heartofdra
驱动牛犊
驱动牛犊
  • 注册日期2003-03-11
  • 最后登录2016-09-21
  • 粉丝0
  • 关注0
  • 积分443分
  • 威望88点
  • 贡献值0点
  • 好评度43点
  • 原创分0分
  • 专家分0分
  • 社区居民
阅读:1475回复:0

DS:Continue(UseTransferSize); 的奇怪问题!

楼主#
更多 发布于:2007-10-24 07:57





现在在用DS3.2写一个 pci9054 的驱动, 其中包含了DMA。做此部分时,也主要是参考了武安和的例子。
  可是在DPC中 执行m_CurrentTransfer->Continue(UseTransferSize); 时,老是崩掉,用Windbg查看,都是DRIVER_IRQL_NOT_LESS_OR_EQUAL 的问题, 访问了nonpage的内存。

  此问题应该很多人都遇到了,比如:
  http://bbs.driverdevelop.com/htm_data/11/0405/67356.html
    此位实验出是 队列的 问题,用驱动程序管理的队列就会出错。

  我本想也试试系统管理的队列,但是应该是由于DS版本的问题,现在的DS3.2,如果在wizard中要指明用到Queue时,都是由驱动程序管理的,不然的话,假如在wizard指明不用queue生成的代码中,没有serialread serialwrite。所以现在陷入了两难,既无法实验上面那位的成果,现在的办法也走不通。


  下面附上出错的结果。

假若用 IRP的 MDL 做数据交换,则:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: D:\WINDOWS\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20
Debug session time: Mon Oct 22 23:41:40.886 2007 (GMT+8)
System Uptime: 0 days 0:40:17.396
Loading Kernel Symbols
...................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {9adc9f4c, 2, 0, 804efd80}


PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details
Probably caused by : pci9.sys ( pci9!KDmaAdapter::FlushBuffers+5d )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9adc9f4c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804efd80, address which referenced memory

Debugging Details:
------------------


PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffdf00c).  Type ".hh dbgerr001" for details

READ_ADDRESS:  9adc9f4c

CURRENT_IRQL:  2

FAULTING_IP:
nt!MmMapLockedPagesSpecifyCache+1de
804efd80 8b4f0c          mov    ecx,dword ptr [edi+0Ch]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  Test.exe

TRAP_FRAME:  f9947e38 -- (.trap 0xfffffffff9947e38)
ErrCode = 00000000
eax=8113dbf8 ebx=812860d8 ecx=833b93e8 edx=81000000 esi=00000163 edi=9adc9f40
eip=804efd80 esp=f9947eac ebp=f9947ed0 iopl=0        nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000            efl=00010246
nt!MmMapLockedPagesSpecifyCache+0x1de:
804efd80 8b4f0c          mov    ecx,dword ptr [edi+0Ch] ds:0023:9adc9f4c=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 804efd80 to 804e3158

STACK_TEXT:  
f9947e38 804efd80 badb0d00 81000000 81373b30 nt!KiTrap0E+0x233
f9947ed0 806ef786 812860f4 1f000000 c03e6b20 nt!MmMapLockedPagesSpecifyCache+0x1de
f9947ef4 806f0bd8 812860d8 8121fd00 00af6eb8 hal!HalpCopyBufferMap+0x24
f9947f24 f910f66d 01b83cd0 812860d8 8121fd01 hal!IoFlushAdapterBuffers+0xac
f9947f4c f910f57b 812860d8 8121fd01 00af6eb8 pci9!KDmaAdapter::FlushBuffers+0x5d [d:\program files\compuware\driverstudio\driverworks\include\kadapter.h @ 448]
f9947f88 f910e8a9 00000000 00000000 ffb80400 pci9!KDmaTransfer::CompleteLastTransfer+0x13d [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 775]
f9947fa0 f9105539 00000000 00000000 00000000 pci9!KDmaTransfer::Continue+0x19 [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 290]
f9947fbc f9103914 ffb800d8 00000000 00000000 pci9!pci9Device::IsrDpc+0x68 [e:\xxx\v5  07.10.15\pci9\driver\pci9device.cpp @ 1420]
f9947fd0 804dd179 ffb803b0 ffb800d8 00000000 pci9!pci9Device::IsrDpcLINK+0x14 [e:\xxx\v5  07.10.15\pci9\driver\pci9device.h @ 38]
f9947ff4 804dce2d f0073d54 00000000 00000000 nt!KiRetireDpcList+0x46
f9947ff8 f0073d54 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING: Frame IP not in any known module. Following frames may be wrong.
804dce2d 00000000 00000009 bb835675 00000128 0xf0073d54


STACK_COMMAND:  kb

FOLLOWUP_IP:
pci9!KDmaAdapter::FlushBuffers+5d [d:\program files\compuware\driverstudio\driverworks\include\kadapter.h @ 448]
f910f66d 8be5            mov    esp,ebp

FAULTING_SOURCE_CODE:  
  444:         MapRegisterBase,
  445:         CurrentVa,
  446:         Length,
  447:         WriteToDevice);
>  448: }
  449:
  450: #if _WDM_ && !defined VXD_COMPATLIB
  451: inline NTSTATUS KDmaAdapter::GetScatterGatherList(
  452:         PDEVICE_OBJECT DeviceObject,
  453:         PMDL Mdl,


SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  pci9!KDmaAdapter::FlushBuffers+5d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: pci9

IMAGE_NAME:  pci9.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  471cb9fd

FAILURE_BUCKET_ID:  0xA_pci9!KDmaAdapter::FlushBuffers+5d

BUCKET_ID:  0xA_pci9!KDmaAdapter::FlushBuffers+5d

Followup: MachineOwner
---------



假如用KCommonDmaBuffer 做缓冲区,则会:

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: D:\WINDOWS\Symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055bb20
Debug session time: Wed Oct 24 04:51:18.648 2007 (GMT+8)
System Uptime: 0 days 0:02:18.158
Loading Kernel Symbols
........................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Loading unloaded module list
...
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {f9a92eb8, 2, 1, f911154a}


PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Probably caused by : pci9.sys ( pci9!KDmaTransfer::CompleteLastTransfer+16c )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: f9a92eb8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: f911154a, address which referenced memory

Debugging Details:
------------------


PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details

PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details

WRITE_ADDRESS:  f9a92eb8

CURRENT_IRQL:  2

FAULTING_IP:
pci9!KDmaTransfer::CompleteLastTransfer+16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f911154a f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Test.exe

TRAP_FRAME:  f9947ef4 -- (.trap 0xfffffffff9947ef4)
ErrCode = 00000002
eax=00000400 ebx=00000400 ecx=00000100 edx=ff9223d8 esi=811cc800 edi=f9a92eb8
eip=f911154a esp=f9947f68 ebp=f9947f88 iopl=0        nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000            efl=00010206
pci9!KDmaTransfer::CompleteLastTransfer+0x16c:
f911154a f3a5            rep movs dword ptr es:[edi],dword ptr [esi] es:0023:f9a92eb8=???????? ds:0023:811cc800=00000000
Resetting default scope

LAST_CONTROL_TRANSFER:  from f911154a to 804e3158

STACK_TEXT:  
f9947ef4 f911154a badb0d00 ff9223d8 f910178c nt!KiTrap0E+0x233
f9947f88 f91108d9 00000000 00000000 ff9223d8 pci9!KDmaTransfer::CompleteLastTransfer+0x16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f9947fa0 f9105589 00000000 00000000 00000000 pci9!KDmaTransfer::Continue+0x19 [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 290]
f9947fbc f9103974 81194bb8 00000000 00000000 pci9!pci9Device::IsrDpc+0x68 [e:\xxx\pci10\driver\pci9device.cpp @ 1431]
f9947fd0 804dd179 81194e90 81194bb8 00000000 pci9!pci9Device::IsrDpcLINK+0x14 [e:\xxx\pci10\driver\pci9device.h @ 38]
f9947ff4 804dce2d f042c5d4 00000000 00000000 nt!KiRetireDpcList+0x46
f9947ff8 f042c5d4 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a
WARNING: Frame IP not in any known module. Following frames may be wrong.
804dce2d 00000000 00000009 bb835675 00000128 0xf042c5d4


STACK_COMMAND:  kb

FOLLOWUP_IP:
pci9!KDmaTransfer::CompleteLastTransfer+16c [d:\program files\compuware\driverstudio\driverworks\source\kdmaxfer.cpp @ 778]
f911154a f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

FAULTING_SOURCE_CODE:  
  774:     // common buffer into client memory.
  775:     if ( m_pCommonBuffer )
  776:     {
  777:         if ( m_dir == FromDeviceToMemory )
>  778:             RtlCopyMemory(m_pCurrentVa, m_pCommonBuffer->VirtualAddress(), nTransferred);
  779:     }
  780:
  781:     m_pCurrentVa = (PVOID) ((PCHAR)m_pCurrentVa + nTransferred);
  782:     m_nBytesLeft -= nTransferred;
  783:


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  pci9!KDmaTransfer::CompleteLastTransfer+16c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: pci9

IMAGE_NAME:  pci9.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  471e5d80

FAILURE_BUCKET_ID:  0xD1_W_pci9!KDmaTransfer::CompleteLastTransfer+16c

BUCKET_ID:  0xD1_W_pci9!KDmaTransfer::CompleteLastTransfer+16c

Followup: MachineOwner
---------


游客

返回顶部