Hi all, I have code (based on Apple's samples) that maps a chunk of user-space memory into the kernel and attempts to read from it. The user-space memory is a local array defined like: UInt8 buf[400000] (400,000 bytes) I'm passing this by pointer into the kernel using an IOConnectMethodScalarIScalarO call; the kernel maps it like so: // construct a memory descriptor for the client memory address userland_mem_desc = IOMemoryDescriptor::withAddress ( user_space_pointer, (unsigned long) user_space_size, kIODirectionIn); if (NULL == userland_mem_desc) { IOLog("IOMemoryDescriptor::withAddress returned NULL\n"); goto finish; } // wire it and make sure we can read it err = userland_mem_desc->prepare (kIODirectionIn); if (kIOReturnSuccess != err) { IOLog("userland_mem_desc->prepare failed(%lx)\n", (unsigned long) err); goto finish; } // map() will create a mapping in the kernel address space. userland_mem_map = userland_mem_desc->map(); if (NULL == userland_mem_map) { IOLog("userland_mem_desc->map() failed(%lx)\n", (unsigned long) err); goto finish; } // get a usable virtual address for this chunk of memory kernel_mapped_userland_memory_addr = (void *) userland_mem_map->getVirtualAddress(); if (NULL == kernel_mapped_userland_memory_addr) { IOLog("userland_mem_map->getVirtualAddress returned NULL!\n"); goto finish; } This all seems to work great. The kernel can then read the expected data out of the chunk of mapped memory. I do this as words (unsigned longs). However, it appears that an arbitrary point, somewhere between 700 words and 1000 words, the kernel will always crash. (I have not used trial-and-error to narrow it down to the exact count; reading up to 700 or 2800 bytes into the block succeeds; reading 1000 words fails). Is there some arbitrary limit on the size of the chunk of user-space memory I can successfully map with the above call? My impression was that the mapping and preparation calls would do what was necessary to map all the required pages, make them readable, etc. I have a workaround; the workaround is to allocate the memory in the kernel and map it into user space, then call the kernel and tell it to read the data back out. This is working, so the question is not urgent, but I am wondering if I'm missing some information. Thanks, Paul _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.