Windows MM related doubt

I am trying to understand finer details of windows memory management. I
assigned an invalid physical address to a PTE and then accessed that memory
in my DriverEntry function (code below):

ULONG *pPTE = (ULONG *)0xC0000048;
*pPTE = 0x3FFFF067; // physical PFN way bigger than the amount of RAM in my
system
ULONG *pAddress = (ULONG *)0x12345;
*pAddress = 0x55;

I was thinking that it would crash the system, but it didn’t. Am i missing
something here? Wouldn’t the code above cause processor to get an invalid
physical address when it tries to translate the logical address 0x12345 to
physical address and reads PTE entry?


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

Read the PCI book about how the invalid bus transactions are handled.
Sometimes they cause the so-called “master abort” and thus a NMI crash,
sometimes they just read the junk or no-op the write.

This is not a CPU issue. This is a bus/chipset issue.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Pankaj Garg”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Sunday, October 31, 2004 1:38 AM
Subject: [ntdev] Windows MM related doubt

> I am trying to understand finer details of windows memory management. I
> assigned an invalid physical address to a PTE and then accessed that memory
> in my DriverEntry function (code below):
>
> ULONG *pPTE = (ULONG *)0xC0000048;
> *pPTE = 0x3FFFF067; // physical PFN way bigger than the amount of RAM in my
> system
> ULONG *pAddress = (ULONG *)0x12345;
> *pAddress = 0x55;
>
> I was thinking that it would crash the system, but it didn’t. Am i missing
> something here? Wouldn’t the code above cause processor to get an invalid
> physical address when it tries to translate the logical address 0x12345 to
> physical address and reads PTE entry?
>
> –
> Pankaj Garg
> This posting is provided “AS IS” with no warranties and confers no rights.
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Ok, first of all, this has nothing to do with Windows, or in fact the
memory managment unit. The behaviour of what you’re doing is entirely
dependant on which chipset you have, and most likely also how the chipset
is configured. This means that there is no definite answer to “what
happens” when you do this. On one machine, you may read back -1 if you were
to read *pAddress, on another machine you may get an NMI, on a third
machine you get some “random” data because it’s just chopping off any extra
bits on the top of the address and returning whatever memory address that
matches (so for instance, you may get page 0x0FFFFF000 if you have 256MB of
ram).

A third option is that there is no “timeout” on failed address fetch, which
would lock up the machine. I don’t think that happens on recent machines,
but certainly in earlier days of microprocessors, reading an invalid
address could cause the machine to “wait forever” for an acknowledge of the
read.

Of course, you’re also not guaranteed what “device” the read ends up on if
it’s a mismatched address. It’s most likely going to PCI bus if it’s not a
valid address on Memory or AGP. If the PCI bus doesn’t answer, it may also
end up in ISA-land if there is such a bus on the system. ISA doesn’t have
any “protection against stupid behaviour”, so it will just return whatever
is on the bus after the address phase is completed on a read, and just
write the data to the bus for write operations. However, many chipsets have
programmable features for “what region goes where”, to optimize operations
to certain buses without having to first go ask several other buses whether
this address is one for it, which means that the BIOS will be responsible
for configuring what happens with a physical specific address range.

To summarize, what happens when you write to a “unavailable address” is not
well-defined. It is certainly not a healthy thing to do, and you should not
attempt to do this.


Mats

xxxxx@lists.osr.com wrote on 10/30/2004 11:38:18 PM:

I am trying to understand finer details of windows memory management. I
assigned an invalid physical address to a PTE and then accessed that
memory
in my DriverEntry function (code below):

ULONG *pPTE = (ULONG *)0xC0000048;
*pPTE = 0x3FFFF067; // physical PFN way bigger than the amount of RAM in
my
system
ULONG *pAddress = (ULONG *)0x12345;
*pAddress = 0x55;

I was thinking that it would crash the system, but it didn’t. Am i
missing
something here? Wouldn’t the code above cause processor to get an invalid
physical address when it tries to translate the logical address 0x12345
to
physical address and reads PTE entry?


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no
rights.


Questions? First check the Kernel Driver FAQ at http://www.
osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

ForwardSourceID:NT000066EE

Thanks for the excellent explanation. I was not doing it for any production
work but was playing with windows page table management (like why Page
directory base is always mapped at 0xC0300000 etc.) to understand how it
works and how processor manage the page tables and came up with this doubt.


Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.

“Mats PETERSSON” wrote in message
news:xxxxx@ntdev…
>
>
>
>
>
> Ok, first of all, this has nothing to do with Windows, or in fact the
> memory managment unit. The behaviour of what you’re doing is entirely
> dependant on which chipset you have, and most likely also how the chipset
> is configured. This means that there is no definite answer to “what
> happens” when you do this. On one machine, you may read back -1 if you
were
> to read *pAddress, on another machine you may get an NMI, on a third
> machine you get some “random” data because it’s just chopping off any
extra
> bits on the top of the address and returning whatever memory address that
> matches (so for instance, you may get page 0x0FFFFF000 if you have 256MB
of
> ram).
>
> A third option is that there is no “timeout” on failed address fetch,
which
> would lock up the machine. I don’t think that happens on recent machines,
> but certainly in earlier days of microprocessors, reading an invalid
> address could cause the machine to “wait forever” for an acknowledge of
the
> read.
>
> Of course, you’re also not guaranteed what “device” the read ends up on if
> it’s a mismatched address. It’s most likely going to PCI bus if it’s not a
> valid address on Memory or AGP. If the PCI bus doesn’t answer, it may also
> end up in ISA-land if there is such a bus on the system. ISA doesn’t have
> any “protection against stupid behaviour”, so it will just return whatever
> is on the bus after the address phase is completed on a read, and just
> write the data to the bus for write operations. However, many chipsets
have
> programmable features for “what region goes where”, to optimize operations
> to certain buses without having to first go ask several other buses
whether
> this address is one for it, which means that the BIOS will be responsible
> for configuring what happens with a physical specific address range.
>
> To summarize, what happens when you write to a “unavailable address” is
not
> well-defined. It is certainly not a healthy thing to do, and you should
not
> attempt to do this.
>
> –
> Mats
>
> xxxxx@lists.osr.com wrote on 10/30/2004 11:38:18 PM:
>
> > I am trying to understand finer details of windows memory management. I
> > assigned an invalid physical address to a PTE and then accessed that
> memory
> > in my DriverEntry function (code below):
> >
> > ULONG *pPTE = (ULONG *)0xC0000048;
> > *pPTE = 0x3FFFF067; // physical PFN way bigger than the amount of RAM
in
> my
> > system
> > ULONG *pAddress = (ULONG *)0x12345;
> > *pAddress = 0x55;
> >
> > I was thinking that it would crash the system, but it didn’t. Am i
> missing
> > something here? Wouldn’t the code above cause processor to get an
invalid
> > physical address when it tries to translate the logical address 0x12345
> to
> > physical address and reads PTE entry?
> >
> > –
> > Pankaj Garg
> > This posting is provided “AS IS” with no warranties and confers no
> rights.
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at http://www.
> > osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@3dlabs.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> > ForwardSourceID:NT000066EE
>
>