Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Dec 2000 14:39:37 -0500 (EST)
From:      Jeff Fellin <jkf@research.bell-labs.com>
To:        freebsd-current@freeBSD.ORG
Subject:   Kernel Buffer overwrite debugging
Message-ID:  <200012181939.OAA19012@zydeco.research.bell-labs.com>
next in thread | raw e-mail | index | archive | help 

I am having a problem with a device driver that uses physio
to transfer data to a SCSI adapter. Some times the after 
passing the buffer to the CAM system, via xpt_action, the
buffer contents are modified. I've traced my driver and cannot
determine how this could be happening. I am running on a single
CPU Pentium II system with all system config defaults.

What I would like to do is to dynamically set a watch point
on the buffer used by the write system call for the duration
of sending the data to the SCSI adapter. I want to do this
dynamically instead of manually setting a breakpoint in the
code and manually setting the watch point, because the problem
occurs around the 90'th time, and I don't want SCSI bus timeouts
while typing the watch address.

I've examined the ddb code, and thought that if I emulated the
steps in db_trap() for the command of setting a watchpoint it
would work. However, it doesn't appear to be working.

What I've done is:

	/* possible on data xfer >= 512 bytes */
	if (condition for problem) {

		db_watchpoint_cmd(bp->bio_addr, bp->bio_addr,
			bp->bio_count, &"rw");
		db_continue_cmd(0, 0, 0, &"w"):
		db_restart_at_pc(FALSE);
	}

When the buffer is done transmitting I do the following:

	db_clear_watchpoints();
	db_deletewatch_cmd(bp->bio_addr, bp->cio_addr,
		bp->cio_count, &"rw");
	db_continue_cmd(0, 0, 0, &"w");
	db_restart_at_pc(FALSE);

My driver trace printf's show the data  at bp->bio_addr was
changed from 0x601000a3 to 0x0. Additional traces show the 
data from the first 200+ bytes is changed to zero.

Any guidance on how to use the ddb functions to debug this
problem are appreciated. Also, alternative methods to determine
what is overwriting the buffer. In looking at the data on a
SCSI bus analyzer, the entire buffer has been zero'ed out.

Thank you in advance for your help.

	Jeff Fellin
	MH 2A-352
	(908) 582-7673
	fellin@lucent.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012181939.OAA19012>