I am working on a 1394 Digital Camera driver, which is layered on top of Windows 1394 bus driver and OHCI 1394 port driver. When an image buffer is passed down to the lower drivers, two of the parameters are:
- RING3_ISOCH_DESCRIPTOR.ulLength: the size of the image buffer. ulLength is equal to ByteCount of the Mdl.
- RING3_ISOCH_DESCRIPTOR.nMaxBytesPerFrame: max number of bytes per isochronous packet. The max value of nMaxBytesPerFrame is 4096.
My tests have showed that ulLength must be greater than nMaxBytesPerFrame, otherwise I’ll get a bugcheck even when ulLength is equal to nMaxBytesPerFrame (WinDbg dump attached below). This restriction becomes a problem when small ROI (region of interest) is used.
Has anyone else encountered the same problem? What is the root cause of this problem (in 1394 bus driver and/or OHCI 1394 port driver???)? Is there any workaround (other than require the buffer size be greater than 4096)?
Any help, comment and suggestion are greatly appreciated. Thank you in advance.
Shuyu
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pagable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: f9b3acef, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 00000008
CURRENT_IRQL: 2
FAULTING_IP:
ohci1394!OhciCreateIsochDbDma+9dd
f9b3acef 895108 mov [ecx+0x8],edx
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: D1_W
TRAP_FRAME: ed4f6948 – (.trap ffffffffed4f6948)
ErrCode = 00000002
eax=81355000 ebx=81ad47e8 ecx=00000000 edx=00000000 esi=81355010 edi=81a9f178
eip=f9b3acef esp=ed4f69bc ebp=ed4f69fc iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ohci1394!OhciCreateIsochDbDma+9dd:
f9b3acef 895108 mov [ecx+0x8],edx
Resetting default context
LAST_CONTROL_TRANSFER: from f9b3aded to f9b3acef
STACK_TEXT:
ed4f6a64 f9b3aded 819ad468 819990b0 81a9f178 ohci1394!OhciCreateIsochDbDma+0x9dd
ed4f6a78 806bd8dc 81adc028 819ad468 819990b0 ohci1394!OhciGetIsochScatterGather+0x13
ed4f6a9c 806bda8a 00000000 81adc028 81313e90 hal!HalBuildScatterGatherList+0x19c
ed4f6acc f9b34942 81594698 81adc028 81313e90 hal!HalGetScatterGatherList+0x24
ed4f6b20 804ec217 81adc028 819ad468 00000103 ohci1394!OhciStartIo+0x7f0
ed4f6b40 f9b34e71 81adc028 819ad468 00000000 nt!IoStartPacket+0x7b
ed4f6b80 804eb3c1 81adc028 819ad468 814d5008 ohci1394!OhciIOCtl+0x3df
ed4f6b90 edf286ff edf28923 81318678 814d5008 nt!IopfCallDriver+0x31
ed4f6b94 edf28923 81318678 814d5008 819ad468 1394BUS!Bus1394IsochChainToPort+0x1b
ed4f6bb4 edf23f39 814d5008 819ad468 8197c5e8 1394BUS!Bus1394DispatchIsochRequest+0x35
ed4f6be4 804eb3c1 81318678 819ad468 8149a108 1394BUS!Bus1394IOCtl+0x2ad
ed4f6bf4 f328c28f 819d5780 00000000 813fe008 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
ed4f6c10 f328aecf 814d5008 813fe008 81ad47e8 cogdcam+0x528f
ed4f6c40 804eb3c1 8140f020 00001000 806bb2cc cogdcam+0x3ecf
ed4f6c50 805644d2 813fe0c0 81ac9dc8 813fe008 nt!IopfCallDriver+0x31
ed4f6c64 805651f6 8140f020 813fe008 81ac9dc8 nt!IopSynchronousServiceTail+0x5e
ed4f6d00 8055e288 00000590 00000544 00000000 nt!IopXxxControlFile+0x5a6
ed4f6d34 805306a4 00000590 00000544 00000000 nt!NtDeviceIoControlFile+0x28
ed4f6d34 7ffe0304 00000590 00000544 00000000 nt!KiSystemService+0xc9
025ffbc4 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4
FOLLOWUP_IP:
ohci1394!OhciCreateIsochDbDma+9dd
f9b3acef 895108 mov [ecx+0x8],edx
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: ohci1394!OhciCreateIsochDbDma+9dd
MODULE_NAME: ohci1394
IMAGE_NAME: ohci1394.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3d6ddc4f
STACK_COMMAND: .trap ffffffffed4f6948 ; kb
BUCKET_ID: 0xD1_W_ohci1394!OhciCreateIsochDbDma+9dd