From: Paul Durrant <pdurrant@amazon.com>
Date: Wed, 17 Jun 2020 08:22:44 +0000 (+0100)
Subject: Don't pass MM_DONT_ZERO_ALLOCATION to MmAllocatePagesForMdlEx()...
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=484bf618ac73b9d670b25bc63667ce7514513af4;p=pvdrivers%2Fwin%2Fxenvbd.git

Don't pass MM_DONT_ZERO_ALLOCATION to MmAllocatePagesForMdlEx()...

...in __AllocatePages()

See commit 4f85d004 "Replace uses of MmAllocatePagesForMdlEx in
__AllocatePage" in XENVIF for more background.

In summary, it is to avoid BSOD 139 1e with a stack similar to the following:

nt!KeBugCheckEx
nt!KiBugCheckDispatch+0x69
nt!KiFastFailDispatch+0xd0
nt!KiRaiseSecurityCheckFailure+0x30e
nt!KiAcquireThreadStateLock+0x11fa90
nt!KeSetIdealProcessorThreadEx+0xd0
nt!MiZeroInParallelWorker+0x115016
nt!MiZeroInParallel+0x11c
nt!MiInitializeMdlBatchPages+0x2ae
nt!MiAllocatePagesForMdl+0x192
nt!MmAllocatePartitionNodePagesForMdlEx+0xc9
nt!MmAllocatePagesForMdlEx+0x4d

These bugchecks have been observed in recent updates of Server 2019.

This patch, rather than replacing calls to MmAllocatePagesForMdlEx() with
calls to MmMapLockedPagesSpecifyCache(), just avoids passing
MM_DONT_ZERO_ALLOCATION to work round the bug.

The patch instead passes MM_ALLOCATE_FULLY_REQUIRED, which arguably should
have always been passed for allocations larger than a single page. It also
fixes a formatting issue.

Reported-by: Jan Bakuwel <jan.bakuwel@gmail.com>
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
---

diff --git a/src/common/util.h b/src/common/util.h
index b303bbc..eddad4a 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -192,7 +192,7 @@ __AllocatePages(
                                   SkipBytes,
                                   TotalBytes,
                                   MmCached,
-                                  MM_DONT_ZERO_ALLOCATION);
+                                  MM_ALLOCATE_FULLY_REQUIRED);
 
     status = STATUS_NO_MEMORY;
     if (Mdl == NULL)
@@ -210,10 +210,10 @@ __AllocatePages(
 
     MdlMappedSystemVa = MmMapLockedPagesSpecifyCache(Mdl,
                                                      KernelMode,
-						                             MmCached,
-						                             NULL,
-						                             FALSE,
-						                             NormalPagePriority);
+                                                     MmCached,
+                                                     NULL,
+                                                     FALSE,
+                                                     NormalPagePriority);
 
     status = STATUS_UNSUCCESSFUL;
     if (MdlMappedSystemVa == NULL)
@@ -225,8 +225,6 @@ __AllocatePages(
     ASSERT3P(Mdl->StartVa, ==, MdlMappedSystemVa);
     ASSERT3P(Mdl->MappedSystemVa, ==, MdlMappedSystemVa);
 
-    RtlZeroMemory(MdlMappedSystemVa, Mdl->ByteCount);
-
     return Mdl;
 
 fail3: