ILO crashed when 3G to 4G memory holes are read

[eatmanCTF]

Hi,
I try to traverse the physical memory through DMA. When I read an address above 3G (possibly an MMIO address), iLO will crash and restart.
Reading addresses that exceed the upper limit of physical memory can cause the same problem.
It can be determined that the CopyFromMemoryRegion function caused the crash after writing the address to the register.
iLO version is iLO4 - 250, hardware is HP Microserver Gen 8, and I tried both the web & ssh exploit.

My question is:

1. Is there a method to determine the unreadable address in the physical address space through iLO (MMIO, vt-D protection, exceeding the upper limit of memory, etc.)
2. If an unreadable address is written to the register, can I check a flag bit or something before calling CopyFromMemoryRegion to prevent iLO from crashing.

I tried to reverse the CHIF task, but couldn't find the answer.

[0xf4b]

Hello @eatmanCTF!
Glad you're playing with our stuff ;)
I'm sorry but I don't have the answers to your questions, I also noticed these crashes when trying to read unreadable addresses... We didn't analyze the internals of the DMA channel far enough for being able to understand if iLO has access to the physical memory map, or if it can identify unreadable addresses.

If you ever find the answers by yourself, please comment this issue again ;)