is set, the system buffer is guaranteed to be in the nonpaged pool. So we can access them at any IRQL.

2, If we use mdl, then we must call MmGetSystemAddressForMdlSafe() which is expensive and may be failed, because it demands for precious PTEs.

So, I think the correct suggestion should be the following:

Always check to see if FLTFL_CALLBACK_DATA_SYSTEM_BUFFER is set.

Am I right?


NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295