Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Monthly Seminars at OSR Headquarters

East Coast USA
Windows Internals and SW Drivers, Dulles (Sterling) VA, 13 November 2017

Kernel Debugging & Crash Analysis for Windows, Nashua (Amherst) NH, 4 December 2017

Writing WDF Drivers I: Core Concepts, Nashua (Amherst) NH, 8 January 2018

WDF Drivers II: Advanced Implementation Techniques, Nashua (Amherst) NH, 15 January 2018


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 7  
01 Nov 17 16:27
Takin Nili-Esfahani
xxxxxx@hotmail.com
Join Date: 01 Nov 2017
Posts To This List: 1
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

My question is about this blurb from MSDN: ///////////////////////////////////////////////////////////////////// MmMapLockedPagesSpecifyCache If AccessMode is UserMode, be aware of the following details: The routine returns a user address that is valid in the context of the process in which the driver is running. For example, if a 64-bit driver is running in the context of a 32-bit application, the buffer is mapped to an address in the 32-bit address range of the application. MmUnmapLockedPages Note that if the call to MmMapLockedPages or MmMapLockedPagesSpecifyCache specified user mode, the caller must be in the context of the original process before calling MmUnmapLockedPages. This is because the unmapping operation occurs in the context of the calling process, and, if the context is incorrect, the unmapping operation could delete the address range of a random process. ///////////////////////////////////////////////////////////////////// What are the side-effects of not calling MmUnmapLockedPages? Lets assume that MmUnlockPages was already called from another thread and calling MmUnmapLockedPages would cause a system crash. If we can safely detect this case, avoiding the call to MmUnmapLockedPages would save us from the crash but could be considered a resource leak. Is it though? What kind of resources? I realize that I have a design problem. I just want to know how to measure the impact and prioritize.
  Message 2 of 7  
02 Nov 17 02:50
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11654
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

On Nov 1, 2017, at 1:27 PM, xxxxx@hotmail.com <xxxxx@lists.osr.com> = wrote: >=20 > What are the side-effects of not calling MmUnmapLockedPages? Physical memory leak. Those pages could never be used again, even = though the process they belonged to is gone. > Lets assume that MmUnlockPages was already called from another thread = and calling MmUnmapLockedPages would cause a system crash. If we can = safely detect this case, avoiding the call to MmUnmapLockedPages would = save us from the crash but could be considered a resource leak. Is it = though? What kind of resources? Physical memory, which matters. If you can safely detect this case, the = RIGHT answer is to force a switch to the original process and unmap. > I realize that I have a design problem. How can you possibly get into a situation where you cannot undo what you = have done? =E2=80=94=20 Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
  Message 3 of 7  
02 Nov 17 04:06
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 4398
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

To begin with, the approach that you are speaking about (i.e.mapping an MDL that describes kernel-allocated pages into the userland) is not the best one under Windows due to security considerations, although this is basically the way other OSes implement mmap() in drivers. If you want to share memory between an app and a driver under Windows it is better to do it the other way around, i.e. to map an MDL that describes a userland buffer into the kernel address space. If you do it the way you have described both mapping and unmapping should be done in response to IOCTL that a driver gets in context of the target app. Therefore, as long as your driver knows what it is doing, the scenario that you have described just cannot occur. At the same time you are, indeed, going to get an absolutely unnecessary headache, and will have to worry about quite a few extra things that mapping a userland buffer into the kernel address space would spare you from.... Anton Bassov
  Message 4 of 7  
03 Nov 17 11:25
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 207
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

<QUOTE> What are the side-effects of not calling MmUnmapLockedPages? </QUOTE> On the process termination the system will try to free(unmap) the related VAD and remove physical to virtual mappings which decrements PFN shared count. This is nearly equivalent to a call to MmUnmapLockedPages which also removes VAD and decrements PFN shared count. Anyway, I am afraid that such design might result in some sort of a resource leak or system crash.
  Message 5 of 7  
03 Nov 17 15:49
Mikae
xxxxxx@yahoo.com
Join Date: 17 Feb 2011
Posts To This List: 359
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

>or system crash There should be PROCESS_HAS_LOCKED_PAGES bug check: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x76 --process-has-locked-pages
  Message 6 of 7  
04 Nov 17 05:24
Slava Imameev
xxxxxx@hotmail.com
Join Date: 13 Sep 2013
Posts To This List: 207
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

<QUOTE> There should be PROCESS_HAS_LOCKED_PAGES bug check: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x76 --process-has-locked-pages </QUOTE> I believe no. The pages are not locked. They are mapped but not locked as MmUnlockPages was called so Process->NumberOfLockedPages is 0.
  Message 7 of 7  
08 Nov 17 15:50
Pavel Lebedinsky
xxxxxx@microsoft.com
Join Date: 24 Feb 2009
Posts To This List: 313
MmMapLockedPagesSpecifyCache and MmUnmapLockedPages

You will not get that specific bugcheck, but it's still illegal to call MmU= nlockPages before MmUnmapLockedPages. After the pages are unlocked the memo= ry manager can trim and repurpose them, so you may end up with PTEs pointin= g to pages that are now owned by somebody else. If the mapping is a user ma= pping, that's a security hole. It can also cause random corruptions if the = new owner maps the pages with a different caching type. -----Original Message----- From: xxxxx@lists.osr.com [mailto:bounce-641099-41873@lists.o= sr.com] On Behalf Of xxxxx@hotmail.com Sent: Saturday, November 4, 2017 2:24 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] MmMapLockedPagesSpecifyCache and MmUnmapLockedPages <QUOTE> There should be PROCESS_HAS_LOCKED_PAGES bug check </QUOTE> I believe no. The pages are not locked. They are mapped but not locked as M= mUnlockPages was called so Process->NumberOfLockedPages is 0.=20
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 00:34.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license