diff --git a/libs/platform/kernel/ebpf_platform_kernel.c b/libs/platform/kernel/ebpf_platform_kernel.c index dfcacc1e1..2b7ffbe9f 100644 --- a/libs/platform/kernel/ebpf_platform_kernel.c +++ b/libs/platform/kernel/ebpf_platform_kernel.c @@ -203,18 +203,20 @@ ebpf_allocate_ring_buffer_memory(size_t length) source_mdl = &ring_descriptor->memory->memory_descriptor_list; // Create a MDL big enough to double map the pages. - ring_descriptor->memory_descriptor_list = IoAllocateMdl( - ebpf_memory_descriptor_get_base_address(ring_descriptor->memory), - (uint32_t)(requested_page_count * 2 * PAGE_SIZE), - FALSE, - FALSE, - NULL); + ring_descriptor->memory_descriptor_list = + IoAllocateMdl(NULL, (uint32_t)(requested_page_count * 2 * PAGE_SIZE), FALSE, FALSE, NULL); if (!ring_descriptor->memory_descriptor_list) { EBPF_LOG_NTSTATUS_API_FAILURE(EBPF_TRACELOG_KEYWORD_BASE, IoAllocateMdl, STATUS_NO_MEMORY); status = STATUS_NO_MEMORY; goto Done; } +#pragma warning(push) +#pragma warning(disable : 28145) /* The opaque MDL structure should not be modified by a driver except for + MDL_PAGES_LOCKED and MDL_MAPPING_CAN_FAIL. */ + ring_descriptor->memory_descriptor_list->MdlFlags |= MDL_PAGES_LOCKED; +#pragma warning(pop) + memcpy( MmGetMdlPfnArray(ring_descriptor->memory_descriptor_list), MmGetMdlPfnArray(source_mdl), @@ -226,7 +228,12 @@ ebpf_allocate_ring_buffer_memory(size_t length) sizeof(PFN_NUMBER) * requested_page_count); ring_descriptor->base_address = MmMapLockedPagesSpecifyCache( - ring_descriptor->memory_descriptor_list, KernelMode, MmCached, NULL, FALSE, NormalPagePriority); + ring_descriptor->memory_descriptor_list, + KernelMode, + MmCached, + NULL, + FALSE, + NormalPagePriority | MdlMappingNoExecute); if (!ring_descriptor->base_address) { EBPF_LOG_NTSTATUS_API_FAILURE(EBPF_TRACELOG_KEYWORD_BASE, MmMapLockedPagesSpecifyCache, STATUS_NO_MEMORY); status = STATUS_NO_MEMORY;