Microsoft KB Archive/126369

{|
 * width="100%"|

FIX: Large Transfers Via SCSI Passthrough May Crash System

 * }

Q126369

-

The information in this article applies to:


 * Microsoft Win32 Device Driver Kit (DDK) for Windows NT, version 3.5

-

SYMPTOMS
When transferring data via the SCSI passthrough (IOCTL_SCSI_PASS_THROUGH and IOCTL_SCSI_PASS_THROUGH_DIRECT), a transfer larger than the targeted SCSI host bus adapter (HBA) can support may crash the system.

CAUSE
The SCSI port driver is not checking that the requested data transfer can be safely handled by the SCSI HBA.

RESOLUTION
The Win32 application must ensure that SCSI passthrough data transfers can be safely handled by the HBA before sending them to the SCSI port driver. To do so, the application should first make a call to get the capabilities of the SCSI HBA. This is done with a call to DeviceIoControl with an IOCTL of IOCTL_SCSI_GET_CAPABILITIES.

The returned capabilities structure will include two very important items:


 * MaximumTransferLength, which specifies the maximum number of bytes the HBA can transfer in a single transfer operation.
 * MaximumPhysicalPages, which specifies the maximum number of physical discontiguities between address ranges that a data buffer can have if the HBA supports scatter/gather.

These two values are originally set by the SCSI miniport, but may be adjusted slightly by the SCSI port driver during initialization depending on the hardware configuration of the computer.

Before each transfer, the application should ensure that the requested transfer does not exceed either the SCSI HBA MaximumTransferLength nor the MaximumPhysicalPages. If the transfer is too large, the application should split the request into two (or more) smaller requests.

Calculating the maximum transfer size
The simplest thing to do is to multiply the MaximumPhysicalPages value by the page size for the machine. The requested transfer size should equal the result or the MaximumTransferLength, whichever is smaller.

In other words, the requested transfer size should equal the smaller of:


 * MaximumPhysicalPages * PAGE_SIZE

-or-
 * MaximumTransferLength

NOTE: This calculation is only an approximation. SCSI passthrough requests are handled as METHOD_BUFFERED requests. The buffer the caller provides is not the same buffer that will be used by the HBA to accomplish the data transfer. This means that the caller cannot ensure that the actual data buffer used by the HBA is not too fragmented (that is, contains too many physical breaks). However, this check will lessen the chance of crashing the system.

STATUS
Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was resolved in Windows NT version 3.51.