Hi Pete,
I am using !threads and !stack command from Windbg but not able to go ahead
with the information that it gives.
Could you please give me any pointers on how to find out the deadlock?
Thanks,
Kedar,
“Peter Scott” wrote in message
news:xxxxx@ntfsd…
>
> Kedar,
>
> It is quite easy to determine the deadlock if you have a debugger
> attached.
> I would suggest you do this to determine exactly what is causing the lock
> in
> the system.
>
> Pete
>
> Kernel Drivers
> Windows Filesystem and Device Driver Consulting
> www.KernelDrivers.com
> (303)546-0300
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of kedar
> Sent: Monday, May 23, 2005 8:44 AM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] Problems when IRP is pend from Filter driver with Anti
> Virus real time protection
>
> Hi,
>
> I am not seeing any crash here.
>
> Thanks,
> Kedar.
> “Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
>> Well, I’m currently solving the similar problem.
>> Our filter acquires a file lock, then calls lower driver
>> for IRP_MJ_SET_INFORMATION. The lower driver
>> seems to communicate with the user mode for some reason.
>> Because the file is still locked, the deadlock comes.
>>
>> This may be the same problem as you have - the upper
>> antivirus filter has acquired some lock and you then
>> wait for some user mode service. If the service touches
>> anything that has to do with the locked file (it may be a registry
>> hive), the deadlock occurs.
>>
>> IMHO is not safe to call usermode in the IRP
>> dispatch handlers except IRP_MJ_CREATE handler.
>> If you waiting for user mode within READ path, it might be the
>> same scenario.
>>
>> I would also like to know other’s opinions,
>> with considering above described situation.
>>
>> If you would be willing, you may expose the deadlock crash
>> dump, I would like to download it and look at it.
>>
>> L.
>>
>>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
Look at ExxxResourceLite or ExAcquireFastMutex calls in the thread stacks.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “kedar”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Thursday, June 02, 2005 5:03 PM
Subject: [ntfsd] Problems when IRP is pend from Filter driver with Anti Virus
> Hi Pete,
>
> I am using !threads and !stack command from Windbg but not able to go ahead
> with the information that it gives.
>
> Could you please give me any pointers on how to find out the deadlock?
>
> Thanks,
> Kedar,
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
> >
> > Kedar,
> >
> > It is quite easy to determine the deadlock if you have a debugger
> > attached.
> > I would suggest you do this to determine exactly what is causing the lock
> > in
> > the system.
> >
> > Pete
> >
> > Kernel Drivers
> > Windows Filesystem and Device Driver Consulting
> > www.KernelDrivers.com
> > (303)546-0300
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of kedar
> > Sent: Monday, May 23, 2005 8:44 AM
> > To: Windows File Systems Devs Interest List
> > Subject: Re:[ntfsd] Problems when IRP is pend from Filter driver with Anti
> > Virus real time protection
> >
> > Hi,
> >
> > I am not seeing any crash here.
> >
> > Thanks,
> > Kedar.
> > “Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
> >> Well, I’m currently solving the similar problem.
> >> Our filter acquires a file lock, then calls lower driver
> >> for IRP_MJ_SET_INFORMATION. The lower driver
> >> seems to communicate with the user mode for some reason.
> >> Because the file is still locked, the deadlock comes.
> >>
> >> This may be the same problem as you have - the upper
> >> antivirus filter has acquired some lock and you then
> >> wait for some user mode service. If the service touches
> >> anything that has to do with the locked file (it may be a registry
> >> hive), the deadlock occurs.
> >>
> >> IMHO is not safe to call usermode in the IRP
> >> dispatch handlers except IRP_MJ_CREATE handler.
> >> If you waiting for user mode within READ path, it might be the
> >> same scenario.
> >>
> >> I would also like to know other’s opinions,
> >> with considering above described situation.
> >>
> >> If you would be willing, you may expose the deadlock crash
> >> dump, I would like to download it and look at it.
> >>
> >> L.
> >>
> >>
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
>
>
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
There is a very nice article from osr on deadlock analysis that you might
find out on osronline.com.
Also if krnl thds are deadlocked, sometime breaking into debugger will give
who is locked and from there you can look at process threads waiting
conditions etc. If the threads are between processes then it would give you
only partial information, but eventually you should be able to hit
othersides.
But first look at the help for locks and consult the article from osr.
-pro
----- Original Message -----
From: “kedar”
Newsgroups: ntfsd
To: “Windows File Systems Devs Interest List”
Sent: Thursday, June 02, 2005 6:03 AM
Subject: [ntfsd] Problems when IRP is pend from Filter driver with Anti
Virus
> Hi Pete,
>
> I am using !threads and !stack command from Windbg but not able to go
> ahead
> with the information that it gives.
>
> Could you please give me any pointers on how to find out the deadlock?
>
> Thanks,
> Kedar,
> “Peter Scott” wrote in message
> news:xxxxx@ntfsd…
>>
>> Kedar,
>>
>> It is quite easy to determine the deadlock if you have a debugger
>> attached.
>> I would suggest you do this to determine exactly what is causing the lock
>> in
>> the system.
>>
>> Pete
>>
>> Kernel Drivers
>> Windows Filesystem and Device Driver Consulting
>> www.KernelDrivers.com
>> (303)546-0300
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of kedar
>> Sent: Monday, May 23, 2005 8:44 AM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] Problems when IRP is pend from Filter driver with
>> Anti
>> Virus real time protection
>>
>> Hi,
>>
>> I am not seeing any crash here.
>>
>> Thanks,
>> Kedar.
>> “Ladislav Zezula” wrote in message news:xxxxx@ntfsd…
>>> Well, I’m currently solving the similar problem.
>>> Our filter acquires a file lock, then calls lower driver
>>> for IRP_MJ_SET_INFORMATION. The lower driver
>>> seems to communicate with the user mode for some reason.
>>> Because the file is still locked, the deadlock comes.
>>>
>>> This may be the same problem as you have - the upper
>>> antivirus filter has acquired some lock and you then
>>> wait for some user mode service. If the service touches
>>> anything that has to do with the locked file (it may be a registry
>>> hive), the deadlock occurs.
>>>
>>> IMHO is not safe to call usermode in the IRP
>>> dispatch handlers except IRP_MJ_CREATE handler.
>>> If you waiting for user mode within READ path, it might be the
>>> same scenario.
>>>
>>> I would also like to know other’s opinions,
>>> with considering above described situation.
>>>
>>> If you would be willing, you may expose the deadlock crash
>>> dump, I would like to download it and look at it.
>>>
>>> L.
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the IFS FAQ at
>> https://www.osronline.com/article.cfm?id=17
>>
>> You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>
>
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>