From: Paul Durrant <pdurrant@amazon.com>
Date: Wed, 17 Jun 2020 09:37:55 +0000 (+0100)
Subject: Don't pass MM_DONT_ZERO_ALLOCATION to MmAllocatePagesForMdlEx()...
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5c663601e10b871766c1ba5d8b44fe97000193a2;p=pvdrivers%2Fwin%2Fxencons.git

Don't pass MM_DONT_ZERO_ALLOCATION to MmAllocatePagesForMdlEx()...

...in __AllocatePages()

See commit 4f85d004 "Replace uses of MmAllocatePagesForMdlEx in
__AllocatePage" in XENVIF for more background.

In summary, it is to avoid BSOD 139 1e with a stack similar to the following:

nt!KeBugCheckEx
nt!KiBugCheckDispatch+0x69
nt!KiFastFailDispatch+0xd0
nt!KiRaiseSecurityCheckFailure+0x30e
nt!KiAcquireThreadStateLock+0x11fa90
nt!KeSetIdealProcessorThreadEx+0xd0
nt!MiZeroInParallelWorker+0x115016
nt!MiZeroInParallel+0x11c
nt!MiInitializeMdlBatchPages+0x2ae
nt!MiAllocatePagesForMdl+0x192
nt!MmAllocatePartitionNodePagesForMdlEx+0xc9
nt!MmAllocatePagesForMdlEx+0x4d

These bugchecks have been observed in recent updates of Server 2019.

This patch, rather than replacing calls to MmAllocatePagesForMdlEx() with
calls to MmMapLockedPagesSpecifyCache(), just avoids passing
MM_DONT_ZERO_ALLOCATION to work round the bug.

The patch instead passes MM_ALLOCATE_FULLY_REQUIRED, which arguably should
have always been passed for allocations larger than a single page. It also
fixes a formatting issue.

Reported-by: Jan Bakuwel <jan.bakuwel@gmail.com>
Signed-off-by: Paul Durrant <pdurrant@amazon.com>
---

diff --git a/src/xencons/util.h b/src/xencons/util.h
index f10eb8b..9d88b8a 100644
--- a/src/xencons/util.h
+++ b/src/xencons/util.h
@@ -192,7 +192,7 @@ __AllocatePages(
                                   SkipBytes,
                                   TotalBytes,
                                   MmCached,
-                                  MM_DONT_ZERO_ALLOCATION);
+                                  MM_ALLOCATE_FULLY_REQUIRED);
 
     status = STATUS_NO_MEMORY;
     if (Mdl == NULL)
@@ -210,10 +210,10 @@ __AllocatePages(
 
     MdlMappedSystemVa = MmMapLockedPagesSpecifyCache(Mdl,
                                                      KernelMode,
-						                             MmCached,
-						                             NULL,
-						                             FALSE,
-						                             NormalPagePriority);
+                                                     MmCached,
+                                                     NULL,
+                                                     FALSE,
+                                                     NormalPagePriority);
 
     status = STATUS_UNSUCCESSFUL;
     if (MdlMappedSystemVa == NULL)
@@ -225,22 +225,14 @@ __AllocatePages(
     ASSERT3P(Mdl->StartVa, ==, MdlMappedSystemVa);
     ASSERT3P(Mdl->MappedSystemVa, ==, MdlMappedSystemVa);
 
-    RtlZeroMemory(MdlMappedSystemVa, Mdl->ByteCount);
-
     return Mdl;
 
 fail3:
-    Error("fail3\n");
-
 fail2:
-    Error("fail2\n");
-
     MmFreePagesFromMdl(Mdl);
     ExFreePool(Mdl);
 
 fail1:
-    Error("fail1 (%08x)\n", status);
-
     return NULL;
 }