MmProbeAndLockPages for user buffer pointer
rar...@gmail.com
Lets say I have to have a user pointer passed within a struct as
input to deviceiocontrol. I need to read stuff from this user pointer
location.
So within the driver dispatch handler I do the foll:
mdl = IoAllocateMdl(userBuf, userBufLen, FALSE, TRUE, NULL);
// Probe and lock within a try except loop
MmProbeAndLockPages(mdl, UserMode, IoReadAccess);
ASSUMING I never send the userBuf down to any other lower driver,
dpc or completion routines - can I read from userBuf pointer
directly within the dispatch handler ? .. Or do I still have
to call MmGetSystemAddressForMdlSafe and only access the
returned virtual address ?
I guess I am not entirely certain if the userBuf virtual address
is guaranteed to be valid with just doing a ProbeAndLock. Is there
any way this virtual address could become invalid ?
Also - can the contents of this userBuf be modified (say by another
"bad" thread in the calling process) while this userBuf is locked for
read
in such a manner ?
TIA
--ks
rar...@gmail.com
Lets say I have to have a user pointer passed within a struct as
input to deviceiocontrol:
So within the driver dispatch handler I do the foll:
mdl = IoAllocateMdl(userBuf, userBufLen, FALSE, TRUE, NULL);
// Probe and lock within a try except loop
MmProbeAndLockPages(mdl, UserMode, IoReadAccess);
Assuming I never send the userBuf down to any other lower driver,
dpc or completion routines - can I read from userBuf pointer
directly within the dispatch handler ? .. Or do I still have
to call MmGetSystemAddressForMdlSafe and only access the
returned virtual address ?
I guess I am not entirely certain if the userBuf virtual address
is guaranteed to be valid with just doing a ProbeAndLock. Is there
any way this virtual address could become invalid ?
Also - can the contents of this userBuf be modified (say by another
Maxim S. Shatskih
Irp->RequestorMode is the correct one.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
ma...@storagecraft.com
http://www.storagecraft.com
<rar...@gmail.com> wrote in message
news:bb925233-2175-4b0c...@e25g2000prg.googlegroups.com...
rar...@gmail.com
> UserMode is wrong parameter value for MmProbeAndLockPages.
>
> Irp->RequestorMode is the correct one.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
>
> <rar...@gmail.com> wrote in message
>
> news:bb925233-2175-4b0c...@e25g2000prg.googlegroups.com...
>
>
>
> > I have some doubts on mapping user pointers in the kernel -
>
> > Lets say I have to have a user pointer passed within a struct as
> > input to deviceiocontrol. I need to read stuff from this user pointer
> > location.
>
> > So within the driver dispatch handler I do the foll:
>
> > mdl = IoAllocateMdl(userBuf, userBufLen, FALSE, TRUE, NULL);
>
> > // Probe and lock within a try except loop
>
> > MmProbeAndLockPages(mdl, UserMode, IoReadAccess);
>
> > ASSUMING I never send the userBuf down to any other lower driver,
> > dpc or completion routines - can I read from userBuf pointer
> > directly within the dispatch handler ? .. Or do I still have
> > to call MmGetSystemAddressForMdlSafe and only access the
> > returned virtual address ?
>
> > I guess I am not entirely certain if the userBuf virtual address
> > is guaranteed to be valid with just doing a ProbeAndLock. Is there
> > any way this virtual address could become invalid ?
>
> > Also - can the contents of this userBuf be modified (say by another
> > "bad" thread in the calling process) while this userBuf is locked for
> > read
> > in such a manner ?
>
> > TIA
>
> - Show quoted text -
OK .. valid point. However, if you assume this is the highest driver
in the stack and the Irp->RequestorMode is UserMode ...what then ?
Thanks
--ks
Tim Roberts
>
>Lets say I have to have a user pointer passed within a struct as
>input to deviceiocontrol:
>
>So within the driver dispatch handler I do the foll:
>
> mdl = IoAllocateMdl(userBuf, userBufLen, FALSE, TRUE, NULL);
>
> // Probe and lock within a try except loop
>
> MmProbeAndLockPages(mdl, UserMode, IoReadAccess);
>
>
>Assuming I never send the userBuf down to any other lower driver,
>dpc or completion routines - can I read from userBuf pointer
>directly within the dispatch handler ? .. Or do I still have
>to call MmGetSystemAddressForMdlSafe and only access the
>returned virtual address ?
>
>I guess I am not entirely certain if the userBuf virtual address
>is guaranteed to be valid with just doing a ProbeAndLock.
There is no guarantee. The MEMORY will stay valid. The ADDRESS might not.
>Is there any way this virtual address could become invalid ?
Yes, there are several ways. For example, another thread in the process
could free the memory. The physical pages will stick around until you free
the MDL, and because of that the kernel address you get from
MmGetSystemAddressForMdl will stay valid, but the user address could go bad
at any time.
>Also - can the contents of this userBuf be modified (say by another
>thread in the calling process) while this userBuf is locked for read
>in such a manner ?
On all the processors where Windows currently runs, yes. However, it's not
good practice.
--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.
rar...@gmail.com
> Providenza & Boekelheide, Inc.- Hide quoted text -
>
> - Show quoted text -
Thanks
--ks