Driver verifier says "MmMapIoSpace called without locking MDL pages" - how to fix?

Discussion in 'Windows Vista Drivers' started by Mattias, Sep 10, 2007.

  1. Mattias

    Mattias Guest

    Hi all,

    Running the driver verifier, we are getting bug check 0xC4 with sub
    code 0x83. The documentation describes this as: "The driver called
    MmMapIoSpace without having locked down the MDL pages."

    First of all, what MDL pages are being referenced here? MmMapIoSpace
    takes no MDL as argument.

    KB article Q189327 ( gives the
    following example:

    MmMapIoSpace Method
    This method shows how to map memory in the process system address
    space and in the process user address space.
    1. Get the translated physical address of the adapter memory
    2. Map the memory into nonpaged system address space as follows:
    SystemVirtualAddress = MmMapIoSpace(PhysicalAddress, SizeofMemory,
    3. Allocate an Mdl:
    Mdl = IoAllocateMdl(SystemVirtualAddress, SizeOfMemory, FALSE, FALSE,
    4. Build the MDL to describe the memory pages:
    5. Map the memory into the process's user-space using
    MmMapLockedPages. Because there is an inconsistency in the return
    value of this function between pre-SP4 and post-SP4 releases of
    Windows NT, use the following statement to make this code compatible
    with all versions of Windows NT:
    UserVirtualAddress = (PVOID)(((ULONG)PAGE_ALIGN(MmMapLockedPages(Mdl,
    Mode))) + MmGetMdlByteOffset(Mdl));

    Note how, in the example, the pages are not locked down until *after*
    MmMapIoSpace has been called. Also, the only MDLs that are created are
    created after the MmMapIoSpace call.

    Ultimately my question is, how can we fix our code so that the driver
    verifier is not triggered on the call to MmMapIoSpace? We are using
    the function to read a system RAM range that was initialized in real
    mode before Windows starts. This works fine in production. It
    sometimes works with the driver verifier enabled, but not always.
    Mattias, Sep 10, 2007
    1. Advertisements

  2. If the physical address passed to MmMapIoSpace resides in
    system RAM it needs to be locked down - for example, using
    MmProbeAndLockPages. This is necessary to make sure the
    OS doesn't give these physical pages to somebody else.

    The KB article you mention is about mapping video RAM so
    there is no need to lock it.

    In your case you probably need to use /MAXMEM boot switch
    to prevent the OS from using the memory you initialized before
    the OS started.
    Pavel Lebedinsky [MSFT], Sep 13, 2007
    1. Advertisements

  3. Mattias

    Mattias Guest

    MmProbeAndLockPages takes an MDL as argument. How can I create this
    MDL? IoAllocateMdl requires a virtual address, which I don't have (I
    would get that from MmMapIoSpace, but again that's the function that
    is failing, so that's a catch-22).
    Mattias, Sep 17, 2007
  4. Right, that's why I mentioned the /MAXMEM switch. You can
    use it to reserve some memory at the top of the available PFN range,
    then map it with MmMapIoSpace.
    Pavel Lebedinsky [MSFT], Sep 19, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.