mapping user-space memory into kernel, reading, crashing
mapping user-space memory into kernel, reading, crashing
- Subject: mapping user-space memory into kernel, reading, crashing
- From: "Paul R.Potts" <email@hidden>
- Date: Fri, 4 Apr 2003 14:07:23 -0500
Hi all,
I have code (based on Apple's samples) that maps a chunk of user-space
memory into the kernel and attempts to read from it.
The user-space memory is a local array defined like:
UInt8 buf[400000]
(400,000 bytes)
I'm passing this by pointer into the kernel using an
IOConnectMethodScalarIScalarO call; the kernel maps it like so:
// construct a memory descriptor for the client memory address
userland_mem_desc = IOMemoryDescriptor::withAddress (
user_space_pointer,
(unsigned long) user_space_size,
kIODirectionIn);
if (NULL == userland_mem_desc) {
IOLog("IOMemoryDescriptor::withAddress returned NULL\n");
goto finish;
}
// wire it and make sure we can read it
err = userland_mem_desc->prepare (kIODirectionIn);
if (kIOReturnSuccess != err) {
IOLog("userland_mem_desc->prepare failed(%lx)\n", (unsigned
long) err);
goto finish;
}
// map() will create a mapping in the kernel address space.
userland_mem_map = userland_mem_desc->map();
if (NULL == userland_mem_map) {
IOLog("userland_mem_desc->map() failed(%lx)\n", (unsigned long)
err);
goto finish;
}
// get a usable virtual address for this chunk of memory
kernel_mapped_userland_memory_addr = (void *)
userland_mem_map->getVirtualAddress();
if (NULL == kernel_mapped_userland_memory_addr) {
IOLog("userland_mem_map->getVirtualAddress returned NULL!\n");
goto finish;
}
This all seems to work great. The kernel can then read the expected
data out of the chunk of mapped memory. I do this as words (unsigned
longs).
However, it appears that an arbitrary point, somewhere between 700
words and 1000 words, the kernel will always crash. (I have not used
trial-and-error to narrow it down to the exact count; reading up to 700
or 2800 bytes into the block succeeds; reading 1000 words fails).
Is there some arbitrary limit on the size of the chunk of user-space
memory I can successfully map with the above call? My impression was
that the mapping and preparation calls would do what was necessary to
map all the required pages, make them readable, etc.
I have a workaround; the workaround is to allocate the memory in the
kernel and map it into user space, then call the kernel and tell it to
read the data back out. This is working, so the question is not urgent,
but I am wondering if I'm missing some information.
Thanks,
Paul
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.