Memory mapping on Windows Server 2003

TheMSsForum.com: The Microsoft Software Forum

Hi All,

I have a very strange problem that is showing up on Windows Server
2003. This problem can't be reproduced on NT4, 2000, or XP.

I have a small driver that maps an area of the paged pool into the
user address space of a process, as follows (error checking code
removed for clarity):

// Allocate the memory for the sharead buffer
pKernel = ExAllocatePool( PagedPool, dwMemSize );

// Next we allocate an MDL to describe the memory we will map
pMdl = IoAllocateMdl( pKernel, dwMemSize, FALSE, FALSE, NULL );

// This returns Void, but raises an exception, on error
MmProbeAndLockPages( pMdl, KernelMode, IoWriteAccess );

// Map the locked pages into User mode
pUser = MmMapLockedPagesSpecifyCache( pMdl, UserMode, MmCached,
NULL, FALSE,
NormalPagePriority );


And to free the shared buffer we have another function:
// Unmap the kernel buffer from User space
MmUnmapLockedPages( pUser, pMdl );

// Unlock the kernel buffer from memory
MmUnlockPages( pMdl );

// Free the MDL describing the memory
IoFreeMdl( pMdl );

Data gets written into the shared buffer in kernel mode, and is read
out in a user mode thread. Access to the buffer is protected by shared
synch. objects.

However, under high memory and disk loads, Windows 2003 is crashing in
very strange ways. Usually, it bugchecks in a system thread which is
trimming the working set of a process with:
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie:
calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 00000099, A PTE or PFN is corrupt
Arg2: 00000112, page frame number
Arg3: 00000000, current page state
Arg4: 00000000, 0

I can assure you that the unmap function is not being called before
the machine crashes.

I've also seem other strange crashes where whole pages of the kernel
virtual memory space seem to be being replaced with garbage. E.g. a
call to IoCallDriver was failing because the 4k page had been replaced
by 0x4141414141...

Another time the EPROCESS page was replaced with 0xcdcdcdcd...

Does anyone have any suggestions as to why this might be happening?
It's reproducable on several 2003 machines.

More importantly, how can I track down the source of the problem?
Driver verifier doesn't show up any problems...

Please help me!

Best Regards,
Otto
Top