From owner-freebsd-current Mon Dec 18 11:40: 5 2000 From owner-freebsd-current@FreeBSD.ORG Mon Dec 18 11:40:02 2000 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6]) by hub.freebsd.org (Postfix) with SMTP id D416237B400 for ; Mon, 18 Dec 2000 11:40:01 -0800 (PST) Received: from scummy.research.bell-labs.com ([135.104.2.10]) by dirty; Mon Dec 18 14:39:38 EST 2000 Received: from zydeco.research.bell-labs.com ([135.104.120.150]) by scummy; Mon Dec 18 14:39:37 EST 2000 Received: (from jkf@localhost) by zydeco.research.bell-labs.com (8.9.1/8.9.1) id OAA19012 for freebsd-current@freeBSD.ORG; Mon, 18 Dec 2000 14:39:37 -0500 (EST) Date: Mon, 18 Dec 2000 14:39:37 -0500 (EST) From: Jeff Fellin Message-Id: <200012181939.OAA19012@zydeco.research.bell-labs.com> To: freebsd-current@freeBSD.ORG Subject: Kernel Buffer overwrite debugging X-Sun-Charset: US-ASCII Sender: jkf@zydeco.research.bell-labs.com Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am having a problem with a device driver that uses physio to transfer data to a SCSI adapter. Some times the after passing the buffer to the CAM system, via xpt_action, the buffer contents are modified. I've traced my driver and cannot determine how this could be happening. I am running on a single CPU Pentium II system with all system config defaults. What I would like to do is to dynamically set a watch point on the buffer used by the write system call for the duration of sending the data to the SCSI adapter. I want to do this dynamically instead of manually setting a breakpoint in the code and manually setting the watch point, because the problem occurs around the 90'th time, and I don't want SCSI bus timeouts while typing the watch address. I've examined the ddb code, and thought that if I emulated the steps in db_trap() for the command of setting a watchpoint it would work. However, it doesn't appear to be working. What I've done is: /* possible on data xfer >= 512 bytes */ if (condition for problem) { db_watchpoint_cmd(bp->bio_addr, bp->bio_addr, bp->bio_count, &"rw"); db_continue_cmd(0, 0, 0, &"w"): db_restart_at_pc(FALSE); } When the buffer is done transmitting I do the following: db_clear_watchpoints(); db_deletewatch_cmd(bp->bio_addr, bp->cio_addr, bp->cio_count, &"rw"); db_continue_cmd(0, 0, 0, &"w"); db_restart_at_pc(FALSE); My driver trace printf's show the data at bp->bio_addr was changed from 0x601000a3 to 0x0. Additional traces show the data from the first 200+ bytes is changed to zero. Any guidance on how to use the ddb functions to debug this problem are appreciated. Also, alternative methods to determine what is overwriting the buffer. In looking at the data on a SCSI bus analyzer, the entire buffer has been zero'ed out. Thank you in advance for your help. Jeff Fellin MH 2A-352 (908) 582-7673 fellin@lucent.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message