From owner-freebsd-current Sun Jun 2 20:30:54 2002 Delivered-To: freebsd-current@freebsd.org Received: from hotmail.com (oe73.pav0.hotmail.com [64.4.33.215]) by hub.freebsd.org (Postfix) with ESMTP id EFDC837B400; Sun, 2 Jun 2002 20:30:44 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 2 Jun 2002 20:30:44 -0700 X-Originating-IP: [210.74.136.33] From: "kai ouyang" To: "John Baldwin" , Subject: Re:Help: from proc to thread? Date: Mon, 3 Jun 2002 11:30:40 +0800 MIME-Version: 1.0 X-Mailer: MSN Explorer 7.00.0021.1900 Content-Type: multipart/mixed; boundary="----=_NextPart_001_0000_01C20AF2.1747CCA0" Message-ID: X-OriginalArrivalTime: 03 Jun 2002 03:30:44.0607 (UTC) FILETIME=[0B5E28F0:01C20AAF] Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ------=_NextPart_001_0000_01C20AF2.1747CCA0 Content-Type: multipart/alternative; boundary="----=_NextPart_002_0001_01C20AF2.1747CCA0" ------=_NextPart_002_0001_01C20AF2.1747CCA0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable >> Based on the explain of the thread: struct proc *td_proc; /* Associate= d process. */ in the struct >> thread. >> and refer to the CCD code. >> I modify this function as following: >> int raidlookup(path, td, vpp) >> char *path; >> struct thread *td; >> struct vnode **vpp; /* result */ >> { >> struct nameidata nd; >> struct vnode *vp; >> struct vattr va; >> struct proc *p; >> int error, flags; >> /* Sanity check the p_fd fields. This is really just a hack */ >> p =3D td->td_proc; >So it dies here? >> Now the system will be crash , when it excutes the "p =3D td->td_proc"= . >> the system Information is : >> kernel: type 12 trap, code=3D0 >> Stopped at raidlookup+0x19: movl 0(%eax),%ebx >Hmm, can you get the 'faulting va (virtual address)' error message that = it >prints out? >Add a line to the beginning of the function as a sanity check that does: >KASSERT(td !=3D NULL, "thread is null"); >and compile your kernel with invariants and see if it panics with >"thread is null". Yeah, thread is NULL. But I view all the callers, I did not find any assignment to td. I do not know the kernel how assign td to the structure. The RAIDFrame has the similar function as the vinum. I find this problem =20 when I config a RAID level volume. Now, I check the raidctlioctl() function,because the process is here from= user space to =20 kernel space. Because the raidlookup's td is gotten from raidctlioctl() function. I add the two line to the latter function. KASSERT(td !=3D NULL, ("raidctlioctl thread is NULL")); KASSERT(raidPtr->engine_thread !=3D NULL, ("raidctlioctl engine thread is= NULL")); It debugs in the second line. So, the raidctlioctl funcion has the td, bu= t didn't =20 transfer the parameter to the raidlookup(). Hmmmm.... I take place the two line by the following lines: KASSERT(td !=3D NULL, ("raidctlioctl thread is NULL")); raidPtr->engine_thread =3D td; KASSERT(raidPtr->engine_thread !=3D NULL, ("raidctlioctl engine thread is= NULL")); now it pass. I want to know when the kernel assign td to raidctlioctl function? Now, the RAIDFrame will be crash here: RF_THREADGROUP_WAIT_START(&raidPtr->engine_tg); panic: runq_choose: process 218(raid) in state 3 Debugger("panic") Stopped at Debugger+0x40: xorl %eax,%eax raidPtr->engine_tg is the RF_ThreadGroup_s structure. struct RF_ThreadGroup_s { int created; int running; int shutdown; struct mtx mutex; int cond; }; /* * Wait for all threads to start running */ #define RF_THREADGROUP_WAIT_START(_g_) { \ mtx_lock(&(_g_)->mutex); \ while((_g_)->running < (_g_)->created) { \ RF_LTSLEEP(&((_g_)->cond), PRIBIO, "rfwcond", 0, &((_g_)->mutex)); \ } \ mtx_unlock(&(_g_)->mutex); \ } RF_LTSLEEP(void *cond, int pri, const char *text, int time, struct mtx *m= utex) { return (msleep(cond, mutex, pri, text, time)); } I man mtx_lock and find it excute after mtx_init(). before the macro RF_THREADGROUP_WAIT_START, it call the rf_mtx_init(); int rf_mutex_init(m) struct mtx *m; { mtx_init(m, "RAIDFrame FreeBSD5.0", MTX_DEF); return (0); } So..... I am puzzled about it.=B4=D3=CD=F8=D5=BE=B5=C3=B5=BD=B8=FC=B6=E0=D0= =C5=CF=A2=A1=A3MSN Explorer =C3=E2=B7=D1=CF=C2=D4=D8:http://explorer.msn.= com/lccn ------=_NextPart_002_0001_01C20AF2.1747CCA0 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable
>> Based= on the explain of the thread: struct proc *td_proc; /* Associated proces= s. */ in the struct
>> thread.
>> and refer to the CCD = code.
>> I modify this function as following:
>> int ra= idlookup(path, td, vpp)
>>  char   *path;
>= >  struct thread *td;
>>  struct vnode **vpp; /* re= sult */
>> {
>>  struct nameidata nd;
>>&= nbsp; struct vnode *vp;
>>  struct vattr va;
>>&nb= sp; struct proc *p;
>>  int     error, = flags;
>>  /* Sanity check the p_fd fields.  This is r= eally just a hack */
>>  p =3D td->td_proc;
&= gt;So it dies here?
>> Now the system will be crash , wh= en it excutes the "p =3D td->td_proc".
>> the system Informat= ion is :
>> kernel: type 12 trap, code=3D0
>> Stopped a= t raidlookup+0x19: movl 0(%eax),%ebx
>Hmm, can you get the = 'faulting va (virtual address)' error message that it
>prints out?<= /DIV>
>Add a line to the beginning of the function as a sanity ch= eck that does:
>KASSERT(td !=3D NULL, "thread is null");
>and compile your kernel with invariants and see if it panics= with
>"thread is null".
Yeah, thread is NULL.
But I = view all the callers, I did not find any assignment to td.
I do not kn= ow the kernel how assign td to the structure.
The RAIDFrame has the si= milar function as the vinum. I find this problem
when I config a RAID= level volume.
Now, I check the raidctlioctl() function,because the pr= ocess is here from user space to
kernel space.
Because the raidloo= kup's td is gotten from raidctlioctl() function.
I add the two line to= the latter function.
KASSERT(td !=3D NULL, ("raidctlioctl thread is N= ULL"));
KASSERT(raidPtr->engine_thread !=3D NULL, ("raidctlioctl en= gine thread is NULL"));
It debugs in the second line. So, the raidctli= octl funcion has the td, but didn't
transfer the parameter to the rai= dlookup().
Hmmmm....
I take place the two line by the following lin= es:
KASSERT(td !=3D NULL, ("raidctlioctl thread is NULL"));
raidPtr= ->engine_thread =3D td;
KASSERT(raidPtr->engine_thread !=3D NULL= , ("raidctlioctl engine thread is NULL"));
now it pass.
I w= ant to know when the kernel assign td to raidctlioctl function?
Now, the RAIDFrame will be crash here:
 RF_THREADGROUP_WAIT_STA= RT(&raidPtr->engine_tg);
panic: runq_choose: process 218(raid) = in state 3
Debugger("panic")
Stopped at Debugger+0x40: xorl %eax,%e= ax
raidPtr->engine_tg is the RF_ThreadGroup_s structure.
struct RF_ThreadGroup_s {
 int     c= reated;
 int     running;
 int &= nbsp;   shutdown;
 struct  mtx mutex;
 &nb= sp;      int     cond;
};=
/*
 * Wait for all threads to start running
 */
#d= efine RF_THREADGROUP_WAIT_START(_g_) { \
 mtx_lock(&(_g_)->= ;mutex); \
 while((_g_)->running < (_g_)->created) { \  RF_LTSLEEP(&((_g_)->cond), PRIBIO, "rfwcond", 0, &am= p;((_g_)->mutex)); \
 } \
 mtx_unlock(&(_g_)->m= utex); \
}
RF_LTSLEEP(void *cond, int pri, const char *text= , int time, struct mtx *mutex)
{
 return (msleep(cond, mutex, = pri, text, time));
}
I man mtx_lock and find it excute afte= r mtx_init().
before the macro RF_THREADGROUP_WAIT_START, it call the = rf_mtx_init();
int rf_mutex_init(m)
struct mtx *m;
{
 mt= x_init(m, "RAIDFrame FreeBSD5.0", MTX_DEF);
 return (0);
}
= So..... I am puzzled about it.

=B4= =D3=CD=F8=D5=BE=B5=C3=B5=BD=B8=FC=B6=E0=D0=C5=CF=A2=A1=A3MSN Explorer =C3= =E2=B7=D1=CF=C2=D4=D8=A3=BAhttp:= //explorer.msn.com/lccn

------=_NextPart_002_0001_01C20AF2.1747CCA0-- ------=_NextPart_001_0000_01C20AF2.1747CCA0 Content-Type: text/plain; name="rehelp.txt" Content-Disposition: attachment; filename="rehelp.txt" Content-Transfer-Encoding: quoted-printable >> Based on the explain of the thread: struct proc *td_proc; /* Associate= d process. */ in the struct >> thread. >> and refer to the CCD code. >> I modify this function as following: >> int raidlookup(path, td, vpp) >> char *path; >> struct thread *td; >> struct vnode **vpp; /* result */ >> { >> struct nameidata nd; >> struct vnode *vp; >> struct vattr va; >> struct proc *p; >> int error, flags; >> /* Sanity check the p_fd fields. This is really just a hack */ >> p =3D td->td_proc; >So it dies here? >> Now the system will be crash , when it excutes the "p =3D td->td_proc"= . >> the system Information is : >> kernel: type 12 trap, code=3D0 >> Stopped at raidlookup+0x19: movl 0(%eax),%ebx >Hmm, can you get the 'faulting va (virtual address)' error message that = it >prints out? >Add a line to the beginning of the function as a sanity check that does: >KASSERT(td !=3D NULL, "thread is null"); >and compile your kernel with invariants and see if it panics with >"thread is null". Yeah, thread is NULL. But I view all the callers, I did not find any assignment to td. I do not know the kernel how assign td to the structure. The RAIDFrame has the similar function as the vinum. I find this problem =20 when I config a RAID level volume. Now, I check the raidctlioctl() function,because the process is here from= user space to =20 kernel space. Because the raidlookup's td is gotten from raidctlioctl() function. I add the two line to the latter function. KASSERT(td !=3D NULL, ("raidctlioctl thread is NULL")); KASSERT(raidPtr->engine_thread !=3D NULL, ("raidctlioctl engine thread is= NULL")); It debugs in the second line. So, the raidctlioctl funcion has the td, bu= t didn't =20 transfer the parameter to the raidlookup(). Hmmmm.... I take place the two line by the following lines: KASSERT(td !=3D NULL, ("raidctlioctl thread is NULL")); raidPtr->engine_thread =3D td; KASSERT(raidPtr->engine_thread !=3D NULL, ("raidctlioctl engine thread is= NULL")); now it pass. I want to know when the kernel assign td to raidctlioctl function? Now, the RAIDFrame will be crash here: RF_THREADGROUP_WAIT_START(&raidPtr->engine_tg); panic: runq_choose: process 218(raid) in state 3 Debugger("panic") Stopped at Debugger+0x40: xorl %eax,%eax raidPtr->engine_tg is the RF_ThreadGroup_s structure. struct RF_ThreadGroup_s { int created; int running; int shutdown; struct mtx mutex; int cond; }; /* * Wait for all threads to start running */ #define RF_THREADGROUP_WAIT_START(_g_) { \ mtx_lock(&(_g_)->mutex); \ while((_g_)->running < (_g_)->created) { \ RF_LTSLEEP(&((_g_)->cond), PRIBIO, "rfwcond", 0, &((_g_)->mutex)); \ } \ mtx_unlock(&(_g_)->mutex); \ } RF_LTSLEEP(void *cond, int pri, const char *text, int time, struct mtx *m= utex) { return (msleep(cond, mutex, pri, text, time)); } I man mtx_lock and find it excute after mtx_init(). ------=_NextPart_001_0000_01C20AF2.1747CCA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message