From 9e6aab1d445148929f9b12429b55e4641af12dfa Mon Sep 17 00:00:00 2001 From: Shravan Vasista Date: Thu, 14 Nov 2024 17:27:48 +0530 Subject: [PATCH 1/2] fix: change fail_driver_pool_leak driver's Class to Sample --- tools/dv/kmdf/fail_driver_pool_leak/fail_driver_pool_leak.inx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/dv/kmdf/fail_driver_pool_leak/fail_driver_pool_leak.inx b/tools/dv/kmdf/fail_driver_pool_leak/fail_driver_pool_leak.inx index ba33969..afe081a 100644 --- a/tools/dv/kmdf/fail_driver_pool_leak/fail_driver_pool_leak.inx +++ b/tools/dv/kmdf/fail_driver_pool_leak/fail_driver_pool_leak.inx @@ -7,8 +7,8 @@ [Version] Signature = "$WINDOWS NT$" -Class = SoftwareComponent -ClassGuid = {5c4c3332-344d-483c-8739-259e934c9cc8} +Class = Sample +ClassGuid = {78A1C341-4539-11d3-B88D-00C04FAD5171} Provider = %ProviderString% PnpLockDown = 1 From e59bc7a15ea2712d96217572ee51a45e49a397dd Mon Sep 17 00:00:00 2001 From: Shravan Vasista Date: Thu, 14 Nov 2024 17:29:36 +0530 Subject: [PATCH 2/2] docs: add missing steps to Fail_Driver_Pool_Leak Sample Driver README --- tools/dv/kmdf/fail_driver_pool_leak/README.md | 43 +++++++++++-------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/tools/dv/kmdf/fail_driver_pool_leak/README.md b/tools/dv/kmdf/fail_driver_pool_leak/README.md index 52c89d9..cb96fc5 100644 --- a/tools/dv/kmdf/fail_driver_pool_leak/README.md +++ b/tools/dv/kmdf/fail_driver_pool_leak/README.md @@ -1,23 +1,28 @@ -# Fail_Driver_Pool_Leak Sample +# Fail_Driver_Pool_Leak Sample Driver -This sample KMDF Fail Driver demonstrates the capabilities and features of **Driver Verifier** and the **Device Fundamentals Tests**. +This sample KMDF Fail Driver is designed to demonstrate the capabilities and features of **Driver Verifier** and the **Device Fundamentals Tests** for a driver written in Rust. -It allocates a pool of memory to a global buffer when a supported device is added by the PnP Manager and intentionally does not free it before the driver is unloaded. This memory leak fault is a system vulnerability that could lead to security and performance issues and bad user experience. +The driver allocates a pool of memory to a global buffer in its `evt_driver_device_add` function when a supported device is added by the PnP Manager. The driver intentionally does not free it anywhere, even in the `evt_driver_unload` callback, which get called before the driver is unloaded. This memory leak fault is a system vulnerability that could lead to security and performance issues and ultimately a bad user experience. -By enabling Driver Verifier on this driver, this pool leak violation can be caught before the driver is unloaded and with an active KDNET session, the bug can be analyzed further. +By enabling Driver Verifier on a driver, such violations can be caught and mitigated early in the development cycle. With an active KDNET session, the bugcheck can be analyzed further using WinDbg. The steps listed below demonstrate how to build, deploy, enable Driver Verifier, run Device Fundamentals Tests and debug the driver. NOTE: The driver uses WDM's ExAllocatePool2 API directly to allocate memory for its buffer. Ideally, such allocations should be freed by using ExFreePool API. A cleaner way to manage memory in a WDF Driver is to use [wdfmemory](https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdfmemory/) - ## Steps to reproduce the issue 1. Clone the repository and navigate to the project root. -2. Build the driver project using the following command in a WDK environment (or EWDK prompt) - +2. Install [Clang](https://clang.llvm.org/get_started.html) + * Easy install option: + ``` + winget install LLVM.LLVM + ``` + +3. Build the driver project using the following command in an [EWDK environment](https://learn.microsoft.com/en-us/legal/windows/hardware/enterprise-wdk-license-2022) - ``` cargo make ``` -3. Prepare a target system (a Hyper-V VM can be used) for testing +4. Prepare a target system (a Hyper-V VM can be used) for testing Follow the below steps to setup the test system - 1. Disable Secure boot and start the system @@ -37,11 +42,11 @@ NOTE: The driver uses WDM's ExAllocatePool2 API directly to allocate memory for shutdown -r -t 0 ``` -4. Copy the driver package, available under ".\target\debug\fail_driver_pool_leak_package" to the target system. +5. Copy the driver package, available under ".\target\debug\fail_driver_pool_leak_package" to the target system. -5. Copy "devgen.exe" from host to the target system. Alternatively you may install WDK on the target system and add the directory that contains "devgen.exe" to PATH variable. +6. Copy "devgen.exe" from host to the target system. Alternatively you may install WDK on the target system and add the directory that contains "devgen.exe" to PATH variable. -6. Install the driver package and create the device in the target system using the below commands - +7. Install the driver package and create the device in the target system using the below commands - ``` cd "fail_driver_pool_leak_package" devgen.exe /add /bus ROOT /hardwareid "fail_driver_pool_leak" @@ -50,7 +55,7 @@ NOTE: The driver uses WDM's ExAllocatePool2 API directly to allocate memory for pnputil.exe /add-driver .\fail_driver_pool_leak.inf /install ``` -7. Enable Driver Verifier for 'fail_driver_pool_leak.sys' driver package +8. Enable Driver Verifier for 'fail_driver_pool_leak.sys' driver package 1. Open run command prompt (Start + R) or cmd as administator and run "verifier" 2. In the verifier manager, - Create Standard Settings @@ -59,23 +64,23 @@ NOTE: The driver uses WDM's ExAllocatePool2 API directly to allocate memory for - Finish - Restart the system -8. Follow the steps in https://learn.microsoft.com/en-us/windows-hardware/drivers/develop/how-to-test-a-driver-at-runtime-from-a-command-prompt to run tests against the device managed by this driver +9. Follow the steps in https://learn.microsoft.com/en-us/windows-hardware/drivers/develop/how-to-test-a-driver-at-runtime-from-a-command-prompt to run tests against the device managed by this driver -9. Install TAEF and WDTF on the test computer and run the following test - +10. Install TAEF and WDTF on the test computer and run the following test - ``` cd "C:\Program Files (x86)\Windows Kits\10\Testing\Tests\Additional Tests\x64\DevFund" TE.exe .\Devfund_PnPDTest_WLK_Certification.dll /P:"DQ=DeviceID='ROOT\DEVGEN\{PASTE-DEVICE-ID-HERE}'" --rebootResumeOption:Manual ``` -10. The test will lead to a Bugcheck and a BlueScreen on the target system with the following error - +11. The test will lead to a Bugcheck and a BlueScreen on the target system with the following error - ``` DRIVER_VERIFIER_DETECTED_VIOLATION (c4) - ``` - The logs will be available in WinDbg - run ```!analyze -v``` for detailed bugcheck report - run ```!verifier 3 fail_driver_pool_leak.sys``` for info on the allocations that were leaked that caused the bugcheck. + ``` + Run ```!analyze -v``` for detailed bugcheck report + + Run ```!verifier 3 fail_driver_pool_leak.sys``` for info on the allocations that were leaked that caused the bugcheck. -11. (Alternatively), the bugcheck can be observed when all the devices managed by this driver are removed, i.e, when the driver is unloaded from the system. +12. (Alternatively), the bugcheck can be observed when all the devices managed by this driver are removed, i.e, when the driver is unloaded from the system. You may use pnputil/devcon to enumerate and remove the devices - ``` # To enumerate the devices