none
Problem with access AHCI register(ABAR) RRS feed

  • Question

  • Hello all,

    I am trying to read write AHCI registers from AP.

    I wrote a driver to handle kernel mode api.

    Current now I can use READ_PORT_ULONG / WRITE_PORT_ULONG to accese PCI port 0xcf8 and 0xcfc

    to get the all PCI 256 bytes configuration space.

    And I know BAR1~BAR5 (blue frame) are Port IO.

    I use MmMapIoSpace to map the address to kernel mode virtual memory

    and then IoAllocateMdl -> MmBuildMdlForNonPagedPool -> MmMapLockedPages

    to map this kernel mode virtual memory to user mode.

    My question is the AHCI register (BAR6 red frame).

    As I know it's Memory Mapped IO 

    Q1: If it means that 0xF7E3A000 (red frame) is kernel mode memory address???

    Q2: If so, why when I try to read the address in my driver the system will reboot?, It seems the memory are be protected.. 

    Q3: Or my concept is wrong, There is other way to handle the BAR6 address???

    Friday, December 20, 2013 9:47 AM

Answers

  • What you are doing is incorrect in two ways

    1 PCI owns cf8 and cfc, there is no way for you to synchronize your access with PCI.sys, thus causing errors

    2 your driver doesn't own the HW resources in the BARs, the ahci miniport driver does. That means many bad things can happen if you simulataneously access them. This is a huge security hole


    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, December 20, 2013 3:38 PM
  • Hello,

    I solve this issue.

    I should map the address BAR to Kernel mode virtual memory

    and then do READ_REGISTER_BUFFER_UCHAR

    after that I can get the AHCI register data from BAR.

    Thanks all for your help

    • Marked as answer by MHWU Wednesday, December 25, 2013 6:13 AM
    Wednesday, December 25, 2013 6:13 AM

All replies

  • What you are doing is incorrect in two ways

    1 PCI owns cf8 and cfc, there is no way for you to synchronize your access with PCI.sys, thus causing errors

    2 your driver doesn't own the HW resources in the BARs, the ahci miniport driver does. That means many bad things can happen if you simulataneously access them. This is a huge security hole


    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, December 20, 2013 3:38 PM
  • Hello Doron,

    Thanks for your reply.

    About the Q2,

    I found some Utility like

    http://rweverything.com/screenshots/

    provide user to change the value of AHCI register.

    Is there any way to implement the function like that?

    Monday, December 23, 2013 2:02 AM
  • That utility is also doing unsupported things, same as you proposed.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, December 23, 2013 3:38 AM
  • But why the utility won't cause system crash.

    In my code, each time i try to read the ABAR address the system will reboot

    Monday, December 23, 2013 5:32 AM
  • they might not be doing it exactly the same, but that utility can easily crash the system if it touches registers while the real driver that owns the registers does too. that is why there is a huge "not for commercial use" disclaimer on the site.

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, December 23, 2013 5:48 AM
  • Thanks for your help ^^
    Monday, December 23, 2013 7:21 AM
  • Hello Doron,

    Sorry for reopen this issue.

    I try to use windbg to check the BAR6(red frame) address 0xF7E3A000 in memory window

    It show

    "Unable to retrieve information. Win32 error 0n30"

    Why windbg can't check this address??

    Tuesday, December 24, 2013 11:47 AM
  • Hello Pavel,

    Thanks for your reply,

    As your comment, 0xF7E3A000 is not the address of the BAR.

    How can I do to access it in my driver?

    Wednesday, December 25, 2013 12:58 AM
  • Hello,

    I solve this issue.

    I should map the address BAR to Kernel mode virtual memory

    and then do READ_REGISTER_BUFFER_UCHAR

    after that I can get the AHCI register data from BAR.

    Thanks all for your help

    • Marked as answer by MHWU Wednesday, December 25, 2013 6:13 AM
    Wednesday, December 25, 2013 6:13 AM