Hi all,
i’m registering the filesystem activity per process, sending messages
to a user process. In the moment that a few processes are running at
the same time and registering actions, it gets hung in a process
unload operation because it consumes all cpu.
This is because i am wating for the data structure to be valid
(pooling) while (data valid) {}. I have registered the unload process
routine using PsSetCreateProcessNotifyRoutine API.
To solve the problem i tried to sleep the thread when is waiting for
the structure with KeDelayExecutionThread and
KeStallExecutionProcessor but it did not result.
Has process unload some requirements that led to this schenario?
Thanks in advance
Francisco
Most likely you are deadlocking the system some how by holding extra references to FO or plain old dispatcher object deadlock. I cannot tell anymore since you provide too little info on your issue. No Unload just notifies you of a process termination, nothing too special about it.
Thank you for your response.
the problem is that i don’t have too much information.
When the process unload happens it is waited for other thread to
release the communication structure (using a while() {}). It seems
that there is no CPU available for the other threads to release, so
execution stays in while(){}. I tried to sleep the thread that is
pooling with KeDelayExecutionThread orKeStallExecutionProcessor, but
it didnt work.
Is there any way to sleep a thread?
Thanks
2010/11/30 :
> Most likely you are deadlocking the system some how by holding extra references to FO ?or plain old dispatcher object deadlock. I cannot tell anymore since you provide too little info on your issue. No Unload just notifies you of a process termination, nothing too special about it.
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
I really don’t think sleeping your thread is an issue here, but if you have any structures that might make it impossible for the process to be deleted, like a reference to the EPROCESS object the process will not be deleted by the Objectmanager, or I don;t know something else. You might need to provide some code here.
Any KeWaitXXX will preempt your thread and swap to another, unless the wait cannot be satisfied immediately.
No, i do not have any structure related to the process. I only
register actions, in this case the process unload action.
I am going to try with KeWaitXXX.
Thank you
2010/11/30 :
> I really don’t think sleeping your thread is an issue here, but if you have any structures that might make it impossible for the process to be deleted, like a reference to the EPROCESS object the process will not be deleted by the Objectmanager, or I don;t know something else. You might need to provide some code here.
> Any KeWaitXXX will preempt your thread and swap to another, unless the wait cannot be satisfied immediately.
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>