CreateMemoryDescriptorFromClient can't write data to user?

Question

Created 5d

Replies 1

Boosts 0

Participants 2

We've developed a PCIDriverKit driver for the capture card on macOS and have identified an issue: CreateMemoryDescriptorFromClient can only read data from the user space to the driver, but cannot write data back to the user.

typedef struct _MWCAP_EDID_DATA {
    uint64_t size;
    uint64_t uaddr;
} MWCAP_EDID_DATA;


// App
size_t xxx::GetEdid(void *buff, size_t size)
{
    MWCAP_EDID_DATA edid;
    edid.size = size;  
    edid.uaddr = (uint64_t)buff;
    kr = IOConnectCallStructMethod(
                            connect,
                            kUserGetEdid,
                            &edid,
                            sizeof(MWCAP_EDID_DATA),
                            NULL, 
                            NULL
                            );

    // kr is 0. But However, the data in the buffer remains unchanged; 
    // it does not reflect the EDID copied from the DEXT.

    return size;
}

// Driver
MWCAP_EDID_DATA *edid = (MWCAP_EDID_DATA *)input;
IOMemoryDescriptor *user_buf_mem = NULL;

IOAddressSegment segment;
segment.address = edid->uaddr;
segment.length = edid->size;

// We have verified that the values in edid->uaddr and edid->size are consistent with what was set by the application.

ret = CreateMemoryDescriptorFromClient(kIOMemoryDirectionOutIn, 1, &segment, &user_buf_mem);
if (ret != kIOReturnSuccess) {
    os_log(OS_LOG_DEFAULT, "Failed to create memdesc with error: 0x%08x", ret);
    break;
}

IOMemoryMap* user_buf_map = nullptr;
ret = user_buf_mem->CreateMapping(0, 0, 0, 0, 0, &user_buf_map);
if (ret != kIOReturnSuccess) {
    os_log(OS_LOG_DEFAULT, "Failed to create mapping with error: 0x%08x", ret);
    OSSafeReleaseNULL(user_buf_mem);
    break;
}

// ... fill the user_buf_map with edid data ...
// For example:
// memcpy(user_buf_map->GetAddress(), source_edid_data, edid->size);

// At this point we have also verified the data in user_buf_map->GetAddress(), which matches our expectations.

OSSafeReleaseNULL(user_buf_map);
OSSafeReleaseNULL(user_buf_mem);

Please help take a look, thank you!

Answered by DTS Engineer in 862249022

We've developed a PCIDriverKit driver for the capture card on macOS and have identified an issue: CreateMemoryDescriptorFromClient can only read data from the user space to the driver, but cannot write data back to the user.

Two answers here:

I believe the immediate issue is that you also need to set "kIOMemoryDisableCopyOnWrite", so your code would be:

ret = CreateMemoryDescriptorFromClient(kIOMemoryDirectionOutIn | kIOMemoryDisableCopyOnWrite, ...

The other option, particularly if you're dealing with larger amounts of memory that you'll be using for things like ring buffers, is using IOConnectMapMemory(...) and CopyClientMemoryForType(...) to more "directly" manage the mapping process.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Boost

Answer 1

DTS Engineer OP

Apple

4d

Accepted Answer

Recommended

We've developed a PCIDriverKit driver for the capture card on macOS and have identified an issue: CreateMemoryDescriptorFromClient can only read data from the user space to the driver, but cannot write data back to the user.

Two answers here:

I believe the immediate issue is that you also need to set "kIOMemoryDisableCopyOnWrite", so your code would be:

ret = CreateMemoryDescriptorFromClient(kIOMemoryDirectionOutIn | kIOMemoryDisableCopyOnWrite, ...

The other option, particularly if you're dealing with larger amounts of memory that you'll be using for things like ring buffers, is using IOConnectMapMemory(...) and CopyClientMemoryForType(...) to more "directly" manage the mapping process.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

1