I wrote a virtual USB bus driver in Windows, after it enumerate the USBSTOR driver, in the usb bulk or interrupt transfer phase, the USBSTOR driver will send some IRPs with MDL pointer. It means that using direct I/O method (but strangely, the "Method" in the IRP is "Neither"). When I use the MDL to copy data, it cause a crash. The code to deal with the mdl is below:
if(Irp->MdlAddress != NULL)
{
buf = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
RtlMoveMemory(buf, data, dataLength);
}
Without copying data, it will not crash. But when crash happen, there always be some delay from copying, and the point it crash down, not always at one place.
When I print out the data from the buf before copying to it, I saw some times it's not all zero. It should be all zero. It means the but dosn't point to the right buffer the data shall be copied to. The data was copied to an unknow place in the kernel, it cause a crash.
The question is why would I get a wrong virtual address by using MmGetSystemAddressForMdlSafe(), is this a bug of USBSTOR driver or what? Should I do something else before copying data?
Submit an article or tip